Here's a screenshot of the program without any parameters passed. As you can see, it lists the RPCAP device descriptions. I'll be using interface #3 for the attack.
I have a WRT54G Router with Tomato 1.28 firmware, a Windows Vista Host, and a Windows 7 Ultimate Attacker. First of all, I would like to poison my Router and a Host. The Router in this case would be 192.168.1.1, and the Host would be 192.168.1.151. I'll be spoofing ARPs with the MAC address of 1C-6F-65-3F-D4-F8. I programmed a wizard which you can use to quickly generate attack scripts.
Now the script can be run to quickly poison the two hosts to route through my system. The script looks like this:
After the script is run, the router's entry is immediately poisoned. Notice that the Host's MAC entry is replaced with my system's:
Now, a traceroute to the host from the router shows something weird. It's actually going THROUGH 192.168.1.150 to get to 192.168.1.151 even though it's in the same subnet.
Here on my sad host, we have some happy results. Notice that internet and normal routing still works, and the host wouldn't even notice until he does a traceroute and find out that there's an extra hop in between. There's probably ways to hide it as well (such as Layer 2 APR).
With that being said, I can now officially laugh at script kiddies. I'm probably going to write more from here on. Maybe one day I'll be a famous hacker (or if I'm more successful, then I'm never going to be famous).
No comments :
Post a Comment