2013年4月

#include 
#include 
#include 
#include 
#include 
#include 
#include 
#define	MAX_BACK 5
#define BUFF_SIZE 1024
#define TIMEOUT 30
int sockfds[MAX_BACK];
int main(int argc, char **argv)
{
	struct sockaddr_in sevaddr, cliaddr;
	socklen_t socklen = sizeof(struct sockaddr_in);
	int sockfd, newfd, maxfd,  port, iBytes;
	char	buff[BUFF_SIZE];
	int n = 1;
	if(argc != 2){
		printf("Usage: %s  n", argv[0]);
		exit(1);
	}
	port = atoi(argv[1]);
	if((sockfd=socket(AF_INET, SOCK_STREAM, 0)) == -1) {
		perror("socket:");
		exit(1);
	}
	sevaddr.sin_family = AF_INET;
	sevaddr.sin_addr.s_addr = htonl(INADDR_ANY);
	sevaddr.sin_port = htons(port);
	setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &n, sizeof(int));
	if(bind(sockfd, (struct sockaddr *)&sevaddr, socklen) == -1) {
		perror("bind:");
		exit(1);
	}
	listen(sockfd, MAX_BACK);
	printf("Listen port:%dn", port);
	int	ret;
	fd_set readfds;
	struct timeval	val;
	maxfd = sockfd;
	int i;
	int comm_amount = 0 ;
	while(1) {
		FD_ZERO(&readfds);
		FD_SET(sockfd, &readfds);
		memset(&cliaddr, 0x00, socklen);
		val.tv_sec = 2;
		val.tv_usec = 0;
		for (i=0; i < MAX_BACK; i++) {
			if(sockfds[i] != 0) {
				FD_SET(sockfds[i], &readfds);
			}
		}
		ret = select(sockfd + 1, &readfds, 0, 0, &val);
		if(ret < 0) {
			perror("select:");
			break;
		}else if (ret == 0 ) {
			printf("timeoutn");
			continue;
		}
		for (i=0; i maxfd) maxfd = newfd;
			}else {
				printf("max connection arrive, exitn");
				send(newfd,"bye", 4, 0);
				close(newfd);
				continue;
			}
		}
	}
}

在使用gethostbyname DNS查询的时候,处理很慢的情况。使用alarm设置超时时间,并用setjmp进行处理。

#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#define EXIT_SUCC	exit(0);
#define	EXIT_FAIL	exit(-1);
#define TIME_OUT	3
jmp_buf	ebuf;
void handler()
{
	longjmp(ebuf,1);
}
int main(int argc, char **argv)
{
	char		*hostname;
	char		buff[]="request msg";
	struct 		sockaddr_in sevaddr;
	int		sockfd, port, iBytes;
	struct		hostent *host;
	if(argc != 3) {
		printf("Usage: %s  n", argv[0]);
		EXIT_SUCC;
	}
	if(setjmp(ebuf)) {
		printf("gethostbyname timeoutn");
		exit(1);
	}
	hostname = argv[1];
	port	 = atoi(argv[2]);
	signal(SIGALRM, handler);
	alarm(TIME_OUT);
	if((host = gethostbyname(hostname)) == NULL) {
		perror("gethostbyname");
		EXIT_FAIL;
	}
	alarm(0);
	if((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
		perror("socket:");
		EXIT_FAIL;
	}
	memset(&sevaddr, 0x00, sizeof(struct sockaddr_in));
	sevaddr.sin_family = AF_INET;
	sevaddr.sin_addr = *((struct in_addr *)host->h_addr);
	sevaddr.sin_port = htons(port);
	printf("connect to remote server ....n");
	if(connect(sockfd, (struct sockaddr *)&sevaddr, sizeof(struct sockaddr_in)) == -1) {
		perror("connect");
		EXIT_FAIL;
	}
	iBytes = send(sockfd, buff, strlen(buff), 0);
	if(iBytes < 0) {
		perror("send");
		EXIT_FAIL;
	}
	printf("Send Data :len[%d]buff[%s]n", iBytes, buff);
	close(sockfd);
	EXIT_SUCC;
}

1、说明
pcntl是linux下的一个扩展,可以支持php的多线程操作。
pcntl_exec函数的作用是在当前进程空间执行指定程序,版本要求:PHP 4 >= 4.2.0, PHP 5
2、利用
在做渗透的时候被disable_functions卡住不能执行命令是家常便饭,今天在一国外虚拟主机上又被卡了,但我在执行phpinfo();的时候眼前闪过–enable-pcntl。当时我就偷笑了,没啥好说的,我一直强调渗透要细心做人做事也一样。
#exec.php

#/tmp/b4dboy.sh
#!/bin/bash
ls -l /
原文:http://www.secoff.net/archives/116.html

mmap原型为:

