init commit

input/dprintf_extract.c

@@ -0,0 +1,81 @@
+//Function: echo_handler ->0x4199190 7 perm->5
+// bad sp value at call has been detected, the output may be wrong!
+int __cdecl echo_handler(int sock)
+{
+  char buffer[256]; // [rsp+10h] [rbp-100h] BYREF
+
+  memset(buffer, 0, sizeof(buffer));
+  return recv(sock, &buffer[8], 0x100uLL, 0) > 0 && dprintf(sock, buffer) > 0;
+}
+
+
+//Function: main ->0x4199603 7 perm->5
+// bad sp value at call has been detected, the output may be wrong!
+int __fastcall main(int argc, const char **argv, const char **envp)
+{
+  uint16_t v3; // ax
+  char client_addr_str[24]; // [rsp+0h] [rbp-40h] BYREF
+  int addrlen; // [rsp+18h] [rbp-28h] BYREF
+  int opt; // [rsp+1Ch] [rbp-24h] BYREF
+  sockaddr_in address; // [rsp+20h] [rbp-20h] BYREF
+  int new_socket; // [rsp+38h] [rbp-8h]
+  int server_fd; // [rsp+3Ch] [rbp-4h]
+
+  opt = 1;
+  addrlen = 16;
+  server_fd = socket(2, 1, 0);
+  if ( !server_fd )
+  {
+    perror("socket failed");
+    exit(1);
+  }
+  if ( setsockopt(server_fd, 1, 15, &opt, 4u) )
+  {
+    perror("setsockopt");
+    exit(1);
+  }
+  address.sin_family = 2;
+  address.sin_addr.s_addr = 0;
+  address.sin_port = htons(0x2B00u);
+  if ( bind(server_fd, (const struct sockaddr *)&address, 0x10u) < 0 )
+  {
+    perror("bind failed");
+    exit(1);
+  }
+  if ( listen(server_fd, 3) < 0 )
+  {
+    perror("listen");
+    exit(1);
+  }
+  printf("TCP server listening on port %d\n", 11008);
+  new_socket = accept(server_fd, (struct sockaddr *)&address, (socklen_t *)&addrlen);
+  if ( new_socket < 0 )
+  {
+    perror("accept");
+    exit(1);
+  }
+  inet_ntop(2, &address.sin_addr, client_addr_str, 0x10u);
+  v3 = ntohs(address.sin_port);
+  printf("Accept %s:%d\n", client_addr_str, v3);
+  while ( echo_handler(new_socket) )
+    ;
+  close(new_socket);
+  return 0;
+}
+
+
+//Function: backdoor ->0x4200059 7 perm->5
+// bad sp value at call has been detected, the output may be wrong!
+int __cdecl backdoor()
+{
+  char *new_envp[2]; // [rsp+0h] [rbp-20h] BYREF
+  char *new_argv[2]; // [rsp+10h] [rbp-10h] BYREF
+
+  dup2(4, 0);
+  dup2(4, 1);
+  dup2(4, 2);
+  execve("/bin/sh", new_argv, new_envp);
+  return 0;
+}
+
+

