static int dos_attack_init(void *dummy)
{
char dos_addr[MAX_ASCII_ADDR_LEN];
char unused_addr[MAX_ASCII_ADDR_LEN];
struct port_list *p;
/* It doesn't work if unoffensive */
if (GBL_OPTIONS->unoffensive) {
INSTANT_USER_MSG("dos_attack: plugin doesn't work in UNOFFENSIVE mode\n");
return PLUGIN_FINISHED;
}
/* don't show packets while operating */
GBL_OPTIONS->quiet = 1;
memset(dos_addr, 0, sizeof(dos_addr));
memset(unused_addr, 0, sizeof(dos_addr));
ui_input("Insert victim IP: ", dos_addr, sizeof(dos_addr), NULL);
if (ip_addr_pton(dos_addr, &victim_host) == -EINVALID) {
INSTANT_USER_MSG("dos_attack: Invalid IP address.\n");
return PLUGIN_FINISHED;
}
ui_input("Insert unused IP: ", unused_addr, sizeof(unused_addr), NULL);
if (ip_addr_pton(unused_addr, &fake_host) == -EINVALID) {
INSTANT_USER_MSG("dos_attack: Invalid IP address.\n");
return PLUGIN_FINISHED;
}
if(victim_host.addr_type != fake_host.addr_type) {
INSTANT_USER_MSG("dos_attack: Address' families don't match.\n");
return PLUGIN_FINISHED;
}
INSTANT_USER_MSG("dos_attack: Starting scan against %s [Fake Host: %s]\n", dos_addr, unused_addr);
/* Delete the "open" port list just in case of previous executions */
while (!SLIST_EMPTY(&port_table)) {
p = SLIST_FIRST(&port_table);
SLIST_REMOVE_HEAD(&port_table, next);
SAFE_FREE(p);
}
/* Add the hook to "create" the fake host */
if(ntohs(fake_host.addr_type) == AF_INET)
hook_add(HOOK_PACKET_ARP_RQ, &parse_arp);
#ifdef WITH_IPV6
else if(ntohs(fake_host.addr_type) == AF_INET6)
hook_add(HOOK_PACKET_ICMP6_NSOL, &parse_icmp6);
#endif
/* Add the hook for SYN-ACK reply */
hook_add(HOOK_PACKET_TCP, &parse_tcp);
/* create the flooding thread */
ec_thread_new("golem", "SYN flooder thread", &syn_flooder, NULL);
return PLUGIN_RUNNING;
}
static int gre_relay_init(void *dummy)
{
char tmp[MAX_ASCII_ADDR_LEN];
/* It doesn't work if unoffensive */
if (GBL_OPTIONS->unoffensive) {
INSTANT_USER_MSG("gre_relay: plugin doesn't work in UNOFFENSIVE mode\n");
return PLUGIN_FINISHED;
}
/* don't display messages while operating */
GBL_OPTIONS->quiet = 1;
memset(tmp, 0, sizeof(tmp));
ui_input("Unused IP address: ", tmp, sizeof(tmp), NULL);
if (!inet_aton(tmp, &fake_ip)) {
INSTANT_USER_MSG("gre_relay: Bad IP address\n");
return PLUGIN_FINISHED;
}
USER_MSG("gre_relay: plugin running...\n");
hook_add(HOOK_PACKET_GRE, &parse_gre);
hook_add(HOOK_PACKET_ARP_RQ, &parse_arp);
return PLUGIN_RUNNING;
}
/*
* init the ICMP REDIRECT attack
*/
static int icmp_redirect_start(char *args)
{
struct ip_list *i;
char tmp[MAX_ASCII_ADDR_LEN];
DEBUG_MSG("icmp_redirect_start");
/* check the parameter */
if (!strcmp(args, "")) {
SEMIFATAL_ERROR("ICMP redirect needs a parameter.\n");
} else {
char tmp[strlen(args)+2];
/* add the / to be able to use the target parsing function */
sprintf(tmp, "%s/", args);
if (compile_target(tmp, &redirected_gw) != ESUCCESS)
SEMIFATAL_ERROR("Wrong target parameter");
}
/* we need both mac and ip addresses */
if (redirected_gw.all_mac || redirected_gw.all_ip)
SEMIFATAL_ERROR("You must specify both MAC and IP addresses for the GW");
i = LIST_FIRST(&redirected_gw.ips);
USER_MSG("ICMP redirect: victim GW %s\n", ip_addr_ntoa(&i->ip, tmp));
/* add the hook to receive all the tcp and udp packets */
hook_add(HOOK_PACKET_TCP, &icmp_redirect);
hook_add(HOOK_PACKET_UDP, &icmp_redirect);
return ESUCCESS;
}
static int find_ettercap_init(void *dummy)
{
/* add the hook in the dissector. */
hook_add(HOOK_PACKET_IP, &parse_ip);
hook_add(HOOK_PACKET_ICMP, &parse_icmp);
hook_add(HOOK_PACKET_TCP, &parse_tcp);
return PLUGIN_RUNNING;
}
bool mod_dock_init()
{
if(!ioncore_register_regclass(&CLASSDESCR(WDock),
(WRegionLoadCreateFn*)dock_load)){
return FALSE;
}
if(!mod_dock_register_exports()){
ioncore_unregister_regclass(&CLASSDESCR(WDock));
return FALSE;
}
dock_bindmap=ioncore_alloc_bindmap("WDock", NULL);
if(dock_bindmap==NULL){
warn("Unable to allocate dock bindmap.");
mod_dock_unregister_exports();
ioncore_unregister_regclass(&CLASSDESCR(WDock));
}
extl_read_config("cfg_dock", NULL, TRUE);
hook_add(clientwin_do_manage_alt,
(WHookDummy*)clientwin_do_manage_hook);
return TRUE;
}
int mod_sm_init()
{
if(ioncore_g.sm_client_id!=NULL)
mod_sm_set_ion_id(ioncore_g.sm_client_id);
if(!mod_sm_init_session())
goto err;
if(extl_sessiondir()==NULL)
mod_sm_set_sessiondir();
if(!mod_sm_register_exports())
goto err;
ioncore_set_sm_callbacks(mod_sm_add_match, mod_sm_get_configuration);
hook_add(clientwin_do_manage_alt, (WHookDummy*)sm_do_manage);
ioncore_set_smhook(mod_sm_smhook);
return TRUE;
err:
mod_sm_deinit();
return FALSE;
}
static int find_conn_init(void *dummy)
{
USER_MSG("find_conn: plugin running...\n");
hook_add(HOOK_PACKET_ARP_RQ, &parse_arp);
return PLUGIN_RUNNING;
}
bool mod_query_init()
{
if(!mod_query_register_exports())
goto err;
mod_query_input_bindmap=ioncore_alloc_bindmap("WInput", NULL);
mod_query_wedln_bindmap=ioncore_alloc_bindmap("WEdln", NULL);
if(mod_query_wedln_bindmap==NULL ||
mod_query_input_bindmap==NULL){
goto err;
}
/*ioncore_read_config("cfg_query", NULL, TRUE);*/
load_history();
loaded_ok=TRUE;
hook_add(ioncore_snapshot_hook, save_history);
return TRUE;
err:
mod_query_deinit();
return FALSE;
}
bool mod_statusbar_init()
{
mod_statusbar_statusbar_bindmap=ioncore_alloc_bindmap("WStatusBar", NULL);
if(mod_statusbar_statusbar_bindmap==NULL)
return FALSE;
if(!ioncore_register_regclass(&CLASSDESCR(WStatusBar),
(WRegionLoadCreateFn*) statusbar_load)){
mod_statusbar_deinit();
return FALSE;
}
if(!mod_statusbar_register_exports()){
mod_statusbar_deinit();
return FALSE;
}
hook_add(clientwin_do_manage_alt,
(WHookDummy*)clientwin_do_manage_hook);
/*ioncore_read_config("cfg_statusbar", NULL, TRUE);*/
return TRUE;
}
static int repoison_arp_init(void *dummy)
{
/* variable not used */
(void) dummy;
/* It doesn't work if unoffensive */
if (GBL_OPTIONS->unoffensive) {
INSTANT_USER_MSG("repoison_arp: plugin doesn't work in UNOFFENSIVE mode\n");
return PLUGIN_FINISHED;
}
hook_add(HOOK_PACKET_ARP_RQ, &repoison_func);
hook_add(HOOK_PACKET_ARP_RP, &repoison_func);
return PLUGIN_RUNNING;
}
static int remote_browser_init(void *dummy)
{
/*
* add the hook in the dissector.
