diff --git a/dev/materials/msf3_internals_training/diagrams/Diagrams.vsd b/dev/materials/msf3_internals_training/diagrams/Diagrams.vsd new file mode 100755 index 0000000000..849d6ad0af Binary files /dev/null and b/dev/materials/msf3_internals_training/diagrams/Diagrams.vsd differ diff --git a/dev/materials/msf3_internals_training/diagrams/flowcharts.vsd b/dev/materials/msf3_internals_training/diagrams/flowcharts.vsd new file mode 100755 index 0000000000..9d29211784 Binary files /dev/null and b/dev/materials/msf3_internals_training/diagrams/flowcharts.vsd differ diff --git a/dev/materials/msf3_internals_training/ruby/RubyCheat1.png b/dev/materials/msf3_internals_training/ruby/RubyCheat1.png deleted file mode 100644 index d1b807531e..0000000000 Binary files a/dev/materials/msf3_internals_training/ruby/RubyCheat1.png and /dev/null differ diff --git a/dev/materials/msf3_internals_training/ruby/RubyCheat2.png b/dev/materials/msf3_internals_training/ruby/RubyCheat2.png deleted file mode 100644 index 1f41d30d96..0000000000 Binary files a/dev/materials/msf3_internals_training/ruby/RubyCheat2.png and /dev/null differ diff --git a/dev/materials/msf3_internals_training/tools/srv.c b/dev/materials/msf3_internals_training/tools/srv.c new file mode 100755 index 0000000000..e721a7b101 --- /dev/null +++ b/dev/materials/msf3_internals_training/tools/srv.c @@ -0,0 +1,116 @@ + +/* + * srv.c -- Example server for easy exploiting + * + * Usage: srv + * + * Example: + * + * C:\> srv 1234 + * C:\> nload localhost 1234 -s code.s + * + */ + + + +#include +#include +#include + +#if defined _WIN32 +#include +#pragma comment(lib, "ws2_32.lib") +#else +#include +#include +#include +#include +#include +#endif + +#define SERVER_PORT 5433 +#define MAX_PENDING 1 + + +int ehlo, from; + +/* Main function */ + +int main(int argc, char **argv) { + struct sockaddr_in sin; + char buf[8092], *ptr; + int c, i, len, port; + int s, new_s, bytes; +#if defined _WIN32 + int wsaret; + WSADATA wsaData; +#endif + int (*funct)(); + + + /* Command line parameters */ + if (argv[1]) + port = atoi(argv[1]); + else + port = SERVER_PORT; + +#if defined _WIN32 + /* Initialize winsock */ + wsaret = WSAStartup(0x101, &wsaData); + if(wsaret != 0) + return (0); + + /* Create a socket */ + if ((s = WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP, NULL, 0, 0)) < 0) { + fprintf(stderr, "%s: WSASocket - %s\n", argv[0], strerror(errno)); + exit(1); + } +#else + if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) { + fprintf(stderr, "%s: socket - %s\n", argv[0], strerror(errno)); + exit(1); + } + +#endif + + /* Initialize the addres data structure */ + memset((void *)&sin, 0, sizeof(sin)); + sin.sin_family = AF_INET; + sin.sin_addr.s_addr = INADDR_ANY; + sin.sin_port = htons(port); + + /* Bind an address to the socket */ + if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) < 0) { + fprintf(stderr, "%s: bind - %s\n", argv[0], strerror(errno)); + exit(1); + } + + /* Set the length of the listen queue */ + if (listen(s, MAX_PENDING) < 0) { + fprintf(stderr, "%s: listen - %s\n", argv[0], strerror(errno)); + exit(1); + } + + + len = sizeof(sin); + new_s = accept(s, (struct sockaddr *)&sin, &len); + + memset(buf, 0, sizeof(buf)); + bytes = recv(new_s, buf, sizeof(buf), 0); + + printf("recv'd %d\n", bytes); + + + /* Run the code */ + fprintf(stderr,"Oops.. I'm 0wned.\n"); + + __asm mov edi, new_s + + funct = (int (*)()) buf; + (int)(*funct)(); + + return (0); + +} + + diff --git a/dev/materials/msf3_internals_training/tools/srv.exe b/dev/materials/msf3_internals_training/tools/srv.exe new file mode 100755 index 0000000000..2b4b714baa Binary files /dev/null and b/dev/materials/msf3_internals_training/tools/srv.exe differ