Scapy
1、UDP scanning with Scapy
Scapy is a tool that can be used to craft and inject custom packets into a network ,in this specific recipe, Scapy will be used to scan for active UDP services ,This can be done by sending empty UDP packet to destionation ports and then identifying the ports that do not respond with an ICMP port-unreachable response .whether a service is running on a give UDP port ,the technique that we will use with Scapy is to identify closed UDP port with ICMP port-unreachable replies ,to send a UDP request to any given port ,so we need to build layer of taht the request , the first layer that we will need to construct is the IP layer
step one : we used the command Scapy to invoking the tool .you don't sent the ip.src ,because the source the ip will automatically updates associated with the default interface . after each setup , you need to check and confirm it by youself . we can you the command (.display) .we should do in lab envrionment , I use the metasploitable2 and , the metasploitable2 system can used as remote service over UDP . so let's see the following option :
step two : view the metasploitable2 ip address . so the ip.dst=192.168.142.170
step three :start-up the Scapy and construct the ip layer ,and set the dst ip is 192.168.142.170 . .but hte DNS is a comman service that can often be discovered on network systems , so we can modified by setting the attribute equal to the new port destination value set the dport =123
setp four: we have created both the IP layers ,so here we need to construct the request by the stacking these layers by request=(i/u)
and then send the request to the remote service
finally we can look the response.display ()
>>> response.display()
###[ IP ]###
version= 4
ihl= 5
tos= 0xc0
len= 56
id= 64015
flags=
frag= 0
ttl= 64
proto= icmp
chksum= 0xe144
src= 192.168.142.170
dst= 192.168.142.181
\options\
###[ ICMP ]###
type= dest-unreach
code= port-unreachable
chksum= 0x9bc7
reserved= 0
length= 0
nexthopmtu= 0
###[ IP in ICMP ]###
version= 4
ihl= 5
tos= 0x0
len= 28
id= 1
flags=
frag= 0
ttl= 64
proto= udp
chksum= 0xdc1f
src= 192.168.142.181
dst= 192.168.142.170
\options\
###[ UDP in ICMP ]###
sport= domain
dport= ntp
len= 8
chksum= 0x607d
in fact the request can be performed without independently building and stacking each layer ,we can use a single one-line command by calling the function directly and passing them the approprite argument as following . of couse wen scan set the timeout and the verbose .
note that the response for these requests includes an ICMP packet that type indicating that the host is unreachable and code indicating that the port is unreachable this response is commonly if the UDP oprt is closed ,so we should attempt to modify the request so that it is sent to the destination port that correspond to an actual service on teh remote system , let's change the destination port back to port 53 and then send the request again .as follows:
when the same request is sent to an actual aervice ,no replay is received , this is beacuse the DNS service running on the system's UDP port 53, will only respond to service-specific request ,this discrepancy can be used to scan for ICMP host-unreachable replies .
so we can identify potential service by flagging the noresponsive ports. edit a script to scan the port.
Scapy的更多相关文章
- python脚本执行Scapy出现IPv6警告WARNING解决办法
安装完scapy,写了脚本执行后执行: WARNING: No route found for IPv6 destination :: (no default route?) 原因是用 from sc ...
- Windows下使用scapy+python2.7实现对pcap文件的读写操作
scapy在linux环境中对pcap文件进行操作非常方便,但在windows下,特别是在python2.7环境下却会碰到各种各样的依赖包无法使用的问题,最明显的可能就属dnet和pcap的pytho ...
- 使用它tshark分析pcap的例子以及scapy下载地址
转一篇cisco工作人员使用tshark分析pcap的文章,以及scapy的下载地址 http://blogs.cisco.com/security/finding-a-needle-in-a-pca ...
