void sc_action_process(struct sc_action *sa) {
sc_action_debug_print(sa);
int haskey = 1;
BUFFER *buffer = buffer_new();
buffer_write_u8(buffer,(uint8_t)sa->m_shellcode->nspace);
switch (sa->m_shellcode->nspace) {
case sc_bindfiletransfer:
case sc_bindshell:
buffer_write_u8(buffer, sc_port);
buffer_write_u16(buffer,htons((uint16_t)sa->m_action.m_bind.m_localport));
if ( haskey ) {
buffer_write_u8(buffer,sc_key);
buffer_write_u32(buffer,htonl((uint32_t)sa->m_action.m_bind.m_key));
}
break;
case sc_connectbackfiletransfer:
case sc_connectbackshell:
buffer_write_u8(buffer,sc_host);
buffer_write_u32(buffer,htonl((uint16_t)sa->m_action.m_connectback.m_remotehost));
buffer_write_u8(buffer,sc_port);
buffer_write_u16(buffer,htons((uint16_t)sa->m_action.m_connectback.m_remoteport));
if ( haskey )
{
buffer_write_u8(buffer,sc_key);
buffer_write_u32(buffer,htonl((uint32_t)sa->m_action.m_connectback.m_key));
}
connectback(sa, haskey);
break;
case sc_execute:
buffer_write_u8(buffer,sc_command);
buffer_write_u8(buffer,strlen(sa->m_action.m_execute.m_command));
buffer_write_string(buffer,sa->m_action.m_execute.m_command);
break;
case sc_url:
buffer_write_u8(buffer,sc_uri);
buffer_write_u8(buffer,strlen(sa->m_action.m_url.m_link));
buffer_write_string(buffer,sa->m_action.m_url.m_link);
break;
default:
break;
}
// int size = buffer_write_size_get(buffer);
// send here
buffer_free(buffer);
return;
}
ssh_key* ssh_key_alloc(char* data, int length, char* passphrase) {
ssh_key* key;
BIO* key_bio;
char* public_key;
char* pos;
/* Create BIO for reading key from memory */
key_bio = BIO_new_mem_buf(data, length);
/* If RSA key, load RSA */
if (length > sizeof(SSH_RSA_KEY_HEADER)-1
&& memcmp(SSH_RSA_KEY_HEADER, data,
sizeof(SSH_RSA_KEY_HEADER)-1) == 0) {
RSA* rsa_key;
/* Read key */
rsa_key = PEM_read_bio_RSAPrivateKey(key_bio, NULL, NULL, passphrase);
if (rsa_key == NULL)
return NULL;
/* Allocate key */
key = malloc(sizeof(ssh_key));
key->rsa = rsa_key;
/* Set type */
key->type = SSH_KEY_RSA;
/* Allocate space for public key */
public_key = malloc(4096);
pos = public_key;
/* Derive public key */
buffer_write_string(&pos, "ssh-rsa", sizeof("ssh-rsa")-1);
buffer_write_bignum(&pos, rsa_key->e);
buffer_write_bignum(&pos, rsa_key->n);
/* Save public key to structure */
key->public_key = public_key;
key->public_key_length = pos - public_key;
}
/* If DSA key, load DSA */
else if (length > sizeof(SSH_DSA_KEY_HEADER)-1
&& memcmp(SSH_DSA_KEY_HEADER, data,
sizeof(SSH_DSA_KEY_HEADER)-1) == 0) {
DSA* dsa_key;
/* Read key */
dsa_key = PEM_read_bio_DSAPrivateKey(key_bio, NULL, NULL, passphrase);
if (dsa_key == NULL)
return NULL;
/* Allocate key */
key = malloc(sizeof(ssh_key));
key->dsa = dsa_key;
/* Set type */
key->type = SSH_KEY_DSA;
/* Allocate space for public key */
public_key = malloc(4096);
pos = public_key;
/* Derive public key */
buffer_write_string(&pos, "ssh-dss", sizeof("ssh-dss")-1);
buffer_write_bignum(&pos, dsa_key->p);
buffer_write_bignum(&pos, dsa_key->q);
buffer_write_bignum(&pos, dsa_key->g);
buffer_write_bignum(&pos, dsa_key->pub_key);
/* Save public key to structure */
key->public_key = public_key;
key->public_key_length = pos - public_key;
}
/* Otherwise, unsupported type */
else {
BIO_free(key_bio);
return NULL;
}
/* Copy private key to structure */
key->private_key_length = length;
key->private_key = malloc(length);
memcpy(key->private_key, data, length);
BIO_free(key_bio);
return key;
}
