Jump to content

EternaL

Active Members
 View Profile  See their activity

  • Posts

    5

  • Joined

  • Last visited

 Content Type 

Posts posted by EternaL

    Network Exploitation Tool For Linux

    in Applications & Coding

    Posted

    Hey guys,

    So I have been working on this program for a few months now and was hoping to get some feedback and or possibly some development support. I wrote a multipurpose network exploitation tool.

    The main purpose for this project was a simple, easy to use, and bug free tool anyone could use. I originally got the idea while fighting with ettercap to do a simple arp poisoning attack. I dont intend to compete with ettercap or try to replace it. I just hope this project makes life easier for some people trying to do some simple attacks.

    This is the first public release of Howl, it started as just a tool for ARP Poisoning and started to grow into what it is now.

    Howl can currently handle ARP Poisoning, DNS Poisoning, DHCP Exhaustion(lan or wlan), Packet Flooding, MAC Flooding, and serv html files to a DNS Poisoned victim all at the same time. :P Or one at a time, whatever you prefer.

    You can get the first and latest release of Howl from here -> Howl Download

    To install extract the gzipped folder, read the README and make sure you have the required dependencies (libnet library, libpcap library, ncurses library, libmicrohttpd library. ).

    If your using a debian based version of linux (ubuntu) you can do the following: 'sudo apt-get install libncurses5-dev libnet1-dev libpcap-dev libmicrohttpd-dev' without the quotes.

    Then just run 'make' and 'sudo make install' without the quotes.

    See the man page for examples. 'man howl'

    Any comments or feedback would be greatly appreciated.

    Thanks,

    Dhcp Exhuastion Issues?

    in Applications & Coding

    Posted

    Hello Guys,

    I'm writing a multi-purpose network exploitation tool and I'm towards the end. One of the functions my tool does is DHCP Exhaustion which works great on my network at work (2k3 DHCP Server). But when I try to use it on my laptop connected to wifi somewhere(House, or android phone), the router doesn't respond to the DHCP Discovers.

    The program generates a random MAC Address for each DHCP Discover packet it sends out. I'm starting to think the generated MAC might have to be authenticated against the router before it will respond to it.

    I have included a text representation of a DHCP Discover packet sent from my program at the bottom. I dont know how well its going to be formatted in this post but hopefully it will be readable. I tried to just attach it as a txt file, but apparently txt files are to dangerous for me to upload. lol

    Any Ideas?

    Thanks,

    No. Time Source Destination Protocol Info

    22 2.360908 0.0.0.0 255.255.255.255 DHCP DHCP Discover - Transaction ID 0x502100d

    Frame 22: 331 bytes on wire (2648 bits), 331 bytes captured (2648 bits)

    Arrival Time: Jan 6, 2011 08:43:29.343771000 EST

    Epoch Time: 1294321409.343771000 seconds

    [Time delta from previous captured frame: 0.124144000 seconds]

    [Time delta from previous displayed frame: 0.000000000 seconds]

    [Time since reference or first frame: 2.360908000 seconds]

    Frame Number: 22

    Frame Length: 331 bytes (2648 bits)

    Capture Length: 331 bytes (2648 bits)

    [Frame is marked: False]

    [Frame is ignored: False]

    [Protocols in frame: eth:ip:udp:bootp]

    [Coloring Rule Name: UDP]

    [Coloring Rule String: udp]

    Ethernet II, Src: 25:91:80:72:09:49 (25:91:80:72:09:49), Dst: Broadcast (ff:ff:ff:ff:ff:ff)

    Destination: Broadcast (ff:ff:ff:ff:ff:ff)

    Address: Broadcast (ff:ff:ff:ff:ff:ff)

    .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)

    .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)

    Source: 25:91:80:72:09:49 (25:91:80:72:09:49)

    Address: 25:91:80:72:09:49 (25:91:80:72:09:49)

    .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)

    .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)

    Type: IP (0x0800)

    Internet Protocol, Src: 0.0.0.0 (0.0.0.0), Dst: 255.255.255.255 (255.255.255.255)

    Version: 4

    Header length: 20 bytes

    Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00)

    0001 00.. = Differentiated Services Codepoint: Unknown (0x04)

    .... ..0. = ECN-Capable Transport (ECT): 0

    .... ...0 = ECN-CE: 0

    Total Length: 317

    Identification: 0x0000 (0)

    Flags: 0x00

    0... .... = Reserved bit: Not set

    .0.. .... = Don't fragment: Not set

    ..0. .... = More fragments: Not set

    Fragment offset: 0

    Time to live: 128

    Protocol: UDP (17)

    Header checksum: 0x39a1 [correct]

    [Good: True]

    [bad: False]

    Source: 0.0.0.0 (0.0.0.0)

    Destination: 255.255.255.255 (255.255.255.255)

    User Datagram Protocol, Src Port: bootpc (68), Dst Port: bootps (67)

    Source port: bootpc (68)

    Destination port: bootps (67)

    Length: 297

    Checksum: 0xd6d8 [validation disabled]

    [Good Checksum: False]

    [bad Checksum: False]

    Bootstrap Protocol

    Message type: Boot Request (1)

    Hardware type: Ethernet

    Hardware address length: 6

    Hops: 0

    Transaction ID: 0x0502100d

    Seconds elapsed: 0

    Bootp flags: 0x8000 (Broadcast)

    1... .... .... .... = Broadcast flag: Broadcast

    .000 0000 0000 0000 = Reserved flags: 0x0000

    Client IP address: 0.0.0.0 (0.0.0.0)

    Your (client) IP address: 0.0.0.0 (0.0.0.0)

    Next server IP address: 0.0.0.0 (0.0.0.0)

    Relay agent IP address: 0.0.0.0 (0.0.0.0)

    Client MAC address: 25:91:80:72:09:49 (25:91:80:72:09:49)

    Client hardware address padding: 00000000000000000000

    Server host name not given

    Boot file name not given

    Magic cookie: DHCP

    Option: (t=53,l=1) DHCP Message Type = DHCP Discover

    Option: (53) DHCP Message Type

    Length: 1

    Value: 01

    Option: (t=116,l=1) DHCP Auto-Configuration = AutoConfigure

    Option: (116) DHCP Auto-Configuration

    Length: 1

    Value: 01

    Option: (t=61,l=7) Client identifier

    Option: (61) Client identifier

    Length: 7

    Value: 01259180720949

    Hardware type: Ethernet

    Client MAC address: 25:91:80:72:09:49 (25:91:80:72:09:49)

    Option: (t=12,l=4) Host Name = "Howl"

    Option: (12) Host Name

    Length: 4

    Value: 486f776c

    Option: (t=60,l=8) Vendor class identifier = "ISFT 5.0"

    Option: (60) Vendor class identifier

    Length: 8

    Value: 4953465420352e30

    Option: (t=55,l=11) Parameter Request List

    Option: (55) Parameter Request List

    Length: 11

    Value: 010f03062c2e2f1f21f92b

    1 = Subnet Mask

    15 = Domain Name

    3 = Router

    6 = Domain Name Server

    44 = NetBIOS over TCP/IP Name Server

    46 = NetBIOS over TCP/IP Node Type

    47 = NetBIOS over TCP/IP Scope

    31 = Perform Router Discover

    33 = Static Route

    249 = Private/Classless Static Route (Microsoft)

    43 = Vendor-Specific Information

    Option: (t=43,l=2) Vendor-Specific Information

    Option: (43) Vendor-Specific Information

    Length: 2

    Value: dc00

    End Option

×
×
  • Create New...