A few days ago, a friend talked to me about a python packet forger. I thought it will be interesting using it to inject RIPv2 informations in a router.
So i make a tool to try to inject RIPv2 updates in my Linksys router. Here’s the result.
Well it was working but the funny part start now… With RIPv2, you can use an authentication to guarantee the source of your packets. Two authentication type are available :
- A simple password ( Clear text pass through the network )
- A md5-hashed-password
Watching the packet forger source code, there was no way to inject RIP Update with authentication, so i added a little part of code to use this feature. Let’s check what the RIPv2 RFC is telling us…
Since authentication is a per message function, and since there is only one 2-octet field available in the message header, and since any reasonable authentication scheme will require more than two octets, the authentication scheme for RIP version 2 will use the space of an entire RIP entry. If the Address Family Identifier of the first (and only the first) entry in the message is 0xFFFF, then the remainder of the entry contains the authentication. This means that there can be, at most, 24 RIP entries in the remainder of the message. If authentication is not in use, then no entries in the message should have an Address Family Identifier of 0xFFFF Currently, the only Authentication Type is simple password and it is type 2. The remaining 16 octets contain the plain text password. If the password is under 16 octets, it must be left-justified and padded to the right with nulls (0x00).
So i’ve just had to add to the source code this part :
class RIPAuth(Packet):
name = "RIP Clear Authentication"
fields_desc = [
ShortField("header",0xFFFF),
ShortField("authtype",2),
StrFixedLenField("password","",16),
]
Click here to watch the video
http://www.madrouter.com/tutoriaux/RIPInjection/RIPInjection.htm

miam miam
trop leet!
Si tu continues comme ça tu vas gagner un stage chez Cisco
j’ai pas beaucoup de chance à la loterie
mais p**** qu’est-ce que ça serait le pied
ty pour le feedback :p