-
Posts
18740 -
Joined
-
Last visited
-
Days Won
711
Everything posted by Nytro
-
Download: http://www.thehackademy.net/archives/apihooksniff.zip
-
HZVSNIFF We are going to talk about “how to make your own sniffer ?”. At first, i have to tell you that this paper is more a development guide which should help you to make your own program, and to understand sniffing concepts in a raw level mode. So this paper will only be usefull to people who already something about C programming, as well as in networking. What is a sniffer ? It is a tool which can be used to read all network packets going through your network card. The aim is originally to detect some problems which may occurs on a lan / wan. But another way to use such a program is to be able to read all packets' content after having hijacking them on your computer... For what ? In order to intercept some logins/passwords ... We don't explain in this article how to hijack a connection, but only how to read and decode all packets going through your network cards. Moreover, if you are on a broadcast network (meaning that each packet are sent to every computers on the Lan), it won't be necessary to set up an hijacking attack : all packets from the network are received on your network card. But how make them “accepted” by your card, and how to read them ? Promiscious mode: Let's talk about the default communication process between two computers : the first one send through its network card one packet, which contains MAC address of the target. A system just takes care about packets its MAC address as the destination, and drops all others. So on a broadcasted network, all computers receive all sent packets, and drop all those for which they are not the destination. Promiscious allow to escape that process in order to catch every packets, whatever MAC destination is. You really want to use a library to develop the sniffer to don't deal directly with the network raw level. The libpcap is designed to used in this way, to develop your soft, and is moreover present onto Unix and Windows. Maybe you already know tcpdump or ethereal, and guess what : both of them have been developed onto it. First, you have to install this lib : $> tar xvzf libpcap-0.6.2.tar.gz ....... $> cd libpcap-0.6.2 $> ./configure $> make $> make install You won't forget to include the good header in your sources : #include Have a look on the development manpages $> man libpcap Lets now have a look on APIs' syntax : pcap_open_live It is tha main function, used to set up one sniffing session by using that lib. It returns a file descriptor you can use to read intercepted packets, to create and apply some filters ... Of course, you have to call this function !! pcap_t *pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf) Char *device : Network interface you used to intercept data. You have to give its character string representation (eth0, eth1, wlan0 ...) int snaplen : Max size of information which will be read in one packet. In general, you can use 1500 bytes on an ethernet Lan. int promisc: do you want to enable the promiscious mode (1), or not (0) ... You probably want to use it. Int to_ms: timeout char *ebuf : In case of errors, they are returned onto that address. On success case, NULL is returned. You should know that the file descriptor is given as an argument of the pcap_t structure, returned by the main API pcap_open_live. pcap_next : This function is used to return address of each intercepted packet written in a queue. Each returned pointer points to an usigned character string, which are one captured packets in the queue. u_char *pcap_next(pcap_t *p, struct pcap_pkthdr *h) pcap_t *p : File descriptor returned by pcap_open_live. pcap_pkhdr *p : pointer on to pcap_pkhdr structure, into which headers of received packets are formated to be read. You find it in the pcap.h file. pcap_lookupnet : This function returns the network's address and subnet. int pcap_lookupnet(char *device,bpf_u_int32 *netp,bpf_u_int32 *maskp, char *errbuf); Char *device : Network interface used to capture traffic. bpf_u_int32 *netp : Address where is saved the network address bpf_u_int32 *maskp : Address where is saved the sbnet address char *errbuf: Address where are returned errors. pcap_stats : Get some statistics on received packets. These informations are saved, and formated to be read in a pcap_stat structure. int pcap_stats(pcap_t *p, struct pcap_stat *ps) pcap_t *p : file desciptor return by pcap_open_live struct pcap_stat *ps : Target where are wrote statistics about traffic struct pcap_stat { u_int ps_recv; // Number of received packet u_int ps_drop; // Number of dropped packet u_int ps_ifdrop; // Not yet supported }; pcap_lookupdev : Return default network interface. u_char pcap_lookupdev(char *errbuf) Char *errbuf : Address where are return errors, NULL otherwise. We have shown all functions you have to use in your sniffer, and to make it work well. But, you will find lots of more functions in development manpages. -----------------------------------------------start--------------------------------------------------- #include /* Some basic libraries */ #include int main(void) { int i,a=0,nbrpaquets; /* variable (counter) i as a counter on received packets a as the number of received packets nbrpaquets number of packets already captured */ char interface[10]; /* Network interface used to sniff */ bpf_u_int32 netp,maskp; /* Network and subnet addresses */ int affichage=0; /* Define the desired formatting to display captured packets */ char erreur[PCAP_ERRBUF_SIZE]; /* Buffer use to write errors, max sie defined in pcap.h as the macro PCAP_ERRBUF_SIZE */ pcap_t *descriptPaquet = NULL; /* File descriptor returned by pcap_open_live */ struct pcap_stat *statistiques; /* Statistics ' structure */ struct pcap_pkthdr paquethdr; /* Header structure used by pcap_next. */ u_char *paquet; /* content of captured packets */ statistiques = (struct pcap_stat*)malloc(sizeof(struct pcap_stat)); /* Memory allocation to write statistic structure */ printf("\n\n\n-+-+-+-+-+-+-+-+HZVSniff+-+-+-+-+-+-+-+-\n"); printf(" CoDeD By ReDiLs For HZVManual\n\n"); printf("Interface to sniff (default :0) "); scanf("%10s",interface); /* we get a character string representation of the used to sniff interface*/ printf("\nHow many packets to intercept: "); scanf("%d",&nbrpaquets); /* We get number of packets to sniff.*/ printf("\nChoisissez le type d'affichage des données :\n"); printf(" 1 -> Display : Characters Mode printf(" 2-> Display hexa mode\n"); scanf("%d",&affichage); while((affichage!=1) && (affichage!=2)) { printf("Choose 1 oo 2 \n"); scanf("%d",&affichage); } if(strcmp(interface,"0")==0)strcpy(interface,pcap_lookupdev(erreur)); /* We check if user want to call pcap_lookupdev to find default network interface*/ if ((descriptPaquet = pcap_open_live(interface, 1500, 0, 1000, erreur))==NULL) /* File descriptor allocation*/ { printf("Erreur : %s\n",erreur); /* If errors, we display them*/ exit(1); } pcap_lookupnet(interface,&netp,&maskp,erreur); /* We get network's address and subnet */ printf("\nNetwork : %x\n",netp); /* We display network in hexa mode.*/ printf("\nMask : %x\n",maskp); /* Display Mask in hexa mode*/ pcap_stats(descriptPaquet, statistiques); /* We call the statistics' function*/ printf("Displaying network traffic : %s\n",interface); while (a!=nbrpaquets) /* Until desired number of captured packet is not done, we get them */ { paquet = (u_char *) pcap_next(descriptPaquet, &paquethdr); /* We get packets'content*/ if (paquet != NULL) /* If content is not emty (some times, it may be), we don't display it.*/ { for (i=0; i<500; i++) /* We display the first 500 bytes of packets*/ { if(affichage==1)printf("%c",*paquet); /* Which format to display output ?*/ else paquet++; } printf("\n*********************************************************************\n"); } ++; } pcap_stats(descriptPaquet, statistiques); printf("Statistis :\n"); printf("Received packets : %d\n",statistiques->ps_recv); printf("Dropped packets : %d\n",statistiques->ps_drop); } --------------------------------------end--------------------------------------------------------- To compile your code : gcc -lpcap -o hzvsniff hzvsniff.c Source: http://www.thehackademy.net/
-
A fost cel mai jegos bac dintre toate... Multe magarii, examenele propriu-zise nasoale rau, cel putin la matematica, nici un fel de egalitate intre elevi, una e sa dai la istorie unde s-a luat numai 8-9-10, alta e sa dai la matematica M1 unde s-a luat 1,5 - 2 - 3 - 4 -5 - 6, notele au fost penale, la 2 lucrari identice, diferente de 2 puncte intre ele si multe altele. Cred ca si contestatiile for fi tot de mantuiala. LiviuCool: Nu, http://mta.ro/admitere/Locuri_admitere_2010.pdf
-
Pfff, amice, ce crezi ca faci? http://rstcenter.com/forum/18293-cum-sa-suni-gratuit-de-pe-net-sau-de-pe-iphone-la-orice-numar-din-lume.rst --> Suna gratis oriunde in lume | Hacking-Unlimited Blog Tu nu ai auzit de drepturi de autor? Ban!
-
Cateva mici statistici (calculate de mine, sper ca am calculat bine): Valcea: Trecuti: 3397 Picati: 1196 Total: 4593 Picati: 26% Pe tara: Trecuti: 136254 Picati: 73,832 Total: 210086 Picati: 35% Pe tara: 131 cu 10.00 phantomas90: Am vorbit cu cineva de acolo, am inteles cam cum sta treaba.
-
Ce s-a facut la bac: La examene se poarta perlele! O colectie de-a rasu'-plansu' - Stirileprotv.ro Cica in Bucuresti 41% au picat. Si prin Buzau parca a fost un liceu la care au picat toti elevii )
-
Academia Tehnica Militara - Sisteme informatice si electronice pentru aparare si securitate nationala
-
Nu m-am mai ocupat de acest program, timpul nu imi permite. Incepusem lucrul la o noua versiune, dar nu am avut timp nici de ea si am abandonat proiectul. Vezi ResHacker
-
Da, dar nu stiu ce ar putea face acel "virus" pe care vrei sa il faci fara apelul unor functii de sistem din kernel, user32, care nu sunt functii pe care le poti scrie tu... Apelul se poate face si direct cu shellcode-ul care exista pentru unele functii, dar mai repede se face cu invoke. In plus diferenta dintre un cod scris in assembly si unul scris bine in C nu cred ca este foarte mare.
-
Cum faci un program care asambleaza/rescrie pe un altul ?
