result_type Peer::whenNiceCredentialsAreProvided(const descriptor_pair & sourceDesc, peer_id sourceId) { result_type res = SUCCESS; peer_id targetId; std::string remoteInfo; res = recv_(coordinatorFd, 0, remoteInfo); // receive other peer credentials if (remoteInfo.length() == 0) { TEST() std::cout << "peer is not yet registered" << std::endl; establishNextConnectionIfAvailable(); return NOTHING; } res = recv_(coordinatorFd, 0, targetId); TEST() std::cout << "received nice creds " << targetId << " " << remoteInfo << std::endl; int streamId = streamsForConnections[targetId]; streamsForConnections.erase(targetId); TEST() std::cout << "connecting using libnice" << std::endl; if (nice.connect(streamId, remoteInfo)) { setNewPeerStructures(streamId, targetId, DESCRIPTOR_NICE); std::cout << knownPeers.toString() << std::endl; } else { res = requestRelayedConnectionTo(targetId); } res = establishNextConnectionIfAvailable(); return res; }
// 0x0040159b void do_login(struct state* arg_state) { // rsp -- 0xc0 bytes for locals -- rbp struct state* s = arg_state; // -0xb8(rsp) int len; // -0xa8(rsp) char* p1; // -0xa0(rsp) char* p2; // -0x98(rsp) char buf[0x80]; // -0x90(rsp) memset(buf, 0, 0x80); send_(s->sock, "Please send password for user "); send_(s->sock, s->username); send_(s->sock, "\n"); p1 = p2 = recv_(s->sock); len = strlen(p1); for(i=0; (*p1 != ' ') && (i < len-1); i++) { buf[i] = *p1++; } if(*p1 == ' ') { p1++; } if(strncasecmp("PASS", buf, 4)) { send_(s->sock, "login with USER PASS.\n"); return; } s->password = p1; hash_password(s->password); if(!strncmp(s->username, "blankwall", 9) && hash_password(s->password) == 0xd386d209) { send_(s->sock, "logged in.\n"); return; // 0x00401780: movl $0x66, 0x202c7e(%rip) // this pokes a global, but I don't know which/where it's used } else { send_(s->sock, "Invalid login credentials.\n"); } }
int WSAAPI Hookedrecv( SOCKET s, char *buf, int len, int flags ) { if ( DbgGetShellcodeFlag() == PWNYPOT_STATUS_SHELLCODE_FLAG_SET && len > 1) { CHAR szPort[20]; CHAR szUID[UID_SIZE]; sockaddr_in sdata; int sock_len = sizeof(sockaddr); PXMLNODE XmlIDLogNode; XmlIDLogNode = mxmlNewElement( XmlShellcode, "row"); // type mxmlElementSetAttr(XmlIDLogNode, "type", ANALYSIS_TYPE_RECV); getpeername( s, (sockaddr *)&sdata, &sock_len); mxmlElementSetAttrf(XmlIDLogNode, "socket", "%d", s); mxmlElementSetAttr(XmlIDLogNode, "recv_ip", inet_ntoa(sdata.sin_addr)); mxmlElementSetAttr(XmlIDLogNode, "recv_port", _itoa(htons(sdata.sin_port), szPort, 10)); mxmlElementSetAttr(XmlIDLogNode, "recv_datalen", _itoa(len, szPort, 10)); mxmlElementSetAttr(XmlIDLogNode, "data_uid", GenRandomStr(szUID, UID_SIZE-1)); HexDumpToFile((PBYTE)buf, len ,szUID); // save SaveXml( XmlLog ); } return (recv_( s, buf, len, flags)); }
result_type Peer::whenCoordinatorDeregistersPeer(const descriptor_pair & sourceDesc, peer_id sourceId) { peer_id id; recv_(sourceDesc.desc, 0, id); if (knownPeers.idExists(id)) { actOnFailure(knownPeers.idToDescriptor(id)); } return SUCCESS; }
result_type Peer::whenCredentialsAreRequested(const descriptor_pair & sourceDesc, peer_id sourceId) { result_type res = SUCCESS; peer_id requesterId; res = recv_(coordinatorFd, 0, requesterId); // receive source credentials QUIT_IF_UNSUCCESSFUL(res); TEST() std::cout << "peer " << requesterId << " requested credentials" << std::endl; res = send_type_(coordinatorFd, PROVIDE_PEER_CREDENTIALS); res = send_(coordinatorFd, ownAddr.port); res = send_(coordinatorFd, requesterId); return res; }
result_type Peer::whenReceivedSetRelayedConnection(const descriptor_pair & sourceDesc, peer_id sourceId) { result_type res; if (sourceDesc.desc != coordinatorFd) { return SUCCESS; } peer_id id; res = recv_(sourceDesc.desc, 0, id); LOG_AND_QUIT_IF_UNSUCCESSFUL(res, sourceDesc); TEST() std::cout << "received \"set relayed connection\" (from " << id << ")" << std::endl; descriptor_pair desc(id, DESCRIPTOR_NONE); // yes, it is sourceId indeed knownPeers.registerPeer(desc, id); preparePeerQueues(desc); return res; }
