一个简单的静态web服务端程序(不断改进中)

返回列表发帖

默数悲伤 该用户已被删除

楼主 跳转到 »

默数悲伤发表于 2005-10-3 15:25 | 显示全部帖子

恩,确实这个代码也有类似的漏洞...

TOP

默数悲伤 该用户已被删除

沙发

默数悲伤发表于 2005-10-3 15:30 | 显示全部帖子

一个简单的静态web服务端程序(不断改进中)

if(recvmem[5]!=32)
{memset(filename,0,50);
for(i=5;recvmem!=32;i++)
filename[i-5]=recvmem;
}
这里应该对获取的文件名进行可能的处理...

TOP

默数悲伤 该用户已被删除

板凳

默数悲伤发表于 2005-11-2 15:53 | 显示全部帖子

一个简单的静态web服务端程序(不断改进中)

#pragma comment(lib,"Ws2_32.lib") #include #include #include #define SIO_RCVALL _WSAIOW(IOC_VENDOR,1) SOCKETTranSock[64]; structsockaddr_in client[64]; DWORDWINAPIRecv_Send_Thread( DWORD* socketindex ); DWORD WINAPI SynFloodDefend(char *temp); DWORD WINAPI SendRstThread(); void main( void ) { DWORDwerror; WSADATA wsadata; SOCKETlistensocket; HOSTENT *host; structsockaddr_in serv_listen; charhostname[128]; DWORD index=0; DWORD indextemp[64]; char * myip; intclen = sizeof(struct sockaddr); memset( &serv_listen , 0 , clen ); memset( &client ,0 , clen * 64 ); werror = WSAStartup( MAKEWORD(2,2) , &wsadata ); if( werror != 0 ) {printf("Load winsock dll failed!\n"); exit(0); } werror = gethostname( hostname , 20 ); if( werror == SOCKET_ERROR ) {printf( "Get host name error!\n" ); exit(0); } host=gethostbyname( hostname ); if( host == NULL ) {printf( "Get host by name failed!\n" ); exit(0); } listensocket = socket( AF_INET , SOCK_STREAM , IPPROTO_TCP ); if( listensocket == INVALID_SOCKET ) {printf( "Create listen socket error!\n" ); exit(0); } memcpy(&(serv_listen.sin_addr),host->h_addr,host->h_length); serv_listen.sin_family = AF_INET; serv_listen.sin_port = htons(16881); myip = inet_ntoa(serv_listen.sin_addr); werror=bind( listensocket , (struct sockaddr*)&serv_listen , clen); if( werror == SOCKET_ERROR ) {printf( "Bind error!\n" ); exit(0); } werror = listen( listensocket , 5 ); if( werror == SOCKET_ERROR ) {printf( " Socket listen error!\n" ); exit(0); } CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)SynFloodDefend, (PVOID)myip, 0, NULL ); while(1) {if( index == 64 ) index = 0; while( (TranSock[index] !=0xcccccccc) && (TranSock[index] !=-1) && (TranSock[index] !=0) ) { index++; if( index == 64 ) index = 0; } TranSock[index] = accept( listensocket , ( struct sockaddr * )&client[index] , &clen ); if( TranSock[index] == INVALID_SOCKET ) { printf( "Socket Accept Error: %d \n" , WSAGetLastError() ); closesocket( TranSock[index] ); TranSock[index] = 0; continue; } indextemp[index] = index; CreateThread( NULL, 0, (LPTHREAD_START_ROUTINE)Recv_Send_Thread, (PVOID)&indextemp[index], 0, NULL ); index++; } } DWORD WINAPI Recv_Send_Thread( DWORD* pindex ) { charrecvmem[1024]; charTimeFmr[] = "%d,%d/%d/%d %d:%d:%d GMT"; char MimeType[]="%s/%s"; char outtime[50]; charType[40]; longtimenow; structtm *currenttime; DWORDsocketindex = *( (DWORD *)pindex ); interrorcode = 0; DWORDsendbt=0; char headers[500]; charhdrFmt[]= "HTTP/1.0 200 OK\r\n" "Server: KIKI';s Web Server\r\n" "Date: %s\r\n" "Accept-Ranges: bytes\r\n" "Content-Length: %d\r\n" "Content-Type: %s\r\n\r\n"; memset( recvmem , 0 ,1024 ); errorcode = recv( TranSock[socketindex] , recvmem , 1024 , 0 ); if( errorcode == SOCKET_ERROR || errorcode == 0 ) {printf( "Recv Error: %d\n" , WSAGetLastError() ); printf("--------------------------------------------------------------------------------"); closesocket( TranSock[socketindex] ); TranSock[socketindex] = 0; return -1; } timenow = time( NULL ); currenttime = localtime( &timenow ); wsprintf( outtime , TimeFmr , currenttime->tm_wday , currenttime->tm_mday , ((currenttime->tm_mon)+1) , ((currenttime->tm_year)-100) , currenttime->tm_hour , currenttime->tm_min , currenttime->tm_sec ); printf( "%s\n" , recvmem ); FILE*fp; charsendfile[1400]; charfilename[50] = "index.htm"; chartempname[10] = "index.htm"; inti = 0; intj = 0; intk = 0; intlen; unsigned char c; memset( sendfile , 0 , 1400 ); strcpy( filename , tempname ); if( recvmem[5]!