SHARE
TWEET

Untitled

a guest Apr 21st, 2019 91 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #include <netinet/ip.h>
  2. #include <netinet/tcp.h>
  3. #include <netinet/udp.h>
  4. #include <netinet/ip_icmp.h>
  5. #include <netinet/if_ether.h>
  6. #include <arpa/inet.h>
  7. #include <netinet/in.h>
  8. #include <pcap/pcap.h>
  9. #include <sys/types.h>
  10. #include <sys/socket.h>
  11. #include <ifaddrs.h>
  12. #include <netdb.h>
  13. #include <stdio.h>
  14. #include <string.h>
  15. #include <stdbool.h>
  16. #include <stdlib.h>
  17. #include <unistd.h>
  18. #include <sys/ioctl.h>
  19. #include <net/if.h>
  20. #include <ctype.h>
  21. #include <errno.h>
  22. #include <signal.h>
  23.  
  24. //the packet length
  25. #define PCKT_LEN 8192
  26. #define HOSTNAME_LEN 253 //domain name/IP addr can be max 253 characters long
  27. #define PORTS_LEN 128 //size for array with ports to scan
  28. pcap_t *pcap;
  29.  
  30. /* ethernet headers are always exactly 14 bytes [1] */
  31. #define SIZE_ETHERNET 14
  32.  
  33. /* Ethernet header */
  34. struct sniff_ethernet {
  35.         u_char  ether_dhost[ETHER_ADDR_LEN];    /* destination host address */
  36.         u_char  ether_shost[ETHER_ADDR_LEN];    /* source host address */
  37.         u_short ether_type;                     /* IP? ARP? RARP? etc */
  38. };
  39.  
  40. #define IP_HL(ip)               (((ip)->ip_hl) & 0x0f)
  41.  
  42. /*******************************************************************
  43.  * Title: rawudp.c
  44.  * Date: 20.4.2019
  45.  * Code version:
  46.  * Availability: https://www.tenouk.com/Module43a.html
  47. ********************************************************************/
  48.  
  49. // UDP header's structure
  50. struct udpheader {
  51.     unsigned short int udph_srcport;
  52.     unsigned short int udph_destport;
  53.     unsigned short int udph_len;
  54.     unsigned short int udph_chksum;
  55. };
  56.  
  57. /* Structure of a TCP header */
  58.  
  59. struct tcpheader {
  60.     unsigned short int tcph_srcport;
  61.     unsigned short int tcph_destport;
  62.     unsigned int       tcph_seqnum;
  63.     unsigned int       tcph_acknum;
  64.     unsigned char      tcph_reserved:4;//, tcph_offset:4;
  65.     unsigned char  th_offx2;               /* data offset, rsvd */
  66. #define TH_OFF(th)      (((th)->th_offx2 & 0xf0) >> 4)
  67.      unsigned char tcph_flags;
  68.     unsigned int
  69.         tcp_res1:4,      /*little-endian*/
  70.         tcph_hlen:4,     /*length of tcp header in 32-bit words*/
  71.         tcph_fin:1,      /*Finish flag "fin"*/
  72.         tcph_syn:1,       /*Synchronize sequence numbers to start a connection*/
  73.         tcph_rst:1,      /*Reset flag */
  74.     tcph_psh:1,      /*Push, sends data to the application*/
  75.     tcph_ack:1,      /*acknowledge*/
  76.     tcph_urg:1,      /*urgent pointer*/
  77.     tcph_res2:2;
  78.     unsigned short int tcph_win;
  79.     unsigned short int tcph_chksum;
  80.     unsigned short int tcph_urgptr;
  81. };
  82.  
  83. // Function for checksum calculation. From the RFC,
  84. // the checksum algorithm is:
  85. //  "The checksum field is the 16 bit one's complement of the one's
  86. //  complement sum of all 16 bit words in the header.  For purposes of
  87. //  computing the checksum, the value of the checksum field is zero."
  88. unsigned short csum(unsigned short *buf, int nwords)
  89. {
  90.     unsigned long sum;
  91.     for (sum = 0; nwords > 0; nwords--)
  92.     {
  93.         sum += *buf++;
  94.     }
  95.     sum = (sum >> 16) + (sum &0xffff);
  96.     sum += (sum >> 16);
  97.     return (unsigned short)(~sum);
  98. }
  99.  
