コード例 #1
0
 def input_eth(self, eth, timestamp):
     src = dumbnet.eth_ntoa(str(eth.src))
     dst = dumbnet.eth_ntoa(str(eth.dst))
     good = False
     for h in self.hosts:
         (ip, rand_mac, iter, reply) = self.hosts[h]
         if src == h:
             eth.src = dumbnet.eth_aton(rand_mac)
             ref_src = h
             if good:
                 self.dumbnet.send(str(eth))
                 if self.ui == 'gtk':
                     self.spoof_treestore.foreach(self.inc_packet_counter,
                                                  (ref_src, ref_dst))
                 return
             else:
                 good = True
         if dst == rand_mac:
             eth.dst = dumbnet.eth_aton(h)
             ref_dst = h
             if good:
                 self.dumbnet.send(str(eth))
                 if self.ui == 'gtk':
                     self.spoof_treestore.foreach(self.inc_packet_counter,
                                                  (ref_src, ref_dst))
                 return
             else:
                 good = True
コード例 #2
0
ファイル: module_802_1X.py プロジェクト: VRirus/Loki_on_Kali
 def input_eth(self, eth, timestamp):
     src = dumbnet.eth_ntoa(eth.src)
     if src not in self.connection_list:
         dst = dumbnet.eth_ntoa(eth.dst)
         self.connection_list[src] = connection(self, src, dst)
     hdr = dot1x_header()
     #try:
     data = hdr.parse(eth.data)
     self.connection_list[src].dissect(hdr, data)
コード例 #3
0
ファイル: module_mpls.py プロジェクト: VRirus/Loki_on_Kali
 def input_eth(self, eth, timestamp):
     src = dumbnet.eth_ntoa(eth.src)
     dst = dumbnet.eth_ntoa(eth.dst)
     data = eth.data
     src_dst = src + ":" + dst
     if src_dst not in self.peers:
         iter = self.peer_treestore.append(None, [src, dst, "", "", "", -1])
         dict = self.parse_label(data, iter, {})
         self.peers[src_dst] = (iter, dict)
         self.log("MPLS: Got new MPLS communication: %s -> %s" % (src, dst))
     else:
         (iter, dict) = self.peers[src_dst]
         self.parse_label(data, iter, dict)
コード例 #4
0
ファイル: module_dtp.py プロジェクト: VRirus/Loki_on_Kali
 def __repr__(self):
     try:
         if self.t == self.TYPE_DOMAIN:
             return self.v.strip('\x00')  #.encode("hex")
         elif self.t == self.TYPE_STATUS:
             t = "Access"
             m = "Off"
             d, = struct.unpack("!B", self.v[0])
             if d & 0x80 > 0:
                 t = "Trunk"
             if d & 0x07 == self.STATUS_ON:  #todo: get more administative states ?
                 m = "On"
             elif d & 0x07 == self.STATUS_DESIRABLE:
                 m = "Desirable"
             elif d & 0x07 == self.STATUS_AUTO:
                 m = "Auto"
             return "%s/%s" % (t, m)
         elif self.t == self.TYPE_TRUNK:
             t, = struct.unpack("!B", self.v[0])
             if (t & 0xe0) >> 5 == self.ENCAP_8021Q:
                 return "802.1Q"
             elif (t & 0xe0) >> 5 == self.ENCAP_ISL:
                 return "ISL"
             return "Unknown"  #todo: get more trunk states ?
