psydT0ne Posted November 1, 2008 Share Posted November 1, 2008 Hey there... I'm looking around for an old script kiddy type tool/program that was created by a member of the Progenic.com crew, Dark Pain. Basically the program ran a web server that portscanned anyone connecting to your ip and then redirected them to any predetermined website that you choose. Like I said script kiddie, but it was useful. I think it was called servx or serverx...something like that. How hard would it be to code something like this? Quote Link to comment Share on other sites More sharing options...
Steve8x Posted November 5, 2008 Share Posted November 5, 2008 Hey there... I'm looking around for an old script kiddy type tool/program that was created by a member of the Progenic.com crew, Dark Pain. Basically the program ran a web server that portscanned anyone connecting to your ip and then redirected them to any predetermined website that you choose. Like I said script kiddie, but it was useful. I think it was called servx or serverx...something like that. How hard would it be to code something like this? I haven't ever heard of this program, but to answer your question. How hard is it to make? For what you want, its very simple. Since you don't even care about what the client(the web browser connecting to the server) is requesting, you don't have to interpret what you recieve, since you'll always sent the same response to redirect them to a different url... You kind of have the wrong idea though.. "portscanned" ? A server does not have to scan for anything, instead it "listens" for connections on the port its binded to! since web servers normally go on port 80, thats the port clients will connect to the server on. No port scanning required, you already know the port where connections will come through... I have made a simple web server app which does what you described... Its called "xServer" There are multiple ways of redirecting the client to a specified URL. I chose this method: send them some simple html that the browser will understand and reload the page to the new URL... <html><meta http-equiv="refresh" content="0;url=http://www.RedirectToHere.com"></html> putting that html on a web page will cause the page to "refresh" after 0 seconds, to RedirectToHere.com! ;) It works like this, you run it for the first time and it creates a default "config.ini" file, which contains the character "1" on the first line and the default site to redirect to, that being "http://www.google.com" the "1" means to write to the access log file! The access log file records the ip address, page requested, and HTTP version information from clients who connect to the server. Note that it doesn't matter what is requested, it isn't taken into consideration, it always just forwards them to the URL you specify in the edit box... an access log looks something like this: 127.0.0.1 -- 11/04/08 20:43:25 -- GET / HTTP/1.1 127.0.0.1 -- 11/04/08 20:43:57 -- GET / HTTP/1.1 67.159.45.52 -- 11/04/08 21:24:38 -- GET / HTTP/1.0 127.0.0.1 -- 11/04/08 21:26:31 -- GET / HTTP/1.1 127.0.0.1 -- 11/04/08 21:36:03 -- GET / HTTP/1.1 you can goto a proxy site like this as a test: proxypimp.com(only 1 I can ever remember lol) and type in your ip address(or domain name if you have one) and if you are port forwarded correctly(no firewalls blocking the port), you will see the redirection happen, and if you check your access.log it will show the ip address of the computer that connected along with the date and