Advertisement
FlyFar

install.sh

Aug 12th, 2023
966
1
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 11.88 KB | Cybersecurity | 1 0
  1. #!/bin/bash
  2.  
  3. # install.sh
  4. # Copyright (C) 2017  Joe Testa <jtesta@positronsecurity.com>
  5. #
  6. # This program is free software: you can redistribute it and/or modify
  7. # it under the terms version 3 of the GNU General Public License as
  8. # published by the Free Software Foundation.
  9. #
  10. # This program is distributed in the hope that it will be useful,
  11. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13. # GNU General Public License for more details.
  14. #
  15. # You should have received a copy of the GNU General Public License
  16. # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  17.  
  18. openssh_sources='openssh-7.5p1.tar.gz'
  19. openssh_source_dir='openssh-7.5p1'
  20. mitm_patch='openssh-7.5p1-mitm.patch'
  21.  
  22.  
  23. # Resets the environment (in case this script was run once before).
  24. function reset_env {
  25.  
  26.     # Remove files previously downloaded.
  27.     rm -rf *.asc $openssh_sources $openssh_source_dir $openssh_source_dir-mitm
  28.  
  29.     # Make sure no sshd_mitm is running and the user is logged out.
  30.     killall -u ssh-mitm 2> /dev/null
  31.  
  32.     # Check if the ssh-mitm user exists.
  33.     id ssh-mitm > /dev/null 2> /dev/null
  34.     if [[ $? == 0 ]]; then
  35.  
  36.     # The user exists.  If this script was run with the "--force" argument,
  37.         # then we will delete the user.
  38.         if [[ $1 == '--force' ]]; then
  39.             userdel -f -r ssh-mitm 2> /dev/null
  40.  
  41.         # There could be saved sessions from an old version of SSH MITM that
  42.         # we shouldn't destroy automatically.
  43.         else
  44.             echo "It appears that the ssh-mitm user already exists.  Make backups of any saved sessions in /home/ssh-mitm/, then re-run this script with the \"--force\" argument (this will cause the user account to be deleted and re-created)."
  45.             exit -1
  46.         fi
  47.     fi
  48.  
  49.     return 1
  50. }
  51.  
  52.  
  53. # Installs prerequisites.
  54. function install_prereqs {
  55.     echo -e "Installing prerequisites...\n"
  56.  
  57.     declare -a packages
  58.     packages=(autoconf build-essential zlib1g-dev)
  59.  
  60.     # Check if we are in Kali Linux.  Kali ships with OpenSSL v1.1.0, which
  61.     # OpenSSH doesn't support.  So we need to explicitly install the v1.0.2
  62.     # dev package.  Also, a bare-bones Kali installation may not have the
  63.     # killall tool, so install that in the psmisc package.
  64.     grep Kali /etc/lsb-release > /dev/null
  65.     if [[ $? == 0 ]]; then
  66.         packages+=(libssl1.0-dev psmisc)
  67.     else
  68.         packages+=(libssl-dev)
  69.     fi
  70.  
  71.     apt install -y ${packages[@]}
  72.     if [[ $? != 0 ]]; then
  73.         echo -e "Failed to install prerequisites.  Failed: apt install -y ${packages[@]}"
  74.         exit -1
  75.     fi
  76.  
  77.     return 1
  78. }
  79.  
  80.  
  81. # Downloads OpenSSH and verifies its sources.
  82. function get_openssh {
  83.     local openssh_sig='openssh-7.5p1.tar.gz.asc'
  84.     local release_key_fingerprint_expected='59C2 118E D206 D927 E667  EBE3 D3E5 F56B 6D92 0D30'
  85.     local openssh_checksum_expected='9846e3c5fab9f0547400b4d2c017992f914222b3fd1f8eee6c7dc6bc5e59f9f0'
  86.  
  87.     echo -e "\nGetting OpenSSH release key...\n"
  88.     wget https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc
  89.  
  90.     echo -e "\nGetting OpenSSH sources...\n"
  91.     wget https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$openssh_sources
  92.  
  93.     echo -e "\nGetting OpenSSH signature...\n"
  94.     wget https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$openssh_sig
  95.  
  96.     echo -e "\nImporting OpenSSH release key...\n"
  97.     gpg --import RELEASE_KEY.asc
  98.  
  99.     local release_key_fingerprint_actual=`gpg --fingerprint 6D920D30`
  100.     if [[ $release_key_fingerprint_actual != *"$release_key_fingerprint_expected"* ]]; then
  101.         echo -e "\nError: OpenSSH release key fingerprint does not match expected value!\n\tExpected: $release_key_fingerprint_expected\n\tActual: $release_key_fingerprint_actual\n\nTerminating."
  102.         exit -1
  103.     fi
  104.     echo -e "\n\nOpenSSH release key matches expected value.\n"
  105.  
  106.     local gpg_verify=`gpg --verify $openssh_sig $openssh_sources 2>&1`
  107.     if [[ $gpg_verify != *"Good signature from \"Damien Miller <djm@mindrot.org>\""* ]]; then
  108.         echo -e "\n\nError: OpenSSH signature invalid!\n$gpg_verify\n\nTerminating."