=32 ) { memset(filename,0,50); for(i=5;recvmem!=32;i++) filename[i-5]=recvmem; } fp = fopen( filename , "rb" ); if( fp == NULL ) {printf( "%s open file: %s error!\n" , inet_ntoa( client[socketindex].sin_addr ) , filename ); printf( "--------------------------------------------------------------------------------" ); closesocket( TranSock[socketindex] ); TranSock[socketindex] = 0; return -1; } for( i=0 ; i<50 ; i++ ) if( (filename==';:';) || (filename==';*';) || (filename==';%';) ) {printf( "Time:%s\n%s企图请求的页面文件：%s.文件大小：%d字节\n\n" , outtime , inet_ntoa(client[socketindex].sin_addr) , filename , i ); printf("\n--------------------------------------------------------------------------------"); closesocket(TranSock[socketindex]); TranSock[socketindex] = 0; return -1; } k = 0; i = 0; while( c=fgetc(fp) , !feof(fp) ) i++; j = i / 1400; len = strlen( filename ); if((filename[len-3]==';h';&&filename[len-2]==';t';&&filename[len-1]==';m';)||\ (filename[len-3]==';H';&&filename[len-2]==';T';&&filename[len-1]==';M';)||\ (filename[len-4]==';h';&&filename[len-3]==';t';&&filename[len-2]==';m';&&filename[len-1]==';l';)||\ (filename[len-4]==';H';&&filename[len-3]==';T';&&filename[len-2]==';M';&&filename[len-1]==';L';)||\ (filename[len-5]==';s';&&filename[len-4]==';h';&&filename[len-3]==';t';&&filename[len-2]==';m';&&filename[len-1]==';l';)||\ (filename[len-5]==';S';&&filename[len-4]==';H';&&filename[len-3]==';T';&&filename[len-2]==';M';&&filename[len-1]==';L';)) wsprintf(Type,MimeType,"text","html"); else if( (filename[len-3]==';j';&&filename[len-2]==';p';&&filename[len-1]==';g';)||\ (filename[len-3]==';J';&&filename[len-2]==';P';&&filename[len-1]==';G';)||\ (filename[len-3]==';j';&&filename[len-2]==';p';&&filename[len-1]==';e';)||\ (filename[len-3]==';J';&&filename[len-2]==';P';&&filename[len-1]==';E';)||\ (filename[len-4]==';j';&&filename[len-3]==';p';&&filename[len-2]==';e';&&filename[len-1]==';g';)||\ (filename[len-4]==';J';&&filename[len-3]==';P';&&filename[len-2]==';E';&&filename[len-1]==';G';)) wsprintf(Type,MimeType,"image","jpeg"); else if( (filename[len-3]==';g';&&filename[len-2]==';i';&&filename[len-1]==';f';)||\ (filename[len-3]==';G';&&filename[len-2]==';I';&&filename[len-1]==';F';)) wsprintf(Type,MimeType,"image","gif"); else if( (filename[len-3]==';c';&&filename[len-2]==';s';&&filename[len-1]==';s';)||\ (filename[len-3]==';C';&&filename[len-2]==';S';&&filename[len-1]==';S';)) wsprintf(Type,MimeType,"text","css"); else if( (filename[len-3]==';t';&&filename[len-2]==';x';&&filename[len-1]==';t';)||\ (filename[len-3]==';T';&&filename[len-2]==';X';&&filename[len-1]==';T';)) wsprintf(Type,MimeType,"text","plain"); else if( (filename[len-3]==';p';&&filename[len-2]==';d';&&filename[len-1]==';f';)||\ (filename[len-3]==';P';&&filename[len-2]==';D';&&filename[len-1]==';F';)) wsprintf(Type,MimeType,"application","pdf"); else if( (filename[len-3]==';s';&&filename[len-2]==';w';&&filename[len-1]==';f';)||\ (filename[len-3]==';S';&&filename[len-2]==';W';&&filename[len-1]==';F';)||\ (filename[len-3]==';c';&&filename[len-2]==';a';&&filename[len-1]==';b';)||\ (filename[len-3]==';C';&&filename[len-2]==';A';&&filename[len-1]==';B';)) wsprintf(Type,MimeType,"application","x-shockwave-flash"); else if( (filename[len-3]==';d';&&filename[len-2]==';o';&&filename[len-1]==';c';)||\ (filename[len-3]==';D';&&filename[len-2]==';O';&&filename[len-1]==';C';)||\ (filename[len-3]==';d';&&filename[len-2]==';o';&&filename[len-1]==';t';)||\ (filename[len-3]==';D';&&filename[len-2]==';O';&&filename[len-1]==';T';)) wsprintf(Type,MimeType,"application","msword"); else if( (filename[len-3]==';h';&&filename[len-2]==';l';&&filename[len-1]==';p';)||\ (filename[len-3]==';H';&&filename[len-2]==';L';&&filename[len-1]==';P';)||\ (filename[len-3]==';c';&&filename[len-2]==';h';&&filename[len-1]==';m';)||\ (filename[len-3]==';C';&&filename[len-2]==';H';&&filename[len-1]==';M';)) wsprintf(Type,MimeType,"application","mshelp"); else if( (filename[len-3]==';x';&&filename[len-2]==';l';&&filename[len-1]==';s';)||\ (filename[len-3]==';X';&&filename[len-2]==';L';&&filename[len-1]==';S';)||\ (filename[len-3]==';x';&&filename[len-2]==';l';&&filename[len-1]==';a';)||\ (filename[len-3]==';X';&&filename[len-2]==';L';&&filename[len-1]==';A';)) wsprintf(Type,MimeType,"application","msexcel"); else if( (filename[len-3]==';p';&&filename[len-2]==';p';&&filename[len-1]==';t';)||\ (filename[len-3]==';P';&&filename[len-2]==';P';&&filename[len-1]==';T';)||\ (filename[len-3]==';p';&&filename[len-2]==';p';&&filename[len-1]==';z';)||\ (filename[len-3]==';P';&&filename[len-2]==';P';&&filename[len-1]==';T';)||\ (filename[len-3]==';p';&&filename[len-2]==';p';&&filename[len-1]==';s';)||\ (filename[len-3]==';P';&&filename[len-2]==';P';&&filename[len-1]==';S';)||\ (filename[len-3]==';p';&&filename[len-2]==';o';&&filename[len-1]==';t';)||\ (filename[len-3]==';P';&&filename[len-2]==';O';&&filename[len-1]==';T';)) wsprintf(Type,MimeType,"application","mspowerpoint"); else if( (filename[len-3]==';b';&&filename[len-2]==';i';&&filename[len-1]==';n';)||\ (filename[len-3]==';B';&&filename[len-2]==';I';&&filename[len-1]==';N';)||\ (filename[len-3]==';e';&&filename[len-2]==';x';&&filename[len-1]==';e';)||\ (filename[len-3]==';E';&&filename[len-2]==';X';&&filename[len-1]==';E';)||\ (filename[len-3]==';c';&&filename[len-2]==';o';&&filename[len-1]==';m';)||\ (filename[len-3]==';C';&&filename[len-2]==';O';&&filename[len-1]==';M';)||\ (filename[len-3]==';d';&&filename[len-2]==';l';&&filename[len-1]==';l';)||\ (filename[len-3]==';D';&&filename[len-2]==';L';&&filename[len-1]==';L';)||\ (filename[len-5]==';c';&&filename[len-4]==';l';&&filename[len-3]==';a';&&filename[len-2]==';s';&&filename[len-1]==';s';)||\ (filename[len-5]==';C';&&filename[len-4]==';L';&&filename[len-3]==';A';&&filename[len-2]==';S';&&filename[len-1]==';S';)) wsprintf(Type,MimeType,"application","octet-stream"); else if( (filename[len-3]==';a';&&filename[len-2]==';v';&&filename[len-1]==';i';)||\ (filename[len-3]==';A';&&filename[len-2]==';V';&&filename[len-1]==';I';)) wsprintf(Type,MimeType,"video","x-msvideo"); else wsprintf(Type,MimeType,"*","*"); wsprintf(headers, hdrFmt, (const char*)outtime, i ,Type); printf( "Time:%s\n%s企图请求的页面文件：%s . 