DanMcInerney
commented
10 years ago Fixed, was missing a variable existence test. Surprised nobody else ever mentioned this one.
Closed mifau closed 10 years ago
DanMcInerney
commented
10 years ago Fixed, was missing a variable existence test. Surprised nobody else ever mentioned this one.
mifau
commented
10 years ago After the fix, there is no error message, but nothing is happening either. Like injection is not working at all:(
After few trials and deciding to exit (ctrl+c) I got: [*] Flushed firewall and forwarded traffic to the queue; waiting for data
^Clearing iptables, sending healing packets, and turning off IP forwarding...
(which is obvious) but needed to wait for like 20-30 seconds to be dropped to shell.
And then….my router connection (from any device in the network) is dead. When I run LANs.py again, I’ll get:
[] Checking the DHCP and DNS server addresses...
[] Active interface: wlan1
[] DHCP server: 192.168.0.1
[] DNS server:
Traceback (most recent call last):
File "./LANs.py", line 1119, in
Every computer in the network has destroyed arp table from now:
CBP:~ mifau$ arp -an
? (192.168.0.1) at (incomplete) on en1 ifscope [ethernet]
? (192.168.0.11) at
So…thing got worse unfortunately:( btw. I had to restart my wireless router in order to be able to use it again :) So…nice new feature;)) (DDoS)
DanMcInerney
commented
10 years ago Not sure what the first problem you described was where it wouldn't show anything but the network problem was probably a problem with how it was reading your arp cache. I'm probably not parsing it accurately for when there's multiple entries. I made that a manual yes/no question now and if the router doesn't respond to the ARP packet asking what its MAC address is, well, not much within the scripts power to fix that. Also reinstated a more reliable code injection technique which has proved to be better than the recent change I made.
mifau
commented
10 years ago ./LANs.py -i wlan1 -c '
[+] Searched analytics.supplyframe.com: {term_enc}|contextualmatch=nolimitation|cookietax=0|ectime={ectime}|ecstatus={ecstatus}|manufacturer={manufacturer_enc}|part_number={part_number_enc}|cb=adaff6bb28|h_value=8ed76ae9aa262b6c1388847607|h_crc=4057766122|geo=pl|bp=0.3964400050932|bpf=0.058672434770854|cp=5 [+] Searched analytics.supplyframe.com: {term_enc}|contextualmatch=nolimitation|cookietax=0|ectime={ectime}|ecstatus={ecstatus}|manufacturer={manufacturer_enc}|part_number={part_number_enc}|cb=da070bd22e|h_value=3b42e9783d1725271388847607|h_crc=4057766122|geo=pl|bp=0.24158519025005|bpf=0.00078895482151116|cp=5 [+] Searched analytics.supplyframe.com: {term_enc}|contextualmatch=nolimitation|cookietax=0|ectime={ectime}|ecstatus={ecstatus}|manufacturer={manufacturer_enc}|part_number={part_number_enc}|cb=d25439bb28|h_value=66886edae145a0261388847607|h_crc=4057766122|geo=pl|bp=0.83614066339603|bpf=0.11406096361848|cp=5 [+] Searched analytics.supplyframe.com: {term_enc}|contextualmatch=nolimitation|cookietax=0|ectime={ectime}|ecstatus={ecstatus}|manufacturer={manufacturer_enc}|part_number={part_number_enc}|cb=b83a1301f4|h_value=f7588fbbcebe68b21388847607|h_crc=4057766122|geo=pl|bp=0.020458405252927|bpf=0.3107896090535|cp=5 [+] Searched 1.gravatar.com: 114
I was browsing http://hackaday.com with iPhone (iOS7). Other pages which I was opening….didn't give me any messages.
And now….. when I hit CTRL+C !... No arp tables problems anymore in other computers…but my phone has not got internet access by that wifi anymore. So I assume that it's still not beeing cleaned properly. I've fix that by running and quiting: arpspoof -i wlan1 -t 192.168.0.15 192.168.0.1. (So I'm probably right about that it's something with sending "healing" packets after CTRL+C). I believe it may have something common with dns spoofing (in my case dns != router)...