         elif self.t == self.TYPE_SENDER:
             return dumbnet.eth_ntoa(self.v)
     except:
         pass
     return "%d, %d, %s" % (self.t, self.l, self.v.encode("hex"))
コード例 #5
0
 def input_eth(self, eth, timestamp):
     header = wlccp_header()
     ret = header.parse(eth.data)
     orig = dumbnet.eth_ntoa(header.orig_node_mac)
     dst = dumbnet.eth_ntoa(header.dst_node_mac)
     if header.msg_type == 0x01:
         #SCM advertisment request
         if not orig == "00:00:00:00:00:00":
             if orig not in self.hosts:
                 type = self.node_types[header.orig_node_type]
                 iter = self.hosts_liststore.append([orig, type, ""])
                 self.hosts[orig] = (iter,)
     elif header.msg_type == 0x41:
         #SCM advertisment reply
         if not dst == "00:00:00:00:00:00":
             type = self.node_types[header.dst_node_type]
             prio = str(ord(ret[10]))
             if dst not in self.hosts:
                 iter = self.hosts_liststore.append([dst, type, prio])
                 self.hosts[dst] = (iter,)
             else:
                 (iter,) = self.hosts[dst]
                 self.hosts_liststore.set(iter, self.HOSTS_TYPE_ROW, type, self.HOSTS_PRIO_ROW, prio)
コード例 #6
0
ファイル: module_dtp.py プロジェクト: VRirus/Loki_on_Kali
 def input_eth(self, eth, timestamp):
     if not eth.src == self.mac:
         src = dumbnet.eth_ntoa(str(eth.src))
         pdu = dtp_pdu()
         pdu.parse(str(eth.data)[8:])
         domain = pdu.get_tlv(dtp_tlv.TYPE_DOMAIN)
         status = pdu.get_tlv(dtp_tlv.TYPE_STATUS)
         trunk = pdu.get_tlv(dtp_tlv.TYPE_TRUNK)
         sender = pdu.get_tlv(dtp_tlv.TYPE_SENDER)
         if domain is None or status is None or trunk is None or sender is None:
             return
         if src not in self.peers:
             if self.ui == "gtk":
                 row_iter = self.liststore.append([
                     src,
                     str(domain),
                     str(status),
                     str(trunk),
                     str(sender), ""
                 ])
             elif self.ui == "urw":
                 button = self.parent.menu_button(
                     "%s - DOMAIN(%s) %s %s %s" %
                     (src, str(domain), str(status), str(trunk),
                      str(sender)), self.urw_peerlist_activated, src)
                 self.peerlist.append(button)
                 row_iter = self.peerlist.index(button)
             peer = {"pdu": pdu, "row_iter": row_iter}
             self.peers[src] = peer
             self.log("DTP: Got new peer %s" % src)
         else:
             if self.ui == "gtk":
                 self.liststore.set(self.peers[src]["row_iter"],
                                    self.STORE_DOMAIN_ROW,
                                    str(domain), self.STORE_STATUS_ROW,
                                    str(status), self.STORE_TRUNK_ROW,
                                    str(trunk), self.STORE_SENDER_ROW,
                                    str(sender))
             elif self.ui == "urw":
                 new_button = self.parent.menu_button(
                     "%s - DOMAIN(%s) %s %s %s" %
                     (src, str(domain), str(status), str(trunk),
                      str(sender)), self.urw_peerlist_activated, src)
                 self.peerlist[self.peers[src]["row_iter"]] = new_button
コード例 #7
0
    def input_ip6(self, eth, ip6, timestamp):
        if eth.src == self.mac:
            return

        if ip6.nxt == dpkt.ip.IP_PROTO_ICMP6:
            icmp6 = dpkt.icmp6.ICMP6(str(ip6.data))
            mac = dumbnet.eth_ntoa(str(eth.src))
            if self.mac:
                if icmp6.type == dpkt.icmp6.ND_NEIGHBOR_SOLICIT:
                    ip6_dst = dumbnet.ip6_ntoa(str(icmp6.data)[4:20])
                    for h in self.hosts:
                        if mac == h:
                            (ip6_src, rand_mac_src, iter_src,
                             reply_src) = self.hosts[mac]
                            for i in self.hosts:
                                (ip6, rand_mac_dst, iter_dst,
                                 reply_dst) = self.hosts[i]
                                if ip6_dst == ip6:
                                    break
                            if reply_src and reply_dst:
                                _icmp6 = dpkt.icmp6.ICMP6(
                                    type=dpkt.icmp6.ND_NEIGHBOR_SOLICIT,
                                    code=0,
                                    data=struct.pack("!L16sBB6s", 0x60000000,
                                                     dumbnet.ip6_aton(ip6_dst),
                                                     1, 1, rand_mac_dst))
                                _eth = dpkt.ethernet.Ethernet(
                                    dst=eth.src,
                                    src=dumbnet.eth_aton(rand_mac_dst),
                                    type=dpkt.ip.IP_PROTO_IP6,
                                    data=str(_icmp6))
                                self.dumbnet.send(str(_eth))
                                break
            if icmp6.type == dpkt.icmp6.ND_ROUTER_ADVERT:
                if mac in self.hosts:
                    (ip, random_mac, iter, reply) = self.hosts[mac]
                    if self.ui == 'gtk':
                        self.hosts_liststore.set(iter, 2, "R")
            for h in self.hosts:
                if mac == h:
                    return
                (ip, random_mac, iter, reply) = self.hosts[h]
                if mac == random_mac:
                    return
            ip = dumbnet.ip6_ntoa(ip6.src)
            if ip == "::":
                return
            rand_mac = [
                0x00,
                random.randint(0x00, 0xff),
                random.randint(0x00, 0xff),
                random.randint(0x00, 0xff),
                random.randint(0x00, 0xff),
                random.randint(0x00, 0xff)
            ]
            rand_mac = ':'.join(map(lambda x: "%02x" % x, rand_mac))
            if self.ui == 'gtk':
                iter = self.hosts_liststore.append(
                    [mac, ip, "", self.mac_to_vendor(mac)])
            elif self.ui == 'urw':
                self.hostlist.append(
                    self.parent.menu_button(
                        "%s(%s) - %s" % (mac, self.mac_to_vendor(mac), ip),
                        self.urw_hostlist_activated, mac))
                iter = None
            self.hosts[mac] = (dumbnet.ip6_ntoa(ip6.src), rand_mac, iter,
                               False)
            if self.ui == 'gtk':
                self.mappings_liststore.append([mac, rand_mac])
コード例 #8
0
 def input_udp(self, eth, ip, udp, timestamp):
     header = wlccp_header()
     ret = header.parse(udp.data)
     try:
         if DEBUG:
             print "WLCCP-TYPE %X" % header.msg_type
         if header.msg_type & 0x3f == 0x0b:
             #EAP AUTH
             eap_auth = wlccp_eap_auth()
             ret = eap_auth.parse(ret)
             host = dumbnet.eth_ntoa(eap_auth.requestor_mac)
             if DEBUG:
                 print "addr %s, type %X @ %s" % (dumbnet.eth_ntoa(eap_auth.requestor_mac), eap_auth.aaa_msg_type, timestamp)
             if host in self.comms:
                 (iter, leap, leap_pw, nsk, nonces, ctk) = self.comms[host]
             elif not host == "00:00:00:00:00:00":
                 iter = self.comms_treestore.append(None, ["%s\n       <=>\n%s" % (dumbnet.eth_ntoa(header.orig_node_mac), dumbnet.eth_ntoa(header.dst_node_mac)), self.node_types[eap_auth.requestor_type], "", host])
                 self.comms[host] = (iter, (None, None, None, None), None, None, (None, None, None, None, None, (None, None)), None)
             (eapol_version, eapol_type, eapol_len) = struct.unpack("!BBH", ret[2:6])
             ret = ret[6:]
             #check EAP-TYPE
             if eapol_type == 0x00:
                 (eap_code, eap_id, eap_len) = struct.unpack("!BBH", ret[:4])
                 ret = ret[4:]
                 #check EAP-CODE
                 if eap_code == 0x01:
                     (leap_type, leap_version, leap_reserved, leap_count) = struct.unpack("!BBBB", ret[:4])
                     ret = ret[4:]
                     #EAP-REQUEST
                     #check the leap hdr
                     if leap_type == 0x11 and leap_version == 0x01 and leap_reserved == 0x00 and leap_count == 0x08:
                         (leap_auth_chall, leap_auth_resp, leap_supp_chall, leap_supp_resp) = leap
                         if not leap_auth_chall and not leap_auth_resp and not leap_supp_chall and not leap_supp_resp:
                             id = eap_id
                             chall = ret[:8]
                             user = ret[8:16]
                             self.comms_treestore.set(iter, self.COMMS_STATE_ROW, "EAP-AUTH challenge from authenticator seen")
