|
Packit |
03b34a |
/*
|
|
Packit |
03b34a |
*
|
|
Packit |
03b34a |
* libnet 1.1
|
|
Packit |
03b34a |
* Build a DNSv4 packet
|
|
Packit |
03b34a |
* To view: /usr/sbin/tcpdump -vvvvven -s 0 port 53
|
|
Packit |
03b34a |
*
|
|
Packit |
03b34a |
* Copyright (c) 2003 Frédéric Raynal <pappy@security-labs.org>
|
|
Packit |
03b34a |
* All rights reserved.
|
|
Packit |
03b34a |
*
|
|
Packit |
03b34a |
* Redistribution and use in source and binary forms, with or without
|
|
Packit |
03b34a |
* modification, are permitted provided that the following conditions
|
|
Packit |
03b34a |
* are met:
|
|
Packit |
03b34a |
* 1. Redistributions of source code must retain the above copyright
|
|
Packit |
03b34a |
* notice, this list of conditions and the following disclaimer.
|
|
Packit |
03b34a |
* 2. Redistributions in binary form must reproduce the above copyright
|
|
Packit |
03b34a |
* notice, this list of conditions and the following disclaimer in the
|
|
Packit |
03b34a |
* documentation and/or other materials provided with the distribution.
|
|
Packit |
03b34a |
*
|
|
Packit |
03b34a |
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
|
Packit |
03b34a |
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
Packit |
03b34a |
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
Packit |
03b34a |
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
Packit |
03b34a |
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
Packit |
03b34a |
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
Packit |
03b34a |
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
Packit |
03b34a |
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
Packit |
03b34a |
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
Packit |
03b34a |
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
Packit |
03b34a |
* SUCH DAMAGE.
|
|
Packit |
03b34a |
*
|
|
Packit |
03b34a |
*/
|
|
Packit |
03b34a |
|
|
Packit |
03b34a |
#if (HAVE_CONFIG_H)
|
|
Packit |
03b34a |
#include "../include/config.h"
|
|
Packit |
03b34a |
#endif
|
|
Packit |
03b34a |
#include "./libnet_test.h"
|
|
Packit |
03b34a |
#ifdef __WIN32__
|
|
Packit |
03b34a |
#include "../include/win32/getopt.h"
|
|
Packit |
03b34a |
#endif
|
|
Packit |
03b34a |
|
|
Packit |
03b34a |
void
|
|
Packit |
03b34a |
usage(char *prog)
|
|
Packit |
03b34a |
{
|
|
Packit |
03b34a |
fprintf(stderr, "Usage: %s -d dst_ip -q query_host [-s src_ip] [-t]\n", prog);
|
|
Packit |
03b34a |
exit(1);
|
|
Packit |
03b34a |
}
|
|
Packit |
03b34a |
|
|
Packit |
03b34a |
|
|
Packit |
03b34a |
int
|
|
Packit |
03b34a |
main(int argc, char *argv[])
|
|
Packit |
03b34a |
{
|
|
Packit |
03b34a |
char c;
|
|
Packit |
03b34a |
u_long src_ip = 0, dst_ip = 0;
|
|
Packit |
03b34a |
u_short type = LIBNET_UDP_DNSV4_H;
|
|
Packit |
03b34a |
libnet_t *l;
|
|
Packit |
03b34a |
|
|
Packit |
03b34a |
libnet_ptag_t ip;
|
|
Packit |
03b34a |
libnet_ptag_t ptag4; /* TCP or UDP ptag */
|
|
Packit |
03b34a |
libnet_ptag_t dns;
|
|
Packit |
03b34a |
|
|
Packit |
03b34a |
char errbuf[LIBNET_ERRBUF_SIZE];
|
|
Packit |
03b34a |
char *query = NULL;
|
|
Packit |
03b34a |
char payload[1024];
|
|
Packit |
03b34a |
u_short payload_s;
|
|
Packit |
03b34a |
|
|
Packit |
03b34a |
printf("libnet 1.1 packet shaping: DNSv4[raw]\n");
|
|
Packit |
03b34a |
|
|
Packit |
03b34a |
/*
|
|
Packit |
03b34a |
* Initialize the library. Root priviledges are required.
