Removed MS17Scan from EternalBlueExploit

removed MS17Scan code from EternalBLue
changed test hashes of EternalBlue tests
added order_test to MS17Scan tests

code/Attack/EternalBlueExploit.py

@@ -137,90 +137,9 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
         if not mss_value:
             mss_value = 1465
 
-        # Scan (MS17) for EternalBlue
-        # Read Win7_eternalblue_scan pcap file
-        orig_ip_dst = None
-        exploit_raw_packets = RawPcapReader(self.template_scan_pcap_path)
-        inter_arrival_times = self.get_inter_arrival_time(exploit_raw_packets)
-        exploit_raw_packets.close()
-        exploit_raw_packets = RawPcapReader(self.template_scan_pcap_path)
-
-        source_origin_wins, destination_origin_wins = {}, {}
-
-        for pkt_num, pkt in enumerate(exploit_raw_packets):
-            eth_frame = Ether(pkt[0])
-            ip_pkt = eth_frame.payload
-            tcp_pkt = ip_pkt.payload
-
-            if pkt_num == 0:
-                if tcp_pkt.getfieldval("dport") == smb_port:
-                    orig_ip_dst = ip_pkt.getfieldval("dst") # victim IP
-
-            # Request
-            if ip_pkt.getfieldval("dst") == orig_ip_dst: # victim IP
-                # Ether
-                eth_frame.setfieldval("src", mac_source)
-                eth_frame.setfieldval("dst", mac_destination)
-                # IP
-                ip_pkt.setfieldval("src", ip_source)
-                ip_pkt.setfieldval("dst", ip_destination)
-                ip_pkt.setfieldval("ttl", source_ttl_value)
-                # TCP
-                tcp_pkt.setfieldval("sport",port_source)
-                tcp_pkt.setfieldval("dport",port_destination)
-                ## Window Size (mapping)
-                source_origin_win = tcp_pkt.getfieldval("window")
-                if source_origin_win not in source_origin_wins:
-                    source_origin_wins[source_origin_win] = source_win_prob_dict.random()
-                new_win = source_origin_wins[source_origin_win]
-                tcp_pkt.setfieldval("window", new_win)
-                ## MSS
-                tcp_options = tcp_pkt.getfieldval("options")
-                if tcp_options:
-                    if tcp_options[0][0] == "MSS":
-                        tcp_options [0] = ("MSS",mss_value)
-                        tcp_pkt.setfieldval("options", tcp_options)
-
-                new_pkt = (eth_frame / ip_pkt / tcp_pkt)
-                new_pkt.time = timestamp_next_pkt
-
-                pps = max(Util.get_interval_pps(complement_interval_pps, timestamp_next_pkt), 10)
-                timestamp_next_pkt = Util.update_timestamp(timestamp_next_pkt, pps) + inter_arrival_times[pkt_num]#float(timeSteps.random())
-            # Reply
-            else:
-                # Ether
-                eth_frame.setfieldval("src", mac_destination)
-                eth_frame.setfieldval("dst", mac_source)
-                # IP
-                ip_pkt.setfieldval("src", ip_destination)
-                ip_pkt.setfieldval("dst", ip_source)
-                ip_pkt.setfieldval("ttl", destination_ttl_value)
-                # TCP
-                tcp_pkt.setfieldval("dport", port_source)
-                tcp_pkt.setfieldval("sport",port_destination)
-                ## Window Size
-                destination_origin_win = tcp_pkt.getfieldval("window")
-                if destination_origin_win not in destination_origin_wins:
-                    destination_origin_wins[destination_origin_win] = destination_win_prob_dict.random()
-                new_win = destination_origin_wins[destination_origin_win]
-                tcp_pkt.setfieldval("window", new_win)
-                ## MSS
-                tcp_options = tcp_pkt.getfieldval("options")
-                if tcp_options:
-                    if tcp_options[0][0] == "MSS":
-                        tcp_options[0] = ("MSS", mss_value)
-                        tcp_pkt.setfieldval("options", tcp_options)
-
-                new_pkt = (eth_frame / ip_pkt / tcp_pkt)
-                timestamp_next_pkt = Util.update_timestamp(timestamp_next_pkt, pps) + inter_arrival_times[pkt_num]#+ float(timeSteps.random())
-                new_pkt.time = timestamp_next_pkt
-
-            packets.append(new_pkt)
-
-
         # Inject EternalBlue exploit packets
         # Read Win7_eternalblue_exploit pcap file
-        exploit_raw_packets.close()
+        source_origin_wins, destination_origin_wins = {}, {}
         exploit_raw_packets = RawPcapReader(self.template_attack_pcap_path)
 
         port_source = randint(self.minDefaultPort,self.maxDefaultPort) # experiments show this range of ports

code/Test/test_EternalBlue.py

@@ -1,9 +1,9 @@
 import Test.ID2TAttackTest as Test
 import ID2TLib.TestLibrary as Lib
 
-sha_default = 'c707492a0493efcf46a569c91fe77685286402ddfdff3c79e64157b3324dc9f6'
-sha_ips_not_in_pcap = '55d74bc906edc6b81a04a38539a0521228ee09146ff507cc19f6142a386bc2eb'
-sha_multiple_params = '118745f3588a862b7a3f9e5e66e568742db58277084f4783cfc3b41cff8350d3'
+sha_default = '0ea04ea0ac61092aee244d56b2efd2e48056b9006c530e708f46b3cb2a9c314b'
+sha_ips_not_in_pcap = '03b7d1d2b0c9999aa607ce9ef7186c5f352d2330145a0f9774109d0f21c03aea'
+sha_multiple_params = '1f97161c38c2d586a7aedafe265747401317ecd6f1747af5216bb41af7b3aaf8'
 
 # TODO: improve coverage
 

code/Test/test_MS17ScanAttack.py

@@ -19,3 +19,6 @@ class UnitTestMS17Scan(Test.ID2TAttackTest):
         ip_dst = 'ip.dst='+Lib.test_pcap_ips[1]
         self.checksum_test([['MS17ScanAttack', ip_src, ip_dst, 'mac.src=00:0C:21:1C:60:61',
                              'mac.dst=04:0C:32:2C:63:62', 'port.src=1337', 'port.dst=42']], sha_multiple_params)
+
+    def test_MS17Scan_order(self):
+        self.order_test([['MS17ScanAttack']])