Working login, buggy terminal-data reception

author: root <root@phone01.(none)> 2010-09-26 20:32:34 +0200
committer: root <root@phone01.(none)> 2010-09-26 20:32:34 +0200
commit: 0543208957f3f1a14f66d0c70fcc813e779f7638 (patch)
tree: 95f23d46c20688ad874a659274affe1f45c7a21e
parent: d0b22a46b53c968de3ec85022251f318d97e6b27 (diff)
download: MAC-Telnet-0543208957f3f1a14f66d0c70fcc813e779f7638.tar.gz
MAC-Telnet-0543208957f3f1a14f66d0c70fcc813e779f7638.zip
6 files changed, 154 insertions, 21 deletions
diff --git a/Makefile b/Makefile
index 28581f7..01dfb0a 100644
--- a/Makefile
+++ b/Makefile
@@ -6,5 +6,5 @@ clean: dist-clean
 dist-clean:
 	rm -f mactelnet
 
-mactelnet: main.c udp.h udp.c mactelnet.c mactelnet.h
-	gcc -g -o mactelnet main.c udp.c mactelnet.c
+mactelnet: config.h main.c udp.h udp.c mactelnet.c mactelnet.h console.c console.h
+	gcc -g -o mactelnet -lcrypto main.c udp.c mactelnet.c console.c
diff --git a/console.c b/console.c
new file mode 100644
index 0000000..558184f
--- /dev/null
+++ b/console.c
@@ -0,0 +1,21 @@
+#include <sys/ioctl.h>
+#include <string.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+int getTerminalSize(unsigned short *width, unsigned short *height) {
+	struct winsize ws;
+
+	if (ioctl(0,TIOCGWINSZ,&ws) != 0) {
+		fprintf(stderr,"TIOCGWINSZ:%s\n",strerror(errno));
+		return -1;
+	}
+
+	*width = ws.ws_col;
+	*height = ws.ws_row;
+
+	printf("Console width: %d, height: %d\n", *width, *height);
+
+	return 1;
+}
diff --git a/console.h b/console.h
new file mode 100644
index 0000000..3a303fb
--- /dev/null
+++ b/console.h
@@ -0,0 +1 @@
+extern int getTerminalSize(unsigned short *width, unsigned short *height);
diff --git a/mactelnet.c b/mactelnet.c
index 88ddcdf..d9343a2 100644
--- a/mactelnet.c
+++ b/mactelnet.c
@@ -64,18 +64,27 @@ void parsePacket(unsigned char *data, struct mt_mactelnet_hdr *pkthdr) {
 }
 
 
-void parseControlPacket(unsigned char *data, int data_len) {
+int parseControlPacket(unsigned char *data, const int data_len, struct mt_mactelnet_control_hdr *cpkthdr) {
 	unsigned char magic[] = { 0x56, 0x34, 0x12, 0xff };
-	if (memcmp(data,&magic,4) == 0) {
+
+	if (data_len <= 0)
+		return 0;
+
+	if (memcmp(data, &magic, 4) == 0) {
 		if (DEBUG)
-			printf("\tControl packet:\n\t\tType: %d\n\t\tLength: %d\n", data[4], data[5]<<24|data[6]<<16|data[7]<<8|data[8]);
-		if (data_len - 9 - (data[4], data[5]<<24|data[6]<<16|data[7]<<8|data[8]) > 0) {
-			parseControlPacket(data + 9 + (data[4], data[5]<<24|data[6]<<16|data[7]<<8|data[8]), data_len - 9 - (data[4], data[5]<<24|data[6]<<16|data[7]<<8|data[8]));
-		}
-
-		if (data[4] == 1) {
-			printf("Connected. Enter username & password.\n\n"); // TODOD: Teh good shiat
-		}
+			printf("\t----Control packet:\n\t\tType: %d\n\t\tLength: %d\n", data[4], data[5]<<24|data[6]<<16|data[7]<<8|data[8]);
+
+		cpkthdr->cptype = data[4];
+		cpkthdr->length = data[5]<<24|data[6]<<16|data[7]<<8|data[8];
+		cpkthdr->data = data + 9;
+
+		return cpkthdr->length + 9;
+
+	} else {
+		cpkthdr->cptype = MT_CPTYPE_PLAINDATA;
+		cpkthdr->length = data_len;
+		cpkthdr->data = data;
+		return data_len;
 	}
 }
 
diff --git a/mactelnet.h b/mactelnet.h
index 5227718..685cb6b 100644
--- a/mactelnet.h
+++ b/mactelnet.h
@@ -17,6 +17,8 @@
 #define MT_CPTYPE_TERM_HEIGHT 6
 #define MT_CPTYPE_PACKET_ERROR 7
 #define MT_CPTYPE_END_AUTH 9
+// Internal CPTYPE, not part of protocol
+#define MT_CPTYPE_PLAINDATA -1
 
 struct mt_mactelnet_hdr {
 	unsigned char ver;
@@ -28,4 +30,10 @@ struct mt_mactelnet_hdr {
 	unsigned char *data;
 };
 
