Hping - Active Network Security Tool
http://www.hping.org/
下載
http://www.hping.org/download.html
- Unix-Like 最新版 hping3-20051105
- 穩定版 (Stable) 目前最新 2.0.0-rc3
- for Windows版目前最新 hping2
hping 可以偽造來源 IP 位址發送封包,
*********************************************************************************
*********************************************************************************
Windows 7 with SP1 x64 上安裝
下載
C:\Users\John\Desktop\hping2.win32>hping hping2: missing host argument Try `hping2 --help' for more information. C:\Users\John\Desktop\hping2.win32>hping --help usage: hping host [options] -h --help show this help -v --version show version -c --count packet count -i --interval wait (mX for X milliseconds, for example -i m10) --fast alias for -i m100 (10 packets for second) -n --numeric numeric output -q --quiet quiet -I --interface interface IP (otherwise default routing interface) -V --verbose verbose mode -D --debug debugging info -z --bind bind ctrl+z to ttl (default to dst port) -Z --unbind unbind ctrl+z Mode default mode TCP -0 --rawip RAW IP mode -1 --icmp ICMP mode -2 --udp UDP mode -8 --scan SCAN mode. Example: hping --scan 1-30,70-90 -S www.target.host -9 --listen listen mode IP -a --spoof spoof source address --rand-dest random destination address mode. see the man. --rand-source random source address mode. see the man. -t --ttl ttl (default 64) -N --id id (default random) -W --winid use win* id byte ordering -r --rel relativize id field (to estimate host traffic) -f --frag split packets in more frag. (may pass weak acl) -x --morefrag set more fragments flag -y --dontfrag set dont fragment flag -g --fragoff set the fragment offset -m --mtu set virtual mtu, implies --frag if packet size > mtu -o --tos type of service (default 0x00), try --tos help -G --rroute includes RECORD_ROUTE option and display the route buffer --lsrr loose source routing and record route --ssrr strict source routing and record route -H --ipproto set the IP protocol field, only in RAW IP mode ICMP -C --icmptype icmp type (default echo request) -K --icmpcode icmp code (default 0) --force-icmp send all icmp types (default send only supported types) --icmp-gw set gateway address for ICMP redirect (default 0.0.0.0) --icmp-ts Alias for --icmp --icmptype 13 (ICMP timestamp) --icmp-addr Alias for --icmp --icmptype 17 (ICMP address subnet mask) --icmp-help display help for others icmp options UDP/TCP -s --baseport base source port (default random) -p --destport [+][+]<port> destination port(default 0) ctrl+z inc/dec -k --keep keep still source port -w --win winsize (default 64) -O --tcpoff set fake tcp data offset (instead of tcphdrlen / 4) -Q --seqnum shows only tcp sequence number -b --badcksum (try to) send packets with a bad IP checksum many systems will fix the IP checksum sending the packet so you'll get bad UDP/TCP checksum instead. -M --setseq set TCP sequence number -L --setack set TCP ack -F --fin set FIN flag -S --syn set SYN flag -R --rst set RST flag -P --push set PUSH flag -A --ack set ACK flag -U --urg set URG flag -X --xmas set X unused flag (0x40) -Y --ymas set Y unused flag (0x80) --tcpexitcode use last tcp->th_flags as exit code --tcp-timestamp enable the TCP timestamp option to guess the HZ/uptime Common -d --data data size (default is 0) -E --file data from file -e --sign add 'signature' -j --dump dump packets in hex -J --print dump printable characters -B --safe enable 'safe' protocol -u --end tell you when --file reached EOF and prevent rewind -T --traceroute traceroute mode (implies --bind and --ttl 1) --tr-stop Exit when receive the first not ICMP in traceroute mode --tr-keep-ttl Keep the source TTL fixed, useful to monitor just one hop --tr-no-rtt Don't calculate/show RTT information in traceroute mode ARS packet description (new, unstable) --apd-send Send the packet described with APD (see docs/APD.txt) C:\Users\John\Desktop\hping2.win32> |
*********************************************************************************
hping2.0.0-rc3 安裝 ( CentOS 7.4 x64)
安裝目前仍失敗,步驟暫時留下參考
找到
暫時放棄了,其實下一版 hping3 都是 2005 年的東西,hping2 更老,安裝有問題,或需要修改很多地方才能安裝,是正常的。
*********************************************************************************
hping3-20051105 安裝 ( CentOS 7.4 x64)
結果也是一堆錯誤
安裝目前仍失敗,步驟暫時留下參考
[root@localhost ~]# yum -y install gcc libpcap libpcap-devel
[root@localhost ~]# tar zxvf http://www.hping.org/hping2.0.0-rc3.tar.gz [root@localhost ~]# cd hping2.0.0-rc3
[root@localhost hping2-rc3]# ./configure
build byteorder.c... create byteorder.h... -------------------------------------- system type: LINUX FORCE_LIBPCAP: LIBPCAP : PCAP_INCLUDE : MANPATH : /usr/local/man (to modify try configure --help) -------------------------------------- creating Makefile... now you can try `make' [root@localhost hping2-rc3]# make
gcc -c -O2 -Wall -g arsglue.c
In file included from ars.h:18:0,
from arsglue.c:5:
bytesex.h:22:3: error: #error can not find the byte order for this architecture, fix bytesex.h
# error can not find the byte order for this architecture, fix bytesex.h
^
In file included from arsglue.c:5:0:
ars.h:180:2: error: #error "Please, edit Makefile and add -DBYTE_ORDER_(BIG|LITTLE)_ENDIAN"
#error "Please, edit Makefile and add -DBYTE_ORDER_(BIG|LITTLE)_ENDIAN"
^
ars.h:244:2: error: #error "Please, edit Makefile and add -DBYTE_ORDER_(BIG|LITTLE)_ENDIAN"
#error "Please, edit Makefile and add -DBYTE_ORDER_(BIG|LITTLE)_ENDIAN"
^
make: *** [arsglue.o] Error 1
[root@localhost hping2-rc3]# vi Makefile
|
找到
CCOPT= -O2 -Wall
|
改成
CCOPT= -O2 -Wall -DBYTE_ORDER_LITTLE_ENDIAN
|
再來一次
[root@localhost hping2-rc3]# make
gcc -c -O2 -Wall -DBYTE_ORDER_LITTLE_ENDIAN -g arsglue.c
In file included from ars.h:18:0,
from arsglue.c:5:
bytesex.h:22:3: error: #error can not find the byte order for this architecture, fix bytesex.h
# error can not find the byte order for this architecture, fix bytesex.h
^
make: *** [arsglue.o] Error 1
[root@localhost hping2-rc3]#
|
#define BYTE_ORDER_LITTLE_ENDIAN
define BYTE_ORDER_LITTLE_ENDIAN
找到
#define BYTE_ORDER_LITTLE_ENDIAN
|
拿掉第一個 # 註解
define BYTE_ORDER_LITTLE_ENDIAN
|
再來一次
[root@localhost hping2-rc3]# make
gcc -c -O2 -Wall -DBYTE_ORDER_LITTLE_ENDIAN -g arsglue.c
In file included from ars.h:18:0,
from arsglue.c:5:
bytesex.h:22:3: error: #error can not find the byte order for this architecture, fix bytesex.h
# error can not find the byte order for this architecture, fix bytesex.h
^
make: *** [arsglue.o] Error 1
[root@localhost hping2-rc3]#
|
暫時放棄了,其實下一版 hping3 都是 2005 年的東西,hping2 更老,安裝有問題,或需要修改很多地方才能安裝,是正常的。
[root@localhost hping2-rc3]# ls -al | more
total 1072
drwxr-xr-x. 5 john john 4096 Jan 11 07:07 .
dr-xr-x---. 7 root root 4096 Jan 10 23:17 ..
-rw-r--r--. 1 john john 6778 Aug 23 2001 antigetopt.c
-rw-r--r--. 1 john john 1022 Aug 22 2001 antigetopt.h
-rw-r--r--. 1 root root 17888 Jan 10 23:18 antigetopt.o
-rw-r--r--. 1 john john 14175 Nov 28 2002 apd.c
-rw-r--r--. 1 john john 25085 Jul 28 2003 ars.c
-rw-r--r--. 1 john john 633 Dec 13 2002 arsglue.c
-rw-r--r--. 1 john john 13360 Jul 28 2003 ars.h
-rw-r--r--. 1 john john 1507 Dec 6 2003 AUTHORS
... (略)
|
[root@localhost ~]# yum -y install gcc libpcap libpcap-devel
[root@localhost ~]# wget http://www.hping.org/hping3-20051105.tar.gz
[root@localhost ~]# tar zxvf http://www.hping.org/hping3-20051105.tar.gz
[root@localhost ~]# cd hping3-20051105/
[root@localhost hping3-20051105]# ./configure
|
結果也是一堆錯誤
[root@localhost hping3-20051105]# ./configure
build byteorder.c...
create byteorder.h...
./configure: line 81: -: command not found
==> WARNING: no Tcl header files found!
--------------------------------------
system type: LINUX
LIBPCAP : PCAP=-lpcap
PCAP_INCLUDE :
MANPATH : /usr/local/man
USE_TCL :
TCL_VER :
TCL_INC :
LIBTCL : -ltcl -lm -lpthread
TCLSH :
(to modify try configure --help)
--------------------------------------
creating Makefile...
creating dependences...
In file included from ars.h:20:0,
from apd.c:19:
bytesex.h:22:3: error: #error can not find the byte order for this architecture, fix bytesex.h
# error can not find the byte order for this architecture, fix bytesex.h
^
In file included from apd.c:19:0:
ars.h:190:2: error: #error "Please, edit Makefile and add -DBYTE_ORDER_(BIG|LITTLE)_ENDIAN"
#error "Please, edit Makefile and add -DBYTE_ORDER_(BIG|LITTLE)_ENDIAN"
^
ars.h:254:2: error: #error "Please, edit Makefile and add -DBYTE_ORDER_(BIG|LITTLE)_ENDIAN"
#error "Please, edit Makefile and add -DBYTE_ORDER_(BIG|LITTLE)_ENDIAN"
^
ars.h:323:2: error: #error "Please, edit Makefile and add -DBYTE_ORDER_(BIG|LITTLE)_ENDIAN"
#error "Please, edit Makefile and add -DBYTE_ORDER_(BIG|LITTLE)_ENDIAN"
^
In file included from ars.h:20:0,
from ars.c:24:
bytesex.h:22:3: error: #error can not find the byte order for this architecture, fix bytesex.h
# error can not find the byte order for this architecture, fix bytesex.h
^
In file included from ars.c:24:0:
ars.h:190:2: error: #error "Please, edit Makefile and add -DBYTE_ORDER_(BIG|LITTLE)_ENDIAN"
#error "Please, edit Makefile and add -DBYTE_ORDER_(BIG|LITTLE)_ENDIAN"
^
ars.h:254:2: error: #error "Please, edit Makefile and add -DBYTE_ORDER_(BIG|LITTLE)_ENDIAN"
#error "Please, edit Makefile and add -DBYTE_ORDER_(BIG|LITTLE)_ENDIAN"
^
ars.h:323:2: error: #error "Please, edit Makefile and add -DBYTE_ORDER_(BIG|LITTLE)_ENDIAN"
#error "Please, edit Makefile and add -DBYTE_ORDER_(BIG|LITTLE)_ENDIAN"
^
In file included from ars.h:20:0,
from arsglue.c:7:
bytesex.h:22:3: error: #error can not find the byte order for this architecture, fix bytesex.h
# error can not find the byte order for this architecture, fix bytesex.h
^
In file included from arsglue.c:7:0:
ars.h:190:2: error: #error "Please, edit Makefile and add -DBYTE_ORDER_(BIG|LITTLE)_ENDIAN"
#error "Please, edit Makefile and add -DBYTE_ORDER_(BIG|LITTLE)_ENDIAN"
^
ars.h:254:2: error: #error "Please, edit Makefile and add -DBYTE_ORDER_(BIG|LITTLE)_ENDIAN"
#error "Please, edit Makefile and add -DBYTE_ORDER_(BIG|LITTLE)_ENDIAN"
^
ars.h:323:2: error: #error "Please, edit Makefile and add -DBYTE_ORDER_(BIG|LITTLE)_ENDIAN"
#error "Please, edit Makefile and add -DBYTE_ORDER_(BIG|LITTLE)_ENDIAN"
^
In file included from ars.h:20:0,
from rapd.c:11:
bytesex.h:22:3: error: #error can not find the byte order for this architecture, fix bytesex.h
# error can not find the byte order for this architecture, fix bytesex.h
^
In file included from rapd.c:11:0:
