mac broadcast flooding

Dieses Thema im Forum "Sicherheit & Datenschutz" wurde erstellt von Dr.Crasher, 27. September 2005 .

Schlagworte:
Status des Themas:
Es sind keine weiteren Antworten möglich.
  1. Diese Seite verwendet Cookies. Wenn du dich weiterhin auf dieser Seite aufhältst, akzeptierst du unseren Einsatz von Cookies. Weitere Informationen
  1. #1 27. September 2005
    Hi
    kennt jemand nen prog (egal ob linux/windows) um einen broadcast per mac adresse mit gefälschtem absender zu starten? codeschnipsel würden mir auch schon helfen.
    danke schonmal im voraus
     

  2. Anzeige
    Dealz: stark reduzierte Angebote finden.
  3. #2 28. September 2005
    Code:
    #include <sys/types.h>
    #include <sys/socket.h>
    #include <sys/time.h>
    #include <time.h>
    #include <netinet/in.h>
    #include <arpa/inet.h>
    #include <errno.h>
    #include <fcntl.h>
    #include <netdb.h>
    #include <signal.h>
    #include <stdio.h>
    #include <stdlib.h>
    #include <string.h>
    #include <sys/stat.h>
    #include <sys/uio.h>
    #include <unistd.h>
    #include <sys/wait.h>
    #include <sys/un.h>
    #include <netdb.h>
    #include <sys/ioctl.h>
    #include <stdarg.h>
    #include <net/if.h>
    #include <netinet/ip.h>
    #define __FAVOR_BSD
    #include <netinet/tcp.h>
    #define ETH_P_ARP 0x0806
    #define MAX_PACK_LEN 2000
    #define ETHER_HEADER_LEN 14
    #define ARPREQUEST 1
    #define ARPREPLY 2
    #define perr(s) fprintf(stderr,s)
    
    struct arp_struct
    {
     u_char dst_mac[6];
     u_char src_mac[6];
     u_short pkt_type;
     u_short hw_type;
     u_short pro_type;
     u_char hw_len;
     u_char pro_len;
     u_short arp_op;
     u_char sender_eth[6];
     u_char sender_ip[4];
     u_char target_eth[6];
     u_char target_ip[4];
    };
    union
    {
     u_char full_packet[MAX_PACK_LEN];
     struct arp_struct arp_pkt;
    }
    a;
    #define full_packet a.full_packet
    #define arp_pkt a.arp_pkt
    void get_hw_addr (char *, char *);
    char *
    inetaddr ( u_int32_t ip )
    {
     struct in_addr in;
     in.s_addr = ip;
     return inet_ntoa(in);
    }
    char *
    hwaddr (u_char * s)
    {
     static char buf[30];
     sprintf (buf, "%02X:%02X:%02X:%02X:%02X:%02X", s[0], s[1], s[2], s[3], s[4], s[5]);
     return buf;
    }
    int 
    main (int argc, char **argv)
    {
     int rec;
     int len, from_len, rsflags;
     struct ifreq if_data;
     struct sockaddr from;
     u_int8_t myMAC[6];
     u_int32_t myIP, myNETMASK, myBROADCAST, ip, dip, sip;
     char * macaddr;
     if (getuid () != 0)
     {
     perr ("You must be root to run this program!\n");
     exit (0);
     }
     if (argc != 2)
     {
     fprintf(stderr,"Usage: %s Macaddr\n", argv[0]);
     exit (0);
     } 
     if ((rec = socket (AF_INET, SOCK_PACKET, htons (ETH_P_ARP))) < 0)
     {
     perror("socket");
     exit (0);
     }
     printf ("----------------------------------------------------------\n");
     strcpy (if_data.ifr_name, "eth0");
     if (ioctl (rec, SIOCGIFHWADDR, &if_data) < 0) {
     perr ("can't get HW addres of my interface!\n");
     exit(1);
     } //if (ioctl (rec, SIOCGIFHWADDR, &if_data) < 0) 
     memcpy (myMAC, if_data.ifr_hwaddr.sa_data, 6);
     printf ("> My HW Addr: %s\n", hwaddr (myMAC));
     if (ioctl (rec, SIOCGIFADDR, &if_data) < 0) {
     perr ("can't get IP addres of my interface!\n");
     exit(1);
     } //if (ioctl (rec, SIOCGIFADDR, &if_data) < 0) 
     memcpy ((void *) &ip, (void *) &if_data.ifr_addr.sa_data + 2, 4);
     myIP = ntohl (ip); //change ip to spoof
     printf ("> My IP Addr: %s\n", inetaddr(ip));
     if (ioctl (rec, SIOCGIFNETMASK, &if_data) < 0)
     perr ("can't get NETMASK addres of my interface!\n");
     memcpy ((void *) &ip, (void *) &if_data.ifr_netmask.sa_data + 2, 4);
     myNETMASK = ntohl (ip);
     printf ("> My NETMASK: %s\n", inetaddr(ip));
     if (ioctl (rec, SIOCGIFBRDADDR, &if_data) < 0)
     perr ("can't get BROADCAST addres of my interface!\n");
     memcpy ((void *) &ip, (void *) &if_data.ifr_broadaddr.sa_data + 2, 4);
     myBROADCAST = ntohl (ip);
     printf ("> My BROADCAST: %s\n", inetaddr(ip));
     if ((rsflags = fcntl (rec, F_GETFL)) == -1)
     {
     perror ("fcntl F_GETFL");
     exit (1);
     } 
     if (fcntl (rec, F_SETFL, rsflags | O_NONBLOCK) == -1)
     {
     perror ("fcntl F_SETFL");
     exit (1);
     }
     printf ("----------------------------------------------------------\n");
     printf ("Scanning");
     for (dip = (myIP & myNETMASK) + 1; dip < myBROADCAST; dip++)
     {
     bzero(full_packet, MAX_PACK_LEN);
     //memcpy (arp_pkt.dst_mac,"\255\255\255\255\255\0", 6); 
     memcpy (arp_pkt.dst_mac, "\xff\xff\xff\xff\xff\xff", 6); 
     //get_hw_addr(arp_pkt.dst_mac,"FF:FF:FF:FF:FF:FF");
     /* ff:ff:ff:ff:ff:ff:)*/
     memcpy (arp_pkt.src_mac, myMAC, 6);
     arp_pkt.pkt_type = htons( ETH_P_ARP );
     arp_pkt.hw_type = htons( 0x0001 );
     arp_pkt.hw_len = 6;
     arp_pkt.pro_type = htons( 0x0800 );
     arp_pkt.pro_len = 4;
     arp_pkt.arp_op = htons (ARPREQUEST);
     memcpy (arp_pkt.sender_eth, myMAC, 6);
     ip = htonl (myIP);
     memcpy (arp_pkt.sender_ip, &ip, 4);
     memcpy (arp_pkt.target_eth, "\0\0\0\0\0\0", 6);
     ip = htonl (dip);
     memcpy (arp_pkt.target_ip, &ip, 4);
     strcpy(from.sa_data, "eth0");
     from.sa_family = 1;
     if( sendto (rec, full_packet, sizeof (struct arp_struct), 0, &from,sizeof(from)) < 0)
     perror ("sendto");
     usleep (50);
     len = recvfrom (rec, full_packet, MAX_PACK_LEN, 0, &from, &from_len);
     if (len <= ETHER_HEADER_LEN)
     continue;
     memcpy (&ip, arp_pkt.target_ip, 4);
     memcpy (&sip, arp_pkt.sender_ip, 4);
    
     if (ntohs (arp_pkt.arp_op) == ARPREPLY
     && ( dip - ntohl(sip) >= 0 )
     && ( dip - ntohl(sip) <= 2 ) )
     {
     macaddr=hwaddr(arp_pkt.sender_eth);
     if (!strncmp(macaddr,argv[1],17))
     {
     printf ("\nMAC: %s ---------> HOST: %s \n",macaddr,inetaddr (sip));
     exit(0);
     } 
     } 
     else
     printf("."),fflush(stdout);
     } 
     printf ("End\n");
     return;
    } 
    
    void get_hw_addr (char *buf, char *str)
    {
     int i;
     char c, val;
     for(i = 0; i < 6; i++)
     {
     if (!(c = tolower(*str++)));
     if (isdigit(c))
     val = c - '0';
     else if (c >= 'a' && c <= 'f')
     val = c-'a'+10;
     *buf = val << 4;
     if (!(c = tolower(*str++)));
     if (isdigit(c))
     val = c - '0';
     else if (c >= 'a' && c <= 'f')
     val = c-'a'+10;
     *buf++ |= val;
     if (*str == ':')
     str++;
     } 
    } 
    
    
    voilà...
     
  4. #3 30. September 2005
    mh, geht leider nicht :(
    ziemlich viele errors beim compilieren über den gesamten code verteilt
     
  5. #4 30. September 2005
    Code ist für *BSD geschrieben..
    Welche Fehler kommen?
     
  6. #5 30. September 2005
    aso, hab jetzt nur unter debian getestet, zz kein bsd drauf :(
    dann muss ich wohl mal weitersuchen, oder hat noch wer was im angebot, am besten sogar für windows. das ganze würde sich doch sogar in vb machen lassen
     

  7. Videos zum Thema
Die Seite wird geladen...