changed the lib, started with fake fs driver and started to log attacks

- changed the lib, so that the name requests will always be directed to
  port 137
- the netbios is now bound to the local ip in the lan
- started to work on the fs driver
- started to log the attacks from the CIFS class

assets/payload/redirect-ports.sh

@@ -4,14 +4,13 @@
 # MySQL SIP (3306 and 5060) are left out because they are >= 1024 anyways
 
 #             ECHO  FTP   HTTP  HTTPS SMB (NETBIOS UDP & TCP) SSH   TELNET
-protocol=(    "tcp" "tcp" "tcp" "tcp" "udp" "udp" "tcp" "tcp" "tcp" "tcp" "tcp")
-origin=(       7     21    80    443   137   138   137   139   22    23    445)
-destination=( 28144 28169 28217 28580 28274 28275 28274 28276 28159 28160 28582) # simply offset by 1024 + 27113
+protocol=(    "tcp" "tcp" "tcp" "tcp" "udp" "udp"  "tcp" "tcp" "tcp" "tcp")
+origin=(       7     21    80    443   137   138    139   22    23    445)
+destination=( 28144 28169 28217 28580 28274 28275 28276 28159 28160 28582) # simply offset by 1024 + 27113
 length=${#protocol[@]} # count protocol elements
 
 # for (( i=0; i<$length; i++ ))
-#for i in `seq 0 9` # fix for android's annoyingly limited bash
-for i in 0 1 2 3 4 5 6 7 8 9 10 # another fix for devices missing the seq command
+for i in `seq 0 9` # fix for android's annoyingly limited bash
 do
 	# echo ${protocol[$i]} ${origin[$i]} ${destination[$i]} # debug
 

res/raw/jlan_config.xml

@@ -13,7 +13,7 @@
             <comment>Alfresco JLAN Server</comment>
             <disableNIO/>
             <!-- To run the server using a non-root account on linux, Mac OS X, Solaris -->
-            <netBIOSSMB sessionPort="28276" namingPort="28274" datagramPort="28275"/>
+            <netBIOSSMB sessionPort="28276" namingPort="28274" datagramPort="28275" bindto="192.168.3.106"/>
             <tcpipSMB port="28582" ipv6="disabled"/>
             <hostAnnounce interval="5"/>
         </host>

src/de/tudarmstadt/informatik/hostage/Handler.java

@@ -103,6 +103,31 @@ public class Handler implements Runnable {
 		thread.start();		
 	}
 
+    public Handler(Hostage service, Listener listener, Protocol protocol){
+        this.service = service;
+        this.listener = listener;
+        this.protocol = protocol;
+        if (protocol.toString().equals("GHOST")) {
+            ((GHOST) protocol).setAttackerIP(client.getInetAddress());
+            ((GHOST) protocol).setCurrentPort(listener.getPort());
+        }
+
+        this.thread = new Thread(this);
+        pref = PreferenceManager.getDefaultSharedPreferences(service);
+        TIMEOUT = pref.getInt("timeout", 30) * 1000;
+        getAndIncrementAttackID(pref);
+        SharedPreferences connInfo = service.getSharedPreferences(service.getString(R.string.connection_info), Context.MODE_PRIVATE);
+        BSSID = connInfo.getString(service.getString(R.string.connection_info_bssid), null);
+        SSID = connInfo.getString(service.getString(R.string.connection_info_ssid), null);
+        externalIP = connInfo.getString(service.getString(R.string.connection_info_external_ip), null);
+
+        // we need this info to find out whether the attack was internal
+        subnetMask = connInfo.getInt(service.getString(R.string.connection_info_subnet_mask), 0);
+        internalIPAddress = connInfo.getInt(service.getString(R.string.connection_info_internal_ip), 0);
+
+        logged = false;
+    }
+
 	/**
 	 * Determines if the interrupt flag of the thread is set.
 	 * 

src/de/tudarmstadt/informatik/hostage/Listener.java

@@ -47,7 +47,7 @@ public class Listener implements Runnable {
 	private ServerSocket server;
 	private Thread thread;
 	private int port;
-	private Hostage service;
+    private Hostage service;
 
 	private ConnectionRegister conReg;
 	private boolean running = false;
@@ -103,6 +103,13 @@ public class Listener implements Runnable {
 		return protocol.toString();
 	}
 
+    public Protocol getProtocol() {
+        return protocol;
+    }
+    public Hostage getService() {
+        return service;
+    }
+
 	/**
 	 * Determines if the service is running.
 	 * 

src/de/tudarmstadt/informatik/hostage/protocol/CIFS.java

@@ -5,15 +5,12 @@ import android.content.Context;
 import android.net.DhcpInfo;
 import android.net.wifi.WifiManager;
 
-import org.alfresco.jlan.app.CifsOnlyXMLServerConfiguration;
-import org.alfresco.jlan.netbios.server.AddNameListener;
-import org.alfresco.jlan.netbios.server.NetBIOSNameEvent;
+import org.alfresco.jlan.app.XMLServerConfiguration;
 import org.alfresco.jlan.netbios.server.NetBIOSNameServer;
 import org.alfresco.jlan.server.SessionListener;
 import org.alfresco.jlan.server.SrvSession;
 import org.alfresco.jlan.server.config.InvalidConfigurationException;
 import org.alfresco.jlan.server.filesys.FileListener;
-import org.alfresco.jlan.server.filesys.FilesystemsConfigSection;
 import org.alfresco.jlan.server.filesys.NetworkFile;
 import org.alfresco.jlan.smb.server.CIFSConfigSection;
 import org.alfresco.jlan.smb.server.SMBServer;
@@ -23,20 +20,23 @@ import java.io.InputStreamReader;
 import java.net.InetAddress;
 import java.util.List;
 
+import de.tudarmstadt.informatik.hostage.Handler;
 import de.tudarmstadt.informatik.hostage.Listener;
 import de.tudarmstadt.informatik.hostage.R;
+import de.tudarmstadt.informatik.hostage.logging.MessageRecord;
 import de.tudarmstadt.informatik.hostage.ui.activity.MainActivity;
 import de.tudarmstadt.informatik.hostage.wrapper.Packet;
 
 public class CIFS implements Protocol, SessionListener, FileListener{
-    private Listener mHandler;
+    private Listener mListener;
+    private Handler mHandler;
     private SMBServer mSmbServer;
     private NetBIOSNameServer mNbNameServer;
 
-    public void initialize(Listener mHandler) {
-        this.mHandler = mHandler;
-
-        CifsOnlyXMLServerConfiguration smbConfig = new CifsOnlyXMLServerConfiguration();
+    public void initialize(Listener mListener) {
+        this.mListener = mListener;
+        this.mHandler = new Handler(mListener.getService(),mListener, mListener.getProtocol());
+        XMLServerConfiguration smbConfig = new XMLServerConfiguration();
 
         try {
             smbConfig.loadConfiguration(new InputStreamReader(MainActivity.context.getResources().openRawResource(R.raw.jlan_config)));
@@ -49,8 +49,9 @@ public class CIFS implements Protocol, SessionListener, FileListener{
             cifsConfig.setNetBIOSSMB(true);
             cifsConfig.setDisableNIOCode(true);
 
-            this.mSmbServer = new SMBServer(smbConfig);
             this.mNbNameServer = new NetBIOSNameServer(smbConfig);
+
+            this.mSmbServer = new SMBServer(smbConfig);
             this.mSmbServer.addSessionListener(this);
             this.mSmbServer.addFileListener(this);
 
@@ -85,7 +86,7 @@ public class CIFS implements Protocol, SessionListener, FileListener{
 
     @Override
     public TALK_FIRST whoTalksFirst() {
-        return null;
+        return TALK_FIRST.CLIENT;
     }
 
     public String toString(){
@@ -99,11 +100,14 @@ public class CIFS implements Protocol, SessionListener, FileListener{
 
     @Override
     public void sessionCreated(SrvSession srvSession) {
+        mHandler.log(MessageRecord.TYPE.RECEIVE,"SESSION CREATED");
         System.out.println("---------------------- [CIFS] Session created!");
     }
 
     @Override
     public void sessionLoggedOn(SrvSession srvSession) {
+
+        mHandler.log(MessageRecord.TYPE.RECEIVE,"SESSION LOGGED ON");
         System.out.println("---------------------- [CIFS] Session LoggedOn!");
     }
 
@@ -114,6 +118,7 @@ public class CIFS implements Protocol, SessionListener, FileListener{
 
     @Override
     public void fileOpened(SrvSession srvSession, NetworkFile networkFile) {
+        mHandler.log(MessageRecord.TYPE.RECEIVE,"FILE OPENED");
         System.out.println("---------------------- [CIFS] File closed!");
     }
 
@@ -121,7 +126,7 @@ public class CIFS implements Protocol, SessionListener, FileListener{
         WifiManager wifi = (WifiManager) MainActivity.context.getSystemService(Context.WIFI_SERVICE);
         DhcpInfo dhcp = wifi.getDhcpInfo();
         // handle null somehow
-
+        System.out.println("DEBUG:::::IP::::"+dhcp.ipAddress);
         int broadcast = (dhcp.ipAddress & dhcp.netmask) | ~dhcp.netmask;
         byte[] quads = new byte[4];
         for (int k = 0; k < 4; k++)

src/de/tudarmstadt/informatik/hostage/protocol/cifs/PseudoCIFSDiskDriver.java

@@ -9,17 +9,23 @@ import org.alfresco.jlan.server.filesys.DiskInterface;
 import org.alfresco.jlan.server.filesys.FileAttribute;
 import org.alfresco.jlan.server.filesys.FileExistsException;
 import org.alfresco.jlan.server.filesys.FileInfo;
+import org.alfresco.jlan.server.filesys.FileName;
 import org.alfresco.jlan.server.filesys.FileOpenParams;
+import org.alfresco.jlan.server.filesys.FileStatus;
 import org.alfresco.jlan.server.filesys.FileSystem;
 import org.alfresco.jlan.server.filesys.NetworkFile;
 import org.alfresco.jlan.server.filesys.SearchContext;
 import org.alfresco.jlan.server.filesys.TreeConnection;
 import org.springframework.extensions.config.ConfigElement;
 
+import java.io.File;
 import java.io.FileNotFoundException;
 import java.io.IOException;
 
 public class PseudoCIFSDiskDriver implements DiskInterface {
+
+    private TreeConnection SMBTree;
+
     private static class PseudoNetworkFile extends NetworkFile {
         public PseudoNetworkFile(String name){
             super(name);
@@ -89,7 +95,19 @@ public class PseudoCIFSDiskDriver implements DiskInterface {
 
     @Override
     public int fileExists(SrvSession srvSession, TreeConnection treeConnection, String s) {
-        return 0;
+        DeviceContext ctx = treeConnection.getContext();
+        String filename = FileName.buildPath(ctx.getDeviceName(), s, null, File.separatorChar);
+
+        File chkFile = new File(filename);
+        if(chkFile.exists()){
+            if(chkFile.isFile()){
+                return FileStatus.FileExists;
+            }
+            else {
+                return FileStatus.DirectoryExists;
+            }
+        }
+        return FileStatus.NotExist;
     }
 
     @Override