result_type Peer::whenPeerRegisters(const descriptor_pair & sourceDesc, peer_id sourceId) { result_type res = SUCCESS; int sourceFd = sourceDesc.desc; peer_id actualId; res = recv_(sourceFd, 0, actualId); TEST() std::cout << "peer " << actualId << " registering with this node " << std::endl; res = send_(sourceFd, this->ownId); LOG_AND_QUIT_IF_UNSUCCESSFUL(res, sourceDesc); setNewPeerStructures(sourceFd, actualId, DESCRIPTOR_SOCK); if (this->usingFreeformLayout) { this->nextPeers.push_back(actualId); } std::cout << knownPeers.toString() << std::endl; return res; }
result_type Peer::whenNiceCredentialsAreRequested(const descriptor_pair & sourceDesc, peer_id sourceId) { result_type res = SUCCESS; peer_id requesterId; res = recv_(coordinatorFd, 0, requesterId); // receive source credentials QUIT_IF_UNSUCCESSFUL(res); TEST() std::cout << "peer " << requesterId << " requested nice credentials" << std::endl; uint streamId; std::string localInfo; nice.startNewStream(streamId, localInfo); res = send_type_(coordinatorFd, PROVIDE_NICE_PEER_CREDENTIALS); res = send_(coordinatorFd, localInfo); res = send_(coordinatorFd, requesterId); TEST() std::cout << "sent creds, as requested" << std::endl; streamsForConnections[requesterId] = streamId; return res; }
result_type Peer::whenReceivedRelayedMessage(const descriptor_pair & sourceDesc, peer_id sourceId) { result_type res = SUCCESS; peer_id senderId; char * bytes = NULL; size_type size = 0; res = recv_(sourceDesc.desc, 0, senderId); res = recv_new_(sourceDesc.desc, 0, bytes, size); QUIT_IF_UNSUCCESSFUL(res); descriptor_pair senderDesc = knownPeers.idToDescriptor(senderId); //descriptor_pair senderDesc(senderId, DESCRIPTOR_NONE); if (!existsInQueues(senderDesc)) { std::cout << "NOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO" << std::endl; preparePeerQueues(senderDesc); } bufferMessage(senderDesc, senderId, bytes, size); return res; }
void do_stuff(int arg_sock) { // rsp -- 0x990 bytes for locals -- rbp int sock = arg_sock; // -0x984(rbp) int i; // -0x978(rbp) int len; // -0x974(rbp) char* p1, p2 // -0x970(rbp), -0x968(rbp) // -0x960(rbp), 1224 bytes total struct { int sock; // -0x960(rbp) char* something1; // -0x950(rbp) char* something2; // -0x948(rbp) char* username; // offset 0x20, -0x940(rbp) char* password; // offset 0x28 char dir[1024]; // offset 0xc0 } state; int logged_in; // -0x4a0(rbp), overlap with dir? char buf[0x80]; // -0x490(rbp) char directory[1024]; // -0x410(rbp) alarm(65); srand(time(0)); memset(state, 0, 1224); state->sock = sock; if(getcwd(directory, 0x400)) { strcpy(state->dir, directory); } else { error("CWD"); } send_(sock, "Welcome to FTP server\n"); for(;; free(p2)) { memset(buf, 0, 0x80); p1 = p2 = recv_(sock); len = strlen(p1); for(i=0; (*p1 != ' ') && (i < len-1); i++) { buf[i] = *p1++; } if(*p1 == ' ') { p1++; } p1[strlen(p1)-1] = 0; if(!strncasecmp("USER", buf, 4)) { if(logged_in) { send_(sock, "Cannot change user "); send_(sock, state->username); send_(sock, "\n"); continue; } else { state->username = p1; state->something2 = p1; do_login(state); continue; } } if(!strncasecmp("PASS", buf, 4)) { send_(sock, "send user first.\n"); continue; } if(!strncasecmp("HELP", buf, 4)) { send_(sock, "USER PASS PASV PORT\nNOOP REIN LIST SYST SIZE\nRETR STOR PWD CWD\n"); continue; } if(!logged_in) { send_(sock, "login with USER first.\n"); continue; } if(!strncasecmp("REIN", buf, 4)) { logged_in = 0; continue; } if(!strncasecmp("PORT", buf, 4)) { do_port(...); } if(!strncasecmp("PASV", buf, 4)) { do_pasv(...); } if(!strncasecmp("STOR", buf, 4)) { do_stor(...); } if(!strncasecmp("RETR", buf, 4)) { do_retr(...); } if(!strncasecmp("QUIT", buf, 4)) { do_quit(...); } if(!strncasecmp("LIST", buf, 4)) { do_list(...); } if(!strncasecmp("SYST", buf, 4)) { do_syst(...); } if(!strncasecmp("NOOP", buf, 4)) { do_noop(...); } if(!strncasecmp("PWD", buf, 4)) { do_pwd(...); } if(!strncasecmp("CWD", buf, 4)) { do_cwd(...); } if(!strncasecmp("RDF", buf, 4)) { state->something1 = p1; state->something2 = buf; do_rdf(state); } } }
result_type Peer::whenCredentialsAreProvided(const descriptor_pair & sourceDesc, peer_id sourceId) { result_type res = SUCCESS; address otherAddr; peer_id targetId; std::string targetIp; res = recv_(coordinatorFd, 0, targetIp); if (targetIp.length() == 0) { TEST() std::cout << "peer is not yet registered" << std::endl; establishNextConnectionIfAvailable(); return NOTHING; } if (targetIp == "local") { TEST() std::cout << "peer is in the local network" << std::endl; res = recv_(coordinatorFd, 0, targetIp); // get public IP, in case local connection fails and its needed otherAddr.ip = this->localIp; } else { otherAddr.ip = targetIp; } res = recv_(coordinatorFd, 0, otherAddr.port); res = recv_(coordinatorFd, 0, targetId); QUIT_IF_UNSUCCESSFUL(res); TEST() std::cout << "received creds " << targetId << " " << otherAddr << " (public IP: " << targetIp << ")"<< std::endl; TEST() std::cout << "connecting using sockets" << std::endl; int fd = connectToPeer(otherAddr, false); // connect (here, otherAddr can be a local or public IP) if (fd == -1 and otherAddr.ip == localIp) { // failed when connecting locally TEST() std::cout << "local connection failed. trying public IP" << std::endl; otherAddr.ip == targetIp; fd = connectToPeer(otherAddr, false); } if (fd == -1) { #ifndef DISABLE_LIBNICE res = requestNiceConnectionTo(targetId); #else res = requestRelayedConnectionTo(targetId); #endif return res; } TEST() std::cout << "connected" << std::endl; res = send_type_(fd, REGISTER); res = send_(fd, this->ownId); QUIT_IF_UNSUCCESSFUL(res); peer_id arguedId; res = recv_(fd, 0, arguedId); QUIT_IF_UNSUCCESSFUL(res); if (arguedId != targetId) { return FAILURE; } TEST() std::cout << "registered with peer" << std::endl; setNewPeerStructures(fd, targetId, DESCRIPTOR_SOCK); std::cout << knownPeers.toString() << std::endl; TEST() std::cout << "end establishConnection" << std::endl; establishNextConnectionIfAvailable(); return res; }
result_type Peer::registerWithCoordinator() { result_type res; coordinatorFd = connectToPeer(coordinatorAddr, true); res = send_type_(coordinatorFd, REGISTER); QUIT_IF_UNSUCCESSFUL(res); res = recv_(coordinatorFd, 0, ownId); // receive registration ID QUIT_IF_UNSUCCESSFUL(res); std::cout << "ID: " << this->ownId << std::endl; setNewPeerStructures(coordinatorFd, 0, DESCRIPTOR_SOCK); // the coordinator has always ID = 0 res = recv_(coordinatorFd, 0, nPeers); QUIT_IF_UNSUCCESSFUL(res); this->usingFreeformLayout = (nPeers == 0); if (!this->usingFreeformLayout) { // receive all peers that are upstream or downstream of this peer_id * prev = NULL, * next = NULL; uint prevSize = 0, nextSize = 0; res = recv_new_(coordinatorFd, 0, prev, prevSize); QUIT_IF_UNSUCCESSFUL(res); res = recv_new_(coordinatorFd, 0, next, nextSize); QUIT_IF_UNSUCCESSFUL(res); printIds(prev, prevSize, "previous"); printIds(next, nextSize, "next"); this->prevPeers.assign(prev+0, prev+prevSize); this->nextPeers.assign(next+0, next+nextSize); free(prev); free(next); } // receive which next/prev IDs are already registered peer_id * connectable_array; uint connectableSize = 0; res = recv_new_(coordinatorFd, 0, connectable_array, connectableSize); QUIT_IF_UNSUCCESSFUL(res); connectable.insert(connectable_array+0, connectable_array+connectableSize); if (this->usingFreeformLayout) { this->nextPeers.assign(connectable.begin(), connectable.end()); // when there's no layout, all connectable peers are considered to be "next" } free(connectable_array); TEST() { std::cout << "connectable peers:" << std::endl; for (peer_id id : connectable) std::cout << "id: " << id << std::endl; std::cout << "---------------------" << std::endl; } return res; }