Notices


Reply
Thread Tools
Posts: 529 | Thanked: 194 times | Joined on Aug 2010 @ UK
#191
Originally Posted by comaX View Post
Hmm, yes and no ! I created this script precisely because I wasn't satisfied by easy-creds ! The parsing method is very different for one thing, and it doesn't do all the stuff that easy-creds offers, and that I find not useless but... Not fitting for my script. By the way, if you use BT5, you should check out the BT5 version of this script :
http://comax.pagesperso-orange.fr/info/#yamas
The current version is 0.9.1.
ye i already use that in its ace many thanks , what about a fakeAP with login screen or something simular that maybe easyist way to get WPA2 key on ya phone ...

As for easy-creds its not to bad offers some good features a little buggy for me thou to be fair
__________________
METASPLOIT INSTALL N900
Keep the forums clean
Dont forget to say thanks
 
AgogData's Avatar
Posts: 870 | Thanked: 133 times | Joined on Aug 2010
#192
Originally Posted by torpedo48 View Post
Try this:

apt-get install iproute xterm

It will install those two commands you were missing, xterm and ip.
This actually worked by opening ettercap and password windows and start poisoning, but after finishing and choosing Y for "do you wanna save the passwords" it says
sh:missing ]]
/usr/bin/mitm.sh: line 484: y: not found
password saving skipped

also i get this after pressing enter for targeting the whole network

Code:
ateway : 192.168.0.1      Interface : wlan0

Enter IP gateway adress or press enter to use 192.168.0.1.

sslstrip 0.9 by Moxie Marlinspike running...

192.168.0.1 selected as default.


Using wlan0 as interface

We will target the whole network as default. You can discover hosts and enter IP(s) manually by entering D.
Press enter to default.


sh: missing ]]
/usr/bin/mitm_pcsci3nce.sh: line 458: : Permission denied
Warning: Cannot convert string "nil2" to type FontStruct
 Targeting the whole network on 192.168.0.1 on wlan0 with Ettercap
[-] Arp cache poisoning is launched.  Keep new window(s) running. 

 Attack should be running smooth, enjoy.


Warning: Cannot convert string "nil2" to type FontStruct

Attack is running. You can :
   1. Rescan network.
   2. Add a target (useless if targeting whole network).
   3. Display ASCII correspondence table.
   4. Tail-grep hosts through output (make sure there is traffic).
   5. Real-time parsing...
   6. Quit properly.

   Enter the number of the desired option.
i'm using ad-hoc wireless connection hence the 192.168.0.1 IP
 
ToJa92's Avatar
Posts: 1,091 | Thanked: 323 times | Joined on Feb 2010 @ ~
#193
Originally Posted by AgogData View Post
This actually worked by opening ettercap and password windows and start poisoning, but after finishing and choosing Y for "do you wanna save the passwords" it says
sh:missing ]]
/usr/bin/mitm.sh: line 484: y: not found
password saving skipped

also i get this after pressing enter for targeting the whole network

Code:
ateway : 192.168.0.1      Interface : wlan0

Enter IP gateway adress or press enter to use 192.168.0.1.

sslstrip 0.9 by Moxie Marlinspike running...

192.168.0.1 selected as default.


Using wlan0 as interface

We will target the whole network as default. You can discover hosts and enter IP(s) manually by entering D.
Press enter to default.


sh: missing ]]
/usr/bin/mitm_pcsci3nce.sh: line 458: : Permission denied
Warning: Cannot convert string "nil2" to type FontStruct
 Targeting the whole network on 192.168.0.1 on wlan0 with Ettercap
[-] Arp cache poisoning is launched.  Keep new window(s) running. 

 Attack should be running smooth, enjoy.


Warning: Cannot convert string "nil2" to type FontStruct

Attack is running. You can :
   1. Rescan network.
   2. Add a target (useless if targeting whole network).
   3. Display ASCII correspondence table.
   4. Tail-grep hosts through output (make sure there is traffic).
   5. Real-time parsing...
   6. Quit properly.

   Enter the number of the desired option.
i'm using ad-hoc wireless connection hence the 192.168.0.1 IP
I think you need to write a big Y to save the passwords. Also, it looks like you might not run the script as root(hence the "/usr/bin/mitm_pcsci3nce.sh: line 458: : Permission denied").
 
