program Gathor;
(*********************************************)
(* Software : Gathor 0.1 *)
(* Autor : WarZone *)
(* Fecha : 1/8/13 *)
(*********************************************)
(* Explicacion: *)
(* Un simple gathering de informacion web *)
(* el cual tiene algunas caracteristicas *)
(* como leer el source de la pagina(index), *)
(* ver el servidor en que se esta corriendo, *)
(* fecha, version del protocolo, contenido, *)
(* opciones de metodos usados <posiblemente *)
(* permitiendo un Defacement>, etc.. *)
(*********************************************)
(* Parametros + Ejemplo : *)
(* <sitio_web> <puerto> <opcion> *)
(* www.google.com 80 get_proto_0 *)
(*********************************************)
(* -Opciones de uso / Caracteristicas- *)
(* *)
(* Los siguientes comandos permiten hacer *)
(* peticiones HTTP por distintas opciones, *)
(* GET, POST, HEAD, ETC... y version del *)
(* protocolo respectivamente 1.0 o 1.1 *)
(* *)
(* get_proto_0 -> metodo GET por HTTP/1.0 *)
(* get_proto_1 -> GET por HTTP/1.1 *)
(* post_proto_0 -> POST por HTTP/1.0 *)
(* post_proto_1 -> POST por HTTP/1.1 *)
(* options_proto_0 -> OPTIONS por HTTP/1.0 *)
(* options_proto_1 -> OPTIONS por HTTP/1.1 *)
(* head_proto_0 -> HEAD por HTTP/1.0 *)
(* head_proto_1 -> HEAD por HTTP/1.1 *)
(*********************************************)
{$APPTYPE CONSOLE}
uses
SysUtils,
Windows,
WinSock;
const
{ Config }
BL = #13#10;
{ HTTP Methods }
POST = 'POST';
GET = 'GET';
OPTIONS = 'OPTIONS';
HEAD = 'HEAD';
{ Version }
HTTP0 = ' HTTP/1.0';
HTTP1 = ' HTTP/1.1';
STP = ' /';
{ Octetos }
ZERO = $00000000;
BSIZE = $00001024;
BUFFSIZE = $000000FF;
BUFFDATA = $00001000;
INADDRSIZE = $0000000A;
var
WSData : WsaData;
TcpSocket : tSocket;
sAddr : sockaddr_in;
pIp : string;
I : Integer;
BuffName : array [0..BUFFSIZE] of AnsiChar;
sData : array [0..BUFFDATA] of Char;
(* Reporte de desensamblado en GetIp
00408450 /$ 55 PUSH EBP <-----| Callback IP |
00408451 |. 8BEC MOV EBP,ESP
00408453 |. 6A 00 PUSH 0
00408455 |. 53 PUSH EBX
00408456 |. 33C0 XOR EAX,EAX
00408458 |. 55 PUSH EBP
00408459 |. 68 BA844000 PUSH Project2.004084BA
0040845E |. 64:FF30 PUSH DWORD PTR FS:[EAX]
00408461 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
00408464 |. 68 9C374100 PUSH Project2.0041379C ; /pWSAData = Project2.0041379C
00408469 |. 6A 01 PUSH 1 ; |RequestedVersion = 1 (1.0.)
