Python implements PPPOE attack tool

Others 2022-04-27 23:04:59 views: 0

foreword

        You may not be very familiar with PPPOE, but you must be very familiar with dial-up Internet access, which is the communication protocol used in dial-up Internet access. Generally, PPPOE authentication is mainly used in campus network or community network. The dial-up interface is shown in the figure below.

 

 

However, the communication protocol of PPPOE has some security holes. The following explains the attack method of PPPOE from three aspects, and how to use Python to implement the attack tool.

 

 Pure technology sharing, do not violate national laws.

 

The first way: account password theft

 

       The process of PPPOE authentication to access the Internet is shown in the figure below, which is divided into discovery stage and session stage. The discovery stage is divided into PADI, PADO, PADR, and PADS.

 

 

Among them, the problem of stealing account passwords appears in the first step, PADI. When the PPPOE client connects, it will send a broadcast packet in the PADI phase to find the PPPOE server in the local area network to complete the authentication.

        At this time, what we need to do is to pretend to be a PPPOE server, reply to the request information, communicate with the client first, and force the client to use the plaintext transmission method to obtain the account number and password. Next, let's grab the data packets through wireshark and observe the process of finding the PPPOE server more intuitively. Click on the broadband connection, use Wireshark to monitor, you will find the broadcast packet, and the pppoe server will reply.

 

 

 Attack scenario : Start the PPPOE spoofing program on the local computer, start monitoring, and connect broadband to other computers in the local area network to observe the spoofing effect. As shown in the figure below, the account and password have been successfully deceived.

 

Part of the code to steal the account is as follows :

 

        

The second way: client disconnection attack

 

        After the dial-up client (broadband connection) is successfully connected to the PPPOE server, how does the server represent the client? In layman's terms, the server must know which client the client is, so that the communication cannot be confused. PPPOE uses the method of assigning IDs, that is, randomly assigning an int-type integer to each client. Through wireshark capture, we can clearly see the ID assignment.

 

 

At first glance, there is no problem, but the problem lies in the range of ID, which is of type int. PPPOE servers uniquely identify clients by assigning them a value from 1-65535 . As long as you know the MAC address of the other party's computer and send 65535 PADT network disconnection packets in a loop, you can achieve a network disconnection attack, and the MAC address of the other party's computer can be obtained through an ARP request.

 

What is the PADT disconnection package ? Capture the packet through wireshark, let's take a look at the content of the disconnected packet. Disconnect the broadband connection, use Wireshark to monitor, you will find the PADT disconnection packet, and perform data frame analysis and simulation.

 

 

Attack scenario : A computer runs a network disconnection program, obtains the MAC address of the other computer through an ARP request, simulates a PADT packet, and disconnects the broadband connection of another computer.

 

Part of the code content of the disconnection attack is as follows :

 

 

 

The third way: server DoS attack

        DoS attacks are aimed at PPPOE servers, in fact, the principle is very simple. Now basically advanced routing has done good protection against ARP flood attacks, filtered a large number of arp packets, but did not protect against PPPOE packets, so that a large number of PPPOE packets can go directly to the PPPOE server, thus defeating the server, which will lead to massive network outages.

 

Part of the code of the Dos attack is as follows :

 

 

 

 

final full code

        The PPPOE attack tool implemented by Python uses the scapy package, but it should not be confused with the crawler framework scrapy. Scapy is a very good network protocol toolkit, with the functions of sending and receiving packets, which is very powerful. Next, we will explain the scapy package. As for the complete code of the PPPOE attack tool , please join the public account and view the original text.

 

 

 

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=325901022&siteId=291194637
Recommended
Linus is the most active in "eating dog food"!
Ranking
Share good programmer web front-end array and sorting, de-duplication and random roll call
Compilation error caused by cv_bridge and python version problems error: return-statement with no value, in function returning'void*' [-fpe
魔众帮助中心系统 v3.1.0 首页切换器,界面优化
Die beim Millimeterwellenradar-Integrationstest aufgetretene Grube (Multiprozessbindung an einen UDP-Port verursacht Probleme)
How to suppress the "requires transitive directive for an automatic module" warning properly?
LeetCode-1743. Restore the Array From Adjacent Pairs-Analysis and Code (Java)
Summer 2019 Summer soft essay 7 workers
Python中Assert断言的使用语法和例子
LeetCode one question per day (2021-2-3 sliding window median)
Fairchild, the ancestor of semiconductors, the legend of the first trillion-dollar start-up
Daily
More
2024-05-20(5)
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)

Code World

© 2018 codetd.com