0x82-Ssagazi - Distributed Denial of Service Attack tool v0.05. by Xpl017Elz of INetCop(c) Security. * About: -- This is worthless 0.05 version yet. Therefore, can give great stress to a person who use this tool sometimes. Anyway, do joyful DDoS attack. P.S: This is code basis step yet. Can speak as proof of concept. * Tool Structure: -- * This is possible concealment through LKM(Loadable Kernel Module) in linux. Sidabari(Agent) Characteristic: 1. Have hidden executed process. (process name: `-bash') 2. Use DES encryption techniques to do 2 characters by SALT using crypt function. (CRYPT_STD_DES) 3. Command execution communicates through UDP protocol, and port selects 65500, 65501 times to basis. 4. Attacker command feasibly shell commander function support. 5. When communicate password packet, encrypt again code that is encoded by DES technique by blowfish encryption technique and use. 6. When exchange packet, bothway encryption decipher selects and uses possible blowfish encryption technique. (example: shell commander, target host information, etc ...) 7. Deceive DDoS attacker IP and attack. 8. Now, supply ICMP, SYN, UDP, SMURF flooding attack method. 9. Attempt attack as much as time that attacker decides. (basis 10 seconds) 10. When attack, investigate whether IP spoofing is possible. Oyabung(Master) Characteristic: Handler command - help : Inform use method information. getip : Inform IP that's linked to Domain. fakechk : examine IP spoofing possibility. minish : Send packet that encrypt shell command to execute to agent server. check : Now, search all agent servers that can connect and inspect state. (Use password that encode.) ready : Compare in case agent server dies, set cron daemon in remote. satkcfg : Input target host address and broadcast address, time out, packet size to attack for attack. attack : Through established information, attempt DDoS attack. (Use packet that encode.) - Attack method - 1. UDP flooding DoS attack. (not root) 2. ICMP flooding IP spoof DoS attack. (only root) 3. SYN flooding IP spoof DoS attack. (only root) 4. UDP flooding IP spoof DoS attack (only root) 5. SMURF flooding IP spoof DoS attack (only root) kill : agent server program temporary end. skill : Remove agent server end of program and connection program, src, setting file. quit : master program exit. exit : master program exit. wrtip : Register information of new server address, port, password to agent server list. (Password encryption.) delip : Delete server address in agent server list. listip : Inform address that is registered to agent server list. outclean : master program screen clear. latkcfg : Inform config contents for established attack server. version : Inform engine version. * Joke: -- Do you know truth that the many PC rooms exist innumerably in South Korea? People pay fare as much as time that use PC. Usually, the PC room communicates with other network through 1 router. Of course, there is place that put server. Yes, so. Can abuse much resourceses if use the PC room, can use PC into free charge all day. How ? After use PC all day, it's method to do away with router. This method drops internet of all PCs that is linked to router. It's cruel game? hehehe! :-p Yes, so. It may make kiddies joyfully finally. :-X -- eof -- P.S: Sorry, my poor english. -- By "dong-houn yoU" (Xpl017Elz), in INetCop(c) Security. MSN & E-mail: szoahc(at)hotmail(dot)com, xploit(at)hackermail(dot)com INetCop Security Home: http://www.inetcop.org (Korean hacking game) My World: http://x82.inetcop.org GPG public key: http://wizard.underattack.co.kr/~x82/h0me/pr0file/x82.k3y --