Prototipo "Lanzador Exploit"

Iniciado por Vaagish, 16 Diciembre 2014, 04:24 AM

0 Miembros y 1 Visitante están viendo este tema.

Vaagish

Hola, estoy con este programa y quería (ademas de compartirlo) tener una opinión extra, puede que no este super prolijo, y que algunas cosas se puedan optimizar,, (y probablemente lo haga), pero me gustaría tener una opinión fresca,, que tal el código, el método usado, etc..

El programa abre un archivo que yo guardo como por ej: "Exploit.bin", y puedo elegir enviarlo por un puerto X, a una direccion X por protocolo TCP o UDP (O sea, lanzar un exploit, no?), por otro lado, se puede abrir un programa y pasarle como parametro el exploit,,

Bueno, sin mas.. ahi el code:

Código (cpp) [Seleccionar]
#define WIN32_LEAN_AND_MEAN

#include <Windows.h>
#include <iostream>
#include <fstream>
#include "Sockets.h"
#include "Strings.h"
using namespace std;

int OpenExploit(char * path);
int OpenAndSend(char * LOCAL, char * Exploit);
void ShowHelp(char * Me);

char * DstBuf;

int main(int argc, char *argv[])
{

cout << endl;

if (argc < 2) { ShowHelp(argv[0]); return EXIT_FAILURE; }

char PROTO[5] = "\0",
IP[16] = "\0",
PORT[5] = "\0",
LOCAL[MAX_PATH] = "\0",
EXPIT[MAX_PATH] = "\0";

char ptrOpt[MAX_PATH] = "\0";

for (int i = 1; i < argc; i++)
{
strcpy_s(ptrOpt, MAX_PATH, argv[i]);

if (strncmp(ptrOpt, "-", 1) == 0 || strncmp(ptrOpt, "/", 1) == 0)
{
// ------------------------------------------------- //
if (strstr(ptrOpt, "R") || strstr(ptrOpt, "r")) { // REMOTE EXPLOIT
char * STmp = strtok(argv[i + 1], ":");
if (STmp != NULL) strcpy_s(IP, 15, STmp); // IP
else { ShowHelp(argv[0]); return EXIT_FAILURE; }
STmp = strtok(NULL, ":");
if (STmp != NULL) strcpy_s(PORT, 5, STmp); // PORT
else { ShowHelp(argv[0]); return EXIT_FAILURE; }}
// ------------------------------------------------- //

if (strstr(ptrOpt, "P") || strstr(ptrOpt, "p")) // PROTOCOL
strcpy_s(PROTO, 5, argv[i + 1]);
if (strstr(ptrOpt, "L") || strstr(ptrOpt, "l")) // LOCAL EXPLOIT
strcpy_s(LOCAL, MAX_PATH - 1, argv[i + 1]);
if (strstr(ptrOpt, "X") || strstr(ptrOpt, "x")) // EXPLOIT
strcpy_s(EXPIT, MAX_PATH - 1, argv[i + 1]);
if (strstr(ptrOpt, "H") || strstr(ptrOpt, "h")) // HELP!
{ ShowHelp(argv[0]); return EXIT_SUCCESS; }
}
}

// =============================================================================================================================================

// *********************************
// * REMOTE EXPLOIT PARAMETERS *
// *********************************
if (strcmp(LOCAL, "\0") == 0 && strcmp(IP, "\0") != 0 && strcmp(PORT, "\0") != 0 && strcmp(PROTO, "\0") != 0 && strcmp(EXPIT, "\0") != 0) {

if (strcmp(PROTO, "tcp") == 0 || strcmp(PROTO, "TCP") == 0) {
cout << "\tConnect : TCP" << endl;
} else if (strcmp(PROTO, "udp") == 0 || strcmp(PROTO, "UDP") == 0) {
cout << "\tConnect : UDP" << endl;
} else {
ShowHelp(argv[0]);
return EXIT_FAILURE;
}

cout << "\tIP      : " << IP << endl;
cout << "\tPort    : " << PORT << endl;
cout << "\tExploit : " << EXPIT << endl;

if (OpenExploit(EXPIT) == EXIT_SUCCESS) {
if (ConectAndSend(IP, strtoul(PORT, NULL, 0), PROTO, DstBuf) == EXIT_SUCCESS) {
cout << endl << "\tExploit Send!" << endl;
delete[] DstBuf;
}
}


