Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
/*
2
 * Copyright (c) 2007 H D Moore <hdm [at] metasploit.com>  
3
 * This file is part of the Metasploit Framework.
4
 * $Revision$
5
 */
6

7
#include <sys/types.h>
8
#include <sys/param.h>
9
#include <sys/stat.h>
10
#include <stdlib.h>
11
#include <limits.h>
12
#include <unistd.h>
13
#include <string.h>
14
#include <errno.h>
15
#include <stdio.h>
16
#include <dirent.h>
17
#include <pwd.h>
18
#include <grp.h>
19
#include <sys/fcntl.h>
20
#include <sys/socket.h>
21
#include <arpa/inet.h>
22
#include <netdb.h>
23

24
#include "cmd.h"
25

26
void cmd_download(int argc, char * argv[])
27
{
28
	int src, dst, len, i;
29
	char buff[4096];
30
	char *path, *p, *t;
31
	char *uri;
32
	char *host;
33
	struct sockaddr_in server;
34
	struct hostent *haddr;
35
	int port  = 80;
36
	int dmode =  0;
37
	int off   =  0;
38
	int clen  =  0;
39
	int tot   =  0;
40
	
41
	// src == socket
42
	p = strstr(argv[1], "http://");
43
	if( p == NULL) {
44
		printf("The url must start with http://\n");
45
		return;
46
	}
47
	
48
	p+=7;
49
	
50
	t = strstr(p, "/");
51
	if (t == NULL) {
52
		printf("The url must contain a path\n");
53
		return;
54
	}
55
	
56
	uri = strdup(t);
57
	*t = '\0';
58
	
59
	t = strstr(p, ":");
60
	if (t != NULL) {
61
		*t = '\0';
62
		t++;
63
		port = atoi(t);
64
	}
65
	
66
	host = strdup(p);
67
	
68
	sprintf(buff, "GET %s HTTP/1.0\r\nHost: %s:%d\r\nConnection: Close\r\nUser-Agent: iPwn\r\n\r\n", uri, host, port);
69
	
70
	if( ( haddr = gethostbyname(host) ) == NULL ) {
71
		free(host);
72
		perror("gethostbyname");
73
		return;
74
	}
75
		
76
	free(host);
77

78
	if (port < 1 || port > 65535) {
79
		free(uri);
80
		perror("invalid port");
81
		return;
82
	}
83

84
  	if( ( src = socket ( PF_INET, SOCK_STREAM, IPPROTO_TCP ) ) < 0 ) {
85
		free(uri);		
86
		perror("socket");
87
		return;
88
	}
89

90
  	memset ( &server, 0, sizeof( server ) );
91
  	server.sin_family = AF_INET;
92
  	server.sin_addr.s_addr = *( ( unsigned long * ) haddr->h_addr );
93
  	server.sin_port = htons ( port );
94

95
  	if( connect ( src, ( struct sockaddr * )&server, sizeof( server ) ) < 0 ) {
96
		free(uri);		
97
		close(src);
98
		perror("connect");
99
		return;
100
	}
101

102
  	if( send( src, buff, strlen(buff), 0 ) != strlen(buff) ) {
103
		free(uri);		
104
		close(src);
105
		perror("send");
106
		return;
107
	}
108
		
109
	path = strdup(argv[2]);
110
	dst = open(path, O_RDWR | O_CREAT | O_TRUNC, S_IRWXU);
111
	if (dst == -1) {
112
		
113
		if(errno == EISDIR)  {
114
			t = strrchr(uri, '/');
115
			if (t != NULL) {
116
				t++;
117
				if(strlen(t) == 0) {
118
					free(uri);
119
					t = "download.out";
120
				}
121
			} else {
122
				t = uri;
123
			}
124
			
125
			p = malloc(strlen(path) + strlen(t) + 2);
126
			sprintf(p, "%s/%s", path, t);
127
			free(path);
128
			path = p;
129

130
			dst = open(path, O_RDWR | O_CREAT | O_TRUNC, S_IRWXU);
131
			if ( dst == -1 ) {
132
				close(src);
133
				free(path);
134
				free(uri);
135
				perror("open(dst)");
136
				return;
137
			}
138
			
139
		} else {
140
			close(src);
141
			free(path);
142
			free(uri);
143
			perror("open(dst)");
144
			return;
145
		}
146
	}
147

148
	free(uri);
149
	
150
	memset(buff, 0, sizeof(buff));	
151
	off = 0;
152
	tot = 0;
153
	while (dmode == 0) {
154
		
155
		if (sizeof(buff)-1-off <= 0)
156
			break;
157

158
		len = read(src, buff+off, sizeof(buff)-1-off);
159
		
160
		if (len == -1) break;
161
		if (len ==  0) break;
162
		off += len;
163
		
164
		p = strstr(buff, "Content-Length:");
165
		
166
		if (p) {
167
			p += 15;
168
			clen = atoi(p);
169
		}
170
		
171
		t = strstr(buff, "\r\n\r\n");		
172
		if (t) {		
173
			dmode = 1;
174
			*t = '\0';
175
			t += 4;
176

177
			i = (int) ((buff + off) - t);
178
			write(dst, t, i);
179
			tot += i;
180
		}
181
	}
182

183
	printf("\n====================\n");
184
	printf("HTTP Server Response\n");
185
	printf("====================\n\n%s\n\n",buff);
186
	
187
	if(! dmode || clen < 0) {
188
		printf("could not parse the server response\n");
189
		close(src);
190
		close(dst);
191
		unlink(path);
192
		free(path);
193
		return;
194
	}
195
	
196
	if(clen > 0) {
197
		printf("Receiving %d bytes...\n", clen);
198
		while(clen > 0 && len > 0) {
199
			len = read(src, buff, sizeof(buff));
200
			if (len > 0) {
201
				write(dst, buff, len);
202
				tot += len;
203
			}
204
			clen -= len;
205
		}
206
	} else {
207
		printf("Receiving data...\n");
208
		while(len > 0) {
209
			len = read(src, buff, sizeof(buff));
210
			if (len > 0) {
211
				write(dst, buff, len);
212
				tot += len;
213
			}
214
		}		
215
	}
216

217
	printf("Received %d bytes\n", tot);
218
	
219
	close(src);
220
	close(dst);
221

222
	chmod(path, 0755);
223
	free(path);
224
}
225

226