flat assembler
Message board for the users of flat assembler.

Index > Windows > Winsock Send Without Closing Connection.

Goto page 1, 2  Next
Author
Thread Post new topic Reply to topic
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz 04 Dec 2010, 22:17
Hello everyone. I have non-understandable problem.. I'm trying to send 1024 byte packet to 512 byte buffer to receive 2 times but I have kinda error thing. I've tried looping send() function but it doesn't sends nothing second time and third time it gives error WSACONNABORTED. Can anybody tell me what I'm doing wrong ? I want to keep connection alive + send data. I've tried also on my http server for testing but failed. When connected it just closes connection automatically when data is sent. help please Sad Here's example what I'm trying..
Code:
format PE console 4.0
include 'WIN32AX.INC' 
entry main 
section '.data' data readable writeable 
CR EQU 0x0D 
LF EQU 0x0A 
wsaData WSADATA 
saddr sockaddr_in 
rHost db "192.168.21.129",0 
req db "HEAD / HTTP/1.1",CR,LF,CR,LF,0 
sizeof.req = $ - req 
hSock dd ? 
section '.code' code readable executable 
proc main 
invoke WSAStartup,0x202,wsaData 
invoke socket,AF_INET,SOCK_STREAM,0 
mov [hSock],eax 
mov [saddr.sin_family],AF_INET 
invoke inet_addr,rHost 
mov [saddr.sin_addr],eax 
invoke htons,80 
mov [saddr.sin_port],ax 
invoke connect,[hSock],saddr,sizeof.sockaddr_in 
mov ebx,3
.loop: 
invoke send,[hSock],req,sizeof.req,0 
dec ebx
cmp ebx,0
jnz .loop 
invoke closesocket,[hSock] 
invoke WSACleanup 
invoke ExitProcess,0 
endp 
section '.idata' import data readable 
library kernel32,'kernel32.dll',ws2_32,'ws2_32.dll' 
        include 'API\KERNEL32.INC' 
        include 'API\WS2_32.INC'    

I have no idea what I'm doing wrong.. Thanks.
Post 04 Dec 2010, 22:17
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz 06 Dec 2010, 11:12
Just someone ask this question if don't know what I mean. Connection is being closed after socket is closed right ? and I'm not closing sockets so connection must be still alive.. Anyone reply please. Smile
Post 06 Dec 2010, 11:12
View user's profile Send private message Reply with quote
SFeLi



Joined: 03 Nov 2004
Posts: 138
SFeLi 06 Dec 2010, 11:40
Overflowz wrote:
I'm trying to send 1024 byte packet to 512 byte buffer to receive 2 times

Here you go.

Overflowz wrote:
I've tried also on my http server for testing but failed. When connected it just closes connection automatically when data is sent.

And here.

Overflowz wrote:
req db "HEAD / HTTP/1.1",CR,LF,CR,LF,0

You're not using this data as C-string. And winsock doesn't know about C-strings – it operates on data. So you absolutely don't need terminating 0. Either remove it or use sizeof.req - 1 when sending.
Post 06 Dec 2010, 11:40
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz 06 Dec 2010, 12:24
SFeLi
Thanks for reply. I know how to receive 1024 byte into 512 byte buffer. I know Connection:Keep-Alive thing and I've tried also removing 0 byte from req but still same problem. I'm not trying only for HTTP server. I'm trying also for testing another protocols like ftp or etc. But connection is still closed. How can I use send() function with any data what I want not only HEAD / HTTP/1.1 it was just for testing. And connection would be still alive ? Thanks.
Post 06 Dec 2010, 12:24
View user's profile Send private message Reply with quote
SFeLi



Joined: 03 Nov 2004
Posts: 138
SFeLi 06 Dec 2010, 12:43
I don't understand your question.
Overflowz wrote:
How can I use send() function with any data what I want not only HEAD / HTTP/1.1 it was just for testing.

It depends on the protocol you're using and server logic. What are you trying to do?

Edit: are you trying to write malware with DDoS function? Very Happy
Post 06 Dec 2010, 12:43
View user's profile Send private message Reply with quote
drobole



Joined: 03 Nov 2010
Posts: 67
Location: Norway
drobole 06 Dec 2010, 15:52
When you connect to a http server you must follow the rules described in the http protocol. For example, sending the string "HEAD / HTTP/1.1", is legal (according to the http protocol) and means that you want to retrieve the default web page from the server.
The http protocol states that the connection is stateless, among other things this means that once the client has sent a command, and the server has sent a response back, they are both supposed to disconnect. You can use the Keep-Alive flag, but that is for special cases, and is not supposed to be used in general. Back in the days this was a genius thing as it saves the internet and computers connected to it from wasting bandwidth and resources, making the world wide web possible!

