Advertisement
FlyFar

stop.sh

Aug 12th, 2023
779
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.84 KB | Cybersecurity | 0 0
  1. #!/bin/bash
  2.  
  3. # stop.sh
  4. # Copyright (C) 2017  Joe Testa <jtesta@positronsecurity.com>
  5. #
  6. # This program is free software: you can redistribute it and/or modify
  7. # it under the terms version 3 of the GNU General Public License as
  8. # published by the Free Software Foundation.
  9. #
  10. # This program is distributed in the hope that it will be useful,
  11. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13. # GNU General Public License for more details.
  14. #
  15. # You should have received a copy of the GNU General Public License
  16. # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  17.  
  18. if [[ `id -u` != 0 ]]; then
  19.     echo "Error: this script must be run as root."
  20.     exit -1
  21. fi
  22.  
  23. if [[ (! -f /home/ssh-mitm/run.sh) || (! -f /home/ssh-mitm/bin/sshd_mitm) ]]; then
  24.     echo "Error: could not find sshd_mitm.  You need to first run install.sh."
  25.     exit -1
  26. fi
  27.  
  28. # Check if --force arg is present.
  29. FORCE=0
  30. if [[ ($# == 1) && ($1 == '--force') ]]; then
  31.     FORCE=1
  32. fi
  33.  
  34.  
  35. # If arpspoof or ettercap are running, stop.  Disabling the forwarding
  36. # configuration while still ARP spoofing would cause a denial of service...
  37. ps ax | awk '{print $5}' | egrep 'arpspoof|ettercap' > /dev/null
  38. if [[ ($? == 0) && ($FORCE != 1) ]]; then
  39.    echo -e "It looks like arpspoof or ettercap is still running.  You need to stop it before running this script, otherwise you'll cause a denial-of-service for the ARP targets.\n\nOtherwise, if you know what you're doing, re-run this script with '--force'."
  40.    exit -1
  41. else
  42.    echo "Forcing termination..."
  43. fi
  44.  
  45. # Kill all processes belonging to the ssh-mitm user.
  46. killall -u ssh-mitm 2> /dev/null
  47.  
  48. echo "Disabling IP forwarding in the kernel..."
  49. echo 0 > /proc/sys/net/ipv4/ip_forward
  50.  
  51. # Check if the INPUT table has an ACCEPT for destination port 2222.  If so,
  52. # delete it.
  53. iptables -nL INPUT | egrep "ACCEPT +tcp +-- +0\.0\.0\.0/0 +0\.0\.0\.0/0 +tcp dpt:2222" > /dev/null
  54. if [[ $? == 0 ]]; then
  55.     echo "Executing: iptables -D INPUT -p tcp --dport 2222 -j ACCEPT"
  56.     iptables -D INPUT -p tcp --dport 2222 -j ACCEPT
  57.     if [[ $? != 0 ]]; then
  58.         echo "ERROR: failed to remove iptables rule!"
  59.         exit -1
  60.     fi
  61. fi
  62.  
  63. # Check if the PREROUTING table has a REDIRECT for port 22 to 2222.  If so,
  64. # delete it.
  65. iptables -t nat -nL PREROUTING | egrep "REDIRECT +tcp +-- +0\.0\.0\.0/0 +0\.0\.0\.0/0 +tcp dpt:22 redir ports 2222" > /dev/null
  66. if [[ $? == 0 ]]; then
  67.     echo "Executing: iptables -t nat -D PREROUTING -p tcp --dport 22 -j REDIRECT --to-ports 2222"
  68.     iptables -t nat -D PREROUTING -p tcp --dport 22 -j REDIRECT --to-ports 2222
  69.     if [[ $? != 0 ]]; then
  70.         echo "ERROR: failed to remove iptables rule!"
  71.         exit -1
  72.     fi
  73. fi
  74.  
  75. echo -e "\nSuccessfully stopped sshd_mitm daemon and disabled forwarding rules.\n"
  76. exit 0
Tags: mitm attack
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement