This article explains how to create a raw socket and use it to do an SYN or ACK or XMAS scan using python, note that you could also use it to make a Denial of Service attack (syn flooding ...)See code below:
import socket,structfrom struct import *# checksum functions needed for tcp checksum , found it in internetdef checksum(msg):s = 0# loop taking 2 characters at a timefor i in range(0, len(msg), 2):w = (ord(msg[i]) << 8) + (ord(msg[i+1]) )s = s + ws = (s>>16) + (s & 0xffff);#s = s + (s >> 16);#complement and mask to 4 byte shorts = ~s & 0xffffreturn s#create a raw sockettry:s = socket.socket(socket.AFINET, socket.SOCKRAW, socket.IPPROTOTCP)except socket.error , msg:print 'Socket could not be created. Error Code : ' + str(msg[0]) + ' Message ' + msg[1]sys.exit()# tell kernel not to put in headers, since we are providing its.setsockopt(socket.IPPROTOIP, socket.IPHDRINCL, 1)# now start constructing the packetpacket = '';sourceip = '127.0.0.1'destip = '127.0.0.1'# or socket.gethostbyname('www.google.com')# ip header fieldsihl = 5version = 4tos = 0totlen = 20id = 54321 #Id of this packetfragoff = 0ttl = 255protocol = socket.IPPROTOTCPcheck = 10 # python seems to correctly fill the checksumsaddr = socket.inetaton ( sourceip ) #Spoof the source ip address if you want todaddr = socket.inetaton ( destip )ihlversion = (version << 4) + ihl# the ! in the pack format string means network orderipheader = pack('!BBHHHBBH4s4s' , ihlversion, tos, totlen, id, fragoff, ttl, protocol, check, saddr, daddr)import socket,structfrom struct import # checksum functions needed for tcp checksum , found it in internetdef checksum(msg):s = 0# loop taking 2 characters at a timefor i in range(0, len(msg), 2):w = (ord(msg[i]) << 8) + (ord(msg[i+1]) )s = s + ws = (s>>16) + (s & 0xffff);#s = s + (s >> 16);#complement and mask to 4 byte shorts = ~s & 0xffffreturn s#create a raw sockettry:s = socket.socket(socket.AFINET, socket.SOCKRAW, socket.IPPROTOTCP)except socket.error , msg:print 'Socket could not be created. Error Code : ' + str(msg[0]) + ' Message ' + msg[1]sys.exit()# tell kernel not to put in headers, since we are providing its.setsockopt(socket.IPPROTOIP, socket.IPHDRINCL, 1)# now start constructing the packetpacket = '';sourceip = '127.0.0.1'destip = '127.0.0.1'# or socket.gethostbyname('www.google.com')# ip header fieldsihl = 5version = 4tos = 0totlen = 20id = 54321 #Id of this packetfragoff = 0ttl = 255protocol = socket.IPPROTOTCPcheck = 10 # python seems to correctly fill the checksumsaddr = socket.inetaton ( sourceip ) #Spoof the source ip address if you want todaddr = socket.inetaton ( destip )ihlversion = (version << 4) + ihl# the ! in the pack format string means network orderipheader = pack('!BBHHHBBH4s4s' , ihlversion, tos, totlen, id, fragoff, ttl, protocol, check, saddr, daddr)# tcp header fieldssource = 12345 # source portdest = 5555 # destination portseq = 0ackseq = 0doff = 5 #4 bit field, size of tcp header, 5 4 = 20 bytes#tcp flagsfin = 0syn = 1rst = 0psh = 0ack = 0urg = 0window = socket.htons (5840)#maximum allowed window sizecheck = 0urgptr = 0offsetres = (doff << 4) + 0tcpflags = fin + (syn << 1) + (rst << 2) + (psh <<3) + (ack << 4) + (urg << 5)# the ! in the pack format string means network ordertcpheader = pack('!HHLLBBHHH' , source, dest, seq, ackseq, offsetres, tcpflags, window, check, urgptr)# pseudo header fields for checksum calcssourceaddress = socket.inetaton( sourceip )destaddress = socket.inetaton(destip)placeholder = 0protocol = socket.IPPROTOTCPtcplength = len(tcpheader)psh = pack('!4s4sBBH' , sourceaddress , destaddress , placeholder , protocol , tcplength);psh = psh + tcpheader;tcpchecksum = checksum(psh)# make the tcp header again and fill the correct checksumtcpheader = pack('!HHLLBBHHH' , source, dest, seq, ackseq, offsetres, tcpflags, window, tcpchecksum , urgptr)# final full packet - syn packets dont have any datapacket = ipheader + tcpheader#Send the packet finally - the port specified has no effects.sendto(packet, (destip , 0 )) # put this in a loop if you want to flood the target# tcp header fieldssource = 12345 # source portdest = 5555 # destination portseq = 0ackseq = 0doff = 5 #4 bit field, size of tcp header, 5 * 4 = 20 bytes#tcp flagsfin = 0syn = 1rst = 0psh = 0ack = 0urg = 0window = socket.htons (5840) # maximum allowed window sizecheck = 0urgptr = 0offsetres = (doff << 4) + 0tcpflags = fin + (syn << 1) + (rst << 2) + (psh <<3) + (ack << 4) + (urg << 5)# the ! in the pack format string means network ordertcpheader = pack('!HHLLBBHHH' , source, dest, seq, ackseq, offsetres, tcpflags, window, check, urgptr)# pseudo header fields for checksum calcssourceaddress = socket.inetaton( sourceip )destaddress = socket.inetaton(destip)placeholder = 0protocol = socket.IPPROTOTCPtcplength = len(tcpheader)psh = pack('!4s4sBBH' , sourceaddress , destaddress , placeholder , protocol , tcplength);psh = psh + tcpheader;tcpchecksum = checksum(psh)# make the tcp header again and fill the correct checksumtcpheader = pack('!HHLLBBHHH' , source, dest, seq, ackseq, offsetres, tcpflags, window, tcpchecksum , urgptr)# final full packet - syn packets dont have any datapacket = ipheader + tcpheader#Send the packet finally - the port specified has no effects.sendto(packet, (destip , 0 ))# put this in a loop if you want to flood the target
News & Events
October 2, 2024
October is Cybersecurity Awareness Month, Why Cybersecurity Training is More Critical Than Ever
October is Cybersecurity Awareness Month 2024, so Cybrary is addressing why is cybersecurity training is more critical than ever. During October 2024 Cybersecurity Awareness Month, it’s time to recognize the value that regular, up-to-date training brings to both individuals and organizations
Building a Security Team
September 27, 2024
Digital Forensics and Incident Response: What It Is, When You Need It, and How to Implement It
A quick guide to digital forensics and incident response (DFIR): what it is, when it’s needed, how to implement a cutting-edge program, and how to develop DFIR skills on your team.