module PWN::Plugins::Packet

def self.authors
st.pentest@0dayinc.com>

def self.construct_arp(opts = {})
h_src]
h_dst]
]
[:eth_proto]
06 # ARP
rp_hw].to_i
]
[:arp_proto]
00 # IPv4
n]
s[:arp_hw_len].to_i
_len]
opts[:arp_proto_len].to_i
4
e]
s[:arp_opcode].to_i
[:arp_src_mac]
s[:ip_saddr].to_s.scrub.strip.chomp
[:arp_dst_mac]
s[:ip_daddr].to_s.scrub.strip.chomp
yload]
PPacket.new(config: PacketFu::Utils.whoami?)
h_src unless eth_src.nil?
h_dst unless eth_dst.nil?
h_proto
w
p_proto
rp_hw_len
= arp_proto_len
rp_opcode
= arp_src_mac
 arp_ip_saddr
= arp_dst_mac
 arp_ip_daddr
oad if payload
 => e

def self.construct_eth(opts = {})
h_src]
h_dst]
]
[:eth_proto]
00 # IPv4
yload]
hPacket.new(config: PacketFu::Utils.whoami?)
h_src unless eth_src.nil?
h_dst unless eth_dst.nil?
h_proto
oad if payload
 => e

def self.construct_hsrp(opts = {})
h_src]
h_dst]
]
[:eth_proto]
00 # IPv4
v]
_hl]
p_tos]
p_len]
_id]
ip_frag]
p_ttl]

:ip_proto]
UDP
p_sum]
p_saddr]
p_daddr]
s[:udp_src_port]
s[:udp_dst_port]
udp_len]
udp_sum]

ion]
pts[:hsrp_version]

de]
ts[:hsrp_opcode]
e]
s[:hsrp_state]
otime]
s[:hsrp_hellotime]
time]
opts[:hsrp_holdtime]
10
rity]
opts[:hsrp_priority]
0
p]
s[:hsrp_group]
rved]
opts[:hsrp_reserved]
0
word]
opts[:hsrp_password]
"cicso\x00\x00\x00"
]
[:hsrp_addr]
.0.0'
yload]
RPPacket.new(config: PacketFu::Utils.whoami?)
h_src unless eth_src.nil?
h_dst unless eth_dst.nil?
h_proto
s
n
rag
l
proto
m
saddr
daddr
src_port if udp_src_port
dst_port if udp_dst_port
len
sum
 hsrp_version
hsrp_opcode
srp_state
 = hsrp_hellotime
= hsrp_holdtime
= hsrp_priority
srp_group
= hsrp_reserved
= hsrp_password
rp_addr
oad if payload
 => e

def self.construct_icmp(opts = {})
h_src]
h_dst]
]
[:eth_proto]
00 # IPv4
v]
_hl]
p_tos]
p_len]
_id]
ip_frag]
p_ttl]

:ip_proto]
CMP
p_sum]
p_saddr]
p_daddr]
]
[:icmp_type]
]
[:icmp_code]

:icmp_sum]
f
ayload = opts[:payload] : payload = '*ping*'
MPPacket.new(config: PacketFu::Utils.whoami?)
h_src unless eth_src.nil?
h_dst unless eth_dst.nil?
h_proto
s
n
rag
l
proto
m
saddr
daddr
mp_type
mp_code
p_sum
oad if payload
 => e

def self.construct_icmpv6(opts = {})
h_src]
h_dst]
]
[:eth_proto]
dd # IPv6
pv6_v]
s]
s[:ipv6_class]
l]
s[:ipv6_label]

:ipv6_len]
]
[:ipv6_next]

:ipv6_hop]
:ipv6_saddr]
:ipv6_daddr]
pe]
ts[:icmpv6_type]
de]
ts[:icmpv6_code]
m]
:icmpv6_sum]
000
yload]
v6Packet.new(config: PacketFu::Utils.whoami?)
h_src unless eth_src.nil?
h_dst unless eth_dst.nil?
h_proto
v
_hl
6_tos
6_len
_id
v6_frag
pv6_saddr
pv6_daddr
icmpv6_type
icmpv6_code
cmpv6_sum
oad if payload
 => e

def self.construct_ip(opts = {})
h_src]
h_dst]
]
[:eth_proto]
00 # IPv4
v]
_hl]
p_tos]
p_len]
_id]
ip_frag]
p_ttl]

:ip_proto]
p_sum]
p_saddr]
p_daddr]
yload]
Packet.new(config: PacketFu::Utils.whoami?)
h_src unless eth_src.nil?
h_dst unless eth_dst.nil?
h_proto
s
n
rag
l
proto
m
saddr
daddr
oad if payload
 => e

def self.construct_ipv6(opts = {})
h_src]
h_dst]
]
[:eth_proto]
dd # IPv6
pv6_v]
s]
s[:ipv6_class]
l]
s[:ipv6_label]

:ipv6_len]
]
[:ipv6_next]

:ipv6_hop]
:ipv6_saddr]
:ipv6_daddr]
yload]
v6Packet.new(config: PacketFu::Utils.whoami?)
h_src unless eth_src.nil?
h_dst unless eth_dst.nil?
h_proto
v
_hl
6_tos
6_len
_id
v6_frag
pv6_saddr
pv6_daddr
oad if payload
 => e

def self.construct_tcp(opts = {})
h_src]
h_dst]
]
[:eth_proto]
00 # IPv4
v]
_hl]
p_tos]
p_len]
_id]
ip_frag]
p_ttl]

:ip_proto]
CP
p_sum]
p_saddr]
p_daddr]
s[:tcp_src_port]
s[:tcp_dst_port]
tcp_seq]
a416
tcp_ack]
0000