  100. /*
  101.  * END OF REUSED CODE
  102.  */
  103.  
  104. //from linux man page: a pcap_handler routine to be called with three arguments: a  u_char  pointer
  105. //which  is  passed  in  the  user  argument  to  pcap_loop()  or pcap_dispatch(), a const struct
  106. //pcap_pkthdr pointer pointing to the packet time stamp and lengths, and a const  u_char  pointer
  107. //to  the  first  caplen  (as given in the struct pcap_pkthdr a pointer to which is passed to the
  108. //callback routine) bytes of data from the packet.  The struct pcap_pkthdr and  the  packet  data
  109. //are not to be freed by the callback routine, and are not guaranteed to be valid after the call‐
  110. //back routine returns; if the code needs them to be valid after the callback,  it  must  make  a
  111. //copy of them.
  112. //args = arguments to the packet handler
  113. //pkthdr = the pcap format packet header
  114. //ptr_caplen = the packet libcap has extracted from the network interface
  115. void udp_pcap_handler(u_char *args, const struct pcap_pkthdr *pkthdr, const u_char *ptr_caplen)
  116. {
  117. }
  118.  
  119. void got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet)
  120. {
  121.     printf("       From: Janinka with love");
  122.  
  123.     static int count = 1;                   /* packet counter */
  124.    
  125.     /* declare pointers to packet headers */
  126.     const struct sniff_ethernet *ethernet;  /* The ethernet header [1] */
  127.     const struct ip *ip;              /* The IP header */
  128.     const struct tcpheader *tcp;            /* The TCP header */
  129.     const char *payload;                    /* Packet payload */
  130.  
  131.     int size_ip;
  132.     int size_tcp;
  133.     int size_payload;
  134.    
  135.     printf("\nPacket number %d:\n", count);
  136.     count++;
  137.    
  138.     /* define ethernet header */
  139.     ethernet = (struct sniff_ethernet*)(packet);
  140.    
  141.     /* define/compute ip header offset */
  142.     ip = (struct ip*)(packet + SIZE_ETHERNET);
  143.         //size_ip =
  144.     //size_ip = IP_HL(ip)*4;
  145.     if (size_ip < 20) {
  146.         printf("   * Invalid IP header length: %u bytes\n", size_ip);
  147.     //  return;
  148.     }
  149.  
  150.     /* print source and destination IP addresses */
  151.     printf("       From: %s\n", inet_ntoa(ip->ip_src));
  152.     printf("         To: %s\n", inet_ntoa(ip->ip_dst));
  153.    
  154.     /* determine protocol */   
  155.     switch(ip->ip_p) {
  156.         case IPPROTO_TCP:
  157.             printf("   Protocol: TCP\n");
  158.                         tcp = (struct tcpheader *)(packet + SIZE_ETHERNET + size_ip);
  159.                         if( tcp->tcph_flags == 0x14 )
  160.                             printf(" closed");
  161.                         else
  162.                             printf(" open");
  163.             break;
  164.         case IPPROTO_UDP:
  165.             printf("   Protocol: UDP\n");
  166.             return;
  167.         case IPPROTO_ICMP:
  168.             printf("   Protocol: ICMP\n");
  169.             return;
  170.         case IPPROTO_IP:
  171.             printf("   Protocol: IP\n");
  172.             return;
  173.         default:
  174.             printf("   Protocol: unknown\n");
  175.             return;
  176.     }
  177.    
  178.     /*
  179.      *  OK, this packet is TCP.
  180.      */
  181.    
  182.     /* define/compute tcp header offset */
  183.     tcp = (struct tcpheader*)(packet + SIZE_ETHERNET + size_ip);
  184.     size_tcp = TH_OFF(tcp)*4;
  185.     if (size_tcp < 20) {
  186.         printf("   * Invalid TCP header length: %u bytes\n", size_tcp);
  187.         //return;
  188.     }
  189.    
  190.     printf("   Src port: %d\n", ntohs(tcp->tcph_srcport));
  191.     printf("   Dst port: %d\n", ntohs(tcp->tcph_destport));
  192.    
  193.     /* define/compute tcp payload (segment) offset */
  194.     payload = (u_char *)(packet + SIZE_ETHERNET + size_ip + size_tcp);
  195.    
  196.     /* compute tcp payload (segment) size */
  197.     size_payload = ntohs(ip->ip_len) - (size_ip + size_tcp);
  198.    
