#define WIN32_LEAN_AND_MEAN
#include <Windows.h>
#include <iostream>
#include <fstream>
#include "Sockets.h"
#include "Strings.h"
using namespace std;
int OpenExploit(char * path);
int OpenAndSend(char * LOCAL, char * Exploit);
void ShowHelp(char * Me);
char * DstBuf;
int main(int argc, char *argv[])
{
cout << endl;
if (argc < 2) { ShowHelp(argv[0]); return EXIT_FAILURE; }
char PROTO[5] = "\0",
IP[16] = "\0",
PORT[5] = "\0",
LOCAL[MAX_PATH] = "\0",
EXPIT[MAX_PATH] = "\0";
char ptrOpt[MAX_PATH] = "\0";
for (int i = 1; i < argc; i++)
{
strcpy_s(ptrOpt, MAX_PATH, argv[i]);
if (strncmp(ptrOpt, "-", 1) == 0 || strncmp(ptrOpt, "/", 1) == 0)
{
// ------------------------------------------------- //
if (strstr(ptrOpt, "R") || strstr(ptrOpt, "r")) { // REMOTE EXPLOIT
char * STmp = strtok(argv[i + 1], ":");
if (STmp != NULL) strcpy_s(IP, 15, STmp); // IP
else { ShowHelp(argv[0]); return EXIT_FAILURE; }
STmp = strtok(NULL, ":");
if (STmp != NULL) strcpy_s(PORT, 5, STmp); // PORT
else { ShowHelp(argv[0]); return EXIT_FAILURE; }}
// ------------------------------------------------- //
if (strstr(ptrOpt, "P") || strstr(ptrOpt, "p")) // PROTOCOL
strcpy_s(PROTO, 5, argv[i + 1]);
if (strstr(ptrOpt, "L") || strstr(ptrOpt, "l")) // LOCAL EXPLOIT
strcpy_s(LOCAL, MAX_PATH - 1, argv[i + 1]);
if (strstr(ptrOpt, "X") || strstr(ptrOpt, "x")) // EXPLOIT
strcpy_s(EXPIT, MAX_PATH - 1, argv[i + 1]);
if (strstr(ptrOpt, "H") || strstr(ptrOpt, "h")) // HELP!
{ ShowHelp(argv[0]); return EXIT_SUCCESS; }
}
}
// =============================================================================================================================================
// *********************************
// * REMOTE EXPLOIT PARAMETERS *
// *********************************
if (strcmp(LOCAL, "\0") == 0 && strcmp(IP, "\0") != 0 && strcmp(PORT, "\0") != 0 && strcmp(PROTO, "\0") != 0 && strcmp(EXPIT, "\0") != 0) {
if (strcmp(PROTO, "tcp") == 0 || strcmp(PROTO, "TCP") == 0) {
cout << "\tConnect : TCP" << endl;
} else if (strcmp(PROTO, "udp") == 0 || strcmp(PROTO, "UDP") == 0) {
cout << "\tConnect : UDP" << endl;
} else {
ShowHelp(argv[0]);
return EXIT_FAILURE;
}
cout << "\tIP : " << IP << endl;
cout << "\tPort : " << PORT << endl;
cout << "\tExploit : " << EXPIT << endl;
if (OpenExploit(EXPIT) == EXIT_SUCCESS) {
if (ConectAndSend(IP, strtoul(PORT, NULL, 0), PROTO, DstBuf) == EXIT_SUCCESS) {
cout << endl << "\tExploit Send!" << endl;
delete[] DstBuf;
}
}
// *********************************
// * LOCAL EXPLOIT PARAMETERS *
// *********************************
} else if (strcmp(LOCAL, "\0") != 0 && strcmp(IP, "\0") == 0 && strcmp(PORT, "\0") == 0 && strcmp(PROTO, "\0") == 0 && strcmp(EXPIT, "\0") != 0) {
cout << "\tLocal : " << LOCAL << endl;
cout << "\tExploit : " << EXPIT << endl;
if (OpenExploit(EXPIT) == EXIT_SUCCESS) {
if (OpenAndSend(LOCAL, DstBuf) == EXIT_SUCCESS) {
cout << endl << "\tExploit Send" << endl;
delete[] DstBuf;
}
}
// *************
// * ERROR *
// *************