ars.h:190:2: error: #error "Please, edit Makefile and add -DBYTE_ORDER_(BIG|LITTLE)_ENDIAN"
#error "Please, edit Makefile and add -DBYTE_ORDER_(BIG|LITTLE)_ENDIAN"
^
ars.h:254:2: error: #error "Please, edit Makefile and add -DBYTE_ORDER_(BIG|LITTLE)_ENDIAN"
#error "Please, edit Makefile and add -DBYTE_ORDER_(BIG|LITTLE)_ENDIAN"
^
ars.h:323:2: error: #error "Please, edit Makefile and add -DBYTE_ORDER_(BIG|LITTLE)_ENDIAN"
#error "Please, edit Makefile and add -DBYTE_ORDER_(BIG|LITTLE)_ENDIAN"
^
In file included from ars.h:20:0,
from split.c:11:
bytesex.h:22:3: error: #error can not find the byte order for this architecture, fix bytesex.h
# error can not find the byte order for this architecture, fix bytesex.h
^
In file included from split.c:11:0:
ars.h:190:2: error: #error "Please, edit Makefile and add -DBYTE_ORDER_(BIG|LITTLE)_ENDIAN"
#error "Please, edit Makefile and add -DBYTE_ORDER_(BIG|LITTLE)_ENDIAN"
^
ars.h:254:2: error: #error "Please, edit Makefile and add -DBYTE_ORDER_(BIG|LITTLE)_ENDIAN"
#error "Please, edit Makefile and add -DBYTE_ORDER_(BIG|LITTLE)_ENDIAN"
^
ars.h:323:2: error: #error "Please, edit Makefile and add -DBYTE_ORDER_(BIG|LITTLE)_ENDIAN"
#error "Please, edit Makefile and add -DBYTE_ORDER_(BIG|LITTLE)_ENDIAN"
^
now you can try `make'
[root@localhost hping3-20051105]#
|
先用 Windows 版吧。
*********************************************************************************
hping3-20051105 安裝 ( CentOS 7.4 x64),用 EPEL
到
https://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/h/
找到有 hping3
到
https://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/
找到最新版 epel-release-7-11.noarch.rpm
開始安裝
[root@localhost ~]# wget https://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-7-11.noarch.rpm
[root@localhost ~]# rpm -Uvh epel-release-7-11.noarch.rpm
[root@localhost ~]# yum -y install hping3
|
更簡單安裝法
[root@localhost ~]# yum -y install epel-release
[root@localhost ~]# yum -y install hping3 |
安裝成功,hping3 提供的參數
[root@localhost ~]# hping3 -h
usage: hping host [options]
-h --help show this help
-v --version show version
-c --count packet count
-i --interval wait (uX for X microseconds, for example -i u1000)
--fast alias for -i u10000 (10 packets for second)
--faster alias for -i u1000 (100 packets for second)
--flood sent packets as fast as possible. Don't show replies.
-n --numeric numeric output
-q --quiet quiet
-I --interface interface name (otherwise default routing interface)
-V --verbose verbose mode
-D --debug debugging info
-z --bind bind ctrl+z to ttl (default to dst port)
-Z --unbind unbind ctrl+z
--beep beep for every matching packet received
Mode
default mode TCP
-0 --rawip RAW IP mode
-1 --icmp ICMP mode
-2 --udp UDP mode
-8 --scan SCAN mode.
Example: hping --scan 1-30,70-90 -S www.target.host
-9 --listen listen mode
IP
-a --spoof spoof source address
--rand-dest random destionation address mode. see the man.
--rand-source random source address mode. see the man.
