Skip to content

Instantly share code, notes, and snippets.

@rollwagen

rollwagen/synack.md

Last active May 7, 2021 15:03
Show Gist options
  • Save rollwagen/2d20eb1daeac6c3198ca4c5282a94cfb to your computer and use it in GitHub Desktop.
Save rollwagen/2d20eb1daeac6c3198ca4c5282a94cfb to your computer and use it in GitHub Desktop.
Download ZIP
SYN-ACK with scapy
Raw
synack.md
  • Listening...
python -m http.server
Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ...
  • Scapy
    • Crafting and sending single TCP SYN packet
from scapy.all import *

SYN = IP(dst='192.168.1.25')/TCP(dport=8000, flags='S')
print(SYN['TCP'].show())
SYNACK=sr1(SYN)
print(SYNACK['TCP'].show())
  • Scapy output:
.*###[ TCP ]### 
  sport     = ftp_data
  dport     = 8000
  seq       = 0
  ack       = 0
  dataofs   = None
  reserved  = 0
  flags     = S
  window    = 8192
  chksum    = None
  urgptr    = 0
  options   = []

Finished sending 1 packets.

Received 2 packets, got 1 answers, remaining 0 packets
###[ TCP ]### 
  sport     = 8000
  dport     = ftp_data
  seq       = 430526432
  ack       = 1
  dataofs   = 6
  reserved  = 0
  flags     = SA
  window    = 64240
  chksum    = 0x90a0
  urgptr    = 0
  options   = [('MSS', 1460)]
  • tcpdump output on 192.168.1.25 (sudo tcpdump -i ens192 port 8000)
14:43:15.237307 IP kali.localdomain.ftp-data > ubuntu01.localdomain.8000: Flags [S], seq 0, win 8192, length 0
14:43:15.237426 IP ubuntu01.localdomain.8000 > kali.localdomain.ftp-data: Flags [S.], seq 2648499290, ack 1, win 64240, options [mss 1460], length 0
14:43:15.237708 IP kali.localdomain.ftp-data > ubuntu01.localdomain.8000: Flags [R], seq 1, win 0, length 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment