겉바속촉
[보안] kali에서 명령어 연습하기 본문
KALI LINUX에서
실습해보도록 하겠습니다.
@Attacker 에서 scapy 실습
프로그램 실행
┌──(kali㉿kali)-[~]
└─$ scapy 130 ⨯
INFO: Can't import PyX. Won't be able to use psdump() or pdfdump().
aSPY//YASa
apyyyyCY//////////YCa |
sY//////YSpcs scpCY//Pp | Welcome to Scapy
ayp ayyyyyyySCP//Pp syY//C | Version 2.4.4
AYAsAYYYYYYYY///Ps cY//S |
pCCCCY//p cSSps y//Y | https://github.com/secdev/scapy
SPPPP///a pP///AC//Y |
A//A cyP////C | Have fun!
p///Ac sC///a |
P////YCpc A//A | We are in France, we say Skappee.
scccccp///pSP///p p//Y | OK? Merci.
sY/////////y caa S//P | -- Sebastien Chabal
cayCyayP//Ya pY/Ya |
sY/PsY////YCc aC//Yp
sc sccaCY//PCypaapyCP//YSs
spCPY//////YPSps
ccaacs
using IPython 7.19.0
지원하는 프로토콜 목록
>>> ls()
AH : AH
AKMSuite : AKM suite
ARP : ARP
ASN1P_INTEGER : None
ASN1P_OID : None
ASN1P_PRIVSEQ : None
ASN1_Packet : None
TCP 헤더 정보를 출력
>>> ls(TCP)
sport : ShortEnumField = (20)
dport : ShortEnumField = (80)
seq : IntField = (0)
ack : IntField = (0)
dataofs : BitField (4 bits) = (None)
reserved : BitField (3 bits) = (0)
flags : FlagsField (9 bits) = (<Flag 2 (S)>)
window : ShortField = (8192)
chksum : XShortField = (None)
urgptr : ShortField = (0)
options : TCPOptionsField = (b'')
>>>
현재 설정된 TCP 헤더 정보를 출력
>>> TCP().display()
###[ TCP ]###
sport= ftp_data
dport= http
seq= 0
ack= 0
dataofs= None
reserved= 0
flags= S
window= 8192
chksum= None
urgptr= 0
options= []
>>>
사용 가능한 기능 목록
>>> lsc()
IPID_count : Identify IP id values classes in a list of packets
arpcachepoison : Poison target's cache with (your MAC,victim's IP) couple
arping : Send ARP who-has requests to determine which hosts are up
arpleak : Exploit ARP leak flaws, like NetBSD-SA2017-002.
bind_layers : Bind 2 layers on some specific fields' values.
bridge_and_sniff : Forward traffic between interfaces if1 and if2, sniff and return
chexdump : Build a per byte hexadecimal representation
computeNIGroupAddr : Compute the NI group Address. Can take a FQDN as input parameter
corrupt_bits :
corrupt_bytes :
defrag : defrag(plist) -> ([not fragmented], [defragmented],
defragment : defragment(plist) -> plist defragmented as much as possible
dhcp_request : Send a DHCP discover request and return the answer
dyndns_add : Send a DNS add message to a nameserver for "name" to have a new "rdata"
dyndns_del : Send a DNS delete message to a nameserver for "name"
etherleak : Exploit Etherleak flaw
explore : Function used to discover the Scapy layers and protocols.
fletcher16_checkbytes: Calculates the Fletcher-16 checkbytes returned as 2 byte binary-string.
fletcher16_checksum : Calculates Fletcher-16 checksum of the given buffer.
fragleak : --
fragleak2 : --
fragment : Fragment a big IP datagram
현재 설정된 IP 헤더의 정보를 출력
>>> IP().display()
###[ IP ]###
version= 4
ihl= None
tos= 0x0
len= None
id= 1
flags=
frag= 0
ttl= 64
proto= hopopt
chksum= None
src= 127.0.0.1
dst= 127.0.0.1
\options\
>>>
변수 설정해서 해보기
>>> ip = IP()
>>>
>>> ip.display()
###[ IP ]###
version= 4
ihl= None
tos= 0x0
len= None
id= 1
flags=
frag= 0
ttl= 64
proto= hopopt
chksum= None
src= 127.0.0.1
dst= 127.0.0.1
\options\
>>>
현재 IP 헤더에 목적지 주소를 변경
>>> ip = IP()
>>> ip.dst = "192.168.111.130"
>>> ip.display()
###[ IP ]###
version= 4
ihl= None
tos= 0x0
len= None
id= 1
flags=
frag= 0
ttl= 64
proto= hopopt
chksum= None
src= 192.168.94.129
dst= 192.168.111.130
\options\
스니핑 기능
- 스니핑 = 네트워크에 대한 데이터 몰래 훔쳐보기
- 스푸핑 = 잘못된 정보를 계속 주입시켜 그 정보를 믿도록 하는 것
sudo로 scapy 실행 (root권한으로)
┌──(kali㉿kali)-[~]
└─$ sudo scapy
[sudo] password for kali:
INFO: Can't import PyX. Won't be able to use psdump() or pdfdump().
aSPY//YASa
apyyyyCY//////////YCa |
sY//////YSpcs scpCY//Pp | Welcome to Scapy
ayp ayyyyyyySCP//Pp syY//C | Version 2.4.4
AYAsAYYYYYYYY///Ps cY//S |
pCCCCY//p cSSps y//Y | https://github.com/secdev/scapy
SPPPP///a pP///AC//Y |
A//A cyP////C | Have fun!
p///Ac sC///a |
P////YCpc A//A | Craft me if you can.
scccccp///pSP///p p//Y | -- IPv6 layer
sY/////////y caa S//P |
cayCyayP//Ya pY/Ya
sY/PsY////YCc aC//Yp
sc sccaCY//PCypaapyCP//YSs
spCPY//////YPSps
ccaacs
using IPython 7.19.0
zsh: suspended sudo scapy
sniff() 명령을 내리고 브라우저를 통해서 타 사이트를 방문한 후 중단(Ctrl+C)
스니핑 결과를 출력
>>> sniff()
^C<Sniffed: TCP:2445 UDP:68 ICMP:0 Other:2>
자세한 결과를 보려면 변수로 받아야합니다.
>>> sf = sniff()
^C>>> sf.display()
0000 Ether / IP / UDP / DNS Qry "b'www.daum.net.'"
0001 Ether / IP / TCP 192.168.94.129:53328 > 211.231.99.17:https S
0002 Ether / IP / UDP / DNS Ans "b'www.g.daum.net.'"
0003 Ether / IP / TCP 211.231.99.17:https > 192.168.94.129:53328 SA / Padding
0004 Ether / IP / TCP 192.168.94.129:53328 > 211.231.99.17:https A
0005 Ether / IP / TCP 192.168.94.129:53328 > 211.231.99.17:https PA / Raw
0006 Ether / IP / TCP 211.231.99.17:https > 192.168.94.129:53328 A / Padding
0007 Ether / IP / TCP 211.231.99.17:https > 192.168.94.129:53328 PA / Raw
0008 Ether / IP / TCP 192.168.94.129:53328 > 211.231.99.17:https A
0009 Ether / IP / TCP 192.168.94.129:53328 > 211.231.99.17:https PA / Raw
0010 Ether / IP / TCP 211.231.99.17:https > 192.168.94.129:53328 A / Padding
0011 Ether / IP / TCP 192.168.94.129:53328 > 211.231.99.17:https PA / Raw
0012 Ether / IP / TCP 211.231.99.17:https > 192.168.94.129:53328 A / Padding
0013 Ether / IP / TCP 211.231.99.17:https > 192.168.94.129:53328 PA / Raw
0014 Ether / IP / TCP 211.231.99.17:https > 192.168.94.129:53328 PA / Raw
0015 Ether / IP / TCP 211.231.99.17:https > 192.168.94.129:53328 PA / Raw
***다음 내용은 위에서 0001, 0003, 0004 에 해당하는 것***
이 내용이 바로 3-handshaking을 의미
Ether / IP / TCP 192.168.94.129:53328 > 211.231.99.17:https S ⇐ 연결 요청 ( 내 kali linux > daum.net sync ) Ether / IP / TCP 211.231.99.17:https > 192.168.94.129:53328 SA / Padding ⇐ 연결 수락 ( daum.net > 내 kali ) |
도움말
>>> help()
help> sniff
캡쳐할 패킷의 개수를 지정
현재 10개만 준 상황입니다.
>>> sf = sniff(count=10)
>>> sf.display()
0000 Ether / IP / UDP / DNS Qry "b'www.daum.net.'"
0001 Ether / IP / UDP / DNS Ans "b'www.g.daum.net.'"
0002 Ether / IP / TCP 192.168.94.129:40264 > 203.133.167.16:https S
0003 Ether / IP / TCP 203.133.167.16:https > 192.168.94.129:40264 SA / Padding
0004 Ether / IP / TCP 192.168.94.129:40264 > 203.133.167.16:https A
0005 Ether / IP / TCP 192.168.94.129:40264 > 203.133.167.16:https PA / Raw
0006 Ether / IP / TCP 203.133.167.16:https > 192.168.94.129:40264 A / Padding
0007 Ether / IP / TCP 203.133.167.16:https > 192.168.94.129:40264 PA / Raw
0008 Ether / IP / TCP 203.133.167.16:https > 192.168.94.129:40264 PA / Raw
0009 Ether / IP / TCP 203.133.167.16:https > 192.168.94.129:40264 PA / Raw
위 정보에서 궁금한게 있다면
예를 들어 저 위의 2번째가 궁금하면 --> sg[2].show() 라는 명령을 주기
>>> sf[2].show()
###[ Ethernet ]###
dst= 00:50:56:ee:37:4a
src= 00:0c:29:3d:e7:e0
type= IPv4
###[ IP ]###
version= 4
ihl= 5
tos= 0x0
len= 60
id= 63862
flags= DF
frag= 0
ttl= 64
proto= tcp
chksum= 0xaf85
src= 192.168.94.129
dst= 203.133.167.16
\options\
###[ TCP ]###
sport= 40264
dport= https
seq= 3272259479
ack= 0
dataofs= 10
reserved= 0
flags= S
window= 64240
chksum= 0x91ee
urgptr= 0
options= [('MSS', 1460), ('SAckOK', b''), ('Timestamp', (43726480, 0)), ('NOP', None), ('WScale', 7)]
살펴보다보면 다음 내용이 보일 거에요.
S 가 바로 다음 의미가 되는 거쥬!!
flags= S ⇐ SYN 플래그가 설정된 세그먼트 |
'IT 일기 (상반기) > 네트워크 및 시스템 보안' 카테고리의 다른 글
[보안] 가상머신에 Visaul Studio Code 설치하는 방법 (0) | 2021.01.19 |
---|---|
[보안] kali 한글 깨짐 해결 (0) | 2021.01.19 |
[보안] kali 가상머신 wireshark, TCP/IP (0) | 2021.01.19 |
[보안] OSI 7계층 (0) | 2021.01.18 |
[보안] UDP 및 TCP 방식, port (0) | 2021.01.18 |