Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Morpheus - tcp/udp scripting syntax (warn.sh auxiliary script) #19

Open
r00t-3xp10it opened this issue May 16, 2018 · 0 comments
Open

Comments

@r00t-3xp10it
Copy link
Owner

r00t-3xp10it commented May 16, 2018


Description of warn.sh morpheus auxiliary script


  This script will sound a BEEP IF the 'sellected event' its found ..
  The objective of this script its to assist morpheus tool to sound warnings (beep sounds)
  everytime the sellected event its trigged. HOW? cd /root/morpheus/bin && ./warn.sh

  In this case the 'event' will be the creation of Filter output: 'beep-warning.beep'
  logfile, that warn.sh script its searching (in logs folder) to emitt one sound warning
  to framework users (BEEP). It also deletes the logfile to allow the loop funtion to
  trigger another warning if the event its trigger again ..

Press this link if you desire to view the warn.sh sourcecode (optional | not needed)

Where is located the 'warn.sh' auxiliary script?

  ../morpheus/bin/warn.sh

In what situation do we use it?

  Everytime we need a morpheus filter rule to trigger one sound warning 

Can you tell me more about it?

  Morpheus uses warn.sh auxiliary script in module [17] DHCP discovery (auto)..

  But morpheus users can trigger the warn.sh auxiliary by simple add a rule
  in 'morpheus scripting console' terminal windows to write beep-warning.beep
  logfile in logs folder thats going to trigger warn.sh sound warnings ..

what 'rule' do we need to add to filter?

  • The bellow API searchs inside captured packet for string: facebook
    a) The "if (search()" API its required in filter to be abble to call the 2º API that builds logs
    b) Most filters in morpheus framework, contains the "if (search()" API allready ..

    if (search(DATA.data, "facebook")) {
    
  • The below API writes beep-warning.beep file in morpheus/logs
    "IF the string 'facebook' is found inside captured tcp/udp packet"

    log(DATA.data, "./beep-warning.beep");
    
  • WARNING: The log(DATA() API requires the: if (search(DATA() API present.




Now that i have added the rules to my filter how can we trigger warn.sh?

  • Open a new terminal windows and execute the follow command:

    cd /root/morpheus/bin && ./warn.sh
    
  • Close morpheus scripting console terminal windows (save the changes)
    Press [ctrl+x] + Press [y] + Press [enter] to save filter changes
    Morpheus framework will then start mitm + dns_spoof + filter

  • And have fun with events triggering a sound warning..





STEP-BY-STEP HOW TO

Improving "Block cpu crypto-minning" module filter to use warn.sh alerts ..

  • 1º - run ./morpheus.sh and chose option [ 18 ]
  • 2º - Add the follow rule into morpheus scripting console terminal windows
    morpheus
    WARNING: This only trigger a sound in "coinhive" events found
  • 3º - start warn.sh auxiliary script (open new terminal and execute)
    morpheus
    warn.sh auxiliary script running ..
    morpheus
  • 4º - Close morpheus scripting console (save changes to filter)
    Press [ctrl+x] + Press [y] + Press [enter]
    morpheus

All working together (morpheus + filter + warn.sh)..
morpheus

  • 5º - Press [ctrl+c] in warn.sh to stop it
  • 6º - Press [q] in morpheus to stop arp poison

Final notes:

Remmenber that changing the filters of morpheus using the 'morpheus scripting console' will NOT make the changes permanent in filter.. (the filter will be reverted to is original state when the attack stops)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant