文章作者:kiki
信息来源:邪恶八进制安全小组技术论坛(
www.eviloctal.com)
大家来挑毛病,默认端口16881,,默认首页为index.htm
点击下载复制内容到剪贴板
代码:
#pragma comment(lib,"Ws2_32.lib")
#include<stdio.h>
#include<winsock2.h>
#include<windows.h>
#define SIO_RCVALL _WSAIOW(IOC_VENDOR,1)
SOCKET TranSock[64];
struct sockaddr_in client[64];
struct _SYSTEMTIME currenttime;
DWORD CurrentTickCount = 0;
long SynLinkTotal = 0;
struct SynInfo{
unsigned long ip;
DWORD arrivetickcount;
struct SynInfo * next;
};
struct SynInfo *head;
struct SynInfo *tail;
struct SynInfo *fence;
int WaitTime = 600;
HANDLE ReadEvent = CreateEvent(NULL,TRUE,FALSE,NULL) ;
HANDLE WriteEvent = CreateEvent(NULL,TRUE,FALSE,NULL);
DWORD WINAPI Recv_Send_Thread( DWORD* socketindex );
DWORD WINAPI SynFloodDefend(char *temp);
DWORD WINAPI SendRstThread();
DWORD WINAPI CheckLinkThread()
{
DWORD dwResult=0;
struct SynInfo *temp , *temptofree;
while(TRUE)
{
temp = head;
dwResult = WaitForSingleObject(ReadEvent,1000);
if(dwResult == WAIT_TIMEOUT )
continue;
ResetEvent(WriteEvent);
while( temp->next != NULL)
{
if(CurrentTickCount >= temp->next->arrivetickcount)
{temptofree = temp->next;
temp->next = temptofree->next;
free(temptofree);
InterlockedDecrement(&SynLinkTotal);//SynLinkTotal--
printf("-1\n");
printf("%d\n",SynLinkTotal);
}
temp = temp->next;
}
SetEvent(WriteEvent);
ResetEvent(ReadEvent);
Sleep(1);
}
return 0;
}
DWORD WINAPI GetTime()
{
while(TRUE)
{GetLocalTime(¤ttime);
CurrentTickCount = GetTickCount();
Sleep(1);
}
}
void main( void )
{
DWORD werror;
WSADATA wsadata;
SOCKET listensocket;
HOSTENT *host;
struct sockaddr_in serv_listen;
char hostname[128];
DWORD index = 0;
DWORD indextemp[64];
char * myip;
int clen = sizeof(struct sockaddr);
memset( &serv_listen , 0 , clen );
memset( &client ,0 , clen * 64 );
werror = WSAStartup( MAKEWORD(2,2) , &wsadata );
if( werror != 0 )
{printf("Load winsock dll failed!\n");
exit(0);
}
werror = gethostname( hostname , 20 );
if( werror == SOCKET_ERROR )
{printf( "Get host name error!\n" );
exit(0);
}
host=gethostbyname( hostname );
if( host == NULL )
{printf( "Get host by name failed!\n" );
exit(0);
}
listensocket = socket( AF_INET , SOCK_STREAM , IPPROTO_TCP );
if( listensocket == INVALID_SOCKET )
{printf( "Create listen socket error!\n" );
exit(0);
}
memcpy(&(serv_listen.sin_addr),host->h_addr,host->h_length);
serv_listen.sin_family = AF_INET;
serv_listen.sin_port = htons(81);
myip = inet_ntoa(serv_listen.sin_addr);
werror=bind( listensocket , (struct sockaddr*)&serv_listen , clen);
if( werror == SOCKET_ERROR )
{printf( "Bind error!\n" );
exit(0);
}
werror = listen( listensocket , 5 );
if( werror == SOCKET_ERROR )
{printf( " Socket listen error!\n" );
exit(0);
}
CreateThread( NULL,
0,
(LPTHREAD_START_ROUTINE)GetTime,
NULL,
0,
NULL
);
