It turns out that SYN attacks under Windows 2000 are simple:
Fillchadr (Localadr, Sizeof (Localadr), 0); Localadr.SIN_FAMILY: = AF_INET; LOCALADR.SIN_PORT: = HTONS (local_port); Localadr.sin_addr.s_addr: = inet_addr ('192.168.1.12'); // change to you IP
Fillchar (Remotadr, Sizeof (Remotadr), 0); RemotAdr.sin_Family: = Af_INET; Remotadr.sin_Port: = Htons (Remot_Port); RemotAdr.sin_addr.s_addr: = inet_addr (Pchar (Edit1.Text));
// // Create a socket // recvsock: = socket (AF_INET, SOCK_RAW, IPPROTO_IP); // CAN NOT BE -> ipproto_raw
// Bind is a must, otherwise it cannot be SiO_RCVALL BIND (Recvsock, @localadr, sizeof (localadr));
// sio_rcvall -> Sockets using this parameter must be the same clear local interface bind, and // socket address family must be AF_INET. Type must be an Sock_raw. Agreement must be ipproto_ip arg: = 1; if ioctlsocket (RECVSOCK, SIO_RCVALL, ARG) = Socket_ERROR THEN BEGIN Errmsg ('ioctlsocket () Failed with error' INTOSTR (Wsagetlasterror); EXIT;
IF WSAASYNCSELECT (RECVSOCK, HANDLE, WM_SOCKET, FD_READ) = Socket_ERROR THEN BEGIN Errmsg ('wsaasyncselect () Failed with error' INTOSTR (Wsagetlasterror); EXIT; END;
// // Create a Socket // sendsock: = socket (AF_INET, SOCK_RAW, IPPROTO_IP); // Also Can Be-> ipproto_raw
// In Windows NT4, Windows 98, IPPROTO_IGMP and IPPROTO_ICMP // can only be used in Windows 2000, IPPROTO_UDP, IPPROTO_IP, and IPPROTO_RAW //, but must use IPPRINCL !!! arg : = 1; if setsockopt (sendsock, ipproto_ip, ip_hdrincl, @arg, sizeof (arg)) = Socket_ERROR THEN BEGIN Errmsg ('setsockopt () failed with error' inttostr (wsagetlasterror); exit;
// Socket is created, allocated memory CBData: = 0; piphdr: = allocmem (yippheader) cbdata; ptcphdr: = ptcpheader (pchar (pchar) sizeof (Yipheader); pdata: = PCHAR (PTCPHDR) SizeOf (YtcpHeader); // Start Syn-> Ack DwSeq: = Raw_init_seq; dwack: = 0; dwflg: = 2; // 00000010 SYN = 1 Used to initiate a connection
Fillipheader (piphdr, ipproto_tcp, cbdata, 11111, remotadr.sin_addr.s_addr, localadr.sin_addr.s_addr);
Filltcpheader (Ptcphdr, Cbdata, Remotadr.sin_Port, Localadr.sin_Port, DWSEQ, DWACK, DWFLG, REMOTADR.SIN_ADDR.S_ADDR, LOCALADR.SIN_ADDR.S_ADDR);
if sendto (SendSock, pIPHdr ^, sizeof (YIPHeader) sizeof (YTCPHeader) cbData, 0, RemotAdr, sizeof (RemotAdr)) = SOCKET_ERROR then begin ErrMsg ( 'sendto () failed with error' IntToStr (WSAGetLastError)); EXIT;
IF Recv (Recvsock, Recvbuf [0], Max_Packet_SIZE, 0) = Socket_ERROR THEN BEGIN Errmsg ('Call Recv () Failed with Error' INTOSTR (WsageTlasterror); EXIT;
Decodetcpreply (@recvbuf [0], destseq, destack;
DWSEQ: = DESTACK; DWACK: = DESTSEQ 1; dwflg: = 16; // 0000000 ACK = 1
Fillipheader (piphdr, ipproto_tcp, cbdata, 11111, remotadr.sin_addr.s_addr, localadr.sin_addr.s_addr);
Filltcpheader (Ptcphdr, Cbdata, Remotadr.sin_Port, Localadr.sin_Port, DWSEQ, DWACK, DWFLG, REMOTADR.SIN_ADDR.S_ADDR, LOCALADR.SIN_ADDR.S_ADDR);
