User Controls
What's wrong with my class.
-
2015-09-20 at 1:21 AM UTCI already asked a question on stackoverflow and i got downvoted because it had to do with malware and appearently they don't really like that(Lol, fags) so i can't ask there anymore so i'll ask here instead.
import socket
import os
import struct
from ctypes import *
class IP(Structure):
_fields_=[
("ihl", c_ubyte, 4),
("version", c_ubyte, 4)
("tos", c_ubyte ),
("len", c_ushort ),
("id", c_ushort ),
("offset", c_ushort ),
("ttl", c_ubyte ),
("protocol_num",c_ubyte ),
("sum", c_ushort ),
("src", c_ulong ),
("dst", c_ulong ),
]
def _new_(self, socket_buffer=None):
return self.from_buffer_copy(socket_buffer)
def _init_(self, socket_buffer=None):
# Map protocol constants to their names
self.protocol_map = {1:"ICMP", 6:"TCP", 17:"UDP"}
# Human readable IP addresses
self.src_address = socketinet_ntoa(struct.pack("<L",self.src))
self.dst_address = socket.inet_ntoa(struct.pack("<L",self.dst))
# Human readable protocol
try:
self.protocol = self.protocol_map[self.protocol_num]
except:
self.protocol = str(self.protocol_num)
I'm getting a type error in my class, appearently my tuple object isn't callable and i don't know why, this is supposed to work from what i read/understand.
Traceback (most recent call last):
File "C:\Implant\Black Hat Python\sniffer_ip_decode.py", line 11, in <module>
class IP(Structure):
File "C:\Implant\Black Hat Python\sniffer_ip_decode.py", line 15, in IP
("tos", c_ubyte ),
TypeError: 'tuple' object is not callable
Meh.
-
2015-09-20 at 6:45 PM UTCTry removing the comma from your last array value and version seems to be missing a comma, add one to that, too:
class IP(Structure):
_fields_ = [
("ihl", c_ubyte, 4),
("version", c_ubyte, 4),
("tos", c_ubyte),
("len", c_ushort),
("id", c_ushort),
("offset", c_ushort),
("ttl", c_ubyte),
("protocol_num", c_ubyte),
("sum", c_ushort),
("src", c_ulong),
("dst", c_ulong)
]
-
2015-09-20 at 9:36 PM UTC
Try removing the comma from your last array value and version seems to be missing a comma, add one to that, too:
class IP(Structure):
_fields_ = [
("ihl", c_ubyte, 4),
("version", c_ubyte, 4),
("tos", c_ubyte),
("len", c_ushort),
("id", c_ushort),
("offset", c_ushort),
("ttl", c_ubyte),
("protocol_num", c_ubyte),
("sum", c_ushort),
("src", c_ulong),
("dst", c_ulong)
]
Thanks that was it, i have no idea how i missed that, lol. I don't know if you're interested but i feel like sharing anyway, while i was waiting for an answer i wrote the rest the program. I'm making a network sniffer but i got an error in my main loop.
sniffer = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket_protocol)
sniffer.bind((host, 0))
sniffer.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
if os.name == "nt":
sniffer.ioctl(socket.SIO_RCVALL, socket.RCVALL_ON)
try:
while True:
# Read in a packet
raw_buffer = sniffer.recvfrom(65565)[0]
print raw_buffer
# Create an IP header from the first 20 bytes of the buffer
ip_header = IP(raw_buffer[0:20])
# Print out the protocol that was detected and the hosts
print "Protocol: %s %s -> %s" % (ip_header.protocol, ip_header.src_address, ip_header.dst_address)
print "ICMP -> Type: %d Code: %d" % (icmp_header.type, icmp_header.code)
# Now check for type 3 and code
if icmp_header.code == 3 and icmp_header.type == 3:
# Make sure host is in target subnet
if IPAddress(ip_header.src_address) in IPNetwork(subnet):
# Make sure it has our magic message
if raw_buffer[len(raw_buffer)-len(magic_message):] == magic_message:
print "Host up: %s" % ip_header.src_address
# Handle CTRL+C
except KeyboardInterrupt:
# If we're using Windows turn off promisuous mode
if os.name == "nt":
sniffer.ioctl(socket.SIO_RCVALL, socket.RCVALL_OFF)
raw_buffer = sniffer.recvfrom(65565)[0]
'raw_buffer' should have an integer as a value and
sniffer.recvfrom(65565)[0]
Is supposed to put out an integer but if i print the value of raw_buffer i get this.
