예제 #1
0
static int dos_attack_init(void *dummy) 
{
   struct in_addr ipaddr;   
   char dos_addr[MAX_ASCII_ADDR_LEN];
   char unused_addr[MAX_ASCII_ADDR_LEN];
   struct port_list *p;
         
   /* It doesn't work if unoffensive */
   if (GBL_OPTIONS->unoffensive) {
      INSTANT_USER_MSG("dos_attack: plugin doesn't work in UNOFFENSIVE mode\n");
      return PLUGIN_FINISHED;
   }
   
   /* don't show packets while operating */
   GBL_OPTIONS->quiet = 1;

   memset(dos_addr, 0, sizeof(dos_addr));
   memset(unused_addr, 0, sizeof(dos_addr));

   ui_input("Insert victim IP: ", dos_addr, sizeof(dos_addr), NULL);
   if (inet_aton(dos_addr, &ipaddr) == 0) {
      INSTANT_USER_MSG("dos_attack: Invalid IP address.\n");
      return PLUGIN_FINISHED;
   }
   ip_addr_init(&victim_host, AF_INET, (char *)&ipaddr);

   ui_input("Insert unused IP: ", unused_addr, sizeof(unused_addr), NULL);
   if (inet_aton(unused_addr, &ipaddr) == 0) {
      INSTANT_USER_MSG("dos_attack: Invalid IP address.\n");
      return PLUGIN_FINISHED;
   }
   ip_addr_init(&fake_host, AF_INET, (char *)&ipaddr);

   INSTANT_USER_MSG("dos_attack: Starting scan against %s [Fake Host: %s]\n", dos_addr, unused_addr);

   /* Delete the "open" port list just in case of previous executions */
   while (!SLIST_EMPTY(&port_table)) {
      p = SLIST_FIRST(&port_table);
      SLIST_REMOVE_HEAD(&port_table, next);
      SAFE_FREE(p);
   }

   /* Add the hook to "create" the fake host */
   hook_add(HOOK_PACKET_ARP_RQ, &parse_arp);

   /* Add the hook for SYN-ACK reply */
   hook_add(HOOK_PACKET_TCP, &parse_tcp);

   /* create the flooding thread */
   ec_thread_new("golem", "SYN flooder thread", &syn_flooder, NULL);

   return PLUGIN_RUNNING;
}
예제 #2
0
static void parse_icmp6(struct packet_object *po)
{
   struct ip_addr ip;
   ip_addr_init(&ip, AF_INET6, po->L4.options);
   if(!ip_addr_cmp(&fake_host, &ip))
      send_icmp6_nadv(&fake_host, &po->L3.src, GBL_IFACE->mac, 0);
}
예제 #3
0
void match_user_ip_add(char *value, char *tag)
{
   struct in_addr ip;

   /* transform the target string into ip_addr struct */
   if (inet_pton(AF_INET, value, &ip) <= 0) {
      DEBUG_MSG(D_ERROR, "Invalid STATIC-IP %s in %s", value, GBL_CONF->redirected_users);
   } else {
      struct ip_addr uip;
      struct timeval tv;

      /* fill the values */
      ip_addr_init(&uip, AF_INET, (u_char *)&ip);

      /* null end_time means there is no timeout */
      memset(&tv, 0, sizeof(struct timeval));

      /*
       * static-ip users are ALWAYS considered active.
       * that's all.
       * the hook to the IP level will trigger the tagging
       */
      active_user_add(&uip, NULL, tag, tv);
   }
}
예제 #4
0
/* Reply to requests for our fake host */
static void parse_arp(struct packet_object *po)
{
   struct ip_addr sa;
   
   ip_addr_init(&sa, AF_INET, (char *)&(fake_ip.s_addr));
   if (!ip_addr_cmp(&sa, &po->L3.dst))
      send_arp(ARPOP_REPLY, &sa, GBL_IFACE->mac, &po->L3.src, po->L2.src);
}
예제 #5
0
/* 
 * Find the right address to reply
 */
static struct ip_addr *dhcp_addr_reply(struct ip_addr *radd)
{
   static struct ip_addr broad_addr;
   u_int32 broad_int32 = 0xffffffff;
   
   ip_addr_init(&broad_addr, AF_INET, (u_char *)&broad_int32);
   
