-
Notifications
You must be signed in to change notification settings - Fork 11
/
Copy pathtarget.c
60 lines (55 loc) · 1.92 KB
/
target.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
#include <unistd.h>
#include <pthread.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include "utils.h"
__attribute__((section(".rodata.transmit"), aligned(0x10000))) const char transmit_space[0x10000] = {1};
__asm__(".text\n.globl gadget\ngadget:\n"
"xorl %eax, %eax\n"
"movb (%rdx), %ah\n"
"movl transmit_space(%eax), %eax\n"
"retq\n");
__attribute__((constructor)) void init() {
for (int i = 0; i < sizeof(transmit_space)/0x1000; i++)
*(volatile char *) &transmit_space[i*0x1000];
}
void connection_thread(FILE *client) {
char command[100];
while (fgets(command, sizeof(command), client) != NULL) {
long a, b;
sscanf(command, "%ld %ld\n", &a, &b);
fprintf(client, "%ld\n", a + b);
}
fclose(client);
}
char secret[100];
int main(int argc, char *const argv[]) {
if (argc != 3) {
fprintf(stderr, "usage: %s port secret\n", argv[0]);
return 0;
}
strcpy(secret, argv[2]);
int sock = socket(PF_INET, SOCK_STREAM, 0); check("socket");
int one = 1;
setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)); check("setsockopt");
struct addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_STREAM};
struct addrinfo *bind_addr;
getaddrinfo("localhost", argv[1], &hints, &bind_addr); check("getaddrinfo");
bind(sock, bind_addr->ai_addr, bind_addr->ai_addrlen); check("bind");
listen(sock, 10); check("listen");
printf("listening on port %s\n", argv[1]);
for (;;) {
struct sockaddr addr;
socklen_t addr_len;
int client_fd = accept(sock, &addr, &addr_len); check("accept");
FILE *client = fdopen(client_fd, "r+"); check("fdopen");
pthread_t thread;
pthread_create(&thread, NULL, (void*(*)(void*)) connection_thread, client);
pthread_detach(thread);
}
}