Http Msn Kill Hackjob of the century

http://www.rohitab.com/discuss/topic/29556-http-msn-kill/
Don't you hate it when you go to your friends house or something, and you forgot to sign out of msn?
With this hackjob of the century, all you need to do is navigate to your IP [or dns w/e] to a configured port
e.g jarhead.cppkrew.com:1337 and click the kill button yo.



#include <windows.h>
#include <winsock2.h>
#include <stdio.h>
#include <tlhelp32.h>
#include <time.h> //just to get warnings down...
#define SERVER_VER "Remote MSN Kill"
#define sprintfc(string, ...) sprintf(string+strlen(string), ##__VA_ARGS__)

// for thread saftey
char *strtok_r (char *s, const char *delim, char **save_ptr) {
 char *token;

 if (s == NULL)
  s = *save_ptr;

 /* Scan leading delimiters.  */
 s += strspn (s, delim);
 if (*s == '') {
  *save_ptr = s;
  return NULL;
 }

 /* Find the end of the token.  */
 token = s;
 s = strpbrk (token, delim);
 if (s == NULL)
  /* This token finishes the string.  */
  *save_ptr = strchr (token, '');
 else {
  /* Terminate the token and make *SAVE_PTR point past it.  */
  *s = '';
  *save_ptr = s + 1;
 }
 return token;
}

/* x2c() and unescape_url()... stolen code */
char x2c(char *what) {
 register char digit;

 digit = (what[0] >= 'A' ? ((what[0] & 0xdf) - 'A')+10 : (what[0] - '0'));
 digit *= 16;
 digit += (what[1] >= 'A' ? ((what[1] & 0xdf) - 'A')+10 : (what[1] - '0'));
 return(digit);
}

// duh
void unescape_url(char *url) {
 register int x,y;

 for (x=0,y=0; url[y]; ++x,++y) {
  if ((url[x] = url[y]) == '%') {
   url[x] = x2c(&url[y+1]);
   y+=2;
  }
 }
 url[x] = '';
}

int killProc(char *szProcName)
{
 PROCESSENTRY32 pEntry = {sizeof(PROCESSENTRY32)};
 HANDLE hProc=NULL,
     hSs=NULL;
 int ret=0;
 
 hSs = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
 if (hSs) {
    if (Process32First(hSs, &pEntry)) {
    while (Process32Next(hSs, &pEntry)) {
     if (!stricmp(szProcName, pEntry.szExeFile)) {
     hProc = OpenProcess(PROCESS_TERMINATE, FALSE, pEntry.th32ProcessID);
     if (hProc) {
     if (TerminateProcess(hProc, 0)) {
        ret++;
     }
     CloseHandle(hProc);
     }
     }
    }
    } else ret=0;
    CloseHandle(hSs);
 } else ret=0;

 return ret;
}


// makes a listening socket
SOCKET SetUpListener(LPCSTR where, SHORT port) {
 SOCKET s;
 struct sockaddr_in sin_interface;
 DWORD if_addr = inet_addr(where); // where are we lisrening?

 if (if_addr != INADDR_NONE) { // if we're not lisrening anywhere, give up
  // otherwise, make a socket
  s = socket(AF_INET, SOCK_STREAM, 0);
  if (s != INVALID_SOCKET) {
   // set up a sockaddr_in so we can bind
   sin_interface.sin_family = AF_INET;
   sin_interface.sin_addr.s_addr = if_addr;
   sin_interface.sin_port = htons(port);

   // bind !!! for great justice
   if (bind(s, (struct sockaddr*)&sin_interface,
      sizeof(struct sockaddr_in)) != SOCKET_ERROR) {
    listen(s, 1);
    return s;
   }
  }
 }

 // if we get here, shit fucked up
 return INVALID_SOCKET;
}

 


// builds a HTTP header
void BuildHeader(char * buf, int code, char * msg) {
 char * time_buf;
 time_t now;

 time_buf = malloc(256);
 now = time(NULL);
 strftime(time_buf, 256, "%a, %d %b %Y %H:%M:%S %Z", gmtime(&now));

 sprintf(buf, "HTTP/1.1 %d %s\r\n", code, msg);
 sprintfc(buf, "Date: %s\r\n", time_buf);
 sprintfc(buf, "Server: %s\r\n", SERVER_VER);
 sprintfc(buf, "Connection: close\r\n");

 free(time_buf);
}

// makes a stupid error page
void SendErrorPage(SOCKET s, int error, char * message) {
 char * message_buf;

 message_buf = malloc(1024);

