|
Re: [Announce] Yet another MITM attack script (Yamas-ARM)
1 Attachment(s)
Quote:
- missing an icon. - added all dependencies apart from sslstrip - start the app with: Code:
sudo gainroot |
Re: [Announce] Yet another MITM attack script (Yamas-ARM)
Quote:
Starting it with yamas is perfect, I've been lazy to do that in the BT5 version, and I still start it with "mitm". What a shame :p You should check the download again though, I just implemented the first-tun check. I'll upload the .deb to Unhuman's webiste and ask him to edit what needs to be edited ! Due to unfortunate circumstances, he only has limited internet connection these days, so it might take some time. Do you know how to handle google projects ? With .svn and all that ? We could provide updates that way. For the icon, I could try to do one, what are the specs of them ? Size, format, etc. ? |
Re: [Announce] Yet another MITM attack script (Yamas-ARM)
can someone help me out please?
everything seems to be in order, dependencies and all. but i still end up getting nothing. tail-grep is showing me nothing and no details show up in the password window! |
Re: [Announce] Yet another MITM attack script (Yamas-ARM)
4 Attachment(s)
Quote:
The icon ideally should be 48x48 and png. Next version I will add you as a maintainer :) and upload to the repos. I have already added the complete disclaimer you provide. Some screenshots for you since you haven't got an N900; it's a real pity - this device was made for people like you! Maybe you get the next one, i.e. N9? |
Re: [Announce] Yet another MITM attack script (Yamas-ARM)
Had some problems with the autobuilder which didn't like the long description. I finally had to cut it a little in order to let it pass.
OK finally. Check in 20 min from now here: http://maemo.org/packages/view/yamas/ Cheers |
Re: [Announce] Yet another MITM attack script (Yamas-ARM)
Just AMAZING work... Nothing more to say <3
EDIT: Updated first post, and pcsci3nce.info |
Re: [Announce] Yet another MITM attack script (Yamas-ARM)
Quote:
Obviously, reason is they don't exist in extras. |
Re: [Announce] Yet another MITM attack script (Yamas-ARM)
Quote:
|
Re: [Announce] Yet another MITM attack script (Yamas-ARM)
I've installed both ettercap and sslstrip using the links in the first post. After that, I installed Yamas using the package in extras. When I launch it, after setting all to default (ports, etc.), I get a warning stating that "cannot convert "nil12" to type FontStruct". I am more than a noob. I have no idea what it means as I don't know what is "nil12". I checked with yamas -d, and all dependencies are OK.
By the way, I tried to attack my laptop connected to my private wifi network. It was detected as a host but no passwords were retrieved. Nothing was appended to the main file like in the video shown on pcsci3nce.info. Any idea there? |
Re: [Announce] Yet another MITM attack script (Yamas-ARM)
the new package is working despite the same msg i get as Kabouik (cannot convert "nil12" to type FontStruct) and the saving issue is solved now it can save. but its saving to /home/user/.yamas can i make it save to /home/user/MyDocs/Yamas ? or symlink to there ?
the warning during installing (replacing) busybox-power was a bit scary, whats the difference between the old stock and the new one ? |
Re: [Announce] Yet another MITM attack script (Yamas-ARM)
Ignore all font warnings.
|
Re: [Announce] Yet another MITM attack script (Yamas-ARM)
Quote:
Saturn : I'm trying to create an account on maemo (seems like the one for the forums isn't enough) but it's having problems with confirming registration... Anyway, I'll need your help concerning the repos and all, so send me a mail at contact.comax@gmail.com ;) By the way, I'm trying to install maemo in a Vmware so that I can do tests on my own ! |
Re: [Announce] Yet another MITM attack script (Yamas-ARM)
3 Attachment(s)
hi, i've installed ettercap 0.7.3 and ssltrip 0.9 and then i've installed yamas from repos. when i launch yamas as root whith all settings default my network seems slow down and it can't discover any password.. can someone help me?
