hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > The Archives > General Network Security
oxygen007m
Sep 25 2003, 04:38 PM
hi guys
it is good idea to have a good & complete tutorial about ip & ip finding , valid or invalid ip
,internal & external ip , ip spoofing , subnet ,subnet mask & other related
material in this field .
=====================================
thanks in advance
-------------------------------------------------------------------
abuse
Sep 27 2003, 12:05 AM
Simple routine to get a host's routable IP:
CODE

ULONG GetHostIP(void)
{
char FAR name[255];
gethostname(name, 255);
struct hostent FAR * pHostent;
pHostent = gethostbyname(name);
if(!pHostent)
 return 0;
//all IP addresses:
int i;
for(i=0;i < 100;i++)
{ if(!pHostent->h_addr_list[i])
  break;
 in_addr tmp;
 tmp.S_un.S_addr = *(DWORD *) pHostent->h_addr_list[i];
 sprintf(name,"%.2u: %s\n",i,inet_ntoa(tmp));
 printf(name);
}
//Only one ip ?
if(pHostent->h_addr_list[1] == 0)
{ return *(ULONG *) pHostent->h_addr_list[0];
}
//Choose a non-internal IP
UCHAR *ip;
for(i=0;pHostent->h_addr_list[i]!=0;i++)
{ ip = (UCHAR*) pHostent->h_addr_list[i];
 if(ip[0]==10)
  continue;
 if((ip[0]==172)&&( (ip[1]>=16)&&(ip[1]<=31) ))
  continue;
 if((ip[0]==192)&&(ip[1]==168))
  continue;
 return *(ULONG *) pHostent->h_addr_list[i];
}
return 0;
}


Spoofing aint really hard, but be aware that this only works for UDP/ICMP as connection oriented protocols like TCP obviously need valid receivers and senders.
On win this goes a little like this:
CODE

char data[] = "test";
int datalen = (int) strlen(data);

sockaddr_in to; //target
to.sin_family = AF_INET;
to.sin_addr.s_addr = inet_addr("192.168.1.1");
to.sin_port = 0;

srand( (DWORD)time(NULL) + rand());

IPHDR IpHdr;
UDPHDR UdpHdr;

IpHdr.ip_vl = 0x45; //version=4, Hdr length = 5 * 32Bit
IpHdr.ip_tos = 0x00;
IpHdr.ip_len = htons (sizeof(IpHdr) + sizeof(UdpHdr) + datalen);
IpHdr.ip_id = htons ((u_short)rand());
IpHdr.ip_off = 0;
IpHdr.ip_ttl = (char) 0x40;
IpHdr.ip_p = IPPROTO_UDP;

IpHdr.ip_src.s_addr = randip(to.sin_addr.s_addr);   // <--- produces a fake sender address by randomizing the lower 2 bytes of the receivers IP

IpHdr.ip_dst.s_addr = to.sin_addr.s_addr;
IpHdr.ip_sum = ip_sum ((u_short*)&IpHdr, sizeof (IpHdr));

UdpHdr.uh_sport = htons(2000+(rand()%3000));
UdpHdr.uh_dport = htons(135);
UdpHdr.uh_ulen = htons ((u_short) (sizeof(UdpHdr)+datalen));
UdpHdr.uh_sum = 0;

int packetlen = sizeof(IpHdr)+sizeof(UdpHdr)+datalen;
char *packet = (char*) malloc(packetlen);
memcpy(packet,&IpHdr,sizeof(IpHdr));
memcpy(packet+sizeof(IpHdr),&UdpHdr,sizeof(UdpHdr));
memcpy(packet+sizeof(IpHdr)+sizeof(UdpHdr),data,datalen);

SOCKET udp_sock = socket(AF_INET,SOCK_RAW,IPPROTO_UDP);
u_long on = 1;
setsockopt(udp_sock,IPPROTO_IP,IP_HDRINCL,(char*)&on,sizeof(on));
sendto(udp_sock,packet,packetlen,0,(sockaddr *)&to,sizeof(to));
free(packet);

Here's a simple example for the subroutines used above (made extra simple)
CODE


#define nospoof 2

u_long randip (u_long destip)
{
 struct in_addr ina;
 char convi[16];
 int a, b, c, d;
 ina.s_addr = destip;
 srand((int) time(0) + rand());
 sscanf (inet_ntoa(ina), "%d.%d.%d.%d", &a, &b, &c, &d);
 if (nospoof < 2)
   b = 1+rand() % 253;
 if (nospoof < 3)
   c = 1+rand() % 253;
 d = 1+rand() % 253;
 sprintf (convi, "%d.%d.%d.%d", a, b, c, d);
 return inet_addr (convi);
}
unsigned short ip_sum (u_short *addr, int len)
{
   int nleft = len;
   u_short *w = addr;
   int sum = 0;
   u_short answer = 0;
   while (nleft > 1)
{ sum += *w++;
       nleft -= 2;
}
   if (nleft == 1)
{ *(u_char *) &answer = *(u_char *) w;
 sum += answer;
}
   sum = (sum >> 16) + (sum & 0xffff);
   sum += (sum >> 16);
   answer = ~sum;
   return (answer);
}

The needed structures go a little like this:
CODE

typedef struct _ip {
char  ip_vl;              /* header length */ /* version */
char  ip_tos;               /* type of service */
USHORT ip_len;               /* total length */
USHORT ip_id;                /* identification */
USHORT ip_off;               /* fragment offset field */
char  ip_ttl;               /* time to live */
char  ip_p;                 /* protocol */
USHORT ip_sum;               /* checksum */
struct in_addr ip_src, ip_dst;
} IPHDR;
typedef struct _udphdr {
       u_short uh_sport;               /* source port */
       u_short uh_dport;               /* destination port */
       short   uh_ulen;                /* udp length */
       u_short uh_sum;                 /* udp checksum */
} UDPHDR;


That's all .. hope that helps a bit
oxygen007m
Sep 27 2003, 09:40 AM
usefull , thanks for your work . biggrin.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.