eviltik eviltik
eviltik
/ gist:5817266
Created
June 19, 2013 19:29
TCP only, generateChecksum failed too, every offsets tested, alternative routines for checksum calculation failed too
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| IP Header | |
| 0 1 2 3 | |
| 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
| |Version| IHL |Type of Service| Total Length | | |
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
eviltik
/ gist:5817244
Created
June 19, 2013 19:28
TCP + IP = generateChecksums failed, i've tried every offsets !
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| tcpdump -vvv -i lo -n ip | |
| NMAP result (nmap -sS localhost -p 23) | |
| root@debian:/home/zenetik# tcpdump -vvv -i lo -n ip | |
| tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes | |
| 21:50:20.794277 IP (tos 0x0, ttl 40, id 56063, offset 0, flags [none], proto TCP (6), length 44) | |
| 127.0.0.1.56649 > 127.0.0.1.23: Flags [S], cksum 0x17c8 (correct), seq 1809790236, win 1024, options [mss 1460], length 0 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| tcpdump -i lo -n ip | |
| nmap :19:54:07.502287 IP 127.0.0.1.56239 > 127.0.0.1.23: Flags [S], seq 411956820, win 1024, options [mss 1460], length 0 | |
| syn.js :21:26:57.830349 IP 127.0.0.1.54444 > 127.0.0.1.23: Flags [S], seq 234156285, win 1024, options [mss 1460], length 0 | |
| --> sound good but no ack+syn in reply, let's go verbose mode with tcpdump | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0x00,0x00, // src port | |
| 0x00,0x00, // dst port | |
| 0xa4,0x72,0xf0,0x7d, | |
| 0x00, | |
| 0x06, // protocol | |
| 0x00, // checksum | |
| 0x00,0x70,0x02,0xff,0xff, | |
| 0xd6,0x79,0x00,0x00,0x02, | |
| 0x04, // syn flag??? | |
| 0x05,0xa0, |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var async = require('async'); | |
| var dns = require('dns'); | |
| async.series([ | |
| function(next) { | |
| dns.resolve4('www.microsoft.com',next); | |
| }, | |
| ],function(err,result) { | |
| console.log(result[0][0]); | |
| }); |
NewerOlder