- 安装scapy遇到的问题
1. Mac平台 在mac上安装scapy可以说是困难重重,一来因为scapy实在有些小众和老旧,再加上安装说明文档都是python2.5 也没有详细说明一些安装问题. 折腾了大概三个小时之后终于解决 ...
- scapy 安装及简单测试
关于scapy Scapy的是一个强大的交互式数据包处理程序(使用python编写).它能够伪造或者解码大量的网络协议数据包,能够发送.捕捉.匹配请求和回复包等等.它可以很容易地处理一些典型操作,比如 ...
- Python模块(scapy)
scapy scapy相当于linux的tcpdump的功能
- 小白日记9:kali渗透测试之主动信息收集(二)四层发现:TCP、UDP、nmap、hping、scapy
四层发现 四层发现的目的是扫描出可能存活的IP地址,四层发现虽然涉及端口扫描,但是并不对端口的状态进行精确判断,其本质是利用四层协议的一些通信来识别主机ip是否存在. 四层发现的优点: 1.可路由且结 ...
- 小白日记7:kali渗透测试之主动信息收集-发现(一)--二层发现:arping/shell脚本,Netdiscover,scapy
主动信息收集 被动信息收集可能不准确,可以用主动信息收集验证 特点:直接与目标系统交互通信,无法避免留下访问痕迹 解决方法:1.使用受控的第三方电脑进行探测,使用代理 (做好被封杀的准备) 2 ...
- 小白日记8:kali渗透测试之主动信息收集(二)三层发现:ping、traceroute、scapy、nmap、fping、Hping
三层发现 三层协议有:IP以及ICMP协议(internet管理协议).icmp的作用是用来实现intenet管理的,进行路径的发现,网路通信情况,或者目标主机的状态:在三层发现中主要使用icmp协议 ...
- scapy流量嗅探简单使用
官方文档:http://scrapy-chs.readthedocs.io/zh_CN/latest/index.html 参考链接:http://blog.csdn.net/Jeanphorn/ar ...
随机推荐
- OpenCV__elemSize
elemSize 矩阵一个元素占用的字节数,例如:type是CV_16SC3,那么elemSize = 3 * 16 / 8 = 6 bytes elemSize1 矩阵元素一个通道占用的字节数,例如 ...
- 社交系统ThinkSNS+安装部署演示
ThinkSNS(简称TS),一款全平台综合性社交软件系统,10年来为国内外大中小企业和创业者提供社交化软件研发及技术解决方案.目前有ThinkSNS V4.ThinkSNS+两个并行系统. Thin ...
- 帝国cms 不能正常显示最新文章
后台能正常刷新,但前台就是不能正常显示, 把网站从c盘换到d盘,好了,原来是权限的问题
- Hack The Box 获取邀请码
TL DR; 使用curl请求下面的地址 curl -X POST https://www.hackthebox.eu/api/invite/generate {"success" ...
- 前端ajax请求百度地图api
$.ajax({ type: "get", url: 'http://api.map.baidu.com/place/v2/search', data:{ ak:'您的ak', q ...
- 字符串str的使用方法
参考:https://www.cnblogs.com/cookie1026/p/6048092.html #!/usr/bin/env python # -*- coding:utf- -*- s = ...
- 微服务之服务中心—zookeeper
微服务中的服务注册与发现 传统的项目中,某个服务访问另一个服务,可以通过在配置文件中记录其他服务静态地址的形式进行访问,通常这个配置文件也很少更新,模式如下图: 而在微服务中,每个功能可能都是一个独立 ...
- DirectX11--HLSL中矩阵的内存布局和mul函数探讨
前言 说实话,我感觉这是一个大坑,不知道为什么要设计成这样混乱的形式. 在我用的时候,以row_major矩阵,并且mul函数以向量左乘矩阵的形式来绘制时的确能够正常显示,并不会有什么感觉.但是也有人 ...
- DirectX11 With Windows SDK--08 Direct2D与Direct3D互操作性以及利用DWrite显示文字
前言 注意:从这一章起到后面的所有项目无一例外都利用了Direct2D与Direct3D互操作性,但系统要求为Win10, Win8.x 或 Win7 SP1且安装了KB2670838补丁以支持Dir ...
- Linux 动态加载共享库