   /* check if the source is 0.0.0.0 */
   if ( ip_addr_is_zero(radd) )
      return &broad_addr;
      
   return radd;
}
예제 #6
0
void get_hw_info(void)
{
   u_long ip;
   struct libnet_ether_addr *ea;
   bpf_u_int32 network, netmask;
   char pcap_errbuf[PCAP_ERRBUF_SIZE];
 
   /* dont touch the interface reading from file */
   if (!GBL_LNET->lnet || GBL_OPTIONS->read) {
      DEBUG_MSG("get_hw_info: skipping... (not initialized)");
      return;
   }
   
   DEBUG_MSG("get_hw_info");
  
   /* get the ip address */
   ip = libnet_get_ipaddr4(GBL_LNET->lnet);
   
   /* if ip is equal to -1 there was an error */
   if (ip != (u_long)~0) {

      /* the interface has an ip address */
      if (ip != 0)
         GBL_IFACE->configured = 1;
      
      /* save the ip address */
      ip_addr_init(&GBL_IFACE->ip, AF_INET, (char *)&ip);
      
      if (pcap_lookupnet(GBL_OPTIONS->iface, &network, &netmask, pcap_errbuf) == -1)
         ERROR_MSG("%s", pcap_errbuf);
      
      ip_addr_init(&GBL_IFACE->network, AF_INET, (char *)&network);

      /* the user has specified a different netmask, use it */
      if (GBL_OPTIONS->netmask) {
         struct in_addr net;
         /* sanity check */
         if (inet_aton(GBL_OPTIONS->netmask, &net) == 0)
            FATAL_ERROR("Invalid netmask %s", GBL_OPTIONS->netmask);

         ip_addr_init(&GBL_IFACE->netmask, AF_INET, (char *)&net);
      } else
         ip_addr_init(&GBL_IFACE->netmask, AF_INET, (char *)&netmask);
      
   } else
      DEBUG_MSG("get_hw_info: NO IP on %s", GBL_OPTIONS->iface);
   
   /* get the mac address */
   ea = libnet_get_hwaddr(GBL_LNET->lnet);

   if (ea != NULL)
      memcpy(GBL_IFACE->mac, ea->ether_addr_octet, MEDIA_ADDR_LEN);
   else
      DEBUG_MSG("get_hw_info: NO MAC for %s", GBL_OPTIONS->iface);

   /* get the MTU */
   GBL_IFACE->mtu = get_iface_mtu(GBL_OPTIONS->iface);
   
   /* check the mtu */
   if (GBL_IFACE->mtu > INT16_MAX)
      FATAL_ERROR("MTU too large");

   USER_MSG("%6s ->\t%s  ",  GBL_OPTIONS->iface,
            mac_addr_ntoa(GBL_IFACE->mac, pcap_errbuf));
   USER_MSG("%16s  ", ip_addr_ntoa(&GBL_IFACE->ip, pcap_errbuf));
   USER_MSG("%16s\n\n", ip_addr_ntoa(&GBL_IFACE->netmask, pcap_errbuf) );
   
   /* if not in bridged sniffing, return */
   if (GBL_SNIFF->type != SM_BRIDGED)
      return;
   
   ip = libnet_get_ipaddr4(GBL_LNET->lnet_bridge);

   /* if ip is equal to -1 there was an error */
   if (ip != (u_long)~0) {
      ip_addr_init(&GBL_BRIDGE->ip, AF_INET, (char *)&ip);
      
      if (pcap_lookupnet(GBL_OPTIONS->iface_bridge, &network, &netmask, pcap_errbuf) == -1)
         ERROR_MSG("%s", pcap_errbuf);
      
      ip_addr_init(&GBL_BRIDGE->network, AF_INET, (char *)&network);
      ip_addr_init(&GBL_BRIDGE->netmask, AF_INET, (char *)&netmask);
      
   } else
      DEBUG_MSG("get_hw_info: NO IP on %s", GBL_OPTIONS->iface_bridge);
   
   ea = libnet_get_hwaddr(GBL_LNET->lnet_bridge);

   if (ea != NULL)
      memcpy(GBL_BRIDGE->mac, ea->ether_addr_octet, MEDIA_ADDR_LEN);
   else
      DEBUG_MSG("get_hw_info: NO MAC for %s", GBL_OPTIONS->iface_bridge);
   
