Jump to content

Looking for an old program...maybe you can help?


psydT0ne

Recommended Posts

Hey there...

I'm looking around for an old script kiddy type tool/program that was created by a member of the Progenic.com crew, Dark Pain.

Basically the program ran a web server that portscanned anyone connecting to your ip and then redirected them to any predetermined website that you choose.

Like I said script kiddie, but it was useful.

I think it was called servx or serverx...something like that.

How hard would it be to code something like this?

Link to comment
Share on other sites

Hey there...

I'm looking around for an old script kiddy type tool/program that was created by a member of the Progenic.com crew, Dark Pain.

Basically the program ran a web server that portscanned anyone connecting to your ip and then redirected them to any predetermined website that you choose.

Like I said script kiddie, but it was useful.

I think it was called servx or serverx...something like that.

How hard would it be to code something like this?

I haven't ever heard of this program, but to answer your question. How hard is it to make? For what you want, its very simple. Since you don't even care about what the client(the web browser connecting to the server) is requesting, you don't have to interpret what you recieve, since you'll always sent the same response to redirect them to a different url...

You kind of have the wrong idea though.. "portscanned" ?

A server does not have to scan for anything, instead it "listens" for connections on the port its binded to! since web servers normally go on port 80, thats the port clients will connect to the server on. No port scanning required, you already know the port where connections will come through...

I have made a simple web server app which does what you described...

Its called "xServer"

There are multiple ways of redirecting the client to a specified URL. I chose this method:

send them some simple html that the browser will understand and reload the page to the new URL...

<html><meta http-equiv="refresh" content="0;url=http://www.RedirectToHere.com"></html>

putting that html on a web page will cause the page to "refresh" after 0 seconds, to RedirectToHere.com! ;)

xServer.png

It works like this, you run it for the first time and it creates a default "config.ini" file, which contains the character "1" on the first line and the default site to redirect to, that being "http://www.google.com"

the "1" means to write to the access log file!

The access log file records the ip address, page requested, and HTTP version information from clients who connect to the server. Note that it doesn't matter what is requested, it isn't taken into consideration, it always just forwards them to the URL you specify in the edit box...

an access log looks something like this:

127.0.0.1 -- 11/04/08 20:43:25 -- GET / HTTP/1.1
127.0.0.1 -- 11/04/08 20:43:57 -- GET / HTTP/1.1
67.159.45.52 -- 11/04/08 21:24:38 -- GET / HTTP/1.0
127.0.0.1 -- 11/04/08 21:26:31 -- GET / HTTP/1.1
127.0.0.1 -- 11/04/08 21:36:03 -- GET / HTTP/1.1

you can goto a proxy site like this as a test: proxypimp.com(only 1 I can ever remember lol) and type in your ip address(or domain name if you have one) and if you are port forwarded correctly(no firewalls blocking the port), you will see the redirection happen, and if you check your access.log it will show the ip address of the computer that connected along with the date and time, and what was requested ex. "GET /" is the root folder, and HTTP/1.1 is the version :P

You can turn the access log recording off, by simply unchecking the box, remember to hit "save config" if you want to save your changes to the config file so you don't have to type the url in everytime or uncheck/check the box every time. it remembers your settings for you...

You can also minimize the app to the system tray by simply minimizing it! closing the window with the [x] will terminate the program... Same with "Quit" on the tray menu when minimized...

It's far from a full blown web server like apache, but it demonstrates how easy it can be for a simple web server...

source code and binary:(exe is in Release folder)

http://popeax.com/x/xServer.zip

I have the server running now but not on port 80 like the released version is setup to run on. (port 80 is the default HTTP port, when you type a url in your browser like: http://www.google.com/ it connects to it on port 80... if you specify however: http://www.google.com:8080 it will instead try to connect on port 8080

http://popeax.com:1337

It should redirect you to a certain website... ;)

[xServer.cpp]

//xServer v1.0 a simple HTTP Server
//Which redirects all requests
//to a specified URL!
//Written By Steve8x
#include "xServer.h"

using namespace std;

xServer x;
EZwindows ez;

NOTIFYICONDATA* n = new NOTIFYICONDATA;
char* url = new char[1024];

int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmd, int nCmdShow)
{
    MSG Msg;
    WNDCLASSEX wc;

    ez.hInst = hInstance;