*/
hook_add(HOOK_PROTO_HTTP, &remote_browser);
return PLUGIN_RUNNING;
}
static int autoadd_init(void *dummy)
{
/* variable not used */
(void) dummy;
/*
* we'll use arp request to detect active hosts.
* if an host sends arp rq, it want to communicate,
* so it is alive
*/
hook_add(HOOK_PACKET_ARP_RQ, &parse_arp);
return PLUGIN_RUNNING;
}
static int _hook_code(uc_engine *uc, int type, uint64_t begin, uint64_t end,
void *callback, void *user_data, uc_hook *hh)
{
int i;
i = hook_add(uc, type, begin, end, callback, user_data);
if (i == 0)
return UC_ERR_NOMEM;
*hh = i;
return UC_ERR_OK;
}
static int smb_clear_init(void *dummy)
{
/* It doesn't work if unoffensive */
if (GBL_OPTIONS->unoffensive) {
INSTANT_USER_MSG("smb_clear: plugin doesn't work in UNOFFENSIVE mode\n");
return PLUGIN_FINISHED;
}
USER_MSG("smb_clear: plugin running...\n");
hook_add(HOOK_PROTO_SMB, &parse_smb);
return PLUGIN_RUNNING;
}
static uc_err _hook_mem_access(uc_engine *uc, uc_hook_type type,
uint64_t begin, uint64_t end,
void *callback, void *user_data, uc_hook *hh)
{
int i;
i = hook_add(uc, type, begin, end, callback, user_data);
if (i == 0)
return UC_ERR_NOMEM;
*hh = i;
return UC_ERR_OK;
}
void hooks_install()
{
static int installed = 0;
if (installed)
return;
struct _hook *ptr = &hooks[0];
while (ptr->name != NULL)
{
hook_add(ptr->name,ptr->func);
ptr++;
}
installed =1;
}
Cmdret conf_autocmd(List *args, Cmdarg *ca)
{
log_msg("CONFIG", "autocmd");
int len = utarray_len(args->items);
char *event = list_arg(args, 1, VAR_STRING);
int pos = len > 3 ? 2 : -1;
int rem = len > 3 ? 3 : 2;
char *pat = list_arg(args, pos, VAR_STRING);
char *cur = cmdline_line_after(ca->cmdline, rem-1);
if (event && ca->cmdstr->rev)
hook_remove(event, pat);
else if (event && cur)
hook_add(event, pat, cur+1);
return NORET;
}
void* hook_add_from_lib(const char *func_name, const char *lib_name)
{
static void *lib_handle=NULL;
if (lib_handle==NULL)
lib_handle = dlopen(lib_name, RTLD_LAZY);
if (lib_handle == NULL) {
return NULL;
}
void *dl_sym = dlsym(lib_handle, func_name);
if (dl_sym == NULL)
return NULL;
return hook_add(func_name,dl_sym);
}
/*
* Initialize the ssl wrappers
*/
void ssl_wrap_init(void)
{
struct listen_entry *le;
#ifndef HAVE_OPENSSL
/* avoid gcc warning about unused variable */
(void)le;
DEBUG_MSG("ssl_wrap_init: not supported");
return;
#else
/* disable if the aggressive flag is not set */
if (!GBL_CONF->aggressive_dissectors) {
DEBUG_MSG("ssl_wrap_init: not aggressive");
return;
}
/* a valid script for the redirection must be set */
if (!GBL_CONF->redir_command_on) {
DEBUG_MSG("ssl_wrap_init: no redirect script");
USER_MSG("SSL dissection needs a valid 'redir_command_on' script in the etter.conf file\n");
return;
}
DEBUG_MSG("ssl_wrap_init");
sslw_init();
sslw_bind_wrapper();
/* Add the hook to block real ssl packet going to top half */
