Blogs

the dead

"once is enough two is curse"
i see that words from a piece of paper. get a deep breat and i throw it away.

[ + ] Create an ARP Spoofer in Python

I should say that all the knowledge I gained from creating this is from a very good instructor name Zaid Sabih, owner of Zsecurity you can check out his website and support him by purchasing his course at some point, he goes into better detail than I do and has more then 180,000 students to date here https://zsecurity.org/ and here https://www.udemy.com/learn-python-and-ethical-hacking-from-scratch/

ARP Spoofing is very simple to understand, the essential concept is that you become a man in the middle so that you are able to sniff and redirect packets between a target and the local router within a private network. While there are software such as Wireshark that allow you to do this, this is more just to gain an understanding of how things work:

Image Concept of ARP Spoofing

The first thing to note if you are a Linux user, is that to route or forward packets to anywhere the way a router does you need to place a 1 in the ip_forward file to do this you can use the find program:

$find proc/sys/ -name ip_forward
/proc/sys/net/ipv4/ip_forward
$echo 1 > /proc/sys/net/ipv4/ip_forward

What you are exploiting when you perform this attack is that a nic will accept any ARP response that is incoming into it. Meaning that by sending any ARP response the victim will take it, accept it, and put the response's MAC address into its ARP table. To construct this attack we once again use scapy for the job; we can start by determining what attributes of the packet it is were going to modify to construct this response:
$ python3
Python 3.6.6 (default, Sep 12 2018, 18:26:19)
[GCC 8.0.1 20180414 (experimental) [trunk revision 259383]] on linux
Type "help", "copyright", "credits" or "license" for more information.

[ + ] Creating an ARP Based Scanner on Python

I should say that all the knowledge I gained from creating this is from a very good instructor named Zaid Sabih, owner of Zsecurity you can check out his website and support him by purchasing his course at some point, he goes into better detail than I do and has more then 180,000 students to date here https://zsecurity.org/ and here https://www.udemy.com/learn-python-and-ethical-hacking-from-scratch/

Often times you may want to identify hosts on a LAN and maybe you want to say for example dos a target or perform some sort of ARP spoofing to do something related to capture traffic. To understand this you obviously should know how to program in python, and should know a little bit about what the scapy module is used for, you can refer to its documentation here: https://scapy.readthedocs.io/en/latest/

To start off, everything I'm about to explain can simply be done in the three following lines:

#!/usr/bin/python3
import scapy.all as scapy
scapy.arping(ip)

But for the sake of understanding how things work, I've put together a script to help curb your understanding here is a simplified version to start you off:

#!/usr/bin/python3
import scapy.all as scapy

def scan(ip):
        arp_packet= scapy.ARP(pdst=ip)  ##create ARP packet object with its pdst field having the ip
        ##can also do arp_packet.pdst = ip
       
        #print(arp_packet.summary())            ##print summary for ARP request
        #scapy.ls(arp_packet)                   ##print out the contents of the arp packet
        #arp_packet.show()
       
        #to send the packet to the entire network you'll need to
        #set the destination mac to the broadcast mac address ff.ff.ff.ff.ff.ff
        broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")        #create ethernet broadcast frame
        #print(broadcast.summary())                                                     #print summary
        #scapy.ls(broadcast)                                                            #examine broadcast packet contents
        #broadcast.show()

        #then combine the packet together using / because scapy allows you to do so

[ + ] Repost of Shellcode Programming

Due to the lack of availability of info on the topic I've decided to re-post this on my blog, I feel it's something I'd like to look back to if I need it:

Initially before writing this I thought to myself that because I had worked really hard on this matter (give or take about two weeks or so of constant hammering), I have just opened doors that were previously closed to me due to the passage of time and how things change. But I was convinced that what this community stands for, and how without it and someone there to guide me on this journey I'd be lost as hell. So I figured I'd give back by sharing what I've learned recently, which is creating shellcode for a portbind attack... however, the difference between what is commonly used to make it and my version of doing so, is that I use a more logical and concise method of doing it. To preface this I'm going to assume that you know x64 ASM, C network programming, and the basics of using Linux. I am also trusting that this post stays within the Soldierx community, I strongly support this community and hope to see its members cherish from this information.

If you don't know x64 ASM, I would recommend using Ray Seyfarth's Intro to x64 on Linux (and Windows for future projects):
https://www.amazon.com/s/ref=dp_byline_sr_book_1?ie=UTF8&text=Ray+Seyfar...
If you don't know C network programming I highly recommend Linux Socket Programming By Example by Warren Gay:
https://www.amazon.com/Linux-Socket-Programming-Example-Warren/dp/078972...

[ * ] THE START OF MY BLOG

Rather than post about everything I learn on forum threads, I figure it would be best to start my own blog in SX so don't have to flood threads! Laughing out loud I am going to start by posting my recently learned topics over here and hope my knowledge can help the needy over time. I will still post in threads when I'm not sure about something, otherwise I'll post everything here. I chose to start this since I hated writing notes on my notebook, plus, examples don't have syntax highlighting the way SX does on a notebook anyway!

Life

Hows life people.

hooos

UGNazi 2018?

" #UGNazi members are all #Whitehat now, We provide Security for the right price. Troy @Everlife Woody Jr, Eric @Cosmothegod Taylor & Dillon "@_f0rsaken" Crawford #Tangodown nou? " -JoshTheGod 2018

Who saw this coming?

Multiple hacking projects

Hi! I need a legit hacker,who are willing to accept multiple projects.
Email me.

need help creating a genuine credit card

Hi,
am <>kira<> from Nigeria, i need help creating a credit card, which is valid,
and also need help with jaibraking an iphone 5S which is stuck at recovery mode,

namaste ,
<>ping<>

Syndicate content