def answerUDP(self, packet): # print(udp_color + 'New udp client:') # packet.summary() # print(reset_color, end="") dst_port = packet.sport src_port = packet.dport victim_ip = packet['IP'].src my_ip = packet['IP'].dst service = self.port_mapper[str(src_port) + "False"] if self.subscribers and victim_ip in self.subscribers[ 0].white_list or victim_ip in self.subscribers[0].black_list: return # TODO identify UDP -sV packet # if not self.os_spoofer and self.os_spoofer.personality_fingerprint: # self.publish(Event(EventTypes.UDPOpenHit, victim_ip)) ip = IP(src=my_ip, dst=victim_ip) udp = UDP(sport=src_port, dport=dst_port) payload = service.genRegexString() udp_main = ip / udp / payload # print(udp_color, end="") if SessionManager.getInstance().is_android: ether = Ether(src=packet['Ether'].dst, dst=packet['Ether'].src, type=0x800) sendp(ether / udp_main, iface=self.interfaces[0]) else: send(udp_main, verbose=False) # print(udp_color + 'udp client done' + reset_color) return ""
def __init__(self, con, cur): """ Virtually private constructor. """ if EPSController.__instance != None: raise Exception("This class is a singleton!") else: EPSController.__instance = self self.con = con self.cur = cur self.sm = SessionManager.getInstance()
def _stopIpTables(self): if SessionManager.getInstance().is_android: iptables = '/system/bin/iptables' else: iptables = 'iptables' for service in self.services: if service.tcp: set_iptable = iptables + ' -D OUTPUT -p tcp --tcp-flags RST RST --sport ' + str( service.port) + ' -j DROP' elif service.udp: set_iptable = iptables + ' -D OUTPUT -p icmp --icmp-type destination-unreachable -j DROP' os.system(set_iptable)
def answerTCP(self, packet): try: # print(tcp_color + 'New tcp client:') # packet.show() # print(reset_color, end="") dport = packet.sport sport = packet.dport SeqNr = packet.seq AckNr = packet.seq + 1 my_mac = packet['Ether'].dst victim_mac = packet['Ether'].src victim_ip = packet['IP'].src my_ip = packet['IP'].dst service = self.port_mapper[str(sport) + "True"] if self.subscribers and victim_ip in self.subscribers[ 0].white_list or victim_ip in self.subscribers[ 0].black_list: return # Let os_spoofer handle publishing if able to ''' if not self.os_spoofer: is_nmap = False is_sv = False try: if packet['TCP'].window == 64240 and \ (('MSS', 1460) == packet['TCP'].options[0]) and \ (('WScale', 8) == packet['TCP'].options[-1]): self.publish(Event(EventTypes.ServiceVersionScan, victim_ip)) is_sv = True except: pass try: if packet['TCP'].window == 1024 and \ packet['TCP'].options == [('MSS', 1460)] and \ packet['IP'].flags == 0: self.publish(Event(EventTypes.TCPScan, victim_ip)) is_nmap = True except: pass if not is_nmap and not is_sv: self.publish(Event(EventTypes.TCPOpenHit, victim_ip)) ''' # send syn ack ip = IP(src=my_ip, dst=victim_ip) ether = Ether(src=my_mac, dst=victim_mac, type=0x800) tcp_synack = TCP(sport=sport, dport=dport, flags="SA", seq=SeqNr, ack=AckNr, options=[('MSS', 1460)]) handshake = ip / tcp_synack if SessionManager.getInstance().is_android: handshake = ether / handshake # print(tcp_color+"sending synack", end="") if self.os_spoofer and self.os_spoofer.personality_fingerprint: handshake = self.os_spoofer.handleTCP(packet, handshake) if not handshake: return if SessionManager.getInstance().is_android: ANSWER = srp1(handshake, timeout=8, iface=self.interfaces[0]) else: ANSWER = sr1(handshake, timeout=8, verbose=0) # print("\ngot it"+reset_color) if not ANSWER: # print(red + "TIMEOUT on syn ack" + reset_color) return "" # Capture next TCP packet if the client talks first # GEThttp = sniff(filter="tcp and src host "+str(victim_ip)+" and port "+str(server_port),count=1) # GEThttp = GEThttp[0] # AckNr = AckNr+len(GEThttp['Raw'].load) # send psh ack (main tcp packet) SeqNr += 1 # payload="HTTP/1.1 200 OK\x0d\x0aDate: Wed, 29 Sep 2010 20:19:05 GMT\x0d\x0aServer: Testserver\x0d\x0aConnection: Keep-Alive\x0d\x0aContent-Type: text/html; charset=UTF-8\x0d\x0aContent-Length: 291\x0d\x0a\x0d\x0a<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0//EN\"><html><head><title>Testserver</title></head><body bgcolor=\"black\" text=\"white\" link=\"blue\" vlink=\"purple\" alink=\"red\"><p><font face=\"Courier\" color=\"blue\">-Welcome to test server-------------------------------</font></p></body></html>" payload = service.genRegexString() tcp_pshack = TCP(sport=sport, dport=dport, flags="PA", seq=SeqNr, ack=AckNr, options=[('MSS', 1460)]) tcp_main = ip / tcp_pshack / payload if SessionManager.getInstance().is_android: tcp_main = ether / tcp_main # print(tcp_color, end="") if SessionManager.getInstance().is_android: ACKDATA = srp1(tcp_main, timeout=5, iface=self.interfaces[0]) else: ACKDATA = sr1(tcp_main, timeout=5, verbose=0) # print(reset_color, end="") if not ACKDATA: # print(red + "TIMEOUT on ack data" + reset_color) return "" # send fin SeqNr = ACKDATA.ack tcp_fin_ack = TCP(sport=sport, dport=dport, flags="FA", seq=SeqNr, ack=AckNr, options=[('MSS', 1460)]) # print(tcp_color, end="") goodbye = ether / ip / tcp_fin_ack if SessionManager.getInstance().is_android: sendp(goodbye, iface=self.interfaces[0]) else: send(goodbye, verbose=0) print(tcp_color + 'tcp client done' + reset_color) except Exception as e: print("TCP ERR", e) traceback.print_exec() return ""
def __init__(self, interface_list, os_id='', service_list='', ignore='', security_level=1, log_dir=None, kill_file='', white_list='', black_list='', trusted=False, trusted_file=''): if os_id == None: os_id = '' if service_list == None: service_list = '' if ignore == None: ignore = '' if log_dir == None: log_dir = os.path.dirname(sys.argv[0]) + '/logs' if kill_file == None: kill_file = '' if security_level == None: security_level = 1 if white_list == None: white_list = '' if black_list == None: black_list = '' if trusted == None: trusted = False if trusted_file == None: trusted_file = '' self.interface_list = interface_list.split(',') self.os_id = os_id self.service_list = service_list self.services = self.service_list.split(';') self.ignore = ignore.split(',') self.kill_file = kill_file self.log_dir = log_dir self.security_level = int(security_level) self.white_list = white_list.split(',') self.black_list = black_list.split(',') if trusted and not trusted_file: trusted_file = os.path.dirname( sys.argv[0]) + '/settings/Default/trusted.csv' if trusted_file: open(trusted_file, 'a+').close() # TODO V&V inputs if self.kill_file: w = open(self.kill_file + ".good", "w+") w.write("nothing gold can stay") w.close() if not self.interface_list[-1]: self.interface_list = self.interface_list[:-1] if not self.white_list[-1]: self.white_list = self.white_list[:-1] if not self.black_list[-1]: self.black_list = self.black_list[:-1] if not self.services[-1]: self.services = self.services[:-1] if not self.ignore[-1]: self.ignore = self.ignore[:-1] self.os_spoofer = None self.service_spoofer = None if self.security_level: self.ids = IDS(self.log_dir, self.security_level, self.white_list, self.black_list) #if self.os_id: self.os_spoofer = OsSpoofer(self.interface_list, self.os_id, self.ignore, self.services, trusted_file) if self.security_level: self.os_spoofer.addSubscriber(self.ids) print(str(self.os_spoofer)) if self.service_list: self.service_spoofer = ServiceSpoofer(self.interface_list, self.services, self.os_spoofer) if self.security_level: self.service_spoofer.addSubscriber(self.ids) if self.os_spoofer: self.os_spoofer.start() if self.service_spoofer: self.service_spoofer.start() #''' # Normal mode while True if not self.kill_file else not os.path.isfile( self.kill_file): try: time.sleep(5) except: break if self.kill_file: os.remove(self.kill_file) os.remove(self.kill_file + ".good") # ''' ''' # Testing mode time.sleep(5) OhHoney.scpNmap(self.os_spoofer, True, self.log_file) #time.sleep(3) #print('____________________FIRST ROUND DONE______________________') #OhHoney.scpNmap(self.os_spoofer, True, self.log_file) #time.sleep(3) #print('____________________SECOND ROUND DONE______________________') #OhHoney.scpNmap(self.os_spoofer, True) # ''' if self.os_spoofer: self.os_spoofer.stop() if self.service_spoofer: self.service_spoofer.stop() if self.ids and not SessionManager.getInstance().is_android: self.ids.clearIptables() print('ALL DONE')