📄 telnetd.cpp
字号:
** Obtain DACL from security descriptor for desktop
*/
bSuccess = GetSecurityDescriptorDacl(
sdDesktop,
&bDesktopDaclPresent,
&pDesktopDacl,
&bDaclDefaultDesktop
);
if (bSuccess == FALSE)
goto finish4;
/*
** Obtain DACL from security descriptor for Window station
*/
bSuccess = GetSecurityDescriptorDacl(
sdWinsta,
&bWinstaDaclPresent,
&pWinstaDacl,
&bDaclDefaultWinsta
);
if (bSuccess == FALSE)
goto finish4;
/*
** Create new DACL with Logon and User Sid for Desktop
*/
if(bDesktopDaclPresent) {
bSuccess = setSidOnAcl(
pLogonSid,
pDesktopDacl,
&pNewDesktopDacl,
GENERIC_READ | GENERIC_WRITE | READ_CONTROL
| DESKTOP_READOBJECTS | DESKTOP_CREATEWINDOW
| DESKTOP_CREATEMENU | DESKTOP_SWITCHDESKTOP
| DESKTOP_ENUMERATE,
bGrant,
FALSE
);
if (bSuccess == FALSE)
goto finish4;
}
/*
** Create new DACL with Logon and User Sid for Window station
*/
if(bWinstaDaclPresent)
{
bSuccess = setSidOnAcl(
pLogonSid,
pWinstaDacl,
&pNewWinstaDacl,
GENERIC_READ | GENERIC_WRITE | READ_CONTROL
| WINSTA_ACCESSGLOBALATOMS
| WINSTA_ENUMDESKTOPS | WINSTA_READATTRIBUTES
| WINSTA_ACCESSCLIPBOARD | WINSTA_ENUMERATE
| WINSTA_EXITWINDOWS,
bGrant,
FALSE
);
if (bSuccess == FALSE)
goto finish4;
}
/*
** Initialize the target security descriptor for Desktop
*/
if (bDesktopDaclPresent)
{
bSuccess = InitializeSecurityDescriptor(
&sdNewDesktop,
SECURITY_DESCRIPTOR_REVISION
);
if (bSuccess == FALSE)
goto finish4;
}
/*
** Initialize the target security descriptor for Window station
*/
if(bWinstaDaclPresent)
{
bSuccess = InitializeSecurityDescriptor(
&sdNewWinsta,
SECURITY_DESCRIPTOR_REVISION
);
if (bSuccess == FALSE)
goto finish4;
}
/*
** Apply new ACL to the Desktop security descriptor
*/
if(bDesktopDaclPresent)
{
bSuccess = SetSecurityDescriptorDacl(
&sdNewDesktop,
TRUE,
pNewDesktopDacl,
bDaclDefaultDesktop
);
if (bSuccess == FALSE)
goto finish4;
}
/*
** Apply new ACL to the Window station security descriptor
*/
if(bWinstaDaclPresent)
{
bSuccess = SetSecurityDescriptorDacl(
&sdNewWinsta,
TRUE,
pNewWinstaDacl,
bDaclDefaultWinsta
);
if (bSuccess == FALSE)
goto finish4;
}
/*
** Apply security descriptors with new DACLs to Desktop and Window station
*/
if (bDesktopDaclPresent)
{
bSuccess = SetUserObjectSecurity(
hDesktop,
&si,
&sdNewDesktop
);
if (bSuccess == FALSE)
goto finish4;
}
if(bWinstaDaclPresent)
bSuccess = SetUserObjectSecurity(
hWinsta,
&si,
&sdNewWinsta
);
if (bSuccess == FALSE)
goto finish4;
finish4:
if (sdDesktop != NULL)
HeapFree(GetProcessHeap(), 0, sdDesktop);
if (sdWinsta != NULL)
HeapFree(GetProcessHeap(), 0, sdWinsta);
if (pNewDesktopDacl != NULL)
HeapFree(GetProcessHeap(), 0, pNewDesktopDacl);
if (pNewWinstaDacl != NULL)
HeapFree(GetProcessHeap(), 0, pNewWinstaDacl);
return bSuccess;
}
static BOOL
allowDesktopAccess(HANDLE hToken)
{
HWINSTA hWinsta = NULL;
HDESK hDesktop = NULL;
PSID pLogonSid = NULL;
BOOL ok = FALSE;
if (!getAndAllocateLogonSid(hToken, &pLogonSid))
return FALSE;
hWinsta=GetProcessWindowStation();
hDesktop=GetThreadDesktop(GetCurrentThreadId());
ok = SetHandleInformation(hDesktop,
HANDLE_FLAG_INHERIT, HANDLE_FLAG_INHERIT);
if (!ok)
return FALSE;
ok = SetHandleInformation(hWinsta,
HANDLE_FLAG_INHERIT, HANDLE_FLAG_INHERIT);
if (!ok)
return FALSE;
ok = setWinstaDesktopSecurity(hWinsta, hDesktop, pLogonSid, TRUE, hToken);
if(pLogonSid != NULL)
HeapFree(GetProcessHeap(), 0, pLogonSid);
return ok;
}
char GetCharFromClient()
{
char ch;
int read=recv(talk,&ch,1,0);
if(!read)
{
ch = -1;
printf("Socket broken at other end....\n");
}
return ch;
}
BOOL GetString(char * prompt,char * value,BOOL maskinput)
{
char crlf[3] = {0x0D, 0x0A, 0x00};
send(talk,crlf,strlen(crlf),0);
send(talk,prompt,strlen(prompt),0);
char c = GetCharFromClient();
int index = 0;
while(c >0)
{
if(c == 0x0A) return TRUE;
if(!maskinput)
{
if(c > 0x0D)
send(talk,&c,1,0);
}
else
{
char mask = '*';
if(c > 0x0D)
send(talk,&mask,1,0);
}
if(c > 0x0D)
{
value[index]=c;
index++;
}
else
{
value[index]=0x00;
index++;
}
c = GetCharFromClient();
}
return FALSE;
}
void Cycle(void)
{
// Startup Winsock
WSAStartup(0x0101,&wi);
//create the stop event
m_SocketClosed = CreateEvent(0, TRUE, FALSE, 0);
// Create a Socket to connect to the remote doodaad...
