windows internet programming part 3.html

黑客培训教程

<HTML><HEAD><TITLE>Black Sun Research Facility Tutorials - Windows Internet Programming Part 3</TITLE>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
<STYLE type=text/css>A:active {
	TEXT-DECORATION: none
}
A:hover {
	COLOR: #ffffff; TEXT-DECORATION: none
}
A:link {
	TEXT-DECORATION: none
}
A:visited {
	TEXT-DECORATION: none
}
.small {
	FONT-WEIGHT: bold; FONT-SIZE: 9pt; COLOR: #ffffff; FONT-FAMILY: Verdana, Arial, Helvetica, sans-serif
}
.small_uppercase {
	FONT-SIZE: 9pt; COLOR: #999999; FONT-FAMILY: Verdana, Arial, Helvetica, sans-serif
}
TD {
	FONT-SIZE: 9pt; COLOR: #aeaeae; FONT-FAMILY: Verdana, Arial, Helvetica, sans-serif
}
.7_ver_b_white {
	FONT-WEIGHT: bold; FONT-SIZE: 8pt; COLOR: #ffffff; FONT-FAMILY: Verdana, Arial, Helvetica, sans-serif
}

.white {
	FONT-WEIGHT: bold; FONT-SIZE: 8pt; COLOR: #ffffff; FONT-FAMILY: Verdana, Arial, Helvetica, sans-serif
}
</STYLE>

<META content="MSHTML 6.00.2600.0" name=GENERATOR></HEAD>
<BODY text=#a7a7a7 vLink=#ff9900 aLink=#ffcc00 link=#ff9900 bgColor=#000000 
leftMargin=0 topMargin=0 marginheight="0" marginwidth="0">

<BR><BR><PRE><FONT color=red>
              _________________
             /_               /\  
              \/  _______    /  \
              /  /      /   /   /
             /  /______/   /   /
            /           __/   /
           /  _______   \  __/
          /  /      /   /  \
         /  /______/   /   / 
       _/             /   /      
      /______________/   /       BLACK SUN RESEARCH FACILITY
      \              \  /      	   <A href="http://blacksun.box.sk/">http://blacksun.box.sk/</A>
       \______________\/


</FONT>


WINDOWS INTERNET PROGRAMMING PART 3
=================================================



   WRITTEN BY                 [ <A href="mailto:cos125@hotmail.com">cos125@hotmail.com</A>                :E-MAIL    ]      
           <A href="mailto:cos125@hotmail.com">BINARY RAPE</A>        [ 114603188                         :ICQ#      ]      
                              [ <A href="http://blacksun.box.sk/">http://blacksun.box.sk/</A>           :TURORIALS ]      





Thanks to cyberwolf for letting me write this and BSRF for releasing it.



Disclaimer
=======================================


None of the information or code in this tutorial is meant to be used against others
or to purposely damage computer systems or cause any loss of or damage to property.

Further more neither myself or any other contributor to, or member of, the Blacksun
research Facility (BSRF) can be held responsible for damage or loss of property of
computer systems as a result of this tutorial.

In this tutorial the code is provided as a learning aid so you can see how its done
its not meant for you to use against yourself or others.

Also  you are encouraged to alter the code and improve it. I say create or build a
program to do something not create or build a program to do something and use it for
that purpose.


CONTENTS
=======================================

1.  Introduction
2.  What are Raw Sockets?
3.  The Internet Headers
   
    3.1 The IP Header
    3.2 The TCP Header
    3.3 The UDP Header
    3.4 The ICMP Header

4.  Creating a Packet

    4.1 Setsockopt()
    4.2 Socket()

5.  Building Headers in code.
   
    5.1 The IP Header
    5.2 The TCP Header
    5.3 The UDP Header
    5.4 The ICMP Header
    5.5 The Psuedo Header
    5.6 The Checksum Function

6.  Source Code

    6.1 ICMP Echo Request
    6.2 TCP ACK Packet


7.  Recieving Raw Sockets
8.  Last Words




________________________________________________________________________________________________________



1.0 INTRODUCTION
=======================================

Welcome to the 3rd and quite possibly.. the last in this little series
of ours, its been fun.. kinda..  but never fear there may be one last
part to come in future covering advanced topics like multicasting and
we'll always have updates on the tutorials. Of course ive saved the
best topic for last, Raw Socket programming, and even more so its in
Windows! A topic which in this place has a certain member of the
computer security world huffing and yes indeed there is puffing also.
Head on over to grc.com for more information and listen to him piss his
pants scared because of raw sockets support in Windows XP...  you see
Steve Gibson of grc.com believes that because of windows xp's raw
socket support is available to all users on a windows XP Home Edition
computer he foresee's the following scenario:

A few kids, it would only take a small group, maybe friends in school,
they meet each day in a dark little ol' alley at the back of school
and decide who there next "target" is going to be, they then all
decide on a time to attack and as Gibson puts it "synchronises their
watches", then at the decided time they fire up the DoS tools on
their new copy of windows XP Home Edition and launch their attack upon
whatever ill-faithed domain name that the kids had decided earlier.