E 4Xð@ Ç♠└¿ ♂ı.õ╚Ua☺╗z»Ùñ Ç☻ zà ☻♦♣┤☺♥♥☻☺☺♦☻
lolwtfbbq
Here's the entire error message just for good measure.
Traceback (most recent call last):
File "C:\Implant\Black Hat Python\sniffer.py", line 91, in <module>
ip_header = IP(raw_buffer[0:20])
TypeError: an integer is required
-
2015-09-21 at 11:06 AM UTC
Thanks that was it, i have no idea how i missed that, lol. I don't know if you're interested but i feel like sharing anyway, while i was waiting for an answer i wrote the rest the program. I'm making a network sniffer but i got an error in my main loop.
sniffer = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket_protocol)
sniffer.bind((host, 0))
sniffer.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
if os.name == "nt":
sniffer.ioctl(socket.SIO_RCVALL, socket.RCVALL_ON)
try:
while True:
# Read in a packet
raw_buffer = sniffer.recvfrom(65565)[0]
print raw_buffer
# Create an IP header from the first 20 bytes of the buffer
ip_header = IP(raw_buffer[0:20])
# Print out the protocol that was detected and the hosts
print "Protocol: %s %s -> %s" % (ip_header.protocol, ip_header.src_address, ip_header.dst_address)
print "ICMP -> Type: %d Code: %d" % (icmp_header.type, icmp_header.code)
# Now check for type 3 and code
if icmp_header.code == 3 and icmp_header.type == 3:
# Make sure host is in target subnet
if IPAddress(ip_header.src_address) in IPNetwork(subnet):
# Make sure it has our magic message
if raw_buffer[len(raw_buffer)-len(magic_message):] == magic_message:
print "Host up: %s" % ip_header.src_address
# Handle CTRL+C
except KeyboardInterrupt:
# If we're using Windows turn off promisuous mode
if os.name == "nt":
sniffer.ioctl(socket.SIO_RCVALL, socket.RCVALL_OFF)
raw_buffer = sniffer.recvfrom(65565)[0]
'raw_buffer' should have an integer as a value and
sniffer.recvfrom(65565)[0]
Is supposed to put out an integer but if i print the value of raw_buffer i get this.
E 4Xð@ Ç♠└¿ ♂ı.õ╚Ua☺╗z»Ùñ Ç☻ zà ☻♦♣┤☺♥♥☻☺☺♦☻
lolwtfbbq
Here's the entire error message just for good measure.
Traceback (most recent call last):
File "C:\Implant\Black Hat Python\sniffer.py", line 91, in <module>
ip_header = IP(raw_buffer[0:20])
TypeError: an integer is required
What OS/bit are you using? -
2015-09-21 at 11:46 AM UTC
What OS/bit are you using?
I'm testing it against Windows, it should be able to decode IP headers and take apart ICMP(I got a class for that as well) but it should run in Linux no problem. I got some logic that checks to see if we're in a Windows environment and if so adjust the behavior of the program accordingly. If you think it would helpful, i could post the entire script. -
2015-09-21 at 1:48 PM UTCTry
ip_header = IP(raw_buffer) and see if that makes a difference -
2015-09-22 at 6:06 AM UTCjust responding to OP cuz.
