Beispiel #1
0
def exploit_test(src, dst, iface, count):
    pkt = IP(src=src, dst=dst) / UDP(dport=518) / \
        Raw(load="\x01\x03\x00\x00\x00\x00\x00\x01\x00\x02\x02\xE8")
    send(pkt, iface=iface, count=count)

    pkt = IP(src=src, dst=dst) / UDP(dport=635) \
        / Raw(load="^\xB0\x02\x89\x06\xFE\xC8\x89F\x04\xB0\x06\x89F")
    send(pkt, iface=iface, count=count)
Beispiel #2
0
    def RECEIVED_RRQ(self, pkt):
        ip = pkt[IP]
        options = pkt[TFTP_Options]
        self.l3 = IP(src=ip.dst, dst=ip.src) / UDP(sport=self.my_tid,
                                                   dport=ip.sport) / TFTP()
        self.filename = pkt[TFTP_RRQ].filename
        self.blk = 1
        self.data = None
        if self.filename in self.store:
            self.data = self.store[self.filename]
        elif self.dir is not None:
            fn = os.path.abspath(os.path.join(self.dir, self.filename))
            if fn.startswith(
                    self.dir):  # Check we're still in the server's directory
                try:
                    self.data = open(fn).read()
                except IOError:
                    pass
        if self.data is None:
            self.data = self.joker

        if options:
            opt = [x for x in options.options if x.oname.upper() == "BLKSIZE"]
            if opt:
                self.blksize = int(opt[0].value)
                self.debug(2, "Negotiated new blksize at %i" % self.blksize)
            self.last_packet = self.l3 / TFTP_OACK() / TFTP_Options(
                options=opt)
            self.send(self.last_packet)
Beispiel #3
0
 def make_reply(self, req):
     ip = req.getlayer(IP)
     dns = req.getlayer(DNS)
     resp = IP(dst=ip.src, src=ip.dst) / UDP(dport=ip.sport, sport=ip.dport)
     rdata = self.match.get(dns.qd.qname, self.joker)
     resp /= DNS(id=dns.id,
                 qr=1,
                 qd=dns.qd,
                 an=DNSRR(rrname=dns.qd.qname, ttl=10, rdata=rdata))
     return resp
Beispiel #4
0
def ddos_test(src, dst, iface, count):
    pkt = IP(src=src, dst=dst) / ICMP(type=8, id=678) / Raw(load='1234')
    send(pkt, iface=iface, count=count)

    pkt = IP(src=src, dst=dst) / ICMP(type=0) / Raw(load='AAAAAAAAAA')
    send(pkt, iface=iface, count=count)

    pkt = IP(src=src, dst=dst) / UDP(dport=31335) / Raw(load='PONG')
    send(pkt, iface=iface, count=count)

    pkt = IP(src=src, dst=dst) / ICMP(type=8, id=456)
    send(pkt, iface=iface, count=count)
Beispiel #5
0
    def BEGIN(self):
        self.blocksize = 512
        self.my_tid = self.sport or RandShort()._fix()
        bind_bottom_up(UDP, TFTP, dport=self.my_tid)
        self.server_tid = None
        self.res = ""

        self.l3 = IP(dst=self.server) / UDP(sport=self.my_tid,
                                            dport=self.port) / TFTP()
        self.last_packet = self.l3 / TFTP_RRQ(filename=self.filename,
                                              mode="octet")
        self.send(self.last_packet)
        self.awaiting = 1

        raise self.WAITING()
Beispiel #6
0
 def make_reply(self, req):        
     mac = req.src
     if type(self.pool) is list:
         if not mac in self.leases:
             self.leases[mac] = self.pool.pop()
         ip = self.leases[mac]
     else:
         ip = self.pool
         
     repb = req.getlayer(BOOTP).copy()
     repb.op="BOOTREPLY"
     repb.yiaddr = ip
     repb.siaddr = self.gw
     repb.ciaddr = self.gw
     repb.giaddr = self.gw
     del(repb.payload)
     rep=Ether(dst=mac)/IP(dst=ip)/UDP(sport=req.dport,dport=req.sport)/repb
     return rep
Beispiel #7
0
def dyndns_del(nameserver, name, type="ALL", ttl=10):
    """Send a DNS delete message to a nameserver for "name"
dyndns_del(nameserver, name, type="ANY", ttl=10) -> result code (0=ok)

example: dyndns_del("ns1.toto.com", "dyn.toto.com")
RFC2136
"""
    zone = name[name.find(".") + 1:]
    r = sr1(IP(dst=nameserver) / UDP() / DNS(
        opcode=5,
        qd=[DNSQR(qname=zone, qtype="SOA")],
        ns=[DNSRR(rrname=name, type=type, rclass="ANY", ttl=0, rdata=b"")]),
            verbose=0,
            timeout=5)
    if r and r.haslayer(DNS):
        return r.getlayer(DNS).rcode
    else:
        return -1
Beispiel #8
0
def dyndns_add(nameserver, name, rdata, type="A", ttl=10):
    """Send a DNS add message to a nameserver for "name" to have a new "rdata"
dyndns_add(nameserver, name, rdata, type="A", ttl=10) -> result code (0=ok)

