From 4ae1fcfdfe457a11f47f3d785ae1209372df36ca Mon Sep 17 00:00:00 2001 From: fedebuonco Date: Sat, 12 Oct 2024 01:19:42 +0100 Subject: [PATCH] Add possible useful is_icmp_echo_rep --- src/exploit.rs | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/src/exploit.rs b/src/exploit.rs index 3dd1511..2f040c0 100644 --- a/src/exploit.rs +++ b/src/exploit.rs @@ -566,6 +566,7 @@ fn spray( let _result = tx .send_to(icmpv6_adv.as_slice(), None) .expect("[-] Failed to send icmpv6adv"); + // let _result = listen_for_packet(rx, is_icmpv6_echo_reply); } } @@ -588,6 +589,30 @@ fn is_icmpv6_nd_ns(data: &[u8]) -> bool { code == 135 } +fn is_icmpv6_echo_reply(data: &[u8]) -> bool { + // Check if packet length is sufficient + if data.len() < 14 + 6 { + return false; // Minimum length check + } + + // Check Ethernet type field (0x86dd) + let ethertype = u16::from_be_bytes([data[12], data[13]]); + if ethertype != 0x86dd { + return false; // Only IPv6 packets + } + + // Check if the next header is ICMPv6 + let ip_header = data[20]; // Assuming IPv6 header starts at index 20 + if ip_header != 0x3a { + return false; // 0x3a corresponds to ICMPv6 + } + + // Check ICMPv6 type and code for Echo Reply (type: 129, code: 0) + let icmpv6_type = data[54]; // ICMPv6 type field + let icmpv6_code = data[55]; // ICMPv6 code field + icmpv6_type == 129 && icmpv6_code == 0 // Echo Reply type and code +} + pub fn create_ipcp_conf_ack( source_mac: [u8; 6], target_mac: [u8; 6], @@ -966,7 +991,7 @@ fn create_icmpv6_adv( // Hardcoded flags let flags_offset = 4; // First 4 bytes are for type, code, checksum - packet[54 + flags_offset] = 0xe0; // Set flags (R=0, S=1, O=1) + packet[54 + flags_offset] = 0xe0; } // Set the target address (16 bytes IPv6) after the ICMPv6 header