time, and what was requested ex. "GET /" is the root folder, and HTTP/1.1 is the version :P You can turn the access log recording off, by simply unchecking the box, remember to hit "save config" if you want to save your changes to the config file so you don't have to type the url in everytime or uncheck/check the box every time. it remembers your settings for you... You can also minimize the app to the system tray by simply minimizing it! closing the window with the [x] will terminate the program... Same with "Quit" on the tray menu when minimized... It's far from a full blown web server like apache, but it demonstrates how easy it can be for a simple web server... source code and binary:(exe is in Release folder) http://popeax.com/x/xServer.zip I have the server running now but not on port 80 like the released version is setup to run on. (port 80 is the default HTTP port, when you type a url in your browser like: http://www.google.com/ it connects to it on port 80... if you specify however: http://www.google.com:8080 it will instead try to connect on port 8080 http://popeax.com:1337 It should redirect you to a certain website... ;) [xServer.cpp] //xServer v1.0 a simple HTTP Server //Which redirects all requests //to a specified URL! //Written By Steve8x #include "xServer.h" using namespace std; xServer x; EZwindows ez; NOTIFYICONDATA* n = new NOTIFYICONDATA; char* url = new char[1024]; int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmd, int nCmdShow) { MSG Msg; WNDCLASSEX wc; ez.hInst = hInstance; HBRUSH ButtonFaceBrush = CreateSolidBrush(GetSysColor(COLOR_BTNFACE)); wc.cbSize = sizeof(WNDCLASSEX); wc.hInstance = hInstance; wc.lpszClassName = L"xServer_Class"; wc.lpfnWndProc = WndProc; wc.style = CS_DBLCLKS; wc.hIcon = LoadIcon(hInstance, MAKEINTRESOURCE(101)); wc.hIconSm = LoadIcon(hInstance, MAKEINTRESOURCE(101)); wc.hCursor = LoadCursor(0, IDC_ARROW); wc.lpszMenuName = NULL; wc.cbClsExtra = 0; wc.cbWndExtra = 0; wc.hbrBackground = ButtonFaceBrush; RegisterClassEx(&wc); // Initialize common controls library! ez.InitCommonCtrls(); InitFonts(); //Create the window hwnd = CreateWindowExA(0, "xServer_Class", "Server 1.0", WS_OVERLAPPED | WS_CAPTION | WS_SYSMENU | WS_MINIMIZEBOX | WS_CLIPSIBLINGS, CW_USEDEFAULT, CW_USEDEFAULT, 245, 145, HWND_DESKTOP, 0, hInstance, 0); hText = ez.text(hwnd, "Redirect clients to this URL:", 1, 1, 250, 20, 200); hEdit = ez.edit(hwnd, 1, 0, 0, 1, 18, 235, 20, 300); hStatus = ez.text(hwnd, "Status: Server Is Down!", 1, 40, 260, 20, 201); hStart = ez.button(hwnd, "Start Server", 1, 60, 75, 20, 420); hStop = ez.button(hwnd, "Stop Server", 80, 60, 75, 20, 421); hSave = ez.button(hwnd, "Save Config", 159, 60, 75, 20, 422); hCheck = ez.check(hwnd, "Write to access log", 1, 84, 148, 20, 500); SendMessage(hText, WM_SETFONT, (WPARAM)txtFont, 1); SendMessage(hEdit, WM_SETFONT, (WPARAM)editFont, 1); SendMessage(hStart, WM_SETFONT, (WPARAM)txtFont, 1); SendMessage(hStop, WM_SETFONT, (WPARAM)txtFont, 1); SendMessage(hSave, WM_SETFONT, (WPARAM)txtFont, 1); ReadIni(); EnableWindow(hStop, 0); //Show the window ShowWindow(hwnd, nCmdShow); UpdateWindow(hwnd); //Init winsock 2.2 WSADATA wsaData = {0}; WSAStartup(MAKEWORD(2, 2), &wsaData); while(GetMessage(&Msg, 0, 0, 0)) { TranslateMessage(&Msg); DispatchMessage(&Msg); } return Msg.wParam; } LRESULT CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam) { static UINT TaskbarRestart; switch (message) { case WM_CREATE: TaskbarRestart = RegisterWindowMessageA("TaskbarCreated"); break; case