plunder 2.0.0a

data/ext/fsdb/hash.c

@@ -0,0 +1,140 @@
+// 
+// Plunder - SMB scanning and auditing tool
+// Copyright (C) 2017 Joshua Stone
+// 
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License
+// as published by the Free Software Foundation; either version 2
+// of the License, or (at your option) any later version.
+// 
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+// 
+// You should have received a copy of the GNU General Public License
+// along with this program; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+// 
+
+#include "hash.h"
+
+int score(char *string, int bins) {
+  unsigned long hash = 5381;
+  int c;
+  while((c = *string++)) {
+    hash = ((hash << 5) + hash) + c;
+  }
+  return hash % bins;
+}
+
+hash hash_init(uint32_t size) {
+  hash h;
+
+  h.bins  = (cons **) malloc(size * sizeof(cons*));
+  h.count = 0;
+  h.size  = size;
+
+  memset(h.bins, 0, size * sizeof(cons*));
+
+  return h;
+}
+
+cons *hash_get(hash h, char *s) {
+  uint32_t index = score(s, h.size);
+  if(h.bins[index] != NULL) {
+    return h.bins[index];
+  } else {
+    return 0;
+  }
+}
+
+void hash_put(hash *h, char *s, uint32_t value) {
+  uint32_t index = score(s, h->size);
+  cons *c;
+
+  c = (cons *) malloc(sizeof(cons));
+
+  c->index = value;
+  c->next  = h->bins[index];
+
+  h->bins[index] = c;
+  h->count++;
+}
+
+void hash_info(hash h) {
+  int size =
+    sizeof(hash) +
+    sizeof(cons*) * h.size +
+    sizeof(cons)  * h.count;
+
+  printf("\nHash Info:\n\n");
+
+  printf("Hash size:     %d MB\n", megabytes(size));
+  printf("Hash bins:     %d\n",    h.size);
+  printf("Hash entries:  %d\n",    h.count);
+
+  putchar(10);
+}
+
+void hash_free(hash h) {
+  for(int i = 0; i < h.size; i++) {
+    cons *node = h.bins[i];
+    cons *next;
+    while(node) {
+      next = node->next;
+      free(node);
+      node = next;
+    }
+  }
+}
+
+int hash_count_nodes(hash h, int bin) {
+  int count = 0;
+  cons *node = h.bins[bin];
+  while(node) {
+    count++;
+    node = node->next;
+  }
+  return count;
+}
+
+void hash_write(hash h, FILE *fd) {
+  fwrite(&h, sizeof(hash), 1, fd);
+  for(uint32_t i = 0; i < h.size; i++) {
+    uint32_t count = hash_count_nodes(h, i);
+    if(count > 0) {
+      fwrite(&i,     sizeof(uint32_t), 1, fd);
+      fwrite(&count, sizeof(uint32_t), 1, fd);
+      
+      cons *node = h.bins[i];
+      while(node) {
+	fwrite(&node->index, sizeof(uint32_t), 1, fd);
+	node = node->next;
+      }
+    }
+  }
+}
+
+hash hash_read(FILE *fd) {
+  uint32_t bin, count;
+  hash h;
+
+  fread(&h, sizeof(hash), 1, fd);
+  h.bins  = (cons **) malloc(h.size * sizeof(cons*));
+  memset(h.bins, 0, h.size * sizeof(cons*));
+
+  while(!feof(fd)) {
+    fread(&bin,   sizeof(uint32_t), 1, fd);
+    fread(&count, sizeof(uint32_t), 1, fd);
+    for(; count > 0; count--) {
+      cons *node;
+      node = (cons *) malloc(sizeof(cons));
+      fread(&node->index, sizeof(uint32_t), 1, fd);
+      node->next = h.bins[bin];
+      h.bins[bin] = node;
+    }
+  }
+
+  return h;
+}

data/ext/fsdb/hash.h

@@ -0,0 +1,52 @@
+// 
+// Plunder - SMB scanning and auditing tool
+// Copyright (C) 2017 Joshua Stone
+// 
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License
+// as published by the Free Software Foundation; either version 2
+// of the License, or (at your option) any later version.
+// 
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+// 
+// You should have received a copy of the GNU General Public License
+// along with this program; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+// 
+
+#ifndef HASH_H
+#define HASH_H
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+
+#include "utilities.h"
+
+#pragma pack(4)
+
+typedef struct cons {
+  uint32_t     index;
+  struct cons *next;
+} cons;
+
+typedef struct hash {
+  cons     **bins;
+  uint32_t   count;
+  uint32_t   size;
+} hash;
+
+hash hash_init(uint32_t size);
+cons *hash_get(hash h,  char *s);
+void hash_put(hash *h, char *s, uint32_t value);
+void hash_info(hash h);
+void hash_free(hash h);
+int hash_count_nodes(hash h, int bin);
+void hash_write(hash h, FILE *fd);
+hash hash_read(FILE *fd);
+
+#endif

