Introduction
Introduction Statistics Contact Development Disclaimer Help
bitreich-httpd.c - bitreich-httpd - Bitreich HTTPD service
git clone git://bitreich.org/bitreich-httpd git://enlrupgkhuxnvlhsf6lc3fziv5h2h…
Log
Files
Refs
Tags
README
LICENSE
---
bitreich-httpd.c (9015B)
---
1 /*
2 * Copy me if you can.
3 * by 20h
4 */
5
6 #include <unistd.h>
7 #include <stdio.h>
8 #include <stdlib.h>
9 #include <time.h>
10 #include <sys/types.h>
11 #include <sys/stat.h>
12 #include <fcntl.h>
13 #include <string.h>
14 #include <strings.h>
15 #include <sys/socket.h>
16 #include <sys/wait.h>
17 #include <netdb.h>
18 #include <time.h>
19
20 void *
21 xmalloc(size_t size)
22 {
23 void *p;
24
25 if (!(p = malloc(size))) {
26 perror("malloc");
27 exit(1);
28 }
29
30 return p;
31 }
32
33 void
34 print404(void)
35 {
36 printf("HTTP/1.1 404 Google Broke The Web\r\n");
37 printf("\r\n");
38 }
39
40 void
41 printheaders(char *ctype)
42 {
43 time_t t;
44 char fortunecookie[512];
45 FILE *fcstdout;
46 int fclen = 0;
47
48 bzero(fortunecookie, sizeof(fortunecookie));
49 fcstdout = popen("/home/annna/bin/fortune-cookie", "r");
50 if (fcstdout != NULL) {
51 fread(fortunecookie, sizeof(fortunecookie)-1, 1, fcstdou…
52 pclose(fcstdout);
53 fclen = strlen(fortunecookie);
54 if (fclen > 0) {
55 if (fortunecookie[fclen-1] == '\n')
56 fortunecookie[fclen-1] = '\0';
57 }
58 }
59
60 t = time(NULL);
61 if (t > 0)
62 printf("Date: %s", asctime(gmtime(&t)));
63 printf("X-Future: Gopher ftw!\r\n");
64 if (fclen > 0)
65 printf("X-Fortune-Cookie: %s\r\n", fortunecookie);
66 printf("Content-Type: %s\r\n", ctype);
67 printf("X-Irritate: Be irritated.\r\n");
68 printf("X-Use-Gopher: gophers://bitreich.org\r\n");
69 printf("If-By-Whiskey: Terrorist\r\n");
70 printf("X-Powered-By: love\r\n");
71 printf("Permission-Policy: interest-cohort=()\r\n");
72 printf("Fuck-Off: Google\r\n");
73 printf("Server: bitreich-httpd/2.0\r\n");
74 printf("X-Alarm: <script>window.alert(\"Turn off Javascript, it …
75 printf("X-Goat-0: (_(\r\n");
76 printf("X-Goat-1: /_/'_____/)\r\n");
77 printf("X-Goat-2: \" | |\r\n");
78 printf("X-Goat-3: |\"\"\"\"\"\"| \r\n");
79 printf("Host: bitreich.org\r\n");
80 printf("Connection: close\r\n");
81 /* Have some fun with the websters. */
82 printf("X-Fun-Begins: Yes!\r\n");
83 printf("Content-Security: secure\r\n");
84 printf("X-Cachwall-Reason: no reason\r\n");
85 printf("X-Powered-By: binarysec\r\n");
86 printf("X-Here-We-Match: squid\r\n");
87 printf("aessecure-code: Kot\r\n");
88 printf("X-CDN: jup\r\n");
89 printf("X-Backside-Trans: ok\r\n");
90 printf("X-dotDefender-denied: 1\r\n");
91 printf("X-ASPNET-Version: got me\r\n");
92 printf("X-Powered-By-360wzb: Of course!\r\n");
93 printf("asp-id: here I am\r\n");
94 printf("X-Not-Here: cloudfront\r\n");
95 printf("WZWS-RAY: anyu yuuuuu\r\n");
96 printf("Strict-Transport: Prussian\r\n");
97 printf("X-Sucuri-Block: We are sucur!\r\n");
98 printf("gladius_blockchain_driven_cyber_protection_network_sessi…
99 printf("GW-Server: grey.wizard\r\n");
100 printf("X-Cache: wt696969696969cdn\r\n");
101 printf("X-Cache: YUNDUN\r\n");
102 printf("X-Arrested: dosarrest\r\n");
103 printf("X-Instart-Request-ID: dadadadada\r\n");
104 printf("Via: 1.1 varnish\r\n");
105 printf("X-Cachwall-Action: ACTION! SET!\r\n");
106 printf("X-st8id33133: yeah\r\n");
107 printf("X-Sucuri-ID: Curry is tasty.\r\n");
