organize code

code/Attack/BaseAttack.py

@@ -479,9 +479,8 @@ class BaseAttack(metaclass=ABCMeta):
 
            """
         result = self.statistics.process_db_query(
-            "SELECT standardDeviationDelay, minDelay, maxDelay FROM conv_statistics WHERE ipAddressB='" + ip_dst + "' LIMIT 1;")
-        if result:
-            standardDeviationDelay = result[0][0]
+            "SELECT AVG(minDelay), AVG(maxDelay) FROM conv_statistics WHERE ipAddressB='" + ip_dst + "';")
+        if result[0][1] and result[0][2]:
             minDelay = result[0][1]
             maxDelay = result[0][2]
         else:
@@ -489,12 +488,9 @@ class BaseAttack(metaclass=ABCMeta):
             minDelay = np.median(allMinDelays)
             allMaxDelays = self.statistics.process_db_query("SELECT maxDelay FROM conv_statistics LIMIT 500;")
             maxDelay = np.median(allMaxDelays)
-            allStandardDeviationDelay = self.statistics.process_db_query("SELECT standardDeviationDelay FROM conv_statistics LIMIT 500;")
-            standardDeviationDelay = np.median(allStandardDeviationDelay)
         minDelay = int(minDelay) * 10 ** -6  # convert from micro to seconds
         maxDelay = int(maxDelay) * 10 ** -6
-        standardDeviationDelay = int(standardDeviationDelay) * 10 ** -6
-        return minDelay, maxDelay, standardDeviationDelay
+        return minDelay, maxDelay
 
     # Group the packets in conversations
     def packetsToConvs(self,exploit_raw_packets):
@@ -570,9 +566,37 @@ class BaseAttack(metaclass=ABCMeta):
             sys.exit(0)
 
 
+    def get_inter_arrival_time_dist(self, packets):
+        timeSteps = []
+        prvsPktTime = 0
+        for index, pkt in enumerate(packets):
+            eth_frame = Ether(pkt[0])
+            if index == 0:
+                prvsPktTime = eth_frame.time
+            else:
+                timeSteps.append(eth_frame.time - prvsPktTime)
+                prvsPktTime = eth_frame.time
+
+        import numpy as np
+        freq,values = np.histogram(timeSteps,bins=20)
+        dict = {}
+        for i,val in enumerate(values):
+            if i < len(freq):
+                dict[str(val)] = freq[i]
+        return dict
+
     def clean_white_spaces(self, str):
         str = str.replace("\\n", "\n")
         str = str.replace("\\r", "\r")
         str = str.replace("\\t", "\t")
         str = str.replace("\\\'", "\'")
-        return str
+        return str
+
+    def modify_payload(self,str_tcp_seg, orig_target_uri, target_uri, orig_ip_dst, target_host):
+        if len(str_tcp_seg) > 0:
+            # convert payload bytes to str => str = "b'..\\r\\n..'"
+            str_tcp_seg = str_tcp_seg[2:-1]
+            str_tcp_seg = str_tcp_seg.replace(orig_target_uri, target_uri)
+            str_tcp_seg = str_tcp_seg.replace(orig_ip_dst, target_host)
+            str_tcp_seg = self.clean_white_spaces(str_tcp_seg)
+        return str_tcp_seg

code/Attack/EternalBlueExploit.py

@@ -125,6 +125,9 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
         # Read Win7_eternalblue_scan_vulnerable pcap file
         orig_ip_dst = None
         exploit_raw_packets = RawPcapReader(self.template_attack_pcap_path)
+        inter_arrival_time_dist = self.get_inter_arrival_time_dist(exploit_raw_packets)
+        timeSteps = Lea.fromValFreqsDict(inter_arrival_time_dist)
+        exploit_raw_packets = RawPcapReader(self.template_attack_pcap_path)
 
         port_source = randint(self.minDefaultPort,self.maxDefaultPort) # experiments show this range of ports
 
@@ -153,7 +156,7 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
                 new_pkt.time = timestamp_next_pkt
 
                 pps = max(getIntervalPPS(complement_interval_pps, timestamp_next_pkt), 10)
-                timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps)
+                timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps) + float(timeSteps.random())
             # Reply
             else:
                 # Ether
@@ -167,7 +170,7 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
                 tcp_pkt.setfieldval("dport", port_source)
 
                 new_pkt = (eth_frame / ip_pkt / tcp_pkt)
-                timestamp_next_pkt = timestamp_next_pkt + uniform(minDelay, maxDelay)
+                timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps) + float(timeSteps.random())
                 new_pkt.time = timestamp_next_pkt
 
             packets.append(new_pkt)

code/Attack/JoomlaRegPrivExploit.py

@@ -183,13 +183,7 @@ class JoomlaRegPrivExploit(BaseAttack.BaseAttack):
                 # TCP
                 tcp_pkt.setfieldval("sport",port_source)
 
-                if len(str_tcp_seg) > 0:
-                    # convert payload bytes to string => str = "b'..\\r\\n..'" additional characters are added in the string,
-                    # mainly backslashes to escape single quotes and whitespaces
-                    str_tcp_seg = str_tcp_seg[2:-1]
-                    str_tcp_seg = str_tcp_seg.replace('/joomla360', target_uri)
-                    str_tcp_seg = str_tcp_seg.replace(orig_ip_dst, target_host)
-                    str_tcp_seg = self.clean_white_spaces(str_tcp_seg)
+                str_tcp_seg = self.modify_payload(str_tcp_seg, '/joomla360', target_uri, orig_ip_dst, target_host)
 
                 # TCP Seq, Ack
                 if tcp_pkt.getfieldval("ack") != 0:
@@ -216,13 +210,7 @@ class JoomlaRegPrivExploit(BaseAttack.BaseAttack):
                 # TCP
                 tcp_pkt.setfieldval("dport", port_source)
 
-                if len(str_tcp_seg) > 0:
-                    # convert payload bytes to string => str = "b'..\\r\\n..'" additional characters are added in the string,
-                    # mainly backslashes to escape single quotes and whitespaces
-                    str_tcp_seg = str_tcp_seg[2:-1]
-                    str_tcp_seg = str_tcp_seg.replace('/joomla360', target_uri)
-                    str_tcp_seg = str_tcp_seg.replace(orig_ip_dst, target_host)
-                    str_tcp_seg = self.clean_white_spaces(str_tcp_seg)
+                str_tcp_seg = self.modify_payload(str_tcp_seg, '/joomla360', target_uri, orig_ip_dst, target_host)
 
                 # TCP Seq, ACK
                 tcp_pkt.setfieldval("ack", attacker_seq)

code/Attack/SQLiAttack.py

@@ -1,19 +1,4 @@
-# Created by Aidmar
-"""
-ATutor 2.2.1 SQL Injection / Remote Code Execution
-
-This module exploits a SQL Injection vulnerability and an authentication weakness vulnerability in ATutor. This essentially
-means an attacker can bypass authentication and reach the administrator's interface where they can upload malicious code.
-
-more info:
-https://www.rapid7.com/db/modules/exploit/multi/http/atutor_sqli
-
-"""
-
 import logging
-import math
-from operator import itemgetter
-import operator
 from random import randint, uniform
 
 from lea import Lea
@@ -110,7 +95,7 @@ class SQLiAttack(BaseAttack.BaseAttack):
         timestamp_next_pkt = self.get_param_value(Param.INJECT_AT_TIMESTAMP)
         pps = self.get_param_value(Param.PACKETS_PER_SECOND)
 
-        # Aidmar - calculate complement packet rates of BG traffic per interval
+        # Calculate complement packet rates of BG traffic per interval
         complement_interval_pps = self.statistics.calculate_complement_packet_rates(pps)
 
         # Initialize parameters
@@ -198,12 +183,7 @@ class SQLiAttack(BaseAttack.BaseAttack):
                     # TCP
                     tcp_pkt.setfieldval("sport",port_source)
 
-                    if len(str_tcp_seg) > 0:
-                        # convert payload bytes to str => str = "b'..\\r\\n..'"
-                        str_tcp_seg = str_tcp_seg[2:-1]
-                        str_tcp_seg = str_tcp_seg.replace('/ATutor', target_uri)
-                        str_tcp_seg = str_tcp_seg.replace(orig_ip_dst, target_host)
-                        str_tcp_seg = self.clean_white_spaces(str_tcp_seg)
+                    str_tcp_seg = self.modify_payload(str_tcp_seg, '/ATutor', target_uri, orig_ip_dst, target_host)
 
                     # TCP Seq, Ack
                     if tcp_pkt.getfieldval("ack") != 0:
@@ -230,12 +210,7 @@ class SQLiAttack(BaseAttack.BaseAttack):
                     # TCP
                     tcp_pkt.setfieldval("dport", port_source)
 
-                    if len(str_tcp_seg) > 0:
-                        # convert payload bytes to str => str = "b'..\\r\\n..'"
-                        str_tcp_seg = str_tcp_seg[2:-1]
-                        str_tcp_seg = str_tcp_seg.replace('/ATutor', target_uri)
-                        str_tcp_seg = str_tcp_seg.replace(orig_ip_dst, target_host)
-                        str_tcp_seg = self.clean_white_spaces(str_tcp_seg)
+                    str_tcp_seg = self.modify_payload(str_tcp_seg, '/ATutor', target_uri, orig_ip_dst, target_host)
 
                     # TCP Seq, ACK
                     tcp_pkt.setfieldval("ack", attacker_seq)
@@ -269,12 +244,7 @@ class SQLiAttack(BaseAttack.BaseAttack):
                     # TCP
                     #tcp_pkt.setfieldval("sport", port_source)
 
-                    if len(str_tcp_seg) > 0:
-                        # convert payload bytes to str => str = "b'..\\r\\n..'"
-                        str_tcp_seg = str_tcp_seg[2:-1]
-                        str_tcp_seg = str_tcp_seg.replace('/ATutor', target_uri)
-                        str_tcp_seg = str_tcp_seg.replace(orig_ip_dst, target_host)
-                        str_tcp_seg = self.clean_white_spaces(str_tcp_seg)
+                    str_tcp_seg = self.modify_payload(str_tcp_seg, '/ATutor', target_uri, orig_ip_dst, target_host)
 
                     # TCP Seq, Ack
                     if tcp_pkt.getfieldval("ack") != 0:
@@ -301,12 +271,7 @@ class SQLiAttack(BaseAttack.BaseAttack):
                     # TCP
                     #tcp_pkt.setfieldval("dport", port_source)
 
-                    if len(str_tcp_seg) > 0:
-                        # convert payload bytes to str => str = "b'..\\r\\n..'"
-                        str_tcp_seg = str_tcp_seg[2:-1]
-                        str_tcp_seg = str_tcp_seg.replace('/ATutor', target_uri)
-                        str_tcp_seg = str_tcp_seg.replace(orig_ip_dst, target_host)
-                        str_tcp_seg = self.clean_white_spaces(str_tcp_seg)
+                    str_tcp_seg = self.modify_payload(str_tcp_seg, '/ATutor', target_uri, orig_ip_dst, target_host)
 
                     # TCP Seq, ACK
                     tcp_pkt.setfieldval("ack", attacker_seq)