|
Packit Service |
b25606 |
/*
|
|
Packit Service |
b25606 |
*
|
|
Packit Service |
b25606 |
* libnet 1.1
|
|
Packit Service |
b25606 |
* Build a Sebek packet
|
|
Packit Service |
b25606 |
*
|
|
Packit Service |
b25606 |
* Copyright (c) 2004 Frederic Raynal <pappy@security-labs.org>
|
|
Packit Service |
b25606 |
* All rights reserved.
|
|
Packit Service |
b25606 |
*
|
|
Packit Service |
b25606 |
* Redistribution and use in source and binary forms, with or without
|
|
Packit Service |
b25606 |
* modification, are permitted provided that the following conditions
|
|
Packit Service |
b25606 |
* are met:
|
|
Packit Service |
b25606 |
* 1. Redistributions of source code must retain the above copyright
|
|
Packit Service |
b25606 |
* notice, this list of conditions and the following disclaimer.
|
|
Packit Service |
b25606 |
* 2. Redistributions in binary form must reproduce the above copyright
|
|
Packit Service |
b25606 |
* notice, this list of conditions and the following disclaimer in the
|
|
Packit Service |
b25606 |
* documentation and/or other materials provided with the distribution.
|
|
Packit Service |
b25606 |
*
|
|
Packit Service |
b25606 |
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
|
Packit Service |
b25606 |
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
Packit Service |
b25606 |
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
Packit Service |
b25606 |
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
Packit Service |
b25606 |
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
Packit Service |
b25606 |
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
Packit Service |
b25606 |
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
Packit Service |
b25606 |
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
Packit Service |
b25606 |
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
Packit Service |
b25606 |
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
Packit Service |
b25606 |
* SUCH DAMAGE.
|
|
Packit Service |
b25606 |
*
|
|
Packit Service |
b25606 |
*/
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
#if (HAVE_CONFIG_H)
|
|
Packit Service |
b25606 |
#if ((_WIN32) && !(__CYGWIN__))
|
|
Packit Service |
b25606 |
#include "../include/win32/config.h"
|
|
Packit Service |
b25606 |
#else
|
|
Packit Service |
b25606 |
#include "../include/config.h"
|
|
Packit Service |
b25606 |
#endif
|
|
Packit Service |
b25606 |
#endif
|
|
Packit Service |
b25606 |
#include "./libnet_test.h"
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
void usage(char *name)
|
|
Packit Service |
b25606 |
{
|
|
Packit Service |
b25606 |
fprintf(stderr,
|
|
Packit Service |
b25606 |
"usage: %s [-D eth_dst] [-s source_ip] [-d destination_ip]"
|
|
Packit Service |
b25606 |
"[-u UDP port] [-m magic] [-v version] [-t type] [-S sec] [-U usec] [-P PID] [-I UID] [-f FD] [-c cmd]"
|
|
Packit Service |
b25606 |
" [-i iface] [-p payload]\n",
|
|
Packit Service |
b25606 |
name);
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
}
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
int
|
|
Packit Service |
b25606 |
main(int argc, char *argv[])
|
|
Packit Service |
b25606 |
{
|
|
Packit Service |
b25606 |
int c, port = 1101;
|
|
Packit Service |
b25606 |
libnet_t *l;
|
|
Packit Service |
b25606 |
char *device = NULL;
|
|
Packit Service |
b25606 |
char *eth_dst = "11:11:11:11:11:11";
|
|
Packit Service |
b25606 |
char *dst = "2.2.2.2", *src = "1.1.1.1";
|
|
Packit Service |
b25606 |
u_long src_ip, dst_ip;
|
|
Packit Service |
b25606 |
char errbuf[LIBNET_ERRBUF_SIZE];
|
|
Packit Service |
b25606 |
libnet_ptag_t ptag = 0;
|
|
Packit Service |
b25606 |
u_char *payload = 0;
|
|
Packit Service |
b25606 |
char payload_flag = 0;
|
|
Packit Service |
b25606 |
u_long payload_s = 0;
|
|
Packit Service |
b25606 |
unsigned int magic = 0x0defaced,
|
|
Packit Service |