  109.         rm -f $openssh_sources
  110.         exit -1
  111.     fi
  112.  
  113.     # Check GPG's return value.  0 denotes a valid signature, and 1 is returned
  114.     # on invalid signatures.
  115.     if [[ $? != 0 ]]; then
  116.         echo -e "\n\nError: OpenSSH signature invalid!  Verification returned code: $?\n\nTerminating."
  117.         rm -f $openssh_sources
  118.         exit -1
  119.     fi
  120.  
  121.     echo -e "Signature on OpenSSH sources verified.\n"
  122.  
  123.     local openssh_checksum_actual=`sha256sum $openssh_sources`
  124.     if [[ $openssh_checksum_actual != "$openssh_checksum_expected"* ]]; then
  125.         echo -e "Error: OpenSSH checksum is invalid!  Terminating."
  126.         exit -1
  127.     fi
  128.  
  129.     return 1
  130. }
  131.  
  132.  
  133. # Applies the MITM patch to OpenSSH and compiles it.
  134. function compile_openssh {
  135.     tar xzf $openssh_sources --no-same-owner
  136.     if [ ! -d $openssh_source_dir ]; then
  137.        echo "Failed to decompress OpenSSH sources!"
  138.        exit -1
  139.     fi
  140.     mv $openssh_source_dir "$openssh_source_dir"-mitm
  141.     openssh_source_dir="$openssh_source_dir"-mitm
  142.  
  143.     pushd $openssh_source_dir > /dev/null
  144.     echo -e "Patching OpenSSH sources...\n"
  145.     patch -p1 < ../$mitm_patch
  146.  
  147.     if [[ $? != 0 ]]; then
  148.         echo "Failed to patch sources!: patch returned $?"
  149.         exit -1
  150.     fi
  151.  
  152.     echo -e "\nDone.  Running autoconf...\n"
  153.     autoconf
  154.  
  155.     echo -e "\nDone.  Compiling modified OpenSSH sources...\n"
  156.  
  157.     ./configure --with-sandbox=no --with-privsep-user=ssh-mitm --with-privsep-path=/home/ssh-mitm/empty --with-pid-dir=/home/ssh-mitm --with-lastlog=/home/ssh-mitm
  158.     make -j `nproc --all`
  159.     popd > /dev/null
  160.  
  161.     # Ensure that sshd and ssh were built.
  162.     if [[ (! -f $openssh_source_dir/sshd) || (! -f $openssh_source_dir/ssh) ]]; then
  163.         echo -e "\nFailed to build ssh and/or sshd.  Terminating."
  164.         exit -1
  165.     fi
  166. }
  167.  
  168.  
  169. # Creates the ssh-mitm user account, and sets up its environment.
  170. function setup_environment {
  171.     echo -e "\nCreating ssh-mitm user, and setting up its environment...\n"
  172.  
  173.     # Create the ssh-mitm user and set its home directory to mode 0700.  Create
  174.     # "bin" and "etc" subdirectories to hold the executables and config file,
  175.     # respectively.
  176.     useradd -m -s /bin/bash ssh-mitm
  177.     chmod 0700 ~ssh-mitm
  178.     mkdir -m 0755 ~ssh-mitm/{bin,etc}
  179.     mkdir -m 0700 ~ssh-mitm/tmp
  180.     chown ssh-mitm:ssh-mitm ~ssh-mitm/tmp
  181.  
  182.     # Copy the config files to the "etc" directory.
  183.     cp $openssh_source_dir/sshd_config ~ssh-mitm/etc/
  184.     cp $openssh_source_dir/ssh_config ~ssh-mitm/etc/
  185.  
  186.     # Add explicit algorithm lists to ssh client's config.
  187.     echo -e "\nHostKeyAlgorithms ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss\n\nKexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group1-sha1\n\nCiphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-gcm@openssh.com,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,cast128-cbc,3des-cbc,arcfour256,arcfour128,arcfour\n\nMACs umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com,umac-64-etm@openssh.com,umac-64@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-ripemd160@openssh.com,hmac-ripemd160,hmac-sha1-etm@openssh.com,hmac-sha1,hmac-sha1-96-etm@openssh.com,hmac-sha1-96,hmac-md5-etm@openssh.com,hmac-md5,hmac-md5-96-etm@openssh.com,hmac-md5-96\n" >> ~ssh-mitm/etc/ssh_config
  188.  
  189.     # Copy the executables to the "bin" directory.
  190.     cp $openssh_source_dir/sshd ~ssh-mitm/bin/sshd_mitm
  191.     cp $openssh_source_dir/ssh ~ssh-mitm/bin/ssh
  192.  
  193.     # Strip the debugging symbols out of the executables.
  194.     strip ~ssh-mitm/bin/sshd_mitm ~ssh-mitm/bin/ssh
  195.  
