Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Morpheus - tcp/udp scripting (firewall DHCP filter) #7

Open
r00t-3xp10it opened this issue Dec 29, 2016 · 0 comments
Open

Morpheus - tcp/udp scripting (firewall DHCP filter) #7

r00t-3xp10it opened this issue Dec 29, 2016 · 0 comments
Labels
framework tutorials

Comments

@r00t-3xp10it
Copy link
Owner

r00t-3xp10it commented Dec 29, 2016
edited
Loading


This tutorial explains how to detect 'daddy' mobil DHCP requests

The Dynamic Host Configuration Protocol (DHCP) is a standardized network protocol
used on Internet Protocol (IP) networks, The DHCP is controlled by a DHCP server that
dynamically distributes network configuration parameters, such as IP addresses, for
interfaces and services...

The next tutorial explains how to change firewall.eft filter to warn morpheus users
everytime a device (daddy mobil) sends a DHCP request to modem/router Announcing
its presence or requesting an ip addr to access the local lan network.

In other words it means that you will be warned everytime your daddy is arriving home
because is mobil will try to auto-connect to modem/router before he even open the door.


WARNING: morpheus allow you to improve filters in 2 diferent ways
1º - Edit filter before runing morpheus and the 'changes' will be permanent
2º - Edit filter using 'morpheus scripting console' and the changes are active only once

"In this tutorial we will edit the filter before running morpheus, making the changes permanent"




1º - step it will be detecting 'daddy' mobil hostname (nmap scan)
nmap -sn 192.168.1.0/24



2º - step it will be re-writing 'firewall.eft' filter to add 'daddy' mobil hostname
WARNING: the value to be added must be added into ip.src == '0.0.0.0' funtion

# change to the rigth directory structure
cd morpheus/filters

# edit firewall filter before running morpheus
nano firewall.eft
search for: 0.0.0.0

Now we just need to replace the 'android-7f926b4b94fd40c17' from firewall.eft
by your daddy hostname and add a 7 at the end of the value, example:
android-98fb88d184143837 + 7



3º - step running firewall filter

HINT: we dont need to input in target (daddy) ip addr because firewall filter
will detect the DHCP request made from mobil to modem/router (0.0.0.0)
and will alert you that modem have recibed a dhcp request...

How to test if the detection works?

Easy, you just need to disconnect your 'dady' mobil from network and reconnect again...

1º - run morpheus tool with the modified filter
2º - disconnect your 'dady' mobil from network and reconnect again

Special thanks: spiritedwolf
@r00t-3xp10it r00t-3xp10it changed the title Morpheus - tcp/udp scripting (firewall.eft filter) Morpheus - tcp/udp scripting (firewall filter) Dec 31, 2016
@r00t-3xp10it r00t-3xp10it changed the title Morpheus - tcp/udp scripting (firewall filter) Morpheus - tcp/udp scripting (firewall DHCP filter) May 16, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
framework tutorials
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@r00t-3xp10it