Changeset 1410
- Timestamp:
- 10/12/07 15:07:23 (11 months ago)
- Files:
-
- nepenthes/trunk/modules/download-ftp/CTRLDialogue.cpp (modified) (2 diffs)
- nepenthes/trunk/modules/download-rcp/RCPDialogue.cpp (modified) (2 diffs)
- nepenthes/trunk/modules/log-irc/IrcDialogue.cpp (modified) (1 diff)
- nepenthes/trunk/modules/module-bridge/BridgeDialogueAccept.cpp (modified) (1 diff)
- nepenthes/trunk/modules/shellcode-generic/sch_generic_xor.hpp (modified) (1 diff)
- nepenthes/trunk/modules/shellemu-winnt/VFS.cpp (modified) (1 diff)
- nepenthes/trunk/modules/shellemu-winnt/VFSCommandFTP.cpp (modified) (1 diff)
- nepenthes/trunk/modules/shellemu-winnt/VFSCommandREDIR.cpp (modified) (1 diff)
- nepenthes/trunk/modules/shellemu-winnt/VFSCommandRREDIR.cpp (modified) (1 diff)
- nepenthes/trunk/modules/shellemu-winnt/VFSDir.hpp (modified) (1 diff)
- nepenthes/trunk/modules/vuln-bagle/BagleDialogue.cpp (modified) (1 diff)
- nepenthes/trunk/modules/vuln-ftpd/vuln-ftpd.cpp (modified) (3 diffs)
- nepenthes/trunk/modules/vuln-kuang2/Kuang2Dialogue.cpp (modified) (1 diff)
- nepenthes/trunk/modules/vuln-lsass/LSASSDialogue.cpp (modified) (1 diff)
- nepenthes/trunk/modules/vuln-mydoom/MydoomDialogue.cpp (modified) (1 diff)
- nepenthes/trunk/modules/vuln-optix/OPTIXDownloadDialogue.cpp (modified) (1 diff)
- nepenthes/trunk/modules/vuln-optix/OPTIXShellDialogue.cpp (modified) (1 diff)
- nepenthes/trunk/modules/vuln-sub7/SUB7Dialogue.cpp (modified) (1 diff)
- nepenthes/trunk/modules/x-5/x-5.cpp (modified) (1 diff)
- nepenthes/trunk/nepenthes-core/include/DialogueFactoryManager.hpp (modified) (1 diff)
- nepenthes/trunk/nepenthes-core/include/DownloadManager.hpp (modified) (1 diff)
- nepenthes/trunk/nepenthes-core/include/EventManager.hpp (modified) (1 diff)
- nepenthes/trunk/nepenthes-core/include/FILESocket.hpp (modified) (1 diff)
- nepenthes/trunk/nepenthes-core/include/POLLSocket.hpp (modified) (1 diff)
- nepenthes/trunk/nepenthes-core/include/Responder.hpp (modified) (1 diff)
- nepenthes/trunk/nepenthes-core/include/Socket.hpp (modified) (1 diff)
- nepenthes/trunk/nepenthes-core/include/TCPSocket.hpp (modified) (1 diff)
- nepenthes/trunk/nepenthes-core/include/UDPSocket.hpp (modified) (1 diff)
- nepenthes/trunk/nepenthes-core/include/UDSSocket.hpp (modified) (1 diff)
- nepenthes/trunk/nepenthes-core/src/DialogueFactoryManager.cpp (modified) (1 diff)
- nepenthes/trunk/nepenthes-core/src/DownloadManager.cpp (modified) (1 diff)
- nepenthes/trunk/nepenthes-core/src/EventManager.cpp (modified) (2 diffs)
- nepenthes/trunk/nepenthes-core/src/FILESocket.cpp (modified) (1 diff)
- nepenthes/trunk/nepenthes-core/src/Nepenthes.cpp (modified) (1 diff)
- nepenthes/trunk/nepenthes-core/src/POLLSocket.cpp (modified) (1 diff)
- nepenthes/trunk/nepenthes-core/src/TCPSocket.cpp (modified) (1 diff)
- nepenthes/trunk/nepenthes-core/src/UDPSocket.cpp (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
nepenthes/trunk/modules/download-ftp/CTRLDialogue.cpp
r590 r1410 367 367 void CTRLDialogue::sendType() 368 368 { 369 c har *nmsg = "TYPE I\r\n";369 const char *nmsg = "TYPE I\r\n"; 370 370 m_Socket->doRespond(nmsg,strlen(nmsg)); 371 371 logDebug("FTPSEND: '%s'\n",nmsg); … … 507 507 { 508 508 509 c har *nmsg = "QUIT\r\n";509 const char *nmsg = "QUIT\r\n"; 510 510 511 511 logDebug("FTPSEND: '%s'\n",nmsg); nepenthes/trunk/modules/download-rcp/RCPDialogue.cpp
r557 r1410 95 95 96 96 char zerobyte = 0; 97 c har *request ="rcp -f ";97 const char *request ="rcp -f "; 98 98 m_Socket->doWrite((char *)&zerobyte,1); 99 99 … … 102 102 m_Buffer->add((void *)m_Download->getDownloadUrl()->getUser().c_str(),m_Download->getDownloadUrl()->getUser().size()); 103 103 m_Buffer->add(&zerobyte,1); 104 m_Buffer->add( request,strlen(request));104 m_Buffer->add((void *)request,strlen(request)); 105 105 m_Buffer->add((void *)m_Download->getDownloadUrl()->getPath().c_str(),m_Download->getDownloadUrl()->getPath().size()); 106 106 m_Buffer->add(&zerobyte,1); nepenthes/trunk/modules/log-irc/IrcDialogue.cpp
r552 r1410 358 358 { 359 359 int32_t m_LogFlag; 360 c har *m_ColorFlag;360 const char *m_ColorFlag; 361 361 }; 362 362 nepenthes/trunk/modules/module-bridge/BridgeDialogueAccept.cpp
r646 r1410 88 88 } 89 89 90 c har *cmd_str[3] = {"tftp","echo","ftp"};90 const char *cmd_str[3] = {"tftp","echo","ftp"}; 91 91 92 92 uint32_t cmd,i; nepenthes/trunk/modules/shellcode-generic/sch_generic_xor.hpp
r336 r1410 40 40 struct XORPcreHelper 41 41 { 42 c har *m_PCRE;43 c har *m_Name;42 const char *m_PCRE; 43 const char *m_Name; 44 44 uint16_t m_Options; // will use this later 45 45 nepenthes/trunk/modules/shellemu-winnt/VFS.cpp
r341 r1410 77 77 m_Dialogue = dia; 78 78 79 VFSDir *cdir = new VFSDir(NULL, "c:");79 VFSDir *cdir = new VFSDir(NULL,(char *)"c:"); 80 80 m_Nodes.push_back(cdir); 81 VFSDir *wdir = cdir->createDirectory( "WINNT");82 VFSDir *sdir = wdir->createDirectory( "System32");81 VFSDir *wdir = cdir->createDirectory((char *)"WINNT"); 82 VFSDir *sdir = wdir->createDirectory((char *)"System32"); 83 83 m_CurrentDir = sdir; 84 84 nepenthes/trunk/modules/shellemu-winnt/VFSCommandFTP.cpp
r836 r1410 441 441 { 442 442 g_Nepenthes->getDownloadMgr()->downloadUrl( localhost, 443 "ftp",443 (char *)"ftp", 444 444 (char *)user.c_str(), 445 445 (char *)pass.c_str(), nepenthes/trunk/modules/shellemu-winnt/VFSCommandREDIR.cpp
r550 r1410 82 82 83 83 file->addData((char *)m_VFS->getStdOut()->c_str(),m_VFS->getStdOut()->size()); 84 file->addData( "\n",1);84 file->addData((char *)"\n",1); 85 85 logDebug("file is '%.*s' \n",file->getSize(),(char *)file->getData()); 86 86 m_VFS->freeStdout(); nepenthes/trunk/modules/shellemu-winnt/VFSCommandRREDIR.cpp
r550 r1410 79 79 80 80 file->addData((char *)m_VFS->getStdOut()->c_str(),m_VFS->getStdOut()->size()); 81 file->addData( "\n",1);81 file->addData((char *)"\n",1); 82 82 logDebug("file is '%.*s' \n",file->getSize(),(char *)file->getData()); 83 83 m_VFS->freeStdout(); nepenthes/trunk/modules/shellemu-winnt/VFSDir.hpp
r321 r1410 46 46 { 47 47 public: 48 VFSDir(VFSNode *parentnode, 48 VFSDir(VFSNode *parentnode,char *name); 49 49 ~VFSDir(); 50 50 virtual VFSDir* getDirectory(char *dirname); nepenthes/trunk/modules/vuln-bagle/BagleDialogue.cpp
r836 r1410 157 157 logInfo("Unexpected but detected: Bagle Binary Stream (%i bytes)\n",m_FileSize); 158 158 m_State = BAGLE_BINARY; 159 m_Download = new Download(m_Socket->getRemoteHost(), "bagle://",m_Socket->getRemoteHost(),"bagle://foo/bar");159 m_Download = new Download(m_Socket->getRemoteHost(),(char *)"bagle://",m_Socket->getRemoteHost(),(char *)"bagle://foo/bar"); 160 160 m_Download->getDownloadBuffer()->addData(msg->getMsg()+4,msg->getSize()-4); 161 161 return CL_ASSIGN_AND_DONE; nepenthes/trunk/modules/vuln-ftpd/vuln-ftpd.cpp