   /* get the MTU */
   GBL_BRIDGE->mtu = get_iface_mtu(GBL_OPTIONS->iface_bridge);
   
   if (GBL_BRIDGE->mtu > INT16_MAX)
      FATAL_ERROR("MTU too large");

   USER_MSG("%6s ->\t%s  ",  GBL_OPTIONS->iface_bridge,
            mac_addr_ntoa(GBL_BRIDGE->mac, pcap_errbuf));
   USER_MSG("%16s  ", ip_addr_ntoa(&GBL_BRIDGE->ip, pcap_errbuf));
   USER_MSG("%16s\n\n", ip_addr_ntoa(&GBL_BRIDGE->netmask, pcap_errbuf) );

   /* some sanity checks */
   if (GBL_BRIDGE->mtu != GBL_IFACE->mtu)
      FATAL_ERROR("The two interfaces must have the same MTU.");

   if (!memcmp(GBL_BRIDGE->mac, GBL_IFACE->mac, MEDIA_ADDR_LEN))
      FATAL_ERROR("The two bridged interfaces must be phisically different");
}
예제 #7
0
void parse_options(int argc, char **argv)
{
   int c;
   struct in_addr ip;

   static struct option long_options[] = {
      { "help", no_argument, NULL, 'h' },
      { "version", no_argument, NULL, 'v' },
      
      { "binary", no_argument, NULL, 'B' },
      { "hex", no_argument, NULL, 'X' },
      { "ascii", no_argument, NULL, 'A' },
      { "text", no_argument, NULL, 'T' },
      { "ebcdic", no_argument, NULL, 'E' },
      { "html", no_argument, NULL, 'H' },
      { "utf8", required_argument, NULL, 'U' },
      { "zero", no_argument, NULL, 'Z' },
      { "xml", no_argument, NULL, 'x' },
      
      { "analyze", no_argument, NULL, 'a' },
      { "connections", no_argument, NULL, 'c' },
      { "filter", required_argument, NULL, 'f' },
      { "filcon", required_argument, NULL, 'F' },
      { "no-headers", no_argument, NULL, 'n' },
      { "only-source", no_argument, NULL, 's' },
      { "only-dest", no_argument, NULL, 'd' },
      { "show-mac", no_argument, NULL, 'm' },
      { "show-client", no_argument, NULL, 'i' },
      { "color", no_argument, NULL, 'k' },
      { "reverse", no_argument, NULL, 'r' },
      { "proto", required_argument, NULL, 't' },
      { "only-local", required_argument, NULL, 'l' },
      { "only-remote", required_argument, NULL, 'L' },
      
      { "outfile", required_argument, NULL, 'o' },
      { "concat", no_argument, NULL, 'C' },
      { "decode", no_argument, NULL, 'D' },
      
      { "user", required_argument, NULL, 'u' },
      { "regex", required_argument, NULL, 'e' },
      { "passwords", no_argument, NULL, 'p' },
      { "client", required_argument, NULL, 'I' },
      
      { 0 , 0 , 0 , 0}
   };

   
   optind = 0;

   while ((c = getopt_long (argc, argv, "AaBCcDdEe:F:f:HhiI:kLlmno:prsTt:U:u:vXxZ", long_options, (int *)0)) != EOF) {

      switch (c) {

         case 'a':
                  GBL.analyze = 1;
                  break;
                  
         case 'c':
                  GBL.connections = 1;
                  break;
                  
         case 'D':
                  GBL.connections = 1;
                  GBL.decode = 1;
                  NOT_IMPLEMENTED();
                  break;
         
         case 'f':
                  target_compile(optarg);
                  break;

         case 'F':
                  filcon_compile(optarg);
                  break;
                  
         case 's':
                  GBL.only_source = 1;
                  break;
                  
         case 'd':
                  GBL.only_dest = 1;
                  break;
                  
         case 'k':
                  GBL.color = 1;
                  break;
                     
         case 'r':
                  GBL.reverse = 1;
                  break;
                  
         case 't':
                  GBL_TARGET->proto = strdup(optarg);
                  break;
                  
         case 'n':
                  GBL.no_headers = 1;
                  break;
                  
         case 'm':
                  GBL.showmac = 1;
                  break;
                  
         case 'i':
                  GBL.showclient = 1;
                  break;
                  
