def dhcp_release(ip, hw, server):
x_id = random.randrange(1, 1000000)
hw_str = scapy.mac2str(hw)
dhcp_release_pkt = scapy.IP(src=ip, dst=server) / scapy.UDP(sport=68, dport=67) / scapy.BOOTP(ciaddr=ip, xid=x_id, chaddr=hw_str) / scapy.DHCP(options=[('message-type', 'release'),('server_id', server), ('end')])
scapy.send(dhcp_release_pkt, verbose=0)
def generate_DHCP():
global all_given_leases
x_id = random.randrange(1, 1000000)
hw = "00:00:5e" + str(scapy.RandMAC())[8:]
hw_str = scapy.mac2str(hw)
# print(hw)
# print(hw_str)
dhcp_discover_pkt = scapy.Ether(dst='ff:ff:ff:ff:ff:ff', src=hw) / scapy.IP(src='0.0.0.0', dst='255.255.255.255') / scapy.UDP(sport=68, dport=67) / scapy.BOOTP(op=1, xid=x_id, chaddr=hw_str) / scapy.DHCP(options=[('message-type', 'discover'), ('end')])
ans, unans = scapy.srp(dhcp_discover_pkt, iface=interface, timeout=2.5, verbose=0)
# print(ans)
# print(unans)
# print(ans.summary())
# print(ans[0][1][scapy.BOOTP].yiaddr)
offered_ip = ans[0][1][scapy.BOOTP].yiaddr
dhcp_request_pkt = scapy.Ether(dst='ff:ff:ff:ff:ff:ff', src=hw) / scapy.IP(src='0.0.0.0', dst='255.255.255.255') / scapy.UDP(sport=68, dport=67) / scapy.BOOTP(op=1, xid=x_id, chaddr=hw_str) / scapy.DHCP(options=[('message-type', 'request'),('requested_addr', offered_ip), ('end')])
ans, unans = scapy.srp(dhcp_discover_pkt, iface=interface, timeout=2.5, verbose=0)
# print(ans)
# print(unans)
# print(ans.summary())
# print(ans[0][1][scapy.BOOTP].yiaddr)
# print(ans[0][1][scapy.IP].src)
offered_ack_ip = ans[0][1][scapy.BOOTP].yiaddr
server_ip = ans[0][1][scapy.IP].src
all_given_leases.append(offered_ack_ip)
server_id.append(server_ip)
client_mac.append(hw)
return all_given_leases, server_id, client_mac
def dhcp_discover_pkt(mac, hostname):
pkt = Ether(src=mac, dst='ff:ff:ff:ff:ff:ff') / \
IP(src='0.0.0.0', dst='255.255.255.255') / \
UDP(sport=68, dport=67) / \
BOOTP(xid=make_xid(), chaddr=mac2str(mac)) / \
DHCP(options=[('message-type', 'discover'),
('hostname', hostname), 'end'])
return pkt
def dhcp_discover_pkt(mac, hostname):
pkt = Ether(src=mac, dst='ff:ff:ff:ff:ff:ff') / \
IP(src='0.0.0.0', dst='255.255.255.255') / \
UDP(sport=68, dport=67) / \
BOOTP(xid=make_xid(), chaddr=mac2str(mac)) / \
DHCP(options=[('message-type', 'discover'),
('hostname', hostname), 'end'])
return pkt
def send_probe_req(self, bssid, essid):
"""Send a probe request to the specified AP"""
src = RandMAC() if self.mac is None else self.mac
self.logger.info(
'[!] Sending Broadcast Probe Request: SRC=[%s] -> BSSID: %s ESSID: %s'
% (src, bssid, essid))
param = Dot11ProbeReq()
essid = Dot11Elt(ID='SSID', info=essid)
rates = Dot11Elt(ID='Rates', info="\x03\x12\x96\x18\x24\x30\x48\x60")
dsset = Dot11Elt(ID='DSset', info='\x01')
pkt = RadioTap() / Dot11(
type=0,
subtype=4,
addr1='ff:ff:ff:ff:ff:ff',
addr2=src,
addr3='ff:ff:ff:ff:ff:ff') / param / essid / rates / dsset
try:
sendp(pkt, verbose=0)
except:
return
# raise
#
print("Probing network '%s (%s)'\n" % (bssid, essid))
try:
# Build a probe request packet with a SSID and a WPS information element
dst = mac2str(bssid)
src = mac2str("ff:ff:ff:ff:ff:ff")
packet = Dot11(addr1=dst, addr2=src, addr3=dst) / Dot11ProbeReq()
packet = packet / Dot11Elt(
ID=0, len=len(essid), info=essid) / Dot11Elt(
ID=221,
len=9,
info="%s\x10\x4a\x00\x01\x10" % self.wps_parser.WPS_ID)
