search

urbanesec / ZackAttack

Unveiled at DEF CON 20, NTLM Relaying to ALL THE THINGS!
Other
258 stars 73 forks source link

Zackattack doesn't work on Kali Linux #56

Open macubergeek opened 11 years ago

macubergeek commented 11 years ago

I'm running ruby version: ruby 1.9.3p194 (2012-04-20 revision 35410) [i486-linux]

I'm getting these errors:

Script started on Mon 20 May 2013 06:47:00 PM EDT 10.0.1.10 : ./zackattack.rb /usr/lib/ruby/1.9.1/rubygems/dependency.rb:247:in to_specs': Could not find sqlite3 (= 1.3.6) amongst [addressable-2.2.8, bundler-1.1.4, crack-0.3.1, ethon-0.5.7, fast_xs-0.8.0, ffi-1.0.11, hpricot-0.8.6, httpclient-2.2.4, json-1.7.3, mime-types-1.19, mini_exiftool-1.6.0, nokogiri-1.5.5, rchardet-1.3, rdoc-3.9.4, rspec-2.10.0, rspec-core-2.10.1, rspec-expectations-2.10.0, rspec-mocks-2.10.1, simplecov-html-0.7.1, spider-0.4.4, typhoeus-0.6.3] (Gem::LoadError) from /usr/lib/ruby/1.9.1/rubygems/dependency.rb:256:into_spec' from /usr/lib/ruby/1.9.1/rubygems.rb:1231:in gem' from /root/ZackAttack-master/lib/zfdb.rb:7:in<top (required)>' from /usr/lib/ruby/1.9.1/rubygems/custom_require.rb:60:in require' from /usr/lib/ruby/1.9.1/rubygems/custom_require.rb:60:inrescue in require' from /usr/lib/ruby/1.9.1/rubygems/custom_require.rb:35:in require' from /root/ZackAttack-master/clients/ews.rb:9:in<top (required)>' from /usr/lib/ruby/1.9.1/rubygems/custom_require.rb:60:in require' from /usr/lib/ruby/1.9.1/rubygems/custom_require.rb:60:inrescue in require' from /usr/lib/ruby/1.9.1/rubygems/custom_require.rb:35:in require' from /root/ZackAttack-master/lib/zfclient.rb:6:in<top (required)>' from /usr/lib/ruby/1.9.1/rubygems/custom_require.rb:60:in require' from /usr/lib/ruby/1.9.1/rubygems/custom_require.rb:60:inrescue in require' from /usr/lib/ruby/1.9.1/rubygems/custom_require.rb:35:in require' from /root/ZackAttack-master/lib/zfhttpd.rb:7:in<top (required)>' from /usr/lib/ruby/1.9.1/rubygems/custom_require.rb:60:in require' from /usr/lib/ruby/1.9.1/rubygems/custom_require.rb:60:inrescue in require' from /usr/lib/ruby/1.9.1/rubygems/custom_require.rb:35:in require' from ./zackattack.rb:8:in

' 10.0.1.10 : exit exit

Script done on Mon 20 May 2013 06:47:08 PM EDT

zfasel commented 11 years ago

Can you please run 'gem query --local' and send me the results? Seems to be an issue with sqlite3 missing.

(if I had bandwidth today, i'd install kali to check it)

zfasel commented 11 years ago

also try gem install sqlite3. Appears to be missing in the list.

macubergeek commented 11 years ago

Zack

here's the output

addressable (2.2.8) bundler (1.1.4) crack (0.3.1) ethon (0.5.7) fast_xs (0.8.0) ffi (1.0.11) hpricot (0.8.6) httpclient (2.2.4) json (1.7.3) mime-types (1.19) mini_exiftool (1.6.0) nokogiri (1.5.5) rchardet (1.3) rdoc (3.9.4) rspec (2.10.0) rspec-core (2.10.1) rspec-expectations (2.10.0) rspec-mocks (2.10.1) simplecov-html (0.7.1) spider (0.4.4) typhoeus (0.6.3)

Jim

On May 20, 2013, at 7:01 PM, Zack Fasel notifications@github.com wrote:

Can you please run 'gem query --local' and send me the results? Seems to be an issue with sqlite3 missing.

Reply to this email directly or view it on GitHub: https://github.com/zfasel/ZackAttack/issues/56#issuecomment-18179321

Jim

%49%66%20%79%6F%75%20%63%61%6E%20%72%65%61%64%20%74%68%69%73%20%79%6F%75%20%6E%65%65%64%20%74%6F%20%67%65%74%20%61%20%67%69%72%6C%66%72%69%65%6E%64%2E
macubergeek commented 11 years ago

Zack

here's the error when I do "gem install sqlite3

Fetching: sqlite3-1.3.7.gem (100%) Building native extensions. This could take a while... ERROR: Error installing sqlite3: ERROR: Failed to build gem native extension.

