by: 云舒
2008-05-08
http://www.ph4nt0m.org
前些时候做DOS方面的测试,由于协议学得不够好,有些回应不记得,所以就首先想到用hping来定制一些包,看看远程主机的回应。结果下载 的hping死活都不发包,换了多个不同版本的winpcap都不行。一怒之下,决定自己写个简单的。首先想到的是perl来做,最后觉得一样要安装 winpcap还有很多别的模块,不如直接c来实现一下,来得更痛快。
需要说明一下的是,在以太网头那里我故意偷懒了,没有获取本机的MAC地址而是写了个错误的。所以给内网用户发包的话,能发出去,只是你收不到回应了,发给外网就没这个问题,这是因为同交换机下面靠MAC地址来定位的。
最后一点,这里所有的包,目的MAC地址都是写的MAC,通过网关把数据转发出去的。虽然同交换机下面可以直接通过MAC定位,但是我懒得判断,直接发送给网关再转发会比较简单。
/* Code By yunshu, 2008-05-08, Make tcp packet to send to remote server * I don't know which version of winpcap needed by hping, so I wrote this code. * Under winpcap 4.0.2, Dev-CPP 4.9.9.2, windows xp professional sp2 */ #include <stdio.h> #include <string.h> #include <winsock2.h> #include <iphlpapi.h> #include <unistd.h> #include <pcap.h> #include <remote-ext.h> #define IP_PROTO 0x0800 char LocalIP[20] = { 0 }; char InterfaceName[256] = { 0 }; char GatewayIP[20] = { 0 }; BYTE GatewayMac[6]; typedef struct et_header { unsigned char eh_dst[6]; unsigned char eh_src[6]; unsigned short eh_type; }ET_HEADER; typedef struct ip_hdr { unsigned char h_verlen; unsigned char tos; unsigned short total_len; unsigned short ident; unsigned short frag_and_flags; unsigned char ttl; unsigned char proto; unsigned short checksum; unsigned int sourceIP; unsigned int destIP; }IP_HEADER; typedef struct tcp_hdr { unsigned short th_sport; unsigned short th_dport; unsigned int th_seq; unsigned int th_ack; unsigned char th_lenres; unsigned char th_flag; unsigned short th_win; unsigned short th_sum; unsigned short th_urp; }TCP_HEADER; typedef struct tsd_hdr { unsigned long saddr; unsigned long daddr; char mbz; char ptcl; unsigned short tcpl; }PSD_HEADER; unsigned short CheckSum(unsigned short * buffer, int size) { unsigned long cksum = 0; while (size > 1) { cksum += *buffer++; size -= sizeof(unsigned short); } if (size) { cksum += *(unsigned char *) buffer; } cksum = (cksum >> 16) + (cksum & 0xffff); cksum += (cksum >> 16); return (unsigned short) (~cksum); } /* void GetLocalIP( ) { WORD wVersionRequested; WSADATA wsaData; char name[255]; PHOSTENT hostinfo; wVersionRequested = MAKEWORD( 2, 0 ); if( WSAStartup( wVersionRequested, &wsaData ) == 0 ) { if( gethostname( name, sizeof(name) ) == 0 ) { if( (hostinfo = gethostbyname(name) ) != NULL ) { strcpy( LocalIP, inet_ntoa( *(struct in_addr*)*hostinfo->h_addr_list ) ); } } } WSACleanup( ); } */ int GetDevices( ) { pcap_if_t *alldevs; pcap_if_t *d; int i = 0; char errbuf[PCAP_ERRBUF_SIZE]; /* 获取本地机器设备列表 */ if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL /* auth is not needed */, &alldevs, errbuf) == -1) { fprintf(stderr,"Error in pcap_findalldevs_ex: %s/n", errbuf); exit(1); } /* 打印列表 */ for( d = alldevs; d != NULL; d = d->next ) { printf("%d. %s", ++i, d->name); if (d->description) { printf( " (%s)", d->description ); } if( d->addresses != NULL ) { if( d->addresses->addr->sa_family == AF_INET ) { printf( ": %s/n", inet_ntoa( ((struct sockaddr_in *)d->addresses->addr)->sin_addr ) ); } else { printf( "/n" ); } } else { printf(" (No description available)/n"); } } if (i == 0) { printf("/nNo interfaces found! Make sure WinPcap is installed./n"); return -1; } printf( "/nPlease choose the index of your NetAdapter:" ); int AdapterIndex = 1; scanf( "%d", &AdapterIndex ); if( AdapterIndex > i ) { printf( "网卡选错啦/n" ); return -1; } d = alldevs; for( int index = 1; index < AdapterIndex; index ++ ) { d = d->next; } if( d->name == NULL || d->addresses == NULL ) { printf( "网卡选错啦/n" ); return -1; } strcpy( InterfaceName, d->name ); strcpy( LocalIP, inet_ntoa( ((struct sockaddr_in *)d->addresses->addr)->sin_addr ) ); /* 不再需要设备列表了,释放它 */ pcap_freealldevs(alldevs); return 1; } int GetGateWayMac( ) { PIP_ADAPTER_INFO AdapterInfo; ULONG OutBufLen = sizeof(IP_ADAPTER_INFO); AdapterInfo = (IP_ADAPTER_INFO *)malloc(sizeof (IP_ADAPTER_INFO)); if( AdapterInfo == NULL ) { printf("Error allocating memory needed to call GetAdaptersinfo/n"); return -1; } if( GetAdaptersInfo( AdapterInfo, &OutBufLen ) == ERROR_BUFFER_OVERFLOW ) { free( AdapterInfo ); AdapterInfo = (IP_ADAPTER_INFO *)malloc( OutBufLen ); if( AdapterInfo == NULL ) { printf("Error allocating memory needed to call GetAdaptersinfo/n"); return -1; } } if( GetAdaptersInfo( AdapterInfo, &OutBufLen ) == NO_ERROR ) { PIP_ADAPTER_INFO a = AdapterInfo; BOOL Found = FALSE; while( a ) { if( strcmp(a->IpAddressList.IpAddress.String, LocalIP) == 0 ) { strcpy( GatewayIP, a->GatewayList.IpAddress.String ); Found = TRUE; break; } a = a->Next; } if( !Found ) { printf( "Get gateway's ip error./n" ); free( AdapterInfo ); return -1; } else { free( AdapterInfo ); } } else { printf( "Get gateway's ip error./n" ); free( AdapterInfo ); return -1; } BYTE Mac[6]; ULONG MacLen = 6; SendARP( inet_addr(GatewayIP), 0, (PULONG)&Mac, &MacLen ); memcpy( GatewayMac, Mac, MacLen ); /* for( int index = 0; index < MacLen; index ++ ) { printf( "%d: %02x/n", index, Mac[index] ); } printf( "/n%d/n", MacLen ); */ } void Usage( char *me ) { printf( "Make tcp package 0.1, code by yunshu/n" ); printf( "%s: targetip targetport [flag]/n", me ); printf( "flag: /n" ); printf( " u|U set urg flag./n" ); printf( " a|A set ack flag./n" ); printf( " p|P set push flag./n" ); printf( " r|R set rst flag./n" ); printf( " s|S set syn flag./n" ); printf( " f|F set fin flag./n" ); printf( " default is syn flag, and you can use sa to set syn+ack, and more.../n" ); } int main( int argc, char *argv[] ) { ET_HEADER EtHeader; IP_HEADER IpHeader; TCP_HEADER TcpHeader; PSD_HEADER PsdHeader; u_char Buffer[sizeof(ET_HEADER) + sizeof(IP_HEADER) + sizeof(TCP_HEADER)] = { 0 }; if( (argc != 3) && (argc != 4) ) { Usage( argv[0] ); exit( -1 ); } int Flag = 2; if( argc == 4 ) { Flag = 0; if( strchr(argv[3], 