hook_add(HOOK_HANDLED, &sslw_hook_handled);
number_of_services = 0;
LIST_FOREACH(le, &listen_ports, next)
number_of_services++;
SAFE_CALLOC(poll_fd, 1, sizeof(struct pollfd) * number_of_services);
atexit(ssl_wrap_fini);
#endif
}
int set_loglevel(int level, char *filename)
{
char eci[strlen(filename)+5];
char ecp[strlen(filename)+5];
/* close any previously opened file */
log_stop();
/* if we want to stop logging, return here */
if (level == LOG_STOP) {
DEBUG_MSG("set_loglevel: stopping the log process");
return E_SUCCESS;
}
DEBUG_MSG("set_loglevel(%d, %s)", level, filename);
/* all the host type will be unknown, warn the user */
if (EC_GBL_OPTIONS->read) {
USER_MSG("*********************************************************\n");
USER_MSG("WARNING: while reading form file we cannot determine \n");
USER_MSG("if an host is local or not because the ip address of \n");
USER_MSG("the NIC may have been changed from the time of the dump. \n");
USER_MSG("*********************************************************\n\n");
}
snprintf(eci, strlen(filename)+5, "%s.eci", filename);
snprintf(ecp, strlen(filename)+5, "%s.ecp", filename);
memset(&fdp, 0, sizeof(struct log_fd));
memset(&fdi, 0, sizeof(struct log_fd));
/* open the file(s) */
switch(level) {
case LOG_PACKET:
if (EC_GBL_OPTIONS->compress) {
fdp.type = LOG_COMPRESSED;
} else {
fdp.type = LOG_UNCOMPRESSED;
}
/* create the file */
if (log_open(&fdp, ecp) != E_SUCCESS)
return -E_FATAL;
/* initialize the log file */
log_write_header(&fdp, LOG_PACKET);
/* add the hook point to DISPATCHER */
hook_add(HOOK_DISPATCHER, &log_packet);
/* no break here, loglevel is incremental */
/* fall through */
case LOG_INFO:
if (EC_GBL_OPTIONS->compress) {
fdi.type = LOG_COMPRESSED;
} else {
fdi.type = LOG_UNCOMPRESSED;
}
/* create the file */
if (log_open(&fdi, eci) != E_SUCCESS)
return -E_FATAL;
/* initialize the log file */
log_write_header(&fdi, LOG_INFO);
/* add the hook point to DISPATCHER */
hook_add(HOOK_DISPATCHER, &log_info);
/* add the hook for the ARP packets */
hook_add(HOOK_PACKET_ARP, &log_info);
/* add the hook for ICMP packets */
hook_add(HOOK_PACKET_ICMP, &log_info);
/* add the hook for DHCP packets */
/* (fake icmp packets from DHCP discovered GW and DNS) */
hook_add(HOOK_PROTO_DHCP_PROFILE, &log_info);
break;
}
atexit(log_stop);
return E_SUCCESS;
}
/*
* init the ICMP REDIRECT attack
*/
static int dhcp_spoofing_start(char *args)
{
struct in_addr ipaddr;
char *p;
int i = 1;
DEBUG_MSG("dhcp_spoofing_start");
if (!strcmp(args, ""))
SEMIFATAL_ERROR("DHCP spoofing needs a parameter.\n");
/*
* Check to see if sniff has started
*/
if (!GBL_SNIFF->active)
SEMIFATAL_ERROR("DHCP spoofing requires sniffing to be active.\n");
/* check the parameter:
*
* ip_pool/netmask/dns
*/
for (p = strsep(&args, "/"); p != NULL; p = strsep(&args, "/")) {
