SocketCmdShell

来源：互联网发布：何为道义知乎编辑：程序博客网时间：2024/06/03 19:48

利用管道获取cmd命令记录
Server:

#include <stdio.h>#include <winsock2.h>#include <Windows.h>#pragma comment(lib,"ws2_32.lib")int main(int argc, char* argv[]){    //初始化WSA    WORD sockVersion = MAKEWORD(2,2);    WSADATA wsaData;    if(WSAStartup(sockVersion, &wsaData)!=0)    {        return 0;    }    //创建套接字    SOCKET slisten = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);    if(slisten == INVALID_SOCKET)    {        printf("socket error !");        return 0;    }    //绑定IP和端口    sockaddr_in sin;    sin.sin_family = AF_INET;    sin.sin_port = htons(9999);    sin.sin_addr.S_un.S_addr = INADDR_ANY;     if(bind(slisten, (LPSOCKADDR)&sin, sizeof(sin)) == SOCKET_ERROR)    {        printf("bind error !");    }    //开始监听    if(listen(slisten, 5) == SOCKET_ERROR)    {        printf("listen error !");        return 0;    }    //循环接收数据    SOCKET sClient;    sockaddr_in remoteAddr;    int nAddrlen = sizeof(remoteAddr);    char revData[255]={0};     while (TRUE)    {    //  printf("等待连接...\n");        sClient = accept(slisten, (SOCKADDR *)&remoteAddr, &nAddrlen);        if(sClient == INVALID_SOCKET)        {            printf("accept error !");            //     continue;        }    //  printf("接受到一个连接：%s \r\n", inet_ntoa(remoteAddr.sin_addr));        while(TRUE)        {            //接收数据            memset(revData,0,256);            int ret = recv(sClient, revData, 255, 0);                    if(ret > 0)            {                revData[ret] = 0x00;                //printf(revData);            }            if (ret == 0)                continue;            if(ret<0)                break;            SECURITY_ATTRIBUTES sa;            HANDLE hRead,hWrite;            sa.nLength = sizeof(SECURITY_ATTRIBUTES);            sa.lpSecurityDescriptor = NULL;            sa.bInheritHandle = TRUE;            if(!CreatePipe(&hRead,&hWrite,&sa,0))            {                //      MessageBox(NULL,"Error on CreatePipe","ERROR",NULL);                return 0;            }            STARTUPINFOA si;            PROCESS_INFORMATION pi;            memset(&si,0,sizeof(si));            memset(&pi,0,sizeof(pi));            si.cb = sizeof(STARTUPINFO);            GetStartupInfoA(&si);            si.hStdError = hWrite;            si.hStdOutput = hWrite;            si.wShowWindow = SW_HIDE;            si.dwFlags = STARTF_USESHOWWINDOW | STARTF_USESTDHANDLES;            if(!CreateProcessA(NULL,revData,NULL,NULL,TRUE,NULL,NULL,NULL,&si,&pi))            {                send(sClient,"Cmd Error\n",strlen("Cmd Error\n"),0);                continue;            }        //  printf("GetLastError: %d\n",GetLastError());            CloseHandle(hWrite);            WaitForSingleObject(pi.hProcess,5000);            char buffer[1024] = {0};            int len=0;            DWORD byteRead;            BOOL hResult;            do            {                memset(buffer,0,1024);                  //when second ReadFile Program Stop here                 hResult = ReadFile(hRead,buffer,1023,&byteRead,NULL);                //printf("%s\n",buffer);                len = len + byteRead;                //loop send                send(sClient, buffer, strlen(buffer), 0);            }while(byteRead!=0 && hResult);            //CloseHandle(hWrite);            CloseHandle(hRead);        }        closesocket(sClient);    }    closesocket(slisten);    WSACleanup();    getchar();    return 0;}

Client:

#include <winsock2.h>#include <stdio.h>#pragma  comment(lib,"ws2_32.lib")int main(int argc, char* argv[]){    WORD sockVersion = MAKEWORD(2,2);    WSADATA data;     if(WSAStartup(sockVersion, &data) != 0)    {        return 0;    }    SOCKET sclient = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);    if(sclient == INVALID_SOCKET)    {        printf("invalid socket !");        return 0;    }    sockaddr_in serAddr;    serAddr.sin_family = AF_INET;    serAddr.sin_port = htons(9999);    serAddr.sin_addr.S_un.S_addr = inet_addr("127.0.0.1");     if (connect(sclient, (sockaddr *)&serAddr, sizeof(serAddr)) == SOCKET_ERROR)    {        printf("connect error !");        closesocket(sclient);        return 0;    }    char szSendCmd[256]= {0};    char szReciveResult[1024]={0};    int iRet ;    while(TRUE)    {        memset(szSendCmd,0,256);        memset(szReciveResult,0,1024);        printf("Please Input cmd Command:\n");        gets(szSendCmd);        if(strlen(szSendCmd) == 0)            continue;        printf("szSendCmd : %s\n",szSendCmd);        if(!strcmp(szSendCmd,"exit"))        {            printf("stop shell ^-^ Exit! Please Input Enter\n");            getchar();            break;        }        send(sclient,szSendCmd,strlen(szSendCmd),0);        while(TRUE)        {            memset(szReciveResult,0,1024);            iRet = recv(sclient,szReciveResult,1023,0);            if(!strcmp(szReciveResult,"Cmd Error\n"))            {                szReciveResult[iRet]=0x00;                printf(szReciveResult);                break;            }            if((iRet>0)&&(iRet==1023))            {                szReciveResult[iRet]=0x00;                printf(szReciveResult);            }            if(iRet < 1023)            {                szReciveResult[iRet]=0x00;                printf(szReciveResult);                break;            }        }    }    closesocket(sclient);    WSACleanup();    return 0;}

阅读全文

2 0