easy-creds's Introduction
###### ## #### # # #### ##### ###### ##### #### # # # # # # # # # # # # # # ##### # # #### # ##### # # # ##### # # #### # ###### # # # ##### # # # # # # # # # # # # # # # # # # # ###### # # #### # #### # # ###### ##### #### v3.8-dev Garden of New Jersey Purpose: This script leverages tools for stealing credentials during a pen test. This version has gone through a complete code cleanup -> Thanks al14s & zero_chaos Added - Macchanger thx to SilverFoxx Added - Prerequisite test ######################################################################## 1. Prereqs 2. Installation 3. Working with easy-creds in screen 4. Instructional videos 1. Prereqs: * screen * freeradius (with wpe patches) * hamster * ferret * sslstrip * dsniff * urlsnarf * metasploit * airbase-ng * airodump-ng * hostapd * mdk3 * ipcalc * asleap 2. Installation: Most can be installed from repos, we've included some instruction on installing from source when helpful. easy-creds is available in some Linux distros already, so before spending a lot of time, try just installing it with your package manager. If easy-creds is not available already in the repo for your distro please open a bug for them (no us) to add it, then feel free to follow the directions below: To install SOME of the dependencies for debian/ubuntu based distros use the following command: apt-get install screen hostapd dsniff dhcp3-server ipcalc aircrack-ng ### aircrack-ng suite There are known issues for airbase-ng with the base v1.1 version included in many distros. If that is what your distro provides it is recommended that you grab the latest nightly build from the SVN repo and recompile. Full instructions for installing aircrack-ng available here: http://www.aircrack-ng.org/doku.php?id=install_aircrack Follow either svn or nightly tarball guide: http://www.aircrack-ng.org/doku.php?id=install_aircrack#latest_svn_development_sources http://www.aircrack-ng.org/doku.php?id=install_aircrack#nightly_build ### freeradius-wpe The freeradius in the repo most likely does not include the wpe patch. It is best to install from source unless you are using a distro that already applied this very non-standard patch: wget ftp://ftp.freeradius.org/pub/radius/old/freeradius-server-2.1.11.tar.bz2 -O /tmp/freeradius-server-2.1.11.tar.bz2 wget http://www.opensecurityresearch.com/files/freeradius-wpe-2.1.11.patch -O /tmp/freeradius-wpe-2.1.11.patch cd /tmp tar xf freeradius-server-2.1.11.tar.bz2 mv freeradius-wpe-2.1.11.patch /tmp/freeradius-server-2.1.11/freeradius-wpe-2.1.11.patch cd freeradius-server-2.1.11 patch -p1 < freeradius-wpe-2.1.11.patch ./configure && make && make install cd /usr/local/etc/raddb/certs/ ./bootstrap ### Hamster & Ferret mkdir /opt/sidejack cd /tmp wget http://www.erratasec.com/erratasec.zip -O /tmp/erratasec.zip unzip erratasec.zip cd hamster/build/gcc4/ make cp /tmp/ec-install/hamster/bin/* /opt/sidejack rm -rf /tmp/ferret svn checkout http://ferret.googlecode.com/svn/trunk/ /tmp/ferret cd /tmp/ferret/ make cp /tmp/ferret/bin/ferret /opt/sidejack/ferret ### asleap Asleap may be available in your package manager, if not, you can install like this: wget http://www.willhackforsushi.com/code/asleap/2.2/asleap-2.2.tgz -O /tmp/asleap.tgz cd /tmp tar xf asleap.tgz cd asleap make cp asleap /usr/local/sbin cp genkeys /usr/local/bin ### MDK3 wget http://homepages.tu-darmstadt.de/~p_larbig/wlan/mdk3-v6.tar.bz2 -O /tmp/mdk3-v6.tar.bz2 cd /tmp tar xf mdk3-v6.tar.bz2 cd mdk3-v6 make && make install 3. Working with easy-creds within a screen I don't want to assume everyone is perfectly comfortable with screen, but please read some tutorials from the web. easy-creds will look for X windows running, but shouldn't find it on the pwnie and launch everything in a screen sessions. This can feel a bit like Inception once you're in a screen within a screen The main thing to remember is once the easy-creds screen session launches you should do the following from command prompt. screen -list (you should see the easy-creds session) screen -r easy-creds You are now interacting with the easy-creds screen session. Normally to view your screens you would press ctrl-a then " and this will show you what screens you have open in the session. Where it gets tricky is when you have a screen session, then launch another screen session (easy-creds attacks). When that happens you will need to do the following: ctrl-a then a then " That extra 'a' lets the screen program know you want to work with the inner screen session. Yes it is confusing a bit at first but you'll get the hang of it. 4. Instructional Videos: Instructional videos can be found here -> http://www.youtube.com/user/Brav0Hax Even if the version is not the same, the base functionality is. Happy hunting!! [email protected]
easy-creds's People
Forkers
al14s jscro hajolito ehumphri kernelbitch noncetonic karthikrangarajan mubix cmavr8 atlantis2013 molotof besimaltnok agsola psych0-smil3s brazillink zenxiaoshu cpxintel ryehawk28 vicgc kidclavo 0x0mar baldybadgersrunningroundmybrain vaginessa craig5233 avicoder 5w1tch cgtarmenta tetrasine syeekick sh3llsh0ck3d master2be1 restanrm 0x90shell grosdev icekvot rubicondimitri floppynator jb071 soulless313 lamkeysing92 bahtiyarb-torba pr0xych41ns infinitedevelopment lucabongiorni barmallini hanshaze r13mann freeroute songofhack embpgp wmswu c0nn3ct patzor jameslinus foundtarin kufan 00kush00 filipesam n4yk tanc7 sea13502 chengyang827 benfang2002 kuteminh11 s4yhell0 willame sugitime freeethicalhacking fingerleakers ykankaya inosec kosamkarmansi otomazeli ptahchiev mesutozsoycom sh317er mgcfish freeguy1 johntomyang 5l1v3r1 reynelda86 kelvinninja1 miraoui1 ilkkai foxthealmighty tarlety hartl3y94 gugugu5331 tommalvoriddle redrouge asuradago l3aalteshuvaeasy-creds's Issues
Ettercap is not working
In kali sana, easy-creds 3.8 dev works fine except ettercap. Client can connect to internet and url sniff also shows the links but the ettercap tab is not opening.
DHCP cannot initialize success in kali linux 2.0
I create fake AP success, but devices cannot connect to it. I used wireshark to capture data packages, it shows device keep DHCP request but without any response...
Installation went horribly wrong
I know that this package is preety old, however I still tried installing it on my Ubuntu.
The logs get cleared, so it was kinda hard to read and copy everything, however, literally everytime i got spammed
Edit: During installation there were a whole lot of compilation errors.
job-working-directory: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
couldn't find radiusd
couldn't find mdk3
[!] Some prereqs missing, functionality may be impaired. Review README file.
sh: 0: getcwd() failed: No such file or directory
[-] I can't find a wireless interface to display...continuing anyway
xterm: Can't execvp sslstrip: No such file or directory
shell-init: error retrieving current direotry: getcwd: cannot access parent directories: No such file or directory
sh: 0: getcwd() failed: No such files or directory
xterm: Can't execvp ettercap: No such file or directory
shell-init: error retrieving current direotry: getcwd: cannot access parent directories: No such file or directory
sh: 0: getcwd() failed: No such files or directory
Airbase-NG
error setting MTU on wlx00c0caae5c94
Error: Got channel -1. expected a value > 0.
These errors aren't logs from one time, i simply had to rewrite them because i can't copy the logs, so i put them in one here. Is there any way to uninstall fully easy-creds or fix it?
"Nmap format" not working
After selecting Poisoning Attacks and then Create Victim Host List, the network range isn't registering.
Enter your target network range (nmap format): 192.168.1.1/24
Enter your target network range (nmap format):
Enter your target network range (nmap format): 192.168.1.0-255
Enter your target network range (nmap format):
MAC change leads to Fake AP disconnections
First of all, this is probably not a problem of easy-creds itself, but some of the components used.
Steps to reproduce:
FakeAP attacks > Fake AP attack static. Most settings are irrelevant (do not affect), but if I choose to change my mon card's MAC, the problem manifests.
Everything seems to go on OK (MAC changed ok, AP created etc) but once my client connects to the AP and tries downloading they get disconnected. Then it tries to connect again (Android phone) and succeeds, only to get disconnected a few seconds later. This goes on forever. Haven't tried other clients.
I have tried this many times, and it's consistently reproducible. If I do not change the MAC it works great.
Free Radius installation fails on Kali
mkdir -p /usr/local/etc/raddb/certs
solves it
Packaging for kali
hi am packaging this for debian/kali the file definitions.sslstrip, where does it go? and whats it for? it does not seem to be referenced in the installer.
Also the script seems to need svn/git versions of a lot of packages, before i go of and start packaging all its cutting edge deps, has it been tested on a standard kali setup, if so where does it fall over, a lot of kali packages are seriously out of date, is that going to effect operation ?
Internet on Fake AP extremely slow
Hey brav0 I love this script and want to thank you for the amazing work you've done. The one issue I'm having is that when connecting to the AP from a victim machine, the internet goes extremely slow, taking a few minutes for a page to load. I'm tunneling a very fast connection to the AP, so I'm not sure where the issue is.
Also I'm not sure if this has anything to do with it, but when starting airbase all goes well but I'm getting this error:
error: got channel -1, expected a value > 0.
Any help would be appreciated!
Thanks again
Easy-creds installer stuck at getting freeradius. Is there a way to bypass it?
This is where it gets stuck
Connecting to ftp.freeradius.org (ftp.freeradius.org)|62.210.29.29|:21...
Thanks!
Credentials Windows Stays Open
When performing a FreeRadius attack the cleanup does not close the xterm window for credentials
Easy-Creds on Wifi Pineapple Mark V?
I just got hold of this fantastic device and thought easy-creds would be great for it. Any chance of compatibility?
Really appreciate the interesting work you are doing on this and ettercap!
closed
NonIssue: Question: How is EvilTwin AP supposed to work?
Hi again,
This is not an issue report, but a question/discussion, but there is no forum in github.
I'm trying to get all modes of easy-creds working, so I have some questions. I may write my knowledge down as documentation (in the wiki maybe) of this project when I have enough, if that's ok with you (brav0hax).
So, the question is: how is the EvilTwin mode supposed to work?
Create rogue unsecured APs based on client probes, right?
Should clients be able to connect and use the APs? Mine doesn't. Even if (the client) chooses to connect to one of the created networks, it can't. Is this normal?
(Feature suggestion: make APs with var security settings. 4 for each ssid. This will increase autoconnection success)
Thanks,
Chris
updates?
Great project, but are you going to make any updates?
wlanxmon (ex. wlan0mon), new airmon-ng update
sorry my language,
airmon-ng get update this moon.
will see https://www.kali.org/penetration-testing/pixiewps-reaver-aircrack-ng-updates/
"Goodbye mon0, hello wlan0mon!"
what we do now?
Easy-creds on Kali 1.09
Hi,
I've been trying to get easy-creds set up a fake AP but I ran into some trouble due to the fact that Kali uses isc-dhcp-server now and not dhcp3 anymore.
I looked at some fixes online but I still can't get it to work properly. My devices can connect to the fake AP but traffic doesn't get through.
Did you fix this in any later versions, and if not do you recommend using something else?
I'm running EC 3.7.3, so maybe updating will fix this?
Kind regards,
Thomas
Unrecognized dhcpd on Kali
Hi
I installed this on Kali but getting unrecognized dhcpd. As I understand Kali is using isc-dhcp
thanks
Client cannot connect to AP after launching rogue AP on easy-creds
Hello,
I hope you are well. I have been having an issue in getting easy-creds to work. I was able to get the prereqs installed, but still having issues. I am trying to create a honey pot test by creating a free AP as internet is running as well. I have eth0 as my internet and wlan0 (AWUSO36NH). So, when a user connects they will connect with internet. Every time client(s) connects to the free AP, it will take a long time to connect. But when they do connect, internet will not go through and I will not be able to get the credentials as I am wanting (All testing in my home environment) . Pop-ups when running the free AP come up like sslstrip, ettercap, and dmesg are up. Also, I am getting an error where "got channel -1, expected a value > 0. I typed in channel 9. I know it works on raspberry pi (Kali linux arm) cause I am using a book "Penetration testing Raspberry Pi." Let me know what you think. Also, are we suppose to use dhcp3 or isc-dhcp3?
Thanks,
joeyj2468
[Feature Request] Add OSX to supported platforms
Any option of getting OSX added to the list for the install?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.