CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/external/source/dllinject/srv.c
Views: 11766
1


2
/* 

3
 * srv.c -- Example server for easy exploiting

4
 *

5
 * Usage: srv <port>

6
 *

7
 * Example:

8
 *

9
 * C:\> srv 1234

10
 * C:\> nload localhost 1234 -s code.s

11
 *

12
 */

13


14


15


16
#include <stdio.h>

17
#include <string.h>

18
#include <errno.h>

19


20
#if defined _WIN32

21
#include <winsock2.h>

22
#pragma comment(lib, "ws2_32.lib")

23
#else

24
#include <sys/socket.h>

25
#include <netinet/in.h>

26
#include <arpa/inet.h>

27
#include <netdb.h>

28
#include <unistd.h> 

29
#endif

30


31
#define SERVER_PORT    5432

32
#define MAX_PENDING     1

33


34


35
int ehlo, from;

36


37
/* Main function */

38


39
int main(int argc, char **argv) {

40
	DWORD old;

41
	struct 			sockaddr_in sin;

42
	char 			buf[8092], *ptr;

43
	int 			c, i, len, port;

44
	int 			s, new_s, bytes;

45
#if defined _WIN32

46
	int 			wsaret;

47
	WSADATA 		wsaData;

48
#endif

49
	int 			(*funct)();

50


51


52
	/* Command line parameters */

53
	if (argv[1])

54
		port = atoi(argv[1]);

55
	else

56
		port = SERVER_PORT;

57


58
#if defined _WIN32

59
	/* Initialize winsock */

60
	wsaret = WSAStartup(0x101, &wsaData);

61
	if(wsaret != 0)

62
		return (0);

63


64
	/* Create a socket */

65
	if ((s = WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP, NULL, 0, 0)) < 0) {

66
		fprintf(stderr, "%s: WSASocket - %s\n", argv[0], strerror(errno));

67
		exit(1);

68
	}

69
#else

70
	if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) {

71
		fprintf(stderr, "%s: socket - %s\n", argv[0], strerror(errno));

72
		exit(1);

73
	}

74


75
#endif

76


77
	/* Initialize the addres data structure */

78
	memset((void *)&sin, 0, sizeof(sin));

79
	sin.sin_family = AF_INET;

80
	sin.sin_addr.s_addr = INADDR_ANY;

81
	sin.sin_port = htons(port);

82


83
	/* Bind an address to the socket */

84
	if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) < 0) {

85
		fprintf(stderr, "%s: bind - %s\n", argv[0], strerror(errno));

86
		exit(1);

87
	}

88


89
	/* Set the length of the listen queue */

90
	if (listen(s, MAX_PENDING) < 0) {

91
		fprintf(stderr, "%s: listen - %s\n", argv[0], strerror(errno));

92
		exit(1);

93
	}

94
	

95


96
	len = sizeof(sin);

97
	new_s = accept(s, (struct sockaddr *)&sin, &len);

98


99
	memset(buf, 0, sizeof(buf));

100
	bytes = recv(new_s, buf, sizeof(buf), 0);

101


102
	printf("recv'd %d\n", bytes);

103


104
	old = VirtualProtect(

105
		buf,

106
		sizeof(buf),

107
		PAGE_EXECUTE_READWRITE,

108
		&old);

109


110


111
	/* Run the code */

112
	fprintf(stderr,"Oops.. I'm 0wned, reprotect success: %lu.\n", old);

113


114
	__asm mov edi, new_s

115


116
	funct = (int (*)()) buf;

117
	(int)(*funct)();

118
	

119
	return (0);

120


121
}

122


123


124


125