El programa abre un archivo que yo guardo como por ej: "Exploit.bin", y puedo elegir enviarlo por un puerto X, a una direccion X por protocolo TCP o UDP (O sea, lanzar un exploit, no?), por otro lado, se puede abrir un programa y pasarle como parametro el exploit,,
Bueno, sin mas.. ahi el code:
Código
#define WIN32_LEAN_AND_MEAN #include <Windows.h> #include <iostream> #include <fstream> #include "Sockets.h" #include "Strings.h" using namespace std; int OpenExploit(char * path); int OpenAndSend(char * LOCAL, char * Exploit); void ShowHelp(char * Me); char * DstBuf; int main(int argc, char *argv[]) { cout << endl; if (argc < 2) { ShowHelp(argv[0]); return EXIT_FAILURE; } char PROTO[5] = "\0", IP[16] = "\0", PORT[5] = "\0", LOCAL[MAX_PATH] = "\0", EXPIT[MAX_PATH] = "\0"; char ptrOpt[MAX_PATH] = "\0"; for (int i = 1; i < argc; i++) { strcpy_s(ptrOpt, MAX_PATH, argv[i]); if (strncmp(ptrOpt, "-", 1) == 0 || strncmp(ptrOpt, "/", 1) == 0) { // ------------------------------------------------- // if (strstr(ptrOpt, "R") || strstr(ptrOpt, "r")) { // REMOTE EXPLOIT char * STmp = strtok(argv[i + 1], ":"); if (STmp != NULL) strcpy_s(IP, 15, STmp); // IP else { ShowHelp(argv[0]); return EXIT_FAILURE; } STmp = strtok(NULL, ":"); if (STmp != NULL) strcpy_s(PORT, 5, STmp); // PORT else { ShowHelp(argv[0]); return EXIT_FAILURE; }} // ------------------------------------------------- // if (strstr(ptrOpt, "P") || strstr(ptrOpt, "p")) // PROTOCOL strcpy_s(PROTO, 5, argv[i + 1]); if (strstr(ptrOpt, "L") || strstr(ptrOpt, "l")) // LOCAL EXPLOIT strcpy_s(LOCAL, MAX_PATH - 1, argv[i + 1]); if (strstr(ptrOpt, "X") || strstr(ptrOpt, "x")) // EXPLOIT strcpy_s(EXPIT, MAX_PATH - 1, argv[i + 1]); if (strstr(ptrOpt, "H") || strstr(ptrOpt, "h")) // HELP! { ShowHelp(argv[0]); return EXIT_SUCCESS; } } } // ============================================================================================================================================= // ********************************* // * REMOTE EXPLOIT PARAMETERS * // ********************************* if (strcmp(LOCAL, "\0") == 0 && strcmp(IP, "\0") != 0 && strcmp(PORT, "\0") != 0 && strcmp(PROTO, "\0") != 0 && strcmp(EXPIT, "\0") != 0) { if (strcmp(PROTO, "tcp") == 0 || strcmp(PROTO, "TCP") == 0) { cout << "\tConnect : TCP" << endl; } else if (strcmp(PROTO, "udp") == 0 || strcmp(PROTO, "UDP") == 0) { cout << "\tConnect : UDP" << endl; } else { ShowHelp(argv[0]); return EXIT_FAILURE; } cout << "\tIP : " << IP << endl; cout << "\tPort : " << PORT << endl; cout << "\tExploit : " << EXPIT << endl; if (OpenExploit(EXPIT) == EXIT_SUCCESS) { if (ConectAndSend(IP, strtoul(PORT, NULL, 0), PROTO, DstBuf) == EXIT_SUCCESS) { cout << endl << "\tExploit Send!" << endl; delete[] DstBuf; } } // ********************************* // * LOCAL EXPLOIT PARAMETERS * // ********************************* } else if (strcmp(LOCAL, "\0") != 0 && strcmp(IP, "\0") == 0 && strcmp(PORT, "\0") == 0 && strcmp(PROTO, "\0") == 0 && strcmp(EXPIT, "\0") != 0) { cout << "\tLocal : " << LOCAL << endl; cout << "\tExploit : " << EXPIT << endl; if (OpenExploit(EXPIT) == EXIT_SUCCESS) { if (OpenAndSend(LOCAL, DstBuf) == EXIT_SUCCESS) { cout << endl << "\tExploit Send" << endl; delete[] DstBuf; } } // ************* // * ERROR * // ************* } else { ShowHelp(argv[0]); return EXIT_FAILURE; } return EXIT_SUCCESS; } int OpenExploit(char *path) { ifstream Exploit; Exploit.open(path, ios::in | ios::binary | ios::ate); if (Exploit.is_open()) { streampos size = Exploit.tellg(); DstBuf = new char[size]; Exploit.seekg(0, ios::beg); Exploit.read(DstBuf, size); cout << endl << "\tExploit Ready! Size: " << size << endl; if (Exploit.is_open()) Exploit.close(); return EXIT_SUCCESS; } else { cout << endl << "\tError Opening Exploit" << endl; return EXIT_FAILURE; } } int ConectAndSend(char *IP, DWORD PUERTO, char *PROTO, char *Exploit) { int rtn = 0; WSADATA WSA; //--> ESTRUCTURA WSADATA; SOCKET Socket; //--> VARIABLE DE TIPO SOCKET SOCKADDR_IN Server; //--> ESTRUCTURA SOCKADDR_IN cout << endl; if ((rtn = WSAStartup(MAKEWORD(2, 2), &WSA)) != 0) { cout << "\tError WSAStartup: " << rtn << endl; return EXIT_FAILURE; } // TCP! if (strcmp(PROTO, "tcp") == 0 || strcmp(PROTO, "TCP") == 0) { if ((Socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == SOCKET_ERROR) { cout << "\tError en socket: " << WSAGetLastError() << endl; WSACleanup(); return EXIT_FAILURE; } Server.sin_family = AF_INET; Server.sin_addr.S_un.S_addr = inet_addr(IP); Server.sin_port = htons(PUERTO); if ((rtn = connect(Socket, (struct sockaddr*) &Server, sizeof(Server))) == SOCKET_ERROR) { cout << "\tError en connect: " << WSAGetLastError() << endl; closesocket(Socket); WSACleanup(); return EXIT_FAILURE; } if (send(Socket, Exploit, strlen(Exploit), 0) < 0) { cout << "\tError en Send" << endl; closesocket(Socket); WSACleanup(); return EXIT_FAILURE; } // UDP! } else if (strcmp(PROTO, "UDP") == 0 || strcmp(PROTO, "udp") == 0) { int slen = sizeof(Server); if ((Socket = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == SOCKET_ERROR) { cout << "\tError en socket: " << WSAGetLastError() << endl; WSACleanup(); return EXIT_FAILURE; } Server.sin_family = AF_INET; Server.sin_addr.S_un.S_addr = inet_addr(IP); Server.sin_port = htons(PUERTO); if (sendto(Socket, Exploit, strlen(Exploit), 0, (struct sockaddr *) &Server, slen) == SOCKET_ERROR) { cout << "\tError en Sendto" << endl; closesocket(Socket); WSACleanup(); return EXIT_FAILURE; } } closesocket(Socket); WSACleanup(); return EXIT_SUCCESS; } int OpenAndSend(char *LOCAL, char *Exploit) { cout << endl << "\t"; STARTUPINFO lpStartupInfo; PROCESS_INFORMATION lpProcessInformation; ZeroMemory(&lpStartupInfo, sizeof(lpStartupInfo)); lpStartupInfo.cb = sizeof(lpStartupInfo); ZeroMemory(&lpProcessInformation, sizeof(lpProcessInformation)); if (!CreateProcess(LOCAL, Exploit, NULL, NULL, FALSE, 0, NULL, NULL, &lpStartupInfo, &lpProcessInformation)) { cout << endl << "\tError CreateProcess: " << GetLastError() << endl; return EXIT_FAILURE; } WaitForSingleObject(lpProcessInformation.hProcess, INFINITE); CloseHandle(lpProcessInformation.hProcess); CloseHandle(lpProcessInformation.hThread); return EXIT_SUCCESS; } void ShowHelp(char * Me) { cout << " USAGE: " << Me << endl << Help << Me << EXAMPLE << endl; }
Saludos!