Hmmm....  interesting, well mostly Gibson you focus upon Home Edition
of windows XP, why? well of course its because of its support for Raw
Sockets for all users, yes but in your dark and devious example of
"Junior and his XP gang" you refer to that upgrade the kids would get
to windows XP home edition well what if they had a copy of Windows XP
professional or Windows 2000, or even Windows NT for that matter of
course these other operating systems dont have support for Raw Sockets
to all its users but if its the kids that are installing these Os's
wouldn't set up the admin account or give themselves admin priv's?
then they would have raw socket support anyway. ok Gibson lets give ya
a little break in fairness Raw Socket support on Home Edition may be
dangerous and people are of course likely to exploit this feature (no
Steven it is not a bug it is a feature) and create DDoS tools with it
but lets look at things, will it really make things bad, will this put
an end to the threat of DDoS attacks from Windows Systems? Well no
actually huh! shock horror there is yet still raw socket support on
systems other than windows xp, Win2k only supports raw sockets for
admin users, what if some-1 gains admin privilages they could still
use it hell with NT all you have to do is change an entry in the
registry, ok lets pull out raw socket support for these 3 operating
systems all together and we'll be safe right? Well unfortunately Win9x
systems with Winsock v2.0 also have Raw Socket support limited as it is.
Thankfully with Windows 9x you can only create ICMP packets... but am..
theres still a load of things i could do with just ICMP Steveo, I
could get a subnetmask, ping and traceroute, firewalk, fact of the
matter is I could even create a trojan with icmp tunneling! and this
is all without even touching icmp based DoS attacks! Well the answer is
simple then isn't it Steve all we have to do is pull raw socket support
from Winsock v2.0, but yes Steve all we have to do is create a dll or
use an already existing C++ library to create raw socket abilities
in our applications, you do comment on this in your site saying how it
doesn't matter because in the past we would have to install new drivers
and things, wow, do you think that some-1 that really wanted to create
a DoS attack would be stopped by the need to download 1 more little
piece, the application could even install any drivers or dll's it
needed on its own. Yes Steve Gibson, there could be raw socket support
now on Windows XP computers..  but then again there always was raw
socket support on all windows boxes if you really looked and yes there
will be DDoS attacks to come, just like there always would have been
even without its canned support in windows boxes, also you refered
to linuxs support for raw sockets as if it didnt matter because of
the size of its distribution, more and more people are using linux and
realising its benefits and we are seeing the beginning of "The Linux
Lamer" 2 words which sadly should never have been mentioned in the
same sentence, these people could still use DDoS linux tools. What will
Raw Sockets bring? DDoS tools? certainly, Better firewalls on Windows
systems? Yes. The availability of security scanners and a wider
understanding of the internet and its protocols to windows programmers?
well yup and probably alot more, maybe you are just setting up so much
hype for the very reason you gave Mr. Gibson sir, You didnt shout out
when scripting support was added to mail clients, now you can cause
such a large amount of confusion and fear in people and have alot of
people shouting no at you that once the very first stupid little DoS
tool that comes along for windows XP that you can say haha yes! I told
you so, I was right, you were wrong, but you see the thing is we're not
saying your wrong, infact, your right, there will be DDoS tools and
we all know that but all your managing to do is cause fear and confusion
altough who knows, maybe you just make it your jollies getting people
to complain and send flames to secure@microsoft.com so that they remove
raw socket support from windows and you can feel like your a big man
getting the big bad microsoft empire to do what you want? even the
security manager at microsoft says:

". . . 'are DDoS attacks going to happen?' Yes. They  
will happen; and they will happen on Windows XP. "

He is not admitting the great 'flaw' in the Windows XP operating system
he is being realistic, maybe you should try it it'll be a new experience
for ya. Any-1 in the computer security field will happily admit, no
system can be completely secure and things like what your talking about
will happen, but they don't even need raw socket support to do so.
Maybe ive been wrong about you all the time maybe you just want to shout
so much about the damn thing and even pass out source code for such tools
so that some-1 will come across read your files, get the stuff into their
head and run along with a hand-full of your little code and propeganda
and finally design a tool like this, the more publicity you give this
the more likely such a scenario like this will happen, of course that could
be your whole point to get whatever it is your after, or it could be that
if some-1 does design a bad DoS tool microsoft will have to pull the raw
support and again you can get your jollies from being correct, forgetting
every-1 that did agree with you but still saw your utter stupidity.