sock = socket(AF_INET,SOCK_STREAM,0);
// Get our own name so we can get our IP...
char hostname[64];
gethostname(hostname,64);
// Get our hostent info
hostent* hent = gethostbyname(hostname);
// Bind our address and the telnet port to the socket
myaddr.sin_family = AF_INET;
myaddr.sin_port = htons(23);
myaddr.sin_addr.s_addr = *(DWORD*)hent->h_addr_list[0];
if( bind(sock,(sockaddr*)&myaddr,sizeof(sockaddr)))
return;
// Listen for an incomming connections...
listen(sock,1);
// accept an incoming
talk = accept(sock,NULL,NULL);
//print the welcome string
char * msg = "Telnet Server Started";
send(talk,msg,strlen(msg),0);
char crlf[3] = {0x0D, 0x0A, 0x00};
send(talk,crlf,strlen(crlf),0);
send(talk,crlf,strlen(crlf),0);
send(talk,crlf,strlen(crlf),0);
//get the username and password
char username[64];
char password[64];
char domain[64];
// Save the "Standard" handles.
stdinput = GetStdHandle(STD_INPUT_HANDLE);
stdoutput = GetStdHandle(STD_OUTPUT_HANDLE);
stderror = GetStdHandle(STD_ERROR_HANDLE);
// Create the "Input" pipe for the console to get stuff from us
CreatePipe(&readInput,&writeInput,&security,0);
// Set the Default "Input" handle of the console to be this pipe
SetStdHandle(STD_INPUT_HANDLE,readInput);
// Create the console's "Output" pipe by which we get stuff back
CreatePipe(&readOutput,&writeOutput,&security,0);
// Set the "Output" handle to be this pipe.
SetStdHandle(STD_OUTPUT_HANDLE,writeOutput);
// Create the console's Error pipe
CreatePipe(&readError,&writeError,&security,0);
// Set the stderr handle to be our pipe.
SetStdHandle(STD_ERROR_HANDLE,writeError);
if(GetString("Username:",username,FALSE))
if(GetString("Password:",password,TRUE))
if(GetString(" Domain:",domain,FALSE))
{
send(talk,crlf,strlen(crlf),0);
send(talk,crlf,strlen(crlf),0);
// Create a thread to handle socket input
unsigned int th1 = _beginthreadex(NULL,0,run_sock,NULL,0,&thrid_sock);
// Create our thread to console input
unsigned int th2 = _beginthreadex(NULL,0,run_console,NULL,0,&thrid_console);
// Create a thread to handle error input
unsigned int th3 = _beginthreadex(NULL,0,run_error,NULL,0,&thrid_error);
HANDLE hUserToken;
if(LogonUser(
username,
domain,
password,
LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT,
&hUserToken ))
{
if(allowDesktopAccess(hUserToken))
{
ZeroMemory(&si,sizeof(STARTUPINFO));
si.cb = sizeof(STARTUPINFO);
si.lpReserved = NULL;
si.lpReserved2 = NULL;
si.cbReserved2 = 0;
si.lpDesktop = NULL;
si.wShowWindow = SW_HIDE;
char SysDir[256];
GetSystemDirectory(SysDir,256);
si.dwFlags = 0;
si.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;
si.hStdInput = readInput;
si.hStdOutput = writeOutput;
si.hStdError = writeError;
si.wShowWindow = SW_HIDE;
// Create the process...
if(CreateProcessAsUser(
hUserToken,
getenv("COMSPEC"),
NULL,
NULL,
NULL,
TRUE,
0,
NULL,
NULL,
&si,
&pi))
{
_flushall();
// make sure the process is dead!
HANDLE wait[2];
wait[0]=pi.hProcess;
wait[1]=m_SocketClosed;
WaitForMultipleObjectsEx(2,wait,FALSE,INFINITE,FALSE);
_flushall();
}
}
CloseHandle(hUserToken);
}
TerminateThread((void*)th1,0);
TerminateThread((void*)th2,0);
TerminateThread((void*)th3,0);
}
closesocket(talk);
closesocket(sock);
CloseHandle(m_SocketClosed);
CloseHandle(readInput);
CloseHandle(writeInput);
CloseHandle(readOutput);
CloseHandle(writeOutput);
CloseHandle(readError);
CloseHandle(writeError);
SetStdHandle(STD_INPUT_HANDLE,stdinput);
SetStdHandle(STD_OUTPUT_HANDLE,stdoutput);
SetStdHandle(STD_ERROR_HANDLE,stderror);
//Cleanup the socket layer
WSACleanup();
}
unsigned __stdcall Daemon(void*)
{
while(TRUE)
{
Cycle();
}
return 0;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -