此博客仅用于记录个人学习进度,学识浅薄,若有错误观点欢迎评论区指出。欢迎各位前来交流。(部分材料来源网络,若有侵权,立即删除)
本人博客所有文章纯属学习之用,不涉及商业利益。不合适引用,自当删除!
若被用于非法行为,与我本人无关
讲解
远程控制系统
- 客户端接收用户输入的命令,客户端通过套接字将命令传送给服务器端,
- 服务器在收到用户的命令,对命令进行解析
- 在服务器端调用对应的命令
- 并将命令执行的结果发送给客户端,从而实现远距离控制的功能
- 注:远程控制系统、木马、僵尸程序都属于远程控制类程序
工作原理
- List item
原理讲解
- TCP套接字编程
- 无连接的服务
- 流程图
客户端代码分析
- 定义变量
#include<stdlib.h>
#include<stdio.h>
#include<sys/socket.h>
#include<netdb.h>
#include<string.h>
#include<unistd.h>
#include<netinet/in.h>
#include<arpa/inet.h>
#define BUF_SIZE 2048
#define PORT 8900
int main(int argc,char** argv)
{
struct sockaddr_in server;
int ret;
int len;
int port;
int sockfd;
int sendnum;
int recvnum;
char send_buf[BUF_SIZE];
char recv_buf[BUF_SIZE];
port=PORT;
memset(send_buf,0,2048);
memset(recv_buf,0,2048);
- 建立套接字
port=PORT;
memset(send_buf,0,2048);
memset(recv_buf,0,2048);
if (-1==(sockfd=socket(AF_INET,SOCK_STREAM,0)))
{
perror("can not create socket\n");
exit(1);
}
- 将服务器的IP地址和端口号赋给套接字
memset(&server,0,sizeof(struct sockaddr_in));
server.sin_family = AF_INET;
server.sin_addr.s_addr = inet_addr(argv[1]);
server.sin_port = htons(port);
- 和服务器建立连接
if (0>(ret=connect(sockfd,(struct sockaddr*)&server,sizeof(struct sockaddr))))
{
perror("connect error");
close(sockfd);
exit(1);
}
- 进入循环
while(1)
{
memset(send_buf,0,2048);
memset(recv_buf,0,2048);
printf("tcp>");
gets(send_buf);
printf("\n");
len = sizeof(struct sockaddr);
- 收到quit命令退出
if (0>(len=send(sockfd,send_buf,strlen(send_buf),0)))
{
perror("error occar in sending data\n");
break;
}
if (0==strcmp(send_buf,"quit"))
{
perror("quitting remote ctroling\n");
break;
}
- 接收服务器端信息并打印,以及服务器宕机情况说明
if (0>(recvnum=recv(sockfd,recv_buf,2048,0)))
{
perror("recv data error\n");
break;
}
if(recvnum==0){
perror("server is done!\n");
exit(0);
}
fprintf(stdout,"%s\n",recv_buf);
}
- 结束循环,退出
close(sockfd);
exit(1);
}
服务端代码分析
- 定义变量
#include<stdlib.h>
#include<stdio.h>
#include<sys/socket.h>
#include<netdb.h>
#include<string.h>
#include<unistd.h>
#include<netinet/in.h>
#include<arpa/inet.h>
#define PORT 8900
int main(int argc,char** argv)
{
struct sockaddr_in server;
struct sockaddr_in client;
int len;
int port;
int listend;
int connectd;
int sendnum;
int opt;
int recvnum;
char send_buf[2048];
char recv_buf[2048];
char cmd[2048];
int flag;
//if (2==argc)
memset(send_buf,0,2048);
memset(recv_buf,0,2048);
- 建立套接字listend
if (-1==(listend=socket(AF_INET,SOCK_STREAM,0)))
{
perror("create listen socket error\n");
exit(1);
}
- 赋给IP和端口
port=PORT;
memset(&server,0,sizeof(struct sockaddr_in));
server.sin_family = AF_INET;
server.sin_addr.s_addr = htonl(INADDR_ANY);
server.sin_port = htons(port);
- 绑定套接字与监听
if (-1==bind(listend,(struct sockaddr *)&server,sizeof(struct sockaddr)))
{
perror("bind error\n");
exit(1);
}
if (-1==listen(listend,5))
{
perror("listen error\n");
exit(1);
}
- 第一层循环
while (1)
{
if (-1==(connectd=accept(listend,(struct sockaddr*)&client,&len)))
{
perror("create connect socket error\n");
continue;
}
- 第二层循环,并且判断客户端是否断开
while(1)
{
memset(recv_buf,0,2048);
memset(send_buf,0,2048);
if(0>(recvnum = recv(connectd,recv_buf,sizeof(recv_buf),0)))
{
perror("recv error\n");
close(connectd);
continue;
}
if(recvnum==0){
close(connectd);
break;
}
- 存储接收到的命令
if(1)
{
recv_buf[recvnum]='\0';
if (0==strcmp(recv_buf,"quit"))
{
perror("quitting remote controling\n");
exit(1);
}
printf("the message is: %s\n",recv_buf);
strcpy(cmd,"/bin/");
strcat(cmd,recv_buf);
execute(cmd,send_buf);
if ('\0'==*send_buf)
{
memset(cmd,0,sizeof(cmd));
strcpy(cmd,"/sbin/");
strcat(cmd,recv_buf);
execute(cmd,send_buf);
if ('\0'==*send_buf)
{
memset(cmd,0,sizeof(cmd));
strcpy(cmd,"/usr/bin/");
strcat(cmd,recv_buf);
execute(cmd,send_buf);
}
if ('\0'==*send_buf)
{
memset(cmd,0,sizeof(cmd));
strcpy(cmd,"/usr/sbin/");
strcat(cmd,recv_buf);
execute(cmd,send_buf);
}
}
if ('\0'==*send_buf)
sprintf(send_buf,"command is not vaild,check it please\n");
printf("the server message is:%s\n",send_buf);
}
- 发送返回结果并依次跳出两轮循环
if (0>send(connectd,send_buf,sizeof(send_buf),0))
{
perror("send error\n");
close(connectd);
continue;
}
}
close(connectd);
continue;
}
close(listend);
return 0;
}
- cmd执行函数
int execute(char* command,char* buf)
{
FILE * fp;
int count;
if (NULL==(fp = popen(command,"r")))
{
perror("creating pipe error\n");
exit(1);
}
count = 0 ;
while(((buf[count] = fgetc(fp))!=EOF)&&count<2047)
count++;
buf[count]='\0';
pclose(fp);
return count;
}
运行结果
- 编译:
-
验证在客户端进行ctrl+c多次退出后服务器不受影响
-
验证可以通过客户端对服务器进行cmd命令操作,实现了远程操作
-
关闭服务器的情况下,会返回结果并且结束客户端进程
-
输入错误命令会有报错展示
代码
客户端
#include<stdlib.h>
#include<stdio.h>
#include<sys/socket.h>
#include<netdb.h>
#include<string.h>
#include<unistd.h>
#include<netinet/in.h>
#include<arpa/inet.h>
#define BUF_SIZE 2048
#define PORT 8900
int main(int argc,char** argv)
{
struct sockaddr_in server;
int ret;
int len;
int port;
int sockfd;
int sendnum;
int recvnum;
char send_buf[BUF_SIZE];
char recv_buf[BUF_SIZE];
port=PORT;
memset(send_buf,0,2048);
memset(recv_buf,0,2048);
if (-1==(sockfd=socket(AF_INET,SOCK_STREAM,0)))
{
perror("can not create socket\n");
exit(1);
}
memset(&server,0,sizeof(struct sockaddr_in));
server.sin_family = AF_INET;
server.sin_addr.s_addr = inet_addr(argv[1]);
server.sin_port = htons(port);
if (0>(ret=connect(sockfd,(struct sockaddr*)&server,sizeof(struct sockaddr))))
{
perror("connect error");
close(sockfd);
exit(1);
}
while(1)
{
memset(send_buf,0,2048);
memset(recv_buf,0,2048);
printf("tcp>");
gets(send_buf);
printf("\n");
len = sizeof(struct sockaddr);
if (0>(len=send(sockfd,send_buf,strlen(send_buf),0)))
{
