lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <OF9E6154D2.60B84060-ONC2256F0F.002872B8-C2256F0F.0028A113@allianz.ro>
From: Stefan.Laudat at allianztiriac.ro (Stefan.Laudat@...ianztiriac.ro)
Subject: Re: The ArpSucker is b0rn! Be yourself, be the net.

Usually lame kiddie posts like this shouldn't reach the list. Old school 
ARP attacks are no longer a threat in a decently managed layer 2
network. I thought bugtraq is still moderated. Oh, Aleph1, where art thee 
?

---
Stefan Laudat
Networking & IT Security Manager
Allianz Tiriac SA Insurance
--
This message is protected by the secrecy of correspondence rules ; 
furthermore it may contain privileged or confidential information that is
protected by law, notably by the secrecy of business relations rule ; it 
is
intended solely for the attention of the addressee . Any disclosure, use,
dissemination or reproduction (either whole or partial) of this message or
the information contained herein is strictly prohibited without prior
consent.
Any electronic message is susceptible to alteration and its integrity can
not be assured. Allianz Tiriac declines any responsibility for this 
message in the
event of alteration or falsification.
If you are not the intended recipient, please destroy it immediately and
notify the sender of the wrong delivery and the mail deletion.







Alpt <alpt@...aknet.org>
13.09.2004 23:05
 
        To:     primavera@...aknet.org
        cc:     hackmeeting@...zz.org, hackers@...e.org, ml@...urezza.org, 
bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com, 
security-alerts@...uxsecurity.com
        Subject:        The ArpSucker is b0rn! Be yourself, be the net.



                        Freaknet Death C is pride to present ya:
                 }----------------- (The ArpSucker) ----------------{

Hi folks, 
Did you ever dreamed to become the net, to be a big, bad, black, black,
black hole?
Yep! I did.

This code was made the "12 Sept 2004".
It started to dawn and I, Tomak and Nirvana, after eating some food,
started to rave. 
Tomak downloaded fakeap.pl; But I also wanted to give my good amount of 
death. 
So I told: <<Why not fakeip?>>. Tomak: <<Yea, good idea, but why don't
you wake up all those sleeper with a sane System of a Down's song?>>
After a while,
I started to code TheArpSucker...
Then Elibus, Pallotron were my favourite guinea pigs for direct attacks.

The idea is simple: we add all the ip we want to become in the arp cache 
of
all the machines. Yes, it's the normal arp poisoning, but we want to 
become
the ENTIRE NETWORK!
The tests of the global arp cache smashing were successful, I became the 
entire 
10.0.0.x and 10.0.1.x network. All the packets went to me and, with the 
ip_forward 
activated, I resent them to the real destination.

Then when I tried to become all the 2^32-1 IPs, I realized that the 
attacked machine
(elibus and pallotron, eheheh), were under a mortal DoS. The Elibus' 
machine was
constantly at 100% of cpu until Elibus unplugged the eth0 cable, while the 
Pallotron's
machine went in kernel panic!. Elibus uses an x86 arch with the linux 
kernel, pallotron
uses An Apple I-book, with MacOsx.
Asbesto was giving his blessing to spread death in our bicazzo network, 
and Elibus died
because he didn't want to share his gprs connection, AHHAHAHAHA.
                                                 -  E l i B u S -
                                                        RIP.
                                     He was a good guinea pig
(^_^)
That was an happy day!
So, here it is the code, Here I spread the src in the wired.

The ArpSucker is a patch to arping of iputils:
http://www.freaknet.org/alpt/src/p0f-TheArpSucker-iputils-ss020927.patch
You can get the right version of iputils here:
http://www.freaknet.org/alpt/src/iputils-ss020927.tar.gz

These are the .md5 files:
http://www.freaknet.org/alpt/src/p0f-TheArpSucker-iputils-ss020927.patch.md5

http://www.freaknet.org/alpt/src/iputils-ss020927.tar.gz.md5

Have Fun

Fuck to `cat /dev/urandom`
I love ya
-- 
:wq!
"I don't know nothing" The One Who reached the Thinking Matter   '.'

[ Alpt --- Freaknet Medialab ]
[ GPG Key ID 441CF0EE ]
[ Key fingerprint = 8B02 26E8 831A 7BB9 81A9  5277 BFF8 037E 441C F0EE ]

-------------- next part --------------
A non-text attachment was scrubbed...
Name: attdjmw6.dat
Type: application/octet-stream
Size: 195 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040914/fb82c912/attdjmw6.obj

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