[Announce] Yet another MITM attack script (Yamas-ARM)
 

After a discussion with a member of the backtrack forums - comaX he agreed to create this script for the N900.
http://pcsci3nce.info/comax/yamas-arm.png
Current main features are :
- Real-time output of creds without definition files : any credential, from any website whould show up
- Log parsing for user-friendly output.
- Network mapping for host discovery.
- Can save dumped passwords to file as well as the whole log file.
- Support for multiple targets on the network, as well as adding targets after attack is launched.
- Checks for missing dependencies when run with “-d” option and auto installs them.

It is by far the best available for the N900.

To install - apt-get install yamas

More info - http://pcsci3nce.info/?p=291

Video of the script thanks to torpedo48 - http://www.youtube.com/watch?v=9bSq7tXSGAo

If you don't know what sslstrip or ettercap is, don't bother downloading it.

REQUIREMENTS:


iptables
xterm
busybox-power
nmap
python-twisted-web
python-pyopenssl
libpcap0.8
libpcre3
busybox-power
which the script will automatically get when installed from apt-get

+

sslstrip(read how to install below)
ettercap(read how to install below)

Installation guide for ettercap, sslstrip and many other tools can be found at:
http://pcsci3nce.info/?p=9

To run the script - type "yamas" in terminal.AS ROOT.

If you get any errors (beside font warnings) do yamas -d to check for missing dependencies.

Current maintainers are comaX and Christos Saturn - http://maemo.org/packages/view/yamas/


UPDATED June 18 2011 - Now saves all files to /home/user/MyDocs/Yamas
UPDATED June 21 - now automatically creates Yamas directory.
UPDATED June 25 - added dependency check in the begining.
UPDATED June 26 - bash no longer required.
UPDATED June 29 - Now available from repositories thanks to Saturn

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

Hi
Thank you for this, some tips for this errors.
Best regards

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

EDITED: Disregard my previous note, the script requires an active internet connection to acquire grepcred.txt.

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

i am connected to my wireless network

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

Hmm do you have wget installed?
apt-get install wget

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

hacking tool?

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

i try but ....

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

apt-get -f install

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

Hell Ya Baby!!!
Thank you !!

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

well pretty nice script it might save a lot of time for auto redirct and save logs and avtivating ip forward

and for people wants ro install sslstrip , ettercap ,many other hacking tools for n900 check my thread

http://talk.maemo.org/showthread.php?t=73572


for wget (it is not needed IMO)

but if you want it
then:

apt-get install wget

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

Also note that this script was written for bash not ASH as is installed on the n900 by default.

q6600 have you installed BASH?

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

no i don't

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

im getting this error any ideas why


i have wget installed but still same issue ..

great script thou thanks for all help

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

You could try:

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

Decided to give the script a shot. At least my laptop running Arch Linux on WPA2-PSK protected WLAN staid secure.

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

Errors I get when activating arp poisoning:

line 320: ip: command not found
line 1: ip: command not found

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

mmmm

---------------------------

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

that did work but since restarting the script same problem returns .. plus its not caturing anything no matter what website i log into ..

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

Im not blind. I cant understand why it can't find the ip command. I succesfully installed ettercap packages. If you dont want to help just ignore my posts.

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

IP command is included with busybox binary. Try installing 'enhanced-busybox' package. If you STILL don't have IP command then your system is seriously fcked up.

what happens when you type 'ip' on the command line?


EVERYONE ELSE. Make sure you run this script as root, DOH!

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

I reinstalled enhanced busybox and now it's working.

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

Hi ! I'm the one who wrote the script. It's great to see people reacting so much in such a short time !

Regarding this error, the path to which the log is saved should be /tmp/ and not /temp/

There is a more complete version available on my website http://comax.pagesperso-orange.fr if you want to run it on a laptop.

Yup !

Please report any error either by mail directly to me (you'll find it on my website), or on pcscience.info page. You can of course post it here to get help from members, but I might not check very often...

