API tools faq
paste
Guest User

Untitled

a guest
Sep 10th, 2013
343
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 5.69 KB | None | 0 0
raw download clone embed print report
  1. /*
  2.  This is a fast and portable (i think). 48 bytes syn, w2k emulation, we are still working on it,
  3.  drop an email to xx@xx if something goes wrong.
  4.  libnet and libpcap is required, the options are pretty self explanatory,
  5.  stripped static binary included for lamers.
  6.  
  7. */
  8.  
  9. #include <libnet.h>
  10. #include <stdio.h>
  11. #include <sys/socket.h>
  12. #include <netinet/in.h>
  13. #include <arpa/inet.h>
  14. #include <sys/types.h>
  15. #include <unistd.h>
  16. #include <pcap.h>
  17. #include <time.h>
  18.  
  19.  
  20. int main(int argc, char **argv)
  21. {
  22.  libnet_t *l;
  23.  libnet_ptag_t t;
  24.  unsigned short burst=50;
  25.  unsigned short ct=0;
  26.  char errbuff[LIBNET_ERRBUF_SIZE];
  27.  unsigned long myip;
  28.  struct in_addr sc;
  29.  unsigned char tcpopt[]="\x02\x04\x05\xb4\x01\x01\x04\x02";
  30.  
  31.  unsigned short port;
  32.  unsigned long usec;
  33.  //unsigned char outstr[1024];
  34.  char cc;
  35.  int i;
  36.  pid_t pid;
  37.  pcap_t *handle;
  38.  char *temp_char;
  39.  bpf_u_int32 mask;
  40.  bpf_u_int32 net;
  41.  char errbuf[PCAP_ERRBUF_SIZE];
  42.  char filter[1024];
  43.  struct bpf_program cfilter;
  44.  struct pcap_pkthdr header;
  45.  const unsigned char *packet;
  46.  struct in_addr ekkt;
  47.  unsigned char ip[50];
  48.  
  49.  unsigned long dstip=0;
  50.  unsigned short sport;
  51.  char *interface=NULL;
  52.  unsigned char bclass=0;
  53.  unsigned char aclass=0;
  54.  unsigned char rclass=1;
  55.  unsigned int a=0,b=0,c=0,d=0;
  56.  
  57.  srand(time(NULL));
  58.  sport=rand();
  59.  usec=1000000;
  60.  if(argc<2)
  61.  {
  62.  printf("usage: %s <port> [-a <a class> | -b <b class>] [-i <interface] [-s <speed>]\n",argv[0]);
  63.  printf("speed 10 -> as fast as possible, 1 -> it will take bloody ages (about 50 syns/s)\n");
  64.  exit(0x01);
  65.  }
  66.  for(i=1;i<argc;i++)
  67.  {
  68.  if(strstr(argv[i],"-s"))
  69.  {
  70.   if(i+1<argc)
  71.   {
  72.  switch (atoi(argv[i+1]))
  73.  {
  74.   case 1:usec=1000000;break;
  75.   case 2:usec=500000;break;
  76.   case 3:usec=250000;break;
  77.   case 4:usec=125000;break;
  78.   case 5:usec=60000;break;
  79.   case 6:usec=30000;break;
  80.   case 7:usec=10000;break;
  81.   case 8:usec=1000;break;
  82.   case 9:usec=100;break;
  83.   case 10:usec=0;burst=65535;
  84.  }
  85.  
  86.   }
  87.   else
  88.   {
  89.  printf("-s requires an argument\n");
  90.  exit(0x01);
  91.   }
  92.  }
  93.  
  94.  if(strstr(argv[i],"-i"))
  95.  {
  96.   if(i+1<argc) interface=argv[i+1];else
  97.   {
  98.  printf("-i requires an argument\n");
  99.  exit(0x01);
  100.   }
  101.  }
  102.  if(strstr(argv[i],"-a"))
  103.  {
  104.   if(i+1<argc)
  105.   {
  106.  aclass=1;
  107.  bclass=0;
  108.  rclass=0;
  109.  a=atoi(argv[i+1]);
  110.  b=0;
  111.  c=0;
  112.  d=0;
  113.  //printf("%d\n",a);
  114.  if((a<1) || (a>254))
  115.  {
  116.   printf("A must be between 1 and 254\n");
  117.   exit(0x02);
  118.  }
  119.  printf("scanning network %d.*.*.*\n",a);
  120.   }
  121.   else
  122.   {
  123.  printf("-a requires an A network as argument\n");
  124.  exit(0x01);
  125.   }
  126.  }
  127.  if(strstr(argv[i],"-b"))
  128.  {
  129.   if(i+1<argc)
  130.   {
  131.  aclass=0;
  132.  bclass=1;
  133.  rclass=0;
  134.  a=atoi(strtok(argv[i+1],"."));
  135.  temp_char=strtok(NULL,".");
  136.  if(temp_char==NULL)
  137.  b=0;else b=atoi(temp_char);
  138.  c=0;
  139.  d=0;
  140.  //printf("%d\n",a);
  141.  if((a<1) || (a>254))
  142.  {
  143.   printf("A must be between 1 and 254\n");
  144.   exit(0x02);
  145.  }
  146.  printf("scanning network %d.%d.*.*\n",a,b);
  147.   }
  148.   else
  149.   {
  150.  printf("-b requires an B network as argument(e.g. 192.168)\n");
  151.  exit(0x01);
  152.   }
  153.  }
  154.  }
  155.  printf("usec: %ld, burst packets %d\n",usec,burst);
  156.  port=(unsigned short)atoi(argv[1]);
  157.  if((port<1) || (port>65535)) exit(printf("damn dude, port numbers are in 1 .. 65535\n"));
  158.  if(interface!=NULL) printf("using inteface %s\n",interface);
  159.  
