I checked some new security tools on
kitploit and i saw this tool
Hm sounds interesting right?
Features Anti mitm Log killer IP changer Dns changer Mac changer Anti cold boot Timezone changer Hostname changer Browser anonymization
I’m a very mean person. If i see anything cool I want to understand how it is done. I don’t really care about other changer but the MITM only. The script is at kali-whoami/anti_mitm at master · omer-dogan/kali-whoami · GitHub
- VM with
bridge modefor connection. Need to install packages to clone this project and run:
sudo apt install python3 python3-scapy git
- Host with python3 and scapy
I edited ARP spoofing script at Python - How to create an ARP Spoofer using Scapy? - GeeksforGeeks. I’m a lazy person and my networking skill is bad. I’m not familiar with scapy either. So well, do the script kiddie way.
This line checks if the MAC is different. Possibly the common method of ARP spoofing. I don’t know much about that spoofing so I won’t explain that.
Iptables rule to drop this MAC address.
Get MAC from ARP packet DIRECTLY
scapy requires root permission to run the script. So if command injection is successful, you are bashed!!
Idea: Send the ARP packet with crafted MAC address with our payload for command injection. The value to inject is
spoof function (I edited some other lines just for usability. This is not in the scope of this article so i skipped it)
When we send the packet, our payload is crafted and it becomes
byte object. Program crashes
Packet meta data
What if program handled format?
Testing case 1: Use Decode (not very practical)
I edited the payload, add comment so payload will not be invalid syntax
Testing case 2: format string
We have to escape the command. However, our payload is
byte object so likely it is not possible. But in this case, attacker can stop victim from adding
Iptables rules to block him