b25606 |
counter = 0x12345678,
|
|
Packit Service |
b25606 |
sec = 0, usec = 0,
|
|
Packit Service |
b25606 |
pid = 1,
|
|
Packit Service |
b25606 |
uid = 666,
|
|
Packit Service |
b25606 |
fd = 2;
|
|
Packit Service |
b25606 |
char *cmd = "./h4ckw0r1D";
|
|
Packit Service |
b25606 |
unsigned int length = strlen(cmd)+1;
|
|
Packit Service |
b25606 |
unsigned short version = SEBEK_PROTO_VERSION, type = SEBEK_TYPE_READ;
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
printf("libnet 1.1 packet shaping: Sebek[link]\n");
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
/*
|
|
Packit Service |
b25606 |
* handle options
|
|
Packit Service |
b25606 |
*/
|
|
Packit Service |
b25606 |
while ((c = getopt(argc, argv, "D:d:s:u:m:v:t:S:U:P:I:f:c:p:i:h")) != EOF)
|
|
Packit Service |
b25606 |
{
|
|
Packit Service |
b25606 |
switch (c)
|
|
Packit Service |
b25606 |
{
|
|
Packit Service |
b25606 |
case 'D':
|
|
Packit Service |
b25606 |
eth_dst = optarg;
|
|
Packit Service |
b25606 |
break;
|
|
Packit Service |
b25606 |
case 'd':
|
|
Packit Service |
b25606 |
dst = optarg;
|
|
Packit Service |
b25606 |
break;
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
case 's':
|
|
Packit Service |
b25606 |
src = optarg;
|
|
Packit Service |
b25606 |
break;
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
case 'i':
|
|
Packit Service |
b25606 |
device = optarg;
|
|
Packit Service |
b25606 |
break;
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
case 'u':
|
|
Packit Service |
b25606 |
port = atoi(optarg);
|
|
Packit Service |
b25606 |
break;
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
case 'm':
|
|
Packit Service |
b25606 |
magic = strtoul(optarg, NULL, 10);
|
|
Packit Service |
b25606 |
break;
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
case 'v':
|
|
Packit Service |
b25606 |
version = (unsigned short) strtoul(optarg, NULL, 10);
|
|
Packit Service |
b25606 |
break;
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
case 't':
|
|
Packit Service |
b25606 |
type = (unsigned short) strtoul(optarg, NULL, 10);
|
|
Packit Service |
b25606 |
break;
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
case 'S':
|
|
Packit Service |
b25606 |
sec = strtoul(optarg, NULL, 10);
|
|
Packit Service |
b25606 |
break;
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
case 'U':
|
|
Packit Service |
b25606 |
usec = strtoul(optarg, NULL, 10);
|
|
Packit Service |
b25606 |
break;
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
case 'P':
|
|
Packit Service |
b25606 |
pid = strtoul(optarg, NULL, 10);
|
|
Packit Service |
b25606 |
break;
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
case 'I':
|
|
Packit Service |
b25606 |
uid = strtoul(optarg, NULL, 10);
|
|
Packit Service |
b25606 |
break;
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
case 'f':
|
|
Packit Service |
b25606 |
fd = strtoul(optarg, NULL, 10);
|
|
Packit Service |
b25606 |
break;
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
case 'c':
|
|
Packit Service |
b25606 |
cmd = optarg;
|
|
Packit Service |
b25606 |
length = strlen(cmd);
|
|
Packit Service |
b25606 |
break;
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
case 'p':
|
|
Packit Service |
b25606 |
payload_flag = 1;
|
|
Packit Service |
b25606 |
payload = optarg;
|
|
Packit Service |
b25606 |
payload_s = strlen(payload);
|
|
Packit Service |
b25606 |
break;
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
case 'h':
|
|
Packit Service |
b25606 |
usage(argv[0]);
|
|
Packit Service |
b25606 |
exit(EXIT_SUCCESS);
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
default:
|
|
Packit Service |
b25606 |
exit(EXIT_FAILURE);
|
|
Packit Service |
b25606 |
}
|
|
Packit Service |
b25606 |
}
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
/*
|
|
Packit Service |
b25606 |
* Initialize the library. Root priviledges are required.