data/ext/fsdb/test.c

@@ -0,0 +1,90 @@
+// 
+// Plunder - SMB scanning and auditing tool
+// Copyright (C) 2017 Joshua Stone
+// 
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License
+// as published by the Free Software Foundation; either version 2
+// of the License, or (at your option) any later version.
+// 
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+// 
+// You should have received a copy of the GNU General Public License
+// along with this program; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+// 
+
+#include <stdio.h>
+#include <stdint.h>
+#include <time.h>
+#include <ctype.h>
+
+#include "vault.h"
+#include "utilities.h"
+#include "hash.h"
+#include "fsdb-c.h"
+
+int main(int argc, char **argv) {
+  char line[1024];
+
+  printf("\nStarting FSDB test program\n");
+
+  fsdb f = fsdb_init(1 << 18);
+
+  printf("Vault starts at %p\n", f.strings.base);
+
+  FILE *in = fopen("../../data/test.log", "r");
+
+  while(fgets(line, 1023, in)) { // && count++ < 1000) {
+    line[strlen(line) - 1] = '/';
+    fsdb_insert_path(&f, line);
+  }
+
+  fclose(in);
+  
+  hexdump(f.strings.base, 256);
+  hexdump(f.paths.base,   256);
+  hexdump(f.index.base,   256);
+
+  vault_info(f.strings, "String");
+  vault_info(f.paths,   "Path");
+  vault_info(f.index,   "Index");
+  hash_info(f.hash);
+
+  printf("Testing read of %d path names... ", f.count);
+  fflush(stdout);
+  clock_t start = clock();
+  for(int i = 1; i < f.count; i++) {
+    char *name = fsdb_get_id(f, i);
+    for(char *p = name; *p; p++) *p = tolower(*p);
+    if(strstr(name, "web.config")) {
+      puts(name);
+    }
+    free(name);
+  }
+  clock_t end = clock();
+  printf("done (%5.2f sec ).\n", (double)(end - start) / CLOCKS_PER_SEC);
+
+  printf("\nThere are %d paths in the system.\n", f.index.count);
+  printf("Type an index at the prompt to see a path.\n");
+  printf("^d at the prompt to exit.\n\n");
+
+  while(1) {
+    printf("\x1b[34;1mplunder \x1b[31;1m$\x1b[0m ");
+    fflush(stdout);
+    
+    if(!fgets(line, 1023, stdin)) {
+      break;
+    }
+    
+    char *name = fsdb_get_id(f, atoi(line));
+    printf("%s\n", name);
+    free(name);
+  }
+
+  putchar(10);
+  printf("Exiting FSDB test program\n\n");
+}

