exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

simplestealth.c

simplestealth.c
Posted Nov 5, 1999
Authored by shadowpenguin

This is the simple half-open and stealth TCP port scanner. In the half-open mode, this program can recognize the OS type of target host.

tags | tcp
systems | unix
SHA-256 | 32e709a661e220b738d8af8a04858a9eada7064b9ef38ccedab2e39d546a9dac

simplestealth.c

Change Mirror Download
/*======================================================================
Simple Stealth Ver1.10
HalfOpen and Steath Port Scanner, and OS detection
The Shadow Penguin Security (http://shadowpenguin.backsection.net)
Written by UNYUN (unewn4th@usa.net)
======================================================================
*/

#include <stdio.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <sys/time.h>

#define SRC_PORT 10101

#define TH_FIN 0x01
#define TH_SYN 0x02
#define TH_RST 0x04
#define TH_ACK 0x10

struct iphdr{
u_int8_t ihl:4;
u_int8_t version:4;
u_int8_t tos;
u_int16_t tot_len;
u_int16_t id;
u_int16_t frag_off;
u_int8_t ttl;
u_int8_t protocol;
u_int16_t check;
u_int32_t saddr;
u_int32_t daddr;
};

struct tcphdr{
u_int16_t th_sport;
u_int16_t th_dport;
u_int32_t th_seq;
u_int32_t th_ack;
u_int8_t th_x2:4;
u_int8_t th_off:4;
u_int8_t th_flags;
u_int16_t th_win;
u_int16_t th_sum;
u_int16_t th_urp;
};

struct pseudohdr {
u_int32_t saddr;
u_int32_t daddr;
u_int8_t useless;
u_int8_t protocol;
u_int16_t tcplength;
};

unsigned short in_cksum(u_short *addr, int len)
{
int sum=0;
int nleft=len;
u_short *w=addr;
u_short answer=0;

while (nleft > 1){
sum += *w++;
nleft -= 2;
}
if (nleft == 1){
*(u_char *)(&answer) = *(u_char *)w ;
sum += answer;
}
sum = (sum >> 16) + (sum & 0xffff);
sum += (sum >> 16);
answer = ~sum;
return(answer);
}
int send_packet(int socket,
struct sockaddr_in *target_addr,
struct sockaddr_in *your_addr,
unsigned char session_flags,unsigned long sequence)
{
struct iphdr *ip_header;
struct tcphdr *tcp_header;
struct pseudohdr *pseudo_header;
char send_buf[40];
int send_length;
int sent_length;

memset(send_buf,0,40);
ip_header = (struct iphdr *)send_buf;
tcp_header = (struct tcphdr *)(send_buf+sizeof(struct iphdr));
pseudo_header = (struct pseudohdr *)((char*)tcp_header-sizeof(struct pseudohdr));

pseudo_header->saddr = your_addr->sin_addr.s_addr;
pseudo_header->daddr = target_addr->sin_addr.s_addr;
pseudo_header->protocol = IPPROTO_TCP;
pseudo_header->tcplength = htons(sizeof(struct tcphdr));

tcp_header->th_sport = your_addr->sin_port;
tcp_header->th_dport = target_addr->sin_port;
tcp_header->th_off = 5;
tcp_header->th_flags = session_flags;
tcp_header->th_seq = htonl(sequence);
tcp_header->th_ack = htonl(0);
tcp_header->th_win = htons(512);
tcp_header->th_sum = in_cksum((u_short *)pseudo_header,sizeof(struct pseudohdr)+sizeof(struct tcphdr));

memset(send_buf,0,sizeof(struct iphdr));
ip_header->saddr = your_addr->sin_addr.s_addr;
ip_header->daddr = target_addr->sin_addr.s_addr;
ip_header->version = 4;
ip_header->ihl = 5;
ip_header->ttl = 255;
ip_header->id = rand()%0xffff;
ip_header->protocol = IPPROTO_TCP;
ip_header->tot_len = htons(sizeof(struct iphdr)+sizeof(struct tcphdr));
ip_header->check = in_cksum((u_short *)ip_header,sizeof(struct iphdr));