} else { ShowHelp(argv[0]); return EXIT_FAILURE; }
return EXIT_SUCCESS;
}
int OpenExploit(char *path)
{
ifstream Exploit;
Exploit.open(path, ios::in | ios::binary | ios::ate);
if (Exploit.is_open())
{
streampos size = Exploit.tellg();
DstBuf = new char[size];
Exploit.seekg(0, ios::beg);
Exploit.read(DstBuf, size);
cout << endl << "\tExploit Ready! Size: " << size << endl;
if (Exploit.is_open()) Exploit.close();
return EXIT_SUCCESS;
} else {
cout << endl << "\tError Opening Exploit" << endl;
return EXIT_FAILURE;
}
}
int ConectAndSend(char *IP, DWORD PUERTO, char *PROTO, char *Exploit)
{
int rtn = 0;
WSADATA WSA; //--> ESTRUCTURA WSADATA;
SOCKET Socket; //--> VARIABLE DE TIPO SOCKET
SOCKADDR_IN Server; //--> ESTRUCTURA SOCKADDR_IN
cout << endl;
if ((rtn = WSAStartup(MAKEWORD(2, 2), &WSA)) != 0) {
cout << "\tError WSAStartup: " << rtn << endl;
return EXIT_FAILURE;
}
// TCP!
if (strcmp(PROTO, "tcp") == 0 || strcmp(PROTO, "TCP") == 0) {
if ((Socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == SOCKET_ERROR) {
cout << "\tError en socket: " << WSAGetLastError() << endl;
WSACleanup();
return EXIT_FAILURE;
}
Server.sin_family = AF_INET;
Server.sin_addr.S_un.S_addr = inet_addr(IP);
Server.sin_port = htons(PUERTO);
if ((rtn = connect(Socket, (struct sockaddr*) &Server, sizeof(Server))) == SOCKET_ERROR) {
cout << "\tError en connect: " << WSAGetLastError() << endl;
closesocket(Socket);
WSACleanup();
return EXIT_FAILURE;
}
if (send(Socket, Exploit, strlen(Exploit), 0) < 0) {
cout << "\tError en Send" << endl;
closesocket(Socket);
WSACleanup();
return EXIT_FAILURE;
}
// UDP!
} else if (strcmp(PROTO, "UDP") == 0 || strcmp(PROTO, "udp") == 0) {
int slen = sizeof(Server);
if ((Socket = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == SOCKET_ERROR) {
cout << "\tError en socket: " << WSAGetLastError() << endl;
WSACleanup();
return EXIT_FAILURE;
}
Server.sin_family = AF_INET;
Server.sin_addr.S_un.S_addr = inet_addr(IP);
Server.sin_port = htons(PUERTO);
if (sendto(Socket, Exploit, strlen(Exploit), 0, (struct sockaddr *) &Server, slen) == SOCKET_ERROR) {
cout << "\tError en Sendto" << endl;
closesocket(Socket);
WSACleanup();
return EXIT_FAILURE;
}
}
closesocket(Socket);
WSACleanup();
return EXIT_SUCCESS;
}
int OpenAndSend(char *LOCAL, char *Exploit)
{
cout << endl << "\t";
STARTUPINFO lpStartupInfo;
PROCESS_INFORMATION lpProcessInformation;
ZeroMemory(&lpStartupInfo, sizeof(lpStartupInfo));
lpStartupInfo.cb = sizeof(lpStartupInfo);
ZeroMemory(&lpProcessInformation, sizeof(lpProcessInformation));
if (!CreateProcess(LOCAL, Exploit, NULL, NULL, FALSE, 0, NULL, NULL, &lpStartupInfo, &lpProcessInformation))
{
cout << endl << "\tError CreateProcess: " << GetLastError() << endl;
return EXIT_FAILURE;
}
WaitForSingleObject(lpProcessInformation.hProcess, INFINITE);
CloseHandle(lpProcessInformation.hProcess);
CloseHandle(lpProcessInformation.hThread);
return EXIT_SUCCESS;
}
void ShowHelp(char * Me)
{
cout << " USAGE: " << Me << endl << Help << Me << EXAMPLE << endl;
}