perror("error occar in sending data\n");
break;
}
if (0==strcmp(send_buf,"quit"))
{
perror("quitting remote ctroling\n");
break;
}
if (0>(recvnum=recv(sockfd,recv_buf,2048,0)))
{
perror("recv data error\n");
break;
}
if(recvnum==0){
perror("server is done!\n");
exit(0);
}
fprintf(stdout,"%s\n",recv_buf);
}
close(sockfd);
exit(1);
}
服务端
#include<stdlib.h>
#include<stdio.h>
#include<sys/socket.h>
#include<netdb.h>
#include<string.h>
#include<unistd.h>
#include<netinet/in.h>
#include<arpa/inet.h>
#define PORT 8900
int main(int argc,char** argv)
{
struct sockaddr_in server;
struct sockaddr_in client;
int len;
int port;
int listend;
int connectd;
int sendnum;
int opt;
int recvnum;
char send_buf[2048];
char recv_buf[2048];
char cmd[2048];
int flag;
//if (2==argc)
memset(send_buf,0,2048);
memset(recv_buf,0,2048);
if (-1==(listend=socket(AF_INET,SOCK_STREAM,0)))
{
perror("create listen socket error\n");
exit(1);
}
port=PORT;
memset(&server,0,sizeof(struct sockaddr_in));
server.sin_family = AF_INET;
server.sin_addr.s_addr = htonl(INADDR_ANY);
server.sin_port = htons(port);
if (-1==bind(listend,(struct sockaddr *)&server,sizeof(struct sockaddr)))
{
perror("bind error\n");
exit(1);
}
if (-1==listen(listend,5))
{
perror("listen error\n");
exit(1);
}
while (1)
{
if (-1==(connectd=accept(listend,(struct sockaddr*)&client,&len)))
{
perror("create connect socket error\n");
continue;
}
while(1)
{
memset(recv_buf,0,2048);
memset(send_buf,0,2048);
if(0>(recvnum = recv(connectd,recv_buf,sizeof(recv_buf),0)))
{
perror("recv error\n");
close(connectd);
continue;
}
if(recvnum==0){
close(connectd);
break;
}
if(1)
{
recv_buf[recvnum]='\0';
if (0==strcmp(recv_buf,"quit"))
{
perror("quitting remote controling\n");
exit(1);
}
printf("the message is: %s\n",recv_buf);
strcpy(cmd,"/bin/");
strcat(cmd,recv_buf);
execute(cmd,send_buf);
if ('\0'==*send_buf)
{
memset(cmd,0,sizeof(cmd));
strcpy(cmd,"/sbin/");
strcat(cmd,recv_buf);
execute(cmd,send_buf);
if ('\0'==*send_buf)
{
memset(cmd,0,sizeof(cmd));
strcpy(cmd,"/usr/bin/");
strcat(cmd,recv_buf);
execute(cmd,send_buf);
}
if ('\0'==*send_buf)
{
memset(cmd,0,sizeof(cmd));
strcpy(cmd,"/usr/sbin/");
strcat(cmd,recv_buf);
execute(cmd,send_buf);
}
}
if ('\0'==*send_buf)
sprintf(send_buf,"command is not vaild,check it please\n");
printf("the server message is:%s\n",send_buf);
}
if (0>send(connectd,send_buf,sizeof(send_buf),0))
{
perror("send error\n");
close(connectd);
continue;
}
}
close(connectd);
continue;
}
close(listend);
return 0;
}
int execute(char* command,char* buf)
{
FILE * fp;
int count;
if (NULL==(fp = popen(command,"r")))
{
perror("creating pipe error\n");
exit(1);
}
count = 0 ;
while(((buf[count] = fgetc(fp))!=EOF)&&count<2047)
count++;
buf[count]='\0';
pclose(fp);
return count;
}
end