  199.     /*
  200.      * Print payload data; it might be binary, so don't just
  201.      * treat it as a string.
  202.      */
  203.     if (size_payload > 0) {
  204.         printf("   Payload (%d bytes):\n", size_payload);
  205.         //print_payload(payload, size_payload);
  206.     }
  207.  
  208. return;
  209. }
  210.  
  211. void alarm_handler(int sig)
  212. {
  213.     pcap_breakloop(pcap);
  214. }
  215.  
  216. int main(int argc, char *argv[])
  217. {
  218.     char interface[PORTS_LEN] = "";
  219.     char tcp_ports[PORTS_LEN] = "";
  220.     char udp_ports[PORTS_LEN] = "";
  221.     char scanned_computer[HOSTNAME_LEN];//will contain domain name or IP adderss of the scanned machine
  222.     struct addrinfo hints, *info, *res;
  223.     struct ifreq *my_ifreq;
  224.     char errbuf[PCAP_ERRBUF_SIZE];
  225.     int sd, sendfd, recvfd;
  226.     bool udp_range = false, tcp_range = false;
  227.     char *udp_parse, *tcp_parse;
  228.     struct servent *srvport;
  229.     struct ifaddrs *ifaddr, *ifa;
  230.     int family;
  231.     struct sockaddr_in *sa;
  232.     char *addr;
  233.     char buffer[PCKT_LEN];
  234.     struct ip *iph = (struct ip *) buffer;
  235.     struct udpheader *udp = (struct udpheader *) (buffer + sizeof(struct ip));
  236.     struct tcpheader *tcp = (struct tcpheader *)(buffer + sizeof(struct ip));
  237.     struct sockaddr_in sin, din;
  238.     int one = 1;
  239.     const int *val = &one;
  240.  
  241.     memset(buffer, 0, PCKT_LEN);
  242.  
  243.     //parse arguments
  244.     if (argc < 3 || argc > 8)
  245.     {
  246.         fprintf(stderr, "Wrong combination of arguments\n");
  247.     }
  248.     for (int i = 1; i <= argc - 1 ; i += 2)
  249.     {
  250.     if (strcmp(argv[i], "-i") == 0)
  251.     {
  252.         strcpy(interface, argv[i + 1]);
  253.     }
  254.     else if ((strcmp(argv[i], "-pu") == 0) && (argv[i + 1] != NULL))
  255.     {
  256.         strcpy(udp_ports, argv[i + 1]);
  257.             printf("UDP: %s\n", udp_ports);
  258.     }
  259.     else if (strcmp(argv[i], "-pt") == 0)
  260.     {
  261.         strcpy(tcp_ports, argv[i + 1]);
  262.             printf("%s\n", tcp_ports);
  263.     }
  264.     else
  265.     {
  266.         strcpy(scanned_computer, argv[i]);
  267.         i -= 1;
  268.     }
  269.     }
  270.     if (scanned_computer == NULL)
  271.     {
  272.         fprintf(stderr, "IP address or domain name not specified\n");
  273.     return -1;
  274.     }
  275.     else
  276.     {
  277.         //getting IP address of the scanned machine:
  278.     struct hostent *he;
  279.         he = gethostbyname(scanned_computer);
  280.     if(he == NULL)
  281.     {
  282.         fprintf(stderr, "gethostbyname() error\n");
  283.         return -1;
  284.     }
  285.     char *tmp_scanned_computer = inet_ntoa(*((struct in_addr*) he->h_addr_list[0]));
  286.     strcpy(scanned_computer, tmp_scanned_computer);
  287.     }
  288.  
  289.     int my_beautiful_port = 32769; //I do realise the user can meet the port, so setting a fix number
  290.                         //like this is not ideal, but I'm running out of time
  291.  
  292.     //getting target IP address
  293.     /*******************************************************************
  294.     * Title: "Server program"
  295.     * Date: 20.4.2019
  296.     * Code version:
  297.     * Availability: http://man7.org/linux/man-pages/man3/getaddrinfo.3.html
  298.     ********************************************************************/
  299.     memset(&hints, 0, sizeof(struct addrinfo));
  300.     hints.ai_family = AF_UNSPEC; // allow IPv4 or IPv6
  301.     hints.ai_socktype = SOCK_DGRAM; /* Datagram socket .. (or SOCK_STREAM?) */
  302.     hints.ai_flags = AI_PASSIVE;    /* For wildcard IP address (or AI_CANONNAME?)*/
  303.     hints.ai_protocol = 0;          /* Any protocol */
  304.     hints.ai_canonname = NULL;
  305.     hints.ai_addr = NULL;
  306.     hints.ai_next = NULL;
  307.  