|
|
Packit |
03b34a |
*/
|
|
Packit |
03b34a |
l = libnet_init(
|
|
Packit |
03b34a |
LIBNET_RAW4, /* injection type */
|
|
Packit |
03b34a |
NULL, /* network interface */
|
|
Packit |
03b34a |
errbuf); /* error buffer */
|
|
Packit |
03b34a |
|
|
Packit |
03b34a |
if (!l)
|
|
Packit |
03b34a |
{
|
|
Packit |
03b34a |
fprintf(stderr, "libnet_init: %s", errbuf);
|
|
Packit |
03b34a |
exit(EXIT_FAILURE);
|
|
Packit |
03b34a |
}
|
|
Packit |
03b34a |
|
|
Packit |
03b34a |
/*
|
|
Packit |
03b34a |
* parse options
|
|
Packit |
03b34a |
*/
|
|
Packit |
03b34a |
while ((c = getopt(argc, argv, "d:s:q:t")) != EOF)
|
|
Packit |
03b34a |
{
|
|
Packit |
03b34a |
switch (c)
|
|
Packit |
03b34a |
{
|
|
Packit |
03b34a |
|
|
Packit |
03b34a |
case 'd':
|
|
Packit |
03b34a |
if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
|
|
Packit |
03b34a |
{
|
|
Packit |
03b34a |
fprintf(stderr, "Bad destination IP address: %s\n", optarg);
|
|
Packit |
03b34a |
exit(EXIT_FAILURE);
|
|
Packit |
03b34a |
}
|
|
Packit |
03b34a |
break;
|
|
Packit |
03b34a |
case 's':
|
|
Packit |
03b34a |
if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
|
|
Packit |
03b34a |
{
|
|
Packit |
03b34a |
fprintf(stderr, "Bad source IP address: %s\n", optarg);
|
|
Packit |
03b34a |
exit(EXIT_FAILURE);
|
|
Packit |
03b34a |
}
|
|
Packit |
03b34a |
break;
|
|
Packit |
03b34a |
case 'q':
|
|
Packit |
03b34a |
query = optarg;
|
|
Packit |
03b34a |
break;
|
|
Packit |
03b34a |
case 't':
|
|
Packit |
03b34a |
type = LIBNET_TCP_DNSV4_H;
|
|
Packit |
03b34a |
break;
|
|
Packit |
03b34a |
default:
|
|
Packit |
03b34a |
exit(EXIT_FAILURE);
|
|
Packit |
03b34a |
}
|
|
Packit |
03b34a |
}
|
|
Packit |
03b34a |
|
|
Packit |
03b34a |
if (!src_ip)
|
|
Packit |
03b34a |
{
|
|
Packit |
03b34a |
src_ip = libnet_get_ipaddr4(l);
|
|
Packit |
03b34a |
}
|
|
Packit |
03b34a |
|
|
Packit |
03b34a |
if (!dst_ip || !query)
|
|
Packit |
03b34a |
{
|
|
Packit |
03b34a |
usage(argv[0]);
|
|
Packit |
03b34a |
exit(EXIT_FAILURE);
|
|
Packit |
03b34a |
}
|
|
Packit |
03b34a |
|
|
Packit |
03b34a |
/*
|
|
Packit |
03b34a |
* build dns payload
|
|
Packit |
03b34a |
*/
|
|
Packit |
03b34a |
payload_s = snprintf(payload, sizeof payload, "%c%s%c%c%c%c%c",
|
|
Packit |
03b34a |
(char)(strlen(query)&0xff), query, 0x00, 0x00, 0x01, 0x00, 0x01);
|
|
Packit |
03b34a |
|
|
Packit |
03b34a |
/*
|
|
Packit |
03b34a |
* build packet
|
|
Packit |
03b34a |
*/
|
|
Packit |
03b34a |
dns = libnet_build_dnsv4(
|
|
Packit |
03b34a |
type, /* TCP or UDP */
|
|
Packit |
03b34a |
0x7777, /* id */
|
|
Packit |
03b34a |
0x0100, /* request */
|
|
Packit |
03b34a |
1, /* num_q */
|
|
Packit |
03b34a |
0, /* num_anws_rr */
|
|
Packit |
03b34a |
0, /* num_auth_rr */
|
|
Packit |
03b34a |
0, /* num_addi_rr */
|
|
Packit |
03b34a |
payload,
|
|
Packit |
03b34a |
payload_s,
|
|
Packit |
03b34a |
l,
|
|
Packit |
03b34a |
0
|
|
Packit |
03b34a |
);
|
|
Packit |
03b34a |
|
|
Packit |
03b34a |
if (dns == -1)
|
|
Packit |
03b34a |
{
|
|
Packit |
03b34a |
fprintf(stderr, "Can't build DNS packet: %s\n", libnet_geterror(l));
|
|
Packit |
03b34a |
goto bad;
|
|
Packit |
03b34a |
}
|
|
Packit |
03b34a |
|
|
Packit |
03b34a |
if (type == LIBNET_TCP_DNSV4_H) /* TCP DNS */
|
|
Packit |
03b34a |
{
|
|
Packit |
03b34a |
ptag4 = libnet_build_tcp(
|
|
Packit |
03b34a |
0x6666, /* source port */
|
|
Packit |
03b34a |
53, /* destination port */
|
|
Packit |
03b34a |
0x01010101, /* sequence number */
|
|
Packit |
03b34a |
0x02020202, /* acknowledgement num */
|
|
Packit |
03b34a |
TH_PUSH|TH_ACK, /* control flags */
|
|
Packit |
03b34a |
32767, /* window size */
|
|
Packit |
03b34a |
0, /* checksum */
|
|
Packit |
03b34a |
0, /* urgent pointer */
|
|
Packit |
03b34a |
LIBNET_TCP_H + LIBNET_TCP_DNSV4_H + payload_s, /* TCP packet size */
|
|
Packit |
03b34a |
NULL, /* payload */
|
|
Packit |
03b34a |
0, /* payload size */
|
|
Packit |
03b34a |
l, /* libnet handle */
|
|
Packit |
03b34a |
0); /* libnet id */
|
|
Packit |
03b34a |
|
|
Packit |
03b34a |
if (ptag4 == -1)
|
|
Packit |
03b34a |
{
|
|
Packit |
03b34a |
fprintf(stderr, "Can't build UDP header: %s\n", libnet_geterror(l));
|
|
Packit |
03b34a |
goto bad;
|
|
Packit |
03b34a |
}
|
|
Packit |
03b34a |
|
|
Packit |
03b34a |
|
|
Packit |
03b34a |
ip = libnet_build_ipv4(
|
|
Packit |
03b34a |
LIBNET_IPV4_H + LIBNET_TCP_H + type + payload_s,/* length */
|
|
Packit |
03b34a |
0, /* TOS */
|
|
Packit |
03b34a |
242, /* IP ID */
|
|
Packit |
03b34a |
0, /* IP Frag */
|
|
Packit |
03b34a |
64, /* TTL */
|
|
Packit |
03b34a |
IPPROTO_TCP, /* protocol */
|
|
Packit |
03b34a |
0, /* checksum */
|
|
Packit |
03b34a |
src_ip, /* source IP */
|
|
Packit |
03b34a |
dst_ip, /* destination IP */
|
|
Packit |
03b34a |
NULL, /* payload */
|
|
Packit |
03b34a |
0, /* payload size */
|
|
Packit |
03b34a |
l, /* libnet handle */
|
|
Packit |
03b34a |
0); /* libnet id */
|
|
Packit |
03b34a |
|
|
Packit |
03b34a |
if (ip == -1)
|
|
Packit |
03b34a |
{
|
|
Packit |
03b34a |
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
|
|
Packit |
03b34a |
exit(EXIT_FAILURE);
|
|
Packit |
03b34a |
}
|
|
Packit |
03b34a |
|
|
Packit |
03b34a |
}
|
|
Packit |
03b34a |
else /* UDP DNS */
|
|
Packit |
03b34a |
{
|
|
Packit |
03b34a |
ptag4 = libnet_build_udp(
|
|
Packit |
03b34a |
0x6666, /* source port */
|
|
Packit |
03b34a |
53, /* destination port */
|
|
Packit |
03b34a |
LIBNET_UDP_H + LIBNET_UDP_DNSV4_H + payload_s, /* packet length */
|
|
Packit |
03b34a |
0, /* checksum */
|
|
Packit |
03b34a |
NULL, /* payload */
|
|
Packit |
03b34a |
0, /* payload size */
|
|
Packit |
03b34a |
l, /* libnet handle */
|
|
Packit |
03b34a |
0); /* libnet id */
|
|
Packit |
03b34a |
|
|
Packit |
03b34a |
if (ptag4 == -1)
|
|
Packit |
03b34a |
{
|
|
Packit |
03b34a |
fprintf(stderr, "Can't build UDP header: %s\n", libnet_geterror(l));
|
|
Packit |
03b34a |
goto bad;
|
|
Packit |
03b34a |
}
|
|
Packit |
03b34a |
|
|
Packit |
03b34a |
|
|
Packit |
03b34a |
ip = libnet_build_ipv4(
|
|
Packit |
03b34a |
LIBNET_IPV4_H + LIBNET_UDP_H + type + payload_s,/* length */
|
|
Packit |
03b34a |
0, /* TOS */
|
|
Packit |
03b34a |
242, /* IP ID */
|
|
Packit |
03b34a |
0, /* IP Frag */
|
|
Packit |
03b34a |
64, /* TTL */
|
|
Packit |
03b34a |
IPPROTO_UDP, /* protocol */
|
|
Packit |
03b34a |
0, /* checksum */
|
|
Packit |
03b34a |
src_ip, /* source IP */
|
|
Packit |
03b34a |
dst_ip, /* destination IP */
|
|
Packit |
03b34a |
NULL, /* payload */
|
|
Packit |
03b34a |
0, /* payload size */
|
|
Packit |
03b34a |
l, /* libnet handle */
|
|
Packit |
03b34a |
0); /* libnet id */
|
|
Packit |
03b34a |
|
|
Packit |
03b34a |
if (ip == -1)
|
|
Packit |
03b34a |
{
|
|
Packit |
03b34a |
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
|
|
Packit |
03b34a |
exit(EXIT_FAILURE);
|
|
Packit |
03b34a |
}
|
|
Packit |
03b34a |
}
|
|
Packit |
03b34a |
|
|
Packit |
03b34a |
/*
|
|
Packit |
03b34a |
* write to the wire
|
|
Packit |
03b34a |
*/
|
|
Packit |
03b34a |
c = libnet_write(l);
|
|
Packit |
03b34a |
if (c == -1)
|
|
Packit |
03b34a |
{
|
|
Packit |
03b34a |
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
|
|
Packit |
03b34a |
goto bad;
|
|
Packit |
03b34a |
}
|
|
Packit |
03b34a |
else
|
|
Packit |
03b34a |
{
|
|
Packit |
03b34a |
fprintf(stderr, "Wrote %d byte DNS packet; check the wire.\n", c);
|
|
Packit |
03b34a |
}
|
|
Packit |
03b34a |
libnet_destroy(l);
|
|
Packit |
03b34a |
return (EXIT_SUCCESS);
|
|
Packit |
03b34a |
bad:
|
|
Packit |
03b34a |
libnet_destroy(l);
|
|
Packit |
03b34a |
return (EXIT_FAILURE);
|
|
Packit |
03b34a |
}
|