  196.     # Create a 4096-bit RSA host key and ED25519 host key.
  197.     ssh-keygen -t rsa -b 4096 -f /home/ssh-mitm/etc/ssh_host_rsa_key -N ''
  198.     ssh-keygen -t ed25519 -f /home/ssh-mitm/etc/ssh_host_ed25519_key -N ''
  199.  
  200.     # Create the "empty" directory to make the privsep function happy,
  201.     # as well as the ".ssh" directory (for some reason, this was observed
  202.     # to not be created properly at run-time...).
  203.     mkdir -m 0700 ~ssh-mitm/empty ~ssh-mitm/.ssh
  204.  
  205.     # Set ownership on the "empty" directory and SSH host keys.
  206.     chown ssh-mitm:ssh-mitm /home/ssh-mitm/empty /home/ssh-mitm/.ssh /home/ssh-mitm/etc/ssh_host_*key*
  207.  
  208.     # Create the "run.sh" script, then set its permissions.
  209.     cat > ~ssh-mitm/run.sh <<EOF
  210. #!/bin/bash
  211. /home/ssh-mitm/bin/sshd_mitm -f /home/ssh-mitm/etc/sshd_config
  212. if [[ $? == 0 ]]; then
  213.     echo "sshd_mitm is now running."
  214.     exit 0
  215. else
  216.     echo -e "\n\nERROR: sshd_mitm failed to start!\n"
  217.     exit -1
  218. fi
  219. EOF
  220.     chmod 0755 ~ssh-mitm/run.sh
  221.  
  222.     # Install the AppArmor profiles.
  223.     if [[ ! -d /etc/apparmor.d ]]; then
  224.         mkdir -m 0755 /etc/apparmor.d
  225.     fi
  226.     cp apparmor/home.ssh-mitm.bin.sshd_mitm /etc/apparmor.d/
  227.     cp apparmor/home.ssh-mitm.bin.ssh /etc/apparmor.d/
  228.  
  229.     # Enable the profiles.
  230.     service apparmor reload 2> /dev/null
  231.  
  232.     # If AppArmor isn't installed, give Kali users a chance to install it
  233.     # automatically (if Kali is installed to disk).  For other distros,
  234.     # simply print a warning.
  235.     if [[ $? != 0 ]]; then
  236.  
  237.         # Is this Kali Linux?
  238.         grep Kali /etc/lsb-release > /dev/null
  239.         if [[ $? == 0 ]]; then
  240.  
  241.             # Is Kali installed, or is it a Live CD boot?
  242.             if [[ -f /etc/default/grub ]]; then  # Its installed.
  243.                 echo -e -n "\nKali Linux detected with no AppArmor installed.  For added safety, it is highly recommended (though not required) that sshd_mitm is run in a restricted environment.  Would you like to automatically enable AppArmor? (y/n) "
  244.                 read -n 1 install_apparmor
  245.                 echo -e "\n"
  246.  
  247.                 # If the user chose to install AppArmor...
  248.                 if [[ ($install_apparmor == 'y') || ($install_apparmor == 'Y') ]]; then
  249.                     echo -e "Getting apparmor from repository...\n"
  250.                     apt -y install apparmor
  251.  
  252.                     echo -e "\nEnabling AppArmor on startup...\n"
  253.                     update-rc.d apparmor enable
  254.  
  255.                     echo -e "\nUpdating bootloader...\n"
  256.                     sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT="quiet"/GRUB_CMDLINE_LINUX_DEFAULT="quiet apparmor=1 security=apparmor"/' /etc/default/grub
  257.                     update-grub2
  258.  
  259.                     echo -e "\nFinished installing AppArmor.  Reboot to enable it.\n"
  260.                 else  # User declined to install AppArmor.
  261.                     echo -e "\nAppArmor will not be automatically installed."
  262.                 fi
  263.             else  # Kali Live CD boot.
  264.                 echo -e "\n\n\t!!! WARNING !!!: AppArmor is not available on Kali Live instances.  For added safety, it is highly recommended (though not required) that sshd_mitm is run in a restricted environment.  Installing Kali to a disk would allow AppArmor to be enabled.\n"
  265.             fi
  266.  
  267.         else  # This is not Kali Linux.
  268.             echo -e "\n\n\t!!! WARNING !!!: AppArmor is not installed.  It is highly recommended (though not required) that sshd_mitm is run in a restricted environment.\n\n\tInstall AppArmor with: \"apt install apparmor\".\n"
  269.         fi
  270.     fi
  271. }
  272.  
  273.  
  274. if [[ `id -u` != 0 ]]; then
  275.     echo "Error: this script must be run as root."
  276.     exit -1
  277. fi
  278.  
  279. install_prereqs
  280. reset_env $1
  281. get_openssh
  282. compile_openssh
  283. setup_environment
  284.  
  285. echo -e "\n\nDone!  The next step is to use JoesAwesomeSSHMITMVictimFinder.py to find target IPs, then execute start.sh and ARP spoof.\n\n"
  286. exit 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement