示例#1
0
文件: nbns.py 项目: kroosec/legitHost 
    def action(self, packet):
	targetip = utils.bin_to_ip(packet.data.src)
	targetport = 137
	nbns_response = packet.data.data.data
	nbns_response.op = 0x8500
	# For each question, add an answer
	for query in nbns_response.qd:
	    name = decode_name(query.name).rstrip()
	    address = self.getAddress(name)
	    if not address:
		out.debug("%s: Skipped Query from %s for %s" % (self.getName(), targetip, name), 0)
		continue
	    answer = NS.RR()
	    answer.name = query.name # We reinsert in encoded format
	    answer.type = query.type
	    answer.cls = query.cls
	    answer.ttl = 120 # Not very long TTL
	    answer.rlen = 6
	    answer.rdata = '\x00\x00' + utils.ip_to_bin(address) # 0x0000 is flags for Unique name + B-Node
	    nbns_response.an.append(answer)
	nbns_response.qd = []

	if len(nbns_response.an) == 0:
	    return False
	# Response is a UDP packet with 137 source port and Query's IP+Port as destination
	sock = socket(AF_INET, SOCK_DGRAM)
	sock.bind(('0.0.0.0', targetport))
	sock.sendto(str(nbns_response), (targetip, packet.data.data.sport))
	sock.close()
	for answer in nbns_response.an:
	    out.verbose("%s: \tResponse: %s - %s" % (self.getName(), decode_name(answer.name).rstrip(), utils.bin_to_ip(answer.rdata[2:])))
	return True
示例#2
0
文件: nbns.py 项目: kroosec/legitHost 
    def condition(self, packet):
	# Should be an IPv4 packet
	if packet.type != ETH_TYPE_IP:
	    return False

	# Should be a broadcast request
	dstip = utils.bin_to_ip(packet.data.dst)
	if dstip != utils.get_iface_bcast(self.interface) and dstip != "255.255.255.255":
	    return False

	# Should be a UDP packet
	if packet.data.p != IP_PROTO_UDP:
	    return False

	# Should be from port 137 to port 137
	if packet.data.data.dport != 137 or packet.data.data.dport != 137:
	    return False

	# Must be a Name Query
	 # bit 1 = Message is a Query
	 # bit 2-5 = Opcode: Name Query
	  # We check this so we don't reply to Registration Queries
	if packet.data.data.data.op & 0xf800 != 0:
	    return False
	out.verbose("%s: Request from %s" % (self.getName(), utils.bin_to_ip(packet.data.src)))
	out.verbose("%s: \tQueries: %s" % (self.getName(), ' '.join([decode_name(x.name).rstrip() for x in packet.data.data.data.qd])))
	return True
示例#3
0
    def process(self, eth_hdr, ip_hdr):
        udp_hdr = ip_hdr.data
        dns_pkt = dns.DNS(udp_hdr.data)

        for ques in dns_pkt.qd:
            query = netbios.decode_name(ques.name)
            return self.protocol_def.key, query, 0