if sendto (SendSock, pIPHdr ^, sizeof (YIPHeader) sizeof (YTCPHeader) cbData, 0, RemotAdr, sizeof (RemotAdr)) = SOCKET_ERROR then begin ErrMsg ( 'sendto () failed with error' IntToStr (WSAGetLastError)); EXIT;
Oh, the above is the code of TCP three-time handshake, should there be no problem? However, under XP SP1, if you do not receive any data returned by the server ~~~~~~~ Use IRIS to monitor, the original XP receives the ACK message of the server, it will automatically send an RST message ~~~~~ ~ I poured ~~~
Attach a few functions:
// fill IP Headerprocedure FillIPHeader (pip: PIPHeader; pro: U8; datalen, id, destip, fromip: U32); var extln: u8; begin case pro of IPPROTO_TCP: extln: = sizeof (YTCPHeader); IPPROTO_UDP: extln: = SizeOf (Yudpheader); Else Extln: = Sizeof (Yipheader); // ipproto_ip end;
Pip ^ .u8verlen: = (4 shl 4) or (Sizeof (Yipheader) Div Sizeof (U32)); PIP ^ .u8tos: = 0; Pip ^ .u16Totallen: = HTONS (U16 (Sizeof (Yipheader) EXTLN DATALEN )); PIP ^ .U16ID: = HTONS (U16 (ID)); pip ^ .U16offset: = HTONS (1 shl 14); // do not fragment pip ^ .u8ttl: = 128; Pip ^ .u8protol: = Pro PIP ^ .U16Checksum: = 0; Pip ^ .u32srcaddr: = fromip; pip ^ .u32destaddr: = destip; pip ^ .u16checksum: = Checksum (PU16 (PIP), Sizeof (Yipheader); end;
// fill UDP Headerprocedure FillUDPHeader (pudp: PUDPHeader; datalen: u32; destport, fromport: U32); begin pudp ^ .u16fromport: = fromport; pudp ^ .u16destport: = destport; pudp ^ .u16totlen: = htons (sizeof (YUDPHeader ) DATALEN); PUDP ^ .U16chksum: = 0;
//// Plug TCP Header, PTCP is a pointer to TCP Header. The data to be sent should be after TCP header / / // ie: piphdr: = allocmem (ipheader sizeof (tcpheader) DataSize; // ptcphdr : = PByte (piphdr) sizeof (IPHeader); // pdata: = PByte (ptcphdr) sizeof (TCPHeader); // procedure FillTCPHeader (ptcp: PTCPHeader; datalen, destport, fromport, seq, ack, flag, destip, From: u32); VAR BUF: TBYTEARRAY; PSD: YPSDHEADER; begin ptcp ^ .u16FromPort: = fromport; ptcp ^ .u16destport: = destport; ptcp ^ .u32seq: = HTONL (SEQ); PTCP ^ .u32ack: = HTONL ACK); PTCP ^ .u8hdrlen: = ((Ytcpheader) Div Sizeof (U32)) SHL 4) OR 0; PTCP ^ .u8flag: = u8 (flash); PTCP ^ .U16Wndsize: = Htons (Raw_Wnd_Size); PTCP ^ .u16chksum: = 0; PTCP ^ .U16URGPTR: = 0; psd.u32fromaddr: = fromip; psd.u32destaddr: = destip; psd.u8mbz: = 0; psd.u8ptcl: = ipproto_tcp; psd.u16leyngth: = htons SizeOf (Ytcpheader) Datalen;
Move (PSD, BUF [0], SIZEOF (PSD)); Move (PTCP ^, BUF [SizeOf (PSD)], SizeOf (Ytcpheader) Datalen; PTCP ^ .u16chksum: = Checksum (PU16 (@buf [0 ]), SIZEOF (PSD) SizeOf (Ytcpheader) Datalen; END;
function DecodeTCPReply (pbuf: PChar; var DestSeq, DestAck: u32): bool; var pIpHdr: PChar; pTcphdr: PTCPHeader; begin pIpHdr:. = pbuf; Inc (pIpHdr, (PIPHeader (pIpHdr) ^ u8verlen and $ 0F) * 4 ); Ptcphdr: = ptcpheader (piphdr);
Result: = true; destseq: = ntohl (ptcphdr ^ .u32seq); Destack: = NTOHL (PTCPHDR ^ .u32ack);
