maemo.org - Talk - [Announce] Yet another MITM attack script (Yamas-ARM)

maemo.org - Talk (https://talk.maemo.org/index.php)

- Applications (https://talk.maemo.org/forumdisplay.php?f=41)

- - [Announce] Yet another MITM attack script (Yamas-ARM) (https://talk.maemo.org/showthread.php?t=73988)

Re: [Announce] Yet another MITM attack script (Yamas-ARM)

Quote:

Originally Posted by brokensmile (Post 1054784)

hey wen i rouched the top menu bar line i can see only twp applets in my n900 i.e volume option and battery percentage option... i cant see the all applets like fm transmetter,shortuts,internet,clock,bluetooth etc... how to get it back

i recently posted that why we should not help him.My apologies to all the people.disgusting post in all the threads.moderator please throw him out of TMO.

Re: [Announce] Yet another MITM attack script (Yamas-ARM)

Hi guys!
Everytime I open X-Term and is loading, I see a Yamas screen executing before the prompt loads (then it disappears).
I even uninstalled and purged YAMAS without results.

I uploaded a screencast to youtube so you can see it.

Please help me!

http://youtu.be/VdIG-Pkwj94

Re: [Announce] Yet another MITM attack script (Yamas-ARM)

Quote:

Originally Posted by Unhuman (Post 1028850)

After a discussion with a member of the backtrack forums - comaX he agreed to create this script for the N900.
http://pcsci3nce.info/comax/yamas-arm.png
Current main features are :
- Real-time output of creds without definition files : any credential, from any website whould show up
- Log parsing for user-friendly output.
- Network mapping for host discovery.
- Can save dumped passwords to file as well as the whole log file.
- Support for multiple targets on the network, as well as adding targets after attack is launched.
- Checks for missing dependencies when run with “-d” option and auto installs them.

It is by far the best available for the N900.

To install - apt-get install yamas

More info - http://pcsci3nce.info/?p=291

Video of the script thanks to torpedo48 - http://www.youtube.com/watch?v=9bSq7tXSGAo

If you don't know what sslstrip or ettercap is, don't bother downloading it.

REQUIREMENTS:

iptables
xterm
busybox-power
nmap
python-twisted-web
python-pyopenssl
libpcap0.8
libpcre3
busybox-power
which the script will automatically get when installed from apt-get

+

sslstrip(read how to install below)
ettercap(read how to install below)

Installation guide for ettercap, sslstrip and many other tools can be found at:
http://pcsci3nce.info/?p=9

To run the script - type "yamas" in terminal.AS ROOT.

If you get any errors (beside font warnings) do yamas -d to check for missing dependencies.

Current maintainers are comaX and Christos Saturn - http://maemo.org/packages/view/yamas/

UPDATED June 18 2011 - Now saves all files to /home/user/MyDocs/Yamas
UPDATED June 21 - now automatically creates Yamas directory.
UPDATED June 25 - added dependency check in the begining.
UPDATED June 26 - bash no longer required.
UPDATED June 29 - Now available from repositories thanks to Saturn

Hi,

I have just packaged properly sslstrip, it can be found in extra-devel ...

Installation is trivial, as root, type :

Code:

-bash-2.05b# apt-get install sslstrip && sslstrip --help

Reading package lists... Done

Building dependency tree       

Reading state information... Done

The following NEW packages will be installed:

  sslstrip

0 upgraded, 1 newly installed, 0 to remove and 12 not upgraded.

Need to get 0B/24,6kB of archives.

After this operation, 188kB of additional disk space will be used.

Selecting previously deselected package sslstrip.

(Reading database ... 38855 files and directories currently installed.)

Unpacking sslstrip (from .../sslstrip_0.9-0maemo1_all.deb) ...

Setting up sslstrip (0.9-0maemo1) ...



sslstrip 0.9 by Moxie Marlinspike

Usage: sslstrip <options>



Options:

-w <filename>, --write=<filename> Specify file to log to (optional).

-p , --post                       Log only SSL POSTs. (default)

-s , --ssl                        Log all SSL traffic to and from server.

-a , --all                        Log all SSL and HTTP traffic to and from server.

-l <port>, --listen=<port>        Port to listen on (default 10000).

-f , --favicon                    Substitute a lock favicon on secure requests.

-k , --killsessions               Kill sessions in progress.

-h                                Print this help message.



-bash-2.05b#

Hope it help.

A++

Re: [Announce] Yet another MITM attack script (Yamas-ARM)

Nice ! I'll ask Saturn to add it to the dependencies, so it is installed at the same time as the other ones.

Thanks !

Re: [Announce] Yet another MITM attack script (Yamas-ARM)

Quote:

Originally Posted by comaX (Post 1062960)

Nice ! I'll ask Saturn to add it to the dependencies, so it is installed at the same time as the other ones.

Thanks !

No problem, it just have to wait for next week when I'm back to my PC.

hope someone picks up ettercap too.

