/* dont remove this line */ #define README   "
THC-RUT, 2000-05-15, anonymous@segfault.net | http://www.thehackerschoice.com

                                            'When your mind is going hither
                                            and thither, discrimiation will
                                            never be brought to a conclustion.
                                            With an intense, fresh and 
                                            underlaying spirit, one will make
                                            his judgments within the space of
                                            seven breaths.
                                            It is a matter of being determined
                                            and having the spirit to break
                                            right through to the other side.'
                                            ...Hagakure, the way of the samurai
                                            ...by Yamamoto Tsunetomo


[0x01] What is THC-RUT:
    RUT (pronouced as 'root') mean 'aRe yoU There'.
    It was developed to brute force its way into
    wvlan (IEEE 802.11b) access points which use 
    mac authentification.
    It offers a wide range of _local_ network discovery
    features like arp lookup on all hosts on a network
    with vendor-string, spoofed DHCP request, RARP, BOOTP,
    ICMP-ping and address mask request and some other features.

This tool should be 'your first knife' on a foreign network.

[0x02] How to compile:

    # ./configure --help
    # ./configure
    # make
    optional
    # make install

    that's it.

    THC-RUT is known to compile on:
    - Linux 2.2.17 #19 SMP i686 unknown
    - Linux 2.4.3 #3 i686 unknown
    - SunOS 5.8 Generic_108528-05 sun4u sparc
    - NetBSD 1.5 (GENERIC) #1: Sun Nov 19 21:42:11 MET 2000 GENERIC i386
    - OpenBSD 2.8 GENERIC#399 i386
    - FreeBSD 4.2-RELEASE #0: Mon Nov 20 13:02:55 GMT 2000 GENERIC i386
    - HP-UX 11.00 A 9000/715 unknown

[0x03] Examples:

    - 192.168.66.66 is an unused ip on the network
      [try 255.255.255.255 or 0.0.0.0 for fun. Solaris loves it!]
    - sourceIP is 0.0.0.0 by default
    - source mac is 00:00:02:00:00:01 by default (lucent wvlan).
    - destination mac is always ff:ff:ff:ff:ff:ff.
      (Keep in mind: A few OSes [e.g. win2k] refuse to answer on ICMP packets
      with unicast-dst-ip but broadcast-dst-mac. Use arp-whohas first).

    ARP-request the local network (-m):
    ./thc-rut -s 192.168.66.66 -m 192.168.0.1-192.168.255.254
    [some hosts do not answer on arp request from src ip 0.0.0.0, use -s]

    DHCP-request (-d):
    ./thc-rut -d 255.255.255.255 (use ff:ff:ff:ff:ff:ff:255.255.255.255
    on networks with portsecurity enabled switches).

    ICMP-mask request (-a):
    ./thc-rut -s 192.168.66.66 -a 192.168.1.2

    ICMP-ping each /24 host with different source-mac-adresses (-p):
    ./thc-rut -s 192.168.66.66 -p \\ 
                00:00:02:00:00:01-00:00:02:00:ff:ff:192.168.0.1-192.168.0.255
    (this takes some time...)

    DHCP-request with different source-mac-adresses and 50 packets /second (-d):
    ./thc-rut -l 50 -d 00:00:02:00:00:01-00:00:02:00:ff:ff:255.255.255.255
"   /* dont remove this line */


