Active Topics
-
The N900 is now 15 years old! (7)
to Nokia N900 by Danct12 - 1 day ago -
Sailfish OS for the Motorola Moto G7 Power (XT1955-5) - (ocean) (4)
to SailfishOS by Maemish - 1 day, 20 hrs ago -
F(x)tec Pro1x (QWERTY) for sale (0)
to Buy & Sell by aln00000 - 4 days, 5 hrs ago - more...
| The Following 37 Users Say Thank You to vi_ For This Useful Post: | ||
anapospastos, bipinbn, cruster, Drexxx, Estel, fabfour, gaiosgf, gionni88, hardkorek, imo, ivyking, JamesBond@ge, jberezhnoy, jedi, juiceme, K9999, karam, kingoddball, Mentalist Traceur, mony123, mosiomm, mr_pingu, nkirk, psychologe, pursueky, S0urcerr0r, shawwawa, StefanL, stevomanu, stlpaul, te37v, torpedo48, Trestry, vdx29, Verssetti, zdanee | ||
|
2011-06-17
, 16:33
|
|
Posts: 1,680 |
Thanked: 3,685 times |
Joined on Jan 2011
|
#2
|
Update: If you are bothered about wifite using /tmp/ on rootfs to store temporary data, run this command AFTER you have installed everything:
Update: Internet super hero Torpedo48 has created the installation/use guide this post was supposed to be. It don't get much easier than this folks!
Further to the MITM script above I present another shameless hijacking of somone else's work:
They called it wifite.py...
I call it wepon!
This is a mildly altered copy of wifite.py with some accompanying scripts to hold the whole lot together.
Why should I care?
You should care because this is a FULLY automated WEP cracking solution. No more spazzing about with any arsecrack. Simply type into the terminal (as root) wepon, then after some minutes some WEP keys will appear on the screen for all the WEP networks around you.
While it is possible to attack WPA networks with wifite I have disabled it for obvious reasons. If you are the kind of person who carries several GB of rainbow tables around on his phone then by all means re-enable it. It was disabled to speed up attack time.
Dependencies?
also install:
iw
macchanger
aircrack 1.1
Operation
The first script runs the original 'load.sh' as written by lxp. It then puts your wifi into injection mode, then runs wifite.py
wifite.py is a work of artistic scripting beauty, more details can be found here.
Installation
copy this script to '/usr/bin/wepon' and chmod +x it
copy this script to '/usr/bin/wepoff' and chmod +x it
copy this archive to '/opt/wifi_mon/' and decompress it:
alternative here.
decompress with:
Final note
When you are done testing pens run the 'wepoff' script. This unloads the wifi injection modules, puts wifi back into normal mode and sets the device to european channels (this simply means up to wifi channel 13 is available).
Massive thanks to lxp for creating these injection drivers. If you have not donated him at least a measly $1 for his hard work to write them you are a total gonad.
Only for learning purposes, legal blah blah blah blah
Last edited by vi_; 2011-06-23 at 21:13.
Code:
sudo sed -i "s/(prefix='wifite')/(prefix='wifite',dir='\/opt\/tmp')/g" /opt/wifi_mon/wifite.py; sudo if [ ! -d "/opt/tmp" ]; then mkdir /opt/tmp; fi
Further to the MITM script above I present another shameless hijacking of somone else's work:
They called it wifite.py...
I call it wepon!
This is a mildly altered copy of wifite.py with some accompanying scripts to hold the whole lot together.
Why should I care?
You should care because this is a FULLY automated WEP cracking solution. No more spazzing about with any arsecrack. Simply type into the terminal (as root) wepon, then after some minutes some WEP keys will appear on the screen for all the WEP networks around you.
While it is possible to attack WPA networks with wifite I have disabled it for obvious reasons. If you are the kind of person who carries several GB of rainbow tables around on his phone then by all means re-enable it. It was disabled to speed up attack time.