    HBRUSH ButtonFaceBrush = CreateSolidBrush(GetSysColor(COLOR_BTNFACE));

    wc.cbSize = sizeof(WNDCLASSEX);
    wc.hInstance = hInstance;
    wc.lpszClassName = L"xServer_Class";
    wc.lpfnWndProc = WndProc;
    wc.style = CS_DBLCLKS;
    wc.hIcon = LoadIcon(hInstance, MAKEINTRESOURCE(101));
    wc.hIconSm = LoadIcon(hInstance, MAKEINTRESOURCE(101));
    wc.hCursor = LoadCursor(0, IDC_ARROW);
    wc.lpszMenuName = NULL;
    wc.cbClsExtra = 0;
    wc.cbWndExtra = 0;          
    wc.hbrBackground = ButtonFaceBrush;
    
    RegisterClassEx(&wc);

    // Initialize common controls library!
    ez.InitCommonCtrls();

    InitFonts();
    
    //Create the window
    hwnd = CreateWindowExA(0, "xServer_Class", "Server 1.0", WS_OVERLAPPED | WS_CAPTION | WS_SYSMENU | WS_MINIMIZEBOX | WS_CLIPSIBLINGS,
            CW_USEDEFAULT, CW_USEDEFAULT, 245, 145, HWND_DESKTOP, 0, hInstance, 0);

    hText = ez.text(hwnd, "Redirect clients to this URL:", 1, 1, 250, 20, 200);
    hEdit = ez.edit(hwnd, 1, 0, 0, 1, 18, 235, 20, 300);
    hStatus = ez.text(hwnd, "Status: Server Is Down!", 1, 40, 260, 20, 201);

    hStart = ez.button(hwnd, "Start Server", 1, 60, 75, 20, 420);
    hStop = ez.button(hwnd, "Stop Server", 80, 60, 75, 20, 421);
    hSave = ez.button(hwnd, "Save Config", 159, 60, 75, 20, 422);

    hCheck = ez.check(hwnd, "Write to access log", 1, 84, 148, 20, 500);

    SendMessage(hText, WM_SETFONT, (WPARAM)txtFont, 1);
    SendMessage(hEdit, WM_SETFONT, (WPARAM)editFont, 1);
    SendMessage(hStart, WM_SETFONT, (WPARAM)txtFont, 1);
    SendMessage(hStop, WM_SETFONT, (WPARAM)txtFont, 1);
    SendMessage(hSave, WM_SETFONT, (WPARAM)txtFont, 1);

    ReadIni();

    EnableWindow(hStop, 0);

    //Show the window
    ShowWindow(hwnd, nCmdShow);
    UpdateWindow(hwnd);
    
    //Init winsock 2.2
    WSADATA wsaData = {0};
    WSAStartup(MAKEWORD(2, 2), &wsaData);

    
    while(GetMessage(&Msg, 0, 0, 0))
    {
        TranslateMessage(&Msg);
        DispatchMessage(&Msg);
    }
    return Msg.wParam;


}

LRESULT CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
{
    static UINT TaskbarRestart;

    switch (message)
    {   
        case WM_CREATE:
            TaskbarRestart = RegisterWindowMessageA("TaskbarCreated");
            break;

        case MSG_XTRAYICON:
            if(wParam != 0x13379)
            {
                break;
            }
            if(lParam == WM_LBUTTONUP)
            {
                n->uID = 0x13379;
                Shell_NotifyIcon(NIM_DELETE, n);
                ShowWindow(hwnd, SW_RESTORE);
            }
            else if(lParam == WM_RBUTTONUP)
            {
                HMENU menu = 0;
                menu = CreatePopupMenu();
                AppendMenuA(menu, MF_STRING, IDM_SHOWWND, "Show");
                AppendMenuA(menu, MF_STRING, IDM_TRAYABOUT, "About");
                AppendMenuA(menu, MF_STRING, IDM_TRAYEXIT, "Quit");
                