example: dyndns_add("ns1.toto.com", "dyn.toto.com", "127.0.0.1")
RFC2136
"""
    zone = name[name.find(".") + 1:]
    r = sr1(IP(dst=nameserver) / UDP() /
            DNS(opcode=5,
                qd=[DNSQR(qname=zone, qtype="SOA")],
                ns=[DNSRR(rrname=name, type="A", ttl=ttl, rdata=rdata)]),
            verbose=0,
            timeout=5)
    if r and r.haslayer(DNS):
        return r.getlayer(DNS).rcode
    else:
        return -1
Beispiel #9
0
    def BEGIN(self):
        self.data = [
            self.origdata[i * self.blocksize:(i + 1) * self.blocksize]
            for i in range(len(self.origdata) / self.blocksize + 1)
        ]
        self.my_tid = self.sport or RandShort()._fix()
        bind_bottom_up(UDP, TFTP, dport=self.my_tid)
        self.server_tid = None

        self.l3 = IP(dst=self.server) / UDP(sport=self.my_tid,
                                            dport=self.port) / TFTP()
        self.last_packet = self.l3 / TFTP_WRQ(filename=self.filename,
                                              mode="octet")
        self.send(self.last_packet)
        self.res = ""
        self.awaiting = 0

        raise self.WAITING_ACK()
Beispiel #10
0
 def ack_WRQ(self, pkt):
     ip = pkt[IP]
     self.ip = ip.dst
     self.dst = ip.src
     self.filename = pkt[TFTP_WRQ].filename
     options = pkt[TFTP_Options]
     self.l3 = IP(src=ip.dst, dst=ip.src) / UDP(sport=self.my_tid,
                                                dport=pkt.sport) / TFTP()
     if options is None:
         self.last_packet = self.l3 / TFTP_ACK(block=0)
         self.send(self.last_packet)
     else:
         opt = [x for x in options.options if x.oname.upper() == "BLKSIZE"]
         if opt:
             self.blksize = int(opt[0].value)
             self.debug(2, "Negotiated new blksize at %i" % self.blksize)
         self.last_packet = self.l3 / TFTP_OACK() / TFTP_Options(
             options=opt)
         self.send(self.last_packet)
Beispiel #11
0
def snmpwalk(dst, oid="1", community=b"public"):
    try:
        while 1:
            r = sr1(IP(dst=dst) / UDP(sport=RandShort()) /
                    SNMP(community=community,
                         PDU=SNMPnext(varbindlist=[SNMPvarbind(oid=oid)])),
                    timeout=2,
                    chainCC=1,
                    verbose=0,
                    retry=2)
            if ICMP in r:
                print(repr(r))
                break
            if r is None:
                print("No answers")
                break
            print("%-40s: %r" % (r[SNMPvarbind].oid.val, r[SNMPvarbind].value))
            oid = r[SNMPvarbind].oid

    except KeyboardInterrupt:
        pass
Beispiel #12
0
def ikescan(ip):
    return sr(
        IP(dst=ip) / UDP() / ISAKMP(init_cookie=RandString(8), exch_type=2) /
        ISAKMP_payload_SA(prop=ISAKMP_payload_Proposal()))
Beispiel #13
0
def ikev2scan(ip):
    return sr(
        IP(dst=ip) / UDP() / IKEv2(init_SPI=RandString(8), exch_type=34) /
        IKEv2_payload_SA(prop=IKEv2_payload_Proposal()))
Beispiel #14
0
def dhcp_request(iface=None,**kargs):
    if conf.checkIPaddr != 0:
        warning("conf.checkIPaddr is not 0, I may not be able to match the answer")
    if iface is None:
        iface = conf.iface
    hw = get_if_raw_hwaddr(iface)
    return srp1(Ether(dst="ff:ff:ff:ff:ff:ff")/IP(src="0.0.0.0",dst="255.255.255.255")/UDP(sport=68,dport=67)
                 /BOOTP(chaddr=hw)/DHCP(options=[("message-type","discover"),"end"]),iface=iface,**kargs)
Beispiel #15
0
def scan_test(src, dst, iface, count):
    pkt = IP(src=src, dst=dst) / UDP(dport=7) / Raw(load='cybercop')
    send(pkt)

    pkt = IP(src=src, dst=dst) / UDP(dport=10000) / Raw(load='Amanda')
    send(pkt, iface=iface, count=count)
Beispiel #16
0
def dup_UDP(pkt):
    u_pkt = pkt.getlayer(UDP)
    sport = u_pkt.sport
    dport = u_pkt.dport
    n_pkt = UDP(sport=sport, dport=dport)
    return n_pkt