From eeef833a7cd7df9b9ce59b51d0669e1b60609803 Mon Sep 17 00:00:00 2001 From: Nathan Bolam Date: Thu, 9 Jan 2020 06:24:49 +1030 Subject: [PATCH] no message --- dist/dhcp/index.js | 6 +- dist/dhcp/options.js | 11 ++-- dist/dhcp/server.js | 11 ++-- dist/index.js | 8 ++- dist/ips.js | 11 ++-- dist/ntp/client.js | 76 ++++++++++++++++++++++++ dist/ntp/index.js | 93 ++++-------------------------- dist/ntp/packet.js | 24 +++++++- dist/ntp/server.js | 16 +++++- dist/ntp/server2.js | 109 +++++++++++++++++++++++++++++++++++ dist/tftp.js | 134 ++++++++++++++++++++++++++++++++++++++----- package.json | 2 +- 12 files changed, 379 insertions(+), 122 deletions(-) create mode 100644 dist/ntp/client.js create mode 100644 dist/ntp/server2.js diff --git a/dist/dhcp/index.js b/dist/dhcp/index.js index e608081..4b1d9e7 100644 --- a/dist/dhcp/index.js +++ b/dist/dhcp/index.js @@ -1,9 +1,9 @@ -var args, server, toHexArray; - -args = require('../args'); +var path, server, toHexArray; server = require('./server'); +path = require('path'); + toHexArray = function(str) { return str.split('').map(function(d, i) { return str.charCodeAt(i); diff --git a/dist/dhcp/options.js b/dist/dhcp/options.js index e86ae03..7eaef6e 100644 --- a/dist/dhcp/options.js +++ b/dist/dhcp/options.js @@ -1,4 +1,4 @@ -var Tools, attr, conf, i, opts; +var Tools, attr, conf, i, opts, v; Tools = require('./tools'); @@ -507,10 +507,11 @@ conf = {}; attr = {}; for (i in opts) { - if (opts[i].config) { - conf[opts[i].config] = parseInt(i, 10); - } else if (opts[i].attr) { - conf[opts[i].config] = parseInt(i, 10); + v = opts[i]; + if (v.config) { + conf[v.config] = parseInt(i, 10); + } else if (v.attr) { + conf[v.attr] = parseInt(i, 10); } } diff --git a/dist/dhcp/server.js b/dist/dhcp/server.js index 4edcb9a..c10f737 100644 --- a/dist/dhcp/server.js +++ b/dist/dhcp/server.js @@ -302,7 +302,7 @@ Server = (function(superClass) { }; Server.prototype.sendAck = function(req) { - var ans; + var ans, options; if (req.options[97] && req.options[55].indexOf(97) === -1) { req.options[55].push(97); } @@ -313,6 +313,9 @@ Server = (function(superClass) { } }); } + options = this._getOptions({ + 53: DHCPACK + }, [1, 3, 51, 54, 6], req.options[55]); ans = { op: BOOTREPLY, htype: 1, @@ -327,10 +330,8 @@ Server = (function(superClass) { giaddr: req.giaddr, chaddr: req.chaddr, sname: '', - file: '', - options: this._getOptions({ - 53: DHCPACK - }, [1, 3, 51, 54, 6], req.options[55]) + file: req.file, + options: options }; return this._send(this.config('broadcast'), ans, (function(_this) { return function() { diff --git a/dist/index.js b/dist/index.js index 096b24b..df5130d 100644 --- a/dist/index.js +++ b/dist/index.js @@ -1,4 +1,4 @@ -var args, ask, dhcpd, httpd, ip, pkg, port; +var args, ask, dhcpd, httpd, ip, pkg, port, tftp; pkg = require('../package.json'); @@ -16,7 +16,11 @@ httpd = require('./http'); port = require('./get-port'); -if (args.dhcponly) { +tftp = require('./tftp'); + +if (args.tftp) { + tftp(args); +} else if (args.dhcponly) { dhcpd(ip, args.acsurl, args.acspass); } else { ask(ip).then(port).then(function(p) { diff --git a/dist/ips.js b/dist/ips.js index 35e0a21..6c7f493 100644 --- a/dist/ips.js +++ b/dist/ips.js @@ -3,7 +3,7 @@ var networkInterfaces; networkInterfaces = require('os').networkInterfaces; module.exports = function() { - var addr, address, details, family, i, internal, k, len, name, obj, ref, ref1, s, t, v; + var addr, address, base, details, family, i, internal, k, len, name, obj, ref, ref1, s, t, v; addr = []; obj = {}; ref = networkInterfaces(); @@ -16,11 +16,14 @@ module.exports = function() { ref1 = details[i], family = ref1.family, internal = ref1.internal, address = ref1.address; if (!internal) { if (!address.startsWith('2001')) { - obj[name][family] = { + if ((base = obj[name])[family] == null) { + base[family] = []; + } + obj[name][family].push({ name: name, address: address, family: family - }; + }); } } } @@ -30,7 +33,7 @@ module.exports = function() { if (v.IPv4 != null) { for (s in v) { t = v[s]; - addr.push(t); + addr.push.apply(addr, t); } } } diff --git a/dist/ntp/client.js b/dist/ntp/client.js new file mode 100644 index 0000000..61bb467 --- /dev/null +++ b/dist/ntp/client.js @@ -0,0 +1,76 @@ +'use strict'; +var EventEmitter, NTP, Packet, createSocket, + extend = function(child, parent) { for (var key in parent) { if (hasProp.call(parent, key)) child[key] = parent[key]; } function ctor() { this.constructor = child; } ctor.prototype = parent.prototype; child.prototype = new ctor(); child.__super__ = parent.prototype; return child; }, + hasProp = {}.hasOwnProperty; + +Packet = require('./packet'); + +createSocket = require('dgram').createSocket; + +EventEmitter = require('events').EventEmitter; + +NTP = (function(superClass) { + extend(NTP, superClass); + + function NTP(options, callback) { + if (typeof options === 'function') { + callback = options; + options = {}; + } + Object.assign(this, { + server: '127.0.0.1', + port: 123 + }, options); + this.socket = new createSocket('udp4'); + if (typeof callback === 'function') { + this.time(callback); + } + } + + NTP.prototype.time = function(callback) { + var packet, port, ref, server, timeout; + ref = this, server = ref.server, port = ref.port, timeout = ref.timeout; + packet = NTP.createPacket(); + this.socket.send(packet, 0, packet.length, port, server, (function(_this) { + return function(err) { + if (err) { + return callback(err); + } + return _this.socket.once('message', function(data) { + var message; + message = NTP.parse(data); + return callback(err, message); + }); + }; + })(this)); + return this; + }; + + NTP.time = function(options, callback) { + return new NTP(options, callback); + }; + + NTP.createPacket = function() { + var packet; + packet = new Packet; + packet.mode = Packet.MODES.CLIENT; + return packet.toBuffer(); + }; + + NTP.parse = function(buffer) { + var T1, T2, T3, T4, message; + message = Packet.parse(buffer); + T1 = message.originateTimestamp; + T2 = message.receiveTimestamp; + T3 = message.transmitTimestamp; + T4 = message.destinationTimestamp; + message.d = T4 - T1 - (T3 - T2); + message.t = (T2 - T1 + T3 - T4) / 2; + return message; + }; + + return NTP; + +})(EventEmitter); + +module.exports = NTP; diff --git a/dist/ntp/index.js b/dist/ntp/index.js index f14f81c..ee562e3 100644 --- a/dist/ntp/index.js +++ b/dist/ntp/index.js @@ -1,88 +1,15 @@ 'use strict'; -var EventEmitter, NTP, Packet, createSocket, - extend = function(child, parent) { for (var key in parent) { if (hasProp.call(parent, key)) child[key] = parent[key]; } function ctor() { this.constructor = child; } ctor.prototype = parent.prototype; child.prototype = new ctor(); child.__super__ = parent.prototype; return child; }, - hasProp = {}.hasOwnProperty; +var createServer, ntp; -Packet = require('./packet'); +createServer = require('./server').createServer; -createSocket = require('dgram').createSocket; +ntp = createServer(function(message, response) { + console.log('server message:', message); + return response(message); +}); -EventEmitter = require('events').EventEmitter; +ntp.listen(123, function(err) { + return console.log('ntp server is running at %s', ntp.address().port); +}); -NTP = (function(superClass) { - extend(NTP, superClass); - - function NTP(options, callback) { - if (typeof options === 'function') { - callback = options; - options = {}; - } - Object.assign(this, { - server: 'pool.ntp.org', - port: 123 - }, options); - this.socket = new createSocket('udp4'); - if (typeof callback === 'function') { - this.time(callback); - } - } - - NTP.prototype.time = function(callback) { - var packet, port, ref, server, timeout; - ref = this, server = ref.server, port = ref.port, timeout = ref.timeout; - packet = NTP.createPacket(); - this.socket.send(packet, 0, packet.length, port, server, (function(_this) { - return function(err) { - if (err) { - return callback(err); - } - return _this.socket.once('message', function(data) { - var message; - this.socket.close(); - message = NTP.parse(data); - return callback(err, message); - }); - }; - })(this)); - return