I'm running LANs.py on Raspberry Pi (with quite hard modified PWNPi3.0 , with rtl8187 and rt5370 cards - wlan1 is rtl8187).
Ettercap didn't work for me (I mean filters which weren't changing incoming remote packages - as I understood It's common issue) so I've decided to check LANs.py. Sniffing is working great and I wanted to check html injection….as there is no other good alternative.
I can provide any information needed to verify what's wrong with my setup.
We can move private (if you don't want to make a mess here)...
mifau
commented
10 years ago Sorry for spamming here, but….
[!] Injected HTML into packet for ….
:) I just have reconfigured my wifi network to have same DNS IP == ROUTER IP.
And with such a settings "arp healing" is working ok also!
So there must be something connected with that (dns ip != router ip).
DanMcInerney
commented
10 years ago Ah beautiful, looking into it.
DanMcInerney
commented
10 years ago I think I got it, it was doing some bad logic when looking for the dnsMAC.
mifau
commented
10 years ago For ROUTER != DNS:
I haven't got any injections:( (No messages, no action at all - but I can't check, at the moment, if victim was poisoned)
After CTRL+C and running it for a second time I got:
[] Checking the DHCP and DNS server addresses... [] Active interface: wlan1 [] DHCP server: 192.168.0.1 [] DNS server: ……………... [] Local domain: None [] Router IP: 192.168.0.1 [] Victim IP: 192.168.0.15 [] Router MAC: ………………….. [] Victim MAC: …………………... [] Enabled IP forwarding [*] Flushed firewall and forwarded traffic to the queue; waiting for data
^Clearing iptables, sending healing packets, and turning off IP forwarding... callback failure ! sys.excepthook is missing lost sys.stderr callback failure ! sys.excepthook is missing lost sys.stderr callback failure ! sys.excepthook is missing lost sys.stderr callback failure ! sys.excepthook is missing lost sys.stderr callback failure ! sys.excepthook is missing lost sys.stderr callback failure ! sys.excepthook is missing lost sys.stderr callback failure ! sys.excepthook is missing lost sys.stderr
The good news is that after exit, every computer/smartphone in the network was working ok.
The thing could be (but I doubt as it was working before) that my dns!=router network is WPA2 network. The opened network is working great (and CTRL+C is also working as it should….so don’t chane there anything!).
And Dan…. you’re incredible with all that quick changes! Tnx! Keep on doing the great job, especially as there is no working alternative!
DanMcInerney
commented
10 years ago I realized that since I recently redid the DNS spoofing to be 100% reliable, I also removed the one part of the code that actually depended on getting the DNS server's MAC address. I just pulled out the DNS MAC code entirely. That being said, I wasn't actually able to replicate the problem once I got on a network where I could adjust the DNS settings. I'm using NetworkManager on Kali.
DanMcInerney
commented
10 years ago I"m trying to figure out what might be causing that callback failure... I'm thinking the only callbacks I'm using that could come that fast are process_pending(), Parser(args).start() (both of which are from nfqueue) and the reactor. Thinking this is probably twisted's reactor callback on Queued.doRead().
What version of nfqueue-bindings and python-twisted do you have?
DanMcInerney
commented
10 years ago Taking the lack of response to imply resolution. Please don't hesitate to update this issue if you're still seeing problems and I will work on it.
Running: ./LANs.py -i wlan1 -c '
And I'm getting:
[] Enabled IP forwarding [] Flushed firewall and forwarded traffic to the queue; waiting for data
callback failure ! Traceback (most recent call last): File "./LANs.py", line 169, in start self.injecthtml(load, ack, pkt, payload, dport, sport) File "./LANs.py", line 217, in injecthtml self.user_agent = "'"+self.get_user_agent(header_lines)+"'" TypeError: cannot concatenate 'str' and 'NoneType' objects
Do you know what could be a reason?