summaryrefslogtreecommitdiff
path: root/other/b-scan/tmp/src/restore.c
diff options
context:
space:
mode:
authorRoot THC2026-02-24 12:42:47 +0000
committerRoot THC2026-02-24 12:42:47 +0000
commitc9cbeced5b3f2bdd7407e29c0811e65954132540 (patch)
treeaefc355416b561111819de159ccbd86c3004cf88 /other/b-scan/tmp/src/restore.c
parent073fe4bf9fca6bf40cef2886d75df832ef4b6fca (diff)
initial
Diffstat (limited to 'other/b-scan/tmp/src/restore.c')
-rw-r--r--other/b-scan/tmp/src/restore.c263
1 files changed, 263 insertions, 0 deletions
diff --git a/other/b-scan/tmp/src/restore.c b/other/b-scan/tmp/src/restore.c
new file mode 100644
index 0000000..45edbb8
--- /dev/null
+++ b/other/b-scan/tmp/src/restore.c
@@ -0,0 +1,263 @@
1/*
2 * bscan, restore.c
3 * this is the buggies part of the entire scanner :>
4 * many buffer overflows in here
5 */
6#include <bscan/bscan.h>
7#include <bscan/system.h>
8#include <bscan/module.h>
9#include <string.h>
10
11
12extern struct _opt *opt;
13
14#define RESTORE_FILE "restore.bscan"
15
16#define R_ARGVLIST "argvlist"
17#define R_MODARG "modarg"
18#define R_LIMIT "limit"
19#define R_FLAGS "flags"
20#define R_DELAY "delay"
21#define R_PSCANSTAT "pscanstat"
22#define R_IPSCAN_COUNT "ipscan_count"
23#define R_IPTOTSCAN_C "iptotscan_count"
24#define R_BSENT_COUNT "bsent_count"
25#define R_IP_OFFSET "ip_offset"
26#define R_IP_BLKLEN "ip_blklen"
27#define R_IP_POS "ip_pos"
28#define R_SCAN_TIME "scan_time"
29#define R_SPF_SIP "spf_sip"
30#define R_SPF_SMAC "spf_smac"
31#define R_SNARFICMP_C "snarf.icmp_c"
32#define R_SNARFCLOSE_C "snarf.close_c"
33#define R_SNARFOPEN_C "snarf.open_c"
34#define R_SNARFREFUSED_C "snarf.refused_c"
35#define R_IDEV "lnet.device"
36#define R_HOSTFILE "hostfile"
37
38
39/*
40 * save everything that is required to restore/restart an inter session
41 */
42int
43write_restore ()
44{
45 u_char *p = (u_char *) opt->spf_smac;
46 FILE *fptr;
47 char **myargv = opt->argvlist;
48 struct timeval tv;
49#ifdef HAVE_DLSYM
50 int c=0;
51 extern const int modcount;
52 extern const struct _mods mods[MAX_MODULES];
53#endif
54
55 if (opt->flags & OPT_VERB)
56 fprintf (stderr, "Writing restore file '%s'\n", RESTORE_FILE);
57
58 if ((fptr = fopen (RESTORE_FILE, "w+")) == NULL)
59 return (-1);
60
61 fprintf (fptr, "# bscan restore file. This is an automatic generated\n");
62 fprintf (fptr, "# file. Don't edit.\n");
63 fprintf (fptr, "#\n");
64
65 fprintf (fptr, R_ARGVLIST ": ");
66 if ((opt->target != NULL) && !(opt->flags & OPT_HOSTFILE))
67 fprintf (fptr, "\"%s\" ", opt->target);
68 while (*myargv != NULL)
69 fprintf (fptr, "\"%s\" ", *myargv++);
70 fprintf (fptr, "\n");
71
72#ifdef HAVE_DLSYM
73 for (c = 0; c < modcount; c++)
74 fprintf(fptr, R_MODARG ": %s\n", mods[c].modarg);