+struct mt_mactelnet_control_hdr {
+	signed char cptype;
+	unsigned int length;
+	unsigned char *data;
+};
+
 #endif
diff --git a/main.c b/main.c
index 89d68bd..e3f0801 100644
--- a/main.c
+++ b/main.c
@@ -5,17 +5,23 @@
 #include <sys/socket.h>
 #include <string.h>
 #include <linux/if_ether.h>
+#include <openssl/md5.h>
 #include "mactelnet.h"
 #include "udp.h"
+#include "console.h"
 #include "config.h"
 
 int sockfd;
 int counter=0;
+int outcounter=0;
+int sessionkey=0;
 unsigned char *src = "00:e0:81:b5:ac:8e";
 unsigned char *dst = "00:0c:42:43:58:a4";
+unsigned char encryptionkey[128];
 
 void handlePacket(unsigned char *data, int data_len) {
 	struct mt_mactelnet_hdr pkthdr;
+	struct mt_mactelnet_control_hdr cpkthdr;
 	parsePacket(data, &pkthdr);
 
 	if (DEBUG)
@@ -24,42 +30,109 @@ void handlePacket(unsigned char *data, int data_len) {
 	if (pkthdr.ptype == MT_PTYPE_DATA) {
 		char odata[200];
 		int plen=0,result=0;
+		int rest = 0;
+		unsigned char *p = data;
 		counter += data_len - 22;
 		plen = initPacket(odata, MT_PTYPE_ACK, src, dst, pkthdr.seskey, counter);
 		result = sendCustomUDP(sockfd, src, dst, "213.236.240.252", 20561, "255.255.255.255", 20561, odata, plen);
+
 		if (DEBUG)
 			printf("ACK: Plen = %d, Send result: %d\n", plen, result);
 
-		if (data_len - 22 > 0) {
-			parseControlPacket(data + 22, data_len - 22);
+		rest = data_len - 22;
+		p += 22;
+		while (rest > 0) {
+			int read = 0;
+			struct mt_mactelnet_control_hdr cpkt;
+			read = parseControlPacket(p, rest, &cpkt);
+			p += read;
+			rest -= read;
+
+			if (cpkt.cptype == MT_CPTYPE_ENCRYPTIONKEY) {
+				unsigned char md5data[100];
+				unsigned char md5sum[100];
+				MD5_CTX c;
+
+				memcpy(encryptionkey, cpkt.data, cpkt.length);
+
+				md5data[0] = 0;
+				strcpy(md5data+1, "eoidt668");
+				strncat(md5data+1, encryptionkey, 16);
+
+				MD5_Init(&c);
+				MD5_Update(&c, md5data, 9+16);
+				MD5_Final(md5sum+1, &c);
+				md5sum[0] = 0;
+
+				sendAuthData("admin", md5sum);
+				if (DEBUG)
+					printf("Received encryption key of %d characters\n", cpkt.length);
+				
+			}
+			else if (cpkt.cptype == MT_CPTYPE_PLAINDATA) {
+				cpkt.data[cpkt.length] = 0;
+				printf("%s", cpkt.data);
+			}
 		}
 	}
 }
 
+void sendAuthData(unsigned char *username, unsigned char *password) {
+	unsigned char data[1500];
+	unsigned char *terminal = "linux";
+	int userLen = strlen(username);
+	int terminalLen = strlen(terminal);
+	unsigned short width = 0;
+	unsigned short height = 0;
+	int result;
+	int plen;
+	int databytes;
+
+	plen = initPacket(data, MT_PTYPE_DATA, src, dst, sessionkey, outcounter);
+	databytes = plen;
+	plen += addControlPacket(data + plen, MT_CPTYPE_PASSWORD, password, 17);
+	plen += addControlPacket(data + plen, MT_CPTYPE_USERNAME, username, userLen);
+	plen += addControlPacket(data + plen, MT_CPTYPE_TERM_TYPE, terminal, terminalLen);
+
+	if (getTerminalSize(&width, &height) > 0) {
+		plen += addControlPacket(data + plen, MT_CPTYPE_TERM_WIDTH, &width, 2);
+		plen += addControlPacket(data + plen, MT_CPTYPE_TERM_HEIGHT, &height, 2);
+	}
+
+	outcounter += plen - databytes;
+
+	result = sendCustomUDP(sockfd, src, dst, "213.236.240.252", 20561, "255.255.255.255", 20561, data, plen);
+}
+
 int main (int argc, char **argv) {
-	int outsockfd;
+	int insockfd;
 	int result;
 	char data[200];
 	struct sockaddr_in si_me;
 	char buff[1500];
 	int plen = 0;
-	int sessionkey=0;
 