/* first parameter (the ip_pool) */
if (i == 1) {
char tmp[strlen(p)+4];
/* add the / to be able to use the target parsing function */
snprintf(tmp, strlen(p)+4, "/%s//", p);
if (compile_target(tmp, &dhcp_ip_pool) != ESUCCESS)
break;
/* second parameter (the netmask) */
} else if (i == 2) {
/* convert from string */
if (inet_aton(p, &ipaddr) == 0)
break;
/* get the netmask */
ip_addr_init(&dhcp_netmask, AF_INET, (u_char *)&ipaddr);
/* third parameter (the dns server) */
} else if (i == 3) {
char tmp[MAX_ASCII_ADDR_LEN];
/* convert from string */
if (inet_aton(p, &ipaddr) == 0)
break;
/* get the netmask */
ip_addr_init(&dhcp_dns, AF_INET, (u_char *)&ipaddr);
/* all the parameters were parsed correctly... */
USER_MSG("DHCP spoofing: using specified ip_pool, netmask %s", ip_addr_ntoa(&dhcp_netmask, tmp));
USER_MSG(", dns %s\n", ip_addr_ntoa(&dhcp_dns, tmp));
/* add the hookpoints */
hook_add(HOOK_PROTO_DHCP_REQUEST, dhcp_spoofing_req);
hook_add(HOOK_PROTO_DHCP_DISCOVER, dhcp_spoofing_disc);
/* create the options */
dhcp_setup_options();
/* se the pointer to the first ip pool address */
dhcp_free_ip = LIST_FIRST(&dhcp_ip_pool.ips);
return ESUCCESS;
}
i++;
}
/* error parsing the parameter */
SEMIFATAL_ERROR("DHCP spoofing: parameter number %d is incorrect.\n", i);
return -EFATAL;
}
void sysproc_init()
{
SYSPROC * proc = sysprocs ;
void * library = NULL ;
const char * filename ;
unsigned int n ;
DLVARFIXUP * globals_fixup = NULL ;
DLVARFIXUP * locals_fixup = NULL ;
DLSYSFUNCS * functions_exports = NULL ;
FN_HOOK module_initialize ;
FN_HOOK module_finalize ;
INSTANCE_HOOK instance_create_hook ;
INSTANCE_HOOK instance_destroy_hook ;
INSTANCE_HOOK instance_pre_execute_hook ;
INSTANCE_HOOK instance_pos_execute_hook ;
INSTANCE_HOOK process_exec_hook ;
HOOK * handler_hooks = NULL ;
int maxcode = 0 ;
char soname[ __MAX_PATH ], fullsoname[ __MAX_PATH ], **spath ;
#if defined( WIN32 )
#define DLLEXT ".dll"
#elif defined(TARGET_MAC)
#define DLLEXT ".dylib"
#else
#define DLLEXT ".so"
#endif
for ( n = 0; n < dcb.data.NImports; n++ )
{
filename = string_get( dcb.imports[n] ) ;
snprintf( soname, __MAX_PATH, "%s" DLLEXT, filename );
filename = soname ;
/* Load library */
if ( debug ) printf ("Loading... %s\n", filename );
fullsoname[0] = '\0';
library = NULL;
spath = dlsearchpath;
while( !library && spath && *spath )
{
sprintf( fullsoname, "%s%s/%s", appexepath, *spath, filename );
library = dlibopen( fullsoname ) ;
spath++;
}
if ( !library ) library = dlibopen( filename ) ;
if ( !library )
{
printf( dliberror() ) ;
exit( 0 );
}
globals_fixup = ( DLVARFIXUP * ) _dlibaddr( library, "globals_fixup" ) ;
locals_fixup = ( DLVARFIXUP * ) _dlibaddr( library, "locals_fixup" ) ;
functions_exports = ( DLSYSFUNCS * ) _dlibaddr( library, "functions_exports" ) ;
module_initialize = ( FN_HOOK ) _dlibaddr( library, "module_initialize" ) ;
module_finalize = ( FN_HOOK ) _dlibaddr( library, "module_finalize" ) ;
instance_create_hook = ( INSTANCE_HOOK ) _dlibaddr( library, "instance_create_hook" ) ;
instance_destroy_hook = ( INSTANCE_HOOK ) _dlibaddr( library, "instance_destroy_hook" ) ;
instance_pre_execute_hook = ( INSTANCE_HOOK ) _dlibaddr( library, "instance_pre_execute_hook" ) ;
instance_pos_execute_hook = ( INSTANCE_HOOK ) _dlibaddr( library, "instance_pos_execute_hook" ) ;
process_exec_hook = ( INSTANCE_HOOK ) _dlibaddr( library, "process_exec_hook" ) ;
handler_hooks = ( HOOK * ) _dlibaddr( library, "handler_hooks" ) ;
/* Fixups */
if ( globals_fixup )
{
while ( globals_fixup->var )
{
get_var_info( globals_fixup, dcb.glovar, dcb.data.NGloVars, globaldata );
globals_fixup++;
}
}
if ( locals_fixup )
{
while ( locals_fixup->var )
{
get_var_info( locals_fixup, dcb.locvar, dcb.data.NLocVars, NULL );
locals_fixup++;
}
}
sysproc_add_tab( functions_exports ) ;
if ( module_initialize )
hook_add( module_initialize, module_initialize_list, module_initialize_allocated, module_initialize_count ) ;
if ( module_finalize )
hook_add( module_finalize, module_finalize_list, module_finalize_allocated, module_finalize_count ) ;
if ( instance_create_hook )
hook_add( instance_create_hook, instance_create_hook_list, instance_create_hook_allocated, instance_create_hook_count ) ;
if ( instance_destroy_hook )
hook_add( instance_destroy_hook, instance_destroy_hook_list, instance_destroy_hook_allocated, instance_destroy_hook_count ) ;
if ( instance_pre_execute_hook )
hook_add( instance_pre_execute_hook, instance_pre_execute_hook_list, instance_pre_execute_hook_allocated, instance_pre_execute_hook_count ) ;
if ( instance_pos_execute_hook )
hook_add( instance_pos_execute_hook, instance_pos_execute_hook_list, instance_pos_execute_hook_allocated, instance_pos_execute_hook_count ) ;
if ( process_exec_hook )
hook_add( process_exec_hook, process_exec_hook_list, process_exec_hook_allocated, process_exec_hook_count ) ;
while ( handler_hooks && handler_hooks->hook )
{
hook_add( *handler_hooks, handler_hook_list, handler_hook_allocated, handler_hook_count ) ;
handler_hooks++;
}
}
if ( debug ) printf ("\n");
/* System Procs FixUp */
sysprocs_fixup();
proc = sysprocs ;
while ( proc->func )
{
if ( maxcode < proc->code ) maxcode = proc->code ;
proc++ ;
}
sysproc_tab = calloc( maxcode + 1 , sizeof( SYSPROC * ) );
proc = sysprocs ;
while ( proc->func )
{
if ( proc->code > -1 ) sysproc_tab[proc->code] = proc ;
proc++ ;
}
/* Sort handler_hooks */
if ( handler_hook_list )
qsort( handler_hook_list, handler_hook_count, sizeof( handler_hook_list[0] ), ( int ( * )( const void *, const void * ) ) compare_priority ) ;
/* Initialize all modules */
if ( module_initialize_count )
for ( n = 0; n < module_initialize_count; n++ )
module_initialize_list[n]();
}