I hope you like it, cheers !

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

Holy fvck, you are comaX!

Your script rulez.

You rulez.

Thank you for your contribution.

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

my bad i added an e in there the problem is


..

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

sorry for asking silly question... but what exactly this application does..??

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

Comax..you are the boss..respect and thanks :)

I am done installing nmap,ettercap-ng and sslstrip...everything went fine without issues.

I am now running the script and facing the following issues:

Attack is running. You can :
1. Rescan network.
2. Add a target (useless if targeting whole network).
3. Display ASCII correspondence table.
4. Tail-grep hosts through output (make sure there is traffic).
5. Real-time parsing...
6. Quit properly.

Enter the number of the desired option.
mitm_pcsci3nce.sh: line 393: xterm: not found


When i select option 4 i get the "xterm:not found" error.

And also after i scan the network and add a target how do i get the username and passwords

Thanks for the script again

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

resolved after doing "apt-get install xterm"

thanks
Bipin

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

Script is still beta sort of speak. Will take a look at the tail-grep option. However, the main function of the script works flawlessly.

Main post is updated. I will not answer questions as 'what does this do' and etc. .. This script isn't a joke. If you don't know what this is for, you shouldn't even download it.

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

Point 1. This doesn't work by your instructions.
Point 2. Please explain this error here:

Point 3. Does this actually require a working version of 'arpspoof' installed.

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

you guys are "evil" but also increasing the value of the n900... :)
I thought this was going to make a fake AP but someone mentioned arp poisoning, I guess it works on whatever network you are associated then? I wonder how it works though, if it lets you do any target website, is the n900 pretending to be the default gateway?

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

For Point 2: I see that the error is not related to the script . Its a warning related to xterm. Just type xterm in the terminal and you can see the same warning.

Thanks
Bipin

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

is there any solution to the password window does not set the error "can not open '/ temp / yamas.txt': no such file or directory"?

thanks

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

temp must tmp ;)

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

that is fixed in the script?
change where you change temp put tpm?

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

i went thou the script an there is no were it shows that path as

/temp/yamas.txt it is tmp/yamas.txt but why does it say that thou , a problem some were an i couldnt find it ..

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

Script creates the file at /TMP/$filename.txt .The file itself is created by sslstrip. What I can think of is:
1. You don't have sslstrip installed
2. You are NOT running the script as root
3. You don't have a /tmp/ directory pre-created, however I am pretty sure sslstrip can create the directory itself when run as root.

About the font error - it is irrelevant ignore it. It has something to do with xterm and it doesn't affect the way the script works.

EDIT:

This does NOT require arpspoof installed. (actually there isn't a arpspoof package available for maemo at all )

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

thats for help , but i am running as root also i do have sslstrip installed an i do have a tmp folder other things are in there ...

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

Hi everyone ! I received a mail from a member (torpedo48) who noticed an error due to me being exhausted as fcuk : I forgot to change back egrep /root/grepcred.txt to /tmp/... after being done testing it in local...
Thanks to him !

I'm correcting this as I speak, so download it again it a few minutes ;) And some should see some of there problems solved.

The guys getting /temp/ errors though, I don't why at all ! There isn't any /temp/ path ! What's the default temp dir on the device ? Maybe I just have to change that since an awful lot of errors come from there. Can someone edit the script and replace the /tmp/ to /temp/ to check if it's better ?

I do not own a N900, so I can't answer every question you guys have, sorry ! But I bet Unhuman and the other members will do great ;)

Sorry again for the stupid error !

Edit : done ! Keep testing it, and reporting ;)
Don't hesitate to mail, me I check them often so I'll be able to react quickly ;)

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

have downloaded new script an im still getting same error ...

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

Have you tried editing the script to use /temp/ instead of /tmp/ ?
I used /tmp/ because it just makes sense, but it could be in root just as well, so just try editing all the paths to something else !

I don't think that should be a problem, but also check the permissions to make sure the file has read permissions... (that's a long shot...)