nullenc0de · February 18, 2025 21:13
diff --git a/kali_nids_evasion.sh b/kali_nids_evasion.sh
 #!/bin/bash
 # Filename: kali_nids_evasion.sh
 # Focus: Host behavior obfuscation without MAC modification
 # Requires root privileges

 # Check for root privileges
 if [[ $EUID -ne 0 ]]; then
   echo "This script must be run as root"
   exit 1
 fi

 # Backup original files
 BACKUP_DIR="/root/backup_$(date +%Y%m%d_%H%M%S)"
 mkdir -p "$BACKUP_DIR"

 # Generate a hostname
 # Using a format that could be common in a Windows environment
 NEW_HOSTNAME="WIN-$(openssl rand -hex 4 | tr '[:lower:]' '[:upper:]')"

 # Create sysctl.conf if it doesn't exist
 if [ ! -f "/etc/sysctl.conf" ]; then
    touch /etc/sysctl.conf
 fi

 # Backup critical files
 for file in /etc/hostname /etc/hosts /etc/sysctl.conf; do
    if [ -f "$file" ]; then
        cp "$file" "$BACKUP_DIR"
    fi
 done

 # Backup dhclient.conf if it exists
 if [ -f "/etc/dhcp/dhclient.conf" ]; then
    cp /etc/dhcp/dhclient.conf "$BACKUP_DIR"
 fi

 # Hostname obfuscation
 echo "[*] Changing system identity"
 echo "$NEW_HOSTNAME" > /etc/hostname

 # Properly update /etc/hosts
 # First, back up the original hosts file
 cp /etc/hosts /etc/hosts.bak

 # Create new hosts file with proper entries
 echo "127.0.0.1 localhost" > /etc/hosts
 echo "127.0.1.1 $NEW_HOSTNAME" >> /etc/hosts
 echo "::1     localhost ip6-localhost ip6-loopback" >> /etc/hosts
 echo "ff02::1 ip6-allnodes" >> /etc/hosts
 echo "ff02::2 ip6-allrouters" >> /etc/hosts

 # Set the new hostname
 hostnamectl set-hostname "$NEW_HOSTNAME"

 # Network parameter randomization
 echo "[*] Modifying network stack parameters"
 # Randomize TTL (between 64-128)
 RANDOM_TTL=$(( RANDOM % 65 + 64 ))
 echo "net.ipv4.ip_default_ttl = $RANDOM_TTL" > /etc/sysctl.conf

 # TCP timestamp obfuscation
 echo "net.ipv4.tcp_timestamps = 0" >> /etc/sysctl.conf

 # DHCP fingerprint modification
 echo "[*] Modifying DHCP client behavior"
 if [ -f "/etc/dhcp/dhclient.conf" ]; then
    sed -i 's/^send host-name =.*/send host-name = "Dell-Client";/g' /etc/dhcp/dhclient.conf
    sed -i 's/^send fqdn.fqdn =.*/send fqdn.fqdn = "client-office-pc";/g' /etc/dhcp/dhclient.conf
 fi

 # Apply sysctl changes
 sysctl -p

 # Tool fingerprint obfuscation
 echo "[*] Modifying application fingerprints"
 # Wget
 echo "header = User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" > /root/.wgetrc
 echo "robots = off" >> /root/.wgetrc

 # Curl
 echo "user-agent = Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" > /root/.curlrc

 # Service randomization
 echo "[*] Modifying service patterns"
 systemctl stop postgresql.service 2>/dev/null
 systemctl stop apache2.service 2>/dev/null
 systemctl mask kali-announce.service 2>/dev/null

 # Disable SSH if it was started
 systemctl stop ssh.service 2>/dev/null
 systemctl disable ssh.service 2>/dev/null

 # Generate random cron patterns
 echo "[*] Creating noise patterns"
 for i in {1..3}; do
    CRON_TIME=$((RANDOM % 59))" "$((RANDOM % 23))" * * "$((RANDOM % 6 + 1))
    echo "$CRON_TIME root /bin/echo > /dev/null" >> /etc/crontab
 done

 echo "[!] Obfuscation complete. Key changes:"
 echo " - Hostname: $NEW_HOSTNAME"
 echo " - TTL Value: $RANDOM_TTL"
 echo " - DHCP Fingerprint: Dell-Client"
 echo " - Network Tools: Windows UA spoofing"
 echo " - SSH service disabled"
 echo " - Backups stored in: $BACKUP_DIR"
 echo "[!] Please reboot the system for all changes to take effect."

