Notices


Reply
Thread Tools
Posts: 1,680 | Thanked: 3,685 times | Joined on Jan 2011
#1
update: new version, everything fixed now

You have probably seen the YAMAS MITM ARP spoof script that was recently announced. While an interesting idea, it was not written with the N900 in mind. Thus, it had numerous points that needed addressed before it could be considered ready for N900.


Greetz!

Thanks to comax for writing the thing.

Unhuman for hosting, alerting us to it.

Torpedo48 for testing, development.

Here I present a more N900 friendly version. This is better than the original because:

it has far fewer dependencies
is more compatible with a stock N900
it shutsdown ethercap nicely without barfing on the routers ARP table.



REQUIREMENTS:

iptables
nmap
iproute
python-twisted-web
python-openssl
python-scapy
libpcap0.8
libpcre3
sslstrip*see below
ettercap*see below

*Installation guide for ettercap, sslstrip and many other tools can be found at: http://pcsci3nce.info/?p=9

Refer to unhumans original post and blog for more details.

Script here:

link


Installer!

navigate to the directory you want to put the script in then run:

Code:
wget http://pastebin.com/raw.php?i=mBc1tKuL -O ./yamas_n900.sh && chmod +x ./yamas_n900.sh
__________________
N900: One of God's own prototypes. A high-powered mutant of some kind never even considered for mass production. Too weird to live, and too rare to die.

Last edited by vi_; 2011-06-25 at 14:32.
 

The Following 37 Users Say Thank You to vi_ For This Useful Post:
Posts: 1,680 | Thanked: 3,685 times | Joined on Jan 2011
#2
Update: If you are bothered about wifite using /tmp/ on rootfs to store temporary data, run this command AFTER you have installed everything:

Code:
sudo sed -i "s/(prefix='wifite')/(prefix='wifite',dir='\/opt\/tmp')/g" /opt/wifi_mon/wifite.py; sudo if [ ! -d "/opt/tmp" ]; then mkdir /opt/tmp; fi
Update: Internet super hero Torpedo48 has created the installation/use guide this post was supposed to be. It don't get much easier than this folks!

Further to the MITM script above I present another shameless hijacking of somone else's work:

They called it wifite.py...



I call it wepon!

This is a mildly altered copy of wifite.py with some accompanying scripts to hold the whole lot together.

Why should I care?

You should care because this is a FULLY automated WEP cracking solution. No more spazzing about with any arsecrack. Simply type into the terminal (as root) wepon, then after some minutes some WEP keys will appear on the screen for all the WEP networks around you.

While it is possible to attack WPA networks with wifite I have disabled it for obvious reasons. If you are the kind of person who carries several GB of rainbow tables around on his phone then by all means re-enable it. It was disabled to speed up attack time.


Dependencies?
also install:

iw
macchanger
aircrack 1.1


Operation
The first script runs the original 'load.sh' as written by lxp. It then puts your wifi into injection mode, then runs wifite.py

wifite.py is a work of artistic scripting beauty, more details can be found here.


Installation
copy this script to '/usr/bin/wepon' and chmod +x it

Code:
#!/bin/sh
#wifite starter
/opt/wifi_mon/load.sh
sleep 2
ifconfig wlan0 down
sleep 1 
iwconfig wlan0 mode monitor
sleep 1
ifconfig wlan0 up
sleep 1
python /opt/wifi_mon/wifite.py --power 12 --pps 500 --anon

copy this script to '/usr/bin/wepoff' and chmod +x it

Code:
#!/bin/sh
/opt/wifi_mon/unload.sh

copy this archive to '/opt/wifi_mon/' and decompress it:

alternative here.

decompress with:

Code:
tar xzvf wifi.tgz

Final note

When you are done testing pens run the 'wepoff' script. This unloads the wifi injection modules, puts wifi back into normal mode and sets the device to european channels (this simply means up to wifi channel 13 is available).

Massive thanks to lxp for creating these injection drivers. If you have not donated him at least a measly $1 for his hard work to write them you are a total gonad.

Only for learning purposes, legal blah blah blah blah
__________________
N900: One of God's own prototypes. A high-powered mutant of some kind never even considered for mass production. Too weird to live, and too rare to die.

