summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEpoch Qwert <epoch@53flpnlls43fcguy.onion>2014-10-23 01:20:02 -0500
committerEpoch Qwert <epoch@53flpnlls43fcguy.onion>2014-10-23 01:20:02 -0500
commit8c542d83091f9ba5ccb095fad730651f8e6c1eef (patch)
treead26b5a7686d7b78888fa052226551255e3d8633
parent12201178a5950eecd9537e642b1246011490b499 (diff)
downloadmisc-8c542d83091f9ba5ccb095fad730651f8e6c1eef.tar.gz
misc-8c542d83091f9ba5ccb095fad730651f8e6c1eef.zip
fixed gopherd's LFI and added excuting files.
httpd had flushing issues. realpath is new! does what it says. gives absolute path of a file. deddos, peerip, peerip.pl, were laying around elsewhere. gethostbyname got a new trick. can do decimal addresses among other things. hop0 is a shell script that gets what IP will be put on the source address of outgoing packets sent to $1. rtfs.
-rw-r--r--.gitignore2
-rwxr-xr-xnocompile/bin/hop06
-rwxr-xr-xnocompile/libexec/gopherd.sh33
-rwxr-xr-xnocompile/libexec/peerip.pl5
-rwxr-xr-xrebuild.sh4
-rw-r--r--src/bin/gethostbyname.c10
-rw-r--r--src/bin/realpath.c10
-rw-r--r--src/libexec/deddos.c53
-rw-r--r--src/libexec/httpd.c13
-rw-r--r--src/libexec/peerip.c13
10 files changed, 143 insertions, 6 deletions
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..867ebf8
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+bin
+libexec
diff --git a/nocompile/bin/hop0 b/nocompile/bin/hop0
new file mode 100755
index 0000000..7dc0812
--- /dev/null
+++ b/nocompile/bin/hop0
@@ -0,0 +1,6 @@
+#!/bin/sh
+if [ "_$(uname -s)" != "_Linux" ];then
+ /sbin/route -n get "$1" | grep "local addr" | cut -d: -f2 | tr -d ' '
+else
+ /sbin/ip r g "$1" | cut '-d ' -f8
+fi
diff --git a/nocompile/libexec/gopherd.sh b/nocompile/libexec/gopherd.sh
new file mode 100755
index 0000000..6d12cd6
--- /dev/null
+++ b/nocompile/libexec/gopherd.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+#I'm aware of the LFI. Have fun looking around my server.
+read -t 10 req
+base="$1"
+req=$(echo "$req" | tr -d '\r')
+realpath=$(realpath ${base}${req})
+if grep -v "^${base}" <<< "${realpath}" > /dev/null;then
+ echo ${base}
+ echo ${realpath}
+ exit 1
+fi
+hostname=$(/usr/local/bin/hop0 $(/usr/local/libexec/peerip))
+type=$(file "${realpath}" | cut -d: -f2-)
+if grep directory <<< "$type" 2>&1 > /dev/null; then
+ if [ -e "${realpath}/.header" ];then
+ cat "${realpath}/.header" | sed "s/^/i&/g" | sed "s/\$/"`printf "\r"`"/g"
+ fi
+ for i in $(ls "${realpath}");do
+ stype=$(file "${realpath}/${i}" | cut -d: -f2-)
+ if grep directory <<< "$stype" 2>&1 > /dev/null; then
+ printf "1%s\t%s\t%s\t70\r\n" ${req}/${i} ${req}/${i} $hostname
+ else
+ printf "0%s\t%s\t%s\t70\r\n" ${req}/${i} ${req}/${i} $hostname
+ fi
+ done
+ printf ".\r\n"
+else
+ if stat "${realpath}" | cut '-d ' -f3 | grep x >/dev/null;then
+ "${realpath}"
+ else
+ cat "${realpath}"
+ fi
+fi
diff --git a/nocompile/libexec/peerip.pl b/nocompile/libexec/peerip.pl
new file mode 100755
index 0000000..2000ad9
--- /dev/null
+++ b/nocompile/libexec/peerip.pl
@@ -0,0 +1,5 @@
+#!/usr/pkg/bin/perl
+use Socket;
+($port,$addr) = sockaddr_in(getpeername(STDIN));
+print inet_ntoa($addr) . "\n";
+
diff --git a/rebuild.sh b/rebuild.sh
index f705cdb..62380e3 100755
--- a/rebuild.sh
+++ b/rebuild.sh
@@ -1,4 +1,6 @@
-#!/bin/sh -v
+#!/bin/sh -vq
+rm bin/*
+rm libexec/*
for i in src/*;do
iout=$(basename $i)
mkdir -p $iout
diff --git a/src/bin/gethostbyname.c b/src/bin/gethostbyname.c
index 646bf0a..b670b1e 100644
--- a/src/bin/gethostbyname.c
+++ b/src/bin/gethostbyname.c
@@ -1,10 +1,18 @@
#include <stdio.h>
#include <netdb.h>
+#include <arpa/inet.h>
int main(int argc,char *argv[]) {
int i;
if(argc < 2) return 1;
- struct hostent *he=gethostbyname(argv[1]);
+ char *addr;
+ struct in_addr saddr;
+ if(inet_aton(argv[1],&saddr))
+ addr=inet_ntoa(saddr);
+ else
+ addr=argv[1];
+ struct hostent *he=gethostbyname(addr);
+
for(i=0;he->h_addr_list[i];i++) {
printf("%u.%u.%u.%u\n",
(unsigned char)he->h_addr_list[i][0],
diff --git a/src/bin/realpath.c b/src/bin/realpath.c
new file mode 100644
index 0000000..e47f020
--- /dev/null
+++ b/src/bin/realpath.c
@@ -0,0 +1,10 @@
+#include <stdio.h>
+#include <sys/param.h>
+#include <stdlib.h>
+
+int main(int argc,char *argv[]) {
+ char path[MAXPATHLEN+1];
+ if(!realpath(argv[1],path)) return 1;
+ puts(path);
+ return 0;
+}
diff --git a/src/libexec/deddos.c b/src/libexec/deddos.c
new file mode 100644
index 0000000..245ba41
--- /dev/null
+++ b/src/libexec/deddos.c
@@ -0,0 +1,53 @@
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/socket.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+#include <signal.h>
+
+void ignore(int a) {}
+
+int main(int argc,char *argv[]) {
+ int i;
+ struct sockaddr sa;
+ signal(SIGALRM,exit);
+ alarm(10);
+ int sl=sizeof(sa);
+ char host[256];
+ char serv[256];
+ char cmd[256];
+ char line[256];
+ char iface[256];
+ char *name[16];
+ getpeername(0,&sa,&sl);
+ //this function is nifty as shit.
+ getnameinfo(&sa,sl,host,256,serv,256,NI_NUMERICHOST);
+ printf("connecting from: %s port %s\n",host,serv);
+ fflush(stdout);
+ printf("select interface:\n");
+ fflush(stdout);
+ system("/bin/cat /etc/interfaces | /usr/bin/tr '\n' ' ' | /usr/bin/fold");
+ fflush(stdout);
+ fgets(iface,sizeof(iface)-1,stdin);
+ for(i=0;iface[i];i++) {
+ if((iface[i] >= 'a' && iface[i] <= 'z') || (iface[i] >= '0' && iface[i] <= '9')) {
+
+ } else {
+ iface[i]=0;
+ }
+ }
+ alarm(60);
+ name[0]="/usr/sbin/tcpdump";
+ name[1]="-c10";
+ name[2]="-ni";
+ name[3]=iface;
+ name[4]="host";
+ name[5]=host;
+ name[6]="and";
+ name[7]="proto";
+ name[8]="UDP";
+ name[9]=0;
+ execv(name[0],name);
+ printf("shit fucked.\n");
+}
diff --git a/src/libexec/httpd.c b/src/libexec/httpd.c
index 4b14269..9da149f 100644
--- a/src/libexec/httpd.c
+++ b/src/libexec/httpd.c
@@ -2,13 +2,15 @@
#include <string.h>
#include <fcntl.h>
#include <unistd.h>
+#include <syslog.h>
#define VHOST_ROOT "/var/www"
#define CGI "cgi-bin"
#define SERVER "epochttpd/2.0 (Unix)"
void standard_headers() {
- printf("Server: %s\n",SERVER);
+ printf("Server: %s\r\n",SERVER);
+ printf("Connection: close\r\n");
}
int main(int argc,char *argv[]) {
@@ -22,6 +24,8 @@ int main(int argc,char *argv[]) {
char *get_param;
char line[getpagesize()];
fgets(line,sizeof(line)-1,stdin);
+// syslog(LOG_INFO,"ADDRESS did a LINE");
+// syslog(LOG_WARNING,"httpd syslog test\n");
if(!strchr(line,'\n')) {
printf("HTTP/1.1 413 Entity Too Large\r\n");
standard_headers();
@@ -71,7 +75,7 @@ int main(int argc,char *argv[]) {
printf("Location: /%sindex.html\r\n\r\n",page);
return 0;
}
- if(fd=open(page,O_RDONLY) != -1) {//need to check that the file isn't a directory. :P
+ if((fd=open(page,O_RDONLY)) != -1) {//need to check that the file isn't a directory. :P
printf("HTTP/1.1 200 OK\r\n");
standard_headers();
name[0]="/usr/local/bin/mime-type";
@@ -92,8 +96,9 @@ int main(int argc,char *argv[]) {
wait(&s);
fflush(stdout);
printf("\r\n");
- while((n=read(fd,line,sizeof(line))) > 0) {
- write(1,line,n);
+ fflush(stdout);
+ while((n=read(fd,line,sizeof(line)-1)) > 0) {
+ write(STDOUT_FILENO,line,n);
}
} else {
printf("HTTP/1.1 404 Not Found\r\n");
diff --git a/src/libexec/peerip.c b/src/libexec/peerip.c
new file mode 100644
index 0000000..d35aca7
--- /dev/null
+++ b/src/libexec/peerip.c
@@ -0,0 +1,13 @@
+#include <stdio.h>
+#include <sys/socket.h>
+#include <netdb.h>
+
+int main(int argc,char *argv[]) {
+ int i;
+ struct sockaddr sa;
+ int sl=sizeof(sa);
+ char host[256];
+ getpeername(0,&sa,&sl);
+ getnameinfo(&sa,sl,host,256,0,0,NI_NUMERICHOST);
+ puts(host);
+}