|
@@ -137,90 +137,9 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
|
|
|
if not mss_value:
|
|
|
mss_value = 1465
|
|
|
|
|
|
- # Scan (MS17) for EternalBlue
|
|
|
- # Read Win7_eternalblue_scan pcap file
|
|
|
- orig_ip_dst = None
|
|
|
- exploit_raw_packets = RawPcapReader(self.template_scan_pcap_path)
|
|
|
- inter_arrival_times = self.get_inter_arrival_time(exploit_raw_packets)
|
|
|
- exploit_raw_packets.close()
|
|
|
- exploit_raw_packets = RawPcapReader(self.template_scan_pcap_path)
|
|
|
-
|
|
|
- source_origin_wins, destination_origin_wins = {}, {}
|
|
|
-
|
|
|
- for pkt_num, pkt in enumerate(exploit_raw_packets):
|
|
|
- eth_frame = Ether(pkt[0])
|
|
|
- ip_pkt = eth_frame.payload
|
|
|
- tcp_pkt = ip_pkt.payload
|
|
|
-
|
|
|
- if pkt_num == 0:
|
|
|
- if tcp_pkt.getfieldval("dport") == smb_port:
|
|
|
- orig_ip_dst = ip_pkt.getfieldval("dst") # victim IP
|
|
|
-
|
|
|
- # Request
|
|
|
- if ip_pkt.getfieldval("dst") == orig_ip_dst: # victim IP
|
|
|
- # Ether
|
|
|
- eth_frame.setfieldval("src", mac_source)
|
|
|
- eth_frame.setfieldval("dst", mac_destination)
|
|
|
- # IP
|
|
|
- ip_pkt.setfieldval("src", ip_source)
|
|
|
- ip_pkt.setfieldval("dst", ip_destination)
|
|
|
- ip_pkt.setfieldval("ttl", source_ttl_value)
|
|
|
- # TCP
|
|
|
- tcp_pkt.setfieldval("sport",port_source)
|
|
|
- tcp_pkt.setfieldval("dport",port_destination)
|
|
|
- ## Window Size (mapping)
|
|
|
- source_origin_win = tcp_pkt.getfieldval("window")
|
|
|
- if source_origin_win not in source_origin_wins:
|
|
|
- source_origin_wins[source_origin_win] = source_win_prob_dict.random()
|
|
|
- new_win = source_origin_wins[source_origin_win]
|
|
|
- tcp_pkt.setfieldval("window", new_win)
|
|
|
- ## MSS
|
|
|
- tcp_options = tcp_pkt.getfieldval("options")
|
|
|
- if tcp_options:
|
|
|
- if tcp_options[0][0] == "MSS":
|
|
|
- tcp_options [0] = ("MSS",mss_value)
|
|
|
- tcp_pkt.setfieldval("options", tcp_options)
|
|
|
-
|
|
|
- new_pkt = (eth_frame / ip_pkt / tcp_pkt)
|
|
|
- new_pkt.time = timestamp_next_pkt
|
|
|
-
|
|
|
- pps = max(Util.get_interval_pps(complement_interval_pps, timestamp_next_pkt), 10)
|
|
|
- timestamp_next_pkt = Util.update_timestamp(timestamp_next_pkt, pps) + inter_arrival_times[pkt_num]#float(timeSteps.random())
|
|
|
- # Reply
|
|
|
- else:
|
|
|
- # Ether
|
|
|
- eth_frame.setfieldval("src", mac_destination)
|
|
|
- eth_frame.setfieldval("dst", mac_source)
|
|
|
- # IP
|
|
|
- ip_pkt.setfieldval("src", ip_destination)
|
|
|
- ip_pkt.setfieldval("dst", ip_source)
|
|
|
- ip_pkt.setfieldval("ttl", destination_ttl_value)
|
|
|
- # TCP
|
|
|
- tcp_pkt.setfieldval("dport", port_source)
|
|
|
- tcp_pkt.setfieldval("sport",port_destination)
|
|
|
- ## Window Size
|
|
|
- destination_origin_win = tcp_pkt.getfieldval("window")
|
|
|
- if destination_origin_win not in destination_origin_wins:
|
|
|
- destination_origin_wins[destination_origin_win] = destination_win_prob_dict.random()
|
|
|
- new_win = destination_origin_wins[destination_origin_win]
|
|
|
- tcp_pkt.setfieldval("window", new_win)
|
|
|
- ## MSS
|
|
|
- tcp_options = tcp_pkt.getfieldval("options")
|
|
|
- if tcp_options:
|
|
|
- if tcp_options[0][0] == "MSS":
|
|
|
- tcp_options[0] = ("MSS", mss_value)
|
|
|
- tcp_pkt.setfieldval("options", tcp_options)
|
|
|
-
|
|
|
- new_pkt = (eth_frame / ip_pkt / tcp_pkt)
|
|
|
- timestamp_next_pkt = Util.update_timestamp(timestamp_next_pkt, pps) + inter_arrival_times[pkt_num]#+ float(timeSteps.random())
|
|
|
- new_pkt.time = timestamp_next_pkt
|
|
|
-
|
|
|
- packets.append(new_pkt)
|
|
|
-
|
|
|
-
|
|
|
# Inject EternalBlue exploit packets
|
|
|
# Read Win7_eternalblue_exploit pcap file
|
|
|
- exploit_raw_packets.close()
|
|
|
+ source_origin_wins, destination_origin_wins = {}, {}
|
|
|
exploit_raw_packets = RawPcapReader(self.template_attack_pcap_path)
|
|
|
|
|
|
port_source = randint(self.minDefaultPort,self.maxDefaultPort) # experiments show this range of ports
|