Last edited by vi_; 2011-06-23 at 21:13.
 

The Following 29 Users Say Thank You to vi_ For This Useful Post:
Posts: 1,163 | Thanked: 1,873 times | Joined on Feb 2011 @ The Netherlands
#3
Nice was about to write also a tutorial for karam for his thread about wifite;py but you did it already. I have just the original script running and I have no problems at all. But your modified script made me wonder how does it turn monitor mode on?
Why don't you use the mon0 interface spawned by airmon? Since Mentalist Traceur updated iw it doesn't conflict with aircrack anymore and thus airmon works. IMO must easier as you can still browse the web with wlan0
 
Posts: 219 | Thanked: 80 times | Joined on Mar 2011
#4
the i like most about these apps is the legal blah blah blah
cause i bet event those who wrote the app used it for evil
 

The Following User Says Thank You to LTman For This Useful Post:
Posts: 1,680 | Thanked: 3,685 times | Joined on Jan 2011
#5
Originally Posted by mr_pingu View Post
Nice was about to write also a tutorial for karam for his thread about wifite;py but you did it already. I have just the original script running and I have no problems at all. But your modified script made me wonder how does it turn monitor mode on?
Why don't you use the mon0 interface spawned by airmon? Since Mentalist Traceur updated iw it doesn't conflict with aircrack anymore and thus airmon works. IMO must easier as you can still browse the web with wlan0
I scripted all of this a while back, my copy of iw is just stolen strait outta the debian lenny armel deb! I found wifite to be a bit ropey with putting the device into monitor mode so decided to do it outwith. If you wanted mon0 style monitor mode you can easily just comment out the appropriate ifconfig lines in wepon/wepoff.
__________________
N900: One of God's own prototypes. A high-powered mutant of some kind never even considered for mass production. Too weird to live, and too rare to die.

Last edited by vi_; 2011-06-17 at 16:48.
 

The Following User Says Thank You to vi_ For This Useful Post:
Straycat's Avatar
Posts: 218 | Thanked: 59 times | Joined on Feb 2010 @ spain
#6
Some .deb package on the near horizont??

Thanks for the work.
__________________
God Bless The Blues!!
 

The Following User Says Thank You to Straycat For This Useful Post:
Posts: 1,163 | Thanked: 1,873 times | Joined on Feb 2011 @ The Netherlands
#7
Or just change these ifconfig lines to airmon-ng start wlan0 Personal I never had problems using wifite.py when putting into monitor mode, I don't use it a lot though but if you say its a bit ropey this would probably a better solution than letting wifite.py do the job.

edit: Forgot to say I like the way you disabled WPA-Attack as you won't come any further with WPA on a phone, except the handshake capture :P WEP is doing great on the N900

Last edited by mr_pingu; 2011-06-17 at 17:05.
 

The Following 2 Users Say Thank You to mr_pingu For This Useful Post:
Posts: 489 | Thanked: 404 times | Joined on Dec 2009
#8
I'll test it as soon as I can; BTW could you correct the typo I accidentally wrote in the checking of opt/tmp (line 16 - does not EXIST)? Thanks
 

The Following 5 Users Say Thank You to torpedo48 For This Useful Post:
Posts: 489 | Thanked: 404 times | Joined on Dec 2009
#9
Ok, used the script once and it worked pretty bad, something got screwed up since our last version.

1 - Log is saved in root, despite the script telling the user it has been saved in opt/tmp, and vice versa (passwords are saved in opt/tmp, but the script says they are in /root); I'm fixing this in minutes;

2 - Websites are not shown in real time parsing, what happened???

3 - Ettercap is not properly closed, and after the closing of the script victims are not re-arped so the user has to manually enter "q" in ettercap for resetting the network.

EDIT: first point should be fixed now, check this out:
LINK REMOVED TO AVOID CONFUSION

I'm trying it right now...

Last edited by torpedo48; 2011-06-17 at 21:56.
 
Posts: 146 | Thanked: 39 times | Joined on May 2010
#10
hi
sorry i just me or there in not link for wepon and wepoff?
 
Reply

Tags
free internetz, hack the gibson, hack the planet


 
Forum Jump


All times are GMT. The time now is 01:24.