It's the missing comma on line 9. A tailing comma has no semantic significance in a list. It does in a tuple, but only if the tuple has one item (it's how a tuple is distinguished from parentheses indicating operator precedence)). It's taking line 9 as an expression which is expected to evaluate to a function reference and then calling it on the following tuple. Consider:
def inc(x):
return x: 1
mylist = [(inc)(1)]
`mylist` will be `[2]` (a list with the single member, the value of inc(1), that is 2). -
2015-09-22 at 1:13 PM UTC
import socket
# the public network interface
HOST = socket.gethostbyname(socket.gethostname())
# create a raw socket and bind it to the public interface
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_IP)
s.bind((HOST, 0))
# Include IP headers
s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
# receive all packages
s.ioctl(socket.SIO_RCVALL, socket.RCVALL_ON)
# receive a package
print s.recvfrom(65565)
# disabled promiscuous mode
s.ioctl(socket.SIO_RCVALL, socket.RCVALL_OFF) -
2015-09-22 at 3:10 PM UTC
import socket
# the public network interface
HOST = socket.gethostbyname(socket.gethostname())
# create a raw socket and bind it to the public interface
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_IP)
s.bind((HOST, 0))
# Include IP headers
s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
# receive all packages
s.ioctl(socket.SIO_RCVALL, socket.RCVALL_ON)
# receive a package
print s.recvfrom(65565)
# disabled promiscuous mode
s.ioctl(socket.SIO_RCVALL, socket.RCVALL_OFF)
What do you think this code does spectral and how do you think this is helpful? The purpose of my program is to discover hosts decode the IP header, receive and decode the ICMP response, send out UDP datagrams and interpret the response. The only thing your bit of code does is print a coded response from a host.
Also you're commenting completely wrong.
# the public network interface
HOST = socket.gethostbyname(socket.gethostname())
This isn't 'the public network interface' this code just sets the value of HOST to a socket on your local IP on the subnet, e.g.192.168.0.1.
# receive all packages
s.ioctl(socket.SIO_RCVALL, socket.RCVALL_ON)
This turns promiscuous mode on, on Windows.
# receive a package
print s.recvfrom(65565)
This doesn't receive a package it simply prints the response from whatever you're talking to.
-
2015-09-23 at 2:45 PM UTC
Try
ip_header = IP(raw_buffer) and see if that makes a difference
I only need the first 20 bytes though that's what the [0:20] is for. And if the response is not an integer when i receive the first 20 bytes it's not going to be an integer if i receive all of them either, i'd think. -
2015-09-23 at 7:54 PM UTC
I only need the first 20 bytes though that's what the [0:20] is for. And if the response is not an integer when i receive the first 20 bytes it's not going to be an integer if i receive all of them either, i'd think.
Print out the result of the raw buffer and see what it returns -
2015-09-23 at 8 PM UTC
I only need the first 20 bytes though that's what the [0:20] is for. And if the response is not an integer when i receive the first 20 bytes it's not going to be an integer if i receive all of them either, i'd think.[/QUOTE
[FONT=Consolas][SIZE=12px]if[/SIZE][/FONT][FONT=Consolas][SIZE=12px] os.name [/SIZE][/FONT][FONT=Consolas][SIZE=12px]==[/SIZE][/FONT][FONT=Consolas][SIZE=12px] [/SIZE][/FONT][FONT=Consolas][SIZE=12px]"nt"[/SIZE][/FONT][FONT=Consolas][SIZE=12px]: socket_protocol [/SIZE][/FONT][FONT=Consolas][SIZE=12px]=[/SIZE][/FONT][FONT=Consolas][SIZE=12px] socket.IPPROTO_IP else: socket_protocol [/SIZE][/FONT][FONT=Consolas][SIZE=12px]=[/SIZE][/FONT][FONT=Consolas][SIZE=12px] socket.IPPROTO_ICMP [/SIZE][/FONT] sniffer = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket_protocol) sniffer.bind((host, 0)) sniffer.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1) if os.name == "nt": sniffer.ioctl(socket.SIO_RCVALL, socket.RCVALL_ON) try: while True: # Read in a packet raw_buffer = sniffer.recvfrom(65565)[0] print raw_buffer # Create an IP header from the first 20 bytes of the buffer ip_header = IP(raw_buffer[0:20]) # Print out the protocol that was detected and the hosts print "Protocol: %s %s -> %s" % (ip_header.protocol, ip_header.src_address, ip_header.dst_address) print "ICMP -> Type: %d Code: %d" % (icmp_header.type, icmp_header.code) # Now check for type 3 and code if icmp_header.code == 3 and icmp_header.type == 3: # Make sure host is in target subnet if IPAddress(ip_header.src_address) in IPNetwork(subnet): # Make sure it has our magic message if raw_buffer[len(raw_buffer)-len(magic_message):] == magic_message: print "Host up: %s" % ip_header.src_address # Handle CTRL+C except KeyboardInterrupt: # If we're using Windows turn off promisuous mode if os.name == "nt": sniffer.ioctl(socket.SIO_RCVALL, socket.RCVALL_OFF) -
2015-09-23 at 8:01 PM UTCformatting's gone to fuck, sorry. use a beautifier and test it.