75#endif
76
77 fprintf (fptr, R_LIMIT ": %u\n", opt->limit);
78 fprintf (fptr, R_DELAY ": %u\n", opt->delay);
79 fprintf (fptr, R_PSCANSTAT ": %u\n", opt->pscanstat);
80 fprintf (fptr, R_IPSCAN_COUNT ": %lu\n", opt->ipscan_count);
81 fprintf (fptr, R_IPTOTSCAN_C ": %lu\n", opt->iptotscan_count);
82 fprintf (fptr, R_BSENT_COUNT ": %lu\n", opt->bsent_count);
83 fprintf (fptr, R_IP_OFFSET ": %lu\n", opt->ip_offset);
84 fprintf (fptr, R_IP_BLKLEN ": %lu\n", opt->ip_blklen);
85 fprintf (fptr, R_IP_POS ": %lu\n", opt->ip_pos);
86 fprintf (fptr, R_FLAGS ": %4.4x\n", opt->flags);
87 memcpy(&tv, &opt->tv2, sizeof(tv));
88 time_diff (&opt->scan_start, &tv);
89 fprintf (fptr, R_SCAN_TIME ": %ld\n", (long)tv.tv_sec);
90 fprintf (fptr, R_SPF_SIP ": %s\n", int_ntoa (opt->nt.src));
91 fprintf (fptr, R_SPF_SMAC ": %2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x\n",
92 p[0], p[1], p[2], p[3], p[4], p[5]);
93 fprintf (fptr, R_SNARFICMP_C ": %lu\n", opt->snarf.icmp_c);
94 fprintf (fptr, R_SNARFCLOSE_C ": %lu\n", opt->snarf.close_c);
95 fprintf (fptr, R_SNARFOPEN_C ": %lu\n", opt->snarf.open_c);
96 fprintf (fptr, R_SNARFREFUSED_C ": %lu\n", opt->snarf.refused_c);
97 if (opt->lnet.device != NULL)
98 fprintf (fptr, R_IDEV ": %s\n", opt->lnet.device);
99 else
100 fprintf (fptr, R_IDEV ": \n");
101
102 if (opt->hostfile != NULL)
103 fprintf (fptr, R_HOSTFILE ": %s\n", opt->hostfile);
104 else
105 fprintf (fptr, R_HOSTFILE ": \n");
106
107 fclose (fptr);
108
109 return (0);
110}
111
112int
113restore_processtag (char *tag, char *arg)
114{
115 char *ptr = arg;
116 int c = 0;
117
118 if ((arg == NULL) || (tag == NULL))
119 return (-1);
120
121 if (!strcmp (R_ARGVLIST, tag))
122 if (strlen (arg) > 0)
123 {
124 int toggle = 0;
125 while (*ptr != '\0')
126 if (*ptr++ == '"')
127 c++;
128 ptr = arg;
129 c = c / 2;
130 if (c <= 0)
131 return (-1); /* this should not happen */
132 if ((opt->argvlist = malloc ((c + 1) * sizeof (char *))) == NULL)
133 return (-1);
134 for (toggle = 0; toggle < c + 1; toggle++)
135 opt->argvlist[toggle] = NULL;
136
137 toggle = 0;
138 ptr = arg;
139 c = 0;
140 while (*ptr != '\0')
141 if (*ptr++ == '"')
142 {
143 *(ptr - 1) = '\0';
144 if (toggle++ == 1)
145 {
146 toggle = 0;
147 continue;
148 }
149 opt->argvlist[c++] = ptr;
150 }
151
152 /* strings are ready + \0 terminated here */
153
154 for (toggle = 0; toggle < c; toggle++)
155 opt->argvlist[toggle] = strdup (opt->argvlist[toggle]);
156
157 return (0);
158 }
159
160 if (!strcmp (R_MODARG, tag))
161 loadinit_mod(arg);
162
163 if (!strcmp (R_DELAY, tag))
164 opt->delay = atoi (arg);
165 if (!strcmp (R_LIMIT, tag))
166 opt->limit = atoi (arg);
167 if (!strcmp (R_PSCANSTAT, tag))
168 opt->pscanstat = atoi (arg);
169 if (!strcmp (R_IPSCAN_COUNT, tag))
170 opt->ipscan_count = strtoul (arg, NULL, 10);
171 if (!strcmp (R_IPTOTSCAN_C, tag))
172 opt->iptotscan_count = strtoul (arg, NULL, 10);
173 if (!strcmp (R_BSENT_COUNT, tag))
174 opt->bsent_count = strtoul (arg, NULL, 10);
175 if (!strcmp (R_IP_OFFSET, tag))
176 opt->ip_offset = strtoul (arg, NULL, 10);
177 if (!strcmp (R_IP_BLKLEN, tag))
178 opt->ip_blklen = strtoul (arg, NULL, 10);
179 if (!strcmp (R_IP_POS, tag))
180 opt->ip_pos = strtoul (arg, NULL, 10);
181 if (!strcmp (R_SCAN_TIME, tag))
182 { /* doing the date trick ..we had a scannerdowntime.. */
183 gettimeofday (&opt->scan_start, NULL);
184 opt->scan_start.tv_sec =
185 opt->scan_start.tv_sec - strtoul (arg, NULL, 10);
186 }
187 if (!strcmp (R_SPF_SIP, tag))
188 opt->nt.src = inet_addr (arg);
189 if (!strcmp (R_SPF_SMAC, tag))
190 {
191 unsigned short int sp[6];
192 sscanf (arg, "%hx:%hx:%hx:%hx:%hx:%hx", &sp[0], &sp[1], &sp[2],
193 &sp[3], &sp[4], &sp[5]);
194 for (c = 0; c < 6; c++)
195 opt->spf_smac[c] = (u_char) sp[c];
196
197 }
198 if (!strcmp (R_FLAGS, tag))
199 {
200 sscanf (arg, "%hx", &opt->flags);
201 opt->flags &= ~OPT_ABRT;
202 opt->flags &= ~OPT_REST;
203 }
204 if (!strcmp (R_SNARFICMP_C, tag))
205 opt->snarf.icmp_c = strtoul (arg, NULL, 10);
206 if (!strcmp (R_SNARFCLOSE_C, tag))
207 opt->snarf.close_c = strtoul (arg, NULL, 10);
208 if (!strcmp (R_SNARFOPEN_C, tag))
209 opt->snarf.open_c = strtoul (arg, NULL, 10);
210 if (!strcmp (R_SNARFREFUSED_C, tag))
211 opt->snarf.refused_c = strtoul (arg, NULL, 10);
212 if (!strcmp (R_IDEV, tag))
213 if (strlen (arg) > 0)
214 opt->lnet.device = strdup (arg);
215 if (!strcmp (R_HOSTFILE, tag))
216 if (strlen (arg) > 0)
217 opt->hostfile = strdup (arg);
218
219 return (0);
220}
221
222
223/*
224 * read restore-file
225 * return 0 on success, -1 on failure
226 * sscanf is exploitable. have fun. What kind of stupid admin
227 * who set a +s on this programm. harhar
228 */
229int
230read_restore (char *filename)
231{
232 FILE *fptr;
233 char buf[1024];
234 char tag[1024], arg[1024];
235
236 if (opt->flags & OPT_VERB)
237 fprintf (stderr, "Reading restore file '%s'.\n", filename);
238
239 if ((fptr = fopen (filename, "rb")) == NULL)
240 {
241 printf ("OPEN FAILED\n");
242 return (-1);
243 }
244
245 while (fgets (buf, sizeof (buf), fptr) != NULL)
246 {
247 if (strchr (buf, '#') != NULL)
248 continue;
249
250 tag[0] = arg[0] = '\0';
251 sscanf (buf, "%[^: ]%*[: \t]%[^#\n]%*[\n]", tag, arg);
252
253 if (restore_processtag (tag, arg) == -1)
254 {
255 fprintf (stderr, "error while processing restore file with '%s:%s' \n ", tag, arg);
256 exit (-1);
257 }
258
259 }
260
261 fclose (fptr);
262 return (0);
263}