Re: [Announce] Yet another MITM attack script (Yamas-ARM)

Quote:

Originally Posted by Saturn (Post 1063008)

No problem, it just have to wait for next week when I'm back to my PC.

hope someone picks up ettercap too.

You asked ?

Ok, I give it a try to ettercap also.

Look like I'm able to do the thing properly ...

Installation is trivial, as root, type :

Code:

-bash-2.05b# apt-get install ettercap && ettercap --help

Reading package lists... Done

Building dependency tree       

Reading state information... Done

The following extra packages will be installed:

  ettercap-common

The following NEW packages will be installed:

  ettercap ettercap-common

0 upgraded, 2 newly installed, 0 to remove and 12 not upgraded.

Need to get 0B/497kB of archives.

After this operation, 1544kB of additional disk space will be used.

Do you want to continue [Y/n]? y

WARNING: The following packages cannot be authenticated!

  ettercap-common ettercap

Install these packages without verification [y/N]? y

Selecting previously deselected package ettercap-common.

(Reading database ... 38749 files and directories currently installed.)

Unpacking ettercap-common (from .../ettercap-common_1%3a0.7.3-2maemo1_armel.deb) ...

Selecting previously deselected package ettercap.

Unpacking ettercap (from .../ettercap_1%3a0.7.3-2maemo1_armel.deb) ...

Setting up ettercap-common (1:0.7.3-2maemo1) ...

Setting up ettercap (1:0.7.3-2maemo1) ...



ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA





Usage: ettercap [OPTIONS] [TARGET1] [TARGET2]



TARGET is in the format MAC/IPs/PORTs (see the man for further detail)



Sniffing and Attack options:

  -M, --mitm <METHOD:ARGS>    perform a mitm attack

  -o, --only-mitm             don't sniff, only perform the mitm attack

  -B, --bridge <IFACE>        use bridged sniff (needs 2 ifaces)

  -p, --nopromisc             do not put the iface in promisc mode

  -u, --unoffensive           do not forward packets

  -r, --read <file>           read data from pcapfile <file>

  -f, --pcapfilter <string>   set the pcap filter <string>

  -R, --reversed              use reversed TARGET matching

  -t, --proto <proto>         sniff only this proto (default is all)



User Interface Type:

  -T, --text                  use text only GUI

       -q, --quiet                 do not display packet contents

       -s, --script <CMD>          issue these commands to the GUI

  -C, --curses                use curses GUI

  -G, --gtk                   use GTK+ GUI

  -D, --daemon                daemonize ettercap (no GUI)



Logging options:

  -w, --write <file>          write sniffed data to pcapfile <file>

  -L, --log <logfile>         log all the traffic to this <logfile>

  -l, --log-info <logfile>    log only passive infos to this <logfile>

  -m, --log-msg <logfile>     log all the messages to this <logfile>

  -c, --compress              use gzip compression on log files



Visualization options:

  -d, --dns                   resolves ip addresses into hostnames

  -V, --visual <format>       set the visualization format

  -e, --regex <regex>         visualize only packets matching this regex

  -E, --ext-headers           print extended header for every pck

  -Q, --superquiet            do not display user and password



General options:

  -i, --iface <iface>         use this network interface

  -I, --iflist                show all the network interfaces

  -n, --netmask <netmask>     force this <netmask> on iface

  -P, --plugin <plugin>       launch this <plugin>

  -F, --filter <file>         load the filter <file> (content filter)

  -z, --silent                do not perform the initial ARP scan

  -j, --load-hosts <file>     load the hosts list from <file>

  -k, --save-hosts <file>     save the hosts list to <file>

  -W, --wep-key <wkey>        use this wep key to decrypt wifi packets

  -a, --config <config>       use the alterative config file <config>



Standard options:

  -U, --update                updates the databases from ettercap website

  -v, --version               prints the version and exit

  -h, --help                  this help screen





-bash-2.05b#

Hope it help.

A++

Re: [Announce] Yet another MITM attack script (Yamas-ARM)

hii,

i have installed Yamas via ''faster app manager'' but i dont have Yamas directory(folder) in MyDocs,,,so i cant access saved results,,and i also dont get any info about any visited sites e.g facebook,yet i installed everything succesfully,,,any ideas thx

Re: [Announce] Yet another MITM attack script (Yamas-ARM)

the route is /home/user/yamas/ not in MyDocs

Quote:

Originally Posted by n900shamie (Post 1063071)

Re: [Announce] Yet another MITM attack script (Yamas-ARM)

Quote:

Originally Posted by n900shamie (Post 1063071)

hii,

i also dont get any info about any visited sites e.g facebook,yet i installed everything succesfully,,,any ideas thx

If you get any errors (beside font warnings) do yamas -d to check for missing dependencies. (taken from the first post)

EDIT: also read the first post

Re: [Announce] Yet another MITM attack script (Yamas-ARM)

after fixing all the dependencies of ettercap then reinstalling sslstrip now the YAMAS working nicely. Thanks everyone working in this project.