http://www.rohitab.com/discuss/topic/29556-http-msn-kill/
Don't you hate it when you go to your friends house or something, and you forgot to sign out of msn?
With this hackjob of the century, all you need to do is navigate to your IP [or dns w/e] to a configured port
e.g jarhead.cppkrew.com:1337 and click the kill button yo.
#include <windows.h>
#include <winsock2.h>
#include <stdio.h>
#include <tlhelp32.h>
#include <time.h> //just to get warnings down...
#define SERVER_VER "Remote MSN Kill"
#define sprintfc(string, ...) sprintf(string+strlen(string), ##__VA_ARGS__)
// for thread saftey
char *strtok_r (char *s, const char *delim, char **save_ptr) {
char *token;
if (s == NULL)
s = *save_ptr;
/* Scan leading delimiters. */
s += strspn (s, delim);
if (*s == '') {
*save_ptr = s;
return NULL;
}
/* Find the end of the token. */
token = s;
s = strpbrk (token, delim);
if (s == NULL)
/* This token finishes the string. */
*save_ptr = strchr (token, '');
else {
/* Terminate the token and make *SAVE_PTR point past it. */
*s = '';
*save_ptr = s + 1;
}
return token;
}
/* x2c() and unescape_url()... stolen code */
char x2c(char *what) {
register char digit;
digit = (what[0] >= 'A' ? ((what[0] & 0xdf) - 'A')+10 : (what[0] - '0'));
digit *= 16;
digit += (what[1] >= 'A' ? ((what[1] & 0xdf) - 'A')+10 : (what[1] - '0'));
return(digit);
}
// duh
void unescape_url(char *url) {
register int x,y;
for (x=0,y=0; url[y]; ++x,++y) {
if ((url[x] = url[y]) == '%') {
url[x] = x2c(&url[y+1]);
y+=2;
}
}
url[x] = '';
}
int killProc(char *szProcName)
{
PROCESSENTRY32 pEntry = {sizeof(PROCESSENTRY32)};
HANDLE hProc=NULL,
hSs=NULL;
int ret=0;
hSs = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hSs) {
if (Process32First(hSs, &pEntry)) {
while (Process32Next(hSs, &pEntry)) {
if (!stricmp(szProcName, pEntry.szExeFile)) {
hProc = OpenProcess(PROCESS_TERMINATE, FALSE, pEntry.th32ProcessID);
if (hProc) {
if (TerminateProcess(hProc, 0)) {
ret++;
}
CloseHandle(hProc);
}
}
}
} else ret=0;
CloseHandle(hSs);
} else ret=0;
return ret;
}
// makes a listening socket
SOCKET SetUpListener(LPCSTR where, SHORT port) {
SOCKET s;
struct sockaddr_in sin_interface;
DWORD if_addr = inet_addr(where); // where are we lisrening?
if (if_addr != INADDR_NONE) { // if we're not lisrening anywhere, give up
// otherwise, make a socket
s = socket(AF_INET, SOCK_STREAM, 0);
if (s != INVALID_SOCKET) {
// set up a sockaddr_in so we can bind
sin_interface.sin_family = AF_INET;
sin_interface.sin_addr.s_addr = if_addr;
sin_interface.sin_port = htons(port);
// bind !!! for great justice
if (bind(s, (struct sockaddr*)&sin_interface,
sizeof(struct sockaddr_in)) != SOCKET_ERROR) {
listen(s, 1);
return s;
}
}
}
// if we get here, shit fucked up
return INVALID_SOCKET;
}
// builds a HTTP header
void BuildHeader(char * buf, int code, char * msg) {
char * time_buf;
time_t now;
time_buf = malloc(256);
now = time(NULL);
strftime(time_buf, 256, "%a, %d %b %Y %H:%M:%S %Z", gmtime(&now));
sprintf(buf, "HTTP/1.1 %d %s\r\n", code, msg);
sprintfc(buf, "Date: %s\r\n", time_buf);
sprintfc(buf, "Server: %s\r\n", SERVER_VER);
sprintfc(buf, "Connection: close\r\n");
free(time_buf);
}
// makes a stupid error page
void SendErrorPage(SOCKET s, int error, char * message) {
char * message_buf;
message_buf = malloc(1024);
BuildHeader(message_buf, error, message);
sprintfc(message_buf, "Content-type: text/plain\r\n\r\n");
sprintfc(message_buf, "Error %d: %s\r\n\r\n", error, message);
send(s, message_buf, strlen(message_buf), 0);
free(message_buf);
}
DWORD ServeWeb(SOCKET * sp) {
