Skip to content

Commit cbc09a3

Browse files
xfangfangxfangfang
committed
Only wait the first PADI without timeout
1 parent 229fb36 commit cbc09a3

File tree

2 files changed

+10
-6
lines changed

2 files changed

+10
-6
lines changed

include/exploit.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -100,7 +100,7 @@ class Exploit {
100100
int ipcp_negotiation() const;
101101

102102
int ppp_negotiation(const std::function<std::vector<uint8_t>(Exploit *)> &cb = nullptr,
103-
bool ignore_initial_req = false);
103+
bool ignore_initial_req = false, bool always_wait_padi = false);
104104

105105
void ppp_byebye();
106106

src/exploit.cpp

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -330,23 +330,27 @@ int Exploit::ipcp_negotiation() const {
330330
return RETURN_SUCCESS;
331331
}
332332

333-
int Exploit::ppp_negotiation(const std::function<std::vector<uint8_t>(Exploit *)> &cb, bool ignore_initial_req) {
333+
int Exploit::ppp_negotiation(const std::function<std::vector<uint8_t>(Exploit *)> &cb, bool ignore_initial_req,
334+
bool always_wait_padi) {
334335
int padi_count = ignore_initial_req ? 2 : 1;
335336

336337
Cookie pkt;
337338
while (padi_count--) {
338339
std::cout << "[*] Waiting for PADI..." << std::endl;
339-
dev->startCaptureBlockingMode(
340+
if (dev->startCaptureBlockingMode(
340341
[](pcpp::RawPacket *packet, pcpp::PcapLiveDevice *device, void *cookie) -> bool {
341342
pcpp::Packet parsedPacket(packet, pcpp::PPPoEDiscovery);
342343
auto *layer = PacketBuilder::getPPPoEDiscoveryLayer(parsedPacket,
343344
pcpp::PPPoELayer::PPPOE_CODE_PADI);
344345
if (!layer) return false;
345346
((Cookie *) cookie)->packet = parsedPacket;
346347
return true;
347-
}, &pkt, 0);
348+
}, &pkt, always_wait_padi ? 0 : this->timeout) != 1) {
349+
return RETURN_FAIL;
350+
} else if (!running) {
351+
return RETURN_STOP;
352+
}
348353
}
349-
CHECK_RUNNING();
350354

351355
auto *pppoeDiscoveryLayer = pkt.packet.getLayerOfType<pcpp::PPPoEDiscoveryLayer>();
352356
if (!pppoeDiscoveryLayer) {
@@ -695,7 +699,7 @@ std::vector<uint8_t> Exploit::build_second_rop(Exploit *self) {
695699
}
696700

697701
int Exploit::stage0() {
698-
CHECK_RET(this->ppp_negotiation(Exploit::build_fake_ifnet, this->wait_padi));
702+
CHECK_RET(this->ppp_negotiation(Exploit::build_fake_ifnet, this->wait_padi, true));
699703
CHECK_RET(this->lcp_negotiation());
700704
CHECK_RET(this->ipcp_negotiation());
701705

0 commit comments

Comments
 (0)