Since the late nineties, the Internet has grown at an exponential rate. One of the biggest spurts in growth came between the years of 1995-2000 with the dot-com bubble that prompted the spawn of e-commerce for virtually every facet of society. The success of the Internet has brought great change to the world as we know it; however, not all of this growth has been productive. With thousands of sites launching daily and limited resources available to monitor the credibility and/or security of these sites the existence of vulnerabilities was inevitable.
Eventually exploits became rampant causing the information security field to step up its game. The result was the pre-emptive existence of vulnerability testers that’s sole purpose was to attempt to exploit such software far before others got the opportunity. One of these researchers was a man by the name of H.D. Moore who in the summer of 2003 founded the Metasploit Project [1].
H.D.’s purpose was to create a penetration testing tool that could be easily utilized by even novice users to perform penetration testing, regressi on testing, patch verification, and development. From this arose the project known formerly today as the Metasploit.
/*
# gcc -O6 -c aasp_lkmachk.c -I/usr/src/linux/include
# insmod aasp_lkmachk.o device=eth0
# rmmod aasp_lkmachk
Anti Anti Sniffer Patch (by vecna@s0ftpj.org) - MAC checker module
*/
#define MODULE
#define __KERNEL__
#include <linux/config.h>
#include <linux/module.h>
#include <linux/version.h>
#include <linux/netdevice.h>
#include <net/protocol.h>
#include <net/pkt_sched.h>
#include <net/tcp.h>
#include <net/ip.h>
#include <linux/if_ether.h>
#include <linux/ip.h>
#include <linux/skbuff.h>
#include <linux/kernel.h>
#include <linux/mm.h>
#include <linux/file.h>
#include <asm/uaccess.h>
#define r_mac sk->mac.ethernet->h_dest /* received mac */
#define t_mac true->dev_addr /* true mac */
char *device;
MODULE_PARM(device, "s");
struct device *true;
struct packet_type aasp_ip, aasp_arp;
int chk_mac_arp(struct sk_buff *sk, struct device *dev, struct packet_type
*pt)
{
if( r_mac[0] ==r_mac[1] ==r_mac[2] ==r_mac[3] ==r_mac[4]
==r_mac[5] ==0xff)
/* ARP broadcast */
goto end;
if( (r_mac[0] !=t_mac[0]) || (r_mac[1] !=t_mac[1]) ||
(r_mac[2] !=t_mac[2]) || (r_mac[3] !=t_mac[3]) ||
(r_mac[4] !=t_mac[4]) || (r_mac[5] !=t_mac[5]) )
{
/* ARP mac spoof detected */
sk->nh.arph->ar_hrd = 0;
sk->nh.arph->ar_pro = 0;
sk->nh.arph->ar_op = 0;
goto end;
}
end:
kfree_skb(sk);
return(0);
}
H.D.’s purpose was to create a penetration testing tool that could be easily utilized by even novice users to perform penetration testing, regressi on testing, patch verification, and development. From this arose the project known formerly today as the Metasploit.
No comments:
Post a Comment