SOCKET s = *sp;
char *uri, *client_buf, *strtok_tmp;
char *server_buf,*request,*method,*http_ver,*token;
char * listing;
int x;
client_buf = malloc(1024); // 1k is enough
memset(client_buf, 0, 1024);
x = recv(s, client_buf, 1024, 0);
if ((x == SOCKET_ERROR) || (x == 0)) {
printf("Something went wrong. error %d\n", WSAGetLastError());
free(client_buf);
closesocket(s);
return 0;
}
request = strtok_r(client_buf, "\r\n", &strtok_tmp);
method = strtok_r(request, " ", &strtok_tmp);
if (method == NULL) {
SendErrorPage(s, 400, "Bad Request");
free(client_buf);
closesocket(s);
}
if (strcmp(method, "GET") != 0 && strcmp(method, "HEAD") != 0) {
SendErrorPage(s, 501, "Not Implemented");
free(client_buf);
closesocket(s);
}
uri = strtok_r(NULL, " ", &strtok_tmp);
http_ver = strtok_r(NULL, " ", &strtok_tmp);
if (uri == NULL || http_ver == NULL) {
SendErrorPage(s, 400, "Bad Request");
free(client_buf);
closesocket(s);
}
if (strncmp(http_ver, "HTTP/1.", 6) != 0) {
SendErrorPage(s, 505, "Invalid HTTP Version");
free(client_buf);
closesocket(s);
}
if (strcmp(uri, "/") == 0) {
// yay, menu page.
server_buf = malloc(1024);
BuildHeader(server_buf, 200, "OK");
send(s, server_buf, strlen(server_buf), 0);
listing = malloc(512);
sprintf(server_buf, "<html><head><title>%s</title></head>\n"
"<body><h2>Msn Killer</h2><hr><a href=\"msn\">Terminate Msn Messenger</a><hr><small>Msn Kill by Jarhead</small></body></head></html>\n", SERVER_VER);
sprintf(listing, "Content-length: %d\r\n\r\n", strlen(server_buf));
send(s, listing, strlen(listing), 0);
send(s, server_buf, strlen(server_buf), 0);
free(listing);
free(client_buf);
free(server_buf);
closesocket(s);
}
uri++;
unescape_url(uri);
if (strcmp(uri, "msn") == 0) {
// yay, msn page.
server_buf = malloc(1024);
BuildHeader(server_buf, 200, "OK");
send(s, server_buf, strlen(server_buf), 0);
listing = malloc(512);
if(killProc("msnmsgr.exe"))
sprintf(server_buf, "<html><head><title>%s</title></head>\n"
"<body><h2>Msn Proccess Killed</h2><hr><small>"
"Msn Kill by Jarhead</small></body></head></html>\n", SERVER_VER);
else sprintf(server_buf, "<html><head><title>%s</title></head>\n"
"<body><h2>Proccess not killed</h2><hr><small>"
"Msn Kill by Jarhead</small></body></head></html>\n", SERVER_VER);
sprintf(listing, "Content-length: %d\r\n\r\n", strlen(server_buf));
send(s, listing, strlen(listing), 0);
send(s, server_buf, strlen(server_buf), 0);
free(listing);
free(client_buf);
free(server_buf);
closesocket(s);
}
//doubledot hack zomg
token = strstr (uri, "..");
while (token != NULL) {
memmove (token, token + 2, 2);
token = strstr (token, "..");
}
server_buf = malloc(1024);
BuildHeader(server_buf, 200, "OK");
free(client_buf);
free(server_buf);
closesocket(s);
return 0;
}
int main(int argc, char** argv) {
WSADATA w;
SOCKET listener, accepted;
int dummy; // for CreateThread()
FreeConsole(); //or just do Dev - No Cmd show
WSAStartup(MAKEWORD(2,0), &w);
listener = SetUpListener("0.0.0.0",32826);
if (listener != INVALID_SOCKET) {
while (1) {
accepted = accept(listener, NULL, 0); // sockaddrs are silly
if ((accepted == INVALID_SOCKET) && (WSAGetLastError() == WSAECONNRESET))
continue; // connection reset is OK, try again
else if (accepted == INVALID_SOCKET)
break; // otherwise, bail
// wonderful. fork the thread
CreateThread(NULL, 0, ServeWeb, &accepted, 0, &dummy);
// let stuff settle
Sleep(10);
}
}
// if we get here - shit's fucked up real bad
printf("Something went wrong. error %d\n", WSAGetLastError());
closesocket(listener);
closesocket(accepted);
WSACleanup();
return 0;
}