[TOOLS] UPDATED 2203 Network tools (Pentest) for N9 (PR1.1 & PR1.2) - Page 2 - maemo.org

SaQ | # 11 | 2012-02-29, 10:37 | Report

How do you use nmap?

# nmap: not found
# nmap -sP 10.0.0.0/24: not found

nieldk | # 12 | 2012-02-29, 12:44 | Report

Originally Posted by SaQ View Post

How do you use nmap?

# nmap: not found
# nmap -sP 10.0.0.0/24: not found

/usr/local/bin/

This is the default folder for most self-compiled shezz

(use: find / -name nmap, or whichever

The Following User Says Thank You to For This Useful Post:
SaQ

nieldk | # 13 | 2012-02-29, 12:50 | Report

Originally Posted by Lovsan View Post

maybe post a little quide for using hydra on n9

figured its located in /usr/local/bin

Code:

dpl4hydra.sh refresh

cannot refresh the list wtihout wget or curl. Aborting

sh hydra

hydra: line 1 Syntax Error: unexpected word (expecting ")")

Not in scope for these tools, as their are plenty of docs around, but here you have a short wrap-up

HOW TO USE
----------
Type "./hydra -h" to see the command line options.

$ hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e ns]
[-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-f] [-s PORT] [-S] [-vV]
server service [OPT]

Options

-R
restore a previous aborted/crashed session
-S
connect via SSL
-s <PORT>
if the service is on a different default port, define it here
-l <LOGIN> or -L <FILE>
login with LOGIN name, or load several logins from FILE
-p <PASS> or -P <FILE>
try password PASS, or load several passwords from FILE
-e <ns>
additional checks, "n" for null password, "s" try login as pass
-C <FILE>
colon seperated "login

***" format, instead of -L/-P options
-M <FILE>
server list for parallel attacks, one entry per line
-o <FILE>
write found login/password pairs to FILE instead of stdout
-f
exit after the first found login/password pair (per host if -M)
-t <TASKS>
run TASKS number of connects in parallel (default: 16)
-w <TIME>
defines the max wait time in seconds for responses (default: 30)
-v / -V
verbose mode / show login+pass combination for each attempt
server
the target server (use either this OR the -M option)
service
the service to crack. Supported protocols: telnet ftp pop3[-ntlm] imap[-ntlm] smb smbnt http[s]-{head|get} http-{get|post}-form http-proxy cisco cisco-enable vnc ldap2 ldap3 mssql mysql oracle-listener postgres nntp socks5 rexec rlogin pcnfs snmp rsh cvs svn icq sapr3 ssh2 smtp-auth[-ntlm] pcanywhere teamspeak sip vmauthd firebird ncp afp
OPT
some service modules need special input

SPECIAL OPTIONS FOR MODULES
---------------------------
Via the third command line parameter (TARGET SERVICE OPTIONAL) or the -m
commandline option, you can pass one option to a module.
Many modules use this, a few require it!

To see the special option of a module, type:
hydra -U <module>
e.g.
./hydra -U http-post-form

The special options can be passed via the -m parameter, as 3rd command line
option or in the service://target/option format.

Examples (they are all equal):
./hydra -l test -p test -m PLAIN 127.0.0.1 imap
./hydra -l test -p test 127.0.0.1 imap PLAIN
./hydra -l test -p test imap://127.0.0.1/PLAIN

The Following User Says Thank You to For This Useful Post:
Lovsan

nieldk | # 14 | 2012-02-29, 12:56 | Report

Originally Posted by -Tyler- View Post

great work!!

if you can compile the new Ettercap v 0.7.4.1 for the N9 you will be my hero!!

http://ettercap.sourceforge.net/

Compiled and added to the first post. Did some testing, but not complete, so no promises that everything is good with ettercap!

The Following 2 Users Say Thank You to For This Useful Post:
-Tyler-, jberezhnoy

jberezhnoy | # 15 | 2012-02-29, 14:30 | Report

Originally Posted by nieldk View Post

Compiled and added to the first post. Did some testing, but not complete, so no promises that everything is good with ettercap!

Hi nieldk, thanks for your work. I've downloaded the packages and gonna test them.
If it is not too difficult for you - could you please also compile stable release of nmap? I talk about ver 5.50 because v.5.61-1 is buggy and many features do not work!

Also is it possible to compile wireshark? It is available for n900

nieldk | # 16 | 2012-02-29, 14:37 | Report

Originally Posted by jberezhnoy View Post

Hi nieldk, thanks for your work. I've downloaded the packages and gonna test them.
If it is not too difficult for you - could you please also compile stable release of nmap? I talk about ver 5.50 because v.5.61-1 is buggy and many features do not work!

Also is it possible to compile wireshark? It is available for n900

nmap is no problem, wireshark, possibly I can do.
I would like to finish ettercap more complete, eg at the moment it is command line only (-T switch), but I hope I can get some GUI going.
First step, is though, to make sure it is fully functional from command line interface.