head = (struct SynInfo*)malloc(sizeof(struct SynInfo));
head->arrivetickcount = 0xffffffff;
head->ip = 0xffffffff;
head->next = NULL;
fence = head;
CreateThread( NULL,
0,
(LPTHREAD_START_ROUTINE)CheckLinkThread,
NULL,
0,
NULL
);
CreateThread( NULL,
0,
(LPTHREAD_START_ROUTINE)SynFloodDefend,
(PVOID)myip,
0,
NULL
);
while(1)
{if( index == 64 )
index = 0;
while( (TranSock[index] !=0xcccccccc) && (TranSock[index] !=-1) && (TranSock[index] !=0) )
{
index++;
if( index == 64 )
index = 0;
}
TranSock[index] = accept( listensocket , ( struct sockaddr * )&client[index] , &clen );
if( TranSock[index] == INVALID_SOCKET )
{
printf( "Socket Accept Error: %d \n" , WSAGetLastError() );
closesocket( TranSock[index] );
TranSock[index] = 0;
continue;
}
indextemp[index] = index;
CreateThread(
NULL,
0,
(LPTHREAD_START_ROUTINE)Recv_Send_Thread,
(PVOID)&indextemp[index],
0,
NULL
);
index++;
}
}
DWORD WINAPI Recv_Send_Thread( DWORD* pindex )
{
char recvmem[1024];
char TimeFmr[] = "%d,%d/%d/%d %d:%d:%d GMT";
char MimeType[]="%s/%s";
char outtime[50];
char Type[40];
DWORD socketindex = *( (DWORD *)pindex );
int errorcode = 0;
DWORD sendbt=0;
char headers[500];
char hdrFmtNor[]=
"HTTP/1.0 200 OK\r\n"
"Server: KIKI's Web Server\r\n"
"Date: %s\r\n"
"Accept-Ranges: bytes\r\n"
"Content-Length: %d\r\n"
"Content-Type: %s\r\n\r\n";
char hdrFmtDown[]=
"HTTP/1.0 206 Partial content\r\n"
"Server: KIKI's Web Server\r\n"
"Date: %s\r\n"
"Accept-Ranges: bytes\r\n"
"Content-Length: %d\r\n"
"Content-Type: %s\r\n\r\n";
memset( recvmem , 0 ,1024 );
errorcode = recv( TranSock[socketindex] , recvmem , 1024 , 0 );
if( errorcode == SOCKET_ERROR || errorcode == 0 )
{printf( "Recv Error: %d\n" , WSAGetLastError() );
//printf("----------------------------------------"
// "----------------------------------------");
closesocket( TranSock[socketindex] );
TranSock[socketindex] = 0;
return -1;
}
wsprintf( outtime , TimeFmr , currenttime.wDayOfWeek,
currenttime.wDay,
currenttime.wMonth ,
currenttime.wYear ,
currenttime.wHour ,
currenttime.wMinute ,
currenttime.wSecond);
printf( "%s\n" , recvmem );
HANDLE fp;
char sendfile[1400];
char filename[50] = "index.htm";
char tempname[10] = "index.htm";
DWORD i = 0;
DWORD dwRead = 0;
int len;
memset( sendfile , 0 , 1400 );
strcpy( filename , tempname );
if(strlen(recvmem) < 5)
{ printf("这是一组恶意数据\n\n");
closesocket(TranSock[socketindex]);
TranSock[socketindex] = 0;
return -1;
}
if( recvmem[5]!=32 )
{ memset(filename,0,50);
for(i=5;recvmem[i]!=32;i++)
filename[i-5]=recvmem[i];
}
for( i=0 ; i<50 ; i++ )
if( (filename[i]==':') || (filename[i]=='*') || (filename[i]=='%') )
{printf( "Time:%s\n%s企图请求的页面文件:%s.\n\n" , outtime , inet_ntoa(client[socketindex].sin_addr) , filename );
printf("\n--------------------------------------"