this; - }; - - NTP.time = function(options, callback) { - return new NTP(options, callback); - }; - - NTP.createPacket = function() { - var packet; - packet = new Packet; - packet.mode = Packet.MODES.CLIENT; - packet.originateTimestamp = Date.now(); - return packet.toBuffer(); - }; - - NTP.parse = function(buffer) { - var T1, T2, T3, T4, message; - message = Packet.parse(buffer); - message.destinationTimestamp = Date.now(); - message.time = new Date(message.transmitTimestamp); - T1 = message.originateTimestamp; - T2 = message.receiveTimestamp; - T3 = message.transmitTimestamp; - T4 = message.destinationTimestamp; - message.d = T4 - T1 - (T3 - T2); - message.t = (T2 - T1 + T3 - T4) / 2; - return message; - }; - - return NTP; - -})(EventEmitter); - -exports.Client = NTP; - -exports.Server = require('./server'); - -exports.createServer = function(options) { - return new exports.Server(options); -}; - -module.exports = NTP; +module.exports = ntp; diff --git a/dist/ntp/packet.js b/dist/ntp/packet.js index 5ea3fe2..fd953e2 100644 --- a/dist/ntp/packet.js +++ b/dist/ntp/packet.js @@ -1,4 +1,4 @@ -var Packet, SEVENTY_YEARS, assert, toMsecs, writeMsecs; +var Packet, SEVENTY_YEARS, after, assert, before, toMsecs, writeMsecs; assert = require('assert'); @@ -23,7 +23,7 @@ toMsecs = function(buffer, offset) { writeMsecs = function(buffer, offset, ts) { var fraction, seconds; - seconds = Math.floor(ts / 1000) + SEVENTY_YEARS; + seconds = Math.floor(ts / 1000) + SEVENTY_YEARS - SEVENTY_YEARS; fraction = Math.round(ts % 1000 / 1000 * Math.pow(2, 32)); buffer[offset + 0] = (seconds & 0xFF000000) >> 24; buffer[offset + 1] = (seconds & 0x00FF0000) >> 16; @@ -36,6 +36,26 @@ writeMsecs = function(buffer, offset, ts) { return buffer; }; +before = function(val) { + var value; + value = parseInt(val.toString().split('.')[0], 10); + if (value) { + return value; + } else { + return 0; + } +}; + +after = function(val) { + var value; + value = parseInt(val.toString().split('.')[1], 10); + if (value) { + return value; + } else { + return 0; + } +}; + Packet = (function() { Packet.MODES = { CLIENT: 3, diff --git a/dist/ntp/server.js b/dist/ntp/server.js index 3a2cd7c..4ecd87e 100644 --- a/dist/ntp/server.js +++ b/dist/ntp/server.js @@ -12,6 +12,10 @@ Packet = require('./packet'); NTPServer = (function(superClass) { extend(NTPServer, superClass); + NTPServer.createServer = function(options) { + return new NTPServer(options); + }; + function NTPServer(options, onRequest) { NTPServer.__super__.constructor.call(this); if (typeof options === 'function') { @@ -39,10 +43,15 @@ NTPServer = (function(superClass) { }; NTPServer.prototype.send = function(rinfo, message, callback) { + if (callback == null) { + callback = function() {}; + } if (message instanceof Packet) { message.mode = Packet.MODES.SERVER; message = message.toBuffer(); } + console.log('response', message, 0, message.length, rinfo.port, rinfo.address); + this.socket.send(message, 0, message.length, rinfo.port, rinfo.address); this.socket.send(message, rinfo.port, rinfo.server, callback); return this; }; @@ -50,8 +59,11 @@ NTPServer = (function(superClass) { NTPServer.prototype.parse = function(message, rinfo) { var packet; packet = Packet.parse(message); - packet.receiveTimestamp = Date.now(); - this.emit('request', packet, this.send.bind(this, rinfo)); + this.send(rinfo, packet, function(err) { + if (err) { + return console.error(err); + } + }); return this; }; diff --git a/dist/ntp/server2.js b/dist/ntp/server2.js new file mode 100644 index 0000000..65b7ac6 --- /dev/null +++ b/dist/ntp/server2.js @@ -0,0 +1,109 @@ +var EventEmitter, TimeServer, dgram, server, util, + extend = function(child, parent) { for (var key in parent) { if (hasProp.call(parent, key)) child[key] = parent[key]; } function ctor() { this.constructor = child; } ctor.prototype = parent.prototype; child.prototype = new ctor(); child.__super__ = parent.prototype; return child; }, + hasProp = {}.hasOwnProperty; + +EventEmitter = require('events').EventEmitter; + +util = require('util'); + +dgram = require('dgram'); + +TimeServer = (function(superClass) { + extend(TimeServer, superClass); + + function TimeServer(time, error, version, mode, stratum, delay, dispersion) { + var createTime, ntp_peer_clock_precision, ntp_peer_clock_stratum, ntp_reference_id, ntp_root_delay, ntp_root_dispersion, ntp_seconds_since_epoch, ntp_server_error, ntp_server_mode, ntp_server_version; + TimeServer.__super__.constructor.apply(this, arguments); + this._socket = dgram.createSocket('udp4'); + ntp_server_error = ('0' + parseInt(error, 10).toString(2)).slice(-2); + ntp_server_version = ('00' + parseInt(version, 10).toString(2)).slice(-3); + ntp_server_mode = ('00' + parseInt(mode, 10).toString(2)).slice(-3); + ntp_peer_clock_stratum = '1'; + ntp_peer_clock_precision = '128'; + ntp_root_delay = '0.9900'; + ntp_root_dispersion = '0.9900'; + ntp_seconds_since_epoch = '2208988800'; + ntp_reference_id = [78, 85, 76, 76]; + if (time === '') { + createTime = 'recent'; + } else { + createTime = (parseInt(new Date / 1000) - parseInt(time)).toString(); + } + this._socket.on('message', (function(_this) { + return function(msg, rinfo) { + var timestamp; + _this.emit('data', 'received message from ' + rinfo.address + ':' + rinfo.port); + if (createTime === 'recent') { + timestamp = (new Date / 1000).toString(); + } else { + timestamp = (parseInt(new Date / 1000) - parseInt(createTime)).toString(); + } + msg.writeUIntBE(parseInt(ntp_server_error + ntp_server_version + ntp_server_mode, 2), 0, 1); + msg.writeUIntBE(parseInt(ntp_peer_clock_stratum, 10), 1, 1); + msg.writeUIntBE(parseInt(ntp_peer_clock_precision, 10), 3, 1); + msg.writeUIntBE(ntp_root_delay.before(), 4, 2); + msg.writeUIntBE(65535 / 10000 * ntp_root_delay.after(), 6, 2); + msg.writeUIntBE(parseInt(ntp_root_dispersion.before(), 10), 8, 2); + msg.writeUIntBE(65535 / 10000 * ntp_root_dispersion.after(), 10, 2); + msg.writeUIntBE(parseInt(ntp_reference_id[0], 10), 12, 1); + msg.writeUIntBE(parseInt(ntp_reference_id[1], 10), 13, 1); + msg.writeUIntBE(parseInt(ntp_reference_id[2], 10), 14, 1); + msg.writeUIntBE(parseInt(ntp_reference_id[3], 10), 15, 1); + msg.writeUIntBE(parseInt(ntp_seconds_since_epoch, 10) + timestamp.before(), 16, 4); + msg.writeUIntBE(parseInt(ntp_seconds_since_epoch, 10) + timestamp.before(), 24, 4); + msg.writeUIntBE(parseInt(ntp_seconds_since_epoch, 10) + timestamp.before(), 32, 4); + msg.writeUIntBE(parseInt(ntp_seconds_since_epoch, 10) + timestamp.before(), 40, 4); + return _this._socket.send(msg, 0, msg.length, rinfo.port, rinfo.address, function(err, bytes) { + if (err) { + throw err; + } + return _this.emit('data', 'send response to ' + rinfo.address + ':' + rinfo.port); + }); + }; + })(this)); + this._socket.on('listening', (function(_this) { + return function() { + var address; + address = _this._socket.address(); + return _this.emit('data', 'server listening ' + address.address + ':' + address.port); + }; + })(this)); + this._socket.on('error', (function(_this) { + return function(err) { + return _this.emit('data', err); + }; + })(this)); + this._socket.bind(123); + } + + return TimeServer; + +})(EventEmitter); + +String.prototype.before = function() { + var value; + value = parseInt(this.toString().split('.')[0], 10); + if (value) { + return value; + } else { + return 0; + } +}; + +String.prototype.after = function() { + var value; + value = parseInt(this.toString().split('.')[1], 10); + if (value) { + return value; + } else { + return 0; + } +}; + +server = new TimeServer('1220580245', '0', '4', '4', '1', '0.9900', '0.9900'); + +server.on('data', function(output) { + return console.log(output); +}); + +module.exports = TimeServer; diff --git a/dist/tftp.js b/dist/tftp.js index 971232c..7f6f025 100644 --- a/dist/tftp.js +++ b/dist/tftp.js @@ -1,24 +1,128 @@ -var fs, tftp; +var ProgressIndicator, Transform, createServer, dhcp, fs, ips, path, + extend = function(child, parent) { for (var key in parent) { if (hasProp.call(parent, key)) child[key] = parent[key]; } function ctor() { this.constructor = child; } ctor.prototype = parent.prototype; child.prototype = new ctor(); child.