# Send it!
send(packet, verbose=0)
# self.probedNets[bssid] = None
except Exception, e:
print 'Failure sending probe request to', essid, ':', e
def generate(self, cha_mac=None, dst_ip=None):
"""Generates a DHCP offer packet.
Args:
cha_mac: hardware target address for DHCP offer (Optional)
dst_ip: ipv4 address of target host for renewal (Optional)
"""
# Create DHCP layer
dhcp = scapy.DHCP(options=[
('message-type', 'offer'),
('subnet_mask', self.subnet_mask),
('server_id', self.src_ipv4),
('end'),
])
# Overwrite standard DHCP fields
sta_hw = (cha_mac if cha_mac is not None else self.dst_mac)
sta_ip = (dst_ip if dst_ip is not None else self.dst_ipv4)
# Create Boot
bootp = scapy.BOOTP(op=DHCP_OFFER_OP,
yiaddr=sta_ip,
siaddr=self.src_ipv4,
giaddr=self.gw_ipv4,
chaddr=scapy.mac2str(sta_hw),
xid=DHCP_TRANS_ID)
# Create UDP
udp = scapy.UDP(sport=DHCP_OFFER_SRC_PORT, dport=DHCP_OFFER_DST_PORT)
# Create IP layer
ip4 = scapy.IP(src=self.src_ipv4, dst=IPV4_BROADCAST)
# Create Ethernet layer
ethernet = scapy.Ether(dst=MAC_BROADCAST, src=self.src_mac)
self.packet = ethernet / ip4 / udp / bootp / dhcp
return self.packet
def send(self, ud):
hwbytes = scapy.mac2str(ud.dhcp.hwaddr)
# Prepare options
options = [
("message-type", self.message_type),
("param_req_list",
chr(scapy.DHCPRevOptions["renewal_time"][0]),
chr(scapy.DHCPRevOptions["rebinding_time"][0]),
chr(scapy.DHCPRevOptions["lease_time"][0]),
chr(scapy.DHCPRevOptions["subnet_mask"][0]),
chr(scapy.DHCPRevOptions["router"][0]),
)
]
if self.type in ["REQUEST", "REBOOT", ]:
options.append(('requested_addr', ud.dhcp.lease.public_config['ip']))
if self.type in ["REQUEST", ]:
options.append(('server_id', ud.dhcp.lease.server_ip))
options.append('end')
pkt = scapy.DHCP(options=options)
# Prepare BOOTP
pkt = scapy.BOOTP(chaddr=[hwbytes], xid=ud.dhcp.lease.xid)/pkt
if self.type in [ "RENEW", "REBIND", ]:
pkt.ciaddr = ud.dhcp.lease.public_config['ip']
# Prepare UDP/IP
pkt = scapy.IP(src=pkt.ciaddr, dst=IP_BCAST)/scapy.UDP(sport=68, dport=67)/pkt
if self.type in [ "RENEW" ]:
pkt.dst = ud.dhcp.lease.server_ip
# Prepare Ethernet
pkt = scapy.Ether(src=ud.dhcp.hwaddr, dst=ETHER_BCAST)/pkt
if self.type in [ "RENEW" ]:
pkt.dst = ud.dhcp.lease.server_mac
#print "Out:", repr(scapy.Ether(str(pkt)))
ud.dhcp.socket.port.send(str(pkt))