Sfoglia il codice sorgente

include port_destination in input parameters

aidmar.wainakh 7 anni fa
parent
commit
55810ad397
2 ha cambiato i file con 20 aggiunte e 10 eliminazioni
  1. 2 0
      code/Attack/EternalBlueExploit.py
  2. 18 10
      code/Attack/JoomlaRegPrivExploit.py

+ 2 - 0
code/Attack/EternalBlueExploit.py

@@ -35,8 +35,10 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
         self.supported_params = {
             Param.MAC_SOURCE: ParameterTypes.TYPE_MAC_ADDRESS,
             Param.IP_SOURCE: ParameterTypes.TYPE_IP_ADDRESS,
+            Param.PORT_SOURCE: ParameterTypes.TYPE_PORT,
             Param.MAC_DESTINATION: ParameterTypes.TYPE_MAC_ADDRESS,
             Param.IP_DESTINATION: ParameterTypes.TYPE_IP_ADDRESS,
+            Param.PORT_DESTINATION: ParameterTypes.TYPE_PORT,
             Param.INJECT_AT_TIMESTAMP: ParameterTypes.TYPE_FLOAT,
             Param.INJECT_AFTER_PACKET: ParameterTypes.TYPE_PACKET_POSITION,
             Param.PACKETS_PER_SECOND: ParameterTypes.TYPE_FLOAT

+ 18 - 10
code/Attack/JoomlaRegPrivExploit.py

@@ -34,8 +34,10 @@ class JoomlaRegPrivExploit(BaseAttack.BaseAttack):
         self.supported_params = {
             Param.MAC_SOURCE: ParameterTypes.TYPE_MAC_ADDRESS,
             Param.IP_SOURCE: ParameterTypes.TYPE_IP_ADDRESS,
+            #Param.PORT_SOURCE: ParameterTypes.TYPE_PORT,
             Param.MAC_DESTINATION: ParameterTypes.TYPE_MAC_ADDRESS,
             Param.IP_DESTINATION: ParameterTypes.TYPE_IP_ADDRESS,
+            Param.PORT_DESTINATION: ParameterTypes.TYPE_PORT,
             Param.TARGET_HOST: ParameterTypes.TYPE_DOMAIN,
             #Param.TARGET_URI: ParameterTypes.TYPE_URI,
             Param.INJECT_AT_TIMESTAMP: ParameterTypes.TYPE_FLOAT,
@@ -53,27 +55,30 @@ class JoomlaRegPrivExploit(BaseAttack.BaseAttack):
         """
         # PARAMETERS: initialize with default utilsvalues
         # (values are overwritten if user specifies them)
+        # Attacker configuration
         most_used_ip_address = self.statistics.get_most_used_ip_address()
         if isinstance(most_used_ip_address, list):
             most_used_ip_address = most_used_ip_address[0]
         self.add_param_value(Param.IP_SOURCE, most_used_ip_address)
         self.add_param_value(Param.MAC_SOURCE, self.statistics.get_mac_address(most_used_ip_address))
-        #self.add_param_value(Param.TARGET_URI, '/')
-        self.add_param_value(Param.TARGET_HOST, "www.hackme.com")
-        self.add_param_value(Param.INJECT_AFTER_PACKET, randint(0, self.statistics.get_packet_count()))
-        self.add_param_value(Param.PACKETS_PER_SECOND,
-                             (self.statistics.get_pps_sent(most_used_ip_address) +
-                              self.statistics.get_pps_received(most_used_ip_address)) / 2)
+        #self.add_param_value(Param.PORT_SOURCE, randint(self.minDefaultPort, self.maxDefaultPort))
 
         # Victim configuration
-        # Consider that the destination has port 80 opened
         random_ip_address = self.statistics.get_random_ip_address()
         self.add_param_value(Param.IP_DESTINATION, random_ip_address)
-
         destination_mac = self.statistics.get_mac_address(random_ip_address)
         if isinstance(destination_mac, list) and len(destination_mac) == 0:
             destination_mac = self.generate_random_mac_address()
         self.add_param_value(Param.MAC_DESTINATION, destination_mac)
+        self.add_param_value(Param.PORT_DESTINATION, self.http_port)
+        # self.add_param_value(Param.TARGET_URI, '/')
+        self.add_param_value(Param.TARGET_HOST, "www.hackme.com")
+
+        # Attack configuration
+        self.add_param_value(Param.INJECT_AFTER_PACKET, randint(0, self.statistics.get_packet_count()))
+        self.add_param_value(Param.PACKETS_PER_SECOND,
+                             (self.statistics.get_pps_sent(most_used_ip_address) +
+                              self.statistics.get_pps_received(most_used_ip_address)) / 2)
 
     def generate_attack_pcap(self):
         def update_timestamp(timestamp, pps):
@@ -110,8 +115,11 @@ class JoomlaRegPrivExploit(BaseAttack.BaseAttack):
         packets = []
         mac_source = self.get_param_value(Param.MAC_SOURCE)
         ip_source = self.get_param_value(Param.IP_SOURCE)
+        port_source = randint(self.minDefaultPort, self.maxDefaultPort) #self.get_param_value(Param.PORT_SOURCE)
         mac_destination = self.get_param_value(Param.MAC_DESTINATION)
         ip_destination = self.get_param_value(Param.IP_DESTINATION)
+        port_destination = self.get_param_value(Param.PORT_DESTINATION)
+
         target_host = self.get_param_value(Param.TARGET_HOST)
         target_uri = "/" #self.get_param_value(Param.TARGET_URI)
 
@@ -143,8 +151,6 @@ class JoomlaRegPrivExploit(BaseAttack.BaseAttack):
         timeSteps = Lea.fromValFreqsDict(inter_arrival_time_dist)
         exploit_raw_packets = RawPcapReader(self.template_attack_pcap_path)
 
-        port_source = randint(self.minDefaultPort,self.maxDefaultPort) # experiments show this range of ports
-
         # Random TCP sequence numbers
         global attacker_seq
         attacker_seq = randint(1000,50000)
@@ -188,6 +194,7 @@ class JoomlaRegPrivExploit(BaseAttack.BaseAttack):
                 ip_pkt.setfieldval("ttl", source_ttl_value)
                 # TCP
                 tcp_pkt.setfieldval("sport",port_source)
+                tcp_pkt.setfieldval("dport", port_destination)
 
                 str_tcp_seg = self.modify_http_header(str_tcp_seg, '/joomla360', target_uri, orig_ip_dst, target_host)
 
@@ -215,6 +222,7 @@ class JoomlaRegPrivExploit(BaseAttack.BaseAttack):
                 ip_pkt.setfieldval("ttl", destination_ttl_value)
                 # TCP
                 tcp_pkt.setfieldval("dport", port_source)
+                tcp_pkt.setfieldval("sport", port_destination)
 
                 str_tcp_seg = self.modify_http_header(str_tcp_seg, '/joomla360', target_uri, orig_ip_dst, target_host)