开通博客赚积分
发布资源赚积分
分类

源码开发语言/平台
当前位置:首页 > 源码/资料 > 系统/网络安全 > 查看源码
nmbnamex.c
资源名称:smbls98.tar.gz [点击查看]
上传用户:puhui2008
上传日期:2007-01-07
资源大小:295k
文件大小:4k
源码类别:

系统/网络安全

开发平台:

Unix_Linux

nmbnamex.c:源码内容
  1. /* Note i have include a little utility pinched from ADMtoolz
  2.  for get the netbios name
  4.   --------------------------------------------------------------------------
  5. ------------------------------[ADMnmbname.c]----------------------------------
  6.   --------------------------------------------------------------------------  */
  9. #define DEFAULT_OFFSET 3500
  10. #define DEFAULT_BUFFER_SIZE 3081
  11. #define NOP 0x90
  12. #define NMBHDRSIZE 13
  13. #include <stdio.h>
  14. #include <stdlib.h>
  15. #include <unistd.h>
  16. #include <fcntl.h>
  17. #include <sys/types.h>
  18. #include <sys/socket.h>
  19. #include <sys/wait.h>
  20. #include <sys/ioctl.h>
  21. #include <sys/stat.h>
  22. #include <netdb.h>
  23. #include <netinet/in.h>
  24. #include <netinet/ip.h>
  25. #include <netinet/ip_icmp.h>
  26. #include <netinet/ip_tcp.h>
  28. struct nmbhdr {
  29. unsigned short int id;
  31. unsigned char  R:1;
  32. unsigned char  opcode:4;
  33. unsigned char  AA:1;
  34. unsigned char  TC:1;
  35. unsigned char  RD:1;
  36. unsigned char  RA:1;
  37. unsigned char  unless:2;
  38. unsigned char  B:1;
  39. unsigned char  RCODE:4;
  42. unsigned short int que_num;
  43. unsigned short int rep_num;
  44. unsigned short int num_rr;
  45. unsigned short int num_rrsup;
  46. unsigned char namelen;
  47. };
  50. struct typez{
  51. u_int type;
  52. u_int type2;
  53. };
  56. unsigned int host2ip(char *serv)
  57. {
  58. struct sockaddr_in sin;
  59. struct hostent *hent;
  61. hent=gethostbyname(serv);
  62. if(hent == NULL) return 0;
  63. bzero((char *)&sin, sizeof(sin));
  64. bcopy(hent->h_addr, (char *)&sin.sin_addr, hent->h_length);
  65. return sin.sin_addr.s_addr;
  66. }
  70. main( int argc, char  **argv)
  71. {
  72. struct sockaddr_in  sin_me , sin_dst;
  73. struct nmbhdr *nmb,*nmb2;
  74. struct iphdr *ipz;
  75. struct typez  *typz;
  76. struct hostent *hent;
  77. int socket_client,sr,num,i=1,bha,timeout=0,try=0,GO=0;
  78. int longueur=sizeof(struct sockaddr_in);
  79. char  *data;
  80. char  *dataz;
  81. char   buffer[1024];
  82. char   buffer2[1024];
  83. char   namezz[1024];
  84. char   name[64]="CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
  85. char   c;
  87. if(argc <2) {
  88.         printf("usage: ADMnmbname <ip of the victim>n");
  89.         exit (0);
  90.         }
  93. socket_client=socket(AF_INET,SOCK_DGRAM,17);
  94. sr=socket(AF_INET,SOCK_RAW,17);
  95. ioctl(sr,FIONBIO,&i);
  98. sin_me.sin_family=AF_INET;
  99. sin_me.sin_addr.s_addr=htonl(INADDR_ANY);
  100. sin_me.sin_port=htons(2600);
  102. sin_dst.sin_family=AF_INET;
  103. sin_dst.sin_port=htons(137);
  104. sin_dst.sin_addr.s_addr = host2ip(argv[1]);
  106. nmb = (struct nmbhdr *)  buffer;
  107. data = (char *)(buffer+NMBHDRSIZE);
  108. typz = (struct typez *)(buffer+NMBHDRSIZE+33);
  109. nmb2 = (struct nmbhdr *)(buffer2+20+8);
  110. ipz   = (struct iphdr *)buffer2;
  111. dataz = (char *)(buffer2+50+7+20+8);
  113. memset(buffer,0,1024);
  114. memset(buffer2,0,1024);
  115. memset(namezz,0,1024);
  116. memcpy(data,name,33);
  118.            /* play with the netbios query format :) */
  120. nmb->id=0x003;
  121. nmb->R=0;                  /* 0 for question 1 for response */
  122. nmb->opcode=0;             /* 0 = query */
  123. nmb->que_num=htons(1);     /* i have only 1 question :) */
  124. nmb->namelen=0x20;
  125. typz->type=0x2100;
  126. typz->type2=0x1000;
  128. sendto(socket_client,buffer,50,0,(struct sockaddr *)&sin_dst,longueur);
  132.   for(timeout=0;timeout<90;timeout++ )
  133.   {
  134.            usleep(100000);
  135.            buffer2[0]='0';
  136.            recvfrom(sr,buffer2,800,0,(struct sockaddr *)&sin_dst,&(int)longueur);
  138.         if(buffer2[0]!='0')
  139.                 {
  143.                           if(nmb2->rep_num!=0)
  144.                             {
  145.                             bha=0;
  147.                                      for(;;)
  148.                                      {
  150.                                         c=*(dataz+bha);
  151.                                         if(c!='x20')
  152.                                                         {
  154.                                                         namezz[bha]=c;
  155.                                                         bha++;
  156.                                                          }
  157.                                         if(c=='x20')break;
  158.                                    }
  160. printf("%sn",namezz);
  161.                                 printf("netbios name of %s is %sn",argv[1],namezz);
  162.                                 try =4;
  163.                                 GO = 4;
  165.                                 break;
  166.                               }
  167.                 }
  170.      }
  175. memset(buffer,0,1024);
  176. memset(buffer2,0,1024);
  178. }