Project 9: Intro to scapy (15 pts.)

What you need

What is scapy?

scapy is an interactive environment that lets you build packets of any type you want and send them onto the network, and monitor the responses. It can be used for almost anything you want: port scanning, testing firewalls and IPS systems, attacks, etc.

Finding the Target IP Address

Use the IPCONFIG copmmand on the target machine to find its IP address. Record it--you will need it for the later steps.

Installing scapy

If you are using BackTrack, scapy is already installed.

If you are using Ubuntu, use this command to install it:

sudo apt-get install python-scapy

Starting scapy

Use this command to start scapy:
sudo scapy
scapy opens, as shown below on this page.

Sending ICMPv4 Packets with scapy

In the Linux machine, in the Terminal window, at the >>> prompt, type this command, and then press the Enter key:
i = IP()
This creates an object named i of type IP. To see the properties of that object, use the display() method with this command:
i.display()
A list of values appears, starting with the version number (4) and ending with the source and destination IP addresses, as shown below on this page.

Use these commands to set the destination IP address and display the properties of the i object again. Replace the IP address in the first command with the IP address of your target Windows machine:

i.dst="192.168.198.138"

i.display()

Notice that scapy automatically fills in your machine's source IP address, as shown below on this page.

Use these commands to create an object named ic of type ICMP and display its properties:

ic = ICMP()

ic.display()

There aren't many properties for this object--it's just an echo-request, as shown below on this page.

Use this command to send the packet onto the network and listen to a single packet in response. Note that the third character is the numeral 1, not a lowercase L:

sr1(i/ic)
This command sends and receives one packet, of type IP at layer 3 and ICMP at layer 4. As you can see in the image above, the response is shown, with ICMP type echo-reply. The Padding section shows the portion of the packet that carries higher-level data. In this case it contains only zeroes as padding.

Use this command to send a packet that is IP at layer 3, ICMP at layer 4, and that contains data with your name in it (replace YOUR NAME with your own name):

sr1(i/ic/"YOUR NAME")
You should see a reply with a Raw section containing your name, as shown below on this page.

Saving the Screen Image

Make sure you can see your name in the response packet.

Save a screen image with the filename Proj 9a from Your Name.

Sending a UDP Packet

Preparing the Target

You need to have Nmap installed on your target Windows 7 machine, so that you will have the Ncat listener.

On the target Win 7 machine, in a Command Prompt window, type these commands, pressing Enter after each one:

cd \program files\nmap

ncat -u -l 4444

Open a second Command Prompt window and execute this command:
netstat -an
You should see UDP port 4444 LISTENING, as shown below on this page.

Sending a UDP Packet from scapy

In the Linux machine, in the Terminal window, at the >>> prompt, type these commands, and then press the Enter key:
u = UDP()

u.display()

This creates an object named u of type UDP, and displays its properties.

Execute these commands to change the destination port to 4444 and display the properties again:

u.dport = 4444

u.display()

Your UDP packet's properties should look like the image below on this page:

Execute this command to send the packet to the Windows machine:

send(i/u/"YOUR NAME SENT VIA UDP\n")
On the Windows target, you should see the message appear, as shown below on this page:

Saving the Screen Image

Make sure you can see your name on the Windows machine.

Save a screen image with the filename Proj 9b from Your Name.

Turning in Your Project

Email the images to [email protected] with a Subject line of Proj 9 from Your Name.

Sources

http://packetstorm.linuxsecurity.com/papers/general/blackmagic.txt

http://www.secdev.org/projects/scapy/

http://ipv6hawaii.org/?p=143