Closed GoogleCodeExporter closed 8 years ago
I have a dual boot installation: Kali and Windows 7. No Virtual Machine.
Original comment by frifrit...@gmail.com
on 2 Nov 2013 at 12:11
Hey frifritzen,
This error:
-------------
p.startListening()
File "/usr/local/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 641, in startListening
raise CannotListenError, (self.interface, self.port, le)
twisted.internet.error.CannotListenError: Couldn't listen on any:10000: [Errno
98] Address already in use.
Unable to determine gateway. Please ensure proper network connectivity and try
again.
-------------
Is caused when Subterfuge is not correctly closed. I wager you probably used
CTRL-C on the program? This left somethings running. Try rebooting your system,
or executing: killall python from the terminal. Then try running the program
again.
If you still have issues recieving credentials check on the target machines to
make sure that they are actually getting arp cache poisoned.
Execute: arp -a (from the terminal/command prompt of the victim machine)
Make sure that the MAC address of your attack box is listed with the IP address
of your gateway.
Original comment by Mtoussain@gmail.com
on 5 Nov 2013 at 5:32
Hi and thank you very much for your answer!
I did exactly as you suggested:
1. rebooted my machine
2. connected to my WLAN network
3. started Subterfuge
4. started Google Chrome browser
5. chose 127.0.0.1
Up to that point everything went fine and looked right.
But after pressing "start" to harvest credentials everything was as described
in my initial post.
So the reasen for the mentioned error report does not seem to be an "unclosed"
Subterfuge instance!?
Next I executed the command "python killall" from the terminal. The result was
unchanged, unfortunately.
Here is the log of my trial:
---------------------------------------------------------------------------
Subterfuge courtesy of r00t0v3rr1d3 & 0sm0s1z
Validating models...
0 errors found
Django version 1.3.1, using settings 'subterfuge.settings'
Development server is running at http://127.0.0.1:80/
Quit the server with CONTROL-C.
[05/Nov/2013 14:40:04] "GET / HTTP/1.1" 200 9593
[05/Nov/2013 14:40:05] "GET / HTTP/1.1" 200 438
No default gw on eth0
No default gw on wlan0
[05/Nov/2013 14:40:10] "GET /settings/ HTTP/1.1" 200 26010
[05/Nov/2013 14:40:10] "GET /static/css/images/ui-bg_flat_75_ffffff_40x100.png
HTTP/1.1" 404 1812
[05/Nov/2013 14:40:10] "GET
/static/css/images/ui-bg_highlight-soft_75_cccccc_1x100.png HTTP/1.1" 404 1839
[05/Nov/2013 14:40:10] "GET /static/css/images/ui-bg_glass_75_e6e6e6_1x400.png
HTTP/1.1" 404 1812
[05/Nov/2013 14:40:57] "GET / HTTP/1.1" 200 9593
[05/Nov/2013 14:40:58] "GET / HTTP/1.1" 200 438
[05/Nov/2013 14:41:07] "GET /startpwn/regular/ HTTP/1.1" 500 52942
Starting Pwn Ops...
Automatically Configuring Subterfuge...
Iptables Prerouting Configured
Configuring System...
net.ipv4.ip_forward = 1
IP Forwarding Enabled.
Initiating ARP Poison With ARPMITM...
Starting up SSLstrip...
Dynamic ARP Retention is disabled.
Harvesting Credentials...
Starting FTP Sniffer
sslstrip 0.9 by Moxie Marlinspike running...
Poisoning the entire subnet...
[05/Nov/2013 14:44:45] "GET /startpwn/regular/ HTTP/1.1" 500 52942
Starting Pwn Ops...
Automatically Configuring Subterfuge...
Iptables Prerouting Configured
Configuring System...
net.ipv4.ip_forward = 1
IP Forwarding Enabled.
Initiating ARP Poison With ARPMITM...
Starting up SSLstrip...
Dynamic ARP Retention is disabled.
Harvesting Credentials...
Starting FTP Sniffer
Poisoning the entire subnet...
Traceback (most recent call last):
File "/usr/share/subterfuge/sslstrip.py", line 108, in <module>
main(sys.argv[1:])
File "/usr/share/subterfuge/sslstrip.py", line 101, in main
reactor.listenTCP(int(listenPort), strippingFactory)
File "/usr/local/lib/python2.7/dist-packages/twisted/internet/posixbase.py", line 436, in listenTCP
p.startListening()
File "/usr/local/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 641, in startListening
raise CannotListenError, (self.interface, self.port, le)
twisted.internet.error.CannotListenError: Couldn't listen on any:10000: [Errno
98] Address already in use.
--------------------------------------------------------------------------------
-
Next I checked my victim machine by executing arp -a in the command window.
The MAC address of the attack machine is NOT listed with the standard gateway
(WLAN router) IP adress.
So that means there is no arp cache poisoning in progress!?
Can I do something about it .......and could that be the reason for the above
mentioned error?
Thank you in advance!
FriFri
Original comment by frifrit...@gmail.com
on 5 Nov 2013 at 9:17
Thanks for the thorough report! I see a couple things that might be causing
your problems, but I'll have to check on it later today to give you a proper
solution. You're right the arp cache poison either didn't happen, or was
unsuccessful. My guess is that Subterfuge is unsure of the IP address of your
gateway. These lines:
No default gw on eth0
No default gw on wlan0
If that's what is causing the issue you will need to go to settings -> uncheck
automatic -> from the drop down list select your gateways IP (if it doesn't
show up click on Manual Gateway and type it in).
My guess is that that is what's causing your issue, but I'll have to recreate
the issue to give you a definate answer. Let me know if that helps!
Also I'm creating to seperate two issues for some of the problems you're
having. (Issue 131, Issue 132)
Original comment by Mtoussain@gmail.com
on 6 Nov 2013 at 4:01
Hi!
I checked out if my hardware is capable of ARP poisoning at all:
My Kali Linux setup: I enabled port forwarding and IP tables redirection (to
port 8080)
Then I used "arpspoof".
--> on the victim machine ARP poisoning was observed (with "arp -a" and also
with "tracert 192.168.178.1" which is my router´s IP)
Next I used "ettercap" and activated MITM with arp-poisoning option.
--> ARP poisoning was observed, same as above.
Next I added "sslstrip" and was also able to collect credentials on http and
https connections.
.......so what do I do wrong with Subterfuge??
Thank you,
FriFri
Original comment by frifrit...@gmail.com
on 16 Nov 2013 at 10:22
Not sure what's causing your issue, but the latest edition of Subterfuge that
we just released comes with an alternate ARP Cache Poisoning method that may
solve your problems. If you install the latest version try to use the Poison
Single option underneath Settings -> MITM Vectors -> ARP Cache Poisoning.
Hope this helps.
Original comment by Mtoussain@gmail.com
on 15 Dec 2013 at 5:40
Please download the latest version of Subterfuge and install it on the latest
version of Kali Linux.
Original comment by topher.s...@gmail.com
on 28 Dec 2013 at 6:16
I got this error when I click on Network View.
Original comment by Malave...@gmail.com
on 27 Jan 2014 at 8:46
Attachments:
Original issue reported on code.google.com by
frifrit...@gmail.com
on 1 Nov 2013 at 11:32