-
2015-09-23 at 8:44 PM UTC
formatting's gone to fuck, sorry. use a beautifier and test it.
Lol it's ok, don't have a beautifier though. Just copypasta in code tags? -
2015-09-23 at 9:08 PM UTC
Lol it's ok, don't have a beautifier though. Just copypasta in code tags?
add this to the top above sniffer =
[FONT=Consolas][FONT=inherit][SIZE=12px]if[/SIZE][/FONT][/FONT][FONT=Consolas][FONT=inherit][SIZE=12px] os.name [/SIZE][/FONT][/FONT][FONT=Consolas][FONT=inherit][SIZE=12px]==[/SIZE][/FONT][/FONT][FONT=Consolas][FONT=inherit][SIZE=12px]"nt"[/SIZE][/FONT][/FONT][FONT=Consolas][FONT=inherit][SIZE=12px]:
socket_protocol [/SIZE][/FONT][/FONT][FONT=Consolas][FONT=inherit][SIZE=12px]=[/SIZE][/FONT][/FONT][FONT=Consolas][FONT=inherit][SIZE=12px] socket.IPPROTO_IP
else:
socket_protocol [/SIZE][/FONT][/FONT][FONT=Consolas][FONT=inherit][SIZE=12px]=[/SIZE][/FONT][/FONT][FONT=Consolas][FONT=inherit][SIZE=12px] socket.IPPROTO_ICMP[/SIZE][/FONT][/FONT] -
2015-09-23 at 9:32 PM UTC
add this to the top above sniffer =
[FONT=Consolas][FONT=inherit][SIZE=12px]if[/SIZE][/FONT][/FONT][FONT=Consolas][FONT=inherit][SIZE=12px] os.name [/SIZE][/FONT][/FONT][FONT=Consolas][FONT=inherit][SIZE=12px]==[/SIZE][/FONT][/FONT][FONT=Consolas][FONT=inherit][SIZE=12px]"nt"[/SIZE][/FONT][/FONT][FONT=Consolas][FONT=inherit][SIZE=12px]:
socket_protocol [/SIZE][/FONT][/FONT][FONT=Consolas][FONT=inherit][SIZE=12px]=[/SIZE][/FONT][/FONT][FONT=Consolas][FONT=inherit][SIZE=12px] socket.IPPROTO_IP
else:
socket_protocol [/SIZE][/FONT][/FONT][FONT=Consolas][FONT=inherit][SIZE=12px]=[/SIZE][/FONT][/FONT][FONT=Consolas][FONT=inherit][SIZE=12px] socket.IPPROTO_ICMP[/SIZE][/FONT][/FONT]
I was about to but then is aw i already have that piece of code there, here's the entire script for reference.
import socket
import os
import struct
from ctypes import *
import threading
import time
from netaddr import IPNetwork, IPAddress
# Host to listen on
host = "192.168.0.011"
# Subnet to target
subnet = "192168.0.0/24"
# Magic string we'll check ICMP responses for
magic_message = "NIGGERS!"