MSG_XTRAYICON: if(wParam != 0x13379) { break; } if(lParam == WM_LBUTTONUP) { n->uID = 0x13379; Shell_NotifyIcon(NIM_DELETE, n); ShowWindow(hwnd, SW_RESTORE); } else if(lParam == WM_RBUTTONUP) { HMENU menu = 0; menu = CreatePopupMenu(); AppendMenuA(menu, MF_STRING, IDM_SHOWWND, "Show"); AppendMenuA(menu, MF_STRING, IDM_TRAYABOUT, "About"); AppendMenuA(menu, MF_STRING, IDM_TRAYEXIT, "Quit"); POINT* p = new POINT; GetCursorPos(p); SetForegroundWindow(hwnd); TrackPopupMenu(menu, 0, p->x, p->y, 0, hwnd, 0); SendMessage(hwnd, WM_NULL, 0, 0); } break; case WM_COMMAND: if(wParam == IDM_SHOWWND) { n->uID = 0x13379; Shell_NotifyIcon(NIM_DELETE, n); ShowWindow(hwnd, SW_RESTORE); } else if(wParam == IDM_TRAYABOUT) { MessageBoxA(0, "xServer 1.0 © 2008\n\nCoded by Steve8x", "About", MB_OK); } else if(wParam == IDM_TRAYEXIT) { Shell_NotifyIcon(NIM_DELETE, n); Running = 0; x.Close(client); x.Close(x.servsock); SetWindowTextA(hStatus, "Status: Server Is Down!"); EnableWindow(hStart, 1); EnableWindow(hStop, 0); ExitProcess(0); } if(wParam == 420) { if(!Running) { Running = 1; x.StartServer(80); //Server Should Run On Port 80! CreateThread(0, 0, (LPTHREAD_START_ROUTINE)&ListenThread, 0, 0, 0); SetWindowTextA(hStatus, "Status: Server Up And Running!"); EnableWindow(hStart, 0); EnableWindow(hStop, 1); } } else if(wParam == 421) { if(Running) { Running = 0; x.Close(client); x.Close(x.servsock); SetWindowTextA(hStatus, "Status: Server Is Down!"); EnableWindow(hStart, 1); EnableWindow(hStop, 0); } } else if(wParam == 422) { SaveIni(); } else if(wParam == 500) { LRESULT l = SendMessage(hCheck, BM_GETCHECK, 0, 0); if(l == BST_CHECKED) { x.WriteToLog = 1; } else { x.WriteToLog = 0; } SaveIni(); } else if(HIWORD(wParam) == EN_CHANGE) { if(LOWORD(wParam) == 300) { ZeroMemory(url, 1024); GetWindowTextA(hEdit, url, 1024); } } break; case WM_LBUTTONDOWN: //I do this for all my app's I like dragging the window from anywhere SendMessage(hWnd, WM_NCLBUTTONDOWN, HTCAPTION, lParam); break; case WM_CTLCOLORSTATIC: SetBkMode((HDC)wParam, TRANSPARENT); return (LRESULT)GetStockObject(COLOR_BTNFACE); break; case WM_SYSCOMMAND: if(wParam == 0xF020)// window was minimized so send app to tray! { MinimizeToTray(); break; } return DefWindowProc(hWnd, message, wParam, lParam); case WM_CLOSE: delete[] url; DeleteObject(txtFont); DeleteObject(editFont); WSACleanup(); PostQuitMessage(0); break; default: if(message == TaskbarRestart) { MinimizeToTray(); } return DefWindowProc (hWnd, message, wParam, lParam); } return 0; } void ListenThread() { for(;; Sleep(10)) { client = x.Accept(); if(Running == 0) { ExitThread(0); } if(client != INVALID_SOCKET) { OutputDebugStringA("Client Connected!"); CreateThread(0, 0, (LPTHREAD_START_ROUTINE)&RedirectClient, 0, 0, 0); } } } void RedirectClient() { SOCKET tmpsock = client; char* tmp = new char[1024]; char xdate[9]; char xtime[9]; int contentlen = 0; string recvdata = ""; string senddata = ""; string logstring = ""; _strdate(xdate); _strtime(xtime); sprintf(tmp, RedirectCode, url); contentlen = strlen(tmp); senddata.assign(tmp); sprintf(tmp, HTTPheader, xdate, xtime, contentlen); senddata.insert(0, tmp); recvdata = recvx(tmpsock); sendx(tmpsock, senddata); size_t strsize; strsize = recvdata.find("Host"); if(x.WriteToLog == TRUE) { f = fopen("access.log", "ab"); fwrite(recvdata.c_str(), strsize, 1, f); fclose(f); } x.Close(client); delete[] tmp; } void InitFonts() { lFont.lfHeight = 14; lFont.lfWeight = 420; wcscpy(lFont.lfFaceName, L"MS Sans