用FreeBSD抓取PPPoE帐号和密码(勿用非法用途!)

7290阅读 0评论2016-08-13 lsstarboy
分类:BSD

一个朋友拿了一台无线路由器,让我帮他找到用户名和密码,网上的文章不是太简洁,于是有了本文。

一、安装mpd:
  FreeBSD下的mpd简直就是拨号的神器,能做客户端,也能做服务器端。
     
  1. pkg install mpd5

二、配置mpd,让它接收PPPoE拨号,其实根本不麻烦,直接把/usr/local/etc/mpd5/mpd5.conf.sample复制一个mpd5.conf,然后修改一下pppoe_server和default就可以了,共五行,分别是:
 1、设置默认的段;
   2、去掉radius,否则会报错;
 3、设置pppoe_server名为"*",否则客户端的包过不来;
   4-5、设置接入的网卡,共有两处;

  1. # cat mpd.conf
  2. startup:
  3. # configure mpd users
  4. set user foo bar admin
  5. set user foo1 bar1
  6. # configure the console
  7. set console self 127.0.0.1 5005
  8. set console open
  9. # configure the web server
  10. set web self 0.0.0.0 5006
  11. set web open

  13. #
  14. # Default configuration is "dialup"

  16. default:
  17. load pppoe_server

  19. common:
  20. # Enable multilink protocol
  21. set link enable multilink
  22. # Set bundle template to use
  23. set link action bundle B
  24. # Allow peer to authenticate us
  25. set link disable chap pap
  26. set link accept chap pap
  27. set auth authname MyLogin
  28. # Set inifinite redial attempts
  29. set link max-redial 0
  30. set modem var $DialPrefix "DT"
  31. set modem var $Telephone "1-415-555-1212"
  32. set modem script DialPeer

  34. pppoe_server:
  35. #
  36. # Multihomed multilink PPPoE server
  37. #

  39. # Create clonable bundle template
  40. create bundle template B
  41. # Set IP addresses. Peer address will be later replaced by RADIUS.
  42. set ipcp ranges 192.168.0.1/32 127.0.0.2/32

  44. # Create link template with common info
  45. create link template common pppoe
  46. # Enable multilink protocol
  47. set link enable multilink
  48. # Set bundle template to use
  49. set link action bundle B
  50. # Enable peer authentication
  51. set link disable chap pap eap
  52. set link enable pap
  53. # load radius
  54. set pppoe service "*"

  56. # Create templates for ifaces to listen using 'common' template and let them go
  57. create link template em0 common
  58. set link max-children 1000
  59. set pppoe iface em0
  60. set link enable incoming

三、启动mpd,让PPPoE服务器接收拨号:

  1. /usr/local/etc/rc.d/mpd5 onestart

四、抓包,找到带“Name”的那行,就是用户名和密码,本文示例用户名为:csh,密码为123456:

  1. # tcpdump -ani em0 pppoes
  2. tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
  3. listening on em0, link-type EN10MB (Ethernet), capture size 65535 bytes
  4. 18:09:07.901865 PPPoE [ses 0x4a] LCP, Conf-Request (0x01), id 1, length 37
  5. 18:09:08.942933 PPPoE [ses 0x4a] LCP, Conf-Request (0x01), id 147, length 26
  6. 18:09:08.943601 PPPoE [ses 0x4a] LCP, Conf-Reject (0x04), id 1, length 12
  7. 18:09:08.943726 PPPoE [ses 0x4a] LCP, Conf-Reject (0x04), id 147, length 8
  8. 18:09:08.943996 PPPoE [ses 0x4a] LCP, Conf-Request (0x01), id 2, length 22
  9. 18:09:08.944447 PPPoE [ses 0x4a] LCP, Conf-Request (0x01), id 148, length 24
  10. 18:09:08.945266 PPPoE [ses 0x4a] LCP, Conf-Ack (0x02), id 2, length 22
  11. 18:09:08.945282 PPPoE [ses 0x4a] LCP, Conf-Ack (0x02), id 148, length 24
  12. 18:09:08.946030 PPPoE [ses 0x4a] PAP, Auth-Req (0x01), id 1, Peer csh, Name 123456
  13. 18:09:08.947405 PPPoE [ses 0x4a] PAP, Auth-NACK (0x03), id 1, Msg Login incorrect
  14. 18:09:08.947938 PPPoE [ses 0x4a] LCP, Term-Request (0x05), id 3, length 6
  15. 18:09:08.948400 PPPoE [ses 0x4a] LCP, Term-Request (0x05), id 149, length 6
  16. 18:09:08.948733 PPPoE [ses 0x4a] LCP, Term-Ack (0x06), id 4, length 6
  17. 18:09:08.949086 PPPoE [ses 0x4a] LCP, Term-Ack (0x06), id 3, length 6
  18. ^C
  19. 14 packets captured
  20. 29 packets received by filter
  21. 0 packets dropped by kernel

五:提醒:
 1、别干坏事!
 2、复制本文mpd.conf配置会无效,原因是mpd.conf要求除了段名外,每行前面都要有空格,而本博客编辑器会把前置空格吃掉,具体格式看系统自带的示例。








----end----

上一篇:FreeBSD下ppp断线重拨参数详解
下一篇:PHP的C语言模式Blitz更新说明