  160.  l=libnet_init(LIBNET_RAW4,interface,errbuff);
  161.  if(!l)
  162.  {
  163.  printf("ERROR: %s\n",errbuff);
  164.  exit(0x02);
  165.  }
  166.  myip=libnet_get_ipaddr4(l);
  167.  sc.s_addr=myip;
  168.  sprintf(filter,"(tcp[tcpflags]=0x12) and (src port %d) and (dst port %d)",port,sport);
  169.  printf("using \"%s\" as pcap filter\n",filter);
  170.  printf("my detected ip on %s is %s\n",l->device,inet_ntoa(sc));
  171.  pcap_lookupnet(l->device, &net, &mask, errbuf);
  172.  pid=fork();
  173.  handle=NULL;
  174.  handle = pcap_open_live(l->device, BUFSIZ, 1, 0, errbuf);
  175.  if(handle==NULL)
  176.  {
  177.  printf("ERROR: pcap_open_live() : %s\n",errbuff);
  178.  exit(0x05);
  179.  }
  180.  cc=pcap_compile(handle, &cfilter, filter, 0, net);
  181.  if(cc!=0)
  182.  {
  183.   printf("ERROR: pcap_compile() failed!!!\n");
  184.   exit(0);
  185.  }
  186.  cc=pcap_setfilter(handle, &cfilter);
  187.  if(cc!=0)
  188.  {
  189.   printf("ERROR: pcap_setfilter() failed!!!\n");
  190.   exit(0);
  191.  }
  192.  if(pid==0)
  193.  {
  194.  /* sniff */
  195.   while(1)
  196.  {
  197.    packet = pcap_next(handle, &header);
  198.  memcpy(&ekkt.s_addr,packet+26,4);
  199.  printf("%s\n",inet_ntoa(ekkt));
  200.  FILE * fp;
  201.  fp=fopen("bios.txt","a+");
  202.  fprintf(fp,"%s\n",inet_ntoa(ekkt));
  203.  fclose(fp);
  204.  }
  205.  }
  206.  if(pid > 0)
  207.  {
  208.  printf("capturing process started pid %d\n",pid);
  209.   usleep(500000);
  210.   while(1)
  211.   {
  212.    t=LIBNET_PTAG_INITIALIZER;
  213.   t=libnet_build_tcp_options(tcpopt, 8, l,0);
  214.   //t=LIBNET_PTAG_INITIALIZER;
  215.    t=libnet_build_tcp(sport,port,rand(),rand(),TH_SYN,65535,0,0,LIBNET_TCP_H+8,NULL,0,l,0);
  216.   if(rclass) dstip=rand();
  217.   if(aclass)
  218.   {
  219.  if(d==0) printf("scanning %d.%d.%d.*\n",a,b,c);
  220.  d++;
  221.  if(d>255) {c++;d=0;}
  222.  if(c>255) {b++;c=0;}
  223.  sprintf(ip,"%d.%d.%d.%d\n",a,b,c,d);
  224.  
  225.  //printf("%s\n",ip);
  226.  if((b==255)&& (c==255) && (d==255))
  227.  {
  228.   printf("aici trebuie stop\n");
  229.   sleep(10);
  230.   kill(pid,2);
  231.   return 0;
  232.  }
  233.  sc.s_addr=inet_addr(ip);
  234.  dstip=sc.s_addr;
  235.   }
  236.   if(bclass)
  237.   {
  238.  if(d==0) printf("scanning %d.%d.%d.*\n",a,b,c);
  239.  d++;
  240.  if(d>255)
  241.  {
  242.   c++;d=0;
  243.  }
  244.  sprintf(ip,"%d.%d.%d.%d",a,b,c,d);
  245.  if((c==255) && (d==255))
  246.  {
  247.   printf("%s\n",ip);
  248.   printf("aici trebuie stop\n");
  249.   sleep(10);
  250.   kill(pid,2);
  251.   return 0;
  252.  }
  253.  sc.s_addr=inet_addr(ip);
  254.  dstip=sc.s_addr;
  255.   }
  256.    
  257.   libnet_build_ipv4(LIBNET_TCP_H+LIBNET_IPV4_H+8,0,rand(),0,128,IPPROTO_TCP,0,myip,dstip,NULL,0,l,0);
  258.    cc=libnet_write(l);
  259.   if(cc<=0) printf("libnet_write() wtf %d\n",cc);
  260.   libnet_clear_packet(l);
  261.   if(ct==burst)
  262.   {
  263.  usleep(usec);
  264.  ct=0;
  265.   };
  266.   ct++;
  267.   }
  268.  
  269.  }
  270.  if(pid<0)
  271.  {
  272.   printf("cannot fork()\n");
  273.   exit(0x05);
  274.  }
  275.  return 0;
  276. }
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!