                             self.comms_treestore.append(iter, [ "User", user, "", "" ])
                             self.log("WLCCP: EAP-AUTH challenge from authenticator seen for %s" % host)
                             self.comms[host] = (iter, ((id, chall, user), leap_auth_resp, leap_supp_chall, leap_supp_resp), leap_pw, nsk, nonces, ctk)
                         elif leap_auth_chall and leap_auth_resp and not leap_supp_chall and not leap_supp_resp:
                             chall = ret[:8]
                             self.comms_treestore.set(iter, self.COMMS_STATE_ROW, "EAP-AUTH challenge from supplicant seen")
                             self.log("WLCCP: EAP-AUTH challenge from supplicant seen for %s" % host)
                             self.comms[host] = (iter, (leap_auth_chall, leap_auth_resp, chall, leap_supp_resp), leap_pw, nsk, nonces, ctk)
                         else:
                             if DEBUG:
                                 self.log("WLCCP: fail 5 %s %s %s %s" % (leap_auth_chall, leap_auth_resp, leap_supp_chall, leap_supp_resp))
                     else:
                         if DEBUG:
                             self.log("WLCCP: fail 3 %X %X %X %X" % (leap_type, leap_version, leap_reserved, leap_count))
                 elif eap_code == 0x02:
                     (leap_type, leap_version, leap_reserved, leap_count) = struct.unpack("!BBBB", ret[:4])
                     ret = ret[4:]
                     #EAP-RESPONSE
                     #check the leap hdr
                     if leap_type == 0x11 and leap_version == 0x01 and leap_reserved == 0x00 and leap_count == 0x18:
                         (leap_auth_chall, leap_auth_resp, leap_supp_chall, leap_supp_resp) = leap
                         if leap_auth_chall and not leap_auth_resp and not leap_supp_chall and not leap_supp_resp:
                             resp = ret[:24]
                             self.comms_treestore.set(iter, self.COMMS_STATE_ROW, "EAP-AUTH response from authenticator seen")
                             self.log("WLCCP: EAP-AUTH response from authenticator seen for %s" % host)
                             self.comms[host] = (iter, (leap_auth_chall, resp, leap_supp_chall, leap_supp_resp), leap_pw, nsk, nonces, ctk)
                         elif leap_auth_chall and leap_auth_resp and leap_supp_chall and not leap_supp_resp:
                             resp = ret[:24]
                             self.comms_treestore.set(iter, self.COMMS_STATE_ROW, "EAP-AUTH response from supplicant seen")
                             self.comms_treestore.append(iter, [ "Password", "*ready to crack*", "", "" ])
                             self.log("WLCCP: EAP-AUTH response from supplicant seen for %s" % host)
                             self.comms[host] = (iter, (leap_auth_chall, leap_auth_resp, leap_supp_chall, resp), leap_pw, nsk, nonces, ctk)
                         else:
                             if DEBUG:
                                 self.log("WLCCP: fail 6 %s %s %s %s" % (leap_auth_chall, leap_auth_resp, leap_supp_chall, leap_supp_resp))
                     else:
                         if DEBUG:
                             self.log("WLCCP: fail 4 %X %X %X %X" % (leap_type, leap_version, leap_reserved, leap_count))
                 else:
                     if DEBUG:
                         self.log("WLCCP: fail 2 %X" % eap_code)
             else:
                 if DEBUG:
                     self.log("WLCCP: fail 1 %X" % eapol_type)
         elif header.msg_type & 0x3f == 0x0c:
             host = dumbnet.eth_ntoa(header.orig_node_mac)
             if header.msg_type & 0xc0 == 0x40:
                 #cmPathInit_Reply found
                 if host in self.comms:
                     (iter, leap, leap_pw, nsk, (supp_node, dst_node, nonce_req, nonce_repl, counter, mic), ctk) = self.comms[host]
                     #skip WTLV_CM_PATH_INIT header
                     ret = ret[18:]
                     #skip WTLV_INIT_SESSION header
                     ret = ret[8:]
                     (type, len) = struct.unpack("!HH", ret[:4])
                     if not type == 0x10a or not len == 0x5a:
                         if DEBUG:
                             self.log("WLCCP: malformed WTLV_IN_SECURE_CONTEXT_REPLY header")
                         return
                     #get nonces from WTLV_IN_SECURE_CONTEXT_REPLY header
                     counter = ret[4:8]
                     supp_node = ret[8:16]
                     dst_node = ret[16:24]
                     nonces = ret[24:56]
                     #skip session timeout in WTLV_IN_SECURE_CONTEXT_REPLY header
                     ret = ret[60:]
                     #check for WTLV_MIC header
                     (type, len) = struct.unpack("!HH", ret[:4])
                     if not type == 0x108 or not len == 0x1e:
                         if DEBUG:
                             self.log("WLCCP: malformed WTLV_MIC header")
                         return
                     mic = ret[14:30]
                     if DEBUG:
                         self.log("WLCCP: found MIC %s" % mic.encode("hex"))
                     self.log("WLCCP: PATH-REPLY seen for %s" % host)
                     self.comms[host] = (iter, leap, leap_pw, nsk, (supp_node, dst_node, nonce_req, nonces, counter, (mic, udp.data)), ctk)
             else:
                 #cmPathInit_Request found
                 if host in self.comms:
                     (iter, leap, leap_pw, nsk, (supp_node, dst_node, nonce_req, nonce_repl, counter, mic), ctk) = self.comms[host]
                     #skip WTLV_CM_PATH_INIT header
                     ret = ret[18:]
                     #skip WTLV_INIT_SESSION header
                     ret = ret[8:]
                     #get nonces from WTLV_IN_SECURE_CONTEXT_REPLY header
                     nonces = ret[26:58]                            
                     self.log("WLCCP: PATH-REQUEST seen for %s" % host)
                     self.comms[host] = (iter, leap, leap_pw, nsk, (supp_node, dst_node, nonces, nonce_repl, counter, mic), ctk)
         elif header.msg_type & 0x3f == 0x09:
             host = dumbnet.eth_ntoa(header.orig_node_mac)
             if header.msg_type & 0xc0 == 0x40:
                 #PreRegistration_Reply found
                 if host in self.comms:
                     (iter, leap, leap_pw, nsk, (supp_node, dst_node, nonce_req, nonce_repl, counter, mic), ctk) = self.comms[host]
                     #skip PreRegistration header
                     ret = ret[22:]
                     (contextreq_len,) = struct.unpack("!H", ret[2:4])
                     #substract WLCCP_MIC_len
                     contextreq_len = contextreq_len - 30
                     #get Supplicant-ID from WLCCP_MN_SECURE_CONTEXT_REQ
                     id = ret[16:24]
                     (id_type,) = struct.unpack("!H", id[:2])
                     if id_type == self.NODE_TYPE_CLIENT:
                         client = dumbnet.eth_ntoa(id[2:])
                         if client in self.clients:
                             (iter, org_host, ssid, key_mgmt, ap, crypt, msc, pmk) = self.clients[client]
                             #get Destination-ID from WLCCP_MN_SECURE_CONTEXT_REQ
                             ap = dumbnet.eth_ntoa(ret[10:16])
                             crypt = ret[24:contextreq_len]
                             #skip WLCCP_MN_SECURE_CONTEXT_REPLY
                             ret = ret[contextreq_len:]
                             #get Message Sequence Counter from WLCCP_MIC
                             msc = ret[4:12]
                             self.clients[client] = (iter, org_host, ssid, key_mgmt, ap, crypt, msc, pmk)
                             self.log("WLCCP: PREREGISTRATION-REPLY seen for %s" % client)
                             self.get_pmk(client)
             else:
                 #PreRegistration_Request found
                 if host in self.comms:
                     (iter, leap, leap_pw, nsk, (supp_node, dst_node, nonce_req, nonce_repl, counter, mic), ctk) = self.comms[host]
                     #skip PreRegistration header
                     ret = ret[22:]
                     (type, len) = struct.unpack("!HH", ret[:4])
                     if type == 0x10b and len == 0x95:
                         #get Supplicant-ID from WLCCP_MN_SECURE_CONTEXT_REQ
                         id = ret[16:24]
                         (id_type,) = struct.unpack("!H", id[:2])
                         if id_type == self.NODE_TYPE_CLIENT:
                             client = dumbnet.eth_ntoa(id[2:])
                             #get key management type
                             key_mgmt = ret[25:26]
                             #get ssid len and ssid
                             (ssid_len,) = struct.unpack("!H", ret[68:70])
                             ssid = ret[70:70 + ssid_len]