                POINT* p = new POINT;
                GetCursorPos(p);
                SetForegroundWindow(hwnd);
                TrackPopupMenu(menu, 0, p->x, p->y, 0, hwnd, 0);
                SendMessage(hwnd, WM_NULL, 0, 0);
            }
            break;

        case WM_COMMAND:
            if(wParam == IDM_SHOWWND)
            {
                n->uID = 0x13379;
                Shell_NotifyIcon(NIM_DELETE, n);
                ShowWindow(hwnd, SW_RESTORE);
            }
            else if(wParam == IDM_TRAYABOUT)
            {
                MessageBoxA(0, "xServer 1.0 © 2008\n\nCoded by Steve8x", "About", MB_OK);
            }
            else if(wParam == IDM_TRAYEXIT)
            {
                Shell_NotifyIcon(NIM_DELETE, n);
                    
                Running = 0;
                x.Close(client);
                x.Close(x.servsock);
                SetWindowTextA(hStatus, "Status: Server Is Down!");
                EnableWindow(hStart, 1);
                EnableWindow(hStop, 0);
                ExitProcess(0);
            }
            if(wParam == 420)
            {
                if(!Running)
                {
                    Running = 1;
                    x.StartServer(80); //Server Should Run On Port 80!
                    CreateThread(0, 0, (LPTHREAD_START_ROUTINE)&ListenThread, 0, 0, 0);
                    SetWindowTextA(hStatus, "Status: Server Up And Running!");
                    EnableWindow(hStart, 0);
                    EnableWindow(hStop, 1);
                }
            }
            else if(wParam == 421)
            {
                if(Running)
                {
                    Running = 0;
                    x.Close(client);
                    x.Close(x.servsock);
                    SetWindowTextA(hStatus, "Status: Server Is Down!");
                    EnableWindow(hStart, 1);
                    EnableWindow(hStop, 0);
                }
            }
            else if(wParam == 422)
            {
                SaveIni();
            }
            else if(wParam == 500)
            {
                LRESULT l = SendMessage(hCheck, BM_GETCHECK, 0, 0);
                if(l == BST_CHECKED)
                {
                    x.WriteToLog = 1;
                }
                else
                {
                    x.WriteToLog = 0;
                }
                SaveIni();
            }
            else if(HIWORD(wParam) == EN_CHANGE)
            {
                if(LOWORD(wParam) == 300)
                {
                    ZeroMemory(url, 1024);
                    GetWindowTextA(hEdit, url, 1024);
                }
            }

            break;
            
        case WM_LBUTTONDOWN: //I do this for all my app's I like dragging the window from anywhere
            SendMessage(hWnd, WM_NCLBUTTONDOWN, HTCAPTION, lParam);
            break;
                            
        case WM_CTLCOLORSTATIC:
            SetBkMode((HDC)wParam, TRANSPARENT);
            return (LRESULT)GetStockObject(COLOR_BTNFACE);
            break;

        case WM_SYSCOMMAND:
            if(wParam == 0xF020)// window was minimized so send app to tray!
            {
                MinimizeToTray();
                break;
            }
            return DefWindowProc(hWnd, message, wParam, lParam);
            
        case WM_CLOSE:
            delete[] url;
            DeleteObject(txtFont);
            DeleteObject(editFont);
            WSACleanup();
            PostQuitMessage(0);
            break;
            
        default:  
            if(message == TaskbarRestart)
            {
                MinimizeToTray();
            }
            return DefWindowProc (hWnd, message, wParam, lParam);
    }
    return 0;
}

void ListenThread()
{
    for(;; Sleep(10))
    {
        client = x.Accept();

        if(Running == 0)
        {
            ExitThread(0);
        }
        if(client != INVALID_SOCKET)
        {
            OutputDebugStringA("Client Connected!");
            CreateThread(0, 0, (LPTHREAD_START_ROUTINE)&RedirectClient, 0, 0, 0);
        }
    }
}

void RedirectClient()
{
    SOCKET tmpsock = client;
    char* tmp = new char[1024];
    char xdate[9];
    char xtime[9];
    int contentlen = 0;
    string recvdata = "";
    string senddata = "";
    string logstring = "";