__super__ = parent.prototype; return child; }, + hasProp = {}.hasOwnProperty; fs = require('fs'); -tftp = require('tftp'); +path = require('path'); -module.exports = function(host, firmware, callback) { - return fs.stat(firmware, function(err, stats) { - var client; - if (err) { - return callback(err); +createServer = require('tftp').createServer; + +Transform = require('stream').Transform; + +dhcp = require('./dhcp/server'); + +ips = require('./ips')(); + +ProgressIndicator = (function(superClass) { + extend(ProgressIndicator, superClass); + + function ProgressIndicator(size, options) { + this.size = size; + ProgressIndicator.__super__.constructor.call(this, options); + this.last = 0; + this.bytes = 0; + } + + ProgressIndicator.prototype._transform = function(chunk, encoding, cb) { + var percent; + this.bytes += chunk.length; + percent = this.bytes / this.size * 100 | 0; + if ((percent % 5) === 0 && percent !== this.last) { + this.last = percent; + this.emit('progress', { + percent: percent, + loaded: this.bytes, + total: this.size + }); } - if (stats.isDirectory()) { - return callback(new Error('You specify a file, not a directory.')); + cb(null, chunk); + }; + + return ProgressIndicator; + +})(Transform); + +module.exports = function(arg) { + var addr, eth, ip, network, server, tftp; + eth = arg.eth, ip = arg.ip, tftp = arg.tftp; + if (eth != null) { + network = ips.find(function(arg1) { + var name; + name = arg1.name; + return name === eth; + }); + } + if (ip == null) { + ip = network != null ? network.address : void 0; + } + addr = ip.split('.'); + addr.pop(); + addr = addr.join('.'); + dhcp.createServer({ + range: [addr + '.10', addr + '.15'], + forceOptions: ['router', 'hostname', 'bootFile'], + randomIP: true, + netmask: '255.255.255.0', + router: [ip], + hostname: 'second.gateway', + broadcast: addr + '.255', + bootFile: function(req, res) { + console.log(req, res); + return path.basename(tftp); + }, + server: ip + }).on('listening', function(sock, type) { + var address, port, ref; + ref = sock.address(), address = ref.address, port = ref.port; + return console.log("Waiting for DHCP" + type + " request... " + address + ":" + port); + }).on('message', function(data) { + return console.log('### MESSAGE', JSON.stringify(data)); + }).on('bound', function(state, ans) { + return console.log('### BOUND', JSON.stringify(state)); + }).on('error', function(err, data) { + if (!data) { + return; } - client = tftp.createClient({ - host: host, - timeout: 10000, - retries: 10 + return console.log('!!! ERROR', err, data); + }).listen(67); + server = createServer({ + host: '0.0.0.0', + port: 69, + denyPUT: true + }, function(req, res) { + var done, firmwareStream, prog, stats; + console.log('Received tftp request from', req.stats.remoteAddress, 'for file', req.file); + stats = fs.statSync(tftp); + res.setSize(stats.size); + firmwareStream = fs.createReadStream(tftp); + console.log('Sending firmware to router...'); + prog = new ProgressIndicator(stats.size); + done = false; + prog.on('progress', function(arg1) { + var p, percent; + percent = arg1.percent; + p = Math.round(percent * 100) / 100; + if (p % 10 === 0) { + console.log('Sent: ' + p + '%'); + } + if (percent >= 100) { + if (done) { + return; + } + console.log('Firmware sent! Now just wait for the router to reboot'); + firmwareStream.close(); + done = true; + } + }); + firmwareStream.pipe(prog).pipe(res); + return req.on('error', function(err) { + return console.error('ERROR:', err); }); - console.log('### TFTP PUT ' + firmware + ' to ' + host); - return client.put(firmware, callback); }); + server.on('error', function(err) { + return console.error('ERROR:', err); + }); + console.log('Starting tftp server, listening on ' + ip + ':69'); + return server.listen(); }; diff --git a/package.json b/package.json index b942517..c7a50b5 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "tch-exploit", - "version": "2.0.0-rc3", + "version": "2.0.1-rc4", "main": "dist/index.js", "bin": "dist/index.js", "scripts": {