http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_programming&no=1249 []
̰ ִ ڽ Ʈ ϴ 쿡 ѹ
ϰ; ߽ϴ. ƹ͵ ȶ߱淹
ethereal Ŷ ĸغ ° , ȮϿ ϱ
10049 ϴ(Ʒ ּҸ ҴҼ ..̶..)
http://www.smon.co.kr/solomon_webhelp/LibraryNmicmp/Reference/WinsockErrMsg.htm
ذҼ ̷ øϴ.
Ʒ ҽ ִ Ž ˿ Դϴ.
// ʿ
#include <stdio.h>
#include <stdlib.h>
#include <winsock2.h>
#include <windows.h>
#include <WS2TCPIP.H>
//#include <unistd.h>
#include <string.h>
//#include <sys/socket.h>
//#include <sys/types.h>
//#include <arpa/inet.h>
//#include <netinet/in.h>
//#include <linux/ip.h>
//#include <linux/tcp.h>
//#include <netdb.h>
// ߽ IP ּ, ϼ.
#define LOCAL_IP "127.0.0.1"
struct iphdr{
unsigned int ihl;
unsigned int version:4;
unsigned char tos;
unsigned short tot_len;
unsigned short id;
unsigned short frag_and_flag;
unsigned char ttl;
unsigned char protocol;
unsigned short check;
unsigned int saddr;
unsigned int daddr;
};
struct tcphdr {
unsigned short source;
unsigned short dest;
unsigned int seq;
unsigned ack_seq;
// #if defined(__LITTLE_ENDIAN_BITFIELD)
unsigned short res1:4,
doff:4,
fin:1,
syn:1,
rst:1,
psh:1,
ack:1,
urg:1,
ece:1,
cwr:1;
// #elif defined(__BIG_ENDIAN_BITFIELD)
// unsigned short doff:4,
// res1:4,
// cwr:1,
// ece:1,
// urg:1,
// ack:1,
// psh:1,
// rst:1,
// syn:1,
// fin:1;
// #endif
unsigned short window;
unsigned short check;
unsigned short urg_ptr;
};
// üũ ϴ Լ /.
unsigned short in_cksum(u_short *addr, int len)
{
int sum=0;
int nleft=len;
u_short *w=addr;
u_short answer=0;
while (nleft > 1){
sum += *w++;
nleft -= 2;
}
if (nleft == 1){
*(u_char *)(&answer) = *(u_char *)w ;
sum += answer;
}
sum = (sum >> 16) + (sum & 0xffff);
sum += (sum >> 16);
answer = ~sum;
return(answer);
}
// ü
struct pseudohdr {
int saddr;
int daddr;
char useless;
char protocol;
short int tcplength;
};
int main( int argc, char **argv )
{
char packet[40];
int raw_socket, recv_socket;
int on=1, len ;
char recv_packet[100], compare[100];
struct iphdr *iphdr;
struct tcphdr *tcphdr;
struct in_addr source_address, dest_address;
struct sockaddr_in address, target_addr;
struct pseudohdr *pseudo_header;
struct in_addr ip;
struct hostent *target;
int port;
WORD wver;
WSADATA wsadata;
wver=MAKEWORD(2,2);
WSAStartup(wver,&wsadata);
// if( argc < 2 ){
//
// fprintf( stderr, "Usage : %s Target\n", argv[0] );
// exit(1);
// }
strcpy( compare, "127.0.0.1" );
source_address.s_addr = inet_addr( LOCAL_IP );
dest_address.s_addr = inet_addr( compare );
// strcpy( compare, argv[1] );
// ڷ ־ IP ȯ.
if( dest_address.s_addr == -1 ){
if( (target = gethostbyname( compare )) == NULL ){
fprintf( stderr, " ּҰ ùٸ ʽϴ.\n" );
exit( 1 );
}
//bcopy( target->h_addr, (char *)&ip.s_addr, target->h_length );
memcpy( target->h_addr, (char *)&ip.s_addr, target->h_length );
dest_address.s_addr = ip.s_addr;
strcpy( compare, inet_ntoa( dest_address ) );
}
printf( "\n[Wise Scanner Started.]\n\n" );
// 1 500 ĵ
for( port=1; port<500; port++ ){
// raw socket
raw_socket = socket( AF_INET, SOCK_RAW, IPPROTO_RAW );
setsockopt( raw_socket, IPPROTO_IP, IP_HDRINCL, (char *)&on, sizeof(on));
// TCP, IP ʱȭ
iphdr = (struct iphdr *)packet;
memset( (char *)iphdr, 0, 20 );
tcphdr = (struct tcphdr *)(packet + 20 );
memset( (char *)tcphdr, 0, 20 );
// TCP
tcphdr->source = htons( 777 );
tcphdr->dest = htons( port );
tcphdr->seq = htonl( 92929292 );
tcphdr->ack_seq = htonl( 12121212 );
tcphdr->doff = 5;
tcphdr->syn = 1;
tcphdr->window = htons( 512 );
// .
pseudo_header = (struct pseudohdr *)((char*)tcphdr-sizeof(struct pseudohdr));
pseudo_header->saddr = source_address.s_addr;
pseudo_header->daddr = dest_address.s_addr;
pseudo_header->protocol = IPPROTO_TCP;
pseudo_header->tcplength = htons( sizeof(struct tcphdr) );
// TCP üũ .
tcphdr->check = in_cksum( (u_short *)pseudo_header,
sizeof(struct pseudohdr) + sizeof(struct tcphdr) );
// IP
iphdr->version = 4;
iphdr->ihl = 5;
iphdr->protocol = IPPROTO_TCP;
iphdr->tot_len = 40;
iphdr->id = htons( 12345 );
iphdr->ttl = 60;
iphdr->saddr = source_address.s_addr;
iphdr->daddr = dest_address.s_addr;
// IP üũ .
iphdr->check = in_cksum( (u_short *)iphdr, sizeof(struct iphdr));
address.sin_family = AF_INET;
address.sin_port = htons( port );
address.sin_addr.s_addr = dest_address.s_addr;
// Ŷ
if(sendto( raw_socket, &(packet[0]), sizeof(packet), 0x0,(struct sockaddr *)&address, sizeof(address)) == SOCKET_ERROR) {
printf("%d",WSAGetLastError());
printf("۽\n");
switch(WSAGetLastError()){
case WSANOTINITIALISED :
printf("1");
case WSAENETDOWN :
printf("2");
case WSAEACCES :
printf("3");
case WSAEINVAL :
printf("4");
case WSAEINTR :
printf("5");
case WSAEINPROGRESS :
printf("6");
case WSAEFAULT :
printf("7");
case WSAENETRESET :
printf("8");
case WSAENOBUFS :
printf("9");
case WSAENOTCONN :
printf("10");
case WSAENOTSOCK :
printf("11");
case WSAEOPNOTSUPP :
printf("12");
case WSAESHUTDOWN :
printf("13");
case WSAEWOULDBLOCK :
printf("14");
case WSAEMSGSIZE :
printf("15");
case WSAEHOSTUNREACH :
printf("16");
case WSAECONNABORTED :
printf("17");
case WSAECONNRESET :
printf("18");
case WSAEADDRNOTAVAIL :
printf("19");
case WSAEAFNOSUPPORT :
printf("20");
case WSAEDESTADDRREQ :
printf("21");
case WSAENETUNREACH :
printf("22");
case WSAETIMEDOUT :
printf("23");
}
exit(0);
}
// Ŷ ʱȭ.
iphdr = (struct iphdr *)recv_packet;
tcphdr = (struct tcphdr *)(recv_packet + 20);
memset( (char *)iphdr, 0, 20 );
memset( (char *)tcphdr, 0, 20 );
// ſ Ŷ
recv_socket = socket( AF_INET, SOCK_RAW, IPPROTO_TCP );
len = sizeof( target_addr );
// Ŷ
while(1){
recvfrom( recv_socket, recv_packet, 100, 0, (struct sockaddr *)&target_addr, &len );
if( strcmp( inet_ntoa(target_addr.sin_addr), compare ) == 0 ){
if( ntohs(tcphdr->dest) == 777 ){
// syn ÷ Ȯ
if( tcphdr->syn == 1 )
printf( "%d Port is open.\n", port );
break;
}
}
}
closesocket( recv_socket );
closesocket( raw_socket );
}
printf( "\n[Scan ended.]\n\n" );
return 0;
}
|
Hit : 4143 Date : 2006/12/26 04:20
|