[ announce ] hackattack!
 

update: new version, everything fixed now:o

You have probably seen the YAMAS MITM ARP spoof script that was recently announced. While an interesting idea, it was not written with the N900 in mind. Thus, it had numerous points that needed addressed before it could be considered ready for N900.


Greetz!

Thanks to comax for writing the thing.

Unhuman for hosting, alerting us to it.

Torpedo48 for testing, development.

Here I present a more N900 friendly version. This is better than the original because:

it has far fewer dependencies
is more compatible with a stock N900
it shutsdown ethercap nicely without barfing on the routers ARP table.

http://i54.tinypic.com/feqxpi.png

REQUIREMENTS:

iptables
nmap
iproute
python-twisted-web
python-openssl
python-scapy
libpcap0.8
libpcre3
sslstrip*see below
ettercap*see below

*Installation guide for ettercap, sslstrip and many other tools can be found at: http://pcsci3nce.info/?p=9

Refer to unhumans original post and blog for more details.

Script here:

link


Installer!

navigate to the directory you want to put the script in then run:

Re: [ announce ] hackattack!
 

Update: If you are bothered about wifite using /tmp/ on rootfs to store temporary data, run this command AFTER you have installed everything:

Update: Internet super hero Torpedo48 has created the installation/use guide this post was supposed to be. It don't get much easier than this folks!

Further to the MITM script above I present another shameless hijacking of somone else's work:

They called it wifite.py...

http://i54.tinypic.com/2qv8ljm.png

I call it wepon!

This is a mildly altered copy of wifite.py with some accompanying scripts to hold the whole lot together.

Why should I care?

You should care because this is a FULLY automated WEP cracking solution. No more spazzing about with any arsecrack. Simply type into the terminal (as root) wepon, then after some minutes some WEP keys will appear on the screen for all the WEP networks around you.

While it is possible to attack WPA networks with wifite I have disabled it for obvious reasons. If you are the kind of person who carries several GB of rainbow tables around on his phone then by all means re-enable it. It was disabled to speed up attack time.


Dependencies?
also install:

iw
macchanger
aircrack 1.1


Operation
The first script runs the original 'load.sh' as written by lxp. It then puts your wifi into injection mode, then runs wifite.py

wifite.py is a work of artistic scripting beauty, more details can be found here.


Installation
copy this script to '/usr/bin/wepon' and chmod +x it


copy this script to '/usr/bin/wepoff' and chmod +x it


copy this archive to '/opt/wifi_mon/' and decompress it:

alternative here.

decompress with:


Final note

When you are done testing pens run the 'wepoff' script. This unloads the wifi injection modules, puts wifi back into normal mode and sets the device to european channels (this simply means up to wifi channel 13 is available).

Massive thanks to lxp for creating these injection drivers. If you have not donated him at least a measly $1 for his hard work to write them you are a total gonad.

Only for learning purposes, legal blah blah blah blah

Re: [ announce ] hackattack!
 

Nice was about to write also a tutorial for karam for his thread about wifite;py but you did it already. I have just the original script running and I have no problems at all. But your modified script made me wonder how does it turn monitor mode on?
Why don't you use the mon0 interface spawned by airmon? Since Mentalist Traceur updated iw it doesn't conflict with aircrack anymore and thus airmon works. IMO must easier as you can still browse the web with wlan0 ;)

Re: [ announce ] hackattack!
 

the i like most about these apps is the legal blah blah blah
cause i bet event those who wrote the app used it for evil

Re: [ announce ] hackattack!
 

I scripted all of this a while back, my copy of iw is just stolen strait outta the debian lenny armel deb! I found wifite to be a bit ropey with putting the device into monitor mode so decided to do it outwith. If you wanted mon0 style monitor mode you can easily just comment out the appropriate ifconfig lines in wepon/wepoff.

Re: [ announce ] hackattack!
 

Some .deb package on the near horizont??

Thanks for the work.

Re: [ announce ] hackattack!
 

Or just change these ifconfig lines to airmon-ng start wlan0 ;) Personal I never had problems using wifite.py when putting into monitor mode, I don't use it a lot though but if you say its a bit ropey this would probably a better solution than letting wifite.py do the job.

edit: Forgot to say I like the way you disabled WPA-Attack as you won't come any further with WPA on a phone, except the handshake capture :P WEP is doing great on the N900 :D

Re: [ announce ] hackattack!
 

