---[ Phrack Magazine Volume 7, Issue 51 September 01, 1997, article 07 of 17 -------------------------[ Juggernaut 1.2 update --------[ routeWell, Juggernaut went out, and the bug reports came in... Juggernaut, the robust network tool for Linux, originally went out in Phrack 50. This patchfile updates Juggernaut 1.0 (the version in P50-06) to version 1.2. It offers the following: - Nonfunctional things like nomenclature and cosmetics. - The IFF_PROMISC flag is unset upon exit. Previously the program would leave the network interface in promiscuous mode. - We no longer are interested in HTTP connections (unless -DGREED is defined). - Connection Spying now works properly. - Connection RSTing and Automated connection RSTing now work better. Please keep the bug reports coming in! To extract this patchfile, use the included extraction utility to remove the patchfile from the article. Then simply copy it into the Juggernaut directory and `patch < juggernaut_1.0-1.2_patch` <++> juggernaut_1.0-1.2_patch --- NumberOneCrush/main.c Thu May 8 15:37:02 1997 +++ NumberOneCrush/main.c Fri Jun 6 01:33:42 1997 @@ -1,7 +1,7 @@ /* * * Juggernaut - * Version b2 + * Version 1.2 * * 1996/7 Guild productions * daemon9[guild|phrack|r00t] @@ -42,7 +42,7 @@ #define DEVICE "eth0" #define LOGFILE "./juggernaut.log.spy" -char version[]="1.0\0"; +char version[]="1.2"; int sigsentry=1; /* Signal sentry */ int ripsock=0; /* RIP socket */ int linksock=0; /* SOCK PACKET socket */ @@ -96,8 +96,8 @@ char buf[MINIBUF]={0}; char token[2*MINIBUF]={0}; int c; - - if(geteuid()||getuid()){ /* r00t? */ + + if(geteuid()||getuid()){ /* r00t? */ fprintf(stderr,"UID or EUID of 0 needed...\n"); exit(0); } @@ -279,7 +279,7 @@ fgets(buf,sizeof(buf),stdin); if(buf[0]==0x0a||buf[0]=='q')return; if(!(int)(val=atoi(buf)))continue; - if(!(target=checkc(val)))fprintf(stderr,"Connection not in queue.\n"); + if(!(target=checkc(val)))fprintf(stderr,"Connection not in database.\n"); else break; } fprintf(stderr,"\nDo you wish to log to a file as well? [y/N] >"); @@ -324,7 +324,7 @@ fgets(buf,sizeof(buf),stdin); if(buf[0]==0x0a||buf[0]=='q')return; if(!(int)(val=atoi(buf)))continue; - if(!(target=checkc(val)))fprintf(stderr,"Connection not in queue.\n"); + if(!(target=checkc(val)))fprintf(stderr,"Connection not in database.\n"); else break; } signal(SIGINT,convulsion); @@ -440,7 +440,7 @@ fprintf(stderr,"Juggernaut %s [email protected] [guild 1996/7]\n",version); - fprintf(stderr,"\nJuggernaut compiled with the following options:\n"); + fprintf(stderr,"\nBuilt on %s %s with the following options:\n",__DATE__,__TIME__); #ifdef MULTI_P fprintf(stderr," Multi-processing\n"); #endif @@ -501,7 +501,7 @@ fgets(buf,sizeof(buf),stdin); if(buf[0]==0x0a||buf[0]=='q')return; if(!(int)(val=atoi(buf)))continue; - if(!(target=checkc(val)))fprintf(stderr,"Connection not in queue.\n"); + if(!(target=checkc(val)))fprintf(stderr,"Connection not in database.