Packet generation and network based attacks with Scapy - SecDev.org

More documents

Recommendations

Info

IntroductionScapyNetwork discovery and attacksNAT enumerationHow many boxes behind this IP ?One shotsScanningTTL tricks>>> a,b=sr( IP(dst="target")/TCP(sport=[RandShort()]*1000) )>>> a.plot(lambda (s,r): r.id)7000060000500004000030000200001000000 100 200 300 400 500 600 700 800 900 1000Philippe BIONDI Packet generation and network based attacks with Scapy
IntroductionScapyNetwork discovery and attacksOne shotsScanningTTL tricksSliced Network ScanA way to give a depth to a simple flat network port scan1 Use nmap to scan the whole target network2 Spot interesting ports : open and closed ports, and somewitness filtered ports3 With a traceroute, find the TTL t one hop before thenetwork’s first router4 Scan the network on these ports for TTL tans,unans=sr( IP(dst="network/24", ttl=t)/TCP(dport=[21,25,53,80,443,2]), retry=-2 )5 Display the scanned slice :ans.make_table(lambda (s,r): (s.dport, s.dst,r.sprintf("%IP.id% {TCP:%TCP.flags%}\{ICMP:%IP.src% %ir,ICMP.type%}")))6 Increment t and go to 4Philippe BIONDIPacket generation and network based attacks with Scapy
Page 2 and 3:
IntroductionScapyNetwork discovery
Page 5:
OutlineIntroductionScapyNetwork dis
Page 10 and 11:
Page 12 and 13:
OutlineIntroductionScapyNetwork dis
Page 14 and 15:
Page 16 and 17:
Page 18 and 19:
Page 20 and 21:
Page 22 and 23:
Page 24 and 25:
The GenesisThe spark that lit the p
Page 26 and 27:
Actual ArchitectureIntroductionScap
Page 28 and 29:
Page 30 and 31:
Page 32 and 33:
Page 34 and 35:
Page 36 and 37:
Page 38 and 39:
Page 40 and 41:
Page 42 and 43:
Page 44 and 45:
Page 46 and 47:
Page 48 and 49:
Page 50 and 51:
Page 52 and 53:
Page 54 and 55:
Page 56 and 57:
Page 58 and 59:
Page 60 and 61:
Pretty printingIntroductionScapyNet
Page 62 and 63:
Page 64 and 65:
Page 66 and 67:
Page 68 and 69:
Page 70 and 71:
SendingIntroductionScapyNetwork dis
Page 72 and 73:
Page 74 and 75:
Page 76 and 77:
Page 78 and 79:
Page 80 and 81:
Page 82 and 83:
Page 84 and 85:
Page 86 and 87:
Page 88 and 89:
Page 90 and 91:
Page 92 and 93:
Page 94 and 95:
Page 96 and 97:
Page 98 and 99:
Page 100 and 101:
Page 102 and 103:
Page 104 and 105:
Page 106 and 107:
Page 108 and 109: Result ManipulationIntroductionScap
Page 122 and 123: IntroductionScapyNetwork discovery
Page 130 and 131: Answering machinesIntroductionScapy
Page 132 and 133: OutlineIntroductionScapyNetwork dis
Page 136 and 137: TCP port scanIntroductionScapyNetwo
Page 138 and 139: IP protocol scanIntroductionScapyNe
Page 140 and 141: ARP pingIntroductionScapyNetwork di
Page 142 and 143: OutlineIntroductionScapyNetwork dis
Page 144 and 145: NAT findingIntroductionScapyNetwork
Page 166 and 167: ReferencesExternal scriptAppendices
Page 168 and 169: ReferencesExternal scriptReferences
show all

Packet generation and network based attacks with Scapy - SecDev.org

Create successful ePaper yourself

Delete template?

Save as template?