ClsHack:Computer Security Blog    

Python Scapy Gateway Finder :)

Posted on: 6 January 2012

Oggi ho trovato un interessante script che sfrutta la libreria python scapy di cui ho tanto parlato per trovare Gateway :)
Dal sito ufficiale:

Gateway-finder is a scapy script that will help you determine which of the systems on the local LAN has IP forwarding enabled and which can reach the Internet.
This can be useful during Internal pentests when you want to quickly check for unauthorised routes to the Internet (e.g. rogue wireless access points) or routes to other Internal LANs. It doesn’t perform a hugely thorough check, but it is quick at least. It’s python, so it should be easy to modify if you need it to do something more sophisticated.

Download

https://github.com/pentestmonkey/gateway-finder

Overview

You give the script the IP address of a system on the Internet you’re trying to reach and it will send the following probes via each system on the local LAN:

An ICMP Ping
A TCP SYN packet to port 80
An ICMP Ping with a TTL of 1
A TCP SYN packet to port 80 with a TTL of 1

It will report separately which systems send an ICMP “TTL exceeded in transit” message back (indicating that they’re routers) and which respond to the probe (indicating that they’re gateways to the Internet).

Una volta scaricato potremo vedere un help digitando:
python gateway-finder.py
A Gateway Finder dobbiamo dargli in pasto le macchine nella nostra rete ;)
Lo facciamo con arp-scan di default installato su backbox :)
Quindi digitiamo:
arp-scan -l | tee arp.txt
E dopo avviamo il finder:
python gateway-finder.py -f arp.txt -i 209.85.227.99
Il risultato:

root@clshacbb-VirtualBox:~/pentestmonkey-gateway-finder-89f48a2# python gateway-finder.py -f ../arp.txt -i 209.85.227.99
WARNING: No route found for IPv6 destination :: (no default route?)
gateway-finder v1.0 http://pentestmonkey.net/tools/gateway-finder
[+] Using interface eth0 (-I to change)
[+] Found 3 MAC addresses in ../arp.txt
[+] 00:0C:F6:31:2D:DF [192.168.1.1] appears to route ICMP Ping packets to 209.85.227.99.  Received ICMP TTL Exceeded in transit response.
[+] 00:0C:F6:31:2D:DF [192.168.1.1] appears to route TCP packets 209.85.227.99:80.  Received ICMP TTL Exceeded in transit response.
[+] We can ping 209.85.227.99 via 00:0C:F6:31:2D:DF [192.168.1.1]
[+] Done
root@clshacbb-VirtualBox:~/pentestmonkey-gateway-finder-89f48a2#

Per ulteriore documentazione:
http://pentestmonkey.net/tools/gateway-finder

Related posts:

  1. [How-To-Python] Scapytain: A web GUI for Scapy
  2. [PYTHON SCAPY] DOS:SYN FLOOD WITH IP SPOOFING
  3. [FIXED]Exploit-Finder
  4. [PYTHON SCAPY] SYN SCAN, ACK SCAN , NULL SCAN
  5. Ptunnel: ICMP tunnel for bypass restricted on hotspot or other

This entry was posted on Friday, January 6th, 2012 at 2:44 pm and is filed under GNU/Linux, Hacking, Software. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Tagged with: