ping -c 2 google.com
You should see two replies,
as shown below. If you don't, you need
to troubleshoot your networking before
continuing with this project.
sudo apt update
sudo apt install git -y
git clone https://github.com/secdev/scapy.git
cd scapy
sudo ./run_scapy
Scapy opens, as shown below on this page.
i = IP()
This creates an object named i of type IP. To see the properties
of that object, use the display() method with this command:
i.display()
A list of values appears, starting with the IP version number (4) and ending
with the source and destination IP addresses, as shown below on this page.
Use these commands to set the destination IP address and display the properties of the i object again. Replace the IP address in the first command with the IP address of your Target machine:
i.dst="google.com"
i.display()
Notice that scapy automatically fills in your machine's
source IP address, as shown below on this page.
Use these commands to create an object named ic of type ICMP and display its properties:
ic = ICMP(id=100)
ic.display()
(I added the "id=100" to make it more reliable,
this seems to be a long-standing
issue with scapy)
There aren't many properties for this object--it's just an echo-request, as shown below on this page.
Use this command to send the packet onto the network and listen to a single packet in response. Note that the third character is the numeral 1, not a lowercase L:
sr1(i/ic)
This command sends and receives one packet, of type IP at layer 3 and ICMP at layer 4.
As you can see in the image below, the response is shown, with ICMP type echo-reply.
Use this command to send a packet that is IP at layer 3, ICMP at layer 4, and that contains data with your name in it (replace YOUR NAME with your own name):
sr1(i/ic/"YOUR NAME")
You should see a reply with a Raw section containing your name,
as shown below on this page.
https://games.samsclass.info/tmp/pingYOURNAME.txtThe page is not found, as shown below on this page.
Use Scapy to send an ICMP request with these properties:
H 430.1: Web Page (10 pts)
Refresh the Web page a few times. After a few seconds the flag will appear, as covered in a green box in the image below.
i = IP()
i.dst = "1.1.1.1"
u = UDP()
d = DNS()
d.qd=DNSQR(qname="www.google.com")
d.display()
This creates a DNS request
asking for the A record of
"www.google.com",
as shown below.
Execute this command to send the request:
sr1(i/u/d)
The server replies an IP address
of the server,
as shown below.
H 430.3: IP of Flag0 (5 pts)
Find the IP address of this server:That IP address is the flag.
flag0.samsclass.info
H 430.4: CNAME of Flag1 (10 pts)
Find the CNAME record for this server:That CNAME contains the flag.
flag1.samsclass.info
H 430.5: DNS Record of Flag2 (15 pts)
Find a DNS record containing a flag for this server:Hint: Know the eight most common DNS records
flag2.samsclass.info
H 430.6: One (20 pts)
Perform a reverse DNS lookup for this address:Make sure the answer is correct, outlined in green in the image below.
1.1.1.1The flag is the text covered by a green rectangle in the image below.