ARP Cache Poisoning with Scapy

Scapy is a very powerful tool that allows you to manipulate a large amount of network packets. You can read more about it at http://www.secdev.org/projects/scapy/. I have been playing around with it and will show how to go about sending a modified ARP packet. First off you need to install scapy. If your using Backtrack you will find it is allready intalled and ready to use. If your using a diffrent distro of linux a simple “apt-get install scapy” will suffice.

To start with you will want to create the ARP packet. typing “h=ARP()” will assign the h to the arp packet you create. “h.show()” will show you the variables inside the ARP packet you can change.

There are two variables that you are going to want to change. Thease are ¬†PSRC and PDST. To change them you need to input the following. “h.psrc=("192.168.1.254")” (The IP for the Gateway) and “h.pdst=("192.168.1.73")” (The IP for the client).

Typing h.show() again will show you the new settings for the packet.

Now you have created the packet you need to send it. to do this simply type send(h).

By going to the machine you sent the packet to you can open up Wireshark and see the ARP packet successfully working.

You can also send a ping to an IP address that would normally use the gateway IP. In this example I pinged Google and captured the packets on the machine I sent the ARP packet from. As you can see in the screenshot below instead of going to the gateway to Google it went to me.

I’m going to be using Scapy alot more as its an excellent tool so expect to see some more posts about Scapy on here in the future. There is also a great video by John Strand on youtube that explains the basics on Scapy.

Steganography

I decided to write a blog post on Steganography. I’m researching about this as I go along and figured why not document what i find on my blog for others to see.

Steganography is the art of hiding information inside something. For example you can hide a string of text inside an Image and it will be very hard to find unless your specifically looking for it. The difference between steganography and cryptography is that in cryptography its obvious you are looking at encrypted data. with steganography at first glance its not very obvious at all.

There are countless amount of tools that you can use but the one I will be using for this first post is called Steghide. I’m going to be using it on Ubuntu. The first thing you want to do is obviously install Steghide.

apt-get install steghide

I then ran the command:

steghide --embed -ef /home/james/Desktop/test.txt -cf /home/james/Pictures/stegbmp.bmp -p pass

This command embeds test.txt inside the stegbmp.bmp image and assigns the password “pass” to access the text file.

Below are the stegbmp.bmp image files. the one on the left contains the test.txt text file and the one on the right contains nothing.

Image containing test.txt File containing no extra files

As you can see both images have kept their original file size of 29.35 kB (30054 bytes). even though a 16 byte text file has been added. This is because it uses a method of storing a file called Least significant bit insertion (LSB). This is where the test.txt file bits are written in a part of the image file where the data is not of any or little importance. Therefore it does not alter the way the image looks. Obviously if I added a large file inside the image it would increase the file size.

To extract the txt file from the image i used the following command:

steghide --extract -sf /home/james/Desktop/stegbmp.bmp -xf yes.txt

What this does is copies the test.txt file that is inside the image and saves it as yes.txt inside the current directory.

In my next post I will be looking into some more tools involving steganography and also steganalysis, the art of detecting hidden information using steganography.

All Done!

The Arcade machine is now completly done. If you have any questions you would like to ask me about the project please Email me at james@jamesdotcom.com. Here are some pictures of the final build.

[singlepic id=23 w=341 h=192]

[singlepic id=24 w=341 h=192]

The New Screen

This is what the new screen looks like inside the cabinate.

[singlepic id=31 w=341 h=192]