_ | Author: peterubuntu10@sourceforge.net [ r00t-3xp10it ] | Suspicious-Shell-Activity (SSA) PurpleTeam develop @2016 | HomePage: http://sourceforge.net/u/peterubuntu10/profile/ | Project developers: r00t-3xp10it | crypt0_buf | | Automating macchanger tasks for my friend 'crypt0_buf' | sutch as: change mac address, set tx-power, region settings | signal strength, set network-manager cloned mac address | Build/delete cryptostart init.d startup entry, use arpon | software to prevent arp poison attacks (MitM) and displays | network information using watch + iw + tcpdump software... | | option1: set Tx-Power and code region (iw + iwconfig) | option2: manually change your mac address (macchanger --mac) | "this option add a cloned mac to network-manager" | option3: random change your mac address (macchanger -r) | option4: change mac settings to default (permanent mac) | | option5: build init.d startup script (cryptostart) | "this option builds all symlinks needed by cryptostart" | "this option add a cloned mac to network-manager at startup" | option6: deactivate cryptostart script from runing at system startup | option7: activate cryptostart script from runing at system startup | option8: delete cryptostart script from /etc/init.d folder | "this option delete all symlinks added by cryptostart" | | option9: run 'arpon' anti-arp-poison software | "this option prevents ARP poison attacks and logs traffic" | option10: analyze network traffic (tcpdump) | option11: display signal strength (watch iwconfig) | | Adicionally tool settings can be found in "settings.conf" file | sutch as: hidde permanent mac display, delete .pcap files on |_exit or skipp dependencies checks at script startup...
_ | option1: The default TX-Power of wireless is set to 20 dBm, notice that Some | models will not support these settings or wireless chip may state that | it “can” transmit with higher power, users must know what is allowed | or not allowed in their country (region code). | | "year 2013 TX-Power settings" | country BO: DFS-JP | (2402 – 2482 @ 40), (30) <<<< the old uncapped database. Limit is 30 | | "year 2014 TX-Power new settings" | country BO: DFS-JP | (2402 – 2482 @ 40), (20) <<<< notice it is now capped at 20 | |_The complete list can be found here: http://goo.gl/OelWyT _ | option2: does not add the cloned mac to network-manager (ESSID) | Posible causes: first time connected to this ESSID | |_Fix: manually add the mac clone into network-manager ESSID _ | option4: does not connect to the network ESSID (auto-conection) | option2/option5 insert a cloned mac addr into | network-manager, for that reazon iam forced to | delete all configurations from network-manager | including ESSID and wifi password... | |_Fix: connect to target ESSID and input wifi pass _ | option5: does not connect to the network ESSID (at startup) | every time we change our mac address the target | router thinks that its a new device connecting, | thats the reazon why ESSID asks for wifi pass. | | The rigth way to use cryptostart init.d script its to | change your mac addr using any option, reconnect to target | and let network-manager store credentials before the reboot. | 'this way does not ask you for the wifi pass at system startup' | |_Fix: connect to target ESSID and input wifi pass _ | option8: does not connect to the network (auto-conection) | option2/option5 insert a cloned mac addr into | network-manager, for that reazon iam forced to | delete all configurations from network-manager | including ESSID and wifi password... | |_Fix: connect to target ESSID and input wifi pass
_ | iw | iwconfig | macchanger | arpon | xterm | tcpdump | update-rc.d |_"cryptomac.sh will download/install dependencies as they are needed"
_ | tar -xvf cryptomac.tar.gz | cd cryptomac | chmod +x cryptomac.sh |_sudo ./cryptomac.sh
Alvaro Lopez Ortega alvaro@gnu.org
for is macchanger utility, without is work none of this will be possible...
Alan cox
for is iw utility that allow us to confg many network/antena settings
Van jacobson - Craig leres - Steven McCanne
for is tcpdump utility that allow us to monitor/analyze lan (tcp)
Andrea Di Pasquale spikey.it@gmail.com
for is arpon utility, that prevents arp poison attacks