"------------------------------------------");
closesocket(TranSock[socketindex]);
TranSock[socketindex] = 0;
return -1;
}
i=0;
DWORD j=0 ;
DWORD start;
char size[32];
memset(size,0,32);
while(i != 1024)
{if(recvmem[i] == '=')
{i++;
while(recvmem[i]!='-')
{size[j] = recvmem[i];
i++;
j++;
}
break;
}
else
i++;
}
if(size[0] == 0)
start = 0;
else
start = atol(size);
printf("range:%d\n",start);
fp = CreateFile(filename,
GENERIC_READ,
FILE_SHARE_READ,
(LPSECURITY_ATTRIBUTES)NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL);
if( fp == INVALID_HANDLE_VALUE )
{printf( "%s open file: %s error!\n" , inet_ntoa( client[socketindex].sin_addr ) , filename );
printf( "--------------------------------------------------------------------------------" );
closesocket( TranSock[socketindex] );
TranSock[socketindex] = 0;
return -1;
}
i = GetFileSize(fp,NULL);
j = i / 1400;
len = strlen( filename );
if((filename[len-3]=='h'&&filename[len-2]=='t'&&filename[len-1]=='m')||\
(filename[len-3]=='H'&&filename[len-2]=='T'&&filename[len-1]=='M')||\
(filename[len-4]=='h'&&filename[len-3]=='t'&&filename[len-2]=='m'&&filename[len-1]=='l')||\
(filename[len-4]=='H'&&filename[len-3]=='T'&&filename[len-2]=='M'&&filename[len-1]=='L')||\
(filename[len-5]=='s'&&filename[len-4]=='h'&&filename[len-3]=='t'&&filename[len-2]=='m'&&filename[len-1]=='l')||\
(filename[len-5]=='S'&&filename[len-4]=='H'&&filename[len-3]=='T'&&filename[len-2]=='M'&&filename[len-1]=='L'))
wsprintf(Type,MimeType,"text","html");
else if(
(filename[len-3]=='j'&&filename[len-2]=='p'&&filename[len-1]=='g')||\
(filename[len-3]=='J'&&filename[len-2]=='P'&&filename[len-1]=='G')||\
(filename[len-3]=='j'&&filename[len-2]=='p'&&filename[len-1]=='e')||\
(filename[len-3]=='J'&&filename[len-2]=='P'&&filename[len-1]=='E')||\
(filename[len-4]=='j'&&filename[len-3]=='p'&&filename[len-2]=='e'&&filename[len-1]=='g')||\
(filename[len-4]=='J'&&filename[len-3]=='P'&&filename[len-2]=='E'&&filename[len-1]=='G'))
wsprintf(Type,MimeType,"image","jpeg");
else if(
(filename[len-3]=='g'&&filename[len-2]=='i'&&filename[len-1]=='f')||\
(filename[len-3]=='G'&&filename[len-2]=='I'&&filename[len-1]=='F'))
wsprintf(Type,MimeType,"image","gif");
else if(
(filename[len-3]=='c'&&filename[len-2]=='s'&&filename[len-1]=='s')||\
(filename[len-3]=='C'&&filename[len-2]=='S'&&filename[len-1]=='S'))
wsprintf(Type,MimeType,"text","css");
else if(
(filename[len-3]=='t'&&filename[len-2]=='x'&&filename[len-1]=='t')||\
(filename[len-3]=='T'&&filename[len-2]=='X'&&filename[len-1]=='T'))
wsprintf(Type,MimeType,"text","plain");
else if(
(filename[len-3]=='p'&&filename[len-2]=='d'&&filename[len-1]=='f')||\
(filename[len-3]=='P'&&filename[len-2]=='D'&&filename[len-1]=='F'))
wsprintf(Type,MimeType,"application","pdf");