Serif"); txtFont = CreateFontIndirect(&lFont); lFont.lfHeight = 16; lFont.lfWeight = 420; wcscpy(lFont.lfFaceName, L"Terminal"); editFont = CreateFontIndirect(&lFont); } long getfilesize(FILE* file) { long temp; fseek(f, 0, SEEK_END); temp = ftell(f); rewind(f); return temp; } void ReadIni() { ZeroMemory(url, 1000); f = fopen("config.ini", "rb"); if(!f) { //if it doesn't exist yet save the default config f = fopen("config.ini", "wb"); strcpy(url, "http://www.google.com"); fwrite("1\r\n", 3, 1, f); fwrite(url, strlen(url), 1, f); fclose(f); x.WriteToLog = 1; SendMessage(hCheck, BM_SETCHECK, 1, 0); } else { long StrSize = getfilesize(f); fread(url, 3, 1, f); if(url[0] == '1') { SendMessage(hCheck, BM_SETCHECK, 1, 0); x.WriteToLog = 1; } fread(url, StrSize, 1, f); fclose(f); } SetWindowTextA(hEdit, url); } void SaveIni() { f = fopen("config.ini", "wb"); if(x.WriteToLog == TRUE) fwrite("1\r\n", 3, 1, f); else fwrite("0\r\n", 3, 1, f); fwrite(url, strlen(url), 1, f); fclose(f); } void MinimizeToTray() { n->cbSize = sizeof(NOTIFYICONDATA); n->hWnd = hwnd; n->uFlags = NIF_ICON | NIF_MESSAGE | NIF_TIP; n->uCallbackMessage = MSG_XTRAYICON; n->hIcon = (HICON)LoadImage(GetModuleHandle(0), MAKEINTRESOURCE(101), IMAGE_ICON, 16, 16, 0); n->uID = 0x13379; wcscpy(n->szTip, L"xServer 1.0"); Shell_NotifyIcon(NIM_ADD, n); ShowWindow(hwnd, SW_MINIMIZE); ShowWindow(hwnd, SW_HIDE); } Quote Link to comment Share on other sites More sharing options...
ls Posted November 5, 2008 Share Posted November 5, 2008 here is it in python # ls # 2008-11-05 import socket,sys,time port = input("port : ") url = raw_input("redirect to : ") s=socket.socket() s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) print "[-] started listener on port ",port s.bind(("",port)) s.listen(5) s.settimeout(None) connectionsfile = open("connections.txt",'a') newline = """ """ def pscan(ip): print "[-] started portscan for "+ip for port in range(20,2000): sockfd = socket.socket(socket.AF_INET, socket.SOCK_STREAM) con = sockfd.connect_ex((ip , port)) if con == 0: print "[",ip,"] port ",port , " is open" else: pass html1 = '<html><meta http-equiv="refresh" content="0;url=' html2 = url html3 = '"></html>' html = html1+html2+html3 while 1: try: (fd, addr)=s.accept() (ip,port) = addr print "[-] got connection from "+ip connectionsfile.write((str(time.asctime(time.localtime()))+" : "+ip)) connectionsfile.write(newline) connectionsfile.flush() fd.send(html) fd.close() pscan(ip) except KeyboardInterrupt: sys.exit() it listens to the specified port, writes the connections to a file <connections.txt> then starts a portscan on the client and shows the open ports Quote Link to comment Share on other sites More sharing options...
bobisn'tabuilder Posted November 7, 2008 Share Posted November 7, 2008 ls were did you learn about python and internet and other modules. I'm just interested and would like to learn I already know python. Quote Link to comment Share on other sites More sharing options...
ls Posted November 7, 2008 Share Posted November 7, 2008 well i just think about a program i would like to make and then search google for information i started with this : http://hetland.org/writing/instant-hacking.html and for internet and networking this : http://www.amk.ca/python/howto/sockets/ a lot of information can be found in the python docs : http://www.python.org/doc/2.5.2/ feel free to PM me with questions, I will try to answer them the best I can Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.