:tcp_hlen]
ved]
pts[:tcp_reserved]

tcp_ecn]
tcp_flags]
tcp_win]

tcp_sum]

tcp_urg]
cp_opts]
yload]
PPacket.new(config: PacketFu::Utils.whoami?)
h_src unless eth_src.nil?
h_dst unless eth_dst.nil?
h_proto
s
n
rag
l
proto
m
saddr
daddr
src_port if tcp_src_port
dst_port if tcp_dst_port
seq
ack
_hlen
 tcp_reserved
ecn
cketFu::TcpFlags.new
win
sum
urg
ketFu::TcpOptions.new
oad if payload
 => e

def self.construct_udp(opts = {})
h_src]
h_dst]
]
[:eth_proto]
00 # IPv4
v]
_hl]
p_tos]
p_len]
_id]
ip_frag]
p_ttl]

:ip_proto]
UDP
p_sum]
p_saddr]
p_daddr]
s[:udp_src_port]
s[:udp_dst_port]
udp_len]
udp_sum]

yload]
PPacket.new(config: PacketFu::Utils.whoami?)
h_src unless eth_src.nil?
h_dst unless eth_dst.nil?
h_proto
s
n
rag
l
proto
m
saddr
daddr
src_port if udp_src_port
dst_port if udp_dst_port
len
sum
oad if payload
 => e

def self.help
pen_pcap_file(
d - path to packet capture file'
ethods

 \#{p.ip_id_readable} \"
: \#{p.ip_sum_readable} \"
: \#{p.ip_src_readable} \"
C: (\#{p.eth_src_readable}) \"
C PORT: \#{p.tcp_sport} => \"
: \#{p.ip_dst_readable} \"
C: (\#{p.eth_dst_readable}) \"
T PORT: \#{p.tcp_dport} \"
OTO: \#{p.eth_proto_readable} \"
AGS: \#{p.tcp_flags_readable} \"
K: \#{p.tcp_ack_readable} \"
Q: \#{p.tcp_seq_readable} \"
M: \#{p.tcp_sum_readable} \"
TS: \#{p.tcp_opts_readable} \"
#{p.hexify(p.payload)}\"
\n\"
nstruct_arp(
uired - source ip of packet',
uired - destination ip to send packet',
onal - packet payload defaults to empty string',
al - defaults to 0xfeed',
al - interface to send packet (defaults to eth0)',
nstruct_eth(
uired - source ip of packet',
uired - destination ip to send packet',
onal - packet payload defaults to empty string',
al - defaults to 0xfeed',
al - interface to send packet (defaults to eth0)',
nstruct_hsrp(
uired - source ip of packet',
uired - destination ip to send packet',
onal - packet payload defaults to empty string',
al - defaults to 0xfeed',
al - interface to send packet (defaults to eth0)',
nstruct_icmp(
uired - source ip of packet',
uired - destination ip to send packet',
onal - packet payload defaults to \"*ping*\"',
al - defaults to 0xfeed',
al - interface to send packet (defaults to eth0)',
nstruct_icmpv6(
uired - source ip of packet',
uired - destination ip to send packet',
onal - packet payload defaults to empty string',
al - defaults to 0xfeed',
al - interface to send packet (defaults to eth0)',
nstruct_ip(
uired - source ip of packet',
uired - destination ip to send packet',
onal - packet payload defaults to empty string',
al - defaults to 0xfeed',
al - interface to send packet (defaults to eth0)',
nstruct_ipv6(
uired - source ip of packet',
uired - destination ip to send packet',
onal - packet payload defaults to empty string',
al - defaults to 0xfeed',
al - interface to send packet (defaults to eth0)',
nstruct_tcp(
uired - source ip of packet',
uired - destination ip to send packet',
onal - packet payload defaults to empty string',
al - defaults to 0xfeed',
al - interface to send packet (defaults to eth0)',
nstruct_udp(
uired - source ip of packet',
uired - destination ip to send packet',
onal - packet payload defaults to empty string',
al - defaults to 0xfeed',
al - interface to send packet (defaults to eth0)',
 - pkt returned from other #construct_<type> methods',
al - interface to send packet (defaults to eth0)',

def self.open_pcap_file(opts = {})
.to_s.scrub.strip.chomp if File.exist?(opts[:path].to_s.scrub.strip.chomp)
.read_packets(path)
 => e

def self.send(opts = {})
ace].to_s.scrub.strip.chomp
?(PacketFu::TCPPacket)
.ip_address_list.detect(&:ipv4_private?).ip_address
assing a RST packet, prevent kernel from sending its own
t.ip_saddr && pkt.tcp_flags.rst.zero?
revent the kernel space from sending a RST
on't have a socket open on the respective
before we have a chance to do anything.
ds, the kernel will receive a SYN-ACK first,
't send a SYN & send a RST as a result.
lugins::DetectOS.type
= system(
,
l',
,
dr,
tion',
dr,
tion-port',
t.to_s,
gs',
:NULL,
:NULL
m_resp
enting kernel from misbehaving when manipulating packets.'
s',
,
col',
e',
addr,
nation',
addr,
nation-port',
dst.to_s,
lags',
ce)
,
l',
,
dr,
tion',
dr,
tion-port',
t.to_s,
gs',
 'pfctl'
ule = "block out proto tcp from #{pkt.ip_saddr} to #{pkt.ip_daddr} port #{pkt.tcp_dst} flags R"
ilter, "pfctl_add_flag #{ipfilter_rule}")

face)
ilter, "pfctl_del_flag #{ipfilter_rule}")
: #{self} Does not Support #{my_os}"
 => e