r836 r1410 179 179 m_Shellcode = new Buffer(4096); 180 180 m_Buffer = new Buffer(4096); 181 c har * banner1 = "220 ---freeFTPd 1.0---warFTPd 1.65---\r\n";181 const char * banner1 = "220 ---freeFTPd 1.0---warFTPd 1.65---\r\n"; 182 182 m_Socket->doRespond(banner1, strlen(banner1)); 183 183 m_state = FTP_NULL; … … 200 200 ConsumeLevel FTPdDialogue::incomingData(Message *msg) 201 201 { 202 c har* s_quit = "221-Quit.\r\n221 Goodbye!\r\n";203 c har* s_user_ok = "331 User OK, Password required\r\n";202 const char* s_quit = "221-Quit.\r\n221 Goodbye!\r\n"; 203 const char* s_user_ok = "331 User OK, Password required\r\n"; 204 204 //char* s_unknown_command = "500-Unknown Command\r\n"; 205 c har* s_server_error = "501 Server Error\r\n";206 c har* s_not_logged_in = "530 You are not logged in\r\n";207 c har* s_auth_failed = "530 Authentication failed, sorry\r\n";208 209 c har* cmd_user = "USER";210 c har* cmd_pass = "PASS";211 c har* cmd_quit = "QUIT";205 const char* s_server_error = "501 Server Error\r\n"; 206 const char* s_not_logged_in = "530 You are not logged in\r\n"; 207 const char* s_auth_failed = "530 Authentication failed, sorry\r\n"; 208 209 const char* cmd_user = "USER"; 210 const char* cmd_pass = "PASS"; 211 const char* cmd_quit = "QUIT"; 212 212 213 213 uint32_t threshold = 40; … … 444 444 // warFTPd 1.65 exploit 445 445 // Win32 Opcode List 446 c har* opcodes[3] = {"\xe2\x31\x02\x75", "\x54\x1d\xab\x71", "\x72\x93\xab\x71"};446 const char* opcodes[3] = {"\xe2\x31\x02\x75", "\x54\x1d\xab\x71", "\x72\x93\xab\x71"}; 447 447 448 448 if ( line.size() > 500 ) nepenthes/trunk/modules/vuln-kuang2/Kuang2Dialogue.cpp
r550 r1410 131 131 logInfo("Kuang2 File upload requested %s %i\n",m_FileName.c_str(),m_FileSize); 132 132 m_State = KUANG2_FILETRANSFERR; 133 m_Download = new Download(msg->getLocalHost(), "kuang2://foo/bar",msg->getRemoteHost(),"some triggerline");133 m_Download = new Download(msg->getLocalHost(),(char*)"kuang2://foo/bar",msg->getRemoteHost(),(char*)"some triggerline"); 134 134 m_Buffer->clear(); 135 135 nepenthes/trunk/modules/vuln-lsass/LSASSDialogue.cpp
r836 r1410 147 147 m_State = LSASS_HOD_STAGE4; 148 148 m_Buffer->clear(); 149 c har *osversion = "W i n d o w s 5 . 1 ";149 const char *osversion = "W i n d o w s 5 . 1 "; 150 150 memcpy(reply+48,osversion,strlen(osversion)); 151 151 msg->getResponder()->doRespond(reply,256); nepenthes/trunk/modules/vuln-mydoom/MydoomDialogue.cpp
r639 r1410 122 122 url += inet_ntoa(*(struct in_addr *)&remote); 123 123 124 m_Download = new Download(msg->getLocalHost(),(char *)url.c_str(),msg->getRemoteHost(), "some triggerline");124 m_Download = new Download(msg->getLocalHost(),(char *)url.c_str(),msg->getRemoteHost(),(char*)"some triggerline"); 125 125 m_Download->getDownloadBuffer()->addData((char *)m_Buffer->getData(),m_Buffer->getSize()); 126 126 m_Buffer->clear(); nepenthes/trunk/modules/vuln-optix/OPTIXDownloadDialogue.cpp
r341 r1410 134 134 msg->getResponder()->doRespond("+OK REDY",strlen("+OK REDY")); 135 135 m_State = OPTIX_DL_FILETRANSFERR; 136 m_Download = new Download(msg->getRemoteHost(), "optix://foo/bar",msg->getRemoteHost(),"some triggerline");136 m_Download = new Download(msg->getRemoteHost(),(char *)"optix://foo/bar",msg->getRemoteHost(),(char *)"some triggerline"); 137 137 } 138 138 break; nepenthes/trunk/modules/vuln-optix/OPTIXShellDialogue.cpp
