From e880f6fedc0a9acc91c4f62b9f1041a39dd64fb1 Mon Sep 17 00:00:00 2001
From: Beau Kujath <beau@breakpointingbad.com>
Date: Tue, 30 May 2023 15:43:43 -0600
Subject: [PATCH] scapy server parses packets sent from netgenie

---
 debugServer/sniffer.py | 120 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 120 insertions(+)
 create mode 100644 debugServer/sniffer.py

diff --git a/debugServer/sniffer.py b/debugServer/sniffer.py
new file mode 100644
index 0000000..c55fb02
--- /dev/null
+++ b/debugServer/sniffer.py
@@ -0,0 +1,120 @@
+#!/usr/bin/env python3
+from scapy.all import *
+import ipaddress
+from threading import Thread, Event
+from time import sleep
+import os
+
+
+recv_count = 0
+
+
+
+
+class Sniffer(Thread):
+    def  __init__(self, iface="ens18"):
+
+        super().__init__()
+
+        self.daemon = True
+        self.vpn_addr = None
+
+        self.current_phase = 1
+        self.spoof_count = 0
+        self.spoof_port = 0
+
+        self.recv_count = 0
+
+        self.socket = None
+        self.iface = iface
+        self.stop_sniffer = Event()
+
+    def run(self):
+        self.socket = conf.L2listen(
+            type=ETH_P_ALL,
+            iface=self.iface,
+            filter="ip"
+        )
+
+        sniff(
+            opened_socket=self.socket,
+            prn=self.handle_packet,
+
+        )
+
+    def join(self, timeout=None):
+        self.stop_sniffer.set()
+        super().join(timeout)
+
+    def get_vpn_addr(self):
+        return self.vpn_addr
+
+    def set_phase(self, phase):
+        self.current_phase = phase
+
+
+
+    def check_for_req(self, packet):
+
+        ip_layer = packet.getlayer(IP)
+
+        # for phase 1 (on ubuntu 19) we wanna look for a reset
+        # with source of private vpn address and dest of gateway
+
+        if self.current_phase == 1:
+
+            if "10." in ip_layer.src:
+
+                if ip_layer.src == self.vpn_addr:
+                    print("multiple matches for: " + str(self.vpn_addr))
+                    # could make the scan stop after this point but
+                    # only takes a second or two to finish up
+
+                print("Victim private ip is: " + str(ip_layer.src))
+                self.vpn_addr = ip_layer.src
+
+
+    def handle_debug_packet(self, payload):
+        some_packet = IP(bytes(payload))
+        print("some genie debug packet..")
+        some_packet.show()
+
+
+
+    def handle_packet(self, packet):
+
+        #ip_layer = packet.getlayer(IP)
+        #print("[!] New Packet: {src} -> {dst}".format(src=ip_layer.src, dst=ip_layer.dst))
+
+        if TCP in packet:
+            tcp_sport = packet[TCP].sport
+            tcp_dport = packet[TCP].dport
+
+            if tcp_dport == 50508:
+                print("sniffed a debug packet..")
+                #packet.show()
+
+                if self.recv_count > 3:
+                    some_payload = packet[TCP].payload
+                    self.handle_debug_packet(some_payload)
+
+                self.recv_count += 1
+
+            if (tcp_sport != 2222 and tcp_dport != 2222) or (tcp_sport != 22 and tcp_dport != 22):
+
+                self.check_for_req(packet)
+
+
+def main():
+
+    sniffer = Sniffer(iface='ens18')
+    print('starting sniffer..')
+    sniffer.start()
+
+    
+    time.sleep(30)
+
+
+if __name__ == '__main__':
+    main()
+