BOOLEAN getlogin( socket mysocket ) { unsigned long misc1; //maybe should be div_t (optimized) char hexstring[32]; unsigned long flag, ctr; char greeting[256]; char socketbuff_in[128]; flag = false; //whatever so im qualifying it as a pseudo-boolean sprintf(greeting,"%s\r\n%s","WinEggDrop TEXT","Enter Password:"); send_texta(mysocket,greeting); memset(greeting,'\0', sizeof(greeting)); ctr = GetTickCount(); socketinput: memset(socketbuff_in, '\0', sizeof(socketbuff_in)); recv(mysocket, socketbuff_in, sizeof(greeting), 0); //really suspect error if ( flag ) { if ((strlen( greeting ) + strlen( socketbuff_in )) < 64) { strcat( greeting , socketbuff_in ); } else { goto finishprocessing; } } else if (0 != strlen( socketbuff_in )) { strcpy( greeting, socketbuff_in ); // AHA! very suspect! ++flag; } else { return false; } misc1 = (1000 / ( GetTickCount() - ctr )); if (misc1 < 12) { if ( *(socketbuff_in + strlen( socketbuff_in ) - 1) == 0x0D ) { goto finishprocessing; } else if ( *(socketbuff_in + strlen( socketbuff_in ) - 1) != 0x0A ) { goto socketinput; } else { goto finishprocessing; } } else { send_texta(mysocket,"TimeoutMessage"); return false; } finishprocessing: cleanup( greeting ); convert_hex_to_hexstring( hexstring, greeting ); if ( !my_strcmp( hexstring , PasswordAsHexString ) ) { if ( !my_strcmp( hexstring, 32byteHexString ) ) // oh-oh! two allowed passwords!!! { return false; // not logged in } } return true; // logged in }
//FTP USER command bof? .text:100027BD push offset aUser ; "USER" .text:100027C2 call _strlen .text:100027C7 add esp, 4 .text:100027CA lea edi, [ebp+eax-103h] .text:100027D1 push edi .text:100027D2 push offset aS ; "%s" .text:100027D7 lea edi, [ebp+var_208] .text:100027DD push edi ; char * .text:100027DE call _sprintf
There are 31,319 total registered users.
[+] expand