|
|
@@ -20,7 +20,7 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
|
|
|
minDefaultPPS = 5
|
|
|
# SMB port
|
|
|
smb_port = 445
|
|
|
- # Metasploit experiments show this range of ports
|
|
|
+ # Empirical values from Metasploit experiments
|
|
|
minDefaultPort = 30000
|
|
|
maxDefaultPort = 50000
|
|
|
last_conn_dst_port = 4444
|
|
|
@@ -113,7 +113,7 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
|
|
|
sys.exit(0)
|
|
|
|
|
|
path_attack_pcap = None
|
|
|
- replyDelay = self.get_reply_delay(ip_destination)
|
|
|
+ minDelay, maxDelay = self.get_reply_delay(ip_destination)
|
|
|
|
|
|
# Scan (MS17) for EternalBlue
|
|
|
# Read Win7_eternalblue_scan_vulnerable pcap file
|
|
|
@@ -161,7 +161,7 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
|
|
|
tcp_pkt.setfieldval("dport", port_source)
|
|
|
|
|
|
new_pkt = (eth_frame / ip_pkt / tcp_pkt)
|
|
|
- timestamp_next_pkt = timestamp_next_pkt + uniform(replyDelay, 2 * replyDelay)
|
|
|
+ timestamp_next_pkt = timestamp_next_pkt + uniform(minDelay, maxDelay)
|
|
|
new_pkt.time = timestamp_next_pkt
|
|
|
|
|
|
packets.append(new_pkt)
|
|
|
@@ -258,7 +258,7 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
|
|
|
# TCP
|
|
|
tcp_pkt.setfieldval("dport", port_source)
|
|
|
new_pkt = (eth_frame / ip_pkt / tcp_pkt)
|
|
|
- timestamp_next_pkt = timestamp_next_pkt + uniform(replyDelay, 2 * replyDelay)
|
|
|
+ timestamp_next_pkt = timestamp_next_pkt + uniform(minDelay, maxDelay)
|
|
|
new_pkt.time = timestamp_next_pkt
|
|
|
# Not perfect timestamp
|
|
|
# rep_time = req_time + replayDelay
|
|
|
@@ -306,7 +306,7 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
|
|
|
# TCP
|
|
|
tcp_pkt.setfieldval("dport", port_source)
|
|
|
new_pkt = (eth_frame / ip_pkt / tcp_pkt)
|
|
|
- timestamp_next_pkt = timestamp_next_pkt + uniform(replyDelay, 2 * replyDelay)
|
|
|
+ timestamp_next_pkt = timestamp_next_pkt + uniform(minDelay, maxDelay)
|
|
|
new_pkt.time = timestamp_next_pkt
|
|
|
# Not perfect timestamp
|
|
|
# rep_time = req_time + replayDelay
|
aidmar.wainakh