-t --ttl ttl (default 64)
-N --id id (default random)
-W --winid use win* id byte ordering
-r --rel relativize id field (to estimate host traffic)
-f --frag split packets in more frag. (may pass weak acl)
-x --morefrag set more fragments flag
-y --dontfrag set dont fragment flag
-g --fragoff set the fragment offset
-m --mtu set virtual mtu, implies --frag if packet size > mtu
-o --tos type of service (default 0x00), try --tos help
-G --rroute includes RECORD_ROUTE option and display the route buffer
--lsrr loose source routing and record route
--ssrr strict source routing and record route
-H --ipproto set the IP protocol field, only in RAW IP mode
ICMP
-C --icmptype icmp type (default echo request)
-K --icmpcode icmp code (default 0)
--force-icmp send all icmp types (default send only supported types)
--icmp-gw set gateway address for ICMP redirect (default 0.0.0.0)
--icmp-ts Alias for --icmp --icmptype 13 (ICMP timestamp)
--icmp-addr Alias for --icmp --icmptype 17 (ICMP address subnet mask)
--icmp-help display help for others icmp options
UDP/TCP
-s --baseport base source port (default random)
-p --destport [+][+]<port> destination port(default 0) ctrl+z inc/dec
-k --keep keep still source port
-w --win winsize (default 64)
-O --tcpoff set fake tcp data offset (instead of tcphdrlen / 4)
-Q --seqnum shows only tcp sequence number
-b --badcksum (try to) send packets with a bad IP checksum
many systems will fix the IP checksum sending the packet
so you'll get bad UDP/TCP checksum instead.
-M --setseq set TCP sequence number
-L --setack set TCP ack
-F --fin set FIN flag
-S --syn set SYN flag
-R --rst set RST flag
-P --push set PUSH flag
-A --ack set ACK flag
-U --urg set URG flag
-X --xmas set X unused flag (0x40)
-Y --ymas set Y unused flag (0x80)
--tcpexitcode use last tcp->th_flags as exit code
--tcp-timestamp enable the TCP timestamp option to guess the HZ/uptime
Common
-d --data data size (default is 0)
-E --file data from file
-e --sign add 'signature'
-j --dump dump packets in hex
-J --print dump printable characters
-B --safe enable 'safe' protocol
-u --end tell you when --file reached EOF and prevent rewind
-T --traceroute traceroute mode (implies --bind and --ttl 1)
--tr-stop Exit when receive the first not ICMP in traceroute mode
--tr-keep-ttl Keep the source TTL fixed, useful to monitor just one hop
--tr-no-rtt Don't calculate/show RTT information in traceroute mode
ARS packet description (new, unstable)
--apd-send Send the packet described with APD (see docs/APD.txt)
[root@localhost ~]#
|
[root@localhost ~]# hping3 -S -p 80 -c 3 -n 192.168.1.101
HPING 192.168.1.101 (ens33 192.168.1.101): S set, 40 headers + 0 data bytes
--- 192.168.1.101 hping statistic --- 3 packets transmitted, 0 packets received, 100% packet loss round-trip min/avg/max = 0.0/0.0/0.0 ms |
[root@localhost ~]#
[root@localhost ~]# hping3 -S -p 80 -c 3 -n www.hinet.net
HPING www.hinet.net (ens33 210.61.44.225): S set, 40 headers + 0 data bytes len=46 ip=210.61.44.225 ttl=60 DF id=0 sport=80 flags=SA seq=0 win=29200 rtt=10.0 ms len=46 ip=210.61.44.225 ttl=60 DF id=0 sport=80 flags=SA seq=1 win=29200 rtt=10.0 ms len=46 ip=210.61.44.225 ttl=60 DF id=0 sport=80 flags=SA seq=2 win=29200 rtt=14.8 ms --- www.hinet.net hping statistic --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 10.0/11.6/14.8 ms [root@localhost ~]# hping3 -S -p 80 -c 3 -n 1.1.1.1 HPING 1.1.1.1 (ens33 1.1.1.1): S set, 40 headers + 0 data bytes ^C --- 1.1.1.1 hping statistic --- 2 packets transmitted, 0 packets received, 100% packet loss round-trip min/avg/max = 0.0/0.0/0.0 ms [root@localhost ~]# |
flags=SA 有開 port
*********************************************************************************
試用
最好拿自己的另一台電腦當目標測試 (ex : 192.168.1.100) ,免得被別人當成疑似攻擊行為。
下面範例偽造來源 IP 為 1.2.3.4,目標 192.168.1.100, 每秒送出 10 個封包。
[root@localhost ~]# hping 192.168.1.100 –i u10000 –S –a 1.2.3.4
|
(待續)
沒有留言:
張貼留言