108 printf("X-Varnish: 37337\r\n");
109 printf("X-Powered-By: waf1337\r\n");
110 printf("X-Instart-CacheKeyMod: ahahahahaha\r\n");
111 }
112
113 int
114 servefile(char *path, char *ctype, int sock)
115 {
116 struct stat st;
117 char *sendb, *sendi;
118 size_t bufsiz = BUFSIZ;
119 int len, sent, fd;
120
121 fd = open(path, O_RDONLY);
122 if (fd < 0) {
123 print404();
124 return 1;
125 }
126
127 printf("HTTP/1.1 200 OK\r\n");
128 printheaders(ctype);
129
130 if (fstat(fd, &st) >= 0)
131 if ((bufsiz = st.st_blksize) < BUFSIZ)
132 bufsiz = BUFSIZ;
133
134 printf("Content-Length: %ld\r\n", st.st_size);
135 printf("\r\n");
136 fflush(stdout);
137
138 sendb = xmalloc(bufsiz);
139 while ((len = read(fd, sendb, bufsiz)) > 0) {
140 sendi = sendb;
141 while (len > 0) {
142 if ((sent = write(sock, sendi, len)) < 0) {
143 free(sendb);
144 return 1;
145 }
146 len -= sent;
147 sendi += sent;
148 }
149 }
150 free(sendb);
151
152 return 0;
153 }
154
155 char *
156 read_line(int fd, int *len, int maxread)
157 {
158 char *buf;
159 int r, rbytes;
160
161 buf = xmalloc(maxread+1);
162 memset(buf, 0, maxread+1);
163
164 rbytes = 0;
165 while (rbytes < maxread) {
166 r = read(fd, &buf[rbytes], 1);
167 if (r < 0) {
168 free(buf);
169 return NULL;
170 }
171 if (r == 0)
172 break;
173 if (buf[rbytes] == '\n') {
174 buf[rbytes] = '\0';
175 break;
176 }
177 rbytes += r;
178 }
179
180 *len = rbytes;
181 return buf;
182 }
183
184 int
185 main(int argc, char *argv[])
186 {
187 char *wwwbase, *wwwindex, *request, *ctype, *path, *le_file,
188 *le_base, clienth[NI_MAXHOST], clientp[NI_MAXSERV], *zuc…
189 *requested, *header, *headerval, *hosthdr;
190 int rlen, i, user_agent_script_pid, isxfirefoxai;
191 struct sockaddr_storage clt;
192 socklen_t cltlen = sizeof(clt);
193 time_t tim;
194
195 hosthdr = NULL;
196 user_agent_script_pid = -1;
197
198 wwwbase = "/bitreich/www";
199 wwwindex = "index.html";
200
201 le_base = "/br/www/uacme";
202 zuccbase = "/br/www/zuccless";
203
204 if (!getpeername(0, (struct sockaddr *)&clt, &cltlen)) {
205 if (getnameinfo((struct sockaddr *)&clt, cltlen, clienth,
206 sizeof(clienth), clientp, sizeof…
207 NI_NUMERICHOST|NI_NUMERICSERV)) {
208 clienth[0] = clientp[0] = '\0';
209 }
210 if (!strncmp(clienth, "::ffff:", 7))
211 memmove(clienth, clienth+7, strlen(clienth)-6);
212 } else {
213 clienth[0] = clientp[0] = '\0';
214 }
215
216 request = read_line(0, &rlen, 512);
217 if (request == NULL)
218 return 1;
219 if (request[rlen-1] == '\r')
220 request[rlen-1] = '\0';
221
222 /* Header parsing. */
223 /* At max read 16 headers. Do not allow DDoS. */
224 isxfirefoxai = 0;
225 for (i = 0; i < 16; i++) {
226 header = read_line(0, &rlen, 512);
227 if (header == NULL || rlen == 0)
228 break;
229 if (header[rlen-1] == '\r') {
230 header[rlen-1] = '\0';
231 if (rlen == 1) {
232 free(header);
233 break;
234 }
235 }
236 headerval = strchr(header, ':');
237 if (headerval == NULL) {
238 free(header);
239 continue;
240 }
241 *headerval = '\0';
242 headerval += 2;
243 if (headerval > (header + rlen)) {
244 free(header);
245 continue;
246 }
247 if (!strcasecmp(header, "user-agent")) {
248 user_agent_script_pid = fork();
249 switch (user_agent_script_pid) {
250 case -1:
251 perror("fork");
252 return 1;
253 case 0:
254 return execl("add-user-agent.sh",
255 "/home/annna/bin/modules/http-us…
256 headerval, 0);