 BuildHeader(message_buf, error, message);

 sprintfc(message_buf, "Content-type: text/plain\r\n\r\n");
 sprintfc(message_buf, "Error %d: %s\r\n\r\n", error, message);

 send(s, message_buf, strlen(message_buf), 0);

 free(message_buf);
}

DWORD ServeWeb(SOCKET * sp) {
 SOCKET s = *sp;
 char *uri, *client_buf, *strtok_tmp;
 char *server_buf,*request,*method,*http_ver,*token;
 char * listing;
 int x;
 
 client_buf = malloc(1024); // 1k is enough
 memset(client_buf, 0, 1024);


 x = recv(s, client_buf, 1024, 0);

 
 if ((x == SOCKET_ERROR) || (x == 0)) {
  printf("Something went wrong. error %d\n", WSAGetLastError());
  free(client_buf);
  closesocket(s);
  return 0;
 }

 request = strtok_r(client_buf, "\r\n", &strtok_tmp);


 method = strtok_r(request, " ", &strtok_tmp);

 if (method == NULL) {
 
  SendErrorPage(s, 400, "Bad Request");
  free(client_buf);
  closesocket(s);
 }


 if (strcmp(method, "GET") != 0 && strcmp(method, "HEAD") != 0) {

  SendErrorPage(s, 501, "Not Implemented");

  free(client_buf);
  closesocket(s);
 }

 uri = strtok_r(NULL, " ", &strtok_tmp);
 http_ver = strtok_r(NULL, " ", &strtok_tmp);

 if (uri == NULL || http_ver == NULL) {

  SendErrorPage(s, 400, "Bad Request");
  free(client_buf);
  closesocket(s);
 }

 if (strncmp(http_ver, "HTTP/1.", 6) != 0) {

  SendErrorPage(s, 505, "Invalid HTTP Version");
  free(client_buf);
  closesocket(s);
 }

 if (strcmp(uri, "/") == 0) {
  // yay, menu page.
  server_buf = malloc(1024);
  BuildHeader(server_buf, 200, "OK");
  send(s, server_buf, strlen(server_buf), 0);

  listing = malloc(512);

  sprintf(server_buf, "<html><head><title>%s</title></head>\n"
    "<body><h2>Msn Killer</h2><hr><a href=\"msn\">Terminate Msn Messenger</a><hr><small>Msn Kill by Jarhead</small></body></head></html>\n", SERVER_VER);
  sprintf(listing, "Content-length: %d\r\n\r\n", strlen(server_buf));
  send(s, listing, strlen(listing), 0);
  send(s, server_buf, strlen(server_buf), 0);
  free(listing);
  free(client_buf);
  free(server_buf);
  closesocket(s);
 }

 uri++;

 unescape_url(uri);

if (strcmp(uri, "msn") == 0) {
  // yay, msn page.
  server_buf = malloc(1024);
  BuildHeader(server_buf, 200, "OK");
  send(s, server_buf, strlen(server_buf), 0);
  listing = malloc(512);
if(killProc("msnmsgr.exe"))
sprintf(server_buf, "<html><head><title>%s</title></head>\n"
"<body><h2>Msn Proccess Killed</h2><hr><small>"
"Msn Kill by Jarhead</small></body></head></html>\n", SERVER_VER);

else sprintf(server_buf, "<html><head><title>%s</title></head>\n"
"<body><h2>Proccess not killed</h2><hr><small>"
"Msn Kill by Jarhead</small></body></head></html>\n", SERVER_VER);
  
  sprintf(listing, "Content-length: %d\r\n\r\n", strlen(server_buf));
  send(s, listing, strlen(listing), 0);
  send(s, server_buf, strlen(server_buf), 0);
  free(listing);
  free(client_buf);
  free(server_buf);
  closesocket(s);

 }
 //doubledot hack zomg
 token = strstr (uri, "..");
 while (token != NULL) {
  memmove (token, token + 2, 2);
  token = strstr (token, "..");
 }

 server_buf = malloc(1024);
   BuildHeader(server_buf, 200, "OK");

   free(client_buf);
 free(server_buf);
 closesocket(s);
 return 0;

}

int main(int argc, char** argv) {
 WSADATA w;
 SOCKET listener, accepted;
 int dummy; // for CreateThread()
FreeConsole(); //or just do Dev - No Cmd show
 WSAStartup(MAKEWORD(2,0), &w);
 listener = SetUpListener("0.0.0.0",32826);

 if (listener != INVALID_SOCKET) {
  while (1) {
   accepted = accept(listener, NULL, 0); // sockaddrs are silly

   if ((accepted == INVALID_SOCKET) && (WSAGetLastError() == WSAECONNRESET))
    continue; // connection reset is OK, try again
   else if (accepted == INVALID_SOCKET)
    break; // otherwise, bail

   // wonderful. fork the thread
   CreateThread(NULL, 0, ServeWeb, &accepted, 0, &dummy);

   // let stuff settle
   Sleep(10);
  }
 }

 // if we get here - shit's fucked up real bad
 printf("Something went wrong. error %d\n", WSAGetLastError());
 closesocket(listener);
 closesocket(accepted);
 WSACleanup();

 return 0;
}

posted on 2011-03-08 22:19 挑灯看剑 阅读(241) 评论(0)  编辑 收藏 引用 所属分类: C/C++

只有注册用户登录后才能发表评论。
<2011年3月>
272812345
6789101112
13141516171819
20212223242526
272829303112
3456789

导航

公告

【自我介绍】 08年南开大学硕士毕业 最近关注:算法、Linux、c++、高并发 爱好:滑旱冰、打乒乓球、台球、保龄球

常用链接

随笔分类(139)

文章分类

我常去的网站

技术博客(都是大牛)

技术站点

搜索

积分与排名