|
http://www.hackerschool.org/HS_Boards/zboard.php?id=Free_Lectures&no=8602 [º¹»ç]
ARP ½ºÇªÇÎÀº **Áß°£ÀÚ °ø°Ý(MITM)**ÀÇ ÇÙ½É ±â¹ý Áß Çϳª·Î,
·ÎÄà ³×Æ®¿öÅ©¿¡¼ °ÔÀÌÆ®¿þÀÌ¿Í ÇÇÇØÀÚÀÇ ARP Å×À̺íÀ» ¼Ó¿©
Æ®·¡ÇÈÀ» °¡·Îä´Â ±â¼úÀÌ´Ù.
ARP ½ºÇªÇÎÀÇ ÀÛµ¿ ¹æ½Ä
1. ARP ¸Þ½ÃÁö È°¿ë
ARP´Â IP ÁÖ¼Ò¸¦ MAC ÁÖ¼Ò·Î º¯È¯ÇÏ´Â ÇÁ·ÎÅäÄÝÀÌ´Ù.
°ø°ÝÀÚ´Â ARP ¸Þ½ÃÁö¸¦ Á¶ÀÛÇÏ¿©, ´Ù¸¥ »ç¿ëÀÚ°¡ ƯÁ¤ IP ÁÖ¼Ò¸¦ °¡Áø ÀåÄ¡°¡
ÀڽŰú °°Àº MAC ÁÖ¼Ò¸¦ »ç¿ëÇϵµ·Ï ¼ÓÀδÙ.
2. MAC ÁÖ¼Ò º¯Á¶
°ø°ÝÀÚ´Â °¡Â¥ ARP ¸Þ½ÃÁö¸¦ º¸³» ´Ù¸¥ »ç¿ëÀÚÀÇ ARP Å×À̺íÀ» º¯°æÇÑ´Ù.
ÀÌ·¸°Ô ÇÏ¸é »ç¿ëÀÚ´Â °ø°ÝÀÚÀÇ MAC ÁÖ¼Ò·Î µ¥ÀÌÅ͸¦ º¸³»°Ô µÈ´Ù.
3. µ¥ÀÌÅÍ °¡·Îä±â
°ø°ÝÀÚ´Â Áß°£ÀÚ À§Ä¡¿¡¼ µ¥ÀÌÅ͸¦ °¡·Îä°í,
ÇÊ¿äÇÑ °æ¿ì º¯Á¶ÇÏ¿© ´Ù½Ã Àü¼ÛÇÒ ¼ö ÀÖ´Ù.
¿ì¸®°¡ ¸¸µé ÇÁ·Î±×·¥Àº ¾Æ·¡ÀÇ È¯°æÀÌ ±¸¼ºµÇ¾ß µÈ´Ù.
1.ÀÚ½ÅÀÇ MAC ÁÖ¼Ò¸¦ °ø°Ý ´ë»ó¿¡°Ô ¼Ó¿© º¸³¿
2.°ÔÀÌÆ®¿þÀÌ(°øÀ¯±â)¿¡°Ôµµ °ÅÁþ Á¤º¸ Àü¼Û
3.µÎ ´ë»óÀÌ ¼·Î¸¦ °ø°ÝÀÚÀÇ MACÀ¸·Î ÀνÄÇÏ°Ô ¸¸µê (MITM »óÅÂ)
$gcc arp_spoof.c -o arp_spoof -lnet
¸Ç ³¡¿¡ -lnetÀ» ³Ö¾î¾ß ÇÑ´Ù.
$sudo apt-get install libnet-dev
À§ ¸í·É¾î·Î libnet-dev ÆÐÅ°Áö¸¦ ¼³Ä¡ÇÑ´Ù.
$ sudo netdiscover -r 192.168.219.0/24
netdiscover·Î °°Àº ³×Æ®¿öÅ©¿¡ ¿¬°áµÇ¾î ÀÖ´Â PC, ¸ð¹ÙÀÏ, IoTµéÀ» ½ºÄµÇÑ´Ù.
Currently scanning: Finished! | Screen View: Unique Hosts
6 Captured ARP Req/Rep packets, from 6 hosts. Total size: 324
_____________________________________________________________________________
IP At MAC Address Count Len MAC Vendor / Hostname
-----------------------------------------------------------------------------
192.168.219.1 80:ca:4b:xx:xx:xx 1 42 SHENZHEN GONGJIN ELECTRONICS CO.,LTD
192.168.219.21 74:3a:ef:xx:xx:xx 1 60 Kaonmedia CO., LTD.
192.168.219.41 54:81:2d:xx:xx:xx 1 60 PAX Computer Technology(Shenzhen) Ltd.
192.168.219.103 50:b7:c3:xx:xx:xx 1 60 Samsung Electronics Co.,Ltd
192.168.219.42 26:b0:07:xx:xx:xx 1 42 Unknown vendor
192.168.219.197 e0:ba:ad:xx:xx:xx 1 60 Unknown vendor
Æ÷Æ®½ºÄµÀ» ¼öµ¿À¸·Î Çϱ⠱ÍÂú¾Æ¼...
netdiscover ¸í·É¾î¿¡ ³ª¿Â ipÁÖ¼ÒµéÀ» ÀÚµ¿À¸·Î ½ºÄµÇÏ´Â ÇÁ·Î±×·¥À» ±¸ÇöÇß´Ù.
ka0r1@ka0r1-GF63-Thin-11UC:~$ ls
arp_spoof hash2.txt kakaotalk.ab scan scan2.c °ø°³ ¹ÙÅÁȸé À½¾Ç
arp_spoof.c http_sniffer libpcap_capture scan.c snap ´Ù¿î·Îµå ºñµð¿À ÅÛÇø´
hash.txt http_sniffer.c libpcap_capture.c scan2 sources.list ¹®¼ »çÁø
ka0r1@ka0r1-GF63-Thin-11UC:~$ cat scan2.c
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define MAX_HOSTS 64
#define CMD_BUFFER 256
#define IP_LENGTH 32
int main(void)
{
FILE *fp;
char line[256];
char ip[IP_LENGTH];
char ip_list[MAX_HOSTS][IP_LENGTH];
int ip_count = 0;
// 1. netdiscover ½ÇÇà (1ȸ¼º, ¼öµ¿ ½ºÄµ, ºü¸£°Ô ³¡³ª°Ô -P -r ¿É¼Ç)
fp = popen("sudo netdiscover -P -r 192.168.219.0/24 | grep 192.168 | awk '{print $1}'", "r");
if(fp == NULL)
{
perror("netdiscover ½ÇÆÐ");
return 1;
}
// 2. IP ÁÖ¼Ò ÃßÃâ
while (fgets(line, sizeof(line), fp) != NULL && ip_count < MAX_HOSTS)
{
sscanf(line, "%s", ip);
strcpy(ip_list[ip_count], ip);
ip_count++;
}
pclose(fp);
// 3. Nmap ½ÇÇà
for(int i = 0; i < ip_count; i++)
{
char cmd[CMD_BUFFER];
printf("\n[+] %s ½ºÄµ Áß...\n", ip_list[i]);
snprintf(cmd, sizeof(cmd), "sudo nmap -sS -T4 -Pn %s", ip_list[i]);
system(cmd);
}
return 0;
}
To be continued...
|
Hit : 324 Date : 2025/04/20 09:46
|
1606, 
1/81 