data/ext/fsdb/utilities.c

@@ -0,0 +1,125 @@
+// 
+// Plunder - SMB scanning and auditing tool
+// Copyright (C) 2017 Joshua Stone
+// 
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License
+// as published by the Free Software Foundation; either version 2
+// of the License, or (at your option) any later version.
+// 
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+// 
+// You should have received a copy of the GNU General Public License
+// along with this program; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+// 
+
+#include "utilities.h"
+
+// --------------------------------------------------------------
+// Contents:
+//
+//    1. Hexdump utility
+//    2. Numeric utilities
+//
+// --------------------------------------------------------------
+
+// --------------------------------------------------------------
+// 1. Hexdump utility
+//
+// The following code provides a color-coded hex dump utility
+// so that in testing the program, the user can easily observe
+// the contents of memory.
+// --------------------------------------------------------------
+
+#define PRINTABLE(c) (c >= ' ' && c <= '~')
+
+#define COL_PREFIX  "\x1b[38;5;"
+#define COL_SUFFIX  "m"
+#define COL_RESET   "\x1b[0m"
+
+#define COL_NULL    243
+#define COL_CTRL    209
+#define COL_PUNCT    69
+#define COL_NUMS    105
+#define COL_CAPS    141
+#define COL_MINS    177
+#define COL_HYPER    76
+#define COL_OTHER   231
+
+int hexdump_cur_col = COL_OTHER;
+
+int get_color(char c) {
+  if(c == 0)        { return COL_NULL;  }     // NULLs are special
+  else if(c < ' ')  { return COL_CTRL;  }     // control chars
+  else if(c < '0')  { return COL_PUNCT; }     // punctuation
+  else if(c < ':')  { return COL_NUMS;  }     // numbers
+  else if(c < 'A')  { return COL_PUNCT; }     // more punctuation
+  else if(c < '[')  { return COL_CAPS;  }     // capital letters
+  else if(c < 'a')  { return COL_PUNCT; }     // more punctuation
+  else if(c < '{')  { return COL_MINS;  }     // miniscule letters
+  else if(c < 0x7f) { return COL_PUNCT; }     // even more punctuation
+  else { return COL_HYPER; }                  // hyper-ASCII
+}
+
+void print_hex(char c) {
+  int color = get_color(c);
+  
+  if(color != hexdump_cur_col) {
+    printf("%s%d%s", COL_PREFIX, color, COL_SUFFIX);
+    hexdump_cur_col = color;
+  }
+
+  printf("%02x ", c & 0xff);
+}
+
+void hexdump(void *ptr, uint32_t len) {
+  char     *cursor;
+  char     *end;
+  uint32_t  offset;
+  char      line[17];
+  int       i;
+
+  line[16] = 0;
+  offset   = 0;
+  end      = ptr + len;
+
+  printf("\nHex dump starting at %p:\n\n", ptr);
+
+  for(cursor = (char *)ptr; cursor < end; ) {
+    memset(line, ' ', 16);
+    printf(" # %06x : ", offset);
+
+    for(i = 0; i < 16 && cursor < end; i++, cursor++, offset++) {
+      print_hex((*cursor) & 0xff);
+      line[i] = PRINTABLE(*cursor) ? *((char *)cursor) : '.';
+    }
+    
+    for(; i < 16; i++) {
+      printf("   ");
+    }
+
+    printf(" %s[%s]\n", COL_RESET, line);
+    hexdump_cur_col = COL_OTHER;
+  }
+  
+  putchar(10);
+}
+
+// --------------------------------------------------------------
+// 2. Numeric utilities
+//
+// Functions for juggling numbers in C that can get annoying
+// because of type casting, etc.
+// --------------------------------------------------------------
+
+float percentage(int a, int b) {
+  return 100.0 * (float) a / (float) b;
+}
+
+int megabytes(int bytes) {
+  return bytes >> 20;
+}

data/ext/fsdb/utilities.h

@@ -0,0 +1,32 @@
+// 
+// Plunder - SMB scanning and auditing tool
+// Copyright (C) 2017 Joshua Stone
+// 
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License
+// as published by the Free Software Foundation; either version 2
+// of the License, or (at your option) any later version.
+// 
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+// 
+// You should have received a copy of the GNU General Public License
+// along with this program; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+// 
+
+#ifndef UTILITIES_H
+#define UTILITIES_H
+
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+void hexdump(void *ptr, uint32_t len);
+float percentage(int a, int b);
+int megabytes(int bytes);
+
+#endif

data/ext/fsdb/vault.c

@@ -0,0 +1,78 @@
+// 
+// Plunder - SMB scanning and auditing tool
+// Copyright (C) 2017 Joshua Stone
+// 
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License
+// as published by the Free Software Foundation; either version 2
+// of the License, or (at your option) any later version.
+// 
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+// 
+// You should have received a copy of the GNU General Public License
+// along with this program; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+// 
+
+#include "vault.h"
+
+vault vault_init(uint32_t size) {
+  vault v;
+
+  v.base   = (uint8_t *) malloc(size);
+  v.top    = 4;
+  v.count  = 0;
+  v.size   = size;
+
+  memset(v.base, 0, size);
+
+  v.base[0] = 0xaa;
+  v.base[1] = 0xbb;
+  v.base[2] = 0xcc;
+  v.base[3] = 0xdd;
+
+  return v;
+}
+
+uint8_t *vault_get(vault v, uint32_t offset) {
+  return v.base + offset;
+}
+
+uint32_t vault_insert_bytes(vault *v, void *p, uint32_t bytes) {
+  uint8_t *location;
+
+  while(v->top + bytes >= v->size) {
+    v->size = v->size * 3 / 2;
+    v->base = (uint8_t *) realloc(v->base, v->size);
+  }
+
+  location = v->base + v->top;
+  memcpy(location, p, bytes);
+  v->top   += bytes;
+  v->count += 1;
+
+  return location - v->base;
+}
+
+uint32_t vault_insert_string(vault *v, char *s) {
+  uint32_t len = strlen(s) + 1;
+
+  return vault_insert_bytes(v, s, len);
+}
+
+void vault_info(vault v, char *name) {
+  printf("\nVault '%s' Info:\n\n", name);
+  printf("Base Pointer:  %p\n", v.base);
+  printf("Top index:     %d\n", v.top);
+  printf("Entry count:   %d\n", v.count);
+  printf("Buffer size:   %d MB\n", megabytes(v.size));
+  printf("Capacity:      %5.2f%%\n", percentage(v.top, v.size));
+  putchar(10);
+}  
+
+void vault_free(vault v) {
+  free(v.base);
+}