result_type Peer::whenNiceCredentialsAreProvided(const descriptor_pair & sourceDesc, peer_id sourceId)
{
result_type res = SUCCESS;
peer_id targetId;
std::string remoteInfo;
res = recv_(coordinatorFd, 0, remoteInfo); // receive other peer credentials
if (remoteInfo.length() == 0) {
TEST() std::cout << "peer is not yet registered" << std::endl;
establishNextConnectionIfAvailable();
return NOTHING;
}
res = recv_(coordinatorFd, 0, targetId);
TEST() std::cout << "received nice creds " << targetId << " " << remoteInfo << std::endl;
int streamId = streamsForConnections[targetId];
streamsForConnections.erase(targetId);
TEST() std::cout << "connecting using libnice" << std::endl;
if (nice.connect(streamId, remoteInfo)) {
setNewPeerStructures(streamId, targetId, DESCRIPTOR_NICE);
std::cout << knownPeers.toString() << std::endl;
} else {
res = requestRelayedConnectionTo(targetId);
}
res = establishNextConnectionIfAvailable();
return res;
}
// 0x0040159b
void do_login(struct state* arg_state) {
// rsp -- 0xc0 bytes for locals -- rbp
struct state* s = arg_state; // -0xb8(rsp)
int len; // -0xa8(rsp)
char* p1; // -0xa0(rsp)
char* p2; // -0x98(rsp)
char buf[0x80]; // -0x90(rsp)
memset(buf, 0, 0x80);
send_(s->sock, "Please send password for user ");
send_(s->sock, s->username);
send_(s->sock, "\n");
p1 = p2 = recv_(s->sock);
len = strlen(p1);
for(i=0; (*p1 != ' ') && (i < len-1); i++) {
buf[i] = *p1++;
}
if(*p1 == ' ') { p1++; }
if(strncasecmp("PASS", buf, 4)) {
send_(s->sock, "login with USER PASS.\n");
return;
}
s->password = p1;
hash_password(s->password);
if(!strncmp(s->username, "blankwall", 9) && hash_password(s->password) == 0xd386d209) {
send_(s->sock, "logged in.\n");
return;
// 0x00401780: movl $0x66, 0x202c7e(%rip) // this pokes a global, but I don't know which/where it's used
} else {
send_(s->sock, "Invalid login credentials.\n");
}
}
int
WSAAPI
Hookedrecv(
SOCKET s,
char *buf,
int len,
int flags
)
{
if ( DbgGetShellcodeFlag() == PWNYPOT_STATUS_SHELLCODE_FLAG_SET && len > 1)
{
CHAR szPort[20];
CHAR szUID[UID_SIZE];
sockaddr_in sdata;
int sock_len = sizeof(sockaddr);
PXMLNODE XmlIDLogNode;
XmlIDLogNode = mxmlNewElement( XmlShellcode, "row");
// type
mxmlElementSetAttr(XmlIDLogNode, "type", ANALYSIS_TYPE_RECV);
getpeername( s, (sockaddr *)&sdata, &sock_len);
mxmlElementSetAttrf(XmlIDLogNode, "socket", "%d", s);
mxmlElementSetAttr(XmlIDLogNode, "recv_ip", inet_ntoa(sdata.sin_addr));
mxmlElementSetAttr(XmlIDLogNode, "recv_port", _itoa(htons(sdata.sin_port), szPort, 10));
mxmlElementSetAttr(XmlIDLogNode, "recv_datalen", _itoa(len, szPort, 10));
mxmlElementSetAttr(XmlIDLogNode, "data_uid", GenRandomStr(szUID, UID_SIZE-1));
HexDumpToFile((PBYTE)buf, len ,szUID);
// save
SaveXml( XmlLog );
}
return (recv_( s, buf, len, flags));
}
result_type Peer::whenCoordinatorDeregistersPeer(const descriptor_pair & sourceDesc, peer_id sourceId)
{
peer_id id;
recv_(sourceDesc.desc, 0, id);
if (knownPeers.idExists(id)) {
actOnFailure(knownPeers.idToDescriptor(id));
}
return SUCCESS;
}
result_type Peer::whenCredentialsAreRequested(const descriptor_pair & sourceDesc, peer_id sourceId)
{
result_type res = SUCCESS;
peer_id requesterId;
res = recv_(coordinatorFd, 0, requesterId); // receive source credentials
QUIT_IF_UNSUCCESSFUL(res);
TEST() std::cout << "peer " << requesterId << " requested credentials" << std::endl;
res = send_type_(coordinatorFd, PROVIDE_PEER_CREDENTIALS);
res = send_(coordinatorFd, ownAddr.port);
res = send_(coordinatorFd, requesterId);
return res;
}
result_type Peer::whenReceivedSetRelayedConnection(const descriptor_pair & sourceDesc, peer_id sourceId)
{
result_type res;
if (sourceDesc.desc != coordinatorFd) {
return SUCCESS;
}
peer_id id;
res = recv_(sourceDesc.desc, 0, id);
LOG_AND_QUIT_IF_UNSUCCESSFUL(res, sourceDesc);
TEST() std::cout << "received \"set relayed connection\" (from " << id << ")" << std::endl;
