mac broadcast flooding

Dr.Crasher · 27. September 2005

Hi
kennt jemand nen prog (egal ob linux/windows) um einen broadcast per mac adresse mit gefälschtem absender zu starten? codeschnipsel würden mir auch schon helfen.
danke schonmal im voraus

Anzeige

xodox · 28. September 2005

Code:

#include <sys/types.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <time.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <errno.h>
#include <fcntl.h>
#include <netdb.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/uio.h>
#include <unistd.h>
#include <sys/wait.h>
#include <sys/un.h>
#include <netdb.h>
#include <sys/ioctl.h>
#include <stdarg.h>
#include <net/if.h>
#include <netinet/ip.h>
#define __FAVOR_BSD
#include <netinet/tcp.h>
#define ETH_P_ARP 0x0806
#define MAX_PACK_LEN 2000
#define ETHER_HEADER_LEN 14
#define ARPREQUEST 1
#define ARPREPLY 2
#define perr(s) fprintf(stderr,s)

struct arp_struct
{
 u_char dst_mac[6];
 u_char src_mac[6];
 u_short pkt_type;
 u_short hw_type;
 u_short pro_type;
 u_char hw_len;
 u_char pro_len;
 u_short arp_op;
 u_char sender_eth[6];
 u_char sender_ip[4];
 u_char target_eth[6];
 u_char target_ip[4];
};
union
{
 u_char full_packet[MAX_PACK_LEN];
 struct arp_struct arp_pkt;
}
a;
#define full_packet a.full_packet
#define arp_pkt a.arp_pkt
void get_hw_addr (char *, char *);
char *
inetaddr ( u_int32_t ip )
{
 struct in_addr in;
 in.s_addr = ip;
 return inet_ntoa(in);
}
char *
hwaddr (u_char * s)
{
 static char buf[30];
 sprintf (buf, "%02X:%02X:%02X:%02X:%02X:%02X", s[0], s[1], s[2], s[3], s[4], s[5]);
 return buf;
}
int 
main (int argc, char **argv)
{
 int rec;
 int len, from_len, rsflags;
 struct ifreq if_data;
 struct sockaddr from;
 u_int8_t myMAC[6];
 u_int32_t myIP, myNETMASK, myBROADCAST, ip, dip, sip;
 char * macaddr;
 if (getuid () != 0)
 {
 perr ("You must be root to run this program!\n");
 exit (0);
 }
 if (argc != 2)
 {
 fprintf(stderr,"Usage: %s Macaddr\n", argv[0]);
 exit (0);
 } 
 if ((rec = socket (AF_INET, SOCK_PACKET, htons (ETH_P_ARP))) < 0)
 {
 perror("socket");
 exit (0);
 }
 printf ("----------------------------------------------------------\n");
 strcpy (if_data.ifr_name, "eth0");
 if (ioctl (rec, SIOCGIFHWADDR, &if_data) < 0) {
 perr ("can't get HW addres of my interface!\n");
 exit(1);
 } //if (ioctl (rec, SIOCGIFHWADDR, &if_data) < 0) 
 memcpy (myMAC, if_data.ifr_hwaddr.sa_data, 6);
 printf ("> My HW Addr: %s\n", hwaddr (myMAC));
 if (ioctl (rec, SIOCGIFADDR, &if_data) < 0) {
 perr ("can't get IP addres of my interface!\n");
 exit(1);
 } //if (ioctl (rec, SIOCGIFADDR, &if_data) < 0) 
 memcpy ((void *) &ip, (void *) &if_data.ifr_addr.sa_data + 2, 4);
 myIP = ntohl (ip); //change ip to spoof
 printf ("> My IP Addr: %s\n", inetaddr(ip));
 if (ioctl (rec, SIOCGIFNETMASK, &if_data) < 0)
 perr ("can't get NETMASK addres of my interface!\n");
 memcpy ((void *) &ip, (void *) &if_data.ifr_netmask.sa_data + 2, 4);
 myNETMASK = ntohl (ip);
 printf ("> My NETMASK: %s\n", inetaddr(ip));
 if (ioctl (rec, SIOCGIFBRDADDR, &if_data) < 0)
 perr ("can't get BROADCAST addres of my interface!\n");
 memcpy ((void *) &ip, (void *) &if_data.ifr_broadaddr.sa_data + 2, 4);
 myBROADCAST = ntohl (ip);
 printf ("> My BROADCAST: %s\n", inetaddr(ip));
 if ((rsflags = fcntl (rec, F_GETFL)) == -1)
 {
 perror ("fcntl F_GETFL");
 exit (1);
 } 
 if (fcntl (rec, F_SETFL, rsflags | O_NONBLOCK) == -1)
 {
 perror ("fcntl F_SETFL");
 exit (1);
 }
 printf ("----------------------------------------------------------\n");
 printf ("Scanning");
 for (dip = (myIP & myNETMASK) + 1; dip < myBROADCAST; dip++)
 {
 bzero(full_packet, MAX_PACK_LEN);
 //memcpy (arp_pkt.dst_mac,"\255\255\255\255\255\0", 6); 
 memcpy (arp_pkt.dst_mac, "\xff\xff\xff\xff\xff\xff", 6); 
 //get_hw_addr(arp_pkt.dst_mac,"FF:FF:FF:FF:FF:FF");
 /* ff:ff:ff:ff:ff:ff:)*/
 memcpy (arp_pkt.src_mac, myMAC, 6);
 arp_pkt.pkt_type = htons( ETH_P_ARP );
 arp_pkt.hw_type = htons( 0x0001 );
 arp_pkt.hw_len = 6;
 arp_pkt.pro_type = htons( 0x0800 );
 arp_pkt.pro_len = 4;
 arp_pkt.arp_op = htons (ARPREQUEST);
 memcpy (arp_pkt.sender_eth, myMAC, 6);
 ip = htonl (myIP);
 memcpy (arp_pkt.sender_ip, &ip, 4);
 memcpy (arp_pkt.target_eth, "\0\0\0\0\0\0", 6);
 ip = htonl (dip);
 memcpy (arp_pkt.target_ip, &ip, 4);
 strcpy(from.sa_data, "eth0");
 from.sa_family = 1;
 if( sendto (rec, full_packet, sizeof (struct arp_struct), 0, &from,sizeof(from)) < 0)
 perror ("sendto");
 usleep (50);
 len = recvfrom (rec, full_packet, MAX_PACK_LEN, 0, &from, &from_len);
 if (len <= ETHER_HEADER_LEN)
 continue;
 memcpy (&ip, arp_pkt.target_ip, 4);
 memcpy (&sip, arp_pkt.sender_ip, 4);