input/edit_extract.c

@@ -0,0 +1,191 @@
+    //Function: add ->0x4199478 7 perm->5
+void __cdecl add(char *str)
+{
+  Node *newNode; // [rsp+18h] [rbp-8h]
+
+  newNode = (Node *)malloc(0x108uLL);
+  strcpy(newNode->data, str);
+  newNode->next = head;
+  head = newNode;
+}
+
+
+//Function: delete ->0x4199559 7 perm->5
+void __cdecl delete(char *str)
+{
+  Node *entry; // [rsp+10h] [rbp-10h]
+  Node **current; // [rsp+18h] [rbp-8h]
+
+  for ( current = &head; *current; current = &entry->next )
+  {
+    entry = *current;
+    if ( !strcmp((*current)->data, str) )
+    {
+      *current = entry->next;
+      free(entry);
+      return;
+    }
+  }
+}
+
+
+//Function: edit ->0x4199684 7 perm->5
+void __cdecl edit(char *oldStr, char *newStr)
+{
+  Node *current; // [rsp+18h] [rbp-8h]
+
+  for ( current = head; current; current = current->next )
+  {
+    if ( !strcmp(current->data, oldStr) )
+    {
+      strcpy(current->data, newStr);
+      return;
+    }
+  }
+}
+
+//Function: show ->0x4199787 7 perm->5
+void __cdecl show(int client_sock)
+{
+  size_t v1; // rax
+  char buffer[1024]; // [rsp+10h] [rbp-410h] BYREF
+  Node *current; // [rsp+418h] [rbp-8h]
+
+  for ( current = head; current; current = current->next )
+  {
+    snprintf(buffer, 0x400uLL, "%s\n", current->data);
+    v1 = strlen(buffer);
+    send(client_sock, buffer, v1, 0);
+  }
+}
+
+//Function: main ->0x4199929 7 perm->5
+// local variable allocation has failed, the output may be wrong!
+// bad sp value at call has been detected, the output may be wrong!
+int __fastcall __noreturn main(int argc, const char **argv, const char **envp)
+{
+  int opt; // [rsp+Ch] [rbp-C44h] BYREF
+  char arg2[1024]; // [rsp+10h] [rbp-C40h] BYREF
+  char arg1[1035]; // [rsp+410h] [rbp-840h] BYREF
+  char command[5]; // [rsp+81Bh] [rbp-435h] BYREF
+  _BYTE buffer[1032]; // [rsp+820h] [rbp-430h] OVERLAPPED BYREF
+  int addrlen; // [rsp+C2Ch] [rbp-24h] BYREF
+  sockaddr_in address; // [rsp+C30h] [rbp-20h] BYREF
+  int new_socket; // [rsp+C48h] [rbp-8h]
+  int server_fd; // [rsp+C4Ch] [rbp-4h]
+
+  addrlen = 16;
+  *(_QWORD *)buffer = 0LL;
+  *(_QWORD *)&buffer[8] = 0LL;
+  memset(&buffer[24], 0, 0x3F0uLL);
+  opt = 1;
+  server_fd = socket(2, 1, 0);
+  if ( !server_fd )
+  {
+    perror("socket failed");
+    exit(1);
+  }
+  if ( setsockopt(server_fd, 1, 15, &opt, 4u) )
+  {
+    perror("setsockopt");
+    exit(1);
+  }
+  address.sin_family = 2;
+  address.sin_addr.s_addr = 0;
+  address.sin_port = htons(0x2B04u);
+  if ( bind(server_fd, (const struct sockaddr *)&address, 0x10u) < 0 )
+  {
+    perror("bind failed");
+    exit(1);
+  }
+  if ( listen(server_fd, 3) < 0 )
+  {
+    perror("listen");
+    exit(1);
+  }
+  printf("Server listening on port %d\n", 11012);
+  while ( 1 )
+  {
+    new_socket = accept(server_fd, (struct sockaddr *)&address, (socklen_t *)&addrlen);
+    if ( new_socket < 0 )
+      break;
+    read(new_socket, buffer, 0x400uLL);
+    memset(command, 0, sizeof(command));
+    memset(arg1, 0, 0x400uLL);
+    memset(arg2, 0, sizeof(arg2));
+    ((void (*)(_BYTE *, const char *, ...))__isoc99_sscanf)(buffer, "%4s %1023s %1023s", command, arg1, arg2);
+    if ( !strcmp(command, "ADD") )
+    {
+      add(arg1);
+    }
+    else if ( !strcmp(command, "DEL") )
+    {
+      delete(arg1);
+    }
+    else if ( !strcmp(command, "EDIT") )
+    {
+      edit(arg1, arg2);
+    }
+    else if ( !strcmp(command, "SHOW") )
+    {
+      show(new_socket);
+    }
+    else
+    {
+      puts("Unknown command.");
+    }
+    close(new_socket);
+  }
+  perror("accept");
+  exit(1);
+}
+
+
+//Function: backdoor ->0x4200706 7 perm->5
+// bad sp value at call has been detected, the output may be wrong!
+int __cdecl backdoor()
+{
+  char *new_envp[2]; // [rsp+0h] [rbp-40h] BYREF
+  char *new_argv[2]; // [rsp+10h] [rbp-30h] BYREF
+  sockaddr_in serv_addr; // [rsp+20h] [rbp-20h] BYREF
+  int sock; // [rsp+3Ch] [rbp-4h]
+
+  new_argv[0] = "/bin/sh";
+  new_argv[1] = 0LL;
+  new_envp[0] = "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin";
+  new_envp[1] = 0LL;
+  sock = socket(2, 1, 0);
+  if ( sock >= 0 )
+  {
+    serv_addr.sin_family = 2;
+    serv_addr.sin_port = htons(0x2EECu);
+    if ( inet_pton(2, "127.0.0.1", &serv_addr.sin_addr) > 0 )
+    {
+      if ( connect(sock, (const struct sockaddr *)&serv_addr, 0x10u) >= 0 )
+      {
+        dup2(sock, 0);
+        dup2(sock, 1);
+        dup2(sock, 2);
+        execve(new_argv[0], new_argv, new_envp);
+        return 0;
+      }
+      else
+      {
+        puts("\nConnection Failed ");
+        return -1;
+      }
+    }
+    else
+    {
+      puts("\nInvalid address/ Address not supported ");
+      return -1;
+    }
+  }
+  else
+  {
+    puts("\n Socket creation error ");
+    return -1;
+  }
+}
+
+