descriptor_pair desc(id, DESCRIPTOR_NONE); // yes, it is sourceId indeed
knownPeers.registerPeer(desc, id);
preparePeerQueues(desc);
return res;
}
result_type Peer::whenPeerRegisters(const descriptor_pair & sourceDesc, peer_id sourceId)
{
result_type res = SUCCESS;
int sourceFd = sourceDesc.desc;
peer_id actualId;
res = recv_(sourceFd, 0, actualId);
TEST() std::cout << "peer " << actualId << " registering with this node " << std::endl;
res = send_(sourceFd, this->ownId);
LOG_AND_QUIT_IF_UNSUCCESSFUL(res, sourceDesc);
setNewPeerStructures(sourceFd, actualId, DESCRIPTOR_SOCK);
if (this->usingFreeformLayout) {
this->nextPeers.push_back(actualId);
}
std::cout << knownPeers.toString() << std::endl;
return res;
}
result_type Peer::whenNiceCredentialsAreRequested(const descriptor_pair & sourceDesc, peer_id sourceId)
{
result_type res = SUCCESS;
peer_id requesterId;
res = recv_(coordinatorFd, 0, requesterId); // receive source credentials
QUIT_IF_UNSUCCESSFUL(res);
TEST() std::cout << "peer " << requesterId << " requested nice credentials" << std::endl;
uint streamId;
std::string localInfo;
nice.startNewStream(streamId, localInfo);
res = send_type_(coordinatorFd, PROVIDE_NICE_PEER_CREDENTIALS);
res = send_(coordinatorFd, localInfo);
res = send_(coordinatorFd, requesterId);
TEST() std::cout << "sent creds, as requested" << std::endl;
streamsForConnections[requesterId] = streamId;
return res;
}
result_type Peer::whenReceivedRelayedMessage(const descriptor_pair & sourceDesc, peer_id sourceId)
{
result_type res = SUCCESS;
peer_id senderId;
char * bytes = NULL;
size_type size = 0;
res = recv_(sourceDesc.desc, 0, senderId);
res = recv_new_(sourceDesc.desc, 0, bytes, size);
QUIT_IF_UNSUCCESSFUL(res);
descriptor_pair senderDesc = knownPeers.idToDescriptor(senderId);
//descriptor_pair senderDesc(senderId, DESCRIPTOR_NONE);
if (!existsInQueues(senderDesc)) {
std::cout << "NOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO" << std::endl;
preparePeerQueues(senderDesc);
}
bufferMessage(senderDesc, senderId, bytes, size);
return res;
}
void do_stuff(int arg_sock) {
// rsp -- 0x990 bytes for locals -- rbp
int sock = arg_sock; // -0x984(rbp)
int i; // -0x978(rbp)
int len; // -0x974(rbp)
char* p1, p2 // -0x970(rbp), -0x968(rbp)
// -0x960(rbp), 1224 bytes total
struct {
int sock; // -0x960(rbp)
char* something1; // -0x950(rbp)
char* something2; // -0x948(rbp)
char* username; // offset 0x20, -0x940(rbp)
char* password; // offset 0x28
char dir[1024]; // offset 0xc0
} state;
int logged_in; // -0x4a0(rbp), overlap with dir?
char buf[0x80]; // -0x490(rbp)
char directory[1024]; // -0x410(rbp)
alarm(65);
srand(time(0));
memset(state, 0, 1224);
state->sock = sock;
if(getcwd(directory, 0x400)) {
strcpy(state->dir, directory);
} else {
error("CWD");
}
send_(sock, "Welcome to FTP server\n");
for(;; free(p2)) {
memset(buf, 0, 0x80);
p1 = p2 = recv_(sock);
len = strlen(p1);
for(i=0; (*p1 != ' ') && (i < len-1); i++) {
buf[i] = *p1++;
}
if(*p1 == ' ') { p1++; }
p1[strlen(p1)-1] = 0;
if(!strncasecmp("USER", buf, 4)) {
if(logged_in) {
send_(sock, "Cannot change user ");
send_(sock, state->username);
send_(sock, "\n");
continue;
} else {
state->username = p1;
state->something2 = p1;
do_login(state);
continue;
}
}
if(!strncasecmp("PASS", buf, 4)) {
send_(sock, "send user first.\n");
continue;
}
if(!strncasecmp("HELP", buf, 4)) {
send_(sock, "USER PASS PASV PORT\nNOOP REIN LIST SYST SIZE\nRETR STOR PWD CWD\n");
continue;
}
if(!logged_in) {
send_(sock, "login with USER first.\n");
continue;
}
if(!strncasecmp("REIN", buf, 4)) {
logged_in = 0;
continue;
}
if(!strncasecmp("PORT", buf, 4)) {
do_port(...);
}
if(!strncasecmp("PASV", buf, 4)) {
do_pasv(...);
}
if(!strncasecmp("STOR", buf, 4)) {
do_stor(...);
}
if(!strncasecmp("RETR", buf, 4)) {
do_retr(...);
}
if(!strncasecmp("QUIT", buf, 4)) {
do_quit(...);
}
if(!strncasecmp("LIST", buf, 4)) {
do_list(...);
}
if(!strncasecmp("SYST", buf, 4)) {
do_syst(...);
}
if(!strncasecmp("NOOP", buf, 4)) {
do_noop(...);
}
if(!strncasecmp("PWD", buf, 4)) {
do_pwd(...);
}
if(!strncasecmp("CWD", buf, 4)) {
do_cwd(...);
}
if(!strncasecmp("RDF", buf, 4)) {
state->something1 = p1;
state->something2 = buf;
do_rdf(state);
}
}
}
result_type Peer::whenCredentialsAreProvided(const descriptor_pair & sourceDesc, peer_id sourceId)
{
result_type res = SUCCESS;
address otherAddr;
peer_id targetId;
std::string targetIp;
res = recv_(coordinatorFd, 0, targetIp);
if (targetIp.length() == 0) {
TEST() std::cout << "peer is not yet registered" << std::endl;
establishNextConnectionIfAvailable();
return NOTHING;
}
if (targetIp == "local") {
TEST() std::cout << "peer is in the local network" << std::endl;
res = recv_(coordinatorFd, 0, targetIp); // get public IP, in case local connection fails and its needed
otherAddr.ip = this->localIp;
} else {
otherAddr.ip = targetIp;
}
res = recv_(coordinatorFd, 0, otherAddr.port);
res = recv_(coordinatorFd, 0, targetId);
QUIT_IF_UNSUCCESSFUL(res);
TEST() std::cout << "received creds " << targetId << " " << otherAddr << " (public IP: " << targetIp << ")"<< std::endl;
TEST() std::cout << "connecting using sockets" << std::endl;
int fd = connectToPeer(otherAddr, false); // connect (here, otherAddr can be a local or public IP)
if (fd == -1 and otherAddr.ip == localIp) { // failed when connecting locally
TEST() std::cout << "local connection failed. trying public IP" << std::endl;
otherAddr.ip == targetIp;
fd = connectToPeer(otherAddr, false);
}
if (fd == -1) {
#ifndef DISABLE_LIBNICE
res = requestNiceConnectionTo(targetId);
#else
res = requestRelayedConnectionTo(targetId);
#endif
return res;
}
TEST() std::cout << "connected" << std::endl;
res = send_type_(fd, REGISTER);
res = send_(fd, this->ownId);
QUIT_IF_UNSUCCESSFUL(res);
peer_id arguedId;
res = recv_(fd, 0, arguedId);
QUIT_IF_UNSUCCESSFUL(res);
if (arguedId != targetId) {
return FAILURE;
}
TEST() std::cout << "registered with peer" << std::endl;
setNewPeerStructures(fd, targetId, DESCRIPTOR_SOCK);
std::cout << knownPeers.toString() << std::endl;
TEST() std::cout << "end establishConnection" << std::endl;
establishNextConnectionIfAvailable();
return res;
}
result_type Peer::registerWithCoordinator()
{
result_type res;
coordinatorFd = connectToPeer(coordinatorAddr, true);
res = send_type_(coordinatorFd, REGISTER);
QUIT_IF_UNSUCCESSFUL(res);
res = recv_(coordinatorFd, 0, ownId); // receive registration ID
QUIT_IF_UNSUCCESSFUL(res);
std::cout << "ID: " << this->ownId << std::endl;
setNewPeerStructures(coordinatorFd, 0, DESCRIPTOR_SOCK); // the coordinator has always ID = 0
res = recv_(coordinatorFd, 0, nPeers);
QUIT_IF_UNSUCCESSFUL(res);
this->usingFreeformLayout = (nPeers == 0);
if (!this->usingFreeformLayout)
{
// receive all peers that are upstream or downstream of this
peer_id * prev = NULL, * next = NULL;
uint prevSize = 0, nextSize = 0;
res = recv_new_(coordinatorFd, 0, prev, prevSize);
QUIT_IF_UNSUCCESSFUL(res);
res = recv_new_(coordinatorFd, 0, next, nextSize);
QUIT_IF_UNSUCCESSFUL(res);
printIds(prev, prevSize, "previous");
printIds(next, nextSize, "next");
this->prevPeers.assign(prev+0, prev+prevSize);
this->nextPeers.assign(next+0, next+nextSize);
free(prev);
free(next);
}
// receive which next/prev IDs are already registered
peer_id * connectable_array;
uint connectableSize = 0;
res = recv_new_(coordinatorFd, 0, connectable_array, connectableSize);
QUIT_IF_UNSUCCESSFUL(res);
connectable.insert(connectable_array+0, connectable_array+connectableSize);
if (this->usingFreeformLayout) {
this->nextPeers.assign(connectable.begin(), connectable.end()); // when there's no layout, all connectable peers are considered to be "next"
}
free(connectable_array);
TEST() {
std::cout << "connectable peers:" << std::endl;
for (peer_id id : connectable)
std::cout << "id: " << id << std::endl;
std::cout << "---------------------" << std::endl;
}
return res;
}