 # Inform about hosts file backup
 echo "[*] Original hosts file backed up to /etc/hosts.bak"
	#!/bin/bash
	# Filename: kali_nids_evasion.sh
	# Focus: Host behavior obfuscation without MAC modification
	# Requires root privileges

	# Check for root privileges
	if [[ $EUID -ne 0 ]]; then
	echo "This script must be run as root"
	exit 1
	fi

	# Backup original files
	BACKUP_DIR="/root/backup_$(date +%Y%m%d_%H%M%S)"
	mkdir -p "$BACKUP_DIR"

	# Generate a hostname
	# Using a format that could be common in a Windows environment
	NEW_HOSTNAME="WIN-$(openssl rand -hex 4 \| tr '[:lower:]' '[:upper:]')"

	# Create sysctl.conf if it doesn't exist
	if [ ! -f "/etc/sysctl.conf" ]; then
	touch /etc/sysctl.conf
	fi

	# Backup critical files
	for file in /etc/hostname /etc/hosts /etc/sysctl.conf; do
	if [ -f "$file" ]; then
	cp "$file" "$BACKUP_DIR"
	fi
	done

	# Backup dhclient.conf if it exists
	if [ -f "/etc/dhcp/dhclient.conf" ]; then
	cp /etc/dhcp/dhclient.conf "$BACKUP_DIR"
	fi

	# Hostname obfuscation
	echo "[*] Changing system identity"
	echo "$NEW_HOSTNAME" > /etc/hostname

	# Properly update /etc/hosts
	# First, back up the original hosts file
	cp /etc/hosts /etc/hosts.bak

	# Create new hosts file with proper entries
	echo "127.0.0.1 localhost" > /etc/hosts
	echo "127.0.1.1 $NEW_HOSTNAME" >> /etc/hosts
	echo "::1 localhost ip6-localhost ip6-loopback" >> /etc/hosts
	echo "ff02::1 ip6-allnodes" >> /etc/hosts
	echo "ff02::2 ip6-allrouters" >> /etc/hosts

	# Set the new hostname
	hostnamectl set-hostname "$NEW_HOSTNAME"

	# Network parameter randomization
	echo "[*] Modifying network stack parameters"
	# Randomize TTL (between 64-128)
	RANDOM_TTL=$(( RANDOM % 65 + 64 ))
	echo "net.ipv4.ip_default_ttl = $RANDOM_TTL" > /etc/sysctl.conf

	# TCP timestamp obfuscation
	echo "net.ipv4.tcp_timestamps = 0" >> /etc/sysctl.conf

	# DHCP fingerprint modification
	echo "[*] Modifying DHCP client behavior"
	if [ -f "/etc/dhcp/dhclient.conf" ]; then
	sed -i 's/^send host-name =.*/send host-name = "Dell-Client";/g' /etc/dhcp/dhclient.conf
	sed -i 's/^send fqdn.fqdn =.*/send fqdn.fqdn = "client-office-pc";/g' /etc/dhcp/dhclient.conf
	fi

	# Apply sysctl changes
	sysctl -p

	# Tool fingerprint obfuscation
	echo "[*] Modifying application fingerprints"
	# Wget
	echo "header = User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" > /root/.wgetrc
	echo "robots = off" >> /root/.wgetrc

	# Curl
	echo "user-agent = Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" > /root/.curlrc

	# Service randomization
	echo "[*] Modifying service patterns"
	systemctl stop postgresql.service 2>/dev/null
	systemctl stop apache2.service 2>/dev/null
	systemctl mask kali-announce.service 2>/dev/null

	# Disable SSH if it was started
	systemctl stop ssh.service 2>/dev/null
	systemctl disable ssh.service 2>/dev/null

	# Generate random cron patterns
	echo "[*] Creating noise patterns"
	for i in {1..3}; do
	CRON_TIME=$((RANDOM % 59))" "$((RANDOM % 23))" * * "$((RANDOM % 6 + 1))
	echo "$CRON_TIME root /bin/echo > /dev/null" >> /etc/crontab
	done

	echo "[!] Obfuscation complete. Key changes:"
	echo " - Hostname: $NEW_HOSTNAME"
	echo " - TTL Value: $RANDOM_TTL"
	echo " - DHCP Fingerprint: Dell-Client"
	echo " - Network Tools: Windows UA spoofing"
	echo " - SSH service disabled"
	echo " - Backups stored in: $BACKUP_DIR"
	echo "[!] Please reboot the system for all changes to take effect."

	# Inform about hosts file backup
	echo "[*] Original hosts file backed up to /etc/hosts.bak"