|
|
Packit Service |
b25606 |
*/
|
|
Packit Service |
b25606 |
l = libnet_init(
|
|
Packit Service |
b25606 |
LIBNET_LINK_ADV, /* injection type */
|
|
Packit Service |
b25606 |
device, /* network interface */
|
|
Packit Service |
b25606 |
errbuf); /* error buffer */
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
if (l == NULL)
|
|
Packit Service |
b25606 |
{
|
|
Packit Service |
b25606 |
fprintf(stderr, "libnet_init() failed: %s", errbuf);
|
|
Packit Service |
b25606 |
exit(EXIT_FAILURE);
|
|
Packit Service |
b25606 |
}
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
printf("Using device %s\n", l->device);
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
if (payload_flag)
|
|
Packit Service |
b25606 |
{
|
|
Packit Service |
b25606 |
memset(cmd, 0, sizeof(cmd));
|
|
Packit Service |
b25606 |
memcpy(cmd, payload, (payload_s < 12 ? payload_s : 12));
|
|
Packit Service |
b25606 |
length = payload_s;
|
|
Packit Service |
b25606 |
}
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
if ((dst_ip = libnet_name2addr4(l, dst, LIBNET_RESOLVE)) == -1)
|
|
Packit Service |
b25606 |
{
|
|
Packit Service |
b25606 |
fprintf(stderr, "Bad destination IP address: %s\n", dst);
|
|
Packit Service |
b25606 |
exit(EXIT_FAILURE);
|
|
Packit Service |
b25606 |
}
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
if ((src_ip = libnet_name2addr4(l, src, LIBNET_RESOLVE)) == -1)
|
|
Packit Service |
b25606 |
{
|
|
Packit Service |
b25606 |
fprintf(stderr, "Bad source IP address: %s\n", src);
|
|
Packit Service |
b25606 |
exit(EXIT_FAILURE);
|
|
Packit Service |
b25606 |
}
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
if (!payload)
|
|
Packit Service |
b25606 |
{
|
|
Packit Service |
b25606 |
payload = cmd;
|
|
Packit Service |
b25606 |
payload_s = length;
|
|
Packit Service |
b25606 |
}
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
ptag = libnet_build_sebek(
|
|
Packit Service |
b25606 |
magic,
|
|
Packit Service |
b25606 |
version,
|
|
Packit Service |
b25606 |
type,
|
|
Packit Service |
b25606 |
counter,
|
|
Packit Service |
b25606 |
sec,
|
|
Packit Service |
b25606 |
usec,
|
|
Packit Service |
b25606 |
pid,
|
|
Packit Service |
b25606 |
uid,
|
|
Packit Service |
b25606 |
fd,
|
|
Packit Service |
b25606 |
cmd,
|
|
Packit Service |
b25606 |
/* LIBNET_ETH_H + LIBNET_IPV4_H + LIBNET_UDP_H + LIBNET_SEBEK_H +*/ length,
|
|
Packit Service |
b25606 |
payload,
|
|
Packit Service |
b25606 |
payload_s,
|
|
Packit Service |
b25606 |
l,
|
|
Packit Service |
b25606 |
0
|
|
Packit Service |
b25606 |
);
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
if (ptag == -1)
|
|
Packit Service |
b25606 |
{
|
|
Packit Service |
b25606 |
fprintf(stderr, "Can't build Sebek header: %s\n", libnet_geterror(l));
|
|
Packit Service |
b25606 |
goto bad;
|
|
Packit Service |
b25606 |
}
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
ptag = libnet_build_udp(
|
|
Packit Service |
b25606 |
port, /* source port */
|
|
Packit Service |
b25606 |
port, /* destination port */
|
|
Packit Service |
b25606 |
LIBNET_UDP_H + LIBNET_SEBEK_H + payload_s, /* packet length */
|
|
Packit Service |
b25606 |
0, /* checksum */
|
|
Packit Service |