Dependencies?
also install:
iw
macchanger
aircrack 1.1
Operation
The first script runs the original 'load.sh' as written by lxp. It then puts your wifi into injection mode, then runs wifite.py
wifite.py is a work of artistic scripting beauty, more details can be found here.
Installation
copy this script to '/usr/bin/wepon' and chmod +x it
Code:
#!/bin/sh #wifite starter /opt/wifi_mon/load.sh sleep 2 ifconfig wlan0 down sleep 1 iwconfig wlan0 mode monitor sleep 1 ifconfig wlan0 up sleep 1 python /opt/wifi_mon/wifite.py --power 12 --pps 500 --anon
copy this script to '/usr/bin/wepoff' and chmod +x it
Code:
#!/bin/sh /opt/wifi_mon/unload.sh
copy this archive to '/opt/wifi_mon/' and decompress it:
alternative here.
decompress with:
Code:
tar xzvf wifi.tgz
Final note
When you are done testing pens run the 'wepoff' script. This unloads the wifi injection modules, puts wifi back into normal mode and sets the device to european channels (this simply means up to wifi channel 13 is available).
Massive thanks to lxp for creating these injection drivers. If you have not donated him at least a measly $1 for his hard work to write them you are a total gonad.
Only for learning purposes, legal blah blah blah blah
__________________
N900: One of God's own prototypes. A high-powered mutant of some kind never even considered for mass production. Too weird to live, and too rare to die.
Last edited by vi_; 2011-06-23 at 21:13.
| The Following 29 Users Say Thank You to vi_ For This Useful Post: | ||
|
|
2011-06-17
, 16:40
|
|
Posts: 1,163 |
Thanked: 1,873 times |
Joined on Feb 2011
@ The Netherlands
|
#3
|
Nice was about to write also a tutorial for karam for his thread about wifite;py but you did it already. I have just the original script running and I have no problems at all. But your modified script made me wonder how does it turn monitor mode on?
Why don't you use the mon0 interface spawned by airmon? Since Mentalist Traceur updated iw it doesn't conflict with aircrack anymore and thus airmon works. IMO must easier as you can still browse the web with wlan0
Why don't you use the mon0 interface spawned by airmon? Since Mentalist Traceur updated iw it doesn't conflict with aircrack anymore and thus airmon works. IMO must easier as you can still browse the web with wlan0
|
|
2011-06-17
, 16:45
|
|
Posts: 1,680 |
Thanked: 3,685 times |
Joined on Jan 2011
|
#5
|
Originally Posted by mr_pingu
I scripted all of this a while back, my copy of iw is just stolen strait outta the debian lenny armel deb! I found wifite to be a bit ropey with putting the device into monitor mode so decided to do it outwith. If you wanted mon0 style monitor mode you can easily just comment out the appropriate ifconfig lines in wepon/wepoff.
Nice was about to write also a tutorial for karam for his thread about wifite;py but you did it already. I have just the original script running and I have no problems at all. But your modified script made me wonder how does it turn monitor mode on?
Why don't you use the mon0 interface spawned by airmon? Since Mentalist Traceur updated iw it doesn't conflict with aircrack anymore and thus airmon works. IMO must easier as you can still browse the web with wlan0
__________________
N900: One of God's own prototypes. A high-powered mutant of some kind never even considered for mass production. Too weird to live, and too rare to die.
Last edited by vi_; 2011-06-17 at 16:48.
| The Following User Says Thank You to vi_ For This Useful Post: | ||
 |
|
2011-06-17
, 16:53
|
|
Posts: 218 |
Thanked: 59 times |
Joined on Feb 2010
@ spain
|
#6
|
Some .deb package on the near horizont??
Thanks for the work.
Thanks for the work.
__________________
God Bless The Blues!!