# This sprays out the UDP datagrams
def udp_sender(subnet,magic_message):
time.sleep(5)
sender = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
for ip in IPNetwork(subnet):
try:
sender.sendto(magic_message,("%s" % ip,65212))
except:
pass
# Start sending packets
t = threading.Thread(target=udp_sender,args=(subnet,magic_message))
t.start
# Our IP header.
class IP(Structure):
_fields_=[
("ihl", c_ubyte, 4),
("version", c_ubyte, 4),
("tos", c_ubyte),
("len", c_ushort),
("id", c_ushort),
("offset", c_ushort),
("ttl", c_ubyte),
("protocol_num",c_ubyte),
("sum", c_ushort),
("src", c_ulong),
("dst", c_ulong)
]
def _new_(self, socket_buffer=None):
return self.from_buffer_copy(socket_buffer)
def _init_(self, socket_buffer=None):
# Map protocol constants to their names
self.protocol_map = {1:"ICMP", 6:"TCP", 17:"UDP"}
# Human readable IP addresses
self.src_address = socketinet_ntoa(struct.pack("<L",self.src))
self.dst_address = socket.inet_ntoa(struct.pack("<L",self.dst))
# Human readable protocol
try:
self.protocol = self.protocol_map[self.protocol_num]
except:
self.protocol = str(self.protocol_num)
if os.name == "nt":
socket_protocol = socket.IPPROTO_IP
else:
socket_protocol = socket.IPPROTO_ICMP
sniffer = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket_protocol)
sniffer.bind((host, 0))
sniffer.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
if os.name == "nt":
sniffer.ioctl(socket.SIO_RCVALL, socket.RCVALL_ON)
try:
while True:
# Read in a packet
raw_buffer = sniffer.recvfrom(65565)[0]
# print raw_buffer
# Create an IP header from the first 20 bytes of the buffer
ip_header = IP(raw_buffer[0:20])
# Print out the protocol that was detected and the hosts
print "Protocol: %s %s -> %s" % (ip_header.protocol, ip_header.src_address, ip_header.dst_address)
print "ICMP -> Type: %d Code: %d" % (icmp_header.type, icmp_header.code)
# Now check for type 3 and code
if icmp_header.code == 3 and icmp_header.type == 3:
# Make sure host is in target subnet
if IPAddress(ip_header.src_address) in IPNetwork(subnet):
# Make sure it has our magic message
if raw_buffer[len(raw_buffer)-len(magic_message):] == magic_message:
print "Host up: %s" % ip_header.src_address
# Handle CTRL+C
except KeyboardInterrupt:
# If we're using Windows turn off promisuous mode
if os.name == "nt":
sniffer.ioctl(socket.SIO_RCVALL, socket.RCVALL_OFF)
class ICMP(Structure):
_fields_= [
("type", c_ubyte),
("code", c_ubyte),
("checksum", c_ushort),
("unused", c_ushort),
("next_hop_mtu",c_ushort)
]
def _new_(self, socket_buffer):
return self.from_buffer_copy(socket_buffer)
def _init_(self, socket_buffer):
pass
print "Protocol: %s %s -> %s (ip_header.protocol, ip_header.src_adress, ip_header.dst_address)"
# If it's ICMP we want items
if ip_header.protocol == "ICMP":
# Calculate where our ICMP packet startswith
offset = ip_header.ihl * 4
buf = raw_buffer[offset:offset + sizeof(ICMP)]
# Create ICMP structure
icmp_header = ICMP(buf)
print "ICMP -> Type: %d Code %d" % (icmp_header.type, icmp_header.code) -
2015-09-23 at 10:51 PM UTC
I was about to but then is aw i already have that piece of code there, here's the entire script for reference.
import socket
import os
import struct
from ctypes import *
import threading
import time
from netaddr import IPNetwork, IPAddress
# Host to listen on
host = "192.168.0.011"
# Subnet to target
subnet = "192168.0.0/24"
# Magic string we'll check ICMP responses for
magic_message = "NIGGERS!"