\n"); else break; } if(ntohs(target->dport)!=23){ @@ -547,7 +547,7 @@ fgets(buf,sizeof(buf),stdin); if(buf[0]==0x0a||buf[0]=='q')return; if(!(int)(val=atoi(buf)))continue; - if(!(target=checkc(val)))fprintf(stderr,"Connection not in queue.\n"); + if(!(target=checkc(val)))fprintf(stderr,"Connection not in database.\n"); else break; } if(ntohs(target->dport)!=23){ --- NumberOneCrush/mem.c Thu May 8 15:37:02 1997 +++ NumberOneCrush/mem.c Fri Jun 6 01:33:09 1997 @@ -1,7 +1,7 @@ /* * * Juggernaut - * Version b1 + * Version 1.2 * * 1996/7 Guild productions * daemon9[guild|phrack|r00t] --- NumberOneCrush/menu.c Thu May 8 15:37:02 1997 +++ NumberOneCrush/menu.c Fri Jun 6 01:33:32 1997 @@ -1,7 +1,7 @@ /* * * Juggernaut - * Version b2 + * Version 1.2 * * 1996/7 Guild productions * daemon9[guild|phrack|r00t] --- NumberOneCrush/net.c Thu May 8 15:37:02 1997 +++ NumberOneCrush/net.c Fri Jun 6 01:32:56 1997 @@ -1,7 +1,7 @@ /* * * Juggernaut - * Version b1 + * Version 1.2 * * 1996/7 Guild productions * daemon9[guild|phrack|r00t] @@ -92,13 +92,14 @@ * mode. */ -int tap(device) +int tap(device,mode) char *device; +int mode; { int fd; struct ifreq ifr; /* Link-layer interface request structure */ - /* Ethernet code for IP 0x800==ETH_P_IP */ + /* Ethernet code for IP 0x0800==ETH_P_IP */ if((fd=socket(AF_INET,SOCK_PACKET,htons(ETH_P_IP)))<0){ if(verbosity)perror("(tap) SOCK_PACKET allocation problems [fatal]"); exit(1); @@ -109,16 +110,22 @@ close(fd); exit(1); } - ifr.ifr_flags|=IFF_PROMISC; /* Set promiscuous mode */ + if(!mode)ifr.ifr_flags^=IFF_PROMISC; /* Unset promiscuous mode */ + else ifr.ifr_flags|=IFF_PROMISC; /* Set promiscuous mode */ if((ioctl(fd,SIOCSIFFLAGS,𝔦))<0){ /* Set flags */ - if(verbosity)perror("(tap) Can't set promiscuous mode [fatal]"); + if(verbosity)perror("(tap) Can't set/unset promiscuous mode [fatal]"); close(fd); exit(1); } - return(fd); + if(!mode){ + close(fd); + return(0); + } + else return(fd); } + /* * Gimme a raw-IP socket. Use of IP_HDRINCL is automatic with 2.0.x * kernels. Not sure about 1.2.x @@ -197,7 +204,6 @@ case 22: case 23: case 25: - case 80: case 513: case 6667: if(((int)msg=addc(iphp,tcphp)))if(verbosity)fprintf(stderr,"%c%s",0x08,msg); @@ -235,7 +241,6 @@ case 22: case 23: case 25: - case 80: case 513: case 6667: if(((int)msg=delc(iphp,tcphp)))if(verbosity)fprintf(stderr,"%c%s",0x08,msg); @@ -261,7 +266,7 @@ void dumpp(char *,int,FILE *); extern int sigsentry; - int tlinksock=tap(DEVICE); /* Spying tap. XXX- Really dumb way to do this... */ + int tlinksock=tap(DEVICE,1); /* Spying tap. XXX- Really dumb way to do this... */ time_t tp; ALIGNNETPOINTERS(); @@ -272,20 +277,14 @@ time(&tp;); fprintf(fp,": Log started:\t\t%s---------------------------------------------------------------------\n",ctime(&tp;)); } - /* NO alaram timeout here. SIGINT kills our spy session */ - while(sigsentry)if(recv(tlinksock,&epack;,sizeof(epack),0))if(iphp->protocol==IPPROTO_TCP)if(iphp->saddr==target->daddr&&tcphp-;>source==target->dport)dumpp(epack.payload-2,htons(iphp->tot_len)-sizeof(epack.ip)-sizeof(epack.tcp),fp); + /* NO alarm timeout here. SIGINT kills our spy session */ + while(sigsentry)if(recv(tlinksock,&epack;,sizeof(epack),0))if(iphp->protocol==IPPROTO_TCP)if(iphp->saddr==target->daddr && iphp->daddr==target->saddr && tcphp->dest==target->sport)dumpp(epack.payload-2,htons(iphp->tot_len)-sizeof(epack.ip)-sizeof(epac k + +.tcp),fp); if(fp){ fprintf(fp,"\n---------------------------------------------------------------------\n: Juggernaut connection spy log trailer\n: %s [%d]\t-->\t %s [%d]\n",hostLookup(target->saddr),ntohs(target->sport),hostLookup(target->daddr),ntohs(target->dport ) - - - - - - - - ); time(&tp;); fprintf(fp,": Log ended:\t\t%s---------------------------------------------------------------------\n",ctime(&tp;)); @@ -347,8 +346,8 @@ unsigned short tlen; }*ppheader; - static int moot=0; - int tlinksock=tap(DEVICE); + int moot=0; + int tlinksock=tap(DEVICE,1); ALIGNNETPOINTERS(); @@ -451,7 +450,7 @@ extern int ripsock; extern int acrstpid; char *tempBuf=0; - int tlinksock=tap(DEVICE); + int tlinksock=tap(DEVICE,1); switch((acrstpid=fork())){ /* Drop a child to backround, return the parent to continue */ @@ -570,7 +569,7 @@ extern int netreadtimeout; static int len; char *tempBuf; - int tlinksock=tap(DEVICE); + int tlinksock=tap(DEVICE,1); ALIGNNETPOINTERS(); @@ -675,7 +674,7 @@ extern int netreadtimeout; extern int sigsentry; static int len; - int tlinksock=tap(DEVICE); + int tlinksock=tap(DEVICE,1); ALIGNNETPOINTERS(); @@ -799,7 +798,7 @@ int grabflag=0; /* Time to grab some packets */ unsigned long targetsourceip=0; unsigned short targetsourceport=0; - int tlinksock=tap(DEVICE); + int tlinksock=tap(DEVICE,1); if(!(fp=fopen(SNIFLOG,"a+"))){ /* Log to file */ if(verbosity){ --- NumberOneCrush/prometheus.c Thu May 8 15:37:03 1997 +++ NumberOneCrush/prometheus.c Fri Jun 6 01:33:17 1997 @@ -1,7 +1,7 @@ /* * * Juggernaut - * Version b2 + * Version 1.2 * * 1996/7 Guild productions * daemon9[guild|phrack|r00t] --- NumberOneCrush/surplus.c Thu May 8 15:37:03 1997 +++ NumberOneCrush/surplus.c Fri Jun 6 01:33:03 1997 @@ -1,7 +1,7 @@ /* * * Juggernaut - * Version b2 + * Version 1.2 * * 1996/7 Guild productions * daemon9[guild|phrack|r00t] @@ -29,6 +29,7 @@ #define HELPFILE "./ClothLikeGauze/.help" #define FBUFSIZE 80 #define MINIBUF 10 +#define DEVICE "eth0" extern int verbosity; @@ -346,6 +347,7 @@ void cleanexit(){ void powerdown(); + int tap(char *,int); extern int ripsock; extern int hpid; @@ -353,6 +355,7 @@ close(ripsock); powerdown(); + tap(DEVICE,0); /* Unset promisc mode on the interface */ if(kill(hpid,SIGUSR1))if(verbosity){ /* Send signal to the hunter */ perror("(cleanexit) Could not signal hunter"); fprintf(stderr,"[cr]"); <--> ----[ EOF