b25606 |
NULL, /* payload */
|
|
Packit Service |
b25606 |
0, /* payload size */
|
|
Packit Service |
b25606 |
l, /* libnet handle */
|
|
Packit Service |
b25606 |
0); /* libnet id */
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
if (ptag == -1)
|
|
Packit Service |
b25606 |
{
|
|
Packit Service |
b25606 |
fprintf(stderr, "Can't build UDP header: %s\n", libnet_geterror(l));
|
|
Packit Service |
b25606 |
goto bad;
|
|
Packit Service |
b25606 |
}
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
ptag = libnet_build_ipv4(
|
|
Packit Service |
b25606 |
LIBNET_IPV4_H + LIBNET_UDP_H + LIBNET_SEBEK_H + payload_s,/* length */
|
|
Packit Service |
b25606 |
0, /* TOS */
|
|
Packit Service |
b25606 |
242, /* IP ID */
|
|
Packit Service |
b25606 |
0, /* IP Frag */
|
|
Packit Service |
b25606 |
64, /* TTL */
|
|
Packit Service |
b25606 |
IPPROTO_UDP, /* protocol */
|
|
Packit Service |
b25606 |
0, /* checksum */
|
|
Packit Service |
b25606 |
src_ip, /* source IP */
|
|
Packit Service |
b25606 |
dst_ip, /* destination IP */
|
|
Packit Service |
b25606 |
NULL, /* payload */
|
|
Packit Service |
b25606 |
0, /* payload size */
|
|
Packit Service |
b25606 |
l, /* libnet handle */
|
|
Packit Service |
b25606 |
0); /* libnet id */
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
if (ptag == -1)
|
|
Packit Service |
b25606 |
{
|
|
Packit Service |
b25606 |
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
|
|
Packit Service |
b25606 |
exit(EXIT_FAILURE);
|
|
Packit Service |
b25606 |
}
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
eth_dst = libnet_hex_aton(eth_dst, &c);
|
|
Packit Service |
b25606 |
ptag = libnet_autobuild_ethernet(
|
|
Packit Service |
b25606 |
eth_dst, /* ethernet destination */
|
|
Packit Service |
b25606 |
ETHERTYPE_IP, /* protocol type */
|
|
Packit Service |
b25606 |
l); /* libnet handle */
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
free(eth_dst);
|
|
Packit Service |
b25606 |
if (ptag == -1)
|
|
Packit Service |
b25606 |
{
|
|
Packit Service |
b25606 |
fprintf(stderr, "Can't build ethernet header: %s\n",
|
|
Packit Service |
b25606 |
libnet_geterror(l));
|
|
Packit Service |
b25606 |
goto bad;
|
|
Packit Service |
b25606 |
}
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
/*
|
|
Packit Service |
b25606 |
* write to the wire
|
|
Packit Service |
b25606 |
*/
|
|
Packit Service |
b25606 |
c = libnet_write(l);
|
|
Packit Service |
b25606 |
if (c == -1)
|
|
Packit Service |
b25606 |
{
|
|
Packit Service |
b25606 |
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
|
|
Packit Service |
b25606 |
goto bad;
|
|
Packit Service |
b25606 |
}
|
|
Packit Service |
b25606 |
else
|
|
Packit Service |
b25606 |
{
|
|
Packit Service |
b25606 |
fprintf(stderr, "Wrote %d byte Sebek packet; check the wire.\n", c);
|
|
Packit Service |
b25606 |
}
|
|
Packit Service |
b25606 |
libnet_destroy(l);
|
|
Packit Service |
b25606 |
return (EXIT_SUCCESS);
|
|
Packit Service |
b25606 |
bad:
|
|
Packit Service |
b25606 |
libnet_destroy(l);
|
|
Packit Service |
b25606 |
return (EXIT_FAILURE);
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
return 0;
|
|
Packit Service |
b25606 |
}
|