// *********************************
// * LOCAL EXPLOIT PARAMETERS *
// *********************************
} else if (strcmp(LOCAL, "\0") != 0 && strcmp(IP, "\0") == 0 && strcmp(PORT, "\0") == 0 && strcmp(PROTO, "\0") == 0 && strcmp(EXPIT, "\0") != 0) {

cout << "\tLocal   : " << LOCAL << endl;
cout << "\tExploit : " << EXPIT << endl;

if (OpenExploit(EXPIT) == EXIT_SUCCESS) {
if (OpenAndSend(LOCAL, DstBuf) == EXIT_SUCCESS) {
cout << endl << "\tExploit Send" << endl;
delete[] DstBuf;
}
}

// *************
// * ERROR *
// *************
} else { ShowHelp(argv[0]); return EXIT_FAILURE; }


return EXIT_SUCCESS;
}

int OpenExploit(char *path)
{

ifstream Exploit;

Exploit.open(path, ios::in | ios::binary | ios::ate);

if (Exploit.is_open())
{
streampos size = Exploit.tellg();
DstBuf = new char[size];
Exploit.seekg(0, ios::beg);
Exploit.read(DstBuf, size);
cout << endl << "\tExploit Ready! Size: " << size << endl;
if (Exploit.is_open()) Exploit.close();
return EXIT_SUCCESS;
} else {
cout << endl << "\tError Opening Exploit" << endl;
return EXIT_FAILURE;
}
}

int ConectAndSend(char *IP, DWORD PUERTO, char *PROTO, char *Exploit)
{

int rtn = 0;

WSADATA WSA; //--> ESTRUCTURA WSADATA;
SOCKET Socket; //--> VARIABLE DE TIPO SOCKET
SOCKADDR_IN Server; //--> ESTRUCTURA SOCKADDR_IN

cout << endl;

if ((rtn = WSAStartup(MAKEWORD(2, 2), &WSA)) != 0) {
cout << "\tError WSAStartup: " << rtn << endl;
return EXIT_FAILURE;
}

// TCP!
if (strcmp(PROTO, "tcp") == 0 || strcmp(PROTO, "TCP") == 0) {

if ((Socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == SOCKET_ERROR) {
cout << "\tError en socket: " << WSAGetLastError() << endl;
WSACleanup();
return EXIT_FAILURE;
}
Server.sin_family = AF_INET;
Server.sin_addr.S_un.S_addr = inet_addr(IP);
Server.sin_port = htons(PUERTO);
if ((rtn = connect(Socket, (struct sockaddr*) &Server, sizeof(Server))) == SOCKET_ERROR) {
cout << "\tError en connect: " << WSAGetLastError() << endl;
closesocket(Socket);
WSACleanup();
return EXIT_FAILURE;
}
if (send(Socket, Exploit, strlen(Exploit), 0) < 0) {
cout << "\tError en Send" << endl;
closesocket(Socket);
WSACleanup();
return EXIT_FAILURE;
}

// UDP!
} else if (strcmp(PROTO, "UDP") == 0 || strcmp(PROTO, "udp") == 0) {

int slen = sizeof(Server);

if ((Socket = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == SOCKET_ERROR) {
cout << "\tError en socket: " << WSAGetLastError() << endl;
WSACleanup();
return EXIT_FAILURE;
}
Server.sin_family = AF_INET;
Server.sin_addr.S_un.S_addr = inet_addr(IP);
Server.sin_port = htons(PUERTO);
if (sendto(Socket, Exploit, strlen(Exploit), 0, (struct sockaddr *) &Server, slen) == SOCKET_ERROR) {
cout << "\tError en Sendto" << endl;
closesocket(Socket);
WSACleanup();
return EXIT_FAILURE;
}

}

closesocket(Socket);
WSACleanup();
return EXIT_SUCCESS;
}

int OpenAndSend(char *LOCAL, char *Exploit)
{

cout << endl << "\t";

STARTUPINFO lpStartupInfo;
PROCESS_INFORMATION lpProcessInformation;

ZeroMemory(&lpStartupInfo, sizeof(lpStartupInfo));
lpStartupInfo.cb = sizeof(lpStartupInfo);
ZeroMemory(&lpProcessInformation, sizeof(lpProcessInformation));

if (!CreateProcess(LOCAL, Exploit, NULL, NULL, FALSE, 0, NULL, NULL, &lpStartupInfo, &lpProcessInformation))
{
cout << endl << "\tError CreateProcess: " << GetLastError() << endl;
return EXIT_FAILURE;
}

WaitForSingleObject(lpProcessInformation.hProcess, INFINITE);
CloseHandle(lpProcessInformation.hProcess);
CloseHandle(lpProcessInformation.hThread);

return EXIT_SUCCESS;
}

void ShowHelp(char * Me)
{
cout << " USAGE: " << Me << endl << Help << Me << EXAMPLE << endl;
}


Saludos!