.::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::. :: :: :: ::::::: ::: ::: ::::::: ::::::: ::::: :::::::: :: :: ::: ::: ::: ::::: ::: ::: ::: ::: :: ::: :: :: ::: :: ::: ::: ::: ::::: :. ::: :::::: ::: ::: :: :: :::.::.::; ::: ::: :::: :: ::; ::: ::: :; ::: :: :: ''' ''' ::::::: ::: ::; :::; ::::::; ::::; ::: :: :: [wINJECT v0.93b] by moofz@bonbon.net http://big.badlink.net :: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: DISCLAIMER: The information contained in this text is legal 'as is' but I can in no way be held responsible for illegal use of this material or any damage caused. Be careful :) -+ wINJECT +- [drugs for Windows] .:[Table of content]:. 1. Welcome and NEWS! 2. Getting started 3. Limitations and warnings 4. Protocol info 5. Last words .................................................................. .:[Welcome and NEWS!]:. Hi! and welcome to THE packet injector for Windows 9x. First I would like to point out that this is a BETA version of wINJECT. This means alot of limitations and you may also get dumb and annoying warnings when you build packets. Sorry! but this is a one man project and it is not easy. I will try as hard as possible to make this a usefull program. This release is actually quite usefull. It includes some great features and I am very happy with it. First lets dive into the structure of the program. The main packet window contains these sub fields: (# Name Size Value) Ex: # Name Size Value 1 ip_blah b: 8 111 (this field is a 8 bit (one byte) field with the value 111) 1 ip_bluh B: 8 AAAAAAAA (this field is a 8 bytes field with 8*A) The b became a B, big difference. :) the rest is also easy. OK, that was a short intro but you are smart. Just try it and you will see how easy it is to use. +NEWS+ +NEWS+ +NEWS+ +NEWS+ +NEWS+ +NEWS+ +NEWS+ +NEWS+ +NEWS+ +NEWS+ Multi packet feature: Now you can edit & inject more than one packet. You can also make a Project that includes ex. 3 different packets and inject them in a sequence. You can loop and delay packets if you like. With this so called multi feature it is now possible to create fragmented packets (oh boy!). NOTE: when you save one packet the Loop+Delay information is NOT saved. But when you save a Project then the Loop+Delay settings of all the packets are saved and ALSO the Loop+Delay for the Project. The packets must be saved before you save a Project else you get an error. Packet "Info" button: This button is for comments/notes/anything you want to include in the .pkt file when you save it. You could write your name or email so other users can see who made the packet and maybe contact the person. It could also be a little description of the packet so you know what it does - you decide. NOTE: The Info length is limited to 255 characters which should be enough for everybody. This release also removes (well, it moves/pushes) some of the annoying limits. Now you can create a bit field with a size of 1...16 bits BUT you cant create a 17...31 bit field - but 32 bit is legal. Packet Loops and Delays: (for flooding and for NOT flooding) Sometimes it can be useful to send the same packet more than once. This is what the "Loop" up/down control is for. The "Delay" control inserts a delay after the packet (no waaay! :). You delay when you dont want to flood the destination. 1000 is 1 second. Project Loops and Delays: Same thing here, but for the Project. Nothing new. Just try it. .................................................................. .:[Getting started]:. Ok, so you want to build a packet? then let me tell you what you MUST include in it. The first layer is the IP layer (transport). Minimum length is 20 bytes. There are actually too many important fields you must include to mention here so I recommend that you open one of the included examples and then start from there. It is alot easier than starting from scratch. ALSO; download some TCP/IP primer or some unix exploits that deal with raw sockets, you can learn alot from them. I think these will help you in most cases: http://www.bitpunk.com/tcpip_ill/ (GREAT!, AWSOME, !!!!) http://www.faqs.org/rfcs/ (Ok - raw info) How to add/edit a field: Click on "New" or double click on a item from the list. If you start from scratch then the Layer is "1" (it must be!). Then enter a Name. It could start with ip_ but you decide. Select a format you would like to enter: Decimal: Most of the times you use this one (0 -> 9) Hex: Sometimes it is easier to enter in hex (0 -> f) Chars: (or bytes) Use this when you enter characters. Ex when you make an ICMP echo request (or a dns packet). Checksum: This field is for auto calc checksum, only one per layer! IP: When you enter an IP Dynamic IP: This will insert you current IP when online Random IP: Just a random IP, ok? from 0.0.0.0 to 255.255.255.255 Click the "Pseudo data" option if you are making TCP/IP or UDP packets with real checksums. Then you enter a bit/byte size if it is not set. NOTE: Legal bit values: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,32 which should cover most situations. Then you enter the value (also; if it is not set). Click OK, and if you dont get a warning then it "should" be ok. Build the rest of the packet and hit then inject button. Done.. off it goes, easy? you bet! .................................................................. .:[Limitations and warnings]:. Bit related warnings: When you add a 16 or 32 bit field then the bits/bytes are swapped (network byte order). Future releases will include more options! I hope. Next limitation: also called ("Bad bit: #001") This is illegal, and I will show you why. # Name Size Value 1 -- b: 15 -- 1 -- b: 2 -- 1 -- b: 7 -- Concentrate on the Size fields :) If you add up these you get 24 bits, that is 3 bytes. The problem is that when wINJECT adds them it tries to stop at 8/16 bit and then store the result in another buffer. So it first gets the 15 bit, BUT: then it sees then next 2 which will be 17 bit and that is TOO much. In future releases I will try to fix this. With this release you just have to think a little yourself. Yeah, I am sorry! Make sure wINJECT can add the bits so they end on 8/16 bit. Like this one: # Name Size Value 1 -- b: 15 -- 1 -- b: 1 -- 1 -- b: 1 -- 1 -- b: 7 -- .................................................................. .:[Protocol info]:. I have collected some protocol information to help beginners build packets. icmphdr: { 8 bit type; 8 bit code; 16 bit checksum; 16 bit id; 16 bit seq; } // definition of IP header version 4 as per RFC 791 ip_hdr: { 4 bit ip_v; // version 4 bit ip_hl; // header length 8 bit ip_tos; // type of service 16 bit ip_len; // total length 16 bit ip_id; // identification 16 bit ip_off; // fragment offset field 8 bit ip_ttl; // time to live 8 bit ip_p; // protocol 16 bit ip_cksum; // checksum 32 bit ip_src; // source address 32 bit ip_dst; // destination address } #define IPROTO_GGP 3 #define IPROTO_IGMP 2 #define ICMP_ECHOREPLY 0 // Echo Reply #define ICMP_DEST_UNREACH 3 // Destination Unreachable #define ICMP_SOURCE_QUENCH 4 // Source Quench #define ICMP_REDIRECT 5 // Redirect (change route) #define ICMP_ECHO 8 // Echo Request #define ICMP_TIME_EXCEEDED 11 // Time Exceeded #define ICMP_PARAMETERPROB 12 // Parameter Problem #define ICMP_TIMESTAMP 13 // Timestamp Request #define ICMP_TIMESTAMPREPLY 14 // Timestamp Reply #define ICMP_INFO_REQUEST 15 // Information Request #define ICMP_INFO_REPLY 16 // Information Reply #define ICMP_ADDRESS 17 // Address Mask Request #define ICMP_ADDRESSREPLY 18 // Address Mask Reply #define NR_ICMP_TYPES 18 // Codes for UNREACH. #define ICMP_NET_UNREACH 0 // Network Unreachable #define ICMP_HOST_UNREACH 1 // Host Unreachable #define ICMP_PROT_UNREACH 2 // Protocol Unreachable #define ICMP_PORT_UNREACH 3 // Port Unreachable #define ICMP_FRAG_NEEDED 4 // Fragmentation Needed/DF set #define ICMP_SR_FAILED 5 // Source Route failed #define ICMP_NET_UNKNOWN 6 #define ICMP_HOST_UNKNOWN 7 #define ICMP_HOST_ISOLATED 8 #define ICMP_NET_ANO 9 #define ICMP_HOST_ANO 10 #define ICMP_NET_UNR_TOS 11 #define ICMP_HOST_UNR_TOS 12 #define ICMP_PKT_FILTERED 13 // Packet filtered #define ICMP_PREC_VIOLATION 14 // Precedence violation #define ICMP_PREC_CUTOFF 15 // Precedence cut off // Codes for REDIRECT. #define ICMP_REDIR_NET 0 // Redirect Net #define ICMP_REDIR_HOST 1 // Redirect Host #define ICMP_REDIR_NETTOS 2 // Redirect Net for TOS #define ICMP_REDIR_HOSTTOS 3 // Redirect Host for TOS // Codes for TIME_EXCEEDED. #define ICMP_EXC_TTL 0 // TTL count exceeded #define ICMP_EXC_FRAGTIME 1 // Fragment Reass time exceeded .................................................................. .:[Last words]:. Yep, that was all for this release of wINJECT, Remember, if you find bugs, have any suggestions, ideas, comments, other things related to wINJECT (except source code questions), then mail me!! Thanks.. BYE! and enjoy! [moofz@bonbon.net] .................................................................. -+ wINJECT +- [drugs for Windows] ..................................................................