 	srand(time(NULL));
 
+	// Transmit raw packets with this socket
 	sockfd = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
-	outsockfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
 
+	// Receive regular udp packets with this socket
+	insockfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
+
+	// Initialize receiving socket
 	memset((char *) &si_me, 0, sizeof(si_me));
 	si_me.sin_family = AF_INET;
 	si_me.sin_port = htons(20561);
 	si_me.sin_addr.s_addr = htonl(INADDR_ANY);
 
-	if (bind(outsockfd, (struct sockaddr *)&si_me, sizeof(si_me))==-1) {
+	// Bind to udp port
+	if (bind(insockfd, (struct sockaddr *)&si_me, sizeof(si_me))==-1) {
 		fprintf(stderr, "Error binding to port 20561\n");
 		return 1;
 	}
 
+	// Sessioon key
 	sessionkey = rand() % 65535;
 
 	printf("Connecting to %s...\n", dst);
@@ -71,25 +144,46 @@ int main (int argc, char **argv) {
 	if (DEBUG)
 		printf("Sessionkey: %d\n", sessionkey);
 
-	result = recvfrom(outsockfd, buff, 1400, 0, 0, 0);
+	result = recvfrom(insockfd, buff, 1400, 0, 0, 0);
 	handlePacket(buff, result);
 
 	// TODO: Should resubmit whenever a PTYPE_DATA packet is sent, and an ACK packet with correct datacounter is received
 	// or time out the connection, in all other cases.
 	plen = initPacket(data, MT_PTYPE_DATA, src, dst, sessionkey, 0);
 	plen += addControlPacket(data + plen, MT_CPTYPE_BEGINAUTH, NULL, 0);
+	outcounter += 9;
 
 	result = sendCustomUDP(sockfd, src, dst, "213.236.240.252", 20561, "255.255.255.255", 20561, data, plen);
 	if (DEBUG)
 		printf("Plen = %d, Send result: %d\n", plen, result);
 
-	result = recvfrom(outsockfd, buff, 1400, 0, 0, 0);
+	memset(buff, 0, 1500);
+	result = recvfrom(insockfd, buff, 1500, 0, 0, 0);
+	if (result < 1) {
+		fprintf(stderr, "Connection failed.\n");
+		return 1;
+	}
+	handlePacket(buff, result);
+
+	memset(buff, 0, 1500);
+	result = recvfrom(insockfd, buff, 1500, 0, 0, 0);
 	handlePacket(buff, result);
 
-	result = recvfrom(outsockfd, buff, 1400, 0, 0, 0);
+	memset(buff, 0, 1500);
+	result = recvfrom(insockfd, buff, 1500, 0, 0, 0);
 	handlePacket(buff, result);
 
+	memset(buff, 0, 1500);
+	result = recvfrom(insockfd, buff, 1500, 0, 0, 0);
+	handlePacket(buff, result);
+
+while(1) {
+	memset(buff, 0, 1500);
+	result = recvfrom(insockfd, buff, 1500, 0, 0, 0);
+	handlePacket(buff, result);
+}
 	close(sockfd);
+	close(insockfd);
 
 	return 0;
 }
author	root <root@phone01.(none)>	2010-09-26 20:32:34 +0200
committer	root <root@phone01.(none)>	2010-09-26 20:32:34 +0200
commit	0543208957f3f1a14f66d0c70fcc813e779f7638 (patch)
tree	95f23d46c20688ad874a659274affe1f45c7a21e
parent	d0b22a46b53c968de3ec85022251f318d97e6b27 (diff)
download	MAC-Telnet-0543208957f3f1a14f66d0c70fcc813e779f7638.tar.gz MAC-Telnet-0543208957f3f1a14f66d0c70fcc813e779f7638.zip