I'll test it as soon as I can; BTW could you correct the typo I accidentally wrote in the checking of opt/tmp (line 16 - does not EXIST)? Thanks ;)

Re: [ announce ] hackattack!
 

Ok, used the script once and it worked pretty bad, something got screwed up since our last version.

1 - Log is saved in root, despite the script telling the user it has been saved in opt/tmp, and vice versa (passwords are saved in opt/tmp, but the script says they are in /root); I'm fixing this in minutes;

2 - Websites are not shown in real time parsing, what happened???

3 - Ettercap is not properly closed, and after the closing of the script victims are not re-arped so the user has to manually enter "q" in ettercap for resetting the network.

EDIT: first point should be fixed now, check this out:
LINK REMOVED TO AVOID CONFUSION

I'm trying it right now...

Re: [ announce ] hackattack!
 

hi
sorry i just me or there in not link for wepon and wepoff?

Re: [ announce ] hackattack!
 

Ok point 1 is definitely fixed, however I've discovered some other typos and misfunctions.

@vi_: maybe we should add a warning in OP telling people to not use the script for the moment, as it doesn't provide its original features.

Re: [ announce ] hackattack!
 

now we just need a valiant person to make a UI for this to make it more n900 friendly :P


nice script btw, ftw!

Re: [ announce ] hackattack!
 

: not found: line 4:
hackattack.sh: line 26: syntax error: unexpected word (expecting "in")

What should I do?

Re: [ announce ] hackattack!
 

Please do not use the script, it is still in development, contains many many bugs and needs some more testing before the final release!

Re: [ announce ] hackattack!
 

why not use the script? i wanna test this script dont worry for the bugs

Re: [ announce ] hackattack!
 

Ok, sorry for the panic :D

Try this one: LINK REMOVED TO AVOID CONFUSION
Note that I didn't work on your problem, just trying to remove little bugs (e.g. the script was trying to delete grepcred.txt, which doesn't exist anymore if I correctly understood what vi_ had did).

Re: [ announce ] hackattack!
 

same error

Re: [ announce ] hackattack!
 

Don't know what to say, it works pretty well for me, except for bugs I've already listed (ettercap won't re-arping the victims; some code to trim out; real time parser broken).

Ehi vi_ where are you, we miss you! :p

Re: [ announce ] hackattack!
 

Just a thought. For all the people reading this forum, could you please give a detailed explanation of what this does. You could also reply "If you don't know, don't ask?" but I'll never learn.

Re: [ announce ] hackattack!
 

Google
http://pcsci3nce.info/?p=9
http://pcsci3nce.info/?p=11

As for the script - I haven't had the time to test it yet, however can it NOT be in this green font :X It is ugly :(

Re: [ announce ] hackattack!
 

oopz, seems I ****ed this one up. Gimme some moments to sort this out.

The green font is just my xterm, obviously it will be in what ever color your xterm font is set to.

However everyone knows green font on black background is the leetestist color!

Re: [ announce ] hackattack!
 

Okay, I think I uploaded the wrong version. I have just tested this version and it works. It parses passwords, creates the log in /opt/tmp and behaves as normal.

Torpedo, please strip all the links in your posts to pastebin in order to avoid confusion.

If for some reason THIS version does not work, there is something extremely fvcking strange going on here.

install script on first post.

Re: [ announce ] hackattack!
 

Downloaded and tested it. Traffic redirecting is working, tail grep shows traffic to sites, however I get no login credentials in the Passwords window. Moreover, links stay https for me for some reason.

Tho I installed and reinstalled like 50 packages today so it might just be my phone. Waiting for someone to confirm/deny.

Re: [ announce ] hackattack!
 

unhuman are you using busybox-power?

can you report your busybox version?

It could be a problem with stock busybox egrep.

Re: [ announce ] hackattack!
 

version 1.18.5

Re: [ announce ] hackattack!
 

have downloaded it throu the wget link on first page and im running into this error ??


this script worked fine

solved i just edited script an took out the s before /bin .. an its now done its job ...

will test abit more but all seems good now many thanks for your work to all involved ..


edit


1 thing i did notice was it doesnt tell you which web site they are from ..

Re: [ announce ] hackattack!
 

ooooo i forgot ettercap screen isnt terminating either ...

Re: [ announce ] hackattack!
 