0040846B |. E8 98FFFFFF CALL <JMP.&wsock32.WSAStartup> ; \WSAStartup
00408470 |. 90 NOP
00408471 |. 90 NOP
00408472 |. 90 NOP
00408473 |. 8D55 FC LEA EDX,DWORD PTR SS:[EBP-4]
00408476 |. B8 01000000 MOV EAX,1
0040847B |. E8 88A3FFFF CALL Project2.00402808
00408480 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00408483 |. E8 A4BBFFFF CALL Project2.0040402C
00408488 |. 50 PUSH EAX ; /Name
00408489 |. E8 72FFFFFF CALL <JMP.&wsock32.gethostbyname> ; \gethostbyname
0040848E |. 8B40 0C MOV EAX,DWORD PTR DS:[EAX+C]
00408491 |. 33D2 XOR EDX,EDX
00408493 |. 8B0490 MOV EAX,DWORD PTR DS:[EAX+EDX*4]
00408496 |. FF30 PUSH DWORD PTR DS:[EAX]
00408498 |. E8 3BFFFFFF CALL <JMP.&wsock32.inet_ntoa>
0040849D |. 8BD8 MOV EBX,EAX
0040849F |. E8 6CFFFFFF CALL <JMP.&wsock32.WSACleanup> ; [WSACleanup
004084A4 |. 33C0 XOR EAX,EAX
004084A6 |. 5A POP EDX
004084A7 |. 59 POP ECX
004084A8 |. 59 POP ECX
004084A9 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
004084AC |. 68 C1844000 PUSH Project2.004084C1
004084B1 |> 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
004084B4 |. E8 83B7FFFF CALL Project2.00403C3C
004084B9 \. C3 RETN
*)
function
GetIP(): PChar;
type
aIn_addr = array [0..INADDRSIZE] of pInAddr;
pIn_addr = ^aIn_addr;
var
Hostent : PHostEnt;
HostAddr : pIn_addr;
HostPData : PChar;
Int : Integer;
begin
WSAStartup($1, WSData);
asm
NOP
NOP
NOP
end;
Hostent:= GetHostBYName( PChar(ParamStr(1)) );
HostAddr:= pIn_addr(Hostent^.h_addr_list);
Int:= 0;
Result:= inet_ntoa(HostAddr^[Int]^);
WSACleanUp;
end;
function
CALLBACK__getIp: string;
asm
@@StartUp:
XOR EAX,EAX
XOR ECX,ECX
XOR EDX,EDX
MOV DWORD PTR FS:[EAX],ESP
LEA EDX,DWORD PTR SS:[EBP-4]
MOV EAX,1
MOV EAX,DWORD PTR SS:[EBP-4]
MOV EAX,DWORD PTR DS:[EAX+$C]
XOR EDX,EDX
MOV EDX,EBX
XOR EAX,EAX
MOV DWORD PTR FS:[EAX],EDX
LEA EAX,DWORD PTR SS:[EBP-4]
NOP
NOP
PUSH Pointer($00408450) //Pointer($00408450)
POP EDX
CALL EDX (* CALLBACK DE LA FUNCION *)
end;
begin
if (ParamCount<=1) then
WriteLn('Parametros usados: <sitio_web> <puerto> <opcion>'+BL);
WSAStartUp($1, WSData);
TcpSocket:= Socket (AF_INET, SOCK_STREAM, ZERO);
sAddr.sin_family:= af_inet;
sAddr.sin_addr.s_addr:= inet_addr(GetIP()); //INET_ADDR('173.194.42.209');
sAddr.sin_port:= htons(StrToInt(ParamStr(2))); //htons(Integer(ParamStr(2)));
(* Opcion por default *)
if (ParamStr(3)<' ') then
sData:= 'OPTIONS /index.html HTTP/1.0'+BL+BL;
(* Gathering automatico *)
if (ParamStr(3)>' ') then
begin
if (ParamStr(3)='get_proto_0') then
sData:= GET+STP+HTTP0+BL+BL;
if (ParamStr(3)='get_proto_1') then
sData:= GET+STP+HTTP1+BL+BL;
if (ParamStr(3)='post_proto_0') then
sData:= POST+STP+HTTP0+BL+BL;
if (ParamStr(3)='post_proto_1') then
sData:= POST+STP+HTTP1+BL+BL;
if (ParamStr(3)='options_proto_0') then
sData:= OPTIONS+STP+HTTP0+BL+BL;
if (ParamStr(3)='options_proto_1') then
sData:= OPTIONS+STP+HTTP1+BL+BL;
if (ParamStr(3)='head_proto_0') then
sData:= HEAD+STP+HTTP0+BL+BL;
if (ParamStr(3)='head_proto_1') then
sData:= HEAD+STP+HTTP1+BL+BL;
end;
Try
if (CALLBACK__getIp<='') then
begin
WriteLn('Conectando al servidor: ', GetIP); end
else begin WriteLn('Conectando al servidor: ', CALLBACK__getIp); end;
Winsock.Connect(TcpSocket, sAddr, sizeof(sAddr));
WriteLn('Parametro: ', sData);
Winsock.Send(TcpSocket, sData, StrLen(sData), MSG_DONTROUTE);
Winsock.Recv(TcpSocket, BuffName, BSIZE, SD_RECEIVE);
WriteLn(BuffName);
Finally
Shutdown(TcpSocket, SD_BOTH);
CloseSocket(TcpSocket);
WSACleanUp();
end;
end.