Just to let every-1 know incase they are a bit concerned about Gibson's
evil Windows XP Raw Socket support, the source code he created using raw
sockets to show how bad they are doesn't actually work, there was a problem
in his bind() function, after realising this he stated,

"it's not clear to me what it even means to 'bind' a raw socket"

and of course around the same time hes really getting at microsoft for
their stupidity and complete lack of security or as you like to phrase it
" MICROSOFT SECURITY " " The Oxymoron that keeps on giving ".

One of the best things youve said troughout all this was infact:

"a good thing for Windows raw socket security!"

What was that the time you realised you were wrong about microsofts
security or the time you went out to lunch and SHUT YOUR FUCKING ASS
FOR 5 MINUTES AND STOPPED WRECKING EVERY-1'S FUCKING HEAD YOU ASSHOLE.
I am so lucky that unlike people at microsoft.com's security devision
I don't have to listen to either you or the countless number of people
that you have scared into doing your bidding by exagerating facts and
twisting other people's words to give the wrong idea, my hat goes off
to Greg at Microsoft, personally I couldn't have done the same as he
has done, not only did he immediately help out Steve with his enquiries
he even kept steve up to date step by step in reveiwing his concerns.
Steve quickly returned Greg's hospitality and consideration by insulting
the amount of work he has done on his behalf and its quality. This
particular behaviour is probably to be expected i guess from some-1
who is so egotistical, some-1 that would pretty much say people who say
its good because its a standard are morons because they are following
the pack and that its a standard just because some-1 said it is,
no Steve its a standard because its a part of the standard specification
for sockets, thats why its supported, 'as standard' if you will by all
operating systems except from microsoft up to this point. Apparently
trough it all Gibson just wants a time machine to travel a few years
back where people still believed like he does that the best security
is obscurity.

One last point on this subject, The Firewall that comes with versions
of windows XP, once again 'As Standard' blocks the types of attacks
that Steve Gibson is describing, you think thats also a good thing
for microsofts security Steve?


So why all the fuss and anger in the last few paragraphs? Taught id
never shut up didnt ya :P. Well as ive been researching Windows XP's
raw socket abilities ive been effectively blocked by the constant
reoccuring pages found concerning Gibsons bullshit and fear spreading
tactics, after using a total of 8 different combinations of keywords
and reading many many pages i finally found a grand total of 4
examples of windows raw socket programs, btw only one of them had
ever been run on windows XP and im not even sure about that I think
his code may actually have been run on windows 2000. One of them had
only been run on a Windows 9x system !! Basically there isn't that much
documentation to learn from out there in the void so I think it could
do with me adding a little more, besides few guys flamed me a while back
on 1 of the channels on box.sk's irc server, (not in #bsrf or #code),
for saying that there was raw socket support in windows so I kinda
wrote this for them as well, here ya go guys ;).

So anyway without further delay lets get onto some real substance in
this tutorial with the most common question of all.


2.0 WHAT ARE RAW SOCKETS?
=======================================

Raw sockets are very similiar to normal sockets but with raw sockets
you can control the packets that you send better and can control them.
Raw sockets don't have anything to do with packets themselves they
are purely a programming concept. You see with normal socket programming
we would supply a certain amount of information like the ip address we
were sending it to, the port, the buffer containg the text we were
sending, and whatever protocol we would be sending it with like TCP or
UDP, we would supply all this information by filling up structures and
send the information by calling a couple of functions.

The difference with Raw sockets is that we create our own structures
for the headers and tell the Winsock that we wanted to use that
information, now we would fill out these structures with a bit more
information like our source IP address and fields like the Time To
Live (TTL) that we discussed in the first part of this tutorial.

using this method we can do many things with the Packets that we use
like the following:

* Get the Subnetmask from a computer.
* Bypass firewalls and routers using various methods.
* Map networks.
* Send information covertly.
* Exploit Network Stack vulnerabilities.
* Perform a stealth port scan.
* Remote OS identification.
* Build a firewall.

And theres way more that you could do as well. Until the release of
Winsock 2.0 Raw Sockets could not be possible unfortunately, Winsock
1.1 never included the ability which was specified in the Berkeley
Sockets specification (mostly because microsoft was in a rush to
release the winsock stack). Luckily even if you dont have Winsock v2