         case 'I':
                  if (inet_aton(optarg, &ip) == 0) {
                     FATAL_ERROR("Invalid client ip address");
                     return;                    
                  }
                  ip_addr_init(&GBL.client, AF_INET, (u_char *)&ip);
                  break;

         case 'l':
                  GBL.only_local = 1;
                  break;
         
         case 'L':
                  GBL.only_remote = 1;
                  break;
                  
         case 'u':
                  GBL.user = strdup(optarg);
                  break;
                  
         case 'p':
                  GBL.passwords = 1;
                  break;

         case 'e':
                  set_display_regex(optarg);
                  break;
                 
         case 'o':
                  GBL_LOGFILE = strdup(optarg);
                  break;
                  
         case 'C':
                  GBL.concat = 1;
                  break;
                  
         case 'B':
                  GBL.format = &bin_format;
                  break;
                  
         case 'X':
                  GBL.format = &hex_format;
                  break;
                  
         case 'A':
                  GBL.format = &ascii_format;
                  break;
                  
         case 'T':
                  GBL.format = &text_format;
                  break;
                  
         case 'E':
                  GBL.format = &ebcdic_format;
                  break;
                  
         case 'H':
                  GBL.format = &html_format;
                  break;
                  
         case 'U':
                  set_utf8_encoding((u_char*)optarg);
                  GBL.format = &utf8_format;
                  break;
                  
         case 'Z':
                  GBL.format = &zero_format;
                  break;
                  
         case 'x':
                  GBL.xml = 1;
                  break;
                  
         case 'h':
                  el_usage();
                  break;

         case 'v':
                  printf("%s %s\n", GBL_PROGRAM, EC_VERSION);
                  exit(0);
                  break;

         case ':': // missing parameter
            fprintf(stdout, "\nTry `%s --help' for more options.\n\n", GBL_PROGRAM);
            exit(0);
         break;

         case '?': // unknown option
            fprintf(stdout, "\nTry `%s --help' for more options.\n\n", GBL_PROGRAM);
            exit(0);
         break;
      }
   }

   /* file concatenation */
   if (GBL.concat) {
      if (argv[optind] == NULL)
         FATAL_ERROR("You MUST specify at least one logfile");
   
      /* this function does not return */
      concatenate(optind, argv);
   }

   /* normal file operation */
   if (argv[optind])
      open_log(argv[optind]);
   else
      FATAL_ERROR("You MUST specify a logfile\n");
  
   /* default to ASCII view */ 
   if (GBL.format == NULL)
      GBL.format = &ascii_format;

   return;
}
예제 #8
0
파일: rib.c 프로젝트: 1514louluo/lagopus
void
rib_init(void) {
  ip_addr_init();
  arp_init();
  route_init();
}
예제 #9
0
/*
 * init the ICMP REDIRECT attack
 */
static int dhcp_spoofing_start(char *args)
{
   struct in_addr ipaddr;
   char *p;
   int i = 1;
  
   DEBUG_MSG("dhcp_spoofing_start");

   if (!strcmp(args, ""))
      SEMIFATAL_ERROR("DHCP spoofing needs a parameter.\n");

   /*
    * Check to see if sniff has started
    */
   if (!GBL_SNIFF->active)
      SEMIFATAL_ERROR("DHCP spoofing requires sniffing to be active.\n");
   
   /* check the parameter:
    *
    * ip_pool/netmask/dns
    */
   for (p = strsep(&args, "/"); p != NULL; p = strsep(&args, "/")) {
      /* first parameter (the ip_pool) */
      if (i == 1) {
         char tmp[strlen(p)+4];

         /* add the / to be able to use the target parsing function */
         snprintf(tmp, strlen(p)+4, "/%s//", p);

         if (compile_target(tmp, &dhcp_ip_pool) != ESUCCESS)
            break;
         
      /* second parameter (the netmask) */
      } else if (i == 2) {
         /* convert from string */
         if (inet_aton(p, &ipaddr) == 0)
            break;
         /* get the netmask */
         ip_addr_init(&dhcp_netmask, AF_INET, (u_char *)&ipaddr);
         
      /* third parameter (the dns server) */
      } else if (i == 3) {
         char tmp[MAX_ASCII_ADDR_LEN];

         /* convert from string */
         if (inet_aton(p, &ipaddr) == 0)
            break;
         /* get the netmask */
         ip_addr_init(&dhcp_dns, AF_INET, (u_char *)&ipaddr);
         
         /* all the parameters were parsed correctly... */
         USER_MSG("DHCP spoofing: using specified ip_pool, netmask %s", ip_addr_ntoa(&dhcp_netmask, tmp));
         USER_MSG(", dns %s\n", ip_addr_ntoa(&dhcp_dns, tmp));
         /* add the hookpoints */
         hook_add(HOOK_PROTO_DHCP_REQUEST, dhcp_spoofing_req);
         hook_add(HOOK_PROTO_DHCP_DISCOVER, dhcp_spoofing_disc);
         /* create the options */
         dhcp_setup_options();

         /* se the pointer to the first ip pool address */
         dhcp_free_ip = LIST_FIRST(&dhcp_ip_pool.ips);
         return ESUCCESS;
      }
      
      i++;
   }

   /* error parsing the parameter */
   SEMIFATAL_ERROR("DHCP spoofing: parameter number %d is incorrect.\n", i);

   return -EFATAL;
}
예제 #10
0
/*
 * parses the request and send the spoofed reply
 */
static void dhcp_spoofing_req(struct packet_object *po)
{
   char dhcp_hdr[LIBNET_DHCPV4_H];
   struct libnet_dhcpv4_hdr *dhcp;
   u_int8 *options, *opt, *end;
   struct ip_addr client, server;
   char tmp[MAX_ASCII_ADDR_LEN];
   
   DEBUG_MSG("dhcp_spoofing_req");

   /* get a local copy of the dhcp header */
   memcpy(dhcp_hdr, po->DATA.data, LIBNET_DHCPV4_H);

   dhcp = (struct libnet_dhcpv4_hdr *)dhcp_hdr;

   /* get the pointers to options */
   options = po->DATA.data + LIBNET_DHCPV4_H;
   end = po->DATA.data + po->DATA.len;

   /* use the same dhcp header, but change the type of the message */
   dhcp->dhcp_opcode = LIBNET_DHCP_REPLY;

   /* 
    * if the client is requesting a particular IP address,
    * release it. so we don't mess the network too much...
    * only change the router ip ;)
    */

   /* get the requested ip */
   if ((opt = get_dhcp_option(DHCP_OPT_RQ_ADDR, options, end)) != NULL)
      ip_addr_init(&client, AF_INET, opt + 1);
   else {
      /* search if the client already has the ip address */
      if (dhcp->dhcp_cip != 0) {
         ip_addr_init(&client, AF_INET, (u_char *)&dhcp->dhcp_cip);
      } else
         return;
   }
  
   /* set the requested ip */
   dhcp->dhcp_yip = ip_addr_to_int32(&client.addr);
  
   /* this is a dhcp ACK */
   dhcp_options[2] = DHCP_ACK;
   
   /* 
    * if it is a request after an offer from a server,
    * spoof its ip to be stealth.
    */
   if ((opt = get_dhcp_option(DHCP_OPT_SRV_ADDR, options, end)) != NULL) {
      /* get the server id */
      ip_addr_init(&server, AF_INET, opt + 1);
   
      /* set it in the header */
      dhcp->dhcp_sip = ip_addr_to_int32(&server.addr);

      /* set it in the options */
      ip_addr_cpy((u_char*)dhcp_options + 5, &server);
   
      send_dhcp_reply(&server, dhcp_addr_reply(&po->L3.src), po->L2.src, (u_char*)dhcp_hdr, (u_char*)dhcp_options, dhcp_optlen);
      
   } else {
      /* 
       * the request does not contain an identifier,
       * use our ip address
       */
      dhcp->dhcp_sip = ip_addr_to_int32(&GBL_IFACE->ip.addr);
      
      /* set it in the options */
      ip_addr_cpy((u_char*)dhcp_options + 5, &GBL_IFACE->ip);
   
      send_dhcp_reply(&GBL_IFACE->ip, dhcp_addr_reply(&po->L3.src), po->L2.src, (u_char*)dhcp_hdr, (u_char*)dhcp_options, dhcp_optlen);
   }

   USER_MSG("DHCP spoofing: fake ACK [%s] ", mac_addr_ntoa(po->L2.src, tmp));
   USER_MSG("assigned to %s \n", ip_addr_ntoa(&client, tmp));
}