If you are connecting to a ftp server, sending that string has no meaning to the server, and the server will probably send back an error message and possibly close as well.
You can look here to see some examples of valid strings you can send to a ftp server:
http://www.webdigi.co.uk/blog/2009/ftp-using-raw-commands-and-telnet/
In that example he is using telnet, but the commands you send (USER, PASS, CWD, ...) are the same.

However, the default socket behavior is to stay connected so if you write your own server you can send whatever you like in whatever order you like.
So, as soon as the client has successfully used the connect function, and the server has successfully used the accept function, you can start sending and receiving between them as you like.
Post 06 Dec 2010, 15:52
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz 06 Dec 2010, 18:51
SFeLi
Something like that for testing and I'm not that kind of person to do things like that Smile I'm just interested how those things work. Yep I'm trying to understand how DDoS works. I understand how flood works just sending data connecting and closing connection and same and same. But I don't understand how DDoS works. Can't find any source for that. 1 I've found was just spamming send but It's just flood I guess. How can I keep connection alive thats my question. Thank you Smile
drobole
Thank you for valuable info Smile I'll learn that too!
Post 06 Dec 2010, 18:51
View user's profile Send private message Reply with quote
drobole



Joined: 03 Nov 2010
Posts: 67
Location: Norway
drobole 07 Dec 2010, 05:30
Quote:

Edit: are you trying to write malware with DDoS function?

I can only imagine the news headlines:

"England has been unable to prevail today due to an intense flooding of the backbone infrastructure by a hacker named Overflowz..." Shocked
Post 07 Dec 2010, 05:30
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz 07 Dec 2010, 10:11
drobole
Well.. Smile I'M NOT HACKER AND NOT GONNA BE THAT! I want to be a security professional and just interesting how that things work! Fine if you dont believe me close this thread I don't care. I'm just asking for info not for copy/paste code damnit! I need to understand how that works. Is that hard to understand ?
Post 07 Dec 2010, 10:11
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz 07 Dec 2010, 17:04
1 more question. I found SOL_SOCKET and SO_KEEPALIVE functions for use of function setsockopt. How can I find value numbers of SOL_SOCKET and SO_KEEPALIVE cause I can't find in google and FASM tells it is undefined..
Post 07 Dec 2010, 17:04
View user's profile Send private message Reply with quote
drobole



Joined: 03 Nov 2010
Posts: 67
Location: Norway
drobole 07 Dec 2010, 19:29
I was just kidding Laughing

Look here
http://www.google.com/#sclient=psy&hl=en&q=%23define+sol_socket&aq=f&aqi=g-sv1g-o1&aql=&oq=&gs_rfai=&pbx=1&fp=cc7ad1a43d378bba

Code:
#if defined(__alpha__) || defined(__mips__)
#define SOL_SOCKET   0xffff
...
#else
#define SOL_SOCKET    1
...
#endif
    

so SOL_SOCKET should be 0xffff on alpha and mips architectures, and 1 on all others, like x86 and x86-64.

and look here
http://www.unixguide.net/network/socketfaq/4.7.shtml

AFAIK you don't need to do anything to keep an existing connection alive.

There is probably another reason your socket is disconnected. It could be becouse of an error, or it could be because you are connecting to a HTTP server, which is designed to disconnect after one send/receive cycle.

edit:
I was looking at the winsock2.h file that comes with windows, and it says:
Code:
/*
 * Level number for (get/set)sockopt() to apply to socket itself.
 */
#define SOL_SOCKET      0xffff          /* options for socket level */
...
    

so I guess windows uses 0xffff
Post 07 Dec 2010, 19:29
View user's profile Send private message Reply with quote
DarkAlchemist



Joined: 08 Oct 2010
Posts: 108
DarkAlchemist 07 Dec 2010, 20:12
drobole wrote:
Code:
#if defined(__alpha__) || defined(__mips__)
#define SOL_SOCKET        0xffff
...
#else
#define SOL_SOCKET    1
...
#endif
    

so SOL_SOCKET should be 0xffff on alpha and mips architectures, and 1 on all others, like x86 and x86-64.
...
I was looking at the winsock2.h file that comes with windows, and it says:
Code:
/*
 * Level number for (get/set)sockopt() to apply to socket itself.
 */
#define SOL_SOCKET      0xffff          /* options for socket level */
...
    

so I guess windows uses 0xffff
Go figure that Windows would be different.

It still bugs me to this day seeing Bill Gates, back in the day, say about the W3 standard..."We don't follow standards, we set them." Grrrrrrrrrrrr.
Post 07 Dec 2010, 20:12
View user's profile Send private message Send e-mail Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3175
Location: Denmark
f0dder 07 Dec 2010, 20:25
drobole wrote:
The http protocol states that the connection is stateless, among other things this means that once the client has sent a command, and the server has sent a response back, they are both supposed to disconnect. You can use the Keep-Alive flag, but that is for special cases, and is not supposed to be used in general.
For HTTP/1.1, the default is to use Keep-Alive, unless the client specifies "Connection: Close".

Of course there's a shitload of broken software out there on the internet, so you can never depend on anything - HTTP/1.1 servers might close your connection even though you didn't ask for it, and clients might close their connection even though they didn't specify "Connection: Close".

Follow the robustness principle: Be conservative in what you send; be liberal in what you accept..

_________________
Image - carpe noctem
Post 07 Dec 2010, 20:25
View user's profile Send private message Visit poster's website Reply with quote
drobole



Joined: 03 Nov 2010
Posts: 67
Location: Norway
drobole 07 Dec 2010, 21:17
f0dder wrote:
drobole wrote:
The http protocol states that the connection is stateless, among other things this means that once the client has sent a command, and the server has sent a response back, they are both supposed to disconnect. You can use the Keep-Alive flag, but that is for special cases, and is not supposed to be used in general.
For HTTP/1.1, the default is to use Keep-Alive, unless the client specifies "Connection: Close".

Of course there's a shitload of broken software out there on the internet, so you can never depend on anything - HTTP/1.1 servers might close your connection even though you didn't ask for it, and clients might close their connection even though they didn't specify "Connection: Close".

Follow the robustness principle: Be conservative in what you send; be liberal in what you accept..


I didn't know that, but I guess it makes sense somehow.
Thanks for clearing up the issue
Post 07 Dec 2010, 21:17
View user's profile Send private message Reply with quote
drobole



Joined: 03 Nov 2010
Posts: 67
Location: Norway
drobole 07 Dec 2010, 21:22
DarkAlchemist wrote:

...
It still bugs me to this day seeing Bill Gates, back in the day, say about the W3 standard..."We don't follow standards, we set them." Grrrrrrrrrrrr.


Yea, its a shame how some people think everything must be competition. Including standards Sad
Post 07 Dec 2010, 21:22
View user's profile Send private message Reply with quote
DarkAlchemist



Joined: 08 Oct 2010
Posts: 108
DarkAlchemist 09 Dec 2010, 02:08
Standards are supposed to be followed or they wouldn't be a standard. Sad Everyone else follows W3, for example, except MS.
Post 09 Dec 2010, 02:08
View user's profile Send private message Send e-mail Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz 09 Dec 2010, 08:52
Well, I guess SOL_SOCKET and SO_KEEPALIVE doesn't required for that. I've tried but no result.. I've tried multithreading but it sucks I guess. (I don't know why but its limited sometimes..). does anybody know other techniques ? Sad like normal ?
Post 09 Dec 2010, 08:52
View user's profile Send private message Reply with quote
drobole



Joined: 03 Nov 2010
Posts: 67
Location: Norway
drobole 09 Dec 2010, 12:59
Hi Owerflows,
I didn't have time to reply to your pm this morning but I was going to ask you what are you trying to do again?

Make a program to test DDoS attack on your web server?
Post 09 Dec 2010, 12:59
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz 09 Dec 2010, 18:16
drobole
Yes right that but also I'm interested how DDoS works too. I've tried with multithreading and works fine but I'm now interested how I should do it without multithreading ? I don't know how to explain. having problems in real life now so.. I'll post later.
Post 09 Dec 2010, 18:16
View user's profile Send private message Reply with quote
drobole



Joined: 03 Nov 2010
Posts: 67
Location: Norway
drobole 10 Dec 2010, 01:55
I'm not an expert on this but if you look here
http://en.wikipedia.org/wiki/Denial-of-service_attack
there is many different ways to make a DDoS attack.

One way is SYN flood
Quote:

SYN flood sends a flood of TCP/SYN packets, often with a forged sender address. Each of these packets is handled like a connection request, causing the server to spawn a half-open connection, by sending back a TCP/SYN-ACK packet, and waiting for a packet in response from the sender address. However, because the sender address is forged, the response never comes. These half-open connections saturate the number of available connections the server is able to make, keeping it from responding to legitimate requests until after the attack ends.


To make this work we need to use raw sockets and we must create a datagram package ourself. Its not the easiest thing to do but its quite interesting imo.

Here is a C example
http://mixter.void.ru/rawip.html
This example show pretty much what it takes to make a small SYN flooding program.

Here is a WinSock example
http://tangentsoft.net/wskfaq/examples/rawping.html
This one does more than we are interested in so its not the best example, but it is for windows so its a good cross reference for the other example, which is *nix based.

Of course, if you just want to DDoS your web server quick and easy, you can do that with certain ping programs (I think hping is sometimes used), or you can use a program like LOIC, which is designed for that kind of thing.

Thats pretty much all I know about it
Post 10 Dec 2010, 01:55
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page 1, 2  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.