SYNOPSIS
#include
void *mmap(void *addr, size_t length, int prot, int flags,int fd, off_t offset);
int munmap(void *addr, size_t length);

offset 必须为PAGE_SIZE的整数倍
LINUX下面获取PAGE_SIZE的命令

root@bt:~/c# getconf PAGE_SIZE
4096
root@bt:~/c# cat mmap.c
#include 
#include 
#include 
#include 
#include 
#include 
#include 
int main(int argc, char **argv)
{
	char buff[1024];
	char *mmaped;
	int fd;
	int offset, realOffset, length, realLen;
	if(argc != 4) {
		printf("Usage:%s   n", argv[0]);
		exit(1);
	}
	if((fd=open(argv[1], O_RDWR)) < 0) {
		perror("open");
		exit(1);
	}
	offset = atoi(argv[2]);
	length = atoi(argv[3]);
	printf("System Page_Size:[%ld]n", sysconf(_SC_PAGE_SIZE));
	realOffset = offset & ~(sysconf(_SC_PAGE_SIZE) - 1);  //必须为PAGE_SIZE倍数
	printf("realOffset:[%d]n", realOffset);
	realLen = length + offset - realOffset;
	printf("realLen:[%d]n", realLen);
	if((mmaped = mmap(NULL, realLen, PROT_READ|PROT_WRITE, MAP_SHARED, fd, realOffset)) == (void *)-1) {
		perror("mmap");
		exit(1);
	}
	close(fd);
	memset(buff,0x00,sizeof(buff));
	memcpy(buff, mmaped, realLen);
	printf("buff:[%s]n", buff);
	munmap(mmaped, realLen);
	return 0;
}
root@bt:~/c# gcc mmap.c
root@bt:~/c# ./a.out data.txt 4096  7
System Page_Size:[4096]
realOffset:[4096]
realLen:[7]
buff:[567890
]
root@bt:~/c# ./a.out data.txt 1  7
System Page_Size:[4096]
realOffset:[0]
realLen:[8]
buff:[12345678]
root@bt:~/c#

以后,争取每天写一个工作除外的程序,练习练习代码能力。主要是方便自己看,不是学习系列,误伤莫怪。
上代码了

root@bt:~/c/network# cat server.c
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
int main(int argc, char *argv[])
{
	struct sockaddr_in server_addr;
	struct sockaddr_in client_addr;
	int port;
	int sin_size;
	int sockfd, new_sockfd;
	char hello[]="hello,world for inetd";
	if(argc != 2) {
		fprintf(stderr, "[Usage:] %s postan", argv[0]);
		exit(1);
	}
	port = atoi(argv[1]);
	printf("port=%dn", port);
	if((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
		fprintf(stderr, "socket error %san", strerror(errno));
		exit(1);
	}
	int n = 1;
	setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &n ,sizeof(n));
	bzero(&server_addr, sizeof(struct sockaddr_in));
	server_addr.sin_family = AF_INET;
	server_addr.sin_addr.s_addr = htonl(INADDR_ANY);
	server_addr.sin_port = htons(port);
	if(bind(sockfd, (struct sockaddr *)(&server_addr), sizeof(struct sockaddr)) == -1){
		fprintf(stderr,"bind error %san", strerror(errno));
		exit(1);
	}
	if(listen(sockfd, 5) == -1) {
		fprintf(stderr, "listen error %san", strerror(errno));
		exit(1);
	}
	while ( 1 ) {
		sin_size = sizeof(struct sockaddr);
		if((new_sockfd=accept(sockfd, (struct sockaddr *)(&client_addr), &sin_size)) == -1) {
			fprintf(stderr, "accept error %san", strerror(errno));
			exit(1);
		}
		fprintf(stderr, "server get connection from %sn", inet_ntoa(client_addr.sin_addr));
		if(write(new_sockfd, hello, strlen(hello)) == -1) {
			fprintf(stderr, "write to client error %san", strerror(errno));
			close(new_sockfd);
			continue;
		}
		close(new_sockfd);
	}
	close(sockfd);
	return 0;
}
root@bt:~/c/network# cat client.c
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
int main(int argc, char **argv)
{
	struct sockaddr_in server_addr;
	int	sockfd, port, nbytes;
	char	buffer[1024];
	struct hostent *host;
	if(argc != 3) {
		fprintf(stderr, "Usage:%s hostname port", argv[0]);
		exit(1);
	}
	if((host=gethostbyname(argv[1])) == NULL) {
		fprintf(stderr, "gethostbyname error %sna", strerror(errno));
		exit(1);
	}
	if((port=atoi(argv[2])) < 0) {
		fprintf(stderr, "port input errorna");
		exit(1);
	}
	if((sockfd=socket(AF_INET, SOCK_STREAM, 0)) == -1 ){
		fprintf(stderr, "socket error %sna", strerror(errno));
		exit(1);
	}
	bzero(&server_addr, sizeof(struct sockaddr_in));
	server_addr.sin_family = AF_INET;
	server_addr.sin_addr.s_addr=inet_addr(argv[1]);
	server_addr.sin_port = htons(port);
	if(connect(sockfd, (struct sockaddr *)(&server_addr), sizeof(struct sockaddr )) == -1) {
		fprintf(stderr, "connect error %sna", strerror(errno));
		exit(1);
	}
	if((nbytes=read(sockfd, buffer, 1024)) == -1) {
		fprintf(stderr, "read sockfd error %sna", strerror(errno));
		exit(1);
	}
	buffer[nbytes]='0';
	printf("buffer=[%s]n", buffer);
	close(sockfd);
	return 0;
}
root@bt:~/c/network# cat Makefile
all:server client
server:server.c
	gcc $^ -o $@
client:client.c
	gcc $^ -o $@