    _strdate(xdate);
    _strtime(xtime);

    sprintf(tmp, RedirectCode, url);
    contentlen = strlen(tmp);
    senddata.assign(tmp);

    sprintf(tmp, HTTPheader, xdate, xtime, contentlen);
    senddata.insert(0, tmp);

    recvdata = recvx(tmpsock);
    sendx(tmpsock, senddata);

    size_t strsize;
    strsize = recvdata.find("Host");

    if(x.WriteToLog == TRUE)
    {
        f = fopen("access.log", "ab");
        fwrite(recvdata.c_str(), strsize, 1, f);
        fclose(f);
    }

    x.Close(client);

    delete[] tmp;
}

void InitFonts()
{
    lFont.lfHeight = 14;
    lFont.lfWeight = 420;
    wcscpy(lFont.lfFaceName, L"MS Sans Serif");

    txtFont = CreateFontIndirect(&lFont);

    lFont.lfHeight = 16;
    lFont.lfWeight = 420;
    wcscpy(lFont.lfFaceName, L"Terminal");

    editFont = CreateFontIndirect(&lFont);
}

long getfilesize(FILE* file)
{
    long temp;

    fseek(f, 0, SEEK_END);
    temp = ftell(f);
    rewind(f);

    return temp;
}

void ReadIni()
{
    ZeroMemory(url, 1000);
    f = fopen("config.ini", "rb");
    if(!f)
    {
        //if it doesn't exist yet save the default config
        f = fopen("config.ini", "wb");
        strcpy(url, "http://www.google.com");
        fwrite("1\r\n", 3, 1, f);
        fwrite(url, strlen(url), 1, f);
        fclose(f);

        x.WriteToLog = 1;
        SendMessage(hCheck, BM_SETCHECK, 1, 0);

    }
    else
    {
        long StrSize = getfilesize(f);
        fread(url, 3, 1, f);
        if(url[0] == '1')
        {
            SendMessage(hCheck, BM_SETCHECK, 1, 0);
            x.WriteToLog = 1;
        }
        fread(url, StrSize, 1, f);
        fclose(f);
    }

    SetWindowTextA(hEdit, url);
}

void SaveIni()
{
    f = fopen("config.ini", "wb");
    
    if(x.WriteToLog == TRUE)
        fwrite("1\r\n", 3, 1, f);
    else
        fwrite("0\r\n", 3, 1, f);

    fwrite(url, strlen(url), 1, f);
    fclose(f);
}

void MinimizeToTray()
{
    n->cbSize = sizeof(NOTIFYICONDATA);
    n->hWnd = hwnd;
    n->uFlags = NIF_ICON | NIF_MESSAGE | NIF_TIP;
    n->uCallbackMessage = MSG_XTRAYICON;
    n->hIcon = (HICON)LoadImage(GetModuleHandle(0), MAKEINTRESOURCE(101), IMAGE_ICON, 16, 16, 0);
    n->uID = 0x13379;
    wcscpy(n->szTip, L"xServer 1.0");
    Shell_NotifyIcon(NIM_ADD, n);
    
    ShowWindow(hwnd, SW_MINIMIZE);
    ShowWindow(hwnd, SW_HIDE);
}

Link to comment
Share on other sites

here is it in python

# ls 
# 2008-11-05
import socket,sys,time
port = input("port : ")
url = raw_input("redirect to : ")
s=socket.socket()
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
print "[-] started listener on port ",port
s.bind(("",port))
s.listen(5)
s.settimeout(None)
connectionsfile = open("connections.txt",'a')
newline = """
"""
def pscan(ip):
    print "[-] started portscan for "+ip 
    for port in range(20,2000):
        sockfd = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        con = sockfd.connect_ex((ip , port))
        if con == 0:
            print "[",ip,"] port ",port , " is open"
        else:
            pass
html1 = '<html><meta http-equiv="refresh" content="0;url='
html2 = url
html3 = '"></html>'
html = html1+html2+html3
while 1:
    try:
        (fd, addr)=s.accept()
        (ip,port) = addr
        print "[-] got connection from "+ip
        connectionsfile.write((str(time.asctime(time.localtime()))+" : "+ip))
        connectionsfile.write(newline)
        connectionsfile.flush()
        fd.send(html)
        fd.close()
        pscan(ip)
    except KeyboardInterrupt:
        sys.exit()

it listens to the specified port, writes the connections to a file <connections.txt> then starts a portscan on the client and shows the open ports

Link to comment
Share on other sites

well i just think about a program i would like to make and then search google for information

i started with this : http://hetland.org/writing/instant-hacking.html

and for internet and networking this : http://www.amk.ca/python/howto/sockets/

a lot of information can be found in the python docs : http://www.python.org/doc/2.5.2/

feel free to PM me with questions, I will try to answer them the best I can

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...