    /usr/bin/ruby1.9.1 extconf.rb

/usr/lib/ruby/1.9.1/rubygems/custom_require.rb:36:in require': cannot load such file -- mkmf (LoadError) from /usr/lib/ruby/1.9.1/rubygems/custom_require.rb:36:inrequire' from extconf.rb:3:in `

'

Gem files will remain installed in /var/lib/gems/1.9.1/gems/sqlite3-1.3.7 for inspection. Results logged to /var/lib/gems/1.9.1/gems/sqlite3-1.3.7/ext/sqlite3/gem_make.out

Here's another error

10.0.1.10 : gem install rake sqlite3 Fetching: rake-10.0.4.gem (100%) Successfully installed rake-10.0.4 Building native extensions. This could take a while... ERROR: Error installing sqlite3: ERROR: Failed to build gem native extension.

Gem files will remain installed in /var/lib/gems/1.9.1/gems/sqlite3-1.3.7 for inspection. Results logged to /var/lib/gems/1.9.1/gems/sqlite3-1.3.7/ext/sqlite3/gem_make.out 1 gem installed Installing ri documentation for rake-10.0.4... ERROR: While executing gem ... (Errno::ENOENT) No such file or directory - getcwd 10.0.1.10 :

Jim

On May 20, 2013, at 7:03 PM, Zack Fasel notifications@github.com wrote:

also try gem install sqlite3. Appears to be missing in the list.

Reply to this email directly or view it on GitHub: https://github.com/zfasel/ZackAttack/issues/56#issuecomment-18179384

Jim

%49%66%20%79%6F%75%20%63%61%6E%20%72%65%61%64%20%74%68%69%73%20%79%6F%75%20%6E%65%65%64%20%74%6F%20%67%65%74%20%61%20%67%69%72%6C%66%72%69%65%6E%64%2E
macubergeek commented 11 years ago

Zack

I figured out the solution. On Kali Linux all you have to do is

apt-get install ruby-sqlite3

Jim

PS Do I need to update the issues entry?

macubergeek commented 11 years ago

Zack Zackattack looking very cool. Thanks for developing it and releasing it to the community!

Jim

----- Original Message ----- From: Zack Fasel <notifications@github.com> To: zfasel/ZackAttack <ZackAttack@noreply.github.com> Cc: macubergeek <macubergeek@comcast.net> Sent: Mon, 20 May 2013 23:03:27 -0000 (UTC) Subject: Re: [ZackAttack] Zackattack doesn't work on Kali Linux (#56)

also try gem install sqlite3. Appears to be missing in the list.

Reply to this email directly or view it on GitHub: https://github.com/zfasel/ZackAttack/issues/56#issuecomment-18179384

zfasel commented 11 years ago

Heh, still needs work, but it's a start :P I'll close this issue once i write an INSTALL guide with the dependencies as well as make the modification on the requirement so it's not version forced.

macubergeek commented 11 years ago

You might consider trying to get it added to Kali at some point. Kali seems to have all the dependencies except for ruby-sqlite3.

Jk

On May 21, 2013, at 2:16 PM, Zack Fasel notifications@github.com wrote:

Heh, still needs work, but it's a start :P I'll close this issue once i write an INSTALL guide with the dependencies as well as make the modification on the requirement so it's not version forced.

— Reply to this email directly or view it on GitHub.

macubergeek commented 11 years ago

Zack just saw your Defcon and Derbycon talks I'm unclear about one small thing…hope you can straighten me out

From what I'm seeing I still have to get the victims to connect to a UNC path pointed at my attacking box via Outlook Email phish with img src link yes? I mean once I launch zackattack what's my next step(s)?

Jim

mubix commented 11 years ago

@macubergeek - next steps really depend on your point of view. If you have a set of creds and a share that people use it's easiest to just put a shortcut with a UNC path icon or another form of auto-load UNC there. Else you can start sending spam emails internally with UNC paths but that has a slightly larger detectibility rating but doesn't require permissions. Finally you could use Responder from Spiderlabs to induce UNC path usage via NBNS and LLMNR attacks.

macubergeek commented 11 years ago

Rob

thanks! The responder option sounds most interesting, I was unaware of this tool. Thanks for pointing it out to me. Spiderlabs has a great how-to on the tool.

Jim

On Jun 30, 2013, at 3:51 AM, Rob Fuller notifications@github.com wrote:

@macubergeek - next steps really depend on your point of view. If you have a set of creds and a share that people use it's easiest to just put a shortcut with a UNC path icon or another form of auto-load UNC there. Else you can start sending spam emails internally with UNC paths but that has a slightly larger detectibility rating but doesn't require permissions. Finally you could use Responder from Spiderlabs to induce UNC path usage via NBNS and LLMNR attacks.

Reply to this email directly or view it on GitHub: https://github.com/zfasel/ZackAttack/issues/56#issuecomment-20243672

Jim

%49%66%20%79%6F%75%20%63%61%6E%20%72%65%61%64%20%74%68%69%73%20%79%6F%75%20%6E%65%65%64%20%74%6F%20%67%65%74%20%61%20%67%69%72%6C%66%72%69%65%6E%64%2E
LinuxSTAIN commented 11 years ago

Zack please help me.. i cant get ZackAttack to work with backtrack5 R3.. Here is where i run into the problems...

root@bt:~/ZackAttack# ruby zackattack.rb /usr/lib/ruby/1.9.2/rubygems.rb:779:in report_activate_error': Could not find RubyGem sqlite3 (= 1.3.6) (Gem::LoadError) from /usr/lib/ruby/1.9.2/rubygems.rb:214:inactivate' from /usr/lib/ruby/1.9.2/rubygems.rb:1082:in gem' from <internal:gem_prelude>:213:inpush_gem_version_on_load_path' from internal:gem_prelude:16:in gem' from /root/ZackAttack/lib/zfdb.rb:7:in<top (required)>' from /root/ZackAttack/clients/ews.rb:9:in require' from /root/ZackAttack/clients/ews.rb:9:in<top (required)>' from /root/ZackAttack/lib/zfclient.rb:6:in require' from /root/ZackAttack/lib/zfclient.rb:6:in<top (required)>' from /root/ZackAttack/lib/zfhttpd.rb:7:in require' from /root/ZackAttack/lib/zfhttpd.rb:7:in<top (required)>' from zackattack.rb:8:in require' from zackattack.rb:8:in

'

what am i doing wrong? Could it be that its not installed in the right directory?? Please have patience with me i am learning a lot in a little amount of time

thE-iNviNciblE commented 11 years ago

How to fix the right sqlite3 version? i've installed 1.3.7 but it doesn't work under windows.

C:/Ruby200/lib/ruby/2.0.0/rubygems/dependency.rb:296:in `to_specs': Could not f nd 'sqlite3' (= 1.3.6) - did find: sqlite3-1.3.7-x86-mingw32

JohannesTK commented 11 years ago

Have the same problem as the person above me. Seems like it doesn't like the newer sqlite version. My code:

root@johannes-N56VZ:~/ZackAttack-master# ruby zackattack.rb /home/johannes/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/rubygems/dependency.rb:296:in to_specs': Could not find 'sqlite3' (= 1.3.6) - did find: [sqlite3-1.3.7] (Gem::LoadError) from /home/johannes/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/rubygems/dependency.rb:307:into_spec' from /home/johannes/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/rubygems/core_ext/kernel_gem.rb:47:in gem' from /home/johannes/ZackAttack-master/lib/zfdb.rb:7:in<top (required)>' from /home/johannes/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:110:in require' from /home/johannes/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:110:inrescue in require' from /home/johannes/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:35:in require' from /home/johannes/ZackAttack-master/clients/ews.rb:9:in<top (required)>' from /home/johannes/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:110:in require' from /home/johannes/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:110:inrescue in require' from /home/johannes/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:35:in require' from /home/johannes/ZackAttack-master/lib/zfclient.rb:6:in<top (required)>' from /home/johannes/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:110:in require' from /home/johannes/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:110:inrescue in require' from /home/johannes/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:35:in require' from /home/johannes/ZackAttack-master/lib/zfhttpd.rb:7:in<top (required)>' from /home/johannes/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:110:in require' from /home/johannes/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:110:inrescue in require' from /home/johannes/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:35:in require' from zackattack.rb:8:in

macubergeek commented 9 years ago

Zack zackattack doesn't run on Kali2 apparently your code requires older versions of the sqlite3 gem than what's installed on Kali2 /usr/lib/ruby/2.1.0/rubygems/dependency.rb:298:in `to_specs': Could not find 'sqlite3' (= 1.3.6) - did find: sqlite3-1.3.10,sqlite3-1.3.9

macubergeek commented 9 years ago

ok got it to launch: installed version of ruby gem sqlite is 1.3.10 so edited zfdb.rb line line 7 changing from this: gem 'sqlite3', '1.3.6' #wtf ruby 1.92 to gem 'sqlite3', '1.3.10' #wtf ruby 1.92 I'm running ruby version: ruby 2.1.5p273 (2014-11-13)

Now mind you I'm not sure this thing WORKS ;-) but now I get this when I launch it:

Here Goes ZackAttack! Booting Up!.....

Starting httpd server Starting smbd server Initializing SOCKS Client Proxy Starting Admin GUI

WELCOME TO ZackAttack! - Version 0.a.lessfail. Less Bugs than..er...a version ago!

No CLI Gui for Now. Connect to http://zf:zf@0.0.0.0:4531

and when I run netstat I get:

root@kali2:/opt/ZackAttack# netstat -ant Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:4531 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:4532 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN

smack me in the head if I' being stupid here Zack J1m

devrajashwin commented 8 years ago

its runs on kali rolling thanx man ur trick worked