Will do nmap-stable later and add this to the first post once its done.

The Following 2 Users Say Thank You to For This Useful Post:
jberezhnoy, Vaterix

Lovsan | # 17 | 2012-02-29, 16:43 | Report

thanks for the quide, seems to be working

time to start learning this stuff, no really knowledge with linux so there is much work to be done.

also would it be possible to get yamas for n9 ?

edit.

Nmap seems to be working too.

thanks alot dk!

Last edited by Lovsan; 2012-02-29 at 17:03.

-Tyler- | # 18 | 2012-02-29, 18:48 | Report

Originally Posted by nieldk View Post

Compiled and added to the first post. Did some testing, but not complete, so no promises that everything is good with ettercap!

thanks for ettercap much appreciated.

I have one good notice and a bad one:

first the good: Our beloved N9 network card support promiscous mode

i have sniffing with the version of ettercap nieldk compiled and works pretty stable and fast, at least works much better ettercap do on N900.

the "only" problem is plugins dont work i have tried autoadd plugin and it doesn't activate. this is major problem because without the autoadd plugin you can't be sure you are poison all the network, all new ip with enter the network will escape from the MITM attack.

- I installed succesfully sslstrip on the N9... but here the BAD NEWS when i try to set the iptables to work ettercap with sslstrip i get the following error:

/sbin # ./iptables - t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000

iptables v1.4.8: can't initialize iptables table 'nat' : Table does not exist ( dou you need to insmod?)

Perhaps iptables or your kernel needs to be upgraded.

very crucial problem if we can't make work iptables sslstrip don't work and without sslstrip, ettercap and dsniff serve for little.

The Following User Says Thank You to -Tyler- For This Useful Post:

nieldk | # 19 | 2012-02-29, 19:29 | Report

Originally Posted by -Tyler- View Post

thanks for ettercap much appreciated.

I have one good notice and a bad one:

first the good: Our beloved N9 network card support promiscous mode

i have sniffing with the version of ettercap nieldk compiled and works pretty stable and fast, at least works much better ettercap do on N900.

the "only" problem is plugins dont work i have tried autoadd plugin and it doesn't activate. this is major problem because without the autoadd plugin you can't be sure you are poison all the network, all new ip with enter the network will escape from the MITM attack.

- I installed succesfully sslstrip on the N9... but here the BAD NEWS when i try to set the iptables to work ettercap with sslstrip i get the following error:

/sbin # ./iptables - t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000

iptables v1.4.8: can't initialize iptables table 'nat' : Table does not exist ( dou you need to insmod?)

Perhaps iptables or your kernel needs to be upgraded.

very crucial problem if we can't make work iptables sslstrip don't work and without sslstrip, ettercap and dsniff serve for little.

Thanks! A LOT for testing.

Auto add plugins (and plugins) and regexp in filters I need to compile libtool, libpcre
To support SSH and SSL decryption openssl should do it.

NAT, and sslstrip, you seem correct, I dont think this is compiled into kernel, and I still did not recieve kernel sources per request (would like to patch to open mode for adding packet injection also). So, this is possibly a no-go ATM.
I did try echo "1" > /proc/sys/net/ipv4/ip_forward which seem without any effect.

The Following User Says Thank You to For This Useful Post:
-Tyler-

-Tyler- | # 20 | 2012-02-29, 20:08 | Report

Originally Posted by nieldk View Post

Thanks! A LOT for testing.

Auto add plugins (and plugins) and regexp in filters I need to compile libtool, libpcre
To support SSH and SSL decryption openssl should do it.

NAT, and sslstrip, you seem correct, I dont think this is compiled into kernel, and I still did not recieve kernel sources per request (would like to patch to open mode for adding packet injection also). So, this is possibly a no-go ATM.
I did try echo "1" > /proc/sys/net/ipv4/ip_forward which seem without any effect.

- if you can get plugins to work in ettercap will be great, now that we know it works in N9 it will be awesome have the new ettercap tottally armed

in our N9s

- without nat and packet injection we are ****ed, we have sniffers and airckrack castrated, we will have to wait for open kernel for PR 1.2, someone knows who was the guy who compiled it?? maybe we can contact him.

- I was thinking to install the iptables of N900 into the N9 and see what happens, do you think is a good idea? or is a kernel problem and it will be for nothing?

- ipforward gives not problem to me :

after:

echo "1" > /proc/sys/net/ipv4/ip_forward

cat /proc/sys/net/ipv4/ip_forward

1

anyway you don't need kernel ipforwarding with ettercap, ettercap itself fordwards the packets, in fact after launching ettercap the value of "ip_forward" returns to 0, that is maybe you think "echo "1" > /proc/sys/net/ipv4/ip_forward" command not work, because you check the value of ip_forward after launching ettercap.

The Following User Says Thank You to -Tyler- For This Useful Post: