📄 网络漏洞扫描器view.cpp
字号:
int NullSession(LPTSTR Server,LPVOID lParam){
CMyView*pView=(CMyView*)lParam;
HWND hwnd=pView->GetSafeHwnd();
pView->AddString("列举空会话(NULLSESSION)...要等待一段时间...");
::SendMessage(hwnd,WM_REDRAW,0,0);
UCHAR temp[300];
LPCWSTR szIpc = L"\\IPC$";
WCHAR RemoteResource[UNCLEN + 5 + 1]; // UNC len + \IPC$ + NULL
DWORD cchServer;
NET_API_STATUS nas;
NETRESOURCE nr;
cchServer = lstrlenW( (unsigned short *)Server );
if(Server[0] != L'\\' && Server[1] != L'\\') {
//
// prepend slashes and NULL terminate
//
RemoteResource[0] = L'\\';
RemoteResource[1] = L'\\';
RemoteResource[2] = L'\0';
}
else{
cchServer -= 2; // drop slashes from count
RemoteResource[0] = L'\0';
}
if(cchServer > CNLEN){
SetLastError(ERROR_INVALID_COMPUTERNAME);
pView->AddString("Error in Null Session Routine");
::SendMessage(hwnd,WM_REDRAW,0,0);
return(-1);
}
if(lstrcatW(RemoteResource,(unsigned short *) Server) == NULL)
pView->AddString("Error in Null Session Routine");
if(lstrcatW(RemoteResource, szIpc) == NULL)
pView->AddString("Error in Null Session Routine");
::SendMessage(hwnd,WM_REDRAW,0,0);
nr.dwType = RESOURCETYPE_ANY;
nr.lpLocalName = NULL;
nr.lpProvider = NULL;
nr.lpRemoteName = (LPTSTR) RemoteResource;
nas = WNetAddConnection2(&nr, (LPTSTR) L"", (LPTSTR) L"", 0);
if( nas == NERR_Success ){
sprintf((LPTSTR)temp,"Null IPC$ Session Established [%S].",Server +2);
pView->AddString(temp);
pView->m_stringSessions.AddTail(temp);
::SendMessage(hwnd,WM_REDRAW,0,0);
return(0);}
else{
sprintf((LPTSTR)temp,"Null Session NOT Established Error: %d.", nas);
pView->AddString(temp);
::SendMessage(hwnd,WM_REDRAW,0,0);
return(-1);
}
//pView->m_list.DeleteItem(pView->m_checkSessionsnum);
//pView->m_list.InsertItem(pView->m_checkSessionsnum," SESSIONS",2);
//pView->m_list.Invalidate();
}
int NullDisconnect(LPTSTR Server,LPVOID lParam)
{
CMyView*pView=(CMyView*)lParam;
HWND hwnd=pView->GetSafeHwnd();
pView->AddString("列举空连接(NULLDISCONNECT)...要等待一段时间...");
::SendMessage(hwnd,WM_REDRAW,0,0);
UCHAR temp[300];
LPCWSTR szIpc = L"\\IPC$";
WCHAR RemoteResource[UNCLEN + 5 + 1]; // UNC len + \IPC$ + NULL
DWORD cchServer, result;
cchServer = lstrlenW( (unsigned short *)Server );
if(Server[0] != L'\\' && Server[1] != L'\\') {
//
// prepend slashes and NULL terminate
//
RemoteResource[0] = L'\\';
RemoteResource[1] = L'\\';
RemoteResource[2] = L'\0';
}
else
{
cchServer -= 2; // drop slashes from count
RemoteResource[0] = L'\0';
}
if(cchServer > CNLEN)
{
SetLastError(ERROR_INVALID_COMPUTERNAME);
pView->AddString("Error in Null Session Routine");
::SendMessage(hwnd,WM_REDRAW,0,0);
return(-1);
}
if(lstrcatW(RemoteResource, (unsigned short *)Server) == NULL) pView->AddString("Error in Null Session Routine\n");
if(lstrcatW(RemoteResource, szIpc) == NULL) pView->AddString("Error in Null Session Routine\n");
::SendMessage(hwnd,WM_REDRAW,0,0);
result = WNetCancelConnection2(
(PCHAR)RemoteResource, // pointer to resource name to disconnect
0, // connection type flags
1); // flag for unconditional disconnect
if(result == NO_ERROR ){
sprintf((LPTSTR)temp,"Null IPC$ Session Terminated [%S].",Server );
pView->AddString(temp);
pView->m_stringSessions.AddTail(temp);
::SendMessage(hwnd,WM_REDRAW,0,0);
return(0);}
else {
sprintf((LPTSTR)temp,"Null Session NOT Terminated Error: %d.", result);
pView->AddString(temp);
::SendMessage(hwnd,WM_REDRAW,0,0);
return(-1);}
}
//registry query
int RegConnection(LPTSTR szServer,LPVOID lParam)
{
CMyView*pView=(CMyView*)lParam;
HWND hwnd=pView->GetSafeHwnd();
pView->AddString("列举远程注册表...要等待一段时间...");
::SendMessage(hwnd,WM_REDRAW,0,0);
UCHAR temp[300];
LONG result;
HKEY hKey, phkResult;
DWORD dwType;
WCHAR lpData[MAX_PATH];
DWORD dwBufLen;
TCHAR lpName[1024];
DWORD lpcbName = 1024;
FILETIME time;
DWORD index ;
TCHAR Treg[MAX_PATH];
result = RegConnectRegistry(szServer, // address of name of remote computer
HKEY_PERFORMANCE_DATA, // predefined registry handle
&hKey); // address of buffer for remote registry handle
if (result != ERROR_SUCCESS){
sprintf((LPTSTR)temp,"RegConnectRegistry (HKEY_PERFORMANCE_DATA) ERROR: %d",result);
pView->AddString(temp);
}
else
{
pView->AddString("RegConnectRegistry OK 远程注册服务类型:HKEY_PERFORMANCE_DATA");
pView->m_stringRegistry.AddTail("远程注册表服务类型:HKEY_PERFORMANCE_DATA");
}
::SendMessage(hwnd,WM_REDRAW,0,0);
result = RegConnectRegistry(szServer, // address of name of remote computer
HKEY_LOCAL_MACHINE, // predefined registry handle
&hKey); // address of buffer for remote registry handle
if (result != ERROR_SUCCESS){
sprintf((LPTSTR)temp,"RegConnectRegistry ERROR: %d",result);
pView->AddString(temp);
::SendMessage(hwnd,WM_REDRAW,0,0);
return(-1);
}
wsprintf(Treg,TEXT("\\Software\\Microsoft\\Windows NT\\CurrentVersion"));
result = RegOpenKeyEx(hKey, // handle to open key
Treg/*(LPCTSTR)L"\\Software\\Microsoft\\Windows NT\\CurrentVersion"*/,// address of name of subkey to open
0, // reserved
KEY_QUERY_VALUE, // security access mask
&phkResult); // address of handle to open key
if (result != ERROR_SUCCESS){
sprintf((LPTSTR)temp,"RegOpenKeyEx (Software\\Microsoft\\Windows NT\\CurrentVersion) ERROR: %d",result);
pView->AddString(temp);
::SendMessage(hwnd,WM_REDRAW,0,0);
FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
NULL,
GetLastError(),
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
(LPTSTR) &result,
0,
NULL);
sprintf((LPTSTR)temp, " %S", (LPCTSTR)result);
pView->AddString(temp);
::SendMessage(hwnd,WM_REDRAW,0,0);
return(-1);
}
else{
//
// Determine how large of a buffer to allocate.
//
wsprintf(Treg,TEXT("CSDVersion"));
result = RegQueryValueEx(phkResult, // handle to key to query
Treg/*(LPCTSTR )L"CSDVersion"*/, // address of name of value to query
NULL, // reserved
&dwType, // address of buffer for value type
(LPBYTE) lpData, // address of data buffer
&dwBufLen); // address of data buffer size
dwBufLen = sizeof(lpData);
}
wsprintf(Treg,TEXT("CSDVersion"));
result = RegQueryValueEx(phkResult, // handle to key to query
Treg/*(LPCTSTR )L"CSDVersion"*/, // address of name of value to query
NULL, // reserved
&dwType, // address of buffer for value type
(LPBYTE) lpData, // address of data buffer
&dwBufLen); // address of data buffer size
if (result != ERROR_SUCCESS){
sprintf((LPTSTR)temp,"RegQueryValueEx ERROR %d",result);//, ErrorHandle().begin());
pView->AddString(temp);
::SendMessage(hwnd,WM_REDRAW,0,0);
return(-1);
}
else{
//sprintf((LPTSTR)temp,"%S-registry",szServer );
//(dlglocal->m_HistoryEdit).AppendString(temp);
sprintf((LPTSTR)temp,"%S %S",szServer +2, lpData);
pView->AddString(temp);
pView->AddString("Hotfix: Description:");
pView->m_stringRegistry.AddTail(temp);
::SendMessage(hwnd,WM_REDRAW,0,0);
}
RegCloseKey(hKey);
pView->AddString("Registry Query Results:");
pView->m_stringRegistry.AddTail("注册表查询结果:");
result = RegConnectRegistry(szServer, // address of name of remote computer
HKEY_LOCAL_MACHINE, // predefined registry handle
&hKey); // address of buffer for remote registry handle
if (result != ERROR_SUCCESS){
sprintf((LPTSTR)temp,"RegConnectRegistry ERROR: %d\n",result);
pView->AddString(temp);
::SendMessage(hwnd,WM_REDRAW,0,0);
return(-1);
}
wsprintf(Treg,TEXT("\\Software\\Microsoft\\Windows NT\\CurrentVersion"));
result = RegOpenKeyEx(hKey, // handle to open key
Treg/*(LPCTSTR )L"Software\\Microsoft\\Windows NT\\CurrentVersion\\Hotfix"*/,// address of name of subkey to open
0, // reserved
KEY_ENUMERATE_SUB_KEYS,// security access mask
&phkResult); // address of handle to open key
if (result == ERROR_SUCCESS){
index = 0;
lpcbName = sizeof(lpName);
result = RegEnumKeyEx(phkResult, // handle to key to enumerate
index, // index of subkey to enumerate
lpName, // address of buffer for subkey name
&lpcbName, // address for size of subkey buffer
NULL, // reserved
NULL, // address of buffer for class string
NULL, // address for size of class buffer
&time);
for(index = 0; result != ERROR_NO_MORE_ITEMS; index++){
lpcbName = sizeof(lpName);
result = RegEnumKeyEx(phkResult, // handle to key to enumerate
index, // index of subkey to enumerate
lpName, // address of buffer for subkey name
&lpcbName, // address for size of subkey buffer
NULL, // reserved
NULL, // address of buffer for class string
NULL, // address for size of class buffer
&time);
if (result == ERROR_NO_MORE_ITEMS){
RegCloseKey(hKey);
return(0);
}
else{
HKEY hkey_q;
int rval;
DWORD lpType,lpcbData=8192;
TCHAR result[8192];
rval=RegOpenKeyEx(phkResult,lpName,0,KEY_READ,&hkey_q);
rval=RegQueryValueEx(hkey_q,TEXT("Comments"),NULL,&lpType,(LPBYTE) result,&lpcbData);
sprintf((LPTSTR)temp,"%S %S",lpName, result);
pView->AddString(temp);
pView->m_stringRegistry.AddTail(temp);
::SendMessage(hwnd,WM_REDRAW,0,0);
}
}
RegCloseKey(hKey);
return(0);
}
return 0;
}
int stormscan(LPTSTR pszServerName,LPVOID lParam){
CMyView*pView=(CMyView*)lParam;
HWND hwnd=pView->GetSafeHwnd();
pView->AddString("远程解析主机信息...");
::SendMessage(hwnd,WM_REDRAW,0,0);
DWORD dwLevel = 101;
LPSERVER_INFO_101 pBuf = NULL;
LPWKSTA_INFO_102 pwBuf = NULL;
NET_API_STATUS nStatus;
UCHAR tmp[300];
// NullSession(pszServerName);
HINSTANCE FLibHandle=LoadLibrary("NETAPI32.DLL");
NetServerGetInfo_dll=(LPFNDLLFUNC11)GetProcAddress(FLibHandle, "NetServerGetInfo");
if(NetServerGetInfo_dll!=NULL)
{
nStatus = NetServerGetInfo_dll(pszServerName,
dwLevel,
(LPBYTE *)&pBuf);
FreeLibrary(FLibHandle);
}
if (nStatus == NERR_Success){
sprintf((LPTSTR)tmp, "name=%S",pBuf->sv101_name);
pView->AddString(tmp);
::SendMessage(hwnd,WM_REDRAW,0,0);
if (pBuf->sv101_type & SV_TYPE_DOMAIN_CTRL)
{
sprintf((LPTSTR)tmp,"%S is a PDC.", pBuf->sv101_name);
pView->AddString(tmp);
}
else if (pBuf->sv101_type & SV_TYPE_DOMAIN_BAKCTRL)
{
sprintf((LPTSTR)tmp,"%S is a BDC.", pBuf->sv101_name);
pView->AddString(tmp);
}
else if (pBuf->sv101_type & SV_TYPE_SERVER_NT )
{
sprintf((LPTSTR)tmp,"%S is an NT MEMBER SERVER.",pBuf->sv101_name);
pView->AddString(tmp);
}
else if (pBuf->sv101_type & SV_TYPE_NT )
{
sprintf((LPTSTR)tmp,"%S is an NT WORKSTATION.",pBuf->sv101_name);
pView->AddString(tmp);
}
else if (pBuf->sv101_type & SV_TYPE_SQLSERVER)
{
sprintf((LPTSTR)tmp,"%S is running SQL.",pBuf->sv101_name);
pView->AddString(tmp);
}
else if (pBuf->sv101_type & SV_TYPE_NOVELL )
{
sprintf((LPTSTR)tmp,"%S is a Novell Netware Server.",pBuf->sv101_name);
pView->AddString(tmp);
}
else if (pBuf->sv101_type & SV_TYPE_WINDOWS )
{
sprintf((LPTSTR)tmp,"%S is running Windows 9x.",pBuf->sv101_name);
pView->AddString(tmp);
}
else if (pBuf->sv101_type & SV_TYPE_WFW )
{
sprintf((LPTSTR)tmp,"%S is Windows for Workgroups.",pBuf->sv101_name);
pView->AddString(tmp);
}
::SendMessage(hwnd,WM_REDRAW,0,0);
sprintf( (LPTSTR)tmp,"Platform %d", pBuf->sv101_platform_id);
pView->AddString(tmp);
sprintf( (LPTSTR)tmp,"Name %S", pBuf->sv101_name);
pView->AddString(tmp);
sprintf( (LPTSTR)tmp,"Version %d.%d", pBuf->sv101_version_major, pBuf->sv101_version_minor);
pView->AddString(tmp);
sprintf((LPTSTR) tmp,"Type %d", pBuf->sv101_type);
pView->AddString(tmp);
sprintf((LPTSTR) tmp,"Comment %S", pBuf->sv101_comment);
pView->AddString(tmp);
::SendMessage(hwnd,WM_REDRAW,0,0);
}
else{
sprintf((LPTSTR)tmp,"OS is UNIX/LINUX or OS Detection Error %d: " ,nStatus);
pView->AddString(tmp);
::SendMessage(hwnd,WM_REDRAW,0,0);
if (pBuf != NULL)
{
HINSTANCE FLibHandle2=LoadLibrary("NETAPI32.DLL");
NetApiBufferFree_dll6=(LPFNDLLFUNC13)GetProcAddress(FLibHandle2, "NetApiBufferFree");
if (NetApiBufferFree_dll6!=NULL)
{
NetApiBufferFree_dll6(pBuf);
FreeLibrary(FLibHandle2);
}
}
return(-1);
}
dwLevel = 102;
HINSTANCE FLibHandle1=LoadLibrary("NETAPI32.DLL");
NetWkstaGetInf⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -