Sunday, December 5, 2010

Misc 51

I've created a ARP Spoofing suite known as GARPS (Gratuitous Address Resolution Protocol Spoofer). I'm not going to go through how it works (or better yet how to program it) because I'll need to sleep soon, but I'll show you how the program can be used.
Here's a screenshot of the program without any parameters passed. As you can see, it lists the RPCAP device descriptions. I'll be using interface #3 for the attack.

I have a WRT54G Router with Tomato 1.28 firmware, a Windows Vista Host, and a Windows 7 Ultimate Attacker. First of all, I would like to poison my Router and a Host. The Router in this case would be, and the Host would be I'll be spoofing ARPs with the MAC address of 1C-6F-65-3F-D4-F8. I programmed a wizard which you can use to quickly generate attack scripts.

Now the script can be run to quickly poison the two hosts to route through my system. The script looks like this:

After the script is run, the router's entry is immediately poisoned. Notice that the Host's MAC entry is replaced with my system's:

Now, a traceroute to the host from the router shows something weird. It's actually going THROUGH to get to even though it's in the same subnet.

Here on my sad host, we have some happy results. Notice that internet and normal routing still works, and the host wouldn't even notice until he does a traceroute and find out that there's an extra hop in between. There's probably ways to hide it as well (such as Layer 2 APR).

With that being said, I can now officially laugh at script kiddies. I'm probably going to write more from here on. Maybe one day I'll be a famous hacker (or if I'm more successful, then I'm never going to be famous).