Nytro replied to Krisler12™'s topic in Programare
A, tu vrei un virus care sa se scrie in alte executabile si sa ruleze cand ruleaza acele executabile. Cred. Pai nu e asa de usor. Virusul tau nu cred ca este format numai din shellcode (cod masina) ci are nevoie si de anumite date (ne)initializate, in sectiuni diferite. Asta inseamna ca acele date trebuie incarcate in memorie la adresa potrivita. De asemenea, daca reusesti sa faci asta, va trebui sa te intorci la adresa de la care ai sarit si astfel sa ruleze executabilul infectat. Da, in teorie totul e usor, practica ne omoara. Asa pateam si eu mereu, imi venea peste noapte cine stie ce idee si eram sigur ca va revolutiona lumea, dar cand incercam sa o pun in practica vedeam ca nu prea se poate. -
Florin Salam - Dupa aeroportul din Palermo
-
Cred ca functia va fi scrisa tot in C++, cel putin header-ul, dar instructiunile vor fi scrise in ASM. int suma(int a, int { __asm { mov eax, a mov ebx, b add eax, ebx retn eax } } Probabil asa, NU STIU. (sa se inteleaga, am venit doar cu o posibila idee). Eu iti repet, lasa astea, si nu te mai uita la tutoriale de ASM daca nu sti ce fac acele instructiuni, daca nu sti cum arata un fisier PE in memorie si altele.
-
Nu sta nimeni sa le organizeze pe categorii... Am terminat cu bacul, dar am admitere nasoala, sa vad ce fac si cat timp am...
-
Eu voiam 8 Bine, putin imi pasa de cat am luat, ma bucur ca am trecut la mate. Notele: Romana: 8,25 Matematica M1: 6,05 Informatica T2: 9,20 Media: 7,83 Nu voiam decat sa trec, nu imi trebuie media decat 5%, ceea ce nu se "simte".
-
Nu stiu Assembly si din cate vad nici tu nu sti. Deci nu are rost sa se chinuie cineva sa iti raspunda. Datele se pun pe stiva, parametrii, folosind "push", apoi se apeleaza functia din C++ de exemplu, daca asta vrei, apoi se scot datele depe stiva cu "pop". #include <stdio.h> char format[] = "%s %s\n"; char hello[] = "Hello"; char world[] = "world"; void main( void ) { [URL="http://www.codeguru.com/forum/showthread.php?t=308575"]__asm[/URL] { mov eax, offset world push eax mov eax, offset hello push eax mov eax, offset format push eax call printf pop ebx pop ebx pop ebx } } Inca o data, nu stiu Assembly...
-
Cum faci un program care asambleaza/rescrie pe un altul ?
Nytro replied to Krisler12™'s topic in Programare
Un executabil e format din mai multe sectiuni. Aceste sectiuni contin anumite tipuri de date. Exista sectiuni pentru cod masina, codul executabil propriu-zis, sectiuni pentru date initializate si sectiuni pentru date neinitializate. Daca incepi sa modifici un executabil trebuie sa sti ce faci pe acolo. NOP-urile nu cred ca sunt chiar degeaba. Daca vrei sa faci un crack ceva, cred ca cel mai simplu ar fi, desi nu stiu daca se poate, sa modifici un jmp. Probabil executabilul contine ceva de genyl: if(!serial_corect) zii_ca_nui_bun();. In Assembly, asta probabil este un jnz (jump not zero) si decat pui jz (jump zero). Bine, sunt cam paralel cu asta si probabil spun prostii. Insa ideea e sa lasi tu astea si sa incepi sa inveti lucrurile de baza. Daca chiar vrei, invata mai intai C++, cred ca e necesar, apoi Assembly, mai citestid espre structura PE si esti boss. -
Arduino: Citesc, dar nu pe calculator. Trebuia sa citesc 30 de pagini cu metodologia de la ATM, si nu am putut nici astea sa le citesc pe PC, mi le-am scos la imprimanta. Si asta e problema pentru toata lumea.
-
Proasta idee. Nu le citeste nici dracu. Tu cate carti ai citit pe net?
-
Babi Minune - Sa vina toti nebunii mei
-
Bindat: http://i49.tinypic.com/8z301t.png Ban.
-
Am scapat. A fost cam nasol la mate si la romana nu am putut copia. Acum la info am facut, vreau minim 9. Bine, am dat si neintensiv, T2. Dar sa zicem ca nu a fost exagerat de usor, dar nici greu nu a fost. Sper la o medie generala de 7,66: 8, 6, 9.
-
Eu nu foloseam nici la scoala Borlandul, foloseam CodeBlocks. PS: Nu am testat asta pe Windows, pe Linux merge bine. Puneti si voi #include<iostream.h> si decat cout in loc de std::cout. A, si daca doriti, void main() fara return.
-
Eu cred ca voi pune void, desi in practica folosesc int. Si va trebui sa pui "cout" probabil, desi ma tenteaza mai mult printf-ul... Si pentru siruri strcpy, strcat, nu std::string. Iar pentru citire si scriere din fisiere fstream nu fopen, fread, fclose. Bine, cred ca poti folosi si astea, normal ar fi sa folosesti ce vrei tu.