2016. 5. 20. 16:50ㆍ네트워크 보안 수업/네트워크 취약점 분석
보안관제 실무가이드
데일리시큐
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/ip.h>
#include <net/if.h>
#include <net/if_arp.h>
#include <linux/if_packet.h>
#include <linux/if_ether.h>
#include <net/ethernet.h>
#include <arpa/inet.h>
struct eth_header {
unsigned char dst[6];
unsigned char src[6];
unsigned short type;
} __attribute__((packed));
struct ip_header{
unsigned char hlen:4;
unsigned char ver:4;
unsigned char service;
unsigned short total;
unsigned short id;
unsigned char flag;
unsigned char offset;
unsigned char ttl;
unsigned char type;
unsigned short chk;
unsigned int src;
unsigned int dst;
} __attribute__((packed));
struct tcp_header {
unsigned short src_port;
unsigned short dst_port;
unsigned char seq[4];
unsigned char ack[4];
unsigned char reserve:4;
unsigned char length:4;
unsigned char flag;
unsigned short window;
unsigned short chksum;
unsigned short dummy;
} __attribute__((packed));
struct pseudo_header {
unsigned long int src;
unsigned long int dst;
unsigned char zero;
unsigned char protocol;
unsigned short length;
struct tcp_header tcp;
} __attribute__((packed));
unsigned short csum ( unsigned short *buf, int nwords )
{
unsigned long sum;
u_short oddbyte;
register u_short answer;
sum = 0;
while( nwords > 1 ) {
sum += *buf++;
nwords -= 2;
}
if( nwords ==1 ) {
oddbyte = 0;
*((u_char *)&oddbyte) = *(u_char *)buf;
sum += oddbyte;
}
sum = (sum >> 16) + (sum & 0xffff);
sum += (sum >> 16);
answer = ~sum;
return (answer);
}
int main(int argc, char *argv[])
{
int send_sock = 0;
int recv_sock = 0;
int size = 0;
struct sockaddr_ll sll;
struct sockaddr_in sin;
struct eth_header eth;
struct ip_header ip;
struct tcp_header tcp;
struct pseudo_header pseudo;
char data[sizeof( eth ) + sizeof( ip ) + sizeof( tcp )] = {0,};
char recv[1024] = {0,};
send_sock = socket(PF_PACKET, SOCK_RAW, 0);
recv_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
sll.sll_family = PF_PACKET;
sll.sll_ifindex = if_nametoindex("enp0s3");
sll.sll_halen = 6;
eth.dst[0] = 0x50;
eth.dst[1] = 0x6a;
eth.dst[2] = 0x03;
eth.dst[3] = 0xaf;
eth.dst[4] = 0x2a;
eth.dst[5] = 0x98;
eth.src[0] = 0x08;
eth.src[1] = 0x00;
eth.src[2] = 0x27;
eth.src[3] = 0x25;
eth.src[4] = 0x5d;
eth.src[5] = 0x35;
eth.type = htons(0x0800);
ip.ver = 0x4;
ip.hlen = sizeof( ip ) >> 2;
ip.service = 0x00;
ip.total = htons( sizeof( ip ) + sizeof( tcp ));
ip.id = htons( 0x1234 );
ip.flag = 0x40;
ip.offset = 0x00;
ip.ttl = 0x80;
ip.type = 0x06;
ip.chk = 0x0000;
ip.src = inet_addr("192.168.15.140");
ip.dst = inet_addr("192.168.15.254");
ip.chk = csum( (unsigned short *)&ip, sizeof( ip ) );
tcp.src_port = htons(1234);
tcp.dst_port = htons(80);
tcp.seq[0] = 0x83;
tcp.seq[1] = 0xe6;
tcp.seq[2] = 0x05;
tcp.seq[3] = 0xf2;
tcp.ack[0] = 0x00;
tcp.ack[1] = 0x00;
tcp.ack[2] = 0x00;
tcp.ack[3] = 0x00;
tcp.length = sizeof(tcp)>>2;
tcp.reserve = 0x00;
tcp.flag = 0x02;
tcp.window = htons(0xffff);
tcp.chksum = 0x0000;
tcp.dummy = 0x0000;
pseudo.src = ip.src;
pseudo.dst = ip.dst;
pseudo.zero = 0;
pseudo.protocol = 0x06;
pseudo.length = htons(sizeof(tcp));
memcpy( &pseudo.tcp, &tcp, sizeof(tcp));
tcp.chksum = csum((unsigned short *)&pseudo, sizeof(pseudo));
memcpy( data, ð, sizeof( eth ) );
memcpy( data + sizeof( eth ), &ip, sizeof( ip ) );
memcpy( data + sizeof( eth ) + sizeof( ip ), &tcp, sizeof( tcp ) );
int i = 0;
unsigned char *ptr = data;
for( i = 0; i < sizeof( data ); i++){
if( i != 0 && i % 16 ==0 ){ printf("\n"); }
printf("%02x ", *(ptr+i));
}
printf("\n");
printf("\n");
sendto(send_sock, data, sizeof(data), 0, (struct sockaddr *)&sll, sizeof(sll));
struct eth_header * peth;
struct ip_header * pip;
struct tcp_header * ptcp;
struct sockaddr_in addr;
char src[9] = {0,};
char dst[9] = {0,};
char seq[4] = {0,};
char ack[4] = {0,};
int a=0;
int b=0;
unsigned char *ptr2=0;
while(1){
recvfrom(recv_sock, recv, sizeof(recv), 0, (struct sockaddr *)&sin, &size);
peth = (struct eth_header *)recv;
if( peth->type == htons(0x0800) ){
pip = (struct ip_header *)(recv + sizeof( eth));
addr.sin_addr.s_addr = pip->src;
ptr = inet_ntoa(addr.sin_addr);
strcpy(src, ptr);
addr.sin_addr.s_addr = pip->dst;
ptr = inet_ntoa(addr.sin_addr);
strcpy(dst, ptr);
ptcp = (struct tcp_header *)(recv + sizeof(eth)+sizeof(ip));
a = ptcp->seq;
ptr2 = a;
strcpy(seq, ptr2);
b = ptcp->ack;
ptr2 = b;
strcpy(ack, ptr2);
if(ptcp->flag == 18){
printf("tcp packet ");
printf("%s(%d) -> %s(%d) ",src, tcp.src_port, dst,tcp.dst_port);
printf("[seq: %s, ack: %s]\n",seq,ack);
}
}
memset( recv, 0, sizeof(recv));
sleep(1);
}
return 0;
}
'네트워크 보안 수업 > 네트워크 취약점 분석' 카테고리의 다른 글
| dns 쿼리 캡쳐-네트워크 보안 수업 17일차 - 코리아 정보보안 IT학원 (0) | 2016.05.31 |
|---|---|
| GET메세지 (0) | 2016.05.25 |
| 네트워크 보안 수업 15일차 - 코리아 정보보안 IT학원 (0) | 2016.05.19 |
| 네트워크 보안수업 14일차 - 코리아 정보보안 IT학원 (0) | 2016.05.18 |
| 네트워크 보안 수업 12일차 - 코리아 정보보안 IT학원 (0) | 2016.05.16 |