search

Indeserpen / subterfuge

Automatically exported from code.google.com/p/subterfuge
GNU General Public License v3.0
0 stars 0 forks source link

Subterfuge: No credentials harvested, Network View displays no clients #128

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Start Subterfuge in shell with command "subterfuge"
2. Start browser (Chrome, Firefox, Iceweasle), go to localhost 127.0.0.1
3. Start Credential Harvester Module or Start Network View

What is the expected output? What do you see instead?

EXPECTED: Any Credentials of any Network Ckient. INSTEAD: No information at all 
displayed.
EXPECTED: Any clients using the WLAN-network. INSTEAD: Nothing at all is 
displayed.

What version of the product are you using? On what operating system?

Newest Version of Subterfuge downloaded two days ago from 
https://code.google.com/p/subterfuge/
Operating System: Kali Linux. newest version from homepage, downloaded 3 days 
ago.

Please provide any additional information below.

I installed Kali Linux as described on project homepage.
I installed Subterfuge as described on project homepage (install Subterfuge on 
Kali)
Everything seems to work fine, no errors displayed.
EXCEPTION:

p.startListening()
  File "/usr/local/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 641, in startListening
    raise CannotListenError, (self.interface, self.port, le)
twisted.internet.error.CannotListenError: Couldn't listen on any:10000: [Errno 
98] Address already in use.
Unable to determine gateway. Please ensure proper network connectivity and try 
again.

The error is repeating in Auto Configure and in Manual Configure.
Dynamic ARP Retention is disabled.

Original issue reported on code.google.com by frifrit...@gmail.com on 1 Nov 2013 at 11:32

GoogleCodeExporter commented 9 years ago 
I have a dual boot installation: Kali and Windows 7. No Virtual Machine.

Original comment by frifrit...@gmail.com on 2 Nov 2013 at 12:11

GoogleCodeExporter commented 9 years ago 
Hey frifritzen,

This error:

-------------

p.startListening()
  File "/usr/local/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 641, in startListening
    raise CannotListenError, (self.interface, self.port, le)
twisted.internet.error.CannotListenError: Couldn't listen on any:10000: [Errno 
98] Address already in use.
Unable to determine gateway. Please ensure proper network connectivity and try 
again.

-------------

Is caused when Subterfuge is not correctly closed. I wager you probably used 
CTRL-C on the program? This left somethings running. Try rebooting your system, 
or executing: killall python from the terminal. Then try running the program 
again.

If you still have issues recieving credentials check on the target machines to 
make sure that they are actually getting arp cache poisoned.
Execute: arp -a (from the terminal/command prompt of the victim machine)

Make sure that the MAC address of your attack box is listed with the IP address 
of your gateway.

Original comment by Mtoussain@gmail.com on 5 Nov 2013 at 5:32

GoogleCodeExporter commented 9 years ago 
Hi and thank you very much for your answer!

I did exactly as you suggested:
1. rebooted my machine
2. connected to my WLAN network
3. started Subterfuge
4. started Google Chrome browser
5. chose 127.0.0.1

Up to that point everything went fine and looked right.

But after pressing "start" to harvest credentials everything was as described 
in my initial post.
So the reasen for the mentioned error report does not seem to be an "unclosed" 
Subterfuge instance!?

Next I executed the command "python killall" from the terminal. The result was 
unchanged, unfortunately.

Here is the log of my trial:
---------------------------------------------------------------------------
Subterfuge courtesy of r00t0v3rr1d3 & 0sm0s1z
Validating models...

0 errors found
Django version 1.3.1, using settings 'subterfuge.settings'
Development server is running at http://127.0.0.1:80/
Quit the server with CONTROL-C.
[05/Nov/2013 14:40:04] "GET / HTTP/1.1" 200 9593
[05/Nov/2013 14:40:05] "GET / HTTP/1.1" 200 438
No default gw on eth0
No default gw on wlan0
[05/Nov/2013 14:40:10] "GET /settings/ HTTP/1.1" 200 26010
[05/Nov/2013 14:40:10] "GET /static/css/images/ui-bg_flat_75_ffffff_40x100.png 
HTTP/1.1" 404 1812
[05/Nov/2013 14:40:10] "GET 
/static/css/images/ui-bg_highlight-soft_75_cccccc_1x100.png HTTP/1.1" 404 1839
[05/Nov/2013 14:40:10] "GET /static/css/images/ui-bg_glass_75_e6e6e6_1x400.png 
HTTP/1.1" 404 1812
[05/Nov/2013 14:40:57] "GET / HTTP/1.1" 200 9593
[05/Nov/2013 14:40:58] "GET / HTTP/1.1" 200 438
[05/Nov/2013 14:41:07] "GET /startpwn/regular/ HTTP/1.1" 500 52942
Starting Pwn Ops...
Automatically Configuring Subterfuge...
Iptables Prerouting Configured

Configuring System...
net.ipv4.ip_forward = 1
IP Forwarding Enabled.
Initiating ARP Poison With ARPMITM...
Starting up SSLstrip...
Dynamic ARP Retention is disabled.
Harvesting Credentials...
Starting FTP Sniffer

sslstrip 0.9 by Moxie Marlinspike running...
Poisoning the entire subnet...

