Annotation of embedaddon/libnet/sample/tftp.c, revision 1.1
1.1 ! misho 1: /*
! 2: *
! 3: * libnet 1.1
! 4: * Build a TFTP scanner using payload
! 5: *
! 6: * Copyright (c) 2003 Frédéric Raynal <pappy@security-labs.org>
! 7: * All rights reserved.
! 8: *
! 9: * Ex:
! 10: * ./tftp -s 192.168.0.1 -d 192.168.0.66 -p plop
! 11: *
! 12: *
! 13: * Redistribution and use in source and binary forms, with or without
! 14: * modification, are permitted provided that the following conditions
! 15: * are met:
! 16: * 1. Redistributions of source code must retain the above copyright
! 17: * notice, this list of conditions and the following disclaimer.
! 18: * 2. Redistributions in binary form must reproduce the above copyright
! 19: * notice, this list of conditions and the following disclaimer in the
! 20: * documentation and/or other materials provided with the distribution.
! 21: *
! 22: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
! 23: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
! 24: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
! 25: * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
! 26: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
! 27: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
! 28: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
! 29: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
! 30: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
! 31: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
! 32: * SUCH DAMAGE.
! 33: *
! 34: */
! 35: #if (HAVE_CONFIG_H)
! 36: #include "../include/config.h"
! 37: #endif
! 38: #include "./libnet_test.h"
! 39:
! 40:
! 41: int
! 42: main(int argc, char *argv[])
! 43: {
! 44: int c;
! 45: libnet_t *l;
! 46: u_long src_ip, dst_ip;
! 47: char errbuf[LIBNET_ERRBUF_SIZE];
! 48: libnet_ptag_t udp = 0, ip = 0;
! 49: char *filename = "/etc/passwd";
! 50: char mode[] = "netascii";
! 51: u_char *payload = NULL;
! 52: u_int payload_s = 0;
! 53:
! 54:
! 55: printf("libnet 1.1 packet shaping: UDP + payload[raw] == TFTP\n");
! 56:
! 57: /*
! 58: * Initialize the library. Root priviledges are required.
! 59: */
! 60: l = libnet_init(
! 61: LIBNET_RAW4, /* injection type */
! 62: NULL, /* network interface */
! 63: errbuf); /* error buffer */
! 64:
! 65: if (l == NULL)
! 66: {
! 67: fprintf(stderr, "libnet_init() failed: %s", errbuf);
! 68: exit(EXIT_FAILURE);
! 69: }
! 70:
! 71: src_ip = 0;
! 72: dst_ip = 0;
! 73: while ((c = getopt(argc, argv, "d:s:p:")) != EOF)
! 74: {
! 75: switch (c)
! 76: {
! 77: /*
! 78: * We expect the input to be of the form `ip.ip.ip.ip.port`. We
! 79: * point cp to the last dot of the IP address/port string and
! 80: * then seperate them with a NULL byte. The optarg now points to
! 81: * just the IP address, and cp points to the port.
! 82: */
! 83: case 'd':
! 84: if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
! 85: {
! 86: fprintf(stderr, "Bad destination IP address: %s\n", optarg);
! 87: goto bad;
! 88: }
! 89: break;
! 90:
! 91: case 's':
! 92: if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
! 93: {
! 94: fprintf(stderr, "Bad source IP address: %s\n", optarg);
! 95: goto bad;
! 96: }
! 97: break;
! 98:
! 99: case 'p':
! 100: filename = optarg;
! 101: break;
! 102:
! 103: default:
! 104: fprintf(stderr, "unkown option [%s]: bye bye\n", optarg);
! 105: goto bad;
! 106:
! 107: }
! 108: }
! 109:
! 110: if (!src_ip || !dst_ip)
! 111: {
! 112: usage(argv[0]);
! 113: exit(EXIT_FAILURE);
! 114: }
! 115:
! 116: /*
! 117: * build payload
! 118: *
! 119: * 2 bytes string 1 byte string 1 byte
! 120: * ------------------------------------------------
! 121: * | Opcode | Filename | 0 | Mode | 0 |
! 122: * ------------------------------------------------
! 123: *
! 124: */
! 125: payload_s = 2 + strlen(filename) + 1 + strlen(mode) + 1;
! 126: payload = malloc(sizeof(char)*payload_s);
! 127: if (!payload)
! 128: {
! 129: fprintf(stderr, "malloc error for payload\n");
! 130: goto bad;
! 131: }
! 132: memset(payload, 0, payload_s);
! 133: payload[1] = 1; /* opcode - GET */
! 134: memcpy(payload + 2, filename, strlen(filename));
! 135: memcpy(payload + 2 + strlen(filename) + 1 , mode, strlen(mode));
! 136:
! 137: /*
! 138: * Build pblocks
! 139: */
! 140: udp = libnet_build_udp(
! 141: 0x1234, /* source port */
! 142: 69, /* destination port */
! 143: LIBNET_UDP_H + payload_s, /* packet length */
! 144: 0, /* checksum */
! 145: payload, /* payload */
! 146: payload_s, /* payload size */
! 147: l, /* libnet handle */
! 148: 0); /* libnet id */
! 149: if (udp == -1)
! 150: {
! 151: fprintf(stderr, "Can't build UDP header: %s\n", libnet_geterror(l));
! 152: goto bad;
! 153: }
! 154:
! 155: ip = libnet_build_ipv4(
! 156: LIBNET_IPV4_H + LIBNET_UDP_H + payload_s, /* length - dont forget the UDP's payload */
! 157: 0, /* TOS */
! 158: 0x4242, /* IP ID */
! 159: 0, /* IP Frag */
! 160: 0x42, /* TTL */
! 161: IPPROTO_UDP, /* protocol */
! 162: 0, /* checksum */
! 163: src_ip, /* source IP */
! 164: dst_ip, /* destination IP */
! 165: NULL, /* payload (already in UDP) */
! 166: 0, /* payload size */
! 167: l, /* libnet handle */
! 168: 0); /* libnet id */
! 169: if (ip == -1)
! 170: {
! 171: fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
! 172: goto bad;
! 173: }
! 174:
! 175: /*
! 176: * Write it to the wire.
! 177: */
! 178: c = libnet_write(l);
! 179: if (c == -1)
! 180: {
! 181: fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
! 182: goto bad;
! 183: }
! 184: else
! 185: {
! 186: fprintf(stderr, "Wrote %d byte TFTP packet; check the wire.\n", c);
! 187: }
! 188:
! 189: libnet_destroy(l);
! 190: free(payload);
! 191: return (EXIT_SUCCESS);
! 192: bad:
! 193: libnet_destroy(l);
! 194: free(payload);
! 195: return (EXIT_FAILURE);
! 196: }
! 197:
! 198: void
! 199: usage(char *name)
! 200: {
! 201: fprintf(stderr,
! 202: "usage: %s -s source_ip -d destination_ip"
! 203: " [-p payload] [-t|u|i] \n",
! 204: name);
! 205: }
! 206:
! 207: /* EOF */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to tftp.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / libnet / sample