# This sprays out the UDP datagrams
def udp_sender(subnet,magic_message):
time.sleep(5)
sender = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
for ip in IPNetwork(subnet):
try:
sender.sendto(magic_message,("%s" % ip,65212))
except:
pass
# Start sending packets
t = threading.Thread(target=udp_sender,args=(subnet,magic_message))
t.start
# Our IP header.
class IP(Structure):
_fields_=[
("ihl", c_ubyte, 4),
("version", c_ubyte, 4),
("tos", c_ubyte),
("len", c_ushort),
("id", c_ushort),
("offset", c_ushort),
("ttl", c_ubyte),
("protocol_num",c_ubyte),
("sum", c_ushort),
("src", [COLOR=#000000][FONT=Consolas]c_uint32[/FONT][/COLOR]),
("dst",[COLOR=#000000][FONT=Consolas]c_uint32[/FONT][/COLOR])
]
def _new_(self, socket_buffer=None):
return self.from_buffer_copy(socket_buffer)
def _init_(self, socket_buffer=None):
# Map protocol constants to their names
self.protocol_map = {1:"ICMP", 6:"TCP", 17:"UDP"}
# Human readable IP addresses
self.src_address = socketinet_ntoa(struct.pack("<L",self.src))
self.dst_address = socket.inet_ntoa(struct.pack("<L",self.dst))
# Human readable protocol
try:
self.protocol = self.protocol_map[self.protocol_num]
except:
self.protocol = str(self.protocol_num)
if os.name == "nt":
socket_protocol = socket.IPPROTO_IP
else:
socket_protocol = socket.IPPROTO_ICMP
sniffer = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket_protocol)
sniffer.bind((host, 0))
sniffer.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
if os.name == "nt":
sniffer.ioctl(socket.SIO_RCVALL, socket.RCVALL_ON)
try:
while True:
# Read in a packet
[COLOR=#000000]raw_buffer [/COLOR][COLOR=#000000]=[/COLOR][COLOR=#000000] sniffer[/COLOR][COLOR=#000000].[/COLOR][COLOR=#000000]recvfrom[/COLOR][COLOR=#000000]([/COLOR][COLOR=#800000]65535[/COLOR][COLOR=#000000])[[/COLOR][COLOR=#800000]0[/COLOR][COLOR=#000000]][/COLOR] # print raw_buffer
# Create an IP header from the first 20 bytes of the buffer
ip_header = IP(raw_buffer[0:20])
# Print out the protocol that was detected and the hosts
print "Protocol: %s %s -> %s" % (ip_header.protocol, ip_header.src_address, ip_header.dst_address)
print "ICMP -> Type: %d Code: %d" % (icmp_header.type, icmp_header.code)
# Now check for type 3 and code
if icmp_header.code == 3 and icmp_header.type == 3:
# Make sure host is in target subnet
if IPAddress(ip_header.src_address) in IPNetwork(subnet):
# Make sure it has our magic message
if raw_buffer[len(raw_buffer)-len(magic_message):] == magic_message:
print "Host up: %s" % ip_header.src_address
# Handle CTRL+C
except KeyboardInterrupt:
# If we're using Windows turn off promisuous mode
if os.name == "nt":
sniffer.ioctl(socket.SIO_RCVALL, socket.RCVALL_OFF)
class ICMP(Structure):
_fields_= [
("type", c_ubyte),
("code", c_ubyte),
("checksum", c_ushort),
("unused", c_ushort),
("next_hop_mtu",c_ushort)
]
def _new_(self, socket_buffer):
return self.from_buffer_copy(socket_buffer)
def _init_(self, socket_buffer):
pass
print "Protocol: %s %s -> %s (ip_header.protocol, ip_header.src_adress, ip_header.dst_address)"
# If it's ICMP we want items
if ip_header.protocol == "ICMP":
# Calculate where our ICMP packet startswith
offset = ip_header.ihl * 4
buf = raw_buffer[offset:offset + sizeof(ICMP)]
# Create ICMP structure
icmp_header = ICMP(buf)
print "ICMP -> Type: %d Code %d" % (icmp_header.type, icmp_header.code)
Try that code in the quote :) -
2015-09-23 at 10:52 PM UTCAlso, is your subnet not supposed to have a period after 192?
subnet = "192168.0.0/24" -
2015-09-23 at 10:56 PM UTCOh top kek, typos ruining my life.
-
2015-09-23 at 10:58 PM UTCAnyway even with that fixed my response is still gobblygook, something must be going wrong with my decoding for some reason. This time i did get a part of a string that said microsoft(heartshape)com, lol.
