|
@@ -61,6 +61,7 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
|
|
|
random_ip_address = self.statistics.get_random_ip_address()
|
|
|
self.add_param_value(Param.IP_SOURCE, random_ip_address)
|
|
|
self.add_param_value(Param.MAC_SOURCE, self.statistics.get_mac_address(random_ip_address))
|
|
|
+ self.add_param_value(Param.PORT_SOURCE, randint(self.minDefaultPort, self.maxDefaultPort))
|
|
|
|
|
|
# Victim configuration
|
|
|
self.add_param_value(Param.IP_DESTINATION, most_used_ip_address)
|
|
@@ -68,6 +69,7 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
|
|
|
if isinstance(destination_mac, list) and len(destination_mac) == 0:
|
|
|
destination_mac = self.generate_random_mac_address()
|
|
|
self.add_param_value(Param.MAC_DESTINATION, destination_mac)
|
|
|
+ self.add_param_value(Param.PORT_DESTINATION, self.smb_port)
|
|
|
|
|
|
# Attack configuration
|
|
|
self.add_param_value(Param.PACKETS_PER_SECOND,
|
|
@@ -109,8 +111,10 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
|
|
|
packets = []
|
|
|
mac_source = self.get_param_value(Param.MAC_SOURCE)
|
|
|
ip_source = self.get_param_value(Param.IP_SOURCE)
|
|
|
+ port_source = self.get_param_value(Param.PORT_SOURCE)
|
|
|
mac_destination = self.get_param_value(Param.MAC_DESTINATION)
|
|
|
ip_destination = self.get_param_value(Param.IP_DESTINATION)
|
|
|
+ port_destination = self.get_param_value(Param.PORT_DESTINATION)
|
|
|
|
|
|
# Check ip.src == ip.dst
|
|
|
self.ip_src_dst_equal_check(ip_source, ip_destination)
|
|
@@ -159,8 +163,6 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
|
|
|
inter_arrival_times = self.get_inter_arrival_time(exploit_raw_packets)
|
|
|
exploit_raw_packets = RawPcapReader(self.template_scan_pcap_path)
|
|
|
|
|
|
- port_source = randint(self.minDefaultPort,self.maxDefaultPort) # experiments show this range of ports
|
|
|
-
|
|
|
source_origin_wins, destination_origin_wins = {}, {}
|
|
|
|
|
|
for pkt_num, pkt in enumerate(exploit_raw_packets):
|
|
@@ -183,6 +185,7 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
|
|
|
ip_pkt.setfieldval("ttl", source_ttl_value)
|
|
|
# TCP
|
|
|
tcp_pkt.setfieldval("sport",port_source)
|
|
|
+ tcp_pkt.setfieldval("dport",port_destination)
|
|
|
## Window Size
|
|
|
source_origin_win = tcp_pkt.getfieldval("window")
|
|
|
if source_origin_win not in source_origin_wins:
|
|
@@ -212,6 +215,7 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
|
|
|
ip_pkt.setfieldval("ttl", destination_ttl_value)
|
|
|
# TCP
|
|
|
tcp_pkt.setfieldval("dport", port_source)
|
|
|
+ tcp_pkt.setfieldval("sport",port_destination)
|
|
|
## Window Size
|
|
|
destination_origin_win = tcp_pkt.getfieldval("window")
|
|
|
if destination_origin_win not in destination_origin_wins:
|
|
@@ -273,6 +277,7 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
|
|
|
ip_pkt.setfieldval("ttl", source_ttl_value)
|
|
|
# TCP
|
|
|
tcp_pkt.setfieldval("sport", port_source)
|
|
|
+ tcp_pkt.setfieldval("dport", port_destination)
|
|
|
## Window Size
|
|
|
source_origin_win = tcp_pkt.getfieldval("window")
|
|
|
if source_origin_win not in source_origin_wins:
|
|
@@ -303,6 +308,7 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
|
|
|
ip_pkt.setfieldval("ttl", destination_ttl_value)
|
|
|
# TCP
|
|
|
tcp_pkt.setfieldval("dport", port_source)
|
|
|
+ tcp_pkt.setfieldval("sport", port_destination)
|
|
|
## Window Size
|
|
|
destination_origin_win = tcp_pkt.getfieldval("window")
|
|
|
if destination_origin_win not in destination_origin_wins:
|
|
@@ -344,6 +350,7 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
|
|
|
ip_pkt.setfieldval("ttl", destination_ttl_value)
|
|
|
# TCP
|
|
|
tcp_pkt.setfieldval("sport", port_source)
|
|
|
+ # destination port is fixed 4444
|
|
|
## Window Size
|
|
|
destination_origin_win = tcp_pkt.getfieldval("window")
|
|
|
if destination_origin_win not in destination_origin_wins:
|
|
@@ -374,6 +381,7 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
|
|
|
ip_pkt.setfieldval("ttl", source_ttl_value)
|
|
|
# TCP
|
|
|
tcp_pkt.setfieldval("dport", port_source)
|
|
|
+ # source port is fixed 4444
|
|
|
## Window Size
|
|
|
source_origin_win = tcp_pkt.getfieldval("window")
|
|
|
if source_origin_win not in source_origin_wins:
|
|
@@ -396,7 +404,6 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
|
|
|
|
|
|
packets.append(new_pkt)
|
|
|
|
|
|
-
|
|
|
# Store timestamp of first packet (for attack label)
|
|
|
self.attack_start_utime = packets[0].time
|
|
|
self.attack_end_utime = packets[-1].time
|