
       				LibExploit API V 0.1a
               		        ---------------------

 - Introduction
 - Defines
 - Global Variables
 - Functions	
 - Shellcodes

<<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>>
 - Introduction
 --------------

	This file contains all the defines, global variables and functions
  declared in the LibExploit library. Use this file to learn what you
  can use to write your exploits :) 

	If something is not clear, read the source code!!

	IMPORTANT : Read the ADMmutate API to know how to use it, 
  because is not explained here. There is no point in repeating myself!! 

<<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>>
 - Defines
 ---------

	This section explains the "defines" already defined in 
   LibExploit library.

   () #define LIBXPLOITVER
	Current version of LibExploit.

   () #define NOP
	The common 0x90 :)

   () #define NOP_SIZE
	The NOP size, current 1 for x86 and 4 for sparc.

   () #define BIN
	Defines /bin.	

   () #define SH
	Defines /sh.
	
   () #define BASH
	Defines /bash.
	
   () #define BINSH
	Defines /bin/sh.
		
   () #define BINBASH 
	Defines /bin/bash.
	
   () #define ZERO
	As the define implies 0 :)
	
   () #define MAX1024
        To stablish buffer of 1024.
	
   () #define FTP
	FTP port.	

   () #define SSH
	SSH port.

   () #define TELNET
	Telnet port.
	
   () #define SMTP
	SMTP port.
	
   () #define DNS
	DNS port.
	
   () #define HTTP
	HTTP port.

   () #define POP
	POP port.	

   () #define IDENT	
	IDENT port.

   () #define IMAP	
	IMAP port.

   () #define TOTALSHELL
	Number of all the shells avaliable.	

   () #define YES
	YES = 1;

   () #define NO	
	NO = 0;

   () #define TESTEXPLOIT
	A set of command to test if shell is given by an
	exploit. Nice for FTP exploits. (cd /; uname -a; pwd; id;\n)

<<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>>
 - Global Variables
 ------------------

	This section explains the global variables declared in 
   LibExploit library.

   () static char nop[]
	Another declaring of NOP operation. "\x90" for x86 and
	"0xac15a16e" for sparc.

<<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>>
 - Functions	
 -----------

	This section explains the functions declared in 
   LibExploit library. Use them wise ;)

   () unsigned long LibExploit_Getesp();
	Return the esp on the system. Both for x86 and sparc.

   () int LibExploit_Connect(char *host, int port);
	Connect to a given host on given port.
	Return -1 if it fails.		
	
   () void LibExploit_Write(int Sock, char *msg);
	Write data to the socket.

   () unsigned long LibExploit_Resolve(char *host);
	Resolve hostname.
	Return -1 if it fails.
	
   () void LibExploit_Loginftp(int Sock, char *user, char *pass);
	Do the ftp login procress.

   () void LibExploit_InfoShell(int numshell) 
	Display a shell info given by shell number on the screen.

   () void LibExploit_Runshell(int numshell)
	Run a shell given by shell number.

   () char *LibExploit_GiveHexShell(int numshell)
	Return the shellcode itself given by shell number.
	Return NULL if fail.

   () int LibExploit_GiveSizeShell(int numshell)	
	Return the shellcode size given by shell number.
	Return -1 if fail.

   () char *LibExploit_GiveNameShell(int numshell)
	Return the shellcode name given by shell number.
	Return NULL if fail.

   () char *LibExploit_GiveOsShell(int numshell)
	Return the shellcode OS given by shell number.
	Return NULL if fail.
	
   () char *LibExploit_GivePlatformShell(int numshell)
	Return the shellcode platform given by shell number.
	Return NULL if fail.	

   () char *LibExploit_GiveTypeShell(int numshell)
	Return the shellcode type given by shell number.
	Return NULL if fail. 		

   () int LibExploit_Send(int Sock, const char *msg)
	Send data via socket.
	Return -1 if fail.

   () int LibExploit_Close(int Sock)
	Close a socket.
	Return -1 if fail and 0 if success.

   () int LibExploit_Calculateret(char *shell, char *path)
	Calculate the return address, using the env technique.

   () void LibExploit_DisplayShell(char *shell, int len)
	Display on the screen the shellcode in hex format. It will
        stop if it founds a 0x00.

   () int LibExploit_CheckShell(char *shell, int len)
	Check if shellcode have 0x00.	(BROKEN!)

   ()  int LibExploit_Max(int x, int y)
	Return the biggest between x and y.

   () void LibExploit_DoShell(int Soc, char *test)
	Check if shell was given by exploit. Nice for FTP exploits. In
	test put the command to check. (Ex. TESTEXPLOIT).	

   () int LibExploit_GetLocalOS(char *host)
	Check if given OS is the current local host.	

   () int LibExploit_GetLocalPlatform(char *host)
	Check if given platform is the current local host.	

   () int LibExploit_Read(int Sock, char dt[MAX1024])
	Read data from a socket.

   () int LibExploit_CheckBanner(int Sock, char str[MAX1024])		
	Check if banner have the "str" string.
	Return 1 if success or -1 if fails.

   () char *LibExploit_MakeTrash(char car, int size)
	Return a buffer of the size filled by a defined character.	

   () void LibExploit_MakeTolower(char *data, int size)
	Make buffer to lower.

   () void LibExploit_MakeToupper(char *data, int size)
	Make buffer to upper.

<<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>>
 - Shellcodes
 ------------

	This section explains the shellcodes declared in 
   LibExploit library.

  	Current number of shell at your disposal : 21
		
  () static struct Exploit_Shell ShellCodes[]
	Structure with all the shellcodes information.
	Members of the structure are:

	int num    : Number of the shellcode. (1,2,3, etc...)
	char *os   : OS shellcode. (linux, win, etc...)	
	char *platform : Platform shellcode (x86, sparc, etc...)
        char *type : Type of shellcode. (/bin/sh shell, portbinding, etc...) 
	char *name : Name of the shellcode. (Linux_x86_Binsh, etc...)
	int size   : Size of shellcode. (45, 129, etc...)

  # Shell Number 1		
  () static char Linux_x86_Binsh[]
	A common /bin/sh shell for Linux/x86.

  # Shell Number 2		
  () static char Linux_x86_PortBinding[]
	A portbinding linux shell on port 3879 for Linux/x86.

  # Shell Number 3
  () static char Linux_x86_Chroot[]
	A shellcode that breaks chroot for Linux/x86.

  # Shell Number 4 
  () static char Linux_x86_TolowerShell[]
	A shellcode that performs tolower evasion and
        drops a /bin/sh shell for Linux/x86.

  # Shell Number 5		
  () static char Linux_x86_ToupperShell[]
	A shellcode that performs toupper evasion and
        drops a /bin/sh shell for Linux/x86.

  # Shell Number 6
  () static char FreeBSD_x86_Binsh[]
	A common /bin/sh shell for FreeBSD/x86.

  # Shell Number 7 
  () static char BSDi_x86_Binsh[]
	A common /bin/sh shell for BSDi/x86.	

  # Shell Number 8 
  () static char BSDi_x86_ToupperShell[]
	A shellcode that performs toupper evasion and
        drops a /bin/sh shell for BSDi/x86.

  # Shell Number 9
  () static char HPUX_Binsh[]
	A common /bin/sh shell for HP-UX.

  # Shell Number 10
  () static char UnixWare_Binsh[]
	A common /bin/sh shell for UnixWare.

  # Shell Number 11
  () static char Solaris_x86_Binsh[]
	A setuid and execve /bin/sh shell for solaris/x86.

  # Shell Number 12
  () static char Linux_Sparc_Binsh[]
	A setuid and execve /bin/sh shell for Linux/Sparc.

  # Shell Number 13
  () static char Linux_Sparc_TolowerShell[]
	A setreuid and execve /bin/sh shell with tolower() for
        Linux/Sparc.

  # Shell Number 14
  () static char Solaris_Sparc_Binsh[]
	A common /bin/sh shell for Solaris/Sparc.

  # Shell Number 15
  () static char NetBSD_x86_Binsh[]
	A common /bin/sh shell for NetBSD/x86.

  # Shell Number 16
  () static char Windows_x86_PortBinding
	A portbinding windows shell on port 7788 for Windows/x86.
		
  # Shell Number 17
  () static char Irix_MIPS_Binsh
	A common /bin/sh shell for Irix/MIPS.
	
  # Shell Number 18
  () static char Linux_x86_RootPass
	Adds a root password for Linux/x86.

  # Shell Number 19
  () static char OpenBSD_x86_RootPass
	Adds a root password for OpenBSD/x86.
 	
  # Shell Number 20
  () static char SCO_Binsh
	A common /bin/sh shell for SCO.

  # Shell Number 21
  () static char SCO_Chroot
	A shellcode that breaks chroot for SCO.
	
<<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>>
<<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>><<>>