else if(
(filename[len-3]=='s'&&filename[len-2]=='w'&&filename[len-1]=='f')||\
(filename[len-3]=='S'&&filename[len-2]=='W'&&filename[len-1]=='F')||\
(filename[len-3]=='c'&&filename[len-2]=='a'&&filename[len-1]=='b')||\
(filename[len-3]=='C'&&filename[len-2]=='A'&&filename[len-1]=='B'))
wsprintf(Type,MimeType,"application","x-shockwave-flash");
else if(
(filename[len-3]=='d'&&filename[len-2]=='o'&&filename[len-1]=='c')||\
(filename[len-3]=='D'&&filename[len-2]=='O'&&filename[len-1]=='C')||\
(filename[len-3]=='d'&&filename[len-2]=='o'&&filename[len-1]=='t')||\
(filename[len-3]=='D'&&filename[len-2]=='O'&&filename[len-1]=='T'))
wsprintf(Type,MimeType,"application","msword");
else if(
(filename[len-3]=='h'&&filename[len-2]=='l'&&filename[len-1]=='p')||\
(filename[len-3]=='H'&&filename[len-2]=='L'&&filename[len-1]=='P')||\
(filename[len-3]=='c'&&filename[len-2]=='h'&&filename[len-1]=='m')||\
(filename[len-3]=='C'&&filename[len-2]=='H'&&filename[len-1]=='M'))
wsprintf(Type,MimeType,"application","mshelp");
else if(
(filename[len-3]=='x'&&filename[len-2]=='l'&&filename[len-1]=='s')||\
(filename[len-3]=='X'&&filename[len-2]=='L'&&filename[len-1]=='S')||\
(filename[len-3]=='x'&&filename[len-2]=='l'&&filename[len-1]=='a')||\
(filename[len-3]=='X'&&filename[len-2]=='L'&&filename[len-1]=='A'))
wsprintf(Type,MimeType,"application","msexcel");
else if(
(filename[len-3]=='p'&&filename[len-2]=='p'&&filename[len-1]=='t')||\
(filename[len-3]=='P'&&filename[len-2]=='P'&&filename[len-1]=='T')||\
(filename[len-3]=='p'&&filename[len-2]=='p'&&filename[len-1]=='z')||\
(filename[len-3]=='P'&&filename[len-2]=='P'&&filename[len-1]=='T')||\
(filename[len-3]=='p'&&filename[len-2]=='p'&&filename[len-1]=='s')||\
(filename[len-3]=='P'&&filename[len-2]=='P'&&filename[len-1]=='S')||\
(filename[len-3]=='p'&&filename[len-2]=='o'&&filename[len-1]=='t')||\
(filename[len-3]=='P'&&filename[len-2]=='O'&&filename[len-1]=='T'))
wsprintf(Type,MimeType,"application","mspowerpoint");
else if(
(filename[len-3]=='b'&&filename[len-2]=='i'&&filename[len-1]=='n')||\
(filename[len-3]=='B'&&filename[len-2]=='I'&&filename[len-1]=='N')||\
(filename[len-3]=='e'&&filename[len-2]=='x'&&filename[len-1]=='e')||\
(filename[len-3]=='E'&&filename[len-2]=='X'&&filename[len-1]=='E')||\
(filename[len-3]=='c'&&filename[len-2]=='o'&&filename[len-1]=='m')||\
(filename[len-3]=='C'&&filename[len-2]=='O'&&filename[len-1]=='M')||\
(filename[len-3]=='d'&&filename[len-2]=='l'&&filename[len-1]=='l')||\
(filename[len-3]=='D'&&filename[len-2]=='L'&&filename[len-1]=='L')||\
(filename[len-5]=='c'&&filename[len-4]=='l'&&filename[len-3]=='a'&&filename[len-2]=='s'&&filename[len-1]=='s')||\
(filename[len-5]=='C'&&filename[len-4]=='L'&&filename[len-3]=='A'&&filename[len-2]=='S'&&filename[len-1]=='S'))
