From wINJECT dox
" 30-Dec-2001
Welcome to THE packet injector for Windows 9x & Windows 2k.
First I would like to point out that this is a BETA version of wINJECT.
This means a lot of limitations and you may also get dumb and annoying
warnings when you build packets. I will try as hard as possible to make
this a usefull program. This release is actually quite usefull. It includes
some great features and I am very happy with it.
...
wINJECT now also runs on Windows 2000 (but without the lowlevel functions).
NOTE: There is a flaw/limitation in Win2k that prevents fragmented packets to
be sent [I can only say: "Use Win9x for maximum control!"].
NEW: import CommView binary packets. Just save packets as binary and
open with wINJECT. This feature is for the lazy hackers.
[lowlevel: WinSock Extension]:
This is cool! If wINJECT is running then you can send raw packets from
YOUR OWN program. For more info check out the included wsockext.txt
file. If you create an example I can include then mail it to me.
ASM, Delphi, C, C++, Fortran - anything that can use winsock is welcome.
[lowlevel: IP Changer]: More possible directions: User_X will let you
enter the exact IP you want. Up_X & Down_X use another method which
can be faster than normal Up & Down.
Magic Snooper:
This is for finding the initial MagicID. Usage is simple:
You are offline, press the "Magic Snooper" flag and go online. Wait and
hopefully it will show you the MagicID to use. If it does, the press
the save button.
"Better" support for weird modems (especially internals). Select COMX in the
settings if COM1-4 does not work for you. Note: the IP Changer
DOES NOT work when you use COMX so if the IP Changer is important then
get an external modem. When using this method you are also limited to
packet sizes less than 549 bytes (IP_TotLen). It will not warn you.
NetBIOS first level encoding:
When you select [Chars] as input format then you will notice a new button
(it illustrates a split). This is for NetBIOS packets.
...
[lowlevel: Thoughts]
Here are some ideas that show how powerful wINJECT really is or will be.
Lets start with the IP Changer concept. First it looks quite harmless but
in the hands of creative users it can be the opposite.
People have said to me: "Yah, so we can change to another ip. Phh big deal!"
and when I told them the more exotic use then they got that funny dreaming
look in their eyes.
"Normal use"
1. Banned IP: then jump to another IP.
2. If you suspect that someone is sending you "bad" packets then
jump to another IP and feel secure for some time.
Exotic:
3. Change to the IP of your ISPs DNS server. There exists some
misconfigured dial-in equipment out there. [This is not my idea!]
You should have a fake DNS server setup before you do this, else you
are just flooded with lookup requests that cant be answered.
Look at the DNS logs and select the most used search engine or web
site. Copy the website and next time a lookup request comes in then
pass the IP of your machine to them. You are in control! you can
send them anywhere you want.
4. Nuke victim, jump to his IP and continue whatever he was doing.
This is a feature I think will be included in future versions of
wINJECT. It will be able to take over ANY TCP/IP connection. If it
detects an active connection when it jumped to a new IP then a message
box will pop up and ask if you want to hijack it :) quite powerful!
Stealth Ping:
I found a way to discover which IPs that are in use at my ISP
(other dialin users). This can be used as a "stealth ping" but is only
possible if your ISP is strict and has anti spoofing on.
Let me give you an example:
Most ISPs filter packets that has spoofed source adresses. If I am
on 194.239.168.1 then I cant send packets with a source IP that is outside
the range of my ISP. Some ISPs allow you to send as 194.239.168.2
but MY ISP filters the packet if 194.239.168.2 is not in use.
OK, so pretend that I am 194.239.168.1 again. If I send a packet
with:
source_ip=194.239.168.2
destination_ip=194.239.168.1
and my sniffer picks up a packet from .2 then there is another user on .2
but if I dont see anything come in, then it is not in use.
It doesnt get more stealth than this.
NEW Features:
Counter and Random Fields:
In future you will get these 2 field types. Especially the Counter field
will be useful when making DNS attacks, but also TCP spoofing will be
possible. Anything that is hard because we need to increase a field in the
packet will be easier in the future.
The Random field is for the "tester". Imagine sending tons of random
packets out and then hope it triggers a NEW bug in a system. Ahh lots
of fun.
lowlevel: WinSock Extension
This one makes it possible for WinSock users to send RAW/Spoofed packets from
their own program. When the "Raw_Reading" feature is ready then you can
make scanners, probes - everything from your program. Make your own diag
programs you always wanted to do but couldnt because of WinSock limitations.
I give WinSock programmers what Microsoft didnt give them - and I hope
they will appreciate it ;)
lowlevel: Net Nose
I am making a sniffer !! yeah :) then you dont have to switch between
wINJECT and the sniffer you use now. You will also be able to copy
the sniffed packet to the editor with a few clicks. Most of the code
is already done - but the stability is missing.
I hope it is ready for next release. But it depends on the response from
the users.
NIC/ADSL/CABLE support for Windows 95/98 users: (YEAAAH !!!)
I have an ADSL connection now, so NIC development can start.
... "
|