diff options
| author | root <root@phone01.(none)> | 2010-09-26 20:32:34 +0200 |
|---|---|---|
| committer | root <root@phone01.(none)> | 2010-09-26 20:32:34 +0200 |
| commit | 0543208957f3f1a14f66d0c70fcc813e779f7638 (patch) | |
| tree | 95f23d46c20688ad874a659274affe1f45c7a21e /main.c | |
| parent | d0b22a46b53c968de3ec85022251f318d97e6b27 (diff) | |
| download | MAC-Telnet-0543208957f3f1a14f66d0c70fcc813e779f7638.tar.gz MAC-Telnet-0543208957f3f1a14f66d0c70fcc813e779f7638.zip | |
Working login, buggy terminal-data reception
Diffstat (limited to 'main.c')
| -rw-r--r-- | main.c | 112 |
1 files changed, 103 insertions, 9 deletions
@@ -5,17 +5,23 @@ #include <sys/socket.h> #include <string.h> #include <linux/if_ether.h> +#include <openssl/md5.h> #include "mactelnet.h" #include "udp.h" +#include "console.h" #include "config.h" int sockfd; int counter=0; +int outcounter=0; +int sessionkey=0; unsigned char *src = "00:e0:81:b5:ac:8e"; unsigned char *dst = "00:0c:42:43:58:a4"; +unsigned char encryptionkey[128]; void handlePacket(unsigned char *data, int data_len) { struct mt_mactelnet_hdr pkthdr; + struct mt_mactelnet_control_hdr cpkthdr; parsePacket(data, &pkthdr); if (DEBUG) @@ -24,42 +30,109 @@ void handlePacket(unsigned char *data, int data_len) { if (pkthdr.ptype == MT_PTYPE_DATA) { char odata[200]; int plen=0,result=0; + int rest = 0; + unsigned char *p = data; counter += data_len - 22; plen = initPacket(odata, MT_PTYPE_ACK, src, dst, pkthdr.seskey, counter); result = sendCustomUDP(sockfd, src, dst, "213.236.240.252", 20561, "255.255.255.255", 20561, odata, plen); + if (DEBUG) printf("ACK: Plen = %d, Send result: %d\n", plen, result); - if (data_len - 22 > 0) { - parseControlPacket(data + 22, data_len - 22); + rest = data_len - 22; + p += 22; + while (rest > 0) { + int read = 0; + struct mt_mactelnet_control_hdr cpkt; + read = parseControlPacket(p, rest, &cpkt); + p += read; + rest -= read; + + if (cpkt.cptype == MT_CPTYPE_ENCRYPTIONKEY) { + unsigned char md5data[100]; + unsigned char md5sum[100]; + MD5_CTX c; + + memcpy(encryptionkey, cpkt.data, cpkt.length); + + md5data[0] = 0; + strcpy(md5data+1, "eoidt668"); + strncat(md5data+1, encryptionkey, 16); + + MD5_Init(&c); + MD5_Update(&c, md5data, 9+16); + MD5_Final(md5sum+1, &c); + md5sum[0] = 0; + + sendAuthData("admin", md5sum); + if (DEBUG) + printf("Received encryption key of %d characters\n", cpkt.length); + + } + else if (cpkt.cptype == MT_CPTYPE_PLAINDATA) { + cpkt.data[cpkt.length] = 0; + printf("%s", cpkt.data); + } } } } +void sendAuthData(unsigned char *username, unsigned char *password) { + unsigned char data[1500]; + unsigned char *terminal = "linux"; + int userLen = strlen(username); + int terminalLen = strlen(terminal); + unsigned short width = 0; + unsigned short height = 0; + int result; + int plen; + int databytes; + + plen = initPacket(data, MT_PTYPE_DATA, src, dst, sessionkey, outcounter); + databytes = plen; + plen += addControlPacket(data + plen, MT_CPTYPE_PASSWORD, password, 17); + plen += addControlPacket(data + plen, MT_CPTYPE_USERNAME, username, userLen); + plen += addControlPacket(data + plen, MT_CPTYPE_TERM_TYPE, terminal, terminalLen); + + if (getTerminalSize(&width, &height) > 0) { + plen += addControlPacket(data + plen, MT_CPTYPE_TERM_WIDTH, &width, 2); + plen += addControlPacket(data + plen, MT_CPTYPE_TERM_HEIGHT, &height, 2); + } + + outcounter += plen - databytes; + + result = sendCustomUDP(sockfd, src, dst, "213.236.240.252", 20561, "255.255.255.255", 20561, data, plen); +} + int main (int argc, char **argv) { - int outsockfd; + int insockfd; int result; char data[200]; struct sockaddr_in si_me; char buff[1500]; int plen = 0; - int sessionkey=0; srand(time(NULL)); + // Transmit raw packets with this socket sockfd = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); - outsockfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); + // Receive regular udp packets with this socket + insockfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); + + // Initialize receiving socket memset((char *) &si_me, 0, sizeof(si_me)); si_me.sin_family = AF_INET; si_me.sin_port = htons(20561); si_me.sin_addr.s_addr = htonl(INADDR_ANY); - if (bind(outsockfd, (struct sockaddr *)&si_me, sizeof(si_me))==-1) { + // Bind to udp port + if (bind(insockfd, (struct sockaddr *)&si_me, sizeof(si_me))==-1) { fprintf(stderr, "Error binding to port 20561\n"); return 1; } + // Sessioon key sessionkey = rand() % 65535; printf("Connecting to %s...\n", dst); @@ -71,25 +144,46 @@ int main (int argc, char **argv) { if (DEBUG) printf("Sessionkey: %d\n", sessionkey); - result = recvfrom(outsockfd, buff, 1400, 0, 0, 0); + result = recvfrom(insockfd, buff, 1400, 0, 0, 0); handlePacket(buff, result); // TODO: Should resubmit whenever a PTYPE_DATA packet is sent, and an ACK packet with correct datacounter is received // or time out the connection, in all other cases. plen = initPacket(data, MT_PTYPE_DATA, src, dst, sessionkey, 0); plen += addControlPacket(data + plen, MT_CPTYPE_BEGINAUTH, NULL, 0); + outcounter += 9; result = sendCustomUDP(sockfd, src, dst, "213.236.240.252", 20561, "255.255.255.255", 20561, data, plen); if (DEBUG) printf("Plen = %d, Send result: %d\n", plen, result); - result = recvfrom(outsockfd, buff, 1400, 0, 0, 0); + memset(buff, 0, 1500); + result = recvfrom(insockfd, buff, 1500, 0, 0, 0); + if (result < 1) { + fprintf(stderr, "Connection failed.\n"); + return 1; + } + handlePacket(buff, result); + + memset(buff, 0, 1500); + result = recvfrom(insockfd, buff, 1500, 0, 0, 0); handlePacket(buff, result); - result = recvfrom(outsockfd, buff, 1400, 0, 0, 0); + memset(buff, 0, 1500); + result = recvfrom(insockfd, buff, 1500, 0, 0, 0); handlePacket(buff, result); + memset(buff, 0, 1500); + result = recvfrom(insockfd, buff, 1500, 0, 0, 0); + handlePacket(buff, result); + +while(1) { + memset(buff, 0, 1500); + result = recvfrom(insockfd, buff, 1500, 0, 0, 0); + handlePacket(buff, result); +} close(sockfd); + close(insockfd); return 0; } |