  308.     /*
  309.     * END OF REUSED CODE
  310.     */
  311.  
  312.     //get dst IP/domain name from args
  313.     if (isdigit(scanned_computer[1]) == 0)
  314.     {
  315.         struct hostent *dst_host = gethostbyname(scanned_computer);
  316.     if (dst_host == NULL)
  317.     {
  318.         fprintf(stderr, "Wrong domain name\n");
  319.         return -1;
  320.         strcpy(scanned_computer, dst_host->h_addr_list[0]);
  321.     }
  322.     }
  323.     else
  324.     {
  325.         ;
  326.     }
  327.  
  328.     //get source IP address
  329.     if (getifaddrs(&ifaddr) == -1)
  330.     {
  331.         perror;
  332.     return -1;
  333.     }
  334.     if (interface[0] == 0)
  335.     {
  336.         for (ifa = ifaddr; ifa != NULL; ifa = ifa->ifa_next)
  337.     {
  338.             if (ifa->ifa_addr == NULL)
  339.             {
  340.             continue;
  341.         }
  342.         if (0 == (ifa->ifa_flags & (IFF_LOOPBACK)) && (ifa->ifa_flags & (IFF_RUNNING))
  343.                         && (ifa->ifa_addr->sa_family == AF_INET))
  344.         {
  345.         family = ifa->ifa_addr->sa_family;//IPv4 or IPv6 asi AF_INET
  346.         sa = (struct sockaddr_in *) ifa->ifa_addr;
  347.         strcpy(interface, ifa->ifa_name);
  348.         addr = inet_ntoa(sa->sin_addr);//source address
  349.         break;
  350.         }
  351.         if (ifa->ifa_next == NULL)
  352.         {
  353.             fprintf(stderr, "couldn't resolve IP address\n");
  354.         return -1;
  355.         }
  356.     }
  357.     }
  358.     else
  359.     {
  360.         for (ifa = ifaddr; ifa != NULL; ifa = ifa->ifa_next)
  361.     {
  362.         if ((strcmp(interface, ifa->ifa_name) == 0) && (ifa->ifa_addr->sa_family == AF_INET))
  363.         {
  364.             sa = (struct sockaddr_in *) ifa->ifa_addr;
  365.         strcpy(interface, ifa->ifa_name);
  366.         addr = inet_ntoa(sa->sin_addr);//source address
  367.         break;
  368.         }
  369.         else
  370.         {
  371.             if (ifa->ifa_next == NULL)
  372.         {
  373.             fprintf(stderr, "couldn't resolve IP address\n");
  374.             return -1;
  375.         }
  376.         continue;
  377.         }
  378.     }
  379.     }
  380.  
  381.     //parse udp ports
  382.     int scanned_udp_ports[PORTS_LEN];
  383.     if(strstr(udp_ports, "-") != NULL)
  384.     {
  385.         //range of udp ports is given
  386.     //int scanned_udp_ports[2];
  387.     udp_range = true;
  388.     int i = 0;
  389.     while ((udp_parse = strtok( i ? NULL : udp_ports, "-")) != NULL)
  390.     {
  391.         if (i == 2)
  392.         {
  393.             fprintf(stderr, "wrong range format given for UDP ports\n");
  394.         return 1;
  395.         }
  396.         scanned_udp_ports[i++] = atoi(udp_parse);
  397.     }
  398.     if (scanned_udp_ports[0] > scanned_udp_ports[1])
  399.     {
  400.         //if the user inserted range parameter in descending order, swap
  401.         int tmp = scanned_udp_ports[0];
  402.         scanned_udp_ports[0] = scanned_udp_ports[1];
  403.         scanned_udp_ports[1] = tmp;
  404.     }
  405.     //check port numbers given: ????
