Closed frankea closed 9 years ago
Resolved with:
brew tap brona/iproute2mac
brew install iproute2mac
and then changing the script from /sbin/ip to /usr/local/bin/ip
Awesome, no way was I going to be able to figure that out. Any other steps necessary to get it working in OSX? I can add them as a note in the README.
Looks like there are some more steps needed. After this, I get a new error:
[*] Using interface: en0
Traceback (most recent call last):
File "/Users/admin/Desktop/net-creds.py", line 975, in <module>
main(parse_args())
File "/Users/admin/Desktop/net-creds.py", line 971, in main
sniff(iface=conf.iface, prn=pkt_parser, store=0)
File "/Library/Python/2.7/site-packages/scapy/sendrecv.py", line 586, in sniff
r = prn(p)
File "/Users/admin/Desktop/net-creds.py", line 164, in pkt_parser
src_ip_port = str(pkt[IP].src) + ':' + str(pkt[TCP].sport)
File "/Library/Python/2.7/site-packages/scapy/packet.py", line 789, in __getitem__
raise IndexError("Layer [%s] not found" % lname)
IndexError: Layer [IP] not found
I've been looking for an answer to it, but I can't seem to find one. I'm leaning towards it being an issue with iproute2mac as the author states "Provided functionality is limited and command output is not fully compatible with iproute2." (https://github.com/brona/iproute2mac) But maybe it's a scapy issue?
This is actually an error in scapy, I may've just fixed it by adding a check for the IP layer. Before it was checking for TCP + RAW layers but was calling the IP layer as well so I added a check for TCP + RAW + IP. Pull down the latest and see if that resolved the issue.
On Tue, Mar 3, 2015 at 5:32 PM, epocs notifications@github.com wrote:
Reopened #1 https://github.com/DanMcInerney/net-creds/issues/1.
— Reply to this email directly or view it on GitHub https://github.com/DanMcInerney/net-creds/issues/1#event-245665084.
That seems to have resolved the crash. The script is running and I see data populating, however I don't see any credentials being logged. Tried several websites (HTTP and HTTPS), and checked my e-mail accounts (three IMAPS). I did get a result when connecting via SMB to another server, but the password looks to be hashed.
Also, to clarify my previous posts, in order to use
brew tap brona/iproute2mac
brew install iproute2mac
the end user must first install Homebrew (http://brew.sh). I'm going to go through the process again on my home machine and document the steps needed to get it running. I think I left a few assumptions in there.
It can't sniff HTTPS traffic, you'd have to use SSLStrip or serve a fake cert to read any IMAPS or HTTPS traffic since it's encrypted. SMB uses NETNTLM which is a challenge:response hash protocol rather than cleartext so you would have to crack that hash with hashcat.
That's kinda what I thought. Not an expert on that front. I've outlined the steps needed to get this running on OS X, with having Homebrew (http://brew.sh) install as a prerequisite (each line is a separate command):
sudo easy_install pip
sudo pip install scapy
sudo pip install pcapy
brew install libdnet --with-python
mkdir -p /Users/<username>/Library/Python/2.7/lib/python/site-packages
echo 'import site; site.addsitedir("/usr/local/lib/python2.7/site-packages")' >> /Users/<username>/Library/Python/2.7/lib/python/site-packages/homebrew.pth
sudo pip install pypcap
brew tap brona/iproute2mac
brew install iproute2mac
After all that, replace /sbin/ip
with /usr/local/bin/ip
in the script and you should be good to go.
Thank you very much!
I'm having this issue running net-creds.py on a macbook air with mavericks. I followed epocs instructions and here is the error I'm getting,
Traceback (most recent call last):
File "net-creds.py", line 7, in
Hope someone can help. Thanks
After jumping through the usual hoops to get things running on an OS X machine, the final barrier that I've run into is the lack of /sbin/ip being installed on OS X. I can't seem to find a way to install it, so I'm wondering if there's a workaround. Traceback attached below: