Path: blob/master/DDOS Scripts/AMP Methods/PCAnywhere Amplification/pcscan.c
4607 views
#include <pcap.h>1#include <stdio.h>2#include <stdlib.h> // for exit()3#include <string.h> //for memset4#include <sys/ioctl.h>5#include <net/if.h>6#include <sys/socket.h>7#include <arpa/inet.h> // for inet_ntoa()8#include <net/ethernet.h>9#include <netinet/udp.h> //Provides declarations for udp header10#include <netinet/ip.h> //Provides declarations for ip header11#include <pthread.h>12#include <semaphore.h>13#include <signal.h>14#include <sys/resource.h>15#include <unistd.h>1617void process_packet(void *args, struct pcap_pkthdr *header, void *buffer);1819struct buffer20{21void *data;22int size;23struct buffer *next;24struct buffer *prev;25};26struct buffer *head;2728char *ipv4;29int processed,over,total,i,j;30struct sockaddr_in dest;31pthread_mutex_t buf_mutex = PTHREAD_MUTEX_INITIALIZER;32sem_t loop_sem;33int running_threads = 0;34volatile int found_srvs = 0;35volatile unsigned long per_thread = 0;36volatile unsigned long start = 0;37volatile unsigned long scanned = 0;38int sleep_between = 0;39volatile int bytes_sent = 0;40volatile unsigned long hosts_done = 0;41FILE *fd;4243void *readthread()44{45struct buffer *ourhead = head;46struct sockaddr_in saddr;47while(1)48{49sem_wait(&loop_sem);50while(ourhead->data == NULL){ ourhead = ourhead->next; }51pthread_mutex_lock(&buf_mutex);52void *buf = malloc(ourhead->size);53int size = ourhead->size;54memcpy(buf, ourhead->data, ourhead->size);55free(ourhead->data);56ourhead->data = NULL;57ourhead->size = 0;58pthread_mutex_unlock(&buf_mutex);59memset(&saddr, 0, sizeof(saddr));60struct iphdr *iph = (struct iphdr*)(buf + sizeof(struct ethhdr));61saddr.sin_addr.s_addr = iph->saddr;62struct udphdr *udph = (struct udphdr *)(buf + sizeof(struct ethhdr) + sizeof(struct iphdr));63if(ntohs(udph->source) == 5632)64{65int body_length = size - sizeof(struct ethhdr) - sizeof(struct iphdr) - sizeof(struct udphdr);66fprintf(fd,"%s %d\n",inet_ntoa(saddr.sin_addr),body_length);67fflush(fd);68found_srvs++;69}70free(buf);71processed++;72ourhead = ourhead->next;73}74}7576void *flood(void *par1)77{78running_threads++;79int thread_id = (int)par1;80unsigned long start_ip = htonl(ntohl(start)+(per_thread*thread_id));81unsigned long end = htonl(ntohl(start)+(per_thread*(thread_id+1)));82unsigned long w;83int y;84unsigned char buf[65536];85memcpy(buf, "\x4e\x51", 2);86int sizeofpayload = 2;87int sock;88if((sock=socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP))<0) {89perror("cant open socket");90exit(-1);91}92for(w=ntohl(start_ip);w<htonl(end);w++)93{94struct sockaddr_in servaddr;95bzero(&servaddr, sizeof(servaddr));96servaddr.sin_family = AF_INET;97servaddr.sin_addr.s_addr=htonl(w);98servaddr.sin_port=htons(5632);99sendto(sock,(char *)buf,sizeofpayload,0, (struct sockaddr *)&servaddr,sizeof(servaddr));100bytes_sent+=sizeofpayload;101scanned++;102hosts_done++;103usleep(sleep_between*1000);104}105close(sock);106running_threads--;107return;108}109110void sighandler(int sig)111{112fclose(fd);113printf("\n");114exit(0);115}116117void *printthread(void *argvs)118{119char **argv = (char **)argvs;120int threads = atoi(argv[4]);121pthread_t thread;122sleep(1);123char *str_start = malloc(18);124memset(str_start, 0, 18);125str_start = argv[1];126char *str_end = malloc(18);127memset(str_end, 0, 18);128str_end = argv[2];129start = inet_addr(str_start);130per_thread = (ntohl(inet_addr(str_end)) - ntohl(inet_addr(str_start))) / threads;131unsigned long toscan = (ntohl(inet_addr(str_end)) - ntohl(inet_addr(str_start)));132int i;133for(i = 0;i<threads;i++){134pthread_create( &thread, NULL, &flood, (void *) i);135}136sleep(1);137char *temp = (char *)malloc(17);138memset(temp, 0, 17);139sprintf(temp, "Found");140printf("%-16s", temp);141memset(temp, 0, 17);142sprintf(temp, "Host/s");143printf("%-16s", temp);144memset(temp, 0, 17);145sprintf(temp, "B/s");146printf("%-16s", temp);147memset(temp, 0, 17);148sprintf(temp, "Running Thrds");149printf("%-16s", temp);150memset(temp, 0, 17);151sprintf(temp, "Done");152printf("%s", temp);153printf("\n");154155char *new;156new = (char *)malloc(16*6);157while (running_threads > 0)158{159printf("\r");160memset(new, '\0', 16*6);161sprintf(new, "%s|%-15lu", new, found_srvs);162sprintf(new, "%s|%-15d", new, scanned);163sprintf(new, "%s|%-15d", new, bytes_sent);164sprintf(new, "%s|%-15d", new, running_threads);165memset(temp, 0, 17);166int percent_done=((double)(hosts_done)/(double)(toscan))*100;167sprintf(temp, "%d%%", percent_done);168sprintf(new, "%s|%s", new, temp);169printf("%s", new);170fflush(stdout);171bytes_sent=0;172scanned = 0;173sleep(1);174}175printf("\n");176fclose(fd);177exit(0);178}179180int main(int argc, char *argv[ ])181{182if(argc < 6){183fprintf(stderr, "Invalid parameters!\n");184fprintf(stdout, "Usage: %s <ip range start (192.168.0.0)> <ip range end (192.168.255.255)> <outfile> <threads> <scan delay in ms>\n", argv[0]);185exit(-1);186}187fd = fopen(argv[3], "a");188sleep_between = atoi(argv[5]);189int num_threads = atoi(argv[4]);190191const rlim_t kOpenFD = 1024 + (num_threads * 2);192struct rlimit rl;193int result;194rl.rlim_cur = kOpenFD;195rl.rlim_max = kOpenFD;196result = setrlimit(RLIMIT_NOFILE, &rl);197if (result != 0)198{199perror("setrlimit_nofile");200fprintf(stderr, "setrlimit_nofile returned result = %d\n", result);201}202bzero(&rl, sizeof(struct rlimit));203rl.rlim_cur = 256 * 1024;204rl.rlim_max = 4096 * 1024;205result = setrlimit(RLIMIT_STACK, &rl);206if (result != 0)207{208perror("setrlimit_stack");209fprintf(stderr, "setrlimit_stack returned result = %d\n", result);210}211212signal(SIGINT, &sighandler);213214pcap_if_t *alldevsp;215pcap_t *handle; //Handle of the device that shall be sniffed216217char errbuf[100] , *devname , devs[100][100];218int count = 1 , n;219220if( pcap_findalldevs( &alldevsp , errbuf) )221{222exit(1);223}224225devname = alldevsp->name;226ipv4 = malloc(16);227bzero(ipv4, 16);228struct ifreq ifc;229int res;230int sockfd = socket(AF_INET, SOCK_DGRAM, 0);231232if(sockfd < 0) exit(-1);233strcpy(ifc.ifr_name, devname);234res = ioctl(sockfd, SIOCGIFADDR, &ifc);235close(sockfd);236if(res < 0) exit(-1);237strcpy(ipv4, inet_ntoa(((struct sockaddr_in*)&ifc.ifr_addr)->sin_addr));238printf("Opening device %s for sniffing ... " , devname);239handle = pcap_open_live(devname , 65536 , 1 , 0 , errbuf);240241if (handle == NULL)242{243fprintf(stderr, "Couldn't open device %s : %s\n" , devname , errbuf);244exit(1);245}246printf("Done\n");247248sem_init(&loop_sem, 0, -1);249i = 1024*1000;250while(i--)251{252if(head == NULL)253{254head = (struct buffer *)malloc(sizeof(struct buffer));255bzero(head, sizeof(struct buffer));256head->data = NULL;257head->size = 0;258head->next = head;259head->prev = head;260} else {261struct buffer *new_node = (struct buffer *)malloc(sizeof(struct buffer));262bzero(new_node, sizeof(struct buffer));263new_node->data = NULL;264new_node->size = 0;265new_node->prev = head;266new_node->next = head->next;267head->next = new_node;268}269}270271pthread_t prnthread;272pthread_create( &prnthread, NULL, &printthread, (void *)argv);273pthread_t redthread;274pthread_create( &redthread, NULL, &readthread, NULL);275276pcap_loop(handle , -1 , process_packet , NULL);277278return 0;279}280281void process_packet(void *args, struct pcap_pkthdr *header, void *buffer)282{283int size = header->len;284285//Get the IP Header part of this packet , excluding the ethernet header286struct iphdr *iph = (struct iphdr*)(buffer + sizeof(struct ethhdr));287memset(&dest, 0, sizeof(dest));288dest.sin_addr.s_addr = iph->daddr;289290if(iph->protocol == 17 && strcmp(inet_ntoa(dest.sin_addr), ipv4) == 0)291{292//toss into buffer293if(head->data != NULL) over++;294pthread_mutex_lock(&buf_mutex);295void *temp = malloc(size);296memcpy(temp, buffer, size);297head->data = temp;298head->size = size;299head = head->next;300pthread_mutex_unlock(&buf_mutex);301sem_post(&loop_sem);302total++;303}304}305306