  406.     if ((scanned_udp_ports[2] - scanned_udp_ports[1]) > 65536)
  407.     {
  408.         fprintf(stderr, "Wrong port number given\n");
  409.         return 1;
  410.     }
  411.     }
  412.     else
  413.     {
  414.         int i = 0;
  415.     while ((udp_parse = strtok( i ? NULL : udp_ports, ",")) != NULL)
  416.     {
  417.         //strcpy(scanned_udp_ports[i++], (udp_parse));
  418.             scanned_udp_ports[i++] = atoi(udp_parse);
  419.     }
  420.     scanned_udp_ports[i] = 0;
  421.     }
  422.  
  423.     //parse tcp ports
  424.     int scanned_tcp_ports[PORTS_LEN];
  425.     if (tcp_ports[0] != 0)
  426.     {
  427.         if (strstr(tcp_ports, "-") != NULL)
  428.     {
  429.         //range of tcp ports is given
  430.         tcp_range = true;
  431.         int i = 0;
  432.         while ((tcp_parse = strtok( i ? NULL : tcp_ports, "-")) != NULL)
  433.         {
  434.             if (i == 2)
  435.         {
  436.             fprintf(stderr, "wrong range format given for TCP ports\n");
  437.             return 1;
  438.         }
  439.         scanned_tcp_ports[i++] = atoi(tcp_parse);
  440.         }
  441.         if (scanned_tcp_ports[0] > scanned_tcp_ports[1])
  442.         {
  443.             //if the user inserted range parameter in descending order, swap
  444.         int tmp = scanned_tcp_ports[0];
  445.         scanned_tcp_ports[0] = scanned_tcp_ports[1];
  446.         scanned_tcp_ports[1] = tmp;
  447.         }
  448.         //check port numbers given: ????
  449.         if ((scanned_tcp_ports[1] - scanned_tcp_ports[0]) > 65536)
  450.         {
  451.             fprintf(stderr, "Wrong port number given\n");
  452.         return 1;
  453.         }
  454.     }
  455.     else
  456.     {
  457.         int i = 0;
  458.         while ((tcp_parse = strtok( i ? NULL : tcp_ports, ",")) != NULL)
  459.         {
  460.             scanned_tcp_ports[i++] = atoi(tcp_parse);
  461.         }
  462.         scanned_tcp_ports[i] = '\0';
  463.     }
  464.     }
  465.  
  466.     //create socket for sending packets
  467. //    sd = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
  468. //    if (sd < 0)
  469. //    {
  470. //        perror("Socket() error");
  471. //  return -1;
  472. //    }
  473.  
  474.     //start scan
  475.     printf("PORT\tSTATE\n");
  476.     //UDP scan
  477.     if (udp_ports != NULL)
  478.     {
  479.     /*******************************************************************
  480.      * Title: rawudp.c
  481.      * Date: 20.4.2019
  482.      * Code version:
  483.      * Availability: https://www.tenouk.com/Module43a.html
  484.     ********************************************************************/
  485.         sin.sin_family = AF_INET;
  486.     din.sin_family = AF_INET;
  487.     // Port numbers
  488.     sin.sin_port = htons(my_beautiful_port);
  489.     // IP addresses
  490.     sin.sin_addr.s_addr = inet_addr(addr);//my hostname/ip
  491.     din.sin_addr.s_addr = inet_addr(scanned_computer);
  492.        
  493.     // Fabricate the IP header or we can use the
  494.     // standard header structures but assign our own values.
  495.     iph->ip_hl = 5;
  496.     iph->ip_v = 4;
  497.     iph->ip_tos = 16; // Low delay
  498.     iph->ip_len = sizeof(struct ip) + sizeof(struct udpheader);
  499.     iph->ip_id = htonl(54321);
  500.     iph->ip_ttl = 255; //64; // hops
  501.     iph->ip_p = 17; // UDP
  502.     iph->ip_off = 0;
  503.     // Source IP address, can use spoofed address here!!!
  504.     iph->ip_src.s_addr = inet_addr(addr);
  505.     //h The destination IP address
  506.     iph->ip_dst.s_addr = inet_addr(scanned_computer);
  507.    
  508.     // Fabricate the UDP header. Source port number, redundant
  509.     udp->udph_srcport = htons(my_beautiful_port);
  510.     // Destination port number
  511.     udp->udph_len = htons(sizeof(struct udpheader));
  512.    
  513.     // Calculate the checksum for integrity
  514.     iph->ip_sum = csum((unsigned short *)buffer, sizeof(struct ip) +
  515.             sizeof(struct udpheader));
  516.     iph->ip_len = sizeof(struct ip) + sizeof(struct udpheader);
  517.     //create a raw socket with UDP protocol, IPv4
  518.     //to receive ICMP response packets
  519.     recvfd = socket(PF_INET, SOCK_RAW, IPPROTO_UDP);
  520.     if (recvfd < 0)
  521.     {
  522.         perror("UDP socket() error\n");
  523.         return 1;
  524.     }
  525.  
  526.     if (setsockopt(recvfd, IPPROTO_IP, IP_HDRINCL, val, sizeof(one)) < 0)
  527.     {
  528.         fprintf(stderr, "setsockopt() error\n");
  529.         return -1;
  530.     }
  531.     /*
  532.         *  END OF REUSED CODE    
  533.         */
  534.  
  535.     if (udp_range)
  536.     {
  537.         for (int i = scanned_udp_ports[0]; i <= scanned_udp_ports[1]; i++)
  538.         {
  539.             udp->udph_destport = htons(i);
  540.         din.sin_port = htons(i);
  541.         iph->ip_sum = csum((unsigned short *)buffer,
  542.                 (sizeof(struct ip) + sizeof(struct udpheader)));
  543.        
  544.         //packet capture
  545.         if ((pcap = pcap_open_live(interface, PCKT_LEN, 1, 500, errbuf)) == NULL)
  546.         {
  547.             fprintf(stderr, "pcap_open_live() error: %s\n", strerror(errno));
  548.             pcap_freealldevs((pcap_if_t *)pcap);
  549.             return -1;
  550.         }
  551.  
  552.         struct bpf_program fp;
  553.                
  554.         if (pcap_compile(pcap, &fp, "icmp and icmp[icmptype] == icmp-unreach"
  555.                             , 0, PCAP_NETMASK_UNKNOWN) == -1)
  556.         {
  557.             fprintf(stderr, "pcap_compile() error\n");
  558.             return -1;
  559.         }
  560.         if (pcap_setfilter(pcap, &fp) == -1)
  561.         {
  562.             fprintf(stderr, "pcap_setfilter() error\n");
  563.             return -1;
  564.         }
  565.  
  566.         //a UDP/ICMP packet could get lost on the way, therefore trying to repeat it a few times
  567.         //unless I get a response
  568.         int pcap_dispatch_ret_val;
  569.         for(int j = 0; j <= 2; j++)
  570.         {
  571.                     if (sendto(recvfd, buffer, iph->ip_len, 0, (struct sockaddr *) &sin, sizeof(sin)) < 0)
  572.             {
  573.                 fprintf(stderr, "sending UDP packet failed %s\n", strerror(errno));
  574.             return -1;
  575.             }
  576.                 alarm(2);
  577.                     signal(SIGALRM, alarm_handler);
  578.             pcap_dispatch_ret_val = pcap_dispatch(pcap, 1, udp_pcap_handler, NULL);
  579.             if (pcap_dispatch_ret_val == 0)
  580.             {
  581.                     if (j < 2)
  582.             {
  583.                 continue;
  584.             }
  585.             else
  586.             {
  587.                 printf("%d/udp\topen\n", i);
  588.             }
  589.             }
  590.             else if (pcap_dispatch_ret_val == -1)
  591.             {
  592.                 fprintf(stderr, "pcap_dispatch() error: %s\n", strerror(errno));
  593.             return -1;
  594.             }
  595.             else if (pcap_dispatch_ret_val == -2)
  596.             {
  597.                     if (j < 2)
  598.             {
  599.                 continue;
  600.             }
  601.             else
  602.             {
  603.                 printf("%d/udp\topen\n", i);
  604.             }
  605.             }
  606.             else
  607.             {
  608.                 printf("%d/udp\tclosed\n", i);
  609.             }
  610.         }
  611.         pcap_close(pcap);
  612.         }
  613.     }
  614.     else
  615.     {
  616.         for (int i = 0; scanned_udp_ports[i] != 0; i++)
  617.         {
  618.             udp->udph_destport = htons(i);
  619.         din.sin_port = htons(i);
  620.         iph->ip_sum = csum((unsigned short *)buffer, (sizeof(struct ip) + sizeof(struct udpheader)));
  621.                 //packet capture
  622.         if ((pcap = pcap_open_live(interface, PCKT_LEN, 1, 500, errbuf)) == NULL)
  623.         {
  624.             fprintf(stderr, "pcap_open_live() error: %s\n", strerror(errno));
  625.             pcap_freealldevs((pcap_if_t *)pcap);
  626.             return -1;
  627.         }
  628.            