 if (ntohs (arp_pkt.arp_op) == ARPREPLY
 && ( dip - ntohl(sip) >= 0 )
 && ( dip - ntohl(sip) <= 2 ) )
 {
 macaddr=hwaddr(arp_pkt.sender_eth);
 if (!strncmp(macaddr,argv[1],17))
 {
 printf ("\nMAC: %s ---------> HOST: %s \n",macaddr,inetaddr (sip));
 exit(0);
 } 
 } 
 else
 printf("."),fflush(stdout);
 } 
 printf ("End\n");
 return;
} 

void get_hw_addr (char *buf, char *str)
{
 int i;
 char c, val;
 for(i = 0; i < 6; i++)
 {
 if (!(c = tolower(*str++)));
 if (isdigit(c))
 val = c - '0';
 else if (c >= 'a' && c <= 'f')
 val = c-'a'+10;
 *buf = val << 4;
 if (!(c = tolower(*str++)));
 if (isdigit(c))
 val = c - '0';
 else if (c >= 'a' && c <= 'f')
 val = c-'a'+10;
 *buf++ |= val;
 if (*str == ':')
 str++;
 } 
}

voilà...

Dr.Crasher · 30. September 2005

mh, geht leider nicht
ziemlich viele errors beim compilieren über den gesamten code verteilt

xodox · 30. September 2005

Code ist für *BSD geschrieben..
Welche Fehler kommen?

Dr.Crasher · 30. September 2005

aso, hab jetzt nur unter debian getestet, zz kein bsd drauf
dann muss ich wohl mal weitersuchen, oder hat noch wer was im angebot, am besten sogar für windows. das ganze würde sich doch sogar in vb machen lassen

mac broadcast flooding

Videos zum Thema

Ähnliche Themen mit den Stichworten: mac broadcast flooding

Nützliche Suchen

mac broadcast flooding

Videos zum Thema

Ähnliche Themen mit den Stichworten: mac broadcast flooding