That is because you HAVE to shutdown ettercap maually. i.e. you MUST press q in order for it to re-ARP it's victims. If you dont the network will be foobar till the next arp refresh (could be up to 15 minutes). The original version of this script used arpspoof from dsniff, unhuman changed it to use ettercap, I changed it to NOT blindly kill ettercap. If you can figure out how to send a 'q' keystroke to the ettercap console, let me know.

Re: [ announce ] hackattack!
 

That means they are using a token to identify the website field in the site you were on that is not defined in the script. The script catches most of them except some are a bit freaky and do things there own way. This is why you have the option to save the complete log, for further analysis.

I wonder why your version of ettercap is installed to a different directory?

Which version did you install? (link pls)

Re: [ announce ] hackattack!
 

i installed ettercap from this post here ..

an it is ettercap NG-0.7.3 ..

cheers

Re: [ announce ] hackattack!
 

apt-get install aircrack-ng.

There's no "aircrack1.1" package in the repo. "aircrack-ng" in the repos however is on version 1.1.

You (vi_) already prob'ly know this, and I'm guessing that's a typo, so I'm saying this for the sake of others, mainly.

Re: [ announce ] hackattack!
 

Good advice, but if people can't figure that out, they really should not be playing with a terminal, especially in root :rolleyes:

Sorry, I had to say it! :cool:

Re: [ announce ] hackattack!
 

Can some give a "how and why" this is different/better than aircrack/f-aircrack for accessing WEP?
I have set this all up and made it as easy as I can, and I will add some desktop icons and list up an install script for all too later :D

Re: [ announce ] hackattack!
 

Normally I'd agree, but because in my ownership of the N900 I went from barely computer savvy Linux newb to a semi-capable N900 user, and it's not really the same thing - it's one thing to say that if you don't know how to change your own password or use the shell you shouldn't use hacking tools - since that kind of stuff is readily available. But in the case of the repository, you have to know in advance that the N900's aircrack-ng package is named in accordance to the standard naming conventions for the package (if there even is such a thing, of which I'm not sure).

And while for something like the shell you can just google "Linux command line tutorial" or something and get a lot of very informative results immediately, the N900's extras repository package listings are less intuitive to search for. It took me months before Nicolai (I have this feeling I'm spelling his name wrong) kindly pointed me to the maemo.org/packages/, where you can actually search packages by name and the like, to see what packages are available and more importantly, to get the name by which they would be labeled in the repository.

No need to conflagrate trivial knowledge about the workings of a specific site's interface with ones ability to use the shell and be generally tech savvy.

Re: [ announce ] hackattack!
 

Wifite is a real we(a)pon!

http://www.youtube.com/watch?v=D3-Pobgi8JM

That thing cracked my WEP key in less than 3 minutes, and far more efficiently than I would do... :S

Re: [ announce ] hackattack!
 

hi
i made a bobo
i delete from /home/user wifite.py and wifite.py.1 and now the mitm is not working what do i have to install?
best regards

Re: [ announce ] hackattack!
 

You guys are evil
buy your own bloody bandwidth and stop stealing your neighbors
just cause he is using an ancient router or is clueless enough to use wep that isnt an excuse to steal bandwidth
p.s it is even more evil to use it to dl warez and get him busted

Re: [ announce ] hackattack!
 

theres always a kill joy in the house ... im sure people aint using these tools for bad things are they ?>?

well the progrmas wouldnt get made if that was the case chill out or jump on the train an join us lol ,..

Re: [ announce ] hackattack!
 

Have you read the name of the network I maliciously attack in my two videos?

http://www.youtube.com/watch?v=WEVZ463xilU

http://www.youtube.com/watch?v=D3-Pobgi8JM

Eh eh, I'm doing bad things once I steal their password.. Oh, wait... LOOK! Their network's name is torpedo48! Like mine!! Could this mean that... Well.. It's my OWN bloody wifi network and I can attack and crack it everytime I feel like it.

So... Why am I sharing the knoledge, if I want to be evil? Maybe we do this for testing purpose and security reasons, did you think about that? If people know, people protects themselves.

Since I started using Aircrack on the N900, I've improved my personal network security a lot, and helped improving my father's company's wifi network too. And I publish my video on Youtube and Facebook, so that all my friends (and many other people) stop using WEP keys and unsecure connections.

There will always be real evil people stealing information from unsecured wifi networks, but I think that sharing the knowledge reduces the risk, not the contrary.

Re: [ announce ] hackattack!
 

ifile is down. Can you upload somewhere else the tar file from post 2?