Last active
November 4, 2023 16:02
-
-
Save bas-kirill/a1b6d5c25ba3c0c5d22ae109f42306ca to your computer and use it in GitHub Desktop.
Send TCP RST with checksum
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import socket | |
| from struct import pack | |
| from time import sleep | |
| # | |
| # |--------------------|--------------------| | |
| # | SOURCE PORT | DESTINATION PORT | | |
| # |--------------------|--------------------| | |
| # | SEQUENCE NUMBER | | |
| # |--------------------|--------------------| | |
| # | ACKNOWLEDGMENT NUMBER | | |
| # |--------------------|--------------------| | |
| # | DO:4|RSV:3|FLAGSi:9| WINDOW | | |
| # |--------------------|--------------------| | |
| # | Checksum | URGENT POINTER | | |
| # |--------------------|--------------------| | |
| # | |
| # | |
| def ip_header(src, dst): | |
| return pack("!BBHHHBBH4s4s", 69, 0, 0, 1, 0, 64, 6, 0, socket.inet_aton(src), socket.inet_aton(dst)) | |
| def checksum(msg): | |
| s = 0 | |
| # loop taking 2 characters at a time | |
| for i in range(0, len(msg), 2): | |
| w = (ord(msg[i]) << 8) + (ord(msg[i+1]) ) | |
| s = s + w | |
| s = (s>>16) + (s & 0xffff); | |
| #s = s + (s >> 16); | |
| #complement and mask to 4 byte short | |
| s = ~s & 0xffff | |
| return s | |
| # pack function allows you to pack different values (bytes, shorts, ints, strings ) into bytes | |
| # Format: | |
| # ! - network byte order | |
| # B unsigned char | |
| # H unsigned short | |
| # I unsigned int | |
| # L unsigned long | |
| # Q unsigned long long | |
| # s char[] | |
| my_ip = '10.10.11.157' # change to your ip | |
| target_ip = '10.10.11.65' | |
| # Warning: you need r00t to run this | |
| # Good luck (: | |
| sock = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_RAW) | |
| sock.setsockopt(socket.SOL_IP, socket.IP_HDRINCL, 1) | |
| ip_hdr = ip_header(my_ip, target_ip) | |
| # source port: 1337,destination port: 7331 | |
| # ack: 81321, seq: 321342,no data | |
| # checksum may be correct or incorrect* | |
| # TODO - fix this 2 variables | |
| tcp_hdr = pack("!HHIIBBHHH", 1337, 7331, 321342, 81321, 240, 4, 0, 0, 0) | |
| psh = pack('!4s4sBBH' , socket.inet_aton(my_ip) , socket.inet_aton(target_ip) , 0 , socket.IPPROTO_TCP , len(tcp_hdr)) | |
| psh = psh + tcp_hdr | |
| tcp_hdr = pack("!HHIIBBHHH", 1337, 7331, 321342, 81321, 240, 4, 0, checksum(psh), 0) | |
| data = b'' | |
| while True: | |
| sock.sendto(ip_hdr + tcp_hdr + data, (target_ip, 0)) | |
| sleep(1) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment