Finish LCP negotiation

LCP done.
fedebuonco · Jul 29, 2024 · 0d27586 · 0d27586
1 parent bf9d3fb
commit 0d27586
Show file tree

Hide file tree

Showing 2 changed files with 58 additions and 10 deletions.
diff --git a/src/exploit.rs b/src/exploit.rs
@@ -194,18 +194,27 @@ impl Exploit {
         println!("[*] Waiting for LCP configure request...");
         let _result = listen_for_packet(rx.as_mut(), is_lcp_conf_req);
         println!("[*] Sending LCP configure ACK...");
-        // let lcp_conf_ack = create_lcp_conf_ack(
-        //     self.source_mac,
-        //     self.target_mac,
-        //     0x00,
-        //     constants::PPPOE_SESSION_ID.to_be_bytes(),
-        // );
-        // let _result = tx
-        //     .send_to(&lcp_conf_ack, None)
-        //     .expect("[-] Failed to send lcp_conf_ack packet");
+        let lcp_conf_ack = create_lcp_conf_ack(
+            self.source_mac,
+            self.target_mac,
+            0x00,
+            constants::PPPOE_SESSION_ID.to_be_bytes(),
+        );
+        let _result = tx
+            .send_to(&lcp_conf_ack, None)
+            .expect("[-] Failed to send lcp_conf_ack packet");
         println!("[*] LCP Negotiation Done.");
     }
 
+    pub fn ipcp_negotiation(&mut self, interface: &NetworkInterface){
+        // Send IPCP conf request
+        // wait for Rec conf ack
+        // wait for req conf
+        // send nak
+        // wait for conf req
+        // send conf ack
+    }
+
     pub fn handle_padi(&mut self, data: &[u8]) {
         println!("[+] PADI packet received");
         // Extracting Host Unique Tag and populating the self.pppoe_softc
@@ -427,6 +436,8 @@ pub fn build_lcp_echo_reply(
     packet
 }
 
+
+
 pub fn create_pado_packet(
     source_mac: [u8; 6],
     target_mac: [u8; 6],
@@ -472,6 +483,42 @@ pub fn create_pado_packet(
     packet
 }
 
+pub fn create_lcp_conf_ack(
+    source_mac: [u8; 6],
+    target_mac: [u8; 6],
+    session_data: u8,
+    session_id: [u8; 2],
+) -> Vec<u8> {
+    let mut payload = Vec::new();
+    // PPPoE header
+    payload.push(0x11); // Version (1) and Type (1)
+    payload.push(session_data);
+    payload.extend_from_slice(&session_id);
+
+    // Fixed length
+    payload.extend_from_slice(&[0, 6]);
+
+    // PPP header
+    payload.extend_from_slice(&constants::ETHERTYPE_LCP.to_be_bytes());
+
+    // LCP and fixed length
+    payload.push(constants::LCP_CONF_ACK); // Configuration Ack
+    payload.push(constants::LCP_ID);
+    payload.extend_from_slice(&[0, 4]);
+    let packet = ether::Builder::default()
+        .source(source_mac.into())
+        .unwrap()
+        .destination(target_mac.into())
+        .unwrap()
+        .protocol(constants::ETHERTYPE_PPPOESESS.into())
+        .unwrap()
+        .payload(&payload)
+        .unwrap()
+        .build()
+        .unwrap();
+    packet
+}
+
 pub fn create_lcp_conf_request(
     source_mac: [u8; 6],
     target_mac: [u8; 6],

diff --git a/src/main.rs b/src/main.rs
@@ -34,9 +34,10 @@ fn run_exploit(interface_name: String) {
     // LCP
     let mut handler = exploit::LcpEchoHandler::new(&interface);
     handler.start();
-    // PPP negotiation
+    // Initial negotiations
     expl.ppp_negotiation(&interface);
     expl.lcp_negotiation(&interface);
+    expl.ipcp_negotiation(&interface);
     handler.stop();
 }