使用的套接字ID:Socket[%d]\n" , outtime , inet_ntoa(client[socketindex].sin_addr) , filename, socketindex ); sendbt = send( TranSock[socketindex] , headers , strlen(headers) , 0 ); fseek( fp , 0 , 0 ); for( i=0 ; i<=j ; i++ ) {while( c = fgetc(fp) , !feof(fp) ) {sendfile[k] = c; k++; if( k == 1400 ) {k=0; break; } } if( k == 0 ) {sendbt = send( TranSock[socketindex] , sendfile , 1400 , 0 ); } else {sendbt = send( TranSock[socketindex] , sendfile , k , 0 ); } } printf( "Socket[%d]数据传输完毕!\n\n" , socketindex ); fclose(fp); closesocket( TranSock[socketindex] ); TranSock[socketindex] = 0; return 0; } //****************************************************************** //使用原始套接字实现监听的线程,传递的参数为指向本机ip的字符指针 //****************************************************************** DWORD WINAPI SynFloodDefend( char*temp ) {SOCKETSnifferSocket; structsockaddr_in sa; charsniffmem[50]; inti = 0; DWORD flag=0; char MyIpFmr[]="%d.%d.%d.%d"; char MyIp[15]; flag = SnifferSocket = socket(AF_INET,SOCK_RAW,IPPROTO_IP); if ( flag == INVALID_SOCKET ) {printf( "socket error!\n" ); return -1; } memset(&sa , 0 , sizeof (struct sockaddr_in) ); sa.sin_addr.s_addr = inet_addr((char*)temp); sa.sin_family = AF_INET; sa.sin_port = htons(7000); flag = bind(SnifferSocket , (struct sockaddr *)&sa , sizeof(sa) ) ; if( flag == SOCKET_ERROR ) {printf( "Bind error!\n" ); return -1; } DWORD outbuf[10]; DWORD contrlflag = 1 ; DWORD dwBytesReturned = 0 ; flag = WSAIoctl( SnifferSocket, SIO_RCVALL, &contrlflag, sizeof(contrlflag), &outbuf, sizeof( outbuf ), &dwBytesReturned , NULL , NULL ); if( flag == SOCKET_ERROR ) { printf( "WSAIoctl Error!%d\n" , WSAGetLastError() ); return -1; } printf("Set OK!\n"); char ProType[15]; char ProFmr[] = "%s(%d)"; char Pro0[] = "IP"; char Pro1[] = "ICMP"; char Pro2[] = "IGMP"; char Pro6[] = "TCP"; char Pro17[] = "UDP"; char Pro255[]= "RAW"; char IpFmr[]= "%d.%d.%d.%d:%d"; char sourceip[25]; char destip[25]; unsigned short int sourceport=0; unsigned short int destport=0; while(TRUE) {memset(sniffmem,0,50); memset(ProType,0,15); memset(sourceip,0,25); memset(destip,0,25); memset(MyIp,0,15); recv( SnifferSocket , sniffmem , sizeof(sniffmem) , 0 ) ; wsprintf( MyIp , MyIpFmr ,(unsigned char)sniffmem[16], (unsigned char)sniffmem[17], (unsigned char)sniffmem[18], (unsigned char)sniffmem[19]); if(inet_addr((char*)temp) != inet_addr(MyIp) ) continue; else { sourceport = (unsigned char)sniffmem[20]; sourceport *= 0x100; sourceport += (unsigned char)sniffmem[21]; destport = (unsigned char)sniffmem[22]; destport *= 0x100; destport += (unsigned char)sniffmem[23]; wsprintf(sourceip,IpFmr,(unsigned char)sniffmem[12] , (unsigned char)sniffmem[13], (unsigned char)sniffmem[14],(unsigned char)sniffmem[15], sourceport); wsprintf(destip,IpFmr, (unsigned char)sniffmem[12+4] , (unsigned char)sniffmem[13+4], (unsigned char)sniffmem[14+4],(unsigned char)sniffmem[15+4], destport); printf("%s\t--->\t%s\n",sourceip,destip); if(sniffmem[9] == 6) wsprintf( ProType , ProFmr , Pro6 , 6 ); else if(sniffmem[9] == 17) wsprintf( ProType , ProFmr , Pro17 , 17 ); else if(sniffmem[9] == 1) wsprintf( ProType , ProFmr , Pro1 , 1 ); else if(sniffmem[9] == 0) wsprintf( ProType , ProFmr , Pro0 , 0 ); else if(sniffmem[9] == 255) wsprintf( ProType , ProFmr , Pro255 , 255 ); else if(sniffmem[9] == 2) wsprintf( ProType , ProFmr , Pro2 , 2 ); else wsprintf( ProType , ProFmr , "Unknown" , sniffmem[9] ); printf("协议类型: %s\n",ProType); if( (unsigned char)sniffmem[33] == 18 ) printf( "这是一个SYN包!\n" ); printf("\n"); } } closesocket(SnifferSocket); return 0; }

TOP

返回列表回复发帖

一个简单的静态web服务端程序(不断改进中)

一个简单的静态web服务端程序(不断改进中)

一个简单的静态web服务端程序(不断改进中)

[收藏此主题] [关注此主题的新回复]

[通过 QQ、MSN 分享给朋友]