r836 r1410 117 117 // this will just open the optix downloadmanagers bind socket it its closed 118 118 119 g_Nepenthes->getDownloadMgr()->downloadUrl(msg->getLocalHost(), "optix://localhost:500/file",msg->getRemoteHost(),"optix foobar",0);119 g_Nepenthes->getDownloadMgr()->downloadUrl(msg->getLocalHost(),(char *)"optix://localhost:500/file",msg->getRemoteHost(),(char *)"optix foobar",0); 120 120 } 121 121 } nepenthes/trunk/modules/vuln-sub7/SUB7Dialogue.cpp
r332 r1410 144 144 m_State = SUB7_FILETRANSFERR; 145 145 m_Buffer->clear(); 146 m_Download = new Download(msg->getRemoteHost(), "sub7://foo/bar",msg->getRemoteHost(),"some triggerline");146 m_Download = new Download(msg->getRemoteHost(),(char *)"sub7://foo/bar",msg->getRemoteHost(),(char *)"some triggerline"); 147 147 free(filesize); 148 148 } nepenthes/trunk/modules/x-5/x-5.cpp
r550 r1410 107 107 m_Events.set(EV_TIMEOUT); 108 108 REG_EVENT_HANDLER(this); 109 myevent = g_Nepenthes->getEventMgr()->registerEvent( "EV_X5_TEST_EVENT");109 myevent = g_Nepenthes->getEventMgr()->registerEvent((char*)"EV_X5_TEST_EVENT"); 110 110 m_Events.set(myevent); 111 111 logInfo("My personal Event is %i\n",myevent); nepenthes/trunk/nepenthes-core/include/DialogueFactoryManager.hpp
r332 r1410 63 63 virtual bool registerFactory(DialogueFactory *diaf); 64 64 virtual bool unregisterFactory(DialogueFactory *diaf); 65 virtual DialogueFactory *getFactory(c har *factoryname);65 virtual DialogueFactory *getFactory(const char *factoryname); 66 66 protected: 67 67 list <DialogueFactory *> m_Factories; nepenthes/trunk/nepenthes-core/include/DownloadManager.hpp
r332 r1410 83 83 bool isLocalAddress(uint32_t ulAddress); 84 84 virtual bool downloadUrl(Download *down); 85 virtual bool downloadUrl(uint32_t localhost, char *url, uint32_t address, c har *triggerline, uint8_t downloadflags, DownloadCallback *callback=NULL, void *obj=NULL);85 virtual bool downloadUrl(uint32_t localhost, char *url, uint32_t address, const char *triggerline, uint8_t downloadflags, DownloadCallback *callback=NULL, void *obj=NULL); 86 86 virtual bool downloadUrl(uint32_t localhost, char *proto, char *user, char *pass, char *host, char *port, char *file, uint32_t address, uint8_t downloadflags); 87 87 nepenthes/trunk/nepenthes-core/include/EventManager.hpp
r332 r1410 73 73 74 74 virtual uint16_t registerEvent(char *name); 75 // virtual uint16_t registerEvent(const char *name); 75 76 // virtual int32_t getEventbyName(char *name); 76 77 private: 77 78 78 bool registerInternalEvent(c har *name, uint16_t number);79 bool registerInternalEvent(const char *name, uint16_t number); 79 80 80 81 nepenthes/trunk/nepenthes-core/include/FILESocket.hpp
r321 r1410 58 58 bool handleTimeout(); 59 59 bool doRespond(char *msg, uint32_t len); 60 bool doRespond(const char *msg, uint32_t len); 61 60 62 private: 61 63 string m_FilePath; nepenthes/trunk/nepenthes-core/include/POLLSocket.hpp
r332 r1410 58 58 virtual bool handleTimeout(); 59 59 bool doRespond(char *msg, uint32_t len); 60 bool doRespond(const char *msg, uint32_t len); 61 60 62 }; 61 63 } nepenthes/trunk/nepenthes-core/include/Responder.hpp
r321 r1410 41 41 virtual ~Responder() {}; 42 42 virtual bool doRespond(char *msg, uint32_t len)=0; 43 virtual bool doRespond(const char *msg, uint32_t len)=0; 43 44 44 45 }; nepenthes/trunk/nepenthes-core/include/Socket.hpp
r566 r1410 112 112 113 113 virtual int32_t doWrite(char *msg,uint32_t len)=0; 114 // virtual int32_t doWrite(const char *msg,uint32_t len)=0; 114 115 115 116 virtual bool checkTimeout()=0; nepenthes/trunk/nepenthes-core/include/TCPSocket.hpp
r341 r1410 57 57 bool handleTimeout(); 58 58 bool doRespond(char *msg, uint32_t len); 59 bool doRespond(const char *msg, uint32_t len); 59 60 60 61 void setStatus(socket_state i); nepenthes/trunk/nepenthes-core/include/UDPSocket.hpp
r332 r1410 58 58 bool handleTimeout(); 59 59 bool doRespond(char *msg, uint32_t len); 60 bool doRespond(const char *msg, uint32_t len); 61 60 62 private: 61 63 list <UDPPacket *> m_TxPackets; nepenthes/trunk/nepenthes-core/include/UDSSocket.hpp
r321 r1410 51 51 bool handleTimeout(); 52 52 bool doRespond(char *msg, uint32_t len); 53 bool doRespond(const char *msg, uint32_t len); 54 53 55 }; 54 56 } nepenthes/trunk/nepenthes-core/src/DialogueFactoryManager.cpp
r550 r1410 90 90 } 91 91 92 DialogueFactory *DialogueFactoryManager::getFactory(c har *factoryname)92 DialogueFactory *DialogueFactoryManager::getFactory(const char *factoryname) 93 93 { 94 94 list <DialogueFactory *>::iterator diaf; nepenthes/trunk/nepenthes-core/src/DownloadManager.cpp
r505 r1410 406 406 * @return returns downloadUrl(Download *) return value 407 407 */ 408 bool DownloadManager::downloadUrl(uint32_t localhost, char *url, uint32_t address, c har *triggerline, uint8_t downloadflags, DownloadCallback *callback, void *obj)409 { 410 Download *down = new Download(localhost, url,address, triggerline, callback,obj);408 bool DownloadManager::downloadUrl(uint32_t localhost, char *url, uint32_t address, const char *triggerline, uint8_t downloadflags, DownloadCallback *callback, void *obj) 409 { 410 Download *down = new Download(localhost, url,address, (char *)triggerline, callback,obj); 411 411 down->addDownloadFlags(downloadflags); 412 412 return downloadUrl(down); nepenthes/trunk/nepenthes-core/src/EventManager.cpp
r505 r1410 207 207 * else false 208 208 */ 209 bool EventManager::registerInternalEvent(c har *name, uint16_t number)209 bool EventManager::registerInternalEvent(const char *name, uint16_t number) 210 210 { 211 211 // check name and number are uniq … … 244 244 return retval; 245 245 } 246 247 nepenthes/trunk/nepenthes-core/src/FILESocket.cpp
r330 r1410 148 148 } 149 149 150 bool FILESocket::doRespond(const char *msg, uint32_t len) 151 { 152 return false; 153 } 154 150 155 #endif // WIN32 151 156 nepenthes/trunk/nepenthes-core/src/Nepenthes.cpp
r730 r1410 1504 1504 typedef struct 1505 1505 { 1506 c har *m_shortOpt;1507 c har *m_longOpt;1508 c har *m_Description;1509 c har *m_Default;1506 const char *m_shortOpt; 1507 const char *m_longOpt; 1508 const char *m_Description; 1509 const char *m_Default; 1510 1510 } helpstruct; 1511 1511 nepenthes/trunk/nepenthes-core/src/POLLSocket.cpp
r341 r1410 123 123 } 124 124 125 bool POLLSocket::doRespond(const char *msg, uint32_t len) 126 { 127 return false; 128 } 129 nepenthes/trunk/nepenthes-core/src/TCPSocket.cpp
r645 r1410 841 841 } 842 842 843 bool TCPSocket::doRespond(const char *msg, uint32_t len) 844 { 845 return doRespond((char *)msg, len); 846 } 847 nepenthes/trunk/nepenthes-core/src/UDPSocket.cpp
r645 r1410 492 492 } 493 493 494 bool UDPSocket::doRespond(const char *msg, uint32_t len) 495 { 496 return doRespond((char *)msg, len); 497 } 498