God Bless The Blues!!
| The Following User Says Thank You to Straycat For This Useful Post: | ||
|
|
2011-06-17
, 16:57
|
|
Posts: 1,163 |
Thanked: 1,873 times |
Joined on Feb 2011
@ The Netherlands
|
#7
|
Or just change these ifconfig lines to airmon-ng start wlan0 Personal I never had problems using wifite.py when putting into monitor mode, I don't use it a lot though but if you say its a bit ropey this would probably a better solution than letting wifite.py do the job.
edit: Forgot to say I like the way you disabled WPA-Attack as you won't come any further with WPA on a phone, except the handshake capture :P WEP is doing great on the N900
Last edited by mr_pingu; 2011-06-17 at 17:05.
Personal I never had problems using wifite.py when putting into monitor mode, I don't use it a lot though but if you say its a bit ropey this would probably a better solution than letting wifite.py do the job.edit: Forgot to say I like the way you disabled WPA-Attack as you won't come any further with WPA on a phone, except the handshake capture :P WEP is doing great on the N900
Last edited by mr_pingu; 2011-06-17 at 17:05.
|
|
2011-06-17
, 17:00
|
|
Posts: 489 |
Thanked: 404 times |
Joined on Dec 2009
|
#8
|
I'll test it as soon as I can; BTW could you correct the typo I accidentally wrote in the checking of opt/tmp (line 16 - does not EXIST)? Thanks
| The Following 5 Users Say Thank You to torpedo48 For This Useful Post: | ||
|
|
2011-06-17
, 17:18
|
|
Posts: 489 |
Thanked: 404 times |
Joined on Dec 2009
|
#9
|
Ok, used the script once and it worked pretty bad, something got screwed up since our last version.
1 - Log is saved in root, despite the script telling the user it has been saved in opt/tmp, and vice versa (passwords are saved in opt/tmp, but the script says they are in /root); I'm fixing this in minutes;
2 - Websites are not shown in real time parsing, what happened???
3 - Ettercap is not properly closed, and after the closing of the script victims are not re-arped so the user has to manually enter "q" in ettercap for resetting the network.
EDIT: first point should be fixed now, check this out:
LINK REMOVED TO AVOID CONFUSION
I'm trying it right now...
Last edited by torpedo48; 2011-06-17 at 21:56.
1 - Log is saved in root, despite the script telling the user it has been saved in opt/tmp, and vice versa (passwords are saved in opt/tmp, but the script says they are in /root); I'm fixing this in minutes;
2 - Websites are not shown in real time parsing, what happened???
3 - Ettercap is not properly closed, and after the closing of the script victims are not re-arped so the user has to manually enter "q" in ettercap for resetting the network.
EDIT: first point should be fixed now, check this out:
LINK REMOVED TO AVOID CONFUSION
I'm trying it right now...
Last edited by torpedo48; 2011-06-17 at 21:56.
|
|
2011-06-17
, 17:29
|
|
Posts: 146 |
Thanked: 39 times |
Joined on May 2010
|
#10
|
hi
sorry i just me or there in not link for wepon and wepoff?
sorry i just me or there in not link for wepon and wepoff?
 |
| Tags |
| free internetz, hack the gibson, hack the planet |
«
Previous Thread
|
Next Thread
»
|
All times are GMT. The time now is 01:34.
You have probably seen the YAMAS MITM ARP spoof script that was recently announced. While an interesting idea, it was not written with the N900 in mind. Thus, it had numerous points that needed addressed before it could be considered ready for N900.
Greetz!
Thanks to comax for writing the thing.
Unhuman for hosting, alerting us to it.
Torpedo48 for testing, development.
Here I present a more N900 friendly version. This is better than the original because:
it has far fewer dependencies
is more compatible with a stock N900
it shutsdown ethercap nicely without barfing on the routers ARP table.
REQUIREMENTS:
iptables
nmap
iproute
python-twisted-web
python-openssl
python-scapy
libpcap0.8
libpcre3
sslstrip*see below
ettercap*see below
*Installation guide for ettercap, sslstrip and many other tools can be found at: http://pcsci3nce.info/?p=9
Refer to unhumans original post and blog for more details.
Script here:
link
Installer!
navigate to the directory you want to put the script in then run:
Last edited by vi_; 2011-06-25 at 14:32.