first commit

Task pwn02/week02/easy/test.py

@@ -0,0 +1,71 @@
+import hashlib
+import logging
+import time
+import threading
+
+from scapy.config import conf
+from scapy.layers.inet import TCP, IP
+from scapy.packet import Packet
+from scapy.sendrecv import send, sniff
+
+from random import randrange
+
+log = logging.getLogger(__name__)
+
+SERVER_IP = "127.0.0.1"
+SERVER_PORT = 20102
+COOKIE_SECRET = "TASTY_COOKIES123"
+SRC_PORT = randrange(10000, 50000)
+
+
+def generate_syn_cookie(client_ip: str, client_port: int, server_secret: str):
+    hash_input = f"{client_ip}{client_port}{server_secret}".encode()
+    return int(hashlib.sha256(hash_input).hexdigest(), 16) % (2**32)
+
+
+def handle_packet(packet: Packet):
+    if (
+        packet.haslayer(TCP)
+        and packet[TCP].dport == SRC_PORT
+        and "A" in packet[TCP].flags
+    ):
+        print("Flag found in payload:", packet[TCP].payload)
+        exit()
+
+
+# Function to start the packet sniffing
+def start_sniffing():
+    sniff(
+        filter=f"tcp port {SERVER_PORT}",
+        prn=handle_packet,
+        store=False,
+        monitor=True,
+        iface="lo",
+    )
+
+
+# Run the server in a separate thread
+def main():
+    conf.use_pcap = True
+    server_thread = threading.Thread(target=start_sniffing)
+    server_thread.start()
+
+    time.sleep(1)  # wait for the sniffer to start.
+
+    # Calculate the SYN cookie to send
+    cookie = generate_syn_cookie(SERVER_IP, SERVER_PORT, COOKIE_SECRET)
+
+    # Send SYN packet with correct cookie
+    syn_packet = IP(dst=SERVER_IP) / TCP(
+        sport=SRC_PORT, dport=SERVER_PORT, flags="S", seq=cookie
+    )
+    send(syn_packet)
+
+
+if __name__ == "__main__":
+    logging.basicConfig(
+        level=logging.INFO,
+        format="%(asctime)s %(levelname)s [%(module)s:%(lineno)d] %(message)s",
+    )
+    logging.getLogger("asyncio").setLevel(logging.WARNING)
+    main()