|
Re: [Announce] Yet another MITM attack script (Yamas-ARM)
Quote:
|
Re: [Announce] Yet another MITM attack script (Yamas-ARM)
Quote:
|
Re: [Announce] Yet another MITM attack script (Yamas-ARM)
Quote:
Also, if you haven't rebooted since, is there grepcred.txt in /tmp ? |
Re: [Announce] Yet another MITM attack script (Yamas-ARM)
Quote:
it says: rc grep-gnu 2.5.-4maemo4 and when i type apt-get install grep it says: selecting busybox instead of grep busybox is already the newest version. what about installing the grep-gnu package? |
Re: [Announce] Yet another MITM attack script (Yamas-ARM)
Quote:
even i am facing the same problem.. all dependicies are met and script runs fine.. however i cant see any passwords .. the password.txt is also empty i did dpkg -l | grep grep but i dont get any output.. so i tried apt-get install grep but it says i have the latest version Please help.. Thanks Bipin |
Re: [Announce] Yet another MITM attack script (Yamas-ARM)
Got stuck with comax on the maemo sdk in virtual box - how can we install busybox-power in the SDK exactly? Got everything else installed, It returns an error -
dpkg: error processing /var/cache/apt/archives/busybox-power_1.18.5power1.armel.deb ( --unpack): subprocess pre-installation script returned error exit status 1 Errors were encountered while processing: /var/cache/apt/archives/busybox-power_1.18.5power1_armel.deb E: Sub process /scratchbox/devkits/debian-etch/bin/dpkg returned an error code (1) |
Re: [Announce] Yet another MITM attack script (Yamas-ARM)
Quote:
|
Re: [Announce] Yet another MITM attack script (Yamas-ARM)
Quote:
|
Re: [Announce] Yet another MITM attack script (Yamas-ARM)
i have busybox-power installed!
|
Re: [Announce] Yet another MITM attack script (Yamas-ARM)
Quote:
bipinbn has the right output though... Are you guys trying this on your own network ? Did you saved the whole log file and searched for the credentials you submitted ? Copy all the output to a pastebin so that we know what's going on. Make it disappear after one or two days, it would look bad if people found them while just searching for yamas :p |
Re: [Announce] Yet another MITM attack script (Yamas-ARM)
1 Attachment(s)
Quote:
i'm quite a noob, do you mean the output saved on /home/user/.yamas/ ? i've attached my output. i hope it can help to solve my problem. I would love to try this script ;) |
Re: [Announce] Yet another MITM attack script (Yamas-ARM)
what do you think about a bad installation of sslstrip or of ettercap?
|
Re: [Announce] Yet another MITM attack script (Yamas-ARM)
Quote:
i'll have a look at your file and report ;) EDIT : the file was just fine, something must have f*cked up during the parsing... And it fails for some reason, check that you have /tmp/grepcred.txt and that it's not empty. For some reason, it happens to me from time to time... Maybe my host provider doesn't like too much requests at the same time... |
Re: [Announce] Yet another MITM attack script (Yamas-ARM)
Quote:
|
Re: [Announce] Yet another MITM attack script (Yamas-ARM)
Quote:
BusyBox v1.18.5 (Debian 1.18.5power1) built-in shell (ash) Enter 'help' for a list of built-in commands. ~ $ sudo gainroot Root shell enabled BusyBox v1.18.5 (Debian 1.18.5power1) built-in shell (ash) Enter 'help' for a list of built-in commands. /home/user # egrep BusyBox v1.18.5 (Debian 1.18.5power1) multi-call binary. No help available. /home/user # grep BusyBox v1.18.5 (Debian 1.18.5power1) multi-call binary. Usage: grep [-HhnlLoqvsriwFE] [-m N] [-A/B/C N] PATTERN/-e PATTERN.../-f FILE [FILE]... Search for PATTERN in FILEs (or stdin) Options: -H Add 'filename:' prefix -h Do not add 'filename:' prefix -n Add 'line_no:' prefix -l Show only names of files that match -L Show only names of files that don't match -c Show only count of matching lines -o Show only the matching part of line -q Quiet. Return 0 if PATTERN is found, 1 otherwise -v Select non-matching lines -s Suppress open and read errors -r Recurse -i Ignore case -w Match whole words only -F PATTERN is a literal (not regexp) -E PATTERN is an extended regexp -m N Match up to N times per file -A N Print N lines of trailing context -B N Print N lines of leading context -C N Same as '-A N -B N' -e PTRN Pattern to match -f FILE Read pattern from file /home/user # |
Re: [Announce] Yet another MITM attack script (Yamas-ARM)
Missing dependancy
ettercap-common Should probably remove. |
Re: [Announce] Yet another MITM attack script (Yamas-ARM)
For info..
New version in devel (0.9.4-1) with changes that comaX sent me. changelog: * Added option -d to force dependencies check. * Dependency check will be run automatically unless it has been a success at least once. * Corrected urls of files to download. * Protected some tests better. * Changed log storage folder to /home/user/yamas Some other info from me: - we avoid the MyDocs folder to store logs as it is not always available, e.g. when in mass storage mode. - previous version is broken since I messed the urls to download the grepcred.txt file (sorry guys my fault completely). Proposal to comaX: we could add the two files needing download in the package and provide updates on them with new distributions. - the ettercap-common is a dependency (as is sslstrip) but the repos don't have a version atm. Have moved it to the proposed packages. |
Re: [Announce] Yet another MITM attack script (Yamas-ARM)
comaX, you are now maintainer in your project :D
just approved your request. |
Re: [Announce] Yet another MITM attack script (Yamas-ARM)
Quote:
|
Re: [Announce] Yet another MITM attack script (Yamas-ARM)
Yamas 0.9.4-1 did not solve my problem. Still no password retrieved when I attack my private wifi network, and I still get the following output:
Quote:
|
Re: [Announce] Yet another MITM attack script (Yamas-ARM)
Quote:
it might be irrelevant but you could try install and purge the grep-gnu package? from the "rc" flag it seems you still have the configuration. I would do: Code:
apt-get install grep-gnuhih |
Re: [Announce] Yet another MITM attack script (Yamas-ARM)
Quote:
/home/user # apt-get remove --purge grep-gnu Reading package lists... Done Building dependency tree Reading state information... Done The following packages will be REMOVED: grep-gnu* WARNING: The following essential packages will be removed. This should NOT be done unless you know exactly what you are doing! grep-gnu 0 upgraded, 0 newly installed, 1 to remove and 2 not upgraded. After this operation, 1143kB disk space will be freed. You are about to do something potentially harmful. To continue type in the phrase 'Yes, do as I say!' ?] Yes, do as I say! dpkg - warning, overriding problem because --force enabled: This is an essential package - it should not be removed. (Reading database ... 28776 files and directories currently installed.) Removing grep-gnu ... Purging configuration files for grep-gnu ... dpkg: error processing grep-gnu (--purge): subprocess post-removal script returned error exit status 1 Errors were encountered while processing: grep-gnu E: Sub-process /usr/bin/dpkg returned an error code (1) /home/user # |
Re: [Announce] Yet another MITM attack script (Yamas-ARM)
Thank you Comax,Unhuman,Saturn.You made N900 invaluable.
|
Re: [Announce] Yet another MITM attack script (Yamas-ARM)
Quote:
what does it say for: Code:
apt-cache rdepends grep-gnuthen apt-get -f install remove grep-gnu if it is still there and then reinstall yamas (if you want it). we can do it on steps, send me PMs with output of every step. |
Re: [Announce] Yet another MITM attack script (Yamas-ARM)
Quote:
About the warning: whilst I haven't had a single report of a failing installation (out of a lot of downloads, according to this), it does seem fair to me to warn users about what the installation does, which is in fact overwriting an essential binary. Quote:
Seems like I have to implement some checks to detect the current environment, and use different codepaths for them in the shell scripts. Thanks for spotting the failing installation in the SDK environment :) By the way, if you're going to use the SDK as a development platform for YAMAS: do note that the SDK doesn't match Maemo 100%; e.g. Scratchbox has GNU grep and egrep, whilst these are provided by BusyBox in Maemo. In fact, BusyBox isn't even installed by default in Scratchbox. I'm sure there are quite a few more of these kind of differences. |
Re: [Announce] Yet another MITM attack script (Yamas-ARM)
I've just tested it :
- yamas saves the files into /home/user/yamas not home/user/MyDocs/yamas - the password.txt contains website = www.facebook.com login = true website = www.facebook.com login = (some numbers assuming it maybe the password) why don't it show the ID or the username ? |
Re: [Announce] Yet another MITM attack script (Yamas-ARM)
Quote:
Here's just a hint : we are parsing the log. You should use the script on your own connection and then get log into a maximum of sites to know what the output should look like. The saving location is just a variable now, so you can change it to whatever suits you ;) Saturn used this location because of some problem with MyDocs not being always available or something. |
| All times are GMT. The time now is 23:20. |
vBulletin® Version 3.8.8