pavi2410/__rce_udp__.md

## __rce_udp__.md

      
    Raw
  

              __rce_udp__.md
            
          
    RCE using UDP


## client.c
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <arpa/inet.h>

int main() {

	struct sockaddr_in server_addr;

	server_addr.sin_family = AF_INET;
	server_addr.sin_port = htons(3000);
	server_addr.sin_addr.s_addr = inet_addr("127.0.0.1");

	int sockfd;
	if ((sockfd = socket(PF_INET, SOCK_DGRAM, 0)) < 0) {
		printf("couldn't create socket\n");
		return 1;
	}
	printf("socket created\n");

	while (1) {
		char msg[100];
		printf("client> ");
		scanf("%[^\n]%*c", msg);

		if (strcmp(buffer, "bye") == 0) {
			printf("exiting...\n");
			break;
		}

		int len = sendto(sockfd, msg, strlen(msg), 0, (struct sockaddr *) &server_addr, sizeof(server_addr));

		char buffer[100];
		recvfrom(sockfd, buffer, len, 0, NULL, NULL);
		buffer[len] = 0;

		printf("server> %s\n", buffer);
	}

	close(sockfd);

	return 0;
}

## server.c
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>

int main() {

	struct sockaddr_in server_addr;

	server_addr.sin_family = AF_INET;
	server_addr.sin_port = htons(3000);
  	server_addr.sin_addr.s_addr = htonl(INADDR_ANY);

	int sockfd;
	if ((sockfd = socket(PF_INET, SOCK_DGRAM, 0)) < 0) {
		printf("couldn't create socket\n");
		return 1;
	}
	printf("socket created\n");

	if (bind(sockfd, (struct sockaddr *) &server_addr, sizeof(server_addr)) < 0) {
		printf("couldn't bind socket\n");
		return 1;
	}
	printf("bind at port 3000\n");

	struct sockaddr_in client_addr;
	int client_addr_size = sizeof(client_addr);

	while (1) {
		char buffer[100];
		int len = recvfrom(sockfd, buffer, sizeof(buffer), 0, (struct sockaddr *) &client_addr, &client_addr_size);
		buffer[len] = 0;

		printf("client> %s\n", buffer);

		if (strcmp(buffer, "bye") == 0) {
			printf("exiting...\n");
			break;
		}

		// execute command and send output

		FILE *fp;
        char out[1024];

        fp = popen(buffer, "r");
        if (fp == NULL) {
            printf("Failed to run command\n");
            exit(1);
        }

        while (fgets(out, sizeof(out), fp) != NULL) {
            sendto(sockfd, out, sizeof(out), 0, (struct sockaddr *) &client_addr, sizeof(client_addr));
        }

        pclose(fp);
	}

	close(sockfd);

	return 0;
}
	#include <stdio.h>
	#include <stdlib.h>
	#include <unistd.h>
	#include <errno.h>
	#include <string.h>
	#include <sys/types.h>
	#include <sys/socket.h>
	#include <netinet/in.h>
	#include <netdb.h>
	#include <arpa/inet.h>

	int main() {

	struct sockaddr_in server_addr;

	server_addr.sin_family = AF_INET;
	server_addr.sin_port = htons(3000);
	server_addr.sin_addr.s_addr = inet_addr("127.0.0.1");

	int sockfd;
	if ((sockfd = socket(PF_INET, SOCK_DGRAM, 0)) < 0) {
	printf("couldn't create socket\n");
	return 1;
	}
	printf("socket created\n");

	while (1) {
	char msg[100];
	printf("client> ");
	scanf("%[^\n]%*c", msg);

	if (strcmp(buffer, "bye") == 0) {
	printf("exiting...\n");
	break;
	}

	int len = sendto(sockfd, msg, strlen(msg), 0, (struct sockaddr *) &server_addr, sizeof(server_addr));

	char buffer[100];
	recvfrom(sockfd, buffer, len, 0, NULL, NULL);
	buffer[len] = 0;

	printf("server> %s\n", buffer);
	}

	close(sockfd);

	return 0;
	}