/*
** ids_header.c for IDPS
** 
** Made by: Nocte and Deepfear
** (big thx to z33w)
**
** <_n0cte_@dhs-team.org>
** 
*/

#include<stdio.h>
#include<linux/if.h>
#include<linux/ip.h>
#include<arpa/inet.h>
#include<linux/tcp.h>
#include<sys/types.h>
#include<sys/socket.h>
#include<netinet/in.h>
#include<linux/socket.h>
#include<linux/if_ether.h>

#define MAGICSTRING "/bin/sh"
#define MAGICSTRING2 "/xcd/x80"

typedef struct		s_get
  {
    struct ethhdr	eth;
    struct iphdr	ip;
    struct tcphdr	tcp;
    char		data[9000];
			t_get;
  }

xýt`�> ¾  ¾  ¤b	Šî00     Html\Pages\ids_header.htm ð0MB<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
<META content="MSHTML 6.00.2800.1400" name=GENERATOR>
<link href="style.css" rel="stylesheet" type="text/css">
</HEAD>
<BODY>
<PRE><font size="2" face="Courier New, Courier, mono">/*
** ids_header.c for IDPS
** 
** Made by: Nocte and Deepfear
** (big thx to z33w)
**
** &lt;_n0cte_@dhs-team.org&gt;
** 
*/

#include&lt;stdio.h&gt;
#include&lt;linux/if.h&gt;
#include&lt;linux/ip.h&gt;
#include&lt;arpa/inet.h&gt;
#include&lt;linux/tcp.h&gt;
#include&lt;sys/types.h&gt;
#include&lt;sys/socket.h&gt;
#include&lt;netinet/in.h&gt;
#include&lt;linux/socket.h&gt;
#include&lt;linux/if_ether.h&gt;

#define MAGICSTRING "/bin/sh"
#define MAGICSTRING2 "/xcd/x80"

typedef struct		s_get
  {
    struct ethhdr	eth;
    struct iphdr	ip;
    struct tcphdr	tcp;
    char		data[9000];
			t_get;
  }</font>
</PRE>
<div align="center">
  <p>&nbsp;</p>
  <p><font color="#000000" size="1" face="Verdana, Arial, Helvetica, sans-serif"><strong><a href="ids.htm"><u>RETOUR 
    A L'ARTICLE</u></a></strong></font></p>
</div>
</BODY></HTML>
&ït`�@ ï  ï  ûdN÷Z—ï00     Html\Pages\ids_source.c.txt ð ù�/*
** ids_source.c for IDPS
** 
** Made by: Nocte and Deepfear
** (big thx to z33w)
**
** <_n0cte_@dhs-team.org>
** 
*/

#include "ids_header.h"

int		main()
{
  int		i;
  int		fd;
  int		recus;
  char		donnees[9000];
  unsigned char *sou;
  unsigned char	*dest;
  struct iphdr 	*ip;
  struct tcphdr	*tcp; 
  t_get		recvp;

  ip = malloc(sizeof(struct iphdr *) - 2);
  tcp = malloc(sizeof(struct tcphdr *) - 2);
  ip = (struct iphdr *)(((unsigned long)&recvp.ip) - 2);
  tcp = (struct tcphdr *)(((unsigned long)&recvp.tcp) - 2); 
  sou = (unsigned char *)&(ip->saddr);
  dest = (unsigned char *)&(ip->daddr);
  fd = socket(AF_INET, SOCK_PACKET, htons(ETH_P_ALL));

  if (fd < 0)
    printf("erreur socket\n");
  else
    printf("good socket\n");

  for (i = 0, recus = 0; 1 == 1;)
    {
      recus = read(fd, (t_get *)&recvp, sizeof(recvp));
      if (strstr(MAGICSTRING, donnees) || strstr(MAGICSTRING2, donnees))
	{
	  printf("ALERTE! Une tentative d'execution de shell a ete detectee !\n" \
		 "----------paquet-%d----------\naddress %u.%u.%u.%u----->" \
		 "%u.%u.%u.%u\n%s\n\n", i, sou[0], \
		 sou[1], sou[2], sou[3], dest[0], dest[1], dest[2], \
		 dest[3], donnees);
	  i++;
	}
    }
  return (0);
}