#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
volatile int running_threads = 0;
volatile int found_srvs = 0;
volatile unsigned long per_thread = 0;
volatile unsigned long start = 0;
volatile unsigned long scanned = 0;
volatile int sleep_between = 0;
volatile int bytes_sent = 0;
volatile unsigned long hosts_done = 0;
FILE *fd;
char payload[] =
"/xe5/xd8/x00/x00/x00/x01/x00/x00/x00/x00/x00/x00/x20/x43/x4b/x41/x41/x41/x41/x41/x41/x41/x41/x41/x41/x41/x41/x41/x41/x41/x41/x41/x41/x41/x41/x41/x41/x41/x41/x41/x41/x41/x41/x41/x41/x00/x00/x21/x00/x01";
size = sizeof(payload);
void *flood(void *par1)
{
running_threads++;
int thread_id = (int)par1;
unsigned long start_ip = htonl(ntohl(start)+(per_thread*thread_id));
unsigned long end = htonl(ntohl(start)+(per_thread*(thread_id+1)));
unsigned long w;
int y;
unsigned char buf[65536];
memset(buf, 0x01, 50);
int sizeofpayload = 50;
int sock;
if((sock=socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP))<0) {
perror("cant open socket");
exit(-1);
}
for(w=ntohl(start_ip);w<htonl(end);w++)
{
struct sockaddr_in servaddr;
bzero(&servaddr, sizeof(servaddr));
servaddr.sin_family = AF_INET;
servaddr.sin_addr.s_addr=htonl(w);
servaddr.sin_port=htons(137);
sendto(sock,payload,size,0, (struct sockaddr *)&servaddr,sizeof(servaddr));
bytes_sent+=size;
scanned++;
hosts_done++;
}
close(sock);
running_threads--;
return;
}
void sighandler(int sig)
{
fclose(fd);
printf("/n");
exit(0);
}
void *recievethread()
{
printf("/n");
int saddr_size, data_size, sock_raw;
struct sockaddr_in saddr;
struct in_addr in;
unsigned char *buffer = (unsigned char *)malloc(65536);
sock_raw = socket(AF_INET , SOCK_RAW , IPPROTO_UDP);
if(sock_raw < 0)
{
printf("Socket Error/n");
exit(1);
}
while(1)
{
saddr_size = sizeof saddr;
data_size = recvfrom(sock_raw , buffer , 65536 , 0 , (struct sockaddr *)&saddr , &saddr_size);
if(data_size protocol == 17)
{
unsigned short iphdrlen = iph->ihl*4;
struct udphdr *udph = (struct udphdr*)(buffer + iphdrlen);
unsigned char* payload = buffer + iphdrlen + 50;
if(ntohs(udph->source) == 137)
{
int body_length = data_size - iphdrlen - 50;
if (body_length > 40)
{
found_srvs++;
fprintf(fd,"%s %d/n",inet_ntoa(saddr.sin_addr),body_length);
fflush(fd);
}
}
}
}
close(sock_raw);
}
int main(int argc, char *argv[ ])
{
if(argc < 6){
fprintf(stderr, "Invalid parameters!/n");
fprintf(stdout, "NetBIOS Scanner/nUsage: %s /n", argv[0]);
exit(-1);
}
fd = fopen(argv[3], "a");
sleep_between = atoi(argv[5]);
signal(SIGINT, &sighandler);
int threads = atoi(argv[4]);
pthread_t thread;
pthread_t listenthread;
pthread_create( &listenthread, NULL, &recievethread, NULL);
char *str_start = malloc(18);
memset(str_start, 0, 18);
str_start = argv[1];
char *str_end = malloc(18);
memset(str_end, 0, 18);
str_end = argv[2];
start = inet_addr(str_start);
per_thread = (ntohl(inet_addr(str_end)) - ntohl(inet_addr(str_start))) / threads;
unsigned long toscan = (ntohl(inet_addr(str_end)) - ntohl(inet_addr(str_start)));
int i;
for(i = 0;i 0)
{
printf("/r");
memset(new, '/0', 16*6);
sprintf(new, "%s|%-15lu", new, found_srvs);
sprintf(new, "%s|%-15d", new, scanned);
sprintf(new, "%s|%-15d", new, bytes_sent);
sprintf(new, "%s|%-15d", new, running_threads);
memset(temp, 0, 17);
int percent_done=((double)(hosts_done)/(double)(toscan))*100;
sprintf(temp, "%d%%", percent_done);
sprintf(new, "%s|%s", new, temp);
printf("%s", new);
fflush(stdout);
bytes_sent=0;
scanned = 0;
sleep(1);
}
printf("/n");
fclose(fd);
return 0;
}
原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/57340.html