wsprintf(Type,MimeType,"application","octet-stream");
else if(
(filename[len-3]=='a'&&filename[len-2]=='v'&&filename[len-1]=='i')||\
(filename[len-3]=='A'&&filename[len-2]=='V'&&filename[len-1]=='I'))
wsprintf(Type,MimeType,"video","x-msvideo");
else
wsprintf(Type,MimeType,"*","*");
if(start == 0)
wsprintf(headers, hdrFmtNor, (const char*)outtime, i ,Type);
else
wsprintf(headers, hdrFmtDown, (const char*)outtime, i-start ,Type);
printf( "Time:%s\n%s企图请求的页面文件:%s . 使用的套接字ID:Socket[%d]\n" , outtime , inet_ntoa(client[socketindex].sin_addr) , filename, socketindex );
sendbt = send( TranSock[socketindex] , headers , strlen(headers) , 0 );
if(-1 == SetFilePointer(fp,start,NULL,FILE_BEGIN))
{printf("SetFilePointer Error :%d\n",GetLastError());
closesocket( TranSock[socketindex] );
TranSock[socketindex] = 0;
CloseHandle(fp);
return -1;
}
do{
BOOL fRead = ReadFile(fp,
sendfile,
1400,
&dwRead,
NULL);
if(fRead == FALSE)
{ printf("读取文件错误!文件名:%s\n" , filename);
closesocket( TranSock[socketindex] );
TranSock[socketindex] = 0;
CloseHandle(fp);
return -1;
}
else if(fRead && dwRead)
{ sendbt = send( TranSock[socketindex] , sendfile , 1400 , 0 );
if( sendbt == SOCKET_ERROR )
{printf("Send Error:%d!\n",GetLastError());
closesocket( TranSock[socketindex] );
TranSock[socketindex] = 0;
CloseHandle(fp);
return -1;
}
memset(sendfile , 0 , 1400);
}
else
{ sendbt = send( TranSock[socketindex] , sendfile , j , 0 );
if( sendbt == SOCKET_ERROR )
{printf("Send Error:%d!\n",GetLastError());
closesocket( TranSock[socketindex] );
CloseHandle(fp);
TranSock[socketindex] = 0;
return -1;
}
}
}while(dwRead == 1400);
printf( "Socket[%d]数据传输完毕!\n\n" , socketindex );
CloseHandle(fp);
closesocket( TranSock[socketindex] );
TranSock[socketindex] = 0;
return 0;
}
//******************************************************************
//使用原始套接字实现监听的线程,传递的参数为指向本机ip的字符指针
//******************************************************************
DWORD WINAPI SynFloodDefend( char*temp )
{ SOCKET SnifferSocket;
struct sockaddr_in sa;
char sniffmem[50];
int i = 0;
DWORD flag=0;
char MyIpFmr[]="%d.%d.%d.%d";
char MyIp[15];
flag = SnifferSocket = socket(AF_INET,SOCK_RAW,IPPROTO_IP);
if ( flag == INVALID_SOCKET )
{printf( "socket error!\n" );
return -1;
}
memset(&sa , 0 , sizeof (struct sockaddr_in) );
sa.sin_addr.s_addr = inet_addr((char*)temp);
sa.sin_family = AF_INET;
sa.sin_port = htons(7000);
flag = bind(SnifferSocket , (struct sockaddr *)&sa , sizeof(sa) ) ;
if( flag == SOCKET_ERROR )
{printf( "Bind error!\n" );
return -1;
}
DWORD outbuf[10];
DWORD contrlflag = 1 ;
DWORD dwBytesReturned = 0 ;
flag = WSAIoctl(
SnifferSocket,
SIO_RCVALL,
&contrlflag,
sizeof(contrlflag),
&outbuf,
sizeof( outbuf ),
&dwBytesReturned ,
NULL ,
NULL );