257 }
258 }
259 if (!strcasecmp(header, "host")) {
260 rlen = strlen(headerval);
261 hosthdr = xmalloc(rlen+1);
262 memset(hosthdr, 0, rlen+1);
263 strncpy(hosthdr, headerval, rlen);
264 }
265 if (!strcasecmp(header, "x-firefox-ai")) {
266 isxfirefoxai = 1;
267 ctype = "video/webm";
268 asprintf(&path, "%s/s/aiaiaiai.webm", wwwbase);
269 }
270 free(header);
271 }
272
273 if (strncmp(request, "GET ", 4))
274 return 1;
275
276 if (isxfirefoxai) {
277 } else if (strstr(request, "s/bitreich.sh")) {
278 asprintf(&path, "%s/s/bitreich.sh", wwwbase);
279 ctype = "text/plain";
280 } else if (strstr(request, "favicon.gif")) {
281 asprintf(&path, "%s/s/favicon.gif", wwwbase);
282 ctype = "image/gif";
283 } else if (strstr(request, "deep-thinker.gif")) {
284 asprintf(&path, "%s/s/deep-thinker.gif", wwwbase);
285 ctype = "image/gif";
286 } else if (strstr(request, "startup.mp3")) {
287 asprintf(&path, "%s/s/startup.mp3", wwwbase);
288 ctype = "audio/mpeg";
289 } else if (strstr(request, "padme-hum.mp3")) {
290 asprintf(&path, "%s/s/padme-hum.mp3", wwwbase);
291 ctype = "audio/mpeg";
292 } else if (strstr(request, "dickbutt")) {
293 asprintf(&path,
294 "/home/annna/bin/locate-cake-hater \"%s\" \"%s\"…
295 clienth, clientp);
296 system(path);
297 free(path);
298 asprintf(&path, "%s/s/dickbutt.jpg", wwwbase);
299 ctype = "image/jpeg";
300 } else if (strstr(request, "bitreich.css")) {
301 asprintf(&path, "%s/s/bitreich.css", wwwbase);
302 ctype = "text/css";
303 } else if (strstr(request, "neko.png")) {
304 asprintf(&path, "%s/s/neko.png", wwwbase);
305 ctype = "image/png";
306 } else if (strstr(request, "snow.js")) {
307 asprintf(&path, "%s/s/snow.js", wwwbase);
308 ctype = "text/javascript";
309 } else if (strstr(request, "ads-prebid-wp-ads-banner.js")) {
310 asprintf(&path, "%s/s/ads-prebid-wp-ads-banner.js", wwwb…
311 ctype = "text/javascript";
312 } else if (strstr(request, "yolo-css-")) {
313 /* We hate CSS in here. */
314 sleep(1);
315 asprintf(&path, "%s/s/yolo-css.css", wwwbase);
316 ctype = "text/css";
317 } else if ((le_file = strstr(request, ".well-known/acme-challeng…
318 /* Setup for Letsencrypt */
319 le_file += strlen(".well-known/acme-challenge/");
320 requested = strtok(le_file, " ");
321 if (strchr(requested, '/') != NULL) {
322 /* Get Zucced, no path exploitation. */
323 asprintf(&path, "%s/zucc-job.webm", zuccbase);
324 ctype = "video/webm";
325 } else {
326 /* Seems legit. */
327 asprintf(&path, "%s/%s", le_base, requested);
328 ctype = "text/plain";
329 }
330 } else {
331 if (hosthdr != NULL && strstr(hosthdr, "zuccless.org")) {
332 tim = time(NULL);
333 srandom(tim);
334 wwwbase = zuccbase;
335 switch (random() % 3) {
336 case 0:
337 asprintf(&path, "%s/zucc-job.webm", zucc…
338 break;
339 default:
340 asprintf(&path, "%s/zucc-meat.webm", zuc…
341 break;
342 }
343 ctype = "video/webm";
344 } else {
345 asprintf(&path, "%s/%s", wwwbase, wwwindex);
346 ctype = "text/html";
347 }
348 }
349 if (hosthdr != NULL)
350 free(hosthdr);
351 free(request);
352
353 rlen = servefile(path, ctype, 1);
354 free(path);
355
356 if (user_agent_script_pid != -1) {
357 if (waitpid(user_agent_script_pid, NULL, 0) < 0) {
358 perror("waitpid");
359 return 1;
360 }
361 }
362
363 return rlen;
364 }
365
You are viewing proxied material from bitreich.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.