  629.             struct bpf_program fp;
  630.         if (pcap_compile(pcap, &fp, "icmp and icmp[icmptype] == icmp-unreach"
  631.                             , 0, PCAP_NETMASK_UNKNOWN) == -1)
  632.         {
  633.             fprintf(stderr, "pcap_compile() error\n");
  634.             return -1;
  635.         }
  636.         if (pcap_setfilter(pcap, &fp) == -1)
  637.         {
  638.             fprintf(stderr, "pcap_setfilter() error\n");
  639.             return -1;
  640.         }
  641.  
  642.         //a UDP/ICMP packet could get lost on the way, therefore trying to test it a few times
  643.         int pcap_dispatch_ret_val;
  644.         for(int j = 0; j <= 2; j++)
  645.         {
  646.             if (sendto(recvfd, buffer, iph->ip_len, 0, (struct sockaddr *) &sin, sizeof(sin)) < 0)
  647.             {
  648.                 fprintf(stderr, "sending UDP packet failed %s\n", strerror(errno));
  649.             return -1;
  650.             }
  651.             alarm(2);
  652.             signal(SIGALRM, alarm_handler);
  653.             pcap_dispatch_ret_val = pcap_dispatch(pcap, 1, udp_pcap_handler, NULL);
  654.             if (pcap_dispatch_ret_val == 0)
  655.             {
  656.                 if (j < 2)
  657.             {
  658.                 continue;
  659.             }
  660.             else
  661.             {
  662.                 printf("%d/udp\topen\n", scanned_udp_ports[i]);
  663.             }
  664.             }
  665.             else if (pcap_dispatch_ret_val == -1)
  666.             {
  667.                 //not using pcap_breakloop, no need to check explicitly for -2
  668.             //TODO: NOW I'm using breakloop
  669.             fprintf(stderr, "pcap_dispatch() error: %s\n", strerror(errno));
  670.             return -1;
  671.             }
  672.             else if (pcap_dispatch_ret_val == -2)
  673.             {
  674.                 if (j < 2)
  675.             {
  676.                 continue;
  677.             }
  678.             else
  679.             {
  680.                 printf("%d/udp\topen\n", scanned_udp_ports[i]);
  681.             }
  682.             }
  683.             else
  684.             {
  685.                 printf("%d/udp\tclosed\n", scanned_udp_ports[i]);
  686.             break;
  687.             }
  688.         }
  689.             pcap_close(pcap);
  690.         }
  691.     }
  692.     }
  693.  
  694.     //TCP scan
  695.     if (tcp_ports != NULL)
  696.     {
  697.         // IP structure
  698.         iph->ip_hl = 5;
  699.         iph->ip_v = 4;
  700.         iph->ip_tos = 16;
  701.         iph->ip_len = sizeof(struct ip) + sizeof(struct tcpheader);
  702.         iph->ip_id = htonl(54321);
  703.         iph->ip_off = 0;
  704.         iph->ip_ttl = 64;
  705.         iph->ip_p = 6; // TCP
  706.         iph->ip_sum = 0; // Done by kernel
  707.         // Source IP, modify as needed, spoofed, we accept through command line argument
  708.         iph->ip_src.s_addr = inet_addr(addr);
  709.         // Destination IP, modify as needed, but here we accept through command line argument
  710.         iph->ip_dst.s_addr = inet_addr(scanned_computer);
  711.  
  712.         sin.sin_addr.s_addr = inet_addr(addr);
  713.         din.sin_addr.s_addr = inet_addr(scanned_computer);
  714.         sin.sin_family = AF_INET;
  715.         din.sin_family = AF_INET;
  716.         // Source port, can be any, modify as needed
  717.         sin.sin_port = htons(my_beautiful_port);
  718.  
  719.         ///
  720.         sendfd = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
  721.         if (sendfd < 0)
  722.         {
  723.             perror("socket() error");
  724.             return -1;
  725.         }
  726.     if (tcp_range)
  727.     {
  728.         for (int i = scanned_tcp_ports[0]; i <= scanned_tcp_ports[1]; i++)
  729.             {
  730.             /*******************************************************************
  731.              * Title: rawtcp.c
  732.              * Date: 20.4.2019
  733.              * Code version:
  734.              * Availability: https://www.tenouk.com/Module43a.html
  735.             ********************************************************************/
  736.                 tcp->tcph_srcport = htons(my_beautiful_port);
  737.             tcp->tcph_destport = htons(i);
  738.                 tcp->tcph_seqnum = htonl(1);
  739.                 tcp->tcph_acknum = 0;
  740.                 tcp->th_offx2 = 5;
  741.                 tcp->tcph_syn = 1;
  742.                 tcp->tcph_ack = 0;
  743.                 tcp->tcph_win = htons(32767);
  744.                 tcp->tcph_chksum = 0; // Done by kernel
  745.                 tcp->tcph_urgptr = 0;
  746.  
  747.         din.sin_port = htons(i);
  748.  
  749.         iph->ip_sum = csum((unsigned short *)buffer,
  750.                 (sizeof(struct ip) + sizeof(struct tcpheader)));
  751.     iph->ip_len = sizeof(struct ip) + sizeof(struct tcpheader);
  752.  
  753.                 // Inform the kernel do not fill up the headers' structure, we fabricated our own
  754.                 if(setsockopt(sendfd, IPPROTO_IP, IP_HDRINCL, val, sizeof(one)) < 0)
  755.                 {
  756.                     perror("setsockopt() error");
  757.                     exit(-1);
  758.                 }
  759.  
  760.                 /*
  761.                  * END OF REUSED CODE
  762.                  */
  763.     char filter_exp[] = "port 32769 && port 23";        /* filter expression [3] */
  764.     struct bpf_program fp;          /* compiled filter program (expression) */
  765.     bpf_u_int32 mask;           /* subnet mask */
  766.     bpf_u_int32 net;            /* ip */
  767.         int num_packets = 10;
  768.     /* open capture device */
  769.     pcap = pcap_open_live(interface, PCKT_LEN, 1, 1000, errbuf);
  770.     if (pcap == NULL) {
  771.         fprintf(stderr, "Couldn't open device %s: %s\n", interface, errbuf);
  772.         exit(EXIT_FAILURE);
  773.     }
  774.  
  775.     /* make sure we're capturing on an Ethernet device [2] */
  776. //  if (pcap_datalink(pcap) != DLT_EN10MB) {
  777. //      fprintf(stderr, "%s is not an Ethernet\n", interface);
  778. //      exit(EXIT_FAILURE);
  779. //  }
  780.  
  781.     /* compile the filter expression */
  782.     if (pcap_compile(pcap, &fp, filter_exp, 0, net) == -1) {
  783.         fprintf(stderr, "Couldn't parse filter %s: %s\n",
  784.             filter_exp, pcap_geterr(pcap));
  785.         exit(EXIT_FAILURE);
  786.     }
  787.  
  788.     /* apply the compiled filter */
  789.     if (pcap_setfilter(pcap, &fp) == -1) {
  790.         fprintf(stderr, "Couldn't install filter %s: %s\n",
  791.             filter_exp, pcap_geterr(pcap));
  792.         exit(EXIT_FAILURE);
  793.     }
  794.                 if(sendto(sendfd, buffer, iph->ip_len, 0, (struct sockaddr *)&sin, sizeof(sin)) < 0)
  795.                 // Verify
  796.                 {
  797.                    perror("sendto() error");
  798.                    exit(-1);
  799.                 }
  800.                 printf("%d\n", i);
  801.     /* now we can set our callback function */
  802. //  pcap_loop(pcap, num_packets, got_packet, NULL);
  803.             alarm(2);
  804.             signal(SIGALRM, alarm_handler);
  805.         int pcap_dispatch_ret_val;
  806.             pcap_dispatch_ret_val = pcap_dispatch(pcap, 1, got_packet, NULL);
  807.                     if (pcap_dispatch_ret_val == -1)
  808.                     {
  809.                         fprintf(stderr, "pcap_dispatch() error\n");
  810.                         return -1;
  811.                     }
  812.             else if (pcap_dispatch_ret_val <= 0)
  813.             {
  814.                 printf("%d/tcp\topen\n", i);
  815.                     }
  816.                     else
  817.                     {
  818.                 printf("%d/tcp\tclosed\n",i);
  819.                     }
  820.                
  821.             }
  822.         }
  823.     }
  824. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top