[05/Nov/2013 14:44:45] "GET /startpwn/regular/ HTTP/1.1" 500 52942
Starting Pwn Ops...
Automatically Configuring Subterfuge...
Iptables Prerouting Configured

Configuring System...
net.ipv4.ip_forward = 1
IP Forwarding Enabled.
Initiating ARP Poison With ARPMITM...
Starting up SSLstrip...
Dynamic ARP Retention is disabled.
Harvesting Credentials...
Starting FTP Sniffer
Poisoning the entire subnet...

Traceback (most recent call last):
  File "/usr/share/subterfuge/sslstrip.py", line 108, in <module>
    main(sys.argv[1:])
  File "/usr/share/subterfuge/sslstrip.py", line 101, in main
    reactor.listenTCP(int(listenPort), strippingFactory)
  File "/usr/local/lib/python2.7/dist-packages/twisted/internet/posixbase.py", line 436, in listenTCP
    p.startListening()
  File "/usr/local/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 641, in startListening
    raise CannotListenError, (self.interface, self.port, le)
twisted.internet.error.CannotListenError: Couldn't listen on any:10000: [Errno 
98] Address already in use.
--------------------------------------------------------------------------------
-

Next I checked my victim machine by executing arp -a in the command window.
The MAC address of the attack machine is NOT listed with the standard gateway 
(WLAN router) IP adress.

So that means there is no arp cache poisoning in progress!?
Can I do something about it   .......and could that be the reason for the above 
mentioned error?

Thank you in advance!
FriFri

Original comment by frifrit...@gmail.com on 5 Nov 2013 at 9:17

GoogleCodeExporter commented 9 years ago 
Thanks for the thorough report! I see a couple things that might be causing 
your problems, but I'll have to check on it later today to give you a proper 
solution. You're right the arp cache poison either didn't happen, or was 
unsuccessful. My guess is that Subterfuge is unsure of the IP address of your 
gateway. These lines:

No default gw on eth0
No default gw on wlan0

If that's what is causing the issue you will need to go to settings -> uncheck 
automatic -> from the drop down list select your gateways IP (if it doesn't 
show up click on Manual Gateway and type it in).

My guess is that that is what's causing your issue, but I'll have to recreate 
the issue to give you a definate answer. Let me know if that helps!

Also I'm creating to seperate two issues for some of the problems you're 
having. (Issue 131, Issue 132)

Original comment by Mtoussain@gmail.com on 6 Nov 2013 at 4:01

GoogleCodeExporter commented 9 years ago 
Hi!

I checked out if my hardware is capable of ARP poisoning at all:
My Kali Linux setup: I enabled port forwarding and IP tables redirection (to 
port 8080)
Then I used "arpspoof".
--> on the victim machine ARP poisoning was observed (with "arp -a" and also 
with "tracert 192.168.178.1" which is my router´s IP)

Next I used "ettercap" and activated MITM with arp-poisoning option.
--> ARP poisoning was observed, same as above.

Next I added "sslstrip" and was also able to collect credentials on http and 
https connections.

.......so what do I do wrong with Subterfuge??

Thank you,
FriFri

Original comment by frifrit...@gmail.com on 16 Nov 2013 at 10:22

GoogleCodeExporter commented 9 years ago 
Not sure what's causing your issue, but the latest edition of Subterfuge that 
we just released comes with an alternate ARP Cache Poisoning method that may 
solve your problems. If you install the latest version try to use the Poison 
Single option underneath Settings -> MITM Vectors -> ARP Cache Poisoning.

Hope this helps.

Original comment by Mtoussain@gmail.com on 15 Dec 2013 at 5:40

GoogleCodeExporter commented 9 years ago 
Please download the latest version of Subterfuge and install it on the latest 
version of Kali Linux.

Original comment by topher.s...@gmail.com on 28 Dec 2013 at 6:16

GoogleCodeExporter commented 9 years ago 
I got this error when I click on Network View.

Original comment by Malave...@gmail.com on 27 Jan 2014 at 8:46

Attachments: