hhc0null/tiny_bash.c

## tiny_bash.c
/*
 bash

 just another super-puper secure shell

 nc bash.2015.volgactf.ru 7777
 tiny_bash[http://files.2015.volgactf.ru/bash/tiny_bash]
 */

char *bss_602140h[] = {"flag", "bash", "python", "netcat", "perl", "args", "pico", "echo", "grep", "find", "sudo", "system", "exec", "regexp", "tail", "head", "less", "more"};

void reap_exited_processes(arg_0)
{
    // Local variables.
    rbp_14h;

    rbp_14h = arg_0;
    do {
        rbp_04h = waitpid(-1, NULL, WHONOHANG);
    } while(rbp_04h == 0 || rbp_04h == -1);
}


void sock_send(int arg_0, char *arg_8)
{
    // Local variables.
    char *rbp_10h;
    int rbp_04h;

    rbp_04h = arg_0;
    rbp_10h = arg_8;
    sned(rbp_04h, rbp_10h, strlen(rbp_10h), 0);
}

int check_command(char *arg_0)
{
    // Local variables.
    char *rbp_18h;
    char **rbp_08h;

    rbp_18h = arg_0;
    for(rbp_08h = bss_602140h; *rbp_08h; rbp_08h++) {
        if(strstr(rbp_18h, *rbp_08h)) return 0;
    // ->>
    }
    return 1;
}

void process_connection(int arg_0)
{
    // Local variables.
    int rbp_54h;
    int rbp_48h;
    char rbp_40h[0x10];
    char rbp_30h[0x10];

    rbp_54h = arg_0;
    memset(rbp_30h, '\0', 0x10);
    sock_send(rbp_54h, "Welcome to our small secure shell.You are disallowed to execute several types ofcommands.Are you able to bypass these restrictions?\n");
    while(true) {
        sock_send(rbp_54h, ">> ");
        memset(rbp_40h, '\0', 0x10);
        rbp_48h = recv(rbp_54h, rbp_40h, 0xf, 0);
        if(rbp_48h <= 0) {
            fwrite("Failed to read socket\n", 1, 0x16, stderr);
            return -1;
        }
        rbp_40h[rbp_48h] = '\0';
        printf("User request: %s\n", rbp_40h);
        if(!check_command(rbp_40h)) {
            sock_send(rbp_54h, "This command is prohibited.\n");
        } else {
            memcpy(rbp_30h, rbp_40h, rbp_48h);
            if(system(rbp_30h) != -1) continue;
            sock_send(rbp_54h, "This command is incorrect.\n");
        }
    }
}

int main(void)
{
    // ...
    rbp_ech = fork();
    if(rbp_ech == 0) {
        process_connection(rbp_f0h);
        close(rbp_f0h);
        close(rbp_f4h);
        exit(EXIT_SUCCESS);
    }
    // ...
}
	/*
	bash

	just another super-puper secure shell

	nc bash.2015.volgactf.ru 7777
	tiny_bash[http://files.2015.volgactf.ru/bash/tiny_bash]
	*/

	char *bss_602140h[] = {"flag", "bash", "python", "netcat", "perl", "args", "pico", "echo", "grep", "find", "sudo", "system", "exec", "regexp", "tail", "head", "less", "more"};

	void reap_exited_processes(arg_0)
	{
	// Local variables.
	rbp_14h;

	rbp_14h = arg_0;
	do {
	rbp_04h = waitpid(-1, NULL, WHONOHANG);
	} while(rbp_04h == 0 \|\| rbp_04h == -1);
	}


	void sock_send(int arg_0, char *arg_8)
	{
	// Local variables.
	char *rbp_10h;
	int rbp_04h;

	rbp_04h = arg_0;
	rbp_10h = arg_8;
	sned(rbp_04h, rbp_10h, strlen(rbp_10h), 0);
	}

	int check_command(char *arg_0)
	{
	// Local variables.
	char *rbp_18h;
	char **rbp_08h;

	rbp_18h = arg_0;
	for(rbp_08h = bss_602140h; *rbp_08h; rbp_08h++) {
	if(strstr(rbp_18h, *rbp_08h)) return 0;
	// ->>
	}
	return 1;
	}

	void process_connection(int arg_0)
	{
	// Local variables.
	int rbp_54h;
	int rbp_48h;
	char rbp_40h[0x10];
	char rbp_30h[0x10];

	rbp_54h = arg_0;
	memset(rbp_30h, '\0', 0x10);
	sock_send(rbp_54h, "Welcome to our small secure shell.You are disallowed to execute several types ofcommands.Are you able to bypass these restrictions?\n");
	while(true) {
	sock_send(rbp_54h, ">> ");
	memset(rbp_40h, '\0', 0x10);
	rbp_48h = recv(rbp_54h, rbp_40h, 0xf, 0);
	if(rbp_48h <= 0) {
	fwrite("Failed to read socket\n", 1, 0x16, stderr);
	return -1;
	}
	rbp_40h[rbp_48h] = '\0';
	printf("User request: %s\n", rbp_40h);
	if(!check_command(rbp_40h)) {
	sock_send(rbp_54h, "This command is prohibited.\n");
	} else {
	memcpy(rbp_30h, rbp_40h, rbp_48h);
	if(system(rbp_30h) != -1) continue;
	sock_send(rbp_54h, "This command is incorrect.\n");
	}
	}
	}

	int main(void)
	{
	// ...
	rbp_ech = fork();
	if(rbp_ech == 0) {
	process_connection(rbp_f0h);
	close(rbp_f0h);
	close(rbp_f4h);
	exit(EXIT_SUCCESS);
	}
	// ...
	}