                             if client not in self.clients:
                                 iter = self.clients_liststore.append([client, ssid, ""])
                                 self.clients[client] = (iter, None, ssid, key_mgmt, None, None, None, None)
                             else:
                                 (iter, org_host, org_ssid, org_key_mgmt, ap, crypt, msc, pmk) = self.clients[client]
                                 self.clients[client] = (iter, host, ssid, key_mgmt, ap, crypt, msc, pmk)
                             self.log("WLCCP: PREREGISTRATION-REQUEST seen for %s on ssid %s" % (client, ssid))
                         else:
                             if DEBUG:
                                 self.log("WLCCP: FAIL 3 %s" % id.encode("hex"))
                     else:
                         if DEBUG:
                             self.log("WLCCP: FAIL 2 %i:%i" % (type, len))
                 else:
                     if DEBUG:
                         self.log("WLCCP: FAIL 1 %s" % host)
     except:
         if DEBUG:
             print '-'*60
             traceback.print_exc(file=sys.stdout)
             print '-'*60
コード例 #9
0
 def set_dumbnet(self, dumbnet_thread):
     self.dumbnet = dumbnet_thread
     self.mac = dumbnet.eth_ntoa(dumbnet_thread.eth.get())
     self.mac_entry.set_text(self.mac)
コード例 #10
0
ファイル: module_dtp.py プロジェクト: VRirus/Loki_on_Kali
 def check_eth(self, eth):
     if dumbnet.eth_ntoa(str(eth.dst)) == DTP_DEST_MAC:
         return (True, True)
     return (False, False)
コード例 #11
0
ファイル: module_glbp.py プロジェクト: VRirus/Loki_on_Kali
    def input_udp(self, eth, ip, udp, timestamp):
        if ip.src != self.ip:
            pkg = glbp_packet()
            data = pkg.parse(str(udp.data))
            req_resp = []
            auth = None
            nonce = None
            auth_str = "Unauthenticated"
            while len(data) > 0:
                #~ print "len: %d data: %s" % (len(data), data.encode("hex"))
                tlv = glbp_tlv()
                tlv.parse(data)
                if tlv.tlv_type == glbp_tlv.TYPE_HELLO:
                    hello = glbp_tlv_hello()
                    data = hello.parse(data)
                elif tlv.tlv_type == glbp_tlv.TYPE_REQ_RESP:
                    tmp = glbp_tlv_req_resp()
                    data = tmp.parse(data)
                    if not tmp.vmac == "\x00\x00\x00\x00\x00\x00":
                        req_resp.append(tmp)
                elif tlv.tlv_type == glbp_tlv.TYPE_AUTH:
                    auth = glbp_tlv_auth()
                    data = auth.parse(data)
                    if auth.auth_type == glbp_tlv_auth.TYPE_PLAIN:
                        auth_str = "Plaintext: '%s'" % auth.secret[:-1]
                    elif auth.auth_type == glbp_tlv_auth.TYPE_MD5_STRING:
                        auth_str = "MD5 String: '%s'" % auth.secret.encode(
                            "hex")
                    elif auth.auth_type == glbp_tlv_auth.TYPE_MD5_CHAIN:
                        auth_str = "MD5 Chain: '%s'" % auth.secret.encode(
                            "hex")
                    else:
                        auth_str = "Unknown"
                else:
                    #~ print "type: %d len: %d" % (tlv.tlv_type, tlv.tlv_length)
                    data = data[tlv.tlv_length:]
            try:
                src = dumbnet.ip_ntoa(ip.src)
            except:
                pass

            if ip.src in self.peers:
                (iter, _, _, req_resp_old, _, _, _) = self.peers[ip.src]
                for i in req_resp:
                    if not i in req_resp_old:
                        req_resp_old.append(i)
                        self.treestore.append(
                            iter,
                            ["", "", i.weight,
                             dumbnet.eth_ntoa(i.vmac), ""])
            else:
                iter = self.treestore.append(None, [
                    src,
                    dumbnet.ip_ntoa(hello.addr), hello.prio, "Seen", auth_str
                ])
                for req in req_resp:
                    self.treestore.append(
                        iter,
                        ["", "", req.weight,
                         dumbnet.eth_ntoa(req.vmac), ""])
                self.peers[ip.src] = (iter, pkg, hello, req_resp, auth, False,
                                      False)
                self.log("GLBP: Got new peer %s" % (src))