void sc_action_process(struct sc_action *sa) { sc_action_debug_print(sa); int haskey = 1; BUFFER *buffer = buffer_new(); buffer_write_u8(buffer,(uint8_t)sa->m_shellcode->nspace); switch (sa->m_shellcode->nspace) { case sc_bindfiletransfer: case sc_bindshell: buffer_write_u8(buffer, sc_port); buffer_write_u16(buffer,htons((uint16_t)sa->m_action.m_bind.m_localport)); if ( haskey ) { buffer_write_u8(buffer,sc_key); buffer_write_u32(buffer,htonl((uint32_t)sa->m_action.m_bind.m_key)); } break; case sc_connectbackfiletransfer: case sc_connectbackshell: buffer_write_u8(buffer,sc_host); buffer_write_u32(buffer,htonl((uint16_t)sa->m_action.m_connectback.m_remotehost)); buffer_write_u8(buffer,sc_port); buffer_write_u16(buffer,htons((uint16_t)sa->m_action.m_connectback.m_remoteport)); if ( haskey ) { buffer_write_u8(buffer,sc_key); buffer_write_u32(buffer,htonl((uint32_t)sa->m_action.m_connectback.m_key)); } connectback(sa, haskey); break; case sc_execute: buffer_write_u8(buffer,sc_command); buffer_write_u8(buffer,strlen(sa->m_action.m_execute.m_command)); buffer_write_string(buffer,sa->m_action.m_execute.m_command); break; case sc_url: buffer_write_u8(buffer,sc_uri); buffer_write_u8(buffer,strlen(sa->m_action.m_url.m_link)); buffer_write_string(buffer,sa->m_action.m_url.m_link); break; default: break; } // int size = buffer_write_size_get(buffer); // send here buffer_free(buffer); return; }
ssh_key* ssh_key_alloc(char* data, int length, char* passphrase) { ssh_key* key; BIO* key_bio; char* public_key; char* pos; /* Create BIO for reading key from memory */ key_bio = BIO_new_mem_buf(data, length); /* If RSA key, load RSA */ if (length > sizeof(SSH_RSA_KEY_HEADER)-1 && memcmp(SSH_RSA_KEY_HEADER, data, sizeof(SSH_RSA_KEY_HEADER)-1) == 0) { RSA* rsa_key; /* Read key */ rsa_key = PEM_read_bio_RSAPrivateKey(key_bio, NULL, NULL, passphrase); if (rsa_key == NULL) return NULL; /* Allocate key */ key = malloc(sizeof(ssh_key)); key->rsa = rsa_key; /* Set type */ key->type = SSH_KEY_RSA; /* Allocate space for public key */ public_key = malloc(4096); pos = public_key; /* Derive public key */ buffer_write_string(&pos, "ssh-rsa", sizeof("ssh-rsa")-1); buffer_write_bignum(&pos, rsa_key->e); buffer_write_bignum(&pos, rsa_key->n); /* Save public key to structure */ key->public_key = public_key; key->public_key_length = pos - public_key; } /* If DSA key, load DSA */ else if (length > sizeof(SSH_DSA_KEY_HEADER)-1 && memcmp(SSH_DSA_KEY_HEADER, data, sizeof(SSH_DSA_KEY_HEADER)-1) == 0) { DSA* dsa_key; /* Read key */ dsa_key = PEM_read_bio_DSAPrivateKey(key_bio, NULL, NULL, passphrase); if (dsa_key == NULL) return NULL; /* Allocate key */ key = malloc(sizeof(ssh_key)); key->dsa = dsa_key; /* Set type */ key->type = SSH_KEY_DSA; /* Allocate space for public key */ public_key = malloc(4096); pos = public_key; /* Derive public key */ buffer_write_string(&pos, "ssh-dss", sizeof("ssh-dss")-1); buffer_write_bignum(&pos, dsa_key->p); buffer_write_bignum(&pos, dsa_key->q); buffer_write_bignum(&pos, dsa_key->g); buffer_write_bignum(&pos, dsa_key->pub_key); /* Save public key to structure */ key->public_key = public_key; key->public_key_length = pos - public_key; } /* Otherwise, unsupported type */ else { BIO_free(key_bio); return NULL; } /* Copy private key to structure */ key->private_key_length = length; key->private_key = malloc(length); memcpy(key->private_key, data, length); BIO_free(key_bio); return key; }