Skip to content

Instantly share code, notes, and snippets.

@eviltik

eviltik/syn.js

Last active May 11, 2018 02:02
Show Gist options
  • Save eviltik/5799755 to your computer and use it in GitHub Desktop.
Save eviltik/5799755 to your computer and use it in GitHub Desktop.
Download ZIP
raw socket syn scan nodejs
Raw
syn.js
/*
tcpdump -i lo -n ip
nmap :19:54:07.502287 IP 127.0.0.1.56239 > 127.0.0.1.23: Flags [S], seq 411956820, win 1024, options [mss 1460], length 0
syn.js :21:26:57.830349 IP 127.0.0.1.54444 > 127.0.0.1.23: Flags [S], seq 234156285, win 1024, options [mss 1460], length 0
--> sound good but no ack+syn in reply, let's go verbose mode with tcpdump
tcpdump -vvv -i lo -n ip
OK: NMAP result (nmap -sS localhost -p 23)
21:50:20.794277 IP (tos 0x0, ttl 40, id 56063, offset 0, flags [none], proto TCP (6), length 44)
127.0.0.1.56649 > 127.0.0.1.23: Flags [S], cksum 0x17c8 (correct), seq 1809790236, win 1024, options [mss 1460], length 0
21:50:20.794292 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 44)
127.0.0.1.23 > 127.0.0.1.56649: Flags [S.], cksum 0xfe20 (incorrect -> 0xa280), seq 2375108310, ack 1809790237, win 43690, options [mss 65495], length 0
21:50:20.794297 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
127.0.0.1.56649 > 127.0.0.1.23: Flags [R], cksum 0x3381 (correct), seq 1809790237, win 0, length 0
KO: syn.js result :
1:51:01.309365 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 48)
127.0.0.1.35643 > 127.0.0.1.23: Flags [S], cksum 0x0000 (incorrect -> 0x01db), seq 234156285:234156289, win 1024, options [mss 1460], length 4
*/
var raw = require ("raw-socket");
var options = {
protocol: raw.Protocol.TCP,
addressFamily: raw.AddressFamily.IPv4,
generateChecksums: true,
//checksumOffset: 40 do i really need to provide that ?
};
var socket = raw.createSocket(options);
var buffer = new Buffer ([
0x00,0x00, // src port
0x00,0x00, // dst port
0x0d,0xf4,0xf0,0xfd, // sequence number (should be random)
0x0f,0x00,0xf2,0x00, // acquitement number
0x69, // header length
0x02, // flags (fin=1,syn=2,rst=4,psh=8,ack=16,urg=32)
0x04,0x00, // window 1024
0x00,0x00, // crc
0x00,0x00, // ptr urgent
0x02,0x04,0x05,0xb4, // options and padding (mss=1460)
0x00,0x00,0x00,0x00 // ??
]);
var setPortDst = function(buf,port) {
buffer[0x02] = (port >> 8) & 0xff;
buffer[0x02 + 1] = (port & 0xff);
return buf;
}
var setPortSrc = function(buf,port) {
buffer[0x00] = (port >> 8) & 0xff;
buffer[0x00 + 1] = (port & 0xff);
return buf;
}
setPortDst(buffer,23);
setPortSrc(buffer,54444); // port src should be random, not static
var target = '127.0.0.1';
socket.on ("close", function () {
console.log ("socket closed");
process.exit (-1);
});
socket.on ("error", function (error) {
console.log ("error: " + error.toString ());
process.exit (-1);
});
socket.on ("message", function (buffer, source) {
//console.log ("received " + buffer.length + " bytes from " + source);
if (buffer[0x09] == 0x06) {
// TCP flag found
if (buffer[0x21] == 0x21) {
// SYN flag found
process.stdout.write('\nYOU WIN, must send RST packet here');
} else {
process.stdout.write('.');
}
} else {
process.stdout.write('.');
}
});
var level = raw.SocketLevel.IPPROTO_IP;
var option = raw.SocketOption.IP_TTL;
socket.send (buffer, 0, buffer.length, '127.0.0.1', function (error, bytes) {
if (error) {
console.log (error.toString ());
} else {
console.log ("sent " + bytes + " bytes to " + target);
}
});
@sumaurelien
Copy link

Hey ! I can't find any doc but I really want to do the same with UDP datagram can you help me ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment