add new params to SMBScan

target.count and hosting.percentage
remove mac destination
since it is not used correctly
TODO: implement support for
mac lists and mac ranges
change hashes in Test/test_SMBScanAttack.py accordingly

code/Attack/SMBScanAttack.py

@@ -33,9 +33,10 @@ class SMBScanAttack(BaseAttack.BaseAttack):
         self.supported_params.update({
             atkParam.Parameter.IP_SOURCE: atkParam.ParameterTypes.TYPE_IP_ADDRESS,
             atkParam.Parameter.IP_DESTINATION: atkParam.ParameterTypes.TYPE_IP_ADDRESS,
+            atkParam.Parameter.TARGET_COUNT: atkParam.ParameterTypes.TYPE_INTEGER_POSITIVE,
+            atkParam.Parameter.HOSTING_PERCENTAGE: atkParam.ParameterTypes.TYPE_PERCENTAGE,
             atkParam.Parameter.PORT_SOURCE: atkParam.ParameterTypes.TYPE_PORT,
             atkParam.Parameter.MAC_SOURCE: atkParam.ParameterTypes.TYPE_MAC_ADDRESS,
-            atkParam.Parameter.MAC_DESTINATION: atkParam.ParameterTypes.TYPE_MAC_ADDRESS,
             atkParam.Parameter.INJECT_AT_TIMESTAMP: atkParam.ParameterTypes.TYPE_FLOAT,
             atkParam.Parameter.INJECT_AFTER_PACKET: atkParam.ParameterTypes.TYPE_PACKET_POSITION,
             atkParam.Parameter.IP_SOURCE_RANDOMIZE: atkParam.ParameterTypes.TYPE_BOOLEAN,
@@ -62,19 +63,9 @@ class SMBScanAttack(BaseAttack.BaseAttack):
         self.add_param_value(atkParam.Parameter.IP_SOURCE_RANDOMIZE, 'False')
         self.add_param_value(atkParam.Parameter.MAC_SOURCE, self.statistics.get_mac_address(most_used_ip_address))
 
-        all_ips = self.statistics.get_ip_addresses()
-        if not isinstance(all_ips, list):
-            ip_destinations = []
-            ip_destinations.append(all_ips)
-        else:
-            ip_destinations = all_ips
-        self.add_param_value(atkParam.Parameter.IP_DESTINATION, ip_destinations)
-        destination_mac = []
-        for ip in ip_destinations:
-            destination_mac.append(self.statistics.get_mac_address(str(ip)))
-        if isinstance(destination_mac, list) and len(destination_mac) == 0:
-            destination_mac = self.generate_random_mac_address()
-        self.add_param_value(atkParam.Parameter.MAC_DESTINATION, destination_mac)
+        self.add_param_value(atkParam.Parameter.TARGET_COUNT, 200)
+        self.add_param_value(atkParam.Parameter.IP_DESTINATION, "1.1.1.1")
+
         self.add_param_value(atkParam.Parameter.PORT_SOURCE, rnd.randint(1024, 65535))
         self.add_param_value(atkParam.Parameter.PORT_SOURCE_RANDOMIZE, 'True')
         self.add_param_value(atkParam.Parameter.PACKETS_PER_SECOND,
@@ -82,8 +73,8 @@ class SMBScanAttack(BaseAttack.BaseAttack):
                               self.statistics.get_pps_received(most_used_ip_address)) / 2)
         self.add_param_value(atkParam.Parameter.INJECT_AFTER_PACKET, rnd.randint(0, self.statistics.get_packet_count()))
 
-        rnd_ip_count = self.statistics.get_ip_address_count() // 2
-        self.add_param_value(atkParam.Parameter.HOSTING_IP, self.statistics.get_random_ip_address(rnd_ip_count))
+        self.add_param_value(atkParam.Parameter.HOSTING_PERCENTAGE, 0.5)
+        self.add_param_value(atkParam.Parameter.HOSTING_IP, "1.1.1.1")
         self.add_param_value(atkParam.Parameter.HOSTING_VERSION, SMBLib.get_smb_version(platform=self.host_os))
         self.add_param_value(atkParam.Parameter.SOURCE_PLATFORM, Util.get_rnd_os())
         self.add_param_value(atkParam.Parameter.PROTOCOL_VERSION, "1")
@@ -106,8 +97,56 @@ class SMBScanAttack(BaseAttack.BaseAttack):
 
         # Initialize parameters
         ip_source = self.get_param_value(atkParam.Parameter.IP_SOURCE)
+
+        dest_ip_count = self.get_param_value(atkParam.Parameter.TARGET_COUNT)
+        ip_addr_count = self.statistics.get_ip_address_count()
+        if ip_addr_count < dest_ip_count + 1:
+            dest_ip_count = ip_addr_count
+
+        # Check for user defined target IP addresses
+        ip_destinations = self.get_param_value(atkParam.Parameter.IP_DESTINATION)
+        if isinstance(ip_destinations, list):
+            dest_ip_count = dest_ip_count - len(ip_destinations)
+        elif ip_destinations is not "1.1.1.1":
+            dest_ip_count = dest_ip_count - 1
+            ip_destinations = [ip_destinations]
+        else:
+            ip_destinations = []
+
+        # Take random targets from pcap
+        rnd_ips = self.statistics.get_random_ip_address(dest_ip_count)
+        if not isinstance(rnd_ips, list):
+            rnd_ips = [rnd_ips]
+        ip_destinations = ip_destinations + rnd_ips
+
+        # Make sure the source IP is not part of targets
+        if ip_source in ip_destinations and isinstance(ip_destinations, list):
+            ip_destinations.remove(ip_source)
+        self.add_param_value(atkParam.Parameter.IP_DESTINATION, ip_destinations)
+
         ip_destinations = self.get_param_value(atkParam.Parameter.IP_DESTINATION)
+
+        # Calculate the amount of IP addresses which are hosting SMB
+        host_percentage = self.get_param_value(atkParam.Parameter.HOSTING_PERCENTAGE)
+        rnd_ip_count = len(ip_destinations) * host_percentage
+
+        # Check for user defined IP addresses which are hosting SMB
         hosting_ip = self.get_param_value(atkParam.Parameter.HOSTING_IP)
+        if isinstance(hosting_ip, list):
+            rnd_ip_count = rnd_ip_count - len(hosting_ip)
+        elif hosting_ip is not "1.1.1.1":
+            rnd_ip_count = rnd_ip_count - 1
+            hosting_ip = [hosting_ip]
+        else:
+            hosting_ip = []
+
+        hosting_ip = hosting_ip + ip_destinations[:int(rnd_ip_count)]
+        self.add_param_value(atkParam.Parameter.HOSTING_IP, hosting_ip)
+
+        # Shuffle targets
+        rnd.shuffle(ip_destinations)
+
+        # FIXME: Handle mac addresses correctly
         mac_source = self.get_param_value(atkParam.Parameter.MAC_SOURCE)
         mac_dest = self.get_param_value(atkParam.Parameter.MAC_DESTINATION)
 

code/Test/test_SMBScanAttack.py

@@ -2,14 +2,14 @@ import unittest.mock as mock
 
 import Test.ID2TAttackTest as Test
 
-sha_default = 'bf2ef698c61429d4b0c3d9f7af95ec45576ef20b7e21a7904709b95dec1b525c'
-sha_one_victim_linux = 'e992ba20469fa630b09d5e450475bddae3db40bf7ed1aa32b33570999717d50c'
-sha_victim_range_winxp_hosting = '9510e4cd5442cd0912710ada8069beeedfebf375eefd733286aed63323c1cc50'
-sha_multiple_victims_macos = '87d0346bdb6b5a4b28a9247c26445bbf685f8cb6c77f82141739b107244625f9'
-sha_port_shuffle = 'cad9356ca92610371c9976edd08b8d16a5d8b9edf431c9cd9177f2bb757ff4d6'
-sha_dest_mac_only = 'a66832a461d9a2cf745a7232864c472c357e634b49f4f25bc9896a91c7967a17'
-sha_ip_src_shuffle = 'b4b6e9e9007085e2d1f9dd5d1199695dd6533b8b0ee9d77850c512a496e55581'
-sha_smb2 = '7d78e9c78bdc2ebac2055d42c5b2446794959053cc27eb8b177f6711d592ae82'
+sha_default = '02d5ccf5483385256b1bb5d0be6ad180813e10fbd4091f2d74b832e9de1bfe7f'
+sha_one_victim_linux = '59010614361fbc802f0ff6f6b62f3a1b65eec717aaf7280b977d0044d0dd1651'
+sha_victim_range_winxp_hosting = '4f08852e8431ef7fb33dba2cd06df5ac2c306f266701ab26411320cc6c3041af'
+sha_multiple_victims_macos = '75e1865dd911627550ac3866340da43c3357d43da85c03e7b3f0e36731d90370'
+sha_port_shuffle = '2105fb02cc92de835f969a0dc6c521e2f044be1d2c629e8488385eedf15b8838'
+sha_dest_mac_only = '0aba63d0667b49ee27264542a572116f39abdff068841c1a2fa47b7c06688ddf'
+sha_ip_src_shuffle = 'f33dc22cb5bed8b5e9f26d02339c96a35f1cf451df11ab90bc07deefc3d8244b'
+sha_smb2 = '91f2a13a92b694b9a2ada8604c65b7b3f138bdec54da59c691bf7512972ff3b8'
 
 # TODO: improve coverage