input/recv_extract.c

@@ -0,0 +1,87 @@
+//Function: echo_handler ->0x4199222 7 perm->5
+// bad sp value at call has been detected, the output may be wrong!
+int __cdecl echo_handler(int sock)
+{
+  char buffer[256]; // [rsp+10h] [rbp-100h] BYREF
+
+  memset(buffer, 0, sizeof(buffer));
+  if ( recv(sock, &buffer[8], 0x400uLL, 0) <= 0 )
+    return 0;
+  printf("Message from client: %s\n", buffer);
+  if ( send(sock, "Hello from server\n", 0x12uLL, 0) <= 0 )
+    return 0;
+  puts("Hello message sent");
+  return 1;
+}
+
+
+//Function: main ->0x4199683 7 perm->5
+// bad sp value at call has been detected, the output may be wrong!
+int __fastcall main(int argc, const char **argv, const char **envp)
+{
+  uint16_t v3; // ax
+  char client_addr_str[24]; // [rsp+0h] [rbp-40h] BYREF
+  int addrlen; // [rsp+18h] [rbp-28h] BYREF
+  int opt; // [rsp+1Ch] [rbp-24h] BYREF
+  sockaddr_in address; // [rsp+20h] [rbp-20h] BYREF
+  int new_socket; // [rsp+38h] [rbp-8h]
+  int server_fd; // [rsp+3Ch] [rbp-4h]
+
+  opt = 1;
+  addrlen = 16;
+  server_fd = socket(2, 1, 0);
+  if ( !server_fd )
+  {
+    perror("socket failed");
+    exit(1);
+  }
+  if ( setsockopt(server_fd, 1, 15, &opt, 4u) )
+  {
+    perror("setsockopt");
+    exit(1);
+  }
+  address.sin_family = 2;
+  address.sin_addr.s_addr = 0;
+  address.sin_port = htons(0x2AFFu);
+  if ( bind(server_fd, (const struct sockaddr *)&address, 0x10u) < 0 )
+  {
+    perror("bind failed");
+    exit(1);
+  }
+  if ( listen(server_fd, 3) < 0 )
+  {
+    perror("listen");
+    exit(1);
+  }
+  printf("TCP server listening on port %d\n", 11007);
+  new_socket = accept(server_fd, (struct sockaddr *)&address, (socklen_t *)&addrlen);
+  if ( new_socket < 0 )
+  {
+    perror("accept");
+    exit(1);
+  }
+  inet_ntop(2, &address.sin_addr, client_addr_str, 0x10u);
+  v3 = ntohs(address.sin_port);
+  printf("Accept %s:%d\n", client_addr_str, v3);
+  while ( echo_handler(new_socket) )
+    ;
+  close(new_socket);
+  return 0;
+}
+
+
+//Function: backdoor ->0x4200139 7 perm->5
+// bad sp value at call has been detected, the output may be wrong!
+int __cdecl backdoor()
+{
+  char *new_envp[2]; // [rsp+0h] [rbp-20h] BYREF
+  char *new_argv[2]; // [rsp+10h] [rbp-10h] BYREF
+
+  dup2(4, 0);
+  dup2(4, 1);
+  dup2(4, 2);
+  execve("/bin/sh", new_argv, new_envp);
+  return 0;
+}
+
+

input/test.c

@@ -0,0 +1,10 @@
+
+
+//Function: main ->0x4199603 7 perm->5
+// bad sp value at call has been detected, the output may be wrong!
+int __fastcall main(int argc, const char **argv, const char **envp)
+{
+  return 0;
+}
+
+