Posts: 83 | Thanked: 142 times | Joined on Jun 2011 @ Paris, France
#194
It seems either like scripting errors, so I'll have a look at that, but also of permission error ! Make sure to be root before launching the script, not launching the script as root :
su
script

and not
sudo script

__________________
http://comax.fr/
"I like to dissect girls. Did you know I am utterly insane ?"
 
Posts: 83 | Thanked: 142 times | Joined on Jun 2011 @ Paris, France
#195
Originally Posted by ToJa92 View Post
I'm using Firefox 5, maybe I should try internet explorer and see if I'm still protected..
Yup, and keep us posted

(sorry for double post, little tab mistake...)
__________________
http://comax.fr/
"I like to dissect girls. Did you know I am utterly insane ?"
 
Posts: 83 | Thanked: 142 times | Joined on Jun 2011 @ Paris, France
#196
Originally Posted by Saturn View Post
Hi comaX and Unhuman,

One more edit for you to consider.

- The dependencies are checked by dpkg (in my opinion agnostic and more resilient to custom installations).
- the dependency check is done not every time but on request using the -d option. That is,
Code:
./mitm_pcsci3nce.sh -d
- made the two "wget" to happen only when needed.
- the home folder is a variable - easier to change
- one small correction: if the root privileges check failed you were stuck with red font - the echo command color was not terminated.

I think that's all. Thanks again.
Ok ! I reviewed your version :
- Using dpkg and grep is indeed slower than -e, but it's smarter, and (see next)
- -d option is good ! Since it won't be done everytime, it can be slower
- Home folder to var : I must have missed something since I don't know why you would do that... I left it there though
- No more red color : check.

I modified the way the -d option is used though : deleted exit 0 after calling dep() but introduced it after failing the check. When the test is a success, the script will just continue.

Now, I have another idea for that check : it could be run automatically everytime, unless a certain file exists. That file would be created when the check is successful. It'd be something like this :
if [[ ! -e $pathLog/.ok ]]; then
dep
fi
That way, even if the user didn't use the -d option, the test would be done if it never successed in a first place. We would leave the -d option in case after some changes the script fails again. -d would be a force-check option !
A failed test would delete .ok of course.

What do you think about that ? Waiting on your feedback

Also, I saw you wrote comment, so I suggest that in order to find them easily we write our nicks after them like this : -comaX. When we have read the comment, we delete it. We only do that for comments that do not explain what is going on.
That should help us keep up with what's changes, and why !

Thank you very much for your work on that, cheers !

(damn, sorry for triple posting... If some mod can merge the posts, please do !)
__________________
http://comax.fr/
"I like to dissect girls. Did you know I am utterly insane ?"

Last edited by comaX; 2011-06-28 at 17:56.
 

The Following 2 Users Say Thank You to comaX For This Useful Post:
Saturn's Avatar
Posts: 1,648 | Thanked: 2,122 times | Joined on Mar 2007 @ UNKLE's Never Never Land
#197
Agree with all you comments and find your idea nice, something like first run check.

On another subject: if you find it useful, i could package it and even upload it to the repos.

Cheers.
 
AgogData's Avatar
Posts: 870 | Thanked: 133 times | Joined on Aug 2010
#198
Originally Posted by ToJa92 View Post
I think you need to write a big Y to save the passwords. Also, it looks like you might not run the script as root(hence the "/usr/bin/mitm_pcsci3nce.sh: line 458: : Permission denied").
about the Y, i tried it both y and Y..also n and N
and i'm always root before running mitm
 
Posts: 83 | Thanked: 142 times | Joined on Jun 2011 @ Paris, France
#199
Originally Posted by Saturn View Post
Agree with all you comments and find your idea nice, something like first run check.

On another subject: if you find it useful, i could package it and even upload it to the repos.

Cheers.
If you feel it's ready for it, please be my guest ! Maybe we should just implement osso-xterm before that. Even though as I stated before, I don't think installing xterm requires too much too do, nor too much capacity consumed so I'm fine with it. I'dont have an N900 though !

###

Originally Posted by AgogData View Post
about the Y, i tried it both y and Y..also n and N
and i'm always root before running mitm
Well then... That's weird ! Both Y and y should work. What version are you using ? What is your maemo version ?
(I think I saw 4.1 being out, and maybe 5 beta ? So there might be differences between different versions...)
__________________
http://comax.fr/
"I like to dissect girls. Did you know I am utterly insane ?"
 
AgogData's Avatar
Posts: 870 | Thanked: 133 times | Joined on Aug 2010
#200
Originally Posted by comaX View Post
Well then... That's weird ! Both Y and y should work. What version are you using ? What is your maemo version ?
(I think I saw 4.1 being out, and maybe 5 beta ? So there might be differences between different versions...)
i'm using maemo pr1.3 and i don't know which mitm version i have but the the guy who made the video has the first release without this problem
 
Reply

Tags
pentesting, tester of pens


 
Forum Jump


All times are GMT. The time now is 13:46.