'U') || strchr(argv[3], 'u') ) { Flag = Flag | 32; } if( strchr(argv[3], 'A') || strchr(argv[3], 'a') ) { Flag = Flag | 16; } if( strchr(argv[3], 'P') || strchr(argv[3], 'p') ) { Flag = Flag | 8; } if( strchr(argv[3], 'R') || strchr(argv[3], 'r') ) { Flag = Flag | 4; } if( strchr(argv[3], 'S') || strchr(argv[3], 's') ) { Flag = Flag | 2; } if( strchr(argv[3], 'F') || strchr(argv[3], 'f') ) { Flag = Flag | 1; } } //GetLocalIP( ); if( -1 == GetDevices( ) ) { exit( -1 ); } //printf( "Adapter is %s, ip is %s/n", InterfaceName, LocalIP ); if( -1 == GetGateWayMac( ) ) { exit( -1 ); } //printf( "Gateway IP is %s/n", GatewayIP ); //printf( "Gateway Mac is %x/n", *GatewayMac ); memcpy( EtHeader.eh_dst, GatewayMac, 6 ); memset( EtHeader.eh_src, 0xa, 6 ); EtHeader.eh_type = htons( IP_PROTO ); IpHeader.h_verlen = (4<<4 | sizeof(IpHeader)/sizeof(unsigned int)); IpHeader.tos = 0; IpHeader.total_len = htons(sizeof(IpHeader)+sizeof(TcpHeader)); IpHeader.ident = 1; IpHeader.frag_and_flags = 0x40; IpHeader.ttl = 128; IpHeader.proto = IPPROTO_TCP; IpHeader.checksum = 0; IpHeader.sourceIP = inet_addr( LocalIP ); IpHeader.destIP = inet_addr( argv[1] ); TcpHeader.th_sport = htons( rand()%60000 + 1024 ); TcpHeader.th_dport = htons( atoi(argv[2]) ); TcpHeader.th_seq = htonl( rand()%900000000 + 100000 ); TcpHeader.th_ack = 0; TcpHeader.th_lenres = (sizeof(TcpHeader)/4<<4|0); TcpHeader.th_flag = Flag; TcpHeader.th_win = htons(512); TcpHeader.th_sum = 0; TcpHeader.th_urp = 0; PsdHeader.saddr = inet_addr( LocalIP ); PsdHeader.daddr = IpHeader.destIP; PsdHeader.mbz = 0; PsdHeader.ptcl = IPPROTO_TCP; PsdHeader.tcpl = htons(sizeof(TcpHeader)); memcpy( Buffer, &PsdHeader, sizeof(PsdHeader) ); memcpy( Buffer + sizeof(PsdHeader), &TcpHeader, sizeof(TcpHeader) ); TcpHeader.th_sum = CheckSum( (unsigned short *)Buffer, sizeof(PsdHeader) + sizeof(TcpHeader) ); memset( Buffer, 0, sizeof(Buffer) ); memcpy( Buffer, &IpHeader, sizeof(IpHeader) ); IpHeader.checksum = CheckSum( (unsigned short *)Buffer, sizeof(IpHeader) ); memset( Buffer, 0, sizeof(Buffer) ); memcpy( Buffer, (void *)&EtHeader, sizeof(ET_HEADER) ); memcpy( Buffer + sizeof(ET_HEADER), (void *)&IpHeader, sizeof(IP_HEADER) ); memcpy( Buffer + sizeof(ET_HEADER) + sizeof(IP_HEADER), (void *)&TcpHeader, sizeof(TCP_HEADER) ); char errbuf[PCAP_ERRBUF_SIZE] = { 0 }; pcap_t *fp; if ( (fp= pcap_open( InterfaceName, 100, PCAP_OPENFLAG_PROMISCUOUS, 100, NULL, errbuf ) ) == NULL ) { fprintf(stderr,"/nUnable to open the adapter. %s is not supported by WinPcap/n", InterfaceName ); return -1; } if ( pcap_sendpacket( fp, Buffer, sizeof(Buffer) ) != 0 ) { fprintf(stderr,"/nError sending the packet: /n", pcap_geterr(fp)); return -1; } printf( "send ok!/nData is:/n" ); for( int i = 0; i < sizeof(Buffer); i ++ ) { printf( "%02x ", Buffer ); } return 0; }
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论