if( flag == SOCKET_ERROR )
{
printf( "WSAIoctl Error!%d\n" , WSAGetLastError() );
return -1;
}
printf("Set OK!\n");
char ProType[15];
char ProFmr[] = "%s(%d)";
char Pro0[] = "IP";
char Pro1[] = "ICMP";
char Pro2[] = "IGMP";
char Pro6[] = "TCP";
char Pro17[] = "UDP";
char Pro255[]= "RAW";
char TimeFmr[]="时间: %d:%d:%d\n";
char TimeOut[15];
char IpFmr[]= "%d.%d.%d.%d:%d";
char sourceip[25];
char destip[25];
unsigned short int sourceport=0;
unsigned short int destport=0;
int overflag = 0;
SetEvent(WriteEvent);
DWORD dwResult=0;
while(TRUE)
{memset(sniffmem,0,50);
memset(ProType,0,15);
memset(sourceip,0,25);
memset(destip,0,25);
memset(MyIp,0,15);
flag = recv( SnifferSocket , sniffmem , sizeof(sniffmem) , 0 ) ;
/* if( flag == SOCKET_ERROR || flag == 0 )
{printf( "Raw Recv Error: %d\n" , WSAGetLastError() );
continue;
}*/
wsprintf(TimeOut , TimeFmr , currenttime.wHour,
currenttime.wMinute ,
currenttime.wSecond);
wsprintf( MyIp , MyIpFmr ,(unsigned char)sniffmem[16], (unsigned char)sniffmem[17],
(unsigned char)sniffmem[18], (unsigned char)sniffmem[19]);
if( inet_addr((char*)temp) != inet_addr(MyIp) )
continue;
else
{ printf( "%s" , TimeOut);
sourceport = (unsigned char)sniffmem[20];
sourceport *= 0x100;
sourceport += (unsigned char)sniffmem[21];
destport = (unsigned char)sniffmem[22];
destport *= 0x100;
destport += (unsigned char)sniffmem[23];
wsprintf(sourceip,IpFmr,(unsigned char)sniffmem[12] , (unsigned char)sniffmem[13],
(unsigned char)sniffmem[14],(unsigned char)sniffmem[15],
sourceport);
wsprintf(destip,IpFmr, (unsigned char)sniffmem[12+4] , (unsigned char)sniffmem[13+4],
(unsigned char)sniffmem[14+4],(unsigned char)sniffmem[15+4],
destport);
printf("%s\t--->\t%s\n",sourceip,destip);
if(sniffmem[9] == 6)
wsprintf( ProType , ProFmr , Pro6 , 6 );
else if(sniffmem[9] == 17)
wsprintf( ProType , ProFmr , Pro17 , 17 );
else if(sniffmem[9] == 1)
wsprintf( ProType , ProFmr , Pro1 , 1 );
else if(sniffmem[9] == 0)
wsprintf( ProType , ProFmr , Pro0 , 0 );
else if(sniffmem[9] == 255)
wsprintf( ProType , ProFmr , Pro255 , 255 );
else if(sniffmem[9] == 2)
wsprintf( ProType , ProFmr , Pro2 , 2 );
else
wsprintf( ProType , ProFmr , "Unknown" , sniffmem[9] );
printf("协议类型: %s\n",ProType);
if( (unsigned char)sniffmem[33] == 18 )
{printf( "一个SYN包!\n" );
dwResult = WaitForSingleObject(WriteEvent,1000);
if(dwResult == WAIT_TIMEOUT )
continue;
ResetEvent(ReadEvent);
fence->next = (struct SynInfo*)malloc(sizeof(struct SynInfo));
fence = fence->next;
fence->ip = inet_addr(sourceip);
fence->arrivetickcount = CurrentTickCount + WaitTime;
fence->next = NULL;
InterlockedIncrement(&SynLinkTotal); //SynLinkTotal++
printf("+1\n");
printf("%d\n",SynLinkTotal);
SetEvent(ReadEvent);
}
printf("\n");
}
}
closesocket(SnifferSocket);
return 0;
}
