decoy's

quant (78)
I want your help to me. Possible to use raw-socket take proxy into mysalve subnet?
This method be have project nmap network scanner. There use decoy for hidden own ip-address. I'm interests in reality take get the file through there decoy. I seen source code nmap but don't understand yet this to the end.
Zaita (2770)
Your question makes no sense, from a programming, or networking point of view.

Please clarify it.
quant (78)
i want bind() pthread pass-through remoute ip. Or take remoute ip without arp-spoff.
If host is up and listen any ports. It be into nmap -D option. Whew working it next way... replacement source ip to any other ip.
func found decoy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
int sendrawtcppingquery(int rawsd, struct eth_nfo *eth, Target *target, int pingtype, u16 probe_port,
			u16 seq, struct timeval *time, struct pingtune *pt) {
int trynum = 0;
int myseq;
unsigned short sportbase;
unsigned long myack;

if (o.magic_port_set) sportbase = o.magic_port;
else { 
  sportbase = o.magic_port + 20;
  trynum = seq % pt->max_tries;
}

 myseq = (get_random_uint() << 22) + (seq << 6) + 0x1E; 
/* (response & 0x3F) better be 0x1E or 0x1F */
 myack = (get_random_uint() << 22) + (seq << 6) + 0x1E; 
/* (response & 0x3F) better be 0x1E or 0x1F */
 o.decoys[o.decoyturn].s_addr = target->v4source().s_addr;

 if (pingtype & PINGTYPE_TCP_USE_SYN) {   
   send_tcp_raw_decoys( rawsd, eth, target->v4hostip(), o.ttl, sportbase + trynum, 
probe_port, myseq, myack, TH_SYN, 0, (u8 *) "\x02\x04\x05\xb4", 4, o.extra_payload, 
			o.extra_payload_length);
 } else {
   send_tcp_raw_decoys( rawsd, eth, target->v4hostip(), o.ttl, sportbase + trynum, 
probe_port, myseq, myack, TH_ACK, 0, NULL, 0, o.extra_payload, 
			o.extra_payload_length);
 }

 return 0;
}

enumeration founded decoys
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
 
  if (USI->tcp_scan) {
    assert(USI->scantype != CONNECT_SCAN);

    seq = seq32_encode(USI, tryno, pingseq);
    if (pspec->pd.tcp.flags & TH_ACK)
	  ack = rand();

    if (pspec->pd.tcp.flags & TH_SYN) {
      tcpops = (u8 *) "\x02\x04\x05\xb4";
      tcpopslen = 4;
    }

    for(decoy = 0; decoy < o.numdecoys; decoy++) {
      packet = build_tcp_raw(&o.decoys[decoy], hss->target->v4hostip(), o.ttl, 
			     ipid, sport, pspec->pd.tcp.dport, seq, ack, 
			     pspec->pd.tcp.flags, 0, tcpops, tcpopslen,
			     o.extra_payload, o.extra_payload_length, 
			     &packetlen);
      if (decoy == o.decoyturn) {
	probe->setIP(packet, packetlen, pspec);
	hss->lastprobe_sent = probe->sent = USI->now;
      }
      send_ip_packet(USI->rawsd, ethptr, packet, packetlen);
      free(packet);
    }
  }

and send
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
 
int send_tcp_raw_decoys( int sd, struct eth_nfo *eth, 
			 const struct in_addr *victim, int ttl,
			 u16 sport, u16 dport, u32 seq, u32 ack, u8 flags,
			 u16 window, u8 *options, int optlen, char *data,
			 u16 datalen) 
{
  int decoy;

  for(decoy = 0; decoy < o.numdecoys; decoy++) 
    if (send_tcp_raw(sd, eth, &o.decoys[decoy], victim, ttl, sport, dport, 
		     seq, ack, flags, window, options, optlen, data, 
		     datalen) == -1)
      return -1;

  return 0;
}

But I don't assured about send and recv data throuth if.
Last edited on
Zaita (2770)
You want to send and receive data to another computer while you are spoofing your sending IP address (pretending to be another source IP address)?
quant (78)
>You want to send and receive data to another computer while you are spoofing your sending IP address (pretending to be another source IP address)?
Yes.
Or build and send such as tcp syn which recv ask and syn from specified tcp port at least .
Zaita (2770)
In a nutshell, you can send data while pretending to be another computer (by spoofing your IP address), but you cannot receive data.

This is because you send a packet to your target with someone else's source IP address. The target reads the packet, and will reply to the other IP address with your response.

The closest thing you can achieve to this is called a "man in the middle attack". Google and have a read up on this.

To achieve anything remotely close to what you want you are going to have to do a fair bit of study on networking. Specifically physical design, protocols (IP, TCP, UDP), the OSI Layers, physical and theoretical limitations etc. Lots to learn
Topic archived. No new replies allowed.