send_length=sizeof(struct iphdr)+sizeof(struct tcphdr);
sent_length=sendto(socket,send_buf,send_length,0,
(struct sockaddr *)target_addr,sizeof(struct sockaddr));
if (send_length != sent_length) return -1;
else return 0;
}
int main(int argc, char *argv[])
{
struct iphdr *ip_header;
struct tcphdr *tcp_header;
struct sockaddr_in target_info;
int target_info_len;
fd_set read_fd;
int scan_port;
unsigned char scan_flag;
char recvbuf[5000];
struct sockaddr_in target_addr;
struct sockaddr_in your_addr;
int raw_socket;
int tcp_socket;
int result=0;
int i;
static struct{
unsigned int WindowSize;
char OSname[30];
}OSfeatures[]={
/*-----< Checked OS >---------------------------------------*/
{0x9823,"Solaris 2"}, /* Sol7(Intel),2.6,2.5,2.4(Sparc) */
{0x0010,"SunOS 4"}, /* SunOS4.1 (Sparc) */
{0x00f0,"IRIX"}, /* IRIX 5.3(Indy),6.3(O2) */
{0x00c0,"IRIX6.2"}, /* IRIX 6.2(IMPACT) */
{0xe07f,"Linux"}, /* TurboLinux3.0 (Intel) */
{0x0040,"FreeBSD"}, /* FreeBSD 2.2.7 or NetBSD 1.3 */
{0x0080,"Digital"}, /* Digital 4.0 or HP-UX B1.10.20 */
{0x8021,"Windows"}, /* Windows 95/98/NT4 */
{0x5B45,"MacOS"}, /* MacOS 7.5.5 , 8.5 */
/*-----< Thanks! nmap-os-fingerprints >---------------------*/
{0x253f,"AIX 3"}, /* AIX 3 */
{0x433e,"AIX 4"}, /* AIX 4.1 */
{0xafff,"AIX 4"}, /* AIX 4.1 */
{0x253f,"AIX 4"}, /* AIX 4.1 */
{0x1720,"BSD/OS"}, /* BSDI BSD/OS 2.1, 3.0 */
{0x0020,"HP-UX"}, /* HP-UX 9 */
{0x2e40,"FreeBSD"}, /* FreeBSD 2.2.1 - 3.0 */
{0x3d40,"FreeBSD"}, /* FreeBSD 2.2.1 - 3.0 */
{0x5c80,"Digital"}, /* Digital UNIX OSF1 V 4.0,4.0B,4.0D */
{0x0008,"OS/2"}, /* IBM OS/2 V.3 */
{0x2aef,"IRIX5,6"}, /* IRIX 5.3 */
{0x00c0,"IRIX6.4,6.5"},/* IRIX6.4 or 6.5 */
{0x003c,"Linux2028"}, /* Linux 2.0.28 */
{0x007c,"Linux2030"}, /* Linux 2.0.30 */
{0xe07f,"Linux2033-"},/* Linux 2.0.33-36 */
{0x537f,"Linux21xx"}, /* Linux 2.1.122 - 2.1.130 */
{0x870f,"NeXT"}, /* NeXT Mach */
{0xff1f,"NetWare"}, /* Novell Netware 3.12 - 5.00 */
{0x2e40,"OpenBSD"}, /* OpenBSD 2.1-2.3 or WinNT5 Beta */
{0x2332,"Solaris 2"}, /* Solaris2.3-2.5 */
{0x9722,"Sol26-27"}, /* Solaris2.6-2.7 */
{0x1720,"Windows"}, /* Windows 95/98/NT4 */
{0x0000,""}};

if (argc!=5){
printf("[usage] %s [YourIP] [TargetIP] [TargetPort] [mode]\n",argv[0]);
printf(" (mode : 's'=SYN scan, 'f'=FIN scan, 'a'=ACK scan)\n");

return -1;
}
switch(argv[4][0]){
case 's' : scan_flag = TH_SYN; break;
case 'f' : scan_flag = TH_FIN; break;
case 'a' : scan_flag = TH_ACK; break;
default : printf("Invalid mode.\n"); return -1;
}
scan_port = atoi(argv[3]);

ip_header = (struct iphdr *)recvbuf;
tcp_header = (struct tcphdr *)(recvbuf+sizeof(struct iphdr));
target_addr.sin_family = AF_INET;
target_addr.sin_addr.s_addr = inet_addr(argv[2]);
target_addr.sin_port = htons(scan_port);
your_addr.sin_addr.s_addr = inet_addr(argv[1]);
your_addr.sin_port = htons(SRC_PORT);

if ((tcp_socket=socket(AF_INET,SOCK_RAW,IPPROTO_TCP))==-1){
printf("Can not create raw socket.\n");
return -1;
}
if ((raw_socket=socket(AF_INET,SOCK_RAW,IPPROTO_RAW))==-1){
printf("Can not create raw socket.\n");
return -1;
}

send_packet(raw_socket,&target_addr,&your_addr,scan_flag,100);
FD_ZERO(&read_fd);
FD_SET(tcp_socket,&read_fd);
select(FD_SETSIZE,&read_fd,NULL,NULL,NULL);
for (;;){
if (FD_ISSET(tcp_socket,&read_fd)){

target_info_len = sizeof(target_info);
recvfrom(tcp_socket,recvbuf,5000,0,
(struct sockaddr *)&target_info,&target_info_len);
if (target_info.sin_addr.s_addr == target_addr.sin_addr.s_addr)
if (ntohs(tcp_header->th_dport) == SRC_PORT
&& ntohs(tcp_header->th_sport) == scan_port){

printf("\nReply from %s\n",argv[2]);
if (tcp_header->th_flags & TH_RST) printf("RST\n");
if (tcp_header->th_flags & TH_ACK) printf("ACK\n");
if (tcp_header->th_flags & TH_SYN){
printf("SYN\n");
if (scan_flag & TH_SYN){
result=1;

for (i=0;;i++){
result=1;
if (strlen(OSfeatures[i].OSname)==0) break;
if (OSfeatures[i].WindowSize == tcp_header->th_win)
printf("\nOS = %s\n",OSfeatures[i].OSname);
}
}
}
printf("\nTTL = %d\nTCP window size = %xH\n\n",
ip_header->ttl,tcp_header->th_win);
if (ip_header->ttl < 65
&& tcp_header->th_win > 0
&& scan_flag & TH_ACK) result=1;

if (result==1) printf("Port %s : open\n\n",argv[3]);
else printf("Port %s : close\n\n",argv[3]);
if (!(tcp_header->th_flags & TH_RST))
send_packet(raw_socket,&target_addr,&your_addr,
TH_RST, 101);
break;
}
}
}
return(0);
}
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close