morpheus
morpheus copied to clipboard
Published
20 hours ago •
r00t-3xp10it
r00t-3xp10it
Morpheus - tcp/udp scripting (firewall DHCP filter)
This tutorial explains how to detect 'daddy' mobil DHCP requests
The Dynamic Host Configuration Protocol (DHCP) is a standardized network protocol
used on Internet Protocol (IP) networks, The DHCP is controlled by a DHCP server that
dynamically distributes network configuration parameters, such as IP addresses, for
interfaces and services...
The next tutorial explains how to change firewall.eft filter to warn morpheus users
everytime a device (daddy mobil) sends a DHCP request to modem/router Announcing
its presence or requesting an ip addr to access the local lan network.
In other words it means that you will be warned everytime your daddy is arriving home
because is mobil will try to auto-connect to modem/router before he even open the door.
WARNING: morpheus allow you to improve filters in 2 diferent ways
1º - Edit filter before runing morpheus and the 'changes' will be permanent
2º - Edit filter using 'morpheus scripting console' and the changes are active only once
"In this tutorial we will edit the filter before running morpheus, making the changes permanent"
1º - step it will be detecting 'daddy' mobil hostname (nmap scan) nmap -sn 192.168.1.0/24
2º - step it will be re-writing 'firewall.eft' filter to add 'daddy' mobil hostname WARNING: the value to be added must be added into ip.src == '0.0.0.0' funtion
# change to the rigth directory structure
cd morpheus/filters
# edit firewall filter before running morpheus
nano firewall.eft
search for: 0.0.0.0
Now we just need to replace the 'android-7f926b4b94fd40c17' from firewall.eft
by your daddy hostname and add a 7 at the end of the value, example:
android-98fb88d184143837 + 7
3º - step running firewall filter
HINT: we dont need to input in target (daddy) ip addr because firewall filter
will detect the DHCP request made from mobil to modem/router (0.0.0.0)
and will alert you that modem have recibed a dhcp request...
How to test if the detection works?
Easy, you just need to disconnect your 'dady' mobil from network and reconnect again...
1º - run morpheus tool with the modified filter
2º - disconnect your 'dady' mobil from network and reconnect again
Special thanks: spiritedwolf
