程序師世界是廣大編程愛好者互助、分享、學習的平台,程序師世界有你更精彩!
首頁
編程語言
C語言|JAVA編程
Python編程
網頁編程
ASP編程|PHP編程
JSP編程
數據庫知識
MYSQL數據庫|SqlServer數據庫
Oracle數據庫|DB2數據庫
 程式師世界 >> 編程語言 >> 網頁編程 >> PHP編程 >> 關於PHP編程 >> 用FreeBSD抓取PPPoE帳號和密碼(勿用非法用途!)

用FreeBSD抓取PPPoE帳號和密碼(勿用非法用途!)

編輯:關於PHP編程

用FreeBSD抓取PPPoE帳號和密碼(勿用非法用途!)


一個朋友拿了一台無線路由器,讓我幫他找到用戶名和密碼,網上的文章不是太簡潔,於是有了本文。

一、安裝mpd:
  FreeBSD下的mpd簡直就是撥號的神器,能做客戶端,也能做服務器端。

  1. pkg install mpd5

二、配置mpd,讓它接收PPPoE撥號,其實根本不麻煩,直接把/usr/local/etc/mpd5/mpd5.conf.sample復制一個mpd5.conf,然後修改一下pppoe_server和default就可以了,共五行,分別是:
 1、設置默認的段;
2、去掉radius,否則會報錯;
 3、設置pppoe_server名為"*",否則客戶端的包過不來;
4-5、設置接入的網卡,共有兩處;

  1. # cat mpd.conf
  2. startup:
  3. # configure mpd users
  4. set user foo bar admin
  5. set user foo1 bar1
  6. # configure the console
  7. set console self 127.0.0.1 5005
  8. set console open
  9. # configure the web server
  10. set web self 0.0.0.0 5006
  11. set web open

  12. #
  13. # Default configuration is "dialup"

  14. default:
  15. load pppoe_server

  16. common:
  17. # Enable multilink protocol
  18. set link enable multilink
  19. # Set bundle template to use
  20. set link action bundle B
  21. # Allow peer to authenticate us
  22. set link disable chap pap
  23. set link accept chap pap
  24. set auth authname MyLogin
  25. # Set inifinite redial attempts
  26. set link max-redial 0
  27. set modem var $DialPrefix "DT"
  28. set modem var $Telephone "1-415-555-1212"
  29. set modem script DialPeer

  30. pppoe_server:
  31. #
  32. # Multihomed multilink PPPoE server
  33. #

  34. # Create clonable bundle template
  35. create bundle template B
  36. # Set IP addresses. Peer address will be later replaced by RADIUS.
  37. set ipcp ranges 192.168.0.1/32 127.0.0.2/32

  38. # Create link template with common info
  39. create link template common pppoe
  40. # Enable multilink protocol
  41. set link enable multilink
  42. # Set bundle template to use
  43. set link action bundle B
  44. # Enable peer authentication
  45. set link disable chap pap eap
  46. set link enable pap
  47. # load radius
  48. set pppoe service "*"

  49. # Create templates for ifaces to listen using 'common' template and let them go
  50. create link template em0 common
  51. set link max-children 1000
  52. set pppoe iface em0
  53. set link enable incoming

三、啟動mpd,讓PPPoE服務器接收撥號:

  1. /usr/local/etc/rc.d/mpd5 onestart

四、抓包,找到帶“Name”的那行,就是用戶名和密碼,本文示例用戶名為:csh,密碼為123456:

  1. # tcpdump -ani em0 pppoes
  2. tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
  3. listening on em0, link-type EN10MB (Ethernet), capture size 65535 bytes
  4. 18:09:07.901865 PPPoE [ses 0x4a] LCP, Conf-Request (0x01), id 1, length 37
  5. 18:09:08.942933 PPPoE [ses 0x4a] LCP, Conf-Request (0x01), id 147, length 26
  6. 18:09:08.943601 PPPoE [ses 0x4a] LCP, Conf-Reject (0x04), id 1, length 12
  7. 18:09:08.943726 PPPoE [ses 0x4a] LCP, Conf-Reject (0x04), id 147, length 8
  8. 18:09:08.943996 PPPoE [ses 0x4a] LCP, Conf-Request (0x01), id 2, length 22
  9. 18:09:08.944447 PPPoE [ses 0x4a] LCP, Conf-Request (0x01), id 148, length 24
  10. 18:09:08.945266 PPPoE [ses 0x4a] LCP, Conf-Ack (0x02), id 2, length 22
  11. 18:09:08.945282 PPPoE [ses 0x4a] LCP, Conf-Ack (0x02), id 148, length 24
  12. 18:09:08.946030 PPPoE [ses 0x4a] PAP, Auth-Req (0x01), id 1, Peer csh, Name 123456
  13. 18:09:08.947405 PPPoE [ses 0x4a] PAP, Auth-NACK (0x03), id 1, Msg Login incorrect
  14. 18:09:08.947938 PPPoE [ses 0x4a] LCP, Term-Request (0x05), id 3, length 6
  15. 18:09:08.948400 PPPoE [ses 0x4a] LCP, Term-Request (0x05), id 149, length 6
  16. 18:09:08.948733 PPPoE [ses 0x4a] LCP, Term-Ack (0x06), id 4, length 6
  17. 18:09:08.949086 PPPoE [ses 0x4a] LCP, Term-Ack (0x06), id 3, length 6
  18. ^C
  19. 14 packets captured
  20. 29 packets received by filter
  21. 0 packets dropped by kernel

五:提醒:
 1、別干壞事!
 2、復制本文mpd.conf配置會無效,原因是mpd.conf要求除了段名外,每行前面都要有空格,而本博客編輯器會把前置空格吃掉,具體格式看系統自帶的示例。








----end----

  1. 上一頁:
  2. 下一頁:
Copyright © 程式師世界 All Rights Reserved